>> MIB - Management Information Base

>> Table: ipsecSaTable - (.1.3.6.1.4.1.272.4.26.3.1)

Description: This object contains an IPSec security association.

ipsecSaTable
OIDNameTypeAccess
.1IndexINTEGERR
.3StateENUMD
.4CreatorENUMR
.5DirENUMR
.6ModeENUMR
.7SecProtoENUMR
.8LocalIpIpAddressR
.9PeerIpIpAddressR
.10SrcAddressIpAddressR
.11SrcMaskLenINTEGERR
.12SrcRangeIpAddressR
.13DstAddressIpAddressR
.14DstMaskLenINTEGERR
.15DstRangeIpAddressR
.17SpiHexValueR
.18AuthAlgENUMR
.19EncAlgENUMR
.20CompAlgENUMR
.21AuthKeyLenINTEGERR
.22EncKeyLenINTEGERR
.25LifeSecondsINTEGERR
.26LifeKBytesINTEGERR
.27ProtoENUMR
.28SrcPortINTEGERR
.29DstPortINTEGERR
.30SecondsINTEGERR
.31BytesINTEGERR
.32PacketsINTEGERR
.33ReplayErrorsINTEGERR
.34RecvErrorsINTEGERR
.35DecryptErrorsINTEGERR
.36PeerIndexINTEGERR
.37TrafficIndexINTEGERR
.38HeartbeatsINTEGERR
.39BundleINTEGERR
.40BundleNestingINTEGERR
.41BundleFlagENUMR

Index
A unique index for this entry.
State
The current state of the security association
Possible values:
alive(1),	-- The SA is alive and will eventually be rekeyed
expired(2),	-- The SA is expired and will not be rekeyed
delete (3)	-- mark this sa for deletion.
Enumerations:
  • alive (1)
  • expired (2)
  • delete (3)
Creator
This object specifies how the SA was created
Possible values:
manual(1), -- A manually keyed IPSec SA
ike(2)     -- An automatically keyed SA created by IKE.
Enumerations:
  • manual (1)
  • ike (2)
Dir
This object specifies whether the SA is used for inbound or
outbound processing.
Possible values:
inbound(1),	-- An inbound security association
outbound(2)	-- An outbound security association.
Enumerations:
  • inbound (1)
  • outbound (2)
Mode
This object specifies whether the SA is in tunnel or 
transport mode.
Possible values:
tunnel(1),	-- A tunnel mode SA
transport(2)	-- A transport mode SA.
Enumerations:
  • tunnel (1)
  • transport (2)
SecProto
This object specifies the security protocol applied by this SA.
Possible values:
esp(50),	-- Encapsulating Security Payload
ah(51),	-- Authentication Header
ipcomp(108)	-- Internet Payload Compression Protocol.
Enumerations:
  • esp (50)
  • ah (51)
  • ipcomp (108)
LocalIp
The local IP address of the outer packet header. For
transport mode SAs, this address is the same as the
ipsecSaSrcAddress.
PeerIp
The destination IP address of the outer packet
header. For transport mode SAs, this address is the
same as the ipsecSaDstAddress.
SrcAddress
The address of the source network this SA covers (if the 
SrcRange field is nonzero, this is the first address of a 
range of addresses).
SrcMaskLen
The mask length of the source network this SA covers
(only meaningful, if the SrcRange field is zero).
SrcRange
The last address of a range of source addresses (starting with 
SrcAddress) this SA covers. Overrides SrcMaskLen.
DstAddress
The address of the destination network this SA covers (if the 
DstRange field is nonzero, this is the first address of a 
range of addresses).
DstMaskLen
The mask length of the destination network this SA covers
(only meaningful, if the DstRange field is zero).
DstRange
The last address of a range of destination addresses (starting
with DstAddress) this SA covers. Overrides DstMaskLen.
Spi
The Security Parameters Index of this SA.
AuthAlg
The hash algorithm used, if any.
Possible Values:
none(2),	   -- No hash algorithm applied
md5-96(4),	   -- The MD5 hash algorithm
sha1-96(6)	   -- The Secure Hash Algorithm.
Enumerations:
  • none (2)
  • md5-96 (4)
  • sha1-96 (6)
EncAlg
The encryption algorithm used, if any.
Possible Values:
none(1),	      -- No encryption applied
des-cbc(2),	      -- DES in CBC mode
des3-cbc(3),       -- Triple DES in CBC mode
blowfish-cbc(4),   -- Blowfish in CBC mode
cast128-cbc(5),    -- CAST with 128 bit key in CBC mode
twofish-cbc(6),    -- Twofish in CBC mode
rijndael-cbc(7)    -- Rijndael in CBC mode.
Enumerations:
  • none (1)
  • des-cbc (2)
  • des3-cbc (3)
  • blowfish-cbc (4)
  • cast128-cbc (5)
  • twofish-cbc (6)
  • rijndael-cbc (7)
CompAlg
The compression algorithm used, if any.
Possible Values:
none(1),	  -- No compression
deflate(2) 	  -- DEFLATE compression algorithm.
Enumerations:
  • none (2)
  • deflate (3)
AuthKeyLen
The length of the key used for authentication, if any.
EncKeyLen
The length of the key used for encryption, if any.
LifeSeconds
The period in seconds after which this SA will be destroyed.
LifeKBytes
The amount of data allowed to be protected by this SA
until it is destroyed.
Proto
The protocol this SA covers.
Enumerations:
  • icmp (1)
  • igmp (2)
  • ggp (3)
  • ipip (4)
  • st (5)
  • tcp (6)
  • cbt (7)
  • egp (8)
  • igp (9)
  • bbn (10)
  • nvp (11)
  • pup (12)
  • argus (13)
  • emcon (14)
  • xnet (15)
  • chaos (16)
  • udp (17)
  • mux (18)
  • dcn (19)
  • hmp (20)
  • prm (21)
  • xns (22)
  • trunk1 (23)
  • trunk2 (24)
  • leaf1 (25)
  • leaf2 (26)
  • rdp (27)
  • irtp (28)
  • isotp4 (29)
  • netblt (30)
  • mfe (31)
  • merit (32)
  • sep (33)
  • pc3 (34)
  • idpr (35)
  • xtp (36)
  • ddp (37)
  • idprc (38)
  • tp (39)
  • il (40)
  • ipv6 (41)
  • sdrp (42)
  • ipv6route (43)
  • ipv6frag (44)
  • idrp (45)
  • rsvp (46)
  • gre (47)
  • mhrp (48)
  • bna (49)
  • esp (50)
  • ah (51)
  • inlsp (52)
  • swipe (53)
  • narp (54)
  • mobile (55)
  • tlsp (56)
  • skip (57)
  • ipv6icmp (58)
  • ipv6nonxt (59)
  • ipv6opts (60)
  • ipproto-61 (61)
  • cftp (62)
  • local (63)
  • sat (64)
  • kryptolan (65)
  • rvd (66)
  • ippc (67)
  • distfs (68)
  • satmon (69)
  • visa (70)
  • ipcv (71)
  • cpnx (72)
  • cphb (73)
  • wsn (74)
  • pvp (75)
  • brsatmon (76)
  • sunnd (77)
  • wbmon (78)
  • wbexpak (79)
  • isoip (80)
  • vmtp (81)
  • securevmtp (82)
  • vines (83)
  • ttp (84)
  • nsfnet (85)
  • dgp (86)
  • tcf (87)
  • eigrp (88)
  • ospfigp (89)
  • sprite (90)
  • larp (91)
  • mtp (92)
  • ax25 (93)
  • ipwip (94)
  • micp (95)
  • scc (96)
  • etherip (97)
  • encap (98)
  • encrypt (99)
  • gmtp (100)
  • ifmp (101)
  • pnni (102)
  • pim (103)
  • aris (104)
  • scps (105)
  • qnx (106)
  • an (107)
  • ippcp (108)
  • snp (109)
  • compaq (110)
  • ipxip (111)
  • vrrp (112)
  • pgm (113)
  • hop0 (114)
  • l2tp (115)
  • ipproto-116 (116)
  • ipproto-117 (117)
  • ipproto-118 (118)
  • ipproto-119 (119)
  • ipproto-120 (120)
  • ipproto-121 (121)
  • ipproto-122 (122)
  • ipproto-123 (123)
  • ipproto-124 (124)
  • ipproto-125 (125)
  • ipproto-126 (126)
  • ipproto-127 (127)
  • ipproto-128 (128)
  • ipproto-129 (129)
  • ipproto-130 (130)
  • ipproto-131 (131)
  • ipproto-132 (132)
  • ipproto-133 (133)
  • ipproto-134 (134)
  • ipproto-135 (135)
  • ipproto-136 (136)
  • ipproto-137 (137)
  • ipproto-138 (138)
  • ipproto-139 (139)
  • ipproto-140 (140)
  • ipproto-141 (141)
  • ipproto-142 (142)
  • ipproto-143 (143)
  • ipproto-144 (144)
  • ipproto-145 (145)
  • ipproto-146 (146)
  • ipproto-147 (147)
  • ipproto-148 (148)
  • ipproto-149 (149)
  • ipproto-150 (150)
  • ipproto-151 (151)
  • ipproto-152 (152)
  • ipproto-153 (153)
  • ipproto-154 (154)
  • ipproto-155 (155)
  • ipproto-156 (156)
  • ipproto-157 (157)
  • ipproto-158 (158)
  • ipproto-159 (159)
  • ipproto-160 (160)
  • ipproto-161 (161)
  • ipproto-162 (162)
  • ipproto-163 (163)
  • ipproto-164 (164)
  • ipproto-165 (165)
  • ipproto-166 (166)
  • ipproto-167 (167)
  • ipproto-168 (168)
  • ipproto-169 (169)
  • ipproto-170 (170)
  • ipproto-171 (171)
  • ipproto-172 (172)
  • ipproto-173 (173)
  • ipproto-174 (174)
  • ipproto-175 (175)
  • ipproto-176 (176)
  • ipproto-177 (177)
  • ipproto-178 (178)
  • ipproto-179 (179)
  • ipproto-180 (180)
  • ipproto-181 (181)
  • ipproto-182 (182)
  • ipproto-183 (183)
  • ipproto-184 (184)
  • ipproto-185 (185)
  • ipproto-186 (186)
  • ipproto-187 (187)
  • ipproto-188 (188)
  • ipproto-189 (189)
  • ipproto-190 (190)
  • ipproto-191 (191)
  • ipproto-192 (192)
  • ipproto-193 (193)
  • ipproto-194 (194)
  • ipproto-195 (195)
  • ipproto-196 (196)
  • ipproto-197 (197)
  • ipproto-198 (198)
  • ipproto-199 (199)
  • ipproto-200 (200)
  • ipproto-201 (201)
  • ipproto-202 (202)
  • ipproto-203 (203)
  • ipproto-204 (204)
  • ipproto-205 (205)
  • ipproto-206 (206)
  • ipproto-207 (207)
  • ipproto-208 (208)
  • ipproto-209 (209)
  • ipproto-210 (210)
  • ipproto-211 (211)
  • ipproto-212 (212)
  • ipproto-213 (213)
  • ipproto-214 (214)
  • ipproto-215 (215)
  • ipproto-216 (216)
  • ipproto-217 (217)
  • ipproto-218 (218)
  • ipproto-219 (219)
  • ipproto-220 (220)
  • ipproto-221 (221)
  • ipproto-222 (222)
  • ipproto-223 (223)
  • ipproto-224 (224)
  • ipproto-225 (225)
  • ipproto-226 (226)
  • ipproto-227 (227)
  • ipproto-228 (228)
  • ipproto-229 (229)
  • ipproto-230 (230)
  • ipproto-231 (231)
  • ipproto-232 (232)
  • ipproto-233 (233)
  • ipproto-234 (234)
  • ipproto-235 (235)
  • ipproto-236 (236)
  • ipproto-237 (237)
  • ipproto-238 (238)
  • ipproto-239 (239)
  • ipproto-240 (240)
  • ipproto-241 (241)
  • ipproto-242 (242)
  • ipproto-243 (243)
  • ipproto-244 (244)
  • ipproto-245 (245)
  • ipproto-246 (246)
  • ipproto-247 (247)
  • ipproto-248 (248)
  • ipproto-249 (249)
  • ipproto-250 (250)
  • ipproto-251 (251)
  • ipproto-252 (252)
  • ipproto-253 (253)
  • ipproto-254 (254)
  • dont-verify (255)
SrcPort
The source port this SA covers, 0 for any.
DstPort
The destination port this SA covers, 0 for any.
Seconds
The number of seconds since this SA was created.
Bytes
The amount of data in kilobytes protected by this SA.
Packets
The number of packets protected by this SA.
ReplayErrors
The number of replayed packets detected for this SA.
RecvErrors
The number of receive errors (replayed packets not counted)
detected for this SA.
DecryptErrors
The number of decryption errors (ESP only) detected for 
this SA.
PeerIndex
The index of the peer for which this SA was created.
TrafficIndex
The index of the traffic entry for which this SA was created.
Heartbeats
The number of heartbeats received / sent by this SA.
Bundle
unique id of SA-bundle within this SA is used.
BundleNesting
place of SA within SA-Bundle.
BundleFlag
true(1)  SA completes whole SA-bundle
false(2) more SAs follow (SA-bundle is incomplete)
Enumerations:
  • true (1)
  • false (2)


Copyright ©2003 by BinTec Access Networks GmbH
This page was last modified on: 11.03.2003 by Projectmanager Maintenance