Main Page Windows 8 DLLs Windows 10 DLLs Feedback NirSoft Utilities
Windows 7 DLL File Information - nshipsec.dll

The following DLL report was generated by automatic DLL script that scanned and loaded all DLL files in the system32 directory of Windows 7, extracted the information from them, and then saved it into HTML reports. If you want to view a report of another DLL, go to the main page of this Web site.

 

General Information

File Description: Net Shell IP Security helper DLL  
File Version: 6.1.7100.0 (winmain_win7rc.090421-1700)  
Company: Microsoft Corporation  
Product Name: Microsoft Windows Operating System  
DLL popularity Very Low - There is no any other DLL in system32 directory that is statically linked to this file.
File Size: 338 KB
Total Number of Exported Functions: 1
Total Number of Exported Functions With Names: 1
 

Section Headers

Name Virtual Address Raw Data Size % of File Characteristics Section Contains...
.text 0x00001000 323,584 Bytes 93.5% Read, Execute Code
.data 0x00050000 2,048 Bytes 0.6% Write, Read Initialized Data
.rsrc 0x00053000 1,536 Bytes 0.4% Read Initialized Data
.reloc 0x00054000 17,408 Bytes 5.0% Read, Discardable Initialized Data
 

Static Linking

nshipsec.dll is statically linked to the following files:

msvcrt.dll
KERNEL32.dll
NETSH.EXE
WS2_32.dll
ntdll.dll
RPCRT4.dll
USER32.dll
ADVAPI32.dll
ole32.dll
CRYPT32.dll
NETAPI32.dll
USERENV.dll
ACTIVEDS.dll
OLEAUT32.dll
POLSTORE.DLL
WINIPSEC.DLL
DNSAPI.dll
WLDAP32.dll
FirewallAPI.dll

This means that when nshipsec.dll is loaded, the above files are automatically loaded too. If one of these files is corrupted or missing, nshipsec.dll won't be loaded.

 

General Resources Information

Resource Type Number of Items Total Size % of File
Icons 0 0 Bytes 0.0%
Animated Icons 0 0 Bytes 0.0%
Cursors 0 0 Bytes 0.0%
Animated Cursors 0 0 Bytes 0.0%
Bitmaps 0 0 Bytes 0.0%
AVI Files 0 0 Bytes 0.0%
Dialog-Boxes 0 0 Bytes 0.0%
HTML Related Files 0 0 Bytes 0.0%
Menus 0 0 Bytes 0.0%
Strings 960 178,828 Bytes 51.7%
Type Libraries 0 0 Bytes 0.0%
Manifest 0 0 Bytes 0.0%
All Others 2 1,140 Bytes 0.3%
Total 962 179,968 Bytes 52.0%
 

Icons in this file

No icons found in this file

 

Cursors in this file

No cursors found in this file

 

Dialog-boxes list (up to 200 dialogs)

No dialog resources in this file.

 

String resources in this dll (up to 200 strings)

String ID String Text
11110 Exports all the policies from the policy store.
11111 Imports the policies from a file to the policy store.
11112 Restores the default example policies.
11150 Usage: exportpolicy [ file = ] <string> Exports all the policies to a file. Parameters: Tag Value name -Name of the file into which the policies are exported. Remarks: .ipsec extension is by default added to the filename. Examples: exportpolicy Policy1
11151 Usage: importpolicy [ file = ] <string> Imports policies from the specified file. Parameters: Tag Value name -Name of the file from which the policies are imported. Remarks: Examples: importpolicy Policy1.ipsec
11152 Usage: restorepolicyexamples [release = ] (win2k | win2003) Restores the default policies. Parameters: Tag Value release -OS release type, for default policies examples. Remarks: This command is only valid for the local computer policy store. Examples: 1. restorepolicyexamples release=win2003 2. restorepolicyexamples release=win2k
11200 Creates new policies and related information.
11210 Creates a policy with a default response rule.
11211 Creates an empty filter list.
11212 Creates a filter action.
11213 Creates a rule for the specified policy.
11214 Adds a filter to filter list.
11250 Usage: policy [ name = ] <string> [ [ description = ] <string> ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] <integer> ] [ [ mmlifetime = ] <integer> ] [ [ activatedefaultrule = ] (yes | no) ] [ [ pollinginterval = ] <integer> ] [ [ assign = ] (yes | no) ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Creates a policy with the specified name. Parameters: Tag Value name -Name of the policy. description -Brief information about the policy. mmpfs -Option to set master perfect forward secrecy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. activatedefaultrule -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista. pollinginterval -Polling Interval, time in minutes for policy agent to check for changes in policy store. assign -Assigns the policy as active or inactive. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum, where ConfAlg can be DES or 3DES, HashAlg is MD5 or SHA1. GroupNum can be 1 (Low), 2 (Med), 3 (DH2048). Remarks: 1. If mmpfs is specified, qmpermm is set to 1. 2. If the store is 'domain' then assign will have no effect. 3. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add policy Policy1 mmpfs= yes assign=yes mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"
11251 Usage: filterlist [ name = ] <string> [ [ description = ] <string> ] Creates an empty filter list with the specified name. Parameters: Tag Value name -Name of the filter list. description -Brief information about the filter list. Remarks: Examples: add filterlist Filter1
11252 Usage: filteraction [ name = ] <string> [ [ description = ] <string> ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Creates a filter action. Parameters: Tag Value name -Name of the filter action. description -Brief information about the type of filter action. qmpfs -Option to set quick mode perfect forward secrecy. inpass -Accept unsecured communication, but always respond using IPsec. This takes a value of either yes or no. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either yes or no. action -This takes permit, block or negotiate. qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is Lifetime in kilobytes. where s is Lifetime in seconds. Remarks: 1. Quick mode security methods are ignored if the action is not negotiate 2. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"
11253 Usage: rule [ name = ] <string> [ policy = ] <string> [ filterlist = ] <string> [ filteraction = ] <string> [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ description = ] <string> ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] <preshared key> ] [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ] Creates a rule with the specified filter list and filter action. Parameters: Tag Value name -Name of the rule. policy -Name of the policy the rule belongs to. filterlist -Name of the filter list to be used. filteraction -Name of the filter action to be used. tunnel -Tunnel end point IP address. conntype -Connection type can be lan, dialup or all. activate -Activates the rule in the policy if yes is specified. description -Brief information about the rule. kerberos -Provides Kerberos authentication if yes is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 2. Certificate mapping is valid only for domain members. 3. Multiple certificates can be provided by using the rootca parameter multiple times. 4. The preference of each authentication method is determined by its order in the command. 5. If no auth methods are stated, dynamic defaults are used. 6. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. Examples: add rule name=Rule policy=Policy filterlist=Filterlist filteraction=FilterAction kerberos=yes psk="my key" rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\Microsoft North, South, East, and West Root Authority\ certmap:yes excludecaname:no"
11254 Usage: filter [ filterlist = ] <string> [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ description = ] <string> ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ] [ [ mirrored = ] (yes | no) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] <port> ] [ [ dstport = ] <port> ] Adds a filter to the specified filter list. Parameters: Tag Value filterlist -Name of the filter list to which the filter is added. srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. description -Brief information about the filter. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. mirrored -Yes creates two filters, one in each direction. srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range srcport -Source port of the packet. A value of 0 means any port. dstport -Destination port of the packet. A value of 0 means any port. Remarks: 1. If the filter list does not exist it will be created. 2. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 3. Server type can be WINS, DNS, DHCP or GATEWAY. 4. If source is a server type, then dest is 'me' and vice-versa. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45 srcmask=24 dstmask=32 2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0 protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255 3. add filter filterlist=Filter1 srcaddr=me dstaddr=any 4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME 5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME
11300 Modifies existing policies and related information.
11310 Modifies a policy.
11311 Modifies a filter list.
11312 Modifies a filter action.
11313 Modifies a rule.
11314 Sets the current policy store.
11315 Modifies the default response rule of a policy.
11317 Sets the batch update mode.
11350 Usage: policy [ name = ] <string> | [ guid = ] <guid> [ [ newname = ] <string> ] [ [ description = ] <string> ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] <integer> ] [ [ mmlifetime = ] <integer> ] [ [ activatedefaultrule = ] ( yes | no) ] [ [ pollinginterval = ] <integer> ] [ [ assign = ] (yes | no) ] [ [ gponame = ] <string> ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Modifies a policy. Parameters: Tag Value name | guid -Name of the policy, or guid. newname -New name. description -Brief information. mmpfs -Sets master perfect forward secrecy. qmpermm -Number of quick modes per main mode. mmlifetime -Time in minutes to rekey. activatedefaultrule -Activates the default response rule. Valid only for versions of Windows prior to Windows Vista. pollinginterval -Time in minutes to check for change in policy store. assign -Assigns the policy. gponame -Local AD group policy object name to which the policy can be assigned. Valid when the store is domain. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum. Remarks: 1. If mmpfs is specified, qmpermm is set to 1. 2. A GPO name can only be specified if the store is set to domain. 3. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y 2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=NewName gpo=DefaultDomainPolicy assign=y
11351 Usage: filterlist [ name = ] <string> | [ guid = ] <guid> [ [ newname = ] <string> ] [ [ description = ] <string> ] Modifies a filter list name and description. Parameters: Tag Value name | guid -Name of the filter list or guid. newname -New name of the filter list. description -Brief information about the filter list. Examples: 1. set filterlist Filter1 desc=NewFilter1 2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=FilterName
11352 Usage: filteraction [ name = ] <string> | [ guid = ] <guid> [ [ newname = ] <string> ] [ [ description = ] <string> ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Modifies a filter action. Parameters: Tag Value name | guid -Name or guid of the filter action. newname -New name of the filter action. description -Brief information about the filter action. qmpfs -Option to set quick mode perfect forward secrecy. inpass -Accept unsecured communication, but always respond using IPsec. This takes a value of either yes or no. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either yes or no. action -This takes permit or block or negotiate. qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples:1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s 2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} inpass=y
11353 Usage: rule [ name = ] <string> | [id= ] <integer> [ policy = ] <string> [ [ newname = ] <string> ] [ [ description = ] <string> ] [ [ filterlist = ] <string> ] [ [ filteraction = ] <string> ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] <preshared key> ] [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ] Modifies a rule in a policy. Parameters: Tag Value name | id -Name or ID of the rule. policy -Name of the policy, the rule belongs to. newname -New name of the rule. description -Brief information about the rule. filterlist -Name of the filter list to be used. filteraction -Name of the filter action to be used. tunnel -Tunnel ip address or dns name. conntype -Connection type can be lan, dialup or all. activate -Activates the rule in the policy if yes is specified. kerberos -Provides Kerberos authentication if yes is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 2. Certificate mapping is valid only for domain members. 3. Multiple certificates can be provided by using the rootca parameter multiple times. 4. The preference of each authentication method is determined by its order in the command. 5. If no auth methods are stated, dynamic defaults are used. 6. All authentication methods are overwritten with the stated list. 7. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. Examples: 1. set rule name=Rule policy=Policy activate=yes rootca="C=US,O=MSFT,CN=\Microsoft North, South, East, and West Root Authority\ certmap:yes excludecaname:no" 2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156
11354 Usage: store [location = ] (local | domain) [ [ domain = ] <string> ] Sets the current IPsec policy storage location. Parameters: Tag Value location Location of the IPsec policy store. domain Domain name (only applies to the domain location). Remarks: 1. The local store contains IPsec policies that can be assigned to secure this computer. If a domain policy is available, the domain policy is applied instead of the local policy. 2. The domain store contains IPsec policies that can be assigned to secure groups of computers in a domain. 3. Use the 'set machine' command to configure a remote computer. 4. The default store is Local. Changes to the store setting persist only as long as the current Netsh session. If you need to run multiple commands in the same store from a batch file, use the Netsh Exec when executing your batch file. 5. Persistent store and persistent policy is not supported. Examples: 1. set store location= local - uses the local store of the current computer . 2. set store location=domain domain=example.microsoft. com - uses the domain policy store for example.microsoft.com .
11355 Usage: defaultrule [ policy = ] <string> [ [ qmpfs = ] (yes | no) ] [ [ activate = ] (yes | no) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] <preshared key> ] [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ] Modifies the default response rule of the specified policy. This rule will be ignored on Windows Vista and later versions of Windows Parameters: Tag Value policy -Name of the policy for which the default response rule is to be modified . qmpfs -Option to set quick mode perfect forward secrecy . activate -Activates the rule in the policy if yes is specified . qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/ s AH[HashAlg]:k/ s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/ s where ConfAlg can be DES, or 3DES or None . where AuthAlg can be MD5, or SHA1 or None . where HashAlg is MD5 or SHA1 . where k is lifetime in kilobytes . where s is lifetime in seconds . kerberos -Provides Kerberos authentication if yes is specified . psk -Provides authentication using a specified preshared key . rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified . Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \' . 2. Certificate mapping is valid only for domain members . 3. Multiple certificates can be provided by using the rootca parameter multiple times . 4. The preference of each authentication method is determined by its order in the command . 5. If no auth methods are stated, dynamic defaults are used . 6. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only . Examples: set defaultrule Policy1 activate= y qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"
11357 Usage: set batch [mode = ] (enable | disable) Sets the batch update mode. Parameters: mode - The mode for batch updates.
11400 Deletes policies and related information.
11410 Deletes a policy and its rules.
11411 Deletes a filter list.
11412 Deletes a filter action.
11413 Deletes a rule from a policy.
11414 Deletes a filter from a filter list.
11415 Deletes all policies, filter lists, and filter actions.
11450 Usage: policy [ name = ] <string> | [ all ] Deletes the policy and all its associated rules. Parameters: Tag Value name | all -Name of the policy or all. Remarks: If 'all' is specified, all policies are deleted. Examples: 1. delete policy all - deletes all policies. 2. delete policy name=Policy1 - deletes the policy named Policy1.
11451 Usage: filterlist [name = ] <string> | [ all ] Deletes the filter list and all of its associated filters. Parameters: Tag Value name | all -Name of the filter list or all. Remarks: If 'all' is specified, all filter lists are deleted. Examples: delete filterlist all
11452 Usage: filteraction [ name = ] <string> | [ all ] Deletes a filter action. Parameters: Tag Value name | all -Name of the filter action or all. Remarks: If 'all' is specified, all filter actions are deleted. Examples: 1. delete filteraction FilterA 2. delete filteraction all
11453 Usage: rule [ name = ] <string> | [ id = ] <integer> | [ all ] [ policy = ] <string> Deletes a rule from a policy. Parameters: Tag Value name | id | all -Name of the rule, ID of the rule, or all policy -Name of the policy. Remarks: 1. If 'all' is specified, deletes all rules from the policy except the default response rule. 2. The default response rule cannot be deleted. 3. The IDs will change with every delete. Examples: 1. delete rule id=1 Policy1 -deletes the rule with id=1 from Policy1. 2. delete rule all Policy1 -deletes all the rules from Policy1.
11454 Usage: filter [ filterlist = ] <string> [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] <port> ] [ [ dstport = ] <port> ] [ [ mirrored = ] (yes | no) ] Deletes a filter from a filter list Parameters: Tag Value filterlist -Name of the filter list to which the filter was added. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range srcport -Source port of the packet. A value of 0 means any port dstport -Destination port of the packet. A value of 0 means any port. mirrored -Yes creates two filters, one in each direction. Remarks: 1. Deletes the exact match filter from the filter list. 2. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 3. Server type can be WINS, DNS, DHCP or GATEWAY. 4. If source is a server, then dest is set to 'me' and vice-versa. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. delete filter FilterList1 src=fum.com dst=fum.com 2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP 3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP 4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME
11455 Usage: all Deletes all policies, filter lists, and filter actions. Parameters: Remarks: Examples: delete all
11500 Displays details of policies and related information.
11510 Displays policy details.
11511 Displays filter list details.
11512 Displays filter action details.
11513 Displays rule details.
11515 Displays details of all policies and related information.
11516 Displays details of a group assigned policy.
11517 Displays the current policy store.
11550 Usage: policy [ name = ] <string> | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of a policy Parameters: Tag Value name | all -Name of the policy or all. level -Verbose or normal. format -Output in screen or tab-delimited format. wide -If set to no, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all policy details are displayed. Examples: show policy Policy1 wide=yes format=table
11551 Usage: filterlist [ name = ] <string> | [ rule = ] <string> | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] [ [ wide = ] (yes | no) ] Displays the details of a filter list Parameters: Tag Value name | rule | all -Name of the filter list, rule name, or all. level -Verbose or normal. format -Output in screen or tab-delimited format. resolvedns -Value of yes will force the verbose output to show the current dns mapping for ip addresses and dns names that are stored in the filter fields. wide -If set to no, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all filter lists are displayed. Examples: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes
11552 Usage: filteraction [ name = ] <string> | [ rule = ] <string> | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of a filter action Parameters: Tag Value name | rule | all -Name of the filter action, rule name, or all. level -Verbose or normal. format -Output in screen or tab-delimited format wide -If set to no, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all filter actions are displayed. Examples: 1. show filteraction FilterAction1 - shows the details of the filter action named FilterAction1 2. show filteraction rule=Rule1 - shows the filter action used by the rule named Rule1 3. show filteraction all - shows all filter actions
11553 Usage: rule [ name = ] <string> | [ id = ] <integer> ] | [ all ] | [default] [ policy = ] <string> [ [ type = ] (tunnel | tranport) ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of rules for the policy. Parameters: Tag Value name | id | all | default -Name of the rule, its id, all, or default. policy -Name of the policy. type -Rule type is transport or tunnel. level -Verbose or normal. format -Output in screen or tab-delimited format. wide -If set to no, the name and description are truncated to fit the screen width of 80 characters. Remarks: 1. If all is specified, all rules are displayed. 2. If the type parameter is specified, 'all' needs to be specified. Examples: 1. show rule all type=transport policy=Policy1 - shows all the transport rules of the policy named Policy1. 2. show rule id=1 policy=Policy1 - shows the first rule of the policy. 3. show rule default policy=Policy1 - shows the details of the default response rule of Policy1.
11555 Usage: all [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays all policies, filter lists, and filter actions. Parameters: Tag Value format -Output in screen or tab-delimited format. wide -If set to no, the name and description are truncated to fit the screen width of 80 characters. Remarks: Examples: show all
11556 Usage: gpoassignedpolicy [name = ] <string> Displays the details of the active policy for the specified GPO. Parameters: Tag Value Name -Local AD Group policy object name. Remarks: 1. if the current store is domain, the name parameter is required, otherwise it is not allowed Examples: 1. show gpoassignedpolicy name=GPO1 - shows the assigned domain policy to GPO1. 2. show gpoassignedpolicy - shows currently assigned policy on this computer.
11557 Usage: store Examples: show store
12200 Adds policy, filter, and actions to SPD.
12210 Adds a quick mode policy to SPD.
12211 Adds a main mode policy to SPD.
12212 Adds a quick mode filter to SPD.
12213 Adds a main mode filter to SPD.
12215 Adds a rule and associated filters to SPD.
12250 Usage: qmpolicy [ name = ] <string> [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Adds a quick mode policy to SPD. Parameters: Tag Value name -Name of the quick mode policy. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either yes or no. pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default). qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add qmpolicy name=qmp qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"
12251 Usage: mmpolicy [ name = ] <string> [ [ qmpermm = ] <integer> ] [ [ mmlifetime = ] <integer> ] [ [ softsaexpirationtime = ] <integer> ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Adds a main mode policy to SPD. Parameters: Tag Value name -Name of the main mode policy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. softsaexpirationtime -Time in minutes for an unprotected SA to expire. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum. where ConfAlg can be DES or 3DES where HashAlg can be MD5 or SHA1 GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048). Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20 mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"
12255 Usage: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ mmpolicy = ] <string> [ [ qmpolicy = ] <string> ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ] [ [ srcport = ] <port> ] [ [ dstport = ] <port> ] [ [ mirrored = ] (yes | no) ] [ [ conntype = ] (lan | dialup | all) ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] <preshared key> ] [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ] Adds a Rule. Parameters: Tag Value srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. mmpolicy -Main mode policy qmpolicy -Quick mode policy protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. If you specify a port, acceptable value is TCP or UDP. srcport -Source port(0 means any port) dstport -Destination port(0 means any port) mirrored -Yes' creates two filters, one in each direction. conntype -Connection type actioninbound -Action for inbound packets actionoutbound -Action for outbound packets srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range tunneldstaddress -Tunnel destination ip address or dns name. kerberos -Provides kerberos authentication if yes is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Port valid for TCP and UDP. 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. Default for actioninbound and actionoutbound is negotiate. 4. For tunnel rules, mirrored must be set to 'no'. 5. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 6. Certificate mapping is valid only for domain members. 7. Multiple certificates can be provided by using the rootca parameter multiple times. 8. The preference of each authentication method is determined by its order in the command. 9. If no auth methods are stated, dynamic defaults are used. 10. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. 11. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Example: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\Microsoft North, South, East, and West Root Authority\ certmap:yes excludecaname:no"
12300 Modifies policy, filter, and actions in SPD.
12310 Modifies a quick mode policy in SPD.
12311 Modifies a main mode policy in SPD.
12312 Modifies a quick mode filter in SPD.
12313 Modifies a main mode filter in SPD.
12319 Sets the IPsec configuration and boot time behavior.
12320 Modifies a rule and associated filters in SPD.
12350 Usage: qmpolicy [ name = ] <string> [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Modifies a quick mode policy in SPD. Parameters: Tag Value name -Name of the quick mode policy. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either 'yes' or 'no'. pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default). qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES, or 3DES or None. where AuthAlg can be MD5, or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Example: set qmpolicy name=qmp pfsg=grp3 qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"
12351 Usage: mmpolicy [ name = ] <string> [ [ qmpermm = ] <integer> ] [ [ mmlifetime = ] <integer> ] [ [ softsaexpirationtime = ] <integer> ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Modifies a main mode policy with the new parameters in SPD. Parameters: Tag Value name -Name of the main mode policy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. softsaexpirationtime -Time in minutes for an unprotected SA to expire. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum, where ConfAlg can be DES or 3DES, HashAlg is MD5 or SHA1, GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048). Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Example: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3
12359 Usage: config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval | ikelogging | strongcrlcheck | bootmode | bootexemptions) ] [ value = ] <integer> | <bootmode> | <bootexemptions> ] Configures the parameters for IPsec. Parameters: Tag Value property -Property name. value -Value that corresponds to the property. Remarks: 1. Valid values for the properties are: ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7 ikelogging - 0, 1 strongcrlcheck - 0, 1, 2 ipsecloginterval - 60 to 86400 sec ipsecexempt - 0, 1, 2, 3 bootmode - stateful, block, permit bootexemptions - none, "exemption#1 exemption#2 ... exemption#n" where the quoted string specifies a list of protocols and ports to always allow during boot mode in the following format: Protocol:SrcPort:DstPort:Direction where protocol is ICMP, TCP, UDP, RAW, or <integer> where direction is inbound or outbound 2. ipsecdiagnostics, ikelogging, ipsecloginterval, bootmode and bootexemptions options are provided for backward compatibility. Not valid for Windows Vista and later operating systems. 3. SrcPort and DstPort are only valid for TCP and UDP, with other protocols the format of the exemption is Protocol:Direction. 4. A port setting of 0 allows for traffic for any port. 5. ikelogging and strongcrlcheck are activated immediately; all other properties take effect on next boot. Examples: 1. set config property=ipsecdiagnostics value=0 2. set config property=bootmode value=stateful 3. set config property=bootexemptions value=none 4. set config property=bootexemptions value="ICMP:inbound TCP:80:80:outbound"
12360 Usage: rule [ srcaddr = ] (ip | dns | server) [ dstaddr = ] (ip | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) [ srcport = ] <port> [ dstport = ] <port> [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ mmpolicy = ] <string> ] [ [ qmpolicy = ] <string> ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] <preshared key> ] [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ] Modifies a rule and associated filters in SPD. Parameters: Tag Value srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port (0 means any port) dstport -Destination port (0 means any port) mirrored -'Yes' creates two filters, one in each direction. conntype -Connection type srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range tunneldstaddress -Tunnel destination ip address or dns name. mmpolicy -Main mode policy qmpolicy -Quick mode policy actioninbound -Action for inbound packets actionoutbound -Action for outbound packets kerberos -Provides kerberos authentication if yes is specified psk -Provides authentication using a specified preshared key rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Mmpolicy, qmpolicy, actioninbound, actionoutbound and authmethods can be set; other fields are identifiers. 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 4. Certificate mapping is valid only for domain members. 5. Multiple certificates can be provided by using the rootca parameter multiple times. 6. The preference of each authentication method is determined by its order in the command. 7. If no auth methods are stated, dynamic defaults are used. 8. All authentication methods are overwritten with the stated list. 9. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. 10. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32 tunneldst=192.168.145.1 proto=tcp srcport=80 dstport=80 mir=no con=lan qmp=qmp actionin=negotiate actionout=permit 2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\Microsoft North, South, East, and West Root Authority\ certmap:yes excludecaname:no"
12400 Deletes policy, filter, and actions from SPD.
12410 Deletes a quick mode policy from SPD.
12411 Deletes a main mode policy from SPD.
12414 Deletes a rule and associated filters from SPD.
12415 Deletes all policies, filters, and actions from SPD.
12450 Usage: qmpolicy [ name = ] <string> | [ all ] Deletes a quick mode policy from SPD. If 'all' is specified, all quick mode policies are deleted. Parameters: Tag Value name -Name of the quick mode policy. Remarks: To delete a quick mode policy, any associated quick mode filters must first be deleted. Examples: delete qmpolicy name=qmp
12451 Usage: mmpolicy [ name = ] <string> | [ all ] Deletes a main mode policy from SPD. If 'all' is specified, all main mode policies are deleted. Parameters: Tag Value name -Name of the main mode policy. Remarks: To delete a main mode policy, any associated main mode filters must first be deleted. Examples: delete mmpolicy name=mmp
12454 Usage: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) [ srcport = ] <port> [ dstport = ] <port> [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] Deletes a rule from SPD. Parameters: Tag Value srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. mirrored -Yes creates two filters, one in each direction. conntype -Connection type can be lan, dialup or all. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. tunneldstaddress -Tunnel destination ip address or dns name. Remarks: 1. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: delete rule srca=192.168.145.110 dsta=192.168.145.215 tunneldsta=192.168.145.1 proto=tcp srcport=80 dstport=80 mirror=no conntype=lan
12455 Usage: all Deletes all policies, filters, and authentication methods from SPD. Example: delete all
12500 Displays policy, filter, and actions from SPD.
12510 Displays policies, filters, SAs, and statistics from SPD.
12511 Displays main mode policy details from SPD.
12512 Displays quick mode policy details from SPD.
12513 Displays main mode filter details from SPD.
12514 Displays quick mode filter details from SPD.
12515 Displays IPsec and IKE statistics from SPD.
12516 Displays main mode security associations from SPD.
12517 Displays quick mode security associations from SPD.
12518 Displays IPsec configuration.
12519 Displays rule details from SPD.
12550 Usage: all [ [ resolvedns = ] (yes | no) ] Displays details of all policies, filters, SAs, and statistics from SPD. Parameters: Tag Value resolvedns -Value of 'yes' displays the resolved dns name. Remarks: Default value of resolvedns is no. Examples: show all yes - shows all information with dns resolution
12551 Usage: mmpolicy [ name = ] <string> | [ all ] Displays main mode policy details from SPD. Parameters: Tag Value name -Name of the main mode policy. Remarks: If 'all' is specified, all main mode policies are displayed. Examples: 1. show mmpolicy name=mmp 2. show mmpolicy all
12552 Usage: qmpolicy [ name = ] <string> | [ all ] Displays quick mode policy details from SPD. Parameters: Tag Value name -Name of the quick mode policy. Remarks: If 'all' is specified, all quick mode policies are displayed. Examples: 1. show qmpolicy name=qmp 2. show qmpolicy all
12553 Usage: mmfilter [ name = ] <string> | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ resolvedns = ] (yes | no) ] Displays main mode filter details from SPD. Parameters: Tag Value name | all -Name of the main mode filter or all. type -Type of filter to display, either specific or generic. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Default for the type parameter is generic. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If 'all' is specified, all main mode filters are displayed. 4. If source address or destination address is specified, only filters associated with that address are displayed. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show mmfilter name=mmf 2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112
12554 Usage: qmfilter [ name = ] <string> | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ] [ [ srcport = ] <port> ] [ [ dstport = ] <port> ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] Displays quick mode filter details from SPD. Parameters: Tag Value name -Name of the quick mode filter. type -Type of filter to display, either specific or generic. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. actioninbound -Action for inbound packets. actionoutbound -Action for outbound packets. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. If the type is not specified then both generic and specific filters are displayed. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show qmfilter name=qmf 2. show qmfilter all srcaddr=192.134.135.133 proto=TCP 3. If 'all' is specified, all quick mode filters are displayed. 4. If source or destination address name is specified, only filters associated with that address are displayed.
12555 Usage: stats [ [type =] (all | ike | ipsec) ] Displays details of IPsec and IKE statistics. Parameters: Tag Value type -ipsec, ike, or all (which displays both ipsec and ike) Remarks: Examples: 1. show stats all 2. show stats type=ipsec
12556 Usage: mmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] Displays the main mode security associations for a specified address. Parameters: Tag Value all -Display all main mode security associations. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type. format -Output in screen or tab-delimited format. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY. 2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\ Examples: 1. show mmsas all 2. show mmsas srca=192.168.145.110 dsta=192.168.145 .215
12557 Usage: qmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] Displays the quick mode security associations for a specified address. Parameters: Tag Value all -Displays all quick mode security associations. srcaddr -Source ip address(ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. format -Output in screen or tab-delimited format. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY. 2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n Examples: 1. show qmsas all 2. show qmsas srca=192.168.145.110 dsta=192.168.145.215
12558 Usage: config Displays current settings of IPsec configuration parameters. Remarks: Example: show config
12559 Usage: rule [ [ type = ] (transport | tunnel) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ] [ [ srcport = ] <port> ] [ [ dstport = ] <port> ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] Displays rule details from SPD. Parameters: Tag Value type -Type of rule to display, either transport or tunnel. srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. actioninbound -Action for inbound packets. actionoutbound -Action for outbound packets. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Default for the type parameter is transport. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If source or destination address name is specified, only rules associated with that address are displayed. 4. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show rule - shows both transport and tunnel rules 2. show rule type=transport srcaddr=192.134.135.133 proto=TCP
13001 No. of policies : %1!d!
13002 Store : Local Store <%1!s!>
13003 Store : Local Store <%1!s!>
13006 Store : Domain Store <%1!s!>
13007 Store : Domain Store <%1!s!>
13008 Store : Local Store
13011 Store : Domain Store
13012 Remote Machine <%1!s!>
13013 Local Machine <%1!s!>
13014 Remote Domain <%1!s!>
13015 Local Domain <%1!s!>
13016 Local Machine
13017 Local Domain
13100 Policy Name : %1!s!
13304 Rule ID : %1!d!, GUID = %2!s!
13305 FilterList Name : %1!s!
13306 FilterList Name : NONE
13602 Policy Name : %1!s!
13603 Description : %1!s!
13604 Description : NONE
13605 Assigned : YES
13606 Assigned : NO
13607 Master PFS : YES
13608 Master PFS : NO
13609 Polling Interval : %1!d! minutes
13610 No. of Rules : %1!d!
13611 Rule Details
13612 ------------
13615 Assigned : YES but AD Policy Overrides
13700 Rule Name : %1!s!
13701 Rule Name : NONE
13705 Authentication Methods(%1!d!)
13708 Tunnel Dest IP Address :
13709 Connection Type : ALL
13710 Connection Type : LAN
13711 Connection Type : DIAL UP
13712 Connection Type : NONE
13713 FilterList Details
13714 ------------------
13715 No FilterList exists in Default Response Rule
13716 FilterAction Details
13717 ---------------------
13734 No of Transport rule(s): %1!d!
13735 No of Tunnel rule(s) : %1!d!
13736 Activated : YES
13737 Activated : NO
13738 Activated : YES Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
13800 FilterAction Name : %1!s!
13801 FilterAction Name : NONE
13802 Action : PERMIT
13803 Action : BLOCK
13804 Action : NEGOTIATE SECURITY
13805 AllowUnsecure(Fallback): YES
13806 AllowUnsecure(Fallback): NO
13807 Inbound Passthrough : YES
13808 Inbound Passthrough : NO
13809 No. of Security.Methods: %1!d!
13812 AH ESP LIFE (Sec/kB)
13813 -- --- -------------
13815 QMPFS : YES
13816 QMPFS : NO
14200 KERBEROS
14201 Root CA : %1!s!
14202 Preshared Key : %1!s!
14203 NONE
14300 FilterList Name : %1!s!
14301 FilterList Name : NONE
14302 No. of Filters : %1!d!
14304 Filter(s)
14305 ---------
14308 GUID : %1!s!
14309 Last Modified : %1!s!
14500 Source DNS Name : <My IP Address>
14501 Source DNS Name : %1!s!
14502 Source DNS Name : <Any IP Address>
14503 Source DNS Name : <A Specific IP Address>
14504 Source DNS Name : <A Specific IP Subnet>
14505 Source DNS Name : NONE
14506 Destination DNS Name : <My IP Address>
14507 Destination DNS Name : %1!s!
14508 Destination DNS Name : <Any IP Address>
14509 Destination DNS Name : <A Specific IP Address>
14510 Destination DNS Name : <A Specific IP Subnet>
14511 Destination DNS Name : NONE
14512 Mirrored : YES
14513 Mirrored : NO
14514 Source DNS Name : %1!s! resolves to
14515 Destination DNS Name : %1!s! resolves to
14516 Source DNS Name : < DNS SERVER >
14517 Source DNS Name : < WINS SERVER >
 

COM Classes/Interfaces

There is no type library in this file with COM classes/interfaces information

 

Exported Functions List

The following functions are exported by this dll:
InitHelperDll

 

Imported Functions List

The following functions are imported by this dll: