CISCO-IPSEC-PROVISIONING-MIB

File: CISCO-IPSEC-PROVISIONING-MIB.mib (56861 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
IF-MIB SNMP-FRAMEWORK-MIB INET-ADDRESS-MIB
CISCO-IPSEC-TC CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE NOTIFICATION-TYPE
Unsigned32 MODULE-COMPLIANCE OBJECT-GROUP
NOTIFICATION-GROUP RowStatus TruthValue
ifIndex SnmpAdminString InetAddressType
InetAddress CIPsecTransform CIPsecLifetime
CIPsecTunnelIdleTime CIPsecLifesize CIPsecEncapMode
CIPsecDiffHellmanGrp CIPsecNumCryptoMaps CIPsecCryptomapType
CIPsecSecuritySuite ciscoMgmt

Defined Types

CipsIPsecXformSetEntry  
SEQUENCE    
  cipsXformSetName SnmpAdminString
  cipsXformSetId Unsigned32
  cipsXformSetSuite CIPsecSecuritySuite
  cipsXformSetEncryptionXform CIPsecTransform
  cipsXformSetIntegrityXformEsp CIPsecTransform
  cipsXformSetIntegrityXformAh CIPsecTransform
  cipsXformSetCompressionXform CIPsecTransform
  cipsXformSetMode CIPsecEncapMode
  cipsXformSetStatus RowStatus

CipsStaticCryptomapSetEntry  
SEQUENCE    
  cipsStaticCryptomapSetSize Unsigned32
  cipsStaticCryptomapSetNumIsakmp Unsigned32
  cipsStaticCryptomapSetNumManual Unsigned32
  cipsStaticCryptomapSetNumDynamic Unsigned32
  cipsStaticCryptomapSetNumTED Unsigned32
  cipsStaticCryptomapSetNumSAs Unsigned32

CipsStaticCryptomapEntry  
SEQUENCE    
  cipsStaticCryptomapSetName SnmpAdminString
  cipsStaticCryptomapPriority Unsigned32
  cipsStaticCryptomapType CIPsecCryptomapType
  cipsStaticCryptomapDescr SnmpAdminString
  cipsStaticCryptomapIpFilter STRING
  cipsStaticCryptomapXformSetList STRING
  cipsStaticCryptomapNumPeers Unsigned32
  cipsStaticCryotomapNextPIndex Unsigned32
  cipsStaticCryptomapCurPAddrType InetAddressType
  cipsStaticCryptomapCurPAddr InetAddress
  cipsStaticCryptomapPfs CIPsecDiffHellmanGrp
  cipsStaticCryptomapLifetime CIPsecLifetime
  cipsStaticCryptomapLifesize CIPsecLifesize
  cipsStaticCryptomapLevelHost TruthValue
  cipsStaticCryptomapIdleTimeout CIPsecTunnelIdleTime
  cipsStaticCryptomapAutoPeer TruthValue
  cipsStaticCryptomapStatus RowStatus

CipsIPsecCryMapPeerEntry  
SEQUENCE    
  cipsCryMapPeerIndex Unsigned32
  cipsCryMapPeerAddrType InetAddressType
  cipsCryMapPeerAddr InetAddress
  cipsCryMapPeerOrder Unsigned32
  cipsCryMapPeerStatus RowStatus

CipsCryptomapSetIfEntry  
SEQUENCE    
  cipsCryptomapSetIfStatus RowStatus

CipsIfCryptomapSetInfoEntry  
SEQUENCE    
  cipsIfStaticCryptomapSetName SnmpAdminString

Defined Values

ciscoIPsecProvisioningMIB 1.3.6.1.4.1.9.9.431
IPSec is the next-generation network layer crypto framework described in RFC2401-2411. This MIB defines the IPsec configurations. It may be used to view and provision IPsec-based VPNs. To create an IPsec tunnel, you need first configure Internet Key Exchange (IKE). IKE negotiates Security Associations with the peer for IPsec. To find out how to configure IKE, please see CISCO-IKE-CONFIGURATION-MIB for detail. Once you setup IKE, you will have to configure IPsec. To configure IPsec, you need perform following steps. 1. Create an IPsec transform set. A transform set describes a security protocol (AH or ESP) with its corresponding algorithms. For example, ESP with the DES cipher algorithm and HMAC-SHA for authentication. 2. Create a cryptomap and its peers. This will a) select data flows that need security processing and b) defines the policy for these flows and the crypto peer that traffic needs to go to. 3. Apply cryptomap to an interface A crypto map is applied to an egress interface. Outgoing data flows are protected by this cryptomap. Acronyms The following acronyms are used in this document: Static Cryptomap Template: A static cryptomap template (or static cryptomap) is a security template created for IPsec. A static cryptomap pulls together various parts to set up an IPsec security association which includes: - which traffic should be protected by IPsec - where IPsec protected traffic should be sent - the local address used for the the IPsec traffic - which transform sets should be applied to this traffic Dynamic Cryptomap Template: A dynamic cryptomap template (or a dynamic cryptomap) is essentially a crypto map entry without all the parameters configured. It acts as a policy template where the missing parameters are later dynamically configured (as the result of an IPsec negotiation) to match a peer's requirements. Cryptomap Set: A cryptomap set may contain multiple cryptomap templates which specify an IPsec policy. TED: Tunnel Endpoint Discovery protocol MIB Structure ------------- This MIB provides the operational information on Cisco's IPsec implementation of IPsec. This MIB delineates ISAKMP and IPsec configuration. This MIB deals only with IPsec (Phase-2) configuration. The following entities are managed: a) IPsec Global Parameters b) IPsec transform set definitions c) Cryptomap Group - Cryptomap Set Table - Cryptomap Table - CryptomapSet Transform Binding Table - CryptomapSet Peer Binding Table - CryptomapSet Interface Binding Table d) Notification Control Group e) Notifications Group
MODULE-IDENTITY    

ciscoIPsecProvisioningMIBNotifs 1.3.6.1.4.1.9.9.431.0
OBJECT IDENTIFIER    

ciscoIPsecProvisioningMIBObjects 1.3.6.1.4.1.9.9.431.1
OBJECT IDENTIFIER    

ciscoIPsecProvisioningMIBConform 1.3.6.1.4.1.9.9.431.2
OBJECT IDENTIFIER    

cipsIPsecGlobals 1.3.6.1.4.1.9.9.431.1.1
OBJECT IDENTIFIER    

cipsIPsecTransforms 1.3.6.1.4.1.9.9.431.1.2
OBJECT IDENTIFIER    

cipsCryptoMapGeneral 1.3.6.1.4.1.9.9.431.1.3
OBJECT IDENTIFIER    

cipsCryptoMaps 1.3.6.1.4.1.9.9.431.1.4
OBJECT IDENTIFIER    

cipsNotificationCntl 1.3.6.1.4.1.9.9.431.1.5
OBJECT IDENTIFIER    

cipsTunnelLifetime 1.3.6.1.4.1.9.9.431.1.1.1
The default lifetime (in seconds) assigned to an IPsec tunnel as a global policy (maybe overridden in specific cryptomap definitions).
OBJECT-TYPE    
  CIPsecLifetime  

cipsTunnelLifesize 1.3.6.1.4.1.9.9.431.1.1.2
The default lifesize in KBytes assigned to an IPsec tunnel as a global policy (unless overridden in cryptomap definition).
OBJECT-TYPE    
  CIPsecLifesize  

cipsTunnelIdleTimeout 1.3.6.1.4.1.9.9.431.1.1.3
The number of seconds of idle time (no activity) after which an IPsec tunnel (and its parent ISAKMP SA) is to be deleted. An IPsec tunnel never times out if a value 0 is specified.
OBJECT-TYPE    
  CIPsecTunnelIdleTime  

cipsIPsecXformSetTable 1.3.6.1.4.1.9.9.431.1.2.1
This table contains the list of all the transform sets configured on the managed entity. A transform set is usually configured by a management console before a cryptomap is created. Multiple transform sets could be assigned to a cryptomap configuration.
OBJECT-TYPE    
  SEQUENCE OF  
    CipsIPsecXformSetEntry

cipsIPsecXformSetEntry 1.3.6.1.4.1.9.9.431.1.2.1.1
Each entry represents a single configured IPsec transform set.
OBJECT-TYPE    
  CipsIPsecXformSetEntry  

cipsXformSetName 1.3.6.1.4.1.9.9.431.1.2.1.1.1
This object contains the name of the transform set corresponding to this conceptual row.
OBJECT-TYPE    
  SnmpAdminString Size(1..80)  

cipsXformSetId 1.3.6.1.4.1.9.9.431.1.2.1.1.2
This is the sequence number of the transform set that uniquely identifies the transform set. Distinct transform sets must have distinct sequence numbers.
OBJECT-TYPE    
  Unsigned32 1..2147483647  

cipsXformSetSuite 1.3.6.1.4.1.9.9.431.1.2.1.1.3
This object represents the suite of Phase-2 security protocols of this transform set.
OBJECT-TYPE    
  CIPsecSecuritySuite  

cipsXformSetEncryptionXform 1.3.6.1.4.1.9.9.431.1.2.1.1.4
This object represents the transform used for ESP encryption. The only values this object may assume are 'xformNONE', 'xformEspNULL', 'xformEspDES', 'xformEsp3DES', 'xformEspAES128', 'xformEspAES192', 'xformEspAES256', 'xformEspAESCtr128', 'xformEspAESCtr192', 'xformEspAESCtr256' and 'xformEspAESXCbcMac'. If the value of the corresponding instance of cipsXformSetSuite is 'suiteIntegAh', 'suiteIntegAhComp' or 'suiteOther', this object must be set to 'xformNONE'. For any other value of the corresponding instance of cipsXformSetSuite, this object must not be set to 'xformNONE'.
OBJECT-TYPE    
  CIPsecTransform  

cipsXformSetIntegrityXformEsp 1.3.6.1.4.1.9.9.431.1.2.1.1.5
This object represents the transform used to implement integrity check with ESP protocol. If the value of the corresponding instance of cipsXformSetSuite is 'suiteIntegAh', 'suiteIntegAhComp' or 'suiteOther', this object must be set to 'xformNONE'. For any other value of the corresponding instance of cipsXformSetSuite, this object must not be set to 'xformNONE'.
OBJECT-TYPE    
  CIPsecTransform  

cipsXformSetIntegrityXformAh 1.3.6.1.4.1.9.9.431.1.2.1.1.6
This object represents the transform used to implement integrity check with AH protocol. If the value of the corresponding instance of cipsXformSetSuite is neither 'suiteIntegAh' nor 'suiteIntegAhComp', this object must be set to 'xformNONE'. For any other value of the corresponding instance of cipsXformSetSuite, this object must not be set to 'xformNONE'.
OBJECT-TYPE    
  CIPsecTransform  

cipsXformSetCompressionXform 1.3.6.1.4.1.9.9.431.1.2.1.1.7
This object represents the transform used to implement packet compression. If the value of the corresponding instance of cipsXformSetSuite is 'suiteConf', 'suiteIntegEsp', 'suiteIntegAh', 'suiteConfAh', 'suiteIntegEspAhS', 'suiteConfIntegEsp', 'suiteConfIntegEspAh' or 'suiteOther', this object must be set to 'xformNONE'. For any other value of the corresponding instance of cipsXformSetSuite, this object must not be set to 'xformNONE'.
OBJECT-TYPE    
  CIPsecTransform  

cipsXformSetMode 1.3.6.1.4.1.9.9.431.1.2.1.1.8
This object represents the encapsulation mode of the transform set.
OBJECT-TYPE    
  CIPsecEncapMode  

cipsXformSetStatus 1.3.6.1.4.1.9.9.431.1.2.1.1.9
This object represents the status of the transform set entry.
OBJECT-TYPE    
  RowStatus  

cipsNumStaticCryptomapSets 1.3.6.1.4.1.9.9.431.1.3.1
This object reflects the number of static cryptomap sets that are fully configured. Statically defined cryptomap sets are ones where the operator has fully specified all the parameters required to set up IPsec connections.
OBJECT-TYPE    
  CIPsecNumCryptoMaps  

cipsNumDynamicCryptomapSets 1.3.6.1.4.1.9.9.431.1.3.2
This object reflects the number of dynamic IPsec policy templates (called dynamic cryptomap templates) that are fully configured.
OBJECT-TYPE    
  CIPsecNumCryptoMaps  

cipsNumTEDCryptomapSets 1.3.6.1.4.1.9.9.431.1.3.3
This object reflects the number of static cryptomap sets that have at least one dynamic cryptomap template which has the Tunnel Endpoint Discovery (TED) enabled.
OBJECT-TYPE    
  CIPsecNumCryptoMaps  

cipsStaticCryptomapSetTable 1.3.6.1.4.1.9.9.431.1.4.1
This read-only table contains the list of all cryptomap sets that are fully configured. The operator may include different types of cryptomaps in such a set - manual, ISAKMP or dynamic. An entry is added to (removed from) this table automatically by the agent when the first (last) 'active' entry with the corresponding cipsStaticCryptomapSetName is added to (removed from) cipsStaticCryptomapTable.
OBJECT-TYPE    
  SEQUENCE OF  
    CipsStaticCryptomapSetEntry

cipsStaticCryptomapSetEntry 1.3.6.1.4.1.9.9.431.1.4.1.1
Each entry contains the attributes associated with a single static cryptomap set.
OBJECT-TYPE    
  CipsStaticCryptomapSetEntry  

cipsStaticCryptomapSetSize 1.3.6.1.4.1.9.9.431.1.4.1.1.1
This object reflects the total number of cryptomap templates contained in this cryptomap set.
OBJECT-TYPE    
  Unsigned32  

cipsStaticCryptomapSetNumIsakmp 1.3.6.1.4.1.9.9.431.1.4.1.1.2
This object reflects the number of cryptomaps associated with this cryptomap set that use ISAKMP protocol to do key exchange.
OBJECT-TYPE    
  Unsigned32  

cipsStaticCryptomapSetNumManual 1.3.6.1.4.1.9.9.431.1.4.1.1.3
This object reflects the number of cryptomaps associated with this cryptomap set that require the operator to manually setup the keys and SPIs.
OBJECT-TYPE    
  Unsigned32  

cipsStaticCryptomapSetNumDynamic 1.3.6.1.4.1.9.9.431.1.4.1.1.4
This object reflects the number of dynamic cryptomap templates linked to this cryptomap set.
OBJECT-TYPE    
  Unsigned32  

cipsStaticCryptomapSetNumTED 1.3.6.1.4.1.9.9.431.1.4.1.1.5
This object reflects the number of dynamic cryptomap templates linked to this cryptomap set that have Tunnel Endpoint Discovery (TED) enabled.
OBJECT-TYPE    
  Unsigned32  

cipsStaticCryptomapSetNumSAs 1.3.6.1.4.1.9.9.431.1.4.1.1.6
This object reflects the number of IPsec Security Associations that are active and were setup using this cryptomap set.
OBJECT-TYPE    
  Unsigned32  

cipsStaticCryptomapTable 1.3.6.1.4.1.9.9.431.1.4.3
The table listing the member cryptomaps of the cryptomap sets that are configured on the managed entity. This table does not include the members of dynamic cryptomap sets that may be linked with the parent static cryptomap set. Deletion of a cipsStaticCryptomapEntry will fail if the cipsStaticCryptomapSetName this cipsStaticCryptomapEntry belongs to is referred by a cipsCryptomapSetIfEntry.
OBJECT-TYPE    
  SEQUENCE OF  
    CipsStaticCryptomapEntry

cipsStaticCryptomapEntry 1.3.6.1.4.1.9.9.431.1.4.3.1
Each entry contains the attributes associated with a single static (fully specified) cryptomap entry, identified by its priority.
OBJECT-TYPE    
  CipsStaticCryptomapEntry  

cipsStaticCryptomapSetName 1.3.6.1.4.1.9.9.431.1.4.3.1.1
The index of the static cryptomap table. The value of the string is the name string assigned by the NMS when defining a cryptomap set.
OBJECT-TYPE    
  SnmpAdminString Size(1..80)  

cipsStaticCryptomapPriority 1.3.6.1.4.1.9.9.431.1.4.3.1.2
The priority of the cryptomap entry in the cryptomap set. A cryptomap entry with smaller cipsStaticCryptomapPriority value takes precedence over the ones with larger values.
OBJECT-TYPE    
  Unsigned32 1..65535  

cipsStaticCryptomapType 1.3.6.1.4.1.9.9.431.1.4.3.1.3
The type of the cryptomap entry. This can be an ISAKMP cryptomap or manual. Dynamic cryptomaps are not counted in this table.
OBJECT-TYPE    
  CIPsecCryptomapType  

cipsStaticCryptomapDescr 1.3.6.1.4.1.9.9.431.1.4.3.1.4
The description string created by the SNMP agent while creating this cryptomap. The string generally identifies a description and the purpose of this policy.
OBJECT-TYPE    
  SnmpAdminString Size(1..127)  

cipsStaticCryptomapIpFilter 1.3.6.1.4.1.9.9.431.1.4.3.1.5
This object specifies an IP protocol filter, cippfIpProfileName (defined in CISCO-IP-PROTOCOL-FILTER-MIB), to be secured using this cryptomap entry. When this object has a value of zero-length string, this object is not valid/applicable.
OBJECT-TYPE    
  STRING Size(0..64)  

cipsStaticCryptomapXformSetList 1.3.6.1.4.1.9.9.431.1.4.3.1.6
The list of cipsXformSetId that are members of this CipsStaticCryptomapEntry. The value of this object is a concatenation of zero or more 4-octet strings, where each 4-octet string contains a 32-bit cipsXformSetId value in network byte order. A zero length string value means this list has no members.
OBJECT-TYPE    
  STRING Size(0..255)  

cipsStaticCryptomapNumPeers 1.3.6.1.4.1.9.9.431.1.4.3.1.7
This object reflects the number of peers associated with this cryptomap entry. The other peers listed in table cipsIPsecCryMapPeerTable are backup peers.
OBJECT-TYPE    
  Unsigned32 0..50  

cipsStaticCryotomapNextPIndex 1.3.6.1.4.1.9.9.431.1.4.3.1.8
This object specifies the next available index for object cipsCryMapPeerIndex which can be used for creating an entry in cipsIPsecCryMapPeerTable.
OBJECT-TYPE    
  Unsigned32 1..50  

cipsStaticCryptomapCurPAddrType 1.3.6.1.4.1.9.9.431.1.4.3.1.9
This object represents the address type of cipsStaticCryptomapCurPAddr to which this cryptomap entry is currently connected.
OBJECT-TYPE    
  InetAddressType  

cipsStaticCryptomapCurPAddr 1.3.6.1.4.1.9.9.431.1.4.3.1.10
The IP address of the peer to which this cryptomap entry is currently connected. The value of cipsStaticCryptomapCurPAddrType is 'unknown' and this MIB object is a zero-length string when no tunnels are presently spawned by this cryptomap entry or when cipsStaticCryptomapAutoPeer is equal to 'true'.
OBJECT-TYPE    
  InetAddress  

cipsStaticCryptomapPfs 1.3.6.1.4.1.9.9.431.1.4.3.1.11
This object identifies if the tunnels instantiated due to this policy item should use Perfect Forward Secrecy (PFS) and if so, what group of Oakley they should use.
OBJECT-TYPE    
  CIPsecDiffHellmanGrp  

cipsStaticCryptomapLifetime 1.3.6.1.4.1.9.9.431.1.4.3.1.12
This object specifies the lifetime of the IPsec Security Associations (SA) created using this IPsec policy entry. The default value of this object is the current value of the object cipsTunnelLifetime. When a value 0 is specified in cipsStaticCryptomapLifetime, the default value is used as the lifetime.
OBJECT-TYPE    
  CIPsecLifetime  

cipsStaticCryptomapLifesize 1.3.6.1.4.1.9.9.431.1.4.3.1.13
This object identifies the lifesize (maximum traffic in bytes that may be carried) of the IPSec SAs created using this IPSec policy entry. When a Security Association (SA) is created using this IPsec policy entry, its lifesize takes the value of this object. The default value of this object is the current value of the object cipsTunnelLifesize. When a value 0 is specified in cipsStaticCryptomapLifesize, the default value is used as the lifesize.
OBJECT-TYPE    
  CIPsecLifesize  

cipsStaticCryptomapLevelHost 1.3.6.1.4.1.9.9.431.1.4.3.1.14
This object specifies the granularity of the IPSec SAs created using this IPSec policy entry. If this value is 'true', distinct SA bundles are created for distinct hosts at the end of the application traffic.
OBJECT-TYPE    
  TruthValue  

cipsStaticCryptomapIdleTimeout 1.3.6.1.4.1.9.9.431.1.4.3.1.15
This object specifies the idle time (lack of traffic) in seconds of a tunnel spawned by this cryptomap after which the tunnel will be torn down. The default value of this object is the current value of cipsTunnelIdleTimeout.
OBJECT-TYPE    
  CIPsecTunnelIdleTime  

cipsStaticCryptomapAutoPeer 1.3.6.1.4.1.9.9.431.1.4.3.1.16
If 'true' the destination address is taken as the peer address, while creating the tunnel. If 'false' the value shown by the object cipsStaticCryptomapCurPAddr is being used as the peer address.
OBJECT-TYPE    
  TruthValue  

cipsStaticCryptomapStatus 1.3.6.1.4.1.9.9.431.1.4.3.1.17
This object identifies the status of the cryptomap entry represented by this conceptual row.
OBJECT-TYPE    
  RowStatus  

cipsIPsecCryMapPeerTable 1.3.6.1.4.1.9.9.431.1.4.4
The table containing the binding of peers to cryptomap entries. An entry is removed from this table automatically by the agent when the last 'active' entry with the corresponding cipsStaticCryptomapSetName is removed from cipsStaticCryptomapTable.
OBJECT-TYPE    
  SEQUENCE OF  
    CipsIPsecCryMapPeerEntry

cipsIPsecCryMapPeerEntry 1.3.6.1.4.1.9.9.431.1.4.4.1
Each entry represents the binding of an IPsec peer address to the specified cryptomap.
OBJECT-TYPE    
  CipsIPsecCryMapPeerEntry  

cipsCryMapPeerIndex 1.3.6.1.4.1.9.9.431.1.4.4.1.1
This arbitrary number represents the index number in the cryptomap entry of the peer corresponding to this conceptual row. This object could have the same value as cipsStaticCryotomapNextPIndex.
OBJECT-TYPE    
  Unsigned32  

cipsCryMapPeerAddrType 1.3.6.1.4.1.9.9.431.1.4.4.1.2
This object represents the address type of cipsCryMapPeerAddr. This object cannot be modified while the corresponding value of cipsCryMapPeerStatus is equal to 'active'.
OBJECT-TYPE    
  InetAddressType  

cipsCryMapPeerAddr 1.3.6.1.4.1.9.9.431.1.4.4.1.3
This object represents the address of the peer corresponding to this conceptual row. This object cannot be modified while the corresponding value of cipsCryMapPeerStatus is equal to 'active'.
OBJECT-TYPE    
  InetAddress  

cipsCryMapPeerOrder 1.3.6.1.4.1.9.9.431.1.4.4.1.4
This object represents the order in the cryptomap entry of the peer corresponding to this conceptual row. The peer with the lowest order number is applied first, that is cipsCryMapPeerOrder '1'.
OBJECT-TYPE    
  Unsigned32 1..50  

cipsCryMapPeerStatus 1.3.6.1.4.1.9.9.431.1.4.4.1.5
This object specifies the status column used for creating and deleting instances of the columnar objects in the table.
OBJECT-TYPE    
  RowStatus  

cipsCryptomapSetIfTable 1.3.6.1.4.1.9.9.431.1.4.5
The table lists the binding of cryptomap sets to the interfaces of the managed entity. One interface can be bound to only one cryptomap set while one cryptomap set can be bound to multiple interfaces. Any interface (with any ifType) which supports IPsec can be used in this table.
OBJECT-TYPE    
  SEQUENCE OF  
    CipsCryptomapSetIfEntry

cipsCryptomapSetIfEntry 1.3.6.1.4.1.9.9.431.1.4.5.1
Each entry lists the association between an interface and a cryptomap set (static) that is defined on the managed entity.
OBJECT-TYPE    
  CipsCryptomapSetIfEntry  

cipsCryptomapSetIfStatus 1.3.6.1.4.1.9.9.431.1.4.5.1.1
This object identifies the status of the binding of the specified cryptomap set with the specified interface. Detaching a cryptomap from an interface: ---------------------------------------- When set to 'destroy', if a cryptomap set is attached to the interface corresponding to ifIndex, the cryptomap set is detached from the interface. Attaching a cryptomap to an interface: ---------------------------------------- If the value 'createAndGo' is set: a row in this table can be created only if it identifies a cryptomap which is represented by an entry in cipsStaticCryptomapSetTable.
OBJECT-TYPE    
  RowStatus  

cipsIfCryptomapSetInfoTable 1.3.6.1.4.1.9.9.431.1.4.6
The table lists the binding information of a interface to a cryptomap sets on the managed entity. One interface can be bound to only one cryptomap set while one cryptomap set can be bound to multiple interfaces. An entry is added to cipsIfCryptomapSetInfoTable when a static cryptomap set is successfully assigned to an interface (of any ifType) in cipsCryptomapSetIfTable. An entry is deleted from cipsIfCryptomapSetInfoTable when its assignment is removed from cipsIfCryptomapSetInfoTable.
OBJECT-TYPE    
  SEQUENCE OF  
    CipsIfCryptomapSetInfoEntry

cipsIfCryptomapSetInfoEntry 1.3.6.1.4.1.9.9.431.1.4.6.1
Each entry lists the binding between an interface and a cryptomap set (static) that is defined on the managed entity.
OBJECT-TYPE    
  CipsIfCryptomapSetInfoEntry  

cipsIfStaticCryptomapSetName 1.3.6.1.4.1.9.9.431.1.4.6.1.1
The name of a static cryptomap set which is bound to this interface. The value of the string is one of the entries in cipsStaticCryptomapSetTable indexed by cipsStaticCryptomapSetName.
OBJECT-TYPE    
  SnmpAdminString Size(1..80)  

cipsCntlAllNotifs 1.3.6.1.4.1.9.9.431.1.5.1
This object must be set to 'true' to enable any notification in addition to the notification-specific control variables defined below. A notification defined in this module is enabled if and only if the expression (cipsCntlAllNotifs && cipsCntl) evaluates to 'true'.
OBJECT-TYPE    
  TruthValue  

cipsCntlCryptomapAdded 1.3.6.1.4.1.9.9.431.1.5.2
This variable controls the generation of ciscoIPsecProvCryptomapAdded notification. When this variable is set to 'true', a notification is generated when a static cryptomap is created in cipsStaticCryptomapTable. When this variable is set to 'false', generation of this notification is disabled.
OBJECT-TYPE    
  TruthValue  

cipsCntlCryptomapDeleted 1.3.6.1.4.1.9.9.431.1.5.3
This variable controls the generation of ciscoIPsecProvCryptomapDeleted notification. When this variable is set to 'true', a notification is generated when a static cryptomap is deleted from cipsStaticCryptomapTable. When this variable is set to 'false', generation of this notification is disabled.
OBJECT-TYPE    
  TruthValue  

cipsCntlCryptomapSetAttached 1.3.6.1.4.1.9.9.431.1.5.4
This variable controls the generation of ciscoIPsecProvCryptomapAttached notification. When this variable is set to 'true', a notification is generated when a cryptomap set is attached to an active interface. When this variable is set to 'false', generation of this notification is disabled.
OBJECT-TYPE    
  TruthValue  

cipsCntlCryptomapSetDetached 1.3.6.1.4.1.9.9.431.1.5.5
This variable controls the generation of ciscoIPsecProvCryptomapDetached notification. When this variable is set to 'true', a notification is generated when a cryptomap set is detached from an active interface. When this variable is set to 'false', generation of this notification is disabled.
OBJECT-TYPE    
  TruthValue  

ciscoIPsecProvCryptomapAdded 1.3.6.1.4.1.9.9.431.0.1
This notification is generated when a new cryptomap is added to the specified cryptomap set. Object 'cipsStaticCryptomapSetSize' contains the number of cryptomap entries after the addition.
NOTIFICATION-TYPE    

ciscoIPsecProvCryptomapDeleted 1.3.6.1.4.1.9.9.431.0.2
This notification is generated when a cryptomap is removed from the specified cryptomap set. Object 'cipsStaticCryptomapSetSize' contains the number of cryptomap entries after the deletion.
NOTIFICATION-TYPE    

ciscoIPsecProvCryptomapAttached 1.3.6.1.4.1.9.9.431.0.3
A cryptomap set must be attached to an interface of the device in order for it to be operational. This trap is generated when the cryptomap set attached to an active interface of the managed entity. The contents of the notification includes: Size of the attached cryptomap set, Number of ISAKMP cryptomaps in the set and Number of Dynamic cryptomaps in the set.
NOTIFICATION-TYPE    

ciscoIPsecProvCryptomapDetached 1.3.6.1.4.1.9.9.431.0.4
This trap is generated when a cryptomap set is detached from an interafce to which it was bound earlier. The context of the event identifies the size of the cryptomap set.
NOTIFICATION-TYPE    

ciscoIPsecProvMIBCompliances 1.3.6.1.4.1.9.9.431.2.1
OBJECT IDENTIFIER    

ciscoIPsecProvMIBGroups 1.3.6.1.4.1.9.9.431.2.2
OBJECT IDENTIFIER    

ciscoIPsecProvMIBCompliance 1.3.6.1.4.1.9.9.431.2.1.1
Only three values 'createAndGo', 'destroy' and 'active' out of the six enumerated values need to be supported. Write access is not required.
MODULE-COMPLIANCE    
  cipsXformSetStatus INTEGER active(1), createAndGo(4), destroy(6)
  cipsStaticCryptomapStatus INTEGER active(1), createAndGo(4), destroy(6)
  cipsCryMapPeerStatus INTEGER active(1), createAndGo(4), destroy(6)
  cipsCryptomapSetIfStatus INTEGER active(1), createAndGo(4), destroy(6)

ciscoIPsecProvMIBComplianceRev1 1.3.6.1.4.1.9.9.431.2.1.2
Only three values 'createAndGo', 'destroy' and 'active' out of the six enumerated values need to be supported. Write access is not required.
MODULE-COMPLIANCE    
  cipsXformSetStatus INTEGER active(1), createAndGo(4), destroy(6)
  cipsStaticCryptomapStatus INTEGER active(1), createAndGo(4), destroy(6)
  cipsCryMapPeerStatus INTEGER active(1), createAndGo(4), destroy(6)
  cipsCryptomapSetIfStatus INTEGER active(1), createAndGo(4), destroy(6)

ciscoIPsecProvGlobalsGroup 1.3.6.1.4.1.9.9.431.2.2.1
A collection of objects providing Global IPSec policy monitoring capability to a IPsec capable VPN router.
OBJECT-GROUP    

ciscoIPsecProvXformsGroup 1.3.6.1.4.1.9.9.431.2.2.2
A collection of objects modeling IPsec transform sets and transform set mappings.
OBJECT-GROUP    

ciscoIPsecProvStCryptomapGroup 1.3.6.1.4.1.9.9.431.2.2.3
A collection of objects modeling static crypto configuration of the Static (fully specified) Cryptomap Sets on the managed entity.
OBJECT-GROUP    

ciscoIPsecProvDynCryptomapGroup 1.3.6.1.4.1.9.9.431.2.2.4
A collection of objects modeling the configuration of IPsec dynamic cryptomap elements.
OBJECT-GROUP    

ciscoIPsecProvTedCryptomapGroup 1.3.6.1.4.1.9.9.431.2.2.5
A collection of objects instrumenting the properties of the Cryptomaps using tunnel endpoint discovery protocol.
OBJECT-GROUP    

ciscoIPsecCryptomapPeerGroup 1.3.6.1.4.1.9.9.431.2.2.6
A collection of objects displaying the binding of an IPsec peer address to the specified cryptomap.
OBJECT-GROUP    

ciscoIPsecProvNotifCntlGroup 1.3.6.1.4.1.9.9.431.2.2.7
A collection of objects providing IPsec Notification capability to a IPsec-capable router. It is mandatory to implement this set of objects pertaining to IOS notifications about IPSec activity.
OBJECT-GROUP    

ciscoIPsecProvNotifGroup 1.3.6.1.4.1.9.9.431.2.2.8
A collection of notification objects signaling changes to the IPsec configuration on the managed entity.
NOTIFICATION-GROUP    

ciscoIPsecProvInfoGroup 1.3.6.1.4.1.9.9.431.2.2.9
A collection of objects providing current IPsec configuration information on the managedentity.
OBJECT-GROUP