z/OS Communications Server: IP Programmer's Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


IPSec NMI request messages

z/OS Communications Server: IP Programmer's Guide and Reference
SC27-3659-02

Client applications send request messages to the server. Request records contain the input parameters for the request. Input records for monitoring requests are called filter records or input filters. Control requests have a variety of input record formats. The following message types are supported by the server.

  • Monitoring requests.

    Access to each of these functions is controlled using the EZB.NETMGMT.sysname.tcpipname.IPSEC.DISPLAY resource definition in the SERVAUTH class, unless otherwise noted.

    Each number in parentheses represents the value of the given request type constant, which is to be stored in the request message's NMsMType field.

    • NMsec_GET_STACKINFO (2) - Obtain IP security and defensive filtering configuration information for a given TCP⁄IP stack, or optionally obtain this information for all active TCP⁄IP stacks.
      Rule: To obtain configuration information for a specific TCP⁄IP stack, set the NMsMTarget field in the request message header to be the same as the value for the stack's job name. To obtain configuration information for all TCP⁄IP stacks, set the NMsMTarget field in the request message header to blanks.
    • NMsec_GET_SUMMARY (3) - Retrieve summary IKE, IPSec, and IP filtering data from and for a particular stack.
    • NMsec_GET_IPFLTCURR (4) - Retrieve detailed information from a particular stack about the currently active IP filters. These filters can be either the default IP security filters (filters that originate from the TCP⁄IP profile) or the policy IP security filters (filters that originate from Policy Agent). Any defensive filters that are installed are also included.
    • NMsec_GET_IPFLTDEFAULT (5) - Retrieve detailed information from a particular stack about the default IP security filters (filters that originate from the TCP⁄IP profile).
      Result: The default IP security filters are returned, regardless of whether they comprise the currently active filter set that is in use by the stack.
    • NMsec_GET_IPFLTPOLICY (6) - Retrieve detailed information from a particular stack about the policy IP security filters (filters that originate from Policy Agent).
      Results:
      • The policy IP security filters are returned regardless of whether they are the currently active filter set in use by the stack.
      • If Policy Agent has not installed IP security filters in the stack, then a message that contains no filters is returned.
    • NMsec_GET_PORTTRAN (7) - Retrieve IPv4 NAT traversal port translation information from a particular stack.
    • NMsec_GET_IPTUNMANUAL (8) - Retrieve detailed information about manual tunnels from a particular stack.
    • NMsec_GET_IPTUNDYNSTACK (9) - Retrieve detailed information about dynamic tunnels (phase 2 tunnels) from a particular stack.
    • NMsec_GET_IPTUNDYNIKE (10) - Retrieve detailed IKE-related information about dynamic tunnels (phase 2 tunnels) for a particular stack.
    • NMsec_GET_IKETUN (11) - Retrieve detailed information about IKE tunnels (phase 1 tunnels) for a particular stack.
    • NMsec_GET_IKETUNCASCADE (12) - Retrieve detailed information about IKE tunnels for a particular stack, along with information about the associated dynamic tunnels (phase 2 tunnels) for each IKE tunnel.
    • NMsec_GET_IPINTERFACES (13) - Retrieve the list of IP interfaces that belong to a particular stack.
    • NMsec_GET_IKENSINFO (14) - Retrieve network security services information for the IKE daemon.
      Rules:
      • Access to this function is controlled using the EZB.NETMGMT.sysname.sysname.IKED.DISPLAY resource definition in the SERVAUTH class.
      • Set the NMsMTarget field in the request message header to blanks for this request.
  • Control requests.

    Access to each of these functions is controlled using the EZB.NETMGMT.sysname.tcpipname.IPSEC.CONTROL resource definition in the SERVAUTH class

    • NMsec_ACTIVATE_IPTUNMANUAL (1001) - Activate a manual tunnel.
    • NMsec_ACTIVATE_IPTUNDYN (1002) - Activate a dynamic IPSec tunnel.
    • NMsec_DEACTIVATE_IPTUNMANUAL (1003) - Deactivate a manual tunnel.
    • NMsec_DEACTIVATE_IPTUNDYN (1004) - Deactivate a dynamic IPSec tunnel.
    • NMsec_DEACTIVATE_IKETUN (1005) - Deactivate an IKE tunnel.
    • NMsec_REFRESH_IPTUNDYN (1006) - Refresh a dynamic IPSec tunnel.
    • NMsec_REFRESH_IKETUN (1007) - Refresh an IKE tunnel.
    • NMsec_LOAD_POLICY (1008) - Switch between default IP filters and policy-based IP filters.
Parent topic: Local IPSec NMI

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014