IPSEC-ISAKMP-IKE-DOI-TC

File: IPSEC-ISAKMP-IKE-DOI-TC.mib (33754 bytes)

Imported modules

WATCHGUARD-MIB SNMPv2-SMI RFC1213-MIB
SNMPv2-TC

Imported symbols

watchguard experimental MODULE-IDENTITY
Unsigned32 mib-2 TEXTUAL-CONVENTION

Defined Types

IpsecDoiSituation  
The IPSEC DOI Situation provides information that can be used by the responder to make a policy determination about how to process the incoming Security Association request. It is a four (4) octet bitmask, with the following values: sitIdentityOnly 0x01 sitSecrecy 0x02 sitIntegrity 0x04 The upper two bits (0x80000000 and 0x40000000) are reserved for private use amongst cooperating systems.
TEXTUAL-CONVENTION    
  Unsigned32 0..4294967295  

IpsecDoiSecProtocolId  
These are the IPSEC DOI values for the Protocol-Id field in an ISAKMP Proposal Payload, and in all Notification Payloads. They are also used as the Protocol-ID In the Notification Payload and the Delete Payload. The values 249-255 are reserved for private use amongst cooperating systems.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), protoIsakmp(1), protoIpsecAh(2), protoIpsecEsp(3), protoIpcomp(4)  

IpsecDoiTransformIdent  
The IPSEC DOI ISAKMP Transform Identifier is an 8-bit value which identifies a key exchange protocol to be used for the negotiation. It is used in the Transform-Id field of an IKE Phase I Transform Payload. The values 249-255 are reserved for private use amongst cooperating systems.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), keyIke(1)  

IpsecDoiAhTransform  
The IPSEC DOI AH Transform Identifier is an 8-bit value which identifies a particular algorithm to be used to provide integrity protection for AH. It is used in the Tranform-ID field of a ISAKMP Transform Payload for the IPSEC DOI, when the Protocol-Id of the associated Proposal Payload is 2 (AH). The values 249-255 are reserved for private use amongst cooperating systems.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), reserved1(1), ahMd5(2), ahSha(3), ahDes(4)  

IpsecDoiEspTransform  
The IPSEC DOI ESP Transform Identifier is an 8-bit value which identifies a particular algorithm to be used to provide secrecy protection for ESP. It is used in the Tranform-ID field of a ISAKMP Transform Payload for the IPSEC DOI, when the Protocol-Id of the associated Proposal Payload is 2 (AH), 3 (ESP), and 4 (IPCOMP). The values 249-255 are reserved for private use amongst cooperating systems.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), espDesIv64(1), espDes(2), esp3Des(3), espRc5(4), espIdea(5), espCast(6), espBlowfish(7), esp3Idea(8), espDesIv32(9), espRc4(10), espNull(11)  

IpsecDoiAuthAlgorithm  
The ESP Authentication Algorithm used in the IPSEC DOI as a SA Attributes definition in the Transform Payload of Phase II of an IKE negotiation. This set of values defines the AH authentication algorithm, when the associated Proposal Payload has a Protocol-ID of 2 (AH). This set of values defines the ESP authentication algorithm, when the associated Proposal Payload has a Protocol-ID of 3 (ESP). Values 5-61439 are reserved to IANA. Values 61440-65535 are for private use. In a MIB, a value of 0 indicates that ESP has been negotiated without authentication.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), hmacMd5(1), hmacSha(2), desMac(3), kpdk(4)  

IpsecDoiIpcompTransform  
The IPSEC DOI IPCOMP Transform Identifier is an 8-bit value which identifies a particular algorithm to be used to provide IP-level compression before ESP. It is used in the Tranform-ID field of a ISAKMP Transform Payload for the IPSEC DOI, when the Protocol-Id of the associated Proposal Payload is 4 (IPCOMP). The values 1-47 are reserved for algorithms for which an RFC has been approved for publication. The values 48-63 are reserved for private use amongst cooperating systems. The values 64-255 are reserved for future expansion.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), ipcompOui(1), ipcompDeflate(2), ipcompLzs(3)  

IpsecDoiEncapsulationMode  
The Encapsulation Mode used as an IPSEC DOI SA Attributes definition in the Transform Payload of a Phase II IKE negotiation. This set of values defines encapsulation modes used for AH, ESP, and IPCOMP when the associated Proposal Payload has a Protocol-ID of 3 (ESP). Values 3-61439 are reserved to IANA. Values 61440-65535 are for private use.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), tunnel(1), transport(2)  

IpsecDoiIdentType  
The IPSEC DOI Identification Type is an 8-bit value which is used in the ID Type field as a discriminant for interpretation of the variable-length Identification Payload. The values 249-255 are reserved for private use amongst cooperating systems.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), idIpv4Addr(1), idFqdn(2), idUserFqdn(3), idIpv4AddrSubnet(4), idIpv6Addr(5), idIpv6AddrSubnet(6), idIpv4AddrRange(7), idIpv6AddrRange(8), idDerAsn1Dn(9), idDerAsn1Gn(10), idKeyId(11)  

IsakmpDOI  
These are the domain of interpretation values for the ISAKMP Protocol. They are a 32-bit value used in the Domain of Interpretation field of the Security Association Payload. Values 2-4294967295 are reserved to the IANA.
TEXTUAL-CONVENTION    
  INTEGER isakmp(0), ipsecDOI(1)  

IsakmpCertificateEncoding  
These are the values for the types of certificate-related information contained in the Certificate Data field of a Certificate Payload. They are used in the Cert Encoding field of the Certificate Payload. Values 11-255 are reserved.
TEXTUAL-CONVENTION    
  INTEGER pkcs7(1), pgp(2), dnsSignedKey(3), x509Signature(4), x509KeyExchange(5), kerberosTokens(6), crl(7), arl(8), spki(9), x509Attribute(10)  

IsakmpExchangeType  
These are the values used for the exchange types in the ISAKMP header. Values up to 31 are reserved for future DOI-independent assignment for ISAKMP. The values 240-255 are reserved for private use amongst cooperating systems.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), base(1), identityProtect(2), authOnly(3), aggressive(4), informational(5)  

IsakmpNotifyMessageType  
These are the values for the types of notification messages. They are used as the Notify Message Type field in the Notification Payload. This textual convention merges the types for error types (in the range 1-16386) and for notification types (in the range 16384-65535). The values 16001-16383 are reserved for private use as error types amongst cooperating systems. The values 24576-32767 are reserved for use in each DOI. Each DOI should have a clone of this textual convention adding local values. The values 32768-40958 are reserved for private use as notification types amongst cooperating systems.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), invalidPayloadType(1), doiNotSupported(2), situationNotSupported(3), invalidCookie(4), invalidMajorVersion(5), invalidMinorVersion(6), invalidExchangeType(7), invalidFlags(8), invalidMessageId(9), invalidProtocolId(10), invalidSpi(11), invalidTransformId(12), attributesNotSupported(13), noProposalChosen(14), badProposalSyntax(15), payloadMalformed(16), invalidKeyInformation(17), invalidIdInformation(18), invalidCertEncoding(19), invalidCertificate(20), certTypeUnsupported(21), invalidCertAuthority(22), invalidHashInformation(23), authenticationFailed(24), invalidSignature(25), addressNotification(26), notifySaLifetime(27), certificateUnavailable(28), unsupportedExchangeType(29), unequalPayloadLengths(30)  

IkeExchangeType  
These are the values used for the exchange types in the ISAKMP header. The values 32-239 are DOI-specific, these values are for the IPSec DOI used by IKE. The values 240-255 are reserved for private use amongst cooperating systems.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), base(1), mainMode(2), authOnly(3), aggressive(4), informational(5), quickMode(32), newGroupMode(33), acknowledgedInfo(34)  

IkeEncryptionAlgorithm  
Values for encryption algorithms negotiated for the ISAKMP SA by IKE in Phase I. These are values for SA Attrbute type Encryption Algorithm (1). Values 7-65000 are reserved to IANA. Values 65001-65535 are for private use among mutually consenting parties.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), desCbc(1), ideaCbc(2), blowfishCbc(3), rc5R16B64Cbc(4), tripleDesCbc(5), castCbc(6)  

IkeHashAlgorithm  
Values for hash algorithms negotiated for the ISAKMP SA by IKE in Phase I. These are values for SA Attrbute type Hash Algorithm (2). Values 4-65000 are reserved to IANA. Values 65001-65535 are for private use among mutually consenting parties.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), md5(1), sha(2), tiger(3)  

IkeAuthMethod  
Values for authentication methods negotiated for the ISAKMP SA by IKE in Phase I. These are values for SA Attrbute type Authentication Method (3). Values 6-65000 are reserved to IANA. Values 65001-65535 are for private use among mutually consenting parties.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), preSharedKey(1), dssSignatures(2), rsaSignatures(3), encryptionWithRsa(4), revisedEncryptionWithRsa(5), encryptionWithElGamal(6), revisedEncryptionWithElGamal(7)  

IkeGroupDescription  
Values for Oakley key computation groups for Diffie-Hellman exchange negotiated for the ISAKMP SA by IKE in Phase I. They are also used in Phase II when perfect forward secrecy is in use. These are values for SA Attrbute type Group Description (4).
TEXTUAL-CONVENTION    
  INTEGER reserved(0), modp768(1), modp1024(2), ec2nGalois2P155(3), ec2nGalois2P185(4), modp1536(5)  

IkeGroupType  
Values for Oakley key computation group types negotiated for the ISAKMP SA by IKE in Phase I. They are also used in Phase II when perfect forward secrecy is in use. These are values for SA Attribute type Group Type (5).
TEXTUAL-CONVENTION    
  INTEGER reserved(0), modp(1), ecp(2), ec2n(3)  

IkePrf  
Values for Pseudo-Random Functions used with with the hash algorithm negotiated for the ISAKMP SA by IKE in Phase I. There are currently no pseudo-random functions defined, the default HMAC is always used. These are values for SA Attribute type PRF (13). Values 1-65000 are reserved to IANA. Values 65001-65535 are for private use among mutually consenting parties.
TEXTUAL-CONVENTION    
  Unsigned32 0..65535  

IkeNotifyMessageType  
These are the values for the types of notification messages. They are used as the Notify Message Type field in the Notification Payload. This textual convention merges the types for error types (in the range 1-16386) and for notification types (in the range 16384-65535). This textual convention is a merge of values defined by ISAKMP with the additional values defined in the IPSEC DOI. The values 16001-16383 are reserved for private use as error types amongst cooperating systems. The values 32001-32767 are reserved for private use as notification types amongst cooperating systems.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), invalidPayloadType(1), doiNotSupported(2), situationNotSupported(3), invalidCookie(4), invalidMajorVersion(5), invalidMinorVersion(6), invalidExchangeType(7), invalidFlags(8), invalidMessageId(9), invalidProtocolId(10), invalidSpi(11), invalidTransformId(12), attributesNotSupported(13), noProposalChosen(14), badProposalSyntax(15), payloadMalformed(16), invalidKeyInformation(17), invalidIdInformation(18), invalidCertEncoding(19), invalidCertificate(20), certTypeUnsupported(21), invalidCertAuthority(22), invalidHashInformation(23), authenticationFailed(24), invalidSignature(25), addressNotification(26), notifySaLifetime(27), certificateUnavailable(28), unsupportedExchangeType(29), unequalPayloadLengths(30), responderLifetime(24576), replayStatus(24577), initialContact(24578)  

Defined Values

ipsecIsakmpIkeDoiTC 1.3.6.1.4.1.3097.100
The MIB module which defines the textual conventions used in IPSEC MIBs. This includes Internet DOI numbers defined in RFC 2407, ISAKMP numbers defined in RFC 2408, and IKE numbers defined in RFC 2409. These Textual Conventions are defined in a seperate MIB module since they are protocol numbers managed by the IANA. Revision control after publication will be under the authority of the IANA.
MODULE-IDENTITY