Network security services NMI

Table 1 lists the updates to the Communications Server application interface for network security services (NSS) network management interface (NMI).

Table 1. Summary of new Communications Server NSS NMI
Request / Response Rel. Description Reason for change
  • NMsec_GET_IKETUN
  • NMsec_GET_IKETUNCASCADE
 V1R13 The NMsIKETunNATTLevel field is changed to support two additional values: NMsec_IKETUN_NATTV2 (6) and NMsec_IKETUN_NATTV2ZOS (7).
The following fields previously reported 0 for all IKEv2 tunnels because NAT traversal was not supported for IKEv2. They are now set appropriately when an IKEv2 tunnel traverses one or more NAT devices:
  • NMsIKETunLclNAT
  • NMsIKETunRmtNAT
  • NMsIKETunRmtNAPT
  • NMsIKETunCanInitP1
  • NMsIKETunRmtUDPPort
 Network address translation traversal support for IKE version 2
NMsec_GET_IKETUN V1R12 The NMsecIKETunnel structure has the following updates:
  • New fields:
    • NMsIKETunFIPS140
    • NMsIKETunEncryptKeyLength
  • The NMsIKETunExchangeMode field is changed in that it is not applicable for IKEv2 SAs.
  • The NMsIKETunState field has a new value:
    • NMsec_SASTATE_HALF_CLOSED (6)
  • The NMsIKETunExtState has new values:
    • NMsec_P1STATE_WAIT_AUTH (6)
    • NMsec_P1STATE_HALF_CLOSED (7)
  • The NMsIKETunAuthAlg field has the following new values:
    • NMsec_AUTH_HMAC_SHA2_256_128 (7)
    • NMsec_AUTH_HMAC_SHA2_384_192 (13)
    • NMsec_AUTH_HMAC_SHA2_512_256 (14)
    • NMsec_AUTH_AES128_XCBC_96 (9)
    The NMsIKETunAuthAlg field also has existing values that have changed descriptions. Those values with changed descriptions are:
    • NMsec_AUTH_HMAC_MD5 (38)
    • NMsec_AUTH_HMAC_SHA1 (39)
    • NMsec_AUTH_HMAC_SHA1_96 (41)
  • The NMsIKETunEncryptAlg field has a changed value:
    • NMsec_ENCR_AES (12) was changed to NMsec_ENCR_AES_CBC (12)
  • The NMsIKETunLocalAuthMethod field has the following new values:
    • NMsec_IKETUN_ECDSA_256 (4)
    • NMsec_IKETUN_ECDSA_384 (5)
    • NMsec_IKETUN_ECDSA_521 (6)
  • The NMsIKETunPeerAuthMethod field has the following new values:
    • NMsec_AUTH_HMAC_SHA2_256 (15)
    • NMsec_AUTH_HMAC_SHA2_384 (16)
    • NMsec_AUTH_HMAC_SHA2_512 (17)
    • NMsec_AUTH_AES128_XCBC (18)
  • The NMsIKETunPseudoRandomFunc field has the following new values:
    • NMsec_IKETUN_ECDSA_256 (4)
    • NMsec_IKETUN_ECDSA_384 (5)
    • NMsec_IKETUN_ECDSA_521 (6)
 IKE version 2 support
  • NMsec_GET_IKETUN
  • NMsec_GET_IKETUNCASCADE
  • NMsec_GET_IPTUNMANUAL
  • NMsec_GET_IPTUNDYNAMIC
  • NMsec_GET_IPTUNDYNIKE
 V1R12 The NMsecInFilter structure has a new value for the NMsFltSAState field:
  • NMsec_SASTATE_HALF_CLOSED (6)
 IKE version 2 support
  • NMsec_GET_IKETUNCASCADE
  • NMsec_GET_IPTUNDYNSTACK
  • NMsec_GET_IPTUNDYNIKE
 V1R13 The following fields previously reported 0 for all IKEv2 tunnels because NAT traversal was not supported for IKEv2. They are now set appropriately when an IKEv2 tunnel traverses one or more NAT devices:
  • NMsIPDynLclNAT
  • NMsIPDynRmtNAT
  • NMsIPDynRmtNAPT
  • NMsIPDynRmtGW
  • NMsIPDynRmtZOS
  • NMsIPDynCanInitP2
  • NMsIPDynRmtUDPPort
  • NMsIPDynSrcNATOA
  • NMsIPDynDstNATOA
 Network address translation traversal support for IKE version 2
  • NMsec_GET_IPFLTCURR
  • NMsec_GET_IPFLTDEFAULT
  • NMsec_GET_IPFLTPOLICY
 V2R1 A new field. NMsIPFltLogLimit, is defined. For defensive filters it indicates whether filter-match messages are being limited. For all other filter types, it has a value of 0. Limit defensive filter logging
NMsec_GET_IPTUNDYNIKE V1R12 The NMsecIPDynamicIKE structure has a new value for the NMsIPDynIKEExtState field:
  • NMsec_P2STATE_HALF_CLOSED (5)
 IKE version 2 support
NMsec_GET_IPTUNMANUAL V1R12 The NMsecIPTunnel structure includes the following updates:
  • New fields:
    • NMsIPTunFIPS140
    • NMsIPTunEncryptKeyLength
  • The NMsIPTunState field has a new value:
    • NMsec_SASTATE_HALF_CLOSED (6)
  • The NMsIPTunAuthAlg field has the following new values:
    • NMsec_AUTH_NULL (0)
    • NMsec_AUTH_AES_GMAC_128 (4)
    • NMsec_AUTH_AES_GMAC_256 (6)
    • NMsec_AUTH_HMAC_SHA2_256_128 (7)
    • NMsec_AUTH_AES128_XCBC_96 (9)
    • NMsec_AUTH_HMAC_SHA2_384_192 (13)
    • NMsec_AUTH_HMAC_SHA2_512_256 (14)
    The NMsIPTunAuthAlg field also has existing values that have changed descriptions. Those values are:
    • NMsec_AUTH_HMAC_MD5 (38)
    • NMsec_AUTH_HMAC_SHA1 (39)
  • The NMsIPTunEncryptAlg field has a new value and a changed value. The new value is NMsec_ENCR_AES_GCM_16 (20)
  • The NMsec_ENCR_AES (12) value was changed to NMsec_ENCR_AES_CBC (12).
IKE version 2 support
Parent topic: Application programming interfaces and network management interfaces