NMsIPTunID |
0 |
48 bytes |
EBCDIC |
Tunnel ID |
NMsIPTunVPNAction |
48 |
48 bytes |
EBCDIC |
Tunnel VPN action name |
NMsIPTunFlagIPv6 |
96, bit 0 |
1 bit |
Binary |
IPv6 indicator. If set, security endpoint and
data endpoint addresses are IPv6; otherwise they are IPv4 |
NMsIPTunFIPS140 |
96, bit 1 |
1 bit |
Binary |
FIPS 140 mode indicator. If this field is set,
cryptographic operations for this tunnel are performed using cryptographic
algorithms and modules that are designed to meet the FIPS 140 requirements;
otherwise, cryptographic algorithms and modules that do not meet
the FIPS 140 requirements might be used. |
NMsIPTunRsvd1 |
96, bit 2 |
30 bits |
Binary |
Reserved bits. |
NMsIPTunType |
100 |
1 byte |
Binary |
Tunnel type. The field can have one of the
following values: - NMsec_IPTUN_MANUAL (1)
- Manual IP tunnel
- NMsec_IPTUN_STACK (2)
- Dynamic IP tunnel, as known to the TCP/IP stack
- NMsec_IPTUN_IKE (3)
- Dynamic IP tunnel, as known to IKE
|
NMsIPTunState |
101 |
1 byte |
Binary |
Tunnel state. The field can have one of the
following values: - NMsec_SASTATE_INACTIVE (1)
- Manual tunnel inactive
- NMsec_SASTATE_PENDING (2)
- Dynamic tunnel is awaiting negotiation
- NMsec_SASTATE_INCOMPLETE (3)
- Dynamic tunnel is in negotiation
- NMsec_SASTATE_ACTIVE (4)
- Manual or dynamic tunnel is active
- NMsec_SASTATE_EXPIRED (5)
- Dynamic tunnel is expired
- NMsec_SASTATE_HALF_CLOSED (6)
- Dynamic tunnel is no longer being used by the local endpoint but
the delete process has not been acknowledged by the remote endpoint.
Applies to IKEv2 tunnels only.
|
NMsIPTunRsvd2 |
102 |
2 bytes |
Binary |
Reserved |
NMsIPTunLclEndpt4 |
104 |
4 bytes |
Binary |
If this is an IPv4 tunnel, this field is the
local security endpoint address |
NMsIPTunLclEndpt6 |
104 |
16 bytes |
Binary |
If this is an IPv6 tunnel, this field is the
local security endpoint address |
NMsIPTunRmtEndpt4 |
120 |
4 bytes |
Binary |
If this is an IPv4 tunnel, this field is the
remote security endpoint address |
NMsIPTunRmtEndpt6 |
120 |
16 bytes |
Binary |
If this is an IPv6 tunnel, this field is the
remote security endpoint address |
NMsIPTunEncapMode |
136 |
1 byte |
Binary |
Tunnel encapsulation mode. The field can have
one of the following values: - NMsec_IPTUN_TUNNELMODE (1)
- NMsec_IPTUN_TRANSPORTMODE (2)
This field is not defined if the tunnel state is NMsec_SASTATE_PENDING
or NMsec_SASTATE_INCOMPLETE. |
NMsIPTunAuthProto |
137 |
1 byte |
Binary |
Tunnel authentication protocol. The field can
have one of the following values: - IPPROTO_AH (51)
- IPPROTO_ESP (50)
This field is not defined if the tunnel state is NMsec_SASTATE_PENDING
or NMsec_SASTATE_INCOMPLETE. |
NMsIPTunAuthAlg |
138 |
1 byte |
Binary |
Tunnel authentication algorithm. This field
is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE.
The NMsIPTunAuthAlg field can have one of the following values: - NMsec_AUTH_NULL (0)
- The tunnel uses NULL authentication, or obtains authentication
using a combined-mode encryption algorithm. Also see the definition
of the NMsIPTunEncryptAlg field.
- NMsec_AUTH_HMAC_MD5 (38)
- The tunnel uses HMAC-MD5 authentication with Integrity Check Value
(ICV) truncation to 96 bits.
- NMsec_AUTH_HMAC_SHA1 (39)
- The tunnel uses HMAC-SHA1 authentication with ICV truncation to
96 bits.
- NMsec_AUTH_HMAC_SHA2_256_128 (7)
- The tunnel uses HMAC-SHA2-256 authentication with ICV truncation
to 128 bits.
- NMsec_AUTH_HMAC_SHA2_384_192 (13)
- The tunnel uses HMAC-SHA2-384 authentication with ICV truncation
to 192 bits.
- NMsec_AUTH_HMAC_SHA2_512_256 (14)
- The tunnel uses HMAC-SHA2-512 authentication with ICV truncation
to 256 bits.
- NMsec_AUTH_AES128_XCBC_96 (9)
- The tunnel uses AES128-XCBC authentication with ICV truncation
to 96 bits.
- NMsec_AUTH_AES_GMAC_128 (4)
- The tunnel uses AES-GMAC authentication with a key length of 128
bits.
- NMsec_AUTH_AES_GMAC_256 (6)
- The tunnel uses AES-GMAC authentication with a key length of 256
bits.
|
NMsIPTunEncryptAlg |
139 |
1 byte |
Binary |
Tunnel encryption algorithm. This field is
not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE.
The NMsIPTunEncryptAlg field can have one of the following values: - NMsec_ENCR_NONE (0)
- NMsec_ENCR_NULL (11)
- NMsec_ENCR_DES (18)
- NMsec_ENCR_3DES (3)
- NMsec_ENCR_AES_CBC (12)
- AES encryption algorithm in Cipher Block Chaining (CBC) mode.
Also see the definition of the NMsIPTunEncryptKeyLength field, which
identifies the key length in use.
- NMsec_ENCR_AES_GCM_16 (20)
- AES encryption algorithm in Galois/Counter Mode (GCM) using a
16-octet IV. Also see the definition of the NMsIPTunEncryptKeyLength
field, which identifies the key length in use.
|
NMsIPTunInbAuthSPI |
140 |
4 bytes |
Binary |
Tunnel inbound authentication SPI. This
field is not defined if the tunnel state is NMsec_SASTATE_PENDING
or NMsec_SASTATE_INCOMPLETE.
|
NMsIPTunOutbAuthSPI |
144 |
4 bytes |
Binary |
Tunnel outbound authentication SPI. This
field is not defined if the tunnel state is NMsec_SASTATE_PENDING
or NMsec_SASTATE_INCOMPLETE.
|
NMsIPTunInbEncryptSPI |
148 |
4 bytes |
Binary |
Tunnel inbound encryption SPI. This field
is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE.
|
NMsIPTunOutbEncryptSPI |
152 |
4 bytes |
Binary |
Tunnel outbound encryption SPI. This field
is not defined if the tunnel state is NMsec_SASTATE_PENDING or NMsec_SASTATE_INCOMPLETE.
|
NMsIPTunStartTime |
156 |
4 bytes |
Binary |
Tunnel start time. Indicates the time at
which the tunnel was activated or refreshed, in UNIX format.
|
NMsIPTunEncryptKeyLength |
160 |
4 bytes |
Binary |
Encryption key length, in bits for variable-length
algorithms. This value is 0 for encryption algorithms that have a
fixed key length, such as DES and 3DES, and is a nonzero value for
encryption algorithms that have a variable key length, such as AES-CBC
and AES-GCM. Result: Example values
are 128 and 256.
|