nshipsec.dll.mui 網路殼層 IP 安全性協助程式 DLL d7c695c4c7d2d3d4db718b78476ea715

File info

File name: nshipsec.dll.mui
Size: 131584 byte
MD5: d7c695c4c7d2d3d4db718b78476ea715
SHA1: 16d7a571e8de51c22b408f97a55143584509eb52
SHA256: f911dd1d99cc64c950e1939ac7d54e2b864d5793dc36367df95872ddbf9f65ac
Operating systems: Windows 10
Extension: MUI

Translations messages and strings

If an error occurred or the following message in Chinese (Traditional) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id Chinese (Traditional) English
11110從原則存放區匯出所有規則。
Exports all the policies from the policy store.
11111將原則從檔案匯入到原則存放區。
Imports the policies from a file to the policy store.
11112還原預設範例規則。
Restores the default example policies.
11150
使用方式:
exportpolicy [ file = ]

將所有原則匯出到檔案。

參數:

標記 值
name -要做為原則匯出目的地之檔案的名稱。

備註: 在預設情況下會新增 .ipsec 副檔名到檔案名稱。

範例: exportpolicy Policy1


Usage:
exportpolicy [ file = ]

Exports all the policies to a file.

Parameters:

Tag Value
name -Name of the file into which the policies are exported.

Remarks: .ipsec extension is by default added to the filename.

Examples: exportpolicy Policy1

11151
使用方式:
importpolicy [ file = ]

從指定檔案匯入原則。

參數:

標記 值
name -匯入原則的檔案名稱。

備註:

範例: importpolicy Policy1.ipsec


Usage:
importpolicy [ file = ]

Imports policies from the specified file.

Parameters:

Tag Value
name -Name of the file from which the policies are imported.

Remarks:

Examples: importpolicy Policy1.ipsec

11152
使用方式:
restorepolicyexamples [release = ] (win2k | win2003)

還原預設原則。

參數:

標記 值
release -OS 發行類型,預設原則範例。

備註: 這個命令只能套用在本機電腦原則存放區上。

範例: 1. restorepolicyexamples release=win2003
2. restorepolicyexamples release=win2k


Usage:
restorepolicyexamples [release = ] (win2k | win2003)

Restores the default policies.

Parameters:

Tag Value
release -OS release type, for default policies examples.

Remarks: This command is only valid for the local computer policy store.

Examples: 1. restorepolicyexamples release=win2003
2. restorepolicyexamples release=win2k

11200建立原則和相關資訊。
Creates new policies and related information.
11210建立有預設回應規則的原則。
Creates a policy with a default response rule.
11211建立清空的篩選器清單。
Creates an empty filter list.
11212建立篩選器動作。
Creates a filter action.
11213為指定的原則建立規則。
Creates a rule for the specified policy.
11214新增篩選器到篩選器清單。
Adds a filter to filter list.
11250
使用方式:
policy [ name = ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] (yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

使用指定的名稱建立原則。

參數:

標記 值
name -原則的名稱。
description -原則的簡短資訊。
mmpfs -設定主圖形完整轉送密碼的選項。
qmpermm -每一個 IKE 主要模式工作階段中的快速模式工作階段數。
mmlifetime -IKE 主要模式的重新輸入時間 (以分鐘計)。
activatedefaultrule -啟用或停用預設的回應規則。只有在 Windows Vista 之前的
Windows 版本才有效。
pollinginterval -原則代理的輪詢間隔 (以分鐘計),每隔指定的時間會檢查
原則存放區的變更。
assign -將原則指派為使用或不使用。
mmsecmethods -以 ConfAlg-HashAlg-GroupNum 格式列出一個或多個
以空格分隔的安全方式清單,其中 ConfAlg 可以是 DES 或
3DES,而 HashAlg 可以是 MD5 或 SHA1。
GroupNum 可以是 1 (Low)、2 (Med)、3 (DH2048)。

備註: 1. 如果指定了 mmpfs,qmpermm 會設定成 1。
2. 如果存放區是 'domain',則 ‘assign’ 將無效。
3. 不建議使用 DES 與 MD5。這些密碼編譯演算法僅提供為
回溯相容性之用。

範例: add policy Policy1 mmpfs= yes assign=yes
mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"


Usage:
policy [ name = ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] (yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Creates a policy with the specified name.

Parameters:

Tag Value
name -Name of the policy.
description -Brief information about the policy.
mmpfs -Option to set master perfect forward secrecy.
qmpermm -Number of quick mode sessions per main mode
session of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
activatedefaultrule -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista.
pollinginterval -Polling Interval, time in minutes for policy agent
to check for changes in policy store.
assign -Assigns the policy as active or inactive.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum,
where ConfAlg can be DES or 3DES,
HashAlg is MD5 or SHA1.
GroupNum can be 1 (Low), 2 (Med), 3 (DH2048).

Remarks: 1. If mmpfs is specified, qmpermm is set to 1.
2. If the store is 'domain' then ‘assign’ will have no effect.
3. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add policy Policy1 mmpfs= yes assign=yes
mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"

11251
使用方式:
filterlist [ name = ]
[ [ description = ] ]

使用指定名稱建立一個空白篩選器清單。

參數:

標記 值
name -篩選器清單名稱。
description -篩選器清單相關簡短資訊。

備註:

範例: add filterlist Filter1


Usage:
filterlist [ name = ]
[ [ description = ] ]

Creates an empty filter list with the specified name.

Parameters:

Tag Value
name -Name of the filter list.
description -Brief information about the filter list.

Remarks:

Examples: add filterlist Filter1

11252
使用方式:
filteraction [ name = ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

建立篩選器動作。

參數:

標記 值
name -篩選器動作的名稱。
description -篩選器動作類型的簡短資訊。
qmpfs -用來設定快速模式完整轉送密碼的選項。
inpass -接受無安全性的通訊,但是永遠使用 IPSec 來回應。
數值可以是‘yes’或‘no’。
soft -允許跟非 IPSec 感知的電腦的不安全通訊。
數值可以是‘yes’或‘no’。
action -可以是‘permit’、‘block’或‘negotiate’。
qmsecmethods -IPSec 提供下列格式之一:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
ConfAlg 可以是 DES 或 3DES 或 None。
AuthAlg 可以是 MD5 或 SHA1 或 None。
HashAlg 是 MD5 或 SHA1。
k 是以 KB 為單位的存留期。
s 是以秒為單位的存留期。

備註: 1. 如果動作不是‘negotiate’則忽略快速模式安全性方式
2. 不建議使用 DES 和 MD5。這些加密演算法僅提供為舊版相容性之用。

範例: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate
qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"


Usage:
filteraction [ name = ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Creates a filter action.

Parameters:

Tag Value
name -Name of the filter action.
description -Brief information about the type of filter action.
qmpfs -Option to set quick mode perfect forward secrecy.
inpass -Accept unsecured communication, but always respond
using IPsec. This takes a value of either ‘yes’ or ‘no’.
soft -Allow unsecured communication with non-IPsec-aware
computers. This takes a value of either ‘yes’ or ‘no’.
action -This takes permit, block or negotiate.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is Lifetime in kilobytes.
where s is Lifetime in seconds.

Remarks: 1. Quick mode security methods are ignored if the action is not
‘negotiate’
2. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate
qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"

11253
使用方式:
rule [ name = ]
[ policy = ]
[ filterlist = ]
[ filteraction = ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ description = ] ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

用指定的篩選器和篩選器動作建立規則。

參數:

標記 值
name -規則名稱。
policy -規則所屬的原則名稱。
filterlist -要使用的篩選器清單名稱。
filteraction -要使用的篩選器動作名稱。
tunnel -通道端點 IP 位址。
conntype -連線類型可以是‘lan’,‘dialup’或‘all’。
activate -如果指定了‘yes’則啟用原則裡的規則。
description -規則的簡短資訊。
kerberos -如果指定了‘yes’則提供 Kerberos 驗證。
psk -使用指定的預先共用金鑰來提供驗證。
rootca -使用指定的根憑證來提供驗證,
如果指定了 certmap:Yes 則嘗試對應憑證,
如果指定了 excludecaname:Yes 則排除 CA 名稱。

備註: 1. 憑證、對應,和 CA 名稱設定都應該用引號包圍; 用 \' 來代替內嵌引號。
2. 憑證對應只有在網域成員上才正確。
3. 可以多次使用 rootca 參數來提供多重憑證。
4. 每個驗證方法的順序是由它在命令裡的順序來決定的。
5. 如果沒有指定驗證方法,則使用動態預設值。
6. 排除根憑證授權單位名稱會防止名稱被當成憑證要求的一部分而傳送出。

範例: add rule name=Rule policy=Policy filterlist=Filterlist
filteraction=FilterAction kerberos=yes psk="my key"
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"


Usage:
rule [ name = ]
[ policy = ]
[ filterlist = ]
[ filteraction = ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ description = ] ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Creates a rule with the specified filter list and filter action.

Parameters:

Tag Value
name -Name of the rule.
policy -Name of the policy the rule belongs to.
filterlist -Name of the filter list to be used.
filteraction -Name of the filter action to be used.
tunnel -Tunnel end point IP address.
conntype -Connection type can be lan, dialup or ‘all’.
activate -Activates the rule in the policy if ‘yes’ is specified.
description -Brief information about the rule.
kerberos -Provides Kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
2. Certificate mapping is valid only for domain members.
3. Multiple certificates can be provided by using the rootca
parameter multiple times.
4. The preference of each authentication method is determined by
its order in the command.
5. If no auth methods are stated, dynamic defaults are used.
6. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.

Examples: add rule name=Rule policy=Policy filterlist=Filterlist
filteraction=FilterAction kerberos=yes psk="my key"
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"

11254
使用方式:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ description = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ mirrored = ] (yes | no) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]

新增篩選器到指定的篩選器清單。

參數:

標記 值
filterlist -要新增篩選器的篩選器清單名稱。
srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
description -篩選器的簡短資訊。
protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。
mirrored -'Yes'會建立兩個篩選器,每個方向一個。
srcmask -來源位址遮罩位址遮罩或 1 到 32 間的首碼。若 srcaddr 設為範圍則不適用
dstmask -目的地位址遮罩或 1 到 32 間的首碼。若 dstaddr 設為範圍則不適用
srcport -封包的來源連接埠。0 代表任何連接埠。
dstport -封包的目的地連接埠。0 代表任何連接埠。

備註: 1. 若篩選器清單不存在則將建立它。
2. 若要指定目前電腦位址,請設定 srcaddr/dstaddr=me
若要指定所有電腦位置,請設定 srcaddr/dstaddr=any
3. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。
4. 若來源是伺服器類型,則 dest 是 'me',反之亦然。
5. 若指定位址範圍,則端點必須是特定位址 (不可以是清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。

範例: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45
srcmask=24 dstmask=32
2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0
protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255
3. add filter filterlist=Filter1 srcaddr=me dstaddr=any
4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME
5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME


Usage:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ description = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ mirrored = ] (yes | no) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]

Adds a filter to the specified filter list.

Parameters:

Tag Value
filterlist -Name of the filter list to which the filter is added.
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
description -Brief information about the filter.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
mirrored -‘Yes’ creates two filters, one in each direction.
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
srcport -Source port of the packet. A value of 0 means any port.
dstport -Destination port of the packet. A value of 0 means any port.

Remarks: 1. If the filter list does not exist it will be created.
2. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
3. Server type can be WINS, DNS, DHCP or GATEWAY.
4. If source is a server type, then dest is 'me' and vice-versa.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45
srcmask=24 dstmask=32
2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0
protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255
3. add filter filterlist=Filter1 srcaddr=me dstaddr=any
4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME
5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME

11300修改現存原則和相關資訊。
Modifies existing policies and related information.
11310修改原則。
Modifies a policy.
11311修改篩選器清單。
Modifies a filter list.
11312修改篩選器動作。
Modifies a filter action.
11313修改規則。
Modifies a rule.
11314設定目前的原則存放區。
Sets the current policy store.
11315修改原則的預設回應規則。
Modifies the default response rule of a policy.
11317設定批次更新模式。
Sets the batch update mode.
11350
使用方式:
policy [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] ( yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ gponame = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

修改原則。

參數:

標記 值
name | guid -原則的名稱或 GUID。
newname -新名稱。
description -簡短資訊。
mmpfs -設定主完整轉送密碼。
qmpermm -每個主要模式的快速模式數目。
mmlifetime -重新建立金鑰的時間。
activatedefaultrule -啟用預設回應規則。只有在 Windows Vista 之前的 Windows
版本才有效。
pollinginterval -檢查原則存放區變更的時間 (以分鐘為單位)。
assign -指派原則。
gponame -可為其指派原則的本機 AD 群組原則物件名稱。只有在存放
區是網域時才有效。
mmsecmethods -以空格分隔的安全性方法清單,其格式為
ConfAlg-HashAlg-GroupNum。

備註: 1. 若已指定 mmpfs,則 qmpermm 會設定為 1。
2. 只有當存放區設定為網域時,才能指定 GPO 名稱。
3. 不建議使用 DES 與 MD5。這些密碼編譯演算法僅提供為回溯相容性之用。

範例: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y
2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=NewName gpo=DefaultDomainPolicy assign=y


Usage:
policy [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ mmpfs = ] (yes | no) ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ activatedefaultrule = ] ( yes | no) ]
[ [ pollinginterval = ] ]
[ [ assign = ] (yes | no) ]
[ [ gponame = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Modifies a policy.

Parameters:

Tag Value
name | guid -Name of the policy, or guid.
newname -New name.
description -Brief information.
mmpfs -Sets master perfect forward secrecy.
qmpermm -Number of quick modes per main mode.
mmlifetime -Time in minutes to rekey.
activatedefaultrule -Activates the default response rule. Valid only for versions of Windows prior to Windows Vista.
pollinginterval -Time in minutes to check for change in policy store.
assign -Assigns the policy.
gponame -Local AD group policy object name to which the policy
can be assigned. Valid when the store is domain.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum.

Remarks: 1. If mmpfs is specified, qmpermm is set to 1.
2. A GPO name can only be specified if the store is set to domain.
3. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y
2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=NewName gpo=DefaultDomainPolicy assign=y

11351
使用方式:
filterlist [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]

修改篩選器清單的名稱和描述。

參數:

標記 值
name | guid -篩選器清單或 guid 的名稱。
newname -篩選器清單的新名稱。
description -篩選器清單的簡短資訊。

範例: 1. set filterlist Filter1 desc=NewFilter1
2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=FilterName


Usage:
filterlist [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]

Modifies a filter list name and description.

Parameters:

Tag Value
name | guid -Name of the filter list or guid.
newname -New name of the filter list.
description -Brief information about the filter list.

Examples: 1. set filterlist Filter1 desc=NewFilter1
2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
newname=FilterName

11352
使用方式:
filteraction [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

修改篩選器動作。

參數:

標記 值
name | guid -篩選器動作名稱或 GUID。
newname -篩選器動作的新增名稱。
description -篩選器動作的簡短資訊。
qmpfs -設定快速模式完整轉送密碼的選項。
inpass -接受無安全性的通訊,但是永遠使用 IPSec 回應。
將接受‘yes’或‘no’的值。
soft -允許跟非 IPSec 感知的電腦的不安全通訊。
將接受‘yes’或‘no’的值。
action -將接受 permit 或 block 或 negotiate。
qmsecmethods -IPSec 提供下列格式之一:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
ConfAlg 可以是 DES 或 3DES 或 None。
AuthAlg 可以是 MD5 或 SHA1 或 None。
HashAlg 是 MD5 或 SHA1。
k 是以 KB 為單位的存留期。
s 是以秒為單位的存留期。

備註: 不建議使用 DES 和 MD5。這些加密演算法僅提供為
舊版相容性之用。

範例: 1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s
2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
inpass=y


Usage:
filteraction [ name = ] | [ guid = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ qmpfs = ] (yes | no) ]
[ [ inpass = ] (yes | no) ]
[ [ soft = ] (yes | no) ]
[ [ action = ] (permit | block | negotiate) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Modifies a filter action.

Parameters:

Tag Value
name | guid -Name or guid of the filter action.
newname -New name of the filter action.
description -Brief information about the filter action.
qmpfs -Option to set quick mode perfect forward secrecy.
inpass -Accept unsecured communication, but always respond
using IPsec. This takes a value of either ‘yes’ or ‘no’.
soft -Allow unsecured communication with non-IPsec-aware computers.
This takes a value of either ‘yes’ or ‘no’.
action -This takes permit or block or negotiate.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples:1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s
2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
inpass=y

11353
使用方式:
rule [ name = ] | [id= ]
[ policy = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ filterlist = ] ]
[ [ filteraction = ] ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

修改原則裡的規則。

參數:

標記 值
name | id -規則的名稱或 ID。
policy -規則所屬的原則名稱。
newname -規則的新增名稱。
description -規則的簡短資訊。
filterlist -要使用的篩選器清單名稱。
filteraction -要使用的篩選器動作名稱。
tunnel -通道 IP 位址或 DNS 名稱。
conntype -連線類型可以是‘lan’,‘dialup’或‘all’。
activate -如果指定了‘yes’則啟用原則裡的規則。
kerberos -如果指定了‘yes’則提供 Kerberos 驗證。
psk -使用指定的預先共用金鑰來提供驗證。
rootca -使用指定的根憑證來提供驗證,如果指定了 certmap:Yes 則
嘗試對應憑證,如果指定了 excludecaname:Yes 則排除 CA 名稱。

備註: 1. 憑證、對應,和 CA 名稱設定都要用引號包住; 用 \' 來取代嵌入式引號。
2. 只有在網域成員裡憑證對應才正確。
3. 可以多次使用 rootca 參數來提供多重憑證。
4. 每個驗證方法的優先順序是由它在命令裡的順序決定的。
5. 如果沒有指定驗證方法,會使用動態預設值。
6. 會用指定的清單來覆寫所有驗證方法。
7. 排除根憑證授權單位 (CA) 名稱將防止該名稱被當成憑證要求的一部分而傳出。

範例: 1. set rule name=Rule policy=Policy activate=yes
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"
2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156


Usage:
rule [ name = ] | [id= ]
[ policy = ]
[ [ newname = ] ]
[ [ description = ] ]
[ [ filterlist = ] ]
[ [ filteraction = ] ]
[ [ tunnel = ] (ip | dns) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ activate = ] (yes | no) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies a rule in a policy.

Parameters:

Tag Value
name | id -Name or ID of the rule.
policy -Name of the policy, the rule belongs to.
newname -New name of the rule.
description -Brief information about the rule.
filterlist -Name of the filter list to be used.
filteraction -Name of the filter action to be used.
tunnel -Tunnel ip address or dns name.
conntype -Connection type can be ‘lan’, ‘dialup’ or ‘all’.
activate -Activates the rule in the policy if ‘yes’ is specified.
kerberos -Provides Kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
2. Certificate mapping is valid only for domain members.
3. Multiple certificates can be provided by using the rootca
parameter multiple times.
4. The preference of each authentication method is determined by
its order in the command.
5. If no auth methods are stated, dynamic defaults are used.
6. All authentication methods are overwritten with the stated list.
7. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.

Examples: 1. set rule name=Rule policy=Policy activate=yes
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"
2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156

11354
使用方式:
store [location = ] (local | domain)
[ [ domain = ] ]

設定目前 IPsec 原則存放區位置。

參數:

標記 值
location IPsec 原則存放區的位置。
domain 網域名稱 (只適用於網域位置)。

備註: 1. 本機存放區包含可以指派來保護此電腦安全的 IPsec 原則。如果有可用
的網域原則,會套用網域原則來代替本機原則。
2. 網域存放區包含可指派來保護網域上電腦群組安全的 IPsec 原則。
3. 使用 'set machine' 命令來設定遠端電腦。
4. 預設存放區是本機。存放區的設定變更只在目前的 Netsh 工作階段中
有效。如果您需要用批次檔在相同的存放區上執行多重命令,請在執行
您的批次檔時使用 ‘Netsh Exec’。
5. 不支援持續性存放區與持續性原則。


範例: 1. set store location=
local
- 使用目前電腦的本機存放區。

2. set store location=domain domain=example.microsoft.
com
- 使用 example.microsoft.com 的網域原則存放區。



Usage:
store [location = ] (local | domain)
[ [ domain = ] ]

Sets the current IPsec policy storage location.

Parameters:

Tag Value
location Location of the IPsec policy store.
domain Domain name (only applies to the domain location).

Remarks: 1. The local store contains IPsec policies that can be assigned to
secure this computer. If a domain policy is available, the
domain policy is applied instead of the local policy.
2. The domain store contains IPsec policies that can be assigned to
secure groups of computers in a domain.
3. Use the 'set machine' command to configure a remote computer.
4. The default store is Local. Changes to the store setting persist
only as long as the current Netsh session. If you need to run
multiple commands in the same store from a batch file, use the
‘Netsh Exec’ when executing your batch file.
5. Persistent store and persistent policy is not supported.


Examples: 1. set store location=
local
- uses the local store of the current computer
.
2. set store location=domain domain=example.microsoft.
com
- uses the domain policy store for example.microsoft.com
.

11355
使用方式:
defaultrule [ policy = ]
[ [ qmpfs = ] (yes | no) ]
[ [ activate = ] (yes | no) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

修改指定原則的預設規則。
在 Windows Vista 與舊版 Windows 上會忽略此規則


參數:

標記

policy -要修改預設回應規則的
原則
名稱。

qmpfs -用來設定快速模式完整傳送密碼的選項。

activate -如果指定為‘yes’則啟動規則。

qmsecmethods -IPsec 提供下列格式之一:
ESP[ConfAlg,AuthAlg]:k/
s
AH[HashAlg]:k/
s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/
s
ConfAlg 可以為 DES、3DES 或 None。

AuthAlg 可以為 MD5、SHA1 或 None。

HashAlg 是 MD5 或 SHA1。

k 是以 KB 為單位的存留期。

s 是以秒為單位的存留期。

kerberos -如果指定為‘yes’則提供 Kerberos 驗證。

psk -提供使用指定預先共用金鑰的驗證。

rootca -提供使用指定根憑證的驗證,
如果指定為 certmap:Yes,則嘗試對應憑證,
如果指定為 excludecaname:Yes 則排除 CA 名稱。


備註: 1. 憑證、對應與 CA 名稱設定都要在引號內;

用 \' 來取代內嵌式引號。

2. 憑證對應只對網域成員有效。

3. 可以多次使用
rootca
參數來提供多重憑證。

4. 每個驗證方式的優先順序
是由
在命令裡的順序決定。

5. 如果沒有陳述驗證方法,則會使用動態預設值

6. 不建議使用 DES 和 MD5。這些加密演算法僅提供為
舊版相容性之用。

範例: set defaultrule Policy1 activate=
y
qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"


Usage:
defaultrule [ policy = ]
[ [ qmpfs = ] (yes | no) ]
[ [ activate = ] (yes | no) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies the default response rule of the specified policy.
This rule will be ignored on Windows Vista and later versions of Windows


Parameters:

Tag
Value
policy -Name of the policy for which the default response rule
is
to be modified
.
qmpfs -Option to set quick mode perfect forward secrecy
.
activate -Activates the rule in the policy if ‘yes’ is specified
.
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/
s
AH[HashAlg]:k/
s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/
s
where ConfAlg can be DES, or 3DES or None
.
where AuthAlg can be MD5, or SHA1 or None
.
where HashAlg is MD5 or SHA1
.
where k is lifetime in kilobytes
.
where s is lifetime in seconds
.
kerberos -Provides Kerberos authentication if ‘yes’ is specified
.
psk -Provides authentication using a specified preshared key
.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified
.

Remarks: 1. Certificate, mapping, and CA name settings are all to be
within
quotes; embedded quotes are to be replaced with \'
.
2. Certificate mapping is valid only for domain members
.
3. Multiple certificates can be provided by using the
rootca
parameter multiple times
.
4. The preference of each authentication method is determined
by
its order in the command
.
5. If no auth methods are stated, dynamic defaults are used
.
6. The use of DES and MD5 is not recommended. These
cryptographic
algorithms are provided for backward compatibility only
.

Examples: set defaultrule Policy1 activate=
y
qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"

11357
使用方式:
set batch [mode = ] (enable | disable)

設定批次更新模式。

參數:

mode - 批次更新的模式。



Usage:
set batch [mode = ] (enable | disable)

Sets the batch update mode.

Parameters:

mode - The mode for batch updates.


11400刪除原則和相關資訊。
Deletes policies and related information.
11410刪除原則和它的規則。
Deletes a policy and its rules.
11411刪除篩選器清單。
Deletes a filter list.
11412刪除篩選器動作。
Deletes a filter action.
11413從原則裡刪除規則。
Deletes a rule from a policy.
11414從篩選器清單裡刪除篩選器。
Deletes a filter from a filter list.
11415刪除所有原則、篩選器清單和篩選器動作。
Deletes all policies, filter lists, and filter actions.
11450
使用方式:
policy [ name = ] | [ all ]

刪除原則和它所有關聯的規則。

參數:

標記 值
name | all -原則名稱或‘all’。

備註: 如果指定了 'all',刪除所有原則。

範例: 1. delete policy all
- 刪除所有原則。
2. delete policy name=Policy1
- 刪除名稱為 Policy1 的原則。


Usage:
policy [ name = ] | [ all ]

Deletes the policy and all its associated rules.

Parameters:

Tag Value
name | all -Name of the policy or ‘all’.

Remarks: If 'all' is specified, all policies are deleted.

Examples: 1. delete policy all
- deletes all policies.
2. delete policy name=Policy1
- deletes the policy named Policy1.

11451
使用方式:
filterlist [name = ] | [ all ]

刪除篩選器清單和它所有關聯的篩選器。

參數:

標記 值
name | all -篩選器清單名稱或‘all’。

備註: 如果指定了 'all',刪除所有篩選器清單。

範例: delete filterlist all


Usage:
filterlist [name = ] | [ all ]

Deletes the filter list and all of its associated filters.

Parameters:

Tag Value
name | all -Name of the filter list or ‘all’.

Remarks: If 'all' is specified, all filter lists are deleted.

Examples: delete filterlist all

11452
使用方式:
filteraction [ name = ] | [ all ]

刪除篩選器動作。

參數:

標記 值
name | all -篩選器動作名稱或‘all’。

備註: 如果指定了 'all',刪除所有篩選器動作。

範例: 1. delete filteraction FilterA
2. delete filteraction all


Usage:
filteraction [ name = ] | [ all ]

Deletes a filter action.

Parameters:

Tag Value
name | all -Name of the filter action or ‘all’.

Remarks: If 'all' is specified, all filter actions are deleted.

Examples: 1. delete filteraction FilterA
2. delete filteraction all

11453
使用方式:
rule [ name = ] | [ id = ] | [ all ]
[ policy = ]

刪除原則裡的規則。

參數:

標記 值
name | id | all -規則名稱,規則的 ID,或‘all’
policy -原則名稱。

備註: 1. 如果指定了 'all',刪除原則裡所有的規則,除了預設回應規則之外。
2. 無法刪除預設回應規則。
3. 每個刪除會變更 ID。

範例: 1. delete rule id=1 Policy1
-刪除來自 Policy1,id=1 的規則。
2. delete rule all Policy1
-刪除所有來自 Policy1 的規則。


Usage:
rule [ name = ] | [ id = ] | [ all ]
[ policy = ]

Deletes a rule from a policy.

Parameters:

Tag Value
name | id | all -Name of the rule, ID of the rule, or ‘all’
policy -Name of the policy.

Remarks: 1. If 'all' is specified, deletes all rules from the policy except
the default response rule.
2. The default response rule cannot be deleted.
3. The IDs will change with every delete.

Examples: 1. delete rule id=1 Policy1
-deletes the rule with id=1 from Policy1.
2. delete rule all Policy1
-deletes all the rules from Policy1.

11454
使用方式:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]

從篩選器清單裡刪除篩選器

參數:

標記 值
filterlist -加入篩選器的篩選器清單名稱。
srcaddr - 來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱,或伺服器類型。
dstaddr -目標 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱,或伺服器類型。
protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。
srcmask -來源位址遮罩或首碼為 1 到 32。若 srcaddr 設為範圍則不適用
dstmask -目標位址遮罩或首碼為 1 到 32。 若 dstaddr 設為範圍則不適用
srcport -封包的來源連接埠。0 代表任何連接埠
dstport -封包的目標連接埠。0 代表任何連接埠。
mirrored -‘Yes’會建立兩個篩選器,每個方向一個。

備註: 1. 從篩選器清單裡刪除完全相符的篩選器。
2. 要指定目前電腦位址,請設定 srcaddr/dstaddr=me
要指定所有電腦位址,請設定 srcaddr/dstaddr=any
3. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。
4. 如果來源是伺服器,則 dest 要設為 'me' 反之亦然。
5. 如果已經指定位址範圍,端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。

範例: 1. delete filter FilterList1 src=fum.com dst=fum.com
2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP
3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP
4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME


Usage:
filter [ filterlist = ]
[ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]

Deletes a filter from a filter list

Parameters:

Tag Value
filterlist -Name of the filter list to which the filter was added.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
srcport -Source port of the packet. A value of 0 means any port
dstport -Destination port of the packet. A value of 0 means any port.
mirrored -‘Yes’ creates two filters, one in each direction.

Remarks: 1. Deletes the exact match filter from the filter list.
2. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
3. Server type can be WINS, DNS, DHCP or GATEWAY.
4. If source is a server, then dest is set to 'me' and vice-versa.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. delete filter FilterList1 src=fum.com dst=fum.com
2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP
3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP
4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME

11455
使用方式:
all

刪除所有原則、篩選器清單,和篩選器動作。

參數:

備註:

範例: delete all


Usage:
all

Deletes all policies, filter lists, and filter actions.

Parameters:

Remarks:

Examples: delete all

11500顯示原則的詳細和相關資訊。
Displays details of policies and related information.
11510顯示原則的詳細資訊。
Displays policy details.
11511顯示篩選器清單詳細資訊。
Displays filter list details.
11512顯示篩選器動作的詳細資訊。
Displays filter action details.
11513顯示規則的詳細資訊。
Displays rule details.
11515顯示所有原則的詳細和相關資訊。
Displays details of all policies and related information.
11516顯示群組指定原則的詳細資訊。
Displays details of a group assigned policy.
11517顯示目前的原則存放區。
Displays the current policy store.
11550
使用方式:
policy [ name = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

顯示原則的詳細資訊。

參數:

標記 值
name | all -原則名稱或‘all’。
level -詳細資訊或一般。
format -在螢幕上顯示或以定位鍵格式。
wide -如果設定成‘no’,會截斷名稱和描述以符合螢幕 80 字元的寬度。

備註: 如果指定了 'all' ,會顯示所有原則的詳細資訊。

範例: show policy Policy1 wide=yes format=table


Usage:
policy [ name = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of a policy

Parameters:

Tag Value
name | all -Name of the policy or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all policy details are displayed.

Examples: show policy Policy1 wide=yes format=table

11551
使用方式:
filterlist [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]
[ [ wide = ] (yes | no) ]

顯示篩選器清單的詳細資訊。

參數:

標記 值
name | rule | all -篩選器清單名稱、規則名稱,或‘all’。
level -詳細資訊或一般。
format -在螢幕上顯示或以定位鍵格式。
resolvedns -‘yes’將強制詳細資訊輸出顯示目前儲存在篩選器欄位的
IP 位址和 DNS 名稱的 DNS 對應。
wide -如果設定成‘no’,會截斷名稱和描述以符合螢幕
80 個字元的寬度。

備註: 如果指定了 'all' ,會顯示所有的篩選器清單。

範例: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes


Usage:
filterlist [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]
[ [ wide = ] (yes | no) ]

Displays the details of a filter list

Parameters:

Tag Value
name | rule | all -Name of the filter list, rule name, or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
resolvedns -Value of ‘yes’ will force the verbose output to show
the current dns mapping for ip addresses and dns
names that are stored in the filter fields.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all filter lists are displayed.

Examples: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes

11552
使用方式:
filteraction [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

顯示篩選器動作的詳細資訊。

參數:

標記 值
name | rule | all -篩選器動作名稱、規則名稱,或‘all’。
level -詳細資訊或一般。
format -在螢幕上顯示或以定位鍵格式。
wide -如果設定成‘no’,會截斷名稱和描述以符合螢幕
80 個字元的寬度。

備註: 如果指定了 'all',會顯示所有篩選器動作。

範例: 1. show filteraction FilterAction1
- shows the details of the filter action named FilterAction1
2. show filteraction rule=Rule1
- shows the filter action used by the rule named Rule1
3. show filteraction all
- shows all filter actions


Usage:
filteraction [ name = ] | [ rule = ] | [ all ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of a filter action

Parameters:

Tag Value
name | rule | all -Name of the filter action, rule name, or ‘all’.
level -Verbose or normal.
format -Output in screen or tab-delimited format
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks: If 'all' is specified, all filter actions are displayed.

Examples: 1. show filteraction FilterAction1
- shows the details of the filter action named FilterAction1
2. show filteraction rule=Rule1
- shows the filter action used by the rule named Rule1
3. show filteraction all
- shows all filter actions

11553
使用方式:
rule [ name = ] | [ id = ] ] | [ all ] | [default]
[ policy = ]
[ [ type = ] (tunnel | tranport) ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

顯示原則的規則詳細資訊。

參數:

標記 值
name | id | all | default -規則名稱、它的 ID、‘all’,或‘default’。
policy -原則名稱。
type -規則類型是‘transport’或‘tunnel’。
level -詳細資訊或一般。
format -在螢幕上顯示或以定位鍵格式。
wide -如果設定成‘no’,會截斷名稱和描述以符合螢幕
80 個字元的寬度。

備註: 1. 如果指定了‘all’,會顯示所有規則。
2. 如果指定了類型參數,則需要指定 'all'。

範例: 1. show rule all type=transport policy=Policy1
- shows all the transport rules of the policy named Policy1.
2. show rule id=1 policy=Policy1
- shows the first rule of the policy.
3. show rule default policy=Policy1
- shows the details of the default response rule of Policy1.


Usage:
rule [ name = ] | [ id = ] ] | [ all ] | [default]
[ policy = ]
[ [ type = ] (tunnel | tranport) ]
[ [ level = ] (verbose | normal) ]
[ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays the details of rules for the policy.

Parameters:

Tag Value
name | id | all | default -Name of the rule, its id, ‘all’, or ‘default’.
policy -Name of the policy.
type -Rule type is ‘transport’ or ‘tunnel’.
level -Verbose or normal.
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are
truncated to fit the screen width of 80
characters.

Remarks: 1. If ‘all’ is specified, all rules are displayed.
2. If the type parameter is specified, 'all' needs to be specified.

Examples: 1. show rule all type=transport policy=Policy1
- shows all the transport rules of the policy named Policy1.
2. show rule id=1 policy=Policy1
- shows the first rule of the policy.
3. show rule default policy=Policy1
- shows the details of the default response rule of Policy1.

11555
使用方式:
all [ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

顯示所有原則、篩選器清單,和篩選器動作。

參數:

標記 值
format -在螢幕上顯示或以定位鍵格式。
wide -如果設定成‘no’,會截斷名稱和描述以符合螢幕 80 個字元的寬度。

備註:

範例: show all


Usage:
all [ [ format = ] (list | table) ]
[ [ wide = ] (yes | no) ]

Displays all policies, filter lists, and filter actions.

Parameters:

Tag Value
format -Output in screen or tab-delimited format.
wide -If set to ‘no’, the name and description are truncated
to fit the screen width of 80 characters.

Remarks:

Examples: show all

11556
使用方式:
gpoassignedpolicy [name = ]

顯示指定的 GPO 的使用中原則詳細資訊。

參數:

標記 值
Name -本機 AD 群組原則物件名稱。


備註: 1. 如果目前的儲存區是網域,則需要 name 參數,否則
將不允許 name 參數

範例: 1. show gpoassignedpolicy name=GPO1
- 顯示已指派給 GPO1 的網域原則。
2. show gpoassignedpolicy
- 顯示目前在此電腦上指派的原則。


Usage:
gpoassignedpolicy [name = ]

Displays the details of the active policy for the specified GPO.

Parameters:

Tag Value
Name -Local AD Group policy object name.


Remarks: 1. if the current store is domain, the name parameter
is required, otherwise it is not allowed

Examples: 1. show gpoassignedpolicy name=GPO1
- shows the assigned domain policy to GPO1.
2. show gpoassignedpolicy
- shows currently assigned policy on this computer.

11557
使用方式:
store

範例: show store


Usage:
store

Examples: show store

12200在 SPD 裡新增原則、篩選器,和動作。
Adds policy, filter, and actions to SPD.
12210在 SPD 裡新增快速模式原則。
Adds a quick mode policy to SPD.
12211在 SPD 裡新增主要模式原則。
Adds a main mode policy to SPD.
12212在 SPD 裡新增快速模式篩選器。
Adds a quick mode filter to SPD.
12213在 SPD 裡新增主要模式篩選器。
Adds a main mode filter to SPD.
12215新增規則和相關的篩選器到 SPD。
Adds a rule and associated filters to SPD.
12250
使用方式:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

新增一個快速模式原則到 SPD。

參數:

標記 值
name -快速模式原則的名稱。
soft -允許和 IPSec 沒注意到的電腦,
做未設定安全的通訊,接受數值 'yes' 或 'no'。
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(預設)。
qmsecmethods -IPSec 提供下列幾種格式 :
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
ConfAlg 可以是 DES 或 3DES 或 None。
AuthAlg 可以是 MD5 或 SHA1 或 None。
HashAlg 是 MD5 或 SHA1。
k 是存留期 (KB)。
s 是存留期 (秒)。

備註: 不建議使用 DES 和 MD5。這些加密演算法僅提供為舊版相容性之用。
範例: add qmpolicy name=qmp
qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"


Usage:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Adds a quick mode policy to SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.
soft -Allow unsecured communication with non-IPsec-aware
computers.
This takes a value of either ‘yes’ or ‘no’.
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES or 3DES or None.
where AuthAlg can be MD5 or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add qmpolicy name=qmp
qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"

12251
使用方法:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

新增一個主要模式原則到 SPD。

參數:

標記 值
name -主要模式原則名稱。
qmpermm -每一個 IKE 主要模式階段中的快速模式階段數。
mmlifetime -重新輸入 (以分鐘計) IKE 的主要模式。
softsaexpirationtime -未受保護的 SA 到期時間 (以分鐘計)。
mmsecmethods -以 ConfAlg-HashAlg-GroupNum 格式列出一個或多
個空格區分安全方式的清單。
ConfAlg 可能是 DES 或 3DES 而 HashAlg 可能是
MD5 或 SHA1。
GroupNum 可以是 1 (Low), 2 (Med), 3 (DH2048)。

備註: 不建議使用 DES 和 MD5。這些加密編譯演算法僅提供為舊版相容性之用。
範例: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20
mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"


Usage:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Adds a main mode policy to SPD.

Parameters:

Tag Value
name -Name of the main mode policy.
qmpermm -Number of quick mode sessions per main mode session
of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
softsaexpirationtime -Time in minutes for an unprotected SA to expire.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum.
where ConfAlg can be DES or 3DES
where HashAlg can be MD5 or SHA1
GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Examples: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20
mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"

12255
使用方式:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ mmpolicy = ]
[ [ qmpolicy = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

新增規則。

參數:

標記 值
srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
dstaddr -目標 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
mmpolicy -主要模式原則
qmpolicy -快速模式原則
protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。
如果您指定連接埠,可接受的值是 TCP 或 UDP。
srcport -來源連接埠 (0 代表任何連接埠)
dstport -目標連接埠 (0 代表任何連接埠)
mirrored -‘Yes' 會建立兩個篩選器,每個方向一個。
conntype -連線類型
actioninbound -輸入封包動作
actionoutbound -輸出封包動作
srcmask -來源位址遮罩或首碼為 1 到 32。若 srcaddr 設為範圍則不適用
dstmask -目標位址遮罩或首碼為 1 到 32。若 dstaddr 設為範圍則不適用
tunneldstaddress -通道目標 IP 位址或 DNS 名稱。
kerberos -如果指定為‘yes’則會提供 kerberos 驗證。
psk -使用指定的預先共用金鑰來提供驗證。
rootca -使用指定的根憑證來提供驗證,
如果指定了 certmap:Yes 則會嘗試對應憑證,
如果指定了 excludecaname:Yes 則會排除 CA 名稱。

備註: 1. TCP 和 UDP 連接埠才有效。
2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY
3. actioninbound 和 actionoutbound 的預設為‘negotiate’。
4. 通道規則的 mirrored 必須設定成 'no'。
5. 憑證、對應,和 CA 名稱設定都要在
引號內; 如裡面尚有引號,請使用 \' 來取代原本的引號。
6. 只有在網域成員裡憑證對應才有效。
7. 可以多次使用 rootca 參數來提供
多重憑證。
8. 每個驗證方法的優先順序是由
在命令裡的順序決定。
9. 如果沒有指定驗證方法,則會使用動態預設值。
10. 排除根憑證授權單位 (CA) 的名稱可以防止
名稱被當成憑證要求的一部分而被傳送出去。
11. 如果已經指定位址範圍,端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。

範例: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp
qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"

Usage:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ mmpolicy = ]
[ [ qmpolicy = ] ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ mirrored = ] (yes | no) ]
[ [ conntype = ] (lan | dialup | all) ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Adds a Rule.

Parameters:

Tag Value
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
mmpolicy -Main mode policy
qmpolicy -Quick mode policy
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
If you specify a port, acceptable value is TCP or UDP.
srcport -Source port(0 means any port)
dstport -Destination port(0 means any port)
mirrored -‘Yes' creates two filters, one in each direction.
conntype -Connection type
actioninbound -Action for inbound packets
actionoutbound -Action for outbound packets
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
tunneldstaddress -Tunnel destination ip address or dns name.
kerberos -Provides kerberos authentication if ‘yes’ is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Port valid for TCP and UDP.
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. Default for actioninbound and actionoutbound is ‘negotiate’.
4. For tunnel rules, mirrored must be set to 'no'.
5. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
6. Certificate mapping is valid only for domain members.
7. Multiple certificates can be provided by using the rootca
parameter multiple times.
8. The preference of each authentication method is determined by its
order in the command.
9. If no auth methods are stated, dynamic defaults are used.
10. Excluding the root certification authority (CA) name prevents the
name from being sent as part of the certificate request.
11. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Example: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp
qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root
Authority\’ certmap:yes excludecaname:no"
12300在 SPD 裡修改原則、篩選器,和動作。
Modifies policy, filter, and actions in SPD.
12310在 SPD 裡修改快速模式原則。
Modifies a quick mode policy in SPD.
12311在 SPD 裡修改主要模式原則。
Modifies a main mode policy in SPD.
12312在 SPD 裡修改快速模式篩選器。
Modifies a quick mode filter in SPD.
12313在 SPD 裡修改主要模式篩選器。
Modifies a main mode filter in SPD.
12319設定 IPsec 設定和開機時的行為。
Sets the IPsec configuration and boot time behavior.
12320在 SPD 裡修改規則和相關的篩選器。
Modifies a rule and associated filters in SPD.
12350
使用方式:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

在 SPD 裡修改快速模式原則。

參數:

標記 值
name -快速模式原則名稱。
soft -允許跟非 IPSec 感知的電腦不安全通訊。
可以是 'yes' 或 'no'。
pfsgroup -GRP1、GRP2、GRP3、GRPMM,NOPFS (預設值)。
qmsecmethods -IPSec 提供下列格式之一:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
ConfAlg 可以是 DES 或 3DES 或 None。
AuthAlg 可以是 MD5 或 SHA1 或 None。
HashAlg 是 MD5 或 SHA1。
k 是以 KB 為單位的存留期。
s 是以秒為單位的存留期。

備註: 不建議使用 DES 和 MD5。這些加密編譯演算法僅提供為舊版相容性之用。
範例: set qmpolicy name=qmp pfsg=grp3
qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"


Usage:
qmpolicy [ name = ]
[ [ soft = ] (yes | no) ]
[ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
[ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

Modifies a quick mode policy in SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.
soft -Allow unsecured communication with
non-IPsec-aware computers.
This takes a value of either 'yes' or 'no'.
pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).
qmsecmethods -IPsec offer in one of the following formats:
ESP[ConfAlg,AuthAlg]:k/s
AH[HashAlg]:k/s
AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
where ConfAlg can be DES, or 3DES or None.
where AuthAlg can be MD5, or SHA1 or None.
where HashAlg is MD5 or SHA1.
where k is lifetime in kilobytes.
where s is lifetime in seconds.

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Example: set qmpolicy name=qmp pfsg=grp3
qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"

12351
使用方式:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

使用 SPD 中的新參數修改主要模式原則。

參數:

標記 值
name -主要模式原則名稱。
qmpermm -每一個 IKE 主要模式階段中的快速模式階段數。
mmlifetime -重新輸入 (以分鐘計) IKE 的主要模式。
softsaexpirationtime -未受保護的 SA 到期時間 (以分鐘計)。
mmsecmethods -以 ConfAlg-HashAlg-GroupNum 格式列出一個或多
個空格區分安全方式的清單。
ConfAlg 可能是 DES 或 3DES,HashAlg 是 MD5 或 SHA1,
GroupNum 可能是 1 (Low) 或 2 (Med) 或 3 (DH2048)。
備註: 不建議使用 DES 和 MD5。這些加密編譯演算法僅提供為舊版相容性之用。
範例: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3


Usage:
mmpolicy [ name = ]
[ [ qmpermm = ] ]
[ [ mmlifetime = ] ]
[ [ softsaexpirationtime = ] ]
[ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

Modifies a main mode policy with the new parameters in SPD.

Parameters:

Tag Value
name -Name of the main mode policy.
qmpermm -Number of quick mode sessions per main mode session
of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
softsaexpirationtime -Time in minutes for an unprotected SA to expire.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum,
where ConfAlg can be DES or 3DES,
HashAlg is MD5 or SHA1,
GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).

Remarks: The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.

Example: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3

12359
使用方式:
config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval |
ikelogging | strongcrlcheck | bootmode | bootexemptions) ]
[ value = ] | | ]

設定 IPsec 的參數。

參數:

標記 值
property -屬性名稱。
value -對應至屬性的值。

備註: 1. 有效的屬性值包括:
ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7
ikelogging - 0, 1
strongcrlcheck - 0, 1, 2
ipsecloginterval - 60 到 86400 秒
ipsecexempt - 0, 1, 2, 3
bootmode - stateful, block, permit
bootexemptions - none, "exemption#1 exemption#2 ... exemption#n"
引號中的字串指定開機模式中永遠允許的通訊協定與連
接埠清單,格式如下:
Protocol:SrcPort:DstPort:Direction
其中,protocol 是 ICMP, TCP, UDP, RAW 或
而 direction 是 inbound 或 outbound
2. ipsecdiagnostics、ikelogging、ipsecloginterval、bootmode 與 bootexemptions
選項僅提供回溯相容之用。對於 Windows Vista 與更新的作業系統無效。
3. SrcPort 與 DstPort 只對於 TCP 與 UDP 才有效,對於其他通訊協定,豁免的格式
是 Protocol:Direction。
4. 連接埠設定值 0 可允許任何連接埠的流量。
5. ikelogging 與 strongcrlcheck 會立即啟動; 所有其他屬性則會在下次開機時
才生效。

範例: 1. set config property=ipsecdiagnostics value=0
2. set config property=bootmode value=stateful
3. set config property=bootexemptions value=none
4. set config property=bootexemptions
value="ICMP:inbound TCP:80:80:outbound"


Usage:
config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval |
ikelogging | strongcrlcheck | bootmode | bootexemptions) ]
[ value = ] | | ]

Configures the parameters for IPsec.

Parameters:

Tag Value
property -Property name.
value -Value that corresponds to the property.

Remarks: 1. Valid values for the properties are:
ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7
ikelogging - 0, 1
strongcrlcheck - 0, 1, 2
ipsecloginterval - 60 to 86400 sec
ipsecexempt - 0, 1, 2, 3
bootmode - stateful, block, permit
bootexemptions - none, "exemption#1 exemption#2 ... exemption#n"
where the quoted string specifies a list of
protocols and ports to always allow during
boot mode in the following format:
Protocol:SrcPort:DstPort:Direction
where protocol is ICMP, TCP, UDP,
RAW, or
where direction is inbound or outbound
2. ipsecdiagnostics, ikelogging, ipsecloginterval, bootmode and
bootexemptions options are provided for backward compatibility.
Not valid for Windows Vista and later operating systems.
3. SrcPort and DstPort are only valid for TCP and UDP, with other
protocols the format of the exemption is Protocol:Direction.
4. A port setting of 0 allows for traffic for any port.
5. ikelogging and strongcrlcheck are activated immediately;
all other properties take effect on next boot.

Examples: 1. set config property=ipsecdiagnostics value=0
2. set config property=bootmode value=stateful
3. set config property=bootexemptions value=none
4. set config property=bootexemptions
value="ICMP:inbound TCP:80:80:outbound"

12360
使用方式:
rule [ srcaddr = ] (ip | dns | server)
[ dstaddr = ] (ip | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ mmpolicy = ] ]
[ [ qmpolicy = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

在 SPD 裡修改規則和關聯的篩選器。

參數:

標記 值
srcaddr - 來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。
srcport -來源連接埠 (0 代表任何連接埠)
dstport -目的地連接埠 (0 代表任何連接埠)
mirrored -'Yes'會建立兩個篩選器,每個方向一個。
conntype -連線類型
srcmask -來源位址遮罩或 1 到 32 間的首碼。若 rcaddr 設為範圍則不適用
dstmask -目的地位址遮罩或 1 到 32 間的首碼。若 dstaddr 設為範圍則不適用
tunneldstaddress -通道目的地 IP 位址或 DNS 名稱。
mmpolicy -主要模式原則
qmpolicy -快速模式原則
actioninbound -輸入封包動作
actionoutbound -輸出封包動作
kerberos -如果指定了'yes'則會提供 kerberos 驗證
psk -使用指定的預先共用金鑰來提供驗證
rootca -使用指定的根憑證來提供驗證,如果指定了 certmap:Yes 則嘗試對應憑證,如果指
定了 excludecaname:Yes 則排除 CA 名稱。

備註: 1. 可以設定 Mmpolicy、qmpolicy、actioninbound、actionoutbound 和 authmethods,其他欄位
是識別元。
2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY
3. 憑證、對應和 CA 名稱設定都要在引號內; 用 \' 來取代內嵌式引號。
4. 只有在網域成員裡憑證對應才有效。
5. 可以多次使用 rootca 參數來提供多重憑證。
6. 每個驗證方法的順序是由它在命令裡的順序來決定的。
7. 如果沒有指定驗證方法,會使用動態預設值。
8. 所有驗證方法都會被指定的清單覆寫。
9. 排除根憑證授權單位 (CA) 名稱可防止該名稱被當成憑證要求的一部分被送出。
10. 如果指定位址範圍,則端點必須是特定的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。

範例: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32
tunneldst=192.168.145.1
proto=tcp srcport=80 dstport=80 mir=no con=lan
qmp=qmp actionin=negotiate actionout=permit
2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215
mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\'Microsoft North, South, East, and West
Root Authority\' certmap:yes excludecaname:no"


Usage:
rule [ srcaddr = ] (ip | dns | server)
[ dstaddr = ] (ip | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]
[ [ mmpolicy = ] ]
[ [ qmpolicy = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ kerberos = ] (yes | no) ]
[ [ psk = ] ]
[ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]

Modifies a rule and associated filters in SPD.

Parameters:

Tag Value
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port (0 means any port)
dstport -Destination port (0 means any port)
mirrored -'Yes' creates two filters, one in each direction.
conntype -Connection type
srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range
dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
tunneldstaddress -Tunnel destination ip address or dns name.
mmpolicy -Main mode policy
qmpolicy -Quick mode policy
actioninbound -Action for inbound packets
actionoutbound -Action for outbound packets
kerberos -Provides kerberos authentication if ‘yes’ is specified
psk -Provides authentication using a specified preshared key
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Mmpolicy, qmpolicy, actioninbound, actionoutbound
and authmethods can be set; other fields are identifiers.
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
4. Certificate mapping is valid only for domain members.
5. Multiple certificates can be provided by using the rootca
parameter multiple times.
6. The preference of each authentication method is determined by
its order in the command.
7. If no auth methods are stated, dynamic defaults are used.
8. All authentication methods are overwritten with the stated list.
9. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.
10. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32
tunneldst=192.168.145.1
proto=tcp srcport=80 dstport=80 mir=no con=lan
qmp=qmp actionin=negotiate actionout=permit
2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215
mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West
Root Authority\’ certmap:yes excludecaname:no"

12400從 SPD 裡刪除原則、篩選器,和動作。
Deletes policy, filter, and actions from SPD.
12410從 SPD 裡刪除快速模式原則。
Deletes a quick mode policy from SPD.
12411從 SPD 裡刪除主要模式原則。
Deletes a main mode policy from SPD.
12414從 SPD 裡刪除規則和相關的篩選器。
Deletes a rule and associated filters from SPD.
12415從 SPD 裡刪除所有原則,篩選器和動作。
Deletes all policies, filters, and actions from SPD.
12450
使用方式:
qmpolicy [ name = ] | [ all ]

從 SPD 裡刪除快速模式原則。
如果指定了 'all',會刪除所有快速模式原則。

參數:

標記 值
name -快速模式原則名稱。

備註: 必須先刪除任何關聯的快速模式篩選器才能刪除快速模式原則。

範例: delete qmpolicy name=qmp


Usage:
qmpolicy [ name = ] | [ all ]

Deletes a quick mode policy from SPD.
If 'all' is specified, all quick mode policies are deleted.

Parameters:

Tag Value
name -Name of the quick mode policy.

Remarks: To delete a quick mode policy, any associated quick mode filters
must first be deleted.

Examples: delete qmpolicy name=qmp

12451
使用方式:
mmpolicy [ name = ] | [ all ]

從 SPD 裡刪除主要模式原則。
如果指定了 'all',會刪除所有主要模式原則。

參數:

標記 值
name -主要模式原則名稱。

備註: 必須先刪除任何關聯的主要模式篩選器才能刪除主要模式原則。

範例: delete mmpolicy name=mmp


Usage:
mmpolicy [ name = ] | [ all ]

Deletes a main mode policy from SPD.
If 'all' is specified, all main mode policies are deleted.

Parameters:

Tag Value
name -Name of the main mode policy.

Remarks: To delete a main mode policy, any associated main mode filters must
first be deleted.

Examples: delete mmpolicy name=mmp

12454
使用方式:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]

從 SPD 裡刪除規則。

參數:

標記 值
srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。
srcport -來源連接埠。0 代表任何連接埠。
dstport -目的地連接埠。0 代表任何連接埠。
mirrored -'Yes' 會建立兩個篩選器,每個方向一個。
conntype -連線類型可以是 lan、dialup 或 'all'。
srcmask -來源位址遮罩或 1 到 32 間的首碼。
dstmask -目的地位址遮罩或 1 到 32 間的首碼。
tunneldstaddress -通道目的地 IP 位址或 DNS 名稱。

備註: 1. 若要指定目前電腦位址,請設定 srcaddr/dstaddr=me
若要指定所有電腦位址,請設定 srcaddr/dstaddr=any
2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY
3. 如果已經指定位址範圍,端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。

範例: delete rule srca=192.168.145.110 dsta=192.168.145.215
tunneldsta=192.168.145.1
proto=tcp srcport=80 dstport=80 mirror=no conntype=lan


Usage:
rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
[ protocol = ] (ANY | ICMP | TCP | UDP | RAW | )
[ srcport = ]
[ dstport = ]
[ mirrored = ] (yes | no)
[ conntype = ] (lan | dialup | all)
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ tunneldstaddress = ] (ip | dns) ]

Deletes a rule from SPD.

Parameters:

Tag Value
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
mirrored -‘Yes’ creates two filters, one in each direction.
conntype -Connection type can be lan, dialup or ‘all’.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
tunneldstaddress -Tunnel destination ip address or dns name.

Remarks: 1. To specify the current computer address, set srcaddr/dstaddr=me
To specify all computer addresses, set srcaddr/dstaddr=any
2. Server type can be WINS, DNS, DHCP or GATEWAY
3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: delete rule srca=192.168.145.110 dsta=192.168.145.215
tunneldsta=192.168.145.1
proto=tcp srcport=80 dstport=80 mirror=no conntype=lan

12455
使用方式:
all

從 SPD 裡刪除所有原則,篩選器,和驗證方法。

範例: delete all


Usage:
all

Deletes all policies, filters, and authentication methods from SPD.

Example: delete all

12500從 SPD 裡顯示原則、篩選器,和動作。
Displays policy, filter, and actions from SPD.
12510從 SPD 顯示原則、篩選器、SA,和統計。
Displays policies, filters, SAs, and statistics from SPD.
12511從 SPD 裡顯示主要模式原則詳細資訊。
Displays main mode policy details from SPD.
12512從 SPD 裡顯示快速模式原則詳細資訊。
Displays quick mode policy details from SPD.
12513從 SPD 裡顯示主要模式篩選器詳細資訊。
Displays main mode filter details from SPD.
12514從 SPD 裡顯示快速模式篩選器詳細資訊。
Displays quick mode filter details from SPD.
12515從 SPD 裡顯示 IPsec 和 IKE 統計。
Displays IPsec and IKE statistics from SPD.
12516從 SPD 裡顯示主要模式安全性關聯。
Displays main mode security associations from SPD.
12517從 SPD 裡顯示快速模式安全性關聯。
Displays quick mode security associations from SPD.
12518顯示 IPsec 設定。
Displays IPsec configuration.
12519從 SPD 顯示規則詳細。
Displays rule details from SPD.
12550
使用方式:
all [ [ resolvedns = ] (yes | no) ]

顯示所有 SPD 裡的原則、篩選器,SA 和統計的詳細資訊。

參數:

標記 值
resolvedns -'yes' 會顯示解析的 DNS 名稱。

備註: resolvedns 的預設值是‘no’。

範例: show all yes
- 顯示所有具有 DNS 解析的資訊


Usage:
all [ [ resolvedns = ] (yes | no) ]

Displays details of all policies, filters, SAs, and statistics from SPD.

Parameters:

Tag Value
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: Default value of resolvedns is ‘no’.

Examples: show all yes
- shows all information with dns resolution

12551
使用方式:
mmpolicy [ name = ] | [ all ]

顯示 SPD 裡的主要模式原則的詳細資訊。

參數:

標記 值
name -主要模式原則名稱。

備註: 如果指定了 'all',會顯示所有主要模式原則。

範例: 1. show mmpolicy name=mmp
2. show mmpolicy all


Usage:
mmpolicy [ name = ] | [ all ]

Displays main mode policy details from SPD.

Parameters:

Tag Value
name -Name of the main mode policy.

Remarks: If 'all' is specified, all main mode policies are displayed.

Examples: 1. show mmpolicy name=mmp
2. show mmpolicy all

12552
使用方式:
qmpolicy [ name = ] | [ all ]

顯示 SPD 裡的快速模式原則的詳細資訊。

參數:

標記 值
name -快速模式原則名稱。

備註: 如果指定了 'all',會顯示所有快速模式原則。

範例: 1. show qmpolicy name=qmp
2. show qmpolicy all


Usage:
qmpolicy [ name = ] | [ all ]

Displays quick mode policy details from SPD.

Parameters:

Tag Value
name -Name of the quick mode policy.

Remarks: If 'all' is specified, all quick mode policies are displayed.

Examples: 1. show qmpolicy name=qmp
2. show qmpolicy all

12553
使用方式:
mmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ resolvedns = ] (yes | no) ]

顯示來自 SPD 主要模式篩選器的詳細資料。

參數:

標記 值
name | all -主要模式篩選器名稱或‘all’。
type -要顯示的篩選器類型,specific 或 generic。
srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱,或伺服器類型。
dstaddr -目標 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱,或伺服器類型。
srcmask -來源位址遮罩或首碼為 1 到 32。
dstmask -目標位址遮罩或首碼為 1 到 32。
resolvedns -設為 'yes' 會顯示解析的 DNS 名稱。

備註: 1. type 參數預設為‘generic’。
2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。
3. 如果指定了 'all',則會顯示所有主要模式篩選器。
4. 如果指定了來源位址或目標位址,
則只會顯示跟該位址相關聯的篩選器。
5. 如果已經指定位址範圍,端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。

範例: 1. show mmfilter name=mmf
2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112


Usage:
mmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ resolvedns = ] (yes | no) ]

Displays main mode filter details from SPD.

Parameters:

Tag Value
name | all -Name of the main mode filter or ‘all’.
type -Type of filter to display, either specific or generic.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Default for the type parameter is ‘generic’.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If 'all' is specified, all main mode filters are displayed.
4. If source address or destination address is specified,
only filters associated with that address are displayed.
5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show mmfilter name=mmf
2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112

12554
使用方式:
qmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

顯示 SPD 裡的快速模式篩選器的詳細資訊。

參數:

標記 值
name -快速模式篩選器的名稱。
type -要顯示的篩選器類型,specific 或 generic。
srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
srcmask -來源位址遮罩或 1 到 32 間的首碼。
dstmask -目的地位址遮罩或 1 到 32 間的首碼。
protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。
srcport -來源連接埠。0 代表任何連接埠。
dstport -目的地連接埠。0 代表任何連接埠。
actioninbound -輸入封包動作。
actionoutbound -輸出封包動作。
resolvedns -值 'yes' 會顯示解析的 DNS 名稱。

備註: 1. 若未指定 type 參數,則會顯示'generic' 和
'specific' 篩選器。
2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。
3. 如果已經指定位址範圍,端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。

範例: 1. show qmfilter name=qmf
2. show qmfilter all srcaddr=192.134.135.133 proto=TCP
3. 如果指定了 'all',會顯示所有快速模式篩選器。
4. 如果指定了來源位址名稱或目的地位址名稱,
只會顯示與該位址關聯的篩選器。


Usage:
qmfilter [ name = ] | [ all ]
[ [ type = ] (generic | specific) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

Displays quick mode filter details from SPD.

Parameters:

Tag Value
name -Name of the quick mode filter.
type -Type of filter to display, either specific or generic.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
actioninbound -Action for inbound packets.
actionoutbound -Action for outbound packets.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. If the type is not specified then both ‘generic’ and
‘specific’ filters are displayed.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show qmfilter name=qmf
2. show qmfilter all srcaddr=192.134.135.133 proto=TCP
3. If 'all' is specified, all quick mode filters are displayed.
4. If source or destination address name is specified,
only filters associated with that address are displayed.

12555
使用方式:
stats [ [type =] (all | ike | IPsec) ]

顯示 IPsec 和 IKE 統計的詳細資訊。

參數:

標記 值
type -IPsec、ike 或 all (會顯示 IPsec 和 ike)

備註:

範例: 1. show stats all
2. show stats type=IPsec


Usage:
stats [ [type =] (all | ike | ipsec) ]

Displays details of IPsec and IKE statistics.

Parameters:

Tag Value
type -ipsec, ike, or all (which displays both ipsec and ike)

Remarks:

Examples: 1. show stats all
2. show stats type=ipsec

12556
使用方式:
mmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

顯示指定位址的主要模式安全性關聯。

參數:

標記 值
all -顯示所有主要模式的安全性關聯。
srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱,或伺服器類型。
dstaddr -目標 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱,或伺服器類型。
format -輸入到螢幕或用 Tab 分隔格式輸入。
resolvedns -'yes' 會顯示解析的 DNS 名稱。

備註: 1. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。
2. 如果已經指定位址範圍,端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。\


範例: 1. show mmsas
all
2. show mmsas srca=192.168.145.110 dsta=192.168.145
.215


Usage:
mmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

Displays the main mode security associations for a specified address.

Parameters:

Tag Value
all -Display all main mode security associations.
srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.
format -Output in screen or tab-delimited format.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY.
2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\


Examples: 1. show mmsas
all
2. show mmsas srca=192.168.145.110 dsta=192.168.145
.215

12557
使用方式:
qmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

顯示指定位址的快速模式安全性關聯。

參數:

標記 值
all -顯示所有快速模式安全性關聯。
srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。
format -在螢幕上顯示或以 Tab 分隔格式輸出。
resolvedns -值 'yes' 會顯示解析的 DNS 名稱。

備註: 1. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。
2. 如果已經指定位址範圍,端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。

範例: 1. show qmsas all
2. show qmsas srca=192.168.145.110 dsta=192.168.145.215


Usage:
qmsas [ [ all ] ]
[ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ format = ] (list | table) ]
[ [ resolvedns = ] (yes | no) ]

Displays the quick mode security associations for a specified address.

Parameters:

Tag Value
all -Displays all quick mode security associations.
srcaddr -Source ip address(ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
format -Output in screen or tab-delimited format.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY.
2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show qmsas all
2. show qmsas srca=192.168.145.110 dsta=192.168.145.215

12558
使用方式:
config
顯示目前 IPsec 設定參數的設定。
備註:

範例: show config


Usage:
config

Displays current settings of IPsec configuration parameters.

Remarks:

Example: show config

12559
使用方式:
rule [ [ type = ] (transport | tunnel) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

顯示 SPD 裡得規則詳細資訊。

參數:

標記 值
type -要顯示的規則類型,transport 或 tunnel。
srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。
srcmask -來源位址遮罩或 1 到 32 間的首碼。
dstmask -目的地位址遮罩或 1 到 32 間的首碼。
protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。
srcport -來源連接埠。0 代表任何連接埠。
dstport -目的地連接埠。0 代表任何連接埠。
actioninbound -輸入封包動作。
actionoutbound -輸出封包動作。
resolvedns -值 'yes' 會顯示解析的 DNS 名稱。

備註: 1. type 參數的預設值是'transport'。
2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。
3. 如果指定了來源位址名稱或目的地位址名稱,只會顯示與該位址關聯的規則。
4. 如果已經指定位址範圍,端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。

範例: 1. show rule
- 顯示 transport 與 tunnel 規則
2. show rule type=transport srcaddr=192.134.135.133 proto=TCP


Usage:
rule [ [ type = ] (transport | tunnel) ]
[ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
[ [ srcmask = ] (mask | prefix) ]
[ [ dstmask = ] (mask | prefix) ]
[ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ]
[ [ srcport = ] ]
[ [ dstport = ] ]
[ [ actioninbound = ] (permit | block | negotiate) ]
[ [ actionoutbound = ] (permit | block | negotiate) ]
[ [ resolvedns = ] (yes | no) ]

Displays rule details from SPD.

Parameters:

Tag Value
type -Type of rule to display, either transport or tunnel.
srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
srcmask -Source address mask or a prefix of 1 through 32.
dstmask -Destination address mask or a prefix of 1 through 32.
protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
srcport -Source port. A value of 0 means any port.
dstport -Destination port. A value of 0 means any port.
actioninbound -Action for inbound packets.
actionoutbound -Action for outbound packets.
resolvedns -Value of 'yes' displays the resolved dns name.

Remarks: 1. Default for the type parameter is ‘transport’.
2. Server type can be WINS, DNS, DHCP or GATEWAY.
3. If source or destination address name is specified,
only rules associated with that address are displayed.
4. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show rule
- shows both transport and tunnel rules
2. show rule type=transport srcaddr=192.134.135.133 proto=TCP

13001

原則數目 : %1!d!


No. of policies : %1!d!
13002存放區 : 本機存放區
Store : Local Store
13006存放區 : 網域存放區
Store : Domain Store
13012遠端機器 Remote Machine
13013本機機器 Local Machine
13014遠端網域 Remote Domain
13015本機網域 Local Domain
13016本機電腦 Local Machine
13017本機網域 Local Domain
13100

原則名稱 : %1!s!


Policy Name : %1!s!
13304

規則識別碼 : %1!d!, GUID = %2!s!


Rule ID : %1!d!, GUID = %2!s!
13305篩選器清單名稱 : %1!s!
FilterList Name : %1!s!
13306篩選器清單名稱 : 無
FilterList Name : NONE
13602原則名稱 : %1!s!
Policy Name : %1!s!
13603描述 : %1!s!
Description : %1!s!
13604描述 : 無
Description : NONE
13605指派 : 是
Assigned : YES
13606指派 : 否
Assigned : NO
13607主 PFS : 是
Master PFS : YES
13608主 PFS : 否
Master PFS : NO
13609輪詢間隔 : %1!d! 分鐘
Polling Interval : %1!d! minutes
13610

規則數目 : %1!d!


No. of Rules : %1!d!
13611
規則詳細資訊

Rule Details
13612------------
------------
13615指派 : 是但是 AD 原則覆蓋
Assigned : YES but AD Policy Overrides
13700
規則名稱 : %1!s!

Rule Name : %1!s!
13701
規則名稱 : 無

Rule Name : NONE
13705驗證方法 (%1!d!)
Authentication Methods(%1!d!)
13708通道目的地 IP 位址 : Tunnel Dest IP Address :
13709連線類型 : 全部
Connection Type : ALL
13710連線類型 : 區域網路
Connection Type : LAN
13711連線類型 : 撥號
Connection Type : DIAL UP
13712連線類型 : 無
Connection Type : NONE
13713
篩選器清單詳細資訊

FilterList Details
13714------------------
------------------
13715
在預設回應規則裡不存在篩選器清單


No FilterList exists in Default Response Rule

13716篩選器動作詳細資訊
FilterAction Details
13717---------------------
---------------------
13734
傳輸規則數目: %1!d!

No of Transport rule(s): %1!d!
13735
通道規則數目 : %1!d!

No of Tunnel rule(s) : %1!d!
13736啟動 : 是
Activated : YES
13737啟動 : 否
Activated : NO
13738已啟動 : 是
Windows Vista 和較新版本的 Windows 不支援預設回應規則。此原則不會生效。
Activated : YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
13800篩選器動作名稱 : %1!s!
FilterAction Name : %1!s!
13801篩選器動作名稱 : 無
FilterAction Name : NONE
13802動作 : 允許
Action : PERMIT
13803動作 : 封鎖
Action : BLOCK
13804動作 : 交涉安全性
Action : NEGOTIATE SECURITY
13805AllowUnsecure(Fallback): 是
AllowUnsecure(Fallback): YES
13806AllowUnsecure(Fallback): 否
AllowUnsecure(Fallback): NO
13807輸入 Passthrough : 是
Inbound Passthrough : YES
13808輸入 Passthrough : 否
Inbound Passthrough : NO
13809安全性方式數目: %1!d! No. of Security.Methods: %1!d!
13812AH ESP 存留 (秒/kB)
AH ESP LIFE (Sec/kB)
13813-- --- -------------
-- --- -------------
13815QMPFS : YES
QMPFS : YES
13816QMPFS : NO
QMPFS : NO
14200KERBEROS
KERBEROS
14201根 CA : %1!s!
Root CA : %1!s!
14202預先共用金鑰 : %1!s!
Preshared Key : %1!s!
14203
NONE
14300
篩選器清單名稱 : %1!s!

FilterList Name : %1!s!
14301
篩選器清單名稱 : 無

FilterList Name : NONE
14302篩選器數目 : %1!d!
No. of Filters : %1!d!
14304篩選器
Filter(s)
14305---------
---------
14308GUID : %1!s!
GUID : %1!s!
14309上次修改 : %1!s!
Last Modified : %1!s!
14500來源 DNS 名稱 :
Source DNS Name :
14501來源 DNS 名稱 : %1!s!
Source DNS Name : %1!s!
14505來源 DNS 名稱 : 無
Source DNS Name : NONE
14506目的地 DNS 名稱 :
Destination DNS Name :
14507目的地 DNS 名稱 : %1!s!
Destination DNS Name : %1!s!
14511目的地 DNS 名稱 : 無
Destination DNS Name : NONE
14512鏡像處理 : 是
Mirrored : YES
14513鏡像處理 : 否
Mirrored : NO
14514來源 DNS 名稱 : %1!s! 解析到 Source DNS Name : %1!s! resolves to
14515目的地 DNS 名稱 : %1!s! 解析到 Destination DNS Name : %1!s! resolves to
14516來源 DNS 名稱 :
Source DNS Name :
14517來源 DNS 名稱 :
Source DNS Name :
14520目的地 DNS 名稱 :
Destination DNS Name :
14521目的地 DNS 名稱 :
Destination DNS Name :
14522目的地 DNS 名稱 :
Destination DNS Name :
14526%1!-15s! %1!-15s!
14527%1!s! %1!s!
14528%1!s!
%1!s!
14529

14530, ,
14531... ...
14600來源 IP 位址 :
Source IP Address :
14602來源 IP 位址 : Source IP Address :
14603來源遮罩 : Source Mask :
14604目的地 IP 位址 :
Destination IP Address :
14606目的地 IP 位址 : Destination IP Address :
14607目的地遮罩 : Destination Mask :
14608來源連接埠 : %1!d!
Source Port : %1!d!
14609來源連接埠 : 任何
Source Port : ANY
14610目的地連接埠 : %1!d!
Destination Port : %1!d!
14611目的地連接埠 : 任何
Destination Port : ANY
14615解析到 %1!s!
resolves to %1!s!
14617來源 IP 位址 :
Source IP Address :
14618來源 IP 位址 :
Source IP Address :
14620來源 IP 位址 :
Source IP Address :
14621目的地 IP 位址 :
Destination IP Address :
14622目的地 IP 位址 :
Destination IP Address :
14623目的地 IP 位址 :
Destination IP Address :
14624目的地 IP 位址 :
Destination IP Address :
14625來源連接埠範圍 : %1!d!-%2!d!
Source Port Range : %1!d!-%2!d!
14626目的地連接埠範圍 : %1!d!-%2!d!
Destination Port Range : %1!d!-%2!d!
14700通訊協定 : ICMP
Protocol : ICMP
14701通訊協定 : TCP
Protocol : TCP
14703通訊協定 : UDP
Protocol : UDP
14708通訊協定 : RAW
Protocol : RAW
14709通訊協定 : 任何
Protocol : ANY
14710通訊協定 : %1!d!
Protocol : %1!d!
14802主要模式安全性方式順序
Main Mode Security Method Order
14803主要模式存留期 : %1!d! 分鐘 / %2!d! 快速模式工作階段
MainMode LifeTime : %1!d! minutes / %2!d! Quick Mode sessions
14804加密 完整性 DH 群組
Encryption Integrity DH Group
14805---------- --------- -------- ---------- --------- --------
14900
DES

DES
14901
3DES

3DES
14902SHA1 SHA1
14903MD5 MD5
14904低(1) Low(1)
14905媒體(2) Medium(2)
149062048 2048
15001

來源機器 : 本機電腦 GPO 為


Source Machine : Local Computer GPO for
15002

來源網域 : %1!s!


Source Domain : %1!s!
15003DC 名稱 : %1!s!
DC Name : %1!s!
15004GPO 名稱 : %1!s!
GPO Name : %1!s!
15005本機 IPsec 原則名稱 : %1!s!
Local IPsec Policy Name : %1!s!
15006AD IPsec 原則名稱 : %1!s!
AD IPsec Policy Name : %1!s!
15007GPO DN : %1!s!
GPO DN : %1!s!
15008GPO OU 連結 : %1!s!
GPO OU Link : %1!s!
15009AD 原則 DN : %1!s!
AD Policy DN : %1!s!
15010本機 IPsec 原則已指派 : 是,但是 AD 原則正在覆蓋中
Local IPsec Policy Assigned: Yes, but AD Policy is Overriding
15011本機 IPsec 原則 DN : %1!s!
Local IPsec Policy DN : %1!s!
15016本機 IPsec 原則名稱 : 無
Local IPsec Policy Name : NONE
15017AD IPsec 原則名稱 : 無
AD IPsec Policy Name : NONE
15018IPsec 原則名稱 : %1!s!
IPsec Policy Name : %1!s!
15019IPsec 原則 DN : %1!s!
IPsec Policy DN : %1!s!
15020IPsec 原則已指派 : 是
IPsec Policy Assigned : YES
15021排除 CA 名稱 : 是
Exclude CA name : YES
15022排除 CA 名稱 : 否
Exclude CA name : NO
15023Certmapping 已啟用 : 是
Certmapping enabled : YES
15024Certmapping 已啟用 : 否
Certmapping enabled : NO
16001

原則數目 %1!d!


No. of policies %1!d!
16003存放區 本機存放區
Store Local Store
16007存放區 網域存放區
Store Domain Store
16010存放區 本機存放區
Store Local Store
16011存放區 網域存放區
Store Domain Store
16013憑證到帳戶對應 是
Cert To Account Mapping YES
16014憑證到帳戶對應 否
Cert To Account Mapping NO
16100

原則名稱 %1!s!


Policy Name %1!s!
16101

規則名稱 %1!s!


Rule Name %1!s!
16303沒指定原則名稱
No Policy Name Specified
16304

規則識別碼 %1!d!, GUID = %2!s!


Rule ID %1!d!, GUID = %2!s!
16306%1!-23s! %1!-23s!
16602原則名稱 %1!s!
Policy Name %1!s!
16603描述 %1!s!
Description %1!s!
16604描述 無
Description NONE
16605指派了 是
Assigned YES
16606指派了 否
Assigned NO
16607主 PFS 是
Master PFS YES
16608主 PFS 否
Master PFS NO
16609輪詢間隔 %1!d! 分鐘
Polling Interval %1!d! minutes
16610

規則數目 %1!d!


No. of Rules %1!d!
16611
規則詳細資訊

Rule Details
16613指派了 是但是 AD 原則覆蓋
Assigned YES but AD Policy Overrides
16614

原則名稱 規則 上次修改 指派


Policy Name Rules LastModified Assign
16615%1!-32s! %1!-32s!
16616是但是 AD 原則覆蓋
YES but AD Policy Overrides
16617
YES
16618
NO
16619---------- ----- ------------ ------
---------- ----- ------------ ------
16620原則名稱 規則 上次修改
Policy Name Rules LastModified
16621----------- ----- ------------
----------- ----- ------------
16700規則名稱 %1!s!
Rule Name %1!s!
16701規則名稱 無
Rule Name NONE
16705
啟用 篩選器清單 篩選器動作 驗證

Enabled FilterList FilterAction Authentication
16706
------- ---------- ------------ --------------

------- ---------- ------------ --------------
16707通道目的地 IP 位址 無
Tunnel Dest IP Address NONE
16708通道目的地 IP 位址 Tunnel Dest IP Address
16709連線類型 全部
Connection Type ALL
16710連線類型 區域網路
Connection Type LAN
16711連線類型 撥號
Connection Type DIAL UP
16712連線類型 不明
Connection Type UNKNOWN
16716
篩選器動作詳細資訊

FilterAction Details
16717--------------------
--------------------
16718啟動了 是
Activated YES
16719啟動了 否
Activated NO
16721

YES
16722

NO
16724 NONE
16728Kerb Kerb
16729Cert Cert
16730Pre Pre
16734
傳輸規則數目 %1!d!

No of Transport rule(s) %1!d!
16735

通道規則數目 %1!d!


No of Tunnel rule(s) %1!d!
16737
啟用 篩選器清單 篩選器動作 通道端點

Enabled FilterList FilterAction TunnelEndPoint
16738
------- ---------- ------------ --------------

------- ---------- ------------ --------------
16739

Windows Vista 和較新版本的 Windows 不支援預設回應規則。此原則不會生效。

YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
16740已啟動 是
Windows Vista 和較新版本的 Windows 不支援預設回應規則。此原則不會生效。
Activated YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
16800篩選器動作名稱 %1!s!
FilterAction Name %1!s!
16801篩選器動作名稱 無
FilterAction Name NONE
16802動作 允許
Action PERMIT
16803動作 封鎖
Action BLOCK
16804動作 交涉安全性
Action NEGOTIATE SECURITY
16805輸入 PassThrough 是
InBound PassThrough YES
16806輸入 PassThrough 否
InBound PassThrough NO
16807AllowUnSecure(Fallback) 是
AllowUnSecure(Fallback) YES
16808AllowUnSecure(Fallback) 否
AllowUnSecure(Fallback) NO
16810安全性方法
Security Methods
16812AH ESP 秒鐘 kBytes
AH ESP Seconds kBytes
16813-- --- ------- ------
-- --- ------- ------
16814QMPFS 是
QMPFS YES
16815QMPFS 否
QMPFS NO
16816篩選器動作名稱 動作 上次修改
FilterAction Name Action Last Modified
16817----------------- ------ -------------
----------------- ------ -------------
16818%1!-38s! %1!-38s!
16820許可 PERMIT
16821區塊 BLOCK
16822訊號交涉 NEGOTIATE
16824%1!-23s!
%1!-23s!
17000[MD5 ] [MD5 ]
17001[SHA1] [SHA1]
17002[無] [NONE]
17003[無 , 無] [NONE , NONE]
17007[MD5 , [MD5 ,
17008[SHA1 , [SHA1 ,
17009[無 , [NONE ,
17010DES ] DES ]
170113DES] 3DES]
17012無] NONE]
17100%1!6u! %2!10u!
%1!6u! %2!10u!
17201ROOT CA %1!s!
ROOT CA %1!s!
17202預先共用金鑰 %1!s!
PRESHARED Key %1!s!
17300
篩選器清單名稱 %1!s!

FilterList Name %1!s!
17301
篩選器清單名稱 無

FilterList Name NONE
17306篩選器清單名稱 篩選器 上次修改
FilterList Name Filters Last Modified
17307--------------- ------- -------------
--------------- ------- -------------
17308GUID %1!s!
GUID %1!s!
17309上次修改 %1!s!
Last Modified %1!s!
17310篩選器數目 %1!d!
No. of Filters %1!d!
17501%1!-45s! %1!-45s!
17508%1!5d! %1!5d!
17512 YES
17513 NO
17514Mir 來源 來源遮罩 目的地 目的地遮罩 通訊協定 來源通訊協定 目的地通訊協定
Mir Source SrcMask Destination DstMask Proto SrcPort DstPort
17515--- ------------- ------------- ------------- ------------- ------- ------- -------
--- ------------- ------------- ------------- ------------- ------- ------- -------
17600
17608%1!3d! %1!3d!
17609任何 ANY
17610%1!3d!
%1!3d!
17611任何
ANY
17612DNS SERVER DNS SERVER
17613WINS SERVER WINS SERVER
17614DHCP SERVER DHCP SERVER
17615DEFAULT GATEWAY DEFAULT GATEWAY
17616%1!3d!-%2!3d! %1!3d!-%2!3d!
17617%1!3d!-%2!3d!
%1!3d!-%2!3d!
17700ICMP ICMP
17701TCP TCP
17703UDP UDP
17708RAW RAW
17710OTHER OTHER
17803主要模式存留期 %1!d! 分鐘 / %2!d! 快速模式工作階段
MainMode LifeTime %1!d! minutes / %2!d! Quick mode sessions
17804加密性 整合性 DH 群組
Encryption Integrity DH Group
17805---------- --------- -------- ---------- --------- --------
17900
DES

DES
17901
3DES

3DES
18000

獨立篩選器動作


Stand Alone FilterAction(s)
18001---------------------------
---------------------------
18004
獨立篩選器動作數目 %1!d!


No. of Standalone FilterActions %1!d!

18100
獨立篩選器清單

Stand Alone FilterList(s)
18101-------------------------
-------------------------
18104
獨立篩選器清單數目 %1!d!

No. of Standalone FilterLists %1!d!
18200
篩選器清單數目 %1!d!


No. of FilterLists %1!d!

18204
篩選器清單數目 : %1!d!


No. of FilterLists : %1!d!

18300
篩選器動作數目 %1!d!


No. of FilterActions %1!d!

18304
篩選器動作數目 : %1!d!


No. of FilterActions : %1!d!

18500原則 '%1!s!' 是使用中。您還是想要刪除嗎? (是/否)
The policy '%1!s!' is ACTIVE. Still would you like to delete? (Y/N)
18503您想要刪除所有跟這個原則關聯的篩選器清單和篩選器動作嗎 ? (是/否)
Would you like to delete all the Filter List(s) and Filter Action(s) associated with the policy ? (Y/N)
18602刪除所有篩選器清單 Delete all the Filter Lists from
18603? (是/否)
? (Y/N)
18652刪除所有篩選器動作 Delete all the Filter Actions from
18706您想要刪除跟這個規則關聯的篩選器清單和篩選器動作嗎? (是/否)
Would you like to delete both the Filter List and Filter Action associated with the rule(s)? (Y/N)
18750您確定要刪除所有原則嗎 Are you sure to delete all policies from
18780

下列原則/規則正在使用它


Following policies/rule(s) are using it
18781---------------------------------------
---------------------------------------
18782規則名稱 : %1!s!
Rule Name : %1!s!
18783規則名稱 : 無
Rule Name : NONE
18794時間應該是在 %1!d! 和 %2!d! kBytes 之間
Life should be within %1!d! and %2!d! kBytes
18802新增原則已建立和更新成功
New Policy is created and updated successfully
18805正在建立名稱為 '%1!s!' 的新增原則...
Creating new Policy with name '%1!s!'...
18806正在建立名稱為 '%1!s!' 的新增原則和設定它到 '%2!s!'...
Creating new Policy with name '%1!s!' and setting it to '%2!s!'...
18840目的地 IP 位址已當作是 'me'
Destination IP address has been taken as 'me'
18841來源 IP 位址已當作是 'me'
Source IP address has been taken as 'me'
18848新增規則已建立和更新成功
New Rule was created and updated successfully
18849正在建立名稱為 '%1!s!' 的新增規則...
Creating new Rule with name '%1!s!' ...
18855正在建立名稱為 '%1!s!' 的新增規則和設定它到 '%2!s!' ...
Creating new Rule with name '%1!s!' and setting it to '%2!s!' ...
18856伺服器位址類型或位址類型 ME、ANY 或位址範圍無法被通道端點指定。
Server address types, address types ME or ANY, or address ranges cannot be specified for tunnel endpoint.
18861您想要建立新增原則嗎? (是/否)
Would you like to create a new policy? (Y/N)
18868憑證到帳戶對應只能在 Active Directory 網域成員啟用。將忽視選項。
Certificate-to-account mapping can only be enabled on Active Directory domain members. The option will be ignored.
18869憑證到帳戶對應: 是
Cert To Account Mapping: YES
18870憑證到帳戶對應: 否
Cert To Account Mapping: NO
18871如果儲存是網域和已指定指派,則需要 GPO 名稱
If store is domain and assign is specified, GPO name is required
18872如果指定 GPO 名稱,表示您是在網域原則存放區操作。
If GPO name is specified, then you must be operating on a domain policy store.
18893您想要建立新增規則嗎? (是/否)
Would you like to create a new Rule? (Y/N)
19002
IKE MM 原則名稱 : %1!s!

IKE MM Policy Name : %1!s!
19012ANY ANY
19018
IKE 軟 SA 存留期 : %1!u! 秒

IKE Soft SA Lifetime : %1!u! secs
19023[%1!S!] [%1!S!]
19025'Netsh ipsec' 內容和目標電腦不相容。
The 'Netsh ipsec' context is not compatible with the target machine.
19102主要模式原則無法使用。
Mainmode Policies not available.
19104所指定的主要模式原則無法使用
Specified Mainmode Policy not available
19106
加密 完整性 DH 存留期 (Kb:秒) QM 限制 每 MM

Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM
19107
---------- --------- ---- ------------------ ---------------

---------- --------- ---- ------------------ ---------------
19121DES DES
19122不明 UNKNOWN
191233DES 3DES
19129%1!-5lu! %2!lu!:%3!lu! %4!-10lu! %1!-5lu! %2!lu!:%3!lu! %4!-10lu!
19130%1!-5lu! %2!lu!:%3!lu! 1 (MMPFS) %1!-5lu! %2!lu!:%3!lu! 1 (MMPFS)
19153快速模式原則無法使用。
Quickmode Policies not available.
19155所指定的快速模式原則無法使用
Specified Quickmode Policy not available
19156
QM 交涉原則名稱 : %1!s!

QM Negotiation Policy Name : %1!s!
19158
安全性方式 存留期 (Kb:秒) PFS DH 設定

Security Methods Lifetime (Kb:secs) PFS DH Group
19159
------------------------- --------------------- ------------

------------------------- --------------------- ------------
19165AH[MD5] AH[MD5]
19166AH[SHA1] AH[SHA1]
19167AH[NONE] AH[NONE]
19168ESP[ DES, ESP[ DES,
19169ESP[ ERR, ESP[ ERR,
19170ESP[3DES, ESP[3DES,
19171ESP[NONE, ESP[NONE,
19172MD5] MD5]
19173SHA1] SHA1]
19174NONE] NONE]
19176低 (1) Low (1)
19178%1!10lu!:%2!-10lu! %1!10lu!:%2!-10lu!
19179繼承主要模式 Main Mode Derived
19180高 (2048) High (2048)
19181AH[ERR] AH[ERR]
19182ERR] ERR]
19183錯誤 ERROR
19192+ +
19193媒體 (2) Medium (2)
19198

篩選器名稱 : %1!s!


Filter name : %1!s!
19200標準主要模式篩選器無法使用。
Generic Mainmode Filters not available.
19201特定主要模式篩選器無法使用。
Specific Mainmode Filters not available.
19202指定的主要模式篩選器無法使用。
Specified Mainmode Filter not available.
19203
主要模式篩選器:

Main Mode Filters:
19204一般 Generic
19205
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
19206指定的 Specific
19207輸出 Outbound
19208輸入 Inbound
19209
重量 : %1!d!

Weight : %1!d!
19210

%1!d! 標準篩選器


%1!d! Generic Filter(s)
19211

%1!d! 特地輸出篩選器


%1!d! Specific Outbound Filter(s)
19212

%1!d! 特定輸入篩選器


%1!d! Specific Inbound Filter(s)
19219全部 ALL
19220LAN LAN
19221撥號 DIALUP
19229未知 Unknown
19236
連線類型 :

Connection Type :
19237
驗證方法 :

Authentication Methods :
19238
預先共用金鑰

Preshared key
19240
Kerberos

Kerberos
19241
安全性方式 :

Security Methods :
19242%1!d! %1!d!
19243(預設) (default)
19244NONE/ NONE/
19245DES/ DES/
19246UNKNOWN/ UNKNOWN/
192473DES/ 3DES/
19249MD5/ MD5/
19250SHA1/ SHA1/
19251DH%1!lu!/%2!lu!/QMlimit=%3!lu! DH%1!lu!/%2!lu!/QMlimit=%3!lu!
19265標準快速模式篩選器無法使用。
Generic Quickmode Filters not available.
19266特定快速模式篩選器無法使用。
Specific Quickmode Filters not available.
19267指定的快速模式篩選器無法使用。
Specified Quickmode Filter not available.
19268
快速模式篩選器(傳輸):

Quick Mode Filters(Transport):
19269
傳輸規則

Transport Rules
19270
通道規則

Tunnel Rules
19271
MM 篩選器名稱 : %1!s!

MM Filter Name : %1!s!
19272
QM 篩選器名稱 : %1!s!

QM Filter Name : %1!s!
19273
主要模式原則 : %1!s!

Main Mode Policy : %1!s!
19274

%1!d! 傳輸篩選器


%1!d! Transport Filter(s)
19275

%1!d! 通道篩選器


%1!d! Tunnel Filter(s)
19276

快速模式篩選器(通道):


Quick Mode Filters(Tunnel):
19278規則無法使用。
Rules not available.
19280
輸入動作 : Passthru

Inbound Action : Passthru
19281
輸入動作 : 交涉

Inbound Action : Negotiate
19282
輸入動作 : 封鎖

Inbound Action : Blocking
19283
輸入動作 : 不明

Inbound Action : Unknown
19284
輸出動作 : Passthru

Outbound Action : Passthru
19285
輸出動作 : 交涉

Outbound Action : Negotiate
19286
輸出動作 : 封鎖

Outbound Action : Blocking
19287
輸出動作 : 不明

Outbound Action : Unknown
19292%1!-5lu! %1!-5lu!
19293
通道來源 :

Tunnel Source :
19294
通道目的地 :

Tunnel Destination :
19295來源連接埠: %1!-4lu! 目的地連接埠: %2!-4lu! Src Port: %1!-4lu! Dest Port: %2!-4lu!
19296
鏡像處理 : 是

Mirrored : yes
19297
鏡像處理 : 否

Mirrored : no
19298
快速模式原則 : %1!s!

Quick Mode Policy : %1!s!
19299
通訊協定 :

Protocol :
19300
IKE 統計

IKE Statistics
19301
--------------

--------------
19302
IKE 統計無法使用。

IKEStatistics not available.
19303
主要模式 : %1!S!

Main Modes : %1!S!
19304
快速模式 : %1!S!

Quick Modes : %1!S!
19305
軟 SA : %1!S!

Soft SAs : %1!S!
19306
驗證失敗 : %1!S!

Authentication Failures : %1!S!
19307
使用中擷取 : %1!S!

Active Acquire : %1!S!
19308
使用中接收 : %1!S!

Active Receive : %1!S!
19309
擷取失敗 : %1!S!

Acquire fail : %1!S!
19310
接收失敗 : %1!S!

Receive fail : %1!S!
19311
傳送失敗 : %1!S!

Send fail : %1!S!
19312
擷取堆積大小 : %1!S!

Acquire Heap size : %1!S!
19313
接收堆積大小 : %1!S!

Receive Heap size : %1!S!
19314
交涉失敗 : %1!S!

Negotiation Failures : %1!S!
19315
接收到不正確的 Cookie : %1!S!

Invalid Cookies Rcvd : %1!S!
19316
總共擷取 : %1!S!

Total Acquire : %1!S!
19317
TotalGetSpi : %1!S!

TotalGetSpi : %1!S!
19318
TotalKeyAdd : %1!S!

TotalKeyAdd : %1!S!
19319
TotalKeyUpdate : %1!S!

TotalKeyUpdate : %1!S!
19320
GetSpiFail : %1!S!

GetSpiFail : %1!S!
19321
KeyAddFail : %1!S!

KeyAddFail : %1!S!
19322
KeyUpdateFail : %1!S!

KeyUpdateFail : %1!S!
19323
IsadbListSize : %1!S!

IsadbListSize : %1!S!
19324
ConnListSize : %1!S!

ConnListSize : %1!S!
19325
接收到不正確的封包 : %1!S!

Invalid Packets Rcvd : %1!S!
19326

IPsec 統計


IPsec Statistics
19327
----------------

----------------
19328
IPsec 統計無法使用。

IPsecStatistics not available.
19329
使用中關聯 : %1!S!

Active Assoc : %1!S!
19330
卸載 SA : %1!S!

Offload SAs : %1!S!
19331
擱置金鑰 : %1!S!

Pending Key : %1!S!
19332
金鑰新增 : %1!S!

Key Adds : %1!S!
19333
金鑰刪除 : %1!S!

Key Deletes : %1!S!
19334
登錄機碼 : %1!S!

ReKeys : %1!S!
19335
使用中通道 : %1!S!

Active Tunnels : %1!S!
19336
不良的 SPI 封包 : %1!S!

Bad SPI Pkts : %1!S!
19337
封包沒有解密 : %1!S!

Pkts not Decrypted : %1!S!
19338
封包沒有驗證 : %1!S!

Pkts not Authenticated : %1!S!
19339
有重新執行偵測的封包 : %1!S!

Pkts with Replay Detection : %1!S!
19340
已傳送的機密位元組 : %1!S!

Confidential Bytes Sent : %1!S!
19341
已接收的機密位元組 : %1!S!

Confidential Bytes Received : %1!S!
19342
已傳送的驗證位元組 : %1!S!

Authenticated Bytes Sent : %1!S!
19343
已接收的驗證位元組 : %1!S!

Authenticated Bytes Received: %1!S!
19344
已傳送的傳輸位元組 : %1!S!

Transport Bytes Sent : %1!S!
19345
已接收的傳輸位元組 : %1!S!

Transport Bytes Received : %1!S!
19346
已傳送的卸載位元組 : %1!S!

Offloaded Bytes Sent : %1!S!
19347
已接收的卸載位元組 : %1!S!

Offloaded Bytes Received : %1!S!
19348
已傳送到通道的位元組 : %1!S!

Bytes Sent In Tunnels : %1!S!
19349
通道裡已接受的位元組 : %1!S!

Bytes Received In Tunnels : %1!S!
19350
Cookie 雙對 :

Cookie Pair :
19351%1!02x! %1!02x!
19352
第二方式 :

Sec Methods :
19359/%1!d!/%2!d! /%1!d!/%2!d!
19360
驗證模式 :

Auth Mode :
19361預先共用金鑰 Preshared Key
19362DSS 簽章 DSS Signature
19363RSA 簽章 RSA Signature
19364RSA 加密 RSA Encryption
19365Kerberos Kerberos
19366
來源 :

Source :
19367,連接埠 %1!d! , port %1!d!
19368
ID :

ID :
19369
ID : %1!s!

ID : %1!s!
19370
目的地 :

Destination :
19371
目的地 安全性方式

Destination SecurityMethods
19372
建立的日期/時間

Date/Time Created
19373
-------------------------------------------------------- ----------------------

-------------------------------------------------------- ----------------------
19374[ID:%1!-35s!] [ID:%1!-35s!]
19375
DNS: %1!-51S!

DNS: %1!-51S!
19377
正在發行 CA :%1!s!

Issuing CA :%1!s!
19378
指紋 :

Thumbprint :
19380: :
19381/ /
1938219383
根 CA : %1!s!
19383
Root CA : %1!s!
19384%S %S
19385( (
19386)
)
19387根 CA : %1!s! Root CA : %1!s!
19397
IPsec 主要模式安全性關聯無法使用。
IPsec MainMode Security Associations not available.
19398
在 %1!s! 的 IKE 主要模式 SA

IKE Main Mode SAs at %1!s!
19400指定的主要模式安全性關聯無法使用。
Specified MainMode Security Associations not available.
19401

快速模式 SA


Quick Mode SAs
19402
--------------

--------------
19403
IPsec 快速模式安全性關聯無法使用。
IPsec QuickMode Security Associations not available.
19404指定的快速模式安全性關聯無法使用。
Specified QuickMode Security Associations not available.
19410
傳輸篩選器

Transport Filter
19411
通道篩選器

Tunnel Filter
19412
不明

Unknown
19413
原則名稱 : %1!s!

Policy Name : %1!s!
19414
來源位址 :

Source Address :
19415
目的地位址 :

Destination Address :
19416
通訊協定 : %1!lu!

Protocol : %1!lu!
19417
來源連接埠 : %1!u!

Source Port : %1!u!
19418
目的地連接埠 : %1!u!

Destination Port : %1!u!
19419
方向 : 輸入

Direction : Inbound
19420
方向 : 輸出

Direction : Outbound
19421
方向 : 錯誤

Direction : Error
19422

使用的提供


Offer Used
19423
通訊協定 : ICMP

Protocol : ICMP
19424
通訊協定 : TCP

Protocol : TCP
19425
通訊協定 : UDP

Protocol : UDP
19426
通訊協定 : RAW

Protocol : RAW
19427
AH(b/r) ESP Con(b/r) ESP Int PFS DH 群組

AH(b/r) ESP Con(b/r) ESP Int PFS DH Group
19428
---------- ------------- ------- ------------

---------- ------------- ------- ------------
19429
封裝類型 : IKE

Encapsulation Type : IKE
19430
封裝類型 : 其他

Encapsulation Type : Other
19431
來源 UDP 封裝連接埠 : %1!u!

Source UDP Encap port : %1!u!
19432
目的地 UDP 封裝連接埠 : %1!u!

Dest UDP Encap port : %1!u!
19433
同儕節點私人位址 :

Peer Private Addr :
19434
通訊協定 : 任何

Protocol : ANY
19441) )
19446
IPsec 設定參數

IPsec Configuration Parameters
19447------------------------------
------------------------------
19448IPsecDiagnostics : %1!d![對於 Windows Vista 或更新的作業系統而言無效]
IPsecDiagnostics : %1!d![Not valid for Windows Vista and later operating systems]
19449IKElogging : %1!d! [對於 Windows Vista 或更新的作業系統而言無效]
IKElogging : %1!d! [Not valid for Windows Vista and later operating systems]
19450StrongCRLCheck : %1!d!
StrongCRLCheck : %1!d!
19451IPsecloginterval : %1!d![對於 Windows Vista 或更新的作業系統而言無效]
IPsecloginterval : %1!d![Not valid for Windows Vista and later operating systems]
19452NLBSFlags : %1!d![對於 Windows Vista 或更新的作業系統而言無效]
NLBSFlags : %1!d![Not valid for Windows Vista and later operating systems]
19453旗標 : %1!d![對於 Windows Vista 或更新的作業系統而言無效]
Flags : %1!d![Not valid for Windows Vista and later operating systems]
19454IPsecexempt : %1!d!
IPsecexempt : %1!d!
194552048DHGroupId : %1!d![對於 Windows Vista 或更新的作業系統而言無效]
2048DHGroupId : %1!d![Not valid for Windows Vista and later operating systems]
19456IPsec 診斷層級超出範圍。範圍是 0 - 7。
IPsec Diagnostic Level is out of range. Range is 0 - 7.
19457IKE Logging 超出範圍。範圍是 0 - 1。
IKE Logging is out of range. Range is 0 - 1.
19458強大 CRL 檢查層級超出範圍。範圍是 0 - 2。
Strong CRL Check Level is out of range. Range is 0 - 2.
19459IPsec 記錄間隔已超出範圍。範圍是 60 - 86400。
IPsec Log Interval is out of range. Range is 60 - 86400.
19460IPsec 解除層級超出範圍。範圍是 0 - 3。
IPsec Exemption Level is out of range. Range is 0 - 3.
19461(有些 IPsec 設定參數沒有設定)。
(Some of the IPsec Configuration parameters are not set).
19462開機模式 : Boot Mode :
19463Stateful Stateful
19464封鎖 Block
19465允許 Permit
19476沒有開機模式豁免事項
No bootmode exemptions
19477開機模式豁免事項 : Boot Mode Exemptions :
19478通訊協定 Src 連接埠 Dst 連接埠 方向
Protocol Src Port Dst Port Direction
19479--------- --------- --------- ---------
--------- --------- --------- ---------
19480允許最多 1024 豁免事項
A maximum of 1024 exemptions are allowed.
19800MD5(%1!02lu!/%2!-02lu!) 無 無 MD5(%1!02lu!/%2!-02lu!) None None
19801SHA1(%1!02lu!/%2!-02lu!) 無 無 SHA1(%1!02lu!/%2!-02lu!) None None
19802無 無 無 None None None
19803無 DES (%1!02lu!/%2!-02lu!) None DES (%1!02lu!/%2!-02lu!)
19804無 未知 None Unknown
19805無 3DES(%1!02lu!/%2!-02lu!) None 3DES(%1!02lu!/%2!-02lu!)
19806無 無 None None
19811certmap certmap
19812excludecaname excludecaname
22001ERR Win32[%1!05d!] : %2!s! ERR Win32[%1!05d!] : %2!s!
22002ERR IPsec[%1!05d!] : ERR IPsec[%1!05d!] :
22004ERR Win32[%1!05d!] : 無效的 Win32 錯誤碼
ERR Win32[%1!05d!] : Invalid Win32 Err Code
22010至少有一個必要參數尚未指定
One or more essential parameters not specified
22011引數不合。正確語法請查閱說明
Arguments are not matching. Check help for the correct syntax
22012沒有原則在原則存放區
No Policies in Policy Store
22013無法開啟原則存放區
Unable to open Policy Store
22014沒有篩選器動作在原則存放區
No Filter Actions in Policy Store
22015沒有篩選器清單在原則存放區
No Filter Lists in Policy Store
22016名稱為 %1!s! 的原則不在原則存放區
Policy with name %1!s! not exists in Policy Store
22017內部錯誤,無效的切換情況。
Internal Error, Invalid Switch Case.
22018對引數 '%1!s!' 這是無效的參數
Invalid Parameter for the Argument '%1!s!'
22019指定的 IP 位址無效
IP Address specified is invalid
22020所給予的 dns 名稱 '%1!s!' 在 DNS 對應失敗
DNS lookup failed for the given dns name '%1!s!'
22021'%1!s!' 在此內容不是有效的標記
'%1!s!' not a valid tag for this context
22022'%1!s!' 標記已經存在
'%1!s!' tag already present
22023沒有引數 'assign = y/n' GPOname 就無法指定
GPOname cannot be specified without argument 'assign = y/n'
22024所給予的命令需要標記 'Name' 或 'GUID'
Tag 'Name' or 'GUID' needed for the given command
22025需要 '%1!s!' 標記
'%1!s!' tag is needed
22026對標記 '%2!s!' 而言 '%1!s!' 是無效的引數
'%1!s!' is not a valid argument for the tag '%2!s!'
22027首碼應該僅介於 1 和 32
Prefix should be between 1 and 32 only
22028'%1!s!' 不是有效的遮罩/首碼
'%1!s!' is not a valid Mask/Prefix
22029所提供的引數是 null
The argument supplied is null
22030所指定的存留期 'Seconds' 超出限制。它應該介於 '%1!d!' 和 '%2!d!' 之間
The 'Seconds' LifeTime specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
22031指定的 'Kbytes' 超出限制。它應該介於 '%1!d!' 和 '%2!d!' 之間
The 'Kbytes' specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
22032Rekey 單位 (k/s) 無效
The Rekey Unit (k/s) is invalid
22033指定無效的 HASH 引數
Invalid HASH algorithm specified
22034指定不完整的 ESP
Incomplete ESP specified
22035'%1!s!' 的 Algo's 指定重複
Duplicate Algo's specified for '%1!s!'
22036無而且不允許無
None and None not allowed
22037指定無效的 IPsec 通訊協定。它應該僅是 ESP 或 AH
Invalid IPsec protocol specified. It should be ESP or AH only
22038已經超過最大 OFFERS 數 [%1!d!]
Max Number of OFFERS[%1!d!] is crossed
22039QM_OFFERS 無效。不允許 Encryption+Encryption 或 Authentication+Authentication
Invalid QM_OFFERS. Encryption+Encryption or Authentication+Authentication are not allowed
22040QMOffers 的存留期或指定資料無效。
Invalid Lifetime or Data specification for QMOffers.
22041為 MMOFFER 指定的 PFS 群組無效
Invalid PFS Group specified for MMOFFER
22042P1 群組遺失
P1 Group missing
22043指定無效的 MMOFFER
Invalid MMOFFER is specified
22044檔案名稱必須只包含 .ipsec 副檔名
File name should contain .ipsec extension only
22045'%1!s!' 和 ALL 不允許
'%1!s!' and ALL not allowed
22046未指定預先共用金鑰
Preshared key not specified
22047指定無效的 Authmethod
Invalid Authmethod is specified
22048指定無效的憑證
Invalid Certificate specified
22049指定多個 '%1!s!' 參數。只能允許一個。
Multiple '%1!s!' parameters are specified. Only one is allowed.
22050指定的連接埠無效。
The Port specified is invalid.
22051引數的數目較多,被截斷的
No of arguments are more,truncated
22052指定無效的 QMOFFER
Invalid QMOFFER specified
22053指定無效的通道 IP
Invalid Tunnel IP specified
22054沒有來源或目的地位址就無法指定通訊協定
Protocol can't be specified without source and destination addresses
22055指定的子網路遮罩無效
Subnet mask specified is invalid
22056無標記引數只能是電腦或網域
Non-tagged arg can only be machine or domain
22057ERR WIN32[00014] : 沒有足夠的記憶體來完成這個操作。
ERR WIN32[00014] : There is not enough memory to complete this operation.
22058指定的連接埠無效。它應該只小於 '%1!d!'
The Port specified is invalid. It should be in less than '%1!d!' only
22100遺失原則名稱
Missing Policy Name
22101輪詢間隔應該在 %1!d! 和 %2!d! 分鐘之間
Polling Interval should be within %1!d! and %2!d! minutes
22102快速模式限制應該在 %1!d! 和 %2!d! 工作階段之間
Quickmode limit should be within %1!d! and %2!d! sessions
22103存留期應該在 %1!d! 和 %2!d! 分鐘之間
Lifetime should be within %1!d! and %2!d! minutes
22111原則 '%1!s!' 已經存在
Policy with name '%1!s!' already exists
22112加入預設回應規則時產生錯誤
Error while adding Default Response Rule
22113建立原則 '%1!s!' 時產生錯誤
Error while creating Policy with name '%1!s!'
22114由於在載入預設 auth 方法時失敗,所以建立原則 '%1!s!' 時產生錯誤
Error while creating policy with name '%1!s!' due to failure in loading default auth methods
22121遺失 FilterList 名稱
Missing FilterList Name
22122FilterList 名稱 '%1!s!' 已經存在
FilterList with name '%1!s!' already exists
22123FilterList 名稱 '%1!s!'時產生錯誤
Error while creating FilterList with name '%1!s!'
22124指定無效的 GUID
Invalid GUID specified
22131建立指定的篩選器時產生錯誤
Error while creating the specified Filter
22141FilterAction '%1!s!' 已經存在
FilterAction with name '%1!s!' already exists
22142建立 FilterAction '%1!s!' 時產生錯誤
Error while creating FilterAction with name '%1!s!'
22143Permit 或 Block 類型的 FilterAction 中 Inpass,Qmpfs,Soft 和 Qmsec 選項無效。您必須指定 'action = negotiate'
Inpass, Qmpfs, Soft and Qmsec options are not valid for the Permit or Block type FilterAction. 'action = negotiate' needs to be specified
22144至少必須指定一個快速模式安全性方法
Atleast One Quick mode Security method needs to be specified
22151規則名稱遺失
Missing Rule Name
22152FilterAction 名稱遺失
Missing FilterAction Name
22153名稱為 '%1!s!' 的原則不存在
Policy with name '%1!s!' does not exist
22154名稱為 '%1!s!' 的規則已經存在原則 '%2!s!' 中
Rule with name '%1!s!' already exists in policy '%2!s!'
22155名稱為 '%1!s!' 的 FilterAction 不存在
FilterAction with name '%1!s!' does not exist
22156在 FilterList 中沒有名稱為 '%1!s!' 的篩選器
No Filters in FilterList with name '%1!s!'
22157建立名稱為 '%1!s!' 的規則時產生錯誤
Error while creating Rule with name '%1!s!'
22158遺失規則名稱或規則識別碼
Missing Rule Name or Rule ID
22159GUID %1!s! 的原則不存在
Policy with GUID %1!s! does not exist
22160GUID %1!s! 的 FilterAction 不存在
FilterAction with GUID %1!s! does not exist
22161由於在載入預設 auth 方法時失敗,所以建立規則 '%1!s!' 時產生錯誤
Error while creating Rule with name '%1!s!' due to failure in loading default auth methods
22165憑證解碼操作失敗
Certificate decoding operation failed
22166名稱為 '%1!s!' 的原則不存在現存電腦網域中
Policy with name '%1!s!' does not exist in current machine's domain
22167指定無效的通道 IP 位址
Invalid Tunnel IP Address Specified
22168FilterList 名稱 '%1!s!' 不存在
FilterList with name '%1!s!' does not exist
22169伺服器不能同時被來源和目的雙方所指定
Servers cannot be specified for both source and destination sides
22170GUID %1!s! 的 FilterList 不存在
FilterList with GUID %1!s! does not exist
22171沒有目錄服務可用
No Directory Service available
22172名稱為 '%1!s!' 的 GPO 沒有存在目前的電腦網域
GPO with name '%1!s!' does not exist in current machine's domain
22173在指派原則到名稱為 '%1!s!' 的 GPO 時產生錯誤或指定的 GPO 不存在
Error while assigning the Policy to the GPO with name '%1!s!' or specified GPO does not exist
22174更新名稱為 '%1!s!' 的原則時產生錯誤
Error while updating the Policy with name '%1!s!'
22175更新 GUID %1!s! 的原則時產生錯誤
Error while updating the Policy with GUID %1!s!
22176從名稱為 '%1!s!' 的 GPO 解除指派原則時產生錯誤或指定的 GPO 不存在
Error while unassigning the Policy from the GPO with name '%1!s!' or specified GPO does not exist
22181更新名稱為 '%1!s!' 的 FilterList 時產生錯誤
Error while updating FilterList with name '%1!s!'
22182更新名稱為 GUID %1!s! 的 FilterList 時產生錯誤
Error while updating FilterList with GUID %1!s!
22191更新名稱為 '%1!s!' 的 FilterAction 時產生錯誤
Error while updating FilterAction with name '%1!s!'
22192更新 GUID %1!s! 的 FilterAction 時產生錯誤
Error while updating FilterAction with GUID %1!s!
22201名稱為 '%1!s!' 的規則不存在原則 '%2!s!'中
Rule with name '%1!s!' does not exist in Policy '%2!s!'
22202更新名稱為 '%1!s!' 的規則時產生錯誤
Error while updating rule with name '%1!s!'
22203預設規則無法更新這個命令。請使用命令 'set defaultrule'
Default rule cannot be updated with this command. Use the 'set defaultrule' command
22204識別碼為 %1!d! 的規則不存在原則 '%2!s!' 中
Rule with ID %1!d! does not exist in Policy '%2!s!'
22205指定無效的規則識別碼
Invalid Rule ID Specified
22211更新名為 '%1!s!' 原則中的預設規則時產生錯誤
Error while updating Default Rule of Policy with name '%1!s!'
22221沒有指定檔案名稱
No file name specified
22222無效的檔案/路徑名稱
Invalid File / Path name
22223匯入原則時產生錯誤
Error while importing policies
22231匯出原則時產生錯誤
Error while exporting policies
22235還原預設原則時產生錯誤
Error while restoring default policies
22236這個命令只有在本機儲存區上可用
This command is only available for the local store
22237網域名稱無效。名稱為 '%1!s!' 的網域不存在
Invalid Domain Name. Domain with name '%1!s!' does not exist
22238您的電腦不是網域成員
Your machine is not a member of domain
22241刪除名稱為 '%1!s!' 的原則時產生錯誤
Error while deleting Policy with name '%1!s!'
22242沒有名稱為 '%1!s!' 的原則
No Policy with name '%1!s!'
22251無法刪除名稱為 '%1!s!' 的 FilterList FilterList with name '%1!s!' cannot be deleted
22252刪除名稱為 '%1!s!' 的 FilterList 時產生錯誤 Error while deleting FilterList with name '%1!s!'
22255沒有名稱為 '%1!s!' 的 FilterList
No FilterList with name '%1!s!'
22256已指定內容的篩選器不在名為 '%1!s!' 的 FilterList 內
Filter with the specified spec does not exist in FilterList with name '%1!s!'
22261刪除指定內容的篩選器後,在更新名為 '%1!s!' 的 FilterList 時產生錯誤
Error while updating FilterList with name '%1!s!' after deletion of the specified filter
22265無法刪除名稱為 '%1!s!' 的 FilterAction FilterAction with name '%1!s!' cannot be deleted
22266刪除名稱為 '%1!s!' 的 FilterAction 時產生錯誤 Error while deleting FilterAction with name '%1!s!'
22267沒有名稱為 '%1!s!' 的 FilterAction
No FilterAction with name '%1!s!'
22271刪除名稱為 '%1!s!' 的規則時產生錯誤
Error while deleting Rule with name '%1!s!'
22272刪除識別碼為 %1!d! 的規則時產生錯誤
Error while deleting Rule with ID %1!d!
22273無法刪除預設回應規則
Default Response Rule cannot be deleted
22274沒有名稱為 '%1!s!' 的規則
No Rule with name '%1!s!'
22275沒有識別碼為 %1!d! 的規則
No Rule with ID %1!d!
22276沒有指定原則名稱
No Policy name specified
22281正在展開名為 '%1!s!' 原則的 NegPol 資訊時產生錯誤
Error while extracting NegPol info of Policy with name '%1!s!'
22282正在展開名為 '%1!s!' 原則的篩選器資訊時產生錯誤
Error while extracting Filter info of Policy with name '%1!s!'
22283正在展開名為 '%1!s!' 原則的 ISAKMP 資訊時產生錯誤
Error while extracting ISAKMP info of Policy with name '%1!s!'
22290沒有目前指派的原則
No currently assigned Policy
22295沒有 FilterList 存在原則存放區
No FilterList exists in Policy Store
22296沒有 FilterAction 存在原則存放區
No FilterAction exists in Policy Store
22297無效的 GPO 名稱或是沒有目前指派的原則
Either invalid GPO name or no currently assigned policy
22298使用網域儲存區時必須指定名稱
A name must be specified when using the domain store
22299指定無效的來源 IP 位址
Invalid Source IP Address specified
22300指定無效的來源 IP/Mask
Invalid Source IP/Mask specified
22301位址衝突。來源和目的不能有相同的 IP/DNS
Address Conflict. Source and Destination cannot have same IP/DNS
22302指定無效的伺服器
Invalid server specified
22303必須指定伺服器
Server needs to be specified
22304指定無效的目的 IP 位址
Invalid destination IP Address specified
22305指定無效的目的遮罩
Invalid destination mask specified
22306無效的 Newname。名稱為 '%1!s!' 的原則已經存在
Invalid Newname. Policy with name '%1!s!' already exists
22307無效的 Newname。名稱為 '%1!s!' 的規則已經存在
Invalid Newname. Rule with name '%1!s!' already exists
22308無效的 Newname。名稱為 '%1!s!' 的 Filterlist 已經存在
Invalid Newname. Filterlist with name '%1!s!' already exists
22309無效的 Newname。名稱為 '%1!s!' 的 Filteraction 已經存在
Invalid Newname. Filteraction with name '%1!s!' already exists
22310如果指定類型,就必須指定 'all'
If a type is specified, 'all' needs to be specified
22311這項操作產生內部錯誤
Internal error occurred during this operation
22312在原則 '%1!s!' 中沒有通道類型的規則存在
No Tunnel type rules exist in policy '%1!s!'
22313這個命令不允許更新預設 Filteraction。請用 'Set DefaultRule' 命令。
Updating default Filteraction is not allowed through this command. Use 'Set DefaultRule' command.
22314名稱為 '%1!s!' 的原則有 READONLY 屬性。拒絕更新
Policy with name '%1!s!' has READONLY attribute. Updation denied
22315指定的規則有 READONLY 屬性。拒絕更新
Specified Rule has READONLY attribute. Updation denied
22316名稱為 '%1!s!' 的 Filteraction 有 READONLY 屬性。拒絕更新
Filteraction with name '%1!s!' has READONLY attribute. Updation denied
22317名稱為 '%1!s!' 的 FilterList 有 READONLY 屬性。拒絕更新
FilterList with name '%1!s!' has READONLY attribute. Updation denied
22318名稱為 '%1!s!' 的原則有 READONLY 屬性。拒絕刪除
Policy with name '%1!s!' has READONLY attribute. Deletion denied
22319名稱為 '%1!s!' 的規則有 READONLY 屬性。拒絕刪除
Rule with name '%1!s!' has READONLY attribute. Deletion denied
22320名稱為 '%1!s!' 的 Filteraction 有 READONLY 屬性。拒絕刪除
Filteraction with name '%1!s!' has READONLY attribute. Deletion denied
22321名稱為 '%1!s!' 的 FilterList 有 READONLY 屬性。拒絕刪除
FilterList with name '%1!s!' has READONLY attribute. Deletion denied
22322使用本機儲存區時不能指定名稱
No name can be specified when using the local store
22323Windows Vista 和較新版本的 Windows 不支援預設回應規則。
Default response rule is not supported on Windows Vista and later versions of Windows.
23001當 ActionInbound 或 ActionOutbound 指定為 NEGOTIATE 時,必須有 QMPolicy。
QMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE.
23002
連接埠號碼對 TCP 或 UDP 通訊協定有效,沒有 PortNumber 仍可繼續

Port number valid for TCP or UDP protocols, continuing without PortNumber.
23003指定的 QMPolicy 不存在。
Specified QMPolicy does not exist.
23004指定的 MainMode 原則不存在。
Specified MainMode Policy does not exist.
23006如果 ActionInbound 或 ActionOutbound 都未指定為 NEGOTIATE,就不能有 IPsec 原則。
Cannot have IPsec policy when neither ActionInbound or ActionOutbound are specified as NEGOTIATE.
23007Mirror = Yes 對通道規則無效。
Mirror = Yes is not valid for Tunnel Rule.
23011指定的 MainMode 篩選器不存在。
Specified MainMode Filter does not exist.
23012指定的傳輸篩選器不存在。
Specified Transport Filter does not exist.
23013指定的通道篩選器不存在。
Specified Tunnel Filter does not exist.
23014無法使用 MainMode 原則。
MainMode Policies are not available.
23015無法使用 QuickMode 原則。
QuickMode Policies are not available.
23021所給予名稱的 MainMode 原則已經存在。
MainMode Policy with the given name already exists.
23031所給予名稱的 QuickMode 原則已經存在。
QuickMode Policy with the given name already exists.
23061MainMode 篩選器不存在。
MainMode Filters do not exist.
23062指定的 MainMode 篩選器不存在而且找不到原則。
Specified MainMode Filter does not exist and Policy is not found.
23063指定的 MainMode 原則不存在或是和指定的 MainMode 篩選器沒有關連。
Specified MainMode Policy either does not exist or not associated with specified MainMode Filter.
23071QuickMode 篩選器不存在。
QuickMode Filters do not exist.
23072指定的 QuickMode 篩選器不存在並且找不到原則。
Specified QuickMode Filter does not exist and Policy is not found.
23073指定的 QuickMode 原則不存在或是和 QuickMode 篩選器沒有關連。
Specified QuickMode Policy either does not exist or is not associated with QuickMode Filter.
23074指定的 QuickMode 篩選器不存在。
Specified QuickMode Filter does not exist.
23075已經用過驗證方法。
Authentication method(s) being used.
23076無法刪除 %1!d! MMFilter 物件。
%1!d! MMFilter object(s) could not be deleted.
23077無法刪除 %1!d! 運輸篩選器物件。
%1!d! Transport Filter object(s) could not be deleted.
23078無法刪除 %1!d! 通道篩選器物件。
%1!d! Tunnel Filter object(s) could not be deleted.
23081IPsec 原則代理服務沒有啟動。
The IPsec Policy Agent service is not active.
23082
原則代理服務啟動成功。

Policy Agent service successfully started.
23090
分析器的權杖錯誤,應該為 IPSEC,IKE 或 ALL。

Wrong token from Parser, Should be either IPSEC, IKE or ALL.
23091
從分析器接收到無效的 AddressType。

Invalid AddressType received from Parser.
23092來源和目的兩者不能為伺服器。
Source and Destination both cannot be Servers.
23093通道來源和通道目的兩者不能為伺服器。
Tunnel Source and Tunnel Destination both cannot be Servers.

EXIF

File Name:nshipsec.dll.mui
Directory:%WINDIR%\WinSxS\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.15063.0_zh-tw_bf25bd601980d13d\
File Size:128 kB
File Permissions:rw-rw-rw-
File Type:Win32 DLL
File Type Extension:dll
MIME Type:application/octet-stream
Machine Type:Intel 386 or later, and compatibles
Time Stamp:0000:00:00 00:00:00
PE Type:PE32
Linker Version:14.10
Code Size:0
Initialized Data Size:131072
Uninitialized Data Size:0
Entry Point:0x0000
OS Version:10.0
Image Version:10.0
Subsystem Version:6.0
Subsystem:Windows GUI
File Version Number:10.0.15063.0
Product Version Number:10.0.15063.0
File Flags Mask:0x003f
File Flags:(none)
File OS:Windows NT 32-bit
Object File Type:Dynamic link library
File Subtype:0
Language Code:Chinese (Traditional)
Character Set:Unicode
Company Name:Microsoft Corporation
File Description:網路殼層 IP 安全性協助程式 DLL
File Version:10.0.15063.0 (WinBuild.160101.0800)
Internal Name:nshipsec.dll
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original File Name:nshipsec.dll.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Directory:%WINDIR%\WinSxS\x86_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.15063.0_zh-tw_630721dc61236007\

What is nshipsec.dll.mui?

nshipsec.dll.mui is Multilingual User Interface resource file that contain Chinese (Traditional) language for file nshipsec.dll (網路殼層 IP 安全性協助程式 DLL).

File version info

File Description:網路殼層 IP 安全性協助程式 DLL
File Version:10.0.15063.0 (WinBuild.160101.0800)
Company Name:Microsoft Corporation
Internal Name:nshipsec.dll
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original Filename:nshipsec.dll.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Translation:0x404, 1200