Class CIM_IPsecAction
extends CIM_SANegotiationAction

IPsecAction specifies the parameters to use for an IPsec phase 2 negotiation.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_Policy
   |
   +--CIM_PolicyAction
   |
   +--CIM_SAAction
   |
   +--CIM_SANegotiationAction
   |
   +--CIM_IPsecAction

Direct Known Subclasses

CIM_IPsecTransportAction
CIM_IPsecTunnelAction

Class Qualifiers

NameData TypeValue
DescriptionstringIPsecAction specifies the parameters to use for an IPsec phase 2 negotiation.
MappingStringsstringIPSP Policy Model.IETF|IPsecAction
UMLPackagePathstringCIM::IPsecPolicy
Versionstring2.8.0

Class Properties

Local Class Properties

NameData TypeDefault ValueQualifiers
NameData TypeValue
Granularityuint16
DescriptionstringThe property Granularity is an enumeration that specifies how the selector for the SA should be derived from the traffic that triggered the negotiation. Its values are: 1=Other; See the OtherGranularity property for more information 2=Subnet; The source and destination subnet masks are used 3=Address; The source and destination IP addresses of the triggering packet are used 4=Protocol; The source and destination IP addresses and the IP protocol of the triggering packet are used 5=Port; The source and destination IP addresses, IP protocol and the source and destination layer 4 ports of the triggering packet are used.
MappingStringsstringIPSP Policy Model.IETF|IPsecAction.Granularity
ModelCorrespondencestringCIM_IPsecAction.OtherGranularity
ValueMapstring1, 2, 3, 4, 5
ValuesstringOther, Subnet, Address, Protocol, Port
GroupIduint16
DescriptionstringGroupId specifies the PFS group ID to use. This value is only used if PFS is True and UsePhase1Group is False. If the GroupID number is from the vendor-specific range (32768-65535), the VendorID qualifies the group number. Well-known group identifiers from RFC2412, Appendix E, are: Group 1='768 bit prime', Group 2='1024 bit prime', Group 3='Elliptic Curve Group with 155 bit field element', Group 4='Large Elliptic Curve Group with 185 bit field element', and Group 5='1536 bit prime'.
MappingStringsstringIPSP Policy Model.IETF|IPsecAction.GroupID, RFC2412.IETF|Appendix E
ModelCorrespondencestringCIM_IPsecAction.VendorID, CIM_IKESAEndpoint.GroupID
ValueMapstring0, 1, 2, 3, 4, 5, .., 0x8000..
ValuesstringNo Group/Non-Diffie-Hellman Exchange, DH-768 bit prime, DH-1024 bit prime, EC2N-155 bit field element, EC2N-185 bit field element, DH-1536 bit prime, Standard Group - Reserved, Vendor Reserved
OtherGranularitystring
DescriptionstringDescription of the granularity when the value 1 ("Other") is specified for the property, Granularity.
ModelCorrespondencestringCIM_IPsecAction.Granularity
UsePFSboolean
DescriptionstringUsePFS indicates whether perfect forward secrecy is required when refreshing keys.
MappingStringsstringIPSP Policy Model.IETF|IPsecAction.UsePFS
ModelCorrespondencestringCIM_IPsecSAEndpoint.PFSInUse
UsePhase1Groupboolean
DescriptionstringUsePhase1Group indicates that the phase 2 GroupId should be the same as that used in the phase 1 key exchange. If UsePFS is False, then this property is ignored. Note that a value of False indicates that the property GroupId will contain the key exchange group to use for phase 2.
MappingStringsstringIPSP Policy Model.IETF|IPsecAction.UseIKEGroup
VendorIDstring
DescriptionstringThe property VendorID is used together with the property GroupID (when it is in the vendor-specific range) to identify the key exchange group. VendorID is ignored unless UsePFS is true, AND UsePhase1Group is False, AND GroupID is in the vendor-specific range (32768-65535).
MappingStringsstringIPSP Policy Model.IETF|IPsecAction.VendorID
ModelCorrespondencestringCIM_IPsecAction.GroupId, CIM_IKESAEndpoint.VendorID

Inherited Properties

NameData Type
Captionstring
CommonNamestring
CreationClassNamestring
Descriptionstring
DoActionLoggingboolean
DoPacketLoggingboolean
ElementNamestring
Generationuint64
IdleDurationSecondsuint64
InstanceIDstring
MinLifetimeKilobytesuint64
MinLifetimeSecondsuint64
PolicyActionNamestring
PolicyRuleCreationClassNamestring
PolicyRuleNamestring
SystemCreationClassNamestring
SystemNamestring
PolicyKeywordsstring[]

Class Methods