Class CIM_SANegotiationAction
extends CIM_SAAction

SANegotiationAction is the base class for negotiated SAs. It is abstract, specifying the common parameters that control the IPsec phase 1 and phase 2 negotiations.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_Policy
   |
   +--CIM_PolicyAction
   |
   +--CIM_SAAction
   |
   +--CIM_SANegotiationAction

Direct Known Subclasses

CIM_IKEAction
CIM_IPsecAction

Class Qualifiers

NameData TypeValue
Abstractbooleantrue
DescriptionstringSANegotiationAction is the base class for negotiated SAs. It is abstract, specifying the common parameters that control the IPsec phase 1 and phase 2 negotiations.
MappingStringsstringIPSP Policy Model.IETF|SANegotiationAction, IPSP Policy Model.IETF|IKENegotiationAction
UMLPackagePathstringCIM::IPsecPolicy
Versionstring2.8.0

Class Properties

Local Class Properties

NameData TypeDefault ValueQualifiers
NameData TypeValue
IdleDurationSecondsuint640
DescriptionstringIdleDurationSeconds is the time an SA can remain idle (i.e., no traffic protected using the security association) before it is automatically deleted. The default (zero) value indicates that there is no idle duration timer and that the SA is deleted based upon the SA seconds and kilobyte lifetimes. Any non-zero value indicates the number of seconds that the SA may remain unused.
MappingStringsstringIPSP Policy Model.IETF|IKENegotiationAction.IdleDurationSeconds
ModelCorrespondencestringCIM_SecurityAssociationEndpoint.IdleDurationSeconds
PUnitstringsecond
UnitsstringSeconds
MinLifetimeKilobytesuint640
DescriptionstringMinLifetimeKilobytes prevents certain denial of service attacks where the peer requests an arbitrarily low lifetime value, causing renegotiations with expensive Diffie-Hellman operations. The property specifies the minimum lifetime, in kilobytes, that will be accepted from the peer. A value of zero (the default) indicates that there is no minimum value. A non-zero value specifies the minimum kilobytes lifetime. Note that there has been considerable debate regarding the usefulness of applying kilobyte lifetimes to phase 1 security associations, so it is likely that this property will only apply to the subclass, IPsecAction.
MappingStringsstringIPSP Policy Model.IETF|IKENegotiationAction.MinLifetimeKilobytes
ModelCorrespondencestringCIM_SecurityAssociationEndpoint.LifetimeKilobytes
PUnitstringbyte * 10^3
UnitsstringKiloBytes
MinLifetimeSecondsuint640
DescriptionstringMinLifetimeSeconds prevents certain denial of service attacks where the peer requests an arbitrarily low lifetime value, causing renegotiations with expensive Diffie-Hellman operations. The property specifies the minimum lifetime, in seconds, that will be accepted from the peer. A value of zero (the default) indicates that there is no minimum value. A non-zero value specifies the minimum seconds lifetime.
MappingStringsstringIPSP Policy Model.IETF|IKENegotiationAction.MinLifetimeSeconds
ModelCorrespondencestringCIM_SecurityAssociationEndpoint.LifetimeSeconds
PUnitstringsecond
UnitsstringSeconds

Inherited Properties

NameData Type
Captionstring
CommonNamestring
CreationClassNamestring
Descriptionstring
DoActionLoggingboolean
DoPacketLoggingboolean
ElementNamestring
Generationuint64
InstanceIDstring
PolicyActionNamestring
PolicyRuleCreationClassNamestring
PolicyRuleNamestring
SystemCreationClassNamestring
SystemNamestring
PolicyKeywordsstring[]

Class Methods