1-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00 2 3 4--------------------------------------------------------------------------- 5-- (C)opyright 2010-2014 bintec elmeg GmbH 6-- $RCSfile: mib-ikev2,v $ 7-- $Revision: 1.6 $ 8-- $Date: 2014-02-07 11:21:02 $ 9--------------------------------------------------------------------------- 10 11FEC-IKEV2-MIB DEFINITIONS ::= BEGIN 12 13IMPORTS 14 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, enterprises, 15 IpAddress, TimeTicks, Counter32, snmpModules, mib-2, Unsigned32, Counter64 16 FROM SNMPv2-SMI 17 DisplayString, TestAndIncr, TimeStamp 18 FROM SNMPv2-TC 19 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 20 FROM SNMPv2-CONF 21 ipsec, Date, HexValue, BitValue 22 FROM BINTEC-MIB; 23 24--------------------------------------------------------------------------- 25 26--------------------------------------------------------------------------- 27 28ikev2MIB MODULE-IDENTITY 29 LAST-UPDATED "201103020000Z" 30 ORGANIZATION "bintec elmeg GmbH" 31 CONTACT-INFO "EMail: info@bintec-elmeg.com 32 Web: www.bintec-elmeg.com" 33 DESCRIPTION "Management Information for IKEv2 of IPSec Subsystem" 34 35 ::= { ipsec 252 } 36 37--------------------------------------------------------------------------- 38 39-- IKE Security Associations Table 40 41 ikev2SaTable OBJECT-TYPE 42 SYNTAX SEQUENCE OF Ikev2SaEntry 43 MAX-ACCESS not-accessible 44 STATUS current 45 DESCRIPTION 46 "This table contains the list of currently active IKE security 47 associations, that are created using IKEv2 protocol." 48 ::= { ipsec 21 } 49 50 ikev2SaEntry OBJECT-TYPE 51 SYNTAX Ikev2SaEntry 52 MAX-ACCESS not-accessible 53 STATUS current 54 DESCRIPTION 55 "This object contains an IKE security association." 56 INDEX { 57 ikev2SaIndex 58 } 59 ::= { ikev2SaTable 1 } 60 61 Ikev2SaEntry ::= 62 SEQUENCE { 63 ikev2SaIndex INTEGER, 64 ikev2SaState INTEGER, 65 ikev2SaAuthMethod INTEGER, 66 ikev2SaEncAlg INTEGER, 67 ikev2SaIntegAlg INTEGER, 68 ikev2SaPrfAlg INTEGER, 69 ikev2SaGroup INTEGER, 70 ikev2SaRole INTEGER, 71 ikev2SaLocalId DisplayString, 72 ikev2SaRemoteId DisplayString, 73 ikev2SaLocalIp IpAddress, 74 ikev2SaRemoteIp IpAddress, 75 ikev2SaSpiI OCTET STRING, 76 ikev2SaSpiR OCTET STRING, 77 ikev2SaCreated Date, 78 ikev2SaLastUsed Date, 79 ikev2SaExpires Date, 80 ikev2SaNumCerts INTEGER, 81 ikev2SaNumNegotiations INTEGER, 82 ikev2SaBytes INTEGER, 83 ikev2SaPeerIndex INTEGER, 84 ikev2SaLocalPort INTEGER, 85 ikev2SaRemotePort INTEGER 86 } 87 88 ikev2SaIndex OBJECT-TYPE 89 SYNTAX INTEGER 90 MAX-ACCESS read-only 91 STATUS current 92 DESCRIPTION 93 "A unique index for this entry." 94 ::= { ikev2SaEntry 1 } 95 96 ikev2SaState OBJECT-TYPE 97 SYNTAX INTEGER { 98 negotiating(1), -- the SA is still being negotiated 99 established(2), -- the SA negotiation is finished 100 waiting-for-remove(3), -- the SA is waiting for removal 101 delete(7) -- mark the SA for deletion 102 } 103 MAX-ACCESS read-write 104 STATUS current 105 DESCRIPTION 106 "This object specifies the state of the SA. 107 Possible values: 108 negotiating(1), -- the SA is still being negotiated 109 established(2), -- the SA negotiation is finished 110 waiting-for-remove(3), -- the SA is waiting for removal 111 delete(7) -- mark the SA for deletion." 112 DEFVAL { negotiating } 113 ::= { ikev2SaEntry 2 } 114 115 ikev2SaAuthMethod OBJECT-TYPE 116 SYNTAX INTEGER { 117 pre-sh-key(1), -- Authentication using pre shared keys 118 dss-sig(2), -- Authentication using DSS signatures 119 rsa-sig(3), -- Authentication using RSA signatures 120 rsa-enc(4), -- Authentication using RSA encryption 121 rsa-enc-rev(5) -- Authentication using revised RSA encryption 122 } 123 MAX-ACCESS read-only 124 STATUS current 125 DESCRIPTION 126 "The authentication method used when creating this SA. 127 Possible values: 128 pre-sh-key(1), -- Authentication using pre shared keys 129 dss-sig(2), -- Authentication using DSS signatures 130 rsa-sig(3), -- Authentication using RSA signatures 131 rsa-enc(4), -- Authentication using RSA encryption 132 rsa-enc-rev(5) -- Authentication using revised RSA encryption." 133 ::= { ikev2SaEntry 3 } 134 135 ikev2SaEncAlg OBJECT-TYPE 136 SYNTAX INTEGER { 137 des(2), 138 des3(3), 139 rc5(4), 140 idea(5), 141 cast(6), 142 blowfish(7), 143 aes-cbc(12), 144 aes-ctr(13) 145 } 146 MAX-ACCESS read-only 147 STATUS current 148 DESCRIPTION 149 "The encryption algorithm used for the IKE_SA. 150 Possible values: 151 des(2), 152 des3(3), 153 rc5(4), 154 idea(5), 155 cast(6), 156 blowfish(7), 157 aes-cbc(12), 158 aes-ctr(13)" 159 ::= { ikev2SaEntry 4 } 160 161 ikev2SaIntegAlg OBJECT-TYPE 162 SYNTAX INTEGER { 163 hmac-md5-96(1), -- The MD5 hash algorithm 164 hmac-sha1-96(2) -- The Secure Hash Algorithm 165 } 166 MAX-ACCESS read-only 167 STATUS current 168 DESCRIPTION 169 "The integrity protection algorithm used for the IKE_SA. 170 Possible values: 171 hmac-md5-96(1), 172 hmac-sha1-96(2)" 173 ::= { ikev2SaEntry 5 } 174 175 ikev2SaPrfAlg OBJECT-TYPE 176 SYNTAX INTEGER { 177 hmac-md5(1), -- The MD5 hash algorithm 178 hmac-sha1(2) -- The Secure Hash Algorithm 179 } 180 MAX-ACCESS read-only 181 STATUS current 182 DESCRIPTION 183 "The hash algorithm used for the pseudo random function. 184 Possible values: 185 hmac-md5(1), 186 hmac-sha1(2)" 187 ::= { ikev2SaEntry 6 } 188 189 ikev2SaGroup OBJECT-TYPE 190 SYNTAX INTEGER 191 MAX-ACCESS read-only 192 STATUS current 193 DESCRIPTION 194 "The Diffie-Hellman group used for the IKE_SA. 195 Possible values: 196 1 - DH-group 768-bit MODP, 197 2 - DH-group 1024-bit MODP" 198 ::= { ikev2SaEntry 7 } 199 200 ikev2SaRole OBJECT-TYPE 201 SYNTAX INTEGER { 202 initiator(1), -- this end initiated the SA negotiation 203 responder(2) -- the remote end initiated the SA negotiation 204 } 205 MAX-ACCESS read-only 206 STATUS current 207 DESCRIPTION 208 "This object specifies by which side the SA 209 negotiation was initiated. 210 Possible values: 211 initiator(1), -- this end initiated the SA negotiation 212 responder(2) -- the remote end initiated the SA negotiation." 213 ::= { ikev2SaEntry 8 } 214 215 ikev2SaLocalId OBJECT-TYPE 216 SYNTAX DisplayString 217 MAX-ACCESS read-only 218 STATUS current 219 DESCRIPTION 220 "The local ID used for authentication." 221 ::= { ikev2SaEntry 9 } 222 223 ikev2SaRemoteId OBJECT-TYPE 224 SYNTAX DisplayString 225 MAX-ACCESS read-only 226 STATUS current 227 DESCRIPTION 228 "The remote ID used for authentication." 229 ::= { ikev2SaEntry 10 } 230 231 ikev2SaLocalIp OBJECT-TYPE 232 SYNTAX IpAddress 233 MAX-ACCESS read-only 234 STATUS current 235 DESCRIPTION 236 "The local IP address used in the IKE communication." 237 ::= { ikev2SaEntry 11 } 238 239 ikev2SaRemoteIp OBJECT-TYPE 240 SYNTAX IpAddress 241 MAX-ACCESS read-only 242 STATUS current 243 DESCRIPTION 244 "The remote IP address used in the IKE communication." 245 ::= { ikev2SaEntry 12 } 246 247 ikev2SaSpiI OBJECT-TYPE 248 SYNTAX OCTET STRING 249 MAX-ACCESS read-only 250 STATUS current 251 DESCRIPTION 252 "The SPI of the initiator." 253 ::= { ikev2SaEntry 13 } 254 255 ikev2SaSpiR OBJECT-TYPE 256 SYNTAX OCTET STRING 257 MAX-ACCESS read-only 258 STATUS current 259 DESCRIPTION 260 "The SPI of the responder." 261 ::= { ikev2SaEntry 14 } 262 263 ikev2SaCreated OBJECT-TYPE 264 SYNTAX Date 265 MAX-ACCESS read-only 266 STATUS current 267 DESCRIPTION 268 "Time the SA was created." 269 ::= { ikev2SaEntry 15 } 270 271 ikev2SaLastUsed OBJECT-TYPE 272 SYNTAX Date 273 MAX-ACCESS read-only 274 STATUS current 275 DESCRIPTION 276 "Time the SA was used last." 277 ::= { ikev2SaEntry 16 } 278 279 ikev2SaExpires OBJECT-TYPE 280 SYNTAX Date 281 MAX-ACCESS read-only 282 STATUS current 283 DESCRIPTION 284 "Time the SA will expire." 285 ::= { ikev2SaEntry 17 } 286 287 ikev2SaNumCerts OBJECT-TYPE 288 SYNTAX INTEGER 289 MAX-ACCESS read-only 290 STATUS current 291 DESCRIPTION 292 "The number of certificates received from the remote 293 side when negotiating this SA." 294 ::= { ikev2SaEntry 18 } 295 296 ikev2SaNumNegotiations OBJECT-TYPE 297 SYNTAX INTEGER 298 MAX-ACCESS read-only 299 STATUS current 300 DESCRIPTION 301 "This object specifies the number of currently active 302 negotiations for this SA." 303 ::= { ikev2SaEntry 19 } 304 305 ikev2SaBytes OBJECT-TYPE 306 SYNTAX INTEGER 307 MAX-ACCESS read-only 308 STATUS current 309 DESCRIPTION 310 "Number of bytes transmitted using this SA." 311 ::= { ikev2SaEntry 20 } 312 313 ikev2SaPeerIndex OBJECT-TYPE 314 SYNTAX INTEGER 315 MAX-ACCESS read-only 316 STATUS current 317 DESCRIPTION 318 "The index of the peer for which this SA was created." 319 ::= { ikev2SaEntry 21 } 320 321 ikev2SaLocalPort OBJECT-TYPE 322 SYNTAX INTEGER (0..65535) 323 MAX-ACCESS read-only 324 STATUS current 325 DESCRIPTION 326 "Local port currently used for the SA." 327 ::= { ikev2SaEntry 22 } 328 329 ikev2SaRemotePort OBJECT-TYPE 330 SYNTAX INTEGER (0..65535) 331 MAX-ACCESS read-only 332 STATUS current 333 DESCRIPTION 334 "Remote port currently used for the SA." 335 ::= { ikev2SaEntry 23 } 336 337-- End IKE Security Associations Table 338 339 340-- IKEv2 Profile Table 341 342 ikev2ProfileTable OBJECT-TYPE 343 SYNTAX SEQUENCE OF Ikev2ProfileEntry 344 MAX-ACCESS not-accessible 345 STATUS current 346 DESCRIPTION 347 "This table contains the list of IKE_SA profiles. 348 these profiles are neede when using IKEv2 protocol." 349 ::= { ipsec 22 } 350 351 ikev2ProfileEntry OBJECT-TYPE 352 SYNTAX Ikev2ProfileEntry 353 MAX-ACCESS not-accessible 354 STATUS current 355 DESCRIPTION 356 "This object contains an IKE_SA profile." 357 INDEX { 358 ikev2PrfIndex 359 } 360 ::= { ikev2ProfileTable 1 } 361 362 Ikev2ProfileEntry ::= 363 SEQUENCE { 364 ikev2PrfIndex Unsigned32, 365 ikev2PrfDescription DisplayString, 366 ikev2PrfProposal Unsigned32, 367 ikev2PrfBlockTime INTEGER, 368 ikev2PrfNatT INTEGER, 369 ikev2PrfMtuMax INTEGER, 370 ikev2PrfLifeSeconds Unsigned32, 371 ikev2PrfAliveCheck INTEGER 372 } 373 374 ikev2PrfIndex OBJECT-TYPE 375 SYNTAX Unsigned32 (1..4294967295) 376 MAX-ACCESS read-write 377 STATUS current 378 DESCRIPTION 379 "A unique index identifying this entry." 380 ::= { ikev2ProfileEntry 1 } 381 382 ikev2PrfDescription OBJECT-TYPE 383 SYNTAX DisplayString 384 MAX-ACCESS read-write 385 STATUS current 386 DESCRIPTION 387 "An optional description for this profile." 388 ::= { ikev2ProfileEntry 2 } 389 390 ikev2PrfProposal OBJECT-TYPE 391 SYNTAX Unsigned32 392 MAX-ACCESS read-write 393 STATUS current 394 DESCRIPTION 395 "The index of the first IKE proposal which may be used 396 for IKE SA negotiation with this profile." 397 ::= { ikev2ProfileEntry 3 } 398 399 ikev2PrfBlockTime OBJECT-TYPE 400 SYNTAX INTEGER (-1..86400) 401 UNITS "seconds" 402 MAX-ACCESS read-write 403 STATUS current 404 DESCRIPTION 405 "This object specifies the time in seconds for which a peer is 406 blocked for any IPSec operations after a phase 1 initiator 407 negotiation failed. 408 Special values: 409 -1: use settings from global profile (do not block by default) 410 0: do not block the peer at all." 411 DEFVAL { -1 } 412 ::= { ikev2ProfileEntry 4 } 413 414 ikev2PrfNatT OBJECT-TYPE 415 SYNTAX INTEGER { 416 enabled(1), -- enable Nat-Traversal 417 disabled(2), -- disable Nat-Traversal 418 default(3), -- use value from default profile 419 -- (enabled, if this is the default profile) 420 delete(4) -- mark this entry for deletion 421 } 422 MAX-ACCESS read-write 423 STATUS current 424 DESCRIPTION 425 "This object specifies whether NAT-Traversal is enabled 426 Possible values: 427 enabled(1), -- enable Nat-Traversal 428 disabled(2), -- disable Nat-Traversal 429 default(3) -- use value from default profile 430 -- (disabled, if this is the default profile)." 431 DEFVAL { default } 432 ::= { ikev2ProfileEntry 5 } 433 434 ikev2PrfMtuMax OBJECT-TYPE 435 SYNTAX INTEGER (0..65535) 436 MAX-ACCESS read-write 437 STATUS current 438 DESCRIPTION 439 "The maximum MTU value allowed for ipsecPeerMtu. 440 Zero means use value from global profile, 441 if this is the global profile, 1418 is assumed. 442 Nonzero values smaller than 214 are reset to the minimum of 214." 443 DEFVAL { 0 } 444 ::= { ikev2ProfileEntry 6 } 445 446 ikev2PrfLifeSeconds OBJECT-TYPE 447 SYNTAX Unsigned32 448 UNITS "seconds" 449 MAX-ACCESS read-write 450 STATUS current 451 DESCRIPTION 452 "The time (in seconds) after which an SA will be rekeyed." 453 DEFVAL { 3600 } 454 ::= { ikev2ProfileEntry 7 } 455 456 ikev2PrfAliveCheck OBJECT-TYPE 457 SYNTAX INTEGER { 458 enabled(1), -- enable alive check 459 disabled(2) -- disable alive check 460 } 461 MAX-ACCESS read-write 462 STATUS current 463 DESCRIPTION 464 "This object specifies if a check is done to see whether the 465 other endpoint is alive. 466 (only for IKEv2)." 467 DEFVAL { enabled } 468 ::= { ikev2ProfileEntry 8 } 469 470-- End IKE SA Profile Table (IKEv2) 471 472 473 474END 475