AD | Application | AWS | Azure | Cloud | Database | Enterprise | Environmental | Event Log | File System | IoT | IT Service | Network/System | Infra | Performance | Protocol | SaaS | Security | Service Level | Storage | Linux | VMware | VoIP | Web | Wireless | SNMP

Crumbtrail

MonitorTools.com » Technical documentation » SNMP » MIB » Cisco » CISCO-IPSEC-TC

CISCO-IPSEC-TC device MIB details by Cisco

CISCO-IPSEC-TC file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing CISCO-IPSEC-TC.


Vendor: Cisco
Mib: CISCO-IPSEC-TC  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2024 [download]    (ships with advanced SNMP/MIB tools)
-- *------------------------------------------------------------------
-- * CISCO-IPSEC-TC:  Cisco IPsec Textual Conventions
-- *
-- * Mar 2004, S Ramakrishnan
-- *
-- * Copyright (c) 2004 by cisco Systems, Inc.
-- * All rights reserved.
-- *------------------------------------------------------------------

CISCO-IPSEC-TC DEFINITIONS ::= BEGIN

   IMPORTS
      MODULE-IDENTITY,
      Unsigned32,                         
      Gauge32                       FROM SNMPv2-SMI
      TEXTUAL-CONVENTION            FROM SNMPv2-TC
      ciscoMgmt                     FROM CISCO-SMI;

   ciscoIPsecTc MODULE-IDENTITY
      LAST-UPDATED "200407220000Z"
      ORGANIZATION "Cisco Systems Inc. and Tivoli Systems Inc."
      CONTACT-INFO
         "           Cisco Systems
                     Customer Service

             Postal: 170 W Tasman Drive
                     San Jose, CA  95134
                     USA

                     Tivoli Systems
                     Research Triangle Park, NC


             Tel:    +1 800 553-NETS
             E-mail: cs-ipsecmib@external.cisco.com
                     bret_harrison@tivoli.com
         "

      DESCRIPTION  
          "
          This MIB module defines the textual conventions 
          used in the IPsec suite of MIBs. This includes 
          Internet DOI numbers defined in RFC 2407, ISAKMP 
          numbers defined in RFC 2408, and IKE numbers 
          defined in RFC 2409.
          "
      REVISION    "200407220000Z"
      DESCRIPTION  
          "
          Initial version of this module.
          "
     ::= { ciscoMgmt 422 }

   -- +++++++++++++++++++++++++++++++++++++++++++++++++++
   -- Definition of Textual Conventions for IPsec MIBs
   -- +++++++++++++++++++++++++++++++++++++++++++++++++++
      CCryptoMD5Hash ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "This type denotes a 128-bit MD5 output string 
             of an input string"
         SYNTAX  OCTET STRING(SIZE(16))

      CIKEIsakmpDoi ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "The Domain of Interpretation of the IKE 
             implementation. This type is used to implement 
             distinctions between the configuration of the 
             IKE implementation for distinct Phase 2 protocols 
             that use IKE.
             
             Description of enum constants of this type:
              isakmpDoiIPsec:
                     Denotes that IPsec protocol is used in Phase-2

              isakmpDoiFcsp:
                     Denotes that FC-SP protocol is used in Phase-2

              isakmpDoiCps:
                     Denotes that Cps protocol is used in Phase-2

              isakmpDoiFcCtAuth:
                     Denotes that Fc-Ct-Auth protocol is used in 
                     Phase-2
             "

         SYNTAX INTEGER {
                   isakmpDoiUnknown(1),
                   isakmpDoiOther(2),
                   isakmpDoiIPsec(3),
                   isakmpDoiFcsp(4),
                   isakmpDoiCps(5),
                   isakmpDoiFcCtAuth(6)
                }

      CIKELifetime ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             This type corresponds to the lifetime of
             ISAKMP security associations.
             
             The unit of information is seconds.
             "
         SYNTAX  Unsigned32(60..86400)

      CIKELifesize ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             This type corresponds to the lifesize of
             a ISAKMP security association in the number 
             of kilobytes of data that has been processed
             by the security association.

             The unit of information is kilobytes.
             "
         SYNTAX  Unsigned32(2560..4294967295)


      CIPsecEncryptionKeySize ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             This type is used by objects that denote the
             size in bits of key of an encryption transform.

             The value of 0 has been allowed to provide for
             'NULL' encryption transforms.
             "
         SYNTAX Unsigned32 (0..65535)


      CIPsecControlProtocol  ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The protocol used for keying and control in 
             IPsec connections. The value of 'cpManual' 
             indicates manual administration of IPsec tunnels. 
             This enumeration will be expanded as new keying 
             protocols are standardized.
 
             The value 'cpAll' does not denote a specific 
             keying protocol; it has been defined only as a 
             convenience to facilitate aggregation of metrics 
             across all control protocols.

             Description of enum constants of this type:
               cpManual:
                     Denotes manual keying (i.e., no signaling).

               cpIkev1:
                     Denotes keying signaling using IKEv1 protocol.

               cpIkev2:
                     Denotes keying signaling using IKEv2 protocol.

               cpKink:
                     Denotes keying signaling using KINK.

               cpPhoturis:
                     Denotes keying signaling using Photuris.
             "

         SYNTAX INTEGER {
                   cpUnknown(1),
                   cpAll(2),
                   cpOther(3),
                   cpManual(4),
                   cpIkev1(5),
                   cpIkev2(6),
                   cpKink(7),
                   cpPhoturis(8)
                }

      CIPsecProtocol  ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             A protocol used for encapsulating the Phase-2 
             tunneled traffic. The enumerations correspond 
             to Authentication Header, Encapsulating Security 
             Payload and IP compression protocols.
 
             The enum constants used in this denote the standard
             IPsec protocols, viz., Authentication Header (AH),
             ESP and IP compression.

             Description of enum constants of this type:
               ipsecProtAh:
                     Denotes IPsec Authentication Header (AH)
                     protocol.

               ipsecProtEsp:
                     Denotes IPsec Encapsulating Security
                     Payload (ESP) protocol.

               ipsecProtIPcomp:
                     Denotes IPsec Packet Compression
                     protocol.

             "
         REFERENCE
          "rfc2402, rfc2406 and rfc2409"

         SYNTAX INTEGER {
                   ipsecProtUnknown(1),
                   ipsecProtAh(2),
                   ipsecProtEsp(3),
                   ipsecProtIPcomp(4)
                }

      CIPsecPhase1PeerIdentityType  ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The type of IPsec Phase-1 peer identity.
             The peer may be identified by one of the ID 
             types defined in IPSEC DOI.


             Description of enum constants of this type:
               idIpv4Addr:
                   IPv4 address

               idFqdn:
                   Fully QUalified Domain Name

               idDn:
                   Represents the binary DER encoding of 
                   the identity.

               idIpv6Addr:
                   IPv6 address
                   
               idUserFqdn:
                   User FQDN (such as an email address).

               idIpv4AddrSubnet:
                   IPv4 subnet specification (comprising
                   a subnet identifier and a subnet mask).

               idIpv6AddrSubnet:
                   IPv6 subnet specification (comprising
                   a subnet identifier and a subnet mask).

               idIpv4AddrRange:
                   A range of IPv4 addresses (comprising
                   a starting address and an ending address)

               idIpv6AddrRange:
                   A range of IPv6 addresses (comprising
                   a starting address and an ending address)

               idDerAsn1Gn:
                   The ASN.1 encoded general number.

               idKeyId:
                   This is the symbolic name (key identifier).

               idWwn:
                   World Wide Number or the encoding of
                   the layer-2 address used by MDS switches.
             "
         REFERENCE
          "rfc2408 and rfc2409"

         SYNTAX INTEGER {
                   idOther(1),
                   idIpv4Addr(2),
                   idFqdn(3),
                   idDn(4),
                   idIpv6Addr(5),
                   idUserFqdn(6),
                   idIpv4AddrSubnet(7),
                   idIpv6AddrSubnet(8),
                   idIpv4AddrRange(9),
                   idIpv6AddrRange(10),
                   idDerAsn1Gn(11),
                   idKeyId(12),
                   idWwn(13)
                }

      CIPsecIkeNegoMode  ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The negotiation mode used by IKE 
             protocol in Phase-1.

             The type enumerates constants to denote the
             two distinct modes of operation of ISAKMP-based
             IPsec signaling in Phase-2, viz., Main Mode 
             (mainMode) and Aggressive Mode (aggressiveMode).
             "
         REFERENCE
          "rfc2408 and rfc2409"

         SYNTAX INTEGER {
                   mainMode(1),
                   aggressiveMode(2)
                }

      CIPsecIkeHashAlgorithm   ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The hash algorithm used in IPsec Phase-1
             IKE negotiations.

             Description of enum constants of this type:
              md5:
                Hash payload using MD5 algorithm.

              sha:
                Hash payload using 96-bit SHA-1 algorithm 
                as defined in FIPS 180-1.

              tiger:
                Hash payload using Tiger hash algorithm.

              sha256:
                Hash payload using 256-bit key SHA-1 algorithm.

              sha384:
                Hash payload using 384-bit key SHA-1 algorithm.

              sha512:
                Hash payload using 512-bit key SHA-1 algorithm.

              aesMac
                Hash payload using AES-XCBC-MAC-96 algorithm.
             "
         REFERENCE
          "rfc2408 and rfc2409"

         SYNTAX INTEGER {
                   none(1),
                   other(2),
                   md5(3),
                   sha(4),
                   tiger(5),
                   sha256(6),
                   sha384(7),
                   sha512(8),
                   aesMac(9)
                }

      CIPsecIkeAuthMethod ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The authentication method used in IPsec 
             Phase-1 IKE negotiations.

             Description of enum constants of this type:
              preSharedKey:
                Peer authentication using pre-shared keys.

              rsaSignature:
                Peer authentication using digital signatures.

              rsaEncryption:
                Peer authentication using encrypted nonces.

              revRsaEncryption:
                Peer authentication using revised RSA encryption.

              dssSignature:
                Peer authentication using DSS signatures.

              elGamalEncryption:
                Peer authentication using El Gamal.

              revElGamalEncryption:
                Peer authentication using revised El Gamal.

              ecdsaSignature:
                Peer authentication using Elliptic Curve Digital 
                Signatures.

              gssApiV1:
                Peer authentication using Generic Security Services 
                API v1.

              gssApiV2:
                Peer authentication using Generic Security Services 
                API v2.
             "
         REFERENCE
          "rfc2408 and rfc2409"

         SYNTAX INTEGER {
                   other(1),
                   preSharedKey(2),
                   rsaSignature(3),
                   rsaEncryption(4),
                   revRsaEncryption(5),
                   dssSignature(6),
                   elGamalEncryption(7),
                   revElGamalEncryption(8),
                   ecsdaSignature(9),
                   gssApiV1(10),
                   gssApiV2(11)
                }

      CIPsecDiffHellmanGrp ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             An indication of whether a Diffie Hellman Group has 
             been specified to be used in negotiations and the
             type of group as follows. 
             
               'notDH'     -- indicates no use of a Diffie Hellman
               'modp768'   -- 768-bit MODP
               'modp1024'  -- 1024-bit MODP
               'modp1536'  -- 1536-bit MODP group
               'ec2nGP155' -- EC2N group on GP[2^155]
               'ec2nGP185' -- EC2N group on GP[2^185]
               'ec2nGF163' -- EC2N group over GF[2^163]
               'ec2nGF283' -- EC2N group over GF[2^283]
               'ec2nGF409' -- EC2N group over GF[2^409]
               'ec2nGF571' -- EC2N group over GF[2^571]
               'modp2048'  -- 2048-bit MODP group

             "
         REFERENCE
          "rfc2408, rfc2409 and rfc3526"

         SYNTAX INTEGER {
                   other(1),
                   notDH(2),
                   modp768(3),
                   modp1024(4),
                   ec2nGP155(5),
                   ec2nGP185(6),
                   modp1536(7),   -- 1536-bit MODP group
                   ec2nGF163(8),
                   ec2nGF283(9),
                   ec2nGF409(10),
                   ec2nGF571(11),
                   modp2048(12)
                }

      CIPsecEncapMode  ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The encapsulation mode used by an IPsec Phase-2
             Tunnel.

             The type enumerates values to denote the two modes 
             of encapsulation of payload used by IPsec, viz.,
             transport mode (encapTunnel) and tunnel mode
             (encapTransport).
             "
         REFERENCE
          "rfc2408 and rfc2409"

         SYNTAX INTEGER{
                  encapTunnel(1),
                  encapTransport(2)
                }

      CIPsecTransform  ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The transform to be used by an IPsec Phase-2 
             protocol (ESP or AH or IPCP).

             Description of enum constants of this type:
               xformAhRFC1829:
                 Authentication Header per RFC1829
    
               xformAhMD5:
                 Authentication Header using MD5

               xformAhSHA1:
                 Authentication Header using SHA1

               xformEspNULL:
                 ESP with NULL encryption.

               xformEspDES:
                 ESP with DES encryption.

               xformEsp3DES:
                 ESP with 3DES encryption.

               xformEspAES128:
                 ESP with AES encryption using CBC mode (128-bit key).

               xformEspAES192:
                 ESP with AES encryption using CBC mode (192-bit key).

               xformEspAES256:
                 ESP with AES encryption using CBC mode (256-bit key).

               xformEspMD5:
                 ESP with MD5 hash.

               xformEspSHA1:
                 ESP with SHA-1 hash.

               xformCompLZS:
                 IP compression using LZS.
                 
               xformEspRc5:
                 Payload encryption using RC5. 
                  
               xformEspIdea:
                 Payload encryption using International 
                 Data Encryption Algorithm.
                 
               xformEspCast:
                 Payload encryption using CAST.
               
               xformEspTwofish:
                 Payload encryption using TwoFish.
                 
               xformEspBlowfish:
                 Payload encryption using BlowFish.

               xformEsp3idea:
                 Payload encryption using International 
                 Data Encryption Algorithm.
 
               xformEspRc4:
                 Payload encryption using RC4.
                  
               xformEspDesMac:
                  ESP with DES MAC hash.
                    
               xformEspHmacSha256:
                  ESP with HMAC SHA-1 hash (256-bit key).
               
               xformEspHmacSha384:
                  ESP with HMAC SHA-1 has (384-bit key).
                  
               xformEspHmacSha512:
                  ESP with HMAC SHA-1 has (512-bit key).
                  
               xformEspRipemd:
                  ESP with RIPEMD cryptographic hash.
                   
               xformAHDesMac:
                  AH with DES MAC hash.
                  
               xformAHHmacSha256:
                  AH with HMAC SHA-1 hash (256-bit key).
                  
               xformAHHmacSha384:
                  AH with HMAC SHA-1 hash (384-bit key).
                  
               xformAHHmacSha512:
                  AH with HMAC SHA-1 hash (512-bit key).
                  
               xformAHRipemd:
                  AH with RIPEMD cryptographic hash. 

               xformEspAESXCbcMac:
                 ESP with AES XCBC MAC authentication.

               xformAHAESXCbcMac:
                 AH with AES XCBC MAC authentication.
             "
         REFERENCE
          "rfc2408 and rfc2409"

         SYNTAX INTEGER{
                  xformNONE(1),
                  xformOTHER(2),
                  xformAhRFC1829(3),
                  xformAhMD5(4),
                  xformAhSHA1(5),
                  xformEspNULL(6),
                  xformEspDES(7),
                  xformEsp3DES(8),
                  xformEspAES128(9),
                  xformEspAES192(10),
                  xformEspAES256(11),
                  xformEspMD5(12),
                  xformEspSHA1(13),
                  xformCompLZS(14),
                  xformEspAESCtr128(15),
                  xformEspAESCtr192(16),
                  xformEspAESCtr256(17),
                  xformEspRc5(18),
                  xformEspIdea(19),
                  xformEspCast(20),
                  xformEspTwofish(21),
                  xformEspBlowfish(22),
                  xformEsp3idea(23),
                  xformEspRc4(24),
                  xformEspDesMac(25),
                  xformEspHmacSha256(26),
                  xformEspHmacSha384(27),
                  xformEspHmacSha512(28),
                  xformEspRipemd(29),
                  xformAHDesMac(30),
                  xformAHHmacSha256(31),
                  xformAHHmacSha384(32),
                  xformAHHmacSha512(33),
                  xformAHRipemd(34),
                  xformEspAESXCbcMac(35),
                  xformAHAESXCbcMac(36)
                }

      CIPsecSecuritySuite  ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The combination of IPsec Phase-2 protocols.

             suiteConfEsp:
                 Confidentiality using ESP.

             suiteIntegEsp:
                 Confidentiality and Integrity check 
                 using ESP.

             suiteIntegAh:
                 Integrity check with AH.

             suiteConfComp:
                 Confidentiality using ESP;
                 Packet compression.
 
             suiteIntegEspComp:
                 Packet Integrity using ESP;
                 Packet compression.

             suiteIntegAhComp:
                 Packet Integrity using AH;
                 Packet compression.

             suiteConfAh:
                 Confidentiality using ESP; 
                 Packet Integrity using AH.

             suiteConfAhComp:
                 Confidentiality using ESP; 
                 Packet Integrity using AH;
                 Packet compression.

             suiteIntegEspAh:
                 Packet Integrity using ESP and AH.

             suiteIntegEspAhComp:
                 Packet Integrity using ESP and AH;
                 Packet compression.

             suiteConfIntegEsp:
                 Confidentiality and Packet Integrity 
                 using ESP.

             suiteConfIntegEspComp:
                 Confidentiality and Packet Integrity 
                 using ESP;
                 Packet compression.

             suiteConfIntegEspAh:
                 Confidentiality using ESP;
                 Packet Integrity using ESP and AH.

             suiteConfIntegEspAhComp:
                 Confidentiality using ESP;
                 Packet Integrity using ESP and AH;
                 Packet compression.

             suiteOther:
                 A suite that does not fit any of the
                 above definitions.
             "
         REFERENCE
          "rfc2408 and rfc2409"

         SYNTAX INTEGER{
                  suiteOther(1),
                  suiteConfEsp(2),
                  suiteIntegEsp(3),
                  suiteIntegAh(4),
                  suiteConfComp(5),
                  suiteIntegEspComp(6),
                  suiteIntegAhComp(7),
                  suiteConfAh(8),
                  suiteConfAhComp(9),
                  suiteIntegEspAh(10),
                  suiteIntegEspAhComp(11),
                  suiteConfIntegEsp(12),
                  suiteConfIntegEspComp(13),
                  suiteConfIntegEspAh(14),
                  suiteConfIntegEspAhComp(15)
                }


      CIPsecNATTraversalMode ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The encapsulation mode used to implement NAT 
             traversal.

             Both 'EncapMode' and 'NATTraversalMode' are 
             attributes of a Phase-2 IPsec tunnel. Value of 
             an object of this type is constrained based on 
             the value of its tunnel encapsulation mode: if 
             the tunnel encapsulation mode is 'encapTransport', 
             then the value of this attribute may be one of 
             'natEncapNone' or 'natEncapNATT'.

             Description of enum constants of this type:
               natEncapIPsecOverUdp:
                 IPsec encapsulation over UDP.

               natEncapIPsecOverTcp:
                 IPsec encapsulation over TCP.

               natEncapNATT:
                 IPsec encapsulation over NAT-T protocol.
             "

         SYNTAX INTEGER{
                  natEncapNone(1),
                  natEncapOther(2),
                  natEncapIPsecOverUdp(3),
                  natEncapIPsecOverTcp(4),
                  natEncapNATT(5)
                }


      CIPsecEncryptAlgorithm   ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
              The encryption algorithm used in negotiations.
              Since payload encryption is done by the ESP 
              protocol, these enums are prefixed with 'esp'.

              Description of enum constants of this type:
               espDes:
                Payload encryption using 56-bit key DES.

               esp3des:
                Payload encryption using 168-bit 3DES.

               espRc5:
                Payload encryption using RC5.

               espIdea:
                Payload encryption using International 
                Data Encryption Algorithm.

               espCast:
                Payload encryption using CAST.

               espTwofish:
                Payload encryption using TwoFish.

               espBlowfish:
                Payload encryption using BlowFish.

               esp3idea:
                Payload encryption using International 
                Data Encryption Algorithm.

               espRc4:
                Payload encryption using RC4.

               espNull:
                NULL Payload encryption.

               espAes128:
               espAes192:
               espAes256:
                Payload encryption using AES CBC mode and keysizes of
                128, 192 and 256 bit keys.
                
               espAesCtr128:
               espAesCtr192:
               espAesCtr256:
                Payload encryption using AES CTR mode and keysizes of
                128, 192 and 256 bit keys.  
               
             "

         SYNTAX INTEGER {
                   none(1),
                   other(2),
                   espDes(3),
                   esp3des(4),
                   espRc5(5),
                   espIdea(6),
                   espCast(7),
                   espTwofish(8),
                   espBlowfish(9),
                   esp3idea(10),
                   espRc4(11),
                   espNull(12),
                   espAes128(13),
                   espAes192(14),
                   espAes256(15),
                   espAesCtr128(16),
                   espAesCtr192(17),
                   espAesCtr256(18)
                }


      CIPsecSpi  ::= TEXTUAL-CONVENTION
         DISPLAY-HINT "x"
         STATUS     current
         DESCRIPTION
             "
             The type of the SPI (Security Parameter Index)
             associated with IPsec Phase-2 security associations.
             "
         SYNTAX Unsigned32 (256..4294967295)


      CIPsecAuthAlgorithm      ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The authentication algorithm used by a
             security association of an IPsec Phase-2 
             Tunnel.

             Description of enum constants of this type:
               hmacMd5:
                 Hash validation using HMAC MD5.

               hmacSha:
                 Hash validation using HMAC SHA-1.

               desMac:
                 Hash validation using DES as MAC.

               hmacSha256:
                 Hash validation using 256-bit SHA-1.

               hmacSha384:
                 Hash validation using 384-bit SHA-1.

               hmacSha512:
                 Hash validation using 512-bit SHA-1.

               ripemd:
                 Hash validation using RIPEMD 
                 cryptographic hash function.
             "
         SYNTAX INTEGER{
                   none(1),
                   other(2),
                   hmacMd5(3),
                   hmacSha(4),
                   desMac(5),
                   hmacSha256(6),
                   hmacSha384(7),
                   hmacSha512(8),
                   ripemd(9)
                }

      CIPsecCompAlgorithm      ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The compression algorithm used by a
             security association of an IPsec Phase-2 
             Tunnel.

             Description of enum constants of this type:
               compOui:
                 IP payload compression using a proprietary
                 algorithm identified using an Organization
                 Unique Identifier (OUI).

               compDeflate:
                 IP payload compression using deflate algorithm.

               compLzs:
                 IP payload compression using LZS algorithm.

               compLzjh:
                 IP payload compression using LZJH algorithm.
             "
         SYNTAX INTEGER{
                   none(1),
                   other(2),
                   compOui(3),
                   compDeflate(4),
                   compLzs(5),
                   compLzjh(6)
                }

      CIPsecEndPtType     ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The type of identity use to specify an IPsec 
             End Point.
      
             For a description of the enum values, please refer
             to the description of type 
             'CIPsecPhase1PeerIdentityType'.
             "
         SYNTAX INTEGER {
                   other(1),
                   idIpv4Addr(2),
                   idIpv4AddrRange(3),
                   idIpv4AddrSubnet(4),
                   idFqdn(5),
                   idUserFqdn(6),
                   idIpv6Addr(7),
                   idIpv6AddrRange(8),
                   idIpv6AddrSubnet(9),
                   idDerAsn1Dn(10),
                   idDerAsn1Gn(11),
                   idKeyId(12)
                }

      
      CIPsecPhase2SaDirection ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             Phase-2 IPsec security associations are simplex. 
             This textual convention is used as the type of 
             attribute(s) of a Phase-2 security association.

             Description of enum constants of this type:
              saDirectionIn:
                 The IPsec security association is used to
                 process incoming traffic.

              saDirectionOut:
                 The IPsec security association is used to
                 process outgoing traffic.
             "

         REFERENCE
          "rfc2409"
         SYNTAX INTEGER {
                saDirectionUnknown(1),
                saDirectionIn(2),
                saDirectionOut(3)
             }


      CIPsecPhase1TunnelIndex ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The index of the IPsec Phase-1 (IKE) Tunnel 
             Table. An index of this type is a number which 
             begins at 1 and is incremented with each tunnel 
             that is created.  The value of this object will 
             wrap at 2,147,483,647.
             "
         SYNTAX Unsigned32 (1..2147483647)


      CIPsecPhase1TunnelIndexOrZero ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             This type defines a range of values for index of 
             the IPsec Phase-1 (IKE) Tunnel Table, including
             the invalid index '0'. An object of this type
             is used to implement a soft reference to an IKE
             tunnel. The value of zero is used to denote the
             fact that the reference points to a non-existent
             IKE tunnel.
             "
         SYNTAX Unsigned32 (0..2147483647)


      CIPsecPhase2TunnelIndex ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The type of the index of the IPsec Phase-2 Tunnel 
             Table. An index of this type is a number which
             begins at one and is incremented with each tunnel 
             that is created. The value of this object will 
             wrap at 2,147,483,647.
             "
         SYNTAX Unsigned32 (1..2147483647)


      CIPsecPmtu ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
             "
             The type of the Path MTU (Maximum Transmission 
             Unit) of an IPsec Phase-2 Tunnel.
             "
         SYNTAX Unsigned32 (68..1500)


      CIPsecLifetime ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             This type corresponds to the lifetime in
             seconds of IPsec Phase-2 security associations.
             "
         SYNTAX Unsigned32 (0|120..86400)

      CIPsecLifesize ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             This type corresponds to the life-size of
             a Phase-2 security association in the number 
             of kilobytes of data that has been processed
             by the security association.
             "
         SYNTAX  Unsigned32(0|2560..4294967295)

      CIPsecTunnelIdleTime ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             This type corresponds to the time interval
             specified in seconds during which no traffic
             has been processed by a Phase-2 security
             association.
             "
         SYNTAX Unsigned32 (0|60..86400)

      CIPsecNumCryptoMaps ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
              "
              Integral units representing count of 
              cryptomaps.
              "
         SYNTAX  Gauge32(0..2147483647)

      CIPsecTunnelStatus  ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
             "
             This type represents the status of an IPsec 
             Phase-1 or Phase-2 Tunnel. Objects of this type 
             may be used to bring down the tunnel they represent 
             by setting value of the object to destroy(5). 
             Objects of this type cannot be used to create 
             a tunnel.

             Description of enum constants of this type:
              initializePhase1:
                The tunnel is initializing Phase 1 operations 
                (applies only to IKE tunnels).

              awaitXauth:
                The tunnel has concluded peer authentication
                successfully and is awaiting the completion of
                extended Authentication (applies only to IKE 
                tunnels).

              awaitCommit:
                The tunnel has concluded initialization and
                is awaiting a signal (commit bit) from the peer 
                to start operations.

              active:
                The tunnel is active.

              destroy:
                This value is used in SNMP SET operations to
                tear down the specified tunnel.

              rekey:
                This value is used in SNMP SET operations to
                force a rekeying.
             "
        SYNTAX INTEGER {
             initializePhase1(1),
             awaitXauth(2),  
             awaitCommit(3), 
             active(4),      
             destroy(5),
             rekey(6)
      }


      CIPsecCryptomapType ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
             "
             The type of a cryptomap entry. Cryptomap 
             is a unit of IOS IPSec policy specification.

             Description of enum constants of this type:
                cryptomapTypeMANUAL:
                  The cryptomap entry uses manual keying.

                cryptomapTypeISAKMP:
                  The cryptomap entry uses IKE protocol
                  for keying.

                cryptomapTypeDYNAMIC:
                  The cryptomap entry is dynamically instantiated.

                cryptomapTypeDYNAMICDISCOVERY:
                  The cryptomap entry is dynamically instantiated
                  and uses tunnel endpoint discovery to identify 
                  the peer during tunnel setup.
             "
        SYNTAX INTEGER {
                cryptomapTypeNONE(1),
                cryptomapTypeMANUAL(2),
                cryptomapTypeISAKMP(3),
                cryptomapTypeCET(4),
                cryptomapTypeDYNAMIC(5),
                cryptomapTypeDYNAMICDISCOVERY(6)
             }


      CIPsecCryptomapSetBindStatus  ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
             "
             The status of the binding of a cryptomap set to 
             the specified interface. The value when queried 
             is always 'attached'. When set to 'detached', the 
             cryptomap set if detached from the specified 
             interface. Setting the value to 'attached' will 
             result in SNMP General Error.

             Description of enum constants of this type:
                attached:
                  The cryptomap set is attached to an interface.

                detached:
                  The cryptomap set is not attached to any interface.
             "
        SYNTAX INTEGER {
                unknown(1),
                attached(2),
                detached(3)
             }
             
      CIPsecIkePRFAlgorithm ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "
             The Pseudo Random Function algorithm used in
             IPsec Phase-1 IKEv2 negotiations.

             Description of enum constants of this type:
               prfHmacMd5:
                 HMAC version of MDS.
               
               prfHmacSha1:
                 HMAC version of SHA-1 algorithm
             "
         SYNTAX INTEGER{
                   none(1),
                   other(2),
                   prfHmacMd5(3),
                   prfHmacSha1(4)
                 }

END