-- *------------------------------------------------------------------
-- * CISCO-IPSEC-PROVISIONING-MIB.my: IPsec Provisioning MIB
-- *
-- * August 2004, S Ramakrishnan, John Fan
-- *
-- * Copyright (c) 2004, 2005 by Cisco Systems, Inc.
-- * All rights reserved.
-- *
-- *------------------------------------------------------------------
CISCO-IPSEC-PROVISIONING-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,Unsigned32FROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUP,NOTIFICATION-GROUPFROM SNMPv2-CONF
RowStatus,TruthValueFROM SNMPv2-TC
ifIndex FROM IF-MIB
SnmpAdminStringFROM SNMP-FRAMEWORK-MIB
InetAddressType,InetAddressFROM INET-ADDRESS-MIB
CIPsecTransform,
CIPsecLifetime,
CIPsecTunnelIdleTime,
CIPsecLifesize,
CIPsecEncapMode,
CIPsecDiffHellmanGrp,
CIPsecNumCryptoMaps,
CIPsecCryptomapType,
CIPsecSecuritySuite FROM CISCO-IPSEC-TC
ciscoMgmt FROM CISCO-SMI;ciscoIPsecProvisioningMIB MODULE-IDENTITYLAST-UPDATED"200511020000Z"ORGANIZATION"Cisco Systems, Inc."CONTACT-INFO"Cisco Systems
Network Management Technology Group
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-ipsecurity@cisco.com"DESCRIPTION"IPSec is the next-generation network layer crypto
framework described in RFC2401-2411.
This MIB defines the IPsec configurations.
It may be used to view and provision IPsec-based
VPNs.
To create an IPsec tunnel, you need first configure
Internet Key Exchange (IKE). IKE negotiates Security
Associations with the peer for IPsec. To find out
how to configure IKE, please see
CISCO-IKE-CONFIGURATION-MIB for detail.
Once you setup IKE, you will have to configure IPsec.
To configure IPsec, you need perform following steps.
1. Create an IPsec transform set.
A transform set describes a security protocol
(AH or ESP) with its corresponding algorithms.
For example, ESP with the DES cipher algorithm
and HMAC-SHA for authentication.
2. Create a cryptomap and its peers.
This will a) select data flows that need security
processing and b) defines the policy for these flows
and the crypto peer that traffic needs to go to.
3. Apply cryptomap to an interface
A crypto map is applied to an egress interface.
Outgoing data flows are protected by this cryptomap.
Acronyms
The following acronyms are used in this document:
Static Cryptomap Template:
A static cryptomap template (or static cryptomap)
is a security template created for IPsec.
A static cryptomap pulls together various parts
to set up an IPsec security association
which includes:
- which traffic should be protected by IPsec
- where IPsec protected traffic should be sent
- the local address used for the the IPsec traffic
- which transform sets should be applied to this
traffic
Dynamic Cryptomap Template:
A dynamic cryptomap template (or a dynamic cryptomap)
is essentially a crypto map entry without all the
parameters configured. It acts as a policy template
where the missing parameters are later dynamically
configured (as the result of an IPsec negotiation)
to match a peer's requirements.
Cryptomap Set:
A cryptomap set may contain multiple cryptomap
templates which specify an IPsec policy.
TED:
Tunnel Endpoint Discovery protocol
MIB Structure
-------------
This MIB provides the operational information on
Cisco's IPsec implementation of IPsec. This MIB
delineates ISAKMP and IPsec configuration. This MIB
deals only with IPsec (Phase-2) configuration. The
following entities are managed:
a) IPsec Global Parameters
b) IPsec transform set definitions
c) Cryptomap Group
- Cryptomap Set Table
- Cryptomap Table
- CryptomapSet Transform Binding Table
- CryptomapSet Peer Binding Table
- CryptomapSet Interface Binding Table
d) Notification Control Group
e) Notifications Group
"REVISION"200511020000Z"DESCRIPTION"Updated description of objects in cipsIPsecXformSetTable
and fixed typo."REVISION"200501250000Z"DESCRIPTION"Added new table cipsIfCryptomapSetInfoTable"REVISION"200410010000Z"DESCRIPTION"Initial version of this module.
"::={ ciscoMgmt 431}-- Objects, Notifications & ConformancesciscoIPsecProvisioningMIBNotifs OBJECTIDENTIFIER::={ ciscoIPsecProvisioningMIB 0}ciscoIPsecProvisioningMIBObjects OBJECTIDENTIFIER::={ ciscoIPsecProvisioningMIB 1}ciscoIPsecProvisioningMIBConform OBJECTIDENTIFIER::={ ciscoIPsecProvisioningMIB 2}cipsIPsecGlobals OBJECTIDENTIFIER::={ ciscoIPsecProvisioningMIBObjects 1}cipsIPsecTransforms OBJECTIDENTIFIER::={ ciscoIPsecProvisioningMIBObjects 2}cipsCryptoMapGeneral OBJECTIDENTIFIER::={ ciscoIPsecProvisioningMIBObjects 3}cipsCryptoMaps OBJECTIDENTIFIER::={ ciscoIPsecProvisioningMIBObjects 4}
cipsNotificationCntl OBJECTIDENTIFIER::={ ciscoIPsecProvisioningMIBObjects 5}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Cisco IPsec Global Configuration Group
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipsTunnelLifetime OBJECT-TYPESYNTAX CIPsecLifetime
UNITS"seconds"MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The default lifetime (in seconds) assigned
to an IPsec tunnel as a global policy (maybe
overridden in specific cryptomap definitions).
"REFERENCE"For information on how a security association
is established for an IPsec tunnel, please refer
to RFC2409, section 4, paragraph 4. "
DEFVAL{3600}::={ cipsIPsecGlobals 1}cipsTunnelLifesize OBJECT-TYPESYNTAX CIPsecLifesize
UNITS"KBytes"MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The default lifesize in KBytes assigned to an IPsec
tunnel as a global policy (unless overridden in
cryptomap definition).
"DEFVAL{4608000}::={ cipsIPsecGlobals 2}cipsTunnelIdleTimeout OBJECT-TYPESYNTAX CIPsecTunnelIdleTime
UNITS"seconds"MAX-ACCESSread-write
STATUScurrentDESCRIPTION"The number of seconds of idle time (no activity)
after which an IPsec tunnel (and its parent ISAKMP
SA) is to be deleted. An IPsec tunnel never times out
if a value 0 is specified.
"DEFVAL{0}::={ cipsIPsecGlobals 3}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Transform Sets
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipsIPsecXformSetTable OBJECT-TYPESYNTAXSEQUENCEOF CipsIPsecXformSetEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table contains the list of all the transform sets
configured on the managed entity. A transform set is usually
configured by a management console before a cryptomap is
created. Multiple transform sets could be assigned to a
cryptomap configuration.
"::={ cipsIPsecTransforms 1}cipsIPsecXformSetEntry OBJECT-TYPESYNTAX CipsIPsecXformSetEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry represents a single configured
IPsec transform set.
"INDEX{ cipsXformSetName }::={ cipsIPsecXformSetTable 1}
CipsIPsecXformSetEntry ::=SEQUENCE{
cipsXformSetName SnmpAdminString,
cipsXformSetId Unsigned32,
cipsXformSetSuite CIPsecSecuritySuite,
cipsXformSetEncryptionXform CIPsecTransform,
cipsXformSetIntegrityXformEsp CIPsecTransform,
cipsXformSetIntegrityXformAh CIPsecTransform,
cipsXformSetCompressionXform CIPsecTransform,
cipsXformSetMode CIPsecEncapMode,
cipsXformSetStatus RowStatus}cipsXformSetName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..80))MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This object contains the name of the transform set
corresponding to this conceptual row.
"::={ cipsIPsecXformSetEntry 1}cipsXformSetId OBJECT-TYPESYNTAXUnsigned32(1..2147483647)
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This is the sequence number of the transform set that
uniquely identifies the transform set.
Distinct transform sets must have distinct sequence
numbers.
"::={ cipsIPsecXformSetEntry 2}cipsXformSetSuite OBJECT-TYPESYNTAX CIPsecSecuritySuite
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the suite of Phase-2 security
protocols of this transform set.
"::={ cipsIPsecXformSetEntry 3}cipsXformSetEncryptionXform OBJECT-TYPE
SYNTAX CIPsecTransform
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the transform used for
ESP encryption.
The only values this object may assume are 'xformNONE',
'xformEspNULL', 'xformEspDES', 'xformEsp3DES',
'xformEspAES128', 'xformEspAES192', 'xformEspAES256',
'xformEspAESCtr128', 'xformEspAESCtr192', 'xformEspAESCtr256'
and 'xformEspAESXCbcMac'.
If the value of the corresponding instance of
cipsXformSetSuite is 'suiteIntegAh', 'suiteIntegAhComp'
or 'suiteOther', this object must be set to 'xformNONE'.
For any other value of the corresponding instance of
cipsXformSetSuite, this object must not be set to
'xformNONE'.
"DEFVAL{ xformNONE }::={ cipsIPsecXformSetEntry 4}cipsXformSetIntegrityXformEsp OBJECT-TYPESYNTAX CIPsecTransform
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the transform used to
implement integrity check with ESP protocol.
If the value of the corresponding instance of
cipsXformSetSuite is 'suiteIntegAh', 'suiteIntegAhComp'
or 'suiteOther', this object must be set to 'xformNONE'.
For any other value of the corresponding instance of
cipsXformSetSuite, this object must not be set to
'xformNONE'.
"DEFVAL{ xformNONE }::={ cipsIPsecXformSetEntry 5}cipsXformSetIntegrityXformAh OBJECT-TYPESYNTAX CIPsecTransform
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the transform used to
implement integrity check with AH protocol.
If the value of the corresponding instance of
cipsXformSetSuite is neither 'suiteIntegAh' nor
'suiteIntegAhComp', this object must be set
to 'xformNONE'. For any other value of the corresponding
instance of cipsXformSetSuite, this object must not be
set to 'xformNONE'.
"DEFVAL{ xformNONE }::={ cipsIPsecXformSetEntry 6}cipsXformSetCompressionXform OBJECT-TYPESYNTAX CIPsecTransform
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the transform used to
implement packet compression.
If the value of the corresponding instance of
cipsXformSetSuite is 'suiteConf', 'suiteIntegEsp',
'suiteIntegAh', 'suiteConfAh', 'suiteIntegEspAhS',
'suiteConfIntegEsp', 'suiteConfIntegEspAh' or
'suiteOther', this object must be set to 'xformNONE'.
For any other value of the corresponding instance of
cipsXformSetSuite, this object must not be set to
'xformNONE'.
"DEFVAL{ xformNONE }::={ cipsIPsecXformSetEntry 7}cipsXformSetMode OBJECT-TYPESYNTAX CIPsecEncapMode
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the encapsulation mode of the
transform set.
"DEFVAL{ encapTunnel }::={ cipsIPsecXformSetEntry 8}cipsXformSetStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrent
DESCRIPTION"This object represents the status of the
transform set entry.
"::={ cipsIPsecXformSetEntry 9}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Cryptomap Group
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipsNumStaticCryptomapSets OBJECT-TYPESYNTAX CIPsecNumCryptoMaps
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object reflects the number of static cryptomap
sets that are fully configured. Statically defined
cryptomap sets are ones where the operator has fully
specified all the parameters required to set up IPsec
connections.
"::={ cipsCryptoMapGeneral 1}cipsNumDynamicCryptomapSets OBJECT-TYPESYNTAX CIPsecNumCryptoMaps
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object reflects the number of dynamic IPsec
policy templates (called dynamic cryptomap
templates) that are fully configured.
"::={ cipsCryptoMapGeneral 2}cipsNumTEDCryptomapSets OBJECT-TYPESYNTAX CIPsecNumCryptoMaps
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object reflects the number of static cryptomap
sets that have at least one dynamic cryptomap template
which has the Tunnel Endpoint Discovery (TED) enabled.
"::={ cipsCryptoMapGeneral 3}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Cisco IPsec Static Cryptomaps
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipsStaticCryptomapSetTable OBJECT-TYPESYNTAXSEQUENCEOF CipsStaticCryptomapSetEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This read-only table contains the list of all
cryptomap sets that are fully configured.
The operator may include different types of
cryptomaps in such a set - manual, ISAKMP or
dynamic.
An entry is added to (removed from) this table
automatically by the agent when the first (last)
'active' entry with the corresponding
cipsStaticCryptomapSetName is added to
(removed from) cipsStaticCryptomapTable.
"::={ cipsCryptoMaps 1}cipsStaticCryptomapSetEntry OBJECT-TYPESYNTAX CipsStaticCryptomapSetEntry
MAX-ACCESSnot-accessible
STATUScurrentDESCRIPTION"Each entry contains the attributes
associated with a single static cryptomap set.
"INDEX{ cipsStaticCryptomapSetName }::={ cipsStaticCryptomapSetTable 1}
CipsStaticCryptomapSetEntry ::=SEQUENCE{
cipsStaticCryptomapSetSize Unsigned32,
cipsStaticCryptomapSetNumIsakmp Unsigned32,
cipsStaticCryptomapSetNumManual Unsigned32,
cipsStaticCryptomapSetNumDynamic Unsigned32,
cipsStaticCryptomapSetNumTED Unsigned32,
cipsStaticCryptomapSetNumSAs Unsigned32}cipsStaticCryptomapSetSize OBJECT-TYPESYNTAXUnsigned32
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object reflects the total number of cryptomap
templates contained in this cryptomap set.
"::={ cipsStaticCryptomapSetEntry 1}cipsStaticCryptomapSetNumIsakmp OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object reflects the number of cryptomaps
associated with this cryptomap set that use ISAKMP
protocol to do key exchange.
"::={ cipsStaticCryptomapSetEntry 2}cipsStaticCryptomapSetNumManual OBJECT-TYPESYNTAXUnsigned32
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object reflects the number of cryptomaps
associated with this cryptomap set that require the
operator to manually setup the keys and SPIs.
"::={ cipsStaticCryptomapSetEntry 3}cipsStaticCryptomapSetNumDynamic OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object reflects the number of dynamic
cryptomap templates linked to this cryptomap set.
"::={ cipsStaticCryptomapSetEntry 4}cipsStaticCryptomapSetNumTED OBJECT-TYPE
SYNTAXUnsigned32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object reflects the number of dynamic
cryptomap templates linked to this cryptomap set
that have Tunnel Endpoint Discovery (TED) enabled.
"::={ cipsStaticCryptomapSetEntry 5}cipsStaticCryptomapSetNumSAs OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object reflects the number of IPsec Security
Associations that are active and were setup using this
cryptomap set.
"::={ cipsStaticCryptomapSetEntry 6}--
-- Cisco IPSec Static Cryptomap Table
--cipsStaticCryptomapTable OBJECT-TYPESYNTAXSEQUENCEOF CipsStaticCryptomapEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The table listing the member cryptomaps
of the cryptomap sets that are configured
on the managed entity.
This table does not include the members
of dynamic cryptomap sets that may be
linked with the parent static cryptomap set.
Deletion of a cipsStaticCryptomapEntry will
fail if the cipsStaticCryptomapSetName this
cipsStaticCryptomapEntry belongs to is referred
by a cipsCryptomapSetIfEntry.
"::={ cipsCryptoMaps 3}cipsStaticCryptomapEntry OBJECT-TYPESYNTAX CipsStaticCryptomapEntry
MAX-ACCESSnot-accessibleSTATUScurrent
DESCRIPTION"Each entry contains the attributes associated with a
single static (fully specified) cryptomap entry,
identified by its priority.
"INDEX{ cipsStaticCryptomapSetName,
cipsStaticCryptomapPriority }::={ cipsStaticCryptomapTable 1}
CipsStaticCryptomapEntry ::=SEQUENCE{
cipsStaticCryptomapSetName SnmpAdminString,
cipsStaticCryptomapPriority Unsigned32,
cipsStaticCryptomapType CIPsecCryptomapType,
cipsStaticCryptomapDescr SnmpAdminString,
cipsStaticCryptomapIpFilter OCTETSTRING,
cipsStaticCryptomapXformSetList OCTETSTRING,
cipsStaticCryptomapNumPeers Unsigned32,
cipsStaticCryotomapNextPIndex Unsigned32,
cipsStaticCryptomapCurPAddrType InetAddressType,
cipsStaticCryptomapCurPAddr InetAddress,
cipsStaticCryptomapPfs CIPsecDiffHellmanGrp,
cipsStaticCryptomapLifetime CIPsecLifetime,
cipsStaticCryptomapLifesize CIPsecLifesize,
cipsStaticCryptomapLevelHost TruthValue,
cipsStaticCryptomapIdleTimeout CIPsecTunnelIdleTime,
cipsStaticCryptomapAutoPeer TruthValue,
cipsStaticCryptomapStatus RowStatus}cipsStaticCryptomapSetName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..80))MAX-ACCESSnot-accessible
STATUScurrentDESCRIPTION"The index of the static cryptomap table. The value
of the string is the name string assigned by the
NMS when defining a cryptomap set.
"::={ cipsStaticCryptomapEntry 1}cipsStaticCryptomapPriority OBJECT-TYPESYNTAXUnsigned32(1..65535)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The priority of the cryptomap entry in the
cryptomap set. A cryptomap entry with smaller
cipsStaticCryptomapPriority value takes
precedence over the ones with larger values.
"::={ cipsStaticCryptomapEntry 2}
cipsStaticCryptomapType OBJECT-TYPESYNTAX CIPsecCryptomapType
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The type of the cryptomap entry. This can be an ISAKMP
cryptomap or manual. Dynamic cryptomaps are not
counted in this table.
"::={ cipsStaticCryptomapEntry 3}cipsStaticCryptomapDescr OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..127))MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The description string created by the SNMP agent
while creating this cryptomap. The string generally
identifies a description and the purpose of this
policy.
"::={ cipsStaticCryptomapEntry 4}cipsStaticCryptomapIpFilter OBJECT-TYPESYNTAXOCTETSTRING(SIZE(0..64))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object specifies an IP protocol filter,
cippfIpProfileName
(defined in CISCO-IP-PROTOCOL-FILTER-MIB),
to be secured using this cryptomap entry.
When this object has a value of zero-length
string, this object is not valid/applicable.
"::={ cipsStaticCryptomapEntry 5}cipsStaticCryptomapXformSetList OBJECT-TYPE
SYNTAXOCTETSTRING(SIZE(0..255))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The list of cipsXformSetId that are members
of this CipsStaticCryptomapEntry.
The value of this object is a concatenation of zero or
more 4-octet strings, where each 4-octet string contains
a 32-bit cipsXformSetId value in network byte order.
A zero length string value means this list has no
members.
"::={ cipsStaticCryptomapEntry 6}cipsStaticCryptomapNumPeers OBJECT-TYPESYNTAXUnsigned32(0..50)MAX-ACCESSread-only
STATUScurrentDESCRIPTION"This object reflects the number of peers associated
with this cryptomap entry. The other peers listed in
table cipsIPsecCryMapPeerTable are backup peers.
"::={ cipsStaticCryptomapEntry 7}cipsStaticCryotomapNextPIndex OBJECT-TYPESYNTAXUnsigned32(1..50)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object specifies the next available index for object
cipsCryMapPeerIndex which can be used for
creating an entry in cipsIPsecCryMapPeerTable.
"::={ cipsStaticCryptomapEntry 8}
cipsStaticCryptomapCurPAddrType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object represents the address type of
cipsStaticCryptomapCurPAddr to which this cryptomap
entry is currently connected.
"::={ cipsStaticCryptomapEntry 9}cipsStaticCryptomapCurPAddr OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the peer to which this cryptomap
entry is currently connected.
The value of cipsStaticCryptomapCurPAddrType is
'unknown' and this MIB object is a zero-length
string when no tunnels are presently spawned by this
cryptomap entry or when cipsStaticCryptomapAutoPeer is
equal to 'true'.
"::={ cipsStaticCryptomapEntry 10}cipsStaticCryptomapPfs OBJECT-TYPESYNTAX CIPsecDiffHellmanGrp
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object identifies if the tunnels instantiated
due to this policy item should use Perfect Forward
Secrecy (PFS) and if so, what group of Oakley
they should use.
"::={ cipsStaticCryptomapEntry 11}cipsStaticCryptomapLifetime OBJECT-TYPESYNTAX CIPsecLifetime
UNITS"seconds"MAX-ACCESSread-createSTATUScurrent
DESCRIPTION"This object specifies the lifetime of the IPsec
Security Associations (SA) created using this IPsec
policy entry.
The default value of this object is the current value
of the object cipsTunnelLifetime. When a value 0
is specified in cipsStaticCryptomapLifetime,
the default value is used as the lifetime.
"::={ cipsStaticCryptomapEntry 12}cipsStaticCryptomapLifesize OBJECT-TYPESYNTAX CIPsecLifesize
UNITS"KBytes"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object identifies the lifesize (maximum traffic
in bytes that may be carried) of the IPSec SAs
created using this IPSec policy entry.
When a Security Association (SA) is created using
this IPsec policy entry, its lifesize takes the value
of this object.
The default value of this object is the current value
of the object cipsTunnelLifesize. When a value 0
is specified in cipsStaticCryptomapLifesize,
the default value is used as the lifesize.
"::={ cipsStaticCryptomapEntry 13}cipsStaticCryptomapLevelHost OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object specifies the granularity of the
IPSec SAs created using this IPSec policy entry.
If this value is 'true', distinct SA bundles are
created for distinct hosts at the end of
the application traffic.
"DEFVAL{ false }::={ cipsStaticCryptomapEntry 14}cipsStaticCryptomapIdleTimeout OBJECT-TYPE
SYNTAX CIPsecTunnelIdleTime
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object specifies the idle time (lack of traffic)
in seconds of a tunnel spawned by this cryptomap after
which the tunnel will be torn down.
The default value of this object is the current value
of cipsTunnelIdleTimeout.
"::={ cipsStaticCryptomapEntry 15}cipsStaticCryptomapAutoPeer OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-createSTATUScurrentDESCRIPTION"If 'true' the destination address is taken as the
peer address, while creating the tunnel.
If 'false' the value shown by the object
cipsStaticCryptomapCurPAddr is being used as
the peer address.
"DEFVAL{ false }::={ cipsStaticCryptomapEntry 16}cipsStaticCryptomapStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object identifies the status of the cryptomap
entry represented by this conceptual row.
"::={ cipsStaticCryptomapEntry 17}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Cryptomap Peer binding table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipsIPsecCryMapPeerTable OBJECT-TYPESYNTAXSEQUENCEOF CipsIPsecCryMapPeerEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The table containing the binding of peers to
cryptomap entries.
An entry is removed from this table
automatically by the agent when the last
'active' entry with the corresponding
cipsStaticCryptomapSetName is removed from
cipsStaticCryptomapTable.
"::={ cipsCryptoMaps 4}cipsIPsecCryMapPeerEntry OBJECT-TYPESYNTAX CipsIPsecCryMapPeerEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry represents the binding of
an IPsec peer address to the specified
cryptomap.
"INDEX{
cipsStaticCryptomapSetName,
cipsStaticCryptomapPriority,
cipsCryMapPeerIndex
}::={ cipsIPsecCryMapPeerTable 1}
CipsIPsecCryMapPeerEntry ::=SEQUENCE{
cipsCryMapPeerIndex Unsigned32,
cipsCryMapPeerAddrType InetAddressType,
cipsCryMapPeerAddr InetAddress,
cipsCryMapPeerOrder Unsigned32,
cipsCryMapPeerStatus RowStatus}cipsCryMapPeerIndex OBJECT-TYPESYNTAXUnsigned32MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This arbitrary number represents the index number
in the cryptomap entry of the peer corresponding
to this conceptual row.
This object could have the same value as
cipsStaticCryotomapNextPIndex.
"::={ cipsIPsecCryMapPeerEntry 1}cipsCryMapPeerAddrType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the address type of
cipsCryMapPeerAddr.
This object cannot be modified while the corresponding
value of cipsCryMapPeerStatus is equal to
'active'.
"::={ cipsIPsecCryMapPeerEntry 2}cipsCryMapPeerAddr OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object represents the address of the peer
corresponding to this conceptual row.
This object cannot be modified while the corresponding
value of cipsCryMapPeerStatus is equal to
'active'.
"::={ cipsIPsecCryMapPeerEntry 3}cipsCryMapPeerOrder OBJECT-TYPESYNTAXUnsigned32(1..50)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object represents the order in the cryptomap
entry of the peer corresponding to this
conceptual row.
The peer with the lowest order number is applied
first, that is cipsCryMapPeerOrder '1'.
"::={ cipsIPsecCryMapPeerEntry 4}cipsCryMapPeerStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-create
STATUScurrentDESCRIPTION"This object specifies the status column used for
creating and deleting instances of the columnar
objects in the table.
"::={ cipsIPsecCryMapPeerEntry 5}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Cisco IPsec Cryptomap Set IF Binding Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipsCryptomapSetIfTable OBJECT-TYPESYNTAXSEQUENCEOF CipsCryptomapSetIfEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The table lists the binding of cryptomap sets
to the interfaces of the managed entity.
One interface can be bound to only one cryptomap set
while one cryptomap set can be bound to multiple
interfaces.
Any interface (with any ifType) which supports
IPsec can be used in this table.
"::={ cipsCryptoMaps 5}cipsCryptomapSetIfEntry OBJECT-TYPESYNTAX CipsCryptomapSetIfEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry lists the association between an interface
and a cryptomap set (static) that is defined
on the managed entity.
"INDEX{ cipsStaticCryptomapSetName, ifIndex }::={ cipsCryptomapSetIfTable 1}
CipsCryptomapSetIfEntry ::=SEQUENCE{
cipsCryptomapSetIfStatus RowStatus}cipsCryptomapSetIfStatus OBJECT-TYPESYNTAXRowStatus
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"This object identifies the status of the binding
of the specified cryptomap set with the specified
interface.
Detaching a cryptomap from an interface:
----------------------------------------
When set to 'destroy', if a cryptomap set is
attached to the interface corresponding to
ifIndex, the cryptomap set is detached from
the interface.
Attaching a cryptomap to an interface:
----------------------------------------
If the value 'createAndGo' is set:
a row in this table can be created only if it identifies
a cryptomap which is represented by an entry in
cipsStaticCryptomapSetTable.
"::={ cipsCryptomapSetIfEntry 1}cipsIfCryptomapSetInfoTable OBJECT-TYPESYNTAXSEQUENCEOF CipsIfCryptomapSetInfoEntry
MAX-ACCESSnot-accessible
STATUScurrentDESCRIPTION"The table lists the binding information of a
interface to a cryptomap sets on the managed entity.
One interface can be bound to only one cryptomap set
while one cryptomap set can be bound to multiple
interfaces.
An entry is added to cipsIfCryptomapSetInfoTable when
a static cryptomap set is successfully assigned to an
interface (of any ifType) in cipsCryptomapSetIfTable.
An entry is deleted from cipsIfCryptomapSetInfoTable
when its assignment is removed
from cipsIfCryptomapSetInfoTable.
"::={ cipsCryptoMaps 6}cipsIfCryptomapSetInfoEntry OBJECT-TYPESYNTAX CipsIfCryptomapSetInfoEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry lists the binding between an interface
and a cryptomap set (static) that is defined
on the managed entity.
"INDEX{ ifIndex }::={ cipsIfCryptomapSetInfoTable 1}
CipsIfCryptomapSetInfoEntry ::=SEQUENCE{
cipsIfStaticCryptomapSetName SnmpAdminString}cipsIfStaticCryptomapSetName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..80))MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The name of a static cryptomap set which is bound
to this interface. The value of the string is one of
the entries in cipsStaticCryptomapSetTable indexed by
cipsStaticCryptomapSetName.
"::={ cipsIfCryptomapSetInfoEntry 1}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec TRAP Control Group
-- This group of objects controls the emission of traps
-- corresponding to changes in IPsec configuration.
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipsCntlAllNotifs OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object must be set to 'true' to enable any
notification in addition to the notification-specific
control variables defined below.
A notification <foo> defined in this module is
enabled if and only if the expression
(cipsCntlAllNotifs && cipsCntl<foo>)
evaluates to 'true'.
"DEFVAL{ true }::={ cipsNotificationCntl 1}
cipsCntlCryptomapAdded OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This variable controls the generation of
ciscoIPsecProvCryptomapAdded notification.
When this variable is set to 'true', a notification
is generated when a static cryptomap is created
in cipsStaticCryptomapTable.
When this variable is set to 'false',
generation of this notification is disabled.
"DEFVAL{ true }::={ cipsNotificationCntl 2}cipsCntlCryptomapDeleted OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION
"This variable controls the generation of
ciscoIPsecProvCryptomapDeleted notification.
When this variable is set to 'true', a notification
is generated when a static cryptomap is deleted from
cipsStaticCryptomapTable.
When this variable is set to 'false',
generation of this notification is disabled.
"DEFVAL{ true }::={ cipsNotificationCntl 3}cipsCntlCryptomapSetAttached OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This variable controls the generation of
ciscoIPsecProvCryptomapAttached notification.
When this variable is set to 'true', a notification
is generated when a cryptomap set is attached to an
active interface.
When this variable is set to 'false', generation of
this notification is disabled.
"DEFVAL{ true }::={ cipsNotificationCntl 4}cipsCntlCryptomapSetDetached OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This variable controls the generation of
ciscoIPsecProvCryptomapDetached notification.
When this variable is set to 'true', a notification
is generated when a cryptomap set is detached from
an active interface.
When this variable is set to 'false', generation of
this notification is disabled.
"DEFVAL{ true }::={ cipsNotificationCntl 5}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Cisco-specific IPsec Notifications
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ciscoIPsecProvCryptomapAdded NOTIFICATION-TYPEOBJECTS{
cipsStaticCryptomapType,
cipsStaticCryptomapSetSize
}STATUScurrentDESCRIPTION"This notification is generated when a new cryptomap
is added to the specified cryptomap set. Object
'cipsStaticCryptomapSetSize' contains the number of
cryptomap entries after the addition.
"::={ ciscoIPsecProvisioningMIBNotifs 1}ciscoIPsecProvCryptomapDeleted NOTIFICATION-TYPEOBJECTS{
cipsStaticCryptomapSetSize
}STATUScurrentDESCRIPTION"This notification is generated when a cryptomap is
removed from the specified cryptomap set. Object
'cipsStaticCryptomapSetSize' contains the number of
cryptomap entries after the deletion.
"::={ ciscoIPsecProvisioningMIBNotifs 2}ciscoIPsecProvCryptomapAttached NOTIFICATION-TYPEOBJECTS{
cipsStaticCryptomapSetSize,
cipsStaticCryptomapSetNumIsakmp,
cipsStaticCryptomapSetNumDynamic
}STATUScurrentDESCRIPTION"A cryptomap set must be attached to an interface
of the device in order for it to be operational.
This trap is generated when the cryptomap set
attached to an active interface of
the managed entity.
The contents of the notification includes:
Size of the attached cryptomap set,
Number of ISAKMP cryptomaps in the set and
Number of Dynamic cryptomaps in the set.
"::={ ciscoIPsecProvisioningMIBNotifs 3}
ciscoIPsecProvCryptomapDetached NOTIFICATION-TYPEOBJECTS{
cipsStaticCryptomapSetSize
}STATUScurrentDESCRIPTION"This trap is generated when a cryptomap set is
detached from an interafce to which it was bound
earlier. The context of the event identifies the
size of the cryptomap set.
"::={ ciscoIPsecProvisioningMIBNotifs 4}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Conformance Information
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ciscoIPsecProvMIBCompliances OBJECTIDENTIFIER::={ ciscoIPsecProvisioningMIBConform 1}ciscoIPsecProvMIBGroups OBJECTIDENTIFIER::={ ciscoIPsecProvisioningMIBConform 2}
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Compliance Statements
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ciscoIPsecProvMIBCompliance MODULE-COMPLIANCESTATUSdeprecated-- superceeded by-- ciscoIPsecProvMIBComplianceRev1DESCRIPTION"The compliance statement for entities which
implement the Cisco IPsec Provisioning MIB.
"MODULE-- this moduleMANDATORY-GROUPS{
ciscoIPsecProvGlobalsGroup,
ciscoIPsecProvXformsGroup,
ciscoIPsecProvStCryptomapGroup,
ciscoIPsecCryptomapPeerGroup,
ciscoIPsecProvNotifCntlGroup
}GROUP ciscoIPsecProvDynCryptomapGroup
DESCRIPTION"This group must be implemented if the
IKE implementation on the managed entity
implements dynamic cryptomaps.
"GROUP ciscoIPsecProvTedCryptomapGroup
DESCRIPTION"This group must be implemented if the
IKE implementation on the managed entity
implements tunnel endpoint discovery.
"GROUP ciscoIPsecProvNotifGroup
DESCRIPTION"This group is optional.
"OBJECT cipsTunnelLifetime
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsTunnelLifesize
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsTunnelIdleTimeout
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsCntlAllNotifs
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsCntlCryptomapAdded
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsCntlCryptomapDeleted
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsCntlCryptomapSetAttached
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsCntlCryptomapSetDetached
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsXformSetMode
MIN-ACCESSread-only
DESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapIpFilter
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapXformSetList
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapPfs
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapLifetime
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapLifesize
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapLevelHost
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapIdleTimeout
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapAutoPeer
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsXformSetStatus
SYNTAXINTEGER{
active(1),
createAndGo(4),
destroy(6)}MIN-ACCESSread-only
DESCRIPTION"Write access is not required.
If write access is implemented, only three values
'createAndGo', 'destroy' and 'active' out of the
six enumerated values need to be supported.
"OBJECT cipsStaticCryptomapStatus
SYNTAXINTEGER{
active(1),
createAndGo(4),
destroy(6)}MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
If write access is implemented, only three values
'createAndGo', 'destroy' and 'active' out of the
six enumerated values need to be supported.
"OBJECT cipsCryMapPeerStatus
SYNTAXINTEGER{
active(1),
createAndGo(4),
destroy(6)}MIN-ACCESSread-onlyDESCRIPTION"Only three values 'createAndGo', 'destroy' and
'active' out of the six enumerated values need to
be supported.
Write access is not required.
"OBJECT cipsCryptomapSetIfStatus
SYNTAXINTEGER{
active(1),
createAndGo(4),
destroy(6)}MIN-ACCESSread-onlyDESCRIPTION"Only three values 'createAndGo', 'destroy' and
'active' out of the six enumerated values need to
be supported.
Write access is not required.
"::={ ciscoIPsecProvMIBCompliances 1}ciscoIPsecProvMIBComplianceRev1 MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for entities which
implement the Cisco IPsec Provisioning MIB.
"MODULE-- this moduleMANDATORY-GROUPS{
ciscoIPsecProvGlobalsGroup,
ciscoIPsecProvXformsGroup,
ciscoIPsecProvStCryptomapGroup,
ciscoIPsecCryptomapPeerGroup,
ciscoIPsecProvNotifCntlGroup,
ciscoIPsecProvInfoGroup
}GROUP ciscoIPsecProvDynCryptomapGroup
DESCRIPTION"This group must be implemented if the
IKE implementation on the managed entity
implements dynamic cryptomaps.
"GROUP ciscoIPsecProvTedCryptomapGroup
DESCRIPTION"This group must be implemented if the
IKE implementation on the managed entity
implements tunnel endpoint discovery.
"GROUP ciscoIPsecProvNotifGroup
DESCRIPTION"This group is optional.
"OBJECT cipsTunnelLifetime
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsTunnelLifesize
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsTunnelIdleTimeout
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsCntlAllNotifs
MIN-ACCESSread-only
DESCRIPTION"Write access is not required.
"OBJECT cipsCntlCryptomapAdded
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsCntlCryptomapDeleted
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsCntlCryptomapSetAttached
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsCntlCryptomapSetDetached
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsXformSetMode
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapIpFilter
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapXformSetList
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapPfs
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapLifetime
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapLifesize
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapLevelHost
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapIdleTimeout
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsStaticCryptomapAutoPeer
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
"OBJECT cipsXformSetStatus
SYNTAXINTEGER{
active(1),
createAndGo(4),
destroy(6)}MIN-ACCESSread-onlyDESCRIPTION
"Write access is not required.
If write access is implemented, only three values
'createAndGo', 'destroy' and 'active' out of the
six enumerated values need to be supported.
"OBJECT cipsStaticCryptomapStatus
SYNTAXINTEGER{
active(1),
createAndGo(4),
destroy(6)}MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
If write access is implemented, only three values
'createAndGo', 'destroy' and 'active' out of the
six enumerated values need to be supported.
"OBJECT cipsCryMapPeerStatus
SYNTAXINTEGER{
active(1),
createAndGo(4),
destroy(6)}MIN-ACCESSread-onlyDESCRIPTION"Only three values 'createAndGo', 'destroy' and
'active' out of the six enumerated values need to
be supported.
Write access is not required.
"OBJECT cipsCryptomapSetIfStatus
SYNTAXINTEGER{
active(1),
createAndGo(4),
destroy(6)}MIN-ACCESSread-onlyDESCRIPTION"Only three values 'createAndGo', 'destroy' and
'active' out of the six enumerated values need to
be supported.
Write access is not required.
"::={ ciscoIPsecProvMIBCompliances 2}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Units of Conformance
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ciscoIPsecProvGlobalsGroup OBJECT-GROUPOBJECTS{
cipsTunnelLifetime,
cipsTunnelLifesize,
cipsTunnelIdleTimeout
}STATUScurrentDESCRIPTION"A collection of objects providing Global
IPSec policy monitoring capability to a
IPsec capable VPN router.
"::={ ciscoIPsecProvMIBGroups 1}ciscoIPsecProvXformsGroup OBJECT-GROUPOBJECTS{
cipsXformSetId,
cipsXformSetMode,
cipsXformSetSuite,
cipsXformSetEncryptionXform,
cipsXformSetIntegrityXformEsp,
cipsXformSetIntegrityXformAh,
cipsXformSetCompressionXform,
cipsXformSetStatus
}STATUScurrentDESCRIPTION"A collection of objects modeling IPsec
transform sets and transform set mappings."::={ ciscoIPsecProvMIBGroups 2}ciscoIPsecProvStCryptomapGroup OBJECT-GROUPOBJECTS{
cipsNumStaticCryptomapSets,
cipsStaticCryptomapSetSize,
cipsStaticCryptomapSetNumIsakmp,
cipsStaticCryptomapSetNumManual,
cipsStaticCryptomapSetNumDynamic,
cipsStaticCryptomapSetNumTED,
cipsStaticCryptomapSetNumSAs,--
cipsStaticCryptomapType ,
cipsStaticCryptomapDescr ,
cipsStaticCryptomapIpFilter,
cipsStaticCryptomapXformSetList,
cipsStaticCryptomapNumPeers ,
cipsStaticCryotomapNextPIndex,
cipsStaticCryptomapCurPAddrType,
cipsStaticCryptomapCurPAddr,
cipsStaticCryptomapPfs ,
cipsStaticCryptomapLifetime ,
cipsStaticCryptomapLifesize ,
cipsStaticCryptomapLevelHost ,
cipsStaticCryptomapIdleTimeout ,
cipsStaticCryptomapStatus,
cipsStaticCryptomapAutoPeer,--
cipsCryMapPeerStatus,--
cipsCryptomapSetIfStatus
}STATUScurrentDESCRIPTION"A collection of objects modeling static
crypto configuration of the Static (fully specified)
Cryptomap Sets on the managed entity.
"::={ ciscoIPsecProvMIBGroups 3}ciscoIPsecProvDynCryptomapGroup OBJECT-GROUPOBJECTS{
cipsNumDynamicCryptomapSets
}STATUScurrentDESCRIPTION"A collection of objects modeling the configuration
of IPsec dynamic cryptomap elements.
"::={ ciscoIPsecProvMIBGroups 4}ciscoIPsecProvTedCryptomapGroup OBJECT-GROUPOBJECTS{
cipsNumTEDCryptomapSets
}STATUScurrentDESCRIPTION"A collection of objects instrumenting the
properties of the Cryptomaps using tunnel
endpoint discovery protocol."::={ ciscoIPsecProvMIBGroups 5}
ciscoIPsecCryptomapPeerGroup OBJECT-GROUPOBJECTS{
cipsCryMapPeerAddrType,
cipsCryMapPeerAddr,
cipsCryMapPeerOrder
}STATUScurrentDESCRIPTION"A collection of objects displaying the
binding of an IPsec peer address to the specified
cryptomap.
"::={ ciscoIPsecProvMIBGroups 6}ciscoIPsecProvNotifCntlGroup OBJECT-GROUPOBJECTS{
cipsCntlAllNotifs,
cipsCntlCryptomapAdded,
cipsCntlCryptomapDeleted,
cipsCntlCryptomapSetAttached,
cipsCntlCryptomapSetDetached
}STATUScurrentDESCRIPTION"A collection of objects providing IPsec
Notification capability to a IPsec-capable
router. It is mandatory to implement
this set of objects pertaining to
IOS notifications about IPSec activity.
"::={ ciscoIPsecProvMIBGroups 7}ciscoIPsecProvNotifGroup NOTIFICATION-GROUPNOTIFICATIONS{
ciscoIPsecProvCryptomapDetached,
ciscoIPsecProvCryptomapAttached,
ciscoIPsecProvCryptomapDeleted,
ciscoIPsecProvCryptomapAdded
}STATUScurrentDESCRIPTION"A collection of notification objects signaling
changes to the IPsec configuration on the managed
entity.
"::={ ciscoIPsecProvMIBGroups 8}ciscoIPsecProvInfoGroup OBJECT-GROUPOBJECTS{
cipsIfStaticCryptomapSetName
}STATUScurrentDESCRIPTION"A collection of objects providing current IPsec
configuration information on the managedentity.
"::={ ciscoIPsecProvMIBGroups 9}END