Client applications send request messages to the server.
Request records contain the input parameters for the request. Input
records for monitoring requests are called filter records or input
filters. Control requests have a variety of input record formats.
The following message types are supported by the server.
- Monitoring requests.
Access to each of these functions is
controlled using the EZB.NETMGMT.sysname.tcpipname.IPSEC.DISPLAY resource definition
in the SERVAUTH class, unless otherwise noted.
Each number
in parentheses represents the value of the given request type constant,
which is to be stored in the request message's NMsMType field.
- NMsec_GET_STACKINFO (2) - Obtain IP security and defensive filtering
configuration information for a given TCP⁄IP stack,
or optionally obtain this information for all active TCP⁄IP stacks.
Rule: To obtain configuration information
for a specific TCP⁄IP stack, set the NMsMTarget field in the request message
header to be the same as the value for the stack's job name. To obtain
configuration information for all TCP⁄IP stacks,
set the NMsMTarget field in the request message header to blanks.
- NMsec_GET_SUMMARY (3) - Retrieve summary IKE, IPSec, and IP filtering
data from and for a particular stack.
- NMsec_GET_IPFLTCURR (4) - Retrieve detailed information from a
particular stack about the currently active IP filters. These filters
can be either the default IP security filters (filters that originate
from the TCP⁄IP profile) or the policy IP security filters (filters that
originate from Policy Agent). Any defensive filters that are installed
are also included.
- NMsec_GET_IPFLTDEFAULT (5) - Retrieve detailed information from
a particular stack about the default IP security filters (filters
that originate from the TCP⁄IP profile).
Result: The default IP security
filters are returned, regardless of whether they comprise the currently
active filter set that is in use by the stack.
- NMsec_GET_IPFLTPOLICY (6) - Retrieve detailed information from
a particular stack about the policy IP security filters (filters that
originate from Policy Agent).
Results: - The policy IP security filters are returned regardless of whether
they are the currently active filter set in use by the stack.
- If Policy Agent has not installed IP security filters in the stack,
then a message that contains no filters is returned.
- NMsec_GET_PORTTRAN (7) - Retrieve IPv4 NAT traversal port translation
information from a particular stack.
- NMsec_GET_IPTUNMANUAL (8) - Retrieve detailed information about
manual tunnels from a particular stack.
- NMsec_GET_IPTUNDYNSTACK (9) - Retrieve detailed information about
dynamic tunnels (phase 2 tunnels) from a particular stack.
- NMsec_GET_IPTUNDYNIKE (10) - Retrieve detailed IKE-related information
about dynamic tunnels (phase 2 tunnels) for a particular stack.
- NMsec_GET_IKETUN (11) - Retrieve detailed information about IKE
tunnels (phase 1 tunnels) for a particular stack.
- NMsec_GET_IKETUNCASCADE (12) - Retrieve detailed information about
IKE tunnels for a particular stack, along with information about the
associated dynamic tunnels (phase 2 tunnels) for each IKE tunnel.
- NMsec_GET_IPINTERFACES (13) - Retrieve the list of IP interfaces
that belong to a particular stack.
- NMsec_GET_IKENSINFO (14) - Retrieve network security services
information for the IKE daemon.
Rules: - Access to this function is controlled using the EZB.NETMGMT.sysname.sysname.IKED.DISPLAY
resource definition in the SERVAUTH class.
- Set the NMsMTarget field in the request message header to blanks
for this request.
- Control requests.
Access to each of these functions is controlled
using the EZB.NETMGMT.sysname.tcpipname.IPSEC.CONTROL
resource definition in the SERVAUTH class
- NMsec_ACTIVATE_IPTUNMANUAL (1001) - Activate a manual tunnel.
- NMsec_ACTIVATE_IPTUNDYN (1002) - Activate a dynamic IPSec tunnel.
- NMsec_DEACTIVATE_IPTUNMANUAL (1003) - Deactivate a manual tunnel.
- NMsec_DEACTIVATE_IPTUNDYN (1004) - Deactivate a dynamic IPSec
tunnel.
- NMsec_DEACTIVATE_IKETUN (1005) - Deactivate an IKE tunnel.
- NMsec_REFRESH_IPTUNDYN (1006) - Refresh a dynamic IPSec tunnel.
- NMsec_REFRESH_IKETUN (1007) - Refresh an IKE tunnel.
- NMsec_LOAD_POLICY (1008) - Switch between default IP filters and
policy-based IP filters.