tmnxIkePolicyPFSDHGroup
TIMETRA-IPSEC-MIB ·
.1.3.6.1.4.1.6527.3.1.2.48.4.1.8
Object
column
r/w
TmnxIkePolicyDHGroup
The value of tmnxIkePolicyPFSDHGroup is used only if the value of the
tmnxIkePolicyPFSEnabled is 'true'.
The value of tmnxIkePolicyPFSDHGroup specifies the new
Diffie-hellman key exchange each time the SA(Security Association)
key is renegotiated. After the SA expires, the key is forgotten
and another key is generated (if the SA remains up). This means
that an attacker who cracks part of the exchange can only read the
part that used the key before the key changed. There is no
advantage of cracking the other parts if the attacker has already
cracked one.
Context
- MIB
- TIMETRA-IPSEC-MIB
- OID
.1.3.6.1.4.1.6527.3.1.2.48.4.1.8- Type
- column
- Access
- readwrite
- Status
- current
- Parent
- tmnxIkePolicyEntry
- Table
- tmnxIkePolicyTable
- Siblings
- 36
Syntax
TmnxIkePolicyDHGroup
- Source
- TmnxIkePolicyDHGroup
- Base type
Enumeration
Values & Constraints
Type Values
1 | group1 |
2 | group2 |
5 | group5 |
14 | group14 |
15 | group15 |
19 | group19 |
20 | group20 |
21 | group21 |
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| tmnxIkePolicyId The value of tmnxIkePolicyId specifies the id of a policy entry and is
the primary index for the table tmnxIkePolicyTable. | column | TmnxIkePolicyId | .1.3.6.1.4.1.6527.3.1.2.48.4.1.1 |
| tmnxIkePolicyEncrAlgorithm obsolete The value of tmnxIkePolicyEncrAlgorithm specifies the Encryption
algorithm to be used in the phase 1 SA.
This object has been marked obsolete in SROS Release 15.0. … | column | TIMETRA-TC-MIBTmnxEncrAlgorithm | .1.3.6.1.4.1.6527.3.1.2.48.4.1.10 |
| tmnxIkePolicyIsakmpLifeTime obsolete The value of tmnxIkePolicyIsakmpLifeTime specifies the lifetime of the
phase 1 IKE key.
ISAKMP stands for Internet Security Association and Key Management
Protocol.… | column | seconds Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.11 |
| tmnxIkePolicyIPsecLifeTime The value of tmnxIkePolicyIPsecLifeTime specifies the lifetime of the
phase 2 IKE key. | column | seconds Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.12 |
| tmnxIkePolicyNatTraversal The value of tmnxIkePolicyNatTraversal specifies whether NAT-T(network
address translation traversal) is 'enabled', 'disabled' or in 'forced'
mode. | column | Enumeration | .1.3.6.1.4.1.6527.3.1.2.48.4.1.13 |
| tmnxIkePolicyNatTKeepAliveIntvl The value of tmnxIkePolicyNatTKeepAliveIntvl specifies the keep alive
interval for NAT-T. If the value of tmnxIkePolicyNatTKeepAliveIntvl is
'0', then keepalives are disabled. | column | seconds Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.14 |
| tmnxIkePolicyNatTBehindNatOnly The value of tmnxIkePolicyNatTBehindNatOnly specifies whether the keep
alive packets should be sent only when behind a NAT. | column | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.48.4.1.15 |
| tmnxIkePolicyDpd The value of tmnxIkePolicyDpd specifies whether DPD (dead peer
detection) is 'enable', 'disable' or in 'replyOnly' mode.
The DPD vendor ID is always advertised to t… | column | Enumeration | .1.3.6.1.4.1.6527.3.1.2.48.4.1.16 |
| tmnxIkePolicyDpdInterval The value of tmnxIkePolicyDpdInterval specifies the dead peer
detection interval. | column | seconds Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.17 |
| tmnxIkePolicyDpdMaxRetries The value of tmnxIkePolicyDpdMaxRetries specifies the number of
retries done before the peer is determined dead. | column | Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.18 |
| tmnxIkePolicyAuthMethod The value of tmnxIkePolicyAuthMethod specifies the authentication
method used with this IKE policy for the remote-peer. | column | TIMETRA-TC-MIBTmnxIkePolicyAuthMethod | .1.3.6.1.4.1.6527.3.1.2.48.4.1.19 |
| tmnxIkePolicyRowStatus The tmnxIkePolicyRowStatus object is used to create and delete rows in
the tmnxIkePolicyTable. | column | SNMPv2-TCRowStatus | .1.3.6.1.4.1.6527.3.1.2.48.4.1.2 |
| tmnxIkePolicyIkeVersion The value of tmnxIkePolicyIkeVersion specifies the IKE version to be
used with this IKE policy. | column | TmnxIkeVersion | .1.3.6.1.4.1.6527.3.1.2.48.4.1.20 |
| tmnxIkePolicyOwnAuthMethod The value of tmnxIkePolicyOwnAuthMethod specifies the authentication
method used with this IKE policy on its own side. | column | TIMETRA-TC-MIBTmnxIkePolicyOwnAuthMethod | .1.3.6.1.4.1.6527.3.1.2.48.4.1.21 |
| tmnxIkePolicyMatchPeerToCert The value of tmnxIkePolicyMatchPeerToCert specifies whether to enable
checking that the IKE peer's ID matches the peer's certificate when
performing certificate authentication. | column | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.48.4.1.22 |
| tmnxIkePolicyRelayUnSolCfgAttr The value of tmnxIkePolicyRelayUnSolCfgAttr specifies the unsolicited
configuration attributes for IKEv2 remote-access tunnels. These
attributes, when provided by the authenticati… | column | TmnxIkePolicyRelayUnSolCfgAttr | .1.3.6.1.4.1.6527.3.1.2.48.4.1.23 |
| tmnxIkePolicyAutoEapMethod The value of tmnxIkePolicyAutoEapMethod specifies the automatic
EAP fallback authentication method for the remote-peer used with
this IKE policy. This object is only meaningful w… | column | TIMETRA-TC-MIBTmnxIkePolicyAutoEapMethod | .1.3.6.1.4.1.6527.3.1.2.48.4.1.24 |
| tmnxIkePolicyAutoEapOwnMethod The value of tmnxIkePolicyAutoEapOwnMethod specifies the automatic EAP
fallback authentication method used with this IKE policy on its own
side.
This object is only… | column | TIMETRA-TC-MIBTmnxIkePolicyAutoEapOwnMethod | .1.3.6.1.4.1.6527.3.1.2.48.4.1.25 |
| tmnxIkePolicyLockout The value of tmnxIkePolicyLockout specifies whether or not the IPsec
Client Lockout is enabled.
The statistics information of remote lockout clients are in
tmnxIPse… | column | TIMETRA-TC-MIBTmnxEnabledDisabled | .1.3.6.1.4.1.6527.3.1.2.48.4.1.26 |
| tmnxIkePolicyLockoutFailedAtempt The value of tmnxIkePolicyLockoutFailedAtempt specifies the maximum
number of consecutive failed authentication attempts from the same
remote client. | column | Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.27 |
| tmnxIkePolicyLockoutDuration The value of tmnxIkePolicyLockoutDuration specifies the maximum
duration in minutes that the system can afford
tmnxIkePolicyLockoutFailedAtempt number of failed authentication
att… | column | minutes Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.28 |
| tmnxIkePolicyLockoutBlock The value of tmnxIkePolicyLockoutBlock specifies the maximum time
period that the system drops IKE packets after the maximum number of
consecutive failed authentication attempts r… | column | minutes Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.29 |
| tmnxIkePolicyLastChanged The value of tmnxIkePolicyLastChanged indicates the sysUpTime at the
time of the last modification of this entry.
If no changes were made to the entry since the las… | column | SNMPv2-TCTimeStamp | .1.3.6.1.4.1.6527.3.1.2.48.4.1.3 |
| tmnxIkePolicyLockoutMaxPortPerIp The value of tmnxIkePolicyLockoutMaxPortPerIp specifies the maximum
number of port that can be lockout under the same IP address. Once the
number of lockout port under the same IP… | column | Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.30 |
| tmnxIkePolicyV2Fragment The value of tmnxIkePolicyV2Fragment specifies whether or not IKEv2
fragmentation is enabled. | column | TIMETRA-TC-MIBTmnxEnabledDisabled | .1.3.6.1.4.1.6527.3.1.2.48.4.1.31 |
| tmnxIkePolicyV2FragmentMtu The value of tmnxIkePolicyV2FragmentMtu specifies the MTU size for the
IKEv2 fragmentation. | column | octets Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.32 |
| tmnxIkePolicyV2FragReassembTmOut The value of tmnxIkePolicyV2FragReassembTmOut specifies the maximum
number of seconds to wait to receive all fragments of an IKEv2 message
for reassembly. | column | seconds Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.33 |
| tmnxIkePolicySndIdrAftEapSuccess The value of tmnxIkePolicySndIdrAftEapSuccess specifies whether or not
the system adds the Identification Responder (IDr) payload in the last
IKE authentication response after the… | column | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.48.4.1.34 |
| tmnxIkePolicyIkev1Ph1RespDelNtfy The value of tmnxIkePolicyIkev1Ph1RespDelNtfy specifies whether or not
the system, when deleting an IKEv1 phase 1 for which it was the
responder, sends a delete notification to th… | column | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.48.4.1.35 |
| tmnxIkePolicyLimitInitExchange The value of tmnxIkePolicyLimitInitExchange specifies whether or not
the system limits the number of in-progress initial IKE exchanges to
one per IPsec tunnel.
The … | column | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.48.4.1.36 |
| tmnxIkePolicyReducedMaxExchgTt The value of tmnxIkePolicyReducedMaxExchgTt specifies the maximum
timeout for the in-progress initial IKE exchange.
The value of '0' specifies that there is no redu… | column | seconds Unsigned32 | .1.3.6.1.4.1.6527.3.1.2.48.4.1.37 |
| tmnxIkePolicyDescription The value of tmnxIkePolicyDescription specifies the user-provided
description for each tmnxIkePolicyEntry in the table
tmnxIkePolicyTable. | column | TIMETRA-TC-MIBTItemDescription | .1.3.6.1.4.1.6527.3.1.2.48.4.1.4 |
| tmnxIkePolicyIkeMode The value of tmnxIkePolicyIkeMode specifies the mode of operation,
which determines the number of messages used to establish the session. | column | TmnxIkePolicyIkeMode | .1.3.6.1.4.1.6527.3.1.2.48.4.1.5 |
| tmnxIkePolicyDHGroup obsolete The value of tmnxIkePolicyDHGroup specifies the Diffie-Hellman group
to be used for calculating session keys which will be used in the IKE
proposal.
This object has… | column | TmnxIkePolicyDHGroup | .1.3.6.1.4.1.6527.3.1.2.48.4.1.6 |
| tmnxIkePolicyPFSEnabled The value of tmnxIkePolicyPFSEnabled specifies whether
PFS (perfect forward secrecy) on the tunnel using this policy
is enabled or not. When tmnxIkePolicyPFSDHGroup has a value
o… | column | SNMPv2-TCTruthValue | .1.3.6.1.4.1.6527.3.1.2.48.4.1.7 |
| tmnxIkePolicyAuthAlgorithm obsolete The value of tmnxIkePolicyAuthAlgorithm specifies the Hashing
algorithm used in the phase 1 SA.
This object has been marked obsolete in SROS Release 15.0. The
funct… | column | TIMETRA-TC-MIBTmnxAuthAlgorithm | .1.3.6.1.4.1.6527.3.1.2.48.4.1.9 |