RFC 3585 (rfc3585) - Page 2 of 88


IPsec Configuration Policy Information Model



Alternative Format: Original Text Document



RFC 3585            IPsec Configuration Policy Model         August 2003


Table of Contents

   1.  Introduction..................................................  3
   2.  UML Conventions...............................................  4
   3.  IPsec Policy Model Inheritance Hierarchy......................  6
   4.  Policy Classes................................................ 11
       4.1.  The Class SARule........................................ 13
       4.2.  The Class IKERule....................................... 17
       4.3.  The Class IPsecRule..................................... 18
       4.4.  The Association Class IPsecPolicyForEndpoint............ 18
       4.5.  The Association Class IPsecPolicyForSystem.............. 19
       4.6.  The Aggregation Class SAConditionInRule................. 19
       4.7.  The Aggregation Class PolicyActionInSARule.............. 20
   5.  Condition and Filter Classes.................................. 22
       5.1.  The Class SACondition................................... 23
       5.2.  The Class IPHeadersFilter............................... 23
       5.3.  The Class CredentialFilterEntry......................... 23
       5.4.  The Class IPSOFilterEntry............................... 25
       5.5.  The Class PeerIDPayloadFilterEntry...................... 26
       5.6.  The Association Class FilterOfSACondition............... 28
       5.7.  The Association Class AcceptCredentialFrom.............. 29
   6.  Action Classes................................................ 30
       6.1.  The Class SAAction...................................... 32
       6.2.  The Class SAStaticAction................................ 33
       6.3.  The Class IPsecBypassAction............................. 34
       6.4.  The Class IPsecDiscardAction............................ 34
       6.5.  The Class IKERejectAction............................... 35
       6.6.  The Class PreconfiguredSAAction......................... 35
       6.7.  The Class PreconfiguredTransportAction.................. 36
       6.8.  The Class PreconfiguredTunnelAction..................... 37
       6.9.  The Class SANegotiationAction........................... 37
       6.10. The Class IKENegotiationAction.......................... 38
       6.11. The Class IPsecAction................................... 39
       6.12. The Class IPsecTransportAction.......................... 41
       6.13. The Class IPsecTunnelAction............................. 42
       6.14. The Class IKEAction..................................... 42
       6.15. The Class PeerGateway................................... 44
       6.16. The Association Class PeerGatewayForTunnel.............. 45
       6.17. The Aggregation Class ContainedProposal................. 46
       6.18. The Association Class HostedPeerGatewayInformation...... 47
       6.19. The Association Class TransformOfPreconfiguredAction.... 48
       6.20  The Association Class PeerGatewayForPreconfiguredTunnel. 49
   7.  Proposal and Transform Classes................................ 50
       7.1.  The Abstract Class SAProposal........................... 50
       7.2.  The Class IKEProposal................................... 51
       7.3.  The Class IPsecProposal................................. 54
       7.4.  The Abstract Class SATransform.......................... 54
       7.5.  The Class AHTransform................................... 56



Jason, et al.               Standards Track