#
# OpenVMS IPsec Profile File, version 1.0.
# tcpip$ipsec_device:[tcpip$ipsec]ipsec_profile.dat
# Copyright 2007, Hewlett-Packard Development Company L.P.
#
# An OpenVMS IPsec profile file contains default argument values that are 
# evaluated in ipsec_config add commands if the user does not specify the values
# in the command. 
# The values are evaluated once, when the policy is added to the configuration 
# database.  Values used from the profile file become part of the configuration
# record for the policy.
#
# Comment lines start with "#".
# Blank lines are ignored.
# Line continuation characters ("\" ) are not supported.
# Each section of the file starts with a BEGIN statement and ends with an
# END statement.
#

#########################
BEGIN IKEPolicy-Defaults
#########################
#
# Defaults for ipsec_config add ike commands.
#

#
# Default IKE authentication type (-auth) 
#
# Acceptable values: PSK (preshared keys) or RSASIG (RSA signature using
# security certificates).
# Default: PSK.

authentication = PSK

#
# Default Diffie-Hellman Group (-group)
#
# Acceptable values: 1 (MODP, 768-bit exponent) or 2 (1024-bit exponent).
# Default: 2.

group = 2

#
# Default IKE hash algorithm (-ike) 
#
# Default value for -hash argument (IKE hash algorithm).
# Acceptable values: MD5 or SHA1.
# Default: MD5.

hash = MD5

#
# Default IKE encryption algorithm (-encryption)
#
# Acceptable values: AES, DES or 3DES.
# Default: 3DES.

encryption = 3DES

#
# Default ISAKMP/Main Mode Security Association maximum lifetime, in seconds
# (-life)
#
# Range: 30 - 4294967295 seconds (approximately 497102 days).
#
# Default: 28800 (8 hours).

life = 28800

######################

END IKEPolicy-Defaults

######################

#########################

BEGIN HostPolicy-Defaults

#########################
#
# Defaults for ipsec_config add host commands.
# 
# There is no predefined inbound manual key.
# There is no predefined outbound manual key.
#

#
# Default source address filter (-source)
#
# Format: ip_address[/[prefix][/port_number|service_name]]
# Acceptable values:
#    ip_address: IPv4 address in dotted-decimal notation or IPv6 address
#                in colon-hexadecimal notation
#                ip_address cannot be a broadcast, subnet broadcast, multicast,
#                or anycast address.
#    prefix: 0 - 32 for an IPv4 address, 0 - 128 for an IPv6 address
#    port_number: 0 (any port) - 65535 
#    service_name: DNS-TCP, DNS-UDP, FTP-DATA, FTP-CONTROL, HTTP-TCP, HTTP-UDP,
#                  NTP, REXEC, RLOGIN, RWHO, REMSH, REMPRINT, SMTP, TELNET, TFTP
# Default: 0.0.0.0/0/0 (this host, any port)

source = 0.0.0.0/0/0 

#
# Default destination address filter (-destination)
#
# Format: see format for source address filter above.
# Default: 0.0.0.0/0/0 (this host, any port)

destination = 0.0.0.0/0/0 

#
# Default protocol (-protocol)
# 
# The service_name parameter in an address filter and protocol are 
# mutually exclusive. ipsec_config ignores the protocol argument
# if service_name is specified.
# Acceptable values: TCP, UDP, ICMP, ICMPv6, IGMP, MH (Mobility Header for
#                    Mobile IPv6), or ALL.  
# Default: ALL.

protocol = ALL

#
# Default action (-action) 
#
# Acceptable values: PASS, DISCARD, REJECT or transform_list.
# For transform_list:
# If you are using manual keys, there can be only one transform.  
# If you are using dynamic keys, the transform list can contain: 
# - up to 8 ESP transforms (including Authenticated ESP transforms)
# - up to 2 AH transforms
# - 1 nested AH+ESP transform (ESP nested inside AH)
# The format for each transform is:
#    transform_name[/[lifetime_seconds][/lifetime_kbytes]]
# Acceptable values:
#  transform_name: AH_MD5, AH_SHA1, ESP_DES_HMAC_MD5,
#                  ESP_DES_HMAC_SHA1, ESP_3DES_HMAC_MD5,
#                  ESP_3DES_HMAC_SHA1, ESP_AES128_HMAC_MD5,
#                  ESP_AES128_HMAC_SHA1, ESP_NULL_HMAC_MD5, ESP_NULL_HMAC_SHA1
#  lifetime_seconds: 30 - 4294967295 seconds (approximately 497102 days) 
#  lifetime_kbytes: 500 - 4294967295 kilobytes.
# Separate multiple transforms using a comma.
# To specify a nested AH and ESP transform, concatenate an AH transform
# and ESP transform with plus sign (+). 
# 
# Examples:
#   action = PASS
#   action = DISCARD
#   action = ESP_AES128_HMAC_SHA1/28800/0
#   action = ESP_AES128_HMAC_SHA1,ESP_3DES_HMAC_SHA1
# 
# Default: DISCARD.

action = DISCARD

#
# Default auto priority decrement (-priority)
#
# If a user does not specify the -priority argument, ipsec_config will use 
# this value to assign/calculate a priority value. 
# If this is the first policy configured, ipsec_config will use 99999999
# as the priority.  Otherwise, ipsec_config will subtract this value from 
# the current highest priority value (highest priority) for host policies
# and assign it to the new policy.
# (The new policy rule becomes the last policy evaluated before the
# default policy.)
# Range: 2 - 10000
# Default: 2

priority = 2

#######################

END HostPolicy-Defaults

#######################