RCV3: View SNMP OID List / Download MIB

Boot Rom Software version, in the form 'major.minor[letters]'. If the version is unknown or not avaliable then the value should be a zero length string.

Software version, in the form 'major.minor[letters]'. If the version is unknown or not avaliable then the value should be a zero length string.

A Textual description to identify the firmware on the Ravlin.

Hardware version, in the form 'major.minor[letters]'. If the version is unknown or not avaliable then the value should be a zero length string.

Factory Assigned Unique Security ID for the Ravlin Unit. It consists of three parts of the form 'mmmCK-xxx-sssss'. mmm - is the model number. CK - is a single digit checksum xxx,sssss - is a sequence number.

Host name assigned to the Ravlin unit. If host name exists, then it is used as the DHCP host name, else rcDistinguishedName is used. Hence the name must be unique in a single DHCP scope. Max Size for Host name is 15 characters.

Interface table, for the Ravlin unit. This is a fixed sized table. The size of the table is determined by the value of ifNumber. Entries cannot be added or deleted.

An interface entry containing objects at the subnetwork layer and below for a particular interface.

The interface's address at the network layer in the protocol stack.

The subnet mask associated with the IP address of this entry. The value of the mask is an IP address with all the network bits set to 1 and all the hosts bits set to 0.

The interface's address at the protocol layer immediately `below' the network layer in the protocol stack. For interfaces which do not have such an address (e.g., a serial line), this object should contain an octet string of zero length.

The routing table for this Ravlin.

A route to a particular destination.

The destination IP address of this route. An entry with a value of 0.0.0.0 is considered a default route. This value should be logical-ANDed with the rc3IpRouteMask prior to being added to the table.

Indicates the mask that will be logical-ANDed with the destination address before being compared to the value in the rc3IpRouteDest field.

The index value which uniquely identifies the local interface through which the next hop of this route should be reached.

The IP address of the next hop of this route.

The primary routing metric for this route.

The routing mechanism via which this route was learned. Enumeration: 'bgp': 14, 'bbnSpfIgp': 12, 'ggp': 6, 'ospf': 13, 'egp': 5, 'rip': 8, 'es-is': 10, 'ciscoIgrp': 11, 'other': 1, 'is-is': 9, 'icmp': 4, 'local': 2, 'hello': 7, 'netmgmt': 3.

The number of seconds since this route was last updated or otherwise determined to be correct.

This object is used to create/delete rows from the IP Route Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

This is Bit Masked Object. Zero or more bits can be set or cleared. Bit 0 - Forward non-IP Traffic in Bridge Mode Bit 1 - Forward Local IP Traffic in Bridge Mode Bit 2 - Forward MAC Broadcast in Bridge Mode Bit 3 - Forward IP Broadcast in Router Mode Bit 4 - Send ICMP Re-Direct Messages in Router Mode Bit 5 - Forward Multicast Bit 6 - ARP proxy on the Remote Port Bit 7 - Ignore Don't frag bit. Default is disable. In default mode, if - the Don't frag bit is set, and packets needs to be fragmented - then Ravlin will send ICMP back to the sender and drop the packet. Bit 8 - NAT packets matching bypass selector list. Bit 9 - SNMP access on Remote port in clear. Default is enabled. If disabled then the ONLY way to access the device from the Remote side is to manage it via a tunnel. Note - 0 Allow SNMP on remote in the clear. - 1 Allow SNMP on remote thru. the tunnel. -- Enable/Disable is reversed for bit 9 to avoid hassles in backward -- compatibility Bit 10 - Enable/Disable PPPoE on Remote Port - Default is disable. Note - 1 Enable - 0 Disable Bit 11 - Enable/Disable PPPoE connect on Demand - Default is disable. Note - 1 Enable - 0 Disable Bit 29 - Enable/Disable listening to unsolicited ARP on local port. Default is disable. Note - 1 Enable - 0 Disable Bit 30 - Enable/Disable cascading packets from one gateway to another. Default is disable. Note - 1 Enable - 0 Disable The flags specifying behavior for bridge mode are ignored when the device is in router mode, and the flags specifying behavior for router mode are ignored when the device is in bridge mode.

User name

User Password. Password will be encrypted by RNM when doing a set. Get for user password

Service Name.

PPPoE Concentrator Name.

The duration in minutes to timeout PPPoE connection when there is no traffic.Default is 10 minutes.

Retry count for PPPoE. Default is 10.

IP address of DNS server1. When Ravlin is enabled to get its remote interface attributes via PPPoE, it will also provide DNS server IP address. This is a read-only attribute, the user can use to setup his end host.

IP address of DNS server1. When Ravlin is enabled to get its remote interface attributes via PPPoE, it will also provide DNS server IP address. This is a read-only attribute, the user can use to setup his end host.

Action object to do the following: warmstart - Reboots the device. Firmware and configuration information is maintained. clearallactiveSA - All active SA entries are removed. clearARPcache - All entries in the ARP cache are removed. clearmessagetable - All entries in the status message table will be removed. resettodefaults - IP address and subnet mask are maintained. All other configuration information is removed. Firmware is maintained. resettofactorydefaults - All configuration information is removed. Firmware is maintained. eraseflash - Firmware is removed and the device will be in BOOT ROM mode. Configuration information is maintained. disablebox - Delete Box's manufactured certificate and private key. ** ** WARNING: this function will render the Ravlin box useless. ** Use only when device is no longer required to be in service FOREVER. ** Enumeration: 'clearARPcache': 4, 'resettodefaults': 6, 'warmstart': 2, 'disablebox': 9, 'clearmessagetable': 5, 'eraseflash': 8, 'other': 1, 'resettofactorydefaults': 7, 'clearallactiveSA': 3.

The duration in minutes to cleanup ARP cache.

Object used to set new password for the box. For SNMP set operations the password is encrypted. The key for encrypt/Decrypt is generated by hashing the old password and a selector value. The default password is 1234. On read an octet string of zero length is returned.

The desired state of the Ravlin. For the passall and vpnready modes, the device will act as either a router or a bridge depending on the configuration of the network interfaces. If the two interfaces are on the same network, then the device will function as a bridge, otherwise it will function as a router. passall - all traffic either in bridge or router mode. blockall - drop all incoming packets. vpnready - use the policy database and configuration flags to determine which traffic to pass, block, or apply security. standby - (READ-ONLY) drop all incoming packets, until the device configuration is not complete. EUse this mode, when the remote interface has DHCP or PPPoE enabled. Enumeration: 'blockall': 2, 'standby': 4, 'vpnready': 3, 'passall': 1.

The duration in minutes to tear down the SA between the RavSoft client and Ravlin server.

IP Address of the DHCP server. This address can ONLY configured manually by SNMP.

This is Bit Masked Object. Zero or more bits can be set or cleared. Bit 0 - Enable/Disable DHCP on the Local Port Bit 1 - Enable/Disable DHCP on the Remote Port Bit 2 - Tunnel local host's DHCP request If the Bit is set, then DHCP is enabled, else it is disabled. By default DHCP is enabled on both ports.

Available for release 3.30 and up. Object used to set new password for the box. Refer to the textual convention of PbeShaEncryptedObject, for the process used to set this object. The default password is 1234. On read an octet string of zero length is returned. Password string size (1..20)

IP Address to be used for DHCP Relay. This is used when the Ravlin unit redeives a DHCP request from the Ravsoft client.

Time in seconds after which the polling will occur. A value of 0 means that this Ravlin will not poll. Default value is zero(0). The minimum value can be set is 30 seconds and maximum is 600 seconds.

Time in seconds after which reporting will occur.

This is the threshold of packet loss below which a warning trap will be generated. This threshold is measured in percentage of packets sent versus packets received.

Indentify the interface to broadcast DHCP requests. When the DHCP server IP Address is not a broadcast address, then SNMP agent will return a value of notApplicable. Manager CANNOT set this object to notApplicable. Enumeration: 'remote': 2, 'local': 1, 'notApplicable': 3.

Enables a head end device not to keep state information for DHCP records, used in DHCP relay. This will allow head end to be in cluster topology. When enabled, DHCP records will exchanged via ISAKMP private notify messages after ISAKMP SA is established. If disabled then DHCP records are saved in NVM. Enumeration: 'enable': 1, 'disable': 2.

Number of active Secure Associations(SA).

Number of pending Secure Associations.

Indicates number of times the signature failed.

The table containing the status messages for this device. This entire table is read-only.

An entry in the status message table. For status messages that repeat, only one entry is used, and the rc3EventCodeRepetitions filed identifies the number of consecutive messages of that type that have occurred. This should prevent the table from being wiped out by a series of consecutive messages of the same type. The entire table can be cleared using rc3Reset.

This value is used as a unique identifier for each entry.

The time when this message was first generated.

The time when this message was last generated.

An identifier of the event caused the status message to be generated.

The number of times in a row this event occurred.

If the event code maps to a string that contains '%1', this value will be substituted for the '%1' when the string is displayed.

If the event code maps to a string that contains '%2', this value will be substituted for the '%2' when the string is displayed.

IP Address of the syslog server.

Port number for the syslog service.

Specify how verbose the message logging should be. Enumeration: 'normal': 5, 'invalid': 7, 'severe': 2, 'critical': 1, 'error': 3, 'debug': 6, 'warning': 4.

The table containing the list of syslog server IP Address, syslog port, and priority of syslog message it will receive.

An entry in the syslog server table. This table can have zero to five entries.

This value is used as a unique identifier for each entry.

This value is used as a unique identifier for each entry.

Specify how verbose the message logging should be. Enumeration: 'normal': 5, 'severe': 2, 'critical': 1, 'error': 3, 'debug': 6, 'warning': 4.

This object is used to create/delete rows from the SYSLOG server Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

This object is used to change Read Community string public. For SNMP set operations the string is encrypted. The key for encrypt/Decrypt is generated by hashing the password and a selector value. This object will return NULL for get/getnext.

This object is used to change Write Community string private. For SNMP set operations the string is encrypted. The key for encrypt/Decrypt is generated by hashing the password and a selector value. This object will return NULL for get/getnext.

A Table to register SNMP Manager IP Address and community string to receive TRAP's from Ravlin Unit. This table can have a maximum of 5 entries.

A row in the Trap Receiver Table. Rows in this table can be created or Deleted.

The IP Address of the SNMP Manager that would receive TRAP.

Community string used by SNMP Manager.

Specifies the types of TRAPS that this manager should received.

This object is used to create/delete rows from the TRAP Receiver Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

This object will return the reason for the last SNMP SET error. Since SNMPv1 has a limited number of error codes, this object provides an extension to report specific enterprise errors.

Available for release 3.30 and up. Object used to set read community string for this device. Refer to the textual convention of PbeShaEncryptedObject, for the process used to set this object. The default ReadCommunityString is 'public'. On read an octet string of zero length is returned. read community string SIZE(1..20)

Available for release 3.30 and up. Object used to set write community string for this device. Refer to the textual convention of PbeShaEncryptedObject, for the process used to set this object. The default WriteCommunityString is 'private'. On read an octet string of zero length is returned. write community string SIZE(1..20)

Enable or Disable client Authentication. There are two Authentication methods. Either RADIUS or LOCAL. Client Authentication is not avaliable on the personal Ravlin. Enumeration: 'enableLocal': 3, 'enableRadius': 1, 'disableAuthentication': 2.

Specify the current active RADIUS server by its IP Address. If this RADIUS server is not responding, then the agent will direct RADIUS requests to the next preferred RADIUS server in the list, and accordingly change the value of this object to indicate the active server.

Specify the priority of the Radius servers in the table. Each octet will specify one of the entries in order of preference.

Table, to setup Primary and/or Secondary Authentication Server. This is a fixed sized table. RADIUS packets will be routed to their destination using the Route Table.

RADIUS Auth Server entry containing all the attributes required to configure Auth Server. There will be a maximum of three entries in the table. If rc3RadiusAuthServerIP is 0.0.0.0, then that row is not used.

A unique identifier for the entry in this table. Valid values are 1-3.

The IP Address (Network Address), of the RADIUS Authentication server.

Specifies the UDP port number used by the RADIUS service on the Authentication Server.

If zero, then use vendor specific attributes. Otherwise this object specifies the first offset to use for the RedCreek attribute values.

This is the shared secret between the Ravlin and Radius Server. For SNMP set operations the string is encrypted. The key for encrypt/Decrypt is generated by hashing the password and a selector value. This object will return NULL for get/getnext.

This limits the number of retries with the Authentication Server. Default is 3. Maximum is 5. Min is 1

Available for release 3.30 and up. Object used to set shared secret key between the Ravlin and Radius Server. Refer to the textual convention of PbeShaEncryptedObject, for the process used to set this object. If the preshared key exists, then on read a dummy string is returned. shared secret key length is (0..32)

Table to maintain the database of user name, password and static virtual IP Address and Mask.

Entries in this table can be added and deleted.

A unique value for each entry.

User name, used to logon and get authenticated. When password is read it will return a NULL string.

Password for the user, to authenticated with

Static virtual IP address.

Static virtual Mask

This object is used to create/delete rows from the IP Route Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

Size of Image in bytes. SNMP manager must send this value before it can do a software download. On receipt of this object the AGENT will allocate the memory of rc3ImageSize, and start a 60 second timer. If the Agent does not receive the actual software block within the timeout period, it will assume the software download is aborted.

A block of software image to be downloaded to the flash. AGENT uses a 60 second timer to timeout and abort software download, if no more block is received. On read the AGENT returns a zero length (NULL) string.

A sequential counter to keep track of the block number of the image that is sent by the SNMP Manager.

A new Random number is used for every set hash computation. After the set operation is successful, the Ravlin changes the random number value, thus preventing replay.

Image checksum/hash, after the last block of Image download is completed. On this indication the AGENT will do a checksum verification, and if correct will write the Image to the flash. If download Image checksum is incorrect then returns 'Gen Err'.

The duration in minutes to re-authenticate a user for gateway access. Minimum is 30 minutes.

UDP port used for ULA authentication. By default the Ravlin will send to the RADIUS port 1812.

This object reads the current system time in GMT.

Table containing the CA certificates and public keys that can be used to verify User Certificate. The index value of 1 and 2 is reserved for RedCreek CA certificate that is manufactured into the box. Attempts to modify this entry will return generic error. A total of upto 6 CA certificates can be added.

The entries in this table indicate that trust has been established for this root CA. Entries in the Policy Database will list an issuer name that is trusted, and the certificate for that issuer should reside in this table.

A unique identifier for this certificate in this table.

Textual string used to identify a CA certificate.

The x509v3 DER encoded CA certificate.

This object is used to create/delete rows from the CA Certificate Table. See the definition for RowStatus for a range of valid values used.

Table containing the User certificates and public keys that can be used to identify this device to its peers. A public/private key pair will be generated for each entry as it is added to the table. The private keys are stored on the device, but are not readable via SNMP. The index value of 1 is reserved for the User certificate signed by RedCreek CA and is manufactured into the box. Attempts to modify that entry will cause an error.

The entries in this table can be used as a cache for peer certificates. An attempt to verify the certificate is made when the entry is added to the table.

A unique identifier for this certificate in this table.

Textual string used to identify a User certificate.

The x509v3 DER encoded user certificate.

This object is used to create/delete rows from the User Certificate Table. See the definition for RowStatus for a range of valid values used.

User Certificate info. used to generate a PKCS10 info. This info. a public/private key pair.

Algorithm used to sign the hash.

If the two items above are set then is used to actually to start generating the key pair.

This table contains a list of ISAKMP phase one proposals.

An entry in the ISAKMP phase one proposal table.

This value is used as a unique identifier for entries in this table.

The encryption type. Currently only des-cbc-56 and 3des-cbc and des-cbc-40 are supported. Enumeration: 'des-cbc-40': 249, 'triple-des-cbc': 5, 'des-cbc': 1.

The hash type. Currently md5 and sha are supported. Enumeration: 'sha': 2, 'md5': 1.

later Enumeration: 'rsa-encryption': 4, 'dss-signature': 2, 'pre-sharedkey': 1, 'rsa-signature': 3.

later Enumeration: 'group': 2, 'group1': 1.

This table contains a list of ESP proposals.

An entry in the ESP proposal table.

This value is used as a unique identifier for entries in this table.

later Enumeration: 'esp-3des': 3, 'esp-null': 0, 'esp-des': 2, 'esp-40des': 249.

later Enumeration: 'tunnel': 1, 'transport': 2.

later Enumeration: 'des-mac': 3, 'no-auth': 0, 'hmac-sha-1': 2, 'hmac-md5': 1.

later Enumeration: 'group': 2, 'group1': 1.

This table contains a list of AH proposals.

An entry in the AH proposal table.

This value is used as a unique identifier for entries in this table.

later Enumeration: 'ah-sha': 3, 'reserved': 1, 'ah-md5': 2.

later Enumeration: 'tunnel': 1, 'transport': 2.

later Enumeration: 'group': 2, 'group1': 1.

This table contains a list of EIP proposals.

An entry in the EIP proposal table.

This value is used as a unique identifier for entries in this table.

later Enumeration: 'eip-40des': 249, 'eip-des': 2, 'eip-3des': 3.

This table contains info. about the remote unit. Remote unit type determines the attributes that are required to be configured. Entries in this table can be added or deleted.

A Remote unit info entry containing objects to identify remote unit type, DN, Key Mgmt method used, IPSEC protocol to be negotiated, and Next Hop if there is a need to OVERRIDE the routing table.

A unique numeric ID value for each Pde. This value is used to index into the table.

The semantics for the different remote unit type is host - need to specify DN, KeyMgmt, and IpsecProtocol (Addr optional) gateway - need to specify DN, KeyMgmt, and IpsecProtocol (Addr optional) bypassboth - need to specify nothing else in this table bypassoutbound - need to specify nothing else in this table Enumeration: 'bypassoutbound': 4, 'host': 1, 'gateway': 2, 'bypassboth': 3.

IP Address of the remote Ravlin unit. This is used for hosts and gateways that have static IP addresses. A value of 0.0.0.0 indicates that the peer is has a dynamic IP address.

The Distinguished Name of the peer. Can be a Security ID (SID), DER encoded DN, or a DN filter.

The Distinguished Name of the issuer that signed the peer's certificate. If the SID is being used, then the issuer DN should be null.

This index corresponds to an entry in the local certificate table, which will determine which local certificate will be used to identify this device to the peer device.

manual - use manual method to derive session keys. isakmp - use IETF protocol ISAKMP to derive session keys. Enumeration: 'isakmp': 2, 'manual': 1.

This index corresponds to an entry in either the rc3PdeManualKeyMgmtTable, or an entry in the rc3PdeIsakmpKeyMgmtTable depending on the value of rc3PdePeerKeyMgmtType.

This index corresponds to an entry in the rc3PdeIpsecProtocolTable, use a value of zero for eip.

This indicates the interface to use in order to deliver the packet to the Remote unit. If none is specified, then the routing table will be used to determine the next hop. Enumeration: 'none': 1, 'remote': 3.

If non-zero, then this represents the next hop IP Address used by this Pde. If this value is zero, then use the next hop from the Routing table.

Allow the packet to continue the Pde selection process when rc3StatConnStatus is failed or dropped. Enumeration: 'enable': 1, 'disable': 2.

The type of key lifetime for ISAKMP phase one. Enumeration: 'seconds': 1.

The lifetime in seconds for ISAKMP phase one.

The lifetime in kilobytes for ISAKMP phase one.

The type of key lifetime for IPsec. Enumeration: 'seconds': 1.

The lifetime in seconds for IPsec.

The lifetime in kilobytes for IPsec.

This object is used to create/delete rows from the Policy Database Entry Peer Info Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

Value specifying an associated IP protocol ID (e.g UDP/TCP). A value of zero means that the protocol ID field should be ignored.

Value specifying an associated port. A value of zero means that the port field should be ignored.

Value specifying an associated port. A value of zero means that the port field should be ignored.

Name used to uniquely identify a PDE. Ravlin firmware will assign a unique Default pdeName value for each PDE inserted, and can be changed.

If enabled for a gateway PDE ONLY, then each user needs to be authenticated after SA is established. This bit has no meaning for any other type of PDE. Enumeration: 'enable': 1, 'disable': 2.

Specifies remote ravlin's local IP Address. A value of 0 means that this PDE does not participate in polling.

This table provides the selector list containing 1..n entry pair(s) of network number and mask for the local interface. Entries in this table can be added or deleted.

An entry in the Local Network Selector Table. Rows are created by an SNMP SET request seeting the value of rc3PdeLocalNetworkRowStatus to 'createAndGo' or 'createAndWait'. Rows are deleted by an SNMP SET request setting the value of rc3PdeLocalNetworkRowStatus to 'destroy'.

The local network address that will be used to match packets for this entry in the Policy Database.

The local network mask that will be used to match packets for this entry in the Policy Database.

This object is used to create/delete rows from the Policy Database Entry Local Network Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

This table provides the selector list containing 1..n entry pair(s) of network number and mask for the Remote interface.

An entry in the Remote Network Selector Table. Rows are created by an SNMP SET request seeting the value of rc3PdeRemoteNetworkRowStatus to createAndGo or createAndWait. Rows are deleted by an SNMP SET request setting the value of rc3PdeRemoteNetworkRowStatus to destroy.

The remote network address that will be used to match packets for this entry in the Policy Database.

The remote network mask that will be used to match packets for this entry in the Policy Database.

This object is used to create/delete rows from the Policy Database Entry Remote Network Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

This table provides statistics for each Security Association(Pde).

Entries in table cannot be added or deleted. This table is completely controlled by the agent. Each Pde statistics will be represented by an entry in this table.

Second index into the stat table. Currently since multiple clients share the policy database entry, this allows stat from all clients sharing this database entry.

Values 1..4 are controlled by the agent. ONLY value 5, 6, is a read-write value from the manager. Value 5, will block all traffic and 6, will initiate ISAKMP with the remote when it receives the next IP packet that matches the selector. Enumeration: 'rebuild': 6, 'failed': 4, 'inactive': 1, 'pending': 3, 'active': 2, 'block': 5.

Time this Pde was actually established.

Total encrypted packet count for this Pde, identified by Pde indx.

Total encrypted byte count for this Pde, identified by Pde indx.

Total decrypted packet count for this Pde, identified by Pde indx.

Total decrypted byte count for this Pde, identified by Pde indx.

later

SNMP GET/GET NEXT for this object will return value other. SNMP SET request of reset will clear the stat values for row index by rc3PdePeerIndx, and rc3SAStatPeerAddr. Enumeration: 'reset': 2, 'other': 1.

User name used for RADIUS authentication.

The number of ICMP polling packets sent through this PDE's tunnel.

The number of ICMP polling packet responses recieved through this PDE's tunnel.

The average round trip time on milliseconds of all polling packets.

The maximum round trip time on milliseconds for a ICMP polling packet.

The minimum round trip time on milliseconds for a ICMP polling packet.

Table contains all the required parameters if manual keying method is used to establish an Pde. Entries in this table can be added or deleted. The initial release will allow only one entry (rc3PdeManualIndx = 1).

Row Entry for Manual Key Mgmt Table.

This value is used as a unique identifier for entries in this table.

later

later

later

later

later

later

This object is used to create/delete rows from the Policy Database Entry Manual Key Management Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

Available for release 3.30 and up. Object used to set manual inbound encryption key. Refer to the textual convention of PbeShaEncryptedObject, for the process used to set this object. If the manual inbound encryption key exists, then on read a dummy string is returned. manual inbound encryption key length is (0..24)

Available for release 3.30 and up. Object used to set manual outbound encryption key. Refer to the textual convention of PbeShaEncryptedObject, for the process used to set this object. If the manual outbound encryption key exists, then on read a dummy string is returned. manual outbound encryption key length is (0..24)

Available for release 3.30 and up. Object used to set manual inbound authentication key. Refer to the textual convention of PbeShaEncryptedObject, for the process used to set this object. If the manual inbound authentication key exists, then on read a dummy string is returned. manual inbound authentication key length is (0..20)

Available for release 3.30 and up. Object used to set manual inbound authentication key. Refer to the textual convention of PbeShaEncryptedObject, for the process used to set this object. If the manual inbound authentication key exists, then on read a dummy string is returned. manual outbound authentication key length is (0..20)

Table contains all the required parameters if ISAKMP keying method is used to establish a Security Association for a Policy Database Entry. The rc3PdeIsakmpIndx value is referenced by the rc3PdePeerKeyMgmtIndx value in the rc3PdePeerInfoTable. Entries in this table can be added or deleted.

An entry in the ISAKMP Key Management Table.

This value is used as a unique identifier for entries in this table.

Each byte in the octet string will specify (in order of preference) the index into the ISAKMP proposal table (rc3IsakmpProposalTable). Up to eight proposals can be entered. These values are used when negotiating the ISAKMP phase one session.

later

later

later

This object is used to create/delete rows from the Policy Database Entry ISAKMP Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

Available for release 3.30 and up. Object used to set preshared Authentication key. Refer to the textual convention of PbeShaEncryptedObject, for the process used to set this object. If the preshared key exists, then on read a dummy string is returned. Preshared key length is (0..32)

This table contains sets of IPsec proposals for use when negotiating ESP, AH, or mixed mode Security Associations. The rc3PdeIpsecProtocolIndx value is referenced by the rc3PdePeerIpsecProtocolIndx value in the rc3PdePeerInfoTable.

later

This value is used as a unique identifier for entries in this table.

Indicates the protocol type that the list of Proposals refer to. Enumeration: 'mixed': 3, 'ah': 1, 'proprietaryeip': 4, 'esp': 2.

Each byte in the octet string will specify (in order of preference) the index into the ESP or AH proposal table (rc3EspProposalTable or rc3AhProposalTable). Up to eight proposals can be entered. If mixed mode is used, then the first four bytes will specify ESP proposals, and the last four bytes will specify AH proposals. These values are used when negotiating the IPsec session.

This object is used to create/delete rows from the Policy Database Entry IPsec Protocol Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

This table contains a set of filters for each entry in the Policy Database. If one or more filters exist for a given policy entry, then those filters will be check after a packet has matched the local and remote network selectors. The filters can specify whether to block the packet, pass it in the clear, or use the action specified in the policy entry.

The table index includes the index from the corresponding policy database entry, as well as the protocol and port. All entries in this table that have the same rc3PdePeerIndx value will be used to determine the disposition of packets that match that policy entry.

The IP protocol number.

The TCP/UDP port number.

This variable determines how the packet should be handled if it matches this selection entry. block - drop the packet pass - pass the packet in the clear operational - use the rc3PdePeerType value in the corresponding rc3PdePerrInfoTable to determine how to handle the packet Enumeration: 'operational': 3, 'block': 1, 'pass': 2.

This object is used to create/delete rows from the Policy Database Entry Select Protocol Table. See the definition for RowStatus for a range of valid values used. On read status indicates ACTIVE.

The count of number of Pde(s) completely configured on the Ravlin unit.

This indicates the searc3h order for the Pde list. The list is ordered in the ascending order; i.e Pde with the lowest preference value has the highest priority.

The next available unique indx for the manager to create a instance of the PDE Peer Info. table entry.