CISCO-IPSEC-PROVISIONING-MIB

IPSec is the next-generation network layer crypto
        framework described in RFC2401-2411. 
        This MIB defines the IPsec configurations.
        It may be used to view and provision IPsec-based
        VPNs.
        
        To create an IPsec tunnel, you need first configure
        Internet Key Exchange (IKE). IKE negotiates Security
        Associations with the peer for IPsec. To find out
        how to configure IKE, please see
        CISCO-IKE-CONFIGURATION-MIB for detail.
        
        Once you setup IKE, you will have to configure IPsec.
        To configure IPsec, you need perform following steps.
        1. Create an IPsec transform set.
           A transform set describes a security protocol
           (AH or ESP) with its corresponding algorithms.
           For example, ESP with the DES cipher algorithm
           and HMAC-SHA for authentication.
        
        	2. Create a cryptomap and its peers.
           This will a) select data flows that need security
           processing and b) defines the policy for these flows
           and the crypto peer that traffic needs to go to.
        
        3. Apply cryptomap to an interface
           A crypto map is applied to an egress interface.
           Outgoing data flows are protected by this cryptomap.
        
        Acronyms
        The following acronyms are used in this document:
        
          Static Cryptomap Template:
           A static cryptomap template (or static cryptomap)
           is a security template created for IPsec.
           A static cryptomap pulls together various parts
           to set up an IPsec security association
           which includes:
           - which traffic should be protected by IPsec
           - where IPsec protected traffic should be sent
           - the local address used for the the IPsec traffic
           - which transform sets should be applied to this
             traffic
        
          Dynamic Cryptomap Template:
           A dynamic cryptomap template (or a dynamic cryptomap)
           is essentially a crypto map entry without all the
           parameters configured.  It acts as a policy template
           where the missing parameters are later dynamically
           configured (as the result of an IPsec negotiation)
           to match a peer's requirements.
        
          Cryptomap Set:
           A cryptomap set may contain multiple cryptomap
           templates which specify an IPsec policy.
        
          TED:
           Tunnel Endpoint Discovery protocol
        
        MIB Structure
        -------------
          This MIB provides the operational information on 
          Cisco's IPsec implementation of IPsec. This MIB 
          delineates ISAKMP and IPsec configuration. This MIB
          deals only with IPsec (Phase-2) configuration.  The
          following entities are managed:
            a) IPsec Global Parameters
            b) IPsec transform set definitions
            c) Cryptomap Group
               - Cryptomap Set Table
               - Cryptomap Table
               - CryptomapSet Transform Binding Table
               - CryptomapSet Peer Binding Table
               - CryptomapSet Interface Binding Table
        
            d) Notification Control Group
            e) Notifications Group

Imported Objects

CIPsecTransform, CIPsecLifetime, CIPsecTunnelIdleTime, CIPsecLifesize, CIPsecEncapMode, CIPsecDiffHellmanGrp, CIPsecNumCryptoMaps, CIPsecCryptomapType, CIPsecSecuritySuiteCISCO-IPSEC-TC
ciscoMgmtCISCO-SMI
ifIndexIF-MIB
InetAddressType, InetAddressINET-ADDRESS-MIB
SnmpAdminStringSNMP-FRAMEWORK-MIB
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUPSNMPv2-CONF
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Unsigned32SNMPv2-SMI
RowStatus, TruthValueSNMPv2-TC
ciscoIPsecProvisioningMIB .1.3.6.1.4.1.9.9.431
ciscoIPsecProvisioningMIBNotifs .1.3.6.1.4.1.9.9.431.0
ciscoIPsecProvCryptomapAdded .1.3.6.1.4.1.9.9.431.0.1
ciscoIPsecProvCryptomapDeleted .1.3.6.1.4.1.9.9.431.0.2
ciscoIPsecProvCryptomapAttached .1.3.6.1.4.1.9.9.431.0.3
ciscoIPsecProvCryptomapDetached .1.3.6.1.4.1.9.9.431.0.4
ciscoIPsecProvisioningMIBObjects .1.3.6.1.4.1.9.9.431.1
cipsIPsecGlobals .1.3.6.1.4.1.9.9.431.1.1
cipsTunnelLifetime .1.3.6.1.4.1.9.9.431.1.1.1
cipsTunnelLifesize .1.3.6.1.4.1.9.9.431.1.1.2
cipsTunnelIdleTimeout .1.3.6.1.4.1.9.9.431.1.1.3
cipsIPsecTransforms .1.3.6.1.4.1.9.9.431.1.2
cipsIPsecXformSetTable .1.3.6.1.4.1.9.9.431.1.2.1
cipsIPsecXformSetEntry .1.3.6.1.4.1.9.9.431.1.2.1.1
cipsXformSetName .1.3.6.1.4.1.9.9.431.1.2.1.1.1
cipsXformSetId .1.3.6.1.4.1.9.9.431.1.2.1.1.2
cipsXformSetSuite .1.3.6.1.4.1.9.9.431.1.2.1.1.3
cipsXformSetEncryptionXform .1.3.6.1.4.1.9.9.431.1.2.1.1.4
cipsXformSetIntegrityXformEsp .1.3.6.1.4.1.9.9.431.1.2.1.1.5
cipsXformSetIntegrityXformAh .1.3.6.1.4.1.9.9.431.1.2.1.1.6
cipsXformSetCompressionXform .1.3.6.1.4.1.9.9.431.1.2.1.1.7
cipsXformSetMode .1.3.6.1.4.1.9.9.431.1.2.1.1.8
cipsXformSetStatus .1.3.6.1.4.1.9.9.431.1.2.1.1.9
cipsCryptoMapGeneral .1.3.6.1.4.1.9.9.431.1.3
cipsNumStaticCryptomapSets .1.3.6.1.4.1.9.9.431.1.3.1
cipsNumDynamicCryptomapSets .1.3.6.1.4.1.9.9.431.1.3.2
cipsNumTEDCryptomapSets .1.3.6.1.4.1.9.9.431.1.3.3
cipsCryptoMaps .1.3.6.1.4.1.9.9.431.1.4
cipsStaticCryptomapSetTable .1.3.6.1.4.1.9.9.431.1.4.1
cipsStaticCryptomapSetEntry .1.3.6.1.4.1.9.9.431.1.4.1.1
cipsStaticCryptomapSetSize .1.3.6.1.4.1.9.9.431.1.4.1.1.1
cipsStaticCryptomapSetNumIsakmp .1.3.6.1.4.1.9.9.431.1.4.1.1.2
cipsStaticCryptomapSetNumManual .1.3.6.1.4.1.9.9.431.1.4.1.1.3
cipsStaticCryptomapSetNumDynamic .1.3.6.1.4.1.9.9.431.1.4.1.1.4
cipsStaticCryptomapSetNumTED .1.3.6.1.4.1.9.9.431.1.4.1.1.5
cipsStaticCryptomapSetNumSAs .1.3.6.1.4.1.9.9.431.1.4.1.1.6
cipsStaticCryptomapTable .1.3.6.1.4.1.9.9.431.1.4.3
cipsStaticCryptomapEntry .1.3.6.1.4.1.9.9.431.1.4.3.1
cipsStaticCryptomapSetName .1.3.6.1.4.1.9.9.431.1.4.3.1.1
cipsStaticCryptomapCurPAddr .1.3.6.1.4.1.9.9.431.1.4.3.1.10
cipsStaticCryptomapPfs .1.3.6.1.4.1.9.9.431.1.4.3.1.11
cipsStaticCryptomapLifetime .1.3.6.1.4.1.9.9.431.1.4.3.1.12
cipsStaticCryptomapLifesize .1.3.6.1.4.1.9.9.431.1.4.3.1.13
cipsStaticCryptomapLevelHost .1.3.6.1.4.1.9.9.431.1.4.3.1.14
cipsStaticCryptomapIdleTimeout .1.3.6.1.4.1.9.9.431.1.4.3.1.15
cipsStaticCryptomapAutoPeer .1.3.6.1.4.1.9.9.431.1.4.3.1.16
cipsStaticCryptomapStatus .1.3.6.1.4.1.9.9.431.1.4.3.1.17
cipsStaticCryptomapPriority .1.3.6.1.4.1.9.9.431.1.4.3.1.2
cipsStaticCryptomapType .1.3.6.1.4.1.9.9.431.1.4.3.1.3
cipsStaticCryptomapDescr .1.3.6.1.4.1.9.9.431.1.4.3.1.4
cipsStaticCryptomapIpFilter .1.3.6.1.4.1.9.9.431.1.4.3.1.5
cipsStaticCryptomapXformSetList .1.3.6.1.4.1.9.9.431.1.4.3.1.6
cipsStaticCryptomapNumPeers .1.3.6.1.4.1.9.9.431.1.4.3.1.7
cipsStaticCryotomapNextPIndex .1.3.6.1.4.1.9.9.431.1.4.3.1.8
cipsStaticCryptomapCurPAddrType .1.3.6.1.4.1.9.9.431.1.4.3.1.9
cipsIPsecCryMapPeerTable .1.3.6.1.4.1.9.9.431.1.4.4
cipsIPsecCryMapPeerEntry .1.3.6.1.4.1.9.9.431.1.4.4.1
cipsCryMapPeerIndex .1.3.6.1.4.1.9.9.431.1.4.4.1.1
cipsCryMapPeerAddrType .1.3.6.1.4.1.9.9.431.1.4.4.1.2
cipsCryMapPeerAddr .1.3.6.1.4.1.9.9.431.1.4.4.1.3
cipsCryMapPeerOrder .1.3.6.1.4.1.9.9.431.1.4.4.1.4
cipsCryMapPeerStatus .1.3.6.1.4.1.9.9.431.1.4.4.1.5
cipsCryptomapSetIfTable .1.3.6.1.4.1.9.9.431.1.4.5
cipsCryptomapSetIfEntry .1.3.6.1.4.1.9.9.431.1.4.5.1
cipsCryptomapSetIfStatus .1.3.6.1.4.1.9.9.431.1.4.5.1.1
cipsIfCryptomapSetInfoTable .1.3.6.1.4.1.9.9.431.1.4.6
cipsIfCryptomapSetInfoEntry .1.3.6.1.4.1.9.9.431.1.4.6.1
cipsIfStaticCryptomapSetName .1.3.6.1.4.1.9.9.431.1.4.6.1.1
cipsNotificationCntl .1.3.6.1.4.1.9.9.431.1.5
cipsCntlAllNotifs .1.3.6.1.4.1.9.9.431.1.5.1
cipsCntlCryptomapAdded .1.3.6.1.4.1.9.9.431.1.5.2
cipsCntlCryptomapDeleted .1.3.6.1.4.1.9.9.431.1.5.3
cipsCntlCryptomapSetAttached .1.3.6.1.4.1.9.9.431.1.5.4
cipsCntlCryptomapSetDetached .1.3.6.1.4.1.9.9.431.1.5.5
ciscoIPsecProvisioningMIBConform .1.3.6.1.4.1.9.9.431.2
ciscoIPsecProvMIBCompliances .1.3.6.1.4.1.9.9.431.2.1
ciscoIPsecProvMIBGroups .1.3.6.1.4.1.9.9.431.2.2