CISCO-IKE-FLOW-MIB

This is a MIB module for monitoring the structures
        and status of IPsec control flows based on Internet
        Key Exchange protocol. The MIB models standard 
        aspects of the IKE protocol.
        
        Synopsis
        
        This MIB module models status, performance and 
        failures of the IKEv1- and IKEv2-based signaling in
        IPsec, FC-SP(and similar) protocols. In practice, 
        the security protocols such as IPsec, FC-SP and 
        CTS use a signaling protocol such as IKE, KINK, 
        or some such. A number of characteristics of these
        signaling protocols are generic.
        The generic attributes and status of signaling 
        activity has been modeled in 
        CISCO-IPSEC-SIGNALING-MIB. This MIB module augments
        CISCO-IPSEC-SIGNALING-MIB with IKE-specific
        MIB objects.
        (Signaling protocols are also referred to this 
        document as 'Control Protocols', since they perform
        session control.)
        
        History of the MIB
        A precursor to this MIB was written by Tivoli and
        implemented in IBM Nways routers in 1999. That 
        MIB instrumented both IKE(v1) and IPsec in a 
        single module. During late 1999, Cisco adopted 
        the MIB and together with Tivoli published the 
        IPsec Flow Monitor MIB in IETF IPsec WG in 
        draft-ietf-ipsec-flow-monitoring-mib-00.txt. 
        In 2000, the MIB was Cisco-ized and implemented
        this draft as CISCO-IPSEC-FLOW-MONITOR-MIB in 
        IOS and VPN3000 platforms.
        
        With the evolution of IKEv2, the MIB was modified
        and presented to the IPsec WG again in May 2003 
        in draft-ietf-ipsec-flow-monitoring-mib-02.txt.
        
        This version of the draft is a Cisco-ized version
        that culls out the IKE-specific aspects of the
        IPsec Flow Monitor MIB. 
        
        Overview of MIB
        The MIB contains five major groups of objects which 
        are used to manage the IKE protocol activity. These 
        groups include the global statistics, IKE tunnel 
        table, IKE History Group and a notification Group.
        
        The tunnel table and the history table have a 
        sparse-table relationship with the corresponding
        tables in the CISCO-IPSEC-SIGNALING-MIB 
        (details in the DESCRIPTION of the respective 
        tables). 
        
        Acronyms
        The following acronyms are used in this document:     
        
        Flow, Tunnel:
            An ISAKMP SA can be regarded as representing
            a flow of ISAKMP/IKE traffic. Hence an ISAKMP
            is referred to as a 'Phase 1 Tunnel' in this
            document. 
         
        IPsec: 
            Secure IP Protocol 
        
        ISAKMP:
            Internet Security Association and Key
            Management Protocol
        
        IKE:
            Internet Key Exchange Protocol
        
        MM:
            Main Mode - the process of setting up
            a Phase 1 SA to secure the exchanges
            required to setup Phase 2 SAs
        
        Phase 2 Tunnel:
            AN instance of a non-ISAKMP SA  bundle in 
            which all the SA share the same proxy 
            identifiers (IDii,IDir) protect the same 
            stream of application traffic.
            Such an SA bundle is termed a 'Phase 2 Tunnel'.
            Note that a Phase 2 tunnel may comprise 
            different SA bundles and different number of 
            SA bundles at different 
            times (due to key refresh).
        
        QM:         
            Quick Mode - the process of setting up
            Phase 2 Security Associations using a 
            Phase 1 SA.
        
        SA: 
            Security Association (ref: rfc2408).
        
        VPN:
            Virtual Private Network.

Imported Objects

cisgIpsSgProtocol, cisgIpsSgTunIndex, cisgIpsSgTunHistIndex, cisgIpsSgFailLocalAddress, cisgIpsSgFailRemoteAddressCISCO-IPSEC-SIGNALING-MIB
CIPsecIkeNegoMode, CIPsecDiffHellmanGrpCISCO-IPSEC-TC
ciscoMgmtCISCO-SMI
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUPSNMPv2-CONF
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Counter64, Unsigned32SNMPv2-SMI
TruthValueSNMPv2-TC
ciscoIkeFlowMIB .1.3.6.1.4.1.9.9.429
ciscoIkeFlowMIBNotifs .1.3.6.1.4.1.9.9.429.0
ciscoIkeFlowInNewGrpRejected .1.3.6.1.4.1.9.9.429.0.1
ciscoIkeFlowOutNewGrpRejected .1.3.6.1.4.1.9.9.429.0.2
ciscoIkeFlowMIBObjects .1.3.6.1.4.1.9.9.429.1
cifIkeCurrentActivity .1.3.6.1.4.1.9.9.429.1.1
cifIkeGlobalStatsTable .1.3.6.1.4.1.9.9.429.1.1.1
cifIkeGlobalStatsEntry .1.3.6.1.4.1.9.9.429.1.1.1.1
cifIkeGlobalInP2Exchgs .1.3.6.1.4.1.9.9.429.1.1.1.1.1
cifIkeGlobalInNewGrpReqs .1.3.6.1.4.1.9.9.429.1.1.1.1.10
cifIkeGlobalOutNewGrpReqs .1.3.6.1.4.1.9.9.429.1.1.1.1.11
cifIkeGlobalInNewGrpRejectReqs .1.3.6.1.4.1.9.9.429.1.1.1.1.12
cifIkeGlobalOutNewGrpRejectReqs .1.3.6.1.4.1.9.9.429.1.1.1.1.13
cifIkeGlobalInP2ExchgInvalids .1.3.6.1.4.1.9.9.429.1.1.1.1.2
cifIkeGlobalInP2ExchgRejects .1.3.6.1.4.1.9.9.429.1.1.1.1.3
cifIkeGlobalOutP2Exchgs .1.3.6.1.4.1.9.9.429.1.1.1.1.4
cifIkeGlobalOutP2ExchgInvalids .1.3.6.1.4.1.9.9.429.1.1.1.1.5
cifIkeGlobalOutP2ExchgRejects .1.3.6.1.4.1.9.9.429.1.1.1.1.6
cifIkeGlobalInXauths .1.3.6.1.4.1.9.9.429.1.1.1.1.7
cifIkeGlobalInXauthFailures .1.3.6.1.4.1.9.9.429.1.1.1.1.8
cifIkeGlobalOutXauthFailures .1.3.6.1.4.1.9.9.429.1.1.1.1.9
cifIkeTunnelTable .1.3.6.1.4.1.9.9.429.1.1.3
cifIkeTunnelEntry .1.3.6.1.4.1.9.9.429.1.1.3.1
cifIkeTunNegoMode .1.3.6.1.4.1.9.9.429.1.1.3.1.1
cifIkeTunOutP2ExchgInvalids .1.3.6.1.4.1.9.9.429.1.1.3.1.10
cifIkeTunOutP2ExchgRejects .1.3.6.1.4.1.9.9.429.1.1.3.1.11
cifIkeTunInNewGrpReqs .1.3.6.1.4.1.9.9.429.1.1.3.1.12
cifIkeTunOutNewGrpReqs .1.3.6.1.4.1.9.9.429.1.1.3.1.13
cifIkeTunInNewGrpRejectedReqs .1.3.6.1.4.1.9.9.429.1.1.3.1.14
cifIkeTunOutNewGrpRejectedReqs .1.3.6.1.4.1.9.9.429.1.1.3.1.15
cifIkeTunDHGrp .1.3.6.1.4.1.9.9.429.1.1.3.1.2
cifIkeTunSaRefreshThreshold .1.3.6.1.4.1.9.9.429.1.1.3.1.3
cifIkeTunTotalRefreshes .1.3.6.1.4.1.9.9.429.1.1.3.1.4
cifIkeTunInP2Exchgs .1.3.6.1.4.1.9.9.429.1.1.3.1.5
cifIkeTunInP2ExchgInvalids .1.3.6.1.4.1.9.9.429.1.1.3.1.6
cifIkeTunInP2ExchgRejects .1.3.6.1.4.1.9.9.429.1.1.3.1.7
cifIkeTunInP2SaDelRequests .1.3.6.1.4.1.9.9.429.1.1.3.1.8
cifIkeTunOutP2Exchgs .1.3.6.1.4.1.9.9.429.1.1.3.1.9
cifIkeHistory .1.3.6.1.4.1.9.9.429.1.2
cifIkeTunnelHistTable .1.3.6.1.4.1.9.9.429.1.2.1
cifIkeTunnelHistEntry .1.3.6.1.4.1.9.9.429.1.2.1.1
cifIkeTunHistNegoMode .1.3.6.1.4.1.9.9.429.1.2.1.1.1
cifIkeTunHistOutP2ExchgRejects .1.3.6.1.4.1.9.9.429.1.2.1.1.10
cifIkeTunHistInNewGrpReqs .1.3.6.1.4.1.9.9.429.1.2.1.1.11
cifIkeTunHistOutNewGrpReqs .1.3.6.1.4.1.9.9.429.1.2.1.1.12
cifIkeTunHistInNewGrpRejectReqs .1.3.6.1.4.1.9.9.429.1.2.1.1.13
cifIkeTunHistOutNewGrpRejectReqs .1.3.6.1.4.1.9.9.429.1.2.1.1.14
cifIkeTunHistDHGrp .1.3.6.1.4.1.9.9.429.1.2.1.1.2
cifIkeTunHistTotalRefreshes .1.3.6.1.4.1.9.9.429.1.2.1.1.3
cifIkeTunHistTotalSas .1.3.6.1.4.1.9.9.429.1.2.1.1.4
cifIkeTunHistInP2Exchgs .1.3.6.1.4.1.9.9.429.1.2.1.1.5
cifIkeTunHistInP2ExchgInvalids .1.3.6.1.4.1.9.9.429.1.2.1.1.6
cifIkeTunHistInP2ExchgRejects .1.3.6.1.4.1.9.9.429.1.2.1.1.7
cifIkeTunHistOutP2Exchgs .1.3.6.1.4.1.9.9.429.1.2.1.1.8
cifIkeTunHistOutP2ExchgInvalids .1.3.6.1.4.1.9.9.429.1.2.1.1.9
cifIkeNotifControl .1.3.6.1.4.1.9.9.429.1.3
cifIkeNotifCntlInNewGrpRejected .1.3.6.1.4.1.9.9.429.1.3.1
cifIkeNotifCntlOutNewGrpRejected .1.3.6.1.4.1.9.9.429.1.3.2
ciscoIkeFlowMIBConform .1.3.6.1.4.1.9.9.429.2
ciscoIkeFlowMIBCompliances .1.3.6.1.4.1.9.9.429.2.1
ciscoIkeFlowMIBGroups .1.3.6.1.4.1.9.9.429.2.2