JNX-GDOI-MIB: View SNMP OID List / Download MIB
VENDOR: JUNIPER
| Home | MIB: JNX-GDOI-MIB | |||
|---|---|---|---|---|
| Download as: |
Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
|
|||
| Object Name | OID | Type | Access | Info |
| jnxGdoiMIB | 1.3.6.1.4.1.2636.3.759 |
Initial version, implements only the GDOI GM notifications and following tables for GDOI protocol. - GDOI Group Table - GDOI Gm Table - GDOI Gm Kek Table - GDOI Gm Tek SelectorTable - GDOI Gm Tek PolicyTable |
||
| jnxGdoiMIBNotifications | 1.3.6.1.4.1.2636.3.759.0 | |||
| jnxGdoiGmRegister | 1.3.6.1.4.1.2636.3.759.0.5 |
A notification from a Group Member when it is starting to register with its GDOI Group's Key Server. Registration includes downloading keying & security association material. This is equivalent to a Group Member or Initiator sending the first message of a GROUPKEY-PULL exchange to its Group's Key Server. |
||
| jnxGdoiGmRegistrationComplete | 1.3.6.1.4.1.2636.3.759.0.6 |
A notification from a Group Member when it has successfully registered with a Key Server in its GDOI Group. This is equivalent to a Group Member receiving the last message of a GROUPKEY-PULL exchange from the Key Server containing KEKs, TEKs, and their associated policies. |
||
| jnxGdoiGmReRegister | 1.3.6.1.4.1.2636.3.759.0.7 |
A notification from a Group Member when it is starting to re-register with a Key Server in its GDOI Group. A Group Member needs to re-register to the key server if its keying & security association material has expired and it has not received a rekey from the key server to refresh the material. This is equivalent to a Group Member sending the first message of a GROUPKEY-PULL exchange to the Key Server of a Group it is already registered with. |
||
| jnxGdoiGmRekeyReceived | 1.3.6.1.4.1.2636.3.759.0.8 |
A notification from a Group Member when it has successfully received and processed a rekey from a Key Server in its GDOI Group. Periodically the key server sends a rekey to refresh the keying & security association material. This is equivalent to a Group Member receiving a GROUPKEY-PUSH message from the Key Server of the Group it is already registered with. |
||
| jnxGdoiGmRekeyFailure | 1.3.6.1.4.1.2636.3.759.0.11 |
An error notification from a Group Member when it is unable to successfully process and install a rekey (GROUPKEY-PUSH message) sent by the Key Server in its Group that it is registered with. |
||
| jnxGdoiMIBObjects | 1.3.6.1.4.1.2636.3.759.1 | |||
| jnxGdoiGroupTable | 1.3.6.1.4.1.2636.3.759.1.1 | no-access |
A table of information regarding GDOI Groups in use on the network device being queried. This table is modified to include only fields related to Group Member |
|
| 1.3.6.1.4.1.2636.3.759.1.1.1 | no-access |
An entry containing GDOI Group information, uniquely identified by the GDOI Group ID. |
||
| jnxGdoiGroupIdType | 1.3.6.1.4.1.2636.3.759.1.1.1.1 | jnxgdoiidentificationtype | no-access |
The Identification Type Value used to parse a GDOI Group ID. The GDOI RFC 3547 defines the types that can be used as a GDOI Group ID, and RFC 4306 defines all valid types that can be used as an identifier. This Group ID type is sent as the 'ID Type' field of the Identification Payload for a GDOI GROUPKEY-PULL exchange. |
| jnxGdoiGroupIdLength | 1.3.6.1.4.1.2636.3.759.1.1.1.2 | unsigned32 | read-only |
The length (i.e. number of octets) of a Group ID. If no length is given (i.e. it has a value of 0), the default length of its jnxGdoiGroupIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'Payload Length' (subtracting the generic header length) of the Identification Payload for a GDOI GROUPKEY-PULL exchange. |
| jnxGdoiGroupIdValue | 1.3.6.1.4.1.2636.3.759.1.1.1.3 | jnxgdoiidentificationvalue | no-access |
The value of a Group ID with its type indicated by the jnxGdoiGroupIdType. Use the jnxGdoiGroupIdType to parse the Group ID correctly. This Group ID value is sent as the 'Identification Data' field of the Identification Payload for a GDOI GROUPKEY-PULL exchange. |
| jnxGdoiGroupName | 1.3.6.1.4.1.2636.3.759.1.1.1.4 | displaystring | read-only |
The string-readable name configured for or given to a GDOI Group. |
| jnxGdoiPeers | 1.3.6.1.4.1.2636.3.759.1.2 | |||
| jnxGdoiGmTable | 1.3.6.1.4.1.2636.3.759.1.2.2 | no-access |
A table of information regarding GDOI Group Members (GMs) locally configured on the network device being queried. Note that Local Group Members may or may not be registered to a Key Server in its GDOI Group on the same network device being queried. |
|
| 1.3.6.1.4.1.2636.3.759.1.2.2.1 | no-access |
An entry containing Local GDOI Group Member information, uniquely identified by Group & GM IDs. Because the Group Member is Local to the network device being queried, TEKs installed for this Group Member can be queried as well. |
||
| jnxGdoiGmIdType | 1.3.6.1.4.1.2636.3.759.1.2.2.1.1 | jnxgdoiidentificationtype | no-access |
The Identification Type Value used to parse the identity information for a Initiator or Group Member. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges. |
| jnxGdoiGmIdLength | 1.3.6.1.4.1.2636.3.759.1.2.2.1.2 | unsigned32 | read-only |
The length (i.e. number of octets) of a Group Member ID. If no length is given (i.e. it has a value of 0), the default length of its jnxGdoiGmIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' and 'DST ID Data Len' fields sent in the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges. |
| jnxGdoiGmIdValue | 1.3.6.1.4.1.2636.3.759.1.2.2.1.3 | jnxgdoiidentificationvalue | no-access |
The value of the identity information for a Group Member with its type indicated by the jnxGdoiGmIdType. Use the jnxGdoiGmIdType to parse the Group Member ID correctly. This Group Member ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges. |
| jnxGdoiGmRegKeyServerIdType | 1.3.6.1.4.1.2636.3.759.1.2.2.1.4 | jnxgdoiidentificationtype | read-only |
The Identification Type Value used to parse the identity information of this Group Member's registered Key Server. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges. |
| jnxGdoiGmRegKeyServerIdLength | 1.3.6.1.4.1.2636.3.759.1.2.2.1.5 | unsigned32 | read-only |
The length (i.e. number of octets) of the registered Key Server's ID. If no length is given (i.e. it has a value of 0), the default length of its jnxGdoiGmRegKeyServerIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' and 'DST ID Data Len' fields sent in the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges. |
| jnxGdoiGmRegKeyServerIdValue | 1.3.6.1.4.1.2636.3.759.1.2.2.1.6 | jnxgdoiidentificationvalue | read-only |
The value of the identity information for this Group Member's registered Key Server with its type indicated by the jnxGdoiGmRegKeyServerIdType. Use the jnxGdoiGmRegKeyServerIdType to parse the registered Key Server's ID correctly. This Key Server ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges. |
| jnxGdoiGmActiveKEK | 1.3.6.1.4.1.2636.3.759.1.2.2.1.7 | jnxgdoikekspi | read-only |
The SPI of the Key Encryption Key (KEK) that is currently being used by the Group Member to authenticate & decrypt a rekey from a GROUPKEY-PUSH message. |
| jnxGdoiGmRekeysReceived | 1.3.6.1.4.1.2636.3.759.1.2.2.1.8 | counter32 | read-only |
The sequence number of the last rekey successfully received from this Group Member's registered Key Server. |
| jnxGdoiGmActiveTEKNum | 1.3.6.1.4.1.2636.3.759.1.2.2.1.9 | counter32 | read-only |
The number of active traffic encryption keys (TEKS) currently being used by the Group Member to encrypt/decrypt/authenticate dataplane traffic. |
| jnxGdoiSecAssociations | 1.3.6.1.4.1.2636.3.759.1.3 | |||
| jnxGdoiGmKekTable | 1.3.6.1.4.1.2636.3.759.1.3.2 | no-access |
A table of information regarding GDOI Key Encryption Key (KEK) Security Associations (SAs) currently installed for GDOI entities acting as Group Members on the network device being queried. There is one entry in this table for each KEK SA that has been installed and not yet deleted. Each KEK SA is uniquely identified by a SPI at any given time. |
|
| 1.3.6.1.4.1.2636.3.759.1.3.2.1 | no-access |
An entry containing the attributes associated with a GDOI KEK SA, uniquely identified by the Group ID, Group Member (GM) ID, & SPI value assigned by the GM's registered Key Server to the KEK. There will be at least one KEK SA entry for each GM & two KEK SA entries for a given GM only during a KEK rekey when a new KEK is received & installed. The KEK SPI is unique for every KEK for a given Group Member. |
||
| jnxGdoiGmKekIndex | 1.3.6.1.4.1.2636.3.759.1.3.2.1.1 | unsigned32 | no-access |
The index of the GM KEK in table.The value of the index is a number which begins at one and is incremented with each KEK that is used by the GM for that GDOI group. |
| jnxGdoiGmKekSPI | 1.3.6.1.4.1.2636.3.759.1.3.2.1.2 | jnxgdoikekspi | read-only |
The value of the Security Parameter Index (SPI) of a KEK SA. The SPI must be the ISAKMP Header cookie pair where the first 8 octets become the 'Initiator Cookie' field of the GROUPKEY-PUSH message ISAKMP HDR, and the second 8 octets become the 'Responder Cookie' in the same HDR. As described above, these cookies are assigned by the GCKS. |
| jnxGdoiGmKekSrcIdType | 1.3.6.1.4.1.2636.3.759.1.3.2.1.3 | jnxgdoiidentificationtype | read-only |
The Identification Type Value used to parse the identity information for the source of a KEK SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'SRC ID Type' of the KEK payload. |
| jnxGdoiGmKekSrcIdLength | 1.3.6.1.4.1.2636.3.759.1.3.2.1.4 | unsigned32 | read-only |
The length (i.e. number of octets) of the source ID of a KEK SA. If no length is given (i.e. it has a value of 0), the default length of its jnxGdoiGmKekSrcIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' field sent in the KEK payload. |
| jnxGdoiGmKekSrcIdValue | 1.3.6.1.4.1.2636.3.759.1.3.2.1.5 | jnxgdoiidentificationvalue | read-only |
The value of the identity information for the source of a KEK SA with its type indicated by the jnxGdoiGmKekSrcIdType. Use the jnxGdoiGmKekSrcIdType to parse the KEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a KEK payload. |
| jnxGdoiGmKekSrcIdPort | 1.3.6.1.4.1.2636.3.759.1.3.2.1.6 | jnxgdoiunsigned16 | read-only |
The value specifying a port associated with the source ID of a KEK SA. A value of zero means that the port should be ignored. This port value is sent as the `SRC ID Port` field of a KEK payload. |
| jnxGdoiGmKekDstIdType | 1.3.6.1.4.1.2636.3.759.1.3.2.1.7 | jnxgdoiidentificationtype | read-only |
The Identification Type Value used to parse the identity information for the dest. (multicast rekey address) of a KEK SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'DST ID Type' of the KEK payload. |
| jnxGdoiGmKekDstIdLength | 1.3.6.1.4.1.2636.3.759.1.3.2.1.8 | unsigned32 | read-only |
The length (i.e. number of octets) of the destination ID of a KEK SA. If no length is given (i.e. it has a value of 0), the default length of its jnxGdoiGmKekDstIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'DST ID Data Len' field sent in the KEK payload. |
| jnxGdoiGmKekDstIdValue | 1.3.6.1.4.1.2636.3.759.1.3.2.1.9 | jnxgdoiidentificationvalue | read-only |
The value of the identity information for the destination of a KEK SA (multicast rekey address) with its type indicated by jnxGdoiGmKekDstIdType. Use the jnxGdoiGmKekDstIdType to parse the KEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a KEK payload. |
| jnxGdoiGmKekDstIdPort | 1.3.6.1.4.1.2636.3.759.1.3.2.1.10 | jnxgdoiunsigned16 | read-only |
The value specifying a port associated with the dest. ID of a KEK SA. A value of zero means that the port should be ignored. This port value is sent as the `DST ID Port` field of a KEK payload. |
| jnxGdoiGmKekIpProtocol | 1.3.6.1.4.1.2636.3.759.1.3.2.1.11 | jnxgdoiipprotocolid | read-only |
The value of the IP protocol ID (e.g. UDP/TCP) being used for the rekey datagram. |
| jnxGdoiGmKekMgmtAlg | 1.3.6.1.4.1.2636.3.759.1.3.2.1.12 | jnxgdoikeymanagementalgorithm | read-only |
The value of the KEK_MANAGEMENT_ALGORITHM which specifies the group KEK management algorithm used to provide forward or backward access control (i.e. used to exclude group members). KEK Management Type Value ------------------- ----- RESERVED 0 LKH 1 RESERVED 2-127 Private Use 128-255 |
| jnxGdoiGmKekEncryptAlg | 1.3.6.1.4.1.2636.3.759.1.3.2.1.13 | jnxgdoiencryptionalgorithm | read-only |
The value of the KEK_ALGORITHM which specifies the encryption algorithm used with the KEK SA. A GDOI implementaiton must support KEK_ALG_3DES. Following are the KEK encryption algoritm values defined in the GDOI RFC 3547, however the JnxGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 KEK_ALG_DES 1 KEK_ALG_3DES 2 KEK_ALG_AES 3 RESERVED 4-127 Private Use 128-255 |
| jnxGdoiGmKekEncryptKeyLength | 1.3.6.1.4.1.2636.3.759.1.3.2.1.14 | unsigned32 | read-only |
The value of the KEK_KEY_LENGTH which specifies the KEK Algorithm key length (in bits). |
| jnxGdoiGmKekSigHashAlg | 1.3.6.1.4.1.2636.3.759.1.3.2.1.15 | jnxgdoipseudorandomfunction | read-only |
The value of the SIG_HASH_ALGORITHM which specifies the SIG payload hash algorithm. This is not required (i.e. could have a value of zero) if the SIG_ALGORITHM is SIG_ALG_DSS or SIG_ALG_ECDSS, which imply SIG_HASH_SHA1 (i.e. must have a value of zero or SIG_HASH_SHA1). Following are the Signature Hash Algorithm values defined in the GDOI RFC 3547, however the JnxGdoiPseudoRandomFunction TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 SIG_HASH_MD5 1 SIG_HASH_SHA1 2 RESERVED 3-127 Private Use 128-255 |
| jnxGdoiGmKekSigAlg | 1.3.6.1.4.1.2636.3.759.1.3.2.1.16 | jnxgdoisignaturemethod | read-only |
The value of the SIG_ALGORITHM which specifies the SIG payload signature algorithm. A GDOI implementation must support SIG_ALG_RSA. Following are the Signature Algorithm values defined in the GDOI RFC 3547, however the JnxGdoiSignatureMethod TC defines all possible values. Algorithm Type Value -------------- ----- RESERVED 0 SIG_ALG_RSA 1 SIG_ALG_DSS 2 SIG_ALG_ECDSS 3 RESERVED 4-127 Private Use 128-255 |
| jnxGdoiGmKekSigKeyLength | 1.3.6.1.4.1.2636.3.759.1.3.2.1.17 | unsigned32 | read-only |
The value of the SIG_KEY_LENGTH which specifies the length of the SIG payload key. |
| jnxGdoiGmKekOakleyGroup | 1.3.6.1.4.1.2636.3.759.1.3.2.1.18 | jnxgdoidiffiehellmangroup | read-only |
The value of the KE_OAKLEY_GROUP which specifies the OAKLEY or Diffie-Hellman Group used to compute the PFS secret in the optional KE payload of the GDOI GROUPKEY-PULL exchange. |
| jnxGdoiGmKekOriginalLifetime | 1.3.6.1.4.1.2636.3.759.1.3.2.1.19 | unsigned32 | read-only |
The value of the KEK_KEY_LIFETIME which specifies the maximum time for which a KEK is valid. The GCKS may refresh the KEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds. |
| jnxGdoiGmKekRemainingLifetime | 1.3.6.1.4.1.2636.3.759.1.3.2.1.20 | unsigned32 | read-only |
The value of the remaining time for which a KEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of jnxGdoiGmKekOriginalLifetime and counts down to 0 in seconds. If the lifetime has already expired, this value should remain at zero (0) until the GCKS refreshes the KEK. |
| jnxGdoiGmKekStatus | 1.3.6.1.4.1.2636.3.759.1.3.2.1.21 | jnxgdoikekstatus | read-only |
The status of the KEK SA. When this status value is queried, one of the following is returned: inUse(1), new(2), old(3). |
| jnxGdoiGmTekSelectorTable | 1.3.6.1.4.1.2636.3.759.1.3.5 | no-access |
A table of information regarding GDOI Traffic Encryption Key (TEK) Security Associations (SAs/Policies) pushed by a Key Server & installed for GDOI entities acting as Group Members (GMs) on the network device being queried. There is one entry in this table for each unique TEK traffic selector (Source/Destination tuple) that has been downloaded from the Key Server and installed on the Group Member. |
|
| 1.3.6.1.4.1.2636.3.759.1.3.5.1 | no-access |
An entry containing the attributes associated with a GDOI TEK Policy/SA, uniquely identified by the Group ID, Group Member ID, Source/Destination IDs & Ports, and TEK SPI. There will be one or more TEK entries for each TEK Policy/SA received and installed by the given Group Member from its registered Key Server, each with a unique |
||
| jnxGdoiGmTekSelectorIndex | 1.3.6.1.4.1.2636.3.759.1.3.5.1.1 | unsigned32 | no-access |
The index of the Source/Destination pair secured by the GM TEK.The value of the index is a number which begins at one and is incremented with each Source/Destination pair that is secured by the GM TEK policy for that GDOI group. |
| jnxGdoiGmTekSrcIdType | 1.3.6.1.4.1.2636.3.759.1.3.5.1.2 | jnxgdoiidentificationtype | read-only |
The Identification Type Value used to parse the identity information for the source of a TEK Policy/SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'SRC ID Type' of the TEK payload. |
| jnxGdoiGmTekSrcIdLength | 1.3.6.1.4.1.2636.3.759.1.3.5.1.3 | unsigned32 | read-only |
The length (i.e. number of octets) of the source ID of a TEK Policy/SA. If no length is given (i.e. it has a value of 0), the default length of its jnxGdoiGmTekSrcIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'SRC ID Data Len' field sent in the TEK payload. |
| jnxGdoiGmTekSrcIdValue | 1.3.6.1.4.1.2636.3.759.1.3.5.1.4 | jnxgdoiidentificationvalue | read-only |
The value of the identity information for the source of a TEK Policy/SA with its type indicated by the jnxGdoiGmTekSrcIdType. Use the jnxGdoiGmTekSrcIdType to parse the TEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a TEK payload. |
| jnxGdoiGmTekSrcIdPort | 1.3.6.1.4.1.2636.3.759.1.3.5.1.5 | jnxgdoiunsigned16 | read-only |
The value specifying a port associated with the source ID of a TEK Policy/SA. A value of zero means that the port should be ignored. This port value is sent as the `SRC ID Port` field of a TEK payload. |
| jnxGdoiGmTekDstIdType | 1.3.6.1.4.1.2636.3.759.1.3.5.1.6 | jnxgdoiidentificationtype | read-only |
The Identification Type Value used to parse the identity information for the dest. of a TEK Policy/SA. RFC 4306 defines all valid types that can be used as an identifier. This identification type is sent as the 'DST ID Type' of the TEK payload. |
| jnxGdoiGmTekDstIdLength | 1.3.6.1.4.1.2636.3.759.1.3.5.1.7 | unsigned32 | read-only |
The length (i.e. number of octets) of the destination ID of a TEK Policy/SA. If no length is given (i.e. it has a value of 0), the default length of its jnxGdoiGmTekDstIdType should be used as long as it is not reprsented by an ASCII string. If the value has a type that is represented by an ASCII string, a length MUST be included. If the length given is not 0, it should match the 'DST ID Data Len' field sent in the TEK payload. |
| jnxGdoiGmTekDstIdValue | 1.3.6.1.4.1.2636.3.759.1.3.5.1.8 | jnxgdoiidentificationvalue | read-only |
The value of the identity information for the destination of a TEK Policy/SA with its type indicated by the jnxGdoiGmTekDstIdType. Use the jnxGdoiGmTekDstIdType to parse the TEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a TEK payload. |
| jnxGdoiGmTekDstIdPort | 1.3.6.1.4.1.2636.3.759.1.3.5.1.9 | jnxgdoiunsigned16 | read-only |
The value specifying a port associated with the dest. ID of a TEK Policy/SA. A value of zero means that the port should be ignored. This port value is sent as the `DST ID Port` field of a TEK payload. |
| jnxGdoiGmTekSecurityProtocol | 1.3.6.1.4.1.2636.3.759.1.3.5.1.10 | jnxgdoisecurityprotocol | read-only |
The value of the Protocol-ID field of a SA TEK (SAT) payload which specifies the Security Protocol for a TEK. Following are the Security Protocol values defined in the GDOI RFC 3547, however the JnxGdoiSecurityProtocol TC defines all possible values. Protocol ID Value ---------------------- ----- RESERVED 0 GDOI_PROTO_IPSEC_ESP 1 RESERVED 2-127 Private Use 128-255 |
| jnxGdoiGmTekPolicyMismatchAction | 1.3.6.1.4.1.2636.3.759.1.3.5.1.11 | jnxgdoipolicymismatchaction | read-only |
Default action for packets that does not match TEK Policy/SA received from group key server |
| jnxGdoiGmTekPolicyTable | 1.3.6.1.4.1.2636.3.759.1.3.6 | no-access |
A table of information regarding GDOI Traffic Encryption Key (TEK) Security Associations (SAs/Policies) received by a Key Server & installed for GDOI entities acting as Group Members (GMs) on the network device being queried. There is one entry in this table for each TEK SA that has been installed on the Group Member. |
|
| 1.3.6.1.4.1.2636.3.759.1.3.6.1 | no-access |
An entry containing the attributes associated with a GDOI TEK Policy/SA, uniquely identified by the Group ID, Group Member ID, TEK Selector (Source/Destination IDs & Ports), and TEK Policy index (TEK SPI and direction). There will be one or more TEK entries for each TEK Policy/SA received and installed by the given Group Member from its registered Key Server, each with a unique |
||
| jnxGdoiGmTekPolicyIndex | 1.3.6.1.4.1.2636.3.759.1.3.6.1.1 | unsigned32 | no-access |
The index of the SPI used to secure the GM TEK.The value of the index is a number which begins at one and is incremented with each row of the GM TEK SPI table. |
| jnxGdoiGmTekSPI | 1.3.6.1.4.1.2636.3.759.1.3.6.1.2 | jnxgdoitekspi | read-only |
The value of the Security Parameter Index (SPI) of a TEK Policy/SA. The SPI must be the SPI for ESP. |
| jnxGdoiGmTekEncapsulationMode | 1.3.6.1.4.1.2636.3.759.1.3.6.1.3 | jnxgdoiencapsulationmode | read-only |
The value of the Encapsulation Mode of a TEK (IPsec SA). Following are the Encapsulation Mode values defined in RFC 2407, however the JnxGdoiEncapsulationMode TC defines all possible values. Encapsulation Mode Value ------------------ ----- RESERVED 0 Tunnel 1 Transport 2 |
| jnxGdoiGmTekEncryptionAlgorithm | 1.3.6.1.4.1.2636.3.759.1.3.6.1.4 | jnxgdoiencryptionalgorithm | read-only |
The value of the Transform ID field of a PROTO_IPSEC_ESP payload which specifies the ESP transform to be used. If no encryption is used, this value will be zero (0). Following are the ESP Transform values defined in RFC 2407, however the JnxGdoiEncryptionAlgorithm TC defines all possible values. IPsec ESP Transform ID Value ------------------------ ----- RESERVED 0 ESP_DES_IV64 1 ESP_DES 2 ESP_3DES 3 ESP_RC5 4 ESP_IDEA 5 ESP_CAST 6 ESP_BLOWFISH 7 ESP_3IDEA 8 ESP_DES_IV32 9 ESP_RC4 10 ESP_NULL 11 |
| jnxGdoiGmTekEncryptionKeyLength | 1.3.6.1.4.1.2636.3.759.1.3.6.1.5 | unsigned32 | read-only |
The length of the key used for encryption in a TEK (in bits). |
| jnxGdoiGmTekIntegrityAlgorithm | 1.3.6.1.4.1.2636.3.759.1.3.6.1.6 | jnxgdoiintegrityalgorithm | read-only |
The value of the Authentication Algorithm for a TEK IPsec ESP SA. If no authentication is used, this value will be zero (0). Following are the Authentication Algorithm values defined in RFC 2407, however the JnxGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- HMAC-MD5 1 HMAC-SHA 2 DES-MAC 3 KPDK 4 |
| jnxGdoiGmTekIntegrityKeyLength | 1.3.6.1.4.1.2636.3.759.1.3.6.1.7 | unsigned32 | read-only |
The length of the key used for integrity/authentication in a TEK (in bits). |
| jnxGdoiGmTekWindowSize | 1.3.6.1.4.1.2636.3.759.1.3.6.1.8 | unsigned32 | read-only |
The size of the Time Based Anti-Replay (TBAR) window used by this TEK Policy/SA. |
| jnxGdoiGmTekOriginalLifetime | 1.3.6.1.4.1.2636.3.759.1.3.6.1.9 | unsigned32 | read-only |
The value of the SA Life Type defined in RFC 2407 which specifies the maximum time for which a TEK IPsec SA is valid. The GCKS may refresh the TEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds. |
| jnxGdoiGmTekRemainingLifetime | 1.3.6.1.4.1.2636.3.759.1.3.6.1.10 | unsigned32 | read-only |
The value of the remaining time for which a TEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of jnxGdoiGmTekOriginalLifetime and counts down to 0 in seconds. |
| jnxGdoiGmTekStatus | 1.3.6.1.4.1.2636.3.759.1.3.6.1.11 | jnxgdoitekstatus | read-only |
The status of the TEK Policy/SA. When this status value is queried, one of the following is returned: inbound(1), outbound(2), biDirectional(3). |