About using ipsec6 command on XP.

[sunny]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have some question about using ipsec6 command on XP.
I set up SA and SP between two PC(using xxx.sad and xxx.spd files which are
attached this mail).
and then I could see IPSEC packet when I ran a ping6 command.
This trying was successful.
This is the reference site.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/winsock/configuration_4_using_ipsec_between_two_local_link_hosts_2.asp

Here are My Questions...

(1) Is there any VC++ APIs for ipsec6?
- APIs for creating, loading, removing... SA and SP
Do I have to control only using ipsec6 command?

(2) Can I get some documents about using ipsec6 command?
I want to know supported values which I can set in the 2 files(xxx.sad,
xxx.spd).
Specially I want to know what values I can use for IPSecProtocol
section(?) in the xxx.sad file and AuthAlg section in the xxx.spd file.
- I couldn't find any information about using ipsec6 command except
that upper URL.
That site shows just one example.
- I was not sure that it was right. but I tried to set not only
HMAC-SHA1 but also HMAC-MD5-96 instead of HMAC-MD5 for AuthAlg. and I found
out that It worked properly.

(3) Doesn't IPSEC6 support ESP?
- I read some writings that said XP doesn't support ESP.
But, I set ESP for IPSecProtocol. It was also working good. I could
see a ESP packet when I send ping6.

 

[kishor_66]

Hi can i have the xxx.spd and xxx.sad file configuration.
Actually i tried this configuration between two hosts which are windows XP and windows 2003 server.
When i ping from one host to the other, the icmpv6 request packet has the AH header between IPV6 and ICMPV6 header.
But none of them reply to each other.

I double checked everything, and found nothing wrong in my configuration.

Can i have your working configuration .sad and .spd files.