hm2VpnConnIkeAuthLocType
HM2-VPN-MIB ·
.1.3.6.1.4.1.248.11.120.1.2.10.1.17
Object
column
r/w
Enumeration
Type of local peer identifier in 'hm2VpnConnIkeAuthLocId':
o default: If 'hm2VpnConnIkeAuthType' is 'psk' then
use the IP address or host name from
'hm2VpnConnIkeLocalAddr' as local identifier.
In case of 'individualx509' or 'pkcs12'
use the DN from local certificate in
'hm2VpnConnIkeAuthCertLocal'.
o address: use the IP address or DNS name from
'hm2VpnConnIkeLocalAddr'
as local identifier.
o id: use the configured value in hm2VpnConnIkeAuthLocId
(it can be of any type in the description).
For further information see RFC 2407, section 4.6.2
Context
- MIB
- HM2-VPN-MIB
- OID
.1.3.6.1.4.1.248.11.120.1.2.10.1.17- Type
- column
- Access
- readwrite
- Status
- current
- Parent
- hm2VpnConnEntry
- Table
- hm2VpnConnTable
- Siblings
- 33
Syntax
Enumeration
Values & Constraints
Enumerated Values
1 | default |
2 | address |
3 | id |
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| hm2VpnConnIndex An index that uniquely identifies the entry in the
table. | column | Integer32 | .1.3.6.1.4.1.248.11.120.1.2.10.1.1 |
| hm2VpnConnIkeAuthCertCA PEM encoded X.509 certificate file name (RFC 1422),
if authentication type in 'hm2VpnConnIkeAuthType'
is 'individualx509'. This certificate is used for RSA based
signature verific… | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.10 |
| hm2VpnConnIkeAuthCertRemote PEM encoded X.509 certificate file name (RFC 1422),
if authentication type in 'hm2VpnConnIkeAuthType'
is 'individualx509'. This certificate is used for RSA based
authentication of… | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.11 |
| hm2VpnConnIkeAuthCertLocal PEM encoded X.509 certificate file name (RFC 1422)
to be used, if authentication type in
'hm2VpnConnIkeAuthType' is 'individualx509' or 'pkcs12'.
This certificate is used for aut… | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.12 |
| hm2VpnConnIkeAuthPrivKey Private key file name to be used, if authentication
type in 'hm2VpnConnIkeAuthType' is 'individualx509' and
the key stored on the device is encrypted with a passphrase
(so it can… | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.13 |
| hm2VpnConnIkeAuthPasswd Passphrase to be used for decryption of private key
from 'hm2VpnConnIkeAuthPrivKey' or the certificate container
for 'pkcs12' type certificates which are uploaded encrypted. | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.14 |
| hm2VpnConnIkeAuthPsk Pre-shared key (passphrase) to be used if
authentication type in 'hm2VpnConnIkeAuthType'
is 'psk'. The pre-shared key sequence cannot contain
newline or double-quote characters.
… | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.15 |
| hm2VpnConnIkeAuthLocId Local peer identifier to be sent within ID
payload during negotiation. The ID payload is
used to identify the initiator of the security
association. The identity is used by the
re… | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.16 |
| hm2VpnConnIkeAuthRemId Remote peer identifier to be compared with ID
payload during negotiation. The ID payload is
used to identify the initiator of the security
association. The identity is used by the… | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.18 |
| hm2VpnConnIkeAuthRemType Type of remote peer identifier in hm2VpnConnIkeAuthRemId:
o any: received remote identifier is not checked
o address: use the IP address or host name from
'hm2VpnCo… | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.19 |
| hm2VpnConnIkeVersion Version of the IKE protocol:
o ike: accept IKEv1/v2 as responder, start with IKEv2 as initiator
o ikev1: used protocol is IKE version 1 (ISAKMP)
o ikev2: used protocol is IKE vers… | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.2 |
| hm2VpnConnIkeAlgDh Diffie-Hellman key agreement algorithm to be used
for establishment of IKE-SA:
o any: accept all supported algorithms as responder, use default as initiator
o modp1024: RSA with… | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.20 |
| hm2VpnConnIkeAlgMac Integrity (MAC) algorithm to be used in IKEv2:
o any: accept all supported algorithms as responder, use various pre-defined
as initiator
o hmacmd5: HMAC-MD5 (length 96 b… | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.21 |
| hm2VpnConnIkeAlgEncr Encryption algorithm to be used in IKE:
o any: accept all supported algorithms as responder, use various pre-defined
as initiator
o des: DES
o des3: Triple-DES
o aes12… | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.22 |
| hm2VpnConnIkeReAuth whether re-keying of an IKE_SA should also re-authenticate the peer.
In IKEv1, re-authentication is always done (also when set to false).
In IKEv2, a value of false does re-keyin… | column | SNMPv2-TCTruthValue | .1.3.6.1.4.1.248.11.120.1.2.10.1.23 |
| hm2VpnConnIpsecMode IPsec encapsulation mode. | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.24 |
| hm2VpnConnIpsecLifetime Lifetime of IPsec security association in seconds.
The maximum value is 8 hours (28800 seconds). | column | Integer32 | .1.3.6.1.4.1.248.11.120.1.2.10.1.25 |
| hm2VpnConnMargintime How long before connection expiry or keying-channel expiry
should attempts to negotiate a replacement begin.
The maximum value is half an hour (1800 seconds).
The margin time nee… | column | Integer32 | .1.3.6.1.4.1.248.11.120.1.2.10.1.26 |
| hm2VpnConnIpsecAlgDh Diffie-Hellman key agreement algorithm to be used
for IPsec-SA session key establishment:
o any: accept all supported algorithms as responder, use various pre-defined
as … | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.27 |
| hm2VpnConnIpsecAlgMac Integrity (MAC) algorithm to be used in IPsec:
o any: accept all supported algorithms as responder, use various pre-defined
as initiator
o hmacmd5: HMAC-MD5 (length 96 b… | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.28 |
| hm2VpnConnIpsecAlgEncr Encryption algorithm to be used for payload
encryption in IPsec:
o any: accept all supported algorithms as responder, use various pre-defined
as initiator
o des: DES
o … | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.29 |
| hm2VpnConnIkeStartup If this host acts as a responder it does not
initiate a key exchange (IKE) nor connection
parameters negotiation. Otherwise, this host acts
as an initiator - then it initiates an … | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.3 |
| hm2VpnConnOperStatus The current operational status of the VPN
connection:
o 'up': the IKE-SA and all IPsec-SAs are up;
o 'down': the IKE-SA and all IPsec-SAs are down;
o 'negotiation': key exchange a… | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.30 |
| hm2VpnConnDesc User defined text. | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.31 |
| hm2VpnConnLastError Last error notification occurred for this
connection. This is useful if the connection
does not reach the up state to see if an error
has occurred in the proposal exchange or wh… | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.32 |
| hm2VpnConnDebug Used for debugging purpose of the VPN connections.
May affect the performance significant.
Please handle with care. If the bit is set
informational(0) messages,
unhandled(1) messa… | column | Bits | .1.3.6.1.4.1.248.11.120.1.2.10.1.33 |
| hm2VpnConnRowStatus The row status of this table entry. If the row
status is 'active' then it is not allowed to
change any value (this applies also to active
traffic selectors). The maximum number of… | column | SNMPv2-TCRowStatus | .1.3.6.1.4.1.248.11.120.1.2.10.1.34 |
| hm2VpnConnIkeLifetime Lifetime of IKE security association in seconds.
The maximum value is 24 hours (86400 seconds). | column | Integer32 | .1.3.6.1.4.1.248.11.120.1.2.10.1.4 |
| hm2VpnConnIkeDpdTimeout If greater than zero, the local peer sends Dead
Peer Detection (DPD) messages (according to RFC
3706) to the remote peer. This value specifies
the timeout in seconds, the remote p… | column | Integer32 | .1.3.6.1.4.1.248.11.120.1.2.10.1.5 |
| hm2VpnConnIkeLocalAddr Hostname (FQDN) or IP address of local
security gateway. If the value is 'any', then the
IP address of the matching interface is
used. Establishing the connection may be
delayed u… | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.6 |
| hm2VpnConnIkeRemoteAddr Typically the hostname (FQDN) or IP address of
remote security gateway. If this value is 'any',
then any IP address is accepted when establishing
an IKE-SA as responder. Also a ne… | column | OctetString | .1.3.6.1.4.1.248.11.120.1.2.10.1.7 |
| hm2VpnConnIkeAuthType Type of authentication to be used: pre-shared key,
individual X509 certificates (separate for CA and
local identification) or one PKCS12 container with
all the needed certificat… | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.8 |
| hm2VpnConnIkeAuthMode The phase 1 exchange mode to be used (IKEv1). | column | Enumeration | .1.3.6.1.4.1.248.11.120.1.2.10.1.9 |