The MIB module for modeling Cisco-specific IPsec attributes Overview of Cisco IPsec MIB MIB description This MIB models the C...
Version: 2000-08-07
module CISCO-IPSEC-MIB { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:smiv2:CISCO-IPSEC-MIB"; prefix CISCO-IPSEC-MIB; import IF-MIB { prefix if-mib; } import SNMPv2-TC { prefix snmpv2-tc; } import ietf-yang-smiv2 { prefix smiv2; } import ietf-yang-types { prefix yang; } organization "Cisco Systems, Inc."; contact " Cisco Systems Enterprise Business Management Unit Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-ipsecurity@cisco.com"; description "The MIB module for modeling Cisco-specific IPsec attributes Overview of Cisco IPsec MIB MIB description This MIB models the Cisco implementation-specific attributes of a Cisco entity that implements IPsec. This MIB is complementary to the standard IPsec MIB proposed jointly by Tivoli and Cisco. The ciscoIPsec MIB provides the operational information on Cisco's IPsec tunnelling implementation. The following entities are managed: 1) ISAKMP Group: a) ISAKMP global parameters b) ISAKMP Policy Table 2) IPSec Group: a) IPSec Global Parameters b) IPSec Global Traffic Parameters c) Cryptomap Group - Cryptomap Set Table - Cryptomap Table - CryptomapSet Binding Table 3) System Capacity & Capability Group: a) Capacity Parameters b) Capability Parameters 4) Trap Control Group 5) Notifications Group"; revision "2000-08-07" { description "[Revision added by libsmi due to a LAST-UPDATED clause.]"; } smiv2:alias "ciscoIPsecMIB" { smiv2:oid "1.3.6.1.4.1.9.10.62"; } smiv2:alias "ciscoIPsecMIBObjects" { smiv2:oid "1.3.6.1.4.1.9.10.62.1"; } smiv2:alias "cipsIsakmpGroup" { smiv2:oid "1.3.6.1.4.1.9.10.62.1.1"; } smiv2:alias "cipsIPsecGroup" { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2"; } smiv2:alias "cipsIPsecGlobals" { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.1"; } smiv2:alias "cipsIPsecStatistics" { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.2"; } smiv2:alias "cipsCryptomapGroup" { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3"; } smiv2:alias "cipsSysCapacityGroup" { smiv2:oid "1.3.6.1.4.1.9.10.62.1.3"; } smiv2:alias "cipsTrapCntlGroup" { smiv2:oid "1.3.6.1.4.1.9.10.62.1.4"; } smiv2:alias "ciscoIPsecMIBNotificationPrefix" { smiv2:oid "1.3.6.1.4.1.9.10.62.2"; } smiv2:alias "cipsMIBNotifications" { smiv2:oid "1.3.6.1.4.1.9.10.62.2.0"; } smiv2:alias "ciscoIPsecMIBConformance" { smiv2:oid "1.3.6.1.4.1.9.10.62.3"; } smiv2:alias "cipsMIBConformances" { smiv2:oid "1.3.6.1.4.1.9.10.62.3.1"; } smiv2:alias "cipsMIBGroups" { smiv2:oid "1.3.6.1.4.1.9.10.62.3.2"; } typedef CIPsecLifetime { type yang:gauge32 { range "120..86400"; } description "Value in units of seconds"; } typedef CIPsecLifesize { type yang:gauge32 { range "2560..536870912"; } description "Value in units of kilobytes"; } typedef CIPsecNumCryptoMaps { type yang:gauge32 { range "0..2147483647"; } description "Integral units representing count of cryptomaps"; } typedef CryptomapType { type enumeration { enum "cryptomapTypeNONE" { value 0; } enum "cryptomapTypeMANUAL" { value 1; } enum "cryptomapTypeISAKMP" { value 2; } enum "cryptomapTypeCET" { value 3; } enum "cryptomapTypeDYNAMIC" { value 4; } enum "cryptomapTypeDYNAMICDISCOVERY" { value 5; } } description "The type of a cryptomap entry. Cryptomap is a unit of IOS IPSec policy specification."; } typedef CryptomapSetBindStatus { type enumeration { enum "unknown" { value 0; } enum "attached" { value 1; } enum "detached" { value 2; } } description "The status of the binding of a cryptomap set to the specified interface. The value qhen queried is always 'attached'. When set to 'detached', the cryptomap set if detached from the specified interface. Setting the value to 'attached' will result in SNMP General Error."; } typedef IPSIpAddress { type binary { length "4|16"; } description "An IP V4 or V6 Address."; } typedef IkeHashAlgo { type enumeration { enum "none" { value 1; } enum "md5" { value 2; } enum "sha" { value 3; } } description "The hash algorithm used in IPsec Phase-1 IKE negotiations."; } typedef IkeAuthMethod { type enumeration { enum "none" { value 1; } enum "preSharedKey" { value 2; } enum "rsaSig" { value 3; } enum "rsaEncrypt" { value 4; } enum "revPublicKey" { value 5; } } description "The authentication method used in IPsec Phase-1 IKE negotiations."; } typedef IkeIdentityType { type enumeration { enum "isakmpIdTypeUNKNOWN" { value 0; } enum "isakmpIdTypeADDRESS" { value 1; } enum "isakmpIdTypeHOSTNAME" { value 2; } } description "The type of identity used by the local entity to identity itself to the peer with which it performs IPSec Main Mode negotiations. This type decides the content of the Identification payload in the Main Mode of IPSec tunnel setup."; } typedef DiffHellmanGrp { type enumeration { enum "none" { value 1; } enum "dhGroup1" { value 2; } enum "dhGroup2" { value 3; } } description "The Diffie Hellman Group used in negotiations."; } typedef EncryptAlgo { type enumeration { enum "none" { value 1; } enum "des" { value 2; } enum "des3" { value 3; } } description "The encryption algorithm used in negotiations."; } typedef TrapStatus { type enumeration { enum "enabled" { value 1; } enum "disabled" { value 2; } } description "The administrative status for sending a TRAP."; } container CISCO-IPSEC-MIB { config false; container cipsIsakmpGroup { smiv2:oid "1.3.6.1.4.1.9.10.62.1.1"; leaf cipsIsakmpEnabled { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.1"; type boolean; description "The value of this object is TRUE if ISAKMP has been enabled on the managed entity. Otherise the value of this object is FALSE."; } leaf cipsIsakmpIdentity { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.2"; type IkeIdentityType; description "The value of this object is shows the type of identity used by the managed entity in ISAKMP negotiations with another peer."; } leaf cipsIsakmpKeepaliveInterval { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.3"; type int32 { range "10..3600"; } units "seconds"; description "The value of this object is time interval in seconds between successive ISAKMP keepalive heartbeats issued to the peers to which IKE tunnels have been setup."; } leaf cipsNumIsakmpPolicies { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.4"; type int32 { range "0..2147483647"; } description "The value of this object is the number of ISAKMP policies that have been configured on the managed entity."; } } // container cipsIsakmpGroup container cipsIPsecGlobals { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.1"; leaf cipsSALifetime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.1.1"; type CIPsecLifetime; units "Seconds"; description "The default lifetime (in seconds) assigned to an SA as a global policy (maybe overridden in specific cryptomap definitions)."; } leaf cipsSALifesize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.1.2"; type CIPsecLifesize; units "KBytes"; description "The default lifesize in KBytes assigned to an SA as a global policy (unless overridden in cryptomap definition)"; } leaf cipsNumStaticCryptomapSets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.1.3"; type CIPsecNumCryptoMaps; units "Integral Units"; description "The number of Cryptomap Sets that are are fully configured. Statically defined cryptomap sets are ones where the operator has fully specified all the parameters required set up IPSec Virtual Private Networks (VPNs)."; } leaf cipsNumCETCryptomapSets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.1.4"; type CIPsecNumCryptoMaps; units "Integral Units"; description "The number of static Cryptomap Sets that have at least one CET cryptomap element as a member of the set."; } leaf cipsNumDynamicCryptomapSets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.1.5"; type CIPsecNumCryptoMaps; units "Integral Units"; description "The number of dynamic IPSec Policy templates (called 'dynamic cryptomap templates') configured on the managed entity."; } leaf cipsNumTEDCryptomapSets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.1.6"; type CIPsecNumCryptoMaps; units "Integral Units"; description "The number of static Cryptomap Sets that have at least one dynamic cryptomap template bound to them which has the Tunnel Endpoint Discovery (TED) enabled."; } } // container cipsIPsecGlobals container cipsIPsecStatistics { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.2"; leaf cipsNumTEDProbesReceived { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.2.1"; type yang:counter32; units "Integral Units"; description "The number of TED probes that were received by this managed entity since bootup. Not affected by any CLI operation."; } leaf cipsNumTEDProbesSent { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.2.2"; type yang:counter32; units "Integral Units"; description "The number of TED probes that were dispatched by all the dynamic cryptomaps in this managed entity since bootup. Not affected by any CLI operation."; } leaf cipsNumTEDFailures { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.2.3"; type yang:counter32; units "Integral Units"; description "The number of TED probes that were dispatched by the local entity and that failed to locate crypto endpoint. Not affected by any CLI operation."; } } // container cipsIPsecStatistics container cipsSysCapacityGroup { smiv2:oid "1.3.6.1.4.1.9.10.62.1.3"; leaf cipsMaxSAs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.3.1"; type int32 { range "0..65535"; } units "Integral Units"; description "The maximum number of IPsec Security Associations that can be established on this managed entity. If no theoretical limit exists, this returns value 0. Not affected by any CLI operation."; } leaf cips3DesCapable { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.3.2"; type boolean; description "The value of this object is TRUE if the managed entity has the hardware nad software features to support 3DES encryption algorithm. Not affected by any CLI operation."; } } // container cipsSysCapacityGroup container cipsTrapCntlGroup { smiv2:oid "1.3.6.1.4.1.9.10.62.1.4"; leaf cipsCntlIsakmpPolicyAdded { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.4.1"; type TrapStatus; description "This object defines the administrative state of sending the IOS IPsec ISAKMP Policy Add trap."; } leaf cipsCntlIsakmpPolicyDeleted { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.4.2"; type TrapStatus; description "This object defines the administrative state of sending the IOS IPsec ISAKMP Policy Delete trap."; } leaf cipsCntlCryptomapAdded { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.4.3"; type TrapStatus; description "This object defines the administrative state of sending the IOS IPsec Cryptomap Add trap."; } leaf cipsCntlCryptomapDeleted { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.4.4"; type TrapStatus; description "This object defines the administrative state of sending the IOS IPsec Cryptomap Delete trap."; } leaf cipsCntlCryptomapSetAttached { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.4.5"; type TrapStatus; description "This object defines the administrative state of sending the IOS IPsec trap that is issued when a cryptomap set is attached to an interface."; } leaf cipsCntlCryptomapSetDetached { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.4.6"; type TrapStatus; description "This object defines the administrative state of sending the IOS IPsec trap that is issued when a cryptomap set is detached from an interface. to which it was earlier bound."; } leaf cipsCntlTooManySAs { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.4.7"; type TrapStatus; description "This object defines the administrative state of sending the IOS IPsec trap that is issued when the number of SAs crosses the maximum number of SAs that may be supported on the managed entity."; } } // container cipsTrapCntlGroup container cipsIsakmpPolicyTable { smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.5"; description "The table containing the list of all ISAKMP policy entries configured by the operator."; list cipsIsakmpPolicyEntry { smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.5.1"; key "cipsIsakmpPolPriority"; description "Each entry contains the attributes associated with a single ISAKMP Policy entry."; leaf cipsIsakmpPolPriority { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.5.1.1"; type int32 { range "0..65535"; } description "The priotity of this ISAKMP Policy entry. This is also the index of this table."; } leaf cipsIsakmpPolEncr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.5.1.2"; type EncryptAlgo; description "The encryption transform specified by this ISAKMP policy specification. The Internet Key Exchange (IKE) tunnels setup using this policy item would use the specified encryption transform to protect the ISAKMP PDUs."; } leaf cipsIsakmpPolHash { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.5.1.3"; type IkeHashAlgo; description "The hash transform specified by this ISAKMP policy specification. The IKE tunnels setup using this policy item would use the specified hash transform to protect the ISAKMP PDUs."; } leaf cipsIsakmpPolAuth { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.5.1.4"; type IkeAuthMethod; description "The peer authentication mthod specified by this ISAKMP policy specification. If this policy entity is selected for negotiation with a peer, the local entity would authenticate the peer using the method specified by this object."; } leaf cipsIsakmpPolGroup { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.5.1.5"; type DiffHellmanGrp; description "This object specifies the Oakley group used for Diffie Hellman exchange in the Main Mode. If this policy item is selected to negotiate Main Mode with an IKE peer, the local entity chooses the group specified by this object to perform Diffie Hellman exchange with the peer."; } leaf cipsIsakmpPolLifetime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.1.5.1.6"; type int32 { range "60..86400"; } units "seconds"; description "This object specifies the lifetime in seconds of the IKE tunnels generated using this policy specification."; } } // list cipsIsakmpPolicyEntry } // container cipsIsakmpPolicyTable container cipsStaticCryptomapSetTable { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.1"; description "The table containing the list of all cryptomap sets that are fully specified and are not wild-carded. The operator may include different types of cryptomaps in such a set - manual, CET, ISAKMP or dynamic."; list cipsStaticCryptomapSetEntry { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.1.1"; key "cipsStaticCryptomapSetName"; description "Each entry contains the attributes associated with a single static cryptomap set."; leaf cipsStaticCryptomapSetName { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.1.1.1"; type snmpv2-tc:DisplayString; description "The index of the static cryptomap table. The value of the string is the name string assigned by the operator in defining the cryptomap set."; } leaf cipsStaticCryptomapSetSize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.1.1.2"; type yang:gauge32; description "The total number of cryptomap entries contained in this cryptomap set. "; } leaf cipsStaticCryptomapSetNumIsakmp { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.1.1.3"; type yang:gauge32; description "The number of cryptomaps associated with this cryptomap set that use ISAKMP protocol to do key exchange."; } leaf cipsStaticCryptomapSetNumManual { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.1.1.4"; type yang:gauge32; description "The number of cryptomaps associated with this cryptomap set that require the operator to manually setup the keys and SPIs."; } leaf cipsStaticCryptomapSetNumCET { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.1.1.5"; type yang:gauge32; description "The number of cryptomaps of type 'ipsec-cisco' associated with this cryptomap set. Such cryptomap elements implement Cisco Encryption Technology based Virtual Private Networks."; } leaf cipsStaticCryptomapSetNumDynamic { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.1.1.6"; type yang:gauge32; description "The number of dynamic cryptomap templates linked to this cryptomap set."; } leaf cipsStaticCryptomapSetNumDisc { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.1.1.7"; type yang:gauge32; description "The number of dynamic cryptomap templates linked to this cryptomap set that have Tunnel Endpoint Discovery (TED) enabled."; } leaf cipsStaticCryptomapSetNumSAs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.1.1.8"; type yang:gauge32; description "The number of and IPsec Security Associations that are active and were setup using this cryptomap. "; } } // list cipsStaticCryptomapSetEntry } // container cipsStaticCryptomapSetTable container cipsDynamicCryptomapSetTable { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.2"; description "The table containing the list of all dynamic cryptomaps that use IKE, defined on the managed entity."; list cipsDynamicCryptomapSetEntry { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.2.1"; key "cipsDynamicCryptomapSetName"; description "Each entry contains the attributes associated with a single dynamic cryptomap template."; leaf cipsDynamicCryptomapSetName { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.2.1.1"; type snmpv2-tc:DisplayString; description "The index of the dynamic cryptomap table. The value of the string is the one assigned by the operator in defining the cryptomap set."; } leaf cipsDynamicCryptomapSetSize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.2.1.2"; type yang:gauge32; description "The number of cryptomap entries in this cryptomap."; } leaf cipsDynamicCryptomapSetNumAssoc { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.2.1.3"; type yang:gauge32; description "The number of static cryptomap sets with which this dynamic cryptomap is associated. "; } } // list cipsDynamicCryptomapSetEntry } // container cipsDynamicCryptomapSetTable container cipsStaticCryptomapTable { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3"; description "The table ilisting the member cryptomaps of the cryptomap sets that are configured on the managed entity."; list cipsStaticCryptomapEntry { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3.1"; key "cipsStaticCryptomapSetName cipsStaticCryptomapPriority"; description "Each entry contains the attributes associated with a single static (fully specified) cryptomap entry. This table does not include the members of dynamic cryptomap sets that may be linked with the parent static cryptomap set."; leaf cipsStaticCryptomapSetName { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetName"; } } leaf cipsStaticCryptomapPriority { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3.1.1"; type int32 { range "0..65535"; } description "The priority of the cryptomap entry in the cryptomap set. This is the second index component of this table."; } leaf cipsStaticCryptomapType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3.1.2"; type CryptomapType; description "The type of the cryptomap entry. This can be an ISAKMP cryptomap, CET or manual. Dynamic cryptomaps are not counted in this table."; } leaf cipsStaticCryptomapDescr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3.1.3"; type snmpv2-tc:DisplayString; description "The description string entered by the operatoir while creating this cryptomap. The string generally identifies a description and the purpose of this policy."; } leaf cipsStaticCryptomapPeer { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3.1.4"; type IPSIpAddress; description "The IP address of the current peer associated with this IPSec policy item. Traffic that is protected by this cryptomap is protected by a tunnel that terminates at the device whose IP address is specified by this object."; } leaf cipsStaticCryptomapNumPeers { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3.1.5"; type int32 { range "0..40"; } description "The number of peers associated with this cryptomap entry. The peers other than the one identified by 'cipsStaticCryptomapPeer' are backup peers. Manual cryptomaps may have only one peer."; } leaf cipsStaticCryptomapPfs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3.1.6"; type DiffHellmanGrp; description "This object identifies if the tunnels instantiated due to this policy item should use Perfect Forward Secrecy (PFS) and if so, what group of Oakley they should use."; } leaf cipsStaticCryptomapLifetime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3.1.7"; type int32 { range "0|120..86400"; } description "This object identifies the lifetime of the IPSec Security Associations (SA) created using this IPSec policy entry. If this value is zero, the lifetime assumes the value specified by the global lifetime parameter."; } leaf cipsStaticCryptomapLifesize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3.1.8"; type int32 { range "0|2560..536870912"; } description "This object identifies the lifesize (maximum traffic in bytes that may be carried) of the IPSec SAs created using this IPSec policy entry. If this value is zero, the lifetime assumes the value specified by the global lifesize parameter."; } leaf cipsStaticCryptomapLevelHost { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.3.1.9"; type boolean; description "This object identifies the granularity of the IPSec SAs created using this IPSec policy entry. If this value is TRUE, distinct SA bundles are created for distinct hosts at the end of the application traffic."; } } // list cipsStaticCryptomapEntry } // container cipsStaticCryptomapTable container cipsCryptomapSetIfTable { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.4"; description "The table lists the binding of cryptomap sets to the interfaces of the managed entity."; list cipsCryptomapSetIfEntry { smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.4.1"; key "ifIndex cipsStaticCryptomapSetName"; description "Each entry contains the record of the association between an interface and a cryptomap set (static) that is defined on the managed entity. Note that the cryptomap set identified in this binding must static. Dynamic cryptomaps cannot be bound to interfaces."; leaf ifIndex { type leafref { path "/if-mib:IF-MIB/if-mib:ifTable/if-mib:ifEntry/if-mib:ifIndex"; } } leaf cipsStaticCryptomapSetName { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetName"; } } leaf cipsCryptomapSetIfVirtual { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.4.1.1"; type boolean; description "The value of this object identifies if the interface to which the cryptomap set is attached is a tunnel (such as a GRE or PPTP tunnel)."; } leaf cipsCryptomapSetIfStatus { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.10.62.1.2.3.4.1.2"; type CryptomapSetBindStatus; description "This object identifies the status of the binding of the specified cryptomap set with the specified interface. The value when queried is always 'attached'. When set to 'detached', the cryptomap set if detached from the specified interface. The effect of this is same as the CLI command config-if# no crypto map cryptomapSetName Setting the value to 'attached' will result in SNMP General Error."; } } // list cipsCryptomapSetIfEntry } // container cipsCryptomapSetIfTable } // container CISCO-IPSEC-MIB notification cipsIsakmpPolicyAdded { smiv2:oid "1.3.6.1.4.1.9.10.62.2.0.1"; description "This trap is generated when a new ISAKMP policy element is defined on the managed entity. The context of the event includes the updated number of ISAKMP policy elements currently available."; container object-1 { leaf cipsNumIsakmpPolicies { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsIsakmpGroup/CISCO-IPSEC-MIB:cipsNumIsakmpPolicies"; } } } // container object-1 } // notification cipsIsakmpPolicyAdded notification cipsIsakmpPolicyDeleted { smiv2:oid "1.3.6.1.4.1.9.10.62.2.0.2"; description "This trap is generated when an existing ISAKMP policy element is deleted on the managed entity. The context of the event includes the updated number of ISAKMP policy elements currently available."; container object-1 { leaf cipsNumIsakmpPolicies { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsIsakmpGroup/CISCO-IPSEC-MIB:cipsNumIsakmpPolicies"; } } } // container object-1 } // notification cipsIsakmpPolicyDeleted notification cipsCryptomapAdded { smiv2:oid "1.3.6.1.4.1.9.10.62.2.0.3"; description "This trap is generated when a new cryptomap is added to the specified cryptomap set."; container object-1 { leaf cipsStaticCryptomapSetName { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetName"; } } leaf cipsStaticCryptomapPriority { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapTable/CISCO-IPSEC-MIB:cipsStaticCryptomapEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapPriority"; } } leaf cipsStaticCryptomapType { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapTable/CISCO-IPSEC-MIB:cipsStaticCryptomapEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapType"; } } } // container object-1 container object-2 { leaf cipsStaticCryptomapSetName { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetName"; } } leaf cipsStaticCryptomapSetSize { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetSize"; } } } // container object-2 } // notification cipsCryptomapAdded notification cipsCryptomapDeleted { smiv2:oid "1.3.6.1.4.1.9.10.62.2.0.4"; description "This trap is generated when a cryptomap is removed from the specified cryptomap set."; container object-1 { leaf cipsStaticCryptomapSetName { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetName"; } } leaf cipsStaticCryptomapSetSize { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetSize"; } } } // container object-1 } // notification cipsCryptomapDeleted notification cipsCryptomapSetAttached { smiv2:oid "1.3.6.1.4.1.9.10.62.2.0.5"; description "A cryptomap set must be attached to an interface of the device in order for it to be operational. This trap is generated when the cryptomap set attached to an active interface of the managed entity. The context of the notification includes: Size of the attached cryptomap set, Number of ISAKMP cryptomaps in the set and Number of Dynamic cryptomaps in the set."; container object-1 { leaf cipsStaticCryptomapSetName { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetName"; } } leaf cipsStaticCryptomapSetSize { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetSize"; } } } // container object-1 container object-2 { leaf cipsStaticCryptomapSetName { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetName"; } } leaf cipsStaticCryptomapSetNumIsakmp { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetNumIsakmp"; } } } // container object-2 container object-3 { leaf cipsStaticCryptomapSetName { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetName"; } } leaf cipsStaticCryptomapSetNumDynamic { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetNumDynamic"; } } } // container object-3 } // notification cipsCryptomapSetAttached notification cipsCryptomapSetDetached { smiv2:oid "1.3.6.1.4.1.9.10.62.2.0.6"; description "This trap is generated when a cryptomap set is detached from an interafce to which it was bound earlier. The context of the event identifies the size of the cryptomap set."; container object-1 { leaf cipsStaticCryptomapSetName { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetName"; } } leaf cipsStaticCryptomapSetSize { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsStaticCryptomapSetTable/CISCO-IPSEC-MIB:cipsStaticCryptomapSetEntry/CISCO-IPSEC-MIB:cipsStaticCryptomapSetSize"; } } } // container object-1 } // notification cipsCryptomapSetDetached notification cipsTooManySAs { smiv2:oid "1.3.6.1.4.1.9.10.62.2.0.7"; description "This trap is generated when a new SA is attempted to be setup while the number of currently active SAs equals the maximum configurable. The variables are: cipsMaxSAs"; container object-1 { leaf cipsMaxSAs { type leafref { path "/CISCO-IPSEC-MIB:CISCO-IPSEC-MIB/CISCO-IPSEC-MIB:cipsSysCapacityGroup/CISCO-IPSEC-MIB:cipsMaxSAs"; } } } // container object-1 } // notification cipsTooManySAs } // module CISCO-IPSEC-MIB
© 2023 YumaWorks, Inc. All rights reserved.