mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
1374 lines
46 KiB
Plaintext
1374 lines
46 KiB
Plaintext
-- *------------------------------------------------------------------
|
|
-- * CISCO-IKE-FLOW-MIB.my:
|
|
-- * IKE Flow Monitoring MIB
|
|
-- *
|
|
-- * July 2004, S Ramakrishnan
|
|
-- *
|
|
-- * Copyright (c) 2004 by Cisco Systems, Inc.
|
|
-- * All rights reserved.
|
|
-- *------------------------------------------------------------------
|
|
|
|
CISCO-IKE-FLOW-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
Counter32,
|
|
Counter64,
|
|
Unsigned32 FROM SNMPv2-SMI
|
|
TruthValue FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP,
|
|
NOTIFICATION-GROUP FROM SNMPv2-CONF
|
|
cisgIpsSgProtocol,
|
|
cisgIpsSgTunIndex,
|
|
cisgIpsSgTunHistIndex,
|
|
cisgIpsSgFailLocalAddress,
|
|
cisgIpsSgFailRemoteAddress FROM CISCO-IPSEC-SIGNALING-MIB
|
|
CIPsecIkeNegoMode,
|
|
CIPsecDiffHellmanGrp FROM CISCO-IPSEC-TC
|
|
ciscoMgmt FROM CISCO-SMI;
|
|
|
|
ciscoIkeFlowMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200409140000Z"
|
|
ORGANIZATION "Cisco Systems"
|
|
CONTACT-INFO
|
|
" Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
E-mail: cs-ipsecmib@external.cisco.com"
|
|
|
|
DESCRIPTION
|
|
"This is a MIB module for monitoring the structures
|
|
and status of IPsec control flows based on Internet
|
|
Key Exchange protocol. The MIB models standard
|
|
aspects of the IKE protocol.
|
|
|
|
Synopsis
|
|
|
|
This MIB module models status, performance and
|
|
failures of the IKEv1- and IKEv2-based signaling in
|
|
IPsec, FC-SP(and similar) protocols. In practice,
|
|
the security protocols such as IPsec, FC-SP and
|
|
CTS use a signaling protocol such as IKE, KINK,
|
|
or some such. A number of characteristics of these
|
|
signaling protocols are generic.
|
|
The generic attributes and status of signaling
|
|
activity has been modeled in
|
|
CISCO-IPSEC-SIGNALING-MIB. This MIB module augments
|
|
CISCO-IPSEC-SIGNALING-MIB with IKE-specific
|
|
MIB objects.
|
|
(Signaling protocols are also referred to this
|
|
document as 'Control Protocols', since they perform
|
|
session control.)
|
|
|
|
History of the MIB
|
|
A precursor to this MIB was written by Tivoli and
|
|
implemented in IBM Nways routers in 1999. That
|
|
MIB instrumented both IKE(v1) and IPsec in a
|
|
single module. During late 1999, Cisco adopted
|
|
the MIB and together with Tivoli published the
|
|
IPsec Flow Monitor MIB in IETF IPsec WG in
|
|
draft-ietf-ipsec-flow-monitoring-mib-00.txt.
|
|
In 2000, the MIB was Cisco-ized and implemented
|
|
this draft as CISCO-IPSEC-FLOW-MONITOR-MIB in
|
|
IOS and VPN3000 platforms.
|
|
|
|
With the evolution of IKEv2, the MIB was modified
|
|
and presented to the IPsec WG again in May 2003
|
|
in draft-ietf-ipsec-flow-monitoring-mib-02.txt.
|
|
|
|
This version of the draft is a Cisco-ized version
|
|
that culls out the IKE-specific aspects of the
|
|
IPsec Flow Monitor MIB.
|
|
|
|
Overview of MIB
|
|
The MIB contains five major groups of objects which
|
|
are used to manage the IKE protocol activity. These
|
|
groups include the global statistics, IKE tunnel
|
|
table, IKE History Group and a notification Group.
|
|
|
|
The tunnel table and the history table have a
|
|
sparse-table relationship with the corresponding
|
|
tables in the CISCO-IPSEC-SIGNALING-MIB
|
|
(details in the DESCRIPTION of the respective
|
|
tables).
|
|
|
|
Acronyms
|
|
The following acronyms are used in this document:
|
|
|
|
Flow, Tunnel:
|
|
An ISAKMP SA can be regarded as representing
|
|
a flow of ISAKMP/IKE traffic. Hence an ISAKMP
|
|
is referred to as a 'Phase 1 Tunnel' in this
|
|
document.
|
|
|
|
IPsec:
|
|
Secure IP Protocol
|
|
|
|
ISAKMP:
|
|
Internet Security Association and Key
|
|
Management Protocol
|
|
|
|
IKE:
|
|
Internet Key Exchange Protocol
|
|
|
|
MM:
|
|
Main Mode - the process of setting up
|
|
a Phase 1 SA to secure the exchanges
|
|
required to setup Phase 2 SAs
|
|
|
|
Phase 2 Tunnel:
|
|
AN instance of a non-ISAKMP SA bundle in
|
|
which all the SA share the same proxy
|
|
identifiers (IDii,IDir) protect the same
|
|
stream of application traffic.
|
|
Such an SA bundle is termed a 'Phase 2 Tunnel'.
|
|
Note that a Phase 2 tunnel may comprise
|
|
different SA bundles and different number of
|
|
SA bundles at different
|
|
times (due to key refresh).
|
|
|
|
QM:
|
|
Quick Mode - the process of setting up
|
|
Phase 2 Security Associations using a
|
|
Phase 1 SA.
|
|
|
|
SA:
|
|
Security Association (ref: rfc2408).
|
|
|
|
VPN:
|
|
Virtual Private Network. "
|
|
|
|
REVISION "200409140000Z"
|
|
DESCRIPTION
|
|
"Initial version."
|
|
::= { ciscoMgmt 429 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- IKE MIB Object Groups
|
|
--
|
|
-- This MIB module contains the following groups:
|
|
-- 1) IKE Globals group
|
|
-- 2) IKE Tunnel table
|
|
-- 3) IKE History group
|
|
-- 4) IKE Failure group
|
|
-- 5) IKE Notifications group
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
ciscoIkeFlowMIBNotifs OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowMIB 0 }
|
|
|
|
ciscoIkeFlowMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowMIB 1 }
|
|
|
|
ciscoIkeFlowMIBConform OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowMIB 2 }
|
|
|
|
cifIkeCurrentActivity OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowMIBObjects 1 }
|
|
|
|
cifIkeHistory OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowMIBObjects 2 }
|
|
|
|
cifIkeNotifControl OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowMIBObjects 3 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The IKE Global Statistics Table
|
|
-- This table has a sparse table relationship with the generic
|
|
-- IPsec Phase-1 Global Statistics table defined in
|
|
-- CISCO-IPSEC-SIGNALING-MIB.
|
|
-- For those rows in the generic Phase-1 Global Statistics table
|
|
-- that corresponds to IKE protocol, there is one row in
|
|
-- the following table.
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
cifIkeGlobalStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CifIkeGlobalStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The Phase-1 IKE Global Statistics Table.
|
|
There is one entry in this table for each Phase-1 IKE,
|
|
protocol('cpIkev1' and 'cpIkev2') implemented by the
|
|
managed entity.
|
|
|
|
For all the counter objects in the table below, initially when
|
|
the IKE Tunnel becomes active and appears in this
|
|
table, they would contain a value of zero.
|
|
"
|
|
::= { cifIkeCurrentActivity 1 }
|
|
|
|
cifIkeGlobalStatsEntry OBJECT-TYPE
|
|
SYNTAX CifIkeGlobalStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
Each entry contains the global statistics pertaining
|
|
to the specific IKE protocol.
|
|
"
|
|
INDEX { cisgIpsSgProtocol }
|
|
::= { cifIkeGlobalStatsTable 1 }
|
|
|
|
CifIkeGlobalStatsEntry ::= SEQUENCE {
|
|
cifIkeGlobalInP2Exchgs Counter64,
|
|
cifIkeGlobalInP2ExchgInvalids Counter64,
|
|
cifIkeGlobalInP2ExchgRejects Counter64,
|
|
cifIkeGlobalOutP2Exchgs Counter64,
|
|
cifIkeGlobalOutP2ExchgInvalids Counter64,
|
|
cifIkeGlobalOutP2ExchgRejects Counter64,
|
|
cifIkeGlobalInXauths Counter64,
|
|
cifIkeGlobalInXauthFailures Counter64,
|
|
cifIkeGlobalOutXauthFailures Counter64,
|
|
cifIkeGlobalInNewGrpReqs Counter64,
|
|
cifIkeGlobalOutNewGrpReqs Counter64,
|
|
cifIkeGlobalInNewGrpRejectReqs Counter64,
|
|
cifIkeGlobalOutNewGrpRejectReqs Counter64
|
|
}
|
|
|
|
cifIkeGlobalInP2Exchgs OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges
|
|
received by all currently and previously
|
|
active Phase-1 Tunnels.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 1 }
|
|
|
|
cifIkeGlobalInP2ExchgInvalids OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges which were
|
|
received and found to be invalid by all currently and
|
|
previously active Phase-1 Tunnels.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 2 }
|
|
|
|
cifIkeGlobalInP2ExchgRejects OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges
|
|
which were received and rejected by all
|
|
currently and previously active Phase-1 Tunnels.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 3 }
|
|
|
|
cifIkeGlobalOutP2Exchgs OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges which were
|
|
sent by all currently and previously active IPsec
|
|
Phase-1 Tunnels.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 4 }
|
|
|
|
cifIkeGlobalOutP2ExchgInvalids OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges which were
|
|
sent and found to be invalid by all currently and
|
|
previously active Phase-1 Tunnels.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 5 }
|
|
|
|
cifIkeGlobalOutP2ExchgRejects OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges
|
|
which were sent and rejected by all currently and
|
|
previously active Phase-1 IKE Tunnels.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 6 }
|
|
|
|
cifIkeGlobalInXauths OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Failures"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The number of times the extended authentication
|
|
requests was received by the managed entity
|
|
from a peer.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 7 }
|
|
|
|
cifIkeGlobalInXauthFailures OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Failures"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The number of times the extended authentication
|
|
information supplied by an IKE peer was found
|
|
to be invalid by the local entity.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 8 }
|
|
|
|
cifIkeGlobalOutXauthFailures OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Failures"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The number of times the extended authentication
|
|
information supplied by the managed entity to an
|
|
IKE peer was found to be invalid by the remote peer.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 9 }
|
|
|
|
cifIkeGlobalInNewGrpReqs OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
remotely.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 10 }
|
|
|
|
cifIkeGlobalOutNewGrpReqs OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
locally.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 11 }
|
|
|
|
cifIkeGlobalInNewGrpRejectReqs OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
remotely that ended in reject.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 12 }
|
|
|
|
cifIkeGlobalOutNewGrpRejectReqs OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
locally that ended in reject.
|
|
"
|
|
::= { cifIkeGlobalStatsEntry 13 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The Internet Key Exchange Tunnel Table
|
|
-- This table has a sparse table relationship with the generic
|
|
-- IPsec Phase-1 Tunnel table defined in
|
|
-- CISCO-IPSEC-SIGNALING-MIB.
|
|
-- For those rows in the generic Phase-1 Tunnel table
|
|
-- that corresponds to IKE protocol, there is one row in
|
|
-- the following table.
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
cifIkeTunnelTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CifIkeTunnelEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The Phase-1 Internet Key Exchange Tunnel Table.
|
|
There is one entry in this table for each active IPsec
|
|
Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeCurrentActivity 3 }
|
|
|
|
cifIkeTunnelEntry OBJECT-TYPE
|
|
SYNTAX CifIkeTunnelEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
Each entry contains the attributes associated with
|
|
an active Phase-1 IKE Tunnel.
|
|
|
|
The rows in this table correspond 1-to-1 with a subset of
|
|
the rows in cisgIpsSgTunnelTable, specifically the subset
|
|
which represent Phase-1 IKE Tunnels.
|
|
|
|
Hence, the value of the index 'cisgIpsSgProtocol'
|
|
in this table is always 'cpIkev1' or 'cpIkev2'.
|
|
|
|
For all the counter objects in the table below, initially when
|
|
the Phase-1 IKE Tunnel becomes active and appears in this
|
|
table, they would contain a value of zero.
|
|
"
|
|
INDEX { cisgIpsSgProtocol, cisgIpsSgTunIndex }
|
|
::= { cifIkeTunnelTable 1}
|
|
|
|
CifIkeTunnelEntry ::= SEQUENCE {
|
|
cifIkeTunNegoMode CIPsecIkeNegoMode,
|
|
cifIkeTunDHGrp CIPsecDiffHellmanGrp,
|
|
cifIkeTunSaRefreshThreshold Unsigned32,
|
|
cifIkeTunTotalRefreshes Counter32,
|
|
cifIkeTunInP2Exchgs Counter32,
|
|
cifIkeTunInP2ExchgInvalids Counter32,
|
|
cifIkeTunInP2ExchgRejects Counter32,
|
|
cifIkeTunInP2SaDelRequests Counter32,
|
|
cifIkeTunOutP2Exchgs Counter32,
|
|
cifIkeTunOutP2ExchgInvalids Counter32,
|
|
cifIkeTunOutP2ExchgRejects Counter32,
|
|
cifIkeTunInNewGrpReqs Counter32,
|
|
cifIkeTunOutNewGrpReqs Counter32,
|
|
cifIkeTunInNewGrpRejectedReqs Counter32,
|
|
cifIkeTunOutNewGrpRejectedReqs Counter32,
|
|
cifIkeTunInConfigs Counter32,
|
|
cifIkeTunOutConfigs Counter32,
|
|
cifIkeTunInConfigRejects Counter32,
|
|
cifIkeTunOutConfigRejects Counter32
|
|
}
|
|
|
|
cifIkeTunNegoMode OBJECT-TYPE
|
|
SYNTAX CIPsecIkeNegoMode
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The negotiation mode of the Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 1 }
|
|
|
|
cifIkeTunDHGrp OBJECT-TYPE
|
|
SYNTAX CIPsecDiffHellmanGrp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The Diffie Hellman Group used in Phase-1 IKE
|
|
negotiations.
|
|
"
|
|
::= { cifIkeTunnelEntry 2 }
|
|
|
|
cifIkeTunSaRefreshThreshold OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..2147483647)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The security association refresh threshold in seconds.
|
|
If the tunnel does not refresh its security associations,
|
|
the value of this MIB object is zero.
|
|
"
|
|
::= { cifIkeTunnelEntry 3 }
|
|
|
|
cifIkeTunTotalRefreshes OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "QM Exchanges"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of security associations refreshes
|
|
performed. If the tunnel does not refresh its security
|
|
associations, the value of this MIB object is never
|
|
incremented.
|
|
"
|
|
::= { cifIkeTunnelEntry 4 }
|
|
|
|
cifIkeTunInP2Exchgs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges received by
|
|
this Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 5 }
|
|
|
|
cifIkeTunInP2ExchgInvalids OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges received and
|
|
found to be invalid by this Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 6 }
|
|
|
|
cifIkeTunInP2ExchgRejects OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges received and
|
|
rejected by this Phase-1 Tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 7 }
|
|
|
|
cifIkeTunInP2SaDelRequests OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Notification Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 security association
|
|
delete requests received by this Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 8 }
|
|
|
|
cifIkeTunOutP2Exchgs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges sent by
|
|
this Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 9 }
|
|
|
|
cifIkeTunOutP2ExchgInvalids OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges sent and
|
|
found to be invalid by this Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 10 }
|
|
|
|
cifIkeTunOutP2ExchgRejects OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges sent and
|
|
rejected by this Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 11 }
|
|
|
|
cifIkeTunInNewGrpReqs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
remotely using this IKE tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 12 }
|
|
|
|
cifIkeTunOutNewGrpReqs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
locally using this IKE tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 13 }
|
|
|
|
cifIkeTunInNewGrpRejectedReqs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
remotely using this IKE tunnel that ended in reject.
|
|
"
|
|
::= { cifIkeTunnelEntry 14 }
|
|
|
|
cifIkeTunOutNewGrpRejectedReqs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
locally using this IKE tunnel that ended in reject.
|
|
"
|
|
::= { cifIkeTunnelEntry 15 }
|
|
|
|
cifIkeTunInConfigs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Mode Configuration Setting Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Mode Configuration settings
|
|
received (either CFG_REPLY or CFG_SET payloads)
|
|
by the local entity on the ISAKMP SA represented by
|
|
this IKE tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 16 }
|
|
|
|
cifIkeTunOutConfigs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Mode Configuration Setting Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Mode Configuration settings
|
|
dispatched (either CFG_REPLY or CFG_SET payloads)
|
|
by the local entity on the ISAKMP SA represented by
|
|
this IKE tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 17 }
|
|
|
|
cifIkeTunInConfigRejects OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Mode Configuration Setting Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Mode Configuration settings
|
|
which were received (either CFG_REPLY or CFG_SET
|
|
payloads) and rejected by this entity using the ISAKMP
|
|
SA represented by this IKE tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 18 }
|
|
|
|
cifIkeTunOutConfigRejects OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Mode Configuration Setting Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Mode Configuration settings
|
|
which were dispatched (either CFG_REPLY or CFG_SET
|
|
payloads) by this entity and were rejected by the
|
|
peer (client) using the ISAKMP SA represented by
|
|
this IKE tunnel.
|
|
"
|
|
::= { cifIkeTunnelEntry 19 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The IKE History Group:
|
|
-- The IKE Tunnel History Table
|
|
-- This table has a sparse table relationship with the
|
|
-- generic Phase-1 Tunnel history table
|
|
-- 'cisgIpsSgTunnelHistTable' defined in
|
|
-- CISCO-IPSEC-SIGNALING-MIB.
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
cifIkeTunnelHistTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CifIkeTunnelHistEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The Phase-1 Internet Key Exchange Tunnel
|
|
history table.
|
|
|
|
This table is conceptually a sliding window in
|
|
which only the last 'N' entries are maintained,
|
|
where 'N' is the value of the object
|
|
'cisgIpsSgHistTableSize' (defined in
|
|
defined in CISCO-IPSEC-SIGNALING-MIB).
|
|
|
|
If the value of 'cisgIpsSgHistTableSize' is 0,
|
|
then this table will be empty.
|
|
|
|
For all the counter objects in the table below, initially
|
|
when the Tunnel entry appears in this table, they would
|
|
contain a value of zero.
|
|
"
|
|
::= { cifIkeHistory 1 }
|
|
|
|
cifIkeTunnelHistEntry OBJECT-TYPE
|
|
SYNTAX CifIkeTunnelHistEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
Each entry contains the attributes associated with
|
|
a previously active Phase-1 IKE Tunnel.
|
|
|
|
This table has a sparse table relationship with the
|
|
generic Phase-1 Tunnel history table
|
|
'cisgIpsSgTunnelHistTable' defined in
|
|
CISCO-IPSEC-SIGNALING-MIB. However, the value of the
|
|
index column in this table will always be either
|
|
'cpIkev1' or 'cpIkev2'.
|
|
"
|
|
INDEX {
|
|
cisgIpsSgProtocol,
|
|
cisgIpsSgTunHistIndex
|
|
}
|
|
::= { cifIkeTunnelHistTable 1 }
|
|
|
|
CifIkeTunnelHistEntry ::= SEQUENCE {
|
|
cifIkeTunHistNegoMode CIPsecIkeNegoMode,
|
|
cifIkeTunHistDHGrp CIPsecDiffHellmanGrp,
|
|
cifIkeTunHistTotalRefreshes Counter32,
|
|
cifIkeTunHistTotalSas Counter32,
|
|
cifIkeTunHistInP2Exchgs Counter32,
|
|
cifIkeTunHistInP2ExchgInvalids Counter32,
|
|
cifIkeTunHistInP2ExchgRejects Counter32,
|
|
cifIkeTunHistOutP2Exchgs Counter32,
|
|
cifIkeTunHistOutP2ExchgInvalids Counter32,
|
|
cifIkeTunHistOutP2ExchgRejects Counter32,
|
|
cifIkeTunHistInNewGrpReqs Counter32,
|
|
cifIkeTunHistOutNewGrpReqs Counter32,
|
|
cifIkeTunHistInNewGrpRejectReqs Counter32,
|
|
cifIkeTunHistOutNewGrpRejectReqs Counter32,
|
|
cifIkeTunHistInConfigs Counter32,
|
|
cifIkeTunHistOutConfigs Counter32,
|
|
cifIkeTunHistInConfigsRejects Counter32,
|
|
cifIkeTunHistOutConfigsRejects Counter32
|
|
}
|
|
|
|
cifIkeTunHistNegoMode OBJECT-TYPE
|
|
SYNTAX CIPsecIkeNegoMode
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The negotiation mode of the Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 1 }
|
|
|
|
cifIkeTunHistDHGrp OBJECT-TYPE
|
|
SYNTAX CIPsecDiffHellmanGrp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The Diffie Hellman Group used in Phase-1 IKE
|
|
negotiations.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 2 }
|
|
|
|
cifIkeTunHistTotalRefreshes OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "QM Exchanges"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of security associations
|
|
refreshes performed.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 3 }
|
|
|
|
cifIkeTunHistTotalSas OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SAs"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of security associations used
|
|
during the life of the Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 4 }
|
|
|
|
cifIkeTunHistInP2Exchgs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges received
|
|
by this Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 5 }
|
|
|
|
cifIkeTunHistInP2ExchgInvalids OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges
|
|
received on this tunnel that were found to
|
|
contain references to unrecognized security
|
|
parameters.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 6 }
|
|
|
|
cifIkeTunHistInP2ExchgRejects OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges
|
|
received on this tunnel that were validated but were
|
|
rejected by the local policy.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 7 }
|
|
|
|
cifIkeTunHistOutP2Exchgs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Notification Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 security association
|
|
delete requests received by this Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 8 }
|
|
|
|
cifIkeTunHistOutP2ExchgInvalids OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges sent by
|
|
this Phase-1 IKE Tunnel.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 9 }
|
|
|
|
cifIkeTunHistOutP2ExchgRejects OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "SA Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Phase-2 exchanges
|
|
sent on this tunnel that were rejected by the
|
|
peer, because it contained references to security
|
|
parameters not recognized by the peer.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 10 }
|
|
|
|
cifIkeTunHistInNewGrpReqs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
remotely using this IKE tunnel during its lifetime.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 11 }
|
|
|
|
cifIkeTunHistOutNewGrpReqs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
locally using this IKE tunnel during its lifetime.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 12 }
|
|
|
|
|
|
cifIkeTunHistInNewGrpRejectReqs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
remotely using this IKE tunnel during its lifetime
|
|
that ended in reject.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 13 }
|
|
|
|
cifIkeTunHistOutNewGrpRejectReqs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Negotiations"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of New Group exchanges initiated
|
|
locally using this IKE tunnel during its lifetime
|
|
that ended in reject.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 14 }
|
|
|
|
cifIkeTunHistInConfigs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Mode Configuration Setting Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Mode Configuration settings
|
|
received (either CFG_REPLY or CFG_SET payloads)
|
|
by the local entity on the ISAKMP SA represented by this
|
|
IKE tunnel.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 15 }
|
|
|
|
cifIkeTunHistOutConfigs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Mode Configuration Setting Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Mode Configuration settings
|
|
dispatched (either CFG_REPLY or CFG_SET payloads)
|
|
by the local entity on the ISAKMP SA represented by this
|
|
IKE tunnel.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 16 }
|
|
|
|
cifIkeTunHistInConfigsRejects OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Mode Configuration Setting Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Mode Configuration settings
|
|
which were received (either CFG_REPLY or CFG_SET
|
|
payloads) and rejected by this entity using the ISAKMP
|
|
SA represented by this IKE tunnel.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 17 }
|
|
|
|
cifIkeTunHistOutConfigsRejects OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Mode Configuration Setting Payloads"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The total number of Mode Configuration settings
|
|
which were dispatched (either CFG_REPLY or CFG_SET
|
|
payloads) by this entity and were rejected by the
|
|
peer (client) using the ISAKMP SA represented by this
|
|
IKE tunnel.
|
|
"
|
|
::= { cifIkeTunnelHistEntry 18 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The IKE Control Group
|
|
--
|
|
-- This group of objects controls the sending of IKE TRAPs.
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
cifIkeNotifCntlInNewGrpRejected OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The generation of the 'ciscoIkeFlowInNewGrpRejected'
|
|
notification is enabled if and only if this object has the
|
|
value 'true'.
|
|
"
|
|
DEFVAL { false }
|
|
::= { cifIkeNotifControl 1 }
|
|
|
|
cifIkeNotifCntlOutNewGrpRejected OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
The generation of the 'ciscoIkeFlowOutNewGrpRejected'
|
|
notification is enabled if and only if this object has the
|
|
value 'true'.
|
|
"
|
|
DEFVAL { false }
|
|
::= { cifIkeNotifControl 2 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- Internet Key Exchange Notifications
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
ciscoIkeFlowInNewGrpRejected NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cisgIpsSgFailLocalAddress,
|
|
cisgIpsSgFailRemoteAddress
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This notification is generated when the managed
|
|
entity receives and rejects an incoming new group
|
|
proposal from an IKE peer identified by
|
|
'cisgIpsSgFailRemoteAddress'.
|
|
'cisgIpsSgFailLocalAddress' identifies the address of
|
|
the local peer.
|
|
The ISAKMP context of the exchange can be obtained
|
|
from the IKE tunnel index which is contained in the
|
|
index of the varbind objects of this trap.
|
|
"
|
|
::= { ciscoIkeFlowMIBNotifs 1 }
|
|
|
|
ciscoIkeFlowOutNewGrpRejected NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cisgIpsSgFailLocalAddress,
|
|
cisgIpsSgFailRemoteAddress
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This notification is generated when the managed entity
|
|
issues a new group proposal to the remote peer identified
|
|
by 'cisgIpsSgFailRemoteAddress' and the peer rejects the
|
|
proposal. 'cisgIpsSgFailLocalAddress' identifies the
|
|
address of the local peer.
|
|
The ISAKMP context of the exchange can be
|
|
obtained from the IKE tunnel index which is contained
|
|
in the index of the varbind objects of this trap.
|
|
"
|
|
::= { ciscoIkeFlowMIBNotifs 2 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- Conformance Information
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
ciscoIkeFlowMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowMIBConform 1 }
|
|
|
|
ciscoIkeFlowMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowMIBConform 2 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- Compliance Statements
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
ciscoIkeFlowMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for SNMP entities
|
|
implementing this MIB."
|
|
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoIkeFlowActivityGroup
|
|
}
|
|
|
|
GROUP cifIkeFlowNewGroupGroup
|
|
DESCRIPTION
|
|
"This group is conditionally mandatory and must be
|
|
implemented by the agent of the managed entity if and only
|
|
if the IKE implementation on the managed entity
|
|
implements new group operations."
|
|
|
|
GROUP cifIkeFlowXauthGroup
|
|
DESCRIPTION
|
|
"This group is conditionally mandatory and must be
|
|
implemented by the agent of the managed entity
|
|
if the managed entity implements remote access
|
|
of users using IPsec and implements extended
|
|
authentication as a part of its IKE implementation."
|
|
|
|
GROUP cifIkeFlowModeConfigGroup
|
|
DESCRIPTION
|
|
"This group is a conditionally mandatory group which
|
|
must be implemented by the agent of the managed entity if
|
|
the managed entity implements Mode Configuration
|
|
as a part of IKE."
|
|
|
|
GROUP cifIkeFlowHistoryGroup
|
|
DESCRIPTION
|
|
"This group is conditionally mandatory and must be
|
|
implemented by the agent of the managed entity if and only
|
|
if
|
|
a) the managed entity implements Internet Key
|
|
Exchange as an IPsec control protocol and
|
|
b) the managed entity implements historical
|
|
archiving of IKE tunnels (ISAKMP security
|
|
associations)."
|
|
|
|
GROUP cifIkeFlowNewGroupHistoryGroup
|
|
DESCRIPTION
|
|
"This group is conditionally mandatory and must be
|
|
implemented by the agent of the managed entity if and only
|
|
if
|
|
a) the managed entity implements the group
|
|
'cifIkeFlowHistoryGroup' and
|
|
b) the managed entity supports new group
|
|
operations."
|
|
|
|
GROUP cifIkeFlowModeConfigHistoryGroup
|
|
DESCRIPTION
|
|
"This group is conditionally mandatory and must be
|
|
implemented by the agent of the managed entity if and only
|
|
if
|
|
a) the managed entity implements the group
|
|
'cifIkeFlowHistoryGroup' and
|
|
b) the managed entity implements mode configuration
|
|
operations."
|
|
|
|
GROUP cifIkeFlowNotificationGroup
|
|
DESCRIPTION
|
|
"This group is conditionally mandatory. It may be
|
|
implemented only if the group 'cifIkeFlowNewGroupGroup'
|
|
is implemented. This is because the only
|
|
notifications defined in this version of
|
|
the MIB Module pertain to New Group negotiations."
|
|
|
|
|
|
GROUP cifIkeFlowNotifCntlGroup
|
|
DESCRIPTION
|
|
"This group is conditionally mandatory and the agent
|
|
must implement this group if it implements
|
|
the group 'cifIkeFlowNotificationGroup'."
|
|
|
|
::= { ciscoIkeFlowMIBCompliances 1 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- Units of Conformance: List of current groups
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
ciscoIkeFlowActivityGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
--
|
|
-- Metrics pertaining to
|
|
-- IKE real-time status
|
|
--
|
|
cifIkeGlobalInP2Exchgs,
|
|
cifIkeGlobalInP2ExchgInvalids,
|
|
cifIkeGlobalInP2ExchgRejects,
|
|
cifIkeGlobalOutP2Exchgs,
|
|
cifIkeGlobalOutP2ExchgInvalids,
|
|
cifIkeGlobalOutP2ExchgRejects,
|
|
|
|
-- Tunnel-level metrics pertaining to
|
|
-- Internet Key Exchange Tunnel
|
|
cifIkeTunNegoMode ,
|
|
cifIkeTunDHGrp ,
|
|
cifIkeTunSaRefreshThreshold ,
|
|
cifIkeTunTotalRefreshes ,
|
|
cifIkeTunInP2Exchgs ,
|
|
cifIkeTunInP2ExchgInvalids ,
|
|
cifIkeTunInP2ExchgRejects ,
|
|
cifIkeTunInP2SaDelRequests ,
|
|
cifIkeTunOutP2Exchgs ,
|
|
cifIkeTunOutP2ExchgInvalids ,
|
|
cifIkeTunOutP2ExchgRejects
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This group consists of objects that track the
|
|
current IKE protocol activity:
|
|
1) IKE Global Objects
|
|
2) IKE Tunnel table.
|
|
"
|
|
REFERENCE
|
|
"
|
|
rfc2408, rfc2407; rfc2409 section 5.1, 5.2, 5.3
|
|
and 5.4.
|
|
"
|
|
::= { ciscoIkeFlowMIBGroups 1 }
|
|
|
|
cifIkeFlowNewGroupGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
--
|
|
-- Metrics pertaining to IKE New Group
|
|
-- operations.
|
|
--
|
|
cifIkeGlobalInNewGrpReqs,
|
|
cifIkeGlobalOutNewGrpReqs,
|
|
cifIkeGlobalInNewGrpRejectReqs ,
|
|
cifIkeGlobalOutNewGrpRejectReqs ,
|
|
cifIkeTunInNewGrpReqs ,
|
|
cifIkeTunOutNewGrpReqs ,
|
|
cifIkeTunInNewGrpRejectedReqs ,
|
|
cifIkeTunOutNewGrpRejectedReqs
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This group consists of:
|
|
1) Global metrics about new group negotiations
|
|
2) IKE Tunnel-wise new group metrics
|
|
"
|
|
REFERENCE
|
|
"
|
|
rfc2408, rfc2407; rfc2409 section 5.6.
|
|
"
|
|
::= { ciscoIkeFlowMIBGroups 2 }
|
|
|
|
cifIkeFlowXauthGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
-- The IPsec extended authentication (Phase-1.5)
|
|
-- Global Statistics
|
|
cifIkeGlobalInXauths,
|
|
cifIkeGlobalInXauthFailures,
|
|
cifIkeGlobalOutXauthFailures
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This group consists of metrics pertaining to
|
|
IKE extended authentication. Devices that do
|
|
not support Xauth need not implement this group.
|
|
"
|
|
::= { ciscoIkeFlowMIBGroups 3 }
|
|
|
|
cifIkeFlowModeConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
-- The IPsec extended authentication (Phase-1.5)
|
|
-- Global Statistics
|
|
cifIkeTunInConfigs ,
|
|
cifIkeTunOutConfigs ,
|
|
cifIkeTunInConfigRejects ,
|
|
cifIkeTunOutConfigRejects
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This group consists of metrics pertaining to
|
|
IKE extended authentication. Devices that do
|
|
not support Xauth need not implement this group.
|
|
"
|
|
::= { ciscoIkeFlowMIBGroups 4 }
|
|
|
|
cifIkeFlowHistoryGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
-- IKE History Global Control Objects
|
|
cifIkeTunHistNegoMode ,
|
|
cifIkeTunHistDHGrp ,
|
|
cifIkeTunHistTotalRefreshes ,
|
|
cifIkeTunHistTotalSas ,
|
|
cifIkeTunHistInP2Exchgs ,
|
|
cifIkeTunHistInP2ExchgInvalids ,
|
|
cifIkeTunHistInP2ExchgRejects ,
|
|
cifIkeTunHistOutP2Exchgs ,
|
|
cifIkeTunHistOutP2ExchgInvalids ,
|
|
cifIkeTunHistOutP2ExchgRejects
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This group consists of the core (mandatory)
|
|
objects pertaining to maintaining history of
|
|
Internet Key Exchange protocol activity.
|
|
"
|
|
::= { ciscoIkeFlowMIBGroups 5 }
|
|
|
|
cifIkeFlowNewGroupHistoryGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
-- IKE History pertaining to new group
|
|
cifIkeTunHistInNewGrpReqs ,
|
|
cifIkeTunHistOutNewGrpReqs ,
|
|
cifIkeTunHistInNewGrpRejectReqs ,
|
|
cifIkeTunHistOutNewGrpRejectReqs
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This group consists of archive of new group
|
|
activity pertaining to expired IKE Phase-1
|
|
tunnels.
|
|
"
|
|
::= { ciscoIkeFlowMIBGroups 6 }
|
|
|
|
cifIkeFlowModeConfigHistoryGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
-- IKE History pertaining to new group
|
|
cifIkeTunHistInConfigs ,
|
|
cifIkeTunHistOutConfigs ,
|
|
cifIkeTunHistInConfigsRejects ,
|
|
cifIkeTunHistOutConfigsRejects
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This group consists of archive of mode
|
|
config activity pertaining to expired IKE
|
|
Phase-1 Tunnels.
|
|
"
|
|
::= { ciscoIkeFlowMIBGroups 7 }
|
|
|
|
|
|
cifIkeFlowNotifCntlGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cifIkeNotifCntlInNewGrpRejected,
|
|
cifIkeNotifCntlOutNewGrpRejected
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This group of objects controls the sending
|
|
of notifications pertaining to Phase-1 IKE
|
|
operations.
|
|
"
|
|
::= { ciscoIkeFlowMIBGroups 8 }
|
|
|
|
cifIkeFlowNotificationGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
ciscoIkeFlowInNewGrpRejected,
|
|
ciscoIkeFlowOutNewGrpRejected
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"
|
|
This group contains the notifications pertaining
|
|
to Phase-1 IKE operations.
|
|
"
|
|
REFERENCE
|
|
"
|
|
rfc2408, rfc2407; rfc2409 section 5.1, 5.2, 5.3
|
|
and 5.4.
|
|
"
|
|
::= { ciscoIkeFlowMIBGroups 9 }
|
|
|
|
END
|