ikePrfCert
FEC-IPSEC-MIB ·
.0.14.1.7
Object
column
r/w
Integer32
The index of the certificate used for authentication in the certTable. Ignored for AuthMethod == pre_shared_key.
Context
- MIB
- FEC-IPSEC-MIB
- OID
.0.14.1.7- Type
- column
- Access
- readwrite
- Status
- current
- Parent
- ikeProfileEntry
- Table
- ikeProfileTable
- Siblings
- 18
Syntax
Integer32
Values & Constraints
Object Constraints
range: 0-32767
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| ikePrfIndex A unique index identifying this entry. | column | Integer32 | .0.14.1.1 |
| ikePrfLifeTime This object specifies an index in the ipsecLifeTimeTable with the
lifetime settings to be used for IKE SA negotiation with this profile.
If the lifetime pointed to by this index … | column | Integer32 | .0.14.1.10 |
| ikePrfPfsIdentity This object specifies whether IKE SA's should be deleted
immediately after a phase 2 (IPSec-) SA pair has been
negotiated.
The consequence of enabling this feature is that before… | column | Enumeration | .0.14.1.11 |
| ikePrfHeartbeats This object specifies whether heartbeats should be sent
over phase 1 SAs for this profile (heartbeats are not
used for IPv6).
Possible values:
none(1), -- neither send no… | column | Enumeration | .0.14.1.12 |
| ikePrfBlockTime This object specifies the time in seconds for which a peer is
blocked for any IPSec operations after a phase 1 initiator
negotiation failed.
Special values:
-1: use settings fr… | column | seconds Integer32 | .0.14.1.13 |
| ikePrfNatT This object specifies whether NAT-Traversal is enabled
Possible values:
enabled(1), -- enable Nat-Traversal
disabled(2), -- disable Nat-Traversal
default(3) -- use value fro… | column | Enumeration | .0.14.1.14 |
| ikePrfMtuMax The maximum MTU value allowed for ipsecPeerStatMtu.
Zero means use value from global profile,
if this is the global profile, 1418 is assumed.
Nonzero values smaller than 214 are … | column | Integer32 | .0.14.1.15 |
| ikePrfLifeSeconds The maximum time (in seconds) after which an SA will be
deleted. | column | seconds SNMPv2-SMIUnsigned32 | .0.14.1.16 |
| ikePrfLifeKBytes The maximum amount of data (in KB) which may be protected
by an SA before it is deleted. | column | kilo bytes SNMPv2-SMIUnsigned32 | .0.14.1.17 |
| ikePrfLifeRekeyPercent obsolete WARNING: this object is obsolete and must not be used. | column | Integer32 | .0.14.1.18 |
| ikePrfLifePolicy This object specifies the way a lifetime proposal is
handled. Possible values:
loose(1), -- accept and use anything proposed
strict(2), -- accept and use only what is configure… | column | Enumeration | .0.14.1.19 |
| ikePrfDescription An optional description for this profile. | column | SNMPv2-TCDisplayString | .0.14.1.2 |
| ikePrfAuthMethod This object specifies the authentication method used for this profile.
Possible values:
pre-sh-key(1), -- Authentication using pre shared keys
dss-sig(2), -- Authentication u… | column | Enumeration | .0.14.1.3 |
| ikePrfMode This object specifies the exchange mode used for IKE
SA negotiation.
Possible values:
id-protect(1), -- Use identity protection (main) mode
aggressive(2), -- Use aggressi… | column | Enumeration | .0.14.1.4 |
| ikePrfProposal The index of the first IKE proposal which may be used
for IKE SA negotiation with this profile. | column | Integer32 | .0.14.1.5 |
| ikePrfGroup This object specifies the IKE group to use with this profile.
Possible values:
1: a 768-bit MODP group
2: a 1024-bit MODP group
5: a 1536-bit MODP group | column | Integer32 | .0.14.1.6 |
| ikePrfLocalId The local ID used for authentication with this profile.
Syntax:
- X500 distinguished name:
<obj-name=obj-value, obj-ID=obj-value, ...>
- IPV4-Address:
|123.456.789.012… | column | SNMPv2-TCDisplayString | .0.14.1.8 |
| ikePrfCaCerts Receives a comma separated list with indices (0..32767)
of special certificate authority certificates accepted
for this profile. | column | SNMPv2-TCDisplayString | .0.14.1.9 |