1-- *------------------------------------------------------------------ 2-- * CISCO-IPSEC-TC: Cisco IPsec Textual Conventions 3-- * 4-- * Mar 2004, S Ramakrishnan 5-- * 6-- * Copyright (c) 2004 by cisco Systems, Inc. 7-- * All rights reserved. 8-- *------------------------------------------------------------------ 9 10CISCO-IPSEC-TC DEFINITIONS ::= BEGIN 11 12 IMPORTS 13 MODULE-IDENTITY, 14 Unsigned32, 15 Gauge32 FROM SNMPv2-SMI 16 TEXTUAL-CONVENTION FROM SNMPv2-TC 17 ciscoMgmt FROM CISCO-SMI; 18 19 ciscoIPsecTc MODULE-IDENTITY 20 LAST-UPDATED "200407220000Z" 21 ORGANIZATION "Cisco Systems Inc. and Tivoli Systems Inc." 22 CONTACT-INFO 23 " Cisco Systems 24 Customer Service 25 26 Postal: 170 W Tasman Drive 27 San Jose, CA 95134 28 USA 29 30 Tivoli Systems 31 Research Triangle Park, NC 32 33 34 Tel: +1 800 553-NETS 35 E-mail: cs-ipsecmib@external.cisco.com 36 bret_harrison@tivoli.com 37 " 38 39 DESCRIPTION 40 " 41 This MIB module defines the textual conventions 42 used in the IPsec suite of MIBs. This includes 43 Internet DOI numbers defined in RFC 2407, ISAKMP 44 numbers defined in RFC 2408, and IKE numbers 45 defined in RFC 2409. 46 " 47 REVISION "200407220000Z" 48 DESCRIPTION 49 " 50 Initial version of this module. 51 " 52 ::= { ciscoMgmt 422 } 53 54 -- +++++++++++++++++++++++++++++++++++++++++++++++++++ 55 -- Definition of Textual Conventions for IPsec MIBs 56 -- +++++++++++++++++++++++++++++++++++++++++++++++++++ 57 CCryptoMD5Hash ::= TEXTUAL-CONVENTION 58 STATUS current 59 DESCRIPTION 60 "This type denotes a 128-bit MD5 output string 61 of an input string" 62 SYNTAX OCTET STRING(SIZE(16)) 63 64 CIKEIsakmpDoi ::= TEXTUAL-CONVENTION 65 STATUS current 66 DESCRIPTION 67 "The Domain of Interpretation of the IKE 68 implementation. This type is used to implement 69 distinctions between the configuration of the 70 IKE implementation for distinct Phase 2 protocols 71 that use IKE. 72 73 Description of enum constants of this type: 74 isakmpDoiIPsec: 75 Denotes that IPsec protocol is used in Phase-2 76 77 isakmpDoiFcsp: 78 Denotes that FC-SP protocol is used in Phase-2 79 80 isakmpDoiCps: 81 Denotes that Cps protocol is used in Phase-2 82 83 isakmpDoiFcCtAuth: 84 Denotes that Fc-Ct-Auth protocol is used in 85 Phase-2 86 " 87 88 SYNTAX INTEGER { 89 isakmpDoiUnknown(1), 90 isakmpDoiOther(2), 91 isakmpDoiIPsec(3), 92 isakmpDoiFcsp(4), 93 isakmpDoiCps(5), 94 isakmpDoiFcCtAuth(6) 95 } 96 97 CIKELifetime ::= TEXTUAL-CONVENTION 98 STATUS current 99 DESCRIPTION 100 " 101 This type corresponds to the lifetime of 102 ISAKMP security associations. 103 104 The unit of information is seconds. 105 " 106 SYNTAX Unsigned32(60..86400) 107 108 CIKELifesize ::= TEXTUAL-CONVENTION 109 STATUS current 110 DESCRIPTION 111 " 112 This type corresponds to the lifesize of 113 a ISAKMP security association in the number 114 of kilobytes of data that has been processed 115 by the security association. 116 117 The unit of information is kilobytes. 118 " 119 SYNTAX Unsigned32(2560..4294967295) 120 121 122 CIPsecEncryptionKeySize ::= TEXTUAL-CONVENTION 123 STATUS current 124 DESCRIPTION 125 " 126 This type is used by objects that denote the 127 size in bits of key of an encryption transform. 128 129 The value of 0 has been allowed to provide for 130 'NULL' encryption transforms. 131 " 132 SYNTAX Unsigned32 (0..65535) 133 134 135 CIPsecControlProtocol ::= TEXTUAL-CONVENTION 136 STATUS current 137 DESCRIPTION 138 " 139 The protocol used for keying and control in 140 IPsec connections. The value of 'cpManual' 141 indicates manual administration of IPsec tunnels. 142 This enumeration will be expanded as new keying 143 protocols are standardized. 144 145 The value 'cpAll' does not denote a specific 146 keying protocol; it has been defined only as a 147 convenience to facilitate aggregation of metrics 148 across all control protocols. 149 150 Description of enum constants of this type: 151 cpManual: 152 Denotes manual keying (i.e., no signaling). 153 154 cpIkev1: 155 Denotes keying signaling using IKEv1 protocol. 156 157 cpIkev2: 158 Denotes keying signaling using IKEv2 protocol. 159 160 cpKink: 161 Denotes keying signaling using KINK. 162 163 cpPhoturis: 164 Denotes keying signaling using Photuris. 165 " 166 167 SYNTAX INTEGER { 168 cpUnknown(1), 169 cpAll(2), 170 cpOther(3), 171 cpManual(4), 172 cpIkev1(5), 173 cpIkev2(6), 174 cpKink(7), 175 cpPhoturis(8) 176 } 177 178 CIPsecProtocol ::= TEXTUAL-CONVENTION 179 STATUS current 180 DESCRIPTION 181 " 182 A protocol used for encapsulating the Phase-2 183 tunneled traffic. The enumerations correspond 184 to Authentication Header, Encapsulating Security 185 Payload and IP compression protocols. 186 187 The enum constants used in this denote the standard 188 IPsec protocols, viz., Authentication Header (AH), 189 ESP and IP compression. 190 191 Description of enum constants of this type: 192 ipsecProtAh: 193 Denotes IPsec Authentication Header (AH) 194 protocol. 195 196 ipsecProtEsp: 197 Denotes IPsec Encapsulating Security 198 Payload (ESP) protocol. 199 200 ipsecProtIPcomp: 201 Denotes IPsec Packet Compression 202 protocol. 203 204 " 205 REFERENCE 206 "rfc2402, rfc2406 and rfc2409" 207 208 SYNTAX INTEGER { 209 ipsecProtUnknown(1), 210 ipsecProtAh(2), 211 ipsecProtEsp(3), 212 ipsecProtIPcomp(4) 213 } 214 215 CIPsecPhase1PeerIdentityType ::= TEXTUAL-CONVENTION 216 STATUS current 217 DESCRIPTION 218 " 219 The type of IPsec Phase-1 peer identity. 220 The peer may be identified by one of the ID 221 types defined in IPSEC DOI. 222 223 224 Description of enum constants of this type: 225 idIpv4Addr: 226 IPv4 address 227 228 idFqdn: 229 Fully QUalified Domain Name 230 231 idDn: 232 Represents the binary DER encoding of 233 the identity. 234 235 idIpv6Addr: 236 IPv6 address 237 238 idUserFqdn: 239 User FQDN (such as an email address). 240 241 idIpv4AddrSubnet: 242 IPv4 subnet specification (comprising 243 a subnet identifier and a subnet mask). 244 245 idIpv6AddrSubnet: 246 IPv6 subnet specification (comprising 247 a subnet identifier and a subnet mask). 248 249 idIpv4AddrRange: 250 A range of IPv4 addresses (comprising 251 a starting address and an ending address) 252 253 idIpv6AddrRange: 254 A range of IPv6 addresses (comprising 255 a starting address and an ending address) 256 257 idDerAsn1Gn: 258 The ASN.1 encoded general number. 259 260 idKeyId: 261 This is the symbolic name (key identifier). 262 263 idWwn: 264 World Wide Number or the encoding of 265 the layer-2 address used by MDS switches. 266 " 267 REFERENCE 268 "rfc2408 and rfc2409" 269 270 SYNTAX INTEGER { 271 idOther(1), 272 idIpv4Addr(2), 273 idFqdn(3), 274 idDn(4), 275 idIpv6Addr(5), 276 idUserFqdn(6), 277 idIpv4AddrSubnet(7), 278 idIpv6AddrSubnet(8), 279 idIpv4AddrRange(9), 280 idIpv6AddrRange(10), 281 idDerAsn1Gn(11), 282 idKeyId(12), 283 idWwn(13) 284 } 285 286 CIPsecIkeNegoMode ::= TEXTUAL-CONVENTION 287 STATUS current 288 DESCRIPTION 289 " 290 The negotiation mode used by IKE 291 protocol in Phase-1. 292 293 The type enumerates constants to denote the 294 two distinct modes of operation of ISAKMP-based 295 IPsec signaling in Phase-2, viz., Main Mode 296 (mainMode) and Aggressive Mode (aggressiveMode). 297 " 298 REFERENCE 299 "rfc2408 and rfc2409" 300 301 SYNTAX INTEGER { 302 mainMode(1), 303 aggressiveMode(2) 304 } 305 306 CIPsecIkeHashAlgorithm ::= TEXTUAL-CONVENTION 307 STATUS current 308 DESCRIPTION 309 " 310 The hash algorithm used in IPsec Phase-1 311 IKE negotiations. 312 313 Description of enum constants of this type: 314 md5: 315 Hash payload using MD5 algorithm. 316 317 sha: 318 Hash payload using 96-bit SHA-1 algorithm 319 as defined in FIPS 180-1. 320 321 tiger: 322 Hash payload using Tiger hash algorithm. 323 324 sha256: 325 Hash payload using 256-bit key SHA-1 algorithm. 326 327 sha384: 328 Hash payload using 384-bit key SHA-1 algorithm. 329 330 sha512: 331 Hash payload using 512-bit key SHA-1 algorithm. 332 333 aesMac 334 Hash payload using AES-XCBC-MAC-96 algorithm. 335 " 336 REFERENCE 337 "rfc2408 and rfc2409" 338 339 SYNTAX INTEGER { 340 none(1), 341 other(2), 342 md5(3), 343 sha(4), 344 tiger(5), 345 sha256(6), 346 sha384(7), 347 sha512(8), 348 aesMac(9) 349 } 350 351 CIPsecIkeAuthMethod ::= TEXTUAL-CONVENTION 352 STATUS current 353 DESCRIPTION 354 " 355 The authentication method used in IPsec 356 Phase-1 IKE negotiations. 357 358 Description of enum constants of this type: 359 preSharedKey: 360 Peer authentication using pre-shared keys. 361 362 rsaSignature: 363 Peer authentication using digital signatures. 364 365 rsaEncryption: 366 Peer authentication using encrypted nonces. 367 368 revRsaEncryption: 369 Peer authentication using revised RSA encryption. 370 371 dssSignature: 372 Peer authentication using DSS signatures. 373 374 elGamalEncryption: 375 Peer authentication using El Gamal. 376 377 revElGamalEncryption: 378 Peer authentication using revised El Gamal. 379 380 ecdsaSignature: 381 Peer authentication using Elliptic Curve Digital 382 Signatures. 383 384 gssApiV1: 385 Peer authentication using Generic Security Services 386 API v1. 387 388 gssApiV2: 389 Peer authentication using Generic Security Services 390 API v2. 391 " 392 REFERENCE 393 "rfc2408 and rfc2409" 394 395 SYNTAX INTEGER { 396 other(1), 397 preSharedKey(2), 398 rsaSignature(3), 399 rsaEncryption(4), 400 revRsaEncryption(5), 401 dssSignature(6), 402 elGamalEncryption(7), 403 revElGamalEncryption(8), 404 ecsdaSignature(9), 405 gssApiV1(10), 406 gssApiV2(11) 407 } 408 409 CIPsecDiffHellmanGrp ::= TEXTUAL-CONVENTION 410 STATUS current 411 DESCRIPTION 412 " 413 An indication of whether a Diffie Hellman Group has 414 been specified to be used in negotiations and the 415 type of group as follows. 416 417 'notDH' -- indicates no use of a Diffie Hellman 418 'modp768' -- 768-bit MODP 419 'modp1024' -- 1024-bit MODP 420 'modp1536' -- 1536-bit MODP group 421 'ec2nGP155' -- EC2N group on GP[2^155] 422 'ec2nGP185' -- EC2N group on GP[2^185] 423 'ec2nGF163' -- EC2N group over GF[2^163] 424 'ec2nGF283' -- EC2N group over GF[2^283] 425 'ec2nGF409' -- EC2N group over GF[2^409] 426 'ec2nGF571' -- EC2N group over GF[2^571] 427 'modp2048' -- 2048-bit MODP group 428 429 " 430 REFERENCE 431 "rfc2408, rfc2409 and rfc3526" 432 433 SYNTAX INTEGER { 434 other(1), 435 notDH(2), 436 modp768(3), 437 modp1024(4), 438 ec2nGP155(5), 439 ec2nGP185(6), 440 modp1536(7), -- 1536-bit MODP group 441 ec2nGF163(8), 442 ec2nGF283(9), 443 ec2nGF409(10), 444 ec2nGF571(11), 445 modp2048(12) 446 } 447 448 CIPsecEncapMode ::= TEXTUAL-CONVENTION 449 STATUS current 450 DESCRIPTION 451 " 452 The encapsulation mode used by an IPsec Phase-2 453 Tunnel. 454 455 The type enumerates values to denote the two modes 456 of encapsulation of payload used by IPsec, viz., 457 transport mode (encapTunnel) and tunnel mode 458 (encapTransport). 459 " 460 REFERENCE 461 "rfc2408 and rfc2409" 462 463 SYNTAX INTEGER{ 464 encapTunnel(1), 465 encapTransport(2) 466 } 467 468 CIPsecTransform ::= TEXTUAL-CONVENTION 469 STATUS current 470 DESCRIPTION 471 " 472 The transform to be used by an IPsec Phase-2 473 protocol (ESP or AH or IPCP). 474 475 Description of enum constants of this type: 476 xformAhRFC1829: 477 Authentication Header per RFC1829 478 479 xformAhMD5: 480 Authentication Header using MD5 481 482 xformAhSHA1: 483 Authentication Header using SHA1 484 485 xformEspNULL: 486 ESP with NULL encryption. 487 488 xformEspDES: 489 ESP with DES encryption. 490 491 xformEsp3DES: 492 ESP with 3DES encryption. 493 494 xformEspAES128: 495 ESP with AES encryption using CBC mode (128-bit key). 496 497 xformEspAES192: 498 ESP with AES encryption using CBC mode (192-bit key). 499 500 xformEspAES256: 501 ESP with AES encryption using CBC mode (256-bit key). 502 503 xformEspMD5: 504 ESP with MD5 hash. 505 506 xformEspSHA1: 507 ESP with SHA-1 hash. 508 509 xformCompLZS: 510 IP compression using LZS. 511 512 xformEspRc5: 513 Payload encryption using RC5. 514 515 xformEspIdea: 516 Payload encryption using International 517 Data Encryption Algorithm. 518 519 xformEspCast: 520 Payload encryption using CAST. 521 522 xformEspTwofish: 523 Payload encryption using TwoFish. 524 525 xformEspBlowfish: 526 Payload encryption using BlowFish. 527 528 xformEsp3idea: 529 Payload encryption using International 530 Data Encryption Algorithm. 531 532 xformEspRc4: 533 Payload encryption using RC4. 534 535 xformEspDesMac: 536 ESP with DES MAC hash. 537 538 xformEspHmacSha256: 539 ESP with HMAC SHA-1 hash (256-bit key). 540 541 xformEspHmacSha384: 542 ESP with HMAC SHA-1 has (384-bit key). 543 544 xformEspHmacSha512: 545 ESP with HMAC SHA-1 has (512-bit key). 546 547 xformEspRipemd: 548 ESP with RIPEMD cryptographic hash. 549 550 xformAHDesMac: 551 AH with DES MAC hash. 552 553 xformAHHmacSha256: 554 AH with HMAC SHA-1 hash (256-bit key). 555 556 xformAHHmacSha384: 557 AH with HMAC SHA-1 hash (384-bit key). 558 559 xformAHHmacSha512: 560 AH with HMAC SHA-1 hash (512-bit key). 561 562 xformAHRipemd: 563 AH with RIPEMD cryptographic hash. 564 565 xformEspAESXCbcMac: 566 ESP with AES XCBC MAC authentication. 567 568 xformAHAESXCbcMac: 569 AH with AES XCBC MAC authentication. 570 " 571 REFERENCE 572 "rfc2408 and rfc2409" 573 574 SYNTAX INTEGER{ 575 xformNONE(1), 576 xformOTHER(2), 577 xformAhRFC1829(3), 578 xformAhMD5(4), 579 xformAhSHA1(5), 580 xformEspNULL(6), 581 xformEspDES(7), 582 xformEsp3DES(8), 583 xformEspAES128(9), 584 xformEspAES192(10), 585 xformEspAES256(11), 586 xformEspMD5(12), 587 xformEspSHA1(13), 588 xformCompLZS(14), 589 xformEspAESCtr128(15), 590 xformEspAESCtr192(16), 591 xformEspAESCtr256(17), 592 xformEspRc5(18), 593 xformEspIdea(19), 594 xformEspCast(20), 595 xformEspTwofish(21), 596 xformEspBlowfish(22), 597 xformEsp3idea(23), 598 xformEspRc4(24), 599 xformEspDesMac(25), 600 xformEspHmacSha256(26), 601 xformEspHmacSha384(27), 602 xformEspHmacSha512(28), 603 xformEspRipemd(29), 604 xformAHDesMac(30), 605 xformAHHmacSha256(31), 606 xformAHHmacSha384(32), 607 xformAHHmacSha512(33), 608 xformAHRipemd(34), 609 xformEspAESXCbcMac(35), 610 xformAHAESXCbcMac(36) 611 } 612 613 CIPsecSecuritySuite ::= TEXTUAL-CONVENTION 614 STATUS current 615 DESCRIPTION 616 " 617 The combination of IPsec Phase-2 protocols. 618 619 suiteConfEsp: 620 Confidentiality using ESP. 621 622 suiteIntegEsp: 623 Confidentiality and Integrity check 624 using ESP. 625 626 suiteIntegAh: 627 Integrity check with AH. 628 629 suiteConfComp: 630 Confidentiality using ESP; 631 Packet compression. 632 633 suiteIntegEspComp: 634 Packet Integrity using ESP; 635 Packet compression. 636 637 suiteIntegAhComp: 638 Packet Integrity using AH; 639 Packet compression. 640 641 suiteConfAh: 642 Confidentiality using ESP; 643 Packet Integrity using AH. 644 645 suiteConfAhComp: 646 Confidentiality using ESP; 647 Packet Integrity using AH; 648 Packet compression. 649 650 suiteIntegEspAh: 651 Packet Integrity using ESP and AH. 652 653 suiteIntegEspAhComp: 654 Packet Integrity using ESP and AH; 655 Packet compression. 656 657 suiteConfIntegEsp: 658 Confidentiality and Packet Integrity 659 using ESP. 660 661 suiteConfIntegEspComp: 662 Confidentiality and Packet Integrity 663 using ESP; 664 Packet compression. 665 666 suiteConfIntegEspAh: 667 Confidentiality using ESP; 668 Packet Integrity using ESP and AH. 669 670 suiteConfIntegEspAhComp: 671 Confidentiality using ESP; 672 Packet Integrity using ESP and AH; 673 Packet compression. 674 675 suiteOther: 676 A suite that does not fit any of the 677 above definitions. 678 " 679 REFERENCE 680 "rfc2408 and rfc2409" 681 682 SYNTAX INTEGER{ 683 suiteOther(1), 684 suiteConfEsp(2), 685 suiteIntegEsp(3), 686 suiteIntegAh(4), 687 suiteConfComp(5), 688 suiteIntegEspComp(6), 689 suiteIntegAhComp(7), 690 suiteConfAh(8), 691 suiteConfAhComp(9), 692 suiteIntegEspAh(10), 693 suiteIntegEspAhComp(11), 694 suiteConfIntegEsp(12), 695 suiteConfIntegEspComp(13), 696 suiteConfIntegEspAh(14), 697 suiteConfIntegEspAhComp(15) 698 } 699 700 701 CIPsecNATTraversalMode ::= TEXTUAL-CONVENTION 702 STATUS current 703 DESCRIPTION 704 " 705 The encapsulation mode used to implement NAT 706 traversal. 707 708 Both 'EncapMode' and 'NATTraversalMode' are 709 attributes of a Phase-2 IPsec tunnel. Value of 710 an object of this type is constrained based on 711 the value of its tunnel encapsulation mode: if 712 the tunnel encapsulation mode is 'encapTransport', 713 then the value of this attribute may be one of 714 'natEncapNone' or 'natEncapNATT'. 715 716 Description of enum constants of this type: 717 natEncapIPsecOverUdp: 718 IPsec encapsulation over UDP. 719 720 natEncapIPsecOverTcp: 721 IPsec encapsulation over TCP. 722 723 natEncapNATT: 724 IPsec encapsulation over NAT-T protocol. 725 " 726 727 SYNTAX INTEGER{ 728 natEncapNone(1), 729 natEncapOther(2), 730 natEncapIPsecOverUdp(3), 731 natEncapIPsecOverTcp(4), 732 natEncapNATT(5) 733 } 734 735 736 CIPsecEncryptAlgorithm ::= TEXTUAL-CONVENTION 737 STATUS current 738 DESCRIPTION 739 " 740 The encryption algorithm used in negotiations. 741 Since payload encryption is done by the ESP 742 protocol, these enums are prefixed with 'esp'. 743 744 Description of enum constants of this type: 745 espDes: 746 Payload encryption using 56-bit key DES. 747 748 esp3des: 749 Payload encryption using 168-bit 3DES. 750 751 espRc5: 752 Payload encryption using RC5. 753 754 espIdea: 755 Payload encryption using International 756 Data Encryption Algorithm. 757 758 espCast: 759 Payload encryption using CAST. 760 761 espTwofish: 762 Payload encryption using TwoFish. 763 764 espBlowfish: 765 Payload encryption using BlowFish. 766 767 esp3idea: 768 Payload encryption using International 769 Data Encryption Algorithm. 770 771 espRc4: 772 Payload encryption using RC4. 773 774 espNull: 775 NULL Payload encryption. 776 777 espAes128: 778 espAes192: 779 espAes256: 780 Payload encryption using AES CBC mode and keysizes of 781 128, 192 and 256 bit keys. 782 783 espAesCtr128: 784 espAesCtr192: 785 espAesCtr256: 786 Payload encryption using AES CTR mode and keysizes of 787 128, 192 and 256 bit keys. 788 789 " 790 791 SYNTAX INTEGER { 792 none(1), 793 other(2), 794 espDes(3), 795 esp3des(4), 796 espRc5(5), 797 espIdea(6), 798 espCast(7), 799 espTwofish(8), 800 espBlowfish(9), 801 esp3idea(10), 802 espRc4(11), 803 espNull(12), 804 espAes128(13), 805 espAes192(14), 806 espAes256(15), 807 espAesCtr128(16), 808 espAesCtr192(17), 809 espAesCtr256(18) 810 } 811 812 813 CIPsecSpi ::= TEXTUAL-CONVENTION 814 DISPLAY-HINT "x" 815 STATUS current 816 DESCRIPTION 817 " 818 The type of the SPI (Security Parameter Index) 819 associated with IPsec Phase-2 security associations. 820 " 821 SYNTAX Unsigned32 (256..4294967295) 822 823 824 CIPsecAuthAlgorithm ::= TEXTUAL-CONVENTION 825 STATUS current 826 DESCRIPTION 827 " 828 The authentication algorithm used by a 829 security association of an IPsec Phase-2 830 Tunnel. 831 832 Description of enum constants of this type: 833 hmacMd5: 834 Hash validation using HMAC MD5. 835 836 hmacSha: 837 Hash validation using HMAC SHA-1. 838 839 desMac: 840 Hash validation using DES as MAC. 841 842 hmacSha256: 843 Hash validation using 256-bit SHA-1. 844 845 hmacSha384: 846 Hash validation using 384-bit SHA-1. 847 848 hmacSha512: 849 Hash validation using 512-bit SHA-1. 850 851 ripemd: 852 Hash validation using RIPEMD 853 cryptographic hash function. 854 " 855 SYNTAX INTEGER{ 856 none(1), 857 other(2), 858 hmacMd5(3), 859 hmacSha(4), 860 desMac(5), 861 hmacSha256(6), 862 hmacSha384(7), 863 hmacSha512(8), 864 ripemd(9) 865 } 866 867 CIPsecCompAlgorithm ::= TEXTUAL-CONVENTION 868 STATUS current 869 DESCRIPTION 870 " 871 The compression algorithm used by a 872 security association of an IPsec Phase-2 873 Tunnel. 874 875 Description of enum constants of this type: 876 compOui: 877 IP payload compression using a proprietary 878 algorithm identified using an Organization 879 Unique Identifier (OUI). 880 881 compDeflate: 882 IP payload compression using deflate algorithm. 883 884 compLzs: 885 IP payload compression using LZS algorithm. 886 887 compLzjh: 888 IP payload compression using LZJH algorithm. 889 " 890 SYNTAX INTEGER{ 891 none(1), 892 other(2), 893 compOui(3), 894 compDeflate(4), 895 compLzs(5), 896 compLzjh(6) 897 } 898 899 CIPsecEndPtType ::= TEXTUAL-CONVENTION 900 STATUS current 901 DESCRIPTION 902 " 903 The type of identity use to specify an IPsec 904 End Point. 905 906 For a description of the enum values, please refer 907 to the description of type 908 'CIPsecPhase1PeerIdentityType'. 909 " 910 SYNTAX INTEGER { 911 other(1), 912 idIpv4Addr(2), 913 idIpv4AddrRange(3), 914 idIpv4AddrSubnet(4), 915 idFqdn(5), 916 idUserFqdn(6), 917 idIpv6Addr(7), 918 idIpv6AddrRange(8), 919 idIpv6AddrSubnet(9), 920 idDerAsn1Dn(10), 921 idDerAsn1Gn(11), 922 idKeyId(12) 923 } 924 925 926 CIPsecPhase2SaDirection ::= TEXTUAL-CONVENTION 927 STATUS current 928 DESCRIPTION 929 " 930 Phase-2 IPsec security associations are simplex. 931 This textual convention is used as the type of 932 attribute(s) of a Phase-2 security association. 933 934 Description of enum constants of this type: 935 saDirectionIn: 936 The IPsec security association is used to 937 process incoming traffic. 938 939 saDirectionOut: 940 The IPsec security association is used to 941 process outgoing traffic. 942 " 943 944 REFERENCE 945 "rfc2409" 946 SYNTAX INTEGER { 947 saDirectionUnknown(1), 948 saDirectionIn(2), 949 saDirectionOut(3) 950 } 951 952 953 CIPsecPhase1TunnelIndex ::= TEXTUAL-CONVENTION 954 STATUS current 955 DESCRIPTION 956 " 957 The index of the IPsec Phase-1 (IKE) Tunnel 958 Table. An index of this type is a number which 959 begins at 1 and is incremented with each tunnel 960 that is created. The value of this object will 961 wrap at 2,147,483,647. 962 " 963 SYNTAX Unsigned32 (1..2147483647) 964 965 966 CIPsecPhase1TunnelIndexOrZero ::= TEXTUAL-CONVENTION 967 STATUS current 968 DESCRIPTION 969 " 970 This type defines a range of values for index of 971 the IPsec Phase-1 (IKE) Tunnel Table, including 972 the invalid index '0'. An object of this type 973 is used to implement a soft reference to an IKE 974 tunnel. The value of zero is used to denote the 975 fact that the reference points to a non-existent 976 IKE tunnel. 977 " 978 SYNTAX Unsigned32 (0..2147483647) 979 980 981 CIPsecPhase2TunnelIndex ::= TEXTUAL-CONVENTION 982 STATUS current 983 DESCRIPTION 984 " 985 The type of the index of the IPsec Phase-2 Tunnel 986 Table. An index of this type is a number which 987 begins at one and is incremented with each tunnel 988 that is created. The value of this object will 989 wrap at 2,147,483,647. 990 " 991 SYNTAX Unsigned32 (1..2147483647) 992 993 994 CIPsecPmtu ::= TEXTUAL-CONVENTION 995 STATUS current 996 DESCRIPTION 997 " 998 The type of the Path MTU (Maximum Transmission 999 Unit) of an IPsec Phase-2 Tunnel. 1000 " 1001 SYNTAX Unsigned32 (68..1500) 1002 1003 1004 CIPsecLifetime ::= TEXTUAL-CONVENTION 1005 STATUS current 1006 DESCRIPTION 1007 " 1008 This type corresponds to the lifetime in 1009 seconds of IPsec Phase-2 security associations. 1010 " 1011 SYNTAX Unsigned32 (0|120..86400) 1012 1013 CIPsecLifesize ::= TEXTUAL-CONVENTION 1014 STATUS current 1015 DESCRIPTION 1016 " 1017 This type corresponds to the life-size of 1018 a Phase-2 security association in the number 1019 of kilobytes of data that has been processed 1020 by the security association. 1021 " 1022 SYNTAX Unsigned32(0|2560..4294967295) 1023 1024 CIPsecTunnelIdleTime ::= TEXTUAL-CONVENTION 1025 STATUS current 1026 DESCRIPTION 1027 " 1028 This type corresponds to the time interval 1029 specified in seconds during which no traffic 1030 has been processed by a Phase-2 security 1031 association. 1032 " 1033 SYNTAX Unsigned32 (0|60..86400) 1034 1035 CIPsecNumCryptoMaps ::= TEXTUAL-CONVENTION 1036 STATUS current 1037 DESCRIPTION 1038 " 1039 Integral units representing count of 1040 cryptomaps. 1041 " 1042 SYNTAX Gauge32(0..2147483647) 1043 1044 CIPsecTunnelStatus ::= TEXTUAL-CONVENTION 1045 STATUS current 1046 DESCRIPTION 1047 " 1048 This type represents the status of an IPsec 1049 Phase-1 or Phase-2 Tunnel. Objects of this type 1050 may be used to bring down the tunnel they represent 1051 by setting value of the object to destroy(5). 1052 Objects of this type cannot be used to create 1053 a tunnel. 1054 1055 Description of enum constants of this type: 1056 initializePhase1: 1057 The tunnel is initializing Phase 1 operations 1058 (applies only to IKE tunnels). 1059 1060 awaitXauth: 1061 The tunnel has concluded peer authentication 1062 successfully and is awaiting the completion of 1063 extended Authentication (applies only to IKE 1064 tunnels). 1065 1066 awaitCommit: 1067 The tunnel has concluded initialization and 1068 is awaiting a signal (commit bit) from the peer 1069 to start operations. 1070 1071 active: 1072 The tunnel is active. 1073 1074 destroy: 1075 This value is used in SNMP SET operations to 1076 tear down the specified tunnel. 1077 1078 rekey: 1079 This value is used in SNMP SET operations to 1080 force a rekeying. 1081 " 1082 SYNTAX INTEGER { 1083 initializePhase1(1), 1084 awaitXauth(2), 1085 awaitCommit(3), 1086 active(4), 1087 destroy(5), 1088 rekey(6) 1089 } 1090 1091 1092 CIPsecCryptomapType ::= TEXTUAL-CONVENTION 1093 STATUS current 1094 DESCRIPTION 1095 " 1096 The type of a cryptomap entry. Cryptomap 1097 is a unit of IOS IPSec policy specification. 1098 1099 Description of enum constants of this type: 1100 cryptomapTypeMANUAL: 1101 The cryptomap entry uses manual keying. 1102 1103 cryptomapTypeISAKMP: 1104 The cryptomap entry uses IKE protocol 1105 for keying. 1106 1107 cryptomapTypeDYNAMIC: 1108 The cryptomap entry is dynamically instantiated. 1109 1110 cryptomapTypeDYNAMICDISCOVERY: 1111 The cryptomap entry is dynamically instantiated 1112 and uses tunnel endpoint discovery to identify 1113 the peer during tunnel setup. 1114 " 1115 SYNTAX INTEGER { 1116 cryptomapTypeNONE(1), 1117 cryptomapTypeMANUAL(2), 1118 cryptomapTypeISAKMP(3), 1119 cryptomapTypeCET(4), 1120 cryptomapTypeDYNAMIC(5), 1121 cryptomapTypeDYNAMICDISCOVERY(6) 1122 } 1123 1124 1125 CIPsecCryptomapSetBindStatus ::= TEXTUAL-CONVENTION 1126 STATUS current 1127 DESCRIPTION 1128 " 1129 The status of the binding of a cryptomap set to 1130 the specified interface. The value when queried 1131 is always 'attached'. When set to 'detached', the 1132 cryptomap set if detached from the specified 1133 interface. Setting the value to 'attached' will 1134 result in SNMP General Error. 1135 1136 Description of enum constants of this type: 1137 attached: 1138 The cryptomap set is attached to an interface. 1139 1140 detached: 1141 The cryptomap set is not attached to any interface. 1142 " 1143 SYNTAX INTEGER { 1144 unknown(1), 1145 attached(2), 1146 detached(3) 1147 } 1148 1149 CIPsecIkePRFAlgorithm ::= TEXTUAL-CONVENTION 1150 STATUS current 1151 DESCRIPTION 1152 " 1153 The Pseudo Random Function algorithm used in 1154 IPsec Phase-1 IKEv2 negotiations. 1155 1156 Description of enum constants of this type: 1157 prfHmacMd5: 1158 HMAC version of MDS. 1159 1160 prfHmacSha1: 1161 HMAC version of SHA-1 algorithm 1162 " 1163 SYNTAX INTEGER{ 1164 none(1), 1165 other(2), 1166 prfHmacMd5(3), 1167 prfHmacSha1(4) 1168 } 1169 1170END 1171