CISCO-GDOI-MIB

File: CISCO-GDOI-MIB.mib (166932 bytes)

Imported modules

SNMPv2-CONF SNMPv2-SMI SNMPv2-TC
CISCO-TC CISCO-SMI

Imported symbols

MODULE-COMPLIANCE NOTIFICATION-GROUP OBJECT-GROUP
MODULE-IDENTITY NOTIFICATION-TYPE OBJECT-TYPE
Counter32 Unsigned32 TEXTUAL-CONVENTION
DisplayString TruthValue CiscoMilliSeconds
ciscoMgmt

Defined Types

CgmGdoiKsStatus  
TEXTUAL-CONVENTION    
  current INTEGER keyServerAlive(1), keyServerDead(2), keyServerUnknown(3)

CgmGdoiKsRole  
TEXTUAL-CONVENTION    
  current INTEGER keyServerPrimary(1), keyServerSecondary(2), keyServerUnknown(3)

CgmGdoiIdentificationType  
TEXTUAL-CONVENTION    
  current INTEGER ipv4Address(1), domainName(2), userName(3), ipv4Subnet(4), ipv6Address(5), ipv6Subnet(6), ipv4Range(7), ipv6Range(8), caDistinguishedName(9), caGeneralName(10), groupNumber(11)

CgmGdoiIdentificationValue  
TEXTUAL-CONVENTION    
  current STRING Size(0..48)

CgmGdoiKekSPI  
TEXTUAL-CONVENTION    
  current STRING Size(16)

CgmGdoiIpProtocolId  
TEXTUAL-CONVENTION    
  current INTEGER ipProtocolUnknown(0), ipProtocolTCP(1), ipProtocolUDP(2)

CgmGdoiKeyManagementAlgorithm  
TEXTUAL-CONVENTION    
  current INTEGER keyMgmtNone(0), keyMgmtLkh(1)

CgmGdoiEncryptionAlgorithm  
TEXTUAL-CONVENTION    
  current INTEGER encrAlgNone(0), encrAlgDes64(1), encrAlgDes(2), encrAlg3Des(3), encrAlgRc5(4), encrAlgIdea(5), encrAlgCast(6), encrAlgBlowfish(7), encrAlg3Idea(8), encrAlgDes32(9), encrAlgRc4(10), encrAlgNull(11), encrAlgAesCbc(12), encrAlgAesCtr(13), encrAlgAesCcm8(14), encrAlgAesCcm12(15), encrAlgAesCcm16(16), encrAlgAesGcm8(18), encrAlgAesGcm12(19), encrAlgAesGcm16(20), encrAlgNullAuthAesGmac(21), encrAlgCamelliaCbc(23), encrAlgCamelliaCtr(24), encrAlgCamelliaCcm8(25), encrAlgCamelliaCcm12(26), encrAlgCamelliaCcm1(27), encrAlgSeedCbc(28)

CgmGdoiPseudoRandomFunction  
TEXTUAL-CONVENTION    
  current INTEGER prfNone(0), prfMd5Hmac(1), prfSha1Hmac(2), prfTigerHmac(3), prfAes128Xcbc(4), prfSha2Hmac256(5), prfSha2Hmac384(6), prfSha2Hmac512(7), prfAes128Cmac(8)

CgmGdoiIntegrityAlgorithm  
TEXTUAL-CONVENTION    
  current INTEGER authAlgNone(0), authAlgMd5Hmac96(1), authAlgSha1Hmac96(2), authAlgDesMac(3), authAlgMd5Kpdk(4), authAlgAesXcbc96(5), authAlgMd5Hmac128(6), authAlgSha1Hmac160(7), authAlgAesCmac96(8), authAlgAes128Gmac(9), authAlgAes192Gmac(10), authAlgAes256Gmac(11), authAlgSha2Hmac256to128(12), authAlgSha2Hmac384to192(13), authAlgSha2Hmac512to256(14)

CgmGdoiSignatureMethod  
TEXTUAL-CONVENTION    
  current INTEGER sigNone(0), sigRsa(1), sigSharedKey(2), sigDss(3), sigEncryptRsa(4), sigRevEncryptRsa(5), sigEcdsa256(9), sigEcdsa384(10), sigEcdsa512(11)

CgmGdoiDiffieHellmanGroup  
TEXTUAL-CONVENTION    
  current INTEGER dhNone(0), dhGroup1(1), dhGroup2(2), dhEc2nGp155(3), dhEc2nGp185(4), dh1536Modp(5), dh2048Modp(14), dh3072Modp(15), dh4096Modp(16), dh6144Modp(17), dh8192Modp(18), dhEcp256(19), dhEcp84(20), dhEcp521(21), dh1024Modp160(22), dh2048Modp224(23), dh2048Modp256(24), dhEcp192(25), dhEcp224(26)

CgmGdoiEncapsulationMode  
TEXTUAL-CONVENTION    
  current INTEGER encapUnknown(0), encapTunnel(1), encapTransport(2), encapUdpTunnel(3), encapUdpTransport(4)

CgmGdoiSecurityProtocol  
TEXTUAL-CONVENTION    
  current INTEGER secProtocolUnknown(0), secProtocolIpsecEsp(1)

CgmGdoiTekSPI  
TEXTUAL-CONVENTION    
  current STRING Size(4)

CgmGdoiKekStatus  
TEXTUAL-CONVENTION    
  current INTEGER inUse(1), new(2), old(3)

CgmGdoiTekStatus  
TEXTUAL-CONVENTION    
  current INTEGER inbound(1), outbound(2), notInUse(3)

CgmGdoiUnsigned16  
TEXTUAL-CONVENTION    
  current STRING Size(2)

CgmGdoiGroupEntry  
SEQUENCE    
  cgmGdoiGroupIdType CgmGdoiIdentificationType
  cgmGdoiGroupIdLength Unsigned32
  cgmGdoiGroupIdValue CgmGdoiIdentificationValue
  cgmGdoiGroupName DisplayString
  cgmGdoiGroupMemberCount Unsigned32
  cgmGdoiGroupActivePeerKeyServerCount Unsigned32
  cgmGdoiGroupLastRekeyRetransmits Unsigned32
  cgmGdoiGroupLastRekeyTimeTaken CiscoMilliSeconds

CgmGdoiKeyServerEntry  
SEQUENCE    
  cgmGdoiKeyServerIdType CgmGdoiIdentificationType
  cgmGdoiKeyServerIdLength Unsigned32
  cgmGdoiKeyServerIdValue CgmGdoiIdentificationValue
  cgmGdoiKeyServerActiveKEK CgmGdoiKekSPI
  cgmGdoiKeyServerRekeysPushed Counter32
  cgmGdoiKeyServerRole CgmGdoiKsRole
  cgmGdoiKeyServerRegisteredGMs Unsigned32

CgmGdoiGmEntry  
SEQUENCE    
  cgmGdoiGmIdType CgmGdoiIdentificationType
  cgmGdoiGmIdLength Unsigned32
  cgmGdoiGmIdValue CgmGdoiIdentificationValue
  cgmGdoiGmRegKeyServerIdType CgmGdoiIdentificationType
  cgmGdoiGmRegKeyServerIdLength Unsigned32
  cgmGdoiGmRegKeyServerIdValue CgmGdoiIdentificationValue
  cgmGdoiGmActiveKEK CgmGdoiKekSPI
  cgmGdoiGmRekeysReceived Counter32
  cgmGdoiGmActiveTEKNum Counter32

CgmGdoiCoopPeerEntry  
SEQUENCE    
  cgmGdoiCoopPeerIdType CgmGdoiIdentificationType
  cgmGdoiCoopPeerIdLength Unsigned32
  cgmGdoiCoopPeerIdValue CgmGdoiIdentificationValue
  cgmGdoiCoopPeerRole CgmGdoiKsRole
  cgmGdoiCoopPeerStatus CgmGdoiKsStatus
  cgmGdoiCoopPeerRegisteredGMs Unsigned32

CgmGdoiKsKekEntry  
SEQUENCE    
  cgmGdoiKsKekIndex Unsigned32
  cgmGdoiKsKekSPI CgmGdoiKekSPI
  cgmGdoiKsKekSrcIdType CgmGdoiIdentificationType
  cgmGdoiKsKekSrcIdLength Unsigned32
  cgmGdoiKsKekSrcIdValue CgmGdoiIdentificationValue
  cgmGdoiKsKekSrcIdPort CgmGdoiUnsigned16
  cgmGdoiKsKekDstIdType CgmGdoiIdentificationType
  cgmGdoiKsKekDstIdLength Unsigned32
  cgmGdoiKsKekDstIdValue CgmGdoiIdentificationValue
  cgmGdoiKsKekDstIdPort CgmGdoiUnsigned16
  cgmGdoiKsKekIpProtocol CgmGdoiIpProtocolId
  cgmGdoiKsKekMgmtAlg CgmGdoiKeyManagementAlgorithm
  cgmGdoiKsKekEncryptAlg CgmGdoiEncryptionAlgorithm
  cgmGdoiKsKekEncryptKeyLength Unsigned32
  cgmGdoiKsKekSigHashAlg CgmGdoiPseudoRandomFunction
  cgmGdoiKsKekSigAlg CgmGdoiSignatureMethod
  cgmGdoiKsKekSigKeyLength Unsigned32
  cgmGdoiKsKekOakleyGroup CgmGdoiDiffieHellmanGroup
  cgmGdoiKsKekOriginalLifetime Unsigned32
  cgmGdoiKsKekRemainingLifetime Unsigned32
  cgmGdoiKsKekStatus CgmGdoiKekStatus

CgmGdoiGmKekEntry  
SEQUENCE    
  cgmGdoiGmKekIndex Unsigned32
  cgmGdoiGmKekSPI CgmGdoiKekSPI
  cgmGdoiGmKekSrcIdType CgmGdoiIdentificationType
  cgmGdoiGmKekSrcIdLength Unsigned32
  cgmGdoiGmKekSrcIdValue CgmGdoiIdentificationValue
  cgmGdoiGmKekSrcIdPort CgmGdoiUnsigned16
  cgmGdoiGmKekDstIdType CgmGdoiIdentificationType
  cgmGdoiGmKekDstIdLength Unsigned32
  cgmGdoiGmKekDstIdValue CgmGdoiIdentificationValue
  cgmGdoiGmKekDstIdPort CgmGdoiUnsigned16
  cgmGdoiGmKekIpProtocol CgmGdoiIpProtocolId
  cgmGdoiGmKekMgmtAlg CgmGdoiKeyManagementAlgorithm
  cgmGdoiGmKekEncryptAlg CgmGdoiEncryptionAlgorithm
  cgmGdoiGmKekEncryptKeyLength Unsigned32
  cgmGdoiGmKekSigHashAlg CgmGdoiPseudoRandomFunction
  cgmGdoiGmKekSigAlg CgmGdoiSignatureMethod
  cgmGdoiGmKekSigKeyLength Unsigned32
  cgmGdoiGmKekOakleyGroup CgmGdoiDiffieHellmanGroup
  cgmGdoiGmKekOriginalLifetime Unsigned32
  cgmGdoiGmKekRemainingLifetime Unsigned32
  cgmGdoiGmKekStatus CgmGdoiKekStatus

CgmGdoiKsTekSelectorEntry  
SEQUENCE    
  cgmGdoiKsTekSelectorIndex Unsigned32
  cgmGdoiKsTekSrcIdType CgmGdoiIdentificationType
  cgmGdoiKsTekSrcIdLength Unsigned32
  cgmGdoiKsTekSrcIdValue CgmGdoiIdentificationValue
  cgmGdoiKsTekSrcIdPort CgmGdoiUnsigned16
  cgmGdoiKsTekDstIdType CgmGdoiIdentificationType
  cgmGdoiKsTekDstIdLength Unsigned32
  cgmGdoiKsTekDstIdValue CgmGdoiIdentificationValue
  cgmGdoiKsTekDstIdPort CgmGdoiUnsigned16
  cgmGdoiKsTekSecurityProtocol CgmGdoiSecurityProtocol

CgmGdoiKsTekPolicyEntry  
SEQUENCE    
  cgmGdoiKsTekPolicyIndex Unsigned32
  cgmGdoiKsTekSPI CgmGdoiTekSPI
  cgmGdoiKsTekEncapsulationMode CgmGdoiEncapsulationMode
  cgmGdoiKsTekEncryptionAlgorithm CgmGdoiEncryptionAlgorithm
  cgmGdoiKsTekEncryptionKeyLength Unsigned32
  cgmGdoiKsTekIntegrityAlgorithm CgmGdoiIntegrityAlgorithm
  cgmGdoiKsTekIntegrityKeyLength Unsigned32
  cgmGdoiKsTekWindowSize Unsigned32
  cgmGdoiKsTekOriginalLifetime Unsigned32
  cgmGdoiKsTekRemainingLifetime Unsigned32
  cgmGdoiKsTekStatus CgmGdoiTekStatus

CgmGdoiGmTekSelectorEntry  
SEQUENCE    
  cgmGdoiGmTekSelectorIndex Unsigned32
  cgmGdoiGmTekSrcIdType CgmGdoiIdentificationType
  cgmGdoiGmTekSrcIdLength Unsigned32
  cgmGdoiGmTekSrcIdValue CgmGdoiIdentificationValue
  cgmGdoiGmTekSrcIdPort CgmGdoiUnsigned16
  cgmGdoiGmTekDstIdType CgmGdoiIdentificationType
  cgmGdoiGmTekDstIdLength Unsigned32
  cgmGdoiGmTekDstIdValue CgmGdoiIdentificationValue
  cgmGdoiGmTekDstIdPort CgmGdoiUnsigned16
  cgmGdoiGmTekSecurityProtocol CgmGdoiSecurityProtocol

CgmGdoiGmTekPolicyEntry  
SEQUENCE    
  cgmGdoiGmTekPolicyIndex Unsigned32
  cgmGdoiGmTekSPI CgmGdoiTekSPI
  cgmGdoiGmTekEncapsulationMode CgmGdoiEncapsulationMode
  cgmGdoiGmTekEncryptionAlgorithm CgmGdoiEncryptionAlgorithm
  cgmGdoiGmTekEncryptionKeyLength Unsigned32
  cgmGdoiGmTekIntegrityAlgorithm CgmGdoiIntegrityAlgorithm
  cgmGdoiGmTekIntegrityKeyLength Unsigned32
  cgmGdoiGmTekWindowSize Unsigned32
  cgmGdoiGmTekOriginalLifetime Unsigned32
  cgmGdoiGmTekRemainingLifetime Unsigned32
  cgmGdoiGmTekStatus CgmGdoiTekStatus

Defined Values

ciscoGdoiMIB 1.3.6.1.4.1.9.9.759
This MIB module defines objects for managing the GDOI protocol. Copyright (c) The IETF Trust (2010). This version of this MIB module is based on RFC 6407; see the RFC itself for full legal notices.
MODULE-IDENTITY    

cgmGdoiMIBNotifications 1.3.6.1.4.1.9.9.759.0
OBJECT IDENTIFIER    

cgmGdoiMIBObjects 1.3.6.1.4.1.9.9.759.1
OBJECT IDENTIFIER    

cgmGdoiMIBConformance 1.3.6.1.4.1.9.9.759.2
OBJECT IDENTIFIER    

cgmGdoiKeyServerNewRegistration 1.3.6.1.4.1.9.9.759.0.1
A notification from a Key Server sent when a new Group Member registers to a GDOI Group. This is equivalent to a Key Server receiving the first message of a GROUPKEY-PULL exchange from a Group Member.
NOTIFICATION-TYPE    

cgmGdoiKeyServerRegistrationComplete 1.3.6.1.4.1.9.9.759.0.2
A notification from a Key Server sent when a Group Member has successfully registered to itself. This is equivalent to a Key Server sending the last message of a GROUPKEY-PULL exchange to the Group Member currently registering containing KEKs, TEKs, and their associated policies.
NOTIFICATION-TYPE    

cgmGdoiKeyServerRekeyPushed 1.3.6.1.4.1.9.9.759.0.3
A notification from a Key Server sent when a GROUPKEY-PUSH message is sent to refresh KEK(s) and or TEK(s). A rekey is sent periodically by a Key Server based on a configured time to the Group Members registered to its GDOI Group.
NOTIFICATION-TYPE    

cgmGdoiKeyServerNoRsaKeys 1.3.6.1.4.1.9.9.759.0.4
An error notification from a Key Server sent when an RSA key is not setup. Each Key Server and Group Member needs to have an RSA key established. The Key Server signs the TEK rekeys using this RSA key, also called a Key Encryption Key (KEK). The Group Member verifies the authenticity of the TEK rekey using this RSA key.
NOTIFICATION-TYPE    

cgmGdoiGmRegister 1.3.6.1.4.1.9.9.759.0.5
A notification from a Group Member when it is starting to register with its GDOI Group's Key Server. Registration includes downloading keying & security association material. This is equivalent to a Group Member or Initiator sending the first message of a GROUPKEY-PULL exchange to its Group's Key Server.
NOTIFICATION-TYPE    

cgmGdoiGmRegistrationComplete 1.3.6.1.4.1.9.9.759.0.6
A notification from a Group Member when it has successfully registered with a Key Server in its GDOI Group. This is equivalent to a Group Member receiving the last message of a GROUPKEY-PULL exchange from the Key Server containing KEKs, TEKs, and their associated policies.
NOTIFICATION-TYPE    

cgmGdoiGmReRegister 1.3.6.1.4.1.9.9.759.0.7
A notification from a Group Member when it is starting to re-register with a Key Server in its GDOI Group. A Group Member needs to re-register to the key server if its keying & security association material has expired and it has not received a rekey from the key server to refresh the material. This is equivalent to a Group Member sending the first message of a GROUPKEY-PULL exchange to the Key Server of a Group it is already registered with.
NOTIFICATION-TYPE    

cgmGdoiGmRekeyReceived 1.3.6.1.4.1.9.9.759.0.8
A notification from a Group Member when it has successfully received and processed a rekey from a Key Server in its GDOI Group. Periodically the key server sends a rekey to refresh the keying & security association material. This is equivalent to a Group Member receiving a GROUPKEY-PUSH message from the Key Server of the Group it is already registered with.
NOTIFICATION-TYPE    

cgmGdoiGmIncompleteCfg 1.3.6.1.4.1.9.9.759.0.9
An error notification from a Group Member when there is necessary information missing from the policy/configuration of a Group Member on an interface when it tries to register with a Key Server in its GDOI Group. If the GDOI Group configuration is not complete on a Group Member, it will not be able to register to the Key Server.
NOTIFICATION-TYPE    

cgmGdoiGmNoIpSecFlows 1.3.6.1.4.1.9.9.759.0.10
An error notification from a Group Member when no more security associations can be installed after receiving its keying & security association material. When the Group Member receives the security association materials, it has to install the cryptographic keys and policies. If there is not enough memory to install these materials, there will be an error thrown.
NOTIFICATION-TYPE    

cgmGdoiGmRekeyFailure 1.3.6.1.4.1.9.9.759.0.11
An error notification from a Group Member when it is unable to successfully process and install a rekey (GROUPKEY-PUSH message) sent by the Key Server in its Group that it is registered with.
NOTIFICATION-TYPE    

cgmGdoiKeyServerRoleChange 1.3.6.1.4.1.9.9.759.0.12
This notification is generated when a Key Server changes it's role from Primary to Secondary or vice-versa. The varbinds encapsulate the Group information, the Key Server identifier and the role it has moved to.
NOTIFICATION-TYPE    

cgmGdoiKeyServerGmDeleted 1.3.6.1.4.1.9.9.759.0.13
This notification is generated when a Group Member is deleted from a Key Server. The varbinds encapsulate the Group information, the Key Server identifier and the Group Member identifier which is deleted.
NOTIFICATION-TYPE    

cgmGdoiKeyServerPeerReachable 1.3.6.1.4.1.9.9.759.0.14
This notification is generated from a Key Server when an unreachable peer Key Server becomes reachable. The varbinds encapsulate the Group information, the Key Server identifier and the peer Key Server identifier.
NOTIFICATION-TYPE    

cgmGdoiKeyServerPeerUnreachable 1.3.6.1.4.1.9.9.759.0.15
This notification is generated from a Key Server when a reachable peer Key Server becomes unreachable. The varbinds encapsulate the Group information, the Key Server identifier and the peer Key Server identifier.
NOTIFICATION-TYPE    

cgmGdoiGroupTable 1.3.6.1.4.1.9.9.759.1.1
A table of information regarding GDOI Groups in use on the network device being queried.
OBJECT-TYPE    
  SEQUENCE OF  
    CgmGdoiGroupEntry

cgmGdoiGroupEntry 1.3.6.1.4.1.9.9.759.1.1.1
An entry containing GDOI Group information, uniquely identified by the GDOI Group ID.
OBJECT-TYPE    
  CgmGdoiGroupEntry  

cgmGdoiGroupIdType 1.3.6.1.4.1.9.9.759.1.1.1.1
The Identification Type Value used to parse a GDOI Group ID. The GDOI RFC 3547 defines the types that can be used as a GDOI Group ID, and RFC 4306 defines all valid types that can be used as an identifier. This Group ID type is sent as the 'ID Type' field of the Identification Payload for a GDOI GROUPKEY-PULL exchange.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiGroupIdLength 1.3.6.1.4.1.9.9.759.1.1.1.2
The length (i.e. number of octets) of a Group ID. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGroupIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'Payload Length' (subtracting the generic header length) of the Identification Payload for a GDOI GROUPKEY-PULL exchange.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGroupIdValue 1.3.6.1.4.1.9.9.759.1.1.1.3
The value of a Group ID with its type indicated by the cgmGdoiGroupIdType. Use the cgmGdoiGroupIdType to parse the Group ID correctly. This Group ID value is sent as the 'Identification Data' field of the Identification Payload for a GDOI GROUPKEY-PULL exchange.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiGroupName 1.3.6.1.4.1.9.9.759.1.1.1.4
The string-readable name configured for or given to a GDOI Group.
OBJECT-TYPE    
  DisplayString  

cgmGdoiGroupMemberCount 1.3.6.1.4.1.9.9.759.1.1.1.5
The count of registered Group Members to this group, on a Key Server.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGroupActivePeerKeyServerCount 1.3.6.1.4.1.9.9.759.1.1.1.6
The count of the active Key Server sessions between the local Key Server and peer Key Servers for this group.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGroupLastRekeyRetransmits 1.3.6.1.4.1.9.9.759.1.1.1.7
This variable returns the cummulative count of number of rekey messages and retransmits during the last cycle of rekey. This count displays the information pertaining to Group Members only (and is not related to any sync operation pertaining to peer Key Servers). This information is a reflection of rekey operation on a Primary Key Server, and is not available for Secondary Key Server(s), because they do not perform rekeys and do not receive any ACKs. While a rekey is in progress, this variable will give information of the last rekey operation.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGroupLastRekeyTimeTaken 1.3.6.1.4.1.9.9.759.1.1.1.8
This variable returns the duration (in milliseconds) of the last rekey operation. This information is valid for a Primary Key Server, and is not available with Secondary Key Server(s), because they do not perform rekeys and do not receive any ACKs. While a rekey is in progress, this variable will give information of the last rekey operation.
OBJECT-TYPE    
  CiscoMilliSeconds  

cgmGdoiPeers 1.3.6.1.4.1.9.9.759.1.2
OBJECT IDENTIFIER    

cgmGdoiSecAssociations 1.3.6.1.4.1.9.9.759.1.3
OBJECT IDENTIFIER    

cgmGdoiNotifCntl 1.3.6.1.4.1.9.9.759.1.4
OBJECT IDENTIFIER    

cgmGdoiNotifVars 1.3.6.1.4.1.9.9.759.1.5
OBJECT IDENTIFIER    

cgmGdoiKeyServerTable 1.3.6.1.4.1.9.9.759.1.2.1
A table of information for the GDOI group from the perspective of the Key Servers (GCKSs) on the network device being queried.
OBJECT-TYPE    
  SEQUENCE OF  
    CgmGdoiKeyServerEntry

cgmGdoiKeyServerEntry 1.3.6.1.4.1.9.9.759.1.2.1.1
An entry containing GDOI Key Server (KS) information, uniquely identified by the Group & Key Server IDs.
OBJECT-TYPE    
  CgmGdoiKeyServerEntry  

cgmGdoiKeyServerIdType 1.3.6.1.4.1.9.9.759.1.2.1.1.1
The Identification Type Value used to parse the identity information for a Key Server. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiKeyServerIdLength 1.3.6.1.4.1.9.9.759.1.2.1.1.2
The length (i.e. number of octets) of a Key Server ID. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiKeyServerIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' and 'DST ID Data Len' fields sent in the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKeyServerIdValue 1.3.6.1.4.1.9.9.759.1.2.1.1.3
The value of the identity information for a Key Server with its type indicated by the cgmGdoiKeyServerIdType. Use the cgmGdoiKeyServerIdType to parse the Key Server ID correctly. This Key Server ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiKeyServerActiveKEK 1.3.6.1.4.1.9.9.759.1.2.1.1.4
The SPI of the Key Encryption Key (KEK) that is currently being used by the Key Server to encrypt the GROUPKEY-PUSH keying & security association material sent to the Key Server's registered Group Members.
OBJECT-TYPE    
  CgmGdoiKekSPI  

cgmGdoiKeyServerRekeysPushed 1.3.6.1.4.1.9.9.759.1.2.1.1.5
The sequence number of the last rekey sent from the Key Server to its registered Group Members for this GDOI group.
OBJECT-TYPE    
  Counter32  

cgmGdoiKeyServerRole 1.3.6.1.4.1.9.9.759.1.2.1.1.6
The current role of the queried Key Server for the Group.
OBJECT-TYPE    
  CgmGdoiKsRole  

cgmGdoiKeyServerRegisteredGMs 1.3.6.1.4.1.9.9.759.1.2.1.1.7
The count of registered Group Members to the Key Server identified by the index.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmTable 1.3.6.1.4.1.9.9.759.1.2.2
A table of information regarding GDOI Group Members (GMs) locally configured on the network device being queried. Note that Local Group Members may or may not be registered to a Key Server in its GDOI Group on the same network device being queried.
OBJECT-TYPE    
  SEQUENCE OF  
    CgmGdoiGmEntry

cgmGdoiGmEntry 1.3.6.1.4.1.9.9.759.1.2.2.1
An entry containing Local GDOI Group Member information, uniquely identified by Group & GM IDs. Because the Group Member is Local to the network device being queried, TEKs installed for this Group Member can be queried as well.
OBJECT-TYPE    
  CgmGdoiGmEntry  

cgmGdoiGmIdType 1.3.6.1.4.1.9.9.759.1.2.2.1.1
The Identification Type Value used to parse the identity information for a Initiator or Group Member. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiGmIdLength 1.3.6.1.4.1.9.9.759.1.2.2.1.2
The length (i.e. number of octets) of a Group Member ID. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' and 'DST ID Data Len' fields sent in the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmIdValue 1.3.6.1.4.1.9.9.759.1.2.2.1.3
The value of the identity information for a Group Member with its type indicated by the cgmGdoiGmIdType. Use the cgmGdoiGmIdType to parse the Group Member ID correctly. This Group Member ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiGmRegKeyServerIdType 1.3.6.1.4.1.9.9.759.1.2.2.1.4
The Identification Type Value used to parse the identity information of this Group Member's registered Key Server. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiGmRegKeyServerIdLength 1.3.6.1.4.1.9.9.759.1.2.2.1.5
The length (i.e. number of octets) of the registered Key Server's ID. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmRegKeyServerIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' and 'DST ID Data Len' fields sent in the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmRegKeyServerIdValue 1.3.6.1.4.1.9.9.759.1.2.2.1.6
The value of the identity information for this Group Member's registered Key Server with its type indicated by the cgmGdoiGmRegKeyServerIdType. Use the cgmGdoiGmRegKeyServerIdType to parse the registered Key Server's ID correctly. This Key Server ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiGmActiveKEK 1.3.6.1.4.1.9.9.759.1.2.2.1.7
The SPI of the Key Encryption Key (KEK) that is currently being used by the Group Member to authenticate & decrypt a rekey from a GROUPKEY-PUSH message.
OBJECT-TYPE    
  CgmGdoiKekSPI  

cgmGdoiGmRekeysReceived 1.3.6.1.4.1.9.9.759.1.2.2.1.8
The sequence number of the last rekey successfully received from this Group Member's registered Key Server.
OBJECT-TYPE    
  Counter32  

cgmGdoiGmActiveTEKNum 1.3.6.1.4.1.9.9.759.1.2.2.1.9
The number of active traffic encryption keys (TEKS) currently being used by the Group Member to encrypt/decrypt/authenticate dataplane traffic.
OBJECT-TYPE    
  Counter32  

cgmGdoiCoopPeerTable 1.3.6.1.4.1.9.9.759.1.2.3
A table of information for the COOP peer(s). The information populated in this table, is extracted from the COOP messages exchanged between the local KS (device being queried) and the COOP Peer(s).
OBJECT-TYPE    
  SEQUENCE OF  
    CgmGdoiCoopPeerEntry

cgmGdoiCoopPeerEntry 1.3.6.1.4.1.9.9.759.1.2.3.1
An entry containing COOP Peer Key Server's (KS) information, uniquely identified by the Group & Peer Key Server IDs.
OBJECT-TYPE    
  CgmGdoiCoopPeerEntry  

cgmGdoiCoopPeerIdType 1.3.6.1.4.1.9.9.759.1.2.3.1.1
The Identification Type Value used to parse the identity information for a Key Server. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiCoopPeerIdLength 1.3.6.1.4.1.9.9.759.1.2.3.1.2
The length (i.e. number of octets) of a Peer (Key Server) ID. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiCoopPeerIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' and 'DST ID Data Len' fields sent in the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiCoopPeerIdValue 1.3.6.1.4.1.9.9.759.1.2.3.1.3
The value of the identity information for a COOP Key Server with its type indicated by the cgmGdoiCoopPeerIdType. Use the cgmGdoiCoopPeerIdType to parse the COOP Peer (Key Server) ID correctly. This COOP Peer (Key Server) ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiCoopPeerRole 1.3.6.1.4.1.9.9.759.1.2.3.1.4
The current role of the COOP Peer (Key Server) for the Group.
OBJECT-TYPE    
  CgmGdoiKsRole  

cgmGdoiCoopPeerStatus 1.3.6.1.4.1.9.9.759.1.2.3.1.5
The current status of the COOP Peer (Key Server) as seen from the local Key Server.
OBJECT-TYPE    
  CgmGdoiKsStatus  

cgmGdoiCoopPeerRegisteredGMs 1.3.6.1.4.1.9.9.759.1.2.3.1.6
The count of registered Group Members to the COOP Peer (Key Server) identified by the index.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsKekTable 1.3.6.1.4.1.9.9.759.1.3.1
A table of information regarding GDOI Key Encryption Key (KEK) Policies & Security Associations (SAs) currently configured/installed for GDOI entities acting as Key Servers on the network device being queried. There is one entry in this table for each KEK Policy/SA that has been configured/installed. Each KEK Policy/SA is uniquely identified by a SPI at any given time.
OBJECT-TYPE    
  SEQUENCE OF  
    CgmGdoiKsKekEntry

cgmGdoiKsKekEntry 1.3.6.1.4.1.9.9.759.1.3.1.1
An entry containing the attributes associated with a GDOI KEK Policy/SA, uniquely identified by the Group ID, Key Server ID, & SPI value assigned by the given Key Server to the KEK. There will be at least one KEK Policy/SA entry for each Key Server & two KEK Policy/SA entries for a given Key Server only during a KEK rekey when a new KEK is created/installed. The KEK SPI is unique for every KEK for a given Key Server.
OBJECT-TYPE    
  CgmGdoiKsKekEntry  

cgmGdoiKsKekIndex 1.3.6.1.4.1.9.9.759.1.3.1.1.1
The index of the KS KEK.The value of the index is a number which begins at one and is incremented with each KS KEK that is to be created by the KS for that GDOI group.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsKekSPI 1.3.6.1.4.1.9.9.759.1.3.1.1.2
The value of the Security Parameter Index (SPI) of a KEK Policy/SA. The SPI must be the ISAKMP Header cookie pair where the first 8 octets become the 'Initiator Cookie' field of the GROUPKEY-PUSH message ISAKMP HDR, and the second 8 octets become the 'Responder Cookie' in the same HDR. As described above, these cookies are assigned by the GCKS.
OBJECT-TYPE    
  CgmGdoiKekSPI  

cgmGdoiKsKekSrcIdType 1.3.6.1.4.1.9.9.759.1.3.1.1.3
The Identification Type Value used to parse the identity information for the source of a KEK Policy/SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'SRC ID Type' of the KEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiKsKekSrcIdLength 1.3.6.1.4.1.9.9.759.1.3.1.1.4
The length (i.e. number of octets) of the source ID of a KEK Policy/SA. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiKsKekSrcIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' field sent in the KEK payload.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsKekSrcIdValue 1.3.6.1.4.1.9.9.759.1.3.1.1.5
The value of the identity information for the source of a KEK Policy/SA with its type indicated by the cgmGdoiKsKekSrcIdType. Use the cgmGdoiKsKekSrcIdType to parse the KEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a KEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiKsKekSrcIdPort 1.3.6.1.4.1.9.9.759.1.3.1.1.6
The value specifying a port associated with the source ID of a KEK Policy/SA. A value of zero means that the port should be ignored. This port value is sent as the `SRC ID Port` field of a KEK payload.
OBJECT-TYPE    
  CgmGdoiUnsigned16  

cgmGdoiKsKekDstIdType 1.3.6.1.4.1.9.9.759.1.3.1.1.7
The Identification Type Value used to parse the identity information for the dest. of a KEK Policy/SA (multicast rekey address). RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'DST ID Type' of the KEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiKsKekDstIdLength 1.3.6.1.4.1.9.9.759.1.3.1.1.8
The length (i.e. number of octets) of the destination ID of a KEK Policy/SA (multicast rekey address). If no length is given (i.e. it has a valueof 0), the default length of its cgmGdoiKsKekDstIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'DST ID Data Len' field sent in the KEK payload.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsKekDstIdValue 1.3.6.1.4.1.9.9.759.1.3.1.1.9
The value of the identity information for the destination of a KEK Policy/SA (multicast rekey address) with its type indicated by the cgmGdoiKsKekDstIdType. Use the cgmGdoiKsKekDstIdType to parse the KEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a KEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiKsKekDstIdPort 1.3.6.1.4.1.9.9.759.1.3.1.1.10
The value specifying a port associated with the dest. ID of a KEK Policy/SA. A value of zero means that the port should be ignored. This port value is sent as the `DST ID Port` field of a KEK payload.
OBJECT-TYPE    
  CgmGdoiUnsigned16  

cgmGdoiKsKekIpProtocol 1.3.6.1.4.1.9.9.759.1.3.1.1.11
The value of the IP protocol ID (e.g. UDP/TCP) being used for the rekey datagram.
OBJECT-TYPE    
  CgmGdoiIpProtocolId  

cgmGdoiKsKekMgmtAlg 1.3.6.1.4.1.9.9.759.1.3.1.1.12
The value of the KEK_MANAGEMENT_ALGORITHM which specifies the group KEK management algorithm used to provide forward or backward access control (i.e. used to exclude group members). KEK Management Type Value ------------------- ----- RESERVED 0 LKH 1 RESERVED 2-127 Private Use 128-255
OBJECT-TYPE    
  CgmGdoiKeyManagementAlgorithm  

cgmGdoiKsKekEncryptAlg 1.3.6.1.4.1.9.9.759.1.3.1.1.13
The value of the KEK_ALGORITHM which specifies the encryption algorithm used with the KEK Policy/SA. A GDOI implementaiton must support KEK_ALG_3DES. Following are the KEK encryption algoritm values defined in the GDOI RFC 3547, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 KEK_ALG_DES 1 KEK_ALG_3DES 2 KEK_ALG_AES 3 RESERVED 4-127 Private Use 128-255
OBJECT-TYPE    
  CgmGdoiEncryptionAlgorithm  

cgmGdoiKsKekEncryptKeyLength 1.3.6.1.4.1.9.9.759.1.3.1.1.14
The value of the KEK_KEY_LENGTH which specifies the KEK Algorithm key length (in bits).
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsKekSigHashAlg 1.3.6.1.4.1.9.9.759.1.3.1.1.15
The value of the SIG_HASH_ALGORITHM which specifies the SIG payload hash algorithm. This is not required (i.e. could have a value of zero) if the SIG_ALGORITHM is SIG_ALG_DSS or SIG_ALG_ECDSS, which imply SIG_HASH_SHA1 (i.e. must have a value of zero or SIG_HASH_SHA1). Following are the Signature Hash Algorithm values defined in the GDOI RFC 3547, however the CgmGdoiPseudoRandomFunction TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 SIG_HASH_MD5 1 SIG_HASH_SHA1 2 RESERVED 3-127 Private Use 128-255
OBJECT-TYPE    
  CgmGdoiPseudoRandomFunction  

cgmGdoiKsKekSigAlg 1.3.6.1.4.1.9.9.759.1.3.1.1.16
The value of the SIG_ALGORITHM which specifies the SIG payload signature algorithm. A GDOI implementation must support SIG_ALG_RSA. Following are the Signature Algorithm values defined in the GDOI RFC 3547, however the CgmGdoiSignatureMethod TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 SIG_ALG_RSA 1 SIG_ALG_DSS 2 SIG_ALG_ECDSS 3 RESERVED 4-127 Private Use 128-255
OBJECT-TYPE    
  CgmGdoiSignatureMethod  

cgmGdoiKsKekSigKeyLength 1.3.6.1.4.1.9.9.759.1.3.1.1.17
The value of the SIG_KEY_LENGTH which specifies the length of the SIG payload key.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsKekOakleyGroup 1.3.6.1.4.1.9.9.759.1.3.1.1.18
The value of the KE_OAKLEY_GROUP which specifies the OAKLEY or Diffie-Hellman Group used to compute the PFS secret in the optional KE payload of the GDOI GROUPKEY-PULL exchange.
OBJECT-TYPE    
  CgmGdoiDiffieHellmanGroup  

cgmGdoiKsKekOriginalLifetime 1.3.6.1.4.1.9.9.759.1.3.1.1.19
The value of the KEK_KEY_LIFETIME which specifies the maximum time for which a KEK is valid. The GCKS may refresh the KEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsKekRemainingLifetime 1.3.6.1.4.1.9.9.759.1.3.1.1.20
The value of the remaining time for which a KEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of cgmGdoiKsKekOriginalLifetime when the KEK is sent and counts down to zero in seconds. If the lifetime has already expired, this value should remain at zero (0) until the Key Server refreshes the KEK.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsKekStatus 1.3.6.1.4.1.9.9.759.1.3.1.1.21
The status of the KEK Policy/SA. When this status value is queried, one of the following is returned: inUse(1), new(2), old(3).
OBJECT-TYPE    
  CgmGdoiKekStatus  

cgmGdoiGmKekTable 1.3.6.1.4.1.9.9.759.1.3.2
A table of information regarding GDOI Key Encryption Key (KEK) Security Associations (SAs) currently installed for GDOI entities acting as Group Members on the network device being queried. There is one entry in this table for each KEK SA that has been installed and not yet deleted. Each KEK SA is uniquely identified by a SPI at any given time.
OBJECT-TYPE    
  SEQUENCE OF  
    CgmGdoiGmKekEntry

cgmGdoiGmKekEntry 1.3.6.1.4.1.9.9.759.1.3.2.1
An entry containing the attributes associated with a GDOI KEK SA, uniquely identified by the Group ID, Group Member (GM) ID, & SPI value assigned by the GM's registered Key Server to the KEK. There will be at least one KEK SA entry for each GM & two KEK SA entries for a given GM only during a KEK rekey when a new KEK is received & installed. The KEK SPI is unique for every KEK for a given Group Member.
OBJECT-TYPE    
  CgmGdoiGmKekEntry  

cgmGdoiGmKekIndex 1.3.6.1.4.1.9.9.759.1.3.2.1.1
The index of the GM KEK in table.The value of the index is a number which begins at one and is incremented with each KEK that is used by the GM for that GDOI group.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmKekSPI 1.3.6.1.4.1.9.9.759.1.3.2.1.2
The value of the Security Parameter Index (SPI) of a KEK SA. The SPI must be the ISAKMP Header cookie pair where the first 8 octets become the 'Initiator Cookie' field of the GROUPKEY-PUSH message ISAKMP HDR, and the second 8 octets become the 'Responder Cookie' in the same HDR. As described above, these cookies are assigned by the GCKS.
OBJECT-TYPE    
  CgmGdoiKekSPI  

cgmGdoiGmKekSrcIdType 1.3.6.1.4.1.9.9.759.1.3.2.1.3
The Identification Type Value used to parse the identity information for the source of a KEK SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'SRC ID Type' of the KEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiGmKekSrcIdLength 1.3.6.1.4.1.9.9.759.1.3.2.1.4
The length (i.e. number of octets) of the source ID of a KEK SA. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmKekSrcIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' field sent in the KEK payload.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmKekSrcIdValue 1.3.6.1.4.1.9.9.759.1.3.2.1.5
The value of the identity information for the source of a KEK SA with its type indicated by the cgmGdoiGmKekSrcIdType. Use the cgmGdoiGmKekSrcIdType to parse the KEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a KEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiGmKekSrcIdPort 1.3.6.1.4.1.9.9.759.1.3.2.1.6
The value specifying a port associated with the source ID of a KEK SA. A value of zero means that the port should be ignored. This port value is sent as the `SRC ID Port` field of a KEK payload.
OBJECT-TYPE    
  CgmGdoiUnsigned16  

cgmGdoiGmKekDstIdType 1.3.6.1.4.1.9.9.759.1.3.2.1.7
The Identification Type Value used to parse the identity information for the dest. (multicast rekey address) of a KEK SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'DST ID Type' of the KEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiGmKekDstIdLength 1.3.6.1.4.1.9.9.759.1.3.2.1.8
The length (i.e. number of octets) of the destination ID of a KEK SA. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmKekDstIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'DST ID Data Len' field sent in the KEK payload.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmKekDstIdValue 1.3.6.1.4.1.9.9.759.1.3.2.1.9
The value of the identity information for the destination of a KEK SA (multicast rekey address) with its type indicated by cgmGdoiGmKekDstIdType. Use the cgmGdoiGmKekDstIdType to parse the KEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a KEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiGmKekDstIdPort 1.3.6.1.4.1.9.9.759.1.3.2.1.10
The value specifying a port associated with the dest. ID of a KEK SA. A value of zero means that the port should be ignored. This port value is sent as the `DST ID Port` field of a KEK payload.
OBJECT-TYPE    
  CgmGdoiUnsigned16  

cgmGdoiGmKekIpProtocol 1.3.6.1.4.1.9.9.759.1.3.2.1.11
The value of the IP protocol ID (e.g. UDP/TCP) being used for the rekey datagram.
OBJECT-TYPE    
  CgmGdoiIpProtocolId  

cgmGdoiGmKekMgmtAlg 1.3.6.1.4.1.9.9.759.1.3.2.1.12
The value of the KEK_MANAGEMENT_ALGORITHM which specifies the group KEK management algorithm used to provide forward or backward access control (i.e. used to exclude group members). KEK Management Type Value ------------------- ----- RESERVED 0 LKH 1 RESERVED 2-127 Private Use 128-255
OBJECT-TYPE    
  CgmGdoiKeyManagementAlgorithm  

cgmGdoiGmKekEncryptAlg 1.3.6.1.4.1.9.9.759.1.3.2.1.13
The value of the KEK_ALGORITHM which specifies the encryption algorithm used with the KEK SA. A GDOI implementaiton must support KEK_ALG_3DES. Following are the KEK encryption algoritm values defined in the GDOI RFC 3547, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 KEK_ALG_DES 1 KEK_ALG_3DES 2 KEK_ALG_AES 3 RESERVED 4-127 Private Use 128-255
OBJECT-TYPE    
  CgmGdoiEncryptionAlgorithm  

cgmGdoiGmKekEncryptKeyLength 1.3.6.1.4.1.9.9.759.1.3.2.1.14
The value of the KEK_KEY_LENGTH which specifies the KEK Algorithm key length (in bits).
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmKekSigHashAlg 1.3.6.1.4.1.9.9.759.1.3.2.1.15
The value of the SIG_HASH_ALGORITHM which specifies the SIG payload hash algorithm. This is not required (i.e. could have a value of zero) if the SIG_ALGORITHM is SIG_ALG_DSS or SIG_ALG_ECDSS, which imply SIG_HASH_SHA1 (i.e. must have a value of zero or SIG_HASH_SHA1). Following are the Signature Hash Algorithm values defined in the GDOI RFC 3547, however the CgmGdoiPseudoRandomFunction TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 SIG_HASH_MD5 1 SIG_HASH_SHA1 2 RESERVED 3-127 Private Use 128-255
OBJECT-TYPE    
  CgmGdoiPseudoRandomFunction  

cgmGdoiGmKekSigAlg 1.3.6.1.4.1.9.9.759.1.3.2.1.16
The value of the SIG_ALGORITHM which specifies the SIG payload signature algorithm. A GDOI implementation must support SIG_ALG_RSA. Following are the Signature Algorithm values defined in the GDOI RFC 3547, however the CgmGdoiSignatureMethod TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 SIG_ALG_RSA 1 SIG_ALG_DSS 2 SIG_ALG_ECDSS 3 RESERVED 4-127 Private Use 128-255
OBJECT-TYPE    
  CgmGdoiSignatureMethod  

cgmGdoiGmKekSigKeyLength 1.3.6.1.4.1.9.9.759.1.3.2.1.17
The value of the SIG_KEY_LENGTH which specifies the length of the SIG payload key.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmKekOakleyGroup 1.3.6.1.4.1.9.9.759.1.3.2.1.18
The value of the KE_OAKLEY_GROUP which specifies the OAKLEY or Diffie-Hellman Group used to compute the PFS secret in the optional KE payload of the GDOI GROUPKEY-PULL exchange.
OBJECT-TYPE    
  CgmGdoiDiffieHellmanGroup  

cgmGdoiGmKekOriginalLifetime 1.3.6.1.4.1.9.9.759.1.3.2.1.19
The value of the KEK_KEY_LIFETIME which specifies the maximum time for which a KEK is valid. The GCKS may refresh the KEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmKekRemainingLifetime 1.3.6.1.4.1.9.9.759.1.3.2.1.20
The value of the remaining time for which a KEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of cgmGdoiGmKekOriginalLifetime and counts down to 0 in seconds. If the lifetime has already expired, this value should remain at zero (0) until the GCKS refreshes the KEK.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmKekStatus 1.3.6.1.4.1.9.9.759.1.3.2.1.21
The status of the KEK SA. When this status value is queried, one of the following is returned: inUse(1), new(2), old(3).
OBJECT-TYPE    
  CgmGdoiKekStatus  

cgmGdoiKsTekSelectorTable 1.3.6.1.4.1.9.9.759.1.3.3
A table of information regarding GDOI Traffic Encryption Key (TEK) Selectors (source, destination, protocol information) that is currently configured/pushed for GDOI entities acting as Key Servers on the network device being queried. There is one entry in this table for each TEK that has been configured & pushed to Group Members registered to the given Key Server.
OBJECT-TYPE    
  SEQUENCE OF  
    CgmGdoiKsTekSelectorEntry

cgmGdoiKsTekSelectorEntry 1.3.6.1.4.1.9.9.759.1.3.3.1
An entry containing the Source/Destination attributes associated with a GDOI TEK Policy, uniquely identified by the Group ID, Key Server ID and TEK Selector index. There will be one entry for each Source/Destination Policy sent by the given Key Server to its registered Group Members, each with a unique 5-tuple. However, due to the 255-octet constraint placed on an OID, the 4-tuple cannot be used to INDEX a TEK entry for a given Group ID & Key Server ID. Therefore, the TEK Selector index for a given Group ID & Key Server ID MUST be unique. The TEK SPI is part of the TEK Policy Table.
OBJECT-TYPE    
  CgmGdoiKsTekSelectorEntry  

cgmGdoiKsTekSelectorIndex 1.3.6.1.4.1.9.9.759.1.3.3.1.1
The index of the Source/Destination tuple to be secured by the KS TEK.The value of the index is a number which begins at one and is incremented with each Source/Destination pair that is to be secured by the KS TEK policy for that GDOI group.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsTekSrcIdType 1.3.6.1.4.1.9.9.759.1.3.3.1.2
The Identification Type Value used to parse the identity information for the source of a TEK Policy. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'SRC ID Type' of the TEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiKsTekSrcIdLength 1.3.6.1.4.1.9.9.759.1.3.3.1.3
The length (i.e. number of octets) of the source ID of a TEK Policy. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiKsTekSrcIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' field sent in the TEK payload.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsTekSrcIdValue 1.3.6.1.4.1.9.9.759.1.3.3.1.4
The value of the identity information for the source of a TEK Policy with its type indicated by the cgmGdoiKsTekSrcIdType. Use the cgmGdoiKsTekSrcIdType to parse the TEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a TEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiKsTekSrcIdPort 1.3.6.1.4.1.9.9.759.1.3.3.1.5
The value specifying a port associated with the source ID of a TEK Policy. A value of zero means that the port should be ignored. This port value is sent as the `SRC ID Port` field of a TEK payload.
OBJECT-TYPE    
  CgmGdoiUnsigned16  

cgmGdoiKsTekDstIdType 1.3.6.1.4.1.9.9.759.1.3.3.1.6
The Identification Type Value used to parse the identity information for the dest. of a TEK Policy. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'DST ID Type' of the TEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiKsTekDstIdLength 1.3.6.1.4.1.9.9.759.1.3.3.1.7
The length (i.e. number of octets) of the destination ID of a TEK Policy. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiKsTekDstIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'DST ID Data Len' field sent in the TEK payload.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsTekDstIdValue 1.3.6.1.4.1.9.9.759.1.3.3.1.8
The value of the identity information for the destination of a TEK Policy with its type indicated by the cgmGdoiKsTekDstIdType. Use the cgmGdoiKsTekDstIdType to parse the TEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a TEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiKsTekDstIdPort 1.3.6.1.4.1.9.9.759.1.3.3.1.9
The value specifying a port associated with the dest. ID of a TEK Policy. A value of zero means that the port should be ignored. This port value is sent as the `DST ID Port` field of a TEK payload.
OBJECT-TYPE    
  CgmGdoiUnsigned16  

cgmGdoiKsTekSecurityProtocol 1.3.6.1.4.1.9.9.759.1.3.3.1.10
The value of the Protocol-ID field of a SA TEK (SAT) payload which specifies the Security Protocol for a TEK. Following are the Security Protocol values defined in the GDOI RFC 3547, however the CgmGdoiSecurityProtocol TC defines all possible values. Protocol ID Value ---------------------- ----- RESERVED 0 GDOI_PROTO_IPSEC_ESP 1 RESERVED 2-127 Private Use 128-255
OBJECT-TYPE    
  CgmGdoiSecurityProtocol  

cgmGdoiKsTekPolicyTable 1.3.6.1.4.1.9.9.759.1.3.4
A table of information regarding GDOI Traffic Encryption Key (TEK) Policies currently configured/pushed for GDOI entities acting as Key Servers on the network device being queried. There is one entry in this table for each TEK that has been configured & pushed to Group Members registered to the given Key Server.
OBJECT-TYPE    
  SEQUENCE OF  
    CgmGdoiKsTekPolicyEntry

cgmGdoiKsTekPolicyEntry 1.3.6.1.4.1.9.9.759.1.3.4.1
An entry containing the attributes associated with a GDOI TEK Policy, uniquely identified by the Group ID, Key Server ID, TEK Selector Index (Source/Destination IDs & Ports), and TEK Policy Index (TEK SPI and direction). There will be one or more TEK entries for each TEK Policy sent by the given Key Server to its registered Group Members, each with a unique 5-tuple.
OBJECT-TYPE    
  CgmGdoiKsTekPolicyEntry  

cgmGdoiKsTekPolicyIndex 1.3.6.1.4.1.9.9.759.1.3.4.1.1
The index of the policy that is used to secure the KS TEK. The value of the index is a number which begins at one and is incremented with each row in this table.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsTekSPI 1.3.6.1.4.1.9.9.759.1.3.4.1.2
The value of the Security Parameter Index (SPI) of a TEK Policy. The SPI must be the SPI for ESP.
OBJECT-TYPE    
  CgmGdoiTekSPI  

cgmGdoiKsTekEncapsulationMode 1.3.6.1.4.1.9.9.759.1.3.4.1.3
The value of the Encapsulation Mode of a TEK (IPsec SA). Following are the Encapsulation Mode values defined in RFC 2407, however the CgmGdoiEncapsulationMode TC defines all possible values. Encapsulation Mode Value ------------------ ----- RESERVED 0 Tunnel 1 Transport 2
OBJECT-TYPE    
  CgmGdoiEncapsulationMode  

cgmGdoiKsTekEncryptionAlgorithm 1.3.6.1.4.1.9.9.759.1.3.4.1.4
The value of the Transform ID field of a PROTO_IPSEC_ESP payload which specifies the ESP transform to be used. If no encryption is used, this value will be zero (0). Following are the ESP Transform values defined in RFC 2407, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. IPsec ESP Transform ID Value ------------------------ ----- RESERVED 0 ESP_DES_IV64 1 ESP_DES 2 ESP_3DES 3 ESP_RC5 4 ESP_IDEA 5 ESP_CAST 6 ESP_BLOWFISH 7 ESP_3IDEA 8 ESP_DES_IV32 9 ESP_RC4 10 ESP_NULL 11
OBJECT-TYPE    
  CgmGdoiEncryptionAlgorithm  

cgmGdoiKsTekEncryptionKeyLength 1.3.6.1.4.1.9.9.759.1.3.4.1.5
The length of the key used for encryption in a TEK (in bits).
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsTekIntegrityAlgorithm 1.3.6.1.4.1.9.9.759.1.3.4.1.6
The value of the Authentication Algorithm for a TEK IPsec ESP SA. If no authentication is used, this value will be zero (0). Following are the Authentication Algorithm values defined in RFC 2407, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- HMAC-MD5 1 HMAC-SHA 2 DES-MAC 3 KPDK 4
OBJECT-TYPE    
  CgmGdoiIntegrityAlgorithm  

cgmGdoiKsTekIntegrityKeyLength 1.3.6.1.4.1.9.9.759.1.3.4.1.7
The length of the key used for integrity/authentication in a TEK (in bits).
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsTekWindowSize 1.3.6.1.4.1.9.9.759.1.3.4.1.8
The size of the Time Based Anti-Replay (TBAR) window used by this TEK Policy.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsTekOriginalLifetime 1.3.6.1.4.1.9.9.759.1.3.4.1.9
The value of the SA Life Type defined in RFC 2407 which specifies the maximum time for which a TEK IPsec SA is valid. The GCKS may refresh the TEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsTekRemainingLifetime 1.3.6.1.4.1.9.9.759.1.3.4.1.10
The value of the remaining time for which a TEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of cgmGdoiKsTekOriginalLifetime when the TEK is sent and counts down to zero in seconds. If the lifetime has already expired, this value should remain at zero (0) until the Key Server refreshes the TEK.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiKsTekStatus 1.3.6.1.4.1.9.9.759.1.3.4.1.11
The status of the TEK Policy. When this status value is queried, one of the following is returned: inbound(1), outbound(2), notInUse(3).
OBJECT-TYPE    
  CgmGdoiTekStatus  

cgmGdoiGmTekSelectorTable 1.3.6.1.4.1.9.9.759.1.3.5
A table of information regarding GDOI Traffic Encryption Key (TEK) Security Associations (SAs/Policies) pushed by a Key Server & installed for GDOI entities acting as Group Members (GMs) on the network device being queried. There is one entry in this table for each unique TEK traffic selector (Source/Destination tuple) that has been downloaded from the Key Server and installed on the Group Member.
OBJECT-TYPE    
  SEQUENCE OF  
    CgmGdoiGmTekSelectorEntry

cgmGdoiGmTekSelectorEntry 1.3.6.1.4.1.9.9.759.1.3.5.1
An entry containing the attributes associated with a GDOI TEK Policy/SA, uniquely identified by the Group ID, Group Member ID, Source/Destination IDs & Ports, and TEK SPI. There will be one or more TEK entries for each TEK Policy/SA received and installed by the given Group Member from its registered Key Server, each with a unique 5-tuple. This table does not contain the SPI which is part of the TEK policy table.
OBJECT-TYPE    
  CgmGdoiGmTekSelectorEntry  

cgmGdoiGmTekSelectorIndex 1.3.6.1.4.1.9.9.759.1.3.5.1.1
The index of the Source/Destination pair secured by the GM TEK.The value of the index is a number which begins at one and is incremented with each Source/Destination pair that is secured by the GM TEK policy for that GDOI group.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmTekSrcIdType 1.3.6.1.4.1.9.9.759.1.3.5.1.2
The Identification Type Value used to parse the identity information for the source of a TEK Policy/SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'SRC ID Type' of the TEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiGmTekSrcIdLength 1.3.6.1.4.1.9.9.759.1.3.5.1.3
The length (i.e. number of octets) of the source ID of a TEK Policy/SA. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmTekSrcIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' field sent in the TEK payload.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmTekSrcIdValue 1.3.6.1.4.1.9.9.759.1.3.5.1.4
The value of the identity information for the source of a TEK Policy/SA with its type indicated by the cgmGdoiGmTekSrcIdType. Use the cgmGdoiGmTekSrcIdType to parse the TEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a TEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiGmTekSrcIdPort 1.3.6.1.4.1.9.9.759.1.3.5.1.5
The value specifying a port associated with the source ID of a TEK Policy/SA. A value of zero means that the port should be ignored. This port value is sent as the `SRC ID Port` field of a TEK payload.
OBJECT-TYPE    
  CgmGdoiUnsigned16  

cgmGdoiGmTekDstIdType 1.3.6.1.4.1.9.9.759.1.3.5.1.6
The Identification Type Value used to parse the identity information for the dest. of a TEK Policy/SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'DST ID Type' of the TEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiGmTekDstIdLength 1.3.6.1.4.1.9.9.759.1.3.5.1.7
The length (i.e. number of octets) of the destination ID of a TEK Policy/SA. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmTekDstIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'DST ID Data Len' field sent in the TEK payload.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmTekDstIdValue 1.3.6.1.4.1.9.9.759.1.3.5.1.8
The value of the identity information for the destination of a TEK Policy/SA with its type indicated by the cgmGdoiGmTekDstIdType. Use the cgmGdoiGmTekDstIdType to parse the TEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a TEK payload.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiGmTekDstIdPort 1.3.6.1.4.1.9.9.759.1.3.5.1.9
The value specifying a port associated with the dest. ID of a TEK Policy/SA. A value of zero means that the port should be ignored. This port value is sent as the `DST ID Port` field of a TEK payload.
OBJECT-TYPE    
  CgmGdoiUnsigned16  

cgmGdoiGmTekSecurityProtocol 1.3.6.1.4.1.9.9.759.1.3.5.1.10
The value of the Protocol-ID field of a SA TEK (SAT) payload which specifies the Security Protocol for a TEK. Following are the Security Protocol values defined in the GDOI RFC 3547, however the CgmGdoiSecurityProtocol TC defines all possible values. Protocol ID Value ---------------------- ----- RESERVED 0 GDOI_PROTO_IPSEC_ESP 1 RESERVED 2-127 Private Use 128-255
OBJECT-TYPE    
  CgmGdoiSecurityProtocol  

cgmGdoiGmTekPolicyTable 1.3.6.1.4.1.9.9.759.1.3.6
A table of information regarding GDOI Traffic Encryption Key (TEK) Security Associations (SAs/Policies) received by a Key Server & installed for GDOI entities acting as Group Members (GMs) on the network device being queried. There is one entry in this table for each TEK SA that has been installed on the Group Member.
OBJECT-TYPE    
  SEQUENCE OF  
    CgmGdoiGmTekPolicyEntry

cgmGdoiGmTekPolicyEntry 1.3.6.1.4.1.9.9.759.1.3.6.1
An entry containing the attributes associated with a GDOI TEK Policy/SA, uniquely identified by the Group ID, Group Member ID, TEK Selector (Source/Destination IDs & Ports), and TEK Policy index (TEK SPI and direction). There will be one or more TEK entries for each TEK Policy/SA received and installed by the given Group Member from its registered Key Server, each with a unique tuple. This table contains the SPI information corresponding to a TEK Selector index.
OBJECT-TYPE    
  CgmGdoiGmTekPolicyEntry  

cgmGdoiGmTekPolicyIndex 1.3.6.1.4.1.9.9.759.1.3.6.1.1
The index of the SPI used to secure the GM TEK.The value of the index is a number which begins at one and is incremented with each row of the GM TEK SPI table.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmTekSPI 1.3.6.1.4.1.9.9.759.1.3.6.1.2
The value of the Security Parameter Index (SPI) of a TEK Policy/SA. The SPI must be the SPI for ESP.
OBJECT-TYPE    
  CgmGdoiTekSPI  

cgmGdoiGmTekEncapsulationMode 1.3.6.1.4.1.9.9.759.1.3.6.1.3
The value of the Encapsulation Mode of a TEK (IPsec SA). Following are the Encapsulation Mode values defined in RFC 2407, however the CgmGdoiEncapsulationMode TC defines all possible values. Encapsulation Mode Value ------------------ ----- RESERVED 0 Tunnel 1 Transport 2
OBJECT-TYPE    
  CgmGdoiEncapsulationMode  

cgmGdoiGmTekEncryptionAlgorithm 1.3.6.1.4.1.9.9.759.1.3.6.1.4
The value of the Transform ID field of a PROTO_IPSEC_ESP payload which specifies the ESP transform to be used. If no encryption is used, this value will be zero (0). Following are the ESP Transform values defined in RFC 2407, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. IPsec ESP Transform ID Value ------------------------ ----- RESERVED 0 ESP_DES_IV64 1 ESP_DES 2 ESP_3DES 3 ESP_RC5 4 ESP_IDEA 5 ESP_CAST 6 ESP_BLOWFISH 7 ESP_3IDEA 8 ESP_DES_IV32 9 ESP_RC4 10 ESP_NULL 11
OBJECT-TYPE    
  CgmGdoiEncryptionAlgorithm  

cgmGdoiGmTekEncryptionKeyLength 1.3.6.1.4.1.9.9.759.1.3.6.1.5
The length of the key used for encryption in a TEK (in bits).
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmTekIntegrityAlgorithm 1.3.6.1.4.1.9.9.759.1.3.6.1.6
The value of the Authentication Algorithm for a TEK IPsec ESP SA. If no authentication is used, this value will be zero (0). Following are the Authentication Algorithm values defined in RFC 2407, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- HMAC-MD5 1 HMAC-SHA 2 DES-MAC 3 KPDK 4
OBJECT-TYPE    
  CgmGdoiIntegrityAlgorithm  

cgmGdoiGmTekIntegrityKeyLength 1.3.6.1.4.1.9.9.759.1.3.6.1.7
The length of the key used for integrity/authentication in a TEK (in bits).
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmTekWindowSize 1.3.6.1.4.1.9.9.759.1.3.6.1.8
The size of the Time Based Anti-Replay (TBAR) window used by this TEK Policy/SA.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmTekOriginalLifetime 1.3.6.1.4.1.9.9.759.1.3.6.1.9
The value of the SA Life Type defined in RFC 2407 which specifies the maximum time for which a TEK IPsec SA is valid. The GCKS may refresh the TEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmTekRemainingLifetime 1.3.6.1.4.1.9.9.759.1.3.6.1.10
The value of the remaining time for which a TEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of cgmGdoiGmTekOriginalLifetime and counts down to 0 in seconds. If the lifetime has already expired, this value should remain at zero (0) until the GCKS refreshes the TEK.
OBJECT-TYPE    
  Unsigned32  

cgmGdoiGmTekStatus 1.3.6.1.4.1.9.9.759.1.3.6.1.11
The status of the TEK Policy/SA. When this status value is queried, one of the following is returned: inbound(1), outbound(2), notInUse(3).
OBJECT-TYPE    
  CgmGdoiTekStatus  

cgmGdoiKSNewRegNotifEnable 1.3.6.1.4.1.9.9.759.1.4.1
Indicates whether or not a notification should be generated on a Key Server when a new Group Member begins registration to a GDOI group.
OBJECT-TYPE    
  TruthValue  

cgmGdoiKSRegCompNotifEnable 1.3.6.1.4.1.9.9.759.1.4.2
Indicates whether or not a notification should be generated on a Key Server when a new Group Member successfully registers to a GDOI group.
OBJECT-TYPE    
  TruthValue  

cgmGdoiKSRekeyPushNotifEnable 1.3.6.1.4.1.9.9.759.1.4.3
Indicates whether or not a notification should be generated on a Key Server when a rekey is sent to a GDOI group.
OBJECT-TYPE    
  TruthValue  

cgmGdoiKSNoRSANotifEnable 1.3.6.1.4.1.9.9.759.1.4.4
Indicates whether or not an error notification should be generated on a Key Server when an RSA key is not set up.
OBJECT-TYPE    
  TruthValue  

cgmGdoiGMRegNotifEnable 1.3.6.1.4.1.9.9.759.1.4.5
Indicates whether or not a notification should be generated on a Group Member when it starts registration to a Key Server in a GDOI group.
OBJECT-TYPE    
  TruthValue  

cgmGdoiGmRegCompNotifEnable 1.3.6.1.4.1.9.9.759.1.4.6
Indicates whether or not a notification should be generated on a Group Member when it successfully registers to a Key Server in a GDOI group.
OBJECT-TYPE    
  TruthValue  

cgmGdoiGmReRegNotifEnable 1.3.6.1.4.1.9.9.759.1.4.7
Indicates whether or not a notification should be generated on a Group Member when it starts to re-register to a Key Server in a GDOI group.
OBJECT-TYPE    
  TruthValue  

cgmGdoiGmRekeyRecNotifEnable 1.3.6.1.4.1.9.9.759.1.4.8
Indicates whether or not a notification should be generated on a Group Member when it receives and processes a rekey sent by a Key Server in a GDOI group.
OBJECT-TYPE    
  TruthValue  

cgmGdoiGmIncompCfgNotifEnable 1.3.6.1.4.1.9.9.759.1.4.9
Indicates whether or not an error notification should be generated on a Group Member when there is missing information for configuring a GDOI group.
OBJECT-TYPE    
  TruthValue  

cgmGdoiGmNoIpSecFlowsNotifEnable 1.3.6.1.4.1.9.9.759.1.4.10
Indicates whether or not an error notification should be generated on a Group Member when no more security associations can be installed after receiving a rekey from a Key Server in a GDOI group.
OBJECT-TYPE    
  TruthValue  

cgmGdoiGmRekeyFailNotifEnable 1.3.6.1.4.1.9.9.759.1.4.11
Indicates whether or not an error notification should be generated on a Group Member when it is unable to successfully process and install a rekey.
OBJECT-TYPE    
  TruthValue  

cgmGdoiKsRoleChangeNotifEnable 1.3.6.1.4.1.9.9.759.1.4.12
Indicates whether or not cgmGdoiKeyServerRoleChange notification should be generated on a Key Server when its role changes from Primary to Secondary or vice-versa.
OBJECT-TYPE    
  TruthValue  

cgmGdoiKsGmDeletedNotifEnable 1.3.6.1.4.1.9.9.759.1.4.13
Indicates whether or not cgmGdoiKeyServerGmDeleted notification should be generated on a Key Server when a Group Member is deleted from the group database.
OBJECT-TYPE    
  TruthValue  

cgmGdoiKsPeerReachNotifEnable 1.3.6.1.4.1.9.9.759.1.4.14
Indicates whether or not cgmGdoiKeyServerPeerReachable notification should be generated on a Key Server when unreachable peer Key Server becomes reachable.
OBJECT-TYPE    
  TruthValue  

cgmGdoiKsPeerUnreachNotifEnable 1.3.6.1.4.1.9.9.759.1.4.15
Indicates whether or not cgmGdoiKeyServerPeerUnreachable notification should be generated on a Key Server when reachable peer Key Server becomes unreachable.
OBJECT-TYPE    
  TruthValue  

cgmGdoiNotifGroupIdType 1.3.6.1.4.1.9.9.759.1.5.1
Variable used only for notifications. This variable captures the identification type of the GDOI group.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiNotifGroupIdValue 1.3.6.1.4.1.9.9.759.1.5.2
Variable used only for notifications. The value of a Group ID with its type indicated by the cgmGdoiNotifGroupIdType. Use the cgmGdoiNotifGroupIdType to parse the value of this field correctly.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiNotifGroupName 1.3.6.1.4.1.9.9.759.1.5.3
Variable used only for notifications. The string-readable name configured for or given to a GDOI Group.
OBJECT-TYPE    
  DisplayString  

cgmGdoiNotifKeyServerIdType 1.3.6.1.4.1.9.9.759.1.5.4
Variable used only for notifications. The Identification Type Value used to parse the identity information of a Key Server.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiNotifKeyServerIdValue 1.3.6.1.4.1.9.9.759.1.5.5
Variable used only for notifications. The value of the identity information for a Key Server with its type indicated by the cgmGdoiNotifKeyServerIdType. Use the cgmGdoiNotifKeyServerIdType to parse the Key Server ID correctly.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiNotifKeyServerRole 1.3.6.1.4.1.9.9.759.1.5.6
Variable used only for notifications. The current role of the Key Server for the Group.
OBJECT-TYPE    
  CgmGdoiKsRole  

cgmGdoiNotifGmIdType 1.3.6.1.4.1.9.9.759.1.5.7
Variable used only for notifications. The Identification Type Value used to parse the identity information for a Initiator or Group Member.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiNotifGmIdValue 1.3.6.1.4.1.9.9.759.1.5.8
Variable used only for notifications. The value of the identity information for a Group Member with its type indicated by the cgmGdoiNotifGmIdType. Use the cgmGdoiNotifGmIdType to parse the Group Member ID's value correctly.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiNotifPeerKsIdType 1.3.6.1.4.1.9.9.759.1.5.9
Variable used only for notifications. The Identification Type Value used to parse the identity information of a Key Server.
OBJECT-TYPE    
  CgmGdoiIdentificationType  

cgmGdoiNotifPeerKsIdValue 1.3.6.1.4.1.9.9.759.1.5.10
Variable used only for notifications. The value of the identity information for a Peer Key Server with its type indicated by the cgmGdoiNotifPeerKsIdType. Use the cgmGdoiNotifPeerKsIdType to parse the Peer Key Server ID correctly.
OBJECT-TYPE    
  CgmGdoiIdentificationValue  

cgmGdoiMIBGroups 1.3.6.1.4.1.9.9.759.2.1
OBJECT IDENTIFIER    

cgmGdoiMIBCompliances 1.3.6.1.4.1.9.9.759.2.2
OBJECT IDENTIFIER    

cgmGdoiGroupIdGroup 1.3.6.1.4.1.9.9.759.2.1.1
This group consists of: 1) GDOI Group Table cgmGdoiGroupIdGroupRev1 is an extension to this group.
OBJECT-GROUP    

cgmGdoiKeyServerGroup 1.3.6.1.4.1.9.9.759.2.1.2
This group consists of: 1) GDOI Key Server Table cgmGdoiKeyServerGroupRev1 is an extension to this group.
OBJECT-GROUP    

cgmGdoiGmGroup 1.3.6.1.4.1.9.9.759.2.1.3
This group consists of: 1) GDOI GM Table cgmGdoiGmGroupRev1 is an extension to this group.
OBJECT-GROUP    

cgmGdoiKsSecurityAssociationsGroup 1.3.6.1.4.1.9.9.759.2.1.4
This group consists of: 1) GDOI Key Server KEK Policy/SA Table 2) GDOI Key Server TEK Policy Table
OBJECT-GROUP    

cgmGdoiGmSecurityAssociationsGroup 1.3.6.1.4.1.9.9.759.2.1.5
This group consists of: 1) GDOI Group Member KEK Policy/SA Table 2) GDOI Group Member TEK Policy/SA Table
OBJECT-GROUP    

cgmGdoiKeyServerNotificationGroup 1.3.6.1.4.1.9.9.759.2.1.6
This group contains the Key Server (GCKS) notifications for the GDOI MIB. cgmGdoiKeyServerNotificationGroupRev1 is an extension to this group.
NOTIFICATION-GROUP    

cgmGdoiKeyServerErrorNotificationGroup 1.3.6.1.4.1.9.9.759.2.1.7
This group contains the Key Server (GCKS) error notifications for the GDOI MIB.
NOTIFICATION-GROUP    

cgmGdoiGmNotificationGroup 1.3.6.1.4.1.9.9.759.2.1.8
This group contains the Group Member (GM) notifications for the GDOI MIB.
NOTIFICATION-GROUP    

cgmGdoiGmErrorNotificationGroup 1.3.6.1.4.1.9.9.759.2.1.9
This group contains the Group Member (GM) error notifications for the GDOI MIB.
NOTIFICATION-GROUP    

cgmGdoiNotificationControlGroup 1.3.6.1.4.1.9.9.759.2.1.10
This group contains the GDOI notification control objects for the GDOI MIB. cgmGdoiNotificationControlGroupRev1 is an extension to this group.
OBJECT-GROUP    

cgmGdoiGroupIdGroupRev1 1.3.6.1.4.1.9.9.759.2.1.11
This group consists of: 1) GDOI Group Table This group is an extension to cgmGdoiGroupIdGroup.
OBJECT-GROUP    

cgmGdoiKeyServerGroupRev1 1.3.6.1.4.1.9.9.759.2.1.12
This group consists of: 1) GDOI Key Server Table This group is an extension to cgmGdoiKeyServerGroup.
OBJECT-GROUP    

cgmGdoiGmGroupRev1 1.3.6.1.4.1.9.9.759.2.1.13
This group consists of: 1) GDOI GM Table This group is an extension to cgmGdoiGmGroup.
OBJECT-GROUP    

cgmGdoiKeyServerNotificationGroupRev1 1.3.6.1.4.1.9.9.759.2.1.14
This group contains the Key Server (GCKS) notifications for the GDOI MIB. This group is an extension to cgmGdoiKeyServerNotificationGroup.
NOTIFICATION-GROUP    

cgmGdoiNotificationControlGroupRev1 1.3.6.1.4.1.9.9.759.2.1.15
This group contains the GDOI notification control objects for the GDOI MIB. This group is an extension to cgmGdoiNotificationControlGroup.
OBJECT-GROUP    

cgmGdoiCoopPeerGroup 1.3.6.1.4.1.9.9.759.2.1.16
This group consists of: 1) COOP Peer Key Server Table
OBJECT-GROUP    

cgmGdoiNotificationVariablesGroup 1.3.6.1.4.1.9.9.759.2.1.17
This group contains the GDOI notification variables for the GDOI MIB.
OBJECT-GROUP    

cgmGdoiMIBCompliance 1.3.6.1.4.1.9.9.759.2.2.1
Implementation of this group is for any network device that supports the sending of notifications.
MODULE-COMPLIANCE    

cgmGdoiMIBComplianceRev1 1.3.6.1.4.1.9.9.759.2.2.2
Write access is not required.
MODULE-COMPLIANCE