| Scalar Object |
| cisgIpsSgGlobalStatsEntry | .1.3.6.1.4.1.9.9.438.1.1.1.1 |
Each entry contains the global statistics pertaining
to a specific signaling protocol.
|
| cisgIpsSgTunnelEntry | .1.3.6.1.4.1.9.9.438.1.1.2.1 |
Each entry contains the attributes associated with
an active Phase-1 control Tunnel.
|
| cisgIpsSgHistTableSize | .1.3.6.1.4.1.9.9.438.1.3.1.1.1 |
The window size of the control tunnel
History Tables.
The control tunnel history table is implemented as
a sliding window in which at most the last
'cisgIpsSgHistTableSize' entries are maintained.
This object is, hence, used to control the size of
the tunnel history table.
An implementation may choose suitable values for this
element based on the available resources.
If an SNMP SET request specifies a value outside this
window for this element, in appropriate SNMP error
code should be returned.
Setting this value to zero is equivalent to deleting
all conceptual rows in the archiving table
('cisgIpsSgTunnelHistTable') and disabling the
archiving of entries in the tables.
|
| cisgIpsSgTunnelHistEntry | .1.3.6.1.4.1.9.9.438.1.3.2.1 |
Each entry contains the attributes associated with
a previously active control Tunnel.
|
| cisgIpsSgFailTableSize | .1.3.6.1.4.1.9.9.438.1.4.1.1.1 |
The window size of the Internet Key Exchange Failure
Tables.
The Failure Table is implemented as a sliding window
in which only the last 'cisgIpsSgFailTableSize' entries
are maintained. This object is used specify the number
of entries which will be maintained in the control
tunnel Failure Table.
An implementation may choose suitable minimum and
maximum values for this element based on the local
policy and available resources. If an SNMP SET
request specifies a value outside this window for
this element, an appropriate SNMP error code must
be returned.
Setting this value to zero is equivalent to
deleting all conceptual rows in the archiving
tables ('cisgIpsSgFailTable') and disabling the
archiving of entries in this table.
|
| cisgIpsSgFailEntry | .1.3.6.1.4.1.9.9.438.1.4.2.1 |
Each entry contains the attributes associated
with an Phase-1 failure.
|
| cisgIpsSgNotifCntlAllNotifs | .1.3.6.1.4.1.9.9.438.1.5.1 |
This object acts as the knob that controls the
the administrative state of sending any notification
defined in this MIB module. That is, a particular
notification 'foo' defined in this MIB module is
enabled if and only if the expression
cisgIpsSgNotifCntlAllNotifs && cisgIpsSgNotifCntl<foo>
evaluates to 'true'.
|
| cisgIpsSgNotifCntlTunnelStart | .1.3.6.1.4.1.9.9.438.1.5.2 |
This object defines the administrative state of
sending the Control Tunnel Start notification.
If the value of this object is 'true', the issuing
of the notification 'cisgIpsSgTunnelStart' is enabled.
|
| cisgIpsSgNotifCntlTunnelStop | .1.3.6.1.4.1.9.9.438.1.5.3 |
This object defines the administrative state
of sending the Control Tunnel Stop notification.
If the value of this object is 'true', the issuing
of the notification 'cisgIpsSgTunnelStop' is enabled.
|
| cisgIpsSgNotifCntlSysFailure | .1.3.6.1.4.1.9.9.438.1.5.4 |
This object defines the administrative state
of sending the System Failure notification.
If the value of this object is 'true', the issuing
of the notification 'ciscoIpsSgSysFailure' is enabled.
|
| cisgIpsSgNotifCntlCertCrlFail | .1.3.6.1.4.1.9.9.438.1.5.5 |
This object defines the administrative
state of sending the Certificate/CRL Failure
notification.
If the value of this object is 'true', the issuing
of the notification 'ciscoIpsSgCertCrlFailure' is
enabled.
|
| Tabular Object |
| cisgIpsSgProtocol | .1.3.6.1.4.1.9.9.438.1.1.1.1.1 |
The identity of the signaling protocol used by the
control tunnel corresponding to this conceptual row.
|
| cisgIpsSgGlobalActiveTunnels | .1.3.6.1.4.1.9.9.438.1.1.1.1.2 |
The number of currently active Phase-1
control tunnels.
|
| cisgIpsSgGlobalPreviousTunnels | .1.3.6.1.4.1.9.9.438.1.1.1.1.3 |
High capacity counter to accumulate the
total number of Phase-1 control tunnels that
are no longer active.
|
| cisgIpsSgGlobalInOctets | .1.3.6.1.4.1.9.9.438.1.1.1.1.4 |
The total number of octets received by all
currently and previously active Phase-1
Control Tunnels.
|
| cisgIpsSgGlobalInPkts | .1.3.6.1.4.1.9.9.438.1.1.1.1.5 |
The total number of packets received by all currently
and previously active Phase-1 Control Tunnels.
|
| cisgIpsSgGlobalInDropPkts | .1.3.6.1.4.1.9.9.438.1.1.1.1.6 |
The total number of packets which were dropped
during receive processing by all currently and
previously active Phase-1 Control Tunnels.
|
| cisgIpsSgGlobalInNotifys | .1.3.6.1.4.1.9.9.438.1.1.1.1.7 |
The total number of notification payloads received by all
currently and previously active Phase-1 Control Tunnels.
|
| cisgIpsSgGlobalInP2SaDelReqs | .1.3.6.1.4.1.9.9.438.1.1.1.1.8 |
The total number of Phase-2 security association delete
requests received by all currently and previously
active and Phase-1 Control Tunnels.
|
| cisgIpsSgGlobalOutOctets | .1.3.6.1.4.1.9.9.438.1.1.1.1.9 |
The total number of octets sent by all currently
and previously active and Phase-1 Control
Tunnels.
|
| cisgIpsSgGlobalOutPkts | .1.3.6.1.4.1.9.9.438.1.1.1.1.10 |
The total number of packets sent by all currently
and previously active and Phase-1 Control Tunnels.
|
| cisgIpsSgGlobalOutDropPkts | .1.3.6.1.4.1.9.9.438.1.1.1.1.11 |
The total number of packets which were dropped
during send processing by all currently and previously
active Phase-1 Control Tunnels.
|
| cisgIpsSgGlobalOutNotifys | .1.3.6.1.4.1.9.9.438.1.1.1.1.12 |
The total number of notification payloads sent by all
currently and previously active Phase-1 Control Tunnels.
|
| cisgIpsSgGlobalOutP2SaDelReqs | .1.3.6.1.4.1.9.9.438.1.1.1.1.13 |
The total number of Phase-2 tunnel delete requests
sent by all currently and previously active Phase-1
Control Tunnels.
|
| cisgIpsSgGlobalInitTunnels | .1.3.6.1.4.1.9.9.438.1.1.1.1.14 |
The total number of Phase-1 currently and previously active
Control Tunnels which were locally initiated.
|
| cisgIpsSgGlobalInitTunnelFails | .1.3.6.1.4.1.9.9.438.1.1.1.1.15 |
The total number of Phase-1 currently and previously active
Control Tunnels which were locally initiated and
failed to activate.
|
| cisgIpsSgGlobalRespTunnels | .1.3.6.1.4.1.9.9.438.1.1.1.1.16 |
The total number of Phase-1 currently and previously active
Control Tunnels which were remotely initiated.
|
| cisgIpsSgGlobalRespTunnelFails | .1.3.6.1.4.1.9.9.438.1.1.1.1.17 |
The total number of Phase-1 currently and previously active
Control Tunnels which were remotely initiated and failed
to activate.
|
| cisgIpsSgGlobalSysCapFails | .1.3.6.1.4.1.9.9.438.1.1.1.1.18 |
The total number of system capacity failures
which occurred during processing of all current
and previously active Phase-1 Control Tunnels.
|
| cisgIpsSgGlobalAuthFails | .1.3.6.1.4.1.9.9.438.1.1.1.1.19 |
The total number of authentications which ended
in failure by all current and previous Phase-1
Control Tunnels.
|
| cisgIpsSgGlobalDecryptFails | .1.3.6.1.4.1.9.9.438.1.1.1.1.20 |
The total number of decryption operations in all current
and previous Phase-1 Control Tunnels which failed to yield
the original payload.
|
| cisgIpsSgGlobalHashValidFails | .1.3.6.1.4.1.9.9.438.1.1.1.1.21 |
The total number of hash validation operations in all
current and previous Phase-1 Control Tunnels which resulted
in failure.
|
| cisgIpsSgGlobalBadTunnelRefs | .1.3.6.1.4.1.9.9.438.1.1.1.1.22 |
The total number of incoming packets that refer to
non-existent Phase-1 control tunnels which occurred during
processing of all current and previous Phase-1 Control
Tunnels.
|
| cisgIpsSgGlobalInP1SaDelReqs | .1.3.6.1.4.1.9.9.438.1.1.1.1.23 |
The total number of Phase-1 security association
delete requests received by all currently and
previously active and Phase-1 Control Tunnels.
|
| cisgIpsSgGlobalOutP1SaDelReqs | .1.3.6.1.4.1.9.9.438.1.1.1.1.24 |
The total number of Phase-1 security association
delete requests sent by all currently and
previously active and Phase-1 Control Tunnels.
|
| cisgIpsSgTunIndex | .1.3.6.1.4.1.9.9.438.1.1.2.1.1 |
The index of the Phase-1 Tunnel Table.
The value of the index is a number which begins
at 1 and is incremented with each tunnel that is
created. The value of this object will wrap at
4,294,967,296.
|
| cisgIpsSgTunLocalType | .1.3.6.1.4.1.9.9.438.1.1.2.1.2 |
The type of the identity used by the managed entity
authenticating itself to the peer in the setup of the
tunnel corresponding to this conceptual row.
|
| cisgIpsSgTunLocalValue | .1.3.6.1.4.1.9.9.438.1.1.2.1.3 |
The value of the local peer identity.
|
| cisgIpsSgTunLocalAddressType | .1.3.6.1.4.1.9.9.438.1.1.2.1.4 |
The type of the address of the local endpoint of
the Phase-1 Tunnel.
|
| cisgIpsSgTunLocalAddress | .1.3.6.1.4.1.9.9.438.1.1.2.1.5 |
The address of the local endpoint for
the Phase-1 Tunnel.
|
| cisgIpsSgTunLocalName | .1.3.6.1.4.1.9.9.438.1.1.2.1.6 |
The DNS name of the local IP address for the Phase-1
Tunnel. If the DNS name associated with the local tunnel
endpoint is not known, then the value of this
object will be a zero-length string.
|
| cisgIpsSgTunRemoteType | .1.3.6.1.4.1.9.9.438.1.1.2.1.7 |
The type of the identity used by the remote peer in
authenticating itself to the local peer in the
setup of the tunnel corresponding to this
conceptual row.
|
| cisgIpsSgTunRemoteValue | .1.3.6.1.4.1.9.9.438.1.1.2.1.8 |
The value of the remote peer identity.
|
| cisgIpsSgTunRemoteAddressType | .1.3.6.1.4.1.9.9.438.1.1.2.1.9 |
The type of the address of the remote endpoint for
the Phase-1 Tunnel.
|
| cisgIpsSgTunRemoteAddress | .1.3.6.1.4.1.9.9.438.1.1.2.1.10 |
The address of the remote endpoint of the
Phase-1 Tunnel.
|
| cisgIpsSgTunRemoteName | .1.3.6.1.4.1.9.9.438.1.1.2.1.11 |
The DNS name of the remote address of Phase-1
Tunnel. If the DNS name associated with the remote
tunnel endpoint is not known, then the value of this
object will be a zero-length string.
|
| cisgIpsSgTunEncryptAlgo | .1.3.6.1.4.1.9.9.438.1.1.2.1.12 |
The encryption algorithm used in Phase-1 negotiations on the
control tunnel corresponding to this conceptual row.
|
| cisgIpsSgTunEncryptKeySize | .1.3.6.1.4.1.9.9.438.1.1.2.1.13 |
The size in bits of the key used for encrypting
payloads by the tunnel corresponding to this
conceptual row.
|
| cisgIpsSgTunHashAlgo | .1.3.6.1.4.1.9.9.438.1.1.2.1.14 |
The hash algorithm used in Phase-1 negotiations on the
control tunnel corresponding to this conceptual row.
|
| cisgIpsSgTunAuthMethod | .1.3.6.1.4.1.9.9.438.1.1.2.1.15 |
The authentication method used in Phase-1 negotiations
on the control tunnel corresponding to this conceptual row.
|
| cisgIpsSgTunLifeTime | .1.3.6.1.4.1.9.9.438.1.1.2.1.16 |
The negotiated LifeTime of the Phase-1 Tunnel in seconds.
|
| cisgIpsSgTunActiveTime | .1.3.6.1.4.1.9.9.438.1.1.2.1.17 |
The length of time the Phase-1 tunnel has been
active in hundredths of seconds.
|
| cisgIpsSgTunInOctets | .1.3.6.1.4.1.9.9.438.1.1.2.1.18 |
The total number of octets received by this Phase-1 Tunnel.
|
| cisgIpsSgTunInPkts | .1.3.6.1.4.1.9.9.438.1.1.2.1.19 |
The total number of packets received by this Phase-1
Tunnel.
|
| cisgIpsSgTunInDropPkts | .1.3.6.1.4.1.9.9.438.1.1.2.1.20 |
The total number of packets dropped by this Phase-1
Tunnel during receive processing.
|
| cisgIpsSgTunInNotifys | .1.3.6.1.4.1.9.9.438.1.1.2.1.21 |
The total number of notification payloads received by
this Phase-1 Tunnel.
|
| cisgIpsSgTunOutOctets | .1.3.6.1.4.1.9.9.438.1.1.2.1.22 |
The total number of octets sent by this Phase-1 Tunnel.
|
| cisgIpsSgTunOutPkts | .1.3.6.1.4.1.9.9.438.1.1.2.1.23 |
The total number of packets sent by this Phase-1 Tunnel.
|
| cisgIpsSgTunOutDropPkts | .1.3.6.1.4.1.9.9.438.1.1.2.1.24 |
The total number of packets dropped by this Phase-1 Tunnel
during send processing.
|
| cisgIpsSgTunOutNotifys | .1.3.6.1.4.1.9.9.438.1.1.2.1.25 |
The total number of notification payloads sent by this
Phase-1 Tunnel.
|
| cisgIpsSgTunOutP2SaDelReqs | .1.3.6.1.4.1.9.9.438.1.1.2.1.26 |
The total number of Phase-2 security association
delete requests sent by this Phase-1 Tunnel.
|
| cisgIpsSgTunStatus | .1.3.6.1.4.1.9.9.438.1.1.2.1.27 |
The status of the MIB table row.
|
| cisgIpsSgTunAction | .1.3.6.1.4.1.9.9.438.1.1.2.1.28 |
The action to be taken on this tunnel.
If 'clear', then this tunnel is cleared.
If 'rekey', then rekeying is forced on this tunnel.
The value 'none' would be returned on doing read of this
object. |
| cisgIpsSgTunHistIndex | .1.3.6.1.4.1.9.9.438.1.3.2.1.1 |
The index of the Phase-1 Control Tunnel History
Table. This object has no relationship to the
cisgIpsSgTunIndex of the tunnel when it was active.
The value of the index is a number which
begins at one and is incremented with each
tunnel that ends. The value of this object
will wrap at 4,294,967,296.
|
| cisgIpsSgTunHistTermReason | .1.3.6.1.4.1.9.9.438.1.3.2.1.2 |
The reason the Phase-1 Control Tunnel was terminated.
Possible reasons include:
1 = other
2 = normal termination
3 = operator request
4 = peer delete request was received
5 = contact with peer was lost
6 = applicationInitiated (eg: L2TP requesting
the termination)
7 = failure of extended user authentication
8 = local failure occurred.
|
| cisgIpsSgTunHistActiveIndex | .1.3.6.1.4.1.9.9.438.1.3.2.1.3 |
The index of the previously active
Control Tunnel. This object must correspond
to an expired IKE tunnel.
|
| cisgIpsSgTunHistPeerLocalType | .1.3.6.1.4.1.9.9.438.1.3.2.1.4 |
The type of local peer identity.
|
| cisgIpsSgTunHistPeerLocalValue | .1.3.6.1.4.1.9.9.438.1.3.2.1.5 |
The value of the local peer identity.
|
| cisgIpsSgTunHistPeerIntIndex | .1.3.6.1.4.1.9.9.438.1.3.2.1.6 |
The arbitrary index to keep local-remote peer
association. This index is used to
uniquely identify multiple associations between
the local and remote peer.
|
| cisgIpsSgTunHistPeerRemoteType | .1.3.6.1.4.1.9.9.438.1.3.2.1.7 |
The type of remote peer identity.
|
| cisgIpsSgTunHistPeerRemoteValue | .1.3.6.1.4.1.9.9.438.1.3.2.1.8 |
The value of the remote peer identity.
|
| cisgIpsSgTunHistLocalAddrType | .1.3.6.1.4.1.9.9.438.1.3.2.1.9 |
The type of the address of the local endpoint
for the control tunnel.
|
| cisgIpsSgTunHistLocalAddr | .1.3.6.1.4.1.9.9.438.1.3.2.1.10 |
The address of the local endpoint for the
control tunnel.
|
| cisgIpsSgTunHistLocalName | .1.3.6.1.4.1.9.9.438.1.3.2.1.11 |
The DNS name of the local address for the control
Tunnel. If the DNS name associated with the local
tunnel endpoint is not known, then the value of this
object will be a zero-length string.
|
| cisgIpsSgTunHistRemoteAddrType | .1.3.6.1.4.1.9.9.438.1.3.2.1.12 |
The type of the address of the remote endpoint
for the control Tunnel.
|
| cisgIpsSgTunHistRemoteAddr | .1.3.6.1.4.1.9.9.438.1.3.2.1.13 |
The address of the remote endpoint for the
control Tunnel.
|
| cisgIpsSgTunHistRemoteName | .1.3.6.1.4.1.9.9.438.1.3.2.1.14 |
The DNS name of the remote address of
control Tunnel. If the DNS name associated with
the remote tunnel endpoint is not known, then the
value of this object will be a zero-length string.
|
| cisgIpsSgTunHistEncryptAlgo | .1.3.6.1.4.1.9.9.438.1.3.2.1.15 |
The encryption algorithm used in control tunnel.
|
| cisgIpsSgTunHistEncryptKeySize | .1.3.6.1.4.1.9.9.438.1.3.2.1.16 |
The size in bits of the key which was negotiated
for the control tunnel to be used with the algorithm
denoted by the column 'cisgIpsSgTunEncryptAlgo'. For
DES and 3DES the key size is respectively 56 and 168.
For AES, this will denote the negotiated key size.
|
| cisgIpsSgTunHistHashAlgo | .1.3.6.1.4.1.9.9.438.1.3.2.1.17 |
The hash algorithm used in control tunnel negotiations.
|
| cisgIpsSgTunHistAuthMethod | .1.3.6.1.4.1.9.9.438.1.3.2.1.18 |
The authentication method used in control tunnel
negotiations.
|
| cisgIpsSgTunHistLifeTime | .1.3.6.1.4.1.9.9.438.1.3.2.1.19 |
The negotiated LifeTime of the control tunnel in seconds.
|
| cisgIpsSgTunHistStartTime | .1.3.6.1.4.1.9.9.438.1.3.2.1.20 |
The value of sysUpTime in hundredths of seconds when the
control tunnel was started.
|
| cisgIpsSgTunHistActiveTime | .1.3.6.1.4.1.9.9.438.1.3.2.1.21 |
The length of time the control tunnel has been active
in hundredths of seconds.
|
| cisgIpsSgTunHistInOctets | .1.3.6.1.4.1.9.9.438.1.3.2.1.22 |
The total number of octets received by this control
tunnel.
|
| cisgIpsSgTunHistInPkts | .1.3.6.1.4.1.9.9.438.1.3.2.1.23 |
The total number of packets received by this Phase-1
control tunnel.
|
| cisgIpsSgTunHistInDropPkts | .1.3.6.1.4.1.9.9.438.1.3.2.1.24 |
The total number of packets dropped by this control
Tunnel during receive processing.
|
| cisgIpsSgTunHistInNotifys | .1.3.6.1.4.1.9.9.438.1.3.2.1.25 |
The total number of notification payloads received by
this control tunnel.
|
| cisgIpsSgTunHistInP2SaDelReqs | .1.3.6.1.4.1.9.9.438.1.3.2.1.26 |
The total number of Phase-2 tunnel delete requests
received by this control tunnel.
|
| cisgIpsSgTunHistOutOctets | .1.3.6.1.4.1.9.9.438.1.3.2.1.27 |
The total number of octets sent by this control Tunnel.
|
| cisgIpsSgTunHistOutPkts | .1.3.6.1.4.1.9.9.438.1.3.2.1.28 |
The total number of packets sent by this control Tunnel.
|
| cisgIpsSgTunHistOutDropPkts | .1.3.6.1.4.1.9.9.438.1.3.2.1.29 |
The total number of packets dropped by this control
Tunnel during send processing.
|
| cisgIpsSgTunHistOutNotifys | .1.3.6.1.4.1.9.9.438.1.3.2.1.30 |
The total number of notification payloads sent by this
control Tunnel.
|
| cisgIpsSgTunHistOutP2SaDelReqs | .1.3.6.1.4.1.9.9.438.1.3.2.1.31 |
The total number of Phase-2 tunnel delete requests
sent by this control tunnel.
|
| cisgIpsSgFailIndex | .1.3.6.1.4.1.9.9.438.1.4.2.1.1 |
The Phase-1 Failure Table index.
This object has no relationship to the
cisgIpsSgTunIndex of the tunnel when it was active.
The value of the index is a number which
begins at one and is incremented with each
Phase-1 failure. The value
of this object will wrap at 4,294,967,296.
|
| cisgIpsSgFailReason | .1.3.6.1.4.1.9.9.438.1.4.2.1.2 |
The reason for the failure. Possible reasons
include:
1 = other
2 = peer delete request was received
3 = contact with peer was lost
4 = local failure occurred
5 = authentication failure
6 = hash validation failure
7 = encryption failure
8 = internal error occurred
9 = system capacity failure
10 = proposal failure
11 = peer's certificate is unavailable
12 = peer's certificate was found invalid
13 = local certificate expired
14 = certificate revoke list (crl) failure
15 = peer encoding error
16 = Reference to a non-existent control tunnel
17 = Extended User authentication failed
18 = operator requested termination.
19 = An attempt to establish a tunnel was aborted
by the admission control policy (this could
include a simple policy that limits the maximum
active tunnels)
20 = A protocol specific reason (look in the
protocol-specific MIB for more info).
|
| cisgIpsSgFailTime | .1.3.6.1.4.1.9.9.438.1.4.2.1.3 |
The value of sysUpTime in hundredths of seconds
at the time of the failure.
|
| cisgIpsSgFailLocalType | .1.3.6.1.4.1.9.9.438.1.4.2.1.4 |
The type of local peer identity.
|
| cisgIpsSgFailLocalValue | .1.3.6.1.4.1.9.9.438.1.4.2.1.5 |
The value of the local peer identity.
|
| cisgIpsSgFailRemoteType | .1.3.6.1.4.1.9.9.438.1.4.2.1.6 |
The type of remote peer identity.
|
| cisgIpsSgFailRemoteValue | .1.3.6.1.4.1.9.9.438.1.4.2.1.7 |
The value of the remote peer identity.
|
| cisgIpsSgFailLocalAddress | .1.3.6.1.4.1.9.9.438.1.4.2.1.8 |
The address of the local peer.
The value of cisgIpsSgFailLocalType identifies the
type of the address contained in this object.
|
| cisgIpsSgFailRemoteAddress | .1.3.6.1.4.1.9.9.438.1.4.2.1.9 |
The address of the remote peer.
The value of cisgIpsSgFailLocalType identifies the
type of the address contained in this object.
|
| Table |
| cisgIpsSgGlobalStatsTable | .1.3.6.1.4.1.9.9.438.1.1.1 |
This Signaling Protocol global statistics table.
There is one row in the following table for each
signaling protocol implemented by the managed entity.
There is no row corresponding to the instance
'cpNone'.
If the managed entity implements more than one
signaling protocol, the aggregate statistics
across all the supported signaling protocols
must be computed by the network management station
manually; in other words, there is no conceptual row
in this table corresponding to 'all signaling protocols'.
|
| cisgIpsSgTunnelTable | .1.3.6.1.4.1.9.9.438.1.1.2 |
This table lists active Phase-1 control tunnels.
There is one entry in this table for each
active Control Tunnel.
|
| cisgIpsSgTunnelHistTable | .1.3.6.1.4.1.9.9.438.1.3.2 |
The control tunnel History Table. This table
lists all instances of control tunnels that were
successfully established but which are no longer in
operation. An entry transitions to this table from
the active tunnel table ('cisgIpsSgTunnelTable') into
this table after it expires, is aborted or terminated.
This table is conceptually a sliding window in
which only the last 'N' entries are maintained,
where 'N' is the value of the object
'cisgIpsSgHistTableSize'.
If the value of 'cisgIpsSgHistTableSize' is 0,
archiving of entries in this table is disabled.
|
| cisgIpsSgFailTable | .1.3.6.1.4.1.9.9.438.1.4.2 |
This is the control tunnel Table and is
implemented as a sliding window in which only the
last 'N' entries are maintained. The maximum number
of entries is specified by the object
'cisgIpsSgFailTableSize'.
The failure records are catalogued under each
signaling protocol type; that is, the first index
of this table is the signaling protocol identifier
('cisgIpsSgProtocol'). The second index
('cisgIpsSgFailIndex') identifies the failure record
uniquely in the subcategory.
Should a failure be identified before the signaling
protocol itself has been identified by the managed
entity, the failure record will be classified under
'cpUnknown'.
|
| Trap |
| ciscoIpsSgTunnelStart | .1.3.6.1.4.1.9.9.438.0.1 |
This notification is generated when an control tunnel
becomes active.
|
| ciscoIpsSgTunnelStop | .1.3.6.1.4.1.9.9.438.0.2 |
This notification is generated when an
control tunnel becomes inactive.
|
| ciscoIpsSgSysFailure | .1.3.6.1.4.1.9.9.438.0.3 |
This notification is generated when the processing
for an control Tunnel experiences an
system capacity error.
|
| ciscoIpsSgCertCrlFailure | .1.3.6.1.4.1.9.9.438.0.4 |
This notification is generated when the
processing for an control Tunnel
experiences a Certificate or a Certificate
validation (CRL or OCSP) related error.
|
| Object Identifier |
| ciscoIPsecSignalingMIB | .1.3.6.1.4.1.9.9.438 |
This MIB Module models status, performance and failures
of a protocol with the generic characteristics of signalling
protocols used with IPsec and FC-SP protocols. Examples
of such protocols include IKE, KINK, etc. This MIB views the
common attributes of such protocols. Signaling protocols are
also referred in this document as 'Control Protocols', since
they perform session control.
This MIB is an attempt to capture the generic aspects
of the signaling activity. The protocol-specific aspects
of a signaling protocol still need to be captured
in a protocol-specific MIB (e.g., CISCO-IKE-FLOW-MIB, etc.).
Acronyms
The following acronyms are used in this document:
IPsec: Secure IP Protocol
VPN: Virtual Private Network
ISAKMP: Internet Security Association and Key Exchange
Protocol
IKE: Internet Key Exchange Protocol
SA: Security Association
(ref: rfc2408).
Phase 1 Tunnel:
An ISAKMP SA can be regarded as representing
a flow of ISAKMP/IKE traffic. Hence an ISAKMP
is referred to as a 'Phase 1 Tunnel' in this
document.
Control Tunnel:
Another term for a Phase 1 Tunnel.
Phase 2 Tunnel:
An instance of a non-ISAKMP SA bundle in which all
the SA share the same proxy identifiers (IDii,IDir)
protect the same stream of application traffic.
Such an SA bundle is termed a 'Phase 2 Tunnel'.
Note that a Phase 2 tunnel may comprise different
SA bundles and different number of SA bundles at
different times (due to key refresh).
History of the MIB
A precursor to this MIB was the IPsec Flow Monitor MIB, which
combined the objects pertaining to IKE and IPsec (Phase-2)
into a single MIB module. Furthermore, the MIB supported only
one signaling protocol, IKEv1, in addition to manual keying.
The MIB was written by Tivoli and implemented in IBM Nways
routers in 1999. During late 1999, Cisco adopted the MIB and
together with Tivoli publised the IPsec Flow Monitor MIB in
IETF IPsec WG in draft-ietf-ipsec-flow-monitoring-mib-00.txt.
In 2000, the MIB was Cisco-ized and implemented as
CISCO-IPSEC-FLOW-MONITOR-MIB in IOS and VPN3000 platforms.
With the evolution of IKEv2, the MIB was modified and
presented to the IPsec WG again in May 2003 in
draft-ietf-ipsec-flow-monitoring-mib-02.txt.
With the emergence to multiple signaling protocols, it has
further evolved to define separate set of MIB modules to
instrument IPsec signaling alone. Thus, this MIB module
is now the generic IPsec signaling MIB.
Overview of MIB
The MIB contains major groups of objects which are
used to manage the generic aspects of IPsec signaling.
These groups include a global statistics, control tunnel table,
Peer association group, control tunnel history group,
signaling failure group and notification group.
The global statistics, tunnel table and peer association
groups aid in the real-time monitoring of IPsec signaling
activity.
The History group is to aid applications that do
trending analysis.
The Failure group is to enable an operator to
do troubleshooting and debugging.
Further, counters are supported to aid detection
of potential security violations.
The notifications are modeled as generic IPsec control
notifications and are parameterized by the identity of the
specific signaling protocol which caused the notification
to be issued.
|
| ciscoIPsecSigMIBNotifs | .1.3.6.1.4.1.9.9.438.0 |
| ciscoIPsecSigMIBObjects | .1.3.6.1.4.1.9.9.438.1 |
| ciscoIPsecSigMIBConform | .1.3.6.1.4.1.9.9.438.2 |
| cisgIpsSgCurrentActivity | .1.3.6.1.4.1.9.9.438.1.1 |
| cisgIpsSgPeerAssociations | .1.3.6.1.4.1.9.9.438.1.2 |
| cisgIpsSgHistory | .1.3.6.1.4.1.9.9.438.1.3 |
| cisgIpsSgFailures | .1.3.6.1.4.1.9.9.438.1.4 |
| cisgIpsSgNotificationCntl | .1.3.6.1.4.1.9.9.438.1.5 |
| cisgIpsSgHistGlobal | .1.3.6.1.4.1.9.9.438.1.3.1 |
| cisgIpsSgHistGlobalCntl | .1.3.6.1.4.1.9.9.438.1.3.1.1 |
| cisgIpsSgFailGlobal | .1.3.6.1.4.1.9.9.438.1.4.1 |
| cisgIpsSgFailGlobalCntl | .1.3.6.1.4.1.9.9.438.1.4.1.1 |
| ciscoIpsSgMIBCompliances | .1.3.6.1.4.1.9.9.438.2.1 |
| ciscoIpsSgMIBGroups | .1.3.6.1.4.1.9.9.438.2.2 |
| Group |
| ciscoIpsSgActivityGroup | .1.3.6.1.4.1.9.9.438.2.2.1 |
This group consists of:
1) Signaling Global Objects
2) control Tunnel table.
|
| ciscoIpsSgCoreHistoryGroup | .1.3.6.1.4.1.9.9.438.2.2.2 |
This group consists of the core (mandatory)
objects pertaining to maintaining history of
signaling activity.
|
| ciscoIpsSgCoreFailureGroup | .1.3.6.1.4.1.9.9.438.2.2.4 |
This group consists of the core (mandatory)
objects pertaining to maintaining history of
failure signaling activity.
|
| ciscoIpsSgHistoryGroup | .1.3.6.1.4.1.9.9.438.2.2.3 |
This group consists of objects that pertain
to maintenance of history of
signaling activity.
|
| ciscoIpsSgFailureGroup | .1.3.6.1.4.1.9.9.438.2.2.5 |
This group consists of objects that pertain
to maintenance of history of failures
associated with Ipsec signaling activity.
|
| ciscoIpsSgNotifcationGroup | .1.3.6.1.4.1.9.9.438.2.2.7 |
This group contains the notifications pertaining
to Ipsec signaling operations.
|
| ciscoIpsSgNotifCntlGroup | .1.3.6.1.4.1.9.9.438.2.2.6 |
This group of objects controls the sending
of notifications pertaining to signaling
operations.
|