2.2.1.3 ipsecNFA Object Attribute Details

The NFA policy stores references to a Filter List policy and a Negotiation policy to bind the individual Filter and Negotiation policy objects together. The ipsecNFA data attribute contains this policy binding information. It also stores additional IPsec settings, such as authentication methods and tunnel mode configuration. The following diagram shows an NFA policy object.

Figure 12: NFA policy object

The ipsecNFA object creation MUST use the LDAP add functionality in conformance with [RFC2251] section 4.7.

The ipsecNFA object modification MUST use the LDAP modify functionality in conformance with [RFC2251] section 4.6.

The ipsecNFA attributes are specified in in the following subsection.