smilint output for ./ISAKMP-DOI-IND-MON-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| error | 5 |
| minor error | 6 |
| warning | 5 |
| Message Types |
|---|
| Type | Count |
|---|
| date-value (error) | 4 |
| date-year-2digits (warning) | 4 |
| invalid-format (error) | 1 |
| node-implicit (warning) | 1 |
| revision-after-update (minor error) | 2 |
| revision-missing (minor error) | 1 |
| revision-not-descending (minor error) | 3 |
Messages:
ISAKMP-DOI-IND-MON-MIB
1: -- extracted from draft-ietf-ipsec-isakmp-di-mon-mib-05.txt
2: -- at Tue Apr 22 06:12:45 2003
3:
4: ISAKMP-DOI-IND-MON-MIB DEFINITIONS ::= BEGIN
5:
6: IMPORTS
7: MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32,
8: Integer32, Counter64, NOTIFICATION-TYPE, OBJECT-IDENTITY
9: -- delete this and next line before release
10: , experimental
11: FROM SNMPv2-SMI
12: TEXTUAL-CONVENTION, TruthValue
13: FROM SNMPv2-TC
14: OBJECT-GROUP, NOTIFICATION-GROUP, MODULE-COMPLIANCE
15: FROM SNMPv2-CONF
16: InetAddressType, InetAddress
17: FROM INET-ADDRESS-MIB
18: IsakmpDOI, IsakmpExchangeType
19: FROM IPSEC-ISAKMP-IKE-DOI-TC;
20:
21: isakmpDoiIndMonModule MODULE-IDENTITY
22: LAST-UPDATED "0110031200Z"
22: warning -
warning: date specification `0110031200Z' contains a two-digit year representing `1901'
22: error -
date specification `0110031200Z' contains an illegal value
23: ORGANIZATION "IETF IPsec Working Group"
24: CONTACT-INFO
25: " Tim Jenkins
26: Catena Networks
27: 307 Legget Drive
28: Kanata, ON
29: Canada
30: K2K 3C8
31: +1 (613) 599-6430
32: tjenkins@catena.com
33:
34: John Shriver
35: Intel Corporation
36: 28 Crosby Drive Bedford, MA
37: 01730
38: +1 (781) 687-1329
39: John.Shriver@intel.com
40: "
41:
42: DESCRIPTION
43: "The MIB module to describe the DOI-independent part of
44: ISAKMP objects; to be used for monitoring purposes."
45: REVISION "9906031200Z"
45: minor error -
revision date after last update
46: DESCRIPTION
47: "Initial revision."
48: REVISION "9910211200Z"
48: minor error -
revision not in reverse chronological order
48: minor error -
revision date after last update
49: DESCRIPTION
50: "Compliances and groups added.
51: OID value under experimental tree added.
52: Removed SA expiration objects.
53: Added invalid cookie count and trap."
54: REVISION "0007101200Z"
54: warning -
warning: date specification `0007101200Z' contains a two-digit year representing `1900'
54: error -
date specification `0007101200Z' contains an illegal value
55:
56: DESCRIPTION
57: "Change addresses to use format from INET-ADDRESS-MIB.
58: Add explicit trap objects.
59: Other minor changes."
60: REVISION "0102071200Z"
60: warning -
warning: date specification `0102071200Z' contains a two-digit year representing `1901'
60: error -
date specification `0102071200Z' contains an illegal value
60: minor error -
revision not in reverse chronological order
61: DESCRIPTION
62: "Change MAX-ACCESS clause of index objects to
63: not-accessible. This lead to other changes due to
64: restrictions on the use of objects with MAX-ACCESS clause
65: values of not-accessible."
66: REVISION "0110031200Z"
66: warning -
warning: date specification `0110031200Z' contains a two-digit year representing `1901'
66: error -
date specification `0110031200Z' contains an illegal value
66: minor error -
revision not in reverse chronological order
67: DESCRIPTION
68: "A number of typo errors corrected. Also:
69: - isakmpInvalidCookieCount changed to isakmpInvalidCookies
70: - add (SIZE(4|16|20)) to localIpAddress
71: - explain why first six members of isakmpSaGroup are
72: commented out
73: - allow localIpAddressType and remoteIpAddressType to be
74: only IPv4 and Ipv6 addresses"
75:
76: -- replace xxx in next line before release, uncomment before release
77: -- ::= { mib-2 xxx }
78: -- delete this and next line before release
79: ::= { experimental 99 }
79: minor error -
revision for last update is missing
80:
81: isakmpDoiIndMIBObjects OBJECT-IDENTITY
82: STATUS current
83: DESCRIPTION
84: "This is the base object identifier for all ISAKMP
85: branches."
86: ::= { isakmpDoiIndMonModule 1 }
87:
88:
89: --
90: -- significant branches
91: --
92:
93: isakmpSaTable OBJECT-IDENTITY
94: STATUS current
95: DESCRIPTION
96: "This is the base object identifier for the security
97: associations table."
98: ::= { isakmpDoiIndMIBObjects 1 }
99:
100: isakmpGlobals OBJECT-IDENTITY
101: STATUS current
102:
103:
104: DESCRIPTION
105: "This is the base object identifier for all objects which
106: are global values for ISAKMP."
107: ::= { isakmpDoiIndMIBObjects 2 }
108:
109: isakmpNegStats OBJECT-IDENTITY
110: STATUS current
111: DESCRIPTION
112: "This is the base object identifier for all objects which
113: are global counters for ISAKMP negotiation statistics."
114: ::= { isakmpDoiIndMIBObjects 3 }
115:
116: isakmpTrafStats OBJECT-IDENTITY
117: STATUS current
118: DESCRIPTION
119: "This is the base object identifier for all objects which
120: are global counters for ISAKMP security association traffic
121: statistics."
122: ::= { isakmpDoiIndMIBObjects 4 }
123:
124: isakmpErrors OBJECT-IDENTITY
125: STATUS current
126: DESCRIPTION
127: "This is the base object identifier for all objects which
128: are global error counters for ISAKMP."
129: ::= { isakmpDoiIndMIBObjects 5 }
130:
131: isakmpGroups OBJECT-IDENTITY
132: STATUS current
133: DESCRIPTION
134: "This is the base object identifier for all objects which
135: describe the groups in this MIB."
136: ::= { isakmpDoiIndMIBObjects 6 }
137:
138: isakmpConformance OBJECT-IDENTITY
139: STATUS current
140: DESCRIPTION
141: "This is the base object identifier for all objects which
142: describe the conformance for this MIB."
143: ::= { isakmpDoiIndMIBObjects 7 }
144:
145: isakmpTrapControl OBJECT-IDENTITY
146: STATUS current
147: DESCRIPTION
148: "This is the base object identifier for all trap controls
149: for this MIB."
150: ::= { isakmpDoiIndMIBObjects 8 }
151:
152: isakmpTraps OBJECT-IDENTITY
153: STATUS current
154: DESCRIPTION
155: "This is the base object identifier for all traps for this
156: MIB."
157: ::= { isakmpDoiIndMIBObjects 9 }
158:
159: isakmpTrapObjects OBJECT-IDENTITY
160: STATUS current
161: DESCRIPTION
162: "This is the base object identifier for all objects used by
163: traps for this MIB."
164: ::= { isakmpDoiIndMIBObjects 10 }
165:
166: --
167: -- textual conventions
168: --
169:
170: IsakmpCookie ::= TEXTUAL-CONVENTION
170: error -
invalid format specification `x'
171: DISPLAY-HINT "x"
172: STATUS current
173: DESCRIPTION
174: "This data type is used to model ISAKMP cookies. This is a
175: binary string of 8 octets in network byte-order."
176: SYNTAX OCTET STRING (SIZE (8))
177:
178: -- the ISAKMP DOI-independent SA MIB-Group
179: --
180: -- a collection of objects providing information about the
181: -- DOI-independent portion of SAs generated using ISAKMP
182: --
183:
184: saTable OBJECT-TYPE
185: SYNTAX SEQUENCE OF SaEntry
186: MAX-ACCESS not-accessible
187: STATUS current
188: DESCRIPTION
189: "The (conceptual) table containing the DOI-independent
190: portion of ISAKMP SAs.
191:
192: There should be one row for every phase 1 security
193: association that exists in the entity that uses ISAKMP. The
194: maximum number of rows is implementation dependent."
195: ::= { isakmpSaTable 1 }
196:
197: saEntry OBJECT-TYPE
198: SYNTAX SaEntry
199: MAX-ACCESS not-accessible
200: STATUS current
201: DESCRIPTION
202: "An entry (conceptual row) containing the DOI-independent
203: information on a particular ISAKMP SA.
204:
205: A row in this table cannot be created or deleted by SNMP
206: operations on columns of the table."
207: INDEX {
208: saLocalIpAddressType,
209: saLocalIpAddress,
210: saRemoteIpAddressType,
211: saRemoteIpAddress,
212: saInitiatorCookie,
213: saResponderCookie }
214: ::= { saTable 1 }
215:
216: SaEntry::= SEQUENCE {
217:
218: -- identification
219: saLocalIpAddressType InetAddressType,
220: saLocalIpAddress InetAddress,
221: saRemoteIpAddressType InetAddressType,
222: saRemoteIpAddress InetAddress,
223: saInitiatorCookie IsakmpCookie,
224: saResponderCookie IsakmpCookie,
225:
226: -- communication information
227: saLocalUdpPort Integer32,
228: saRemoteUdpPort Integer32,
229:
230: -- peer version information
231: saPeerMajorVersion Integer32,
232: saPeerMinorVersion Integer32,
233:
234: -- creation/status/type
235: saDoi IsakmpDOI,
236: saLocallyInitiated TruthValue,
237: saStatus INTEGER,
238: saExchangeType IsakmpExchangeType,
239:
240: -- statistics
241: saTimeSeconds Counter32,
242: saInPackets Counter32,
243: saOutPackets Counter32,
244: saInOctets Counter32,
245: saOutOctets Counter32
246: }
247:
248:
249: saLocalIpAddressType OBJECT-TYPE
250: SYNTAX InetAddressType
251: MAX-ACCESS not-accessible
252: STATUS current
253: DESCRIPTION
254: "The type of the local address used to negotiate the ISAKMP
255: phase 1 SA."
256: ::= { saEntry 1 }
257:
258: saLocalIpAddress OBJECT-TYPE
259: SYNTAX InetAddress (SIZE(4|16|20))
260: MAX-ACCESS not-accessible
261: STATUS current
262: DESCRIPTION
263: "The local address used to negotiate the ISAKMP phase 1 SA."
264: ::= { saEntry 2 }
265:
266: saRemoteIpAddressType OBJECT-TYPE
267: SYNTAX InetAddressType
268: MAX-ACCESS not-accessible
269: STATUS current
270: DESCRIPTION
271: "The type of the remote address used to negotiate the ISAKMP
272: phase 1 SA."
273: ::= { saEntry 3 }
274:
275: saRemoteIpAddress OBJECT-TYPE
276: SYNTAX InetAddress (SIZE(4|16|20))
277: MAX-ACCESS not-accessible
278: STATUS current
279: DESCRIPTION
280: "The remote address used to negotiate the ISAKMP phase 1
281: SA."
282: ::= { saEntry 4 }
283:
284: saInitiatorCookie OBJECT-TYPE
285: SYNTAX IsakmpCookie
286: MAX-ACCESS not-accessible
287: STATUS current
288: DESCRIPTION
289: "The value of the cookie used by the initiator for the
290: ISAKMP phase 1 SA."
291: ::= { saEntry 5 }
292:
293: saResponderCookie OBJECT-TYPE
294: SYNTAX IsakmpCookie
295: MAX-ACCESS not-accessible
296: STATUS current
297: DESCRIPTION
298: "The value of the cookie used by the responder for the
299: ISAKMP phase 1 SA.
300:
301: Note that this value may be 0 if the ISAKMP phase 1 SA has
302: been initiated but not responded to by the peer entity.
303:
304: It must never be 0 if this entry represents an ISAKMP phase
305: 1 SA establishment attempt that has been initiated by the
306: peer. This rule prevents index collisions in the (unlikely)
307: event that two peers simultaneously initiate with the same
308: cookie at the same time."
309: ::= { saEntry 6 }
310:
311: saLocalUdpPort OBJECT-TYPE
312: SYNTAX Integer32 (0..65535)
313: MAX-ACCESS read-only
314: STATUS current
315: DESCRIPTION
316: "The local UDP port number that this ISAKMP phase 1 SA was
317: negotiated with."
318: ::= { saEntry 7 }
319:
320: saRemoteUdpPort OBJECT-TYPE
321: SYNTAX Integer32 (0..65535)
322: MAX-ACCESS read-only
323: STATUS current
324: DESCRIPTION
325: "The remote UDP port number that this ISAKMP phase 1 SA was
326: negotiated with."
327: ::= { saEntry 8 }
328:
329: saPeerMajorVersion OBJECT-TYPE
330: SYNTAX Integer32 (0..15)
331: MAX-ACCESS read-only
332: STATUS current
333: DESCRIPTION
334: "The major version number from the ISAKMP packet header used
335: by the peer."
336: REFERENCE "Section 3.1 of RFC 2408"
337: ::= { saEntry 9 }
338:
339: saPeerMinorVersion OBJECT-TYPE
340: SYNTAX Integer32 (0..15)
341: MAX-ACCESS read-only
342: STATUS current
343:
344: DESCRIPTION
345: "The minor version number from the ISAKMP packet header used
346: by the peer."
347: REFERENCE "Section 3.1 of RFC 2408"
348: ::= { saEntry 10 }
349:
350: saDoi OBJECT-TYPE
351: SYNTAX IsakmpDOI
352: MAX-ACCESS read-only
353: STATUS current
354: DESCRIPTION
355: "The specific DOI value that this ISAKMP SA is using.
356:
357: Note that this value MAY be 0, as allowed by Section 3.4 of
358: RFC 2408"
359: REFERENCE "Section 3.3 of RFC 2408"
360: ::= { saEntry 11 }
361:
362: saLocallyInitiated OBJECT-TYPE
363: SYNTAX TruthValue
364: MAX-ACCESS read-only
365: STATUS current
366: DESCRIPTION
367: "This value is 'true' if the ISAKMP phase 1 SA was initiated
368: by the local entity, and 'false' if initiated by the remote
369: entity."
370: ::= { saEntry 12 }
371:
372: saStatus OBJECT-TYPE
373: SYNTAX INTEGER { negotiating(1), established(2) }
374: MAX-ACCESS read-only
375: STATUS current
376: DESCRIPTION
377: "The status of the ISAKMP phase 1 SA.
378:
379: If the state is 'negotiating', it means that processing of
380: the final packet of the phase 1 exchange is not yet
381: complete.
382:
383: If the state is 'established', it means that processing of
384: all packets associated with ISAKMP phase 1 SA negotation is
385: complete, and the entities involved in the ISAKMP phase 1 SA
386: are authenticated."
387: ::= { saEntry 13 }
388:
389: saExchangeType OBJECT-TYPE
390: SYNTAX IsakmpExchangeType
391: MAX-ACCESS read-only
392: STATUS current
393: DESCRIPTION
394: "The exchange type used to negotiate the ISAKMP phase 1 SA."
395: REFERENCE "Section 3.1 of RFC 2408"
396: ::= { saEntry 14 }
397:
398: saTimeSeconds OBJECT-TYPE
399: SYNTAX Counter32
400: UNITS "seconds"
401: MAX-ACCESS read-only
402: STATUS current
403: DESCRIPTION
404: "The number of seconds the SA has existed. In other words,
405: how old the SA is."
406: ::= { saEntry 15 }
407:
408: saInPackets OBJECT-TYPE
409: SYNTAX Counter32
410: UNITS "packets"
411: MAX-ACCESS read-only
412: STATUS current
413: DESCRIPTION
414: "The total number of packets received by the ISAKMP phase 1
415: SA, including un-encrypted packets used to negotiate the
416: ISAKMP phase 1 SA, and any re-transmissions."
417: ::= { saEntry 16 }
418:
419: saOutPackets OBJECT-TYPE
420: SYNTAX Counter32
421: UNITS "packets"
422: MAX-ACCESS read-only
423: STATUS current
424: DESCRIPTION
425: "The total number of packets sent by the ISAKMP phase 1 SA,
426: including un-encrypted packets used to negotiate the ISAKMP
427: phase 1 SA, and any re-transmissions sent."
428: ::= { saEntry 17 }
429:
430: saInOctets OBJECT-TYPE
431: SYNTAX Counter32
432: UNITS "bytes"
433: MAX-ACCESS read-only
434: STATUS current
435:
436:
437:
438:
439:
440: DESCRIPTION
441: "The amount of traffic measured in bytes received by the
442: ISAKMP phase 1 SA. This includes encrypted and un-encrypted
443: traffic used to negotiate the ISAKMP phase 1 SA, and any re-
444: transmissions received."
445: ::= { saEntry 18 }
446:
447: saOutOctets OBJECT-TYPE
448: SYNTAX Counter32
449: UNITS "bytes"
450: MAX-ACCESS read-only
451: STATUS current
452: DESCRIPTION
453: "The amount of traffic measured in bytes sent by the ISAKMP
454: phase 1 SA. This includes encrypted and un-encrypted traffic
455: used to negotiate the ISAKMP phase 1 SA, and any re-
456: transmissions."
457: ::= { saEntry 19 }
458:
459:
460: --
461: -- the ISAKMP Entity MIB-Group
462: --
463:
464: isakmpMajorVersion OBJECT-TYPE
465: SYNTAX Integer32 ( 0..15 )
466: MAX-ACCESS read-only
467: STATUS current
468: DESCRIPTION
469: "The maximum major version number value capable of being
470: supported by the entity."
471: ::= { isakmpGlobals 1 }
472:
473: isakmpMinorVersion OBJECT-TYPE
474: SYNTAX Integer32 ( 0..15 )
475: MAX-ACCESS read-only
476: STATUS current
477: DESCRIPTION
478: "The maximum minor version number value capable of being
479: supported by the entity."
480: ::= { isakmpGlobals 2 }
481:
482:
483: --
484: -- ISAKMP phase 1 SA statistics
485: --
486:
487:
488: isakmpCurrentSAs OBJECT-TYPE
489: SYNTAX Gauge32
490: MAX-ACCESS read-only
491: STATUS current
492: DESCRIPTION
493: "The current number of ISAKMP SAs in the entity."
494: ::= { isakmpNegStats 1 }
495:
496: isakmpCurrentInitiatedSAs OBJECT-TYPE
497: SYNTAX Gauge32
498: MAX-ACCESS read-only
499: STATUS current
500: DESCRIPTION
501: "The current number of ISAKMP SAs successfully negotiated in
502: the entity that were initiated by the entity."
503: ::= { isakmpNegStats 2 }
504:
505: isakmpCurrentRespondedSAs OBJECT-TYPE
506: SYNTAX Gauge32
507: MAX-ACCESS read-only
508: STATUS current
509: DESCRIPTION
510: "The current number of ISAKMP SAs successfully negotiated in
511: the entity that were initiated by the peer entity."
512: ::= { isakmpNegStats 3 }
513:
514: isakmpTotalSAs OBJECT-TYPE
515: SYNTAX Counter32
516: MAX-ACCESS read-only
517: STATUS current
518: DESCRIPTION
519: "The total number of ISAKMP SAs successfully negotiated in
520: the entity since boot time."
521: ::= { isakmpNegStats 4 }
522:
523: isakmpTotalInitiatedSAs OBJECT-TYPE
524: SYNTAX Counter32
525: MAX-ACCESS read-only
526: STATUS current
527: DESCRIPTION
528: "The total number of ISAKMP SAs successfully negotiated in
529: the entity since boot time that were initiated by the
530: entity."
531: ::= { isakmpNegStats 5 }
532:
533: isakmpTotalRespondedSAs OBJECT-TYPE
534: SYNTAX Counter32
535: MAX-ACCESS read-only
536: STATUS current
537: DESCRIPTION
538: "The total number of ISAKMP SAs successfully negotiated in
539: the entity since boot time that were initiated by the peer
540: entity."
541: ::= { isakmpNegStats 6 }
542:
543: isakmpTotalAttempts OBJECT-TYPE
544: SYNTAX Counter32
545: MAX-ACCESS read-only
546: STATUS current
547: DESCRIPTION
548: "The total number of ISAKMP SAs negotiation attempts made
549: since boot time. This includes successful negotiations."
550: ::= { isakmpNegStats 7 }
551:
552: isakmpTotalAsInitAttempts OBJECT-TYPE
553: SYNTAX Counter32
554: MAX-ACCESS read-only
555: STATUS current
556: DESCRIPTION
557: "The total number of ISAKMP SAs negotiation attempts made
558: where the entity was the initiator since boot time. This
559: includes successful negotiations."
560: ::= { isakmpNegStats 8 }
561:
562: isakmpTotalAsRespAttempts OBJECT-TYPE
563: SYNTAX Counter32
564: MAX-ACCESS read-only
565: STATUS current
566: DESCRIPTION
567: "The total number of ISAKMP SAs negotiation attempts made
568: where the entity was the responder since boot time. This
569: includes successful negotiations."
570: ::= { isakmpNegStats 9 }
571:
572:
573: --
574: -- traffic statistics
575: --
576:
577: isakmpTotalInPackets OBJECT-TYPE
578: SYNTAX Counter32
579: UNITS "packets"
580: MAX-ACCESS read-only
581: STATUS current
582:
583:
584: DESCRIPTION
585: "The total number of ISAKMP packets received by the entity
586: since boot time, including re-transmissions and un-encrypted
587: packets."
588: ::= { isakmpTrafStats 1 }
589:
590: isakmpTotalOutPackets OBJECT-TYPE
591: SYNTAX Counter32
592: UNITS "packets"
593: MAX-ACCESS read-only
594: STATUS current
595: DESCRIPTION
596: "The total number of ISAKMP packets sent by the entity since
597: boot time, including re-transmissions and un-encrypted
598: packets."
599: ::= { isakmpTrafStats 2 }
600:
601: isakmpTotalInOctets OBJECT-TYPE
602: SYNTAX Counter64
603: UNITS "bytes"
604: MAX-ACCESS read-only
605: STATUS current
606: DESCRIPTION
607: "The total amount of ISAKMP traffic received by the entity
608: since boot time, measured in bytes, including any re-
609: transmitted packets received, and including encrypted and
610: un-encrypted packets."
611: ::= { isakmpTrafStats 3 }
612:
613: isakmpTotalOutOctets OBJECT-TYPE
614: SYNTAX Counter64
615: UNITS "bytes"
616: MAX-ACCESS read-only
617: STATUS current
618: DESCRIPTION
619: "The total amount of ISAKMP traffic sent by the entity since
620: boot time, measured in bytes, including any re-transmissions
621: and including encrypted and un-encrypted packets."
622: ::= { isakmpTrafStats 4 }
623:
624:
625: --
626: -- global error counts
627: --
628:
629: isakmpTotalInitFailures OBJECT-TYPE
630: SYNTAX Counter32
631: MAX-ACCESS read-only
632: STATUS current
633: DESCRIPTION
634: "The total number of attempts to initiate an ISAKMP phase 1
635: SA that failed since boot time, when there was a response
636: from the peer entity.
637:
638: This value may be used to detect clogging or denial-of-
639: service attacks."
640: ::= { isakmpErrors 1 }
641:
642: isakmpTotalInitNoResponses OBJECT-TYPE
643: SYNTAX Counter32
644: MAX-ACCESS read-only
645: STATUS current
646: DESCRIPTION
647: "The total number of attempts to initiate an ISAKMP phase 1
648: SA that failed since boot time, when there was no response
649: from the peer entity.
650: This should only be incremented if the peer does not repond
651: to the first packet of attempted negotiations."
652: ::= { isakmpErrors 2 }
653:
654: isakmpTotalRespFailures OBJECT-TYPE
655: SYNTAX Counter32
656: MAX-ACCESS read-only
657: STATUS current
658: DESCRIPTION
659: "The total number of attempts to initiate an ISAKMP phase 1
660: SA that failed since boot time, when the initiation attempt
661: came for the peer entity."
662: ::= { isakmpErrors 3 }
663:
664: isakmpInvalidCookies OBJECT-TYPE
665: SYNTAX Counter32
666: UNITS "packets"
667: MAX-ACCESS read-only
668: STATUS current
669: DESCRIPTION
670: "The total number of ISAKMP packets with invalid cookies
671: received by the entity since boot time."
672: ::= { isakmpErrors 4 }
673:
674:
675: --
676: -- ISAKMP Traps and Control
677: --
678:
679:
680: invalidCookieTrapEnable OBJECT-TYPE
681: SYNTAX TruthValue
682: MAX-ACCESS read-write
683: STATUS current
684: DESCRIPTION
685: "Indicates whether invalidCookieTrap traps should be
686: generated."
687: DEFVAL { false }
688: ::= { isakmpTrapControl 1 }
689:
690: localIpAddressType OBJECT-TYPE
691: SYNTAX InetAddressType
692: MAX-ACCESS accessible-for-notify
693: STATUS current
694: DESCRIPTION
695: "The type of the local IP address used in an ISAKMP message,
696: to be associated with a trap."
697: ::= { isakmpTrapObjects 1 }
698:
699: localIpAddress OBJECT-TYPE
700: SYNTAX InetAddress (SIZE(4|16|20))
701: MAX-ACCESS accessible-for-notify
702: STATUS current
703: DESCRIPTION
704: "The local IP address used in an ISAKMP message, to be
705: associated with a trap."
706: ::= { isakmpTrapObjects 2 }
707:
708: localUdpPort OBJECT-TYPE
709: SYNTAX Integer32 (0..65535)
710: MAX-ACCESS accessible-for-notify
711: STATUS current
712: DESCRIPTION
713: "The local port UDP number used in an ISAKMP message, to be
714: associated with a trap."
715: ::= { isakmpTrapObjects 3 }
716:
717: remoteIpAddressType OBJECT-TYPE
718: SYNTAX InetAddressType
719: MAX-ACCESS accessible-for-notify
720: STATUS current
721: DESCRIPTION
722: "The type of the remote IP used in an ISAKMP message, to be
723: associated with a trap."
724: ::= { isakmpTrapObjects 4 }
725:
726: remoteIpAddress OBJECT-TYPE
727: SYNTAX InetAddress (SIZE(4|16|20))
728: MAX-ACCESS accessible-for-notify
729: STATUS current
730: DESCRIPTION
731: "The remote IPaddress used in an ISAKMP message, to be
732: associated with a trap."
733: ::= { isakmpTrapObjects 5 }
734:
735: remoteUdpPort OBJECT-TYPE
736: SYNTAX Integer32 (0..65535)
737: MAX-ACCESS accessible-for-notify
738: STATUS current
739: DESCRIPTION
740: "The remote UDP port number used in an ISAKMP message, to be
741: associated with a trap."
742: ::= { isakmpTrapObjects 6 }
743:
744: initiatorCookie OBJECT-TYPE
745: SYNTAX IsakmpCookie
746: MAX-ACCESS accessible-for-notify
747: STATUS current
748: DESCRIPTION
749: "The initiator cookie used in an ISAKMP message, to be
750: associated with a trap."
751: ::= { isakmpTrapObjects 7 }
752:
753: responderCookie OBJECT-TYPE
754: SYNTAX IsakmpCookie
755: MAX-ACCESS accessible-for-notify
756: STATUS current
757: DESCRIPTION
758: "The responder cookie used in an ISAKMP message, to be
759: associated with a trap."
760: ::= { isakmpTrapObjects 8 }
761:
762: invalidCookieTrap NOTIFICATION-TYPE
763: OBJECTS {
764: localIpAddressType,
765: localIpAddress,
766: localUdpPort,
767: remoteIpAddressType,
768: remoteIpAddress,
769: remoteUdpPort,
770: initiatorCookie,
771: responderCookie,
772: isakmpInvalidCookies
773: }
774: STATUS current
775:
776: DESCRIPTION
777: "ISAKMP packets with invalid cookies were detected from the
778: specified source, intended for the specified destination.
779:
780: The initiator and responder cookies are also sent with the
781: trap.
782:
783: The current count is sent to allow the trap to accurately
784: relfect dropped and throttled traps.
785:
786: Implementations SHOULD send one trap per peer (within a
787: reasonable time period, rather than sending one trap per
788: packet."
789: ::= { isakmpTraps 0 1 }
789: warning -
warning: implicit node definition
790:
791:
792: --
793: -- Units of Conformance (Object Groups)
794: --
795:
796: isakmpSaGroup OBJECT-GROUP
797: OBJECTS {
798: --
799: -- Authors' note: The first six objects are commented
800: -- out, since the current SMI does not allow objects with
801: -- a MAX-ACCESS clause of not-accessible to be put in
802: -- groups.
803: --
804: -- saLocalIpAddressType, saLocalIpAddress,
805: -- saRemoteIpAddressType, saRemoteIpAddress,
806: -- saInitiatorCookie, saResponderCookie,
807: saLocalUdpPort, saRemoteUdpPort, saPeerMajorVersion,
808: saPeerMinorVersion, saDoi, saLocallyInitiated, saStatus,
809: saExchangeType, saTimeSeconds, saInPackets, saOutPackets,
810: saInOctets, saOutOctets
811: }
812: STATUS current
813: DESCRIPTION
814: "A collection of objects that describe the state of the
815: security associations of the ISAKMP protocol."
816: ::= { isakmpGroups 1 }
817:
818: isakmpGlobalsGroup OBJECT-GROUP
819: OBJECTS {
820: isakmpMajorVersion, isakmpMinorVersion, isakmpCurrentSAs,
821: isakmpCurrentInitiatedSAs, isakmpCurrentRespondedSAs,
822: isakmpTotalSAs, isakmpTotalInitiatedSAs,
823: isakmpTotalRespondedSAs, isakmpTotalAttempts,
824: isakmpTotalAsInitAttempts, isakmpTotalAsRespAttempts,
825: isakmpTotalInPackets, isakmpTotalOutPackets,
826: isakmpTotalInOctets, isakmpTotalOutOctets,
827: isakmpTotalInitFailures, isakmpTotalInitNoResponses,
828: isakmpTotalRespFailures, isakmpInvalidCookies
829: }
830: STATUS current
831: DESCRIPTION
832: "A collections of objects that describe the global state of
833: the ISAKMP protocol."
834: ::= { isakmpGroups 2 }
835:
836: isakmpTrapControlGroup OBJECT-GROUP
837: OBJECTS {
838: invalidCookieTrapEnable
839: }
840: STATUS current
841: DESCRIPTION
842: "Trap control for the ISAKMP protocol."
843: ::= { isakmpGroups 3 }
844:
845: isakmpTrapDataGroup OBJECT-GROUP
846: OBJECTS {
847: localIpAddressType, localIpAddress, localUdpPort,
848: remoteIpAddressType, remoteIpAddress, remoteUdpPort,
849: initiatorCookie, responderCookie
850: }
851: STATUS current
852: DESCRIPTION
853: "Trap data for the ISAKMP protocol."
854: ::= { isakmpGroups 4 }
855:
856: isakmpTrapGroup NOTIFICATION-GROUP
857: NOTIFICATIONS {
858: invalidCookieTrap
859: }
860: STATUS current
861: DESCRIPTION
862: "The traps for the ISAKMP protocol."
863: ::= { isakmpGroups 5 }
864:
865: --
866: -- Compliance Statements
867: --
868:
869: isakmpDoiIndependentMonitorCompliance MODULE-COMPLIANCE
870: STATUS current
871:
872: DESCRIPTION
873: "The compliance statement for the SNMPv3 entities which
874: implement the ISAKMP DOI-Indpendent Monitoring MIB."
875: MODULE -- this module
876: MANDATORY-GROUPS {
877: isakmpSaGroup, isakmpGlobalsGroup, isakmpTrapControlGroup,
878: isakmpTrapDataGroup, isakmpTrapGroup
879: }
880:
881: -- Allows the trap control to be read-only.
882:
883: OBJECT invalidCookieTrapEnable
884: MIN-ACCESS read-only
885: DESCRIPTION
886: "If an implementation cannot properly secure this variable
887: against unauthorized write access, it SHOULD implement it as
888: read-only, to prevent the security risk of enabling the
889: traps. Of course, there must be other means of controlling
890: the generation of the associated trap."
891:
892: -- Don't require support for dns(16) address type
893:
894: OBJECT localIpAddressType
895: SYNTAX INTEGER { ipv4(1), ipv6(2) }
896: DESCRIPTION
897: "An implementation is only required to support IPv4 and IPv6
898: addresses."
899:
900: OBJECT remoteIpAddressType
901: SYNTAX INTEGER { ipv4(1), ipv6(2) }
902: DESCRIPTION
903: "An implementation is only required to support IPv4 and IPv6
904: addresses."
905:
906: -- Authors' note: The following statements are commented out,
907: -- since the current SMI does not allow objects with a
908: -- MAX-ACCESS clause of not-accessible to be put in groups,
909: -- and objects that are not in groups cannot be in
910: -- compliance statements.
911:
912: -- OBJECT saLocalIpAddressType
913: -- SYNTAX INTEGER { ipv4(1), ipv6(2) }
914: -- DESCRIPTION
915: -- "An implementation is only required to support IPv4 and IPv6
916: -- addresses."
917:
918: -- OBJECT saRemoteIpAddressType
919: -- SYNTAX INTEGER { ipv4(1), ipv6(2) }
920: -- DESCRIPTION
921: -- "An implementation is only required to support IPv4 and IPv6
922: -- addresses."
923:
924: ::= { isakmpConformance 1 }
925:
926:
927: END