2.2.1.1 ipsecPolicy Object Attribute Details

IPsec policy is the main unit of a single policy instance. The ipsecPolicy data attribute contains this IPsec policy information. It MUST contain a reference to an ISAKMP policy, at least one reference to a negotiation filter association (NFA) policy, and other miscellaneous IPsec policy settings. The following figure shows an IPsec policy object.

Figure 10: IPsec policy object

IPsec policy creation MUST use the LDAP add functionality in conformance with [RFC2251] section 4.7.

IPsec policy modification MUST use the LDAP modify functionality in conformance with [RFC2251] section 4.6.