Microsoft Windows [Version 6.0.6001] (C) Copyright 2006 Microsoft Corp. c:\windows>netsh ipsec static add rule ?
Usage:
rule [ name = ][ policy = ][ filterlist = ][ filteraction = ][[ tunnel = ] (ip | dns) ][[ conntype = ] (lan | dialup | all) ][[ activate = ] (yes | no) ][[ description = ]][[ kerberos = ] (yes | no) ][[ psk = ]][[ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ]
Creates a rule with the specified filter list and filter action.
Parameters:
Tag Value
name -Name of the rule.
policy -Name of the policy the rule belongs to.
filterlist -Name of the filter list to be used.
filteraction -Name of the filter action to be used.
tunnel -Tunnel end point IP address.
conntype -Connection type can be lan, dialup or 'all'.
activate -Activates the rule in the policy if 'yes' is specified.
description -Brief information about the rule.
kerberos -Provides Kerberos authentication if 'yes' is specified.
psk -Provides authentication using a specified preshared key.
rootca -Provides authentication using a specified root certificate,
attempts to map the cert if certmap:Yes is specified,
excludes the CA name if excludecaname:Yes is specified.
Remarks: 1. Certificate, mapping, and CA name settings are all to be within
quotes; embedded quotes are to be replaced with \'.
2. Certificate mapping is valid only for domain members.
3. Multiple certificates can be provided by using the rootca
parameter multiple times.
4. The preference of each authentication method is determined by
its order in the command.
5. If no auth methods are stated, dynamic defaults are used.
6. Excluding the root certification authority (CA) name prevents
the name from being sent as part of the certificate request.
Examples: add rule name=Rule policy=Policy filterlist=Filterlist
filteraction=FilterAction kerberos=yes psk="my key"
rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
rootca="C=US,O=MSFT,CN=\'Microsoft North, South, East, and West Root
Authority\' certmap:yes excludecaname:no"