2.2.1.4 ipsecNegotiationPolicy Object Attribute Details

The Negotiation policy stores information regarding what action to take when it is determined that a packet matches the associated Filter policy. The ipsecNegotiationPolicy data attribute contains this Negotiation policy information. The actions are block, allow, and secure. It also includes security settings on how to secure the connection (also known as quick mode). The following diagram shows a Negotiation policy object.

Figure 13: Negotiation policy object

 The ipsecNegotiationPolicy object creation MUST use the LDAP add functionality in conformance with [RFC2251] section 4.7.

The ipsecNegotiationPolicy object modification MUST use the LDAP modify functionality in conformance with [RFC2251] section 4.6.

 The ipsecNegotiationPolicy attributes are specified in the following subsection.