The MIB module maps the IPSec entities created dynamically to the policy entities that caused them. This is an appendix to the IPSEC-MONITOR-MIB that has been proposed to IETF for monitoring IPSec based Virtual Private Networks.
Overview of Cisco IPsec Policy Map MIB
- There are two components to this MIB:
- #1 a table that maps an IPSec Phase-1
- tunnel to the Internet Security Association and Key Exchange (ISAKMP) Policy
- #2 a table that maps an IPSec Phase-2
- tunnel to the corresponding IPSec Policy element - called ‘cryptomaps’ - in IOS (Internet Operating System)
- The first mappin (also called Internet Key Exchange
- or IKE mapping) yields, given the index of
the IKE tunnel in the ikeTunnelTable (IPSEC-MONITOR-MIB), the ISAKMP policy definition defined using the CLI on the managed entity.
The IPSec mapping yields, given the index of the IPSec tunnel in the ipSecTunnelTable (IPSEC-MONITOR-MIB), the IPSec transform and the cryptomap definition that gave rise to this tunnel.
In implementation and usage, this MIB cannot exist independent of the IPSEC-MONITOR-MIB.