-- extracted from draft-ietf-ipsec-isakmp-di-mon-mib-04.txt -- at Thu Oct 4 06:06:29 2001 ISAKMP-DOI-IND-MON-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32, Integer32, Counter64, NOTIFICATION-TYPE, OBJECT-IDENTITY -- delete this and next line before release , experimental FROM SNMPv2-SMI TEXTUAL-CONVENTION, TruthValue FROM SNMPv2-TC OBJECT-GROUP, NOTIFICATION-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF InetAddressType, InetAddress FROM INET-ADDRESS-MIB IsakmpDOI, IsakmpExchangeType FROM IPSEC-ISAKMP-IKE-DOI-TC; isakmpDoiIndMonModule MODULE-IDENTITY LAST-UPDATED "0110031200Z" ORGANIZATION "IETF IPsec Working Group" CONTACT-INFO " Tim Jenkins Catena Networks 307 Legget Drive Kanata, ON Canada K2K 3C8 +1 (613) 599-6430 tjenkins@catena.com John Shriver Intel Corporation 28 Crosby Drive Bedford, MA 01730 +1 (781) 687-1329 John.Shriver@intel.com " DESCRIPTION "The MIB module to describe the DOI-independent part of ISAKMP objects; to be used for monitoring purposes." REVISION "9906031200Z" DESCRIPTION "Initial revision." REVISION "9910211200Z" DESCRIPTION "Compliances and groups added. OID value under experimental tree added. Removed SA expiration objects. Added invalid cookie count and trap." REVISION "0007101200Z" DESCRIPTION "Change addresses to use format from INET-ADDRESS-MIB. Add explicit trap objects. Other minor changes." REVISION "0102071200Z" DESCRIPTION "Change MAX-ACCESS clause of index objects to not-accessible. This lead to other changes due to restrictions on the use of objects with MAX-ACCESS clause values of not-accessible." REVISION "0110031200Z" DESCRIPTION "A number of typo errors corrected. Also: - isakmpInvalidCookieCount changed to isakmpInvalidCookies - add (SIZE(4|16|20)) to localIpAddress - explain why first six members of isakmpSaGroup are commented out - allow localIpAddressType and remoteIpAddressType to be only IPv4 and Ipv6 addresses" -- replace xxx in next line before release, uncomment before release -- ::= { mib-2 xxx } -- delete this and next line before release ::= { experimental 99 } isakmpDoiIndMIBObjects OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all ISAKMP branches." ::= { isakmpDoiIndMonModule 1 } -- -- significant branches -- isakmpSaTable OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for the security associations table." ::= { isakmpDoiIndMIBObjects 1 } isakmpGlobals OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global values for ISAKMP." ::= { isakmpDoiIndMIBObjects 2 } isakmpNegStats OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global counters for ISAKMP negotiation statistics." ::= { isakmpDoiIndMIBObjects 3 } isakmpTrafStats OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global counters for ISAKMP security association traffic statistics." ::= { isakmpDoiIndMIBObjects 4 } isakmpErrors OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global error counters for ISAKMP." ::= { isakmpDoiIndMIBObjects 5 } isakmpGroups OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which describe the groups in this MIB." ::= { isakmpDoiIndMIBObjects 6 } isakmpConformance OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which describe the conformance for this MIB." ::= { isakmpDoiIndMIBObjects 7 } isakmpTrapControl OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all trap controls for this MIB." ::= { isakmpDoiIndMIBObjects 8 } isakmpTraps OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all traps for this MIB." ::= { isakmpDoiIndMIBObjects 9 } isakmpTrapObjects OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects used by traps for this MIB." ::= { isakmpDoiIndMIBObjects 10 } -- -- textual conventions -- IsakmpCookie ::= TEXTUAL-CONVENTION DISPLAY-HINT "x" STATUS current DESCRIPTION "This data type is used to model ISAKMP cookies. This is a binary string of 8 octets in network byte-order." SYNTAX OCTET STRING (SIZE (8)) -- the ISAKMP DOI-independent SA MIB-Group -- -- a collection of objects providing information about the -- DOI-independent portion of SAs generated using ISAKMP -- saTable OBJECT-TYPE SYNTAX SEQUENCE OF SaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table containing the DOI-independent portion of ISAKMP SAs. There should be one row for every phase 1 security association that exists in the entity that uses ISAKMP. The maximum number of rows is implementation dependent." ::= { isakmpSaTable 1 } saEntry OBJECT-TYPE SYNTAX SaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) containing the DOI-independent information on a particular ISAKMP SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table." INDEX { saLocalIpAddressType, saLocalIpAddress, saRemoteIpAddressType, saRemoteIpAddress, saInitiatorCookie, saResponderCookie } ::= { saTable 1 } SaEntry::= SEQUENCE { -- identification saLocalIpAddressType InetAddressType, saLocalIpAddress InetAddress, saRemoteIpAddressType InetAddressType, saRemoteIpAddress InetAddress, saInitiatorCookie IsakmpCookie, saResponderCookie IsakmpCookie, -- communication information saLocalUdpPort Integer32, saRemoteUdpPort Integer32, -- peer version information saPeerMajorVersion Integer32, saPeerMinorVersion Integer32, -- creation/status/type saDoi IsakmpDOI, saLocallyInitiated TruthValue, saStatus INTEGER, saExchangeType IsakmpExchangeType, -- statistics saTimeSeconds Counter32, saInPackets Counter32, saOutPackets Counter32, saInOctets Counter32, saOutOctets Counter32 } saLocalIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of the local address used to negotiate the ISAKMP phase 1 SA." ::= { saEntry 1 } saLocalIpAddress OBJECT-TYPE SYNTAX InetAddress (SIZE(4|16|20)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local address used to negotiate the ISAKMP phase 1 SA." ::= { saEntry 2 } saRemoteIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of the remote address used to negotiate the ISAKMP phase 1 SA." ::= { saEntry 3 } saRemoteIpAddress OBJECT-TYPE SYNTAX InetAddress (SIZE(4|16|20)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The remote address used to negotiate the ISAKMP phase 1 SA." ::= { saEntry 4 } saInitiatorCookie OBJECT-TYPE SYNTAX IsakmpCookie MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the cookie used by the initiator for the ISAKMP phase 1 SA." ::= { saEntry 5 } saResponderCookie OBJECT-TYPE SYNTAX IsakmpCookie MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the cookie used by the responder for the ISAKMP phase 1 SA. Note that this value may be 0 if the ISAKMP phase 1 SA has been initiated but not responded to by the peer entity. It must never be 0 if this entry represents an ISAKMP phase 1 SA establishment attempt that has been initiated by the peer. This rule prevents index collisions in the (unlikely) event that two peers simultaneously initiate with the same cookie at the same time." ::= { saEntry 6 } saLocalUdpPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The local UDP port number that this ISAKMP phase 1 SA was negotiated with." ::= { saEntry 7 } saRemoteUdpPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The remote UDP port number that this ISAKMP phase 1 SA was negotiated with." ::= { saEntry 8 } saPeerMajorVersion OBJECT-TYPE SYNTAX Integer32 (0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "The major version number from the ISAKMP packet header used by the peer." REFERENCE "Section 3.1 of RFC 2408" ::= { saEntry 9 } saPeerMinorVersion OBJECT-TYPE SYNTAX Integer32 (0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "The minor version number from the ISAKMP packet header used by the peer." REFERENCE "Section 3.1 of RFC 2408" ::= { saEntry 10 } saDoi OBJECT-TYPE SYNTAX IsakmpDOI MAX-ACCESS read-only STATUS current DESCRIPTION "The specific DOI value that this ISAKMP SA is using. Note that this value MAY be 0, as allowed by Section 3.4 of RFC 2408" REFERENCE "Section 3.3 of RFC 2408" ::= { saEntry 11 } saLocallyInitiated OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This value is 'true' if the ISAKMP phase 1 SA was initiated by the local entity, and 'false' if initiated by the remote entity." ::= { saEntry 12 } saStatus OBJECT-TYPE SYNTAX INTEGER { negotiating(1), established(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the ISAKMP phase 1 SA. If the state is 'negotiating', it means that processing of the final packet of the phase 1 exchange is not yet complete. If the state is 'established', it means that processing of all packets associated with ISAKMP phase 1 SA negotation is complete, and the entities involved in the ISAKMP phase 1 SA are authenticated." ::= { saEntry 13 } saExchangeType OBJECT-TYPE SYNTAX IsakmpExchangeType MAX-ACCESS read-only STATUS current DESCRIPTION "The exchange type used to negotiate the ISAKMP phase 1 SA." REFERENCE "Section 3.1 of RFC 2408" ::= { saEntry 14 } saTimeSeconds OBJECT-TYPE SYNTAX Counter32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of seconds the SA has existed. In other words, how old the SA is." ::= { saEntry 15 } saInPackets OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the ISAKMP phase 1 SA, including un-encrypted packets used to negotiate the ISAKMP phase 1 SA, and any re-transmissions." ::= { saEntry 16 } saOutPackets OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by the ISAKMP phase 1 SA, including un-encrypted packets used to negotiate the ISAKMP phase 1 SA, and any re-transmissions sent." ::= { saEntry 17 } saInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of traffic measured in bytes received by the ISAKMP phase 1 SA. This includes encrypted and un-encrypted traffic used to negotiate the ISAKMP phase 1 SA, and any re- transmissions received." ::= { saEntry 18 } saOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of traffic measured in bytes sent by the ISAKMP phase 1 SA. This includes encrypted and un-encrypted traffic used to negotiate the ISAKMP phase 1 SA, and any re- transmissions." ::= { saEntry 19 } -- -- the ISAKMP Entity MIB-Group -- isakmpMajorVersion OBJECT-TYPE SYNTAX Integer32 ( 0..15 ) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum major version number value capable of being supported by the entity." ::= { isakmpGlobals 1 } isakmpMinorVersion OBJECT-TYPE SYNTAX Integer32 ( 0..15 ) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum minor version number value capable of being supported by the entity." ::= { isakmpGlobals 2 } -- -- ISAKMP phase 1 SA statistics -- isakmpCurrentSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of ISAKMP SAs in the entity." ::= { isakmpNegStats 1 } isakmpCurrentInitiatedSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of ISAKMP SAs successfully negotiated in the entity that were initiated by the entity." ::= { isakmpNegStats 2 } isakmpCurrentRespondedSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of ISAKMP SAs successfully negotiated in the entity that were initiated by the peer entity." ::= { isakmpNegStats 3 } isakmpTotalSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs successfully negotiated in the entity since boot time." ::= { isakmpNegStats 4 } isakmpTotalInitiatedSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs successfully negotiated in the entity since boot time that were initiated by the entity." ::= { isakmpNegStats 5 } isakmpTotalRespondedSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs successfully negotiated in the entity since boot time that were initiated by the peer entity." ::= { isakmpNegStats 6 } isakmpTotalAttempts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs negotiation attempts made since boot time. This includes successful negotiations." ::= { isakmpNegStats 7 } isakmpTotalAsInitAttempts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs negotiation attempts made where the entity was the initiator since boot time. This includes successful negotiations." ::= { isakmpNegStats 8 } isakmpTotalAsRespAttempts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs negotiation attempts made where the entity was the responder since boot time. This includes successful negotiations." ::= { isakmpNegStats 9 } -- -- traffic statistics -- isakmpTotalInPackets OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP packets received by the entity since boot time, including re-transmissions and un-encrypted packets." ::= { isakmpTrafStats 1 } isakmpTotalOutPackets OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP packets sent by the entity since boot time, including re-transmissions and un-encrypted packets." ::= { isakmpTrafStats 2 } isakmpTotalInOctets OBJECT-TYPE SYNTAX Counter64 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total amount of ISAKMP traffic received by the entity since boot time, measured in bytes, including any re- transmitted packets received, and including encrypted and un-encrypted packets." ::= { isakmpTrafStats 3 } isakmpTotalOutOctets OBJECT-TYPE SYNTAX Counter64 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total amount of ISAKMP traffic sent by the entity since boot time, measured in bytes, including any re-transmissions and including encrypted and un-encrypted packets." ::= { isakmpTrafStats 4 } -- -- global error counts -- isakmpTotalInitFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of attempts to initiate an ISAKMP phase 1 SA that failed since boot time, when there was a response from the peer entity. This value may be used to detect clogging or denial-of- service attacks." ::= { isakmpErrors 1 } isakmpTotalInitNoResponses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of attempts to initiate an ISAKMP phase 1 SA that failed since boot time, when there was no response from the peer entity. This should only be incremented if the peer does not repond to the first packet of attempted negotiations." ::= { isakmpErrors 2 } isakmpTotalRespFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of attempts to initiate an ISAKMP phase 1 SA that failed since boot time, when the initiation attempt came for the peer entity." ::= { isakmpErrors 3 } isakmpInvalidCookies OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP packets with invalid cookies received by the entity since boot time." ::= { isakmpErrors 4 } -- -- ISAKMP Traps and Control -- invalidCookieTrapEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether invalidCookieTrap traps should be generated." DEFVAL { false } ::= { isakmpTrapControl 1 } localIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The type of the local IP address used in an ISAKMP message, to be associated with a trap." ::= { isakmpTrapObjects 1 } localIpAddress OBJECT-TYPE SYNTAX InetAddress (SIZE(4|16|20)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The local IP address used in an ISAKMP message, to be associated with a trap." ::= { isakmpTrapObjects 2 } localUdpPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The local port UDP number used in an ISAKMP message, to be associated with a trap." ::= { isakmpTrapObjects 3 } remoteIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The type of the remote IP used in an ISAKMP message, to be associated with a trap." ::= { isakmpTrapObjects 4 } remoteIpAddress OBJECT-TYPE SYNTAX InetAddress (SIZE(4|16|20)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The remote IPaddress used in an ISAKMP message, to be associated with a trap." ::= { isakmpTrapObjects 5 } remoteUdpPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The remote UDP port number used in an ISAKMP message, to be associated with a trap." ::= { isakmpTrapObjects 6 } initiatorCookie OBJECT-TYPE SYNTAX IsakmpCookie MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The initiator cookie used in an ISAKMP message, to be associated with a trap." ::= { isakmpTrapObjects 7 } responderCookie OBJECT-TYPE SYNTAX IsakmpCookie MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The responder cookie used in an ISAKMP message, to be associated with a trap." ::= { isakmpTrapObjects 8 } invalidCookieTrap NOTIFICATION-TYPE OBJECTS { localIpAddressType, localIpAddress, localUdpPort, remoteIpAddressType, remoteIpAddress, remoteUdpPort, initiatorCookie, responderCookie, isakmpInvalidCookies } STATUS current DESCRIPTION "ISAKMP packets with invalid cookies were detected from the specified source, intended for the specified destination. The initiator and responder cookies are also sent with the trap. The current count is sent to allow the trap to accurately relfect dropped and throttled traps. Implementations SHOULD send one trap per peer (within a reasonable time period, rather than sending one trap per packet." ::= { isakmpTraps 0 1 } -- -- Units of Conformance (Object Groups) -- isakmpSaGroup OBJECT-GROUP OBJECTS { -- -- Authors' note: The first six objects are commented -- out, since the current SMI does not allow objects with -- a MAX-ACCESS clause of not-accessible to be put in -- groups. -- -- saLocalIpAddressType, saLocalIpAddress, -- saRemoteIpAddressType, saRemoteIpAddress, -- saInitiatorCookie, saResponderCookie, saLocalUdpPort, saRemoteUdpPort, saPeerMajorVersion, saPeerMinorVersion, saDoi, saLocallyInitiated, saStatus, saExchangeType, saTimeSeconds, saInPackets, saOutPackets, saInOctets, saOutOctets } STATUS current DESCRIPTION "A collection of objects that describe the state of the security associations of the ISAKMP protocol." ::= { isakmpGroups 1 } isakmpGlobalsGroup OBJECT-GROUP OBJECTS { isakmpMajorVersion, isakmpMinorVersion, isakmpCurrentSAs, isakmpCurrentInitiatedSAs, isakmpCurrentRespondedSAs, isakmpTotalSAs, isakmpTotalInitiatedSAs, isakmpTotalRespondedSAs, isakmpTotalAttempts, isakmpTotalAsInitAttempts, isakmpTotalAsRespAttempts, isakmpTotalInPackets, isakmpTotalOutPackets, isakmpTotalInOctets, isakmpTotalOutOctets, isakmpTotalInitFailures, isakmpTotalInitNoResponses, isakmpTotalRespFailures, isakmpInvalidCookies } STATUS current DESCRIPTION "A collections of objects that describe the global state of the ISAKMP protocol." ::= { isakmpGroups 2 } isakmpTrapControlGroup OBJECT-GROUP OBJECTS { invalidCookieTrapEnable } STATUS current DESCRIPTION "Trap control for the ISAKMP protocol." ::= { isakmpGroups 3 } isakmpTrapDataGroup OBJECT-GROUP OBJECTS { localIpAddressType, localIpAddress, localUdpPort, remoteIpAddressType, remoteIpAddress, remoteUdpPort, initiatorCookie, responderCookie } STATUS current DESCRIPTION "Trap data for the ISAKMP protocol." ::= { isakmpGroups 4 } isakmpTrapGroup NOTIFICATION-GROUP NOTIFICATIONS { invalidCookieTrap } STATUS current DESCRIPTION "The traps for the ISAKMP protocol." ::= { isakmpGroups 5 } -- -- Compliance Statements -- isakmpDoiIndependentMonitorCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the SNMPv3 entities which implement the ISAKMP DOI-Indpendent Monitoring MIB." MODULE -- this module MANDATORY-GROUPS { isakmpSaGroup, isakmpGlobalsGroup, isakmpTrapControlGroup, isakmpTrapDataGroup, isakmpTrapGroup } -- Allows the trap control to be read-only. OBJECT invalidCookieTrapEnable MIN-ACCESS read-only DESCRIPTION "If an implementation cannot properly secure this variable against unauthorized write access, it SHOULD implement it as read-only, to prevent the security risk of enabling the traps. Of course, there must be other means of controlling the generation of the associated trap." -- Don't require support for dns(16) address type OBJECT localIpAddressType SYNTAX INTEGER { ipv4(1), ipv6(2) } DESCRIPTION "An implementation is only required to support IPv4 and IPv6 addresses." OBJECT remoteIpAddressType SYNTAX INTEGER { ipv4(1), ipv6(2) } DESCRIPTION "An implementation is only required to support IPv4 and IPv6 addresses." -- Authors' note: The following statements are commented out, -- since the current SMI does not allow objects with a -- MAX-ACCESS clause of not-accessible to be put in groups, -- and objects that are not in groups cannot be in -- compliance statements. -- OBJECT saLocalIpAddressType -- SYNTAX INTEGER { ipv4(1), ipv6(2) } -- DESCRIPTION -- "An implementation is only required to support IPv4 and IPv6 -- addresses." -- OBJECT saRemoteIpAddressType -- SYNTAX INTEGER { ipv4(1), ipv6(2) } -- DESCRIPTION -- "An implementation is only required to support IPv4 and IPv6 -- addresses." ::= { isakmpConformance 1 } END