IPSEC-IPSECACTION-MIB
File:
IPSEC-IPSECACTION-MIB.mib (71659 bytes)
Imported modules
Imported symbols
Defined Types
IpsecDoiEncapsulationMode |
|
The Encapsulation Mode used as an IPsec DOI
SA Attributes definition in the Transform Payload
of a Phase II IKE negotiation. This set of
values defines encapsulation modes used for AH,
ESP, and IPCOMP when the associated Proposal Payload
has a Protocol-ID of 3 (ESP).
Unused values <= 61439 are reserved to IANA.
Currently assigned values at the time of this
writing:
reserved(0), -- reserved in DOI
tunnel(1),
transport(2)
Values 61440-65535 are for private use. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
0..65535 |
|
IpsecDoiAuthAlgorithm |
|
The ESP Authentication Algorithm used in the IPsec
DOI as a SA Attributes definition in the Transform
Payload of Phase II of an IKE negotiation. This
set of values defines the AH authentication
algorithm, when the associated Proposal Payload has
a Protocol-ID of 2 (AH). This set of values
defines the ESP authentication algorithm, when the
associated Proposal Payload has a Protocol-ID
of 3 (ESP).
Unused values <= 61439 are reserved to IANA.
Currently assigned values at the time of this
writing:
none(0), -- reserved in DOI, used
-- in MIBs to reflect no
-- encryption used
hmacMd5(1), -- hashed MAC using MD5
hmacSha(2), -- hashed MAC using SHA-1
desMac(3), -- DES MAC
kpdk(4), -- RFC 1826
-- Key/Pad/Data/Key
hmacSha256(5), -- hashed MAC using SHA-256
hmacSha384(6), -- hashed MAC using SHA-384
hmacSha512(7), -- hashed MAC using SHA-512
hamcRipemd(8) -- hashed MAC using
-- RIPEMD-160-96
Values 61440-65535 are for private use.
In a MIB, a value of 0 indicates that ESP
has been negotiated without authentication. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
0..65535 |
|
IpsecDoiIdentType |
|
The IPsec DOI Identification Type is an 8-bit value
which is used in the ID Type field as a discriminant
for interpretation of the variable-length
Identification Payload.
Currently assigned values at the time of this
writing:
reserved(0), -- reserved in DOI
idIpv4Addr(1), -- a single four (4) octet
-- IPv4 address
idFqdn(2), -- fully-qualified domain
-- name string
idUserFqdn(3), -- fully-qualified username
-- string
idIpv4AddrSubnet(4),
-- a range of IPv4 addresses,
-- represented by two
-- four (4) octet values,
-- where the first is an
-- address and the second
-- is a mask
idIpv6Addr(5), -- a single sixteen (16)
-- octet IPv6 address
idIpv6AddrSubnet(6),
-- a range of IPv6 addresses,
-- represented by two
-- sixteen (16) octet values,
-- where the first is an
-- address and the second
-- is a mask
idIpv4AddrRange(7), -- a range of IPv4 addresses,
-- represented by two
-- four (4) octet values,
-- where the first is the
-- beginning IPv4 address
-- and the second is the
-- ending IPv4 address
idIpv6AddrRange(8), -- a range of IPv6 addresses,
-- represented by two
-- sixteen (16) octet values,
-- where the first is the
-- beginning IPv6 address
-- and the second is the
-- ending IPv6 address
idDerAsn1Dn(9), -- the binary DER encoding of
-- ASN1 X.500
-- DistinguishedName
idDerAsn1Gn(10), -- the binary DER encoding of
-- ASN1 X.500 GeneralName
idKeyId(11) -- opaque byte stream which
-- may be used to pass
-- vendor-specific
-- information
The values 249-255 are reserved for private use
amongst cooperating systems. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
0..255 |
|
IpsaCredentialType |
|
IpsaCredentialType identifies the type of credential
contained in a corresponding IpsaIdentityFilter object. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
reserved(0), unknown(1), sharedSecret(2), x509(3), kerberos(4) |
|
IpsaIdentityFilter |
|
IpsaIdentityFilter contains a string encoded Identity Type
value to be used in comparisons against an IKE Identity
payload. Wherever this TC is used, there SHOULD be an
accompanying column which uses the IpsecDoiIdentType TC to
specify the type of data in this object.
See the IpsecDoiIdentType TC for the supported identity
types available. Note that the IpsecDoiIdentType TC
sepcifies how to encode binary values, while this object
will contain human readable string versions. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(1..256) |
|
IpsaCredentialEntry |
|
SEQUENCE |
|
|
|
|
ipsaCredName |
SnmpAdminString |
|
|
ipsaCredType |
IpsaCredentialType |
|
|
ipsaCredCredential |
OCTET STRING |
|
|
ipsaCredSize |
Integer32 |
|
|
ipsaCredMngName |
SnmpAdminString |
|
|
ipsaCredRemoteID |
OCTET STRING |
|
|
ipsaCredAdminStatus |
SpdAdminStatus |
|
|
ipsaCredLastChanged |
TimeStamp |
|
|
ipsaCredStorageType |
StorageType |
|
|
ipsaCredRowStatus |
RowStatus |
|
IpsaCredentialSegmentEntry |
|
SEQUENCE |
|
|
|
|
ipsaCredSegIndex |
Integer32 |
|
|
ipsaCredSegValue |
OCTET STRING |
|
|
ipsaCredSegLastChanged |
TimeStamp |
|
|
ipsaCredSegStorageType |
StorageType |
|
|
ipsaCredSegRowStatus |
RowStatus |
|
IpsaPeerIdentityEntry |
|
SEQUENCE |
|
|
|
|
ipsaPeerIdName |
SnmpAdminString |
|
|
ipsaPeerIdPriority |
Integer32 |
|
|
ipsaPeerIdType |
IpsecDoiIdentType |
|
|
ipsaPeerIdValue |
IpsaIdentityFilter |
|
|
ipsaPeerIdAddressType |
InetAddressType |
|
|
ipsaPeerIdAddress |
InetAddress |
|
|
ipsaPeerIdCredentialName |
SnmpAdminString |
|
|
ipsaPeerIdLastChanged |
TimeStamp |
|
|
ipsaPeerIdStorageType |
StorageType |
|
|
ipsaPeerIdRowStatus |
RowStatus |
|
Defined Values
ipsaMIB |
1.3.6.1.2.1.153.4.1 |
The MIB module defines IPsec actions for managing IPsec
Security Policy.
Copyright (C) The Internet Society (2006). This version of
this MIB module is part of RFC XXXX, see the RFC itself for
full legal notices. |
MODULE-IDENTITY |
|
|
|
ipsaSaPreActActionName |
1.3.6.1.2.1.153.4.1.1.1.1.1 |
This object contains the name of this
SaPreconfiguredActionEntry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipsaSaPreActSADirection |
1.3.6.1.2.1.153.4.1.1.1.1.2 |
This object indicates whether a row applies to egress
or ingress SAs |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IfDirection |
|
|
ipsaSaPreActActionLifetimeSec |
1.3.6.1.2.1.153.4.1.1.1.1.4 |
ipsaSaPreActActionLifetimeSec specifies how long in seconds
the security association derived from this action is used.
The default lifetime is 8 hours.
Note: the actual lifetime of the preconfigured SA will be
the lesser of the value of this object and of the value of
the MaxLifetimeSecs property of the associated transform.
A value of 0 indicates no time limit on the lifetime
of the SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaSaPreActActionLifetimeKB |
1.3.6.1.2.1.153.4.1.1.1.1.5 |
ipsaSaPreActActionLifetimeKB specifies how long the
security association derived from this action is used.
After this value in KiloBytes has passed through the
security association, this SA SHOULD be destroyed.
Note: the actual lifetime of the preconfigured SA will be
the lesser of the value of this object and of the value of
the MaxLifetimeKB property of the associated transform.
The default value, '0', indicates no kilobyte limit. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaSaPreActDoActionLogging |
1.3.6.1.2.1.153.4.1.1.1.1.6 |
ipsaSaPreActDoActionLogging specifies whether or not an
audit message SHOULD be logged when a preconfigured SA is
created. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipsaSaPreActDoPacketLogging |
1.3.6.1.2.1.153.4.1.1.1.1.7 |
ipsaSaPreActDoPacketLogging specifies whether or not an
audit message SHOULD be logged and if there is logging, how
many bytes of the packet to place in the notification. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SpdIPPacketLogging |
|
|
ipsaSaPreActDFHandling |
1.3.6.1.2.1.153.4.1.1.1.1.8 |
This object specifies how to process the DF bit in packets
sent through the preconfigured SA. This object is not used
for transport SAs. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
copy(1), set(2), clear(3) |
|
ipsaSaPreActAHSPI |
1.3.6.1.2.1.153.4.1.1.1.1.10 |
This object represents the SPI value for the AH SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipsaSaPreActAHSharedSecretName |
1.3.6.1.2.1.153.4.1.1.1.1.12 |
This object contains a name value to be used as an index
into the ipsaCredentialTable which holds the pertinent
keying information for the AH SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipsaSaPreActESPSPI |
1.3.6.1.2.1.153.4.1.1.1.1.13 |
This object represents the SPI value for the ESP SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipsaSaPreActESPEncSecretName |
1.3.6.1.2.1.153.4.1.1.1.1.15 |
This object contains a name value to be used as an index
into the ipsaCredentialTable which holds the pertinent
keying information for the encryption algorithm of the ESP
SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipsaSaPreActESPAuthSecretName |
1.3.6.1.2.1.153.4.1.1.1.1.16 |
This object contains a name value to be used as an index
into the ipsaCredentialTable which holds the pertinent
keying information for the authentication algorithm of the
ESP SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipsaSaPreActIPCompSPI |
1.3.6.1.2.1.153.4.1.1.1.1.17 |
This object represents the SPI value for the IPComp SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipsaSaPreActPeerGatewayIdName |
1.3.6.1.2.1.153.4.1.1.1.1.19 |
This object indicates the peer id name of the peer
gateway. This object can be used to look up the peer
gateway address in the ipsaPeerIdentityTable.
This object is only used when initiating a tunnel SA, and
is not used for transport SAs. If ipsaSaPreActActionType
specifies tunnel mode and this object is empty, the peer
gateway is determined from the source or destination of the
packet. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipsaSaPreActLastChanged |
1.3.6.1.2.1.153.4.1.1.1.1.20 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means.
If this row has not been modified since the last
re-initialization of the network management subsystem, this
object SHOULD have a zero value. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipsaSaPreActStorageType |
1.3.6.1.2.1.153.4.1.1.1.1.21 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipsaSaPreActRowStatus |
1.3.6.1.2.1.153.4.1.1.1.1.22 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipsaAhTranName |
1.3.6.1.2.1.153.4.1.1.2.1.1 |
This object contains the name of this AH transform. This
row
will be referred to by an ipsaIpsecTransformsEntry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipsaAhTranMaxLifetimeSec |
1.3.6.1.2.1.153.4.1.1.2.1.2 |
ipsaAhTranMaxLifetimeSec specifies how long in seconds the
security association derived from this transform SHOULD be
used.
A value of 0 indicates that the default lifetime of
8 hours SHOULD be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaAhTranMaxLifetimeKB |
1.3.6.1.2.1.153.4.1.1.2.1.3 |
ipsaAhTranMaxLifetimeKB specifies how long in kilobytes the
security association derived from this transform SHOULD be
used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaAhTranReplayProtection |
1.3.6.1.2.1.153.4.1.1.2.1.5 |
ipsaAhTranReplayProtection indicates whether or not anti
replay service is to be provided by this SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipsaAhTranReplayWindowSize |
1.3.6.1.2.1.153.4.1.1.2.1.6 |
ipsaAhTranReplayWindowSize indicates the size, in bits, of
the replay window to use if replay protection is true for
this transform. The window size is assumed to be a power
of two. If Replay Protection is false, this value can be
ignored. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaAhTranLastChanged |
1.3.6.1.2.1.153.4.1.1.2.1.7 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means.
If this row has not been modified since the last
re-initialization of the network management subsystem, this
object SHOULD have a zero value. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipsaAhTranStorageType |
1.3.6.1.2.1.153.4.1.1.2.1.8 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipsaAhTranRowStatus |
1.3.6.1.2.1.153.4.1.1.2.1.9 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipsaEspTranName |
1.3.6.1.2.1.153.4.1.1.3.1.1 |
The name of this particular espTransform be referred to by
an ipsaIpsecTransformsEntry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipsaEspTranMaxLifetimeSec |
1.3.6.1.2.1.153.4.1.1.3.1.2 |
ipsaEspTranMaxLifetimeSec specifies how long in seconds the
security association derived from this transform SHOULD be
used.
A value of 0 indicates that the default lifetime of
8 hours SHOULD be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaEspTranMaxLifetimeKB |
1.3.6.1.2.1.153.4.1.1.3.1.3 |
ipsaEspTranMaxLifetimeKB specifies how long in kilobytes
the security association derived from this transform is
used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaEspTranCipherKeyLength |
1.3.6.1.2.1.153.4.1.1.3.1.5 |
This object specifies, in bits, the key length for
the ESP cipher algorithm. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaEspTranCipherKeyRounds |
1.3.6.1.2.1.153.4.1.1.3.1.6 |
This object specifies the number of key rounds for
the ESP cipher algorithm. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaEspTranReplayPrevention |
1.3.6.1.2.1.153.4.1.1.3.1.8 |
ipsaEspTranReplayPrevention indicates whether or not
anti-replay service is to be provided by this SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipsaEspTranReplayWindowSize |
1.3.6.1.2.1.153.4.1.1.3.1.9 |
ipsaEspTranReplayWindowSize indicates the size, in bits, of
the replay window to use if replay protection is true for
this transform. The window size is assumed to be a power
of two. If Replay Protection is false, this value can be
ignored. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaEspTranLastChanged |
1.3.6.1.2.1.153.4.1.1.3.1.10 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means.
If this row has not been modified since the last
re-initialization of the network management subsystem, this
object SHOULD have a zero value. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipsaEspTranStorageType |
1.3.6.1.2.1.153.4.1.1.3.1.11 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipsaEspTranRowStatus |
1.3.6.1.2.1.153.4.1.1.3.1.12 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by a row in another table. An attempt to set it
to anything other than active while it is referenced by an
active row in another table MUST result in an
inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipsaIpcompTranName |
1.3.6.1.2.1.153.4.1.1.4.1.1 |
The name of this ipsaIpcompTransformEntry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipsaIpcompTranMaxLifetimeSec |
1.3.6.1.2.1.153.4.1.1.4.1.2 |
ipsaIpcompTranMaxLifetimeSec specifies how long in seconds
the security association derived from this transform SHOULD
be used.
A value of 0 indicates that the default lifetime of
8 hours SHOULD be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaIpcompTranMaxLifetimeKB |
1.3.6.1.2.1.153.4.1.1.4.1.3 |
ipsaIpcompTranMaxLifetimeKB specifies how long in kilobytes
the security association derived from this transform SHOULD
be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaIpcompTranDictionarySize |
1.3.6.1.2.1.153.4.1.1.4.1.5 |
If the algorithm in ipsaIpcompTranAlgorithm requires a
dictionary size configuration parameter, then this is the
place to put it. This object specifies the log2 maximum
size of the dictionary for the compression algorithm. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaIpcompTranPrivateAlgorithm |
1.3.6.1.2.1.153.4.1.1.4.1.6 |
If ipsaIpcompTranPrivateAlgorithm has a value other zero,
then it is up to the vendors implementation to determine
the meaning of this field and substitute a data compression
algorithm in place of ipsaIpcompTranAlgorithm. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsaIpcompTranLastChanged |
1.3.6.1.2.1.153.4.1.1.4.1.7 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means.
If this row has not been modified since the last
re-initialization of the network management subsystem, this
object SHOULD have a zero value. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipsaIpcompTranStorageType |
1.3.6.1.2.1.153.4.1.1.4.1.8 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipsaIpcompTranRowStatus |
1.3.6.1.2.1.153.4.1.1.4.1.9 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipsaCredentialTable |
1.3.6.1.2.1.153.4.1.1.5 |
A table of credential values. Example of Credentials are
shared secrets, certificates or kerberos tickets. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpsaCredentialEntry |
|
ipsaCredentialEntry |
1.3.6.1.2.1.153.4.1.1.5.1 |
A row in the ipsaCredentialTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsaCredentialEntry |
|
|
ipsaCredName |
1.3.6.1.2.1.153.4.1.1.5.1.1 |
This object represents the name for an entry in this table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipsaCredType |
1.3.6.1.2.1.153.4.1.1.5.1.2 |
This object represents the type of the credential for this
row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpsaCredentialType |
|
|
ipsaCredCredential |
1.3.6.1.2.1.153.4.1.1.5.1.3 |
This object represents the credential value.
If the size of the credential is greater than 1024, the
credential MUST be configured via the ipsaCredSegmentTable.
For credential type where the disclosure of the credential
would compromise the credential (e.g. shared secrets), when
this object is accessed for reading, it MUST return a null
length (0 length) string and MUST NOT return the configured
credential. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..1024) |
|
ipsaCredSize |
1.3.6.1.2.1.153.4.1.1.5.1.4 |
This value represents the size of the credential.
If this value is greater than 1024, the ipsaCreCredential
column will return an empty (0 length) string. In this
case, the value of the credential is retrived from the
ipsaCredSegmentTable.
For credential type where the disclosure of the credential
would compromise the credential (e.g. shared secrets), when
this object is accessed for reading, it MUST return a value
of 0 and MUST NOT return the size credential. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipsaCredMngName |
1.3.6.1.2.1.153.4.1.1.5.1.5 |
This value is used as an index into the
ipsaIpsecCredMngServiceTable. For IDs that have no
credential management service, this value is left blank. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipsaCredRemoteID |
1.3.6.1.2.1.153.4.1.1.5.1.6 |
This object represents the Identification (e.g. user name)
of the user of the key information on the remote site. If
there is no ID associated with this credential, the value
of this object SHOULD be the null string. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..256) |
|
ipsaCredAdminStatus |
1.3.6.1.2.1.153.4.1.1.5.1.7 |
Indicates whether this credential is considered
active. Rows with a disabled status MUST NOT be used for
any purpose, including IKE or IPSEC processing.
For credentials whose size does not execeed the maximum
size for the ipsaCredCredential, it MAY be set to enabled
during row creation. For larger credentials, it SHOULD be
left as disabled until all rows have been uploaded to the
ipsaCredSegmentTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SpdAdminStatus |
|
|
ipsaCredLastChanged |
1.3.6.1.2.1.153.4.1.1.5.1.8 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means.
If this row has not been modified since the last
re-initialization of the network management subsystem, this
object SHOULD have a zero value. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipsaCredStorageType |
1.3.6.1.2.1.153.4.1.1.5.1.9 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipsaCredRowStatus |
1.3.6.1.2.1.153.4.1.1.5.1.10 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipsaCredentialSegmentTable |
1.3.6.1.2.1.153.4.1.1.6 |
A table of credential segments. This table is used for
credentials which are larger than the maximum size allowed
for ipsaCredCredential. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpsaCredentialSegmentEntry |
|
ipsaCredentialSegmentEntry |
1.3.6.1.2.1.153.4.1.1.6.1 |
A row in the ipsaCredentialSegmentTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsaCredentialSegmentEntry |
|
|
ipsaCredSegIndex |
1.3.6.1.2.1.153.4.1.1.6.1.1 |
This object represents the segment number for this segment.
By default, each segment will be 1024 octets. However, when
this table is accessed using a context of 'ipsa4096',
'ipsa8192' or 'ipsa16384' a segment size of 4096, 8192 or
16384 (respectively) will be used instead.
The number of rows which need to be retrieved or set can be
calculated by obtaining the value of the ipsaCredSize
column from the corresponding ipsaCredentialTable row and
dividing it by the segment size. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..65535 |
|
ipsaCredSegValue |
1.3.6.1.2.1.153.4.1.1.6.1.2 |
This object represents one segment of the credential.
By default, each complete segment will be 1024 octets. (The
last row for a given credential might be smaller, if the
credential size is not a multiple of the segment size).
An implementation MAY optionally support segment sizes of
256, 4096, 8192 or the full object size when this table is
is accessed using a context of 'ipsaCred256',
'ipsaCred4096', 'ipsaCred8192' or 'ipsaCredFull'
(respectively).
The number of rows which need to be retrieved or set can be
calculated by obtaining the value of the ipsaCredSize
column from the corresponding ipsaCredentialTable row and
dividing it by the segment size. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
|
|
ipsaCredSegLastChanged |
1.3.6.1.2.1.153.4.1.1.6.1.3 |
The value of sysUpTime when this credential was last
modified or created either through SNMP SETs or by some
other external means. Note that the last changed type will
be the same for all segemnts of the credential.
If this row has not been modified since the last
re-initialization of the network management subsystem, this
object SHOULD have a zero value. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipsaCredSegStorageType |
1.3.6.1.2.1.153.4.1.1.6.1.4 |
The storage type for this row. This object is
read-only. Rows in this table have the same value as the
ipsaCrendStorageType for the corresponding row in the
ipsaCredentialTable.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipsaCredSegRowStatus |
1.3.6.1.2.1.153.4.1.1.6.1.5 |
This object indicates the conceptual status of this row.
The segment of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipsaPeerIdentityTable |
1.3.6.1.2.1.153.4.1.1.7 |
PeerIdentity is used to represent the identities that are
used for peers to identify themselves in IKE phase I/II
negotiations. PeerIdentityTable aggregates the table
entries that provide mappings between identities and their
addresses. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpsaPeerIdentityEntry |
|
ipsaPeerIdentityEntry |
1.3.6.1.2.1.153.4.1.1.7.1 |
peerIdentity matches a peer's identity to its address. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsaPeerIdentityEntry |
|
|
ipsaPeerIdName |
1.3.6.1.2.1.153.4.1.1.7.1.1 |
This is an administratively assigned value that, together
with ipsaPeerIdPriority, uniquely identifies an entry in
this table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipsaPeerIdPriority |
1.3.6.1.2.1.153.4.1.1.7.1.2 |
This object, along with ipsaPeerIdName, uniquely identifies
an entry in this table. The priority also indicates the
ordering of peer gateways from which to initiate or accept
SAs. The priority value is ordered from low to high. For
example, a row with a priority of 0 is used before a row
with a priority of 1, a 1 before a 2, etc.... |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..2147483647 |
|
ipsaPeerIdType |
1.3.6.1.2.1.153.4.1.1.7.1.3 |
ipsaPeerIdType is an enumeration identifying the type of the
Identity value. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsaPeerIdValue |
1.3.6.1.2.1.153.4.1.1.7.1.4 |
ipsaPeerIdValue contains an Identity filter to be used to
match against the identity payload in an IKE request, or
blank otherwise. If this value matches the value in the
identity payload, the credential for the peer can be found
using the ipsaPeerIdCredentialName as an index into the
credential table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpsaIdentityFilter |
|
|
ipsaPeerIdAddressType |
1.3.6.1.2.1.153.4.1.1.7.1.5 |
The property ipsaPeerIdAddressType specifies the format of
the ipsaPeerIdAddress property value. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
ipsaPeerIdAddress |
1.3.6.1.2.1.153.4.1.1.7.1.6 |
The property PeerAddress specifies the IP address of the
peer. The format is specified by the
ipsaPeerIdAddressType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipsaPeerIdCredentialName |
1.3.6.1.2.1.153.4.1.1.7.1.7 |
This value is used as an index into the ipsaCredentialTable
to look up the actual credential value and other credential
information. For peer IDs that have no associated
credential information, this value is left blank. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipsaPeerIdLastChanged |
1.3.6.1.2.1.153.4.1.1.7.1.8 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means.
If this row has not been modified since the last
re-initialization of the network management subsystem, this
object SHOULD have a zero value. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipsaPeerIdStorageType |
1.3.6.1.2.1.153.4.1.1.7.1.9 |
The storage type for this row. Rows in this table which
were created through an external process MAY have a storage
type of readOnly or permanent.
For a storage type of permanent, none of the columns have
to be writable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipsaPeerIdRowStatus |
1.3.6.1.2.1.153.4.1.1.7.1.10 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object MUST remain active if it is
referenced by an active row in another table. An attempt
to set it to anything other than active while it is
referenced by an active row in another table MUST result in
an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipsaGroups |
1.3.6.1.2.1.153.4.1.3.2 |
OBJECT IDENTIFIER |
|
|
|
ipsaIPsecCompliance |
1.3.6.1.2.1.153.4.1.3.1.1 |
The compliance statement for SNMP entities that include an
IPsec MIB implementation and supports IPsec actions.
There are a number of INDEX objects that cannot be
represented in the form of OBJECT clauses in SMIv2, but for
which we have the following compliance requirements,
expressed in OBJECT clause form in this description clause:
-- OBJECT ipsaPeerIdAddressType
-- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
-- DESCRIPTION
-- Only support for global IPv4 and IPv6 address
-- types is required.
--
-- OBJECT ipsaPeerIdAddress
-- SYNTAX InetAddress (SIZE(4|16))
-- DESCRIPTION
-- Only support for global IPv4 and IPv6 address
-- types is required.
-- |
Status: current |
Access: not-accessible |
MODULE-COMPLIANCE |
|
|
|
ipsaSharedGroup |
1.3.6.1.2.1.153.4.1.3.2.2 |
This group includes objects from tables expected
to be shared by other modules: Peer Identity Table,
Credential Table, Credential Management Service Table and
the AH, ESP, and IPComp Transform Tables. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|