nshipsec.dll.mui Net Shell IP 安全帮助程序 DLL a702a5ed4b9b759ffbe9436b739db917

File info

File name: nshipsec.dll.mui
Size: 133632 byte
MD5: a702a5ed4b9b759ffbe9436b739db917
SHA1: e95446f6cb980ce9f0eb87b53c1c18bd01d04acf
SHA256: 720bf56fa81cd93d220f5e476ced5577ab5409be400002f57c42a490738d2281
Operating systems: Windows 10
Extension: MUI

Translations messages and strings

If an error occurred or the following message in Chinese (Simplified) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id Chinese (Simplified) English
11110从证书存储中导出所有策略。
Exports all the policies from the policy store.
11111从文件导入策略到证书存储。
Imports the policies from a file to the policy store.
11112还原默认示例策略。
Restores the default example policies.
11150
用法:
exportpolicy [ file = ]

将所有策略导出到文件。

参数:

标记 值
name -策略要导出到的文件的名称。

注释: 默认情况下在文件名后面加 .ipsec 扩展。

示例: exportpolicy Policy1


Usage:
exportpolicy [ file = ]

Exports all the policies to a file.

Parameters:

Tag Value
name -Name of the file into which the policies are exported.

Remarks: .ipsec extension is by default added to the filename.

Examples: exportpolicy Policy1

11151
用法:
importpolicy [ file = ]

从指定文件中导入策略。

参数:

标记 值
name -要从中导入策略的文件名。

注释:

示例: importpolicy Policy1.ipsec


Usage:
importpolicy [ file = ]

Imports policies from the specified file.

Parameters:

Tag Value
name -Name of the file from which the policies are imported.

Remarks:

Examples: importpolicy Policy1.ipsec

11152
用法:
restorepolicyexamples [release = ] (win2k | win2003)

还原默认策略。

参数:

标记 值
release -OS 发行类别,对默认策略示例。

注释: 此命令只对本地计算机策略存储有效。

示例: 1. restorepolicyexamples release=win2003
2. restorepolicyexamples release=win2k


Usage:
restorepolicyexamples [release = ] (win2k | win2003)

Restores the default policies.

Parameters:

Tag Value
release -OS release type, for default policies examples.

Remarks: This command is only valid for the local computer policy store.

Examples: 1. restorepolicyexamples release=win2003
2. restorepolicyexamples release=win2k

11200创建新的策略和有关信息。
Creates new policies and related information.
11210用默认响应规则创建策略。
Creates a policy with a default response rule.
11211创建一个空的筛选器列表。
Creates an empty filter list.
11212创建一个筛选器操作。
Creates a filter action.
11213为指定策略创建一个规则。
Creates a rule for the specified policy.
11214将筛选器添加到筛选器列表。
Adds a filter to filter list.
11250
用法:
policy [ name = ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] (yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

用指定名称创建一个策略。

参数:

标记 值
name -策略的名称。
description -策略的简短信息。
mmpfs -设置主完全向前保密的选项。
qmpermm -每一 IKE 主模式会话的快速模式会话数目。
mmlifetime -为 IKE 的主模式重新生成密钥所需时间(以分钟计)。
activatedefaultrule -激活或禁用默认响应规则。 只在 Windows Vista 之前的 Windows 版本上有效。
pollinginterval -轮询间隔,策略代理在策略存储中
查找更改的间隔时间(以分钟计)。
assign -指定策略为活动或非活动。
mmsecmethods -一个或多个由空格分隔开的安全方法列表,安全方法的格式为
ConfAlg-HashAlg-GroupNum,其中 ConfAlg 可以是 DES 或
3DES,HashAlg 是 MD5 或 SHA1。
GroupNum 可以是 1 (低)、2 (中)、3 (DH2048)。

注释: 1. 如果指定了 mmpfs,qmpermm 将设置为 1。
2. 如果存储为 "domain",则 "assign" 将不起作用。
3. 不推荐使用 DES 和 MD5。提供这些算法
仅用于向下兼容。

示例: add policy Policy1 mmpfs= yes assign=yes
mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"


Usage:
policy [ name = ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] (yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Creates a policy with the specified name.

Parameters:

Tag Value
name -Name of the policy.
description -Brief information about the policy.
mmpfs -Option to set master perfect forward secrecy.
qmpermm -Number of quick mode sessions per main mode
session of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
activatedefaultrule -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista.
pollinginterval -Polling Interval, time in minutes for policy agent
to check for changes in policy store.
assign -Assigns the policy as active or inactive.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum,
where ConfAlg can be DES or 3DES,
HashAlg is MD5 or SHA1.
GroupNum can be 1 (Low), 2 (Med), 3 (DH2048).

Remarks: 1. If mmpfs is specified, qmpermm is set to 1.
2. If the store is 'domain' then ‘assign’ will have no effect.
3. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add policy Policy1 mmpfs= yes assign=yes
mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"

11251
用法:
filterlist [ name = ]
[ [ description = ] ]

用指定名称创建一个空的筛选器列表。

参数:

标记 值
name -筛选器列表的名称。
description -筛选器列表的简短信息。

注释:

示例: add filterlist Filter1


Usage:
filterlist [ name = ]
[ [ description = ] ]

Creates an empty filter list with the specified name.

Parameters:

Tag Value
name -Name of the filter list.
description -Brief information about the filter list.

Remarks:

Examples: add filterlist Filter1

11252
用法:
filteraction [ name = ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

创建一个筛选器操作。

参数:

标记 值
name -筛选器操作的名称。
description -筛选器操作类别的简短信息。
qmpfs -设置快速模式完全向前保密的选项。
inpass -接受不安全的通讯,但是始终用 IPsec响应。
这接受 yes 或 no。
soft -允许与没有 IPsec 的计算机进行不安全的通讯。
可以是 yes 或 no。
action -可以是 permit,block 或 negotiate。
qmsecmethods -IPsec 提供是下列格式之一:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
其中 ConfAlg 可以是 DES 或 3DES 或 None
其中 AuthAlg 可以是 MD5 或 SHA1 或 None
其中 HashAlg 是 MD5 或 SHA1。
其中 k 是 Lifetime(千字节)。
其中 s 是 Lifetime(秒)。

注释: 1. 如果操作不是 negotiate,快速模式安全方法将被忽略
2. 不推荐使用 DES 和 MD5。提供这些算法
仅用于向下兼容。

示例: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate
qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"


Usage:
filteraction [ name = ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Creates a filter action.

Parameters:

Tag Value
name -Name of the filter action.
description -Brief information about the type of filter action.
qmpfs -Option to set quick mode perfect forward secrecy.
inpass -Accept unsecured communication, but always respond
using IPsec. This takes a value of either ‘yes’ or ‘no’.
soft -Allow unsecured communication with non-IPsec-aware
computers. This takes a value of either ‘yes’ or ‘no’.
action -This takes permit, block or negotiate.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is Lifetime in kilobytes.
where s is Lifetime in seconds.

Remarks: 1. Quick mode security methods are ignored if the action is not
‘negotiate’
2. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate
qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"

11253
用法:
rule [ name = ]
[ policy = ]
[ filterlist = ]
[ filteraction = ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ description = ] ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

用指定的筛选器列表和筛选器操作创建一个规则。

参数:

标记 值
name -规则的名称。
policy -规则所属的策略的名称。
filterlist -要使用的筛选器列表的名称。
filteraction -要使用的筛选器操作的名称。
tunnel -隧道终结点 IP 地址。
conntype -连接类型可以是 lan,dialup 或 all。
activate -如果指定了 yes,则激活策略中的规则。
description -规则的简短信息。
kerberos -如果指定了 yes,则提供 Kerberos 身份验证。
psk -用预共享密钥提供身份验证。
rootca -用指定的根证书提供身份验证,如果指定了
certmap:Yes,将尝试映射此证书
如果指定了 excludecaname:Yes,将排除 CA 名称

注释: 1. 证书,映射和 CA 名称设置要在引号中引起来,内嵌的引号将
被“\'”所代替。
2. 证书映射只对域成员有效。
3. 可以多次使用 rootca 参数来提供多重证书。
4. 每种身份验证方法的优先级由在命令中的顺序来决定。
5. 如果没有指定身份验证方法,将使用动态默认。
6. 排除根证书颁发机构(CA)名称防止将名称作为证书请求的一部分
发送。

示例: add rule name=Rule policy=Policy filterlist=Filterlist
filteraction=FilterAction kerberos=yes psk="my key"
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"


Usage:
rule [ name = ]
[ policy = ]
[ filterlist = ]
[ filteraction = ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ description = ] ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Creates a rule with the specified filter list and filter action.

Parameters:

Tag Value
name -Name of the rule.
policy -Name of the policy the rule belongs to.
filterlist -Name of the filter list to be used.
filteraction -Name of the filter action to be used.
tunnel -Tunnel end point IP address.
conntype -Connection type can be lan, dialup or ‘all’.
activate -Activates the rule in the policy if ‘yes’ is specified.
description -Brief information about the rule.
kerberos -Provides Kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
2. Certificate mapping is valid only for domain members.
3. Multiple certificates can be provided by using the rootca
parameter multiple times.
4. The preference of each authentication method is determined by
its order in the command.
5. If no auth methods are stated, dynamic defaults are used.
6. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.

Examples: add rule name=Rule policy=Policy filterlist=Filterlist
filteraction=FilterAction kerberos=yes psk="my key"
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"

11254
用法:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ description = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ mirrored = ] (yes | no) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]

将筛选器添加到指定的筛选器列表。

参数:

标记 值
filterlist -筛选器要添加到其中的筛选器列表的名称。
srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
dstaddr -目标 ip 地址(ipv4 或 ipv6)、dns 名称或服务器类型。
description -筛选器的简介信息。
protocol -可以是 ANY,ICMP,TCP,UDP,RAW,或者一个整数。
mirrored -值为 'Yes' 将创建两个筛选器,每个方向均有一个。
srcmask -源地址掩码或一个 1 到 32 的前缀。如果 srcaddr 设置为某一范围,则不适用。
dstmask -目标地址掩码或一个 1 到 32 的前缀。如果 dstaddr 设置为某一范围,则不适用。
srcport -数据包的源端口。值为 0 表示任意端口。
dstport -数据包的目标端口。值为 0 表示任意端口。

注释: 1. 如果筛选器列表不存在,将创建它。
2. 要指定当前计算机地址,请设置 srcaddr/dstaddr=me
要指定所有计算机地址,请设置 srcaddr/dstaddr=any
3. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。
4. 如果源是一个服务器类型,则目标为 "me",反之亦然。
5. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。

示例: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45
srcmask=24 dstmask=32
2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0
protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255
3. add filter filterlist=Filter1 srcaddr=me dstaddr=any
4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME
5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME


Usage:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ description = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ mirrored = ] (yes | no) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]

Adds a filter to the specified filter list.

Parameters:

Tag Value
filterlist -Name of the filter list to which the filter is added.
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
description -Brief information about the filter.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
mirrored -‘Yes’ creates two filters, one in each direction.
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
srcport -Source port of the packet. A value of 0 means any port.
dstport -Destination port of the packet. A value of 0 means any port.

Remarks: 1. If the filter list does not exist it will be created.
2. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
3. Server type can be WINS, DNS, DHCP or GATEWAY.
4. If source is a server type, then dest is 'me' and vice-versa.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45
srcmask=24 dstmask=32
2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0
protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255
3. add filter filterlist=Filter1 srcaddr=me dstaddr=any
4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME
5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME

11300更改现存策略和相关信息。
Modifies existing policies and related information.
11310更改策略。
Modifies a policy.
11311更改筛选器列表。
Modifies a filter list.
11312更改筛选器操作。
Modifies a filter action.
11313更改规则。
Modifies a rule.
11314设置当前策略存储。
Sets the current policy store.
11315更改默认响应规则。
Modifies the default response rule of a policy.
11317设置批更新模式。
Sets the batch update mode.
11350
用法:
policy [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] ( yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ gponame = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

更改策略。

参数:

标记 值
name | guid -策略或 guid 的名称。
newname -新名称
description -简介信息。
mmpfs -设置主密钥完全向前保密。
qmpermm -每一个主模式的快速模式数目。
mmlifetime -重新生成密钥的时间(以分钟计)。
activatedefaultrule -激活默认响应规则。只在 Windows Vista 之前的 Windows 版本中有效。
pollinginterval -在策略存储中查找更改的时间(以分钟计)。
assign -指定策略。
gponame -可以指定策略的本地 AD 组策略对象名称。
在 store 为 domain 时为有效。
mmsecmethods -一个或多个空格分隔的安全方法列表,格式为
ConfAlg-HashAlg-GroupNum。
注释: 1. 如果指定了 mmpfs,qmpermm 将设置为 1。
2. 只有将 store 设置为 domain 时,才能指定 GPO 名称。
3. 不推荐使用 DES 和 MD5。提供这些算法
仅用于向下兼容。

示例: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y
2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=NewName gpo=DefaultDomainPolicy assign=y


Usage:
policy [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] ( yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ gponame = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Modifies a policy.

Parameters:

Tag Value
name | guid -Name of the policy, or guid.
newname -New name.
description -Brief information.
mmpfs -Sets master perfect forward secrecy.
qmpermm -Number of quick modes per main mode.
mmlifetime -Time in minutes to rekey.
activatedefaultrule -Activates the default response rule. Valid only for versions of Windows prior to Windows Vista.
pollinginterval -Time in minutes to check for change in policy store.
assign -Assigns the policy.
gponame -Local AD group policy object name to which the policy
can be assigned. Valid when the store is domain.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum.

Remarks: 1. If mmpfs is specified, qmpermm is set to 1.
2. A GPO name can only be specified if the store is set to domain.
3. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y
2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=NewName gpo=DefaultDomainPolicy assign=y

11351
用法:
filterlist [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]

更改筛选器列表名称和描述。

参数:

标记 值
name | guid -筛选器列表的名称或 guid。
newname -筛选器列表的新名称。
description -筛选器的简短信息列表。

示例: 1.set filterlist Filter1 desc=NewFilter1
2.set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=FilterName


Usage:
filterlist [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]

Modifies a filter list name and description.

Parameters:

Tag Value
name | guid -Name of the filter list or guid.
newname -New name of the filter list.
description -Brief information about the filter list.

Examples: 1. set filterlist Filter1 desc=NewFilter1
2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=FilterName

11352
用法:
filteraction [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

更改筛选器操作。

参数:

标记 值
name | guid -筛选器操作的名称或 guid。
newname -筛选器操作的新名称。
description -筛选器操作的简短信息。
qmpfs -设置快速模式完全向前保密的选项。
inpass -接受非安全的通讯,但始终用 IPsec 响应。可以
是 yes 或 no。
soft -允许与非 IPsec 的计算机进行非安全的通讯。
它的值可以是 yes 或 no。
action -可以是 permit 或 block 或 negotiate。
qmsecmethods -IPsec 提供是下列格式之一:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
其中 ConfAlg 可以是 DES 或 3DES 或 None。
其中 AuthAlg 可以是 MD5 或 SHA1 或 None。
其中 HashAlg 是 MD5 或 SHA1。
其中 k 是 lifetime(千字节)。
其中 s 是 lifetime(秒)。
3. 不推荐使用 DES 和 MD5。提供这些算法
仅用于向下兼容。

示例: 1.set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s
2.set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
inpass=y


Usage:
filteraction [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Modifies a filter action.

Parameters:

Tag Value
name | guid -Name or guid of the filter action.
newname -New name of the filter action.
description -Brief information about the filter action.
qmpfs -Option to set quick mode perfect forward secrecy.
inpass -Accept unsecured communication, but always respond
using IPsec. This takes a value of either ‘yes’ or ‘no’.
soft -Allow unsecured communication with non-IPsec-aware computers.
This takes a value of either ‘yes’ or ‘no’.
action -This takes permit or block or negotiate.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples:1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s
2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
inpass=y

11353
用法:
rule [ name = ] | [id= ]
[ policy = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ filterlist = ] ]
[ [ filteraction = ] ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

更改策略中的规则。

参数:

标记 值
name | id -规则的名称或 ID。
policy -规则所属的策略的名称。
newname -规则的新名称。
description -规则的简短信息。
filterlist -要使用的筛选器列表的名称。
filteraction -要使用的筛选器操作的名称。
tunnel -隧道 ip 地址或 dns 名称。
conntype -连接类型可以是 lan,dialup 或 all。
activate -如果指定了 yes,则激活策略中的规则。
kerberos -如果指定了 yes,则提供 Kerberos 身份验证。
psk -用指定的预共享密钥提供身份验证。
rootca -用指定的根证书提供身份验证,如果指定了
certmap:Yes,将尝试映射此证书
如果指定了 excludecaname:Yes,将排除 CA 名称。

注释: 1. 证书,映射和 CA 名称设置要在引号中引起来,内嵌的引号将
被“\'”代替。
2. 证书映射只对域成员有效。
3. 可以多次使用 rootca 参数来提供多重证书。
4. 每种身份验证方法的优先级由在命令中的顺序来决定。
5. 如果没有指定身份验证方法,将使用动态默认。
6. 所有身份验证方法都将被指定的列表所覆盖。
7. 排除根证书颁发机构(CA)名称防止将名称作为证书请求的一部分
发送。

示例: 1. set rule name=Rule policy=Policy activate=yes
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"
2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156


Usage:
rule [ name = ] | [id= ]
[ policy = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ filterlist = ] ]
[ [ filteraction = ] ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies a rule in a policy.

Parameters:

Tag Value
name | id -Name or ID of the rule.
policy -Name of the policy, the rule belongs to.
newname -New name of the rule.
description -Brief information about the rule.
filterlist -Name of the filter list to be used.
filteraction -Name of the filter action to be used.
tunnel -Tunnel ip address or dns name.
conntype -Connection type can be ‘lan’, ‘dialup’ or ‘all’.
activate -Activates the rule in the policy if ‘yes’ is specified.
kerberos -Provides Kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
2. Certificate mapping is valid only for domain members.
3. Multiple certificates can be provided by using the rootca
parameter multiple times.
4. The preference of each authentication method is determined by
its order in the command.
5. If no auth methods are stated, dynamic defaults are used.
6. All authentication methods are overwritten with the stated list.
7. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.

Examples: 1. set rule name=Rule policy=Policy activate=yes
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"
2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156

11354
用法:
store [location = ] (local | domain)
[ [ domain = ] ]

设置当前 IPsec 策略存储位置。

参数:

标记 值
location IPsec 策略存储的位置。
domain 域名(只应用于域位置)。

说明: 1. 本地存储包含 IPsec 策略,可以指定来保护
计算机。如果域策略可用,则
应用域策略而不是本地策略。
2. 域存储包含 IPsec 策略,可以指定来
保护域中的一组计算机。
3. 使用"set machine"命令配置远程计算机。
4. 默认存储为本地存储。对存储设置所作的更改
仅在当前 Netsh 会话期间有效。如果需要在
同一存储中从批处理文件运行多个命令,请在
执行批处理文件时使用"Netsh Exec"。
5. 不支持永久存储和永久策略。


示例: 1. set store location=
local
- 使用当前计算机的本地存储。

2. set store location= domain domain=example.microsoft.com
- 使用域策略存储以获取 example.microsoft.com。


Usage:
store [location = ] (local | domain)
[ [ domain = ] ]

Sets the current IPsec policy storage location.

Parameters:

Tag Value
location Location of the IPsec policy store.
domain Domain name (only applies to the domain location).

Remarks: 1. The local store contains IPsec policies that can be assigned to
secure this computer. If a domain policy is available, the
domain policy is applied instead of the local policy.
2. The domain store contains IPsec policies that can be assigned to
secure groups of computers in a domain.
3. Use the 'set machine' command to configure a remote computer.
4. The default store is Local. Changes to the store setting persist
only as long as the current Netsh session. If you need to run
multiple commands in the same store from a batch file, use the
‘Netsh Exec’ when executing your batch file.
5. Persistent store and persistent policy is not supported.


Examples: 1. set store location=
local
- uses the local store of the current computer
.
2. set store location=domain domain=example.microsoft.
com
- uses the domain policy store for example.microsoft.com
.

11355
用法:
defaultrule [ policy = ]
[ [ qmpfs = ] (yes | no) ]
[ [ activate = ] (yes | no) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

修改指定策略的默认响应规则。
在 Windows Vista 和 Windows 的更新版本中将忽略此规则。


参数:

标记

policy -其默认响应规则将被修改的策略的名称
.
qmpfs -设置快速模式完全向前保密的选项
.
activate -如果指定 "yes" 则激活策略中的规则
.
qmsecmethods -IPsec 按下列其中一种模式提供:
ESP[ConfAlg,AuthAlg]:k/
s
AH[HashAlg]:k/
s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/
s
其中 ConfAlg 可以是 DES、3DES 或 None
.
其中 AuthAlg 可以是 MD5、SHA1 或 None
.
其中 HashAlg 是 MD5 或 SHA1
.
其中 k 是以 KB 为单位的生存时间
.
其中 s 是以秒为单位的生存时间
.
kerberos -如果指定 “yes” 则提供 Kerberos 身份验证
.
psk -使用指定的预共享密钥提供身份验证
.
rootca -使用指定的根证书提供身份验证,
如果指定 certmap:Yes,则尝试映射证书,
如果指定 excludecaname:Yes,则排除 CA 名称
.

说明: 1. 证书、映射和 CA 名称设置都要放在引号中;嵌入的引号用“\”代替
.
2. 证书映射只对域成员有效
.
3. 通过多次使用 rootca 参数可以提供多重证书
.
4. 每种身份验证方法的优先级由它在命令中的顺序决定
.
5. 如果未指定身份验证方法,则使用动态默认
6. 不推荐使用 DES 和 MD5。提供这些算法
仅用于向下兼容。

示例: set defaultrule Policy1 activate=
y
qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"


Usage:
defaultrule [ policy = ]
[ [ qmpfs = ] (yes | no) ]
[ [ activate = ] (yes | no) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies the default response rule of the specified policy.
This rule will be ignored on Windows Vista and later versions of Windows


Parameters:

Tag
Value
policy -Name of the policy for which the default response rule
is
to be modified
.
qmpfs -Option to set quick mode perfect forward secrecy
.
activate -Activates the rule in the policy if ‘yes’ is specified
.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/
s
AH[HashAlg]:k/
s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/
s
where ConfAlg can be DES, or 3DES or None
.
where AuthAlg can be MD5, or SHA1 or None
.
where HashAlg is MD5 or SHA1
.
where k is lifetime in kilobytes
.
where s is lifetime in seconds
.
kerberos -Provides Kerberos authentication if ‘yes’ is specified
.
psk -Provides authentication using a specified preshared key
.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified
.

Remarks: 1. Certificate, mapping, and CA name settings are all to be
within
quotes; embedded quotes are to be replaced with \'
.
2. Certificate mapping is valid only for domain members
.
3. Multiple certificates can be provided by using the
rootca
parameter multiple times
.
4. The preference of each authentication method is determined
by
its order in the command
.
5. If no auth methods are stated, dynamic defaults are used
.
6. The use of DES and MD5 is not recommended. These
cryptographic
algorithms are provided for backward compatibility only
.

Examples: set defaultrule Policy1 activate=
y
qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"

11357
用法:
set batch [mode = ] (enable | disable)

设置批处理更新模式。

参数:

mode - 用于批处理更新的模式。



Usage:
set batch [mode = ] (enable | disable)

Sets the batch update mode.

Parameters:

mode - The mode for batch updates.


11400删除策略和相关信息。
Deletes policies and related information.
11410删除一个策略和它的规则。
Deletes a policy and its rules.
11411删除一个筛选器列表。
Deletes a filter list.
11412删除一个筛选器操作。
Deletes a filter action.
11413从策略中删除一个规则。
Deletes a rule from a policy.
11414从筛选器列表中删除一个筛选器。
Deletes a filter from a filter list.
11415删除所有策略,筛选器列表和筛选器操作。
Deletes all policies, filter lists, and filter actions.
11450
用法:
policy [ name = ] | [ all ]

删除策略及它的所有相关规则。

参数:

标记 值
name | all -策略名称,或 all。

注释: 如果指定了 'all',将删除所有策略。

示例: 1. delete policy all
- 删除所有策略
2. delete policy name=Policy1
- 删除名为 'Policy1' 的策略


Usage:
policy [ name = ] | [ all ]

Deletes the policy and all its associated rules.

Parameters:

Tag Value
name | all -Name of the policy or ‘all’.

Remarks: If 'all' is specified, all policies are deleted.

Examples: 1. delete policy all
- deletes all policies.
2. delete policy name=Policy1
- deletes the policy named Policy1.

11451
用法:
filterlist [name = ] | [ all ]

删除筛选器列表及它的所有相关筛选器。

参数:

标记 值
name | all -筛选器列表的名称,或 all。

Remarks: 如果指定了 'all',将删除所有筛选器。

示例: delete filterlist all


Usage:
filterlist [name = ] | [ all ]

Deletes the filter list and all of its associated filters.

Parameters:

Tag Value
name | all -Name of the filter list or ‘all’.

Remarks: If 'all' is specified, all filter lists are deleted.

Examples: delete filterlist all

11452
用法:
filteraction [ name = ] | [ all ]

删除筛选器操作。

参数:

标记 值
name | all -筛选器操作的名称,或 all。

注释: 如果指定了 'all',将删除所有筛选器操作。

示例: 1. delete filteraction FilterA
2. delete filteraction all


Usage:
filteraction [ name = ] | [ all ]

Deletes a filter action.

Parameters:

Tag Value
name | all -Name of the filter action or ‘all’.

Remarks: If 'all' is specified, all filter actions are deleted.

Examples: 1. delete filteraction FilterA
2. delete filteraction all

11453
用法:
rule [ name = ] | [ id = ] | [ all ]
[ policy = ]

从策略中删除规则。

参数:

标记 值
name | id | all -规则的名称或 ID,或 all
policy -策略名称。

注释: 1. 如果指定了 'all',将从策略中删除除了默认响应规则以外
的所有规则。
2. 默认响应规则不能被删除。
3. 每次删除都将更改 ID。

示例: 1. delete rule id=1 Policy1
-从 Policy1 中删除 id=1 的规则。
2. delete rule all Policy1
-从 Policy1 中删除所有规则。


Usage:
rule [ name = ] | [ id = ] | [ all ]
[ policy = ]

Deletes a rule from a policy.

Parameters:

Tag Value
name | id | all -Name of the rule, ID of the rule, or ‘all’
policy -Name of the policy.

Remarks: 1. If 'all' is specified, deletes all rules from the policy except
the default response rule.
2. The default response rule cannot be deleted.
3. The IDs will change with every delete.

Examples: 1. delete rule id=1 Policy1
-deletes the rule with id=1 from Policy1.
2. delete rule all Policy1
-deletes all the rules from Policy1.

11454
用法:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]

从筛选器列表中删除一个筛选器

参数:

标记 值
filterlist -筛选器要添加到其中的筛选器列表的名称。
srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
protocol -可以是 ANY,ICMP,TCP,UDP,RAW,或者一个整数。
srcmask -源地址掩码,或一个 1 到 32 的前缀。如果 srcaddr 设置为某一范围,则不适用。
dstmask -目标地址掩码,或一个 1 到 32 的前缀。如果 dstaddr 设置为某一范围,则不适用。
srcport -数据包的源端口。值为 0 表示任意端口。
dstport -数据包的目标端口。值为 0 表示任意端口。
mirrored -值为 "Yes" 将创建两个筛选器,每个方向均有一个。

注释: 1. 从筛选器列表中删除准确匹配的筛选器。
2. 要指定当前计算机地址,请设置 srcaddr/dstaddr=me
要指定所有计算机地址,请设置 srcaddr/dstaddr=any
3. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。
4. 如果源为 server,则目标为 "me",反之亦然。
5. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。

示例: 1. delete filter FilterList1 src=fum.com dst=fum.com
2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP
3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP
4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME


Usage:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]

Deletes a filter from a filter list

Parameters:

Tag Value
filterlist -Name of the filter list to which the filter was added.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
srcport -Source port of the packet. A value of 0 means any port
dstport -Destination port of the packet. A value of 0 means any port.
mirrored -‘Yes’ creates two filters, one in each direction.

Remarks: 1. Deletes the exact match filter from the filter list.
2. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
3. Server type can be WINS, DNS, DHCP or GATEWAY.
4. If source is a server, then dest is set to 'me' and vice-versa.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. delete filter FilterList1 src=fum.com dst=fum.com
2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP
3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP
4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME

11455
用法:
all

删除所有策略,筛选器列表和筛选器操作。

参数:

注释:

示例: delete all


Usage:
all

Deletes all policies, filter lists, and filter actions.

Parameters:

Remarks:

Examples: delete all

11500显示策略和相关信息的详细信息。
Displays details of policies and related information.
11510显示策略详细信息。
Displays policy details.
11511显示筛选器列表详细信息。
Displays filter list details.
11512显示筛选器操作详细信息。
Displays filter action details.
11513显示规则的详细信息。
Displays rule details.
11515显示所有策略的详细信息及相关信息。
Displays details of all policies and related information.
11516显示组分配的策略的详细信息。
Displays details of a group assigned policy.
11517显示当前策略存储。
Displays the current policy store.
11550
用法:
policy [ name = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

显示策略的详细信息

参数:

标记 值
name | all -策略名称或‘all’。
level -Verbose 或 normal。
format -以屏幕格式或制表符分隔的方式输出。
wide -如果设置为 “no”,名称和描述将被截断
以适应 80 列的屏幕宽度。

注释:

示例: show policy Policy1 wide=yes format=table


Usage:
policy [ name = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of a policy

Parameters:

Tag Value
name | all -Name of the policy or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all policy details are displayed.

Examples: show policy Policy1 wide=yes format=table

11551
用法:
filterlist [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table ) ]
[ [ resolvedns = ] (yes | no) ]
[ [ wide = ] (yes | no) ]

显示筛选器列表的详细信息。

参数:

标记 值
name | rule | all -筛选器列表的名称或 rule 名称或 all。
level -Verbose 或 normal。
format -以屏幕格式或制表符分隔的方式输出。
resolvedns -值为 'yes' 将强制详细输出显示 IP 地址的当前
DNS 映射,以及存储在筛选器字段中的 DNS 名称。
wide -如果设置为 no,名称和描述将被截断,以适
应 80 个字符的屏幕宽度。

注释: 如果指定了 'all',将显示所有筛选器列表。

示例: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes


Usage:
filterlist [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]
[ [ wide = ] (yes | no) ]

Displays the details of a filter list

Parameters:

Tag Value
name | rule | all -Name of the filter list, rule name, or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
resolvedns -Value of ‘yes’ will force the verbose output to show
the current dns mapping for ip addresses and dns
names that are stored in the filter fields.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all filter lists are displayed.

Examples: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes

11552
用法:
filteraction [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table ) ]
[ [ wide = ] (yes | no) ]

显示筛选器操作的详细信息。

参数:

标记 值
name | rule | all -筛选器操作的名称或 rule 名称或 all。
level -Verbose 或 normal。
format -以屏幕格式或制表符分隔的方式输出
wide -如果设置为 no,名称和描述将被截断,
以适应 80 个字符的屏幕宽度

注释: 如果指定了 'all',则显示所有筛选器操作。

示例: 1. show filteraction FilterAction1
- 显示筛选器操作 FilterAction1 的详细信息
2. show filteraction rule=Rule1
- 显示由规则 Rule1 使用的筛选器操作
3. show filteraction all
- 显示所有筛选器操作


Usage:
filteraction [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of a filter action

Parameters:

Tag Value
name | rule | all -Name of the filter action, rule name, or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all filter actions are displayed.

Examples: 1. show filteraction FilterAction1
- shows the details of the filter action named FilterAction1
2. show filteraction rule=Rule1
- shows the filter action used by the rule named Rule1
3. show filteraction all
- shows all filter actions

11553"
用法:
rule [ name = ] | [ id = ] ] | [ all ] | [default]
[ policy = ]
[ [ type = ] (tunnel | tranport) ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table ) ]
[ [ wide = ] (yes | no) ]

显示策略的规则的详细信息。

参数:

标记 值
name | id | all | default -规则的名称或 id,或 all 或 default。
policy -策略名称。
type -规则类别是 transport 或 tunnel。
level -Verbose 或 normal。
format -以屏幕格式或制表符分隔的方式输出。
wide -如果设置为 no,名称和描述将被截断,
以适应 80 个字符的屏幕宽度

注释: 1. 如果指定了 All,则显示所有规则。
2. 如果指定了 type 参数,则需要指定 'all'。

示例: 1. show rule all type=transport policy=Policy1
- 显示 Policy1 的所有传输规则。
2. show rule id=1 policy=Policy1
- 显示策略的第一个规则。
3. show rule default policy=Policy1
- 显示 Policy1 的默认响应规则的详细信息。


Usage:
rule [ name = ] | [ id = ] ] | [ all ] | [default]
[ policy = ]
[ [ type = ] (tunnel | tranport) ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of rules for the policy.

Parameters:

Tag Value
name | id | all | default -Name of the rule, its id, ‘all’, or ‘default’.
policy -Name of the policy.
type -Rule type is ‘transport’ or ‘tunnel’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are
truncated to fit the screen width of 80
characters.

Remarks: 1. If ‘all’ is specified, all rules are displayed.
2. If the type parameter is specified, 'all' needs to be specified.

Examples: 1. show rule all type=transport policy=Policy1
- shows all the transport rules of the policy named Policy1.
2. show rule id=1 policy=Policy1
- shows the first rule of the policy.
3. show rule default policy=Policy1
- shows the details of the default response rule of Policy1.

11555
用法:
all [ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

显示所有策略,筛选器列表和筛选器操作。

参数:

标记 值
format -以屏幕格式或制表符分隔的方式输出。
wide -如果设置为 no,名称和描述将被截断,
以适应 80 个字符的屏幕宽度。

注释:

示例: show all


Usage:
all [ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays all policies, filter lists, and filter actions.

Parameters:

Tag Value
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks:

Examples: show all

11556
用法:
gpoassignedpolicy [name = ]
[ [ level = ] (verbose | normal)

显示指定的 GPO 的活动策略的详细信息。

参数:

标记 值
Name -本地 AD 组策略对象名称。

注释: 1. 如果当前 store 为 domain,则需要 name 参数,
否则是不允许的。

示例: 1. show gpoassignedpolicy name=GPO1
- 显示指定到 GPO1 的域策略
2. show gpoassignedpolicy
- 显示此计算机上当前指定的策略。


Usage:
gpoassignedpolicy [name = ]

Displays the details of the active policy for the specified GPO.

Parameters:

Tag Value
Name -Local AD Group policy object name.


Remarks: 1. if the current store is domain, the name parameter
is required, otherwise it is not allowed

Examples: 1. show gpoassignedpolicy name=GPO1
- shows the assigned domain policy to GPO1.
2. show gpoassignedpolicy
- shows currently assigned policy on this computer.

11557
用法:
store

示例: show store


Usage:
store

Examples: show store

12200将策略,筛选器和操作添加到 SPD。
Adds policy, filter, and actions to SPD.
12210将快速模式策略添加到 SPD。
Adds a quick mode policy to SPD.
12211将主模式策略添加到 SPD。
Adds a main mode policy to SPD.
12212将快速模式筛选器添加到 SPD。
Adds a quick mode filter to SPD.
12213将主模式筛选器添加到 SPD。
Adds a main mode filter to SPD.
12215添加一个规则和相关联的筛选器到 SPD。
Adds a rule and associated filters to SPD.
12250
用法:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

添加一个快速模式策略到 SPD。

参数:

标记 值
name -快速模式策略名称。
soft -允许与非 IPsec 的计算机进行不安全的通讯。
这可以是 yes 或 no。
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(默认)。
qmsecmethods -IPsec 提供是下列之一:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
其中 ConfAlg 可以是 DES 或 3DES 或 None。
其中 AuthAlg 可以是 MD5 或 SHA1 或 None。
其中 HashAlg 是 MD5 或 SHA1。
其中 k 是 lifetime(千字节)。
其中 s 是 lifetime(秒)。

注释: 不推荐使用 DES 和 MD5。提供这些算法
仅用于向下兼容。

示例: add qmpolicy name=qmp
qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"


Usage:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Adds a quick mode policy to SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.
soft -Allow unsecured communication with non-IPsec-aware
computers.
This takes a value of either ‘yes’ or ‘no’.
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add qmpolicy name=qmp
qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"

12251
用法:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

添加一个主模式策略到 SPD。

参数:

标记 值
name -主模式策略名称。
qmpermm -IKE 的每主模式会话的快速模式会话数目。
mmlifetime -为 IKE 的主模式重新生成密钥所需时间。
softsaexpirationtime -未保护的 SA 的过期时间(分钟)。
mmsecmethods -一个或多个由空格分隔的安全方法列表,格式
为 ConfAlg-HashAlg-GroupNum。
其中 ConfAlg 可以是 DES 或 3DES
HashAlg 是 MD5 或 SHA1
GroupNum 可以是 1 (Low) 或 2 (Med) 或 3 (DH2048)。

注释: 不推荐使用 DES 和 MD5。提供这些算法
仅用于向下兼容。

示例: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20
mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"


Usage:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Adds a main mode policy to SPD.

Parameters:

Tag Value
name -Name of the main mode policy.
qmpermm -Number of quick mode sessions per main mode session
of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
softsaexpirationtime -Time in minutes for an unprotected SA to expire.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum.
where ConfAlg can be DES or 3DES
where HashAlg can be MD5 or SHA1
GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20
mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"

12255
用法:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ mmpolicy = ]
[ [ qmpolicy = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:
(yes | no)" ]

添加规则。

参数:

标记 值
srcaddr - 源 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器类型。
dstaddr -目标 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器名称。
mmpolicy -主要模式策略
qmpolicy -快速模式策略
protocol -可以是 ANY, ICMP, TCP, UDP, RAW 或一个整数。
如果指定端口,则可接受的值为 TCP 或 UDP。
srcport -源端口(0 意味着任意端口)
dstport -目标端口(0 意味着任意端口)
mirrored -"Yes" 创建两个筛选器,每个方向一个。
conntype -连接类型
actioninbound -用于入站数据包的操作
actionoutbound -用于出站数据包的操作
srcmask -源地址掩码或 1 到 32 之间的前缀。如果 srcaddr 设置为一个
范围则不可用
dstmask -目标地址掩码或 1 到 32 之间的前缀。如果 dstaddr 设置为一个
范围则不可用
tunneldstaddress -隧道目标 IP 地址或 DNS 名称。
kerberos -如果指定 "yes" 则提供 kerberos 身份验证。
psk -使用指定的预共享密钥提供身份验证。
rootca -使用指定的根证书提供身份验证,
如果指定 certmap:Yes,则尝试映射证书,
如果指定 excludecaname:Yes,则排除 CA 名称。

说明: 1. 端口对于 TCP 和 UDP 有效。
2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY
3. actioninbound 和 actionoutbound 的默认值为 "negotiate"。
4. 对于隧道规则,必须将 "mirrored" 设置为 "no"。
5. 证书、映射和 CA 名称设置都必须放在引号中;嵌入的引号用 "\" 代替。
6. 证书映射仅对域成员有效。
7. 通过多次使用 rootca 参数可以提供多重证书。
8. 每个身份验证方法的优先级由它在命令中的顺序决定。
9. 如果未指定身份验证方法,则使用动态默认。
10. 排除根证书颁发机构(CA)名称可以防止将名称作为证书请求的一部分发送。
11. 如果指定地址范围,终结点必须是特定地址(不是列表或子网),而且必须是
相同的类型(都应该是 v4 或 v6)。

示例: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp
qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\'Microsoft North, South, East, and West Root
Authority\' certmap:yes excludecaname:no"

Usage:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ mmpolicy = ]
[ [ qmpolicy = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Adds a Rule.

Parameters:

Tag Value
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
mmpolicy -Main mode policy
qmpolicy -Quick mode policy
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
If you specify a port, acceptable value is TCP or UDP.
srcport -Source port(0 means any port)
dstport -Destination port(0 means any port)
mirrored -‘Yes' creates two filters, one in each direction.
conntype -Connection type
actioninbound -Action for inbound packets
actionoutbound -Action for outbound packets
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
tunneldstaddress -Tunnel destination ip address or dns name.
kerberos -Provides kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Port valid for TCP and UDP.
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. Default for actioninbound and actionoutbound is ‘negotiate’.
4. For tunnel rules, mirrored must be set to 'no'.
5. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
6. Certificate mapping is valid only for domain members.
7. Multiple certificates can be provided by using the rootca
parameter multiple times.
8. The preference of each authentication method is determined by its
order in the command.
9. If no auth methods are stated, dynamic defaults are used.
10. Excluding the root certification authority (CA) name prevents the
name from being sent as part of the certificate request.
11. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Example: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp
qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"
12300更改 SPD 中的策略,筛选器和操作。
Modifies policy, filter, and actions in SPD.
12310更改 SPD 中的快速模式策略。
Modifies a quick mode policy in SPD.
12311更改 SPD 中的主模式策略。
Modifies a main mode policy in SPD.
12312更改 SPD 中的快速模式筛选器。
Modifies a quick mode filter in SPD.
12313更改 SPD 中的主模式筛选器。
Modifies a main mode filter in SPD.
12319设置 IPSEC 配置和启动时间行为。
Sets the IPsec configuration and boot time behavior.
12320修改 SPD 中的规则和相关联的筛选器。
Modifies a rule and associated filters in SPD.
12350
用法:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2... neg#n) ]

在 SPD 中更改快速模式策略。

参数:

标记 值
name -快速模式策略名称。
soft -允许与非 IPsec 的计算机进行不安全的通信。
这可以是 yes 或 no。
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(默认)。
qmsecmethods -IPsec 提供是下列之一
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
其中 ConfAlg 可以是 DES,或 3DES 或 None。
其中 AuthAlg 可以是 MD5,或 SHA1 或 None。
其中 HashAlg 是 MD5 或 SHA1。
其中 k 是 lifetime(千字节)。
其中 s 是 lifetime(秒)。

注释: 不推荐使用 DES 和 MD5。提供这些算法
仅用于向下兼容。

示例: set qmpolicy name=qmp pfsg=grp3
qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"


Usage:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Modifies a quick mode policy in SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.
soft -Allow unsecured communication with
non-IPsec-aware computers.
This takes a value of either 'yes' or 'no'.
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES, or 3DES or None.
where AuthAlg can be MD5, or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Example: set qmpolicy name=qmp pfsg=grp3
qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"

12351
用法:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

用新参数在 SPD 中更改主模式策略。

参数:

标记 值
name -主模式策略名称。
qmpermm -IKE 的每主模式会话的快速模式会话数目。
mmlifetime -为 IKE 的主模式重新生成密钥所需时间。
softsaexpirationtime -未保护的 SA 的过期时间(分钟)。
mmsecmethods -一个或多个空格分隔的安全方法列表,格式
为 ConfAlg-HashAlg-GroupNum。
其中 ConfAlg 可以是 DES 或 3DES,
HashAlg 是 MD5 或 SHA1,
GroupNum 可以是 1 (Low) 或 2 (Med) 或 3 (DH2048)。

注释: 不推荐使用 DES 和 MD5。提供这些算法
仅用于向下兼容。

示例: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3


Usage:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Modifies a main mode policy with the new parameters in SPD.

Parameters:

Tag Value
name -Name of the main mode policy.
qmpermm -Number of quick mode sessions per main mode session
of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
softsaexpirationtime -Time in minutes for an unprotected SA to expire.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum,
where ConfAlg can be DES or 3DES,
HashAlg is MD5 or SHA1,
GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Example: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3

12359
用法:
config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval |
ikelogging | strongcrlcheck | bootmode |
bootexemptions) ]
[ value = ] | | ]

配置 IPSec 的参数。

参数:

标记 值
property -属性名称。
value -与属性相对应的值。

注释: 1. 属性的有效值为:
ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7
ikelogging - 0, 1
strongcrlcheck - 0, 1, 2
ipsecloginterval - 60 to 86400 sec
ipsecexempt - 0, 1, 2, 3
bootmode - stateful, block, permit
bootexemptions - none, "exemption#1 exemption#2 ...
exemption#n"
其中引号中的字符串指定引导模式期间
始终允许的协议和端口列表,格式如下:
Protocol:SrcPort:DstPort:Direction
其中 protocol 为 ICMP、TCP、UDP、
RAW 或
其中 direction 为 inbound 或 outbound
2. 提供 ipsecdiagnostics、ikelogging、ipsecloginterval、bootmod 和
bootexemptions 选项,用于向下兼容。对于 Windows Vista 及以后的
操作系统无效。
3. SrcPort 和 DstPort 仅对于 TCP 和 UDP 有效,对于其他协议,
免除格式为 Protocol:Direction。
4. 端口设置 0 允许任意端口的流量。
5. 立即激活 ikelogging 和 strongcrlcheck;
其他所有属性在下次启动时生效。

示例: 1. set config property=ipsecdiagnostics value=0
2. set config property=bootmode value=stateful
3. set config property=bootexemptions value=none
4. set config property=bootexemptions
value="ICMP:inbound TCP:80:80:outbound"


Usage:
config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval |
ikelogging | strongcrlcheck | bootmode | bootexemptions) ]
[ value = ] | | ]

Configures the parameters for IPsec.

Parameters:

Tag Value
property -Property name.
value -Value that corresponds to the property.

Remarks: 1. Valid values for the properties are:
ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7
ikelogging - 0, 1
strongcrlcheck - 0, 1, 2
ipsecloginterval - 60 to 86400 sec
ipsecexempt - 0, 1, 2, 3
bootmode - stateful, block, permit
bootexemptions - none, "exemption#1 exemption#2 ... exemption#n"
where the quoted string specifies a list of
protocols and ports to always allow during
boot mode in the following format:
Protocol:SrcPort:DstPort:Direction
where protocol is ICMP, TCP, UDP,
RAW, or
where direction is inbound or outbound
2. ipsecdiagnostics, ikelogging, ipsecloginterval, bootmode and
bootexemptions options are provided for backward compatibility.
Not valid for Windows Vista and later operating systems.
3. SrcPort and DstPort are only valid for TCP and UDP, with other
protocols the format of the exemption is Protocol:Direction.
4. A port setting of 0 allows for traffic for any port.
5. ikelogging and strongcrlcheck are activated immediately;
all other properties take effect on next boot.

Examples: 1. set config property=ipsecdiagnostics value=0
2. set config property=bootmode value=stateful
3. set config property=bootexemptions value=none
4. set config property=bootexemptions
value="ICMP:inbound TCP:80:80:outbound"

12360
用法:
rule [ srcaddr = ] (ip | dns | server)
[ dstaddr = ] (ip | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ mmpolicy = ] ]
[ [ qmpolicy = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

在 SPD 中修改规则及相关的筛选器。

参数:

标记 值
srcaddr - 源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
protocol -可以是 ANY,ICMP,TCP,UDP,RAW,或一个整数。
srcport -源端口(0 表示任意端口)
dstport -目标端口(0 表示任意端口)
mirrored -值为 "Yes" 将创建两个筛选器,每个方向均有一个。
conntype -连接类型
srcmask -源地址掩码,或一个 1 到 32 的前缀。如果 srcaddr 设置为某一范围,则不适用。
dstmask -目标地址掩码,或一个 1 到 32 的前缀。如果 dstaddr 设置为某一范围,则不适用。
tunneldstaddress -隧道目标 ip 地址或 dns 名称。
mmpolicy -主模式策略
qmpolicy -快速模式策略
actioninbound -对入站数据包的操作
actionoutbound -对出站数据包的操作
kerberos -如果指定了‘yes’,则提供 kerberos 身份验证
psk -用指定的预共享密钥提供身份验证
rootca -用指定的根证书提供身份验证,
如果指定了 certmap:Yes,将尝试映射此证书
如果指定了 excludecaname:Yes,将排除 CA 名称

注释: 1. 可以设置 Mmpolicy、qmpolicy、actioninbound、actionoutbound
和 authmethods,其他字段是标识符。
2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY
3. 证书、映射和 CA 名称设置均以引号中引起来,内嵌的引号将替代为
“\"”。
4. 证书映射只对域成员有效。
5. 可以多次使用 rootca 参数来提供多重证书。
6. 每种身份验证方法的优先级由它在命令中的顺序来
决定。
7. 如果没有指定身份验证方法,将使用动态默认值。
8. 所有身份验证方法都将以指定的列表覆盖。
9. 排除根证书颁发机构(CA)名称可防止将名称作为证书请求的一部分
进行发送。
10. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同
类型的地址(两者均应为 v4 或 v6)。

示例: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32
tunneldst=192.168.145.1
proto=tcp srcport=80 dstport=80 mir=no con=lan
qmp=qmp actionin=negotiate actionout=permit
2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215
mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"


Usage:
rule [ srcaddr = ] (ip | dns | server)
[ dstaddr = ] (ip | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ mmpolicy = ] ]
[ [ qmpolicy = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies a rule and associated filters in SPD.

Parameters:

Tag Value
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port (0 means any port)
dstport -Destination port (0 means any port)
mirrored -'Yes' creates two filters, one in each direction.
conntype -Connection type
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
tunneldstaddress -Tunnel destination ip address or dns name.
mmpolicy -Main mode policy
qmpolicy -Quick mode policy
actioninbound -Action for inbound packets
actionoutbound -Action for outbound packets
kerberos -Provides kerberos authentication if ‘yes’ is specified
psk -Provides authentication using a specified preshared key
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Mmpolicy, qmpolicy, actioninbound, actionoutbound
and authmethods can be set; other fields are identifiers.
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
4. Certificate mapping is valid only for domain members.
5. Multiple certificates can be provided by using the rootca
parameter multiple times.
6. The preference of each authentication method is determined by
its order in the command.
7. If no auth methods are stated, dynamic defaults are used.
8. All authentication methods are overwritten with the stated list.
9. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.
10. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32
tunneldst=192.168.145.1
proto=tcp srcport=80 dstport=80 mir=no con=lan
qmp=qmp actionin=negotiate actionout=permit
2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215
mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"

12400从 SPD 中删除策略,筛选器和操作。
Deletes policy, filter, and actions from SPD.
12410从 SPD 中删除快速模式策略。
Deletes a quick mode policy from SPD.
12411从 SPD 中删除主模式策略。
Deletes a main mode policy from SPD.
12414从 SPD 中删除规则及与其相关联的筛选器。
Deletes a rule and associated filters from SPD.
12415从 SPD 中删除所有策略,筛选器和操作。
Deletes all policies, filters, and actions from SPD.
12450
用法:
qmpolicy [ name = ] | [ all ]

从 SPD 中删除快速模式策略。
如果指定了 'all',将删除所有快速模式策略。

参数:

标记 值
name -快速模式策略名称。

备注: 要删除一个快速模式策略,必须先删除所有相关联的快速模式
筛选器。

示例: delete qmpolicy name=qmp


Usage:
qmpolicy [ name = ] | [ all ]

Deletes a quick mode policy from SPD.
If 'all' is specified, all quick mode policies are deleted.

Parameters:

Tag Value
name -Name of the quick mode policy.

Remarks: To delete a quick mode policy, any associated quick mode filters
must first be deleted.

Examples: delete qmpolicy name=qmp

12451
用法:
mmpolicy [ name = ] | [ all ]

从 SPD 中删除主模式策略。
如果指定了 'all',将删除所有主模式策略。

参数:

标记 值
name -主模式策略名称。

注释: 要删除一个主模式策略,必须先删除所有相关联的主模式
筛选器。

示例: delete mmpolicy name=mmp


Usage:
mmpolicy [ name = ] | [ all ]

Deletes a main mode policy from SPD.
If 'all' is specified, all main mode policies are deleted.

Parameters:

Tag Value
name -Name of the main mode policy.

Remarks: To delete a main mode policy, any associated main mode filters must
first be deleted.

Examples: delete mmpolicy name=mmp

12454
用法:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]

从 SPD 中删除规则。

参数:

标记 值
srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
protocol -可以是 ANY,ICMP,TCP,UDP,RAW,或者一个整数。
srcport -源端口。值为 0 表示任意端口。
dstport -目标端口。值为 0 表示任意端口。
mirrored -值为 "Yes" 将创建两个筛选器,每个方向均有一个。
conntype -连接类型可以是 lan、dialup 或 "all"。
srcmask -源地址掩码或 1 到 32 的前缀。
dstmask -目标地址掩码或 1 到 32 的前缀。
tunneldstaddress -隧道目标 ip 地址或 dns 名称。

注释: 1. 要指定当前计算机地址,请设置 srcaddr/dstaddr=me
要指定所有计算机地址,请设置 srcaddr/dstaddr=any
2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY
3. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。

示例: delete rule srca=192.168.145.110 dsta=192.168.145.215
tunneldsta=192.168.145.1
proto=tcp srcport=80 dstport=80 mirror=no conntype=lan


Usage:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]

Deletes a rule from SPD.

Parameters:

Tag Value
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
mirrored -‘Yes’ creates two filters, one in each direction.
conntype -Connection type can be lan, dialup or ‘all’.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
tunneldstaddress -Tunnel destination ip address or dns name.

Remarks: 1. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: delete rule srca=192.168.145.110 dsta=192.168.145.215
tunneldsta=192.168.145.1
proto=tcp srcport=80 dstport=80 mirror=no conntype=lan

12455
用法:
all

从 SPD 中删除所有策略,筛选器和身份验证方法。

示例: delete all


Usage:
all

Deletes all policies, filters, and authentication methods from SPD.

Example: delete all

12500从 SPD 中显示策略,筛选器和操作。
Displays policy, filter, and actions from SPD.
12510显示 SPD 中的策略,筛选器,SA 和统计。
Displays policies, filters, SAs, and statistics from SPD.
12511从 SPD 中显示主模式策略详细信息。
Displays main mode policy details from SPD.
12512从 SPD 中显示快速模式策略详细信息。
Displays quick mode policy details from SPD.
12513从 SPD 中显示主模式筛选器详细信息。
Displays main mode filter details from SPD.
12514从 SPD 中显示快速模式筛选器详细信息。
Displays quick mode filter details from SPD.
12515从 SPD 中显示 IPsec 和 IKE 统计。
Displays IPsec and IKE statistics from SPD.
12516从 SPD 中显示主模式安全关联。
Displays main mode security associations from SPD.
12517从 SPD 中显示快速模式安全关联。
Displays quick mode security associations from SPD.
12518显示 IPsec 配置。
Displays IPsec configuration.
12519显示 SPD 中的规则详细信息。
Displays rule details from SPD.
12550
用法:
all [ [ resolvedns = ] (yes | no) ]

显示 SPD 中的所有策略,筛选器,SA 和统计的详细信息。

参数:

标记 值
resolvedns -值为 'yes' 显示解析的 dns 名称。

注释: resolvedns 的默认值为 'no'。

示例: show all yes
-显示所有信息,包括 dns 解析


Usage:
all [ [ resolvedns = ] (yes | no) ]

Displays details of all policies, filters, SAs, and statistics from SPD.

Parameters:

Tag Value
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: Default value of resolvedns is ‘no’.

Examples: show all yes
- shows all information with dns resolution

12551
用法:
mmpolicy [ name = ] | [ all ]

从 SPD 中显示主模式策略的详细信息。

参数:

标记 值
name -主模式策略名称。

注释: 如果指定了 'all',将显示所有主模式策略。

示例: 1. show mmpolicy name=mmp
2. show mmpolicy all


Usage:
mmpolicy [ name = ] | [ all ]

Displays main mode policy details from SPD.

Parameters:

Tag Value
name -Name of the main mode policy.

Remarks: If 'all' is specified, all main mode policies are displayed.

Examples: 1. show mmpolicy name=mmp
2. show mmpolicy all

12552
用法:
qmpolicy [ name = ] | [ all ]

从 SPD 中显示快速模式策略的详细信息。

参数:

标记 值
name -快速模式策略名称。

注释: 如果指定了 'all',将显示所有快速模式策略。

示例: 1. show qmpolicy name=qmp
2. show qmpolicy all


Usage:
qmpolicy [ name = ] | [ all ]

Displays quick mode policy details from SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.

Remarks: If 'all' is specified, all quick mode policies are displayed.

Examples: 1. show qmpolicy name=qmp
2. show qmpolicy all

12553
用法:
mmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ resolvedns = ] (yes | no) ]

从 SPD 中显示主模式筛选器的详细信息。

参数:

标记 值
name | all -主模式筛选器名称,或 'all'。
type -筛选器类别。可以是 specific 或 generic。
srcaddr -源 ip 地址(ipv4 或 ipv6),地址范围,DNS 名称或服务器类型。
dstaddr -目标 ip 地址(ipv4 或 ipv6),地址范围,DNS 名称或服务器类型。
srcmask -源地址掩码或 1 到 32 的前缀。
dstmask -目标地址掩码或 1 到 32 的前缀。
resolvedns -值为 'yes' 显示解析的 dns 名称。

注释: 1. 默认 type 参数为 generic。
2. 服务器类型可以是 WINS,DNS,DHCP 或 GATEWAY。
3. 如果指定了 'all',将显示所有主模式筛选器。
4. 如果指定了源地址或目标地址,将只显示与该地址相关联的筛选器。
5. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同
类型地址(两者均应为 v4 或 v6)。

示例: 1. show mmfilter name=mmf
2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112


Usage:
mmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ resolvedns = ] (yes | no) ]

Displays main mode filter details from SPD.

Parameters:

Tag Value
name | all -Name of the main mode filter or ‘all’.
type -Type of filter to display, either specific or generic.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Default for the type parameter is ‘generic’.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If 'all' is specified, all main mode filters are displayed.
4. If source address or destination address is specified,
only filters associated with that address are displayed.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show mmfilter name=mmf
2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112

12554
用法:
qmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

从 SPD 中显示快速模式筛选器的详细信息。

参数:

标记 值
name -快速模式筛选器名称。
type -要显示的筛选器类别,可以是 specific 或 generic。
srcaddr -源 IP 地址(IPV4 或 IPV6)、地址范围、dns 名称或服务器类型。
dstaddr -目标 IP 地址(IPV4 或 IPV6)、地址范围、dns 名称或服务器类型。
srcmask -源地址掩码或 1 到 32 的前缀。
dstmask -目标地址掩码或 1 到 32 的前缀。
protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或一个整数。
srcport -源端口。值为零表示任意端口。
dstport -目标端口。值为零表示任意端口。
actioninbound -对入站数据包的操作。
actionoutbound -对出站数据包的操作。
resolvedns -值为 "yes" 显示解析的 dns 名称。

注释: 1. 如果未指定类别,则显示 "generic" 和 "specific" 筛选器。
2. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。
3. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同
类型地址(两者均应为 v4 或 v6)。

示例: 1. 显示 qmfilter name=qmf
2. 显示 qmfilter all srcaddr=192.134.135.133 proto=TCP
3. 如果指定 "all",则将显示所有快速模式筛选器。
4. 如果指定源或目标地址名称,
则将只显示与该地址相关联的筛选器。

Usage:
qmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

Displays quick mode filter details from SPD.

Parameters:

Tag Value
name -Name of the quick mode filter.
type -Type of filter to display, either specific or generic.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
actioninbound -Action for inbound packets.
actionoutbound -Action for outbound packets.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. If the type is not specified then both ‘generic’ and
‘specific’ filters are displayed.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show qmfilter name=qmf
2. show qmfilter all srcaddr=192.134.135.133 proto=TCP
3. If 'all' is specified, all quick mode filters are displayed.
4. If source or destination address name is specified,
only filters associated with that address are displayed.

12555
用法:
stats [ [type =] (all | ike | ipsec) ]

显示 IPsec 和 IKE 统计的详细信息。

参数:

标记 值
type -ipsec 或 ike 或 all,all 两者都显示(IPsec 和 IKE)

注释:

示例: 1. show stats all
2. show stats type=ipsec


Usage:
stats [ [type =] (all | ike | ipsec) ]

Displays details of IPsec and IKE statistics.

Parameters:

Tag Value
type -ipsec, ike, or all (which displays both ipsec and ike)

Remarks:

Examples: 1. show stats all
2. show stats type=ipsec

12556
用法:
mmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

显示指定地址的主模式安全关联。

参数:

标记 值
all -显示所有主模式安全关联。
srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
format -以屏幕格式或制表符分隔的方式输出。
resolvedns -值为 "yes" 显示解析的 dns 名称。

注释: 1. 服务器类型可以是 WINS,DNS,DHCP 或 GATEWAY。
2. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同类型地址(两者均应为 v4 或 v6)。\


示例: 1. show mmsas
all
2. show mmsas srca=192.168.145.110 dsta=192.168.145
.215


Usage:
mmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

Displays the main mode security associations for a specified address.

Parameters:

Tag Value
all -Display all main mode security associations.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.
format -Output in screen or tab-delimited format.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY.
2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\


Examples: 1. show mmsas
all
2. show mmsas srca=192.168.145.110 dsta=192.168.145
.215

12557
用法:
qmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

显示指定地址的快速模式安全关联。

参数:

标记 值
all -显示所有快速模式安全关联。
srcaddr -源 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器类型。
dstaddr -目标 IP 地址(IPv4 或 IPv6)、地址范围、DNS 名称或服务器类型。
protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或一个整数。
format -屏幕中的输出或制表符分隔格式。
resolvedns -值 "yes" 显示解析的 DNS 名称。

说明: 1. 服务器类型可以是 WINS、DNS、DHCP 或 GATEWAY。
2. 如果指定地址范围,终结点必须是特定地址(不是列表或子网),
而且必须是相同的类型(都应该是 v4 或 v6)。

示例: 1. show qmsas all
2. show qmsas srca=192.168.145.110 dsta=192.168.145.215


Usage:
qmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

Displays the quick mode security associations for a specified address.

Parameters:

Tag Value
all -Displays all quick mode security associations.
srcaddr -Source ip address(ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
format -Output in screen or tab-delimited format.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY.
2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show qmsas all
2. show qmsas srca=192.168.145.110 dsta=192.168.145.215

12558
用法:
config

显示 IPsec 配置参数的当前设置。

注释:

示例: show config


Usage:
config

Displays current settings of IPsec configuration parameters.

Remarks:

Example: show config

12559
用法:
rule [ [ type = ] (transport | tunnel) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

显示 SPD 中的规则详细信息。

参数:

标记 值
type -要显示的规则类型,可以是 transport 或 tunnel。
srcaddr -源 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
dstaddr -目标 ip 地址(ipv4 或 ipv6)、地址范围、dns 名称或服务器类型。
srcmask -源地址掩码或一个 1 到 32 的前缀。
dstmask -目标地址掩码或一个 1 到 32 的前缀。
protocol -可以是 ANY,ICMP,TCP,UDP,RAW 或一个整数。
srcport -源端口。值为零表示任意端口。
dstport -目标端口。值为零表示任意端口。
actioninbound -对入站数据包的操作。
actionoutbound -对出站数据包的操作。
resolvedns -值为 "yes" 显示解析的 dns 名称。

注释: 1. type 参数的默认值为 "transport"。
2. 服务器类型可以是 WINS,DNS,DHCP 或 GATEWAY。
3. 如果指定了源或目标地址名称,将只显示与该地址相关联的规则。
4. 如果指定了地址范围,终结点必须为特定地址(非列表或子网)和相同类型
地址(两者均应为 v4 或 v6)。

示例: 1. show rule
- shows both transport and tunnel rules
2. show rule type=transport srcaddr=192.134.135.133 proto=TCP


Usage:
rule [ [ type = ] (transport | tunnel) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

Displays rule details from SPD.

Parameters:

Tag Value
type -Type of rule to display, either transport or tunnel.
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
actioninbound -Action for inbound packets.
actionoutbound -Action for outbound packets.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Default for the type parameter is ‘transport’.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If source or destination address name is specified,
only rules associated with that address are displayed.
4. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show rule
- shows both transport and tunnel rules
2. show rule type=transport srcaddr=192.134.135.133 proto=TCP

13001

策略数目 : %1!d!


No. of policies : %1!d!
13002存储 : 本地存储
Store : Local Store
13006存储 : 域存储
Store : Domain Store
13012远程计算机 Remote Machine
13013本地计算机 Local Machine
13014远程域 Remote Domain
13015本地域 Local Domain
13016本地计算机 Local Machine
13017本地域 Local Domain
13100

策略名称 : %1!s!


Policy Name : %1!s!
13304

规则 ID : %1!d!, GUID = %2!s!


Rule ID : %1!d!, GUID = %2!s!
13305筛选器列表名称 : %1!s!
FilterList Name : %1!s!
13306筛选器列表名称 : 无
FilterList Name : NONE
13602策略名称 : %1!s!
Policy Name : %1!s!
13603描述 : %1!s!
Description : %1!s!
13604描述 : 无
Description : NONE
13605已分配 : 是
Assigned : YES
13606已分配 : 否
Assigned : NO
13607主 PFS : 是
Master PFS : YES
13608主 PFS : 否
Master PFS : NO
13609轮询间隔 : %1!d! 分钟
Polling Interval : %1!d! minutes
13610

规则数目 : %1!d!


No. of Rules : %1!d!
13611
规则详细信息

Rule Details
13612------------
------------
13615已分配 : 是,但是被 AD 策略覆盖
Assigned : YES but AD Policy Overrides
13700
规则名称 : %1!s!

Rule Name : %1!s!
13701
规则名称 : 无

Rule Name : NONE
13705身份验证方法(%1!d!)
Authentication Methods(%1!d!)
13708隧道目标 IP 地址: Tunnel Dest IP Address :
13709连接类型 : 全部
Connection Type : ALL
13710连接类型 : LAN
Connection Type : LAN
13711连接类型 : 拨号
Connection Type : DIAL UP
13712连接类型 : 无
Connection Type : NONE
13713
筛选器列表详细信息

FilterList Details
13714------------------
------------------
13715
在默认响应规则中没有筛选器列表


No FilterList exists in Default Response Rule

13716筛选器操作详细信息
FilterAction Details
13717---------------------
---------------------
13734
传输规则数目 : %1!d!

No of Transport rule(s): %1!d!
13735
隧道规则数目 : %1!d!

No of Tunnel rule(s) : %1!d!
13736已激活 : 是
Activated : YES
13737已激活 : 否
Activated : NO
13738已激活 : YES
Windows Vista 和 Windows 的更新版本不支持默认响应规则。该策略无效。
Activated : YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
13800筛选器操作名称 : %1!s!
FilterAction Name : %1!s!
13801筛选器操作名称 : 无
FilterAction Name : NONE
13802操作 : 允许
Action : PERMIT
13803操作 : 阻止
Action : BLOCK
13804操作 : 协商安全
Action : NEGOTIATE SECURITY
13805AllowUnsecure(Fallback): 是
AllowUnsecure(Fallback): YES
13806AllowUnsecure(Fallback): 否
AllowUnsecure(Fallback): NO
13807入站通过 : 是
Inbound Passthrough : YES
13808入站通过 : 否
Inbound Passthrough : NO
13809安全方法数目 : %1!d! No. of Security.Methods: %1!d!
13812AH ESP LIFE (Sec/kB)
AH ESP LIFE (Sec/kB)
13813-- --- -------------
-- --- -------------
13815QMPFS : 是
QMPFS : YES
13816QMPFS : 否
QMPFS : NO
14200KERBEROS
KERBEROS
14201根 CA : %1!s!
Root CA : %1!s!
14202预共享密钥 : %1!s!
Preshared Key : %1!s!
14203
NONE
14300
筛选器列表名称 : %1!s!

FilterList Name : %1!s!
14301
筛选器列表名称 : 无

FilterList Name : NONE
14302筛选器数目 : %1!d!
No. of Filters : %1!d!
14304筛选器
Filter(s)
14305---------
---------
14308GUID : %1!s!
GUID : %1!s!
14309上次修改时间 : %1!s!
Last Modified : %1!s!
14500源 DNS 名称 :
Source DNS Name :
14501源 DNS 名称 : %1!s!
Source DNS Name : %1!s!
14505源 DNS 名称 : 无
Source DNS Name : NONE
14506目标 DNS 名称 :
Destination DNS Name :
14507目标 DNS 名称 : %1!s!
Destination DNS Name : %1!s!
14511目标 DNS 名称 : 无
Destination DNS Name : NONE
14512已镜像 : 是
Mirrored : YES
14513已镜像 : 否
Mirrored : NO
14514源 DNS 名称 : %1!s! 解析为 Source DNS Name : %1!s! resolves to
14515目标 DNS 名称 : %1!s! 解析为 Destination DNS Name : %1!s! resolves to
14516源 DNS 名称 :
Source DNS Name :
14517源 DNS 名称 :
Source DNS Name :
14520目标 DNS 名称 :
Destination DNS Name :
14521目标 DNS 名称 :
Destination DNS Name :
14522目标 DNS 名称 :
Destination DNS Name :
14526%1!-15s! %1!-15s!
14527%1!s! %1!s!
14528%1!s!
%1!s!
14529

14530, ,
14531... ...
14600源 IP 地址 :
Source IP Address :
14602源 IP 地址 : Source IP Address :
14603源掩码 : Source Mask :
14604目标 IP 地址 :
Destination IP Address :
14606目标 IP 地址 : Destination IP Address :
14607目标掩码 : Destination Mask :
14608源端口 : %1!d!
Source Port : %1!d!
14609源端口 : 任何
Source Port : ANY
14610目标端口 : %1!d!
Destination Port : %1!d!
14611目标端口 : 任何
Destination Port : ANY
14615解析为 %1!s!
resolves to %1!s!
14617源 IP 地址 :
Source IP Address :
14618源 IP 地址 :
Source IP Address :
14620源 IP 地址 :
Source IP Address :
14621目标 IP 地址 :
Destination IP Address :
14622目标 IP 地址 :
Destination IP Address :
14623目标 IP 地址 :
Destination IP Address :
14624目标 IP 地址 :
Destination IP Address :
14625源端口范围 : %1!d!-%2!d!
Source Port Range : %1!d!-%2!d!
14626目标端口范围 : %1!d!-%2!d!
Destination Port Range : %1!d!-%2!d!
14700协议 : ICMP
Protocol : ICMP
14701协议 : TCP
Protocol : TCP
14703协议 : UDP
Protocol : UDP
14708协议 : RAW
Protocol : RAW
14709协议 : ANY
Protocol : ANY
14710协议 : %1!d!
Protocol : %1!d!
14802主模式安全方法顺序
Main Mode Security Method Order
14803主模式生存时间 : %1!d! 分钟 / %2!d! 快速模式会话
MainMode LifeTime : %1!d! minutes / %2!d! Quick Mode sessions
14804加密 集成 DH 组
Encryption Integrity DH Group
14805---------- --------- -------- ---------- --------- --------
14900
DES

DES
14901
3DES

3DES
14902SHA1 SHA1
14903MD5 MD5
14904低(1) Low(1)
14905中(2) Medium(2)
149062048 2048
15001

源计算机 : 的本地计算机 GPO


Source Machine : Local Computer GPO for
15002

源域 : %1!s!


Source Domain : %1!s!
15003DC 名称 : %1!s!
DC Name : %1!s!
15004GPO 名称 : %1!s!
GPO Name : %1!s!
15005本地 IPsec 策略名称 : %1!s!
Local IPsec Policy Name : %1!s!
15006AD IPsec 策略名称 : %1!s!
AD IPsec Policy Name : %1!s!
15007GPO DN : %1!s!
GPO DN : %1!s!
15008GPO OU 链接 : %1!s!
GPO OU Link : %1!s!
15009AD 策略 DN : %1!s!
AD Policy DN : %1!s!
15010本地 IPsec 策略分配 : 是,但是 AD 策略正在覆盖
Local IPsec Policy Assigned: Yes, but AD Policy is Overriding
15011本地 IPsec 策略 DN : %1!s!
Local IPsec Policy DN : %1!s!
15016本地 IPsec 策略名称 : 无
Local IPsec Policy Name : NONE
15017AD IPsec 策略名称 : 无
AD IPsec Policy Name : NONE
15018IPsec 策略名称 : %1!s!
IPsec Policy Name : %1!s!
15019IPsec 策略 DN : %1!s!
IPsec Policy DN : %1!s!
15020IPsec 策略分配 : 是
IPsec Policy Assigned : YES
15021排除 CA 名称 : 是
Exclude CA name : YES
15022排除 CA 名称 : 否
Exclude CA name : NO
15023启用证书映射 : 是
Certmapping enabled : YES
15024启用证书映射 : 否
Certmapping enabled : NO
16001

策略数目 %1!d!


No. of policies %1!d!
16003存储 本地存储
Store Local Store
16007存储 域存储
Store Domain Store
16010存储 本地存储
Store Local Store
16011存储 域存储
Store Domain Store
16013证书到帐户的映射 是
Cert To Account Mapping YES
16014证书到帐户的映射 否
Cert To Account Mapping NO
16100

策略名称 %1!s!


Policy Name %1!s!
16101

规则名称 %1!s!


Rule Name %1!s!
16303没有指定策略名称
No Policy Name Specified
16304

规则 ID %1!d!, GUID = %2!s!


Rule ID %1!d!, GUID = %2!s!
16306%1!-23s! %1!-23s!
16602策略名称 %1!s!
Policy Name %1!s!
16603描述 %1!s!
Description %1!s!
16604描述 无
Description NONE
16605已分配 是
Assigned YES
16606已分配 否
Assigned NO
16607主 PFS 是
Master PFS YES
16608主 PFS 否
Master PFS NO
16609轮询间隔 %1!d! 分钟
Polling Interval %1!d! minutes
16610

规则数目 %1!d!


No. of Rules %1!d!
16611
规则详细信息

Rule Details
16613已分配 是,但是被 AD 策略覆盖
Assigned YES but AD Policy Overrides
16614

规则名称 规则 上次更改时间 分配


Policy Name Rules LastModified Assign
16615%1!-32s! %1!-32s!
16616YES 但是被 AD 策略覆盖
YES but AD Policy Overrides
16617
YES
16618
NO
16619---------- ----- ------------ ------
---------- ----- ------------ ------
16620策略名称 规则 上次更改时间
Policy Name Rules LastModified
16621----------- ----- ------------
----------- ----- ------------
16700规则名称 : %1!s!
Rule Name %1!s!
16701规则名称 无
Rule Name NONE
16705
已启用 筛选器列表 筛选器操作 身份验证

Enabled FilterList FilterAction Authentication
16706
------- ---------- ------------ --------------

------- ---------- ------------ --------------
16707隧道目标 IP 地址 无
Tunnel Dest IP Address NONE
16708隧道目标 IP 地址 Tunnel Dest IP Address
16709连接类型 所有
Connection Type ALL
16710连接类型 LAN
Connection Type LAN
16711连接类型 拨号
Connection Type DIAL UP
16712连接类型 未知
Connection Type UNKNOWN
16716
筛选器操作详细信息

FilterAction Details
16717--------------------
--------------------
16718已激活 是
Activated YES
16719已激活 否
Activated NO
16721

YES
16722

NO
16724 NONE
16728Kerb Kerb
16729Cert Cert
16730Pre Pre
16734
传输规则数目 %1!d!

No of Transport rule(s) %1!d!
16735

隧道数目 %1!d!


No of Tunnel rule(s) %1!d!
16737
已启用 筛选器列表 筛选器操作 隧道终结点

Enabled FilterList FilterAction TunnelEndPoint
16738
------- ---------- ------------ --------------

------- ---------- ------------ --------------
16739
YES
Windows Vista 和 Windows 的更新版本不支持默认响应规则。该策略无效。

YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
16740已激活 YES
Windows Vista 和 Windows 的更新版本不支持默认响应规则。该策略无效。
Activated YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
16800筛选器操作名称 %1!s!
FilterAction Name %1!s!
16801筛选器操作名称 无
FilterAction Name NONE
16802操作 允许
Action PERMIT
16803操作 阻止
Action BLOCK
16804操作 协商安全
Action NEGOTIATE SECURITY
16805入站通过 是
InBound PassThrough YES
16806入站通过 否
InBound PassThrough NO
16807AllowUnSecure(Fallback) 是
AllowUnSecure(Fallback) YES
16808AllowUnSecure(Fallback) 否
AllowUnSecure(Fallback) NO
16810安全方法
Security Methods
16812AH ESP 秒 千字节
AH ESP Seconds kBytes
16813-- --- ------- ------
-- --- ------- ------
16814QMPFS 是
QMPFS YES
16815QMPFS 否
QMPFS NO
16816筛选器操作名称 操作 上次更改时间
FilterAction Name Action Last Modified
16817----------------- ------ -------------
----------------- ------ -------------
16818%1!-38s! %1!-38s!
16820允许 PERMIT
16821阻止 BLOCK
16822协商 NEGOTIATE
16824%1!-23s!
%1!-23s!
17000[MD5 ] [MD5 ]
17001[SHA1] [SHA1]
17002[无] [NONE]
17003[无 , 无] [NONE , NONE]
17007[MD5 , [MD5 ,
17008[SHA1 , [SHA1 ,
17009[无 , [NONE ,
17010DES ] DES ]
170113DES] 3DES]
17012无] NONE]
17100%1!6u! %2!10u!
%1!6u! %2!10u!
17201根 CA %1!s!
ROOT CA %1!s!
17202预共享密钥 %1!s!
PRESHARED Key %1!s!
17300
筛选器列表名称 %1!s!

FilterList Name %1!s!
17301
筛选器列表名称 无

FilterList Name NONE
17306筛选器列表名称 筛选器 上次更改时间
FilterList Name Filters Last Modified
17307--------------- ------- -------------
--------------- ------- -------------
17308GUID %1!s!
GUID %1!s!
17309上次更改时间 %1!s!
Last Modified %1!s!
17310筛选器数目 %1!d!
No. of Filters %1!d!
17501%1!-45s! %1!-45s!
17508%1!5d! %1!5d!
17512 YES
17513 NO
17514Mir Source SrcMask Destination DstMask Proto SrcPort DstPort
Mir Source SrcMask Destination DstMask Proto SrcPort DstPort
17515--- ------------- ------------- ------------- ------------- ------- ------- -------
--- ------------- ------------- ------------- ------------- ------- ------- -------
17600
17608%1!3d! %1!3d!
17609任何 ANY
17610%1!3d!
%1!3d!
17611任何
ANY
17612DNS SERVER DNS SERVER
17613WINS SERVER WINS SERVER
17614DHCP SERVER DHCP SERVER
17615DEFAULT GATEWAY DEFAULT GATEWAY
17616%1!3d!-%2!3d! %1!3d!-%2!3d!
17617%1!3d!-%2!3d!
%1!3d!-%2!3d!
17700ICMP ICMP
17701TCP TCP
17703UDP UDP
17708RAW RAW
17709ANY ANY
17710OTHER OTHER
17803主模式生存时间 %1!d! 分钟 / %2!d! 快速模式会话
MainMode LifeTime %1!d! minutes / %2!d! Quick mode sessions
17804加密 集成 DH 组
Encryption Integrity DH Group
17805---------- --------- -------- ---------- --------- --------
17900
DES

DES
17901
3DES

3DES
18000

独立筛选器操作


Stand Alone FilterAction(s)
18001---------------------------
---------------------------
18004
独立筛选器操作数目 %1!d!


No. of Standalone FilterActions %1!d!

18100
独立筛选器操作

Stand Alone FilterList(s)
18101-------------------------
-------------------------
18104
独立筛选器列表数目 %1!d!

No. of Standalone FilterLists %1!d!
18200
筛选器列表数目 %1!d!


No. of FilterLists %1!d!

18204
筛选器列表数目 : %1!d!


No. of FilterLists : %1!d!

18300
筛选器操作数目 %1!d!


No. of FilterActions %1!d!

18304
筛选器操作数目 : %1!d!


No. of FilterActions : %1!d!

18500策略 '%1!s!' 是活动的。你仍然想删除它吗? (Y/N)
The policy '%1!s!' is ACTIVE. Still would you like to delete? (Y/N)
18503你想删除所有与此策略相关联的筛选器列表和筛选器操作吗 ? (Y/N)
Would you like to delete all the Filter List(s) and Filter Action(s) associated with the policy ? (Y/N)
18602删除所有筛选器列表,从 Delete all the Filter Lists from
18603? (Y/N)
? (Y/N)
18652删除所有筛选器操作,从 Delete all the Filter Actions from
18706你想删除所有与此规则相关联的筛选器列表和筛选器操作吗 ? (Y/N)
Would you like to delete both the Filter List and Filter Action associated with the rule(s)? (Y/N)
18750你是否确定要删除所有策略,从 Are you sure to delete all policies from
18780

下列策略/规则正在使用它


Following policies/rule(s) are using it
18781---------------------------------------
---------------------------------------
18782规则名称 : %1!s!
Rule Name : %1!s!
18783规则名称 : 无
Rule Name : NONE
18794Life 应该在 %1!d! 到 %2!d! 千字节之间
Life should be within %1!d! and %2!d! kBytes
18802成功创建并更新了新策略
New Policy is created and updated successfully
18805正在用名称 '%1!s!' 创建新策略...
Creating new Policy with name '%1!s!'...
18806正在用名称 '%1!s!' 创建新策略,并且设置它为 '%2!s!'...
Creating new Policy with name '%1!s!' and setting it to '%2!s!'...
18840目标 IP 地址被认为是“本机”地址
Destination IP address has been taken as 'me'
18841源 IP 地址被认为是“本机”地址
Source IP address has been taken as 'me'
18848成功创建并更新新规则
New Rule was created and updated successfully
18849正在创建新规则,名称为 '%1!s!' ...
Creating new Rule with name '%1!s!' ...
18855正在创建名为 '%1!s!' 的新规则,并将它设置为 '%2!s!' ...
Creating new Rule with name '%1!s!' and setting it to '%2!s!' ...
18856不能对隧道终结点指定服务器地址类型、地址类型 ME 或 ANY 或地址范围
Server address types, address types ME or ANY, or address ranges cannot be specified for tunnel endpoint.
18861你想创建一个新策略吗? (Y/N)
Would you like to create a new policy? (Y/N)
18868证书到帐户的映射只能在 Active Directory 域成员上启用。此选项将被忽略。
Certificate-to-account mapping can only be enabled on Active Directory domain members. The option will be ignored.
18869证书到帐户的映射 : 是
Cert To Account Mapping: YES
18870证书到帐户的映射 : 否
Cert To Account Mapping: NO
18871如果存储是域,并且指定了分配,GPO 名称将被忽略
If store is domain and assign is specified, GPO name is required
18872如果指定了 GPO 名称,则你必须在域策略存储上操作。
If GPO name is specified, then you must be operating on a domain policy store.
18893你要创建一个新规则吗? (Y/N)
Would you like to create a new Rule? (Y/N)
19002
IKE MM 策略名称 : %1!s!

IKE MM Policy Name : %1!s!
19018
IKE 软件 SA 生存时间 : %1!u! 秒

IKE Soft SA Lifetime : %1!u! secs
19023[%1!S!] [%1!S!]
19025'Netsh ipsec' 上下文与目标计算机不兼容。
The 'Netsh ipsec' context is not compatible with the target machine.
19102主模式策略不可用。
Mainmode Policies not available.
19104指定的主模式策略不可用。
Specified Mainmode Policy not available
19106
Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM

Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM
19107
---------- --------- ---- ------------------ ---------------

---------- --------- ---- ------------------ ---------------
19121DES DES
19122未知 UNKNOWN
191233DES 3DES
19129%1!-5lu! %2!lu!:%3!lu! %4!-10lu! %1!-5lu! %2!lu!:%3!lu! %4!-10lu!
19130%1!-5lu! %2!lu!:%3!lu! 1 (MMPFS) %1!-5lu! %2!lu!:%3!lu! 1 (MMPFS)
19153快速模式策略不可用。
Quickmode Policies not available.
19155指定的快速模式策略不可用。
Specified Quickmode Policy not available
19156
QM 协商策略名称 : %1!s!

QM Negotiation Policy Name : %1!s!
19158
安全方法 生存时间 (Kb:secs) PFS DH 组

Security Methods Lifetime (Kb:secs) PFS DH Group
19159
------------------------- --------------------- ------------

------------------------- --------------------- ------------
19165AH[MD5] AH[MD5]
19166AH[SHA1] AH[SHA1]
19167AH[NONE] AH[NONE]
19168ESP[ DES, ESP[ DES,
19169ESP[ ERR, ESP[ ERR,
19170ESP[3DES, ESP[3DES,
19171ESP[NONE, ESP[NONE,
19172MD5] MD5]
19173SHA1] SHA1]
19174NONE] NONE]
19176低 (1) Low (1)
19178%1!10lu!:%2!-10lu! %1!10lu!:%2!-10lu!
19179主模式已派生 Main Mode Derived
19180高(2048) High (2048)
19181AH[ERR] AH[ERR]
19182ERR] ERR]
19183ERROR ERROR
19192+ +
19193中 (2) Medium (2)
19198

筛选器名称 : %1!s!


Filter name : %1!s!
19200普通主模式筛选器不可用。
Generic Mainmode Filters not available.
19201特定主模式筛选器不可用。
Specific Mainmode Filters not available.
19202指定的主模式筛选器不可用。
Specified Mainmode Filter not available.
19203
主模式筛选器:

Main Mode Filters:
19204普通 Generic
19205
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
19206特定 Specific
19207出站 Outbound
19208入站 Inbound
19209
权重 : %1!d!

Weight : %1!d!
19210

%1!d! 普通筛选器


%1!d! Generic Filter(s)
19211

%1!d! 特定出站筛选器


%1!d! Specific Outbound Filter(s)
19212

%1!d! 特定入站筛选器


%1!d! Specific Inbound Filter(s)
19219所有 ALL
19220LAN LAN
19221拨号 DIALUP
19236
连接类型 :

Connection Type :
19237
身份验证方法 :

Authentication Methods :
19238
预共享密钥

Preshared key
19240
Kerberos

Kerberos
19241
安全方法 :

Security Methods :
19242%1!d! %1!d!
19243(默认) (default)
19244无/ NONE/
19245DES/ DES/
19246未知/ UNKNOWN/
192473DES/ 3DES/
19249MD5/ MD5/
19250SHA1/ SHA1/
19251DH%1!lu!/%2!lu!/QMlimit=%3!lu! DH%1!lu!/%2!lu!/QMlimit=%3!lu!
19265普通快速模式筛选器不可用。
Generic Quickmode Filters not available.
19266特定快速模式筛选器不可用。
Specific Quickmode Filters not available.
19267指定的快速模式筛选器不可用。
Specified Quickmode Filter not available.
19268
快速模式筛选器(传输):

Quick Mode Filters(Transport):
19269
传输规则

Transport Rules
19270
隧道规则

Tunnel Rules
19271
MM 筛选器名称 : %1!s!

MM Filter Name : %1!s!
19272
QM 筛选器名称 : %1!s!

QM Filter Name : %1!s!
19273
主模式策略 : %1!s!

Main Mode Policy : %1!s!
19274

%1!d! 传输筛选器


%1!d! Transport Filter(s)
19275

%1!d! 隧道筛选器


%1!d! Tunnel Filter(s)
19276

快速模式筛选器(隧道):


Quick Mode Filters(Tunnel):
19278规则不可用。
Rules not available.
19280
入站操作 : 通过

Inbound Action : Passthru
19281
入站操作 : 协商

Inbound Action : Negotiate
19282
入站操作 : 阻止

Inbound Action : Blocking
19283
入站操作 : 未知

Inbound Action : Unknown
19284
出站操作 : 通过

Outbound Action : Passthru
19285
出站操作 : 协商

Outbound Action : Negotiate
19286
出站操作 : 阻止

Outbound Action : Blocking
19287
出站操作 : 未知

Outbound Action : Unknown
19292%1!-5lu! %1!-5lu!
19293
隧道源 :

Tunnel Source :
19294
隧道目标 :

Tunnel Destination :
19295源端口: %1!-4lu! 目标端口: %2!-4lu! Src Port: %1!-4lu! Dest Port: %2!-4lu!
19296
已镜像 : 是

Mirrored : yes
19297
已镜像 : 否

Mirrored : no
19298
快速模式策略 : %1!s!

Quick Mode Policy : %1!s!
19299
协议 :

Protocol :
19300
IKE 统计

IKE Statistics
19301
--------

--------------
19302
IKEStatistics 不可用。

IKEStatistics not available.
19303
主模式 : %1!S!

Main Modes : %1!S!
19304
快速模式 : %1!S!

Quick Modes : %1!S!
19305
软 SA : %1!S!

Soft SAs : %1!S!
19306
身份验证失败 : %1!S!

Authentication Failures : %1!S!
19307
活动捕获 : %1!S!

Active Acquire : %1!S!
19308
活动接收 : %1!S!

Active Receive : %1!S!
19309
捕获失败 : %1!S!

Acquire fail : %1!S!
19310
接收失败 : %1!S!

Receive fail : %1!S!
19311
发送失败 : %1!S!

Send fail : %1!S!
19312
捕获堆大小 : %1!S!

Acquire Heap size : %1!S!
19313
接收堆大小 : %1!S!

Receive Heap size : %1!S!
19314
协商失败 : %1!S!

Negotiation Failures : %1!S!
19315
接收到无效的 Cookie : %1!S!

Invalid Cookies Rcvd : %1!S!
19316
总共捕获 : %1!S!

Total Acquire : %1!S!
19317
TotalGetSpi : %1!S!

TotalGetSpi : %1!S!
19318
TotalKeyAdd : %1!S!

TotalKeyAdd : %1!S!
19319
TotalKeyUpdate : %1!S!

TotalKeyUpdate : %1!S!
19320
GetSpiFail : %1!S!

GetSpiFail : %1!S!
19321
KeyAddFail : %1!S!

KeyAddFail : %1!S!
19322
KeyUpdateFail : %1!S!

KeyUpdateFail : %1!S!
19323
IsadbListSize : %1!S!

IsadbListSize : %1!S!
19324
ConnListSize : %1!S!

ConnListSize : %1!S!
19325
接收到无效数据包 : %1!S!

Invalid Packets Rcvd : %1!S!
19326

IPsec 统计


IPsec Statistics
19327
----------------

----------------
19328
IPsecStatistics 不可用。

IPsecStatistics not available.
19329
活动关联 : %1!S!

Active Assoc : %1!S!
19330
卸载 SA : %1!S!

Offload SAs : %1!S!
19331
挂起的密钥 : %1!S!

Pending Key : %1!S!
19332
密钥添加 : %1!S!

Key Adds : %1!S!
19333
密钥删除 : %1!S!

Key Deletes : %1!S!
19334
重新生成密钥 : %1!S!

ReKeys : %1!S!
19335
活动隧道 : %1!S!

Active Tunnels : %1!S!
19336
错误的 SPI 数据包 : %1!S!

Bad SPI Pkts : %1!S!
19337
没有解密的数据包 : %1!S!

Pkts not Decrypted : %1!S!
19338
未验证的数据包 : %1!S!

Pkts not Authenticated : %1!S!
19339
有重放检测的数据包 : %1!S!

Pkts with Replay Detection : %1!S!
19340
发送的机密字节 : %1!S!

Confidential Bytes Sent : %1!S!
19341
接收的机密字节 : %1!S!

Confidential Bytes Received : %1!S!
19342
发送的经过验证的字节 : %1!S!

Authenticated Bytes Sent : %1!S!
19343
接收的经过验证的字节 : %1!S!

Authenticated Bytes Received: %1!S!
19344
发送的传输字节 : %1!S!

Transport Bytes Sent : %1!S!
19345
接收的传输字节 : %1!S!

Transport Bytes Received : %1!S!
19346
发送的卸载字节 : %1!S!

Offloaded Bytes Sent : %1!S!
19347
接收的卸载字节 : %1!S!

Offloaded Bytes Received : %1!S!
19348
在隧道中发送的字节 : %1!S!

Bytes Sent In Tunnels : %1!S!
19349
在隧道中接收的字节 : %1!S!

Bytes Received In Tunnels : %1!S!
19350
Cookie 对 :

Cookie Pair :
19351%1!02x! %1!02x!
19352
安全方法 :

Sec Methods :
19359/%1!d!/%2!d! /%1!d!/%2!d!
19360
身份验证方法 :

Auth Mode :
19361预共享密钥 Preshared Key
19362DSS 签名 DSS Signature
19363RSA 签名 RSA Signature
19364RSA 加密 RSA Encryption
19365Kerberos Kerberos
19366
源 :

Source :
19367,端口 %1!d! , port %1!d!
19368
ID :

ID :
19369
ID : %1!s!

ID : %1!s!
19370
目标 :

Destination :
19371
目标 安全方法

Destination SecurityMethods
19372
时间/日期已创建

Date/Time Created
19373
-------------------------------------------------------- ----------------------

-------------------------------------------------------- ----------------------
19374[ID:%1!-35s!] [ID:%1!-35s!]
19375
DNS: %1!-51S!

DNS: %1!-51S!
19377
发证 CA :%1!s!

Issuing CA :%1!s!
19378
指纹 :

Thumbprint :
19380: :
19381/ /
1938219383
根 CA : %1!s!
19383
Root CA : %1!s!
19384%S %S
19385( (
19386)
)
19387根 CA : %1!s! Root CA : %1!s!
19397IPsec 主模式安全关联不可用。
IPsec MainMode Security Associations not available.
19398
IKE 主模式 SA 在 %1!s!

IKE Main Mode SAs at %1!s!
19400指定的主模式安全关联不可用。
Specified MainMode Security Associations not available.
19401

快速模式 SA


Quick Mode SAs
19402
------------

--------------
19403IPsec 快速模式安全关联不可用。
IPsec QuickMode Security Associations not available.
19404指定的快速模式安全关联不可用。
Specified QuickMode Security Associations not available.
19410
传输筛选器

Transport Filter
19411
隧道筛选器

Tunnel Filter
19412
未知

Unknown
19413
策略名称 : %1!s!

Policy Name : %1!s!
19414
源地址 :

Source Address :
19415
目标地址 :

Destination Address :
19416
协议 : %1!lu!

Protocol : %1!lu!
19417
源端口 : %1!u!

Source Port : %1!u!
19418
目标端口 : %1!u!

Destination Port : %1!u!
19419
方向 : 入站

Direction : Inbound
19420
方向 : 出站

Direction : Outbound
19421
方向 : 错误

Direction : Error
19422

使用的提供


Offer Used
19423
协议 : ICMP

Protocol : ICMP
19424
协议 : TCP

Protocol : TCP
19425
协议 : UDP

Protocol : UDP
19426
协议 : RAW

Protocol : RAW
19427
AH(b/r) ESP Con(b/r) ESP Int PFS DH Group

AH(b/r) ESP Con(b/r) ESP Int PFS DH Group
19428
---------- ------------- ------- ------------

---------- ------------- ------- ------------
19429
封装类型 : IKE

Encapsulation Type : IKE
19430
封装类型 : 其他

Encapsulation Type : Other
19431
源 UDP 封装端口 : %1!u!

Source UDP Encap port : %1!u!
19432
目标 UDP 封装端口 : %1!u!

Dest UDP Encap port : %1!u!
19433
对等端私有地址 :

Peer Private Addr :
19434
协议 : 任何

Protocol : ANY
19441) )
19446
IPsec 配置参数

IPsec Configuration Parameters
19447------------------------------
------------------------------
19448IPsecDiagnostics : %1!d![Windows Vista 和更新操作系统无效]
IPsecDiagnostics : %1!d![Not valid for Windows Vista and later operating systems]
19449IKElogging : %1!d! [Windows Vista 和更新操作系统无效]
IKElogging : %1!d! [Not valid for Windows Vista and later operating systems]
19450StrongCRLCheck : %1!d!
StrongCRLCheck : %1!d!
19451IPsecloginterval : %1!d![Windows Vista 和更新操作系统无效]
IPsecloginterval : %1!d![Not valid for Windows Vista and later operating systems]
19452NLBSFlags : %1!d![Windows Vista 和更新操作系统无效]
NLBSFlags : %1!d![Not valid for Windows Vista and later operating systems]
19453标志 : %1!d![Windows Vista 和更新操作系统无效]
Flags : %1!d![Not valid for Windows Vista and later operating systems]
19454IPsecexempt : %1!d!
IPsecexempt : %1!d!
194552048DHGroupId : %1!d![Windows Vista 和更新操作系统无效]
2048DHGroupId : %1!d![Not valid for Windows Vista and later operating systems]
19456IPsec 诊断级别超出范围。范围是 0 到 7。
IPsec Diagnostic Level is out of range. Range is 0 - 7.
19457IKE 日志超出范围。范围是 0 到 1。
IKE Logging is out of range. Range is 0 - 1.
19458强 CRL 检查等级超出范围。范围是 0 到 2。
Strong CRL Check Level is out of range. Range is 0 - 2.
19459IPsec 日志间隔超出范围。范围是 60 到 86400。
IPsec Log Interval is out of range. Range is 60 - 86400.
19460IPsec 免除等级超出范围。范围是 0 到 3。
IPsec Exemption Level is out of range. Range is 0 - 3.
19461(一些 IPsec 配置参数没有设置)。
(Some of the IPsec Configuration parameters are not set).
19462引导模式 : Boot Mode :
19463Stateful Stateful
19465许可 Permit
19476没有引导模式免除
No bootmode exemptions
19477引导模式免除 : Boot Mode Exemptions :
19478协议 源端口 目标端口 方向
Protocol Src Port Dst Port Direction
19479--------- --------- --------- ---------
--------- --------- --------- ---------
19480最大允许 1024 个免除。
A maximum of 1024 exemptions are allowed.
19800MD5(%1!02lu!/%2!-02lu!) 无 无 MD5(%1!02lu!/%2!-02lu!) None None
19801SHA1(%1!02lu!/%2!-02lu!) 无 无 SHA1(%1!02lu!/%2!-02lu!) None None
19802无 无 无 None None None
19803无 DES (%1!02lu!/%2!-02lu!) None DES (%1!02lu!/%2!-02lu!)
19804无 未知 None Unknown
19805无 3DES(%1!02lu!/%2!-02lu!) None 3DES(%1!02lu!/%2!-02lu!)
19806无 无 None None
19811certmap certmap
19812excludecaname excludecaname
22001ERR Win32[%1!05d!] : %2!s! ERR Win32[%1!05d!] : %2!s!
22002ERR IPsec[%1!05d!] : ERR IPsec[%1!05d!] :
22004ERR Win32[%1!05d!] : 无效的 Win32 错误代码
ERR Win32[%1!05d!] : Invalid Win32 Err Code
22010一个或多个基本参数没有指定
One or more essential parameters not specified
22011参数不匹配。请查阅帮助以了解正确语法
Arguments are not matching. Check help for the correct syntax
22012在策略存储中没有策略
No Policies in Policy Store
22013不能打开策略存储
Unable to open Policy Store
22014在策略存储中没有筛选器操作
No Filter Actions in Policy Store
22015在策略存储中没有筛选器列表
No Filter Lists in Policy Store
22016名为 %1!s! 的策略存在于策略存储中
Policy with name %1!s! not exists in Policy Store
22017内部错误,无效的 Switch Case。
Internal Error, Invalid Switch Case.
22018参数对变量 '%1!s!' 无效
Invalid Parameter for the Argument '%1!s!'
22019指定的 IP 地址无效
IP Address specified is invalid
22020对给定的 DNS 名称 '%1!s!',DNS 搜索失败
DNS lookup failed for the given dns name '%1!s!'
22021'%1!s!' 对此上下文来说不是有效的标记
'%1!s!' not a valid tag for this context
22022'%1!s!' 标记已经存在
'%1!s!' tag already present
22023没有参数 'assign = y/n' 时不能指定 GPOname
GPOname cannot be specified without argument 'assign = y/n'
22024给定命令需要标记 'Name' 或 'GUID'
Tag 'Name' or 'GUID' needed for the given command
22025需要 '%1!s!' 标记
'%1!s!' tag is needed
22026'%1!s!' 对标记 '%2!s!' 来说不是有效的参数
'%1!s!' is not a valid argument for the tag '%2!s!'
22027前缀应该在 1 到 32 之间
Prefix should be between 1 and 32 only
22028'%1!s!' 不是一个有效的掩码/前缀
'%1!s!' is not a valid Mask/Prefix
22029提供的参数为空
The argument supplied is null
22030指定的 'Seconds' 生存时间超过了限制。它应该在 '%1!d!' 到 '%2!d!' 之间
The 'Seconds' LifeTime specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
22031指定的 'Kbytes' 超过了限制。它应该在 '%1!d!' 到 '%2!d!' 之间
The 'Kbytes' specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
22032重新生成密钥单位(k/s)无效
The Rekey Unit (k/s) is invalid
22033指定了无效的哈希算法
Invalid HASH algorithm specified
22034指定了不完整的 ESP
Incomplete ESP specified
22035为 '%1!s!' 指定了重复的算法
Duplicate Algo's specified for '%1!s!'
22036不允许 None 和 None
None and None not allowed
22037指定了无效的 IPsec 协议。它应该为 ESP 或 AH
Invalid IPsec protocol specified. It should be ESP or AH only
22038超过了最大数目的 OFFERS[%1!d!]
Max Number of OFFERS[%1!d!] is crossed
22039无效 QM_OFFERS。不允许 Encryption+Encryption 或 Authentication+Authentication
Invalid QM_OFFERS. Encryption+Encryption or Authentication+Authentication are not allowed
22040对 QMOffers 指定了无效的生存时间或数据。
Invalid Lifetime or Data specification for QMOffers.
22041为 MMOFFER 指定了无效的 PFS 组
Invalid PFS Group specified for MMOFFER
22042缺少 P1 组
P1 Group missing
22043指定了无效的 MMOFFER
Invalid MMOFFER is specified
22044文件名应该只包含 .ipsec扩展
File name should contain .ipsec extension only
22045不允许 '%1!s!' 和 ALL
'%1!s!' and ALL not allowed
22046没有指定预共享密钥
Preshared key not specified
22047指定了无效身份验证方法
Invalid Authmethod is specified
22048指定了无效证书
Invalid Certificate specified
22049指定了多个 '%1!s!' 参数。只允许一个。
Multiple '%1!s!' parameters are specified. Only one is allowed.
22050指定的端口无效。
The Port specified is invalid.
22051参数太多,被截断
No of arguments are more,truncated
22052指定了无效的 QMOFFER
Invalid QMOFFER specified
22053指定了无效的隧道 IP
Invalid Tunnel IP specified
22054没有源和目标地址,不能指定协议
Protocol can't be specified without source and destination addresses
22055指定的子网掩码无效
Subnet mask specified is invalid
22056没有标签的参数只能是计算机或域
Non-tagged arg can only be machine or domain
22057ERR WIN32[00014] : 没有足够的内存来完成此操作。
ERR WIN32[00014] : There is not enough memory to complete this operation.
22058指定的端口无效。它应该小于 '%1!d!'
The Port specified is invalid. It should be in less than '%1!d!' only
22100缺少策略名称
Missing Policy Name
22101轮询间隔应该在 %1!d! 到 %2!d! 分钟之间
Polling Interval should be within %1!d! and %2!d! minutes
22102快速模式限制应该在 %1!d! 到 %2!d! 个会话之间
Quickmode limit should be within %1!d! and %2!d! sessions
22103生存时间应该在 %1!d! 到 %2!d! 分钟之间
Lifetime should be within %1!d! and %2!d! minutes
22111名为 '%1!s!' 的策略已经存在
Policy with name '%1!s!' already exists
22112添加默认响应规则时发生错误
Error while adding Default Response Rule
22113用名称 '%1!s!' 创建策略失败
Error while creating Policy with name '%1!s!'
22114由于加载默认身份验证方法失败,在用名称 '%1!s!' 创建策略时发生错误
Error while creating policy with name '%1!s!' due to failure in loading default auth methods
22121缺少 FilterList 名称
Missing FilterList Name
22122名为 '%1!s!' 的 FilterList 已经存在
FilterList with name '%1!s!' already exists
22123用名称 '%1!s!' 创建 FilterList 失败
Error while creating FilterList with name '%1!s!'
22124指定了无效的 GUID
Invalid GUID specified
22131创建指定的筛选器失败
Error while creating the specified Filter
22141名为 '%1!s!' 的 FilterAction 已经存在
FilterAction with name '%1!s!' already exists
22142用名称 '%1!s!' 创建 FilterAction 失败
Error while creating FilterAction with name '%1!s!'
22143对于 Permit 或 Block 类型的 FilterAction,Inpass、 Qmpfs、Soft 和 Qmsec 选项无效。需要指定 'action = negotiate'
Inpass, Qmpfs, Soft and Qmsec options are not valid for the Permit or Block type FilterAction. 'action = negotiate' needs to be specified
22144至少需要指定一个快速模式安全方法
Atleast One Quick mode Security method needs to be specified
22151缺少规则名称
Missing Rule Name
22152缺少 FilterAction 名称
Missing FilterAction Name
22153名为 '%1!s!' 的策略不存在
Policy with name '%1!s!' does not exist
22154名为 '%1!s!' 的规则已经在策略 '%2!s!' 中存在
Rule with name '%1!s!' already exists in policy '%2!s!'
22155名为 '%1!s!' 的 FilterAction 不存在
FilterAction with name '%1!s!' does not exist
22156在 FilterList 中没有名为 '%1!s!' 的筛选器
No Filters in FilterList with name '%1!s!'
22157在用名称 '%1!s!' 创建规则时出现错误
Error while creating Rule with name '%1!s!'
22158缺少规则名称或规则 ID
Missing Rule Name or Rule ID
22159GUID 为 %1!s! 的策略不存在
Policy with GUID %1!s! does not exist
22160GUID 为 %1!s! 的 FilterAction 不存在
FilterAction with GUID %1!s! does not exist
22161由于加载默认身份验证方法失败,在用名称 '%1!s!' 创建规则时出现错误
Error while creating Rule with name '%1!s!' due to failure in loading default auth methods
22165证书解码操作失败
Certificate decoding operation failed
22166名为 '%1!s!' 的策略在当前计算机的域中不存在
Policy with name '%1!s!' does not exist in current machine's domain
22167指定了无效的隧道 IP 地址
Invalid Tunnel IP Address Specified
22168名为 '%1!s!' 的 FilterList 不存在
FilterList with name '%1!s!' does not exist
22169源和目标端都不能指定服务器
Servers cannot be specified for both source and destination sides
22170GUID 为 %1!s! 的 FilterList 不存在
FilterList with GUID %1!s! does not exist
22171没有可用的目录服务
No Directory Service available
22172名为 '%1!s!' 的 GPO 在当前计算机的域中不存在
GPO with name '%1!s!' does not exist in current machine's domain
22173在将策略分配给名为 '%1!s!' 的 GPO 时出现错误,或指定的 GPO 不存在
Error while assigning the Policy to the GPO with name '%1!s!' or specified GPO does not exist
22174更新名为 '%1!s!' 的策略时出现错误
Error while updating the Policy with name '%1!s!'
22175更新 GUID 为 %1!s! 的策略时出现错误
Error while updating the Policy with GUID %1!s!
22176在从名为 '%1!s!' 的 GPO 中取消分配的策略时失败,或指定的 GPO 不存在
Error while unassigning the Policy from the GPO with name '%1!s!' or specified GPO does not exist
22181更新名为 '%1!s!' 的 FilterList 时出现错误
Error while updating FilterList with name '%1!s!'
22182更新 GUID 为 %1!s! 的 FilterList 失败
Error while updating FilterList with GUID %1!s!
22191更新名为 '%1!s!' 的 FilterAction 失败
Error while updating FilterAction with name '%1!s!'
22192更新 GUID 为 %1!s! 的 FilterAction 失败
Error while updating FilterAction with GUID %1!s!
22201名为 '%1!s!' 的规则在策略 '%2!s!' 中不存在
Rule with name '%1!s!' does not exist in Policy '%2!s!'
22202在更新名为 '%1!s!' 的规则时出现错误
Error while updating rule with name '%1!s!'
22203不能用此命令更新默认规则。请使用 'set defaultrule' 命令
Default rule cannot be updated with this command. Use the 'set defaultrule' command
22204ID 为 %1!d! 的规则在策略 '%2!s!' 中不存在
Rule with ID %1!d! does not exist in Policy '%2!s!'
22205指定了无效规则 ID
Invalid Rule ID Specified
22211在更新名为 '%1!s!' 的策略的默认规则时出现错误
Error while updating Default Rule of Policy with name '%1!s!'
22221没有指定文件名
No file name specified
22222无效文件/路径名称
Invalid File / Path name
22223导入策略时出现错误
Error while importing policies
22231导出策略时出现错误
Error while exporting policies
22235还原默认策略时出现错误
Error while restoring default policies
22236此命令只对本地存储可用
This command is only available for the local store
22237无效域名。名为 '%1!s!' 的域不存在
Invalid Domain Name. Domain with name '%1!s!' does not exist
22238你的计算机不是域的成员
Your machine is not a member of domain
22241删除名为 '%1!s!' 的策略出现错误
Error while deleting Policy with name '%1!s!'
22242没有名为 '%1!s!' 的策略
No Policy with name '%1!s!'
22251不能删除名为 '%1!s!' 的 FilterList FilterList with name '%1!s!' cannot be deleted
22252删除名为 '%1!s!' 的 FilterList 出现错误 Error while deleting FilterList with name '%1!s!'
22255没有名为 '%1!s!' 的 FilterList
No FilterList with name '%1!s!'
22256指定的筛选器在名为 '%1!s!' 的 FilterList 中不存在
Filter with the specified spec does not exist in FilterList with name '%1!s!'
22261删除指定的筛选器后,在更新名为 '%1!s!' 的 FilterList 时出现错误
Error while updating FilterList with name '%1!s!' after deletion of the specified filter
22265不能删除名为 '%1!s!' 的 FilterAction FilterAction with name '%1!s!' cannot be deleted
22266在删除名为 '%1!s!' 的 FilterAction 时发生错误 Error while deleting FilterAction with name '%1!s!'
22267没有名为 '%1!s!' 的 FilterAction
No FilterAction with name '%1!s!'
22271在删除名为 '%1!s!' 的规则时发生错误
Error while deleting Rule with name '%1!s!'
22272在删除 ID 为 %1!d! 的规则时发生错误
Error while deleting Rule with ID %1!d!
22273不能删除默认响应规则
Default Response Rule cannot be deleted
22274没有名为 '%1!s!' 的规则
No Rule with name '%1!s!'
22275没有 ID 为 %1!d! 的规则
No Rule with ID %1!d!
22281在提取名为 '%1!s!' 的策略的 NegPol 信息时出现错误
Error while extracting NegPol info of Policy with name '%1!s!'
22282在提取名为 '%1!s!' 的策略的筛选器信息时出现错误
Error while extracting Filter info of Policy with name '%1!s!'
22283在提取名为 '%1!s!' 的策略的 ISAKMP 信息时出现错误
Error while extracting ISAKMP info of Policy with name '%1!s!'
22290没有当前已分配的策略
No currently assigned Policy
22295在策略存储中没有已存在的 FilterList
No FilterList exists in Policy Store
22296在策略存储中没有已存在的 FilterAction
No FilterAction exists in Policy Store
22297无效的 GPO 名称,或没有当前已指定的策略
Either invalid GPO name or no currently assigned policy
22298在使用域存储时必须指定名称
A name must be specified when using the domain store
22299指定了无效的源 IP 地址
Invalid Source IP Address specified
22300指定了无效的源 IP/掩码
Invalid Source IP/Mask specified
22301地址冲突。源和目标不能有相同的 IP/DNS
Address Conflict. Source and Destination cannot have same IP/DNS
22302指定了无效的服务器
Invalid server specified
22303需要指定服务器
Server needs to be specified
22304指定了无效的目标 IP 地址
Invalid destination IP Address specified
22305指定了无效的目标掩码
Invalid destination mask specified
22306Newname 无效。名为 '%1!s!' 的策略已经存在
Invalid Newname. Policy with name '%1!s!' already exists
22307Newname 无效。名为 '%1!s!' 的规则已经存在
Invalid Newname. Rule with name '%1!s!' already exists
22308Newname 无效。名为 '%1!s!' 的 Filterlist 已经存在
Invalid Newname. Filterlist with name '%1!s!' already exists
22309Newname 无效。名为 '%1!s!' 的 Filteraction 已经存在
Invalid Newname. Filteraction with name '%1!s!' already exists
22310如果指定了类型,则需要指定 'all'
If a type is specified, 'all' needs to be specified
22311在此操作过程中发生了内部错误
Internal error occurred during this operation
22312在策略 '%1!s!' 中不存在隧道类型规则
No Tunnel type rules exist in policy '%1!s!'
22313不能通过此命令更新默认 Filteraction。请使用 'Set DefaultRule' 命令。
Updating default Filteraction is not allowed through this command. Use 'Set DefaultRule' command.
22314名为 '%1!s!' 的策略有 READONLY 属性。更新被拒绝
Policy with name '%1!s!' has READONLY attribute. Updation denied
22315指定规则有 READONLY 属性。更新被拒绝
Specified Rule has READONLY attribute. Updation denied
22316名为 '%1!s!' 的 Filteraction 有 READONLY 属性。更新被拒绝
Filteraction with name '%1!s!' has READONLY attribute. Updation denied
22317名为 '%1!s!' 的 FilterList 有 READONLY 属性。更新被拒绝
FilterList with name '%1!s!' has READONLY attribute. Updation denied
22318名为 '%1!s!' 的策略有 READONLY 属性。删除被拒绝
Policy with name '%1!s!' has READONLY attribute. Deletion denied
22319名为 '%1!s!' 的规则有 READONLY 属性。删除被拒绝
Rule with name '%1!s!' has READONLY attribute. Deletion denied
22320名为 '%1!s!' 的 Filteraction 有 READONLY 属性。删除被拒绝
Filteraction with name '%1!s!' has READONLY attribute. Deletion denied
22321名为 '%1!s!' 的 FilterList 有 READONLY 属性。删除被拒绝
FilterList with name '%1!s!' has READONLY attribute. Deletion denied
22322在使用本地存储时不能指定名称
No name can be specified when using the local store
22323Windows Vista 和 Windows 的更新版本不支持默认响应规则。
Default response rule is not supported on Windows Vista and later versions of Windows.
23001当 ActionInbound 或 ActionOutbound 指定为 NEGOTIATE 时,需要 QMPolicy。
QMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE.
23002
端口号对 TCP 或 UDP 协议有效,将继续而不使用 PortNumber。

Port number valid for TCP or UDP protocols, continuing without PortNumber.
23003指定的 QMPolicy 不存在。
Specified QMPolicy does not exist.
23004指定的 MainMode 策略不存在。
Specified MainMode Policy does not exist.
23006ActionInbound 或 ActionOutbound 都不指定为 NEGOTIATE 时无法具有 IPsec 策略。
Cannot have IPsec policy when neither ActionInbound or ActionOutbound are specified as NEGOTIATE.
23007Mirror = Yes 对隧道规则是无效的。
Mirror = Yes is not valid for Tunnel Rule.
23011指定的 MainMode 筛选器不存在。
Specified MainMode Filter does not exist.
23012指定的传输筛选器不存在。
Specified Transport Filter does not exist.
23013指定的隧道筛选器不存在。
Specified Tunnel Filter does not exist.
23014MainMode 策略不可用。
MainMode Policies are not available.
23015QuickMode 策略不可用。
QuickMode Policies are not available.
23021给定名称的 MainMode 策略已经存在。
MainMode Policy with the given name already exists.
23031给定名称的 QuickMode 策略已经存在。
QuickMode Policy with the given name already exists.
23061MainMode 筛选器不存在。
MainMode Filters do not exist.
23062指定的 MainMode 筛选器不存在,并且找不到策略。
Specified MainMode Filter does not exist and Policy is not found.
23063指定的 MainMode 策略不存在,或没有与指定的 MainMode 筛选器相关联。
Specified MainMode Policy either does not exist or not associated with specified MainMode Filter.
23071QuickMode 筛选器不存在。
QuickMode Filters do not exist.
23072指定的 QuickMode 筛选器不存在,并且找不到策略。
Specified QuickMode Filter does not exist and Policy is not found.
23073指定的 QuickMode 策略不存在,或没有与 QuickMode 筛选器相关联。
Specified QuickMode Policy either does not exist or is not associated with QuickMode Filter.
23074指定的 QuickMode 筛选器不存在。
Specified QuickMode Filter does not exist.
23075正在使用的身份验证方法。
Authentication method(s) being used.
23076不能删除 %1!d! MMFilter 对象。
%1!d! MMFilter object(s) could not be deleted.
23077不能删除 %1!d! 传输筛选器对象。
%1!d! Transport Filter object(s) could not be deleted.
23078不能删除 %1!d! 隧道筛选器对象。
%1!d! Tunnel Filter object(s) could not be deleted.
23081IPsec 策略代理服务没有在运行。
The IPsec Policy Agent service is not active.
23082
策略代理服务成功启动。

Policy Agent service successfully started.
23090
来自分析器的错误字符串,应该是 IPSEC,IKE 或 ALL。

Wrong token from Parser, Should be either IPSEC, IKE or ALL.
23091
从分析器接收到无效的 AddressType。

Invalid AddressType received from Parser.
23092源和目标都不能是服务器。
Source and Destination both cannot be Servers.
23093隧道源和隧道目标都不能是服务器。
Tunnel Source and Tunnel Destination both cannot be Servers.

EXIF

File Name:nshipsec.dll.mui
Directory:%WINDIR%\WinSxS\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.15063.0_zh-cn_bb29800a1c0ff4cd\
File Size:130 kB
File Permissions:rw-rw-rw-
File Type:Win32 DLL
File Type Extension:dll
MIME Type:application/octet-stream
Machine Type:Intel 386 or later, and compatibles
Time Stamp:0000:00:00 00:00:00
PE Type:PE32
Linker Version:14.10
Code Size:0
Initialized Data Size:133120
Uninitialized Data Size:0
Entry Point:0x0000
OS Version:10.0
Image Version:10.0
Subsystem Version:6.0
Subsystem:Windows GUI
File Version Number:10.0.15063.0
Product Version Number:10.0.15063.0
File Flags Mask:0x003f
File Flags:(none)
File OS:Windows NT 32-bit
Object File Type:Dynamic link library
File Subtype:0
Language Code:Chinese (Simplified)
Character Set:Unicode
Company Name:Microsoft Corporation
File Description:Net Shell IP 安全帮助程序 DLL
File Version:10.0.15063.0 (WinBuild.160101.0800)
Internal Name:nshipsec.dll
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original File Name:nshipsec.dll.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Directory:%WINDIR%\WinSxS\x86_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.15063.0_zh-cn_5f0ae48663b28397\

What is nshipsec.dll.mui?

nshipsec.dll.mui is Multilingual User Interface resource file that contain Chinese (Simplified) language for file nshipsec.dll (Net Shell IP 安全帮助程序 DLL).

File version info

File Description:Net Shell IP 安全帮助程序 DLL
File Version:10.0.15063.0 (WinBuild.160101.0800)
Company Name:Microsoft Corporation
Internal Name:nshipsec.dll
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original Filename:nshipsec.dll.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Translation:0x804, 1200