1-- *------------------------------------------------------------------ 2-- * CISCO-IKE-FLOW-EXT-MIB.my: Internet Key Exchange(IKE) MIB 3-- * extension to CISCO-IKE-FLOW-MIB. 4-- * 5-- * March 2004, Srini Kode 6-- * 7-- * Copyright (c) 2004 by cisco Systems, Inc. 8-- * All rights reserved. 9-- * 10-- *------------------------------------------------------------------ 11 12CISCO-IKE-FLOW-EXT-MIB DEFINITIONS ::= BEGIN 13 14IMPORTS 15 MODULE-IDENTITY, 16 OBJECT-TYPE FROM SNMPv2-SMI 17 MODULE-COMPLIANCE, 18 OBJECT-GROUP FROM SNMPv2-CONF 19 SnmpAdminString FROM SNMP-FRAMEWORK-MIB 20 ciscoMgmt FROM CISCO-SMI 21 cisgIpsSgProtocol, 22 cisgIpsSgTunIndex FROM CISCO-IPSEC-SIGNALING-MIB 23 CIKEIsakmpDoi, 24 CIPsecPhase1PeerIdentityType FROM CISCO-IPSEC-TC; 25 26 27ciscoIkeFlowExtMIB MODULE-IDENTITY 28 LAST-UPDATED "200409140000Z" 29 ORGANIZATION "Cisco Systems, Inc." 30 CONTACT-INFO 31 " Cisco Systems 32 Customer Service 33 34 Postal: 170 W Tasman Drive 35 San Jose, CA 95134 36 USA 37 Tel: +1 800 553 -NETS 38 E-mail: cs-san@cisco.com" 39 DESCRIPTION 40 "This MIB module is an extension to 41 CISCO-IKE-FLOW-MIB and contains Cisco Specific 42 extensions for monitoring IKE. 43 44 It is for monitoring the structures and status of 45 IPsec control flows based on Internet Key Exchange 46 protocol. 47 48 Acronyms 49 The following acronyms are used in this document: 50 51 Flow, Tunnel: 52 An ISAKMP SA can be regarded as representing 53 a flow of ISAKMP/IKE traffic. Hence an ISAKMP 54 is referred to as a 'Phase 1 Tunnel' in this 55 document. 56 57 IPsec: 58 Secure IP Protocol. 59 60 ISAKMP: 61 Internet Security Association and Key 62 Management Protocol. 63 64 IKE: 65 Internet Key Exchange Protocol. 66 67 FCSP: 68 Fibre Channel Security Protocol. 69 70 SA: 71 Security Association 72 (ref: rfc2408). 73 74 Phase 2 Tunnel: 75 AN instance of a non-ISAKMP SA bundle in which 76 all the SA share the same proxy identifiers 77 protect the same stream of application traffic. 78 Such an SA bundle is termed a 'Phase 2 Tunnel'. 79 Note that a Phase 2 tunnel may comprise different 80 SA bundles and different number of SA bundles at 81 different times (due to key refresh). " 82 83 REVISION "200409140000Z" 84 DESCRIPTION 85 "Initial version of this MIB module. " 86 ::= { ciscoMgmt 428 } 87 88 89-- Objects, Notifications & Conformances 90 91ciscoIkeFlowExtMIBNotifs OBJECT IDENTIFIER 92 ::= { ciscoIkeFlowExtMIB 0 } 93ciscoIkeFlowExtMIBObjects OBJECT IDENTIFIER 94 ::= { ciscoIkeFlowExtMIB 1 } 95ciscoIkeFlowExtMIBConform OBJECT IDENTIFIER 96 ::= { ciscoIkeFlowExtMIB 2 } 97 98cifeIkeGlobals OBJECT IDENTIFIER 99 ::= { ciscoIkeFlowExtMIBObjects 1 } 100 101 102cifeClearAllTunnels OBJECT-TYPE 103 SYNTAX INTEGER { 104 none(1), 105 clearIPSec(2), 106 clearFCSP(3) 107 } 108 MAX-ACCESS read-write 109 STATUS current 110 DESCRIPTION 111 "Clears all the tunnels of a specific type. 112 'none' is returned on reading this object. 113 'clearIPSec' all the IPSec tunnels are cleared. 114 'clearFCSP' all FCSP tunnels are cleared. " 115 ::= { cifeIkeGlobals 1 } 116 117 118--- 119--- cifeTunnelExtTable 120--- 121 122cifeTunnelExtTable OBJECT-TYPE 123 SYNTAX SEQUENCE OF CifeTunnelExtEntry 124 MAX-ACCESS not-accessible 125 STATUS current 126 DESCRIPTION 127 "The Phase-1 Internet Key Exchange Tunnel Table. 128 There is one entry in this table for each active 129 IKE tunnel. This table is an extension to 130 cifIkeTunnelTable defined in CISCO-IKE-FLOW-MIB. 131 Some information in this table is also present in 132 the cisgIpsSgTunnelTable, but the table is indexed 133 differently so that the rows in this table are 134 grouped/ordered by domain of interpretation (DOI). " 135 ::= { ciscoIkeFlowExtMIBObjects 2 } 136 137cifeTunnelExtEntry OBJECT-TYPE 138 SYNTAX CifeTunnelExtEntry 139 MAX-ACCESS not-accessible 140 STATUS current 141 DESCRIPTION 142 "Each entry contains the attributes associated with 143 an active IKE Tunnel, identified by 144 cisgIpsSgTunIndex, for the IKE protocol, identified 145 by cisgIpsSgProtocol, in this DOI, identified by 146 cifeTunnelExtDoi. " 147 INDEX { cifeTunnelExtDoi, cisgIpsSgProtocol, 148 cisgIpsSgTunIndex } 149 ::= { cifeTunnelExtTable 1} 150 151CifeTunnelExtEntry ::= SEQUENCE { 152 cifeTunnelExtDoi CIKEIsakmpDoi, 153 cifeTunnelExtLocalIdenType CIPsecPhase1PeerIdentityType, 154 cifeTunnelExtLocalIdentity SnmpAdminString, 155 cifeTunnelExtRemoteIdenType CIPsecPhase1PeerIdentityType, 156 cifeTunnelExtRemoteIdentity SnmpAdminString 157 } 158 159cifeTunnelExtDoi OBJECT-TYPE 160 SYNTAX CIKEIsakmpDoi 161 MAX-ACCESS not-accessible 162 STATUS current 163 DESCRIPTION 164 "This identifies the DOI of Phase-2 operations in 165 which this control tunnel operates. This may be 166 used to identify the Phase-2 protocol. " 167 ::= { cifeTunnelExtEntry 1 } 168 169cifeTunnelExtLocalIdenType OBJECT-TYPE 170 SYNTAX CIPsecPhase1PeerIdentityType 171 MAX-ACCESS read-only 172 STATUS current 173 DESCRIPTION 174 "The type of the identity used by the managed entity 175 authenticating itself to the peer in the setup of the 176 IKE tunnel corresponding to this conceptual row. 177 178 This object would have same value as 179 cisgIpsSgTunLocalType from 180 CISCO-IPSEC-SIGNALLING-MIB. " 181 ::= { cifeTunnelExtEntry 2 } 182 183cifeTunnelExtLocalIdentity OBJECT-TYPE 184 SYNTAX SnmpAdminString(SIZE(1..255)) 185 MAX-ACCESS read-only 186 STATUS current 187 DESCRIPTION 188 "The value of the local peer identity. 189 190 This object would have same value as 191 cisgIpsSgTunLocalValue from 192 CISCO-IPSEC-SIGNALLING-MIB. " 193 ::= { cifeTunnelExtEntry 3 } 194 195cifeTunnelExtRemoteIdenType OBJECT-TYPE 196 SYNTAX CIPsecPhase1PeerIdentityType 197 MAX-ACCESS read-only 198 STATUS current 199 DESCRIPTION 200 "The type of the identity used by the peer in 201 authenticating itself to the local entity in the 202 setup of the IKE tunnel corresponding to this 203 conceptual row. 204 205 This object would have same value as 206 cisgIpsSgTunRemoteType from 207 CISCO-IPSEC-SIGNALLING-MIB. " 208 ::= { cifeTunnelExtEntry 4 } 209 210cifeTunnelExtRemoteIdentity OBJECT-TYPE 211 SYNTAX SnmpAdminString(SIZE(1..255)) 212 MAX-ACCESS read-only 213 STATUS current 214 DESCRIPTION 215 "The value of the remote peer identity. 216 217 This object would have same value as 218 cisgIpsSgTunRemoteValue from 219 CISCO-IPSEC-SIGNALLING-MIB. " 220 ::= { cifeTunnelExtEntry 5 } 221 222 223 224-- 225-- Cisco IKE extension Module Compliance 226-- 227 228cifeMIBConformances OBJECT IDENTIFIER 229 ::= { ciscoIkeFlowExtMIBConform 1 } 230 231cifeMIBGroups OBJECT IDENTIFIER 232 ::= { ciscoIkeFlowExtMIBConform 2 } 233 234cifeMIBCompliance MODULE-COMPLIANCE 235 STATUS current 236 DESCRIPTION 237 "The compliance statement for entities which 238 implement the Cisco IKE extension MIB. " 239 MODULE -- this module 240 MANDATORY-GROUPS { 241 cifeGlobalsGroup, 242 cifeTunnelExtGroup 243 } 244 ::= { cifeMIBConformances 1 } 245 246-- 247-- MIB Groups (Units of Conformance) 248-- 249 250cifeGlobalsGroup OBJECT-GROUP 251 OBJECTS { 252 cifeClearAllTunnels 253 } 254 STATUS current 255 DESCRIPTION 256 "A collection of objects providing Global 257 IKE configuration. " 258 ::= { cifeMIBGroups 1 } 259 260cifeTunnelExtGroup OBJECT-GROUP 261 OBJECTS { 262 cifeTunnelExtLocalIdenType, 263 cifeTunnelExtLocalIdentity, 264 cifeTunnelExtRemoteIdenType, 265 cifeTunnelExtRemoteIdentity 266 } 267 STATUS current 268 DESCRIPTION 269 "The collection of objects providing IKE tunnels 270 info. " 271 ::= { cifeMIBGroups 2 } 272 273END 274