- NMsec_GET_IKETUN
- NMsec_GET_IKETUNCASCADE
|
V1R13 |
The NMsIKETunNATTLevel field is changed
to support two additional values: NMsec_IKETUN_NATTV2 (6) and NMsec_IKETUN_NATTV2ZOS
(7). The following fields previously reported 0 for all IKEv2 tunnels
because NAT traversal was not supported for IKEv2. They are now
set appropriately when an IKEv2 tunnel traverses one or more NAT devices: - NMsIKETunLclNAT
- NMsIKETunRmtNAT
- NMsIKETunRmtNAPT
- NMsIKETunCanInitP1
- NMsIKETunRmtUDPPort
|
Network address translation traversal support for IKE
version 2 |
NMsec_GET_IKETUN |
V1R12 |
The NMsecIKETunnel structure has the following
updates: - New fields:
- NMsIKETunFIPS140
- NMsIKETunEncryptKeyLength
- The NMsIKETunExchangeMode field is changed in that it is not applicable
for IKEv2 SAs.
- The NMsIKETunState field has a new value:
- NMsec_SASTATE_HALF_CLOSED (6)
- The NMsIKETunExtState has new values:
- NMsec_P1STATE_WAIT_AUTH (6)
- NMsec_P1STATE_HALF_CLOSED (7)
- The NMsIKETunAuthAlg field has the following new values:
- NMsec_AUTH_HMAC_SHA2_256_128 (7)
- NMsec_AUTH_HMAC_SHA2_384_192 (13)
- NMsec_AUTH_HMAC_SHA2_512_256 (14)
- NMsec_AUTH_AES128_XCBC_96 (9)
The NMsIKETunAuthAlg field also has existing values that
have changed descriptions. Those values with changed descriptions
are: - NMsec_AUTH_HMAC_MD5 (38)
- NMsec_AUTH_HMAC_SHA1 (39)
- NMsec_AUTH_HMAC_SHA1_96 (41)
- The NMsIKETunEncryptAlg field has a changed value:
- NMsec_ENCR_AES (12) was changed to NMsec_ENCR_AES_CBC (12)
- The NMsIKETunLocalAuthMethod field has the following new values:
- NMsec_IKETUN_ECDSA_256 (4)
- NMsec_IKETUN_ECDSA_384 (5)
- NMsec_IKETUN_ECDSA_521 (6)
- The NMsIKETunPeerAuthMethod field has the following new values:
- NMsec_AUTH_HMAC_SHA2_256 (15)
- NMsec_AUTH_HMAC_SHA2_384 (16)
- NMsec_AUTH_HMAC_SHA2_512 (17)
- NMsec_AUTH_AES128_XCBC (18)
- The NMsIKETunPseudoRandomFunc field has the following new values:
- NMsec_IKETUN_ECDSA_256 (4)
- NMsec_IKETUN_ECDSA_384 (5)
- NMsec_IKETUN_ECDSA_521 (6)
|
IKE version 2 support |
- NMsec_GET_IKETUN
- NMsec_GET_IKETUNCASCADE
- NMsec_GET_IPTUNMANUAL
- NMsec_GET_IPTUNDYNAMIC
- NMsec_GET_IPTUNDYNIKE
|
V1R12 |
The NMsecInFilter structure has a new value
for the NMsFltSAState field: - NMsec_SASTATE_HALF_CLOSED (6)
|
IKE version 2 support |
- NMsec_GET_IKETUNCASCADE
- NMsec_GET_IPTUNDYNSTACK
- NMsec_GET_IPTUNDYNIKE
|
V1R13 |
The following fields previously reported
0 for all IKEv2 tunnels because NAT traversal was not supported for
IKEv2. They are now set appropriately when an IKEv2 tunnel traverses
one or more NAT devices: - NMsIPDynLclNAT
- NMsIPDynRmtNAT
- NMsIPDynRmtNAPT
- NMsIPDynRmtGW
- NMsIPDynRmtZOS
- NMsIPDynCanInitP2
- NMsIPDynRmtUDPPort
- NMsIPDynSrcNATOA
- NMsIPDynDstNATOA
|
Network address translation traversal support for IKE
version 2 |
- NMsec_GET_IPFLTCURR
- NMsec_GET_IPFLTDEFAULT
- NMsec_GET_IPFLTPOLICY
|
V2R1 |
A new field. NMsIPFltLogLimit,
is defined. For defensive filters it indicates whether filter-match
messages are being limited. For all other filter types, it has a value
of 0. |
Limit defensive filter logging |
NMsec_GET_IPTUNDYNIKE |
V1R12 |
The NMsecIPDynamicIKE structure has a new
value for the NMsIPDynIKEExtState field: - NMsec_P2STATE_HALF_CLOSED (5)
|
IKE version 2 support |
NMsec_GET_IPTUNMANUAL |
V1R12 |
The NMsecIPTunnel structure includes the
following updates: - New fields:
- NMsIPTunFIPS140
- NMsIPTunEncryptKeyLength
- The NMsIPTunState field has a new value:
- NMsec_SASTATE_HALF_CLOSED (6)
- The NMsIPTunAuthAlg field has the following new values:
- NMsec_AUTH_NULL (0)
- NMsec_AUTH_AES_GMAC_128 (4)
- NMsec_AUTH_AES_GMAC_256 (6)
- NMsec_AUTH_HMAC_SHA2_256_128 (7)
- NMsec_AUTH_AES128_XCBC_96 (9)
- NMsec_AUTH_HMAC_SHA2_384_192 (13)
- NMsec_AUTH_HMAC_SHA2_512_256 (14)
The NMsIPTunAuthAlg field also has existing values that have
changed descriptions. Those values are: - NMsec_AUTH_HMAC_MD5 (38)
- NMsec_AUTH_HMAC_SHA1 (39)
- The NMsIPTunEncryptAlg field has a new value and a changed value.
The new value is NMsec_ENCR_AES_GCM_16 (20)
- The NMsec_ENCR_AES (12) value was changed to NMsec_ENCR_AES_CBC
(12).
|
IKE version 2 support |