IPSecVPN MOST DDF File

Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

4/8/2010

This topic shows the Device Description Framework (DDF) file for the IPSecVPN MOST Configuration Service Provider. DDF files and examples in this topic are used only for OMA DM provisioning. For more information, see OMA Device Management.

	Copy Code
IPsecVPN</NodeName> <Path>./Vendor/MSFT</Path> <DFProperties> <AccessType> <Get /> </AccessType> <Description>Root of the tree with the parameters, policies and settings that define the behavior of the Mobile VPN connection to corporate network using an IPsec VPN.</Description> <DFFormat> <node /> </DFFormat> <Occurrence> <One /> </Occurrence> <Scope> <Permanent /> </Scope> <DFTitle>IPsec VPN root node for Mobile VPN access</DFTitle> <DFType> <DDFName></DDFName> </DFType> <MSFT:AccessRole>8</MSFT:AccessRole> <MSFT:RWAccess>1</MSFT:RWAccess> </DFProperties> <Node> <NodeName>MOST</NodeName> <DFProperties> <AccessType> <Get /> </AccessType> <Description>The MOST feature allows MO defined traffic outside of IPSecVPN tunnel. Examples are MMS, IMS and FOTA. VPN will allow through MOST traffic based on MOST filter URLs matches. MOST URL rules are defined in Connection Manager to direct traffic to correct MetaNetwork or APN. Please see CM_Mappings DDF for more details. CM_Mappings -> CM_Network -> GPRSEntries (APN) CM_Mappings -> GPRSEntries (APN) VPN is monitoring traffic after traffic sent to GPRSEntries (APN). MOST filter URLs will enable VPN to let the traffic go and not drop the traffic.</Description> <DFFormat> <node /> </DFFormat> <Occurrence> <One /> </Occurrence> <Scope> <Permanent /> </Scope> <DFTitle>Mobile Operator Service Traffic (MOST)</DFTitle> <DFType> <DDFName></DDFName> </DFType> <MSFT:AccessRole>4</MSFT:AccessRole> <MSFT:RWAccess>3</MSFT:RWAccess> </DFProperties> <Node> <NodeName>Service[#]</NodeName> <DFProperties> <AccessType> <Add /> <Get /> <Delete /> <Replace /> </AccessType> <Description>A node containing list of resources for each mobile operator service allowed under MOST while Mobile VPN is active. Sub nodes will contain filter rule resources (URLs) that map to specific MO traffic. This node is really for organization of sets of filter rules (URLs). It will allow MO to logically group sections of filter rules (URLs) and update individual sections. The filter rules define which type of traffic VPN will let go outside of VPN IPSec tunnel. You can have multiple Services nodes by defining the following, where [#] represents a number between 1 and 100. For example, Service1, Service2..., Service100 etc. The filter rules (URLs) are a set of shorten URLs. It allows for domain name (www.contoso.com) or IP address (10.10.10.1) only. Protocol, port number, path and filename are NOT allowed. See URL description in the DDF for more information.</Description> <DFFormat> <node /> </DFFormat> <Occurrence> <ZeroOrMore /> </Occurrence> <Scope> <Dynamic /> </Scope> <DFTitle>MOST Service</DFTitle> <DFType> <DDFName></DDFName> </DFType> <MSFT:AccessRole>4</MSFT:AccessRole> <MSFT:RWAccess>3</MSFT:RWAccess> </DFProperties> <Node> <NodeName>URL[#]</NodeName> <DFProperties> <AccessType> <Add /> <Get /> <Delete /> <Replace /> </AccessType> <Description>Represents a filter rule (URL) for a single MO service that Mobile VPN will allow outside of its tunnel. It can be the hostname or IP address associated with the corresponding MO service. The parent node, Service, can contain a number of these filter rules (URLs), where [#] represents a number between 0 and 100. The total number of all URLs in ALL Services must not exceed 100. For example, Service1 -> URL1, URL2... URL50. Service2 -> URL1, URL2... URL30. Service3 -> URL1, URL2... URL20. Each filter rule (URL) is in the following format: DomainORIPAddress. For example, contoso.com. or mms.contoso.com or 10.10.10.1. Not allowed are port number, path and filename. Example of URL that is not allowed: https://contoso:8080/users/authentication.aspx. This is not needed in a filter. Each MO application will know the location.</Description> <DFFormat> <chr /> </DFFormat> <Occurrence> <ZeroOrMore /> </Occurrence> <Scope> <Dynamic /> </Scope> <DFTitle>A URL for MOST Service</DFTitle> <DFType> <MIME>text/plain</MIME> </DFType> <MSFT:AccessRole>4</MSFT:AccessRole> <MSFT:RWAccess>3</MSFT:RWAccess> </DFProperties> </Node> </Node> </Node> </Node> </MgmtTree>

Copy Code

IPsecVPN</NodeName>
		<Path>./Vendor/MSFT</Path>
		<DFProperties>
			<AccessType>
				<Get />
			</AccessType>
			<Description>Root of the tree with the
parameters, policies and settings that define the behavior of the
Mobile VPN connection to corporate network using an IPsec
VPN.</Description>
			<DFFormat>
				<node />
			</DFFormat>
			<Occurrence>
				<One />
			</Occurrence>
			<Scope>
				<Permanent />
			</Scope>
			<DFTitle>IPsec VPN root node for Mobile VPN
access</DFTitle>
			<DFType>
				<DDFName></DDFName>
			</DFType>
			<MSFT:AccessRole>8</MSFT:AccessRole>
			<MSFT:RWAccess>1</MSFT:RWAccess>
		</DFProperties>
		<Node>
			<NodeName>MOST</NodeName>
			<DFProperties>
				<AccessType>
					<Get />
				</AccessType>
				<Description>The MOST feature allows MO
defined traffic outside of IPSecVPN tunnel. Examples are MMS, IMS
and FOTA. VPN will allow through MOST traffic based on MOST filter
URLs matches. MOST URL rules are defined in Connection Manager to
direct traffic to correct MetaNetwork or APN. Please see
CM_Mappings DDF for more details.
CM_Mappings -> CM_Network -> GPRSEntries (APN)
CM_Mappings -> GPRSEntries (APN)
VPN is monitoring traffic after traffic sent to GPRSEntries (APN).
MOST filter URLs will enable VPN to let the traffic go and not drop
the traffic.</Description>
				<DFFormat>
					<node />
				</DFFormat>
				<Occurrence>
					<One />
				</Occurrence>
				<Scope>
					<Permanent />
				</Scope>
				<DFTitle>Mobile Operator Service Traffic
(MOST)</DFTitle>
				<DFType>
					<DDFName></DDFName>
				</DFType>
				<MSFT:AccessRole>4</MSFT:AccessRole>
				<MSFT:RWAccess>3</MSFT:RWAccess>
			</DFProperties>
			<Node>
				<NodeName>Service[#]</NodeName>
				<DFProperties>
					<AccessType>
						<Add />
						<Get />
						<Delete />
						<Replace />
					</AccessType>
					<Description>A node containing list of
resources for each mobile operator service allowed under MOST while
Mobile VPN is active. Sub nodes will contain filter rule resources
(URLs) that map to specific MO traffic. This node is really for
organization of sets of filter rules (URLs). It will allow MO to
logically group sections of filter rules (URLs) and update
individual sections. The filter rules define which type of traffic
VPN will let go outside of VPN IPSec tunnel. 
You can have multiple Services nodes by defining the following,
where [#] represents a number between 1 and 100. For example,
Service1, Service2..., Service100 etc.
The filter rules (URLs) are a set of shorten URLs. It allows for
domain name (www.contoso.com) or IP address (10.10.10.1) only.
Protocol, port number, path and filename are NOT allowed. 
See URL description in the DDF for more
information.</Description>
					<DFFormat>
						<node />
					</DFFormat>
					<Occurrence>
						<ZeroOrMore />
					</Occurrence>
					<Scope>
						<Dynamic />
					</Scope>
					<DFTitle>MOST Service</DFTitle>
					<DFType>
						<DDFName></DDFName>
					</DFType>
				 
<MSFT:AccessRole>4</MSFT:AccessRole>
					<MSFT:RWAccess>3</MSFT:RWAccess>
				</DFProperties>
				<Node>
					<NodeName>URL[#]</NodeName>
					<DFProperties>
						<AccessType>
							<Add />
							<Get />
							<Delete />
							<Replace />
						</AccessType>
						<Description>Represents a filter rule
(URL) for a single MO service that Mobile VPN will allow outside of
its tunnel. It can be the hostname or IP address associated with
the corresponding MO service. The parent node, Service, can contain
a number of these filter rules (URLs), where [#] represents a
number between 0 and 100. The total number of all URLs in ALL
Services must not exceed 100. 
For example, Service1 -> URL1, URL2... URL50. Service2 ->
URL1, URL2... URL30. Service3 -> URL1, URL2... URL20.
Each filter rule (URL) is in the following format:
DomainORIPAddress. For example, contoso.com. or mms.contoso.com or
10.10.10.1. 
Not allowed are port number, path and filename. Example of URL that
is not allowed: https://contoso:8080/users/authentication.aspx. 
This is not needed in a filter. Each MO application will know the
location.</Description>
						<DFFormat>
							<chr />
						</DFFormat>
						<Occurrence>
							<ZeroOrMore />
						</Occurrence>
						<Scope>
							<Dynamic />
						</Scope>
						<DFTitle>A URL for MOST
Service</DFTitle>
						<DFType>
							<MIME>text/plain</MIME>
						</DFType>
					 
<MSFT:AccessRole>4</MSFT:AccessRole>
					 
<MSFT:RWAccess>3</MSFT:RWAccess>
					</DFProperties>
				</Node>
			</Node>
		</Node>
	</Node>
</MgmtTree>

See Also

Concepts