IPSEC-IKEACTION-MIB: View SNMP OID List / Download MIB

The MIB module for defining IKE actions for managing IPsec Security Policy. Copyright (C) The Internet Society (2006). This version of this MIB module is part of RFC YYYY, see the RFC itself for full legal notices.

This static filter can be used to test if a packet is part of an IKE phase-1 negotiation.

This static filter can be used to test if a packet is part of an IKE phase-2 negotiation.

This table is used to provide credentials for IKE identities. It can be used to for filters which are matched to credentials of IKE peers, where the credentials in question have been obtained from an IKE phase 1 exchange. They MAY be X.509 certificates, Kerberos tickets, etc... It can also be used to provide credentials for local IKE identities.

A row defining a particular credential filter

The administrative name of this filter.

The credential type that is expected for this filter to succeed.

The piece of the credential to match against. Examples: serialNumber, signatureAlgorithm, issuerName or subjectName. For credential types without fields (e.g. shared secret), this field SHOULD be left empty, and the entire credential will be matched against the ipiaCredFiltMatchFieldValue.

The value that the field indicated by the ipiaCredFiltMatchFieldName MUST match against for the filter to be considered TRUE.

This value is used to look up a row in the ipiaIpsecCredMngServiceTable for the Certificate Authority (CA) Information. This value is empty if there is no CA used for this filter.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object MUST remain active if it is referenced by an active row in another table. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

This table defines filters which can be used to match credentials of IKE peers, where the credentials in question have been obtained from an IKE phase 1 exchange. They MAY be X.509 certificates, Kerberos tickets, etc...

A row defining a particular credential filter

The administrative name of this filter.

The type of identity field in the peer ID payload to match against.

The string representation of the value that the peer ID payload value MUST match against. Wildcard mechanisms MUST be supported such that: - a ipiaPeerIdFiltIdentityValue of '*@example.com' will match a userFqdn ID payload of 'JDOE@EXAMPLE.COM' - a ipiaPeerIdFiltIdentityValue of '*.example.com' will match a fqdn ID payload of 'WWW.EXAMPLE.COM' - a ipiaPeerIdFiltIdentityValue of: 'cn=*,ou=engineering,o=company,c=us' will match a DER DN ID payload of 'cn=John Doe,ou=engineering,o=company,c=us' - a ipiaPeerIdFiltIdentityValue of '192.0.2.0/24' will match an IPv4 address ID payload of 192.0.2.10 - a ipiaPeerIdFiltIdentityValue of '192.0.2.*' will also match an IPv4 address ID payload of 192.0.2.10. The character '*' replaces 0 or multiple instances of any character.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. This object can not be considered active unless the ipiaPeerIdFiltIdentityType and ipiaPeerIdFiltIdentityValue column values are defined. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object MUST remain active if it is referenced by an active row in another table. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

This scalar indicates that a packet SHOULD be rejected WITHOUT action/packet logging. This object returns a value of 1 for IPsec policy implementations that support the reject static action.

This scalar indicates that a packet SHOULD be rejected WITH action/packet logging. This object returns a value of 1 for IPsec policy implementations that support the reject static action with logging.

The ipiaIkeActionTable contains a list of the parameters used for an IKE phase 1 SA DOI negotiation. See the corresponding table ipiaIkeActionProposalsTable for a list of proposals contained within a given IKE Action.

The ipiaIkeActionEntry lists the IKE negotiation attributes.

This object contains the name of this ikeAction entry.

This object is administratively assigned to reference a row in the ipiaSaNegotiationParametersTable where additional parameters affecting this action can be found. An attempt to set this object to a value that does not exist in the ipiaSaNegotiationParametersTable MUST result in an inconsistentValue error.

ipiaIkeActThresholdDerivedKeys specifies what percentage of the derived key limit (see the LifetimeDerivedKeys property of IKEProposal) can expire before IKE SHOULD attempt to renegotiate the IKE phase 1 security association.

ipiaIkeActExchangeMode specifies the IKE Phase 1 negotiation mode. Enumeration: 'main': 1, 'agressive': 2.

The values to be used for Diffie-Hellman exchange.

This column along with ipiaIkeActIdentityContext and endpoint information is used to refer an ipiaIkeIdentityEntry in the ipiaIkeIdentityTable.

This column, along with ipiaIkeActIdentityType and endpoint information, is used to refer to an ipiaIkeIdentityEntry in the ipiaIkeIdentityTable.

This object indicates the peer id name of the IKE peer. This object can be used to look up the peer id value, address, credentials and other values in the ipiaPeerIdentityTable.

ikeDoActionLogging specifies whether or not an audit message SHOULD be logged when this ike SA is created.

ikeDoPacketLogging specifies whether or not an audit message SHOULD be logged and if there is logging, how many bytes of the packet to place in the notification.

Vendor ID Payload. A value of NULL means that Vendor ID payload will be neither generated nor accepted. A non-NULL value means that a Vendor ID payload will be generated (when acting as an initiator) or is expected (when acting as a responder).

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object MUST NOT be set to destroy if referred to by other rows in other action tables. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

The ipiaIpsecActionTable contains a list of the parameters used for an IKE phase 2 IPsec DOI negotiation.

The ipiaIpsecActionEntry lists the IPsec negotiation attributes.

ipiaIpsecActName is the name of the ipsecAction entry.

This object is used to reference a row in the ipiaSaNegotiationParametersTable where additional parameters affecting this action can be found. An attempt to set this column to a value that does not exist in the ipiaSaNegotiationParametersTable MUST result in an inconsistentValue error.

This object is used to reference one or more rows in the ipiaIpsecProposalsTable where an ordered list of proposals affecting this action can be found. An attempt to set this column to a value that does not exist in the ipiaIpsecProposalsTable MUST result in an inconsistentValue error.

This MIB object specifies whether or not perfect forward secrecy is used when refreshing keys. A value of true indicates that PFS SHOULD be used.

The VendorID property is used to identify vendor-defined key exchange GroupIDs.

This object specifies the Diffie-Hellman group to use for phase 2 when the object ipiaIpsecActUsePfs is true and the object ipiaIpsecActUseIkeGroup is false. If the GroupID number is from the vendor-specific range (32768-65535), the VendorID qualifies the group number.

This object indicates the peer id name of the peer gateway. This object can be used to look up the peer id value, address and other values in the ipiaPeerIdentityTable. This object is used when initiating a tunnel SA. This object is not used for transport SAs. If no value is set and ipiaIpsecActMode is tunnel, the peer gateway is determined from the source or destination address of the packet.

This object specifies whether or not to use the same GroupId for phase 2 as was used in phase 1. If UsePFS is false, this entry SHOULD be ignored.

This object specifies how the proposed selector for the security association will be created. The selector is created by using the FilterList information. The selector can be subnet, address, porotocol, or port. Enumeration: 'subnet': 1, 'protocol': 3, 'port': 4, 'address': 2.

This object specifies the encapsulation of the IPsec SA to be negotiated. Enumeration: 'tunnel': 1, 'transport': 2.

This object specifies the processing of DF bit by the negotiated IPsec tunnel. 1 - DF bit is copied. 2 - DF bit is set. 3 - DF bit is cleared. Enumeration: 'clear': 3, 'copy': 1, 'set': 2.

ipiaIpsecActDoActionLogging specifies whether or not an audit message SHOULD be logged when this ipsec SA is created.

ipiaIpsecActDoPacketLogging specifies whether or not an audit message SHOULD be logged and if there is logging, how many bytes of the packet to place in the notification.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object MUST remain active if it is referenced by an active row in another table. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

This table contains reusable parameters that can be pointed to by the ipiaIkeActionTable and ipiaIpsecActionTable. These parameters are reusable since it is likely an administrator will want to make global policy changes to lifetime parameters that apply to multiple actions. This table allows multiple rows in the other actions tables to reuse global lifetime parameters in this table by repeatedly pointing to a row cointained within this table.

Contains the attributes of one row in the ipiaSaNegotiationParametersTable.

This object contains the administrative name of this SaNegotiationParametersEntry. This row can be referred to by this name in other policy action tables.

ipiaSaNegParamMinLifetimeSecs specifies the minimum seconds lifetime that will be accepted from the peer.

ipiaSaNegParamMinLifetimeKB specifies the minimum kilobyte lifetime that will be accepted from the peer.

ipiaSaNegParamRefreshThreshSecs specifies what percentage of the seconds lifetime can expire before IKE SHOULD attempt to renegotiate the IPsec security association. A value between 1 and 100 representing a percentage. A value of 100 indicates that the IPsec security association SHOULD not be renegotiated until the seconds lifetime has been completely reached.

ipiaSaNegParamRefreshThresholdKB specifies what percentage of the kilobyte lifetime can expire before IKE SHOULD attempt to renegotiate the IPsec security association. A value between 1 and 100 representing a percentage. A value of 100 indicates that the IPsec security association SHOULD not be renegotiated until the kilobyte lifetime has been reached.

ipiaSaNegParamIdleDurationSecs specifies how many seconds a security association MAY remain idle (i.e., no traffic protected using the security association) before it is deleted. A value of zero indicates that idle detection SHOULD NOT be used for the security association. Any non-zero value indicates the number of seconds the security association can remain unused.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object MUST remain active if it is referenced by an active row in another table. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

This table contains a list of all ike proposal names found within a given IKE Action.

a row containing one ike proposal reference

The numeric priority of a given contained proposal inside an ike Action. This index SHOULD be used to order the proposals in an IKE Phase I negotiation, lowest value first (i.e. 0 first, then 1,2,etc...).

The administratively assigned name that can be used to reference a set of values contained within the ipiaIkeProposalTable. An attempt to set this object to a value that doesn't exist in the ipiaIkeProposalTable MUST result in an inconsistentValue error.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object MUST remain active unless one of the following two conditions are met. An attempt to set it to anything other than active while the following conditions are not met MUST result in an inconsistentValue error. The two conditions are: I. No active row in the ipiaIkeActionTable exists which has a matching ipiaIkeActName. II. Or at least one other active row in this table has a matching ipiaIkeActName.

This table contains a list of IKE proposals which are used in an IKE negotiation.

One IKE proposal entry.

ipiaIkePropLifetimeDerivedKeys specifies the number of times that a phase 1 key will be used to derive a phase 2 key before the phase 1 security association needs renegotiated.

ipiaIkePropCipherAlgorithm specifies the proposed phase 1 security association encryption algorithm.

This object specifies, in bits, the key length for the cipher algorithm used in IKE Phase 1 negotiation.

This object specifies the number of key rounds for the cipher algorithm used in IKE Phase 1 negotiation.

ipiaIkePropHashAlgorithm specifies the proposed phase 1 security assocation hash algorithm.

ipPRFAlgorithm specifies the proposed phase 1 security association psuedo-random function. Note: currently no prf algorithms are defined. Enumeration: 'reserved': 0.

The VendorID property is used to identify vendor-defined key exchange GroupIDs.

This object specifies the proposed phase 1 security association Diffie-Hellman group

This object specifies the proposed authentication method for the phase 1 security association.

ipiaIkePropMaxLifetimeSecs specifies the maximum amount of time to propose a security association remain valid. A value of 0 indicates that the default lifetime of 8 hours SHOULD be used.

ipiaIkePropMaxLifetimeKB specifies the maximum kilobyte lifetime to propose a security association remain valid.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object MUST remain active if it is referenced by an active row in another table. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

This table lists one or more IPsec proposals for IPsec actions.

An entry containing (possibly a portion of) a proposal.

The name of this proposal.

The priority level (AKA sequence level) of this proposal. A lower number indicates a higher precedence (0 before 1, etc..).

The protocol Id for the transforms for this proposal. The protoIsakmp(1) value is not valid for this object. This object, along with the ipiaIpsecPropTransformsName, is the index into the ipiaIpsecTransformsTable.

The name of the transform or group of transforms for this protocol. This object, along with the ipiaIpsecPropProtocolId, is the index into the ipiaIpsecTransformsTable. An attempt to set this object to a value that does not exist in the ipiaIpsecTransformTable MUST result in an inconsistentValue error.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This row MUST NOT be set to active until the corresponding row(s) in the ipiaIpsecTransformsTable exists and is active. If active, this object MUST remain active unless one of the following two conditions are met. An attempt to set it to anything other than active while the following conditions are not met MUST result in an inconsistentValue error. The two conditions are: I. No active row in the ipiaIkeActionProposalTable exists which has a matching ipiaIpsecPropName. II. Or at least one other active row in this table has a matching ipiaIpsecPropName.

This table lists the IPsec proposals contained within a given IPsec action and the transforms within each of those proposals. These proposals and transforms can then be used to create phase 2 negotiation proposals.

An entry containing the information on an IPsec transform.

The protocol type for this transform. The protoIsakmp(1) value is not valid for this object.

The name for this transform or group of transforms.

The priority level (AKA sequence level) of the this transform within the group of transforms (0 before 1, etc...). This indicates the preference for which algorithms are requested when the list of transforms are sent to the remote host. A lower number indicates a higher precedence.

The name for the given transform. Depending on the value of ipiaIpsecTranType, this value is used to lookup the transform's specific parameters in the ipiaAhTransformTable, the ipiaEspTransformTable or the ipiaIpcompTransformTable.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This row MUST NOT be set to active until the corresponding row in the ipiaAhTransformTable, ipiaEspTransformTable or the ipiaIpcompTransformTable exists. If active, this object MUST remain active unless one of the following two conditions are met. An attempt to set it to anything other than active while the following conditions are not met MUST result in an inconsistentValue error. The two conditions are: I. No active row in the IpiaIpsecProposalsTable exists which has a matching ipiaIpsecPropTransformsName. II. Or at least one other active row in this table has a matching ipiaIpsecPropTransformsName.

IKEIdentity is used to represent the identities that are used for an IPProtocolEndpoint (or collection of IPProtocolEndpoints) to identify itself in IKE phase 1 negotiations. The column ipiaIkeActIdentityType and ipiaIkeIdentityContext in an ipiaIkeActionEntry together with the spdEndGroupInterface in the spdEndpointToGroupTable specifies the unique identity to use in a negotiation exchange.

ikeIdentity lists the attributes of an IKE identity.

This value is used as an index into the ipiaCredentialFilterTable to look up the actual credential value and other credential information. For ID's without associated credential information, this value is left blank. For ID's that are address types, this value MAY be left blank and the associated IPProtocolEndpoint or appropriate member of the Collection of endpoints is used.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object MUST remain active if it is referenced by an active row in another table. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

The parameters in the autostart IKE Table are used to automatically initiate IKE phaes I and II (i.e. IPsec) negotiations on startup. It also will initiate IKE phase I and II negotiations for a row at the time of that row's creation

autostart ike provides the set of parameters to automatically start IKE and IPsec SA's.

ipiaAutoIkePriority is an index into the autostartIkeAction table and can be used to order the autostart IKE actions (0 before 1, etc...).

This pointer is used to point to the action or compound action that is initiated by this row. This value can be used to indicate a scalar or a row in a table. When indicating a row in a table, this value MUST point to the first column instance in that row. If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table or if the table or scalar pointed to by the VariablePointer is not supported at all, the inconsistentValue exception MUST be returned. If during packet processing this column has a value that references a non-existent or non-supported object, the packet MUST be dropped.

The property ipiaAutoIkeAddressType specifies the format of the autoIke source and destination Address values.

The property autoIkeSourecAddress specifies Source IP address for autostarting IKE SA's, formatted according to the appropriate convention as defined in the ipiaAutoIkeAddressType property.

The property ipiaAutoIkeSourcePort specifies the port number for the source port for auotstarting IKE SA's. The value of 0 for this object is illegal.

The property ipiaAutoIkeDestAddress specifies the Destination IP address for autostarting IKE SA's, formatted according to the appropriate convention as defined in the ipiaAutoIkeAddressType property.

The property ipiaAutoIkeDestPort specifies the port number for the destination port for auotstarting IKE SA's. The value of 0 for this object is illegal.

The property Protocol specifies the protocol number used in comparing with policy filter entries and used in any phase 2 negotiations.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object MUST NOT be set to active until the object to which the ipiaAutoIkeAction points to exists and is active. If active, this object MUST remain active if it is referenced by an active row in another table. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

A table of Credential Management Service values. This table is usually used for credential/certificate values that are used with a management service (e.g. Certificate Authorities).

A row in the ipiaIpsecCredMngServiceTable.

This is an administratively assigned string used to index this table.

This value represents the Distinguished Name of the Credential Management Service.

This Value represents the Credential Management Service Policy Statement, or a reference describing how to obtain it (e.g., a URL). If one doesn't exist, this value can be left blank

This value is the maximum length of the chain allowble from the Credential Management Service to the credential in question.

This value is used as an index into the ipiaCredentialFilterTable to look up the actual credential value.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object MUST remain active if it is referenced by an active row in another table. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

A table of the Credential Revocation Lists (CRL) for credential managment services.

A row in the ipiaCredMngCRLTable.

This is an administratively assigned string used to index this table. It represents a CRL for a given CA from a given distribution point.

This Value represents a Distribution Point for a Credential Revocation List. It can be relative to the Credential Management Service or a full name (URL, e-mail, etc...).

This value is the issue date of this CRL. This SHOULD be in utctime or generalizedtime.

This value indicates the date the next version of this CRL will be issued. This SHOULD be in utctime or generalizedtime.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object MUST remain active if it is referenced by an active row in another table. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

A table of Credentials revoked by credential managment services. That is, this table is a table of Certificates that are on CRL's, Credential Revocation Lists.

A row in the ipiaRevokedCertificateTable.

This value is the serial number of the revoked certificate.

This value is the revocation date of the certificate. This SHOULD be in utctime or generaltime.

This value is the reason this certificate was revoked. Enumeration: 'keyCompromise': 2, 'removeFromCRL': 8, 'superseded': 5, 'unspecified': 1, 'certificateHold': 7, 'cACompromise': 3, 'affiliationChanged': 4, 'cessationOfOperation': 6.

The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.

The storage type for this row. Rows in this table which were created through an external process MAY have a storage type of readOnly or permanent. For a storage type of permanent, none of the columns have to be writable.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object MUST remain active if it is referenced by an active row in another table. An attempt to set it to anything other than active while it is referenced by an active row in another table MUST result in an inconsistentValue error.

The compliance statement for SNMP entities that include an IPsec MIB implementation and supports IKE actions. -- OBJECT ipiaAutoIkeAddressType -- SYNTAX InetAddreessType { ipv4(1), ipv6(2) } -- DESCRIPTION -- Only support for global IPv4 and IPv6 address -- types is required. -- -- OBJECT ipiaAutoIkeSourceAddress -- SYNTAX InetAddress (SIZE(4|16)) -- DESCRIPTION -- Only support for global IPv4 and IPv6 address -- types is required. -- OBJECT ipiaAutoIkeDestAddress -- SYNTAX InetAddress (SIZE(4|16)) -- DESCRIPTION -- Only support for global IPv4 and IPv6 address -- types is required. --

The compliance statement for SNMP entities that include an IKEACTION MIB implementation with IKE filters support.

The static filter group. Currently this is just a true filter.

This group is made up of objects from the IPsec Policy Credential Filter Table.

This group is made up of objects from the IPsec Policy Peer Identity Filter Table.

This group is made up of IPsec Policy Static Actions objects.

This group is the set of objects that support IKE actions. These objects are from The IPsec Policy IKE Action Table, The IKE Action Proposals Table, The IKE Proposal Table, The autostart IKE Table and The IKE Identity Table, The Peer Identity Table, The Credential Management Service Table, and the shared table Negotiation Parameters Table (from the IPSEC-IPSECACTION-MIB.

This group is the set of objects that support IPsec actions. These objects are from The IPsec Policy IPsec Actions Table, The IPsec Proposal Table, and The IPsec Transform Table. This group also includes objects from the shared tables: Peer Identity Table, Credential Table, Negotiation Parameters Table, Credential Management Service Table and the AH, ESP, and IPComp Transform Table.