2.2.1.2 ipsecISAKMPPolicy Object Attribute Details

The ISAKMP policy stores information related to the initial IPsec conversation (that is, main mode (MM); as defined in [RFC2408] and [RFC2409], section 7.1). The ipsecISAKMPPolicy data attribute contains this ISAKMP policy information.

The ISAKMP policy includes settings for establishing a security association (SA) and cryptographic keys with a remote peer. It also stores IKE settings that it uses to exchange keys with the IPsec peer.

The following diagram shows the ISAKMP policy object.

Figure 11: ISAKMP policy object

 The ipsecISAKMPPolicy object creation MUST use the LDAP add functionality in conformance with [RFC2251] section 4.7.

The ipsecISAKMPPolicy object modification MUST use the LDAP modify functionality in conformance with [RFC2251] section 4.6.

The ipsecISAKMPPolicy attributes are specified in the following subsection.