This is a MIB Module for monitoring the structures in IPSec-based Virtual Private Networks. The MIB has been designed to be adopted as an IETF standard. Hence Cisco-specific features of IPSec protocol are excluded from this MIB.
Acronyms The following acronyms are used in this document:
IPSec: Secure IP Protocol
VPN: Virtual Private Network
- ISAKMP: Internet Security Association and Key Exchange
IKE: Internet Key Exchange Protocol
SA: Security Association
- MM: Main Mode - the process of setting up
- a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs
- QM: Quick Mode - the process of setting up
- Phase 2 Security Associations using a Phase 1 SA.
Overview of IPsec MIB
The MIB contains six major groups of objects which are used to manage the IPSec Protocol. These groups include a Levels Group, a Phase-1 Group, a Phase-2 Group, a History Group, a Failure Group and a TRAP Control Group. The following table illustrates the structure of the IPSec MIB.
The Phase 1 group models objects pertaining to IKE negotiations and tunnels.
The Phase 2 group models objects pertaining to IPSec data tunnels.
The History group is to aid applications that do trending analysis.
The Failure group is to enable an operator to do troubleshooting and debugging of the VPN Router. Further, counters are supported to aid Intrusion Detection.
In addition to the five major MIB Groups, there are a number of Notifications. The following table illustrates the name and description of the IPSec TRAPs.
For a detailed discussion, please refer to the IETF draft draft-ietf-ipsec-flow-monitoring-mib-00.txt.