Usage: rule [ srcaddr = ] (ip | dns | server) [ dstaddr = ] (ip | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW |) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ mmpolicy = ] ] [ [ qmpolicy = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Modifies a rule and associated filters in SPD. Parameters: Tag Value srcaddr -Source ip address, dns name, or server type. dstaddr -Destination ip address, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port (0 means any port) dstport -Destination port (0 means any port) mirrored -'Yes' creates two filters, one in each direction. conntype -Connection type srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. tunneldstaddress -Tunnel destination ip address or dns name. mmpolicy -Main mode policy qmpolicy -Quick mode policy actioninbound -Action for inbound packets actionoutbound -Action for outbound packets kerberos -Provides kerberos authentication if ‘yes' is specified psk -Provides authentication using a specified preshared key rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Mmpolicy, qmpolicy, actioninbound, actionoutbound and authmethods can be set; other fields are identifiers. 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 4. Certificate mapping is valid only for domain members. 5. Multiple certificates can be provided by using the rootca parameter multiple times. 6. The preference of each authentication method is determined by its order in the command. 7. If no auth methods are stated, dynamic defaults are used. 8. All authentication methods are overwritten with the stated list. 9. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. Examples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32 tunneldst=192.168.145.1 proto=tcp srcport=80 dstport=80 mir=no con=lan qmp=qmp actionin=negotiate actionout=permit 2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\'Microsoft North, South, East, and West Root Authority\' certmap:yes excludecaname:no"
Usage: rule name = | id = | all | default policy = type = (tunnel | tranport) level = (verbose | normal) format = (list | ...
Usage: rule name = | id= policy = newname = description = filterlist = filteraction = tunnel = (ip | dns) conntype = (lan ...
Usage: rule srcaddr = (ip | dns | server) dstaddr = (ip | dns | server) mmpolicy = qmpolicy = protocol = (ANY | ICMP | TCP ...
Usage: rule srcaddr = (ip | dns | server) dstaddr = (ip | dns | server) protocol = (ANY | ICMP | TCP | UDP | RAW | ) srcport ...
Usage: rule srcaddr = (ip | dns | server) dstaddr = (ip | dns | server) protocol = (ANY | ICMP | TCP | UDP | RAW | ) srcport ...
Usage: rule type = (transport | tunnel) srcaddr = (ip | dns | server) dstaddr = (ip | dns | server) srcmask = (mask | prefix) ...
Usage: setup.exe Addlocal={Server | Client | All} Installs Server or Client or Both (case sensitive). Remove={Server | Client ...
Usage: stats type = (all | ike | ipsec) Displays details of IPSec and IKE statistics. Parameters: Tag Value type -ipsec, ...
Usage: store location = (local | persistent | domain) domain = Sets the current IPSec policy storage location. Parameters: ...