Edit

IPSEC_TUNNEL_POLICY0 structure (ipsectypes.h)

  • Article

The IPSEC_TUNNEL_POLICY0 structure stores the quick mode negotiation policy for tunnel mode IPsec. IPSEC_TUNNEL_POLICY2 is available.

Syntax

typedef struct IPSEC_TUNNEL_POLICY0_ {
  UINT32                  flags;
  UINT32                  numIpsecProposals;
  IPSEC_PROPOSAL0         *ipsecProposals;
  IPSEC_TUNNEL_ENDPOINTS0 tunnelEndpoints;
  IPSEC_SA_IDLE_TIMEOUT0  saIdleTimeout;
  IKEEXT_EM_POLICY0       *emPolicy;
} IPSEC_TUNNEL_POLICY0;

Members

flags

A combination of the following values.

IPsec policy flag Meaning
IPSEC_POLICY_FLAG_ND_SECURE
 Do negotiation discovery in secure ring.
IPSEC_POLICY_FLAG_ND_BOUNDARY
 Do negotiation discovery in the untrusted perimeter zone.
IPSEC_POLICY_FLAG_CLEAR_DF_ON_TUNNEL
 Clear the "DontFragment" bit on the outer IP header of an IPsec tunneled packet.
IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME
 If set, Internet Key Exchange (IKE) will not send the ISAKMP attribute for 'seconds' lifetime during quick mode negotiation.
IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME
 If set, IKE will not send the ISAKMP attribute for 'byte' lifetime during quick mode negotiation.

numIpsecProposals

Number of quick mode proposals in the policy.

ipsecProposals

Array of quick mode proposals.

See IPSEC_PROPOSAL0 for more information.

tunnelEndpoints

Tunnel endpoints of the IPsec security association (SA) generated from this policy.

See IPSEC_TUNNEL_ENDPOINTS0 for more information.

saIdleTimeout

An IPSEC_SA_IDLE_TIMEOUT0 structure that specifies the SA idle timeout in IPsec policy.

emPolicy

The AuthIP extended mode authentication policy.

See IKEEXT_EM_POLICY0 for more information.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Header ipsectypes.h

See also

IKEEXT_EM_POLICY0

IPSEC_PROPOSAL0

IPSEC_SA_IDLE_TIMEOUT0

IPSEC_TUNNEL_ENDPOINTS0

Windows Filtering Platform API Structures