Структура конфигурации

Ниже в таблице представлен состав структур данных с указанием их полей.

Используются следующие обозначения:

· линия напротив поля структуры указывает на описание структуры, используемой в качестве значения;

· ‘*>’ обозначает, что поле содержит список используемых структур;

· ‘**>’ обозначает, что поле содержит список списков используемых структур;

· жирным шрифтом выделены обязательные поля структуры.

Для упрощения простые типы (число, строка, IP-адрес и т.д.) опущены.

GlobalParameters	IKEParameters	LDAPSettings
Title	DefaultPort	Server
Version	SendRetries	Port
Type	RetryTimeBase	SearchBase
PreserveIPsecSA	RetryTimeMax	ConnectTimeout
AllowNestedIPsec	SessionTimeMax	ResponseTimeout
CRLHandlingMode	InitiatorSessionsMax	HoldConnectTimeout
FirewallLogPacketsThreshold	ResponderSessionsMax	DropConnectTimeout
FirewallLogTimeTHreshold	BlacklogSessionsMax
FirewallLogStatesMax	BlacklogSessionsMin
	BlacklogSilentSessions
	BlacklogRelaxTime	SNMPPollSettings
	SALifetimeDelta	LocalIPAddress
	FragmentSize	Port
	LocalPort	ReadCommunity
	NATTLocalPort	SysLocation
	RemotePort	SysContact
	NaTTRemotePort


	SNMPTrapSettings
	Receivers---------------------------*>	TrapReceiver
RoutingTable		IPAddress
Routes------------------------------------------*>	Route	Port
	Destination	Community
FirewallParameters	Gateway	Version
TCPEstablishedTimeout	NetworkInterface	LocalIPAddress
TCPFinTimeout
TCPSynSentTimeout
TCPSynRcvdTimeout		AAASettings
TCPClosedTimeout		RadiusServer
TCPHalfOpenMax		Secret
TCPHalfOpenLow		NonInteractivePassword
TCPSessionRateMax		AccountingUpdateInterval
TCPSessionRateLow		NoProxyARP
TCPSessionsMax		ResponseTimeout
TCPStrictnessLevel		Retries
NetworkInterface
LogicalName
InputFilter-------------------+------------------->	FilterChain
OutputFilter-----------------+	Filters-----------------------------*>	Filter
InputClassification--------+	StreamID	ProtocolID
OutputClassification-----+	+--	SourceIP
IPsecPolicy-----------------+	AddressPool <*-------------------+--	DestinationIP
		SourcePort
	IPsecAction <*-----------------------+	DestinationPort
FilterChain <---------------------------------+--	InputFilter \|	Action
+--	OutputFilter +	ExtendedAction
	NoPathMTUDiscovery	Log
	MTU	LogEventID
	NoReplayProtection	Label
TunnelEntry <*--------------------------------------	TunnelingParameters	PacketType
PeerAddress	ShuffleTunnelEntries	Schedule
LocalIPAddress	NoSmoothRekeying
DFHandling	NoDeadConnectionHistory	Schedule
ReRoute	GroupID	Periods--------*>Period
TCPEncapsulation	CryptoContextsPerIPSecSA	Start
Assemble	ReverseRoute	End
	IKERule -------------------+->	IKERule Action
{AH\|ESP}Proposal <**------------------+---------	ContainedProposals	IKEPeerIPFilter
Transform------------------------------\|----+		IKELocalIPFilter
{AHTC26\|ESPTC26}Proposal <*----+ +>	AHTransform	DoNotUseCommitBit
Transform--------------+ \|	LifetimeSeconds	DoNotUseDPD
\| \|	LifetimeKilobytes	DPDIdleDuration
ESPTransform <*---------\|-------------------+	IntegrityAlg	DPDResponseDuration
LifetimeSeconds \|		DPDRetries
LifetimeKilobytes +--------------------*>	AHTC26Transform +----------	IKECFGPool
IntegrityAlg \|	LifetimeSeconds \|	IKECFGBindToPeerAddress
CipherAlg \|	LifetimeKilobytes \|	AggrModePriority
\|	IntegrityAlg \| +------	MainModeAuthMethod
ESPTC26Transform <*-+	\| +------	AggrModeAuthMethod
LifetimeSeconds	AddressPool <*-----------+ \|	Priority
LifetimeKilobytes	IPAddresses \|	XAuthServerEnabled
CombinedAlg	NoProxyARP \|	AAAUserName
	DNSServers \|	Accounting
	DNSSuffixes \| +---	Transform
AuthMethod{DSS\|RSA\|GOST}Sign <*--------	-------------------+-----------------+ \|
LocalID-----+	\| +*>	IKETransform
RemoteID--+---> IdentityEntry	* \|	LifetimeSeconds
DoNotMapLocalIDToCert	V \|	LifetimeKilobytes
DoNotMapRemoteIDToCert	AuthMethodPreshared \|	LifetimeSessions
SendCertMode	SharedIKESecret \|	NoSmoothRekeying
SendRequestMode	LocalID \|	RestrictAuthenticationTo
LocalCredential-------------------+	RemoteID \|	CipherAlg
RemoteCredential-------------*-+	\| \|	HashAlg
AcceptCredentialFrom-------*-+	V \|	GroupID
\|	IdentityEntry \|
CertDescription <-------------------+-*---------	DistinguishedName +*>	IKETC26Transform
FingerprintMD5	IPv4Address	LifetimeSeconds
FingerprintSHA1	KeyID	LifetimeKilobytes
SerialNumber	EMail	LifetimeSessions
Issuer	FQDN	NoSmoothRekeying
Subject		RestrictAuthenticationTo
AlternativeIssuer		CipherAlg
AlternativeSubject		HashAlg
		GroupID