CISCO-IP-ENCRYPTION-MIB

File: CISCO-IP-ENCRYPTION-MIB.mib (16658 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
IF-MIB CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Counter32
Integer32 IpAddress Gauge32
NOTIFICATION-TYPE DisplayString TruthValue
TimeStamp RowStatus MODULE-COMPLIANCE
OBJECT-GROUP OwnerString ciscoMgmt

Defined Types

CieEngineStatusEntry  
SEQUENCE    
  cieEngineID Integer32
  cieEngineCardIndex Integer32
  cieEnginePublicKey OCTET STRING
  cieEsaTampered TruthValue
  cieEsaAuthenticated TruthValue
  cieEsaMode INTEGER

CieConnEntry  
SEQUENCE    
  cieConnIndex Integer32
  cieProtectedAddr IpAddress
  cieUnprotectedAddr IpAddress
  cieConnStatus INTEGER
  ciePktsEncrypted Counter32
  ciePktsDecrypted Counter32
  ciePktsDropped Counter32
  cieLocalTimeEstablished TimeStamp
  cieAlgorithmType INTEGER

CieTestConnEntry  
SEQUENCE    
  cieTestConnSerialNumber Integer32
  cieTestConnProtectedAddr IpAddress
  cieTestConnUnprotectedAddr IpAddress
  cieTestConnTrapOnCompletion TruthValue
  cieTestConnCryptoMapName DisplayString
  cieTestConnCryptoMapTagNumber Integer32
  cieTestConnSessionStatus INTEGER
  cieTestConnEntryOwner OwnerString
  cieTestConnEntryStatus RowStatus

Defined Values

ciscoIpEncryptionMIB 1.3.6.1.4.1.9.9.52
Used to manage the encryption feature.
MODULE-IDENTITY    

ciscoIpEncryptionMIBObjects 1.3.6.1.4.1.9.9.52.1
OBJECT IDENTIFIER    

cieConfig 1.3.6.1.4.1.9.9.52.1.1
OBJECT IDENTIFIER    

cieEngineStatus 1.3.6.1.4.1.9.9.52.1.2
OBJECT IDENTIFIER    

cieConnections 1.3.6.1.4.1.9.9.52.1.3
OBJECT IDENTIFIER    

cieTestConnection 1.3.6.1.4.1.9.9.52.1.4
OBJECT IDENTIFIER    

cieConfiguredAlgorithms 1.3.6.1.4.1.9.9.52.1.1.1
Type of encryption configured on a particular router, encoded as a bit-string. A router can support multiple encryption algorithms i.e. 56 bit des with 8 bit cipher feedback AND 40 bit des with 64 bit cipher feedback.
Status: current Access: read-only
OBJECT-TYPE    
  OCTET STRING Size(16)  

cieEncryptionKeyTimeout 1.3.6.1.4.1.9.9.52.1.1.2
Interval at which keys expire for a session and they are is re-negotiated.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

cieNumberOfCryptoEngines 1.3.6.1.4.1.9.9.52.1.1.3
Total number of encryption engines.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cieEngineStatusTable 1.3.6.1.4.1.9.9.52.1.2.1
A table describing status of all encryption engines present within the router.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    CieEngineStatusEntry

cieEngineStatusEntry 1.3.6.1.4.1.9.9.52.1.2.1.1
Each entry in this table describes public key associated with each engine, with its unique ID. In case of hardware assisted encryption each entry also describes status of encryption port adaptor.
Status: current Access: not-accessible
OBJECT-TYPE    
  CieEngineStatusEntry  

cieEngineID 1.3.6.1.4.1.9.9.52.1.2.1.1.1
Unique value identifying the crypto engine, in case of RP and other software only platforms, this is the processor ID. In case of ESA, this will be a unique ID retrieved from ESA.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32 1..2147483647  

cieEngineCardIndex 1.3.6.1.4.1.9.9.52.1.2.1.1.2
Corresponds to cardIndex in the chassis mib, if value is 0 then this is a software encryption engine.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

cieEnginePublicKey 1.3.6.1.4.1.9.9.52.1.2.1.1.3
Public key for a particular crypto engine.
Status: current Access: read-only
OBJECT-TYPE    
  OCTET STRING Size(0..1024)  

cieEsaTampered 1.3.6.1.4.1.9.9.52.1.2.1.1.4
Indicates whether encryption port adaptor has been tampered with. NOTE: This object is not present for software encryption engines.
Status: current Access: read-only
OBJECT-TYPE    
  TruthValue  

cieEsaAuthenticated 1.3.6.1.4.1.9.9.52.1.2.1.1.5
Indicates whether encryption port adaptor has been properly authenticated for this router. NOTE: This object is not present for software encryption engines.
Status: current Access: read-only
OBJECT-TYPE    
  TruthValue  

cieEsaMode 1.3.6.1.4.1.9.9.52.1.2.1.1.6
Indicates current operating mode of the ESA card. This variable directly corresponds to LED status shown on ESA. NOTE: This object is not present for software encryption engines.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER enableActive(1), boot(2), error(3)  

cieNumberOfConnections 1.3.6.1.4.1.9.9.52.1.3.1
Total number of active, pending and dead crypto connections.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

cieConnTable 1.3.6.1.4.1.9.9.52.1.3.2
A table that describes all encrypted IP traffic created by the router, between the protected entity (cieProtectedAddr) and the unprotected entity (cieUnprotectedAddr). Each entry in this table describes a virtual encrypted IP tunnel.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    CieConnEntry

cieConnEntry 1.3.6.1.4.1.9.9.52.1.3.2.1
This entry describes a connection viz. the protected and unprotected node, status of the connection and number of packets encrypted, decrypted per connection and algorithm used for encrypting data. Each entry also contains a pointer to crypto engine that is performing the encryption.
Status: current Access: not-accessible
OBJECT-TYPE    
  CieConnEntry  

cieConnIndex 1.3.6.1.4.1.9.9.52.1.3.2.1.1
A monotonically increasing integer for the sole purpose of indexing the cieConnTable. When it reaches the maximum value, the agent wraps the value back to 1 and may flush existing entries.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..2147483647  

cieProtectedAddr 1.3.6.1.4.1.9.9.52.1.3.2.1.2
The IP address for protected (secure) node.
Status: current Access: read-only
OBJECT-TYPE    
  IpAddress  

cieUnprotectedAddr 1.3.6.1.4.1.9.9.52.1.3.2.1.3
The IP address of the unprotected (insecure) node in the network.
Status: current Access: read-only
OBJECT-TYPE    
  IpAddress  

cieConnStatus 1.3.6.1.4.1.9.9.52.1.3.2.1.4
Integer describing status/type of connection. The pending and bad connections may be removed after 4 minutes of non-activity. Open (active) connections may be removed if they have not transmitted/received traffic in the last cieEncryptionKeyTimeout minutes.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER pendingConnection(1), openConnection(2), exchangeKeys(3), badConnection(4)  

ciePktsEncrypted 1.3.6.1.4.1.9.9.52.1.3.2.1.5
Total number of packets encrypted for this connection.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

ciePktsDecrypted 1.3.6.1.4.1.9.9.52.1.3.2.1.6
Total number of packets decrypted for this connection.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

ciePktsDropped 1.3.6.1.4.1.9.9.52.1.3.2.1.7
Total number of packets dropped for this connection. The packets are dropped only in cases where encryption keys are not established between the protected entity and the unprotected entity. An increase in this value indicates the possibility of mis-configured keys.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

cieLocalTimeEstablished 1.3.6.1.4.1.9.9.52.1.3.2.1.8
Value of sysUpTime at which the connection was established or re-established.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

cieAlgorithmType 1.3.6.1.4.1.9.9.52.1.3.2.1.9
Type of encryption algorithm used for this connection.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER des56bitCfb64(1), des56bitCfb8(2), des40bitCfb64(3), des40bitdesCfb8(4)  

cieTestConnTable 1.3.6.1.4.1.9.9.52.1.4.1
A table of test crypto session entries.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    CieTestConnEntry

cieTestConnEntry 1.3.6.1.4.1.9.9.52.1.4.1.1
A encryption test entry. A management station wishing to create an entry should first generate a pseudo-random serial number to be used as the index to this sparse table. The station should then create the associated instance of the row status and row owner objects. It must also, either in the same or in successive PDUs, create the associated instance of the address objects. Once the appropriate instance of all the configuration objects have been created, either by an explicit SNMP set request, the row status should be set to active to initiate the request. Note that this entire procedure may be initiated via a single set request which specifies a row status of createAndGo. Once the connection sequence has been activated, it cannot be stopped -- it will run until a crypto connection has been established between source and destination. Once the sequence completes, the management station should retrieve the values of the status objects of interest, and should then delete the entry. In order to prevent old entries from clogging the table, entries will be aged out 30 minutes after they are created.
Status: current Access: not-accessible
OBJECT-TYPE    
  CieTestConnEntry  

cieTestConnSerialNumber 1.3.6.1.4.1.9.9.52.1.4.1.1.1
Object which specifies a unique entry in the cieTestConnTable. A management station wishing to initiate a crypto session test operation should use a pseudo-random value for this object when creating an instance of a cieTestConnEntry. The RowStatus semantics of the cieTestConnEntryStatus object will prevent access conflicts.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..2147483647  

cieTestConnProtectedAddr 1.3.6.1.4.1.9.9.52.1.4.1.1.2
The IP address of the protected (secure) node, for the test connection.
Status: current Access: read-create
OBJECT-TYPE    
  IpAddress  

cieTestConnUnprotectedAddr 1.3.6.1.4.1.9.9.52.1.4.1.1.3
The IP address of the unprotected (insecure) node for the test connection.
Status: current Access: read-create
OBJECT-TYPE    
  IpAddress  

cieTestConnTrapOnCompletion 1.3.6.1.4.1.9.9.52.1.4.1.1.4
Specifies whether or not a cieTestCompletion trap should be issued on completion of test crypto session. If such a trap is desired, it is the responsibility of the management entity to ensure that the SNMP administrative model is configured in such a way as to allow the trap to be delivered.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

cieTestConnCryptoMapName 1.3.6.1.4.1.9.9.52.1.4.1.1.5
Specifies name of the crypto map already configured on the router. A crypto map along with its tag number fully specifies the enryption policy, such as type of algorithm to be used, the name of the peer router and access list.
Status: current Access: read-create
OBJECT-TYPE    
  DisplayString  

cieTestConnCryptoMapTagNumber 1.3.6.1.4.1.9.9.52.1.4.1.1.6
Specifies tag number of the crypto map already configured on the router. A crypto map along with its tag number fully specifies the enryption policy, such as type of algorithm to be used, the name of the peer router and access list.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32 1..2147483647  

cieTestConnSessionStatus 1.3.6.1.4.1.9.9.52.1.4.1.1.7
Set to a value that indicates whether a crypto session was successfully established, failed or the connection establishment process is in progress. If the specified crypto map is not configured, value is set to badCryptoMapName.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER inProgress(1), fail(2), success(3), badCryptoMapName(4)  

cieTestConnEntryOwner 1.3.6.1.4.1.9.9.52.1.4.1.1.8
The entity that configured this entry.
Status: current Access: read-create
OBJECT-TYPE    
  OwnerString  

cieTestConnEntryStatus 1.3.6.1.4.1.9.9.52.1.4.1.1.9
The status of this table entry. Once the entry status is set to active, the associate entry cannot be modified until the sequence completes (cieTestConnSessionStatus has value other than inprogress ).
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

cieMIBTrapPrefix 1.3.6.1.4.1.9.9.52.2
OBJECT IDENTIFIER    

cieMIBTraps 1.3.6.1.4.1.9.9.52.2.0
OBJECT IDENTIFIER    

cieTestCompletion 1.3.6.1.4.1.9.9.52.2.0.1
A cieTestCompletion trap is sent at the completion of a crypto session establishment if such a trap was requested when the sequence was initiated.
Status: current Access: read-create
NOTIFICATION-TYPE    

cieMIBConformance 1.3.6.1.4.1.9.9.52.3
OBJECT IDENTIFIER    

cieMIBCompliances 1.3.6.1.4.1.9.9.52.3.1
OBJECT IDENTIFIER    

cieMIBGroups 1.3.6.1.4.1.9.9.52.3.2
OBJECT IDENTIFIER    

cieMIBCompliance 1.3.6.1.4.1.9.9.52.3.1.1
The compliance statement for entities which implement the Cisco Encryption MIB
Status: current Access: read-create
MODULE-COMPLIANCE    

cieMIBGroup 1.3.6.1.4.1.9.9.52.3.2.1
A collection of objects providing information about IP crypto subsystem.
Status: current Access: read-create
OBJECT-GROUP    

Generation date: July 28, 2023, 16:18:13, Copyright © 2007 - 2022 - Circitor