cic Ike Keep Alive Enabled

1.3.6.1.4.1.9.9.423.1.3.1.1.1

This object reflects if the IKE entity in the managed device performs keepalives with all the peers for the DOI corresponding to this conceptual row. 'true' - keepalives are performed. 'false' - no keepalives are performed. ::= { cicIkeCfgFailureRecovConfigEntry 1 } SYNTAX INTEGER { none(1), periodic(2), ondemand(3) } MAX-ACCESS read-write STATUS current DESCRIPTION This object reflects the type of keepalives to be used by the IKE entity on the managed device with all the peers for the DOI corresponding to this conceptual row. ::= { cicIkeCfgFailureRecovConfigEntry 2 } SYNTAX Unsigned32(1..86400) UNITS "seconds This object reflects the keepalive interval in seconds used by the IKE entity on the managed device with all the peers for the DOI corresponding to this conceptual row. ::= { cicIkeCfgFailureRecovConfigEntry 3 } SYNTAX Unsigned32(1..600) UNITS "seconds This object reflects the keepalive retry interval in seconds used by the IKE entity on the managed device with all the peers for the DOI corresponding to this conceptual row. ::= { cicIkeCfgFailureRecovConfigEntry 4 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION This object reflects if the IKE entity on the managed device notifies any peer when an IPsec Phase-1 or Phase-2 packet with an invalid SPI is received from that peer for the DOI corresponding to this conceptual row. 'true' - IKE entity notifies peer. 'false' - IKE entity does not notify peer. ::= { cicIkeCfgFailureRecovConfigEntry 5 } -- -- Table giving next available index for pre-shared -- authentication key table -- SYNTAX SEQUENCE OF CicIkeCfgPskNextAvailEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION The table providing the next available index for the cicIkeCfgPskTable, in a domain of interpretation(DOI), identified by cicIkeCfgIdentityDoi. This value is only a recommended value, but the user can choose to use a different value to create an entry in the cicIkeCfgPskTable. ::= { cicIkeCfgPskAuthConfig 1 } SYNTAX CicIkeCfgPskNextAvailEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Each entry represents a next available index for the cicIkeCfgPskTable. AUGMENTS { cicIkeCfgIdentityEntry } ::= { cicIkeCfgPskNextAvailTable 1 } CicIkeCfgPskNextAvailEntry ::= SEQUENCE { cicIkeCfgPskNextAvailIndex CicIkeConfigPskIndex } SYNTAX CicIkeConfigPskIndex MAX-ACCESS read-only STATUS current DESCRIPTION The object specifies the next available index for object cicIkeCfgPskIndex which can be used for creating an entry in cicIkeCfgPskTable. ::= { cicIkeCfgPskNextAvailEntry 1 } --- --- IKE pre-shared authentication key table --- SYNTAX SEQUENCE OF CicIkeCfgPskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION The table containing the list of pre shared authentication keys configured to be used by IKE protocol catalogued by the DOI and the peer identity. It is possible to have multiple peers per DOI. ::= { cicIkeCfgPskAuthConfig 2 } SYNTAX CicIkeCfgPskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Each entry represents a configured pre-shared authentication key for a specific peer. INDEX { cicIkeCfgIdentityDoi, cicIkeCfgPskIndex } ::= { cicIkeCfgPskTable 1 } CicIkeCfgPskEntry ::= SEQUENCE { cicIkeCfgPskIndex CicIkeConfigPskIndex, cicIkeCfgPskKey OCTET STRING, cicIkeCfgPskRemIdentType CIPsecPhase1PeerIdentityType, cicIkeCfgPskRemIdentTypeStand InetAddressType, cicIkeCfgPskRemIdentity OCTET STRING, cicIkeCfgPskRemIdAddrOrRg1OrSn InetAddress, cicIkeCfgPskRemIdAddrRange2 InetAddress, cicIkeCfgPskRemIdSubnetMask InetAddressPrefixLength, cicIkeCfgPskStatus RowStatus } SYNTAX CicIkeConfigPskIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION An arbitrary value identifying the configured pre-shared keys for IKE entity in this domain of interpretation, identified by cicIkeCfgIdentityDoi, on a managed device. This object could have the same value as cicIkeCfgPskNextAvailIndex. ::= { cicIkeCfgPskEntry 1 } SYNTAX OCTET STRING(SIZE(1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION The pre-shared authorization key used in authenticating the peer corresponding to this conceptual row. This object cannot be modified while the corresponding value of cicIkeCfgPskStatus is equal to 'active'. ::= { cicIkeCfgPskEntry 2 } SYNTAX CIPsecPhase1PeerIdentityType MAX-ACCESS read-create STATUS current DESCRIPTION The Phase 1 ID type of the remote peer identity for which this preshared key is configured. This object cannot be modified while the corresponding value of cicIkeCfgPskStatus is equal to 'active'. ::= { cicIkeCfgPskEntry 3 } SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION If the object 'cicIkeCfgPskRemIdentType' is one of idIpv4Addr idIpv6Addr idIpv4AddrRange idIpv6AddrRange idIpv4AddrSubnet idIpv6AddrSubnet then this object contains the type of InetAddress for the corresponding value(s) of cicIkeCfgPskRemIdAddrOrRg1OrSn, cicIkeCfgPskRemIdAddrRange2 and/or cicIkeCfgPskRemIdSubnetMask. This object would have a value 'unknown', for other values of cicIkeCfgPskRemIdentType. ::= { cicIkeCfgPskEntry 4 } SYNTAX OCTET STRING(SIZE(1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION The Phase 1 ID identity of the peer for which this preshared key is configured on the local entity. This object cannot be modified while the corresponding value of cicIkeCfgPskStatus is equal to 'active'. ::= { cicIkeCfgPskEntry 5 } SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION If the object cicIkeCfgPskRemIdentType is one of idIpv4Addr idIpv6Addr idIpv4AddrRange idIpv6AddrRange idIpv4AddrSubnet idIpv6AddrSubnet then this object contains the first or only component of the Phase 1 identity. Otherwise, the value contained in this object will be a zero length string which should be disregarded. ::= { cicIkeCfgPskEntry 6 } SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION If the object cicIkeCfgPskRemIdentType is one of idIpv4AddrRange idIpv6AddrRange then this object contains the second component of the Phase 1 identity. Otherwise, the value contained in this object will be a zero length string which should be disregarded. ::= { cicIkeCfgPskEntry 7 } SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION If the object 'cicIkeCfgPskRemIdentType' is one of idIpv4AddrSubnet idIpv6AddrSubnet then this object contains the second component of the Phase 1 identity. Otherwise, the value contained in this object will be zero which should be disregarded. ::= { cicIkeCfgPskEntry 8 } SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION The status of this conceptual row. To configure an pre shared authentication key entry, the NMS must do a multivarbind set containing cicIkeCfgPskKey, cicIkeCfgPskRemIdentType,cicIkeCfgPskRemIdentity. Creation of row can only be done via 'createAndGo'. To remove a row, set this object value to 'destroy'. ::= { cicIkeCfgPskEntry 9 } -- -- Cisco ISAKMP Policy Entries -- SYNTAX SEQUENCE OF CicIkeCfgPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION The table containing the list of all ISAKMP policy entries configured by the operator. ::= { cicIkeCfgPolicies 1 } SYNTAX CicIkeCfgPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Each entry contains the attributes associated with a single ISAKMP Policy entry. INDEX { cicIkeCfgIdentityDoi, cicIkeCfgPolicyPriority } ::= { cicIkeCfgPolicyTable 1 } CicIkeCfgPolicyEntry ::= SEQUENCE { cicIkeCfgPolicyPriority Unsigned32, cicIkeCfgPolicyEncr CIPsecEncryptAlgorithm, cicIkeCfgPolicyHash CIPsecIkeHashAlgorithm, cicIkeCfgPolicyPRF CIPsecIkePRFAlgorithm, cicIkeCfgPolicyAuth CIPsecIkeAuthMethod, cicIkeCfgPolicyDHGroup CIPsecDiffHellmanGrp, cicIkeCfgPolicyLifetime CIKELifetime, cicIkeCfgPolicyLifesize CIKELifesize, cicIkeCfgPolicyStatus RowStatus } SYNTAX Unsigned32(1..65534) MAX-ACCESS not-accessible STATUS current DESCRIPTION The priority of this ISAKMP Policy entry. The policy with lower value would take precedence over the policy with higher value in the same DOI. ::= { cicIkeCfgPolicyEntry 1 } SYNTAX CIPsecEncryptAlgorithm MAX-ACCESS read-create STATUS current DESCRIPTION The encryption transform specified by this ISAKMP policy specification. The Internet Key Exchange (IKE) tunnels setup using this policy item would use the specified encryption transform to protect the ISAKMP PDUs. DEFVAL { esp3des } ::= { cicIkeCfgPolicyEntry 2 } SYNTAX CIPsecIkeHashAlgorithm MAX-ACCESS read-create STATUS current DESCRIPTION The hash transform specified by this ISAKMP policy specification. The IKE tunnels setup using this policy item would use the specified hash transform to protect the ISAKMP PDUs. DEFVAL { sha } ::= { cicIkeCfgPolicyEntry 3 } SYNTAX CIPsecIkePRFAlgorithm MAX-ACCESS read-create STATUS current DESCRIPTION The Pseudo Random Function algorithm specified by this ISAKMP policy specification. The value of this object would only be used for IKEv2. DEFVAL { prfHmacSha1 } ::= { cicIkeCfgPolicyEntry 4 } SYNTAX CIPsecIkeAuthMethod MAX-ACCESS read-create STATUS current DESCRIPTION The peer authentication method specified by this ISAKMP policy specification. If this policy entity is selected for negotiation with a peer, the local entity would authenticate the peer using the method specified by this object. DEFVAL { preSharedKey } ::= { cicIkeCfgPolicyEntry 5 } SYNTAX CIPsecDiffHellmanGrp MAX-ACCESS read-create STATUS current DESCRIPTION This object specifies the Oakley group used for Diffie Hellman exchange in the Main Mode. If this policy item is selected to negotiate Main Mode with an IKE peer, the local entity chooses the group specified by this object to perform Diffie Hellman exchange with the peer. DEFVAL { modp1024 } ::= { cicIkeCfgPolicyEntry 6 } SYNTAX CIKELifetime UNITS "seconds This object specifies the lifetime in seconds of the IKE tunnels generated using this policy specification. DEFVAL { 86400 } ::= { cicIkeCfgPolicyEntry 7 } SYNTAX CIKELifesize UNITS "kbytes This object specifies the life size in Kbytes of the IKE tunnels generated using this policy specification. DEFVAL { 2560 } ::= { cicIkeCfgPolicyEntry 8 } SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION This object specifies the status of the ISAKMP policy corresponding to this conceptual row. Creation of row can only be done via 'createAndGo'. To remove a row, set this object value to 'destroy'. ::= { cicIkeCfgPolicyEntry 9 } -- -- Notification Configuration -- SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION This value of this object must be 'true' to enable any notification in addition to the notification-specific control variables defined below. A notification defined in this module is enabled if and only if the expression (cicNotifCntlIkeAllNotifs && cicNotifCntlIke) evaluates to 'true'. DEFVAL { true } ::= { cicIkeConfigMibNotifCntl 1 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION When cicNotifCntlIkeAllNotifs has the value 'true', this variable controls the generation of the ciscoIkeConfigOperStateChanged notification. When this variable is set to 'true', generation of the notification is enabled. When this variable is set to 'false', generation of the notification is disabled. DEFVAL { true } ::= { cicIkeConfigMibNotifCntl 2 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION When cicNotifCntlIkeAllNotifs has the value 'true', this variable controls the generation of cicNotifCntlIkePskAdded notification. When this variable is set to 'true', generation of the notification is enabled. When this variable is set to 'false', generation of the notification is disabled. DEFVAL { true } ::= { cicIkeConfigMibNotifCntl 3 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION When cicNotifCntlIkeAllNotifs has the value 'true', this variable controls the generation of cicNotifCntlIkePskDeleted notification. When this variable is set to 'true', generation of the notification is enabled. When this variable is set to 'false', generation of the notification is disabled. DEFVAL { true } ::= { cicIkeConfigMibNotifCntl 4 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION When cicNotifCntlIkeAllNotifs has the value 'true', this variable controls the generation of cicNotifCntlIkePolicyAdded notification. When this variable is set to 'true', generation of the notification is enabled. When this variable is set to 'false', generation of the notification is disabled. DEFVAL { true } ::= { cicIkeConfigMibNotifCntl 5 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION When cicNotifCntlIkeAllNotifs has the value 'true', this variable controls the generation of cicNotifCntlIkePolicyDeleted notification. When this variable is set to 'true', generation of the notification is enabled. When this variable is set to 'false', generation of the notification is disabled. DEFVAL { true } ::= { cicIkeConfigMibNotifCntl 6 } -- ****************************************************************** -- Notifications -- ****************************************************************** ciscoIkeConfigOperStateChanged NOTIFICATION-TYPE OBJECTS { cicIkeEnabled } STATUS current DESCRIPTION The notification is generated when the operational state of IKE entity on the managed device has been changed. ::= { cicIkeConfigMIBNotifs 1 } ciscoIkeConfigPskAdded NOTIFICATION-TYPE OBJECTS { cicIkeCfgPskRemIdentType, cicIkeCfgPskRemIdentity } STATUS current DESCRIPTION This notification is generated when a new preshared key is configured on the managed device. ::= { cicIkeConfigMIBNotifs 2 } ciscoIkeConfigPskDeleted NOTIFICATION-TYPE OBJECTS { cicIkeCfgPskRemIdentType, cicIkeCfgPskRemIdentity } STATUS current DESCRIPTION This notification is generated when an existing preshared key is configured on the managed device is about to be deleted. ::= { cicIkeConfigMIBNotifs 3 } ciscoIkeConfigPolicyAdded NOTIFICATION-TYPE OBJECTS { cicIkeCfgPolicyEncr, cicIkeCfgPolicyHash, cicIkeCfgPolicyAuth, cicIkeCfgPolicyDHGroup } STATUS current DESCRIPTION This notification is generated when a new ISAKMP policy is configured on the managed device. ::= { cicIkeConfigMIBNotifs 4 } ciscoIkeConfigPolicyDeleted NOTIFICATION-TYPE OBJECTS { cicIkeCfgPolicyEncr, cicIkeCfgPolicyHash, cicIkeCfgPolicyAuth, cicIkeCfgPolicyDHGroup } STATUS current DESCRIPTION This notification is issued when an existing ISAKMP policy configured on the managed device is about to be deleted. ::= { cicIkeConfigMIBNotifs 5 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Conformance Information -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cicIkeCfgMIBGroups OBJECT IDENTIFIER ::= { cicIkeConfigMIBConform 1 } cicIkeCfgMIBCompliances OBJECT IDENTIFIER ::= { cicIkeConfigMIBConform 2 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Compliance Statements -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cicIkeCfgMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION The compliance statement for SNMP entities the Internet Key Exchange Protocol configuration MIB. This group is optional. This group is conditionally mandatory and must be implemented by the agent of the managed entity if and only if a) the managed entity implements Internet Key Exchange keepalive operations or b) the managed entity implements IKE failure signaling (such as the Invalid SPI notification). GROUP cicIkeCfgNotificationGroup DESCRIPTION This group is optional. The agent must implement this group if it implements the group 'cicIkeCfgNotificationGroup'. Write access is not required. Write access is not required. Write access is not required. Write access is not required. Write access is not required. It is compliant to support only a subset of the values in the range defined. Write access is not required. It is compliant to support only a subset of the values in the range defined. Write access is not required. Write access is not required. Write access is not required. Note that an implementation need not support all identity types listed in the definition of the textual convention CIPsecPhase1PeerIdentityType. Write access is not required. Write access is not required. Write access is not required. Write access is not required. Write access is not required. Only three values 'createAndGo', 'destroy' and 'active' out of the six enumerated values need to be supported if write is supported. -- "It is compliant to support a maximum value for -- this object which is smaller than the defined -- maximum value. Only three values 'createAndGo', 'destroy' and 'active' out of the six enumerated values need to be supported if write is supported. Write access is not required. Write access is not required. Write access is not required. Write access is not required. Write access is not required. Write access is not required. Write access is not required. Write access is not required. Write access is not required. Write access is not required. Only three values 'createAndGo', 'destroy' and 'active' out of the six enumerated values need to be supported if write is supported.