1353 lines
47 KiB
Plaintext
1353 lines
47 KiB
Plaintext
-- Copyright (C) 2008-2014 Super Micro Computer Inc. All Rights Reserved
|
|
|
|
-- $Id: fsvpnpolicy.mib,v 1.12 2012/11/07 12:19:22 siva Exp $
|
|
FS-VPNPOLICY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
enterprises, MODULE-IDENTITY,
|
|
OBJECT-TYPE, Integer32,
|
|
Counter32
|
|
FROM SNMPv2-SMI
|
|
InterfaceIndexOrZero
|
|
FROM IF-MIB
|
|
RowStatus, DisplayString
|
|
FROM SNMPv2-TC
|
|
InetAddressType, InetAddress,
|
|
InetAddressPrefixLength
|
|
FROM INET-ADDRESS-MIB;
|
|
|
|
fsVpnPolicy MODULE-IDENTITY
|
|
LAST-UPDATED "201209050000Z"
|
|
ORGANIZATION "Super Micro Computer Inc."
|
|
CONTACT-INFO "support@Supermicro.com"
|
|
DESCRIPTION
|
|
"The MIB module that describes managed objects of
|
|
general use by the IPSEC Protocol."
|
|
REVISION "201209050000Z"
|
|
DESCRIPTION
|
|
"The MIB module that describes managed objects of
|
|
general use by the IPSEC Protocol."
|
|
|
|
::= { enterprises supermicro-computer-inc(10876) super-switch(101) basic(1) 143 }
|
|
|
|
-- Top level components of this MIB module.
|
|
|
|
fsVpnObjects OBJECT IDENTIFIER ::= { fsVpnPolicy 1 }
|
|
fsVpnScalars OBJECT IDENTIFIER ::= { fsVpnPolicy 2 }
|
|
|
|
-- Start of VPN scalrs
|
|
|
|
fsVpnGlobalStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object enables/disables the IPSEC processing
|
|
administratively. By Default it is set to disable"
|
|
DEFVAL { disable }
|
|
::= { fsVpnScalars 1 }
|
|
|
|
-- VPN global statistics
|
|
fsVpnMaxTunnels OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Number of Maximum Tunnels supported by the VPN Module."
|
|
::= { fsVpnScalars 2 }
|
|
|
|
fsVpnIpPktsIn OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Total Number of Incoming Packets through VPN Module."
|
|
::= { fsVpnScalars 3 }
|
|
|
|
fsVpnIpPktsOut OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Total Number of Outgoing Packets through VPN Module."
|
|
::= { fsVpnScalars 4 }
|
|
|
|
fsVpnPktsSecured OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Total Number of Packets Secured by VPN module."
|
|
::= { fsVpnScalars 5 }
|
|
|
|
fsVpnPktsDropped OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Total Number of Packets Dropped by VPN module."
|
|
::= { fsVpnScalars 6 }
|
|
|
|
fsVpnIkeSAsActive OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Number of Active IKE Security Associations
|
|
in VPN module."
|
|
::= { fsVpnScalars 7 }
|
|
|
|
fsVpnIkeNegotiations OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Total number of IKE Security associations negotiated
|
|
in VPN Module."
|
|
::= { fsVpnScalars 8 }
|
|
|
|
fsVpnIkeRekeys OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Total number of IKE security associations Re-Keyed."
|
|
::= { fsVpnScalars 9 }
|
|
|
|
fsVpnIkeNegoFailed OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Total number of failed IKE security association negotiations."
|
|
::= { fsVpnScalars 10 }
|
|
|
|
fsVpnIPSecSAsActive OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Number of Active IPSec Security Associations
|
|
in VPN Module."
|
|
::= { fsVpnScalars 11 }
|
|
|
|
fsVpnIPSecNegotiations OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Number of Negotiated IPSec Security Associations
|
|
in VPN Module."
|
|
::= { fsVpnScalars 12 }
|
|
|
|
fsVpnIPSecNegoFailed OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Number of failed IPSec security association
|
|
negotiations."
|
|
::= { fsVpnScalars 13 }
|
|
|
|
fsVpnTotalRekeys OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Total Number of security associations Re-Keyed."
|
|
::= { fsVpnScalars 14 }
|
|
|
|
fsVpnRaServer OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disable (0),
|
|
enable (1)
|
|
}
|
|
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object enables/disables the RAVPN server.
|
|
By Default it is set to enable(ie. Router will act as
|
|
RAVPN Server)"
|
|
DEFVAL { enable }
|
|
::= { fsVpnScalars 15 }
|
|
|
|
fsVpnDummyPktGen OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is to enable/disable the dummy packet generation.
|
|
Dummy Packet generation is part of Traffic Flow confidentiality
|
|
and involves generation of packets with next header value 59.
|
|
The packets generated are not processed by the peer."
|
|
DEFVAL { disable }
|
|
::= { fsVpnScalars 16 }
|
|
|
|
fsVpnDummyPktParam OBJECT-TYPE
|
|
SYNTAX Integer32 (1..100)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is to specify the length of the Dummy packet."
|
|
DEFVAL { 25 }
|
|
::= { fsVpnScalars 17 }
|
|
|
|
|
|
fsIkeTraceOption OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable Trace Statements in
|
|
Ike Module.
|
|
|
|
A FOUR BYTE integer is used for enabling the level of tracing.
|
|
Each BIT in the four byte integer, represents a particular
|
|
level of Trace.
|
|
|
|
To Set the trace level for Ike.
|
|
BIT 0 - Initialisation and Shutdown Trace.
|
|
BIT 1 - Management trace.
|
|
BIT 2 - Data path trace.
|
|
BIT 3 - Control Plane trace.
|
|
BIT 4 - Packet Dump.
|
|
BIT 5 - OS Resource trace.
|
|
BIT 6 - All Failure trace (All failures including Packet Validation)
|
|
BIT 7 - Buffer Trace.
|
|
|
|
Note: BIT 0 - Least significant bit
|
|
BIT 7 - Most significant bit
|
|
|
|
For example, setting the trace level to the value -0001 0101,
|
|
will enable Init-Shutdown, data path and packet dump trace levels.
|
|
|
|
Setting all the bits will enable all the trace levels and
|
|
resetting them will disable all the trace levels."
|
|
DEFVAL { 0 }
|
|
::= { fsVpnScalars 18 }
|
|
|
|
fsIpsecTraceOption OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable Trace Statements in
|
|
Ipsec Module.
|
|
|
|
A FOUR BYTE integer is used for enabling the level of tracing.
|
|
Each BIT in the four byte integer, represents a particular
|
|
level of Trace.
|
|
|
|
To Set the trace level for Ike.
|
|
BIT 0 - Initialization and Shutdown Trace.
|
|
BIT 1 - Management trace.
|
|
BIT 2 - Data path trace.
|
|
BIT 3 - Control Plane trace.
|
|
BIT 4 - Packet Dump.
|
|
BIT 5 - OS Resource trace.
|
|
BIT 6 - All Failure trace (All failures including Packet Validation)
|
|
BIT 7 - Buffer Trace.
|
|
|
|
Note: BIT 0 - Least significant bit
|
|
BIT 7 - Most significant bit
|
|
|
|
For example, setting the trace level to the value -0001 0101,
|
|
will enable Init-Shutdown, data path and packet dump trace levels.
|
|
|
|
Setting all the bits will enable all the trace levels and
|
|
resetting them will disable all the trace levels."
|
|
|
|
DEFVAL { 0 }
|
|
::= { fsVpnScalars 19 }
|
|
|
|
|
|
-- End of scalars
|
|
|
|
-- VPN policy table BEGIN
|
|
|
|
fsVpnTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsVpnEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the VPN association
|
|
between a source and destination. It is
|
|
consulted for authentication and ciphering of
|
|
inbound and outbound datagrams. Datagrams which
|
|
are forwarded by this entity are not authenticated."
|
|
::= { fsVpnObjects 1 }
|
|
|
|
fsVpnEntry OBJECT-TYPE
|
|
SYNTAX FsVpnEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry is a unique parameter to identify the mapping between
|
|
a particular source and destination address. The
|
|
entry specifies the authentication algorithm and
|
|
key to use, the direction of authentication
|
|
(inbound or outbound) and a Security Parameter
|
|
Index (SPI),tunnel termination addresses, local network and
|
|
remote network. Updating the table elements is not allowed when
|
|
the row is active"
|
|
INDEX { fsVpnPolicyName }
|
|
::= { fsVpnTable 1 }
|
|
|
|
FsVpnEntry ::=
|
|
SEQUENCE {
|
|
fsVpnPolicyName DisplayString,
|
|
|
|
fsVpnPolicyType INTEGER,
|
|
fsVpnPolicyPriority Integer32,
|
|
|
|
fsVpnTunTermAddrType InetAddressType,
|
|
fsVpnLocalTunTermAddr InetAddress,
|
|
fsVpnRemoteTunTermAddr InetAddress,
|
|
fsVpnProtectNetworkType InetAddressType,
|
|
fsVpnLocalProtectNetwork InetAddress,
|
|
fsVpnLocalProtectNetworkPrefixLen InetAddressPrefixLength,
|
|
fsVpnRemoteProtectNetwork InetAddress,
|
|
fsVpnRemoteProtectNetworkPrefixLen InetAddressPrefixLength,
|
|
fsVpnIkeSrcPortRange DisplayString,
|
|
fsVpnIkeDstPortRange DisplayString,
|
|
|
|
fsVpnSecurityProtocol INTEGER,
|
|
fsVpnInboundSpi Integer32,
|
|
fsVpnOutboundSpi Integer32,
|
|
fsVpnMode INTEGER,
|
|
fsVpnAuthAlgo INTEGER,
|
|
fsVpnAhKey OCTET STRING,
|
|
fsVpnEncrAlgo INTEGER,
|
|
fsVpnEspKey OCTET STRING,
|
|
fsVpnAntiReplay INTEGER,
|
|
|
|
fsVpnPolicyFlag INTEGER,
|
|
fsVpnProtocol INTEGER,
|
|
fsVpnPolicyIntfIndex InterfaceIndexOrZero,
|
|
|
|
fsVpnIkePhase1HashAlgo INTEGER,
|
|
fsVpnIkePhase1EncryptionAlgo INTEGER,
|
|
fsVpnIkePhase1DHGroup INTEGER,
|
|
fsVpnIkePhase1LocalIdType INTEGER,
|
|
fsVpnIkePhase1LocalIdValue DisplayString,
|
|
fsVpnIkePhase1PeerIdType INTEGER,
|
|
fsVpnIkePhase1PeerIdValue DisplayString,
|
|
fsVpnIkePhase1LifeTimeType INTEGER,
|
|
fsVpnIkePhase1LifeTime Integer32,
|
|
fsVpnIkePhase1Mode INTEGER,
|
|
|
|
fsVpnIkePhase2AuthAlgo INTEGER,
|
|
fsVpnIkePhase2EspEncryptionAlgo INTEGER,
|
|
fsVpnIkePhase2LifeTimeType INTEGER,
|
|
fsVpnIkePhase2LifeTime Integer32,
|
|
fsVpnIkePhase2DHGroup INTEGER ,
|
|
|
|
fsVpnIkeVersion INTEGER,
|
|
fsVpnCertAlgoType INTEGER,
|
|
|
|
fsVpnPolicyRowStatus RowStatus
|
|
}
|
|
|
|
fsVpnPolicyName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..50))
|
|
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the index for accessing Ip Security table entries."
|
|
::= { fsVpnEntry 1 }
|
|
|
|
fsVpnPolicyType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ipsecManual (1),
|
|
ikePresharedkey (2),
|
|
ikeCertificate(3),
|
|
xauth (4),
|
|
raVpnPresharedKey (5)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entity to identify the type of policy"
|
|
::= { fsVpnEntry 2 }
|
|
|
|
fsVpnPolicyPriority OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entity to identify the priority of the Policy"
|
|
::= { fsVpnEntry 3 }
|
|
|
|
fsVpnTunTermAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The tunnel termination IP address type. This object support only
|
|
ipv4(1), ipv6(2) values."
|
|
::= { fsVpnEntry 4 }
|
|
|
|
fsVpnLocalTunTermAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This address is matched with the
|
|
local address in the packet during
|
|
authentication of inbound and outbound datagrams."
|
|
::= { fsVpnEntry 5 }
|
|
|
|
fsVpnRemoteTunTermAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This address is matched with the
|
|
destination address in the packet during
|
|
authentication of inbound and outbound datagrams."
|
|
::= { fsVpnEntry 6 }
|
|
|
|
fsVpnProtectNetworkType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The local protected network address type. This object support
|
|
only ipv4(1), ipv6(2) values."
|
|
::= { fsVpnEntry 7 }
|
|
|
|
fsVpnLocalProtectNetwork OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This address is used in identifying the source
|
|
network for a given VPN policy."
|
|
::= { fsVpnEntry 8 }
|
|
|
|
fsVpnLocalProtectNetworkPrefixLen OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the local protected network prefix."
|
|
::= { fsVpnEntry 9 }
|
|
|
|
fsVpnRemoteProtectNetwork OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This address is used in identifying the
|
|
destination network for a given VPN policy."
|
|
::= { fsVpnEntry 10 }
|
|
|
|
fsVpnRemoteProtectNetworkPrefixLen OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the remote protected network prefix."
|
|
::= { fsVpnEntry 11 }
|
|
|
|
fsVpnIkeSrcPortRange OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..11))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the Source port range for the
|
|
Traffic Selectors for IKEv2."
|
|
::= { fsVpnEntry 12 }
|
|
|
|
fsVpnIkeDstPortRange OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..11))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the Destination port range for the
|
|
Traffic Selectors for IKEv2."
|
|
::= { fsVpnEntry 13 }
|
|
|
|
fsVpnSecurityProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
espproto(50),
|
|
ahproto(51)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security protocol header used for authentication
|
|
(AH) or (ESP)."
|
|
::= { fsVpnEntry 14 }
|
|
|
|
fsVpnInboundSpi OBJECT-TYPE
|
|
SYNTAX Integer32 (256 ..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is an arbitrary 32-bit value identifying
|
|
the security association for this datagram. This
|
|
also indicates the SPI for the inbound direction.
|
|
The Security Parameter Index value 0 is reserved to
|
|
Indicate that 'no security association exists'.
|
|
The set of Security Parameters Index values
|
|
In the range 1 through 255 are reserved to
|
|
the IANA for future use. Any SPI value greater
|
|
than 255 can be configured. This entity is used only for
|
|
IPSEC-Manual"
|
|
::= { fsVpnEntry 15 }
|
|
|
|
fsVpnOutboundSpi OBJECT-TYPE
|
|
SYNTAX Integer32 (256 ..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is an arbitrary 32-bit value identifying
|
|
the security association for this datagram. This
|
|
also indicates the SPI for the outbound direction. The
|
|
Security Parameter Index value 0 is reserved to
|
|
Indicate that 'no security association exists'.
|
|
The set of Security Parameters Index values
|
|
In the range 1 through 255 are reserved to
|
|
the IANA for future use. Any SPI value greater
|
|
than 255 can be configured. This entity is used only for
|
|
IPSEC-Manual"
|
|
::= { fsVpnEntry 16 }
|
|
|
|
fsVpnMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
tunnel (1), -- tunnel mode
|
|
transport (2) -- transport mode
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The supporting security association mode
|
|
The security association mode must be configured as
|
|
tunnel for a security gateway.
|
|
A Host can be configured both
|
|
in transport and tunnel mode"
|
|
::= { fsVpnEntry 17 }
|
|
|
|
|
|
fsVpnAuthAlgo OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
hmacmd5 (1),
|
|
hmacsha1 (2),
|
|
xcbcmac (5),
|
|
hmacsha256 (12),
|
|
hmacsha384 (13),
|
|
hmacsha512 (14)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The authentication algorithm configured for
|
|
the particular security association entry.
|
|
Setting the algorithm to hmac-md5 (3),
|
|
hmac-sha1(4),xcbcmac(5),hmac-sha-256(12),hmac-sha-384(13)
|
|
and hmac-sha-512(14) requires a key for
|
|
authentication. This entity is used only for IPSEC-Manual "
|
|
::= { fsVpnEntry 18 }
|
|
|
|
fsVpnAhKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the key used for authentication
|
|
when the algorithm configured is either
|
|
hmac-md5 , hmac-sha1 ,xcbcmac,hmac-sha-256(12),hmac-sha-384(13)
|
|
or hmac-sha-512(14).For HmacMd5and xcbcmac
|
|
the key must be 16 bytes, for HmacSha1 the fixed size
|
|
for key is 20 bytes, for HmacSha256 the fixed size
|
|
for key is 32 bytes, for HmacSha384 the fixed size
|
|
for key is 48 bytes, for HmacSha512 the fixed size
|
|
for key is 64 bytes. This entity is used only for
|
|
IPSEC-Manual"
|
|
::= { fsVpnEntry 19 }
|
|
|
|
fsVpnEncrAlgo OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
descbc (4),
|
|
tripledescbc (5),
|
|
aes128 (12),
|
|
aes192 (13),
|
|
aes256 (14)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The algorithm to be used for Encapsulation
|
|
Security Payload (ESP) Header. This object is to
|
|
be configured only if the Security protocol to be
|
|
used is ESP. This entity is used only for IPSEC-Manual.
|
|
|
|
DES - Specifies to use Data Encryption Standard (DES) for encryption.
|
|
3DES - Specifies to use Triple Data Encryption Standard (3DES) for
|
|
encryption.
|
|
AES - Specifies to use Advanced Encryption Standard (AES) with a
|
|
128-bit key for encryption.
|
|
AES-192 - Specifies to use AES with a 192-bit key for encryption.
|
|
AES-256 - Specifies to use AES with a 256-bit key for encryption.
|
|
"
|
|
::= { fsVpnEntry 20 }
|
|
|
|
fsVpnEspKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..256))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the key used for encryption/decryption
|
|
when the algorithm configured is either
|
|
descbc,3descbc or aes128,aes192 or aes256.For
|
|
3descbc this object is used for configuring the first
|
|
key. This entity is used only for IPSEC-Manual"
|
|
::= { fsVpnEntry 21 }
|
|
|
|
fsVpnAntiReplay OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object is used for activating the anti
|
|
replay functionality of the security protocols.
|
|
This entity is used only for IPSEC-Manual"
|
|
DEFVAL { enable }
|
|
::= { fsVpnEntry 22 }
|
|
|
|
fsVpnPolicyFlag OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
filter (1), -- drops the packet
|
|
apply (3), -- applies IPSEC on the packet
|
|
bypass (4) -- bypasses the IPSEC for the packet
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The choices that can be applied on
|
|
any outbound/inbound datagrams."
|
|
::= { fsVpnEntry 23 }
|
|
|
|
fsVpnProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
icmpv4 (1),
|
|
tcp (6),
|
|
udp (17),
|
|
espproto (50),
|
|
ahproto (51),
|
|
icmpv6 (58),
|
|
any (9000)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Proto index value which uniquely identifies
|
|
the protocol for which this Selector Table entry
|
|
exists.In case of no specific protocol any can be
|
|
used whose value is assigned as 9000"
|
|
::= { fsVpnEntry 24 }
|
|
|
|
|
|
fsVpnPolicyIntfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndexOrZero
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the interface for which the VPN policy is to be applied.
|
|
The value zero indicates interface is not configured yet."
|
|
::= { fsVpnEntry 25 }
|
|
|
|
fsVpnIkePhase1HashAlgo OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
md5(1),
|
|
sha1(2),
|
|
sha256(12),
|
|
sha384(13),
|
|
sha512(14)
|
|
}
|
|
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SHA - Specifies to use Secure Hash Algorithm (SHA) as the hash
|
|
algorithm. SHA1 produces 160-bit hash values, SHA256 produces 256-bit
|
|
hash values, SHA384 produces 384-bit hash values, SHA512 produces
|
|
512-bit hash values, which are longer than MD5. SHA is generally
|
|
considered more secure and is the recommended hash algorithm.
|
|
|
|
MD5 - Specifies to use Message Digest 5 (MD5) as the hash algorithm.
|
|
MD5 produces a 128-bit hash values.
|
|
"
|
|
DEFVAL { 2 }
|
|
::= { fsVpnEntry 26 }
|
|
|
|
fsVpnIkePhase1EncryptionAlgo OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
descbc(4),
|
|
tripledescbc(5),
|
|
aes128(12),
|
|
aes192(13),
|
|
aes256(14)
|
|
}
|
|
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies which encryption algorithm should be used in Policy
|
|
negotiation"
|
|
DEFVAL { 4 }
|
|
::= { fsVpnEntry 27 }
|
|
|
|
fsVpnIkePhase1DHGroup OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
group1(1),
|
|
group2(2),
|
|
group5(5),
|
|
group14(14)
|
|
}
|
|
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Diffie-Hellman (DH) is a public key cryptography protocol that enables
|
|
two parties to establish a shared secret over unsecured communications
|
|
channels. It will be used in Internet Key Exchange (IKE) to establish
|
|
session keys.
|
|
|
|
GROUP_1 - Specifies to use 768-bit Diffie-Hellman Group 1 cryptography.
|
|
GROUP_2 - Specifies to use 1024-bit Diffie-Hellman Group 2 cryptography.
|
|
GROUP_5 - Specifies to use 1536-bit Diffie-Hellman Group 5 cryptography.
|
|
GROUP_14 - Specifies to use 2048-bit Diffie-Hellman Group 14 cryptography.
|
|
"
|
|
DEFVAL { group2 }
|
|
::= { fsVpnEntry 28 }
|
|
|
|
fsVpnIkePhase1LocalIdType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ipv4(1),
|
|
fqdn(2),
|
|
email(3),
|
|
ipv6(5),
|
|
dn(9),
|
|
keyId(11)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is Identity Type for supported Local Node."
|
|
::= { fsVpnEntry 29 }
|
|
|
|
fsVpnIkePhase1LocalIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the value for the supported Local Node type of phase 1"
|
|
::= { fsVpnEntry 30 }
|
|
|
|
fsVpnIkePhase1PeerIdType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ipv4(1),
|
|
fqdn(2),
|
|
email(3),
|
|
ipv6(5),
|
|
dn(9),
|
|
keyId(11)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is Peer Identity Type supported for phase 1 of the IKE
|
|
negotiation."
|
|
::= { fsVpnEntry 31 }
|
|
|
|
|
|
fsVpnIkePhase1PeerIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the Peer Identity value for the supported peer type of phase 1.
|
|
eg. for ipv4 151.100.10.10, for email abc@xyz.com"
|
|
::= { fsVpnEntry 32 }
|
|
|
|
fsVpnIkePhase1LifeTimeType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
secs(1),
|
|
mins(3),
|
|
hrs(4),
|
|
days(5)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IKE life time units."
|
|
DEFVAL { 1 }
|
|
::= { fsVpnEntry 33 }
|
|
|
|
fsVpnIkePhase1LifeTime OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enter the duration, in fsVpnIkePhase1LifeTimeType, of the IKE security
|
|
association (SA), after which the IKE SA expires and is re-negotiated.
|
|
|
|
if you wish to save setup time for new IPsec SAs, configure a longer
|
|
IKE SA lifetime. However, shorter lifetimes provide more secure IKE
|
|
negotiations because the SA between the tunnel endpoints must be
|
|
successfully renegotiated more frequently.
|
|
|
|
NOTE in case of IKEv1: If the IKEv1 lifetimes on two peers are not the
|
|
same (equal in duration), the IKE policy lifetime of the initiating peer
|
|
must be shorter than the lifetime of the responding peer, and the shorter
|
|
lifetime will be used in IKE negotiations between the devices.
|
|
"
|
|
DEFVAL { 2400 }
|
|
::= { fsVpnEntry 34 }
|
|
|
|
fsVpnIkePhase1Mode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
main(2),
|
|
aggressive(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IKE Phase 1 mode, whether main or aggressive."
|
|
::= { fsVpnEntry 35 }
|
|
|
|
fsVpnIkePhase2AuthAlgo OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
md5(1),
|
|
sha(2),
|
|
xcbcmac(5),
|
|
hmacsha256 (12),
|
|
hmacsha384 (13),
|
|
hmacsha512 (14)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies which hash algorithm to be used"
|
|
::= { fsVpnEntry 36 }
|
|
|
|
fsVpnIkePhase2EspEncryptionAlgo OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
descbc(4),
|
|
tripledescbc(5),
|
|
null(11),
|
|
aes128(12),
|
|
aes192(13),
|
|
aes256(14),
|
|
aesctr128(15),
|
|
aesctr192(16),
|
|
aesctr256(17)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies which encryption algorithm should be used for ESP"
|
|
::= { fsVpnEntry 37 }
|
|
|
|
fsVpnIkePhase2LifeTimeType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
secs(1),
|
|
kb(2),
|
|
mins(3),
|
|
hrs(4),
|
|
days(5)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IPSec SA life time type."
|
|
DEFVAL { 1 }
|
|
::= { fsVpnEntry 38 }
|
|
|
|
fsVpnIkePhase2LifeTime OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IPsec security association (SA) lifetime in
|
|
fsVpnIkePhase2LifeTimeType. The SA is re-negotiated after the time limit
|
|
elapses.
|
|
"
|
|
DEFVAL { 800 }
|
|
::= { fsVpnEntry 39 }
|
|
|
|
fsVpnIkePhase2DHGroup OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none (0),
|
|
group1(1),
|
|
group2(2),
|
|
group5(5),
|
|
group14(14)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Perfect Forward Secrecy (PFS) generates and uses a unique session key
|
|
for each encrypted exchange. The unique session key protects the
|
|
exchange from subsequent decryption, even if the entire exchange was
|
|
recorded and the attacker has obtained the pre-shared and/or private
|
|
keys used by the endpoint devices.
|
|
|
|
To enable PFS, choose a Diffie-Hellman group to use in generating the
|
|
PFS session key.
|
|
"
|
|
::= { fsVpnEntry 40 }
|
|
|
|
fsVpnIkeVersion OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ikev1 (1),
|
|
ikev2 (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used for configuring the IKE version - IKev1 (1)
|
|
or IKEv2 (2) protocol to be used for key negotiation"
|
|
::= { fsVpnEntry 41 }
|
|
|
|
fsVpnCertAlgoType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
rsa (1),
|
|
dsa (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used for configuring the Authentication Algorithm -
|
|
RSA (1) or DSA (2) to be used for authentication
|
|
This object needs to configure as RSA (1) or DSA (1) to configure
|
|
fsVpnPolicyType object as ikeCertificate (3)"
|
|
::= { fsVpnEntry 42 }
|
|
|
|
fsVpnPolicyRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to create and delete rows from the fsVpnTable."
|
|
::= { fsVpnEntry 43 }
|
|
|
|
--fsVpnTable END
|
|
|
|
--fsVpnRaUsersTable Table BEGIN
|
|
|
|
fsVpnRaUsersTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsVpnRaUsersEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used to identify the remote
|
|
access users when acting as a RAVPN Server"
|
|
::= { fsVpnObjects 2 }
|
|
|
|
fsVpnRaUsersEntry OBJECT-TYPE
|
|
SYNTAX FsVpnRaUsersEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used for configuration of
|
|
usernames and passwords for remote access
|
|
users"
|
|
INDEX { fsVpnRaUserName }
|
|
::= { fsVpnRaUsersTable 1 }
|
|
|
|
FsVpnRaUsersEntry ::=
|
|
SEQUENCE {
|
|
fsVpnRaUserName DisplayString,
|
|
fsVpnRaUserSecret DisplayString,
|
|
fsVpnRaUserRowStatus RowStatus
|
|
}
|
|
|
|
fsVpnRaUserName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User Name is the index for accessing
|
|
the Remote Users table"
|
|
::= { fsVpnRaUsersEntry 1 }
|
|
|
|
fsVpnRaUserSecret OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Password for the remote user"
|
|
::= { fsVpnRaUsersEntry 2 }
|
|
|
|
fsVpnRaUserRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to create and delete rows
|
|
in the fsVpnRaUsersTable."
|
|
::= { fsVpnRaUsersEntry 3 }
|
|
|
|
-- fsVpnRaUsersTable Table END
|
|
|
|
--fsVpnRaAddressPoolTable Table BEGIN
|
|
|
|
fsVpnRaAddressPoolTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsVpnRaAddressPoolEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used to allocated IP addresses
|
|
to remote users using local address pool"
|
|
::= { fsVpnObjects 3 }
|
|
|
|
fsVpnRaAddressPoolEntry OBJECT-TYPE
|
|
SYNTAX FsVpnRaAddressPoolEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used for configuration of
|
|
local address pool for the remote users.
|
|
Start and end IP address should be specified
|
|
for each pool"
|
|
INDEX { fsVpnRaAddressPoolName }
|
|
::= { fsVpnRaAddressPoolTable 1 }
|
|
|
|
FsVpnRaAddressPoolEntry ::=
|
|
SEQUENCE {
|
|
fsVpnRaAddressPoolName DisplayString,
|
|
fsVpnRaAddressPoolAddrType InetAddressType,
|
|
fsVpnRaAddressPoolStart InetAddress,
|
|
fsVpnRaAddressPoolEnd InetAddress,
|
|
fsVpnRaAddressPoolPrefixLen InetAddressPrefixLength,
|
|
fsVpnRaAddressPoolRowStatus RowStatus
|
|
}
|
|
|
|
fsVpnRaAddressPoolName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Pool Name is the index for accessing
|
|
the Remote Access Address Pool table"
|
|
::= { fsVpnRaAddressPoolEntry 1 }
|
|
|
|
fsVpnRaAddressPoolAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address type of the pool for remote users This object support
|
|
only ipv4(1), ipv6(2) values."
|
|
::= { fsVpnRaAddressPoolEntry 2 }
|
|
|
|
fsVpnRaAddressPoolStart OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Starting IP address of the pool for remote users"
|
|
::= { fsVpnRaAddressPoolEntry 3 }
|
|
|
|
fsVpnRaAddressPoolEnd OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"End IP address of the pool for remote users"
|
|
::= { fsVpnRaAddressPoolEntry 4 }
|
|
|
|
fsVpnRaAddressPoolPrefixLen OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The prefix length of the address pool"
|
|
::= { fsVpnRaAddressPoolEntry 5 }
|
|
|
|
fsVpnRaAddressPoolRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to create and delete rows
|
|
in the fsVpnRaAddressPoolTable."
|
|
::= { fsVpnRaAddressPoolEntry 6 }
|
|
|
|
-- fsVpnRaAddressPoolTable Table END
|
|
|
|
fsVpnRemoteIdTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsVpnRemoteIdEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table provides VPN tunnels remote users
|
|
identities information.
|
|
|
|
The remote identity and the preshared key (PSK)
|
|
bindings are globally available to all the VPN
|
|
tunnels and can be mapped whenever required.
|
|
|
|
One identity can be mapped to multiple tunnels.
|
|
"
|
|
::= { fsVpnObjects 4 }
|
|
|
|
fsVpnRemoteIdEntry OBJECT-TYPE
|
|
SYNTAX FsVpnRemoteIdEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A row in this table does not support 'notInService'
|
|
and 'createAndGo'.
|
|
"
|
|
INDEX { fsVpnRemoteIdType, fsVpnRemoteIdValue }
|
|
::= { fsVpnRemoteIdTable 1 }
|
|
|
|
FsVpnRemoteIdEntry ::=
|
|
SEQUENCE {
|
|
fsVpnRemoteIdType INTEGER,
|
|
fsVpnRemoteIdValue DisplayString,
|
|
fsVpnRemoteIdKey DisplayString,
|
|
fsVpnRemoteIdAuthType Integer32,
|
|
fsVpnRemoteIdStatus RowStatus
|
|
}
|
|
|
|
fsVpnRemoteIdType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ipv4(1),
|
|
fqdn(2),
|
|
email(3),
|
|
ipv6(5),
|
|
dn(9),
|
|
keyId(11)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "User identity types supported by the gateway chosen
|
|
to interpret the data of fsVpnRemoteIdValue object.
|
|
|
|
Ip addresses should be represented with 'ipv4' type.
|
|
|
|
A fully qualified domain name (or FQDN) is an
|
|
unambiguous domain name that specifies the node's
|
|
position in the DNS tree hierarchy absolutely. To
|
|
distinguish an FQDN from a regular domain name, a
|
|
trailing period is added. ex: somehost.example.com
|
|
"
|
|
REFERENCE "Section 4.6.2.1, IP Security Domain of Interpretation
|
|
RFC2407"
|
|
::= { fsVpnRemoteIdEntry 1 }
|
|
|
|
fsVpnRemoteIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "It represents the value corresponding to the type
|
|
mentioned in fsVpnRemoteIdType object.
|
|
|
|
The maximum permitted length of an FQDN is 255 bytes.
|
|
"
|
|
::= { fsVpnRemoteIdEntry 2 }
|
|
|
|
fsVpnRemoteIdKey OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "This is the pre-shared key with the gateway. The PSK
|
|
will be used by the gateway to authenticate the phase-I
|
|
IKE transactions with this user.
|
|
"
|
|
::= { fsVpnRemoteIdEntry 3 }
|
|
|
|
|
|
fsVpnRemoteIdAuthType OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "It represents the value corresponding to the
|
|
Authentication method configured."
|
|
::= { fsVpnRemoteIdEntry 4 }
|
|
|
|
|
|
fsVpnRemoteIdStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "Used to add and delete the remote user identities.
|
|
|
|
A value of 'createAndGo' is not supported because PSK
|
|
is mandatory to authenticate the user.
|
|
"
|
|
::= { fsVpnRemoteIdEntry 5 }
|
|
|
|
-- end of vpn remote identity table (fsVpnRemoteIdTable)
|
|
|
|
fsVpnCertInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsVpnCertInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table provides certificates information that
|
|
are used for peer authentication.
|
|
|
|
The certificates are globally available to all the VPN
|
|
tunnels and can be mapped whenever required.
|
|
|
|
One identity can be mapped to multiple tunnels.
|
|
"
|
|
::= { fsVpnObjects 5 }
|
|
|
|
fsVpnCertInfoEntry OBJECT-TYPE
|
|
SYNTAX FsVpnCertInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "'createAndGo' is not supported by this table."
|
|
INDEX { fsVpnCertKeyString}
|
|
::= { fsVpnCertInfoTable 1 }
|
|
|
|
FsVpnCertInfoEntry ::=
|
|
SEQUENCE {
|
|
fsVpnCertKeyString DisplayString,
|
|
fsVpnCertKeyType INTEGER,
|
|
fsVpnCertKeyFileName DisplayString,
|
|
fsVpnCertFileName DisplayString,
|
|
fsVpnCertEncodeType INTEGER,
|
|
fsVpnCertStatus RowStatus
|
|
}
|
|
|
|
fsVpnCertKeyString OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Key identity string supported by the gateway choosen
|
|
to uniquely identify the certificate information.
|
|
"
|
|
::= { fsVpnCertInfoEntry 1 }
|
|
|
|
fsVpnCertKeyType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
rsa (1),
|
|
dsa (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "It represents the type of algorithm used to
|
|
generate the key which is used to generate the
|
|
certificate.
|
|
RSA - Ron Rivest, Adi Shamir and Len Adleman Algorithm,
|
|
DSA - Digital Signature Algorithm.
|
|
"
|
|
DEFVAL { rsa }
|
|
::= { fsVpnCertInfoEntry 2 }
|
|
|
|
fsVpnCertKeyFileName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "This is the file in which the key used to generate the
|
|
certificate is stored."
|
|
::= { fsVpnCertInfoEntry 3 }
|
|
|
|
fsVpnCertFileName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "This is the file in which the certificate information
|
|
is stored. This will be used by the gateway to
|
|
authenticate the phase-I IKE transactions with this user."
|
|
::= { fsVpnCertInfoEntry 4 }
|
|
|
|
fsVpnCertEncodeType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
pem (1),
|
|
der (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "It represents the encoding type by which the
|
|
certificate information are encoded
|
|
PEM - Privacy Enhanced Mail encoding
|
|
DER - Distinguished Encoding Rules encoding."
|
|
DEFVAL { pem }
|
|
::= { fsVpnCertInfoEntry 5 }
|
|
|
|
|
|
fsVpnCertStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "'createAndGo' is not supported by this table."
|
|
::= { fsVpnCertInfoEntry 6 }
|
|
|
|
-- end of vpn Certificate Information table (fsVpnCertInfoTable)
|
|
|
|
fsVpnCaCertInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsVpnCaCertInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table provides Certificate Authority (CA)
|
|
certificates information.
|
|
|
|
The certificates are globally available to authorize
|
|
all the VPN certificates and can be mapped
|
|
whenever required."
|
|
|
|
::= { fsVpnObjects 6 }
|
|
|
|
fsVpnCaCertInfoEntry OBJECT-TYPE
|
|
SYNTAX FsVpnCaCertInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "'createAndGo is not supported by this table."
|
|
INDEX { fsVpnCaCertKeyString}
|
|
::= { fsVpnCaCertInfoTable 1 }
|
|
|
|
FsVpnCaCertInfoEntry ::=
|
|
SEQUENCE {
|
|
fsVpnCaCertKeyString DisplayString,
|
|
fsVpnCaCertFileName DisplayString,
|
|
fsVpnCaCertEncodeType INTEGER,
|
|
fsVpnCaCertStatus RowStatus
|
|
}
|
|
|
|
fsVpnCaCertKeyString OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Key identity string supported by the gateway chosen
|
|
to uniquely identify the CA certificate information."
|
|
::= { fsVpnCaCertInfoEntry 1 }
|
|
|
|
fsVpnCaCertFileName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "This is the file in which the CA certificate information
|
|
is stored. This will be used by the gateway to
|
|
authorize the peer certificates used for security
|
|
negotiations.
|
|
"
|
|
::= { fsVpnCaCertInfoEntry 2 }
|
|
|
|
fsVpnCaCertEncodeType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
pem (1),
|
|
der (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "It represents the encoding type by which the
|
|
certificate information are encoded
|
|
PEM - Privacy Enhanced Mail encoding
|
|
DER - Distinguished Encoding Rules encoding."
|
|
DEFVAL { pem }
|
|
::= { fsVpnCaCertInfoEntry 3 }
|
|
|
|
fsVpnCaCertStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "'createAndGo' is not supported by this table."
|
|
::= { fsVpnCaCertInfoEntry 4 }
|
|
|
|
END
|