PC World Komputer 2010 April

home *** CD-ROM | disk | FTP | other *** search

/ PC World Komputer 2010 April / PCWorld0410.iso / WindowsServerTrial / server.iso / sources / install.wim / 4 / Windows / System32 / en-US / nshipsec.dll.mui / string.txt next >

Wrap

Text File | 2008-01-19 | 94.7 KB | 961 lines

11110 Exports all the policies from the policy store.\n 11111 Imports the policies from a file to the policy store.\n 11112 Restores the default example policies.\n 11150 \nUsage:\n exportpolicy [ file = ] <string>\n\n Exports all the policies to a file.\n\nParameters:\n\n Tag Value\n name -Name of the file into which the policies are exported.\n\nRemarks: .ipsec extension is by default added to the filename.\n\nExamples: exportpolicy Policy1\n\n 11151 \nUsage:\n importpolicy [ file = ] <string>\n\n Imports policies from the specified file.\n\nParameters:\n\n Tag Value\n name -Name of the file from which the policies are imported.\n\nRemarks:\n\nExamples: importpolicy Policy1.ipsec\n\n 11152 \nUsage:\n restorepolicyexamples [release = ] (win2k | win2003)\n\n Restores the default policies.\n\nParameters:\n\n Tag Value\n release -OS release type, for default policies examples.\n\nRemarks: This command is only valid for the local computer policy store.\n\nExamples: 1. restorepolicyexamples release=win2003\n 2. restorepolicyexamples release=win2k\n\n 11200 Creates new policies and related information.\n 11210 Creates a policy with a default response rule.\n 11211 Creates an empty filter list.\n 11212 Creates a filter action.\n 11213 Creates a rule for the specified policy.\n 11214 Adds a filter to filter list.\n 11250 \nUsage:\n policy [ name = ] <string>\n [ [ description = ] <string> ]\n [ [ mmpfs = ] (yes | no) ]\n [ [ qmpermm = ] <integer> ]\n [ [ mmlifetime = ] <integer> ]\n [ [ activatedefaultrule = ] (yes | no) ]\n [ [ pollinginterval = ] <integer> ]\n [ [ assign = ] (yes | no) ]\n [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]\n\n Creates a policy with the specified name.\n\nParameters:\n\n Tag Value\n name -Name of the policy.\n description -Brief information about the policy.\n mmpfs -Option to set master perfect forward secrecy.\n qmpermm -Number of quick mode sessions per main mode\n session of IKE.\n mmlifetime -Time in minutes to rekey for main mode of IKE.\n activatedefaultrule -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista.\n pollinginterval -Polling Interval, time in minutes for policy agent\n to check for changes in policy store.\n assign -Assigns the policy as active or inactive. \n mmsecmethods -List of one or more space separated security\n methods in the form of ConfAlg-HashAlg-GroupNum,\n where ConfAlg can be DES or 3DES,\n HashAlg is MD5 or SHA1.\n GroupNum can be 1 (Low), 2 (Med), 3 (DH2048).\n\nRemarks: 1. If mmpfs is specified, qmpermm is set to 1.\n 2. If the store is 'domain' then assign will have no effect.\n 3. The use of DES and MD5 is not recommended. These cryptographic\n algorithms are provided for backward compatibility only.\n\nExamples: add policy Policy1 mmpfs= yes assign=yes\n mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"\n\n 11251 \nUsage:\n filterlist [ name = ] <string>\n [ [ description = ] <string> ]\n\n Creates an empty filter list with the specified name.\n\nParameters:\n\n Tag Value\n name -Name of the filter list.\n description -Brief information about the filter list.\n\nRemarks:\n\nExamples: add filterlist Filter1\n\n 11252 \nUsage:\n filteraction [ name = ] <string>\n [ [ description = ] <string> ]\n [ [ qmpfs = ] (yes | no) ]\n [ [ inpass = ] (yes | no) ]\n [ [ soft = ] (yes | no) ]\n [ [ action = ] (permit | block | negotiate) ]\n [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]\n\n Creates a filter action.\n\nParameters:\n\n Tag Value\n name -Name of the filter action.\n description -Brief information about the type of filter action.\n qmpfs -Option to set quick mode perfect forward secrecy.\n inpass -Accept unsecured communication, but always respond\n using IPsec. This takes a value of either yes or no .\n soft -Allow unsecured communication with non-IPsec-aware\n computers. This takes a value of either yes or no .\n action -This takes permit, block or negotiate.\n qmsecmethods -IPsec offer in one of the following formats:\n ESP[ConfAlg,AuthAlg]:k/s\n AH[HashAlg]:k/s\n AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s\n where ConfAlg can be DES or 3DES or None.\n where AuthAlg can be MD5 or SHA1 or None.\n where HashAlg is MD5 or SHA1.\n where k is Lifetime in kilobytes.\n where s is Lifetime in seconds.\n\nRemarks: 1. Quick mode security methods are ignored if the action is not\n negotiate \n 2. The use of DES and MD5 is not recommended. These cryptographic\n algorithms are provided for backward compatibility only.\n\nExamples: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate\n qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"\n\n 11253 \nUsage:\n rule [ name = ] <string>\n [ policy = ] <string>\n [ filterlist = ] <string> \n [ filteraction = ] <string> \n [ [ tunnel = ] (ip | dns) ]\n [ [ conntype = ] (lan | dialup | all) ]\n [ [ activate = ] (yes | no) ]\n [ [ description = ] <string> ]\n [ [ kerberos = ] (yes | no) ]\n [ [ psk = ] <preshared key> ]\n [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ]\n\n Creates a rule with the specified filter list and filter action.\n\nParameters:\n\n Tag Value\n name -Name of the rule.\n policy -Name of the policy the rule belongs to.\n filterlist -Name of the filter list to be used.\n filteraction -Name of the filter action to be used.\n tunnel -Tunnel end point IP address.\n conntype -Connection type can be lan, dialup or all .\n activate -Activates the rule in the policy if yes is specified.\n description -Brief information about the rule.\n kerberos -Provides Kerberos authentication if yes is specified.\n psk -Provides authentication using a specified preshared key.\n rootca -Provides authentication using a specified root certificate,\n attempts to map the cert if certmap:Yes is specified,\n excludes the CA name if excludecaname:Yes is specified.\n\nRemarks: 1. Certificate, mapping, and CA name settings are all to be within\n quotes; embedded quotes are to be replaced with \'.\n 2. Certificate mapping is valid only for domain members.\n 3. Multiple certificates can be provided by using the rootca\n parameter multiple times.\n 4. The preference of each authentication method is determined by\n its order in the command.\n 5. If no auth methods are stated, dynamic defaults are used.\n 6. Excluding the root certification authority (CA) name prevents\n the name from being sent as part of the certificate request.\n\nExamples: add rule name=Rule policy=Policy filterlist=Filterlist\n filteraction=FilterAction kerberos=yes psk="my key"\n rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"\n rootca="C=US,O=MSFT,CN=\ Microsoft North, South, East, and West Root\n Authority\ certmap:yes excludecaname:no"\n\n 11254 \nUsage:\n filter [ filterlist = ] <string>\n [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)\n [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)\n [ [ description = ] <string> ]\n [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]\n [ [ mirrored = ] (yes | no) ]\n [ [ srcmask = ] (mask | prefix) ]\n [ [ dstmask = ] (mask | prefix) ]\n [ [ srcport = ] <port> ]\n [ [ dstport = ] <port> ]\n\n Adds a filter to the specified filter list.\n\nParameters:\n\n Tag Value\n filterlist -Name of the filter list to which the filter is added.\n srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.\n dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.\n description -Brief information about the filter.\n protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.\n mirrored - Yes creates two filters, one in each direction.\n srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range \n dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range\n srcport -Source port of the packet. A value of 0 means any port.\n dstport -Destination port of the packet. A value of 0 means any port.\n\nRemarks: 1. If the filter list does not exist it will be created.\n 2. To specify the current computer address, set srcaddr/dstaddr=me\n To specify all computer addresses, set srcaddr/dstaddr=any\n 3. Server type can be WINS, DNS, DHCP or GATEWAY.\n 4. If source is a server type, then dest is 'me' and vice-versa.\n 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n\nExamples: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45\n srcmask=24 dstmask=32\n 2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0\n protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255\n 3. add filter filterlist=Filter1 srcaddr=me dstaddr=any\n 4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME\n 5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME\n\n 11300 Modifies existing policies and related information.\n 11310 Modifies a policy.\n 11311 Modifies a filter list.\n 11312 Modifies a filter action.\n 11313 Modifies a rule.\n 11314 Sets the current policy store.\n 11315 Modifies the default response rule of a policy.\n 11317 Sets the batch update mode.\n 11350 \nUsage:\n policy [ name = ] <string> | [ guid = ] <guid>\n [ [ newname = ] <string> ]\n [ [ description = ] <string> ]\n [ [ mmpfs = ] (yes | no) ]\n [ [ qmpermm = ] <integer> ]\n [ [ mmlifetime = ] <integer> ]\n [ [ activatedefaultrule = ] ( yes | no) ]\n [ [ pollinginterval = ] <integer> ]\n [ [ assign = ] (yes | no) ]\n [ [ gponame = ] <string> ]\n [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]\n\n Modifies a policy.\n\nParameters:\n\n Tag Value\n name | guid -Name of the policy, or guid.\n newname -New name.\n description -Brief information.\n mmpfs -Sets master perfect forward secrecy.\n qmpermm -Number of quick modes per main mode.\n mmlifetime -Time in minutes to rekey.\n activatedefaultrule -Activates the default response rule. Valid only for versions of Windows prior to Windows Vista.\n pollinginterval -Time in minutes to check for change in policy store.\n assign -Assigns the policy.\n gponame -Local AD group policy object name to which the policy\n can be assigned. Valid when the store is domain.\n mmsecmethods -List of one or more space separated security\n methods in the form of ConfAlg-HashAlg-GroupNum.\n\nRemarks: 1. If mmpfs is specified, qmpermm is set to 1.\n 2. A GPO name can only be specified if the store is set to domain.\n 3. The use of DES and MD5 is not recommended. These cryptographic\n algorithms are provided for backward compatibility only.\n\nExamples: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y\n 2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}\n newname=NewName gpo=DefaultDomainPolicy assign=y\n\n 11351 \nUsage:\n filterlist [ name = ] <string> | [ guid = ] <guid>\n [ [ newname = ] <string> ]\n [ [ description = ] <string> ]\n\n Modifies a filter list name and description.\n\nParameters:\n\n Tag Value\n name | guid -Name of the filter list or guid.\n newname -New name of the filter list.\n description -Brief information about the filter list.\n\nExamples: 1. set filterlist Filter1 desc=NewFilter1\n 2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}\n newname=FilterName\n\n 11352 \nUsage:\n filteraction [ name = ] <string> | [ guid = ] <guid>\n [ [ newname = ] <string> ]\n [ [ description = ] <string> ]\n [ [ qmpfs = ] (yes | no) ]\n [ [ inpass = ] (yes | no) ]\n [ [ soft = ] (yes | no) ]\n [ [ action = ] (permit | block | negotiate) ]\n [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]\n\n Modifies a filter action.\n\nParameters:\n\n Tag Value\n name | guid -Name or guid of the filter action.\n newname -New name of the filter action.\n description -Brief information about the filter action.\n qmpfs -Option to set quick mode perfect forward secrecy.\n inpass -Accept unsecured communication, but always respond\n using IPsec. This takes a value of either yes or no .\n soft -Allow unsecured communication with non-IPsec-aware computers.\n This takes a value of either yes or no .\n action -This takes permit or block or negotiate.\n qmsecmethods -IPsec offer in one of the following formats:\n ESP[ConfAlg,AuthAlg]:k/s\n AH[HashAlg]:k/s\n AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s\n where ConfAlg can be DES or 3DES or None.\n where AuthAlg can be MD5 or SHA1 or None.\n where HashAlg is MD5 or SHA1.\n where k is lifetime in kilobytes.\n where s is lifetime in seconds.\n\nRemarks: The use of DES and MD5 is not recommended. These cryptographic\n algorithms are provided for backward compatibility only.\n\nExamples:1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s\n 2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}\n inpass=y\n\n 11353 \nUsage:\n rule [ name = ] <string> | [id= ] <integer>\n [ policy = ] <string>\n [ [ newname = ] <string> ]\n [ [ description = ] <string> ]\n [ [ filterlist = ] <string> ]\n [ [ filteraction = ] <string> ]\n [ [ tunnel = ] (ip | dns) ]\n [ [ conntype = ] (lan | dialup | all) ]\n [ [ activate = ] (yes | no) ]\n [ [ kerberos = ] (yes | no) ]\n [ [ psk = ] <preshared key> ]\n [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ]\n\n Modifies a rule in a policy.\n\nParameters:\n\n Tag Value\n name | id -Name or ID of the rule.\n policy -Name of the policy, the rule belongs to.\n newname -New name of the rule.\n description -Brief information about the rule.\n filterlist -Name of the filter list to be used.\n filteraction -Name of the filter action to be used.\n tunnel -Tunnel ip address or dns name.\n conntype -Connection type can be lan , dialup or all .\n activate -Activates the rule in the policy if yes is specified.\n kerberos -Provides Kerberos authentication if yes is specified.\n psk -Provides authentication using a specified preshared key.\n rootca -Provides authentication using a specified root certificate,\n attempts to map the cert if certmap:Yes is specified,\n excludes the CA name if excludecaname:Yes is specified.\n\nRemarks: 1. Certificate, mapping, and CA name settings are all to be within\n quotes; embedded quotes are to be replaced with \'.\n 2. Certificate mapping is valid only for domain members.\n 3. Multiple certificates can be provided by using the rootca\n parameter multiple times.\n 4. The preference of each authentication method is determined by\n its order in the command.\n 5. If no auth methods are stated, dynamic defaults are used.\n 6. All authentication methods are overwritten with the stated list.\n 7. Excluding the root certification authority (CA) name prevents\n the name from being sent as part of the certificate request.\n\nExamples: 1. set rule name=Rule policy=Policy activate=yes\n rootca="C=US,O=MSFT,CN=\ Microsoft North, South, East, and West\n Root Authority\ certmap:yes excludecaname:no"\n 2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156\n\n 11354 \nUsage:\n store [location = ] (local | domain)\n [ [ domain = ] <string> ]\n\nSets the current IPsec policy storage location.\n\nParameters:\n\n Tag Value\n location Location of the IPsec policy store.\n domain Domain name (only applies to the domain location).\n\nRemarks: 1. The local store contains IPsec policies that can be assigned to\n secure this computer. If a domain policy is available, the\n domain policy is applied instead of the local policy.\n 2. The domain store contains IPsec policies that can be assigned to\n secure groups of computers in a domain.\n 3. Use the 'set machine' command to configure a remote computer.\n 4. The default store is Local. Changes to the store setting persist\n only as long as the current Netsh session. If you need to run\n multiple commands in the same store from a batch file, use the\n Netsh Exec when executing your batch file.\n 5. Persistent store and persistent policy is not supported. \n\n\nExamples: 1. set store location= \nlocal\n - uses the local store of the current computer \n.\n 2. set store location=domain domain=example.microsoft. \ncom\n - uses the domain policy store for example.microsoft.com \n.\n\n 11355 \nUsage:\n defaultrule [ policy = ] <string>\n [ [ qmpfs = ] (yes | no) ]\n [ [ activate = ] (yes | no) ]\n [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]\n [ [ kerberos = ] (yes | no) ]\n [ [ psk = ] <preshared key> ]\n [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ]\n\n Modifies the default response rule of the specified policy.\n This rule will be ignored on Windows Vista and later versions of Windows\n \n\nParameters:\n\n Tag \nValue\n policy -Name of the policy for which the default response rule \nis\n to be modified \n.\n qmpfs -Option to set quick mode perfect forward secrecy \n.\n activate -Activates the rule in the policy if yes is specified \n.\n qmsecmethods -IPsec offer in one of the following formats:\n ESP[ConfAlg,AuthAlg]:k/ \ns\n AH[HashAlg]:k/ \ns\n AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/ \ns\n where ConfAlg can be DES, or 3DES or None \n.\n where AuthAlg can be MD5, or SHA1 or None \n.\n where HashAlg is MD5 or SHA1 \n.\n where k is lifetime in kilobytes \n.\n where s is lifetime in seconds \n.\n kerberos -Provides Kerberos authentication if yes is specified \n.\n psk -Provides authentication using a specified preshared key \n.\n rootca -Provides authentication using a specified root certificate,\n attempts to map the cert if certmap:Yes is specified,\n excludes the CA name if excludecaname:Yes is specified \n.\n\nRemarks: 1. Certificate, mapping, and CA name settings are all to be \nwithin\n quotes; embedded quotes are to be replaced with \' \n.\n 2. Certificate mapping is valid only for domain members \n.\n 3. Multiple certificates can be provided by using the \nrootca\n parameter multiple times \n.\n 4. The preference of each authentication method is determined \nby\n its order in the command \n.\n 5. If no auth methods are stated, dynamic defaults are used \n.\n 6. The use of DES and MD5 is not recommended. These \ncryptographic\n algorithms are provided for backward compatibility only \n.\n\nExamples: set defaultrule Policy1 activate= \ny\n qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"\n\n 11357 \nUsage:\n set batch [mode = ] (enable | disable) \n\n Sets the batch update mode.\n\nParameters:\n\nmode - The mode for batch updates. \n\n\n 11400 Deletes policies and related information.\n 11410 Deletes a policy and its rules.\n 11411 Deletes a filter list.\n 11412 Deletes a filter action.\n 11413 Deletes a rule from a policy.\n 11414 Deletes a filter from a filter list.\n 11415 Deletes all policies, filter lists, and filter actions.\n 11450 \nUsage:\n policy [ name = ] <string> | [ all ]\n\n Deletes the policy and all its associated rules.\n\nParameters:\n\n Tag Value\n name | all -Name of the policy or all .\n\nRemarks: If 'all' is specified, all policies are deleted.\n\nExamples: 1. delete policy all\n - deletes all policies.\n 2. delete policy name=Policy1\n - deletes the policy named Policy1.\n\n 11451 \nUsage:\n filterlist [name = ] <string> | [ all ]\n\n Deletes the filter list and all of its associated filters.\n\nParameters:\n\n Tag Value\n name | all -Name of the filter list or all .\n\nRemarks: If 'all' is specified, all filter lists are deleted.\n\nExamples: delete filterlist all\n\n 11452 \nUsage:\n filteraction [ name = ] <string> | [ all ]\n\n Deletes a filter action.\n\nParameters:\n\n Tag Value\n name | all -Name of the filter action or all .\n\nRemarks: If 'all' is specified, all filter actions are deleted.\n\nExamples: 1. delete filteraction FilterA\n 2. delete filteraction all\n\n 11453 \nUsage:\n rule [ name = ] <string> | [ id = ] <integer> | [ all ]\n [ policy = ] <string>\n\n Deletes a rule from a policy.\n\nParameters:\n\n Tag Value\n name | id | all -Name of the rule, ID of the rule, or all \n policy -Name of the policy.\n\nRemarks: 1. If 'all' is specified, deletes all rules from the policy except\n the default response rule.\n 2. The default response rule cannot be deleted.\n 3. The IDs will change with every delete.\n\nExamples: 1. delete rule id=1 Policy1\n -deletes the rule with id=1 from Policy1.\n 2. delete rule all Policy1\n -deletes all the rules from Policy1.\n\n 11454 \nUsage:\n filter [ filterlist = ] <string>\n [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)\n [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)\n [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]\n [ [ srcmask = ] (mask | prefix) ]\n [ [ dstmask = ] (mask | prefix) ]\n [ [ srcport = ] <port> ]\n [ [ dstport = ] <port> ]\n [ [ mirrored = ] (yes | no) ]\n\n Deletes a filter from a filter list\n\nParameters:\n\n Tag Value\n filterlist -Name of the filter list to which the filter was added.\n srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.\n dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.\n protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.\n srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range \n dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range \n srcport -Source port of the packet. A value of 0 means any port\n dstport -Destination port of the packet. A value of 0 means any port.\n mirrored - Yes creates two filters, one in each direction.\n\nRemarks: 1. Deletes the exact match filter from the filter list.\n 2. To specify the current computer address, set srcaddr/dstaddr=me\n To specify all computer addresses, set srcaddr/dstaddr=any\n 3. Server type can be WINS, DNS, DHCP or GATEWAY.\n 4. If source is a server, then dest is set to 'me' and vice-versa.\n 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n\nExamples: 1. delete filter FilterList1 src=fum.com dst=fum.com\n 2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP\n 3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP\n 4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME\n\n 11455 \nUsage:\n all\n\n Deletes all policies, filter lists, and filter actions.\n\nParameters:\n\nRemarks:\n\nExamples: delete all\n\n 11500 Displays details of policies and related information.\n 11510 Displays policy details.\n 11511 Displays filter list details.\n 11512 Displays filter action details.\n 11513 Displays rule details.\n 11515 Displays details of all policies and related information.\n 11516 Displays details of a group assigned policy.\n 11517 Displays the current policy store.\n 11550 \nUsage:\n policy [ name = ] <string> | [ all ]\n [ [ level = ] (verbose | normal) ]\n [ [ format = ] (list | table) ]\n [ [ wide = ] (yes | no) ]\n\n Displays the details of a policy\n\nParameters:\n\n Tag Value\n name | all -Name of the policy or all .\n level -Verbose or normal.\n format -Output in screen or tab-delimited format.\n wide -If set to no , the name and description are truncated\n to fit the screen width of 80 characters.\n\nRemarks: If 'all' is specified, all policy details are displayed.\n\nExamples: show policy Policy1 wide=yes format=table\n\n 11551 \nUsage:\n filterlist [ name = ] <string> | [ rule = ] <string> | [ all ]\n [ [ level = ] (verbose | normal) ]\n [ [ format = ] (list | table) ]\n [ [ resolvedns = ] (yes | no) ]\n [ [ wide = ] (yes | no) ]\n\n Displays the details of a filter list\n\nParameters:\n\n Tag Value\n name | rule | all -Name of the filter list, rule name, or all .\n level -Verbose or normal.\n format -Output in screen or tab-delimited format.\n resolvedns -Value of yes will force the verbose output to show\n the current dns mapping for ip addresses and dns\n names that are stored in the filter fields.\n wide -If set to no , the name and description are truncated\n to fit the screen width of 80 characters.\n\nRemarks: If 'all' is specified, all filter lists are displayed.\n\nExamples: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes\n\n 11552 \nUsage:\n filteraction [ name = ] <string> | [ rule = ] <string> | [ all ]\n [ [ level = ] (verbose | normal) ]\n [ [ format = ] (list | table) ]\n [ [ wide = ] (yes | no) ]\n\n Displays the details of a filter action\n\nParameters:\n\n Tag Value\n name | rule | all -Name of the filter action, rule name, or all .\n level -Verbose or normal.\n format -Output in screen or tab-delimited format\n wide -If set to no , the name and description are truncated\n to fit the screen width of 80 characters.\n\nRemarks: If 'all' is specified, all filter actions are displayed.\n\nExamples: 1. show filteraction FilterAction1\n - shows the details of the filter action named FilterAction1\n 2. show filteraction rule=Rule1\n - shows the filter action used by the rule named Rule1\n 3. show filteraction all\n - shows all filter actions\n\n 11553 \nUsage:\n rule [ name = ] <string> | [ id = ] <integer> ] | [ all ] | [default]\n [ policy = ] <string> \n [ [ type = ] (tunnel | tranport) ]\n [ [ level = ] (verbose | normal) ]\n [ [ format = ] (list | table) ]\n [ [ wide = ] (yes | no) ]\n\n Displays the details of rules for the policy.\n\nParameters:\n\n Tag Value\n name | id | all | default -Name of the rule, its id, all , or default .\n policy -Name of the policy.\n type -Rule type is transport or tunnel .\n level -Verbose or normal.\n format -Output in screen or tab-delimited format.\n wide -If set to no , the name and description are\n truncated to fit the screen width of 80\n characters.\n\nRemarks: 1. If all is specified, all rules are displayed.\n 2. If the type parameter is specified, 'all' needs to be specified.\n\nExamples: 1. show rule all type=transport policy=Policy1\n - shows all the transport rules of the policy named Policy1.\n 2. show rule id=1 policy=Policy1\n - shows the first rule of the policy.\n 3. show rule default policy=Policy1\n - shows the details of the default response rule of Policy1.\n\n 11555 \nUsage:\n all [ [ format = ] (list | table) ]\n [ [ wide = ] (yes | no) ]\n\n Displays all policies, filter lists, and filter actions.\n\nParameters:\n\n Tag Value\n format -Output in screen or tab-delimited format.\n wide -If set to no , the name and description are truncated\n to fit the screen width of 80 characters.\n\nRemarks:\n\nExamples: show all\n\n 11556 \nUsage:\n gpoassignedpolicy [name = ] <string>\n\n Displays the details of the active policy for the specified GPO.\n\nParameters:\n\n Tag Value\n Name -Local AD Group policy object name.\n\n\nRemarks: 1. if the current store is domain, the name parameter\n is required, otherwise it is not allowed\n\nExamples: 1. show gpoassignedpolicy name=GPO1\n - shows the assigned domain policy to GPO1.\n 2. show gpoassignedpolicy\n - shows currently assigned policy on this computer.\n\n 11557 \nUsage:\n store\n\nExamples: show store\n\n 12200 Adds policy, filter, and actions to SPD.\n 12210 Adds a quick mode policy to SPD.\n 12211 Adds a main mode policy to SPD.\n 12212 Adds a quick mode filter to SPD.\n 12213 Adds a main mode filter to SPD.\n 12215 Adds a rule and associated filters to SPD.\n 12250 \nUsage:\n qmpolicy [ name = ] <string>\n [ [ soft = ] (yes | no) ]\n [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]\n [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]\n\n Adds a quick mode policy to SPD.\n\nParameters:\n\n Tag Value\n name -Name of the quick mode policy.\n soft -Allow unsecured communication with non-IPsec-aware\n computers.\n This takes a value of either yes or no .\n pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).\n qmsecmethods -IPsec offer in one of the following formats:\n ESP[ConfAlg,AuthAlg]:k/s\n AH[HashAlg]:k/s\n AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s\n where ConfAlg can be DES or 3DES or None.\n where AuthAlg can be MD5 or SHA1 or None.\n where HashAlg is MD5 or SHA1.\n where k is lifetime in kilobytes.\n where s is lifetime in seconds.\n\nRemarks: The use of DES and MD5 is not recommended. These cryptographic\n algorithms are provided for backward compatibility only.\n\nExamples: add qmpolicy name=qmp\n qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"\n\n 12251 \nUsage:\n mmpolicy [ name = ] <string>\n [ [ qmpermm = ] <integer> ]\n [ [ mmlifetime = ] <integer> ]\n [ [ softsaexpirationtime = ] <integer> ]\n [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]\n\n Adds a main mode policy to SPD.\n\nParameters:\n\n Tag Value\n name -Name of the main mode policy.\n qmpermm -Number of quick mode sessions per main mode session\n of IKE.\n mmlifetime -Time in minutes to rekey for main mode of IKE.\n softsaexpirationtime -Time in minutes for an unprotected SA to expire.\n mmsecmethods -List of one or more space separated security\n methods in the form of ConfAlg-HashAlg-GroupNum.\n where ConfAlg can be DES or 3DES\n where HashAlg can be MD5 or SHA1\n GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).\n\nRemarks: The use of DES and MD5 is not recommended. These cryptographic\n algorithms are provided for backward compatibility only.\n\nExamples: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20\n mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"\n\n 12255 \nUsage:\n rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)\n [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)\n [ mmpolicy = ] <string>\n [ [ qmpolicy = ] <string> ]\n [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]\n [ [ srcport = ] <port> ]\n [ [ dstport = ] <port> ]\n [ [ mirrored = ] (yes | no) ]\n [ [ conntype = ] (lan | dialup | all) ]\n [ [ actioninbound = ] (permit | block | negotiate) ]\n [ [ actionoutbound = ] (permit | block | negotiate) ]\n [ [ srcmask = ] (mask | prefix) ]\n [ [ dstmask = ] (mask | prefix) ]\n [ [ tunneldstaddress = ] (ip | dns) ]\n [ [ kerberos = ] (yes | no) ]\n [ [ psk = ] <preshared key> ]\n [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ]\n\n Adds a Rule.\n\nParameters:\n\n Tag Value\n srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.\n dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.\n mmpolicy -Main mode policy\n qmpolicy -Quick mode policy\n protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.\n If you specify a port, acceptable value is TCP or UDP. \n srcport -Source port(0 means any port)\n dstport -Destination port(0 means any port)\n mirrored - Yes' creates two filters, one in each direction.\n conntype -Connection type\n actioninbound -Action for inbound packets\n actionoutbound -Action for outbound packets\n srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range \n dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range \n tunneldstaddress -Tunnel destination ip address or dns name.\n kerberos -Provides kerberos authentication if yes is specified.\n psk -Provides authentication using a specified preshared key.\n rootca -Provides authentication using a specified root certificate,\n attempts to map the cert if certmap:Yes is specified,\n excludes the CA name if excludecaname:Yes is specified.\n\nRemarks: 1. Port valid for TCP and UDP.\n 2. Server type can be WINS, DNS, DHCP or GATEWAY\n 3. Default for actioninbound and actionoutbound is negotiate .\n 4. For tunnel rules, mirrored must be set to 'no'.\n 5. Certificate, mapping, and CA name settings are all to be within\n quotes; embedded quotes are to be replaced with \'.\n 6. Certificate mapping is valid only for domain members.\n 7. Multiple certificates can be provided by using the rootca\n parameter multiple times.\n 8. The preference of each authentication method is determined by its\n order in the command.\n 9. If no auth methods are stated, dynamic defaults are used.\n 10. Excluding the root certification authority (CA) name prevents the\n name from being sent as part of the certificate request.\n 11. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n\nExample: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp\n qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255\n rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"\n rootca="C=US,O=MSFT,CN=\ Microsoft North, South, East, and West Root\n Authority\ certmap:yes excludecaname:no"\n 12300 Modifies policy, filter, and actions in SPD.\n 12310 Modifies a quick mode policy in SPD.\n 12311 Modifies a main mode policy in SPD.\n 12312 Modifies a quick mode filter in SPD.\n 12313 Modifies a main mode filter in SPD.\n 12319 Sets the IPsec configuration and boot time behavior.\n 12320 Modifies a rule and associated filters in SPD.\n 12350 \nUsage:\n qmpolicy [ name = ] <string>\n [ [ soft = ] (yes | no) ]\n [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]\n [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]\n\n Modifies a quick mode policy in SPD.\n\nParameters:\n\n Tag Value\n name -Name of the quick mode policy.\n soft -Allow unsecured communication with\n non-IPsec-aware computers.\n This takes a value of either 'yes' or 'no'.\n pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).\n qmsecmethods -IPsec offer in one of the following formats:\n ESP[ConfAlg,AuthAlg]:k/s\n AH[HashAlg]:k/s\n AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s\n where ConfAlg can be DES, or 3DES or None.\n where AuthAlg can be MD5, or SHA1 or None.\n where HashAlg is MD5 or SHA1.\n where k is lifetime in kilobytes.\n where s is lifetime in seconds.\n\nRemarks: The use of DES and MD5 is not recommended. These cryptographic\n algorithms are provided for backward compatibility only.\n\nExample: set qmpolicy name=qmp pfsg=grp3\n qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"\n\n 12351 \nUsage:\n mmpolicy [ name = ] <string>\n [ [ qmpermm = ] <integer> ]\n [ [ mmlifetime = ] <integer> ]\n [ [ softsaexpirationtime = ] <integer> ]\n [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]\n\n Modifies a main mode policy with the new parameters in SPD.\n\nParameters:\n\n Tag Value\n name -Name of the main mode policy.\n qmpermm -Number of quick mode sessions per main mode session\n of IKE.\n mmlifetime -Time in minutes to rekey for main mode of IKE.\n softsaexpirationtime -Time in minutes for an unprotected SA to expire.\n mmsecmethods -List of one or more space separated security\n methods in the form of ConfAlg-HashAlg-GroupNum,\n where ConfAlg can be DES or 3DES,\n HashAlg is MD5 or SHA1,\n GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).\n\nRemarks: The use of DES and MD5 is not recommended. These cryptographic\n algorithms are provided for backward compatibility only.\n\nExample: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3\n\n 12359 \nUsage:\n config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval | \n ikelogging | strongcrlcheck | bootmode | bootexemptions) ]\n [ value = ] <integer> | <bootmode> | <bootexemptions> ]\n\n Configures the parameters for IPsec.\n\nParameters:\n\n Tag Value\n property -Property name.\n value -Value that corresponds to the property.\n\nRemarks: 1. Valid values for the properties are:\n ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7\n ikelogging - 0, 1\n strongcrlcheck - 0, 1, 2\n ipsecloginterval - 60 to 86400 sec\n ipsecexempt - 0, 1, 2, 3\n bootmode - stateful, block, permit\n bootexemptions - none, "exemption#1 exemption#2 ... exemption#n"\n where the quoted string specifies a list of\n protocols and ports to always allow during\n boot mode in the following format:\n Protocol:SrcPort:DstPort:Direction\n where protocol is ICMP, TCP, UDP,\n RAW, or <integer>\n where direction is inbound or outbound\n 2. ipsecdiagnostics, ikelogging, ipsecloginterval, bootmode and \n bootexemptions options are provided for backward compatibility.\n Not valid for Windows Vista and later operating systems.\n 3. SrcPort and DstPort are only valid for TCP and UDP, with other\n protocols the format of the exemption is Protocol:Direction.\n 4. A port setting of 0 allows for traffic for any port.\n 5. ikelogging and strongcrlcheck are activated immediately;\n all other properties take effect on next boot.\n\nExamples: 1. set config property=ipsecdiagnostics value=0\n 2. set config property=bootmode value=stateful\n 3. set config property=bootexemptions value=none\n 4. set config property=bootexemptions\n value="ICMP:inbound TCP:80:80:outbound"\n\n 12360 \nUsage:\n rule [ srcaddr = ] (ip | dns | server)\n [ dstaddr = ] (ip | dns | server)\n [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>)\n [ srcport = ] <port>\n [ dstport = ] <port>\n [ mirrored = ] (yes | no)\n [ conntype = ] (lan | dialup | all)\n [ [ srcmask = ] (mask | prefix) ]\n [ [ dstmask = ] (mask | prefix) ]\n [ [ tunneldstaddress = ] (ip | dns) ]\n [ [ mmpolicy = ] <string> ]\n [ [ qmpolicy = ] <string> ]\n [ [ actioninbound = ] (permit | block | negotiate) ]\n [ [ actionoutbound = ] (permit | block | negotiate) ]\n [ [ kerberos = ] (yes | no) ]\n [ [ psk = ] <preshared key> ]\n [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ]\n\n Modifies a rule and associated filters in SPD.\n\nParameters:\n\n Tag Value\n srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.\n dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.\n protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.\n srcport -Source port (0 means any port)\n dstport -Destination port (0 means any port)\n mirrored -'Yes' creates two filters, one in each direction.\n conntype -Connection type\n srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range \n dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range \n tunneldstaddress -Tunnel destination ip address or dns name.\n mmpolicy -Main mode policy\n qmpolicy -Quick mode policy\n actioninbound -Action for inbound packets\n actionoutbound -Action for outbound packets\n kerberos -Provides kerberos authentication if yes is specified\n psk -Provides authentication using a specified preshared key\n rootca -Provides authentication using a specified root certificate,\n attempts to map the cert if certmap:Yes is specified,\n excludes the CA name if excludecaname:Yes is specified.\n\nRemarks: 1. Mmpolicy, qmpolicy, actioninbound, actionoutbound\n and authmethods can be set; other fields are identifiers.\n 2. Server type can be WINS, DNS, DHCP or GATEWAY\n 3. Certificate, mapping, and CA name settings are all to be within\n quotes; embedded quotes are to be replaced with \'.\n 4. Certificate mapping is valid only for domain members.\n 5. Multiple certificates can be provided by using the rootca\n parameter multiple times.\n 6. The preference of each authentication method is determined by\n its order in the command.\n 7. If no auth methods are stated, dynamic defaults are used.\n 8. All authentication methods are overwritten with the stated list.\n 9. Excluding the root certification authority (CA) name prevents\n the name from being sent as part of the certificate request.\n 10. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n\nExamples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32\n tunneldst=192.168.145.1\n proto=tcp srcport=80 dstport=80 mir=no con=lan\n qmp=qmp actionin=negotiate actionout=permit\n 2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215\n mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32\n rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"\n rootca="C=US,O=MSFT,CN=\ Microsoft North, South, East, and West\n Root Authority\ certmap:yes excludecaname:no"\n\n 12400 Deletes policy, filter, and actions from SPD.\n 12410 Deletes a quick mode policy from SPD.\n 12411 Deletes a main mode policy from SPD.\n 12414 Deletes a rule and associated filters from SPD.\n 12415 Deletes all policies, filters, and actions from SPD.\n 12450 \nUsage:\n qmpolicy [ name = ] <string> | [ all ]\n\n Deletes a quick mode policy from SPD.\n If 'all' is specified, all quick mode policies are deleted.\n\nParameters:\n\n Tag Value\n name -Name of the quick mode policy.\n\nRemarks: To delete a quick mode policy, any associated quick mode filters\n must first be deleted.\n\nExamples: delete qmpolicy name=qmp\n\n 12451 \nUsage:\n mmpolicy [ name = ] <string> | [ all ]\n\n Deletes a main mode policy from SPD.\n If 'all' is specified, all main mode policies are deleted.\n\nParameters:\n\n Tag Value\n name -Name of the main mode policy.\n\nRemarks: To delete a main mode policy, any associated main mode filters must\n first be deleted.\n\nExamples: delete mmpolicy name=mmp\n\n 12454 \nUsage:\n rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)\n [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)\n [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>)\n [ srcport = ] <port>\n [ dstport = ] <port>\n [ mirrored = ] (yes | no)\n [ conntype = ] (lan | dialup | all)\n [ [ srcmask = ] (mask | prefix) ]\n [ [ dstmask = ] (mask | prefix) ]\n [ [ tunneldstaddress = ] (ip | dns) ]\n\n Deletes a rule from SPD.\n\nParameters:\n\n Tag Value\n srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.\n dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.\n protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.\n srcport -Source port. A value of 0 means any port.\n dstport -Destination port. A value of 0 means any port.\n mirrored - Yes creates two filters, one in each direction.\n conntype -Connection type can be lan, dialup or all .\n srcmask -Source address mask or a prefix of 1 through 32.\n dstmask -Destination address mask or a prefix of 1 through 32.\n tunneldstaddress -Tunnel destination ip address or dns name.\n\nRemarks: 1. To specify the current computer address, set srcaddr/dstaddr=me\n To specify all computer addresses, set srcaddr/dstaddr=any\n 2. Server type can be WINS, DNS, DHCP or GATEWAY\n 3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n\nExamples: delete rule srca=192.168.145.110 dsta=192.168.145.215\n tunneldsta=192.168.145.1\n proto=tcp srcport=80 dstport=80 mirror=no conntype=lan\n\n 12455 \nUsage:\n all\n\n Deletes all policies, filters, and authentication methods from SPD.\n\nExample: delete all\n\n 12500 Displays policy, filter, and actions from SPD.\n 12510 Displays policies, filters, SAs, and statistics from SPD.\n 12511 Displays main mode policy details from SPD.\n 12512 Displays quick mode policy details from SPD.\n 12513 Displays main mode filter details from SPD.\n 12514 Displays quick mode filter details from SPD.\n 12515 Displays IPsec and IKE statistics from SPD.\n 12516 Displays main mode security associations from SPD.\n 12517 Displays quick mode security associations from SPD.\n 12518 Displays IPsec configuration.\n 12519 Displays rule details from SPD.\n 12550 \nUsage:\n all [ [ resolvedns = ] (yes | no) ]\n\n Displays details of all policies, filters, SAs, and statistics from SPD.\n\nParameters:\n\n Tag Value\n resolvedns -Value of 'yes' displays the resolved dns name.\n\nRemarks: Default value of resolvedns is no .\n\nExamples: show all yes\n - shows all information with dns resolution\n\n 12551 \nUsage:\n mmpolicy [ name = ] <string> | [ all ]\n\n Displays main mode policy details from SPD.\n\nParameters:\n\n Tag Value\n name -Name of the main mode policy.\n\nRemarks: If 'all' is specified, all main mode policies are displayed.\n\nExamples: 1. show mmpolicy name=mmp\n 2. show mmpolicy all\n\n 12552 \nUsage:\n qmpolicy [ name = ] <string> | [ all ]\n\n Displays quick mode policy details from SPD.\n\nParameters:\n\n Tag Value\n name -Name of the quick mode policy.\n\nRemarks: If 'all' is specified, all quick mode policies are displayed.\n\nExamples: 1. show qmpolicy name=qmp\n 2. show qmpolicy all\n\n 12553 \nUsage:\n mmfilter [ name = ] <string> | [ all ]\n [ [ type = ] (generic | specific) ]\n [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]\n [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]\n [ [ srcmask = ] (mask | prefix) ]\n [ [ dstmask = ] (mask | prefix) ]\n [ [ resolvedns = ] (yes | no) ]\n\n Displays main mode filter details from SPD.\n\nParameters:\n\n Tag Value\n name | all -Name of the main mode filter or all .\n type -Type of filter to display, either specific or generic.\n srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.\n dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.\n srcmask -Source address mask or a prefix of 1 through 32.\n dstmask -Destination address mask or a prefix of 1 through 32.\n resolvedns -Value of 'yes' displays the resolved dns name.\n\nRemarks: 1. Default for the type parameter is generic .\n 2. Server type can be WINS, DNS, DHCP or GATEWAY.\n 3. If 'all' is specified, all main mode filters are displayed.\n 4. If source address or destination address is specified,\n only filters associated with that address are displayed.\n 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n\nExamples: 1. show mmfilter name=mmf\n 2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112\n\n 12554 \nUsage:\n qmfilter [ name = ] <string> | [ all ]\n [ [ type = ] (generic | specific) ]\n [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]\n [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]\n [ [ srcmask = ] (mask | prefix) ]\n [ [ dstmask = ] (mask | prefix) ]\n [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]\n [ [ srcport = ] <port> ]\n [ [ dstport = ] <port> ]\n [ [ actioninbound = ] (permit | block | negotiate) ]\n [ [ actionoutbound = ] (permit | block | negotiate) ]\n [ [ resolvedns = ] (yes | no) ]\n\n Displays quick mode filter details from SPD.\n\nParameters:\n\n Tag Value\n name -Name of the quick mode filter.\n type -Type of filter to display, either specific or generic.\n srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.\n dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.\n srcmask -Source address mask or a prefix of 1 through 32.\n dstmask -Destination address mask or a prefix of 1 through 32.\n protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.\n srcport -Source port. A value of 0 means any port.\n dstport -Destination port. A value of 0 means any port.\n actioninbound -Action for inbound packets.\n actionoutbound -Action for outbound packets.\n resolvedns -Value of 'yes' displays the resolved dns name.\n\nRemarks: 1. If the type is not specified then both generic and\n specific filters are displayed.\n 2. Server type can be WINS, DNS, DHCP or GATEWAY.\n 3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n\nExamples: 1. show qmfilter name=qmf\n 2. show qmfilter all srcaddr=192.134.135.133 proto=TCP\n 3. If 'all' is specified, all quick mode filters are displayed.\n 4. If source or destination address name is specified,\n only filters associated with that address are displayed.\n\n 12555 \nUsage:\n stats [ [type =] (all | ike | ipsec) ]\n\n Displays details of IPsec and IKE statistics.\n\nParameters:\n\n Tag Value\n type -ipsec, ike, or all (which displays both ipsec and ike)\n\nRemarks:\n\nExamples: 1. show stats all\n 2. show stats type=ipsec\n\n 12556 \nUsage:\n mmsas [ [ all ] ]\n [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]\n [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]\n [ [ format = ] (list | table) ]\n [ [ resolvedns = ] (yes | no) ]\n\n Displays the main mode security associations for a specified address.\n\nParameters:\n\n Tag Value\n all -Display all main mode security associations.\n srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.\n dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.\n format -Output in screen or tab-delimited format.\n resolvedns -Value of 'yes' displays the resolved dns name.\n\nRemarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY.\n 2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\ \n\n\nExamples: 1. show mmsas \nall\n 2. show mmsas srca=192.168.145.110 dsta=192.168.145 \n.215\n\n 12557 \nUsage:\n qmsas [ [ all ] ]\n [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]\n [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]\n [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]\n [ [ format = ] (list | table) ]\n [ [ resolvedns = ] (yes | no) ]\n\n Displays the quick mode security associations for a specified address.\n\nParameters:\n\n Tag Value\n all -Displays all quick mode security associations.\n srcaddr -Source ip address(ipv4 or ipv6), address range, dns name, or server type.\n dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.\n protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. \n format -Output in screen or tab-delimited format.\n resolvedns -Value of 'yes' displays the resolved dns name.\n\nRemarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY.\n 2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n\nExamples: 1. show qmsas all\n 2. show qmsas srca=192.168.145.110 dsta=192.168.145.215\n\n 12558 \nUsage:\n config\n\n Displays current settings of IPsec configuration parameters.\n\nRemarks:\n\nExample: show config\n\n 12559 \nUsage:\n rule [ [ type = ] (transport | tunnel) ]\n [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]\n [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]\n [ [ srcmask = ] (mask | prefix) ]\n [ [ dstmask = ] (mask | prefix) ]\n [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]\n [ [ srcport = ] <port> ]\n [ [ dstport = ] <port> ]\n [ [ actioninbound = ] (permit | block | negotiate) ]\n [ [ actionoutbound = ] (permit | block | negotiate) ]\n [ [ resolvedns = ] (yes | no) ]\n\n Displays rule details from SPD.\n\nParameters:\n\n Tag Value\n type -Type of rule to display, either transport or tunnel.\n srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.\n dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.\n srcmask -Source address mask or a prefix of 1 through 32.\n dstmask -Destination address mask or a prefix of 1 through 32.\n protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.\n srcport -Source port. A value of 0 means any port.\n dstport -Destination port. A value of 0 means any port.\n actioninbound -Action for inbound packets.\n actionoutbound -Action for outbound packets.\n resolvedns -Value of 'yes' displays the resolved dns name.\n\nRemarks: 1. Default for the type parameter is transport .\n 2. Server type can be WINS, DNS, DHCP or GATEWAY.\n 3. If source or destination address name is specified,\n only rules associated with that address are displayed.\n 4. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n\nExamples: 1. show rule\n - shows both transport and tunnel rules\n 2. show rule type=transport srcaddr=192.134.135.133 proto=TCP\n\n 13001 \n\nNo. of policies : %1!d!\n 13002 Store : Local Store <%1!s!>\n 13003 Store : Local Store <%1!s!>\n 13006 Store : Domain Store <%1!s!>\n 13007 Store : Domain Store <%1!s!>\n 13008 Store : Local Store \n 13011 Store : Domain Store \n 13012 Remote Machine <%1!s!> 13013 Local Machine <%1!s!> 13014 Remote Domain <%1!s!> 13015 Local Domain <%1!s!> 13016 Local Machine 13017 Local Domain 13100 \n\nPolicy Name : %1!s!\n 13304 \n\nRule ID : %1!d!, GUID = %2!s! 13305 FilterList Name : %1!s!\n 13306 FilterList Name : NONE\n 13602 Policy Name : %1!s!\n 13603 Description : %1!s!\n 13604 Description : NONE\n 13605 Assigned : YES\n 13606 Assigned : NO\n 13607 Master PFS : YES\n 13608 Master PFS : NO\n 13609 Polling Interval : %1!d! minutes\n 13610 \n\nNo. of Rules : %1!d! \n 13611 \nRule Details\n 13612 ------------\n 13615 Assigned : YES but AD Policy Overrides\n 13700 \nRule Name : %1!s!\n 13701 \nRule Name : NONE\n 13705 Authentication Methods(%1!d!)\n 13708 Tunnel Dest IP Address : 13709 Connection Type : ALL\n 13710 Connection Type : LAN\n 13711 Connection Type : DIAL UP\n 13712 Connection Type : NONE\n 13713 \nFilterList Details\n 13714 ------------------\n 13715 \nNo FilterList exists in Default Response Rule\n\n 13716 FilterAction Details\n 13717 ---------------------\n 13734 \nNo of Transport rule(s): %1!d! 13735 \nNo of Tunnel rule(s) : %1!d! 13736 Activated : YES\n 13737 Activated : NO\n 13738 Activated : YES\nDefault response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.\n 13800 FilterAction Name : %1!s!\n 13801 FilterAction Name : NONE\n 13802 Action : PERMIT\n 13803 Action : BLOCK\n 13804 Action : NEGOTIATE SECURITY\n 13805 AllowUnsecure(Fallback): YES\n 13806 AllowUnsecure(Fallback): NO\n 13807 Inbound Passthrough : YES\n 13808 Inbound Passthrough : NO\n 13809 No. of Security.Methods: %1!d! 13812 AH ESP LIFE (Sec/kB) \n 13813 -- --- ------------- \n 13815 QMPFS : YES\n 13816 QMPFS : NO \n 14200 KERBEROS\n 14201 Root CA : %1!s!\n 14202 Preshared Key : %1!s!\n 14203 NONE\n 14300 \nFilterList Name : %1!s!\n 14301 \nFilterList Name : NONE\n 14302 No. of Filters : %1!d!\n 14304 Filter(s)\n 14305 ---------\n 14308 GUID : %1!s!\n 14309 Last Modified : %1!s!\n 14500 Source DNS Name : <My IP Address>\n 14501 Source DNS Name : %1!s!\n 14502 Source DNS Name : <Any IP Address>\n 14503 Source DNS Name : <A Specific IP Address>\n 14504 Source DNS Name : <A Specific IP Subnet>\n 14505 Source DNS Name : NONE\n 14506 Destination DNS Name : <My IP Address>\n 14507 Destination DNS Name : %1!s!\n 14508 Destination DNS Name : <Any IP Address>\n 14509 Destination DNS Name : <A Specific IP Address>\n 14510 Destination DNS Name : <A Specific IP Subnet>\n 14511 Destination DNS Name : NONE\n 14512 Mirrored : YES\n 14513 Mirrored : NO\n 14514 Source DNS Name : %1!s! resolves to 14515 Destination DNS Name : %1!s! resolves to 14516 Source DNS Name : < DNS SERVER > \n 14517 Source DNS Name : < WINS SERVER > \n 14518 Source DNS Name : < DHCP SERVER > \n 14519 Source DNS Name : < DEFAULT GATEWAY >\n 14520 Destination DNS Name : < DNS SERVER > \n 14521 Destination DNS Name : < WINS SERVER > \n 14522 Destination DNS Name : < DHCP SERVER > \n 14523 Destination DNS Name : < DEFAULT GATEWAY >\n 14526 %1!-15s! 14527 %1!s! 14528 %1!s!\n 14529 \n 14530 , 14531 ... 14532 , 14600 Source IP Address : <My IP Address> \n 14601 Source IP Address : <Any IP Address> \n 14602 Source IP Address : 14603 Source Mask : 14604 Destination IP Address : <My IP Address> \n 14605 Destination IP Address : <Any IP Address> \n 14606 Destination IP Address : 14607 Destination Mask : 14608 Source Port : %1!d!\n 14609 Source Port : ANY\n 14610 Destination Port : %1!d!\n 14611 Destination Port : ANY\n 14615 resolves to %1!s!\n 14616 <DNS Look up failed>\n 14617 Source IP Address : < DNS SERVER > \n 14618 Source IP Address : < WINS SERVER > \n 14619 Source IP Address : < DHCP SERVER > \n 14620 Source IP Address : < DEFAULT GATEWAY >\n 14621 Destination IP Address : < DNS SERVER > \n 14622 Destination IP Address : < WINS SERVER > \n 14623 Destination IP Address : < DHCP SERVER > \n 14624 Destination IP Address : < DEFAULT GATEWAY >\n 14625 Source Port Range : %1!d!-%2!d!\n 14626 Destination Port Range : %1!d!-%2!d!\n 14700 Protocol : ICMP\n 14701 Protocol : TCP\n 14703 Protocol : UDP\n 14708 Protocol : RAW\n 14709 Protocol : ANY\n 14710 Protocol : %1!d!\n 14802 Main Mode Security Method Order\n 14803 MainMode LifeTime : %1!d! minutes / %2!d! Quick Mode sessions\n 14804 Encryption Integrity DH Group\n 14805 ---------- --------- -------- 14900 \n DES 14901 \n 3DES 14902 SHA1 14903 MD5 14904 Low(1) 14905 Medium(2) 14906 2048 15001 \n\nSource Machine : Local Computer GPO for <%1!s!>\n 15002 \n\nSource Domain : %1!s!\n 15003 DC Name : %1!s!\n 15004 GPO Name : %1!s!\n 15005 Local IPsec Policy Name : %1!s!\n 15006 AD IPsec Policy Name : %1!s!\n 15007 GPO DN : %1!s!\n 15008 GPO OU Link : %1!s!\n 15009 AD Policy DN : %1!s!\n 15010 Local IPsec Policy Assigned: Yes, but AD Policy is Overriding\n 15011 Local IPsec Policy DN : %1!s!\n 15016 Local IPsec Policy Name : NONE\n 15017 AD IPsec Policy Name : NONE\n 15018 IPsec Policy Name : %1!s!\n 15019 IPsec Policy DN : %1!s!\n 15020 IPsec Policy Assigned : YES\n 15021 Exclude CA name : YES\n 15022 Exclude CA name : NO\n 15023 Certmapping enabled : YES\n 15024 Certmapping enabled : NO\n 16001 \n\nNo. of policies %1!d!\n 16002 \n\nNo. of policies : %1!d!\n 16003 Store Local Store <%1!s!>\n 16004 Store Local Store <%1!s!>\n 16007 Store Domain Store <%1!s!>\n 16008 Store Domain Store <%1!s!>\n 16010 Store Local Store\n 16011 Store Domain Store\n 16013 Cert To Account Mapping YES\n 16014 Cert To Account Mapping NO\n 16100 \n\nPolicy Name %1!s!\n 16101 \n\nRule Name %1!s!\n 16303 No Policy Name Specified\n 16304 \n\nRule ID %1!d!, GUID = %2!s!\n 16306 %1!-23s! 16602 Policy Name %1!s!\n 16603 Description %1!s!\n 16604 Description NONE\n 16605 Assigned YES\n 16606 Assigned NO\n 16607 Master PFS YES\n 16608 Master PFS NO\n 16609 Polling Interval %1!d! minutes\n 16610 \n\nNo. of Rules %1!d! \n 16611 \n Rule Details\n 16612 ------------\n 16613 Assigned YES but AD Policy Overrides\n 16614 \n\nPolicy Name Rules LastModified Assign\n 16615 %1!-32s! 16616 YES but AD Policy Overrides\n 16617 YES \n 16618 NO \n 16619 ---------- ----- ------------ ------\n 16620 Policy Name Rules LastModified\n 16621 ----------- ----- ------------\n 16700 Rule Name %1!s!\n 16701 Rule Name NONE\n 16703 Authentication Methods (%1!d!)\n 16705 \nEnabled FilterList FilterAction Authentication 16706 \n------- ---------- ------------ -------------- 16707 Tunnel Dest IP Address NONE\n 16708 Tunnel Dest IP Address 16709 Connection Type ALL\n 16710 Connection Type LAN\n 16711 Connection Type DIAL UP\n 16712 Connection Type UNKNOWN\n 16713 \nFilterList Details\n 16714 ------------------\n 16716 \nFilterAction Details\n 16717 --------------------\n 16718 Activated YES\n 16719 Activated NO\n 16720 Rule Name NONE\n 16721 \n YES 16722 \n NO 16724 NONE 16728 Kerb 16729 Cert 16730 Pre 16734 \nNo of Transport rule(s) %1!d! 16735 \n\nNo of Tunnel rule(s) %1!d! 16737 \nEnabled FilterList FilterAction TunnelEndPoint 16738 \n------- ---------- ------------ -------------- 16739 \n YES \nDefault response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.\n 16740 Activated YES\nDefault response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.\n 16800 FilterAction Name %1!s!\n 16801 FilterAction Name NONE\n 16802 Action PERMIT\n 16803 Action BLOCK\n 16804 Action NEGOTIATE SECURITY\n 16805 InBound PassThrough YES\n 16806 InBound PassThrough NO\n 16807 AllowUnSecure(Fallback) YES\n 16808 AllowUnSecure(Fallback) NO\n 16810 Security Methods \n 16812 AH ESP Seconds kBytes \n 16813 -- --- ------- ------ \n 16814 QMPFS YES\n 16815 QMPFS NO \n 16816 FilterAction Name Action Last Modified\n 16817 ----------------- ------ -------------\n 16818 %1!-38s! 16819 NONE 16820 PERMIT 16821 BLOCK 16822 NEGOTIATE 16823 NONE 16824 %1!-23s!\n 16825 %1!-23s! 17000 [MD5 ] 17001 [SHA1] 17002 [NONE] 17003 [NONE , NONE] 17007 [MD5 , 17008 [SHA1 , 17009 [NONE , 17010 DES ] 17011 3DES] 17012 NONE] 17100 %1!6u! %2!10u! \n 17200 KERBEROS\n 17201 ROOT CA %1!s!\n 17202 PRESHARED Key %1!s!\n 17203 NONE\n 17300 \nFilterList Name %1!s!\n 17301 \nFilterList Name NONE\n 17304 Filter(s)\n 17306 FilterList Name Filters Last Modified \n 17307 --------------- ------- ------------- \n 17308 GUID %1!s!\n 17309 Last Modified %1!s!\n 17310 No. of Filters %1!d!\n 17501 %1!-45s! 17505 NONE 17506 %1!s!\n 17508 %1!5d! 17510 NONE 17512 YES 17513 NO 17514 Mir Source SrcMask Destination DstMask Proto SrcPort DstPort\n 17515 --- ------------- ------------- ------------- ------------- ------- ------- -------\n 17600 < My IP Addr > 17601 < Any IP Addr > 17608 %1!3d! 17609 ANY 17610 %1!3d!\n 17611 ANY \n 17612 DNS SERVER 17613 WINS SERVER 17614 DHCP SERVER 17615 DEFAULT GATEWAY 17616 %1!3d!-%2!3d! 17617 %1!3d!-%2!3d!\n 17700 ICMP 17701 TCP 17703 UDP 17708 RAW 17709 ANY 17710 OTHER 17802 Main Mode Security Method Order\n 17803 MainMode LifeTime %1!d! minutes / %2!d! Quick mode sessions\n 17804 Encryption Integrity DH Group\n 17805 ---------- --------- -------- 17900 \n DES 17901 \n 3DES 17902 SHA1 17903 MD5 17904 Low(1) 17905 Medium(2) 17906 2048 18000 \n\nStand Alone FilterAction(s)\n 18001 ---------------------------\n 18004 \nNo. of Standalone FilterActions %1!d!\n\n 18100 \nStand Alone FilterList(s)\n 18101 -------------------------\n 18104 \nNo. of Standalone FilterLists %1!d!\n 18200 \nNo. of FilterLists %1!d!\n\n 18204 \nNo. of FilterLists : %1!d!\n\n 18300 \nNo. of FilterActions %1!d!\n\n 18304 \nNo. of FilterActions : %1!d!\n\n 18500 The policy '%1!s!' is ACTIVE. Still would you like to delete? (Y/N) \n 18503 Would you like to delete all the Filter List(s) and Filter Action(s) associated with the policy ? (Y/N) \n 18602 Delete all the Filter Lists from 18603 ? (Y/N)\n 18652 Delete all the Filter Actions from 18653 ? (Y/N)\n 18706 Would you like to delete both the Filter List and Filter Action associated with the rule(s)? (Y/N) \n 18750 Are you sure to delete all policies from 18751 ? (Y/N)\n 18780 \n\nFollowing policies/rule(s) are using it\n 18781 ---------------------------------------\n 18782 Rule Name : %1!s!\n 18783 Rule Name : NONE\n 18794 Life should be within %1!d! and %2!d! kBytes\n 18802 New Policy is created and updated successfully\n 18805 Creating new Policy with name '%1!s!'...\n 18806 Creating new Policy with name '%1!s!' and setting it to '%2!s!'...\n 18834 Life should be with in %1!d! and %2!d! kBytes\n 18840 Destination IP address has been taken as 'me'\n 18841 Source IP address has been taken as 'me'\n 18848 New Rule was created and updated successfully\n 18849 Creating new Rule with name '%1!s!' ...\n 18855 Creating new Rule with name '%1!s!' and setting it to '%2!s!' ...\n 18856 Server address types, address types ME or ANY, or address ranges cannot be specified for tunnel endpoint.\n 18861 Would you like to create a new policy? (Y/N) \n 18868 Certificate-to-account mapping can only be enabled on Active Directory domain members. The option will be ignored.\n 18869 Cert To Account Mapping: YES\n 18870 Cert To Account Mapping: NO\n 18871 If store is domain and assign is specified, GPO name is required\n 18872 If GPO name is specified, then you must be operating on a domain policy store.\n 18893 Would you like to create a new Rule? (Y/N) \n 19002 \nIKE MM Policy Name : %1!s! 19004 <My IP Address> 19005 <Any IP Address> 19006 %1!s! 19007 \n 19008 ICMP 19009 TCP 19010 UDP 19011 RAW 19012 ANY 19018 \nIKE Soft SA Lifetime : %1!u! secs 19019 WINS SERVER 19020 DHCP SERVER 19021 DNS SERVER 19022 DEFAULT GATEWAY 19023 [%1!S!] 19025 The 'Netsh ipsec' context is not compatible with the target machine.\n 19102 Mainmode Policies not available.\n 19104 Specified Mainmode Policy not available\n 19106 \nEncryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM 19107 \n---------- --------- ---- ------------------ --------------- 19120 NONE 19121 DES 19122 UNKNOWN 19123 3DES 19125 NONE 19126 MD5 19127 SHA1 19129 %1!-5lu! %2!lu!:%3!lu! %4!-10lu! 19130 %1!-5lu! %2!lu!:%3!lu! 1 (MMPFS) 19153 Quickmode Policies not available.\n 19155 Specified Quickmode Policy not available\n 19156 \nQM Negotiation Policy Name : %1!s! 19158 \n Security Methods Lifetime (Kb:secs) PFS DH Group 19159 \n------------------------- --------------------- ------------\n 19165 AH[MD5] 19166 AH[SHA1] 19167 AH[NONE] 19168 ESP[ DES, 19169 ESP[ ERR, 19170 ESP[3DES, 19171 ESP[NONE, 19172 MD5] 19173 SHA1] 19174 NONE] 19176 Low (1) 19177 <Unassigned> 19178 %1!10lu!:%2!-10lu! 19179 Main Mode Derived 19180 High (2048) 19181 AH[ERR] 19182 ERR] 19183 ERROR 19184 AH[MD5] 19185 AH[SHA1] 19186 AH[NONE] 19187 AH[ERR] 19188 MD5] 19189 SHA1] 19190 NONE] 19191 ERR] 19192 + 19193 Medium (2) 19198 \n\nFilter name : %1!s! 19200 Generic Mainmode Filters not available.\n 19201 Specific Mainmode Filters not available.\n 19202 Specified Mainmode Filter not available.\n 19203 \nMain Mode Filters: 19204 Generic 19205 \n------------------------------------------------------------------------------- 19206 Specific 19207 Outbound 19208 Inbound 19209 \nWeight : %1!d! 19210 \n\n%1!d! Generic Filter(s) 19211 \n\n%1!d! Specific Outbound Filter(s) 19212 \n\n%1!d! Specific Inbound Filter(s) 19219 ALL 19220 LAN 19221 DIALUP 19222 UNKNOWN 19229 Unknown 19236 \nConnection Type : 19237 \nAuthentication Methods : 19238 \n Preshared key 19240 \n Kerberos 19241 \nSecurity Methods : 19242 %1!d! 19243 (default) 19244 NONE/ 19245 DES/ 19246 UNKNOWN/ 19247 3DES/ 19248 NONE/ 19249 MD5/ 19250 SHA1/ 19251 DH%1!lu!/%2!lu!/QMlimit=%3!lu! 19252 \n 19265 Generic Quickmode Filters not available.\n 19266 Specific Quickmode Filters not available.\n 19267 Specified Quickmode Filter not available.\n 19268 \nQuick Mode Filters(Transport): 19269 \nTransport Rules 19270 \nTunnel Rules 19271 \nMM Filter Name : %1!s! 19272 \nQM Filter Name : %1!s! 19273 \nMain Mode Policy : %1!s! 19274 \n\n%1!d! Transport Filter(s)\n 19275 \n\n%1!d! Tunnel Filter(s)\n 19276 \n\nQuick Mode Filters(Tunnel): 19278 Rules not available.\n 19280 \nInbound Action : Passthru 19281 \nInbound Action : Negotiate 19282 \nInbound Action : Blocking 19283 \nInbound Action : Unknown 19284 \nOutbound Action : Passthru 19285 \nOutbound Action : Negotiate 19286 \nOutbound Action : Blocking 19287 \nOutbound Action : Unknown 19292 %1!-5lu! 19293 \nTunnel Source : 19294 \nTunnel Destination : 19295 Src Port: %1!-4lu! Dest Port: %2!-4lu! 19296 \nMirrored : yes 19297 \nMirrored : no 19298 \nQuick Mode Policy : %1!s! 19299 \nProtocol : 19300 \nIKE Statistics 19301 \n-------------- \n 19302 \nIKEStatistics not available.\n 19303 \nMain Modes : %1!S! 19304 \nQuick Modes : %1!S! 19305 \nSoft SAs : %1!S! 19306 \nAuthentication Failures : %1!S! 19307 \nActive Acquire : %1!S! 19308 \nActive Receive : %1!S! 19309 \nAcquire fail : %1!S! 19310 \nReceive fail : %1!S! 19311 \nSend fail : %1!S! 19312 \nAcquire Heap size : %1!S! 19313 \nReceive Heap size : %1!S! 19314 \nNegotiation Failures : %1!S! 19315 \nInvalid Cookies Rcvd : %1!S! 19316 \nTotal Acquire : %1!S! 19317 \nTotalGetSpi : %1!S! 19318 \nTotalKeyAdd : %1!S! 19319 \nTotalKeyUpdate : %1!S! 19320 \nGetSpiFail : %1!S! 19321 \nKeyAddFail : %1!S! 19322 \nKeyUpdateFail : %1!S! 19323 \nIsadbListSize : %1!S! 19324 \nConnListSize : %1!S! 19325 \nInvalid Packets Rcvd : %1!S!\n 19326 \n\nIPsec Statistics 19327 \n----------------\n 19328 \nIPsecStatistics not available.\n 19329 \nActive Assoc : %1!S! 19330 \nOffload SAs : %1!S! 19331 \nPending Key : %1!S! 19332 \nKey Adds : %1!S! 19333 \nKey Deletes : %1!S! 19334 \nReKeys : %1!S! 19335 \nActive Tunnels : %1!S! 19336 \nBad SPI Pkts : %1!S! 19337 \nPkts not Decrypted : %1!S! 19338 \nPkts not Authenticated : %1!S! 19339 \nPkts with Replay Detection : %1!S! 19340 \nConfidential Bytes Sent : %1!S! 19341 \nConfidential Bytes Received : %1!S! 19342 \nAuthenticated Bytes Sent : %1!S! 19343 \nAuthenticated Bytes Received: %1!S! 19344 \nTransport Bytes Sent : %1!S! 19345 \nTransport Bytes Received : %1!S! 19346 \nOffloaded Bytes Sent : %1!S! 19347 \nOffloaded Bytes Received : %1!S!\n 19348 \nBytes Sent In Tunnels : %1!S! 19349 \nBytes Received In Tunnels : %1!S! 19350 \nCookie Pair : 19351 %1!02x! 19352 \nSec Methods : 19353 NONE 19354 DES 19355 3DES 19356 UNKNOWN 19357 MD5 19358 SHA1 19359 /%1!d!/%2!d! 19360 \nAuth Mode : 19361 Preshared Key 19362 DSS Signature 19363 RSA Signature 19364 RSA Encryption 19365 Kerberos 19366 \nSource : 19367 , port %1!d! 19368 \nID : 19369 \nID : %1!s! 19370 \nDestination : 19371 \nDestination SecurityMethods 19372 \n Date/Time Created 19373 \n-------------------------------------------------------- ---------------------- 19374 [ID:%1!-35s!] 19375 \nDNS: %1!-51S! 19376 [ID:%1!-35s!] 19377 \nIssuing CA :%1!s! 19378 \nThumbprint : 19379 %1!02x! 19380 : 19381 / 19382 19383 \n Root CA : %1!s! 19384 %S 19385 ( 19386 )\n 19387 Root CA : %1!s! 19397 IPsec MainMode Security Associations not available.\n 19398 \nIKE Main Mode SAs at %1!s! 19400 Specified MainMode Security Associations not available.\n 19401 \n\nQuick Mode SAs 19402 \n--------------\n 19403 IPsec QuickMode Security Associations not available.\n 19404 Specified QuickMode Security Associations not available.\n 19410 \nTransport Filter\n 19411 \nTunnel Filter\n 19412 \nUnknown\n 19413 \nPolicy Name : %1!s! 19414 \nSource Address : 19415 \nDestination Address : 19416 \nProtocol : %1!lu! 19417 \nSource Port : %1!u! 19418 \nDestination Port : %1!u! 19419 \nDirection : Inbound 19420 \nDirection : Outbound 19421 \nDirection : Error 19422 \n\nOffer Used \n 19423 \nProtocol : ICMP 19424 \nProtocol : TCP 19425 \nProtocol : UDP 19426 \nProtocol : RAW 19427 \n AH(b/r) ESP Con(b/r) ESP Int PFS DH Group 19428 \n---------- ------------- ------- ------------ 19429 \nEncapsulation Type : IKE 19430 \nEncapsulation Type : Other 19431 \nSource UDP Encap port : %1!u! 19432 \nDest UDP Encap port : %1!u! 19433 \nPeer Private Addr : 19434 \nProtocol : ANY 19440 ( 19441 ) 19446 \nIPsec Configuration Parameters\n 19447 ------------------------------\n 19448 IPsecDiagnostics : %1!d![Not valid for Windows Vista and later operating systems]\n 19449 IKElogging : %1!d! [Not valid for Windows Vista and later operating systems]\n 19450 StrongCRLCheck : %1!d!\n 19451 IPsecloginterval : %1!d![Not valid for Windows Vista and later operating systems]\n 19452 NLBSFlags : %1!d![Not valid for Windows Vista and later operating systems]\n 19453 Flags : %1!d![Not valid for Windows Vista and later operating systems]\n 19454 IPsecexempt : %1!d!\n 19455 2048DHGroupId : %1!d![Not valid for Windows Vista and later operating systems]\n 19456 IPsec Diagnostic Level is out of range. Range is 0 - 7.\n 19457 IKE Logging is out of range. Range is 0 - 1.\n 19458 Strong CRL Check Level is out of range. Range is 0 - 2.\n 19459 IPsec Log Interval is out of range. Range is 60 - 86400.\n 19460 IPsec Exemption Level is out of range. Range is 0 - 3.\n 19461 (Some of the IPsec Configuration parameters are not set).\n 19462 Boot Mode : 19463 Stateful 19464 Block 19465 Permit 19466 UDP 19467 TCP 19468 ICMP 19469 RAW 19470 ANY 19471 %1!3d! 19472 %1!5d! 19473 Inbound 19474 Outbound 19476 No bootmode exemptions\n 19477 Boot Mode Exemptions : 19478 Protocol Src Port Dst Port Direction\n 19479 --------- --------- --------- ---------\n 19480 A maximum of 1024 exemptions are allowed.\n 19800 MD5(%1!02lu!/%2!-02lu!) None None 19801 SHA1(%1!02lu!/%2!-02lu!) None None 19802 None None None 19803 None DES (%1!02lu!/%2!-02lu!) 19804 None Unknown 19805 None 3DES(%1!02lu!/%2!-02lu!) 19806 None None 19807 MD5 19808 SHA1 19809 None 19810 None 19811 certmap 19812 excludecaname 19813 yes 19814 no 22001 ERR Win32[%1!05d!] : %2!s! 22002 ERR IPsec[%1!05d!] : 22003 : 22004 ERR Win32[%1!05d!] : Invalid Win32 Err Code\n 22010 One or more essential parameters not specified\n 22011 Arguments are not matching. Check help for the correct syntax\n 22012 No Policies in Policy Store\n 22013 Unable to open Policy Store\n 22014 No Filter Actions in Policy Store\n 22015 No Filter Lists in Policy Store\n 22016 Policy with name %1!s! not exists in Policy Store\n 22017 Internal Error, Invalid Switch Case.\n 22018 Invalid Parameter for the Argument '%1!s!'\n 22019 IP Address specified is invalid\n 22020 DNS lookup failed for the given dns name '%1!s!'\n 22021 '%1!s!' not a valid tag for this context\n 22022 '%1!s!' tag already present\n 22023 GPOname cannot be specified without argument 'assign = y/n'\n 22024 Tag 'Name' or 'GUID' needed for the given command\n 22025 '%1!s!' tag is needed\n 22026 '%1!s!' is not a valid argument for the tag '%2!s!'\n 22027 Prefix should be between 1 and 32 only\n 22028 '%1!s!' is not a valid Mask/Prefix \n 22029 The argument supplied is null\n 22030 The 'Seconds' LifeTime specified is out of limit. It should be in between '%1!d!' and '%2!d!' only\n 22031 The 'Kbytes' specified is out of limit. It should be in between '%1!d!' and '%2!d!' only \n 22032 The Rekey Unit (k/s) is invalid\n 22033 Invalid HASH algorithm specified\n 22034 Incomplete ESP specified\n 22035 Duplicate Algo's specified for '%1!s!'\n 22036 None and None not allowed\n 22037 Invalid IPsec protocol specified. It should be ESP or AH only\n 22038 Max Number of OFFERS[%1!d!] is crossed\n 22039 Invalid QM_OFFERS. Encryption+Encryption or Authentication+Authentication are not allowed\n 22040 Invalid Lifetime or Data specification for QMOffers.\n 22041 Invalid PFS Group specified for MMOFFER \n 22042 P1 Group missing\n 22043 Invalid MMOFFER is specified\n 22044 File name should contain .ipsec extension only\n 22045 '%1!s!' and ALL not allowed\n 22046 Preshared key not specified\n 22047 Invalid Authmethod is specified \n 22048 Invalid Certificate specified\n 22049 Multiple '%1!s!' parameters are specified. Only one is allowed.\n 22050 The Port specified is invalid.\n 22051 No of arguments are more,truncated\n 22052 Invalid QMOFFER specified\n 22053 Invalid Tunnel IP specified\n 22054 Protocol can't be specified without source and destination addresses\n 22055 Subnet mask specified is invalid\n 22056 Non-tagged arg can only be machine or domain\n 22057 ERR WIN32[00014] : There is not enough memory to complete this operation.\n 22058 The Port specified is invalid. It should be in less than '%1!d!' only\n 22100 Missing Policy Name\n 22101 Polling Interval should be within %1!d! and %2!d! minutes\n 22102 Quickmode limit should be within %1!d! and %2!d! sessions\n 22103 Lifetime should be within %1!d! and %2!d! minutes\n 22111 Policy with name '%1!s!' already exists\n 22112 Error while adding Default Response Rule\n 22113 Error while creating Policy with name '%1!s!'\n 22114 Error while creating policy with name '%1!s!' due to failure in loading default auth methods \n 22121 Missing FilterList Name\n 22122 FilterList with name '%1!s!' already exists\n 22123 Error while creating FilterList with name '%1!s!'\n 22124 Invalid GUID specified\n 22131 Error while creating the specified Filter\n 22141 FilterAction with name '%1!s!' already exists\n 22142 Error while creating FilterAction with name '%1!s!'\n 22143 Inpass, Qmpfs, Soft and Qmsec options are not valid for the Permit or Block type FilterAction. 'action = negotiate' needs to be specified\n 22144 Atleast One Quick mode Security method needs to be specified\n 22151 Missing Rule Name\n 22152 Missing FilterAction Name\n 22153 Policy with name '%1!s!' does not exist\n 22154 Rule with name '%1!s!' already exists in policy '%2!s!'\n 22155 FilterAction with name '%1!s!' does not exist\n 22156 No Filters in FilterList with name '%1!s!'\n 22157 Error while creating Rule with name '%1!s!'\n 22158 Missing Rule Name or Rule ID\n 22159 Policy with GUID %1!s! does not exist\n 22160 FilterAction with GUID %1!s! does not exist\n 22161 Error while creating Rule with name '%1!s!' due to failure in loading default auth methods\n 22165 Certificate decoding operation failed\n 22166 Policy with name '%1!s!' does not exist in current machine's domain\n 22167 Invalid Tunnel IP Address Specified\n 22168 FilterList with name '%1!s!' does not exist\n 22169 Servers cannot be specified for both source and destination sides\n 22170 FilterList with GUID %1!s! does not exist\n 22171 No Directory Service available\n 22172 GPO with name '%1!s!' does not exist in current machine's domain\n 22173 Error while assigning the Policy to the GPO with name '%1!s!' or specified GPO does not exist\n 22174 Error while updating the Policy with name '%1!s!'\n 22175 Error while updating the Policy with GUID %1!s!\n 22176 Error while unassigning the Policy from the GPO with name '%1!s!' or specified GPO does not exist\n 22181 Error while updating FilterList with name '%1!s!'\n 22182 Error while updating FilterList with GUID %1!s!\n 22191 Error while updating FilterAction with name '%1!s!'\n 22192 Error while updating FilterAction with GUID %1!s!\n 22201 Rule with name '%1!s!' does not exist in Policy '%2!s!'\n 22202 Error while updating rule with name '%1!s!'\n 22203 Default rule cannot be updated with this command. Use the 'set defaultrule' command\n 22204 Rule with ID %1!d! does not exist in Policy '%2!s!'\n 22205 Invalid Rule ID Specified\n 22211 Error while updating Default Rule of Policy with name '%1!s!'\n 22221 No file name specified\n 22222 Invalid File / Path name\n 22223 Error while importing policies\n 22231 Error while exporting policies\n 22235 Error while restoring default policies\n 22236 This command is only available for the local store\n 22237 Invalid Domain Name. Domain with name '%1!s!' does not exist\n 22238 Your machine is not a member of domain\n 22241 Error while deleting Policy with name '%1!s!'\n 22242 No Policy with name '%1!s!'\n 22251 FilterList with name '%1!s!' cannot be deleted 22252 Error while deleting FilterList with name '%1!s!' 22255 No FilterList with name '%1!s!'\n 22256 Filter with the specified spec does not exist in FilterList with name '%1!s!'\n 22261 Error while updating FilterList with name '%1!s!' after deletion of the specified filter\n 22265 FilterAction with name '%1!s!' cannot be deleted 22266 Error while deleting FilterAction with name '%1!s!' 22267 No FilterAction with name '%1!s!'\n 22271 Error while deleting Rule with name '%1!s!'\n 22272 Error while deleting Rule with ID %1!d!\n 22273 Default Response Rule cannot be deleted\n 22274 No Rule with name '%1!s!'\n 22275 No Rule with ID %1!d!\n 22276 No Policy name specified\n 22280 No policy with name '%1!s!'\n 22281 Error while extracting NegPol info of Policy with name '%1!s!'\n 22282 Error while extracting Filter info of Policy with name '%1!s!'\n 22283 Error while extracting ISAKMP info of Policy with name '%1!s!'\n 22285 No Rule with name '%1!s!'\n 22286 No Rule with ID %1!d!\n 22290 No currently assigned Policy\n 22295 No FilterList exists in Policy Store\n 22296 No FilterAction exists in Policy Store\n 22297 Either invalid GPO name or no currently assigned policy\n 22298 A name must be specified when using the domain store\n 22299 Invalid Source IP Address specified\n 22300 Invalid Source IP/Mask specified\n 22301 Address Conflict. Source and Destination cannot have same IP/DNS\n 22302 Invalid server specified\n 22303 Server needs to be specified\n 22304 Invalid destination IP Address specified\n 22305 Invalid destination mask specified\n 22306 Invalid Newname. Policy with name '%1!s!' already exists\n 22307 Invalid Newname. Rule with name '%1!s!' already exists\n 22308 Invalid Newname. Filterlist with name '%1!s!' already exists\n 22309 Invalid Newname. Filteraction with name '%1!s!' already exists\n 22310 If a type is specified, 'all' needs to be specified\n 22311 Internal error occurred during this operation\n 22312 No Tunnel type rules exist in policy '%1!s!'\n 22313 Updating default Filteraction is not allowed through this command. Use 'Set DefaultRule' command.\n 22314 Policy with name '%1!s!' has READONLY attribute. Updation denied\n 22315 Specified Rule has READONLY attribute. Updation denied\n 22316 Filteraction with name '%1!s!' has READONLY attribute. Updation denied\n 22317 FilterList with name '%1!s!' has READONLY attribute. Updation denied\n 22318 Policy with name '%1!s!' has READONLY attribute. Deletion denied\n 22319 Rule with name '%1!s!' has READONLY attribute. Deletion denied\n 22320 Filteraction with name '%1!s!' has READONLY attribute. Deletion denied\n 22321 FilterList with name '%1!s!' has READONLY attribute. Deletion denied\n 22322 No name can be specified when using the local store\n 22323 Default response rule is not supported on Windows Vista and later versions of Windows.\n 23001 QMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE.\n 23002 \nPort number valid for TCP or UDP protocols, continuing without PortNumber.\n 23003 Specified QMPolicy does not exist.\n 23004 Specified MainMode Policy does not exist.\n 23005 QMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE.\n 23006 Cannot have IPsec policy when neither ActionInbound or ActionOutbound are specified as NEGOTIATE.\n 23007 Mirror = Yes is not valid for Tunnel Rule.\n 23011 Specified MainMode Filter does not exist.\n 23012 Specified Transport Filter does not exist.\n 23013 Specified Tunnel Filter does not exist.\n 23014 MainMode Policies are not available.\n 23015 QuickMode Policies are not available.\n 23021 MainMode Policy with the given name already exists.\n 23031 QuickMode Policy with the given name already exists.\n 23041 Specified MainMode Policy does not exist.\n 23051 Specified QMPolicy does not exist.\n 23061 MainMode Filters do not exist.\n 23062 Specified MainMode Filter does not exist and Policy is not found.\n 23063 Specified MainMode Policy either does not exist or not associated with specified MainMode Filter.\n 23064 Specified MainMode Filter does not exist.\n 23071 QuickMode Filters do not exist.\n 23072 Specified QuickMode Filter does not exist and Policy is not found.\n 23073 Specified QuickMode Policy either does not exist or is not associated with QuickMode Filter.\n 23074 Specified QuickMode Filter does not exist.\n 23075 Authentication method(s) being used.\n 23076 %1!d! MMFilter object(s) could not be deleted.\n 23077 %1!d! Transport Filter object(s) could not be deleted.\n 23078 %1!d! Tunnel Filter object(s) could not be deleted.\n 23081 The IPsec Policy Agent service is not active.\n 23082 \nPolicy Agent service successfully started.\n 23090 \nWrong token from Parser, Should be either IPSEC, IKE or ALL. 23091 \nInvalid AddressType received from Parser.\n 23092 Source and Destination both cannot be Servers.\n 23093 Tunnel Source and Tunnel Destination both cannot be Servers.\n