This object allows to enable the IPSec anti spoofing feature:
It makes IPSec drop incoming clear text packets which are
configured to be protected by IPSec.
Note: enabling this feature together with overlapping
local and remote networks increases memory consumption
significantly.
You can disable this feature if the spoofing protection is
done e.g. by NAT.
Parsed from file mibipsec.mib.txt
Company: bintec
Module: BIANCA-BRICK-IPSEC-MIB
Child arc 0 is used to translate between SNMPv1 and SNMPv2 notification parameters as explained in IETF RFC 2576, section 3.
ipsecGlobContAntiSpoofing OBJECT-TYPE SYNTAX INTEGER { enabled (1), disabled (2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object allows to enable the IPSec anti spoofing feature: It makes IPSec drop incoming clear text packets which are configured to be protected by IPSec. Note: enabling this feature together with overlapping local and remote networks increases memory consumption significantly. You can disable this feature if the spoofing protection is done e.g. by NAT." ::= { ipsecGlobalsContinued 68 }
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 1.3.6.1.4.1.272.4.26.11.68.0 | ipsecGlobContAntiSpoofing | 0 | 0 | None |
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 1.3.6.1.4.1.272.4.26.11.1 | ipsecGlobContPreIpsecRules | 1 | 1 | This object specifies an index in the IPsec traffic table containing a list of traffic definitions which has to be considered pri… |
| 1.3.6.1.4.1.272.4.26.11.2 | ipsecGlobContDefaultRule | 1 | 1 | None |
| 1.3.6.1.4.1.272.4.26.11.4 | ipsecGlobContUse32BitCpi | 1 | 1 | None |
| 1.3.6.1.4.1.272.4.26.11.5 | ipsecGlobContNoWellKnownCpis | 1 | 1 | None |
| 1.3.6.1.4.1.272.4.26.11.7 | ipsecGlobContNoPmtuDiscovery | 1 | 1 | None |
| 1.3.6.1.4.1.272.4.26.11.8 | ipsecGlobContDefaultPmtuTtl | 1 | 1 | This object specifies the time-to-live (in minutes) of a PMTU value derived from an ICMP PMTU message received for an IPSec packe… |
| 1.3.6.1.4.1.272.4.26.11.9 | ipsecGlobContPrivateInterface | 1 | 1 | This object specifies the index of the systems' private interface. If the private interface is set (i.e. non-negative), certain a… |
| 1.3.6.1.4.1.272.4.26.11.10 | ipsecGlobContSaSyncInterface | 1 | 1 | None |
| 1.3.6.1.4.1.272.4.26.11.11 | ipsecGlobContPostIpsecRules | 1 | 1 | This object specifies an index in the IPsec traffic table containing a list of traffic definitions which has to be considered aft… |
| 1.3.6.1.4.1.272.4.26.11.12 | ipsecGlobContDefaultPfsIdentity | 1 | 1 | None |
| 1.3.6.1.4.1.272.4.26.11.13 | ipsecGlobContIkeLoggingLevel | 1 | 1 | This object specifies the IKE logging level. IKE log messages are output as syslog messages on level debug. Note that the global … |
| 1.3.6.1.4.1.272.4.26.11.14 | ipsecGlobContDialBlockTime | 1 | 1 | Amount of time in minutes how long an ipsecDial entry remains in state blocked-for-outgoing after a cost producing trigger call w… |
| 1.3.6.1.4.1.272.4.26.11.15 | ipsecGlobContPfsIdentityDelay | 1 | 1 | This object specifies the number of seconds to wait before deleting the underlying phase 1 SA after a Phase 2 SA has been establi… |
| 1.3.6.1.4.1.272.4.26.11.16 | ipsecGlobContHeartbeatDefault | 1 | 1 | None |
| 1.3.6.1.4.1.272.4.26.11.17 | ipsecGlobContHeartbeatInterval | 1 | 1 | This object specifies the time interval in seconds between heartbeats. At this rate heartbeats are sent and/or expected if config… |
| 1.3.6.1.4.1.272.4.26.11.18 | ipsecGlobContHeartbeatTolerance | 1 | 1 | This object specifies the maximum number of missing heartbeats allowed before an SA is discarded. |
| 1.3.6.1.4.1.272.4.26.11.64 | ipsecGlobContMinFcChangeDelay | 1 | 1 | The time (in milliseconds) the update of the filter code is delayed. If more changes to the filter code occur during this time, t… |
| 1.3.6.1.4.1.272.4.26.11.65 | ipsecGlobContMaxFcChangeDelay | 1 | 1 | The maximum time (in milliseconds) the update of the filter code is delayed if multiple phase 2 SA negotiations occur within ipse… |
| 1.3.6.1.4.1.272.4.26.11.66 | ipsecGlobContObsoleteFeatureMask | 1 | 1 | Some obsolete features are represented by a bit in this mask and could be re-enabled for testing or compatibility purpose. A mask… |
| 1.3.6.1.4.1.272.4.26.11.67 | ipsecGlobContUniqueIds | 1 | 1 | This flag decides how an INITIAL CONTACT notification from a remote peer is handled: if set to true, all SAs negotiated with peer… |