ipsecPrfPfsGroup
FEC-IPSEC-MIB ·
.0.15.1.4
Object
column
r/w
Integer32
The Diffie Hellman group used for additional Perfect
Forward Secrecy (PFS) DH exponentiations.
Possible values:
-1: do not use PFS
0: use value from default profile (do not use PFS
if this is the default profile)
1: a 768-bit MODP group,
2: a 1024-bit MODP group,
5: a 1536-bit MODP group.
Context
- MIB
- FEC-IPSEC-MIB
- OID
.0.15.1.4- Type
- column
- Access
- readwrite
- Status
- current
- Parent
- ipsecProfileEntry
- Table
- ipsecProfileTable
- Siblings
- 14
Syntax
Integer32
Values & Constraints
Object Constraints
range: -1-5
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| ipsecPrfIndex A unique index identifying this entry. | column | Integer32 | .0.15.1.1 |
| ipsecPrfVerifyPad This object is a compatibility option for older ipsec
implementations. It enables or disables an old way of ESP
padding (no self describing padding).
Possible values:
true(1)… | column | Enumeration | .0.15.1.10 |
| ipsecPrfForceTunnelMode This object specifies the strategy when transport mode is used.
By default, the system always uses transport mode, if possible.
If this variable is set to true, always tunnel mode… | column | Enumeration | .0.15.1.11 |
| ipsecPrfLifeSeconds The maximum time (in seconds) after which an SA will be
deleted. | column | seconds SNMPv2-SMIUnsigned32 | .0.15.1.16 |
| ipsecPrfLifeKBytes The maximum amount of data (in KB) which may be protected
by an SA before it is deleted. | column | kilo bytes SNMPv2-SMIUnsigned32 | .0.15.1.17 |
| ipsecPrfLifeRekeyPercent The percentage of the lifetimes (traffic and time based)
after which rekeying is started. | column | Integer32 | .0.15.1.18 |
| ipsecPrfLifePolicy This object specifies the way a lifetime proposal is
handled. Possible values:
loose(1), -- accept and use anything proposed
strict(2), -- accept and use only what is configure… | column | Enumeration | .0.15.1.19 |
| ipsecPrfDescription An optional description for this profile. | column | SNMPv2-TCDisplayString | .0.15.1.2 |
| ipsecPrfProposal The index of the IPSec proposal used for this profile. | column | Integer32 | .0.15.1.3 |
| ipsecPrfLifeTime This object specifies an index in the
ipsecLifeTimeTable.
The usage of this object is deprecated, use the ipsecPrfLifeXxx
variables directly instead. | column | Integer32 | .0.15.1.5 |
| ipsecPrfHeartbeats This object specifies whether heartbeats should be sent
over phase 2 SAs for this profile (heartbeats are not
used for IPv6).
Possible values:
none(1), -- neither send no… | column | Enumeration | .0.15.1.6 |
| ipsecPrfPmtuDiscovery This object specifies the PMTU discovery policy for this peer.
Possible values:
disabled(1), -- do not perform PMTU discovery
enabled(2) -- perform PMTU discovery
default(… | column | Enumeration | .0.15.1.7 |
| ipsecPrfGranularity This object specifies the granularity with which SA's
are created with this profile.
Possible values:
default(1), -- use granulaity settings from default profile
-- (coarse i… | column | Enumeration | .0.15.1.8 |
| ipsecPrfKeepAlive This object specifies whether IKE SA's
are rekeyed even if there was no data transferred over
them.
Possible values:
true(1), -- rekey SA's even if no data was transferred
f… | column | Enumeration | .0.15.1.9 |