| cipsTunnelLifetime |
.1.3.6.1.4.1.9.9.431.1.1.1 |
|
The default lifetime (in seconds) assigned
to an IPsec tunnel as a global policy (maybe
overridden in specific cryptomap definitions).
|
| cipsTunnelLifesize |
.1.3.6.1.4.1.9.9.431.1.1.2 |
|
The default lifesize in KBytes assigned to an IPsec
tunnel as a global policy (unless overridden in
cryptomap definition).
|
| cipsTunnelIdleTimeout |
.1.3.6.1.4.1.9.9.431.1.1.3 |
|
The number of seconds of idle time (no activity)
after which an IPsec tunnel (and its parent ISAKMP
SA) is to be deleted. An IPsec tunnel never times out
if a value 0 is specified.
|
| cipsIPsecXformSetEntry |
.1.3.6.1.4.1.9.9.431.1.2.1.1 |
|
Each entry represents a single configured
IPsec transform set.
|
| cipsNumStaticCryptomapSets |
.1.3.6.1.4.1.9.9.431.1.3.1 |
|
This object reflects the number of static cryptomap
sets that are fully configured. Statically defined
cryptomap sets are ones where the operator has fully
specified all the parameters required to set up IPsec
connections.
|
| cipsNumDynamicCryptomapSets |
.1.3.6.1.4.1.9.9.431.1.3.2 |
|
This object reflects the number of dynamic IPsec
policy templates (called dynamic cryptomap
templates) that are fully configured.
|
| cipsNumTEDCryptomapSets |
.1.3.6.1.4.1.9.9.431.1.3.3 |
|
This object reflects the number of static cryptomap
sets that have at least one dynamic cryptomap template
which has the Tunnel Endpoint Discovery (TED) enabled.
|
| cipsStaticCryptomapSetEntry |
.1.3.6.1.4.1.9.9.431.1.4.1.1 |
|
Each entry contains the attributes
associated with a single static cryptomap set.
|
| cipsStaticCryptomapEntry |
.1.3.6.1.4.1.9.9.431.1.4.3.1 |
|
Each entry contains the attributes associated with a
single static (fully specified) cryptomap entry,
identified by its priority.
|
| cipsIPsecCryMapPeerEntry |
.1.3.6.1.4.1.9.9.431.1.4.4.1 |
|
Each entry represents the binding of
an IPsec peer address to the specified
cryptomap.
|
| cipsCryptomapSetIfEntry |
.1.3.6.1.4.1.9.9.431.1.4.5.1 |
|
Each entry lists the association between an interface
and a cryptomap set (static) that is defined
on the managed entity.
|
| cipsIfCryptomapSetInfoEntry |
.1.3.6.1.4.1.9.9.431.1.4.6.1 |
|
Each entry lists the binding between an interface
and a cryptomap set (static) that is defined
on the managed entity.
|
| cipsCntlAllNotifs |
.1.3.6.1.4.1.9.9.431.1.5.1 |
|
This object must be set to 'true' to enable any
notification in addition to the notification-specific
control variables defined below.
A notification <foo> defined in this module is
enabled if and only if the expression
(cipsCntlAllNotifs && cipsCntl<foo>)
evaluates to 'true'.
|
| cipsCntlCryptomapAdded |
.1.3.6.1.4.1.9.9.431.1.5.2 |
|
This variable controls the generation of
ciscoIPsecProvCryptomapAdded notification.
When this variable is set to 'true', a notification
is generated when a static cryptomap is created
in cipsStaticCryptomapTable.
When this variable is set to 'false',
generation of this notification is disabled.
|
| cipsCntlCryptomapDeleted |
.1.3.6.1.4.1.9.9.431.1.5.3 |
|
This variable controls the generation of
ciscoIPsecProvCryptomapDeleted notification.
When this variable is set to 'true', a notification
is generated when a static cryptomap is deleted from
cipsStaticCryptomapTable.
When this variable is set to 'false',
generation of this notification is disabled.
|
| cipsCntlCryptomapSetAttached |
.1.3.6.1.4.1.9.9.431.1.5.4 |
|
This variable controls the generation of
ciscoIPsecProvCryptomapAttached notification.
When this variable is set to 'true', a notification
is generated when a cryptomap set is attached to an
active interface.
When this variable is set to 'false', generation of
this notification is disabled.
|
| cipsCntlCryptomapSetDetached |
.1.3.6.1.4.1.9.9.431.1.5.5 |
|
This variable controls the generation of
ciscoIPsecProvCryptomapDetached notification.
When this variable is set to 'true', a notification
is generated when a cryptomap set is dettached from
an active interface.
When this variable is set to 'false', generation of
this notification is disabled.
|
| cipsXformSetName |
.1.3.6.1.4.1.9.9.431.1.2.1.1.1 |
|
This object contains the name of the transform set
corresponding to this conceptual row.
|
| cipsXformSetId |
.1.3.6.1.4.1.9.9.431.1.2.1.1.2 |
|
This is the sequence number of the transform set that
uniquely identifies the transform set.
Distinct transform sets must have distinct sequence
numbers.
|
| cipsXformSetSuite |
.1.3.6.1.4.1.9.9.431.1.2.1.1.3 |
|
This object represents the suite of Phase-2 security
protocols of this transform set.
|
| cipsXformSetEncryptionXform |
.1.3.6.1.4.1.9.9.431.1.2.1.1.4 |
|
This object represents the transform used for
ESP encryption.
The only values this object may assume are 'xformNONE',
'xformEspNULL', 'xformEspDES', 'xformEsp3DES',
'xformEspAES128', 'xformEspAES192', 'xformEspAES256',
'xformEspAESCtr128', 'xformEspAESCtr192', 'xformEspAESCtr256'
and 'xformEspAESXCbcMac'.
If the value of the corresponding instance of
cipsXformSetSuite is 'suiteIntegAh', 'suiteIntegAhComp'
or 'suiteOther', this object must be set to 'xformNONE'.
|
| cipsXformSetIntegrityXformEsp |
.1.3.6.1.4.1.9.9.431.1.2.1.1.5 |
|
This object represents the transform used to
implement integrity check with ESP protocol.
If the value of the corresponding instance of
cipsXformSetSuite is 'suiteIntegAh', 'suiteIntegAhComp'
or 'suiteOther', this object must be set to 'xformNONE'.
|
| cipsXformSetIntegrityXformAh |
.1.3.6.1.4.1.9.9.431.1.2.1.1.6 |
|
This object represents the transform used to
implement integrity check with AH protocol.
If the value of the corresponding instance of
cipsXformSetSuite is neither 'suiteIntegAh' nor
'suiteIntegAhComp', this object must be set
to 'xformNONE'.
|
| cipsXformSetCompressionXform |
.1.3.6.1.4.1.9.9.431.1.2.1.1.7 |
|
This object represents the transform used to
implement packet compression.
If the value of the corresponding instance of
cipsXformSetSuite is 'suiteConf', 'suiteIntegEsp',
'suiteIntegAh', 'suiteConfAh', 'suiteIntegEspAhS',
'suiteConfIntegEsp', 'suiteConfIntegEspAh' or
'suiteOther', this object must be set to 'xformNONE'.
|
| cipsXformSetMode |
.1.3.6.1.4.1.9.9.431.1.2.1.1.8 |
|
This object represents the encapsulation mode of the
transform set.
|
| cipsXformSetStatus |
.1.3.6.1.4.1.9.9.431.1.2.1.1.9 |
|
This object represents the status of the
transform set entry.
|
| cipsStaticCryptomapSetName |
.1.3.6.1.4.1.9.9.431.1.4.3.1.1 |
|
The index of the static cryptomap table. The value
of the string is the name string assigned by the
NMS when defining a cryptomap set.
|
| cipsStaticCryptomapSetSize |
.1.3.6.1.4.1.9.9.431.1.4.1.1.1 |
|
This object reflects the total number of cryptomap
templates contained in this cryptomap set.
|
| cipsStaticCryptomapSetNumIsakmp |
.1.3.6.1.4.1.9.9.431.1.4.1.1.2 |
|
This object reflects the number of cryptomaps
associated with this cryptomap set that use ISAKMP
protocol to do key exchange.
|
| cipsStaticCryptomapSetNumManual |
.1.3.6.1.4.1.9.9.431.1.4.1.1.3 |
|
This object reflects the number of cryptomaps
associated with this cryptomap set that require the
operator to manually setup the keys and SPIs.
|
| cipsStaticCryptomapSetNumDynamic |
.1.3.6.1.4.1.9.9.431.1.4.1.1.4 |
|
This object reflects the number of dynamic
cryptomap templates linked to this cryptomap set.
|
| cipsStaticCryptomapSetNumTED |
.1.3.6.1.4.1.9.9.431.1.4.1.1.5 |
|
This object reflects the number of dynamic
cryptomap templates linked to this cryptomap set
that have Tunnel Endpoint Discovery (TED) enabled.
|
| cipsStaticCryptomapSetNumSAs |
.1.3.6.1.4.1.9.9.431.1.4.1.1.6 |
|
This object reflects the number of IPsec Security
Associations that are active and were setup using this
cryptomap set.
|
| cipsStaticCryptomapPriority |
.1.3.6.1.4.1.9.9.431.1.4.3.1.2 |
|
The priority of the cryptomap entry in the
cryptomap set. A cryptomap entry with smaller
cipsStaticCryptomapPriority value takes
precedence over the ones with larger values.
|
| cipsStaticCryptomapType |
.1.3.6.1.4.1.9.9.431.1.4.3.1.3 |
|
The type of the cryptomap entry. This can be an ISAKMP
cryptomap or manual. Dynamic cryptomaps are not
counted in this table.
|
| cipsStaticCryptomapDescr |
.1.3.6.1.4.1.9.9.431.1.4.3.1.4 |
|
The description string created by the SNMP agent
while creating this cryptomap. The string generally
identifies a description and the purpose of this
policy.
|
| cipsStaticCryptomapIpFilter |
.1.3.6.1.4.1.9.9.431.1.4.3.1.5 |
|
This object specifies an IP protocol filter,
cippfIpProfileName
(defined in CISCO-IP-PROTOCOL-FILTER-MIB),
to be secured using this cryptomap entry.
When this object has a value of zero-length
string, this object is not valid/applicable.
|
| cipsStaticCryptomapXformSetList |
.1.3.6.1.4.1.9.9.431.1.4.3.1.6 |
|
The list of cipsXformSetId that are members
of this CipsStaticCryptomapEntry.
The value of this object is a concatenation of zero or
more 4-octet strings, where each 4-octet string contains
a 32-bit cipsXformSetId value in network byte order.
A zero length string value means this list has no
members.
|
| cipsStaticCryptomapNumPeers |
.1.3.6.1.4.1.9.9.431.1.4.3.1.7 |
|
This object reflects the number of peers associated
with this cryptomap entry. The other peers listed in
table cipsIPsecCryMapPeerTable are backup peers.
|
| cipsStaticCryotomapNextPIndex |
.1.3.6.1.4.1.9.9.431.1.4.3.1.8 |
|
This object specifies the next available index for object
cipsCryMapPeerIndex which can be used for
creating an entry in cipsIPsecCryMapPeerTable.
|
| cipsStaticCryptomapCurPAddrType |
.1.3.6.1.4.1.9.9.431.1.4.3.1.9 |
|
This object represents the address type of
cipsStaticCryptomapCurPAddr to which this cryptomap
entry is currently connected.
|
| cipsStaticCryptomapCurPAddr |
.1.3.6.1.4.1.9.9.431.1.4.3.1.10 |
|
The IP address of the peer to which this cryptomap
entry is currently connected.
The value of cipsStaticCryptomapCurPAddrType is
'unknown' and this MIB object is a zero-length
string when no tunnels are presently spawned by this
cryptomap entry or when cipsStaticCryptomapAutoPeer is
equal to 'true'.
|
| cipsStaticCryptomapPfs |
.1.3.6.1.4.1.9.9.431.1.4.3.1.11 |
|
This object identifies if the tunnels instantiated
due to this policy item should use Perfect Forward
Secrecy (PFS) and if so, what group of Oakley
they should use.
|
| cipsStaticCryptomapLifetime |
.1.3.6.1.4.1.9.9.431.1.4.3.1.12 |
|
This object specifies the lifetime of the IPsec
Security Associations (SA) created using this IPsec
policy entry.
The default value of this object is the current value
of the object cipsTunnelLifetime. When a value 0
is specified in cipsStaticCryptomapLifetime,
the default value is used as the lifetime.
|
| cipsStaticCryptomapLifesize |
.1.3.6.1.4.1.9.9.431.1.4.3.1.13 |
|
This object identifies the lifesize (maximum traffic
in bytes that may be carried) of the IPSec SAs
created using this IPSec policy entry.
When a Security Association (SA) is created using
this IPsec policy entry, its lifesize takes the value
of this object.
The default value of this object is the current value
of the object cipsTunnelLifesize. When a value 0
is specified in cipsStaticCryptomapLifesize,
the default value is used as the lifesize.
|
| cipsStaticCryptomapLevelHost |
.1.3.6.1.4.1.9.9.431.1.4.3.1.14 |
|
This object specifies the granularity of the
IPSec SAs created using this IPSec policy entry.
If this value is 'true', distinct SA bundles are
created for distinct hosts at the end of
the application traffic.
|
| cipsStaticCryptomapIdleTimeout |
.1.3.6.1.4.1.9.9.431.1.4.3.1.15 |
|
This object specifies the idle time (lack of traffic)
in seconds of a tunnel spawned by this cryptomap after
which the tunnel will be torn down.
The default value of this object is the current value
of cipsTunnelIdleTimeout.
|
| cipsStaticCryptomapAutoPeer |
.1.3.6.1.4.1.9.9.431.1.4.3.1.16 |
|
If 'true' the destination address is taken as the
peer address, while creating the tunnel.
If 'false' the value shown by the object
cipsStaticCryptomapCurPAddr is being used as
the peer address.
|
| cipsStaticCryptomapStatus |
.1.3.6.1.4.1.9.9.431.1.4.3.1.17 |
|
This object identifies the status of the cryptomap
entry represented by this conceptual row.
|
| cipsCryMapPeerIndex |
.1.3.6.1.4.1.9.9.431.1.4.4.1.1 |
|
This arbitrary number represents the index number
in the cryptomap entry of the peer corresponding
to this conceptual row.
This object could have the same value as
cipsStaticCryotomapNextPIndex.
|
| cipsCryMapPeerAddrType |
.1.3.6.1.4.1.9.9.431.1.4.4.1.2 |
|
This object represents the address type of
cipsCryMapPeerAddr.
This object cannot be modified while the corresponding
value of cipsCryMapPeerStatus is equal to
'active'.
|
| cipsCryMapPeerAddr |
.1.3.6.1.4.1.9.9.431.1.4.4.1.3 |
|
This object represents the address of the peer
corresponding to this conceptual row.
This object cannot be modified while the corresponding
value of cipsCryMapPeerStatus is equal to
'active'.
|
| cipsCryMapPeerOrder |
.1.3.6.1.4.1.9.9.431.1.4.4.1.4 |
|
This object represents the order in the cryptomap
entry of the peer corresponding to this
conceptual row.
The peer with the lowest order number is applied
first, that is cipsCryMapPeerOrder '1'.
|
| cipsCryMapPeerStatus |
.1.3.6.1.4.1.9.9.431.1.4.4.1.5 |
|
This object specifies the status column used for
creating and deleting instances of the columnar
objects in the table.
|
| cipsCryptomapSetIfStatus |
.1.3.6.1.4.1.9.9.431.1.4.5.1.1 |
|
This object identifies the status of the binding
of the specified cryptomap set with the specified
interface.
Detaching a cryptomap from an interface:
----------------------------------------
When set to 'destroy', if a cryptomap set is
attached to the interface corresponding to
ifIndex, the cryptomap set is detached from
the interface.
Attaching a cryptomap to an interface:
----------------------------------------
If the value 'createAndGo' is set:
a row in this table can be created only if it identifies
a cryptomap which is represented by an entry in
cipsStaticCryptomapSetTable.
|
| cipsIfStaticCryptomapSetName |
.1.3.6.1.4.1.9.9.431.1.4.6.1.1 |
|
The name of a static cryptomap set which is bound
to this interface. The value of the string is one of
the entries in cipsStaticCryptomapSetTable indexed by
cipsStaticCryptomapSetName.
|
