CISCO-IPSEC-POLICY-MAP-MIB: View SNMP OID List / Download MIB

VENDOR: CISCO


 Home MIB: CISCO-IPSEC-POLICY-MAP-MIB
Download as:   
SNMPv2-CONFSNMPv2-SMICISCO-SMISNMPv2-TC

Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
Keep in mind that standard MIB files can be successfully loaded by systems and programs only if all the required MIB's from the "Imports" section are already loaded.
The tree-like SNMP object navigator requires no explanations because it is very simple to use. And if you stumbled on this MIB from Google note that you can always go back to the home page if you need to perform another MIB or OID lookup.


Object Name OID Type Access Info
 ciscoIpSecPolMapMIB 1.3.6.1.4.1.9.9.172
The MIB module maps the IPSec entities created dynamically to the policy entities that caused them. This is an appendix to the IPSEC-MONITOR-MIB that has been proposed to IETF for monitoring IPSec based Virtual Private Networks. Overview of Cisco IPsec Policy Map MIB MIB description There are two components to this MIB: #1 a table that maps an IPSec Phase-1 tunnel to the Internet Security Association and Key Exchange (ISAKMP) Policy and #2 a table that maps an IPSec Phase-2 tunnel to the corresponding IPSec Policy element - called 'cryptomaps' - in IOS (Internet Operating System) The first mappin (also called Internet Key Exchange or IKE mapping) yields, given the index of the IKE tunnel in the ikeTunnelTable (IPSEC-MONITOR-MIB), the ISAKMP policy definition defined using the CLI on the managed entity. The IPSec mapping yields, given the index of the IPSec tunnel in the ipSecTunnelTable (IPSEC-MONITOR-MIB), the IPSec transform and the cryptomap definition that gave rise to this tunnel. In implementation and usage, this MIB cannot exist independent of the IPSEC-MONITOR-MIB.
         ciscoIpSecPolMapMIBObjects 1.3.6.1.4.1.9.9.172.1
             ipSecPhaseOnePolMap 1.3.6.1.4.1.9.9.172.1.1
                 ikePolMapTable 1.3.6.1.4.1.9.9.172.1.1.1 no-access
The IPSec Phase-1 Internet Key Exchange Tunnel to Policy Mapping Table. There is one entry in this table for each active IPSec Phase-1 Tunnel.
                     ikePolMapEntry 1.3.6.1.4.1.9.9.172.1.1.1.1 no-access
Each entry contains the attributes associated with mapping an active IPSec Phase-1 IKE Tunnel to it's configured Policy definition.
                         ikePolMapTunIndex 1.3.6.1.4.1.9.9.172.1.1.1.1.1 integer32 no-access
The index of the IPSec Phase-1 Tunnel to Policy Map Table. The value of the index is the number used to represent this IPSec Phase-1 Tunnel in the IPSec MIB (ikeTunIndex in the ikeTunnelTable).
                         ikePolMapPolicyNum 1.3.6.1.4.1.9.9.172.1.1.1.1.2 integer32 read-only
The number of the locally defined ISAKMP policy used to establish the IPSec IKE Phase-1 Tunnel. This is the number which was used on the crypto command. For example, if the configuration command was: ==> crypto isakmp policy 15 then the value of this object would be 15. If ISAKMP was not used to establish this tunnel, then the value of this object will be zero.
             ipSecPhaseTwoPolMap 1.3.6.1.4.1.9.9.172.1.2
                 ipSecPolMapTable 1.3.6.1.4.1.9.9.172.1.2.1 no-access
The IPSec Phase-2 Tunnel to Policy Mapping Table. There is one entry in this table for each active IPSec Phase-2 Tunnel.
                     ipSecPolMapEntry 1.3.6.1.4.1.9.9.172.1.2.1.1 no-access
Each entry contains the attributes associated with mapping an active IPSec Phase-2 Tunnel to its configured Policy definition.
                         ipSecPolMapTunIndex 1.3.6.1.4.1.9.9.172.1.2.1.1.1 integer32 no-access
The index of the IPSec Phase-2 Tunnel to Policy Map Table. The value of the index is the number used to represent this IPSec Phase-2 Tunnel in the IPSec MIB (ipSecTunIndex in the ipSecTunnelTable).
                         ipSecPolMapCryptoMapName 1.3.6.1.4.1.9.9.172.1.2.1.1.2 displaystring read-only
The value of this object should be the name of the IPSec Policy (cryptomap) as assigned by the operator while configuring the policy of the IPSec traffic. For instance, on an IOS router, the if the command entered to configure the IPSec policy was ==> crypto map ftpPolicy 10 ipsec-isakmp then the value of this object would be 'ftpPolicy'.
                         ipSecPolMapCryptoMapNum 1.3.6.1.4.1.9.9.172.1.2.1.1.3 integer32 read-only
The value of this object should be the priority of the IPSec Policy (cryptomap) assigned by the operator while configuring the policy of this IPSec tunnel. For instance, on an IOS router, the if the command entered to configure the IPSec policy was ==> crypto map ftpPolicy 10 ipsec-isakmp then the value of this object would be 10.
                         ipSecPolMapAclString 1.3.6.1.4.1.9.9.172.1.2.1.1.4 displaystring read-only
The value of this object is the number or the name of the access control string (ACL) that caused this IPSec tunnel to be established. The ACL that causes an IPSec tunnel to be established is referenced by the cryptomap of the tunnel. The ACL identifies the traffic that requires protection as defined by the policy. For instance, the ACL that requires FTP traffic between local subnet 172.16.14.0 and a remote subnet 172.16.16.0 to be protected is defined as ==>access-list 101 permit tcp 172.16.14.0 0.0.0.255 172.16.16.0 0.0.0.255 eq ftp When this command causes an IPSec tunnel to be established, the object 'ipSecPolMapAclString' assumes the string value '101'. If the ACL is a named list such as ==> ip access-list standard myAcl permit 172.16.16.8 0.0.0.0 then the value of this MIB element corresponding to IPSec tunnel that was created by this ACL would be 'myAcl'.
                         ipSecPolMapAceString 1.3.6.1.4.1.9.9.172.1.2.1.1.5 displaystring read-only
The value of this object is the access control entry (ACE) within the ACL that caused this IPSec tunnel to be established. For instance, if an ACL defines access for two traffic streams (FTP and SNMP) as follows: access-list 101 permit tcp 172.16.14.0 0.0.0.255 172.16.16.0 0.0.0.255 eq ftp access-list 101 permit udp 172.16.14.0 0.0.0.255 host 172.16.16.1 eq 161 When associated with an IPSec policy, the second element of the ACL gives rise to an IPSec tunnel in the wake of SNMP traffic. The value of the object 'ipSecPolMapAceString' for the IPSec tunnel would be then the string 'access-list 101 permit udp 172.16.14.0 0.0.0.255 host 172.16.16.1 eq 161'
         ciscoIpSecPolMapMIBNotifPrefix 1.3.6.1.4.1.9.9.172.2
         ciscoIpSecPolMapMIBConformance 1.3.6.1.4.1.9.9.172.3
             ipSecPolMapMIBGroups 1.3.6.1.4.1.9.9.172.3.1
                 ipSecPhaseOnePolMapGroup 1.3.6.1.4.1.9.9.172.3.1.1
This group consists of a: 1) IPSec Phase-1 Policy Map Table
                 ipSecPhaseTwoPolMapGroup 1.3.6.1.4.1.9.9.172.3.1.2
This group consists of a: 1) IPSec Phase-2 Policy Map Table
             ipSecPolMapMIBCompliances 1.3.6.1.4.1.9.9.172.3.2
                 ipSecPolMapMIBCompliance 1.3.6.1.4.1.9.9.172.3.2.1
The compliance statement for SNMP entities for IP Security Protocol Tunnels to Policy definition mappings.