475 lines
13 KiB
Plaintext
475 lines
13 KiB
Plaintext
-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00
|
|
|
|
|
|
---------------------------------------------------------------------------
|
|
-- (C)opyright 2010-2014 bintec elmeg GmbH
|
|
-- $RCSfile: mib-ikev2,v $
|
|
-- $Revision: 1.6 $
|
|
-- $Date: 2014-02-07 11:21:02 $
|
|
---------------------------------------------------------------------------
|
|
|
|
FEC-IKEV2-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, enterprises,
|
|
IpAddress, TimeTicks, Counter32, snmpModules, mib-2, Unsigned32, Counter64
|
|
FROM SNMPv2-SMI
|
|
DisplayString, TestAndIncr, TimeStamp
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
ipsec, Date, HexValue, BitValue
|
|
FROM BINTEC-MIB;
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
ikev2MIB MODULE-IDENTITY
|
|
LAST-UPDATED "201103020000Z"
|
|
ORGANIZATION "bintec elmeg GmbH"
|
|
CONTACT-INFO "EMail: info@bintec-elmeg.com
|
|
Web: www.bintec-elmeg.com"
|
|
DESCRIPTION "Management Information for IKEv2 of IPSec Subsystem"
|
|
|
|
::= { ipsec 252 }
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
-- IKE Security Associations Table
|
|
|
|
ikev2SaTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Ikev2SaEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the list of currently active IKE security
|
|
associations, that are created using IKEv2 protocol."
|
|
::= { ipsec 21 }
|
|
|
|
ikev2SaEntry OBJECT-TYPE
|
|
SYNTAX Ikev2SaEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object contains an IKE security association."
|
|
INDEX {
|
|
ikev2SaIndex
|
|
}
|
|
::= { ikev2SaTable 1 }
|
|
|
|
Ikev2SaEntry ::=
|
|
SEQUENCE {
|
|
ikev2SaIndex INTEGER,
|
|
ikev2SaState INTEGER,
|
|
ikev2SaAuthMethod INTEGER,
|
|
ikev2SaEncAlg INTEGER,
|
|
ikev2SaIntegAlg INTEGER,
|
|
ikev2SaPrfAlg INTEGER,
|
|
ikev2SaGroup INTEGER,
|
|
ikev2SaRole INTEGER,
|
|
ikev2SaLocalId DisplayString,
|
|
ikev2SaRemoteId DisplayString,
|
|
ikev2SaLocalIp IpAddress,
|
|
ikev2SaRemoteIp IpAddress,
|
|
ikev2SaSpiI OCTET STRING,
|
|
ikev2SaSpiR OCTET STRING,
|
|
ikev2SaCreated Date,
|
|
ikev2SaLastUsed Date,
|
|
ikev2SaExpires Date,
|
|
ikev2SaNumCerts INTEGER,
|
|
ikev2SaNumNegotiations INTEGER,
|
|
ikev2SaBytes INTEGER,
|
|
ikev2SaPeerIndex INTEGER,
|
|
ikev2SaLocalPort INTEGER,
|
|
ikev2SaRemotePort INTEGER
|
|
}
|
|
|
|
ikev2SaIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index for this entry."
|
|
::= { ikev2SaEntry 1 }
|
|
|
|
ikev2SaState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
negotiating(1), -- the SA is still being negotiated
|
|
established(2), -- the SA negotiation is finished
|
|
waiting-for-remove(3), -- the SA is waiting for removal
|
|
delete(7) -- mark the SA for deletion
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the state of the SA.
|
|
Possible values:
|
|
negotiating(1), -- the SA is still being negotiated
|
|
established(2), -- the SA negotiation is finished
|
|
waiting-for-remove(3), -- the SA is waiting for removal
|
|
delete(7) -- mark the SA for deletion."
|
|
DEFVAL { negotiating }
|
|
::= { ikev2SaEntry 2 }
|
|
|
|
ikev2SaAuthMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
pre-sh-key(1), -- Authentication using pre shared keys
|
|
dss-sig(2), -- Authentication using DSS signatures
|
|
rsa-sig(3), -- Authentication using RSA signatures
|
|
rsa-enc(4), -- Authentication using RSA encryption
|
|
rsa-enc-rev(5) -- Authentication using revised RSA encryption
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication method used when creating this SA.
|
|
Possible values:
|
|
pre-sh-key(1), -- Authentication using pre shared keys
|
|
dss-sig(2), -- Authentication using DSS signatures
|
|
rsa-sig(3), -- Authentication using RSA signatures
|
|
rsa-enc(4), -- Authentication using RSA encryption
|
|
rsa-enc-rev(5) -- Authentication using revised RSA encryption."
|
|
::= { ikev2SaEntry 3 }
|
|
|
|
ikev2SaEncAlg OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
des(2),
|
|
des3(3),
|
|
rc5(4),
|
|
idea(5),
|
|
cast(6),
|
|
blowfish(7),
|
|
aes-cbc(12),
|
|
aes-ctr(13)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encryption algorithm used for the IKE_SA.
|
|
Possible values:
|
|
des(2),
|
|
des3(3),
|
|
rc5(4),
|
|
idea(5),
|
|
cast(6),
|
|
blowfish(7),
|
|
aes-cbc(12),
|
|
aes-ctr(13)"
|
|
::= { ikev2SaEntry 4 }
|
|
|
|
ikev2SaIntegAlg OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
hmac-md5-96(1), -- The MD5 hash algorithm
|
|
hmac-sha1-96(2) -- The Secure Hash Algorithm
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The integrity protection algorithm used for the IKE_SA.
|
|
Possible values:
|
|
hmac-md5-96(1),
|
|
hmac-sha1-96(2)"
|
|
::= { ikev2SaEntry 5 }
|
|
|
|
ikev2SaPrfAlg OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
hmac-md5(1), -- The MD5 hash algorithm
|
|
hmac-sha1(2) -- The Secure Hash Algorithm
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The hash algorithm used for the pseudo random function.
|
|
Possible values:
|
|
hmac-md5(1),
|
|
hmac-sha1(2)"
|
|
::= { ikev2SaEntry 6 }
|
|
|
|
ikev2SaGroup OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Diffie-Hellman group used for the IKE_SA.
|
|
Possible values:
|
|
1 - DH-group 768-bit MODP,
|
|
2 - DH-group 1024-bit MODP"
|
|
::= { ikev2SaEntry 7 }
|
|
|
|
ikev2SaRole OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initiator(1), -- this end initiated the SA negotiation
|
|
responder(2) -- the remote end initiated the SA negotiation
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies by which side the SA
|
|
negotiation was initiated.
|
|
Possible values:
|
|
initiator(1), -- this end initiated the SA negotiation
|
|
responder(2) -- the remote end initiated the SA negotiation."
|
|
::= { ikev2SaEntry 8 }
|
|
|
|
ikev2SaLocalId OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The local ID used for authentication."
|
|
::= { ikev2SaEntry 9 }
|
|
|
|
ikev2SaRemoteId OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The remote ID used for authentication."
|
|
::= { ikev2SaEntry 10 }
|
|
|
|
ikev2SaLocalIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The local IP address used in the IKE communication."
|
|
::= { ikev2SaEntry 11 }
|
|
|
|
ikev2SaRemoteIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The remote IP address used in the IKE communication."
|
|
::= { ikev2SaEntry 12 }
|
|
|
|
ikev2SaSpiI OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SPI of the initiator."
|
|
::= { ikev2SaEntry 13 }
|
|
|
|
ikev2SaSpiR OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SPI of the responder."
|
|
::= { ikev2SaEntry 14 }
|
|
|
|
ikev2SaCreated OBJECT-TYPE
|
|
SYNTAX Date
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time the SA was created."
|
|
::= { ikev2SaEntry 15 }
|
|
|
|
ikev2SaLastUsed OBJECT-TYPE
|
|
SYNTAX Date
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time the SA was used last."
|
|
::= { ikev2SaEntry 16 }
|
|
|
|
ikev2SaExpires OBJECT-TYPE
|
|
SYNTAX Date
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time the SA will expire."
|
|
::= { ikev2SaEntry 17 }
|
|
|
|
ikev2SaNumCerts OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of certificates received from the remote
|
|
side when negotiating this SA."
|
|
::= { ikev2SaEntry 18 }
|
|
|
|
ikev2SaNumNegotiations OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the number of currently active
|
|
negotiations for this SA."
|
|
::= { ikev2SaEntry 19 }
|
|
|
|
ikev2SaBytes OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes transmitted using this SA."
|
|
::= { ikev2SaEntry 20 }
|
|
|
|
ikev2SaPeerIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the peer for which this SA was created."
|
|
::= { ikev2SaEntry 21 }
|
|
|
|
ikev2SaLocalPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Local port currently used for the SA."
|
|
::= { ikev2SaEntry 22 }
|
|
|
|
ikev2SaRemotePort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Remote port currently used for the SA."
|
|
::= { ikev2SaEntry 23 }
|
|
|
|
-- End IKE Security Associations Table
|
|
|
|
|
|
-- IKEv2 Profile Table
|
|
|
|
ikev2ProfileTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Ikev2ProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the list of IKE_SA profiles.
|
|
these profiles are neede when using IKEv2 protocol."
|
|
::= { ipsec 22 }
|
|
|
|
ikev2ProfileEntry OBJECT-TYPE
|
|
SYNTAX Ikev2ProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object contains an IKE_SA profile."
|
|
INDEX {
|
|
ikev2PrfIndex
|
|
}
|
|
::= { ikev2ProfileTable 1 }
|
|
|
|
Ikev2ProfileEntry ::=
|
|
SEQUENCE {
|
|
ikev2PrfIndex Unsigned32,
|
|
ikev2PrfDescription DisplayString,
|
|
ikev2PrfProposal Unsigned32,
|
|
ikev2PrfBlockTime INTEGER,
|
|
ikev2PrfNatT INTEGER,
|
|
ikev2PrfMtuMax INTEGER,
|
|
ikev2PrfLifeSeconds Unsigned32,
|
|
ikev2PrfAliveCheck INTEGER
|
|
}
|
|
|
|
ikev2PrfIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index identifying this entry."
|
|
::= { ikev2ProfileEntry 1 }
|
|
|
|
ikev2PrfDescription OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An optional description for this profile."
|
|
::= { ikev2ProfileEntry 2 }
|
|
|
|
ikev2PrfProposal OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the first IKE proposal which may be used
|
|
for IKE SA negotiation with this profile."
|
|
::= { ikev2ProfileEntry 3 }
|
|
|
|
ikev2PrfBlockTime OBJECT-TYPE
|
|
SYNTAX INTEGER (-1..86400)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the time in seconds for which a peer is
|
|
blocked for any IPSec operations after a phase 1 initiator
|
|
negotiation failed.
|
|
Special values:
|
|
-1: use settings from global profile (do not block by default)
|
|
0: do not block the peer at all."
|
|
DEFVAL { -1 }
|
|
::= { ikev2ProfileEntry 4 }
|
|
|
|
ikev2PrfNatT OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1), -- enable Nat-Traversal
|
|
disabled(2), -- disable Nat-Traversal
|
|
default(3), -- use value from default profile
|
|
-- (enabled, if this is the default profile)
|
|
delete(4) -- mark this entry for deletion
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether NAT-Traversal is enabled
|
|
Possible values:
|
|
enabled(1), -- enable Nat-Traversal
|
|
disabled(2), -- disable Nat-Traversal
|
|
default(3) -- use value from default profile
|
|
-- (disabled, if this is the default profile)."
|
|
DEFVAL { default }
|
|
::= { ikev2ProfileEntry 5 }
|
|
|
|
ikev2PrfMtuMax OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum MTU value allowed for ipsecPeerMtu.
|
|
Zero means use value from global profile,
|
|
if this is the global profile, 1418 is assumed.
|
|
Nonzero values smaller than 214 are reset to the minimum of 214."
|
|
DEFVAL { 0 }
|
|
::= { ikev2ProfileEntry 6 }
|
|
|
|
ikev2PrfLifeSeconds OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time (in seconds) after which an SA will be rekeyed."
|
|
DEFVAL { 3600 }
|
|
::= { ikev2ProfileEntry 7 }
|
|
|
|
ikev2PrfAliveCheck OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1), -- enable alive check
|
|
disabled(2) -- disable alive check
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if a check is done to see whether the
|
|
other endpoint is alive.
|
|
(only for IKEv2)."
|
|
DEFVAL { enabled }
|
|
::= { ikev2ProfileEntry 8 }
|
|
|
|
-- End IKE SA Profile Table (IKEv2)
|
|
|
|
|
|
|
|
END
|