AD | Application | AWS | Azure | Cloud | Database | Enterprise | Environmental | Event Log | File System | Infra | IoT | IT Service | Linux | Network/System | Performance | Protocol | SaaS | Security | Service Level | SNMP | Storage | VMware | VoIP | Web | Wireless

Crumbtrail

MonitorTools.com » Technical documentation » SNMP » MIB » Cisco » CISCO-IPSEC-POLICY-MAP-MIB » Objects

CISCO-IPSEC-POLICY-MAP-MIB.mib object view, vendor Cisco

Introduction

Most network devices and programs ship with so-called MIB files to describe the parameters and meanings (i.e.: friendly names) which are available for monitoring via SNMP.
ActiveXperts Network Monitor 2024 can import vendor-specific MIB files, so it can be used to monitor specific OID's (Object Identifiers). This way, you can monitor your devices, computers, etc. by selecting your relevant OID's by name.

ActiveXperts Network Monitor 2024 can import MIB file CISCO-IPSEC-POLICY-MAP-MIB and use it to monitor vendor specific OID's.

CISCO-IPSEC-POLICY-MAP-MIB file content

Object view of CISCO-IPSEC-POLICY-MAP-MIB:

Scalar Object
ikePolMapEntry .1.3.6.1.4.1.9.9.172.1.1.1.1
Each entry contains the attributes associated with mapping an active IPSec Phase-1 IKE Tunnel to it's configured Policy definition.
ipSecPolMapEntry .1.3.6.1.4.1.9.9.172.1.2.1.1
Each entry contains the attributes associated with mapping an active IPSec Phase-2 Tunnel to its configured Policy definition.
Tabular Object
ikePolMapTunIndex .1.3.6.1.4.1.9.9.172.1.1.1.1.1
The index of the IPSec Phase-1 Tunnel to Policy Map Table. The value of the index is the number used to represent this IPSec Phase-1 Tunnel in the IPSec MIB (ikeTunIndex in the ikeTunnelTable).
ikePolMapPolicyNum .1.3.6.1.4.1.9.9.172.1.1.1.1.2
The number of the locally defined ISAKMP policy used to establish the IPSec IKE Phase-1 Tunnel. This is the number which was used on the crypto command. For example, if the configuration command was: ==> crypto isakmp policy 15 then the value of this object would be 15. If ISAKMP was not used to establish this tunnel, then the value of this object will be zero.
ipSecPolMapTunIndex .1.3.6.1.4.1.9.9.172.1.2.1.1.1
The index of the IPSec Phase-2 Tunnel to Policy Map Table. The value of the index is the number used to represent this IPSec Phase-2 Tunnel in the IPSec MIB (ipSecTunIndex in the ipSecTunnelTable).
ipSecPolMapCryptoMapName .1.3.6.1.4.1.9.9.172.1.2.1.1.2
The value of this object should be the name of the IPSec Policy (cryptomap) as assigned by the operator while configuring the policy of the IPSec traffic. For instance, on an IOS router, the if the command entered to configure the IPSec policy was ==> crypto map ftpPolicy 10 ipsec-isakmp then the value of this object would be 'ftpPolicy'.
ipSecPolMapCryptoMapNum .1.3.6.1.4.1.9.9.172.1.2.1.1.3
The value of this object should be the priority of the IPSec Policy (cryptomap) assigned by the operator while configuring the policy of this IPSec tunnel. For instance, on an IOS router, the if the command entered to configure the IPSec policy was ==> crypto map ftpPolicy 10 ipsec-isakmp then the value of this object would be 10.
ipSecPolMapAclString .1.3.6.1.4.1.9.9.172.1.2.1.1.4
The value of this object is the number or the name of the access control string (ACL) that caused this IPSec tunnel to be established. The ACL that causes an IPSec tunnel to be established is referenced by the cryptomap of the tunnel. The ACL identifies the traffic that requires protection as defined by the policy. For instance, the ACL that requires FTP traffic between local subnet 172.16.14.0 and a remote subnet 172.16.16.0 to be protected is defined as ==>access-list 101 permit tcp 172.16.14.0 0.0.0.255 172.16.16.0 0.0.0.255 eq ftp When this command causes an IPSec tunnel to be established, the object 'ipSecPolMapAclString' assumes the string value '101'. If the ACL is a named list such as ==> ip access-list standard myAcl permit 172.16.16.8 0.0.0.0 then the value of this MIB element corresponding to IPSec tunnel that was created by this ACL would be 'myAcl'.
ipSecPolMapAceString .1.3.6.1.4.1.9.9.172.1.2.1.1.5
The value of this object is the access control entry (ACE) within the ACL that caused this IPSec tunnel to be established. For instance, if an ACL defines access for two traffic streams (FTP and SNMP) as follows: access-list 101 permit tcp 172.16.14.0 0.0.0.255 172.16.16.0 0.0.0.255 eq ftp access-list 101 permit udp 172.16.14.0 0.0.0.255 host 172.16.16.1 eq 161 When associated with an IPSec policy, the second element of the ACL gives rise to an IPSec tunnel in the wake of SNMP traffic. The value of the object 'ipSecPolMapAceString' for the IPSec tunnel would be then the string 'access-list 101 permit udp 172.16.14.0 0.0.0.255 host 172.16.16.1 eq 161'
Table
ikePolMapTable .1.3.6.1.4.1.9.9.172.1.1.1
The IPSec Phase-1 Internet Key Exchange Tunnel to Policy Mapping Table. There is one entry in this table for each active IPSec Phase-1 Tunnel.
ipSecPolMapTable .1.3.6.1.4.1.9.9.172.1.2.1
The IPSec Phase-2 Tunnel to Policy Mapping Table. There is one entry in this table for each active IPSec Phase-2 Tunnel.
Object Identifier
ciscoIpSecPolMapMIB .1.3.6.1.4.1.9.9.172
The MIB module maps the IPSec entities created dynamically to the policy entities that caused them. This is an appendix to the IPSEC-MONITOR-MIB that has been proposed to IETF for monitoring IPSec based Virtual Private Networks. Overview of Cisco IPsec Policy Map MIB MIB description There are two components to this MIB: #1 a table that maps an IPSec Phase-1 tunnel to the Internet Security Association and Key Exchange (ISAKMP) Policy and #2 a table that maps an IPSec Phase-2 tunnel to the corresponding IPSec Policy element - called 'cryptomaps' - in IOS (Internet Operating System) The first mappin (also called Internet Key Exchange or IKE mapping) yields, given the index of the IKE tunnel in the ikeTunnelTable (IPSEC-MONITOR-MIB), the ISAKMP policy definition defined using the CLI on the managed entity. The IPSec mapping yields, given the index of the IPSec tunnel in the ipSecTunnelTable (IPSEC-MONITOR-MIB), the IPSec transform and the cryptomap definition that gave rise to this tunnel. In implementation and usage, this MIB cannot exist independent of the IPSEC-MONITOR-MIB.
ciscoIpSecPolMapMIBObjects .1.3.6.1.4.1.9.9.172.1
ciscoIpSecPolMapMIBNotifPrefix .1.3.6.1.4.1.9.9.172.2
ciscoIpSecPolMapMIBConformance .1.3.6.1.4.1.9.9.172.3
ipSecPhaseOnePolMap .1.3.6.1.4.1.9.9.172.1.1
ipSecPhaseTwoPolMap .1.3.6.1.4.1.9.9.172.1.2
ipSecPolMapMIBGroups .1.3.6.1.4.1.9.9.172.3.1
ipSecPolMapMIBCompliances .1.3.6.1.4.1.9.9.172.3.2
Group
ipSecPhaseOnePolMapGroup .1.3.6.1.4.1.9.9.172.3.1.1
This group consists of a: 1) IPSec Phase-1 Policy Map Table
ipSecPhaseTwoPolMapGroup .1.3.6.1.4.1.9.9.172.3.1.2
This group consists of a: 1) IPSec Phase-2 Policy Map Table