Структура конфигурации

Ниже в таблице представлен состав структур данных с указанием их полей.

Используются следующие обозначения:

• линия напротив поля структуры указывает на описание структуры, используемой в качестве значения;

• ‘*>’ обозначает, что поле содержит список используемых структур;

• ‘**>’ обозначает, что поле содержит список списков используемых структур;

• жирным шрифтом выделены обязательные поля структуры.

Для упрощения простые типы (число, строка, IP-адрес и т.д.) опущены.

GlobalParameters	IKEParameters	LDAPSettings
Title	DefaultPort	Server
Version	SendRetries	Port
Type	RetryTimeBase	SearchBase
PreserveIPsecSA	RetryTimeMax	ConnectTimeout
AllowNestedIPsec	SessionTimeMax	ResponseTimeout
CRLHandlingMode	InitiatorSessionsMax	HoldConnectTimeout
FirewallLogPacketsThreshold	ResponderSessionsMax	DropConnectTimeout
FirewallLogTimeTHreshold	BlacklogSessionsMax
FirewallLogStatesMax	BlacklogSessionsMin
PersistentConnectionRetryDelay	BlacklogSilentSessions
	BlacklogRelaxTime	SNMPPollSettings
AAASettings	SALifetimeDelta	LocalIPAddress
RadiusServer	FragmentSize	Port
Secret	LocalPort	ReadCommunity
NonInteractiveUserPassword	NATTLocalPort	SysLocation
AccountingUpdateInterval	RemotePort	SysContact
NoProxyARP	NaTTRemotePort
ResponseTimeout
Retries
	SNMPTrapSettings
	Receivers---------------------------*>	TrapReceiver
RoutingTable		IPAddress
Routes------------------------------------------*>	Route	Port
	Destination	Community
FirewallParameters	Gateway	Version
TCPEstablishedTimeout	NetworkInterface	LocalIPAddress
TCPFinTimeout
TCPSynSentTimeout
TCPSynRcvdTimeout		AAARule
TCPClosedTimeout		ClientDialogType
TCPHalfOpenMax		ClientDialogMessage
TCPHalfOpenLow	RADIUSServer <---------------------+	ForcedUser
TCPSessionRateMax	IPAddress \|	ForcedPasswordId
TCPSessionRateLow	SecretId +--	AuthenticationServer
TCPSessionsMax	AuthenticationPort +--	AccountingServer
TCPStrictnessLevel	AccountingPort	AccountingUpdateInterval
	ResponseTimeout	NoProxyARP
	Retries	ClientDialogType
NetworkInterface +------------------>	FilterChain +---*>	Filter
LogicalName +	Filters------------------------+	ProtocolID
InputFilter-------------------+	StreamID	SourceIP ---------*> AddressPool
OutputFilter-----------------+		DestinationIP---+
InputClassification--------+		SourcePort
OutputClassification-----+	IPsecAction <*----------------------+	DestinationPort
IPsecPolicy-----------------+ +-----	---InputFilter +-	Action
+-----	---OutputFilter	ExtendedAction
FilterChain <---------------------------------+	NoPathMTUDiscovery	Log
	MTU	LogEventID
	NoReplayProtection	Label
TunnelEntry <*-------------------------------------	TunnelingParameters	PacketType
PeerAddress	ShuffleTunnelEntries	Schedule
LocalIPAddress	NoSmoothRekeying	V
DFHandling	NoDeadConnectionHistory	Schedule
ReRoute	GroupID	Periods----------------*>Period
TCPEncapsulation	CryptoContextsPerIPSecSA	Start
Assemble	ReverseRoute	End
	PersistentConnection	Action
	IKERule---------------------------->	IKERule
	AdminControlledConnection	IKEPeerIPFilter
{AH\|ESP}Proposal <**-----------------+---------	---ContainedProposals	IKELocalIPFilter
Transform-----------------------------\|-------+		DoNotUseCommitBit
{AHTC26\|ESPTC26}Proposal <*--+ +>	AHTransform	DoNotUseDPD
Transform-----------------------------------+	LifetimeSeconds	DPDIdleDuration
+	LifetimeKilobytes	DPDResponseDuration
ESPTransform <*----------------------------+	IntegrityAlg	DPDRetries
LifetimeSeconds \|		IKECFGRequestAddress
LifetimeKilobytes +-*>	AHTC26Transform	IKECFGDefaultAddress
IntegrityAlg \|	LifetimeSeconds +---------	IKECFGPool
CipherAlg \|	LifetimeKilobytes +	IKECFGBindToPeerAddress
\|	IntegrityAlg +	AggrModePriority
ESPTC26Transform <*-+------------------+	+ +------	MainModeAuthMethod
LifetimeSeconds	AddressPool <*-----------+ +------	AggrModeAuthMethod
LifetimeKilobytes	IPAddresses \|	Priority
CombinedAlg	NoProxyARP \|	XAuthServerEnabled
	DNSServers \|	AAA------------------------*>AAARule
	DNSSuffixes \|	Accounting
	\| +--	Transform
AuthMethod{DSS\|RSA\|GOST}Sign <*--------	-------------------+---------------+ \|
LocalID----------------------------------------+	\| +*>	IKETransform
RemoteID------------------------------------+	* \|	LifetimeSeconds
DoNotMapLocalIDToCert \|	V \|	LifetimeKilobytes
DoNotMapRemoteIDToCert \|	AuthMethodPreshared \|	LifetimeSessions
SendCertMode \|	SharedIKESecret \|	NoSmoothRekeying
SendRequestMode \|	LocalID \|	RestrictAuthenticationTo
LocalCredential-------------------+ \|	RemoteID \|	CipherAlg
RemoteCredential-------------*-+ \|	\| \|	HashAlg
AcceptCredentialFrom-------*-+ \|	V \|	GroupID
\| +--->	IdentityEntry \|
CertDescription <-------------------+-*-----------	DistinguishedName +*>	IKETC26Transform
FingerprintMD5	IPv4Address	LifetimeSeconds
FingerprintSHA1	KeyID	LifetimeKilobytes
SerialNumber	EMail	LifetimeSessions
Issuer	FQDN	NoSmoothRekeying
Subject		RestrictAuthenticationTo
AlternativeIssuer		CipherAlg
AlternativeSubject		HashAlg
		GroupID