mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
274 lines
9.7 KiB
Plaintext
274 lines
9.7 KiB
Plaintext
-- *------------------------------------------------------------------
|
|
-- * CISCO-IKE-FLOW-EXT-MIB.my: Internet Key Exchange(IKE) MIB
|
|
-- * extension to CISCO-IKE-FLOW-MIB.
|
|
-- *
|
|
-- * March 2004, Srini Kode
|
|
-- *
|
|
-- * Copyright (c) 2004 by cisco Systems, Inc.
|
|
-- * All rights reserved.
|
|
-- *
|
|
-- *------------------------------------------------------------------
|
|
|
|
CISCO-IKE-FLOW-EXT-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP FROM SNMPv2-CONF
|
|
SnmpAdminString FROM SNMP-FRAMEWORK-MIB
|
|
ciscoMgmt FROM CISCO-SMI
|
|
cisgIpsSgProtocol,
|
|
cisgIpsSgTunIndex FROM CISCO-IPSEC-SIGNALING-MIB
|
|
CIKEIsakmpDoi,
|
|
CIPsecPhase1PeerIdentityType FROM CISCO-IPSEC-TC;
|
|
|
|
|
|
ciscoIkeFlowExtMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200409140000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
" Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
Tel: +1 800 553 -NETS
|
|
E-mail: cs-san@cisco.com"
|
|
DESCRIPTION
|
|
"This MIB module is an extension to
|
|
CISCO-IKE-FLOW-MIB and contains Cisco Specific
|
|
extensions for monitoring IKE.
|
|
|
|
It is for monitoring the structures and status of
|
|
IPsec control flows based on Internet Key Exchange
|
|
protocol.
|
|
|
|
Acronyms
|
|
The following acronyms are used in this document:
|
|
|
|
Flow, Tunnel:
|
|
An ISAKMP SA can be regarded as representing
|
|
a flow of ISAKMP/IKE traffic. Hence an ISAKMP
|
|
is referred to as a 'Phase 1 Tunnel' in this
|
|
document.
|
|
|
|
IPsec:
|
|
Secure IP Protocol.
|
|
|
|
ISAKMP:
|
|
Internet Security Association and Key
|
|
Management Protocol.
|
|
|
|
IKE:
|
|
Internet Key Exchange Protocol.
|
|
|
|
FCSP:
|
|
Fibre Channel Security Protocol.
|
|
|
|
SA:
|
|
Security Association
|
|
(ref: rfc2408).
|
|
|
|
Phase 2 Tunnel:
|
|
AN instance of a non-ISAKMP SA bundle in which
|
|
all the SA share the same proxy identifiers
|
|
protect the same stream of application traffic.
|
|
Such an SA bundle is termed a 'Phase 2 Tunnel'.
|
|
Note that a Phase 2 tunnel may comprise different
|
|
SA bundles and different number of SA bundles at
|
|
different times (due to key refresh). "
|
|
|
|
REVISION "200409140000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module. "
|
|
::= { ciscoMgmt 428 }
|
|
|
|
|
|
-- Objects, Notifications & Conformances
|
|
|
|
ciscoIkeFlowExtMIBNotifs OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowExtMIB 0 }
|
|
ciscoIkeFlowExtMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowExtMIB 1 }
|
|
ciscoIkeFlowExtMIBConform OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowExtMIB 2 }
|
|
|
|
cifeIkeGlobals OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowExtMIBObjects 1 }
|
|
|
|
|
|
cifeClearAllTunnels OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
clearIPSec(2),
|
|
clearFCSP(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Clears all the tunnels of a specific type.
|
|
'none' is returned on reading this object.
|
|
'clearIPSec' all the IPSec tunnels are cleared.
|
|
'clearFCSP' all FCSP tunnels are cleared. "
|
|
::= { cifeIkeGlobals 1 }
|
|
|
|
|
|
---
|
|
--- cifeTunnelExtTable
|
|
---
|
|
|
|
cifeTunnelExtTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CifeTunnelExtEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Phase-1 Internet Key Exchange Tunnel Table.
|
|
There is one entry in this table for each active
|
|
IKE tunnel. This table is an extension to
|
|
cifIkeTunnelTable defined in CISCO-IKE-FLOW-MIB.
|
|
Some information in this table is also present in
|
|
the cisgIpsSgTunnelTable, but the table is indexed
|
|
differently so that the rows in this table are
|
|
grouped/ordered by domain of interpretation (DOI). "
|
|
::= { ciscoIkeFlowExtMIBObjects 2 }
|
|
|
|
cifeTunnelExtEntry OBJECT-TYPE
|
|
SYNTAX CifeTunnelExtEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains the attributes associated with
|
|
an active IKE Tunnel, identified by
|
|
cisgIpsSgTunIndex, for the IKE protocol, identified
|
|
by cisgIpsSgProtocol, in this DOI, identified by
|
|
cifeTunnelExtDoi. "
|
|
INDEX { cifeTunnelExtDoi, cisgIpsSgProtocol,
|
|
cisgIpsSgTunIndex }
|
|
::= { cifeTunnelExtTable 1}
|
|
|
|
CifeTunnelExtEntry ::= SEQUENCE {
|
|
cifeTunnelExtDoi CIKEIsakmpDoi,
|
|
cifeTunnelExtLocalIdenType CIPsecPhase1PeerIdentityType,
|
|
cifeTunnelExtLocalIdentity SnmpAdminString,
|
|
cifeTunnelExtRemoteIdenType CIPsecPhase1PeerIdentityType,
|
|
cifeTunnelExtRemoteIdentity SnmpAdminString
|
|
}
|
|
|
|
cifeTunnelExtDoi OBJECT-TYPE
|
|
SYNTAX CIKEIsakmpDoi
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This identifies the DOI of Phase-2 operations in
|
|
which this control tunnel operates. This may be
|
|
used to identify the Phase-2 protocol. "
|
|
::= { cifeTunnelExtEntry 1 }
|
|
|
|
cifeTunnelExtLocalIdenType OBJECT-TYPE
|
|
SYNTAX CIPsecPhase1PeerIdentityType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of the identity used by the managed entity
|
|
authenticating itself to the peer in the setup of the
|
|
IKE tunnel corresponding to this conceptual row.
|
|
|
|
This object would have same value as
|
|
cisgIpsSgTunLocalType from
|
|
CISCO-IPSEC-SIGNALLING-MIB. "
|
|
::= { cifeTunnelExtEntry 2 }
|
|
|
|
cifeTunnelExtLocalIdentity OBJECT-TYPE
|
|
SYNTAX SnmpAdminString(SIZE(1..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the local peer identity.
|
|
|
|
This object would have same value as
|
|
cisgIpsSgTunLocalValue from
|
|
CISCO-IPSEC-SIGNALLING-MIB. "
|
|
::= { cifeTunnelExtEntry 3 }
|
|
|
|
cifeTunnelExtRemoteIdenType OBJECT-TYPE
|
|
SYNTAX CIPsecPhase1PeerIdentityType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of the identity used by the peer in
|
|
authenticating itself to the local entity in the
|
|
setup of the IKE tunnel corresponding to this
|
|
conceptual row.
|
|
|
|
This object would have same value as
|
|
cisgIpsSgTunRemoteType from
|
|
CISCO-IPSEC-SIGNALLING-MIB. "
|
|
::= { cifeTunnelExtEntry 4 }
|
|
|
|
cifeTunnelExtRemoteIdentity OBJECT-TYPE
|
|
SYNTAX SnmpAdminString(SIZE(1..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the remote peer identity.
|
|
|
|
This object would have same value as
|
|
cisgIpsSgTunRemoteValue from
|
|
CISCO-IPSEC-SIGNALLING-MIB. "
|
|
::= { cifeTunnelExtEntry 5 }
|
|
|
|
|
|
|
|
--
|
|
-- Cisco IKE extension Module Compliance
|
|
--
|
|
|
|
cifeMIBConformances OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowExtMIBConform 1 }
|
|
|
|
cifeMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoIkeFlowExtMIBConform 2 }
|
|
|
|
cifeMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which
|
|
implement the Cisco IKE extension MIB. "
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
cifeGlobalsGroup,
|
|
cifeTunnelExtGroup
|
|
}
|
|
::= { cifeMIBConformances 1 }
|
|
|
|
--
|
|
-- MIB Groups (Units of Conformance)
|
|
--
|
|
|
|
cifeGlobalsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cifeClearAllTunnels
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing Global
|
|
IKE configuration. "
|
|
::= { cifeMIBGroups 1 }
|
|
|
|
cifeTunnelExtGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cifeTunnelExtLocalIdenType,
|
|
cifeTunnelExtLocalIdentity,
|
|
cifeTunnelExtRemoteIdenType,
|
|
cifeTunnelExtRemoteIdentity
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The collection of objects providing IKE tunnels
|
|
info. "
|
|
::= { cifeMIBGroups 2 }
|
|
|
|
END
|