-- extracted from draft-ietf-ipsec-isakmp-di-mon-mib-00.txt -- at Mon Nov 15 17:11:16 1999 ISAKMP-DOI-IND-MON-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32, OBJECT-IDENTITY -- delete this and next line before release , experimental FROM SNMPv2-SMI TEXTUAL-CONVENTION, TruthValue FROM SNMPv2-TC IsakmpDOI FROM IPSEC-ISAKMP-IKE-DOI-TC; isakmpDoiIndMonModule MODULE-IDENTITY LAST-UPDATED "9906031200Z" ORGANIZATION "IETF IPSec Working Group" CONTACT-INFO " Tim Jenkins TimeStep Corporation 362 Terry Fox Drive Kanata, ON K0A 2H0 Canada +1 (613) 599-3610 tjenkins@timestep.com John Shriver Intel Corporation 28 Crosby Drive Bedford, MA 01730 +1 (781) 687-1329 John.Shriver@intel.com " DESCRIPTION "The MIB module to describe the DOI-independent part of ISAKMP objects; to be used for monitoring purposes." REVISION "9906031200Z" DESCRIPTION "Initial revision." -- replace xxx in next line before release, uncomment before release -- ::= { mib-2 xxx } -- delete this and next line before release ::= { experimental 501 } -- invalid! isakmpDoiIndMIBObjects OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all ISAKMP branches." ::= { isakmpDoiIndMonModule 1 } -- -- significant branches -- isakmpSaTable OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for the security associations table." ::= { isakmpDoiIndMIBObjects 1 } isakmpGlobals OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global values for ISAKMP." ::= { isakmpDoiIndMIBObjects 2 } isakmpNegStats OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global counters for ISAKMP negotiation statistics." ::= { isakmpDoiIndMIBObjects 3 } isakmpTrafStats OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global counters for ISAKMP security association traffic statistics." ::= { isakmpDoiIndMIBObjects 4 } isakmpErrors OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global error counters for ISAKMP." ::= { isakmpDoiIndMIBObjects 5 } isakmpGroups OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which describe the groups in this MIB." ::= { isakmpDoiIndMIBObjects 6 } isakmpConformance OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which describe the conformance for this MIB." ::= { isakmpDoiIndMIBObjects 7 } -- -- textual conventions -- IsakmpIpv6Address ::= TEXTUAL-CONVENTION DISPLAY-HINT "2x:2x:2x:2x:2x:2x:1d.1d.1d.1d" STATUS current DESCRIPTION "This data type is used to model IPv6 address prefixes. This is a binary string of 16 octets in network byte-order." SYNTAX OCTET STRING (SIZE (16)) IsakmpCookie ::= TEXTUAL-CONVENTION DISPLAY-HINT "x" STATUS current DESCRIPTION "This data type is used to model ISAKMP cookies. This is a binary string of 8 octets in network byte-order." SYNTAX OCTET STRING (SIZE (8)) -- the ISAKMP DOI-independent SA MIB-Group -- -- a collection of objects providing information about the -- DOI-independent portion of SAs generated using ISAKMP -- saTable OBJECT-TYPE SYNTAX SEQUENCE OF SaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table containing the DOI-independent portion of ISAKMP SAs." ::= { isakmpSaTable 1 } saEntry OBJECT-TYPE SYNTAX SaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) containing the DOI-independent information on a particular ISAKMP SA." INDEX { saLocalIpAddress, saRemoteIpAddress, saInitiatorCookie, saResponderCookie } ::= { saTable 1 } SaEntry::= SEQUENCE { -- identification saLocalIpAddress IsakmpIpv6Address, saRemoteIpAddress IsakmpIpv6Address, saInitiatorCookie IsakmpCookie, saResponderCookie IsakmpCookie, -- communication information saLocalUdpPort INTEGER, saRemoteUdpPort INTEGER, -- peer version information saPeerMajorVersion INTEGER, saPeerMinorVersion INTEGER, -- creation/status/type saDoi IsakmpDOI, saLocallyInitiated TruthValue, saStatus INTEGER, saExchangeType INTEGER, -- statistics saInPackets Counter32, saOutPackets Counter32, saInOctets Counter32, saOutOctets Counter32 } saLocalIpAddress OBJECT-TYPE SYNTAX IsakmpIpv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "The local address used to negotiated the ISAKMP phase 1 SA. For implementations that do not support IPv6, this address should appear as one of the IPv4-mapped IPv6 addresses as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is used for IPv4 only nodes, while the prefix '0000:0000:0000:0000:0000:0000:' is used for bi-lingual nodes." ::= { saEntry 1 } saRemoteIpAddress OBJECT-TYPE SYNTAX IsakmpIpv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "The remote address used to negotiated the ISAKMP phase 1 SA. For implementations that do not support IPv6, this address should appear as one of the IPv4-mapped IPv6 addresses as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is used for IPv4 only nodes, while the prefix '0000:0000:0000:0000:0000:0000:' is used for bi-lingual nodes." ::= { saEntry 2 } saInitiatorCookie OBJECT-TYPE SYNTAX IsakmpCookie MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the cookie used by the initiator for the ISAKMP phase 1 SA." ::= { saEntry 3 } saResponderCookie OBJECT-TYPE SYNTAX IsakmpCookie MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the cookie used by the responder for the ISAKMP phase 1 SA. Note that this value may be 0 if the ISAKMP phase 1 SA has been initiated but not responded to by the peer entity. It must never be 0 if this entry represents an ISAKMP phase 1 SA establishment attempt that has been initiated by the peer. This rule prevents index collisions in the (unlikely) event that two peers simultaneously initiate with the same cookie at the same time." ::= { saEntry 4 } saLocalUdpPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The local UDP port number that this ISAKMP phase 1 SA was negotiated with." ::= { saEntry 5 } saRemoteUdpPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The remote UDP port number that this ISAKMP phase 1 SA was negotiated with." ::= { saEntry 6 } saPeerMajorVersion OBJECT-TYPE SYNTAX INTEGER (0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "The major version number from the ISAKMP packet header used by the peer." REFERENCE "Section 3.1 of RFC2408" ::= { saEntry 7 } saPeerMinorVersion OBJECT-TYPE SYNTAX INTEGER (0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "The minor version number from the ISAKMP packet header used by the peer." REFERENCE "Section 3.1 of RFC2408" ::= { saEntry 8 } saDoi OBJECT-TYPE SYNTAX IsakmpDOI MAX-ACCESS read-only STATUS current DESCRIPTION "The specific DOI value using ISAKMP. Note that this value MAY be 0, as allowed by Section 3.4 of RFC2408" REFERENCE "Section 3.3, RFC2408" ::= { saEntry 9 } saLocallyInitiated OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This value is 'true' if the ISAKMP phase 1 SA was initiated by the local entity, and 'false' if initiated by the remote entity." ::= { saEntry 10 } saStatus OBJECT-TYPE SYNTAX INTEGER { negotiating(1), established(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the ISAKMP phase 1 SA. If the state is 'negotiating', it means that processing of the final packet of the phase 1 exchange is not yet complete. If the state is 'established', it means that processing of all packets associated with ISAKMP phase 1 SA negotation is complete, and the entities involved in the ISAKMP phase 1 SA are authenticated." ::= { saEntry 11 } saExchangeType OBJECT-TYPE SYNTAX INTEGER { base(1), identityProtection(2), authOnly(3), aggressive(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The exchange type used to negotiate the ISAKMP phase 1 SA. Other values may be used by specific domains." REFERENCE "Section 3.1 RFC2408" ::= { saEntry 12 } saInPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the ISAKMP phase 1 SA, including un-encrypted packets used to negotiate the ISAKMP phase 1 SA, and any re-transmissions." ::= { saEntry 13 } saOutPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by the ISAKMP phase 1 SA, including un-encrypted packets used to negotiate the ISAKMP phase 1 SA, and any re-transmissions received." ::= { saEntry 14 } saInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of encrypted traffic measured in bytes received by the ISAKMP phase 1 SA. This includes encrypted traffic used to negotiate the ISAKMP phase 1 SA, and any re- transmissions received." ::= { saEntry 15 } saOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of encrypted traffic measured in bytes sent by the ISAKMP phase 1 SA. This includes encrypted traffic used to negotiate the ISAKMP phase 1 SA, and any re- transmissions." ::= { saEntry 16 } -- -- the ISAKMP Entity MIB-Group -- isakmpMajorVersion OBJECT-TYPE SYNTAX INTEGER ( 0..15 ) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum major version number value capable of being supported by the entity." ::= { isakmpGlobals 1 } isakmpMinorVersion OBJECT-TYPE SYNTAX INTEGER ( 0..15 ) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum minor version number value capable of being supported by the entity." ::= { isakmpGlobals 2 } -- -- ISAKMP phase 1 SA statistics -- isakmpCurrentSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of ISAKMP SAs in the entity." ::= { isakmpNegStats 1 } isakmpCurrentInitiatedSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of ISAKMP SAs successfully negotiated in the entity that were initiated by the entity." ::= { isakmpNegStats 2 } isakmpCurrentRespondedSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of ISAKMP SAs successfully negotiated in the entity that were initiated by the peer entity." ::= { isakmpNegStats 3 } isakmpTotalSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs successfully negotiated in the entity since boot time." ::= { isakmpNegStats 4 } isakmpTotalInitiatedSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs successfully negotiated in the entity since boot time that were initiated by the entity." ::= { isakmpNegStats 5 } isakmpTotalRespondedSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs successfully negotiated in the entity since boot time that were initiated by the peer entity." ::= { isakmpNegStats 6 } isakmpTotalAttempts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs negotiation attempts made since boot time. This includes successful negotiations." ::= { isakmpNegStats 7 } isakmpTotalAsInitAttempts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs negotiation attempts made where the entity was the initiator since boot time. This includes successful negotiations." ::= { isakmpNegStats 8 } isakmpTotalAsRespAttempts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs negotiation attempts made where the entity was the responder since boot time. This includes successful negotiations." ::= { isakmpNegStats 9 } -- -- traffic statistics -- isakmpTotalInPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP packets received by the entity since boot time, including re-transmissions." ::= { isakmpTrafStats 1 } isakmpTotalOutPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP packets sent by the entity since boot time, including re-transmissions." ::= { isakmpTrafStats 2 } isakmpTotalInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total amount of encrypted ISAKMP traffic received by the entity since boot time, measured in bytes, including any re- transmitted packets received or sent." ::= { isakmpTrafStats 3 } isakmpTotalOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total amount of encrypted ISAKMP traffic sent by the entity since boot time, measured in bytes, including any re- transmissions." ::= { isakmpTrafStats 4 } -- -- global error counts -- isakmpTotalInitFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of attempts to initiate an ISAKMP phase 1 SA that failed since boot time, when there was a response from the peer entity. This value may be used to detect clogging or denial-of- service attacks." ::= { isakmpErrors 1 } isakmpTotalInitNoResponses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of attempts to initiate an ISAKMP phase 1 SA that failed since boot time, when there was no response from the peer entity." ::= { isakmpErrors 2 } END