File name: | nshipsec.dll.mui |
Size: | 133632 byte |
MD5: | a702a5ed4b9b759ffbe9436b739db917 |
SHA1: | e95446f6cb980ce9f0eb87b53c1c18bd01d04acf |
SHA256: | 720bf56fa81cd93d220f5e476ced5577ab5409be400002f57c42a490738d2281 |
Operating systems: | Windows 10 |
Extension: | MUI |
If an error occurred or the following message in Chinese (Simplified) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.
id | Chinese (Simplified) | English |
---|---|---|
11110 | 从证书存储中导出所有策略。 |
Exports all the policies from the policy store. |
11111 | 从文件导入策略到证书存储。 |
Imports the policies from a file to the policy store. |
11112 | 还原默认示例策略。 |
Restores the default example policies. |
11150 | 用法: exportpolicy [ file = ] 将所有策略导出到文件。 参数: 标记 值 name -策略要导出到的文件的名称。 注释: 默认情况下在文件名后面加 .ipsec 扩展。 示例: exportpolicy Policy1 |
Usage: exportpolicy [ file = ] Exports all the policies to a file. Parameters: Tag Value name -Name of the file into which the policies are exported. Remarks: .ipsec extension is by default added to the filename. Examples: exportpolicy Policy1 |
11151 | 用法: importpolicy [ file = ] 从指定文件中导入策略。 参数: 标记 值 name -要从中导入策略的文件名。 注释: 示例: importpolicy Policy1.ipsec |
Usage: importpolicy [ file = ] Imports policies from the specified file. Parameters: Tag Value name -Name of the file from which the policies are imported. Remarks: Examples: importpolicy Policy1.ipsec |
11152 | 用法: restorepolicyexamples [release = ] (win2k | win2003) 还原默认策略。 参数: 标记 值 release -OS 发行类别,对默认策略示例。 注释: 此命令只对本地计算机策略存储有效。 示例: 1. restorepolicyexamples release=win2003 2. restorepolicyexamples release=win2k |
Usage: restorepolicyexamples [release = ] (win2k | win2003) Restores the default policies. Parameters: Tag Value release -OS release type, for default policies examples. Remarks: This command is only valid for the local computer policy store. Examples: 1. restorepolicyexamples release=win2003 2. restorepolicyexamples release=win2k |
11200 | 创建新的策略和有关信息。 |
Creates new policies and related information. |
11210 | 用默认响应规则创建策略。 |
Creates a policy with a default response rule. |
11211 | 创建一个空的筛选器列表。 |
Creates an empty filter list. |
11212 | 创建一个筛选器操作。 |
Creates a filter action. |
11213 | 为指定策略创建一个规则。 |
Creates a rule for the specified policy. |
11214 | 将筛选器添加到筛选器列表。 |
Adds a filter to filter list. |
11250 | 用法: policy [ name = ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] (yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 用指定名称创建一个策略。 参数: 标记 值 name -策略的名称。 description -策略的简短信息。 mmpfs -设置主完全向前保密的选项。 qmpermm -每一 IKE 主模式会话的快速模式会话数目。 mmlifetime -为 IKE 的主模式重新生成密钥所需时间(以分钟计)。 activatedefaultrule -激活或禁用默认响应规则。 只在 Windows Vista 之前的 Windows 版本上有效。 pollinginterval -轮询间隔,策略代理在策略存储中 查找更改的间隔时间(以分钟计)。 assign -指定策略为活动或非活动。 mmsecmethods -一个或多个由空格分隔开的安全方法列表,安全方法的格式为 ConfAlg-HashAlg-GroupNum,其中 ConfAlg 可以是 DES 或 3DES,HashAlg 是 MD5 或 SHA1。 GroupNum 可以是 1 (低)、2 (中)、3 (DH2048)。 注释: 1. 如果指定了 mmpfs,qmpermm 将设置为 1。 2. 如果存储为 "domain",则 "assign" 将不起作用。 3. 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: add policy Policy1 mmpfs= yes assign=yes mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2" |
Usage: policy [ name = ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] (yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Creates a policy with the specified name. Parameters: Tag Value name -Name of the policy. description -Brief information about the policy. mmpfs -Option to set master perfect forward secrecy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. activatedefaultrule -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista. pollinginterval -Polling Interval, time in minutes for policy agent to check for changes in policy store. assign -Assigns the policy as active or inactive. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum, where ConfAlg can be DES or 3DES, HashAlg is MD5 or SHA1. GroupNum can be 1 (Low), 2 (Med), 3 (DH2048). Remarks: 1. If mmpfs is specified, qmpermm is set to 1. 2. If the store is 'domain' then ‘assign’ will have no effect. 3. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add policy Policy1 mmpfs= yes assign=yes mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2" |
11251 | 用法: filterlist [ name = ] [ [ description = ] ] 用指定名称创建一个空的筛选器列表。 参数: 标记 值 name -筛选器列表的名称。 description -筛选器列表的简短信息。 注释: 示例: add filterlist Filter1 |
Usage: filterlist [ name = ] [ [ description = ] ] Creates an empty filter list with the specified name. Parameters: Tag Value name -Name of the filter list. description -Brief information about the filter list. Remarks: Examples: add filterlist Filter1 |
11252 | 用法: filteraction [ name = ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] 创建一个筛选器操作。 参数: 标记 值 name -筛选器操作的名称。 description -筛选器操作类别的简短信息。 qmpfs -设置快速模式完全向前保密的选项。 inpass -接受不安全的通讯,但是始终用 IPsec响应。 这接受 yes 或 no。 soft -允许与没有 IPsec 的计算机进行不安全的通讯。 可以是 yes 或 no。 action -可以是 permit,block 或 negotiate。 qmsecmethods -IPsec 提供是下列格式之一: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s 其中 ConfAlg 可以是 DES 或 3DES 或 None 其中 AuthAlg 可以是 MD5 或 SHA1 或 None 其中 HashAlg 是 MD5 或 SHA1。 其中 k 是 Lifetime(千字节)。 其中 s 是 Lifetime(秒)。 注释: 1. 如果操作不是 negotiate,快速模式安全方法将被忽略 2. 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s" |
Usage: filteraction [ name = ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Creates a filter action. Parameters: Tag Value name -Name of the filter action. description -Brief information about the type of filter action. qmpfs -Option to set quick mode perfect forward secrecy. inpass -Accept unsecured communication, but always respond using IPsec. This takes a value of either ‘yes’ or ‘no’. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either ‘yes’ or ‘no’. action -This takes permit, block or negotiate. qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is Lifetime in kilobytes. where s is Lifetime in seconds. Remarks: 1. Quick mode security methods are ignored if the action is not ‘negotiate’ 2. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s" |
11253 | 用法: rule [ name = ] [ policy = ] [ filterlist = ] [ filteraction = ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ description = ] ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 用指定的筛选器列表和筛选器操作创建一个规则。 参数: 标记 值 name -规则的名称。 policy -规则所属的策略的名称。 filterlist -要使用的筛选器列表的名称。 filteraction -要使用的筛选器操作的名称。 tunnel -隧道终结点 IP 地址。 conntype -连接类型可以是 lan,dialup 或 all。 activate -如果指定了 yes,则激活策略中的规则。 description -规则的简短信息。 kerberos -如果指定了 yes,则提供 Kerberos 身份验证。 psk -用预共享密钥提供身份验证。 rootca -用指定的根证书提供身份验证,如果指定了 certmap:Yes,将尝试映射此证书 如果指定了 excludecaname:Yes,将排除 CA 名称 注释: 1. 证书,映射和 CA 名称设置要在引号中引起来,内嵌的引号将 被“\'”所代替。 2. 证书映射只对域成员有效。 3. 可以多次使用 rootca 参数来提供多重证书。 4. 每种身份验证方法的优先级由在命令中的顺序来决定。 5. 如果没有指定身份验证方法,将使用动态默认。 6. 排除根证书颁发机构(CA)名称防止将名称作为证书请求的一部分 发送。 示例: add rule name=Rule policy=Policy filterlist=Filterlist filteraction=FilterAction kerberos=yes psk="my key" rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" |
Usage: rule [ name = ] [ policy = ] [ filterlist = ] [ filteraction = ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ description = ] ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Creates a rule with the specified filter list and filter action. Parameters: Tag Value name -Name of the rule. policy -Name of the policy the rule belongs to. filterlist -Name of the filter list to be used. filteraction -Name of the filter action to be used. tunnel -Tunnel end point IP address. conntype -Connection type can be lan, dialup or ‘all’. activate -Activates the rule in the policy if ‘yes’ is specified. description -Brief information about the rule. kerberos -Provides Kerberos authentication if ‘yes’ is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 2. Certificate mapping is valid only for domain members. 3. Multiple certificates can be provided by using the rootca parameter multiple times. 4. The preference of each authentication method is determined by its order in the command. 5. If no auth methods are stated, dynamic defaults are used. 6. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. Examples: add rule name=Rule policy=Policy filterlist=Filterlist filteraction=FilterAction kerberos=yes psk="my key" rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" |
11254 | 用法: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ description = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ mirrored = ] (yes | no) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] 将筛选器添加到指定的筛选器列表。 参数: 标记 值 filterlist -筛选器要添加到其中的筛选器列表的名称。 srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、dns 名称或服务器类型。 description -筛选器的简介信息。 protocol -可以是 ANY,ICMP,TCP,UDP,RAW,或者一个整数。 mirrored -值为 'Yes' 将创建两个筛选器,每个方向均有一个。 srcmask -源地址掩码或一个 1 到 32 的前缀。如果 srcaddr 设置为某一范围,则不适用。 dstmask -目标地址掩码或一个 1 到 32 的前缀。如果 dstaddr 设置为某一范围,则不适用。 srcport -数据包的源端口。值为 0 表示任意端口。 dstport -数据包的目标端口。值为 0 表示任意端口。 注释: 1. 如果筛选器列表不存在,将创建它。 2. 要指定当前计算机地址,请设置 srcaddr/dstaddr=me 要指定所有计算机地址,请设置 srcaddr/dstaddr=any 3. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。 4. 如果源是一个服务器类型,则目标为 "me",反之亦然。 5. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。 示例: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45 srcmask=24 dstmask=32 2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0 protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255 3. add filter filterlist=Filter1 srcaddr=me dstaddr=any 4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME 5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME |
Usage: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ description = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ mirrored = ] (yes | no) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] Adds a filter to the specified filter list. Parameters: Tag Value filterlist -Name of the filter list to which the filter is added. srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. description -Brief information about the filter. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. mirrored -‘Yes’ creates two filters, one in each direction. srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range srcport -Source port of the packet. A value of 0 means any port. dstport -Destination port of the packet. A value of 0 means any port. Remarks: 1. If the filter list does not exist it will be created. 2. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 3. Server type can be WINS, DNS, DHCP or GATEWAY. 4. If source is a server type, then dest is 'me' and vice-versa. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45 srcmask=24 dstmask=32 2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0 protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255 3. add filter filterlist=Filter1 srcaddr=me dstaddr=any 4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME 5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME |
11300 | 更改现存策略和相关信息。 |
Modifies existing policies and related information. |
11310 | 更改策略。 |
Modifies a policy. |
11311 | 更改筛选器列表。 |
Modifies a filter list. |
11312 | 更改筛选器操作。 |
Modifies a filter action. |
11313 | 更改规则。 |
Modifies a rule. |
11314 | 设置当前策略存储。 |
Sets the current policy store. |
11315 | 更改默认响应规则。 |
Modifies the default response rule of a policy. |
11317 | 设置批更新模式。 |
Sets the batch update mode. |
11350 | 用法: policy [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] ( yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ gponame = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 更改策略。 参数: 标记 值 name | guid -策略或 guid 的名称。 newname -新名称 description -简介信息。 mmpfs -设置主密钥完全向前保密。 qmpermm -每一个主模式的快速模式数目。 mmlifetime -重新生成密钥的时间(以分钟计)。 activatedefaultrule -激活默认响应规则。只在 Windows Vista 之前的 Windows 版本中有效。 pollinginterval -在策略存储中查找更改的时间(以分钟计)。 assign -指定策略。 gponame -可以指定策略的本地 AD 组策略对象名称。 在 store 为 domain 时为有效。 mmsecmethods -一个或多个空格分隔的安全方法列表,格式为 ConfAlg-HashAlg-GroupNum。 注释: 1. 如果指定了 mmpfs,qmpermm 将设置为 1。 2. 只有将 store 设置为 domain 时,才能指定 GPO 名称。 3. 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y 2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=NewName gpo=DefaultDomainPolicy assign=y |
Usage: policy [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] ( yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ gponame = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Modifies a policy. Parameters: Tag Value name | guid -Name of the policy, or guid. newname -New name. description -Brief information. mmpfs -Sets master perfect forward secrecy. qmpermm -Number of quick modes per main mode. mmlifetime -Time in minutes to rekey. activatedefaultrule -Activates the default response rule. Valid only for versions of Windows prior to Windows Vista. pollinginterval -Time in minutes to check for change in policy store. assign -Assigns the policy. gponame -Local AD group policy object name to which the policy can be assigned. Valid when the store is domain. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum. Remarks: 1. If mmpfs is specified, qmpermm is set to 1. 2. A GPO name can only be specified if the store is set to domain. 3. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y 2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=NewName gpo=DefaultDomainPolicy assign=y |
11351 | 用法: filterlist [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] 更改筛选器列表名称和描述。 参数: 标记 值 name | guid -筛选器列表的名称或 guid。 newname -筛选器列表的新名称。 description -筛选器的简短信息列表。 示例: 1.set filterlist Filter1 desc=NewFilter1 2.set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=FilterName |
Usage: filterlist [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] Modifies a filter list name and description. Parameters: Tag Value name | guid -Name of the filter list or guid. newname -New name of the filter list. description -Brief information about the filter list. Examples: 1. set filterlist Filter1 desc=NewFilter1 2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=FilterName |
11352 | 用法: filteraction [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] 更改筛选器操作。 参数: 标记 值 name | guid -筛选器操作的名称或 guid。 newname -筛选器操作的新名称。 description -筛选器操作的简短信息。 qmpfs -设置快速模式完全向前保密的选项。 inpass -接受非安全的通讯,但始终用 IPsec 响应。可以 是 yes 或 no。 soft -允许与非 IPsec 的计算机进行非安全的通讯。 它的值可以是 yes 或 no。 action -可以是 permit 或 block 或 negotiate。 qmsecmethods -IPsec 提供是下列格式之一: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s 其中 ConfAlg 可以是 DES 或 3DES 或 None。 其中 AuthAlg 可以是 MD5 或 SHA1 或 None。 其中 HashAlg 是 MD5 或 SHA1。 其中 k 是 lifetime(千字节)。 其中 s 是 lifetime(秒)。 3. 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: 1.set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s 2.set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} inpass=y |
Usage: filteraction [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Modifies a filter action. Parameters: Tag Value name | guid -Name or guid of the filter action. newname -New name of the filter action. description -Brief information about the filter action. qmpfs -Option to set quick mode perfect forward secrecy. inpass -Accept unsecured communication, but always respond using IPsec. This takes a value of either ‘yes’ or ‘no’. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either ‘yes’ or ‘no’. action -This takes permit or block or negotiate. qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples:1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s 2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} inpass=y |
11353 | 用法: rule [ name = ] | [id= ] [ policy = ] [ [ newname = ] ] [ [ description = ] ] [ [ filterlist = ] ] [ [ filteraction = ] ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 更改策略中的规则。 参数: 标记 值 name | id -规则的名称或 ID。 policy -规则所属的策略的名称。 newname -规则的新名称。 description -规则的简短信息。 filterlist -要使用的筛选器列表的名称。 filteraction -要使用的筛选器操作的名称。 tunnel -隧道 ip 地址或 dns 名称。 conntype -连接类型可以是 lan,dialup 或 all。 activate -如果指定了 yes,则激活策略中的规则。 kerberos -如果指定了 yes,则提供 Kerberos 身份验证。 psk -用指定的预共享密钥提供身份验证。 rootca -用指定的根证书提供身份验证,如果指定了 certmap:Yes,将尝试映射此证书 如果指定了 excludecaname:Yes,将排除 CA 名称。 注释: 1. 证书,映射和 CA 名称设置要在引号中引起来,内嵌的引号将 被“\'”代替。 2. 证书映射只对域成员有效。 3. 可以多次使用 rootca 参数来提供多重证书。 4. 每种身份验证方法的优先级由在命令中的顺序来决定。 5. 如果没有指定身份验证方法,将使用动态默认。 6. 所有身份验证方法都将被指定的列表所覆盖。 7. 排除根证书颁发机构(CA)名称防止将名称作为证书请求的一部分 发送。 示例: 1. set rule name=Rule policy=Policy activate=yes rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" 2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156 |
Usage: rule [ name = ] | [id= ] [ policy = ] [ [ newname = ] ] [ [ description = ] ] [ [ filterlist = ] ] [ [ filteraction = ] ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Modifies a rule in a policy. Parameters: Tag Value name | id -Name or ID of the rule. policy -Name of the policy, the rule belongs to. newname -New name of the rule. description -Brief information about the rule. filterlist -Name of the filter list to be used. filteraction -Name of the filter action to be used. tunnel -Tunnel ip address or dns name. conntype -Connection type can be ‘lan’, ‘dialup’ or ‘all’. activate -Activates the rule in the policy if ‘yes’ is specified. kerberos -Provides Kerberos authentication if ‘yes’ is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 2. Certificate mapping is valid only for domain members. 3. Multiple certificates can be provided by using the rootca parameter multiple times. 4. The preference of each authentication method is determined by its order in the command. 5. If no auth methods are stated, dynamic defaults are used. 6. All authentication methods are overwritten with the stated list. 7. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. Examples: 1. set rule name=Rule policy=Policy activate=yes rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" 2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156 |
11354 | 用法: store [location = ] (local | domain) [ [ domain = ] ] 设置当前 IPsec 策略存储位置。 参数: 标记 值 location IPsec 策略存储的位置。 domain 域名(只应用于域位置)。 说明: 1. 本地存储包含 IPsec 策略,可以指定来保护 计算机。如果域策略可用,则 应用域策略而不是本地策略。 2. 域存储包含 IPsec 策略,可以指定来 保护域中的一组计算机。 3. 使用"set machine"命令配置远程计算机。 4. 默认存储为本地存储。对存储设置所作的更改 仅在当前 Netsh 会话期间有效。如果需要在 同一存储中从批处理文件运行多个命令,请在 执行批处理文件时使用"Netsh Exec"。 5. 不支持永久存储和永久策略。 示例: 1. set store location= local - 使用当前计算机的本地存储。 2. set store location= domain domain=example.microsoft.com - 使用域策略存储以获取 example.microsoft.com。 |
Usage: store [location = ] (local | domain) [ [ domain = ] ] Sets the current IPsec policy storage location. Parameters: Tag Value location Location of the IPsec policy store. domain Domain name (only applies to the domain location). Remarks: 1. The local store contains IPsec policies that can be assigned to secure this computer. If a domain policy is available, the domain policy is applied instead of the local policy. 2. The domain store contains IPsec policies that can be assigned to secure groups of computers in a domain. 3. Use the 'set machine' command to configure a remote computer. 4. The default store is Local. Changes to the store setting persist only as long as the current Netsh session. If you need to run multiple commands in the same store from a batch file, use the ‘Netsh Exec’ when executing your batch file. 5. Persistent store and persistent policy is not supported. Examples: 1. set store location= local - uses the local store of the current computer . 2. set store location=domain domain=example.microsoft. com - uses the domain policy store for example.microsoft.com . |
11355 | 用法: defaultrule [ policy = ] [ [ qmpfs = ] (yes | no) ] [ [ activate = ] (yes | no) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 修改指定策略的默认响应规则。 在 Windows Vista 和 Windows 的更新版本中将忽略此规则。 参数: 标记 值 policy -其默认响应规则将被修改的策略的名称 . qmpfs -设置快速模式完全向前保密的选项 . activate -如果指定 "yes" 则激活策略中的规则 . qmsecmethods -IPsec 按下列其中一种模式提供: ESP[ConfAlg,AuthAlg]:k/ s AH[HashAlg]:k/ s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/ s 其中 ConfAlg 可以是 DES、3DES 或 None . 其中 AuthAlg 可以是 MD5、SHA1 或 None . 其中 HashAlg 是 MD5 或 SHA1 . 其中 k 是以 KB 为单位的生存时间 . 其中 s 是以秒为单位的生存时间 . kerberos -如果指定 “yes” 则提供 Kerberos 身份验证 . psk -使用指定的预共享密钥提供身份验证 . rootca -使用指定的根证书提供身份验证, 如果指定 certmap:Yes,则尝试映射证书, 如果指定 excludecaname:Yes,则排除 CA 名称 . 说明: 1. 证书、映射和 CA 名称设置都要放在引号中;嵌入的引号用“\”代替 . 2. 证书映射只对域成员有效 . 3. 通过多次使用 rootca 参数可以提供多重证书 . 4. 每种身份验证方法的优先级由它在命令中的顺序决定 . 5. 如果未指定身份验证方法,则使用动态默认 6. 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: set defaultrule Policy1 activate= y qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s" |
Usage: defaultrule [ policy = ] [ [ qmpfs = ] (yes | no) ] [ [ activate = ] (yes | no) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Modifies the default response rule of the specified policy. This rule will be ignored on Windows Vista and later versions of Windows Parameters: Tag Value policy -Name of the policy for which the default response rule is to be modified . qmpfs -Option to set quick mode perfect forward secrecy . activate -Activates the rule in the policy if ‘yes’ is specified . qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/ s AH[HashAlg]:k/ s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/ s where ConfAlg can be DES, or 3DES or None . where AuthAlg can be MD5, or SHA1 or None . where HashAlg is MD5 or SHA1 . where k is lifetime in kilobytes . where s is lifetime in seconds . kerberos -Provides Kerberos authentication if ‘yes’ is specified . psk -Provides authentication using a specified preshared key . rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified . Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \' . 2. Certificate mapping is valid only for domain members . 3. Multiple certificates can be provided by using the rootca parameter multiple times . 4. The preference of each authentication method is determined by its order in the command . 5. If no auth methods are stated, dynamic defaults are used . 6. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only . Examples: set defaultrule Policy1 activate= y qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s" |
11357 | 用法: set batch [mode = ] (enable | disable) 设置批处理更新模式。 参数: mode - 用于批处理更新的模式。 |
Usage: set batch [mode = ] (enable | disable) Sets the batch update mode. Parameters: mode - The mode for batch updates. |
11400 | 删除策略和相关信息。 |
Deletes policies and related information. |
11410 | 删除一个策略和它的规则。 |
Deletes a policy and its rules. |
11411 | 删除一个筛选器列表。 |
Deletes a filter list. |
11412 | 删除一个筛选器操作。 |
Deletes a filter action. |
11413 | 从策略中删除一个规则。 |
Deletes a rule from a policy. |
11414 | 从筛选器列表中删除一个筛选器。 |
Deletes a filter from a filter list. |
11415 | 删除所有策略,筛选器列表和筛选器操作。 |
Deletes all policies, filter lists, and filter actions. |
11450 | 用法: policy [ name = ] | [ all ] 删除策略及它的所有相关规则。 参数: 标记 值 name | all -策略名称,或 all。 注释: 如果指定了 'all',将删除所有策略。 示例: 1. delete policy all - 删除所有策略 2. delete policy name=Policy1 - 删除名为 'Policy1' 的策略 |
Usage: policy [ name = ] | [ all ] Deletes the policy and all its associated rules. Parameters: Tag Value name | all -Name of the policy or ‘all’. Remarks: If 'all' is specified, all policies are deleted. Examples: 1. delete policy all - deletes all policies. 2. delete policy name=Policy1 - deletes the policy named Policy1. |
11451 | 用法: filterlist [name = ] | [ all ] 删除筛选器列表及它的所有相关筛选器。 参数: 标记 值 name | all -筛选器列表的名称,或 all。 Remarks: 如果指定了 'all',将删除所有筛选器。 示例: delete filterlist all |
Usage: filterlist [name = ] | [ all ] Deletes the filter list and all of its associated filters. Parameters: Tag Value name | all -Name of the filter list or ‘all’. Remarks: If 'all' is specified, all filter lists are deleted. Examples: delete filterlist all |
11452 | 用法: filteraction [ name = ] | [ all ] 删除筛选器操作。 参数: 标记 值 name | all -筛选器操作的名称,或 all。 注释: 如果指定了 'all',将删除所有筛选器操作。 示例: 1. delete filteraction FilterA 2. delete filteraction all |
Usage: filteraction [ name = ] | [ all ] Deletes a filter action. Parameters: Tag Value name | all -Name of the filter action or ‘all’. Remarks: If 'all' is specified, all filter actions are deleted. Examples: 1. delete filteraction FilterA 2. delete filteraction all |
11453 | 用法: rule [ name = ] | [ id = ] | [ all ] [ policy = ] 从策略中删除规则。 参数: 标记 值 name | id | all -规则的名称或 ID,或 all policy -策略名称。 注释: 1. 如果指定了 'all',将从策略中删除除了默认响应规则以外 的所有规则。 2. 默认响应规则不能被删除。 3. 每次删除都将更改 ID。 示例: 1. delete rule id=1 Policy1 -从 Policy1 中删除 id=1 的规则。 2. delete rule all Policy1 -从 Policy1 中删除所有规则。 |
Usage: rule [ name = ] | [ id = ] | [ all ] [ policy = ] Deletes a rule from a policy. Parameters: Tag Value name | id | all -Name of the rule, ID of the rule, or ‘all’ policy -Name of the policy. Remarks: 1. If 'all' is specified, deletes all rules from the policy except the default response rule. 2. The default response rule cannot be deleted. 3. The IDs will change with every delete. Examples: 1. delete rule id=1 Policy1 -deletes the rule with id=1 from Policy1. 2. delete rule all Policy1 -deletes all the rules from Policy1. |
11454 | 用法: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] 从筛选器列表中删除一个筛选器 参数: 标记 值 filterlist -筛选器要添加到其中的筛选器列表的名称。 srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 protocol -可以是 ANY,ICMP,TCP,UDP,RAW,或者一个整数。 srcmask -源地址掩码,或一个 1 到 32 的前缀。如果 srcaddr 设置为某一范围,则不适用。 dstmask -目标地址掩码,或一个 1 到 32 的前缀。如果 dstaddr 设置为某一范围,则不适用。 srcport -数据包的源端口。值为 0 表示任意端口。 dstport -数据包的目标端口。值为 0 表示任意端口。 mirrored -值为 "Yes" 将创建两个筛选器,每个方向均有一个。 注释: 1. 从筛选器列表中删除准确匹配的筛选器。 2. 要指定当前计算机地址,请设置 srcaddr/dstaddr=me 要指定所有计算机地址,请设置 srcaddr/dstaddr=any 3. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。 4. 如果源为 server,则目标为 "me",反之亦然。 5. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。 示例: 1. delete filter FilterList1 src=fum.com dst=fum.com 2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP 3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP 4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME |
Usage: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] Deletes a filter from a filter list Parameters: Tag Value filterlist -Name of the filter list to which the filter was added. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range srcport -Source port of the packet. A value of 0 means any port dstport -Destination port of the packet. A value of 0 means any port. mirrored -‘Yes’ creates two filters, one in each direction. Remarks: 1. Deletes the exact match filter from the filter list. 2. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 3. Server type can be WINS, DNS, DHCP or GATEWAY. 4. If source is a server, then dest is set to 'me' and vice-versa. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. delete filter FilterList1 src=fum.com dst=fum.com 2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP 3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP 4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME |
11455 | 用法: all 删除所有策略,筛选器列表和筛选器操作。 参数: 注释: 示例: delete all |
Usage: all Deletes all policies, filter lists, and filter actions. Parameters: Remarks: Examples: delete all |
11500 | 显示策略和相关信息的详细信息。 |
Displays details of policies and related information. |
11510 | 显示策略详细信息。 |
Displays policy details. |
11511 | 显示筛选器列表详细信息。 |
Displays filter list details. |
11512 | 显示筛选器操作详细信息。 |
Displays filter action details. |
11513 | 显示规则的详细信息。 |
Displays rule details. |
11515 | 显示所有策略的详细信息及相关信息。 |
Displays details of all policies and related information. |
11516 | 显示组分配的策略的详细信息。 |
Displays details of a group assigned policy. |
11517 | 显示当前策略存储。 |
Displays the current policy store. |
11550 | 用法: policy [ name = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] 显示策略的详细信息 参数: 标记 值 name | all -策略名称或‘all’。 level -Verbose 或 normal。 format -以屏幕格式或制表符分隔的方式输出。 wide -如果设置为 “no”,名称和描述将被截断 以适应 80 列的屏幕宽度。 注释: 示例: show policy Policy1 wide=yes format=table |
Usage: policy [ name = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of a policy Parameters: Tag Value name | all -Name of the policy or ‘all’. level -Verbose or normal. format -Output in screen or tab-delimited format. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all policy details are displayed. Examples: show policy Policy1 wide=yes format=table |
11551 | 用法: filterlist [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table ) ] [ [ resolvedns = ] (yes | no) ] [ [ wide = ] (yes | no) ] 显示筛选器列表的详细信息。 参数: 标记 值 name | rule | all -筛选器列表的名称或 rule 名称或 all。 level -Verbose 或 normal。 format -以屏幕格式或制表符分隔的方式输出。 resolvedns -值为 'yes' 将强制详细输出显示 IP 地址的当前 DNS 映射,以及存储在筛选器字段中的 DNS 名称。 wide -如果设置为 no,名称和描述将被截断,以适 应 80 个字符的屏幕宽度。 注释: 如果指定了 'all',将显示所有筛选器列表。 示例: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes |
Usage: filterlist [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] [ [ wide = ] (yes | no) ] Displays the details of a filter list Parameters: Tag Value name | rule | all -Name of the filter list, rule name, or ‘all’. level -Verbose or normal. format -Output in screen or tab-delimited format. resolvedns -Value of ‘yes’ will force the verbose output to show the current dns mapping for ip addresses and dns names that are stored in the filter fields. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all filter lists are displayed. Examples: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes |
11552 | 用法: filteraction [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table ) ] [ [ wide = ] (yes | no) ] 显示筛选器操作的详细信息。 参数: 标记 值 name | rule | all -筛选器操作的名称或 rule 名称或 all。 level -Verbose 或 normal。 format -以屏幕格式或制表符分隔的方式输出 wide -如果设置为 no,名称和描述将被截断, 以适应 80 个字符的屏幕宽度 注释: 如果指定了 'all',则显示所有筛选器操作。 示例: 1. show filteraction FilterAction1 - 显示筛选器操作 FilterAction1 的详细信息 2. show filteraction rule=Rule1 - 显示由规则 Rule1 使用的筛选器操作 3. show filteraction all - 显示所有筛选器操作 |
Usage: filteraction [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of a filter action Parameters: Tag Value name | rule | all -Name of the filter action, rule name, or ‘all’. level -Verbose or normal. format -Output in screen or tab-delimited format wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all filter actions are displayed. Examples: 1. show filteraction FilterAction1 - shows the details of the filter action named FilterAction1 2. show filteraction rule=Rule1 - shows the filter action used by the rule named Rule1 3. show filteraction all - shows all filter actions |
11553 | " 用法: rule [ name = ] | [ id = ] ] | [ all ] | [default] [ policy = ] [ [ type = ] (tunnel | tranport) ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table ) ] [ [ wide = ] (yes | no) ] 显示策略的规则的详细信息。 参数: 标记 值 name | id | all | default -规则的名称或 id,或 all 或 default。 policy -策略名称。 type -规则类别是 transport 或 tunnel。 level -Verbose 或 normal。 format -以屏幕格式或制表符分隔的方式输出。 wide -如果设置为 no,名称和描述将被截断, 以适应 80 个字符的屏幕宽度 注释: 1. 如果指定了 All,则显示所有规则。 2. 如果指定了 type 参数,则需要指定 'all'。 示例: 1. show rule all type=transport policy=Policy1 - 显示 Policy1 的所有传输规则。 2. show rule id=1 policy=Policy1 - 显示策略的第一个规则。 3. show rule default policy=Policy1 - 显示 Policy1 的默认响应规则的详细信息。 |
Usage: rule [ name = ] | [ id = ] ] | [ all ] | [default] [ policy = ] [ [ type = ] (tunnel | tranport) ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of rules for the policy. Parameters: Tag Value name | id | all | default -Name of the rule, its id, ‘all’, or ‘default’. policy -Name of the policy. type -Rule type is ‘transport’ or ‘tunnel’. level -Verbose or normal. format -Output in screen or tab-delimited format. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: 1. If ‘all’ is specified, all rules are displayed. 2. If the type parameter is specified, 'all' needs to be specified. Examples: 1. show rule all type=transport policy=Policy1 - shows all the transport rules of the policy named Policy1. 2. show rule id=1 policy=Policy1 - shows the first rule of the policy. 3. show rule default policy=Policy1 - shows the details of the default response rule of Policy1. |
11555 | 用法: all [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] 显示所有策略,筛选器列表和筛选器操作。 参数: 标记 值 format -以屏幕格式或制表符分隔的方式输出。 wide -如果设置为 no,名称和描述将被截断, 以适应 80 个字符的屏幕宽度。 注释: 示例: show all |
Usage: all [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays all policies, filter lists, and filter actions. Parameters: Tag Value format -Output in screen or tab-delimited format. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: Examples: show all |
11556 | 用法: gpoassignedpolicy [name = ] [ [ level = ] (verbose | normal) 显示指定的 GPO 的活动策略的详细信息。 参数: 标记 值 Name -本地 AD 组策略对象名称。 注释: 1. 如果当前 store 为 domain,则需要 name 参数, 否则是不允许的。 示例: 1. show gpoassignedpolicy name=GPO1 - 显示指定到 GPO1 的域策略 2. show gpoassignedpolicy - 显示此计算机上当前指定的策略。 |
Usage: gpoassignedpolicy [name = ] Displays the details of the active policy for the specified GPO. Parameters: Tag Value Name -Local AD Group policy object name. Remarks: 1. if the current store is domain, the name parameter is required, otherwise it is not allowed Examples: 1. show gpoassignedpolicy name=GPO1 - shows the assigned domain policy to GPO1. 2. show gpoassignedpolicy - shows currently assigned policy on this computer. |
11557 | 用法: store 示例: show store |
Usage: store Examples: show store |
12200 | 将策略,筛选器和操作添加到 SPD。 |
Adds policy, filter, and actions to SPD. |
12210 | 将快速模式策略添加到 SPD。 |
Adds a quick mode policy to SPD. |
12211 | 将主模式策略添加到 SPD。 |
Adds a main mode policy to SPD. |
12212 | 将快速模式筛选器添加到 SPD。 |
Adds a quick mode filter to SPD. |
12213 | 将主模式筛选器添加到 SPD。 |
Adds a main mode filter to SPD. |
12215 | 添加一个规则和相关联的筛选器到 SPD。 |
Adds a rule and associated filters to SPD. |
12250 | 用法: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] 添加一个快速模式策略到 SPD。 参数: 标记 值 name -快速模式策略名称。 soft -允许与非 IPsec 的计算机进行不安全的通讯。 这可以是 yes 或 no。 pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(默认)。 qmsecmethods -IPsec 提供是下列之一: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s 其中 ConfAlg 可以是 DES 或 3DES 或 None。 其中 AuthAlg 可以是 MD5 或 SHA1 或 None。 其中 HashAlg 是 MD5 或 SHA1。 其中 k 是 lifetime(千字节)。 其中 s 是 lifetime(秒)。 注释: 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: add qmpolicy name=qmp qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s" |
Usage: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Adds a quick mode policy to SPD. Parameters: Tag Value name -Name of the quick mode policy. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either ‘yes’ or ‘no’. pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default). qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add qmpolicy name=qmp qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s" |
12251 | 用法: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 添加一个主模式策略到 SPD。 参数: 标记 值 name -主模式策略名称。 qmpermm -IKE 的每主模式会话的快速模式会话数目。 mmlifetime -为 IKE 的主模式重新生成密钥所需时间。 softsaexpirationtime -未保护的 SA 的过期时间(分钟)。 mmsecmethods -一个或多个由空格分隔的安全方法列表,格式 为 ConfAlg-HashAlg-GroupNum。 其中 ConfAlg 可以是 DES 或 3DES HashAlg 是 MD5 或 SHA1 GroupNum 可以是 1 (Low) 或 2 (Med) 或 3 (DH2048)。 注释: 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20 mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3" |
Usage: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Adds a main mode policy to SPD. Parameters: Tag Value name -Name of the main mode policy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. softsaexpirationtime -Time in minutes for an unprotected SA to expire. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum. where ConfAlg can be DES or 3DES where HashAlg can be MD5 or SHA1 GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048). Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20 mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3" |
12255 | 用法: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ mmpolicy = ] [ [ qmpolicy = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] [ [ conntype = ] (lan | dialup | all) ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname: (yes | no)" ] 添加规则。 参数: 标记 值 srcaddr - 源 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器类型。 dstaddr -目标 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器名称。 mmpolicy -主要模式策略 qmpolicy -快速模式策略 protocol -可以是 ANY, ICMP, TCP, UDP, RAW 或一个整数。 如果指定端口,则可接受的值为 TCP 或 UDP。 srcport -源端口(0 意味着任意端口) dstport -目标端口(0 意味着任意端口) mirrored -"Yes" 创建两个筛选器,每个方向一个。 conntype -连接类型 actioninbound -用于入站数据包的操作 actionoutbound -用于出站数据包的操作 srcmask -源地址掩码或 1 到 32 之间的前缀。如果 srcaddr 设置为一个 范围则不可用 dstmask -目标地址掩码或 1 到 32 之间的前缀。如果 dstaddr 设置为一个 范围则不可用 tunneldstaddress -隧道目标 IP 地址或 DNS 名称。 kerberos -如果指定 "yes" 则提供 kerberos 身份验证。 psk -使用指定的预共享密钥提供身份验证。 rootca -使用指定的根证书提供身份验证, 如果指定 certmap:Yes,则尝试映射证书, 如果指定 excludecaname:Yes,则排除 CA 名称。 说明: 1. 端口对于 TCP 和 UDP 有效。 2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY 3. actioninbound 和 actionoutbound 的默认值为 "negotiate"。 4. 对于隧道规则,必须将 "mirrored" 设置为 "no"。 5. 证书、映射和 CA 名称设置都必须放在引号中;嵌入的引号用 "\" 代替。 6. 证书映射仅对域成员有效。 7. 通过多次使用 rootca 参数可以提供多重证书。 8. 每个身份验证方法的优先级由它在命令中的顺序决定。 9. 如果未指定身份验证方法,则使用动态默认。 10. 排除根证书颁发机构(CA)名称可以防止将名称作为证书请求的一部分发送。 11. 如果指定地址范围,终结点必须是特定地址(不是列表或子网),而且必须是 相同的类型(都应该是 v4 或 v6)。 示例: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\'Microsoft North, South, East, and West Root Authority\' certmap:yes excludecaname:no" |
Usage: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ mmpolicy = ] [ [ qmpolicy = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] [ [ conntype = ] (lan | dialup | all) ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Adds a Rule. Parameters: Tag Value srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. mmpolicy -Main mode policy qmpolicy -Quick mode policy protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. If you specify a port, acceptable value is TCP or UDP. srcport -Source port(0 means any port) dstport -Destination port(0 means any port) mirrored -‘Yes' creates two filters, one in each direction. conntype -Connection type actioninbound -Action for inbound packets actionoutbound -Action for outbound packets srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range tunneldstaddress -Tunnel destination ip address or dns name. kerberos -Provides kerberos authentication if ‘yes’ is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Port valid for TCP and UDP. 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. Default for actioninbound and actionoutbound is ‘negotiate’. 4. For tunnel rules, mirrored must be set to 'no'. 5. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 6. Certificate mapping is valid only for domain members. 7. Multiple certificates can be provided by using the rootca parameter multiple times. 8. The preference of each authentication method is determined by its order in the command. 9. If no auth methods are stated, dynamic defaults are used. 10. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. 11. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Example: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" |
12300 | 更改 SPD 中的策略,筛选器和操作。 |
Modifies policy, filter, and actions in SPD. |
12310 | 更改 SPD 中的快速模式策略。 |
Modifies a quick mode policy in SPD. |
12311 | 更改 SPD 中的主模式策略。 |
Modifies a main mode policy in SPD. |
12312 | 更改 SPD 中的快速模式筛选器。 |
Modifies a quick mode filter in SPD. |
12313 | 更改 SPD 中的主模式筛选器。 |
Modifies a main mode filter in SPD. |
12319 | 设置 IPSEC 配置和启动时间行为。 |
Sets the IPsec configuration and boot time behavior. |
12320 | 修改 SPD 中的规则和相关联的筛选器。 |
Modifies a rule and associated filters in SPD. |
12350 | 用法: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2... neg#n) ] 在 SPD 中更改快速模式策略。 参数: 标记 值 name -快速模式策略名称。 soft -允许与非 IPsec 的计算机进行不安全的通信。 这可以是 yes 或 no。 pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(默认)。 qmsecmethods -IPsec 提供是下列之一 ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s 其中 ConfAlg 可以是 DES,或 3DES 或 None。 其中 AuthAlg 可以是 MD5,或 SHA1 或 None。 其中 HashAlg 是 MD5 或 SHA1。 其中 k 是 lifetime(千字节)。 其中 s 是 lifetime(秒)。 注释: 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: set qmpolicy name=qmp pfsg=grp3 qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]" |
Usage: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Modifies a quick mode policy in SPD. Parameters: Tag Value name -Name of the quick mode policy. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either 'yes' or 'no'. pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default). qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES, or 3DES or None. where AuthAlg can be MD5, or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Example: set qmpolicy name=qmp pfsg=grp3 qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]" |
12351 | 用法: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 用新参数在 SPD 中更改主模式策略。 参数: 标记 值 name -主模式策略名称。 qmpermm -IKE 的每主模式会话的快速模式会话数目。 mmlifetime -为 IKE 的主模式重新生成密钥所需时间。 softsaexpirationtime -未保护的 SA 的过期时间(分钟)。 mmsecmethods -一个或多个空格分隔的安全方法列表,格式 为 ConfAlg-HashAlg-GroupNum。 其中 ConfAlg 可以是 DES 或 3DES, HashAlg 是 MD5 或 SHA1, GroupNum 可以是 1 (Low) 或 2 (Med) 或 3 (DH2048)。 注释: 不推荐使用 DES 和 MD5。提供这些算法 仅用于向下兼容。 示例: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3 |
Usage: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Modifies a main mode policy with the new parameters in SPD. Parameters: Tag Value name -Name of the main mode policy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. softsaexpirationtime -Time in minutes for an unprotected SA to expire. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum, where ConfAlg can be DES or 3DES, HashAlg is MD5 or SHA1, GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048). Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Example: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3 |
12359 | 用法: config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval | ikelogging | strongcrlcheck | bootmode | bootexemptions) ] [ value = ] | | ] 配置 IPSec 的参数。 参数: 标记 值 property -属性名称。 value -与属性相对应的值。 注释: 1. 属性的有效值为: ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7 ikelogging - 0, 1 strongcrlcheck - 0, 1, 2 ipsecloginterval - 60 to 86400 sec ipsecexempt - 0, 1, 2, 3 bootmode - stateful, block, permit bootexemptions - none, "exemption#1 exemption#2 ... exemption#n" 其中引号中的字符串指定引导模式期间 始终允许的协议和端口列表,格式如下: Protocol:SrcPort:DstPort:Direction 其中 protocol 为 ICMP、TCP、UDP、 RAW 或 其中 direction 为 inbound 或 outbound 2. 提供 ipsecdiagnostics、ikelogging、ipsecloginterval、bootmod 和 bootexemptions 选项,用于向下兼容。对于 Windows Vista 及以后的 操作系统无效。 3. SrcPort 和 DstPort 仅对于 TCP 和 UDP 有效,对于其他协议, 免除格式为 Protocol:Direction。 4. 端口设置 0 允许任意端口的流量。 5. 立即激活 ikelogging 和 strongcrlcheck; 其他所有属性在下次启动时生效。 示例: 1. set config property=ipsecdiagnostics value=0 2. set config property=bootmode value=stateful 3. set config property=bootexemptions value=none 4. set config property=bootexemptions value="ICMP:inbound TCP:80:80:outbound" |
Usage: config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval | ikelogging | strongcrlcheck | bootmode | bootexemptions) ] [ value = ] | | ] Configures the parameters for IPsec. Parameters: Tag Value property -Property name. value -Value that corresponds to the property. Remarks: 1. Valid values for the properties are: ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7 ikelogging - 0, 1 strongcrlcheck - 0, 1, 2 ipsecloginterval - 60 to 86400 sec ipsecexempt - 0, 1, 2, 3 bootmode - stateful, block, permit bootexemptions - none, "exemption#1 exemption#2 ... exemption#n" where the quoted string specifies a list of protocols and ports to always allow during boot mode in the following format: Protocol:SrcPort:DstPort:Direction where protocol is ICMP, TCP, UDP, RAW, or where direction is inbound or outbound 2. ipsecdiagnostics, ikelogging, ipsecloginterval, bootmode and bootexemptions options are provided for backward compatibility. Not valid for Windows Vista and later operating systems. 3. SrcPort and DstPort are only valid for TCP and UDP, with other protocols the format of the exemption is Protocol:Direction. 4. A port setting of 0 allows for traffic for any port. 5. ikelogging and strongcrlcheck are activated immediately; all other properties take effect on next boot. Examples: 1. set config property=ipsecdiagnostics value=0 2. set config property=bootmode value=stateful 3. set config property=bootexemptions value=none 4. set config property=bootexemptions value="ICMP:inbound TCP:80:80:outbound" |
12360 | 用法: rule [ srcaddr = ] (ip | dns | server) [ dstaddr = ] (ip | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ mmpolicy = ] ] [ [ qmpolicy = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 在 SPD 中修改规则及相关的筛选器。 参数: 标记 值 srcaddr - 源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 protocol -可以是 ANY,ICMP,TCP,UDP,RAW,或一个整数。 srcport -源端口(0 表示任意端口) dstport -目标端口(0 表示任意端口) mirrored -值为 "Yes" 将创建两个筛选器,每个方向均有一个。 conntype -连接类型 srcmask -源地址掩码,或一个 1 到 32 的前缀。如果 srcaddr 设置为某一范围,则不适用。 dstmask -目标地址掩码,或一个 1 到 32 的前缀。如果 dstaddr 设置为某一范围,则不适用。 tunneldstaddress -隧道目标 ip 地址或 dns 名称。 mmpolicy -主模式策略 qmpolicy -快速模式策略 actioninbound -对入站数据包的操作 actionoutbound -对出站数据包的操作 kerberos -如果指定了‘yes’,则提供 kerberos 身份验证 psk -用指定的预共享密钥提供身份验证 rootca -用指定的根证书提供身份验证, 如果指定了 certmap:Yes,将尝试映射此证书 如果指定了 excludecaname:Yes,将排除 CA 名称 注释: 1. 可以设置 Mmpolicy、qmpolicy、actioninbound、actionoutbound 和 authmethods,其他字段是标识符。 2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY 3. 证书、映射和 CA 名称设置均以引号中引起来,内嵌的引号将替代为 “\"”。 4. 证书映射只对域成员有效。 5. 可以多次使用 rootca 参数来提供多重证书。 6. 每种身份验证方法的优先级由它在命令中的顺序来 决定。 7. 如果没有指定身份验证方法,将使用动态默认值。 8. 所有身份验证方法都将以指定的列表覆盖。 9. 排除根证书颁发机构(CA)名称可防止将名称作为证书请求的一部分 进行发送。 10. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同 类型的地址(两者均应为 v4 或 v6)。 示例: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32 tunneldst=192.168.145.1 proto=tcp srcport=80 dstport=80 mir=no con=lan qmp=qmp actionin=negotiate actionout=permit 2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" |
Usage: rule [ srcaddr = ] (ip | dns | server) [ dstaddr = ] (ip | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ mmpolicy = ] ] [ [ qmpolicy = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Modifies a rule and associated filters in SPD. Parameters: Tag Value srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port (0 means any port) dstport -Destination port (0 means any port) mirrored -'Yes' creates two filters, one in each direction. conntype -Connection type srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range tunneldstaddress -Tunnel destination ip address or dns name. mmpolicy -Main mode policy qmpolicy -Quick mode policy actioninbound -Action for inbound packets actionoutbound -Action for outbound packets kerberos -Provides kerberos authentication if ‘yes’ is specified psk -Provides authentication using a specified preshared key rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Mmpolicy, qmpolicy, actioninbound, actionoutbound and authmethods can be set; other fields are identifiers. 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 4. Certificate mapping is valid only for domain members. 5. Multiple certificates can be provided by using the rootca parameter multiple times. 6. The preference of each authentication method is determined by its order in the command. 7. If no auth methods are stated, dynamic defaults are used. 8. All authentication methods are overwritten with the stated list. 9. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. 10. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32 tunneldst=192.168.145.1 proto=tcp srcport=80 dstport=80 mir=no con=lan qmp=qmp actionin=negotiate actionout=permit 2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" |
12400 | 从 SPD 中删除策略,筛选器和操作。 |
Deletes policy, filter, and actions from SPD. |
12410 | 从 SPD 中删除快速模式策略。 |
Deletes a quick mode policy from SPD. |
12411 | 从 SPD 中删除主模式策略。 |
Deletes a main mode policy from SPD. |
12414 | 从 SPD 中删除规则及与其相关联的筛选器。 |
Deletes a rule and associated filters from SPD. |
12415 | 从 SPD 中删除所有策略,筛选器和操作。 |
Deletes all policies, filters, and actions from SPD. |
12450 | 用法: qmpolicy [ name = ] | [ all ] 从 SPD 中删除快速模式策略。 如果指定了 'all',将删除所有快速模式策略。 参数: 标记 值 name -快速模式策略名称。 备注: 要删除一个快速模式策略,必须先删除所有相关联的快速模式 筛选器。 示例: delete qmpolicy name=qmp |
Usage: qmpolicy [ name = ] | [ all ] Deletes a quick mode policy from SPD. If 'all' is specified, all quick mode policies are deleted. Parameters: Tag Value name -Name of the quick mode policy. Remarks: To delete a quick mode policy, any associated quick mode filters must first be deleted. Examples: delete qmpolicy name=qmp |
12451 | 用法: mmpolicy [ name = ] | [ all ] 从 SPD 中删除主模式策略。 如果指定了 'all',将删除所有主模式策略。 参数: 标记 值 name -主模式策略名称。 注释: 要删除一个主模式策略,必须先删除所有相关联的主模式 筛选器。 示例: delete mmpolicy name=mmp |
Usage: mmpolicy [ name = ] | [ all ] Deletes a main mode policy from SPD. If 'all' is specified, all main mode policies are deleted. Parameters: Tag Value name -Name of the main mode policy. Remarks: To delete a main mode policy, any associated main mode filters must first be deleted. Examples: delete mmpolicy name=mmp |
12454 | 用法: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] 从 SPD 中删除规则。 参数: 标记 值 srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 protocol -可以是 ANY,ICMP,TCP,UDP,RAW,或者一个整数。 srcport -源端口。值为 0 表示任意端口。 dstport -目标端口。值为 0 表示任意端口。 mirrored -值为 "Yes" 将创建两个筛选器,每个方向均有一个。 conntype -连接类型可以是 lan、dialup 或 "all"。 srcmask -源地址掩码或 1 到 32 的前缀。 dstmask -目标地址掩码或 1 到 32 的前缀。 tunneldstaddress -隧道目标 ip 地址或 dns 名称。 注释: 1. 要指定当前计算机地址,请设置 srcaddr/dstaddr=me 要指定所有计算机地址,请设置 srcaddr/dstaddr=any 2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY 3. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。 示例: delete rule srca=192.168.145.110 dsta=192.168.145.215 tunneldsta=192.168.145.1 proto=tcp srcport=80 dstport=80 mirror=no conntype=lan |
Usage: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] Deletes a rule from SPD. Parameters: Tag Value srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. mirrored -‘Yes’ creates two filters, one in each direction. conntype -Connection type can be lan, dialup or ‘all’. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. tunneldstaddress -Tunnel destination ip address or dns name. Remarks: 1. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: delete rule srca=192.168.145.110 dsta=192.168.145.215 tunneldsta=192.168.145.1 proto=tcp srcport=80 dstport=80 mirror=no conntype=lan |
12455 | 用法: all 从 SPD 中删除所有策略,筛选器和身份验证方法。 示例: delete all |
Usage: all Deletes all policies, filters, and authentication methods from SPD. Example: delete all |
12500 | 从 SPD 中显示策略,筛选器和操作。 |
Displays policy, filter, and actions from SPD. |
12510 | 显示 SPD 中的策略,筛选器,SA 和统计。 |
Displays policies, filters, SAs, and statistics from SPD. |
12511 | 从 SPD 中显示主模式策略详细信息。 |
Displays main mode policy details from SPD. |
12512 | 从 SPD 中显示快速模式策略详细信息。 |
Displays quick mode policy details from SPD. |
12513 | 从 SPD 中显示主模式筛选器详细信息。 |
Displays main mode filter details from SPD. |
12514 | 从 SPD 中显示快速模式筛选器详细信息。 |
Displays quick mode filter details from SPD. |
12515 | 从 SPD 中显示 IPsec 和 IKE 统计。 |
Displays IPsec and IKE statistics from SPD. |
12516 | 从 SPD 中显示主模式安全关联。 |
Displays main mode security associations from SPD. |
12517 | 从 SPD 中显示快速模式安全关联。 |
Displays quick mode security associations from SPD. |
12518 | 显示 IPsec 配置。 |
Displays IPsec configuration. |
12519 | 显示 SPD 中的规则详细信息。 |
Displays rule details from SPD. |
12550 | 用法: all [ [ resolvedns = ] (yes | no) ] 显示 SPD 中的所有策略,筛选器,SA 和统计的详细信息。 参数: 标记 值 resolvedns -值为 'yes' 显示解析的 dns 名称。 注释: resolvedns 的默认值为 'no'。 示例: show all yes -显示所有信息,包括 dns 解析 |
Usage: all [ [ resolvedns = ] (yes | no) ] Displays details of all policies, filters, SAs, and statistics from SPD. Parameters: Tag Value resolvedns -Value of 'yes' displays the resolved dns name. Remarks: Default value of resolvedns is ‘no’. Examples: show all yes - shows all information with dns resolution |
12551 | 用法: mmpolicy [ name = ] | [ all ] 从 SPD 中显示主模式策略的详细信息。 参数: 标记 值 name -主模式策略名称。 注释: 如果指定了 'all',将显示所有主模式策略。 示例: 1. show mmpolicy name=mmp 2. show mmpolicy all |
Usage: mmpolicy [ name = ] | [ all ] Displays main mode policy details from SPD. Parameters: Tag Value name -Name of the main mode policy. Remarks: If 'all' is specified, all main mode policies are displayed. Examples: 1. show mmpolicy name=mmp 2. show mmpolicy all |
12552 | 用法: qmpolicy [ name = ] | [ all ] 从 SPD 中显示快速模式策略的详细信息。 参数: 标记 值 name -快速模式策略名称。 注释: 如果指定了 'all',将显示所有快速模式策略。 示例: 1. show qmpolicy name=qmp 2. show qmpolicy all |
Usage: qmpolicy [ name = ] | [ all ] Displays quick mode policy details from SPD. Parameters: Tag Value name -Name of the quick mode policy. Remarks: If 'all' is specified, all quick mode policies are displayed. Examples: 1. show qmpolicy name=qmp 2. show qmpolicy all |
12553 | 用法: mmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ resolvedns = ] (yes | no) ] 从 SPD 中显示主模式筛选器的详细信息。 参数: 标记 值 name | all -主模式筛选器名称,或 'all'。 type -筛选器类别。可以是 specific 或 generic。 srcaddr -源 ip 地址(ipv4 或 ipv6),地址范围,DNS 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6),地址范围,DNS 名称或服务器类型。 srcmask -源地址掩码或 1 到 32 的前缀。 dstmask -目标地址掩码或 1 到 32 的前缀。 resolvedns -值为 'yes' 显示解析的 dns 名称。 注释: 1. 默认 type 参数为 generic。 2. 服务器类型可以是 WINS,DNS,DHCP 或 GATEWAY。 3. 如果指定了 'all',将显示所有主模式筛选器。 4. 如果指定了源地址或目标地址,将只显示与该地址相关联的筛选器。 5. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同 类型地址(两者均应为 v4 或 v6)。 示例: 1. show mmfilter name=mmf 2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112 |
Usage: mmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ resolvedns = ] (yes | no) ] Displays main mode filter details from SPD. Parameters: Tag Value name | all -Name of the main mode filter or ‘all’. type -Type of filter to display, either specific or generic. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Default for the type parameter is ‘generic’. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If 'all' is specified, all main mode filters are displayed. 4. If source address or destination address is specified, only filters associated with that address are displayed. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show mmfilter name=mmf 2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112 |
12554 | 用法: qmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] 从 SPD 中显示快速模式筛选器的详细信息。 参数: 标记 值 name -快速模式筛选器名称。 type -要显示的筛选器类别,可以是 specific 或 generic。 srcaddr -源 IP 地址(IPV4 或 IPV6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 IP 地址(IPV4 或 IPV6)、地址范围、dns 名称或服务器类型。 srcmask -源地址掩码或 1 到 32 的前缀。 dstmask -目标地址掩码或 1 到 32 的前缀。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或一个整数。 srcport -源端口。值为零表示任意端口。 dstport -目标端口。值为零表示任意端口。 actioninbound -对入站数据包的操作。 actionoutbound -对出站数据包的操作。 resolvedns -值为 "yes" 显示解析的 dns 名称。 注释: 1. 如果未指定类别,则显示 "generic" 和 "specific" 筛选器。 2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。 3. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同 类型地址(两者均应为 v4 或 v6)。 示例: 1. 显示 qmfilter name=qmf 2. 显示 qmfilter all srcaddr=192.134.135.133 proto=TCP 3. 如果指定 "all",则将显示所有快速模式筛选器。 4. 如果指定源或目标地址名称, 则将只显示与该地址相关联的筛选器。 |
Usage: qmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] Displays quick mode filter details from SPD. Parameters: Tag Value name -Name of the quick mode filter. type -Type of filter to display, either specific or generic. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. actioninbound -Action for inbound packets. actionoutbound -Action for outbound packets. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. If the type is not specified then both ‘generic’ and ‘specific’ filters are displayed. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show qmfilter name=qmf 2. show qmfilter all srcaddr=192.134.135.133 proto=TCP 3. If 'all' is specified, all quick mode filters are displayed. 4. If source or destination address name is specified, only filters associated with that address are displayed. |
12555 | 用法: stats [ [type =] (all | ike | ipsec) ] 显示 IPsec 和 IKE 统计的详细信息。 参数: 标记 值 type -ipsec 或 ike 或 all,all 两者都显示(IPsec 和 IKE) 注释: 示例: 1. show stats all 2. show stats type=ipsec |
Usage: stats [ [type =] (all | ike | ipsec) ] Displays details of IPsec and IKE statistics. Parameters: Tag Value type -ipsec, ike, or all (which displays both ipsec and ike) Remarks: Examples: 1. show stats all 2. show stats type=ipsec |
12556 | 用法: mmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] 显示指定地址的主模式安全关联。 参数: 标记 值 all -显示所有主模式安全关联。 srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 format -以屏幕格式或制表符分隔的方式输出。 resolvedns -值为 "yes" 显示解析的 dns 名称。 注释: 1. 服务器类型可以是 WINS,DNS,DHCP 或 GATEWAY。 2. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。\ 示例: 1. show mmsas all 2. show mmsas srca=192.168.145.110 dsta=192.168.145 .215 |
Usage: mmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] Displays the main mode security associations for a specified address. Parameters: Tag Value all -Display all main mode security associations. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type. format -Output in screen or tab-delimited format. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY. 2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\ Examples: 1. show mmsas all 2. show mmsas srca=192.168.145.110 dsta=192.168.145 .215 |
12557 | 用法: qmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] 显示指定地址的快速模式安全关联。 参数: 标记 值 all -显示所有快速模式安全关联。 srcaddr -源 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器类型。 dstaddr -目标 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器类型。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或一个整数。 format -屏幕中的输出或制表符分隔格式。 resolvedns -值 "yes" 显示解析的 DNS 名称。 说明: 1. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。 2. 如果指定地址范围,终结点必须是特定地址(不是列表或子网), 而且必须是相同的类型(都应该是 v4 或 v6)。 示例: 1. show qmsas all 2. show qmsas srca=192.168.145.110 dsta=192.168.145.215 |
Usage: qmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] Displays the quick mode security associations for a specified address. Parameters: Tag Value all -Displays all quick mode security associations. srcaddr -Source ip address(ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. format -Output in screen or tab-delimited format. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY. 2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show qmsas all 2. show qmsas srca=192.168.145.110 dsta=192.168.145.215 |
12558 | 用法: config 显示 IPsec 配置参数的当前设置。 注释: 示例: show config |
Usage: config Displays current settings of IPsec configuration parameters. Remarks: Example: show config |
12559 | 用法: rule [ [ type = ] (transport | tunnel) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] 显示 SPD 中的规则详细信息。 参数: 标记 值 type -要显示的规则类型,可以是 transport 或 tunnel。 srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。 srcmask -源地址掩码或一个 1 到 32 的前缀。 dstmask -目标地址掩码或一个 1 到 32 的前缀。 protocol -可以是 ANY,ICMP,TCP,UDP,RAW 或一个整数。 srcport -源端口。值为零表示任意端口。 dstport -目标端口。值为零表示任意端口。 actioninbound -对入站数据包的操作。 actionoutbound -对出站数据包的操作。 resolvedns -值为 "yes" 显示解析的 dns 名称。 注释: 1. type 参数的默认值为 "transport"。 2. 服务器类型可以是 WINS,DNS,DHCP 或 GATEWAY。 3. 如果指定了源或目标地址名称,将只显示与该地址相关联的规则。 4. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同类型 地址(两者均应为 v4 或 v6)。 示例: 1. show rule - shows both transport and tunnel rules 2. show rule type=transport srcaddr=192.134.135.133 proto=TCP |
Usage: rule [ [ type = ] (transport | tunnel) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] Displays rule details from SPD. Parameters: Tag Value type -Type of rule to display, either transport or tunnel. srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. actioninbound -Action for inbound packets. actionoutbound -Action for outbound packets. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Default for the type parameter is ‘transport’. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If source or destination address name is specified, only rules associated with that address are displayed. 4. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show rule - shows both transport and tunnel rules 2. show rule type=transport srcaddr=192.134.135.133 proto=TCP |
13001 | 策略数目 : %1!d! |
No. of policies : %1!d! |
13002 | 存储 : 本地存储 |
Store : Local Store |
13006 | 存储 : 域存储 |
Store : Domain Store |
13012 | 远程计算机 | Remote Machine |
13013 | 本地计算机 | Local Machine |
13014 | 远程域 | Remote Domain |
13015 | 本地域 | Local Domain |
13016 | 本地计算机 | Local Machine |
13017 | 本地域 | Local Domain |
13100 | 策略名称 : %1!s! |
Policy Name : %1!s! |
13304 | 规则 ID : %1!d!, GUID = %2!s! |
Rule ID : %1!d!, GUID = %2!s! |
13305 | 筛选器列表名称 : %1!s! |
FilterList Name : %1!s! |
13306 | 筛选器列表名称 : 无 |
FilterList Name : NONE |
13602 | 策略名称 : %1!s! |
Policy Name : %1!s! |
13603 | 描述 : %1!s! |
Description : %1!s! |
13604 | 描述 : 无 |
Description : NONE |
13605 | 已分配 : 是 |
Assigned : YES |
13606 | 已分配 : 否 |
Assigned : NO |
13607 | 主 PFS : 是 |
Master PFS : YES |
13608 | 主 PFS : 否 |
Master PFS : NO |
13609 | 轮询间隔 : %1!d! 分钟 |
Polling Interval : %1!d! minutes |
13610 | 规则数目 : %1!d! |
No. of Rules : %1!d! |
13611 | 规则详细信息 |
Rule Details |
13612 | ------------ |
------------ |
13615 | 已分配 : 是,但是被 AD 策略覆盖 |
Assigned : YES but AD Policy Overrides |
13700 | 规则名称 : %1!s! |
Rule Name : %1!s! |
13701 | 规则名称 : 无 |
Rule Name : NONE |
13705 | 身份验证方法(%1!d!) |
Authentication Methods(%1!d!) |
13708 | 隧道目标 IP 地址: | Tunnel Dest IP Address : |
13709 | 连接类型 : 全部 |
Connection Type : ALL |
13710 | 连接类型 : LAN |
Connection Type : LAN |
13711 | 连接类型 : 拨号 |
Connection Type : DIAL UP |
13712 | 连接类型 : 无 |
Connection Type : NONE |
13713 | 筛选器列表详细信息 |
FilterList Details |
13714 | ------------------ |
------------------ |
13715 | 在默认响应规则中没有筛选器列表 |
No FilterList exists in Default Response Rule |
13716 | 筛选器操作详细信息 |
FilterAction Details |
13717 | --------------------- |
--------------------- |
13734 | 传输规则数目 : %1!d! |
No of Transport rule(s): %1!d! |
13735 | 隧道规则数目 : %1!d! |
No of Tunnel rule(s) : %1!d! |
13736 | 已激活 : 是 |
Activated : YES |
13737 | 已激活 : 否 |
Activated : NO |
13738 | 已激活 : YES Windows Vista 和 Windows 的更新版本不支持默认响应规则。该策略无效。 |
Activated : YES Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect. |
13800 | 筛选器操作名称 : %1!s! |
FilterAction Name : %1!s! |
13801 | 筛选器操作名称 : 无 |
FilterAction Name : NONE |
13802 | 操作 : 允许 |
Action : PERMIT |
13803 | 操作 : 阻止 |
Action : BLOCK |
13804 | 操作 : 协商安全 |
Action : NEGOTIATE SECURITY |
13805 | AllowUnsecure(Fallback): 是 |
AllowUnsecure(Fallback): YES |
13806 | AllowUnsecure(Fallback): 否 |
AllowUnsecure(Fallback): NO |
13807 | 入站通过 : 是 |
Inbound Passthrough : YES |
13808 | 入站通过 : 否 |
Inbound Passthrough : NO |
13809 | 安全方法数目 : %1!d! | No. of Security.Methods: %1!d! |
13812 | AH ESP LIFE (Sec/kB) |
AH ESP LIFE (Sec/kB) |
13813 | -- --- ------------- |
-- --- ------------- |
13815 | QMPFS : 是 |
QMPFS : YES |
13816 | QMPFS : 否 |
QMPFS : NO |
14200 | KERBEROS |
KERBEROS |
14201 | 根 CA : %1!s! |
Root CA : %1!s! |
14202 | 预共享密钥 : %1!s! |
Preshared Key : %1!s! |
14203 | 无 |
NONE |
14300 | 筛选器列表名称 : %1!s! |
FilterList Name : %1!s! |
14301 | 筛选器列表名称 : 无 |
FilterList Name : NONE |
14302 | 筛选器数目 : %1!d! |
No. of Filters : %1!d! |
14304 | 筛选器 |
Filter(s) |
14305 | --------- |
--------- |
14308 | GUID : %1!s! |
GUID : %1!s! |
14309 | 上次修改时间 : %1!s! |
Last Modified : %1!s! |
14500 | 源 DNS 名称 : |
Source DNS Name : |
14501 | 源 DNS 名称 : %1!s! |
Source DNS Name : %1!s! |
14505 | 源 DNS 名称 : 无 |
Source DNS Name : NONE |
14506 | 目标 DNS 名称 : |
Destination DNS Name : |
14507 | 目标 DNS 名称 : %1!s! |
Destination DNS Name : %1!s! |
14511 | 目标 DNS 名称 : 无 |
Destination DNS Name : NONE |
14512 | 已镜像 : 是 |
Mirrored : YES |
14513 | 已镜像 : 否 |
Mirrored : NO |
14514 | 源 DNS 名称 : %1!s! 解析为 | Source DNS Name : %1!s! resolves to |
14515 | 目标 DNS 名称 : %1!s! 解析为 | Destination DNS Name : %1!s! resolves to |
14516 | 源 DNS 名称 : |
Source DNS Name : |
14517 | 源 DNS 名称 : |
Source DNS Name : |
14520 | 目标 DNS 名称 : |
Destination DNS Name : |
14521 | 目标 DNS 名称 : |
Destination DNS Name : |
14522 | 目标 DNS 名称 : |
Destination DNS Name : |
14526 | %1!-15s! | %1!-15s! |
14527 | %1!s! | %1!s! |
14528 | %1!s! |
%1!s! |
14529 | ||
14530 | , | , |
14531 | ... | ... |
14600 | 源 IP 地址 : |
Source IP Address : |
14602 | 源 IP 地址 : | Source IP Address : |
14603 | 源掩码 : | Source Mask : |
14604 | 目标 IP 地址 : |
Destination IP Address : |
14606 | 目标 IP 地址 : | Destination IP Address : |
14607 | 目标掩码 : | Destination Mask : |
14608 | 源端口 : %1!d! |
Source Port : %1!d! |
14609 | 源端口 : 任何 |
Source Port : ANY |
14610 | 目标端口 : %1!d! |
Destination Port : %1!d! |
14611 | 目标端口 : 任何 |
Destination Port : ANY |
14615 | 解析为 %1!s! |
resolves to %1!s! |
14617 | 源 IP 地址 : |
Source IP Address : |
14618 | 源 IP 地址 : |
Source IP Address : |
14620 | 源 IP 地址 : |
Source IP Address : |
14621 | 目标 IP 地址 : |
Destination IP Address : |
14622 | 目标 IP 地址 : |
Destination IP Address : |
14623 | 目标 IP 地址 : |
Destination IP Address : |
14624 | 目标 IP 地址 : |
Destination IP Address : |
14625 | 源端口范围 : %1!d!-%2!d! |
Source Port Range : %1!d!-%2!d! |
14626 | 目标端口范围 : %1!d!-%2!d! |
Destination Port Range : %1!d!-%2!d! |
14700 | 协议 : ICMP |
Protocol : ICMP |
14701 | 协议 : TCP |
Protocol : TCP |
14703 | 协议 : UDP |
Protocol : UDP |
14708 | 协议 : RAW |
Protocol : RAW |
14709 | 协议 : ANY |
Protocol : ANY |
14710 | 协议 : %1!d! |
Protocol : %1!d! |
14802 | 主模式安全方法顺序 |
Main Mode Security Method Order |
14803 | 主模式生存时间 : %1!d! 分钟 / %2!d! 快速模式会话 |
MainMode LifeTime : %1!d! minutes / %2!d! Quick Mode sessions |
14804 | 加密 集成 DH 组 |
Encryption Integrity DH Group |
14805 | ---------- --------- -------- | ---------- --------- -------- |
14900 | DES |
DES |
14901 | 3DES |
3DES |
14902 | SHA1 | SHA1 |
14903 | MD5 | MD5 |
14904 | 低(1) | Low(1) |
14905 | 中(2) | Medium(2) |
14906 | 2048 | 2048 |
15001 | 源计算机 : 的本地计算机 GPO |
Source Machine : Local Computer GPO for |
15002 | 源域 : %1!s! |
Source Domain : %1!s! |
15003 | DC 名称 : %1!s! |
DC Name : %1!s! |
15004 | GPO 名称 : %1!s! |
GPO Name : %1!s! |
15005 | 本地 IPsec 策略名称 : %1!s! |
Local IPsec Policy Name : %1!s! |
15006 | AD IPsec 策略名称 : %1!s! |
AD IPsec Policy Name : %1!s! |
15007 | GPO DN : %1!s! |
GPO DN : %1!s! |
15008 | GPO OU 链接 : %1!s! |
GPO OU Link : %1!s! |
15009 | AD 策略 DN : %1!s! |
AD Policy DN : %1!s! |
15010 | 本地 IPsec 策略分配 : 是,但是 AD 策略正在覆盖 |
Local IPsec Policy Assigned: Yes, but AD Policy is Overriding |
15011 | 本地 IPsec 策略 DN : %1!s! |
Local IPsec Policy DN : %1!s! |
15016 | 本地 IPsec 策略名称 : 无 |
Local IPsec Policy Name : NONE |
15017 | AD IPsec 策略名称 : 无 |
AD IPsec Policy Name : NONE |
15018 | IPsec 策略名称 : %1!s! |
IPsec Policy Name : %1!s! |
15019 | IPsec 策略 DN : %1!s! |
IPsec Policy DN : %1!s! |
15020 | IPsec 策略分配 : 是 |
IPsec Policy Assigned : YES |
15021 | 排除 CA 名称 : 是 |
Exclude CA name : YES |
15022 | 排除 CA 名称 : 否 |
Exclude CA name : NO |
15023 | 启用证书映射 : 是 |
Certmapping enabled : YES |
15024 | 启用证书映射 : 否 |
Certmapping enabled : NO |
16001 | 策略数目 %1!d! |
No. of policies %1!d! |
16003 | 存储 本地存储 |
Store Local Store |
16007 | 存储 域存储 |
Store Domain Store |
16010 | 存储 本地存储 |
Store Local Store |
16011 | 存储 域存储 |
Store Domain Store |
16013 | 证书到帐户的映射 是 |
Cert To Account Mapping YES |
16014 | 证书到帐户的映射 否 |
Cert To Account Mapping NO |
16100 | 策略名称 %1!s! |
Policy Name %1!s! |
16101 | 规则名称 %1!s! |
Rule Name %1!s! |
16303 | 没有指定策略名称 |
No Policy Name Specified |
16304 | 规则 ID %1!d!, GUID = %2!s! |
Rule ID %1!d!, GUID = %2!s! |
16306 | %1!-23s! | %1!-23s! |
16602 | 策略名称 %1!s! |
Policy Name %1!s! |
16603 | 描述 %1!s! |
Description %1!s! |
16604 | 描述 无 |
Description NONE |
16605 | 已分配 是 |
Assigned YES |
16606 | 已分配 否 |
Assigned NO |
16607 | 主 PFS 是 |
Master PFS YES |
16608 | 主 PFS 否 |
Master PFS NO |
16609 | 轮询间隔 %1!d! 分钟 |
Polling Interval %1!d! minutes |
16610 | 规则数目 %1!d! |
No. of Rules %1!d! |
16611 | 规则详细信息 |
Rule Details |
16613 | 已分配 是,但是被 AD 策略覆盖 |
Assigned YES but AD Policy Overrides |
16614 | 规则名称 规则 上次更改时间 分配 |
Policy Name Rules LastModified Assign |
16615 | %1!-32s! | %1!-32s! |
16616 | YES 但是被 AD 策略覆盖 |
YES but AD Policy Overrides |
16617 | 是 |
YES |
16618 | 否 |
NO |
16619 | ---------- ----- ------------ ------ |
---------- ----- ------------ ------ |
16620 | 策略名称 规则 上次更改时间 |
Policy Name Rules LastModified |
16621 | ----------- ----- ------------ |
----------- ----- ------------ |
16700 | 规则名称 : %1!s! |
Rule Name %1!s! |
16701 | 规则名称 无 |
Rule Name NONE |
16705 | 已启用 筛选器列表 筛选器操作 身份验证 |
Enabled FilterList FilterAction Authentication |
16706 | ------- ---------- ------------ -------------- |
------- ---------- ------------ -------------- |
16707 | 隧道目标 IP 地址 无 |
Tunnel Dest IP Address NONE |
16708 | 隧道目标 IP 地址 | Tunnel Dest IP Address |
16709 | 连接类型 所有 |
Connection Type ALL |
16710 | 连接类型 LAN |
Connection Type LAN |
16711 | 连接类型 拨号 |
Connection Type DIAL UP |
16712 | 连接类型 未知 |
Connection Type UNKNOWN |
16716 | 筛选器操作详细信息 |
FilterAction Details |
16717 | -------------------- |
-------------------- |
16718 | 已激活 是 |
Activated YES |
16719 | 已激活 否 |
Activated NO |
16721 | 是 |
YES |
16722 | 否 |
NO |
16724 | 无 | NONE |
16728 | Kerb | Kerb |
16729 | Cert | Cert |
16730 | Pre | Pre |
16734 | 传输规则数目 %1!d! |
No of Transport rule(s) %1!d! |
16735 | 隧道数目 %1!d! |
No of Tunnel rule(s) %1!d! |
16737 | 已启用 筛选器列表 筛选器操作 隧道终结点 |
Enabled FilterList FilterAction TunnelEndPoint |
16738 | ------- ---------- ------------ -------------- |
------- ---------- ------------ -------------- |
16739 | YES Windows Vista 和 Windows 的更新版本不支持默认响应规则。该策略无效。 |
YES Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect. |
16740 | 已激活 YES Windows Vista 和 Windows 的更新版本不支持默认响应规则。该策略无效。 |
Activated YES Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect. |
16800 | 筛选器操作名称 %1!s! |
FilterAction Name %1!s! |
16801 | 筛选器操作名称 无 |
FilterAction Name NONE |
16802 | 操作 允许 |
Action PERMIT |
16803 | 操作 阻止 |
Action BLOCK |
16804 | 操作 协商安全 |
Action NEGOTIATE SECURITY |
16805 | 入站通过 是 |
InBound PassThrough YES |
16806 | 入站通过 否 |
InBound PassThrough NO |
16807 | AllowUnSecure(Fallback) 是 |
AllowUnSecure(Fallback) YES |
16808 | AllowUnSecure(Fallback) 否 |
AllowUnSecure(Fallback) NO |
16810 | 安全方法 |
Security Methods |
16812 | AH ESP 秒 千字节 |
AH ESP Seconds kBytes |
16813 | -- --- ------- ------ |
-- --- ------- ------ |
16814 | QMPFS 是 |
QMPFS YES |
16815 | QMPFS 否 |
QMPFS NO |
16816 | 筛选器操作名称 操作 上次更改时间 |
FilterAction Name Action Last Modified |
16817 | ----------------- ------ ------------- |
----------------- ------ ------------- |
16818 | %1!-38s! | %1!-38s! |
16820 | 允许 | PERMIT |
16821 | 阻止 | BLOCK |
16822 | 协商 | NEGOTIATE |
16824 | %1!-23s! |
%1!-23s! |
17000 | [MD5 ] | [MD5 ] |
17001 | [SHA1] | [SHA1] |
17002 | [无] | [NONE] |
17003 | [无 , 无] | [NONE , NONE] |
17007 | [MD5 , | [MD5 , |
17008 | [SHA1 , | [SHA1 , |
17009 | [无 , | [NONE , |
17010 | DES ] | DES ] |
17011 | 3DES] | 3DES] |
17012 | 无] | NONE] |
17100 | %1!6u! %2!10u! |
%1!6u! %2!10u! |
17201 | 根 CA %1!s! |
ROOT CA %1!s! |
17202 | 预共享密钥 %1!s! |
PRESHARED Key %1!s! |
17300 | 筛选器列表名称 %1!s! |
FilterList Name %1!s! |
17301 | 筛选器列表名称 无 |
FilterList Name NONE |
17306 | 筛选器列表名称 筛选器 上次更改时间 |
FilterList Name Filters Last Modified |
17307 | --------------- ------- ------------- |
--------------- ------- ------------- |
17308 | GUID %1!s! |
GUID %1!s! |
17309 | 上次更改时间 %1!s! |
Last Modified %1!s! |
17310 | 筛选器数目 %1!d! |
No. of Filters %1!d! |
17501 | %1!-45s! | %1!-45s! |
17508 | %1!5d! | %1!5d! |
17512 | 是 | YES |
17513 | 否 | NO |
17514 | Mir Source SrcMask Destination DstMask Proto SrcPort DstPort |
Mir Source SrcMask Destination DstMask Proto SrcPort DstPort |
17515 | --- ------------- ------------- ------------- ------------- ------- ------- ------- |
--- ------------- ------------- ------------- ------------- ------- ------- ------- |
17600 | ||
17608 | %1!3d! | %1!3d! |
17609 | 任何 | ANY |
17610 | %1!3d! |
%1!3d! |
17611 | 任何 |
ANY |
17612 | DNS SERVER | DNS SERVER |
17613 | WINS SERVER | WINS SERVER |
17614 | DHCP SERVER | DHCP SERVER |
17615 | DEFAULT GATEWAY | DEFAULT GATEWAY |
17616 | %1!3d!-%2!3d! | %1!3d!-%2!3d! |
17617 | %1!3d!-%2!3d! |
%1!3d!-%2!3d! |
17700 | ICMP | ICMP |
17701 | TCP | TCP |
17703 | UDP | UDP |
17708 | RAW | RAW |
17709 | ANY | ANY |
17710 | OTHER | OTHER |
17803 | 主模式生存时间 %1!d! 分钟 / %2!d! 快速模式会话 |
MainMode LifeTime %1!d! minutes / %2!d! Quick mode sessions |
17804 | 加密 集成 DH 组 |
Encryption Integrity DH Group |
17805 | ---------- --------- -------- | ---------- --------- -------- |
17900 | DES |
DES |
17901 | 3DES |
3DES |
18000 | 独立筛选器操作 |
Stand Alone FilterAction(s) |
18001 | --------------------------- |
--------------------------- |
18004 | 独立筛选器操作数目 %1!d! |
No. of Standalone FilterActions %1!d! |
18100 | 独立筛选器操作 |
Stand Alone FilterList(s) |
18101 | ------------------------- |
------------------------- |
18104 | 独立筛选器列表数目 %1!d! |
No. of Standalone FilterLists %1!d! |
18200 | 筛选器列表数目 %1!d! |
No. of FilterLists %1!d! |
18204 | 筛选器列表数目 : %1!d! |
No. of FilterLists : %1!d! |
18300 | 筛选器操作数目 %1!d! |
No. of FilterActions %1!d! |
18304 | 筛选器操作数目 : %1!d! |
No. of FilterActions : %1!d! |
18500 | 策略 '%1!s!' 是活动的。你仍然想删除它吗? (Y/N) |
The policy '%1!s!' is ACTIVE. Still would you like to delete? (Y/N) |
18503 | 你想删除所有与此策略相关联的筛选器列表和筛选器操作吗 ? (Y/N) |
Would you like to delete all the Filter List(s) and Filter Action(s) associated with the policy ? (Y/N) |
18602 | 删除所有筛选器列表,从 | Delete all the Filter Lists from |
18603 | ? (Y/N) |
? (Y/N) |
18652 | 删除所有筛选器操作,从 | Delete all the Filter Actions from |
18706 | 你想删除所有与此规则相关联的筛选器列表和筛选器操作吗 ? (Y/N) |
Would you like to delete both the Filter List and Filter Action associated with the rule(s)? (Y/N) |
18750 | 你是否确定要删除所有策略,从 | Are you sure to delete all policies from |
18780 | 下列策略/规则正在使用它 |
Following policies/rule(s) are using it |
18781 | --------------------------------------- |
--------------------------------------- |
18782 | 规则名称 : %1!s! |
Rule Name : %1!s! |
18783 | 规则名称 : 无 |
Rule Name : NONE |
18794 | Life 应该在 %1!d! 到 %2!d! 千字节之间 |
Life should be within %1!d! and %2!d! kBytes |
18802 | 成功创建并更新了新策略 |
New Policy is created and updated successfully |
18805 | 正在用名称 '%1!s!' 创建新策略... |
Creating new Policy with name '%1!s!'... |
18806 | 正在用名称 '%1!s!' 创建新策略,并且设置它为 '%2!s!'... |
Creating new Policy with name '%1!s!' and setting it to '%2!s!'... |
18840 | 目标 IP 地址被认为是“本机”地址 |
Destination IP address has been taken as 'me' |
18841 | 源 IP 地址被认为是“本机”地址 |
Source IP address has been taken as 'me' |
18848 | 成功创建并更新新规则 |
New Rule was created and updated successfully |
18849 | 正在创建新规则,名称为 '%1!s!' ... |
Creating new Rule with name '%1!s!' ... |
18855 | 正在创建名为 '%1!s!' 的新规则,并将它设置为 '%2!s!' ... |
Creating new Rule with name '%1!s!' and setting it to '%2!s!' ... |
18856 | 不能对隧道终结点指定服务器地址类型、地址类型 ME 或 ANY 或地址范围 |
Server address types, address types ME or ANY, or address ranges cannot be specified for tunnel endpoint. |
18861 | 你想创建一个新策略吗? (Y/N) |
Would you like to create a new policy? (Y/N) |
18868 | 证书到帐户的映射只能在 Active Directory 域成员上启用。此选项将被忽略。 |
Certificate-to-account mapping can only be enabled on Active Directory domain members. The option will be ignored. |
18869 | 证书到帐户的映射 : 是 |
Cert To Account Mapping: YES |
18870 | 证书到帐户的映射 : 否 |
Cert To Account Mapping: NO |
18871 | 如果存储是域,并且指定了分配,GPO 名称将被忽略 |
If store is domain and assign is specified, GPO name is required |
18872 | 如果指定了 GPO 名称,则你必须在域策略存储上操作。 |
If GPO name is specified, then you must be operating on a domain policy store. |
18893 | 你要创建一个新规则吗? (Y/N) |
Would you like to create a new Rule? (Y/N) |
19002 | IKE MM 策略名称 : %1!s! |
IKE MM Policy Name : %1!s! |
19018 | IKE 软件 SA 生存时间 : %1!u! 秒 |
IKE Soft SA Lifetime : %1!u! secs |
19023 | [%1!S!] | [%1!S!] |
19025 | 'Netsh ipsec' 上下文与目标计算机不兼容。 |
The 'Netsh ipsec' context is not compatible with the target machine. |
19102 | 主模式策略不可用。 |
Mainmode Policies not available. |
19104 | 指定的主模式策略不可用。 |
Specified Mainmode Policy not available |
19106 | Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM |
Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM |
19107 | ---------- --------- ---- ------------------ --------------- |
---------- --------- ---- ------------------ --------------- |
19121 | DES | DES |
19122 | 未知 | UNKNOWN |
19123 | 3DES | 3DES |
19129 | %1!-5lu! %2!lu!:%3!lu! %4!-10lu! | %1!-5lu! %2!lu!:%3!lu! %4!-10lu! |
19130 | %1!-5lu! %2!lu!:%3!lu! 1 (MMPFS) | %1!-5lu! %2!lu!:%3!lu! 1 (MMPFS) |
19153 | 快速模式策略不可用。 |
Quickmode Policies not available. |
19155 | 指定的快速模式策略不可用。 |
Specified Quickmode Policy not available |
19156 | QM 协商策略名称 : %1!s! |
QM Negotiation Policy Name : %1!s! |
19158 | 安全方法 生存时间 (Kb:secs) PFS DH 组 |
Security Methods Lifetime (Kb:secs) PFS DH Group |
19159 | ------------------------- --------------------- ------------ |
------------------------- --------------------- ------------ |
19165 | AH[MD5] | AH[MD5] |
19166 | AH[SHA1] | AH[SHA1] |
19167 | AH[NONE] | AH[NONE] |
19168 | ESP[ DES, | ESP[ DES, |
19169 | ESP[ ERR, | ESP[ ERR, |
19170 | ESP[3DES, | ESP[3DES, |
19171 | ESP[NONE, | ESP[NONE, |
19172 | MD5] | MD5] |
19173 | SHA1] | SHA1] |
19174 | NONE] | NONE] |
19176 | 低 (1) | Low (1) |
19178 | %1!10lu!:%2!-10lu! | %1!10lu!:%2!-10lu! |
19179 | 主模式已派生 | Main Mode Derived |
19180 | 高(2048) | High (2048) |
19181 | AH[ERR] | AH[ERR] |
19182 | ERR] | ERR] |
19183 | ERROR | ERROR |
19192 | + | + |
19193 | 中 (2) | Medium (2) |
19198 | 筛选器名称 : %1!s! |
Filter name : %1!s! |
19200 | 普通主模式筛选器不可用。 |
Generic Mainmode Filters not available. |
19201 | 特定主模式筛选器不可用。 |
Specific Mainmode Filters not available. |
19202 | 指定的主模式筛选器不可用。 |
Specified Mainmode Filter not available. |
19203 | 主模式筛选器: |
Main Mode Filters: |
19204 | 普通 | Generic |
19205 | ------------------------------------------------------------------------------- |
------------------------------------------------------------------------------- |
19206 | 特定 | Specific |
19207 | 出站 | Outbound |
19208 | 入站 | Inbound |
19209 | 权重 : %1!d! |
Weight : %1!d! |
19210 | %1!d! 普通筛选器 |
%1!d! Generic Filter(s) |
19211 | %1!d! 特定出站筛选器 |
%1!d! Specific Outbound Filter(s) |
19212 | %1!d! 特定入站筛选器 |
%1!d! Specific Inbound Filter(s) |
19219 | 所有 | ALL |
19220 | LAN | LAN |
19221 | 拨号 | DIALUP |
19236 | 连接类型 : |
Connection Type : |
19237 | 身份验证方法 : |
Authentication Methods : |
19238 | 预共享密钥 |
Preshared key |
19240 | Kerberos |
Kerberos |
19241 | 安全方法 : |
Security Methods : |
19242 | %1!d! | %1!d! |
19243 | (默认) | (default) |
19244 | 无/ | NONE/ |
19245 | DES/ | DES/ |
19246 | 未知/ | UNKNOWN/ |
19247 | 3DES/ | 3DES/ |
19249 | MD5/ | MD5/ |
19250 | SHA1/ | SHA1/ |
19251 | DH%1!lu!/%2!lu!/QMlimit=%3!lu! | DH%1!lu!/%2!lu!/QMlimit=%3!lu! |
19265 | 普通快速模式筛选器不可用。 |
Generic Quickmode Filters not available. |
19266 | 特定快速模式筛选器不可用。 |
Specific Quickmode Filters not available. |
19267 | 指定的快速模式筛选器不可用。 |
Specified Quickmode Filter not available. |
19268 | 快速模式筛选器(传输): |
Quick Mode Filters(Transport): |
19269 | 传输规则 |
Transport Rules |
19270 | 隧道规则 |
Tunnel Rules |
19271 | MM 筛选器名称 : %1!s! |
MM Filter Name : %1!s! |
19272 | QM 筛选器名称 : %1!s! |
QM Filter Name : %1!s! |
19273 | 主模式策略 : %1!s! |
Main Mode Policy : %1!s! |
19274 | %1!d! 传输筛选器 |
%1!d! Transport Filter(s) |
19275 | %1!d! 隧道筛选器 |
%1!d! Tunnel Filter(s) |
19276 | 快速模式筛选器(隧道): |
Quick Mode Filters(Tunnel): |
19278 | 规则不可用。 |
Rules not available. |
19280 | 入站操作 : 通过 |
Inbound Action : Passthru |
19281 | 入站操作 : 协商 |
Inbound Action : Negotiate |
19282 | 入站操作 : 阻止 |
Inbound Action : Blocking |
19283 | 入站操作 : 未知 |
Inbound Action : Unknown |
19284 | 出站操作 : 通过 |
Outbound Action : Passthru |
19285 | 出站操作 : 协商 |
Outbound Action : Negotiate |
19286 | 出站操作 : 阻止 |
Outbound Action : Blocking |
19287 | 出站操作 : 未知 |
Outbound Action : Unknown |
19292 | %1!-5lu! | %1!-5lu! |
19293 | 隧道源 : |
Tunnel Source : |
19294 | 隧道目标 : |
Tunnel Destination : |
19295 | 源端口: %1!-4lu! 目标端口: %2!-4lu! | Src Port: %1!-4lu! Dest Port: %2!-4lu! |
19296 | 已镜像 : 是 |
Mirrored : yes |
19297 | 已镜像 : 否 |
Mirrored : no |
19298 | 快速模式策略 : %1!s! |
Quick Mode Policy : %1!s! |
19299 | 协议 : |
Protocol : |
19300 | IKE 统计 |
IKE Statistics |
19301 | -------- |
-------------- |
19302 | IKEStatistics 不可用。 |
IKEStatistics not available. |
19303 | 主模式 : %1!S! |
Main Modes : %1!S! |
19304 | 快速模式 : %1!S! |
Quick Modes : %1!S! |
19305 | 软 SA : %1!S! |
Soft SAs : %1!S! |
19306 | 身份验证失败 : %1!S! |
Authentication Failures : %1!S! |
19307 | 活动捕获 : %1!S! |
Active Acquire : %1!S! |
19308 | 活动接收 : %1!S! |
Active Receive : %1!S! |
19309 | 捕获失败 : %1!S! |
Acquire fail : %1!S! |
19310 | 接收失败 : %1!S! |
Receive fail : %1!S! |
19311 | 发送失败 : %1!S! |
Send fail : %1!S! |
19312 | 捕获堆大小 : %1!S! |
Acquire Heap size : %1!S! |
19313 | 接收堆大小 : %1!S! |
Receive Heap size : %1!S! |
19314 | 协商失败 : %1!S! |
Negotiation Failures : %1!S! |
19315 | 接收到无效的 Cookie : %1!S! |
Invalid Cookies Rcvd : %1!S! |
19316 | 总共捕获 : %1!S! |
Total Acquire : %1!S! |
19317 | TotalGetSpi : %1!S! |
TotalGetSpi : %1!S! |
19318 | TotalKeyAdd : %1!S! |
TotalKeyAdd : %1!S! |
19319 | TotalKeyUpdate : %1!S! |
TotalKeyUpdate : %1!S! |
19320 | GetSpiFail : %1!S! |
GetSpiFail : %1!S! |
19321 | KeyAddFail : %1!S! |
KeyAddFail : %1!S! |
19322 | KeyUpdateFail : %1!S! |
KeyUpdateFail : %1!S! |
19323 | IsadbListSize : %1!S! |
IsadbListSize : %1!S! |
19324 | ConnListSize : %1!S! |
ConnListSize : %1!S! |
19325 | 接收到无效数据包 : %1!S! |
Invalid Packets Rcvd : %1!S! |
19326 | IPsec 统计 |
IPsec Statistics |
19327 | ---------------- |
---------------- |
19328 | IPsecStatistics 不可用。 |
IPsecStatistics not available. |
19329 | 活动关联 : %1!S! |
Active Assoc : %1!S! |
19330 | 卸载 SA : %1!S! |
Offload SAs : %1!S! |
19331 | 挂起的密钥 : %1!S! |
Pending Key : %1!S! |
19332 | 密钥添加 : %1!S! |
Key Adds : %1!S! |
19333 | 密钥删除 : %1!S! |
Key Deletes : %1!S! |
19334 | 重新生成密钥 : %1!S! |
ReKeys : %1!S! |
19335 | 活动隧道 : %1!S! |
Active Tunnels : %1!S! |
19336 | 错误的 SPI 数据包 : %1!S! |
Bad SPI Pkts : %1!S! |
19337 | 没有解密的数据包 : %1!S! |
Pkts not Decrypted : %1!S! |
19338 | 未验证的数据包 : %1!S! |
Pkts not Authenticated : %1!S! |
19339 | 有重放检测的数据包 : %1!S! |
Pkts with Replay Detection : %1!S! |
19340 | 发送的机密字节 : %1!S! |
Confidential Bytes Sent : %1!S! |
19341 | 接收的机密字节 : %1!S! |
Confidential Bytes Received : %1!S! |
19342 | 发送的经过验证的字节 : %1!S! |
Authenticated Bytes Sent : %1!S! |
19343 | 接收的经过验证的字节 : %1!S! |
Authenticated Bytes Received: %1!S! |
19344 | 发送的传输字节 : %1!S! |
Transport Bytes Sent : %1!S! |
19345 | 接收的传输字节 : %1!S! |
Transport Bytes Received : %1!S! |
19346 | 发送的卸载字节 : %1!S! |
Offloaded Bytes Sent : %1!S! |
19347 | 接收的卸载字节 : %1!S! |
Offloaded Bytes Received : %1!S! |
19348 | 在隧道中发送的字节 : %1!S! |
Bytes Sent In Tunnels : %1!S! |
19349 | 在隧道中接收的字节 : %1!S! |
Bytes Received In Tunnels : %1!S! |
19350 | Cookie 对 : |
Cookie Pair : |
19351 | %1!02x! | %1!02x! |
19352 | 安全方法 : |
Sec Methods : |
19359 | /%1!d!/%2!d! | /%1!d!/%2!d! |
19360 | 身份验证方法 : |
Auth Mode : |
19361 | 预共享密钥 | Preshared Key |
19362 | DSS 签名 | DSS Signature |
19363 | RSA 签名 | RSA Signature |
19364 | RSA 加密 | RSA Encryption |
19365 | Kerberos | Kerberos |
19366 | 源 : |
Source : |
19367 | ,端口 %1!d! | , port %1!d! |
19368 | ID : |
ID : |
19369 | ID : %1!s! |
ID : %1!s! |
19370 | 目标 : |
Destination : |
19371 | 目标 安全方法 |
Destination SecurityMethods |
19372 | 时间/日期已创建 |
Date/Time Created |
19373 | -------------------------------------------------------- ---------------------- |
-------------------------------------------------------- ---------------------- |
19374 | [ID:%1!-35s!] | [ID:%1!-35s!] |
19375 | DNS: %1!-51S! |
DNS: %1!-51S! |
19377 | 发证 CA :%1!s! |
Issuing CA :%1!s! |
19378 | 指纹 : |
Thumbprint : |
19380 | : | : |
19381 | / | / |
19382 | 19383 根 CA : %1!s! |
19383 Root CA : %1!s! |
19384 | %S | %S |
19385 | ( | ( |
19386 | ) |
) |
19387 | 根 CA : %1!s! | Root CA : %1!s! |
19397 | IPsec 主模式安全关联不可用。 |
IPsec MainMode Security Associations not available. |
19398 | IKE 主模式 SA 在 %1!s! |
IKE Main Mode SAs at %1!s! |
19400 | 指定的主模式安全关联不可用。 |
Specified MainMode Security Associations not available. |
19401 | 快速模式 SA |
Quick Mode SAs |
19402 | ------------ |
-------------- |
19403 | IPsec 快速模式安全关联不可用。 |
IPsec QuickMode Security Associations not available. |
19404 | 指定的快速模式安全关联不可用。 |
Specified QuickMode Security Associations not available. |
19410 | 传输筛选器 |
Transport Filter |
19411 | 隧道筛选器 |
Tunnel Filter |
19412 | 未知 |
Unknown |
19413 | 策略名称 : %1!s! |
Policy Name : %1!s! |
19414 | 源地址 : |
Source Address : |
19415 | 目标地址 : |
Destination Address : |
19416 | 协议 : %1!lu! |
Protocol : %1!lu! |
19417 | 源端口 : %1!u! |
Source Port : %1!u! |
19418 | 目标端口 : %1!u! |
Destination Port : %1!u! |
19419 | 方向 : 入站 |
Direction : Inbound |
19420 | 方向 : 出站 |
Direction : Outbound |
19421 | 方向 : 错误 |
Direction : Error |
19422 | 使用的提供 |
Offer Used |
19423 | 协议 : ICMP |
Protocol : ICMP |
19424 | 协议 : TCP |
Protocol : TCP |
19425 | 协议 : UDP |
Protocol : UDP |
19426 | 协议 : RAW |
Protocol : RAW |
19427 | AH(b/r) ESP Con(b/r) ESP Int PFS DH Group |
AH(b/r) ESP Con(b/r) ESP Int PFS DH Group |
19428 | ---------- ------------- ------- ------------ |
---------- ------------- ------- ------------ |
19429 | 封装类型 : IKE |
Encapsulation Type : IKE |
19430 | 封装类型 : 其他 |
Encapsulation Type : Other |
19431 | 源 UDP 封装端口 : %1!u! |
Source UDP Encap port : %1!u! |
19432 | 目标 UDP 封装端口 : %1!u! |
Dest UDP Encap port : %1!u! |
19433 | 对等端私有地址 : |
Peer Private Addr : |
19434 | 协议 : 任何 |
Protocol : ANY |
19441 | ) | ) |
19446 | IPsec 配置参数 |
IPsec Configuration Parameters |
19447 | ------------------------------ |
------------------------------ |
19448 | IPsecDiagnostics : %1!d![Windows Vista 和更新操作系统无效] |
IPsecDiagnostics : %1!d![Not valid for Windows Vista and later operating systems] |
19449 | IKElogging : %1!d! [Windows Vista 和更新操作系统无效] |
IKElogging : %1!d! [Not valid for Windows Vista and later operating systems] |
19450 | StrongCRLCheck : %1!d! |
StrongCRLCheck : %1!d! |
19451 | IPsecloginterval : %1!d![Windows Vista 和更新操作系统无效] |
IPsecloginterval : %1!d![Not valid for Windows Vista and later operating systems] |
19452 | NLBSFlags : %1!d![Windows Vista 和更新操作系统无效] |
NLBSFlags : %1!d![Not valid for Windows Vista and later operating systems] |
19453 | 标志 : %1!d![Windows Vista 和更新操作系统无效] |
Flags : %1!d![Not valid for Windows Vista and later operating systems] |
19454 | IPsecexempt : %1!d! |
IPsecexempt : %1!d! |
19455 | 2048DHGroupId : %1!d![Windows Vista 和更新操作系统无效] |
2048DHGroupId : %1!d![Not valid for Windows Vista and later operating systems] |
19456 | IPsec 诊断级别超出范围。范围是 0 到 7。 |
IPsec Diagnostic Level is out of range. Range is 0 - 7. |
19457 | IKE 日志超出范围。范围是 0 到 1。 |
IKE Logging is out of range. Range is 0 - 1. |
19458 | 强 CRL 检查等级超出范围。范围是 0 到 2。 |
Strong CRL Check Level is out of range. Range is 0 - 2. |
19459 | IPsec 日志间隔超出范围。范围是 60 到 86400。 |
IPsec Log Interval is out of range. Range is 60 - 86400. |
19460 | IPsec 免除等级超出范围。范围是 0 到 3。 |
IPsec Exemption Level is out of range. Range is 0 - 3. |
19461 | (一些 IPsec 配置参数没有设置)。 |
(Some of the IPsec Configuration parameters are not set). |
19462 | 引导模式 : | Boot Mode : |
19463 | Stateful | Stateful |
19465 | 许可 | Permit |
19476 | 没有引导模式免除 |
No bootmode exemptions |
19477 | 引导模式免除 : | Boot Mode Exemptions : |
19478 | 协议 源端口 目标端口 方向 |
Protocol Src Port Dst Port Direction |
19479 | --------- --------- --------- --------- |
--------- --------- --------- --------- |
19480 | 最大允许 1024 个免除。 |
A maximum of 1024 exemptions are allowed. |
19800 | MD5(%1!02lu!/%2!-02lu!) 无 无 | MD5(%1!02lu!/%2!-02lu!) None None |
19801 | SHA1(%1!02lu!/%2!-02lu!) 无 无 | SHA1(%1!02lu!/%2!-02lu!) None None |
19802 | 无 无 无 | None None None |
19803 | 无 DES (%1!02lu!/%2!-02lu!) | None DES (%1!02lu!/%2!-02lu!) |
19804 | 无 未知 | None Unknown |
19805 | 无 3DES(%1!02lu!/%2!-02lu!) | None 3DES(%1!02lu!/%2!-02lu!) |
19806 | 无 无 | None None |
19811 | certmap | certmap |
19812 | excludecaname | excludecaname |
22001 | ERR Win32[%1!05d!] : %2!s! | ERR Win32[%1!05d!] : %2!s! |
22002 | ERR IPsec[%1!05d!] : | ERR IPsec[%1!05d!] : |
22004 | ERR Win32[%1!05d!] : 无效的 Win32 错误代码 |
ERR Win32[%1!05d!] : Invalid Win32 Err Code |
22010 | 一个或多个基本参数没有指定 |
One or more essential parameters not specified |
22011 | 参数不匹配。请查阅帮助以了解正确语法 |
Arguments are not matching. Check help for the correct syntax |
22012 | 在策略存储中没有策略 |
No Policies in Policy Store |
22013 | 不能打开策略存储 |
Unable to open Policy Store |
22014 | 在策略存储中没有筛选器操作 |
No Filter Actions in Policy Store |
22015 | 在策略存储中没有筛选器列表 |
No Filter Lists in Policy Store |
22016 | 名为 %1!s! 的策略存在于策略存储中 |
Policy with name %1!s! not exists in Policy Store |
22017 | 内部错误,无效的 Switch Case。 |
Internal Error, Invalid Switch Case. |
22018 | 参数对变量 '%1!s!' 无效 |
Invalid Parameter for the Argument '%1!s!' |
22019 | 指定的 IP 地址无效 |
IP Address specified is invalid |
22020 | 对给定的 DNS 名称 '%1!s!',DNS 搜索失败 |
DNS lookup failed for the given dns name '%1!s!' |
22021 | '%1!s!' 对此上下文来说不是有效的标记 |
'%1!s!' not a valid tag for this context |
22022 | '%1!s!' 标记已经存在 |
'%1!s!' tag already present |
22023 | 没有参数 'assign = y/n' 时不能指定 GPOname |
GPOname cannot be specified without argument 'assign = y/n' |
22024 | 给定命令需要标记 'Name' 或 'GUID' |
Tag 'Name' or 'GUID' needed for the given command |
22025 | 需要 '%1!s!' 标记 |
'%1!s!' tag is needed |
22026 | '%1!s!' 对标记 '%2!s!' 来说不是有效的参数 |
'%1!s!' is not a valid argument for the tag '%2!s!' |
22027 | 前缀应该在 1 到 32 之间 |
Prefix should be between 1 and 32 only |
22028 | '%1!s!' 不是一个有效的掩码/前缀 |
'%1!s!' is not a valid Mask/Prefix |
22029 | 提供的参数为空 |
The argument supplied is null |
22030 | 指定的 'Seconds' 生存时间超过了限制。它应该在 '%1!d!' 到 '%2!d!' 之间 |
The 'Seconds' LifeTime specified is out of limit. It should be in between '%1!d!' and '%2!d!' only |
22031 | 指定的 'Kbytes' 超过了限制。它应该在 '%1!d!' 到 '%2!d!' 之间 |
The 'Kbytes' specified is out of limit. It should be in between '%1!d!' and '%2!d!' only |
22032 | 重新生成密钥单位(k/s)无效 |
The Rekey Unit (k/s) is invalid |
22033 | 指定了无效的哈希算法 |
Invalid HASH algorithm specified |
22034 | 指定了不完整的 ESP |
Incomplete ESP specified |
22035 | 为 '%1!s!' 指定了重复的算法 |
Duplicate Algo's specified for '%1!s!' |
22036 | 不允许 None 和 None |
None and None not allowed |
22037 | 指定了无效的 IPsec 协议。它应该为 ESP 或 AH |
Invalid IPsec protocol specified. It should be ESP or AH only |
22038 | 超过了最大数目的 OFFERS[%1!d!] |
Max Number of OFFERS[%1!d!] is crossed |
22039 | 无效 QM_OFFERS。不允许 Encryption+Encryption 或 Authentication+Authentication |
Invalid QM_OFFERS. Encryption+Encryption or Authentication+Authentication are not allowed |
22040 | 对 QMOffers 指定了无效的生存时间或数据。 |
Invalid Lifetime or Data specification for QMOffers. |
22041 | 为 MMOFFER 指定了无效的 PFS 组 |
Invalid PFS Group specified for MMOFFER |
22042 | 缺少 P1 组 |
P1 Group missing |
22043 | 指定了无效的 MMOFFER |
Invalid MMOFFER is specified |
22044 | 文件名应该只包含 .ipsec扩展 |
File name should contain .ipsec extension only |
22045 | 不允许 '%1!s!' 和 ALL |
'%1!s!' and ALL not allowed |
22046 | 没有指定预共享密钥 |
Preshared key not specified |
22047 | 指定了无效身份验证方法 |
Invalid Authmethod is specified |
22048 | 指定了无效证书 |
Invalid Certificate specified |
22049 | 指定了多个 '%1!s!' 参数。只允许一个。 |
Multiple '%1!s!' parameters are specified. Only one is allowed. |
22050 | 指定的端口无效。 |
The Port specified is invalid. |
22051 | 参数太多,被截断 |
No of arguments are more,truncated |
22052 | 指定了无效的 QMOFFER |
Invalid QMOFFER specified |
22053 | 指定了无效的隧道 IP |
Invalid Tunnel IP specified |
22054 | 没有源和目标地址,不能指定协议 |
Protocol can't be specified without source and destination addresses |
22055 | 指定的子网掩码无效 |
Subnet mask specified is invalid |
22056 | 没有标签的参数只能是计算机或域 |
Non-tagged arg can only be machine or domain |
22057 | ERR WIN32[00014] : 没有足够的内存来完成此操作。 |
ERR WIN32[00014] : There is not enough memory to complete this operation. |
22058 | 指定的端口无效。它应该小于 '%1!d!' |
The Port specified is invalid. It should be in less than '%1!d!' only |
22100 | 缺少策略名称 |
Missing Policy Name |
22101 | 轮询间隔应该在 %1!d! 到 %2!d! 分钟之间 |
Polling Interval should be within %1!d! and %2!d! minutes |
22102 | 快速模式限制应该在 %1!d! 到 %2!d! 个会话之间 |
Quickmode limit should be within %1!d! and %2!d! sessions |
22103 | 生存时间应该在 %1!d! 到 %2!d! 分钟之间 |
Lifetime should be within %1!d! and %2!d! minutes |
22111 | 名为 '%1!s!' 的策略已经存在 |
Policy with name '%1!s!' already exists |
22112 | 添加默认响应规则时发生错误 |
Error while adding Default Response Rule |
22113 | 用名称 '%1!s!' 创建策略失败 |
Error while creating Policy with name '%1!s!' |
22114 | 由于加载默认身份验证方法失败,在用名称 '%1!s!' 创建策略时发生错误 |
Error while creating policy with name '%1!s!' due to failure in loading default auth methods |
22121 | 缺少 FilterList 名称 |
Missing FilterList Name |
22122 | 名为 '%1!s!' 的 FilterList 已经存在 |
FilterList with name '%1!s!' already exists |
22123 | 用名称 '%1!s!' 创建 FilterList 失败 |
Error while creating FilterList with name '%1!s!' |
22124 | 指定了无效的 GUID |
Invalid GUID specified |
22131 | 创建指定的筛选器失败 |
Error while creating the specified Filter |
22141 | 名为 '%1!s!' 的 FilterAction 已经存在 |
FilterAction with name '%1!s!' already exists |
22142 | 用名称 '%1!s!' 创建 FilterAction 失败 |
Error while creating FilterAction with name '%1!s!' |
22143 | 对于 Permit 或 Block 类型的 FilterAction,Inpass、 Qmpfs、Soft 和 Qmsec 选项无效。需要指定 'action = negotiate' |
Inpass, Qmpfs, Soft and Qmsec options are not valid for the Permit or Block type FilterAction. 'action = negotiate' needs to be specified |
22144 | 至少需要指定一个快速模式安全方法 |
Atleast One Quick mode Security method needs to be specified |
22151 | 缺少规则名称 |
Missing Rule Name |
22152 | 缺少 FilterAction 名称 |
Missing FilterAction Name |
22153 | 名为 '%1!s!' 的策略不存在 |
Policy with name '%1!s!' does not exist |
22154 | 名为 '%1!s!' 的规则已经在策略 '%2!s!' 中存在 |
Rule with name '%1!s!' already exists in policy '%2!s!' |
22155 | 名为 '%1!s!' 的 FilterAction 不存在 |
FilterAction with name '%1!s!' does not exist |
22156 | 在 FilterList 中没有名为 '%1!s!' 的筛选器 |
No Filters in FilterList with name '%1!s!' |
22157 | 在用名称 '%1!s!' 创建规则时出现错误 |
Error while creating Rule with name '%1!s!' |
22158 | 缺少规则名称或规则 ID |
Missing Rule Name or Rule ID |
22159 | GUID 为 %1!s! 的策略不存在 |
Policy with GUID %1!s! does not exist |
22160 | GUID 为 %1!s! 的 FilterAction 不存在 |
FilterAction with GUID %1!s! does not exist |
22161 | 由于加载默认身份验证方法失败,在用名称 '%1!s!' 创建规则时出现错误 |
Error while creating Rule with name '%1!s!' due to failure in loading default auth methods |
22165 | 证书解码操作失败 |
Certificate decoding operation failed |
22166 | 名为 '%1!s!' 的策略在当前计算机的域中不存在 |
Policy with name '%1!s!' does not exist in current machine's domain |
22167 | 指定了无效的隧道 IP 地址 |
Invalid Tunnel IP Address Specified |
22168 | 名为 '%1!s!' 的 FilterList 不存在 |
FilterList with name '%1!s!' does not exist |
22169 | 源和目标端都不能指定服务器 |
Servers cannot be specified for both source and destination sides |
22170 | GUID 为 %1!s! 的 FilterList 不存在 |
FilterList with GUID %1!s! does not exist |
22171 | 没有可用的目录服务 |
No Directory Service available |
22172 | 名为 '%1!s!' 的 GPO 在当前计算机的域中不存在 |
GPO with name '%1!s!' does not exist in current machine's domain |
22173 | 在将策略分配给名为 '%1!s!' 的 GPO 时出现错误,或指定的 GPO 不存在 |
Error while assigning the Policy to the GPO with name '%1!s!' or specified GPO does not exist |
22174 | 更新名为 '%1!s!' 的策略时出现错误 |
Error while updating the Policy with name '%1!s!' |
22175 | 更新 GUID 为 %1!s! 的策略时出现错误 |
Error while updating the Policy with GUID %1!s! |
22176 | 在从名为 '%1!s!' 的 GPO 中取消分配的策略时失败,或指定的 GPO 不存在 |
Error while unassigning the Policy from the GPO with name '%1!s!' or specified GPO does not exist |
22181 | 更新名为 '%1!s!' 的 FilterList 时出现错误 |
Error while updating FilterList with name '%1!s!' |
22182 | 更新 GUID 为 %1!s! 的 FilterList 失败 |
Error while updating FilterList with GUID %1!s! |
22191 | 更新名为 '%1!s!' 的 FilterAction 失败 |
Error while updating FilterAction with name '%1!s!' |
22192 | 更新 GUID 为 %1!s! 的 FilterAction 失败 |
Error while updating FilterAction with GUID %1!s! |
22201 | 名为 '%1!s!' 的规则在策略 '%2!s!' 中不存在 |
Rule with name '%1!s!' does not exist in Policy '%2!s!' |
22202 | 在更新名为 '%1!s!' 的规则时出现错误 |
Error while updating rule with name '%1!s!' |
22203 | 不能用此命令更新默认规则。请使用 'set defaultrule' 命令 |
Default rule cannot be updated with this command. Use the 'set defaultrule' command |
22204 | ID 为 %1!d! 的规则在策略 '%2!s!' 中不存在 |
Rule with ID %1!d! does not exist in Policy '%2!s!' |
22205 | 指定了无效规则 ID |
Invalid Rule ID Specified |
22211 | 在更新名为 '%1!s!' 的策略的默认规则时出现错误 |
Error while updating Default Rule of Policy with name '%1!s!' |
22221 | 没有指定文件名 |
No file name specified |
22222 | 无效文件/路径名称 |
Invalid File / Path name |
22223 | 导入策略时出现错误 |
Error while importing policies |
22231 | 导出策略时出现错误 |
Error while exporting policies |
22235 | 还原默认策略时出现错误 |
Error while restoring default policies |
22236 | 此命令只对本地存储可用 |
This command is only available for the local store |
22237 | 无效域名。名为 '%1!s!' 的域不存在 |
Invalid Domain Name. Domain with name '%1!s!' does not exist |
22238 | 你的计算机不是域的成员 |
Your machine is not a member of domain |
22241 | 删除名为 '%1!s!' 的策略出现错误 |
Error while deleting Policy with name '%1!s!' |
22242 | 没有名为 '%1!s!' 的策略 |
No Policy with name '%1!s!' |
22251 | 不能删除名为 '%1!s!' 的 FilterList | FilterList with name '%1!s!' cannot be deleted |
22252 | 删除名为 '%1!s!' 的 FilterList 出现错误 | Error while deleting FilterList with name '%1!s!' |
22255 | 没有名为 '%1!s!' 的 FilterList |
No FilterList with name '%1!s!' |
22256 | 指定的筛选器在名为 '%1!s!' 的 FilterList 中不存在 |
Filter with the specified spec does not exist in FilterList with name '%1!s!' |
22261 | 删除指定的筛选器后,在更新名为 '%1!s!' 的 FilterList 时出现错误 |
Error while updating FilterList with name '%1!s!' after deletion of the specified filter |
22265 | 不能删除名为 '%1!s!' 的 FilterAction | FilterAction with name '%1!s!' cannot be deleted |
22266 | 在删除名为 '%1!s!' 的 FilterAction 时发生错误 | Error while deleting FilterAction with name '%1!s!' |
22267 | 没有名为 '%1!s!' 的 FilterAction |
No FilterAction with name '%1!s!' |
22271 | 在删除名为 '%1!s!' 的规则时发生错误 |
Error while deleting Rule with name '%1!s!' |
22272 | 在删除 ID 为 %1!d! 的规则时发生错误 |
Error while deleting Rule with ID %1!d! |
22273 | 不能删除默认响应规则 |
Default Response Rule cannot be deleted |
22274 | 没有名为 '%1!s!' 的规则 |
No Rule with name '%1!s!' |
22275 | 没有 ID 为 %1!d! 的规则 |
No Rule with ID %1!d! |
22281 | 在提取名为 '%1!s!' 的策略的 NegPol 信息时出现错误 |
Error while extracting NegPol info of Policy with name '%1!s!' |
22282 | 在提取名为 '%1!s!' 的策略的筛选器信息时出现错误 |
Error while extracting Filter info of Policy with name '%1!s!' |
22283 | 在提取名为 '%1!s!' 的策略的 ISAKMP 信息时出现错误 |
Error while extracting ISAKMP info of Policy with name '%1!s!' |
22290 | 没有当前已分配的策略 |
No currently assigned Policy |
22295 | 在策略存储中没有已存在的 FilterList |
No FilterList exists in Policy Store |
22296 | 在策略存储中没有已存在的 FilterAction |
No FilterAction exists in Policy Store |
22297 | 无效的 GPO 名称,或没有当前已指定的策略 |
Either invalid GPO name or no currently assigned policy |
22298 | 在使用域存储时必须指定名称 |
A name must be specified when using the domain store |
22299 | 指定了无效的源 IP 地址 |
Invalid Source IP Address specified |
22300 | 指定了无效的源 IP/掩码 |
Invalid Source IP/Mask specified |
22301 | 地址冲突。源和目标不能有相同的 IP/DNS |
Address Conflict. Source and Destination cannot have same IP/DNS |
22302 | 指定了无效的服务器 |
Invalid server specified |
22303 | 需要指定服务器 |
Server needs to be specified |
22304 | 指定了无效的目标 IP 地址 |
Invalid destination IP Address specified |
22305 | 指定了无效的目标掩码 |
Invalid destination mask specified |
22306 | Newname 无效。名为 '%1!s!' 的策略已经存在 |
Invalid Newname. Policy with name '%1!s!' already exists |
22307 | Newname 无效。名为 '%1!s!' 的规则已经存在 |
Invalid Newname. Rule with name '%1!s!' already exists |
22308 | Newname 无效。名为 '%1!s!' 的 Filterlist 已经存在 |
Invalid Newname. Filterlist with name '%1!s!' already exists |
22309 | Newname 无效。名为 '%1!s!' 的 Filteraction 已经存在 |
Invalid Newname. Filteraction with name '%1!s!' already exists |
22310 | 如果指定了类型,则需要指定 'all' |
If a type is specified, 'all' needs to be specified |
22311 | 在此操作过程中发生了内部错误 |
Internal error occurred during this operation |
22312 | 在策略 '%1!s!' 中不存在隧道类型规则 |
No Tunnel type rules exist in policy '%1!s!' |
22313 | 不能通过此命令更新默认 Filteraction。请使用 'Set DefaultRule' 命令。 |
Updating default Filteraction is not allowed through this command. Use 'Set DefaultRule' command. |
22314 | 名为 '%1!s!' 的策略有 READONLY 属性。更新被拒绝 |
Policy with name '%1!s!' has READONLY attribute. Updation denied |
22315 | 指定规则有 READONLY 属性。更新被拒绝 |
Specified Rule has READONLY attribute. Updation denied |
22316 | 名为 '%1!s!' 的 Filteraction 有 READONLY 属性。更新被拒绝 |
Filteraction with name '%1!s!' has READONLY attribute. Updation denied |
22317 | 名为 '%1!s!' 的 FilterList 有 READONLY 属性。更新被拒绝 |
FilterList with name '%1!s!' has READONLY attribute. Updation denied |
22318 | 名为 '%1!s!' 的策略有 READONLY 属性。删除被拒绝 |
Policy with name '%1!s!' has READONLY attribute. Deletion denied |
22319 | 名为 '%1!s!' 的规则有 READONLY 属性。删除被拒绝 |
Rule with name '%1!s!' has READONLY attribute. Deletion denied |
22320 | 名为 '%1!s!' 的 Filteraction 有 READONLY 属性。删除被拒绝 |
Filteraction with name '%1!s!' has READONLY attribute. Deletion denied |
22321 | 名为 '%1!s!' 的 FilterList 有 READONLY 属性。删除被拒绝 |
FilterList with name '%1!s!' has READONLY attribute. Deletion denied |
22322 | 在使用本地存储时不能指定名称 |
No name can be specified when using the local store |
22323 | Windows Vista 和 Windows 的更新版本不支持默认响应规则。 |
Default response rule is not supported on Windows Vista and later versions of Windows. |
23001 | 当 ActionInbound 或 ActionOutbound 指定为 NEGOTIATE 时,需要 QMPolicy。 |
QMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE. |
23002 | 端口号对 TCP 或 UDP 协议有效,将继续而不使用 PortNumber。 |
Port number valid for TCP or UDP protocols, continuing without PortNumber. |
23003 | 指定的 QMPolicy 不存在。 |
Specified QMPolicy does not exist. |
23004 | 指定的 MainMode 策略不存在。 |
Specified MainMode Policy does not exist. |
23006 | ActionInbound 或 ActionOutbound 都不指定为 NEGOTIATE 时无法具有 IPsec 策略。 |
Cannot have IPsec policy when neither ActionInbound or ActionOutbound are specified as NEGOTIATE. |
23007 | Mirror = Yes 对隧道规则是无效的。 |
Mirror = Yes is not valid for Tunnel Rule. |
23011 | 指定的 MainMode 筛选器不存在。 |
Specified MainMode Filter does not exist. |
23012 | 指定的传输筛选器不存在。 |
Specified Transport Filter does not exist. |
23013 | 指定的隧道筛选器不存在。 |
Specified Tunnel Filter does not exist. |
23014 | MainMode 策略不可用。 |
MainMode Policies are not available. |
23015 | QuickMode 策略不可用。 |
QuickMode Policies are not available. |
23021 | 给定名称的 MainMode 策略已经存在。 |
MainMode Policy with the given name already exists. |
23031 | 给定名称的 QuickMode 策略已经存在。 |
QuickMode Policy with the given name already exists. |
23061 | MainMode 筛选器不存在。 |
MainMode Filters do not exist. |
23062 | 指定的 MainMode 筛选器不存在,并且找不到策略。 |
Specified MainMode Filter does not exist and Policy is not found. |
23063 | 指定的 MainMode 策略不存在,或没有与指定的 MainMode 筛选器相关联。 |
Specified MainMode Policy either does not exist or not associated with specified MainMode Filter. |
23071 | QuickMode 筛选器不存在。 |
QuickMode Filters do not exist. |
23072 | 指定的 QuickMode 筛选器不存在,并且找不到策略。 |
Specified QuickMode Filter does not exist and Policy is not found. |
23073 | 指定的 QuickMode 策略不存在,或没有与 QuickMode 筛选器相关联。 |
Specified QuickMode Policy either does not exist or is not associated with QuickMode Filter. |
23074 | 指定的 QuickMode 筛选器不存在。 |
Specified QuickMode Filter does not exist. |
23075 | 正在使用的身份验证方法。 |
Authentication method(s) being used. |
23076 | 不能删除 %1!d! MMFilter 对象。 |
%1!d! MMFilter object(s) could not be deleted. |
23077 | 不能删除 %1!d! 传输筛选器对象。 |
%1!d! Transport Filter object(s) could not be deleted. |
23078 | 不能删除 %1!d! 隧道筛选器对象。 |
%1!d! Tunnel Filter object(s) could not be deleted. |
23081 | IPsec 策略代理服务没有在运行。 |
The IPsec Policy Agent service is not active. |
23082 | 策略代理服务成功启动。 |
Policy Agent service successfully started. |
23090 | 来自分析器的错误字符串,应该是 IPSEC,IKE 或 ALL。 |
Wrong token from Parser, Should be either IPSEC, IKE or ALL. |
23091 | 从分析器接收到无效的 AddressType。 |
Invalid AddressType received from Parser. |
23092 | 源和目标都不能是服务器。 |
Source and Destination both cannot be Servers. |
23093 | 隧道源和隧道目标都不能是服务器。 |
Tunnel Source and Tunnel Destination both cannot be Servers. |
File Description: | Net Shell IP 安全帮助程序 DLL |
File Version: | 10.0.15063.0 (WinBuild.160101.0800) |
Company Name: | Microsoft Corporation |
Internal Name: | nshipsec.dll |
Legal Copyright: | © Microsoft Corporation. All rights reserved. |
Original Filename: | nshipsec.dll.mui |
Product Name: | Microsoft® Windows® Operating System |
Product Version: | 10.0.15063.0 |
Translation: | 0x804, 1200 |