-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00


---------------------------------------------------------------------------
-- (C)opyright 2010-2014 bintec elmeg GmbH
-- $RCSfile: mib-ikev2,v $
-- $Revision: 1.6 $
-- $Date: 2014-02-07 11:21:02 $
---------------------------------------------------------------------------

FEC-IKEV2-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, enterprises, 
    IpAddress, TimeTicks, Counter32, snmpModules, mib-2, Unsigned32, Counter64
        FROM SNMPv2-SMI
    DisplayString, TestAndIncr, TimeStamp
        FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF
    ipsec, Date, HexValue, BitValue
        FROM BINTEC-MIB;
 
---------------------------------------------------------------------------

---------------------------------------------------------------------------

ikev2MIB MODULE-IDENTITY
    LAST-UPDATED "201103020000Z"
    ORGANIZATION "bintec elmeg GmbH"
    CONTACT-INFO "EMail:   info@bintec-elmeg.com
                  Web:     www.bintec-elmeg.com"
    DESCRIPTION  "Management Information for IKEv2 of IPSec Subsystem"

    ::= { ipsec 252 }

---------------------------------------------------------------------------

-- IKE Security Associations Table

	ikev2SaTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF Ikev2SaEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of currently active IKE security
		 associations, that are created using IKEv2 protocol."
	::= { ipsec 21 }

	ikev2SaEntry OBJECT-TYPE
            SYNTAX  Ikev2SaEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an IKE security association."
	    INDEX   {
		ikev2SaIndex
	    }
            ::= { ikev2SaTable 1 }

	Ikev2SaEntry ::=
            SEQUENCE {
		ikev2SaIndex			INTEGER,
		ikev2SaState			INTEGER, 
		ikev2SaAuthMethod		INTEGER,
		ikev2SaEncAlg			INTEGER,
		ikev2SaIntegAlg			INTEGER,
		ikev2SaPrfAlg			INTEGER,
		ikev2SaGroup			INTEGER,
		ikev2SaRole			INTEGER, 
		ikev2SaLocalId			DisplayString,
		ikev2SaRemoteId			DisplayString,
		ikev2SaLocalIp			IpAddress,
		ikev2SaRemoteIp			IpAddress,
		ikev2SaSpiI			OCTET STRING,
		ikev2SaSpiR			OCTET STRING,
		ikev2SaCreated			Date,
		ikev2SaLastUsed			Date,
		ikev2SaExpires			Date,
		ikev2SaNumCerts			INTEGER,
		ikev2SaNumNegotiations		INTEGER, 
		ikev2SaBytes			INTEGER, 
		ikev2SaPeerIndex		INTEGER, 
		ikev2SaLocalPort		INTEGER,
		ikev2SaRemotePort		INTEGER 
            }

	ikev2SaIndex OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "A unique index for this entry."
	::= { ikev2SaEntry 1 }

	ikev2SaState OBJECT-TYPE
	    SYNTAX INTEGER {
		negotiating(1), -- the SA is still being negotiated
		established(2),	-- the SA negotiation is finished
		waiting-for-remove(3), -- the SA is waiting for removal
		delete(7)	       -- mark the SA for deletion
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the state of the SA.
		  Possible values:
		   negotiating(1),        -- the SA is still being negotiated
		   established(2),        -- the SA negotiation is finished
		   waiting-for-remove(3), -- the SA is waiting for removal
		   delete(7)	          -- mark the SA for deletion."
	    DEFVAL { negotiating }
	::= { ikev2SaEntry 2 }

	ikev2SaAuthMethod OBJECT-TYPE
	    SYNTAX INTEGER {
		pre-sh-key(1), 	-- Authentication using pre shared keys
		dss-sig(2), 	-- Authentication using DSS signatures
		rsa-sig(3), 	-- Authentication using RSA signatures
		rsa-enc(4), 	-- Authentication using RSA encryption
		rsa-enc-rev(5) 	-- Authentication using revised RSA encryption
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The authentication method used when creating this SA.
		  Possible values:
		   pre-sh-key(1), 	-- Authentication using pre shared keys
		   dss-sig(2), 	  -- Authentication using DSS signatures
		   rsa-sig(3), 	  -- Authentication using RSA signatures
		   rsa-enc(4), 	  -- Authentication using RSA encryption
		   rsa-enc-rev(5) -- Authentication using revised RSA encryption."
	::= { ikev2SaEntry 3 }

	ikev2SaEncAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		des(2),
		des3(3),
		rc5(4),
		idea(5),
		cast(6),
		blowfish(7),
		aes-cbc(12),
		aes-ctr(13)
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The encryption algorithm used for the IKE_SA.
		  Possible values:
		   des(2),
		   des3(3),
	           rc5(4),
		   idea(5),
		   cast(6),
		   blowfish(7),
		   aes-cbc(12),
		   aes-ctr(13)"
	::= { ikev2SaEntry 4 }

	ikev2SaIntegAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		hmac-md5-96(1),		-- The MD5 hash algorithm
		hmac-sha1-96(2)	 	-- The Secure Hash Algorithm
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The integrity protection algorithm used for the IKE_SA.
		  Possible values:
		   hmac-md5-96(1),
		   hmac-sha1-96(2)"
	::= { ikev2SaEntry 5 }

	ikev2SaPrfAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		hmac-md5(1),		-- The MD5 hash algorithm
		hmac-sha1(2)		-- The Secure Hash Algorithm
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The hash algorithm used for the pseudo random function.
		  Possible values:
		   hmac-md5(1),	
		   hmac-sha1(2)"
	::= { ikev2SaEntry 6 }

	ikev2SaGroup OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The Diffie-Hellman group used for the IKE_SA.
		  Possible values:
		   1	- DH-group 768-bit MODP,	
		   2	- DH-group 1024-bit MODP"
	::= { ikev2SaEntry 7 }

	ikev2SaRole OBJECT-TYPE
	    SYNTAX INTEGER {
		initiator(1), 	-- this end initiated the SA negotiation
		responder(2)	-- the remote end initiated the SA negotiation
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies by which side the SA
		 negotiation was initiated.
		  Possible values:
		   initiator(1), -- this end	initiated the SA negotiation 
		   responder(2)  -- the remote end initiated the SA negotiation."
	::= { ikev2SaEntry 8 }

	ikev2SaLocalId OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local ID used for authentication."
	::= { ikev2SaEntry 9 }

	ikev2SaRemoteId OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote ID used for authentication."
	::= { ikev2SaEntry 10 }

	ikev2SaLocalIp OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local IP address used in the IKE communication."
	::= { ikev2SaEntry 11 }

	ikev2SaRemoteIp OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote IP address used in the IKE communication."
	::= { ikev2SaEntry 12 }

	ikev2SaSpiI OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The SPI of the initiator."
	::= { ikev2SaEntry 13 }

	ikev2SaSpiR OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The SPI of the responder."
	::= { ikev2SaEntry 14 }

	ikev2SaCreated OBJECT-TYPE
	    SYNTAX  Date 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"Time the SA was created."
	::= { ikev2SaEntry 15 }

	ikev2SaLastUsed OBJECT-TYPE
	    SYNTAX  Date 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"Time the SA was used last."
	::= { ikev2SaEntry 16 }

	ikev2SaExpires OBJECT-TYPE
	    SYNTAX  Date 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"Time the SA will expire."
	::= { ikev2SaEntry 17 }

	ikev2SaNumCerts OBJECT-TYPE
	    SYNTAX INTEGER	
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of certificates received from the remote
		 side when negotiating this SA."
	::= { ikev2SaEntry 18 }

	ikev2SaNumNegotiations OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "This object specifies the number of currently active 
		  negotiations for this SA."
	::= { ikev2SaEntry 19 }

	ikev2SaBytes OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "Number of bytes transmitted using this SA."
	::= { ikev2SaEntry 20 }

	ikev2SaPeerIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The index of the peer for which this SA was created."
	::= { ikev2SaEntry 21 }

	ikev2SaLocalPort OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "Local port currently used for the SA."
	::= { ikev2SaEntry 22 }

	ikev2SaRemotePort OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "Remote port currently used for the SA."
	::= { ikev2SaEntry 23 }

-- End IKE Security Associations Table


-- IKEv2 Profile Table

	ikev2ProfileTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF Ikev2ProfileEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of IKE_SA profiles.
		 these profiles are neede when using IKEv2 protocol."
	::= { ipsec 22 }

	ikev2ProfileEntry OBJECT-TYPE
            SYNTAX  Ikev2ProfileEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an IKE_SA profile."
	    INDEX   {
		ikev2PrfIndex
	    }
            ::= { ikev2ProfileTable 1 }

	Ikev2ProfileEntry ::=
	    SEQUENCE {
		ikev2PrfIndex			Unsigned32,
		ikev2PrfDescription		DisplayString,
		ikev2PrfProposal		Unsigned32,
		ikev2PrfBlockTime		INTEGER,
		ikev2PrfNatT			INTEGER,
		ikev2PrfMtuMax			INTEGER,
		ikev2PrfLifeSeconds		Unsigned32,
		ikev2PrfAliveCheck		INTEGER
	    }

	ikev2PrfIndex OBJECT-TYPE
	    SYNTAX Unsigned32 (1..4294967295)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"A unique index identifying this entry."
	::= { ikev2ProfileEntry 1 }

	ikev2PrfDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"An optional description for this profile."
	::= { ikev2ProfileEntry 2 }

	ikev2PrfProposal OBJECT-TYPE
	    SYNTAX Unsigned32
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index of the first IKE proposal which may be used
		 for IKE SA negotiation with this profile."
	::= { ikev2ProfileEntry 3 }

	ikev2PrfBlockTime OBJECT-TYPE
	    SYNTAX INTEGER (-1..86400) 
		UNITS "seconds"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the time in seconds for which a peer is
		 blocked for any IPSec operations after a phase 1 initiator
		 negotiation failed.
		  Special values:
		   -1: use settings from global profile (do not block by default)
		    0: do not block the peer at all."
	    DEFVAL { -1 }
	::= { ikev2ProfileEntry 4 }

	ikev2PrfNatT OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled(1), 	-- enable Nat-Traversal
		disabled(2),	-- disable Nat-Traversal
		default(3),   	-- use value from default profile 
                                -- (enabled, if this is the default profile)
		delete(4)   	-- mark this entry for deletion 
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies whether NAT-Traversal is enabled
		  Possible values:
		   enabled(1), 	-- enable Nat-Traversal
		   disabled(2),	-- disable Nat-Traversal
		   default(3)   -- use value from default profile 
                                -- (disabled, if this is the default profile)."
	    DEFVAL { default }
	::= { ikev2ProfileEntry 5 }

	ikev2PrfMtuMax OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The maximum MTU value allowed for ipsecPeerMtu.
		 Zero means use value from global profile, 
		 if this is the global profile, 1418 is assumed.
		 Nonzero values smaller than 214 are reset to the minimum of 214."
	    DEFVAL { 0 }
	::= { ikev2ProfileEntry 6 }

	ikev2PrfLifeSeconds OBJECT-TYPE
	    SYNTAX Unsigned32
		UNITS "seconds"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The time (in seconds) after which an SA will be rekeyed."
	    DEFVAL { 3600 }
	::= { ikev2ProfileEntry 7 }

	ikev2PrfAliveCheck OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled(1), 	-- enable alive check
		disabled(2)	-- disable alive check
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies if a check is done to see whether the 
		 other endpoint is alive.
		(only for IKEv2)."
	    DEFVAL { enabled }
	::= { ikev2ProfileEntry 8 }

-- End IKE SA Profile Table (IKEv2)



END
