IKEProposal contains the parameters necessary to drive the phase 1 IKE negotiation. | Qualifiers:Version ( "2.8.0" ) MappingStrings { "IPSP Policy Model.IETF|IKEProposal" } UMLPackagePath ( "CIM::IPsecPolicy" ) | Parameters (local in grey) | | ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , ".." , "0x8000.." } Values { "No Group/Non-Diffie-Hellman Exchange" , "DH-768 bit prime" , "DH-1024 bit prime" , "EC2N-155 bit field element" , "EC2N-185 bit field element" , "DH-1536 bit prime" , "Standard Group - Reserved" , "Vendor Reserved" } MappingStrings { "IPSP Policy Model.IETF|IKEProposal.GroupID" , "RFC2412.IETF|Appendix E" } ModelCorrespondence { "CIM_IKESAEndpoint.GroupID" , "CIM_IKEProposal.VendorID" } uint16 GroupId ; The property GroupId specifies the proposed phase 1 security association key exchange group. This property is ignored for all aggressive mode exchanges (IKEAction.ExchangeMode = 4). If the GroupID number is from the vendor-specific range (32768-65535), the property VendorID qualifies the group number. Well-known group identifiers from RFC2412, Appendix E, are: Group 1='768 bit prime', Group 2='1024 bit prime', Group 3 ='Elliptic Curve Group with 155 bit field element', Group 4= 'Large Elliptic Curve Group with 185 bit field element', and Group 5='1536 bit prime'. | ValueMap { "1" , "2" , "3" , "4" , "5" , "6" , "7" , "8..65000" , "65001..65535" } Values { "Other" , "DES" , "IDEA" , "Blowfish" , "RC5" , "3DES" , "CAST" , "DMTF/IANA Reserved" , "Vendor Reserved" } MappingStrings { "IPSP Policy " "Model.IETF|IKEProposal.CipherAlgorithm" , "RFC2409.IETF|Appendix A" } ModelCorrespondence { "CIM_IKESAEndpoint.CipherAlgorithm" , "CIM_IKEProposal.OtherCipherAlgorithm" } uint16 CipherAlgorithm ; CipherAlgorithm is an enumeration that specifies the proposed encryption algorithm. The list of algorithms was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.CipherAlgorithm. | ModelCorrespondence { "CIM_IKESAEndpoint.OtherHashAlgorithm" , "CIM_IKEProposal.HashAlgorithm" } string OtherHashAlgorithm ; Description of the hash function when the value 1 ('Other') is specified for the property, HashAlgorithm. | Punit ( "byte * 10^3" ) MappingStrings { "IPSP Policy " "Model.IETF|IKEProposal.MaxLifetimeKilobytes" } Units ( "KiloBytes" ) ModelCorrespondence { "CIM_SecurityAssociationEndpoint.LifetimeKilobytes" } uint64 MaxLifetimeKilobytes ; MaxLifetimeKilobytes specifies the maximum kilobyte lifetime the IKE message sender proposes for an SA to be considered valid after it has been created. A value of zero (the default) indicates that there should be no maximum kilobyte lifetime. A non-zero value specifies the desired kilobyte lifetime. | ModelCorrespondence { "CIM_IKESAEndpoint.OtherCipherAlgorithm" , "CIM_IKEProposal.CipherAlgorithm" } string OtherCipherAlgorithm ; Description of the encryption algorithm when the value 1 ('Other') is specified for the property, CipherAlgorithm. | Punit ( "second" ) MappingStrings { "IPSP Policy " "Model.IETF|IKEProposal.MaxLifetimeSeconds" } Units ( "Seconds" ) ModelCorrespondence { "CIM_SecurityAssociationEndpoint.LifetimeSeconds" } uint64 MaxLifetimeSeconds ; MaxLifetimeSeconds specifies the maximum time the IKE message sender proposes for an SA to be considered valid after it has been created. A value of zero indicates that the default of 8 hours be used. A non-zero value indicates the maximum seconds lifetime. | ValueMap { "1" , "2" , "3" , "4" , "5" , "6" , "7..64999" , "65000" , "65001..65535" } Values { "Other" , "Pre-shared Key" , "DSS Signatures" , "RSA Signatures" , "Encryption with RSA" , "Revised Encryption with RSA" , "DMTF/IANA Reserved" , "Any" , "Vendor Reserved" } MappingStrings { "IPSP Policy " "Model.IETF|IKEProposal.AuthenticationMethod" , "RFC2409.IETF|Appendix A" } ModelCorrespondence { "CIM_IKESAEndpoint.AuthenticationMethod" , "CIM_IKEProposal.OtherAuthenticationMethod" } uint16 AuthenticationMethod ; AuthenticationMethod is an enumeration that specifies the proposed authentication. The list of methods was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.AuthenticationMethod. There is one change to the list - the value 65000 has special meaning. It is a special value that indicates that this particular proposal should be repeated once for each authentication method corresponding to credentials installed on the machine. For example, if the system has a pre-shared key and an public-key certificate, a proposal list would be constructed which includes a proposal that specifies a pre-shared key and a proposal for any of the public-key certificates. | ModelCorrespondence { "CIM_IKESAEndpoint.OtherAuthenticationMethod" , "CIM_IKEProposal.AuthenticationMethod" } string OtherAuthenticationMethod ; Description of the method when the value 1 ('Other') is specified for the property, AuthenticationMethod. | ValueMap { "1" , "2" , "3" , "4" , "5..65000" , "65001..65535" } Values { "Other" , "MD5" , "SHA-1" , "Tiger" , "DMTF/IANA Reserved" , "Vendor Reserved" } MappingStrings { "IPSP Policy " "Model.IETF|IKEProposal.HashAlgorithm" , "RFC2409.IETF|Appendix A" } ModelCorrespondence { "CIM_IKESAEndpoint.HashAlgorithm" , "CIM_IKEProposal.OtherHashAlgorithm" } uint16 HashAlgorithm ; HashAlgorithm is an enumeration that specifies the proposed hash function. The list of algorithms was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.HashAlgorithm. | ModelCorrespondence { "CIM_IKESAEndpoint.VendorID" , "CIM_IKEProposal.GroupId" } string VendorID ; VendorID identifies the vendor when the value of GroupID is in the vendor-specific range, 32768 to 65535. | ValueMap { "0" , "1" , "2" , "3" } Values { "Not Changeable - Persistent" , "Changeable - Transient" , "Changeable - Persistent" , "Not Changeable - Transient" } Experimental uint16 ChangeableType ; Enumeration indicating the type of setting. 0 'Not Changeable - Persistent' indicates the instance of SettingData represents primordial settings and shall not be modifiable. 1 'Changeable - Transient' indicates the SettingData represents modifiable settings that are not persisted. Establishing persistent settings from transient settings may be supported. 2 'Changeable - Persistent' indicates the SettingData represents a persistent configuration that may be modified. 3 'Not Changeable - Transient' indicates the SettingData represents a snapshot of the settings of the associated ManagedElement and is not persistent. | Required Override ( "ElementName" ) string ElementName ; The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.) | Experimental string ConfigurationName ; An instance of CIM_SettingData may correspond to a well-known configuration that exists for an associated CIM_ManagedElement. If the ConfigurationName property is non-NULL, the instance of CIM_SettingData shall correspond to a well-known configuration for a Managed Element, the value of the ConfigurationName property shall be the name of the configuration, and the ChangeableType property shall have the value 0 or 2. A value of NULL for the ConfigurationName property shall mean that the instance of CIM_SettingData does not correspond to a well-known configuration for a Managed Element or that this information is unknown. | Key string InstanceID ; Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following 'preferred' algorithm: <OrgID>:<LocalID> Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>. <LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above 'preferred' algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance. For DMTF-defined instances, the 'preferred' algorithm must be used with the <OrgID> set to CIM. | MaxLen ( 64 ) string Caption ; The Caption property is a short textual description (one- line string) of the object. | string Description ; The Description property provides a textual description of the object. |
| | | | |
|