smilint output for ./IPSEC-IKEACTION-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| severe | 2 |
| error | 2 |
| minor error | 2 |
| change recommended | 1 |
| warning | 5 |
| Message Types |
|---|
| Type | Count |
|---|
| import-failed (error) | 2 |
| module-identity-registration (change recommended) | 1 |
| object-identifier-unknown (severe) | 2 |
| revision-after-update (minor error) | 1 |
| revision-missing (minor error) | 1 |
| type-without-format (warning) | 5 |
Messages:
IPSEC-IKEACTION-MIB
1: -- extracted from draft-ietf-ipsp-ikeaction-mib-01.txt
2: -- at Fri Oct 22 06:23:51 2004
3:
4: IPSEC-IKEACTION-MIB DEFINITIONS ::= BEGIN
5:
6:
7:
8: IMPORTS
9: MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32
10: FROM SNMPv2-SMI
11:
12:
13: TEXTUAL-CONVENTION, RowStatus, TruthValue,
14: TimeStamp, StorageType, VariablePointer
15: FROM SNMPv2-TC
16:
17:
18: MODULE-COMPLIANCE, OBJECT-GROUP
19: FROM SNMPv2-CONF
20:
21:
22: SnmpAdminString
23: FROM SNMP-FRAMEWORK-MIB
24:
25:
26: InetAddressType, InetAddress, InetPortNumber
27: FROM INET-ADDRESS-MIB
28:
29:
30: spdActions, SpdIPPacketLogging, spdEndGroupIdentType,
31: spdEndGroupAddress
32: FROM IPSEC-SPD-MIB
32: error -
identifier `spdEndGroupIdentType' cannot be imported from module `IPSEC-SPD-MIB'
32: error -
identifier `spdEndGroupAddress' cannot be imported from module `IPSEC-SPD-MIB'
33:
34:
35: IpsaCredentialType, IpsecDoiIdentType, IpsaIdentityFilter,
36: ipsaSharedGroup
37: FROM IPSEC-IPSECACTION-MIB
38: ;
39:
40:
41: --
42: -- module identity
43: --
44:
45:
46: ipiaMIB MODULE-IDENTITY
46: change recommended -
warning: uncontrolled MODULE-IDENTITY registration
47: LAST-UPDATED "200212100000Z" -- 12 December 2002
48: ORGANIZATION "IETF IP Security Policy Working Group"
49: CONTACT-INFO "Michael Baer
50: Sparta, Inc.
51: Phone: +1 530 902 3131
52: Email: baerm@tislabs.com
53:
54:
55: Ricky Charlet
56: Email: rcharlet@alumni.calpoly.edu
57:
58:
59: Wes Hardaker
60: Sparta, Inc.
61: P.O. Box 382
62: Davis, CA 95617
63: Phone: +1 530 792 1913
64: Email: hardaker@tislabs.com
65:
66:
67: Robert Story
68: Revelstone Software
69: PO Box 1812
70: Tucker, GA 30085
71: Phone: +1 770 617 3722
72: Email: ipsp-mib@revelstone.com
73:
74:
75: Cliff Wang
76: SmartPipes Inc.
77: Suite 300, 565 Metro Place South
78: Dublin, OH 43017
79: Phone: +1 614 923 6241
80: E-Mail: cliffwang2000@yahoo.com"
81: DESCRIPTION
82: "The MIB module for defining IKE actions for managing IPsec
83: Security Policy.
84:
85:
86: Copyright (C) The Internet Society (2003). This version of
87: this MIB module is part of RFC XXXX, see the RFC itself for
88: full legal notices."
89:
90:
91: -- Revision History
92:
93:
94: REVISION "200301070000Z" -- 7 January 2003
94: minor error -
revision date after last update
95: DESCRIPTION "Initial version, published as RFC xxxx."
96: -- RFC-editor assigns xxxx
97:
98:
99: ::= { spdActions 2 }
99: minor error -
revision for last update is missing
100:
101:
102: --
103: -- groups of related objects
104: --
105:
106:
107: ipiaConfigObjects OBJECT IDENTIFIER
108: ::= { ipiaMIB 1 }
109: ipiaNotificationObjects OBJECT IDENTIFIER
110: ::= { ipiaMIB 2 }
111: ipiaConformanceObjects OBJECT IDENTIFIER
112: ::= { ipiaMIB 3 }
113:
114:
115: --
116: -- Textual Conventions
117: --
118:
119:
120: IkeEncryptionAlgorithm ::= TEXTUAL-CONVENTION
120: warning -
warning: type `IkeEncryptionAlgorithm' has no format specification
121: STATUS current
122: DESCRIPTION "Values for encryption algorithms negotiated
123: for the ISAKMP SA by IKE in Phase I. These are
124: values for SA Attrbute type Encryption
125: Algorithm (1).
126:
127:
128: Unused values <= 65000 are reserved to IANA.
129: Currently assigned values at the time of this
130: writing:
131:
132:
133: reserved(0), -- reserved in IKE
134: desCbc(1), -- RFC 2405
135: ideaCbc(2),
136: blowfishCbc(3),
137: rc5R16B64Cbc(4), -- RC5 R16 B64 CBC
138: tripleDesCbc(5), -- 3DES CBC
139: castCbc(6),
140: aesCbc(7)
141:
142:
143: Values 65001-65535 are for private use among
144: mutually consenting parties."
145: REFERENCE "RFC 2409 appendix A,
146: IANA"
147: SYNTAX Unsigned32 (0..65535)
148:
149:
150: IkeAuthMethod ::= TEXTUAL-CONVENTION
150: warning -
warning: type `IkeAuthMethod' has no format specification
151: STATUS current
152: DESCRIPTION "Values for authentication methods negotiated
153: for the ISAKMP SA by IKE in Phase I. These are
154: values for SA Attrbute type Authentication
155: Method (3).
156:
157:
158: Unused values <= 65000 are reserved to IANA.
159:
160:
161: reserved(0), -- reserved in IKE
162: preSharedKey(1),
163: dssSignatures(2),
164: rsaSignatures(3),
165: encryptionWithRsa(4),
166: revisedEncryptionWithRsa(5),
167: reservedDontUse6(6), -- not to be used
168: reservedDontUse7(7), -- not to be used
169: ecdsaSignatures(8)
170:
171:
172: Values 65001-65535 are for private use among
173: mutually consenting parties."
174: REFERENCE "RFC 2409 appendix A,
175: IANA"
176: SYNTAX Unsigned32 (0..65535)
177:
178:
179: IkeHashAlgorithm ::= TEXTUAL-CONVENTION
179: warning -
warning: type `IkeHashAlgorithm' has no format specification
180: STATUS current
181: DESCRIPTION "Values for hash algorithms negotiated
182: for the ISAKMP SA by IKE in Phase I. These are
183: values for SA Attrbute type Hash Algorithm (2).
184:
185:
186: Unused values <= 65000 are reserved to IANA.
187: Currently assigned values at the time of this
188: writing:
189:
190:
191: reserved(0), -- reserved in IKE
192: md5(1), -- RFC 1321
193: sha(2), -- FIPS 180-1
194: tiger(3),
195: sha256(4),
196: sha384(5),
197: sha512(6)
198:
199:
200: Values 65001-65535 are for private use among
201: mutually consenting parties."
202: REFERENCE "RFC 2409 appendix A,
203: IANA"
204: SYNTAX Unsigned32 (0..65535)
205:
206:
207: IkeGroupDescription ::= TEXTUAL-CONVENTION
207: warning -
warning: type `IkeGroupDescription' has no format specification
208: STATUS current
209: DESCRIPTION "Values for Oakley key computation groups for
210: Diffie-Hellman exchange negotiated for the ISAKMP
211: SA by IKE in Phase I. They are also used in Phase II
212: when perfect forward secrecy is in use. These are
213: values for SA Attrbute type Group Description (4).
214:
215:
216: Unused values <= 32767 are reserved to IANA.
217: Currently assigned values at the time of this
218: writing:
219:
220:
221: none(0), -- reserved in IKE, used
222: -- in MIBs to reflect that
223: -- none of the predefined
224: -- groups are used
225: modp768(1), -- default 768-bit MODP group
226: modp1024(2), -- alternate 1024-bit MODP
227: -- group
228:
229: ec2nGF155(3), -- EC2N group on Galois
230: -- Field GF[2^155]
231: ec2nGF185(4), -- EC2N group on Galois
232: -- Field GF[2^185]
233: ec2nGF163Random(6), -- EC2N group on Galois
234: -- Field GF[2^163],
235: -- random seed
236: ec2nGF163Koblitz(7),
237: -- EC2N group on Galois
238: -- Field GF[2^163],
239: -- Koblitz curve
240: ec2nGF283Random(8), -- EC2N group on Galois
241: -- Field GF[2^283],
242: -- random seed
243: ec2nGF283Koblitz(9),
244: -- EC2N group on Galois
245: -- Field GF[2^283],
246: -- Koblitz curve
247: ec2nGF409Random(10),
248: -- EC2N group on Galois
249: -- Field GF[2^409],
250: -- random seed
251: ec2nGF409Koblitz(11),
252: -- EC2N group on Galois
253: -- Field GF[2^409],
254: -- Koblitz curve
255: ec2nGF571Random(12),
256: -- EC2N group on Galois
257: -- Field GF[2^571],
258: -- random seed
259: ec2nGF571Koblitz(13)
260: -- EC2N group on Galois
261: -- Field GF[2^571],
262: -- Koblitz curve
263:
264:
265: Values 32768-65535 are for private use among
266: mutually consenting parties."
267: REFERENCE "RFC 2409 appendix A,
268: IANA"
269: SYNTAX Unsigned32 (0..65535)
270:
271:
272: IpsecDoiSecProtocolId ::= TEXTUAL-CONVENTION
272: warning -
warning: type `IpsecDoiSecProtocolId' has no format specification
273: STATUS current
274: DESCRIPTION "These are the IPsec DOI values for the Protocol-Id
275: field in an ISAKMP Proposal Payload, and in all
276: Notification Payloads.
277:
278:
279: They are also used as the Protocol-ID In the
280: Notification Payload and the Delete Payload.
281:
282:
283: Currently assigned values at the time of this
284: writing:
285:
286:
287: reserved(0), -- reserved in DOI
288: protoIsakmp(1), -- message protection
289: -- required during Phase I
290: -- of the IKE protocol
291: protoIpsecAh(2), -- IP packet authentication
292: -- via Authentication Header
293: protoIpsecEsp(3), -- IP packet confidentiality
294: -- via Encapsulating
295: -- Security Payload
296: protoIpcomp(4) -- IP payload compression
297:
298:
299: The values 249-255 are reserved for private use
300: amongst cooperating systems."
301: REFERENCE "RFC 2407 section 4.4.1"
302: SYNTAX Unsigned32 (0..255)
303:
304:
305: --
306: -- Policy group definitions
307: --
308:
309:
310: ipiaLocalConfigObjects OBJECT IDENTIFIER
311: ::= { ipiaConfigObjects 1 }
312:
313:
314:
315: --
316: -- Static Filters
317: --
318:
319:
320: ipiaStaticFilters OBJECT IDENTIFIER ::= { ipiaConfigObjects 2 }
321:
322:
323: ipiaIkePhase1Filter OBJECT-TYPE
324: SYNTAX Integer32
325: MAX-ACCESS read-only
326: STATUS current
327: DESCRIPTION
328: "This static filter can be used to test if a packet is
329: part of an IKE phase-1 negotiation."
330: ::= { ipiaStaticFilters 1 }
331:
332:
333: ipiaIkePhase2Filter OBJECT-TYPE
334: SYNTAX Integer32
335: MAX-ACCESS read-only
336: STATUS current
337: DESCRIPTION
338: "This static filter can be used to test if a packet is
339: part of an IKE phase-2 negotiation."
340: ::= { ipiaStaticFilters 2 }
341:
342:
343:
344: --
345: -- credential filter table
346: --
347:
348:
349: ipiaCredentialFilterTable OBJECT-TYPE
350: SYNTAX SEQUENCE OF IpiaCredentialFilterEntry
351: MAX-ACCESS not-accessible
352: STATUS current
353: DESCRIPTION
354: "This table defines filters which can be used to match
355: credentials of IKE peers, where the credentials in question
356: have been obtained from an IKE phase 1 exchange. They may
357: be X.509 certificates, Kerberos tickets, etc..."
358: ::= { ipiaConfigObjects 3 }
359:
360:
361: ipiaCredentialFilterEntry OBJECT-TYPE
362: SYNTAX IpiaCredentialFilterEntry
363: MAX-ACCESS not-accessible
364: STATUS current
365: DESCRIPTION
366: "A row defining a particular credential filter"
367: INDEX { ipiaCredFiltName }
368: ::= { ipiaCredentialFilterTable 1 }
369:
370:
371: IpiaCredentialFilterEntry ::= SEQUENCE {
372: ipiaCredFiltName SnmpAdminString,
373: ipiaCredFiltCredentialType IpsaCredentialType,
374: ipiaCredFiltMatchFieldName OCTET STRING,
375: ipiaCredFiltMatchFieldValue OCTET STRING,
376: ipiaCredFiltAcceptCredFrom OCTET STRING,
377: ipiaCredFiltLastChanged TimeStamp,
378: ipiaCredFiltStorageType StorageType,
379: ipiaCredFiltRowStatus RowStatus
380: }
381:
382:
383: ipiaCredFiltName OBJECT-TYPE
384: SYNTAX SnmpAdminString (SIZE(1..32))
385: MAX-ACCESS not-accessible
386: STATUS current
387: DESCRIPTION
388: "The administrative name of this filter."
389: ::= { ipiaCredentialFilterEntry 1 }
390:
391: ipiaCredFiltCredentialType OBJECT-TYPE
392: SYNTAX IpsaCredentialType
393: MAX-ACCESS read-create
394: STATUS current
395: DESCRIPTION
396: "The credential type that is expected for this filter to
397: succeed."
398: DEFVAL { x509 }
399: ::= { ipiaCredentialFilterEntry 2 }
400:
401:
402: ipiaCredFiltMatchFieldName OBJECT-TYPE
403: SYNTAX OCTET STRING (SIZE(0..256))
404: MAX-ACCESS read-create
405: STATUS current
406: DESCRIPTION
407: "The piece of the credential to match against. Examples:
408: serialNumber, signatureAlgorithm, issuerName or
409: subjectName.
410:
411:
412: For credential types without fields (e.g. shared secret),
413: this field should be left empty, and the entire credential
414: will be matched against the ipiaCredFiltMatchFieldValue."
415: ::= { ipiaCredentialFilterEntry 3 }
416:
417:
418: ipiaCredFiltMatchFieldValue OBJECT-TYPE
419: SYNTAX OCTET STRING (SIZE(1..4096))
420: MAX-ACCESS read-create
421: STATUS current
422: DESCRIPTION
423: "The value that the field indicated by the
424: ipiaCredFiltMatchFieldName must match against for the
425: filter to be considered TRUE."
426: ::= { ipiaCredentialFilterEntry 4 }
427:
428:
429: ipiaCredFiltAcceptCredFrom OBJECT-TYPE
430: SYNTAX OCTET STRING(SIZE(1..117))
431: MAX-ACCESS read-create
432: STATUS current
433: DESCRIPTION
434: "This value is used to look up a row in the
435: ipiaIpsecCredMngServiceTable for the Certificate Authority
436: (CA) Information. This value is empty if there is no CA
437: used for this filter."
438: ::= { ipiaCredentialFilterEntry 5 }
439:
440:
441: ipiaCredFiltLastChanged OBJECT-TYPE
442: SYNTAX TimeStamp
443: MAX-ACCESS read-only
444: STATUS current
445: DESCRIPTION
446: "The value of sysUpTime when this row was last modified or
447: created either through SNMP SETs or by some other external
448: means."
449: ::= { ipiaCredentialFilterEntry 6 }
450:
451:
452: ipiaCredFiltStorageType OBJECT-TYPE
453: SYNTAX StorageType
454: MAX-ACCESS read-create
455: STATUS current
456: DESCRIPTION
457: "The storage type for this row. Rows in this table which
458: were created through an external process may have a storage
459: type of readOnly or permanent."
460: DEFVAL { nonVolatile }
461: ::= { ipiaCredentialFilterEntry 7 }
462:
463:
464: ipiaCredFiltRowStatus OBJECT-TYPE
465: SYNTAX RowStatus
466: MAX-ACCESS read-create
467: STATUS current
468: DESCRIPTION
469: "This object indicates the conceptual status of this row."
470: ::= { ipiaCredentialFilterEntry 8 }
471:
472:
473:
474: --
475: -- Peer Identity Filter Table
476: --
477:
478:
479: ipiaPeerIdentityFilterTable OBJECT-TYPE
480: SYNTAX SEQUENCE OF IpiaPeerIdentityFilterEntry
481: MAX-ACCESS not-accessible
482: STATUS current
483: DESCRIPTION
484: "This table defines filters which can be used to match
485: credentials of IKE peers, where the credentials in question
486: have been obtained from an IKE phase 1 exchange. They may
487: be X.509 certificates, Kerberos tickets, etc..."
488: ::= { ipiaConfigObjects 4 }
489:
490:
491: ipiaPeerIdentityFilterEntry OBJECT-TYPE
492: SYNTAX IpiaPeerIdentityFilterEntry
493: MAX-ACCESS not-accessible
494: STATUS current
495: DESCRIPTION
496: "A row defining a particular credential filter"
497:
498: INDEX { ipiaPeerIdFiltName }
499: ::= { ipiaPeerIdentityFilterTable 1 }
500:
501:
502: IpiaPeerIdentityFilterEntry ::= SEQUENCE {
503: ipiaPeerIdFiltName SnmpAdminString,
504: ipiaPeerIdFiltIdentityType IpsecDoiIdentType,
505: ipiaPeerIdFiltIdentityValue IpsaIdentityFilter,
506: ipiaPeerIdFiltLastChanged TimeStamp,
507: ipiaPeerIdFiltStorageType StorageType,
508: ipiaPeerIdFiltRowStatus RowStatus
509: }
510:
511:
512: ipiaPeerIdFiltName OBJECT-TYPE
513: SYNTAX SnmpAdminString (SIZE(1..32))
514: MAX-ACCESS not-accessible
515: STATUS current
516: DESCRIPTION
517: "The administrative name of this filter."
518: ::= { ipiaPeerIdentityFilterEntry 1 }
519:
520:
521: ipiaPeerIdFiltIdentityType OBJECT-TYPE
522: SYNTAX IpsecDoiIdentType
523: MAX-ACCESS read-create
524: STATUS current
525: DESCRIPTION
526: "The type of identity field in the peer ID payload to match
527: against."
528: ::= { ipiaPeerIdentityFilterEntry 2 }
529:
530:
531: ipiaPeerIdFiltIdentityValue OBJECT-TYPE
532: SYNTAX IpsaIdentityFilter
533: MAX-ACCESS read-create
534: STATUS current
535: DESCRIPTION
536: "The string representation of the value that the peer ID
537: payload value must match against. Wildcard mechanisms MUST
538: be supported such that:
539:
540:
541: - a ipiaPeerIdFiltIdentityValue of '*@example.com' will
542: match a userFqdn ID payload of 'JDOE@EXAMPLE.COM'
543:
544:
545: - a ipiaPeerIdFiltIdentityValue of '*.example.com' will
546: match a fqdn ID payload of 'WWW.EXAMPLE.COM'
547:
548:
549: - a ipiaPeerIdFiltIdentityValue of:
550: 'cn=*,ou=engineering,o=company,c=us'
551: will match a DER DN ID payload of
552: 'cn=John Doe,ou=engineering,o=company,c=us'
553:
554: - a ipiaPeerIdFiltIdentityValue of '192.0.2.0/24' will
555: match an IPv4 address ID payload of 192.0.2.10
556:
557:
558: - a ipiaPeerIdFiltIdentityValue of '192.0.2.*' will also
559: match an IPv4 address ID payload of 192.0.2.10.
560:
561:
562: The character '*' replaces 0 or multiple instances of any
563: character."
564: ::= { ipiaPeerIdentityFilterEntry 3 }
565:
566:
567: ipiaPeerIdFiltLastChanged OBJECT-TYPE
568: SYNTAX TimeStamp
569: MAX-ACCESS read-only
570: STATUS current
571: DESCRIPTION
572: "The value of sysUpTime when this row was last modified or
573: created either through SNMP SETs or by some other external
574: means."
575: ::= { ipiaPeerIdentityFilterEntry 4 }
576:
577:
578: ipiaPeerIdFiltStorageType OBJECT-TYPE
579: SYNTAX StorageType
580: MAX-ACCESS read-create
581: STATUS current
582: DESCRIPTION
583: "The storage type for this row. Rows in this table which
584: were created through an external process may have a storage
585: type of readOnly or permanent."
586: DEFVAL { nonVolatile }
587: ::= { ipiaPeerIdentityFilterEntry 5 }
588:
589:
590: ipiaPeerIdFiltRowStatus OBJECT-TYPE
591: SYNTAX RowStatus
592: MAX-ACCESS read-create
593: STATUS current
594: DESCRIPTION
595: "This object indicates the conceptual status of this row.
596: This object can not be considered active unless the
597: ipiaPeerIdFiltIdentityType and ipiaPeerIdFiltIdentityValue
598: column values are defined."
599: ::= { ipiaPeerIdentityFilterEntry 6 }
600:
601:
602:
603: --
604: -- Static Actions
605: --
606:
607:
608: -- these are static actions which can be pointed to by the
609: -- ipiaRuleDefAction or the ipiaSubActSubActionName objects to drop,
610: -- accept or reject packets.
611:
612:
613: ipiaStaticActions OBJECT IDENTIFIER ::= { ipiaConfigObjects 5 }
614:
615:
616: ipiaRejectIKEAction OBJECT-TYPE
617: SYNTAX Integer32
618: MAX-ACCESS read-only
619: STATUS current
620: DESCRIPTION
621: "This scalar indicates that a packet should be rejected
622: WITHOUT action/packet logging. This object returns a value
623: of 1 for IPsec policy implementations that support the
624: reject static action."
625: ::= { ipiaStaticActions 1 }
626:
627:
628: ipiaRejectIKEActionLog OBJECT-TYPE
629: SYNTAX Integer32
630: MAX-ACCESS read-only
631: STATUS current
632: DESCRIPTION
633: "This scalar indicates that a packet should be rejected
634: WITH action/packet logging. This object returns a value of
635: 1 for IPsec policy implementations that support the reject
636: static action with logging."
637: ::= { ipiaStaticActions 2 }
638:
639:
640:
641: --
642: -- ipiaIkeActionTable
643: --
644:
645:
646: ipiaIkeActionTable OBJECT-TYPE
647: SYNTAX SEQUENCE OF IpiaIkeActionEntry
648: MAX-ACCESS not-accessible
649: STATUS current
650: DESCRIPTION
651: "The ipiaIkeActionTable contains a list of the parameters
652: used for an IKE phase 1 SA DOI negotiation. See the
653: corresponding table ipiaIkeActionProposalsTable for a list
654: of proposals contained within a given IKE Action."
655: ::= { ipiaConfigObjects 6 }
656:
657:
658: ipiaIkeActionEntry OBJECT-TYPE
659: SYNTAX IpiaIkeActionEntry
660: MAX-ACCESS not-accessible
661: STATUS current
662: DESCRIPTION
663: "The ipiaIkeActionEntry lists the IKE negotiation
664: attributes."
665: INDEX { ipiaIkeActName }
666: ::= { ipiaIkeActionTable 1 }
667:
668:
669: IpiaIkeActionEntry ::= SEQUENCE {
670: ipiaIkeActName SnmpAdminString,
671: ipiaIkeActParametersName SnmpAdminString,
672: ipiaIkeActThresholdDerivedKeys Integer32,
673: ipiaIkeActExchangeMode INTEGER,
674: ipiaIkeActAgressiveModeGroupId IkeGroupDescription,
675: ipiaIkeActIdentityType IpsecDoiIdentType,
676: ipiaIkeActIdentityContext SnmpAdminString,
677: ipiaIkeActPeerName SnmpAdminString,
678: ipiaIkeActDoActionLogging TruthValue,
679: ipiaIkeActDoPacketLogging SpdIPPacketLogging,
680: ipiaIkeActVendorId OCTET STRING,
681: ipiaIkeActLastChanged TimeStamp,
682: ipiaIkeActStorageType StorageType,
683: ipiaIkeActRowStatus RowStatus
684: }
685:
686:
687: ipiaIkeActName OBJECT-TYPE
688: SYNTAX SnmpAdminString (SIZE(1..32))
689: MAX-ACCESS not-accessible
690: STATUS current
691: DESCRIPTION
692: "This object contains the name of this ikeAction entry."
693: ::= { ipiaIkeActionEntry 1 }
694:
695:
696: ipiaIkeActParametersName OBJECT-TYPE
697: SYNTAX SnmpAdminString (SIZE(1..32))
698: MAX-ACCESS read-create
699: STATUS current
700: DESCRIPTION
701: "This object is administratively assigned to reference a row
702: in the ipiaSaNegotiationParametersTable where additional
703: parameters affecting this action may be found."
704: ::= { ipiaIkeActionEntry 2 }
705:
706:
707: ipiaIkeActThresholdDerivedKeys OBJECT-TYPE
708: SYNTAX Integer32 (0..100)
709: MAX-ACCESS read-create
710: STATUS current
711: DESCRIPTION
712: "ipiaIkeActThresholdDerivedKeys specifies what percentage
713: of the derived key limit (see the LifetimeDerivedKeys
714: property of IKEProposal) can expire before IKE should
715: attempt to renegotiate the IKE phase 1 security
716: association."
717: DEFVAL { 100 }
718: ::= { ipiaIkeActionEntry 3 }
719:
720:
721: ipiaIkeActExchangeMode OBJECT-TYPE
722: SYNTAX INTEGER { main(1), agressive(2) }
723: MAX-ACCESS read-create
724: STATUS current
725: DESCRIPTION
726: "ipiaIkeActExchangeMode specifies the IKE Phase 1
727: negotiation mode."
728: DEFVAL { main }
729: ::= { ipiaIkeActionEntry 4 }
730:
731:
732: ipiaIkeActAgressiveModeGroupId OBJECT-TYPE
733: SYNTAX IkeGroupDescription
734: MAX-ACCESS read-create
735: STATUS current
736: DESCRIPTION
737: "The values to be used for Diffie-Hellman exchange."
738: ::= { ipiaIkeActionEntry 5 }
739:
740:
741: ipiaIkeActIdentityType OBJECT-TYPE
742: SYNTAX IpsecDoiIdentType
743: MAX-ACCESS read-create
744: STATUS current
745: DESCRIPTION
746: "This column along with ipiaIkeActIdentityContext and
747: endpoint information is used to refer an
748: ipiaIkeIdentityEntry in the ipiaIkeIdentityTable."
749: ::= { ipiaIkeActionEntry 6 }
750:
751:
752: ipiaIkeActIdentityContext OBJECT-TYPE
753: SYNTAX SnmpAdminString (SIZE(1..32))
754: MAX-ACCESS read-create
755: STATUS current
756: DESCRIPTION
757: "This column, along with ipiaIkeActIdentityType and endpoint
758: information, is used to refer to an ipiaIkeIdentityEntry in
759: the ipiaIkeIdentityTable."
760: ::= { ipiaIkeActionEntry 7 }
761:
762:
763: ipiaIkeActPeerName OBJECT-TYPE
764: SYNTAX SnmpAdminString(SIZE(0..32))
765: MAX-ACCESS read-create
766: STATUS current
767: DESCRIPTION
768: "This object indicates the peer id name of the IKE peer.
769: This object can be used to look up the peer id value,
770: address, credentials and other values in the
771: ipiaPeerIdentityTable."
772: ::= { ipiaIkeActionEntry 8 }
773:
774:
775:
776: ipiaIkeActDoActionLogging OBJECT-TYPE
777: SYNTAX TruthValue
778: MAX-ACCESS read-create
779: STATUS current
780: DESCRIPTION
781: "ikeDoActionLogging specifies whether or not an audit
782: message should be logged when this ike SA is created."
783: DEFVAL { false }
784: ::= { ipiaIkeActionEntry 9 }
785:
786:
787: ipiaIkeActDoPacketLogging OBJECT-TYPE
788: SYNTAX SpdIPPacketLogging
789: MAX-ACCESS read-create
790: STATUS current
791: DESCRIPTION
792: "ikeDoPacketLogging specifies whether or not an audit
793: message should be logged and if there is logging, how many
794: bytes of the packet to place in the notification."
795: DEFVAL { -1 }
796: ::= { ipiaIkeActionEntry 10 }
797:
798:
799: ipiaIkeActVendorId OBJECT-TYPE
800: SYNTAX OCTET STRING (SIZE(0..65535))
801: MAX-ACCESS read-create
802: STATUS current
803: DESCRIPTION
804: "Vendor ID Payload. A value of NULL means that Vendor ID
805: payload will be neither generated nor accepted. A non-NULL
806: value means that a Vendor ID payload will be generated
807: (when acting as an initiator) or is expected (when acting
808: as a responder)."
809: DEFVAL { "" }
810: ::= { ipiaIkeActionEntry 11 }
811:
812:
813: ipiaIkeActLastChanged OBJECT-TYPE
814: SYNTAX TimeStamp
815: MAX-ACCESS read-only
816: STATUS current
817: DESCRIPTION
818: "The value of sysUpTime when this row was last modified or
819: created either through SNMP SETs or by some other external
820: means."
821: ::= { ipiaIkeActionEntry 12 }
822:
823:
824: ipiaIkeActStorageType OBJECT-TYPE
825: SYNTAX StorageType
826: MAX-ACCESS read-create
827: STATUS current
828: DESCRIPTION
829: "The storage type for this row. Rows in this table which
830: were created through an external process may have a storage
831: type of readOnly or permanent."
832: DEFVAL { nonVolatile }
833: ::= { ipiaIkeActionEntry 13 }
834:
835:
836: ipiaIkeActRowStatus OBJECT-TYPE
837: SYNTAX RowStatus
838: MAX-ACCESS read-create
839: STATUS current
840: DESCRIPTION
841: "This object indicates the conceptual status of this row.
842:
843:
844: The value of this object has no effect on whether other
845: objects in this conceptual row can be modified.
846:
847:
848: This object may not be set to destroy if refered to by
849: other rows in other action tables."
850: ::= { ipiaIkeActionEntry 14 }
851:
852:
853:
854: --
855: -- IPsec action definition table
856: --
857:
858:
859:
860: ipiaIpsecActionTable OBJECT-TYPE
861: SYNTAX SEQUENCE OF IpiaIpsecActionEntry
862: MAX-ACCESS not-accessible
863: STATUS current
864: DESCRIPTION
865: "The ipiaIpsecActionTable contains a list of the parameters
866: used for an IKE phase 2 IPsec DOI negotiation."
867: ::= { ipiaConfigObjects 7 }
868:
869:
870: ipiaIpsecActionEntry OBJECT-TYPE
871: SYNTAX IpiaIpsecActionEntry
872: MAX-ACCESS not-accessible
873: STATUS current
874: DESCRIPTION
875: "The ipiaIpsecActionEntry lists the IPsec negotiation
876: attributes."
877: INDEX { ipiaIpsecActName }
878: ::= { ipiaIpsecActionTable 1 }
879:
880:
881: IpiaIpsecActionEntry ::= SEQUENCE {
882: ipiaIpsecActName SnmpAdminString,
883: ipiaIpsecActParametersName SnmpAdminString,
884: ipiaIpsecActProposalsName SnmpAdminString,
885: ipiaIpsecActUsePfs TruthValue,
886: ipiaIpsecActVendorId OCTET STRING,
887: ipiaIpsecActGroupId IkeGroupDescription,
888: ipiaIpsecActPeerGatewayIdName OCTET STRING,
889: ipiaIpsecActUseIkeGroup TruthValue,
890: ipiaIpsecActGranularity INTEGER,
891: ipiaIpsecActMode INTEGER,
892: ipiaIpsecActDFHandling INTEGER,
893: ipiaIpsecActDoActionLogging TruthValue,
894: ipiaIpsecActDoPacketLogging SpdIPPacketLogging,
895: ipiaIpsecActLastChanged TimeStamp,
896: ipiaIpsecActStorageType StorageType,
897: ipiaIpsecActRowStatus RowStatus
898: }
899:
900:
901: ipiaIpsecActName OBJECT-TYPE
902: SYNTAX SnmpAdminString (SIZE(1..32))
903: MAX-ACCESS not-accessible
904: STATUS current
905: DESCRIPTION
906: "ipiaIpsecActName is the name of the ipsecAction entry."
907: ::= { ipiaIpsecActionEntry 1 }
908:
909:
910:
911: ipiaIpsecActParametersName OBJECT-TYPE
912: SYNTAX SnmpAdminString (SIZE(1..32))
913: MAX-ACCESS read-create
914: STATUS current
915: DESCRIPTION
916: "This object is used to reference a row in the
917: ipiaSaNegotiationParametersTable where additional
918: parameters affecting this action may be found."
919: ::= { ipiaIpsecActionEntry 2 }
920:
921:
922: ipiaIpsecActProposalsName OBJECT-TYPE
923: SYNTAX SnmpAdminString (SIZE(1..32))
924: MAX-ACCESS read-create
925: STATUS current
926: DESCRIPTION
927: "This object is used to reference one or more rows in the
928: ipiaIpsecProposalsTable where an ordered list of proposals
929: affecting this action may be found."
930: ::= { ipiaIpsecActionEntry 3 }
931:
932:
933: ipiaIpsecActUsePfs OBJECT-TYPE
934: SYNTAX TruthValue
935: MAX-ACCESS read-create
936: STATUS current
937: DESCRIPTION
938: "This MIB object specifies whether or not perfect forward
939: secrecy should be used when refreshing keys.
940: A value of true indicates that PFS should be used."
941: ::= { ipiaIpsecActionEntry 4 }
942:
943:
944: ipiaIpsecActVendorId OBJECT-TYPE
945: SYNTAX OCTET STRING (SIZE(0..255))
946: MAX-ACCESS read-create
947: STATUS current
948: DESCRIPTION
949: "The VendorID property is used to identify vendor-defined
950: key exchange GroupIDs."
951: ::= { ipiaIpsecActionEntry 5 }
952:
953:
954: ipiaIpsecActGroupId OBJECT-TYPE
955: SYNTAX IkeGroupDescription
956: MAX-ACCESS read-create
957: STATUS current
958: DESCRIPTION
959: "This object specifies the Diffie-Hellman group to use for
960: phase 2 when the object ipiaIpsecActUsePfs is true and the
961: object ipiaIpsecActUseIkeGroup is false. If the GroupID
962: number is from the vendor-specific range (32768-65535), the
963: VendorID qualifies the group number."
964: ::= { ipiaIpsecActionEntry 6 }
965:
966:
967: ipiaIpsecActPeerGatewayIdName OBJECT-TYPE
968: SYNTAX OCTET STRING (SIZE(0..116))
969: MAX-ACCESS read-create
970: STATUS current
971: DESCRIPTION
972: "This object indicates the peer id name of the peer
973: gateway. This object can be used to look up the peer id
974: value, address and other values in the
975: ipiaPeerIdentityTable. This object is used when initiating
976: a tunnel SA. This object is not used for transport SAs.
977: If no value is set and ipiaIpsecActMode is tunnel, the peer
978: gateway should be determined from the source or destination
979: address of the packet."
980: ::= { ipiaIpsecActionEntry 7 }
981:
982:
983: ipiaIpsecActUseIkeGroup OBJECT-TYPE
984: SYNTAX TruthValue
985: MAX-ACCESS read-create
986: STATUS current
987: DESCRIPTION
988: "This object specifies whether or not to use the same
989: GroupId for phase 2 as was used in phase 1. If UsePFS is
990: false, this entry should be ignored."
991: ::= { ipiaIpsecActionEntry 8 }
992:
993:
994: ipiaIpsecActGranularity OBJECT-TYPE
995: SYNTAX INTEGER { subnet(1), address(2), protocol(3),
996: port(4) }
997: MAX-ACCESS read-create
998: STATUS current
999: DESCRIPTION
1000: "This object specifies how the proposed selector for the
1001: security association will be created. The selector is
1002: created by using the FilterList information. The selector
1003: can be subnet, address, porotocol, or port."
1004: ::= { ipiaIpsecActionEntry 9 }
1005:
1006:
1007: ipiaIpsecActMode OBJECT-TYPE
1008: SYNTAX INTEGER { tunnel(1), transport(2) }
1009: MAX-ACCESS read-create
1010: STATUS current
1011: DESCRIPTION
1012: "This object specifies the encapsulation of the IPsec SA
1013: to be negotiated."
1014: DEFVAL { tunnel }
1015: ::= { ipiaIpsecActionEntry 10 }
1016:
1017:
1018: ipiaIpsecActDFHandling OBJECT-TYPE
1019: SYNTAX INTEGER { copy(1), set(2), clear(3) }
1020: MAX-ACCESS read-create
1021: STATUS current
1022: DESCRIPTION
1023: "This object specifies the processing of DF bit by the
1024: negotiated IPsec tunnel.
1025: 1 - DF bit is copied.
1026: 2 - DF bit is set.
1027: 3 - DF bit is cleared."
1028: DEFVAL { copy }
1029: ::= { ipiaIpsecActionEntry 11 }
1030:
1031: ipiaIpsecActDoActionLogging OBJECT-TYPE
1032: SYNTAX TruthValue
1033: MAX-ACCESS read-create
1034: STATUS current
1035: DESCRIPTION
1036: "ipiaIpsecActDoActionLogging specifies whether or not an
1037: audit message should be logged when this ipsec SA is
1038: created."
1039: DEFVAL { false }
1040: ::= { ipiaIpsecActionEntry 12 }
1041:
1042:
1043: ipiaIpsecActDoPacketLogging OBJECT-TYPE
1044: SYNTAX SpdIPPacketLogging
1045: MAX-ACCESS read-create
1046: STATUS current
1047: DESCRIPTION
1048: "ipiaIpsecActDoPacketLogging specifies whether or not an
1049: audit message should be logged and if there is logging, how
1050: many bytes of the packet to place in the notification."
1051: DEFVAL { -1 }
1052: ::= { ipiaIpsecActionEntry 13 }
1053:
1054:
1055: ipiaIpsecActLastChanged OBJECT-TYPE
1056: SYNTAX TimeStamp
1057: MAX-ACCESS read-only
1058: STATUS current
1059: DESCRIPTION
1060: "The value of sysUpTime when this row was last modified or
1061: created either through SNMP SETs or by some other external
1062: means."
1063: ::= { ipiaIpsecActionEntry 14 }
1064:
1065:
1066: ipiaIpsecActStorageType OBJECT-TYPE
1067: SYNTAX StorageType
1068: MAX-ACCESS read-create
1069: STATUS current
1070: DESCRIPTION
1071: "The storage type for this row. Rows in this table which
1072: were created through an external process may have a storage
1073: type of readOnly or permanent."
1074: DEFVAL { nonVolatile }
1075: ::= { ipiaIpsecActionEntry 15 }
1076:
1077:
1078: ipiaIpsecActRowStatus OBJECT-TYPE
1079: SYNTAX RowStatus
1080: MAX-ACCESS read-create
1081: STATUS current
1082: DESCRIPTION
1083: "This object indicates the conceptual status of this row.
1084:
1085:
1086: The value of this object has no effect on whether other
1087: objects in this conceptual row can be modified.
1088:
1089:
1090: If active, this object must remain active if it is
1091: referenced by a row in another table."
1092: ::= { ipiaIpsecActionEntry 16 }
1093:
1094:
1095: --
1096: -- ipiaSaNegotiationParametersTable
1097: --
1098:
1099:
1100: -- PROPERTIES MinLifetimeSeconds
1101: -- MinLifetimeKilobytes
1102: -- RefreshThresholdSeconds
1103: -- RefreshThresholdKilobytes
1104: -- IdleDurationSeconds
1105:
1106:
1107: ipiaSaNegotiationParametersTable OBJECT-TYPE
1108: SYNTAX SEQUENCE OF IpiaSaNegotiationParametersEntry
1109: MAX-ACCESS not-accessible
1110: STATUS current
1111: DESCRIPTION
1112: "This table contains reusable parameters that can be pointed
1113: to by the ipiaIkeActionTable and ipiaIpsecActionTable.
1114: These parameters are reusable since it is likely an
1115: administrator will want to make global policy changes to
1116: lifetime parameters that apply to multiple actions. This
1117: table allows multiple rows in the other actions tables to
1118: reuse global lifetime parameters in this table by
1119: repeatedly pointing to a row cointained within this table."
1120: ::= { ipiaConfigObjects 8 }
1121:
1122:
1123: ipiaSaNegotiationParametersEntry OBJECT-TYPE
1124: SYNTAX IpiaSaNegotiationParametersEntry
1125: MAX-ACCESS not-accessible
1126: STATUS current
1127: DESCRIPTION
1128: "Contains the attributes of one row in the
1129: ipiaSaNegotiationParametersTable."
1130: INDEX { ipiaSaNegParamName }
1131: ::= { ipiaSaNegotiationParametersTable 1 }
1132:
1133:
1134: IpiaSaNegotiationParametersEntry ::= SEQUENCE {
1135: ipiaSaNegParamName SnmpAdminString,
1136: ipiaSaNegParamMinLifetimeSecs Unsigned32,
1137: ipiaSaNegParamMinLifetimeKB Unsigned32,
1138: ipiaSaNegParamRefreshThreshSecs Unsigned32,
1139: ipiaSaNegParamRefreshThresholdKB Unsigned32,
1140: ipiaSaNegParamIdleDurationSecs Unsigned32,
1141: ipiaSaNegParamLastChanged TimeStamp,
1142: ipiaSaNegParamStorageType StorageType,
1143: ipiaSaNegParamRowStatus RowStatus
1144: }
1145:
1146:
1147: ipiaSaNegParamName OBJECT-TYPE
1148: SYNTAX SnmpAdminString (SIZE(1..32))
1149: MAX-ACCESS not-accessible
1150: STATUS current
1151: DESCRIPTION
1152: "This object contains the administrative name of this
1153: SaNegotiationParametersEntry. This row can be referred
1154: to by this name in other policy action tables."
1155: ::= { ipiaSaNegotiationParametersEntry 1 }
1156:
1157:
1158: ipiaSaNegParamMinLifetimeSecs OBJECT-TYPE
1159: SYNTAX Unsigned32
1160: MAX-ACCESS read-create
1161: STATUS current
1162: DESCRIPTION
1163: "ipiaSaNegParamMinLifetimeSecs specifies the minimum seconds
1164: lifetime that will be accepted from the peer."
1165: ::= { ipiaSaNegotiationParametersEntry 2 }
1166:
1167:
1168: ipiaSaNegParamMinLifetimeKB OBJECT-TYPE
1169: SYNTAX Unsigned32
1170: MAX-ACCESS read-create
1171: STATUS current
1172: DESCRIPTION
1173: "ipiaSaNegParamMinLifetimeKB specifies the minimum kilobyte
1174: lifetime that will be accepted from the peer."
1175: ::= { ipiaSaNegotiationParametersEntry 3 }
1176:
1177:
1178: ipiaSaNegParamRefreshThreshSecs OBJECT-TYPE
1179: SYNTAX Unsigned32 (1..100)
1180: MAX-ACCESS read-create
1181: STATUS current
1182: DESCRIPTION
1183: "ipiaSaNegParamRefreshThreshSecs specifies what percentage
1184: of the seconds lifetime can expire before IKE should
1185: attempt to renegotiate the IPsec security association. A
1186: value between 1 and 100 representing a percentage. A value
1187: of 100 indicates that the IPsec security association should
1188: not be renegotiated until the seconds lifetime has been
1189: completely reached."
1190: ::= { ipiaSaNegotiationParametersEntry 4 }
1191:
1192:
1193: ipiaSaNegParamRefreshThresholdKB OBJECT-TYPE
1194: SYNTAX Unsigned32 (1..100)
1195: MAX-ACCESS read-create
1196: STATUS current
1197: DESCRIPTION
1198: "ipiaSaNegParamRefreshThresholdKB specifies what percentage
1199: of the kilobyte lifetime can expire before IKE should
1200: attempt to renegotiate the IPsec security association. A
1201: value between 1 and 100 representing a percentage. A value
1202: of 100 indicates that the IPsec security association should
1203: not be renegotiated until the kilobyte lifetime has been
1204: reached."
1205: ::= { ipiaSaNegotiationParametersEntry 5 }
1206:
1207:
1208: ipiaSaNegParamIdleDurationSecs OBJECT-TYPE
1209: SYNTAX Unsigned32
1210: MAX-ACCESS read-create
1211: STATUS current
1212: DESCRIPTION
1213: "ipiaSaNegParamIdleDurationSecs specifies how many seconds a
1214: security association may remain idle (i.e., no traffic
1215: protected using the security association) before it is
1216: deleted. A value of zero indicates that idle detection
1217: should not be used for the security association. Any
1218: non-zero value indicates the number of seconds the security
1219: association may remain unused."
1220: ::= { ipiaSaNegotiationParametersEntry 6 }
1221:
1222:
1223: ipiaSaNegParamLastChanged OBJECT-TYPE
1224: SYNTAX TimeStamp
1225: MAX-ACCESS read-only
1226: STATUS current
1227: DESCRIPTION
1228: "The value of sysUpTime when this row was last modified or
1229: created either through SNMP SETs or by some other external
1230: means."
1231: ::= { ipiaSaNegotiationParametersEntry 7 }
1232:
1233:
1234: ipiaSaNegParamStorageType OBJECT-TYPE
1235: SYNTAX StorageType
1236: MAX-ACCESS read-create
1237: STATUS current
1238: DESCRIPTION
1239: "The storage type for this row. Rows in this table which
1240: were created through an external process may have a storage
1241: type of readOnly or permanent."
1242:
1243: DEFVAL { nonVolatile }
1244: ::= { ipiaSaNegotiationParametersEntry 8 }
1245:
1246:
1247: ipiaSaNegParamRowStatus OBJECT-TYPE
1248: SYNTAX RowStatus
1249: MAX-ACCESS read-create
1250: STATUS current
1251: DESCRIPTION
1252: "This object indicates the conceptual status of this row.
1253:
1254:
1255: The value of this object has no effect on whether other
1256: objects in this conceptual row can be modified.
1257:
1258:
1259: This object may not be set to destroy if refered to by
1260: other rows in other action tables."
1261: ::= { ipiaSaNegotiationParametersEntry 9 }
1262:
1263:
1264: --
1265: -- ipiaIkeActionProposalsTable proposals contained within a ikeAction
1266: --
1267:
1268:
1269: ipiaIkeActionProposalsTable OBJECT-TYPE
1270: SYNTAX SEQUENCE OF IpiaIkeActionProposalsEntry
1271: MAX-ACCESS not-accessible
1272: STATUS current
1273: DESCRIPTION
1274: "This table contains a list of all ike proposal names found
1275: within a given IKE Action."
1276: ::= { ipiaConfigObjects 9 }
1277:
1278:
1279: ipiaIkeActionProposalsEntry OBJECT-TYPE
1280: SYNTAX IpiaIkeActionProposalsEntry
1281: MAX-ACCESS not-accessible
1282: STATUS current
1283: DESCRIPTION
1284: "a row containing one ike proposal reference"
1285: INDEX { ipiaIkeActName, ipiaIkeActPropPriority }
1286: ::= { ipiaIkeActionProposalsTable 1 }
1287:
1288:
1289: IpiaIkeActionProposalsEntry ::= SEQUENCE {
1290: ipiaIkeActPropPriority Integer32,
1291: ipiaIkeActPropName SnmpAdminString,
1292: ipiaIkeActPropLastChanged TimeStamp,
1293: ipiaIkeActPropStorageType StorageType,
1294: ipiaIkeActPropRowStatus RowStatus
1295: }
1296:
1297:
1298: ipiaIkeActPropPriority OBJECT-TYPE
1299: SYNTAX Integer32 (0..65535)
1300: MAX-ACCESS not-accessible
1301: STATUS current
1302: DESCRIPTION
1303: "The numeric priority of a given contained proposal inside
1304: an ike Action. This index should be used to order the
1305: proposals in an IKE Phase I negotiation, lowest value
1306: first."
1307: ::= { ipiaIkeActionProposalsEntry 1 }
1308:
1309:
1310: ipiaIkeActPropName OBJECT-TYPE
1311: SYNTAX SnmpAdminString (SIZE(1..32))
1312: MAX-ACCESS read-create
1313: STATUS current
1314: DESCRIPTION
1315: "The administratively assigned name that can be used to
1316: reference a set of values contained within the
1317: ipiaIkeProposalTable."
1318: ::= { ipiaIkeActionProposalsEntry 2 }
1319:
1320:
1321:
1322: ipiaIkeActPropLastChanged OBJECT-TYPE
1323: SYNTAX TimeStamp
1324: MAX-ACCESS read-only
1325: STATUS current
1326: DESCRIPTION
1327: "The value of sysUpTime when this row was last modified or
1328: created either through SNMP SETs or by some other external
1329: means."
1330: ::= { ipiaIkeActionProposalsEntry 3 }
1331:
1332:
1333: ipiaIkeActPropStorageType OBJECT-TYPE
1334: SYNTAX StorageType
1335: MAX-ACCESS read-create
1336: STATUS current
1337: DESCRIPTION
1338: "The storage type for this row. Rows in this table which
1339: were created through an external process may have a storage
1340: type of readOnly or permanent."
1341: DEFVAL { nonVolatile }
1342: ::= { ipiaIkeActionProposalsEntry 4 }
1343:
1344:
1345: ipiaIkeActPropRowStatus OBJECT-TYPE
1346: SYNTAX RowStatus
1347: MAX-ACCESS read-create
1348: STATUS current
1349: DESCRIPTION
1350: "This object indicates the conceptual status of this row.
1351: The value of this object has no effect on whether other
1352: objects in this conceptual row can be modified."
1353: ::= { ipiaIkeActionProposalsEntry 5 }
1354:
1355:
1356:
1357: --
1358: -- IKE proposal definition table
1359: --
1360:
1361:
1362: ipiaIkeProposalTable OBJECT-TYPE
1363: SYNTAX SEQUENCE OF IpiaIkeProposalEntry
1364: MAX-ACCESS not-accessible
1365: STATUS current
1366: DESCRIPTION
1367: "This table contains a list of IKE proposals which are used
1368: in an IKE negotiation."
1369: ::= { ipiaConfigObjects 10 }
1370:
1371:
1372: ipiaIkeProposalEntry OBJECT-TYPE
1373: SYNTAX IpiaIkeProposalEntry
1374: MAX-ACCESS not-accessible
1375: STATUS current
1376: DESCRIPTION
1377: "One IKE proposal entry."
1378: INDEX { ipiaIkeActPropName }
1379: ::= { ipiaIkeProposalTable 1 }
1380:
1381:
1382: IpiaIkeProposalEntry ::= SEQUENCE {
1383: ipiaIkePropLifetimeDerivedKeys Unsigned32,
1384: ipiaIkePropCipherAlgorithm IkeEncryptionAlgorithm,
1385: ipiaIkePropCipherKeyLength Unsigned32,
1386: ipiaIkePropCipherKeyRounds Unsigned32,
1387: ipiaIkePropHashAlgorithm IkeHashAlgorithm,
1388: ipiaIkePropPrfAlgorithm INTEGER,
1389: ipiaIkePropVendorId OCTET STRING,
1390: ipiaIkePropDhGroup IkeGroupDescription,
1391: ipiaIkePropAuthenticationMethod IkeAuthMethod,
1392: ipiaIkePropMaxLifetimeSecs Unsigned32,
1393: ipiaIkePropMaxLifetimeKB Unsigned32,
1394: ipiaIkePropLastChanged TimeStamp,
1395: ipiaIkePropStorageType StorageType,
1396: ipiaIkePropRowStatus RowStatus
1397: }
1398:
1399:
1400: ipiaIkePropLifetimeDerivedKeys OBJECT-TYPE
1401: SYNTAX Unsigned32
1402: MAX-ACCESS read-create
1403: STATUS current
1404: DESCRIPTION
1405: "ipiaIkePropLifetimeDerivedKeys specifies the number of
1406: times that a phase 1 key will be used to derive a phase 2
1407: key before the phase 1 security association needs
1408: renegotiated."
1409: ::= { ipiaIkeProposalEntry 1 }
1410:
1411:
1412: ipiaIkePropCipherAlgorithm OBJECT-TYPE
1413: SYNTAX IkeEncryptionAlgorithm
1414: MAX-ACCESS read-create
1415: STATUS current
1416: DESCRIPTION
1417: "ipiaIkePropCipherAlgorithm specifies the proposed phase 1
1418: security association encryption algorithm."
1419: ::= { ipiaIkeProposalEntry 2 }
1420:
1421:
1422: ipiaIkePropCipherKeyLength OBJECT-TYPE
1423: SYNTAX Unsigned32
1424: MAX-ACCESS read-create
1425: STATUS current
1426: DESCRIPTION
1427: "This object specifies, in bits, the key length for
1428: the cipher algorithm used in IKE Phase 1 negotiation."
1429: ::= { ipiaIkeProposalEntry 3 }
1430:
1431:
1432: ipiaIkePropCipherKeyRounds OBJECT-TYPE
1433: SYNTAX Unsigned32
1434: MAX-ACCESS read-create
1435: STATUS current
1436: DESCRIPTION
1437: "This object specifies the number of key rounds for
1438: the cipher algorithm used in IKE Phase 1 negotiation."
1439: ::= { ipiaIkeProposalEntry 4 }
1440:
1441:
1442: ipiaIkePropHashAlgorithm OBJECT-TYPE
1443: SYNTAX IkeHashAlgorithm
1444: MAX-ACCESS read-create
1445: STATUS current
1446: DESCRIPTION
1447: "ipiaIkePropHashAlgorithm specifies the proposed phase 1
1448: security assocation hash algorithm."
1449: ::= { ipiaIkeProposalEntry 5 }
1450:
1451:
1452: ipiaIkePropPrfAlgorithm OBJECT-TYPE
1453: SYNTAX INTEGER { reserved(0) }
1454: MAX-ACCESS read-create
1455: STATUS current
1456: DESCRIPTION
1457: "ipPRFAlgorithm specifies the proposed phase 1 security
1458: association psuedo-random function.
1459:
1460:
1461: Note: currently no prf algorithms are defined."
1462: ::= { ipiaIkeProposalEntry 6 }
1463:
1464:
1465: ipiaIkePropVendorId OBJECT-TYPE
1466: SYNTAX OCTET STRING (SIZE(0..255))
1467: MAX-ACCESS read-create
1468: STATUS current
1469: DESCRIPTION
1470: "The VendorID property is used to identify vendor-defined
1471: key exchange GroupIDs."
1472: ::= { ipiaIkeProposalEntry 7 }
1473:
1474:
1475: ipiaIkePropDhGroup OBJECT-TYPE
1476: SYNTAX IkeGroupDescription
1477: MAX-ACCESS read-create
1478: STATUS current
1479: DESCRIPTION
1480: "This object specifies the proposed phase 1 security
1481: association Diffie-Hellman group"
1482: ::= { ipiaIkeProposalEntry 8 }
1483:
1484:
1485: ipiaIkePropAuthenticationMethod OBJECT-TYPE
1486: SYNTAX IkeAuthMethod
1487: MAX-ACCESS read-create
1488: STATUS current
1489: DESCRIPTION
1490: "This object specifies the proposed authentication
1491: method for the phase 1 security association."
1492: ::= { ipiaIkeProposalEntry 9 }
1493:
1494:
1495: ipiaIkePropMaxLifetimeSecs OBJECT-TYPE
1496: SYNTAX Unsigned32
1497: MAX-ACCESS read-create
1498: STATUS current
1499: DESCRIPTION
1500: "ipiaIkePropMaxLifetimeSecs specifies the maximum amount of
1501: time to propose a security association remain valid.
1502:
1503:
1504: A value of 0 indicates that the default lifetime of
1505: 8 hours should be used."
1506: ::= { ipiaIkeProposalEntry 10 }
1507:
1508:
1509: ipiaIkePropMaxLifetimeKB OBJECT-TYPE
1510: SYNTAX Unsigned32
1511: MAX-ACCESS read-create
1512: STATUS current
1513: DESCRIPTION
1514: "ipiaIkePropMaxLifetimeKB specifies the maximum kilobyte
1515: lifetime to propose a security association remain valid."
1516: ::= { ipiaIkeProposalEntry 11 }
1517:
1518:
1519: ipiaIkePropLastChanged OBJECT-TYPE
1520: SYNTAX TimeStamp
1521: MAX-ACCESS read-only
1522: STATUS current
1523: DESCRIPTION
1524: "The value of sysUpTime when this row was last modified or
1525: created either through SNMP SETs or by some other external
1526: means."
1527: ::= { ipiaIkeProposalEntry 12 }
1528:
1529:
1530: ipiaIkePropStorageType OBJECT-TYPE
1531: SYNTAX StorageType
1532: MAX-ACCESS read-create
1533: STATUS current
1534: DESCRIPTION
1535: "The storage type for this row. Rows in this table which
1536: were created through an external process may have a storage
1537: type of readOnly or permanent."
1538: DEFVAL { nonVolatile }
1539: ::= { ipiaIkeProposalEntry 13 }
1540:
1541:
1542: ipiaIkePropRowStatus OBJECT-TYPE
1543: SYNTAX RowStatus
1544: MAX-ACCESS read-create
1545: STATUS current
1546: DESCRIPTION
1547: "This object indicates the conceptual status of this row.
1548:
1549:
1550: The value of this object has no effect on whether other
1551: objects in this conceptual row can be modified."
1552: ::= { ipiaIkeProposalEntry 14 }
1553:
1554:
1555:
1556: --
1557: -- ipiaIpsecProposalsTable
1558: --
1559:
1560:
1561:
1562: ipiaIpsecProposalsTable OBJECT-TYPE
1563: SYNTAX SEQUENCE OF IpiaIpsecProposalsEntry
1564: MAX-ACCESS not-accessible
1565: STATUS current
1566: DESCRIPTION
1567: "This table lists one or more IPsec proposals for
1568: IPsec actions."
1569: ::= { ipiaConfigObjects 11 }
1570:
1571:
1572: ipiaIpsecProposalsEntry OBJECT-TYPE
1573: SYNTAX IpiaIpsecProposalsEntry
1574: MAX-ACCESS not-accessible
1575: STATUS current
1576: DESCRIPTION
1577: "An entry containing (possibly a portion of) a proposal."
1578: INDEX { ipiaIpsecPropName, ipiaIpsecPropPriority,
1579: ipiaIpsecPropProtocolId }
1580: ::= { ipiaIpsecProposalsTable 1 }
1581:
1582:
1583: IpiaIpsecProposalsEntry ::= SEQUENCE {
1584: ipiaIpsecPropName SnmpAdminString,
1585: ipiaIpsecPropPriority Integer32,
1586: ipiaIpsecPropProtocolId IpsecDoiSecProtocolId,
1587: ipiaIpsecPropTransformsName SnmpAdminString,
1588: ipiaIpsecPropLastChanged TimeStamp,
1589: ipiaIpsecPropStorageType StorageType,
1590: ipiaIpsecPropRowStatus RowStatus
1591: }
1592:
1593:
1594: ipiaIpsecPropName OBJECT-TYPE
1595: SYNTAX SnmpAdminString (SIZE(1..32))
1596: MAX-ACCESS not-accessible
1597: STATUS current
1598: DESCRIPTION
1599: "The name of this proposal."
1600: ::= { ipiaIpsecProposalsEntry 1 }
1601:
1602:
1603: ipiaIpsecPropPriority OBJECT-TYPE
1604: SYNTAX Integer32 (0..65535)
1605: MAX-ACCESS not-accessible
1606: STATUS current
1607: DESCRIPTION
1608: "The priority level (AKA sequence level) of this proposal.
1609: A lower number indicates a higher precedence."
1610: ::= { ipiaIpsecProposalsEntry 2 }
1611:
1612:
1613: ipiaIpsecPropProtocolId OBJECT-TYPE
1614: SYNTAX IpsecDoiSecProtocolId
1615: MAX-ACCESS not-accessible
1616: STATUS current
1617: DESCRIPTION
1618: "The protocol Id for the transforms for this proposal. The
1619: protoIsakmp(1) value is not valid for this object. This
1620: object, along with the ipiaIpsecPropTransformsName, is the
1621: index into the ipiaIpsecTransformsTable."
1622: ::= { ipiaIpsecProposalsEntry 3 }
1623:
1624:
1625: ipiaIpsecPropTransformsName OBJECT-TYPE
1626: SYNTAX SnmpAdminString (SIZE(1..32))
1627: MAX-ACCESS read-create
1628: STATUS current
1629: DESCRIPTION
1630: "The name of the transform or group of transforms for this
1631: protocol. This object, along with the
1632: ipiaIpsecPropProtocolId, is the index into the
1633: ipiaIpsecTransformsTable."
1634: ::= { ipiaIpsecProposalsEntry 4 }
1635:
1636:
1637: ipiaIpsecPropLastChanged OBJECT-TYPE
1638: SYNTAX TimeStamp
1639: MAX-ACCESS read-only
1640: STATUS current
1641: DESCRIPTION
1642: "The value of sysUpTime when this row was last modified or
1643: created either through SNMP SETs or by some other external
1644: means."
1645: ::= { ipiaIpsecProposalsEntry 5 }
1646:
1647:
1648: ipiaIpsecPropStorageType OBJECT-TYPE
1649: SYNTAX StorageType
1650: MAX-ACCESS read-create
1651: STATUS current
1652: DESCRIPTION
1653: "The storage type for this row. Rows in this table which
1654: were created through an external process may have a storage
1655: type of readOnly or permanent."
1656: DEFVAL { nonVolatile }
1657: ::= { ipiaIpsecProposalsEntry 6 }
1658:
1659:
1660: ipiaIpsecPropRowStatus OBJECT-TYPE
1661: SYNTAX RowStatus
1662: MAX-ACCESS read-create
1663: STATUS current
1664: DESCRIPTION
1665: "This object indicates the conceptual status of this row.
1666:
1667:
1668: The value of this object has no effect on whether other
1669: objects in this conceptual row can be modified.
1670:
1671:
1672: This row may not be set to active until the corresponding
1673: row in the ipiaIpsecTransformsTable exists and is active."
1674: ::= { ipiaIpsecProposalsEntry 7 }
1675:
1676:
1677: --
1678: -- ipiaIpsecTransformsTable
1679: --
1680:
1681:
1682:
1683: ipiaIpsecTransformsTable OBJECT-TYPE
1684: SYNTAX SEQUENCE OF IpiaIpsecTransformsEntry
1685: MAX-ACCESS not-accessible
1686: STATUS current
1687: DESCRIPTION
1688: "This table lists the IPsec proposals contained within a
1689: given IPsec action and the transforms within each of those
1690: proposals. These proposals and transforms can then be used
1691: to create phase 2 negotiation proposals."
1692: ::= { ipiaConfigObjects 12 }
1693:
1694:
1695: ipiaIpsecTransformsEntry OBJECT-TYPE
1696: SYNTAX IpiaIpsecTransformsEntry
1697: MAX-ACCESS not-accessible
1698: STATUS current
1699: DESCRIPTION
1700: "An entry containing the information on an IPsec transform."
1701: INDEX { ipiaIpsecTranType, ipiaIpsecTranName,
1702: ipiaIpsecTranPriority }
1703: ::= { ipiaIpsecTransformsTable 1 }
1704:
1705:
1706: IpiaIpsecTransformsEntry ::= SEQUENCE {
1707: ipiaIpsecTranType IpsecDoiSecProtocolId,
1708: ipiaIpsecTranName SnmpAdminString,
1709: ipiaIpsecTranPriority Integer32,
1710: ipiaIpsecTranTransformName SnmpAdminString,
1711: ipiaIpsecTranLastChanged TimeStamp,
1712: ipiaIpsecTranStorageType StorageType,
1713: ipiaIpsecTranRowStatus RowStatus
1714: }
1715:
1716:
1717: ipiaIpsecTranType OBJECT-TYPE
1718: SYNTAX IpsecDoiSecProtocolId
1719: MAX-ACCESS not-accessible
1720: STATUS current
1721: DESCRIPTION
1722: "The protocol type for this transform. The protoIsakmp(1)
1723: value is not valid for this object."
1724: ::= { ipiaIpsecTransformsEntry 1 }
1725:
1726: ipiaIpsecTranName OBJECT-TYPE
1727: SYNTAX SnmpAdminString (SIZE(1..32))
1728: MAX-ACCESS not-accessible
1729: STATUS current
1730: DESCRIPTION
1731: "The name for this transform or group of transforms."
1732: ::= { ipiaIpsecTransformsEntry 2 }
1733:
1734:
1735: ipiaIpsecTranPriority OBJECT-TYPE
1736: SYNTAX Integer32 (0..65535)
1737: MAX-ACCESS not-accessible
1738: STATUS current
1739: DESCRIPTION
1740: "The priority level (AKA sequence level) of the this
1741: transform within the group of transforms. This indicates
1742: the preference for which algorithms are requested when the
1743: list of transforms are sent to the remote host. A lower
1744: number indicates a higher precedence."
1745: ::= { ipiaIpsecTransformsEntry 3 }
1746:
1747:
1748: ipiaIpsecTranTransformName OBJECT-TYPE
1749: SYNTAX SnmpAdminString (SIZE(1..32))
1750: MAX-ACCESS read-create
1751: STATUS current
1752: DESCRIPTION
1753: "The name for the given transform. Depending on the value
1754: of ipiaIpsecTranType, this value should be used to lookup
1755: the transform's specific parameters in the
1756: ipiaAhTransformTable, the ipiaEspTransformTable or the
1757: ipiaIpcompTransformTable."
1758: ::= { ipiaIpsecTransformsEntry 4 }
1759:
1760:
1761: ipiaIpsecTranLastChanged OBJECT-TYPE
1762: SYNTAX TimeStamp
1763: MAX-ACCESS read-only
1764: STATUS current
1765: DESCRIPTION
1766: "The value of sysUpTime when this row was last modified or
1767: created either through SNMP SETs or by some other external
1768: means."
1769: ::= { ipiaIpsecTransformsEntry 5 }
1770:
1771:
1772: ipiaIpsecTranStorageType OBJECT-TYPE
1773: SYNTAX StorageType
1774: MAX-ACCESS read-create
1775: STATUS current
1776: DESCRIPTION
1777: "The storage type for this row. Rows in this table which
1778: were created through an external process may have a storage
1779: type of readOnly or permanent."
1780: DEFVAL { nonVolatile }
1781: ::= { ipiaIpsecTransformsEntry 6 }
1782:
1783:
1784: ipiaIpsecTranRowStatus OBJECT-TYPE
1785: SYNTAX RowStatus
1786: MAX-ACCESS read-create
1787: STATUS current
1788: DESCRIPTION
1789: "This object indicates the conceptual status of this row.
1790:
1791:
1792: The value of this object has no effect on whether other
1793: objects in this conceptual row can be modified.
1794:
1795:
1796: This row may not be set to active until the corresponding
1797: row in the ipiaAhTransformTable, ipiaEspTransformTable or
1798: the ipiaIpcompTransformTable exists."
1799: ::= { ipiaIpsecTransformsEntry 7 }
1800:
1801:
1802:
1803: --
1804: -- IKE identity definition table
1805: --
1806:
1807:
1808: ipiaIkeIdentityTable OBJECT-TYPE
1809: SYNTAX SEQUENCE OF IpiaIkeIdentityEntry
1810: MAX-ACCESS not-accessible
1811: STATUS current
1812: DESCRIPTION
1813: "IKEIdentity is used to represent the identities that may be
1814: used for an IPProtocolEndpoint (or collection of
1815: IPProtocolEndpoints) to identify itself in IKE phase 1
1816: negotiations. The column ikeIdentityName in an
1817: ipiaIkeActionEntry together with the spdEndGroupIdentType
1818: and the spdEndGroupAddress in the
1819: PolicyEndpointToGroupTable specifies the unique identity to
1820: use in a negotiation exchange."
1821: ::= { ipiaConfigObjects 13 }
1822:
1823:
1824: ipiaIkeIdentityEntry OBJECT-TYPE
1825: SYNTAX IpiaIkeIdentityEntry
1826: MAX-ACCESS not-accessible
1827: STATUS current
1828: DESCRIPTION
1829: "ikeIdentity lists the attributes of an IKE identity."
1830: INDEX { spdEndGroupIdentType, spdEndGroupAddress,
1830: severe -
unknown object identifier label `spdEndGroupIdentType'
1830: severe -
unknown object identifier label `spdEndGroupAddress'
1831: ipiaIkeActIdentityType, ipiaIkeActIdentityContext }
1832: ::= { ipiaIkeIdentityTable 1 }
1833:
1834:
1835: IpiaIkeIdentityEntry ::= SEQUENCE {
1836: ipiaIkeIdCredentialName SnmpAdminString,
1837: ipiaIkeIdLastChanged TimeStamp,
1838: ipiaIkeIdStorageType StorageType,
1839: ipiaIkeIdRowStatus RowStatus
1840: }
1841:
1842:
1843: ipiaIkeIdCredentialName OBJECT-TYPE
1844: SYNTAX SnmpAdminString (SIZE(0..32))
1845: MAX-ACCESS read-create
1846: STATUS current
1847: DESCRIPTION
1848: "This value is used as an index into the ipiaCredentialTable
1849: to look up the actual credential value and other credential
1850: information.
1851:
1852:
1853: For ID's without associated credential information, this
1854: value is left blank.
1855:
1856:
1857: For ID's that are address types, this value may be left
1858: blank and the associated IPProtocolEndpoint or appropriate
1859: member of the Collection of endpoints is used."
1860: ::= { ipiaIkeIdentityEntry 1 }
1861:
1862:
1863: ipiaIkeIdLastChanged OBJECT-TYPE
1864: SYNTAX TimeStamp
1865: MAX-ACCESS read-only
1866: STATUS current
1867: DESCRIPTION
1868: "The value of sysUpTime when this row was last modified or
1869: created either through SNMP SETs or by some other external
1870: means."
1871: ::= { ipiaIkeIdentityEntry 2 }
1872:
1873:
1874: ipiaIkeIdStorageType OBJECT-TYPE
1875: SYNTAX StorageType
1876: MAX-ACCESS read-create
1877: STATUS current
1878: DESCRIPTION
1879: "The storage type for this row. Rows in this table which
1880: were created through an external process may have a storage
1881: type of readOnly or permanent."
1882: DEFVAL { nonVolatile }
1883: ::= { ipiaIkeIdentityEntry 3 }
1884:
1885:
1886: ipiaIkeIdRowStatus OBJECT-TYPE
1887: SYNTAX RowStatus
1888: MAX-ACCESS read-create
1889: STATUS current
1890: DESCRIPTION
1891: "This object indicates the conceptual status of this row.
1892:
1893:
1894: The value of this object has no effect on whether other
1895: objects in this conceptual row can be modified.
1896:
1897:
1898: If active, this object must remain active if it is
1899: referenced by a row in another table."
1900: ::= { ipiaIkeIdentityEntry 4 }
1901:
1902:
1903:
1904: --
1905: -- autostart IKE Table
1906:
1907:
1908: ipiaAutostartIkeTable OBJECT-TYPE
1909: SYNTAX SEQUENCE OF IpiaAutostartIkeEntry
1910: MAX-ACCESS not-accessible
1911: STATUS current
1912: DESCRIPTION
1913: "The parameters in the autostart IKE Table are used to
1914: automatically initiate IKE phaes I and II (i.e. IPsec)
1915: negotiations on startup. It also will initiate IKE phase I
1916: and II negotiations for a row at the time of that row's
1917: creation"
1918: ::= { ipiaConfigObjects 14 }
1919:
1920:
1921: ipiaAutostartIkeEntry OBJECT-TYPE
1922: SYNTAX IpiaAutostartIkeEntry
1923: MAX-ACCESS not-accessible
1924: STATUS current
1925: DESCRIPTION
1926: "autostart ike provides the set of parameters to
1927: automatically start IKE and IPsec SA's."
1928: INDEX { ipiaAutoIkePriority }
1929: ::= { ipiaAutostartIkeTable 1 }
1930:
1931:
1932: IpiaAutostartIkeEntry ::= SEQUENCE {
1933: ipiaAutoIkePriority Integer32,
1934: ipiaAutoIkeAction VariablePointer,
1935: ipiaAutoIkeAddressType InetAddressType,
1936: ipiaAutoIkeSourceAddress InetAddress,
1937: ipiaAutoIkeSourcePort InetPortNumber,
1938: ipiaAutoIkeDestAddress InetAddress,
1939: ipiaAutoIkeDestPort InetPortNumber,
1940: ipiaAutoIkeProtocol Unsigned32,
1941: ipiaAutoIkeLastChanged TimeStamp,
1942: ipiaAutoIkeStorageType StorageType,
1943: ipiaAutoIkeRowStatus RowStatus
1944: }
1945:
1946:
1947: ipiaAutoIkePriority OBJECT-TYPE
1948: SYNTAX Integer32 (0..65535)
1949: MAX-ACCESS not-accessible
1950: STATUS current
1951: DESCRIPTION
1952: "ipiaAutoIkePriority is an index into the autostartIkeAction
1953: table and can be used to order the autostart IKE actions."
1954: ::= { ipiaAutostartIkeEntry 1 }
1955:
1956:
1957: ipiaAutoIkeAction OBJECT-TYPE
1958: SYNTAX VariablePointer
1959: MAX-ACCESS read-create
1960: STATUS current
1961: DESCRIPTION
1962: "This pointer is used to point to the action or compound
1963: action that should be initiated by this row."
1964: ::= { ipiaAutostartIkeEntry 2 }
1965:
1966:
1967: ipiaAutoIkeAddressType OBJECT-TYPE
1968: SYNTAX InetAddressType
1969: MAX-ACCESS read-create
1970: STATUS current
1971: DESCRIPTION
1972: "The property ipiaAutoIkeAddressType specifies the format of
1973: the autoIke source and destination Address values.
1974:
1975:
1976: Values of unknown, ipv4z, ipv6z and dns are not legal
1977: values for this object."
1978: ::= { ipiaAutostartIkeEntry 3 }
1979:
1980:
1981: ipiaAutoIkeSourceAddress OBJECT-TYPE
1982: SYNTAX InetAddress
1983: MAX-ACCESS read-create
1984: STATUS current
1985: DESCRIPTION
1986: "The property autoIkeSourecAddress specifies Source IP
1987: address for autostarting IKE SA's, formatted according to
1988: the appropriate convention as defined in the
1989: ipiaAutoIkeAddressType property."
1990: ::= { ipiaAutostartIkeEntry 4 }
1991:
1992:
1993: ipiaAutoIkeSourcePort OBJECT-TYPE
1994: SYNTAX InetPortNumber
1995: MAX-ACCESS read-create
1996: STATUS current
1997: DESCRIPTION
1998: "The property ipiaAutoIkeSourcePort specifies the port
1999: number for the source port for auotstarting IKE SA's.
2000:
2001:
2002: The value of 0 for this object is illegal."
2003: ::= { ipiaAutostartIkeEntry 5 }
2004:
2005:
2006: ipiaAutoIkeDestAddress OBJECT-TYPE
2007: SYNTAX InetAddress
2008: MAX-ACCESS read-create
2009: STATUS current
2010: DESCRIPTION
2011: "The property ipiaAutoIkeDestAddress specifies the
2012: Destination IP address for autostarting IKE SA's, formatted
2013: according to the appropriate convention as defined in the
2014: ipiaAutoIkeAddressType property."
2015: ::= { ipiaAutostartIkeEntry 6 }
2016:
2017:
2018: ipiaAutoIkeDestPort OBJECT-TYPE
2019: SYNTAX InetPortNumber
2020: MAX-ACCESS read-create
2021: STATUS current
2022: DESCRIPTION
2023: "The property ipiaAutoIkeDestPort specifies the port number
2024: for the destination port for auotstarting IKE SA's.
2025:
2026:
2027: The value of 0 for this object is illegal."
2028: ::= { ipiaAutostartIkeEntry 7 }
2029:
2030:
2031: ipiaAutoIkeProtocol OBJECT-TYPE
2032: SYNTAX Unsigned32 (0..255)
2033: MAX-ACCESS read-create
2034: STATUS current
2035: DESCRIPTION
2036: "The property Protocol specifies the protocol number used in
2037: comparing with policy filter entries and used in any phase
2038: 2 negotiations."
2039: ::= { ipiaAutostartIkeEntry 8 }
2040:
2041:
2042: ipiaAutoIkeLastChanged OBJECT-TYPE
2043: SYNTAX TimeStamp
2044: MAX-ACCESS read-only
2045: STATUS current
2046: DESCRIPTION
2047: "The value of sysUpTime when this row was last modified or
2048: created either through SNMP SETs or by some other external
2049: means."
2050: ::= { ipiaAutostartIkeEntry 9 }
2051:
2052:
2053: ipiaAutoIkeStorageType OBJECT-TYPE
2054: SYNTAX StorageType
2055: MAX-ACCESS read-create
2056: STATUS current
2057: DESCRIPTION
2058: "The storage type for this row. Rows in this table which
2059: were created through an external process may have a storage
2060: type of readOnly or permanent."
2061: DEFVAL { nonVolatile }
2062: ::= { ipiaAutostartIkeEntry 10 }
2063:
2064:
2065: ipiaAutoIkeRowStatus OBJECT-TYPE
2066: SYNTAX RowStatus
2067: MAX-ACCESS read-create
2068: STATUS current
2069: DESCRIPTION
2070: "This object indicates the conceptual status of this row.
2071:
2072:
2073: The value of this object has no effect on whether other
2074: objects in this conceptual row can be modified."
2075:
2076:
2077: ::= { ipiaAutostartIkeEntry 11 }
2078:
2079:
2080:
2081: --
2082: -- CA Table
2083: --
2084:
2085:
2086: ipiaIpsecCredMngServiceTable OBJECT-TYPE
2087: SYNTAX SEQUENCE OF IpiaIpsecCredMngServiceEntry
2088: MAX-ACCESS not-accessible
2089: STATUS current
2090: DESCRIPTION
2091: "A table of Credential Management Service values. This table
2092: is usually used for credential/certificate values that are
2093: used with a management service (e.g. Certificate
2094: Authorities)."
2095: ::= { ipiaConfigObjects 15 }
2096:
2097:
2098: ipiaIpsecCredMngServiceEntry OBJECT-TYPE
2099: SYNTAX IpiaIpsecCredMngServiceEntry
2100: MAX-ACCESS not-accessible
2101: STATUS current
2102: DESCRIPTION
2103: "A row in the ipiaIpsecCredMngServiceTable."
2104:
2105: INDEX { ipiaIcmsName }
2106: ::= { ipiaIpsecCredMngServiceTable 1 }
2107:
2108:
2109: IpiaIpsecCredMngServiceEntry ::= SEQUENCE {
2110: ipiaIcmsName SnmpAdminString,
2111: ipiaIcmsDistinguishedName OCTET STRING,
2112: ipiaIcmsPolicyStatement OCTET STRING,
2113: ipiaIcmsMaxChainLength Integer32,
2114: ipiaIcmsCredentialName SnmpAdminString,
2115: ipiaIcmsLastChanged TimeStamp,
2116: ipiaIcmsStorageType StorageType,
2117: ipiaIcmsRowStatus RowStatus
2118: }
2119:
2120:
2121: ipiaIcmsName OBJECT-TYPE
2122: SYNTAX SnmpAdminString(SIZE(1..32))
2123: MAX-ACCESS not-accessible
2124: STATUS current
2125: DESCRIPTION
2126: "This is an administratively assigned string used to index
2127: this table."
2128: ::= { ipiaIpsecCredMngServiceEntry 1 }
2129:
2130:
2131: ipiaIcmsDistinguishedName OBJECT-TYPE
2132: SYNTAX OCTET STRING (SIZE(1..256))
2133: MAX-ACCESS read-create
2134: STATUS current
2135: DESCRIPTION
2136: "This value represents the Distinguished Name of the
2137: Credential Management Service."
2138: ::= { ipiaIpsecCredMngServiceEntry 2 }
2139:
2140:
2141: ipiaIcmsPolicyStatement OBJECT-TYPE
2142: SYNTAX OCTET STRING (SIZE(0..1024))
2143: MAX-ACCESS read-create
2144: STATUS current
2145: DESCRIPTION
2146: "This Value represents the Credential Management Service
2147: Policy Statement, or a reference describing how to obtain
2148: it (e.g., a URL). If one doesn't exist, this value can be
2149: left blank"
2150: ::= { ipiaIpsecCredMngServiceEntry 3 }
2151:
2152:
2153: ipiaIcmsMaxChainLength OBJECT-TYPE
2154: SYNTAX Integer32 (0..255)
2155: MAX-ACCESS read-create
2156: STATUS current
2157: DESCRIPTION
2158: "This value is the maximum length of the chain allowble from
2159: the Credential Management Service to the credential in
2160: question."
2161: DEFVAL { 0 }
2162: ::= { ipiaIpsecCredMngServiceEntry 4}
2163:
2164:
2165: ipiaIcmsCredentialName OBJECT-TYPE
2166: SYNTAX SnmpAdminString (SIZE(0..32))
2167: MAX-ACCESS read-create
2168: STATUS current
2169: DESCRIPTION
2170: "This value is used as an index into the ipiaCredentialTable
2171: to look up the actual credential value."
2172: ::= { ipiaIpsecCredMngServiceEntry 5 }
2173:
2174:
2175: ipiaIcmsLastChanged OBJECT-TYPE
2176: SYNTAX TimeStamp
2177: MAX-ACCESS read-only
2178: STATUS current
2179: DESCRIPTION
2180: "The value of sysUpTime when this row was last modified or
2181: created either through SNMP SETs or by some other external
2182: means."
2183: ::= { ipiaIpsecCredMngServiceEntry 6 }
2184:
2185:
2186: ipiaIcmsStorageType OBJECT-TYPE
2187: SYNTAX StorageType
2188: MAX-ACCESS read-create
2189: STATUS current
2190: DESCRIPTION
2191: "The storage type for this row. Rows in this table which
2192: were created through an external process may have a storage
2193: type of readOnly or permanent."
2194: DEFVAL { nonVolatile }
2195: ::= { ipiaIpsecCredMngServiceEntry 7 }
2196:
2197:
2198: ipiaIcmsRowStatus OBJECT-TYPE
2199: SYNTAX RowStatus
2200: MAX-ACCESS read-create
2201: STATUS current
2202: DESCRIPTION
2203: "This object indicates the conceptual status of this row.
2204:
2205:
2206: The value of this object has no effect on whether other
2207: objects in this conceptual row can be modified.
2208:
2209:
2210: If active, this object must remain active if it is
2211: referenced by a row in another table."
2212: ::= { ipiaIpsecCredMngServiceEntry 8 }
2213:
2214:
2215:
2216: --
2217: -- CRL Table
2218: --
2219:
2220:
2221: ipiaCredMngCRLTable OBJECT-TYPE
2222: SYNTAX SEQUENCE OF IpiaCredMngCRLEntry
2223: MAX-ACCESS not-accessible
2224: STATUS current
2225: DESCRIPTION
2226: "A table of the Credential Revocation Lists (CRL) for
2227: credential managment services."
2228: ::= { ipiaConfigObjects 16 }
2229:
2230:
2231: ipiaCredMngCRLEntry OBJECT-TYPE
2232: SYNTAX IpiaCredMngCRLEntry
2233: MAX-ACCESS not-accessible
2234: STATUS current
2235: DESCRIPTION
2236: "A row in the ipiaCredMngCRLTable."
2237: INDEX { ipiaIcmsName , ipiaCmcCRLName }
2238: ::= { ipiaCredMngCRLTable 1 }
2239:
2240:
2241: IpiaCredMngCRLEntry ::= SEQUENCE {
2242: ipiaCmcCRLName SnmpAdminString,
2243: ipiaCmcDistributionPoint OCTET STRING,
2244: ipiaCmcThisUpdate OCTET STRING,
2245: ipiaCmcNextUpdate OCTET STRING,
2246: ipiaCmcLastChanged TimeStamp,
2247: ipiaCmcStorageType StorageType,
2248: ipiaCmcRowStatus RowStatus
2249: }
2250:
2251:
2252: ipiaCmcCRLName OBJECT-TYPE
2253: SYNTAX SnmpAdminString(SIZE(1..32))
2254: MAX-ACCESS not-accessible
2255: STATUS current
2256: DESCRIPTION
2257: "This is an administratively assigned string used to index
2258: this table. It represents a CRL for a given CA from a given
2259: distribution point."
2260: ::= { ipiaCredMngCRLEntry 1 }
2261:
2262:
2263: ipiaCmcDistributionPoint OBJECT-TYPE
2264: SYNTAX OCTET STRING (SIZE(0..256))
2265: MAX-ACCESS read-create
2266: STATUS current
2267: DESCRIPTION
2268: "This Value represents a Distribution Point for a Credential
2269: Revocation List. It can be relative to the Credential
2270: Management Service or a full name (URL, e-mail, etc...)."
2271: ::= { ipiaCredMngCRLEntry 2 }
2272:
2273:
2274: ipiaCmcThisUpdate OBJECT-TYPE
2275: SYNTAX OCTET STRING (SIZE(0..32))
2276: MAX-ACCESS read-create
2277: STATUS current
2278: DESCRIPTION
2279: "This value is the issue date of this CRL. This
2280: should be in utctime or generalizedtime."
2281: ::= { ipiaCredMngCRLEntry 3 }
2282:
2283:
2284: ipiaCmcNextUpdate OBJECT-TYPE
2285: SYNTAX OCTET STRING (SIZE(0..32))
2286: MAX-ACCESS read-create
2287: STATUS current
2288: DESCRIPTION
2289: "This value indicates the date the next version of this CRL
2290: will be issued. This should be in utctime or
2291: generalizedtime."
2292: ::= { ipiaCredMngCRLEntry 4 }
2293:
2294:
2295: ipiaCmcLastChanged OBJECT-TYPE
2296: SYNTAX TimeStamp
2297: MAX-ACCESS read-only
2298: STATUS current
2299: DESCRIPTION
2300: "The value of sysUpTime when this row was last modified or
2301: created either through SNMP SETs or by some other external
2302: means."
2303: ::= { ipiaCredMngCRLEntry 5 }
2304:
2305:
2306: ipiaCmcStorageType OBJECT-TYPE
2307: SYNTAX StorageType
2308: MAX-ACCESS read-create
2309: STATUS current
2310: DESCRIPTION
2311: "The storage type for this row. Rows in this table which
2312: were created through an external process may have a storage
2313: type of readOnly or permanent."
2314: DEFVAL { nonVolatile }
2315: ::= { ipiaCredMngCRLEntry 6 }
2316:
2317:
2318: ipiaCmcRowStatus OBJECT-TYPE
2319: SYNTAX RowStatus
2320: MAX-ACCESS read-create
2321: STATUS current
2322: DESCRIPTION
2323: "This object indicates the conceptual status of this row.
2324:
2325:
2326: The value of this object has no effect on whether other
2327: objects in this conceptual row can be modified.
2328:
2329:
2330: If active, this object must remain active if it is
2331: referenced by a row in another table."
2332: ::= { ipiaCredMngCRLEntry 7 }
2333:
2334:
2335:
2336: --
2337: -- Revoked Certificate Table
2338: --
2339:
2340:
2341: ipiaRevokedCertificateTable OBJECT-TYPE
2342: SYNTAX SEQUENCE OF IpiaRevokedCertificateEntry
2343: MAX-ACCESS not-accessible
2344: STATUS current
2345: DESCRIPTION
2346: "A table of Credentials revoked by credential managment
2347: services. That is, this table is a table of Certificates
2348: that are on CRL's, Credential Revocation Lists."
2349: ::= { ipiaConfigObjects 17 }
2350:
2351:
2352: ipiaRevokedCertificateEntry OBJECT-TYPE
2353: SYNTAX IpiaRevokedCertificateEntry
2354: MAX-ACCESS not-accessible
2355: STATUS current
2356: DESCRIPTION
2357: "A row in the ipiaRevokedCertificateTable."
2358: INDEX { ipiaCmcCRLName, ipiaRctCertSerialNumber}
2359: ::= { ipiaRevokedCertificateTable 1 }
2360:
2361:
2362: IpiaRevokedCertificateEntry ::= SEQUENCE {
2363: ipiaRctCertSerialNumber Unsigned32,
2364: ipiaRctRevokedDate OCTET STRING,
2365: ipiaRctRevokedReason INTEGER,
2366: ipiaRctLastChanged TimeStamp,
2367: ipiaRctStorageType StorageType,
2368: ipiaRctRowStatus RowStatus
2369: }
2370:
2371:
2372: ipiaRctCertSerialNumber OBJECT-TYPE
2373: SYNTAX Unsigned32 (0..4294967295)
2374: MAX-ACCESS not-accessible
2375: STATUS current
2376: DESCRIPTION
2377: "This value is the serial number of the revoked
2378: certificate."
2379: ::= { ipiaRevokedCertificateEntry 1 }
2380:
2381:
2382: ipiaRctRevokedDate OBJECT-TYPE
2383: SYNTAX OCTET STRING (SIZE(0..32))
2384: MAX-ACCESS read-create
2385: STATUS current
2386: DESCRIPTION
2387: "This value is the revocation date of the certificate. This
2388: should be in utctime or generaltime."
2389: ::= { ipiaRevokedCertificateEntry 2 }
2390:
2391:
2392: ipiaRctRevokedReason OBJECT-TYPE
2393: SYNTAX INTEGER { reserved(0), unspecified(1), keyCompromise(2),
2394: cACompromise(3), affiliationChanged(4),
2395: superseded(5), cessationOfOperation(6),
2396: certificateHold(7), removeFromCRL(8) }
2397: MAX-ACCESS read-create
2398: STATUS current
2399: DESCRIPTION
2400: "This value is the reason this certificate was revoked."
2401: DEFVAL { unspecified }
2402: ::= { ipiaRevokedCertificateEntry 3 }
2403:
2404:
2405: ipiaRctLastChanged OBJECT-TYPE
2406: SYNTAX TimeStamp
2407: MAX-ACCESS read-only
2408: STATUS current
2409: DESCRIPTION
2410: "The value of sysUpTime when this row was last modified or
2411: created either through SNMP SETs or by some other external
2412: means."
2413: ::= { ipiaRevokedCertificateEntry 4 }
2414:
2415:
2416: ipiaRctStorageType OBJECT-TYPE
2417: SYNTAX StorageType
2418: MAX-ACCESS read-create
2419: STATUS current
2420: DESCRIPTION
2421: "The storage type for this row. Rows in this table which
2422: were created through an external process may have a storage
2423: type of readOnly or permanent."
2424: DEFVAL { nonVolatile }
2425: ::= { ipiaRevokedCertificateEntry 5 }
2426:
2427: ipiaRctRowStatus OBJECT-TYPE
2428: SYNTAX RowStatus
2429: MAX-ACCESS read-create
2430: STATUS current
2431: DESCRIPTION
2432: "This object indicates the conceptual status of this row.
2433:
2434:
2435: The value of this object has no effect on whether other
2436: objects in this conceptual row can be modified.
2437:
2438:
2439: If active, this object must remain active if it is
2440: referenced by a row in another table."
2441: ::= { ipiaRevokedCertificateEntry 6 }
2442:
2443:
2444: --
2445: --
2446: -- Notification objects information
2447: --
2448: --
2449:
2450:
2451: ipiaNotificationVariables OBJECT IDENTIFIER ::=
2452: { ipiaNotificationObjects 1 }
2453:
2454:
2455: ipiaNotifications OBJECT IDENTIFIER ::=
2456: { ipiaNotificationObjects 0 }
2457:
2458:
2459:
2460: --
2461: --
2462: -- Conformance information
2463: --
2464: --
2465:
2466:
2467: ipiaCompliances OBJECT IDENTIFIER
2468: ::= { ipiaConformanceObjects 1 }
2469: ipiaGroups OBJECT IDENTIFIER
2470: ::= { ipiaConformanceObjects 2 }
2471:
2472:
2473:
2474: --
2475: -- Compliance statements
2476: --
2477: --
2478:
2479:
2480: ipiaIKECompliance MODULE-COMPLIANCE
2481: STATUS current
2482: DESCRIPTION
2483: "The compliance statement for SNMP entities that include an
2484: IPsec MIB implementation and supports IKE actions."
2485: MODULE -- This Module
2486: MANDATORY-GROUPS { ipiaIpsecGroup, ipiaIkeGroup,
2487: ipiaStaticActionGroup, ipsaSharedGroup }
2488:
2489:
2490: OBJECT ipiaIkeActRowStatus
2491: SYNTAX RowStatus {
2492: active(1), createAndGo(4), destroy(6)
2493: }
2494: DESCRIPTION
2495: "Support of the values notInService(2), notReady(3),
2496: and createAndWait(5) is not required."
2497:
2498:
2499: OBJECT ipiaIkeActLastChanged
2500: MIN-ACCESS not-accessible
2501: DESCRIPTION
2502: "This object is optional so as not to impose an undue
2503: burden on resource-constrained devices."
2504:
2505:
2506: OBJECT ipiaIkeActPropRowStatus
2507: SYNTAX RowStatus {
2508: active(1), createAndGo(4), destroy(6)
2509: }
2510: DESCRIPTION
2511: "Support of the values notInService(2), notReady(3),
2512: and createAndWait(5) is not required."
2513:
2514:
2515: OBJECT ipiaIkeActPropLastChanged
2516: MIN-ACCESS not-accessible
2517: DESCRIPTION
2518: "This object is optional so as not to impose an undue
2519: burden on resource-constrained devices."
2520:
2521:
2522: OBJECT ipiaIkePropRowStatus
2523: SYNTAX RowStatus {
2524: active(1), createAndGo(4), destroy(6)
2525: }
2526: DESCRIPTION
2527: "Support of the values notInService(2), notReady(3),
2528: and createAndWait(5) is not required."
2529:
2530:
2531: OBJECT ipiaIkePropLastChanged
2532: MIN-ACCESS not-accessible
2533: DESCRIPTION
2534: "This object is optional so as not to impose an undue
2535: burden on resource-constrained devices."
2536:
2537:
2538: OBJECT ipiaIpsecActRowStatus
2539: SYNTAX RowStatus {
2540: active(1), createAndGo(4), destroy(6)
2541: }
2542: DESCRIPTION
2543: "Support of the values notInService(2), notReady(3),
2544: and createAndWait(5) is not required."
2545:
2546:
2547: OBJECT ipiaIpsecActLastChanged
2548: MIN-ACCESS not-accessible
2549: DESCRIPTION
2550: "This object is optional so as not to impose an undue
2551: burden on resource-constrained devices."
2552:
2553:
2554: OBJECT ipiaIpsecPropRowStatus
2555: SYNTAX RowStatus {
2556: active(1), createAndGo(4), destroy(6)
2557: }
2558: DESCRIPTION
2559: "Support of the values notInService(2), notReady(3),
2560: and createAndWait(5) is not required."
2561:
2562:
2563: OBJECT ipiaIpsecPropLastChanged
2564: MIN-ACCESS not-accessible
2565: DESCRIPTION
2566: "This object is optional so as not to impose an undue
2567: burden on resource-constrained devices."
2568:
2569:
2570: OBJECT ipiaIpsecTranRowStatus
2571: SYNTAX RowStatus {
2572: active(1), createAndGo(4), destroy(6)
2573: }
2574: DESCRIPTION
2575: "Support of the values notInService(2), notReady(3),
2576: and createAndWait(5) is not required."
2577:
2578:
2579: OBJECT ipiaIpsecTranLastChanged
2580: MIN-ACCESS not-accessible
2581: DESCRIPTION
2582: "This object is optional so as not to impose an undue
2583: burden on resource-constrained devices."
2584:
2585:
2586: OBJECT ipiaSaNegParamRowStatus
2587: SYNTAX RowStatus {
2588: active(1), createAndGo(4), destroy(6)
2589: }
2590: DESCRIPTION
2591: "Support of the values notInService(2), notReady(3),
2592: and createAndWait(5) is not required."
2593:
2594: OBJECT ipiaSaNegParamLastChanged
2595: MIN-ACCESS not-accessible
2596: DESCRIPTION
2597: "This object is optional so as not to impose an undue
2598: burden on resource-constrained devices."
2599:
2600:
2601: OBJECT ipiaIkeIdRowStatus
2602: SYNTAX RowStatus {
2603: active(1), createAndGo(4), destroy(6)
2604: }
2605: DESCRIPTION
2606: "Support of the values notInService(2), notReady(3),
2607: and createAndWait(5) is not required."
2608:
2609:
2610: OBJECT ipiaIkeIdLastChanged
2611: MIN-ACCESS not-accessible
2612: DESCRIPTION
2613: "This object is optional so as not to impose an undue
2614: burden on resource-constrained devices."
2615:
2616:
2617: OBJECT ipiaAutoIkeAddressType
2618: SYNTAX InetAddressType {
2619: ipv4(1), ipv6(2)
2620: }
2621: DESCRIPTION
2622: "Only the ipv4 and ipv6 values make sense for this
2623: object."
2624:
2625:
2626: OBJECT ipiaAutoIkeRowStatus
2627: SYNTAX RowStatus {
2628: active(1), createAndGo(4), destroy(6)
2629: }
2630: DESCRIPTION
2631: "Support of the values notInService(2), notReady(3),
2632: and createAndWait(5) is not required."
2633:
2634:
2635: OBJECT ipiaAutoIkeLastChanged
2636: MIN-ACCESS not-accessible
2637: DESCRIPTION
2638: "This object is optional so as not to impose an undue
2639: burden on resource-constrained devices."
2640:
2641:
2642: OBJECT ipiaCmcDistributionPoint
2643: MIN-ACCESS read-only
2644: DESCRIPTION
2645: "Only read-only access is required for compliance."
2646:
2647:
2648: OBJECT ipiaCmcThisUpdate
2649:
2650: MIN-ACCESS read-only
2651: DESCRIPTION
2652: "Only read-only access is required for compliance."
2653:
2654:
2655: OBJECT ipiaCmcNextUpdate
2656: MIN-ACCESS read-only
2657: DESCRIPTION
2658: "Only read-only access is required for compliance."
2659:
2660:
2661: OBJECT ipiaCmcLastChanged
2662: MIN-ACCESS not-accessible
2663: DESCRIPTION
2664: "This object not required for compliance."
2665:
2666:
2667: OBJECT ipiaCmcStorageType
2668: MIN-ACCESS read-only
2669: DESCRIPTION
2670: "Only read-only access is required for compliance."
2671:
2672:
2673: OBJECT ipiaCmcRowStatus
2674: SYNTAX RowStatus {
2675: active(1), createAndGo(4), destroy(6)
2676: }
2677: MIN-ACCESS read-only
2678: DESCRIPTION
2679: "Support of the values notInService(2), notReady(3),
2680: and createAndWait(5) is not required. Only read-only
2681: access is required for compliance."
2682:
2683:
2684: OBJECT ipiaRctRevokedDate
2685: MIN-ACCESS read-only
2686: DESCRIPTION
2687: "Only read-only access is required for compliance."
2688:
2689:
2690: OBJECT ipiaRctRevokedReason
2691: MIN-ACCESS read-only
2692: DESCRIPTION
2693: "Only read-only access is required for compliance."
2694:
2695:
2696: OBJECT ipiaRctLastChanged
2697: MIN-ACCESS not-accessible
2698: DESCRIPTION
2699: "This object not required for compliance."
2700:
2701:
2702: OBJECT ipiaRctStorageType
2703: MIN-ACCESS read-only
2704: DESCRIPTION
2705: "Only read-only access is required for compliance."
2706:
2707: OBJECT ipiaRctRowStatus
2708: SYNTAX RowStatus {
2709: active(1), createAndGo(4), destroy(6)
2710: }
2711: MIN-ACCESS read-only
2712: DESCRIPTION
2713: "Support of the values notInService(2), notReady(3),
2714: and createAndWait(5) is not required. Only read-only
2715: access is required for compliance."
2716:
2717:
2718: OBJECT ipiaIcmsDistinguishedName
2719: MIN-ACCESS read-only
2720: DESCRIPTION
2721: "Only read-only access is required for compliance."
2722:
2723:
2724: OBJECT ipiaIcmsPolicyStatement
2725: MIN-ACCESS read-only
2726: DESCRIPTION
2727: "Only read-only access is required for compliance."
2728:
2729:
2730: OBJECT ipiaIcmsMaxChainLength
2731: MIN-ACCESS read-only
2732: DESCRIPTION
2733: "Only read-only access is required for compliance."
2734:
2735:
2736: OBJECT ipiaIcmsCredentialName
2737: MIN-ACCESS read-only
2738: DESCRIPTION
2739: "Only read-only access is required for compliance."
2740:
2741:
2742: OBJECT ipiaIcmsLastChanged
2743: MIN-ACCESS not-accessible
2744: DESCRIPTION
2745: "This object not required for compliance."
2746:
2747:
2748: OBJECT ipiaIcmsStorageType
2749: MIN-ACCESS read-only
2750: DESCRIPTION
2751: "Only read-only access is required for compliance."
2752:
2753:
2754: OBJECT ipiaIcmsRowStatus
2755: SYNTAX RowStatus {
2756: active(1), createAndGo(4), destroy(6)
2757: }
2758: MIN-ACCESS read-only
2759: DESCRIPTION
2760: "Support of the values notInService(2), notReady(3),
2761: and createAndWait(5) is not required. Only read-only
2762: access is required for compliance."
2763:
2764:
2765: ::= { ipiaCompliances 1 }
2766:
2767:
2768:
2769: ipiaRuleFilterCompliance MODULE-COMPLIANCE
2770: STATUS current
2771: DESCRIPTION
2772: "The compliance statement for SNMP entities that include an
2773: IKEACTION MIB implementation with IKE filters support."
2774: MODULE -- This Module
2775: MANDATORY-GROUPS { ipiaStaticFilterGroup }
2776:
2777:
2778: GROUP ipiaPeerIdFilterGroup
2779: DESCRIPTION
2780: "This group is mandatory for IPsec Policy
2781: implementations which support Peer Identity filters."
2782:
2783:
2784: OBJECT ipiaPeerIdFiltRowStatus
2785: SYNTAX RowStatus {
2786: active(1), createAndGo(4), destroy(6)
2787: }
2788: DESCRIPTION
2789: "Support of the values notInService(2), notReady(3),
2790: and createAndWait(5) is not required."
2791:
2792:
2793: OBJECT ipiaPeerIdFiltLastChanged
2794: MIN-ACCESS not-accessible
2795: DESCRIPTION
2796: "This object not required for compliance."
2797:
2798:
2799: GROUP ipiaCredentialFilterGroup
2800: DESCRIPTION
2801: "This group is mandatory for IPsec Policy
2802: implementations which support IKE Credential filters."
2803:
2804:
2805: OBJECT ipiaCredFiltRowStatus
2806: SYNTAX RowStatus {
2807: active(1), createAndGo(4), destroy(6)
2808: }
2809: DESCRIPTION
2810: "Support of the values notInService(2), notReady(3),
2811: and createAndWait(5) is not required."
2812:
2813:
2814: OBJECT ipiaCredFiltLastChanged
2815: MIN-ACCESS not-accessible
2816: DESCRIPTION
2817: "This object not required for compliance."
2818: ::= { ipiaCompliances 2 }
2819:
2820:
2821: --
2822: --
2823: -- Compliance Groups Definitions
2824: --
2825:
2826:
2827: --
2828: -- Compliance Groups
2829: --
2830:
2831:
2832: ipiaStaticFilterGroup OBJECT-GROUP
2833: OBJECTS { ipiaIkePhase1Filter,
2834: ipiaIkePhase2Filter }
2835: STATUS current
2836: DESCRIPTION
2837: "The static filter group. Currently this is just a true
2838: filter."
2839: ::= { ipiaGroups 1 }
2840:
2841:
2842: ipiaCredentialFilterGroup OBJECT-GROUP
2843: OBJECTS {
2844: ipiaCredFiltCredentialType, ipiaCredFiltMatchFieldName,
2845: ipiaCredFiltMatchFieldValue, ipiaCredFiltAcceptCredFrom,
2846: ipiaCredFiltLastChanged, ipiaCredFiltStorageType,
2847: ipiaCredFiltRowStatus,
2848:
2849:
2850: ipiaCmcDistributionPoint, ipiaCmcThisUpdate,
2851: ipiaCmcNextUpdate, ipiaCmcLastChanged, ipiaCmcStorageType,
2852: ipiaCmcRowStatus,
2853:
2854:
2855: ipiaRctRevokedDate, ipiaRctRevokedReason,
2856: ipiaRctLastChanged, ipiaRctStorageType, ipiaRctRowStatus,
2857:
2858:
2859: ipiaIcmsDistinguishedName, ipiaIcmsPolicyStatement,
2860: ipiaIcmsMaxChainLength, ipiaIcmsCredentialName,
2861: ipiaIcmsLastChanged, ipiaIcmsStorageType, ipiaIcmsRowStatus
2862: }
2863: STATUS current
2864: DESCRIPTION
2865: "The IPsec Policy Credential Filter Table Group."
2866: ::= { ipiaGroups 2 }
2867:
2868:
2869: ipiaPeerIdFilterGroup OBJECT-GROUP
2870: OBJECTS {
2871: ipiaPeerIdFiltIdentityType, ipiaPeerIdFiltIdentityValue,
2872: ipiaPeerIdFiltLastChanged, ipiaPeerIdFiltStorageType,
2873: ipiaPeerIdFiltRowStatus
2874:
2875: }
2876: STATUS current
2877: DESCRIPTION
2878: "The IPsec Policy Peer Identity Filter Table Group."
2879: ::= { ipiaGroups 3 }
2880:
2881:
2882: --
2883: -- action compliance groups
2884: --
2885:
2886:
2887: ipiaStaticActionGroup OBJECT-GROUP
2888: OBJECTS {
2889: ipiaRejectIKEAction,
2890: ipiaRejectIKEActionLog
2891: }
2892: STATUS current
2893: DESCRIPTION
2894: "The IPsec Policy Static Actions Group."
2895: ::= { ipiaGroups 4 }
2896:
2897:
2898: ipiaIkeGroup OBJECT-GROUP
2899: OBJECTS {
2900: ipiaIkeActParametersName, ipiaIkeActThresholdDerivedKeys,
2901: ipiaIkeActExchangeMode, ipiaIkeActAgressiveModeGroupId,
2902: ipiaIkeActIdentityType, ipiaIkeActIdentityContext,
2903: ipiaIkeActPeerName, ipiaIkeActVendorId, ipiaIkeActPropName,
2904: ipiaIkeActDoActionLogging, ipiaIkeActDoPacketLogging,
2905: ipiaIkeActLastChanged, ipiaIkeActStorageType,
2906: ipiaIkeActRowStatus,
2907:
2908:
2909: ipiaIkeActPropLastChanged, ipiaIkeActPropStorageType,
2910: ipiaIkeActPropRowStatus,
2911:
2912:
2913: ipiaIkePropLifetimeDerivedKeys, ipiaIkePropCipherAlgorithm,
2914: ipiaIkePropCipherKeyLength, ipiaIkePropCipherKeyRounds,
2915: ipiaIkePropHashAlgorithm, ipiaIkePropPrfAlgorithm,
2916: ipiaIkePropVendorId, ipiaIkePropDhGroup,
2917: ipiaIkePropAuthenticationMethod, ipiaIkePropMaxLifetimeSecs,
2918: ipiaIkePropMaxLifetimeKB, ipiaIkePropLastChanged,
2919: ipiaIkePropStorageType,
2920: ipiaIkePropRowStatus,
2921:
2922:
2923: ipiaSaNegParamMinLifetimeSecs, ipiaSaNegParamMinLifetimeKB,
2924: ipiaSaNegParamRefreshThreshSecs,
2925: ipiaSaNegParamRefreshThresholdKB,
2926: ipiaSaNegParamIdleDurationSecs, ipiaSaNegParamLastChanged,
2927: ipiaSaNegParamStorageType, ipiaSaNegParamRowStatus,
2928: ipiaIkeIdCredentialName, ipiaIkeIdLastChanged,
2929: ipiaIkeIdStorageType, ipiaIkeIdRowStatus,
2930:
2931:
2932: ipiaAutoIkeAction, ipiaAutoIkeAddressType,
2933: ipiaAutoIkeSourceAddress, ipiaAutoIkeSourcePort,
2934: ipiaAutoIkeDestAddress, ipiaAutoIkeDestPort,
2935: ipiaAutoIkeProtocol, ipiaAutoIkeLastChanged,
2936: ipiaAutoIkeStorageType, ipiaAutoIkeRowStatus,
2937:
2938:
2939: ipiaCmcDistributionPoint, ipiaCmcThisUpdate,
2940: ipiaCmcNextUpdate, ipiaCmcLastChanged, ipiaCmcStorageType,
2941: ipiaCmcRowStatus,
2942:
2943:
2944: ipiaRctRevokedDate, ipiaRctRevokedReason,
2945: ipiaRctLastChanged, ipiaRctStorageType, ipiaRctRowStatus,
2946:
2947:
2948: ipiaIcmsDistinguishedName, ipiaIcmsPolicyStatement,
2949: ipiaIcmsMaxChainLength, ipiaIcmsCredentialName,
2950: ipiaIcmsLastChanged, ipiaIcmsStorageType, ipiaIcmsRowStatus
2951: }
2952: STATUS current
2953: DESCRIPTION
2954: "This group is the set of objects that support IKE
2955: actions. These objects are from The IPsec Policy IKE
2956: Action Table, The IKE Action Proposals Table, The IKE
2957: Proposal Table, The autostart IKE Table and The IKE
2958: Identity Table, The Peer Identity Table, The Credential
2959: Management Service Table, and the shared table Negotiation
2960: Parameters Table (from the IPSEC-IPSECACTION-MIB."
2961: ::= { ipiaGroups 5 }
2962:
2963:
2964: ipiaIpsecGroup OBJECT-GROUP
2965: OBJECTS {
2966: ipiaIpsecActParametersName, ipiaIpsecActProposalsName,
2967: ipiaIpsecActUsePfs, ipiaIpsecActVendorId,
2968: ipiaIpsecActGroupId, ipiaIpsecActPeerGatewayIdName,
2969: ipiaIpsecActUseIkeGroup, ipiaIpsecActGranularity,
2970: ipiaIpsecActMode, ipiaIpsecActDFHandling,
2971: ipiaIpsecActDoActionLogging, ipiaIpsecActDoPacketLogging,
2972: ipiaIpsecActLastChanged, ipiaIpsecActStorageType,
2973: ipiaIpsecActRowStatus,
2974:
2975:
2976: ipiaIpsecPropTransformsName, ipiaIpsecPropLastChanged,
2977: ipiaIpsecPropStorageType, ipiaIpsecPropRowStatus,
2978:
2979:
2980: ipiaIpsecTranTransformName, ipiaIpsecTranLastChanged,
2981: ipiaIpsecTranStorageType, ipiaIpsecTranRowStatus,
2982: ipiaSaNegParamMinLifetimeSecs, ipiaSaNegParamMinLifetimeKB,
2983: ipiaSaNegParamRefreshThreshSecs,
2984: ipiaSaNegParamRefreshThresholdKB,
2985: ipiaSaNegParamIdleDurationSecs, ipiaSaNegParamLastChanged,
2986: ipiaSaNegParamStorageType, ipiaSaNegParamRowStatus
2987: }
2988: STATUS current
2989: DESCRIPTION
2990: "This group is the set of objects that support IPsec
2991: actions. These objects are from The IPsec Policy IPsec
2992: Actions Table, The IPsec Proposal Table, and The IPsec
2993: Transform Table. This group also includes objects from the
2994: shared tables: Peer Identity Table, Credential Table,
2995: Negotiation Parameters Table, Credential Management Service
2996: Table and the AH, ESP, and IPComp Transform Table."
2997: ::= { ipiaGroups 6 }
2998:
2999:
3000: END
3001:
3002: --
3003: --
3004: -- Copyright (C) The Internet Society (2004). This document is subject
3005: -- to the rights, licenses and restrictions contained in BCP 78, and
3006: -- except as set forth therein, the authors retain all their rights.
3007: --
3008: --
3009: --
3010: -- Acknowledgment
3011: --
3012: --
3013: -- Funding for the RFC Editor function is currently provided by the
3014: -- Internet Society.
3015: