ipsecGlobals
FEC-IPSEC-MIB ·
.0.1
Object
node
No description available.
Context
- MIB
- FEC-IPSEC-MIB
- OID
.0.1- Type
- node
- Children
- 37
Syntax
No syntax metadata recorded.
Values & Constraints
No enumerated values or constraints recorded.
Related Objects
Child Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| ipsecGlobPeerIndex Index of first IPsec peer in ipsecPeerTable.
If this object is set to a Value <= 0, IPSec is switched
explicitly off. If the peer referenced by this object does not
exist in the t… | scalar | Integer32 | .0.1.1 |
| ipsecGlobMaxSysLogLevel Maximum level for syslog messages issued by IPSec. All
messages with a level higher than this value are suppressed,
independently from other global syslog level settings.
Possib… | scalar | Enumeration | .0.1.10 |
| ipsecGlobDefaultGranularity This object specifies the default granularity used
for IPSEC SA negotiation.
Possible values:
coarse(2), -- Create only one SA for each Traffic entry
ip(3), -- Create one SA … | scalar | Enumeration | .0.1.11 |
| ipsecGlobDefaultPh1Mode This object specifies the default exchange mode used for IKE
SA negotiation.
Possible values:
id-protect(1), -- Use identity protection (main) mode
aggressive(2) -- Use agg… | scalar | Enumeration | .0.1.12 |
| ipsecGlobDefaultPfsGroup This object specifies the PFS group to use.
PFS is done only for phase 2, i.e. the Phase 1 SAs are not
deleted after phase 2 negotiation is completed.
Note however, that if the p… | scalar | Integer32 | .0.1.13 |
| ipsecGlobDefaultAuthMethod This object specifies the authentication method used by default.
If the ipsecPeerAuthMethod field of an ipsecPeerEntry and the
ikePropAuthMethod field of the ikeProposalTableEntr… | scalar | Enumeration | .0.1.2 |
| ipsecGlobIkePort This object specifies the port the IKE key management service
listens to. | scalar | Integer32 | .0.1.20 |
| ipsecGlobMaxRetries This object specifies the maximum number of retries sent by IKE
for one message. | scalar | Integer32 | .0.1.21 |
| ipsecGlobRetryTimeout0milli This object specifies the period of time in milliseconds before
an IKE message is repeated for the first time if the answer is
missing. After each retry, this timeout is increased… | scalar | milliseconds Integer32 | .0.1.22 |
| ipsecGlobRetryTimeoutMaxsec This object specifies the maximum period of time in seconds
before an IKE message is repeated if the answer is missing. The
retry timeout is not increased beyond this limit. | scalar | seconds Integer32 | .0.1.23 |
| ipsecGlobMaxNegotiationTimeoutsec This object specifies the maximum number of seconds after which
a negotiation is canceled if it is not finished. | scalar | seconds Integer32 | .0.1.24 |
| ipsecGlobMaxIkeSas This object specifies the maximum number of simultaneous ISAKMP
Security associations allowed. If this limit is reached, the
entries are removed from the database, starting with t… | scalar | Integer32 | .0.1.25 |
| ipsecGlobIgnoreCrPayloads This object specifies whether certificate request payloads
should be ignored by IKE.
Possible values:
true(1), -- ignore all certificate requests
false(2) -- process certifi… | scalar | Enumeration | .0.1.29 |
| ipsecGlobDefaultCertificate The index of the default certificate in the certTable used for
local authentication for ike keyed rules with non
pre-shared-key authentication. This may be overwritten by the
c… | scalar | Integer32 | .0.1.3 |
| ipsecGlobNoCrPayloads This object specifies whether IKE should suppress certificate
requests.
Possible values:
true(1), -- suppress certificate requests
false(2) -- send certificate requests. | scalar | Enumeration | .0.1.30 |
| ipsecGlobNoKeyHashPayloads This object specifies whether IKE should suppress key hash
payloads.
Possible values:
true(1), -- suppress key hash payloads
false(2) -- send key hash payloads. | scalar | Enumeration | .0.1.31 |
| ipsecGlobNoCrls This object specifies whether IKE should send certificate
revocation lists.
Possible values:
true(1), -- do not send certificate revocation lists
false(2) -- send certificat… | scalar | Enumeration | .0.1.32 |
| ipsecGlobSendFullCertChains This object specifies whether IKE should send full certificate
chains.
Possible values:
true(1), -- send full certificate chains
false(2) -- do not send full certificate cha… | scalar | Enumeration | .0.1.33 |
| ipsecGlobTrustIcmpMsg This object specifies whether IKE should trust icmp port and
host unreachable error messages. ICMP port and host unreachable
messages are only trusted if there have not yet been r… | scalar | Enumeration | .0.1.34 |
| ipsecGlobSpiSize A compatibility flag that specifies the length of the SPI in
bytes, which is used when an ISAKMP SA SPI (Cookie) is sent to
the remote peer.
This field takes effect only if ipse… | scalar | bytes Integer32 | .0.1.35 |
| ipsecGlobZeroIsakmpCookies This object specifies whether zeroed ISAKMP cookies should be
sent.
Possible Values:
true(1), -- send zero cookies in ISAKMP messages
false(2) -- send ISAKMP cookies. | scalar | Enumeration | .0.1.36 |
| ipsecGlobMaxKeyLength This object specifies the maximum length of an encryption key
(in bits) that is accepted from the remote end. This limit
prevents denial of service attacks where the attacker asks… | scalar | bits Integer32 | .0.1.37 |
| ipsecGlobNoInitialContact Do not send IKE initial contact messages in IKE negotiations
even if no SA's exist with a peer.
Possible values:
true(1), -- do not send initial contact messages
false(2) -- … | scalar | Enumeration | .0.1.38 |
| ipsecGlobIkeProfile This object specifies the default IKE (phase 1) profile
to use. | scalar | Integer32 | .0.1.39 |
| ipsecGlobDefaultLocalId The default ID used for local authentication for ike keyed
rules. If this is an empty or invaid id string one of the
subject alternative names or the subject name from the defau… | scalar | SNMPv2-TCDisplayString | .0.1.4 |
| ipsecGlobIpsecProfile This object specifies the default IPSec (phase 2) profile
to use. | scalar | Integer32 | .0.1.40 |
| ipsecGlobEnabled Enables/disables IPSec globally. | scalar | Enumeration | .0.1.41 |
| ipsecGlobBlockTimeout For peers with nonzero block time, the value of this object is
used instead of ipsecGlobMaxNegotiationTimeoutSec. | scalar | seconds Integer32 | .0.1.42 |
| ipsecGlobDPDIdleThreshold The minimum idle time period after which a dpd request is sent. | scalar | seconds Integer32 | .0.1.43 |
| ipsecGlobDPDMaxRetries The number of DPD retries sent before a peer is considered dead. | scalar | Integer32 | .0.1.44 |
| ipsecGlobDPDRetryTimeout The number of seconds between retries. | scalar | seconds Integer32 | .0.1.45 |
| ipsecGlobIkev2Enabled Enables/disables IKEv2 globally. | scalar | Enumeration | .0.1.46 |
| ipsecGlobDefaultIpsecProposal Index of default ipsec proposal used for traffic entries with
empty ipsec proposal, defined for peers with empty default
ipsec proposal. | scalar | Integer32 | .0.1.5 |
| ipsecGlobDefaultIkeProposal Index of default ike proposal used for peers with empty default
ike proposal. | scalar | Integer32 | .0.1.6 |
| ipsecGlobDefaultIpsecLifeTime Index of default lifetime for ike SA's in ipsecLifeTimeTable.
This lifetime is used, when there is no valid lifetime entry
specified for an IPsec peer entry. | scalar | seconds Integer32 | .0.1.7 |
| ipsecGlobDefaultIkeLifeTime This object specifies an index in the ipsecLifeTimeTable with the
default lifetime settings used for IKE SA's.
This lifetime is used whenever there is no valid lifetime entry
sp… | scalar | seconds Integer32 | .0.1.8 |
| ipsecGlobDefaultIkeGroup Index of default IKE group used if no IKE group is defined for a peer.
Possible values:
1 (768 bit MODP),
2 (1024 bit MODP),
5 (1536 bit MODP). | scalar | Integer32 | .0.1.9 |