IPSEC-POLICY-MIB
File:
IPSEC-POLICY-MIB.mib (237210 bytes)
Imported modules
Imported symbols
Defined Types
IpspBooleanOperator |
|
The IpspBooleanOperator operator is used to specify whether
sub-components in a decision making process are ANDed or ORed
together to decide if the resulting expression is true or
false. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
or(1), and(2) |
|
IpspAdminStatus |
|
The IpspAdminStatus is used to specify the administrative
status of an object. Objects which are disabled must not
be used by the packet processing engine. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
enabled(1), disabled(2) |
|
IpspSADirection |
|
The IpspSADirection operator is used to specify whether
or not a row should apply to outgoing or incoming SAs. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
outgoing(1), incoming(2) |
|
IpspIPPacketLogging |
|
IpspIPPacketLogging specifies whether or not an audit
message should be logged when a packet is passed through an
SA. A value of '-1' indicates no logging. A value of '0' or
greater indicates that logging should be done and how many
bytes of the beginning of the packet to place in the log.
Values greater than the size of the packet being processed
indicate that the entire packet should be sent.
Examples:
'-1' no logging
'0' log but do not include any of the packet in the log
'20' log and include the first 20 bytes of the packet in the
log. |
TEXTUAL-CONVENTION |
|
|
|
|
Integer32 |
-1..65536 |
|
IpspIdentityFilter |
|
IpspIdentityFilter contains a string encoded Identity Type
value to be used in comparisons against an IKE Identity
payload. Wherever this TC is used, there should be an
accompanying column which uses the IpsecDoiIdentType TC to
specify the type of data in this object.
See the IpsecDoiIdentType TC for the supported identity types
available. Note that the IpsecDoiIdentType TC sepcifies how
to encode binary values, while this object will contain human
readable string versions. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(1..256) |
|
IpspCredentialType |
|
IpspCredentialType identifies the type of credential
contained in a corresponding IpspIdentityFilter object. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
reserved(0), unknown(1), sharedSecret(2), x509(3), kerberos(4) |
|
IpspEndpointToGroupEntry |
|
SEQUENCE |
|
|
|
|
ipspEndGroupIdentType |
InetAddressType |
|
|
ipspEndGroupAddress |
InetAddress |
|
|
ipspEndGroupName |
SnmpAdminString |
|
|
ipspEndGroupLastChanged |
TimeStamp |
|
|
ipspEndGroupStorageType |
StorageType |
|
|
ipspEndGroupRowStatus |
RowStatus |
|
IpspGroupContentsEntry |
|
SEQUENCE |
|
|
|
|
ipspGroupContName |
SnmpAdminString |
|
|
ipspGroupContPriority |
Integer32 |
|
|
ipspGroupContFilter |
VariablePointer |
|
|
ipspGroupContComponentType |
INTEGER |
|
|
ipspGroupContComponentName |
SnmpAdminString |
|
|
ipspGroupContLastChanged |
TimeStamp |
|
|
ipspGroupContStorageType |
StorageType |
|
|
ipspGroupContRowStatus |
RowStatus |
|
IpspRuleDefinitionEntry |
|
SEQUENCE |
|
|
|
|
ipspRuleDefName |
SnmpAdminString |
|
|
ipspRuleDefDescription |
SnmpAdminString |
|
|
ipspRuleDefFilter |
VariablePointer |
|
|
ipspRuleDefFilterNegated |
TruthValue |
|
|
ipspRuleDefAction |
VariablePointer |
|
|
ipspRuleDefAdminStatus |
IpspAdminStatus |
|
|
ipspRuleDefLastChanged |
TimeStamp |
|
|
ipspRuleDefStorageType |
StorageType |
|
|
ipspRuleDefRowStatus |
RowStatus |
|
IpspCompoundFilterEntry |
|
SEQUENCE |
|
|
|
|
ipspCompFiltName |
SnmpAdminString |
|
|
ipspCompFiltDescription |
SnmpAdminString |
|
|
ipspCompFiltLogicType |
IpspBooleanOperator |
|
|
ipspCompFiltLastChanged |
TimeStamp |
|
|
ipspCompFiltStorageType |
StorageType |
|
|
ipspCompFiltRowStatus |
RowStatus |
|
IpspSubfiltersEntry |
|
SEQUENCE |
|
|
|
|
ipspSubFiltPriority |
Integer32 |
|
|
ipspSubFiltSubfilter |
VariablePointer |
|
|
ipspSubFiltSubfilterIsNegated |
TruthValue |
|
|
ipspSubFiltLastChanged |
TimeStamp |
|
|
ipspSubFiltStorageType |
StorageType |
|
|
ipspSubFiltRowStatus |
RowStatus |
|
IpspIpOffsetFilterEntry |
|
SEQUENCE |
|
|
|
|
ipspIpOffFiltName |
SnmpAdminString |
|
|
ipspIpOffFiltOffset |
Integer32 |
|
|
ipspIpOffFiltType |
INTEGER |
|
|
ipspIpOffFiltNumber |
Integer32 |
|
|
ipspIpOffFiltValue |
OCTET STRING |
|
|
ipspIpOffFiltLastChanged |
TimeStamp |
|
|
ipspIpOffFiltStorageType |
StorageType |
|
|
ipspIpOffFiltRowStatus |
RowStatus |
|
IpspTimeFilterEntry |
|
SEQUENCE |
|
|
|
|
ipspTimeFiltName |
SnmpAdminString |
|
|
ipspTimeFiltPeriodStart |
DateAndTime |
|
|
ipspTimeFiltPeriodEnd |
DateAndTime |
|
|
ipspTimeFiltMonthOfYearMask |
BITS |
|
|
ipspTimeFiltDayOfMonthMask |
OCTET STRING |
|
|
ipspTimeFiltDayOfWeekMask |
BITS |
|
|
ipspTimeFiltTimeOfDayMaskStart |
DateAndTime |
|
|
ipspTimeFiltTimeOfDayMaskEnd |
DateAndTime |
|
|
ipspTimeFiltLastChanged |
TimeStamp |
|
|
ipspTimeFiltStorageType |
StorageType |
|
|
ipspTimeFiltRowStatus |
RowStatus |
|
IpspCredentialFilterEntry |
|
SEQUENCE |
|
|
|
|
ipspCredFiltName |
SnmpAdminString |
|
|
ipspCredFiltCredentialType |
IpspCredentialType |
|
|
ipspCredFiltMatchFieldName |
OCTET STRING |
|
|
ipspCredFiltMatchFieldValue |
OCTET STRING |
|
|
ipspCredFiltAcceptCredFrom |
OCTET STRING |
|
|
ipspCredFiltLastChanged |
TimeStamp |
|
|
ipspCredFiltStorageType |
StorageType |
|
|
ipspCredFiltRowStatus |
RowStatus |
|
IpspPeerIdentityFilterEntry |
|
SEQUENCE |
|
|
|
|
ipspPeerIdFiltName |
SnmpAdminString |
|
|
ipspPeerIdFiltIdentityType |
IpsecDoiIdentType |
|
|
ipspPeerIdFiltIdentityValue |
IpspIdentityFilter |
|
|
ipspPeerIdFiltLastChanged |
TimeStamp |
|
|
ipspPeerIdFiltStorageType |
StorageType |
|
|
ipspPeerIdFiltRowStatus |
RowStatus |
|
IpspCompoundActionEntry |
|
SEQUENCE |
|
|
|
|
ipspCompActName |
SnmpAdminString |
|
|
ipspCompActExecutionStrategy |
INTEGER |
|
|
ipspCompActLastChanged |
TimeStamp |
|
|
ipspCompActStorageType |
StorageType |
|
|
ipspCompActRowStatus |
RowStatus |
|
IpspSubactionsEntry |
|
SEQUENCE |
|
|
|
|
ipspSubActPriority |
Integer32 |
|
|
ipspSubActSubActionName |
VariablePointer |
|
|
aiipspCompActLastChanged |
TimeStamp |
|
|
aiipspCompActStorageType |
StorageType |
|
|
aiipspCompActRowStatus |
RowStatus |
|
IpspSaNegotiationParametersEntry |
|
SEQUENCE |
|
|
|
|
ipspSaNegParamName |
SnmpAdminString |
|
|
ipspSaNegParamMinLifetimeSecs |
Unsigned32 |
|
|
ipspSaNegParamMinLifetimeKB |
Unsigned32 |
|
|
ipspSaNegParamRefreshThreshSecs |
Unsigned32 |
|
|
ipspSaNegParamRefreshThresholdKB |
Unsigned32 |
|
|
ipspSaNegParamIdleDurationSecs |
Unsigned32 |
|
|
ipspSaNegParamLastChanged |
TimeStamp |
|
|
ipspSaNegParamStorageType |
StorageType |
|
|
ipspSaNegParamRowStatus |
RowStatus |
|
IpspIkeActionEntry |
|
SEQUENCE |
|
|
|
|
ipspIkeActName |
SnmpAdminString |
|
|
ipspIkeActParametersName |
SnmpAdminString |
|
|
ipspIkeActThresholdDerivedKeys |
Integer32 |
|
|
ipspIkeActExchangeMode |
INTEGER |
|
|
ipspIkeActAgressiveModeGroupId |
IkeGroupDescription |
|
|
ipspIkeActIdentityType |
IpsecDoiIdentType |
|
|
ipspIkeActIdentityContext |
SnmpAdminString |
|
|
ipspIkeActPeerName |
SnmpAdminString |
|
|
ipspIkeActDoActionLogging |
TruthValue |
|
|
ipspIkeActDoPacketLogging |
IpspIPPacketLogging |
|
|
ipspIkeActVendorId |
OCTET STRING |
|
|
ipspIkeActLastChanged |
TimeStamp |
|
|
ipspIkeActStorageType |
StorageType |
|
|
ipspIkeActRowStatus |
RowStatus |
|
IpspIkeActionProposalsEntry |
|
SEQUENCE |
|
|
|
|
ipspIkeActPropPriority |
Integer32 |
|
|
ipspIkeActPropName |
SnmpAdminString |
|
|
ipspIkeActPropLastChanged |
TimeStamp |
|
|
ipspIkeActPropStorageType |
StorageType |
|
|
ipspIkeActPropRowStatus |
RowStatus |
|
IpspIkeProposalEntry |
|
SEQUENCE |
|
|
|
|
ipspIkePropLifetimeDerivedKeys |
Unsigned32 |
|
|
ipspIkePropCipherAlgorithm |
IkeEncryptionAlgorithm |
|
|
ipspIkePropCipherKeyLength |
Unsigned32 |
|
|
ipspIkePropCipherKeyRounds |
Unsigned32 |
|
|
ipspIkePropHashAlgorithm |
IkeHashAlgorithm |
|
|
ipspIkePropPrfAlgorithm |
INTEGER |
|
|
ipspIkePropVendorId |
OCTET STRING |
|
|
ipspIkePropDhGroup |
IkeGroupDescription |
|
|
ipspIkePropAuthenticationMethod |
IkeAuthMethod |
|
|
ipspIkePropMaxLifetimeSecs |
Unsigned32 |
|
|
ipspIkePropMaxLifetimeKB |
Unsigned32 |
|
|
ipspIkePropProposalLastChanged |
TimeStamp |
|
|
ipspIkePropProposalStorageType |
StorageType |
|
|
ipspIkePropProposalRowStatus |
RowStatus |
|
IpspIpsecActionEntry |
|
SEQUENCE |
|
|
|
|
ipspIpsecActName |
SnmpAdminString |
|
|
ipspIpsecActParametersName |
SnmpAdminString |
|
|
ipspIpsecActProposalsName |
SnmpAdminString |
|
|
ipspIpsecActUsePfs |
TruthValue |
|
|
ipspIpsecActVendorId |
OCTET STRING |
|
|
ipspIpsecActGroupId |
IkeGroupDescription |
|
|
ipspIpsecActPeerGatewayIdName |
OCTET STRING |
|
|
ipspIpsecActUseIkeGroup |
TruthValue |
|
|
ipspIpsecActGranularity |
INTEGER |
|
|
ipspIpsecActMode |
INTEGER |
|
|
ipspIpsecActDFHandling |
INTEGER |
|
|
ipspIpsecActDoActionLogging |
TruthValue |
|
|
ipspIpsecActDoPacketLogging |
IpspIPPacketLogging |
|
|
ipspIpsecActLastChanged |
TimeStamp |
|
|
ipspIpsecActStorageType |
StorageType |
|
|
ipspIpsecActRowStatus |
RowStatus |
|
IpspIpsecProposalsEntry |
|
SEQUENCE |
|
|
|
|
ipspIpsecPropName |
SnmpAdminString |
|
|
ipspIpsecPropPriority |
Integer32 |
|
|
ipspIpsecPropProtocolId |
IpsecDoiSecProtocolId |
|
|
ipspIpsecPropTransformsName |
SnmpAdminString |
|
|
ipspIpsecPropLastChanged |
TimeStamp |
|
|
ipspIpsecPropStorageType |
StorageType |
|
|
ipspIpsecPropRowStatus |
RowStatus |
|
IpspIkeIdentityEntry |
|
SEQUENCE |
|
|
|
|
ipspIkeIdCredentialName |
SnmpAdminString |
|
|
ipspIkeIdLastChanged |
TimeStamp |
|
|
ipspIkeIdStorageType |
StorageType |
|
|
ipspIkeIdRowStatus |
RowStatus |
|
IpspPeerIdentityEntry |
|
SEQUENCE |
|
|
|
|
ipspPeerIdName |
SnmpAdminString |
|
|
ipspPeerIdPriority |
Integer32 |
|
|
ipspPeerIdType |
IpsecDoiIdentType |
|
|
ipspPeerIdValue |
IpspIdentityFilter |
|
|
ipspPeerIdAddressType |
InetAddressType |
|
|
ipspPeerIdAddress |
InetAddress |
|
|
ipspPeerIdCredentialName |
SnmpAdminString |
|
|
ipspPeerIdLastChanged |
TimeStamp |
|
|
ipspPeerIdStorageType |
StorageType |
|
|
ipspPeerIdRowStatus |
RowStatus |
|
IpspAutostartIkeEntry |
|
SEQUENCE |
|
|
|
|
ipspAutoIkePriority |
Integer32 |
|
|
ipspAutoIkeAction |
VariablePointer |
|
|
ipspAutoIkeAddressType |
InetAddressType |
|
|
ipspAutoIkeSourceAddress |
InetAddress |
|
|
ipspAutoIkeSourcePort |
InetPortNumber |
|
|
ipspAutoIkeDestAddress |
InetAddress |
|
|
ipspAutoIkeDestPort |
InetPortNumber |
|
|
ipspAutoIkeProtocol |
Unsigned32 |
|
|
ipspAutoIkeLastChanged |
TimeStamp |
|
|
ipspAutoIkeStorageType |
StorageType |
|
|
ipspAutoIkeRowStatus |
RowStatus |
|
IpspIpsecCredMngServiceEntry |
|
SEQUENCE |
|
|
|
|
ipspIcmsName |
SnmpAdminString |
|
|
ipspIcmsDistinguishedName |
OCTET STRING |
|
|
ipspIcmsPolicyStatement |
OCTET STRING |
|
|
ipspIcmsMaxChainLength |
Integer32 |
|
|
ipspIcmsCredentialName |
SnmpAdminString |
|
|
ipspIcmsLastChanged |
TimeStamp |
|
|
ipspIcmsStorageType |
StorageType |
|
|
ipspIcmsRowStatus |
RowStatus |
|
IpspCredMngCRLEntry |
|
SEQUENCE |
|
|
|
|
ipspCmcCRLName |
SnmpAdminString |
|
|
ipspCmcDistributionPoint |
OCTET STRING |
|
|
ipspCmcThisUpdate |
OCTET STRING |
|
|
ipspCmcNextUpdate |
OCTET STRING |
|
|
ipspCmcLastChanged |
TimeStamp |
|
|
ipspCmcStorageType |
StorageType |
|
|
ipspCmcRowStatus |
RowStatus |
|
IpspRevokedCertificateEntry |
|
SEQUENCE |
|
|
|
|
ipspRctCertSerialNumber |
Unsigned32 |
|
|
ipspRctRevokedDate |
OCTET STRING |
|
|
ipspRctRevokedReason |
INTEGER |
|
|
ipspRctLastChanged |
TimeStamp |
|
|
ipspRctStorageType |
StorageType |
|
|
ipspRctRowStatus |
RowStatus |
|
IpspCredentialEntry |
|
SEQUENCE |
|
|
|
|
ipspCredName |
SnmpAdminString |
|
|
ipspCredType |
IpspCredentialType |
|
|
ipspCredCredential |
OCTET STRING |
|
|
ipspCredSize |
Integer32 |
|
|
ipspCredMngName |
SnmpAdminString |
|
|
ipspCredRemoteID |
OCTET STRING |
|
|
ipspCredAdminStatus |
IpspAdminStatus |
|
|
ipspCredLastChanged |
TimeStamp |
|
|
ipspCredStorageType |
StorageType |
|
|
ipspCredRowStatus |
RowStatus |
|
IpspCredentialSegmentEntry |
|
SEQUENCE |
|
|
|
|
ipspCredSegIndex |
Integer32 |
|
|
ipspCredSegValue |
OCTET STRING |
|
|
ipspCredSegLastChanged |
TimeStamp |
|
|
ipspCredSegStorageType |
StorageType |
|
|
ipspCredSegRowStatus |
RowStatus |
|
Defined Values
ipspMIB |
1.3.6.1.2.1.1 |
The MIB module for defining IPsec Policy filters and actions.
Copyright (C) The Internet Society (2003). This version of this
MIB module is part of RFC XXXX, see the RFC itself for full
legal notices. |
MODULE-IDENTITY |
|
|
|
ipspSystemPolicyGroupName |
1.3.6.1.2.1.1.1.1.1 |
This object indicates the policy group containing the global
system policy that is to be applied when a given endpoint
does not contain a policy definition. Its value can be used
as an index into the ipspGroupContentsTable to retrieve a
list of policies. A zero length string indicates no system
wide policy exists and the default policy of 'accept' should
be executed until one is imposed by either this object or by
the endpoint processing a given packet. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipspEndpointToGroupTable |
1.3.6.1.2.1.1.1.2 |
This table is used to map policy (groupings) onto an endpoint
where traffic is to pass by. Any policy group assigned to an
endpoint is then used to control access to the traffic
passing by it.
If an endpoint has been configured with a policy group and no
contained rule matches the incoming packet, the default
action in this case shall be to drop the packet.
If no policy group has been assigned to an endpoint, then the
policy group specified by ipspSystemPolicyGroupName should be
used for the endpoint. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspEndpointToGroupEntry |
|
ipspEndpointToGroupEntry |
1.3.6.1.2.1.1.1.2.1 |
A mapping assigning a policy group to an endpoint. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspEndpointToGroupEntry |
|
|
ipspEndGroupIdentType |
1.3.6.1.2.1.1.1.2.1.1 |
The Internet Protocol version of the address associated with
a given endpoint. All addresses are represented as an array
of octets in network byte order. When combined with the
ipspEndGroupAddress these objects can be used to uniquely
identify an endpoint that a set of policy groups should be
applied to. Devices supporting IPv4 MUST support the ipv4
value, and devices supporting IPv6 MUST support the ipv6
value.
Values of unknown, ipv4z, ipv6z and dns are not legal values
for this object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
ipspEndGroupAddress |
1.3.6.1.2.1.1.1.2.1.2 |
The address of a given endpoint, the format of which is
specified by the ipspEndGroupIdentType object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
InetAddress |
Size(4|16) |
|
ipspEndGroupName |
1.3.6.1.2.1.1.1.2.1.3 |
The policy group name to apply to this endpoint. The
value of the ipspEndGroupName object should then be used as
an index into the ipspGroupContentsTable to come up with a
list of rules that MUST be applied to this endpoint. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspEndGroupLastChanged |
1.3.6.1.2.1.1.1.2.1.4 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspEndGroupStorageType |
1.3.6.1.2.1.1.1.2.1.5 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspEndGroupRowStatus |
1.3.6.1.2.1.1.1.2.1.6 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object may not be set to active until one or more active
rows exist within the ipspGroupContentsTable for the group
referenced by the ipspEndGroupName object. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspGroupContentsTable |
1.3.6.1.2.1.1.1.3 |
This table contains a list of rules and/or subgroups
contained within a given policy group. The entries are
sorted by the ipspGroupContPriority object and MUST be
executed in order according to this value, starting with the
lowest value. Once a group item has been processed, the
processor MUST stop processing this packet if an action was
executed as a result of the processing of a given group.
Iterating into the next policy group item by finding the next
largest ipspGroupContPriority object shall only be done if no
actions were run when processing the last item for a given
packet. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspGroupContentsEntry |
|
ipspGroupContentsEntry |
1.3.6.1.2.1.1.1.3.1 |
Defines a given sub-item within a policy group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspGroupContentsEntry |
|
|
ipspGroupContPriority |
1.3.6.1.2.1.1.1.3.1.2 |
The priority (sequence number) of the sub-component in this
group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65536 |
|
ipspGroupContFilter |
1.3.6.1.2.1.1.1.3.1.3 |
ipspGroupContFilter points to a filter which is evaluated
to determine whether the sub-component within this group
should be exercised. Managers can use this object to
classify groups of rules or subgroups together in order to
achieve a greater degree of control and optimization over the
execution order of the items within the group. If the filter
evaluates to false, the rule or subgroup will be skipped and
the next rule or subgroup will be evaluated instead.
An example usage of this object would be to limit a group of
rules to executing only when the IP packet being process is
designated to be processed by IKE. This effecitevly creates
a group of IKE specific rules.
This MIB defines the following tables and scalars which may
be pointed to by this column. Implementations may choose to
provide support for other filter tables or scalars as well:
ipspIpHeaderFilterTable
ipspIpOffsetFilterTable
ipspTimeFilterTable
ipspCompoundFilterTable
ipspTrueFilter
If this column is set to a VariablePointer value which
references a non-existent row in an otherwise supported
table, the inconsistentName exception should be returned. If
the table or scalar pointed to by the VariablePointer is not
supported at all, then an inconsistentValue exception should
be returned. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
ipspGroupContComponentType |
1.3.6.1.2.1.1.1.3.1.4 |
Indicates whether the ipspGroupContComponentName object is
the name of another group defined within the
ipspGroupContentsTable or is the name of a rule defined
within the ipspRuleDefinitionTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
reserved(0), group(1), rule(2) |
|
ipspGroupContComponentName |
1.3.6.1.2.1.1.1.3.1.5 |
The name of the policy rule or subgroup contained within this
group, as indicated by the ipspGroupContComponentType
object. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspGroupContLastChanged |
1.3.6.1.2.1.1.1.3.1.6 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspGroupContStorageType |
1.3.6.1.2.1.1.1.3.1.7 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspGroupContRowStatus |
1.3.6.1.2.1.1.1.3.1.8 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object may not be set to active until the row to which
the ipspGroupContComponentName points to exists. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspRuleDefinitionTable |
1.3.6.1.2.1.1.1.4 |
This table defines a policy rule by associating a filter or a
set of filters to an action to be executed. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspRuleDefinitionEntry |
|
ipspRuleDefinitionEntry |
1.3.6.1.2.1.1.1.4.1 |
A row defining a particular policy definition. A rule
definition binds a filter pointer to an action pointer. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspRuleDefinitionEntry |
|
|
ipspRuleDefName |
1.3.6.1.2.1.1.1.4.1.1 |
ipspRuleDefName is the administratively assigned name of the
rule referred to by the ipspGroupContComponentName object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspRuleDefDescription |
1.3.6.1.2.1.1.1.4.1.2 |
A user definable string. This field may be used for your
administrative tracking purposes. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
ipspRuleDefFilter |
1.3.6.1.2.1.1.1.4.1.3 |
ipspRuleDefFilter points to a filter which is used to
evaluate whether the action associated with this row should
be fired or not. The action will only fire if the filter
referenced by this object evaluates to TRUE after first
applying any negation required by the
ipspRuleDefFilterNegated object.
This MIB defines the following tables and scalars which may
be pointed to by this column. Implementations may choose to
provide support for other filter tables or scalars as well:
ipspIpHeaderFilterTable
ipspIpOffsetFilterTable
ipspTimeFilterTable
ipspCompoundFilterTable
ipspTrueFilter
If this column is set to a VariablePointer value which
references a non-existent row in an otherwise supported
table, the inconsistentName exception should be returned. If
the table or scalar pointed to by the VariablePointer is not
supported at all, then an inconsistentValue exception should
be returned. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
ipspRuleDefFilterNegated |
1.3.6.1.2.1.1.1.4.1.4 |
ipspRuleDefFilterNegated specifies whether the filter
referenced by the ipspRuleDefFilter object should be negated
or not. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipspRuleDefAction |
1.3.6.1.2.1.1.1.4.1.5 |
This column points to the action to be taken. It may, but is
not limited to, point to a row in one of the following
tables:
ipspCompoundActionTable
ipspSaPreconfiguredActionTable
ipspIkeActionTable
ipspIpsecActionTable
It may also point to one of the scalar objects beneath
ipspStaticActions.
If this object is set to a pointer to a row in an unsupported
(or unknown) table, an inconsistentValue error should be
returned.
If this object is set to point to a non-existent row in an
otherwise supported table, an inconsistentName error should
be returned. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
ipspRuleDefAdminStatus |
1.3.6.1.2.1.1.1.4.1.6 |
Indicates whether the current rule definition should be
considered active. If enabled, it should be evaluated when
processing packets. If disabled, packets should continue to
be processed by the rest of the rules defined in the
ipspGroupContentsTable as if this rule's filters had
effectively failed. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpspAdminStatus |
|
|
ipspRuleDefLastChanged |
1.3.6.1.2.1.1.1.4.1.7 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspRuleDefStorageType |
1.3.6.1.2.1.1.1.4.1.8 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspRuleDefRowStatus |
1.3.6.1.2.1.1.1.4.1.9 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object may not be set to active until the containing
contitions, filters and actions have been defined. Once
active, it must remain active until no policyGroupContents
entries are referencing it. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspCompoundFilterTable |
1.3.6.1.2.1.1.1.5 |
A table defining a compound set of filters and their
associated parameters. A row in this table can either be
pointed to by a ipspRuleDefFilter object or by a ficSubFilter
object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspCompoundFilterEntry |
|
ipspCompoundFilterEntry |
1.3.6.1.2.1.1.1.5.1 |
An entry in the ipspCompoundFilterTable. A filter defined by
this table is considered to have a TRUE return value if and
only if:
ipspCompFiltLogicType is AND and all of the sub-filters
associated with it, as defined in the ipspSubfiltersTable,
are all true themselves (after applying any requried
negation as defined by the ficFilterIsNegated object).
ipspCompFiltLogicType is OR and at least one of the
sub-filters associated with it, as defined in the
ipspSubfiltersTable, is true itself (after applying any
requried negation as defined by the ficFilterIsNegated
object). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspCompoundFilterEntry |
|
|
ipspCompFiltName |
1.3.6.1.2.1.1.1.5.1.1 |
A user definable string. You may use this field for your
administrative tracking purposes. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspCompFiltDescription |
1.3.6.1.2.1.1.1.5.1.2 |
A user definable string. You may use this field for your
administrative tracking purposes. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
ipspCompFiltLogicType |
1.3.6.1.2.1.1.1.5.1.3 |
Indicates whether the filters contained within this filter
are functionally ANDed or ORed together. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpspBooleanOperator |
|
|
ipspCompFiltLastChanged |
1.3.6.1.2.1.1.1.5.1.4 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspCompFiltStorageType |
1.3.6.1.2.1.1.1.5.1.5 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspCompFiltRowStatus |
1.3.6.1.2.1.1.1.5.1.6 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
Once active, it may not have its value changed if any active
rows in the ipspRuleDefinitionTable are currently pointing
at this row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspSubfiltersTable |
1.3.6.1.2.1.1.1.6 |
This table defines a list of filters contained within a given
compound filter set defined in the ipspCompoundFilterTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspSubfiltersEntry |
|
ipspSubfiltersEntry |
1.3.6.1.2.1.1.1.6.1 |
An entry into the list of filters for a given compound
filter. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspSubfiltersEntry |
|
|
ipspSubFiltPriority |
1.3.6.1.2.1.1.1.6.1.1 |
The priority of a given filter within a condition.
Implementations MAY choose to follow the ordering indicated
by the manager that created the rows in order to allow the
manager to intelligently construct filter lists such that
faster filters are evaluated first. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65536 |
|
ipspSubFiltSubfilter |
1.3.6.1.2.1.1.1.6.1.2 |
The location of the contained filter. The value of this
column should be a VariablePointer which references the
properties for the filter to be included in this compound
filter.
This MIB defines the following tables and scalars which may
be pointed to by this column. Implementations may choose to
provide support for other filter tables or scalars as well:
ipspIpHeaderFilterTable
ipspIpOffsetFilterTable
ipspTimeFilterTable
ipspCompoundFilterTable
ipspTrueFilter
If this column is set to a VariablePointer value which
references a non-existent row in an otherwise supported
table, the inconsistentName exception should be returned. If
the table or scalar pointed to by the VariablePointer is not
supported at all, then an inconsistentValue exception should
be returned. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
ipspSubFiltLastChanged |
1.3.6.1.2.1.1.1.6.1.4 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspSubFiltStorageType |
1.3.6.1.2.1.1.1.6.1.5 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspSubFiltRowStatus |
1.3.6.1.2.1.1.1.6.1.6 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object can not be made active until the filter
referenced by the ficSubFilter object is both defined and is
active. An attempt to do so will result in an
inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspTrueFilter |
1.3.6.1.2.1.1.1.7.1 |
This scalar indicates a (automatic) true result for a
filter. I.e. this is a filter that is always true,
useful for adding as a default filter for a default
action or a set of actions. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspIkePhase1Filter |
1.3.6.1.2.1.1.1.7.2 |
This static filter can be used to test if a packet is
part of an IKE phase-1 negotiation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspIkePhase2Filter |
1.3.6.1.2.1.1.1.7.3 |
This static filter can be used to test if a packet is
part of an IKE phase-2 negotiation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspIpHeadFiltType |
1.3.6.1.2.1.1.1.8.1.2 |
This defines the various tests that are used when evaluating
a given filter. The results of each test are ANDed together
to produce the result of the entire filter. When processing
this filter, it is recommended for efficiency reasons that
the filter halt processing the instant any of the specified
tests fail.
Once a row is 'active', this object's value may not be
changed unless all the appropriate columns needed by the new
value to be imposed on this object have been appropriately
configured.
The various tests definable in this table are as follows:
sourceAddress:
- Tests if the source address in the packet lies between
the ipspIpHeadFiltSrcAddressBegin and
ipspIpHeadFiltSrcAddressEnd objects.
Note that setting these two objects to the same address
will limit the search to the exact match of a single
address. The format and length of the address objects
are defined by the ipspIpHeadFiltIPVersion column.
A row in this table containing a ipspIpHeadFiltType
object with the sourceAddress object bit but without the
ipspIpHeadFiltIPVersion, ipspIpHeadFiltSrcAddressBegin
and ipspIpHeadFiltSrcAddressEnd objects set will cause
the ipspIpHeadFiltRowStatus object to return the notReady
state.
destinationAddress:
- Tests if the destination address in the packet lies
between the ipspIpHeadFiltDstAddressBegin and
ipspIpHeadFiltDstAddressEnd objects. Note that setting
these two objects to the same address will limit the
search to the exact match of a single address. The
format and length of the address objects are defined by
the ipspIpHeadFiltIPVersion column.
A row in this table containing a ipspIpHeadFiltType
object with the destinationAddress object bit but without
the ipspIpHeadFiltIPVersion,
ipspIpHeadFiltDstAddressBegin and
ipspIpHeadFiltDstAddressEnd objects set will cause the
ipspIpHeadFiltRowStatus object to return the notReady
state.
sourcePort:
- Tests if the source port of IP packets using a protocol
that uses port numbers (at this time, UDP or TCP) lies
between the ipspIpHeadFiltSrcLowPort and
ipspIpHeadFiltSrcHighPort objects. Note that setting
these two objects to the same address will limit the
search to the exact match of a single port.
A row in this table containing a ipspIpHeadFiltType
object with the sourcePort object bit but without the
ipspIpHeadFiltSrcLowPort, and ipspIpHeadFiltSrcHighPort
objects set will cause the ipspIpHeadFiltRowStatus object
to return the notReady state.
destinationPort:
- Tests if the source port of IP packets using a protocol
that uses port numbers (at this time, UDP or TCP) lies
between the ipspIpHeadFiltDstLowPort and
ipspIpHeadFiltDstHighPort objects. Note that setting
these two objects to the same address will limit the
search to the exact match of a single port.
A row in this table containing a ipspIpHeadFiltType
object with the sourcePort object bit but without the
ipspIpHeadFiltDstLowPort, and ipspIpHeadFiltDstHighPort
objects set will cause the ipspIpHeadFiltRowStatus object
to return the notReady state.
protocol:
- Tests to see if the packet being processed is for the
given protocol type.
A row in this table containing a ipspIpHeadFiltType
object with the protocol object bit but without the
ipspIpHeadFiltProtocol object set will cause the
ipspIpHeadFiltRowStatus object to return the notReady
state.
ipv6FlowLabel:
- Tests to see if the packet being processed contains an
ipv6 Flow Label which matches the value in the
ipfIPv6FlowLabel object. Setting this bit mandates that
for the packet to match the filter, it must be an IPv6
packet.
A row in this table containing a ipspIpHeadFiltType
object with the ipv6FlowLabel object bit but without the
ipfIPv6FlowLabel object set will cause the
ipspIpHeadFiltRowStatus object to return the notReady
state. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
BITS |
sourceAddress(0), destinationAddress(1), sourcePort(2), destinationPort(3), protocol(4), ipv6FlowLabel(5) |
|
ipspIpHeadFiltIPVersion |
1.3.6.1.2.1.1.1.8.1.3 |
The Internet Protocol version the addresses are to match
against. The value of this property determines the size and
format of the ipspIpHeadFiltSrcAddressBegin,
ipspIpHeadFiltSrcAddressEnd, ipspIpHeadFiltDstAddressBegin,
and ipspIpHeadFiltDstAddressEnd objects.
Values of unknown, ipv4z, ipv6z and dns are not legal values
for this object. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
ipspIpHeadFiltSrcAddressBegin |
1.3.6.1.2.1.1.1.8.1.4 |
The starting address of a source address range that the
packet must match against for this filter to be considered
TRUE.
This object is only used if sourceAddress is set in
ipspIpHeadFiltType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipspIpHeadFiltSrcAddressEnd |
1.3.6.1.2.1.1.1.8.1.5 |
The ending address of a source address range to check a
packet against, where the starting is specified by the
ipspIpHeadFiltSrcAddressBegin object. Set this column to the
same value as the ipspIpHeadFiltSrcAddressBegin column to get
an exact single address match.
This object is only used if sourceAddress is set in
ipspIpHeadFiltType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipspIpHeadFiltDstAddressBegin |
1.3.6.1.2.1.1.1.8.1.6 |
The starting address of a destination address range that the
packet must match against for this filter to be considered
TRUE.
This object is only used if destinationAddress is set in
ipspIpHeadFiltType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipspIpHeadFiltDstAddressEnd |
1.3.6.1.2.1.1.1.8.1.7 |
The ending address of a destination address range to check a
packet against, where the first is specified by the
ipspIpHeadFiltDstAddressBegin object. Set this column to the
same value as the ipspIpHeadFiltDstAddressBegin column to get
an exact single address match.
This object is only used if destinationAddress is set in
ipspIpHeadFiltType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipspIpHeadFiltSrcLowPort |
1.3.6.1.2.1.1.1.8.1.8 |
The low port of the port range a packet's source must match
against. To match, the port number must be greater than or
equal to this value.
This object is only used if sourcePort is set in
ipspIpHeadFiltType.
The value of 0 for this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
ipspIpHeadFiltSrcHighPort |
1.3.6.1.2.1.1.1.8.1.9 |
The high port of the port range a packet's source must match
against. To match, the port number must be less than or
equal to this value.
This object is only used if sourcePort is set in
ipspIpHeadFiltType.
The value of 0 for this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
ipspIpHeadFiltDstLowPort |
1.3.6.1.2.1.1.1.8.1.10 |
The low port of the port range a packet's destination must
match against. To match, the port number must be greater
than or equal to this value.
This object is only used if destinationPort is set in
ipspIpHeadFiltType.
The value of 0 for this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
ipspIpHeadFiltDstHighPort |
1.3.6.1.2.1.1.1.8.1.11 |
The high port of the port range a packet's destination must
match against. To match, the port number must be less than
or equal to this value.
This object is only used if destinationPort is set in
ipspIpHeadFiltType.
The value of 0 for this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
ipspIpHeadFiltProtocol |
1.3.6.1.2.1.1.1.8.1.12 |
The protocol number the incoming packet must match against
for this filter to be evaluated as true.
This object is only used if protocol is set in
ipspIpHeadFiltType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
ipspIpHeadFiltIPv6FlowLabel |
1.3.6.1.2.1.1.1.8.1.13 |
The IPv6 Flow Label that the packet must match against.
This object is only used if ipv6FlowLabel is set in
ipspIpHeadFiltType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..1048575 |
|
ipspIpHeadFiltLastChanged |
1.3.6.1.2.1.1.1.8.1.14 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIpHeadFiltStorageType |
1.3.6.1.2.1.1.1.8.1.15 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIpHeadFiltRowStatus |
1.3.6.1.2.1.1.1.8.1.16 |
This object indicates the conceptual status of this row.
This object may not be set to active if the requirements of
the ipspIpHeadFiltType object are not met. In other words,
if the associated value columns needed by a particular test
have not been set, then attempting to change this row to an
active state will result in an inconsistentValue error. See
the ipspIpHeadFiltType object description for further
details. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIpOffsetFilterTable |
1.3.6.1.2.1.1.1.9 |
This table contains a list of filter definitions to be used
within the ipspRuleDefinitionTable or the
ipspSubfilterTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspIpOffsetFilterEntry |
|
ipspIpOffsetFilterEntry |
1.3.6.1.2.1.1.1.9.1 |
A definition of a particular filter. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspIpOffsetFilterEntry |
|
|
ipspIpOffFiltOffset |
1.3.6.1.2.1.1.1.9.1.2 |
This is the byte offset from the front of the IP packet where
the value or arithmetic comparison is done. A value of '0'
indicates the first byte in the packet. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65536 |
|
ipspIpOffFiltType |
1.3.6.1.2.1.1.1.9.1.3 |
This defines the various tests that are used when evaluating
a given filter.
Once a row is 'active', this object's value may not be
changed unless the appropriate columns, ipspIpOffFiltNumber
or ipspIpOffFiltValue, needed by the new value to be imposed
on this object have been appropriately configured.
The various tests definable in this table are as follows:
valueMatch:
- Tests if the OCTET STRING, 'ipspIpOffFiltValue', matches
a value in the packet starting at the given offset in the
packet and comparing the entire OCTET STRING of
'ipspIpOffFiltValue'.
valueNotMatch:
- Tests if the OCTET STRING, 'ipspIpOffFiltValue', does not
match a value in the packet starting at the given offset
in the packet and comparing to the entire OCTET STRING of
'ipspIpOffFiltValue'.
arithmeticEqual:
- Tests if the Integer32, 'ipspIpOffFiltNumber', is
arithmetically equal ('=') to the 4 byte value starting
at the given offset within the packet. The value in the
packet is assumed to be in network byte order.
arithmeticNotEqual:
- Tests if the Integer32, 'ipspIpOffFiltNumber', is
arithmetically not equal ('!=') to the 4 byte value
starting at the given offset within the packet. The
value in the packet is assumed to be in network byte
order.
arithmeticLess:
- Tests if the Integer32, 'ipspIpOffFiltNumber', is
arithmetically less than ('<') the 4 byte value starting
at the given offset within the packet. The value in the
packet is assumed to be in network byte order.
arithmeticGreaterOrEqual:
- Tests if the Integer32, 'ipspIpOffFiltNumber', is
arithmetically greater than or equal to ('>=') the 4 byte
value starting at the given offset within the packet.
The value in the packet is assumed to be in network byte
order.
arithmeticGreater:
- Tests if the Integer32, 'ipspIpOffFiltNumber', is
arithmetically greater than ('>') the 4 byte value
starting at the given offset within the packet. The
value in the packet is assumed to be in network byte
order.
arithmeticLessOrEqual:
- Tests if the Integer32, 'ipspIpOffFiltNumber', is
arithmetically less than or equal to ('<=') the 4 byte
value starting at the given offset within the packet.
The value in the packet is assumed to be in network byte
order. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
valueMatch(1), valueNotMatch(2), arithmeticEqual(3), arithmeticNotEqual(4), arithmeticLess(5), arithmeticGreaterOrEqual(6), arithmeticGreater(7), arithmeticLessOrEqual(8) |
|
ipspIpOffFiltNumber |
1.3.6.1.2.1.1.1.9.1.4 |
ipspIpOffFiltNumber is used for arithmetic matching of a
packets at ipspIpOffFiltOffset. This object is only used if
one of
the arithmetic types is chosen in ipspIpOffFiltType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65536 |
|
ipspIpOffFiltValue |
1.3.6.1.2.1.1.1.9.1.5 |
ipspIpOffFiltValue is used for match comparisons of a packet at
ipspIpOffFiltOffset. This object is only used if one of the
match types is chosen in ipspIpOffFiltType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..1024) |
|
ipspIpOffFiltLastChanged |
1.3.6.1.2.1.1.1.9.1.6 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIpOffFiltStorageType |
1.3.6.1.2.1.1.1.9.1.7 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIpOffFiltRowStatus |
1.3.6.1.2.1.1.1.9.1.8 |
This object indicates the conceptual status of this row.
This object may not be set to active if the requirements of
the ipspIpOffFiltType object are not met. In other words, if
the associated value columns needed by a particular test have
not been set, then attempting to change this row to an active
state will result in an inconsistentValue error. See the
ipspIpOffFiltType object description for further details. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspTimeFilterTable |
1.3.6.1.2.1.1.1.10 |
Defines a table of filters which can be used to effectively
enable or disable policies based on a valid time range. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspTimeFilterEntry |
|
ipspTimeFilterEntry |
1.3.6.1.2.1.1.1.10.1 |
A row describing a given time frame for which a policy may be
filtered on to place the rule active or inactive. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspTimeFilterEntry |
|
|
ipspTimeFiltName |
1.3.6.1.2.1.1.1.10.1.1 |
An administratively assigned name for this filter. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspTimeFiltPeriodStart |
1.3.6.1.2.1.1.1.10.1.2 |
The starting time period for this filter. In addition to a
normal DateAndTime string, this object may be set to the
OCTET STRING value THISANDPRIOR which indicates that the
filter is valid from any time before now up until (at least)
now. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
DateAndTime |
|
|
ipspTimeFiltPeriodEnd |
1.3.6.1.2.1.1.1.10.1.3 |
The ending time period for this filter. In addition to a
normal DateAndTime string, this object may be set to the
OCTET STRING value THISANDFUTURE which indicates that the
filter is valid without an ending date and/or time. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
DateAndTime |
|
|
ipspTimeFiltMonthOfYearMask |
0.1.2.3.4.5.6.7.8.9.10.11.1.3.6.1.2.1.1.1.10.1.4 |
A bit mask which overlays the ipspTimeFiltPeriodStart to
ipspTimeFiltPeriodEnd date range to further restrict the time
period to a restricted set of months of the year. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
BITS |
january(0), february(1), march(2), april(3), may(4), june(5), july(6), august(7), september(8), october(9), november(10), december(11) |
|
ipspTimeFiltDayOfMonthMask |
1.3.6.1.2.1.1.1.10.1.5 |
Defines which days of the month this time period is valid
for. It is a sequence of 32 BITS, where each BIT represents
a corresponding day of the month starting from the left most
bit being equal to the first day of the month. The last bit
in the string MUST be zero. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(4) |
|
ipspTimeFiltDayOfWeekMask |
0.1.2.3.4.5.6.1.3.6.1.2.1.1.1.10.1.6 |
A bit mask which overlays the ipspTimeFiltPeriodStart to
ipspTimeFiltPeriodEnd date range to further restrict the time
period to a restricted set of days within a given week. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
BITS |
monday(0), tuesday(1), wednesday(2), thursday(3), friday(4), saturday(5), sunday(6) |
|
ipspTimeFiltTimeOfDayMaskStart |
1.3.6.1.2.1.1.1.10.1.7 |
Indicates the starting time of day for which this filter
evaluates to true. The date portions of the DateAndTime TC
are ignored for purposes of evaluating this mask and only the
time specific portions are used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
DateAndTime |
|
|
ipspTimeFiltTimeOfDayMaskEnd |
1.3.6.1.2.1.1.1.10.1.8 |
Indicates the ending time of day for which this filter
evaluates to true. The date portions of the DateAndTime TC
are ignored for purposes of evaluating this mask and only the
time specific portions are used. If this starting and ending
time values indicated by the ipspTimeFiltTimeOfDayMaskStart
and ipspTimeFiltTimeOfDayMaskEnd objects are equal, the
filter is expected to be evaluated over the entire 24 hour
period. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
DateAndTime |
|
|
ipspTimeFiltLastChanged |
1.3.6.1.2.1.1.1.10.1.9 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspTimeFiltStorageType |
1.3.6.1.2.1.1.1.10.1.10 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspTimeFiltRowStatus |
1.3.6.1.2.1.1.1.10.1.11 |
This object indicates the conceptual status of this row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIpsoHeadFiltType |
1.3.6.1.2.1.1.1.11.1.2 |
The IPSO header fields to match the value against. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
BITS |
classificationLevel(0), protectionAuthority(1) |
|
ipspIpsoHeadFiltClassification |
1.3.6.1.2.1.1.1.11.1.3 |
The IPSO classification header field value must match the
value in this column if the classificationLevel bit is set in
the ipspIpsoHeadFiltType field.
The values of these enumerations are defined by RFC1108. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
topSecret(61), secret(90), confidential(150), unclassified(171) |
|
ipspIpsoHeadFiltProtectionAuth |
1.3.6.1.2.1.1.1.11.1.4 |
The IPSO protection authority header field value must match
the value in this column if the protection authority bit is
set in the ipspIpsoHeadFiltType field.
The values of these enumerations are defined by RFC1108.
Hence the reason the SMIv2 convention of not using 0 in enum
lists is violated here. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
genser(0), siopesi(1), sci(2), nsa(3), doe(4) |
|
ipspIpsoHeadFiltLastChanged |
1.3.6.1.2.1.1.1.11.1.5 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIpsoHeadFiltStorageType |
1.3.6.1.2.1.1.1.11.1.6 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIpsoHeadFiltRowStatus |
1.3.6.1.2.1.1.1.11.1.7 |
This object indicates the conceptual status of this row.
This object may not be set to active if the requirements of
the ipspIpsoHeadFiltType object are not met. In other words,
if the associated value columns needed by a particular test
have not been set, then attempting to change this row to an
active state will result in an inconsistentValue error. See
the ipspIpsoHeadFiltType object description for further
details. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspCredentialFilterTable |
1.3.6.1.2.1.1.1.12 |
This table defines filters which can be used to match
credentials of IKE peers, where the credentials in question
have been obtained from an IKE phase 1 exchange. They may be
X.509 certificates, Kerberos tickets, etc... |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspCredentialFilterEntry |
|
ipspCredentialFilterEntry |
1.3.6.1.2.1.1.1.12.1 |
A row defining a particular credential filter |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspCredentialFilterEntry |
|
|
ipspCredFiltName |
1.3.6.1.2.1.1.1.12.1.1 |
The administrative name of this filter. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspCredFiltMatchFieldName |
1.3.6.1.2.1.1.1.12.1.3 |
The piece of the credential to match against. Examples:
serialNumber, signatureAlgorithm, issuerName or subjectName.
For credential types without fields (e.g. shared secrec),
this field should be left empty, and the entire credential
will be matched against the ipspCredFiltMatchFieldValue. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..256) |
|
ipspCredFiltMatchFieldValue |
1.3.6.1.2.1.1.1.12.1.4 |
The value that the field indicated by the
ipspCredFiltMatchFieldName must match against for the filter
to be considered TRUE. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..4096) |
|
ipspCredFiltAcceptCredFrom |
1.3.6.1.2.1.1.1.12.1.5 |
This value is used to look up a row in the
ipspIpsecCredMngServiceTable for the Certificate Authority (CA)
Information. This value is empty if there is no CA used for
this filter. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..117) |
|
ipspCredFiltLastChanged |
1.3.6.1.2.1.1.1.12.1.6 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspCredFiltStorageType |
1.3.6.1.2.1.1.1.12.1.7 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspCredFiltRowStatus |
1.3.6.1.2.1.1.1.12.1.8 |
This object indicates the conceptual status of this row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspPeerIdentityFilterTable |
1.3.6.1.2.1.1.1.13 |
This table defines filters which can be used to match
credentials of IKE peers, where the credentials in question
have been obtained from an IKE phase 1 exchange. They may be
X.509 certificates, Kerberos tickets, etc... |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspPeerIdentityFilterEntry |
|
ipspPeerIdentityFilterEntry |
1.3.6.1.2.1.1.1.13.1 |
A row defining a particular credential filter |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspPeerIdentityFilterEntry |
|
|
ipspPeerIdFiltIdentityValue |
1.3.6.1.2.1.1.1.13.1.3 |
The string representation of the value that the peer ID
payload value must match against. Wildcard mechanisms MUST be
supported such that:
- a ipspPeerIdFiltIdentityValue of '*@example.com' will match
a userFqdn ID payload of 'JDOE@EXAMPLE.COM'
- a ipspPeerIdFiltIdentityValue of '*.example.com' will match
a fqdn ID payload of 'WWW.EXAMPLE.COM'
- a ipspPeerIdFiltIdentityValue of:
'cn=*,ou=engineering,o=company,c=us'
will match a DER DN ID payload of
'cn=John Doe,ou=engineering,o=company,c=us'
- a ipspPeerIdFiltIdentityValue of '192.0.2.0/24' will match
an IPv4 address ID payload of 192.0.2.10
- a ipspPeerIdFiltIdentityValue of '192.0.2.*' will also
match an IPv4 address ID payload of 192.0.2.10.
The character '*' replaces 0 or multiple instances of any
character. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpspIdentityFilter |
|
|
ipspPeerIdFiltLastChanged |
1.3.6.1.2.1.1.1.13.1.4 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspPeerIdFiltStorageType |
1.3.6.1.2.1.1.1.13.1.5 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspPeerIdFiltRowStatus |
1.3.6.1.2.1.1.1.13.1.6 |
This object indicates the conceptual status of this row.
This object can not be considered active unless the
ipspPeerIdFiltIdentityType and ipspPeerIdFiltIdentityValue
column values are defined. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspCompoundActionTable |
1.3.6.1.2.1.1.1.14 |
Table used to allow multiple actions to be associated with a
rule. It uses the ipspSubactionsTable to do this. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspCompoundActionEntry |
|
ipspCompoundActionEntry |
1.3.6.1.2.1.1.1.14.1 |
A row in the ipspCompoundActionTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspCompoundActionEntry |
|
|
ipspCompActName |
1.3.6.1.2.1.1.1.14.1.1 |
This is an administratively assigned name of this compound
action. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspCompActExecutionStrategy |
1.3.6.1.2.1.1.1.14.1.2 |
This object indicates how the sub-actions are executed based
on the success of the actions as they finish executing.
doAll - run each sub-action regardless of the
exit status of the previous action. This
parent action is always considered to have
acted successfully.
doUntilSuccess - run each sub-action until one succeeds, at
which point stop processing the sub-actions
within this parent compound action. If one
of the sub-actions did execute
successfully, this parent action is also
considered to have executed sucessfully.
doUntilFailure - run each sub-action until one fails, at
which point stop processing the sub-actions
within this compound action. If any
sub-action fails, the result of this parent
action is considered to have failed. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
reserved(0), doAll(1), doUntilSuccess(2), doUntilFailure(3) |
|
ipspCompActLastChanged |
1.3.6.1.2.1.1.1.14.1.3 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspCompActStorageType |
1.3.6.1.2.1.1.1.14.1.4 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspCompActRowStatus |
1.3.6.1.2.1.1.1.14.1.5 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
Once a row in the ipspCompoundActionTable has been made active,
this object may not be set to destroy without first
destroying all the contained rows listed in the
ipspSubactionsTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspSubactionsTable |
1.3.6.1.2.1.1.1.15 |
This table contains a list of the sub-actions within a given
compound action. Compound actions executing these actions
MUST execute them in series based on the ipspSubActPriority
value, with the lowest value executing first. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspSubactionsEntry |
|
ipspSubactionsEntry |
1.3.6.1.2.1.1.1.15.1 |
A row containing a reference to a given compound-action
sub-action. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspSubactionsEntry |
|
|
ipspSubActPriority |
1.3.6.1.2.1.1.1.15.1.1 |
The priority of a given sub-action within a compound action.
The order in which sub-actions should be executed are based
on the value from this column, with the lowest numeric value
executing first. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65536 |
|
ipspSubActSubActionName |
1.3.6.1.2.1.1.1.15.1.2 |
This column points to the action to be taken. It may, but is
not limited to, point to a row in one of the following
tables:
ipspCompoundActionTable - Allowing recursion
ipspSaPreconfiguredActionTable
ipspIkeActionTable
ipspIpsecActionTable
It may also point to one of the scalar objects beneath
ipspStaticActions.
If this object is set to a pointer to a row in an unsupported
(or unknown) table, an inconsistentValue error should be
returned.
If this object is set to point to a non-existent row in an
otherwise supported table, an inconsistentName error should
be returned. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
aiipspCompActLastChanged |
1.3.6.1.2.1.1.1.15.1.3 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
aiipspCompActStorageType |
1.3.6.1.2.1.1.1.15.1.4 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
aiipspCompActRowStatus |
1.3.6.1.2.1.1.1.15.1.5 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspDropAction |
1.3.6.1.2.1.1.1.16.1 |
This scalar indicates that a packet should be dropped WITHOUT
action/packet logging. This object returns a value
of 1 for IPsec policy implementations that support the drop
static action. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspDropActionLog |
1.3.6.1.2.1.1.1.16.2 |
This scalar indicates that a packet should be dropped WITH
action/packet logging. This object returns a value
of 1 for IPsec policy implementations that support the drop
static action with logging. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspAcceptAction |
1.3.6.1.2.1.1.1.16.3 |
This Scalar indicates that a packet should be accepted
(pass-through) WITHOUT action/packet logging. This object
returns a value of 1 for IPsec policy implementations that
support the accept static action. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspAcceptActionLog |
1.3.6.1.2.1.1.1.16.4 |
This scalar indicates that a packet should be accepted
(pass-through) WITH action/packet logging. This object
returns a value of 1 for IPsec policy implementations that
support the accept static action with logging. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspRejectIKEAction |
1.3.6.1.2.1.1.1.16.5 |
This scalar indicates that a packet should be rejected
WITHOUT action/packet logging. This object returns a value
of 1 for IPsec policy implementations that support the reject
static action. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspRejectIKEActionLog |
1.3.6.1.2.1.1.1.16.6 |
This scalar indicates that a packet should be rejected
WITH action/packet logging. This object returns a value of 1
for IPsec policy implementations that support the reject
static action with logging. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspSaPreActActionName |
1.3.6.1.2.1.1.1.17.1.1 |
This object contains the name of this
SaPreconfiguredActionEntry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspSaPreActSADirection |
1.3.6.1.2.1.1.1.17.1.2 |
This object indicates whether a row should apply to outgoing
or incoming SAs |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspSADirection |
|
|
ipspSaPreActActionLifetimeSec |
1.3.6.1.2.1.1.1.17.1.4 |
ipspSaPreActActionLifetimeSec specifies how long in seconds the
security association derived from this action should be used.
The default lifetime is 8 hours.
Note: the actual lifetime of the preconfigured SA will be the
lesser of the value of this object and of the value of the
MaxLifetimeSecs property of the associated transform.
A value of 0 indicates no time limit on the lifetime
of the SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspSaPreActActionLifetimeKB |
1.3.6.1.2.1.1.1.17.1.5 |
ipspSaPreActActionLifetimeKB specifies how long the
security association derived from this action should be used.
After this value in KiloBytes has passed through the security
association, it should no longer be used.
Note: the actual lifetime of the preconfigured SA will be the
lesser of the value of this object and of the value of the
MaxLifetimeKB property of the associated transform.
The default value, '0', indicates no kilobyte limit. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspSaPreActDoActionLogging |
1.3.6.1.2.1.1.1.17.1.6 |
ipspSaPreActDoActionLogging specifies whether or not an audit
message should be logged when a preconfigured SA is created. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipspSaPreActDoPacketLogging |
1.3.6.1.2.1.1.1.17.1.7 |
ipspSaPreActDoPacketLogging specifies whether or not an audit
message should be logged and if there is logging, how many
bytes of the packet to place in the notification. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpspIPPacketLogging |
|
|
ipspSaPreActDFHandling |
1.3.6.1.2.1.1.1.17.1.8 |
This object specifies how to process the DF bit in packets
sent through the preconfigured SA. This object is not used
for transport SAs. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
reserved(0), copy(1), set(2), clear(3) |
|
ipspSaPreActAHSPI |
1.3.6.1.2.1.1.1.17.1.10 |
This object represents the SPI value for the AH SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspSaPreActAHSharedSecretName |
1.3.6.1.2.1.1.1.17.1.12 |
This object contains a name value to be used as an index into
the ipspCredentialTable which holds the pertinent keying
information for the AH SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipspSaPreActESPSPI |
1.3.6.1.2.1.1.1.17.1.13 |
This object represents the SPI value for the ESP SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspSaPreActESPEncSecretName |
1.3.6.1.2.1.1.1.17.1.15 |
This object contains a name value to be used as an index into
the ipspCredentialTable which holds the pertinent keying
information for the encryption algorithm of the ESP SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipspSaPreActESPAuthSecretName |
1.3.6.1.2.1.1.1.17.1.16 |
This object contains a name value to be used as an index into
the ipspCredentialTable which holds the pertinent keying
information for the authentication algorithm of the ESP SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipspSaPreActIPCompSPI |
1.3.6.1.2.1.1.1.17.1.17 |
This object represents the SPI value for the IPComp SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspSaPreActPeerGatewayIdName |
1.3.6.1.2.1.1.1.17.1.19 |
This object indicates the peer id name of the peer
gateway. This object can be used to look up the peer gateway
address in the ipspPeerIdentityTable.
This object is only used when initiating a tunnel SA, and
is not used for transport SAs. If ipspSaPreActActionType
specifies tunnel mode and this object is empty, the peer
gateway should be determined from the source or destination
of the packet. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipspSaPreActLastChanged |
1.3.6.1.2.1.1.1.17.1.20 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspSaPreActStorageType |
1.3.6.1.2.1.1.1.17.1.21 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspSaPreActRowStatus |
1.3.6.1.2.1.1.1.17.1.22 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspSaNegotiationParametersTable |
1.3.6.1.2.1.1.1.18 |
This table contains reusable parameters that can be pointed
to by the ipspIkeActionTable and ipspIpsecActionTable. These
parameters are reusable since it is likely an administrator
will want to make global policy changes to lifetime
parameters that apply to multiple actions. This table allows
multiple rows in the other actions tables to reuse global
lifetime parameters in this table by repeatedly pointing to a
row cointained within this table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspSaNegotiationParametersEntry |
|
ipspSaNegotiationParametersEntry |
1.3.6.1.2.1.1.1.18.1 |
Contains the attributes of one row in the
ipspSaNegotiationParametersTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspSaNegotiationParametersEntry |
|
|
ipspSaNegParamName |
1.3.6.1.2.1.1.1.18.1.1 |
This object contains the administrative name of this
SaNegotiationParametersEntry. This row can be referred
to by this name in other policy action tables. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspSaNegParamMinLifetimeSecs |
1.3.6.1.2.1.1.1.18.1.2 |
ipspSaNegParamMinLifetimeSecs specifies the minimum seconds
lifetime that will be accepted from the peer. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspSaNegParamMinLifetimeKB |
1.3.6.1.2.1.1.1.18.1.3 |
ipspSaNegParamMinLifetimeKB specifies the minimum kilobyte
lifetime that will be accepted from the peer. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspSaNegParamRefreshThreshSecs |
1.3.6.1.2.1.1.1.18.1.4 |
ipspSaNegParamRefreshThreshSecs specifies what percentage of
the seconds lifetime can expire before IKE should attempt to
renegotiate the IPsec security association.
A value between 1 and 100 representing a percentage. A
value of 100 indicates that the IPsec security
association should not be renegotiated until the
seconds lifetime has been completely reached. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..100 |
|
ipspSaNegParamRefreshThresholdKB |
1.3.6.1.2.1.1.1.18.1.5 |
ipspSaNegParamRefreshThresholdKB specifies what percentage of
the kilobyte lifetime can expire before IKE should attempt
to renegotiate the IPsec security association. A value
between 1 and 100 representing a percentage. A value of 100
indicates that the IPsec security association should not be
renegotiated until the kilobyte lifetime has been reached. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..100 |
|
ipspSaNegParamIdleDurationSecs |
1.3.6.1.2.1.1.1.18.1.6 |
ipspSaNegParamIdleDurationSecs specifies how many seconds a
security association may remain idle (i.e., no traffic
protected using the security association) before it is
deleted. A value of zero indicates that idle detection
should not be used for the security association. Any
non-zero value indicates the number of seconds the security
association may remain unused. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspSaNegParamLastChanged |
1.3.6.1.2.1.1.1.18.1.7 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspSaNegParamStorageType |
1.3.6.1.2.1.1.1.18.1.8 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspSaNegParamRowStatus |
1.3.6.1.2.1.1.1.18.1.9 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object may not be set to destroy if refered to by other
rows in other action tables. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIkeActionTable |
1.3.6.1.2.1.1.1.19 |
The ipspIkeActionTable contains a list of the parameters used
for an IKE phase 1 SA DOI negotiation. See the corresponding
table ipspIkeActionProposalsTable for a list of proposals
contained within a given IKE Action. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspIkeActionEntry |
|
ipspIkeActionEntry |
1.3.6.1.2.1.1.1.19.1 |
The ipspIkeActionEntry lists the IKE negotiation attributes. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspIkeActionEntry |
|
|
ipspIkeActName |
1.3.6.1.2.1.1.1.19.1.1 |
This object contains the name of this ikeAction entry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspIkeActParametersName |
1.3.6.1.2.1.1.1.19.1.2 |
This object is administratively assigned to reference a row
in the ipspSaNegotiationParametersTable where additional
parameters affecting this action may be found. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspIkeActThresholdDerivedKeys |
1.3.6.1.2.1.1.1.19.1.3 |
ipspIkeActThresholdDerivedKeys specifies what percentage
of the derived key limit (see the LifetimeDerivedKeys
property of IKEProposal) can expire before IKE should attempt
to renegotiate the IKE phase 1 security association. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..100 |
|
ipspIkeActExchangeMode |
1.3.6.1.2.1.1.1.19.1.4 |
ipspIkeActExchangeMode specifies the IKE Phase 1 negotiation
mode. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
main(1), agressive(2) |
|
ipspIkeActIdentityType |
1.3.6.1.2.1.1.1.19.1.6 |
This column along with ipspIkeActIdentityContext and endpoint
information is used to refer an ipspIkeIdentityEntry in the
ipspIkeIdentityTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipspIkeActIdentityContext |
1.3.6.1.2.1.1.1.19.1.7 |
This column, along with ipspIkeActIdentityType and endpoint
information, is used to refer to an ipspIkeIdentityEntry in the
ipspIkeIdentityTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspIkeActPeerName |
1.3.6.1.2.1.1.1.19.1.8 |
This object indicates the peer id name of the IKE peer. This
object can be used to look up the peer id value, address,
credentials and other values in the ipspPeerIdentityTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipspIkeActDoActionLogging |
1.3.6.1.2.1.1.1.19.1.9 |
ikeDoActionLogging specifies whether or not an audit
message should be logged when this ike SA is created. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipspIkeActDoPacketLogging |
1.3.6.1.2.1.1.1.19.1.10 |
ikeDoPacketLogging specifies whether or not an audit message
should be logged and if there is logging, how many bytes of
the packet to place in the notification. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpspIPPacketLogging |
|
|
ipspIkeActVendorId |
1.3.6.1.2.1.1.1.19.1.11 |
Vendor ID Payload. A value of NULL means that Vendor ID
payload will be neither generated nor accepted. A non-NULL
value means that a Vendor ID payload will be generated (when
acting as an initiator) or is expected (when acting as a
responder). |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..65535) |
|
ipspIkeActLastChanged |
1.3.6.1.2.1.1.1.19.1.12 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIkeActStorageType |
1.3.6.1.2.1.1.1.19.1.13 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIkeActRowStatus |
1.3.6.1.2.1.1.1.19.1.14 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object may not be set to destroy if refered to by other
rows in other action tables. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIkeActionProposalsEntry |
1.3.6.1.2.1.1.1.20.1 |
a row containing one ike proposal reference |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspIkeActionProposalsEntry |
|
|
ipspIkeActPropPriority |
1.3.6.1.2.1.1.1.20.1.1 |
The numeric priority of a given contained proposal inside an
ike Action. This index should be used to order the proposals
in an IKE Phase I negotiation, lowest value first. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipspIkeActPropName |
1.3.6.1.2.1.1.1.20.1.2 |
The administratively assigned name that can be used to
reference a set of values contained within the
ipspIkeProposalTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspIkeActPropLastChanged |
1.3.6.1.2.1.1.1.20.1.3 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIkeActPropStorageType |
1.3.6.1.2.1.1.1.20.1.4 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIkeActPropRowStatus |
1.3.6.1.2.1.1.1.20.1.5 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIkeProposalTable |
1.3.6.1.2.1.1.1.21 |
This table contains a list of IKE proposals which are used in
an IKE negotiation. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspIkeProposalEntry |
|
ipspIkeProposalEntry |
1.3.6.1.2.1.1.1.21.1 |
One IKE proposal entry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspIkeProposalEntry |
|
|
ipspIkePropLifetimeDerivedKeys |
1.3.6.1.2.1.1.1.21.1.1 |
ipspIkePropLifetimeDerivedKeys specifies the number of times
that a phase 1 key will be used to derive a phase 2 key
before the phase 1 security association needs renegotiated. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspIkePropCipherKeyLength |
1.3.6.1.2.1.1.1.21.1.3 |
This object specifies, in bits, the key length for
the cipher algorithm used in IKE Phase 1 negotiation. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspIkePropCipherKeyRounds |
1.3.6.1.2.1.1.1.21.1.4 |
This object specifies the number of key rounds for
the cipher algorithm used in IKE Phase 1 negotiation. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspIkePropHashAlgorithm |
1.3.6.1.2.1.1.1.21.1.5 |
ipspIkePropHashAlgorithm specifies the proposed phase 1
security assocation hash algorithm. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IkeHashAlgorithm |
|
|
ipspIkePropPrfAlgorithm |
1.3.6.1.2.1.1.1.21.1.6 |
ipPRFAlgorithm specifies the proposed phase 1 security
association psuedo-random function.
Note: currently no prf algorithms are defined. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
reserved(0) |
|
ipspIkePropVendorId |
1.3.6.1.2.1.1.1.21.1.7 |
The VendorID property is used to identify vendor-defined key
exchange GroupIDs. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
ipspIkePropDhGroup |
1.3.6.1.2.1.1.1.21.1.8 |
This object specifies the proposed phase 1 security
association Diffie-Hellman group |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IkeGroupDescription |
|
|
ipspIkePropMaxLifetimeSecs |
1.3.6.1.2.1.1.1.21.1.10 |
ipspIkePropMaxLifetimeSecs specifies the maximum amount of
time to propose a security association remain valid.
A value of 0 indicates that the default lifetime of
8 hours should be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspIkePropMaxLifetimeKB |
1.3.6.1.2.1.1.1.21.1.11 |
ipspIkePropMaxLifetimeKB specifies the maximum kilobyte
lifetime to propose a security association remain valid. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspIkePropProposalLastChanged |
1.3.6.1.2.1.1.1.21.1.12 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIkePropProposalStorageType |
1.3.6.1.2.1.1.1.21.1.13 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIkePropProposalRowStatus |
1.3.6.1.2.1.1.1.21.1.14 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIpsecActionTable |
1.3.6.1.2.1.1.1.22 |
The ipspIpsecActionTable contains a list of the parameters
used for an IKE phase 2 IPsec DOI negotiation. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspIpsecActionEntry |
|
ipspIpsecActionEntry |
1.3.6.1.2.1.1.1.22.1 |
The ipspIpsecActionEntry lists the IPsec negotiation
attributes. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspIpsecActionEntry |
|
|
ipspIpsecActName |
1.3.6.1.2.1.1.1.22.1.1 |
ipspIpsecActName is the name of the ipsecAction entry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspIpsecActParametersName |
1.3.6.1.2.1.1.1.22.1.2 |
This object is used to reference a row in the
ipspSaNegotiationParametersTable where additional parameters
affecting this action may be found. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspIpsecActProposalsName |
1.3.6.1.2.1.1.1.22.1.3 |
This object is used to reference one or more rows in the
ipspIpsecProposalsTable where an ordered list of proposals
affecting this action may be found. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspIpsecActUsePfs |
1.3.6.1.2.1.1.1.22.1.4 |
This MIB object specifies whether or not perfect forward
secrecy should be used when refreshing keys.
A value of true indicates that PFS should be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipspIpsecActVendorId |
1.3.6.1.2.1.1.1.22.1.5 |
The VendorID property is used to identify vendor-defined key
exchange GroupIDs. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
ipspIpsecActGroupId |
1.3.6.1.2.1.1.1.22.1.6 |
This object specifies the Diffie-Hellman group to use for
phase 2 when the object ipspIpsecActUsePfs is true and the
object ipspIpsecActUseIkeGroup is false. If the GroupID
number is from the vendor-specific range (32768-65535), the
VendorID qualifies the group number. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IkeGroupDescription |
|
|
ipspIpsecActPeerGatewayIdName |
1.3.6.1.2.1.1.1.22.1.7 |
This object indicates the peer id name of the peer
gateway. This object can be used to look up the peer id
value, address and other values in the ipspPeerIdentityTable.
This object is used when initiating a tunnel SA. This object
is not used for transport SAs. If no value is set and
ipspIpsecActMode is tunnel, the peer gateway should be
determined from the source or destination address of the
packet. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..116) |
|
ipspIpsecActUseIkeGroup |
1.3.6.1.2.1.1.1.22.1.8 |
This object specifies whether or not to use the same GroupId
for phase 2 as was used in phase 1. If UsePFS is false, this
entry should be ignored. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipspIpsecActGranularity |
1.3.6.1.2.1.1.1.22.1.9 |
This object specifies how the proposed selector for the
security association will be created. The selector is
created by using the FilterList information. The selector
can be subnet, address, porotocol, or port. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
subnet(1), address(2), protocol(3), port(4) |
|
ipspIpsecActMode |
1.3.6.1.2.1.1.1.22.1.10 |
This object specifies the encapsulation of the IPsec SA
to be negotiated. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
tunnel(1), transport(2) |
|
ipspIpsecActDFHandling |
1.3.6.1.2.1.1.1.22.1.11 |
This object specifies the processing of DF bit by the
negotiated IPsec tunnel.
1 - DF bit is copied.
2 - DF bit is set.
3 - DF bit is cleared. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
copy(1), set(2), clear(3) |
|
ipspIpsecActDoActionLogging |
1.3.6.1.2.1.1.1.22.1.12 |
ipspIpsecActDoActionLogging specifies whether or not an audit
message should be logged when this ipsec SA is created. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipspIpsecActDoPacketLogging |
1.3.6.1.2.1.1.1.22.1.13 |
ipspIpsecActDoPacketLogging specifies whether or not an audit
message should be logged and if there is logging, how many
bytes of the packet to place in the notification. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpspIPPacketLogging |
|
|
ipspIpsecActLastChanged |
1.3.6.1.2.1.1.1.22.1.14 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIpsecActStorageType |
1.3.6.1.2.1.1.1.22.1.15 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIpsecActRowStatus |
1.3.6.1.2.1.1.1.22.1.16 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIpsecProposalsEntry |
1.3.6.1.2.1.1.1.23.1 |
An entry containing (possibly a portion of) a proposal. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspIpsecProposalsEntry |
|
|
ipspIpsecPropPriority |
1.3.6.1.2.1.1.1.23.1.2 |
The priority level (AKA sequence level) of this proposal.
A lower number indicates a higher precedence. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipspIpsecPropProtocolId |
1.3.6.1.2.1.1.1.23.1.3 |
The protocol Id for the transforms for this proposal. The
protoIsakmp(1) value is not valid for this object.
This object, along with the ipspIpsecPropTransformsName,
is the index into the ipspIpsecTransformsTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecDoiSecProtocolId |
|
|
ipspIpsecPropLastChanged |
1.3.6.1.2.1.1.1.23.1.5 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIpsecPropStorageType |
1.3.6.1.2.1.1.1.23.1.6 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIpsecPropRowStatus |
1.3.6.1.2.1.1.1.23.1.7 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This row may not be set to active until the corresponding row
in the ipspIpsecTransformsTable exists and is active. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIpsecTranType |
1.3.6.1.2.1.1.1.24.1.1 |
The protocol type for this transform. The protoIsakmp(1)
value is not valid for this object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecDoiSecProtocolId |
|
|
ipspIpsecTranName |
1.3.6.1.2.1.1.1.24.1.2 |
The name for this transform or group of transforms. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspIpsecTranPriority |
1.3.6.1.2.1.1.1.24.1.3 |
The priority level (AKA sequence level) of the this transform
within the group of transforms. This indicates the
preference for which algorithms are requested when the list
of transforms are sent to the remote host. A lower number
indicates a higher precedence. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipspIpsecTranLastChanged |
1.3.6.1.2.1.1.1.24.1.5 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIpsecTranStorageType |
1.3.6.1.2.1.1.1.24.1.6 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIpsecTranRowStatus |
1.3.6.1.2.1.1.1.24.1.7 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This row may not be set to active until the corresponding row
in the ipspAhTransformTable, ipspEspTransformTable or the
ipspIpcompTransformTable exists. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspAhTranName |
1.3.6.1.2.1.1.1.25.1.1 |
This object contains the name of this AH transform. This row
will be referred to by an ipspIpsecTransformsEntry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspAhTranMaxLifetimeSec |
1.3.6.1.2.1.1.1.25.1.2 |
ipspAhTranMaxLifetimeSec specifies how long in seconds the
security association derived from this transform should be
used.
A value of 0 indicates that the default lifetime of
8 hours should be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspAhTranMaxLifetimeKB |
1.3.6.1.2.1.1.1.25.1.3 |
ipspAhTranMaxLifetimeKB specifies how long in kilobytes the
security association derived from this transform should be
used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspAhTranReplayProtection |
1.3.6.1.2.1.1.1.25.1.5 |
ipspAhTranReplayProtection indicates whether or not anti replay
service is to be provided by this SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipspAhTranReplayWindowSize |
1.3.6.1.2.1.1.1.25.1.6 |
ipspAhTranReplayWindowSize indicates the size, in bits, of
the replay window to use if replay protection is true for
this transform. The window size is assumed to be a power of
two. If Replay Protection is false, this value can be
ignored. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspAhTranLastChanged |
1.3.6.1.2.1.1.1.25.1.7 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspAhTranStorageType |
1.3.6.1.2.1.1.1.25.1.8 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspAhTranRowStatus |
1.3.6.1.2.1.1.1.25.1.9 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspEspTranName |
1.3.6.1.2.1.1.1.26.1.1 |
The name of this particular espTransform be referred to by an
ipspIpsecTransformsEntry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspEspTranMaxLifetimeSec |
1.3.6.1.2.1.1.1.26.1.2 |
ipspEspTranMaxLifetimeSec specifies how long in seconds the
security association derived from this transform should be
used.
A value of 0 indicates that the default lifetime of
8 hours should be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspEspTranMaxLifetimeKB |
1.3.6.1.2.1.1.1.26.1.3 |
ipspEspTranMaxLifetimeKB specifies how long in kilobytes the
security association derived from this transform should be
used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspEspTranCipherKeyLength |
1.3.6.1.2.1.1.1.26.1.5 |
This object specifies, in bits, the key length for
the ESP cipher algorithm. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspEspTranCipherKeyRounds |
1.3.6.1.2.1.1.1.26.1.6 |
This object specifies the number of key rounds for
the ESP cipher algorithm. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspEspTranReplayPrevention |
1.3.6.1.2.1.1.1.26.1.8 |
ipspEspTranReplayPrevention indicates whether or not
anti-replay service is to be provided by this SA. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
ipspEspTranReplayWindowSize |
1.3.6.1.2.1.1.1.26.1.9 |
ipspEspTranReplayWindowSize indicates the size, in bits, of
the replay window to use if replay protection is true for
this transform. The window size is assumed to be a power of
two. If Replay Protection is false, this value can be
ignored. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspEspTranLastChanged |
1.3.6.1.2.1.1.1.26.1.10 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspEspTranStorageType |
1.3.6.1.2.1.1.1.26.1.11 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspEspTranRowStatus |
1.3.6.1.2.1.1.1.26.1.12 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIpcompTranMaxLifetimeSec |
1.3.6.1.2.1.1.1.27.1.2 |
ipspIpcompTranMaxLifetimeSec specifies how long in seconds
the security association derived from this transform should
be used.
A value of 0 indicates that the default lifetime of
8 hours should be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspIpcompTranMaxLifetimeKB |
1.3.6.1.2.1.1.1.27.1.3 |
ipspIpcompTranMaxLifetimeKB specifies how long in kilobytes
the security association derived from this transform should
be used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspIpcompTranDictionarySize |
1.3.6.1.2.1.1.1.27.1.5 |
If the algorithm in ipspIpcompTranAlgorithm requires a
dictionary size configuration parameter, then this is the
place to put it. This object specifies the log2 maximum size
of the dictionary for the compression algorithm. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspIpcompTranPrivateAlgorithm |
1.3.6.1.2.1.1.1.27.1.6 |
If ipspIpcompTranPrivateAlgorithm has a value other zero,
then it is up to the vendors implementation to determine the
meaning of this field and substitute a data compression
algorithm in place of ipspIpcompTranAlgorithm. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipspIpcompTranLastChanged |
1.3.6.1.2.1.1.1.27.1.7 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIpcompTranStorageType |
1.3.6.1.2.1.1.1.27.1.8 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIpcompTranRowStatus |
1.3.6.1.2.1.1.1.27.1.9 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIkeIdentityTable |
1.3.6.1.2.1.1.1.28 |
IKEIdentity is used to represent the identities that may be
used for an IPProtocolEndpoint (or collection of
IPProtocolEndpoints) to identify itself in IKE phase 1
negotiations. The column ikeIdentityName in an
ipspIkeActionEntry together with the ipspEndGroupIdentType
and the ipspEndGroupAddress in the PolicyEndpointToGroupTable
specifies the unique identity to use in a negotiation
exchange. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspIkeIdentityEntry |
|
ipspIkeIdentityEntry |
1.3.6.1.2.1.1.1.28.1 |
ikeIdentity lists the attributes of an IKE identity. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspIkeIdentityEntry |
|
|
ipspIkeIdCredentialName |
1.3.6.1.2.1.1.1.28.1.1 |
This value is used as an index into the ipspCredentialTable to
look up the actual credential value and other credential
information.
For ID's without associated credential information, this
value is left blank.
For ID's that are address types, this value may be left blank
and the associated IPProtocolEndpoint or appropriate member
of the Collection of endpoints is used. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipspIkeIdLastChanged |
1.3.6.1.2.1.1.1.28.1.2 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIkeIdStorageType |
1.3.6.1.2.1.1.1.28.1.3 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIkeIdRowStatus |
1.3.6.1.2.1.1.1.28.1.4 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspPeerIdentityTable |
1.3.6.1.2.1.1.1.29 |
PeerIdentity is used to represent the identities that may be
used for peers to identify themselves in IKE phase I/II
negotiations. PeerIdentityTable aggregates the table entries
that provide mappings between identities and their
addresses. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspPeerIdentityEntry |
|
ipspPeerIdentityEntry |
1.3.6.1.2.1.1.1.29.1 |
peerIdentity matches a peer's identity to its address. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspPeerIdentityEntry |
|
|
ipspPeerIdName |
1.3.6.1.2.1.1.1.29.1.1 |
This is an administratively assigned value that, together
with ipspPeerIdPriority, uniquely identifies an entry in this
table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspPeerIdPriority |
1.3.6.1.2.1.1.1.29.1.2 |
This object, along with ipspPeerIdName, uniquely identifies an
entry in this table. The priority also indicates the order
of peer gateways to initiate or accept SAs from (i.e. try
until success). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..2147483647 |
|
ipspPeerIdType |
1.3.6.1.2.1.1.1.29.1.3 |
ipspPeerIdType is an enumeration identifying the type of the
Identity value. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipspPeerIdValue |
1.3.6.1.2.1.1.1.29.1.4 |
ipspPeerIdValue contains an Identity filter to be used to match
against the identity payload in an IKE request. If this value
matches the value in the identity payload, the credential for
the peer can be found using the ipspPeerIdCredentialName as
an index into the credential table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpspIdentityFilter |
|
|
ipspPeerIdAddressType |
1.3.6.1.2.1.1.1.29.1.5 |
The property ipspPeerIdAddressType specifies the format of the
ipspPeerIdAddress property value. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
ipspPeerIdAddress |
1.3.6.1.2.1.1.1.29.1.6 |
The property PeerAddress specifies the IP address of the
peer. The format is specified by the ipspPeerIdAddressType.
Values of unknown, ipv4z, ipv6z and dns are not legal values
for this object. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipspPeerIdCredentialName |
1.3.6.1.2.1.1.1.29.1.7 |
This value is used as an index into the ipspCredentialTable to
look up the actual credential value and other credential
information. For peer IDs that have no associated credential
information, this value is left blank. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipspPeerIdLastChanged |
1.3.6.1.2.1.1.1.29.1.8 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspPeerIdStorageType |
1.3.6.1.2.1.1.1.29.1.9 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspPeerIdRowStatus |
1.3.6.1.2.1.1.1.29.1.10 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspAutostartIkeTable |
1.3.6.1.2.1.1.1.30 |
The parameters in the autostart IKE Table are used to
automatically initiate IKE phaes I and II (i.e. IPsec)
negotiations on startup. It also will initiate IKE phase I
and II negotiations for a row at the time of that row's
creation |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspAutostartIkeEntry |
|
ipspAutostartIkeEntry |
1.3.6.1.2.1.1.1.30.1 |
autostart ike provides the set of parameters to automatically
start IKE and IPsec SA's. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspAutostartIkeEntry |
|
|
ipspAutoIkePriority |
1.3.6.1.2.1.1.1.30.1.1 |
ipspAutoIkePriority is an index into the autostartIkeAction
table and can be used to order the autostart IKE actions. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipspAutoIkeAction |
1.3.6.1.2.1.1.1.30.1.2 |
This pointer is used to point to the action or compound
action that should be initiated by this row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
ipspAutoIkeAddressType |
1.3.6.1.2.1.1.1.30.1.3 |
The property ipspAutoIkeAddressType specifies the format of the
autoIke source and destination Address values.
Values of unknown, ipv4z, ipv6z and dns are not legal values
for this object. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
ipspAutoIkeSourceAddress |
1.3.6.1.2.1.1.1.30.1.4 |
The property autoIkeSourecAddress specifies Source IP address
for autostarting IKE SA's, formatted according to the
appropriate convention as defined in the
ipspAutoIkeAddressType property. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipspAutoIkeSourcePort |
1.3.6.1.2.1.1.1.30.1.5 |
The property ipspAutoIkeSourcePort specifies the port number
for the source port for auotstarting IKE SA's.
The value of 0 for this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
ipspAutoIkeDestAddress |
1.3.6.1.2.1.1.1.30.1.6 |
The property ipspAutoIkeDestAddress specifies the Destination
IP address for autostarting IKE SA's, formatted according to
the appropriate convention as defined in the
ipspAutoIkeAddressType property. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipspAutoIkeDestPort |
1.3.6.1.2.1.1.1.30.1.7 |
The property ipspAutoIkeDestPort specifies the port number for
the destination port for auotstarting IKE SA's.
The value of 0 for this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
ipspAutoIkeProtocol |
1.3.6.1.2.1.1.1.30.1.8 |
The property Protocol specifies the protocol number used in
comparing with policy filter entries and used in any phase 2
negotiations. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..255 |
|
ipspAutoIkeLastChanged |
1.3.6.1.2.1.1.1.30.1.9 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspAutoIkeStorageType |
1.3.6.1.2.1.1.1.30.1.10 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspAutoIkeRowStatus |
1.3.6.1.2.1.1.1.30.1.11 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspIpsecCredMngServiceTable |
1.3.6.1.2.1.1.1.31 |
A table of Credential Management Service values. This table
is usually used for credential/certificate values that are
used with a management service (e.g. Certificate
Authorities). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspIpsecCredMngServiceEntry |
|
ipspIpsecCredMngServiceEntry |
1.3.6.1.2.1.1.1.31.1 |
A row in the ipspIpsecCredMngServiceTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspIpsecCredMngServiceEntry |
|
|
ipspIcmsName |
1.3.6.1.2.1.1.1.31.1.1 |
This is an administratively assigned string used to index
this table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspIcmsDistinguishedName |
1.3.6.1.2.1.1.1.31.1.2 |
This value represents the Distinguished Name of the
Credential Management Service. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..256) |
|
ipspIcmsPolicyStatement |
1.3.6.1.2.1.1.1.31.1.3 |
This Value represents the Credential Management Service
Policy Statement, or a reference describing how to obtain it
(e.g., a URL). If one doesn't exist, this value can be left
blank |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..1024) |
|
ipspIcmsMaxChainLength |
1.3.6.1.2.1.1.1.31.1.4 |
This value is the maximum length of the chain allowble from
the Credential Management Service to the credential in
question. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
ipspIcmsCredentialName |
1.3.6.1.2.1.1.1.31.1.5 |
This value is used as an index into the ipspCredentialTable
to look up the actual credential value. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipspIcmsLastChanged |
1.3.6.1.2.1.1.1.31.1.6 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspIcmsStorageType |
1.3.6.1.2.1.1.1.31.1.7 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspIcmsRowStatus |
1.3.6.1.2.1.1.1.31.1.8 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspCredMngCRLTable |
1.3.6.1.2.1.1.1.32 |
A table of the Credential Revocation Lists (CRL) for
credential managment services. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspCredMngCRLEntry |
|
ipspCredMngCRLEntry |
1.3.6.1.2.1.1.1.32.1 |
A row in the ipspCredMngCRLTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspCredMngCRLEntry |
|
|
ipspCmcCRLName |
1.3.6.1.2.1.1.1.32.1.1 |
This is an administratively assigned string used to index
this table. It represents a CRL for a given CA from a given
distribution point. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspCmcDistributionPoint |
1.3.6.1.2.1.1.1.32.1.2 |
This Value represents a Distribution Point for a Credential
Revocation List. It can be relative to the Credential
Management Service or a full name (URL, e-mail, etc...). |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..256) |
|
ipspCmcThisUpdate |
1.3.6.1.2.1.1.1.32.1.3 |
This value is the issue date of this CRL. This
should be in utctime or generalizedtime. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..32) |
|
ipspCmcNextUpdate |
1.3.6.1.2.1.1.1.32.1.4 |
This value indicates the date the next version of this CRL
will be issued. This should be in utctime or
generalizedtime. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..32) |
|
ipspCmcLastChanged |
1.3.6.1.2.1.1.1.32.1.5 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspCmcStorageType |
1.3.6.1.2.1.1.1.32.1.6 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspCmcRowStatus |
1.3.6.1.2.1.1.1.32.1.7 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspRevokedCertificateTable |
1.3.6.1.2.1.1.1.33 |
A table of Credentials revoked by credential managment
services. That is, this table is a table of Certificates
that are on CRL's, Credential Revocation Lists. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspRevokedCertificateEntry |
|
ipspRevokedCertificateEntry |
1.3.6.1.2.1.1.1.33.1 |
A row in the ipspRevokedCertificateTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspRevokedCertificateEntry |
|
|
ipspRctCertSerialNumber |
1.3.6.1.2.1.1.1.33.1.1 |
This value is the serial number of the revoked certificate. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..4294967295 |
|
ipspRctRevokedDate |
1.3.6.1.2.1.1.1.33.1.2 |
This value is the revocation date of the certificate. This
should be in utctime or generaltime. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..32) |
|
ipspRctRevokedReason |
1.3.6.1.2.1.1.1.33.1.3 |
This value is the reason this certificate was revoked. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
reserved(0), unspecified(1), keyCompromise(2), cACompromise(3), affiliationChanged(4), superseded(5), cessationOfOperation(6), certificateHold(7), removeFromCRL(8) |
|
ipspRctLastChanged |
1.3.6.1.2.1.1.1.33.1.4 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspRctStorageType |
1.3.6.1.2.1.1.1.33.1.5 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspRctRowStatus |
1.3.6.1.2.1.1.1.33.1.6 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspCredentialTable |
1.3.6.1.2.1.1.1.34 |
A table of credential values. Example of Credentials are
shared secrets, certificates or kerberos tickets. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspCredentialEntry |
|
ipspCredentialEntry |
1.3.6.1.2.1.1.1.34.1 |
A row in the ipspCredentialTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspCredentialEntry |
|
|
ipspCredName |
1.3.6.1.2.1.1.1.34.1.1 |
This object represents the name for an entry in this table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
ipspCredType |
1.3.6.1.2.1.1.1.34.1.2 |
This object represents the type of the credential for this
row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpspCredentialType |
|
|
ipspCredCredential |
1.3.6.1.2.1.1.1.34.1.3 |
This object represents the credential value.
If the size of the credential is greater than 1024, the
credential must be configured via the ipspCredSegmentTable.
For credential type where the disclosure of the credential
would compromise the credential (e.g. shared secrets), when
this object is accessed for reading, it MUST return a null
length (0 length) string and MUST NOT return the configured
credential. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..1024) |
|
ipspCredSize |
1.3.6.1.2.1.1.1.34.1.4 |
This value represents the size of the credential.
If this value is greater than 1024, the ipspCreCredential
column will return an empty (0 length) string. In this case,
the value of the credential must be retrived from the
ipspCredSegmentTable.
For credential type where the disclosure of the credential
would compromise the credential (e.g. shared secrets), when
this object is accessed for reading, it MUST return a value
of 0 and MUST NOT return the size credential. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
ipspCredMngName |
1.3.6.1.2.1.1.1.34.1.5 |
This value is used as an index into the
ipspIpsecCredMngServiceTable. For IDs that have no credential
management service, this value is left blank. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
ipspCredRemoteID |
1.3.6.1.2.1.1.1.34.1.6 |
This object represents the Identification (e.g. user name) of
the user of the key information on the remote site. If there
is no ID associated with this credential, the value of this
object should be the null string. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..256) |
|
ipspCredAdminStatus |
1.3.6.1.2.1.1.1.34.1.7 |
Indicates whether this credential should be considered active.
Rows with a disabled status must not be used for any purpose,
including IKE or IPSEC processing.
For credentials whose size does not execeed the maximum size
for the ipspCredCredential, it may be set to enabled during
row creation. For larger credentials, it should be left as
disabled until all rows have been uploaded to the
ipspCredSegmentTable. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
IpspAdminStatus |
|
|
ipspCredLastChanged |
1.3.6.1.2.1.1.1.34.1.8 |
The value of sysUpTime when this row was last modified or
created either through SNMP SETs or by some other external
means. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspCredStorageType |
1.3.6.1.2.1.1.1.34.1.9 |
The storage type for this row. Rows in this table which were
created through an external process may have a storage type
of readOnly or permanent. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspCredRowStatus |
1.3.6.1.2.1.1.1.34.1.10 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspCredentialSegmentTable |
1.3.6.1.2.1.1.1.35 |
A table of credential segments. This table is used for
credentials which are larger than the maximum size allowed
for ipspCredCredential. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpspCredentialSegmentEntry |
|
ipspCredentialSegmentEntry |
1.3.6.1.2.1.1.1.35.1 |
A row in the ipspCredentialSegmentTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpspCredentialSegmentEntry |
|
|
ipspCredSegIndex |
1.3.6.1.2.1.1.1.35.1.1 |
This object represents the segment number for this segment.
By default, each segment will be 1024 octets. However, when
this table is accessed using a context of 'ipsp4096',
'ipsp8192' or 'ipsp16384' a segment size of 4096, 8192 or
16384 (respectively) will be used instead.
The number of rows which need to be retrieved or set can be
calculated by obtaining the value of the ipspCredSize column
from the corresponding ipspCredentialTable row and dividing it
by the segment size. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..65535 |
|
ipspCredSegValue |
1.3.6.1.2.1.1.1.35.1.2 |
This object represents one segment of the credential.
By default, each complete segment will be 1024 octets. (The
last row for a given credential might be smaller, if the
credential size is not a multiple of the segment size).
An implementation may optionally support segment sizes of
256, 4096, 8192 or the full object size when this table is
is accessed using a context of 'ipspCred256', 'ipspCred4096',
'ipspCred8192' or 'ipspCredFull' (respectively).
The number of rows which need to be retrieved or set can be
calculated by obtaining the value of the ipspCredSize column
from the corresponding ipspCredentialTable row and dividing it
by the segment size. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
|
|
ipspCredSegLastChanged |
1.3.6.1.2.1.1.1.35.1.3 |
The value of sysUpTime when this credential was last modified
or created either through SNMP SETs or by some other external
means. Note that the last changed type will be the same for
all segemnts of the credential. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
ipspCredSegStorageType |
1.3.6.1.2.1.1.1.35.1.4 |
The storage type for this row. This object is read-only. Rows
in this table have the same value as the ipspCredStorageType
for the corresponding row in the ipspCredentialTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
StorageType |
|
|
ipspCredSegRowStatus |
1.3.6.1.2.1.1.1.35.1.5 |
This object indicates the conceptual status of this row.
The segment of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
ipspActionExecuted |
1.3.6.1.2.1.1.2.1.1 |
Points to the action instance that was executed that
resulted in the notification being sent. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
ipspIPInterfaceType |
1.3.6.1.2.1.1.2.1.2 |
Contains the interface type for the interface that the
packet which triggered the notification in question is
passing through. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
ipspIPInterfaceAddress |
1.3.6.1.2.1.1.2.1.3 |
Contains the interface address for the interface that the
packet which triggered the notification in question is
passing through. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipspIPSourceType |
1.3.6.1.2.1.1.2.1.4 |
Contains the source address type of the packet which
triggered the notification in question. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
ipspIPSourceAddress |
1.3.6.1.2.1.1.2.1.5 |
Contains the source address of the packet which triggered the
notification in question. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipspIPDestinationType |
1.3.6.1.2.1.1.2.1.6 |
Contains the destination address type of the packet which
triggered the notification in question. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
ipspIPDestinationAddress |
1.3.6.1.2.1.1.2.1.7 |
Contains the destination address of the packet which
triggered the notification in question. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
ipspPacketDirection |
1.3.6.1.2.1.1.2.1.8 |
Indicates if the packet whic triggered the action in
questions was inbound our outbound. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
INTEGER |
inbound(1), outbound(2) |
|
ipspPacketPart |
1.3.6.1.2.1.1.2.1.9 |
Is the front part of the packet that triggered this
notification. The size is determined by the value of
'IpspIPPacketLogging' or the size of the packet, whichever
is smaller. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
|
|
ipspActionNotification |
1.3.6.1.2.1.1.2.0.1 |
Notification that an action was executed by a rule. Only
actions with logging enabled will result in this notification
getting sent. The objects sent must include the
ipspActionExecuted object which will indicate which
action was executed within the scope of the rule.
Additionally the ipspIPSourceType,
ipspIPSourceAddress, ipspIPDestinationType, and
ipspIPDestinationAddress objects must be included to
indicate the packet source and destination of the packet that
triggered the action. Finally the
ipspIPInterfaceType, ipspIPInterfaceAddress,
and ipspPacketDirection objects are included to
indicate which interface the action was executed in
association with and if the packet was inbound or outbond
through the endpoint.
Note that compound actions with multiple
executed subactions may result in multiple notifications
being sent from a single rule execution. |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
ipspPacketNotification |
1.3.6.1.2.1.1.2.0.2 |
Notification that a packet passed through an SA. Only
SA's created by actions with packet logging enabled will
result in this notification getting sent. The objects sent
must include the ipspActionExecuted which will
indicate which action was executed within the scope of the
rule. Additionally, the ipspIPSourceType,
ipspIPSourceAddress, ipspIPDestinationType, and
ipspIPDestinationAddress, objects must be included to
indicate the packet source and destination of the packet that
triggered the action. The ipspIPInterfaceType,
ipspIPInterfaceAddress, and ipspPacketDirection
objects are included to indicate which endpoint the packet
was associated with. Finally, ipspPacketPart is
including for sending a variable sized part of the front of
the packet depending on the value of IpspIPPacketLogging. |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-TYPE |
|
|
|
ipspRuleFilterCompliance |
1.3.6.1.2.1.1.3.1.1 |
The compliance statement for SNMP entities that include an
IPsec MIB implementation with Endpoint, Rules, and filters
support. |
Status: current |
Access: not-accessible |
MODULE-COMPLIANCE |
|
|
|
ipspIPsecCompliance |
1.3.6.1.2.1.1.3.1.2 |
The compliance statement for SNMP entities that include an
IPsec MIB implementation and supports IPsec actions. |
Status: current |
Access: not-accessible |
MODULE-COMPLIANCE |
|
|
|
ipspIKECompliance |
1.3.6.1.2.1.1.3.1.3 |
The compliance statement for SNMP entities that include an
IPsec MIB implementation and supports IKE actions. |
Status: current |
Access: not-accessible |
MODULE-COMPLIANCE |
|
|
|
ipspLoggingCompliance |
1.3.6.1.2.1.1.3.1.4 |
The compliance statement for SNMP entities that support
sending notifications when actions are invoked. |
Status: current |
Access: not-accessible |
MODULE-COMPLIANCE |
|
|
|
ipspEndpointGroup |
1.3.6.1.2.1.1.3.2.1 |
The IPsec Policy Endpoint Table Group. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspGroupContentsGroup |
1.3.6.1.2.1.1.3.2.2 |
The IPsec Policy Group Contents Table Group. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspRuleDefinitionGroup |
1.3.6.1.2.1.1.3.2.4 |
The IPsec Policy Rule Definition Table Group. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspCompoundFilterGroup |
1.3.6.1.2.1.1.3.2.5 |
The IPsec Policy Compound Filter Table and Filters in
Compound Filters Table Group. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspStaticFilterGroup |
1.3.6.1.2.1.1.3.2.6 |
The static filter group. Currently this is just a true
filter. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspIPOffsetFilterGroup |
1.3.6.1.2.1.1.3.2.8 |
The IPsec Policy IP Offset Filter Table Group. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspTimeFilterGroup |
1.3.6.1.2.1.1.3.2.9 |
The IPsec Policy Time Filter Table Group. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspCredentialFilterGroup |
1.3.6.1.2.1.1.3.2.11 |
The IPsec Policy Credential Filter Table Group. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspPeerIdFilterGroup |
1.3.6.1.2.1.1.3.2.12 |
The IPsec Policy Peer Identity Filter Table Group. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspCompoundActionGroup |
1.3.6.1.2.1.1.3.2.13 |
The IPsec Policy Compound Action Table and Actions In
Compound Action Table Group. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspStaticActionGroup |
1.3.6.1.2.1.1.3.2.15 |
The IPsec Policy Static Actions Group. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspIpsecGroup |
1.3.6.1.2.1.1.3.2.16 |
This group is the set of objects that support IPsec
actions. These objects are from The IPsec Policy IPsec
Actions Table, The IPsec Proposal Table, and The IPsec
Transform Table. This group also includes objects from the
shared tables: Peer Identity Table, Credential Table,
Negotiation Parameters Table, Credential Management Service
Table and the AH, ESP, and IPComp Transform Table. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|
ipspIkeGroup |
1.3.6.1.2.1.1.3.2.17 |
This group is the set of objects that support IKE
actions. These objects are from The IPsec Policy IKE Action
Table, The IKE Action Proposals Table, The IKE Proposal
Table, The autostart IKE Table and The IKE Identity Table.
This group also includes objects from the shared tables: Peer
Identity Table, Credential Management Service Table and
Negotiation Parameters Table. |
Status: current |
Access: not-accessible |
OBJECT-GROUP |
|
|
|