Reference record for OID 1.3.6.1.3.171

parent

1.3.6.1.3 (experimental)

node code

171

node name

ipSecFlowMonitorMIB

dot oid

1.3.6.1.3.171

type

MODULE-IDENTITY

asn1 oid

{iso(1) identified-organization(3) dod(6) internet(1) experimental(3) ipSecFlowMonitorMIB(171)}

{iso(1) org(3) dod(6) internet(1) experimental(3) ipSecFlowMonitorMIB(171)}

{iso(1) iso-identified-organization(3) dod(6) internet(1) experimental(3) ipSecFlowMonitorMIB(171)}

iri oid

/iso/identified-organization/dod/internet/experimental/ipSecFlowMonitorMIB

/iso/org/dod/internet/experimental/ipSecFlowMonitorMIB

/iso/iso-identified-organization/dod/internet/experimental/ipSecFlowMonitorMIB

Description by mibdepot

This is a MIB Module for monitoring the
structures in IPSec-based Virtual Private Networks.
The MIB has been designed to be adopted as an IETF
standard. Hence vendor-specific features of IPSec
protocol are excluded from this MIB.

Acronyms
The following acronyms are used in this document:
IPSec: Secure IP Protocol

VPN: Virtual Private Network

ISAKMP: Internet Security Association and Key Exchange
Protocol

IKE: Internet Key Exchange Protocol

SA: Security Association

MM: Main Mode - the process of setting up
a Phase 1 SA to secure the exchanges
required to setup Phase 2 SAs

QM: Quick Mode - the process of setting up
Phase 2 Security Associations using
a Phase 1 SA.

Phase 1 Tunnel:
An ISAKMP SA can be regarded as representing
a flow of ISAKMP/IKE traffic. Hence an ISAKMP
is referred to as a 'Phase 1 Tunnel' in this
document.

Phase 2 Tunnel:
AN instance of a non-ISAKMP SA bundle in which all
the SA share the same proxy identifiers (IDii,IDir)
protect the same stream of application traffic.
Such an SA bundle is termed a 'Phase 2 Tunnel'.
Note that a Phase 2 tunnel may comprise different
SA bundles and different number of SA bundles at
different times (due to key refresh).


Overview of IPsec MIB

The MIB contains six major groups of objects which are
used to manage the IPSec Protocol. These groups include
a Levels Group, a Phase-1 Group, a Phase-2 Group,
a History Group, a Failure Group and a TRAP Control Group.
The following table illustrates the structure of the
IPSec MIB.

The Phase 1 group models objects pertaining to
IKE negotiations and Phase 1 tunnels.

The Phase 2 group models objects pertaining to
IPSec data Phase 1 tunnels.

The History group is to aid applications that do
trending analysis.

The Failure group is to enable an operator to
do troubleshooting and debugging of the VPN Router.
Further, counters are supported to aid detection
of potential security violations.

In addition to the five major MIB Groups, there are
a number of Notifications. The following table
illustrates the name and description of the
IPSec TRAPs.

For a detailed discussion, please refer to the IETF
draft draft-ietf-ipsec-flow-monitoring-mib-01.txt.

Parsed from file IPSEC-FLOW-MONITOR-MIB-ipsec-01.txt
Company: ietf_drafts
Module: IPSEC-FLOW-MONITOR-MIB

Information by mibdepot

ipSecFlowMonitorMIB MODULE-IDENTITY
         LAST-UPDATED "200103131800Z"
         ORGANIZATION "Tivoli Systems and Cisco Systems"
         CONTACT-INFO
            "Tivoli Systems
             Research Triangle Park, NC

             Cisco Systems
             170 W Tasman Drive
             San Jose, CA  95134
             USA

             Tel: +1 800 553-NETS
             E-mail: [email protected]
                     [email protected]"

    DESCRIPTION
            "This is a MIB Module for monitoring the
      structures in IPSec-based Virtual Private Networks.
      The MIB has been designed to be adopted as an IETF
      standard. Hence vendor-specific features of IPSec
      protocol are excluded from this MIB.

      Acronyms
      The following acronyms are used in this document:
       IPSec:      Secure IP Protocol

       VPN:        Virtual Private Network

       ISAKMP:     Internet Security Association and Key Exchange
                   Protocol

       IKE:        Internet Key Exchange Protocol

       SA:         Security Association

       MM:         Main Mode - the process of setting up
                   a Phase 1 SA to secure the exchanges
                   required to setup Phase 2 SAs

       QM:         Quick Mode - the process of setting up
                   Phase 2 Security Associations using
                   a Phase 1 SA.

       Phase 1 Tunnel:
                   An ISAKMP SA can be regarded as representing
                   a flow of ISAKMP/IKE traffic. Hence an ISAKMP
                   is referred to as a 'Phase 1 Tunnel' in this
                   document.

       Phase 2 Tunnel:
                   AN instance of a non-ISAKMP SA  bundle in which all
                   the SA share the same proxy identifiers (IDii,IDir)
                   protect the same stream of application traffic.
                   Such an SA bundle is termed a 'Phase 2 Tunnel'.
                   Note that a Phase 2 tunnel may comprise different
                   SA bundles and different number of SA bundles at
                   different times (due to key refresh).


       Overview of IPsec MIB

    The MIB contains six major groups of objects which are
    used to manage the IPSec Protocol. These groups include
    a Levels Group, a Phase-1 Group, a Phase-2 Group,
    a History Group, a Failure Group and a TRAP Control Group.
    The following table illustrates the structure of the
    IPSec MIB.

    The Phase 1 group models objects pertaining to
    IKE negotiations and Phase 1 tunnels.

    The Phase 2 group models objects pertaining to
    IPSec data Phase 1 tunnels.

    The History group is to aid applications that do
    trending analysis.

    The Failure group is to enable an operator to
    do troubleshooting and debugging of the VPN Router.
    Further, counters are supported to aid detection
    of potential security violations.

    In addition to the five major MIB Groups, there are
    a number of Notifications. The following table
    illustrates the name and description of the
    IPSec TRAPs.

    For a detailed discussion, please refer to the IETF
    draft draft-ietf-ipsec-flow-monitoring-mib-01.txt.
         "

           REVISION "9911041800Z"
           DESCRIPTION
                   "Initial version of this MIB module proposed to
                    IETF."

           REVISION    "2001031200Z"
           DESCRIPTION
               "Phase-1 group updated with mode config metrics in globals
               as well as IKE peer table.
                Phase-2 group updated with new group metrics. New group failures
               added to Failure group.
                Notifications pertaining to new group added.
                SPI table deprecated and an updated IPsec SA table added.
                Compliance clauses updated."

       
         ::= { experimental 171 }

First Registration Authority (recovered by parent 1.3.6)

Defense Communication Agency

Current Registration Authority (recovered by parent 1.3.6.1.3)

Internet Assigned Numbers Authority

Children (3)

Brothers (144)

To many brothers! Only 100 nearest brothers are shown.