CISCO-ENHANCED-IPSEC-FLOW-MIB: View SNMP OID List / Download MIB
VENDOR: CISCO
| Home | MIB: CISCO-ENHANCED-IPSEC-FLOW-MIB | |||
|---|---|---|---|---|
| Download as: |
Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
|
|||
| Object Name | OID | Type | Access | Info |
| ciscoEnhancedIpsecFlowMIB | 1.3.6.1.4.1.9.9.432 |
This is a MIB Module for monitoring the structures and status of IPSec-based networks. The MIB has been designed to be adopted as an IETF standard. Hence vendor-specific features of IPSec protocol are excluded from this MIB. Acronyms The following acronyms are used in this document: IPsec: Secure IP Protocol VPN: Virtual Private Network ISAKMP: Internet Security Association and Key Exchange Protocol IKE: Internet Key Exchange Protocol SA: Security Association (ref: rfc2408). SPI: Security Parameter Index is the pointer or identifier used in accessing SA attributes (ref: rfc2408). MM: Main Mode - the process of setting up a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs QM: Quick Mode - the process of setting up Phase 2 Security Associations using a Phase 1 SA. Phase 1 Tunnel: An ISAKMP SA can be regarded as representing a flow of ISAKMP/IKE traffic. Hence an ISAKMP is referred to as a 'Phase 1 Tunnel' in this document. Control Tunnel: Another term for a Phase 1 Tunnel. Phase 2 Tunnel: An instance of a non-ISAKMP SA bundle in which all the SA share the same proxy identifiers (IDii,IDir) protect the same stream of application traffic. Such an SA bundle is termed a 'Phase 2 Tunnel'. Note that a Phase 2 tunnel may comprise different SA bundles and different number of SA bundles at different times (due to key refresh). MTU: Maximum Transmission Unit (of an IPsec tunnel). History of the MIB A precursor to this MIB was written by Tivoli and implemented in IBM Nways routers in 1999. During late 1999, Cisco adopted the MIB and together with Tivoli publised the IPsec Flow Monitor MIB in IETF IPsec WG in draft-ietf-ipsec-flow-monitoring-mib-00.txt. In 2000, the MIB was Cisco-ized and implemented this draft as CISCO-IPSEC-FLOW-MONITOR-MIB in IOS and VPN3000 platforms. With the evolution of IKEv2, the MIB was modified and presented to the IPsec WG again in May 2003 in draft-ietf-ipsec-flow-monitoring-mib-02.txt. With the emergence of multiple IPsec signaling protocols, it became apparent that the signaling aspects of IPsec need to be instrumented separately in their own right. Thus, the IPsec control attributes and metrics were separated out into CISCO-IPSEC-SIGNALING-MIB and CISCO-IKE-FLOW-MIB. This version of the draft is the version of the draft that models that IPsec data protocol, structures and activity alone. Overview of MIB The MIB contains four major groups of objects which are used to manage the IPsec Protocol. These groups include a Levels Group, a Phase-1 Group, a Phase-2 Group, a History Group, a Failure Group and a TRAP Control Group. The following table illustrates the structure of the IPsec MIB. The Phase 2 group models objects pertaining to IPsec data tunnels. The History group is to aid applications that do trending analysis. The Failure group is to enable an operator to do troubleshooting and debugging of the VPN Router. Further, counters are supported to aid detection of potential security violations. In addition to the three major MIB Groups, there are a number of Notifications. The following table illustrates the name and description of the IPsec TRAPs. |
||
| ciscoEnhancedIpsecFlowMIBNotifs | 1.3.6.1.4.1.9.9.432.0 | |||
| ciscoEnhIpsecFlowTunnelStart | 1.3.6.1.4.1.9.9.432.0.1 |
This notification is generated when an IPsec Phase-2 Tunnel becomes active. |
||
| ciscoEnhIpsecFlowTunnelStop | 1.3.6.1.4.1.9.9.432.0.2 |
This notification is generated when an IPsec Phase-2 Tunnel becomes inactive. |
||
| ciscoEnhIpsecFlowSysFailure | 1.3.6.1.4.1.9.9.432.0.3 |
This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences an internal or system capacity error. |
||
| ciscoEnhIpsecFlowSetupFail | 1.3.6.1.4.1.9.9.432.0.4 |
This notification is generated when the setup for an IPsec Phase-2 Tunnel fails. |
||
| ciscoEnhIpsecFlowBadSa | 1.3.6.1.4.1.9.9.432.0.5 |
This notification is generated when the managed entity receives an IPsec packet with a non-existent (non-existant in the local Security Association Database) SPI. |
||
| ciscoEnhIpsecFlowCertExpiry | 1.3.6.1.4.1.9.9.432.0.6 |
This notification is generated to notify that an X.509 certificate is going to expire. The notification is triggered the time threshold configured on the application for notification before the certificate is going to expire, which is when the value of ceipSecCertExpiryStatus is changed from certOK(1) to certGoingExpired(2). The user should take action to renew the certificate identified in the notification prior to the certificate expiration, which is at the validity notAfter time provided in the notification. |
||
| ciscoEnhIpsecFlowCertRenewal | 1.3.6.1.4.1.9.9.432.0.7 |
This notification is generated to report a status transition for an X.509 certificate renewal performed by the application. The notification is generated when the value of ceipSecCertRenewalStatus is changed from 1. renewalNotNeeded(1) to renewalRequestNeeded(2) or renewalRequested(3) 2. renewalRequestNeeded(2) to renewalRequested(3) 3. renewalRequested(3) to renewalSuccess(4) or renewalFailedUpdate(5) or renewalFailedExpired(6) 4. renewalFailedUpdate(5) to renewalFailedExpired(6) |
||
| ciscoEnhancedIpsecFlowMIBObjects | 1.3.6.1.4.1.9.9.432.1 | |||
| ceipSecPhaseTwo | 1.3.6.1.4.1.9.9.432.1.1 | |||
| ceipSecGlobalStats | 1.3.6.1.4.1.9.9.432.1.1.1 | |||
| ceipSecGlobalActiveTunnels | 1.3.6.1.4.1.9.9.432.1.1.1.1 | gauge32 | read-only |
The total number of currently active IPsec Phase-2 Tunnels. |
| ceipSecGlobalPreviousTunnels | 1.3.6.1.4.1.9.9.432.1.1.1.2 | counter64 | read-only |
The total number of previously active IPsec Phase-2 Tunnels. |
| ceipSecGlobalInOctets | 1.3.6.1.4.1.9.9.432.1.1.1.3 | counter64 | read-only |
A high capacity count of the total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed. |
| ceipSecGlobalInDecompOctets | 1.3.6.1.4.1.9.9.432.1.1.1.4 | counter64 | read-only |
A high capacity count of the total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecGlobalInOctets. |
| ceipSecGlobalInPkts | 1.3.6.1.4.1.9.9.432.1.1.1.5 | counter64 | read-only |
The total number of packets received by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalInDrops | 1.3.6.1.4.1.9.9.432.1.1.1.6 | counter64 | read-only |
The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels. This count does NOT include packets dropped due to Anti-Replay processing. |
| ceipSecGlobalInReplayDrops | 1.3.6.1.4.1.9.9.432.1.1.1.7 | counter64 | read-only |
The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalInAuths | 1.3.6.1.4.1.9.9.432.1.1.1.8 | counter64 | read-only |
The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalInAuthFails | 1.3.6.1.4.1.9.9.432.1.1.1.9 | counter64 | read-only |
The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalInDecrypts | 1.3.6.1.4.1.9.9.432.1.1.1.10 | counter64 | read-only |
The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalInDecryptFails | 1.3.6.1.4.1.9.9.432.1.1.1.11 | counter64 | read-only |
The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalOutOctets | 1.3.6.1.4.1.9.9.432.1.1.1.12 | counter64 | read-only |
A high capacity count of the total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed. |
| ceipSecGlobalOutUncompOctets | 1.3.6.1.4.1.9.9.432.1.1.1.13 | counter64 | read-only |
A high capacity count of the total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ceipSecGlobalOutOctets. |
| ceipSecGlobalOutPkts | 1.3.6.1.4.1.9.9.432.1.1.1.14 | counter64 | read-only |
The total number of packets sent by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalOutDrops | 1.3.6.1.4.1.9.9.432.1.1.1.15 | counter64 | read-only |
The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalOutAuths | 1.3.6.1.4.1.9.9.432.1.1.1.16 | counter64 | read-only |
The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalOutAuthFails | 1.3.6.1.4.1.9.9.432.1.1.1.17 | counter64 | read-only |
The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalOutEncrypts | 1.3.6.1.4.1.9.9.432.1.1.1.18 | counter64 | read-only |
The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalOutEncryptFails | 1.3.6.1.4.1.9.9.432.1.1.1.19 | counter64 | read-only |
The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalProtocolUseFails | 1.3.6.1.4.1.9.9.432.1.1.1.20 | counter64 | read-only |
The total number of protocol use failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels. |
| ceipSecGlobalNoSaFails | 1.3.6.1.4.1.9.9.432.1.1.1.21 | counter64 | read-only |
The total number of non-existent Security Association in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels. |
| ceipSecGlobalSysCapFails | 1.3.6.1.4.1.9.9.432.1.1.1.22 | counter64 | read-only |
The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels. |
| ceipSecGlobalOutCompressedPkts | 1.3.6.1.4.1.9.9.432.1.1.1.23 | counter64 | read-only |
The cumulative number of outbound packets across all IPsec flows terminating at this device which were successfully compressed. |
| ceipSecGlobalOutCompSkippedPkts | 1.3.6.1.4.1.9.9.432.1.1.1.24 | counter64 | read-only |
The total number of outbound packets across all IPsec flows terminating at this devices that were to be compressed but which were skipped due to the compression hysteresis. |
| ceipSecGlobalOutCompFailPkts | 1.3.6.1.4.1.9.9.432.1.1.1.25 | counter64 | read-only |
The total number of outbound packets across all IPsec flows terminating at this device that failed compression because they grew in size after compression. |
| ceipSecGlobalOutCompTooSmallPkts | 1.3.6.1.4.1.9.9.432.1.1.1.26 | counter64 | read-only |
The total number of outbound packets across all IPsec flows terminating at this device that were to be compressed but were smaller than the compression threshold size. This number is cumulative since the last system start. |
| ceipSecGlobalThroughputUtilizatioinTimeInterval | 1.3.6.1.4.1.9.9.432.1.1.1.27 | unsigned32 | read-only |
The object is the length of the time interval to measure the throughtput utilization. |
| ceipSecGlobalThroughputLastUpdatedTime | 1.3.6.1.4.1.9.9.432.1.1.1.28 | timestamp | read-only |
The timestamp is the end of the last throughput utilization time interval. |
| ceipSecGlobalLastAveragePacketSize | 1.3.6.1.4.1.9.9.432.1.1.1.29 | unsigned32 | read-only |
This object is the average packet size in the last throughput utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime. |
| ceipSecGlobalLastThroughputInMbps | 1.3.6.1.4.1.9.9.432.1.1.1.30 | unsigned32 | read-only |
The object is the total throughput in Mbps in the last throughput utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime. |
| ceipSecGlobalLastThroughputInKpps | 1.3.6.1.4.1.9.9.432.1.1.1.31 | unsigned32 | read-only |
The object is the total throughput in Kpps in the last throughput utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime. |
| ceipSecGlobalLastThroughputUtilization | 1.3.6.1.4.1.9.9.432.1.1.1.32 | unsigned32 | read-only |
The object is the throughput utilization in percentage in the last performance utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime. |
| ceipSecGlobalPeakThroughputUtilization | 1.3.6.1.4.1.9.9.432.1.1.1.33 | unsigned32 | read-only |
The object is the peak throughput utilization in percentage since the managed system is active. It was observed in the throughput utilization time interval that ended at ceipSecGlobalPeakThroughputDateAndTime. |
| ceipSecGlobalPeakThroughputDateAndTime | 1.3.6.1.4.1.9.9.432.1.1.1.34 | dateandtime | read-only |
The date and time when ceipSecGlobalPeakThroughputUtilization is updated. |
| ceipSecGlobalPeakThroughputInMbps | 1.3.6.1.4.1.9.9.432.1.1.1.35 | unsigned32 | read-only |
The object indicates the peak value of throughput in Mbps. |
| ceipSecGlobalPeakAvgPacketSize | 1.3.6.1.4.1.9.9.432.1.1.1.36 | unsigned32 | read-only |
This object indicates the average packet size in bytes in the throughput utilization time interval that ended at ceipSecGlobalPeakThroughputDateAndTime. |
| ceipSecTunnelTable | 1.3.6.1.4.1.9.9.432.1.1.2 | no-access |
The IPsec Phase-2 Tunnel Table. There is one entry in this table for each active IPsec Phase-2 Tunnel. |
|
| 1.3.6.1.4.1.9.9.432.1.1.2.1 | no-access |
Each entry contains the attributes associated with an active IPsec Phase-2 Tunnel. |
||
| ceipSecTunIndex | 1.3.6.1.4.1.9.9.432.1.1.2.1.1 | cipsecphase2tunnelindex | no-access |
The index of the IPsec Phase-2 Tunnel Table. The value of the index is a number which begins at 1 and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647. Since this object must correspond to a valid Phase-2 IPsec tunnel, this object may not assume the value of 0. |
| ceipSecTunLocalAddressType | 1.3.6.1.4.1.9.9.432.1.1.2.1.2 | inetaddresstype | read-only |
The type of the IP address of the local endpoint for the IPsec Phase-2 Tunnel. |
| ceipSecTunLocalAddress | 1.3.6.1.4.1.9.9.432.1.1.2.1.3 | inetaddress | read-only |
The IP address of the local endpoint for the IPsec Phase-2 Tunnel. |
| ceipSecTunRemoteAddressType | 1.3.6.1.4.1.9.9.432.1.1.2.1.4 | inetaddresstype | read-only |
The type of the IP address of the remote endpoint for the IPsec Phase-2 Tunnel. |
| ceipSecTunRemoteAddress | 1.3.6.1.4.1.9.9.432.1.1.2.1.5 | inetaddress | read-only |
The IP address of the remote endpoint for the IPsec Phase-2 Tunnel. |
| ceipSecTunControlProtocol | 1.3.6.1.4.1.9.9.432.1.1.2.1.6 | cipseccontrolprotocol | read-only |
Identifies the protocol used to setup and administer this Phase-2 IPsec tunnel. In case this tunnel was spawned by an IPsec signaling protocol, this MIB object contains the value of the object 'cisgIpsSgProtocol' defined in CISCO-IPSEC-SIGNALING-MIB in the table 'cisgIpsSgTunnelTable' in the row corresponding to the control tunnel. A value of 'cpManual' is indicative of a manually installed and administered Phase-2 tunnel. |
| ceipSecTunControlTunnelIndex | 1.3.6.1.4.1.9.9.432.1.1.2.1.7 | cipsecphase1tunnelindexorzero | read-only |
The index of the associated IPsec Phase-1 Tunnel. In case this tunnel was spawned by an IPsec signaling protocol, this MIB object contains the value of the object 'cisgIpsSgTunIndex' defined in CISCO-IPSEC-SIGNALING-MIB in the table 'cisgIpsSgTunnelTable' in the row corresponding to the control tunnel. A value of 0 identifies that this Phase-2 tunnel was setup manually. |
| ceipSecTunControlTunnelAlive | 1.3.6.1.4.1.9.9.432.1.1.2.1.8 | truthvalue | read-only |
An indicator which specifies whether or not the IPsec Phase-1 Tunnel that spawned this Phase-2 tunnel currently exists. |
| ceipSecTunEncapMode | 1.3.6.1.4.1.9.9.432.1.1.2.1.9 | cipsecencapmode | read-only |
The encapsulation mode used by the IPsec Phase-2 Tunnel. |
| ceipSecTunNATTraversalMode | 1.3.6.1.4.1.9.9.432.1.1.2.1.10 | cipsecnattraversalmode | read-only |
The encapsulation used by the IPsec Phase-2 tunnel for NAT traversal. The value of this object is constrained based on the value of the column 'ceipSecTunEncapMode'. If the value of 'ceipSecTunEncapMode' is 'encapTransport', then this object may not assume the values 'natEncapIPsecOverUdp' or 'natEncapIPsecOverTcp'. |
| ceipSecTunLifeSize | 1.3.6.1.4.1.9.9.432.1.1.2.1.11 | unsigned32 | read-only |
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. |
| ceipSecTunLifeTime | 1.3.6.1.4.1.9.9.432.1.1.2.1.12 | unsigned32 | read-only |
The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. If the tunnel was setup manually, the value of this MIB element should be 0. |
| ceipSecTunActiveTime | 1.3.6.1.4.1.9.9.432.1.1.2.1.13 | timeinterval | read-only |
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds. |
| ceipSecTunSaLifeSizeThreshold | 1.3.6.1.4.1.9.9.432.1.1.2.1.14 | unsigned32 | read-only |
The security association LifeSize refresh threshold in kilobytes. If the tunnel was setup manually, the value of this MIB element should be 0. |
| ceipSecTunSaLifeTimeThreshold | 1.3.6.1.4.1.9.9.432.1.1.2.1.15 | unsigned32 | read-only |
The security association LifeTime refresh threshold in seconds. If the tunnel was setup manually, the value of this MIB element should be 0. |
| ceipSecTunTotalRefreshes | 1.3.6.1.4.1.9.9.432.1.1.2.1.16 | counter32 | read-only |
The total number of security association refreshes performed. |
| ceipSecTunExpiredSaInstances | 1.3.6.1.4.1.9.9.432.1.1.2.1.17 | counter32 | read-only |
The total number of security associations which have expired. If the tunnel was setup manually, the value of this MIB element should be 0. |
| ceipSecTunCurrentSaInstances | 1.3.6.1.4.1.9.9.432.1.1.2.1.18 | gauge32 | read-only |
The number of security associations which are currently active or expiring. |
| ceipSecTunInSaDHGrp | 1.3.6.1.4.1.9.9.432.1.1.2.1.19 | cipsecdiffhellmangrp | read-only |
The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. If the tunnel was setup manually, the value of this MIB element would be `none'. |
| ceipSecTunInSaEncryptAlgo | 1.3.6.1.4.1.9.9.432.1.1.2.1.20 | cipsecencryptalgorithm | read-only |
The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunInSaEncryptKeySize | 1.3.6.1.4.1.9.9.432.1.1.2.1.21 | cipsecencryptionkeysize | read-only |
The key size in bits of the negotiated key to be used with the algorithm denoted by 'ceipSecTunInSaEncryptAlgo'. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size. |
| ceipSecTunInSaAhAuthAlgo | 1.3.6.1.4.1.9.9.432.1.1.2.1.22 | cipsecauthalgorithm | read-only |
The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunInSaEspAuthAlgo | 1.3.6.1.4.1.9.9.432.1.1.2.1.23 | cipsecauthalgorithm | read-only |
The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunInSaDecompAlgo | 1.3.6.1.4.1.9.9.432.1.1.2.1.24 | cipseccompalgorithm | read-only |
The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunOutSaDHGrp | 1.3.6.1.4.1.9.9.432.1.1.2.1.25 | cipsecdiffhellmangrp | read-only |
The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. If the tunnel was setup manually, the value of this MIB element would be 'none'. |
| ceipSecTunOutSaEncryptAlgo | 1.3.6.1.4.1.9.9.432.1.1.2.1.26 | cipsecencryptalgorithm | read-only |
The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunOutSaEncryptKeySize | 1.3.6.1.4.1.9.9.432.1.1.2.1.27 | cipsecencryptionkeysize | read-only |
The key size in bits of the negotiated key to be used with the algorithm denoted by 'ceipSecTunOutSaEncryptAlgo'. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size. |
| ceipSecTunOutSaAhAuthAlgo | 1.3.6.1.4.1.9.9.432.1.1.2.1.28 | cipsecauthalgorithm | read-only |
The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunOutSaEspAuthAlgo | 1.3.6.1.4.1.9.9.432.1.1.2.1.29 | cipsecauthalgorithm | read-only |
The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunOutSaCompAlgo | 1.3.6.1.4.1.9.9.432.1.1.2.1.30 | cipseccompalgorithm | read-only |
The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunPmtu | 1.3.6.1.4.1.9.9.432.1.1.2.1.31 | cipsecpmtu | read-only |
The Path MTU for this IPsec Phase-2 tunnel, which has been either learnt from the network or which has been specified by the administrator. The lower end of the range is 68 which is the minimum MTU for IPv4. |
| ceipSecTunInOctets | 1.3.6.1.4.1.9.9.432.1.1.2.1.32 | counter64 | read-only |
A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. |
| ceipSecTunInDecompOctets | 1.3.6.1.4.1.9.9.432.1.1.2.1.33 | counter64 | read-only |
A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecTunInOctets. |
| ceipSecTunInPkts | 1.3.6.1.4.1.9.9.432.1.1.2.1.34 | counter32 | read-only |
The total number of packets received by this IPsec Phase-2 Tunnel. |
| ceipSecTunInDropPkts | 1.3.6.1.4.1.9.9.432.1.1.2.1.35 | counter32 | read-only |
The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing. |
| ceipSecTunInReplayDropPkts | 1.3.6.1.4.1.9.9.432.1.1.2.1.36 | counter32 | read-only |
The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel. |
| ceipSecTunInAuths | 1.3.6.1.4.1.9.9.432.1.1.2.1.37 | counter32 | read-only |
The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel. |
| ceipSecTunInAuthFails | 1.3.6.1.4.1.9.9.432.1.1.2.1.38 | counter32 | read-only |
The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel . |
| ceipSecTunInDecrypts | 1.3.6.1.4.1.9.9.432.1.1.2.1.39 | counter32 | read-only |
The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel. |
| ceipSecTunInDecryptFails | 1.3.6.1.4.1.9.9.432.1.1.2.1.40 | counter32 | read-only |
The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel. |
| ceipSecTunOutOctets | 1.3.6.1.4.1.9.9.432.1.1.2.1.41 | counter64 | read-only |
A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. |
| ceipSecTunOutUncompOctets | 1.3.6.1.4.1.9.9.432.1.1.2.1.42 | counter64 | read-only |
A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ceipSecTunOutOctets. |
| ceipSecTunOutPkts | 1.3.6.1.4.1.9.9.432.1.1.2.1.43 | counter32 | read-only |
The total number of packets sent by this IPsec Phase-2 Tunnel. |
| ceipSecTunOutDropPkts | 1.3.6.1.4.1.9.9.432.1.1.2.1.44 | counter32 | read-only |
The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel. |
| ceipSecTunOutAuths | 1.3.6.1.4.1.9.9.432.1.1.2.1.45 | counter32 | read-only |
The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel. |
| ceipSecTunOutAuthFails | 1.3.6.1.4.1.9.9.432.1.1.2.1.46 | counter32 | read-only |
The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel. |
| ceipSecTunOutEncrypts | 1.3.6.1.4.1.9.9.432.1.1.2.1.47 | counter32 | read-only |
The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel. |
| ceipSecTunOutEncryptFails | 1.3.6.1.4.1.9.9.432.1.1.2.1.48 | counter32 | read-only |
The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel. |
| ceipSecTunOutCompressedPkts | 1.3.6.1.4.1.9.9.432.1.1.2.1.49 | counter32 | read-only |
The total number of outbound packets which were successfully compressed. |
| ceipSecTunOutCompSkippedPkts | 1.3.6.1.4.1.9.9.432.1.1.2.1.50 | counter32 | read-only |
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis. |
| ceipSecTunOutCompFailPkts | 1.3.6.1.4.1.9.9.432.1.1.2.1.51 | counter32 | read-only |
The total number of outbound packets that failed compression because they grew in size after compression. |
| ceipSecTunOutCompTooSmallPkts | 1.3.6.1.4.1.9.9.432.1.1.2.1.52 | counter32 | read-only |
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size. |
| ceipSecIfIndex | 1.3.6.1.4.1.9.9.432.1.1.2.1.53 | interfaceindex | read-only |
This object represents the ifIndex of an interface where this tunnel is created. Multiple IPsec tunnels can be created using the same interface. |
| ceipSecTunStatus | 1.3.6.1.4.1.9.9.432.1.1.2.1.54 | cipsectunnelstatus | read-write |
The status of the MIB table row. This object can be used to bring the tunnel down or force a rekeying. When the value is set to destroy(5), the SA bundle is destroyed and this row is deleted from this table. When the value is set to rekey(6), then rekeying is forced on this tunnel. When this MIB value is queried, the value of active(4) is always returned, if the instance exists. This object cannot be used to create a MIB table row. |
| ceipSecEndPtTable | 1.3.6.1.4.1.9.9.432.1.1.3 | no-access |
The IPsec Phase-2 Tunnel Endpoint Table. This table contains an entry for each active endpoint associated with an IPsec Phase-2 Tunnel. |
|
| 1.3.6.1.4.1.9.9.432.1.1.3.1 | no-access |
An IPsec Phase-2 Tunnel Endpoint entry. |
||
| ceipSecEndPtIndex | 1.3.6.1.4.1.9.9.432.1.1.3.1.1 | unsigned32 | no-access |
The number of the Endpoint associated with the IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 4,294,967,295. |
| ceipSecEndPtLocalName | 1.3.6.1.4.1.9.9.432.1.1.3.1.2 | snmpadminstring | read-only |
The DNS name of the local Endpoint. |
| ceipSecEndPtLocalType | 1.3.6.1.4.1.9.9.432.1.1.3.1.3 | cipsecendpttype | read-only |
The type of identity for the local Endpoint. |
| ceipSecEndPtLocalAddrType1 | 1.3.6.1.4.1.9.9.432.1.1.3.1.4 | inetaddresstype | read-only |
The type of the IP address for this local Endpoint's first IP address. |
| ceipSecEndPtLocalAddr1 | 1.3.6.1.4.1.9.9.432.1.1.3.1.5 | inetaddress | read-only |
The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtLocalType. |
| ceipSecEndPtLocalAddrType2 | 1.3.6.1.4.1.9.9.432.1.1.3.1.6 | inetaddresstype | read-only |
The type of the IP address for this local Endpoint's second IP address. |
| ceipSecEndPtLocalAddr2 | 1.3.6.1.4.1.9.9.432.1.1.3.1.7 | inetaddress | read-only |
The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtLocalType. |
| ceipSecEndPtLocalProtocol | 1.3.6.1.4.1.9.9.432.1.1.3.1.8 | ciscoipprotocol | read-only |
The protocol number of the local Endpoint's traffic. |
| ceipSecEndPtLocalPort | 1.3.6.1.4.1.9.9.432.1.1.3.1.9 | ciscoport | read-only |
The port number of the local Endpoint's traffic. |
| ceipSecEndPtRemoteName | 1.3.6.1.4.1.9.9.432.1.1.3.1.10 | snmpadminstring | read-only |
The DNS name of the remote Endpoint. |
| ceipSecEndPtRemoteType | 1.3.6.1.4.1.9.9.432.1.1.3.1.11 | cipsecendpttype | read-only |
The type of identity for the remote Endpoint. |
| ceipSecEndPtRemoteAddrType1 | 1.3.6.1.4.1.9.9.432.1.1.3.1.12 | inetaddresstype | read-only |
The type of the IP address for this remote Endpoint's first IP address. |
| ceipSecEndPtRemoteAddr1 | 1.3.6.1.4.1.9.9.432.1.1.3.1.13 | inetaddress | read-only |
The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtRemoteType. |
| ceipSecEndPtRemoteAddrType2 | 1.3.6.1.4.1.9.9.432.1.1.3.1.14 | inetaddresstype | read-only |
The type of the IP address for this remote Endpoint's second IP address. |
| ceipSecEndPtRemoteAddr2 | 1.3.6.1.4.1.9.9.432.1.1.3.1.15 | inetaddress | read-only |
The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtRemoteType. |
| ceipSecEndPtRemoteProtocol | 1.3.6.1.4.1.9.9.432.1.1.3.1.16 | ciscoipprotocol | read-only |
The protocol number of the remote Endpoint's traffic. |
| ceipSecEndPtRemotePort | 1.3.6.1.4.1.9.9.432.1.1.3.1.17 | ciscoport | read-only |
The port number of the remote Endpoint's traffic. |
| ceipSecSaTable | 1.3.6.1.4.1.9.9.432.1.1.4 | no-access |
The IPsec Phase-2 Security Association Table. This table identifies the structure (in terms of component SAs) of each active Phase-2 IPsec tunnel. This table contains an entry for each active and expiring security association and maps each entry in the active Phase-2 tunnel table (ceipSecTunTable) into a number of entries in this table. The index of this table reflects the |
|
| 1.3.6.1.4.1.9.9.432.1.1.4.1 | no-access |
Each entry contains the attributes associated with active and expiring IPsec Phase-2 security associations. |
||
| ceipSecSaProtocol | 1.3.6.1.4.1.9.9.432.1.1.4.1.1 | cipsecprotocol | no-access |
This column represents the security protocol (AH, ESP or IPComp) for which this security association was setup. |
| ceipSecSaIndex | 1.3.6.1.4.1.9.9.432.1.1.4.1.2 | unsigned32 | no-access |
The object, in the context of the IPsec tunnel 'ceipSecTunIndex', is an index of security associations comprising the Phase-2 IPsec tunnel represented by the tunnel index 'ceipSecTunIndex'. The value of this index is a number which begins at 1 and is incremented with each SPI associated with the corresponding IPsec Phase-2 Tunnel. |
| ceipSecSaDirection | 1.3.6.1.4.1.9.9.432.1.1.4.1.3 | cipsecphase2sadirection | read-only |
Phase-2 IPsec security associations are simplex. Hence a particular security association is used either for securing outgoing traffic or decoding incoming traffic. This column identifies the direction of the security association represented by this entry. |
| ceipSecSaValue | 1.3.6.1.4.1.9.9.432.1.1.4.1.4 | cipsecspi | read-only |
This is the value of the Security Protection Index (SPI) assigned by the system to the security association represented by this entry. |
| ceipSecSaStatus | 1.3.6.1.4.1.9.9.432.1.1.4.1.5 | integer | read-only |
This column represents the status of the security association represented by this conceptual row. If the status of the SA is 'active', the SA is ready for active use. The status 'expiring' represents any of the various states that the security association transitions through before being purged. Enumeration: 'active': 2, 'unknown': 1, 'expiring': 3. |
| ceipSecTunnelSaTable | 1.3.6.1.4.1.9.9.432.1.1.5 | no-access |
The IPsec Phase-2 Tunnel Security Association Table. This table identifies the SAs that are currently associated with an active Phase-2 tunnel. This table contains an entry for each active or expiring security association (SA) which is associated with an ceipSecTunnelEntry in 'active' state and provides statistic information of this SA. There might be multiple SAs associated with one ceipSecTunnelEntry. |
|
| 1.3.6.1.4.1.9.9.432.1.1.5.1 | no-access |
Each entry contains the attributes and statistics associated with an active or expiring IPsec Phase-2 security associations. |
||
| ceipSecTunSaProtocol | 1.3.6.1.4.1.9.9.432.1.1.5.1.1 | cipsecprotocol | no-access |
This column represents the security protocol (AH, ESP or IPComp) for which this security association was setup. |
| ceipSecTunSaIndex | 1.3.6.1.4.1.9.9.432.1.1.5.1.2 | unsigned32 | no-access |
The object, in the context of the IPsec tunnel 'ceipSecTunIndex', is an index of security associations comprising the Phase-2 IPsec tunnel represented by the tunnel index 'ceipSecTunIndex'. The value of this index is a number which begins at 1 and is incremented with each SPI associated with the corresponding IPsec Phase-2 Tunnel. |
| ceipSecTunSaDirection | 1.3.6.1.4.1.9.9.432.1.1.5.1.3 | cipsecphase2sadirection | no-access |
Phase-2 IPsec security associations are simplex. Hence a particular security association is used either for securing outgoing traffic or decoding incoming traffic. This column identifies the direction of the security association represented by this entry. |
| ceipSecTunSaValue | 1.3.6.1.4.1.9.9.432.1.1.5.1.4 | cipsecspi | read-only |
This is the value of the Security Protection Index (SPI) assigned by the system to the security association represented by this entry. |
| ceipSecTunSaIfIndex | 1.3.6.1.4.1.9.9.432.1.1.5.1.5 | interfaceindex | read-only |
This object represents the ifIndex of an interface where a tunnel with ceipSecTunIndex is created. Multiple IPsec tunnels can be created using the same interface. |
| ceipSecTunSaInOctets | 1.3.6.1.4.1.9.9.432.1.1.5.1.6 | counter64 | read-only |
A high capacity count of the total number of octets received by using this SA. This value is accumulated BEFORE determining whether or not the packet should be decompressed. |
| ceipSecTunSaInDecompOctets | 1.3.6.1.4.1.9.9.432.1.1.5.1.7 | counter64 | read-only |
A high capacity count of the total number of decompressed octets received by using this SA. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecTunSaTunInOctets. |
| ceipSecTunSaInPkts | 1.3.6.1.4.1.9.9.432.1.1.5.1.8 | counter64 | read-only |
The total number of packets received by using this SA. |
| ceipSecTunSaInDropPkts | 1.3.6.1.4.1.9.9.432.1.1.5.1.9 | counter64 | read-only |
The total number of packets dropped during receive process by using this SA. This count does NOT include packets dropped due to Anti-Replay processing. |
| ceipSecTunSaInReplayDropPkts | 1.3.6.1.4.1.9.9.432.1.1.5.1.10 | counter64 | read-only |
The total number of packets dropped during receive processing due to Anti-Replay processing by using this SA. |
| ceipSecTunSaInAuths | 1.3.6.1.4.1.9.9.432.1.1.5.1.11 | counter64 | read-only |
The total number of inbound authentication's performed by using this SA. |
| ceipSecTunSaInAuthFails | 1.3.6.1.4.1.9.9.432.1.1.5.1.12 | counter64 | read-only |
The total number of inbound authentication's which ended in failure by using this SA. |
| ceipSecTunSaInDecrypts | 1.3.6.1.4.1.9.9.432.1.1.5.1.13 | counter64 | read-only |
The total number of inbound decryption's performed by this SA. |
| ceipSecTunSaInDecryptFails | 1.3.6.1.4.1.9.9.432.1.1.5.1.14 | counter64 | read-only |
The total number of inbound decryption's which ended in failure by using this SA. |
| ceipSecTunSaOutOctets | 1.3.6.1.4.1.9.9.432.1.1.5.1.15 | counter64 | read-only |
A high capacity count of the total number of octets sent by using this SA. This value is accumulated AFTER determining whether or not the packet should be compressed. |
| ceipSecTunSaOutUncompOctets | 1.3.6.1.4.1.9.9.432.1.1.5.1.16 | counter64 | read-only |
A high capacity count of the total number of uncompressed octets sent by using this SA. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ceipSecTunSaTunOutOctets. |
| ceipSecTunSaOutPkts | 1.3.6.1.4.1.9.9.432.1.1.5.1.17 | counter64 | read-only |
The total number of packets sent by using this SA. |
| ceipSecTunSaOutDropPkts | 1.3.6.1.4.1.9.9.432.1.1.5.1.18 | counter64 | read-only |
The total number of packets dropped during send processing by using this SA. |
| ceipSecTunSaOutAuths | 1.3.6.1.4.1.9.9.432.1.1.5.1.19 | counter64 | read-only |
The total number of outbound authentication's performed by using this SA. |
| ceipSecTunSaOutAuthFails | 1.3.6.1.4.1.9.9.432.1.1.5.1.20 | counter64 | read-only |
The total number of outbound authentication's which ended in failure by using this SA. |
| ceipSecTunSaOutEncrypts | 1.3.6.1.4.1.9.9.432.1.1.5.1.21 | counter64 | read-only |
The total number of outbound encryption's performed by using this SA. |
| ceipSecTunSaOutEncryptFails | 1.3.6.1.4.1.9.9.432.1.1.5.1.22 | counter64 | read-only |
The total number of outbound encryption's which ended in failure by using this SA. |
| ceipSecTunSaOutCompressedPkts | 1.3.6.1.4.1.9.9.432.1.1.5.1.23 | counter64 | read-only |
The total number of outbound packets which were successfully compressed by using this SA. |
| ceipSecTunSaOutCompSkippedPkts | 1.3.6.1.4.1.9.9.432.1.1.5.1.24 | counter64 | read-only |
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis when using this SA. |
| ceipSecTunSaOutCompFailPkts | 1.3.6.1.4.1.9.9.432.1.1.5.1.25 | counter64 | read-only |
The total number of outbound packets that failed compression because they grew in size after compression when using this SA. |
| ceipSecTunSaOutCompTooSmallPkts | 1.3.6.1.4.1.9.9.432.1.1.5.1.26 | counter64 | read-only |
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size when using this SA. |
| ceipSecTunSaStatus | 1.3.6.1.4.1.9.9.432.1.1.5.1.27 | integer | read-only |
This column represents the status of the security association represented by this conceptual row. If the status of the SA is 'active', the SA is ready for active use. The status 'expiring' represents any of the various states that the security association transitions through before being purged. Enumeration: 'active': 2, 'unknown': 1, 'expiring': 3. |
| ceipSecIfTunnelTable | 1.3.6.1.4.1.9.9.432.1.1.6 | no-access |
The IPsec Phase-2 Tunnels to Interface association table. This table contains an entry for each active IPsec Phase-2 Tunnel created under an interface. Multiple IPsec Phase-2 Tunnels can be created using the same interface. |
|
| 1.3.6.1.4.1.9.9.432.1.1.6.1 | no-access |
Each entry contains the IPsec Phase-2 Tunnel associated with an interface. |
||
| ceipSecIfTunnelStatus | 1.3.6.1.4.1.9.9.432.1.1.6.1.1 | cipsectunnelstatus | read-only |
This object corresponds to the status of a IPsec Phase-2 Tunnel in ceipSecTunnelTable indexed by ceipSecTunIndex. The valid status this object can have are 'active' and 'awaitCommit'. |
| ceipSecHistory | 1.3.6.1.4.1.9.9.432.1.2 | |||
| ceipSecHistGlobal | 1.3.6.1.4.1.9.9.432.1.2.1 | |||
| ceipSecHistGlobalCntl | 1.3.6.1.4.1.9.9.432.1.2.1.1 | |||
| ceipSecHistTableSize | 1.3.6.1.4.1.9.9.432.1.2.1.1.1 | unsigned32 | read-write |
The window size of the IPsec Phase-2 History Tables. The IPsec Phase-2 History Tables are implemented as a sliding window in which only the last 'N' entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-2 History Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, in appropriate SNMP error code should be returned. Setting this value to zero is equivalent to deleting all conceptual rows in the archiving tables ('ceipSecHistTable' and 'ceipSecEndPtHistTable') and disabling the archiving of entries in the tables. |
| ceipSecTunnelHistTable | 1.3.6.1.4.1.9.9.432.1.2.2 | no-access |
The IPsec Phase-2 Tunnel History Table. This table is conceptually a sliding window in which only the last 'N' entries are maintained, where 'N' is the value of the object 'ceipSecHistTableSize'. If the value of 'ceipSecHistTableSize' is 0, archiving of entries in this table is disabled. |
|
| 1.3.6.1.4.1.9.9.432.1.2.2.1 | no-access |
Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel. |
||
| ceipSecTunHistIndex | 1.3.6.1.4.1.9.9.432.1.2.2.1.1 | unsigned32 | no-access |
The index of the IPsec Phase-2 Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 4,294,967,295. |
| ceipSecTunHistTermReason | 1.3.6.1.4.1.9.9.432.1.2.2.1.2 | integer | read-only |
The reason the IPsec Phase-2 Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = applicationInitiated (eg: L2TP requesting the termination) 7 = failure of extended authentication 8 = local failure occurred 9 = operator initiated check point request Enumeration: 'applicationInitiated': 6, 'normal': 2, 'xauthFailure': 7, 'operRequest': 3, 'peerLost': 5, 'checkPointReq': 9, 'other': 1, 'peerDelRequest': 4, 'seqNumRollOver': 8. |
| ceipSecTunHistActiveIndex | 1.3.6.1.4.1.9.9.432.1.2.2.1.3 | cipsecphase2tunnelindex | read-only |
The index of the previously active IPsec Phase-2 Tunnel. This object must correspond to an expired IPsec tunnel; hence this object may not assume the value of 0. |
| ceipSecTunHistLocalAddressType | 1.3.6.1.4.1.9.9.432.1.2.2.1.4 | inetaddresstype | read-only |
The type of the IP address of the local endpoint for the IPsec Phase-2 Tunnel. |
| ceipSecTunHistLocalAddress | 1.3.6.1.4.1.9.9.432.1.2.2.1.5 | inetaddress | read-only |
The IP address of the local endpoint for the IPsec Phase-2 Tunnel. |
| ceipSecTunHistRemoteAddressType | 1.3.6.1.4.1.9.9.432.1.2.2.1.6 | inetaddresstype | read-only |
The type of the IP address of the remote endpoint for the IPsec Phase-2 Tunnel. |
| ceipSecTunHistRemoteAddress | 1.3.6.1.4.1.9.9.432.1.2.2.1.7 | inetaddress | read-only |
The IP address of the remote endpoint for the IPsec Phase-2 Tunnel. |
| ceipSecTunHistControlProtocol | 1.3.6.1.4.1.9.9.432.1.2.2.1.8 | cipseccontrolprotocol | read-only |
Identifies the protocol that was used to setup and administer Phase-2 IPsec tunnel. |
| ceipSecTunHistControlTunnelIndex | 1.3.6.1.4.1.9.9.432.1.2.2.1.9 | cipsecphase1tunnelindexorzero | read-only |
The index of the IPsec Phase-1 Tunnel that spawned this Phase-2 tunnel (in case of IKE, this value would refer to 'csikeTunIndex' in the 'csikeTunnelTable'). If the IPsec tunnel corresponding to this entry was setup manually, the value of this object should be zero. |
| ceipSecTunHistEncapMode | 1.3.6.1.4.1.9.9.432.1.2.2.1.10 | cipsecencapmode | read-only |
The encapsulation mode used by the IPsec Phase-2 Tunnel. |
| ceipSecTunHistNATTraversalMode | 1.3.6.1.4.1.9.9.432.1.2.2.1.11 | cipsecnattraversalmode | read-only |
The encapsulation used by the IPsec Phase-2 tunnel corresponding to this conceptual row for NAT traversal. |
| ceipSecTunHistLifeSize | 1.3.6.1.4.1.9.9.432.1.2.2.1.12 | unsigned32 | read-only |
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. |
| ceipSecTunHistLifeTime | 1.3.6.1.4.1.9.9.432.1.2.2.1.13 | unsigned32 | read-only |
The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. |
| ceipSecTunHistStartTime | 1.3.6.1.4.1.9.9.432.1.2.2.1.14 | timestamp | read-only |
The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started. |
| ceipSecTunHistActiveTime | 1.3.6.1.4.1.9.9.432.1.2.2.1.15 | timeinterval | read-only |
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds. |
| ceipSecTunHistTotalRefreshes | 1.3.6.1.4.1.9.9.432.1.2.2.1.16 | counter32 | read-only |
The total number of security association refreshes performed. |
| ceipSecTunHistTotalSas | 1.3.6.1.4.1.9.9.432.1.2.2.1.17 | counter32 | read-only |
The total number of security associations used during the life of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistInSaDHGrp | 1.3.6.1.4.1.9.9.432.1.2.2.1.18 | cipsecdiffhellmangrp | read-only |
The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistInSaEncryptAlgo | 1.3.6.1.4.1.9.9.432.1.2.2.1.19 | cipsecencryptalgorithm | read-only |
The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistInSaEncryptKeySize | 1.3.6.1.4.1.9.9.432.1.2.2.1.20 | cipsecencryptionkeysize | read-only |
The size in bits of the key which was negotiated to be used with the encryption transform used with this tunnel denoted by ceipSecTunHistInSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size. |
| ceipSecTunHistInSaAhAuthAlgo | 1.3.6.1.4.1.9.9.432.1.2.2.1.21 | cipsecauthalgorithm | read-only |
The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistInSaEspAuthAlgo | 1.3.6.1.4.1.9.9.432.1.2.2.1.22 | cipsecauthalgorithm | read-only |
The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistInSaDecompAlgo | 1.3.6.1.4.1.9.9.432.1.2.2.1.23 | cipseccompalgorithm | read-only |
The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutSaDHGrp | 1.3.6.1.4.1.9.9.432.1.2.2.1.24 | cipsecdiffhellmangrp | read-only |
The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutSaEncryptAlgo | 1.3.6.1.4.1.9.9.432.1.2.2.1.25 | cipsecencryptalgorithm | read-only |
The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutSaEncryptKeySz | 1.3.6.1.4.1.9.9.432.1.2.2.1.26 | cipsecencryptionkeysize | read-only |
The size in bits of the key which was negotiated to be used with the encryption transform used with this tunnel denoted by ceipSecTunHistOutSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size. |
| ceipSecTunHistOutSaAhAuthAlgo | 1.3.6.1.4.1.9.9.432.1.2.2.1.27 | cipsecauthalgorithm | read-only |
The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutSaEspAuthAlgo | 1.3.6.1.4.1.9.9.432.1.2.2.1.28 | cipsecauthalgorithm | read-only |
The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutSaCompAlgo | 1.3.6.1.4.1.9.9.432.1.2.2.1.29 | cipseccompalgorithm | read-only |
The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. |
| ceipSecTunHistPmtu | 1.3.6.1.4.1.9.9.432.1.2.2.1.30 | cipsecpmtu | read-only |
The Path MTU that was determined for this IPsec Phase-2 tunnel. |
| ceipSecTunHistInOctets | 1.3.6.1.4.1.9.9.432.1.2.2.1.31 | counter64 | read-only |
A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. |
| ceipSecTunHistInDecompOctets | 1.3.6.1.4.1.9.9.432.1.2.2.1.32 | counter64 | read-only |
A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecTunInOctets. |
| ceipSecTunHistInPkts | 1.3.6.1.4.1.9.9.432.1.2.2.1.33 | counter32 | read-only |
The total number of packets received by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistInDropPkts | 1.3.6.1.4.1.9.9.432.1.2.2.1.34 | counter32 | read-only |
The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing. |
| ceipSecTunHistInReplayDropPkts | 1.3.6.1.4.1.9.9.432.1.2.2.1.35 | counter32 | read-only |
The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistInAuths | 1.3.6.1.4.1.9.9.432.1.2.2.1.36 | counter32 | read-only |
The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistInAuthFails | 1.3.6.1.4.1.9.9.432.1.2.2.1.37 | counter32 | read-only |
The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel . |
| ceipSecTunHistInDecrypts | 1.3.6.1.4.1.9.9.432.1.2.2.1.38 | counter32 | read-only |
The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistInDecryptFails | 1.3.6.1.4.1.9.9.432.1.2.2.1.39 | counter32 | read-only |
The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutOctets | 1.3.6.1.4.1.9.9.432.1.2.2.1.40 | counter64 | read-only |
A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. |
| ceipSecTunHistOutUncompOctets | 1.3.6.1.4.1.9.9.432.1.2.2.1.41 | counter64 | read-only |
A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of 'ceipSecTunOutOctets'. |
| ceipSecTunHistOutPkts | 1.3.6.1.4.1.9.9.432.1.2.2.1.42 | counter32 | read-only |
The total number of packets sent by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutDropPkts | 1.3.6.1.4.1.9.9.432.1.2.2.1.43 | counter32 | read-only |
The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutAuths | 1.3.6.1.4.1.9.9.432.1.2.2.1.44 | counter32 | read-only |
The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutAuthFails | 1.3.6.1.4.1.9.9.432.1.2.2.1.45 | counter32 | read-only |
The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutEncrypts | 1.3.6.1.4.1.9.9.432.1.2.2.1.46 | counter32 | read-only |
The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutEncryptFails | 1.3.6.1.4.1.9.9.432.1.2.2.1.47 | counter32 | read-only |
The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel. |
| ceipSecTunHistOutCompressedPkts | 1.3.6.1.4.1.9.9.432.1.2.2.1.48 | counter32 | read-only |
The total number of outbound packets which were successfully compressed. |
| ceipSecTunHistOutCompSkippedPkts | 1.3.6.1.4.1.9.9.432.1.2.2.1.49 | counter32 | read-only |
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis. |
| ceipSecTunHistOutCompFailPkts | 1.3.6.1.4.1.9.9.432.1.2.2.1.50 | counter32 | read-only |
The total number of outbound packets that failed compression because they grew in size after compression. |
| ceipSecTunHistOutCompSmallPkts | 1.3.6.1.4.1.9.9.432.1.2.2.1.51 | counter32 | read-only |
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size. |
| ceipSecEndPtHistTable | 1.3.6.1.4.1.9.9.432.1.2.3 | no-access |
The IPsec Phase-2 Tunnel Endpoint History Table. This table is conceptually a sliding window in which only the last 'N' entries are maintained, where 'N' is the value of the object 'ceipSecHistTableSize'. If the value of 'ceipSecHistTableSize' is 0, archiving of entries in this table is disabled. |
|
| 1.3.6.1.4.1.9.9.432.1.2.3.1 | no-access |
Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel Endpoint. |
||
| ceipSecEndPtHistIndex | 1.3.6.1.4.1.9.9.432.1.2.3.1.1 | unsigned32 | no-access |
The number of the previously active Endpoint associated with a IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 4,294,967,295. |
| ceipSecEndPtHistTunIndex | 1.3.6.1.4.1.9.9.432.1.2.3.1.2 | unsigned32 | read-only |
The index of the previously active IPsec Phase-2 Tunnel Table. |
| ceipSecEndPtHistActiveIndex | 1.3.6.1.4.1.9.9.432.1.2.3.1.3 | unsigned32 | read-only |
The index of the previously active Endpoint. |
| ceipSecEndPtHistLocalName | 1.3.6.1.4.1.9.9.432.1.2.3.1.4 | snmpadminstring | read-only |
The DNS name of the local Endpoint. |
| ceipSecEndPtHistLocalType | 1.3.6.1.4.1.9.9.432.1.2.3.1.5 | cipsecendpttype | read-only |
The type of identity for the local Endpoint. |
| ceipSecEndPtHistLocalAddrType1 | 1.3.6.1.4.1.9.9.432.1.2.3.1.6 | inetaddresstype | read-only |
The type of the IP address for this local Endpoint's first IP address. |
| ceipSecEndPtHistLocalAddr1 | 1.3.6.1.4.1.9.9.432.1.2.3.1.7 | inetaddress | read-only |
The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtLocalType. |
| ceipSecEndPtHistLocalAddrType2 | 1.3.6.1.4.1.9.9.432.1.2.3.1.8 | inetaddresstype | read-only |
The type of the IP address for this local Endpoint's second IP address. |
| ceipSecEndPtHistLocalAddr2 | 1.3.6.1.4.1.9.9.432.1.2.3.1.9 | inetaddress | read-only |
The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtLocalType. |
| ceipSecEndPtHistLocalProtocol | 1.3.6.1.4.1.9.9.432.1.2.3.1.10 | ciscoipprotocol | read-only |
The protocol number of the local Endpoint's traffic. |
| ceipSecEndPtHistLocalPort | 1.3.6.1.4.1.9.9.432.1.2.3.1.11 | ciscoport | read-only |
The port number of the local Endpoint's traffic. |
| ceipSecEndPtHistRemoteName | 1.3.6.1.4.1.9.9.432.1.2.3.1.12 | snmpadminstring | read-only |
The DNS name of the remote Endpoint. |
| ceipSecEndPtHistRemoteType | 1.3.6.1.4.1.9.9.432.1.2.3.1.13 | cipsecendpttype | read-only |
The type of identity for the remote Endpoint. |
| ceipSecEndPtHistRemoteAddrType1 | 1.3.6.1.4.1.9.9.432.1.2.3.1.14 | inetaddresstype | read-only |
The type of the IP address for this remote Endpoint's first IP address. |
| ceipSecEndPtHistRemoteAddr1 | 1.3.6.1.4.1.9.9.432.1.2.3.1.15 | inetaddress | read-only |
The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtRemoteType. |
| ceipSecEndPtHistRemoteAddrType2 | 1.3.6.1.4.1.9.9.432.1.2.3.1.16 | inetaddresstype | read-only |
The type of the IP address for this remote Endpoint's second IP address. |
| ceipSecEndPtHistRemoteAddr2 | 1.3.6.1.4.1.9.9.432.1.2.3.1.17 | inetaddress | read-only |
The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtRemoteType. |
| ceipSecEndPtHistRemoteProtocol | 1.3.6.1.4.1.9.9.432.1.2.3.1.18 | ciscoipprotocol | read-only |
The protocol number of the remote Endpoint's traffic. |
| ceipSecEndPtHistRemotePort | 1.3.6.1.4.1.9.9.432.1.2.3.1.19 | ciscoport | read-only |
The port number of the remote Endpoint's traffic. |
| ceipSecFailures | 1.3.6.1.4.1.9.9.432.1.3 | |||
| ceipSecFailGlobal | 1.3.6.1.4.1.9.9.432.1.3.1 | |||
| ceipSecFailGlobalCntl | 1.3.6.1.4.1.9.9.432.1.3.1.1 | |||
| ceipSecFailTableSize | 1.3.6.1.4.1.9.9.432.1.3.1.1.1 | unsigned32 | read-write |
The window size of the IPsec Phase-2 Failure Table. The IPsec Phase-2 Failure Tables are implemented as a sliding window in which only the last N entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-2 Failure Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, an appropriate SNMP error vode must be returned. Setting this value to zero is equivalent to deleting all conceptual rows in the archiving table 'ceipSecFailTable' and disabling the archiving of entries in these tables. |
| ceipSecFailTable | 1.3.6.1.4.1.9.9.432.1.3.2 | no-access |
The IPsec Phase-2 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ceipSecFailTableSize object. |
|
| 1.3.6.1.4.1.9.9.432.1.3.2.1 | no-access |
Each entry contains the attributes associated with an IPsec Phase-1 failure. |
||
| ceipSecFailIndex | 1.3.6.1.4.1.9.9.432.1.3.2.1.1 | unsigned32 | no-access |
The IPsec Phase-2 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 4,294,967,295. |
| ceipSecFailReason | 1.3.6.1.4.1.9.9.432.1.3.2.1.2 | integer | read-only |
The reason for the failure. Possible reasons include: 1 = other 2 = internal error occurred 3 = peer encoding error 4 = proposal failure 5 = protocol use failure 6 = non-existent security association 7 = decryption failure 8 = encryption failure 9 = inbound authentication failure 10 = outbound authentication failure 11 = compression failure 12 = system capacity failure 13 = peer delete request was received 14 = contact with peer was lost 15 = sequence number rolled over 16 = operator requested termination 17 = performance utilization exceeding the threshold. Enumeration: 'sysCapExceeded': 12, 'encryptFailure': 8, 'inAuthFailure': 9, 'peerEncodingError': 3, 'decryptFailure': 7, 'internalError': 2, 'proposalFailure': 4, 'operRequest': 16, 'peerLost': 14, 'performanceUtilization': 17, 'other': 1, 'peerDelRequest': 13, 'protocolUseFail': 5, 'nonExistentSa': 6, 'seqNumRollOver': 15, 'outAuthFailure': 10, 'compression': 11. |
| ceipSecFailTime | 1.3.6.1.4.1.9.9.432.1.3.2.1.3 | timestamp | read-only |
The value of sysUpTime in hundredths of seconds at the time of the failure. |
| ceipSecFailTunnelIndex | 1.3.6.1.4.1.9.9.432.1.3.2.1.4 | cipsecphase2tunnelindex | read-only |
The Phase-2 Tunnel index (ceipSecTunIndex). If this conceptual row corresponds to an operation failure (that is, the failure of an established Phase-2 IPsec tunnel), then the value of this object may not be zero. |
| ceipSecFailSaSpi | 1.3.6.1.4.1.9.9.432.1.3.2.1.5 | cipsecspi | read-only |
The security association SPI value. If this conceptual row corresponds to a setup failure (failure to establish the tunnel), the value of this MIB object is undefined. |
| ceipSecFailPktSrcAddressType | 1.3.6.1.4.1.9.9.432.1.3.2.1.6 | inetaddresstype | read-only |
The type of the packet's source IP address. |
| ceipSecFailPktSrcAddress | 1.3.6.1.4.1.9.9.432.1.3.2.1.7 | inetaddress | read-only |
The packet's source IP address. |
| ceipSecFailPktDstAddressType | 1.3.6.1.4.1.9.9.432.1.3.2.1.8 | inetaddresstype | read-only |
The type of the packet's destination IP address. |
| ceipSecFailPktDstAddress | 1.3.6.1.4.1.9.9.432.1.3.2.1.9 | inetaddress | read-only |
The packet's destination IP address. |
| ceipSecNotificationCntl | 1.3.6.1.4.1.9.9.432.1.5 | |||
| ceipSecNotiCntlIpSecAllNotifs | 1.3.6.1.4.1.9.9.432.1.5.1 | truthvalue | read-write |
This object sending any notification defined in this MIB module. That is, a particular notification 'foo' defined in this MIB module is enabled if and only if the expression (ceipSecNotiCntlIpSecAllNotifs && ceipSecNotiCntl |
| ceipSecNotifCntlIpSecTunnelStart | 1.3.6.1.4.1.9.9.432.1.5.2 | truthvalue | read-write |
This object defines the administrative state of sending the IPsec Phase-2 Tunnel Start TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowTunnelStart' is enabled. |
| ceipSecNotifCntlIpSecTunnelStop | 1.3.6.1.4.1.9.9.432.1.5.3 | truthvalue | read-write |
This object defines the administrative state of sending the IPsec Phase-2 Tunnel Stop TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowTunnelStop' is enabled. |
| ceipSecNotifCntlIpSecSysFailure | 1.3.6.1.4.1.9.9.432.1.5.4 | truthvalue | read-write |
This object defines the administrative state of sending the IPsec Phase-2 System Failure TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowSysFailure' is enabled. |
| ceipSecNotifCntlIpSecSetUpFail | 1.3.6.1.4.1.9.9.432.1.5.5 | truthvalue | read-write |
This object defines the administrative state of sending the IPsec Phase-2 Set Up Failure TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowSetupFail' is enabled. |
| ceipSecNotifCntlIpSecBadSa | 1.3.6.1.4.1.9.9.432.1.5.6 | truthvalue | read-write |
This object defines the administrative state of sending the IPsec Phase-2 No Security Association trap. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowBadSa' is enabled. |
| ceipSecNotifCntlCertExpiry | 1.3.6.1.4.1.9.9.432.1.5.7 | truthvalue | read-write |
This object defines the administrative state of sending the IPSec certificate expiry notification. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowCertExpiry' is enabled, otherwise notification 'ciscoEnhIpsecFlowCertExpiry' is disabled. |
| ceipSecNotifCntlCertRenewal | 1.3.6.1.4.1.9.9.432.1.5.8 | truthvalue | read-write |
This object defines the administrative state of sending the IPSec X.509 certificate renewal status notification. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowCertRenewal' is enabled, otherwise notification 'ciscoEnhIpsecFlowCertRenewal' is disabled. |
| ceipSecCertNotification | 1.3.6.1.4.1.9.9.432.1.6 | |||
| ceipSecCertSubjectName | 1.3.6.1.4.1.9.9.432.1.6.1 | snmpadminstring | read-only |
This object provides the subject name from the X.509 certificate, or the alternate subject name if it is available. The subject name is formatted as a character string matching the output of a ssh-certview command-line application, except that the application sending the notification may limit the string length. Example Subject Name: C=US, OU=DEV, CN=Test-01 Example Subject Alternative Name: 2001:0022:0022:0020:0000:0000:0000:0102 |
| ceipSecCertSerialNumber | 1.3.6.1.4.1.9.9.432.1.6.2 | snmpadminstring | read-only |
This object provides the serial number from the X.509 certificate. The serial number is formatted as a character string matching the output of a ssh-certview command-line application. The issuer name and the serial number identify a unique certificate. Example: 1000655533 |
| ceipSecCertIssuerName | 1.3.6.1.4.1.9.9.432.1.6.3 | snmpadminstring | read-only |
This object provides the issuer name from the X.509 certificate. The issuer name is formatted as a character string matching the output of a ssh-certview command-line application, except that the application sending the notification may limit the string length. The issuer name and the serial number identify a unique certificate. Example: C=US, O=Cisco, OU=MITG, CN=Lnx-Insta-RootCA-1 |
| ceipSecCertExpiryTime | 1.3.6.1.4.1.9.9.432.1.6.4 | snmpadminstring | read-only |
This object provides the validity notAfter time from the X.509 certificate. The notAfter time is the time after which the certificate is not valid. The time is formatted as a character string matching the output of a ssh-certview command-line application. Example: 2012 Apr 14th, 19:01:45 GMT |
| ceipSecCertRenewalStatus | 1.3.6.1.4.1.9.9.432.1.6.5 | integer | read-only |
This object provides the renewal status of the X.509 certificate on the application sending the notification. renewalNotNeeded(1) = certificate is OK and does not need to be renewed renewalRequestNeeded(2) = certificate renewal request is needed renewalRequested(3) = certificate renewal has been requested and the renewal process is proceeding renewalSuccess(4) = certificate has been renewed and will be OK (renewalNotNeeded) renewalFailedUpdate(5) = certificate renewal failed, but certificate is still usable until the validity expiration time provided in the notification, or otherwise restricted by the application renewalFailedExpired(6) = certificate is no longer valid, the current time is after the certificate's validity notAfter time, which is provided in this notification Enumeration: 'renewalRequestNeeded': 2, 'renewalFailedUpdate': 5, 'renewalNotNeeded': 1, 'renewalFailedExpired': 6, 'renewalRequested': 3, 'renewalSuccess': 4. |
| ceipSecCertExpiryStatus | 1.3.6.1.4.1.9.9.432.1.6.6 | integer | read-only |
This object provides the expiration status of the X.509 certificate on the application sending the notification. The notification is sent when the value of this object is changed from certOK(1) to certGoingExpired(2). certOK(1) = certificate is OK and is not within the configured time threshold for going to expire certGoingExpired(2) = certificate is within the configured time threshold for going to expire certExpired(3) = certificate has expired, the current time is after the certificate's validity notAfter time Enumeration: 'certOK': 1, 'certGoingExpired': 2, 'certExpired': 3. |
| ciscoEnhancedIpsecFlowMIBConform | 1.3.6.1.4.1.9.9.432.2 | |||
| ciscoEnhIPsecFlowMIBCompliances | 1.3.6.1.4.1.9.9.432.2.1 | |||
| ciscoEnhIPsecFlowMIBCompliance | 1.3.6.1.4.1.9.9.432.2.1.1 |
The compliance statement for SNMP entities pertaining to Phase-2 of IP Security Protocol. |
||
| ciscoEnhIPsecFlowMIBComplianceRev1 | 1.3.6.1.4.1.9.9.432.2.1.2 |
The compliance statement for SNMP entities pertaining to Phase-2 of IP Security Protocol. |
||
| ciscoEnhIPsecFlowMIBComplianceRev2 | 1.3.6.1.4.1.9.9.432.2.1.3 |
The compliance statement for SNMP entities pertaining to Phase-2 of IP Security Protocol. |
||
| ciscoIPsecFlowMIBGroups | 1.3.6.1.4.1.9.9.432.2.2 | |||
| ciscoEnhIPsecFlowActivityGroup | 1.3.6.1.4.1.9.9.432.2.2.1 |
This group consists of: 1) IPsec Phase-2 Global Statistics 2) IPsec Phase-2 Tunnel Table 3) IPsec Phase-2 Endpoint Table 4) IPsec Phase-2 Security Association Table |
||
| ciscoEnhIPsecFlowCoreHistGroup | 1.3.6.1.4.1.9.9.432.2.2.2 |
This group consists of the core (mandatory) objects pertaining to maintaining history of IPsec activity. |
||
| ciscoEnhIPsecFlowHistoryGroup | 1.3.6.1.4.1.9.9.432.2.2.3 |
This group consists of objects that pertain to maintenance of history of IPsec Phase 2 activity. |
||
| ciscoEnhIPsecFlowCoreFailGroup | 1.3.6.1.4.1.9.9.432.2.2.4 |
This group consists of the core (mandatory) objects pertaining to maintaining history of failure IPsec activity. |
||
| ciscoEnhIPsecFlowFailureGroup | 1.3.6.1.4.1.9.9.432.2.2.5 |
This group consists of objects that pertain to maintenance of history of failures associated with Phase 2 IPsec activity. |
||
| ciscoEnhIPsecFlowNotifCntlGroup | 1.3.6.1.4.1.9.9.432.2.2.6 |
This group of objects controls the sending of notifications pertaining to IPsec Phase-2 processing. |
||
| ciscoEnhIPsecFlowNotifGroup | 1.3.6.1.4.1.9.9.432.2.2.7 |
This group contains the notifications pertaining to Phase-2 operations and data transfer. |
||
| ciscoEnhIPsecFlowTunnelSaGroup | 1.3.6.1.4.1.9.9.432.2.2.8 |
This group consists of the Phase-2 IPsec tunnel Security Association and traffic information. |
||
| ciscoEnhIPsecFlowNotifCntlGroupSup01 | 1.3.6.1.4.1.9.9.432.2.2.9 |
This supplement group of objects controls the sending of X.509 certificate IPSec notifications. |
||
| ciscoEnhIPsecFlowNotifGroupSup01 | 1.3.6.1.4.1.9.9.432.2.2.10 |
This supplement group contains the X.509 certificate notifications for the IPSec MIB. |
||
| ciscoEnhIPsecFlowCertObjectGroup | 1.3.6.1.4.1.9.9.432.2.2.11 |
This group consists of objects to support X.509 certificates. |
||
| ciscoEnhIPsecFlowPerformanceThroughputGroup | 1.3.6.1.4.1.9.9.432.2.2.12 |
This group consists of objects to show the the performance utilization. |
||