Data Classes

Enum Classes


Revision: 2007-10-24

This is a MIB Module for monitoring the structures in IPSec-based Virtual Private Networks. The MIB has been designed to be adopted as an IETF standard. Hence Cisco-specific features of IPSec protocol are excluded from this MIB.

Acronyms The following acronyms are used in this document:

IPSec: Secure IP Protocol

VPN: Virtual Private Network

ISAKMP: Internet Security Association and Key Exchange

IKE: Internet Key Exchange Protocol

SA: Security Association

MM: Main Mode - the process of setting up
a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs
QM: Quick Mode - the process of setting up
Phase 2 Security Associations using a Phase 1 SA.

Overview of IPsec MIB

The MIB contains six major groups of objects which are used to manage the IPSec Protocol. These groups include a Levels Group, a Phase-1 Group, a Phase-2 Group, a History Group, a Failure Group and a TRAP Control Group. The following table illustrates the structure of the IPSec MIB.

The Phase 1 group models objects pertaining to IKE negotiations and tunnels.

The Phase 2 group models objects pertaining to IPSec data tunnels.

The History group is to aid applications that do trending analysis.

The Failure group is to enable an operator to do troubleshooting and debugging of the VPN Router. Further, counters are supported to aid Intrusion Detection.

In addition to the five major MIB Groups, there are a number of Notifications. The following table illustrates the name and description of the IPSec TRAPs.

For a detailed discussion, please refer to the IETF draft draft-ietf-ipsec-flow-monitoring-mib-00.txt.