cif Ike Global Stats Table

1.3.6.1.4.1.9.9.429.1.1.1

The Phase-1 IKE Global Statistics Table. There is one entry in this table for each Phase-1 IKE, protocol('cpIkev1' and 'cpIkev2') implemented by the managed entity. For all the counter objects in the table below, initially when the IKE Tunnel becomes active and appears in this table, they would contain a value of zero. ::= { cifIkeCurrentActivity 1 } SYNTAX CifIkeGlobalStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Each entry contains the global statistics pertaining to the specific IKE protocol. INDEX { cisgIpsSgProtocol } ::= { cifIkeGlobalStatsTable 1 } CifIkeGlobalStatsEntry ::= SEQUENCE { cifIkeGlobalInP2Exchgs Counter64, cifIkeGlobalInP2ExchgInvalids Counter64, cifIkeGlobalInP2ExchgRejects Counter64, cifIkeGlobalOutP2Exchgs Counter64, cifIkeGlobalOutP2ExchgInvalids Counter64, cifIkeGlobalOutP2ExchgRejects Counter64, cifIkeGlobalInXauths Counter64, cifIkeGlobalInXauthFailures Counter64, cifIkeGlobalOutXauthFailures Counter64, cifIkeGlobalInNewGrpReqs Counter64, cifIkeGlobalOutNewGrpReqs Counter64, cifIkeGlobalInNewGrpRejectReqs Counter64, cifIkeGlobalOutNewGrpRejectReqs Counter64 } SYNTAX Counter64 UNITS "SA Payloads The total number of Phase-2 exchanges received by all currently and previously active Phase-1 Tunnels. ::= { cifIkeGlobalStatsEntry 1 } SYNTAX Counter64 UNITS "SA Payloads The total number of Phase-2 exchanges which were received and found to be invalid by all currently and previously active Phase-1 Tunnels. ::= { cifIkeGlobalStatsEntry 2 } SYNTAX Counter64 UNITS "SA Payloads The total number of Phase-2 exchanges which were received and rejected by all currently and previously active Phase-1 Tunnels. ::= { cifIkeGlobalStatsEntry 3 } SYNTAX Counter64 UNITS "SA Payloads The total number of Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 Tunnels. ::= { cifIkeGlobalStatsEntry 4 } SYNTAX Counter64 UNITS "SA Payloads The total number of Phase-2 exchanges which were sent and found to be invalid by all currently and previously active Phase-1 Tunnels. ::= { cifIkeGlobalStatsEntry 5 } SYNTAX Counter64 UNITS "SA Payloads The total number of Phase-2 exchanges which were sent and rejected by all currently and previously active Phase-1 IKE Tunnels. ::= { cifIkeGlobalStatsEntry 6 } SYNTAX Counter64 UNITS "Failures The number of times the extended authentication requests was received by the managed entity from a peer. ::= { cifIkeGlobalStatsEntry 7 } SYNTAX Counter64 UNITS "Failures The number of times the extended authentication information supplied by an IKE peer was found to be invalid by the local entity. ::= { cifIkeGlobalStatsEntry 8 } SYNTAX Counter64 UNITS "Failures The number of times the extended authentication information supplied by the managed entity to an IKE peer was found to be invalid by the remote peer. ::= { cifIkeGlobalStatsEntry 9 } SYNTAX Counter64 UNITS "Negotiations The total number of New Group exchanges initiated remotely. ::= { cifIkeGlobalStatsEntry 10 } SYNTAX Counter64 UNITS "Negotiations The total number of New Group exchanges initiated locally. ::= { cifIkeGlobalStatsEntry 11 } SYNTAX Counter64 UNITS "Negotiations The total number of New Group exchanges initiated remotely that ended in reject. ::= { cifIkeGlobalStatsEntry 12 } SYNTAX Counter64 UNITS "Negotiations The total number of New Group exchanges initiated locally that ended in reject. ::= { cifIkeGlobalStatsEntry 13 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The Internet Key Exchange Tunnel Table -- This table has a sparse table relationship with the generic -- IPsec Phase-1 Tunnel table defined in -- CISCO-IPSEC-SIGNALING-MIB. -- For those rows in the generic Phase-1 Tunnel table -- that corresponds to IKE protocol, there is one row in -- the following table. -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ SYNTAX SEQUENCE OF CifIkeTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION The Phase-1 Internet Key Exchange Tunnel Table. There is one entry in this table for each active IPsec Phase-1 IKE Tunnel. ::= { cifIkeCurrentActivity 3 } SYNTAX CifIkeTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Each entry contains the attributes associated with an active Phase-1 IKE Tunnel. The rows in this table correspond 1-to-1 with a subset of the rows in cisgIpsSgTunnelTable, specifically the subset which represent Phase-1 IKE Tunnels. Hence, the value of the index 'cisgIpsSgProtocol' in this table is always 'cpIkev1' or 'cpIkev2'. For all the counter objects in the table below, initially when the Phase-1 IKE Tunnel becomes active and appears in this table, they would contain a value of zero. INDEX { cisgIpsSgProtocol, cisgIpsSgTunIndex } ::= { cifIkeTunnelTable 1} CifIkeTunnelEntry ::= SEQUENCE { cifIkeTunNegoMode CIPsecIkeNegoMode, cifIkeTunDHGrp CIPsecDiffHellmanGrp, cifIkeTunSaRefreshThreshold Unsigned32, cifIkeTunTotalRefreshes Counter32, cifIkeTunInP2Exchgs Counter32, cifIkeTunInP2ExchgInvalids Counter32, cifIkeTunInP2ExchgRejects Counter32, cifIkeTunInP2SaDelRequests Counter32, cifIkeTunOutP2Exchgs Counter32, cifIkeTunOutP2ExchgInvalids Counter32, cifIkeTunOutP2ExchgRejects Counter32, cifIkeTunInNewGrpReqs Counter32, cifIkeTunOutNewGrpReqs Counter32, cifIkeTunInNewGrpRejectedReqs Counter32, cifIkeTunOutNewGrpRejectedReqs Counter32, cifIkeTunInConfigs Counter32, cifIkeTunOutConfigs Counter32, cifIkeTunInConfigRejects Counter32, cifIkeTunOutConfigRejects Counter32 } SYNTAX CIPsecIkeNegoMode MAX-ACCESS read-only STATUS current DESCRIPTION The negotiation mode of the Phase-1 IKE Tunnel. ::= { cifIkeTunnelEntry 1 } SYNTAX CIPsecDiffHellmanGrp MAX-ACCESS read-only STATUS current DESCRIPTION The Diffie Hellman Group used in Phase-1 IKE negotiations. ::= { cifIkeTunnelEntry 2 } SYNTAX Unsigned32 (0..2147483647) UNITS "seconds The security association refresh threshold in seconds. If the tunnel does not refresh its security associations, the value of this MIB object is zero. ::= { cifIkeTunnelEntry 3 } SYNTAX Counter32 UNITS "QM Exchanges The total number of security associations refreshes performed. If the tunnel does not refresh its security associations, the value of this MIB object is never incremented. ::= { cifIkeTunnelEntry 4 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges received by this Phase-1 IKE Tunnel. ::= { cifIkeTunnelEntry 5 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges received and found to be invalid by this Phase-1 IKE Tunnel. ::= { cifIkeTunnelEntry 6 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges received and rejected by this Phase-1 Tunnel. ::= { cifIkeTunnelEntry 7 } SYNTAX Counter32 UNITS "Notification Payloads The total number of Phase-2 security association delete requests received by this Phase-1 IKE Tunnel. ::= { cifIkeTunnelEntry 8 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges sent by this Phase-1 IKE Tunnel. ::= { cifIkeTunnelEntry 9 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges sent and found to be invalid by this Phase-1 IKE Tunnel. ::= { cifIkeTunnelEntry 10 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges sent and rejected by this Phase-1 IKE Tunnel. ::= { cifIkeTunnelEntry 11 } SYNTAX Counter32 UNITS "Negotiations The total number of New Group exchanges initiated remotely using this IKE tunnel. ::= { cifIkeTunnelEntry 12 } SYNTAX Counter32 UNITS "Negotiations The total number of New Group exchanges initiated locally using this IKE tunnel. ::= { cifIkeTunnelEntry 13 } SYNTAX Counter32 UNITS "Negotiations The total number of New Group exchanges initiated remotely using this IKE tunnel that ended in reject. ::= { cifIkeTunnelEntry 14 } SYNTAX Counter32 UNITS "Negotiations The total number of New Group exchanges initiated locally using this IKE tunnel that ended in reject. ::= { cifIkeTunnelEntry 15 } SYNTAX Counter32 UNITS "Mode Configuration Setting Payloads The total number of Mode Configuration settings received (either CFG_REPLY or CFG_SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel. ::= { cifIkeTunnelEntry 16 } SYNTAX Counter32 UNITS "Mode Configuration Setting Payloads The total number of Mode Configuration settings dispatched (either CFG_REPLY or CFG_SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel. ::= { cifIkeTunnelEntry 17 } SYNTAX Counter32 UNITS "Mode Configuration Setting Payloads The total number of Mode Configuration settings which were received (either CFG_REPLY or CFG_SET payloads) and rejected by this entity using the ISAKMP SA represented by this IKE tunnel. ::= { cifIkeTunnelEntry 18 } SYNTAX Counter32 UNITS "Mode Configuration Setting Payloads The total number of Mode Configuration settings which were dispatched (either CFG_REPLY or CFG_SET payloads) by this entity and were rejected by the peer (client) using the ISAKMP SA represented by this IKE tunnel. ::= { cifIkeTunnelEntry 19 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IKE History Group: -- The IKE Tunnel History Table -- This table has a sparse table relationship with the -- generic Phase-1 Tunnel history table -- 'cisgIpsSgTunnelHistTable' defined in -- CISCO-IPSEC-SIGNALING-MIB. -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ SYNTAX SEQUENCE OF CifIkeTunnelHistEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION The Phase-1 Internet Key Exchange Tunnel history table. This table is conceptually a sliding window in which only the last 'N' entries are maintained, where 'N' is the value of the object 'cisgIpsSgHistTableSize' (defined in defined in CISCO-IPSEC-SIGNALING-MIB). If the value of 'cisgIpsSgHistTableSize' is 0, then this table will be empty. For all the counter objects in the table below, initially when the Tunnel entry appears in this table, they would contain a value of zero. ::= { cifIkeHistory 1 } SYNTAX CifIkeTunnelHistEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Each entry contains the attributes associated with a previously active Phase-1 IKE Tunnel. This table has a sparse table relationship with the generic Phase-1 Tunnel history table 'cisgIpsSgTunnelHistTable' defined in CISCO-IPSEC-SIGNALING-MIB. However, the value of the index column in this table will always be either 'cpIkev1' or 'cpIkev2'. INDEX { cisgIpsSgProtocol, cisgIpsSgTunHistIndex } ::= { cifIkeTunnelHistTable 1 } CifIkeTunnelHistEntry ::= SEQUENCE { cifIkeTunHistNegoMode CIPsecIkeNegoMode, cifIkeTunHistDHGrp CIPsecDiffHellmanGrp, cifIkeTunHistTotalRefreshes Counter32, cifIkeTunHistTotalSas Counter32, cifIkeTunHistInP2Exchgs Counter32, cifIkeTunHistInP2ExchgInvalids Counter32, cifIkeTunHistInP2ExchgRejects Counter32, cifIkeTunHistOutP2Exchgs Counter32, cifIkeTunHistOutP2ExchgInvalids Counter32, cifIkeTunHistOutP2ExchgRejects Counter32, cifIkeTunHistInNewGrpReqs Counter32, cifIkeTunHistOutNewGrpReqs Counter32, cifIkeTunHistInNewGrpRejectReqs Counter32, cifIkeTunHistOutNewGrpRejectReqs Counter32, cifIkeTunHistInConfigs Counter32, cifIkeTunHistOutConfigs Counter32, cifIkeTunHistInConfigsRejects Counter32, cifIkeTunHistOutConfigsRejects Counter32 } SYNTAX CIPsecIkeNegoMode MAX-ACCESS read-only STATUS current DESCRIPTION The negotiation mode of the Phase-1 IKE Tunnel. ::= { cifIkeTunnelHistEntry 1 } SYNTAX CIPsecDiffHellmanGrp MAX-ACCESS read-only STATUS current DESCRIPTION The Diffie Hellman Group used in Phase-1 IKE negotiations. ::= { cifIkeTunnelHistEntry 2 } SYNTAX Counter32 UNITS "QM Exchanges The total number of security associations refreshes performed. ::= { cifIkeTunnelHistEntry 3 } SYNTAX Counter32 UNITS "SAs The total number of security associations used during the life of the Phase-1 IKE Tunnel. ::= { cifIkeTunnelHistEntry 4 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges received by this Phase-1 IKE Tunnel. ::= { cifIkeTunnelHistEntry 5 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters. ::= { cifIkeTunnelHistEntry 6 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy. ::= { cifIkeTunnelHistEntry 7 } SYNTAX Counter32 UNITS "Notification Payloads The total number of Phase-2 security association delete requests received by this Phase-1 IKE Tunnel. ::= { cifIkeTunnelHistEntry 8 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges sent by this Phase-1 IKE Tunnel. ::= { cifIkeTunnelHistEntry 9 } SYNTAX Counter32 UNITS "SA Payloads The total number of Phase-2 exchanges sent on this tunnel that were rejected by the peer, because it contained references to security parameters not recognized by the peer. ::= { cifIkeTunnelHistEntry 10 } SYNTAX Counter32 UNITS "Negotiations The total number of New Group exchanges initiated remotely using this IKE tunnel during its lifetime. ::= { cifIkeTunnelHistEntry 11 } SYNTAX Counter32 UNITS "Negotiations The total number of New Group exchanges initiated locally using this IKE tunnel during its lifetime. ::= { cifIkeTunnelHistEntry 12 } SYNTAX Counter32 UNITS "Negotiations The total number of New Group exchanges initiated remotely using this IKE tunnel during its lifetime that ended in reject. ::= { cifIkeTunnelHistEntry 13 } SYNTAX Counter32 UNITS "Negotiations The total number of New Group exchanges initiated locally using this IKE tunnel during its lifetime that ended in reject. ::= { cifIkeTunnelHistEntry 14 } SYNTAX Counter32 UNITS "Mode Configuration Setting Payloads The total number of Mode Configuration settings received (either CFG_REPLY or CFG_SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel. ::= { cifIkeTunnelHistEntry 15 } SYNTAX Counter32 UNITS "Mode Configuration Setting Payloads The total number of Mode Configuration settings dispatched (either CFG_REPLY or CFG_SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel. ::= { cifIkeTunnelHistEntry 16 } SYNTAX Counter32 UNITS "Mode Configuration Setting Payloads The total number of Mode Configuration settings which were received (either CFG_REPLY or CFG_SET payloads) and rejected by this entity using the ISAKMP SA represented by this IKE tunnel. ::= { cifIkeTunnelHistEntry 17 } SYNTAX Counter32 UNITS "Mode Configuration Setting Payloads The total number of Mode Configuration settings which were dispatched (either CFG_REPLY or CFG_SET payloads) by this entity and were rejected by the peer (client) using the ISAKMP SA represented by this IKE tunnel. ::= { cifIkeTunnelHistEntry 18 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IKE Control Group -- -- This group of objects controls the sending of IKE TRAPs. -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION The generation of the 'ciscoIkeFlowInNewGrpRejected' notification is enabled if and only if this object has the value 'true'. DEFVAL { false } ::= { cifIkeNotifControl 1 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION The generation of the 'ciscoIkeFlowOutNewGrpRejected' notification is enabled if and only if this object has the value 'true'. DEFVAL { false } ::= { cifIkeNotifControl 2 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Internet Key Exchange Notifications -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ciscoIkeFlowInNewGrpRejected NOTIFICATION-TYPE OBJECTS { cisgIpsSgFailLocalAddress, cisgIpsSgFailRemoteAddress } STATUS current DESCRIPTION This notification is generated when the managed entity receives and rejects an incoming new group proposal from an IKE peer identified by 'cisgIpsSgFailRemoteAddress'. 'cisgIpsSgFailLocalAddress' identifies the address of the local peer. The ISAKMP context of the exchange can be obtained from the IKE tunnel index which is contained in the index of the varbind objects of this trap. ::= { ciscoIkeFlowMIBNotifs 1 } ciscoIkeFlowOutNewGrpRejected NOTIFICATION-TYPE OBJECTS { cisgIpsSgFailLocalAddress, cisgIpsSgFailRemoteAddress } STATUS current DESCRIPTION This notification is generated when the managed entity issues a new group proposal to the remote peer identified by 'cisgIpsSgFailRemoteAddress' and the peer rejects the proposal. 'cisgIpsSgFailLocalAddress' identifies the address of the local peer. The ISAKMP context of the exchange can be obtained from the IKE tunnel index which is contained in the index of the varbind objects of this trap. ::= { ciscoIkeFlowMIBNotifs 2 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Conformance Information -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ciscoIkeFlowMIBCompliances OBJECT IDENTIFIER ::= { ciscoIkeFlowMIBConform 1 } ciscoIkeFlowMIBGroups OBJECT IDENTIFIER ::= { ciscoIkeFlowMIBConform 2 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Compliance Statements -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ciscoIkeFlowMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION The compliance statement for SNMP entities implementing this MIB. This group is conditionally mandatory and must be implemented by the agent of the managed entity if and only if the IKE implementation on the managed entity implements new group operations. This group is conditionally mandatory and must be implemented by the agent of the managed entity if the managed entity implements remote access of users using IPsec and implements extended authentication as a part of its IKE implementation. This group is a conditionally mandatory group which must be implemented by the agent of the managed entity if the managed entity implements Mode Configuration as a part of IKE. This group is conditionally mandatory and must be implemented by the agent of the managed entity if and only if a) the managed entity implements Internet Key Exchange as an IPsec control protocol and b) the managed entity implements historical archiving of IKE tunnels (ISAKMP security associations). This group is conditionally mandatory and must be implemented by the agent of the managed entity if and only if a) the managed entity implements the group 'cifIkeFlowHistoryGroup' and b) the managed entity supports new group operations. This group is conditionally mandatory and must be implemented by the agent of the managed entity if and only if a) the managed entity implements the group 'cifIkeFlowHistoryGroup' and b) the managed entity implements mode configuration operations. This group is conditionally mandatory. It may be implemented only if the group 'cifIkeFlowNewGroupGroup' is implemented. This is because the only notifications defined in this version of the MIB Module pertain to New Group negotiations. This group is conditionally mandatory and the agent must implement this group if it implements the group 'cifIkeFlowNotificationGroup'.