nshipsec.dll.mui Net Shell IP 安全帮助程序 DLL a702a5ed4b9b759ffbe9436b739db917

File name:	nshipsec.dll.mui
Size:	133632 byte
MD5:	a702a5ed4b9b759ffbe9436b739db917
SHA1:	e95446f6cb980ce9f0eb87b53c1c18bd01d04acf
SHA256:	720bf56fa81cd93d220f5e476ced5577ab5409be400002f57c42a490738d2281
Operating systems:	Windows 10
Extension:	MUI

If an error occurred or the following message in Chinese (Simplified) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id	Chinese (Simplified)	English
11110	从证书存储中导出所有策略。	Exports all the policies from the policy store.
11111	从文件导入策略到证书存储。	Imports the policies from a file to the policy store.
11112	还原默认示例策略。	Restores the default example policies.
11150	用法: exportpolicy [ file = ] 将所有策略导出到文件。 参数: 标记 值 name -策略要导出到的文件的名称。 注释: 默认情况下在文件名后面加 .ipsec 扩展。 示例: exportpolicy Policy1	Usage: exportpolicy [ file = ] Exports all the policies to a file. Parameters: Tag Value name -Name of the file into which the policies are exported. Remarks: .ipsec extension is by default added to the filename. Examples: exportpolicy Policy1
11151	用法: importpolicy [ file = ] 从指定文件中导入策略。 参数: 标记 值 name -要从中导入策略的文件名。 注释: 示例: importpolicy Policy1.ipsec	Usage: importpolicy [ file = ] Imports policies from the specified file. Parameters: Tag Value name -Name of the file from which the policies are imported. Remarks: Examples: importpolicy Policy1.ipsec
11152	用法: restorepolicyexamples [release = ] (win2k | win2003) 还原默认策略。 参数: 标记 值 release -OS 发行类别，对默认策略示例。 注释: 此命令只对本地计算机策略存储有效。 示例: 1. restorepolicyexamples release=win2003 2. restorepolicyexamples release=win2k	Usage: restorepolicyexamples [release = ] (win2k | win2003) Restores the default policies. Parameters: Tag Value release -OS release type, for default policies examples. Remarks: This command is only valid for the local computer policy store. Examples: 1. restorepolicyexamples release=win2003 2. restorepolicyexamples release=win2k
11200	创建新的策略和有关信息。	Creates new policies and related information.
11210	用默认响应规则创建策略。	Creates a policy with a default response rule.
11211	创建一个空的筛选器列表。	Creates an empty filter list.
11212	创建一个筛选器操作。	Creates a filter action.
11213	为指定策略创建一个规则。	Creates a rule for the specified policy.
11214	将筛选器添加到筛选器列表。	Adds a filter to filter list.
11250	用法: policy [ name = ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] (yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 用指定名称创建一个策略。 参数: 标记 值 name -策略的名称。 description -策略的简短信息。 mmpfs -设置主完全向前保密的选项。 qmpermm -每一 IKE 主模式会话的快速模式会话数目。 mmlifetime -为 IKE 的主模式重新生成密钥所需时间(以分钟计)。 activatedefaultrule -激活或禁用默认响应规则。 只在 Windows Vista 之前的 Windows 版本上有效。 pollinginterval -轮询间隔，策略代理在策略存储中 查找更改的间隔时间(以分钟计)。 assign -指定策略为活动或非活动。 mmsecmethods -一个或多个由空格分隔开的安全方法列表，安全方法的格式为 ConfAlg-HashAlg-GroupNum，其中 ConfAlg 可以是 DES 或 3DES，HashAlg 是 MD5 或 SHA1。 GroupNum 可以是 1 (低)、2 (中)、3 (DH2048)。 注释: 1. 如果指定了 mmpfs，qmpermm 将设置为 1。 2. 如果存储为 "domain"，则 "assign" 将不起作用。 3. 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: add policy Policy1 mmpfs= yes assign=yes mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"	Usage: policy [ name = ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] (yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Creates a policy with the specified name. Parameters: Tag Value name -Name of the policy. description -Brief information about the policy. mmpfs -Option to set master perfect forward secrecy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. activatedefaultrule -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista. pollinginterval -Polling Interval, time in minutes for policy agent to check for changes in policy store. assign -Assigns the policy as active or inactive. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum, where ConfAlg can be DES or 3DES, HashAlg is MD5 or SHA1. GroupNum can be 1 (Low), 2 (Med), 3 (DH2048). Remarks: 1. If mmpfs is specified, qmpermm is set to 1. 2. If the store is 'domain' then ‘assign’ will have no effect. 3. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add policy Policy1 mmpfs= yes assign=yes mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"
11251	用法: filterlist [ name = ] [ [ description = ] ] 用指定名称创建一个空的筛选器列表。 参数: 标记 值 name -筛选器列表的名称。 description -筛选器列表的简短信息。 注释: 示例: add filterlist Filter1	Usage: filterlist [ name = ] [ [ description = ] ] Creates an empty filter list with the specified name. Parameters: Tag Value name -Name of the filter list. description -Brief information about the filter list. Remarks: Examples: add filterlist Filter1
11252	用法: filteraction [ name = ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] 创建一个筛选器操作。 参数: 标记 值 name -筛选器操作的名称。 description -筛选器操作类别的简短信息。 qmpfs -设置快速模式完全向前保密的选项。 inpass -接受不安全的通讯，但是始终用 IPsec响应。 这接受 yes 或 no。 soft -允许与没有 IPsec 的计算机进行不安全的通讯。 可以是 yes 或 no。 action -可以是 permit，block 或 negotiate。 qmsecmethods -IPsec 提供是下列格式之一: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s 其中 ConfAlg 可以是 DES 或 3DES 或 None 其中 AuthAlg 可以是 MD5 或 SHA1 或 None 其中 HashAlg 是 MD5 或 SHA1。 其中 k 是 Lifetime(千字节)。 其中 s 是 Lifetime(秒)。 注释: 1. 如果操作不是 negotiate，快速模式安全方法将被忽略 2. 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"	Usage: filteraction [ name = ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Creates a filter action. Parameters: Tag Value name -Name of the filter action. description -Brief information about the type of filter action. qmpfs -Option to set quick mode perfect forward secrecy. inpass -Accept unsecured communication, but always respond using IPsec. This takes a value of either ‘yes’ or ‘no’. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either ‘yes’ or ‘no’. action -This takes permit, block or negotiate. qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is Lifetime in kilobytes. where s is Lifetime in seconds. Remarks: 1. Quick mode security methods are ignored if the action is not ‘negotiate’ 2. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"
11253	用法: rule [ name = ] [ policy = ] [ filterlist = ] [ filteraction = ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ description = ] ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 用指定的筛选器列表和筛选器操作创建一个规则。 参数: 标记 值 name -规则的名称。 policy -规则所属的策略的名称。 filterlist -要使用的筛选器列表的名称。 filteraction -要使用的筛选器操作的名称。 tunnel -隧道终结点 IP 地址。 conntype -连接类型可以是 lan，dialup 或 all。 activate -如果指定了 yes，则激活策略中的规则。 description -规则的简短信息。 kerberos -如果指定了 yes，则提供 Kerberos 身份验证。 psk -用预共享密钥提供身份验证。 rootca -用指定的根证书提供身份验证，如果指定了 certmap:Yes，将尝试映射此证书 如果指定了 excludecaname:Yes，将排除 CA 名称 注释: 1. 证书，映射和 CA 名称设置要在引号中引起来，内嵌的引号将 被“\'”所代替。 2. 证书映射只对域成员有效。 3. 可以多次使用 rootca 参数来提供多重证书。 4. 每种身份验证方法的优先级由在命令中的顺序来决定。 5. 如果没有指定身份验证方法，将使用动态默认。 6. 排除根证书颁发机构(CA)名称防止将名称作为证书请求的一部分 发送。 示例: add rule name=Rule policy=Policy filterlist=Filterlist filteraction=FilterAction kerberos=yes psk="my key" rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no"	Usage: rule [ name = ] [ policy = ] [ filterlist = ] [ filteraction = ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ description = ] ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Creates a rule with the specified filter list and filter action. Parameters: Tag Value name -Name of the rule. policy -Name of the policy the rule belongs to. filterlist -Name of the filter list to be used. filteraction -Name of the filter action to be used. tunnel -Tunnel end point IP address. conntype -Connection type can be lan, dialup or ‘all’. activate -Activates the rule in the policy if ‘yes’ is specified. description -Brief information about the rule. kerberos -Provides Kerberos authentication if ‘yes’ is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 2. Certificate mapping is valid only for domain members. 3. Multiple certificates can be provided by using the rootca parameter multiple times. 4. The preference of each authentication method is determined by its order in the command. 5. If no auth methods are stated, dynamic defaults are used. 6. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. Examples: add rule name=Rule policy=Policy filterlist=Filterlist filteraction=FilterAction kerberos=yes psk="my key" rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no"
11254	用法: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ description = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ mirrored = ] (yes | no) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] 将筛选器添加到指定的筛选器列表。 参数: 标记 值 filterlist -筛选器要添加到其中的筛选器列表的名称。 srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、dns 名称或服务器类型。 description -筛选器的简介信息。 protocol -可以是 ANY，ICMP，TCP，UDP，RAW，或者一个整数。 mirrored -值为 'Yes' 将创建两个筛选器，每个方向均有一个。 srcmask -源地址掩码或一个 1 到 32 的前缀。如果 srcaddr 设置为某一范围，则不适用。 dstmask -目标地址掩码或一个 1 到 32 的前缀。如果 dstaddr 设置为某一范围，则不适用。 srcport -数据包的源端口。值为 0 表示任意端口。 dstport -数据包的目标端口。值为 0 表示任意端口。 注释: 1. 如果筛选器列表不存在，将创建它。 2. 要指定当前计算机地址，请设置 srcaddr/dstaddr=me 要指定所有计算机地址，请设置 srcaddr/dstaddr=any 3. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。 4. 如果源是一个服务器类型，则目标为 "me"，反之亦然。 5. 如果指定了地址范围，终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。 示例: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45 srcmask=24 dstmask=32 2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0 protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255 3. add filter filterlist=Filter1 srcaddr=me dstaddr=any 4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME 5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME	Usage: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ description = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ mirrored = ] (yes | no) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] Adds a filter to the specified filter list. Parameters: Tag Value filterlist -Name of the filter list to which the filter is added. srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. description -Brief information about the filter. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. mirrored -‘Yes’ creates two filters, one in each direction. srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range srcport -Source port of the packet. A value of 0 means any port. dstport -Destination port of the packet. A value of 0 means any port. Remarks: 1. If the filter list does not exist it will be created. 2. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 3. Server type can be WINS, DNS, DHCP or GATEWAY. 4. If source is a server type, then dest is 'me' and vice-versa. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45 srcmask=24 dstmask=32 2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0 protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255 3. add filter filterlist=Filter1 srcaddr=me dstaddr=any 4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME 5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME
11300	更改现存策略和相关信息。	Modifies existing policies and related information.
11310	更改策略。	Modifies a policy.
11311	更改筛选器列表。	Modifies a filter list.
11312	更改筛选器操作。	Modifies a filter action.
11313	更改规则。	Modifies a rule.
11314	设置当前策略存储。	Sets the current policy store.
11315	更改默认响应规则。	Modifies the default response rule of a policy.
11317	设置批更新模式。	Sets the batch update mode.
11350	用法: policy [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] ( yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ gponame = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 更改策略。 参数: 标记 值 name | guid -策略或 guid 的名称。 newname -新名称 description -简介信息。 mmpfs -设置主密钥完全向前保密。 qmpermm -每一个主模式的快速模式数目。 mmlifetime -重新生成密钥的时间(以分钟计)。 activatedefaultrule -激活默认响应规则。只在 Windows Vista 之前的 Windows 版本中有效。 pollinginterval -在策略存储中查找更改的时间(以分钟计)。 assign -指定策略。 gponame -可以指定策略的本地 AD 组策略对象名称。 在 store 为 domain 时为有效。 mmsecmethods -一个或多个空格分隔的安全方法列表，格式为 ConfAlg-HashAlg-GroupNum。 注释: 1. 如果指定了 mmpfs，qmpermm 将设置为 1。 2. 只有将 store 设置为 domain 时，才能指定 GPO 名称。 3. 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y 2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=NewName gpo=DefaultDomainPolicy assign=y	Usage: policy [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] ( yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ gponame = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Modifies a policy. Parameters: Tag Value name | guid -Name of the policy, or guid. newname -New name. description -Brief information. mmpfs -Sets master perfect forward secrecy. qmpermm -Number of quick modes per main mode. mmlifetime -Time in minutes to rekey. activatedefaultrule -Activates the default response rule. Valid only for versions of Windows prior to Windows Vista. pollinginterval -Time in minutes to check for change in policy store. assign -Assigns the policy. gponame -Local AD group policy object name to which the policy can be assigned. Valid when the store is domain. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum. Remarks: 1. If mmpfs is specified, qmpermm is set to 1. 2. A GPO name can only be specified if the store is set to domain. 3. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y 2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=NewName gpo=DefaultDomainPolicy assign=y
11351	用法: filterlist [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] 更改筛选器列表名称和描述。 参数: 标记 值 name | guid -筛选器列表的名称或 guid。 newname -筛选器列表的新名称。 description -筛选器的简短信息列表。 示例: 1.set filterlist Filter1 desc=NewFilter1 2.set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=FilterName	Usage: filterlist [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] Modifies a filter list name and description. Parameters: Tag Value name | guid -Name of the filter list or guid. newname -New name of the filter list. description -Brief information about the filter list. Examples: 1. set filterlist Filter1 desc=NewFilter1 2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=FilterName
11352	用法: filteraction [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] 更改筛选器操作。 参数: 标记 值 name | guid -筛选器操作的名称或 guid。 newname -筛选器操作的新名称。 description -筛选器操作的简短信息。 qmpfs -设置快速模式完全向前保密的选项。 inpass -接受非安全的通讯，但始终用 IPsec 响应。可以 是 yes 或 no。 soft -允许与非 IPsec 的计算机进行非安全的通讯。 它的值可以是 yes 或 no。 action -可以是 permit 或 block 或 negotiate。 qmsecmethods -IPsec 提供是下列格式之一: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s 其中 ConfAlg 可以是 DES 或 3DES 或 None。 其中 AuthAlg 可以是 MD5 或 SHA1 或 None。 其中 HashAlg 是 MD5 或 SHA1。 其中 k 是 lifetime(千字节)。 其中 s 是 lifetime(秒)。 3. 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: 1.set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s 2.set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} inpass=y	Usage: filteraction [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Modifies a filter action. Parameters: Tag Value name | guid -Name or guid of the filter action. newname -New name of the filter action. description -Brief information about the filter action. qmpfs -Option to set quick mode perfect forward secrecy. inpass -Accept unsecured communication, but always respond using IPsec. This takes a value of either ‘yes’ or ‘no’. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either ‘yes’ or ‘no’. action -This takes permit or block or negotiate. qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples:1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s 2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} inpass=y
11353	用法: rule [ name = ] | [id= ] [ policy = ] [ [ newname = ] ] [ [ description = ] ] [ [ filterlist = ] ] [ [ filteraction = ] ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 更改策略中的规则。 参数: 标记 值 name | id -规则的名称或 ID。 policy -规则所属的策略的名称。 newname -规则的新名称。 description -规则的简短信息。 filterlist -要使用的筛选器列表的名称。 filteraction -要使用的筛选器操作的名称。 tunnel -隧道 ip 地址或 dns 名称。 conntype -连接类型可以是 lan，dialup 或 all。 activate -如果指定了 yes，则激活策略中的规则。 kerberos -如果指定了 yes，则提供 Kerberos 身份验证。 psk -用指定的预共享密钥提供身份验证。 rootca -用指定的根证书提供身份验证，如果指定了 certmap:Yes，将尝试映射此证书 如果指定了 excludecaname:Yes，将排除 CA 名称。 注释: 1. 证书，映射和 CA 名称设置要在引号中引起来，内嵌的引号将 被“\'”代替。 2. 证书映射只对域成员有效。 3. 可以多次使用 rootca 参数来提供多重证书。 4. 每种身份验证方法的优先级由在命令中的顺序来决定。 5. 如果没有指定身份验证方法，将使用动态默认。 6. 所有身份验证方法都将被指定的列表所覆盖。 7. 排除根证书颁发机构(CA)名称防止将名称作为证书请求的一部分 发送。 示例: 1. set rule name=Rule policy=Policy activate=yes rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" 2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156	Usage: rule [ name = ] | [id= ] [ policy = ] [ [ newname = ] ] [ [ description = ] ] [ [ filterlist = ] ] [ [ filteraction = ] ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Modifies a rule in a policy. Parameters: Tag Value name | id -Name or ID of the rule. policy -Name of the policy, the rule belongs to. newname -New name of the rule. description -Brief information about the rule. filterlist -Name of the filter list to be used. filteraction -Name of the filter action to be used. tunnel -Tunnel ip address or dns name. conntype -Connection type can be ‘lan’, ‘dialup’ or ‘all’. activate -Activates the rule in the policy if ‘yes’ is specified. kerberos -Provides Kerberos authentication if ‘yes’ is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 2. Certificate mapping is valid only for domain members. 3. Multiple certificates can be provided by using the rootca parameter multiple times. 4. The preference of each authentication method is determined by its order in the command. 5. If no auth methods are stated, dynamic defaults are used. 6. All authentication methods are overwritten with the stated list. 7. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. Examples: 1. set rule name=Rule policy=Policy activate=yes rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" 2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156
11354	用法: store [location = ] (local | domain) [ [ domain = ] ] 设置当前 IPsec 策略存储位置。 参数: 标记 值 location IPsec 策略存储的位置。 domain 域名(只应用于域位置)。 说明: 1. 本地存储包含 IPsec 策略，可以指定来保护 计算机。如果域策略可用，则 应用域策略而不是本地策略。 2. 域存储包含 IPsec 策略，可以指定来 保护域中的一组计算机。 3. 使用"set machine"命令配置远程计算机。 4. 默认存储为本地存储。对存储设置所作的更改 仅在当前 Netsh 会话期间有效。如果需要在 同一存储中从批处理文件运行多个命令，请在 执行批处理文件时使用"Netsh Exec"。 5. 不支持永久存储和永久策略。 示例: 1. set store location= local - 使用当前计算机的本地存储。 2. set store location= domain domain=example.microsoft.com - 使用域策略存储以获取 example.microsoft.com。	Usage: store [location = ] (local | domain) [ [ domain = ] ] Sets the current IPsec policy storage location. Parameters: Tag Value location Location of the IPsec policy store. domain Domain name (only applies to the domain location). Remarks: 1. The local store contains IPsec policies that can be assigned to secure this computer. If a domain policy is available, the domain policy is applied instead of the local policy. 2. The domain store contains IPsec policies that can be assigned to secure groups of computers in a domain. 3. Use the 'set machine' command to configure a remote computer. 4. The default store is Local. Changes to the store setting persist only as long as the current Netsh session. If you need to run multiple commands in the same store from a batch file, use the ‘Netsh Exec’ when executing your batch file. 5. Persistent store and persistent policy is not supported. Examples: 1. set store location= local - uses the local store of the current computer . 2. set store location=domain domain=example.microsoft. com - uses the domain policy store for example.microsoft.com .
11355	用法: defaultrule [ policy = ] [ [ qmpfs = ] (yes | no) ] [ [ activate = ] (yes | no) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 修改指定策略的默认响应规则。 在 Windows Vista 和 Windows 的更新版本中将忽略此规则。 参数: 标记 值 policy -其默认响应规则将被修改的策略的名称 . qmpfs -设置快速模式完全向前保密的选项 . activate -如果指定 "yes" 则激活策略中的规则 . qmsecmethods -IPsec 按下列其中一种模式提供: ESP[ConfAlg,AuthAlg]:k/ s AH[HashAlg]:k/ s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/ s 其中 ConfAlg 可以是 DES、3DES 或 None . 其中 AuthAlg 可以是 MD5、SHA1 或 None . 其中 HashAlg 是 MD5 或 SHA1 . 其中 k 是以 KB 为单位的生存时间 . 其中 s 是以秒为单位的生存时间 . kerberos -如果指定 “yes” 则提供 Kerberos 身份验证 . psk -使用指定的预共享密钥提供身份验证 . rootca -使用指定的根证书提供身份验证， 如果指定 certmap:Yes，则尝试映射证书， 如果指定 excludecaname:Yes，则排除 CA 名称 . 说明: 1. 证书、映射和 CA 名称设置都要放在引号中；嵌入的引号用“\”代替 . 2. 证书映射只对域成员有效 . 3. 通过多次使用 rootca 参数可以提供多重证书 . 4. 每种身份验证方法的优先级由它在命令中的顺序决定 . 5. 如果未指定身份验证方法，则使用动态默认 6. 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: set defaultrule Policy1 activate= y qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"	Usage: defaultrule [ policy = ] [ [ qmpfs = ] (yes | no) ] [ [ activate = ] (yes | no) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Modifies the default response rule of the specified policy. This rule will be ignored on Windows Vista and later versions of Windows Parameters: Tag Value policy -Name of the policy for which the default response rule is to be modified . qmpfs -Option to set quick mode perfect forward secrecy . activate -Activates the rule in the policy if ‘yes’ is specified . qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/ s AH[HashAlg]:k/ s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/ s where ConfAlg can be DES, or 3DES or None . where AuthAlg can be MD5, or SHA1 or None . where HashAlg is MD5 or SHA1 . where k is lifetime in kilobytes . where s is lifetime in seconds . kerberos -Provides Kerberos authentication if ‘yes’ is specified . psk -Provides authentication using a specified preshared key . rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified . Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \' . 2. Certificate mapping is valid only for domain members . 3. Multiple certificates can be provided by using the rootca parameter multiple times . 4. The preference of each authentication method is determined by its order in the command . 5. If no auth methods are stated, dynamic defaults are used . 6. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only . Examples: set defaultrule Policy1 activate= y qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"
11357	用法: set batch [mode = ] (enable | disable) 设置批处理更新模式。 参数: mode - 用于批处理更新的模式。	Usage: set batch [mode = ] (enable | disable) Sets the batch update mode. Parameters: mode - The mode for batch updates.
11400	删除策略和相关信息。	Deletes policies and related information.
11410	删除一个策略和它的规则。	Deletes a policy and its rules.
11411	删除一个筛选器列表。	Deletes a filter list.
11412	删除一个筛选器操作。	Deletes a filter action.
11413	从策略中删除一个规则。	Deletes a rule from a policy.
11414	从筛选器列表中删除一个筛选器。	Deletes a filter from a filter list.
11415	删除所有策略，筛选器列表和筛选器操作。	Deletes all policies, filter lists, and filter actions.
11450	用法: policy [ name = ] | [ all ] 删除策略及它的所有相关规则。 参数: 标记 值 name | all -策略名称，或 all。 注释: 如果指定了 'all'，将删除所有策略。 示例: 1. delete policy all - 删除所有策略 2. delete policy name=Policy1 - 删除名为 'Policy1' 的策略	Usage: policy [ name = ] | [ all ] Deletes the policy and all its associated rules. Parameters: Tag Value name | all -Name of the policy or ‘all’. Remarks: If 'all' is specified, all policies are deleted. Examples: 1. delete policy all - deletes all policies. 2. delete policy name=Policy1 - deletes the policy named Policy1.
11451	用法: filterlist [name = ] | [ all ] 删除筛选器列表及它的所有相关筛选器。 参数: 标记 值 name | all -筛选器列表的名称，或 all。 Remarks: 如果指定了 'all'，将删除所有筛选器。 示例: delete filterlist all	Usage: filterlist [name = ] | [ all ] Deletes the filter list and all of its associated filters. Parameters: Tag Value name | all -Name of the filter list or ‘all’. Remarks: If 'all' is specified, all filter lists are deleted. Examples: delete filterlist all
11452	用法: filteraction [ name = ] | [ all ] 删除筛选器操作。 参数: 标记 值 name | all -筛选器操作的名称，或 all。 注释: 如果指定了 'all'，将删除所有筛选器操作。 示例: 1. delete filteraction FilterA 2. delete filteraction all	Usage: filteraction [ name = ] | [ all ] Deletes a filter action. Parameters: Tag Value name | all -Name of the filter action or ‘all’. Remarks: If 'all' is specified, all filter actions are deleted. Examples: 1. delete filteraction FilterA 2. delete filteraction all
11453	用法: rule [ name = ] | [ id = ] | [ all ] [ policy = ] 从策略中删除规则。 参数: 标记 值 name | id | all -规则的名称或 ID，或 all policy -策略名称。 注释: 1. 如果指定了 'all'，将从策略中删除除了默认响应规则以外 的所有规则。 2. 默认响应规则不能被删除。 3. 每次删除都将更改 ID。 示例: 1. delete rule id=1 Policy1 -从 Policy1 中删除 id=1 的规则。 2. delete rule all Policy1 -从 Policy1 中删除所有规则。	Usage: rule [ name = ] | [ id = ] | [ all ] [ policy = ] Deletes a rule from a policy. Parameters: Tag Value name | id | all -Name of the rule, ID of the rule, or ‘all’ policy -Name of the policy. Remarks: 1. If 'all' is specified, deletes all rules from the policy except the default response rule. 2. The default response rule cannot be deleted. 3. The IDs will change with every delete. Examples: 1. delete rule id=1 Policy1 -deletes the rule with id=1 from Policy1. 2. delete rule all Policy1 -deletes all the rules from Policy1.
11454	用法: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] 从筛选器列表中删除一个筛选器 参数: 标记 值 filterlist -筛选器要添加到其中的筛选器列表的名称。 srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 protocol -可以是 ANY，ICMP，TCP，UDP，RAW，或者一个整数。 srcmask -源地址掩码，或一个 1 到 32 的前缀。如果 srcaddr 设置为某一范围，则不适用。 dstmask -目标地址掩码，或一个 1 到 32 的前缀。如果 dstaddr 设置为某一范围，则不适用。 srcport -数据包的源端口。值为 0 表示任意端口。 dstport -数据包的目标端口。值为 0 表示任意端口。 mirrored -值为 "Yes" 将创建两个筛选器，每个方向均有一个。 注释: 1. 从筛选器列表中删除准确匹配的筛选器。 2. 要指定当前计算机地址，请设置 srcaddr/dstaddr=me 要指定所有计算机地址，请设置 srcaddr/dstaddr=any 3. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。 4. 如果源为 server，则目标为 "me"，反之亦然。 5. 如果指定了地址范围，终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。 示例: 1. delete filter FilterList1 src=fum.com dst=fum.com 2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP 3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP 4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME	Usage: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] Deletes a filter from a filter list Parameters: Tag Value filterlist -Name of the filter list to which the filter was added. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range srcport -Source port of the packet. A value of 0 means any port dstport -Destination port of the packet. A value of 0 means any port. mirrored -‘Yes’ creates two filters, one in each direction. Remarks: 1. Deletes the exact match filter from the filter list. 2. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 3. Server type can be WINS, DNS, DHCP or GATEWAY. 4. If source is a server, then dest is set to 'me' and vice-versa. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. delete filter FilterList1 src=fum.com dst=fum.com 2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP 3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP 4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME
11455	用法: all 删除所有策略，筛选器列表和筛选器操作。 参数: 注释: 示例: delete all	Usage: all Deletes all policies, filter lists, and filter actions. Parameters: Remarks: Examples: delete all
11500	显示策略和相关信息的详细信息。	Displays details of policies and related information.
11510	显示策略详细信息。	Displays policy details.
11511	显示筛选器列表详细信息。	Displays filter list details.
11512	显示筛选器操作详细信息。	Displays filter action details.
11513	显示规则的详细信息。	Displays rule details.
11515	显示所有策略的详细信息及相关信息。	Displays details of all policies and related information.
11516	显示组分配的策略的详细信息。	Displays details of a group assigned policy.
11517	显示当前策略存储。	Displays the current policy store.
11550	用法: policy [ name = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] 显示策略的详细信息 参数: 标记 值 name | all -策略名称或‘all’。 level -Verbose 或 normal。 format -以屏幕格式或制表符分隔的方式输出。 wide -如果设置为 “no”，名称和描述将被截断 以适应 80 列的屏幕宽度。 注释: 示例: show policy Policy1 wide=yes format=table	Usage: policy [ name = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of a policy Parameters: Tag Value name | all -Name of the policy or ‘all’. level -Verbose or normal. format -Output in screen or tab-delimited format. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all policy details are displayed. Examples: show policy Policy1 wide=yes format=table
11551	用法: filterlist [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table ) ] [ [ resolvedns = ] (yes | no) ] [ [ wide = ] (yes | no) ] 显示筛选器列表的详细信息。 参数: 标记 值 name | rule | all -筛选器列表的名称或 rule 名称或 all。 level -Verbose 或 normal。 format -以屏幕格式或制表符分隔的方式输出。 resolvedns -值为 'yes' 将强制详细输出显示 IP 地址的当前 DNS 映射，以及存储在筛选器字段中的 DNS 名称。 wide -如果设置为 no，名称和描述将被截断，以适 应 80 个字符的屏幕宽度。 注释: 如果指定了 'all'，将显示所有筛选器列表。 示例: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes	Usage: filterlist [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] [ [ wide = ] (yes | no) ] Displays the details of a filter list Parameters: Tag Value name | rule | all -Name of the filter list, rule name, or ‘all’. level -Verbose or normal. format -Output in screen or tab-delimited format. resolvedns -Value of ‘yes’ will force the verbose output to show the current dns mapping for ip addresses and dns names that are stored in the filter fields. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all filter lists are displayed. Examples: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes
11552	用法: filteraction [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table ) ] [ [ wide = ] (yes | no) ] 显示筛选器操作的详细信息。 参数: 标记 值 name | rule | all -筛选器操作的名称或 rule 名称或 all。 level -Verbose 或 normal。 format -以屏幕格式或制表符分隔的方式输出 wide -如果设置为 no，名称和描述将被截断， 以适应 80 个字符的屏幕宽度 注释: 如果指定了 'all'，则显示所有筛选器操作。 示例: 1. show filteraction FilterAction1 - 显示筛选器操作 FilterAction1 的详细信息 2. show filteraction rule=Rule1 - 显示由规则 Rule1 使用的筛选器操作 3. show filteraction all - 显示所有筛选器操作	Usage: filteraction [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of a filter action Parameters: Tag Value name | rule | all -Name of the filter action, rule name, or ‘all’. level -Verbose or normal. format -Output in screen or tab-delimited format wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all filter actions are displayed. Examples: 1. show filteraction FilterAction1 - shows the details of the filter action named FilterAction1 2. show filteraction rule=Rule1 - shows the filter action used by the rule named Rule1 3. show filteraction all - shows all filter actions
11553	" 用法: rule [ name = ] | [ id = ] ] | [ all ] | [default] [ policy = ] [ [ type = ] (tunnel | tranport) ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table ) ] [ [ wide = ] (yes | no) ] 显示策略的规则的详细信息。 参数: 标记 值 name | id | all | default -规则的名称或 id，或 all 或 default。 policy -策略名称。 type -规则类别是 transport 或 tunnel。 level -Verbose 或 normal。 format -以屏幕格式或制表符分隔的方式输出。 wide -如果设置为 no，名称和描述将被截断， 以适应 80 个字符的屏幕宽度 注释: 1. 如果指定了 All，则显示所有规则。 2. 如果指定了 type 参数，则需要指定 'all'。 示例: 1. show rule all type=transport policy=Policy1 - 显示 Policy1 的所有传输规则。 2. show rule id=1 policy=Policy1 - 显示策略的第一个规则。 3. show rule default policy=Policy1 - 显示 Policy1 的默认响应规则的详细信息。	Usage: rule [ name = ] | [ id = ] ] | [ all ] | [default] [ policy = ] [ [ type = ] (tunnel | tranport) ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of rules for the policy. Parameters: Tag Value name | id | all | default -Name of the rule, its id, ‘all’, or ‘default’. policy -Name of the policy. type -Rule type is ‘transport’ or ‘tunnel’. level -Verbose or normal. format -Output in screen or tab-delimited format. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: 1. If ‘all’ is specified, all rules are displayed. 2. If the type parameter is specified, 'all' needs to be specified. Examples: 1. show rule all type=transport policy=Policy1 - shows all the transport rules of the policy named Policy1. 2. show rule id=1 policy=Policy1 - shows the first rule of the policy. 3. show rule default policy=Policy1 - shows the details of the default response rule of Policy1.
11555	用法: all [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] 显示所有策略，筛选器列表和筛选器操作。 参数: 标记 值 format -以屏幕格式或制表符分隔的方式输出。 wide -如果设置为 no，名称和描述将被截断， 以适应 80 个字符的屏幕宽度。 注释: 示例: show all	Usage: all [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays all policies, filter lists, and filter actions. Parameters: Tag Value format -Output in screen or tab-delimited format. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: Examples: show all
11556	用法: gpoassignedpolicy [name = ] [ [ level = ] (verbose | normal) 显示指定的 GPO 的活动策略的详细信息。 参数: 标记 值 Name -本地 AD 组策略对象名称。 注释: 1. 如果当前 store 为 domain，则需要 name 参数， 否则是不允许的。 示例: 1. show gpoassignedpolicy name=GPO1 - 显示指定到 GPO1 的域策略 2. show gpoassignedpolicy - 显示此计算机上当前指定的策略。	Usage: gpoassignedpolicy [name = ] Displays the details of the active policy for the specified GPO. Parameters: Tag Value Name -Local AD Group policy object name. Remarks: 1. if the current store is domain, the name parameter is required, otherwise it is not allowed Examples: 1. show gpoassignedpolicy name=GPO1 - shows the assigned domain policy to GPO1. 2. show gpoassignedpolicy - shows currently assigned policy on this computer.
11557	用法: store 示例: show store	Usage: store Examples: show store
12200	将策略，筛选器和操作添加到 SPD。	Adds policy, filter, and actions to SPD.
12210	将快速模式策略添加到 SPD。	Adds a quick mode policy to SPD.
12211	将主模式策略添加到 SPD。	Adds a main mode policy to SPD.
12212	将快速模式筛选器添加到 SPD。	Adds a quick mode filter to SPD.
12213	将主模式筛选器添加到 SPD。	Adds a main mode filter to SPD.
12215	添加一个规则和相关联的筛选器到 SPD。	Adds a rule and associated filters to SPD.
12250	用法: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] 添加一个快速模式策略到 SPD。 参数: 标记 值 name -快速模式策略名称。 soft -允许与非 IPsec 的计算机进行不安全的通讯。 这可以是 yes 或 no。 pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(默认)。 qmsecmethods -IPsec 提供是下列之一: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s 其中 ConfAlg 可以是 DES 或 3DES 或 None。 其中 AuthAlg 可以是 MD5 或 SHA1 或 None。 其中 HashAlg 是 MD5 或 SHA1。 其中 k 是 lifetime(千字节)。 其中 s 是 lifetime(秒)。 注释: 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: add qmpolicy name=qmp qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"	Usage: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Adds a quick mode policy to SPD. Parameters: Tag Value name -Name of the quick mode policy. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either ‘yes’ or ‘no’. pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default). qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add qmpolicy name=qmp qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"
12251	用法: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 添加一个主模式策略到 SPD。 参数: 标记 值 name -主模式策略名称。 qmpermm -IKE 的每主模式会话的快速模式会话数目。 mmlifetime -为 IKE 的主模式重新生成密钥所需时间。 softsaexpirationtime -未保护的 SA 的过期时间(分钟)。 mmsecmethods -一个或多个由空格分隔的安全方法列表，格式 为 ConfAlg-HashAlg-GroupNum。 其中 ConfAlg 可以是 DES 或 3DES HashAlg 是 MD5 或 SHA1 GroupNum 可以是 1 (Low) 或 2 (Med) 或 3 (DH2048)。 注释: 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20 mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"	Usage: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Adds a main mode policy to SPD. Parameters: Tag Value name -Name of the main mode policy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. softsaexpirationtime -Time in minutes for an unprotected SA to expire. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum. where ConfAlg can be DES or 3DES where HashAlg can be MD5 or SHA1 GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048). Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20 mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"
12255	用法: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ mmpolicy = ] [ [ qmpolicy = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] [ [ conntype = ] (lan | dialup | all) ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname: (yes | no)" ] 添加规则。 参数: 标记 值 srcaddr - 源 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器类型。 dstaddr -目标 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器名称。 mmpolicy -主要模式策略 qmpolicy -快速模式策略 protocol -可以是 ANY, ICMP, TCP, UDP, RAW 或一个整数。 如果指定端口，则可接受的值为 TCP 或 UDP。 srcport -源端口(0 意味着任意端口) dstport -目标端口(0 意味着任意端口) mirrored -"Yes" 创建两个筛选器，每个方向一个。 conntype -连接类型 actioninbound -用于入站数据包的操作 actionoutbound -用于出站数据包的操作 srcmask -源地址掩码或 1 到 32 之间的前缀。如果 srcaddr 设置为一个 范围则不可用 dstmask -目标地址掩码或 1 到 32 之间的前缀。如果 dstaddr 设置为一个 范围则不可用 tunneldstaddress -隧道目标 IP 地址或 DNS 名称。 kerberos -如果指定 "yes" 则提供 kerberos 身份验证。 psk -使用指定的预共享密钥提供身份验证。 rootca -使用指定的根证书提供身份验证， 如果指定 certmap:Yes，则尝试映射证书， 如果指定 excludecaname:Yes，则排除 CA 名称。 说明: 1. 端口对于 TCP 和 UDP 有效。 2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY 3. actioninbound 和 actionoutbound 的默认值为 "negotiate"。 4. 对于隧道规则，必须将 "mirrored" 设置为 "no"。 5. 证书、映射和 CA 名称设置都必须放在引号中；嵌入的引号用 "\" 代替。 6. 证书映射仅对域成员有效。 7. 通过多次使用 rootca 参数可以提供多重证书。 8. 每个身份验证方法的优先级由它在命令中的顺序决定。 9. 如果未指定身份验证方法，则使用动态默认。 10. 排除根证书颁发机构(CA)名称可以防止将名称作为证书请求的一部分发送。 11. 如果指定地址范围，终结点必须是特定地址(不是列表或子网)，而且必须是 相同的类型(都应该是 v4 或 v6)。 示例: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\'Microsoft North, South, East, and West Root Authority\' certmap:yes excludecaname:no"	Usage: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ mmpolicy = ] [ [ qmpolicy = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] [ [ conntype = ] (lan | dialup | all) ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Adds a Rule. Parameters: Tag Value srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. mmpolicy -Main mode policy qmpolicy -Quick mode policy protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. If you specify a port, acceptable value is TCP or UDP. srcport -Source port(0 means any port) dstport -Destination port(0 means any port) mirrored -‘Yes' creates two filters, one in each direction. conntype -Connection type actioninbound -Action for inbound packets actionoutbound -Action for outbound packets srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range tunneldstaddress -Tunnel destination ip address or dns name. kerberos -Provides kerberos authentication if ‘yes’ is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Port valid for TCP and UDP. 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. Default for actioninbound and actionoutbound is ‘negotiate’. 4. For tunnel rules, mirrored must be set to 'no'. 5. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 6. Certificate mapping is valid only for domain members. 7. Multiple certificates can be provided by using the rootca parameter multiple times. 8. The preference of each authentication method is determined by its order in the command. 9. If no auth methods are stated, dynamic defaults are used. 10. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. 11. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Example: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no"
12300	更改 SPD 中的策略，筛选器和操作。	Modifies policy, filter, and actions in SPD.
12310	更改 SPD 中的快速模式策略。	Modifies a quick mode policy in SPD.
12311	更改 SPD 中的主模式策略。	Modifies a main mode policy in SPD.
12312	更改 SPD 中的快速模式筛选器。	Modifies a quick mode filter in SPD.
12313	更改 SPD 中的主模式筛选器。	Modifies a main mode filter in SPD.
12319	设置 IPSEC 配置和启动时间行为。	Sets the IPsec configuration and boot time behavior.
12320	修改 SPD 中的规则和相关联的筛选器。	Modifies a rule and associated filters in SPD.
12350	用法: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2... neg#n) ] 在 SPD 中更改快速模式策略。 参数: 标记 值 name -快速模式策略名称。 soft -允许与非 IPsec 的计算机进行不安全的通信。 这可以是 yes 或 no。 pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(默认)。 qmsecmethods -IPsec 提供是下列之一 ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s 其中 ConfAlg 可以是 DES，或 3DES 或 None。 其中 AuthAlg 可以是 MD5，或 SHA1 或 None。 其中 HashAlg 是 MD5 或 SHA1。 其中 k 是 lifetime(千字节)。 其中 s 是 lifetime(秒)。 注释: 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: set qmpolicy name=qmp pfsg=grp3 qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"	Usage: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Modifies a quick mode policy in SPD. Parameters: Tag Value name -Name of the quick mode policy. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either 'yes' or 'no'. pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default). qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES, or 3DES or None. where AuthAlg can be MD5, or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Example: set qmpolicy name=qmp pfsg=grp3 qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"
12351	用法: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 用新参数在 SPD 中更改主模式策略。 参数: 标记 值 name -主模式策略名称。 qmpermm -IKE 的每主模式会话的快速模式会话数目。 mmlifetime -为 IKE 的主模式重新生成密钥所需时间。 softsaexpirationtime -未保护的 SA 的过期时间(分钟)。 mmsecmethods -一个或多个空格分隔的安全方法列表，格式 为 ConfAlg-HashAlg-GroupNum。 其中 ConfAlg 可以是 DES 或 3DES, HashAlg 是 MD5 或 SHA1, GroupNum 可以是 1 (Low) 或 2 (Med) 或 3 (DH2048)。 注释: 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3	Usage: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Modifies a main mode policy with the new parameters in SPD. Parameters: Tag Value name -Name of the main mode policy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. softsaexpirationtime -Time in minutes for an unprotected SA to expire. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum, where ConfAlg can be DES or 3DES, HashAlg is MD5 or SHA1, GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048). Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Example: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3
12359	用法: config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval | ikelogging | strongcrlcheck | bootmode | bootexemptions) ] [ value = ] | | ] 配置 IPSec 的参数。 参数: 标记 值 property -属性名称。 value -与属性相对应的值。 注释: 1. 属性的有效值为: ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7 ikelogging - 0, 1 strongcrlcheck - 0, 1, 2 ipsecloginterval - 60 to 86400 sec ipsecexempt - 0, 1, 2, 3 bootmode - stateful, block, permit bootexemptions - none, "exemption#1 exemption#2 ... exemption#n" 其中引号中的字符串指定引导模式期间 始终允许的协议和端口列表，格式如下: Protocol:SrcPort:DstPort:Direction 其中 protocol 为 ICMP、TCP、UDP、 RAW 或 其中 direction 为 inbound 或 outbound 2. 提供 ipsecdiagnostics、ikelogging、ipsecloginterval、bootmod 和 bootexemptions 选项，用于向下兼容。对于 Windows Vista 及以后的 操作系统无效。 3. SrcPort 和 DstPort 仅对于 TCP 和 UDP 有效，对于其他协议， 免除格式为 Protocol:Direction。 4. 端口设置 0 允许任意端口的流量。 5. 立即激活 ikelogging 和 strongcrlcheck； 其他所有属性在下次启动时生效。 示例: 1. set config property=ipsecdiagnostics value=0 2. set config property=bootmode value=stateful 3. set config property=bootexemptions value=none 4. set config property=bootexemptions value="ICMP:inbound TCP:80:80:outbound"	Usage: config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval | ikelogging | strongcrlcheck | bootmode | bootexemptions) ] [ value = ] | | ] Configures the parameters for IPsec. Parameters: Tag Value property -Property name. value -Value that corresponds to the property. Remarks: 1. Valid values for the properties are: ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7 ikelogging - 0, 1 strongcrlcheck - 0, 1, 2 ipsecloginterval - 60 to 86400 sec ipsecexempt - 0, 1, 2, 3 bootmode - stateful, block, permit bootexemptions - none, "exemption#1 exemption#2 ... exemption#n" where the quoted string specifies a list of protocols and ports to always allow during boot mode in the following format: Protocol:SrcPort:DstPort:Direction where protocol is ICMP, TCP, UDP, RAW, or where direction is inbound or outbound 2. ipsecdiagnostics, ikelogging, ipsecloginterval, bootmode and bootexemptions options are provided for backward compatibility. Not valid for Windows Vista and later operating systems. 3. SrcPort and DstPort are only valid for TCP and UDP, with other protocols the format of the exemption is Protocol:Direction. 4. A port setting of 0 allows for traffic for any port. 5. ikelogging and strongcrlcheck are activated immediately; all other properties take effect on next boot. Examples: 1. set config property=ipsecdiagnostics value=0 2. set config property=bootmode value=stateful 3. set config property=bootexemptions value=none 4. set config property=bootexemptions value="ICMP:inbound TCP:80:80:outbound"
12360	用法: rule [ srcaddr = ] (ip | dns | server) [ dstaddr = ] (ip | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ mmpolicy = ] ] [ [ qmpolicy = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 在 SPD 中修改规则及相关的筛选器。 参数: 标记 值 srcaddr - 源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 protocol -可以是 ANY，ICMP，TCP，UDP，RAW，或一个整数。 srcport -源端口(0 表示任意端口) dstport -目标端口(0 表示任意端口) mirrored -值为 "Yes" 将创建两个筛选器，每个方向均有一个。 conntype -连接类型 srcmask -源地址掩码，或一个 1 到 32 的前缀。如果 srcaddr 设置为某一范围，则不适用。 dstmask -目标地址掩码，或一个 1 到 32 的前缀。如果 dstaddr 设置为某一范围，则不适用。 tunneldstaddress -隧道目标 ip 地址或 dns 名称。 mmpolicy -主模式策略 qmpolicy -快速模式策略 actioninbound -对入站数据包的操作 actionoutbound -对出站数据包的操作 kerberos -如果指定了‘yes’，则提供 kerberos 身份验证 psk -用指定的预共享密钥提供身份验证 rootca -用指定的根证书提供身份验证， 如果指定了 certmap:Yes，将尝试映射此证书 如果指定了 excludecaname:Yes，将排除 CA 名称 注释: 1. 可以设置 Mmpolicy、qmpolicy、actioninbound、actionoutbound 和 authmethods，其他字段是标识符。 2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY 3. 证书、映射和 CA 名称设置均以引号中引起来，内嵌的引号将替代为 “\"”。 4. 证书映射只对域成员有效。 5. 可以多次使用 rootca 参数来提供多重证书。 6. 每种身份验证方法的优先级由它在命令中的顺序来 决定。 7. 如果没有指定身份验证方法，将使用动态默认值。 8. 所有身份验证方法都将以指定的列表覆盖。 9. 排除根证书颁发机构(CA)名称可防止将名称作为证书请求的一部分 进行发送。 10. 如果指定了地址范围，终结点必须为特定地址(非列表或子网)和相同 类型的地址(两者均应为 v4 或 v6)。 示例: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32 tunneldst=192.168.145.1 proto=tcp srcport=80 dstport=80 mir=no con=lan qmp=qmp actionin=negotiate actionout=permit 2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no"	Usage: rule [ srcaddr = ] (ip | dns | server) [ dstaddr = ] (ip | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ mmpolicy = ] ] [ [ qmpolicy = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Modifies a rule and associated filters in SPD. Parameters: Tag Value srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port (0 means any port) dstport -Destination port (0 means any port) mirrored -'Yes' creates two filters, one in each direction. conntype -Connection type srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range tunneldstaddress -Tunnel destination ip address or dns name. mmpolicy -Main mode policy qmpolicy -Quick mode policy actioninbound -Action for inbound packets actionoutbound -Action for outbound packets kerberos -Provides kerberos authentication if ‘yes’ is specified psk -Provides authentication using a specified preshared key rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Mmpolicy, qmpolicy, actioninbound, actionoutbound and authmethods can be set; other fields are identifiers. 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 4. Certificate mapping is valid only for domain members. 5. Multiple certificates can be provided by using the rootca parameter multiple times. 6. The preference of each authentication method is determined by its order in the command. 7. If no auth methods are stated, dynamic defaults are used. 8. All authentication methods are overwritten with the stated list. 9. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. 10. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32 tunneldst=192.168.145.1 proto=tcp srcport=80 dstport=80 mir=no con=lan qmp=qmp actionin=negotiate actionout=permit 2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no"
12400	从 SPD 中删除策略，筛选器和操作。	Deletes policy, filter, and actions from SPD.
12410	从 SPD 中删除快速模式策略。	Deletes a quick mode policy from SPD.
12411	从 SPD 中删除主模式策略。	Deletes a main mode policy from SPD.
12414	从 SPD 中删除规则及与其相关联的筛选器。	Deletes a rule and associated filters from SPD.
12415	从 SPD 中删除所有策略，筛选器和操作。	Deletes all policies, filters, and actions from SPD.
12450	用法: qmpolicy [ name = ] | [ all ] 从 SPD 中删除快速模式策略。 如果指定了 'all'，将删除所有快速模式策略。 参数: 标记 值 name -快速模式策略名称。 备注: 要删除一个快速模式策略，必须先删除所有相关联的快速模式 筛选器。 示例: delete qmpolicy name=qmp	Usage: qmpolicy [ name = ] | [ all ] Deletes a quick mode policy from SPD. If 'all' is specified, all quick mode policies are deleted. Parameters: Tag Value name -Name of the quick mode policy. Remarks: To delete a quick mode policy, any associated quick mode filters must first be deleted. Examples: delete qmpolicy name=qmp
12451	用法: mmpolicy [ name = ] | [ all ] 从 SPD 中删除主模式策略。 如果指定了 'all'，将删除所有主模式策略。 参数: 标记 值 name -主模式策略名称。 注释: 要删除一个主模式策略，必须先删除所有相关联的主模式 筛选器。 示例: delete mmpolicy name=mmp	Usage: mmpolicy [ name = ] | [ all ] Deletes a main mode policy from SPD. If 'all' is specified, all main mode policies are deleted. Parameters: Tag Value name -Name of the main mode policy. Remarks: To delete a main mode policy, any associated main mode filters must first be deleted. Examples: delete mmpolicy name=mmp
12454	用法: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] 从 SPD 中删除规则。 参数: 标记 值 srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 protocol -可以是 ANY，ICMP，TCP，UDP，RAW，或者一个整数。 srcport -源端口。值为 0 表示任意端口。 dstport -目标端口。值为 0 表示任意端口。 mirrored -值为 "Yes" 将创建两个筛选器，每个方向均有一个。 conntype -连接类型可以是 lan、dialup 或 "all"。 srcmask -源地址掩码或 1 到 32 的前缀。 dstmask -目标地址掩码或 1 到 32 的前缀。 tunneldstaddress -隧道目标 ip 地址或 dns 名称。 注释: 1. 要指定当前计算机地址，请设置 srcaddr/dstaddr=me 要指定所有计算机地址，请设置 srcaddr/dstaddr=any 2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY 3. 如果指定了地址范围，终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。 示例: delete rule srca=192.168.145.110 dsta=192.168.145.215 tunneldsta=192.168.145.1 proto=tcp srcport=80 dstport=80 mirror=no conntype=lan	Usage: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] Deletes a rule from SPD. Parameters: Tag Value srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. mirrored -‘Yes’ creates two filters, one in each direction. conntype -Connection type can be lan, dialup or ‘all’. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. tunneldstaddress -Tunnel destination ip address or dns name. Remarks: 1. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: delete rule srca=192.168.145.110 dsta=192.168.145.215 tunneldsta=192.168.145.1 proto=tcp srcport=80 dstport=80 mirror=no conntype=lan
12455	用法: all 从 SPD 中删除所有策略，筛选器和身份验证方法。 示例: delete all	Usage: all Deletes all policies, filters, and authentication methods from SPD. Example: delete all
12500	从 SPD 中显示策略，筛选器和操作。	Displays policy, filter, and actions from SPD.
12510	显示 SPD 中的策略，筛选器，SA 和统计。	Displays policies, filters, SAs, and statistics from SPD.
12511	从 SPD 中显示主模式策略详细信息。	Displays main mode policy details from SPD.
12512	从 SPD 中显示快速模式策略详细信息。	Displays quick mode policy details from SPD.
12513	从 SPD 中显示主模式筛选器详细信息。	Displays main mode filter details from SPD.
12514	从 SPD 中显示快速模式筛选器详细信息。	Displays quick mode filter details from SPD.
12515	从 SPD 中显示 IPsec 和 IKE 统计。	Displays IPsec and IKE statistics from SPD.
12516	从 SPD 中显示主模式安全关联。	Displays main mode security associations from SPD.
12517	从 SPD 中显示快速模式安全关联。	Displays quick mode security associations from SPD.
12518	显示 IPsec 配置。	Displays IPsec configuration.
12519	显示 SPD 中的规则详细信息。	Displays rule details from SPD.
12550	用法: all [ [ resolvedns = ] (yes | no) ] 显示 SPD 中的所有策略，筛选器，SA 和统计的详细信息。 参数: 标记 值 resolvedns -值为 'yes' 显示解析的 dns 名称。 注释: resolvedns 的默认值为 'no'。 示例: show all yes -显示所有信息，包括 dns 解析	Usage: all [ [ resolvedns = ] (yes | no) ] Displays details of all policies, filters, SAs, and statistics from SPD. Parameters: Tag Value resolvedns -Value of 'yes' displays the resolved dns name. Remarks: Default value of resolvedns is ‘no’. Examples: show all yes - shows all information with dns resolution
12551	用法: mmpolicy [ name = ] | [ all ] 从 SPD 中显示主模式策略的详细信息。 参数: 标记 值 name -主模式策略名称。 注释: 如果指定了 'all'，将显示所有主模式策略。 示例: 1. show mmpolicy name=mmp 2. show mmpolicy all	Usage: mmpolicy [ name = ] | [ all ] Displays main mode policy details from SPD. Parameters: Tag Value name -Name of the main mode policy. Remarks: If 'all' is specified, all main mode policies are displayed. Examples: 1. show mmpolicy name=mmp 2. show mmpolicy all
12552	用法: qmpolicy [ name = ] | [ all ] 从 SPD 中显示快速模式策略的详细信息。 参数: 标记 值 name -快速模式策略名称。 注释: 如果指定了 'all'，将显示所有快速模式策略。 示例: 1. show qmpolicy name=qmp 2. show qmpolicy all	Usage: qmpolicy [ name = ] | [ all ] Displays quick mode policy details from SPD. Parameters: Tag Value name -Name of the quick mode policy. Remarks: If 'all' is specified, all quick mode policies are displayed. Examples: 1. show qmpolicy name=qmp 2. show qmpolicy all
12553	用法: mmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ resolvedns = ] (yes | no) ] 从 SPD 中显示主模式筛选器的详细信息。 参数: 标记 值 name | all -主模式筛选器名称，或 'all'。 type -筛选器类别。可以是 specific 或 generic。 srcaddr -源 ip 地址(ipv4 或 ipv6)，地址范围，DNS 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)，地址范围，DNS 名称或服务器类型。 srcmask -源地址掩码或 1 到 32 的前缀。 dstmask -目标地址掩码或 1 到 32 的前缀。 resolvedns -值为 'yes' 显示解析的 dns 名称。 注释: 1. 默认 type 参数为 generic。 2. 服务器类型可以是 WINS，DNS，DHCP 或 GATEWAY。 3. 如果指定了 'all'，将显示所有主模式筛选器。 4. 如果指定了源地址或目标地址，将只显示与该地址相关联的筛选器。 5. 如果指定了地址范围，终结点必须为特定地址(非列表或子网)和相同 类型地址(两者均应为 v4 或 v6)。 示例: 1. show mmfilter name=mmf 2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112	Usage: mmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ resolvedns = ] (yes | no) ] Displays main mode filter details from SPD. Parameters: Tag Value name | all -Name of the main mode filter or ‘all’. type -Type of filter to display, either specific or generic. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Default for the type parameter is ‘generic’. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If 'all' is specified, all main mode filters are displayed. 4. If source address or destination address is specified, only filters associated with that address are displayed. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show mmfilter name=mmf 2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112
12554	用法: qmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] 从 SPD 中显示快速模式筛选器的详细信息。 参数: 标记 值 name -快速模式筛选器名称。 type -要显示的筛选器类别，可以是 specific 或 generic。 srcaddr -源 IP 地址(IPV4 或 IPV6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 IP 地址(IPV4 或 IPV6)、地址范围、dns 名称或服务器类型。 srcmask -源地址掩码或 1 到 32 的前缀。 dstmask -目标地址掩码或 1 到 32 的前缀。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或一个整数。 srcport -源端口。值为零表示任意端口。 dstport -目标端口。值为零表示任意端口。 actioninbound -对入站数据包的操作。 actionoutbound -对出站数据包的操作。 resolvedns -值为 "yes" 显示解析的 dns 名称。 注释: 1. 如果未指定类别，则显示 "generic" 和 "specific" 筛选器。 2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。 3. 如果指定了地址范围，终结点必须为特定地址(非列表或子网)和相同 类型地址(两者均应为 v4 或 v6)。 示例: 1. 显示 qmfilter name=qmf 2. 显示 qmfilter all srcaddr=192.134.135.133 proto=TCP 3. 如果指定 "all"，则将显示所有快速模式筛选器。 4. 如果指定源或目标地址名称， 则将只显示与该地址相关联的筛选器。	Usage: qmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] Displays quick mode filter details from SPD. Parameters: Tag Value name -Name of the quick mode filter. type -Type of filter to display, either specific or generic. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. actioninbound -Action for inbound packets. actionoutbound -Action for outbound packets. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. If the type is not specified then both ‘generic’ and ‘specific’ filters are displayed. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show qmfilter name=qmf 2. show qmfilter all srcaddr=192.134.135.133 proto=TCP 3. If 'all' is specified, all quick mode filters are displayed. 4. If source or destination address name is specified, only filters associated with that address are displayed.
12555	用法: stats [ [type =] (all | ike | ipsec) ] 显示 IPsec 和 IKE 统计的详细信息。 参数: 标记 值 type -ipsec 或 ike 或 all，all 两者都显示(IPsec 和 IKE) 注释: 示例: 1. show stats all 2. show stats type=ipsec	Usage: stats [ [type =] (all | ike | ipsec) ] Displays details of IPsec and IKE statistics. Parameters: Tag Value type -ipsec, ike, or all (which displays both ipsec and ike) Remarks: Examples: 1. show stats all 2. show stats type=ipsec
12556	用法: mmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] 显示指定地址的主模式安全关联。 参数: 标记 值 all -显示所有主模式安全关联。 srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 format -以屏幕格式或制表符分隔的方式输出。 resolvedns -值为 "yes" 显示解析的 dns 名称。 注释: 1. 服务器类型可以是 WINS，DNS，DHCP 或 GATEWAY。 2. 如果指定了地址范围，终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。\ 示例: 1. show mmsas all 2. show mmsas srca=192.168.145.110 dsta=192.168.145 .215	Usage: mmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] Displays the main mode security associations for a specified address. Parameters: Tag Value all -Display all main mode security associations. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type. format -Output in screen or tab-delimited format. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY. 2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\ Examples: 1. show mmsas all 2. show mmsas srca=192.168.145.110 dsta=192.168.145 .215
12557	用法: qmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] 显示指定地址的快速模式安全关联。 参数: 标记 值 all -显示所有快速模式安全关联。 srcaddr -源 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器类型。 dstaddr -目标 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器类型。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或一个整数。 format -屏幕中的输出或制表符分隔格式。 resolvedns -值 "yes" 显示解析的 DNS 名称。 说明: 1. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。 2. 如果指定地址范围，终结点必须是特定地址(不是列表或子网)， 而且必须是相同的类型(都应该是 v4 或 v6)。 示例: 1. show qmsas all 2. show qmsas srca=192.168.145.110 dsta=192.168.145.215	Usage: qmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] Displays the quick mode security associations for a specified address. Parameters: Tag Value all -Displays all quick mode security associations. srcaddr -Source ip address(ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. format -Output in screen or tab-delimited format. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY. 2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show qmsas all 2. show qmsas srca=192.168.145.110 dsta=192.168.145.215
12558	用法: config 显示 IPsec 配置参数的当前设置。 注释: 示例: show config	Usage: config Displays current settings of IPsec configuration parameters. Remarks: Example: show config
12559	用法: rule [ [ type = ] (transport | tunnel) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] 显示 SPD 中的规则详细信息。 参数: 标记 值 type -要显示的规则类型，可以是 transport 或 tunnel。 srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 srcmask -源地址掩码或一个 1 到 32 的前缀。 dstmask -目标地址掩码或一个 1 到 32 的前缀。 protocol -可以是 ANY，ICMP，TCP，UDP，RAW 或一个整数。 srcport -源端口。值为零表示任意端口。 dstport -目标端口。值为零表示任意端口。 actioninbound -对入站数据包的操作。 actionoutbound -对出站数据包的操作。 resolvedns -值为 "yes" 显示解析的 dns 名称。 注释: 1. type 参数的默认值为 "transport"。 2. 服务器类型可以是 WINS，DNS，DHCP 或 GATEWAY。 3. 如果指定了源或目标地址名称，将只显示与该地址相关联的规则。 4. 如果指定了地址范围，终结点必须为特定地址(非列表或子网)和相同类型 地址(两者均应为 v4 或 v6)。 示例: 1. show rule - shows both transport and tunnel rules 2. show rule type=transport srcaddr=192.134.135.133 proto=TCP	Usage: rule [ [ type = ] (transport | tunnel) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] Displays rule details from SPD. Parameters: Tag Value type -Type of rule to display, either transport or tunnel. srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. actioninbound -Action for inbound packets. actionoutbound -Action for outbound packets. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Default for the type parameter is ‘transport’. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If source or destination address name is specified, only rules associated with that address are displayed. 4. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show rule - shows both transport and tunnel rules 2. show rule type=transport srcaddr=192.134.135.133 proto=TCP
13001	策略数目 : %1!d!	No. of policies : %1!d!
13002	存储 : 本地存储	Store : Local Store
13006	存储 : 域存储	Store : Domain Store
13012	远程计算机	Remote Machine
13013	本地计算机	Local Machine
13014	远程域	Remote Domain
13015	本地域	Local Domain
13016	本地计算机	Local Machine
13017	本地域	Local Domain
13100	策略名称 : %1!s!	Policy Name : %1!s!
13304	规则 ID : %1!d!, GUID = %2!s!	Rule ID : %1!d!, GUID = %2!s!
13305	筛选器列表名称 : %1!s!	FilterList Name : %1!s!
13306	筛选器列表名称 : 无	FilterList Name : NONE
13602	策略名称 : %1!s!	Policy Name : %1!s!
13603	描述 : %1!s!	Description : %1!s!
13604	描述 : 无	Description : NONE
13605	已分配 : 是	Assigned : YES
13606	已分配 : 否	Assigned : NO
13607	主 PFS : 是	Master PFS : YES
13608	主 PFS : 否	Master PFS : NO
13609	轮询间隔 : %1!d! 分钟	Polling Interval : %1!d! minutes
13610	规则数目 : %1!d!	No. of Rules : %1!d!
13611	规则详细信息	Rule Details
13612	------------	------------
13615	已分配 : 是，但是被 AD 策略覆盖	Assigned : YES but AD Policy Overrides
13700	规则名称 : %1!s!	Rule Name : %1!s!
13701	规则名称 : 无	Rule Name : NONE
13705	身份验证方法(%1!d!)	Authentication Methods(%1!d!)
13708	隧道目标 IP 地址:	Tunnel Dest IP Address :
13709	连接类型 : 全部	Connection Type : ALL
13710	连接类型 : LAN	Connection Type : LAN
13711	连接类型 : 拨号	Connection Type : DIAL UP
13712	连接类型 : 无	Connection Type : NONE
13713	筛选器列表详细信息	FilterList Details
13714	------------------	------------------
13715	在默认响应规则中没有筛选器列表	No FilterList exists in Default Response Rule
13716	筛选器操作详细信息	FilterAction Details
13717	---------------------	---------------------
13734	传输规则数目 : %1!d!	No of Transport rule(s): %1!d!
13735	隧道规则数目 : %1!d!	No of Tunnel rule(s) : %1!d!
13736	已激活 : 是	Activated : YES
13737	已激活 : 否	Activated : NO
13738	已激活 : YES Windows Vista 和 Windows 的更新版本不支持默认响应规则。该策略无效。	Activated : YES Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
13800	筛选器操作名称 : %1!s!	FilterAction Name : %1!s!
13801	筛选器操作名称 : 无	FilterAction Name : NONE
13802	操作 : 允许	Action : PERMIT
13803	操作 : 阻止	Action : BLOCK
13804	操作 : 协商安全	Action : NEGOTIATE SECURITY
13805	AllowUnsecure(Fallback): 是	AllowUnsecure(Fallback): YES
13806	AllowUnsecure(Fallback): 否	AllowUnsecure(Fallback): NO
13807	入站通过 : 是	Inbound Passthrough : YES
13808	入站通过 : 否	Inbound Passthrough : NO
13809	安全方法数目 : %1!d!	No. of Security.Methods: %1!d!
13812	AH ESP LIFE (Sec/kB)	AH ESP LIFE (Sec/kB)
13813	-- --- -------------	-- --- -------------
13815	QMPFS : 是	QMPFS : YES
13816	QMPFS : 否	QMPFS : NO
14200	KERBEROS	KERBEROS
14201	根 CA : %1!s!	Root CA : %1!s!
14202	预共享密钥 : %1!s!	Preshared Key : %1!s!
14203	无	NONE
14300	筛选器列表名称 : %1!s!	FilterList Name : %1!s!
14301	筛选器列表名称 : 无	FilterList Name : NONE
14302	筛选器数目 : %1!d!	No. of Filters : %1!d!
14304	筛选器	Filter(s)
14305	---------	---------
14308	GUID : %1!s!	GUID : %1!s!
14309	上次修改时间 : %1!s!	Last Modified : %1!s!
14500	源 DNS 名称 :	Source DNS Name :
14501	源 DNS 名称 : %1!s!	Source DNS Name : %1!s!
14505	源 DNS 名称 : 无	Source DNS Name : NONE
14506	目标 DNS 名称 :	Destination DNS Name :
14507	目标 DNS 名称 : %1!s!	Destination DNS Name : %1!s!
14511	目标 DNS 名称 : 无	Destination DNS Name : NONE
14512	已镜像 : 是	Mirrored : YES
14513	已镜像 : 否	Mirrored : NO
14514	源 DNS 名称 : %1!s! 解析为	Source DNS Name : %1!s! resolves to
14515	目标 DNS 名称 : %1!s! 解析为	Destination DNS Name : %1!s! resolves to
14516	源 DNS 名称 :	Source DNS Name :
14517	源 DNS 名称 :	Source DNS Name :
14520	目标 DNS 名称 :	Destination DNS Name :
14521	目标 DNS 名称 :	Destination DNS Name :
14522	目标 DNS 名称 :	Destination DNS Name :
14526	%1!-15s!	%1!-15s!
14527	%1!s!	%1!s!
14528	%1!s!	%1!s!
14529
14530	,	,
14531	...	...
14600	源 IP 地址 :	Source IP Address :
14602	源 IP 地址 :	Source IP Address :
14603	源掩码 :	Source Mask :
14604	目标 IP 地址 :	Destination IP Address :
14606	目标 IP 地址 :	Destination IP Address :
14607	目标掩码 :	Destination Mask :
14608	源端口 : %1!d!	Source Port : %1!d!
14609	源端口 : 任何	Source Port : ANY
14610	目标端口 : %1!d!	Destination Port : %1!d!
14611	目标端口 : 任何	Destination Port : ANY
14615	解析为 %1!s!	resolves to %1!s!
14617	源 IP 地址 :	Source IP Address :
14618	源 IP 地址 :	Source IP Address :
14620	源 IP 地址 :	Source IP Address :
14621	目标 IP 地址 :	Destination IP Address :
14622	目标 IP 地址 :	Destination IP Address :
14623	目标 IP 地址 :	Destination IP Address :
14624	目标 IP 地址 :	Destination IP Address :
14625	源端口范围 : %1!d!-%2!d!	Source Port Range : %1!d!-%2!d!
14626	目标端口范围 : %1!d!-%2!d!	Destination Port Range : %1!d!-%2!d!
14700	协议 : ICMP	Protocol : ICMP
14701	协议 : TCP	Protocol : TCP
14703	协议 : UDP	Protocol : UDP
14708	协议 : RAW	Protocol : RAW
14709	协议 : ANY	Protocol : ANY
14710	协议 : %1!d!	Protocol : %1!d!
14802	主模式安全方法顺序	Main Mode Security Method Order
14803	主模式生存时间 : %1!d! 分钟 / %2!d! 快速模式会话	MainMode LifeTime : %1!d! minutes / %2!d! Quick Mode sessions
14804	加密 集成 DH 组	Encryption Integrity DH Group
14805	---------- --------- --------	---------- --------- --------
14900	DES	DES
14901	3DES	3DES
14902	SHA1	SHA1
14903	MD5	MD5
14904	低(1)	Low(1)
14905	中(2)	Medium(2)
14906	2048	2048
15001	源计算机 : 的本地计算机 GPO	Source Machine : Local Computer GPO for
15002	源域 : %1!s!	Source Domain : %1!s!
15003	DC 名称 : %1!s!	DC Name : %1!s!
15004	GPO 名称 : %1!s!	GPO Name : %1!s!
15005	本地 IPsec 策略名称 : %1!s!	Local IPsec Policy Name : %1!s!
15006	AD IPsec 策略名称 : %1!s!	AD IPsec Policy Name : %1!s!
15007	GPO DN : %1!s!	GPO DN : %1!s!
15008	GPO OU 链接 : %1!s!	GPO OU Link : %1!s!
15009	AD 策略 DN : %1!s!	AD Policy DN : %1!s!
15010	本地 IPsec 策略分配 : 是，但是 AD 策略正在覆盖	Local IPsec Policy Assigned: Yes, but AD Policy is Overriding
15011	本地 IPsec 策略 DN : %1!s!	Local IPsec Policy DN : %1!s!
15016	本地 IPsec 策略名称 : 无	Local IPsec Policy Name : NONE
15017	AD IPsec 策略名称 : 无	AD IPsec Policy Name : NONE
15018	IPsec 策略名称 : %1!s!	IPsec Policy Name : %1!s!
15019	IPsec 策略 DN : %1!s!	IPsec Policy DN : %1!s!
15020	IPsec 策略分配 : 是	IPsec Policy Assigned : YES
15021	排除 CA 名称 : 是	Exclude CA name : YES
15022	排除 CA 名称 : 否	Exclude CA name : NO
15023	启用证书映射 : 是	Certmapping enabled : YES
15024	启用证书映射 : 否	Certmapping enabled : NO
16001	策略数目 %1!d!	No. of policies %1!d!
16003	存储 本地存储	Store Local Store
16007	存储 域存储	Store Domain Store
16010	存储 本地存储	Store Local Store
16011	存储 域存储	Store Domain Store
16013	证书到帐户的映射 是	Cert To Account Mapping YES
16014	证书到帐户的映射 否	Cert To Account Mapping NO
16100	策略名称 %1!s!	Policy Name %1!s!
16101	规则名称 %1!s!	Rule Name %1!s!
16303	没有指定策略名称	No Policy Name Specified
16304	规则 ID %1!d!, GUID = %2!s!	Rule ID %1!d!, GUID = %2!s!
16306	%1!-23s!	%1!-23s!
16602	策略名称 %1!s!	Policy Name %1!s!
16603	描述 %1!s!	Description %1!s!
16604	描述 无	Description NONE
16605	已分配 是	Assigned YES
16606	已分配 否	Assigned NO
16607	主 PFS 是	Master PFS YES
16608	主 PFS 否	Master PFS NO
16609	轮询间隔 %1!d! 分钟	Polling Interval %1!d! minutes
16610	规则数目 %1!d!	No. of Rules %1!d!
16611	规则详细信息	Rule Details
16613	已分配 是，但是被 AD 策略覆盖	Assigned YES but AD Policy Overrides
16614	规则名称 规则 上次更改时间 分配	Policy Name Rules LastModified Assign
16615	%1!-32s!	%1!-32s!
16616	YES 但是被 AD 策略覆盖	YES but AD Policy Overrides
16617	是	YES
16618	否	NO
16619	---------- ----- ------------ ------	---------- ----- ------------ ------
16620	策略名称 规则 上次更改时间	Policy Name Rules LastModified
16621	----------- ----- ------------	----------- ----- ------------
16700	规则名称 : %1!s!	Rule Name %1!s!
16701	规则名称 无	Rule Name NONE
16705	已启用 筛选器列表 筛选器操作 身份验证	Enabled FilterList FilterAction Authentication
16706	------- ---------- ------------ --------------	------- ---------- ------------ --------------
16707	隧道目标 IP 地址 无	Tunnel Dest IP Address NONE
16708	隧道目标 IP 地址	Tunnel Dest IP Address
16709	连接类型 所有	Connection Type ALL
16710	连接类型 LAN	Connection Type LAN
16711	连接类型 拨号	Connection Type DIAL UP
16712	连接类型 未知	Connection Type UNKNOWN
16716	筛选器操作详细信息	FilterAction Details
16717	--------------------	--------------------
16718	已激活 是	Activated YES
16719	已激活 否	Activated NO
16721	是	YES
16722	否	NO
16724	无	NONE
16728	Kerb	Kerb
16729	Cert	Cert
16730	Pre	Pre
16734	传输规则数目 %1!d!	No of Transport rule(s) %1!d!
16735	隧道数目 %1!d!	No of Tunnel rule(s) %1!d!
16737	已启用 筛选器列表 筛选器操作 隧道终结点	Enabled FilterList FilterAction TunnelEndPoint
16738	------- ---------- ------------ --------------	------- ---------- ------------ --------------
16739	YES Windows Vista 和 Windows 的更新版本不支持默认响应规则。该策略无效。	YES Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
16740	已激活 YES Windows Vista 和 Windows 的更新版本不支持默认响应规则。该策略无效。	Activated YES Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
16800	筛选器操作名称 %1!s!	FilterAction Name %1!s!
16801	筛选器操作名称 无	FilterAction Name NONE
16802	操作 允许	Action PERMIT
16803	操作 阻止	Action BLOCK
16804	操作 协商安全	Action NEGOTIATE SECURITY
16805	入站通过 是	InBound PassThrough YES
16806	入站通过 否	InBound PassThrough NO
16807	AllowUnSecure(Fallback) 是	AllowUnSecure(Fallback) YES
16808	AllowUnSecure(Fallback) 否	AllowUnSecure(Fallback) NO
16810	安全方法	Security Methods
16812	AH ESP 秒 千字节	AH ESP Seconds kBytes
16813	-- --- ------- ------	-- --- ------- ------
16814	QMPFS 是	QMPFS YES
16815	QMPFS 否	QMPFS NO
16816	筛选器操作名称 操作 上次更改时间	FilterAction Name Action Last Modified
16817	----------------- ------ -------------	----------------- ------ -------------
16818	%1!-38s!	%1!-38s!
16820	允许	PERMIT
16821	阻止	BLOCK
16822	协商	NEGOTIATE
16824	%1!-23s!	%1!-23s!
17000	[MD5 ]	[MD5 ]
17001	[SHA1]	[SHA1]
17002	[无]	[NONE]
17003	[无 , 无]	[NONE , NONE]
17007	[MD5 ,	[MD5 ,
17008	[SHA1 ,	[SHA1 ,
17009	[无 ,	[NONE ,
17010	DES ]	DES ]
17011	3DES]	3DES]
17012	无]	NONE]
17100	%1!6u! %2!10u!	%1!6u! %2!10u!
17201	根 CA %1!s!	ROOT CA %1!s!
17202	预共享密钥 %1!s!	PRESHARED Key %1!s!
17300	筛选器列表名称 %1!s!	FilterList Name %1!s!
17301	筛选器列表名称 无	FilterList Name NONE
17306	筛选器列表名称 筛选器 上次更改时间	FilterList Name Filters Last Modified
17307	--------------- ------- -------------	--------------- ------- -------------
17308	GUID %1!s!	GUID %1!s!
17309	上次更改时间 %1!s!	Last Modified %1!s!
17310	筛选器数目 %1!d!	No. of Filters %1!d!
17501	%1!-45s!	%1!-45s!
17508	%1!5d!	%1!5d!
17512	是	YES
17513	否	NO
17514	Mir Source SrcMask Destination DstMask Proto SrcPort DstPort	Mir Source SrcMask Destination DstMask Proto SrcPort DstPort
17515	--- ------------- ------------- ------------- ------------- ------- ------- -------	--- ------------- ------------- ------------- ------------- ------- ------- -------
17600
17608	%1!3d!	%1!3d!
17609	任何	ANY
17610	%1!3d!	%1!3d!
17611	任何	ANY
17612	DNS SERVER	DNS SERVER
17613	WINS SERVER	WINS SERVER
17614	DHCP SERVER	DHCP SERVER
17615	DEFAULT GATEWAY	DEFAULT GATEWAY
17616	%1!3d!-%2!3d!	%1!3d!-%2!3d!
17617	%1!3d!-%2!3d!	%1!3d!-%2!3d!
17700	ICMP	ICMP
17701	TCP	TCP
17703	UDP	UDP
17708	RAW	RAW
17709	ANY	ANY
17710	OTHER	OTHER
17803	主模式生存时间 %1!d! 分钟 / %2!d! 快速模式会话	MainMode LifeTime %1!d! minutes / %2!d! Quick mode sessions
17804	加密 集成 DH 组	Encryption Integrity DH Group
17805	---------- --------- --------	---------- --------- --------
17900	DES	DES
17901	3DES	3DES
18000	独立筛选器操作	Stand Alone FilterAction(s)
18001	---------------------------	---------------------------
18004	独立筛选器操作数目 %1!d!	No. of Standalone FilterActions %1!d!
18100	独立筛选器操作	Stand Alone FilterList(s)
18101	-------------------------	-------------------------
18104	独立筛选器列表数目 %1!d!	No. of Standalone FilterLists %1!d!
18200	筛选器列表数目 %1!d!	No. of FilterLists %1!d!
18204	筛选器列表数目 : %1!d!	No. of FilterLists : %1!d!
18300	筛选器操作数目 %1!d!	No. of FilterActions %1!d!
18304	筛选器操作数目 : %1!d!	No. of FilterActions : %1!d!
18500	策略 '%1!s!' 是活动的。你仍然想删除它吗? (Y/N)	The policy '%1!s!' is ACTIVE. Still would you like to delete? (Y/N)
18503	你想删除所有与此策略相关联的筛选器列表和筛选器操作吗 ? (Y/N)	Would you like to delete all the Filter List(s) and Filter Action(s) associated with the policy ? (Y/N)
18602	删除所有筛选器列表，从	Delete all the Filter Lists from
18603	? (Y/N)	? (Y/N)
18652	删除所有筛选器操作，从	Delete all the Filter Actions from
18706	你想删除所有与此规则相关联的筛选器列表和筛选器操作吗 ? (Y/N)	Would you like to delete both the Filter List and Filter Action associated with the rule(s)? (Y/N)
18750	你是否确定要删除所有策略，从	Are you sure to delete all policies from
18780	下列策略/规则正在使用它	Following policies/rule(s) are using it
18781	---------------------------------------	---------------------------------------
18782	规则名称 : %1!s!	Rule Name : %1!s!
18783	规则名称 : 无	Rule Name : NONE
18794	Life 应该在 %1!d! 到 %2!d! 千字节之间	Life should be within %1!d! and %2!d! kBytes
18802	成功创建并更新了新策略	New Policy is created and updated successfully
18805	正在用名称 '%1!s!' 创建新策略...	Creating new Policy with name '%1!s!'...
18806	正在用名称 '%1!s!' 创建新策略，并且设置它为 '%2!s!'...	Creating new Policy with name '%1!s!' and setting it to '%2!s!'...
18840	目标 IP 地址被认为是“本机”地址	Destination IP address has been taken as 'me'
18841	源 IP 地址被认为是“本机”地址	Source IP address has been taken as 'me'
18848	成功创建并更新新规则	New Rule was created and updated successfully
18849	正在创建新规则，名称为 '%1!s!' ...	Creating new Rule with name '%1!s!' ...
18855	正在创建名为 '%1!s!' 的新规则，并将它设置为 '%2!s!' ...	Creating new Rule with name '%1!s!' and setting it to '%2!s!' ...
18856	不能对隧道终结点指定服务器地址类型、地址类型 ME 或 ANY 或地址范围	Server address types, address types ME or ANY, or address ranges cannot be specified for tunnel endpoint.
18861	你想创建一个新策略吗? (Y/N)	Would you like to create a new policy? (Y/N)
18868	证书到帐户的映射只能在 Active Directory 域成员上启用。此选项将被忽略。	Certificate-to-account mapping can only be enabled on Active Directory domain members. The option will be ignored.
18869	证书到帐户的映射 : 是	Cert To Account Mapping: YES
18870	证书到帐户的映射 : 否	Cert To Account Mapping: NO
18871	如果存储是域，并且指定了分配，GPO 名称将被忽略	If store is domain and assign is specified, GPO name is required
18872	如果指定了 GPO 名称，则你必须在域策略存储上操作。	If GPO name is specified, then you must be operating on a domain policy store.
18893	你要创建一个新规则吗? (Y/N)	Would you like to create a new Rule? (Y/N)
19002	IKE MM 策略名称 : %1!s!	IKE MM Policy Name : %1!s!
19018	IKE 软件 SA 生存时间 : %1!u! 秒	IKE Soft SA Lifetime : %1!u! secs
19023	[%1!S!]	[%1!S!]
19025	'Netsh ipsec' 上下文与目标计算机不兼容。	The 'Netsh ipsec' context is not compatible with the target machine.
19102	主模式策略不可用。	Mainmode Policies not available.
19104	指定的主模式策略不可用。	Specified Mainmode Policy not available
19106	Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM	Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM
19107	---------- --------- ---- ------------------ ---------------	---------- --------- ---- ------------------ ---------------
19121	DES	DES
19122	未知	UNKNOWN
19123	3DES	3DES
19129	%1!-5lu! %2!lu!:%3!lu! %4!-10lu!	%1!-5lu! %2!lu!:%3!lu! %4!-10lu!
19130	%1!-5lu! %2!lu!:%3!lu! 1 (MMPFS)	%1!-5lu! %2!lu!:%3!lu! 1 (MMPFS)
19153	快速模式策略不可用。	Quickmode Policies not available.
19155	指定的快速模式策略不可用。	Specified Quickmode Policy not available
19156	QM 协商策略名称 : %1!s!	QM Negotiation Policy Name : %1!s!
19158	安全方法 生存时间 (Kb:secs) PFS DH 组	Security Methods Lifetime (Kb:secs) PFS DH Group
19159	------------------------- --------------------- ------------	------------------------- --------------------- ------------
19165	AH[MD5]	AH[MD5]
19166	AH[SHA1]	AH[SHA1]
19167	AH[NONE]	AH[NONE]
19168	ESP[ DES,	ESP[ DES,
19169	ESP[ ERR,	ESP[ ERR,
19170	ESP[3DES,	ESP[3DES,
19171	ESP[NONE,	ESP[NONE,
19172	MD5]	MD5]
19173	SHA1]	SHA1]
19174	NONE]	NONE]
19176	低 (1)	Low (1)
19178	%1!10lu!:%2!-10lu!	%1!10lu!:%2!-10lu!
19179	主模式已派生	Main Mode Derived
19180	高(2048)	High (2048)
19181	AH[ERR]	AH[ERR]
19182	ERR]	ERR]
19183	ERROR	ERROR
19192	+	+
19193	中 (2)	Medium (2)
19198	筛选器名称 : %1!s!	Filter name : %1!s!
19200	普通主模式筛选器不可用。	Generic Mainmode Filters not available.
19201	特定主模式筛选器不可用。	Specific Mainmode Filters not available.
19202	指定的主模式筛选器不可用。	Specified Mainmode Filter not available.
19203	主模式筛选器:	Main Mode Filters:
19204	普通	Generic
19205	-------------------------------------------------------------------------------	-------------------------------------------------------------------------------
19206	特定	Specific
19207	出站	Outbound
19208	入站	Inbound
19209	权重 : %1!d!	Weight : %1!d!
19210	%1!d! 普通筛选器	%1!d! Generic Filter(s)
19211	%1!d! 特定出站筛选器	%1!d! Specific Outbound Filter(s)
19212	%1!d! 特定入站筛选器	%1!d! Specific Inbound Filter(s)
19219	所有	ALL
19220	LAN	LAN
19221	拨号	DIALUP
19236	连接类型 :	Connection Type :
19237	身份验证方法 :	Authentication Methods :
19238	预共享密钥	Preshared key
19240	Kerberos	Kerberos
19241	安全方法 :	Security Methods :
19242	%1!d!	%1!d!
19243	(默认)	(default)
19244	无/	NONE/
19245	DES/	DES/
19246	未知/	UNKNOWN/
19247	3DES/	3DES/
19249	MD5/	MD5/
19250	SHA1/	SHA1/
19251	DH%1!lu!/%2!lu!/QMlimit=%3!lu!	DH%1!lu!/%2!lu!/QMlimit=%3!lu!
19265	普通快速模式筛选器不可用。	Generic Quickmode Filters not available.
19266	特定快速模式筛选器不可用。	Specific Quickmode Filters not available.
19267	指定的快速模式筛选器不可用。	Specified Quickmode Filter not available.
19268	快速模式筛选器(传输):	Quick Mode Filters(Transport):
19269	传输规则	Transport Rules
19270	隧道规则	Tunnel Rules
19271	MM 筛选器名称 : %1!s!	MM Filter Name : %1!s!
19272	QM 筛选器名称 : %1!s!	QM Filter Name : %1!s!
19273	主模式策略 : %1!s!	Main Mode Policy : %1!s!
19274	%1!d! 传输筛选器	%1!d! Transport Filter(s)
19275	%1!d! 隧道筛选器	%1!d! Tunnel Filter(s)
19276	快速模式筛选器(隧道):	Quick Mode Filters(Tunnel):
19278	规则不可用。	Rules not available.
19280	入站操作 : 通过	Inbound Action : Passthru
19281	入站操作 : 协商	Inbound Action : Negotiate
19282	入站操作 : 阻止	Inbound Action : Blocking
19283	入站操作 : 未知	Inbound Action : Unknown
19284	出站操作 : 通过	Outbound Action : Passthru
19285	出站操作 : 协商	Outbound Action : Negotiate
19286	出站操作 : 阻止	Outbound Action : Blocking
19287	出站操作 : 未知	Outbound Action : Unknown
19292	%1!-5lu!	%1!-5lu!
19293	隧道源 :	Tunnel Source :
19294	隧道目标 :	Tunnel Destination :
19295	源端口: %1!-4lu! 目标端口: %2!-4lu!	Src Port: %1!-4lu! Dest Port: %2!-4lu!
19296	已镜像 : 是	Mirrored : yes
19297	已镜像 : 否	Mirrored : no
19298	快速模式策略 : %1!s!	Quick Mode Policy : %1!s!
19299	协议 :	Protocol :
19300	IKE 统计	IKE Statistics
19301	--------	--------------
19302	IKEStatistics 不可用。	IKEStatistics not available.
19303	主模式 : %1!S!	Main Modes : %1!S!
19304	快速模式 : %1!S!	Quick Modes : %1!S!
19305	软 SA : %1!S!	Soft SAs : %1!S!
19306	身份验证失败 : %1!S!	Authentication Failures : %1!S!
19307	活动捕获 : %1!S!	Active Acquire : %1!S!
19308	活动接收 : %1!S!	Active Receive : %1!S!
19309	捕获失败 : %1!S!	Acquire fail : %1!S!
19310	接收失败 : %1!S!	Receive fail : %1!S!
19311	发送失败 : %1!S!	Send fail : %1!S!
19312	捕获堆大小 : %1!S!	Acquire Heap size : %1!S!
19313	接收堆大小 : %1!S!	Receive Heap size : %1!S!
19314	协商失败 : %1!S!	Negotiation Failures : %1!S!
19315	接收到无效的 Cookie : %1!S!	Invalid Cookies Rcvd : %1!S!
19316	总共捕获 : %1!S!	Total Acquire : %1!S!
19317	TotalGetSpi : %1!S!	TotalGetSpi : %1!S!
19318	TotalKeyAdd : %1!S!	TotalKeyAdd : %1!S!
19319	TotalKeyUpdate : %1!S!	TotalKeyUpdate : %1!S!
19320	GetSpiFail : %1!S!	GetSpiFail : %1!S!
19321	KeyAddFail : %1!S!	KeyAddFail : %1!S!
19322	KeyUpdateFail : %1!S!	KeyUpdateFail : %1!S!
19323	IsadbListSize : %1!S!	IsadbListSize : %1!S!
19324	ConnListSize : %1!S!	ConnListSize : %1!S!
19325	接收到无效数据包 : %1!S!	Invalid Packets Rcvd : %1!S!
19326	IPsec 统计	IPsec Statistics
19327	----------------	----------------
19328	IPsecStatistics 不可用。	IPsecStatistics not available.
19329	活动关联 : %1!S!	Active Assoc : %1!S!
19330	卸载 SA : %1!S!	Offload SAs : %1!S!
19331	挂起的密钥 : %1!S!	Pending Key : %1!S!
19332	密钥添加 : %1!S!	Key Adds : %1!S!
19333	密钥删除 : %1!S!	Key Deletes : %1!S!
19334	重新生成密钥 : %1!S!	ReKeys : %1!S!
19335	活动隧道 : %1!S!	Active Tunnels : %1!S!
19336	错误的 SPI 数据包 : %1!S!	Bad SPI Pkts : %1!S!
19337	没有解密的数据包 : %1!S!	Pkts not Decrypted : %1!S!
19338	未验证的数据包 : %1!S!	Pkts not Authenticated : %1!S!
19339	有重放检测的数据包 : %1!S!	Pkts with Replay Detection : %1!S!
19340	发送的机密字节 : %1!S!	Confidential Bytes Sent : %1!S!
19341	接收的机密字节 : %1!S!	Confidential Bytes Received : %1!S!
19342	发送的经过验证的字节 : %1!S!	Authenticated Bytes Sent : %1!S!
19343	接收的经过验证的字节 : %1!S!	Authenticated Bytes Received: %1!S!
19344	发送的传输字节 : %1!S!	Transport Bytes Sent : %1!S!
19345	接收的传输字节 : %1!S!	Transport Bytes Received : %1!S!
19346	发送的卸载字节 : %1!S!	Offloaded Bytes Sent : %1!S!
19347	接收的卸载字节 : %1!S!	Offloaded Bytes Received : %1!S!
19348	在隧道中发送的字节 : %1!S!	Bytes Sent In Tunnels : %1!S!
19349	在隧道中接收的字节 : %1!S!	Bytes Received In Tunnels : %1!S!
19350	Cookie 对 :	Cookie Pair :
19351	%1!02x!	%1!02x!
19352	安全方法 :	Sec Methods :
19359	/%1!d!/%2!d!	/%1!d!/%2!d!
19360	身份验证方法 :	Auth Mode :
19361	预共享密钥	Preshared Key
19362	DSS 签名	DSS Signature
19363	RSA 签名	RSA Signature
19364	RSA 加密	RSA Encryption
19365	Kerberos	Kerberos
19366	源 :	Source :
19367	，端口 %1!d!	, port %1!d!
19368	ID :	ID :
19369	ID : %1!s!	ID : %1!s!
19370	目标 :	Destination :
19371	目标 安全方法	Destination SecurityMethods
19372	时间/日期已创建	Date/Time Created
19373	-------------------------------------------------------- ----------------------	-------------------------------------------------------- ----------------------
19374	[ID:%1!-35s!]	[ID:%1!-35s!]
19375	DNS: %1!-51S!	DNS: %1!-51S!
19377	发证 CA :%1!s!	Issuing CA :%1!s!
19378	指纹 :	Thumbprint :
19380	:	:
19381	/	/
19382	19383 根 CA : %1!s!	19383 Root CA : %1!s!
19384	%S	%S
19385	(	(
19386	)	)
19387	根 CA : %1!s!	Root CA : %1!s!
19397	IPsec 主模式安全关联不可用。	IPsec MainMode Security Associations not available.
19398	IKE 主模式 SA 在 %1!s!	IKE Main Mode SAs at %1!s!
19400	指定的主模式安全关联不可用。	Specified MainMode Security Associations not available.
19401	快速模式 SA	Quick Mode SAs
19402	------------	--------------
19403	IPsec 快速模式安全关联不可用。	IPsec QuickMode Security Associations not available.
19404	指定的快速模式安全关联不可用。	Specified QuickMode Security Associations not available.
19410	传输筛选器	Transport Filter
19411	隧道筛选器	Tunnel Filter
19412	未知	Unknown
19413	策略名称 : %1!s!	Policy Name : %1!s!
19414	源地址 :	Source Address :
19415	目标地址 :	Destination Address :
19416	协议 : %1!lu!	Protocol : %1!lu!
19417	源端口 : %1!u!	Source Port : %1!u!
19418	目标端口 : %1!u!	Destination Port : %1!u!
19419	方向 : 入站	Direction : Inbound
19420	方向 : 出站	Direction : Outbound
19421	方向 : 错误	Direction : Error
19422	使用的提供	Offer Used
19423	协议 : ICMP	Protocol : ICMP
19424	协议 : TCP	Protocol : TCP
19425	协议 : UDP	Protocol : UDP
19426	协议 : RAW	Protocol : RAW
19427	AH(b/r) ESP Con(b/r) ESP Int PFS DH Group	AH(b/r) ESP Con(b/r) ESP Int PFS DH Group
19428	---------- ------------- ------- ------------	---------- ------------- ------- ------------
19429	封装类型 : IKE	Encapsulation Type : IKE
19430	封装类型 : 其他	Encapsulation Type : Other
19431	源 UDP 封装端口 : %1!u!	Source UDP Encap port : %1!u!
19432	目标 UDP 封装端口 : %1!u!	Dest UDP Encap port : %1!u!
19433	对等端私有地址 :	Peer Private Addr :
19434	协议 : 任何	Protocol : ANY
19441	)	)
19446	IPsec 配置参数	IPsec Configuration Parameters
19447	------------------------------	------------------------------
19448	IPsecDiagnostics : %1!d![Windows Vista 和更新操作系统无效]	IPsecDiagnostics : %1!d![Not valid for Windows Vista and later operating systems]
19449	IKElogging : %1!d! [Windows Vista 和更新操作系统无效]	IKElogging : %1!d! [Not valid for Windows Vista and later operating systems]
19450	StrongCRLCheck : %1!d!	StrongCRLCheck : %1!d!
19451	IPsecloginterval : %1!d![Windows Vista 和更新操作系统无效]	IPsecloginterval : %1!d![Not valid for Windows Vista and later operating systems]
19452	NLBSFlags : %1!d![Windows Vista 和更新操作系统无效]	NLBSFlags : %1!d![Not valid for Windows Vista and later operating systems]
19453	标志 : %1!d![Windows Vista 和更新操作系统无效]	Flags : %1!d![Not valid for Windows Vista and later operating systems]
19454	IPsecexempt : %1!d!	IPsecexempt : %1!d!
19455	2048DHGroupId : %1!d![Windows Vista 和更新操作系统无效]	2048DHGroupId : %1!d![Not valid for Windows Vista and later operating systems]
19456	IPsec 诊断级别超出范围。范围是 0 到 7。	IPsec Diagnostic Level is out of range. Range is 0 - 7.
19457	IKE 日志超出范围。范围是 0 到 1。	IKE Logging is out of range. Range is 0 - 1.
19458	强 CRL 检查等级超出范围。范围是 0 到 2。	Strong CRL Check Level is out of range. Range is 0 - 2.
19459	IPsec 日志间隔超出范围。范围是 60 到 86400。	IPsec Log Interval is out of range. Range is 60 - 86400.
19460	IPsec 免除等级超出范围。范围是 0 到 3。	IPsec Exemption Level is out of range. Range is 0 - 3.
19461	(一些 IPsec 配置参数没有设置)。	(Some of the IPsec Configuration parameters are not set).
19462	引导模式 :	Boot Mode :
19463	Stateful	Stateful
19465	许可	Permit
19476	没有引导模式免除	No bootmode exemptions
19477	引导模式免除 :	Boot Mode Exemptions :
19478	协议 源端口 目标端口 方向	Protocol Src Port Dst Port Direction
19479	--------- --------- --------- ---------	--------- --------- --------- ---------
19480	最大允许 1024 个免除。	A maximum of 1024 exemptions are allowed.
19800	MD5(%1!02lu!/%2!-02lu!) 无 无	MD5(%1!02lu!/%2!-02lu!) None None
19801	SHA1(%1!02lu!/%2!-02lu!) 无 无	SHA1(%1!02lu!/%2!-02lu!) None None
19802	无 无 无	None None None
19803	无 DES (%1!02lu!/%2!-02lu!)	None DES (%1!02lu!/%2!-02lu!)
19804	无 未知	None Unknown
19805	无 3DES(%1!02lu!/%2!-02lu!)	None 3DES(%1!02lu!/%2!-02lu!)
19806	无 无	None None
19811	certmap	certmap
19812	excludecaname	excludecaname
22001	ERR Win32[%1!05d!] : %2!s!	ERR Win32[%1!05d!] : %2!s!
22002	ERR IPsec[%1!05d!] :	ERR IPsec[%1!05d!] :
22004	ERR Win32[%1!05d!] : 无效的 Win32 错误代码	ERR Win32[%1!05d!] : Invalid Win32 Err Code
22010	一个或多个基本参数没有指定	One or more essential parameters not specified
22011	参数不匹配。请查阅帮助以了解正确语法	Arguments are not matching. Check help for the correct syntax
22012	在策略存储中没有策略	No Policies in Policy Store
22013	不能打开策略存储	Unable to open Policy Store
22014	在策略存储中没有筛选器操作	No Filter Actions in Policy Store
22015	在策略存储中没有筛选器列表	No Filter Lists in Policy Store
22016	名为 %1!s! 的策略存在于策略存储中	Policy with name %1!s! not exists in Policy Store
22017	内部错误，无效的 Switch Case。	Internal Error, Invalid Switch Case.
22018	参数对变量 '%1!s!' 无效	Invalid Parameter for the Argument '%1!s!'
22019	指定的 IP 地址无效	IP Address specified is invalid
22020	对给定的 DNS 名称 '%1!s!'，DNS 搜索失败	DNS lookup failed for the given dns name '%1!s!'
22021	'%1!s!' 对此上下文来说不是有效的标记	'%1!s!' not a valid tag for this context
22022	'%1!s!' 标记已经存在	'%1!s!' tag already present
22023	没有参数 'assign = y/n' 时不能指定 GPOname	GPOname cannot be specified without argument 'assign = y/n'
22024	给定命令需要标记 'Name' 或 'GUID'	Tag 'Name' or 'GUID' needed for the given command
22025	需要 '%1!s!' 标记	'%1!s!' tag is needed
22026	'%1!s!' 对标记 '%2!s!' 来说不是有效的参数	'%1!s!' is not a valid argument for the tag '%2!s!'
22027	前缀应该在 1 到 32 之间	Prefix should be between 1 and 32 only
22028	'%1!s!' 不是一个有效的掩码/前缀	'%1!s!' is not a valid Mask/Prefix
22029	提供的参数为空	The argument supplied is null
22030	指定的 'Seconds' 生存时间超过了限制。它应该在 '%1!d!' 到 '%2!d!' 之间	The 'Seconds' LifeTime specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
22031	指定的 'Kbytes' 超过了限制。它应该在 '%1!d!' 到 '%2!d!' 之间	The 'Kbytes' specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
22032	重新生成密钥单位(k/s)无效	The Rekey Unit (k/s) is invalid
22033	指定了无效的哈希算法	Invalid HASH algorithm specified
22034	指定了不完整的 ESP	Incomplete ESP specified
22035	为 '%1!s!' 指定了重复的算法	Duplicate Algo's specified for '%1!s!'
22036	不允许 None 和 None	None and None not allowed
22037	指定了无效的 IPsec 协议。它应该为 ESP 或 AH	Invalid IPsec protocol specified. It should be ESP or AH only
22038	超过了最大数目的 OFFERS[%1!d!]	Max Number of OFFERS[%1!d!] is crossed
22039	无效 QM_OFFERS。不允许 Encryption+Encryption 或 Authentication+Authentication	Invalid QM_OFFERS. Encryption+Encryption or Authentication+Authentication are not allowed
22040	对 QMOffers 指定了无效的生存时间或数据。	Invalid Lifetime or Data specification for QMOffers.
22041	为 MMOFFER 指定了无效的 PFS 组	Invalid PFS Group specified for MMOFFER
22042	缺少 P1 组	P1 Group missing
22043	指定了无效的 MMOFFER	Invalid MMOFFER is specified
22044	文件名应该只包含 .ipsec扩展	File name should contain .ipsec extension only
22045	不允许 '%1!s!' 和 ALL	'%1!s!' and ALL not allowed
22046	没有指定预共享密钥	Preshared key not specified
22047	指定了无效身份验证方法	Invalid Authmethod is specified
22048	指定了无效证书	Invalid Certificate specified
22049	指定了多个 '%1!s!' 参数。只允许一个。	Multiple '%1!s!' parameters are specified. Only one is allowed.
22050	指定的端口无效。	The Port specified is invalid.
22051	参数太多，被截断	No of arguments are more,truncated
22052	指定了无效的 QMOFFER	Invalid QMOFFER specified
22053	指定了无效的隧道 IP	Invalid Tunnel IP specified
22054	没有源和目标地址，不能指定协议	Protocol can't be specified without source and destination addresses
22055	指定的子网掩码无效	Subnet mask specified is invalid
22056	没有标签的参数只能是计算机或域	Non-tagged arg can only be machine or domain
22057	ERR WIN32[00014] : 没有足够的内存来完成此操作。	ERR WIN32[00014] : There is not enough memory to complete this operation.
22058	指定的端口无效。它应该小于 '%1!d!'	The Port specified is invalid. It should be in less than '%1!d!' only
22100	缺少策略名称	Missing Policy Name
22101	轮询间隔应该在 %1!d! 到 %2!d! 分钟之间	Polling Interval should be within %1!d! and %2!d! minutes
22102	快速模式限制应该在 %1!d! 到 %2!d! 个会话之间	Quickmode limit should be within %1!d! and %2!d! sessions
22103	生存时间应该在 %1!d! 到 %2!d! 分钟之间	Lifetime should be within %1!d! and %2!d! minutes
22111	名为 '%1!s!' 的策略已经存在	Policy with name '%1!s!' already exists
22112	添加默认响应规则时发生错误	Error while adding Default Response Rule
22113	用名称 '%1!s!' 创建策略失败	Error while creating Policy with name '%1!s!'
22114	由于加载默认身份验证方法失败，在用名称 '%1!s!' 创建策略时发生错误	Error while creating policy with name '%1!s!' due to failure in loading default auth methods
22121	缺少 FilterList 名称	Missing FilterList Name
22122	名为 '%1!s!' 的 FilterList 已经存在	FilterList with name '%1!s!' already exists
22123	用名称 '%1!s!' 创建 FilterList 失败	Error while creating FilterList with name '%1!s!'
22124	指定了无效的 GUID	Invalid GUID specified
22131	创建指定的筛选器失败	Error while creating the specified Filter
22141	名为 '%1!s!' 的 FilterAction 已经存在	FilterAction with name '%1!s!' already exists
22142	用名称 '%1!s!' 创建 FilterAction 失败	Error while creating FilterAction with name '%1!s!'
22143	对于 Permit 或 Block 类型的 FilterAction，Inpass、 Qmpfs、Soft 和 Qmsec 选项无效。需要指定 'action = negotiate'	Inpass, Qmpfs, Soft and Qmsec options are not valid for the Permit or Block type FilterAction. 'action = negotiate' needs to be specified
22144	至少需要指定一个快速模式安全方法	Atleast One Quick mode Security method needs to be specified
22151	缺少规则名称	Missing Rule Name
22152	缺少 FilterAction 名称	Missing FilterAction Name
22153	名为 '%1!s!' 的策略不存在	Policy with name '%1!s!' does not exist
22154	名为 '%1!s!' 的规则已经在策略 '%2!s!' 中存在	Rule with name '%1!s!' already exists in policy '%2!s!'
22155	名为 '%1!s!' 的 FilterAction 不存在	FilterAction with name '%1!s!' does not exist
22156	在 FilterList 中没有名为 '%1!s!' 的筛选器	No Filters in FilterList with name '%1!s!'
22157	在用名称 '%1!s!' 创建规则时出现错误	Error while creating Rule with name '%1!s!'
22158	缺少规则名称或规则 ID	Missing Rule Name or Rule ID
22159	GUID 为 %1!s! 的策略不存在	Policy with GUID %1!s! does not exist
22160	GUID 为 %1!s! 的 FilterAction 不存在	FilterAction with GUID %1!s! does not exist
22161	由于加载默认身份验证方法失败，在用名称 '%1!s!' 创建规则时出现错误	Error while creating Rule with name '%1!s!' due to failure in loading default auth methods
22165	证书解码操作失败	Certificate decoding operation failed
22166	名为 '%1!s!' 的策略在当前计算机的域中不存在	Policy with name '%1!s!' does not exist in current machine's domain
22167	指定了无效的隧道 IP 地址	Invalid Tunnel IP Address Specified
22168	名为 '%1!s!' 的 FilterList 不存在	FilterList with name '%1!s!' does not exist
22169	源和目标端都不能指定服务器	Servers cannot be specified for both source and destination sides
22170	GUID 为 %1!s! 的 FilterList 不存在	FilterList with GUID %1!s! does not exist
22171	没有可用的目录服务	No Directory Service available
22172	名为 '%1!s!' 的 GPO 在当前计算机的域中不存在	GPO with name '%1!s!' does not exist in current machine's domain
22173	在将策略分配给名为 '%1!s!' 的 GPO 时出现错误，或指定的 GPO 不存在	Error while assigning the Policy to the GPO with name '%1!s!' or specified GPO does not exist
22174	更新名为 '%1!s!' 的策略时出现错误	Error while updating the Policy with name '%1!s!'
22175	更新 GUID 为 %1!s! 的策略时出现错误	Error while updating the Policy with GUID %1!s!
22176	在从名为 '%1!s!' 的 GPO 中取消分配的策略时失败，或指定的 GPO 不存在	Error while unassigning the Policy from the GPO with name '%1!s!' or specified GPO does not exist
22181	更新名为 '%1!s!' 的 FilterList 时出现错误	Error while updating FilterList with name '%1!s!'
22182	更新 GUID 为 %1!s! 的 FilterList 失败	Error while updating FilterList with GUID %1!s!
22191	更新名为 '%1!s!' 的 FilterAction 失败	Error while updating FilterAction with name '%1!s!'
22192	更新 GUID 为 %1!s! 的 FilterAction 失败	Error while updating FilterAction with GUID %1!s!
22201	名为 '%1!s!' 的规则在策略 '%2!s!' 中不存在	Rule with name '%1!s!' does not exist in Policy '%2!s!'
22202	在更新名为 '%1!s!' 的规则时出现错误	Error while updating rule with name '%1!s!'
22203	不能用此命令更新默认规则。请使用 'set defaultrule' 命令	Default rule cannot be updated with this command. Use the 'set defaultrule' command
22204	ID 为 %1!d! 的规则在策略 '%2!s!' 中不存在	Rule with ID %1!d! does not exist in Policy '%2!s!'
22205	指定了无效规则 ID	Invalid Rule ID Specified
22211	在更新名为 '%1!s!' 的策略的默认规则时出现错误	Error while updating Default Rule of Policy with name '%1!s!'
22221	没有指定文件名	No file name specified
22222	无效文件/路径名称	Invalid File / Path name
22223	导入策略时出现错误	Error while importing policies
22231	导出策略时出现错误	Error while exporting policies
22235	还原默认策略时出现错误	Error while restoring default policies
22236	此命令只对本地存储可用	This command is only available for the local store
22237	无效域名。名为 '%1!s!' 的域不存在	Invalid Domain Name. Domain with name '%1!s!' does not exist
22238	你的计算机不是域的成员	Your machine is not a member of domain
22241	删除名为 '%1!s!' 的策略出现错误	Error while deleting Policy with name '%1!s!'
22242	没有名为 '%1!s!' 的策略	No Policy with name '%1!s!'
22251	不能删除名为 '%1!s!' 的 FilterList	FilterList with name '%1!s!' cannot be deleted
22252	删除名为 '%1!s!' 的 FilterList 出现错误	Error while deleting FilterList with name '%1!s!'
22255	没有名为 '%1!s!' 的 FilterList	No FilterList with name '%1!s!'
22256	指定的筛选器在名为 '%1!s!' 的 FilterList 中不存在	Filter with the specified spec does not exist in FilterList with name '%1!s!'
22261	删除指定的筛选器后，在更新名为 '%1!s!' 的 FilterList 时出现错误	Error while updating FilterList with name '%1!s!' after deletion of the specified filter
22265	不能删除名为 '%1!s!' 的 FilterAction	FilterAction with name '%1!s!' cannot be deleted
22266	在删除名为 '%1!s!' 的 FilterAction 时发生错误	Error while deleting FilterAction with name '%1!s!'
22267	没有名为 '%1!s!' 的 FilterAction	No FilterAction with name '%1!s!'
22271	在删除名为 '%1!s!' 的规则时发生错误	Error while deleting Rule with name '%1!s!'
22272	在删除 ID 为 %1!d! 的规则时发生错误	Error while deleting Rule with ID %1!d!
22273	不能删除默认响应规则	Default Response Rule cannot be deleted
22274	没有名为 '%1!s!' 的规则	No Rule with name '%1!s!'
22275	没有 ID 为 %1!d! 的规则	No Rule with ID %1!d!
22281	在提取名为 '%1!s!' 的策略的 NegPol 信息时出现错误	Error while extracting NegPol info of Policy with name '%1!s!'
22282	在提取名为 '%1!s!' 的策略的筛选器信息时出现错误	Error while extracting Filter info of Policy with name '%1!s!'
22283	在提取名为 '%1!s!' 的策略的 ISAKMP 信息时出现错误	Error while extracting ISAKMP info of Policy with name '%1!s!'
22290	没有当前已分配的策略	No currently assigned Policy
22295	在策略存储中没有已存在的 FilterList	No FilterList exists in Policy Store
22296	在策略存储中没有已存在的 FilterAction	No FilterAction exists in Policy Store
22297	无效的 GPO 名称，或没有当前已指定的策略	Either invalid GPO name or no currently assigned policy
22298	在使用域存储时必须指定名称	A name must be specified when using the domain store
22299	指定了无效的源 IP 地址	Invalid Source IP Address specified
22300	指定了无效的源 IP/掩码	Invalid Source IP/Mask specified
22301	地址冲突。源和目标不能有相同的 IP/DNS	Address Conflict. Source and Destination cannot have same IP/DNS
22302	指定了无效的服务器	Invalid server specified
22303	需要指定服务器	Server needs to be specified
22304	指定了无效的目标 IP 地址	Invalid destination IP Address specified
22305	指定了无效的目标掩码	Invalid destination mask specified
22306	Newname 无效。名为 '%1!s!' 的策略已经存在	Invalid Newname. Policy with name '%1!s!' already exists
22307	Newname 无效。名为 '%1!s!' 的规则已经存在	Invalid Newname. Rule with name '%1!s!' already exists
22308	Newname 无效。名为 '%1!s!' 的 Filterlist 已经存在	Invalid Newname. Filterlist with name '%1!s!' already exists
22309	Newname 无效。名为 '%1!s!' 的 Filteraction 已经存在	Invalid Newname. Filteraction with name '%1!s!' already exists
22310	如果指定了类型，则需要指定 'all'	If a type is specified, 'all' needs to be specified
22311	在此操作过程中发生了内部错误	Internal error occurred during this operation
22312	在策略 '%1!s!' 中不存在隧道类型规则	No Tunnel type rules exist in policy '%1!s!'
22313	不能通过此命令更新默认 Filteraction。请使用 'Set DefaultRule' 命令。	Updating default Filteraction is not allowed through this command. Use 'Set DefaultRule' command.
22314	名为 '%1!s!' 的策略有 READONLY 属性。更新被拒绝	Policy with name '%1!s!' has READONLY attribute. Updation denied
22315	指定规则有 READONLY 属性。更新被拒绝	Specified Rule has READONLY attribute. Updation denied
22316	名为 '%1!s!' 的 Filteraction 有 READONLY 属性。更新被拒绝	Filteraction with name '%1!s!' has READONLY attribute. Updation denied
22317	名为 '%1!s!' 的 FilterList 有 READONLY 属性。更新被拒绝	FilterList with name '%1!s!' has READONLY attribute. Updation denied
22318	名为 '%1!s!' 的策略有 READONLY 属性。删除被拒绝	Policy with name '%1!s!' has READONLY attribute. Deletion denied
22319	名为 '%1!s!' 的规则有 READONLY 属性。删除被拒绝	Rule with name '%1!s!' has READONLY attribute. Deletion denied
22320	名为 '%1!s!' 的 Filteraction 有 READONLY 属性。删除被拒绝	Filteraction with name '%1!s!' has READONLY attribute. Deletion denied
22321	名为 '%1!s!' 的 FilterList 有 READONLY 属性。删除被拒绝	FilterList with name '%1!s!' has READONLY attribute. Deletion denied
22322	在使用本地存储时不能指定名称	No name can be specified when using the local store
22323	Windows Vista 和 Windows 的更新版本不支持默认响应规则。	Default response rule is not supported on Windows Vista and later versions of Windows.
23001	当 ActionInbound 或 ActionOutbound 指定为 NEGOTIATE 时，需要 QMPolicy。	QMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE.
23002	端口号对 TCP 或 UDP 协议有效，将继续而不使用 PortNumber。	Port number valid for TCP or UDP protocols, continuing without PortNumber.
23003	指定的 QMPolicy 不存在。	Specified QMPolicy does not exist.
23004	指定的 MainMode 策略不存在。	Specified MainMode Policy does not exist.
23006	ActionInbound 或 ActionOutbound 都不指定为 NEGOTIATE 时无法具有 IPsec 策略。	Cannot have IPsec policy when neither ActionInbound or ActionOutbound are specified as NEGOTIATE.
23007	Mirror = Yes 对隧道规则是无效的。	Mirror = Yes is not valid for Tunnel Rule.
23011	指定的 MainMode 筛选器不存在。	Specified MainMode Filter does not exist.
23012	指定的传输筛选器不存在。	Specified Transport Filter does not exist.
23013	指定的隧道筛选器不存在。	Specified Tunnel Filter does not exist.
23014	MainMode 策略不可用。	MainMode Policies are not available.
23015	QuickMode 策略不可用。	QuickMode Policies are not available.
23021	给定名称的 MainMode 策略已经存在。	MainMode Policy with the given name already exists.
23031	给定名称的 QuickMode 策略已经存在。	QuickMode Policy with the given name already exists.
23061	MainMode 筛选器不存在。	MainMode Filters do not exist.
23062	指定的 MainMode 筛选器不存在，并且找不到策略。	Specified MainMode Filter does not exist and Policy is not found.
23063	指定的 MainMode 策略不存在，或没有与指定的 MainMode 筛选器相关联。	Specified MainMode Policy either does not exist or not associated with specified MainMode Filter.
23071	QuickMode 筛选器不存在。	QuickMode Filters do not exist.
23072	指定的 QuickMode 筛选器不存在，并且找不到策略。	Specified QuickMode Filter does not exist and Policy is not found.
23073	指定的 QuickMode 策略不存在，或没有与 QuickMode 筛选器相关联。	Specified QuickMode Policy either does not exist or is not associated with QuickMode Filter.
23074	指定的 QuickMode 筛选器不存在。	Specified QuickMode Filter does not exist.
23075	正在使用的身份验证方法。	Authentication method(s) being used.
23076	不能删除 %1!d! MMFilter 对象。	%1!d! MMFilter object(s) could not be deleted.
23077	不能删除 %1!d! 传输筛选器对象。	%1!d! Transport Filter object(s) could not be deleted.
23078	不能删除 %1!d! 隧道筛选器对象。	%1!d! Tunnel Filter object(s) could not be deleted.
23081	IPsec 策略代理服务没有在运行。	The IPsec Policy Agent service is not active.
23082	策略代理服务成功启动。	Policy Agent service successfully started.
23090	来自分析器的错误字符串，应该是 IPSEC，IKE 或 ALL。	Wrong token from Parser, Should be either IPSEC, IKE or ALL.
23091	从分析器接收到无效的 AddressType。	Invalid AddressType received from Parser.
23092	源和目标都不能是服务器。	Source and Destination both cannot be Servers.
23093	隧道源和隧道目标都不能是服务器。	Tunnel Source and Tunnel Destination both cannot be Servers.

File Name:	nshipsec.dll.mui
Directory:	%WINDIR%\WinSxS\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.15063.0_zh-cn_bb29800a1c0ff4cd\
File Size:	130 kB
File Permissions:	rw-rw-rw-
File Type:	Win32 DLL
File Type Extension:	dll
MIME Type:	application/octet-stream
Machine Type:	Intel 386 or later, and compatibles
Time Stamp:	0000:00:00 00:00:00
PE Type:	PE32
Linker Version:	14.10
Code Size:	0
Initialized Data Size:	133120
Uninitialized Data Size:	0
Entry Point:	0x0000
OS Version:	10.0
Image Version:	10.0
Subsystem Version:	6.0
Subsystem:	Windows GUI
File Version Number:	10.0.15063.0
Product Version Number:	10.0.15063.0
File Flags Mask:	0x003f
File Flags:	(none)
File OS:	Windows NT 32-bit
Object File Type:	Dynamic link library
File Subtype:	0
Language Code:	Chinese (Simplified)
Character Set:	Unicode
Company Name:	Microsoft Corporation
File Description:	Net Shell IP 安全帮助程序 DLL
File Version:	10.0.15063.0 (WinBuild.160101.0800)
Internal Name:	nshipsec.dll
Legal Copyright:	© Microsoft Corporation. All rights reserved.
Original File Name:	nshipsec.dll.mui
Product Name:	Microsoft® Windows® Operating System
Product Version:	10.0.15063.0
Directory:	%WINDIR%\WinSxS\x86_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.15063.0_zh-cn_5f0ae48663b28397\

nshipsec.dll.mui is Multilingual User Interface resource file that contain Chinese (Simplified) language for file nshipsec.dll (Net Shell IP 安全帮助程序 DLL).

File Description:	Net Shell IP 安全帮助程序 DLL
File Version:	10.0.15063.0 (WinBuild.160101.0800)
Company Name:	Microsoft Corporation
Internal Name:	nshipsec.dll
Legal Copyright:	© Microsoft Corporation. All rights reserved.
Original Filename:	nshipsec.dll.mui
Product Name:	Microsoft® Windows® Operating System
Product Version:	10.0.15063.0
Translation:	0x804, 1200