Adding Manual IPSEC with 2 SA's RRS feed

  • Question

  • I want to create an IPSEC_SA_BUNDLE0 where I have an saList set to an array of 2 sa's with the numSAs set to 2.  Per the documentation I tried to create it with the IPSEC_TRANSFORM_ESP_CIPHER as index 0 in the array and IPSEC_TRANSFORM_AH as the index 1 in the array.  When I call IPsecSaConextAddInbound0(...) after doing this the function returns an 87 in decimal 57 in hex and there is an exception that is being thrown:


    0x00000057: The parameter is incorrect.


    memset(sa, 0, sizeof(sa) * 2);

    sa[0].spi = *spi;

    sa[0].saTransformType = IPSEC_TRANSFORM_ESP_CIPHER;

    sa[0].espCipherInformation = &cipherInfo;


    sa[1].spi = *spi;

    sa[1].saTransformType = IPSEC_TRANSFORM_AH;

    sa[1].ahInformation = &info;


    memset(&bundle, 0, sizeof(bundle));

    bundle.numSAs = 2;

    bundle.saList = sa;

    bundle.ipVersion = FWP_IP_VERSION_V4;


    result = IPsecSaContextAddInbound0(engine, tmpSaId, &bundle);


    How would I properly accomplish this?

    Saturday, September 13, 2008 5:23 PM