1 /* ISAKMP constants. 2 Copyright (C) 2002 Geoffrey Keating 3 4 This program is free software; you can redistribute it and/or modify 5 it under the terms of the GNU General Public License as published by 6 the Free Software Foundation; either version 2 of the License, or 7 (at your option) any later version. 8 9 This program is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 GNU General Public License for more details. 13 14 You should have received a copy of the GNU General Public License 15 along with this program; if not, write to the Free Software 16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 17 18 $Id: isakmp.h 324 2008-06-19 23:09:09Z Joerg Mayer $ 19 */ 20 21 #ifndef __ISAKMP_H__ 22 #define __ISAKMP_H__ 23 24 /* Flag bits for header. */ 25 #define ISAKMP_FLAG_E 0x1 26 #define ISAKMP_FLAG_C 0x2 27 #define ISAKMP_FLAG_A 0x4 28 29 /* Payload types */ 30 enum isakmp_payload_enum { 31 ISAKMP_PAYLOAD_NONE = 0, /* RFC 2408 */ 32 ISAKMP_PAYLOAD_SA, /* RFC 2408, Security Association */ 33 ISAKMP_PAYLOAD_P, /* RFC 2408, Proposal */ 34 ISAKMP_PAYLOAD_T, /* RFC 2408, Transform */ 35 ISAKMP_PAYLOAD_KE, /* RFC 2408, Key Exchange */ 36 ISAKMP_PAYLOAD_ID, /* RFC 2408, Identification */ 37 ISAKMP_PAYLOAD_CERT, /* RFC 2408, Certificate */ 38 ISAKMP_PAYLOAD_CR, /* RFC 2408, Certificate Request */ 39 ISAKMP_PAYLOAD_HASH, /* RFC 2408, Hash */ 40 ISAKMP_PAYLOAD_SIG, /* RFC 2408, Signature */ 41 ISAKMP_PAYLOAD_NONCE, /* RFC 2408, Nonce */ 42 ISAKMP_PAYLOAD_N, /* RFC 2408, Notification */ 43 ISAKMP_PAYLOAD_D, /* RFC 2408, Delete */ 44 ISAKMP_PAYLOAD_VID, /* RFC 2408, Vendor ID */ 45 ISAKMP_PAYLOAD_MODECFG_ATTR, 46 ISAKMP_PAYLOAD_SAK, /* RFC 3547, SA KEK */ 47 ISAKMP_PAYLOAD_SAT, /* RFC 3547, SA TEK */ 48 ISAKMP_PAYLOAD_KD, /* RFC 3547, Key Download */ 49 ISAKMP_PAYLOAD_SEQNO, /* RFC 3547, Sequence number */ 50 ISAKMP_PAYLOAD_POP, /* RFC 3547, Proof of Possession */ 51 ISAKMP_PAYLOAD_NAT_D, /* RFC 3947, NAT Discovery */ 52 ISAKMP_PAYLOAD_NAT_OA, /* RFC 3947, NAT Original Address */ 53 ISAKMP_PAYLOAD_NAT_D_OLD = 0x82, 54 ISAKMP_PAYLOAD_FRAG = 0x84 55 }; 56 57 /* Exchange types. */ 58 enum isakmp_exchange_enum { 59 ISAKMP_EXCHANGE_NONE = 0, 60 ISAKMP_EXCHANGE_BASE, 61 ISAKMP_EXCHANGE_IDENTITY, 62 ISAKMP_EXCHANGE_AUTH_ONLY, 63 ISAKMP_EXCHANGE_AGGRESSIVE, 64 ISAKMP_EXCHANGE_INFORMATIONAL, 65 ISAKMP_EXCHANGE_MODECFG_TRANSACTION, 66 ISAKMP_EXCHANGE_IKE_QUICK = 32, 67 ISAKMP_EXCHANGE_IKE_NEW_GROUP 68 }; 69 70 /* DOI types. */ 71 enum isakmp_doi_enum { 72 ISAKMP_DOI_GENERIC = 0, 73 ISAKMP_DOI_IPSEC 74 }; 75 76 /* Notify message types (error: 1-16383; status: 16384-65535). */ 77 enum isakmp_notify_enum { 78 ISAKMP_N_INVALID_PAYLOAD_TYPE = 1, 79 ISAKMP_N_DOI_NOT_SUPPORTED, 80 ISAKMP_N_SITUATION_NOT_SUPPORTED, 81 ISAKMP_N_INVALID_COOKIE, 82 ISAKMP_N_INVALID_MAJOR_VERSION, 83 ISAKMP_N_INVALID_MINOR_VERSION, 84 ISAKMP_N_INVALID_EXCHANGE_TYPE, 85 ISAKMP_N_INVALID_FLAGS, 86 ISAKMP_N_INVALID_MESSAGE_ID, 87 ISAKMP_N_INVALID_PROTOCOL_ID, 88 ISAKMP_N_INVALID_SPI, 89 ISAKMP_N_INVALID_TRANSFORM_ID, 90 ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED, 91 ISAKMP_N_NO_PROPOSAL_CHOSEN, 92 ISAKMP_N_BAD_PROPOSAL_SYNTAX, 93 ISAKMP_N_PAYLOAD_MALFORMED, 94 ISAKMP_N_INVALID_KEY_INFORMATION, 95 ISAKMP_N_INVALID_ID_INFORMATION, 96 ISAKMP_N_INVALID_CERT_ENCODING, 97 ISAKMP_N_INVALID_CERTIFICATE, 98 ISAKMP_N_CERT_TYPE_UNSUPPORTED, 99 ISAKMP_N_INVALID_CERT_AUTHORITY, 100 ISAKMP_N_INVALID_HASH_INFORMATION, 101 ISAKMP_N_AUTHENTICATION_FAILED, 102 ISAKMP_N_INVALID_SIGNATURE, 103 ISAKMP_N_ADDRESS_NOTIFICATION, 104 ISAKMP_N_NOTIFY_SA_LIFETIME, 105 ISAKMP_N_CERTIFICATE_UNAVAILABLE, 106 ISAKMP_N_UNSUPPORTED_EXCHANGE_TYPE, 107 ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS, 108 ISAKMP_N_CONNECTED = 16384, 109 ISAKMP_N_IPSEC_RESPONDER_LIFETIME = 24576, 110 ISAKMP_N_IPSEC_REPLAY_STATUS, 111 ISAKMP_N_IPSEC_INITIAL_CONTACT, 112 ISAKMP_N_CISCO_HELLO = 30000, 113 ISAKMP_N_CISCO_WWTEBR, 114 ISAKMP_N_CISCO_SHUT_UP, 115 ISAKMP_N_IOS_KEEP_ALIVE_REQ = 32768, 116 ISAKMP_N_IOS_KEEP_ALIVE_ACK, 117 ISAKMP_N_R_U_THERE = 36136, 118 ISAKMP_N_R_U_THERE_ACK, 119 ISAKMP_N_CISCO_LOAD_BALANCE = 40501, 120 ISAKMP_N_CISCO_PRESHARED_KEY_HASH = 40503 121 }; 122 123 /* Delete with reason values */ 124 /* Note: The values are random, i.e. we don't know them yet */ 125 enum dwr_ike_delete { 126 IKE_DELETE_SERVER_SHUTDOWN = 0, /* Peer has been shut down */ 127 IKE_DELETE_SERVER_REBOOT, /* Peer has been rebooted. */ 128 IKE_DELETE_MAX_CONNECT_TIME, /* Maximum configured connection time exceeded. */ 129 IKE_DELETE_BY_USER_COMMAND, /* Manually disconnected by administrator. */ 130 IKE_DELETE_BY_ERROR, /* Connectivity to Client lost. */ 131 IKE_DELETE_NO_ERROR, /* Unknown error. */ 132 IKE_DELETE_IDLE_TIMEOUT, /* Maximum idle time for session exceeded. */ 133 IKE_DELETE_P2_PROPOSAL_MISMATCH, /* Policy negotiation failed */ 134 IKE_DELETE_FIREWALL_MISMATCH, /* Firewall policy mismatch. */ 135 IKE_DELETE_CERT_EXPIRED, /* Certificates used with this connection entry have expired. */ 136 IKE_DELETE_BY_EXPIRED_LIFETIME, /* Maximum configured lifetime exceeded. */ 137 DEL_REASON_RESET_SADB /* (found in vpnclient log file) */ 138 }; 139 140 /* Certificate types. */ 141 enum isakmp_certificate_enum { 142 ISAKMP_CERT_NONE = 0, 143 ISAKMP_CERT_PKCS7_X509, 144 ISAKMP_CERT_PGP, 145 ISAKMP_CERT_DNS_SIG_KEY, 146 ISAKMP_CERT_X509_SIG, 147 ISAKMP_CERT_X509_KEX_EXCHANGE, 148 ISAKMP_CERT_KERBEROS_TOKENS, 149 ISAKMP_CERT_CRL, 150 ISAKMP_CERT_ARL, 151 ISAKMP_CERT_SPKI, 152 ISAKMP_CERT_X509_ATTRIBUTE 153 }; 154 155 /* IKE attribute types. */ 156 enum ike_attr_enum { 157 IKE_ATTRIB_ENC = 1, 158 IKE_ATTRIB_HASH, 159 IKE_ATTRIB_AUTH_METHOD, 160 IKE_ATTRIB_GROUP_DESC, 161 IKE_ATTRIB_GROUP_TYPE, 162 IKE_ATTRIB_GROUP_PRIME, 163 IKE_ATTRIB_GROUP_GEN_1, 164 IKE_ATTRIB_GROUP_GEN_2, 165 IKE_ATTRIB_GROUP_CURVE_A, 166 IKE_ATTRIB_GROUP_CURVE_B, 167 IKE_ATTRIB_LIFE_TYPE, 168 IKE_ATTRIB_LIFE_DURATION, 169 IKE_ATTRIB_PRF, 170 IKE_ATTRIB_KEY_LENGTH, 171 IKE_ATTRIB_FIELD_SIZE, 172 IKE_ATTRIB_GROUP_ORDER, 173 IKE_ATTRIB_BLOCK_SIZE, 174 IKE_ATTRIB_NORTEL_UNKNOWN = 32767 175 }; 176 177 /* IKE encryption algorithm IDs. */ 178 enum ike_enc_enum { 179 IKE_ENC_NO_CBC = 0, 180 IKE_ENC_DES_CBC, 181 IKE_ENC_IDEA_CBC, 182 IKE_ENC_BLOWFISH_CBC, 183 IKE_ENC_RC5_R16_B16_CBC, 184 IKE_ENC_3DES_CBC, 185 IKE_ENC_CAST_CBC, 186 IKE_ENC_AES_CBC 187 }; 188 189 /* IKE hash algorithm IDs. */ 190 enum ike_hash_enum { 191 IKE_HASH_MD5 = 1, 192 IKE_HASH_SHA, 193 IKE_HASH_TIGER, 194 IKE_HASH_SHA2_256, 195 IKE_HASH_SHA2_384, 196 IKE_HASH_SHA2_512 197 }; 198 199 /* IKE authentication method IDs. */ 200 enum ike_auth_enum { 201 IKE_AUTH_PRESHARED = 1, 202 IKE_AUTH_DSS, 203 IKE_AUTH_RSA_SIG, 204 IKE_AUTH_RSA_ENC, 205 IKE_AUTH_RSA_ENC_2, 206 IKE_AUTH_EL_GAMAL_ENC, 207 IKE_AUTH_EL_GAMAL_ENC_REV, 208 IKE_AUTH_ECDSA_SIG, 209 IKE_AUTH_HybridInitRSA = 64221, 210 IKE_AUTH_HybridRespRSA, 211 IKE_AUTH_HybridInitDSS, 212 IKE_AUTH_HybridRespDSS, 213 IKE_AUTH_XAUTHInitPreShared = 65001, 214 IKE_AUTH_XAUTHRespPreShared, 215 IKE_AUTH_XAUTHInitDSS, 216 IKE_AUTH_XAUTHRespDSS, 217 IKE_AUTH_XAUTHInitRSA, 218 IKE_AUTH_XAUTHRespRSA, 219 IKE_AUTH_XAUTHInitRSAEncryption, 220 IKE_AUTH_XAUTHRespRSAEncryption, 221 IKE_AUTH_XAUTHInitRSARevisedEncryption, 222 IKE_AUTH_XAUTHRespRSARevisedEncryption 223 }; 224 225 /* IKE group IDs. */ 226 enum ike_group_enum { 227 IKE_GROUP_MODP_768 = 1, 228 IKE_GROUP_MODP_1024, 229 IKE_GROUP_EC2N_155, 230 IKE_GROUP_EC2N_185, 231 IKE_GROUP_MODP_1536, 232 IKE_GROUP_EC2N_163sect, 233 IKE_GROUP_EC2N_163K, 234 IKE_GROUP_EC2N_283sect, 235 IKE_GROUP_EC2N_283K, 236 IKE_GROUP_EC2N_409sect, 237 IKE_GROUP_EC2N_409K, 238 IKE_GROUP_EC2N_571sect, 239 IKE_GROUP_EC2N_571K 240 }; 241 242 /* IKE group type IDs. */ 243 enum ike_group_type_enum { 244 IKE_GROUP_TYPE_MODP = 1, 245 IKE_GROUP_TYPE_ECP, 246 IKE_GROUP_TYPE_EC2N 247 }; 248 249 /* IKE life type IDs. */ 250 enum ike_life_enum { 251 IKE_LIFE_TYPE_SECONDS = 1, 252 IKE_LIFE_TYPE_K 253 }; 254 255 /* IPSEC situation masks. */ 256 enum isakmp_ipsec_sit_enum { 257 ISAKMP_IPSEC_SIT_IDENTITY_ONLY = 0x1, 258 ISAKMP_IPSEC_SIT_SECRECY = 0x2, 259 ISAKMP_IPSEC_SIT_INTEGRITY = 0x4 260 }; 261 262 /* IPSEC Identification types. */ 263 enum isakmp_ipsec_id_enum { 264 ISAKMP_IPSEC_ID_RESERVED = 0, 265 ISAKMP_IPSEC_ID_IPV4_ADDR, 266 ISAKMP_IPSEC_ID_FQDN, 267 ISAKMP_IPSEC_ID_USER_FQDN, 268 ISAKMP_IPSEC_ID_IPV4_ADDR_SUBNET, 269 ISAKMP_IPSEC_ID_IPV6_ADDR, 270 ISAKMP_IPSEC_ID_IPV6_ADDR_SUBNET, 271 ISAKMP_IPSEC_ID_IPV4_ADDR_RANGE, 272 ISAKMP_IPSEC_ID_IPV6_ADDR_RANGE, 273 ISAKMP_IPSEC_ID_DER_ASN1_DN, 274 ISAKMP_IPSEC_ID_DER_ASN1_GN, 275 ISAKMP_IPSEC_ID_KEY_ID 276 }; 277 278 /* IPSEC protocol IDs. */ 279 enum isakmp_ipsec_proto_enum { 280 ISAKMP_IPSEC_PROTO_RESERVED = 0, 281 ISAKMP_IPSEC_PROTO_ISAKMP, 282 ISAKMP_IPSEC_PROTO_IPSEC_AH, 283 ISAKMP_IPSEC_PROTO_IPSEC_ESP, 284 ISAKMP_IPSEC_PROTO_IPCOMP, 285 ISAKMP_IPSEC_PROTO_MODECFG = 512 /* hack for simplicity in debug code */ 286 }; 287 288 /* IPSEC transform IDs. */ 289 enum isakmp_ipsec_key_enum { 290 ISAKMP_IPSEC_KEY_RESERVED = 0, 291 ISAKMP_IPSEC_KEY_IKE 292 }; 293 294 /* IPSEC AH IDs. */ 295 enum isakmp_ipsec_ah_enum { 296 ISAKMP_IPSEC_AH_RESERVED = 0, 297 ISAKMP_IPSEC_AH_MD5 = 2, 298 ISAKMP_IPSEC_AH_SHA, 299 ISAKMP_IPSEC_AH_DES, 300 ISAKMP_IPSEC_AH_SHA2_256, 301 ISAKMP_IPSEC_AH_SHA2_384, 302 ISAKMP_IPSEC_AH_SHA2_512, 303 ISAKMP_IPSEC_AH_RIPEMD 304 }; 305 306 /* IPSEC ESP IDs. */ 307 enum isakmp_ipsec_esp_enum { 308 ISAKMP_IPSEC_ESP_RESERVED = 0, 309 ISAKMP_IPSEC_ESP_DES_IV64, 310 ISAKMP_IPSEC_ESP_DES, 311 ISAKMP_IPSEC_ESP_3DES, 312 ISAKMP_IPSEC_ESP_RC5, 313 ISAKMP_IPSEC_ESP_IDEA, 314 ISAKMP_IPSEC_ESP_CAST, 315 ISAKMP_IPSEC_ESP_BLOWFISH, 316 ISAKMP_IPSEC_ESP_3IDEA, 317 ISAKMP_IPSEC_ESP_DES_IV32, 318 ISAKMP_IPSEC_ESP_RC4, 319 ISAKMP_IPSEC_ESP_NULL, 320 ISAKMP_IPSEC_ESP_AES, 321 ISAKMP_IPSEC_ESP_AES_128_CTR, 322 ISAKMP_IPSEC_ESP_AES_MARS = 249, 323 ISAKMP_IPSEC_ESP_AES_RC6, 324 ISAKMP_IPSEC_ESP_AES_RIJNDAEL, 325 ISAKMP_IPSEC_ESP_AES_SERPENT, 326 ISAKMP_IPSEC_ESP_AES_TWOFISH 327 }; 328 329 /* IPSEC attribute types. */ 330 enum isakmp_ipsec_attr_enum { 331 ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE = 1, 332 ISAKMP_IPSEC_ATTRIB_SA_LIFE_DURATION, 333 ISAKMP_IPSEC_ATTRIB_GROUP_DESC, 334 ISAKMP_IPSEC_ATTRIB_ENCAP_MODE, 335 ISAKMP_IPSEC_ATTRIB_AUTH_ALG, 336 ISAKMP_IPSEC_ATTRIB_KEY_LENGTH, 337 ISAKMP_IPSEC_ATTRIB_KEY_ROUNDS, 338 ISAKMP_IPSEC_ATTRIB_COMP_DICT_SIZE, 339 ISAKMP_IPSEC_ATTRIB_COMP_PRIVATE_ALG, 340 ISAKMP_IPSEC_ATTRIB_ECN_TUNNEL 341 }; 342 343 /* IPSEC compression IDs. */ 344 enum isakmp_ipsec_ipcomp_enum { 345 ISAKMP_IPSEC_IPCOMP_RESERVED = 0, 346 ISAKMP_IPSEC_IPCOMP_OUI, 347 ISAKMP_IPSEC_IPCOMP_DEFLATE, 348 ISAKMP_IPSEC_IPCOMP_LZS, 349 ISAKMP_IPSEC_IPCOMP_V42BIS 350 }; 351 352 /* IPSEC lifetime attribute values. */ 353 enum ipsec_life_enum { 354 IPSEC_LIFE_SECONDS = 1, 355 IPSEC_LIFE_K 356 }; 357 358 /* IPSEC encapsulation attribute numbers. */ 359 enum ipsec_encap_enum { 360 IPSEC_ENCAP_TUNNEL = 1, 361 IPSEC_ENCAP_TRANSPORT, 362 IPSEC_ENCAP_UDP_TUNNEL, 363 IPSEC_ENCAP_UDP_TRANSPORT, 364 IPSEC_ENCAP_UDP_TUNNEL_OLD = 61443, 365 IPSEC_ENCAP_UDP_TRANSPORT_OLD 366 }; 367 368 /* IPSEC authentication attribute numbers. */ 369 enum ipsec_auth_enum { 370 IPSEC_AUTH_HMAC_MD5 = 1, 371 IPSEC_AUTH_HMAC_SHA, 372 IPSEC_AUTH_DES_MAC, 373 IPSEC_AUTH_KPDK 374 }; 375 376 /* Other numbers. */ 377 #define ISAKMP_COOKIE_LENGTH 8 378 #define ISAKMP_VERSION 0x10 379 /* offsets */ 380 #define ISAKMP_EXCHANGE_TYPE_O 18 381 #define ISAKMP_I_COOKIE_O 0 382 #define ISAKMP_R_COOKIE_O 8 383 #define ISAKMP_MESSAGE_ID_O 20 384 #define ISAKMP_PAYLOAD_O 28 385 386 /* defined in vpnc.c */ 387 extern const unsigned char VID_XAUTH[]; 388 extern const unsigned char VID_DPD[]; 389 extern const unsigned char VID_UNITY[]; 390 extern const unsigned char VID_UNKNOWN[]; 391 extern const unsigned char VID_NATT_00[]; 392 extern const unsigned char VID_NATT_01[]; 393 extern const unsigned char VID_NATT_02[]; 394 extern const unsigned char VID_NATT_02N[]; 395 extern const unsigned char VID_NATT_RFC[]; 396 397 /* Support for draft-ietf-ipsec-isakmp-mode-cfg-05.txt (yuk). */ 398 enum isakmp_modecfg_cfg_enum { 399 ISAKMP_MODECFG_CFG_REQUEST = 1, 400 ISAKMP_MODECFG_CFG_REPLY, 401 ISAKMP_MODECFG_CFG_SET, 402 ISAKMP_MODECFG_CFG_ACK 403 }; 404 405 enum isakmp_modecfg_attrib_enum { 406 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_ADDRESS = 1, 407 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NETMASK, 408 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS, 409 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NBNS, 410 ISAKMP_MODECFG_ATTRIB_INTERNAL_ADDRESS_EXPIRY, 411 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DHCP, 412 ISAKMP_MODECFG_ATTRIB_APPLICATION_VERSION, 413 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_ADDRESS, 414 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_NETMASK, 415 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_DNS, 416 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_NBNS, 417 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_DHCP, 418 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET, 419 ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES, 420 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_SUBNET, 421 ISAKMP_XAUTH_06_ATTRIB_TYPE = 0x4088, 422 ISAKMP_XAUTH_06_ATTRIB_USER_NAME, 423 ISAKMP_XAUTH_06_ATTRIB_USER_PASSWORD, 424 ISAKMP_XAUTH_06_ATTRIB_PASSCODE, 425 ISAKMP_XAUTH_06_ATTRIB_MESSAGE, 426 ISAKMP_XAUTH_06_ATTRIB_CHALLENGE, 427 ISAKMP_XAUTH_06_ATTRIB_DOMAIN, 428 ISAKMP_XAUTH_06_ATTRIB_STATUS, 429 ISAKMP_XAUTH_06_ATTRIB_NEXT_PIN, 430 ISAKMP_XAUTH_06_ATTRIB_ANSWER, /* TYPE .. ANSWER is excluded from dump */ 431 ISAKMP_MODECFG_ATTRIB_CISCO_BANNER = 0x7000, 432 ISAKMP_MODECFG_ATTRIB_CISCO_SAVE_PW, 433 ISAKMP_MODECFG_ATTRIB_CISCO_DEF_DOMAIN, 434 ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_DNS, 435 ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_INC, 436 ISAKMP_MODECFG_ATTRIB_CISCO_UDP_ENCAP_PORT, 437 ISAKMP_MODECFG_ATTRIB_CISCO_UNKNOWN, /* whatever 0x7006 is... */ 438 ISAKMP_MODECFG_ATTRIB_CISCO_DO_PFS, 439 ISAKMP_MODECFG_ATTRIB_CISCO_FW_TYPE, 440 ISAKMP_MODECFG_ATTRIB_CISCO_BACKUP_SERVER, 441 ISAKMP_MODECFG_ATTRIB_CISCO_DDNS_HOSTNAME, 442 ISAKMP_XAUTH_ATTRIB_CISCOEXT_VENDOR = 0x7d88 /* strange cisco things ... need docs! */ 443 }; 444 445 #endif 446