1-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00
2
3
4---------------------------------------------------------------------------
5-- (C)opyright 2010-2014 bintec elmeg GmbH
6-- $RCSfile: mib-ikev2,v $
7-- $Revision: 1.6 $
8-- $Date: 2014-02-07 11:21:02 $
9---------------------------------------------------------------------------
10
11FEC-IKEV2-MIB DEFINITIONS ::= BEGIN
12
13IMPORTS
14    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, enterprises,
15    IpAddress, TimeTicks, Counter32, snmpModules, mib-2, Unsigned32, Counter64
16        FROM SNMPv2-SMI
17    DisplayString, TestAndIncr, TimeStamp
18        FROM SNMPv2-TC
19    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
20        FROM SNMPv2-CONF
21    ipsec, Date, HexValue, BitValue
22        FROM BINTEC-MIB;
23
24---------------------------------------------------------------------------
25
26---------------------------------------------------------------------------
27
28ikev2MIB MODULE-IDENTITY
29    LAST-UPDATED "201103020000Z"
30    ORGANIZATION "bintec elmeg GmbH"
31    CONTACT-INFO "EMail:   info@bintec-elmeg.com
32                  Web:     www.bintec-elmeg.com"
33    DESCRIPTION  "Management Information for IKEv2 of IPSec Subsystem"
34
35    ::= { ipsec 252 }
36
37---------------------------------------------------------------------------
38
39-- IKE Security Associations Table
40
41	ikev2SaTable OBJECT-TYPE
42            SYNTAX  SEQUENCE OF Ikev2SaEntry
43            MAX-ACCESS  not-accessible
44            STATUS  current
45            DESCRIPTION
46		"This table contains the list of currently active IKE security
47		 associations, that are created using IKEv2 protocol."
48	::= { ipsec 21 }
49
50	ikev2SaEntry OBJECT-TYPE
51            SYNTAX  Ikev2SaEntry
52            MAX-ACCESS  not-accessible
53            STATUS  current
54            DESCRIPTION
55		"This object contains an IKE security association."
56	    INDEX   {
57		ikev2SaIndex
58	    }
59            ::= { ikev2SaTable 1 }
60
61	Ikev2SaEntry ::=
62            SEQUENCE {
63		ikev2SaIndex			INTEGER,
64		ikev2SaState			INTEGER,
65		ikev2SaAuthMethod		INTEGER,
66		ikev2SaEncAlg			INTEGER,
67		ikev2SaIntegAlg			INTEGER,
68		ikev2SaPrfAlg			INTEGER,
69		ikev2SaGroup			INTEGER,
70		ikev2SaRole			INTEGER,
71		ikev2SaLocalId			DisplayString,
72		ikev2SaRemoteId			DisplayString,
73		ikev2SaLocalIp			IpAddress,
74		ikev2SaRemoteIp			IpAddress,
75		ikev2SaSpiI			OCTET STRING,
76		ikev2SaSpiR			OCTET STRING,
77		ikev2SaCreated			Date,
78		ikev2SaLastUsed			Date,
79		ikev2SaExpires			Date,
80		ikev2SaNumCerts			INTEGER,
81		ikev2SaNumNegotiations		INTEGER,
82		ikev2SaBytes			INTEGER,
83		ikev2SaPeerIndex		INTEGER,
84		ikev2SaLocalPort		INTEGER,
85		ikev2SaRemotePort		INTEGER
86            }
87
88	ikev2SaIndex OBJECT-TYPE
89	    SYNTAX INTEGER
90            MAX-ACCESS  read-only
91            STATUS  current
92            DESCRIPTION
93		 "A unique index for this entry."
94	::= { ikev2SaEntry 1 }
95
96	ikev2SaState OBJECT-TYPE
97	    SYNTAX INTEGER {
98		negotiating(1), -- the SA is still being negotiated
99		established(2),	-- the SA negotiation is finished
100		waiting-for-remove(3), -- the SA is waiting for removal
101		delete(7)	       -- mark the SA for deletion
102	    }
103	    MAX-ACCESS read-write
104	    STATUS current
105	    DESCRIPTION
106		"This object specifies the state of the SA.
107		  Possible values:
108		   negotiating(1),        -- the SA is still being negotiated
109		   established(2),        -- the SA negotiation is finished
110		   waiting-for-remove(3), -- the SA is waiting for removal
111		   delete(7)	          -- mark the SA for deletion."
112	    DEFVAL { negotiating }
113	::= { ikev2SaEntry 2 }
114
115	ikev2SaAuthMethod OBJECT-TYPE
116	    SYNTAX INTEGER {
117		pre-sh-key(1), 	-- Authentication using pre shared keys
118		dss-sig(2), 	-- Authentication using DSS signatures
119		rsa-sig(3), 	-- Authentication using RSA signatures
120		rsa-enc(4), 	-- Authentication using RSA encryption
121		rsa-enc-rev(5) 	-- Authentication using revised RSA encryption
122	    }
123	    MAX-ACCESS read-only
124	    STATUS current
125	    DESCRIPTION
126		"The authentication method used when creating this SA.
127		  Possible values:
128		   pre-sh-key(1), 	-- Authentication using pre shared keys
129		   dss-sig(2), 	  -- Authentication using DSS signatures
130		   rsa-sig(3), 	  -- Authentication using RSA signatures
131		   rsa-enc(4), 	  -- Authentication using RSA encryption
132		   rsa-enc-rev(5) -- Authentication using revised RSA encryption."
133	::= { ikev2SaEntry 3 }
134
135	ikev2SaEncAlg OBJECT-TYPE
136	    SYNTAX INTEGER {
137		des(2),
138		des3(3),
139		rc5(4),
140		idea(5),
141		cast(6),
142		blowfish(7),
143		aes-cbc(12),
144		aes-ctr(13)
145	    }
146	    MAX-ACCESS read-only
147	    STATUS current
148	    DESCRIPTION
149		"The encryption algorithm used for the IKE_SA.
150		  Possible values:
151		   des(2),
152		   des3(3),
153	           rc5(4),
154		   idea(5),
155		   cast(6),
156		   blowfish(7),
157		   aes-cbc(12),
158		   aes-ctr(13)"
159	::= { ikev2SaEntry 4 }
160
161	ikev2SaIntegAlg OBJECT-TYPE
162	    SYNTAX INTEGER {
163		hmac-md5-96(1),		-- The MD5 hash algorithm
164		hmac-sha1-96(2)	 	-- The Secure Hash Algorithm
165	    }
166	    MAX-ACCESS read-only
167	    STATUS current
168	    DESCRIPTION
169		"The integrity protection algorithm used for the IKE_SA.
170		  Possible values:
171		   hmac-md5-96(1),
172		   hmac-sha1-96(2)"
173	::= { ikev2SaEntry 5 }
174
175	ikev2SaPrfAlg OBJECT-TYPE
176	    SYNTAX INTEGER {
177		hmac-md5(1),		-- The MD5 hash algorithm
178		hmac-sha1(2)		-- The Secure Hash Algorithm
179	    }
180	    MAX-ACCESS read-only
181	    STATUS current
182	    DESCRIPTION
183		"The hash algorithm used for the pseudo random function.
184		  Possible values:
185		   hmac-md5(1),
186		   hmac-sha1(2)"
187	::= { ikev2SaEntry 6 }
188
189	ikev2SaGroup OBJECT-TYPE
190	    SYNTAX INTEGER
191	    MAX-ACCESS read-only
192	    STATUS current
193	    DESCRIPTION
194		"The Diffie-Hellman group used for the IKE_SA.
195		  Possible values:
196		   1	- DH-group 768-bit MODP,
197		   2	- DH-group 1024-bit MODP"
198	::= { ikev2SaEntry 7 }
199
200	ikev2SaRole OBJECT-TYPE
201	    SYNTAX INTEGER {
202		initiator(1), 	-- this end initiated the SA negotiation
203		responder(2)	-- the remote end initiated the SA negotiation
204	    }
205	    MAX-ACCESS read-only
206	    STATUS current
207	    DESCRIPTION
208		"This object specifies by which side the SA
209		 negotiation was initiated.
210		  Possible values:
211		   initiator(1), -- this end	initiated the SA negotiation
212		   responder(2)  -- the remote end initiated the SA negotiation."
213	::= { ikev2SaEntry 8 }
214
215	ikev2SaLocalId OBJECT-TYPE
216	    SYNTAX DisplayString
217	    MAX-ACCESS read-only
218	    STATUS current
219	    DESCRIPTION
220		"The local ID used for authentication."
221	::= { ikev2SaEntry 9 }
222
223	ikev2SaRemoteId OBJECT-TYPE
224	    SYNTAX DisplayString
225	    MAX-ACCESS read-only
226	    STATUS current
227	    DESCRIPTION
228		"The remote ID used for authentication."
229	::= { ikev2SaEntry 10 }
230
231	ikev2SaLocalIp OBJECT-TYPE
232	    SYNTAX IpAddress
233	    MAX-ACCESS read-only
234	    STATUS current
235	    DESCRIPTION
236		"The local IP address used in the IKE communication."
237	::= { ikev2SaEntry 11 }
238
239	ikev2SaRemoteIp OBJECT-TYPE
240	    SYNTAX IpAddress
241	    MAX-ACCESS read-only
242	    STATUS current
243	    DESCRIPTION
244		"The remote IP address used in the IKE communication."
245	::= { ikev2SaEntry 12 }
246
247	ikev2SaSpiI OBJECT-TYPE
248	    SYNTAX OCTET STRING
249	    MAX-ACCESS read-only
250	    STATUS current
251	    DESCRIPTION
252		"The SPI of the initiator."
253	::= { ikev2SaEntry 13 }
254
255	ikev2SaSpiR OBJECT-TYPE
256	    SYNTAX OCTET STRING
257	    MAX-ACCESS read-only
258	    STATUS current
259	    DESCRIPTION
260		"The SPI of the responder."
261	::= { ikev2SaEntry 14 }
262
263	ikev2SaCreated OBJECT-TYPE
264	    SYNTAX  Date
265	    MAX-ACCESS  read-only
266	    STATUS  current
267	    DESCRIPTION
268		"Time the SA was created."
269	::= { ikev2SaEntry 15 }
270
271	ikev2SaLastUsed OBJECT-TYPE
272	    SYNTAX  Date
273	    MAX-ACCESS  read-only
274	    STATUS  current
275	    DESCRIPTION
276		"Time the SA was used last."
277	::= { ikev2SaEntry 16 }
278
279	ikev2SaExpires OBJECT-TYPE
280	    SYNTAX  Date
281	    MAX-ACCESS  read-only
282	    STATUS  current
283	    DESCRIPTION
284		"Time the SA will expire."
285	::= { ikev2SaEntry 17 }
286
287	ikev2SaNumCerts OBJECT-TYPE
288	    SYNTAX INTEGER
289	    MAX-ACCESS read-only
290	    STATUS current
291	    DESCRIPTION
292		"The number of certificates received from the remote
293		 side when negotiating this SA."
294	::= { ikev2SaEntry 18 }
295
296	ikev2SaNumNegotiations OBJECT-TYPE
297	    SYNTAX INTEGER
298            MAX-ACCESS  read-only
299            STATUS  current
300            DESCRIPTION
301		 "This object specifies the number of currently active
302		  negotiations for this SA."
303	::= { ikev2SaEntry 19 }
304
305	ikev2SaBytes OBJECT-TYPE
306	    SYNTAX INTEGER
307            MAX-ACCESS  read-only
308            STATUS  current
309            DESCRIPTION
310		 "Number of bytes transmitted using this SA."
311	::= { ikev2SaEntry 20 }
312
313	ikev2SaPeerIndex OBJECT-TYPE
314	    SYNTAX INTEGER
315	    MAX-ACCESS read-only
316	    STATUS current
317	    DESCRIPTION
318		"The index of the peer for which this SA was created."
319	::= { ikev2SaEntry 21 }
320
321	ikev2SaLocalPort OBJECT-TYPE
322	    SYNTAX INTEGER (0..65535)
323            MAX-ACCESS  read-only
324            STATUS  current
325            DESCRIPTION
326		 "Local port currently used for the SA."
327	::= { ikev2SaEntry 22 }
328
329	ikev2SaRemotePort OBJECT-TYPE
330	    SYNTAX INTEGER (0..65535)
331            MAX-ACCESS  read-only
332            STATUS  current
333            DESCRIPTION
334		 "Remote port currently used for the SA."
335	::= { ikev2SaEntry 23 }
336
337-- End IKE Security Associations Table
338
339
340-- IKEv2 Profile Table
341
342	ikev2ProfileTable OBJECT-TYPE
343            SYNTAX  SEQUENCE OF Ikev2ProfileEntry
344            MAX-ACCESS  not-accessible
345            STATUS  current
346            DESCRIPTION
347		"This table contains the list of IKE_SA profiles.
348		 these profiles are neede when using IKEv2 protocol."
349	::= { ipsec 22 }
350
351	ikev2ProfileEntry OBJECT-TYPE
352            SYNTAX  Ikev2ProfileEntry
353            MAX-ACCESS  not-accessible
354            STATUS  current
355            DESCRIPTION
356		"This object contains an IKE_SA profile."
357	    INDEX   {
358		ikev2PrfIndex
359	    }
360            ::= { ikev2ProfileTable 1 }
361
362	Ikev2ProfileEntry ::=
363	    SEQUENCE {
364		ikev2PrfIndex			Unsigned32,
365		ikev2PrfDescription		DisplayString,
366		ikev2PrfProposal		Unsigned32,
367		ikev2PrfBlockTime		INTEGER,
368		ikev2PrfNatT			INTEGER,
369		ikev2PrfMtuMax			INTEGER,
370		ikev2PrfLifeSeconds		Unsigned32,
371		ikev2PrfAliveCheck		INTEGER
372	    }
373
374	ikev2PrfIndex OBJECT-TYPE
375	    SYNTAX Unsigned32 (1..4294967295)
376	    MAX-ACCESS read-write
377	    STATUS current
378	    DESCRIPTION
379		"A unique index identifying this entry."
380	::= { ikev2ProfileEntry 1 }
381
382	ikev2PrfDescription OBJECT-TYPE
383	    SYNTAX DisplayString
384	    MAX-ACCESS read-write
385	    STATUS current
386	    DESCRIPTION
387		"An optional description for this profile."
388	::= { ikev2ProfileEntry 2 }
389
390	ikev2PrfProposal OBJECT-TYPE
391	    SYNTAX Unsigned32
392	    MAX-ACCESS read-write
393	    STATUS current
394	    DESCRIPTION
395		"The index of the first IKE proposal which may be used
396		 for IKE SA negotiation with this profile."
397	::= { ikev2ProfileEntry 3 }
398
399	ikev2PrfBlockTime OBJECT-TYPE
400	    SYNTAX INTEGER (-1..86400)
401		UNITS "seconds"
402	    MAX-ACCESS read-write
403	    STATUS current
404	    DESCRIPTION
405		"This object specifies the time in seconds for which a peer is
406		 blocked for any IPSec operations after a phase 1 initiator
407		 negotiation failed.
408		  Special values:
409		   -1: use settings from global profile (do not block by default)
410		    0: do not block the peer at all."
411	    DEFVAL { -1 }
412	::= { ikev2ProfileEntry 4 }
413
414	ikev2PrfNatT OBJECT-TYPE
415	    SYNTAX INTEGER {
416		enabled(1), 	-- enable Nat-Traversal
417		disabled(2),	-- disable Nat-Traversal
418		default(3),   	-- use value from default profile
419                                -- (enabled, if this is the default profile)
420		delete(4)   	-- mark this entry for deletion
421	    }
422	    MAX-ACCESS read-write
423	    STATUS current
424	    DESCRIPTION
425		"This object specifies whether NAT-Traversal is enabled
426		  Possible values:
427		   enabled(1), 	-- enable Nat-Traversal
428		   disabled(2),	-- disable Nat-Traversal
429		   default(3)   -- use value from default profile
430                                -- (disabled, if this is the default profile)."
431	    DEFVAL { default }
432	::= { ikev2ProfileEntry 5 }
433
434	ikev2PrfMtuMax OBJECT-TYPE
435	    SYNTAX INTEGER (0..65535)
436	    MAX-ACCESS read-write
437	    STATUS current
438	    DESCRIPTION
439		"The maximum MTU value allowed for ipsecPeerMtu.
440		 Zero means use value from global profile,
441		 if this is the global profile, 1418 is assumed.
442		 Nonzero values smaller than 214 are reset to the minimum of 214."
443	    DEFVAL { 0 }
444	::= { ikev2ProfileEntry 6 }
445
446	ikev2PrfLifeSeconds OBJECT-TYPE
447	    SYNTAX Unsigned32
448		UNITS "seconds"
449	    MAX-ACCESS read-write
450	    STATUS current
451	    DESCRIPTION
452		"The time (in seconds) after which an SA will be rekeyed."
453	    DEFVAL { 3600 }
454	::= { ikev2ProfileEntry 7 }
455
456	ikev2PrfAliveCheck OBJECT-TYPE
457	    SYNTAX INTEGER {
458		enabled(1), 	-- enable alive check
459		disabled(2)	-- disable alive check
460	    }
461	    MAX-ACCESS read-write
462	    STATUS current
463	    DESCRIPTION
464		"This object specifies if a check is done to see whether the
465		 other endpoint is alive.
466		(only for IKEv2)."
467	    DEFVAL { enabled }
468	::= { ikev2ProfileEntry 8 }
469
470-- End IKE SA Profile Table (IKEv2)
471
472
473
474END
475