Cisco IPsec Signalling Ips Sg Hist Table Size

1.3.6.1.4.1.9.9.438.1.3.1.1.1

The window size of the control tunnel History Tables. The control tunnel history table is implemented as a sliding window in which at most the last 'cisgIpsSgHistTableSize' entries are maintained. This object is, hence, used to control the size of the tunnel history table. An implementation may choose suitable values for this element based on the available resources. If an SNMP SET request specifies a value outside this window for this element, in appropriate SNMP error code should be returned. Setting this value to zero is equivalent to deleting all conceptual rows in the archiving table ('cisgIpsSgTunnelHistTable') and disabling the archiving of entries in the tables. ::= { cisgIpsSgHistGlobalCntl 1 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IKE Tunnel History Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ SYNTAX SEQUENCE OF CisgIpsSgTunnelHistEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION The control tunnel History Table. This table lists all instances of control tunnels that were successfully established but which are no longer in operation. An entry transitions to this table from the active tunnel table ('cisgIpsSgTunnelTable') into this table after it expires, is aborted or terminated. This table is conceptually a sliding window in which only the last 'N' entries are maintained, where 'N' is the value of the object 'cisgIpsSgHistTableSize'. If the value of 'cisgIpsSgHistTableSize' is 0, archiving of entries in this table is disabled. ::= { cisgIpsSgHistory 2 } SYNTAX CisgIpsSgTunnelHistEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Each entry contains the attributes associated with a previously active control Tunnel. INDEX { cisgIpsSgProtocol, cisgIpsSgTunHistIndex } ::= { cisgIpsSgTunnelHistTable 1 } CisgIpsSgTunnelHistEntry ::= SEQUENCE { cisgIpsSgTunHistIndex Unsigned32, cisgIpsSgTunHistTermReason INTEGER, cisgIpsSgTunHistActiveIndex CIPsecPhase1TunnelIndex, cisgIpsSgTunHistPeerLocalType CIPsecPhase1PeerIdentityType, cisgIpsSgTunHistPeerLocalValue SnmpAdminString, cisgIpsSgTunHistPeerIntIndex Unsigned32, cisgIpsSgTunHistPeerRemoteType CIPsecPhase1PeerIdentityType, cisgIpsSgTunHistPeerRemoteValue SnmpAdminString, cisgIpsSgTunHistLocalAddrType CIPsecPhase1PeerIdentityType, cisgIpsSgTunHistLocalAddr SnmpAdminString, cisgIpsSgTunHistLocalName SnmpAdminString, cisgIpsSgTunHistRemoteAddrType CIPsecPhase1PeerIdentityType, cisgIpsSgTunHistRemoteAddr SnmpAdminString, cisgIpsSgTunHistRemoteName SnmpAdminString, cisgIpsSgTunHistEncryptAlgo CIPsecEncryptAlgorithm, cisgIpsSgTunHistEncryptKeySize CIPsecEncryptionKeySize, cisgIpsSgTunHistHashAlgo CIPsecIkeHashAlgorithm, cisgIpsSgTunHistAuthMethod CIPsecIkeAuthMethod, cisgIpsSgTunHistLifeTime Unsigned32, cisgIpsSgTunHistStartTime TimeStamp, cisgIpsSgTunHistActiveTime TimeInterval, cisgIpsSgTunHistInOctets Counter64, cisgIpsSgTunHistInPkts Counter64, cisgIpsSgTunHistInDropPkts Counter64, cisgIpsSgTunHistInNotifys Counter64, cisgIpsSgTunHistInP2SaDelReqs Counter64, cisgIpsSgTunHistOutOctets Counter64, cisgIpsSgTunHistOutPkts Counter64, cisgIpsSgTunHistOutDropPkts Counter64, cisgIpsSgTunHistOutNotifys Counter64, cisgIpsSgTunHistOutP2SaDelReqs Counter64 } SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION The index of the Phase-1 Control Tunnel History Table. This object has no relationship to the cisgIpsSgTunIndex of the tunnel when it was active. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 4,294,967,296. ::= { cisgIpsSgTunnelHistEntry 1 } SYNTAX INTEGER { other(1), normal(2), operRequest(3), peerDelRequest(4), peerLost(5), applicationInitiated(6), userAuthFailure(7), localFailure(8) } MAX-ACCESS read-only STATUS current DESCRIPTION The reason the Phase-1 Control Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = applicationInitiated (eg: L2TP requesting the termination) 7 = failure of extended user authentication 8 = local failure occurred. ::= { cisgIpsSgTunnelHistEntry 2 } SYNTAX CIPsecPhase1TunnelIndex MAX-ACCESS read-only STATUS current DESCRIPTION The index of the previously active Control Tunnel. This object must correspond to an expired IKE tunnel. ::= { cisgIpsSgTunnelHistEntry 3 } SYNTAX CIPsecPhase1PeerIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION The type of local peer identity. ::= { cisgIpsSgTunnelHistEntry 4 } SYNTAX SnmpAdminString(SIZE(1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION The value of the local peer identity. ::= { cisgIpsSgTunnelHistEntry 5 } SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION The arbitrary index to keep local-remote peer association. This index is used to uniquely identify multiple associations between the local and remote peer. ::= { cisgIpsSgTunnelHistEntry 6 } SYNTAX CIPsecPhase1PeerIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION The type of remote peer identity. ::= { cisgIpsSgTunnelHistEntry 7 } SYNTAX SnmpAdminString(SIZE(1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION The value of the remote peer identity. ::= { cisgIpsSgTunnelHistEntry 8 } SYNTAX CIPsecPhase1PeerIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION The type of the address of the local endpoint for the control tunnel. ::= { cisgIpsSgTunnelHistEntry 9 } SYNTAX SnmpAdminString(SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION The address of the local endpoint for the control tunnel. ::= { cisgIpsSgTunnelHistEntry 10 } SYNTAX SnmpAdminString(SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION The DNS name of the local address for the control Tunnel. If the DNS name associated with the local tunnel endpoint is not known, then the value of this object will be a zero-length string. ::= { cisgIpsSgTunnelHistEntry 11 } SYNTAX CIPsecPhase1PeerIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION The type of the address of the remote endpoint for the control Tunnel. ::= { cisgIpsSgTunnelHistEntry 12 } SYNTAX SnmpAdminString(SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION The address of the remote endpoint for the control Tunnel. ::= { cisgIpsSgTunnelHistEntry 13 } SYNTAX SnmpAdminString(SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION The DNS name of the remote address of control Tunnel. If the DNS name associated with the remote tunnel endpoint is not known, then the value of this object will be a zero-length string. ::= { cisgIpsSgTunnelHistEntry 14 } SYNTAX CIPsecEncryptAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION The encryption algorithm used in control tunnel. ::= { cisgIpsSgTunnelHistEntry 15 } SYNTAX CIPsecEncryptionKeySize UNITS "Bits The size in bits of the key which was negotiated for the control tunnel to be used with the algorithm denoted by the column 'cisgIpsSgTunEncryptAlgo'. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size. ::= { cisgIpsSgTunnelHistEntry 16 } SYNTAX CIPsecIkeHashAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION The hash algorithm used in control tunnel negotiations. ::= { cisgIpsSgTunnelHistEntry 17 } SYNTAX CIPsecIkeAuthMethod MAX-ACCESS read-only STATUS current DESCRIPTION The authentication method used in control tunnel negotiations. ::= { cisgIpsSgTunnelHistEntry 18 } SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION The negotiated LifeTime of the control tunnel in seconds. ::= { cisgIpsSgTunnelHistEntry 19 } SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION The value of sysUpTime in hundredths of seconds when the control tunnel was started. ::= { cisgIpsSgTunnelHistEntry 20 } SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION The length of time the control tunnel has been active in hundredths of seconds. ::= { cisgIpsSgTunnelHistEntry 21 } SYNTAX Counter64 UNITS "Octets The total number of octets received by this control tunnel. ::= { cisgIpsSgTunnelHistEntry 22 } SYNTAX Counter64 UNITS "Packets The total number of packets received by this Phase-1 control tunnel. ::= { cisgIpsSgTunnelHistEntry 23 } SYNTAX Counter64 UNITS "Packets The total number of packets dropped by this control Tunnel during receive processing. ::= { cisgIpsSgTunnelHistEntry 24 } SYNTAX Counter64 UNITS "Notification Payloads The total number of notification payloads received by this control tunnel. ::= { cisgIpsSgTunnelHistEntry 25 } SYNTAX Counter64 UNITS "Notification Payloads The total number of Phase-2 tunnel delete requests received by this control tunnel. ::= { cisgIpsSgTunnelHistEntry 26 } SYNTAX Counter64 UNITS "Octets The total number of octets sent by this control Tunnel. ::= { cisgIpsSgTunnelHistEntry 27 } SYNTAX Counter64 UNITS "Packets The total number of packets sent by this control Tunnel. ::= { cisgIpsSgTunnelHistEntry 28 } SYNTAX Counter64 UNITS "Packets The total number of packets dropped by this control Tunnel during send processing. ::= { cisgIpsSgTunnelHistEntry 29 } SYNTAX Counter64 UNITS "Notification Payloads The total number of notification payloads sent by this control Tunnel. ::= { cisgIpsSgTunnelHistEntry 30 } SYNTAX Counter64 UNITS "Notification Payloads The total number of Phase-2 tunnel delete requests sent by this control tunnel. ::= { cisgIpsSgTunnelHistEntry 31 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The Control Tunnel Failure Group -- -- This group consists of: -- 1) Control Failure Global Objects -- 2) Control Tunnel Failure Table -- 3) Control Tunnel Failure Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cisgIpsSgFailGlobal OBJECT IDENTIFIER ::= { cisgIpsSgFailures 1 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The Failure Global Control Objects -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cisgIpsSgFailGlobalCntl OBJECT IDENTIFIER ::= { cisgIpsSgFailGlobal 1 } SYNTAX Unsigned32 (0..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION The window size of the Internet Key Exchange Failure Tables. The Failure Table is implemented as a sliding window in which only the last 'cisgIpsSgFailTableSize' entries are maintained. This object is used specify the number of entries which will be maintained in the control tunnel Failure Table. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, an appropriate SNMP error code must be returned. Setting this value to zero is equivalent to deleting all conceptual rows in the archiving tables ('cisgIpsSgFailTable') and disabling the archiving of entries in this table. ::= { cisgIpsSgFailGlobalCntl 1 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The Phase-1 Failure Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ SYNTAX SEQUENCE OF CisgIpsSgFailEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION This is the control tunnel Table and is implemented as a sliding window in which only the last 'N' entries are maintained. The maximum number of entries is specified by the object 'cisgIpsSgFailTableSize'. The failure records are catalogued under each signaling protocol type; that is, the first index of this table is the signaling protocol identifier ('cisgIpsSgProtocol'). The second index ('cisgIpsSgFailIndex') identifies the failure record uniquely in the subcategory. Should a failure be identified before the signaling protocol itself has been identified by the managed entity, the failure record will be classified under 'cpUnknown'. ::= { cisgIpsSgFailures 2 } SYNTAX CisgIpsSgFailEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Each entry contains the attributes associated with an Phase-1 failure. INDEX { cisgIpsSgProtocol, cisgIpsSgFailIndex } ::= { cisgIpsSgFailTable 1 } CisgIpsSgFailEntry ::= SEQUENCE { cisgIpsSgFailIndex Unsigned32, cisgIpsSgFailReason INTEGER, cisgIpsSgFailTime TimeStamp, cisgIpsSgFailLocalType CIPsecPhase1PeerIdentityType, cisgIpsSgFailLocalValue SnmpAdminString, cisgIpsSgFailRemoteType CIPsecPhase1PeerIdentityType, cisgIpsSgFailRemoteValue SnmpAdminString, cisgIpsSgFailLocalAddress SnmpAdminString, cisgIpsSgFailRemoteAddress SnmpAdminString } SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION The Phase-1 Failure Table index. This object has no relationship to the cisgIpsSgTunIndex of the tunnel when it was active. The value of the index is a number which begins at one and is incremented with each Phase-1 failure. The value of this object will wrap at 4,294,967,296. ::= { cisgIpsSgFailEntry 1 } SYNTAX INTEGER{ other(1), peerDelRequest(2), peerLost(3), localFailure(4), authFailure(5), hashValidation(6), encryptFailure(7), internalError(8), sysCapExceeded(9), proposalFailure(10), peerCertUnavailable(11), peerCertNotValid(12), localCertExpired(13), crlFailure(14), peerEncodingError(15), nonExistentSa(16), userAuthFailure(17), operRequest(18), deniedByAdmissionControl(19), protocolSpecific(20) } MAX-ACCESS read-only STATUS current DESCRIPTION The reason for the failure. Possible reasons include: 1 = other 2 = peer delete request was received 3 = contact with peer was lost 4 = local failure occurred 5 = authentication failure 6 = hash validation failure 7 = encryption failure 8 = internal error occurred 9 = system capacity failure 10 = proposal failure 11 = peer's certificate is unavailable 12 = peer's certificate was found invalid 13 = local certificate expired 14 = certificate revoke list (crl) failure 15 = peer encoding error 16 = Reference to a non-existent control tunnel 17 = Extended User authentication failed 18 = operator requested termination. 19 = An attempt to establish a tunnel was aborted by the admission control policy (this could include a simple policy that limits the maximum active tunnels) 20 = A protocol specific reason (look in the protocol-specific MIB for more info). ::= { cisgIpsSgFailEntry 2 } SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION The value of sysUpTime in hundredths of seconds at the time of the failure. ::= { cisgIpsSgFailEntry 3 } SYNTAX CIPsecPhase1PeerIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION The type of local peer identity. ::= { cisgIpsSgFailEntry 4 } SYNTAX SnmpAdminString(SIZE(1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION The value of the local peer identity. ::= { cisgIpsSgFailEntry 5 } SYNTAX CIPsecPhase1PeerIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION The type of remote peer identity. ::= { cisgIpsSgFailEntry 6 } SYNTAX SnmpAdminString(SIZE(1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION The value of the remote peer identity. ::= { cisgIpsSgFailEntry 7 } SYNTAX SnmpAdminString(SIZE(1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION The address of the local peer. The value of cisgIpsSgFailLocalType identifies the type of the address contained in this object. ::= { cisgIpsSgFailEntry 8 } SYNTAX SnmpAdminString(SIZE(1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION The address of the remote peer. The value of cisgIpsSgFailLocalType identifies the type of the address contained in this object. ::= { cisgIpsSgFailEntry 9 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The Notification Control Group -- -- This group of objects controls the emission of -- SNMP notifications pertaining to the operation of -- control tunnels. -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION This object acts as the knob that controls the the administrative state of sending any notification defined in this MIB module. That is, a particular notification 'foo' defined in this MIB module is enabled if and only if the expression cisgIpsSgNotifCntlAllNotifs && cisgIpsSgNotifCntl evaluates to 'true'. DEFVAL { true } ::= { cisgIpsSgNotificationCntl 1 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION This object defines the administrative state of sending the Control Tunnel Start notification. If the value of this object is 'true', the issuing of the notification 'cisgIpsSgTunnelStart' is enabled. DEFVAL { false } ::= { cisgIpsSgNotificationCntl 2 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION This object defines the administrative state of sending the Control Tunnel Stop notification. If the value of this object is 'true', the issuing of the notification 'cisgIpsSgTunnelStop' is enabled. DEFVAL { false } ::= { cisgIpsSgNotificationCntl 3 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION This object defines the administrative state of sending the System Failure notification. If the value of this object is 'true', the issuing of the notification 'ciscoIpsSgSysFailure' is enabled. DEFVAL { false } ::= { cisgIpsSgNotificationCntl 4 } SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION This object defines the administrative state of sending the Certificate/CRL Failure notification. If the value of this object is 'true', the issuing of the notification 'ciscoIpsSgCertCrlFailure' is enabled. DEFVAL { false } ::= { cisgIpsSgNotificationCntl 5 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Internet Key Exchange Notifications -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ciscoIpsSgTunnelStart NOTIFICATION-TYPE OBJECTS { cisgIpsSgTunLocalAddressType, cisgIpsSgTunLocalAddress, cisgIpsSgTunRemoteAddressType, cisgIpsSgTunRemoteAddress, cisgIpsSgTunLifeTime } STATUS current DESCRIPTION This notification is generated when an control tunnel becomes active. ::= { ciscoIPsecSigMIBNotifs 1 } ciscoIpsSgTunnelStop NOTIFICATION-TYPE OBJECTS { cisgIpsSgTunHistLocalAddrType , cisgIpsSgTunHistLocalAddr, cisgIpsSgTunHistRemoteAddrType , cisgIpsSgTunHistRemoteAddr, cisgIpsSgTunHistTermReason, cisgIpsSgTunHistActiveTime } STATUS current DESCRIPTION This notification is generated when an control tunnel becomes inactive. ::= { ciscoIPsecSigMIBNotifs 2 } ciscoIpsSgSysFailure NOTIFICATION-TYPE OBJECTS { cisgIpsSgFailLocalAddress, cisgIpsSgFailRemoteAddress } STATUS current DESCRIPTION This notification is generated when the processing for an control Tunnel experiences an system capacity error. ::= { ciscoIPsecSigMIBNotifs 3 } ciscoIpsSgCertCrlFailure NOTIFICATION-TYPE OBJECTS { cisgIpsSgFailLocalAddress, cisgIpsSgFailRemoteAddress } STATUS current DESCRIPTION This notification is generated when the processing for an control Tunnel experiences a Certificate or a Certificate validation (CRL or OCSP) related error. ::= { ciscoIPsecSigMIBNotifs 4 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Conformance Information -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ciscoIpsSgMIBCompliances OBJECT IDENTIFIER ::= { ciscoIPsecSigMIBConform 1 } ciscoIpsSgMIBGroups OBJECT IDENTIFIER ::= { ciscoIPsecSigMIBConform 2 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Compliance Statements -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ciscoIpsSgMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION The compliance statement for SNMP entities the IPsec Signaling MIB. This group is optional and must be implemented by the agent of the managed entity if and only if a) the managed entity implements signaling for IPsec and FC-SP b) and the managed entity implements historical archiving of control tunnels. This group is optional and must be implemented by the agent of the managed entity if and only if a) the managed entity implements signaling for IPsec and FC-SP and b) the managed entity implements historical archiving of setup and operational failures of IPsec control tunnels. This group is optional. The agent must implement this group if it implements the group 'ciscoIpsSgNotifcationGroup'. It is compliant to support only a subset of the values defined.