CISCO-IKE-CONFIGURATION-MIB
This is a MIB Module for configuring and viewing IKE
parameters and policies.
Acronyms
The following acronyms are used in this document:
IPsec: Secure IP Protocol
VPN: Virtual Private Network
ISAKMP: Internet Security Association and Key Exchange
Protocol
IKE: Internet Key Exchange Protocol
DOI: Domain of Interpretation (of the attributes
of IKE protocol in the context of a specific
Phase-2 protocol).
SA: Security Association
(ref: rfc2408).
SPI: Security Parameter Index is the pointer or
identifier used in accessing SA attributes
(ref: rfc2408).
MM: Main Mode - the process of setting up
a Phase 1 SA to secure the exchanges
required to setup Phase 2 SAs
Phase 1 Tunnel:
An ISAKMP SA can be regarded as representing
a flow of ISAKMP/IKE traffic. Hence an ISAKMP
is referred to as a 'Phase 1 Tunnel' in this
document.
Phase 2 Tunnel:
A Phase 2 Tunnel is an instance of a
non-ISAKMP SA bundle in which all the SA
share the same proxy identifiers (IDii,IDir)
and protect the same stream of application
traffic.
Note that a Phase 2 tunnel may comprise one
SA bundle at any given point of time, but
the SA bundle changes with time due to
key refresh.
History of the MIB
This MIB was originally written as CISCO-IPSEC-MIB
which combined the configuration of IKE and IPsec
protocols into a single MIB.
|
Imported Objects
| CIKELifesize, CIPsecControlProtocol, CIKELifetime, CIKEIsakmpDoi, CIPsecIkePRFAlgorithm, CIPsecEncryptAlgorithm, CIPsecIkeHashAlgorithm, CIPsecDiffHellmanGrp, CIPsecIkeAuthMethod, CIPsecPhase1PeerIdentityType | CISCO-IPSEC-TC |
| ciscoMgmt | CISCO-SMI |
| InetAddressPrefixLength, InetAddressType, InetAddress | INET-ADDRESS-MIB |
| NOTIFICATION-GROUP, OBJECT-GROUP, MODULE-COMPLIANCE | SNMPv2-CONF |
| MODULE-IDENTITY, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE | SNMPv2-SMI |
| TEXTUAL-CONVENTION, TruthValue, RowStatus | SNMPv2-TC |
Type Definitions (2)
| Name | Base Type | Values/Constraints |
|---|---|---|
 CicIkeConfigInitiatorIndex | range: 1..65535 | |
| CicIkeConfigPskIndex | range: 1..65535 |
Objects
  ciscoIkeConfigMIB  | .1.3.6.1.4.1.9.9.423 | |
| cicIkeConfigMIBNotifs | .1.3.6.1.4.1.9.9.423.0 | |
| cicIkeConfigMIBObjects | .1.3.6.1.4.1.9.9.423.1 | |
| cicIkeCfgOperations | .1.3.6.1.4.1.9.9.423.1.1 | |
 cicIkeEnabled | .1.3.6.1.4.1.9.9.423.1.1.1 | |
| cicIkeAggressModeEnabled | .1.3.6.1.4.1.9.9.423.1.1.2 | |
| cicIkeCfgIdentities | .1.3.6.1.4.1.9.9.423.1.2 | |
 cicIkeCfgIdentityTable | .1.3.6.1.4.1.9.9.423.1.2.1 | |
 cicIkeCfgIdentityEntry | .1.3.6.1.4.1.9.9.423.1.2.1.1 | |
 cicIkeCfgIdentityDoi | .1.3.6.1.4.1.9.9.423.1.2.1.1.1 | |
| cicIkeCfgIdentityType | .1.3.6.1.4.1.9.9.423.1.2.1.1.2 | |
| cicIkeCfgInitiatorNextAvailTable | .1.3.6.1.4.1.9.9.423.1.2.2 | |
| cicIkeCfgInitiatorNextAvailEntry | .1.3.6.1.4.1.9.9.423.1.2.2.1 | |
| cicIkeCfgInitiatorNextAvailIndex | .1.3.6.1.4.1.9.9.423.1.2.2.1.1 | |
| cicIkeCfgInitiatorTable | .1.3.6.1.4.1.9.9.423.1.2.3 | |
| cicIkeCfgInitiatorEntry | .1.3.6.1.4.1.9.9.423.1.2.3.1 | |
| cicIkeCfgInitiatorIndex | .1.3.6.1.4.1.9.9.423.1.2.3.1.1 | |
| cicIkeCfgInitiatorPAddrType | .1.3.6.1.4.1.9.9.423.1.2.3.1.2 | |
| cicIkeCfgInitiatorPAddr | .1.3.6.1.4.1.9.9.423.1.2.3.1.3 | |
| cicIkeCfgInitiatorVer | .1.3.6.1.4.1.9.9.423.1.2.3.1.4 | |
| cicIkeCfgInitiatorStatus | .1.3.6.1.4.1.9.9.423.1.2.3.1.5 | |
| cicIkeCfgFailureRecovery | .1.3.6.1.4.1.9.9.423.1.3 | |
| cicIkeCfgFailureRecovConfigTable | .1.3.6.1.4.1.9.9.423.1.3.1 | |
| cicIkeCfgFailureRecovConfigEntry | .1.3.6.1.4.1.9.9.423.1.3.1.1 | |
| cicIkeKeepAliveEnabled | .1.3.6.1.4.1.9.9.423.1.3.1.1.1 | |
| cicIkeKeepAliveType | .1.3.6.1.4.1.9.9.423.1.3.1.1.2 | |
| cicIkeKeepAliveInterval | .1.3.6.1.4.1.9.9.423.1.3.1.1.3 | |
| cicIkeKeepAliveRetryInterval | .1.3.6.1.4.1.9.9.423.1.3.1.1.4 | |
| cicIkeInvalidSpiNotify | .1.3.6.1.4.1.9.9.423.1.3.1.1.5 | |
| cicIkeCfgPeerAuth | .1.3.6.1.4.1.9.9.423.1.4 | |
| cicIkeCfgPskAuthConfig | .1.3.6.1.4.1.9.9.423.1.4.1 | |
| cicIkeCfgPskNextAvailTable | .1.3.6.1.4.1.9.9.423.1.4.1.1 | |
| cicIkeCfgPskNextAvailEntry | .1.3.6.1.4.1.9.9.423.1.4.1.1.1 | |
| cicIkeCfgPskNextAvailIndex | .1.3.6.1.4.1.9.9.423.1.4.1.1.1.1 | |
| cicIkeCfgPskTable | .1.3.6.1.4.1.9.9.423.1.4.1.2 | |
| cicIkeCfgPskEntry | .1.3.6.1.4.1.9.9.423.1.4.1.2.1 | |
| cicIkeCfgPskIndex | .1.3.6.1.4.1.9.9.423.1.4.1.2.1.1 | |
| cicIkeCfgPskKey | .1.3.6.1.4.1.9.9.423.1.4.1.2.1.2 | |
| cicIkeCfgPskRemIdentType | .1.3.6.1.4.1.9.9.423.1.4.1.2.1.3 | |
| cicIkeCfgPskRemIdentTypeStand | .1.3.6.1.4.1.9.9.423.1.4.1.2.1.4 | |
| cicIkeCfgPskRemIdentity | .1.3.6.1.4.1.9.9.423.1.4.1.2.1.5 | |
| cicIkeCfgPskRemIdAddrOrRg1OrSn | .1.3.6.1.4.1.9.9.423.1.4.1.2.1.6 | |
| cicIkeCfgPskRemIdAddrRange2 | .1.3.6.1.4.1.9.9.423.1.4.1.2.1.7 | |
| cicIkeCfgPskRemIdSubnetMask | .1.3.6.1.4.1.9.9.423.1.4.1.2.1.8 | |
| cicIkeCfgPskStatus | .1.3.6.1.4.1.9.9.423.1.4.1.2.1.9 | |
| cicIkeCfgNonceAuthConfig | .1.3.6.1.4.1.9.9.423.1.4.2 | |
| cicIkeCfgPkiAuthConfig | .1.3.6.1.4.1.9.9.423.1.4.3 | |
| cicIkeCfgPolicies | .1.3.6.1.4.1.9.9.423.1.5 | |
| cicIkeCfgPolicyTable | .1.3.6.1.4.1.9.9.423.1.5.1 | |
| cicIkeCfgPolicyEntry | .1.3.6.1.4.1.9.9.423.1.5.1.1 | |
| cicIkeCfgPolicyPriority | .1.3.6.1.4.1.9.9.423.1.5.1.1.1 | |
| cicIkeCfgPolicyEncr | .1.3.6.1.4.1.9.9.423.1.5.1.1.2 | |
| cicIkeCfgPolicyHash | .1.3.6.1.4.1.9.9.423.1.5.1.1.3 | |
| cicIkeCfgPolicyPRF | .1.3.6.1.4.1.9.9.423.1.5.1.1.4 | |
| cicIkeCfgPolicyAuth | .1.3.6.1.4.1.9.9.423.1.5.1.1.5 | |
| cicIkeCfgPolicyDHGroup | .1.3.6.1.4.1.9.9.423.1.5.1.1.6 | |
| cicIkeCfgPolicyLifetime | .1.3.6.1.4.1.9.9.423.1.5.1.1.7 | |
| cicIkeCfgPolicyLifesize | .1.3.6.1.4.1.9.9.423.1.5.1.1.8 | |
| cicIkeCfgPolicyStatus | .1.3.6.1.4.1.9.9.423.1.5.1.1.9 | |
| cicIkeCfgServiceControl | .1.3.6.1.4.1.9.9.423.1.6 | |
| cicIkeCfgCallAdmssionnCtrl | .1.3.6.1.4.1.9.9.423.1.6.1 | |
| cicIkeCfgQoSControl | .1.3.6.1.4.1.9.9.423.1.6.2 | |
| cicIkeConfigMibNotifCntl | .1.3.6.1.4.1.9.9.423.1.7 | |
| cicNotifCntlIkeAllNotifs | .1.3.6.1.4.1.9.9.423.1.7.1 | |
| cicNotifCntlIkeOperStateChanged | .1.3.6.1.4.1.9.9.423.1.7.2 | |
| cicNotifCntlIkePskAdded | .1.3.6.1.4.1.9.9.423.1.7.3 | |
| cicNotifCntlIkePskDeleted | .1.3.6.1.4.1.9.9.423.1.7.4 | |
| cicNotifCntlIkePolicyAdded | .1.3.6.1.4.1.9.9.423.1.7.5 | |
| cicNotifCntlIkePolicyDeleted | .1.3.6.1.4.1.9.9.423.1.7.6 | |
| cicIkeConfigMIBConform | .1.3.6.1.4.1.9.9.423.2 | |
| cicIkeCfgMIBGroups | .1.3.6.1.4.1.9.9.423.2.1 | |
| cicIkeCfgMIBCompliances | .1.3.6.1.4.1.9.9.423.2.2 |
Notifications/Traps
| Name | OID | Description |
|---|---|---|
 ciscoIkeConfigOperStateChanged | .1.3.6.1.4.1.9.9.423.0.1 | The notification is generated when the operational state of IKE entity on the managed device has been changed. |
| ciscoIkeConfigPskAdded | .1.3.6.1.4.1.9.9.423.0.2 | This notification is generated when a new preshared key is configured on the managed device. |
| ciscoIkeConfigPskDeleted | .1.3.6.1.4.1.9.9.423.0.3 | This notification is generated when an existing preshared key is configured on the managed device is about to be deleted. |
| ciscoIkeConfigPolicyAdded | .1.3.6.1.4.1.9.9.423.0.4 | This notification is generated when a new ISAKMP policy is configured on the managed device. |
| ciscoIkeConfigPolicyDeleted | .1.3.6.1.4.1.9.9.423.0.5 | This notification is issued when an existing ISAKMP policy configured on the managed device is about to be deleted. |