CISCO-IKE-FLOW-MIB: View SNMP OID List / Download MIB
VENDOR: CISCO
Home | MIB: CISCO-IKE-FLOW-MIB | |||
---|---|---|---|---|
Download as: |
Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
|
|||
Object Name | OID | Type | Access | Info |
ciscoIkeFlowMIB | 1.3.6.1.4.1.9.9.429 |
This is a MIB module for monitoring the structures and status of IPsec control flows based on Internet Key Exchange protocol. The MIB models standard aspects of the IKE protocol. Synopsis This MIB module models status, performance and failures of the IKEv1- and IKEv2-based signaling in IPsec, FC-SP(and similar) protocols. In practice, the security protocols such as IPsec, FC-SP and CTS use a signaling protocol such as IKE, KINK, or some such. A number of characteristics of these signaling protocols are generic. The generic attributes and status of signaling activity has been modeled in CISCO-IPSEC-SIGNALING-MIB. This MIB module augments CISCO-IPSEC-SIGNALING-MIB with IKE-specific MIB objects. (Signaling protocols are also referred to this document as 'Control Protocols', since they perform session control.) History of the MIB A precursor to this MIB was written by Tivoli and implemented in IBM Nways routers in 1999. That MIB instrumented both IKE(v1) and IPsec in a single module. During late 1999, Cisco adopted the MIB and together with Tivoli published the IPsec Flow Monitor MIB in IETF IPsec WG in draft-ietf-ipsec-flow-monitoring-mib-00.txt. In 2000, the MIB was Cisco-ized and implemented this draft as CISCO-IPSEC-FLOW-MONITOR-MIB in IOS and VPN3000 platforms. With the evolution of IKEv2, the MIB was modified and presented to the IPsec WG again in May 2003 in draft-ietf-ipsec-flow-monitoring-mib-02.txt. This version of the draft is a Cisco-ized version that culls out the IKE-specific aspects of the IPsec Flow Monitor MIB. Overview of MIB The MIB contains five major groups of objects which are used to manage the IKE protocol activity. These groups include the global statistics, IKE tunnel table, IKE History Group and a notification Group. The tunnel table and the history table have a sparse-table relationship with the corresponding tables in the CISCO-IPSEC-SIGNALING-MIB (details in the DESCRIPTION of the respective tables). Acronyms The following acronyms are used in this document: Flow, Tunnel: An ISAKMP SA can be regarded as representing a flow of ISAKMP/IKE traffic. Hence an ISAKMP is referred to as a 'Phase 1 Tunnel' in this document. IPsec: Secure IP Protocol ISAKMP: Internet Security Association and Key Management Protocol IKE: Internet Key Exchange Protocol MM: Main Mode - the process of setting up a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs Phase 2 Tunnel: AN instance of a non-ISAKMP SA bundle in which all the SA share the same proxy identifiers (IDii,IDir) protect the same stream of application traffic. Such an SA bundle is termed a 'Phase 2 Tunnel'. Note that a Phase 2 tunnel may comprise different SA bundles and different number of SA bundles at different times (due to key refresh). QM: Quick Mode - the process of setting up Phase 2 Security Associations using a Phase 1 SA. SA: Security Association (ref: rfc2408). VPN: Virtual Private Network. |
||
ciscoIkeFlowMIBNotifs | 1.3.6.1.4.1.9.9.429.0 | |||
ciscoIkeFlowInNewGrpRejected | 1.3.6.1.4.1.9.9.429.0.1 |
This notification is generated when the managed entity receives and rejects an incoming new group proposal from an IKE peer identified by 'cisgIpsSgFailRemoteAddress'. 'cisgIpsSgFailLocalAddress' identifies the address of the local peer. The ISAKMP context of the exchange can be obtained from the IKE tunnel index which is contained in the index of the varbind objects of this trap. |
||
ciscoIkeFlowOutNewGrpRejected | 1.3.6.1.4.1.9.9.429.0.2 |
This notification is generated when the managed entity issues a new group proposal to the remote peer identified by 'cisgIpsSgFailRemoteAddress' and the peer rejects the proposal. 'cisgIpsSgFailLocalAddress' identifies the address of the local peer. The ISAKMP context of the exchange can be obtained from the IKE tunnel index which is contained in the index of the varbind objects of this trap. |
||
ciscoIkeFlowMIBObjects | 1.3.6.1.4.1.9.9.429.1 | |||
cifIkeCurrentActivity | 1.3.6.1.4.1.9.9.429.1.1 | |||
cifIkeGlobalStatsTable | 1.3.6.1.4.1.9.9.429.1.1.1 | no-access |
The Phase-1 IKE Global Statistics Table. There is one entry in this table for each Phase-1 IKE, protocol('cpIkev1' and 'cpIkev2') implemented by the managed entity. For all the counter objects in the table below, initially when the IKE Tunnel becomes active and appears in this table, they would contain a value of zero. |
|
1.3.6.1.4.1.9.9.429.1.1.1.1 | no-access |
Each entry contains the global statistics pertaining to the specific IKE protocol. |
||
cifIkeGlobalInP2Exchgs | 1.3.6.1.4.1.9.9.429.1.1.1.1.1 | counter64 | read-only |
The total number of Phase-2 exchanges received by all currently and previously active Phase-1 Tunnels. |
cifIkeGlobalInP2ExchgInvalids | 1.3.6.1.4.1.9.9.429.1.1.1.1.2 | counter64 | read-only |
The total number of Phase-2 exchanges which were received and found to be invalid by all currently and previously active Phase-1 Tunnels. |
cifIkeGlobalInP2ExchgRejects | 1.3.6.1.4.1.9.9.429.1.1.1.1.3 | counter64 | read-only |
The total number of Phase-2 exchanges which were received and rejected by all currently and previously active Phase-1 Tunnels. |
cifIkeGlobalOutP2Exchgs | 1.3.6.1.4.1.9.9.429.1.1.1.1.4 | counter64 | read-only |
The total number of Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 Tunnels. |
cifIkeGlobalOutP2ExchgInvalids | 1.3.6.1.4.1.9.9.429.1.1.1.1.5 | counter64 | read-only |
The total number of Phase-2 exchanges which were sent and found to be invalid by all currently and previously active Phase-1 Tunnels. |
cifIkeGlobalOutP2ExchgRejects | 1.3.6.1.4.1.9.9.429.1.1.1.1.6 | counter64 | read-only |
The total number of Phase-2 exchanges which were sent and rejected by all currently and previously active Phase-1 IKE Tunnels. |
cifIkeGlobalInXauths | 1.3.6.1.4.1.9.9.429.1.1.1.1.7 | counter64 | read-only |
The number of times the extended authentication requests was received by the managed entity from a peer. |
cifIkeGlobalInXauthFailures | 1.3.6.1.4.1.9.9.429.1.1.1.1.8 | counter64 | read-only |
The number of times the extended authentication information supplied by an IKE peer was found to be invalid by the local entity. |
cifIkeGlobalOutXauthFailures | 1.3.6.1.4.1.9.9.429.1.1.1.1.9 | counter64 | read-only |
The number of times the extended authentication information supplied by the managed entity to an IKE peer was found to be invalid by the remote peer. |
cifIkeGlobalInNewGrpReqs | 1.3.6.1.4.1.9.9.429.1.1.1.1.10 | counter64 | read-only |
The total number of New Group exchanges initiated remotely. |
cifIkeGlobalOutNewGrpReqs | 1.3.6.1.4.1.9.9.429.1.1.1.1.11 | counter64 | read-only |
The total number of New Group exchanges initiated locally. |
cifIkeGlobalInNewGrpRejectReqs | 1.3.6.1.4.1.9.9.429.1.1.1.1.12 | counter64 | read-only |
The total number of New Group exchanges initiated remotely that ended in reject. |
cifIkeGlobalOutNewGrpRejectReqs | 1.3.6.1.4.1.9.9.429.1.1.1.1.13 | counter64 | read-only |
The total number of New Group exchanges initiated locally that ended in reject. |
cifIkeTunnelTable | 1.3.6.1.4.1.9.9.429.1.1.3 | no-access |
The Phase-1 Internet Key Exchange Tunnel Table. There is one entry in this table for each active IPsec Phase-1 IKE Tunnel. |
|
1.3.6.1.4.1.9.9.429.1.1.3.1 | no-access |
Each entry contains the attributes associated with an active Phase-1 IKE Tunnel. The rows in this table correspond 1-to-1 with a subset of the rows in cisgIpsSgTunnelTable, specifically the subset which represent Phase-1 IKE Tunnels. Hence, the value of the index 'cisgIpsSgProtocol' in this table is always 'cpIkev1' or 'cpIkev2'. For all the counter objects in the table below, initially when the Phase-1 IKE Tunnel becomes active and appears in this table, they would contain a value of zero. |
||
cifIkeTunNegoMode | 1.3.6.1.4.1.9.9.429.1.1.3.1.1 | cipsecikenegomode | read-only |
The negotiation mode of the Phase-1 IKE Tunnel. |
cifIkeTunDHGrp | 1.3.6.1.4.1.9.9.429.1.1.3.1.2 | cipsecdiffhellmangrp | read-only |
The Diffie Hellman Group used in Phase-1 IKE negotiations. |
cifIkeTunSaRefreshThreshold | 1.3.6.1.4.1.9.9.429.1.1.3.1.3 | unsigned32 | read-only |
The security association refresh threshold in seconds. If the tunnel does not refresh its security associations, the value of this MIB object is zero. |
cifIkeTunTotalRefreshes | 1.3.6.1.4.1.9.9.429.1.1.3.1.4 | counter32 | read-only |
The total number of security associations refreshes performed. If the tunnel does not refresh its security associations, the value of this MIB object is never incremented. |
cifIkeTunInP2Exchgs | 1.3.6.1.4.1.9.9.429.1.1.3.1.5 | counter32 | read-only |
The total number of Phase-2 exchanges received by this Phase-1 IKE Tunnel. |
cifIkeTunInP2ExchgInvalids | 1.3.6.1.4.1.9.9.429.1.1.3.1.6 | counter32 | read-only |
The total number of Phase-2 exchanges received and found to be invalid by this Phase-1 IKE Tunnel. |
cifIkeTunInP2ExchgRejects | 1.3.6.1.4.1.9.9.429.1.1.3.1.7 | counter32 | read-only |
The total number of Phase-2 exchanges received and rejected by this Phase-1 Tunnel. |
cifIkeTunInP2SaDelRequests | 1.3.6.1.4.1.9.9.429.1.1.3.1.8 | counter32 | read-only |
The total number of Phase-2 security association delete requests received by this Phase-1 IKE Tunnel. |
cifIkeTunOutP2Exchgs | 1.3.6.1.4.1.9.9.429.1.1.3.1.9 | counter32 | read-only |
The total number of Phase-2 exchanges sent by this Phase-1 IKE Tunnel. |
cifIkeTunOutP2ExchgInvalids | 1.3.6.1.4.1.9.9.429.1.1.3.1.10 | counter32 | read-only |
The total number of Phase-2 exchanges sent and found to be invalid by this Phase-1 IKE Tunnel. |
cifIkeTunOutP2ExchgRejects | 1.3.6.1.4.1.9.9.429.1.1.3.1.11 | counter32 | read-only |
The total number of Phase-2 exchanges sent and rejected by this Phase-1 IKE Tunnel. |
cifIkeTunInNewGrpReqs | 1.3.6.1.4.1.9.9.429.1.1.3.1.12 | counter32 | read-only |
The total number of New Group exchanges initiated remotely using this IKE tunnel. |
cifIkeTunOutNewGrpReqs | 1.3.6.1.4.1.9.9.429.1.1.3.1.13 | counter32 | read-only |
The total number of New Group exchanges initiated locally using this IKE tunnel. |
cifIkeTunInNewGrpRejectedReqs | 1.3.6.1.4.1.9.9.429.1.1.3.1.14 | counter32 | read-only |
The total number of New Group exchanges initiated remotely using this IKE tunnel that ended in reject. |
cifIkeTunOutNewGrpRejectedReqs | 1.3.6.1.4.1.9.9.429.1.1.3.1.15 | counter32 | read-only |
The total number of New Group exchanges initiated locally using this IKE tunnel that ended in reject. |
cifIkeTunInConfigs | 1.3.6.1.4.1.9.9.429.1.1.3.1.16 | counter32 | read-only |
The total number of Mode Configuration settings received (either CFG_REPLY or CFG_SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel. |
cifIkeTunOutConfigs | 1.3.6.1.4.1.9.9.429.1.1.3.1.17 | counter32 | read-only |
The total number of Mode Configuration settings dispatched (either CFG_REPLY or CFG_SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel. |
cifIkeTunInConfigRejects | 1.3.6.1.4.1.9.9.429.1.1.3.1.18 | counter32 | read-only |
The total number of Mode Configuration settings which were received (either CFG_REPLY or CFG_SET payloads) and rejected by this entity using the ISAKMP SA represented by this IKE tunnel. |
cifIkeTunOutConfigRejects | 1.3.6.1.4.1.9.9.429.1.1.3.1.19 | counter32 | read-only |
The total number of Mode Configuration settings which were dispatched (either CFG_REPLY or CFG_SET payloads) by this entity and were rejected by the peer (client) using the ISAKMP SA represented by this IKE tunnel. |
cifIkeHistory | 1.3.6.1.4.1.9.9.429.1.2 | |||
cifIkeTunnelHistTable | 1.3.6.1.4.1.9.9.429.1.2.1 | no-access |
The Phase-1 Internet Key Exchange Tunnel history table. This table is conceptually a sliding window in which only the last 'N' entries are maintained, where 'N' is the value of the object 'cisgIpsSgHistTableSize' (defined in defined in CISCO-IPSEC-SIGNALING-MIB). If the value of 'cisgIpsSgHistTableSize' is 0, then this table will be empty. For all the counter objects in the table below, initially when the Tunnel entry appears in this table, they would contain a value of zero. |
|
1.3.6.1.4.1.9.9.429.1.2.1.1 | no-access |
Each entry contains the attributes associated with a previously active Phase-1 IKE Tunnel. This table has a sparse table relationship with the generic Phase-1 Tunnel history table 'cisgIpsSgTunnelHistTable' defined in CISCO-IPSEC-SIGNALING-MIB. However, the value of the index column in this table will always be either 'cpIkev1' or 'cpIkev2'. |
||
cifIkeTunHistNegoMode | 1.3.6.1.4.1.9.9.429.1.2.1.1.1 | cipsecikenegomode | read-only |
The negotiation mode of the Phase-1 IKE Tunnel. |
cifIkeTunHistDHGrp | 1.3.6.1.4.1.9.9.429.1.2.1.1.2 | cipsecdiffhellmangrp | read-only |
The Diffie Hellman Group used in Phase-1 IKE negotiations. |
cifIkeTunHistTotalRefreshes | 1.3.6.1.4.1.9.9.429.1.2.1.1.3 | counter32 | read-only |
The total number of security associations refreshes performed. |
cifIkeTunHistTotalSas | 1.3.6.1.4.1.9.9.429.1.2.1.1.4 | counter32 | read-only |
The total number of security associations used during the life of the Phase-1 IKE Tunnel. |
cifIkeTunHistInP2Exchgs | 1.3.6.1.4.1.9.9.429.1.2.1.1.5 | counter32 | read-only |
The total number of Phase-2 exchanges received by this Phase-1 IKE Tunnel. |
cifIkeTunHistInP2ExchgInvalids | 1.3.6.1.4.1.9.9.429.1.2.1.1.6 | counter32 | read-only |
The total number of Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters. |
cifIkeTunHistInP2ExchgRejects | 1.3.6.1.4.1.9.9.429.1.2.1.1.7 | counter32 | read-only |
The total number of Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy. |
cifIkeTunHistOutP2Exchgs | 1.3.6.1.4.1.9.9.429.1.2.1.1.8 | counter32 | read-only |
The total number of Phase-2 security association delete requests received by this Phase-1 IKE Tunnel. |
cifIkeTunHistOutP2ExchgInvalids | 1.3.6.1.4.1.9.9.429.1.2.1.1.9 | counter32 | read-only |
The total number of Phase-2 exchanges sent by this Phase-1 IKE Tunnel. |
cifIkeTunHistOutP2ExchgRejects | 1.3.6.1.4.1.9.9.429.1.2.1.1.10 | counter32 | read-only |
The total number of Phase-2 exchanges sent on this tunnel that were rejected by the peer, because it contained references to security parameters not recognized by the peer. |
cifIkeTunHistInNewGrpReqs | 1.3.6.1.4.1.9.9.429.1.2.1.1.11 | counter32 | read-only |
The total number of New Group exchanges initiated remotely using this IKE tunnel during its lifetime. |
cifIkeTunHistOutNewGrpReqs | 1.3.6.1.4.1.9.9.429.1.2.1.1.12 | counter32 | read-only |
The total number of New Group exchanges initiated locally using this IKE tunnel during its lifetime. |
cifIkeTunHistInNewGrpRejectReqs | 1.3.6.1.4.1.9.9.429.1.2.1.1.13 | counter32 | read-only |
The total number of New Group exchanges initiated remotely using this IKE tunnel during its lifetime that ended in reject. |
cifIkeTunHistOutNewGrpRejectReqs | 1.3.6.1.4.1.9.9.429.1.2.1.1.14 | counter32 | read-only |
The total number of New Group exchanges initiated locally using this IKE tunnel during its lifetime that ended in reject. |
cifIkeTunHistInConfigs | 1.3.6.1.4.1.9.9.429.1.2.1.1.15 | counter32 | read-only |
The total number of Mode Configuration settings received (either CFG_REPLY or CFG_SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel. |
cifIkeTunHistOutConfigs | 1.3.6.1.4.1.9.9.429.1.2.1.1.16 | counter32 | read-only |
The total number of Mode Configuration settings dispatched (either CFG_REPLY or CFG_SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel. |
cifIkeTunHistInConfigsRejects | 1.3.6.1.4.1.9.9.429.1.2.1.1.17 | counter32 | read-only |
The total number of Mode Configuration settings which were received (either CFG_REPLY or CFG_SET payloads) and rejected by this entity using the ISAKMP SA represented by this IKE tunnel. |
cifIkeTunHistOutConfigsRejects | 1.3.6.1.4.1.9.9.429.1.2.1.1.18 | counter32 | read-only |
The total number of Mode Configuration settings which were dispatched (either CFG_REPLY or CFG_SET payloads) by this entity and were rejected by the peer (client) using the ISAKMP SA represented by this IKE tunnel. |
cifIkeNotifControl | 1.3.6.1.4.1.9.9.429.1.3 | |||
cifIkeNotifCntlInNewGrpRejected | 1.3.6.1.4.1.9.9.429.1.3.1 | truthvalue | read-write |
The generation of the 'ciscoIkeFlowInNewGrpRejected' notification is enabled if and only if this object has the value 'true'. |
cifIkeNotifCntlOutNewGrpRejected | 1.3.6.1.4.1.9.9.429.1.3.2 | truthvalue | read-write |
The generation of the 'ciscoIkeFlowOutNewGrpRejected' notification is enabled if and only if this object has the value 'true'. |
ciscoIkeFlowMIBConform | 1.3.6.1.4.1.9.9.429.2 | |||
ciscoIkeFlowMIBCompliances | 1.3.6.1.4.1.9.9.429.2.1 | |||
ciscoIkeFlowMIBCompliance | 1.3.6.1.4.1.9.9.429.2.1.1 |
The compliance statement for SNMP entities implementing this MIB. |
||
ciscoIkeFlowMIBGroups | 1.3.6.1.4.1.9.9.429.2.2 | |||
ciscoIkeFlowActivityGroup | 1.3.6.1.4.1.9.9.429.2.2.1 |
This group consists of objects that track the current IKE protocol activity: 1) IKE Global Objects 2) IKE Tunnel table. |
||
cifIkeFlowNewGroupGroup | 1.3.6.1.4.1.9.9.429.2.2.2 |
This group consists of: 1) Global metrics about new group negotiations 2) IKE Tunnel-wise new group metrics |
||
cifIkeFlowXauthGroup | 1.3.6.1.4.1.9.9.429.2.2.3 |
This group consists of metrics pertaining to IKE extended authentication. Devices that do not support Xauth need not implement this group. |
||
cifIkeFlowModeConfigGroup | 1.3.6.1.4.1.9.9.429.2.2.4 |
This group consists of metrics pertaining to IKE extended authentication. Devices that do not support Xauth need not implement this group. |
||
cifIkeFlowHistoryGroup | 1.3.6.1.4.1.9.9.429.2.2.5 |
This group consists of the core (mandatory) objects pertaining to maintaining history of Internet Key Exchange protocol activity. |
||
cifIkeFlowNewGroupHistoryGroup | 1.3.6.1.4.1.9.9.429.2.2.6 |
This group consists of archive of new group activity pertaining to expired IKE Phase-1 tunnels. |
||
cifIkeFlowModeConfigHistoryGroup | 1.3.6.1.4.1.9.9.429.2.2.7 |
This group consists of archive of mode config activity pertaining to expired IKE Phase-1 Tunnels. |
||
cifIkeFlowNotifCntlGroup | 1.3.6.1.4.1.9.9.429.2.2.8 |
This group of objects controls the sending of notifications pertaining to Phase-1 IKE operations. |
||
cifIkeFlowNotificationGroup | 1.3.6.1.4.1.9.9.429.2.2.9 |
This group contains the notifications pertaining to Phase-1 IKE operations. |