CISCO-GDOI-MIB

Imported modules

SNMPv2-CONF	SNMPv2-SMI	SNMPv2-TC
CISCO-TC	CISCO-SMI

Imported symbols

MODULE-COMPLIANCE	NOTIFICATION-GROUP	OBJECT-GROUP
MODULE-IDENTITY	NOTIFICATION-TYPE	OBJECT-TYPE
Counter32	Unsigned32	TEXTUAL-CONVENTION
DisplayString	TruthValue	CiscoMilliSeconds
ciscoMgmt

Defined Types

CgmGdoiKsStatus
A textual convention identifying the status of Key Server in the COOP/Stand-alone scenario. Following are the possible values: ID Type Value ------- ----- Alive 1 -- Key Server is perceived as Alive Dead 2 -- Key Server is perceived as Dead Unknown 3 -- Failed to determine the status; or, the status of a secondary peer when seen from a Secondary Key Server.
TEXTUAL-CONVENTION
	INTEGER	keyServerAlive(1), keyServerDead(2), keyServerUnknown(3)

CgmGdoiKsRole
A textual convention identifying the role of Key Server in the COOP/Stand-alone scenario. Following are the possible values: ID Type Value ------- ----- Primary 1 -- Role is Primary Secondary 2 -- Role is Secondary Unknown 3 -- Failed to determine the role
TEXTUAL-CONVENTION
	INTEGER	keyServerPrimary(1), keyServerSecondary(2), keyServerUnknown(3)

CgmGdoiIdentificationType
A textual convention indicating the type of value used to identify a GDOI entity (i.e. Group, Key Server, or Group Member). Following are the Identification Type Values: ID Type Value ------- ----- RESERVED 0 -- Not Used ID_IPV4_ADDR 1 -- ipv4Address ID_FQDN 2 -- domainName ID_RFC822_ADDR 3 -- userName (ID_USER_FQDN) ID_IPV4_ADDR_SUBNET 4 -- ipv4Subnet - Not in RFC 4306 ID_IPV6_ADDR 5 -- ipv6Address ID_IPV6_ADDR_SUBNET 6 -- ipv6Subnet - Not in RFC 4306 ID_IPV4_ADDR_RANGE 7 -- ipv4Range - Not in RFC 4306 ID_IPV6_ADDR_RANGE 8 -- ipv6Range - Not in RFC 4306 ID_DER_ASN1_DN 9 -- caDistinguishedName ID_DER_ASN1_GN 10 -- caGeneralName ID_KEY_ID 11 -- groupNumber Following are the mappings to the type values above: 'ipv4Address' : a single four (4) octet IPv4 address. 'domainName' : a fully-qualified domain name string. An example is, 'example.com'. The string MUST not contain any terminators (e.g., NULL, CR, etc.). 'userName' : a fully-qualified RFC 822 username or email address string. An example is, 'jsmith@example.com'. The string MUST not contain any terminators. 'ipv4Subnet' : a range of IPv4 addresses, represented by two four (4) octet values concatenated together. The first value is an IPv4 address. The second is an IPv4 network mask. Note that ones (1s) in the network mask indicate that the corresponding bit in the address is fixed, while zeros (0s) indicate a 'wildcard' bit. 'ipv6Address' : a single sixteen (16) octet IPv6 address. 'ipv6Subnet' : a range of IPv6 addresses, represented by two sixteen (16) octet values concatenated together. The first value is an IPv6 address. The second is an IPv network mask. Note that ones (1s) in the network mask indicate that the corresponding bit in the address is fixed, while zeros (0s) indicate a 'wildcard' bit. 'ipv4Range' : a range of IPv4 addresses, represented by two four (4) octet values. The first value is the beginning IPv4 address (inclusive) and the second value is the ending IPv4 address (inclusive). All addresses falling between the two specified addresses are considered to be within the list. 'ipv6Range' : a range of IPv6 addresses, represented by two sixteen (16) octet values. The first value is the beginning IPv6 address (inclusive) and the second value is the ending IPv6 address (inclusive). All addresses falling between the two specified addresses are considered to be within the list. 'caDistinguishedName' : the binary DER encoding of an ASN.1 X.500 Distinguished Name [X.501]. 'caGeneralName' : the binary DER encoding of an ASN.1 X.500 GeneralName [X.509]. 'groupNumber' : a four (4) octet group identifier.
TEXTUAL-CONVENTION
	INTEGER	ipv4Address(1), domainName(2), userName(3), ipv4Subnet(4), ipv6Address(5), ipv6Subnet(6), ipv4Range(7), ipv6Range(8), caDistinguishedName(9), caGeneralName(10), groupNumber(11)

CgmGdoiIdentificationValue
A textual convention indicating the actual value of used to identify a GDOI entity (i.e. Group, Key Server, or Group Member). The value of the CgmGdoiIdentificationValue object can be parsed based on the value of the associated CgmGdoiIdentificationType object. The following CgmGdoiIdentificationType values indicate that the CgmGdoiIdentificationValue object should be parsed as a binary string of octets with the given lengths if a length is not associated with the object: ipv4Address(1) -- 4 octets ipv4Subnet(4) -- 8 octets ipv6Address(5) -- 16 octets ipv6Subnet(6) -- 32 octets ipv4Range(7) -- 8 octets ipv6Range(8) -- 32 octets groupNumber(11) -- 4 octets The following CgmGdoiIdentificationType values indicate that the CgmGdoiIdentificationValue object should be parsed as an ASCII string of characters. Note that a length MUST be associated with the object in these cases: domainName(2) userName(3) caDistinguishedName(9) caGeneralName(10) Note that the length of 48 octets was chosen because the gdoiKsKekEntry, gdoiGmKekEntry, gdoiKsTekEntry, & gdoiGmTekEntry will exceed the OID size limit of 255 octets if this size is any larger than 48 octets.
TEXTUAL-CONVENTION
	OCTET STRING	Size(0..48)

CgmGdoiKekSPI
A textual convention indicating a SPI (Security Parameter Index) of sixteen (16) octets for a KEK. The SPI must be the ISAKMP Header cookie pair where the first 8 octets become the 'Initiator Cookie' field of the GROUPKEY-PUSH message ISAKMP HDR, and the second 8 octets become the 'Responder Cookie' in the same HDR. These cookies are assigned by the Key Server.
TEXTUAL-CONVENTION
	OCTET STRING	Size(16)

CgmGdoiIpProtocolId
A textual convention indicating the identifier of the IP Protocol being used for the rekey datagram. Some possible values are: ID Value ID Type -------- ------- 06 TCP -- ipProtocolTCP 17 UDP -- ipProtocolUDP
TEXTUAL-CONVENTION
	INTEGER	ipProtocolUnknown(0), ipProtocolTCP(1), ipProtocolUDP(2)

CgmGdoiKeyManagementAlgorithm
A textual convention indicating the identifier of the key/KEK management algorithm being used to provide forward or backward access control (i.e. used to exclude group members). Following are the possible KEK management algorithm values & CgmGdoiKeyManagementAlgorithm mappings: KEK Management Type Value ------------------- ----- LKH 1 -- keyMgmtLkh
TEXTUAL-CONVENTION
	INTEGER	keyMgmtNone(0), keyMgmtLkh(1)

CgmGdoiEncryptionAlgorithm
A textual convention indicating the identifier of the encryption algorithm being used. Following are the possible updated encryption algorithm values & CgmGdoiEncryptionAlgorithm mappings after RFC 4306: Encryption Algorithm Type Value --------------------------------- ----- ENCR_DES_IV64 1 -- encrAlgDes64 ENCR_DES 2 -- encrAlgDes ENCR_3DES 3 -- encrAlg3Des ENCR_RC5 4 -- encrAlgRc5 ENCR_IDEA 5 -- encrAlgIdea ENCR_CAST 6 -- encrAlgCast ENCR_BLOWFISH 7 -- encrAlgBlowfish ENCR_3IDEA 8 -- encrAlg3Idea ENCR_DES_IV32 9 -- encrAlgDes32 ENCR_NULL 11 -- encrAlgNull ENCR_AES_CBC 12 -- encrAlgAesCbc ENCR_AES_CTR 13 -- encrAlgAesCtr ENCR_AES-CCM_8 14 -- encrAlgAesCcm8 ENCR_AES-CCM_12 15 -- encrAlgAesCcm12 ENCR_AES-CCM_16 16 -- encrAlgAesCcm16 AES-GCM (8-octet ICV) 18 -- encrAlgAesGcm8 AES-GCM (12-octet ICV) 19 -- encrAlgAesGcm12 AES-GCM (16-octet ICV) 20 -- encrAlgAesGcm16 ENCR_NULL_AUTH_AES_GMAC 21 -- encrAlgNullAuthAesGmac ENCR_CAMELLIA_CBC 23 -- encrAlgCamelliaCbc ENCR_CAMELLIA_CTR 24 -- encrAlgCamelliaCtr ENCR_CAMELLIA_CCM (8-octet ICV) 25 -- encrAlgCamelliaCcm8 ENCR_CAMELLIA_CCM (12-octet ICV) 26 -- encrAlgCamelliaCcm12 ENCR_CAMELLIA_CCM (16-octet ICV) 27 -- encrAlgCamelliaCcm16 Following are the possible ESP transform identifiers & CgmGdoiEncryptionAlgorithm mappings from RFC 2407: IPsec ESP Transform ID Value ------------------------ ----- ESP_DES_IV64 1 -- encrAlgDes64 ESP_DES 2 -- encrAlgDes ESP_3DES 3 -- encrAlg3Des ESP_RC5 4 -- encrAlgRc5 ESP_IDEA 5 -- encrAlgIdea ESP_CAST 6 -- encrAlgCast ESP_BLOWFISH 7 -- encrAlgBlowfish ESP_3IDEA 8 -- encrAlg3Idea ESP_DES_IV32 9 -- encrAlgDes32 ESP_RC4 10 -- encrAlgRc4 ESP_NULL 11 -- encrAlgNull ESP_AES-CBC 12 -- encrAlgAesCbc ESP_AES-CTR 13 -- encrAlgAesCtr ESP_AES-CCM_8 14 -- encrAlgAesCcm8 ESP_AES-CCM_12 15 -- encrAlgAesCcm12 ESP_AES-CCM_16 16 -- encrAlgAesCcm16 ESP_AES-GCM_8 18 -- encrAlgAesGcm8 ESP_AES-GCM_12 19 -- encrAlgAesGcm12 ESP_AES-GCM_16 20 -- encrAlgAesGcm16 ESP_SEED_CBC 21 -- encrAlgSeedCbc ESP_CAMELLIA 22 -- encrAlgCamelliaCbc, Ctr, Ccm8, Ccm12, Ccm16 ESP_NULL_AUTH_AES-GMAC 23 -- encrAlgNullAuthAesGmac Following are the possible KEK_ALGORITHM values specifying the encryption algorithm used with a KEK & CgmGdoiEncryptionAlgorithm mappings from the GDOI RFC 3547: Algorithm Type Value -------------- ----- KEK_ALG_DES 1 -- encrAlgDes KEK_ALG_3DES 2 -- encrAlg3Des KEK_ALG_AES 3 -- encrAlgAesCbc
TEXTUAL-CONVENTION
	INTEGER	encrAlgNone(0), encrAlgDes64(1), encrAlgDes(2), encrAlg3Des(3), encrAlgRc5(4), encrAlgIdea(5), encrAlgCast(6), encrAlgBlowfish(7), encrAlg3Idea(8), encrAlgDes32(9), encrAlgRc4(10), encrAlgNull(11), encrAlgAesCbc(12), encrAlgAesCtr(13), encrAlgAesCcm8(14), encrAlgAesCcm12(15), encrAlgAesCcm16(16), encrAlgAesGcm8(18), encrAlgAesGcm12(19), encrAlgAesGcm16(20), encrAlgNullAuthAesGmac(21), encrAlgCamelliaCbc(23), encrAlgCamelliaCtr(24), encrAlgCamelliaCcm8(25), encrAlgCamelliaCcm12(26), encrAlgCamelliaCcm1(27), encrAlgSeedCbc(28)

CgmGdoiPseudoRandomFunction
A textual convention indicating the identifier of the pseudo-random function (PRF) being used. Following are the possible updated PRF values & CgmGdoiPseudoRandomFunction mappings after RFC 4306: Pseudo-Random Function Type Value --------------------------------- ----- PRF_HMAC_MD5 1 -- prfMd5Hmac PRF_HMAC_SHA1 2 -- prfSha1Hmac PRF_HMAC_TIGER 3 -- prfTigerHmac PRF_AES128_XCBC 4 -- prfAes128Xcbc PRF_HMAC_SHA2_256 5 -- prfSha2Hmac256 PRF_HMAC_SHA2_384 6 -- prfSha2Hmac384 PRF_HMAC_SHA2_512 7 -- prfSha2Hmac512 PRF_AES128_CMAC 8 -- prfAes128Cmac Following are the possible SIG_HASH_ALGORITHM values & CgmGdoiPseudoRandomFunction mappings from the GDOI RFC 3547: Algorithm Type Value -------------- ----- SIG_HASH_MD5 1 -- prfMd5Hmac SIG_HASH_SHA1 2 -- prfSha1Hmac
TEXTUAL-CONVENTION
	INTEGER	prfNone(0), prfMd5Hmac(1), prfSha1Hmac(2), prfTigerHmac(3), prfAes128Xcbc(4), prfSha2Hmac256(5), prfSha2Hmac384(6), prfSha2Hmac512(7), prfAes128Cmac(8)

CgmGdoiIntegrityAlgorithm
A textual convention indicating the identifier of the integirty algorithm being used. Following are the possible updated integrity algorithm values & CgmGdoiIntegrityAlgorithm mappings after RFC 4306: Integrity Algorithm Type Value ------------------------ ----- AUTH_HMAC_MD5_96 1 -- authAlgMd5Hmac96 AUTH_HMAC_SHA1_96 2 -- authAlgSha1Hmac96 AUTH_DES_MAC 3 -- authAlgDesMac AUTH_KPDK_MD5 4 -- authAlgMd5Kpdk AUTH_AES_XCBC_96 5 -- authAlgAesXcbc96 AUTH_HMAC_MD5_128 6 -- authAlgMd5Hmac128 AUTH_HMAC_SHA1_160 7 -- authAlgSha1Hmac160 AUTH_AES_CMAC_96 8 -- authAlgAesCmac96 AUTH_AES_128_GMAC 9 -- authAlgAes128Gmac AUTH_AES_192_GMAC 10 -- authAlgAes192Gmac AUTH_AES_256_GMAC 11 -- authAlgAes256Gmac AUTH_HMAC_SHA2_256_128 12 -- authAlgSha2Hmac256to128 AUTH_HMAC_SHA2_384_192 13 -- authAlgSha2Hmac384to192 AUTH_HMAC_SHA2_512_256 14 -- authAlgSha2Hmac512to256 Following are the possible legacy authentication algorithm values & CgmGdoIntegrityAlgorithm mappings from RFC 2407: Algorithm Type Value -------------- ----- HMAC-MD5 1 -- authAlgMd5Hmac96 HMAC-SHA 2 -- authAlgSha1Hmac96 DES-MAC 3 -- authAlgDesMac KPDK 4 -- authAlgMd5Kpdk
TEXTUAL-CONVENTION
	INTEGER	authAlgNone(0), authAlgMd5Hmac96(1), authAlgSha1Hmac96(2), authAlgDesMac(3), authAlgMd5Kpdk(4), authAlgAesXcbc96(5), authAlgMd5Hmac128(6), authAlgSha1Hmac160(7), authAlgAesCmac96(8), authAlgAes128Gmac(9), authAlgAes192Gmac(10), authAlgAes256Gmac(11), authAlgSha2Hmac256to128(12), authAlgSha2Hmac384to192(13), authAlgSha2Hmac512to256(14)

CgmGdoiSignatureMethod
A textual convention indicating the identifier of the integirty algorithm being used. Following are the possible updated authentication method values & CgmGdoiSignatureMethod mappings after RFC 4306: Authentication Method Value ----------------------------------- ----- RSA Digital Signature 1 -- sigRsa Shared Key Message Integrity Code 2 -- sigSharedKey DSS Digital Signature 3 -- sigDss ECDSA w/ SHA-256 (P-256 curve) 9 -- sigEcdsa256 ECDSA w/ SHA-384 (P-384 curve) 10 -- sigEcdsa384 ECDSA w/ SHA-512 (P-521 curve) 11 -- sigEcdsa512 Following are the possible legacy IPsec authentication method values & CgmGdoiSignatureMethod mappings from RFC 2409: Authentication Method Value -------------------------------- ----- Pre-Shared Key 1 -- sigSharedKey DSS Signature 2 -- sigDss RSA Signature 3 -- sigRsa Encryption w/ RSA 4 -- sigEncryptRsa Revised Encryption w/ RSA 5 -- sigRevEncryptRsa ECDSA w/ SHA-256 (P-256 curve) 9 -- sigEcdsa256 ECDSA w/ SHA-384 (P-384 curve) 10 -- sigEcdsa384 ECDSA w/ SHA-512 (P-521 curve) 11 -- sigEcdsa512 Following are the possible POP algorithm values & CgmGdoiSignatureMethod mappings from the GDOI RFC 3547: Algorithm Type Value -------------- ----- POP_ALG_RSA 1 -- sigRsa POP_ALG_DSS 2 -- sigDss POP_ALG_ECDSS 3 -- sigEcdsa256, 384, 512 Following are the possible SIG_ALGORITHM values & CgmGdoiSignatureMethod mappings from the GDOI RFC 3547: Algorithm Type Value -------------- ----- SIG_ALG_RSA 1 -- sigRsa SIG_ALG_DSS 2 -- sigDss SIG_ALG_ECDSS 3 -- sigEcdsa256, 384, 512
TEXTUAL-CONVENTION
	INTEGER	sigNone(0), sigRsa(1), sigSharedKey(2), sigDss(3), sigEncryptRsa(4), sigRevEncryptRsa(5), sigEcdsa256(9), sigEcdsa384(10), sigEcdsa512(11)

CgmGdoiDiffieHellmanGroup
A textual convention indicating the identifier of the Diffie-Hellman Group being used. Following are the possible updated Diffie-Hellman Group values & CgmGdoiDiffieHellmanGroup mappings after RFC 4306: Diffie-Hellman Group Type Value ------------------------- ----- NONE 0 -- dhNone Group 1 - 768 Bit MODP 1 -- dhGroup1 Group 2 - 1024 Bit MODP 2 -- dhGroup2 1536-bit MODP Group 5 -- dh1536Modp 2048-bit MODP Group 14 -- dh2048Modp 3072-bit MODP Group 15 -- dh3072Modp 4096-bit MODP Group 16 -- dh4096Modp 6144-bit MODP Group 17 -- dh6144Modp 8192-bit MODP Group 18 -- dh8192Modp 256-bit random ECP group 19 -- dhEcp256 84-bit random ECP group 20 -- dhEcp84 521-bit random ECP group 21 -- dhEcp521 1024-bit MODP w/ 160-bit 22 -- dh1024Modp160 Prime Order Subgroup 2048-bit MODP w/ 224-bit 23 -- dh2048Modp224 Prime Order Subgroup 2048-bit MODP w/ 256-bit 24 -- dh2048Modp256 Prime Order Subgroup 192-bit Random ECP Group 25 -- dhEcp192 224-bit Random ECP Group 26 -- dhEcp224 Following are the possible legacy Diffie-Hellman Group values & CgmGdoiDiffieHellmanGroup mappings from RFC 2409: Diffie-Hellman Group Type Value ------------------------- ----- Group 1 - 768 Bit MODP 1 -- dhGroup1 Group 2 - 1024 Bit MODP 2 -- dhGroup2 EC2N group on GP[2^155] 3 -- dhEc2nGp155 EC2N group on GP[2^185] 4 -- dhEc2nGp185
TEXTUAL-CONVENTION
	INTEGER	dhNone(0), dhGroup1(1), dhGroup2(2), dhEc2nGp155(3), dhEc2nGp185(4), dh1536Modp(5), dh2048Modp(14), dh3072Modp(15), dh4096Modp(16), dh6144Modp(17), dh8192Modp(18), dhEcp256(19), dhEcp84(20), dhEcp521(21), dh1024Modp160(22), dh2048Modp224(23), dh2048Modp256(24), dhEcp192(25), dhEcp224(26)

CgmGdoiEncapsulationMode
A textual convention indicating the identifier of the Encapsulation Mode being used. Following are the possible Encapsulation Mode values & CgmGdoiEncapsulationMode mappings from RFC 2407: Encapsulation Mode Value ---------------------------- ----- Tunnel 1 -- encapTunnel Transport 2 -- encapTransport UDP-Encapsulated-Tunnel 3 -- encapUdpTunnel UDP-Encapsulated-Transport 4 -- encapUdpTransport
TEXTUAL-CONVENTION
	INTEGER	encapUnknown(0), encapTunnel(1), encapTransport(2), encapUdpTunnel(3), encapUdpTransport(4)

CgmGdoiSecurityProtocol
A textual convention indicating the identifier of the Security Protocol being used. Following are the possible Security Protocol ID values & CgmGdoiSecurityProtocol mappings from the GDOI RFC 3547: Security Protocol ID Value ---------------------- ----- GDOI_PROTO_IPSEC_ESP 1 -- secProtocolIpsecEsp
TEXTUAL-CONVENTION
	INTEGER	secProtocolUnknown(0), secProtocolIpsecEsp(1)

CgmGdoiTekSPI
A textual convention indicating a SPI (Security Parameter Index) of four (4) octets for a TEK using ESP.
TEXTUAL-CONVENTION
	OCTET STRING	Size(4)

CgmGdoiKekStatus
A textual convention indicating the status of a GDOI KEK and its corresponding Security Association (SA). 'inUse' : KEK currently being used to encrypt new KEK/TEKs 'new' : KEK currently being sent to all peers 'old' : KEK that has expired and is no longer being used
TEXTUAL-CONVENTION
	INTEGER	inUse(1), new(2), old(3)

CgmGdoiTekStatus
A textual convention indicating the status of a GDOI TEK and its corresponding Security Association (SA). 'inbound' : TEK is being used as inbound (receive) SA 'outbound' : TEK is being used as outbound (transmit) SA 'notInUse' : TEK is no longer being used
TEXTUAL-CONVENTION
	INTEGER	inbound(1), outbound(2), notInUse(3)

CgmGdoiUnsigned16
A textual convention indicating a 16-bit unsigned integer value.
TEXTUAL-CONVENTION
	OCTET STRING	Size(2)

CgmGdoiGroupEntry
SEQUENCE
	cgmGdoiGroupIdType	CgmGdoiIdentificationType
	cgmGdoiGroupIdLength	Unsigned32
	cgmGdoiGroupIdValue	CgmGdoiIdentificationValue
	cgmGdoiGroupName	DisplayString
	cgmGdoiGroupMemberCount	Unsigned32
	cgmGdoiGroupActivePeerKeyServerCount	Unsigned32
	cgmGdoiGroupLastRekeyRetransmits	Unsigned32
	cgmGdoiGroupLastRekeyTimeTaken	CiscoMilliSeconds

CgmGdoiKeyServerEntry
SEQUENCE
	cgmGdoiKeyServerIdType	CgmGdoiIdentificationType
	cgmGdoiKeyServerIdLength	Unsigned32
	cgmGdoiKeyServerIdValue	CgmGdoiIdentificationValue
	cgmGdoiKeyServerActiveKEK	CgmGdoiKekSPI
	cgmGdoiKeyServerRekeysPushed	Counter32
	cgmGdoiKeyServerRole	CgmGdoiKsRole
	cgmGdoiKeyServerRegisteredGMs	Unsigned32

CgmGdoiGmEntry
SEQUENCE
	cgmGdoiGmIdType	CgmGdoiIdentificationType
	cgmGdoiGmIdLength	Unsigned32
	cgmGdoiGmIdValue	CgmGdoiIdentificationValue
	cgmGdoiGmRegKeyServerIdType	CgmGdoiIdentificationType
	cgmGdoiGmRegKeyServerIdLength	Unsigned32
	cgmGdoiGmRegKeyServerIdValue	CgmGdoiIdentificationValue
	cgmGdoiGmActiveKEK	CgmGdoiKekSPI
	cgmGdoiGmRekeysReceived	Counter32
	cgmGdoiGmActiveTEKNum	Counter32

CgmGdoiCoopPeerEntry
SEQUENCE
	cgmGdoiCoopPeerIdType	CgmGdoiIdentificationType
	cgmGdoiCoopPeerIdLength	Unsigned32
	cgmGdoiCoopPeerIdValue	CgmGdoiIdentificationValue
	cgmGdoiCoopPeerRole	CgmGdoiKsRole
	cgmGdoiCoopPeerStatus	CgmGdoiKsStatus
	cgmGdoiCoopPeerRegisteredGMs	Unsigned32

CgmGdoiKsKekEntry
SEQUENCE
	cgmGdoiKsKekIndex	Unsigned32
	cgmGdoiKsKekSPI	CgmGdoiKekSPI
	cgmGdoiKsKekSrcIdType	CgmGdoiIdentificationType
	cgmGdoiKsKekSrcIdLength	Unsigned32
	cgmGdoiKsKekSrcIdValue	CgmGdoiIdentificationValue
	cgmGdoiKsKekSrcIdPort	CgmGdoiUnsigned16
	cgmGdoiKsKekDstIdType	CgmGdoiIdentificationType
	cgmGdoiKsKekDstIdLength	Unsigned32
	cgmGdoiKsKekDstIdValue	CgmGdoiIdentificationValue
	cgmGdoiKsKekDstIdPort	CgmGdoiUnsigned16
	cgmGdoiKsKekIpProtocol	CgmGdoiIpProtocolId
	cgmGdoiKsKekMgmtAlg	CgmGdoiKeyManagementAlgorithm
	cgmGdoiKsKekEncryptAlg	CgmGdoiEncryptionAlgorithm
	cgmGdoiKsKekEncryptKeyLength	Unsigned32
	cgmGdoiKsKekSigHashAlg	CgmGdoiPseudoRandomFunction
	cgmGdoiKsKekSigAlg	CgmGdoiSignatureMethod
	cgmGdoiKsKekSigKeyLength	Unsigned32
	cgmGdoiKsKekOakleyGroup	CgmGdoiDiffieHellmanGroup
	cgmGdoiKsKekOriginalLifetime	Unsigned32
	cgmGdoiKsKekRemainingLifetime	Unsigned32
	cgmGdoiKsKekStatus	CgmGdoiKekStatus

CgmGdoiGmKekEntry
SEQUENCE
	cgmGdoiGmKekIndex	Unsigned32
	cgmGdoiGmKekSPI	CgmGdoiKekSPI
	cgmGdoiGmKekSrcIdType	CgmGdoiIdentificationType
	cgmGdoiGmKekSrcIdLength	Unsigned32
	cgmGdoiGmKekSrcIdValue	CgmGdoiIdentificationValue
	cgmGdoiGmKekSrcIdPort	CgmGdoiUnsigned16
	cgmGdoiGmKekDstIdType	CgmGdoiIdentificationType
	cgmGdoiGmKekDstIdLength	Unsigned32
	cgmGdoiGmKekDstIdValue	CgmGdoiIdentificationValue
	cgmGdoiGmKekDstIdPort	CgmGdoiUnsigned16
	cgmGdoiGmKekIpProtocol	CgmGdoiIpProtocolId
	cgmGdoiGmKekMgmtAlg	CgmGdoiKeyManagementAlgorithm
	cgmGdoiGmKekEncryptAlg	CgmGdoiEncryptionAlgorithm
	cgmGdoiGmKekEncryptKeyLength	Unsigned32
	cgmGdoiGmKekSigHashAlg	CgmGdoiPseudoRandomFunction
	cgmGdoiGmKekSigAlg	CgmGdoiSignatureMethod
	cgmGdoiGmKekSigKeyLength	Unsigned32
	cgmGdoiGmKekOakleyGroup	CgmGdoiDiffieHellmanGroup
	cgmGdoiGmKekOriginalLifetime	Unsigned32
	cgmGdoiGmKekRemainingLifetime	Unsigned32
	cgmGdoiGmKekStatus	CgmGdoiKekStatus

CgmGdoiKsTekSelectorEntry
SEQUENCE
	cgmGdoiKsTekSelectorIndex	Unsigned32
	cgmGdoiKsTekSrcIdType	CgmGdoiIdentificationType
	cgmGdoiKsTekSrcIdLength	Unsigned32
	cgmGdoiKsTekSrcIdValue	CgmGdoiIdentificationValue
	cgmGdoiKsTekSrcIdPort	CgmGdoiUnsigned16
	cgmGdoiKsTekDstIdType	CgmGdoiIdentificationType
	cgmGdoiKsTekDstIdLength	Unsigned32
	cgmGdoiKsTekDstIdValue	CgmGdoiIdentificationValue
	cgmGdoiKsTekDstIdPort	CgmGdoiUnsigned16
	cgmGdoiKsTekSecurityProtocol	CgmGdoiSecurityProtocol

CgmGdoiKsTekPolicyEntry
SEQUENCE
	cgmGdoiKsTekPolicyIndex	Unsigned32
	cgmGdoiKsTekSPI	CgmGdoiTekSPI
	cgmGdoiKsTekEncapsulationMode	CgmGdoiEncapsulationMode
	cgmGdoiKsTekEncryptionAlgorithm	CgmGdoiEncryptionAlgorithm
	cgmGdoiKsTekEncryptionKeyLength	Unsigned32
	cgmGdoiKsTekIntegrityAlgorithm	CgmGdoiIntegrityAlgorithm
	cgmGdoiKsTekIntegrityKeyLength	Unsigned32
	cgmGdoiKsTekWindowSize	Unsigned32
	cgmGdoiKsTekOriginalLifetime	Unsigned32
	cgmGdoiKsTekRemainingLifetime	Unsigned32
	cgmGdoiKsTekStatus	CgmGdoiTekStatus

CgmGdoiGmTekSelectorEntry
SEQUENCE
	cgmGdoiGmTekSelectorIndex	Unsigned32
	cgmGdoiGmTekSrcIdType	CgmGdoiIdentificationType
	cgmGdoiGmTekSrcIdLength	Unsigned32
	cgmGdoiGmTekSrcIdValue	CgmGdoiIdentificationValue
	cgmGdoiGmTekSrcIdPort	CgmGdoiUnsigned16
	cgmGdoiGmTekDstIdType	CgmGdoiIdentificationType
	cgmGdoiGmTekDstIdLength	Unsigned32
	cgmGdoiGmTekDstIdValue	CgmGdoiIdentificationValue
	cgmGdoiGmTekDstIdPort	CgmGdoiUnsigned16
	cgmGdoiGmTekSecurityProtocol	CgmGdoiSecurityProtocol

CgmGdoiGmTekPolicyEntry
SEQUENCE
	cgmGdoiGmTekPolicyIndex	Unsigned32
	cgmGdoiGmTekSPI	CgmGdoiTekSPI
	cgmGdoiGmTekEncapsulationMode	CgmGdoiEncapsulationMode
	cgmGdoiGmTekEncryptionAlgorithm	CgmGdoiEncryptionAlgorithm
	cgmGdoiGmTekEncryptionKeyLength	Unsigned32
	cgmGdoiGmTekIntegrityAlgorithm	CgmGdoiIntegrityAlgorithm
	cgmGdoiGmTekIntegrityKeyLength	Unsigned32
	cgmGdoiGmTekWindowSize	Unsigned32
	cgmGdoiGmTekOriginalLifetime	Unsigned32
	cgmGdoiGmTekRemainingLifetime	Unsigned32
	cgmGdoiGmTekStatus	CgmGdoiTekStatus

Defined Values

ciscoGdoiMIB		1.3.6.1.4.1.9.9.759
This MIB module defines objects for managing the GDOI protocol. Copyright (c) The IETF Trust (2010). This version of this MIB module is based on RFC 6407; see the RFC itself for full legal notices.
MODULE-IDENTITY

cgmGdoiMIBNotifications		1.3.6.1.4.1.9.9.759.0
OBJECT IDENTIFIER

cgmGdoiMIBObjects		1.3.6.1.4.1.9.9.759.1
OBJECT IDENTIFIER

cgmGdoiMIBConformance		1.3.6.1.4.1.9.9.759.2
OBJECT IDENTIFIER

cgmGdoiKeyServerNewRegistration		1.3.6.1.4.1.9.9.759.0.1
A notification from a Key Server sent when a new Group Member registers to a GDOI Group. This is equivalent to a Key Server receiving the first message of a GROUPKEY-PULL exchange from a Group Member.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiKeyServerRegistrationComplete		1.3.6.1.4.1.9.9.759.0.2
A notification from a Key Server sent when a Group Member has successfully registered to itself. This is equivalent to a Key Server sending the last message of a GROUPKEY-PULL exchange to the Group Member currently registering containing KEKs, TEKs, and their associated policies.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiKeyServerRekeyPushed		1.3.6.1.4.1.9.9.759.0.3
A notification from a Key Server sent when a GROUPKEY-PUSH message is sent to refresh KEK(s) and or TEK(s). A rekey is sent periodically by a Key Server based on a configured time to the Group Members registered to its GDOI Group.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiKeyServerNoRsaKeys		1.3.6.1.4.1.9.9.759.0.4
An error notification from a Key Server sent when an RSA key is not setup. Each Key Server and Group Member needs to have an RSA key established. The Key Server signs the TEK rekeys using this RSA key, also called a Key Encryption Key (KEK). The Group Member verifies the authenticity of the TEK rekey using this RSA key.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiGmRegister		1.3.6.1.4.1.9.9.759.0.5
A notification from a Group Member when it is starting to register with its GDOI Group's Key Server. Registration includes downloading keying & security association material. This is equivalent to a Group Member or Initiator sending the first message of a GROUPKEY-PULL exchange to its Group's Key Server.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiGmRegistrationComplete		1.3.6.1.4.1.9.9.759.0.6
A notification from a Group Member when it has successfully registered with a Key Server in its GDOI Group. This is equivalent to a Group Member receiving the last message of a GROUPKEY-PULL exchange from the Key Server containing KEKs, TEKs, and their associated policies.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiGmReRegister		1.3.6.1.4.1.9.9.759.0.7
A notification from a Group Member when it is starting to re-register with a Key Server in its GDOI Group. A Group Member needs to re-register to the key server if its keying & security association material has expired and it has not received a rekey from the key server to refresh the material. This is equivalent to a Group Member sending the first message of a GROUPKEY-PULL exchange to the Key Server of a Group it is already registered with.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiGmRekeyReceived		1.3.6.1.4.1.9.9.759.0.8
A notification from a Group Member when it has successfully received and processed a rekey from a Key Server in its GDOI Group. Periodically the key server sends a rekey to refresh the keying & security association material. This is equivalent to a Group Member receiving a GROUPKEY-PUSH message from the Key Server of the Group it is already registered with.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiGmIncompleteCfg		1.3.6.1.4.1.9.9.759.0.9
An error notification from a Group Member when there is necessary information missing from the policy/configuration of a Group Member on an interface when it tries to register with a Key Server in its GDOI Group. If the GDOI Group configuration is not complete on a Group Member, it will not be able to register to the Key Server.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiGmNoIpSecFlows		1.3.6.1.4.1.9.9.759.0.10
An error notification from a Group Member when no more security associations can be installed after receiving its keying & security association material. When the Group Member receives the security association materials, it has to install the cryptographic keys and policies. If there is not enough memory to install these materials, there will be an error thrown.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiGmRekeyFailure		1.3.6.1.4.1.9.9.759.0.11
An error notification from a Group Member when it is unable to successfully process and install a rekey (GROUPKEY-PUSH message) sent by the Key Server in its Group that it is registered with.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiKeyServerRoleChange		1.3.6.1.4.1.9.9.759.0.12
This notification is generated when a Key Server changes it's role from Primary to Secondary or vice-versa. The varbinds encapsulate the Group information, the Key Server identifier and the role it has moved to.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiKeyServerGmDeleted		1.3.6.1.4.1.9.9.759.0.13
This notification is generated when a Group Member is deleted from a Key Server. The varbinds encapsulate the Group information, the Key Server identifier and the Group Member identifier which is deleted.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiKeyServerPeerReachable		1.3.6.1.4.1.9.9.759.0.14
This notification is generated from a Key Server when an unreachable peer Key Server becomes reachable. The varbinds encapsulate the Group information, the Key Server identifier and the peer Key Server identifier.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiKeyServerPeerUnreachable		1.3.6.1.4.1.9.9.759.0.15
This notification is generated from a Key Server when a reachable peer Key Server becomes unreachable. The varbinds encapsulate the Group information, the Key Server identifier and the peer Key Server identifier.
Status: current	Access: read-only
NOTIFICATION-TYPE

cgmGdoiGroupTable		1.3.6.1.4.1.9.9.759.1.1
A table of information regarding GDOI Groups in use on the network device being queried.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CgmGdoiGroupEntry

cgmGdoiGroupEntry		1.3.6.1.4.1.9.9.759.1.1.1
An entry containing GDOI Group information, uniquely identified by the GDOI Group ID.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiGroupEntry

cgmGdoiGroupIdType		1.3.6.1.4.1.9.9.759.1.1.1.1
The Identification Type Value used to parse a GDOI Group ID. The GDOI RFC 3547 defines the types that can be used as a GDOI Group ID, and RFC 4306 defines all valid types that can be used as an identifier. This Group ID type is sent as the 'ID Type' field of the Identification Payload for a GDOI GROUPKEY-PULL exchange.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiGroupIdLength		1.3.6.1.4.1.9.9.759.1.1.1.2
The length (i.e. number of octets) of a Group ID. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGroupIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'Payload Length' (subtracting the generic header length) of the Identification Payload for a GDOI GROUPKEY-PULL exchange.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGroupIdValue		1.3.6.1.4.1.9.9.759.1.1.1.3
The value of a Group ID with its type indicated by the cgmGdoiGroupIdType. Use the cgmGdoiGroupIdType to parse the Group ID correctly. This Group ID value is sent as the 'Identification Data' field of the Identification Payload for a GDOI GROUPKEY-PULL exchange.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiGroupName		1.3.6.1.4.1.9.9.759.1.1.1.4
The string-readable name configured for or given to a GDOI Group.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString

cgmGdoiGroupMemberCount		1.3.6.1.4.1.9.9.759.1.1.1.5
The count of registered Group Members to this group, on a Key Server.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGroupActivePeerKeyServerCount		1.3.6.1.4.1.9.9.759.1.1.1.6
The count of the active Key Server sessions between the local Key Server and peer Key Servers for this group.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGroupLastRekeyRetransmits		1.3.6.1.4.1.9.9.759.1.1.1.7
This variable returns the cummulative count of number of rekey messages and retransmits during the last cycle of rekey. This count displays the information pertaining to Group Members only (and is not related to any sync operation pertaining to peer Key Servers). This information is a reflection of rekey operation on a Primary Key Server, and is not available for Secondary Key Server(s), because they do not perform rekeys and do not receive any ACKs. While a rekey is in progress, this variable will give information of the last rekey operation.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGroupLastRekeyTimeTaken		1.3.6.1.4.1.9.9.759.1.1.1.8
This variable returns the duration (in milliseconds) of the last rekey operation. This information is valid for a Primary Key Server, and is not available with Secondary Key Server(s), because they do not perform rekeys and do not receive any ACKs. While a rekey is in progress, this variable will give information of the last rekey operation.
Status: current	Access: read-only
OBJECT-TYPE
	CiscoMilliSeconds

cgmGdoiPeers		1.3.6.1.4.1.9.9.759.1.2
OBJECT IDENTIFIER

cgmGdoiSecAssociations		1.3.6.1.4.1.9.9.759.1.3
OBJECT IDENTIFIER

cgmGdoiNotifCntl		1.3.6.1.4.1.9.9.759.1.4
OBJECT IDENTIFIER

cgmGdoiNotifVars		1.3.6.1.4.1.9.9.759.1.5
OBJECT IDENTIFIER

cgmGdoiKeyServerTable		1.3.6.1.4.1.9.9.759.1.2.1
A table of information for the GDOI group from the perspective of the Key Servers (GCKSs) on the network device being queried.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CgmGdoiKeyServerEntry

cgmGdoiKeyServerEntry		1.3.6.1.4.1.9.9.759.1.2.1.1
An entry containing GDOI Key Server (KS) information, uniquely identified by the Group & Key Server IDs.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiKeyServerEntry

cgmGdoiKeyServerIdType		1.3.6.1.4.1.9.9.759.1.2.1.1.1
The Identification Type Value used to parse the identity information for a Key Server. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiKeyServerIdLength		1.3.6.1.4.1.9.9.759.1.2.1.1.2
The length (i.e. number of octets) of a Key Server ID. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiKeyServerIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' and 'DST ID Data Len' fields sent in the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKeyServerIdValue		1.3.6.1.4.1.9.9.759.1.2.1.1.3
The value of the identity information for a Key Server with its type indicated by the cgmGdoiKeyServerIdType. Use the cgmGdoiKeyServerIdType to parse the Key Server ID correctly. This Key Server ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiKeyServerActiveKEK		1.3.6.1.4.1.9.9.759.1.2.1.1.4
The SPI of the Key Encryption Key (KEK) that is currently being used by the Key Server to encrypt the GROUPKEY-PUSH keying & security association material sent to the Key Server's registered Group Members.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKekSPI

cgmGdoiKeyServerRekeysPushed		1.3.6.1.4.1.9.9.759.1.2.1.1.5
The sequence number of the last rekey sent from the Key Server to its registered Group Members for this GDOI group.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

cgmGdoiKeyServerRole		1.3.6.1.4.1.9.9.759.1.2.1.1.6
The current role of the queried Key Server for the Group.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKsRole

cgmGdoiKeyServerRegisteredGMs		1.3.6.1.4.1.9.9.759.1.2.1.1.7
The count of registered Group Members to the Key Server identified by the index.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmTable		1.3.6.1.4.1.9.9.759.1.2.2
A table of information regarding GDOI Group Members (GMs) locally configured on the network device being queried. Note that Local Group Members may or may not be registered to a Key Server in its GDOI Group on the same network device being queried.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CgmGdoiGmEntry

cgmGdoiGmEntry		1.3.6.1.4.1.9.9.759.1.2.2.1
An entry containing Local GDOI Group Member information, uniquely identified by Group & GM IDs. Because the Group Member is Local to the network device being queried, TEKs installed for this Group Member can be queried as well.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiGmEntry

cgmGdoiGmIdType		1.3.6.1.4.1.9.9.759.1.2.2.1.1
The Identification Type Value used to parse the identity information for a Initiator or Group Member. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiGmIdLength		1.3.6.1.4.1.9.9.759.1.2.2.1.2
The length (i.e. number of octets) of a Group Member ID. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' and 'DST ID Data Len' fields sent in the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmIdValue		1.3.6.1.4.1.9.9.759.1.2.2.1.3
The value of the identity information for a Group Member with its type indicated by the cgmGdoiGmIdType. Use the cgmGdoiGmIdType to parse the Group Member ID correctly. This Group Member ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiGmRegKeyServerIdType		1.3.6.1.4.1.9.9.759.1.2.2.1.4
The Identification Type Value used to parse the identity information of this Group Member's registered Key Server. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiGmRegKeyServerIdLength		1.3.6.1.4.1.9.9.759.1.2.2.1.5
The length (i.e. number of octets) of the registered Key Server's ID. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmRegKeyServerIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' and 'DST ID Data Len' fields sent in the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmRegKeyServerIdValue		1.3.6.1.4.1.9.9.759.1.2.2.1.6
The value of the identity information for this Group Member's registered Key Server with its type indicated by the cgmGdoiGmRegKeyServerIdType. Use the cgmGdoiGmRegKeyServerIdType to parse the registered Key Server's ID correctly. This Key Server ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiGmActiveKEK		1.3.6.1.4.1.9.9.759.1.2.2.1.7
The SPI of the Key Encryption Key (KEK) that is currently being used by the Group Member to authenticate & decrypt a rekey from a GROUPKEY-PUSH message.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKekSPI

cgmGdoiGmRekeysReceived		1.3.6.1.4.1.9.9.759.1.2.2.1.8
The sequence number of the last rekey successfully received from this Group Member's registered Key Server.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

cgmGdoiGmActiveTEKNum		1.3.6.1.4.1.9.9.759.1.2.2.1.9
The number of active traffic encryption keys (TEKS) currently being used by the Group Member to encrypt/decrypt/authenticate dataplane traffic.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

cgmGdoiCoopPeerTable		1.3.6.1.4.1.9.9.759.1.2.3
A table of information for the COOP peer(s). The information populated in this table, is extracted from the COOP messages exchanged between the local KS (device being queried) and the COOP Peer(s).
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CgmGdoiCoopPeerEntry

cgmGdoiCoopPeerEntry		1.3.6.1.4.1.9.9.759.1.2.3.1
An entry containing COOP Peer Key Server's (KS) information, uniquely identified by the Group & Peer Key Server IDs.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiCoopPeerEntry

cgmGdoiCoopPeerIdType		1.3.6.1.4.1.9.9.759.1.2.3.1.1
The Identification Type Value used to parse the identity information for a Key Server. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiCoopPeerIdLength		1.3.6.1.4.1.9.9.759.1.2.3.1.2
The length (i.e. number of octets) of a Peer (Key Server) ID. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiCoopPeerIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' and 'DST ID Data Len' fields sent in the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiCoopPeerIdValue		1.3.6.1.4.1.9.9.759.1.2.3.1.3
The value of the identity information for a COOP Key Server with its type indicated by the cgmGdoiCoopPeerIdType. Use the cgmGdoiCoopPeerIdType to parse the COOP Peer (Key Server) ID correctly. This COOP Peer (Key Server) ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiCoopPeerRole		1.3.6.1.4.1.9.9.759.1.2.3.1.4
The current role of the COOP Peer (Key Server) for the Group.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKsRole

cgmGdoiCoopPeerStatus		1.3.6.1.4.1.9.9.759.1.2.3.1.5
The current status of the COOP Peer (Key Server) as seen from the local Key Server.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKsStatus

cgmGdoiCoopPeerRegisteredGMs		1.3.6.1.4.1.9.9.759.1.2.3.1.6
The count of registered Group Members to the COOP Peer (Key Server) identified by the index.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsKekTable		1.3.6.1.4.1.9.9.759.1.3.1
A table of information regarding GDOI Key Encryption Key (KEK) Policies & Security Associations (SAs) currently configured/installed for GDOI entities acting as Key Servers on the network device being queried. There is one entry in this table for each KEK Policy/SA that has been configured/installed. Each KEK Policy/SA is uniquely identified by a SPI at any given time.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CgmGdoiKsKekEntry

cgmGdoiKsKekEntry		1.3.6.1.4.1.9.9.759.1.3.1.1
An entry containing the attributes associated with a GDOI KEK Policy/SA, uniquely identified by the Group ID, Key Server ID, & SPI value assigned by the given Key Server to the KEK. There will be at least one KEK Policy/SA entry for each Key Server & two KEK Policy/SA entries for a given Key Server only during a KEK rekey when a new KEK is created/installed. The KEK SPI is unique for every KEK for a given Key Server.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiKsKekEntry

cgmGdoiKsKekIndex		1.3.6.1.4.1.9.9.759.1.3.1.1.1
The index of the KS KEK.The value of the index is a number which begins at one and is incremented with each KS KEK that is to be created by the KS for that GDOI group.
Status: current	Access: not-accessible
OBJECT-TYPE
	Unsigned32

cgmGdoiKsKekSPI		1.3.6.1.4.1.9.9.759.1.3.1.1.2
The value of the Security Parameter Index (SPI) of a KEK Policy/SA. The SPI must be the ISAKMP Header cookie pair where the first 8 octets become the 'Initiator Cookie' field of the GROUPKEY-PUSH message ISAKMP HDR, and the second 8 octets become the 'Responder Cookie' in the same HDR. As described above, these cookies are assigned by the GCKS.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKekSPI

cgmGdoiKsKekSrcIdType		1.3.6.1.4.1.9.9.759.1.3.1.1.3
The Identification Type Value used to parse the identity information for the source of a KEK Policy/SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'SRC ID Type' of the KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiKsKekSrcIdLength		1.3.6.1.4.1.9.9.759.1.3.1.1.4
The length (i.e. number of octets) of the source ID of a KEK Policy/SA. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiKsKekSrcIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' field sent in the KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsKekSrcIdValue		1.3.6.1.4.1.9.9.759.1.3.1.1.5
The value of the identity information for the source of a KEK Policy/SA with its type indicated by the cgmGdoiKsKekSrcIdType. Use the cgmGdoiKsKekSrcIdType to parse the KEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiKsKekSrcIdPort		1.3.6.1.4.1.9.9.759.1.3.1.1.6
The value specifying a port associated with the source ID of a KEK Policy/SA. A value of zero means that the port should be ignored. This port value is sent as the `SRC ID Port` field of a KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiUnsigned16

cgmGdoiKsKekDstIdType		1.3.6.1.4.1.9.9.759.1.3.1.1.7
The Identification Type Value used to parse the identity information for the dest. of a KEK Policy/SA (multicast rekey address). RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'DST ID Type' of the KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiKsKekDstIdLength		1.3.6.1.4.1.9.9.759.1.3.1.1.8
The length (i.e. number of octets) of the destination ID of a KEK Policy/SA (multicast rekey address). If no length is given (i.e. it has a valueof 0), the default length of its cgmGdoiKsKekDstIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'DST ID Data Len' field sent in the KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsKekDstIdValue		1.3.6.1.4.1.9.9.759.1.3.1.1.9
The value of the identity information for the destination of a KEK Policy/SA (multicast rekey address) with its type indicated by the cgmGdoiKsKekDstIdType. Use the cgmGdoiKsKekDstIdType to parse the KEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiKsKekDstIdPort		1.3.6.1.4.1.9.9.759.1.3.1.1.10
The value specifying a port associated with the dest. ID of a KEK Policy/SA. A value of zero means that the port should be ignored. This port value is sent as the `DST ID Port` field of a KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiUnsigned16

cgmGdoiKsKekIpProtocol		1.3.6.1.4.1.9.9.759.1.3.1.1.11
The value of the IP protocol ID (e.g. UDP/TCP) being used for the rekey datagram.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIpProtocolId

cgmGdoiKsKekMgmtAlg		1.3.6.1.4.1.9.9.759.1.3.1.1.12
The value of the KEK_MANAGEMENT_ALGORITHM which specifies the group KEK management algorithm used to provide forward or backward access control (i.e. used to exclude group members). KEK Management Type Value ------------------- ----- RESERVED 0 LKH 1 RESERVED 2-127 Private Use 128-255
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKeyManagementAlgorithm

cgmGdoiKsKekEncryptAlg		1.3.6.1.4.1.9.9.759.1.3.1.1.13
The value of the KEK_ALGORITHM which specifies the encryption algorithm used with the KEK Policy/SA. A GDOI implementaiton must support KEK_ALG_3DES. Following are the KEK encryption algoritm values defined in the GDOI RFC 3547, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 KEK_ALG_DES 1 KEK_ALG_3DES 2 KEK_ALG_AES 3 RESERVED 4-127 Private Use 128-255
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiEncryptionAlgorithm

cgmGdoiKsKekEncryptKeyLength		1.3.6.1.4.1.9.9.759.1.3.1.1.14
The value of the KEK_KEY_LENGTH which specifies the KEK Algorithm key length (in bits).
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsKekSigHashAlg		1.3.6.1.4.1.9.9.759.1.3.1.1.15
The value of the SIG_HASH_ALGORITHM which specifies the SIG payload hash algorithm. This is not required (i.e. could have a value of zero) if the SIG_ALGORITHM is SIG_ALG_DSS or SIG_ALG_ECDSS, which imply SIG_HASH_SHA1 (i.e. must have a value of zero or SIG_HASH_SHA1). Following are the Signature Hash Algorithm values defined in the GDOI RFC 3547, however the CgmGdoiPseudoRandomFunction TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 SIG_HASH_MD5 1 SIG_HASH_SHA1 2 RESERVED 3-127 Private Use 128-255
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiPseudoRandomFunction

cgmGdoiKsKekSigAlg		1.3.6.1.4.1.9.9.759.1.3.1.1.16
The value of the SIG_ALGORITHM which specifies the SIG payload signature algorithm. A GDOI implementation must support SIG_ALG_RSA. Following are the Signature Algorithm values defined in the GDOI RFC 3547, however the CgmGdoiSignatureMethod TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 SIG_ALG_RSA 1 SIG_ALG_DSS 2 SIG_ALG_ECDSS 3 RESERVED 4-127 Private Use 128-255
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiSignatureMethod

cgmGdoiKsKekSigKeyLength		1.3.6.1.4.1.9.9.759.1.3.1.1.17
The value of the SIG_KEY_LENGTH which specifies the length of the SIG payload key.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsKekOakleyGroup		1.3.6.1.4.1.9.9.759.1.3.1.1.18
The value of the KE_OAKLEY_GROUP which specifies the OAKLEY or Diffie-Hellman Group used to compute the PFS secret in the optional KE payload of the GDOI GROUPKEY-PULL exchange.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiDiffieHellmanGroup

cgmGdoiKsKekOriginalLifetime		1.3.6.1.4.1.9.9.759.1.3.1.1.19
The value of the KEK_KEY_LIFETIME which specifies the maximum time for which a KEK is valid. The GCKS may refresh the KEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsKekRemainingLifetime		1.3.6.1.4.1.9.9.759.1.3.1.1.20
The value of the remaining time for which a KEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of cgmGdoiKsKekOriginalLifetime when the KEK is sent and counts down to zero in seconds. If the lifetime has already expired, this value should remain at zero (0) until the Key Server refreshes the KEK.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsKekStatus		1.3.6.1.4.1.9.9.759.1.3.1.1.21
The status of the KEK Policy/SA. When this status value is queried, one of the following is returned: inUse(1), new(2), old(3).
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKekStatus

cgmGdoiGmKekTable		1.3.6.1.4.1.9.9.759.1.3.2
A table of information regarding GDOI Key Encryption Key (KEK) Security Associations (SAs) currently installed for GDOI entities acting as Group Members on the network device being queried. There is one entry in this table for each KEK SA that has been installed and not yet deleted. Each KEK SA is uniquely identified by a SPI at any given time.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CgmGdoiGmKekEntry

cgmGdoiGmKekEntry		1.3.6.1.4.1.9.9.759.1.3.2.1
An entry containing the attributes associated with a GDOI KEK SA, uniquely identified by the Group ID, Group Member (GM) ID, & SPI value assigned by the GM's registered Key Server to the KEK. There will be at least one KEK SA entry for each GM & two KEK SA entries for a given GM only during a KEK rekey when a new KEK is received & installed. The KEK SPI is unique for every KEK for a given Group Member.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiGmKekEntry

cgmGdoiGmKekIndex		1.3.6.1.4.1.9.9.759.1.3.2.1.1
The index of the GM KEK in table.The value of the index is a number which begins at one and is incremented with each KEK that is used by the GM for that GDOI group.
Status: current	Access: not-accessible
OBJECT-TYPE
	Unsigned32

cgmGdoiGmKekSPI		1.3.6.1.4.1.9.9.759.1.3.2.1.2
The value of the Security Parameter Index (SPI) of a KEK SA. The SPI must be the ISAKMP Header cookie pair where the first 8 octets become the 'Initiator Cookie' field of the GROUPKEY-PUSH message ISAKMP HDR, and the second 8 octets become the 'Responder Cookie' in the same HDR. As described above, these cookies are assigned by the GCKS.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKekSPI

cgmGdoiGmKekSrcIdType		1.3.6.1.4.1.9.9.759.1.3.2.1.3
The Identification Type Value used to parse the identity information for the source of a KEK SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'SRC ID Type' of the KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiGmKekSrcIdLength		1.3.6.1.4.1.9.9.759.1.3.2.1.4
The length (i.e. number of octets) of the source ID of a KEK SA. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmKekSrcIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' field sent in the KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmKekSrcIdValue		1.3.6.1.4.1.9.9.759.1.3.2.1.5
The value of the identity information for the source of a KEK SA with its type indicated by the cgmGdoiGmKekSrcIdType. Use the cgmGdoiGmKekSrcIdType to parse the KEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiGmKekSrcIdPort		1.3.6.1.4.1.9.9.759.1.3.2.1.6
The value specifying a port associated with the source ID of a KEK SA. A value of zero means that the port should be ignored. This port value is sent as the `SRC ID Port` field of a KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiUnsigned16

cgmGdoiGmKekDstIdType		1.3.6.1.4.1.9.9.759.1.3.2.1.7
The Identification Type Value used to parse the identity information for the dest. (multicast rekey address) of a KEK SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'DST ID Type' of the KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiGmKekDstIdLength		1.3.6.1.4.1.9.9.759.1.3.2.1.8
The length (i.e. number of octets) of the destination ID of a KEK SA. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmKekDstIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'DST ID Data Len' field sent in the KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmKekDstIdValue		1.3.6.1.4.1.9.9.759.1.3.2.1.9
The value of the identity information for the destination of a KEK SA (multicast rekey address) with its type indicated by cgmGdoiGmKekDstIdType. Use the cgmGdoiGmKekDstIdType to parse the KEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiGmKekDstIdPort		1.3.6.1.4.1.9.9.759.1.3.2.1.10
The value specifying a port associated with the dest. ID of a KEK SA. A value of zero means that the port should be ignored. This port value is sent as the `DST ID Port` field of a KEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiUnsigned16

cgmGdoiGmKekIpProtocol		1.3.6.1.4.1.9.9.759.1.3.2.1.11
The value of the IP protocol ID (e.g. UDP/TCP) being used for the rekey datagram.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIpProtocolId

cgmGdoiGmKekMgmtAlg		1.3.6.1.4.1.9.9.759.1.3.2.1.12
The value of the KEK_MANAGEMENT_ALGORITHM which specifies the group KEK management algorithm used to provide forward or backward access control (i.e. used to exclude group members). KEK Management Type Value ------------------- ----- RESERVED 0 LKH 1 RESERVED 2-127 Private Use 128-255
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKeyManagementAlgorithm

cgmGdoiGmKekEncryptAlg		1.3.6.1.4.1.9.9.759.1.3.2.1.13
The value of the KEK_ALGORITHM which specifies the encryption algorithm used with the KEK SA. A GDOI implementaiton must support KEK_ALG_3DES. Following are the KEK encryption algoritm values defined in the GDOI RFC 3547, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 KEK_ALG_DES 1 KEK_ALG_3DES 2 KEK_ALG_AES 3 RESERVED 4-127 Private Use 128-255
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiEncryptionAlgorithm

cgmGdoiGmKekEncryptKeyLength		1.3.6.1.4.1.9.9.759.1.3.2.1.14
The value of the KEK_KEY_LENGTH which specifies the KEK Algorithm key length (in bits).
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmKekSigHashAlg		1.3.6.1.4.1.9.9.759.1.3.2.1.15
The value of the SIG_HASH_ALGORITHM which specifies the SIG payload hash algorithm. This is not required (i.e. could have a value of zero) if the SIG_ALGORITHM is SIG_ALG_DSS or SIG_ALG_ECDSS, which imply SIG_HASH_SHA1 (i.e. must have a value of zero or SIG_HASH_SHA1). Following are the Signature Hash Algorithm values defined in the GDOI RFC 3547, however the CgmGdoiPseudoRandomFunction TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 SIG_HASH_MD5 1 SIG_HASH_SHA1 2 RESERVED 3-127 Private Use 128-255
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiPseudoRandomFunction

cgmGdoiGmKekSigAlg		1.3.6.1.4.1.9.9.759.1.3.2.1.16
The value of the SIG_ALGORITHM which specifies the SIG payload signature algorithm. A GDOI implementation must support SIG_ALG_RSA. Following are the Signature Algorithm values defined in the GDOI RFC 3547, however the CgmGdoiSignatureMethod TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 SIG_ALG_RSA 1 SIG_ALG_DSS 2 SIG_ALG_ECDSS 3 RESERVED 4-127 Private Use 128-255
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiSignatureMethod

cgmGdoiGmKekSigKeyLength		1.3.6.1.4.1.9.9.759.1.3.2.1.17
The value of the SIG_KEY_LENGTH which specifies the length of the SIG payload key.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmKekOakleyGroup		1.3.6.1.4.1.9.9.759.1.3.2.1.18
The value of the KE_OAKLEY_GROUP which specifies the OAKLEY or Diffie-Hellman Group used to compute the PFS secret in the optional KE payload of the GDOI GROUPKEY-PULL exchange.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiDiffieHellmanGroup

cgmGdoiGmKekOriginalLifetime		1.3.6.1.4.1.9.9.759.1.3.2.1.19
The value of the KEK_KEY_LIFETIME which specifies the maximum time for which a KEK is valid. The GCKS may refresh the KEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmKekRemainingLifetime		1.3.6.1.4.1.9.9.759.1.3.2.1.20
The value of the remaining time for which a KEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of cgmGdoiGmKekOriginalLifetime and counts down to 0 in seconds. If the lifetime has already expired, this value should remain at zero (0) until the GCKS refreshes the KEK.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmKekStatus		1.3.6.1.4.1.9.9.759.1.3.2.1.21
The status of the KEK SA. When this status value is queried, one of the following is returned: inUse(1), new(2), old(3).
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiKekStatus

cgmGdoiKsTekSelectorTable		1.3.6.1.4.1.9.9.759.1.3.3
A table of information regarding GDOI Traffic Encryption Key (TEK) Selectors (source, destination, protocol information) that is currently configured/pushed for GDOI entities acting as Key Servers on the network device being queried. There is one entry in this table for each TEK that has been configured & pushed to Group Members registered to the given Key Server.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CgmGdoiKsTekSelectorEntry

cgmGdoiKsTekSelectorEntry		1.3.6.1.4.1.9.9.759.1.3.3.1
An entry containing the Source/Destination attributes associated with a GDOI TEK Policy, uniquely identified by the Group ID, Key Server ID and TEK Selector index. There will be one entry for each Source/Destination Policy sent by the given Key Server to its registered Group Members, each with a unique 5-tuple. However, due to the 255-octet constraint placed on an OID, the 4-tuple cannot be used to INDEX a TEK entry for a given Group ID & Key Server ID. Therefore, the TEK Selector index for a given Group ID & Key Server ID MUST be unique. The TEK SPI is part of the TEK Policy Table.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiKsTekSelectorEntry

cgmGdoiKsTekSelectorIndex		1.3.6.1.4.1.9.9.759.1.3.3.1.1
The index of the Source/Destination tuple to be secured by the KS TEK.The value of the index is a number which begins at one and is incremented with each Source/Destination pair that is to be secured by the KS TEK policy for that GDOI group.
Status: current	Access: not-accessible
OBJECT-TYPE
	Unsigned32

cgmGdoiKsTekSrcIdType		1.3.6.1.4.1.9.9.759.1.3.3.1.2
The Identification Type Value used to parse the identity information for the source of a TEK Policy. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'SRC ID Type' of the TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiKsTekSrcIdLength		1.3.6.1.4.1.9.9.759.1.3.3.1.3
The length (i.e. number of octets) of the source ID of a TEK Policy. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiKsTekSrcIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' field sent in the TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsTekSrcIdValue		1.3.6.1.4.1.9.9.759.1.3.3.1.4
The value of the identity information for the source of a TEK Policy with its type indicated by the cgmGdoiKsTekSrcIdType. Use the cgmGdoiKsTekSrcIdType to parse the TEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiKsTekSrcIdPort		1.3.6.1.4.1.9.9.759.1.3.3.1.5
The value specifying a port associated with the source ID of a TEK Policy. A value of zero means that the port should be ignored. This port value is sent as the `SRC ID Port` field of a TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiUnsigned16

cgmGdoiKsTekDstIdType		1.3.6.1.4.1.9.9.759.1.3.3.1.6
The Identification Type Value used to parse the identity information for the dest. of a TEK Policy. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'DST ID Type' of the TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiKsTekDstIdLength		1.3.6.1.4.1.9.9.759.1.3.3.1.7
The length (i.e. number of octets) of the destination ID of a TEK Policy. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiKsTekDstIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'DST ID Data Len' field sent in the TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsTekDstIdValue		1.3.6.1.4.1.9.9.759.1.3.3.1.8
The value of the identity information for the destination of a TEK Policy with its type indicated by the cgmGdoiKsTekDstIdType. Use the cgmGdoiKsTekDstIdType to parse the TEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiKsTekDstIdPort		1.3.6.1.4.1.9.9.759.1.3.3.1.9
The value specifying a port associated with the dest. ID of a TEK Policy. A value of zero means that the port should be ignored. This port value is sent as the `DST ID Port` field of a TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiUnsigned16

cgmGdoiKsTekSecurityProtocol		1.3.6.1.4.1.9.9.759.1.3.3.1.10
The value of the Protocol-ID field of a SA TEK (SAT) payload which specifies the Security Protocol for a TEK. Following are the Security Protocol values defined in the GDOI RFC 3547, however the CgmGdoiSecurityProtocol TC defines all possible values. Protocol ID Value ---------------------- ----- RESERVED 0 GDOI_PROTO_IPSEC_ESP 1 RESERVED 2-127 Private Use 128-255
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiSecurityProtocol

cgmGdoiKsTekPolicyTable		1.3.6.1.4.1.9.9.759.1.3.4
A table of information regarding GDOI Traffic Encryption Key (TEK) Policies currently configured/pushed for GDOI entities acting as Key Servers on the network device being queried. There is one entry in this table for each TEK that has been configured & pushed to Group Members registered to the given Key Server.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CgmGdoiKsTekPolicyEntry

cgmGdoiKsTekPolicyEntry		1.3.6.1.4.1.9.9.759.1.3.4.1
An entry containing the attributes associated with a GDOI TEK Policy, uniquely identified by the Group ID, Key Server ID, TEK Selector Index (Source/Destination IDs & Ports), and TEK Policy Index (TEK SPI and direction). There will be one or more TEK entries for each TEK Policy sent by the given Key Server to its registered Group Members, each with a unique 5-tuple.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiKsTekPolicyEntry

cgmGdoiKsTekPolicyIndex		1.3.6.1.4.1.9.9.759.1.3.4.1.1
The index of the policy that is used to secure the KS TEK. The value of the index is a number which begins at one and is incremented with each row in this table.
Status: current	Access: not-accessible
OBJECT-TYPE
	Unsigned32

cgmGdoiKsTekSPI		1.3.6.1.4.1.9.9.759.1.3.4.1.2
The value of the Security Parameter Index (SPI) of a TEK Policy. The SPI must be the SPI for ESP.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiTekSPI

cgmGdoiKsTekEncapsulationMode		1.3.6.1.4.1.9.9.759.1.3.4.1.3
The value of the Encapsulation Mode of a TEK (IPsec SA). Following are the Encapsulation Mode values defined in RFC 2407, however the CgmGdoiEncapsulationMode TC defines all possible values. Encapsulation Mode Value ------------------ ----- RESERVED 0 Tunnel 1 Transport 2
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiEncapsulationMode

cgmGdoiKsTekEncryptionAlgorithm		1.3.6.1.4.1.9.9.759.1.3.4.1.4
The value of the Transform ID field of a PROTO_IPSEC_ESP payload which specifies the ESP transform to be used. If no encryption is used, this value will be zero (0). Following are the ESP Transform values defined in RFC 2407, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. IPsec ESP Transform ID Value ------------------------ ----- RESERVED 0 ESP_DES_IV64 1 ESP_DES 2 ESP_3DES 3 ESP_RC5 4 ESP_IDEA 5 ESP_CAST 6 ESP_BLOWFISH 7 ESP_3IDEA 8 ESP_DES_IV32 9 ESP_RC4 10 ESP_NULL 11
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiEncryptionAlgorithm

cgmGdoiKsTekEncryptionKeyLength		1.3.6.1.4.1.9.9.759.1.3.4.1.5
The length of the key used for encryption in a TEK (in bits).
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsTekIntegrityAlgorithm		1.3.6.1.4.1.9.9.759.1.3.4.1.6
The value of the Authentication Algorithm for a TEK IPsec ESP SA. If no authentication is used, this value will be zero (0). Following are the Authentication Algorithm values defined in RFC 2407, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- HMAC-MD5 1 HMAC-SHA 2 DES-MAC 3 KPDK 4
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIntegrityAlgorithm

cgmGdoiKsTekIntegrityKeyLength		1.3.6.1.4.1.9.9.759.1.3.4.1.7
The length of the key used for integrity/authentication in a TEK (in bits).
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsTekWindowSize		1.3.6.1.4.1.9.9.759.1.3.4.1.8
The size of the Time Based Anti-Replay (TBAR) window used by this TEK Policy.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsTekOriginalLifetime		1.3.6.1.4.1.9.9.759.1.3.4.1.9
The value of the SA Life Type defined in RFC 2407 which specifies the maximum time for which a TEK IPsec SA is valid. The GCKS may refresh the TEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsTekRemainingLifetime		1.3.6.1.4.1.9.9.759.1.3.4.1.10
The value of the remaining time for which a TEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of cgmGdoiKsTekOriginalLifetime when the TEK is sent and counts down to zero in seconds. If the lifetime has already expired, this value should remain at zero (0) until the Key Server refreshes the TEK.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiKsTekStatus		1.3.6.1.4.1.9.9.759.1.3.4.1.11
The status of the TEK Policy. When this status value is queried, one of the following is returned: inbound(1), outbound(2), notInUse(3).
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiTekStatus

cgmGdoiGmTekSelectorTable		1.3.6.1.4.1.9.9.759.1.3.5
A table of information regarding GDOI Traffic Encryption Key (TEK) Security Associations (SAs/Policies) pushed by a Key Server & installed for GDOI entities acting as Group Members (GMs) on the network device being queried. There is one entry in this table for each unique TEK traffic selector (Source/Destination tuple) that has been downloaded from the Key Server and installed on the Group Member.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CgmGdoiGmTekSelectorEntry

cgmGdoiGmTekSelectorEntry		1.3.6.1.4.1.9.9.759.1.3.5.1
An entry containing the attributes associated with a GDOI TEK Policy/SA, uniquely identified by the Group ID, Group Member ID, Source/Destination IDs & Ports, and TEK SPI. There will be one or more TEK entries for each TEK Policy/SA received and installed by the given Group Member from its registered Key Server, each with a unique 5-tuple. This table does not contain the SPI which is part of the TEK policy table.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiGmTekSelectorEntry

cgmGdoiGmTekSelectorIndex		1.3.6.1.4.1.9.9.759.1.3.5.1.1
The index of the Source/Destination pair secured by the GM TEK.The value of the index is a number which begins at one and is incremented with each Source/Destination pair that is secured by the GM TEK policy for that GDOI group.
Status: current	Access: not-accessible
OBJECT-TYPE
	Unsigned32

cgmGdoiGmTekSrcIdType		1.3.6.1.4.1.9.9.759.1.3.5.1.2
The Identification Type Value used to parse the identity information for the source of a TEK Policy/SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'SRC ID Type' of the TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiGmTekSrcIdLength		1.3.6.1.4.1.9.9.759.1.3.5.1.3
The length (i.e. number of octets) of the source ID of a TEK Policy/SA. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmTekSrcIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' field sent in the TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmTekSrcIdValue		1.3.6.1.4.1.9.9.759.1.3.5.1.4
The value of the identity information for the source of a TEK Policy/SA with its type indicated by the cgmGdoiGmTekSrcIdType. Use the cgmGdoiGmTekSrcIdType to parse the TEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiGmTekSrcIdPort		1.3.6.1.4.1.9.9.759.1.3.5.1.5
The value specifying a port associated with the source ID of a TEK Policy/SA. A value of zero means that the port should be ignored. This port value is sent as the `SRC ID Port` field of a TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiUnsigned16

cgmGdoiGmTekDstIdType		1.3.6.1.4.1.9.9.759.1.3.5.1.6
The Identification Type Value used to parse the identity information for the dest. of a TEK Policy/SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'DST ID Type' of the TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiGmTekDstIdLength		1.3.6.1.4.1.9.9.759.1.3.5.1.7
The length (i.e. number of octets) of the destination ID of a TEK Policy/SA. If no length is given (i.e. it has a value of 0), the default length of its cgmGdoiGmTekDstIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'DST ID Data Len' field sent in the TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmTekDstIdValue		1.3.6.1.4.1.9.9.759.1.3.5.1.8
The value of the identity information for the destination of a TEK Policy/SA with its type indicated by the cgmGdoiGmTekDstIdType. Use the cgmGdoiGmTekDstIdType to parse the TEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiGmTekDstIdPort		1.3.6.1.4.1.9.9.759.1.3.5.1.9
The value specifying a port associated with the dest. ID of a TEK Policy/SA. A value of zero means that the port should be ignored. This port value is sent as the `DST ID Port` field of a TEK payload.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiUnsigned16

cgmGdoiGmTekSecurityProtocol		1.3.6.1.4.1.9.9.759.1.3.5.1.10
The value of the Protocol-ID field of a SA TEK (SAT) payload which specifies the Security Protocol for a TEK. Following are the Security Protocol values defined in the GDOI RFC 3547, however the CgmGdoiSecurityProtocol TC defines all possible values. Protocol ID Value ---------------------- ----- RESERVED 0 GDOI_PROTO_IPSEC_ESP 1 RESERVED 2-127 Private Use 128-255
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiSecurityProtocol

cgmGdoiGmTekPolicyTable		1.3.6.1.4.1.9.9.759.1.3.6
A table of information regarding GDOI Traffic Encryption Key (TEK) Security Associations (SAs/Policies) received by a Key Server & installed for GDOI entities acting as Group Members (GMs) on the network device being queried. There is one entry in this table for each TEK SA that has been installed on the Group Member.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		CgmGdoiGmTekPolicyEntry

cgmGdoiGmTekPolicyEntry		1.3.6.1.4.1.9.9.759.1.3.6.1
An entry containing the attributes associated with a GDOI TEK Policy/SA, uniquely identified by the Group ID, Group Member ID, TEK Selector (Source/Destination IDs & Ports), and TEK Policy index (TEK SPI and direction). There will be one or more TEK entries for each TEK Policy/SA received and installed by the given Group Member from its registered Key Server, each with a unique tuple. This table contains the SPI information corresponding to a TEK Selector index.
Status: current	Access: not-accessible
OBJECT-TYPE
	CgmGdoiGmTekPolicyEntry

cgmGdoiGmTekPolicyIndex		1.3.6.1.4.1.9.9.759.1.3.6.1.1
The index of the SPI used to secure the GM TEK.The value of the index is a number which begins at one and is incremented with each row of the GM TEK SPI table.
Status: current	Access: not-accessible
OBJECT-TYPE
	Unsigned32

cgmGdoiGmTekSPI		1.3.6.1.4.1.9.9.759.1.3.6.1.2
The value of the Security Parameter Index (SPI) of a TEK Policy/SA. The SPI must be the SPI for ESP.
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiTekSPI

cgmGdoiGmTekEncapsulationMode		1.3.6.1.4.1.9.9.759.1.3.6.1.3
The value of the Encapsulation Mode of a TEK (IPsec SA). Following are the Encapsulation Mode values defined in RFC 2407, however the CgmGdoiEncapsulationMode TC defines all possible values. Encapsulation Mode Value ------------------ ----- RESERVED 0 Tunnel 1 Transport 2
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiEncapsulationMode

cgmGdoiGmTekEncryptionAlgorithm		1.3.6.1.4.1.9.9.759.1.3.6.1.4
The value of the Transform ID field of a PROTO_IPSEC_ESP payload which specifies the ESP transform to be used. If no encryption is used, this value will be zero (0). Following are the ESP Transform values defined in RFC 2407, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. IPsec ESP Transform ID Value ------------------------ ----- RESERVED 0 ESP_DES_IV64 1 ESP_DES 2 ESP_3DES 3 ESP_RC5 4 ESP_IDEA 5 ESP_CAST 6 ESP_BLOWFISH 7 ESP_3IDEA 8 ESP_DES_IV32 9 ESP_RC4 10 ESP_NULL 11
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiEncryptionAlgorithm

cgmGdoiGmTekEncryptionKeyLength		1.3.6.1.4.1.9.9.759.1.3.6.1.5
The length of the key used for encryption in a TEK (in bits).
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmTekIntegrityAlgorithm		1.3.6.1.4.1.9.9.759.1.3.6.1.6
The value of the Authentication Algorithm for a TEK IPsec ESP SA. If no authentication is used, this value will be zero (0). Following are the Authentication Algorithm values defined in RFC 2407, however the CgmGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- HMAC-MD5 1 HMAC-SHA 2 DES-MAC 3 KPDK 4
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiIntegrityAlgorithm

cgmGdoiGmTekIntegrityKeyLength		1.3.6.1.4.1.9.9.759.1.3.6.1.7
The length of the key used for integrity/authentication in a TEK (in bits).
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmTekWindowSize		1.3.6.1.4.1.9.9.759.1.3.6.1.8
The size of the Time Based Anti-Replay (TBAR) window used by this TEK Policy/SA.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmTekOriginalLifetime		1.3.6.1.4.1.9.9.759.1.3.6.1.9
The value of the SA Life Type defined in RFC 2407 which specifies the maximum time for which a TEK IPsec SA is valid. The GCKS may refresh the TEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmTekRemainingLifetime		1.3.6.1.4.1.9.9.759.1.3.6.1.10
The value of the remaining time for which a TEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of cgmGdoiGmTekOriginalLifetime and counts down to 0 in seconds. If the lifetime has already expired, this value should remain at zero (0) until the GCKS refreshes the TEK.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

cgmGdoiGmTekStatus		1.3.6.1.4.1.9.9.759.1.3.6.1.11
The status of the TEK Policy/SA. When this status value is queried, one of the following is returned: inbound(1), outbound(2), notInUse(3).
Status: current	Access: read-only
OBJECT-TYPE
	CgmGdoiTekStatus

cgmGdoiKSNewRegNotifEnable		1.3.6.1.4.1.9.9.759.1.4.1
Indicates whether or not a notification should be generated on a Key Server when a new Group Member begins registration to a GDOI group.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cgmGdoiKSRegCompNotifEnable		1.3.6.1.4.1.9.9.759.1.4.2
Indicates whether or not a notification should be generated on a Key Server when a new Group Member successfully registers to a GDOI group.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cgmGdoiKSRekeyPushNotifEnable		1.3.6.1.4.1.9.9.759.1.4.3
Indicates whether or not a notification should be generated on a Key Server when a rekey is sent to a GDOI group.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cgmGdoiKSNoRSANotifEnable		1.3.6.1.4.1.9.9.759.1.4.4
Indicates whether or not an error notification should be generated on a Key Server when an RSA key is not set up.
Status: current	Access: read-write
OBJECT-TYPE
	TruthValue

cgmGdoiGMRegNotifEnable		1.3.6.1.4.1.9.9.759.1.4.5
Indicates whether or not a notification should be generated on a Group Member when it starts registration to a Key Server in a GDOI group.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiGmRegCompNotifEnable		1.3.6.1.4.1.9.9.759.1.4.6
Indicates whether or not a notification should be generated on a Group Member when it successfully registers to a Key Server in a GDOI group.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiGmReRegNotifEnable		1.3.6.1.4.1.9.9.759.1.4.7
Indicates whether or not a notification should be generated on a Group Member when it starts to re-register to a Key Server in a GDOI group.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiGmRekeyRecNotifEnable		1.3.6.1.4.1.9.9.759.1.4.8
Indicates whether or not a notification should be generated on a Group Member when it receives and processes a rekey sent by a Key Server in a GDOI group.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiGmIncompCfgNotifEnable		1.3.6.1.4.1.9.9.759.1.4.9
Indicates whether or not an error notification should be generated on a Group Member when there is missing information for configuring a GDOI group.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiGmNoIpSecFlowsNotifEnable		1.3.6.1.4.1.9.9.759.1.4.10
Indicates whether or not an error notification should be generated on a Group Member when no more security associations can be installed after receiving a rekey from a Key Server in a GDOI group.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiGmRekeyFailNotifEnable		1.3.6.1.4.1.9.9.759.1.4.11
Indicates whether or not an error notification should be generated on a Group Member when it is unable to successfully process and install a rekey.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiKsRoleChangeNotifEnable		1.3.6.1.4.1.9.9.759.1.4.12
Indicates whether or not cgmGdoiKeyServerRoleChange notification should be generated on a Key Server when its role changes from Primary to Secondary or vice-versa.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiKsGmDeletedNotifEnable		1.3.6.1.4.1.9.9.759.1.4.13
Indicates whether or not cgmGdoiKeyServerGmDeleted notification should be generated on a Key Server when a Group Member is deleted from the group database.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiKsPeerReachNotifEnable		1.3.6.1.4.1.9.9.759.1.4.14
Indicates whether or not cgmGdoiKeyServerPeerReachable notification should be generated on a Key Server when unreachable peer Key Server becomes reachable.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiKsPeerUnreachNotifEnable		1.3.6.1.4.1.9.9.759.1.4.15
Indicates whether or not cgmGdoiKeyServerPeerUnreachable notification should be generated on a Key Server when reachable peer Key Server becomes unreachable.
Status: current	Access: read-only
OBJECT-TYPE
	TruthValue

cgmGdoiNotifGroupIdType		1.3.6.1.4.1.9.9.759.1.5.1
Variable used only for notifications. This variable captures the identification type of the GDOI group.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiNotifGroupIdValue		1.3.6.1.4.1.9.9.759.1.5.2
Variable used only for notifications. The value of a Group ID with its type indicated by the cgmGdoiNotifGroupIdType. Use the cgmGdoiNotifGroupIdType to parse the value of this field correctly.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiNotifGroupName		1.3.6.1.4.1.9.9.759.1.5.3
Variable used only for notifications. The string-readable name configured for or given to a GDOI Group.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	DisplayString

cgmGdoiNotifKeyServerIdType		1.3.6.1.4.1.9.9.759.1.5.4
Variable used only for notifications. The Identification Type Value used to parse the identity information of a Key Server.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiNotifKeyServerIdValue		1.3.6.1.4.1.9.9.759.1.5.5
Variable used only for notifications. The value of the identity information for a Key Server with its type indicated by the cgmGdoiNotifKeyServerIdType. Use the cgmGdoiNotifKeyServerIdType to parse the Key Server ID correctly.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiNotifKeyServerRole		1.3.6.1.4.1.9.9.759.1.5.6
Variable used only for notifications. The current role of the Key Server for the Group.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	CgmGdoiKsRole

cgmGdoiNotifGmIdType		1.3.6.1.4.1.9.9.759.1.5.7
Variable used only for notifications. The Identification Type Value used to parse the identity information for a Initiator or Group Member.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiNotifGmIdValue		1.3.6.1.4.1.9.9.759.1.5.8
Variable used only for notifications. The value of the identity information for a Group Member with its type indicated by the cgmGdoiNotifGmIdType. Use the cgmGdoiNotifGmIdType to parse the Group Member ID's value correctly.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiNotifPeerKsIdType		1.3.6.1.4.1.9.9.759.1.5.9
Variable used only for notifications. The Identification Type Value used to parse the identity information of a Key Server.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	CgmGdoiIdentificationType

cgmGdoiNotifPeerKsIdValue		1.3.6.1.4.1.9.9.759.1.5.10
Variable used only for notifications. The value of the identity information for a Peer Key Server with its type indicated by the cgmGdoiNotifPeerKsIdType. Use the cgmGdoiNotifPeerKsIdType to parse the Peer Key Server ID correctly.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	CgmGdoiIdentificationValue

cgmGdoiMIBGroups		1.3.6.1.4.1.9.9.759.2.1
OBJECT IDENTIFIER

cgmGdoiMIBCompliances		1.3.6.1.4.1.9.9.759.2.2
OBJECT IDENTIFIER

cgmGdoiGroupIdGroup		1.3.6.1.4.1.9.9.759.2.1.1
This group consists of: 1) GDOI Group Table cgmGdoiGroupIdGroupRev1 is an extension to this group.
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiKeyServerGroup		1.3.6.1.4.1.9.9.759.2.1.2
This group consists of: 1) GDOI Key Server Table cgmGdoiKeyServerGroupRev1 is an extension to this group.
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiGmGroup		1.3.6.1.4.1.9.9.759.2.1.3
This group consists of: 1) GDOI GM Table cgmGdoiGmGroupRev1 is an extension to this group.
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiKsSecurityAssociationsGroup		1.3.6.1.4.1.9.9.759.2.1.4
This group consists of: 1) GDOI Key Server KEK Policy/SA Table 2) GDOI Key Server TEK Policy Table
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiGmSecurityAssociationsGroup		1.3.6.1.4.1.9.9.759.2.1.5
This group consists of: 1) GDOI Group Member KEK Policy/SA Table 2) GDOI Group Member TEK Policy/SA Table
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiKeyServerNotificationGroup		1.3.6.1.4.1.9.9.759.2.1.6
This group contains the Key Server (GCKS) notifications for the GDOI MIB. cgmGdoiKeyServerNotificationGroupRev1 is an extension to this group.
Status: current	Access: accessible-for-notify
NOTIFICATION-GROUP

cgmGdoiKeyServerErrorNotificationGroup		1.3.6.1.4.1.9.9.759.2.1.7
This group contains the Key Server (GCKS) error notifications for the GDOI MIB.
Status: current	Access: accessible-for-notify
NOTIFICATION-GROUP

cgmGdoiGmNotificationGroup		1.3.6.1.4.1.9.9.759.2.1.8
This group contains the Group Member (GM) notifications for the GDOI MIB.
Status: current	Access: accessible-for-notify
NOTIFICATION-GROUP

cgmGdoiGmErrorNotificationGroup		1.3.6.1.4.1.9.9.759.2.1.9
This group contains the Group Member (GM) error notifications for the GDOI MIB.
Status: current	Access: accessible-for-notify
NOTIFICATION-GROUP

cgmGdoiNotificationControlGroup		1.3.6.1.4.1.9.9.759.2.1.10
This group contains the GDOI notification control objects for the GDOI MIB. cgmGdoiNotificationControlGroupRev1 is an extension to this group.
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiGroupIdGroupRev1		1.3.6.1.4.1.9.9.759.2.1.11
This group consists of: 1) GDOI Group Table This group is an extension to cgmGdoiGroupIdGroup.
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiKeyServerGroupRev1		1.3.6.1.4.1.9.9.759.2.1.12
This group consists of: 1) GDOI Key Server Table This group is an extension to cgmGdoiKeyServerGroup.
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiGmGroupRev1		1.3.6.1.4.1.9.9.759.2.1.13
This group consists of: 1) GDOI GM Table This group is an extension to cgmGdoiGmGroup.
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiKeyServerNotificationGroupRev1		1.3.6.1.4.1.9.9.759.2.1.14
This group contains the Key Server (GCKS) notifications for the GDOI MIB. This group is an extension to cgmGdoiKeyServerNotificationGroup.
Status: current	Access: accessible-for-notify
NOTIFICATION-GROUP

cgmGdoiNotificationControlGroupRev1		1.3.6.1.4.1.9.9.759.2.1.15
This group contains the GDOI notification control objects for the GDOI MIB. This group is an extension to cgmGdoiNotificationControlGroup.
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiCoopPeerGroup		1.3.6.1.4.1.9.9.759.2.1.16
This group consists of: 1) COOP Peer Key Server Table
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiNotificationVariablesGroup		1.3.6.1.4.1.9.9.759.2.1.17
This group contains the GDOI notification variables for the GDOI MIB.
Status: current	Access: accessible-for-notify
OBJECT-GROUP

cgmGdoiMIBCompliance		1.3.6.1.4.1.9.9.759.2.2.1
At minimum, only GDOI Group Member functionality is required so only objects associated with and needed by Group Members are mandatory to implement. If Key Server functionality is also implemented, all other objects will need to be implemented as well. This group is deprecated and is superseeded by cgmGdoiMIBCompliance1.
Status: deprecated	Access: accessible-for-notify
MODULE-COMPLIANCE

cgmGdoiMIBComplianceRev1		1.3.6.1.4.1.9.9.759.2.2.2
At minimum, only GDOI Group Member functionality is required so only objects associated with and needed by Group Members are mandatory to implement. If Key Server functionality is also implemented, all other objects will need to be implemented as well. Updated the conformance group with new MIB Groups and objects with min-access as read-only.
Status: current	Access: read-only
MODULE-COMPLIANCE