-- extracted from draft-ietf-ipsec-flowmon-mib-tc-00.txt -- at Thu Apr 3 06:12:42 2003 IPSEC-FLOW-MIB-TC DEFINITIONS ::= BEGIN IMPORTS experimental, MODULE-IDENTITY FROM SNMPv2-SMI -- mib-2 FROM RFC1213-MIB TEXTUAL-CONVENTION FROM SNMPv2-TC; ipsecFlowMibTC MODULE-IDENTITY LAST-UPDATED "200302171158Z" ORGANIZATION "Tivoli Systems and Cisco Systems" CONTACT-INFO "Tivoli Systems Research Triangle Park, NC Cisco Systems 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-ipsecmib@external.cisco.com bret_harrison@tivoli.com" DESCRIPTION "This MIB module defines the textual conventions used in the IPsec Flow Monitoring MIB. This includes Internet DOI numbers defined in RFC 2407, ISAKMP numbers defined in RFC 2408, and IKE numbers defined in RFC 2409. Revision control of this document after publication will be under the authority of the IANA." -- Placeholder anchor ::= { experimental 170 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++ -- Standard Textual Conventions -- +++++++++++++++++++++++++++++++++++++++++++++++++++ ControlProtocol ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The protocol used for keying and control. The value of cp_none indicate manual administration of IPsec tunnels. This enumeration will be expanded as new keying protocols are standardized." SYNTAX INTEGER { reserved(0), cpNone(1), cpIkev1(2), cpIkev2(3), cpKink(4), cpOther(5) } Phase1PeerIdentityType ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The type of IPsec Phase-1 peer identity. The peer may be identified by one of the ID types defined in IPSEC DOI. id_dn represent the binary DER encoding of the identity." SYNTAX INTEGER { reserved(0), idIpv4Addr(1), idFqdn(2), idDn(3), idIpv6Addr(4), idUserFqdn(5), idIpv4AddrSubnet(6), idIpv6AddrSubnet(7), idIpv4AddrRange(8), idIpv6AddrRange(9), idDerAsn1Gn(10), idKeyId(11) } IkeNegoMode ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The IPsec Phase-1 IKE negotiation mode." SYNTAX INTEGER { reserved(0), main(1), aggressive(2) } IkeHashAlgo ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The hash algorithm used in IPsec Phase-1 IKE negotiations." SYNTAX INTEGER { reserved(0), md5(1), sha(2), tiger(3), sha256(4), sha384(5), sha512(6) } IkeAuthMethod ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The authentication method used in IPsec Phase-1 IKE negotiations." SYNTAX INTEGER { reserved(0), preSharedKey(1), dssSignature(2), rsaSignature(3), rsaEncryption(4), revRsaEncryption(5), elGamalEncryption(6), revElGamalEncryption(7), ecsdaSignature(8), gssApiV1(9), gssApiV2(10) } DiffHellmanGrp ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The Diffie Hellman Group used in negotiations. reserved -- reserved groups modp768 -- 768-bit MODP modp1024 -- 1024-bit MODP modp1536 -- 1536-bit MODP group ec2nGP155 -- EC2N group on GP[2^155] ec2nGP185 -- EC2N group on GP[2^185] ec2nGF163 -- EC2N group over GF[2^163] ec2nGF283 -- EC2N group over GF[2^283] ec2nGF409 -- EC2N group over GF[2^409] ec2nGF571 -- EC2N group over GF[2^571] " SYNTAX INTEGER { reserved(0), modp768(1), modp1024(2), ec2nGP155(3), ec2nGP185(4), modp1536(5), -- 1536-bit MODP group ec2nGF163(6), ec2nGF283(8), ec2nGF409(10), ec2nGF571(12) } EncapMode ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The encapsulation mode used by an IPsec Phase-2 Tunnel." SYNTAX INTEGER{ reserved(0), tunnel(1), transport(2) } EncryptAlgo ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The encryption algorithm used in negotiations." SYNTAX INTEGER { reserved(0), espDes(1), esp3des(2), espRc5(3), espIdea(4), espCast(5), espBlowfish(6), esp3idea(7), espRc4(8), espNull(9), espAes(10) } Spi ::= TEXTUAL-CONVENTION DISPLAY-HINT "x" STATUS current DESCRIPTION "The type of the SPI associated with IPsec Phase-2 security associations." SYNTAX INTEGER (256..4294967295) AuthAlgo ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The authentication algorithm used by a security association of an IPsec Phase-2 Tunnel." SYNTAX INTEGER{ reserved(0), hmacMd5(2), hmacSha(3), desMac(4), hmacSha256(5), hmacSha384(6), hmacSha512(7), ripemd(8) } CompAlgo ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The compression algorithm used by a security association of an IPsec Phase-2 Tunnel." SYNTAX INTEGER{ reserved(0), compOui(1), compDeflate(2), compLzs(3), compLzjh(4) } EndPtType ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The type of identity use to specify an IPsec End Point." SYNTAX INTEGER { reserved(0), idIpv4Addr(1), idFqdn(2), idUserFqdn(3), idIpv4AddrSubnet(4), idIpv6Addr(5), idIpv6AddrSubnet(6), idIpv4AddrRange(7), idIpv6AddrRange(8), idDerAsn1Dn(9), idDerAsn1Gn(10), idKeyId(11) } END -- -- Copyright (C) The Internet Society (2001). All Rights Reserved. -- This document and translations of it may be copied and furnished to -- others, and derivative works that comment on or otherwise explain it -- or assist in its implementation may be prepared, copied, published -- and distributed, in whole or in part, without restriction of any -- kind, provided that the above copyright notice and this paragraph -- are included on all such copies and derivative works. However, this -- document itself may not be modified in any way, such as by removing -- the copyright notice or references to the Internet Society or other -- Internet organizations, except as needed for the purpose of -- developing Internet standards in which case the procedures for -- copyrights defined in the Internet Standards process must be -- followed, or as required to translate it into languages other than -- English. -- -- The limited permissions granted above are perpetual and will not be -- revoked by the Internet Society or its successors or assigns. -- -- This document and the information contained herein is provided on an -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES -- OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.