RC-IKE-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32 FROM SNMPv2-SMI DisplayString, TruthValue, RowStatus FROM SNMPv2-TC InterfaceIndex, InterfaceIndexOrZero FROM IF-MIB rcIke, EnableValue FROM RAPID-CITY InetAddressType, InetAddress FROM INET-ADDRESS-MIB; rcIkeMib MODULE-IDENTITY LAST-UPDATED "201710200000Z" ORGANIZATION "Avaya" CONTACT-INFO "Prem Palarapu Postal: Avaya 600 Technology Park Billerica, MA 01821 email: prempa@avaya.com " DESCRIPTION "Enterprise MIB for the IKE mibs." REVISION "201710200000Z" -- 20 October 2017 DESCRIPTION "Version 16: Changed rcIkePolicyLocalIfIndex data type." REVISION "201709120000Z" -- 12 September 2017 DESCRIPTION "Version 15: Added digitalCertificate(5) to rcIkeActiveSAAuthenticationMethod. Corrected description for rcIkePolicyAuthenticationMethod and rcIkeActiveSAAuthenticationMethod to reflect implementation." REVISION "201702150000Z" -- 15 Feb 2017 DESCRIPTION "Version 14: Corrected MIB compiler errors." REVISION "201611180000Z" -- 18 November 2016 DESCRIPTION "Version 13: Modified default value to keylen-256 for rcIkeV2ProfileEncryptKeyLen. Modified sha256(5) for rcIkeV2SAHashAlgorithm. Modified desCbc(1) to desCbc(2), tripleDesCbc(2) to tripleDesCbc(3), aesCbc(3) to aesCbc(12) for rcIkeV2SAEncryptionAlgorithm. Modified modp2048(3) to modp2048(14) for rcIkeV2SADHGroup. Modified sha256(3) to sha256(12), aes-xcbc(4) to aes-xcbc(5) for rcIkeV2SAIntegrityAlgorithm. Requested by Anjana Krishnankutty (shchang)" REVISION "201610060000Z" -- 6 October 2016 DESCRIPTION "Version 12: Added rcIkePolicyPeerName. Requested by Hariprasad Rajendran (prempa)" REVISION "201609200000Z" -- 20 September 2016 DESCRIPTION "Version 11: Changed the MAX-ACCESS of rcIkeActiveSAId from read-only to not-accessible (prempa)" REVISION "201609200000Z" -- 20 September 2016 DESCRIPTION "Version 10: Added rcIkeV2ProfileTable, rcIkePolicyProfileVersion and rcIkeV2SATable. Requested by Anjana Krishnankutty (prempa)" REVISION "201608100000Z" -- 10 August 2016 DESCRIPTION "Version 9: Changed the order of crl and ocsp in rcIkePolicyRevocationCheckMethod Based on how it was added in submit 29882 (prempa)" REVISION "201608050000Z" -- 5 August 2016 DESCRIPTION "Version 8: Added rcIkeActiveSATable Requested by Priyotosh Mondal (prempa)" REVISION "201607290000Z" -- 29 July 2016 DESCRIPTION "Version 7: Added rcIkePolicyRevocationCheckMethod Requested by Shreesh Patil (prempa)" REVISION "201606270000Z" -- 27 June 2016 DESCRIPTION "Version 6: Added digitalCertificate (5) to rcIkePolicyAuthenticationMethod Requested by Anjana Krishnankutty (prempa)" REVISION "201605060000Z" -- 06 May 2016 DESCRIPTION "Version 5: Added aesCbc256(8) to rcIkeSAEncryptionAlgorithm. Added aesCbc256(8) rcIkeProfileEncryptionAlgorithm" REVISION "201201090000Z" -- 09 Jan 2012 DESCRIPTION "Version 4: Fxied the MIB module rcIkeMib" REVISION "201106290000Z" -- 29 June 2011 DESCRIPTION "Version 3: Modified the syntax for rcIkePolicyLocalAddr (from OCTET STRING to InetAddress), rcIkePolicyLocalAddrType (from INTEGER to InetAddressType), rcIkePolicyRemoteAddr (from OCTET STRING to InetAddress), rcIkePolicyRemoteAddrType (from INTEGER to InetAddressType), rcIkeSALocalAddr (from OCTET STRING to InetAddress), rcIkeSALocalAddrType(from INTEGER to InetAddressType), rcIkeSARemoteAddr (from OCTET STRING to InetAddress), rcIkeSARemoteAddrType (from INTEGER to InetAddressType). Added rcIkePolicyLocalAddrType and rcIkePolicyRemoteAddrType as part of index to the rcIkePolicyTable. Added rcIkeSALocalAddrType and rcIkeSARemoteAddrType as part of index to the rcIkeSATable" REVISION "201105270000Z" -- 27 May 2011 DESCRIPTION "Version 2: Removed rcIkeSARemainingLifetimeSeconds" REVISION "201105260000Z" -- 26 May 2011 DESCRIPTION "Version 1: Generate File, Add rcIkeProfileTable, rcIkePolicyTable and rcIkeSATable under rcIke." ::= { rcIke 0 } -- -- IKE Profile Table -- rcIkeProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF RcIkeProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a list of profiles consisting of algorithms and other configuration that can be used during an IKE Phase 1 connection." ::= { rcIke 1 } rcIkeProfileEntry OBJECT-TYPE SYNTAX RcIkeProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing configuration information for authentication algorithms, encryption algorithms, Diffie-Helman group, exchange-mode and lifetime-seconds to be used for a Phase 1 negotiation." INDEX { rcIkeProfileName } ::= { rcIkeProfileTable 1 } RcIkeProfileEntry ::= SEQUENCE { rcIkeProfileName DisplayString, rcIkeProfileHashAlgorithm INTEGER, rcIkeProfileEncryptionAlgorithm INTEGER, rcIkeProfileEncryptKeyLen INTEGER, rcIkeProfileDHGroup INTEGER, rcIkeProfileExchangeMode INTEGER, rcIkeProfileLifetimeSeconds Unsigned32, rcIkeProfileRowStatus RowStatus } rcIkeProfileName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object contains the name of this Profile." ::= { rcIkeProfileEntry 1 } rcIkeProfileHashAlgorithm OBJECT-TYPE SYNTAX INTEGER { md5(1), sha(2), sha256(4), any(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the hash algorithms that can be used during IKE Phase 1 SA negotiation." DEFVAL { sha256 } ::= { rcIkeProfileEntry 2 } rcIkeProfileEncryptionAlgorithm OBJECT-TYPE SYNTAX INTEGER { desCbc(1), tripleDesCbc(5), aesCbc(7), aesCbc256(8), any(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the encryption algorithms that can be used during IKE Phase 1 SA negotiation." DEFVAL { aesCbc } ::= { rcIkeProfileEntry 3 } rcIkeProfileEncryptKeyLen OBJECT-TYPE SYNTAX INTEGER (128|192|256) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the key length that should be be used during IKE Phase 1 SA negotiation." DEFVAL { 128 } ::= { rcIkeProfileEntry 4 } rcIkeProfileDHGroup OBJECT-TYPE SYNTAX INTEGER { modp768(1), modp1024(2), modp2048(14), any(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the Diffie-Hellman groups that can be used during IKE Phase 1 SA negotiation." DEFVAL { modp1024 } ::= { rcIkeProfileEntry 5 } rcIkeProfileExchangeMode OBJECT-TYPE SYNTAX INTEGER { main(1), aggressive(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IKE Phase 1 negotiation mode. Only main mode is supported for this release." DEFVAL { main } ::= { rcIkeProfileEntry 6 } rcIkeProfileLifetimeSeconds OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the amount of time to propose an IKE Phase 1 SA remain valid during IKE Phase 1 negotiation. A value of 0 means no expiration." DEFVAL { 86400 } ::= { rcIkeProfileEntry 7 } rcIkeProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create or delete entries in this table." ::= { rcIkeProfileEntry 8 } -- -- IKE Policy Table -- rcIkePolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF RcIkePolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a list of IKE Phase 1 policy entries." ::= { rcIke 2 } rcIkePolicyEntry OBJECT-TYPE SYNTAX RcIkePolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." INDEX { rcIkePolicyLocalIfIndex, rcIkePolicyLocalAddrType, rcIkePolicyLocalAddr, rcIkePolicyRemoteAddrType, rcIkePolicyRemoteAddr } ::= { rcIkePolicyTable 1 } RcIkePolicyEntry ::= SEQUENCE { rcIkePolicyLocalIfIndex InterfaceIndexOrZero, rcIkePolicyLocalAddrType InetAddressType, rcIkePolicyLocalAddr InetAddress, rcIkePolicyRemoteAddrType InetAddressType, rcIkePolicyRemoteAddr InetAddress, rcIkePolicyName DisplayString, rcIkePolicyProfileName DisplayString, rcIkePolicyAuthenticationMethod INTEGER, rcIkePolicyPSKValue DisplayString, rcIkePolicyDPDTimeout Unsigned32, rcIkePolicyP2PFS EnableValue, rcIkePolicyP2PfsUseIkeGroup EnableValue, rcIkePolicyP2PfsDHGroup INTEGER, rcIkePolicyAdminState EnableValue, rcIkePolicyOperStatus INTEGER, rcIkePolicyRowStatus RowStatus, rcIkePolicyRevocationCheckMethod INTEGER, rcIkePolicyProfileVersion INTEGER, rcIkePolicyPeerName DisplayString } rcIkePolicyLocalIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the Interface Index of the local address. Only port and vlan if-index are supported for this release. When the value zero is specified on a SET, rcIkePolicyLocalIfIndex will be obtained from an existing interface linked to rcIkePolicyLocalAddr, if available." ::= { rcIkePolicyEntry 1 } rcIkePolicyLocalAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the type of address field in the rcIkePolicyLocalAddr. Only IPv6 address types are supported for this release." ::= { rcIkePolicyEntry 2 } rcIkePolicyLocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the string representation of the local peer ID. The type of value configured for this object is specified by the rcIkePolicyLocalAddrType." ::= { rcIkePolicyEntry 3 } rcIkePolicyRemoteAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the type of address field in the rcIkePolicyRemoteAddr. Only IPv6 address types are supported for this release." ::= { rcIkePolicyEntry 4 } rcIkePolicyRemoteAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the string representation of the remote peer ID. The type of value configured for this object is specified by the rcIkePolicyRemoteAddrType." ::= { rcIkePolicyEntry 5 } rcIkePolicyName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the name given to the policy. The name should be assigned during creation of the policy. Changing the name after the policy is created is not allowed." ::= { rcIkePolicyEntry 6 } rcIkePolicyProfileName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the name of the profile (rcIkeProfileName) that should be used for this policy." ::= { rcIkePolicyEntry 7 } rcIkePolicyAuthenticationMethod OBJECT-TYPE SYNTAX INTEGER { preSharedKey(1), dssSignatures(2), rsaSignatures(3), encryptionWithRsa(4), digitalCertificate(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the proposed authentication method for the phase 1 security association." DEFVAL { preSharedKey } ::= { rcIkePolicyEntry 8 } rcIkePolicyPSKValue OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the value of the Pre-Shared Key if the authentication method is set to PSK." ::= { rcIkePolicyEntry 9 } rcIkePolicyDPDTimeout OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the Dead Peer Detection timeout in seconds." DEFVAL { 300 } ::= { rcIkePolicyEntry 10 } rcIkePolicyP2PFS OBJECT-TYPE SYNTAX EnableValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies whether or not perfect forward secrecy is used when refreshing keys. Enable indicates that PFS SHOULD be used." DEFVAL { disable } ::= { rcIkePolicyEntry 11 } rcIkePolicyP2PfsUseIkeGroup OBJECT-TYPE SYNTAX EnableValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies whether or not to use the same GroupId (Diffie-Hellman Group) for phase 2 as was used in phase 1. If P2PFS is disabled, this entry SHOULD be ignored." DEFVAL { enable } ::= { rcIkePolicyEntry 12 } rcIkePolicyP2PfsDHGroup OBJECT-TYPE SYNTAX INTEGER { modp768(1), modp1024(2), modp2048(14), any(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the Diffie-Hellman group to use for phase 2 when the object rcIkePolicyP2PFS is enabled and the object rcIkePolicyP2PfsUseIkeGroup is disabled." DEFVAL { modp1024 } ::= { rcIkePolicyEntry 13 } rcIkePolicyAdminState OBJECT-TYPE SYNTAX EnableValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies whether the policy is administratively enabled or disabled." DEFVAL { disable } ::= { rcIkePolicyEntry 14 } rcIkePolicyOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies whether the policy is operationally up or down." ::= { rcIkePolicyEntry 15 } rcIkePolicyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create or delete entries in this table." ::= { rcIkePolicyEntry 16 } rcIkePolicyRevocationCheckMethod OBJECT-TYPE SYNTAX INTEGER { crl(1), ocsp(2), none(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the proposed revocation-check method for digital-certificate type authentication-method." DEFVAL { crl } ::= { rcIkePolicyEntry 17 } rcIkePolicyProfileVersion OBJECT-TYPE SYNTAX INTEGER { v1(1), v2(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object maps to the version of ike profile selected. Default value of this object is version 1 (v1)" DEFVAL {v1} ::= { rcIkePolicyEntry 18 } rcIkePolicyPeerName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the value of the Peer name if the authentication method is set to digital certificate." ::= { rcIkePolicyEntry 19 } -- -- IKE Phase I SA Table -- rcIkeSATable OBJECT-TYPE SYNTAX SEQUENCE OF RcIkeSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a list of IKE Phase 1 Security Association entries." ::= { rcIke 3 } rcIkeSAEntry OBJECT-TYPE SYNTAX RcIkeSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." INDEX { rcIkeSALocalIfIndex, rcIkeSALocalAddrType, rcIkeSALocalAddr, rcIkeSARemoteAddrType, rcIkeSARemoteAddr } ::= { rcIkeSATable 1 } RcIkeSAEntry ::= SEQUENCE { rcIkeSALocalIfIndex InterfaceIndex, rcIkeSALocalAddrType InetAddressType, rcIkeSALocalAddr InetAddress, rcIkeSARemoteAddrType InetAddressType, rcIkeSARemoteAddr InetAddress, rcIkeSAName DisplayString, rcIkeSAAuthenticationMethod INTEGER, rcIkeSADPDTimeout Unsigned32, rcIkeSAHashAlgorithm INTEGER, rcIkeSAEncryptionAlgorithm INTEGER, rcIkeSAEncryptKeyLen INTEGER, rcIkeSADHGroup INTEGER, rcIkeSAExchangeMode INTEGER, rcIkeSALifetimeSeconds Unsigned32, rcIkeSAStatus INTEGER } rcIkeSALocalIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the interface index of the local address. Only port and vlan if-index are supported for this release." ::= { rcIkeSAEntry 1 } rcIkeSALocalAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the type of address field in the rcIkeSALocalAddr. Only IPv6 address types are supported for this release." ::= { rcIkeSAEntry 2 } rcIkeSALocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the string representation of the local peer ID. The type of value configured for this object is specified by the rcIkeSALocalAddrType." ::= { rcIkeSAEntry 3 } rcIkeSARemoteAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the type of address field in the rcIkeSARemoteAddr. Only IPv6 address types are supported for this release." ::= { rcIkeSAEntry 4 } rcIkeSARemoteAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the string representation of the remote peer ID. The type of value configured for this object is specified by the rcIkeSARemoteAddrType." ::= { rcIkeSAEntry 5 } rcIkeSAName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the name for the SA." ::= { rcIkeSAEntry 6 } rcIkeSAAuthenticationMethod OBJECT-TYPE SYNTAX INTEGER { preSharedKey(1), dssSignatures(2), rsaSignatures(3), encryptionWithRsa(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the proposed authentication method for the phase 1 security association. Only the Pre-Shared Key authentication method is supported in this release." DEFVAL { preSharedKey } ::= { rcIkeSAEntry 7 } rcIkeSADPDTimeout OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Dead Peer Detection timeout in seconds." ::= { rcIkeSAEntry 8 } rcIkeSAHashAlgorithm OBJECT-TYPE SYNTAX INTEGER { md5(1), sha(2), sha256(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the hash algorithm negotiated for this IKE Phase 1 SA." ::= { rcIkeSAEntry 9 } rcIkeSAEncryptionAlgorithm OBJECT-TYPE SYNTAX INTEGER { desCbc(1), tripleDesCbc(5), aesCbc(7), aesCbc256(8) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the encryption algorithm negotiated for this IKE Phase 1 SA." ::= { rcIkeSAEntry 10 } rcIkeSAEncryptKeyLen OBJECT-TYPE SYNTAX INTEGER (128|192|256) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the encryption key length negotiated for this IKE Phase 1 SA." ::= { rcIkeSAEntry 11 } rcIkeSADHGroup OBJECT-TYPE SYNTAX INTEGER { modp768(1), modp1024(2), modp2048(14) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Diffie-Hellman group negotiated for this IKE Phase 1 SA." ::= { rcIkeSAEntry 12 } rcIkeSAExchangeMode OBJECT-TYPE SYNTAX INTEGER { main(1), aggressive(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the IKE Phase 1 SA mode." ::= { rcIkeSAEntry 13 } rcIkeSALifetimeSeconds OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the amount of time to propose an IKE Phase 1 SA remain valid during IKE Phase 1 negotiation. A value of 0 means no expiration." ::= { rcIkeSAEntry 14 } rcIkeSAStatus OBJECT-TYPE SYNTAX INTEGER { inactive(1), active(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the amount of time to propose an IKE Phase 1 SA remain valid during IKE Phase 1 negotiation. A value of 0 means no expiration." ::= { rcIkeSAEntry 15 } -- IKE ACTIVE SA TABLE rcIkeActiveSATable OBJECT-TYPE SYNTAX SEQUENCE OF RcIkeActiveSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a list of IKE Phase 1 Security Association entries. This table obsoletes rcIkeSATable" ::= { rcIke 4 } rcIkeActiveSAEntry OBJECT-TYPE SYNTAX RcIkeActiveSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." INDEX { rcIkeActiveSAId, rcIkeActiveSALocalIfIndex, rcIkeActiveSALocalAddrType, rcIkeActiveSALocalAddr, rcIkeActiveSARemoteAddrType, rcIkeActiveSARemoteAddr } ::= { rcIkeActiveSATable 1 } RcIkeActiveSAEntry ::= SEQUENCE { rcIkeActiveSAId Integer32, rcIkeActiveSALocalIfIndex InterfaceIndex, rcIkeActiveSALocalAddrType InetAddressType, rcIkeActiveSALocalAddr InetAddress, rcIkeActiveSARemoteAddrType InetAddressType, rcIkeActiveSARemoteAddr InetAddress, rcIkeActiveSAName DisplayString, rcIkeActiveSAAuthenticationMethod INTEGER, rcIkeActiveSADPDTimeout Unsigned32, rcIkeActiveSAHashAlgorithm INTEGER, rcIkeActiveSAEncryptionAlgorithm INTEGER, rcIkeActiveSAEncryptKeyLen INTEGER, rcIkeActiveSADHGroup INTEGER, rcIkeActiveSAExchangeMode INTEGER, rcIkeActiveSALifetimeSeconds Unsigned32, rcIkeActiveSAStatus INTEGER, rcIkeActiveSAInitiator INTEGER } rcIkeActiveSAId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the unique ID of a SA" ::= { rcIkeActiveSAEntry 1 } rcIkeActiveSALocalIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the interface index of the local address. Only port and vlan if-index are supported for this release." ::= { rcIkeActiveSAEntry 2 } rcIkeActiveSALocalAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the type of address field in the rcIkeActiveSALocalAddr. Only IPv6 address types are supported for this release." ::= { rcIkeActiveSAEntry 3 } rcIkeActiveSALocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the string representation of the local peer ID. The type of value configured for this object is specified by the rcIkeActiveSALocalAddrType." ::= { rcIkeActiveSAEntry 4 } rcIkeActiveSARemoteAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the type of address field in the rcIkeActiveSARemoteAddr. Only IPv6 address types are supported for this release." ::= { rcIkeActiveSAEntry 5 } rcIkeActiveSARemoteAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the string representation of the remote peer ID. The type of value configured for this object is specified by the rcIkeActiveSARemoteAddrType." ::= { rcIkeActiveSAEntry 6 } rcIkeActiveSAName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the name for the SA." ::= { rcIkeActiveSAEntry 7 } rcIkeActiveSAAuthenticationMethod OBJECT-TYPE SYNTAX INTEGER { preSharedKey(1), dssSignatures(2), rsaSignatures(3), encryptionWithRsa(4), digitalCertificate(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the proposed authentication method for the phase 1 security association." DEFVAL { preSharedKey } ::= { rcIkeActiveSAEntry 8 } rcIkeActiveSADPDTimeout OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Dead Peer Detection timeout in seconds." ::= { rcIkeActiveSAEntry 9 } rcIkeActiveSAHashAlgorithm OBJECT-TYPE SYNTAX INTEGER { md5(1), sha(2), sha256(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the hash algorithm negotiated for this IKE Phase 1 SA." ::= { rcIkeActiveSAEntry 10 } rcIkeActiveSAEncryptionAlgorithm OBJECT-TYPE SYNTAX INTEGER { desCbc(1), tripleDesCbc(5), aesCbc(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the encryption algorithm negotiated for this IKE Phase 1 SA." ::= { rcIkeActiveSAEntry 11 } rcIkeActiveSAEncryptKeyLen OBJECT-TYPE SYNTAX INTEGER (128|192|256) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the encryption key length negotiated for this IKE Phase 1 SA." ::= { rcIkeActiveSAEntry 12 } rcIkeActiveSADHGroup OBJECT-TYPE SYNTAX INTEGER { modp768(1), modp1024(2), modp2048(14) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Diffie-Hellman group negotiated for this IKE Phase 1 SA." ::= { rcIkeActiveSAEntry 13 } rcIkeActiveSAExchangeMode OBJECT-TYPE SYNTAX INTEGER { main(1), aggressive(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the IKE Phase 1 SA mode." ::= { rcIkeActiveSAEntry 14 } rcIkeActiveSALifetimeSeconds OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the amount of time to propose an IKE Phase 1 SA remain valid during IKE Phase 1 negotiation. A value of 0 means no expiration." ::= { rcIkeActiveSAEntry 15 } rcIkeActiveSAStatus OBJECT-TYPE SYNTAX INTEGER { inactive(1), active(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the amount of time to propose an IKE Phase 1 SA remain valid during IKE Phase 1 negotiation. A value of 0 means no expiration." ::= { rcIkeActiveSAEntry 16 } rcIkeActiveSAInitiator OBJECT-TYPE SYNTAX INTEGER { initiator(1), responder(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the whether the SA was created by an Initiator or a Responder" ::= { rcIkeActiveSAEntry 17 } -- IKEv2 Profile Table rcIkeV2ProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF RcIkeV2ProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a list of Ike v2 profiles consisting of algorithms and other configuration that can be used during an IKE connection." ::= { rcIke 5 } rcIkeV2ProfileEntry OBJECT-TYPE SYNTAX RcIkeV2ProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing configuration information for authentication algorithms, encryption algorithms, Diffie-Helman group, exchange-mode and lifetime-seconds to be used for negotiation." INDEX { rcIkeV2ProfileName } ::= { rcIkeV2ProfileTable 1 } RcIkeV2ProfileEntry ::= SEQUENCE { rcIkeV2ProfileName DisplayString, rcIkeV2ProfileHashAlgorithm BITS, rcIkeV2ProfileEncryptionAlgorithm BITS, rcIkeV2ProfileEncryptKeyLen BITS, rcIkeV2ProfileDHGroup BITS, rcIkeV2ProfileExchangeMode INTEGER, rcIkeV2ProfileLifetimeSeconds Unsigned32, rcIkeV2ProfileIntegrityAlgorithm BITS, rcIkeV2ProfileRowStatus RowStatus } rcIkeV2ProfileName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object contains the name of this Profile." ::= { rcIkeV2ProfileEntry 1 } rcIkeV2ProfileHashAlgorithm OBJECT-TYPE SYNTAX BITS { md5(0), sha(1), sha256(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the hash algorithms that can be used during IKE SA negotiation. It is represented in form of bits as follows- bit 0 - md5 bit 1 - sha bit 2 - sha256" DEFVAL { {sha256} } ::= { rcIkeV2ProfileEntry 2 } rcIkeV2ProfileEncryptionAlgorithm OBJECT-TYPE SYNTAX BITS { desCbc(0), tripleDesCbc(1), aesCbc(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the encryption algorithms that can be used during IKE SA negotiation. It is represented in form of bits as follows- bit 0 - desCbc bit 1 - tripleDesCbc bit 2 - aesCbc" DEFVAL { {aesCbc} } ::= { rcIkeV2ProfileEntry 3 } rcIkeV2ProfileEncryptKeyLen OBJECT-TYPE SYNTAX BITS { keylen-128(0), keylen-192(1), keylen-256(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the key length that should be be used during IKE SA negotiation. It is represented in form of bits as follows- bit 0 - keylen-128 bit 1 - keylen-192 bit 2 - keylen-256" DEFVAL { {keylen-256} } ::= { rcIkeV2ProfileEntry 4 } rcIkeV2ProfileDHGroup OBJECT-TYPE SYNTAX BITS { modp768(0), modp1024(1), modp2048(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the Diffie-Hellman groups that can be used during IKE SA negotiation. It is represented in form of bits as follows - bit 0 - modp768 bit 1 - modp1024 bit 2 - modp2048" DEFVAL { {modp1024} } ::= { rcIkeV2ProfileEntry 5 } rcIkeV2ProfileExchangeMode OBJECT-TYPE SYNTAX INTEGER { main(1), aggressive(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IKE negotiation mode. Only main mode is supported for this release." DEFVAL { main } ::= { rcIkeV2ProfileEntry 6 } rcIkeV2ProfileLifetimeSeconds OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the amount of time to propose an IKE SA remain valid during IKE negotiation. A value of 0 means no expiration." DEFVAL { 86400 } ::= { rcIkeV2ProfileEntry 7 } rcIkeV2ProfileIntegrityAlgorithm OBJECT-TYPE SYNTAX BITS { md5 (0), sha1 (1), sha256 (2), aes-xcbc(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the integrity algorithms that can be used during IKE SA negotiation. It is represented in form of bits as follows - bit 0 - md5 bit 1 - sha1 bit 2 - sha256 bit 3 - aes-xcbc" DEFVAL { {sha256} } ::= { rcIkeV2ProfileEntry 8 } rcIkeV2ProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create or delete entries in this table." ::= { rcIkeV2ProfileEntry 9 } -- IKEv2 SA TABLE rcIkeV2SATable OBJECT-TYPE SYNTAX SEQUENCE OF RcIkeV2SAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a list of IKE V2 Security Association entries." ::= { rcIke 6 } rcIkeV2SAEntry OBJECT-TYPE SYNTAX RcIkeV2SAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." INDEX { rcIkeV2SAId, rcIkeV2SALocalIfIndex, rcIkeV2SALocalAddrType, rcIkeV2SALocalAddr, rcIkeV2SARemoteAddrType, rcIkeV2SARemoteAddr } ::= { rcIkeV2SATable 1 } RcIkeV2SAEntry ::= SEQUENCE { rcIkeV2SAId Integer32, rcIkeV2SALocalIfIndex InterfaceIndex, rcIkeV2SALocalAddrType InetAddressType, rcIkeV2SALocalAddr InetAddress, rcIkeV2SARemoteAddrType InetAddressType, rcIkeV2SARemoteAddr InetAddress, rcIkeV2SAName DisplayString, rcIkeV2SAAuthenticationMethod INTEGER, rcIkeV2SADPDTimeout Unsigned32, rcIkeV2SAHashAlgorithm INTEGER, rcIkeV2SAEncryptionAlgorithm INTEGER, rcIkeV2SAEncryptKeyLen INTEGER, rcIkeV2SADHGroup INTEGER, rcIkeV2SAExchangeMode INTEGER, rcIkeV2SALifetimeSeconds Unsigned32, rcIkeV2SAStatus INTEGER, rcIkeV2SAInitiator INTEGER, rcIkeV2SAIntegrityAlgorithm INTEGER } rcIkeV2SAId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the unique ID of a SA" ::= { rcIkeV2SAEntry 1 } rcIkeV2SALocalIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the interface index of the local address. Only port and vlan if-index are supported for this release." ::= { rcIkeV2SAEntry 2 } rcIkeV2SALocalAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the type of address field in the rcIkeActiveSALocalAddr. Only IPv6 address types are supported for this release." ::= { rcIkeV2SAEntry 3 } rcIkeV2SALocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the string representation of the local peer ID. The type of value configured for this object is specified by the rcIkeV2SALocalAddrType." ::= { rcIkeV2SAEntry 4 } rcIkeV2SARemoteAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the type of address field in the rcIkeV2SARemoteAddr. Only IPv6 address types are supported for this release." ::= { rcIkeV2SAEntry 5 } rcIkeV2SARemoteAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies the string representation of the remote peer ID. The type of value configured for this object is specified by the rcIkeV2SARemoteAddrType." ::= { rcIkeV2SAEntry 6 } rcIkeV2SAName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the name for the SA." ::= { rcIkeV2SAEntry 7 } rcIkeV2SAAuthenticationMethod OBJECT-TYPE SYNTAX INTEGER { preSharedKey(1), dssSignatures(2), rsaSignatures(3), encryptionWithRsa(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the proposed authentication method for the phase 1 security association. Only the Pre-Shared Key authentication method is supported in this release." DEFVAL { preSharedKey } ::= { rcIkeV2SAEntry 8 } rcIkeV2SADPDTimeout OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Dead Peer Detection timeout in seconds." ::= { rcIkeV2SAEntry 9 } rcIkeV2SAHashAlgorithm OBJECT-TYPE SYNTAX INTEGER { md5(1), sha(2), sha256(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the hash algorithm negotiated for this IKEv2 SA." ::= { rcIkeV2SAEntry 10 } rcIkeV2SAEncryptionAlgorithm OBJECT-TYPE SYNTAX INTEGER { desCbc(2), tripleDesCbc(3), aesCbc(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the encryption algorithm negotiated for this IKEv2 SA." ::= { rcIkeV2SAEntry 11 } rcIkeV2SAEncryptKeyLen OBJECT-TYPE SYNTAX INTEGER (128|192|256) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the encryption key length negotiated for this IKE V2 SA." ::= { rcIkeV2SAEntry 12 } rcIkeV2SADHGroup OBJECT-TYPE SYNTAX INTEGER { modp768(1), modp1024(2), modp2048(14) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Diffie-Hellman group negotiated for this IKE V2 SA." ::= { rcIkeV2SAEntry 13 } rcIkeV2SAExchangeMode OBJECT-TYPE SYNTAX INTEGER { main(1), aggressive(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the IKE V2 SA mode." ::= { rcIkeV2SAEntry 14 } rcIkeV2SALifetimeSeconds OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the amount of time to propose an IKE V2 SA remain valid during IKE negotiation. A value of 0 means no expiration." ::= { rcIkeV2SAEntry 15 } rcIkeV2SAStatus OBJECT-TYPE SYNTAX INTEGER { inactive(1), active(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the amount of time to propose an IKE V2 SA remain valid during IKE V2 negotiation. A value of 0 means no expiration." ::= { rcIkeV2SAEntry 16 } rcIkeV2SAInitiator OBJECT-TYPE SYNTAX INTEGER { initiator(1), responder(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the whether the SA was created by an Initiator or a Responder" ::= { rcIkeV2SAEntry 17 } rcIkeV2SAIntegrityAlgorithm OBJECT-TYPE SYNTAX INTEGER { md5(1), sha1(2), sha256(12), aes-xcbc(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the integrity algorithms that can be used during IKEv2 SA negotiation." ::= { rcIkeV2SAEntry 18 } END