CISCO-IPSEC-POLICY-MAP-MIB
File:
CISCO-IPSEC-POLICY-MAP-MIB.mib (12720 bytes)
Imported modules
Imported symbols
Defined Types
IkePolMapEntry |
|
SEQUENCE |
|
|
|
|
ikePolMapTunIndex |
Integer32 |
|
|
ikePolMapPolicyNum |
Integer32 |
|
IpSecPolMapEntry |
|
SEQUENCE |
|
|
|
|
ipSecPolMapTunIndex |
Integer32 |
|
|
ipSecPolMapCryptoMapName |
DisplayString |
|
|
ipSecPolMapCryptoMapNum |
Integer32 |
|
|
ipSecPolMapAclString |
DisplayString |
|
|
ipSecPolMapAceString |
DisplayString |
|
Defined Values
ciscoIpSecPolMapMIB |
1.3.6.1.4.1.9.9.172 |
The MIB module maps the IPSec
entities created dynamically to the policy entities
that caused them. This is an appendix to the
IPSEC-MONITOR-MIB that has been proposed to
IETF for monitoring IPSec based Virtual Private
Networks.
Overview of Cisco IPsec Policy Map MIB
MIB description
There are two components to this MIB:
#1 a table that maps an IPSec Phase-1
tunnel to the Internet Security Association
and Key Exchange (ISAKMP) Policy
and
#2 a table that maps an IPSec Phase-2
tunnel to the corresponding IPSec Policy
element - called 'cryptomaps' - in IOS
(Internet Operating System)
The first mappin (also called Internet Key Exchange
or IKE mapping) yields, given the index of
the IKE tunnel in the ikeTunnelTable
(IPSEC-MONITOR-MIB), the ISAKMP policy definition
defined using the CLI on the managed entity.
The IPSec mapping yields, given the index
of the IPSec tunnel in the ipSecTunnelTable
(IPSEC-MONITOR-MIB), the IPSec transform and
the cryptomap definition that gave rise to
this tunnel.
In implementation and usage, this MIB cannot
exist independent of the IPSEC-MONITOR-MIB. |
MODULE-IDENTITY |
|
|
|
ikePolMapTable |
1.3.6.1.4.1.9.9.172.1.1.1 |
The IPSec Phase-1 Internet Key Exchange Tunnel
to Policy Mapping Table. There is one entry in
this table for each active IPSec Phase-1
Tunnel. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IkePolMapEntry |
|
ikePolMapEntry |
1.3.6.1.4.1.9.9.172.1.1.1.1 |
Each entry contains the attributes associated
with mapping an active IPSec Phase-1 IKE Tunnel
to it's configured Policy definition. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IkePolMapEntry |
|
|
ikePolMapTunIndex |
1.3.6.1.4.1.9.9.172.1.1.1.1.1 |
The index of the IPSec Phase-1 Tunnel to Policy
Map Table. The value of the index is the number
used to represent this IPSec Phase-1 Tunnel in
the IPSec MIB (ikeTunIndex in the
ikeTunnelTable). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..2147483647 |
|
ikePolMapPolicyNum |
1.3.6.1.4.1.9.9.172.1.1.1.1.2 |
The number of the locally defined ISAKMP policy
used to establish the IPSec IKE Phase-1 Tunnel.
This is the number which was used on the crypto
command. For example, if the configuration command
was:
==> crypto isakmp policy 15
then the value of this object would be 15.
If ISAKMP was not used to establish this tunnel,
then the value of this object will be zero. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..2147483647 |
|
ipSecPolMapTable |
1.3.6.1.4.1.9.9.172.1.2.1 |
The IPSec Phase-2 Tunnel to Policy Mapping Table.
There is one entry in this table for each active
IPSec Phase-2 Tunnel. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpSecPolMapEntry |
|
ipSecPolMapEntry |
1.3.6.1.4.1.9.9.172.1.2.1.1 |
Each entry contains the attributes associated
with mapping an active IPSec Phase-2 Tunnel
to its configured Policy definition. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpSecPolMapEntry |
|
|
ipSecPolMapTunIndex |
1.3.6.1.4.1.9.9.172.1.2.1.1.1 |
The index of the IPSec Phase-2 Tunnel to Policy
Map Table. The value of the index is the number
used to represent this IPSec Phase-2 Tunnel in
the IPSec MIB (ipSecTunIndex in the
ipSecTunnelTable). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..2147483647 |
|
ipSecPolMapCryptoMapName |
1.3.6.1.4.1.9.9.172.1.2.1.1.2 |
The value of this object should be the name of
the IPSec Policy (cryptomap) as assigned by the
operator while configuring the policy of
the IPSec traffic.
For instance, on an IOS router, the if the command
entered to configure the IPSec policy was
==> crypto map ftpPolicy 10 ipsec-isakmp
then the value of this object would be 'ftpPolicy'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
ipSecPolMapCryptoMapNum |
1.3.6.1.4.1.9.9.172.1.2.1.1.3 |
The value of this object should be the priority
of the IPSec Policy (cryptomap) assigned by the
operator while configuring the policy of
this IPSec tunnel.
For instance, on an IOS router, the if the command
entered to configure the IPSec policy was
==> crypto map ftpPolicy 10 ipsec-isakmp
then the value of this object would be 10. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..2147483647 |
|
ipSecPolMapAclString |
1.3.6.1.4.1.9.9.172.1.2.1.1.4 |
The value of this object is the number or
the name of the access control string (ACL)
that caused this IPSec tunnel to be established.
The ACL that causes an IPSec tunnel
to be established is referenced by the
cryptomap of the tunnel.
The ACL identifies the traffic that requires
protection as defined by the policy.
For instance, the ACL that requires FTP
traffic between local subnet 172.16.14.0 and a
remote subnet 172.16.16.0 to be protected
is defined as
==>access-list 101 permit tcp 172.16.14.0 0.0.0.255
172.16.16.0 0.0.0.255 eq ftp
When this command causes an IPSec tunnel to be
established, the object 'ipSecPolMapAclString'
assumes the string value '101'.
If the ACL is a named list such as
==> ip access-list standard myAcl
permit 172.16.16.8 0.0.0.0
then the value of this MIB element corresponding to
IPSec tunnel that was created by this ACL would
be 'myAcl'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
ipSecPolMapAceString |
1.3.6.1.4.1.9.9.172.1.2.1.1.5 |
The value of this object is the access control
entry (ACE) within the ACL that caused this IPSec
tunnel to be established.
For instance, if an ACL defines access for two
traffic streams (FTP and SNMP) as follows:
access-list 101 permit tcp 172.16.14.0 0.0.0.255
172.16.16.0 0.0.0.255 eq ftp
access-list 101 permit udp 172.16.14.0 0.0.0.255
host 172.16.16.1 eq 161
When associated with an IPSec policy, the second
element of the ACL gives rise to an IPSec tunnel
in the wake of SNMP traffic. The value of the
object 'ipSecPolMapAceString' for the IPSec tunnel
would be then the string
'access-list 101 permit udp 172.16.14.0 0.0.0.255
host 172.16.16.1 eq 161' |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
ipSecPolMapMIBCompliance |
1.3.6.1.4.1.9.9.172.3.2.1 |
The compliance statement for SNMP entities
for IP Security Protocol Tunnels to Policy
definition mappings. |
Status: current |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
ipSecPhaseOnePolMapGroup |
1.3.6.1.4.1.9.9.172.3.1.1 |
This group consists of a:
1) IPSec Phase-1 Policy Map Table |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
ipSecPhaseTwoPolMapGroup |
1.3.6.1.4.1.9.9.172.3.1.2 |
This group consists of a:
1) IPSec Phase-2 Policy Map Table |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|