Stop managing your network one node at a time!
[Home] [Download] [Project Page] [Bugs] [SVN] [email Lists] [Tutorials] [Screenshots]

IPSEC-POLICY-MIB

Overview

The IPSEC-POLICY-MIB (ipspm) is used to configure the policy for a host. Each endpoint on the host is associated with a group. A group contains a prioritized list of sub-groups and/or rules. A rule contains a filter and an action to execute should that filter evaluate to be true.

Endpoints

Groups

Filters

Rules

Actions

Transforms

IKE Actions

IPSEC Actions

keyTable
+-saPreconfiguredAction sapAHSharedSecretName sapESPEncSharedSecretName sapESPAuthSharedSecretName
+-ikeIdentity ikeIdKeyName
+-peerIdentity peerIdKeyName

ahTransformTable, espTransformTable, ipcompTransformTable
+-saPreconfiguredAction sapAHTransformName sapESPTransformName sapIPCompTransformName
+-ipsecTransforms ipsecTransformsTransformName

ipHeaderFilterTable, ipOffsetFilterTable, timeFilterTable, ipsoHeaderFilterTable, credentialFilterTable, peerIdentityFilterTable
+-policyGroupContents pgcFilter
+-policyRuleDefinition pRuleFilter
+-filtersInCompoundFilter ficSubfilter


policyEndpointToGroupTable
+-ikeIdentity INDEX

policyGroupContentsTable
+-systemPolicyGroupName
+-policyEndpointToGroupTable

policyRuleDefinitionTable
compoundFilterTable
filtersInCompoundFilterTable

compoundActionsTable, saPreconfiguredActionTable, ikeActionTable, ipsecActionTable
+-policyRuleDefinition pRuleAction
+-actionsInCompoundActions aicaSubActionName

ikeActionProposalsTable
+-ikeProposalTable

ipsecProposalsTable
+-ipsecAction ipsecActionProposalsName

actionsInCompoundActionsTable
saNegotiationParametersTable
ikeProposalTable
ipsecProposalsTable
ipsecTransformsTable
ikeIdentityTable
+-ikeAction ikeIdentityType, ikeIdentityContext

peerIdentityTable
+-saPreconfiguredAction sapPeerGatewayIdName
+-ikeAction ikePeerName
+-ipsecAction ipsecPeerGatewayIdName

autostartIkeTable
+-NONE

ipsecCredMngServiceTable
+-credentialFilter crfAcceptCredFrom
+-ikeIdentity ikeIdCredMngName
+-peerIdentity peerIdCredMngName



+--------------------------------------------------------------------------------
| policyEndpointToGroupTable | GroupName | LastChanged | StorageType | RowStatus
+--------------------------------------------------------------------------------

+--------------------------------------------------------------------------------
| policyGroupContentsTable | Filter | GroupComponentType | GroupComponentName | LastChanged | StorageType | RowStatus
| policyRuleDefinitionTable | Description | Filter | FilterNegated | Action | AdminStatus | LastChanged | StorageType | RowStatus
| compoundFilterTable | Description | LogicType | LastChanged | StorageType | RowStatus
| filtersInCompoundFilterTable | Subfilter | SubfilterIsNegated | LastChanged | StorageType | RowStatus
| ipHeaderFilterTable | Type | IPVersion | SrcAddressBegin | SrcAddressEnd | DstAddressBegin | DstAddressEnd | SrcLowPort | SrcHighPort | DstLowPort | DstHighPort | Protocol | IPv6FlowLabel | LastChanged | StorageType | RowStatus
| ipOffsetFilterTable | Offset | Type | Number | Value | LastChanged | StorageType | RowStatus
| timeFilterTable | PeriodStart | PeriodEnd | MonthOfYearMask | DayOfMonthMask | DayOfWeekMask | TimeOfDayMaskStart | TimeOfDayMaskEnd | LastChanged | StorageType | RowStatus
| ipsoHeaderFilterTable | Type | Classification | ProtectionAuth | LastChanged | StorageType | RowStatus
| credentialFilterTable | CredentialType | MatchFieldName | MatchFieldValue | AcceptCredFrom | LastChanged | StorageType | RowStatus
| peerIdentityFilterTable | IdentityType | IdentityValue | LastChanged | StorageType | RowStatus
| compoundActionsTable | ExecutionStrategy | LastChanged | StorageType | RowStatus
| actionsInCompoundActionsTable | SubActionName | LastChanged | StorageType | RowStatus
| saPreconfiguredActionTable | ActionDescription | ActionLifetimeSec | ActionLifetimeKB | DoActionLogging | DoPacketLogging | DFHandling | ActionType | AHSPI | AHTransformName | AHSharedSecretName | ESPSPI | ESPTransformName | ESPEncSharedSecretName | ESPAuthSharedSecretName | IPCompSPI | IPCompTransformName | PeerGatewayIdName | LastChanged | StorageType | RowStatus
| saNegotiationParametersTable | MinimumLifetimeSeconds | MinimumLifetimeKB | RefreshThresholdSeconds | RefreshThresholdKB | IdleDurrationSeconds | LastChanged | StorageType | RowStatus
| ikeActionTable | ActionParametersName | ThresholdDerivedKeys | ExchangeMode | AgressiveModeGroupId | IdentityType | IdentityContext | PeerName | ActionDoActionLogging | ActionDoPacketLogging | ActionVendorId | ActionLastChanged | ActionStorageType | ActionRowStatus
| ikeActionProposalsTable | Name | LastChanged | StorageType | RowStatus
| ikeProposalTable | LifetimeDerivedKeys | CipherAlgorithm | CipherKeyLength | CipherKeyRounds | HashAlgorithm | PrfAlgorithm | VendorId | DhGroup | AuthenticationMethod | MaxLifetimeSeconds | MaxLifetimeKB | ProposalLastChanged | ProposalStorageType | ProposalRowStatus
| ipsecActionTable | ActionParametersName | ActionProposalsName | UsePfs | VendorId | GroupId | PeerGatewayIdName | UseIkeGroup | Granularity | Mode | DFHandling | DoActionLogging | DoPacketLogging | ActionLastChanged | ActionStorageType | ActionRowStatus
| ipsecProposalsTable | TransformsName | LastChanged | StorageType | RowStatus
| ipsecTransformsTable | TransformName | LastChanged | StorageType | RowStatus
| ahTransformTable | MaxLifetimeSec | MaxLifetimeKB | Algorithm | ReplayProtection | ReplayWindowSize | LastChanged | StorageType | RowStatus
| espTransformTable | MaxLifetimeSec | MaxLifetimeKB | CipherTransformId | CipherKeyLength | CipherKeyRounds | IntegrityAlgorithmId | ReplayPrevention | ReplayWindowSize | LastChanged | StorageType | RowStatus
| ipcompTransformTable | TransformMaxLifetimeSec | TransformMaxLifetimeKB | Algorithm | DictionarySize | PrivateAlgorithm | TransformLastChanged | TransformStorageType | TransformRowStatus
| ikeIdentityTable | Value | KeyName | CredMngName | LastChanged | StorageType | RowStatus
| peerIdentityTable | Value | Type | Address | AddressType | KeyName | CredMngName | LastChanged | StorageType | RowStatus
| autostartIkeTable | Action | AddressType | SourceAddress | SourcePort | DestAddress | DestPort | Protocol | LastChanged | StorageType | RowStatus
| ipsecCredMngServiceTable | PolicyStatement | CRL | CRLDistPoint | DistinguishedName | MaxChainLength | CRLRefreshFreq | Value | LastChanged | StorageType | RowStatus
| keyTable | RemoteID | Key | PasswordAlgorithm | LastChanged | StorageType | RowStatus

Table Dependencies

        keyTable &&
        credMngTable before
            peerIdentityTable

        keyTable &&
        credMngTable &&
        ?peEndpointTable
            before ikeIdentityTable

        peerIdentityTable &&
        sharedSecretsTable &&
        espTransformTable &&
        ahTransformTable before
            saPreconfiguredActionTable

        compoundActionsTable &&
        saPreconfiguredActionTable &&
        ikeActionTable &&
        ipsecActionTable before
            actionsInCompoundActionTable

        peerIdentity
        saNegotiationParameters before
        ipsecProposalsTable
            ipsecActionTable

        saNegotiationParameters before
            ikeActionTable

        ikeIdentity before
            ikeActionTable

        ikeActionTable before
            ikeActionProposalsTable

        TransformsTable
            before ipsecProposalsTable
            before ipsecTransformsTable

net-policy-users

Last modified: Mon Jan 6 17:47:00 EST 2003
Powered by: