smilint output for ./IKE-MON-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| error | 4 |
| minor error | 4 |
| warning | 8 |
| fyi | 1 |
| Message Types |
|---|
| Type | Count |
|---|
| date-value (error) | 4 |
| date-year-2digits (warning) | 4 |
| group-unref (warning) | 1 |
| identifier-external-case-match (warning) | 1 |
| node-implicit (warning) | 2 |
| previous-definition (fyi) | 1 |
| revision-after-update (minor error) | 1 |
| revision-missing (minor error) | 1 |
| revision-not-descending (minor error) | 2 |
Messages:
/home/fenner/mibindex/latest2/IPSEC-ISAKMP-IKE-DOI-TC
1: -- extracted from draft-ietf-ipsec-doi-tc-mib-07.txt
2: -- at Tue Mar 4 06:12:22 2003
3:
4: IPSEC-ISAKMP-IKE-DOI-TC DEFINITIONS ::= BEGIN
5:
6: IMPORTS
7: -- delete next line before release
8: experimental,
9: MODULE-IDENTITY, Unsigned32 FROM SNMPv2-SMI
10: -- uncomment next line before release
11: -- mib-2 FROM RFC1213-MIB
12: TEXTUAL-CONVENTION FROM SNMPv2-TC;
13:
14: ianaIPsecIsakmpIkeDoiTcMib MODULE-IDENTITY
15: LAST-UPDATED "200302271543Z"
16: ORGANIZATION "Sockeye Networks"
17: CONTACT-INFO "John Shriver
18: Sockeye Networks
19: 52 Second Ave., Suite 100
20: Waltham, MA 02451
21:
22: Phone:
23: +1-781-693-7067
24:
25: E-mail:
26: jshriver+ietf@sockeye.com"
27:
28: DESCRIPTION "The MIB module which defines the textual conventions
29: used in IPsec MIBs. This includes Internet DOI
30: numbers defined in RFC 2407, ISAKMP numbers defined
31: in RFC 2408, and IKE numbers defined in RFC 2409.
32:
33: These Textual Conventions are defined in a separate
34: MIB module since they are protocol numbers managed
35: by the IANA. Revision control after publication
36: will be under the authority of the IANA.
37:
38: Copyright (C) The Internet Society (2003). This
39: version of this MIB module is part of RFC XXXX; see
40: the RFC itself for full legal notices."
41: REVISION "200302271543Z"
42: -- replace XXX in next line before release
43: DESCRIPTION "Initial revision, published as RFC XXXX."
44:
45: -- replace xxx in next line before release, uncomment before release
46: -- ::= { mib-2 xxx }
47: -- delete next line before release
48: ::= { experimental 100 }
49:
50: -- The first group of textual conventions are based on definitions
51: -- in the IPsec DOI, RFC 2407.
52:
53: IpsecDoiSituation ::= TEXTUAL-CONVENTION
54: DISPLAY-HINT "x"
55: STATUS current
56: DESCRIPTION "The IPsec DOI Situation provides information that
57: can be used by the responder to make a policy
58: determination about how to process the incoming
59: Security Association request.
60:
61: It is a four (4) octet bitmask, with the following
62: values:
63:
64: sitIdentityOnly 0x01
65: sitSecrecy 0x02
66: sitIntegrity 0x04
67:
68: The upper two bits (0x80000000 and 0x40000000) are
69: reserved for private use amongst cooperating
70: systems."
71: REFERENCE "RFC 2407 sections 4.2 and 6.2"
72: SYNTAX Unsigned32 (0..4294967295)
73: -- The syntax is not BITS, because we want the representation
74: -- to be the same here as it is in the ISAKMP/IKE protocols.
75:
76:
77: IpsecDoiSecProtocolId ::= TEXTUAL-CONVENTION
78: STATUS current
79: DESCRIPTION "These are the IPsec DOI values for the Protocol-Id
80: field in an ISAKMP Proposal Payload, and in all
81: Notification Payloads.
82:
83: They are also used as the Protocol-ID In the
84: Notification Payload and the Delete Payload.
85:
86: The values 249-255 are reserved for private use
87: amongst cooperating systems."
88: REFERENCE "RFC 2407 section 4.4.1"
89: SYNTAX INTEGER {
90: reserved(0), -- reserved in DOI
91: protoIsakmp(1), -- message protection
92: -- required during Phase I
93: -- of the IKE protocol
94: protoIpsecAh(2), -- IP packet authentication
95: -- via Authentication Header
96: protoIpsecEsp(3), -- IP packet confidentiality
97: -- via Encapsulating
98: -- Security Payload
99: protoIpcomp(4) -- IP payload compression
100: }
101:
102: IpsecDoiTransformIdent ::= TEXTUAL-CONVENTION
103: STATUS current
104: DESCRIPTION "The values of the IPsec DOI ISAKMP Transform
105: Identifier which identify a key exchange protocol
106: to be used for the negotiation. It is used in the
107: Transform-Id field of an IKE Phase I Transform
108: Payload.
109:
110: The values 249-255 are reserved for private use
111: amongst cooperating systems."
112: REFERENCE "RFC 2407 sections 4.4.2 and 6.3"
113: SYNTAX INTEGER {
114: reserved(0), -- reserved in DOI
115: keyIke(1) -- the hybrid ISAKMP/Oakley
116: -- Diffie-Hellman key
117: -- exchange
118: }
119:
120: IpsecDoiAhTransform ::= TEXTUAL-CONVENTION
121: STATUS current
122: DESCRIPTION "The values of the IPsec DOI AH Transform Identifier
123: which identify a particular algorithm to be
124: used to provide integrity protection for AH. It is
125: used in the Tranform-ID field of a ISAKMP Transform
126: Payload for the IPsec DOI, when the Protocol-Id of
127: the associated Proposal Payload is 2 (AH).
128:
129: The values 249-255 are reserved for private use
130: amongst cooperating systems."
131: REFERENCE "RFC 2407 sections 4.4.3 and 6.4,
132: IANA,
133: RFC 2857"
134: SYNTAX INTEGER {
135: reserved(0), -- reserved in DOI
136: reserved1(1), -- reserved
137: ahMd5(2), -- generic AH transform
138: -- using MD5
139: ahSha(3), -- generic AH transform
140: -- using SHA-1
141: ahDes(4), -- generic AH transform
142: -- using DES
143: ahSha256(5), -- generic AH transform
144: -- using SHA-256
145: ahSha384(6), -- generic AH transform
146: -- using SHA-384
147: ahSha512(7), -- generic AH transform
148: -- using SHA-512
149: ahRipemd(8) -- generic AH transform
150: -- using HMAC-RIPEMD-160-96
151: -- RFC 2857
152: }
153:
154: IpsecDoiEspTransform ::= TEXTUAL-CONVENTION
155: STATUS current
156: DESCRIPTION "The values of the IPsec DOI ESP Transform Identifier
157: which identify a particular algorithm to be used to
158: provide secrecy protection for ESP. It is used in
159: the Tranform-ID field of a ISAKMP Transform Payload
160: for the IPsec DOI, when the Protocol-Id of the
161: associated Proposal Payload is 2 (AH), 3 (ESP),
162: and 4 (IPCOMP).
163:
164: The values 249-255 are reserved for private use
165: amongst cooperating systems."
166: REFERENCE "RFC 2407 sections 4.4.4 and 6.5,
167: IANA"
168: SYNTAX INTEGER {
169: none(0), -- reserved in DOI, used
170: -- in MIBs to reflect no
171: -- encryption used
172: espDesIv64(1), -- DES-CBC transform defined
173: -- in RFC 1827 and RFC 1829
174: -- using a 64-bit IV
175: espDes(2), -- generic DES transform
176: -- using DES-CBC
177: esp3Des(3), -- generic triple-DES
178: -- transform
179: espRc5(4), -- RC5 transform
180: espIdea(5), -- IDEA transform
181: espCast(6), -- CAST transform
182: espBlowfish(7), -- BLOWFISH transform
183: esp3Idea(8), -- reserved for triple-IDEA
184: espDesIv32(9), -- DES-CBC transform defined
185: -- in RFC 1827 and RFC 1829
186: -- using a 32-bit IV
187: espRc4(10), -- reserved for RC4
188: espNull(11), -- no confidentiality
189: -- provided by ESP
190: espAes(12) -- NIST AES transform
191: }
192:
193: IpsecDoiAuthAlgorithm ::= TEXTUAL-CONVENTION
194: STATUS current
195: DESCRIPTION "The ESP Authentication Algorithm used in the IPsec
196: DOI as a SA Attributes definition in the Transform
197: Payload of Phase II of an IKE negotiation. This
198: set of values defines the AH authentication
199: algorithm, when the associated Proposal Payload has
200: a Protocol-ID of 2 (AH). This set of values
201: defines the ESP authentication algorithm, when the
202: associated Proposal Payload has a Protocol-ID
203: of 3 (ESP).
204:
205: Unused values <= 61439 are reserved to IANA.
206:
207: Values 61440-65535 are for private use.
208:
209: In a MIB, a value of 0 indicates that ESP
210: has been negotiated without authentication."
211: REFERENCE "RFC 2407 section 4.5,
212: RFC 2407 section 4.4.3.1,
213: RFC 1826,
214: IANA,
215: RFC 2857"
216: SYNTAX INTEGER {
217: none(0), -- reserved in DOI, used
218: -- in MIBs to reflect no
219: -- encryption used
220: hmacMd5(1), -- hashed MAC using MD5
221: hmacSha(2), -- hashed MAC using SHA-1
222: desMac(3), -- DES MAC
223: kpdk(4), -- RFC 1826
224: -- Key/Pad/Data/Key
225: hmacSha256(5), -- hashed MAC using SHA-256
226: hmacSha384(6), -- hashed MAC using SHA-384
227: hmacSha512(7), -- hashed MAC using SHA-512
228: hamcRipemd(8) -- hashed MAC using
229: -- RIPEMD-160-96
230: }
231:
232: IpsecDoiIpcompTransform ::= TEXTUAL-CONVENTION
233: STATUS current
234: DESCRIPTION "The IPsec DOI IPCOMP Transform Identifier is an
235: 8-bit value which identifies a particular algorithm
236: to be used to provide IP-level compression before
237: ESP. It is used in the Tranform-ID field of a ISAKMP
238: Transform Payload for the IPsec DOI, when the
239: Protocol-Id of the associated Proposal Payload
240: is 4 (IPCOMP).
241:
242: The values 1-47 are reserved for algorithms for which
243: an RFC has been approved for publication.
244: The values 48-63 are reserved for private use amongst
245: cooperating systems.
246:
247: The values 64-255 are reserved for future expansion."
248: REFERENCE "RFC 2407 sections 4.4.5 and 6.6,
249: RFC 3051"
250: SYNTAX INTEGER {
251: reserved(0), -- reserved in DOI
252: ipcompOui(1), -- proprietary compression
253: -- transform
254: ipcompDeflate(2), -- "zlib" deflate algorithm
255: ipcompLzs(3), -- Stac Electronics LZS
256: ipcompLzjh(4) -- ITU-T V.44 packet method
257: }
258:
259: IpsecDoiEncapsulationMode ::= TEXTUAL-CONVENTION
260: STATUS current
261: DESCRIPTION "The Encapsulation Mode used as an IPsec DOI
262: SA Attributes definition in the Transform Payload
263: of a Phase II IKE negotiation. This set of
264: values defines encapsulation modes used for AH,
265: ESP, and IPCOMP when the associated Proposal Payload
266: has a Protocol-ID of 3 (ESP).
267:
268: Unused values <= 61439 are reserved to IANA.
269:
270: Values 61440-65535 are for private use."
271: SYNTAX INTEGER {
272: reserved(0), -- reserved in DOI
273: tunnel(1),
274: transport(2)
275: }
276:
277: IpsecDoiIdentType ::= TEXTUAL-CONVENTION
278: STATUS current
279: DESCRIPTION "The IPsec DOI Identification Type is an 8-bit value
280: which is used in the ID Type field as a discriminant
281: for interpretation of the variable-length
282: Identification Payload.
283:
284: The values 249-255 are reserved for private use
285: amongst cooperating systems."
286: REFERENCE "RFC 2407 sections 4.4.5, 4.6.2.1, and 6.9"
287: SYNTAX INTEGER {
288: reserved(0), -- reserved in DOI
289: idIpv4Addr(1), -- a single four (4) octet
290: -- IPv4 address
291:
292: idFqdn(2), -- fully-qualified domain
293: -- name string
294: idUserFqdn(3), -- fully-qualified username
295: -- string
296: idIpv4AddrSubnet(4),
297: -- a range of IPv4 addresses,
298: -- represented by two
299: -- four (4) octet values,
300: -- where the first is an
301: -- address and the second
302: -- is a mask
303: idIpv6Addr(5), -- a single sixteen (16)
304: -- octet IPv6 address
305: idIpv6AddrSubnet(6),
306: -- a range of IPv6 addresses,
307: -- represented by two
308: -- sixteen (16) octet values,
309: -- where the first is an
310: -- address and the second
311: -- is a mask
312: idIpv4AddrRange(7), -- a range of IPv4 addresses,
313: -- represented by two
314: -- four (4) octet values,
315: -- where the first is the
316: -- beginning IPv4 address
317: -- and the second is the
318: -- ending IPv4 address
319: idIpv6AddrRange(8), -- a range of IPv6 addresses,
320: -- represented by two
321: -- sixteen (16) octet values,
322: -- where the first is the
323: -- beginning IPv6 address
324: -- and the second is the
325: -- ending IPv6 address
326: idDerAsn1Dn(9), -- the binary DER encoding of
327: -- ASN1 X.500
328: -- DistinguishedName
329: idDerAsn1Gn(10), -- the binary DER encoding of
330: -- ASN1 X.500 GeneralName
331: idKeyId(11) -- opaque byte stream which
332: -- may be used to pass
333: -- vendor-specific
334: -- information
335: }
336:
337: -- The second group of textual conventions are based on defintions
338: -- the ISAKMP protocol, RFC 2408.
339: IsakmpDOI ::= TEXTUAL-CONVENTION
340: STATUS current
341: DESCRIPTION "These are the domain of interpretation values for
342: the ISAKMP Protocol. They are a 32-bit value
343: used in the Domain of Interpretation field of the
344: Security Association Payload.
345:
346: Unused values <= 4294967295 are reserved to
347: the IANA."
348: REFERENCE "RFC 2048 section 3.4."
349: SYNTAX INTEGER {
350: isakmp(0), -- generic ISAKMP SA in
351: -- Phase 1, which can be
352: -- used for any protocol
353: -- in Phase 2
354: ipsecDOI(1) -- the IPsec DOI as
355: -- specified in RFC 2407
356: }
357:
358: IsakmpCertificateEncoding ::= TEXTUAL-CONVENTION
359: STATUS current
360: DESCRIPTION "These are the values for the types of
361: certificate-related information contained in the
362: Certificate Data field of a Certificate Payload.
363: They are used in the Cert Encoding field of the
364: Certificate Payload.
365:
366: Values 11-255 are reserved."
367: REFERENCE "RFC 2408 section 3.9"
368: SYNTAX INTEGER {
369: pkcs7(1), -- PKCS #7 wrapped
370: -- X.509 certificate
371: pgp(2), -- PGP Certificate
372: dnsSignedKey(3), -- DNS Signed Key
373: x509Signature(4), -- X.509 Certificate:
374: -- Signature
375: x509KeyExchange(5), -- X.509 Certificate:
376: -- Key Exchange
377: kerberosTokens(6), -- Kerberos Tokens
378: crl(7), -- Certificate Revocation
379: -- List (CRL)
380: arl(8), -- Authority Revocation
381: -- List (ARL)
382: spki(9), -- SPKI Certificate
383: x509Attribute(10) -- X.509 Certificate:
384: -- Attribute
385: }
386:
387: IsakmpExchangeType ::= TEXTUAL-CONVENTION
388: --
389: -- When revising IsakmpExchangeType, consider revising
390: -- IkeExchangeType as well.
391: --
392: STATUS current
393: DESCRIPTION "These are the values used for the exchange types in
394: the ISAKMP header.
395:
396: Values up to 31 are reserved for future
397: DOI-independent assignment for ISAKMP.
398:
399: The values 240-255 are reserved for private use
400: amongst cooperating systems."
401: REFERENCE "RFC 2408 section 3.1"
402: SYNTAX INTEGER {
403: reserved(0),
404: base(1), -- base mode
405: identityProtect(2), -- identity protection
406: authOnly(3), -- authentication only
407: aggressive(4), -- aggressive mode
408: informational(5) -- informational
409: }
410:
411: IsakmpNotifyMessageType ::= TEXTUAL-CONVENTION
412: --
413: -- If you change this, you probably want to
414: -- change IkeNotifyMessageType.
415: --
416: STATUS current
417: DESCRIPTION "These are the values for the types of notification
418: messages. They are used as the Notify Message Type
419: field in the Notification Payload.
420:
421: This textual convention merges the types
422: for error types (in the range 1-16386) and for
423: notification types (in the range 16384-65535).
424:
425: The values 16001-16383 are reserved for private use
426: as error types amongst cooperating systems.
427:
428: The values 24576-32767 are reserved for use in
429: each DOI. Each DOI should have a clone of this
430: textual convention adding local values.
431:
432: The values 32768-40958 are reserved for private use
433: as notification types amongst cooperating systems."
434:
435: REFERENCE "RFC 2408 section 3.14.1"
436: SYNTAX INTEGER {
437:
438: -- Values defined for errors in ISAKMP
439: --
440: reserved(0), -- reserved in DOI
441: invalidPayloadType(1),
442: doiNotSupported(2),
443: situationNotSupported(3),
444: invalidCookie(4),
445: invalidMajorVersion(5),
446: invalidMinorVersion(6),
447: invalidExchangeType(7),
448: invalidFlags(8),
449: invalidMessageId(9),
450: invalidProtocolId(10),
451: invalidSpi(11),
452: invalidTransformId(12),
453: attributesNotSupported(13),
454: noProposalChosen(14),
455: badProposalSyntax(15),
456: payloadMalformed(16),
457: invalidKeyInformation(17),
458: invalidIdInformation(18),
459: invalidCertEncoding(19),
460: invalidCertificate(20),
461: certTypeUnsupported(21),
462: invalidCertAuthority(22),
463: invalidHashInformation(23),
464: authenticationFailed(24),
465: invalidSignature(25),
466: addressNotification(26),
467: notifySaLifetime(27),
468: certificateUnavailable(28),
469: unsupportedExchangeType(29),
470: unequalPayloadLengths(30),
471:
472: -- values defined for errors in IPsec DOI
473: -- (none)
474:
475: -- values defined for notification in ISAKMP
476: --
477: connected(16384)
478:
479: -- values defined for notification in
480: -- each DOI (clone this TC)
481: }
482:
483: -- The third group of textual conventions are based on defintions
484: -- the IKE key exchange protocol, RFC 2409.
485:
486: IkeExchangeType ::= TEXTUAL-CONVENTION
487: STATUS current
488: DESCRIPTION "These are the values used for the exchange types in
489: the ISAKMP header.
490:
491: The values 32-239 are DOI-specific, these values are
492: for the IPsec DOI used by IKE.
493:
494: The values 240-255 are reserved for private use
495: amongst cooperating systems."
496: REFERENCE "RFC 2409 Appendix A"
497: SYNTAX INTEGER {
498: reserved(0),
499: base(1), -- base mode
500: mainMode(2), -- main mode
501: authOnly(3), -- authentication only
502: aggressive(4), -- aggressive mode
503: informational(5), -- informational
504: reservedDontUse(6), -- reserved, not to be used
505: quickMode(32), -- quick mode
506: newGroupMode(33) -- new group mode
507: }
508:
509: IkeEncryptionAlgorithm ::= TEXTUAL-CONVENTION
510: STATUS current
511: DESCRIPTION "Values for encryption algorithms negotiated
512: for the ISAKMP SA by IKE in Phase I. These are
513: values for SA Attrbute type Encryption
514: Algorithm (1).
515:
516: Unused values <= 65000 are reserved to IANA.
517:
518: Values 65001-65535 are for private use among
519: mutually consenting parties."
520: REFERENCE "RFC 2409 appendix A,
521: IANA"
522: SYNTAX INTEGER {
523: reserved(0), -- reserved in IKE
524: desCbc(1), -- RFC 2405
525: ideaCbc(2),
526: blowfishCbc(3),
527: rc5R16B64Cbc(4), -- RC5 R16 B64 CBC
528: tripleDesCbc(5), -- 3DES CBC
529: castCbc(6),
530: aesCbc(7)
531: }
532:
533: IkeHashAlgorithm ::= TEXTUAL-CONVENTION
534: STATUS current
535: DESCRIPTION "Values for hash algorithms negotiated
536: for the ISAKMP SA by IKE in Phase I. These are
537: values for SA Attrbute type Hash Algorithm (2).
538:
539: Unused values <= 65000 are reserved to IANA.
540:
541: Values 65001-65535 are for private use among
542: mutually consenting parties."
543: REFERENCE "RFC 2409 appendix A,
544: IANA"
545: SYNTAX INTEGER {
546: reserved(0), -- reserved in IKE
547: md5(1), -- RFC 1321
548: sha(2), -- FIPS 180-1
549: tiger(3),
550: sha256(4),
551: sha384(5),
552: sha512(6)
553: }
554:
555: IkeAuthMethod ::= TEXTUAL-CONVENTION
555: fyi -
info: previous definition of `IkeAuthMethod'
556: STATUS current
557: DESCRIPTION "Values for authentication methods negotiated
558: for the ISAKMP SA by IKE in Phase I. These are
559: values for SA Attrbute type Authentication
560: Method (3).
561:
562: Unused values <= 65000 are reserved to IANA.
563:
564: Values 65001-65535 are for private use among
565: mutually consenting parties."
566: REFERENCE "RFC 2409 appendix A,
567: IANA"
568: SYNTAX INTEGER {
569: reserved(0), -- reserved in IKE
570: preSharedKey(1),
571: dssSignatures(2),
572: rsaSignatures(3),
573: encryptionWithRsa(4),
574: revisedEncryptionWithRsa(5),
575: reservedDontUse6(6), -- not to be used
576: reservedDontUse7(7), -- not to be used
577: ecdsaSignatures(8)
578: }
579:
580: IkeGroupDescription ::= TEXTUAL-CONVENTION
581: STATUS current
582: DESCRIPTION "Values for Oakley key computation groups for
583: Diffie-Hellman exchange negotiated for the ISAKMP
584: SA by IKE in Phase I. They are also used in Phase II
585: when perfect forward secrecy is in use. These are
586: values for SA Attrbute type Group Description (4).
587:
588: Unused values <= 32767 are reserved to IANA.
589:
590: Values 32768-65535 are for private use among
591: mutually consenting parties."
592: REFERENCE "RFC 2409 appendix A,
593: IANA"
594: SYNTAX INTEGER {
595: none(0), -- reserved in IKE, used
596: -- in MIBs to reflect that
597: -- none of the predefined
598: -- groups are used
599: modp768(1), -- default 768-bit MODP group
600: modp1024(2), -- alternate 1024-bit MODP
601: -- group
602: ec2nGF155(3), -- EC2N group on Galois
603: -- Field GF[2^155]
604: ec2nGF185(4), -- EC2N group on Galois
605: -- Field GF[2^185]
606: ec2nGF163Random(6), -- EC2N group on Galois
607: -- Field GF[2^163],
608: -- random seed
609: ec2nGF163Koblitz(7),
610: -- EC2N group on Galois
611: -- Field GF[2^163],
612: -- Koblitz curve
613: ec2nGF283Random(8), -- EC2N group on Galois
614: -- Field GF[2^283],
615: -- random seed
616: ec2nGF283Koblitz(9),
617: -- EC2N group on Galois
618: -- Field GF[2^283],
619: -- Koblitz curve
620: ec2nGF409Random(10),
621: -- EC2N group on Galois
622: -- Field GF[2^409],
623: -- random seed
624:
625: ec2nGF409Koblitz(11),
626: -- EC2N group on Galois
627: -- Field GF[2^409],
628: -- Koblitz curve
629: ec2nGF571Random(12),
630: -- EC2N group on Galois
631: -- Field GF[2^571],
632: -- random seed
633: ec2nGF571Koblitz(13)
634: -- EC2N group on Galois
635: -- Field GF[2^571],
636: -- Koblitz curve
637: }
638:
639: IkeGroupType ::= TEXTUAL-CONVENTION
640: STATUS current
641: DESCRIPTION "Values for Oakley key computation group types
642: negotiated for the ISAKMP SA by IKE in Phase I.
643: They are also used in Phase II when perfect forward
644: secrecy is in use. These are values for SA Attribute
645: type Group Type (5)."
646: REFERENCE "RFC 2409 appendix A"
647: SYNTAX INTEGER {
648: reserved(0), -- reserved in IKE
649: modp(1), -- modular eponentiation
650:
651: -- group
652: ecp(2), -- elliptic curve group over
653: -- Galois Field GF[P]
654: ec2n(3) -- elliptic curve group over
655: -- Galois Field GF[2^N]
656: }
657:
658: IkePrf ::= TEXTUAL-CONVENTION
659: DISPLAY-HINT "d"
660: STATUS current
661: DESCRIPTION "Values for Pseudo-Random Functions used with
662: with the hash algorithm negotiated for the ISAKMP SA
663: by IKE in Phase I. There are currently no
664: pseudo-random functions defined, the default HMAC is
665: always used. These are values for SA Attribute type
666: PRF (13).
667:
668: Unused values <= 65000 are reserved to IANA.
669:
670: Values 65001-65535 are for private use among
671: mutually consenting parties."
672:
673: REFERENCE "RFC 2409 appendix A"
674: SYNTAX Unsigned32 (0..65535)
675:
676: IkeNotifyMessageType ::= TEXTUAL-CONVENTION
677: STATUS current
678: DESCRIPTION "These are the values for the types of notification
679: messages. They are used as the Notify Message Type
680: field in the Notification Payload.
681:
682: This textual convention merges the types
683: for error types (in the range 1-16386) and for
684: notification types (in the range 16384-65535).
685:
686: This textual convention is a merge of values
687: defined by ISAKMP with the additional values
688: defined in the IPsec DOI.
689:
690: The values 16001-16383 are reserved for private use
691: as error types amongst cooperating systems.
692:
693: The values 32001-32767 are reserved for private use
694: as notification types amongst cooperating systems."
695: REFERENCE "RFC 2408 section 3.14.1 and RFC 2407 sections 4.6.3
696: and 6.10"
697: SYNTAX INTEGER {
698:
699: -- Values defined for errors in ISAKMP
700: --
701: unknown(0), -- reserved in DOI
702: -- used for unknown in MIBs
703: invalidPayloadType(1),
704: doiNotSupported(2),
705: situationNotSupported(3),
706: invalidCookie(4),
707: invalidMajorVersion(5),
708: invalidMinorVersion(6),
709: invalidExchangeType(7),
710: invalidFlags(8),
711: invalidMessageId(9),
712: invalidProtocolId(10),
713: invalidSpi(11),
714: invalidTransformId(12),
715: attributesNotSupported(13),
716: noProposalChosen(14),
717: badProposalSyntax(15),
718: payloadMalformed(16),
719: invalidKeyInformation(17),
720: invalidIdInformation(18),
721: invalidCertEncoding(19),
722: invalidCertificate(20),
723: certTypeUnsupported(21),
724: invalidCertAuthority(22),
725: invalidHashInformation(23),
726: authenticationFailed(24),
727: invalidSignature(25),
728: addressNotification(26),
729: notifySaLifetime(27),
730: certificateUnavailable(28),
731: unsupportedExchangeType(29),
732: unequalPayloadLengths(30),
733:
734: -- values defined for errors in IPsec DOI
735: -- (none)
736:
737: -- values defined for notification in ISAKMP
738: -- (none)
739:
740: -- values defined for notification in IPsec
741: -- DOI
742: responderLifetime(24576),
743: -- used to communicate IPsec
744: -- SA lifetime chosen by the
745: -- responder
746:
747: replayStatus(24577),
748: -- used for positive
749: -- confirmation of the
750: -- responder's election on
751: -- whether or not he is to
752: -- perform anti-replay
753: -- detection
754:
755: initialContact(24578)
756: -- used when one side wishes
757: -- to inform the other that
758: -- this is the first SA being
759: -- established with the
760: -- remote system
761: }
762: END
763:
764: --
765: -- Copyright (C) The Internet Society (2003). All Rights Reserved.
766: --
767: -- This document and translations of it may be copied and furnished to
768: -- others, and derivative works that comment on or otherwise explain it
769: -- or assist in its implementation may be prepared, copied, published
770: -- and distributed, in whole or in part, without restriction of any
771: -- kind, provided that the above copyright notice and this paragraph are
772: -- included on all such copies and derivative works. However, this
773: -- document itself may not be modified in any way, such as by removing
774: -- the copyright notice or references to the Internet Society or other
775: -- Internet organizations, except as needed for the purpose of
776: -- developing Internet standards in which case the procedures for
777: -- copyrights defined in the Internet Standards process must be
778: -- followed, or as required to translate it into languages other than
779: -- English.
780: --
781: -- The limited permissions granted above are perpetual and will not be
782: -- revoked by the Internet Society or its successors or assigns.
783: --
784: -- This document and the information contained herein is provided on an
785: -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
786: -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
787: -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
788: -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
789: -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
790: --
791: -- Expires August 2003
792:
IKE-MON-MIB
1: -- extracted from draft-ietf-ipsec-ike-monitor-mib-04.txt
2: -- at Tue Apr 22 06:12:45 2003
3:
4: IKE-MON-MIB DEFINITIONS ::= BEGIN
5:
6: IMPORTS
7:
8: MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64,
9: Unsigned32, Gauge32, OBJECT-IDENTITY,
10: experimental, NOTIFICATION-TYPE
11: FROM SNMPv2-SMI
12: TruthValue FROM SNMPv2-TC
13: InetAddressType, InetAddress
14: FROM INET-ADDRESS-MIB
15: IpsecRawId, selectorIndex FROM IPSEC-SA-MON-MIB
16: saLocalIpAddressType, saLocalIpAddress, saRemoteIpAddressType,
17: saRemoteIpAddress, saInitiatorCookie, saResponderCookie,
18: IsakmpCookie, localIpAddressType, localIpAddress, localUdpPort,
19: remoteIpAddressType, remoteIpAddress, remoteUdpPort
20: FROM ISAKMP-DOI-IND-MON-MIB
21: IpsecDoiIdentType, IkeAuthMethod, IkeEncryptionAlgorithm,
22: IkeGroupDescription, IkePrf, IkeNotifyMessageType,
23: IkeHashAlgorithm, IpsecDoiTransformIdent, IkeExchangeType,
24: IpsecDoiSecProtocolId FROM IPSEC-ISAKMP-IKE-DOI-TC
25: OBJECT-GROUP, NOTIFICATION-GROUP, MODULE-COMPLIANCE
26: FROM SNMPv2-CONF;
27:
28: ikeMonModule MODULE-IDENTITY
29: LAST-UPDATED "0110031200Z"
29: warning -
warning: date specification `0110031200Z' contains a two-digit year representing `1901'
29: error -
date specification `0110031200Z' contains an illegal value
30: ORGANIZATION "IETF IPsec Working Group"
31: CONTACT-INFO
32: " Tim Jenkins
33: Catena Networks
34: 307 Legget Drive
35: Kanata, ON
36: Canada
37: K2K 3C8
38: +1 (613) 599-6430
39: tjenkins@catena.com
40:
41: John Shriver
42: Intel Corporation
43: 28 Crosby Drive Bedford, MA
44: 01730
45: +1 (781) 687-1329
46: John.Shriver@intel.com
47: "
48: DESCRIPTION
49: "The MIB module to describe IKE phase 1 SAs, security
50: association suites, and entity level objects and events for
51: those types."
52:
53: REVISION "9910211200Z"
53: minor error -
revision date after last update
54: DESCRIPTION
55: "Initial revision."
56:
57: REVISION "0007101200Z"
57: warning -
warning: date specification `0007101200Z' contains a two-digit year representing `1900'
57: error -
date specification `0007101200Z' contains an illegal value
58: DESCRIPTION
59: "Group and compliance statements added.
60: Endpoint table added and used in place of explicit phase 1
61: IDs.
62: Selector table from IPsec Monitoring MIB used in place of
63: explicit selectors.
64: Replaced addresses with types from INET-ADDRESS-MIB.
65: Added IANA assigned experimental number of 106.
66: Changes to notify parameters.
67: More text pictures."
68:
69: REVISION "0102071200Z"
69: warning -
warning: date specification `0102071200Z' contains a two-digit year representing `1901'
69: error -
date specification `0102071200Z' contains an illegal value
69: minor error -
revision not in reverse chronological order
70: DESCRIPTION
71: "Change MAX-ACCESS clause of index objects to
72: not-accessible. This lead to other changes due to
73: restrictions on the use of objects with MAX-ACCESS clause
74: values of not-accessible."
75:
76: REVISION "0110031200Z"
76: warning -
warning: date specification `0110031200Z' contains a two-digit year representing `1901'
76: error -
date specification `0110031200Z' contains an illegal value
76: minor error -
revision not in reverse chronological order
77: DESCRIPTION
78: "A number of typo errors corrected. Also:
79: -- descriptions of suiteOakleyGroupDesc and
80: suiteOakleyGroup enhanced
81: -- change kilobytes to Kilobytes and make it 1024 bytes
82: -- used plurals for some counter object names"
83:
84: -- replace xxx in next line before release, uncomment before release
85: -- ::= { mib-2 xxx }
86: -- delete next line before release
87: ::= { experimental 106 }
87: minor error -
revision for last update is missing
88:
89:
90: ikeMonMIBObjects OBJECT-IDENTITY
91: STATUS current
92: DESCRIPTION
93: "This is the base object identifier for all IKE monitoring
94: MIB branches."
95: ::= { ikeMonModule 1 }
96:
97: --
98: -- significant branches
99: --
100:
101: ikePhase1Objects OBJECT-IDENTITY
102: STATUS current
103: DESCRIPTION
104: "This is the base object identifier for IKE phase 1
105: objects."
106: ::= { ikeMonMIBObjects 1 }
107:
108: ikePhase2Objects OBJECT-IDENTITY
109: STATUS current
110: DESCRIPTION
111: "This is the base object identifier for IKE phase 2 objects,
112: including the suite and phase 2 SA tables."
113: ::= { ikeMonMIBObjects 2 }
114:
115: oakleyObjects OBJECT-IDENTITY
116: STATUS current
117: DESCRIPTION
118: "This is the base object identifier for Oakley groups."
119: ::= { ikeMonMIBObjects 3 }
120:
121: ikeGroups OBJECT-IDENTITY
122: STATUS current
123: DESCRIPTION
124: "This is the base object identifier for all objects which
125: describe the groups in this MIB."
126: ::= { ikeMonMIBObjects 4 }
127:
128: ikeConformance OBJECT-IDENTITY
129: STATUS current
130: DESCRIPTION
131: "This is the base object identifier for all objects which
132: describe the conformance for this MIB."
133: ::= { ikeMonMIBObjects 5 }
134:
135: --
136: -- significant IKE phase 1 SA branches
137: --
138:
139: ikeTables OBJECT-IDENTITY
140: STATUS current
141:
142: DESCRIPTION
143: "This is the base object identifier for the IKE phase 1
144: security associations table."
145: ::= { ikePhase1Objects 1 }
146:
147: ikeGlobals OBJECT-IDENTITY
148: STATUS current
149: DESCRIPTION
150: "This is the base object identifier for all objects which
151: are global values for IKE."
152: ::= { ikePhase1Objects 2 }
153:
154: ikeTrafStats OBJECT-IDENTITY
155: STATUS current
156: DESCRIPTION
157: "This is the base object identifier for all objects which
158: are traffic statistic values for IKE."
159: ::= { ikePhase1Objects 3 }
160:
161: ikeErrors OBJECT-IDENTITY
162: STATUS current
163: DESCRIPTION
164: "This is the base object identifier for all objects which
165: are error values for IKE."
166: ::= { ikePhase1Objects 4 }
167:
168: ikeTrapObjects OBJECT-IDENTITY
169: STATUS current
170: DESCRIPTION
171: "This is the base object identifier for all trap objects for
172: the IKE phase 1 SA portion of this MIB."
173: ::= { ikePhase1Objects 5 }
174:
175: ikeTrapControl OBJECT-IDENTITY
176: STATUS current
177: DESCRIPTION
178: "This is the base object identifier for all trap controls
179: for the IKE phase 1 SA portion of this MIB."
180: ::= { ikePhase1Objects 6 }
181:
182: ikeTraps OBJECT-IDENTITY
183: STATUS current
184: DESCRIPTION
185: "This is the base object identifier for all traps for the
186: IKE phase 1 SA portion of this MIB."
187: ::= { ikePhase1Objects 7 }
188:
189: ikeNotifications OBJECT-IDENTITY
190: STATUS current
191: DESCRIPTION
192: "This is the base object identifier for all notification
193: objects of this MIB."
194: ::= { ikePhase1Objects 8 }
195:
196: --
197: -- significant SA suite branches
198: --
199:
200: suiteTables OBJECT-IDENTITY
201: STATUS current
202: DESCRIPTION
203: "This is the base object identifier for the suite table."
204: ::= { ikePhase2Objects 1 }
205:
206: suiteGlobals OBJECT-IDENTITY
207: STATUS current
208: DESCRIPTION
209: "This is the base object identifier for all objects which
210: are global values for suites."
211: ::= { ikePhase2Objects 2 }
212:
213: suiteTrafStats OBJECT-IDENTITY
214: STATUS current
215: DESCRIPTION
216: "This is the base object identifier for all objects which
217: are global counters for suite traffic statistics."
218: ::= { ikePhase2Objects 3 }
219:
220: suiteErrors OBJECT-IDENTITY
221: STATUS current
222: DESCRIPTION
223: "This is the base object identifier for all objects which
224: are global error counters for suites."
225: ::= { ikePhase2Objects 4 }
226:
227: suiteTrapControl OBJECT-IDENTITY
228: STATUS current
229: DESCRIPTION
230: "This is the base object identifier for all trap controls
231: for the suite portion of this MIB."
232: ::= { ikePhase2Objects 5 }
233:
234: suiteTraps OBJECT-IDENTITY
235: STATUS current
236: DESCRIPTION
237: "This is the base object identifier for all traps for the
238: suite portion of this MIB."
239: ::= { ikePhase2Objects 6 }
240:
241: --
242: -- the Oakley Group MIB-Group
243: --
244: -- a collection of objects providing information about the
245: -- Oakley Groups that the entity knows about that are not well known
246: --
247: -- A table is defined for each type of Oakley group
248: -- (each value in 'IkeGroupDescription').
249: --
250: -- This MIB has tables for groups of type MODP, ECP, or EC2N.
251: -- For groups that are not MODP, ECP, or EC2N, a new table should be
252: -- defined in a MIB for that group. The table should have one
253: -- integer index, which should be the first column. The columns
254: -- should be the IKE attributes used by that new type of group.
255: --
256:
257:
258: modpGroupTable OBJECT-TYPE
259: SYNTAX SEQUENCE OF ModpGroupEntry
260: MAX-ACCESS not-accessible
261: STATUS current
262: DESCRIPTION
263: "The (conceptual) table containing Oakley MODP groups that
264: are not well known that the entity has negotiated or knows
265: about.
266:
267: There should be one row for every Oakley MODP group
268: negotiated or supported by the entity that is not a well-
269: known group. The maximum number of rows is implementation
270: dependent."
271: ::= { oakleyObjects 1 }
272:
273: modpGroupEntry OBJECT-TYPE
274: SYNTAX ModpGroupEntry
275: MAX-ACCESS not-accessible
276: STATUS current
277: DESCRIPTION
278: "An entry (conceptual row) containing the information on a
279: particular Oakley MODP group.
280:
281: A row in this table cannot be created or deleted by SNMP
282: operations on columns of the table."
283: INDEX { modpGroupIndex }
284: ::= { modpGroupTable 1 }
285:
286: ModpGroupEntry ::= SEQUENCE {
287: modpGroupIndex Unsigned32,
288:
289: -- component parts
290: modpFieldSize Unsigned32,
291: modpPrime OCTET STRING,
292: modpGenerator OCTET STRING,
293: modpLPF OCTET STRING,
294: modpStrength Unsigned32
295: }
296:
297: modpGroupIndex OBJECT-TYPE
298: SYNTAX Unsigned32 (1..16777215)
299: MAX-ACCESS not-accessible
300: STATUS current
301: DESCRIPTION
302: "A unique value, greater than zero, for each Oakley MODP
303: group. It is recommended that values are assigned
304: contiguously starting from 1.
305:
306: The value for each MODP group must remain constant at least
307: from one re-initialization of entity's network management
308: system to the next re-initialization."
309: ::= { modpGroupEntry 1 }
310:
311: modpFieldSize OBJECT-TYPE
312: SYNTAX Unsigned32
313: UNITS "bits"
314: MAX-ACCESS read-only
315: STATUS current
316: DESCRIPTION
317: "The size of a field element, in bits."
318: REFERENCE "RFC 2412 Appendix A"
319: ::= { modpGroupEntry 2 }
320:
321: modpPrime OBJECT-TYPE
322: SYNTAX OCTET STRING (SIZE (0..511))
323: MAX-ACCESS read-only
324: STATUS current
325: DESCRIPTION
326: "The prime of the MODP group."
327: REFERENCE "RFC 2412 Appendix A"
328: ::= { modpGroupEntry 3 }
329:
330: modpGenerator OBJECT-TYPE
331: SYNTAX OCTET STRING (SIZE (0..511))
332: MAX-ACCESS read-only
333: STATUS current
334: DESCRIPTION
335: "The generator value of the MODP group."
336: REFERENCE "RFC 2412 Appendix A"
337: ::= { modpGroupEntry 4 }
338:
339: modpLPF OBJECT-TYPE
340: SYNTAX OCTET STRING (SIZE (0..511))
341: MAX-ACCESS read-only
342: STATUS current
343: DESCRIPTION
344: "The largest prime factor of the group size, or 0 if
345: unspecified."
346: REFERENCE "RFC 2412 Appendix A"
347: ::= { modpGroupEntry 5 }
348:
349: modpStrength OBJECT-TYPE
350: SYNTAX Unsigned32
351: MAX-ACCESS read-only
352: STATUS current
353: DESCRIPTION
354: "The strength of the group, which is approximately the
355: number of key-bits protected, or 0 if unspecified."
356: REFERENCE "RFC 2412 Appendix A"
357: ::= { modpGroupEntry 6 }
358:
359:
360: ecpGroupTable OBJECT-TYPE
361: SYNTAX SEQUENCE OF EcpGroupEntry
362: MAX-ACCESS not-accessible
363: STATUS current
364: DESCRIPTION
365: "The (conceptual) table containing Oakley ECP groups that
366: are not well known that the entity has negotiated or knows
367: about.
368:
369: There should be one row for every Oakley ECP group
370: negotiated or supported by the entity that is not a well-
371: known group. The maximum number of rows is implementation
372: dependent."
373: ::= { oakleyObjects 2 }
374:
375: ecpGroupEntry OBJECT-TYPE
376: SYNTAX EcpGroupEntry
377: MAX-ACCESS not-accessible STATUS current
378: DESCRIPTION
379: "An entry (conceptual row) containing the information on a
380: particular Oakley ECP group.
381:
382: A row in this table cannot be created or deleted by SNMP
383: operations on columns of the table."
384: INDEX { ecpGroupIndex }
385: ::= { ecpGroupTable 1 }
386:
387: EcpGroupEntry ::= SEQUENCE {
388: ecpGroupIndex Unsigned32,
389:
390: -- component parts
391: ecpFieldSize Unsigned32,
392: ecpPrime OCTET STRING,
393: ecpGeneratorOne OCTET STRING,
394: ecpGeneratorTwo OCTET STRING,
395: ecpParameterOne OCTET STRING,
396: ecpParameterTwo OCTET STRING,
397: ecpLPF OCTET STRING,
398: ecpOrder OCTET STRING,
399: ecpStrength Unsigned32
400: }
401:
402: ecpGroupIndex OBJECT-TYPE
403: SYNTAX Unsigned32 (1..16777215)
404: MAX-ACCESS not-accessible
405: STATUS current
406: DESCRIPTION
407: "A unique value, greater than zero, for each Oakley ECP
408: group. It is recommended that values are assigned
409: contiguously starting from 1.
410:
411: The value for each ECP group must remain constant at least
412: from one re-initialization of entity's network management
413: system to the next re-initialization."
414: ::= { ecpGroupEntry 1 }
415:
416: ecpFieldSize OBJECT-TYPE
417: SYNTAX Unsigned32
418: UNITS "bits"
419: MAX-ACCESS read-only
420: STATUS current
421: DESCRIPTION
422: "The size of a field element, in bits."
423: REFERENCE "RFC 2412 Appendix A"
424: ::= { ecpGroupEntry 2 }
425: ecpPrime OBJECT-TYPE
426: SYNTAX OCTET STRING (SIZE (0..511))
427: MAX-ACCESS read-only
428: STATUS current
429: DESCRIPTION
430: "The prime of the ECP group."
431: REFERENCE "RFC 2412 Appendix A"
432: ::= { ecpGroupEntry 3 }
433:
434: ecpGeneratorOne OBJECT-TYPE
435: SYNTAX OCTET STRING (SIZE (0..511))
436: MAX-ACCESS read-only
437: STATUS current
438: DESCRIPTION
439: "The first generator value of the group."
440: REFERENCE "RFC 2412 Appendix A"
441: ::= { ecpGroupEntry 4 }
442:
443: ecpGeneratorTwo OBJECT-TYPE
444: SYNTAX OCTET STRING (SIZE (0..511))
445: MAX-ACCESS read-only
446: STATUS current
447: DESCRIPTION
448: "The second generator value of the group."
449: REFERENCE "RFC 2412 Appendix A"
450: ::= { ecpGroupEntry 5 }
451:
452: ecpParameterOne OBJECT-TYPE
453: SYNTAX OCTET STRING (SIZE (0..511))
454: MAX-ACCESS read-only
455: STATUS current
456: DESCRIPTION
457: "The first elliptic curve parameter value of the group."
458: REFERENCE "RFC 2412 Appendix A"
459: ::= { ecpGroupEntry 6 }
460:
461: ecpParameterTwo OBJECT-TYPE
462: SYNTAX OCTET STRING (SIZE (0..511))
463: MAX-ACCESS read-only
464: STATUS current
465: DESCRIPTION
466: "The second elliptic curve parameter value of the group."
467: REFERENCE "RFC 2412 Appendix A"
468: ::= { ecpGroupEntry 7 }
469:
470: ecpLPF OBJECT-TYPE
471: SYNTAX OCTET STRING (SIZE (0..511)) MAX-ACCESS read-only
472: STATUS current
473: DESCRIPTION
474: "The largest prime factor of the group size, or 0 if
475: unspecified."
476: REFERENCE "RFC 2412 Appendix A"
477: ::= { ecpGroupEntry 8 }
478:
479: ecpOrder OBJECT-TYPE
480: SYNTAX OCTET STRING (SIZE (0..511))
481: MAX-ACCESS read-only
482: STATUS current
483: DESCRIPTION
484: "The order of the group, or 0 if it is unspecified."
485: REFERENCE "RFC 2412 Appendix A"
486: ::= { ecpGroupEntry 9 }
487:
488: ecpStrength OBJECT-TYPE
489: SYNTAX Unsigned32
490: MAX-ACCESS read-only
491: STATUS current
492: DESCRIPTION
493: "The strength of the group, which is approximately the
494: number of key-bits protected."
495: REFERENCE "RFC 2412 Appendix A"
496: ::= { ecpGroupEntry 10 }
497:
498:
499: ec2nGroupTable OBJECT-TYPE
500: SYNTAX SEQUENCE OF Ec2nGroupEntry
501: MAX-ACCESS not-accessible
502: STATUS current
503: DESCRIPTION
504: "The (conceptual) table containing Oakley EC2N groups that
505: are not well known that the entity has negotiated or knows
506: about.
507:
508: There should be one row for every Oakley group negotiated or
509: supported by the entity that is not a well-known group. The
510: maximum number of rows is implementation dependent."
511: ::= { oakleyObjects 3 }
512:
513: ec2nGroupEntry OBJECT-TYPE
514: SYNTAX Ec2nGroupEntry
515: MAX-ACCESS not-accessible
516: STATUS current
517:
518: DESCRIPTION
519: "An entry (conceptual row) containing the information on a
520: particular Oakley EC2N group.
521:
522: A row in this table cannot be created or deleted by SNMP
523: operations on columns of the table."
524: INDEX { ec2nGroupIndex }
525: ::= { ec2nGroupTable 1 }
526:
527: Ec2nGroupEntry ::= SEQUENCE {
528: ec2nGroupIndex Unsigned32,
529:
530: -- component parts
531: ec2nDegree Unsigned32,
532: ec2nIrrPoly OCTET STRING,
533: ec2nGeneratorOne OCTET STRING,
534: ec2nGeneratorTwo OCTET STRING,
535: ec2nParameterOne OCTET STRING,
536: ec2nParameterTwo OCTET STRING,
537: ec2nLPF OCTET STRING,
538: ec2nOrder OCTET STRING,
539: ec2nStrength Unsigned32
540: }
541:
542: ec2nGroupIndex OBJECT-TYPE
543: SYNTAX Unsigned32 (1..16777215)
544: MAX-ACCESS not-accessible
545: STATUS current
546: DESCRIPTION
547: "A unique value, greater than zero, for each Oakley EC2N
548: group. It is recommended that values are assigned
549: contiguously starting from 1.
550:
551: The value for each EC2N group must remain constant at least
552: from one re-initialization of entity's network management
553: system to the next re-initialization."
554: ::= { ec2nGroupEntry 1 }
555:
556: ec2nDegree OBJECT-TYPE
557: SYNTAX Unsigned32
558: MAX-ACCESS read-only
559: STATUS current
560: DESCRIPTION
561: "The degree of the irreducible polynomial."
562: REFERENCE "RFC 2412 Appendix A"
563: ::= { ec2nGroupEntry 2 }
564:
565: ec2nIrrPoly OBJECT-TYPE
566: SYNTAX OCTET STRING (SIZE (0..511))
567: MAX-ACCESS read-only
568: STATUS current
569: DESCRIPTION
570: "The prime or the irreducible field polynomial."
571: REFERENCE "RFC 2412 Appendix A"
572: ::= { ec2nGroupEntry 3 }
573:
574: ec2nGeneratorOne OBJECT-TYPE
575: SYNTAX OCTET STRING (SIZE (0..511))
576: MAX-ACCESS read-only
577: STATUS current
578: DESCRIPTION
579: "The first generator value of the group."
580: REFERENCE "RFC 2412 Appendix A"
581: ::= { ec2nGroupEntry 4 }
582:
583: ec2nGeneratorTwo OBJECT-TYPE
584: SYNTAX OCTET STRING (SIZE (0..511))
585: MAX-ACCESS read-only
586: STATUS current
587: DESCRIPTION
588: "The second generator value of the group."
589: REFERENCE "RFC 2412 Appendix A"
590: ::= { ec2nGroupEntry 5 }
591:
592: ec2nParameterOne OBJECT-TYPE
593: SYNTAX OCTET STRING (SIZE (0..511))
594: MAX-ACCESS read-only
595: STATUS current
596: DESCRIPTION
597: "The first elliptic curve parameter value of the group."
598: REFERENCE "RFC 2412 Appendix A"
599: ::= { ec2nGroupEntry 6 }
600:
601: ec2nParameterTwo OBJECT-TYPE
602: SYNTAX OCTET STRING (SIZE (0..511))
603: MAX-ACCESS read-only
604: STATUS current
605: DESCRIPTION
606: "The second elliptic curve parameter value of the group."
607: REFERENCE "RFC 2412 Appendix A"
608: ::= { ec2nGroupEntry 7 }
609:
610: ec2nLPF OBJECT-TYPE
611: SYNTAX OCTET STRING (SIZE (0..511))
612: MAX-ACCESS read-only STATUS current
613: DESCRIPTION
614: "The largest prime factor of the group size, or 0 if
615: unspecified."
616: REFERENCE "RFC 2412 Appendix A"
617: ::= { ec2nGroupEntry 8 }
618:
619: ec2nOrder OBJECT-TYPE
620: SYNTAX OCTET STRING (SIZE (0..511))
621: MAX-ACCESS read-only
622: STATUS current
623: DESCRIPTION
624: "The order of the group, or 0 if it is unspecified."
625: REFERENCE "RFC 2412 Appendix A"
626: ::= { ec2nGroupEntry 9 }
627:
628: ec2nStrength OBJECT-TYPE
629: SYNTAX Unsigned32
630: MAX-ACCESS read-only
631: STATUS current
632: DESCRIPTION
633: "The strength of the group, which is approximately the
634: number of key-bits protected, or 0 if it is unspecified."
635: REFERENCE "RFC 2412 Appendix A"
636: ::= { ec2nGroupEntry 10 }
637:
638:
639: --
640: -- the IKE Endpoint Table
641: --
642: -- a collection of objects providing information about
643: -- the endpoints involved with IKE in this entity
644: --
645:
646: ikeEndpointTable OBJECT-TYPE
647: SYNTAX SEQUENCE OF IkeEndpointEntry
648: MAX-ACCESS not-accessible
649: STATUS current
650: DESCRIPTION
651: "The (conceptual) table containing information about the
652: endpoints involved IKE in this entity.
653:
654: There is one row for each endpoint that is active in or with
655: the entity, including remote endpoints and local endpoints.
656:
657: The maximum number of rows is implementation dependent."
658: ::= { ikeTables 1 }
659: ikeEndpointEntry OBJECT-TYPE
660: SYNTAX IkeEndpointEntry
661: MAX-ACCESS not-accessible
662: STATUS current
663: DESCRIPTION
664: "An entry (conceptual row) containing an IKE ID.
665:
666: A row in this table cannot be created or deleted by SNMP
667: operations on columns of the table.
668:
669: It is not necessary to delete rows for endpoints that are no
670: longer active; this is implementation dependent."
671: INDEX { endpointIndex }
672: ::= { ikeEndpointTable 1 }
673:
674: IkeEndpointEntry ::= SEQUENCE {
675: -- index
676: endpointIndex Unsigned32,
677:
678: -- ID and authentication information
679: endpointIdType IpsecDoiIdentType,
680: endpointIdValue IpsecRawId,
681: endpointCertSerialNum OCTET STRING,
682: endpointCertIssuer OCTET STRING,
683:
684: -- other info about the ID, including statistics
685: endpointIsLocal TruthValue,
686: endpointCurrentIkeSAs Gauge32,
687: endpointTotalIkeSAs Counter32,
688: endpointCurrentSuites Gauge32,
689: endpointTotalSuites Counter32
690:
691: }
692:
693: endpointIndex OBJECT-TYPE
694: SYNTAX Unsigned32
695: MAX-ACCESS not-accessible
696: STATUS current
697: DESCRIPTION
698: "A unique value, greater than zero, for each endpoint
699: associated with the entity, whether local or remote. It is
700: recommended that values are assigned contiguously starting
701: from 1."
702: ::= { ikeEndpointEntry 1 }
703:
704: endpointIdType OBJECT-TYPE
705: SYNTAX IpsecDoiIdentType
706: MAX-ACCESS read-only STATUS current
707: DESCRIPTION
708: "The type of ID used by the endpoint. This is the type of
709: the ID that is used by the endpoint during phase 1
710: negotiations.
711:
712: If this is not a local endpoint, then this value is taken
713: directly from the phase 1 exchange with the remote
714: endpoint."
715: REFERENCE "RFC 2407 Section 4.6.2.1"
716: ::= { ikeEndpointEntry 2 }
717:
718: endpointIdValue OBJECT-TYPE
719: SYNTAX IpsecRawId
720: MAX-ACCESS read-only
721: STATUS current
722: DESCRIPTION
723: "The ID of the endpoint. This is the ID value that is used
724: by the endpoint during phase 1 negotiations.
725:
726: If this is not a local endpoint, then this value is taken
727: directly from the phase 1 exchange with the remote
728: endpoint."
729: REFERENCE "RFC 2407 Section 4.6.2.1"
730: ::= { ikeEndpointEntry 3 }
731:
732: endpointCertSerialNum OBJECT-TYPE
733: SYNTAX OCTET STRING (SIZE (0..63))
734: MAX-ACCESS read-only
735: STATUS current
736: DESCRIPTION
737: "The serial number of the certificate used by the endpoint.
738:
739: This object has no meaning if a certificate was not used in
740: authenticating the endpoint."
741: ::= { ikeEndpointEntry 4 }
742:
743: endpointCertIssuer OBJECT-TYPE
744: SYNTAX OCTET STRING (SIZE (0..511))
745: MAX-ACCESS read-only
746: STATUS current
747: DESCRIPTION
748: "The issuer name of the certificate used by the endpoint.
749:
750: This object has no meaning if a certificate was not used in
751: authenticating the endpoint."
752: ::= { ikeEndpointEntry 5 }
753: endpointIsLocal OBJECT-TYPE
754: SYNTAX TruthValue
755: MAX-ACCESS read-only
756: STATUS current
757: DESCRIPTION
758: "True if this row represents a local endpoint (the entity
759: uses this endpoint)."
760: ::= { ikeEndpointEntry 6 }
761:
762: endpointCurrentIkeSAs OBJECT-TYPE
763: SYNTAX Gauge32
764: MAX-ACCESS read-only
765: STATUS current
766: DESCRIPTION
767: "The number of current IKE SAs in the entity for which this
768: endpoint is found at one end."
769: ::= { ikeEndpointEntry 7 }
770:
771: endpointTotalIkeSAs OBJECT-TYPE
772: SYNTAX Counter32
773: MAX-ACCESS read-only
774: STATUS current
775: DESCRIPTION
776: "The total number of IKE SAs in the entity for which this
777: endpoint is or was found at one end."
778: ::= { ikeEndpointEntry 8 }
779:
780: endpointCurrentSuites OBJECT-TYPE
781: SYNTAX Gauge32
782: MAX-ACCESS read-only
783: STATUS current
784: DESCRIPTION
785: "The number of current phase 2 SA suites in the entity that
786: this endpoint was involved in the creation of."
787: ::= { ikeEndpointEntry 9 }
788:
789: endpointTotalSuites OBJECT-TYPE
790: SYNTAX Counter32
791: MAX-ACCESS read-only
792: STATUS current
793: DESCRIPTION
794: " The total number of phase 2 SA suites in the entity that
795: this endpoint was involved in the creation of."
796: ::= { ikeEndpointEntry 10 }
797:
798:
799:
800: --
801: -- the IKE Phase 1 SA MIB-Group
802: --
803: -- a collection of objects providing information about
804: -- the IKE phase 1 SAs
805: --
806:
807: ikeSaTable OBJECT-TYPE
808: SYNTAX SEQUENCE OF IkeSaEntry
809: MAX-ACCESS not-accessible
810: STATUS current
811: DESCRIPTION
812: "The (conceptual) table containing the IKE SAs.
813:
814: The number of rows is the same as the number of IKE phase 2
815: SAs that are in the process of being negotiated or are
816: negotiated in the entity. Phrased another way, there is a
817: row in this table for each row in 'saTable' for which
818: 'saDoi' is 'ipsecDOI(1)'.
819:
820: The maximum number of rows is implementation dependent."
821: ::= { ikeTables 2 }
822:
823: ikeSaEntry OBJECT-TYPE
824: SYNTAX IkeSaEntry
825: MAX-ACCESS not-accessible
826: STATUS current
827: DESCRIPTION
828: "An entry (conceptual row) containing the information on a
829: particular IKE SA. There is an entry in this table for each
830: 'saEntry' in which which 'saDoi' is 'ipsecDOI(1)'.
831:
832: A row in this table cannot be created or deleted by SNMP
833: operations on columns of the table."
834: INDEX
835: {
836: saLocalIpAddressType,
837: saLocalIpAddress,
838: saRemoteIpAddressType,
839: saRemoteIpAddress,
840: saInitiatorCookie,
841: saResponderCookie
842: }
843: ::= { ikeSaTable 1 }
844:
845: IkeSaEntry ::= SEQUENCE {
846: -- ID and authentication information
847: saAuthMethod IkeAuthMethod,
848: saPeerEndpoint Unsigned32,
849: saLocalEndpoint Unsigned32,
850:
851: -- security algorithm information
852: saEncAlg IkeEncryptionAlgorithm,
853: saEncKeyLength Unsigned32,
854: saHashAlg IkeHashAlgorithm,
855: saHashKeyLength Unsigned32,
856: saPRF IkePrf,
857: saOakleyGroupDesc IkeGroupDescription,
858: saOakleyGroup OBJECT IDENTIFIER,
859:
860: -- expiration limits
861: saLimitSeconds Unsigned32, -- 0 if none
862: saLimitKbytes Unsigned32, -- 0 if none
863: saLimitKeyUses Unsigned32, -- 0 if none
864:
865: -- current operating statistics
866: saAccKbytes Counter32,
867: saKeyUses Counter32,
868: saCreatedSuites Counter32,
869: saDeletedSuites Counter32,
870:
871: -- error counts
872: saDecryptErrors Counter32,
873: saHashErrors Counter32,
874: saOtherReceiveErrors Counter32,
875: saSendErrors Counter32
876: }
877:
878: saAuthMethod OBJECT-TYPE
879: SYNTAX IkeAuthMethod
880: MAX-ACCESS read-only
881: STATUS current
882: DESCRIPTION
883: "The authentication method used to authenticate the peers.
884:
885: Note that this does not include the specific method of
886: extended authentication if extended authentication is used."
887: ::= { ikeSaEntry 1 }
888:
889: saPeerEndpoint OBJECT-TYPE
890: SYNTAX Unsigned32
891: MAX-ACCESS read-only
892: STATUS current
893: DESCRIPTION
894: "The index of the endpoint table row for the peer endpoint
895: that negotiated this SA. In other words, the value of
896: 'endpointIndex' for the appropriate row ('ikeEndpointEntry')
897: from the 'ikeEndpointTable'."
898: ::= { ikeSaEntry 2 }
899:
900: saLocalEndpoint OBJECT-TYPE
901: SYNTAX Unsigned32
902: MAX-ACCESS read-only
903: STATUS current
904: DESCRIPTION
905: "The index of the endpoint table row for the local endpoint
906: that negotiated this SA. In other words, the value of
907: 'endpointIndex' for the appropriate row ('ikeEndpointEntry')
908: from the 'ikeEndpointTable'."
909: ::= { ikeSaEntry 3 }
910:
911: saEncAlg OBJECT-TYPE
912: SYNTAX IkeEncryptionAlgorithm
913: MAX-ACCESS read-only
914: STATUS current
915: DESCRIPTION
916: "The encryption algorithm used to protect this SA."
917: ::= { ikeSaEntry 4 }
918:
919: saEncKeyLength OBJECT-TYPE
920: SYNTAX Unsigned32 (0..65531)
921: UNITS "bits"
922: MAX-ACCESS read-only
923: STATUS current
924: DESCRIPTION
925: "The length of the encryption key in bits used for the
926: algorithm specified in the 'saEncAlg' object. It may be 0 if
927: the key length is implicit in the specified algorithm."
928: ::= { ikeSaEntry 5 }
929:
930: saHashAlg OBJECT-TYPE
931: SYNTAX IkeHashAlgorithm
932: MAX-ACCESS read-only
933: STATUS current
934: DESCRIPTION
935: "The hash algorithm used to protect this SA."
936: ::= { ikeSaEntry 6 }
937:
938: saHashKeyLength OBJECT-TYPE
939: SYNTAX Unsigned32 (0..65531)
940: UNITS "bits"
941: MAX-ACCESS read-only
942: STATUS current
943: DESCRIPTION
944: "The length of the encryption key in bits used for the
945: algorithm specified in the 'saHashAlg' object. It may be 0
946: if the key length is implicit in the specified algorithm."
947: ::= { ikeSaEntry 7 }
948:
949: saPRF OBJECT-TYPE
950: SYNTAX IkePrf
951: MAX-ACCESS read-only
952: STATUS current
953: DESCRIPTION
954: "The pseudo-random function used by this SA, or 0 if the
955: HMAC version of the negotiated hash algorithm is used as a
956: pseudo-random function."
957: REFERENCE "RFC 2409 Appendix A"
958: ::= { ikeSaEntry 8 }
959:
960: saOakleyGroupDesc OBJECT-TYPE
961: SYNTAX IkeGroupDescription
962: MAX-ACCESS read-only
963: STATUS current
964: DESCRIPTION
965: "The group number used to generate the Diffie-Hellman key
966: pair when setting up the SA, or 0 if none of the defined
967: groups was used.
968:
969: If this value is 0, the 'saOakleyGroup' must not also be
970: OBJECT IDENTIFIER { 0 0 }."
971: REFERENCE "RFC 2409 Section 6."
972: ::= { ikeSaEntry 9 }
973:
974: saOakleyGroup OBJECT-TYPE
975: SYNTAX OBJECT IDENTIFIER
976: MAX-ACCESS read-only
977: STATUS current
978: DESCRIPTION
979: "The object identifier of the Oakley group row that was used
980: if a well-known group was not used to generate the Diffie-
981: Hellman key pair for this SA.
982:
983: If a well-known group was used, the value should be set to
984: the OBJECT IDENTIFIER { 0 0 }.
985:
986: For example, if the group is a MODP group, the value of this
987: object is the object identifier of 'modpGroupIndex' of the
988: appropriate row ('modpGroupEntry') in 'modpGroupTable'."
989: REFERENCE "RFC 2409 Section 6"
990: ::= { ikeSaEntry 10 }
991: saLimitSeconds OBJECT-TYPE
992: SYNTAX Unsigned32
993: UNITS "seconds"
994: MAX-ACCESS read-only
995: STATUS current
996: DESCRIPTION
997: "The maximum number of seconds the SA is allowed to exist,
998: or 0 if there is no time-based limit on the existence of the
999: SA.
1000:
1001: The display value is limited to 4,294,967,295 seconds (more
1002: than 136 years); values greater than that value will be
1003: truncated."
1004: ::= { ikeSaEntry 11 }
1005:
1006: saLimitKbytes OBJECT-TYPE
1007: SYNTAX Unsigned32
1008: UNITS "Kilobytes"
1009: MAX-ACCESS read-only
1010: STATUS current
1011: DESCRIPTION
1012: "The maximum number of Kilobytes (1024 bytes) the SA is
1013: allowed to encrypt before it expires, or 0 if there is no
1014: traffic-by-byte-based limit on the existence of the SA.
1015:
1016: The display value is limited to 4,294,967,295 Kilobytes
1017: (more than 4,194,304 Mbyte); values greater than that value
1018: will be truncated."
1019: ::= { ikeSaEntry 12 }
1020:
1021: saLimitKeyUses OBJECT-TYPE
1022: SYNTAX Unsigned32
1023: MAX-ACCESS read-only
1024: STATUS current
1025: DESCRIPTION
1026: "The maximum number of times the SA is allowed to provide
1027: keying material from its own Diffie-Hellman exchange before
1028: it expires, or 0 if there is no keying material-based limit
1029: on the existence of the SA."
1030: ::= { ikeSaEntry 13 }
1031:
1032: saAccKbytes OBJECT-TYPE
1033: SYNTAX Counter32
1034: UNITS "Kilobytes"
1035: MAX-ACCESS read-only
1036: STATUS current
1037: DESCRIPTION
1038: "The number of Kilobytes (1024 bytes) the SA has encrypted
1039: that count against any lifetime restriction based on
1040: traffic. This value may be 0 if there is no such
1041: restriction."
1042: ::= { ikeSaEntry 14 }
1043:
1044: saKeyUses OBJECT-TYPE
1045: SYNTAX Counter32
1046: MAX-ACCESS read-only
1047: STATUS current
1048: DESCRIPTION
1049: "The number of times the SA has provided keying material
1050: derived from its own original Diffie-Hellman exchange."
1051: ::= { ikeSaEntry 15 }
1052:
1053: saCreatedSuites OBJECT-TYPE
1054: SYNTAX Counter32
1055: MAX-ACCESS read-only
1056: STATUS current
1057: DESCRIPTION
1058: "The total number of SA suites that this SA has successfully
1059: created. In other words, the total number of successful
1060: quick mode exchanges multiplied by the number of SA payloads
1061: in each of those exchanges."
1062: ::= { ikeSaEntry 16 }
1063:
1064: saDeletedSuites OBJECT-TYPE
1065: SYNTAX Counter32
1066: MAX-ACCESS read-only
1067: STATUS current
1068: DESCRIPTION
1069: "The total number of SA suites deleted for which this SA
1070: sent or received SA suite delete notifications. When delete
1071: notifications are sent or received for more than one IPsec
1072: SA in an SA suite, this number shall be incremented by one,
1073: and not by the number IPsec SAs in the suite that were
1074: deleted."
1075: ::= { ikeSaEntry 17 }
1076:
1077: saDecryptErrors OBJECT-TYPE
1078: SYNTAX Counter32
1079: UNITS "packets"
1080: MAX-ACCESS read-only
1081: STATUS current
1082:
1083:
1084: DESCRIPTION
1085: "The total number of packets inbound to this SA that were
1086: discarded due to decryption errors."
1087: ::= { ikeSaEntry 18 }
1088:
1089: saHashErrors OBJECT-TYPE
1090: SYNTAX Counter32
1091: UNITS "packets"
1092: MAX-ACCESS read-only
1093: STATUS current
1094: DESCRIPTION
1095: "The total number of packets inbound to this SA that were
1096: discarded due to hash result errors."
1097: ::= { ikeSaEntry 19 }
1098:
1099: saOtherReceiveErrors OBJECT-TYPE
1100: SYNTAX Counter32
1101: UNITS "packets"
1102: MAX-ACCESS read-only
1103: STATUS current
1104: DESCRIPTION
1105: "The total number of packets inbound to this SA that were
1106: discarded due to errors other than decryption or hash result
1107: errors. This may include packets dropped to a lack of
1108: receive buffer space."
1109: ::= { ikeSaEntry 20 }
1110:
1111: saSendErrors OBJECT-TYPE
1112: SYNTAX Counter32
1113: UNITS "packets"
1114: MAX-ACCESS read-only
1115: STATUS current
1116: DESCRIPTION
1117: "The total number of packets outbound from this SA that were
1118: discarded due to errors. This may include packets dropped to
1119: a lack of transmit buffer space."
1120: ::= { ikeSaEntry 21 }
1121:
1122: --
1123: -- the IKE SA By Creators Table
1124: --
1125:
1126: saByCreatorsTable OBJECT-TYPE
1127: SYNTAX SEQUENCE OF SaByCreatorsEntry
1128: MAX-ACCESS not-accessible
1129: STATUS current
1130:
1131: DESCRIPTION
1132: "The (conceptual) table that sorts the IKE phase 1 SAs by
1133: the endpoint identifiers.
1134:
1135: The number of rows in this table is the same as the number
1136: of IKE phase 1 SAs in the entity."
1137: ::= { ikeTables 3 }
1138:
1139: saByCreatorsEntry OBJECT-TYPE
1140: SYNTAX SaByCreatorsEntry
1141: MAX-ACCESS not-accessible
1142: STATUS current
1143: DESCRIPTION
1144: "An entry (conceptual row) referencing a particular IKE
1145: phase 1 SA.
1146:
1147: A row in this table cannot be created or deleted by SNMP
1148: operations on columns of the table."
1149: INDEX
1150: {
1151: saByCreatorsLocalEndpoint,
1152: saByCreatorsRemoteEndpoint,
1153: saByCreatorsIndex
1154: }
1155: ::= { saByCreatorsTable 1 }
1156:
1157: SaByCreatorsEntry ::= SEQUENCE {
1158: -- index
1159: saByCreatorsLocalEndpoint Unsigned32,
1160: saByCreatorsRemoteEndpoint Unsigned32,
1161: saByCreatorsIndex Unsigned32,
1162:
1163: -- phase 1 SA reference
1164: saIkeLocalIpAddressType InetAddressType,
1165: saIkeLocalIpAddress InetAddress,
1166: saIkeRemoteIpAddressType InetAddressType,
1167: saIkeRemoteIpAddress InetAddress,
1168: saIkeInitiatorCookie IsakmpCookie,
1169: saIkeResponderCookie IsakmpCookie
1170: }
1171:
1172: saByCreatorsLocalEndpoint OBJECT-TYPE
1173: SYNTAX Unsigned32
1174: MAX-ACCESS not-accessible
1175: STATUS current
1176:
1177:
1178: DESCRIPTION
1179: "The index of the endpoint table row for the local
1180: endpoint."
1181: ::= { saByCreatorsEntry 1 }
1182:
1183: saByCreatorsRemoteEndpoint OBJECT-TYPE
1184: SYNTAX Unsigned32
1185: MAX-ACCESS not-accessible
1186: STATUS current
1187: DESCRIPTION
1188: "The index of the endpoint table row for the remote
1189: endpoint."
1190: ::= { saByCreatorsEntry 2 }
1191:
1192: saByCreatorsIndex OBJECT-TYPE
1193: SYNTAX Unsigned32 (1..16777215)
1194: MAX-ACCESS not-accessible
1195: STATUS current
1196: DESCRIPTION
1197: "A unique value, greater than zero, for each IKE phase 1 SA
1198: that exists between the two endpoints. It is recommended
1199: that values are assigned contiguously starting from 1."
1200: ::= { saByCreatorsEntry 3 }
1201:
1202: saIkeLocalIpAddressType OBJECT-TYPE
1203: SYNTAX InetAddressType
1204: MAX-ACCESS read-only
1205: STATUS current
1206: DESCRIPTION
1207: "The value of 'saLocalIpAddressType' of the phase 1 SA for
1208: this row."
1209: ::= { saByCreatorsEntry 4 }
1210:
1211: saIkeLocalIpAddress OBJECT-TYPE
1212: SYNTAX InetAddress (SIZE(4|16|20))
1213: MAX-ACCESS read-only
1214: STATUS current
1215: DESCRIPTION
1216: "The value of 'saLocalIpAddress' of the phase 1 SA for this
1217: row."
1218: ::= { saByCreatorsEntry 5 }
1219:
1220: saIkeRemoteIpAddressType OBJECT-TYPE
1221: SYNTAX InetAddressType
1222: MAX-ACCESS read-only
1223: STATUS current
1224:
1225: DESCRIPTION
1226: "The value of 'saRemoteIpAddressType' of the phase 1 SA for
1227: this row."
1228: ::= { saByCreatorsEntry 6 }
1229:
1230: saIkeRemoteIpAddress OBJECT-TYPE
1231: SYNTAX InetAddress (SIZE(4|16|20))
1232: MAX-ACCESS read-only
1233: STATUS current
1234: DESCRIPTION
1235: "The value of 'saRemoteIpAddress' of the phase 1 SA for this
1236: row."
1237: ::= { saByCreatorsEntry 7 }
1238:
1239: saIkeInitiatorCookie OBJECT-TYPE
1240: SYNTAX IsakmpCookie
1241: MAX-ACCESS read-only
1242: STATUS current
1243: DESCRIPTION
1244: "The value of 'saInitiatorCookie' of the phase 1 SA for this
1245: row."
1246: ::= { saByCreatorsEntry 8 }
1247:
1248: saIkeResponderCookie OBJECT-TYPE
1249: SYNTAX IsakmpCookie
1250: MAX-ACCESS read-only
1251: STATUS current
1252: DESCRIPTION
1253: "The value of 'saResponderCookie' of the phase 1 SA for this
1254: row."
1255: ::= { saByCreatorsEntry 9 }
1256:
1257:
1258: -- the Exchange Count MIB-Group
1259: --
1260: -- a collection of objects providing information about the
1261: -- number of exchanges performed using ISAKMP-based SAs
1262: --
1263:
1264: exchangeTable OBJECT-TYPE
1265: SYNTAX SEQUENCE OF ExchangeEntry
1266: MAX-ACCESS not-accessible
1267: STATUS current
1268: DESCRIPTION
1269: "The (conceptual) table containing the exchanges used.
1270:
1271: There should be one row for every exchange attempt that has
1272: occurred using a phase 1 security association that exists in
1273: the entity. The maximum number of rows is implementation
1274: dependent."
1275: ::= { ikeTables 4 }
1276:
1277: exchangeEntry OBJECT-TYPE
1278: SYNTAX ExchangeEntry
1279: MAX-ACCESS not-accessible
1280: STATUS current
1281: DESCRIPTION
1282: "An entry (conceptual row) containing the information on a
1283: particular exchange used in an SA.
1284:
1285: A row in this table cannot be created or deleted by SNMP
1286: operations on columns of the table."
1287: INDEX {
1288: saLocalIpAddressType,
1289: saLocalIpAddress,
1290: saRemoteIpAddressType,
1291: saRemoteIpAddress,
1292: saInitiatorCookie,
1293: saResponderCookie,
1294: exchangeType
1295: }
1296: ::= { exchangeTable 1 }
1297:
1298: ExchangeEntry::= SEQUENCE {
1299: -- identification
1300: exchangeType IkeExchangeType,
1301:
1302: -- the statistics
1303: exchangesTotalCount Counter32,
1304: exchangesInitiatedCount Counter32,
1305: exchangesRespondedCount Counter32
1306: }
1307:
1308: exchangeType OBJECT-TYPE
1309: SYNTAX IkeExchangeType
1310: MAX-ACCESS not-accessible
1311: STATUS current
1312: DESCRIPTION
1313: "The type of the exchange for which the statistics of this
1314: row apply."
1315: ::= { exchangeEntry 1 }
1316:
1317: exchangesTotalCount OBJECT-TYPE
1318: SYNTAX Counter32
1319: MAX-ACCESS read-only
1320: STATUS current DESCRIPTION
1321: "The total number of complete exchanges of the type
1322: performed using the SA, as either initiator or as responder.
1323:
1324: If there were failed attempts to initiate exchanges, this
1325: value is not equal to the sum of 'exchangesInitiatedCount'
1326: and 'exchangesRespondedCount'."
1327: ::= { exchangeEntry 2 }
1328:
1329: exchangesInitiatedCount OBJECT-TYPE
1330: SYNTAX Counter32
1331: MAX-ACCESS read-only
1332: STATUS current
1333: DESCRIPTION
1334: "The total number of exchanges of the type attempted using
1335: the SA as initiator. This includes exchange that failed or
1336: were incomplete"
1337: ::= { exchangeEntry 3 }
1338:
1339: exchangesRespondedCount OBJECT-TYPE
1340: SYNTAX Counter32
1341: MAX-ACCESS read-only
1342: STATUS current
1343: DESCRIPTION
1344: "The total number of complete exchanges of the type
1345: performed using the SA as responder."
1346: ::= { exchangeEntry 4 }
1347:
1348: --
1349: -- the Suite MIB-Group
1350: --
1351: -- a collection of objects providing information about
1352: -- the phase 2 SA suites
1353: --
1354:
1355: suiteTable OBJECT-TYPE
1356: SYNTAX SEQUENCE OF SuiteEntry
1357: MAX-ACCESS not-accessible
1358: STATUS current
1359: DESCRIPTION
1360: "The (conceptual) table containing the phase 2 suites.
1361:
1362: The number of rows in this table is the same as the number
1363: of suites in the entity. The maximum number of rows is
1364: implementation dependent."
1365: ::= { suiteTables 1 }
1366:
1367: suiteEntry OBJECT-TYPE
1368: SYNTAX SuiteEntry
1369: MAX-ACCESS not-accessible
1370: STATUS current
1371: DESCRIPTION
1372: "An entry (conceptual row) containing the information on a
1373: particular phase 2 SA suite.
1374:
1375: A row in this table cannot be created or deleted by SNMP
1376: operations on columns of the table."
1377: INDEX { suiteIndex }
1378: ::= { suiteTable 1 }
1379:
1380: SuiteEntry ::= SEQUENCE {
1381: -- index
1382: suiteIndex Unsigned32,
1383:
1384: -- end points
1385: suiteLocalAddressType InetAddressType,
1386: suiteLocalAddress InetAddress,
1387: suiteRemoteAddressType InetAddressType,
1388: suiteRemoteAddress InetAddress,
1389:
1390: -- creator ID information
1391: suitePhase1RemoteEndpoint Unsigned32,
1392: suitePhase1LocalEndpoint Unsigned32,
1393:
1394: -- selector
1395: suiteSelector Unsigned32,
1396:
1397: -- keying material source information
1398: suiteOakleyGroupDesc IkeGroupDescription,
1399: suiteOakleyGroup OBJECT IDENTIFIER,
1400:
1401: -- operating statistics
1402: suiteLifeSeconds Counter32,
1403: suiteInUserOctets Counter64,
1404: suiteInPackets Counter64,
1405: suiteOutUserOctets Counter64,
1406: suiteOutPackets Counter64,
1407:
1408: -- error statistics
1409: suiteSendErrors Counter32,
1410: suiteReceiveErrors Counter32
1411: }
1412:
1413: suiteIndex OBJECT-TYPE
1414: SYNTAX Unsigned32 (1..16777215) MAX-ACCESS not-accessible
1415: STATUS current
1416: DESCRIPTION
1417: "A unique value, greater than zero, for each SA suite. It is
1418: recommended that values are assigned contiguously starting
1419: from 1."
1420: ::= { suiteEntry 1 }
1421:
1422: suiteLocalAddressType OBJECT-TYPE
1423: SYNTAX InetAddressType
1424: MAX-ACCESS read-only
1425: STATUS current
1426: DESCRIPTION
1427: "The type of address used by the local entity that
1428: negotiated the SA suite. "
1429: ::= { suiteEntry 2 }
1430:
1431: suiteLocalAddress OBJECT-TYPE
1432: SYNTAX InetAddress (SIZE(4|16|20))
1433: MAX-ACCESS read-only
1434: STATUS current
1435: DESCRIPTION
1436: "The address used by the local entity that negotiated the SA
1437: suite. "
1438: ::= { suiteEntry 3 }
1439:
1440: suiteRemoteAddressType OBJECT-TYPE
1441: SYNTAX InetAddressType
1442: MAX-ACCESS read-only
1443: STATUS current
1444: DESCRIPTION
1445: "The type of address used by the remote entity that
1446: negotiated the SA suite."
1447: ::= { suiteEntry 4 }
1448:
1449: suiteRemoteAddress OBJECT-TYPE
1450: SYNTAX InetAddress (SIZE(4|16|20))
1451: MAX-ACCESS read-only
1452: STATUS current
1453: DESCRIPTION
1454: "The address used by the remote entity that negotiated the
1455: SA suite."
1456: ::= { suiteEntry 5 }
1457:
1458: suitePhase1RemoteEndpoint OBJECT-TYPE
1459: SYNTAX Unsigned32
1460: MAX-ACCESS read-only
1461: STATUS current DESCRIPTION
1462: "The index of the endpoint table row for remote entity that
1463: negotiated this suite. In other words, the value of
1464: 'endpointIndex' for the appropriate row ('ikeEndpointEntry')
1465: from the 'ikeEndpointTable'."
1466: ::= { suiteEntry 6 }
1467:
1468: suitePhase1LocalEndpoint OBJECT-TYPE
1469: SYNTAX Unsigned32
1470: MAX-ACCESS read-only
1471: STATUS current
1472: DESCRIPTION
1473: "The index of the endpoint table row for local entity that
1474: negotiated this suite. In other words, the value of
1475: 'endpointIndex' for the appropriate row ('ikeEndpointEntry')
1476: from the 'ikeEndpointTable'"
1477: ::= { suiteEntry 7 }
1478:
1479: suiteSelector OBJECT-TYPE
1480: SYNTAX Unsigned32
1481: MAX-ACCESS read-only
1482: STATUS current
1483: DESCRIPTION
1484: "The index of the selector table row for this suite. In
1485: other words, the value of 'selectorIndex' for the
1486: appropriate row ('SelectorEntry') from the 'selectorTable'"
1487: ::= { suiteEntry 8 }
1488:
1489: suiteOakleyGroupDesc OBJECT-TYPE
1490: SYNTAX IkeGroupDescription
1491: MAX-ACCESS read-only
1492: STATUS current
1493: DESCRIPTION
1494: "The group number used to generate the Diffie-Hellman key
1495: pair when setting up the SA, or 0 if none of the well known
1496: groups was used, or if perfect forward secrecy was not used.
1497:
1498: If this value is 0, the 'suiteOakleyGroup' must not also be
1499: OBJECT IDENTIFIER { 0 0 }."
1500: ::= { suiteEntry 9 }
1501:
1502: suiteOakleyGroup OBJECT-TYPE
1503: SYNTAX OBJECT IDENTIFIER
1504: MAX-ACCESS read-only
1505: STATUS current
1506:
1507:
1508: DESCRIPTION
1509: "The OID for the Oakley group row that was used if a well-
1510: known group was not used to generate the Diffie-Hellman key
1511: pair for this SA.
1512:
1513: If a well-known group was used, or if perfect forward
1514: secrecy was not used, the value should be set to the OBJECT
1515: IDENTIFIER { 0 0 }.
1516:
1517: For example, if the group is a MODP group, the value of this
1518: object is the object identifier of 'modpGroupIndex' of the
1519: appropriate row ('modpGroupEntry') in 'modpGroupTable'."
1520: ::= { suiteEntry 10 }
1521:
1522: suiteLifeSeconds OBJECT-TYPE
1523: SYNTAX Counter32
1524: UNITS "seconds"
1525: MAX-ACCESS read-only
1526: STATUS current
1527: DESCRIPTION
1528: "The number of seconds that the SA has existed."
1529: ::= { suiteEntry 11 }
1530:
1531: suiteInUserOctets OBJECT-TYPE
1532: SYNTAX Counter64
1533: UNITS "bytes"
1534: MAX-ACCESS read-only
1535: STATUS current
1536: DESCRIPTION
1537: "The amount of user level traffic measured in bytes handled
1538: by the suite in the inbound direction.
1539:
1540: This is the same as the user level traffic of the inner most
1541: inbound SA in the suite. Note that if the inner-most SA is a
1542: shared IPcomp SA, then this value may be difficult to
1543: calculate."
1544: ::= { suiteEntry 12 }
1545:
1546: suiteInPackets OBJECT-TYPE
1547: SYNTAX Counter64
1548: UNITS "packets"
1549: MAX-ACCESS read-only
1550: STATUS current
1551: DESCRIPTION
1552: "The number of inbound packets handled by the suite.
1553:
1554:
1555: This is the same as the number of packets handled by any one
1556: of the inbound SAs in the suite."
1557: ::= { suiteEntry 13 }
1558:
1559: suiteOutUserOctets OBJECT-TYPE
1560: SYNTAX Counter64
1561: UNITS "bytes"
1562: MAX-ACCESS read-only
1563: STATUS current
1564: DESCRIPTION
1565: "The amount of user level traffic measured in bytes handled
1566: by the suite in the outbound direction.
1567:
1568: This is the same as the user level traffic of the inner most
1569: outbound SA in the suite. Note that if the inner most SA is
1570: a shared IPcomp SA, then this value may be difficult to
1571: calculate."
1572: ::= { suiteEntry 14 }
1573:
1574: suiteOutPackets OBJECT-TYPE
1575: SYNTAX Counter64
1576: UNITS "packets"
1577: MAX-ACCESS read-only
1578: STATUS current
1579: DESCRIPTION
1580: "The number of outbound packets handled by the suite.
1581:
1582: This is the same as the number of packets handled by any one
1583: of the outbound SAs in the suite."
1584: ::= { suiteEntry 15 }
1585:
1586: suiteSendErrors OBJECT-TYPE
1587: SYNTAX Counter32
1588: MAX-ACCESS read-only
1589: STATUS current
1590: DESCRIPTION
1591: "The number of outbound packets discarded by the suite due
1592: to any error.
1593:
1594: This is the same as the sum of all errors of all outbound
1595: SAs in the suite."
1596: ::= { suiteEntry 16 }
1597:
1598: suiteReceiveErrors OBJECT-TYPE
1599: SYNTAX Counter32
1600: UNITS "packets"
1601: MAX-ACCESS read-only
1602: STATUS current DESCRIPTION
1603: "The number of inbound packets discarded by the suite due to
1604: any error.
1605:
1606: This is the same as the sum of all errors of all inbound SAs
1607: in the suite."
1608: ::= { suiteEntry 17 }
1609:
1610:
1611: --
1612: -- the Phase 2 SA MIB-Group
1613: --
1614: -- a collection of objects providing information about
1615: -- the phase 2 SAs in SA suites
1616: --
1617:
1618: phase2SaTable OBJECT-TYPE
1619: SYNTAX SEQUENCE OF Phase2SaEntry
1620: MAX-ACCESS not-accessible
1621: STATUS current
1622: DESCRIPTION
1623: "The (conceptual) table containing ID information for the
1624: phase 2 SAs that are part of suites.
1625:
1626: The number of rows in this table is the same as the number
1627: of phase 2 IPsec SA pairs that are created as part of
1628: suites. The maximum number of rows is implementation
1629: dependent."
1630: ::= { suiteTables 3 }
1631:
1632: phase2SaEntry OBJECT-TYPE
1633: SYNTAX Phase2SaEntry
1634: MAX-ACCESS not-accessible
1635: STATUS current
1636: DESCRIPTION
1637: "An entry (conceptual row) containing the information on a
1638: particular phase 2 SA within a suite.
1639:
1640: A row in this table cannot be created or deleted by SNMP
1641: operations on columns of the table."
1642: INDEX { suiteIndex, saOrder }
1643: ::= { phase2SaTable 1 }
1644:
1645: Phase2SaEntry ::= SEQUENCE {
1646: -- additional indexing objects
1647: saOrder Unsigned32,
1648:
1649: -- SA identifiers
1650: saProtocol IpsecDoiTransformIdent,
1651: saInSpi Unsigned32,
1652: saOutSpi Unsigned32
1653: }
1654:
1655: saOrder OBJECT-TYPE
1656: SYNTAX Unsigned32 (1..15)
1657: MAX-ACCESS not-accessible
1658: STATUS current
1659: DESCRIPTION
1660: "The position within the suite of the pair of SAs indicated
1661: by this row.
1662:
1663: A value of 1 is used to represent the outer-most SA pair.
1664: The outer-most SA of any given packet has its header next to
1665: the outer IP header of the processed packet, while the
1666: inner-most SA has its header nearest the data of the
1667: unprocessed packet. (Note that the IPcomp header may be
1668: missing in actual usage if a particular packet was not
1669: compressed.)
1670:
1671: This value should be monotonically increasing for every SA
1672: pair in a suite. The maximum value is implementation
1673: dependent, but will generally not exceed three."
1674: ::= { phase2SaEntry 1 }
1675:
1676: saProtocol OBJECT-TYPE
1677: SYNTAX IpsecDoiTransformIdent
1678: MAX-ACCESS read-only
1679: STATUS current
1680: DESCRIPTION
1681: "The protocol of the inbound/outbound SA pair indicated by
1682: this row of the table."
1683: ::= { phase2SaEntry 2 }
1684:
1685: saInSpi OBJECT-TYPE
1686: SYNTAX Unsigned32
1687: MAX-ACCESS read-only
1688: STATUS current
1689: DESCRIPTION
1690: "The security parameters index of the inbound SA of the
1691: inbound/outbound SA pair. If the protocol of the SA pair is
1692: IPcomp, this value is the CPI.
1693:
1694: This value is used with the value of 'suiteLocalAddress'
1695: from the row indexed by 'suiteIndex' to create a SPI/address
1696: pair that uniquely identifies the inbound SA used in this SA
1697: suite. This can then be used to look up the SA in the
1698: appropriate inbound SA table, based on 'saProtocol'."
1699: REFERENCE "RFC 2406 Section 2.1"
1700: ::= { phase2SaEntry 3 }
1701:
1702: saOutSpi OBJECT-TYPE
1703: SYNTAX Unsigned32
1704: MAX-ACCESS read-only
1705: STATUS current
1706: DESCRIPTION
1707: "The security parameters index of the outbound SA of the
1708: inbound/outbound SA pair. If the protocol of the SA pair is
1709: IPcomp, this value is the CPI.
1710:
1711: This value is used with the value of 'suiteRemoteAddress'
1712: from the row indexed by 'suiteIndex' to create a SPI/address
1713: pair that uniquely identifies the outbound SA used in this
1714: SA suite. This can then be used to look up the SA in the
1715: appropriate outbound SA table, based on 'saProtocol'."
1716: REFERENCE "RFC 2406 Section 2.1"
1717: ::= { phase2SaEntry 4 }
1718:
1719:
1720: --
1721: -- the Phase 2 Suite By Creators Table
1722: --
1723:
1724: suiteByCreatorsTable OBJECT-TYPE
1725: SYNTAX SEQUENCE OF SuiteByCreatorsEntry
1726: MAX-ACCESS not-accessible
1727: STATUS current
1728: DESCRIPTION
1729: "The (conceptual) table that sorts the SA suites by the
1730: endpoint identifiers.
1731:
1732: The number of rows in this table is the same as the number
1733: of suites in the entity."
1734: ::= { suiteTables 4 }
1735:
1736: suiteByCreatorsEntry OBJECT-TYPE
1737: SYNTAX SuiteByCreatorsEntry
1738: MAX-ACCESS not-accessible
1739: STATUS current
1740: DESCRIPTION
1741: "An entry (conceptual row) referencing a particular suite.
1742:
1743: A row in this table cannot be created or deleted by SNMP
1744: operations on columns of the table." INDEX
1745: {
1746: suiteByCreatorsP1LocalEndpoint,
1747: suiteByCreatorsP1RemoteEndpoint,
1748: suiteByCreatorsIndex
1749: }
1750: ::= { suiteByCreatorsTable 1 }
1751:
1752: SuiteByCreatorsEntry ::= SEQUENCE {
1753: -- index
1754: suiteByCreatorsP1LocalEndpoint Unsigned32,
1755: suiteByCreatorsP1RemoteEndpoint Unsigned32,
1756: suiteByCreatorsIndex Unsigned32,
1757:
1758: -- suite reference
1759: suiteByCreatorsRef OBJECT IDENTIFIER
1760: }
1761:
1762: suiteByCreatorsP1LocalEndpoint OBJECT-TYPE
1763: SYNTAX Unsigned32
1764: MAX-ACCESS not-accessible
1765: STATUS current
1766: DESCRIPTION
1767: "The index of the endpoint table row for the local
1768: endpoint."
1769: ::= { suiteByCreatorsEntry 1 }
1770:
1771: suiteByCreatorsP1RemoteEndpoint OBJECT-TYPE
1772: SYNTAX Unsigned32
1773: MAX-ACCESS not-accessible
1774: STATUS current
1775: DESCRIPTION
1776: "The index of the endpoint table row for the remote
1777: endpoint."
1778: ::= { suiteByCreatorsEntry 2 }
1779:
1780: suiteByCreatorsIndex OBJECT-TYPE
1781: SYNTAX Unsigned32 (1..16777215)
1782: MAX-ACCESS not-accessible
1783: STATUS current
1784: DESCRIPTION
1785: "A unique value, greater than zero, for each SA suite that
1786: is between the two endpoints. It is recommended that values
1787: are assigned contiguously starting from 1 for each SA suite
1788: between the two endpoints.
1789:
1790: Note that duplicate entries for the saByCreatorsHash value
1791: may also arise due to hash result collisions."
1792: ::= { suiteByCreatorsEntry 3 }
1793:
1794: suiteByCreatorsRef OBJECT-TYPE
1795: SYNTAX OBJECT IDENTIFIER
1796: MAX-ACCESS read-only
1797: STATUS current
1798: DESCRIPTION
1799: "The object identifier of 'suiteIndex' in the row
1800: ('suiteEntry') of the 'suiteTable' to which this row
1801: refers."
1802: ::= { suiteByCreatorsEntry 4 }
1803:
1804:
1805: --
1806: -- the Phase 2 Suite By Selector Table
1807: --
1808:
1809: suiteBySelectorsTable OBJECT-TYPE
1810: SYNTAX SEQUENCE OF SuiteBySelectorsEntry
1811: MAX-ACCESS not-accessible
1812: STATUS current
1813: DESCRIPTION
1814: "The (conceptual) table that sorts the suites by the
1815: selectors.
1816:
1817: The number of rows in this table is the same as the number
1818: of suites in the entity.
1819:
1820: The maximum number of rows in this table is implementation
1821: dependent."
1822: ::= { suiteTables 5 }
1823:
1824: suiteBySelectorsEntry OBJECT-TYPE
1825: SYNTAX SuiteBySelectorsEntry
1826: MAX-ACCESS not-accessible
1827: STATUS current
1828: DESCRIPTION
1829: "An entry (conceptual row) referencing a particular suite.
1830:
1831: A row in this table cannot be created or deleted by SNMP
1832: operations on columns of the table."
1833: INDEX
1834: {
1835: selectorIndex,
1836: suiteBySelectorsIndex
1837: }
1838: ::= { suiteBySelectorsTable 1 }
1839: SuiteBySelectorsEntry ::= SEQUENCE {
1840: -- additional index
1841: suiteBySelectorsIndex Unsigned32,
1842:
1843: -- suite reference
1844: suiteBySelectorsRef OBJECT IDENTIFIER
1845: }
1846:
1847: suiteBySelectorsIndex OBJECT-TYPE
1848: SYNTAX Unsigned32 (1..16777215)
1849: MAX-ACCESS not-accessible
1850: STATUS current
1851: DESCRIPTION
1852: "A unique value, greater than zero, for each SA suite that
1853: has the same selectors. It is recommended that values are
1854: assigned contiguously starting from 1."
1855: ::= { suiteBySelectorsEntry 1 }
1856:
1857: suiteBySelectorsRef OBJECT-TYPE
1858: SYNTAX OBJECT IDENTIFIER
1859: MAX-ACCESS read-only
1860: STATUS current
1861: DESCRIPTION
1862: "The object identifier of 'suiteIndex' in the row
1863: ('suiteEntry') of the 'suiteTable' to which this row
1864: refers."
1865: ::= { suiteBySelectorsEntry 2 }
1866:
1867: --
1868: -- the Phase 2 SA to Suite Table
1869: --
1870:
1871: ipsecSaInSuiteTable OBJECT-TYPE
1872: SYNTAX SEQUENCE OF IpsecSaInSuiteEntry
1873: MAX-ACCESS not-accessible
1874: STATUS current
1875: DESCRIPTION
1876: "The (conceptual) table that allows determination of which
1877: suite a particular phase 2 SA is in.
1878:
1879: The number of rows in this table is the same as the number
1880: of phase 2 SAs in the entity."
1881: ::= { suiteTables 6 }
1882:
1883: ipsecSaInSuiteEntry OBJECT-TYPE
1884: SYNTAX IpsecSaInSuiteEntry
1885: MAX-ACCESS not-accessible
1886: STATUS current DESCRIPTION
1887: "An entry (conceptual row) referencing a particular phase 2
1888: SA.
1889:
1890: A row in this table cannot be created or deleted by SNMP
1891: operations on columns of the table."
1892: INDEX
1893: {
1894: ipsecSaInSuiteDestAddrType,
1895: ipsecSaInSuiteDestAddress,
1896: ipsecSaInSuiteProtocol,
1897: ipsecSaInSuiteSpi
1898: }
1899: ::= { ipsecSaInSuiteTable 1 }
1900:
1901: IpsecSaInSuiteEntry ::= SEQUENCE {
1902: -- index
1903: ipsecSaInSuiteDestAddrType InetAddressType,
1904: ipsecSaInSuiteDestAddress InetAddress,
1905: ipsecSaInSuiteProtocol IpsecDoiSecProtocolId,
1906: ipsecSaInSuiteSpi Unsigned32,
1907:
1908: -- SA reference
1909: ipsecSaInSuiteRef OBJECT IDENTIFIER
1910: }
1911:
1912: ipsecSaInSuiteDestAddrType OBJECT-TYPE
1913: SYNTAX InetAddressType
1914: MAX-ACCESS not-accessible
1915: STATUS current
1916: DESCRIPTION
1917: "The type of the destination address of the IPsec phase 2 SA
1918: to which this row refers."
1919: ::= { ipsecSaInSuiteEntry 1 }
1920:
1921: ipsecSaInSuiteDestAddress OBJECT-TYPE
1922: SYNTAX InetAddress (SIZE(4|16|20))
1923: MAX-ACCESS not-accessible
1924: STATUS current
1925: DESCRIPTION
1926: "The destination address of the IPsec phase 2 SA to which
1927: this row refers."
1928: ::= { ipsecSaInSuiteEntry 2 }
1929:
1930: ipsecSaInSuiteProtocol OBJECT-TYPE
1931: SYNTAX IpsecDoiSecProtocolId
1932: MAX-ACCESS not-accessible
1933: STATUS current DESCRIPTION
1934: "The security protocol of the IPsec phase 2 SA to which this
1935: row refers."
1936: ::= { ipsecSaInSuiteEntry 3 }
1937:
1938: ipsecSaInSuiteSpi OBJECT-TYPE
1939: SYNTAX Unsigned32
1940: MAX-ACCESS not-accessible
1941: STATUS current
1942: DESCRIPTION
1943: "The SPI value of the IPsec phase 2 SA to which this row
1944: refers. If the value of 'ipsecSaInSuiteProtocol' is
1945: 'protoIpcomp(4)', then this is the CPI of the SA."
1946: REFERENCE "RFC 2407 Section 4.6.2.1"
1947: ::= { ipsecSaInSuiteEntry 4 }
1948:
1949: ipsecSaInSuiteRef OBJECT-TYPE
1950: SYNTAX OBJECT IDENTIFIER
1951: MAX-ACCESS read-only
1952: STATUS current
1953: DESCRIPTION
1954: "The object identifier of 'suiteIndex' in the row
1955: ('suiteEntry') of the 'suiteTable' to which this row refers.
1956:
1957: This is the suite that uses this SA."
1958: ::= { ipsecSaInSuiteEntry 5 }
1959:
1960:
1961: -- the Notify Message MIB-Group
1962: --
1963: -- a collection of objects providing information about
1964: -- the occurrences of notify messages
1965:
1966: notifyCountTable OBJECT-TYPE
1967: SYNTAX SEQUENCE OF NotifyCountEntry
1968: MAX-ACCESS not-accessible
1969: STATUS current
1970: DESCRIPTION
1971: "The (conceptual) table containing information on IPSec
1972: notify message counts.
1973:
1974: Rows are created in this table for every notification type
1975: that has been sent or received by the entity.
1976:
1977: This table MAY be sparsely populated; that is, rows for
1978: which the count is 0 may be absent."
1979: ::= { ikeNotifications 1 }
1980: notifyCountEntry OBJECT-TYPE
1981: SYNTAX NotifyCountEntry
1982: MAX-ACCESS not-accessible
1983: STATUS current
1984: DESCRIPTION
1985: "An entry (conceptual row) containing the total number of
1986: occurrences of a notify message.
1987:
1988: A row in this table cannot be created or deleted by SNMP
1989: operations on columns of the table."
1990: INDEX { notifyProtocol, notifyType }
1991: ::= { notifyCountTable 1 }
1992:
1993: NotifyCountEntry ::= SEQUENCE {
1994: -- identification
1995: notifyProtocol IpsecDoiSecProtocolId,
1996: notifyType IkeNotifyMessageType,
1997:
1998: -- ocurrences
1999: notifiesSent Counter32,
2000: notifiesReceived Counter32
2001: }
2002:
2003: notifyProtocol OBJECT-TYPE
2004: SYNTAX IpsecDoiSecProtocolId
2005: MAX-ACCESS not-accessible
2006: STATUS current
2007: DESCRIPTION
2008: "The value representing a protocol for which the notify was
2009: used."
2010: REFERENCE "RFC 2408 Section 3.14"
2011: ::= { notifyCountEntry 1 }
2012:
2013: notifyType OBJECT-TYPE
2014: SYNTAX IkeNotifyMessageType
2015: MAX-ACCESS not-accessible
2016: STATUS current
2017: DESCRIPTION
2018: "The value representing a specific ISAKMP notify message, or
2019: 0 if unknown.
2020:
2021: Values are assigned from the set of notify message types as
2022: defined in Section 3.14.1 of [ISAKMP], and enhanced by the
2023: IPsec DOI. In addition, the value 0 may be used for this
2024: object when the object is used as a trap cause, and the
2025: cause is unknown."
2026: REFERENCE "RFC 2408 Section 3.14.1"
2027: ::= { notifyCountEntry 2 }
2028: notifiesSent OBJECT-TYPE
2029: SYNTAX Counter32
2030: MAX-ACCESS read-only
2031: STATUS current
2032: DESCRIPTION
2033: "The total number of times the specific notify message has
2034: been sent by the entity since system boot."
2035: ::= { notifyCountEntry 3 }
2036:
2037: notifiesReceived OBJECT-TYPE
2038: SYNTAX Counter32
2039: MAX-ACCESS read-only
2040: STATUS current
2041: DESCRIPTION
2042: "The total number of times the specific notify message has
2043: been received by the entity since system boot."
2044: ::= { notifyCountEntry 4 }
2045:
2046:
2047: --
2048: -- the IKE Entity MIB-Group
2049: --
2050: -- a collection of objects providing information about overall IKE
2051: -- status in the entity
2052:
2053: --
2054: -- IKE phase 1 SA statistics
2055: --
2056:
2057: ikeCurrentSAs OBJECT-TYPE
2058: SYNTAX Gauge32
2059: MAX-ACCESS read-only
2060: STATUS current
2061: DESCRIPTION
2062: "The current number of IKE SAs in the entity."
2063: ::= { ikeGlobals 1 }
2064:
2065: ikeCurrentInitiatedSAs OBJECT-TYPE
2066: SYNTAX Gauge32
2067: MAX-ACCESS read-only
2068: STATUS current
2069: DESCRIPTION
2070: "The current number of IKE SAs successfully negotiated in
2071: the entity that were initiated by the entity."
2072: ::= { ikeGlobals 2 }
2073:
2074: ikeCurrentRespondedSAs OBJECT-TYPE
2075: SYNTAX Gauge32
2076: MAX-ACCESS read-only
2077: STATUS current
2078: DESCRIPTION
2079: "The current number of IKE SAs successfully negotiated in
2080: the entity that were initiated by the peer entity."
2081: ::= { ikeGlobals 3 }
2082:
2083: ikeTotalSAs OBJECT-TYPE
2084: SYNTAX Counter32
2085: MAX-ACCESS read-only
2086: STATUS current
2087: DESCRIPTION
2088: "The total number of IKE SAs successfully negotiated in the
2089: entity since boot time."
2090: ::= { ikeGlobals 4 }
2091:
2092: ikeTotalInitiatedSAs OBJECT-TYPE
2093: SYNTAX Counter32
2094: MAX-ACCESS read-only
2095: STATUS current
2096: DESCRIPTION
2097: "The total number of IKE SAs successfully negotiated in the
2098: entity since boot time that were initiated by the entity."
2099: ::= { ikeGlobals 5 }
2100:
2101: ikeTotalRespondedSAs OBJECT-TYPE
2102: SYNTAX Counter32
2103: MAX-ACCESS read-only
2104: STATUS current
2105: DESCRIPTION
2106: "The total number of IKE SAs successfully negotiated in the
2107: entity since boot time that were initiated by the peer
2108: entity."
2109: ::= { ikeGlobals 6 }
2110:
2111: ikeTotalAttempts OBJECT-TYPE
2112: SYNTAX Counter32
2113: MAX-ACCESS read-only
2114: STATUS current
2115: DESCRIPTION
2116: "The total number of IKE SAs negotiation attempts made since
2117: boot time. This includes successful negotiations."
2118: ::= { ikeGlobals 7 }
2119:
2120: ikeTotalSaInitAttempts OBJECT-TYPE
2121: SYNTAX Counter32 MAX-ACCESS read-only
2122: STATUS current
2123: DESCRIPTION
2124: "The total number of IKE SAs negotiation attempts made where
2125: the entity was the initiator since boot time. This includes
2126: successful negotiations."
2127: ::= { ikeGlobals 8 }
2128:
2129: ikeTotalSaRespAttempts OBJECT-TYPE
2130: SYNTAX Counter32
2131: MAX-ACCESS read-only
2132: STATUS current
2133: DESCRIPTION
2134: "The total number of IKE SAs negotiation attempts made where
2135: the entity was the responder since boot time. This includes
2136: successful negotiations."
2137: ::= { ikeGlobals 9 }
2138:
2139:
2140: --
2141: -- IKE Aggregate Traffic Statistics
2142: --
2143:
2144: ikeTotalInPackets OBJECT-TYPE
2145: SYNTAX Counter32
2146: UNITS "packets"
2147: MAX-ACCESS read-only
2148: STATUS current
2149: DESCRIPTION
2150: "The total number of IKE packets received by the entity
2151: since boot time, including re-transmissions and un-encrypted
2152: packets."
2153: ::= { ikeTrafStats 1 }
2154:
2155: ikeTotalOutPackets OBJECT-TYPE
2156: SYNTAX Counter32
2157: UNITS "packets"
2158: MAX-ACCESS read-only
2159: STATUS current
2160: DESCRIPTION
2161: "The total number of IKE packets sent by the entity since
2162: boot time, including re-transmissions and un-encrypted
2163: packets."
2164: ::= { ikeTrafStats 2 }
2165:
2166: ikeTotalInOctets OBJECT-TYPE
2167: SYNTAX Counter64
2168: UNITS "bytes" MAX-ACCESS read-only
2169: STATUS current
2170: DESCRIPTION
2171: "The total amount of IKE traffic received by the entity
2172: since boot time, measured in bytes, including any re-
2173: transmitted packets received, and including encrypted and
2174: un-encrypted packets."
2175: ::= { ikeTrafStats 3 }
2176:
2177: ikeTotalOutOctets OBJECT-TYPE
2178: SYNTAX Counter64
2179: UNITS "bytes"
2180: MAX-ACCESS read-only
2181: STATUS current
2182: DESCRIPTION
2183: "The total amount of IKE traffic sent by the entity since
2184: boot time, measured in bytes, including any re-transmissions
2185: and including encrypted and un-encrypted packets."
2186: ::= { ikeTrafStats 4 }
2187:
2188:
2189: --
2190: -- IKE Phase 1 SA Aggregate Errors
2191: --
2192:
2193: ikeTotalInitFailures OBJECT-TYPE
2194: SYNTAX Counter32
2195: MAX-ACCESS read-only
2196: STATUS current
2197: DESCRIPTION
2198: "The total number of attempts to initiate an IKE phase 1 SA
2199: that failed since boot time, when there was a response from
2200: the peer entity.
2201:
2202: This value may be used to detect clogging or denial-of-
2203: service attacks."
2204: ::= { ikeErrors 1 }
2205:
2206: ikeTotalInitNoResponses OBJECT-TYPE
2207: SYNTAX Counter32
2208: MAX-ACCESS read-only
2209: STATUS current
2210: DESCRIPTION
2211: "The total number of attempts to initiate an IKE phase 1 SA
2212: that failed since boot time, when there was no response from
2213: the peer entity.
2214:
2215: This should only be incremented if the peer does not repond
2216: to the first packet of attempted negotiations."
2217: ::= { ikeErrors 2 }
2218:
2219: ikeTotalRespFailures OBJECT-TYPE
2220: SYNTAX Counter32
2221: MAX-ACCESS read-only
2222: STATUS current
2223: DESCRIPTION
2224: "The total number of attempts to initiate an IKE phase 1 SA
2225: that failed since boot time, when the initiation attempt
2226: came for the peer entity."
2227: ::= { ikeErrors 3 }
2228:
2229:
2230: --
2231: -- Suite Global Objects
2232: --
2233:
2234: totalSuites OBJECT-TYPE
2235: SYNTAX Counter32
2236: MAX-ACCESS read-only
2237: STATUS current
2238: DESCRIPTION
2239: "The total number of suites created by the entity since
2240: system boot."
2241: ::= { suiteGlobals 1 }
2242:
2243: currentSuites OBJECT-TYPE
2244: SYNTAX Gauge32
2245: MAX-ACCESS read-only
2246: STATUS current
2247: DESCRIPTION
2248: "The total number of suites currently in existence in the
2249: entity."
2250: ::= { suiteGlobals 2 }
2251:
2252: --
2253: -- Suite Aggregate Traffic Statistics
2254: --
2255:
2256: suiteTotalInUserKbytes OBJECT-TYPE
2257: SYNTAX Counter64 UNITS "Kilobytes"
2258: MAX-ACCESS read-only
2259: STATUS current
2260: DESCRIPTION
2261: "The total amount of user level traffic carried by all
2262: suites in the entity since boot time, measured in Kilobytes
2263: (1024 bytes), in the inbound direction.
2264:
2265: This is the sum of the 'suiteInUserOctets' column for all
2266: suite rows created since boot time."
2267: ::= { suiteTrafStats 1 }
2268:
2269: suiteTotalInPackets OBJECT-TYPE
2270: SYNTAX Counter64
2271: UNITS "packets"
2272: MAX-ACCESS read-only
2273: STATUS current
2274: DESCRIPTION
2275: "The total number of packets carried by all suites in the
2276: entity since boot time in the inbound direction.
2277:
2278: This is the sum of the 'suiteInPackets' column for all suite
2279: rows created since boot time."
2280: ::= { suiteTrafStats 2 }
2281:
2282: suiteTotalOutUserKbytes OBJECT-TYPE
2283: SYNTAX Counter64
2284: UNITS "Kilobytes"
2285: MAX-ACCESS read-only
2286: STATUS current
2287: DESCRIPTION
2288: "The total amount of user level traffic carried by all
2289: suites in the entity since boot time, measured in Kilobytes
2290: (1024 bytes), in the outbound direction.
2291:
2292: This is the sum of the 'suiteOutUserOctets' column for all
2293: suite rows created since boot time."
2294: ::= { suiteTrafStats 3 }
2295:
2296: suiteTotalOutPackets OBJECT-TYPE
2297: SYNTAX Counter64
2298: UNITS "packets"
2299: MAX-ACCESS read-only
2300: STATUS current
2301: DESCRIPTION
2302: "The total number of packets carried by all suites in the
2303: entity since boot time, in the outbound direction.
2304: This is the sum of the 'suiteOutPackets' column for all
2305: suite rows created since boot time."
2306: ::= { suiteTrafStats 4 }
2307:
2308: --
2309: -- Suite Aggregate Error Counts
2310: --
2311:
2312: suiteInitFailures OBJECT-TYPE
2313: SYNTAX Counter32
2314: MAX-ACCESS read-only
2315: STATUS current
2316: DESCRIPTION
2317: "The total number of attempts to initiate an suite that
2318: failed since boot time, when the attempt was initiated
2319: locally."
2320: ::= { suiteErrors 1 }
2321:
2322: suiteRespondFailures OBJECT-TYPE
2323: SYNTAX Counter32
2324: MAX-ACCESS read-only
2325: STATUS current
2326: DESCRIPTION
2327: "The total number of attempts to initiate an suite that
2328: failed since boot time, when the attempt was initiated by
2329: the peer entity."
2330: ::= { suiteErrors 2 }
2331:
2332:
2333: --
2334: -- Trap Objects, Traps and Trap Control
2335: --
2336:
2337: ikeLocalEndpoint OBJECT-TYPE
2338: SYNTAX Unsigned32
2339: MAX-ACCESS accessible-for-notify
2340: STATUS current
2341: DESCRIPTION
2342: "The index to an endpoint that is the local endpoint in a
2343: trap."
2344: ::= { ikeTrapObjects 1 }
2345:
2346: ikeRemoteEndpoint OBJECT-TYPE
2347: SYNTAX Unsigned32
2348: MAX-ACCESS accessible-for-notify
2349: STATUS current
2350:
2351: DESCRIPTION
2352: "The index to an endpoint that is the remote endpoint in a
2353: trap."
2354: ::= { ikeTrapObjects 2 }
2355:
2356: ikeSelector OBJECT-TYPE
2357: SYNTAX Unsigned32
2358: MAX-ACCESS accessible-for-notify
2359: STATUS current
2360: DESCRIPTION
2361: "The index to a selector that is involved in a trap."
2362: ::= { ikeTrapObjects 3 }
2363:
2364: ikeAuthMethod OBJECT-TYPE
2364: warning -
warning: identifier `ikeAuthMethod' differs from `IPSEC-ISAKMP-IKE-DOI-TC::IkeAuthMethod' only in case
2365: SYNTAX IkeAuthMethod
2366: MAX-ACCESS accessible-for-notify
2367: STATUS current
2368: DESCRIPTION
2369: "An authentication method that was used in a trap."
2370: ::= { ikeTrapObjects 4 }
2371:
2372: ikeNegFailureTrapEnable OBJECT-TYPE
2373: SYNTAX TruthValue
2374: MAX-ACCESS read-write
2375: STATUS current
2376: DESCRIPTION
2377: "Indicates whether ikeNegFailure traps should be generated."
2378: DEFVAL { false }
2379: ::= { ikeTrapControl 1 }
2380:
2381: ikeNegFailure NOTIFICATION-TYPE
2382: OBJECTS {
2383: ikeLocalEndpoint,
2384: ikeRemoteEndpoint,
2385: localIpAddressType,
2386: localIpAddress,
2387: localUdpPort,
2388: remoteIpAddressType,
2389: remoteIpAddress,
2390: remoteUdpPort,
2391: ikeAuthMethod,
2392: ikeTotalInitFailures,
2393: ikeTotalInitNoResponses,
2394: ikeTotalRespFailures,
2395: notifiesSent,
2396: notifiesReceived
2397: }
2398: STATUS current DESCRIPTION
2399: "An attempt to negotiate a phase 1 IKE SA failed.
2400:
2401: The notification counts are also sent as part of the trap,
2402: along with the current value of the total negotiation error
2403: counters for ISAKMP."
2404: ::= { ikeTraps 0 1 }
2404: warning -
warning: implicit node definition
2405:
2406: suiteNegFailureTrapEnable OBJECT-TYPE
2407: SYNTAX TruthValue
2408: MAX-ACCESS read-write
2409: STATUS current
2410: DESCRIPTION
2411: "Indicates whether 'suiteNegFailure' traps should be
2412: generated."
2413: DEFVAL { false }
2414: ::= { suiteTrapControl 1 }
2415:
2416: suiteNegFailure NOTIFICATION-TYPE
2417: OBJECTS {
2418: ikeSelector,
2419: suiteInitFailures,
2420: suiteRespondFailures,
2421: notifiesSent,
2422: notifiesReceived
2423: }
2424: STATUS current
2425: DESCRIPTION
2426: "An attempt to negotiate a phase 2 SA suite for the
2427: specified selector failed.
2428:
2429: The current total failure counts are passed as well as the
2430: notification type counts for the notify involved in the
2431: failure."
2432: ::= { suiteTraps 0 1 }
2432: warning -
warning: implicit node definition
2433:
2434:
2435: --
2436: -- Units of conformance (Object Groups)
2437: --
2438:
2439: --
2440: -- Authors' note: Index objects are commented out, since the current
2441: -- SMI does not allow objects with a MAX-ACCESS clause of
2442: -- 'not-accessible' to be put in groups.
2443: --
2444:
2445: oakleyGroup OBJECT-GROUP
2445: warning -
warning: current group `oakleyGroup' is not referenced in this module
2446: OBJECTS
2447: {
2448: -- modpGroupIndex,
2449: modpFieldSize, modpPrime, modpGenerator, modpLPF,
2450: modpStrength,
2451: -- ecpGroupIndex,
2452: ecpFieldSize, ecpPrime, ecpGeneratorOne, ecpGeneratorTwo,
2453: ecpParameterOne, ecpParameterTwo, ecpLPF, ecpOrder,
2454: ecpStrength,
2455: -- ec2nGroupIndex,
2456: ec2nDegree, ec2nIrrPoly, ec2nGeneratorOne, ec2nGeneratorTwo,
2457: ec2nParameterOne, ec2nParameterTwo, ec2nLPF, ec2nOrder,
2458: ec2nStrength
2459: }
2460: STATUS current
2461: DESCRIPTION
2462: "A collection of objects that describe the Oakley Groups
2463: used or known by the entity."
2464: REFERENCE "RFC 2412"
2465: ::= { ikeGroups 1 }
2466:
2467: endpointGroup OBJECT-GROUP
2468: OBJECTS
2469: {
2470: -- endpointIndex,
2471: endpointIdType, endpointIdValue, endpointCertSerialNum,
2472: endpointCertIssuer, endpointIsLocal, endpointCurrentIkeSAs,
2473: endpointTotalIkeSAs, endpointCurrentSuites,
2474: endpointTotalSuites
2475: }
2476: STATUS current
2477: DESCRIPTION
2478: "A collection of objects that describe IKE endpoints."
2479: ::= { ikeGroups 2 }
2480:
2481: ikeSaGroup OBJECT-GROUP
2482: OBJECTS
2483: {
2484: saAuthMethod, saPeerEndpoint, saLocalEndpoint, saEncAlg,
2485: saEncKeyLength, saHashAlg, saHashKeyLength, saPRF,
2486: saOakleyGroupDesc, saOakleyGroup, saLimitSeconds,
2487: saLimitKbytes, saLimitKeyUses, saAccKbytes, saKeyUses,
2488: saCreatedSuites, saDeletedSuites, saDecryptErrors,
2489: saHashErrors, saOtherReceiveErrors, saSendErrors
2490: }
2491: STATUS current
2492: DESCRIPTION
2493: "A collection of objects that describe IKE phase 1 SAs."
2494: ::= { ikeGroups 3 }
2495:
2496: ikeHelpersGroup OBJECT-GROUP
2497: OBJECTS
2498: {
2499: -- saByCreatorsLocalEndpoint, saByCreatorsRemoteEndpoint,
2500: -- saByCreatorsIndex,
2501: saIkeLocalIpAddressType, saIkeLocalIpAddress,
2502: saIkeRemoteIpAddressType, saIkeRemoteIpAddress,
2503: saIkeInitiatorCookie, saIkeResponderCookie
2504: }
2505: STATUS current
2506: DESCRIPTION
2507: "A collection of objects that help look up IKE phase 1 SAs."
2508: ::= { ikeGroups 4 }
2509:
2510: exchangeGroup OBJECT-GROUP
2511: OBJECTS
2512: {
2513: -- exchangeType,
2514: exchangesTotalCount, exchangesInitiatedCount,
2515: exchangesRespondedCount
2516: }
2517: STATUS current
2518: DESCRIPTION
2519: "A collection of objects that count exchanges."
2520: ::= { ikeGroups 5 }
2521:
2522: suiteGroup OBJECT-GROUP
2523: OBJECTS
2524: {
2525: -- suiteIndex,
2526: suiteLocalAddressType, suiteLocalAddress,
2527: suiteRemoteAddressType, suiteRemoteAddress,
2528: suitePhase1RemoteEndpoint, suitePhase1LocalEndpoint,
2529: suiteSelector, suiteOakleyGroupDesc, suiteOakleyGroup,
2530: suiteLifeSeconds, suiteInUserOctets, suiteInPackets,
2531: suiteOutUserOctets, suiteOutPackets, suiteSendErrors,
2532: suiteReceiveErrors
2533: }
2534: STATUS current
2535: DESCRIPTION
2536: "A collection of objects that describe phase 2 SA suites."
2537: ::= { ikeGroups 7 }
2538:
2539: phase2SaGroup OBJECT-GROUP
2540: OBJECTS
2541: {
2542: -- saOrder,
2543: saProtocol, saInSpi, saOutSpi,
2544: -- ipsecSaInSuiteDestAddrType, ipsecSaInSuiteDestAddress,
2545: -- ipsecSaInSuiteProtocol, ipsecSaInSuiteSpi,
2546: ipsecSaInSuiteRef
2547: }
2548: STATUS current
2549: DESCRIPTION
2550: "A collection of objects that relate phase 2 SAs to phase 2
2551: SA suites."
2552: ::= { ikeGroups 8 }
2553:
2554: suiteHelperGroup OBJECT-GROUP
2555: OBJECTS
2556: {
2557: -- suiteByCreatorsP1LocalEndpoint,
2558: -- suiteByCreatorsP1RemoteEndpoint, suiteByCreatorsIndex,
2559: suiteByCreatorsRef,
2560: -- suiteBySelectorsIndex,
2561: suiteBySelectorsRef
2562: }
2563: STATUS current
2564: DESCRIPTION
2565: "A collection of objects that help look up phase 2 SA
2566: suites."
2567: ::= { ikeGroups 9 }
2568:
2569: notifyGroup OBJECT-GROUP
2570: OBJECTS
2571: {
2572: -- notifyProtocol, notifyType,
2573: notifiesSent, notifiesReceived
2574: }
2575: STATUS current
2576: DESCRIPTION
2577: "A collection of objects that take statistics for notify
2578: messages in IKE."
2579: ::= { ikeGroups 10 }
2580:
2581: ikeGlobalsGroup OBJECT-GROUP
2582: OBJECTS
2583: {
2584: ikeCurrentSAs, ikeCurrentInitiatedSAs,
2585: ikeCurrentRespondedSAs, ikeTotalSAs, ikeTotalInitiatedSAs,
2586: ikeTotalRespondedSAs, ikeTotalAttempts,
2587: ikeTotalSaInitAttempts, ikeTotalSaRespAttempts,
2588: ikeTotalInPackets, ikeTotalOutPackets, ikeTotalInOctets,
2589: ikeTotalOutOctets, ikeTotalInitFailures,
2590: ikeTotalInitNoResponses, ikeTotalRespFailures
2591: }
2592: STATUS current
2593: DESCRIPTION
2594: "A collection of objects providing global IKE phase 1 SA
2595: statistics."
2596: ::= { ikeGroups 11 }
2597:
2598: suiteGlobalsGroup OBJECT-GROUP
2599: OBJECTS
2600: {
2601: totalSuites, currentSuites, suiteTotalInUserKbytes,
2602: suiteTotalInPackets, suiteTotalOutUserKbytes,
2603: suiteTotalOutPackets, suiteInitFailures,
2604: suiteRespondFailures
2605: }
2606: STATUS current
2607: DESCRIPTION
2608: "A collection of objects providing global phase 2 SA suite
2609: statistics."
2610: ::= { ikeGroups 12 }
2611:
2612: ikeTrapArgumentGroup OBJECT-GROUP
2613: OBJECTS
2614: {
2615: ikeLocalEndpoint, ikeRemoteEndpoint, ikeSelector,
2616: ikeAuthMethod
2617: }
2618: STATUS current
2619: DESCRIPTION
2620: "A collection of objects used only as arguments in traps."
2621: ::= { ikeGroups 13 }
2622:
2623: ikeTrapEnableGroup OBJECT-GROUP
2624: OBJECTS
2625: {
2626: ikeNegFailureTrapEnable, suiteNegFailureTrapEnable
2627: }
2628: STATUS current
2629: DESCRIPTION
2630: "A collection of objects providing control over trap
2631: generation."
2632: ::= { ikeGroups 14 }
2633:
2634: ikeTrapGroup NOTIFICATION-GROUP
2635: NOTIFICATIONS
2636: {
2637: ikeNegFailure, suiteNegFailure
2638: }
2639: STATUS current
2640: DESCRIPTION
2641: "A collection of traps."
2642: ::= { ikeGroups 15 }
2643:
2644: --
2645: -- Compliance statements
2646: --
2647:
2648: ikeMonitorCompliance MODULE-COMPLIANCE
2649: STATUS current
2650: DESCRIPTION
2651: "The compliance statement for SNMPv2 entities which
2652: implement the IKE Monitoring MIB."
2653: MODULE -- this module
2654: MANDATORY-GROUPS
2655: {
2656: endpointGroup, ikeSaGroup, ikeHelpersGroup,
2657: exchangeGroup, suiteGroup, phase2SaGroup,
2658: suiteHelperGroup, notifyGroup, ikeGlobalsGroup,
2659: suiteGlobalsGroup, ikeTrapArgumentGroup,
2660: ikeTrapEnableGroup, ikeTrapGroup
2661: }
2662:
2663: -- Allow the trap controls to be read-only
2664:
2665: OBJECT ikeNegFailureTrapEnable
2666: MIN-ACCESS read-only
2667: DESCRIPTION
2668: "If an implementation cannot properly secure this variable
2669: against unauthorized write access, it SHOULD implement it as
2670: read-only, to prevent the security risk of enabling the
2671: traps. Of course, there must be other means of controlling
2672: the generation of the associated trap."
2673:
2674: OBJECT suiteNegFailureTrapEnable
2675: MIN-ACCESS read-only
2676: DESCRIPTION
2677: "If an implementation cannot properly secure this variable
2678: against unauthorized write access, it SHOULD implement it as
2679: read-only, to prevent the security risk of enabling the
2680: traps. Of course, there must be other means of controlling
2681: the generation of the associated trap."
2682: -- don't require support for dns(16) address type
2683:
2684: -- Authors' note: The following statements are commented out,
2685: -- since the current SMI does not allow objects with a
2686: -- MAX-ACCESS clause of not-accessible to be put in groups,
2687: -- and objects that are not in groups cannot be in
2688: -- compliance statements.
2689:
2690: -- OBJECT saIkeLocalIpAddressType
2691: -- SYNTAX INTEGER { ipv4(1), ipv6(2) }
2692: -- DESCRIPTION
2693: -- "An implementation is only required to support IPv4 and IPv6
2694: -- addresses."
2695:
2696: -- OBJECT saIkeRemoteIpAddressType
2697: -- SYNTAX INTEGER { ipv4(1), ipv6(2) }
2698: -- DESCRIPTION
2699: -- "An implementation is only required to support IPv4 and IPv6
2700: -- addresses."
2701:
2702: -- OBJECT suiteLocalAddressType
2703: -- SYNTAX INTEGER { ipv4(1), ipv6(2) }
2704: -- DESCRIPTION
2705: -- "An implementation is only required to support IPv4 and IPv6
2706: -- addresses."
2707:
2708: -- OBJECT suiteRemoteAddressType
2709: -- SYNTAX INTEGER { ipv4(1), ipv6(2) }
2710: -- DESCRIPTION
2711: -- "An implementation is only required to support IPv4 and IPv6
2712: -- addresses."
2713:
2714: -- OBJECT ipsecSaInSuiteDestAddrType
2715: -- SYNTAX INTEGER { ipv4(1), ipv6(2) }
2716: -- DESCRIPTION
2717: -- "An implementation is only required to support IPv4 and IPv6
2718: -- addresses."
2719:
2720: ::= { ikeConformance 1 }
2721:
2722: END