-- MIB created 6/25/99 12:57:19, by -- SMIC (the next generation) version 1.6.29, November 22, 1994. CISCO-IP-ENCRYPTION-MIB DEFINITIONS ::= BEGIN -- From file: "CISCO-IP-ENCRYPTION-MIB.my" IMPORTS Counter32, Integer32, IpAddress, Gauge32 FROM SNMPv2-SMI-v1 OBJECT-TYPE FROM RFC-1212 TRAP-TYPE FROM RFC-1215 DisplayString, TruthValue, TimeStamp, RowStatus FROM SNMPv2-TC-v1 OwnerString FROM IF-MIB ciscoMgmt FROM CISCO-SMI; ciscoIpEncryptionMIB OBJECT IDENTIFIER ::= { ciscoMgmt 52 } -- MODULE-IDENTITY -- LastUpdated -- 9508150000Z -- OrgName -- Cisco Systems, Inc. -- ContactInfo -- Cisco Systems -- Customer Service -- -- Postal: 170 West Tasman Drive -- San Jose, CA 95134 -- USA -- -- Tel: +1 800 553-NETS -- -- E-mail: cs-snmp@cisco.com -- Descr -- Used to manage the encryption feature. ciscoIpEncryptionMIBObjects OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIB 1 } cieConfig OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIBObjects 1 } cieEngineStatus OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIBObjects 2 } cieConnections OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIBObjects 3 } cieTestConnection OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIBObjects 4 } cieMIBTrapPrefix OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIB 2 } cieMIBTraps OBJECT IDENTIFIER ::= { cieMIBTrapPrefix 0 } cieMIBConformance OBJECT IDENTIFIER ::= { ciscoIpEncryptionMIB 3 } cieMIBCompliances OBJECT IDENTIFIER ::= { cieMIBConformance 1 } cieMIBGroups OBJECT IDENTIFIER ::= { cieMIBConformance 2 } cieConfiguredAlgorithms OBJECT-TYPE SYNTAX OCTET STRING(SIZE(16)) ACCESS read-only STATUS mandatory DESCRIPTION "Type of encryption configured on a particular router, encoded as a bit-string. A router can support multiple encryption algorithms i.e. 56 bit des with 8 bit cipher feedback AND 40 bit des with 64 bit cipher feedback." ::= { cieConfig 1 } cieEncryptionKeyTimeout OBJECT-TYPE SYNTAX Integer32 -- Units -- minutes ACCESS read-only STATUS mandatory DESCRIPTION "Interval at which keys expire for a session and they are is re-negotiated." ::= { cieConfig 2 } cieNumberOfCryptoEngines OBJECT-TYPE SYNTAX Gauge32 ACCESS read-only STATUS mandatory DESCRIPTION "Total number of encryption engines." ::= { cieConfig 3 } cieEngineStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF CieEngineStatusEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table describing status of all encryption engines present within the router." ::= { cieEngineStatus 1 } cieEngineStatusEntry OBJECT-TYPE SYNTAX CieEngineStatusEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Each entry in this table describes public key associated with each engine, with its unique ID. In case of hardware assisted encryption each entry also describes status of encryption port adaptor." INDEX { cieEngineID } ::= { cieEngineStatusTable 1 } CieEngineStatusEntry ::= SEQUENCE { cieEngineID Integer32, cieEngineCardIndex Integer32, cieEnginePublicKey OCTET STRING, cieEsaTampered TruthValue, cieEsaAuthenticated TruthValue, cieEsaMode INTEGER } cieEngineID OBJECT-TYPE SYNTAX Integer32(1..2147483647) ACCESS read-only STATUS mandatory DESCRIPTION "Unique value identifying the crypto engine, in case of RP and other software only platforms, this is the processor ID. In case of ESA, this will be a unique ID retrieved from ESA." ::= { cieEngineStatusEntry 1 } cieEngineCardIndex OBJECT-TYPE SYNTAX Integer32 ACCESS read-only STATUS mandatory DESCRIPTION "Corresponds to cardIndex in the chassis mib, if value is 0 then this is a software encryption engine." ::= { cieEngineStatusEntry 2 } cieEnginePublicKey OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..1024)) ACCESS read-only STATUS mandatory DESCRIPTION "Public key for a particular crypto engine." ::= { cieEngineStatusEntry 3 } cieEsaTampered OBJECT-TYPE SYNTAX TruthValue -- Rsyntax INTEGER { -- true(1), -- false(2) -- } ACCESS read-only STATUS mandatory DESCRIPTION "Indicates whether encryption port adaptor has been tampered with. NOTE: This object is not present for software encryption engines." ::= { cieEngineStatusEntry 4 } cieEsaAuthenticated OBJECT-TYPE SYNTAX TruthValue -- Rsyntax INTEGER { -- true(1), -- false(2) -- } ACCESS read-only STATUS mandatory DESCRIPTION "Indicates whether encryption port adaptor has been properly authenticated for this router. NOTE: This object is not present for software encryption engines." ::= { cieEngineStatusEntry 5 } cieEsaMode OBJECT-TYPE SYNTAX INTEGER { enableActive(1), boot(2), error(3) } ACCESS read-only STATUS mandatory DESCRIPTION "Indicates current operating mode of the ESA card. This variable directly corresponds to LED status shown on ESA. NOTE: This object is not present for software encryption engines." ::= { cieEngineStatusEntry 6 } cieNumberOfConnections OBJECT-TYPE SYNTAX Gauge32 ACCESS read-only STATUS mandatory DESCRIPTION "Total number of active, pending and dead crypto connections." ::= { cieConnections 1 } cieConnTable OBJECT-TYPE SYNTAX SEQUENCE OF CieConnEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table that describes all encrypted IP traffic created by the router, between the protected entity (cieProtectedAddr) and the unprotected entity (cieUnprotectedAddr). Each entry in this table describes a virtual encrypted IP tunnel." ::= { cieConnections 2 } cieConnEntry OBJECT-TYPE SYNTAX CieConnEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This entry describes a connection viz. the protected and unprotected node, status of the connection and number of packets encrypted, decrypted per connection and algorithm used for encrypting data. Each entry also contains a pointer to crypto engine that is performing the encryption." INDEX { cieEngineID, cieConnIndex } ::= { cieConnTable 1 } CieConnEntry ::= SEQUENCE { cieConnIndex Integer32, cieProtectedAddr IpAddress, cieUnprotectedAddr IpAddress, cieConnStatus INTEGER, ciePktsEncrypted Counter32, ciePktsDecrypted Counter32, ciePktsDropped Counter32, cieLocalTimeEstablished TimeStamp, cieAlgorithmType INTEGER } cieConnIndex OBJECT-TYPE SYNTAX Integer32(1..2147483647) ACCESS not-accessible STATUS mandatory DESCRIPTION "A monotonically increasing integer for the sole purpose of indexing the cieConnTable. When it reaches the maximum value, the agent wraps the value back to 1 and may flush existing entries." ::= { cieConnEntry 1 } cieProtectedAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address for protected (secure) node." ::= { cieConnEntry 2 } cieUnprotectedAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the unprotected (insecure) node in the network." ::= { cieConnEntry 3 } cieConnStatus OBJECT-TYPE SYNTAX INTEGER { pendingConnection(1), openConnection(2), exchangeKeys(3), badConnection(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Integer describing status/type of connection. The pending and bad connections may be removed after 4 minutes of non-activity. Open (active) connections may be removed if they have not transmitted/received traffic in the last cieEncryptionKeyTimeout minutes." ::= { cieConnEntry 4 } ciePktsEncrypted OBJECT-TYPE SYNTAX Counter32 ACCESS read-only STATUS mandatory DESCRIPTION "Total number of packets encrypted for this connection." ::= { cieConnEntry 5 } ciePktsDecrypted OBJECT-TYPE SYNTAX Counter32 ACCESS read-only STATUS mandatory DESCRIPTION "Total number of packets decrypted for this connection." ::= { cieConnEntry 6 } ciePktsDropped OBJECT-TYPE SYNTAX Counter32 ACCESS read-only STATUS mandatory DESCRIPTION "Total number of packets dropped for this connection. The packets are dropped only in cases where encryption keys are not established between the protected entity and the unprotected entity. An increase in this value indicates the possibility of mis-configured keys." ::= { cieConnEntry 7 } cieLocalTimeEstablished OBJECT-TYPE SYNTAX TimeStamp -- Rsyntax TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "Value of sysUpTime at which the connection was established or re-established." ::= { cieConnEntry 8 } cieAlgorithmType OBJECT-TYPE SYNTAX INTEGER { des56bitCfb64(1), des56bitCfb8(2), des40bitCfb64(3), des40bitdesCfb8(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Type of encryption algorithm used for this connection." ::= { cieConnEntry 9 } cieTestConnTable OBJECT-TYPE SYNTAX SEQUENCE OF CieTestConnEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table of test crypto session entries." ::= { cieTestConnection 1 } cieTestConnEntry OBJECT-TYPE SYNTAX CieTestConnEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A encryption test entry. A management station wishing to create an entry should first generate a pseudo-random serial number to be used as the index to this sparse table. The station should then create the associated instance of the row status and row owner objects. It must also, either in the same or in successive PDUs, create the associated instance of the address objects. Once the appropriate instance of all the configuration objects have been created, either by an explicit SNMP set request, the row status should be set to active to initiate the request. Note that this entire procedure may be initiated via a single set request which specifies a row status of createAndGo. Once the connection sequence has been activated, it cannot be stopped -- it will run until a crypto connection has been established between source and destination. Once the sequence completes, the management station should retrieve the values of the status objects of interest, and should then delete the entry. In order to prevent old entries from clogging the table, entries will be aged out 30 minutes after they are created." INDEX { cieTestConnSerialNumber } ::= { cieTestConnTable 1 } CieTestConnEntry ::= SEQUENCE { cieTestConnSerialNumber Integer32, cieTestConnProtectedAddr IpAddress, cieTestConnUnprotectedAddr IpAddress, cieTestConnTrapOnCompletion TruthValue, cieTestConnCryptoMapName DisplayString, cieTestConnCryptoMapTagNumber Integer32, cieTestConnSessionStatus INTEGER, cieTestConnEntryOwner OwnerString, cieTestConnEntryStatus RowStatus } cieTestConnSerialNumber OBJECT-TYPE SYNTAX Integer32(1..2147483647) ACCESS not-accessible STATUS mandatory DESCRIPTION "Object which specifies a unique entry in the cieTestConnTable. A management station wishing to initiate a crypto session test operation should use a pseudo-random value for this object when creating an instance of a cieTestConnEntry. The RowStatus semantics of the cieTestConnEntryStatus object will prevent access conflicts." ::= { cieTestConnEntry 1 } cieTestConnProtectedAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The IP address of the protected (secure) node, for the test connection." ::= { cieTestConnEntry 2 } cieTestConnUnprotectedAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The IP address of the unprotected (insecure) node for the test connection." ::= { cieTestConnEntry 3 } cieTestConnTrapOnCompletion OBJECT-TYPE SYNTAX TruthValue -- Rsyntax INTEGER { -- true(1), -- false(2) -- } ACCESS read-write STATUS mandatory DESCRIPTION "Specifies whether or not a cieTestCompletion trap should be issued on completion of test crypto session. If such a trap is desired, it is the responsibility of the management entity to ensure that the SNMP administrative model is configured in such a way as to allow the trap to be delivered." DEFVAL { false } ::= { cieTestConnEntry 4 } cieTestConnCryptoMapName OBJECT-TYPE SYNTAX DisplayString -- Rsyntax OCTET STRING(SIZE(0..255)) ACCESS read-write STATUS mandatory DESCRIPTION "Specifies name of the crypto map already configured on the router. A crypto map along with its tag number fully specifies the enryption policy, such as type of algorithm to be used, the name of the peer router and access list." ::= { cieTestConnEntry 5 } cieTestConnCryptoMapTagNumber OBJECT-TYPE SYNTAX Integer32(1..2147483647) ACCESS read-write STATUS mandatory DESCRIPTION "Specifies tag number of the crypto map already configured on the router. A crypto map along with its tag number fully specifies the enryption policy, such as type of algorithm to be used, the name of the peer router and access list." ::= { cieTestConnEntry 6 } cieTestConnSessionStatus OBJECT-TYPE SYNTAX INTEGER { inProgress(1), fail(2), success(3), badCryptoMapName(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Set to a value that indicates whether a crypto session was successfully established, failed or the connection establishment process is in progress. If the specified crypto map is not configured, value is set to badCryptoMapName." ::= { cieTestConnEntry 7 } cieTestConnEntryOwner OBJECT-TYPE SYNTAX OwnerString -- Rsyntax OCTET STRING(SIZE(0..255)) ACCESS read-write STATUS mandatory DESCRIPTION "The entity that configured this entry." ::= { cieTestConnEntry 8 } cieTestConnEntryStatus OBJECT-TYPE SYNTAX RowStatus -- Rsyntax INTEGER { -- active(1), -- notInService(2), -- notReady(3), -- createAndGo(4), -- createAndWait(5), -- destroy(6) -- } ACCESS read-write STATUS mandatory DESCRIPTION "The status of this table entry. Once the entry status is set to active, the associate entry cannot be modified until the sequence completes (cieTestConnSessionStatus has value other than inprogress )." DEFVAL { createAndGo } ::= { cieTestConnEntry 9 } cieTestCompletion TRAP-TYPE -- Reverse mappable trap ENTERPRISE cieMIBTrapPrefix VARIABLES { cieTestConnSessionStatus, cieTestConnProtectedAddr, cieTestConnUnprotectedAddr } -- Status -- mandatory DESCRIPTION "A cieTestCompletion trap is sent at the completion of a crypto session establishment if such a trap was requested when the sequence was initiated. " ::= 1 cieMIBGroup OBJECT IDENTIFIER ::= { cieMIBGroups 1 } -- OBJECT-GROUP -- Status -- mandatory -- Descr -- A collection of objects providing information about -- IP crypto subsystem. -- objects -- cieConfiguredAlgorithms, cieEncryptionKeyTimeout, -- cieNumberOfCryptoEngines, cieEngineID, cieEngineCardIndex, -- cieEnginePublicKey, cieEsaTampered, cieEsaAuthenticated, -- cieEsaMode, cieNumberOfConnections, cieProtectedAddr, -- cieUnprotectedAddr, cieConnStatus, ciePktsEncrypted, -- ciePktsDecrypted, ciePktsDropped, cieLocalTimeEstablished, -- cieAlgorithmType, cieTestConnProtectedAddr, -- cieTestConnUnprotectedAddr, cieTestConnTrapOnCompletion, -- cieTestConnCryptoMapName, cieTestConnCryptoMapTagNumber, -- cieTestConnSessionStatus, cieTestConnEntryOwner, -- cieTestConnEntryStatus cieMIBCompliance OBJECT IDENTIFIER ::= { cieMIBCompliances 1 } -- MODULE-COMPLIANCE -- Status -- mandatory -- Descr -- The compliance statement for entities which implement -- the Cisco Encryption MIB -- Module -- >>current<< -- MandGroup -- cieMIBGroup END