IKE-MON-MIB
File:
IKE-MON-MIB.mib (84139 bytes)
Imported modules
Imported symbols
Defined Types
ModpGroupEntry |
|
SEQUENCE |
|
|
|
|
modpGroupIndex |
Unsigned32 |
|
|
modpFieldSize |
Unsigned32 |
|
|
modpPrime |
OCTET STRING |
|
|
modpGenerator |
OCTET STRING |
|
|
modpLPF |
OCTET STRING |
|
|
modpStrength |
Unsigned32 |
|
EcpGroupEntry |
|
SEQUENCE |
|
|
|
|
ecpGroupIndex |
Unsigned32 |
|
|
ecpFieldSize |
Unsigned32 |
|
|
ecpPrime |
OCTET STRING |
|
|
ecpGeneratorOne |
OCTET STRING |
|
|
ecpGeneratorTwo |
OCTET STRING |
|
|
ecpParameterOne |
OCTET STRING |
|
|
ecpParameterTwo |
OCTET STRING |
|
|
ecpLPF |
OCTET STRING |
|
|
ecpOrder |
OCTET STRING |
|
|
ecpStrength |
Unsigned32 |
|
Ec2nGroupEntry |
|
SEQUENCE |
|
|
|
|
ec2nGroupIndex |
Unsigned32 |
|
|
ec2nDegree |
Unsigned32 |
|
|
ec2nIrrPoly |
OCTET STRING |
|
|
ec2nGeneratorOne |
OCTET STRING |
|
|
ec2nGeneratorTwo |
OCTET STRING |
|
|
ec2nParameterOne |
OCTET STRING |
|
|
ec2nParameterTwo |
OCTET STRING |
|
|
ec2nLPF |
OCTET STRING |
|
|
ec2nOrder |
OCTET STRING |
|
|
ec2nStrength |
Unsigned32 |
|
IkeSaEntry |
|
SEQUENCE |
|
|
|
|
saAuthMethod |
IkeAuthMethod |
|
|
saPeerIdType |
IpsecDoiIdentType |
|
|
saPeerId |
IpsecRawId |
|
|
saPeerCertSerialNum |
OCTET STRING |
|
|
saPeerCertIssuer |
OCTET STRING |
|
|
saLocalIdType |
IpsecDoiIdentType |
|
|
saLocalId |
IpsecRawId |
|
|
saEncAlg |
IkeEncryptionAlgorithm |
|
|
saEncKeyLength |
Unsigned32 |
|
|
saHashAlg |
IkeHashAlgorithm |
|
|
saHashKeyLength |
Unsigned32 |
|
|
saPRF |
IkePrf |
|
|
saOakleyGroupDesc |
IkeGroupDescription |
|
|
saOakleyGroup |
OBJECT IDENTIFIER |
|
|
saLimitSeconds |
Unsigned32 |
|
|
saLimitKbytes |
Unsigned32 |
|
|
saLimitKeyUses |
Unsigned32 |
|
|
saAccKbytes |
Counter32 |
|
|
saKeyUses |
Counter32 |
|
|
saCreatedSuites |
Counter32 |
|
|
saDeletedSuites |
Counter32 |
|
SaByCreatorsEntry |
|
SEQUENCE |
|
|
|
|
saByCreatorsLocalIdType |
IpsecDoiIdentType |
|
|
saByCreatorsLocalId |
IpsecRawId |
|
|
saByCreatorsPeerIdType |
IpsecDoiIdentType |
|
|
saByCreatorsPeerId |
IpsecRawId |
|
|
saByCreatorsIndex |
Unsigned32 |
|
|
saIkeLocalIpAddress |
OBJECT IDENTIFIER |
|
|
saIkeRemoteIpAddress |
OBJECT IDENTIFIER |
|
|
saIkeInitiatorCookie |
OBJECT IDENTIFIER |
|
|
saIkeResponderCookie |
OBJECT IDENTIFIER |
|
ExchangeEntry |
|
SEQUENCE |
|
|
|
|
exchangeType |
IkeExchangeType |
|
|
exchangeTotalCount |
Counter32 |
|
|
exchangeInitiatedCount |
Counter32 |
|
|
exchangeRespondedCount |
Counter32 |
|
SuiteEntry |
|
SEQUENCE |
|
|
|
|
suiteIndex |
Unsigned32 |
|
|
suiteLocalAddress |
IpsecIpv6Address |
|
|
suiteRemoteAddress |
IpsecIpv6Address |
|
|
suitePhase1RemoteIdType |
IpsecDoiIdentType |
|
|
suitePhase1RemoteId |
IpsecRawId |
|
|
suitePhase1LocalIdType |
IpsecDoiIdentType |
|
|
suitePhase1LocalId |
IpsecRawId |
|
|
suiteRemoteId |
IpsecRawId |
|
|
suiteRemoteIdType |
IpsecDoiIdentType |
|
|
suiteLocalId |
IpsecRawId |
|
|
suiteLocalIdType |
IpsecDoiIdentType |
|
|
suiteProtocol |
Integer32 |
|
|
suiteRemotePort |
Integer32 |
|
|
suiteLocalPort |
Integer32 |
|
|
suiteOakleyGroupDesc |
IkeGroupDescription |
|
|
suiteOakleyGroup |
OBJECT IDENTIFIER |
|
|
suiteLifeSeconds |
Counter32 |
|
|
suiteInUserOctets |
Counter64 |
|
|
suiteInPackets |
Counter64 |
|
|
suiteOutUserOctets |
Counter64 |
|
|
suiteOutPackets |
Counter64 |
|
|
suiteSendErrors |
Counter32 |
|
|
suiteReceiveErrors |
Counter32 |
|
SuiteByCreatorsEntry |
|
SEQUENCE |
|
|
|
|
suiteByCreatorsP1LocalIdType |
IpsecDoiIdentType |
|
|
suiteByCreatorsP1LocalId |
IpsecRawId |
|
|
suiteByCreatorsP1RemoteIdType |
IpsecDoiIdentType |
|
|
suiteByCreatorsP1RemoteId |
IpsecRawId |
|
|
suiteByCreatorsIndex |
Unsigned32 |
|
|
suiteByCreatorsRef |
OBJECT IDENTIFIER |
|
SuiteBySelectorsEntry |
|
SEQUENCE |
|
|
|
|
suiteBySelectorsLocalId |
IpsecRawId |
|
|
suiteBySelectorsLocalIdType |
IpsecDoiIdentType |
|
|
suiteBySelectorsRemoteId |
IpsecRawId |
|
|
suiteBySelectorsRemoteIdType |
IpsecDoiIdentType |
|
|
suiteBySelectorsProtocol |
Integer32 |
|
|
suiteBySelectorsLocalPort |
Integer32 |
|
|
suiteBySelectorsRemotePort |
Integer32 |
|
|
suiteBySelectorsIndex |
Unsigned32 |
|
|
suiteBySelectorsRef |
OBJECT IDENTIFIER |
|
IpsecSaInSuiteEntry |
|
SEQUENCE |
|
|
|
|
ipsecSaInSuiteDestAddress |
IpsecIpv6Address |
|
|
ipsecSaInSuiteProtocol |
IpsecDoiSecProtocolId |
|
|
ipsecSaInSuiteSpi |
Unsigned32 |
|
|
ipsecSaInSuiteRef |
OBJECT IDENTIFIER |
|
NotifyCountEntry |
|
SEQUENCE |
|
|
|
|
notifyProtocol |
IpsecDoiSecProtocolId |
|
|
notifyType |
IkeNotifyMessageType |
|
|
notifySentCount |
Counter32 |
|
|
notifyReceivedCount |
Counter32 |
|
Defined Values
ikeMonModule |
1.3.6.1.4.1.3551.4.1.16 |
The MIB module to describe IKE phase 1 SAs, security
association suites, and entity level objects and events for
those types. |
MODULE-IDENTITY |
|
|
|
ikeMonMIBObjects |
1.3.6.1.4.1.3551.4.1.16.1 |
This is the base object identifier for all IKE monitoring
MIB branches. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
ikePhase1Objects |
1.3.6.1.4.1.3551.4.1.16.1.1 |
This is the base object identifier for IKE phase 1
objects. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
phase2Objects |
1.3.6.1.4.1.3551.4.1.16.1.2 |
This is the base object identifier for IKE phase 2 objects,
including the suite and phase 2 SA tables. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
oakleyObjects |
1.3.6.1.4.1.3551.4.1.16.1.3 |
This is the base object identifier for Oakley groups. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
ikeGroups |
1.3.6.1.4.1.3551.4.1.16.1.4 |
This is the base object identifier for all objects which
describe the groups in this MIB. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
ikeTables |
1.3.6.1.4.1.3551.4.1.16.1.1.1 |
This is the base object identifier for the IKE phase 1
security associations table. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
ikeGlobals |
1.3.6.1.4.1.3551.4.1.16.1.1.2 |
This is the base object identifier for all objects which
are global values for IKE. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
ikeTrafStats |
1.3.6.1.4.1.3551.4.1.16.1.1.3 |
This is the base object identifier for all objects which
are global values for IKE. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
ikeErrors |
1.3.6.1.4.1.3551.4.1.16.1.1.4 |
This is the base object identifier for all objects which
are global values for IKE. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
ikeTrapControl |
1.3.6.1.4.1.3551.4.1.16.1.1.5 |
This is the base object identifier for all trap controls
for the IKE phase 1 SA portion of this MIB. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
ikeTraps |
1.3.6.1.4.1.3551.4.1.16.1.1.6 |
This is the base object identifier for all traps for the
IKE phase 1 SA portion of this MIB. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
ikeNotifications |
1.3.6.1.4.1.3551.4.1.16.1.1.7 |
This is the base object identifier for all notification
objects of this MIB. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
suiteTables |
1.3.6.1.4.1.3551.4.1.16.1.2.1 |
This is the base object identifier for the suite table. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
suiteGlobals |
1.3.6.1.4.1.3551.4.1.16.1.2.2 |
This is the base object identifier for all objects which
are global values for suites. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
suiteTrafStats |
1.3.6.1.4.1.3551.4.1.16.1.2.3 |
This is the base object identifier for all objects which
are global counters for suite traffic statistics. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
suiteErrors |
1.3.6.1.4.1.3551.4.1.16.1.2.4 |
This is the base object identifier for all objects which
are global error counters for suites. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
suiteTrapControl |
1.3.6.1.4.1.3551.4.1.16.1.2.5 |
This is the base object identifier for all trap controls
for the suite portion of this MIB. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
suiteTraps |
1.3.6.1.4.1.3551.4.1.16.1.2.6 |
This is the base object identifier for all traps for the
suite portion of this MIB. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
modpGroupTable |
1.3.6.1.4.1.3551.4.1.16.1.3.1 |
The (conceptual) table containing Oakley MODP groups that
are not well known that the entity has negotiated or knows
about.
There should be one row for every Oakley MODP group
negotiated or supported by the entity that is not a well-
known group. The maximum number of rows is implementation
dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
ModpGroupEntry |
|
modpGroupEntry |
1.3.6.1.4.1.3551.4.1.16.1.3.1.1 |
An entry (conceptual row) containing the information on a
particular Oakley MODP group.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
ModpGroupEntry |
|
|
modpGroupIndex |
1.3.6.1.4.1.3551.4.1.16.1.3.1.1.1 |
A unique value, greater than zero, for each Oakley MODP
group. It is recommended that values are assigned
contiguously starting from 1.
The value for each MODP group must remain constant at least
from one re-initialization of entity's network management
system to the next re-initialization. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..16777215 |
|
modpFieldSize |
1.3.6.1.4.1.3551.4.1.16.1.3.1.1.2 |
The size of a field element, in bits. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
modpPrime |
1.3.6.1.4.1.3551.4.1.16.1.3.1.1.3 |
The prime of the MODP group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
modpGenerator |
1.3.6.1.4.1.3551.4.1.16.1.3.1.1.4 |
The generator value of the MODP group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
modpLPF |
1.3.6.1.4.1.3551.4.1.16.1.3.1.1.5 |
The largest prime factor of the group size, or 0 if
unspecified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
modpStrength |
1.3.6.1.4.1.3551.4.1.16.1.3.1.1.6 |
The strength of the group, which is approximately the
number of key-bits protected, or 0 if unspecified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ecpGroupTable |
1.3.6.1.4.1.3551.4.1.16.1.3.2 |
The (conceptual) table containing Oakley ECP groups that
are not well known that the entity has negotiated or knows
about.
There should be one row for every Oakley ECP group
negotiated or supported by the entity that is not a well-
known group. The maximum number of rows is implementation
dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EcpGroupEntry |
|
ecpGroupEntry |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1 |
An entry (conceptual row) containing the information on a
particular Oakley ECP group.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EcpGroupEntry |
|
|
ecpGroupIndex |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1.1 |
A unique value, greater than zero, for each Oakley ECP
group. It is recommended that values are assigned
contiguously starting from 1.
The value for each ECP group must remain constant at least
from one re-initialization of entity's network management
system to the next re-initialization. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..16777215 |
|
ecpFieldSize |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1.2 |
The size of a field element, in bits. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ecpPrime |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1.3 |
The prime of the ECP group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ecpGeneratorOne |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1.4 |
The first generator value of the group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ecpGeneratorTwo |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1.5 |
The second generator value of the group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ecpParameterOne |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1.6 |
The first elliptic curve parameter value of the group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ecpParameterTwo |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1.7 |
The second elliptic curve parameter value of the group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ecpLPF |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1.8 |
The largest prime factor of the group size, or 0 if
unspecified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ecpOrder |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1.9 |
The order of the group, or 0 if it is unspecified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ecpStrength |
1.3.6.1.4.1.3551.4.1.16.1.3.2.1.10 |
The strength of the group, which is approximately the
number of key-bits protected. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ec2nGroupTable |
1.3.6.1.4.1.3551.4.1.16.1.3.3 |
The (conceptual) table containing Oakley EC2N groups that
are not well known that the entity has negotiated or knows
about.
There should be one row for every Oakley group negotiated or
supported by the entity that is not a well-known group. The
maximum number of rows is implementation dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
Ec2nGroupEntry |
|
ec2nGroupEntry |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1 |
An entry (conceptual row) containing the information on a
particular Oakley EC2N group.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Ec2nGroupEntry |
|
|
ec2nGroupIndex |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1.1 |
A unique value, greater than zero, for each Oakley EC2N
group. It is recommended that values are assigned
contiguously starting from 1.
The value for each EC2N group must remain constant at least
from one re-initialization of entity's network management
system to the next re-initialization. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..16777215 |
|
ec2nDegree |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1.2 |
The degree of the irreducible polynomial. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ec2nIrrPoly |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1.3 |
The prime or the irreducible field polynomial. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ec2nGeneratorOne |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1.4 |
The first generator value of the group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ec2nGeneratorTwo |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1.5 |
The second generator value of the group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ec2nParameterOne |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1.6 |
The first elliptic curve parameter value of the group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ec2nParameterTwo |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1.7 |
The second elliptic curve parameter value of the group. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ec2nLPF |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1.8 |
The largest prime factor of the group size, or 0 if
unspecified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ec2nOrder |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1.9 |
The order of the group, or 0 if it is unspecified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
ec2nStrength |
1.3.6.1.4.1.3551.4.1.16.1.3.3.1.10 |
The strength of the group, which is approximately the
number of key-bits protected, or 0 if it is unspecified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ikeSaTable |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1 |
The (conceptual) table containing the IKE SAs.
The number of rows is the same as the number of IKE phase 2
SAs that are in the process of being negotiated or are
negotiated in the entity. Phrased another way, there is a
row in this table for each row in 'saTable' for which
'saDoi' is 'ipsecDOI(1)'.
The maximum number of rows is implementation dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IkeSaEntry |
|
ikeSaEntry |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1 |
An entry (conceptual row) containing the information on a
particular IKE SA. There is an entry in this table for each
'saEntry' in which which 'saDoi' is 'ipsecDOI(1)'.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IkeSaEntry |
|
|
saAuthMethod |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.1 |
The authentication method used to authenticate the peers.
Note that this does not include the specific method of
extended authentication if extended authentication is used. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IkeAuthMethod |
|
|
saPeerIdType |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.2 |
The type of ID used by the peer that negotiated this SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
saPeerId |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.3 |
The ID of the used by the peer that negotiated this SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
saPeerCertSerialNum |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.4 |
The serial number of the certificate of the peer this SA
was negotiated with.
This object has no meaning if a certificate was not used in
authenticating the peer. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..63) |
|
saPeerCertIssuer |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.5 |
The issuer name of the certificate of the peer this control
channel was negotiated with.
This object has no meaning if a certificate was not used in
authenticating the peer. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..511) |
|
saLocalIdType |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.6 |
The type of ID used by the local entity that negotiated
this SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
saLocalId |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.7 |
The ID of the used by the local entity that negotiated this
SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
saEncAlg |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.8 |
The encryption algorithm used to protect this SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IkeEncryptionAlgorithm |
|
|
saEncKeyLength |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.9 |
The length of the encryption key in bits used for the
algorithm specified in the 'saEncAlg' object. It may be 0 if
the key length is implicit in the specified algorithm. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..65531 |
|
saHashAlg |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.10 |
The hash algorithm used to protect this SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IkeHashAlgorithm |
|
|
saHashKeyLength |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.11 |
The length of the encryption key in bits used for the
algorithm specified in the 'saHashAlg' object. It may be 0
if the key length is implicit in the specified algorithm. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..65531 |
|
saPRF |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.12 |
The pseudo-random function used by this SA, or 0 if the
HMAC version of the negotiated hash algorithm is used as a
pseudo-random function. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IkePrf |
|
|
saOakleyGroupDesc |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.13 |
The group number used to generate the Diffie-Hellman key
pair when setting up the SA, or 0 if none of the defined
groups was used.
If this value is 0, the 'saOakleyGroup' must not also be
OBJECT IDENTIFIER { 0 0 }. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IkeGroupDescription |
|
|
saOakleyGroup |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.14 |
The object identifier of the Oakley group row that was used
if a well-known group was not used to generate the Diffie-
Hellman key pair for this SA.
If a well-known group was used, the value should be set to
the OBJECT IDENTIFIER { 0 0 }.
For example, if the group is a MODP group, the value of this
object is the object identifier of 'modpGroupIndex' of the
appropriate row ('modpGroupEntry') in 'modpGroupTable'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
saLimitSeconds |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.15 |
The maximum number of seconds the SA is allowed to exist,
or 0 if there is no time-based limit on the existence of the
SA.
The display value is limited to 4,294,967,295 seconds (more
than 136 years); values greater than that value will be
truncated. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
saLimitKbytes |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.16 |
The maximum number of kilobytes the SA is allowed to
encrypt before it expires, or 0 if there is no traffic-by-
byte-based limit on the existence of the SA.
The display value is limited to 4,294,967,295 kilobytes
(more than 4,194,304 Mbyte ); values greater than that value
will be truncated. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
saLimitKeyUses |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.17 |
The maximum number of times the SA is allowed to provide
keying material from its own Diffie-Hellman exchange before
it expires, or 0 if there is no keying material-based limit
on the existence of the SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
saAccKbytes |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.18 |
The number of kilobytes the SA has encrypted that count
against any lifetime restriction based on traffic. This
value may be 0 if there is no such restriction. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
saKeyUses |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.19 |
The number of times the SA is has provided keying material
derived from its own original Diffie-Hellman exchange. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
saCreatedSuites |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.20 |
The total number of SA suites that this SA has successfully
created. In other words, the total number of successful
quick mode exchanges multiplied by the number of SA payloads
in each of those exchanges. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
saDeletedSuites |
1.3.6.1.4.1.3551.4.1.16.1.1.1.1.1.21 |
The total number of SA suites that this SA has sent or
received SA suite delete notifications for. When delete
notifications are sent or received for more than one SA in
an SA suite, this number shall be decremented by one, and
not by the number SAs in the suite that were deleted. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
saByCreatorsTable |
1.3.6.1.4.1.3551.4.1.16.1.1.1.2 |
The (conceptual) table that sorts the IKE phase 1 SAs by
the endpoint identifiers.
The number of rows in this table is the same as the number
of IKE phase 1 SAs in the entity. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
SaByCreatorsEntry |
|
saByCreatorsEntry |
1.3.6.1.4.1.3551.4.1.16.1.1.1.2.1 |
An entry (conceptual row) referencing a particular IKE
phase 1 SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SaByCreatorsEntry |
|
|
saByCreatorsLocalId |
1.3.6.1.4.1.3551.4.1.16.1.1.1.2.1.2 |
The ID of the used by the local entity that negotiated this
SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
saByCreatorsPeerId |
1.3.6.1.4.1.3551.4.1.16.1.1.1.2.1.4 |
The ID of the used by the remote entity that negotiated
this SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
saByCreatorsIndex |
1.3.6.1.4.1.3551.4.1.16.1.1.1.2.1.5 |
A unique value, greater than zero, for each IKE phase 1 SA
that exists between the two endpoints. It is recommended
that values are assigned contiguously starting from 1. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..16777215 |
|
saIkeLocalIpAddress |
1.3.6.1.4.1.3551.4.1.16.1.1.1.2.1.6 |
The 'saLocalIpAddress' of the phase 1 SA for this row. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
saIkeRemoteIpAddress |
1.3.6.1.4.1.3551.4.1.16.1.1.1.2.1.7 |
The 'saRemoteIpAddress' of the phase 1 SA for this row. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
saIkeInitiatorCookie |
1.3.6.1.4.1.3551.4.1.16.1.1.1.2.1.8 |
The 'saInitiatorCookie' of the phase 1 SA for this row. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
saIkeResponderCookie |
1.3.6.1.4.1.3551.4.1.16.1.1.1.2.1.9 |
The 'saResponderCookie' of the phase 1 SA for this row. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
exchangeTable |
1.3.6.1.4.1.3551.4.1.16.1.1.1.3 |
The (conceptual) table containing the exchanges used.
There should be one row for every exchange attempt that has
occurred using a phase 1 security association that exists in
the entity. The maximum number of rows is implementation
dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
ExchangeEntry |
|
exchangeEntry |
1.3.6.1.4.1.3551.4.1.16.1.1.1.3.1 |
An entry (conceptual row) containing the information on a
particular exchange used in an SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
ExchangeEntry |
|
|
exchangeType |
1.3.6.1.4.1.3551.4.1.16.1.1.1.3.1.1 |
The type of the exchange for which the statistics of this
row apply. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IkeExchangeType |
|
|
exchangeTotalCount |
1.3.6.1.4.1.3551.4.1.16.1.1.1.3.1.2 |
The total number of complete exchanges of the type
performed using the SA, as either initiator or as responder.
If there were failed attempts to initiate exchanges, this
value is not equal to the sum of 'exchangeInitiatedCount'
and 'exchangeRespondedCount'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
exchangeInitiatedCount |
1.3.6.1.4.1.3551.4.1.16.1.1.1.3.1.3 |
The total number of exchanges of the type attempted using
the SA as initiator. This includes exchange that failed or
were incomplete |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
exchangeRespondedCount |
1.3.6.1.4.1.3551.4.1.16.1.1.1.3.1.4 |
The total number of complete exchanges of the type
performed using the SA as responder. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
suiteTable |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1 |
The (conceptual) table containing the phase 2 suites.
The number of rows in this table is the same as the number
of suites in the entity. The maximum number of rows is
implementation dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
SuiteEntry |
|
suiteEntry |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1 |
An entry (conceptual row) containing the information on a
particular phase 2 SA suite.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SuiteEntry |
|
|
suiteIndex |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.1 |
A unique value, greater than zero, for each SA suite. It is
recommended that values are assigned contiguously starting
from 1. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..16777215 |
|
suiteLocalAddress |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.2 |
The address used by the local entity that negotiated the SA
suite.
IPv4 entities will prefix the IP address with
'0000:0000:0000:0000:0000:FFFF::'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecIpv6Address |
|
|
suiteRemoteAddress |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.3 |
The address used by the remote entity that negotiated the
SA suite.
IPv4 entities will prefix the IP address with
'0000:0000:0000:0000:0000:FFFF::'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecIpv6Address |
|
|
suitePhase1RemoteId |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.5 |
The ID of the remote entity that negotiated this suite. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
suitePhase1LocalId |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.7 |
The ID of the local entity that negotiated this suite. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
suiteRemoteId |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.8 |
The remote identifier of the SAs in the suite. It may be 0
if unknown or if the suite uses transport mode
encapsulation.
This corresponds to the destination identifier of outbound
SAs in the suite, and to the source identifier of inbound
SAs in the suite.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
suiteRemoteIdType |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.9 |
The type of ID used for 'suiteRemoteId'. It may be 0 if
unknown or if the suite uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
suiteLocalId |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.10 |
The local identifier of the SAs in the suite. It may be 0
if unknown or if the suite uses transport mode
encapsulation.
This corresponds to the source identifier of outbound SAs in
the suite, and to the destination identifier of inbound SAs
in the suite.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
suiteLocalIdType |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.11 |
The type of ID used for 'suiteLocalId'. It may be 0 if
unknown or if the suite uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
suiteProtocol |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.12 |
The transport-layer protocol number that this suite
carries, or 0 if it carries any protocol.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
suiteRemotePort |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.13 |
The remote port number of the protocol that this suite
carries, or 0 if it carries any port number.
This corresponds to the destination port number of outbound
SAs in the suite, and to the source port number of inbound
SAs in the suite.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
suiteLocalPort |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.14 |
The local port number of the protocol that this SA carries,
or 0 if it carries any port number.
This corresponds to the source port number of outbound SAs
in the suite, and to the destination port number of inbound
SAs in the suite.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
suiteOakleyGroupDesc |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.15 |
The group number used to generate the Diffie-Hellman key
pair when setting up the SA, or 0 if none of the well known
groups was used, or if perfect forward secrecy was not
used. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IkeGroupDescription |
|
|
suiteOakleyGroup |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.16 |
The table index value of the Oakley group row that was used
if a well-known group was not used to generate the Diffie-
Hellman key pair for this SA.
If a well-known group was used, or if perfect forward
secrecy was not used, the value should be set to the OBJECT
IDENTIFIER { 0 0 }. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
suiteLifeSeconds |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.17 |
The number of seconds that the SA has existed. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
suiteInUserOctets |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.18 |
The amount of user level traffic measured in bytes handled
by the suite in the inbound direction.
This is the same as the user level traffic of the inner most
inbound SA in the suite. Note that if the inner-most SA is a
shared IPcomp SA, then this value may be difficult to
calculate. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
suiteInPackets |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.19 |
The number of inbound packets handled by the suite.
This is the same as the number of packets handled by any one
of the inbound SAs in the suite. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
suiteOutUserOctets |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.20 |
The amount of user level traffic measured in bytes handled
by the suite in the outbound direction.
This is the same as the user level traffic of the inner most
outbound SA in the suite. Note that if the inner most SA is
a shared IPcomp SA, then this value may be difficult to
calculate. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
suiteOutPackets |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.21 |
The number of outbound packets handled by the suite.
This is the same as the number of packets handled by any one
of the outbound SAs in the suite. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
suiteSendErrors |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.22 |
The number of outbound packets discarded by the suite due
to any error.
This is the same as the sum of all errors of all outbound
SAs in the suite. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
suiteReceiveErrors |
1.3.6.1.4.1.3551.4.1.16.1.2.1.1.1.23 |
The number of inbound packets discarded by the suite due to
any error.
This is the same as the sum of all errors of all inbound SAs
in the suite. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
phase2SaTable |
1.3.6.1.4.1.3551.4.1.16.1.2.1.2 |
The (conceptual) table containing ID information for the
phase 2 SAs that are part of suites.
The number of rows in this table is the same as the number
of unidirectional phase 2 IPsec SA pairs that are created as
part of suites. The maximum number of rows is implementation
dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
Phase2SaEntry |
|
phase2SaEntry |
1.3.6.1.4.1.3551.4.1.16.1.2.1.2.1 |
An entry (conceptual row) containing the information on a
particular phase 2 SA within a suite.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Phase2SaEntry |
|
|
saOrder |
1.3.6.1.4.1.3551.4.1.16.1.2.1.2.1.1 |
The position within the suite of the pair of SAs indicated
by this row.
A value of 1 is used to represent the outer-most SA pair.
The outer-most SA of any given packet has its header next to
the outer IP header of the processed packet, while the
inner-most SA has its header nearest the data of the
unprocessed packet. (Note that the IPcomp header may be
missing in actual usage if a particular packet was not
compressed.)
This value should be monotonically increasing for every SA
pair in a suite. The maximum value is implementation
dependent, but will generally not exceed three. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..15 |
|
saProtocol |
1.3.6.1.4.1.3551.4.1.16.1.2.1.2.1.2 |
The protocol of the inbound/outbound SA pair indicated by
this row of the table. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiTransformIdent |
|
|
saInSpi |
1.3.6.1.4.1.3551.4.1.16.1.2.1.2.1.3 |
The security parameters index of the inbound SA of the
inbound/outbound SA pair. If the protocol of the SA pair is
IPcomp, this value is the CPI.
This value is used with the value of 'suiteLocalAddress'
from the row indexed by 'suiteIndex' to create a SPI/address
pair that uniquely identifies the inbound SA used in this SA
suite. This can then be used to look up the SA in the
appropriate inbound SA table, based on 'saProtocol'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
saOutSpi |
1.3.6.1.4.1.3551.4.1.16.1.2.1.2.1.4 |
The security parameters index of the outbound SA of the
inbound/outbound SA pair. If the protocol of the SA pair is
IPcomp, this value is the CPI.
This value is used with the value of 'suiteLocalAddress'
from the row indexed by 'suiteIndex' to create a SPI/address
pair that uniquely identifies the outbound SA used in this
SA suite. This can then be used to look up the SA in the
appropriate outbound SA table, based on 'saProtocol'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
suiteByCreatorsTable |
1.3.6.1.4.1.3551.4.1.16.1.2.1.3 |
The (conceptual) table that sorts the SA suites by the
endpoint identifiers.
The number of rows in this table is the same as the number
of suites in the entity. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
SuiteByCreatorsEntry |
|
suiteByCreatorsEntry |
1.3.6.1.4.1.3551.4.1.16.1.2.1.3.1 |
An entry (conceptual row) referencing a particular suite.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SuiteByCreatorsEntry |
|
|
suiteByCreatorsP1LocalId |
1.3.6.1.4.1.3551.4.1.16.1.2.1.3.1.2 |
The ID of the local entity that negotiated this suite. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
suiteByCreatorsIndex |
1.3.6.1.4.1.3551.4.1.16.1.2.1.3.1.5 |
A unique value, greater than zero, for each SA suite that
is between the two endpoints. It is recommended that values
are assigned contiguously starting from 1 for each SA suite
between the two endpoints. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..16777215 |
|
suiteByCreatorsRef |
1.3.6.1.4.1.3551.4.1.16.1.2.1.3.1.6 |
The value of 'suiteIndex' in the row ('suiteEntry') of the
'suiteTable' to which this row refers. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
suiteBySelectorsTable |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4 |
The (conceptual) table that sorts the suites by the
selectors.
The number of rows in this table is the same as the number
of suites in the entity. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
SuiteBySelectorsEntry |
|
suiteBySelectorsEntry |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4.1 |
An entry (conceptual row) referencing a particular suite.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SuiteBySelectorsEntry |
|
|
suiteBySelectorsLocalId |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4.1.1 |
The local identifier of the selector of the suite.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
suiteBySelectorsLocalIdType |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4.1.2 |
The type of ID used for 'suiteBySelectorsLocalId'.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
suiteBySelectorsRemoteId |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4.1.3 |
The remote identifier of the selector of the suite.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
suiteBySelectorsRemoteIdType |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4.1.4 |
The type of ID used for 'suiteBySelectorsRemoteId'.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
suiteBySelectorsProtocol |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4.1.5 |
The transport-layer protocol number that this suite
carries, or 0 if it carries any protocol.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
suiteBySelectorsLocalPort |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4.1.6 |
The local port number of the protocol that this suite
carries, or 0 if it carries any port number.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
suiteBySelectorsRemotePort |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4.1.7 |
The remote port number of the protocol that this SA
carries, or 0 if it carries any port number.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
suiteBySelectorsIndex |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4.1.8 |
A unique value, greater than zero, for each SA suite that
the same selectors. It is recommended that values are
assigned contiguously starting from 1. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..16777215 |
|
suiteBySelectorsRef |
1.3.6.1.4.1.3551.4.1.16.1.2.1.4.1.9 |
The value of 'suiteIndex' in the row ('suiteEntry') of the
'suiteTable' to which this row refers. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
ipsecSaInSuiteTable |
1.3.6.1.4.1.3551.4.1.16.1.2.1.5 |
The (conceptual) table that allows determination of which
suite a particular phase 2 SA is in.
The number of rows in this table is the same as the number
of phase 2 SAs in the entity. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpsecSaInSuiteEntry |
|
ipsecSaInSuiteEntry |
1.3.6.1.4.1.3551.4.1.16.1.2.1.5.1 |
An entry (conceptual row) referencing a particular phase 2
SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecSaInSuiteEntry |
|
|
ipsecSaInSuiteSpi |
1.3.6.1.4.1.3551.4.1.16.1.2.1.5.1.3 |
The SPI value of the IPsec phase 2 SA to which this row
refers. If the value of 'ipsecSaInSuiteProtocol' is
'protoIpcomp(4)', then this is the CPI of the SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaInSuiteRef |
1.3.6.1.4.1.3551.4.1.16.1.2.1.5.1.4 |
The value of 'suiteIndex' in the row ('suiteEntry') of the
'suiteTable' to which this row refers.
This is the suite that uses this SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
notifyCountTable |
1.3.6.1.4.1.3551.4.1.16.1.1.7.1 |
The (conceptual) table containing information on IPSec
notify message counts.
Rows are created in this table for every notification type
that has been sent or received by the entity.
This table MAY be sparsely populated; that is, rows for
which the count is 0 may be absent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
NotifyCountEntry |
|
notifyCountEntry |
1.3.6.1.4.1.3551.4.1.16.1.1.7.1.1 |
An entry (conceptual row) containing the total number of
occurrences of a notify message.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
NotifyCountEntry |
|
|
notifyProtocol |
1.3.6.1.4.1.3551.4.1.16.1.1.7.1.1.1 |
The value representing a protocol for which the notify was
used. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiSecProtocolId |
|
|
notifyType |
1.3.6.1.4.1.3551.4.1.16.1.1.7.1.1.2 |
The value representing a specific ISAKMP notify message, or
0 if unknown.
Values are assigned from the set of notify message types as
defined in Section 3.14.1 of [ISAKMP], and enhanced by the
IPsec DOI. In addition, the value 0 may be used for this
object when the object is used as a trap cause, and the
cause is unknown. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IkeNotifyMessageType |
|
|
notifySentCount |
1.3.6.1.4.1.3551.4.1.16.1.1.7.1.1.3 |
The total number of times the specific notify message has
been sent by the entity since system boot. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
notifyReceivedCount |
1.3.6.1.4.1.3551.4.1.16.1.1.7.1.1.4 |
The total number of times the specific notify message has
been received by the entity since system boot. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeCurrentSAs |
1.3.6.1.4.1.3551.4.1.16.1.1.2.1 |
The current number of IKE SAs in the entity. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Gauge32 |
|
|
ikeCurrentInitiatedSAs |
1.3.6.1.4.1.3551.4.1.16.1.1.2.2 |
The current number of IKE SAs successfully negotiated in
the entity that were initiated by the entity. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Gauge32 |
|
|
ikeCurrentRespondedSAs |
1.3.6.1.4.1.3551.4.1.16.1.1.2.3 |
The current number of IKE SAs successfully negotiated in
the entity that were initiated by the peer entity. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Gauge32 |
|
|
ikeTotalSAs |
1.3.6.1.4.1.3551.4.1.16.1.1.2.4 |
The total number of IKE SAs successfully negotiated in the
entity since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeTotalInitiatedSAs |
1.3.6.1.4.1.3551.4.1.16.1.1.2.5 |
The total number of IKE SAs successfully negotiated in the
entity since boot time that were initiated by the entity. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeTotalRespondedSAs |
1.3.6.1.4.1.3551.4.1.16.1.1.2.6 |
The total number of IKE SAs successfully negotiated in the
entity since boot time that were initiated by the peer
entity. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeTotalAttempts |
1.3.6.1.4.1.3551.4.1.16.1.1.2.7 |
The total number of IKE SAs negotiation attempts made since
boot time. This includes successful negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeTotalSaInitAttempts |
1.3.6.1.4.1.3551.4.1.16.1.1.2.8 |
The total number of IKE SAs negotiation attempts made where
the entity was the initiator since boot time. This includes
successful negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeTotalSaRespAttempts |
1.3.6.1.4.1.3551.4.1.16.1.1.2.9 |
The total number of IKE SAs negotiation attempts made where
the entity was the responder since boot time. This includes
successful negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeTotalInPackets |
1.3.6.1.4.1.3551.4.1.16.1.1.3.1 |
The total number of IKE packets received by the entity
since boot time, including re-transmissions and un-encrypted
packets. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeTotalOutPackets |
1.3.6.1.4.1.3551.4.1.16.1.1.3.2 |
The total number of IKE packets sent by the entity since
boot time, including re-transmissions and un-encrypted
packets. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeTotalInOctets |
1.3.6.1.4.1.3551.4.1.16.1.1.3.3 |
The total amount of IKE traffic received by the entity
since boot time, measured in bytes, including any re-
transmitted packets received, and including encrypted and
un-encrypted packets. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ikeTotalOutOctets |
1.3.6.1.4.1.3551.4.1.16.1.1.3.4 |
The total amount of IKE traffic sent by the entity since
boot time, measured in bytes, including any re-transmissions
and including encrypted and un-encrypted packets. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ikeTotalInitFailures |
1.3.6.1.4.1.3551.4.1.16.1.1.4.1 |
The total number of attempts to initiate an IKE phase 1 SA
that failed since boot time, when there was a response from
the peer entity.
This value may be used to detect clogging or denial-of-
service attacks. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeTotalInitNoResponses |
1.3.6.1.4.1.3551.4.1.16.1.1.4.2 |
The total number of attempts to initiate an IKE phase 1 SA
that failed since boot time, when there was no response from
the peer entity.
This should only be incremented if the peer does not repond
to the first packet of attempted negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeTotalRespFailures |
1.3.6.1.4.1.3551.4.1.16.1.1.4.3 |
The total number of attempts to initiate an IKE phase 1 SA
that failed since boot time, when the initiation attempt
came for the peer entity. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
totalSuites |
1.3.6.1.4.1.3551.4.1.16.1.2.2.1 |
The total number of suites created by the entity since
system boot. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
currentSuites |
1.3.6.1.4.1.3551.4.1.16.1.2.2.2 |
The total number of suites currently in existence in the
entity. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Gauge32 |
|
|
suiteTotalInUserKbytes |
1.3.6.1.4.1.3551.4.1.16.1.2.3.1 |
The total amount of user level traffic carried by all
suites in the entity since boot time, measured in kilobytes,
in the inbound direction.
This is the sum of the 'suiteInUserOctets' column for all
suite rows created since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
suiteTotalInPackets |
1.3.6.1.4.1.3551.4.1.16.1.2.3.2 |
The total number of packets carried by all suites in the
entity since boot time in the inbound direction.
This is the sum of the 'suiteInPackets' column for all suite
rows created since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
suiteTotalOutUserKbytes |
1.3.6.1.4.1.3551.4.1.16.1.2.3.3 |
The total amount of user level traffic carried by all
suites in the entity since boot time, measured in kilobytes,
in the outbound direction.
This is the sum of the 'suiteOutUserOctets' column for all
suite rows created since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
suiteTotalOutPackets |
1.3.6.1.4.1.3551.4.1.16.1.2.3.4 |
The total number of packets carried by all suites in the
entity since boot time, in the outbound direction.
This is the sum of the 'suiteOutPackets' column for all
suite rows created since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
suiteInitFailures |
1.3.6.1.4.1.3551.4.1.16.1.2.4.1 |
The total number of attempts to initiate an suite that
failed since boot time, when the attempt was initiated
locally. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
suiteRespondFailures |
1.3.6.1.4.1.3551.4.1.16.1.2.4.2 |
The total number of attempts to initiate an suite that
failed since boot time, when the attempt was initiated by
the peer entity. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ikeNegFailureTrapEnable |
1.3.6.1.4.1.3551.4.1.16.1.1.5.1 |
Indicates whether ikeNegFailure traps should be generated. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ikeNegFailure |
1.3.6.1.4.1.3551.4.1.16.1.1.6.1 |
An attempt to negotiate a phase 1 IKE SA failed.
The notification type sent or received is also sent as part
of the trap, along with the current value of the total
negotiation error counters for ISAKMP. |
Status: current |
Access: read-write |
NOTIFICATION-TYPE |
|
|
|
suiteNegFailureTrapEnable |
1.3.6.1.4.1.3551.4.1.16.1.2.5.1 |
Indicates whether 'suiteNegFailure' traps should be
generated. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
suiteNegFailure |
1.3.6.1.4.1.3551.4.1.16.1.2.6.1 |
An attempt to negotiate a phase 2 SA suite for the
specified selectors failed.
The current total failure counts are passed as well as the
notification type sent or received as part of the failure. |
Status: current |
Access: read-write |
NOTIFICATION-TYPE |
|
|
|