This is a MIB Module for monitoring the
structures in IPSec-based Virtual Private Networks.
The MIB has been designed to be adopted as an IETF
standard. Hence vendor-specific features of IPSec
protocol are excluded from this MIB.
Acronyms
The following acronyms are used in this document:
IPSec: Secure IP Protocol
VPN: Virtual Private Network
ISAKMP: Internet Security Association and Key Exchange
Protocol
IKE: Internet Key Exchange Protocol
SA: Security Association
MM: Main Mode - the process of setting up
a Phase 1 SA to secure the exchanges
required to setup Phase 2 SAs
QM: Quick Mode - the process of setting up
Phase 2 Security Associations using
a Phase 1 SA.
Phase 1 Tunnel:
An ISAKMP SA can be regarded as representing
a flow of ISAKMP/IKE traffic. Hence an ISAKMP
is referred to as a 'Phase 1 Tunnel' in this
document.
Phase 2 Tunnel:
AN instance of a non-ISAKMP SA bundle in which all
the SA share the same proxy identifiers (IDii,IDir)
protect the same stream of application traffic.
Such an SA bundle is termed a 'Phase 2 Tunnel'.
Note that a Phase 2 tunnel may comprise different
SA bundles and different number of SA bundles at
different times (due to key refresh).
Overview of IPsec MIB
The MIB contains six major groups of objects which are
used to manage the IPSec Protocol. These groups include
a Levels Group, a Phase-1 Group, a Phase-2 Group,
a History Group, a Failure Group and a TRAP Control Group.
The following table illustrates the structure of the
IPSec MIB.
The Phase 1 group models objects pertaining to
IKE negotiations and Phase 1 tunnels.
The Phase 2 group models objects pertaining to
IPSec data Phase 1 tunnels.
The History group is to aid applications that do
trending analysis.
The Failure group is to enable an operator to
do troubleshooting and debugging of the VPN Router.
Further, counters are supported to aid detection
of potential security violations.
In addition to the five major MIB Groups, there are
a number of Notifications. The following table
illustrates the name and description of the
IPSec TRAPs.
For a detailed discussion, please refer to the IETF
draft draft-ietf-ipsec-flow-monitoring-mib-01.txt.
Parsed from file IPSEC-FLOW-MONITOR-MIB-ipsec-01.txt
Company: ietf_drafts
Module: IPSEC-FLOW-MONITOR-MIB
ipSecFlowMonitorMIB MODULE-IDENTITY LAST-UPDATED "200103131800Z" ORGANIZATION "Tivoli Systems and Cisco Systems" CONTACT-INFO "Tivoli Systems Research Triangle Park, NC Cisco Systems 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected] [email protected]" DESCRIPTION "This is a MIB Module for monitoring the structures in IPSec-based Virtual Private Networks. The MIB has been designed to be adopted as an IETF standard. Hence vendor-specific features of IPSec protocol are excluded from this MIB. Acronyms The following acronyms are used in this document: IPSec: Secure IP Protocol VPN: Virtual Private Network ISAKMP: Internet Security Association and Key Exchange Protocol IKE: Internet Key Exchange Protocol SA: Security Association MM: Main Mode - the process of setting up a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs QM: Quick Mode - the process of setting up Phase 2 Security Associations using a Phase 1 SA. Phase 1 Tunnel: An ISAKMP SA can be regarded as representing a flow of ISAKMP/IKE traffic. Hence an ISAKMP is referred to as a 'Phase 1 Tunnel' in this document. Phase 2 Tunnel: AN instance of a non-ISAKMP SA bundle in which all the SA share the same proxy identifiers (IDii,IDir) protect the same stream of application traffic. Such an SA bundle is termed a 'Phase 2 Tunnel'. Note that a Phase 2 tunnel may comprise different SA bundles and different number of SA bundles at different times (due to key refresh). Overview of IPsec MIB The MIB contains six major groups of objects which are used to manage the IPSec Protocol. These groups include a Levels Group, a Phase-1 Group, a Phase-2 Group, a History Group, a Failure Group and a TRAP Control Group. The following table illustrates the structure of the IPSec MIB. The Phase 1 group models objects pertaining to IKE negotiations and Phase 1 tunnels. The Phase 2 group models objects pertaining to IPSec data Phase 1 tunnels. The History group is to aid applications that do trending analysis. The Failure group is to enable an operator to do troubleshooting and debugging of the VPN Router. Further, counters are supported to aid detection of potential security violations. In addition to the five major MIB Groups, there are a number of Notifications. The following table illustrates the name and description of the IPSec TRAPs. For a detailed discussion, please refer to the IETF draft draft-ietf-ipsec-flow-monitoring-mib-01.txt. " REVISION "9911041800Z" DESCRIPTION "Initial version of this MIB module proposed to IETF." REVISION "2001031200Z" DESCRIPTION "Phase-1 group updated with mode config metrics in globals as well as IKE peer table. Phase-2 group updated with new group metrics. New group failures added to Failure group. Notifications pertaining to new group added. SPI table deprecated and an updated IPsec SA table added. Compliance clauses updated." ::= { experimental 171 }
Internet Assigned Numbers Authority
OID | Name | Sub children | Sub Nodes Total | Description |
---|---|---|---|---|
1.3.6.1.3.171.1 | ipSecMIBObjects | 6 | 408 | None |
1.3.6.1.3.171.2 | ipSecMIBNotificationPrefix | 1 | 16 | None |
1.3.6.1.3.171.3 | ipSecMIBConformance | 2 | 14 | None |
To many brothers! Only 100 nearest brothers are shown.
OID | Name | Sub children | Sub Nodes Total | Description |
---|---|---|---|---|
... | ||||
1.3.6.1.3.121 | ppvpnTcMIB | 0 | 0 | PPVPN-TC Management Information Base (MIB) |
1.3.6.1.3.122 | bldgHVACMIB | 2 | 35 | This example MIB module defines a set of management objects for heating ventilation and air conditioning systems. It also includ… |
1.3.6.1.3.123 | aggrMIB | 4 | 27 | The MIB for servicing aggregate objects. Copyright (C) The Internet Society (2006). This version of this MIB module is part of R… |
1.3.6.1.3.124 | tAggrMIB | 3 | 24 | The MIB for servicing Time-Based aggregate objects. Copyright (C) The Internet Society (2006). This version of this MIB module is… |
1.3.6.1.3.125 | rserpoolMIB | 2 | 108 | rserpoolMIB MODULE-IDENTITY LAST-UPDATED "200904070000Z" -- April 07, 2009 ORGANIZATION "IEM-TdR, UNIVERSITY OF DUISBURG-ESSEN"… |
1.3.6.1.3.126 | smfMIB | 3 | 90 | smfMIB MODULE-IDENTITY LAST-UPDATED "201410100000Z" -- October 10, 2014 ORGANIZATION "IETF MANET Working Group" CONTACT-INFO "W… |
1.3.6.1.3.147 | hippisc, hippisw | 4 | 22 | None |
1.3.6.1.3.221 | 1 | 53 | None | |
... |