IPSec is the next-generation network layer crypto framework described in RFC2401-2411. This MIB defines the IPsec configurations. It may be used to view and provision IPsec-based VPNs. To create an IPsec tunnel, you need first configure Internet Key Exchange (IKE). IKE negotiates Security Associations with the peer for IPsec. To find out how to configure IKE, please see CISCO-IKE-CONFIGURATION-MIB for detail. Once you setup IKE, you will have to configure IPsec. To configure IPsec, you need perform following steps. 1. Create an IPsec transform set. A transform set describes a security protocol (AH or ESP) with its corresponding algorithms. For example, ESP with the DES cipher algorithm and HMAC-SHA for authentication. 2. Create a cryptomap and its peers. This will a) select data flows that need security processing and b) defines the policy for these flows and the crypto peer that traffic needs to go to. 3. Apply cryptomap to an interface A crypto map is applied to an egress interface. Outgoing data flows are protected by this cryptomap. Acronyms The following acronyms are used in this document: Static Cryptomap Template: A static cryptomap template (or static cryptomap) is a security template created for IPsec. A static cryptomap pulls together various parts to set up an IPsec security association which includes: - which traffic should be protected by IPsec - where IPsec protected traffic should be sent - the local address used for the the IPsec traffic - which transform sets should be applied to this traffic Dynamic Cryptomap Template: A dynamic cryptomap template (or a dynamic cryptomap) is essentially a crypto map entry without all the parameters configured. It acts as a policy template where the missing parameters are later dynamically configured (as the result of an IPsec negotiation) to match a peer's requirements. Cryptomap Set: A cryptomap set may contain multiple cryptomap templates which specify an IPsec policy. TED: Tunnel Endpoint Discovery protocol MIB Structure ------------- This MIB provides the operational information on Cisco's IPsec implementation of IPsec. This MIB delineates ISAKMP and IPsec configuration. This MIB deals only with IPsec (Phase-2) configuration. The following entities are managed: a) IPsec Global Parameters b) IPsec transform set definitions c) Cryptomap Group - Cryptomap Set Table - Cryptomap Table - CryptomapSet Transform Binding Table - CryptomapSet Peer Binding Table - CryptomapSet Interface Binding Table d) Notification Control Group e) Notifications Group |
CIPsecSecuritySuite, CIPsecCryptomapType, CIPsecNumCryptoMaps, CIPsecDiffHellmanGrp, CIPsecEncapMode, CIPsecLifesize, CIPsecTunnelIdleTime, CIPsecLifetime, CIPsecTransform | CISCO-IPSEC-TC |
ciscoMgmt | CISCO-SMI |
ifIndex | IF-MIB |
InetAddressType, InetAddress | INET-ADDRESS-MIB |
SnmpAdminString | SNMP-FRAMEWORK-MIB |
NOTIFICATION-GROUP, OBJECT-GROUP, MODULE-COMPLIANCE | SNMPv2-CONF |
MODULE-IDENTITY, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE | SNMPv2-SMI |
TruthValue, RowStatus | SNMPv2-TC |
![]() | .1.3.6.1.4.1.9.9.431 | |
![]() | .1.3.6.1.4.1.9.9.431.0 | |
![]() | .1.3.6.1.4.1.9.9.431.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.1.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.1.2 | |
![]() | .1.3.6.1.4.1.9.9.431.1.1.3 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1.1.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1.1.2 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1.1.3 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1.1.4 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1.1.5 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1.1.6 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1.1.7 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1.1.8 | |
![]() | .1.3.6.1.4.1.9.9.431.1.2.1.1.9 | |
![]() | .1.3.6.1.4.1.9.9.431.1.3 | |
![]() | .1.3.6.1.4.1.9.9.431.1.3.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.3.2 | |
![]() | .1.3.6.1.4.1.9.9.431.1.3.3 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.1.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.1.1.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.1.1.2 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.1.1.3 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.1.1.4 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.1.1.5 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.1.1.6 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.10 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.11 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.12 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.13 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.14 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.15 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.16 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.17 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.2 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.3 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.4 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.5 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.6 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.7 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.8 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.3.1.9 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.4 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.4.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.4.1.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.4.1.2 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.4.1.3 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.4.1.4 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.4.1.5 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.5 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.5.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.5.1.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.6 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.6.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.4.6.1.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.5 | |
![]() | .1.3.6.1.4.1.9.9.431.1.5.1 | |
![]() | .1.3.6.1.4.1.9.9.431.1.5.2 | |
![]() | .1.3.6.1.4.1.9.9.431.1.5.3 | |
![]() | .1.3.6.1.4.1.9.9.431.1.5.4 | |
![]() | .1.3.6.1.4.1.9.9.431.1.5.5 | |
![]() | .1.3.6.1.4.1.9.9.431.2 | |
![]() | .1.3.6.1.4.1.9.9.431.2.1 | |
![]() | .1.3.6.1.4.1.9.9.431.2.2 |
Name | OID | Description |
---|---|---|
.1.3.6.1.4.1.9.9.431.0.1 | This notification is generated when a new cryptomap is added to the specified cryptomap set. Object 'cipsStaticCryptomapSetSize' contains the number of cryptomap entries after the addition. | |
.1.3.6.1.4.1.9.9.431.0.2 | This notification is generated when a cryptomap is removed from the specified cryptomap set. Object 'cipsStaticCryptomapSetSize' contains the number of cryptomap entries after the deletion. | |
.1.3.6.1.4.1.9.9.431.0.3 | A cryptomap set must be attached to an interface of the device in order for it to be operational. This trap is generated when the cryptomap set attached to an active interface of the managed entity. The contents of the notification includes: Size of the attached cryptomap set, Number of ISAKMP cryptomaps in the set and Number of Dynamic cryptomaps in the set. | |
.1.3.6.1.4.1.9.9.431.0.4 | This trap is generated when a cryptomap set is detached from an interafce to which it was bound earlier. The context of the event identifies the size of the cryptomap set. |