IPSEC-IKEACTION-MIB
File:
IPSEC-IKEACTION-MIB.mib (108875 bytes)
Imported modules
Imported symbols
Defined Types
IkeEncryptionAlgorithm |
|
Values for encryption algorithms negotiated
for the ISAKMP SA by IKE in Phase I. These are
values for SA Attrbute type Encryption
Algorithm (1).
Unused values <= 65000 are reserved to IANA.
Currently assigned values at the time of this
writing:
reserved(0), -- reserved in IKE
desCbc(1), -- RFC 2405
ideaCbc(2),
blowfishCbc(3),
rc5R16B64Cbc(4), -- RC5 R16 B64 CBC
tripleDesCbc(5), -- 3DES CBC
castCbc(6),
aesCbc(7)
Values 65001-65535 are for private use among
mutually consenting parties. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
0..65535 |
|
IkeAuthMethod |
|
Values for authentication methods negotiated
for the ISAKMP SA by IKE in Phase I. These are
values for SA Attrbute type Authentication
Method (3).
Unused values <= 65000 are reserved to IANA.
reserved(0), -- reserved in IKE
preSharedKey(1),
dssSignatures(2),
rsaSignatures(3),
encryptionWithRsa(4),
revisedEncryptionWithRsa(5),
reservedDontUse6(6), -- not to be used
reservedDontUse7(7), -- not to be used
ecdsaSignatures(8)
Values 65001-65535 are for private use among
mutually consenting parties. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
0..65535 |
|
IkeHashAlgorithm |
|
Values for hash algorithms negotiated
for the ISAKMP SA by IKE in Phase I. These are
values for SA Attrbute type Hash Algorithm (2).
Unused values <= 65000 are reserved to IANA.
Currently assigned values at the time of this
writing:
reserved(0), -- reserved in IKE
md5(1), -- RFC 1321
sha(2), -- FIPS 180-1
tiger(3),
sha256(4),
sha384(5),
sha512(6)
Values 65001-65535 are for private use among
mutually consenting parties. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
0..65535 |
|
IkeGroupDescription |
|
Values for Oakley key computation groups for
Diffie-Hellman exchange negotiated for the ISAKMP
SA by IKE in Phase I. They are also used in Phase II
when perfect forward secrecy is in use. These are
values for SA Attrbute type Group Description (4).
Unused values <= 32767 are reserved to IANA.
Currently assigned values at the time of this
writing:
none(0), -- reserved in IKE, used
-- in MIBs to reflect that
-- none of the predefined
-- groups are used
modp768(1), -- default 768-bit MODP group
modp1024(2), -- alternate 1024-bit MODP
-- group
ec2nGF155(3), -- EC2N group on Galois
-- Field GF[2^155]
ec2nGF185(4), -- EC2N group on Galois
-- Field GF[2^185]
ec2nGF163Random(6), -- EC2N group on Galois
-- Field GF[2^163],
-- random seed
ec2nGF163Koblitz(7),
-- EC2N group on Galois
-- Field GF[2^163],
-- Koblitz curve
ec2nGF283Random(8), -- EC2N group on Galois
-- Field GF[2^283],
-- random seed
ec2nGF283Koblitz(9),
-- EC2N group on Galois
-- Field GF[2^283],
-- Koblitz curve
ec2nGF409Random(10),
-- EC2N group on Galois
-- Field GF[2^409],
-- random seed
ec2nGF409Koblitz(11),
-- EC2N group on Galois
-- Field GF[2^409],
-- Koblitz curve
ec2nGF571Random(12),
-- EC2N group on Galois
-- Field GF[2^571],
-- random seed
ec2nGF571Koblitz(13)
-- EC2N group on Galois
-- Field GF[2^571],
-- Koblitz curve
Values 32768-65535 are for private use among
mutually consenting parties. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
0..65535 |
|
IpsecDoiSecProtocolId |
|
These are the IPsec DOI values for the Protocol-Id
field in an ISAKMP Proposal Payload, and in all
Notification Payloads.
They are also used as the Protocol-ID In the
Notification Payload and the Delete Payload.
Currently assigned values at the time of this
writing:
reserved(0), -- reserved in DOI
protoIsakmp(1), -- message protection
-- required during Phase I
-- of the IKE protocol
protoIpsecAh(2), -- IP packet authentication
-- via Authentication Header
protoIpsecEsp(3), -- IP packet confidentiality
-- via Encapsulating
-- Security Payload
protoIpcomp(4) -- IP payload compression
The values 249-255 are reserved for private use
amongst cooperating systems. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
0..255 |
|
IpiaCredentialFilterEntry |
|
SEQUENCE |
|
|
|
|
ipiaCredFiltName |
SnmpAdminString |
|
|
ipiaCredFiltCredentialType |
IpsaCredentialType |
|
|
ipiaCredFiltMatchFieldName |
OCTET STRING |
|
|
ipiaCredFiltMatchFieldValue |
OCTET STRING |
|
|
ipiaCredFiltAcceptCredFrom |
OCTET STRING |
|
|
ipiaCredFiltLastChanged |
TimeStamp |
|
|
ipiaCredFiltStorageType |
StorageType |
|
|
ipiaCredFiltRowStatus |
RowStatus |
|
IpiaPeerIdentityFilterEntry |
|
SEQUENCE |
|
|
|
|
ipiaPeerIdFiltName |
SnmpAdminString |
|
|
ipiaPeerIdFiltIdentityType |
IpsecDoiIdentType |
|
|
ipiaPeerIdFiltIdentityValue |
IpsaIdentityFilter |
|
|
ipiaPeerIdFiltLastChanged |
TimeStamp |
|
|
ipiaPeerIdFiltStorageType |
StorageType |
|
|
ipiaPeerIdFiltRowStatus |
RowStatus |
|
IpiaIkeActionEntry |
|
SEQUENCE |
|
|
|
|
ipiaIkeActName |
SnmpAdminString |
|
|
ipiaIkeActParametersName |
SnmpAdminString |
|
|
ipiaIkeActThresholdDerivedKeys |
Integer32 |
|
|
ipiaIkeActExchangeMode |
INTEGER |
|
|
ipiaIkeActAgressiveModeGroupId |
IkeGroupDescription |
|
|
ipiaIkeActIdentityType |
IpsecDoiIdentType |
|
|
ipiaIkeActIdentityContext |
SnmpAdminString |
|
|
ipiaIkeActPeerName |
SnmpAdminString |
|
|
ipiaIkeActDoActionLogging |
TruthValue |
|
|
ipiaIkeActDoPacketLogging |
SpdIPPacketLogging |
|
|
ipiaIkeActVendorId |
OCTET STRING |
|
|
ipiaIkeActLastChanged |
TimeStamp |
|
|
ipiaIkeActStorageType |
StorageType |
|
|
ipiaIkeActRowStatus |
RowStatus |
|
IpiaIpsecActionEntry |
|
SEQUENCE |
|
|
|
|
ipiaIpsecActName |
SnmpAdminString |
|
|
ipiaIpsecActParametersName |
SnmpAdminString |
|
|
ipiaIpsecActProposalsName |
SnmpAdminString |
|
|
ipiaIpsecActUsePfs |
TruthValue |
|
|
ipiaIpsecActVendorId |
OCTET STRING |
|
|
ipiaIpsecActGroupId |
IkeGroupDescription |
|
|
ipiaIpsecActPeerGatewayIdName |
OCTET STRING |
|
|
ipiaIpsecActUseIkeGroup |
TruthValue |
|
|
ipiaIpsecActGranularity |
INTEGER |
|
|
ipiaIpsecActMode |
INTEGER |
|
|
ipiaIpsecActDFHandling |
INTEGER |
|
|
ipiaIpsecActDoActionLogging |
TruthValue |
|
|
ipiaIpsecActDoPacketLogging |
SpdIPPacketLogging |
|
|
ipiaIpsecActLastChanged |
TimeStamp |
|
|
ipiaIpsecActStorageType |
StorageType |
|
|
ipiaIpsecActRowStatus |
RowStatus |
|
IpiaSaNegotiationParametersEntry |
|
SEQUENCE |
|
|
|
|
ipiaSaNegParamName |
SnmpAdminString |
|
|
ipiaSaNegParamMinLifetimeSecs |
Unsigned32 |
|
|
ipiaSaNegParamMinLifetimeKB |
Unsigned32 |
|
|
ipiaSaNegParamRefreshThreshSecs |
Unsigned32 |
|
|
ipiaSaNegParamRefreshThresholdKB |
Unsigned32 |
|
|
ipiaSaNegParamIdleDurationSecs |
Unsigned32 |
|
|
ipiaSaNegParamLastChanged |
TimeStamp |
|
|
ipiaSaNegParamStorageType |
StorageType |
|
|
ipiaSaNegParamRowStatus |
RowStatus |
|
IpiaIkeActionProposalsEntry |
|
SEQUENCE |
|
|
|
|
ipiaIkeActPropPriority |
Integer32 |
|
|
ipiaIkeActPropName |
SnmpAdminString |
|
|
ipiaIkeActPropLastChanged |
TimeStamp |
|
|
ipiaIkeActPropStorageType |
StorageType |
|
|
ipiaIkeActPropRowStatus |
RowStatus |
|
IpiaIkeProposalEntry |
|
SEQUENCE |
|
|
|
|
ipiaIkePropLifetimeDerivedKeys |
Unsigned32 |
|
|
ipiaIkePropCipherAlgorithm |
IkeEncryptionAlgorithm |
|
|
ipiaIkePropCipherKeyLength |
Unsigned32 |
|
|
ipiaIkePropCipherKeyRounds |
Unsigned32 |
|
|
ipiaIkePropHashAlgorithm |
IkeHashAlgorithm |
|
|
ipiaIkePropPrfAlgorithm |
INTEGER |
|
|
ipiaIkePropVendorId |
OCTET STRING |
|
|
ipiaIkePropDhGroup |
IkeGroupDescription |
|
|
ipiaIkePropAuthenticationMethod |
IkeAuthMethod |
|
|
ipiaIkePropMaxLifetimeSecs |
Unsigned32 |
|
|
ipiaIkePropMaxLifetimeKB |
Unsigned32 |
|
|
ipiaIkePropLastChanged |
TimeStamp |
|
|
ipiaIkePropStorageType |
StorageType |
|
|
ipiaIkePropRowStatus |
RowStatus |
|
IpiaIpsecProposalsEntry |
|
SEQUENCE |
|
|
|
|
ipiaIpsecPropName |
SnmpAdminString |
|
|
ipiaIpsecPropPriority |
Integer32 |
|
|
ipiaIpsecPropProtocolId |
IpsecDoiSecProtocolId |
|
|
ipiaIpsecPropTransformsName |
SnmpAdminString |
|
|
ipiaIpsecPropLastChanged |
TimeStamp |
|
|
ipiaIpsecPropStorageType |
StorageType |
|
|
ipiaIpsecPropRowStatus |
RowStatus |
|
IpiaIkeIdentityEntry |
|
SEQUENCE |
|
|
|
|
ipiaIkeIdCredentialName |
SnmpAdminString |
|
|
ipiaIkeIdLastChanged |
TimeStamp |
|
|
ipiaIkeIdStorageType |
StorageType |
|
|
ipiaIkeIdRowStatus |
RowStatus |
|
IpiaAutostartIkeEntry |
|
SEQUENCE |
|
|
|
|
ipiaAutoIkePriority |
Integer32 |
|
|
ipiaAutoIkeAction |
VariablePointer |
|
|
ipiaAutoIkeAddressType |
InetAddressType |
|
|
ipiaAutoIkeSourceAddress |
InetAddress |
|
|
ipiaAutoIkeSourcePort |
InetPortNumber |
|
|
ipiaAutoIkeDestAddress |
InetAddress |
|
|
ipiaAutoIkeDestPort |
InetPortNumber |
|
|
ipiaAutoIkeProtocol |
Unsigned32 |
|
|
ipiaAutoIkeLastChanged |
TimeStamp |
|
|
ipiaAutoIkeStorageType |
StorageType |
|
|
ipiaAutoIkeRowStatus |
RowStatus |
|
IpiaIpsecCredMngServiceEntry |
|
SEQUENCE |
|
|
|
|
ipiaIcmsName |
SnmpAdminString |
|
|
ipiaIcmsDistinguishedName |
OCTET STRING |
|
|
ipiaIcmsPolicyStatement |
OCTET STRING |
|
|
ipiaIcmsMaxChainLength |
Integer32 |
|
|
ipiaIcmsCredentialName |
SnmpAdminString |
|
|
ipiaIcmsLastChanged |
TimeStamp |
|
|
ipiaIcmsStorageType |
StorageType |
|
|
ipiaIcmsRowStatus |
RowStatus |
|
IpiaCredMngCRLEntry |
|
SEQUENCE |
|
|
|
|
ipiaCmcCRLName |
SnmpAdminString |
|
|
ipiaCmcDistributionPoint |
OCTET STRING |
|
|
ipiaCmcThisUpdate |
OCTET STRING |
|
|
ipiaCmcNextUpdate |
OCTET STRING |
|
|
ipiaCmcLastChanged |
TimeStamp |
|
|
ipiaCmcStorageType |
StorageType |
|
|
ipiaCmcRowStatus |
RowStatus |
|
IpiaRevokedCertificateEntry |
|
SEQUENCE |
|
|
|
|
ipiaRctCertSerialNumber |
Unsigned32 |
|
|
ipiaRctRevokedDate |
OCTET STRING |
|
|
ipiaRctRevokedReason |
INTEGER |
|
|
ipiaRctLastChanged |
TimeStamp |
|
|
ipiaRctStorageType |
StorageType |
|
|
ipiaRctRowStatus |
RowStatus |
|
Defined Values
ipiaMIB |
1.3.6.1.2.1.153.4.2 |
The MIB module for defining IKE actions for managing IPsec
Security Policy.
Copyright (C) The Internet Society (2006). This version of
this MIB module is part of RFC YYYY, see the RFC itself for
full legal notices. |
MODULE-IDENTITY |
|
|
|
ipiaIkePhase1Filter |
1.3.6.1.2.1.153.4.2.1.2.1 |
This static filter can be used to test if a packet is
part of an IKE phase-1 negotiation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipiaIkePhase2Filter |
1.3.6.1.2.1.153.4.2.1.2.2 |
This static filter can be used to test if a packet is
part of an IKE phase-2 negotiation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipiaCredentialFilterTable |
1.3.6.1.2.1.153.4.2.1.3 |
This table is used to provide credentials for IKE
identities.
It can be used to for filters which are matched to
credentials of IKE peers, where the credentials in question
have been obtained from an IKE phase 1 exchange. They MAY
be X.509 certificates, Kerberos tickets, etc...
It can also be used to provide credentials for local IKE
identities. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaCredentialFilterEntry |
|
ipiaCredentialFilterEntry |
1.3.6.1.2.1.153.4.2.1.3.1 |
A row defining a particular credential filter |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaCredentialFilterEntry |
|
|
ipiaCredFiltName |
1.3.6.1.2.1.153.4.2.1.3.1.1 |
The administrative name of this filter. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaCredFiltMatchFieldName |
1.3.6.1.2.1.153.4.2.1.3.1.3 |
The piece of the credential to match against. Examples:
serialNumber, signatureAlgorithm, issuerName or
subjectName.
For credential types without fields (e.g. shared secret),
this field SHOULD be left empty, and the entire credential
will be matched against the ipiaCredFiltMatchFieldValue. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..256) |
|
ipiaCredFiltMatchFieldValue |
1.3.6.1.2.1.153.4.2.1.3.1.4 |
The value that the field indicated by the
ipiaCredFiltMatchFieldName MUST match against for the
filter to be considered TRUE. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..4096) |
|
ipiaCredFiltAcceptCredFrom |
1.3.6.1.2.1.153.4.2.1.3.1.5 |
This value is used to look up a row in the
ipiaIpsecCredMngServiceTable for the Certificate Authority
(CA) Information. This value is empty if there is no CA
used for this filter. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..117) |
|
ipiaCredFiltLastChanged |
1.3.6.1.2.1.153.4.2.1.3.1.6 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaCredFiltStorageType |
1.3.6.1.2.1.153.4.2.1.3.1.7 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaCredFiltRowStatus |
1.3.6.1.2.1.153.4.2.1.3.1.8 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaPeerIdentityFilterTable |
1.3.6.1.2.1.153.4.2.1.4 |
This table defines filters which can be used to match
credentials of IKE peers, where the credentials in question
have been obtained from an IKE phase 1 exchange. They MAY
be X.509 certificates, Kerberos tickets, etc... |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaPeerIdentityFilterEntry |
|
ipiaPeerIdentityFilterEntry |
1.3.6.1.2.1.153.4.2.1.4.1 |
A row defining a particular credential filter |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaPeerIdentityFilterEntry |
|
|
ipiaPeerIdFiltName |
1.3.6.1.2.1.153.4.2.1.4.1.1 |
The administrative name of this filter. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaPeerIdFiltIdentityValue |
1.3.6.1.2.1.153.4.2.1.4.1.3 |
The string representation of the value that the peer ID
payload value MUST match against. Wildcard mechanisms MUST
be supported such that:
- a ipiaPeerIdFiltIdentityValue of '*@example.com' will
match a userFqdn ID payload of 'JDOE@EXAMPLE.COM'
- a ipiaPeerIdFiltIdentityValue of '*.example.com' will
match a fqdn ID payload of 'WWW.EXAMPLE.COM'
- a ipiaPeerIdFiltIdentityValue of:
'cn=*,ou=engineering,o=company,c=us'
will match a DER DN ID payload of
'cn=John Doe,ou=engineering,o=company,c=us'
- a ipiaPeerIdFiltIdentityValue of '192.0.2.0/24' will
match an IPv4 address ID payload of 192.0.2.10
- a ipiaPeerIdFiltIdentityValue of '192.0.2.*' will also
match an IPv4 address ID payload of 192.0.2.10.
The character '*' replaces 0 or multiple instances of any
character. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpsaIdentityFilter |
|
|
ipiaPeerIdFiltLastChanged |
1.3.6.1.2.1.153.4.2.1.4.1.4 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaPeerIdFiltStorageType |
1.3.6.1.2.1.153.4.2.1.4.1.5 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaPeerIdFiltRowStatus |
1.3.6.1.2.1.153.4.2.1.4.1.6 |
This object indicates the conceptual status of this row.
This object can not be considered active unless the
ipiaPeerIdFiltIdentityType and ipiaPeerIdFiltIdentityValue
column values are defined.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaRejectIKEAction |
1.3.6.1.2.1.153.4.2.1.5.1 |
This scalar indicates that a packet SHOULD be rejected
WITHOUT action/packet logging. This object returns a value
of 1 for IPsec policy implementations that support the
reject static action. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipiaRejectIKEActionLog |
1.3.6.1.2.1.153.4.2.1.5.2 |
This scalar indicates that a packet SHOULD be rejected
WITH action/packet logging. This object returns a value of
1 for IPsec policy implementations that support the reject
static action with logging. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipiaIkeActionTable |
1.3.6.1.2.1.153.4.2.1.6 |
The ipiaIkeActionTable contains a list of the parameters
used for an IKE phase 1 SA DOI negotiation. See the
corresponding table ipiaIkeActionProposalsTable for a list
of proposals contained within a given IKE Action. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaIkeActionEntry |
|
ipiaIkeActionEntry |
1.3.6.1.2.1.153.4.2.1.6.1 |
The ipiaIkeActionEntry lists the IKE negotiation
attributes. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaIkeActionEntry |
|
|
ipiaIkeActName |
1.3.6.1.2.1.153.4.2.1.6.1.1 |
This object contains the name of this ikeAction entry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaIkeActParametersName |
1.3.6.1.2.1.153.4.2.1.6.1.2 |
This object is administratively assigned to reference a row
in the ipiaSaNegotiationParametersTable where additional
parameters affecting this action can be found.
An attempt to set this object to a value that does not
exist in the ipiaSaNegotiationParametersTable MUST result
in an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaIkeActThresholdDerivedKeys |
1.3.6.1.2.1.153.4.2.1.6.1.3 |
ipiaIkeActThresholdDerivedKeys specifies what percentage
of the derived key limit (see the LifetimeDerivedKeys
property of IKEProposal) can expire before IKE SHOULD
attempt to renegotiate the IKE phase 1 security
association. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..100 |
|
ipiaIkeActExchangeMode |
1.3.6.1.2.1.153.4.2.1.6.1.4 |
ipiaIkeActExchangeMode specifies the IKE Phase 1
negotiation mode. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
main(1), agressive(2) |
|
ipiaIkeActIdentityType |
1.3.6.1.2.1.153.4.2.1.6.1.6 |
This column along with ipiaIkeActIdentityContext and
endpoint information is used to refer an
ipiaIkeIdentityEntry in the ipiaIkeIdentityTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipiaIkeActIdentityContext |
1.3.6.1.2.1.153.4.2.1.6.1.7 |
This column, along with ipiaIkeActIdentityType and endpoint
information, is used to refer to an ipiaIkeIdentityEntry in
the ipiaIkeIdentityTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaIkeActPeerName |
1.3.6.1.2.1.153.4.2.1.6.1.8 |
This object indicates the peer id name of the IKE peer.
This object can be used to look up the peer id value,
address, credentials and other values in the
ipiaPeerIdentityTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipiaIkeActDoActionLogging |
1.3.6.1.2.1.153.4.2.1.6.1.9 |
ikeDoActionLogging specifies whether or not an audit
message SHOULD be logged when this ike SA is created. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipiaIkeActDoPacketLogging |
1.3.6.1.2.1.153.4.2.1.6.1.10 |
ikeDoPacketLogging specifies whether or not an audit
message SHOULD be logged and if there is logging, how many
bytes of the packet to place in the notification. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SpdIPPacketLogging |
|
|
ipiaIkeActVendorId |
1.3.6.1.2.1.153.4.2.1.6.1.11 |
Vendor ID Payload. A value of NULL means that Vendor ID
payload will be neither generated nor accepted. A non-NULL
value means that a Vendor ID payload will be generated
(when acting as an initiator) or is expected (when acting
as a responder). |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..65535) |
|
ipiaIkeActLastChanged |
1.3.6.1.2.1.153.4.2.1.6.1.12 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaIkeActStorageType |
1.3.6.1.2.1.153.4.2.1.6.1.13 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaIkeActRowStatus |
1.3.6.1.2.1.153.4.2.1.6.1.14 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object MUST NOT be set to destroy if referred to by
other rows in other action tables. An attempt to set it to
anything other than active while it is referenced by an
active row in another table MUST result in an
inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaIpsecActionTable |
1.3.6.1.2.1.153.4.2.1.7 |
The ipiaIpsecActionTable contains a list of the parameters
used for an IKE phase 2 IPsec DOI negotiation. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaIpsecActionEntry |
|
ipiaIpsecActionEntry |
1.3.6.1.2.1.153.4.2.1.7.1 |
The ipiaIpsecActionEntry lists the IPsec negotiation
attributes. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaIpsecActionEntry |
|
|
ipiaIpsecActName |
1.3.6.1.2.1.153.4.2.1.7.1.1 |
ipiaIpsecActName is the name of the ipsecAction entry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaIpsecActParametersName |
1.3.6.1.2.1.153.4.2.1.7.1.2 |
This object is used to reference a row in the
ipiaSaNegotiationParametersTable where additional
parameters affecting this action can be found.
An attempt to set this column to a value that does not
exist in the ipiaSaNegotiationParametersTable MUST result
in an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaIpsecActProposalsName |
1.3.6.1.2.1.153.4.2.1.7.1.3 |
This object is used to reference one or more rows in the
ipiaIpsecProposalsTable where an ordered list of proposals
affecting this action can be found.
An attempt to set this column to a value that does not
exist in the ipiaIpsecProposalsTable MUST result in an
inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaIpsecActUsePfs |
1.3.6.1.2.1.153.4.2.1.7.1.4 |
This MIB object specifies whether or not perfect forward
secrecy is used when refreshing keys. A value of true
indicates that PFS SHOULD be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipiaIpsecActVendorId |
1.3.6.1.2.1.153.4.2.1.7.1.5 |
The VendorID property is used to identify vendor-defined
key exchange GroupIDs. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
ipiaIpsecActGroupId |
1.3.6.1.2.1.153.4.2.1.7.1.6 |
This object specifies the Diffie-Hellman group to use for
phase 2 when the object ipiaIpsecActUsePfs is true and the
object ipiaIpsecActUseIkeGroup is false. If the GroupID
number is from the vendor-specific range (32768-65535), the
VendorID qualifies the group number. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IkeGroupDescription |
|
|
ipiaIpsecActPeerGatewayIdName |
1.3.6.1.2.1.153.4.2.1.7.1.7 |
This object indicates the peer id name of the peer
gateway. This object can be used to look up the peer id
value, address and other values in the
ipiaPeerIdentityTable. This object is used when initiating
a tunnel SA. This object is not used for transport SAs.
If no value is set and ipiaIpsecActMode is tunnel, the peer
gateway is determined from the source or destination
address of the packet. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..116) |
|
ipiaIpsecActUseIkeGroup |
1.3.6.1.2.1.153.4.2.1.7.1.8 |
This object specifies whether or not to use the same
GroupId for phase 2 as was used in phase 1. If UsePFS is
false, this entry SHOULD be ignored. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipiaIpsecActGranularity |
1.3.6.1.2.1.153.4.2.1.7.1.9 |
This object specifies how the proposed selector for the
security association will be created. The selector is
created by using the FilterList information. The selector
can be subnet, address, porotocol, or port. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
subnet(1), address(2), protocol(3), port(4) |
|
ipiaIpsecActMode |
1.3.6.1.2.1.153.4.2.1.7.1.10 |
This object specifies the encapsulation of the IPsec SA
to be negotiated. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
tunnel(1), transport(2) |
|
ipiaIpsecActDFHandling |
1.3.6.1.2.1.153.4.2.1.7.1.11 |
This object specifies the processing of DF bit by the
negotiated IPsec tunnel.
1 - DF bit is copied.
2 - DF bit is set.
3 - DF bit is cleared. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
copy(1), set(2), clear(3) |
|
ipiaIpsecActDoActionLogging |
1.3.6.1.2.1.153.4.2.1.7.1.12 |
ipiaIpsecActDoActionLogging specifies whether or not an
audit message SHOULD be logged when this ipsec SA is
created. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipiaIpsecActDoPacketLogging |
1.3.6.1.2.1.153.4.2.1.7.1.13 |
ipiaIpsecActDoPacketLogging specifies whether or not an
audit message SHOULD be logged and if there is logging, how
many bytes of the packet to place in the notification. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SpdIPPacketLogging |
|
|
ipiaIpsecActLastChanged |
1.3.6.1.2.1.153.4.2.1.7.1.14 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaIpsecActStorageType |
1.3.6.1.2.1.153.4.2.1.7.1.15 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaIpsecActRowStatus |
1.3.6.1.2.1.153.4.2.1.7.1.16 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaSaNegotiationParametersTable |
1.3.6.1.2.1.153.4.2.1.8 |
This table contains reusable parameters that can be pointed
to by the ipiaIkeActionTable and ipiaIpsecActionTable.
These parameters are reusable since it is likely an
administrator will want to make global policy changes to
lifetime parameters that apply to multiple actions. This
table allows multiple rows in the other actions tables to
reuse global lifetime parameters in this table by
repeatedly pointing to a row cointained within this table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaSaNegotiationParametersEntry |
|
ipiaSaNegotiationParametersEntry |
1.3.6.1.2.1.153.4.2.1.8.1 |
Contains the attributes of one row in the
ipiaSaNegotiationParametersTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaSaNegotiationParametersEntry |
|
|
ipiaSaNegParamName |
1.3.6.1.2.1.153.4.2.1.8.1.1 |
This object contains the administrative name of this
SaNegotiationParametersEntry. This row can be referred
to by this name in other policy action tables. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaSaNegParamMinLifetimeSecs |
1.3.6.1.2.1.153.4.2.1.8.1.2 |
ipiaSaNegParamMinLifetimeSecs specifies the minimum seconds
lifetime that will be accepted from the peer. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipiaSaNegParamMinLifetimeKB |
1.3.6.1.2.1.153.4.2.1.8.1.3 |
ipiaSaNegParamMinLifetimeKB specifies the minimum kilobyte
lifetime that will be accepted from the peer. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipiaSaNegParamRefreshThreshSecs |
1.3.6.1.2.1.153.4.2.1.8.1.4 |
ipiaSaNegParamRefreshThreshSecs specifies what percentage
of the seconds lifetime can expire before IKE SHOULD
attempt to renegotiate the IPsec security association. A
value between 1 and 100 representing a percentage. A value
of 100 indicates that the IPsec security association SHOULD
not be renegotiated until the seconds lifetime has been
completely reached. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..100 |
|
ipiaSaNegParamRefreshThresholdKB |
1.3.6.1.2.1.153.4.2.1.8.1.5 |
ipiaSaNegParamRefreshThresholdKB specifies what percentage
of the kilobyte lifetime can expire before IKE SHOULD
attempt to renegotiate the IPsec security association. A
value between 1 and 100 representing a percentage. A value
of 100 indicates that the IPsec security association SHOULD
not be renegotiated until the kilobyte lifetime has been
reached. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..100 |
|
ipiaSaNegParamIdleDurationSecs |
1.3.6.1.2.1.153.4.2.1.8.1.6 |
ipiaSaNegParamIdleDurationSecs specifies how many seconds a
security association MAY remain idle (i.e., no traffic
protected using the security association) before it is
deleted. A value of zero indicates that idle detection
SHOULD NOT be used for the security association. Any
non-zero value indicates the number of seconds the security
association can remain unused. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipiaSaNegParamLastChanged |
1.3.6.1.2.1.153.4.2.1.8.1.7 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaSaNegParamStorageType |
1.3.6.1.2.1.153.4.2.1.8.1.8 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaSaNegParamRowStatus |
1.3.6.1.2.1.153.4.2.1.8.1.9 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaIkeActionProposalsEntry |
1.3.6.1.2.1.153.4.2.1.9.1 |
a row containing one ike proposal reference |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaIkeActionProposalsEntry |
|
|
ipiaIkeActPropPriority |
1.3.6.1.2.1.153.4.2.1.9.1.1 |
The numeric priority of a given contained proposal inside
an ike Action. This index SHOULD be used to order the
proposals in an IKE Phase I negotiation, lowest value first
(i.e. 0 first, then 1,2,etc...). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipiaIkeActPropName |
1.3.6.1.2.1.153.4.2.1.9.1.2 |
The administratively assigned name that can be used to
reference a set of values contained within the
ipiaIkeProposalTable.
An attempt to set this object to a value that doesn't exist
in the ipiaIkeProposalTable MUST result in an
inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaIkeActPropLastChanged |
1.3.6.1.2.1.153.4.2.1.9.1.3 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaIkeActPropStorageType |
1.3.6.1.2.1.153.4.2.1.9.1.4 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaIkeActPropRowStatus |
1.3.6.1.2.1.153.4.2.1.9.1.5 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active unless one of the
following two conditions are met. An attempt to set it to
anything other than active while the following conditions
are not met MUST result in an inconsistentValue error. The
two conditions are:
I. No active row in the ipiaIkeActionTable exists
which has a matching ipiaIkeActName.
II. Or at least one other active row in this table has a
matching ipiaIkeActName. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaIkeProposalTable |
1.3.6.1.2.1.153.4.2.1.10 |
This table contains a list of IKE proposals which are used
in an IKE negotiation. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaIkeProposalEntry |
|
ipiaIkeProposalEntry |
1.3.6.1.2.1.153.4.2.1.10.1 |
One IKE proposal entry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaIkeProposalEntry |
|
|
ipiaIkePropLifetimeDerivedKeys |
1.3.6.1.2.1.153.4.2.1.10.1.1 |
ipiaIkePropLifetimeDerivedKeys specifies the number of
times that a phase 1 key will be used to derive a phase 2
key before the phase 1 security association needs
renegotiated. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipiaIkePropCipherKeyLength |
1.3.6.1.2.1.153.4.2.1.10.1.3 |
This object specifies, in bits, the key length for
the cipher algorithm used in IKE Phase 1 negotiation. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipiaIkePropCipherKeyRounds |
1.3.6.1.2.1.153.4.2.1.10.1.4 |
This object specifies the number of key rounds for
the cipher algorithm used in IKE Phase 1 negotiation. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipiaIkePropHashAlgorithm |
1.3.6.1.2.1.153.4.2.1.10.1.5 |
ipiaIkePropHashAlgorithm specifies the proposed phase 1
security assocation hash algorithm. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IkeHashAlgorithm |
|
|
ipiaIkePropPrfAlgorithm |
1.3.6.1.2.1.153.4.2.1.10.1.6 |
ipPRFAlgorithm specifies the proposed phase 1 security
association psuedo-random function.
Note: currently no prf algorithms are defined. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
reserved(0) |
|
ipiaIkePropVendorId |
1.3.6.1.2.1.153.4.2.1.10.1.7 |
The VendorID property is used to identify vendor-defined
key exchange GroupIDs. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
ipiaIkePropDhGroup |
1.3.6.1.2.1.153.4.2.1.10.1.8 |
This object specifies the proposed phase 1 security
association Diffie-Hellman group |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IkeGroupDescription |
|
|
ipiaIkePropMaxLifetimeSecs |
1.3.6.1.2.1.153.4.2.1.10.1.10 |
ipiaIkePropMaxLifetimeSecs specifies the maximum amount of
time to propose a security association remain valid.
A value of 0 indicates that the default lifetime of
8 hours SHOULD be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipiaIkePropMaxLifetimeKB |
1.3.6.1.2.1.153.4.2.1.10.1.11 |
ipiaIkePropMaxLifetimeKB specifies the maximum kilobyte
lifetime to propose a security association remain valid. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipiaIkePropLastChanged |
1.3.6.1.2.1.153.4.2.1.10.1.12 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaIkePropStorageType |
1.3.6.1.2.1.153.4.2.1.10.1.13 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaIkePropRowStatus |
1.3.6.1.2.1.153.4.2.1.10.1.14 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaIpsecProposalsEntry |
1.3.6.1.2.1.153.4.2.1.11.1 |
An entry containing (possibly a portion of) a proposal. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaIpsecProposalsEntry |
|
|
ipiaIpsecPropPriority |
1.3.6.1.2.1.153.4.2.1.11.1.2 |
The priority level (AKA sequence level) of this proposal.
A lower number indicates a higher precedence (0 before 1,
etc..). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipiaIpsecPropProtocolId |
1.3.6.1.2.1.153.4.2.1.11.1.3 |
The protocol Id for the transforms for this proposal. The
protoIsakmp(1) value is not valid for this object. This
object, along with the ipiaIpsecPropTransformsName, is the
index into the ipiaIpsecTransformsTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecDoiSecProtocolId |
|
|
ipiaIpsecPropLastChanged |
1.3.6.1.2.1.153.4.2.1.11.1.5 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaIpsecPropStorageType |
1.3.6.1.2.1.153.4.2.1.11.1.6 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaIpsecPropRowStatus |
1.3.6.1.2.1.153.4.2.1.11.1.7 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This row MUST NOT be set to active until the corresponding
row(s) in the ipiaIpsecTransformsTable exists and is
active.
If active, this object MUST remain active unless one of the
following two conditions are met. An attempt to set it to
anything other than active while the following conditions
are not met MUST result in an inconsistentValue error. The
two conditions are:
I. No active row in the ipiaIkeActionProposalTable exists
which has a matching ipiaIpsecPropName.
II. Or at least one other active row in this table has a
matching ipiaIpsecPropName. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaIpsecTranType |
1.3.6.1.2.1.153.4.2.1.12.1.1 |
The protocol type for this transform. The protoIsakmp(1)
value is not valid for this object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecDoiSecProtocolId |
|
|
ipiaIpsecTranName |
1.3.6.1.2.1.153.4.2.1.12.1.2 |
The name for this transform or group of transforms. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaIpsecTranPriority |
1.3.6.1.2.1.153.4.2.1.12.1.3 |
The priority level (AKA sequence level) of the this
transform within the group of transforms (0 before 1,
etc...). This indicates the preference for which
algorithms are requested when the list of transforms are
sent to the remote host. A lower number indicates a higher
precedence. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipiaIpsecTranLastChanged |
1.3.6.1.2.1.153.4.2.1.12.1.5 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaIpsecTranStorageType |
1.3.6.1.2.1.153.4.2.1.12.1.6 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaIpsecTranRowStatus |
1.3.6.1.2.1.153.4.2.1.12.1.7 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This row MUST NOT be set to active until the corresponding
row in the ipiaAhTransformTable, ipiaEspTransformTable or
the ipiaIpcompTransformTable exists.
If active, this object MUST remain active unless one of the
following two conditions are met. An attempt to set it to
anything other than active while the following conditions
are not met MUST result in an inconsistentValue error. The
two conditions are:
I. No active row in the IpiaIpsecProposalsTable exists
which has a matching ipiaIpsecPropTransformsName.
II. Or at least one other active row in this table has a
matching ipiaIpsecPropTransformsName. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaIkeIdentityTable |
1.3.6.1.2.1.153.4.2.1.13 |
IKEIdentity is used to represent the identities that are
used for an IPProtocolEndpoint (or collection of
IPProtocolEndpoints) to identify itself in IKE phase 1
negotiations. The column ipiaIkeActIdentityType and
ipiaIkeIdentityContext in an ipiaIkeActionEntry together
with the spdEndGroupInterface in the
spdEndpointToGroupTable specifies the unique identity to
use in a negotiation exchange. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaIkeIdentityEntry |
|
ipiaIkeIdentityEntry |
1.3.6.1.2.1.153.4.2.1.13.1 |
ikeIdentity lists the attributes of an IKE identity. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaIkeIdentityEntry |
|
|
ipiaIkeIdCredentialName |
1.3.6.1.2.1.153.4.2.1.13.1.1 |
This value is used as an index into the
ipiaCredentialFilterTable to look up the actual credential
value and other credential information.
For ID's without associated credential information, this
value is left blank.
For ID's that are address types, this value MAY be left
blank and the associated IPProtocolEndpoint or appropriate
member of the Collection of endpoints is used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipiaIkeIdLastChanged |
1.3.6.1.2.1.153.4.2.1.13.1.2 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaIkeIdStorageType |
1.3.6.1.2.1.153.4.2.1.13.1.3 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaIkeIdRowStatus |
1.3.6.1.2.1.153.4.2.1.13.1.4 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaAutostartIkeTable |
1.3.6.1.2.1.153.4.2.1.14 |
The parameters in the autostart IKE Table are used to
automatically initiate IKE phaes I and II (i.e. IPsec)
negotiations on startup. It also will initiate IKE phase I
and II negotiations for a row at the time of that row's
creation |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaAutostartIkeEntry |
|
ipiaAutostartIkeEntry |
1.3.6.1.2.1.153.4.2.1.14.1 |
autostart ike provides the set of parameters to
automatically start IKE and IPsec SA's. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaAutostartIkeEntry |
|
|
ipiaAutoIkePriority |
1.3.6.1.2.1.153.4.2.1.14.1.1 |
ipiaAutoIkePriority is an index into the autostartIkeAction
table and can be used to order the autostart IKE actions (0
before 1, etc...). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipiaAutoIkeAction |
1.3.6.1.2.1.153.4.2.1.14.1.2 |
This pointer is used to point to the action or compound
action that is initiated by this row. This value
can be used to indicate a scalar or a row in a table. When
indicating a row in a table, this value MUST point to the
first column instance in that row.
If this column is set to a VariablePointer value which
references a non-existent row in an otherwise supported
table or if the table or scalar pointed to by the
VariablePointer is not supported at all, the
inconsistentValue exception MUST be returned.
If during packet processing this column has a value that
references a non-existent or non-supported object, the
packet MUST be dropped. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
ipiaAutoIkeAddressType |
1.3.6.1.2.1.153.4.2.1.14.1.3 |
The property ipiaAutoIkeAddressType specifies the format of
the autoIke source and destination Address values. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
ipiaAutoIkeSourceAddress |
1.3.6.1.2.1.153.4.2.1.14.1.4 |
The property autoIkeSourecAddress specifies Source IP
address for autostarting IKE SA's, formatted according to
the appropriate convention as defined in the
ipiaAutoIkeAddressType property. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipiaAutoIkeSourcePort |
1.3.6.1.2.1.153.4.2.1.14.1.5 |
The property ipiaAutoIkeSourcePort specifies the port
number for the source port for auotstarting IKE SA's.
The value of 0 for this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
ipiaAutoIkeDestAddress |
1.3.6.1.2.1.153.4.2.1.14.1.6 |
The property ipiaAutoIkeDestAddress specifies the
Destination IP address for autostarting IKE SA's, formatted
according to the appropriate convention as defined in the
ipiaAutoIkeAddressType property. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipiaAutoIkeDestPort |
1.3.6.1.2.1.153.4.2.1.14.1.7 |
The property ipiaAutoIkeDestPort specifies the port number
for the destination port for auotstarting IKE SA's.
The value of 0 for this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
ipiaAutoIkeProtocol |
1.3.6.1.2.1.153.4.2.1.14.1.8 |
The property Protocol specifies the protocol number used in
comparing with policy filter entries and used in any phase
2 negotiations. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..255 |
|
ipiaAutoIkeLastChanged |
1.3.6.1.2.1.153.4.2.1.14.1.9 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaAutoIkeStorageType |
1.3.6.1.2.1.153.4.2.1.14.1.10 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaAutoIkeRowStatus |
1.3.6.1.2.1.153.4.2.1.14.1.11 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object MUST NOT be set to active until the object to
which the ipiaAutoIkeAction points to exists and is
active.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaIpsecCredMngServiceTable |
1.3.6.1.2.1.153.4.2.1.15 |
A table of Credential Management Service values. This
table is usually used for credential/certificate values
that are used with a management service (e.g. Certificate
Authorities). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaIpsecCredMngServiceEntry |
|
ipiaIpsecCredMngServiceEntry |
1.3.6.1.2.1.153.4.2.1.15.1 |
A row in the ipiaIpsecCredMngServiceTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaIpsecCredMngServiceEntry |
|
|
ipiaIcmsName |
1.3.6.1.2.1.153.4.2.1.15.1.1 |
This is an administratively assigned string used to index
this table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaIcmsDistinguishedName |
1.3.6.1.2.1.153.4.2.1.15.1.2 |
This value represents the Distinguished Name of the
Credential Management Service. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..256) |
|
ipiaIcmsPolicyStatement |
1.3.6.1.2.1.153.4.2.1.15.1.3 |
This Value represents the Credential Management Service
Policy Statement, or a reference describing how to obtain
it (e.g., a URL). If one doesn't exist, this value can be
left blank |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..1024) |
|
ipiaIcmsMaxChainLength |
1.3.6.1.2.1.153.4.2.1.15.1.4 |
This value is the maximum length of the chain allowble from
the Credential Management Service to the credential in
question. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
ipiaIcmsCredentialName |
1.3.6.1.2.1.153.4.2.1.15.1.5 |
This value is used as an index into the
ipiaCredentialFilterTable to look up the actual credential
value. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipiaIcmsLastChanged |
1.3.6.1.2.1.153.4.2.1.15.1.6 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaIcmsStorageType |
1.3.6.1.2.1.153.4.2.1.15.1.7 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaIcmsRowStatus |
1.3.6.1.2.1.153.4.2.1.15.1.8 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaCredMngCRLTable |
1.3.6.1.2.1.153.4.2.1.16 |
A table of the Credential Revocation Lists (CRL) for
credential managment services. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaCredMngCRLEntry |
|
ipiaCredMngCRLEntry |
1.3.6.1.2.1.153.4.2.1.16.1 |
A row in the ipiaCredMngCRLTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaCredMngCRLEntry |
|
|
ipiaCmcCRLName |
1.3.6.1.2.1.153.4.2.1.16.1.1 |
This is an administratively assigned string used to index
this table. It represents a CRL for a given CA from a given
distribution point. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipiaCmcDistributionPoint |
1.3.6.1.2.1.153.4.2.1.16.1.2 |
This Value represents a Distribution Point for a Credential
Revocation List. It can be relative to the Credential
Management Service or a full name (URL, e-mail, etc...). |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..256) |
|
ipiaCmcThisUpdate |
1.3.6.1.2.1.153.4.2.1.16.1.3 |
This value is the issue date of this CRL. This
SHOULD be in utctime or generalizedtime. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..32) |
|
ipiaCmcNextUpdate |
1.3.6.1.2.1.153.4.2.1.16.1.4 |
This value indicates the date the next version of this CRL
will be issued. This SHOULD be in utctime or
generalizedtime. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..32) |
|
ipiaCmcLastChanged |
1.3.6.1.2.1.153.4.2.1.16.1.5 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaCmcStorageType |
1.3.6.1.2.1.153.4.2.1.16.1.6 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaCmcRowStatus |
1.3.6.1.2.1.153.4.2.1.16.1.7 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaRevokedCertificateTable |
1.3.6.1.2.1.153.4.2.1.17 |
A table of Credentials revoked by credential managment
services. That is, this table is a table of Certificates
that are on CRL's, Credential Revocation Lists. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpiaRevokedCertificateEntry |
|
ipiaRevokedCertificateEntry |
1.3.6.1.2.1.153.4.2.1.17.1 |
A row in the ipiaRevokedCertificateTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpiaRevokedCertificateEntry |
|
|
ipiaRctCertSerialNumber |
1.3.6.1.2.1.153.4.2.1.17.1.1 |
This value is the serial number of the revoked
certificate. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..4294967295 |
|
ipiaRctRevokedDate |
1.3.6.1.2.1.153.4.2.1.17.1.2 |
This value is the revocation date of the certificate. This
SHOULD be in utctime or generaltime. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..32) |
|
ipiaRctRevokedReason |
1.3.6.1.2.1.153.4.2.1.17.1.3 |
This value is the reason this certificate was revoked. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
unspecified(1), keyCompromise(2), cACompromise(3), affiliationChanged(4), superseded(5), cessationOfOperation(6), certificateHold(7), removeFromCRL(8) |
|
ipiaRctLastChanged |
1.3.6.1.2.1.153.4.2.1.17.1.4 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipiaRctStorageType |
1.3.6.1.2.1.153.4.2.1.17.1.5 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipiaRctRowStatus |
1.3.6.1.2.1.153.4.2.1.17.1.6 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipiaGroups |
1.3.6.1.2.1.153.4.2.3.2 |
OBJECT IDENTIFIER |
|
|
|
ipiaIKECompliance |
1.3.6.1.2.1.153.4.2.3.1.1 |
The compliance statement for SNMP entities that include an
IPsec MIB implementation and supports IKE actions.
-- OBJECT ipiaAutoIkeAddressType
-- SYNTAX InetAddreessType { ipv4(1), ipv6(2) }
-- DESCRIPTION
-- Only support for global IPv4 and IPv6 address
-- types is required.
--
-- OBJECT ipiaAutoIkeSourceAddress
-- SYNTAX InetAddress (SIZE(4|16))
-- DESCRIPTION
-- Only support for global IPv4 and IPv6 address
-- types is required.
-- OBJECT ipiaAutoIkeDestAddress
-- SYNTAX InetAddress (SIZE(4|16))
-- DESCRIPTION
-- Only support for global IPv4 and IPv6 address
-- types is required.
-- |
Status: current |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
ipiaRuleFilterCompliance |
1.3.6.1.2.1.153.4.2.3.1.2 |
The compliance statement for SNMP entities that include an
IKEACTION MIB implementation with IKE filters support. |
Status: current |
Access: not-accessible |
MODULE-COMPLIANCE |
|
|
|
ipiaStaticFilterGroup |
1.3.6.1.2.1.153.4.2.3.2.1 |
The static filter group. Currently this is just a true
filter. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipiaCredentialFilterGroup |
1.3.6.1.2.1.153.4.2.3.2.2 |
This group is made up of objects from the IPsec Policy
Credential Filter Table. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipiaPeerIdFilterGroup |
1.3.6.1.2.1.153.4.2.3.2.3 |
This group is made up of objects from the IPsec Policy Peer
Identity Filter Table. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipiaStaticActionGroup |
1.3.6.1.2.1.153.4.2.3.2.4 |
This group is made up of IPsec Policy Static Actions
objects. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipiaIkeGroup |
1.3.6.1.2.1.153.4.2.3.2.5 |
This group is the set of objects that support IKE
actions. These objects are from The IPsec Policy IKE
Action Table, The IKE Action Proposals Table, The IKE
Proposal Table, The autostart IKE Table and The IKE
Identity Table, The Peer Identity Table, The Credential
Management Service Table, and the shared table Negotiation
Parameters Table (from the IPSEC-IPSECACTION-MIB. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipiaIpsecGroup |
1.3.6.1.2.1.153.4.2.3.2.6 |
This group is the set of objects that support IPsec
actions. These objects are from The IPsec Policy IPsec
Actions Table, The IPsec Proposal Table, and The IPsec
Transform Table. This group also includes objects from the
shared tables: Peer Identity Table, Credential Table,
Negotiation Parameters Table, Credential Management Service
Table and the AH, ESP, and IPComp Transform Table. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|