nshipsec.dll.mui Net Shell IP Security helper DLL 021aac2962f0040ba745e6c7467a9e21

File info

File name: nshipsec.dll.mui
Size: 188928 byte
MD5: 021aac2962f0040ba745e6c7467a9e21
SHA1: e83e3bd3edbbd41218c2aca0e8db0c3aac3c1657
SHA256: 814678e9ea5b91ac61ed11593b6c7d373999b0edd37c9bb84b8e7a82220d693a
Operating systems: Windows 10
Extension: MUI

Translations messages and strings

If an error occurred or the following message in English (U.S.) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id English (U.S.) English
11110Exports all the policies from the policy store.
Exports all the policies from the policy store.
11111Imports the policies from a file to the policy store.
Imports the policies from a file to the policy store.
11112Restores the default example policies.
Restores the default example policies.
11150
Usage:
exportpolicy [ file = ]

Exports all the policies to a file.

Parameters:

Tag Value
name -Name of the file into which the policies are exported.

Remarks: .ipsec extension is by default added to the filename.

Examples: exportpolicy Policy1


Usage:
exportpolicy [ file = ]

Exports all the policies to a file.

Parameters:

Tag Value
name -Name of the file into which the policies are exported.

Remarks: .ipsec extension is by default added to the filename.

Examples: exportpolicy Policy1

11151
Usage:
importpolicy [ file = ]

Imports policies from the specified file.

Parameters:

Tag Value
name -Name of the file from which the policies are imported.

Remarks:

Examples: importpolicy Policy1.ipsec


Usage:
importpolicy [ file = ]

Imports policies from the specified file.

Parameters:

Tag Value
name -Name of the file from which the policies are imported.

Remarks:

Examples: importpolicy Policy1.ipsec

11152
Usage:
restorepolicyexamples [release = ] (win2k | win2003)

Restores the default policies.

Parameters:

Tag Value
release -OS release type, for default policies examples.

Remarks: This command is only valid for the local computer policy store.

Examples: 1. restorepolicyexamples release=win2003
2. restorepolicyexamples release=win2k


Usage:
restorepolicyexamples [release = ] (win2k | win2003)

Restores the default policies.

Parameters:

Tag Value
release -OS release type, for default policies examples.

Remarks: This command is only valid for the local computer policy store.

Examples: 1. restorepolicyexamples release=win2003
2. restorepolicyexamples release=win2k

11200Creates new policies and related information.
Creates new policies and related information.
11210Creates a policy with a default response rule.
Creates a policy with a default response rule.
11211Creates an empty filter list.
Creates an empty filter list.
11212Creates a filter action.
Creates a filter action.
11213Creates a rule for the specified policy.
Creates a rule for the specified policy.
11214Adds a filter to filter list.
Adds a filter to filter list.
11250
Usage:
policy [ name = ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] (yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Creates a policy with the specified name.

Parameters:

Tag Value
name -Name of the policy.
description -Brief information about the policy.
mmpfs -Option to set master perfect forward secrecy.
qmpermm -Number of quick mode sessions per main mode
session of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
activatedefaultrule -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista.
pollinginterval -Polling Interval, time in minutes for policy agent
to check for changes in policy store.
assign -Assigns the policy as active or inactive.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum,
where ConfAlg can be DES or 3DES,
HashAlg is MD5 or SHA1.
GroupNum can be 1 (Low), 2 (Med), 3 (DH2048).

Remarks: 1. If mmpfs is specified, qmpermm is set to 1.
2. If the store is 'domain' then ‘assign’ will have no effect.
3. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add policy Policy1 mmpfs= yes assign=yes
mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"


Usage:
policy [ name = ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] (yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Creates a policy with the specified name.

Parameters:

Tag Value
name -Name of the policy.
description -Brief information about the policy.
mmpfs -Option to set master perfect forward secrecy.
qmpermm -Number of quick mode sessions per main mode
session of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
activatedefaultrule -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista.
pollinginterval -Polling Interval, time in minutes for policy agent
to check for changes in policy store.
assign -Assigns the policy as active or inactive.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum,
where ConfAlg can be DES or 3DES,
HashAlg is MD5 or SHA1.
GroupNum can be 1 (Low), 2 (Med), 3 (DH2048).

Remarks: 1. If mmpfs is specified, qmpermm is set to 1.
2. If the store is 'domain' then ‘assign’ will have no effect.
3. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add policy Policy1 mmpfs= yes assign=yes
mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"

11251
Usage:
filterlist [ name = ]
[ [ description = ] ]

Creates an empty filter list with the specified name.

Parameters:

Tag Value
name -Name of the filter list.
description -Brief information about the filter list.

Remarks:

Examples: add filterlist Filter1


Usage:
filterlist [ name = ]
[ [ description = ] ]

Creates an empty filter list with the specified name.

Parameters:

Tag Value
name -Name of the filter list.
description -Brief information about the filter list.

Remarks:

Examples: add filterlist Filter1

11252
Usage:
filteraction [ name = ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Creates a filter action.

Parameters:

Tag Value
name -Name of the filter action.
description -Brief information about the type of filter action.
qmpfs -Option to set quick mode perfect forward secrecy.
inpass -Accept unsecured communication, but always respond
using IPsec. This takes a value of either ‘yes’ or ‘no’.
soft -Allow unsecured communication with non-IPsec-aware
computers. This takes a value of either ‘yes’ or ‘no’.
action -This takes permit, block or negotiate.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is Lifetime in kilobytes.
where s is Lifetime in seconds.

Remarks: 1. Quick mode security methods are ignored if the action is not
‘negotiate’
2. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate
qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"


Usage:
filteraction [ name = ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Creates a filter action.

Parameters:

Tag Value
name -Name of the filter action.
description -Brief information about the type of filter action.
qmpfs -Option to set quick mode perfect forward secrecy.
inpass -Accept unsecured communication, but always respond
using IPsec. This takes a value of either ‘yes’ or ‘no’.
soft -Allow unsecured communication with non-IPsec-aware
computers. This takes a value of either ‘yes’ or ‘no’.
action -This takes permit, block or negotiate.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is Lifetime in kilobytes.
where s is Lifetime in seconds.

Remarks: 1. Quick mode security methods are ignored if the action is not
‘negotiate’
2. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate
qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"

11253
Usage:
rule [ name = ]
[ policy = ]
[ filterlist = ]
[ filteraction = ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ description = ] ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Creates a rule with the specified filter list and filter action.

Parameters:

Tag Value
name -Name of the rule.
policy -Name of the policy the rule belongs to.
filterlist -Name of the filter list to be used.
filteraction -Name of the filter action to be used.
tunnel -Tunnel end point IP address.
conntype -Connection type can be lan, dialup or ‘all’.
activate -Activates the rule in the policy if ‘yes’ is specified.
description -Brief information about the rule.
kerberos -Provides Kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
2. Certificate mapping is valid only for domain members.
3. Multiple certificates can be provided by using the rootca
parameter multiple times.
4. The preference of each authentication method is determined by
its order in the command.
5. If no auth methods are stated, dynamic defaults are used.
6. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.

Examples: add rule name=Rule policy=Policy filterlist=Filterlist
filteraction=FilterAction kerberos=yes psk="my key"
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"


Usage:
rule [ name = ]
[ policy = ]
[ filterlist = ]
[ filteraction = ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ description = ] ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Creates a rule with the specified filter list and filter action.

Parameters:

Tag Value
name -Name of the rule.
policy -Name of the policy the rule belongs to.
filterlist -Name of the filter list to be used.
filteraction -Name of the filter action to be used.
tunnel -Tunnel end point IP address.
conntype -Connection type can be lan, dialup or ‘all’.
activate -Activates the rule in the policy if ‘yes’ is specified.
description -Brief information about the rule.
kerberos -Provides Kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
2. Certificate mapping is valid only for domain members.
3. Multiple certificates can be provided by using the rootca
parameter multiple times.
4. The preference of each authentication method is determined by
its order in the command.
5. If no auth methods are stated, dynamic defaults are used.
6. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.

Examples: add rule name=Rule policy=Policy filterlist=Filterlist
filteraction=FilterAction kerberos=yes psk="my key"
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"

11254
Usage:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ description = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ mirrored = ] (yes | no) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]

Adds a filter to the specified filter list.

Parameters:

Tag Value
filterlist -Name of the filter list to which the filter is added.
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
description -Brief information about the filter.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
mirrored -‘Yes’ creates two filters, one in each direction.
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
srcport -Source port of the packet. A value of 0 means any port.
dstport -Destination port of the packet. A value of 0 means any port.

Remarks: 1. If the filter list does not exist it will be created.
2. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
3. Server type can be WINS, DNS, DHCP or GATEWAY.
4. If source is a server type, then dest is 'me' and vice-versa.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45
srcmask=24 dstmask=32
2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0
protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255
3. add filter filterlist=Filter1 srcaddr=me dstaddr=any
4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME
5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME


Usage:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ description = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ mirrored = ] (yes | no) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]

Adds a filter to the specified filter list.

Parameters:

Tag Value
filterlist -Name of the filter list to which the filter is added.
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
description -Brief information about the filter.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
mirrored -‘Yes’ creates two filters, one in each direction.
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
srcport -Source port of the packet. A value of 0 means any port.
dstport -Destination port of the packet. A value of 0 means any port.

Remarks: 1. If the filter list does not exist it will be created.
2. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
3. Server type can be WINS, DNS, DHCP or GATEWAY.
4. If source is a server type, then dest is 'me' and vice-versa.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45
srcmask=24 dstmask=32
2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0
protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255
3. add filter filterlist=Filter1 srcaddr=me dstaddr=any
4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME
5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME

11300Modifies existing policies and related information.
Modifies existing policies and related information.
11310Modifies a policy.
Modifies a policy.
11311Modifies a filter list.
Modifies a filter list.
11312Modifies a filter action.
Modifies a filter action.
11313Modifies a rule.
Modifies a rule.
11314Sets the current policy store.
Sets the current policy store.
11315Modifies the default response rule of a policy.
Modifies the default response rule of a policy.
11317Sets the batch update mode.
Sets the batch update mode.
11350
Usage:
policy [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] ( yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ gponame = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Modifies a policy.

Parameters:

Tag Value
name | guid -Name of the policy, or guid.
newname -New name.
description -Brief information.
mmpfs -Sets master perfect forward secrecy.
qmpermm -Number of quick modes per main mode.
mmlifetime -Time in minutes to rekey.
activatedefaultrule -Activates the default response rule. Valid only for versions of Windows prior to Windows Vista.
pollinginterval -Time in minutes to check for change in policy store.
assign -Assigns the policy.
gponame -Local AD group policy object name to which the policy
can be assigned. Valid when the store is domain.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum.

Remarks: 1. If mmpfs is specified, qmpermm is set to 1.
2. A GPO name can only be specified if the store is set to domain.
3. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y
2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=NewName gpo=DefaultDomainPolicy assign=y


Usage:
policy [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] ( yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ gponame = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Modifies a policy.

Parameters:

Tag Value
name | guid -Name of the policy, or guid.
newname -New name.
description -Brief information.
mmpfs -Sets master perfect forward secrecy.
qmpermm -Number of quick modes per main mode.
mmlifetime -Time in minutes to rekey.
activatedefaultrule -Activates the default response rule. Valid only for versions of Windows prior to Windows Vista.
pollinginterval -Time in minutes to check for change in policy store.
assign -Assigns the policy.
gponame -Local AD group policy object name to which the policy
can be assigned. Valid when the store is domain.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum.

Remarks: 1. If mmpfs is specified, qmpermm is set to 1.
2. A GPO name can only be specified if the store is set to domain.
3. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y
2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=NewName gpo=DefaultDomainPolicy assign=y

11351
Usage:
filterlist [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]

Modifies a filter list name and description.

Parameters:

Tag Value
name | guid -Name of the filter list or guid.
newname -New name of the filter list.
description -Brief information about the filter list.

Examples: 1. set filterlist Filter1 desc=NewFilter1
2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=FilterName


Usage:
filterlist [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]

Modifies a filter list name and description.

Parameters:

Tag Value
name | guid -Name of the filter list or guid.
newname -New name of the filter list.
description -Brief information about the filter list.

Examples: 1. set filterlist Filter1 desc=NewFilter1
2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=FilterName

11352
Usage:
filteraction [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Modifies a filter action.

Parameters:

Tag Value
name | guid -Name or guid of the filter action.
newname -New name of the filter action.
description -Brief information about the filter action.
qmpfs -Option to set quick mode perfect forward secrecy.
inpass -Accept unsecured communication, but always respond
using IPsec. This takes a value of either ‘yes’ or ‘no’.
soft -Allow unsecured communication with non-IPsec-aware computers.
This takes a value of either ‘yes’ or ‘no’.
action -This takes permit or block or negotiate.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples:1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s
2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
inpass=y


Usage:
filteraction [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Modifies a filter action.

Parameters:

Tag Value
name | guid -Name or guid of the filter action.
newname -New name of the filter action.
description -Brief information about the filter action.
qmpfs -Option to set quick mode perfect forward secrecy.
inpass -Accept unsecured communication, but always respond
using IPsec. This takes a value of either ‘yes’ or ‘no’.
soft -Allow unsecured communication with non-IPsec-aware computers.
This takes a value of either ‘yes’ or ‘no’.
action -This takes permit or block or negotiate.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples:1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s
2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
inpass=y

11353
Usage:
rule [ name = ] | [id= ]
[ policy = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ filterlist = ] ]
[ [ filteraction = ] ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies a rule in a policy.

Parameters:

Tag Value
name | id -Name or ID of the rule.
policy -Name of the policy, the rule belongs to.
newname -New name of the rule.
description -Brief information about the rule.
filterlist -Name of the filter list to be used.
filteraction -Name of the filter action to be used.
tunnel -Tunnel ip address or dns name.
conntype -Connection type can be ‘lan’, ‘dialup’ or ‘all’.
activate -Activates the rule in the policy if ‘yes’ is specified.
kerberos -Provides Kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
2. Certificate mapping is valid only for domain members.
3. Multiple certificates can be provided by using the rootca
parameter multiple times.
4. The preference of each authentication method is determined by
its order in the command.
5. If no auth methods are stated, dynamic defaults are used.
6. All authentication methods are overwritten with the stated list.
7. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.

Examples: 1. set rule name=Rule policy=Policy activate=yes
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"
2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156


Usage:
rule [ name = ] | [id= ]
[ policy = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ filterlist = ] ]
[ [ filteraction = ] ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies a rule in a policy.

Parameters:

Tag Value
name | id -Name or ID of the rule.
policy -Name of the policy, the rule belongs to.
newname -New name of the rule.
description -Brief information about the rule.
filterlist -Name of the filter list to be used.
filteraction -Name of the filter action to be used.
tunnel -Tunnel ip address or dns name.
conntype -Connection type can be ‘lan’, ‘dialup’ or ‘all’.
activate -Activates the rule in the policy if ‘yes’ is specified.
kerberos -Provides Kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
2. Certificate mapping is valid only for domain members.
3. Multiple certificates can be provided by using the rootca
parameter multiple times.
4. The preference of each authentication method is determined by
its order in the command.
5. If no auth methods are stated, dynamic defaults are used.
6. All authentication methods are overwritten with the stated list.
7. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.

Examples: 1. set rule name=Rule policy=Policy activate=yes
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"
2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156

11354
Usage:
store [location = ] (local | domain)
[ [ domain = ] ]

Sets the current IPsec policy storage location.

Parameters:

Tag Value
location Location of the IPsec policy store.
domain Domain name (only applies to the domain location).

Remarks: 1. The local store contains IPsec policies that can be assigned to
secure this computer. If a domain policy is available, the
domain policy is applied instead of the local policy.
2. The domain store contains IPsec policies that can be assigned to
secure groups of computers in a domain.
3. Use the 'set machine' command to configure a remote computer.
4. The default store is Local. Changes to the store setting persist
only as long as the current Netsh session. If you need to run
multiple commands in the same store from a batch file, use the
‘Netsh Exec’ when executing your batch file.
5. Persistent store and persistent policy is not supported.


Examples: 1. set store location=
local
- uses the local store of the current computer
.
2. set store location=domain domain=example.microsoft.
com
- uses the domain policy store for example.microsoft.com
.


Usage:
store [location = ] (local | domain)
[ [ domain = ] ]

Sets the current IPsec policy storage location.

Parameters:

Tag Value
location Location of the IPsec policy store.
domain Domain name (only applies to the domain location).

Remarks: 1. The local store contains IPsec policies that can be assigned to
secure this computer. If a domain policy is available, the
domain policy is applied instead of the local policy.
2. The domain store contains IPsec policies that can be assigned to
secure groups of computers in a domain.
3. Use the 'set machine' command to configure a remote computer.
4. The default store is Local. Changes to the store setting persist
only as long as the current Netsh session. If you need to run
multiple commands in the same store from a batch file, use the
‘Netsh Exec’ when executing your batch file.
5. Persistent store and persistent policy is not supported.


Examples: 1. set store location=
local
- uses the local store of the current computer
.
2. set store location=domain domain=example.microsoft.
com
- uses the domain policy store for example.microsoft.com
.

11355
Usage:
defaultrule [ policy = ]
[ [ qmpfs = ] (yes | no) ]
[ [ activate = ] (yes | no) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies the default response rule of the specified policy.
This rule will be ignored on Windows Vista and later versions of Windows


Parameters:

Tag
Value
policy -Name of the policy for which the default response rule
is
to be modified
.
qmpfs -Option to set quick mode perfect forward secrecy
.
activate -Activates the rule in the policy if ‘yes’ is specified
.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/
s
AH[HashAlg]:k/
s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/
s
where ConfAlg can be DES, or 3DES or None
.
where AuthAlg can be MD5, or SHA1 or None
.
where HashAlg is MD5 or SHA1
.
where k is lifetime in kilobytes
.
where s is lifetime in seconds
.
kerberos -Provides Kerberos authentication if ‘yes’ is specified
.
psk -Provides authentication using a specified preshared key
.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified
.

Remarks: 1. Certificate, mapping, and CA name settings are all to be
within
quotes; embedded quotes are to be replaced with \'
.
2. Certificate mapping is valid only for domain members
.
3. Multiple certificates can be provided by using the
rootca
parameter multiple times
.
4. The preference of each authentication method is determined
by
its order in the command
.
5. If no auth methods are stated, dynamic defaults are used
.
6. The use of DES and MD5 is not recommended. These
cryptographic
algorithms are provided for backward compatibility only
.

Examples: set defaultrule Policy1 activate=
y
qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"


Usage:
defaultrule [ policy = ]
[ [ qmpfs = ] (yes | no) ]
[ [ activate = ] (yes | no) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies the default response rule of the specified policy.
This rule will be ignored on Windows Vista and later versions of Windows


Parameters:

Tag
Value
policy -Name of the policy for which the default response rule
is
to be modified
.
qmpfs -Option to set quick mode perfect forward secrecy
.
activate -Activates the rule in the policy if ‘yes’ is specified
.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/
s
AH[HashAlg]:k/
s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/
s
where ConfAlg can be DES, or 3DES or None
.
where AuthAlg can be MD5, or SHA1 or None
.
where HashAlg is MD5 or SHA1
.
where k is lifetime in kilobytes
.
where s is lifetime in seconds
.
kerberos -Provides Kerberos authentication if ‘yes’ is specified
.
psk -Provides authentication using a specified preshared key
.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified
.

Remarks: 1. Certificate, mapping, and CA name settings are all to be
within
quotes; embedded quotes are to be replaced with \'
.
2. Certificate mapping is valid only for domain members
.
3. Multiple certificates can be provided by using the
rootca
parameter multiple times
.
4. The preference of each authentication method is determined
by
its order in the command
.
5. If no auth methods are stated, dynamic defaults are used
.
6. The use of DES and MD5 is not recommended. These
cryptographic
algorithms are provided for backward compatibility only
.

Examples: set defaultrule Policy1 activate=
y
qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"

11357
Usage:
set batch [mode = ] (enable | disable)

Sets the batch update mode.

Parameters:

mode - The mode for batch updates.



Usage:
set batch [mode = ] (enable | disable)

Sets the batch update mode.

Parameters:

mode - The mode for batch updates.


11400Deletes policies and related information.
Deletes policies and related information.
11410Deletes a policy and its rules.
Deletes a policy and its rules.
11411Deletes a filter list.
Deletes a filter list.
11412Deletes a filter action.
Deletes a filter action.
11413Deletes a rule from a policy.
Deletes a rule from a policy.
11414Deletes a filter from a filter list.
Deletes a filter from a filter list.
11415Deletes all policies, filter lists, and filter actions.
Deletes all policies, filter lists, and filter actions.
11450
Usage:
policy [ name = ] | [ all ]

Deletes the policy and all its associated rules.

Parameters:

Tag Value
name | all -Name of the policy or ‘all’.

Remarks: If 'all' is specified, all policies are deleted.

Examples: 1. delete policy all
- deletes all policies.
2. delete policy name=Policy1
- deletes the policy named Policy1.


Usage:
policy [ name = ] | [ all ]

Deletes the policy and all its associated rules.

Parameters:

Tag Value
name | all -Name of the policy or ‘all’.

Remarks: If 'all' is specified, all policies are deleted.

Examples: 1. delete policy all
- deletes all policies.
2. delete policy name=Policy1
- deletes the policy named Policy1.

11451
Usage:
filterlist [name = ] | [ all ]

Deletes the filter list and all of its associated filters.

Parameters:

Tag Value
name | all -Name of the filter list or ‘all’.

Remarks: If 'all' is specified, all filter lists are deleted.

Examples: delete filterlist all


Usage:
filterlist [name = ] | [ all ]

Deletes the filter list and all of its associated filters.

Parameters:

Tag Value
name | all -Name of the filter list or ‘all’.

Remarks: If 'all' is specified, all filter lists are deleted.

Examples: delete filterlist all

11452
Usage:
filteraction [ name = ] | [ all ]

Deletes a filter action.

Parameters:

Tag Value
name | all -Name of the filter action or ‘all’.

Remarks: If 'all' is specified, all filter actions are deleted.

Examples: 1. delete filteraction FilterA
2. delete filteraction all


Usage:
filteraction [ name = ] | [ all ]

Deletes a filter action.

Parameters:

Tag Value
name | all -Name of the filter action or ‘all’.

Remarks: If 'all' is specified, all filter actions are deleted.

Examples: 1. delete filteraction FilterA
2. delete filteraction all

11453
Usage:
rule [ name = ] | [ id = ] | [ all ]
[ policy = ]

Deletes a rule from a policy.

Parameters:

Tag Value
name | id | all -Name of the rule, ID of the rule, or ‘all’
policy -Name of the policy.

Remarks: 1. If 'all' is specified, deletes all rules from the policy except
the default response rule.
2. The default response rule cannot be deleted.
3. The IDs will change with every delete.

Examples: 1. delete rule id=1 Policy1
-deletes the rule with id=1 from Policy1.
2. delete rule all Policy1
-deletes all the rules from Policy1.


Usage:
rule [ name = ] | [ id = ] | [ all ]
[ policy = ]

Deletes a rule from a policy.

Parameters:

Tag Value
name | id | all -Name of the rule, ID of the rule, or ‘all’
policy -Name of the policy.

Remarks: 1. If 'all' is specified, deletes all rules from the policy except
the default response rule.
2. The default response rule cannot be deleted.
3. The IDs will change with every delete.

Examples: 1. delete rule id=1 Policy1
-deletes the rule with id=1 from Policy1.
2. delete rule all Policy1
-deletes all the rules from Policy1.

11454
Usage:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]

Deletes a filter from a filter list

Parameters:

Tag Value
filterlist -Name of the filter list to which the filter was added.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
srcport -Source port of the packet. A value of 0 means any port
dstport -Destination port of the packet. A value of 0 means any port.
mirrored -‘Yes’ creates two filters, one in each direction.

Remarks: 1. Deletes the exact match filter from the filter list.
2. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
3. Server type can be WINS, DNS, DHCP or GATEWAY.
4. If source is a server, then dest is set to 'me' and vice-versa.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. delete filter FilterList1 src=fum.com dst=fum.com
2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP
3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP
4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME


Usage:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]

Deletes a filter from a filter list

Parameters:

Tag Value
filterlist -Name of the filter list to which the filter was added.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
srcport -Source port of the packet. A value of 0 means any port
dstport -Destination port of the packet. A value of 0 means any port.
mirrored -‘Yes’ creates two filters, one in each direction.

Remarks: 1. Deletes the exact match filter from the filter list.
2. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
3. Server type can be WINS, DNS, DHCP or GATEWAY.
4. If source is a server, then dest is set to 'me' and vice-versa.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. delete filter FilterList1 src=fum.com dst=fum.com
2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP
3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP
4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME

11455
Usage:
all

Deletes all policies, filter lists, and filter actions.

Parameters:

Remarks:

Examples: delete all


Usage:
all

Deletes all policies, filter lists, and filter actions.

Parameters:

Remarks:

Examples: delete all

11500Displays details of policies and related information.
Displays details of policies and related information.
11510Displays policy details.
Displays policy details.
11511Displays filter list details.
Displays filter list details.
11512Displays filter action details.
Displays filter action details.
11513Displays rule details.
Displays rule details.
11515Displays details of all policies and related information.
Displays details of all policies and related information.
11516Displays details of a group assigned policy.
Displays details of a group assigned policy.
11517Displays the current policy store.
Displays the current policy store.
11550
Usage:
policy [ name = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of a policy

Parameters:

Tag Value
name | all -Name of the policy or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all policy details are displayed.

Examples: show policy Policy1 wide=yes format=table


Usage:
policy [ name = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of a policy

Parameters:

Tag Value
name | all -Name of the policy or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all policy details are displayed.

Examples: show policy Policy1 wide=yes format=table

11551
Usage:
filterlist [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]
[ [ wide = ] (yes | no) ]

Displays the details of a filter list

Parameters:

Tag Value
name | rule | all -Name of the filter list, rule name, or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
resolvedns -Value of ‘yes’ will force the verbose output to show
the current dns mapping for ip addresses and dns
names that are stored in the filter fields.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all filter lists are displayed.

Examples: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes


Usage:
filterlist [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]
[ [ wide = ] (yes | no) ]

Displays the details of a filter list

Parameters:

Tag Value
name | rule | all -Name of the filter list, rule name, or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
resolvedns -Value of ‘yes’ will force the verbose output to show
the current dns mapping for ip addresses and dns
names that are stored in the filter fields.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all filter lists are displayed.

Examples: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes

11552
Usage:
filteraction [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of a filter action

Parameters:

Tag Value
name | rule | all -Name of the filter action, rule name, or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all filter actions are displayed.

Examples: 1. show filteraction FilterAction1
- shows the details of the filter action named FilterAction1
2. show filteraction rule=Rule1
- shows the filter action used by the rule named Rule1
3. show filteraction all
- shows all filter actions


Usage:
filteraction [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of a filter action

Parameters:

Tag Value
name | rule | all -Name of the filter action, rule name, or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all filter actions are displayed.

Examples: 1. show filteraction FilterAction1
- shows the details of the filter action named FilterAction1
2. show filteraction rule=Rule1
- shows the filter action used by the rule named Rule1
3. show filteraction all
- shows all filter actions

11553
Usage:
rule [ name = ] | [ id = ] ] | [ all ] | [default]
[ policy = ]
[ [ type = ] (tunnel | tranport) ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of rules for the policy.

Parameters:

Tag Value
name | id | all | default -Name of the rule, its id, ‘all’, or ‘default’.
policy -Name of the policy.
type -Rule type is ‘transport’ or ‘tunnel’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are
truncated to fit the screen width of 80
characters.

Remarks: 1. If ‘all’ is specified, all rules are displayed.
2. If the type parameter is specified, 'all' needs to be specified.

Examples: 1. show rule all type=transport policy=Policy1
- shows all the transport rules of the policy named Policy1.
2. show rule id=1 policy=Policy1
- shows the first rule of the policy.
3. show rule default policy=Policy1
- shows the details of the default response rule of Policy1.


Usage:
rule [ name = ] | [ id = ] ] | [ all ] | [default]
[ policy = ]
[ [ type = ] (tunnel | tranport) ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of rules for the policy.

Parameters:

Tag Value
name | id | all | default -Name of the rule, its id, ‘all’, or ‘default’.
policy -Name of the policy.
type -Rule type is ‘transport’ or ‘tunnel’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are
truncated to fit the screen width of 80
characters.

Remarks: 1. If ‘all’ is specified, all rules are displayed.
2. If the type parameter is specified, 'all' needs to be specified.

Examples: 1. show rule all type=transport policy=Policy1
- shows all the transport rules of the policy named Policy1.
2. show rule id=1 policy=Policy1
- shows the first rule of the policy.
3. show rule default policy=Policy1
- shows the details of the default response rule of Policy1.

11555
Usage:
all [ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays all policies, filter lists, and filter actions.

Parameters:

Tag Value
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks:

Examples: show all


Usage:
all [ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays all policies, filter lists, and filter actions.

Parameters:

Tag Value
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks:

Examples: show all

11556
Usage:
gpoassignedpolicy [name = ]

Displays the details of the active policy for the specified GPO.

Parameters:

Tag Value
Name -Local AD Group policy object name.


Remarks: 1. if the current store is domain, the name parameter
is required, otherwise it is not allowed

Examples: 1. show gpoassignedpolicy name=GPO1
- shows the assigned domain policy to GPO1.
2. show gpoassignedpolicy
- shows currently assigned policy on this computer.


Usage:
gpoassignedpolicy [name = ]

Displays the details of the active policy for the specified GPO.

Parameters:

Tag Value
Name -Local AD Group policy object name.


Remarks: 1. if the current store is domain, the name parameter
is required, otherwise it is not allowed

Examples: 1. show gpoassignedpolicy name=GPO1
- shows the assigned domain policy to GPO1.
2. show gpoassignedpolicy
- shows currently assigned policy on this computer.

11557
Usage:
store

Examples: show store


Usage:
store

Examples: show store

12200Adds policy, filter, and actions to SPD.
Adds policy, filter, and actions to SPD.
12210Adds a quick mode policy to SPD.
Adds a quick mode policy to SPD.
12211Adds a main mode policy to SPD.
Adds a main mode policy to SPD.
12212Adds a quick mode filter to SPD.
Adds a quick mode filter to SPD.
12213Adds a main mode filter to SPD.
Adds a main mode filter to SPD.
12215Adds a rule and associated filters to SPD.
Adds a rule and associated filters to SPD.
12250
Usage:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Adds a quick mode policy to SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.
soft -Allow unsecured communication with non-IPsec-aware
computers.
This takes a value of either ‘yes’ or ‘no’.
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add qmpolicy name=qmp
qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"


Usage:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Adds a quick mode policy to SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.
soft -Allow unsecured communication with non-IPsec-aware
computers.
This takes a value of either ‘yes’ or ‘no’.
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add qmpolicy name=qmp
qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"

12251
Usage:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Adds a main mode policy to SPD.

Parameters:

Tag Value
name -Name of the main mode policy.
qmpermm -Number of quick mode sessions per main mode session
of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
softsaexpirationtime -Time in minutes for an unprotected SA to expire.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum.
where ConfAlg can be DES or 3DES
where HashAlg can be MD5 or SHA1
GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20
mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"


Usage:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Adds a main mode policy to SPD.

Parameters:

Tag Value
name -Name of the main mode policy.
qmpermm -Number of quick mode sessions per main mode session
of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
softsaexpirationtime -Time in minutes for an unprotected SA to expire.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum.
where ConfAlg can be DES or 3DES
where HashAlg can be MD5 or SHA1
GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20
mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"

12255
Usage:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ mmpolicy = ]
[ [ qmpolicy = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Adds a Rule.

Parameters:

Tag Value
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
mmpolicy -Main mode policy
qmpolicy -Quick mode policy
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
If you specify a port, acceptable value is TCP or UDP.
srcport -Source port(0 means any port)
dstport -Destination port(0 means any port)
mirrored -‘Yes' creates two filters, one in each direction.
conntype -Connection type
actioninbound -Action for inbound packets
actionoutbound -Action for outbound packets
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
tunneldstaddress -Tunnel destination ip address or dns name.
kerberos -Provides kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Port valid for TCP and UDP.
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. Default for actioninbound and actionoutbound is ‘negotiate’.
4. For tunnel rules, mirrored must be set to 'no'.
5. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
6. Certificate mapping is valid only for domain members.
7. Multiple certificates can be provided by using the rootca
parameter multiple times.
8. The preference of each authentication method is determined by its
order in the command.
9. If no auth methods are stated, dynamic defaults are used.
10. Excluding the root certification authority (CA) name prevents the
name from being sent as part of the certificate request.
11. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Example: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp
qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"

Usage:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ mmpolicy = ]
[ [ qmpolicy = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Adds a Rule.

Parameters:

Tag Value
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
mmpolicy -Main mode policy
qmpolicy -Quick mode policy
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
If you specify a port, acceptable value is TCP or UDP.
srcport -Source port(0 means any port)
dstport -Destination port(0 means any port)
mirrored -‘Yes' creates two filters, one in each direction.
conntype -Connection type
actioninbound -Action for inbound packets
actionoutbound -Action for outbound packets
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
tunneldstaddress -Tunnel destination ip address or dns name.
kerberos -Provides kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Port valid for TCP and UDP.
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. Default for actioninbound and actionoutbound is ‘negotiate’.
4. For tunnel rules, mirrored must be set to 'no'.
5. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
6. Certificate mapping is valid only for domain members.
7. Multiple certificates can be provided by using the rootca
parameter multiple times.
8. The preference of each authentication method is determined by its
order in the command.
9. If no auth methods are stated, dynamic defaults are used.
10. Excluding the root certification authority (CA) name prevents the
name from being sent as part of the certificate request.
11. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Example: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp
qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"
12300Modifies policy, filter, and actions in SPD.
Modifies policy, filter, and actions in SPD.
12310Modifies a quick mode policy in SPD.
Modifies a quick mode policy in SPD.
12311Modifies a main mode policy in SPD.
Modifies a main mode policy in SPD.
12312Modifies a quick mode filter in SPD.
Modifies a quick mode filter in SPD.
12313Modifies a main mode filter in SPD.
Modifies a main mode filter in SPD.
12319Sets the IPsec configuration and boot time behavior.
Sets the IPsec configuration and boot time behavior.
12320Modifies a rule and associated filters in SPD.
Modifies a rule and associated filters in SPD.
12350
Usage:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Modifies a quick mode policy in SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.
soft -Allow unsecured communication with
non-IPsec-aware computers.
This takes a value of either 'yes' or 'no'.
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES, or 3DES or None.
where AuthAlg can be MD5, or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Example: set qmpolicy name=qmp pfsg=grp3
qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"


Usage:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Modifies a quick mode policy in SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.
soft -Allow unsecured communication with
non-IPsec-aware computers.
This takes a value of either 'yes' or 'no'.
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES, or 3DES or None.
where AuthAlg can be MD5, or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Example: set qmpolicy name=qmp pfsg=grp3
qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"

12351
Usage:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Modifies a main mode policy with the new parameters in SPD.

Parameters:

Tag Value
name -Name of the main mode policy.
qmpermm -Number of quick mode sessions per main mode session
of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
softsaexpirationtime -Time in minutes for an unprotected SA to expire.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum,
where ConfAlg can be DES or 3DES,
HashAlg is MD5 or SHA1,
GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Example: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3


Usage:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Modifies a main mode policy with the new parameters in SPD.

Parameters:

Tag Value
name -Name of the main mode policy.
qmpermm -Number of quick mode sessions per main mode session
of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
softsaexpirationtime -Time in minutes for an unprotected SA to expire.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum,
where ConfAlg can be DES or 3DES,
HashAlg is MD5 or SHA1,
GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Example: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3

12359
Usage:
config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval |
ikelogging | strongcrlcheck | bootmode | bootexemptions) ]
[ value = ] | | ]

Configures the parameters for IPsec.

Parameters:

Tag Value
property -Property name.
value -Value that corresponds to the property.

Remarks: 1. Valid values for the properties are:
ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7
ikelogging - 0, 1
strongcrlcheck - 0, 1, 2
ipsecloginterval - 60 to 86400 sec
ipsecexempt - 0, 1, 2, 3
bootmode - stateful, block, permit
bootexemptions - none, "exemption#1 exemption#2 ... exemption#n"
where the quoted string specifies a list of
protocols and ports to always allow during
boot mode in the following format:
Protocol:SrcPort:DstPort:Direction
where protocol is ICMP, TCP, UDP,
RAW, or
where direction is inbound or outbound
2. ipsecdiagnostics, ikelogging, ipsecloginterval, bootmode and
bootexemptions options are provided for backward compatibility.
Not valid for Windows Vista and later operating systems.
3. SrcPort and DstPort are only valid for TCP and UDP, with other
protocols the format of the exemption is Protocol:Direction.
4. A port setting of 0 allows for traffic for any port.
5. ikelogging and strongcrlcheck are activated immediately;
all other properties take effect on next boot.

Examples: 1. set config property=ipsecdiagnostics value=0
2. set config property=bootmode value=stateful
3. set config property=bootexemptions value=none
4. set config property=bootexemptions
value="ICMP:inbound TCP:80:80:outbound"


Usage:
config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval |
ikelogging | strongcrlcheck | bootmode | bootexemptions) ]
[ value = ] | | ]

Configures the parameters for IPsec.

Parameters:

Tag Value
property -Property name.
value -Value that corresponds to the property.

Remarks: 1. Valid values for the properties are:
ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7
ikelogging - 0, 1
strongcrlcheck - 0, 1, 2
ipsecloginterval - 60 to 86400 sec
ipsecexempt - 0, 1, 2, 3
bootmode - stateful, block, permit
bootexemptions - none, "exemption#1 exemption#2 ... exemption#n"
where the quoted string specifies a list of
protocols and ports to always allow during
boot mode in the following format:
Protocol:SrcPort:DstPort:Direction
where protocol is ICMP, TCP, UDP,
RAW, or
where direction is inbound or outbound
2. ipsecdiagnostics, ikelogging, ipsecloginterval, bootmode and
bootexemptions options are provided for backward compatibility.
Not valid for Windows Vista and later operating systems.
3. SrcPort and DstPort are only valid for TCP and UDP, with other
protocols the format of the exemption is Protocol:Direction.
4. A port setting of 0 allows for traffic for any port.
5. ikelogging and strongcrlcheck are activated immediately;
all other properties take effect on next boot.

Examples: 1. set config property=ipsecdiagnostics value=0
2. set config property=bootmode value=stateful
3. set config property=bootexemptions value=none
4. set config property=bootexemptions
value="ICMP:inbound TCP:80:80:outbound"

12360
Usage:
rule [ srcaddr = ] (ip | dns | server)
[ dstaddr = ] (ip | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ mmpolicy = ] ]
[ [ qmpolicy = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies a rule and associated filters in SPD.

Parameters:

Tag Value
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port (0 means any port)
dstport -Destination port (0 means any port)
mirrored -'Yes' creates two filters, one in each direction.
conntype -Connection type
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
tunneldstaddress -Tunnel destination ip address or dns name.
mmpolicy -Main mode policy
qmpolicy -Quick mode policy
actioninbound -Action for inbound packets
actionoutbound -Action for outbound packets
kerberos -Provides kerberos authentication if ‘yes’ is specified
psk -Provides authentication using a specified preshared key
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Mmpolicy, qmpolicy, actioninbound, actionoutbound
and authmethods can be set; other fields are identifiers.
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
4. Certificate mapping is valid only for domain members.
5. Multiple certificates can be provided by using the rootca
parameter multiple times.
6. The preference of each authentication method is determined by
its order in the command.
7. If no auth methods are stated, dynamic defaults are used.
8. All authentication methods are overwritten with the stated list.
9. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.
10. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32
tunneldst=192.168.145.1
proto=tcp srcport=80 dstport=80 mir=no con=lan
qmp=qmp actionin=negotiate actionout=permit
2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215
mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"


Usage:
rule [ srcaddr = ] (ip | dns | server)
[ dstaddr = ] (ip | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ mmpolicy = ] ]
[ [ qmpolicy = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies a rule and associated filters in SPD.

Parameters:

Tag Value
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port (0 means any port)
dstport -Destination port (0 means any port)
mirrored -'Yes' creates two filters, one in each direction.
conntype -Connection type
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
tunneldstaddress -Tunnel destination ip address or dns name.
mmpolicy -Main mode policy
qmpolicy -Quick mode policy
actioninbound -Action for inbound packets
actionoutbound -Action for outbound packets
kerberos -Provides kerberos authentication if ‘yes’ is specified
psk -Provides authentication using a specified preshared key
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Mmpolicy, qmpolicy, actioninbound, actionoutbound
and authmethods can be set; other fields are identifiers.
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
4. Certificate mapping is valid only for domain members.
5. Multiple certificates can be provided by using the rootca
parameter multiple times.
6. The preference of each authentication method is determined by
its order in the command.
7. If no auth methods are stated, dynamic defaults are used.
8. All authentication methods are overwritten with the stated list.
9. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.
10. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32
tunneldst=192.168.145.1
proto=tcp srcport=80 dstport=80 mir=no con=lan
qmp=qmp actionin=negotiate actionout=permit
2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215
mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"

12400Deletes policy, filter, and actions from SPD.
Deletes policy, filter, and actions from SPD.
12410Deletes a quick mode policy from SPD.
Deletes a quick mode policy from SPD.
12411Deletes a main mode policy from SPD.
Deletes a main mode policy from SPD.
12414Deletes a rule and associated filters from SPD.
Deletes a rule and associated filters from SPD.
12415Deletes all policies, filters, and actions from SPD.
Deletes all policies, filters, and actions from SPD.
12450
Usage:
qmpolicy [ name = ] | [ all ]

Deletes a quick mode policy from SPD.
If 'all' is specified, all quick mode policies are deleted.

Parameters:

Tag Value
name -Name of the quick mode policy.

Remarks: To delete a quick mode policy, any associated quick mode filters
must first be deleted.

Examples: delete qmpolicy name=qmp


Usage:
qmpolicy [ name = ] | [ all ]

Deletes a quick mode policy from SPD.
If 'all' is specified, all quick mode policies are deleted.

Parameters:

Tag Value
name -Name of the quick mode policy.

Remarks: To delete a quick mode policy, any associated quick mode filters
must first be deleted.

Examples: delete qmpolicy name=qmp

12451
Usage:
mmpolicy [ name = ] | [ all ]

Deletes a main mode policy from SPD.
If 'all' is specified, all main mode policies are deleted.

Parameters:

Tag Value
name -Name of the main mode policy.

Remarks: To delete a main mode policy, any associated main mode filters must
first be deleted.

Examples: delete mmpolicy name=mmp


Usage:
mmpolicy [ name = ] | [ all ]

Deletes a main mode policy from SPD.
If 'all' is specified, all main mode policies are deleted.

Parameters:

Tag Value
name -Name of the main mode policy.

Remarks: To delete a main mode policy, any associated main mode filters must
first be deleted.

Examples: delete mmpolicy name=mmp

12454
Usage:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]

Deletes a rule from SPD.

Parameters:

Tag Value
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
mirrored -‘Yes’ creates two filters, one in each direction.
conntype -Connection type can be lan, dialup or ‘all’.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
tunneldstaddress -Tunnel destination ip address or dns name.

Remarks: 1. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: delete rule srca=192.168.145.110 dsta=192.168.145.215
tunneldsta=192.168.145.1
proto=tcp srcport=80 dstport=80 mirror=no conntype=lan


Usage:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]

Deletes a rule from SPD.

Parameters:

Tag Value
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
mirrored -‘Yes’ creates two filters, one in each direction.
conntype -Connection type can be lan, dialup or ‘all’.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
tunneldstaddress -Tunnel destination ip address or dns name.

Remarks: 1. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: delete rule srca=192.168.145.110 dsta=192.168.145.215
tunneldsta=192.168.145.1
proto=tcp srcport=80 dstport=80 mirror=no conntype=lan

12455
Usage:
all

Deletes all policies, filters, and authentication methods from SPD.

Example: delete all


Usage:
all

Deletes all policies, filters, and authentication methods from SPD.

Example: delete all

12500Displays policy, filter, and actions from SPD.
Displays policy, filter, and actions from SPD.
12510Displays policies, filters, SAs, and statistics from SPD.
Displays policies, filters, SAs, and statistics from SPD.
12511Displays main mode policy details from SPD.
Displays main mode policy details from SPD.
12512Displays quick mode policy details from SPD.
Displays quick mode policy details from SPD.
12513Displays main mode filter details from SPD.
Displays main mode filter details from SPD.
12514Displays quick mode filter details from SPD.
Displays quick mode filter details from SPD.
12515Displays IPsec and IKE statistics from SPD.
Displays IPsec and IKE statistics from SPD.
12516Displays main mode security associations from SPD.
Displays main mode security associations from SPD.
12517Displays quick mode security associations from SPD.
Displays quick mode security associations from SPD.
12518Displays IPsec configuration.
Displays IPsec configuration.
12519Displays rule details from SPD.
Displays rule details from SPD.
12550
Usage:
all [ [ resolvedns = ] (yes | no) ]

Displays details of all policies, filters, SAs, and statistics from SPD.

Parameters:

Tag Value
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: Default value of resolvedns is ‘no’.

Examples: show all yes
- shows all information with dns resolution


Usage:
all [ [ resolvedns = ] (yes | no) ]

Displays details of all policies, filters, SAs, and statistics from SPD.

Parameters:

Tag Value
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: Default value of resolvedns is ‘no’.

Examples: show all yes
- shows all information with dns resolution

12551
Usage:
mmpolicy [ name = ] | [ all ]

Displays main mode policy details from SPD.

Parameters:

Tag Value
name -Name of the main mode policy.

Remarks: If 'all' is specified, all main mode policies are displayed.

Examples: 1. show mmpolicy name=mmp
2. show mmpolicy all


Usage:
mmpolicy [ name = ] | [ all ]

Displays main mode policy details from SPD.

Parameters:

Tag Value
name -Name of the main mode policy.

Remarks: If 'all' is specified, all main mode policies are displayed.

Examples: 1. show mmpolicy name=mmp
2. show mmpolicy all

12552
Usage:
qmpolicy [ name = ] | [ all ]

Displays quick mode policy details from SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.

Remarks: If 'all' is specified, all quick mode policies are displayed.

Examples: 1. show qmpolicy name=qmp
2. show qmpolicy all


Usage:
qmpolicy [ name = ] | [ all ]

Displays quick mode policy details from SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.

Remarks: If 'all' is specified, all quick mode policies are displayed.

Examples: 1. show qmpolicy name=qmp
2. show qmpolicy all

12553
Usage:
mmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ resolvedns = ] (yes | no) ]

Displays main mode filter details from SPD.

Parameters:

Tag Value
name | all -Name of the main mode filter or ‘all’.
type -Type of filter to display, either specific or generic.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Default for the type parameter is ‘generic’.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If 'all' is specified, all main mode filters are displayed.
4. If source address or destination address is specified,
only filters associated with that address are displayed.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show mmfilter name=mmf
2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112


Usage:
mmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ resolvedns = ] (yes | no) ]

Displays main mode filter details from SPD.

Parameters:

Tag Value
name | all -Name of the main mode filter or ‘all’.
type -Type of filter to display, either specific or generic.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Default for the type parameter is ‘generic’.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If 'all' is specified, all main mode filters are displayed.
4. If source address or destination address is specified,
only filters associated with that address are displayed.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show mmfilter name=mmf
2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112

12554
Usage:
qmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

Displays quick mode filter details from SPD.

Parameters:

Tag Value
name -Name of the quick mode filter.
type -Type of filter to display, either specific or generic.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
actioninbound -Action for inbound packets.
actionoutbound -Action for outbound packets.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. If the type is not specified then both ‘generic’ and
‘specific’ filters are displayed.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show qmfilter name=qmf
2. show qmfilter all srcaddr=192.134.135.133 proto=TCP
3. If 'all' is specified, all quick mode filters are displayed.
4. If source or destination address name is specified,
only filters associated with that address are displayed.


Usage:
qmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

Displays quick mode filter details from SPD.

Parameters:

Tag Value
name -Name of the quick mode filter.
type -Type of filter to display, either specific or generic.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
actioninbound -Action for inbound packets.
actionoutbound -Action for outbound packets.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. If the type is not specified then both ‘generic’ and
‘specific’ filters are displayed.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show qmfilter name=qmf
2. show qmfilter all srcaddr=192.134.135.133 proto=TCP
3. If 'all' is specified, all quick mode filters are displayed.
4. If source or destination address name is specified,
only filters associated with that address are displayed.

12555
Usage:
stats [ [type =] (all | ike | ipsec) ]

Displays details of IPsec and IKE statistics.

Parameters:

Tag Value
type -ipsec, ike, or all (which displays both ipsec and ike)

Remarks:

Examples: 1. show stats all
2. show stats type=ipsec


Usage:
stats [ [type =] (all | ike | ipsec) ]

Displays details of IPsec and IKE statistics.

Parameters:

Tag Value
type -ipsec, ike, or all (which displays both ipsec and ike)

Remarks:

Examples: 1. show stats all
2. show stats type=ipsec

12556
Usage:
mmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

Displays the main mode security associations for a specified address.

Parameters:

Tag Value
all -Display all main mode security associations.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.
format -Output in screen or tab-delimited format.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY.
2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\


Examples: 1. show mmsas
all
2. show mmsas srca=192.168.145.110 dsta=192.168.145
.215


Usage:
mmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

Displays the main mode security associations for a specified address.

Parameters:

Tag Value
all -Display all main mode security associations.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.
format -Output in screen or tab-delimited format.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY.
2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\


Examples: 1. show mmsas
all
2. show mmsas srca=192.168.145.110 dsta=192.168.145
.215

12557
Usage:
qmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

Displays the quick mode security associations for a specified address.

Parameters:

Tag Value
all -Displays all quick mode security associations.
srcaddr -Source ip address(ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
format -Output in screen or tab-delimited format.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY.
2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show qmsas all
2. show qmsas srca=192.168.145.110 dsta=192.168.145.215


Usage:
qmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

Displays the quick mode security associations for a specified address.

Parameters:

Tag Value
all -Displays all quick mode security associations.
srcaddr -Source ip address(ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
format -Output in screen or tab-delimited format.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY.
2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show qmsas all
2. show qmsas srca=192.168.145.110 dsta=192.168.145.215

12558
Usage:
config

Displays current settings of IPsec configuration parameters.

Remarks:

Example: show config


Usage:
config

Displays current settings of IPsec configuration parameters.

Remarks:

Example: show config

12559
Usage:
rule [ [ type = ] (transport | tunnel) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

Displays rule details from SPD.

Parameters:

Tag Value
type -Type of rule to display, either transport or tunnel.
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
actioninbound -Action for inbound packets.
actionoutbound -Action for outbound packets.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Default for the type parameter is ‘transport’.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If source or destination address name is specified,
only rules associated with that address are displayed.
4. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show rule
- shows both transport and tunnel rules
2. show rule type=transport srcaddr=192.134.135.133 proto=TCP


Usage:
rule [ [ type = ] (transport | tunnel) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

Displays rule details from SPD.

Parameters:

Tag Value
type -Type of rule to display, either transport or tunnel.
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
actioninbound -Action for inbound packets.
actionoutbound -Action for outbound packets.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Default for the type parameter is ‘transport’.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If source or destination address name is specified,
only rules associated with that address are displayed.
4. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show rule
- shows both transport and tunnel rules
2. show rule type=transport srcaddr=192.134.135.133 proto=TCP

13001

No. of policies : %1!d!


No. of policies : %1!d!
13002Store : Local Store
Store : Local Store
13006Store : Domain Store
Store : Domain Store
13012Remote Machine Remote Machine
13013Local Machine Local Machine
13014Remote Domain Remote Domain
13015Local Domain Local Domain
13016Local Machine Local Machine
13017Local Domain Local Domain
13100

Policy Name : %1!s!


Policy Name : %1!s!
13304

Rule ID : %1!d!, GUID = %2!s!


Rule ID : %1!d!, GUID = %2!s!
13305FilterList Name : %1!s!
FilterList Name : %1!s!
13306FilterList Name : NONE
FilterList Name : NONE
13602Policy Name : %1!s!
Policy Name : %1!s!
13603Description : %1!s!
Description : %1!s!
13604Description : NONE
Description : NONE
13605Assigned : YES
Assigned : YES
13606Assigned : NO
Assigned : NO
13607Master PFS : YES
Master PFS : YES
13608Master PFS : NO
Master PFS : NO
13609Polling Interval : %1!d! minutes
Polling Interval : %1!d! minutes
13610

No. of Rules : %1!d!


No. of Rules : %1!d!
13611
Rule Details

Rule Details
13612------------
------------
13615Assigned : YES but AD Policy Overrides
Assigned : YES but AD Policy Overrides
13700
Rule Name : %1!s!

Rule Name : %1!s!
13701
Rule Name : NONE

Rule Name : NONE
13705Authentication Methods(%1!d!)
Authentication Methods(%1!d!)
13708Tunnel Dest IP Address : Tunnel Dest IP Address :
13709Connection Type : ALL
Connection Type : ALL
13710Connection Type : LAN
Connection Type : LAN
13711Connection Type : DIAL UP
Connection Type : DIAL UP
13712Connection Type : NONE
Connection Type : NONE
13713
FilterList Details

FilterList Details
13714------------------
------------------
13715
No FilterList exists in Default Response Rule


No FilterList exists in Default Response Rule

13716FilterAction Details
FilterAction Details
13717---------------------
---------------------
13734
No of Transport rule(s): %1!d!

No of Transport rule(s): %1!d!
13735
No of Tunnel rule(s) : %1!d!

No of Tunnel rule(s) : %1!d!
13736Activated : YES
Activated : YES
13737Activated : NO
Activated : NO
13738Activated : YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
Activated : YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
13800FilterAction Name : %1!s!
FilterAction Name : %1!s!
13801FilterAction Name : NONE
FilterAction Name : NONE
13802Action : PERMIT
Action : PERMIT
13803Action : BLOCK
Action : BLOCK
13804Action : NEGOTIATE SECURITY
Action : NEGOTIATE SECURITY
13805AllowUnsecure(Fallback): YES
AllowUnsecure(Fallback): YES
13806AllowUnsecure(Fallback): NO
AllowUnsecure(Fallback): NO
13807Inbound Passthrough : YES
Inbound Passthrough : YES
13808Inbound Passthrough : NO
Inbound Passthrough : NO
13809No. of Security.Methods: %1!d! No. of Security.Methods: %1!d!
13812AH ESP LIFE (Sec/kB)
AH ESP LIFE (Sec/kB)
13813-- --- -------------
-- --- -------------
13815QMPFS : YES
QMPFS : YES
13816QMPFS : NO
QMPFS : NO
14200KERBEROS
KERBEROS
14201Root CA : %1!s!
Root CA : %1!s!
14202Preshared Key : %1!s!
Preshared Key : %1!s!
14203NONE
NONE
14300
FilterList Name : %1!s!

FilterList Name : %1!s!
14301
FilterList Name : NONE

FilterList Name : NONE
14302No. of Filters : %1!d!
No. of Filters : %1!d!
14304Filter(s)
Filter(s)
14305---------
---------
14308GUID : %1!s!
GUID : %1!s!
14309Last Modified : %1!s!
Last Modified : %1!s!
14500Source DNS Name :
Source DNS Name :
14501Source DNS Name : %1!s!
Source DNS Name : %1!s!
14505Source DNS Name : NONE
Source DNS Name : NONE
14506Destination DNS Name :
Destination DNS Name :
14507Destination DNS Name : %1!s!
Destination DNS Name : %1!s!
14511Destination DNS Name : NONE
Destination DNS Name : NONE
14512Mirrored : YES
Mirrored : YES
14513Mirrored : NO
Mirrored : NO
14514Source DNS Name : %1!s! resolves to Source DNS Name : %1!s! resolves to
14515Destination DNS Name : %1!s! resolves to Destination DNS Name : %1!s! resolves to
14516Source DNS Name :
Source DNS Name :
14517Source DNS Name :
Source DNS Name :
14520Destination DNS Name :
Destination DNS Name :
14521Destination DNS Name :
Destination DNS Name :
14522Destination DNS Name :
Destination DNS Name :
14526%1!-15s! %1!-15s!
14527%1!s! %1!s!
14528%1!s!
%1!s!
14529

14530, ,
14531... ...
14600Source IP Address :
Source IP Address :
14602Source IP Address : Source IP Address :
14603Source Mask : Source Mask :
14604Destination IP Address :
Destination IP Address :
14606Destination IP Address : Destination IP Address :
14607Destination Mask : Destination Mask :
14608Source Port : %1!d!
Source Port : %1!d!
14609Source Port : ANY
Source Port : ANY
14610Destination Port : %1!d!
Destination Port : %1!d!
14611Destination Port : ANY
Destination Port : ANY
14615resolves to %1!s!
resolves to %1!s!
14617Source IP Address :
Source IP Address :
14618Source IP Address :
Source IP Address :
14620Source IP Address :
Source IP Address :
14621Destination IP Address :
Destination IP Address :
14622Destination IP Address :
Destination IP Address :
14623Destination IP Address :
Destination IP Address :
14624Destination IP Address :
Destination IP Address :
14625Source Port Range : %1!d!-%2!d!
Source Port Range : %1!d!-%2!d!
14626Destination Port Range : %1!d!-%2!d!
Destination Port Range : %1!d!-%2!d!
14700Protocol : ICMP
Protocol : ICMP
14701Protocol : TCP
Protocol : TCP
14703Protocol : UDP
Protocol : UDP
14708Protocol : RAW
Protocol : RAW
14709Protocol : ANY
Protocol : ANY
14710Protocol : %1!d!
Protocol : %1!d!
14802Main Mode Security Method Order
Main Mode Security Method Order
14803MainMode LifeTime : %1!d! minutes / %2!d! Quick Mode sessions
MainMode LifeTime : %1!d! minutes / %2!d! Quick Mode sessions
14804Encryption Integrity DH Group
Encryption Integrity DH Group
14805---------- --------- -------- ---------- --------- --------
14900
DES

DES
14901
3DES

3DES
14902SHA1 SHA1
14903MD5 MD5
14904Low(1) Low(1)
14905Medium(2) Medium(2)
149062048 2048
15001

Source Machine : Local Computer GPO for


Source Machine : Local Computer GPO for
15002

Source Domain : %1!s!


Source Domain : %1!s!
15003DC Name : %1!s!
DC Name : %1!s!
15004GPO Name : %1!s!
GPO Name : %1!s!
15005Local IPsec Policy Name : %1!s!
Local IPsec Policy Name : %1!s!
15006AD IPsec Policy Name : %1!s!
AD IPsec Policy Name : %1!s!
15007GPO DN : %1!s!
GPO DN : %1!s!
15008GPO OU Link : %1!s!
GPO OU Link : %1!s!
15009AD Policy DN : %1!s!
AD Policy DN : %1!s!
15010Local IPsec Policy Assigned: Yes, but AD Policy is Overriding
Local IPsec Policy Assigned: Yes, but AD Policy is Overriding
15011Local IPsec Policy DN : %1!s!
Local IPsec Policy DN : %1!s!
15016Local IPsec Policy Name : NONE
Local IPsec Policy Name : NONE
15017AD IPsec Policy Name : NONE
AD IPsec Policy Name : NONE
15018IPsec Policy Name : %1!s!
IPsec Policy Name : %1!s!
15019IPsec Policy DN : %1!s!
IPsec Policy DN : %1!s!
15020IPsec Policy Assigned : YES
IPsec Policy Assigned : YES
15021Exclude CA name : YES
Exclude CA name : YES
15022Exclude CA name : NO
Exclude CA name : NO
15023Certmapping enabled : YES
Certmapping enabled : YES
15024Certmapping enabled : NO
Certmapping enabled : NO
16001

No. of policies %1!d!


No. of policies %1!d!
16003Store Local Store
Store Local Store
16007Store Domain Store
Store Domain Store
16010Store Local Store
Store Local Store
16011Store Domain Store
Store Domain Store
16013Cert To Account Mapping YES
Cert To Account Mapping YES
16014Cert To Account Mapping NO
Cert To Account Mapping NO
16100

Policy Name %1!s!


Policy Name %1!s!
16101

Rule Name %1!s!


Rule Name %1!s!
16303No Policy Name Specified
No Policy Name Specified
16304

Rule ID %1!d!, GUID = %2!s!


Rule ID %1!d!, GUID = %2!s!
16306%1!-23s! %1!-23s!
16602Policy Name %1!s!
Policy Name %1!s!
16603Description %1!s!
Description %1!s!
16604Description NONE
Description NONE
16605Assigned YES
Assigned YES
16606Assigned NO
Assigned NO
16607Master PFS YES
Master PFS YES
16608Master PFS NO
Master PFS NO
16609Polling Interval %1!d! minutes
Polling Interval %1!d! minutes
16610

No. of Rules %1!d!


No. of Rules %1!d!
16611
Rule Details

Rule Details
16613Assigned YES but AD Policy Overrides
Assigned YES but AD Policy Overrides
16614

Policy Name Rules LastModified Assign


Policy Name Rules LastModified Assign
16615%1!-32s! %1!-32s!
16616YES but AD Policy Overrides
YES but AD Policy Overrides
16617YES
YES
16618NO
NO
16619---------- ----- ------------ ------
---------- ----- ------------ ------
16620Policy Name Rules LastModified
Policy Name Rules LastModified
16621----------- ----- ------------
----------- ----- ------------
16700Rule Name %1!s!
Rule Name %1!s!
16701Rule Name NONE
Rule Name NONE
16703Authentication Methods (%1!d!)
Authentication Methods (%1!d!)
16705
Enabled FilterList FilterAction Authentication

Enabled FilterList FilterAction Authentication
16706
------- ---------- ------------ --------------

------- ---------- ------------ --------------
16707Tunnel Dest IP Address NONE
Tunnel Dest IP Address NONE
16708Tunnel Dest IP Address Tunnel Dest IP Address
16709Connection Type ALL
Connection Type ALL
16710Connection Type LAN
Connection Type LAN
16711Connection Type DIAL UP
Connection Type DIAL UP
16712Connection Type UNKNOWN
Connection Type UNKNOWN
16716
FilterAction Details

FilterAction Details
16717--------------------
--------------------
16718Activated YES
Activated YES
16719Activated NO
Activated NO
16721
YES

YES
16722
NO

NO
16724NONE NONE
16728Kerb Kerb
16729Cert Cert
16730Pre Pre
16734
No of Transport rule(s) %1!d!

No of Transport rule(s) %1!d!
16735

No of Tunnel rule(s) %1!d!


No of Tunnel rule(s) %1!d!
16737
Enabled FilterList FilterAction TunnelEndPoint

Enabled FilterList FilterAction TunnelEndPoint
16738
------- ---------- ------------ --------------

------- ---------- ------------ --------------
16739
YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.

YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
16740Activated YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
Activated YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
16800FilterAction Name %1!s!
FilterAction Name %1!s!
16801FilterAction Name NONE
FilterAction Name NONE
16802Action PERMIT
Action PERMIT
16803Action BLOCK
Action BLOCK
16804Action NEGOTIATE SECURITY
Action NEGOTIATE SECURITY
16805InBound PassThrough YES
InBound PassThrough YES
16806InBound PassThrough NO
InBound PassThrough NO
16807AllowUnSecure(Fallback) YES
AllowUnSecure(Fallback) YES
16808AllowUnSecure(Fallback) NO
AllowUnSecure(Fallback) NO
16810Security Methods
Security Methods
16812AH ESP Seconds kBytes
AH ESP Seconds kBytes
16813-- --- ------- ------
-- --- ------- ------
16814QMPFS YES
QMPFS YES
16815QMPFS NO
QMPFS NO
16816FilterAction Name Action Last Modified
FilterAction Name Action Last Modified
16817----------------- ------ -------------
----------------- ------ -------------
16818%1!-38s! %1!-38s!
16820PERMIT PERMIT
16821BLOCK BLOCK
16822NEGOTIATE NEGOTIATE
16824%1!-23s!
%1!-23s!
17000[MD5 ] [MD5 ]
17001[SHA1] [SHA1]
17002[NONE] [NONE]
17003[NONE , NONE] [NONE , NONE]
17007[MD5 , [MD5 ,
17008[SHA1 , [SHA1 ,
17009[NONE , [NONE ,
17010DES ] DES ]
170113DES] 3DES]
17012NONE] NONE]
17100%1!6u! %2!10u!
%1!6u! %2!10u!
17201ROOT CA %1!s!
ROOT CA %1!s!
17202PRESHARED Key %1!s!
PRESHARED Key %1!s!
17300
FilterList Name %1!s!

FilterList Name %1!s!
17301
FilterList Name NONE

FilterList Name NONE
17306FilterList Name Filters Last Modified
FilterList Name Filters Last Modified
17307--------------- ------- -------------
--------------- ------- -------------
17308GUID %1!s!
GUID %1!s!
17309Last Modified %1!s!
Last Modified %1!s!
17310No. of Filters %1!d!
No. of Filters %1!d!
17501%1!-45s! %1!-45s!
17508%1!5d! %1!5d!
17512YES YES
17513NO NO
17514Mir Source SrcMask Destination DstMask Proto SrcPort DstPort
Mir Source SrcMask Destination DstMask Proto SrcPort DstPort
17515--- ------------- ------------- ------------- ------------- ------- ------- -------
--- ------------- ------------- ------------- ------------- ------- ------- -------
17600
17608%1!3d! %1!3d!
17609ANY ANY
17610%1!3d!
%1!3d!
17611ANY
ANY
17612DNS SERVER DNS SERVER
17613WINS SERVER WINS SERVER
17614DHCP SERVER DHCP SERVER
17615DEFAULT GATEWAY DEFAULT GATEWAY
17616%1!3d!-%2!3d! %1!3d!-%2!3d!
17617%1!3d!-%2!3d!
%1!3d!-%2!3d!
17700ICMP ICMP
17701TCP TCP
17703UDP UDP
17708RAW RAW
17710OTHER OTHER
17803MainMode LifeTime %1!d! minutes / %2!d! Quick mode sessions
MainMode LifeTime %1!d! minutes / %2!d! Quick mode sessions
17804Encryption Integrity DH Group
Encryption Integrity DH Group
17805---------- --------- -------- ---------- --------- --------
17900
DES

DES
17901
3DES

3DES
18000

Stand Alone FilterAction(s)


Stand Alone FilterAction(s)
18001---------------------------
---------------------------
18004
No. of Standalone FilterActions %1!d!


No. of Standalone FilterActions %1!d!

18100
Stand Alone FilterList(s)

Stand Alone FilterList(s)
18101-------------------------
-------------------------
18104
No. of Standalone FilterLists %1!d!

No. of Standalone FilterLists %1!d!
18200
No. of FilterLists %1!d!


No. of FilterLists %1!d!

18204
No. of FilterLists : %1!d!


No. of FilterLists : %1!d!

18300
No. of FilterActions %1!d!


No. of FilterActions %1!d!

18304
No. of FilterActions : %1!d!


No. of FilterActions : %1!d!

18500The policy '%1!s!' is ACTIVE. Still would you like to delete? (Y/N)
The policy '%1!s!' is ACTIVE. Still would you like to delete? (Y/N)
18503Would you like to delete all the Filter List(s) and Filter Action(s) associated with the policy ? (Y/N)
Would you like to delete all the Filter List(s) and Filter Action(s) associated with the policy ? (Y/N)
18602Delete all the Filter Lists from Delete all the Filter Lists from
18603? (Y/N)
? (Y/N)
18652Delete all the Filter Actions from Delete all the Filter Actions from
18706Would you like to delete both the Filter List and Filter Action associated with the rule(s)? (Y/N)
Would you like to delete both the Filter List and Filter Action associated with the rule(s)? (Y/N)
18750Are you sure to delete all policies from Are you sure to delete all policies from
18780

Following policies/rule(s) are using it


Following policies/rule(s) are using it
18781---------------------------------------
---------------------------------------
18782Rule Name : %1!s!
Rule Name : %1!s!
18783Rule Name : NONE
Rule Name : NONE
18794Life should be within %1!d! and %2!d! kBytes
Life should be within %1!d! and %2!d! kBytes
18802New Policy is created and updated successfully
New Policy is created and updated successfully
18805Creating new Policy with name '%1!s!'...
Creating new Policy with name '%1!s!'...
18806Creating new Policy with name '%1!s!' and setting it to '%2!s!'...
Creating new Policy with name '%1!s!' and setting it to '%2!s!'...
18834Life should be with in %1!d! and %2!d! kBytes
Life should be with in %1!d! and %2!d! kBytes
18840Destination IP address has been taken as 'me'
Destination IP address has been taken as 'me'
18841Source IP address has been taken as 'me'
Source IP address has been taken as 'me'
18848New Rule was created and updated successfully
New Rule was created and updated successfully
18849Creating new Rule with name '%1!s!' ...
Creating new Rule with name '%1!s!' ...
18855Creating new Rule with name '%1!s!' and setting it to '%2!s!' ...
Creating new Rule with name '%1!s!' and setting it to '%2!s!' ...
18856Server address types, address types ME or ANY, or address ranges cannot be specified for tunnel endpoint.
Server address types, address types ME or ANY, or address ranges cannot be specified for tunnel endpoint.
18861Would you like to create a new policy? (Y/N)
Would you like to create a new policy? (Y/N)
18868Certificate-to-account mapping can only be enabled on Active Directory domain members. The option will be ignored.
Certificate-to-account mapping can only be enabled on Active Directory domain members. The option will be ignored.
18869Cert To Account Mapping: YES
Cert To Account Mapping: YES
18870Cert To Account Mapping: NO
Cert To Account Mapping: NO
18871If store is domain and assign is specified, GPO name is required
If store is domain and assign is specified, GPO name is required
18872If GPO name is specified, then you must be operating on a domain policy store.
If GPO name is specified, then you must be operating on a domain policy store.
18893Would you like to create a new Rule? (Y/N)
Would you like to create a new Rule? (Y/N)
19002
IKE MM Policy Name : %1!s!

IKE MM Policy Name : %1!s!
19018
IKE Soft SA Lifetime : %1!u! secs

IKE Soft SA Lifetime : %1!u! secs
19023[%1!S!] [%1!S!]
19025The 'Netsh ipsec' context is not compatible with the target machine.
The 'Netsh ipsec' context is not compatible with the target machine.
19102Mainmode Policies not available.
Mainmode Policies not available.
19104Specified Mainmode Policy not available
Specified Mainmode Policy not available
19106
Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM

Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM
19107
---------- --------- ---- ------------------ ---------------

---------- --------- ---- ------------------ ---------------
19121DES DES
19122UNKNOWN UNKNOWN
191233DES 3DES
19129%1!-5lu! %2!lu!:%3!lu! %4!-10lu! %1!-5lu! %2!lu!:%3!lu! %4!-10lu!
19130%1!-5lu! %2!lu!:%3!lu! 1 (MMPFS) %1!-5lu! %2!lu!:%3!lu! 1 (MMPFS)
19153Quickmode Policies not available.
Quickmode Policies not available.
19155Specified Quickmode Policy not available
Specified Quickmode Policy not available
19156
QM Negotiation Policy Name : %1!s!

QM Negotiation Policy Name : %1!s!
19158
Security Methods Lifetime (Kb:secs) PFS DH Group

Security Methods Lifetime (Kb:secs) PFS DH Group
19159
------------------------- --------------------- ------------

------------------------- --------------------- ------------
19165AH[MD5] AH[MD5]
19166AH[SHA1] AH[SHA1]
19167AH[NONE] AH[NONE]
19168ESP[ DES, ESP[ DES,
19169ESP[ ERR, ESP[ ERR,
19170ESP[3DES, ESP[3DES,
19171ESP[NONE, ESP[NONE,
19172MD5] MD5]
19173SHA1] SHA1]
19176Low (1) Low (1)
19178%1!10lu!:%2!-10lu! %1!10lu!:%2!-10lu!
19179Main Mode Derived Main Mode Derived
19180High (2048) High (2048)
19181AH[ERR] AH[ERR]
19182ERR] ERR]
19183ERROR ERROR
19192+ +
19193Medium (2) Medium (2)
19198

Filter name : %1!s!


Filter name : %1!s!
19200Generic Mainmode Filters not available.
Generic Mainmode Filters not available.
19201Specific Mainmode Filters not available.
Specific Mainmode Filters not available.
19202Specified Mainmode Filter not available.
Specified Mainmode Filter not available.
19203
Main Mode Filters:

Main Mode Filters:
19204Generic Generic
19205
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
19206Specific Specific
19207Outbound Outbound
19208Inbound Inbound
19209
Weight : %1!d!

Weight : %1!d!
19210

%1!d! Generic Filter(s)


%1!d! Generic Filter(s)
19211

%1!d! Specific Outbound Filter(s)


%1!d! Specific Outbound Filter(s)
19212

%1!d! Specific Inbound Filter(s)


%1!d! Specific Inbound Filter(s)
19219ALL ALL
19220LAN LAN
19221DIALUP DIALUP
19229Unknown Unknown
19236
Connection Type :

Connection Type :
19237
Authentication Methods :

Authentication Methods :
19238
Preshared key

Preshared key
19240
Kerberos

Kerberos
19241
Security Methods :

Security Methods :
19242%1!d! %1!d!
19243(default) (default)
19244NONE/ NONE/
19245DES/ DES/
19246UNKNOWN/ UNKNOWN/
192473DES/ 3DES/
19249MD5/ MD5/
19250SHA1/ SHA1/
19251DH%1!lu!/%2!lu!/QMlimit=%3!lu! DH%1!lu!/%2!lu!/QMlimit=%3!lu!
19265Generic Quickmode Filters not available.
Generic Quickmode Filters not available.
19266Specific Quickmode Filters not available.
Specific Quickmode Filters not available.
19267Specified Quickmode Filter not available.
Specified Quickmode Filter not available.
19268
Quick Mode Filters(Transport):

Quick Mode Filters(Transport):
19269
Transport Rules

Transport Rules
19270
Tunnel Rules

Tunnel Rules
19271
MM Filter Name : %1!s!

MM Filter Name : %1!s!
19272
QM Filter Name : %1!s!

QM Filter Name : %1!s!
19273
Main Mode Policy : %1!s!

Main Mode Policy : %1!s!
19274

%1!d! Transport Filter(s)


%1!d! Transport Filter(s)
19275

%1!d! Tunnel Filter(s)


%1!d! Tunnel Filter(s)
19276

Quick Mode Filters(Tunnel):


Quick Mode Filters(Tunnel):
19278Rules not available.
Rules not available.
19280
Inbound Action : Passthru

Inbound Action : Passthru
19281
Inbound Action : Negotiate

Inbound Action : Negotiate
19282
Inbound Action : Blocking

Inbound Action : Blocking
19283
Inbound Action : Unknown

Inbound Action : Unknown
19284
Outbound Action : Passthru

Outbound Action : Passthru
19285
Outbound Action : Negotiate

Outbound Action : Negotiate
19286
Outbound Action : Blocking

Outbound Action : Blocking
19287
Outbound Action : Unknown

Outbound Action : Unknown
19292%1!-5lu! %1!-5lu!
19293
Tunnel Source :

Tunnel Source :
19294
Tunnel Destination :

Tunnel Destination :
19295Src Port: %1!-4lu! Dest Port: %2!-4lu! Src Port: %1!-4lu! Dest Port: %2!-4lu!
19296
Mirrored : yes

Mirrored : yes
19297
Mirrored : no

Mirrored : no
19298
Quick Mode Policy : %1!s!

Quick Mode Policy : %1!s!
19299
Protocol :

Protocol :
19300
IKE Statistics

IKE Statistics
19301
--------------

--------------
19302
IKEStatistics not available.

IKEStatistics not available.
19303
Main Modes : %1!S!

Main Modes : %1!S!
19304
Quick Modes : %1!S!

Quick Modes : %1!S!
19305
Soft SAs : %1!S!

Soft SAs : %1!S!
19306
Authentication Failures : %1!S!

Authentication Failures : %1!S!
19307
Active Acquire : %1!S!

Active Acquire : %1!S!
19308
Active Receive : %1!S!

Active Receive : %1!S!
19309
Acquire fail : %1!S!

Acquire fail : %1!S!
19310
Receive fail : %1!S!

Receive fail : %1!S!
19311
Send fail : %1!S!

Send fail : %1!S!
19312
Acquire Heap size : %1!S!

Acquire Heap size : %1!S!
19313
Receive Heap size : %1!S!

Receive Heap size : %1!S!
19314
Negotiation Failures : %1!S!

Negotiation Failures : %1!S!
19315
Invalid Cookies Rcvd : %1!S!

Invalid Cookies Rcvd : %1!S!
19316
Total Acquire : %1!S!

Total Acquire : %1!S!
19317
TotalGetSpi : %1!S!

TotalGetSpi : %1!S!
19318
TotalKeyAdd : %1!S!

TotalKeyAdd : %1!S!
19319
TotalKeyUpdate : %1!S!

TotalKeyUpdate : %1!S!
19320
GetSpiFail : %1!S!

GetSpiFail : %1!S!
19321
KeyAddFail : %1!S!

KeyAddFail : %1!S!
19322
KeyUpdateFail : %1!S!

KeyUpdateFail : %1!S!
19323
IsadbListSize : %1!S!

IsadbListSize : %1!S!
19324
ConnListSize : %1!S!

ConnListSize : %1!S!
19325
Invalid Packets Rcvd : %1!S!

Invalid Packets Rcvd : %1!S!
19326

IPsec Statistics


IPsec Statistics
19327
----------------

----------------
19328
IPsecStatistics not available.

IPsecStatistics not available.
19329
Active Assoc : %1!S!

Active Assoc : %1!S!
19330
Offload SAs : %1!S!

Offload SAs : %1!S!
19331
Pending Key : %1!S!

Pending Key : %1!S!
19332
Key Adds : %1!S!

Key Adds : %1!S!
19333
Key Deletes : %1!S!

Key Deletes : %1!S!
19334
ReKeys : %1!S!

ReKeys : %1!S!
19335
Active Tunnels : %1!S!

Active Tunnels : %1!S!
19336
Bad SPI Pkts : %1!S!

Bad SPI Pkts : %1!S!
19337
Pkts not Decrypted : %1!S!

Pkts not Decrypted : %1!S!
19338
Pkts not Authenticated : %1!S!

Pkts not Authenticated : %1!S!
19339
Pkts with Replay Detection : %1!S!

Pkts with Replay Detection : %1!S!
19340
Confidential Bytes Sent : %1!S!

Confidential Bytes Sent : %1!S!
19341
Confidential Bytes Received : %1!S!

Confidential Bytes Received : %1!S!
19342
Authenticated Bytes Sent : %1!S!

Authenticated Bytes Sent : %1!S!
19343
Authenticated Bytes Received: %1!S!

Authenticated Bytes Received: %1!S!
19344
Transport Bytes Sent : %1!S!

Transport Bytes Sent : %1!S!
19345
Transport Bytes Received : %1!S!

Transport Bytes Received : %1!S!
19346
Offloaded Bytes Sent : %1!S!

Offloaded Bytes Sent : %1!S!
19347
Offloaded Bytes Received : %1!S!

Offloaded Bytes Received : %1!S!
19348
Bytes Sent In Tunnels : %1!S!

Bytes Sent In Tunnels : %1!S!
19349
Bytes Received In Tunnels : %1!S!

Bytes Received In Tunnels : %1!S!
19350
Cookie Pair :

Cookie Pair :
19351%1!02x! %1!02x!
19352
Sec Methods :

Sec Methods :
19359/%1!d!/%2!d! /%1!d!/%2!d!
19360
Auth Mode :

Auth Mode :
19361Preshared Key Preshared Key
19362DSS Signature DSS Signature
19363RSA Signature RSA Signature
19364RSA Encryption RSA Encryption
19365Kerberos Kerberos
19366
Source :

Source :
19367, port %1!d! , port %1!d!
19368
ID :

ID :
19369
ID : %1!s!

ID : %1!s!
19370
Destination :

Destination :
19371
Destination SecurityMethods

Destination SecurityMethods
19372
Date/Time Created

Date/Time Created
19373
-------------------------------------------------------- ----------------------

-------------------------------------------------------- ----------------------
19374[ID:%1!-35s!] [ID:%1!-35s!]
19375
DNS: %1!-51S!

DNS: %1!-51S!
19377
Issuing CA :%1!s!

Issuing CA :%1!s!
19378
Thumbprint :

Thumbprint :
19380: :
19381/ /
1938219383
Root CA : %1!s!
19383
Root CA : %1!s!
19384%S %S
19385( (
19386)
)
19387Root CA : %1!s! Root CA : %1!s!
19397IPsec MainMode Security Associations not available.
IPsec MainMode Security Associations not available.
19398
IKE Main Mode SAs at %1!s!

IKE Main Mode SAs at %1!s!
19400Specified MainMode Security Associations not available.
Specified MainMode Security Associations not available.
19401

Quick Mode SAs


Quick Mode SAs
19402
--------------

--------------
19403IPsec QuickMode Security Associations not available.
IPsec QuickMode Security Associations not available.
19404Specified QuickMode Security Associations not available.
Specified QuickMode Security Associations not available.
19410
Transport Filter

Transport Filter
19411
Tunnel Filter

Tunnel Filter
19412
Unknown

Unknown
19413
Policy Name : %1!s!

Policy Name : %1!s!
19414
Source Address :

Source Address :
19415
Destination Address :

Destination Address :
19416
Protocol : %1!lu!

Protocol : %1!lu!
19417
Source Port : %1!u!

Source Port : %1!u!
19418
Destination Port : %1!u!

Destination Port : %1!u!
19419
Direction : Inbound

Direction : Inbound
19420
Direction : Outbound

Direction : Outbound
19421
Direction : Error

Direction : Error
19422

Offer Used


Offer Used
19423
Protocol : ICMP

Protocol : ICMP
19424
Protocol : TCP

Protocol : TCP
19425
Protocol : UDP

Protocol : UDP
19426
Protocol : RAW

Protocol : RAW
19427
AH(b/r) ESP Con(b/r) ESP Int PFS DH Group

AH(b/r) ESP Con(b/r) ESP Int PFS DH Group
19428
---------- ------------- ------- ------------

---------- ------------- ------- ------------
19429
Encapsulation Type : IKE

Encapsulation Type : IKE
19430
Encapsulation Type : Other

Encapsulation Type : Other
19431
Source UDP Encap port : %1!u!

Source UDP Encap port : %1!u!
19432
Dest UDP Encap port : %1!u!

Dest UDP Encap port : %1!u!
19433
Peer Private Addr :

Peer Private Addr :
19434
Protocol : ANY

Protocol : ANY
19441) )
19446
IPsec Configuration Parameters

IPsec Configuration Parameters
19447------------------------------
------------------------------
19448IPsecDiagnostics : %1!d![Not valid for Windows Vista and later operating systems]
IPsecDiagnostics : %1!d![Not valid for Windows Vista and later operating systems]
19449IKElogging : %1!d! [Not valid for Windows Vista and later operating systems]
IKElogging : %1!d! [Not valid for Windows Vista and later operating systems]
19450StrongCRLCheck : %1!d!
StrongCRLCheck : %1!d!
19451IPsecloginterval : %1!d![Not valid for Windows Vista and later operating systems]
IPsecloginterval : %1!d![Not valid for Windows Vista and later operating systems]
19452NLBSFlags : %1!d![Not valid for Windows Vista and later operating systems]
NLBSFlags : %1!d![Not valid for Windows Vista and later operating systems]
19453Flags : %1!d![Not valid for Windows Vista and later operating systems]
Flags : %1!d![Not valid for Windows Vista and later operating systems]
19454IPsecexempt : %1!d!
IPsecexempt : %1!d!
194552048DHGroupId : %1!d![Not valid for Windows Vista and later operating systems]
2048DHGroupId : %1!d![Not valid for Windows Vista and later operating systems]
19456IPsec Diagnostic Level is out of range. Range is 0 - 7.
IPsec Diagnostic Level is out of range. Range is 0 - 7.
19457IKE Logging is out of range. Range is 0 - 1.
IKE Logging is out of range. Range is 0 - 1.
19458Strong CRL Check Level is out of range. Range is 0 - 2.
Strong CRL Check Level is out of range. Range is 0 - 2.
19459IPsec Log Interval is out of range. Range is 60 - 86400.
IPsec Log Interval is out of range. Range is 60 - 86400.
19460IPsec Exemption Level is out of range. Range is 0 - 3.
IPsec Exemption Level is out of range. Range is 0 - 3.
19461(Some of the IPsec Configuration parameters are not set).
(Some of the IPsec Configuration parameters are not set).
19462Boot Mode : Boot Mode :
19463Stateful Stateful
19464Block Block
19465Permit Permit
19476No bootmode exemptions
No bootmode exemptions
19477Boot Mode Exemptions : Boot Mode Exemptions :
19478Protocol Src Port Dst Port Direction
Protocol Src Port Dst Port Direction
19479--------- --------- --------- ---------
--------- --------- --------- ---------
19480A maximum of 1024 exemptions are allowed.
A maximum of 1024 exemptions are allowed.
19800MD5(%1!02lu!/%2!-02lu!) None None MD5(%1!02lu!/%2!-02lu!) None None
19801SHA1(%1!02lu!/%2!-02lu!) None None SHA1(%1!02lu!/%2!-02lu!) None None
19802None None None None None None
19803None DES (%1!02lu!/%2!-02lu!) None DES (%1!02lu!/%2!-02lu!)
19804None Unknown None Unknown
19805None 3DES(%1!02lu!/%2!-02lu!) None 3DES(%1!02lu!/%2!-02lu!)
19806None None None None
19809None None
19811certmap certmap
19812excludecaname excludecaname
19813yes yes
19814no no
22001ERR Win32[%1!05d!] : %2!s! ERR Win32[%1!05d!] : %2!s!
22002ERR IPsec[%1!05d!] : ERR IPsec[%1!05d!] :
22004ERR Win32[%1!05d!] : Invalid Win32 Err Code
ERR Win32[%1!05d!] : Invalid Win32 Err Code
22010One or more essential parameters not specified
One or more essential parameters not specified
22011Arguments are not matching. Check help for the correct syntax
Arguments are not matching. Check help for the correct syntax
22012No Policies in Policy Store
No Policies in Policy Store
22013Unable to open Policy Store
Unable to open Policy Store
22014No Filter Actions in Policy Store
No Filter Actions in Policy Store
22015No Filter Lists in Policy Store
No Filter Lists in Policy Store
22016Policy with name %1!s! not exists in Policy Store
Policy with name %1!s! not exists in Policy Store
22017Internal Error, Invalid Switch Case.
Internal Error, Invalid Switch Case.
22018Invalid Parameter for the Argument '%1!s!'
Invalid Parameter for the Argument '%1!s!'
22019IP Address specified is invalid
IP Address specified is invalid
22020DNS lookup failed for the given dns name '%1!s!'
DNS lookup failed for the given dns name '%1!s!'
22021'%1!s!' not a valid tag for this context
'%1!s!' not a valid tag for this context
22022'%1!s!' tag already present
'%1!s!' tag already present
22023GPOname cannot be specified without argument 'assign = y/n'
GPOname cannot be specified without argument 'assign = y/n'
22024Tag 'Name' or 'GUID' needed for the given command
Tag 'Name' or 'GUID' needed for the given command
22025'%1!s!' tag is needed
'%1!s!' tag is needed
22026'%1!s!' is not a valid argument for the tag '%2!s!'
'%1!s!' is not a valid argument for the tag '%2!s!'
22027Prefix should be between 1 and 32 only
Prefix should be between 1 and 32 only
22028'%1!s!' is not a valid Mask/Prefix
'%1!s!' is not a valid Mask/Prefix
22029The argument supplied is null
The argument supplied is null
22030The 'Seconds' LifeTime specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
The 'Seconds' LifeTime specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
22031The 'Kbytes' specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
The 'Kbytes' specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
22032The Rekey Unit (k/s) is invalid
The Rekey Unit (k/s) is invalid
22033Invalid HASH algorithm specified
Invalid HASH algorithm specified
22034Incomplete ESP specified
Incomplete ESP specified
22035Duplicate Algo's specified for '%1!s!'
Duplicate Algo's specified for '%1!s!'
22036None and None not allowed
None and None not allowed
22037Invalid IPsec protocol specified. It should be ESP or AH only
Invalid IPsec protocol specified. It should be ESP or AH only
22038Max Number of OFFERS[%1!d!] is crossed
Max Number of OFFERS[%1!d!] is crossed
22039Invalid QM_OFFERS. Encryption+Encryption or Authentication+Authentication are not allowed
Invalid QM_OFFERS. Encryption+Encryption or Authentication+Authentication are not allowed
22040Invalid Lifetime or Data specification for QMOffers.
Invalid Lifetime or Data specification for QMOffers.
22041Invalid PFS Group specified for MMOFFER
Invalid PFS Group specified for MMOFFER
22042P1 Group missing
P1 Group missing
22043Invalid MMOFFER is specified
Invalid MMOFFER is specified
22044File name should contain .ipsec extension only
File name should contain .ipsec extension only
22045'%1!s!' and ALL not allowed
'%1!s!' and ALL not allowed
22046Preshared key not specified
Preshared key not specified
22047Invalid Authmethod is specified
Invalid Authmethod is specified
22048Invalid Certificate specified
Invalid Certificate specified
22049Multiple '%1!s!' parameters are specified. Only one is allowed.
Multiple '%1!s!' parameters are specified. Only one is allowed.
22050The Port specified is invalid.
The Port specified is invalid.
22051No of arguments are more,truncated
No of arguments are more,truncated
22052Invalid QMOFFER specified
Invalid QMOFFER specified
22053Invalid Tunnel IP specified
Invalid Tunnel IP specified
22054Protocol can't be specified without source and destination addresses
Protocol can't be specified without source and destination addresses
22055Subnet mask specified is invalid
Subnet mask specified is invalid
22056Non-tagged arg can only be machine or domain
Non-tagged arg can only be machine or domain
22057ERR WIN32[00014] : There is not enough memory to complete this operation.
ERR WIN32[00014] : There is not enough memory to complete this operation.
22058The Port specified is invalid. It should be in less than '%1!d!' only
The Port specified is invalid. It should be in less than '%1!d!' only
22100Missing Policy Name
Missing Policy Name
22101Polling Interval should be within %1!d! and %2!d! minutes
Polling Interval should be within %1!d! and %2!d! minutes
22102Quickmode limit should be within %1!d! and %2!d! sessions
Quickmode limit should be within %1!d! and %2!d! sessions
22103Lifetime should be within %1!d! and %2!d! minutes
Lifetime should be within %1!d! and %2!d! minutes
22111Policy with name '%1!s!' already exists
Policy with name '%1!s!' already exists
22112Error while adding Default Response Rule
Error while adding Default Response Rule
22113Error while creating Policy with name '%1!s!'
Error while creating Policy with name '%1!s!'
22114Error while creating policy with name '%1!s!' due to failure in loading default auth methods
Error while creating policy with name '%1!s!' due to failure in loading default auth methods
22121Missing FilterList Name
Missing FilterList Name
22122FilterList with name '%1!s!' already exists
FilterList with name '%1!s!' already exists
22123Error while creating FilterList with name '%1!s!'
Error while creating FilterList with name '%1!s!'
22124Invalid GUID specified
Invalid GUID specified
22131Error while creating the specified Filter
Error while creating the specified Filter
22141FilterAction with name '%1!s!' already exists
FilterAction with name '%1!s!' already exists
22142Error while creating FilterAction with name '%1!s!'
Error while creating FilterAction with name '%1!s!'
22143Inpass, Qmpfs, Soft and Qmsec options are not valid for the Permit or Block type FilterAction. 'action = negotiate' needs to be specified
Inpass, Qmpfs, Soft and Qmsec options are not valid for the Permit or Block type FilterAction. 'action = negotiate' needs to be specified
22144Atleast One Quick mode Security method needs to be specified
Atleast One Quick mode Security method needs to be specified
22151Missing Rule Name
Missing Rule Name
22152Missing FilterAction Name
Missing FilterAction Name
22153Policy with name '%1!s!' does not exist
Policy with name '%1!s!' does not exist
22154Rule with name '%1!s!' already exists in policy '%2!s!'
Rule with name '%1!s!' already exists in policy '%2!s!'
22155FilterAction with name '%1!s!' does not exist
FilterAction with name '%1!s!' does not exist
22156No Filters in FilterList with name '%1!s!'
No Filters in FilterList with name '%1!s!'
22157Error while creating Rule with name '%1!s!'
Error while creating Rule with name '%1!s!'
22158Missing Rule Name or Rule ID
Missing Rule Name or Rule ID
22159Policy with GUID %1!s! does not exist
Policy with GUID %1!s! does not exist
22160FilterAction with GUID %1!s! does not exist
FilterAction with GUID %1!s! does not exist
22161Error while creating Rule with name '%1!s!' due to failure in loading default auth methods
Error while creating Rule with name '%1!s!' due to failure in loading default auth methods
22165Certificate decoding operation failed
Certificate decoding operation failed
22166Policy with name '%1!s!' does not exist in current machine's domain
Policy with name '%1!s!' does not exist in current machine's domain
22167Invalid Tunnel IP Address Specified
Invalid Tunnel IP Address Specified
22168FilterList with name '%1!s!' does not exist
FilterList with name '%1!s!' does not exist
22169Servers cannot be specified for both source and destination sides
Servers cannot be specified for both source and destination sides
22170FilterList with GUID %1!s! does not exist
FilterList with GUID %1!s! does not exist
22171No Directory Service available
No Directory Service available
22172GPO with name '%1!s!' does not exist in current machine's domain
GPO with name '%1!s!' does not exist in current machine's domain
22173Error while assigning the Policy to the GPO with name '%1!s!' or specified GPO does not exist
Error while assigning the Policy to the GPO with name '%1!s!' or specified GPO does not exist
22174Error while updating the Policy with name '%1!s!'
Error while updating the Policy with name '%1!s!'
22175Error while updating the Policy with GUID %1!s!
Error while updating the Policy with GUID %1!s!
22176Error while unassigning the Policy from the GPO with name '%1!s!' or specified GPO does not exist
Error while unassigning the Policy from the GPO with name '%1!s!' or specified GPO does not exist
22181Error while updating FilterList with name '%1!s!'
Error while updating FilterList with name '%1!s!'
22182Error while updating FilterList with GUID %1!s!
Error while updating FilterList with GUID %1!s!
22191Error while updating FilterAction with name '%1!s!'
Error while updating FilterAction with name '%1!s!'
22192Error while updating FilterAction with GUID %1!s!
Error while updating FilterAction with GUID %1!s!
22201Rule with name '%1!s!' does not exist in Policy '%2!s!'
Rule with name '%1!s!' does not exist in Policy '%2!s!'
22202Error while updating rule with name '%1!s!'
Error while updating rule with name '%1!s!'
22203Default rule cannot be updated with this command. Use the 'set defaultrule' command
Default rule cannot be updated with this command. Use the 'set defaultrule' command
22204Rule with ID %1!d! does not exist in Policy '%2!s!'
Rule with ID %1!d! does not exist in Policy '%2!s!'
22205Invalid Rule ID Specified
Invalid Rule ID Specified
22211Error while updating Default Rule of Policy with name '%1!s!'
Error while updating Default Rule of Policy with name '%1!s!'
22221No file name specified
No file name specified
22222Invalid File / Path name
Invalid File / Path name
22223Error while importing policies
Error while importing policies
22231Error while exporting policies
Error while exporting policies
22235Error while restoring default policies
Error while restoring default policies
22236This command is only available for the local store
This command is only available for the local store
22237Invalid Domain Name. Domain with name '%1!s!' does not exist
Invalid Domain Name. Domain with name '%1!s!' does not exist
22238Your machine is not a member of domain
Your machine is not a member of domain
22241Error while deleting Policy with name '%1!s!'
Error while deleting Policy with name '%1!s!'
22242No Policy with name '%1!s!'
No Policy with name '%1!s!'
22251FilterList with name '%1!s!' cannot be deleted FilterList with name '%1!s!' cannot be deleted
22252Error while deleting FilterList with name '%1!s!' Error while deleting FilterList with name '%1!s!'
22255No FilterList with name '%1!s!'
No FilterList with name '%1!s!'
22256Filter with the specified spec does not exist in FilterList with name '%1!s!'
Filter with the specified spec does not exist in FilterList with name '%1!s!'
22261Error while updating FilterList with name '%1!s!' after deletion of the specified filter
Error while updating FilterList with name '%1!s!' after deletion of the specified filter
22265FilterAction with name '%1!s!' cannot be deleted FilterAction with name '%1!s!' cannot be deleted
22266Error while deleting FilterAction with name '%1!s!' Error while deleting FilterAction with name '%1!s!'
22267No FilterAction with name '%1!s!'
No FilterAction with name '%1!s!'
22271Error while deleting Rule with name '%1!s!'
Error while deleting Rule with name '%1!s!'
22272Error while deleting Rule with ID %1!d!
Error while deleting Rule with ID %1!d!
22273Default Response Rule cannot be deleted
Default Response Rule cannot be deleted
22274No Rule with name '%1!s!'
No Rule with name '%1!s!'
22275No Rule with ID %1!d!
No Rule with ID %1!d!
22276No Policy name specified
No Policy name specified
22280No policy with name '%1!s!'
No policy with name '%1!s!'
22281Error while extracting NegPol info of Policy with name '%1!s!'
Error while extracting NegPol info of Policy with name '%1!s!'
22282Error while extracting Filter info of Policy with name '%1!s!'
Error while extracting Filter info of Policy with name '%1!s!'
22283Error while extracting ISAKMP info of Policy with name '%1!s!'
Error while extracting ISAKMP info of Policy with name '%1!s!'
22290No currently assigned Policy
No currently assigned Policy
22295No FilterList exists in Policy Store
No FilterList exists in Policy Store
22296No FilterAction exists in Policy Store
No FilterAction exists in Policy Store
22297Either invalid GPO name or no currently assigned policy
Either invalid GPO name or no currently assigned policy
22298A name must be specified when using the domain store
A name must be specified when using the domain store
22299Invalid Source IP Address specified
Invalid Source IP Address specified
22300Invalid Source IP/Mask specified
Invalid Source IP/Mask specified
22301Address Conflict. Source and Destination cannot have same IP/DNS
Address Conflict. Source and Destination cannot have same IP/DNS
22302Invalid server specified
Invalid server specified
22303Server needs to be specified
Server needs to be specified
22304Invalid destination IP Address specified
Invalid destination IP Address specified
22305Invalid destination mask specified
Invalid destination mask specified
22306Invalid Newname. Policy with name '%1!s!' already exists
Invalid Newname. Policy with name '%1!s!' already exists
22307Invalid Newname. Rule with name '%1!s!' already exists
Invalid Newname. Rule with name '%1!s!' already exists
22308Invalid Newname. Filterlist with name '%1!s!' already exists
Invalid Newname. Filterlist with name '%1!s!' already exists
22309Invalid Newname. Filteraction with name '%1!s!' already exists
Invalid Newname. Filteraction with name '%1!s!' already exists
22310If a type is specified, 'all' needs to be specified
If a type is specified, 'all' needs to be specified
22311Internal error occurred during this operation
Internal error occurred during this operation
22312No Tunnel type rules exist in policy '%1!s!'
No Tunnel type rules exist in policy '%1!s!'
22313Updating default Filteraction is not allowed through this command. Use 'Set DefaultRule' command.
Updating default Filteraction is not allowed through this command. Use 'Set DefaultRule' command.
22314Policy with name '%1!s!' has READONLY attribute. Updation denied
Policy with name '%1!s!' has READONLY attribute. Updation denied
22315Specified Rule has READONLY attribute. Updation denied
Specified Rule has READONLY attribute. Updation denied
22316Filteraction with name '%1!s!' has READONLY attribute. Updation denied
Filteraction with name '%1!s!' has READONLY attribute. Updation denied
22317FilterList with name '%1!s!' has READONLY attribute. Updation denied
FilterList with name '%1!s!' has READONLY attribute. Updation denied
22318Policy with name '%1!s!' has READONLY attribute. Deletion denied
Policy with name '%1!s!' has READONLY attribute. Deletion denied
22319Rule with name '%1!s!' has READONLY attribute. Deletion denied
Rule with name '%1!s!' has READONLY attribute. Deletion denied
22320Filteraction with name '%1!s!' has READONLY attribute. Deletion denied
Filteraction with name '%1!s!' has READONLY attribute. Deletion denied
22321FilterList with name '%1!s!' has READONLY attribute. Deletion denied
FilterList with name '%1!s!' has READONLY attribute. Deletion denied
22322No name can be specified when using the local store
No name can be specified when using the local store
22323Default response rule is not supported on Windows Vista and later versions of Windows.
Default response rule is not supported on Windows Vista and later versions of Windows.
23001QMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE.
QMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE.
23002
Port number valid for TCP or UDP protocols, continuing without PortNumber.

Port number valid for TCP or UDP protocols, continuing without PortNumber.
23003Specified QMPolicy does not exist.
Specified QMPolicy does not exist.
23004Specified MainMode Policy does not exist.
Specified MainMode Policy does not exist.
23006Cannot have IPsec policy when neither ActionInbound or ActionOutbound are specified as NEGOTIATE.
Cannot have IPsec policy when neither ActionInbound or ActionOutbound are specified as NEGOTIATE.
23007Mirror = Yes is not valid for Tunnel Rule.
Mirror = Yes is not valid for Tunnel Rule.
23011Specified MainMode Filter does not exist.
Specified MainMode Filter does not exist.
23012Specified Transport Filter does not exist.
Specified Transport Filter does not exist.
23013Specified Tunnel Filter does not exist.
Specified Tunnel Filter does not exist.
23014MainMode Policies are not available.
MainMode Policies are not available.
23015QuickMode Policies are not available.
QuickMode Policies are not available.
23021MainMode Policy with the given name already exists.
MainMode Policy with the given name already exists.
23031QuickMode Policy with the given name already exists.
QuickMode Policy with the given name already exists.
23061MainMode Filters do not exist.
MainMode Filters do not exist.
23062Specified MainMode Filter does not exist and Policy is not found.
Specified MainMode Filter does not exist and Policy is not found.
23063Specified MainMode Policy either does not exist or not associated with specified MainMode Filter.
Specified MainMode Policy either does not exist or not associated with specified MainMode Filter.
23071QuickMode Filters do not exist.
QuickMode Filters do not exist.
23072Specified QuickMode Filter does not exist and Policy is not found.
Specified QuickMode Filter does not exist and Policy is not found.
23073Specified QuickMode Policy either does not exist or is not associated with QuickMode Filter.
Specified QuickMode Policy either does not exist or is not associated with QuickMode Filter.
23074Specified QuickMode Filter does not exist.
Specified QuickMode Filter does not exist.
23075Authentication method(s) being used.
Authentication method(s) being used.
23076%1!d! MMFilter object(s) could not be deleted.
%1!d! MMFilter object(s) could not be deleted.
23077%1!d! Transport Filter object(s) could not be deleted.
%1!d! Transport Filter object(s) could not be deleted.
23078%1!d! Tunnel Filter object(s) could not be deleted.
%1!d! Tunnel Filter object(s) could not be deleted.
23081The IPsec Policy Agent service is not active.
The IPsec Policy Agent service is not active.
23082
Policy Agent service successfully started.

Policy Agent service successfully started.
23090
Wrong token from Parser, Should be either IPSEC, IKE or ALL.

Wrong token from Parser, Should be either IPSEC, IKE or ALL.
23091
Invalid AddressType received from Parser.

Invalid AddressType received from Parser.
23092Source and Destination both cannot be Servers.
Source and Destination both cannot be Servers.
23093Tunnel Source and Tunnel Destination both cannot be Servers.
Tunnel Source and Tunnel Destination both cannot be Servers.

EXIF

File Name:nshipsec.dll.mui
Directory:%WINDIR%\WinSxS\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.15063.0_en-us_5ba3159c34ee1abb\
File Size:184 kB
File Permissions:rw-rw-rw-
File Type:Win32 DLL
File Type Extension:dll
MIME Type:application/octet-stream
Machine Type:Intel 386 or later, and compatibles
Time Stamp:0000:00:00 00:00:00
PE Type:PE32
Linker Version:14.10
Code Size:0
Initialized Data Size:188416
Uninitialized Data Size:0
Entry Point:0x0000
OS Version:10.0
Image Version:10.0
Subsystem Version:6.0
Subsystem:Windows GUI
File Version Number:10.0.15063.0
Product Version Number:10.0.15063.0
File Flags Mask:0x003f
File Flags:(none)
File OS:Windows NT 32-bit
Object File Type:Dynamic link library
File Subtype:0
Language Code:English (U.S.)
Character Set:Unicode
Company Name:Microsoft Corporation
File Description:Net Shell IP Security helper DLL
File Version:10.0.15063.0 (WinBuild.160101.0800)
Internal Name:nshipsec.dll
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original File Name:nshipsec.dll.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Directory:%WINDIR%\WinSxS\x86_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.15063.0_en-us_ff847a187c90a985\

What is nshipsec.dll.mui?

nshipsec.dll.mui is Multilingual User Interface resource file that contain English (U.S.) language for file nshipsec.dll (Net Shell IP Security helper DLL).

File version info

File Description:Net Shell IP Security helper DLL
File Version:10.0.15063.0 (WinBuild.160101.0800)
Company Name:Microsoft Corporation
Internal Name:nshipsec.dll
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original Filename:nshipsec.dll.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Translation:0x409, 1200