locked
Adding Manual IPSEC with 2 SA's RRS feed

  • Question

  • I want to create an IPSEC_SA_BUNDLE0 where I have an saList set to an array of 2 sa's with the numSAs set to 2.  Per the documentation I tried to create it with the IPSEC_TRANSFORM_ESP_CIPHER as index 0 in the array and IPSEC_TRANSFORM_AH as the index 1 in the array.  When I call IPsecSaConextAddInbound0(...) after doing this the function returns an 87 in decimal 57 in hex and there is an exception that is being thrown:

     

    0x00000057: The parameter is incorrect.

     

    memset(sa, 0, sizeof(sa) * 2);

    sa[0].spi = *spi;

    sa[0].saTransformType = IPSEC_TRANSFORM_ESP_CIPHER;

    sa[0].espCipherInformation = &cipherInfo;

     

    sa[1].spi = *spi;

    sa[1].saTransformType = IPSEC_TRANSFORM_AH;

    sa[1].ahInformation = &info;

     

    memset(&bundle, 0, sizeof(bundle));

    bundle.numSAs = 2;

    bundle.saList = sa;

    bundle.ipVersion = FWP_IP_VERSION_V4;

     

    result = IPsecSaContextAddInbound0(engine, tmpSaId, &bundle);

     

    How would I properly accomplish this?

    Saturday, September 13, 2008 5:23 PM

Answers