smilint output for ./IPSEC-POLICY-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| error | 2 |
| minor error | 2 |
| warning | 2 |
| Message Types |
|---|
| Type | Count |
|---|
| bad-identifier-case (error) | 1 |
| import-unused (warning) | 1 |
| object-identifier-not-prefix (error) | 1 |
| revision-after-update (minor error) | 1 |
| revision-missing (minor error) | 1 |
| type-without-format (warning) | 1 |
Messages:
IPSEC-POLICY-MIB
1: -- extracted from draft-ietf-ipsp-ipsec-conf-mib-06.txt
2: -- at Sun Mar 9 06:12:36 2003
3:
4: IPSEC-POLICY-MIB DEFINITIONS ::= BEGIN
5:
6:
7: IMPORTS
8: MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32,
9: Unsigned32, mib-2, experimental FROM SNMPv2-SMI
9: warning -
warning: identifier `experimental' imported from module `SNMPv2-SMI' is never used
10:
11: TEXTUAL-CONVENTION, RowStatus, TruthValue,
12: TimeStamp, StorageType, VariablePointer, DateAndTime
13: FROM SNMPv2-TC
14:
15: MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
16: FROM SNMPv2-CONF
17:
18: SnmpAdminString FROM SNMP-FRAMEWORK-MIB
19: InetAddressType, InetAddress, InetPortNumber
20: FROM INET-ADDRESS-MIB
21:
22: IkeHashAlgorithm,
23: IpsecDoiEncapsulationMode,
24: IpsecDoiIpcompTransform,
25: IpsecDoiAuthAlgorithm,
26: IpsecDoiEspTransform,
27: IpsecDoiSecProtocolId,
28: IkeGroupDescription, IpsecDoiIdentType,
29: IkeEncryptionAlgorithm, IkeAuthMethod
30: FROM IPSEC-ISAKMP-IKE-DOI-TC;
31:
32: --
33: -- module identity
34: --
35:
36: ipspMIB MODULE-IDENTITY
37: LAST-UPDATED "200212100000Z" -- 12 December 2002
38: ORGANIZATION "IETF IP Security Policy Working Group"
39: CONTACT-INFO "Michael Baer
40: Network Associates, Inc.
41: 3965 Freedom Circle, Suite 500
42: Santa Clara, CA 95054
43: Phone: +1 530 902 3131
44: Email: mike_baer@nai.com
45:
46: Ricky Charlet
47: Email: rcharlet@alumni.calpoly.edu
48:
49: Wes Hardaker
50: Network Associates, Inc.
51: 3965 Freedom Circle, Suite 500
52: Santa Clara, CA 95054
53: Phone: +1 530 400 2774
54: Email: wes_hardaker@nai.com
55:
56: Robert Story
57: Revelstone Software
58: PO Box 1474
59: Duluth, GA 30096
60: Phone: +1 770 617 3722
61: Email: ipsp-mib@revelstone.com
62:
63: Cliff Wang
64: SmartPipes Inc.
65: Suite 300, 565 Metro Place South
66: Dublin, OH 43017
67: Phone: +1 614 923 6241
68: E-Mail: CWang@smartpipes.com"
69: DESCRIPTION
70: "The MIB module for defining IPsec Policy filters and actions.
71:
72: Copyright (C) The Internet Society (2003). This version of this
73: MIB module is part of RFC XXXX, see the RFC itself for full
74: legal notices."
75:
76: -- Revision History
77:
78: REVISION "200301070000Z" -- 7 January 2003
78: minor error -
revision date after last update
79: DESCRIPTION "Initial version, published as RFC xxxx."
80: -- RFC-editor assigns xxxx
81:
82: -- XXX: To be assigned by IANA
83: ::= { mib-2 XXX }
83: minor error -
revision for last update is missing
83: error -
`XXX' should start with a lower case letter
83: error -
Object identifier element `XXX' name only allowed as first element
84:
85: --
86: -- groups of related objects
87: --
88:
89: ipspConfigObjects OBJECT IDENTIFIER
90: ::= { ipspMIB 1 }
91: ipspNotificationObjects OBJECT IDENTIFIER
92: ::= { ipspMIB 2 }
93: ipspConformanceObjects OBJECT IDENTIFIER
94: ::= { ipspMIB 3 }
95:
96: --
97: -- Textual Conventions
98: --
99:
100: IpspBooleanOperator ::= TEXTUAL-CONVENTION
101: STATUS current
102: DESCRIPTION
103: "The IpspBooleanOperator operator is used to specify whether
104: sub-components in a decision making process are ANDed or ORed
105: together to decide if the resulting expression is true or
106: false."
107: SYNTAX INTEGER { or(1), and(2) }
108:
109: IpspAdminStatus ::= TEXTUAL-CONVENTION
110: STATUS current
111: DESCRIPTION
112: "The IpspAdminStatus is used to specify the administrative
113: status of an object. Objects which are disabled must not
114: be used by the packet processing engine."
115:
116: SYNTAX INTEGER { enabled(1), disabled(2) }
117:
118: IpspSADirection ::= TEXTUAL-CONVENTION
119: STATUS current
120: DESCRIPTION
121: "The IpspSADirection operator is used to specify whether
122: or not a row should apply to outgoing or incoming SAs."
123: SYNTAX INTEGER { outgoing(1), incoming(2) }
124:
125: IpspIPPacketLogging ::= TEXTUAL-CONVENTION
125: warning -
warning: type `IpspIPPacketLogging' has no format specification
126: STATUS current
127: DESCRIPTION
128: "IpspIPPacketLogging specifies whether or not an audit
129: message should be logged when a packet is passed through an
130: SA. A value of '-1' indicates no logging. A value of '0' or
131: greater indicates that logging should be done and how many
132: bytes of the beginning of the packet to place in the log.
133: Values greater than the size of the packet being processed
134: indicate that the entire packet should be sent.
135:
136: Examples:
137: '-1' no logging
138: '0' log but do not include any of the packet in the log
139: '20' log and include the first 20 bytes of the packet in the
140: log."
141: SYNTAX Integer32 (-1..65536)
142:
143: IpspIdentityFilter ::= TEXTUAL-CONVENTION
144: STATUS current
145: DESCRIPTION
146: "IpspIdentityFilter contains a string encoded Identity Type
147: value to be used in comparisons against an IKE Identity
148: payload. Wherever this TC is used, there should be an
149: accompanying column which uses the IpsecDoiIdentType TC to
150: specify the type of data in this object.
151:
152: See the IpsecDoiIdentType TC for the supported identity types
153: available. Note that the IpsecDoiIdentType TC sepcifies how
154: to encode binary values, while this object will contain human
155: readable string versions."
156: SYNTAX OCTET STRING (SIZE(1..256))
157:
158: IpspCredentialType ::= TEXTUAL-CONVENTION
159: STATUS current
160: DESCRIPTION
161: "IpspCredentialType identifies the type of credential
162: contained in a corresponding IpspIdentityFilter object."
163: SYNTAX INTEGER { reserved(0),
164: unknown(1),
165: sharedSecret(2),
166: x509(3),
167: kerberos(4) }
168:
169:
170: --
171: -- Policy group definitions
172: --
173:
174: ipspLocalConfigObjects OBJECT IDENTIFIER
175: ::= { ipspConfigObjects 1 }
176:
177: ipspSystemPolicyGroupName OBJECT-TYPE
178: SYNTAX SnmpAdminString (SIZE(0..32))
179: MAX-ACCESS read-write
180: STATUS current
181: DESCRIPTION
182: "This object indicates the policy group containing the global
183: system policy that is to be applied when a given endpoint
184: does not contain a policy definition. Its value can be used
185: as an index into the ipspGroupContentsTable to retrieve a
186: list of policies. A zero length string indicates no system
187: wide policy exists and the default policy of 'accept' should
188: be executed until one is imposed by either this object or by
189: the endpoint processing a given packet."
190: ::= { ipspLocalConfigObjects 1 }
191:
192: ipspEndpointToGroupTable OBJECT-TYPE
193: SYNTAX SEQUENCE OF IpspEndpointToGroupEntry
194: MAX-ACCESS not-accessible
195: STATUS current
196: DESCRIPTION
197: "This table is used to map policy (groupings) onto an endpoint
198: where traffic is to pass by. Any policy group assigned to an
199: endpoint is then used to control access to the traffic
200: passing by it.
201:
202: If an endpoint has been configured with a policy group and no
203: contained rule matches the incoming packet, the default
204: action in this case shall be to drop the packet.
205:
206: If no policy group has been assigned to an endpoint, then the
207: policy group specified by ipspSystemPolicyGroupName should be
208: used for the endpoint."
209: ::= { ipspConfigObjects 2 }
210:
211: ipspEndpointToGroupEntry OBJECT-TYPE
212: SYNTAX IpspEndpointToGroupEntry
213: MAX-ACCESS not-accessible
214: STATUS current
215: DESCRIPTION
216: "A mapping assigning a policy group to an endpoint."
217: INDEX { ipspEndGroupIdentType, ipspEndGroupAddress }
218: ::= { ipspEndpointToGroupTable 1 }
219:
220: IpspEndpointToGroupEntry ::= SEQUENCE {
221: ipspEndGroupIdentType InetAddressType,
222: ipspEndGroupAddress InetAddress,
223: ipspEndGroupName SnmpAdminString,
224: ipspEndGroupLastChanged TimeStamp,
225: ipspEndGroupStorageType StorageType,
226: ipspEndGroupRowStatus RowStatus
227: }
228:
229: ipspEndGroupIdentType OBJECT-TYPE
230: SYNTAX InetAddressType
231: MAX-ACCESS not-accessible
232: STATUS current
233: DESCRIPTION
234: "The Internet Protocol version of the address associated with
235: a given endpoint. All addresses are represented as an array
236: of octets in network byte order. When combined with the
237: ipspEndGroupAddress these objects can be used to uniquely
238: identify an endpoint that a set of policy groups should be
239: applied to. Devices supporting IPv4 MUST support the ipv4
240: value, and devices supporting IPv6 MUST support the ipv6
241: value.
242:
243: Values of unknown, ipv4z, ipv6z and dns are not legal values
244: for this object."
245: ::= { ipspEndpointToGroupEntry 1 }
246:
247: ipspEndGroupAddress OBJECT-TYPE
248: SYNTAX InetAddress (SIZE (4|16))
249: MAX-ACCESS not-accessible
250: STATUS current
251: DESCRIPTION
252: "The address of a given endpoint, the format of which is
253: specified by the ipspEndGroupIdentType object."
254: ::= { ipspEndpointToGroupEntry 2 }
255:
256:
257: ipspEndGroupName OBJECT-TYPE
258: SYNTAX SnmpAdminString (SIZE(1..32))
259: MAX-ACCESS read-create
260: STATUS current
261: DESCRIPTION
262: "The policy group name to apply to this endpoint. The
263: value of the ipspEndGroupName object should then be used as
264: an index into the ipspGroupContentsTable to come up with a
265: list of rules that MUST be applied to this endpoint."
266: ::= { ipspEndpointToGroupEntry 3 }
267:
268: ipspEndGroupLastChanged OBJECT-TYPE
269: SYNTAX TimeStamp
270: MAX-ACCESS read-only
271: STATUS current
272: DESCRIPTION
273: "The value of sysUpTime when this row was last modified or
274: created either through SNMP SETs or by some other external
275: means."
276: ::= { ipspEndpointToGroupEntry 4 }
277:
278: ipspEndGroupStorageType OBJECT-TYPE
279: SYNTAX StorageType
280: MAX-ACCESS read-create
281: STATUS current
282: DESCRIPTION
283: "The storage type for this row. Rows in this table which were
284: created through an external process may have a storage type
285: of readOnly or permanent."
286: DEFVAL { nonVolatile }
287: ::= { ipspEndpointToGroupEntry 5 }
288:
289: ipspEndGroupRowStatus OBJECT-TYPE
290: SYNTAX RowStatus
291: MAX-ACCESS read-create
292: STATUS current
293: DESCRIPTION
294: "This object indicates the conceptual status of this row.
295:
296: The value of this object has no effect on whether other
297: objects in this conceptual row can be modified.
298:
299: This object may not be set to active until one or more active
300: rows exist within the ipspGroupContentsTable for the group
301: referenced by the ipspEndGroupName object."
302: ::= { ipspEndpointToGroupEntry 6 }
303:
304: --
305: -- policy group definition table
306: --
307: ipspGroupContentsTable OBJECT-TYPE
308: SYNTAX SEQUENCE OF IpspGroupContentsEntry
309: MAX-ACCESS not-accessible
310: STATUS current
311: DESCRIPTION
312: "This table contains a list of rules and/or subgroups
313: contained within a given policy group. The entries are
314: sorted by the ipspGroupContPriority object and MUST be
315: executed in order according to this value, starting with the
316: lowest value. Once a group item has been processed, the
317: processor MUST stop processing this packet if an action was
318: executed as a result of the processing of a given group.
319: Iterating into the next policy group item by finding the next
320: largest ipspGroupContPriority object shall only be done if no
321: actions were run when processing the last item for a given
322: packet."
323: ::= { ipspConfigObjects 3 }
324:
325: ipspGroupContentsEntry OBJECT-TYPE
326: SYNTAX IpspGroupContentsEntry
327: MAX-ACCESS not-accessible
328: STATUS current
329: DESCRIPTION
330: "Defines a given sub-item within a policy group."
331: INDEX { ipspGroupContName, ipspGroupContPriority }
332: ::= { ipspGroupContentsTable 1 }
333:
334: IpspGroupContentsEntry ::= SEQUENCE {
335: ipspGroupContName SnmpAdminString,
336: ipspGroupContPriority Integer32,
337: ipspGroupContFilter VariablePointer,
338: ipspGroupContComponentType INTEGER,
339: ipspGroupContComponentName SnmpAdminString,
340: ipspGroupContLastChanged TimeStamp,
341: ipspGroupContStorageType StorageType,
342: ipspGroupContRowStatus RowStatus
343: }
344:
345: ipspGroupContName OBJECT-TYPE
346: SYNTAX SnmpAdminString (SIZE(1..32))
347: MAX-ACCESS not-accessible
348: STATUS current
349: DESCRIPTION
350: "The administrative name of this group."
351: ::= { ipspGroupContentsEntry 1 }
352:
353: ipspGroupContPriority OBJECT-TYPE
354: SYNTAX Integer32 (0..65536)
355: MAX-ACCESS not-accessible
356: STATUS current
357: DESCRIPTION
358: "The priority (sequence number) of the sub-component in this
359: group."
360: ::= { ipspGroupContentsEntry 2 }
361:
362: ipspGroupContFilter OBJECT-TYPE
363: SYNTAX VariablePointer
364: MAX-ACCESS read-create
365: STATUS current
366: DESCRIPTION
367: "ipspGroupContFilter points to a filter which is evaluated
368: to determine whether the sub-component within this group
369: should be exercised. Managers can use this object to
370: classify groups of rules or subgroups together in order to
371: achieve a greater degree of control and optimization over the
372: execution order of the items within the group. If the filter
373: evaluates to false, the rule or subgroup will be skipped and
374: the next rule or subgroup will be evaluated instead.
375:
376: An example usage of this object would be to limit a group of
377: rules to executing only when the IP packet being process is
378: designated to be processed by IKE. This effecitevly creates
379: a group of IKE specific rules.
380:
381: This MIB defines the following tables and scalars which may
382: be pointed to by this column. Implementations may choose to
383: provide support for other filter tables or scalars as well:
384:
385: ipspIpHeaderFilterTable
386: ipspIpOffsetFilterTable
387: ipspTimeFilterTable
388: ipspCompoundFilterTable
389: ipspTrueFilter
390:
391: If this column is set to a VariablePointer value which
392: references a non-existent row in an otherwise supported
393: table, the inconsistentName exception should be returned. If
394: the table or scalar pointed to by the VariablePointer is not
395: supported at all, then an inconsistentValue exception should
396: be returned."
397: DEFVAL { ipspTrueFilterInstance }
398: ::= { ipspGroupContentsEntry 3 }
399:
400: ipspGroupContComponentType OBJECT-TYPE
401: SYNTAX INTEGER { reserved(0), group(1), rule(2) }
402: MAX-ACCESS read-create
403: STATUS current
404: DESCRIPTION
405: "Indicates whether the ipspGroupContComponentName object is
406: the name of another group defined within the
407: ipspGroupContentsTable or is the name of a rule defined
408: within the ipspRuleDefinitionTable."
409: DEFVAL { rule }
410: ::= { ipspGroupContentsEntry 4 }
411:
412: ipspGroupContComponentName OBJECT-TYPE
413: SYNTAX SnmpAdminString (SIZE(1..32))
414: MAX-ACCESS read-create
415: STATUS current
416: DESCRIPTION
417: "The name of the policy rule or subgroup contained within this
418: group, as indicated by the ipspGroupContComponentType
419: object."
420: ::= { ipspGroupContentsEntry 5 }
421:
422: ipspGroupContLastChanged OBJECT-TYPE
423: SYNTAX TimeStamp
424: MAX-ACCESS read-only
425: STATUS current
426: DESCRIPTION
427: "The value of sysUpTime when this row was last modified or
428: created either through SNMP SETs or by some other external
429: means."
430: ::= { ipspGroupContentsEntry 6 }
431:
432: ipspGroupContStorageType OBJECT-TYPE
433: SYNTAX StorageType
434: MAX-ACCESS read-create
435: STATUS current
436: DESCRIPTION
437: "The storage type for this row. Rows in this table which were
438: created through an external process may have a storage type
439: of readOnly or permanent."
440: DEFVAL { nonVolatile }
441: ::= { ipspGroupContentsEntry 7 }
442:
443: ipspGroupContRowStatus OBJECT-TYPE
444: SYNTAX RowStatus
445: MAX-ACCESS read-create
446: STATUS current
447: DESCRIPTION
448: "This object indicates the conceptual status of this row.
449:
450: The value of this object has no effect on whether other
451: objects in this conceptual row can be modified.
452:
453: This object may not be set to active until the row to which
454: the ipspGroupContComponentName points to exists."
455: ::= { ipspGroupContentsEntry 8 }
456:
457:
458: --
459: -- policy definition table
460: --
461:
462: ipspRuleDefinitionTable OBJECT-TYPE
463: SYNTAX SEQUENCE OF IpspRuleDefinitionEntry
464: MAX-ACCESS not-accessible
465: STATUS current
466: DESCRIPTION
467: "This table defines a policy rule by associating a filter or a
468: set of filters to an action to be executed."
469: ::= { ipspConfigObjects 4 }
470:
471: ipspRuleDefinitionEntry OBJECT-TYPE
472: SYNTAX IpspRuleDefinitionEntry
473: MAX-ACCESS not-accessible
474: STATUS current
475: DESCRIPTION
476: "A row defining a particular policy definition. A rule
477: definition binds a filter pointer to an action pointer."
478: INDEX { ipspRuleDefName }
479: ::= { ipspRuleDefinitionTable 1 }
480:
481: IpspRuleDefinitionEntry ::= SEQUENCE {
482: ipspRuleDefName SnmpAdminString,
483: ipspRuleDefDescription SnmpAdminString,
484: ipspRuleDefFilter VariablePointer,
485: ipspRuleDefFilterNegated TruthValue,
486: ipspRuleDefAction VariablePointer,
487: ipspRuleDefAdminStatus IpspAdminStatus,
488: ipspRuleDefLastChanged TimeStamp,
489: ipspRuleDefStorageType StorageType,
490: ipspRuleDefRowStatus RowStatus
491: }
492:
493: ipspRuleDefName OBJECT-TYPE
494: SYNTAX SnmpAdminString (SIZE(1..32))
495: MAX-ACCESS not-accessible
496: STATUS current
497: DESCRIPTION
498: "ipspRuleDefName is the administratively assigned name of the
499: rule referred to by the ipspGroupContComponentName object."
500: ::= { ipspRuleDefinitionEntry 1 }
501:
502: ipspRuleDefDescription OBJECT-TYPE
503: SYNTAX SnmpAdminString
504: MAX-ACCESS read-create
505: STATUS current
506: DESCRIPTION
507: "A user definable string. This field may be used for your
508: administrative tracking purposes."
509: DEFVAL { "" }
510: ::= { ipspRuleDefinitionEntry 2 }
511:
512: ipspRuleDefFilter OBJECT-TYPE
513: SYNTAX VariablePointer
514: MAX-ACCESS read-create
515: STATUS current
516: DESCRIPTION
517: "ipspRuleDefFilter points to a filter which is used to
518: evaluate whether the action associated with this row should
519: be fired or not. The action will only fire if the filter
520: referenced by this object evaluates to TRUE after first
521: applying any negation required by the
522: ipspRuleDefFilterNegated object.
523:
524: This MIB defines the following tables and scalars which may
525: be pointed to by this column. Implementations may choose to
526: provide support for other filter tables or scalars as well:
527:
528: ipspIpHeaderFilterTable
529: ipspIpOffsetFilterTable
530: ipspTimeFilterTable
531: ipspCompoundFilterTable
532: ipspTrueFilter
533:
534: If this column is set to a VariablePointer value which
535: references a non-existent row in an otherwise supported
536: table, the inconsistentName exception should be returned. If
537: the table or scalar pointed to by the VariablePointer is not
538: supported at all, then an inconsistentValue exception should
539: be returned."
540: ::= { ipspRuleDefinitionEntry 3 }
541:
542: ipspRuleDefFilterNegated OBJECT-TYPE
543: SYNTAX TruthValue
544: MAX-ACCESS read-create
545: STATUS current
546: DESCRIPTION
547: "ipspRuleDefFilterNegated specifies whether the filter
548: referenced by the ipspRuleDefFilter object should be negated
549: or not."
550: DEFVAL { false }
551: ::= { ipspRuleDefinitionEntry 4 }
552:
553: ipspRuleDefAction OBJECT-TYPE
554: SYNTAX VariablePointer
555: MAX-ACCESS read-create
556: STATUS current
557: DESCRIPTION
558: "This column points to the action to be taken. It may, but is
559: not limited to, point to a row in one of the following
560: tables:
561:
562: ipspCompoundActionTable
563: ipspSaPreconfiguredActionTable
564: ipspIkeActionTable
565: ipspIpsecActionTable
566:
567: It may also point to one of the scalar objects beneath
568: ipspStaticActions.
569:
570: If this object is set to a pointer to a row in an unsupported
571: (or unknown) table, an inconsistentValue error should be
572: returned.
573:
574: If this object is set to point to a non-existent row in an
575: otherwise supported table, an inconsistentName error should
576: be returned."
577: ::= { ipspRuleDefinitionEntry 5 }
578:
579: ipspRuleDefAdminStatus OBJECT-TYPE
580: SYNTAX IpspAdminStatus
581: MAX-ACCESS read-create
582: STATUS current
583: DESCRIPTION
584: "Indicates whether the current rule definition should be
585: considered active. If enabled, it should be evaluated when
586: processing packets. If disabled, packets should continue to
587: be processed by the rest of the rules defined in the
588: ipspGroupContentsTable as if this rule's filters had
589: effectively failed."
590: DEFVAL { enabled }
591: ::= { ipspRuleDefinitionEntry 6 }
592:
593: ipspRuleDefLastChanged OBJECT-TYPE
594: SYNTAX TimeStamp
595: MAX-ACCESS read-only
596: STATUS current
597: DESCRIPTION
598: "The value of sysUpTime when this row was last modified or
599: created either through SNMP SETs or by some other external
600: means."
601: ::= { ipspRuleDefinitionEntry 7 }
602:
603: ipspRuleDefStorageType OBJECT-TYPE
604: SYNTAX StorageType
605: MAX-ACCESS read-create
606: STATUS current
607: DESCRIPTION
608: "The storage type for this row. Rows in this table which were
609: created through an external process may have a storage type
610: of readOnly or permanent."
611: DEFVAL { nonVolatile }
612: ::= { ipspRuleDefinitionEntry 8 }
613:
614: ipspRuleDefRowStatus OBJECT-TYPE
615: SYNTAX RowStatus
616: MAX-ACCESS read-create
617: STATUS current
618: DESCRIPTION
619: "This object indicates the conceptual status of this row.
620:
621: The value of this object has no effect on whether other
622: objects in this conceptual row can be modified.
623:
624: This object may not be set to active until the containing
625: contitions, filters and actions have been defined. Once
626: active, it must remain active until no policyGroupContents
627: entries are referencing it."
628: ::= { ipspRuleDefinitionEntry 9 }
629:
630: --
631: -- Policy compound filter definition table
632: --
633:
634: ipspCompoundFilterTable OBJECT-TYPE
635: SYNTAX SEQUENCE OF IpspCompoundFilterEntry
636: MAX-ACCESS not-accessible
637: STATUS current
638: DESCRIPTION
639: "A table defining a compound set of filters and their
640: associated parameters. A row in this table can either be
641: pointed to by a ipspRuleDefFilter object or by a ficSubFilter
642: object."
643: ::= { ipspConfigObjects 5 }
644:
645: ipspCompoundFilterEntry OBJECT-TYPE
646: SYNTAX IpspCompoundFilterEntry
647: MAX-ACCESS not-accessible
648: STATUS current
649: DESCRIPTION
650: "An entry in the ipspCompoundFilterTable. A filter defined by
651: this table is considered to have a TRUE return value if and
652: only if:
653:
654: ipspCompFiltLogicType is AND and all of the sub-filters
655: associated with it, as defined in the ipspSubfiltersTable,
656: are all true themselves (after applying any requried
657: negation as defined by the ficFilterIsNegated object).
658:
659: ipspCompFiltLogicType is OR and at least one of the
660: sub-filters associated with it, as defined in the
661: ipspSubfiltersTable, is true itself (after applying any
662: requried negation as defined by the ficFilterIsNegated
663: object)."
664: INDEX { ipspCompFiltName }
665: ::= { ipspCompoundFilterTable 1 }
666:
667: IpspCompoundFilterEntry ::= SEQUENCE {
668: ipspCompFiltName SnmpAdminString,
669: ipspCompFiltDescription SnmpAdminString,
670: ipspCompFiltLogicType IpspBooleanOperator,
671: ipspCompFiltLastChanged TimeStamp,
672: ipspCompFiltStorageType StorageType,
673: ipspCompFiltRowStatus RowStatus
674: }
675:
676: ipspCompFiltName OBJECT-TYPE
677: SYNTAX SnmpAdminString (SIZE(1..32))
678: MAX-ACCESS not-accessible
679: STATUS current
680: DESCRIPTION
681: "A user definable string. You may use this field for your
682: administrative tracking purposes."
683: ::= { ipspCompoundFilterEntry 1 }
684:
685: ipspCompFiltDescription OBJECT-TYPE
686: SYNTAX SnmpAdminString
687: MAX-ACCESS read-create
688: STATUS current
689: DESCRIPTION
690: "A user definable string. You may use this field for your
691: administrative tracking purposes."
692: DEFVAL { ''H }
693: ::= { ipspCompoundFilterEntry 2 }
694:
695:
696: ipspCompFiltLogicType OBJECT-TYPE
697: SYNTAX IpspBooleanOperator
698: MAX-ACCESS read-create
699: STATUS current
700: DESCRIPTION
701: "Indicates whether the filters contained within this filter
702: are functionally ANDed or ORed together."
703: DEFVAL { and }
704: ::= { ipspCompoundFilterEntry 3 }
705:
706: ipspCompFiltLastChanged OBJECT-TYPE
707: SYNTAX TimeStamp
708: MAX-ACCESS read-only
709: STATUS current
710: DESCRIPTION
711: "The value of sysUpTime when this row was last modified or
712: created either through SNMP SETs or by some other external
713: means."
714: ::= { ipspCompoundFilterEntry 4 }
715:
716: ipspCompFiltStorageType OBJECT-TYPE
717: SYNTAX StorageType
718: MAX-ACCESS read-create
719: STATUS current
720: DESCRIPTION
721: "The storage type for this row. Rows in this table which were
722: created through an external process may have a storage type
723: of readOnly or permanent."
724: DEFVAL { nonVolatile }
725: ::= { ipspCompoundFilterEntry 5 }
726:
727: ipspCompFiltRowStatus OBJECT-TYPE
728: SYNTAX RowStatus
729: MAX-ACCESS read-create
730: STATUS current
731: DESCRIPTION
732: "This object indicates the conceptual status of this row.
733:
734: The value of this object has no effect on whether other
735: objects in this conceptual row can be modified.
736:
737: Once active, it may not have its value changed if any active
738: rows in the ipspRuleDefinitionTable are currently pointing
739: at this row."
740: ::= { ipspCompoundFilterEntry 6 }
741:
742: --
743: -- Policy filters in a cf table
744: --
745:
746: ipspSubfiltersTable OBJECT-TYPE
747: SYNTAX SEQUENCE OF IpspSubfiltersEntry
748: MAX-ACCESS not-accessible
749: STATUS current
750: DESCRIPTION
751: "This table defines a list of filters contained within a given
752: compound filter set defined in the ipspCompoundFilterTable."
753: ::= { ipspConfigObjects 6 }
754:
755: ipspSubfiltersEntry OBJECT-TYPE
756: SYNTAX IpspSubfiltersEntry
757: MAX-ACCESS not-accessible
758: STATUS current
759: DESCRIPTION
760: "An entry into the list of filters for a given compound
761: filter."
762: INDEX { ipspCompFiltName, ipspSubFiltPriority }
763: ::= { ipspSubfiltersTable 1 }
764:
765: IpspSubfiltersEntry ::= SEQUENCE {
766: ipspSubFiltPriority Integer32,
767: ipspSubFiltSubfilter VariablePointer,
768: ipspSubFiltSubfilterIsNegated TruthValue,
769: ipspSubFiltLastChanged TimeStamp,
770: ipspSubFiltStorageType StorageType,
771: ipspSubFiltRowStatus RowStatus
772: }
773:
774: ipspSubFiltPriority OBJECT-TYPE
775: SYNTAX Integer32 (0..65536)
776: MAX-ACCESS not-accessible
777: STATUS current
778: DESCRIPTION
779: "The priority of a given filter within a condition.
780: Implementations MAY choose to follow the ordering indicated
781: by the manager that created the rows in order to allow the
782: manager to intelligently construct filter lists such that
783: faster filters are evaluated first."
784: ::= { ipspSubfiltersEntry 1 }
785:
786: ipspSubFiltSubfilter OBJECT-TYPE
787: SYNTAX VariablePointer
788: MAX-ACCESS read-create
789: STATUS current
790: DESCRIPTION
791: "The location of the contained filter. The value of this
792: column should be a VariablePointer which references the
793: properties for the filter to be included in this compound
794: filter.
795:
796: This MIB defines the following tables and scalars which may
797: be pointed to by this column. Implementations may choose to
798: provide support for other filter tables or scalars as well:
799:
800: ipspIpHeaderFilterTable
801: ipspIpOffsetFilterTable
802: ipspTimeFilterTable
803: ipspCompoundFilterTable
804: ipspTrueFilter
805:
806: If this column is set to a VariablePointer value which
807: references a non-existent row in an otherwise supported
808: table, the inconsistentName exception should be returned. If
809: the table or scalar pointed to by the VariablePointer is not
810: supported at all, then an inconsistentValue exception should
811: be returned."
812: ::= { ipspSubfiltersEntry 2 }
813:
814: ipspSubFiltSubfilterIsNegated OBJECT-TYPE
815: SYNTAX TruthValue
816: MAX-ACCESS read-create
817: STATUS current
818: DESCRIPTION
819: "Indicates whether the result of applying this subfilter
820: should be negated or not."
821: DEFVAL { false }
822: ::= { ipspSubfiltersEntry 3 }
823:
824: ipspSubFiltLastChanged OBJECT-TYPE
825: SYNTAX TimeStamp
826: MAX-ACCESS read-only
827: STATUS current
828: DESCRIPTION
829: "The value of sysUpTime when this row was last modified or
830: created either through SNMP SETs or by some other external
831: means."
832: ::= { ipspSubfiltersEntry 4 }
833:
834: ipspSubFiltStorageType OBJECT-TYPE
835: SYNTAX StorageType
836: MAX-ACCESS read-create
837: STATUS current
838: DESCRIPTION
839: "The storage type for this row. Rows in this table which were
840: created through an external process may have a storage type
841: of readOnly or permanent."
842: DEFVAL { nonVolatile }
843: ::= { ipspSubfiltersEntry 5 }
844:
845: ipspSubFiltRowStatus OBJECT-TYPE
846: SYNTAX RowStatus
847: MAX-ACCESS read-create
848: STATUS current
849: DESCRIPTION
850: "This object indicates the conceptual status of this row.
851:
852: The value of this object has no effect on whether other
853: objects in this conceptual row can be modified.
854:
855: This object can not be made active until the filter
856: referenced by the ficSubFilter object is both defined and is
857: active. An attempt to do so will result in an
858: inconsistentValue error."
859: ::= { ipspSubfiltersEntry 6 }
860:
861: --
862: -- Static Filters
863: --
864:
865: ipspStaticFilters OBJECT IDENTIFIER ::= { ipspConfigObjects 7 }
866:
867: ipspTrueFilter OBJECT-TYPE
868: SYNTAX Integer32
869: MAX-ACCESS read-only
870: STATUS current
871: DESCRIPTION
872: "This scalar indicates a (automatic) true result for a
873: filter. I.e. this is a filter that is always true,
874: useful for adding as a default filter for a default
875: action or a set of actions."
876: ::= { ipspStaticFilters 1 }
877:
878: ipspTrueFilterInstance OBJECT IDENTIFIER ::= { ipspTrueFilter 0 }
879:
880: ipspIkePhase1Filter OBJECT-TYPE
881: SYNTAX Integer32
882: MAX-ACCESS read-only
883: STATUS current
884: DESCRIPTION
885: "This static filter can be used to test if a packet is
886: part of an IKE phase-1 negotiation."
887: ::= { ipspStaticFilters 2 }
888:
889: ipspIkePhase2Filter OBJECT-TYPE
890: SYNTAX Integer32
891: MAX-ACCESS read-only
892: STATUS current
893: DESCRIPTION
894: "This static filter can be used to test if a packet is
895: part of an IKE phase-2 negotiation."
896: ::= { ipspStaticFilters 3 }
897:
898: --
899: -- Policy IPHeader filter definition table
900: --
901:
902: ipspIpHeaderFilterTable OBJECT-TYPE
903: SYNTAX SEQUENCE OF IpspIpHeaderFilterEntry
904: MAX-ACCESS not-accessible
905: STATUS current
906: DESCRIPTION
907: "This table contains a list of filter definitions to be used
908: within the ipspRuleDefinitionTable or the
909: ipspSubfilterTable table."
910: ::= { ipspConfigObjects 8 }
911:
912: ipspIpHeaderFilterEntry OBJECT-TYPE
913: SYNTAX IpspIpHeaderFilterEntry
914: MAX-ACCESS not-accessible
915: STATUS current
916: DESCRIPTION
917: "A definition of a particular filter."
918: INDEX { ipspIpHeadFiltName }
919: ::= { ipspIpHeaderFilterTable 1 }
920:
921: IpspIpHeaderFilterEntry ::= SEQUENCE {
922: ipspIpHeadFiltName SnmpAdminString,
923: ipspIpHeadFiltType BITS,
924: ipspIpHeadFiltIPVersion InetAddressType,
925: ipspIpHeadFiltSrcAddressBegin InetAddress,
926: ipspIpHeadFiltSrcAddressEnd InetAddress,
927: ipspIpHeadFiltDstAddressBegin InetAddress,
928: ipspIpHeadFiltDstAddressEnd InetAddress,
929: ipspIpHeadFiltSrcLowPort InetPortNumber,
930: ipspIpHeadFiltSrcHighPort InetPortNumber,
931: ipspIpHeadFiltDstLowPort InetPortNumber,
932: ipspIpHeadFiltDstHighPort InetPortNumber,
933: ipspIpHeadFiltProtocol Integer32,
934: ipspIpHeadFiltIPv6FlowLabel Integer32,
935: ipspIpHeadFiltLastChanged TimeStamp,
936: ipspIpHeadFiltStorageType StorageType,
937: ipspIpHeadFiltRowStatus RowStatus
938: }
939:
940: ipspIpHeadFiltName OBJECT-TYPE
941: SYNTAX SnmpAdminString (SIZE(1..32))
942: MAX-ACCESS not-accessible
943: STATUS current
944: DESCRIPTION
945: "The administrative name for this filter."
946: ::= { ipspIpHeaderFilterEntry 1 }
947:
948: ipspIpHeadFiltType OBJECT-TYPE
949: SYNTAX BITS { sourceAddress(0), destinationAddress(1),
950: sourcePort(2), destinationPort(3),
951: protocol(4), ipv6FlowLabel(5) }
952: MAX-ACCESS read-create
953: STATUS current
954: DESCRIPTION
955: "This defines the various tests that are used when evaluating
956: a given filter. The results of each test are ANDed together
957: to produce the result of the entire filter. When processing
958: this filter, it is recommended for efficiency reasons that
959: the filter halt processing the instant any of the specified
960: tests fail.
961:
962: Once a row is 'active', this object's value may not be
963: changed unless all the appropriate columns needed by the new
964: value to be imposed on this object have been appropriately
965: configured.
966:
967: The various tests definable in this table are as follows:
968:
969: sourceAddress:
970: - Tests if the source address in the packet lies between
971: the ipspIpHeadFiltSrcAddressBegin and
972: ipspIpHeadFiltSrcAddressEnd objects.
973:
974: Note that setting these two objects to the same address
975: will limit the search to the exact match of a single
976: address. The format and length of the address objects
977: are defined by the ipspIpHeadFiltIPVersion column.
978: A row in this table containing a ipspIpHeadFiltType
979: object with the sourceAddress object bit but without the
980: ipspIpHeadFiltIPVersion, ipspIpHeadFiltSrcAddressBegin
981: and ipspIpHeadFiltSrcAddressEnd objects set will cause
982: the ipspIpHeadFiltRowStatus object to return the notReady
983: state.
984:
985: destinationAddress:
986: - Tests if the destination address in the packet lies
987: between the ipspIpHeadFiltDstAddressBegin and
988: ipspIpHeadFiltDstAddressEnd objects. Note that setting
989: these two objects to the same address will limit the
990: search to the exact match of a single address. The
991: format and length of the address objects are defined by
992: the ipspIpHeadFiltIPVersion column.
993:
994: A row in this table containing a ipspIpHeadFiltType
995: object with the destinationAddress object bit but without
996: the ipspIpHeadFiltIPVersion,
997: ipspIpHeadFiltDstAddressBegin and
998:
999: ipspIpHeadFiltDstAddressEnd objects set will cause the
1000: ipspIpHeadFiltRowStatus object to return the notReady
1001: state.
1002:
1003: sourcePort:
1004: - Tests if the source port of IP packets using a protocol
1005: that uses port numbers (at this time, UDP or TCP) lies
1006: between the ipspIpHeadFiltSrcLowPort and
1007: ipspIpHeadFiltSrcHighPort objects. Note that setting
1008: these two objects to the same address will limit the
1009: search to the exact match of a single port.
1010:
1011: A row in this table containing a ipspIpHeadFiltType
1012: object with the sourcePort object bit but without the
1013: ipspIpHeadFiltSrcLowPort, and ipspIpHeadFiltSrcHighPort
1014: objects set will cause the ipspIpHeadFiltRowStatus object
1015: to return the notReady state.
1016:
1017: destinationPort:
1018: - Tests if the source port of IP packets using a protocol
1019: that uses port numbers (at this time, UDP or TCP) lies
1020: between the ipspIpHeadFiltDstLowPort and
1021: ipspIpHeadFiltDstHighPort objects. Note that setting
1022: these two objects to the same address will limit the
1023: search to the exact match of a single port.
1024:
1025: A row in this table containing a ipspIpHeadFiltType
1026: object with the sourcePort object bit but without the
1027: ipspIpHeadFiltDstLowPort, and ipspIpHeadFiltDstHighPort
1028: objects set will cause the ipspIpHeadFiltRowStatus object
1029: to return the notReady state.
1030:
1031: protocol:
1032: - Tests to see if the packet being processed is for the
1033: given protocol type.
1034:
1035: A row in this table containing a ipspIpHeadFiltType
1036: object with the protocol object bit but without the
1037: ipspIpHeadFiltProtocol object set will cause the
1038: ipspIpHeadFiltRowStatus object to return the notReady
1039: state.
1040:
1041: ipv6FlowLabel:
1042: - Tests to see if the packet being processed contains an
1043: ipv6 Flow Label which matches the value in the
1044: ipfIPv6FlowLabel object. Setting this bit mandates that
1045: for the packet to match the filter, it must be an IPv6
1046: packet.
1047:
1048: A row in this table containing a ipspIpHeadFiltType
1049: object with the ipv6FlowLabel object bit but without the
1050: ipfIPv6FlowLabel object set will cause the
1051: ipspIpHeadFiltRowStatus object to return the notReady
1052: state."
1053: ::= { ipspIpHeaderFilterEntry 2 }
1054:
1055: ipspIpHeadFiltIPVersion OBJECT-TYPE
1056: SYNTAX InetAddressType
1057: MAX-ACCESS read-create
1058: STATUS current
1059: DESCRIPTION
1060: "The Internet Protocol version the addresses are to match
1061: against. The value of this property determines the size and
1062: format of the ipspIpHeadFiltSrcAddressBegin,
1063: ipspIpHeadFiltSrcAddressEnd, ipspIpHeadFiltDstAddressBegin,
1064: and ipspIpHeadFiltDstAddressEnd objects.
1065:
1066: Values of unknown, ipv4z, ipv6z and dns are not legal values
1067: for this object."
1068: DEFVAL { ipv6 }
1069: ::= { ipspIpHeaderFilterEntry 3 }
1070:
1071: ipspIpHeadFiltSrcAddressBegin OBJECT-TYPE
1072: SYNTAX InetAddress
1073: MAX-ACCESS read-create
1074: STATUS current
1075: DESCRIPTION
1076: "The starting address of a source address range that the
1077: packet must match against for this filter to be considered
1078: TRUE.
1079:
1080: This object is only used if sourceAddress is set in
1081: ipspIpHeadFiltType."
1082: ::= { ipspIpHeaderFilterEntry 4 }
1083:
1084: ipspIpHeadFiltSrcAddressEnd OBJECT-TYPE
1085: SYNTAX InetAddress
1086: MAX-ACCESS read-create
1087: STATUS current
1088: DESCRIPTION
1089: "The ending address of a source address range to check a
1090: packet against, where the starting is specified by the
1091: ipspIpHeadFiltSrcAddressBegin object. Set this column to the
1092: same value as the ipspIpHeadFiltSrcAddressBegin column to get
1093: an exact single address match.
1094:
1095: This object is only used if sourceAddress is set in
1096: ipspIpHeadFiltType."
1097: ::= { ipspIpHeaderFilterEntry 5 }
1098:
1099: ipspIpHeadFiltDstAddressBegin OBJECT-TYPE
1100: SYNTAX InetAddress
1101: MAX-ACCESS read-create
1102: STATUS current
1103: DESCRIPTION
1104: "The starting address of a destination address range that the
1105: packet must match against for this filter to be considered
1106: TRUE.
1107:
1108: This object is only used if destinationAddress is set in
1109: ipspIpHeadFiltType."
1110: ::= { ipspIpHeaderFilterEntry 6 }
1111:
1112: ipspIpHeadFiltDstAddressEnd OBJECT-TYPE
1113: SYNTAX InetAddress
1114: MAX-ACCESS read-create
1115: STATUS current
1116: DESCRIPTION
1117: "The ending address of a destination address range to check a
1118: packet against, where the first is specified by the
1119: ipspIpHeadFiltDstAddressBegin object. Set this column to the
1120: same value as the ipspIpHeadFiltDstAddressBegin column to get
1121: an exact single address match.
1122: This object is only used if destinationAddress is set in
1123: ipspIpHeadFiltType."
1124: ::= { ipspIpHeaderFilterEntry 7 }
1125:
1126: ipspIpHeadFiltSrcLowPort OBJECT-TYPE
1127: SYNTAX InetPortNumber
1128: MAX-ACCESS read-create
1129: STATUS current
1130: DESCRIPTION
1131: "The low port of the port range a packet's source must match
1132: against. To match, the port number must be greater than or
1133: equal to this value.
1134:
1135: This object is only used if sourcePort is set in
1136: ipspIpHeadFiltType.
1137:
1138: The value of 0 for this object is illegal."
1139: ::= { ipspIpHeaderFilterEntry 8 }
1140:
1141: ipspIpHeadFiltSrcHighPort OBJECT-TYPE
1142: SYNTAX InetPortNumber
1143: MAX-ACCESS read-create
1144: STATUS current
1145: DESCRIPTION
1146: "The high port of the port range a packet's source must match
1147: against. To match, the port number must be less than or
1148: equal to this value.
1149:
1150: This object is only used if sourcePort is set in
1151: ipspIpHeadFiltType.
1152:
1153: The value of 0 for this object is illegal."
1154: ::= { ipspIpHeaderFilterEntry 9 }
1155:
1156: ipspIpHeadFiltDstLowPort OBJECT-TYPE
1157: SYNTAX InetPortNumber
1158: MAX-ACCESS read-create
1159: STATUS current
1160: DESCRIPTION
1161: "The low port of the port range a packet's destination must
1162: match against. To match, the port number must be greater
1163: than or equal to this value.
1164:
1165: This object is only used if destinationPort is set in
1166: ipspIpHeadFiltType.
1167:
1168: The value of 0 for this object is illegal."
1169: ::= { ipspIpHeaderFilterEntry 10 }
1170:
1171: ipspIpHeadFiltDstHighPort OBJECT-TYPE
1172: SYNTAX InetPortNumber
1173: MAX-ACCESS read-create
1174: STATUS current
1175: DESCRIPTION
1176: "The high port of the port range a packet's destination must
1177: match against. To match, the port number must be less than
1178: or equal to this value.
1179:
1180: This object is only used if destinationPort is set in
1181: ipspIpHeadFiltType.
1182:
1183: The value of 0 for this object is illegal."
1184: ::= { ipspIpHeaderFilterEntry 11 }
1185:
1186: ipspIpHeadFiltProtocol OBJECT-TYPE
1187: SYNTAX Integer32 (0..255)
1188: MAX-ACCESS read-create
1189: STATUS current
1190: DESCRIPTION
1191: "The protocol number the incoming packet must match against
1192: for this filter to be evaluated as true.
1193:
1194: This object is only used if protocol is set in
1195: ipspIpHeadFiltType."
1196: ::= { ipspIpHeaderFilterEntry 12 }
1197:
1198: ipspIpHeadFiltIPv6FlowLabel OBJECT-TYPE
1199: SYNTAX Integer32 (0..1048575)
1200: MAX-ACCESS read-create
1201: STATUS current
1202: DESCRIPTION
1203: "The IPv6 Flow Label that the packet must match against.
1204:
1205: This object is only used if ipv6FlowLabel is set in
1206: ipspIpHeadFiltType."
1207: ::= { ipspIpHeaderFilterEntry 13 }
1208:
1209: ipspIpHeadFiltLastChanged OBJECT-TYPE
1210: SYNTAX TimeStamp
1211: MAX-ACCESS read-only
1212: STATUS current
1213: DESCRIPTION
1214: "The value of sysUpTime when this row was last modified or
1215: created either through SNMP SETs or by some other external
1216: means."
1217: ::= { ipspIpHeaderFilterEntry 14 }
1218:
1219: ipspIpHeadFiltStorageType OBJECT-TYPE
1220: SYNTAX StorageType
1221: MAX-ACCESS read-create
1222: STATUS current
1223: DESCRIPTION
1224: "The storage type for this row. Rows in this table which were
1225: created through an external process may have a storage type
1226: of readOnly or permanent."
1227: DEFVAL { nonVolatile }
1228: ::= { ipspIpHeaderFilterEntry 15 }
1229:
1230: ipspIpHeadFiltRowStatus OBJECT-TYPE
1231: SYNTAX RowStatus
1232: MAX-ACCESS read-create
1233: STATUS current
1234: DESCRIPTION
1235: "This object indicates the conceptual status of this row.
1236:
1237: This object may not be set to active if the requirements of
1238: the ipspIpHeadFiltType object are not met. In other words,
1239: if the associated value columns needed by a particular test
1240: have not been set, then attempting to change this row to an
1241: active state will result in an inconsistentValue error. See
1242: the ipspIpHeadFiltType object description for further
1243: details."
1244: ::= { ipspIpHeaderFilterEntry 16 }
1245:
1246:
1247: --
1248: -- Policy IP Offset filter definition table
1249: --
1250:
1251: ipspIpOffsetFilterTable OBJECT-TYPE
1252: SYNTAX SEQUENCE OF IpspIpOffsetFilterEntry
1253: MAX-ACCESS not-accessible
1254: STATUS current
1255: DESCRIPTION
1256: "This table contains a list of filter definitions to be used
1257: within the ipspRuleDefinitionTable or the
1258: ipspSubfilterTable."
1259: ::= { ipspConfigObjects 9 }
1260:
1261: ipspIpOffsetFilterEntry OBJECT-TYPE
1262: SYNTAX IpspIpOffsetFilterEntry
1263: MAX-ACCESS not-accessible
1264: STATUS current
1265: DESCRIPTION
1266: "A definition of a particular filter."
1267:
1268: INDEX { ipspIpOffFiltName }
1269: ::= { ipspIpOffsetFilterTable 1 }
1270:
1271: IpspIpOffsetFilterEntry ::= SEQUENCE {
1272: ipspIpOffFiltName SnmpAdminString,
1273: ipspIpOffFiltOffset Integer32,
1274: ipspIpOffFiltType INTEGER,
1275: ipspIpOffFiltNumber Integer32,
1276: ipspIpOffFiltValue OCTET STRING,
1277: ipspIpOffFiltLastChanged TimeStamp,
1278: ipspIpOffFiltStorageType StorageType,
1279: ipspIpOffFiltRowStatus RowStatus
1280: }
1281:
1282: ipspIpOffFiltName OBJECT-TYPE
1283: SYNTAX SnmpAdminString (SIZE(1..32))
1284: MAX-ACCESS not-accessible
1285: STATUS current
1286: DESCRIPTION
1287: "The administrative name for this filter."
1288: ::= { ipspIpOffsetFilterEntry 1 }
1289:
1290: ipspIpOffFiltOffset OBJECT-TYPE
1291: SYNTAX Integer32 (0..65536)
1292: MAX-ACCESS read-create
1293: STATUS current
1294: DESCRIPTION
1295: "This is the byte offset from the front of the IP packet where
1296: the value or arithmetic comparison is done. A value of '0'
1297: indicates the first byte in the packet."
1298: ::= { ipspIpOffsetFilterEntry 2 }
1299:
1300: ipspIpOffFiltType OBJECT-TYPE
1301: SYNTAX INTEGER { valueMatch(1),
1302: valueNotMatch(2),
1303: arithmeticEqual(3),
1304: arithmeticNotEqual(4),
1305: arithmeticLess(5),
1306: arithmeticGreaterOrEqual(6),
1307: arithmeticGreater(7),
1308: arithmeticLessOrEqual(8) }
1309: MAX-ACCESS read-create
1310: STATUS current
1311: DESCRIPTION
1312: "This defines the various tests that are used when evaluating
1313: a given filter.
1314:
1315: Once a row is 'active', this object's value may not be
1316: changed unless the appropriate columns, ipspIpOffFiltNumber
1317: or ipspIpOffFiltValue, needed by the new value to be imposed
1318: on this object have been appropriately configured.
1319:
1320: The various tests definable in this table are as follows:
1321:
1322: valueMatch:
1323: - Tests if the OCTET STRING, 'ipspIpOffFiltValue', matches
1324: a value in the packet starting at the given offset in the
1325: packet and comparing the entire OCTET STRING of
1326: 'ipspIpOffFiltValue'.
1327:
1328: valueNotMatch:
1329: - Tests if the OCTET STRING, 'ipspIpOffFiltValue', does not
1330: match a value in the packet starting at the given offset
1331: in the packet and comparing to the entire OCTET STRING of
1332: 'ipspIpOffFiltValue'.
1333:
1334: arithmeticEqual:
1335: - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1336: arithmetically equal ('=') to the 4 byte value starting
1337: at the given offset within the packet. The value in the
1338: packet is assumed to be in network byte order.
1339:
1340: arithmeticNotEqual:
1341: - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1342: arithmetically not equal ('!=') to the 4 byte value
1343: starting at the given offset within the packet. The
1344: value in the packet is assumed to be in network byte
1345: order.
1346:
1347: arithmeticLess:
1348: - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1349: arithmetically less than ('<') the 4 byte value starting
1350: at the given offset within the packet. The value in the
1351: packet is assumed to be in network byte order.
1352:
1353: arithmeticGreaterOrEqual:
1354: - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1355: arithmetically greater than or equal to ('>=') the 4 byte
1356: value starting at the given offset within the packet.
1357: The value in the packet is assumed to be in network byte
1358: order.
1359:
1360: arithmeticGreater:
1361: - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1362: arithmetically greater than ('>') the 4 byte value
1363: starting at the given offset within the packet. The
1364: value in the packet is assumed to be in network byte
1365: order.
1366:
1367: arithmeticLessOrEqual:
1368: - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1369: arithmetically less than or equal to ('<=') the 4 byte
1370: value starting at the given offset within the packet.
1371: The value in the packet is assumed to be in network byte
1372: order."
1373:
1374: ::= { ipspIpOffsetFilterEntry 3 }
1375:
1376: ipspIpOffFiltNumber OBJECT-TYPE
1377: SYNTAX Integer32 (0..65536)
1378: MAX-ACCESS read-create
1379: STATUS current
1380: DESCRIPTION
1381:
1382: "ipspIpOffFiltNumber is used for arithmetic matching of a
1383: packets at ipspIpOffFiltOffset. This object is only used if
1384: one of
1385: the arithmetic types is chosen in ipspIpOffFiltType."
1386: ::= { ipspIpOffsetFilterEntry 4 }
1387:
1388: ipspIpOffFiltValue OBJECT-TYPE
1389: SYNTAX OCTET STRING (SIZE(0..1024))
1390: MAX-ACCESS read-create
1391: STATUS current
1392: DESCRIPTION
1393: "ipspIpOffFiltValue is used for match comparisons of a packet at
1394: ipspIpOffFiltOffset. This object is only used if one of the
1395: match types is chosen in ipspIpOffFiltType."
1396: ::= { ipspIpOffsetFilterEntry 5 }
1397:
1398: ipspIpOffFiltLastChanged OBJECT-TYPE
1399: SYNTAX TimeStamp
1400: MAX-ACCESS read-only
1401: STATUS current
1402: DESCRIPTION
1403: "The value of sysUpTime when this row was last modified or
1404: created either through SNMP SETs or by some other external
1405: means."
1406: ::= { ipspIpOffsetFilterEntry 6 }
1407:
1408:
1409: ipspIpOffFiltStorageType OBJECT-TYPE
1410: SYNTAX StorageType
1411: MAX-ACCESS read-create
1412: STATUS current
1413: DESCRIPTION
1414: "The storage type for this row. Rows in this table which were
1415: created through an external process may have a storage type
1416: of readOnly or permanent."
1417: DEFVAL { nonVolatile }
1418: ::= { ipspIpOffsetFilterEntry 7 }
1419:
1420: ipspIpOffFiltRowStatus OBJECT-TYPE
1421: SYNTAX RowStatus
1422: MAX-ACCESS read-create
1423: STATUS current
1424: DESCRIPTION
1425: "This object indicates the conceptual status of this row.
1426:
1427: This object may not be set to active if the requirements of
1428: the ipspIpOffFiltType object are not met. In other words, if
1429: the associated value columns needed by a particular test have
1430: not been set, then attempting to change this row to an active
1431: state will result in an inconsistentValue error. See the
1432: ipspIpOffFiltType object description for further details."
1433: ::= { ipspIpOffsetFilterEntry 8 }
1434:
1435:
1436: --
1437: -- Time/scheduling filter table
1438: --
1439:
1440: ipspTimeFilterTable OBJECT-TYPE
1441: SYNTAX SEQUENCE OF IpspTimeFilterEntry
1442: MAX-ACCESS not-accessible
1443: STATUS current
1444: DESCRIPTION
1445: "Defines a table of filters which can be used to effectively
1446: enable or disable policies based on a valid time range."
1447: ::= { ipspConfigObjects 10 }
1448:
1449: ipspTimeFilterEntry OBJECT-TYPE
1450: SYNTAX IpspTimeFilterEntry
1451: MAX-ACCESS not-accessible
1452: STATUS current
1453: DESCRIPTION
1454: "A row describing a given time frame for which a policy may be
1455: filtered on to place the rule active or inactive."
1456: INDEX { ipspTimeFiltName }
1457: ::= { ipspTimeFilterTable 1 }
1458:
1459: IpspTimeFilterEntry ::= SEQUENCE {
1460: ipspTimeFiltName SnmpAdminString,
1461: ipspTimeFiltPeriodStart DateAndTime,
1462: ipspTimeFiltPeriodEnd DateAndTime,
1463: ipspTimeFiltMonthOfYearMask BITS,
1464: ipspTimeFiltDayOfMonthMask OCTET STRING,
1465: ipspTimeFiltDayOfWeekMask BITS,
1466: ipspTimeFiltTimeOfDayMaskStart DateAndTime,
1467: ipspTimeFiltTimeOfDayMaskEnd DateAndTime,
1468: ipspTimeFiltLastChanged TimeStamp,
1469: ipspTimeFiltStorageType StorageType,
1470: ipspTimeFiltRowStatus RowStatus
1471: }
1472:
1473: ipspTimeFiltName OBJECT-TYPE
1474: SYNTAX SnmpAdminString (SIZE(1..32))
1475: MAX-ACCESS not-accessible
1476: STATUS current
1477: DESCRIPTION
1478: "An administratively assigned name for this filter."
1479: ::= { ipspTimeFilterEntry 1 }
1480:
1481:
1482: ipspTimeFiltPeriodStart OBJECT-TYPE
1483: SYNTAX DateAndTime
1484: MAX-ACCESS read-create
1485: STATUS current
1486: DESCRIPTION
1487: "The starting time period for this filter. In addition to a
1488: normal DateAndTime string, this object may be set to the
1489: OCTET STRING value THISANDPRIOR which indicates that the
1490: filter is valid from any time before now up until (at least)
1491: now."
1492: DEFVAL { '00000101000000002b0000'H }
1493: ::= { ipspTimeFilterEntry 2 }
1494:
1495: ipspTimeFiltPeriodEnd OBJECT-TYPE
1496: SYNTAX DateAndTime
1497: MAX-ACCESS read-create
1498: STATUS current
1499: DESCRIPTION
1500: "The ending time period for this filter. In addition to a
1501: normal DateAndTime string, this object may be set to the
1502: OCTET STRING value THISANDFUTURE which indicates that the
1503: filter is valid without an ending date and/or time."
1504: DEFVAL { '99991231235959092b0000'H }
1505: ::= { ipspTimeFilterEntry 3 }
1506:
1507: ipspTimeFiltMonthOfYearMask OBJECT-TYPE
1508: SYNTAX BITS { january(0), february(1), march(2), april(3),
1509: may(4), june(5), july(6), august(7),
1510: september(8), october(9),november(10),
1511: december(11) }
1512: MAX-ACCESS read-create
1513: STATUS current
1514: DESCRIPTION
1515: "A bit mask which overlays the ipspTimeFiltPeriodStart to
1516: ipspTimeFiltPeriodEnd date range to further restrict the time
1517: period to a restricted set of months of the year."
1518: DEFVAL { { january, february, march, april, may, june, july,
1519: august, september, october, november, december } }
1520: ::= { ipspTimeFilterEntry 4 }
1521:
1522: ipspTimeFiltDayOfMonthMask OBJECT-TYPE
1523: SYNTAX OCTET STRING (SIZE(4))
1524: MAX-ACCESS read-create
1525: STATUS current
1526: DESCRIPTION
1527: "Defines which days of the month this time period is valid
1528: for. It is a sequence of 32 BITS, where each BIT represents
1529: a corresponding day of the month starting from the left most
1530: bit being equal to the first day of the month. The last bit
1531: in the string MUST be zero."
1532: DEFVAL { 'fffffffe'H }
1533: ::= { ipspTimeFilterEntry 5 }
1534:
1535: ipspTimeFiltDayOfWeekMask OBJECT-TYPE
1536: SYNTAX BITS { monday(0), tuesday(1), wednesday(2),
1537: thursday(3), friday(4), saturday(5),
1538: sunday(6) }
1539: MAX-ACCESS read-create
1540: STATUS current
1541: DESCRIPTION
1542: "A bit mask which overlays the ipspTimeFiltPeriodStart to
1543: ipspTimeFiltPeriodEnd date range to further restrict the time
1544: period to a restricted set of days within a given week."
1545: DEFVAL { { monday, tuesday, wednesday, thursday, friday,
1546: saturday, sunday } }
1547: ::= { ipspTimeFilterEntry 6 }
1548:
1549:
1550: ipspTimeFiltTimeOfDayMaskStart OBJECT-TYPE
1551: SYNTAX DateAndTime
1552: MAX-ACCESS read-create
1553: STATUS current
1554: DESCRIPTION
1555: "Indicates the starting time of day for which this filter
1556: evaluates to true. The date portions of the DateAndTime TC
1557: are ignored for purposes of evaluating this mask and only the
1558: time specific portions are used."
1559: DEFVAL { '00000000000000002b0000'H }
1560: ::= { ipspTimeFilterEntry 7 }
1561:
1562: ipspTimeFiltTimeOfDayMaskEnd OBJECT-TYPE
1563: SYNTAX DateAndTime
1564: MAX-ACCESS read-create
1565: STATUS current
1566: DESCRIPTION
1567: "Indicates the ending time of day for which this filter
1568: evaluates to true. The date portions of the DateAndTime TC
1569: are ignored for purposes of evaluating this mask and only the
1570: time specific portions are used. If this starting and ending
1571: time values indicated by the ipspTimeFiltTimeOfDayMaskStart
1572: and ipspTimeFiltTimeOfDayMaskEnd objects are equal, the
1573: filter is expected to be evaluated over the entire 24 hour
1574: period."
1575: DEFVAL { '00000000000000002b0000'H }
1576: ::= { ipspTimeFilterEntry 8 }
1577:
1578: ipspTimeFiltLastChanged OBJECT-TYPE
1579: SYNTAX TimeStamp
1580: MAX-ACCESS read-only
1581: STATUS current
1582: DESCRIPTION
1583: "The value of sysUpTime when this row was last modified or
1584: created either through SNMP SETs or by some other external
1585: means."
1586: ::= { ipspTimeFilterEntry 9 }
1587:
1588: ipspTimeFiltStorageType OBJECT-TYPE
1589: SYNTAX StorageType
1590: MAX-ACCESS read-create
1591: STATUS current
1592: DESCRIPTION
1593: "The storage type for this row. Rows in this table which were
1594: created through an external process may have a storage type
1595: of readOnly or permanent."
1596: DEFVAL { nonVolatile }
1597: ::= { ipspTimeFilterEntry 10 }
1598:
1599: ipspTimeFiltRowStatus OBJECT-TYPE
1600: SYNTAX RowStatus
1601: MAX-ACCESS read-create
1602: STATUS current
1603: DESCRIPTION
1604: "This object indicates the conceptual status of this row."
1605: ::= { ipspTimeFilterEntry 11 }
1606:
1607: --
1608: -- IPSO protection authority filtering
1609: --
1610:
1611: ipspIpsoHeaderFilterTable OBJECT-TYPE
1612: SYNTAX SEQUENCE OF IpspIpsoHeaderFilterEntry
1613: MAX-ACCESS not-accessible
1614: STATUS current
1615: DESCRIPTION
1616: "This table contains a list of IPSO header filter definitions
1617: to be used within the ipspRuleDefinitionTable or the
1618: ipspSubfilterTable. IPSO headers and their values
1619: are described in RFC1108."
1620: ::= { ipspConfigObjects 11 }
1621:
1622: ipspIpsoHeaderFilterEntry OBJECT-TYPE
1623: SYNTAX IpspIpsoHeaderFilterEntry
1624: MAX-ACCESS not-accessible
1625: STATUS current
1626: DESCRIPTION
1627: "A definition of a particular filter."
1628: INDEX { ipspIpsoHeadFiltName }
1629: ::= { ipspIpsoHeaderFilterTable 1 }
1630:
1631: IpspIpsoHeaderFilterEntry ::= SEQUENCE {
1632: ipspIpsoHeadFiltName SnmpAdminString,
1633: ipspIpsoHeadFiltType BITS,
1634: ipspIpsoHeadFiltClassification INTEGER,
1635: ipspIpsoHeadFiltProtectionAuth INTEGER,
1636: ipspIpsoHeadFiltLastChanged TimeStamp,
1637: ipspIpsoHeadFiltStorageType StorageType,
1638: ipspIpsoHeadFiltRowStatus RowStatus
1639: }
1640:
1641: ipspIpsoHeadFiltName OBJECT-TYPE
1642: SYNTAX SnmpAdminString (SIZE(1..32))
1643: MAX-ACCESS not-accessible
1644: STATUS current
1645: DESCRIPTION
1646: "The administrative name for this filter."
1647: ::= { ipspIpsoHeaderFilterEntry 1 }
1648:
1649: ipspIpsoHeadFiltType OBJECT-TYPE
1650: SYNTAX BITS { classificationLevel(0),
1651: protectionAuthority(1) }
1652: MAX-ACCESS read-create
1653: STATUS current
1654: DESCRIPTION
1655: "The IPSO header fields to match the value against."
1656: ::= { ipspIpsoHeaderFilterEntry 2 }
1657:
1658: ipspIpsoHeadFiltClassification OBJECT-TYPE
1659: SYNTAX INTEGER { topSecret(61), secret(90),
1660: confidential(150), unclassified(171) }
1661: MAX-ACCESS read-create
1662: STATUS current
1663: DESCRIPTION
1664: "The IPSO classification header field value must match the
1665: value in this column if the classificationLevel bit is set in
1666: the ipspIpsoHeadFiltType field.
1667:
1668: The values of these enumerations are defined by RFC1108."
1669: ::= { ipspIpsoHeaderFilterEntry 3 }
1670:
1671: ipspIpsoHeadFiltProtectionAuth OBJECT-TYPE
1672: SYNTAX INTEGER { genser(0), siopesi(1), sci(2),
1673: nsa(3), doe(4) }
1674: MAX-ACCESS read-create
1675: STATUS current
1676: DESCRIPTION
1677: "The IPSO protection authority header field value must match
1678: the value in this column if the protection authority bit is
1679: set in the ipspIpsoHeadFiltType field.
1680:
1681: The values of these enumerations are defined by RFC1108.
1682: Hence the reason the SMIv2 convention of not using 0 in enum
1683: lists is violated here."
1684: ::= { ipspIpsoHeaderFilterEntry 4 }
1685:
1686: ipspIpsoHeadFiltLastChanged OBJECT-TYPE
1687: SYNTAX TimeStamp
1688: MAX-ACCESS read-only
1689: STATUS current
1690: DESCRIPTION
1691: "The value of sysUpTime when this row was last modified or
1692: created either through SNMP SETs or by some other external
1693: means."
1694: ::= { ipspIpsoHeaderFilterEntry 5 }
1695:
1696: ipspIpsoHeadFiltStorageType OBJECT-TYPE
1697: SYNTAX StorageType
1698: MAX-ACCESS read-create
1699: STATUS current
1700: DESCRIPTION
1701: "The storage type for this row. Rows in this table which were
1702: created through an external process may have a storage type
1703: of readOnly or permanent."
1704: DEFVAL { nonVolatile }
1705: ::= { ipspIpsoHeaderFilterEntry 6 }
1706:
1707: ipspIpsoHeadFiltRowStatus OBJECT-TYPE
1708: SYNTAX RowStatus
1709: MAX-ACCESS read-create
1710: STATUS current
1711: DESCRIPTION
1712: "This object indicates the conceptual status of this row.
1713:
1714: This object may not be set to active if the requirements of
1715: the ipspIpsoHeadFiltType object are not met. In other words,
1716: if the associated value columns needed by a particular test
1717: have not been set, then attempting to change this row to an
1718: active state will result in an inconsistentValue error. See
1719: the ipspIpsoHeadFiltType object description for further
1720: details."
1721: ::= { ipspIpsoHeaderFilterEntry 7 }
1722:
1723: --
1724: -- credential filter table
1725: --
1726:
1727: ipspCredentialFilterTable OBJECT-TYPE
1728: SYNTAX SEQUENCE OF IpspCredentialFilterEntry
1729: MAX-ACCESS not-accessible
1730: STATUS current
1731: DESCRIPTION
1732: "This table defines filters which can be used to match
1733: credentials of IKE peers, where the credentials in question
1734: have been obtained from an IKE phase 1 exchange. They may be
1735: X.509 certificates, Kerberos tickets, etc..."
1736: ::= { ipspConfigObjects 12 }
1737:
1738: ipspCredentialFilterEntry OBJECT-TYPE
1739: SYNTAX IpspCredentialFilterEntry
1740: MAX-ACCESS not-accessible
1741: STATUS current
1742: DESCRIPTION
1743: "A row defining a particular credential filter"
1744: INDEX { ipspCredFiltName }
1745: ::= { ipspCredentialFilterTable 1 }
1746:
1747: IpspCredentialFilterEntry ::= SEQUENCE {
1748: ipspCredFiltName SnmpAdminString,
1749: ipspCredFiltCredentialType IpspCredentialType,
1750: ipspCredFiltMatchFieldName OCTET STRING,
1751: ipspCredFiltMatchFieldValue OCTET STRING,
1752: ipspCredFiltAcceptCredFrom OCTET STRING,
1753: ipspCredFiltLastChanged TimeStamp,
1754: ipspCredFiltStorageType StorageType,
1755: ipspCredFiltRowStatus RowStatus
1756: }
1757:
1758: ipspCredFiltName OBJECT-TYPE
1759: SYNTAX SnmpAdminString (SIZE(1..32))
1760: MAX-ACCESS not-accessible
1761: STATUS current
1762: DESCRIPTION
1763: "The administrative name of this filter."
1764: ::= { ipspCredentialFilterEntry 1 }
1765:
1766: ipspCredFiltCredentialType OBJECT-TYPE
1767: SYNTAX IpspCredentialType
1768: MAX-ACCESS read-create
1769: STATUS current
1770: DESCRIPTION
1771: "The credential type that is expected for this filter to
1772: succeed."
1773: DEFVAL { x509 }
1774: ::= { ipspCredentialFilterEntry 2 }
1775:
1776: ipspCredFiltMatchFieldName OBJECT-TYPE
1777: SYNTAX OCTET STRING (SIZE(0..256))
1778: MAX-ACCESS read-create
1779: STATUS current
1780: DESCRIPTION
1781: "The piece of the credential to match against. Examples:
1782: serialNumber, signatureAlgorithm, issuerName or subjectName.
1783:
1784: For credential types without fields (e.g. shared secrec),
1785: this field should be left empty, and the entire credential
1786: will be matched against the ipspCredFiltMatchFieldValue."
1787: ::= { ipspCredentialFilterEntry 3 }
1788:
1789: ipspCredFiltMatchFieldValue OBJECT-TYPE
1790: SYNTAX OCTET STRING (SIZE(1..4096))
1791: MAX-ACCESS read-create
1792: STATUS current
1793: DESCRIPTION
1794: "The value that the field indicated by the
1795: ipspCredFiltMatchFieldName must match against for the filter
1796: to be considered TRUE."
1797: ::= { ipspCredentialFilterEntry 4 }
1798:
1799: ipspCredFiltAcceptCredFrom OBJECT-TYPE
1800: SYNTAX OCTET STRING(SIZE(1..117))
1801: MAX-ACCESS read-create
1802: STATUS current
1803: DESCRIPTION
1804: "This value is used to look up a row in the
1805: ipspIpsecCredMngServiceTable for the Certificate Authority (CA)
1806: Information. This value is empty if there is no CA used for
1807: this filter."
1808: ::= { ipspCredentialFilterEntry 5 }
1809:
1810: ipspCredFiltLastChanged OBJECT-TYPE
1811: SYNTAX TimeStamp
1812: MAX-ACCESS read-only
1813: STATUS current
1814: DESCRIPTION
1815: "The value of sysUpTime when this row was last modified or
1816: created either through SNMP SETs or by some other external
1817: means."
1818: ::= { ipspCredentialFilterEntry 6 }
1819:
1820: ipspCredFiltStorageType OBJECT-TYPE
1821: SYNTAX StorageType
1822: MAX-ACCESS read-create
1823: STATUS current
1824: DESCRIPTION
1825: "The storage type for this row. Rows in this table which were
1826: created through an external process may have a storage type
1827: of readOnly or permanent."
1828: DEFVAL { nonVolatile }
1829: ::= { ipspCredentialFilterEntry 7 }
1830:
1831: ipspCredFiltRowStatus OBJECT-TYPE
1832: SYNTAX RowStatus
1833: MAX-ACCESS read-create
1834: STATUS current
1835: DESCRIPTION
1836: "This object indicates the conceptual status of this row."
1837: ::= { ipspCredentialFilterEntry 8 }
1838:
1839: --
1840: -- Peer Identity Filter Table
1841: --
1842: ipspPeerIdentityFilterTable OBJECT-TYPE
1843: SYNTAX SEQUENCE OF IpspPeerIdentityFilterEntry
1844: MAX-ACCESS not-accessible
1845: STATUS current
1846: DESCRIPTION
1847: "This table defines filters which can be used to match
1848: credentials of IKE peers, where the credentials in question
1849: have been obtained from an IKE phase 1 exchange. They may be
1850: X.509 certificates, Kerberos tickets, etc..."
1851: ::= { ipspConfigObjects 13 }
1852:
1853: ipspPeerIdentityFilterEntry OBJECT-TYPE
1854: SYNTAX IpspPeerIdentityFilterEntry
1855: MAX-ACCESS not-accessible
1856: STATUS current
1857: DESCRIPTION
1858: "A row defining a particular credential filter"
1859: INDEX { ipspPeerIdFiltName }
1860: ::= { ipspPeerIdentityFilterTable 1 }
1861:
1862: IpspPeerIdentityFilterEntry ::= SEQUENCE {
1863: ipspPeerIdFiltName SnmpAdminString,
1864: ipspPeerIdFiltIdentityType IpsecDoiIdentType,
1865: ipspPeerIdFiltIdentityValue IpspIdentityFilter,
1866: ipspPeerIdFiltLastChanged TimeStamp,
1867: ipspPeerIdFiltStorageType StorageType,
1868: ipspPeerIdFiltRowStatus RowStatus
1869: }
1870:
1871: ipspPeerIdFiltName OBJECT-TYPE
1872: SYNTAX SnmpAdminString (SIZE(1..32))
1873: MAX-ACCESS not-accessible
1874: STATUS current
1875: DESCRIPTION
1876: "The administrative name of this filter."
1877: ::= { ipspPeerIdentityFilterEntry 1 }
1878:
1879: ipspPeerIdFiltIdentityType OBJECT-TYPE
1880: SYNTAX IpsecDoiIdentType
1881: MAX-ACCESS read-create
1882: STATUS current
1883: DESCRIPTION
1884: "The type of identity field in the peer ID payload to match
1885: against."
1886: ::= { ipspPeerIdentityFilterEntry 2 }
1887:
1888: ipspPeerIdFiltIdentityValue OBJECT-TYPE
1889: SYNTAX IpspIdentityFilter
1890: MAX-ACCESS read-create
1891: STATUS current
1892: DESCRIPTION
1893: "The string representation of the value that the peer ID
1894: payload value must match against. Wildcard mechanisms MUST be
1895: supported such that:
1896:
1897: - a ipspPeerIdFiltIdentityValue of '*@example.com' will match
1898: a userFqdn ID payload of 'JDOE@EXAMPLE.COM'
1899:
1900: - a ipspPeerIdFiltIdentityValue of '*.example.com' will match
1901: a fqdn ID payload of 'WWW.EXAMPLE.COM'
1902:
1903: - a ipspPeerIdFiltIdentityValue of:
1904: 'cn=*,ou=engineering,o=company,c=us'
1905: will match a DER DN ID payload of
1906: 'cn=John Doe,ou=engineering,o=company,c=us'
1907:
1908: - a ipspPeerIdFiltIdentityValue of '192.0.2.0/24' will match
1909: an IPv4 address ID payload of 192.0.2.10
1910:
1911: - a ipspPeerIdFiltIdentityValue of '192.0.2.*' will also
1912: match an IPv4 address ID payload of 192.0.2.10.
1913:
1914: The character '*' replaces 0 or multiple instances of any
1915: character."
1916: ::= { ipspPeerIdentityFilterEntry 3 }
1917:
1918: ipspPeerIdFiltLastChanged OBJECT-TYPE
1919: SYNTAX TimeStamp
1920: MAX-ACCESS read-only
1921: STATUS current
1922: DESCRIPTION
1923: "The value of sysUpTime when this row was last modified or
1924: created either through SNMP SETs or by some other external
1925: means."
1926: ::= { ipspPeerIdentityFilterEntry 4 }
1927:
1928: ipspPeerIdFiltStorageType OBJECT-TYPE
1929: SYNTAX StorageType
1930: MAX-ACCESS read-create
1931: STATUS current
1932: DESCRIPTION
1933: "The storage type for this row. Rows in this table which were
1934: created through an external process may have a storage type
1935: of readOnly or permanent."
1936: DEFVAL { nonVolatile }
1937: ::= { ipspPeerIdentityFilterEntry 5 }
1938:
1939: ipspPeerIdFiltRowStatus OBJECT-TYPE
1940: SYNTAX RowStatus
1941: MAX-ACCESS read-create
1942: STATUS current
1943: DESCRIPTION
1944: "This object indicates the conceptual status of this row.
1945: This object can not be considered active unless the
1946: ipspPeerIdFiltIdentityType and ipspPeerIdFiltIdentityValue
1947: column values are defined."
1948: ::= { ipspPeerIdentityFilterEntry 6 }
1949:
1950: --
1951: -- compound actions table
1952: --
1953:
1954: ipspCompoundActionTable OBJECT-TYPE
1955: SYNTAX SEQUENCE OF IpspCompoundActionEntry
1956: MAX-ACCESS not-accessible
1957: STATUS current
1958: DESCRIPTION
1959: "Table used to allow multiple actions to be associated with a
1960: rule. It uses the ipspSubactionsTable to do this."
1961: ::= { ipspConfigObjects 14 }
1962:
1963: ipspCompoundActionEntry OBJECT-TYPE
1964: SYNTAX IpspCompoundActionEntry
1965: MAX-ACCESS not-accessible
1966: STATUS current
1967: DESCRIPTION
1968: "A row in the ipspCompoundActionTable."
1969: INDEX { ipspCompActName }
1970: ::= { ipspCompoundActionTable 1 }
1971:
1972: IpspCompoundActionEntry ::= SEQUENCE {
1973: ipspCompActName SnmpAdminString,
1974: ipspCompActExecutionStrategy INTEGER,
1975: ipspCompActLastChanged TimeStamp,
1976: ipspCompActStorageType StorageType,
1977: ipspCompActRowStatus RowStatus
1978: }
1979:
1980: ipspCompActName OBJECT-TYPE
1981: SYNTAX SnmpAdminString (SIZE(1..32))
1982: MAX-ACCESS not-accessible
1983: STATUS current
1984: DESCRIPTION
1985: "This is an administratively assigned name of this compound
1986: action."
1987: ::= { ipspCompoundActionEntry 1 }
1988:
1989: ipspCompActExecutionStrategy OBJECT-TYPE
1990: SYNTAX INTEGER { reserved(0),
1991: doAll(1),
1992: doUntilSuccess(2),
1993: doUntilFailure(3) }
1994: MAX-ACCESS read-create
1995: STATUS current
1996: DESCRIPTION
1997: "This object indicates how the sub-actions are executed based
1998: on the success of the actions as they finish executing.
1999:
2000: doAll - run each sub-action regardless of the
2001: exit status of the previous action. This
2002: parent action is always considered to have
2003: acted successfully.
2004:
2005: doUntilSuccess - run each sub-action until one succeeds, at
2006: which point stop processing the sub-actions
2007: within this parent compound action. If one
2008: of the sub-actions did execute
2009: successfully, this parent action is also
2010: considered to have executed sucessfully.
2011:
2012: doUntilFailure - run each sub-action until one fails, at
2013: which point stop processing the sub-actions
2014: within this compound action. If any
2015: sub-action fails, the result of this parent
2016: action is considered to have failed."
2017: DEFVAL { doUntilSuccess }
2018: ::= { ipspCompoundActionEntry 2 }
2019:
2020: ipspCompActLastChanged OBJECT-TYPE
2021: SYNTAX TimeStamp
2022: MAX-ACCESS read-only
2023: STATUS current
2024: DESCRIPTION
2025: "The value of sysUpTime when this row was last modified or
2026: created either through SNMP SETs or by some other external
2027: means."
2028: ::= { ipspCompoundActionEntry 3 }
2029:
2030: ipspCompActStorageType OBJECT-TYPE
2031: SYNTAX StorageType
2032: MAX-ACCESS read-create
2033: STATUS current
2034: DESCRIPTION
2035: "The storage type for this row. Rows in this table which were
2036: created through an external process may have a storage type
2037: of readOnly or permanent."
2038: DEFVAL { nonVolatile }
2039: ::= { ipspCompoundActionEntry 4 }
2040:
2041: ipspCompActRowStatus OBJECT-TYPE
2042: SYNTAX RowStatus
2043: MAX-ACCESS read-create
2044: STATUS current
2045: DESCRIPTION
2046: "This object indicates the conceptual status of this row.
2047:
2048: The value of this object has no effect on whether other
2049: objects in this conceptual row can be modified.
2050:
2051: Once a row in the ipspCompoundActionTable has been made active,
2052: this object may not be set to destroy without first
2053: destroying all the contained rows listed in the
2054: ipspSubactionsTable."
2055: ::= { ipspCompoundActionEntry 5 }
2056:
2057:
2058: --
2059: -- actions contained within a compound action
2060: --
2061:
2062: ipspSubactionsTable OBJECT-TYPE
2063: SYNTAX SEQUENCE OF IpspSubactionsEntry
2064: MAX-ACCESS not-accessible
2065: STATUS current
2066: DESCRIPTION
2067: "This table contains a list of the sub-actions within a given
2068: compound action. Compound actions executing these actions
2069: MUST execute them in series based on the ipspSubActPriority
2070: value, with the lowest value executing first."
2071: ::= { ipspConfigObjects 15 }
2072:
2073: ipspSubactionsEntry OBJECT-TYPE
2074: SYNTAX IpspSubactionsEntry
2075: MAX-ACCESS not-accessible
2076: STATUS current
2077: DESCRIPTION
2078: "A row containing a reference to a given compound-action
2079: sub-action."
2080: INDEX { ipspCompActName, ipspSubActPriority }
2081: ::= { ipspSubactionsTable 1 }
2082:
2083: IpspSubactionsEntry ::= SEQUENCE {
2084: ipspSubActPriority Integer32,
2085: ipspSubActSubActionName VariablePointer,
2086: aiipspCompActLastChanged TimeStamp,
2087: aiipspCompActStorageType StorageType,
2088: aiipspCompActRowStatus RowStatus
2089: }
2090:
2091: ipspSubActPriority OBJECT-TYPE
2092: SYNTAX Integer32 (0..65536)
2093: MAX-ACCESS not-accessible
2094: STATUS current
2095: DESCRIPTION
2096: "The priority of a given sub-action within a compound action.
2097: The order in which sub-actions should be executed are based
2098: on the value from this column, with the lowest numeric value
2099: executing first."
2100: ::= { ipspSubactionsEntry 1 }
2101:
2102: ipspSubActSubActionName OBJECT-TYPE
2103: SYNTAX VariablePointer
2104: MAX-ACCESS read-create
2105: STATUS current
2106: DESCRIPTION
2107: "This column points to the action to be taken. It may, but is
2108: not limited to, point to a row in one of the following
2109: tables:
2110:
2111: ipspCompoundActionTable - Allowing recursion
2112: ipspSaPreconfiguredActionTable
2113: ipspIkeActionTable
2114: ipspIpsecActionTable
2115:
2116: It may also point to one of the scalar objects beneath
2117: ipspStaticActions.
2118:
2119: If this object is set to a pointer to a row in an unsupported
2120: (or unknown) table, an inconsistentValue error should be
2121: returned.
2122:
2123: If this object is set to point to a non-existent row in an
2124: otherwise supported table, an inconsistentName error should
2125: be returned."
2126: ::= { ipspSubactionsEntry 2 }
2127:
2128: aiipspCompActLastChanged OBJECT-TYPE
2129: SYNTAX TimeStamp
2130: MAX-ACCESS read-only
2131: STATUS current
2132: DESCRIPTION
2133: "The value of sysUpTime when this row was last modified or
2134: created either through SNMP SETs or by some other external
2135: means."
2136: ::= { ipspSubactionsEntry 3 }
2137:
2138: aiipspCompActStorageType OBJECT-TYPE
2139: SYNTAX StorageType
2140: MAX-ACCESS read-create
2141: STATUS current
2142: DESCRIPTION
2143: "The storage type for this row. Rows in this table which were
2144: created through an external process may have a storage type
2145: of readOnly or permanent."
2146: DEFVAL { nonVolatile }
2147: ::= { ipspSubactionsEntry 4 }
2148:
2149: aiipspCompActRowStatus OBJECT-TYPE
2150: SYNTAX RowStatus
2151: MAX-ACCESS read-create
2152: STATUS current
2153: DESCRIPTION
2154: "This object indicates the conceptual status of this row.
2155:
2156: The value of this object has no effect on whether other
2157: objects in this conceptual row can be modified."
2158: ::= { ipspSubactionsEntry 5 }
2159:
2160: --
2161: -- Static Actions
2162: --
2163:
2164: -- these are static actions which can be pointed to by the
2165: -- ipspRuleDefAction or the ipspSubActSubActionName objects to drop,
2166: -- accept or reject packets.
2167:
2168: ipspStaticActions OBJECT IDENTIFIER ::= { ipspConfigObjects 16 }
2169:
2170: ipspDropAction OBJECT-TYPE
2171: SYNTAX Integer32
2172: MAX-ACCESS read-only
2173: STATUS current
2174: DESCRIPTION
2175: "This scalar indicates that a packet should be dropped WITHOUT
2176: action/packet logging. This object returns a value
2177: of 1 for IPsec policy implementations that support the drop
2178: static action."
2179: ::= { ipspStaticActions 1 }
2180:
2181: ipspDropActionLog OBJECT-TYPE
2182: SYNTAX Integer32
2183: MAX-ACCESS read-only
2184: STATUS current
2185: DESCRIPTION
2186: "This scalar indicates that a packet should be dropped WITH
2187: action/packet logging. This object returns a value
2188: of 1 for IPsec policy implementations that support the drop
2189: static action with logging."
2190: ::= { ipspStaticActions 2 }
2191:
2192: ipspAcceptAction OBJECT-TYPE
2193: SYNTAX Integer32
2194: MAX-ACCESS read-only
2195: STATUS current
2196: DESCRIPTION
2197: "This Scalar indicates that a packet should be accepted
2198: (pass-through) WITHOUT action/packet logging. This object
2199: returns a value of 1 for IPsec policy implementations that
2200: support the accept static action."
2201: ::= { ipspStaticActions 3 }
2202:
2203: ipspAcceptActionLog OBJECT-TYPE
2204: SYNTAX Integer32
2205: MAX-ACCESS read-only
2206: STATUS current
2207: DESCRIPTION
2208: "This scalar indicates that a packet should be accepted
2209: (pass-through) WITH action/packet logging. This object
2210: returns a value of 1 for IPsec policy implementations that
2211: support the accept static action with logging."
2212: ::= { ipspStaticActions 4 }
2213:
2214: ipspRejectIKEAction OBJECT-TYPE
2215: SYNTAX Integer32
2216: MAX-ACCESS read-only
2217: STATUS current
2218: DESCRIPTION
2219: "This scalar indicates that a packet should be rejected
2220: WITHOUT action/packet logging. This object returns a value
2221: of 1 for IPsec policy implementations that support the reject
2222: static action."
2223: ::= { ipspStaticActions 5 }
2224:
2225: ipspRejectIKEActionLog OBJECT-TYPE
2226: SYNTAX Integer32
2227: MAX-ACCESS read-only
2228: STATUS current
2229: DESCRIPTION
2230: "This scalar indicates that a packet should be rejected
2231: WITH action/packet logging. This object returns a value of 1
2232: for IPsec policy implementations that support the reject
2233: static action with logging."
2234: ::= { ipspStaticActions 6 }
2235:
2236:
2237: --
2238: -- Preconfigured Action Table
2239: --
2240:
2241:
2242: ipspSaPreconfiguredActionTable OBJECT-TYPE
2243: SYNTAX SEQUENCE OF IpspSaPreconfiguredActionEntry
2244: MAX-ACCESS not-accessible
2245: STATUS current
2246: DESCRIPTION
2247: "This table is a list of non-negotiated IPsec actions (SAs)
2248: that can be performed and contains or indicates the data
2249: necessary to create such an SA."
2250: ::= { ipspConfigObjects 17 }
2251:
2252: ipspSaPreconfiguredActionEntry OBJECT-TYPE
2253: SYNTAX IpspSaPreconfiguredActionEntry
2254: MAX-ACCESS not-accessible
2255: STATUS current
2256: DESCRIPTION
2257: "One entry in the ipspSaPreconfiguredActionTable."
2258: INDEX { ipspSaPreActActionName, ipspSaPreActSADirection }
2259: ::= { ipspSaPreconfiguredActionTable 1 }
2260:
2261: IpspSaPreconfiguredActionEntry ::= SEQUENCE {
2262: ipspSaPreActActionName SnmpAdminString,
2263: ipspSaPreActSADirection IpspSADirection,
2264: ipspSaPreActActionDescription SnmpAdminString,
2265: ipspSaPreActActionLifetimeSec Unsigned32,
2266: ipspSaPreActActionLifetimeKB Unsigned32,
2267: ipspSaPreActDoActionLogging TruthValue,
2268: ipspSaPreActDoPacketLogging IpspIPPacketLogging,
2269: ipspSaPreActDFHandling INTEGER,
2270: ipspSaPreActActionType IpsecDoiEncapsulationMode,
2271: ipspSaPreActAHSPI Integer32,
2272: ipspSaPreActAHTransformName SnmpAdminString,
2273: ipspSaPreActAHSharedSecretName SnmpAdminString,
2274: ipspSaPreActESPSPI Integer32,
2275: ipspSaPreActESPTransformName SnmpAdminString,
2276: ipspSaPreActESPEncSecretName SnmpAdminString,
2277: ipspSaPreActESPAuthSecretName SnmpAdminString,
2278: ipspSaPreActIPCompSPI Integer32,
2279: ipspSaPreActIPCompTransformName SnmpAdminString,
2280: ipspSaPreActPeerGatewayIdName SnmpAdminString,
2281: ipspSaPreActLastChanged TimeStamp,
2282: ipspSaPreActStorageType StorageType,
2283: ipspSaPreActRowStatus RowStatus
2284: }
2285:
2286: ipspSaPreActActionName OBJECT-TYPE
2287: SYNTAX SnmpAdminString (SIZE(1..32))
2288: MAX-ACCESS not-accessible
2289: STATUS current
2290: DESCRIPTION
2291: "This object contains the name of this
2292: SaPreconfiguredActionEntry."
2293: ::= { ipspSaPreconfiguredActionEntry 1 }
2294:
2295: ipspSaPreActSADirection OBJECT-TYPE
2296: SYNTAX IpspSADirection
2297: MAX-ACCESS not-accessible
2298: STATUS current
2299: DESCRIPTION
2300: "This object indicates whether a row should apply to outgoing
2301: or incoming SAs"
2302: ::= { ipspSaPreconfiguredActionEntry 2 }
2303:
2304:
2305: ipspSaPreActActionDescription OBJECT-TYPE
2306: SYNTAX SnmpAdminString
2307: MAX-ACCESS read-create
2308: STATUS current
2309: DESCRIPTION
2310: "An administratively assigned string which may be used
2311: to describe what the action does."
2312: DEFVAL { "" }
2313: ::= { ipspSaPreconfiguredActionEntry 3 }
2314:
2315: ipspSaPreActActionLifetimeSec OBJECT-TYPE
2316: SYNTAX Unsigned32
2317: MAX-ACCESS read-create
2318: STATUS current
2319: DESCRIPTION
2320: "ipspSaPreActActionLifetimeSec specifies how long in seconds the
2321: security association derived from this action should be used.
2322: The default lifetime is 8 hours.
2323: Note: the actual lifetime of the preconfigured SA will be the
2324: lesser of the value of this object and of the value of the
2325: MaxLifetimeSecs property of the associated transform.
2326:
2327: A value of 0 indicates no time limit on the lifetime
2328: of the SA."
2329: DEFVAL { 28800 }
2330: ::= { ipspSaPreconfiguredActionEntry 4 }
2331:
2332: ipspSaPreActActionLifetimeKB OBJECT-TYPE
2333: SYNTAX Unsigned32
2334: MAX-ACCESS read-create
2335: STATUS current
2336: DESCRIPTION
2337: "ipspSaPreActActionLifetimeKB specifies how long the
2338: security association derived from this action should be used.
2339: After this value in KiloBytes has passed through the security
2340: association, it should no longer be used.
2341:
2342: Note: the actual lifetime of the preconfigured SA will be the
2343: lesser of the value of this object and of the value of the
2344: MaxLifetimeKB property of the associated transform.
2345:
2346: The default value, '0', indicates no kilobyte limit."
2347: DEFVAL { 0 }
2348: ::= { ipspSaPreconfiguredActionEntry 5 }
2349:
2350: ipspSaPreActDoActionLogging OBJECT-TYPE
2351: SYNTAX TruthValue
2352: MAX-ACCESS read-create
2353: STATUS current
2354: DESCRIPTION
2355: "ipspSaPreActDoActionLogging specifies whether or not an audit
2356: message should be logged when a preconfigured SA is created."
2357: DEFVAL { false }
2358: ::= { ipspSaPreconfiguredActionEntry 6 }
2359:
2360: ipspSaPreActDoPacketLogging OBJECT-TYPE
2361: SYNTAX IpspIPPacketLogging
2362: MAX-ACCESS read-create
2363: STATUS current
2364: DESCRIPTION
2365: "ipspSaPreActDoPacketLogging specifies whether or not an audit
2366: message should be logged and if there is logging, how many
2367: bytes of the packet to place in the notification."
2368: DEFVAL { -1 }
2369: ::= { ipspSaPreconfiguredActionEntry 7 }
2370:
2371: ipspSaPreActDFHandling OBJECT-TYPE
2372: SYNTAX INTEGER {
2373: reserved(0), -- reserved
2374: copy(1), -- indicates copy the DF bit from the
2375: -- internal to external IP header.
2376: set(2), -- set the DF bit in the external IP
2377: -- header to 1.
2378: clear(3) -- clear the DF bit in the external IP
2379: -- header to 0.
2380: }
2381: MAX-ACCESS read-create
2382: STATUS current
2383: DESCRIPTION
2384: "This object specifies how to process the DF bit in packets
2385: sent through the preconfigured SA. This object is not used
2386: for transport SAs."
2387: DEFVAL { copy }
2388: ::= { ipspSaPreconfiguredActionEntry 8 }
2389:
2390: ipspSaPreActActionType OBJECT-TYPE
2391: SYNTAX IpsecDoiEncapsulationMode
2392: MAX-ACCESS read-create
2393: STATUS current
2394: DESCRIPTION
2395: "This object specifies the encapsulation mode to use for the
2396: preconfigured SA: tunnel or transport mode."
2397: DEFVAL { tunnel }
2398: ::= { ipspSaPreconfiguredActionEntry 9 }
2399:
2400: ipspSaPreActAHSPI OBJECT-TYPE
2401: SYNTAX Integer32
2402: MAX-ACCESS read-create
2403: STATUS current
2404: DESCRIPTION
2405: "This object represents the SPI value for the AH SA."
2406: ::= { ipspSaPreconfiguredActionEntry 10 }
2407:
2408: ipspSaPreActAHTransformName OBJECT-TYPE
2409: SYNTAX SnmpAdminString (SIZE(0..32))
2410: MAX-ACCESS read-create
2411: STATUS current
2412: DESCRIPTION
2413: "This object is the name of the AH transform to use as an
2414: index into the AHTransformTable. A zero length value
2415: indicates no transform of this type is used."
2416: ::= { ipspSaPreconfiguredActionEntry 11 }
2417:
2418: ipspSaPreActAHSharedSecretName OBJECT-TYPE
2419: SYNTAX SnmpAdminString(SIZE(0..32))
2420: MAX-ACCESS read-create
2421: STATUS current
2422: DESCRIPTION
2423: "This object contains a name value to be used as an index into
2424: the ipspCredentialTable which holds the pertinent keying
2425: information for the AH SA."
2426: ::= { ipspSaPreconfiguredActionEntry 12 }
2427:
2428: ipspSaPreActESPSPI OBJECT-TYPE
2429: SYNTAX Integer32
2430: MAX-ACCESS read-create
2431: STATUS current
2432: DESCRIPTION
2433: "This object represents the SPI value for the ESP SA."
2434: ::= { ipspSaPreconfiguredActionEntry 13 }
2435:
2436: ipspSaPreActESPTransformName OBJECT-TYPE
2437: SYNTAX SnmpAdminString (SIZE(0..32))
2438: MAX-ACCESS read-create
2439: STATUS current
2440: DESCRIPTION
2441: "This object is the name of the ESP transform to use as an
2442: index into the ESPTransformTable. A zero length value
2443: indicates no transform of this type is used."
2444: ::= { ipspSaPreconfiguredActionEntry 14 }
2445:
2446: ipspSaPreActESPEncSecretName OBJECT-TYPE
2447: SYNTAX SnmpAdminString(SIZE(0..32))
2448: MAX-ACCESS read-create
2449: STATUS current
2450: DESCRIPTION
2451: "This object contains a name value to be used as an index into
2452: the ipspCredentialTable which holds the pertinent keying
2453: information for the encryption algorithm of the ESP SA."
2454: ::= { ipspSaPreconfiguredActionEntry 15 }
2455:
2456: ipspSaPreActESPAuthSecretName OBJECT-TYPE
2457: SYNTAX SnmpAdminString(SIZE(0..32))
2458: MAX-ACCESS read-create
2459: STATUS current
2460: DESCRIPTION
2461: "This object contains a name value to be used as an index into
2462: the ipspCredentialTable which holds the pertinent keying
2463: information for the authentication algorithm of the ESP SA."
2464: ::= { ipspSaPreconfiguredActionEntry 16 }
2465:
2466: ipspSaPreActIPCompSPI OBJECT-TYPE
2467: SYNTAX Integer32
2468: MAX-ACCESS read-create
2469: STATUS current
2470: DESCRIPTION
2471: "This object represents the SPI value for the IPComp SA."
2472: ::= { ipspSaPreconfiguredActionEntry 17 }
2473:
2474: ipspSaPreActIPCompTransformName OBJECT-TYPE
2475: SYNTAX SnmpAdminString (SIZE(0..32))
2476: MAX-ACCESS read-create
2477: STATUS current
2478: DESCRIPTION
2479: "This object is the name of the IPComp transform to use as an
2480: index into the IPCompTransformTable. A zero length value
2481: indicates no transform of this type is used."
2482: ::= { ipspSaPreconfiguredActionEntry 18 }
2483:
2484: ipspSaPreActPeerGatewayIdName OBJECT-TYPE
2485: SYNTAX SnmpAdminString (SIZE(0..32))
2486: MAX-ACCESS read-create
2487: STATUS current
2488: DESCRIPTION
2489: "This object indicates the peer id name of the peer
2490: gateway. This object can be used to look up the peer gateway
2491: address in the ipspPeerIdentityTable.
2492:
2493: This object is only used when initiating a tunnel SA, and
2494: is not used for transport SAs. If ipspSaPreActActionType
2495: specifies tunnel mode and this object is empty, the peer
2496: gateway should be determined from the source or destination
2497: of the packet."
2498: DEFVAL { "" }
2499: ::= { ipspSaPreconfiguredActionEntry 19 }
2500:
2501: ipspSaPreActLastChanged OBJECT-TYPE
2502: SYNTAX TimeStamp
2503: MAX-ACCESS read-only
2504: STATUS current
2505: DESCRIPTION
2506: "The value of sysUpTime when this row was last modified or
2507: created either through SNMP SETs or by some other external
2508: means."
2509: ::= { ipspSaPreconfiguredActionEntry 20 }
2510:
2511: ipspSaPreActStorageType OBJECT-TYPE
2512: SYNTAX StorageType
2513: MAX-ACCESS read-create
2514: STATUS current
2515: DESCRIPTION
2516: "The storage type for this row. Rows in this table which were
2517: created through an external process may have a storage type
2518: of readOnly or permanent."
2519: DEFVAL { nonVolatile }
2520: ::= { ipspSaPreconfiguredActionEntry 21 }
2521:
2522: ipspSaPreActRowStatus OBJECT-TYPE
2523: SYNTAX RowStatus
2524: MAX-ACCESS read-create
2525: STATUS current
2526: DESCRIPTION
2527: "This object indicates the conceptual status of this row.
2528:
2529: The value of this object has no effect on whether other
2530: objects in this conceptual row can be modified.
2531:
2532: If active, this object must remain active if it is referenced
2533: by a row in another table."
2534: ::= { ipspSaPreconfiguredActionEntry 22 }
2535:
2536:
2537: --
2538: -- ipspSaNegotiationParametersTable
2539: --
2540:
2541: -- PROPERTIES MinLifetimeSeconds
2542: -- MinLifetimeKilobytes
2543: -- RefreshThresholdSeconds
2544: -- RefreshThresholdKilobytes
2545: -- IdleDurationSeconds
2546:
2547: ipspSaNegotiationParametersTable OBJECT-TYPE
2548: SYNTAX SEQUENCE OF IpspSaNegotiationParametersEntry
2549: MAX-ACCESS not-accessible
2550: STATUS current
2551: DESCRIPTION
2552: "This table contains reusable parameters that can be pointed
2553: to by the ipspIkeActionTable and ipspIpsecActionTable. These
2554: parameters are reusable since it is likely an administrator
2555: will want to make global policy changes to lifetime
2556: parameters that apply to multiple actions. This table allows
2557: multiple rows in the other actions tables to reuse global
2558: lifetime parameters in this table by repeatedly pointing to a
2559: row cointained within this table."
2560: ::= { ipspConfigObjects 18 }
2561:
2562: ipspSaNegotiationParametersEntry OBJECT-TYPE
2563: SYNTAX IpspSaNegotiationParametersEntry
2564: MAX-ACCESS not-accessible
2565: STATUS current
2566: DESCRIPTION
2567: "Contains the attributes of one row in the
2568: ipspSaNegotiationParametersTable."
2569: INDEX { ipspSaNegParamName }
2570: ::= { ipspSaNegotiationParametersTable 1 }
2571:
2572: IpspSaNegotiationParametersEntry ::= SEQUENCE {
2573: ipspSaNegParamName SnmpAdminString,
2574: ipspSaNegParamMinLifetimeSecs Unsigned32,
2575: ipspSaNegParamMinLifetimeKB Unsigned32,
2576: ipspSaNegParamRefreshThreshSecs Unsigned32,
2577: ipspSaNegParamRefreshThresholdKB Unsigned32,
2578: ipspSaNegParamIdleDurationSecs Unsigned32,
2579: ipspSaNegParamLastChanged TimeStamp,
2580: ipspSaNegParamStorageType StorageType,
2581: ipspSaNegParamRowStatus RowStatus
2582: }
2583:
2584: ipspSaNegParamName OBJECT-TYPE
2585: SYNTAX SnmpAdminString (SIZE(1..32))
2586: MAX-ACCESS not-accessible
2587: STATUS current
2588: DESCRIPTION
2589: "This object contains the administrative name of this
2590: SaNegotiationParametersEntry. This row can be referred
2591: to by this name in other policy action tables."
2592: ::= { ipspSaNegotiationParametersEntry 1 }
2593:
2594: ipspSaNegParamMinLifetimeSecs OBJECT-TYPE
2595: SYNTAX Unsigned32
2596: MAX-ACCESS read-create
2597: STATUS current
2598: DESCRIPTION
2599: "ipspSaNegParamMinLifetimeSecs specifies the minimum seconds
2600: lifetime that will be accepted from the peer."
2601: ::= { ipspSaNegotiationParametersEntry 2 }
2602:
2603: ipspSaNegParamMinLifetimeKB OBJECT-TYPE
2604: SYNTAX Unsigned32
2605: MAX-ACCESS read-create
2606: STATUS current
2607: DESCRIPTION
2608: "ipspSaNegParamMinLifetimeKB specifies the minimum kilobyte
2609: lifetime that will be accepted from the peer."
2610: ::= { ipspSaNegotiationParametersEntry 3 }
2611:
2612: ipspSaNegParamRefreshThreshSecs OBJECT-TYPE
2613: SYNTAX Unsigned32 (1..100)
2614: MAX-ACCESS read-create
2615: STATUS current
2616: DESCRIPTION
2617: "ipspSaNegParamRefreshThreshSecs specifies what percentage of
2618: the seconds lifetime can expire before IKE should attempt to
2619: renegotiate the IPsec security association.
2620: A value between 1 and 100 representing a percentage. A
2621: value of 100 indicates that the IPsec security
2622: association should not be renegotiated until the
2623: seconds lifetime has been completely reached."
2624: ::= { ipspSaNegotiationParametersEntry 4 }
2625:
2626: ipspSaNegParamRefreshThresholdKB OBJECT-TYPE
2627: SYNTAX Unsigned32 (1..100)
2628: MAX-ACCESS read-create
2629: STATUS current
2630: DESCRIPTION
2631: "ipspSaNegParamRefreshThresholdKB specifies what percentage of
2632: the kilobyte lifetime can expire before IKE should attempt
2633: to renegotiate the IPsec security association. A value
2634: between 1 and 100 representing a percentage. A value of 100
2635: indicates that the IPsec security association should not be
2636: renegotiated until the kilobyte lifetime has been reached."
2637: ::= { ipspSaNegotiationParametersEntry 5 }
2638:
2639: ipspSaNegParamIdleDurationSecs OBJECT-TYPE
2640: SYNTAX Unsigned32
2641: MAX-ACCESS read-create
2642: STATUS current
2643: DESCRIPTION
2644: "ipspSaNegParamIdleDurationSecs specifies how many seconds a
2645: security association may remain idle (i.e., no traffic
2646: protected using the security association) before it is
2647: deleted. A value of zero indicates that idle detection
2648: should not be used for the security association. Any
2649: non-zero value indicates the number of seconds the security
2650: association may remain unused."
2651: ::= { ipspSaNegotiationParametersEntry 6 }
2652:
2653: ipspSaNegParamLastChanged OBJECT-TYPE
2654: SYNTAX TimeStamp
2655: MAX-ACCESS read-only
2656: STATUS current
2657: DESCRIPTION
2658: "The value of sysUpTime when this row was last modified or
2659: created either through SNMP SETs or by some other external
2660: means."
2661: ::= { ipspSaNegotiationParametersEntry 7 }
2662:
2663: ipspSaNegParamStorageType OBJECT-TYPE
2664: SYNTAX StorageType
2665: MAX-ACCESS read-create
2666: STATUS current
2667: DESCRIPTION
2668: "The storage type for this row. Rows in this table which were
2669: created through an external process may have a storage type
2670: of readOnly or permanent."
2671: DEFVAL { nonVolatile }
2672: ::= { ipspSaNegotiationParametersEntry 8 }
2673:
2674: ipspSaNegParamRowStatus OBJECT-TYPE
2675: SYNTAX RowStatus
2676: MAX-ACCESS read-create
2677: STATUS current
2678: DESCRIPTION
2679: "This object indicates the conceptual status of this row.
2680:
2681: The value of this object has no effect on whether other
2682: objects in this conceptual row can be modified.
2683:
2684: This object may not be set to destroy if refered to by other
2685: rows in other action tables."
2686: ::= { ipspSaNegotiationParametersEntry 9 }
2687:
2688: --
2689: -- ipspIkeActionTable
2690: --
2691:
2692: ipspIkeActionTable OBJECT-TYPE
2693: SYNTAX SEQUENCE OF IpspIkeActionEntry
2694: MAX-ACCESS not-accessible
2695: STATUS current
2696: DESCRIPTION
2697: "The ipspIkeActionTable contains a list of the parameters used
2698: for an IKE phase 1 SA DOI negotiation. See the corresponding
2699: table ipspIkeActionProposalsTable for a list of proposals
2700: contained within a given IKE Action."
2701: ::= { ipspConfigObjects 19 }
2702:
2703: ipspIkeActionEntry OBJECT-TYPE
2704: SYNTAX IpspIkeActionEntry
2705: MAX-ACCESS not-accessible
2706: STATUS current
2707: DESCRIPTION
2708: "The ipspIkeActionEntry lists the IKE negotiation attributes."
2709: INDEX { ipspIkeActName }
2710: ::= { ipspIkeActionTable 1 }
2711:
2712: IpspIkeActionEntry ::= SEQUENCE {
2713: ipspIkeActName SnmpAdminString,
2714: ipspIkeActParametersName SnmpAdminString,
2715: ipspIkeActThresholdDerivedKeys Integer32,
2716: ipspIkeActExchangeMode INTEGER,
2717: ipspIkeActAgressiveModeGroupId IkeGroupDescription,
2718: ipspIkeActIdentityType IpsecDoiIdentType,
2719: ipspIkeActIdentityContext SnmpAdminString,
2720: ipspIkeActPeerName SnmpAdminString,
2721: ipspIkeActDoActionLogging TruthValue,
2722: ipspIkeActDoPacketLogging IpspIPPacketLogging,
2723: ipspIkeActVendorId OCTET STRING,
2724: ipspIkeActLastChanged TimeStamp,
2725: ipspIkeActStorageType StorageType,
2726: ipspIkeActRowStatus RowStatus
2727: }
2728:
2729: ipspIkeActName OBJECT-TYPE
2730: SYNTAX SnmpAdminString (SIZE(1..32))
2731: MAX-ACCESS not-accessible
2732: STATUS current
2733: DESCRIPTION
2734: "This object contains the name of this ikeAction entry."
2735: ::= { ipspIkeActionEntry 1 }
2736:
2737: ipspIkeActParametersName OBJECT-TYPE
2738: SYNTAX SnmpAdminString (SIZE(1..32))
2739: MAX-ACCESS read-create
2740: STATUS current
2741: DESCRIPTION
2742: "This object is administratively assigned to reference a row
2743: in the ipspSaNegotiationParametersTable where additional
2744: parameters affecting this action may be found."
2745: ::= { ipspIkeActionEntry 2 }
2746:
2747: ipspIkeActThresholdDerivedKeys OBJECT-TYPE
2748: SYNTAX Integer32 (0..100)
2749: MAX-ACCESS read-create
2750: STATUS current
2751: DESCRIPTION
2752: "ipspIkeActThresholdDerivedKeys specifies what percentage
2753: of the derived key limit (see the LifetimeDerivedKeys
2754: property of IKEProposal) can expire before IKE should attempt
2755: to renegotiate the IKE phase 1 security association."
2756:
2757: DEFVAL { 100 }
2758: ::= { ipspIkeActionEntry 3 }
2759:
2760: ipspIkeActExchangeMode OBJECT-TYPE
2761: SYNTAX INTEGER { main(1), agressive(2) }
2762: MAX-ACCESS read-create
2763: STATUS current
2764: DESCRIPTION
2765: "ipspIkeActExchangeMode specifies the IKE Phase 1 negotiation
2766: mode."
2767: DEFVAL { main }
2768: ::= { ipspIkeActionEntry 4 }
2769:
2770: ipspIkeActAgressiveModeGroupId OBJECT-TYPE
2771: SYNTAX IkeGroupDescription
2772: MAX-ACCESS read-create
2773: STATUS current
2774: DESCRIPTION
2775: "The values to be used for Diffie-Hellman exchange."
2776: ::= { ipspIkeActionEntry 5 }
2777:
2778: ipspIkeActIdentityType OBJECT-TYPE
2779: SYNTAX IpsecDoiIdentType
2780: MAX-ACCESS read-create
2781: STATUS current
2782: DESCRIPTION
2783: "This column along with ipspIkeActIdentityContext and endpoint
2784: information is used to refer an ipspIkeIdentityEntry in the
2785: ipspIkeIdentityTable."
2786: ::= { ipspIkeActionEntry 6 }
2787:
2788: ipspIkeActIdentityContext OBJECT-TYPE
2789: SYNTAX SnmpAdminString (SIZE(1..32))
2790: MAX-ACCESS read-create
2791: STATUS current
2792: DESCRIPTION
2793: "This column, along with ipspIkeActIdentityType and endpoint
2794: information, is used to refer to an ipspIkeIdentityEntry in the
2795: ipspIkeIdentityTable."
2796: ::= { ipspIkeActionEntry 7 }
2797:
2798: ipspIkeActPeerName OBJECT-TYPE
2799: SYNTAX SnmpAdminString(SIZE(0..32))
2800: MAX-ACCESS read-create
2801: STATUS current
2802: DESCRIPTION
2803: "This object indicates the peer id name of the IKE peer. This
2804: object can be used to look up the peer id value, address,
2805: credentials and other values in the ipspPeerIdentityTable."
2806: ::= { ipspIkeActionEntry 8 }
2807:
2808:
2809: ipspIkeActDoActionLogging OBJECT-TYPE
2810: SYNTAX TruthValue
2811: MAX-ACCESS read-create
2812: STATUS current
2813: DESCRIPTION
2814: "ikeDoActionLogging specifies whether or not an audit
2815: message should be logged when this ike SA is created."
2816: DEFVAL { false }
2817: ::= { ipspIkeActionEntry 9 }
2818:
2819: ipspIkeActDoPacketLogging OBJECT-TYPE
2820: SYNTAX IpspIPPacketLogging
2821: MAX-ACCESS read-create
2822: STATUS current
2823: DESCRIPTION
2824: "ikeDoPacketLogging specifies whether or not an audit message
2825: should be logged and if there is logging, how many bytes of
2826: the packet to place in the notification."
2827: DEFVAL { -1 }
2828: ::= { ipspIkeActionEntry 10 }
2829:
2830: ipspIkeActVendorId OBJECT-TYPE
2831: SYNTAX OCTET STRING (SIZE(0..65535))
2832: MAX-ACCESS read-create
2833: STATUS current
2834: DESCRIPTION
2835: "Vendor ID Payload. A value of NULL means that Vendor ID
2836: payload will be neither generated nor accepted. A non-NULL
2837: value means that a Vendor ID payload will be generated (when
2838: acting as an initiator) or is expected (when acting as a
2839: responder)."
2840: DEFVAL { "" }
2841: ::= { ipspIkeActionEntry 11 }
2842:
2843: ipspIkeActLastChanged OBJECT-TYPE
2844: SYNTAX TimeStamp
2845: MAX-ACCESS read-only
2846: STATUS current
2847: DESCRIPTION
2848: "The value of sysUpTime when this row was last modified or
2849: created either through SNMP SETs or by some other external
2850: means."
2851: ::= { ipspIkeActionEntry 12 }
2852:
2853: ipspIkeActStorageType OBJECT-TYPE
2854: SYNTAX StorageType
2855: MAX-ACCESS read-create
2856: STATUS current
2857: DESCRIPTION
2858: "The storage type for this row. Rows in this table which were
2859: created through an external process may have a storage type
2860: of readOnly or permanent."
2861: DEFVAL { nonVolatile }
2862: ::= { ipspIkeActionEntry 13 }
2863:
2864: ipspIkeActRowStatus OBJECT-TYPE
2865: SYNTAX RowStatus
2866: MAX-ACCESS read-create
2867: STATUS current
2868: DESCRIPTION
2869: "This object indicates the conceptual status of this row.
2870:
2871: The value of this object has no effect on whether other
2872: objects in this conceptual row can be modified.
2873:
2874: This object may not be set to destroy if refered to by other
2875: rows in other action tables."
2876: ::= { ipspIkeActionEntry 14 }
2877:
2878: --
2879: -- ipspIkeActionProposalsTable proposals contained within a ikeAction
2880: --
2881:
2882: ipspIkeActionProposalsTable OBJECT-TYPE
2883: SYNTAX SEQUENCE OF IpspIkeActionProposalsEntry
2884: MAX-ACCESS not-accessible
2885: STATUS current
2886: DESCRIPTION
2887: "This table contains a list of all ike proposal names found
2888: within a given IKE Action."
2889: ::= { ipspConfigObjects 20 }
2890:
2891: ipspIkeActionProposalsEntry OBJECT-TYPE
2892: SYNTAX IpspIkeActionProposalsEntry
2893: MAX-ACCESS not-accessible
2894: STATUS current
2895: DESCRIPTION
2896: "a row containing one ike proposal reference"
2897: INDEX { ipspIkeActName, ipspIkeActPropPriority }
2898: ::= { ipspIkeActionProposalsTable 1 }
2899:
2900: IpspIkeActionProposalsEntry ::= SEQUENCE {
2901: ipspIkeActPropPriority Integer32,
2902: ipspIkeActPropName SnmpAdminString,
2903: ipspIkeActPropLastChanged TimeStamp,
2904: ipspIkeActPropStorageType StorageType,
2905: ipspIkeActPropRowStatus RowStatus
2906: }
2907:
2908: ipspIkeActPropPriority OBJECT-TYPE
2909: SYNTAX Integer32 (0..65535)
2910: MAX-ACCESS not-accessible
2911: STATUS current
2912: DESCRIPTION
2913: "The numeric priority of a given contained proposal inside an
2914: ike Action. This index should be used to order the proposals
2915: in an IKE Phase I negotiation, lowest value first."
2916: ::= { ipspIkeActionProposalsEntry 1 }
2917:
2918: ipspIkeActPropName OBJECT-TYPE
2919: SYNTAX SnmpAdminString (SIZE(1..32))
2920: MAX-ACCESS read-create
2921: STATUS current
2922: DESCRIPTION
2923: "The administratively assigned name that can be used to
2924: reference a set of values contained within the
2925: ipspIkeProposalTable."
2926: ::= { ipspIkeActionProposalsEntry 2 }
2927:
2928:
2929: ipspIkeActPropLastChanged OBJECT-TYPE
2930: SYNTAX TimeStamp
2931: MAX-ACCESS read-only
2932: STATUS current
2933: DESCRIPTION
2934: "The value of sysUpTime when this row was last modified or
2935: created either through SNMP SETs or by some other external
2936: means."
2937: ::= { ipspIkeActionProposalsEntry 3 }
2938:
2939: ipspIkeActPropStorageType OBJECT-TYPE
2940: SYNTAX StorageType
2941: MAX-ACCESS read-create
2942: STATUS current
2943: DESCRIPTION
2944: "The storage type for this row. Rows in this table which were
2945: created through an external process may have a storage type
2946: of readOnly or permanent."
2947: DEFVAL { nonVolatile }
2948: ::= { ipspIkeActionProposalsEntry 4 }
2949:
2950: ipspIkeActPropRowStatus OBJECT-TYPE
2951: SYNTAX RowStatus
2952: MAX-ACCESS read-create
2953: STATUS current
2954: DESCRIPTION
2955: "This object indicates the conceptual status of this row.
2956:
2957: The value of this object has no effect on whether other
2958: objects in this conceptual row can be modified."
2959: ::= { ipspIkeActionProposalsEntry 5 }
2960:
2961: --
2962: -- IKE proposal definition table
2963: --
2964:
2965:
2966: ipspIkeProposalTable OBJECT-TYPE
2967: SYNTAX SEQUENCE OF IpspIkeProposalEntry
2968: MAX-ACCESS not-accessible
2969: STATUS current
2970: DESCRIPTION
2971: "This table contains a list of IKE proposals which are used in
2972: an IKE negotiation."
2973: ::= { ipspConfigObjects 21 }
2974:
2975: ipspIkeProposalEntry OBJECT-TYPE
2976: SYNTAX IpspIkeProposalEntry
2977: MAX-ACCESS not-accessible
2978: STATUS current
2979: DESCRIPTION
2980: "One IKE proposal entry."
2981: INDEX { ipspIkeActPropName }
2982: ::= { ipspIkeProposalTable 1 }
2983:
2984: IpspIkeProposalEntry ::= SEQUENCE {
2985: ipspIkePropLifetimeDerivedKeys Unsigned32,
2986: ipspIkePropCipherAlgorithm IkeEncryptionAlgorithm,
2987: ipspIkePropCipherKeyLength Unsigned32,
2988: ipspIkePropCipherKeyRounds Unsigned32,
2989: ipspIkePropHashAlgorithm IkeHashAlgorithm,
2990: ipspIkePropPrfAlgorithm INTEGER,
2991: ipspIkePropVendorId OCTET STRING,
2992: ipspIkePropDhGroup IkeGroupDescription,
2993: ipspIkePropAuthenticationMethod IkeAuthMethod,
2994: ipspIkePropMaxLifetimeSecs Unsigned32,
2995: ipspIkePropMaxLifetimeKB Unsigned32,
2996: ipspIkePropProposalLastChanged TimeStamp,
2997: ipspIkePropProposalStorageType StorageType,
2998: ipspIkePropProposalRowStatus RowStatus
2999: }
3000:
3001: ipspIkePropLifetimeDerivedKeys OBJECT-TYPE
3002: SYNTAX Unsigned32
3003: MAX-ACCESS read-create
3004: STATUS current
3005: DESCRIPTION
3006: "ipspIkePropLifetimeDerivedKeys specifies the number of times
3007: that a phase 1 key will be used to derive a phase 2 key
3008: before the phase 1 security association needs renegotiated."
3009: ::= { ipspIkeProposalEntry 1 }
3010:
3011: ipspIkePropCipherAlgorithm OBJECT-TYPE
3012: SYNTAX IkeEncryptionAlgorithm
3013: MAX-ACCESS read-create
3014: STATUS current
3015: DESCRIPTION
3016: "ipspIkePropCipherAlgorithm specifies the proposed phase 1
3017: security association encryption algorithm."
3018: ::= { ipspIkeProposalEntry 2 }
3019:
3020: ipspIkePropCipherKeyLength OBJECT-TYPE
3021: SYNTAX Unsigned32
3022: MAX-ACCESS read-create
3023: STATUS current
3024: DESCRIPTION
3025: "This object specifies, in bits, the key length for
3026: the cipher algorithm used in IKE Phase 1 negotiation."
3027: ::= { ipspIkeProposalEntry 3 }
3028:
3029: ipspIkePropCipherKeyRounds OBJECT-TYPE
3030: SYNTAX Unsigned32
3031: MAX-ACCESS read-create
3032: STATUS current
3033: DESCRIPTION
3034: "This object specifies the number of key rounds for
3035: the cipher algorithm used in IKE Phase 1 negotiation."
3036: ::= { ipspIkeProposalEntry 4 }
3037:
3038: ipspIkePropHashAlgorithm OBJECT-TYPE
3039: SYNTAX IkeHashAlgorithm
3040: MAX-ACCESS read-create
3041: STATUS current
3042: DESCRIPTION
3043: "ipspIkePropHashAlgorithm specifies the proposed phase 1
3044: security assocation hash algorithm."
3045: ::= { ipspIkeProposalEntry 5 }
3046:
3047: ipspIkePropPrfAlgorithm OBJECT-TYPE
3048: SYNTAX INTEGER { reserved(0) }
3049: MAX-ACCESS read-create
3050: STATUS current
3051: DESCRIPTION
3052: "ipPRFAlgorithm specifies the proposed phase 1 security
3053: association psuedo-random function.
3054:
3055: Note: currently no prf algorithms are defined."
3056: ::= { ipspIkeProposalEntry 6 }
3057:
3058: ipspIkePropVendorId OBJECT-TYPE
3059: SYNTAX OCTET STRING (SIZE(0..255))
3060: MAX-ACCESS read-create
3061: STATUS current
3062: DESCRIPTION
3063: "The VendorID property is used to identify vendor-defined key
3064: exchange GroupIDs."
3065: ::= { ipspIkeProposalEntry 7 }
3066:
3067: ipspIkePropDhGroup OBJECT-TYPE
3068: SYNTAX IkeGroupDescription
3069: MAX-ACCESS read-create
3070: STATUS current
3071: DESCRIPTION
3072: "This object specifies the proposed phase 1 security
3073: association Diffie-Hellman group"
3074: ::= { ipspIkeProposalEntry 8 }
3075:
3076: ipspIkePropAuthenticationMethod OBJECT-TYPE
3077: SYNTAX IkeAuthMethod
3078: MAX-ACCESS read-create
3079: STATUS current
3080: DESCRIPTION
3081: "This object specifies the proposed authentication
3082: method for the phase 1 security association."
3083: ::= { ipspIkeProposalEntry 9 }
3084:
3085: ipspIkePropMaxLifetimeSecs OBJECT-TYPE
3086: SYNTAX Unsigned32
3087: MAX-ACCESS read-create
3088: STATUS current
3089: DESCRIPTION
3090: "ipspIkePropMaxLifetimeSecs specifies the maximum amount of
3091: time to propose a security association remain valid.
3092:
3093: A value of 0 indicates that the default lifetime of
3094: 8 hours should be used."
3095: ::= { ipspIkeProposalEntry 10 }
3096:
3097: ipspIkePropMaxLifetimeKB OBJECT-TYPE
3098: SYNTAX Unsigned32
3099: MAX-ACCESS read-create
3100: STATUS current
3101: DESCRIPTION
3102: "ipspIkePropMaxLifetimeKB specifies the maximum kilobyte
3103: lifetime to propose a security association remain valid."
3104: ::= { ipspIkeProposalEntry 11 }
3105:
3106: ipspIkePropProposalLastChanged OBJECT-TYPE
3107: SYNTAX TimeStamp
3108: MAX-ACCESS read-only
3109: STATUS current
3110: DESCRIPTION
3111: "The value of sysUpTime when this row was last modified or
3112: created either through SNMP SETs or by some other external
3113: means."
3114: ::= { ipspIkeProposalEntry 12 }
3115:
3116: ipspIkePropProposalStorageType OBJECT-TYPE
3117: SYNTAX StorageType
3118: MAX-ACCESS read-create
3119: STATUS current
3120: DESCRIPTION
3121: "The storage type for this row. Rows in this table which were
3122: created through an external process may have a storage type
3123: of readOnly or permanent."
3124: DEFVAL { nonVolatile }
3125: ::= { ipspIkeProposalEntry 13 }
3126:
3127: ipspIkePropProposalRowStatus OBJECT-TYPE
3128: SYNTAX RowStatus
3129: MAX-ACCESS read-create
3130: STATUS current
3131: DESCRIPTION
3132: "This object indicates the conceptual status of this row.
3133:
3134: The value of this object has no effect on whether other
3135: objects in this conceptual row can be modified."
3136: ::= { ipspIkeProposalEntry 14 }
3137:
3138:
3139: --
3140: -- IPsec action definition table
3141: --
3142: ipspIpsecActionTable OBJECT-TYPE
3143: SYNTAX SEQUENCE OF IpspIpsecActionEntry
3144: MAX-ACCESS not-accessible
3145: STATUS current
3146: DESCRIPTION
3147: "The ipspIpsecActionTable contains a list of the parameters
3148: used for an IKE phase 2 IPsec DOI negotiation."
3149: ::= { ipspConfigObjects 22 }
3150:
3151: ipspIpsecActionEntry OBJECT-TYPE
3152: SYNTAX IpspIpsecActionEntry
3153: MAX-ACCESS not-accessible
3154: STATUS current
3155: DESCRIPTION
3156: "The ipspIpsecActionEntry lists the IPsec negotiation
3157: attributes."
3158: INDEX { ipspIpsecActName }
3159: ::= { ipspIpsecActionTable 1 }
3160:
3161: IpspIpsecActionEntry ::= SEQUENCE {
3162: ipspIpsecActName SnmpAdminString,
3163: ipspIpsecActParametersName SnmpAdminString,
3164: ipspIpsecActProposalsName SnmpAdminString,
3165: ipspIpsecActUsePfs TruthValue,
3166: ipspIpsecActVendorId OCTET STRING,
3167: ipspIpsecActGroupId IkeGroupDescription,
3168: ipspIpsecActPeerGatewayIdName OCTET STRING,
3169: ipspIpsecActUseIkeGroup TruthValue,
3170: ipspIpsecActGranularity INTEGER,
3171: ipspIpsecActMode INTEGER,
3172: ipspIpsecActDFHandling INTEGER,
3173: ipspIpsecActDoActionLogging TruthValue,
3174: ipspIpsecActDoPacketLogging IpspIPPacketLogging,
3175: ipspIpsecActLastChanged TimeStamp,
3176: ipspIpsecActStorageType StorageType,
3177: ipspIpsecActRowStatus RowStatus
3178: }
3179:
3180: ipspIpsecActName OBJECT-TYPE
3181: SYNTAX SnmpAdminString (SIZE(1..32))
3182: MAX-ACCESS not-accessible
3183: STATUS current
3184: DESCRIPTION
3185: "ipspIpsecActName is the name of the ipsecAction entry."
3186: ::= { ipspIpsecActionEntry 1 }
3187:
3188:
3189: ipspIpsecActParametersName OBJECT-TYPE
3190: SYNTAX SnmpAdminString (SIZE(1..32))
3191: MAX-ACCESS read-create
3192: STATUS current
3193: DESCRIPTION
3194: "This object is used to reference a row in the
3195: ipspSaNegotiationParametersTable where additional parameters
3196: affecting this action may be found."
3197: ::= { ipspIpsecActionEntry 2 }
3198:
3199: ipspIpsecActProposalsName OBJECT-TYPE
3200: SYNTAX SnmpAdminString (SIZE(1..32))
3201: MAX-ACCESS read-create
3202: STATUS current
3203: DESCRIPTION
3204: "This object is used to reference one or more rows in the
3205: ipspIpsecProposalsTable where an ordered list of proposals
3206: affecting this action may be found."
3207: ::= { ipspIpsecActionEntry 3 }
3208:
3209: ipspIpsecActUsePfs OBJECT-TYPE
3210: SYNTAX TruthValue
3211: MAX-ACCESS read-create
3212: STATUS current
3213: DESCRIPTION
3214: "This MIB object specifies whether or not perfect forward
3215: secrecy should be used when refreshing keys.
3216: A value of true indicates that PFS should be used."
3217: ::= { ipspIpsecActionEntry 4 }
3218:
3219: ipspIpsecActVendorId OBJECT-TYPE
3220: SYNTAX OCTET STRING (SIZE(0..255))
3221: MAX-ACCESS read-create
3222: STATUS current
3223: DESCRIPTION
3224: "The VendorID property is used to identify vendor-defined key
3225: exchange GroupIDs."
3226: ::= { ipspIpsecActionEntry 5 }
3227:
3228: ipspIpsecActGroupId OBJECT-TYPE
3229: SYNTAX IkeGroupDescription
3230: MAX-ACCESS read-create
3231: STATUS current
3232: DESCRIPTION
3233: "This object specifies the Diffie-Hellman group to use for
3234: phase 2 when the object ipspIpsecActUsePfs is true and the
3235: object ipspIpsecActUseIkeGroup is false. If the GroupID
3236: number is from the vendor-specific range (32768-65535), the
3237: VendorID qualifies the group number."
3238: ::= { ipspIpsecActionEntry 6 }
3239:
3240: ipspIpsecActPeerGatewayIdName OBJECT-TYPE
3241: SYNTAX OCTET STRING (SIZE(0..116))
3242: MAX-ACCESS read-create
3243: STATUS current
3244: DESCRIPTION
3245: "This object indicates the peer id name of the peer
3246: gateway. This object can be used to look up the peer id
3247: value, address and other values in the ipspPeerIdentityTable.
3248: This object is used when initiating a tunnel SA. This object
3249: is not used for transport SAs. If no value is set and
3250: ipspIpsecActMode is tunnel, the peer gateway should be
3251: determined from the source or destination address of the
3252: packet."
3253: ::= { ipspIpsecActionEntry 7 }
3254:
3255: ipspIpsecActUseIkeGroup OBJECT-TYPE
3256: SYNTAX TruthValue
3257: MAX-ACCESS read-create
3258: STATUS current
3259: DESCRIPTION
3260: "This object specifies whether or not to use the same GroupId
3261: for phase 2 as was used in phase 1. If UsePFS is false, this
3262: entry should be ignored."
3263: ::= { ipspIpsecActionEntry 8 }
3264:
3265: ipspIpsecActGranularity OBJECT-TYPE
3266: SYNTAX INTEGER { subnet(1), address(2), protocol(3),
3267: port(4) }
3268: MAX-ACCESS read-create
3269: STATUS current
3270: DESCRIPTION
3271: "This object specifies how the proposed selector for the
3272: security association will be created. The selector is
3273: created by using the FilterList information. The selector
3274: can be subnet, address, porotocol, or port."
3275: ::= { ipspIpsecActionEntry 9 }
3276:
3277: ipspIpsecActMode OBJECT-TYPE
3278: SYNTAX INTEGER { tunnel(1), transport(2) }
3279: MAX-ACCESS read-create
3280: STATUS current
3281: DESCRIPTION
3282: "This object specifies the encapsulation of the IPsec SA
3283: to be negotiated."
3284: DEFVAL { tunnel }
3285: ::= { ipspIpsecActionEntry 10 }
3286:
3287: ipspIpsecActDFHandling OBJECT-TYPE
3288: SYNTAX INTEGER { copy(1), set(2), clear(3) }
3289: MAX-ACCESS read-create
3290: STATUS current
3291: DESCRIPTION
3292: "This object specifies the processing of DF bit by the
3293: negotiated IPsec tunnel.
3294: 1 - DF bit is copied.
3295: 2 - DF bit is set.
3296: 3 - DF bit is cleared."
3297: DEFVAL { copy }
3298: ::= { ipspIpsecActionEntry 11 }
3299:
3300: ipspIpsecActDoActionLogging OBJECT-TYPE
3301: SYNTAX TruthValue
3302: MAX-ACCESS read-create
3303: STATUS current
3304: DESCRIPTION
3305: "ipspIpsecActDoActionLogging specifies whether or not an audit
3306: message should be logged when this ipsec SA is created."
3307: DEFVAL { false }
3308: ::= { ipspIpsecActionEntry 12 }
3309:
3310: ipspIpsecActDoPacketLogging OBJECT-TYPE
3311: SYNTAX IpspIPPacketLogging
3312: MAX-ACCESS read-create
3313: STATUS current
3314: DESCRIPTION
3315: "ipspIpsecActDoPacketLogging specifies whether or not an audit
3316: message should be logged and if there is logging, how many
3317: bytes of the packet to place in the notification."
3318: DEFVAL { -1 }
3319: ::= { ipspIpsecActionEntry 13 }
3320:
3321: ipspIpsecActLastChanged OBJECT-TYPE
3322: SYNTAX TimeStamp
3323: MAX-ACCESS read-only
3324: STATUS current
3325: DESCRIPTION
3326: "The value of sysUpTime when this row was last modified or
3327: created either through SNMP SETs or by some other external
3328: means."
3329: ::= { ipspIpsecActionEntry 14 }
3330:
3331: ipspIpsecActStorageType OBJECT-TYPE
3332: SYNTAX StorageType
3333: MAX-ACCESS read-create
3334: STATUS current
3335: DESCRIPTION
3336: "The storage type for this row. Rows in this table which were
3337: created through an external process may have a storage type
3338: of readOnly or permanent."
3339: DEFVAL { nonVolatile }
3340: ::= { ipspIpsecActionEntry 15 }
3341:
3342: ipspIpsecActRowStatus OBJECT-TYPE
3343: SYNTAX RowStatus
3344: MAX-ACCESS read-create
3345: STATUS current
3346: DESCRIPTION
3347: "This object indicates the conceptual status of this row.
3348:
3349: The value of this object has no effect on whether other
3350: objects in this conceptual row can be modified.
3351:
3352: If active, this object must remain active if it is referenced
3353: by a row in another table."
3354: ::= { ipspIpsecActionEntry 16 }
3355:
3356: --
3357: -- ipspIpsecProposalsTable
3358: --
3359:
3360:
3361: ipspIpsecProposalsTable OBJECT-TYPE
3362: SYNTAX SEQUENCE OF IpspIpsecProposalsEntry
3363: MAX-ACCESS not-accessible
3364: STATUS current
3365: DESCRIPTION
3366: "This table lists one or more IPsec proposals for
3367: IPsec actions."
3368: ::= { ipspConfigObjects 23 }
3369:
3370: ipspIpsecProposalsEntry OBJECT-TYPE
3371: SYNTAX IpspIpsecProposalsEntry
3372: MAX-ACCESS not-accessible
3373: STATUS current
3374: DESCRIPTION
3375: "An entry containing (possibly a portion of) a proposal."
3376: INDEX { ipspIpsecPropName, ipspIpsecPropPriority,
3377: ipspIpsecPropProtocolId }
3378: ::= { ipspIpsecProposalsTable 1 }
3379:
3380: IpspIpsecProposalsEntry ::= SEQUENCE {
3381: ipspIpsecPropName SnmpAdminString,
3382: ipspIpsecPropPriority Integer32,
3383: ipspIpsecPropProtocolId IpsecDoiSecProtocolId,
3384: ipspIpsecPropTransformsName SnmpAdminString,
3385: ipspIpsecPropLastChanged TimeStamp,
3386: ipspIpsecPropStorageType StorageType,
3387: ipspIpsecPropRowStatus RowStatus
3388: }
3389:
3390: ipspIpsecPropName OBJECT-TYPE
3391: SYNTAX SnmpAdminString (SIZE(1..32))
3392: MAX-ACCESS not-accessible
3393: STATUS current
3394: DESCRIPTION
3395: "The name of this proposal."
3396: ::= { ipspIpsecProposalsEntry 1 }
3397:
3398: ipspIpsecPropPriority OBJECT-TYPE
3399: SYNTAX Integer32 (0..65535)
3400: MAX-ACCESS not-accessible
3401: STATUS current
3402: DESCRIPTION
3403: "The priority level (AKA sequence level) of this proposal.
3404: A lower number indicates a higher precedence."
3405: ::= { ipspIpsecProposalsEntry 2 }
3406:
3407: ipspIpsecPropProtocolId OBJECT-TYPE
3408: SYNTAX IpsecDoiSecProtocolId
3409: MAX-ACCESS not-accessible
3410: STATUS current
3411: DESCRIPTION
3412: "The protocol Id for the transforms for this proposal. The
3413: protoIsakmp(1) value is not valid for this object.
3414: This object, along with the ipspIpsecPropTransformsName,
3415: is the index into the ipspIpsecTransformsTable."
3416: ::= { ipspIpsecProposalsEntry 3 }
3417:
3418: ipspIpsecPropTransformsName OBJECT-TYPE
3419: SYNTAX SnmpAdminString (SIZE(1..32))
3420: MAX-ACCESS read-create
3421: STATUS current
3422: DESCRIPTION
3423: "The name of the transform or group of transforms for this
3424: protocol. This object, along with the
3425: ipspIpsecPropProtocolId, is the index into the
3426: ipspIpsecTransformsTable."
3427: ::= { ipspIpsecProposalsEntry 4 }
3428:
3429: ipspIpsecPropLastChanged OBJECT-TYPE
3430: SYNTAX TimeStamp
3431: MAX-ACCESS read-only
3432: STATUS current
3433: DESCRIPTION
3434: "The value of sysUpTime when this row was last modified or
3435: created either through SNMP SETs or by some other external
3436: means."
3437: ::= { ipspIpsecProposalsEntry 5 }
3438:
3439: ipspIpsecPropStorageType OBJECT-TYPE
3440: SYNTAX StorageType
3441: MAX-ACCESS read-create
3442: STATUS current
3443: DESCRIPTION
3444: "The storage type for this row. Rows in this table which were
3445: created through an external process may have a storage type
3446: of readOnly or permanent."
3447: DEFVAL { nonVolatile }
3448: ::= { ipspIpsecProposalsEntry 6 }
3449:
3450: ipspIpsecPropRowStatus OBJECT-TYPE
3451: SYNTAX RowStatus
3452: MAX-ACCESS read-create
3453: STATUS current
3454: DESCRIPTION
3455: "This object indicates the conceptual status of this row.
3456:
3457: The value of this object has no effect on whether other
3458: objects in this conceptual row can be modified.
3459:
3460: This row may not be set to active until the corresponding row
3461: in the ipspIpsecTransformsTable exists and is active."
3462: ::= { ipspIpsecProposalsEntry 7 }
3463:
3464: --
3465: -- ipspIpsecTransformsTable
3466: --
3467:
3468:
3469: ipspIpsecTransformsTable OBJECT-TYPE
3470: SYNTAX SEQUENCE OF IpspIpsecTransformsEntry
3471: MAX-ACCESS not-accessible
3472: STATUS current
3473: DESCRIPTION
3474: "This table lists the IPsec proposals contained within a given
3475: IPsec action and the transforms within each of those
3476: proposals. These proposals and transforms can then be used
3477: to create phase 2 negotiation proposals."
3478: ::= { ipspConfigObjects 24 }
3479:
3480: ipspIpsecTransformsEntry OBJECT-TYPE
3481: SYNTAX IpspIpsecTransformsEntry
3482: MAX-ACCESS not-accessible
3483: STATUS current
3484: DESCRIPTION
3485: "An entry containing the information on an IPsec transform."
3486: INDEX { ipspIpsecTranType, ipspIpsecTranName,
3487: ipspIpsecTranPriority }
3488: ::= { ipspIpsecTransformsTable 1 }
3489:
3490: IpspIpsecTransformsEntry ::= SEQUENCE {
3491: ipspIpsecTranType IpsecDoiSecProtocolId,
3492: ipspIpsecTranName SnmpAdminString,
3493: ipspIpsecTranPriority Integer32,
3494: ipspIpsecTranTransformName SnmpAdminString,
3495: ipspIpsecTranLastChanged TimeStamp,
3496: ipspIpsecTranStorageType StorageType,
3497: ipspIpsecTranRowStatus RowStatus
3498: }
3499:
3500: ipspIpsecTranType OBJECT-TYPE
3501: SYNTAX IpsecDoiSecProtocolId
3502: MAX-ACCESS not-accessible
3503: STATUS current
3504: DESCRIPTION
3505: "The protocol type for this transform. The protoIsakmp(1)
3506: value is not valid for this object."
3507: ::= { ipspIpsecTransformsEntry 1 }
3508:
3509: ipspIpsecTranName OBJECT-TYPE
3510: SYNTAX SnmpAdminString (SIZE(1..32))
3511: MAX-ACCESS not-accessible
3512: STATUS current
3513: DESCRIPTION
3514: "The name for this transform or group of transforms."
3515: ::= { ipspIpsecTransformsEntry 2 }
3516:
3517: ipspIpsecTranPriority OBJECT-TYPE
3518: SYNTAX Integer32 (0..65535)
3519: MAX-ACCESS not-accessible
3520: STATUS current
3521: DESCRIPTION
3522: "The priority level (AKA sequence level) of the this transform
3523: within the group of transforms. This indicates the
3524: preference for which algorithms are requested when the list
3525: of transforms are sent to the remote host. A lower number
3526: indicates a higher precedence."
3527: ::= { ipspIpsecTransformsEntry 3 }
3528:
3529: ipspIpsecTranTransformName OBJECT-TYPE
3530: SYNTAX SnmpAdminString (SIZE(1..32))
3531: MAX-ACCESS read-create
3532: STATUS current
3533: DESCRIPTION
3534: "The name for the given transform. Depending on the value of
3535: ipspIpsecTranType, this value should be used to lookup the
3536: transform's specific parameters in the ipspAhTransformTable,
3537: the ipspEspTransformTable or the ipspIpcompTransformTable."
3538: ::= { ipspIpsecTransformsEntry 4 }
3539:
3540: ipspIpsecTranLastChanged OBJECT-TYPE
3541: SYNTAX TimeStamp
3542: MAX-ACCESS read-only
3543: STATUS current
3544: DESCRIPTION
3545: "The value of sysUpTime when this row was last modified or
3546: created either through SNMP SETs or by some other external
3547: means."
3548: ::= { ipspIpsecTransformsEntry 5 }
3549:
3550: ipspIpsecTranStorageType OBJECT-TYPE
3551: SYNTAX StorageType
3552: MAX-ACCESS read-create
3553: STATUS current
3554: DESCRIPTION
3555: "The storage type for this row. Rows in this table which were
3556: created through an external process may have a storage type
3557: of readOnly or permanent."
3558: DEFVAL { nonVolatile }
3559: ::= { ipspIpsecTransformsEntry 6 }
3560:
3561: ipspIpsecTranRowStatus OBJECT-TYPE
3562: SYNTAX RowStatus
3563: MAX-ACCESS read-create
3564: STATUS current
3565: DESCRIPTION
3566: "This object indicates the conceptual status of this row.
3567:
3568: The value of this object has no effect on whether other
3569: objects in this conceptual row can be modified.
3570:
3571: This row may not be set to active until the corresponding row
3572: in the ipspAhTransformTable, ipspEspTransformTable or the
3573: ipspIpcompTransformTable exists."
3574: ::= { ipspIpsecTransformsEntry 7 }
3575:
3576: --
3577: -- AH transform definition table
3578: --
3579:
3580:
3581: ipspAhTransformTable OBJECT-TYPE
3582: SYNTAX SEQUENCE OF IpspAhTransformEntry
3583: MAX-ACCESS not-accessible
3584: STATUS current
3585: DESCRIPTION
3586: "This table lists all the AH transforms which can be used to
3587: build IPsec proposals."
3588: ::= { ipspConfigObjects 25 }
3589:
3590: ipspAhTransformEntry OBJECT-TYPE
3591: SYNTAX IpspAhTransformEntry
3592: MAX-ACCESS not-accessible
3593: STATUS current
3594: DESCRIPTION
3595: "This entry contains the attributes of one AH transform."
3596: INDEX { ipspAhTranName }
3597: ::= { ipspAhTransformTable 1 }
3598:
3599: IpspAhTransformEntry ::= SEQUENCE {
3600: ipspAhTranName SnmpAdminString,
3601: ipspAhTranMaxLifetimeSec Unsigned32,
3602: ipspAhTranMaxLifetimeKB Unsigned32,
3603: ipspAhTranAlgorithm IpsecDoiAuthAlgorithm,
3604: ipspAhTranReplayProtection TruthValue,
3605: ipspAhTranReplayWindowSize Unsigned32,
3606: ipspAhTranLastChanged TimeStamp,
3607: ipspAhTranStorageType StorageType,
3608: ipspAhTranRowStatus RowStatus
3609: }
3610:
3611: ipspAhTranName OBJECT-TYPE
3612: SYNTAX SnmpAdminString (SIZE(1..32))
3613: MAX-ACCESS not-accessible
3614: STATUS current
3615: DESCRIPTION
3616: "This object contains the name of this AH transform. This row
3617: will be referred to by an ipspIpsecTransformsEntry."
3618: ::= { ipspAhTransformEntry 1 }
3619:
3620: ipspAhTranMaxLifetimeSec OBJECT-TYPE
3621: SYNTAX Unsigned32
3622: MAX-ACCESS read-create
3623: STATUS current
3624: DESCRIPTION
3625: "ipspAhTranMaxLifetimeSec specifies how long in seconds the
3626: security association derived from this transform should be
3627: used.
3628:
3629: A value of 0 indicates that the default lifetime of
3630: 8 hours should be used."
3631: ::= { ipspAhTransformEntry 2 }
3632:
3633: ipspAhTranMaxLifetimeKB OBJECT-TYPE
3634: SYNTAX Unsigned32
3635: MAX-ACCESS read-create
3636: STATUS current
3637: DESCRIPTION
3638: "ipspAhTranMaxLifetimeKB specifies how long in kilobytes the
3639: security association derived from this transform should be
3640: used."
3641: ::= { ipspAhTransformEntry 3 }
3642:
3643: ipspAhTranAlgorithm OBJECT-TYPE
3644: SYNTAX IpsecDoiAuthAlgorithm
3645: MAX-ACCESS read-create
3646: STATUS current
3647: DESCRIPTION
3648: "This object specifies the AH algorithm for this transform."
3649: ::= { ipspAhTransformEntry 4 }
3650:
3651: ipspAhTranReplayProtection OBJECT-TYPE
3652: SYNTAX TruthValue
3653: MAX-ACCESS read-create
3654: STATUS current
3655: DESCRIPTION
3656: "ipspAhTranReplayProtection indicates whether or not anti replay
3657: service is to be provided by this SA."
3658: ::= { ipspAhTransformEntry 5 }
3659:
3660: ipspAhTranReplayWindowSize OBJECT-TYPE
3661: SYNTAX Unsigned32
3662: MAX-ACCESS read-create
3663: STATUS current
3664: DESCRIPTION
3665: "ipspAhTranReplayWindowSize indicates the size, in bits, of
3666: the replay window to use if replay protection is true for
3667: this transform. The window size is assumed to be a power of
3668: two. If Replay Protection is false, this value can be
3669: ignored."
3670: ::= { ipspAhTransformEntry 6 }
3671:
3672: ipspAhTranLastChanged OBJECT-TYPE
3673: SYNTAX TimeStamp
3674: MAX-ACCESS read-only
3675: STATUS current
3676: DESCRIPTION
3677: "The value of sysUpTime when this row was last modified or
3678: created either through SNMP SETs or by some other external
3679: means."
3680: ::= { ipspAhTransformEntry 7 }
3681:
3682: ipspAhTranStorageType OBJECT-TYPE
3683: SYNTAX StorageType
3684: MAX-ACCESS read-create
3685: STATUS current
3686: DESCRIPTION
3687: "The storage type for this row. Rows in this table which were
3688: created through an external process may have a storage type
3689: of readOnly or permanent."
3690: DEFVAL { nonVolatile }
3691: ::= { ipspAhTransformEntry 8 }
3692:
3693: ipspAhTranRowStatus OBJECT-TYPE
3694: SYNTAX RowStatus
3695: MAX-ACCESS read-create
3696: STATUS current
3697: DESCRIPTION
3698: "This object indicates the conceptual status of this row.
3699:
3700: The value of this object has no effect on whether other
3701: objects in this conceptual row can be modified.
3702:
3703: If active, this object must remain active if it is referenced
3704: by a row in another table."
3705: ::= { ipspAhTransformEntry 9 }
3706:
3707:
3708: --
3709: -- ESP transform definition table
3710: --
3711:
3712:
3713: ipspEspTransformTable OBJECT-TYPE
3714: SYNTAX SEQUENCE OF IpspEspTransformEntry
3715: MAX-ACCESS not-accessible
3716: STATUS current
3717: DESCRIPTION
3718: "This table lists all the ESP transforms which can be used to
3719: build IPsec proposals"
3720: ::= { ipspConfigObjects 26 }
3721:
3722: ipspEspTransformEntry OBJECT-TYPE
3723: SYNTAX IpspEspTransformEntry
3724: MAX-ACCESS not-accessible
3725: STATUS current
3726: DESCRIPTION
3727: "This entry contains the attributes of one ESP transform."
3728: INDEX { ipspEspTranName }
3729: ::= { ipspEspTransformTable 1 }
3730:
3731: IpspEspTransformEntry ::= SEQUENCE {
3732: ipspEspTranName SnmpAdminString,
3733: ipspEspTranMaxLifetimeSec Unsigned32,
3734: ipspEspTranMaxLifetimeKB Unsigned32,
3735: ipspEspTranCipherTransformId IpsecDoiEspTransform,
3736: ipspEspTranCipherKeyLength Unsigned32,
3737: ipspEspTranCipherKeyRounds Unsigned32,
3738: ipspEspTranIntegrityAlgorithmId IpsecDoiAuthAlgorithm,
3739: ipspEspTranReplayPrevention TruthValue,
3740: ipspEspTranReplayWindowSize Unsigned32,
3741: ipspEspTranLastChanged TimeStamp,
3742: ipspEspTranStorageType StorageType,
3743: ipspEspTranRowStatus RowStatus
3744: }
3745:
3746: ipspEspTranName OBJECT-TYPE
3747: SYNTAX SnmpAdminString (SIZE(1..32))
3748: MAX-ACCESS not-accessible
3749: STATUS current
3750: DESCRIPTION
3751: "The name of this particular espTransform be referred to by an
3752: ipspIpsecTransformsEntry."
3753: ::= { ipspEspTransformEntry 1 }
3754:
3755: ipspEspTranMaxLifetimeSec OBJECT-TYPE
3756: SYNTAX Unsigned32
3757: MAX-ACCESS read-create
3758: STATUS current
3759: DESCRIPTION
3760: "ipspEspTranMaxLifetimeSec specifies how long in seconds the
3761: security association derived from this transform should be
3762: used.
3763:
3764: A value of 0 indicates that the default lifetime of
3765: 8 hours should be used."
3766: ::= { ipspEspTransformEntry 2 }
3767:
3768: ipspEspTranMaxLifetimeKB OBJECT-TYPE
3769: SYNTAX Unsigned32
3770: MAX-ACCESS read-create
3771: STATUS current
3772: DESCRIPTION
3773: "ipspEspTranMaxLifetimeKB specifies how long in kilobytes the
3774: security association derived from this transform should be
3775: used."
3776: ::= { ipspEspTransformEntry 3 }
3777:
3778: ipspEspTranCipherTransformId OBJECT-TYPE
3779: SYNTAX IpsecDoiEspTransform
3780: MAX-ACCESS read-create
3781: STATUS current
3782: DESCRIPTION
3783: "This object specifies the transform ID of the ESP cipher
3784: algorithm."
3785: ::= { ipspEspTransformEntry 4 }
3786:
3787:
3788: ipspEspTranCipherKeyLength OBJECT-TYPE
3789: SYNTAX Unsigned32
3790: MAX-ACCESS read-create
3791: STATUS current
3792: DESCRIPTION
3793: "This object specifies, in bits, the key length for
3794: the ESP cipher algorithm."
3795: ::= { ipspEspTransformEntry 5 }
3796:
3797: ipspEspTranCipherKeyRounds OBJECT-TYPE
3798: SYNTAX Unsigned32
3799: MAX-ACCESS read-create
3800: STATUS current
3801: DESCRIPTION
3802: "This object specifies the number of key rounds for
3803: the ESP cipher algorithm."
3804: ::= { ipspEspTransformEntry 6 }
3805:
3806: ipspEspTranIntegrityAlgorithmId OBJECT-TYPE
3807: SYNTAX IpsecDoiAuthAlgorithm
3808: MAX-ACCESS read-create
3809: STATUS current
3810: DESCRIPTION
3811: "This object specifies the ESP integrity algorithm ID."
3812: ::= { ipspEspTransformEntry 7 }
3813:
3814: ipspEspTranReplayPrevention OBJECT-TYPE
3815: SYNTAX TruthValue
3816: MAX-ACCESS read-create
3817: STATUS current
3818: DESCRIPTION
3819: "ipspEspTranReplayPrevention indicates whether or not
3820: anti-replay service is to be provided by this SA."
3821: ::= { ipspEspTransformEntry 8 }
3822:
3823: ipspEspTranReplayWindowSize OBJECT-TYPE
3824: SYNTAX Unsigned32
3825: MAX-ACCESS read-create
3826: STATUS current
3827: DESCRIPTION
3828: "ipspEspTranReplayWindowSize indicates the size, in bits, of
3829: the replay window to use if replay protection is true for
3830: this transform. The window size is assumed to be a power of
3831: two. If Replay Protection is false, this value can be
3832: ignored."
3833: ::= { ipspEspTransformEntry 9 }
3834:
3835: ipspEspTranLastChanged OBJECT-TYPE
3836: SYNTAX TimeStamp
3837: MAX-ACCESS read-only
3838: STATUS current
3839: DESCRIPTION
3840: "The value of sysUpTime when this row was last modified or
3841: created either through SNMP SETs or by some other external
3842: means."
3843: ::= { ipspEspTransformEntry 10 }
3844:
3845: ipspEspTranStorageType OBJECT-TYPE
3846: SYNTAX StorageType
3847: MAX-ACCESS read-create
3848: STATUS current
3849: DESCRIPTION
3850: "The storage type for this row. Rows in this table which were
3851: created through an external process may have a storage type
3852: of readOnly or permanent."
3853: DEFVAL { nonVolatile }
3854: ::= { ipspEspTransformEntry 11 }
3855:
3856: ipspEspTranRowStatus OBJECT-TYPE
3857: SYNTAX RowStatus
3858: MAX-ACCESS read-create
3859: STATUS current
3860: DESCRIPTION
3861: "This object indicates the conceptual status of this row.
3862:
3863: The value of this object has no effect on whether other
3864: objects in this conceptual row can be modified.
3865:
3866: If active, this object must remain active if it is referenced
3867: by a row in another table."
3868: ::= { ipspEspTransformEntry 12 }
3869:
3870:
3871: --
3872: -- IP compression transform definition table
3873: --
3874:
3875:
3876: ipspIpcompTransformTable OBJECT-TYPE
3877: SYNTAX SEQUENCE OF IpspIpcompTransformEntry
3878: MAX-ACCESS not-accessible
3879: STATUS current
3880: DESCRIPTION
3881: "This table lists all the IP compression transforms which
3882: can be used to build IPsec proposals during negotiation of
3883: a phase 2 SA."
3884: ::= { ipspConfigObjects 27 }
3885:
3886: ipspIpcompTransformEntry OBJECT-TYPE
3887: SYNTAX IpspIpcompTransformEntry
3888: MAX-ACCESS not-accessible
3889: STATUS current
3890: DESCRIPTION
3891: "This entry contains the attributes of one IP compression
3892: transform."
3893: INDEX { ipspIpcompTranName }
3894: ::= { ipspIpcompTransformTable 1 }
3895:
3896: IpspIpcompTransformEntry ::= SEQUENCE {
3897: ipspIpcompTranName SnmpAdminString,
3898: ipspIpcompTranMaxLifetimeSec Unsigned32,
3899: ipspIpcompTranMaxLifetimeKB Unsigned32,
3900: ipspIpcompTranAlgorithm IpsecDoiIpcompTransform,
3901: ipspIpcompTranDictionarySize Unsigned32,
3902: ipspIpcompTranPrivateAlgorithm Unsigned32,
3903: ipspIpcompTranLastChanged TimeStamp,
3904: ipspIpcompTranStorageType StorageType,
3905: ipspIpcompTranRowStatus RowStatus
3906: }
3907:
3908: ipspIpcompTranName OBJECT-TYPE
3909: SYNTAX SnmpAdminString (SIZE(1..32))
3910: MAX-ACCESS not-accessible
3911: STATUS current
3912: DESCRIPTION
3913: "The name of this ipspIpcompTransformEntry."
3914: ::= { ipspIpcompTransformEntry 1 }
3915:
3916: ipspIpcompTranMaxLifetimeSec OBJECT-TYPE
3917: SYNTAX Unsigned32
3918: MAX-ACCESS read-create
3919: STATUS current
3920: DESCRIPTION
3921: "ipspIpcompTranMaxLifetimeSec specifies how long in seconds
3922: the security association derived from this transform should
3923: be used.
3924:
3925: A value of 0 indicates that the default lifetime of
3926: 8 hours should be used."
3927: ::= { ipspIpcompTransformEntry 2 }
3928:
3929: ipspIpcompTranMaxLifetimeKB OBJECT-TYPE
3930: SYNTAX Unsigned32
3931: MAX-ACCESS read-create
3932: STATUS current
3933: DESCRIPTION
3934: "ipspIpcompTranMaxLifetimeKB specifies how long in kilobytes
3935: the security association derived from this transform should
3936: be used."
3937: ::= { ipspIpcompTransformEntry 3 }
3938:
3939: ipspIpcompTranAlgorithm OBJECT-TYPE
3940: SYNTAX IpsecDoiIpcompTransform
3941: MAX-ACCESS read-create
3942: STATUS current
3943: DESCRIPTION
3944: "ipspIpcompTranAlgorithm specifies the transform ID of the IP
3945: compression algorithm."
3946: ::= { ipspIpcompTransformEntry 4 }
3947:
3948: ipspIpcompTranDictionarySize OBJECT-TYPE
3949: SYNTAX Unsigned32
3950: MAX-ACCESS read-create
3951: STATUS current
3952: DESCRIPTION
3953: "If the algorithm in ipspIpcompTranAlgorithm requires a
3954: dictionary size configuration parameter, then this is the
3955: place to put it. This object specifies the log2 maximum size
3956: of the dictionary for the compression algorithm."
3957: ::= { ipspIpcompTransformEntry 5 }
3958:
3959: ipspIpcompTranPrivateAlgorithm OBJECT-TYPE
3960: SYNTAX Unsigned32
3961: MAX-ACCESS read-create
3962: STATUS current
3963: DESCRIPTION
3964: "If ipspIpcompTranPrivateAlgorithm has a value other zero,
3965: then it is up to the vendors implementation to determine the
3966: meaning of this field and substitute a data compression
3967: algorithm in place of ipspIpcompTranAlgorithm."
3968: ::= { ipspIpcompTransformEntry 6 }
3969:
3970: ipspIpcompTranLastChanged OBJECT-TYPE
3971: SYNTAX TimeStamp
3972: MAX-ACCESS read-only
3973: STATUS current
3974: DESCRIPTION
3975: "The value of sysUpTime when this row was last modified or
3976: created either through SNMP SETs or by some other external
3977: means."
3978: ::= { ipspIpcompTransformEntry 7 }
3979:
3980: ipspIpcompTranStorageType OBJECT-TYPE
3981: SYNTAX StorageType
3982: MAX-ACCESS read-create
3983: STATUS current
3984: DESCRIPTION
3985: "The storage type for this row. Rows in this table which were
3986: created through an external process may have a storage type
3987: of readOnly or permanent."
3988: DEFVAL { nonVolatile }
3989: ::= { ipspIpcompTransformEntry 8 }
3990:
3991: ipspIpcompTranRowStatus OBJECT-TYPE
3992: SYNTAX RowStatus
3993: MAX-ACCESS read-create
3994: STATUS current
3995: DESCRIPTION
3996: "This object indicates the conceptual status of this row.
3997:
3998: The value of this object has no effect on whether other
3999: objects in this conceptual row can be modified.
4000:
4001: If active, this object must remain active if it is referenced
4002: by a row in another table."
4003: ::= { ipspIpcompTransformEntry 9 }
4004:
4005:
4006: --
4007: -- IKE identity definition table
4008: --
4009:
4010:
4011: ipspIkeIdentityTable OBJECT-TYPE
4012: SYNTAX SEQUENCE OF IpspIkeIdentityEntry
4013: MAX-ACCESS not-accessible
4014: STATUS current
4015: DESCRIPTION
4016: "IKEIdentity is used to represent the identities that may be
4017: used for an IPProtocolEndpoint (or collection of
4018: IPProtocolEndpoints) to identify itself in IKE phase 1
4019: negotiations. The column ikeIdentityName in an
4020: ipspIkeActionEntry together with the ipspEndGroupIdentType
4021: and the ipspEndGroupAddress in the PolicyEndpointToGroupTable
4022: specifies the unique identity to use in a negotiation
4023: exchange."
4024: ::= { ipspConfigObjects 28 }
4025:
4026: ipspIkeIdentityEntry OBJECT-TYPE
4027: SYNTAX IpspIkeIdentityEntry
4028: MAX-ACCESS not-accessible
4029: STATUS current
4030: DESCRIPTION
4031: "ikeIdentity lists the attributes of an IKE identity."
4032: INDEX { ipspEndGroupIdentType, ipspEndGroupAddress,
4033: ipspIkeActIdentityType, ipspIkeActIdentityContext }
4034: ::= { ipspIkeIdentityTable 1 }
4035:
4036: IpspIkeIdentityEntry ::= SEQUENCE {
4037: ipspIkeIdCredentialName SnmpAdminString,
4038: ipspIkeIdLastChanged TimeStamp,
4039: ipspIkeIdStorageType StorageType,
4040: ipspIkeIdRowStatus RowStatus
4041: }
4042:
4043: ipspIkeIdCredentialName OBJECT-TYPE
4044: SYNTAX SnmpAdminString (SIZE(0..32))
4045: MAX-ACCESS read-create
4046: STATUS current
4047: DESCRIPTION
4048: "This value is used as an index into the ipspCredentialTable to
4049: look up the actual credential value and other credential
4050: information.
4051:
4052: For ID's without associated credential information, this
4053: value is left blank.
4054:
4055: For ID's that are address types, this value may be left blank
4056: and the associated IPProtocolEndpoint or appropriate member
4057: of the Collection of endpoints is used."
4058: ::= { ipspIkeIdentityEntry 1 }
4059:
4060: ipspIkeIdLastChanged OBJECT-TYPE
4061: SYNTAX TimeStamp
4062: MAX-ACCESS read-only
4063: STATUS current
4064: DESCRIPTION
4065: "The value of sysUpTime when this row was last modified or
4066: created either through SNMP SETs or by some other external
4067: means."
4068: ::= { ipspIkeIdentityEntry 2 }
4069:
4070: ipspIkeIdStorageType OBJECT-TYPE
4071: SYNTAX StorageType
4072: MAX-ACCESS read-create
4073: STATUS current
4074: DESCRIPTION
4075: "The storage type for this row. Rows in this table which were
4076: created through an external process may have a storage type
4077: of readOnly or permanent."
4078: DEFVAL { nonVolatile }
4079: ::= { ipspIkeIdentityEntry 3 }
4080:
4081: ipspIkeIdRowStatus OBJECT-TYPE
4082: SYNTAX RowStatus
4083: MAX-ACCESS read-create
4084: STATUS current
4085: DESCRIPTION
4086: "This object indicates the conceptual status of this row.
4087:
4088: The value of this object has no effect on whether other
4089: objects in this conceptual row can be modified.
4090:
4091: If active, this object must remain active if it is referenced
4092: by a row in another table."
4093: ::= { ipspIkeIdentityEntry 4 }
4094:
4095:
4096: --
4097: -- Peer Identity Table
4098: --
4099:
4100:
4101: ipspPeerIdentityTable OBJECT-TYPE
4102: SYNTAX SEQUENCE OF IpspPeerIdentityEntry
4103: MAX-ACCESS not-accessible
4104: STATUS current
4105: DESCRIPTION
4106: "PeerIdentity is used to represent the identities that may be
4107: used for peers to identify themselves in IKE phase I/II
4108: negotiations. PeerIdentityTable aggregates the table entries
4109: that provide mappings between identities and their
4110: addresses."
4111: ::= { ipspConfigObjects 29 }
4112:
4113: ipspPeerIdentityEntry OBJECT-TYPE
4114: SYNTAX IpspPeerIdentityEntry
4115: MAX-ACCESS not-accessible
4116: STATUS current
4117: DESCRIPTION
4118: "peerIdentity matches a peer's identity to its address."
4119: INDEX { ipspPeerIdName, ipspPeerIdPriority }
4120: ::= { ipspPeerIdentityTable 1 }
4121:
4122: IpspPeerIdentityEntry ::= SEQUENCE {
4123: ipspPeerIdName SnmpAdminString,
4124: ipspPeerIdPriority Integer32,
4125: ipspPeerIdType IpsecDoiIdentType,
4126: ipspPeerIdValue IpspIdentityFilter,
4127: ipspPeerIdAddressType InetAddressType,
4128: ipspPeerIdAddress InetAddress,
4129: ipspPeerIdCredentialName SnmpAdminString,
4130: ipspPeerIdLastChanged TimeStamp,
4131: ipspPeerIdStorageType StorageType,
4132: ipspPeerIdRowStatus RowStatus
4133: }
4134:
4135: ipspPeerIdName OBJECT-TYPE
4136: SYNTAX SnmpAdminString (SIZE(1..32))
4137: MAX-ACCESS not-accessible
4138: STATUS current
4139: DESCRIPTION
4140: "This is an administratively assigned value that, together
4141: with ipspPeerIdPriority, uniquely identifies an entry in this
4142: table."
4143: ::= { ipspPeerIdentityEntry 1 }
4144:
4145: ipspPeerIdPriority OBJECT-TYPE
4146: SYNTAX Integer32 (0..2147483647)
4147: MAX-ACCESS not-accessible
4148: STATUS current
4149: DESCRIPTION
4150: "This object, along with ipspPeerIdName, uniquely identifies an
4151: entry in this table. The priority also indicates the order
4152: of peer gateways to initiate or accept SAs from (i.e. try
4153: until success)."
4154: ::= { ipspPeerIdentityEntry 2 }
4155:
4156: ipspPeerIdType OBJECT-TYPE
4157: SYNTAX IpsecDoiIdentType
4158: MAX-ACCESS read-create
4159: STATUS current
4160: DESCRIPTION
4161: "ipspPeerIdType is an enumeration identifying the type of the
4162: Identity value."
4163: ::= { ipspPeerIdentityEntry 3 }
4164:
4165: ipspPeerIdValue OBJECT-TYPE
4166: SYNTAX IpspIdentityFilter
4167: MAX-ACCESS read-create
4168: STATUS current
4169: DESCRIPTION
4170: "ipspPeerIdValue contains an Identity filter to be used to match
4171: against the identity payload in an IKE request. If this value
4172: matches the value in the identity payload, the credential for
4173: the peer can be found using the ipspPeerIdCredentialName as
4174: an index into the credential table."
4175: ::= { ipspPeerIdentityEntry 4 }
4176:
4177: ipspPeerIdAddressType OBJECT-TYPE
4178: SYNTAX InetAddressType
4179: MAX-ACCESS read-create
4180: STATUS current
4181: DESCRIPTION
4182: "The property ipspPeerIdAddressType specifies the format of the
4183: ipspPeerIdAddress property value."
4184: ::= { ipspPeerIdentityEntry 5 }
4185:
4186: ipspPeerIdAddress OBJECT-TYPE
4187: SYNTAX InetAddress
4188: MAX-ACCESS read-create
4189: STATUS current
4190: DESCRIPTION
4191: "The property PeerAddress specifies the IP address of the
4192: peer. The format is specified by the ipspPeerIdAddressType.
4193:
4194: Values of unknown, ipv4z, ipv6z and dns are not legal values
4195: for this object."
4196: ::= { ipspPeerIdentityEntry 6 }
4197:
4198: ipspPeerIdCredentialName OBJECT-TYPE
4199: SYNTAX SnmpAdminString (SIZE(0..32))
4200: MAX-ACCESS read-create
4201: STATUS current
4202: DESCRIPTION
4203: "This value is used as an index into the ipspCredentialTable to
4204: look up the actual credential value and other credential
4205: information. For peer IDs that have no associated credential
4206: information, this value is left blank."
4207: ::= { ipspPeerIdentityEntry 7 }
4208:
4209: ipspPeerIdLastChanged OBJECT-TYPE
4210: SYNTAX TimeStamp
4211: MAX-ACCESS read-only
4212: STATUS current
4213: DESCRIPTION
4214: "The value of sysUpTime when this row was last modified or
4215: created either through SNMP SETs or by some other external
4216: means."
4217: ::= { ipspPeerIdentityEntry 8 }
4218:
4219: ipspPeerIdStorageType OBJECT-TYPE
4220: SYNTAX StorageType
4221: MAX-ACCESS read-create
4222: STATUS current
4223: DESCRIPTION
4224: "The storage type for this row. Rows in this table which were
4225: created through an external process may have a storage type
4226: of readOnly or permanent."
4227: DEFVAL { nonVolatile }
4228: ::= { ipspPeerIdentityEntry 9 }
4229:
4230: ipspPeerIdRowStatus OBJECT-TYPE
4231: SYNTAX RowStatus
4232: MAX-ACCESS read-create
4233: STATUS current
4234: DESCRIPTION
4235: "This object indicates the conceptual status of this row.
4236:
4237: The value of this object has no effect on whether other
4238: objects in this conceptual row can be modified.
4239:
4240: If active, this object must remain active if it is referenced
4241: by a row in another table."
4242: ::= { ipspPeerIdentityEntry 10 }
4243:
4244:
4245: --
4246: -- autostart IKE Table
4247: --
4248: ipspAutostartIkeTable OBJECT-TYPE
4249: SYNTAX SEQUENCE OF IpspAutostartIkeEntry
4250: MAX-ACCESS not-accessible
4251: STATUS current
4252: DESCRIPTION
4253: "The parameters in the autostart IKE Table are used to
4254: automatically initiate IKE phaes I and II (i.e. IPsec)
4255: negotiations on startup. It also will initiate IKE phase I
4256: and II negotiations for a row at the time of that row's
4257: creation"
4258: ::= { ipspConfigObjects 30 }
4259:
4260: ipspAutostartIkeEntry OBJECT-TYPE
4261: SYNTAX IpspAutostartIkeEntry
4262: MAX-ACCESS not-accessible
4263: STATUS current
4264: DESCRIPTION
4265: "autostart ike provides the set of parameters to automatically
4266: start IKE and IPsec SA's."
4267: INDEX { ipspAutoIkePriority }
4268: ::= { ipspAutostartIkeTable 1 }
4269:
4270: IpspAutostartIkeEntry ::= SEQUENCE {
4271: ipspAutoIkePriority Integer32,
4272: ipspAutoIkeAction VariablePointer,
4273: ipspAutoIkeAddressType InetAddressType,
4274: ipspAutoIkeSourceAddress InetAddress,
4275: ipspAutoIkeSourcePort InetPortNumber,
4276: ipspAutoIkeDestAddress InetAddress,
4277: ipspAutoIkeDestPort InetPortNumber,
4278: ipspAutoIkeProtocol Unsigned32,
4279: ipspAutoIkeLastChanged TimeStamp,
4280: ipspAutoIkeStorageType StorageType,
4281: ipspAutoIkeRowStatus RowStatus
4282: }
4283:
4284: ipspAutoIkePriority OBJECT-TYPE
4285: SYNTAX Integer32 (0..65535)
4286: MAX-ACCESS not-accessible
4287: STATUS current
4288: DESCRIPTION
4289: "ipspAutoIkePriority is an index into the autostartIkeAction
4290: table and can be used to order the autostart IKE actions."
4291: ::= { ipspAutostartIkeEntry 1 }
4292:
4293: ipspAutoIkeAction OBJECT-TYPE
4294: SYNTAX VariablePointer
4295: MAX-ACCESS read-create
4296: STATUS current
4297: DESCRIPTION
4298: "This pointer is used to point to the action or compound
4299: action that should be initiated by this row."
4300: ::= { ipspAutostartIkeEntry 2 }
4301:
4302: ipspAutoIkeAddressType OBJECT-TYPE
4303: SYNTAX InetAddressType
4304: MAX-ACCESS read-create
4305: STATUS current
4306: DESCRIPTION
4307: "The property ipspAutoIkeAddressType specifies the format of the
4308: autoIke source and destination Address values.
4309:
4310: Values of unknown, ipv4z, ipv6z and dns are not legal values
4311: for this object."
4312: ::= { ipspAutostartIkeEntry 3 }
4313:
4314: ipspAutoIkeSourceAddress OBJECT-TYPE
4315: SYNTAX InetAddress
4316: MAX-ACCESS read-create
4317: STATUS current
4318: DESCRIPTION
4319: "The property autoIkeSourecAddress specifies Source IP address
4320: for autostarting IKE SA's, formatted according to the
4321: appropriate convention as defined in the
4322: ipspAutoIkeAddressType property."
4323: ::= { ipspAutostartIkeEntry 4 }
4324:
4325: ipspAutoIkeSourcePort OBJECT-TYPE
4326: SYNTAX InetPortNumber
4327: MAX-ACCESS read-create
4328: STATUS current
4329: DESCRIPTION
4330: "The property ipspAutoIkeSourcePort specifies the port number
4331: for the source port for auotstarting IKE SA's.
4332:
4333: The value of 0 for this object is illegal."
4334: ::= { ipspAutostartIkeEntry 5 }
4335:
4336: ipspAutoIkeDestAddress OBJECT-TYPE
4337: SYNTAX InetAddress
4338: MAX-ACCESS read-create
4339: STATUS current
4340: DESCRIPTION
4341: "The property ipspAutoIkeDestAddress specifies the Destination
4342: IP address for autostarting IKE SA's, formatted according to
4343: the appropriate convention as defined in the
4344: ipspAutoIkeAddressType property."
4345: ::= { ipspAutostartIkeEntry 6 }
4346:
4347: ipspAutoIkeDestPort OBJECT-TYPE
4348: SYNTAX InetPortNumber
4349: MAX-ACCESS read-create
4350: STATUS current
4351: DESCRIPTION
4352: "The property ipspAutoIkeDestPort specifies the port number for
4353: the destination port for auotstarting IKE SA's.
4354:
4355: The value of 0 for this object is illegal."
4356: ::= { ipspAutostartIkeEntry 7 }
4357:
4358: ipspAutoIkeProtocol OBJECT-TYPE
4359: SYNTAX Unsigned32 (0..255)
4360: MAX-ACCESS read-create
4361: STATUS current
4362: DESCRIPTION
4363: "The property Protocol specifies the protocol number used in
4364: comparing with policy filter entries and used in any phase 2
4365: negotiations."
4366: ::= { ipspAutostartIkeEntry 8 }
4367:
4368: ipspAutoIkeLastChanged OBJECT-TYPE
4369: SYNTAX TimeStamp
4370: MAX-ACCESS read-only
4371: STATUS current
4372: DESCRIPTION
4373: "The value of sysUpTime when this row was last modified or
4374: created either through SNMP SETs or by some other external
4375: means."
4376: ::= { ipspAutostartIkeEntry 9 }
4377:
4378: ipspAutoIkeStorageType OBJECT-TYPE
4379: SYNTAX StorageType
4380: MAX-ACCESS read-create
4381: STATUS current
4382: DESCRIPTION
4383: "The storage type for this row. Rows in this table which were
4384: created through an external process may have a storage type
4385: of readOnly or permanent."
4386: DEFVAL { nonVolatile }
4387: ::= { ipspAutostartIkeEntry 10 }
4388:
4389: ipspAutoIkeRowStatus OBJECT-TYPE
4390: SYNTAX RowStatus
4391: MAX-ACCESS read-create
4392: STATUS current
4393: DESCRIPTION
4394: "This object indicates the conceptual status of this row.
4395:
4396: The value of this object has no effect on whether other
4397: objects in this conceptual row can be modified."
4398:
4399: ::= { ipspAutostartIkeEntry 11 }
4400:
4401:
4402: --
4403: -- CA Table
4404: --
4405:
4406: ipspIpsecCredMngServiceTable OBJECT-TYPE
4407: SYNTAX SEQUENCE OF IpspIpsecCredMngServiceEntry
4408: MAX-ACCESS not-accessible
4409: STATUS current
4410: DESCRIPTION
4411: "A table of Credential Management Service values. This table
4412: is usually used for credential/certificate values that are
4413: used with a management service (e.g. Certificate
4414: Authorities)."
4415: ::= { ipspConfigObjects 31 }
4416:
4417: ipspIpsecCredMngServiceEntry OBJECT-TYPE
4418: SYNTAX IpspIpsecCredMngServiceEntry
4419: MAX-ACCESS not-accessible
4420: STATUS current
4421: DESCRIPTION
4422: "A row in the ipspIpsecCredMngServiceTable."
4423: INDEX { ipspIcmsName }
4424: ::= { ipspIpsecCredMngServiceTable 1 }
4425:
4426: IpspIpsecCredMngServiceEntry ::= SEQUENCE {
4427: ipspIcmsName SnmpAdminString,
4428: ipspIcmsDistinguishedName OCTET STRING,
4429: ipspIcmsPolicyStatement OCTET STRING,
4430: ipspIcmsMaxChainLength Integer32,
4431: ipspIcmsCredentialName SnmpAdminString,
4432: ipspIcmsLastChanged TimeStamp,
4433: ipspIcmsStorageType StorageType,
4434: ipspIcmsRowStatus RowStatus
4435: }
4436:
4437: ipspIcmsName OBJECT-TYPE
4438: SYNTAX SnmpAdminString(SIZE(1..32))
4439: MAX-ACCESS not-accessible
4440: STATUS current
4441: DESCRIPTION
4442: "This is an administratively assigned string used to index
4443: this table."
4444: ::= { ipspIpsecCredMngServiceEntry 1 }
4445:
4446: ipspIcmsDistinguishedName OBJECT-TYPE
4447: SYNTAX OCTET STRING (SIZE(1..256))
4448: MAX-ACCESS read-create
4449: STATUS current
4450: DESCRIPTION
4451: "This value represents the Distinguished Name of the
4452: Credential Management Service."
4453: ::= { ipspIpsecCredMngServiceEntry 2 }
4454:
4455: ipspIcmsPolicyStatement OBJECT-TYPE
4456: SYNTAX OCTET STRING (SIZE(0..1024))
4457: MAX-ACCESS read-create
4458: STATUS current
4459: DESCRIPTION
4460: "This Value represents the Credential Management Service
4461: Policy Statement, or a reference describing how to obtain it
4462: (e.g., a URL). If one doesn't exist, this value can be left
4463: blank"
4464: ::= { ipspIpsecCredMngServiceEntry 3 }
4465:
4466: ipspIcmsMaxChainLength OBJECT-TYPE
4467: SYNTAX Integer32 (0..255)
4468: MAX-ACCESS read-create
4469: STATUS current
4470: DESCRIPTION
4471: "This value is the maximum length of the chain allowble from
4472: the Credential Management Service to the credential in
4473: question."
4474: DEFVAL { 0 }
4475: ::= { ipspIpsecCredMngServiceEntry 4}
4476:
4477: ipspIcmsCredentialName OBJECT-TYPE
4478: SYNTAX SnmpAdminString (SIZE(0..32))
4479: MAX-ACCESS read-create
4480: STATUS current
4481: DESCRIPTION
4482: "This value is used as an index into the ipspCredentialTable
4483: to look up the actual credential value."
4484: ::= { ipspIpsecCredMngServiceEntry 5 }
4485:
4486: ipspIcmsLastChanged OBJECT-TYPE
4487: SYNTAX TimeStamp
4488: MAX-ACCESS read-only
4489: STATUS current
4490: DESCRIPTION
4491: "The value of sysUpTime when this row was last modified or
4492: created either through SNMP SETs or by some other external
4493: means."
4494: ::= { ipspIpsecCredMngServiceEntry 6 }
4495:
4496: ipspIcmsStorageType OBJECT-TYPE
4497: SYNTAX StorageType
4498: MAX-ACCESS read-create
4499: STATUS current
4500: DESCRIPTION
4501: "The storage type for this row. Rows in this table which were
4502: created through an external process may have a storage type
4503: of readOnly or permanent."
4504: DEFVAL { nonVolatile }
4505: ::= { ipspIpsecCredMngServiceEntry 7 }
4506:
4507: ipspIcmsRowStatus OBJECT-TYPE
4508: SYNTAX RowStatus
4509: MAX-ACCESS read-create
4510: STATUS current
4511: DESCRIPTION
4512: "This object indicates the conceptual status of this row.
4513:
4514: The value of this object has no effect on whether other
4515: objects in this conceptual row can be modified.
4516:
4517: If active, this object must remain active if it is referenced
4518: by a row in another table."
4519: ::= { ipspIpsecCredMngServiceEntry 8 }
4520:
4521:
4522: --
4523: -- CRL Table
4524: --
4525:
4526: ipspCredMngCRLTable OBJECT-TYPE
4527: SYNTAX SEQUENCE OF IpspCredMngCRLEntry
4528: MAX-ACCESS not-accessible
4529: STATUS current
4530: DESCRIPTION
4531: "A table of the Credential Revocation Lists (CRL) for
4532: credential managment services."
4533: ::= { ipspConfigObjects 32 }
4534:
4535: ipspCredMngCRLEntry OBJECT-TYPE
4536: SYNTAX IpspCredMngCRLEntry
4537: MAX-ACCESS not-accessible
4538: STATUS current
4539: DESCRIPTION
4540: "A row in the ipspCredMngCRLTable."
4541: INDEX { ipspIcmsName , ipspCmcCRLName }
4542: ::= { ipspCredMngCRLTable 1 }
4543:
4544: IpspCredMngCRLEntry ::= SEQUENCE {
4545: ipspCmcCRLName SnmpAdminString,
4546: ipspCmcDistributionPoint OCTET STRING,
4547: ipspCmcThisUpdate OCTET STRING,
4548: ipspCmcNextUpdate OCTET STRING,
4549: ipspCmcLastChanged TimeStamp,
4550: ipspCmcStorageType StorageType,
4551: ipspCmcRowStatus RowStatus
4552: }
4553:
4554: ipspCmcCRLName OBJECT-TYPE
4555: SYNTAX SnmpAdminString(SIZE(1..32))
4556: MAX-ACCESS not-accessible
4557: STATUS current
4558: DESCRIPTION
4559: "This is an administratively assigned string used to index
4560: this table. It represents a CRL for a given CA from a given
4561: distribution point."
4562: ::= { ipspCredMngCRLEntry 1 }
4563:
4564: ipspCmcDistributionPoint OBJECT-TYPE
4565: SYNTAX OCTET STRING (SIZE(0..256))
4566: MAX-ACCESS read-create
4567: STATUS current
4568: DESCRIPTION
4569: "This Value represents a Distribution Point for a Credential
4570: Revocation List. It can be relative to the Credential
4571: Management Service or a full name (URL, e-mail, etc...)."
4572: ::= { ipspCredMngCRLEntry 2 }
4573:
4574: ipspCmcThisUpdate OBJECT-TYPE
4575: SYNTAX OCTET STRING (SIZE(0..32))
4576: MAX-ACCESS read-create
4577: STATUS current
4578: DESCRIPTION
4579: "This value is the issue date of this CRL. This
4580: should be in utctime or generalizedtime."
4581: ::= { ipspCredMngCRLEntry 3 }
4582:
4583: ipspCmcNextUpdate OBJECT-TYPE
4584: SYNTAX OCTET STRING (SIZE(0..32))
4585: MAX-ACCESS read-create
4586: STATUS current
4587: DESCRIPTION
4588: "This value indicates the date the next version of this CRL
4589: will be issued. This should be in utctime or
4590: generalizedtime."
4591: ::= { ipspCredMngCRLEntry 4 }
4592:
4593: ipspCmcLastChanged OBJECT-TYPE
4594: SYNTAX TimeStamp
4595: MAX-ACCESS read-only
4596: STATUS current
4597: DESCRIPTION
4598: "The value of sysUpTime when this row was last modified or
4599: created either through SNMP SETs or by some other external
4600: means."
4601: ::= { ipspCredMngCRLEntry 5 }
4602:
4603: ipspCmcStorageType OBJECT-TYPE
4604: SYNTAX StorageType
4605: MAX-ACCESS read-create
4606: STATUS current
4607: DESCRIPTION
4608: "The storage type for this row. Rows in this table which were
4609: created through an external process may have a storage type
4610: of readOnly or permanent."
4611: DEFVAL { nonVolatile }
4612: ::= { ipspCredMngCRLEntry 6 }
4613:
4614: ipspCmcRowStatus OBJECT-TYPE
4615: SYNTAX RowStatus
4616: MAX-ACCESS read-create
4617: STATUS current
4618: DESCRIPTION
4619: "This object indicates the conceptual status of this row.
4620:
4621: The value of this object has no effect on whether other
4622: objects in this conceptual row can be modified.
4623:
4624: If active, this object must remain active if it is referenced
4625: by a row in another table."
4626: ::= { ipspCredMngCRLEntry 7 }
4627:
4628:
4629: --
4630: -- Revoked Certificate Table
4631: --
4632: ipspRevokedCertificateTable OBJECT-TYPE
4633: SYNTAX SEQUENCE OF IpspRevokedCertificateEntry
4634: MAX-ACCESS not-accessible
4635: STATUS current
4636: DESCRIPTION
4637: "A table of Credentials revoked by credential managment
4638: services. That is, this table is a table of Certificates
4639: that are on CRL's, Credential Revocation Lists."
4640: ::= { ipspConfigObjects 33 }
4641:
4642: ipspRevokedCertificateEntry OBJECT-TYPE
4643: SYNTAX IpspRevokedCertificateEntry
4644: MAX-ACCESS not-accessible
4645: STATUS current
4646: DESCRIPTION
4647: "A row in the ipspRevokedCertificateTable."
4648: INDEX { ipspCmcCRLName, ipspRctCertSerialNumber}
4649: ::= { ipspRevokedCertificateTable 1 }
4650:
4651: IpspRevokedCertificateEntry ::= SEQUENCE {
4652: ipspRctCertSerialNumber Unsigned32,
4653: ipspRctRevokedDate OCTET STRING,
4654: ipspRctRevokedReason INTEGER,
4655: ipspRctLastChanged TimeStamp,
4656: ipspRctStorageType StorageType,
4657: ipspRctRowStatus RowStatus
4658: }
4659:
4660: ipspRctCertSerialNumber OBJECT-TYPE
4661: SYNTAX Unsigned32 (0..4294967295)
4662: MAX-ACCESS not-accessible
4663: STATUS current
4664: DESCRIPTION
4665: "This value is the serial number of the revoked certificate."
4666: ::= { ipspRevokedCertificateEntry 1 }
4667:
4668: ipspRctRevokedDate OBJECT-TYPE
4669: SYNTAX OCTET STRING (SIZE(0..32))
4670: MAX-ACCESS read-create
4671: STATUS current
4672: DESCRIPTION
4673: "This value is the revocation date of the certificate. This
4674: should be in utctime or generaltime."
4675: ::= { ipspRevokedCertificateEntry 2 }
4676:
4677: ipspRctRevokedReason OBJECT-TYPE
4678: SYNTAX INTEGER { reserved(0), unspecified(1), keyCompromise(2),
4679: cACompromise(3), affiliationChanged(4),
4680: superseded(5), cessationOfOperation(6),
4681: certificateHold(7), removeFromCRL(8) }
4682: MAX-ACCESS read-create
4683: STATUS current
4684: DESCRIPTION
4685: "This value is the reason this certificate was revoked."
4686: DEFVAL { unspecified }
4687: ::= { ipspRevokedCertificateEntry 3 }
4688:
4689: ipspRctLastChanged OBJECT-TYPE
4690: SYNTAX TimeStamp
4691: MAX-ACCESS read-only
4692: STATUS current
4693: DESCRIPTION
4694: "The value of sysUpTime when this row was last modified or
4695: created either through SNMP SETs or by some other external
4696: means."
4697: ::= { ipspRevokedCertificateEntry 4 }
4698:
4699: ipspRctStorageType OBJECT-TYPE
4700: SYNTAX StorageType
4701: MAX-ACCESS read-create
4702: STATUS current
4703: DESCRIPTION
4704: "The storage type for this row. Rows in this table which were
4705: created through an external process may have a storage type
4706: of readOnly or permanent."
4707: DEFVAL { nonVolatile }
4708: ::= { ipspRevokedCertificateEntry 5 }
4709:
4710: ipspRctRowStatus OBJECT-TYPE
4711: SYNTAX RowStatus
4712: MAX-ACCESS read-create
4713: STATUS current
4714: DESCRIPTION
4715: "This object indicates the conceptual status of this row.
4716:
4717: The value of this object has no effect on whether other
4718: objects in this conceptual row can be modified.
4719:
4720: If active, this object must remain active if it is referenced
4721: by a row in another table."
4722: ::= { ipspRevokedCertificateEntry 6 }
4723:
4724:
4725: --
4726: -- Credential Table
4727: --
4728: ipspCredentialTable OBJECT-TYPE
4729: SYNTAX SEQUENCE OF IpspCredentialEntry
4730: MAX-ACCESS not-accessible
4731: STATUS current
4732: DESCRIPTION
4733: "A table of credential values. Example of Credentials are
4734: shared secrets, certificates or kerberos tickets."
4735: ::= { ipspConfigObjects 34 }
4736:
4737: ipspCredentialEntry OBJECT-TYPE
4738: SYNTAX IpspCredentialEntry
4739: MAX-ACCESS not-accessible
4740: STATUS current
4741: DESCRIPTION
4742: "A row in the ipspCredentialTable."
4743: INDEX { ipspCredName }
4744: ::= { ipspCredentialTable 1 }
4745:
4746: IpspCredentialEntry ::= SEQUENCE {
4747: ipspCredName SnmpAdminString,
4748: ipspCredType IpspCredentialType,
4749: ipspCredCredential OCTET STRING,
4750: ipspCredSize Integer32,
4751: ipspCredMngName SnmpAdminString,
4752: ipspCredRemoteID OCTET STRING,
4753: ipspCredAdminStatus IpspAdminStatus,
4754: ipspCredLastChanged TimeStamp,
4755: ipspCredStorageType StorageType,
4756: ipspCredRowStatus RowStatus
4757: }
4758:
4759: ipspCredName OBJECT-TYPE
4760: SYNTAX SnmpAdminString(SIZE(1..32))
4761: MAX-ACCESS not-accessible
4762: STATUS current
4763: DESCRIPTION
4764: "This object represents the name for an entry in this table."
4765: ::= { ipspCredentialEntry 1 }
4766:
4767: ipspCredType OBJECT-TYPE
4768: SYNTAX IpspCredentialType
4769: MAX-ACCESS read-create
4770: STATUS current
4771: DESCRIPTION
4772: "This object represents the type of the credential for this
4773: row."
4774: ::= { ipspCredentialEntry 2 }
4775:
4776: ipspCredCredential OBJECT-TYPE
4777: SYNTAX OCTET STRING (SIZE(0..1024))
4778: MAX-ACCESS read-create
4779: STATUS current
4780: DESCRIPTION
4781: "This object represents the credential value.
4782:
4783: If the size of the credential is greater than 1024, the
4784: credential must be configured via the ipspCredSegmentTable.
4785:
4786: For credential type where the disclosure of the credential
4787: would compromise the credential (e.g. shared secrets), when
4788: this object is accessed for reading, it MUST return a null
4789: length (0 length) string and MUST NOT return the configured
4790: credential."
4791: ::= { ipspCredentialEntry 3 }
4792:
4793: ipspCredSize OBJECT-TYPE
4794: SYNTAX Integer32
4795: MAX-ACCESS read-only
4796: STATUS current
4797: DESCRIPTION
4798: "This value represents the size of the credential.
4799:
4800: If this value is greater than 1024, the ipspCreCredential
4801: column will return an empty (0 length) string. In this case,
4802: the value of the credential must be retrived from the
4803: ipspCredSegmentTable.
4804:
4805: For credential type where the disclosure of the credential
4806: would compromise the credential (e.g. shared secrets), when
4807: this object is accessed for reading, it MUST return a value
4808: of 0 and MUST NOT return the size credential."
4809: ::= { ipspCredentialEntry 4 }
4810:
4811: ipspCredMngName OBJECT-TYPE
4812: SYNTAX SnmpAdminString (SIZE(0..32))
4813: MAX-ACCESS read-create
4814: STATUS current
4815: DESCRIPTION
4816: "This value is used as an index into the
4817: ipspIpsecCredMngServiceTable. For IDs that have no credential
4818: management service, this value is left blank."
4819: ::= { ipspCredentialEntry 5 }
4820:
4821: ipspCredRemoteID OBJECT-TYPE
4822: SYNTAX OCTET STRING(SIZE(0..256))
4823: MAX-ACCESS read-create
4824: STATUS current
4825: DESCRIPTION
4826: "This object represents the Identification (e.g. user name) of
4827: the user of the key information on the remote site. If there
4828: is no ID associated with this credential, the value of this
4829: object should be the null string."
4830: ::= { ipspCredentialEntry 6 }
4831:
4832: ipspCredAdminStatus OBJECT-TYPE
4833: SYNTAX IpspAdminStatus
4834: MAX-ACCESS read-create
4835: STATUS current
4836: DESCRIPTION
4837: "Indicates whether this credential should be considered active.
4838: Rows with a disabled status must not be used for any purpose,
4839: including IKE or IPSEC processing.
4840:
4841: For credentials whose size does not execeed the maximum size
4842: for the ipspCredCredential, it may be set to enabled during
4843: row creation. For larger credentials, it should be left as
4844: disabled until all rows have been uploaded to the
4845: ipspCredSegmentTable."
4846: DEFVAL { disabled }
4847: ::= { ipspCredentialEntry 7 }
4848:
4849: ipspCredLastChanged OBJECT-TYPE
4850: SYNTAX TimeStamp
4851: MAX-ACCESS read-only
4852: STATUS current
4853: DESCRIPTION
4854: "The value of sysUpTime when this row was last modified or
4855: created either through SNMP SETs or by some other external
4856: means."
4857: ::= { ipspCredentialEntry 8 }
4858:
4859: ipspCredStorageType OBJECT-TYPE
4860: SYNTAX StorageType
4861: MAX-ACCESS read-create
4862: STATUS current
4863: DESCRIPTION
4864: "The storage type for this row. Rows in this table which were
4865: created through an external process may have a storage type
4866: of readOnly or permanent."
4867: DEFVAL { nonVolatile }
4868: ::= { ipspCredentialEntry 9 }
4869:
4870: ipspCredRowStatus OBJECT-TYPE
4871: SYNTAX RowStatus
4872: MAX-ACCESS read-create
4873: STATUS current
4874: DESCRIPTION
4875: "This object indicates the conceptual status of this row.
4876:
4877: The value of this object has no effect on whether other
4878: objects in this conceptual row can be modified.
4879:
4880: If active, this object must remain active if it is referenced
4881: by a row in another table."
4882: ::= { ipspCredentialEntry 10 }
4883:
4884:
4885: --
4886: -- Credential Segement Value Table
4887: --
4888:
4889: ipspCredentialSegmentTable OBJECT-TYPE
4890: SYNTAX SEQUENCE OF IpspCredentialSegmentEntry
4891: MAX-ACCESS not-accessible
4892: STATUS current
4893: DESCRIPTION
4894: "A table of credential segments. This table is used for
4895: credentials which are larger than the maximum size allowed
4896: for ipspCredCredential."
4897: ::= { ipspConfigObjects 35 }
4898:
4899: ipspCredentialSegmentEntry OBJECT-TYPE
4900: SYNTAX IpspCredentialSegmentEntry
4901: MAX-ACCESS not-accessible
4902: STATUS current
4903: DESCRIPTION
4904: "A row in the ipspCredentialSegmentTable."
4905: INDEX { ipspCredName, ipspCredSegIndex }
4906: ::= { ipspCredentialSegmentTable 1 }
4907:
4908: IpspCredentialSegmentEntry ::= SEQUENCE {
4909: ipspCredSegIndex Integer32,
4910: ipspCredSegValue OCTET STRING,
4911: ipspCredSegLastChanged TimeStamp,
4912: ipspCredSegStorageType StorageType,
4913: ipspCredSegRowStatus RowStatus
4914: }
4915:
4916: ipspCredSegIndex OBJECT-TYPE
4917: SYNTAX Integer32 (1..65535)
4918: MAX-ACCESS not-accessible
4919: STATUS current
4920: DESCRIPTION
4921: "This object represents the segment number for this segment.
4922:
4923: By default, each segment will be 1024 octets. However, when
4924: this table is accessed using a context of 'ipsp4096',
4925: 'ipsp8192' or 'ipsp16384' a segment size of 4096, 8192 or
4926: 16384 (respectively) will be used instead.
4927:
4928: The number of rows which need to be retrieved or set can be
4929: calculated by obtaining the value of the ipspCredSize column
4930: from the corresponding ipspCredentialTable row and dividing it
4931: by the segment size."
4932: ::= { ipspCredentialSegmentEntry 1 }
4933:
4934: ipspCredSegValue OBJECT-TYPE
4935: SYNTAX OCTET STRING
4936: MAX-ACCESS read-create
4937: STATUS current
4938: DESCRIPTION
4939: "This object represents one segment of the credential.
4940:
4941: By default, each complete segment will be 1024 octets. (The
4942: last row for a given credential might be smaller, if the
4943: credential size is not a multiple of the segment size).
4944:
4945: An implementation may optionally support segment sizes of
4946: 256, 4096, 8192 or the full object size when this table is
4947: is accessed using a context of 'ipspCred256', 'ipspCred4096',
4948: 'ipspCred8192' or 'ipspCredFull' (respectively).
4949:
4950: The number of rows which need to be retrieved or set can be
4951: calculated by obtaining the value of the ipspCredSize column
4952: from the corresponding ipspCredentialTable row and dividing it
4953: by the segment size."
4954: ::= { ipspCredentialSegmentEntry 2 }
4955:
4956: ipspCredSegLastChanged OBJECT-TYPE
4957: SYNTAX TimeStamp
4958: MAX-ACCESS read-only
4959: STATUS current
4960: DESCRIPTION
4961: "The value of sysUpTime when this credential was last modified
4962: or created either through SNMP SETs or by some other external
4963: means. Note that the last changed type will be the same for
4964: all segemnts of the credential."
4965: ::= { ipspCredentialSegmentEntry 3 }
4966:
4967: ipspCredSegStorageType OBJECT-TYPE
4968: SYNTAX StorageType
4969: MAX-ACCESS read-only
4970: STATUS current
4971: DESCRIPTION
4972: "The storage type for this row. This object is read-only. Rows
4973: in this table have the same value as the ipspCredStorageType
4974: for the corresponding row in the ipspCredentialTable."
4975: DEFVAL { nonVolatile }
4976: ::= { ipspCredentialSegmentEntry 4 }
4977:
4978: ipspCredSegRowStatus OBJECT-TYPE
4979: SYNTAX RowStatus
4980: MAX-ACCESS read-create
4981: STATUS current
4982: DESCRIPTION
4983: "This object indicates the conceptual status of this row.
4984:
4985: The segment of this object has no effect on whether other
4986: objects in this conceptual row can be modified.
4987:
4988: If active, this object must remain active if it is referenced
4989: by a row in another table."
4990: ::= { ipspCredentialSegmentEntry 5 }
4991:
4992: --
4993: --
4994: -- Notification objects information
4995: --
4996: --
4997:
4998: ipspNotificationVariables OBJECT IDENTIFIER ::=
4999: { ipspNotificationObjects 1 }
5000:
5001: ipspNotifications OBJECT IDENTIFIER ::=
5002: { ipspNotificationObjects 0 }
5003:
5004: ipspActionExecuted OBJECT-TYPE
5005: SYNTAX VariablePointer
5006: MAX-ACCESS accessible-for-notify
5007: STATUS current
5008: DESCRIPTION
5009: "Points to the action instance that was executed that
5010: resulted in the notification being sent."
5011: ::= { ipspNotificationVariables 1 }
5012:
5013: ipspIPInterfaceType OBJECT-TYPE
5014: SYNTAX InetAddressType
5015: MAX-ACCESS accessible-for-notify
5016: STATUS current
5017: DESCRIPTION
5018: "Contains the interface type for the interface that the
5019: packet which triggered the notification in question is
5020: passing through."
5021: ::= { ipspNotificationVariables 2 }
5022:
5023: ipspIPInterfaceAddress OBJECT-TYPE
5024: SYNTAX InetAddress
5025: MAX-ACCESS accessible-for-notify
5026: STATUS current
5027: DESCRIPTION
5028: "Contains the interface address for the interface that the
5029: packet which triggered the notification in question is
5030: passing through."
5031: ::= { ipspNotificationVariables 3 }
5032:
5033: ipspIPSourceType OBJECT-TYPE
5034: SYNTAX InetAddressType
5035: MAX-ACCESS accessible-for-notify
5036: STATUS current
5037: DESCRIPTION
5038: "Contains the source address type of the packet which
5039: triggered the notification in question."
5040: ::= { ipspNotificationVariables 4 }
5041:
5042: ipspIPSourceAddress OBJECT-TYPE
5043: SYNTAX InetAddress
5044: MAX-ACCESS accessible-for-notify
5045: STATUS current
5046: DESCRIPTION
5047: "Contains the source address of the packet which triggered the
5048: notification in question."
5049: ::= { ipspNotificationVariables 5 }
5050:
5051: ipspIPDestinationType OBJECT-TYPE
5052: SYNTAX InetAddressType
5053: MAX-ACCESS accessible-for-notify
5054: STATUS current
5055: DESCRIPTION
5056: "Contains the destination address type of the packet which
5057: triggered the notification in question."
5058: ::= { ipspNotificationVariables 6 }
5059:
5060: ipspIPDestinationAddress OBJECT-TYPE
5061: SYNTAX InetAddress
5062: MAX-ACCESS accessible-for-notify
5063: STATUS current
5064: DESCRIPTION
5065: "Contains the destination address of the packet which
5066: triggered the notification in question."
5067: ::= { ipspNotificationVariables 7 }
5068:
5069: ipspPacketDirection OBJECT-TYPE
5070: SYNTAX INTEGER { inbound(1), outbound(2) }
5071: MAX-ACCESS accessible-for-notify
5072: STATUS current
5073: DESCRIPTION
5074: "Indicates if the packet whic triggered the action in
5075: questions was inbound our outbound."
5076: ::= { ipspNotificationVariables 8 }
5077:
5078: ipspPacketPart OBJECT-TYPE
5079: SYNTAX OCTET STRING
5080: MAX-ACCESS accessible-for-notify
5081: STATUS current
5082: DESCRIPTION
5083: "Is the front part of the packet that triggered this
5084: notification. The size is determined by the value of
5085: 'IpspIPPacketLogging' or the size of the packet, whichever
5086: is smaller."
5087: ::= { ipspNotificationVariables 9 }
5088:
5089: ipspActionNotification NOTIFICATION-TYPE
5090: OBJECTS { ipspActionExecuted, ipspIPInterfaceType,
5091: ipspIPInterfaceAddress,
5092: ipspIPSourceType, ipspIPSourceAddress,
5093: ipspIPDestinationType,
5094: ipspIPDestinationAddress,
5095: ipspPacketDirection }
5096: STATUS current
5097: DESCRIPTION
5098: "Notification that an action was executed by a rule. Only
5099: actions with logging enabled will result in this notification
5100: getting sent. The objects sent must include the
5101: ipspActionExecuted object which will indicate which
5102: action was executed within the scope of the rule.
5103: Additionally the ipspIPSourceType,
5104: ipspIPSourceAddress, ipspIPDestinationType, and
5105: ipspIPDestinationAddress objects must be included to
5106: indicate the packet source and destination of the packet that
5107: triggered the action. Finally the
5108: ipspIPInterfaceType, ipspIPInterfaceAddress,
5109: and ipspPacketDirection objects are included to
5110: indicate which interface the action was executed in
5111: association with and if the packet was inbound or outbond
5112: through the endpoint.
5113:
5114: Note that compound actions with multiple
5115: executed subactions may result in multiple notifications
5116: being sent from a single rule execution."
5117: ::= { ipspNotifications 1 }
5118:
5119: ipspPacketNotification NOTIFICATION-TYPE
5120: OBJECTS { ipspActionExecuted, ipspIPInterfaceType,
5121: ipspIPInterfaceAddress,
5122: ipspIPSourceType, ipspIPSourceAddress,
5123: ipspIPDestinationType,
5124: ipspIPDestinationAddress,
5125: ipspPacketDirection,
5126: ipspPacketPart }
5127: STATUS current
5128: DESCRIPTION
5129: "Notification that a packet passed through an SA. Only
5130: SA's created by actions with packet logging enabled will
5131: result in this notification getting sent. The objects sent
5132: must include the ipspActionExecuted which will
5133: indicate which action was executed within the scope of the
5134: rule. Additionally, the ipspIPSourceType,
5135: ipspIPSourceAddress, ipspIPDestinationType, and
5136: ipspIPDestinationAddress, objects must be included to
5137: indicate the packet source and destination of the packet that
5138: triggered the action. The ipspIPInterfaceType,
5139: ipspIPInterfaceAddress, and ipspPacketDirection
5140: objects are included to indicate which endpoint the packet
5141: was associated with. Finally, ipspPacketPart is
5142: including for sending a variable sized part of the front of
5143: the packet depending on the value of IpspIPPacketLogging."
5144:
5145: ::= { ipspNotifications 2 }
5146:
5147:
5148: --
5149: --
5150: -- Conformance information
5151: --
5152: --
5153:
5154: ipspCompliances OBJECT IDENTIFIER
5155: ::= { ipspConformanceObjects 1 }
5156: ipspGroups OBJECT IDENTIFIER
5157: ::= { ipspConformanceObjects 2 }
5158:
5159: --
5160: -- Compliance statements
5161: --
5162: --
5163: ipspRuleFilterCompliance MODULE-COMPLIANCE
5164: STATUS current
5165: DESCRIPTION
5166: "The compliance statement for SNMP entities that include an
5167: IPsec MIB implementation with Endpoint, Rules, and filters
5168: support."
5169: MODULE -- This Module
5170: MANDATORY-GROUPS { ipspEndpointGroup,
5171: ipspGroupContentsGroup,
5172: ipspRuleDefinitionGroup,
5173: ipspIPHeaderFilterGroup,
5174: ipspStaticFilterGroup }
5175:
5176: GROUP ipspIpsecSystemPolicyNameGroup
5177: DESCRIPTION
5178: "This group is mandatory for IPsec Policy
5179: implementations which support a system policy group
5180: name."
5181:
5182: GROUP ipspCompoundFilterGroup
5183: DESCRIPTION
5184: "This group is mandatory for IPsec Policy
5185: implementations which support compound filters."
5186:
5187: GROUP ipspIPOffsetFilterGroup
5188: DESCRIPTION
5189: "This group is mandatory for IPsec Policy
5190: implementations which support IP Offset filters. In
5191: general, this SHOULD be supported by a compliant IPsec
5192: Policy implementation."
5193:
5194: GROUP ipspTimeFilterGroup
5195: DESCRIPTION
5196: "This group is mandatory for IPsec Policy
5197: implementations which support time filters."
5198:
5199: GROUP ipspIpsoHeaderFilterGroup
5200: DESCRIPTION
5201: "This group is mandatory for IPsec Policy
5202: implementations which support IPSO Header filters."
5203:
5204: GROUP ipspCredentialFilterGroup
5205: DESCRIPTION
5206: "This group is mandatory for IPsec Policy
5207: implementations which support Credential filters."
5208:
5209: GROUP ipspPeerIdFilterGroup
5210: DESCRIPTION
5211: "This group is mandatory for IPsec Policy
5212: implementations which support Peer Identity filters."
5213:
5214: OBJECT ipspEndGroupRowStatus
5215: SYNTAX RowStatus {
5216: active(1), createAndGo(4), destroy(6)
5217: }
5218: DESCRIPTION
5219: "Support of the values notInService(2), notReady(3),
5220: and createAndWait(5) is not required."
5221:
5222: OBJECT ipspEndGroupLastChanged
5223: MIN-ACCESS not-accessible
5224: DESCRIPTION
5225: "This object not required for compliance."
5226:
5227: OBJECT ipspGroupContComponentType
5228: SYNTAX INTEGER {
5229: rule(2)
5230: }
5231: DESCRIPTION
5232: "Support of the value group(1) is only required for
5233: implementations which support Policy Groups within Policy
5234: Groups."
5235:
5236: OBJECT ipspGroupContRowStatus
5237: SYNTAX RowStatus {
5238: active(1), createAndGo(4), destroy(6)
5239: }
5240: DESCRIPTION
5241: "Support of the values notInService(2), notReady(3),
5242: and createAndWait(5) is not required."
5243:
5244: OBJECT ipspGroupContLastChanged
5245: MIN-ACCESS not-accessible
5246: DESCRIPTION
5247: "This object not required for compliance."
5248:
5249: OBJECT ipspRuleDefRowStatus
5250: SYNTAX RowStatus {
5251: active(1), createAndGo(4), destroy(6)
5252: }
5253: DESCRIPTION
5254: "Support of the values notInService(2), notReady(3),
5255: and createAndWait(5) is not required."
5256:
5257: OBJECT ipspRuleDefLastChanged
5258: MIN-ACCESS not-accessible
5259: DESCRIPTION
5260: "This object not required for compliance."
5261:
5262: OBJECT ipspCompFiltRowStatus
5263: SYNTAX RowStatus {
5264: active(1), createAndGo(4), destroy(6)
5265: }
5266: DESCRIPTION
5267: "Support of the values notInService(2), notReady(3),
5268: and createAndWait(5) is not required."
5269:
5270: OBJECT ipspCompFiltLastChanged
5271: MIN-ACCESS not-accessible
5272: DESCRIPTION
5273: "This object not required for compliance."
5274:
5275: OBJECT ipspSubFiltRowStatus
5276: SYNTAX RowStatus {
5277: active(1), createAndGo(4), destroy(6)
5278: }
5279: DESCRIPTION
5280: "Support of the values notInService(2), notReady(3),
5281: and createAndWait(5) is not required."
5282:
5283: OBJECT ipspSubFiltLastChanged
5284: MIN-ACCESS not-accessible
5285: DESCRIPTION
5286: "This object not required for compliance."
5287:
5288: OBJECT ipspIpHeadFiltIPVersion
5289: SYNTAX InetAddressType {
5290: ipv4(1), ipv6(2)
5291: }
5292: DESCRIPTION
5293: "Only the ipv4 and ipv6 values make sense for this
5294: object."
5295:
5296: OBJECT ipspIpHeadFiltRowStatus
5297: SYNTAX RowStatus {
5298: active(1), createAndGo(4), destroy(6)
5299: }
5300: DESCRIPTION
5301: "Support of the values notInService(2), notReady(3),
5302: and createAndWait(5) is not required."
5303:
5304: OBJECT ipspIpHeadFiltLastChanged
5305: MIN-ACCESS not-accessible
5306: DESCRIPTION
5307: "This object not required for compliance."
5308:
5309: OBJECT ipspIpOffFiltRowStatus
5310: SYNTAX RowStatus {
5311: active(1), createAndGo(4), destroy(6)
5312: }
5313: DESCRIPTION
5314: "Support of the values notInService(2), notReady(3),
5315: and createAndWait(5) is not required."
5316:
5317: OBJECT ipspIpOffFiltLastChanged
5318: MIN-ACCESS not-accessible
5319: DESCRIPTION
5320: "This object not required for compliance."
5321:
5322: OBJECT ipspTimeFiltRowStatus
5323: SYNTAX RowStatus {
5324: active(1), createAndGo(4), destroy(6)
5325: }
5326: DESCRIPTION
5327: "Support of the values notInService(2), notReady(3),
5328: and createAndWait(5) is not required."
5329:
5330: OBJECT ipspTimeFiltLastChanged
5331: MIN-ACCESS not-accessible
5332: DESCRIPTION
5333: "This object not required for compliance."
5334:
5335: OBJECT ipspIpsoHeadFiltRowStatus
5336: SYNTAX RowStatus {
5337: active(1), createAndGo(4), destroy(6)
5338: }
5339: DESCRIPTION
5340: "Support of the values notInService(2), notReady(3),
5341: and createAndWait(5) is not required."
5342:
5343: OBJECT ipspIpsoHeadFiltLastChanged
5344: MIN-ACCESS not-accessible
5345: DESCRIPTION
5346: "This object not required for compliance."
5347:
5348: OBJECT ipspCmcDistributionPoint
5349: MIN-ACCESS read-only
5350: DESCRIPTION
5351: "Only read-only access is required for compliance."
5352:
5353: OBJECT ipspCmcThisUpdate
5354: MIN-ACCESS read-only
5355: DESCRIPTION
5356: "Only read-only access is required for compliance."
5357:
5358: OBJECT ipspCmcNextUpdate
5359: MIN-ACCESS read-only
5360: DESCRIPTION
5361: "Only read-only access is required for compliance."
5362:
5363: OBJECT ipspCmcLastChanged
5364: MIN-ACCESS not-accessible
5365: DESCRIPTION
5366: "This object not required for compliance."
5367:
5368: OBJECT ipspCmcStorageType
5369: MIN-ACCESS read-only
5370: DESCRIPTION
5371: "Only read-only access is required for compliance."
5372:
5373: OBJECT ipspCmcRowStatus
5374: SYNTAX RowStatus {
5375: active(1), createAndGo(4), destroy(6)
5376: }
5377: MIN-ACCESS read-only
5378: DESCRIPTION
5379: "Support of the values notInService(2), notReady(3),
5380: and createAndWait(5) is not required. Only read-only
5381: access is required for compliance."
5382:
5383: OBJECT ipspRctRevokedDate
5384: MIN-ACCESS read-only
5385: DESCRIPTION
5386: "Only read-only access is required for compliance."
5387:
5388: OBJECT ipspRctRevokedReason
5389: MIN-ACCESS read-only
5390: DESCRIPTION
5391: "Only read-only access is required for compliance."
5392:
5393: OBJECT ipspRctLastChanged
5394: MIN-ACCESS not-accessible
5395: DESCRIPTION
5396: "This object not required for compliance."
5397:
5398: OBJECT ipspRctStorageType
5399: MIN-ACCESS read-only
5400: DESCRIPTION
5401: "Only read-only access is required for compliance."
5402:
5403: OBJECT ipspRctRowStatus
5404: SYNTAX RowStatus {
5405: active(1), createAndGo(4), destroy(6)
5406: }
5407: MIN-ACCESS read-only
5408: DESCRIPTION
5409: "Support of the values notInService(2), notReady(3),
5410: and createAndWait(5) is not required. Only read-only
5411: access is required for compliance."
5412:
5413: OBJECT ipspIcmsDistinguishedName
5414: MIN-ACCESS read-only
5415: DESCRIPTION
5416: "Only read-only access is required for compliance."
5417:
5418: OBJECT ipspIcmsPolicyStatement
5419: MIN-ACCESS read-only
5420: DESCRIPTION
5421: "Only read-only access is required for compliance."
5422:
5423: OBJECT ipspIcmsMaxChainLength
5424: MIN-ACCESS read-only
5425: DESCRIPTION
5426: "Only read-only access is required for compliance."
5427:
5428: OBJECT ipspIcmsCredentialName
5429: MIN-ACCESS read-only
5430: DESCRIPTION
5431: "Only read-only access is required for compliance."
5432:
5433: OBJECT ipspIcmsLastChanged
5434: MIN-ACCESS not-accessible
5435: DESCRIPTION
5436: "This object not required for compliance."
5437:
5438: OBJECT ipspIcmsStorageType
5439: MIN-ACCESS read-only
5440: DESCRIPTION
5441: "Only read-only access is required for compliance."
5442:
5443: OBJECT ipspIcmsRowStatus
5444: SYNTAX RowStatus {
5445: active(1), createAndGo(4), destroy(6)
5446: }
5447: MIN-ACCESS read-only
5448: DESCRIPTION
5449: "Support of the values notInService(2), notReady(3),
5450: and createAndWait(5) is not required. Only read-only
5451: access is required for compliance."
5452:
5453: OBJECT ipspCredType
5454: MIN-ACCESS read-only
5455: DESCRIPTION
5456: "Only read-only access is required for compliance."
5457:
5458: OBJECT ipspCredCredential
5459: MIN-ACCESS read-only
5460: DESCRIPTION
5461: "Only read-only access is required for compliance."
5462:
5463: OBJECT ipspCredMngName
5464: MIN-ACCESS read-only
5465: DESCRIPTION
5466: "Only read-only access is required for compliance."
5467:
5468: OBJECT ipspCredRemoteID
5469: MIN-ACCESS read-only
5470: DESCRIPTION
5471: "Only read-only access is required for compliance."
5472:
5473: OBJECT ipspCredStorageType
5474: MIN-ACCESS read-only
5475: DESCRIPTION
5476: "Only read-only access is required for compliance."
5477:
5478: OBJECT ipspCredRowStatus
5479: SYNTAX RowStatus {
5480: active(1), createAndGo(4), destroy(6)
5481: }
5482: DESCRIPTION
5483: "Support of the values notInService(2), notReady(3),
5484: and createAndWait(5) is not required."
5485:
5486: OBJECT ipspCredLastChanged
5487: MIN-ACCESS not-accessible
5488: DESCRIPTION
5489: "This object is optional so as not to impose an undue
5490: burden on resource-constrained devices."
5491:
5492: OBJECT ipspCredFiltRowStatus
5493: SYNTAX RowStatus {
5494: active(1), createAndGo(4), destroy(6)
5495: }
5496: DESCRIPTION
5497: "Support of the values notInService(2), notReady(3),
5498: and createAndWait(5) is not required."
5499:
5500: OBJECT ipspCredFiltLastChanged
5501: MIN-ACCESS not-accessible
5502: DESCRIPTION
5503: "This object not required for compliance."
5504:
5505: OBJECT ipspPeerIdFiltRowStatus
5506: SYNTAX RowStatus {
5507: active(1), createAndGo(4), destroy(6)
5508: }
5509: DESCRIPTION
5510: "Support of the values notInService(2), notReady(3),
5511: and createAndWait(5) is not required."
5512:
5513: OBJECT ipspPeerIdFiltLastChanged
5514: MIN-ACCESS not-accessible
5515: DESCRIPTION
5516: "This object not required for compliance."
5517:
5518: ::= { ipspCompliances 1 }
5519:
5520:
5521: ipspIPsecCompliance MODULE-COMPLIANCE
5522: STATUS current
5523: DESCRIPTION
5524: "The compliance statement for SNMP entities that include an
5525: IPsec MIB implementation and supports IPsec actions."
5526: MODULE -- This Module
5527: MANDATORY-GROUPS { ipspIpsecGroup,
5528: ipspStaticActionGroup,
5529: ipspPreconfiguredGroup }
5530:
5531: GROUP ipspCompoundActionGroup
5532: DESCRIPTION
5533: "This group is mandatory for IPsec Policy
5534: implementations which support compound actions."
5535:
5536: OBJECT ipspCompActRowStatus
5537: SYNTAX RowStatus {
5538: active(1), createAndGo(4), destroy(6)
5539: }
5540: DESCRIPTION
5541: "Support of the values notInService(2), notReady(3),
5542: and createAndWait(5) is not required."
5543:
5544: OBJECT ipspCompActLastChanged
5545: MIN-ACCESS not-accessible
5546: DESCRIPTION
5547: "This object is optional so as not to impose an undue
5548: burden on resource-constrained devices."
5549:
5550: OBJECT aiipspCompActRowStatus
5551: SYNTAX RowStatus {
5552: active(1), createAndGo(4), destroy(6)
5553: }
5554: DESCRIPTION
5555: "Support of the values notInService(2), notReady(3),
5556: and createAndWait(5) is not required."
5557:
5558: OBJECT aiipspCompActLastChanged
5559: MIN-ACCESS not-accessible
5560: DESCRIPTION
5561: "This object is optional so as not to impose an undue
5562: burden on resource-constrained devices."
5563:
5564: OBJECT ipspIpsecActRowStatus
5565: SYNTAX RowStatus {
5566: active(1), createAndGo(4), destroy(6)
5567: }
5568: DESCRIPTION
5569: "Support of the values notInService(2), notReady(3),
5570: and createAndWait(5) is not required."
5571:
5572: OBJECT ipspIpsecActLastChanged
5573: MIN-ACCESS not-accessible
5574: DESCRIPTION
5575: "This object is optional so as not to impose an undue
5576: burden on resource-constrained devices."
5577:
5578: OBJECT ipspIpsecPropRowStatus
5579: SYNTAX RowStatus {
5580: active(1), createAndGo(4), destroy(6)
5581: }
5582: DESCRIPTION
5583: "Support of the values notInService(2), notReady(3),
5584: and createAndWait(5) is not required."
5585:
5586: OBJECT ipspIpsecPropLastChanged
5587: MIN-ACCESS not-accessible
5588: DESCRIPTION
5589: "This object is optional so as not to impose an undue
5590: burden on resource-constrained devices."
5591:
5592: OBJECT ipspIpsecTranRowStatus
5593: SYNTAX RowStatus {
5594: active(1), createAndGo(4), destroy(6)
5595: }
5596: DESCRIPTION
5597: "Support of the values notInService(2), notReady(3),
5598: and createAndWait(5) is not required."
5599:
5600: OBJECT ipspIpsecTranLastChanged
5601: MIN-ACCESS not-accessible
5602: DESCRIPTION
5603: "This object is optional so as not to impose an undue
5604: burden on resource-constrained devices."
5605:
5606: OBJECT ipspSaNegParamRowStatus
5607: SYNTAX RowStatus {
5608: active(1), createAndGo(4), destroy(6)
5609: }
5610: DESCRIPTION
5611: "Support of the values notInService(2), notReady(3),
5612: and createAndWait(5) is not required."
5613:
5614: OBJECT ipspSaNegParamLastChanged
5615: MIN-ACCESS not-accessible
5616: DESCRIPTION
5617: "This object is optional so as not to impose an undue
5618: burden on resource-constrained devices."
5619:
5620: OBJECT ipspAhTranRowStatus
5621: SYNTAX RowStatus {
5622: active(1), createAndGo(4), destroy(6)
5623: }
5624: DESCRIPTION
5625: "Support of the values notInService(2), notReady(3),
5626: and createAndWait(5) is not required."
5627:
5628: OBJECT ipspAhTranLastChanged
5629: MIN-ACCESS not-accessible
5630: DESCRIPTION
5631: "This object is optional so as not to impose an undue
5632: burden on resource-constrained devices."
5633:
5634: OBJECT ipspEspTranRowStatus
5635: SYNTAX RowStatus {
5636: active(1), createAndGo(4), destroy(6)
5637: }
5638: DESCRIPTION
5639: "Support of the values notInService(2), notReady(3),
5640: and createAndWait(5) is not required."
5641:
5642: OBJECT ipspEspTranLastChanged
5643: MIN-ACCESS not-accessible
5644: DESCRIPTION
5645: "This object is optional so as not to impose an undue
5646: burden on resource-constrained devices."
5647:
5648: OBJECT ipspIpcompTranRowStatus
5649: SYNTAX RowStatus {
5650: active(1), createAndGo(4), destroy(6)
5651: }
5652: DESCRIPTION
5653: "Support of the values notInService(2), notReady(3),
5654: and createAndWait(5) is not required."
5655:
5656: OBJECT ipspIpcompTranLastChanged
5657: MIN-ACCESS not-accessible
5658: DESCRIPTION
5659: "This object is optional so as not to impose an undue
5660: burden on resource-constrained devices."
5661:
5662: OBJECT ipspPeerIdAddressType
5663: SYNTAX InetAddressType {
5664: ipv4(1), ipv6(2)
5665: }
5666: DESCRIPTION
5667: "Only the ipv4 and ipv6 values make sense for this
5668: object."
5669:
5670: OBJECT ipspPeerIdRowStatus
5671: SYNTAX RowStatus {
5672: active(1), createAndGo(4), destroy(6)
5673: }
5674: DESCRIPTION
5675: "Support of the values notInService(2), notReady(3),
5676: and createAndWait(5) is not required."
5677:
5678: OBJECT ipspPeerIdLastChanged
5679: MIN-ACCESS not-accessible
5680: DESCRIPTION
5681: "This object is optional so as not to impose an undue
5682: burden on resource-constrained devices."
5683:
5684: OBJECT ipspCredRowStatus
5685: SYNTAX RowStatus {
5686: active(1), createAndGo(4), destroy(6)
5687: }
5688: DESCRIPTION
5689: "Support of the values notInService(2), notReady(3),
5690: and createAndWait(5) is not required."
5691:
5692: OBJECT ipspCredLastChanged
5693: MIN-ACCESS not-accessible
5694: DESCRIPTION
5695: "This object is optional so as not to impose an undue
5696: burden on resource-constrained devices."
5697:
5698: OBJECT ipspCredSegRowStatus
5699: SYNTAX RowStatus {
5700: active(1), createAndGo(4), destroy(6)
5701: }
5702: DESCRIPTION
5703: "Support of the values notInService(2), notReady(3),
5704: and createAndWait(5) is not required."
5705:
5706: OBJECT ipspCredSegLastChanged
5707: MIN-ACCESS not-accessible
5708: DESCRIPTION
5709: "This object is optional so as not to impose an undue
5710: burden on resource-constrained devices."
5711:
5712: OBJECT ipspSaPreActRowStatus
5713: SYNTAX RowStatus {
5714: active(1), createAndGo(4), destroy(6)
5715: }
5716: DESCRIPTION
5717: "Support of the values notInService(2), notReady(3),
5718: and createAndWait(5) is not required."
5719:
5720: OBJECT ipspSaPreActLastChanged
5721: MIN-ACCESS not-accessible
5722: DESCRIPTION
5723: "This object is optional so as not to impose an undue
5724: burden on resource-constrained devices."
5725:
5726: ::= { ipspCompliances 2 }
5727:
5728: ipspIKECompliance MODULE-COMPLIANCE
5729: STATUS current
5730: DESCRIPTION
5731: "The compliance statement for SNMP entities that include an
5732: IPsec MIB implementation and supports IKE actions."
5733: MODULE -- This Module
5734: MANDATORY-GROUPS { ipspIkeGroup }
5735:
5736: GROUP ipspCompoundActionGroup
5737: DESCRIPTION
5738: "This group is mandatory for IPsec Policy
5739: implementations which support compound actions."
5740:
5741: OBJECT ipspCompActRowStatus
5742: SYNTAX RowStatus {
5743: active(1), createAndGo(4), destroy(6)
5744: }
5745: DESCRIPTION
5746: "Support of the values notInService(2), notReady(3),
5747: and createAndWait(5) is not required."
5748:
5749: OBJECT ipspCompActLastChanged
5750: MIN-ACCESS not-accessible
5751: DESCRIPTION
5752: "This object is optional so as not to impose an undue
5753: burden on resource-constrained devices."
5754:
5755: OBJECT aiipspCompActRowStatus
5756: SYNTAX RowStatus {
5757: active(1), createAndGo(4), destroy(6)
5758: }
5759: DESCRIPTION
5760: "Support of the values notInService(2), notReady(3),
5761: and createAndWait(5) is not required."
5762:
5763: OBJECT aiipspCompActLastChanged
5764: MIN-ACCESS not-accessible
5765: DESCRIPTION
5766: "This object is optional so as not to impose an undue
5767: burden on resource-constrained devices."
5768:
5769: OBJECT ipspIkeActRowStatus
5770: SYNTAX RowStatus {
5771: active(1), createAndGo(4), destroy(6)
5772: }
5773: DESCRIPTION
5774: "Support of the values notInService(2), notReady(3),
5775: and createAndWait(5) is not required."
5776:
5777: OBJECT ipspIkeActLastChanged
5778: MIN-ACCESS not-accessible
5779: DESCRIPTION
5780: "This object is optional so as not to impose an undue
5781: burden on resource-constrained devices."
5782:
5783: OBJECT ipspIkeActPropRowStatus
5784: SYNTAX RowStatus {
5785: active(1), createAndGo(4), destroy(6)
5786:
5787: }
5788: DESCRIPTION
5789: "Support of the values notInService(2), notReady(3),
5790: and createAndWait(5) is not required."
5791:
5792: OBJECT ipspIkeActPropLastChanged
5793: MIN-ACCESS not-accessible
5794: DESCRIPTION
5795: "This object is optional so as not to impose an undue
5796: burden on resource-constrained devices."
5797:
5798: OBJECT ipspIkePropProposalRowStatus
5799: SYNTAX RowStatus {
5800: active(1), createAndGo(4), destroy(6)
5801: }
5802: DESCRIPTION
5803: "Support of the values notInService(2), notReady(3),
5804: and createAndWait(5) is not required."
5805:
5806: OBJECT ipspIkePropProposalLastChanged
5807: MIN-ACCESS not-accessible
5808: DESCRIPTION
5809: "This object is optional so as not to impose an undue
5810: burden on resource-constrained devices."
5811:
5812: OBJECT ipspSaNegParamRowStatus
5813: SYNTAX RowStatus {
5814: active(1), createAndGo(4), destroy(6)
5815: }
5816: DESCRIPTION
5817: "Support of the values notInService(2), notReady(3),
5818: and createAndWait(5) is not required."
5819:
5820: OBJECT ipspSaNegParamLastChanged
5821: MIN-ACCESS not-accessible
5822: DESCRIPTION
5823: "This object is optional so as not to impose an undue
5824: burden on resource-constrained devices."
5825:
5826: OBJECT ipspIkeIdRowStatus
5827: SYNTAX RowStatus {
5828: active(1), createAndGo(4), destroy(6)
5829: }
5830: DESCRIPTION
5831: "Support of the values notInService(2), notReady(3),
5832: and createAndWait(5) is not required."
5833:
5834: OBJECT ipspIkeIdLastChanged
5835: MIN-ACCESS not-accessible
5836: DESCRIPTION
5837: "This object is optional so as not to impose an undue
5838: burden on resource-constrained devices."
5839:
5840: OBJECT ipspPeerIdRowStatus
5841: SYNTAX RowStatus {
5842: active(1), createAndGo(4), destroy(6)
5843: }
5844: DESCRIPTION
5845: "Support of the values notInService(2), notReady(3),
5846: and createAndWait(5) is not required."
5847:
5848: OBJECT ipspPeerIdLastChanged
5849: MIN-ACCESS not-accessible
5850: DESCRIPTION
5851: "This object is optional so as not to impose an undue
5852: burden on resource-constrained devices."
5853:
5854: OBJECT ipspAutoIkeAddressType
5855: SYNTAX InetAddressType {
5856: ipv4(1), ipv6(2)
5857: }
5858: DESCRIPTION
5859: "Only the ipv4 and ipv6 values make sense for this
5860: object."
5861:
5862: OBJECT ipspAutoIkeRowStatus
5863: SYNTAX RowStatus {
5864: active(1), createAndGo(4), destroy(6)
5865: }
5866: DESCRIPTION
5867: "Support of the values notInService(2), notReady(3),
5868: and createAndWait(5) is not required."
5869:
5870: OBJECT ipspAutoIkeLastChanged
5871: MIN-ACCESS not-accessible
5872: DESCRIPTION
5873: "This object is optional so as not to impose an undue
5874: burden on resource-constrained devices."
5875:
5876: OBJECT ipspCmcDistributionPoint
5877: MIN-ACCESS read-only
5878: DESCRIPTION
5879: "Only read-only access is required for compliance."
5880:
5881: OBJECT ipspCmcThisUpdate
5882: MIN-ACCESS read-only
5883: DESCRIPTION
5884: "Only read-only access is required for compliance."
5885:
5886: OBJECT ipspCmcNextUpdate
5887: MIN-ACCESS read-only
5888: DESCRIPTION
5889: "Only read-only access is required for compliance."
5890:
5891: OBJECT ipspCmcLastChanged
5892: MIN-ACCESS not-accessible
5893: DESCRIPTION
5894: "This object not required for compliance."
5895:
5896: OBJECT ipspCmcStorageType
5897: MIN-ACCESS read-only
5898: DESCRIPTION
5899: "Only read-only access is required for compliance."
5900:
5901: OBJECT ipspCmcRowStatus
5902: SYNTAX RowStatus {
5903: active(1), createAndGo(4), destroy(6)
5904: }
5905: MIN-ACCESS read-only
5906: DESCRIPTION
5907: "Support of the values notInService(2), notReady(3),
5908: and createAndWait(5) is not required. Only read-only
5909: access is required for compliance."
5910:
5911: OBJECT ipspRctRevokedDate
5912: MIN-ACCESS read-only
5913: DESCRIPTION
5914: "Only read-only access is required for compliance."
5915:
5916: OBJECT ipspRctRevokedReason
5917: MIN-ACCESS read-only
5918: DESCRIPTION
5919: "Only read-only access is required for compliance."
5920:
5921: OBJECT ipspRctLastChanged
5922: MIN-ACCESS not-accessible
5923: DESCRIPTION
5924: "This object not required for compliance."
5925:
5926: OBJECT ipspRctStorageType
5927: MIN-ACCESS read-only
5928: DESCRIPTION
5929: "Only read-only access is required for compliance."
5930:
5931: OBJECT ipspRctRowStatus
5932: SYNTAX RowStatus {
5933: active(1), createAndGo(4), destroy(6)
5934: }
5935: MIN-ACCESS read-only
5936: DESCRIPTION
5937: "Support of the values notInService(2), notReady(3),
5938: and createAndWait(5) is not required. Only read-only
5939: access is required for compliance."
5940:
5941: OBJECT ipspIcmsDistinguishedName
5942: MIN-ACCESS read-only
5943: DESCRIPTION
5944: "Only read-only access is required for compliance."
5945:
5946: OBJECT ipspIcmsPolicyStatement
5947: MIN-ACCESS read-only
5948: DESCRIPTION
5949: "Only read-only access is required for compliance."
5950:
5951: OBJECT ipspIcmsMaxChainLength
5952: MIN-ACCESS read-only
5953: DESCRIPTION
5954: "Only read-only access is required for compliance."
5955:
5956: OBJECT ipspIcmsCredentialName
5957: MIN-ACCESS read-only
5958: DESCRIPTION
5959: "Only read-only access is required for compliance."
5960:
5961: OBJECT ipspIcmsLastChanged
5962: MIN-ACCESS not-accessible
5963: DESCRIPTION
5964: "This object not required for compliance."
5965:
5966: OBJECT ipspIcmsStorageType
5967: MIN-ACCESS read-only
5968: DESCRIPTION
5969: "Only read-only access is required for compliance."
5970:
5971: OBJECT ipspIcmsRowStatus
5972: SYNTAX RowStatus {
5973: active(1), createAndGo(4), destroy(6)
5974: }
5975: MIN-ACCESS read-only
5976: DESCRIPTION
5977: "Support of the values notInService(2), notReady(3),
5978: and createAndWait(5) is not required. Only read-only
5979: access is required for compliance."
5980:
5981: OBJECT ipspCredRowStatus
5982: SYNTAX RowStatus {
5983: active(1), createAndGo(4), destroy(6)
5984: }
5985: DESCRIPTION
5986: "Support of the values notInService(2), notReady(3),
5987: and createAndWait(5) is not required."
5988:
5989: OBJECT ipspCredLastChanged
5990: MIN-ACCESS not-accessible
5991: DESCRIPTION
5992: "This object is optional so as not to impose an undue
5993: burden on resource-constrained devices."
5994:
5995: OBJECT ipspCredSegRowStatus
5996: SYNTAX RowStatus {
5997: active(1), createAndGo(4), destroy(6)
5998: }
5999: DESCRIPTION
6000: "Support of the values notInService(2), notReady(3),
6001: and createAndWait(5) is not required."
6002:
6003: OBJECT ipspCredSegLastChanged
6004: MIN-ACCESS not-accessible
6005: DESCRIPTION
6006: "This object is optional so as not to impose an undue
6007: burden on resource-constrained devices."
6008:
6009: ::= { ipspCompliances 3 }
6010:
6011: ipspLoggingCompliance MODULE-COMPLIANCE
6012: STATUS current
6013: DESCRIPTION
6014: "The compliance statement for SNMP entities that support
6015: sending notifications when actions are invoked."
6016: MODULE -- This Module
6017: MANDATORY-GROUPS { ipspActionLoggingObjectGroup,
6018: ipspActionNotificationGroup }
6019:
6020: ::= { ipspCompliances 4 }
6021:
6022:
6023: --
6024: --
6025: -- Compliance Groups Definitions
6026: --
6027: --
6028: -- Endpoint, Rule, Filter Compliance Groups
6029: --
6030:
6031: ipspEndpointGroup OBJECT-GROUP
6032: OBJECTS {
6033: ipspEndGroupName, ipspEndGroupLastChanged,
6034: ipspEndGroupStorageType, ipspEndGroupRowStatus
6035: }
6036: STATUS current
6037: DESCRIPTION
6038: "The IPsec Policy Endpoint Table Group."
6039: ::= { ipspGroups 1 }
6040:
6041: ipspGroupContentsGroup OBJECT-GROUP
6042: OBJECTS {
6043: ipspGroupContComponentType, ipspGroupContFilter,
6044: ipspGroupContComponentName, ipspGroupContLastChanged,
6045: ipspGroupContStorageType, ipspGroupContRowStatus
6046: }
6047: STATUS current
6048: DESCRIPTION
6049: "The IPsec Policy Group Contents Table Group."
6050: ::= { ipspGroups 2 }
6051:
6052: ipspIpsecSystemPolicyNameGroup OBJECT-GROUP
6053: OBJECTS {
6054: ipspSystemPolicyGroupName
6055: }
6056: STATUS current
6057: DESCRIPTION
6058: "The System Policy Group Name Group."
6059: ::= { ipspGroups 3}
6060:
6061: ipspRuleDefinitionGroup OBJECT-GROUP
6062: OBJECTS {
6063: ipspRuleDefDescription, ipspRuleDefFilter,
6064: ipspRuleDefFilterNegated, ipspRuleDefAction,
6065: ipspRuleDefAdminStatus, ipspRuleDefLastChanged,
6066: ipspRuleDefStorageType, ipspRuleDefRowStatus
6067: }
6068: STATUS current
6069: DESCRIPTION
6070: "The IPsec Policy Rule Definition Table Group."
6071: ::= { ipspGroups 4 }
6072:
6073: ipspCompoundFilterGroup OBJECT-GROUP
6074: OBJECTS {
6075: ipspCompFiltDescription, ipspCompFiltLogicType,
6076: ipspCompFiltLastChanged, ipspCompFiltStorageType,
6077: ipspCompFiltRowStatus, ipspSubFiltSubfilter,
6078: ipspSubFiltSubfilterIsNegated, ipspSubFiltLastChanged,
6079: ipspSubFiltStorageType, ipspSubFiltRowStatus
6080: }
6081: STATUS current
6082: DESCRIPTION
6083: "The IPsec Policy Compound Filter Table and Filters in
6084: Compound Filters Table Group."
6085: ::= { ipspGroups 5 }
6086:
6087: ipspStaticFilterGroup OBJECT-GROUP
6088: OBJECTS { ipspTrueFilter, ipspIkePhase1Filter,
6089: ipspIkePhase2Filter }
6090: STATUS current
6091: DESCRIPTION
6092: "The static filter group. Currently this is just a true
6093: filter."
6094: ::= { ipspGroups 6 }
6095:
6096: ipspIPHeaderFilterGroup OBJECT-GROUP
6097: OBJECTS {
6098: ipspIpHeadFiltType, ipspIpHeadFiltIPVersion,
6099: ipspIpHeadFiltSrcAddressBegin, ipspIpHeadFiltSrcAddressEnd,
6100: ipspIpHeadFiltDstAddressBegin, ipspIpHeadFiltDstAddressEnd,
6101: ipspIpHeadFiltSrcLowPort, ipspIpHeadFiltSrcHighPort,
6102: ipspIpHeadFiltDstLowPort, ipspIpHeadFiltDstHighPort,
6103: ipspIpHeadFiltProtocol, ipspIpHeadFiltIPv6FlowLabel,
6104: ipspIpHeadFiltLastChanged, ipspIpHeadFiltStorageType,
6105: ipspIpHeadFiltRowStatus
6106: }
6107: STATUS current
6108: DESCRIPTION
6109: "The IPsec Policy IP Header Filter Table Group."
6110: ::= { ipspGroups 7 }
6111:
6112: ipspIPOffsetFilterGroup OBJECT-GROUP
6113: OBJECTS {
6114: ipspIpOffFiltOffset, ipspIpOffFiltType, ipspIpOffFiltNumber,
6115: ipspIpOffFiltValue, ipspIpOffFiltLastChanged,
6116: ipspIpOffFiltStorageType, ipspIpOffFiltRowStatus
6117: }
6118:
6119: STATUS current
6120: DESCRIPTION
6121: "The IPsec Policy IP Offset Filter Table Group."
6122: ::= { ipspGroups 8 }
6123:
6124: ipspTimeFilterGroup OBJECT-GROUP
6125: OBJECTS {
6126: ipspTimeFiltPeriodStart, ipspTimeFiltPeriodEnd,
6127: ipspTimeFiltMonthOfYearMask, ipspTimeFiltDayOfMonthMask,
6128: ipspTimeFiltDayOfWeekMask, ipspTimeFiltTimeOfDayMaskStart,
6129: ipspTimeFiltTimeOfDayMaskEnd, ipspTimeFiltLastChanged,
6130: ipspTimeFiltStorageType, ipspTimeFiltRowStatus
6131: }
6132: STATUS current
6133: DESCRIPTION
6134: "The IPsec Policy Time Filter Table Group."
6135: ::= { ipspGroups 9 }
6136:
6137: ipspIpsoHeaderFilterGroup OBJECT-GROUP
6138: OBJECTS {
6139: ipspIpsoHeadFiltType, ipspIpsoHeadFiltClassification,
6140: ipspIpsoHeadFiltProtectionAuth, ipspIpsoHeadFiltLastChanged,
6141: ipspIpsoHeadFiltStorageType, ipspIpsoHeadFiltRowStatus
6142: }
6143: STATUS current
6144: DESCRIPTION
6145: "The IPsec Policy IPSO Header Filter Table Group."
6146: ::= { ipspGroups 10 }
6147:
6148: ipspCredentialFilterGroup OBJECT-GROUP
6149: OBJECTS {
6150: ipspCredFiltCredentialType, ipspCredFiltMatchFieldName,
6151: ipspCredFiltMatchFieldValue, ipspCredFiltAcceptCredFrom,
6152: ipspCredFiltLastChanged, ipspCredFiltStorageType,
6153: ipspCredFiltRowStatus,
6154:
6155: ipspCmcDistributionPoint, ipspCmcThisUpdate, ipspCmcNextUpdate,
6156: ipspCmcLastChanged, ipspCmcStorageType, ipspCmcRowStatus,
6157:
6158: ipspRctRevokedDate, ipspRctRevokedReason,
6159: ipspRctLastChanged, ipspRctStorageType, ipspRctRowStatus,
6160:
6161: ipspIcmsDistinguishedName, ipspIcmsPolicyStatement,
6162: ipspIcmsMaxChainLength, ipspIcmsCredentialName,
6163: ipspIcmsLastChanged, ipspIcmsStorageType, ipspIcmsRowStatus,
6164:
6165: ipspCredType, ipspCredCredential, ipspCredMngName, ipspCredSize,
6166: ipspCredRemoteID, ipspCredAdminStatus, ipspCredLastChanged,
6167: ipspCredStorageType, ipspCredRowStatus,
6168:
6169: ipspCredSegValue, ipspCredSegLastChanged,
6170: ipspCredSegStorageType, ipspCredSegRowStatus
6171: }
6172: STATUS current
6173: DESCRIPTION
6174: "The IPsec Policy Credential Filter Table Group."
6175: ::= { ipspGroups 11 }
6176:
6177: ipspPeerIdFilterGroup OBJECT-GROUP
6178: OBJECTS {
6179: ipspPeerIdFiltIdentityType, ipspPeerIdFiltIdentityValue,
6180: ipspPeerIdFiltLastChanged, ipspPeerIdFiltStorageType,
6181: ipspPeerIdFiltRowStatus
6182: }
6183: STATUS current
6184: DESCRIPTION
6185: "The IPsec Policy Peer Identity Filter Table Group."
6186: ::= { ipspGroups 12 }
6187:
6188: --
6189: -- action compliance groups
6190: --
6191:
6192: ipspCompoundActionGroup OBJECT-GROUP
6193: OBJECTS {
6194: ipspCompActExecutionStrategy, ipspCompActLastChanged,
6195: ipspCompActStorageType,
6196:
6197: ipspCompActRowStatus, ipspSubActSubActionName,
6198: aiipspCompActLastChanged, aiipspCompActStorageType,
6199: aiipspCompActRowStatus
6200: }
6201: STATUS current
6202: DESCRIPTION
6203: "The IPsec Policy Compound Action Table and Actions In
6204: Compound Action Table Group."
6205: ::= { ipspGroups 13 }
6206:
6207: ipspPreconfiguredGroup OBJECT-GROUP
6208: OBJECTS {
6209: ipspSaPreActActionDescription, ipspSaPreActActionLifetimeSec,
6210: ipspSaPreActActionLifetimeKB, ipspSaPreActDoActionLogging,
6211: ipspSaPreActDoPacketLogging, ipspSaPreActDFHandling,
6212: ipspSaPreActActionType, ipspSaPreActAHSPI,
6213: ipspSaPreActAHTransformName, ipspSaPreActAHSharedSecretName,
6214: ipspSaPreActESPSPI, ipspSaPreActESPTransformName,
6215: ipspSaPreActESPEncSecretName, ipspSaPreActESPAuthSecretName,
6216: ipspSaPreActIPCompSPI, ipspSaPreActIPCompTransformName,
6217: ipspSaPreActPeerGatewayIdName, ipspSaPreActLastChanged,
6218: ipspSaPreActStorageType, ipspSaPreActRowStatus,
6219: ipspAhTranMaxLifetimeSec, ipspAhTranMaxLifetimeKB,
6220: ipspAhTranAlgorithm, ipspAhTranReplayProtection,
6221: ipspAhTranReplayWindowSize, ipspAhTranLastChanged,
6222: ipspAhTranStorageType,
6223:
6224: ipspEspTranMaxLifetimeSec, ipspEspTranMaxLifetimeKB,
6225: ipspEspTranCipherTransformId, ipspEspTranCipherKeyLength,
6226: ipspEspTranCipherKeyRounds, ipspEspTranIntegrityAlgorithmId,
6227: ipspEspTranReplayPrevention, ipspEspTranReplayWindowSize,
6228: ipspEspTranLastChanged, ipspEspTranStorageType,
6229: ipspEspTranRowStatus,
6230:
6231: ipspIpcompTranDictionarySize, ipspIpcompTranMaxLifetimeSec,
6232: ipspIpcompTranMaxLifetimeKB, ipspIpcompTranPrivateAlgorithm,
6233: ipspIpcompTranLastChanged, ipspIpcompTranStorageType,
6234: ipspIpcompTranRowStatus,
6235:
6236: ipspPeerIdValue, ipspPeerIdType, ipspPeerIdAddress,
6237: ipspPeerIdAddressType, ipspPeerIdCredentialName,
6238: ipspPeerIdLastChanged, ipspPeerIdStorageType,
6239: ipspPeerIdRowStatus,
6240:
6241: ipspCredType, ipspCredCredential, ipspCredMngName, ipspCredSize,
6242: ipspCredRemoteID, ipspCredAdminStatus, ipspCredLastChanged,
6243: ipspCredStorageType, ipspCredRowStatus,
6244:
6245: ipspCredSegValue, ipspCredSegLastChanged,
6246: ipspCredSegStorageType, ipspCredSegRowStatus
6247: }
6248: STATUS current
6249: DESCRIPTION
6250: "This group is the set of objects that support preconfigured
6251: IPsec actions. These objects are from The Preconfigured
6252: Action Table. This group also includes objects from the
6253: shared tables: Peer Identity Table, Credential Table,
6254: Credential Management Service Table and the AH, ESP, and
6255: IPComp Transform Tables."
6256: ::= { ipspGroups 14 }
6257:
6258: ipspStaticActionGroup OBJECT-GROUP
6259: OBJECTS {
6260: ipspDropAction, ipspAcceptAction, ipspRejectIKEAction,
6261: ipspDropActionLog, ipspAcceptActionLog, ipspRejectIKEActionLog
6262: }
6263: STATUS current
6264: DESCRIPTION
6265: "The IPsec Policy Static Actions Group."
6266: ::= { ipspGroups 15 }
6267:
6268: ipspIpsecGroup OBJECT-GROUP
6269: OBJECTS {
6270: ipspIpsecActParametersName, ipspIpsecActProposalsName,
6271: ipspIpsecActUsePfs, ipspIpsecActVendorId, ipspIpsecActGroupId,
6272: ipspIpsecActPeerGatewayIdName, ipspIpsecActUseIkeGroup,
6273: ipspIpsecActGranularity, ipspIpsecActMode,
6274: ipspIpsecActDFHandling, ipspIpsecActDoActionLogging,
6275: ipspIpsecActDoPacketLogging, ipspIpsecActLastChanged,
6276: ipspIpsecActStorageType, ipspIpsecActRowStatus,
6277:
6278: ipspIpsecPropTransformsName, ipspIpsecPropLastChanged,
6279: ipspIpsecPropStorageType, ipspIpsecPropRowStatus,
6280:
6281: ipspIpsecTranTransformName, ipspIpsecTranLastChanged,
6282: ipspIpsecTranStorageType, ipspIpsecTranRowStatus,
6283:
6284: ipspSaNegParamMinLifetimeSecs, ipspSaNegParamMinLifetimeKB,
6285: ipspSaNegParamRefreshThreshSecs,
6286: ipspSaNegParamRefreshThresholdKB,
6287: ipspSaNegParamIdleDurationSecs, ipspSaNegParamLastChanged,
6288: ipspSaNegParamStorageType, ipspSaNegParamRowStatus,
6289:
6290: ipspAhTranMaxLifetimeSec, ipspAhTranMaxLifetimeKB,
6291: ipspAhTranAlgorithm, ipspAhTranReplayProtection,
6292: ipspAhTranReplayWindowSize, ipspAhTranLastChanged,
6293: ipspAhTranStorageType, ipspAhTranRowStatus,
6294:
6295: ipspEspTranMaxLifetimeSec, ipspEspTranMaxLifetimeKB,
6296: ipspEspTranCipherTransformId, ipspEspTranCipherKeyLength,
6297: ipspEspTranCipherKeyRounds, ipspEspTranIntegrityAlgorithmId,
6298: ipspEspTranReplayPrevention, ipspEspTranReplayWindowSize,
6299: ipspEspTranLastChanged, ipspEspTranStorageType,
6300: ipspEspTranRowStatus,
6301:
6302: ipspIpcompTranDictionarySize, ipspIpcompTranAlgorithm,
6303: ipspIpcompTranMaxLifetimeSec, ipspIpcompTranMaxLifetimeKB,
6304: ipspIpcompTranPrivateAlgorithm, ipspIpcompTranLastChanged,
6305: ipspIpcompTranStorageType, ipspIpcompTranRowStatus,
6306:
6307: ipspPeerIdValue, ipspPeerIdType, ipspPeerIdAddress,
6308: ipspPeerIdAddressType, ipspPeerIdCredentialName,
6309: ipspPeerIdLastChanged, ipspPeerIdStorageType,
6310: ipspPeerIdRowStatus,
6311:
6312: ipspCredType, ipspCredCredential, ipspCredMngName, ipspCredSize,
6313: ipspCredRemoteID, ipspCredAdminStatus, ipspCredLastChanged,
6314: ipspCredStorageType, ipspCredRowStatus,
6315: ipspCredSegValue, ipspCredSegLastChanged,
6316: ipspCredSegStorageType, ipspCredSegRowStatus
6317: }
6318: STATUS current
6319: DESCRIPTION
6320: "This group is the set of objects that support IPsec
6321: actions. These objects are from The IPsec Policy IPsec
6322: Actions Table, The IPsec Proposal Table, and The IPsec
6323: Transform Table. This group also includes objects from the
6324: shared tables: Peer Identity Table, Credential Table,
6325: Negotiation Parameters Table, Credential Management Service
6326: Table and the AH, ESP, and IPComp Transform Table."
6327: ::= { ipspGroups 16 }
6328:
6329: ipspIkeGroup OBJECT-GROUP
6330: OBJECTS {
6331: ipspIkeActParametersName, ipspIkeActThresholdDerivedKeys,
6332: ipspIkeActExchangeMode, ipspIkeActAgressiveModeGroupId,
6333: ipspIkeActIdentityType, ipspIkeActIdentityContext,
6334: ipspIkeActPeerName, ipspIkeActVendorId, ipspIkeActPropName,
6335: ipspIkeActDoActionLogging, ipspIkeActDoPacketLogging,
6336: ipspIkeActLastChanged, ipspIkeActStorageType,
6337: ipspIkeActRowStatus,
6338:
6339: ipspIkeActPropLastChanged, ipspIkeActPropStorageType,
6340: ipspIkeActPropRowStatus,
6341:
6342: ipspIkePropLifetimeDerivedKeys, ipspIkePropCipherAlgorithm,
6343: ipspIkePropCipherKeyLength, ipspIkePropCipherKeyRounds,
6344: ipspIkePropHashAlgorithm, ipspIkePropPrfAlgorithm,
6345: ipspIkePropVendorId, ipspIkePropDhGroup,
6346: ipspIkePropAuthenticationMethod, ipspIkePropMaxLifetimeSecs,
6347: ipspIkePropMaxLifetimeKB, ipspIkePropProposalLastChanged,
6348: ipspIkePropProposalStorageType, ipspIkePropProposalRowStatus,
6349:
6350: ipspSaNegParamMinLifetimeSecs, ipspSaNegParamMinLifetimeKB,
6351: ipspSaNegParamRefreshThreshSecs,
6352: ipspSaNegParamRefreshThresholdKB,
6353: ipspSaNegParamIdleDurationSecs, ipspSaNegParamLastChanged,
6354: ipspSaNegParamStorageType, ipspSaNegParamRowStatus,
6355:
6356: ipspIkeIdCredentialName,
6357: ipspIkeIdLastChanged, ipspIkeIdStorageType, ipspIkeIdRowStatus,
6358:
6359: ipspAutoIkeAction, ipspAutoIkeAddressType,
6360: ipspAutoIkeSourceAddress, ipspAutoIkeSourcePort,
6361: ipspAutoIkeDestAddress, ipspAutoIkeDestPort,
6362: ipspAutoIkeProtocol, ipspAutoIkeLastChanged,
6363: ipspAutoIkeStorageType, ipspAutoIkeRowStatus,
6364:
6365: ipspPeerIdValue, ipspPeerIdType, ipspPeerIdAddress,
6366: ipspPeerIdAddressType, ipspPeerIdCredentialName,
6367: ipspPeerIdLastChanged, ipspPeerIdStorageType,
6368: ipspPeerIdRowStatus,
6369:
6370: ipspCmcDistributionPoint, ipspCmcThisUpdate, ipspCmcNextUpdate,
6371: ipspCmcLastChanged, ipspCmcStorageType, ipspCmcRowStatus,
6372:
6373: ipspRctRevokedDate, ipspRctRevokedReason,
6374: ipspRctLastChanged, ipspRctStorageType, ipspRctRowStatus,
6375:
6376: ipspIcmsDistinguishedName, ipspIcmsPolicyStatement,
6377: ipspIcmsMaxChainLength, ipspIcmsCredentialName,
6378: ipspIcmsLastChanged, ipspIcmsStorageType, ipspIcmsRowStatus,
6379:
6380: ipspCredType, ipspCredCredential, ipspCredMngName, ipspCredSize,
6381: ipspCredRemoteID, ipspCredAdminStatus, ipspCredLastChanged,
6382: ipspCredStorageType, ipspCredRowStatus,
6383:
6384: ipspCredSegValue, ipspCredSegLastChanged,
6385: ipspCredSegStorageType, ipspCredSegRowStatus
6386: }
6387: STATUS current
6388: DESCRIPTION
6389: "This group is the set of objects that support IKE
6390: actions. These objects are from The IPsec Policy IKE Action
6391: Table, The IKE Action Proposals Table, The IKE Proposal
6392: Table, The autostart IKE Table and The IKE Identity Table.
6393: This group also includes objects from the shared tables: Peer
6394: Identity Table, Credential Management Service Table and
6395: Negotiation Parameters Table."
6396: ::= { ipspGroups 17 }
6397:
6398: ipspActionLoggingObjectGroup OBJECT-GROUP
6399: OBJECTS {
6400: ipspActionExecuted,
6401: ipspIPInterfaceType, ipspIPInterfaceAddress,
6402: ipspIPSourceType, ipspIPSourceAddress,
6403: ipspIPDestinationType, ipspIPDestinationAddress,
6404: ipspPacketDirection, ipspPacketPart
6405: }
6406: STATUS current
6407: DESCRIPTION
6408: "Notification objects."
6409: ::= { ipspGroups 18 }
6410:
6411: ipspActionNotificationGroup NOTIFICATION-GROUP
6412: NOTIFICATIONS {
6413: ipspActionNotification,
6414: ipspPacketNotification
6415: }
6416: STATUS current
6417: DESCRIPTION
6418: "Notifications."
6419: ::= { ipspGroups 19 }
6420:
6421:
6422: END
6423:
6424: --
6425: -- Copyright (C) The Internet Society (2003). All Rights Reserved.
6426: --
6427: -- This document and translations of it may be copied and furnished to
6428: -- others, and derivative works that comment on or otherwise explain it
6429: -- or assist in its implementation may be prepared, copied, published
6430: -- and distributed, in whole or in part, without restriction of any
6431: -- kind, provided that the above copyright notice and this paragraph
6432: -- are included on all such copies and derivative works. However, this
6433: -- document itself may not be modified in any way, such as by removing
6434: -- the copyright notice or references to the Internet Society or other
6435: -- Internet organizations, except as needed for the purpose of
6436: -- developing Internet standards in which case the procedures for
6437: -- copyrights defined in the Internet Standards process must be
6438: -- followed, or as required to translate it into languages other than
6439: -- English.
6440: --
6441: -- The limited permissions granted above are perpetual and will not be
6442: -- revoked by the Internet Society or its successors or assigns.
6443: --
6444: -- This document and the information contained herein is provided on an
6445: -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
6446: -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
6447: -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
6448: -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
6449: -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
6450: