>> MIB - Management Information Base

>> Table: ipsecTrafficTable - (.1.3.6.1.4.1.272.4.26.7.1)

Description: This object contains a description of a type of IP traffic and the action which should be applied to it together with the necessary parameters.

ipsecTrafficTable
OIDNameTypeAccess
.1IndexINTEGERR
.2NextIndexINTEGERRW
.3DescriptionDisplayStringRW
.4LocalAddressIpAddressRW
.5LocalMaskLenINTEGERRW
.6LocalRangeIpAddressRW
.7RemoteAddressIpAddressRW
.8RemoteMaskLenINTEGERRW
.9RemoteRangeIpAddressRW
.10ProtoENUMRW
.11LocalPortINTEGERRW
.12RemotePortINTEGERRW
.13ActionENUMD
.14ProposalINTEGERRW
.15ForceTunnelModeENUMRW
.16LifeTimeINTEGERRW
.17GranularityENUMRW
.18KeepAliveENUMRW
.19InterfaceINTEGERRW
.20DirectionENUMRW
.21LocalAddressTypeENUMRW
.22RemoteAddressTypeENUMRW
.30InSpiHexValueRW
.31OutSpiHexValueRW
.32EncKeyInDisplayStringRW
.33EncKeyOutDisplayStringRW
.34AuthKeyInDisplayStringRW
.35AuthKeyOutDisplayStringRW
.36CreatorENUMR

Index
A unique index identifying this entry.
NextIndex
This object specifies the index of the next traffic
entry in hierarchy.
Description
An optional human readable description for this traffic entry.
LocalAddress
The source IP-address of this traffic entry. It maybe
either a single address, a network address (in
combination with ipsecTrSrcMask), or the first address
of an address range (in combination with
ipsecTrLocalRange).
LocalMaskLen
The length of the network mask for a source network.
LocalRange
The last address of a source address range. If this
field is nonzero, the ipsecTrLocalMaskLen field is
ignored and the source is considered as a range of
addresses beginning with ipsecTrLocalAddress and ending
with ipsecTrLocalRange.
RemoteAddress
The destination IP-address of this traffic entry. It maybe
either a single address, a network address (in
combination with ipsecTrDstMask), or the first address
of an address range (in combination with
ipsecTrRemoteRange).
RemoteMaskLen
The length of the network mask for a destination network.
RemoteRange
The last address of a destination address range. If
this field is nonzero, the ipsecTrRemoteMaskLen field is
ignored and the source is considered as a range of
addresses beginning with ipsecTrRemoteAddress and ending
with ipsecTrRemoteRange.
Proto
The transport protocol defined for this entry.
Enumerations:
  • icmp (1)
  • igmp (2)
  • ggp (3)
  • ipip (4)
  • st (5)
  • tcp (6)
  • cbt (7)
  • egp (8)
  • igp (9)
  • bbn (10)
  • nvp (11)
  • pup (12)
  • argus (13)
  • emcon (14)
  • xnet (15)
  • chaos (16)
  • udp (17)
  • mux (18)
  • dcn (19)
  • hmp (20)
  • prm (21)
  • xns (22)
  • trunk1 (23)
  • trunk2 (24)
  • leaf1 (25)
  • leaf2 (26)
  • rdp (27)
  • irtp (28)
  • isotp4 (29)
  • netblt (30)
  • mfe (31)
  • merit (32)
  • sep (33)
  • pc3 (34)
  • idpr (35)
  • xtp (36)
  • ddp (37)
  • idprc (38)
  • tp (39)
  • il (40)
  • ipv6 (41)
  • sdrp (42)
  • ipv6route (43)
  • ipv6frag (44)
  • idrp (45)
  • rsvp (46)
  • gre (47)
  • mhrp (48)
  • bna (49)
  • esp (50)
  • ah (51)
  • inlsp (52)
  • swipe (53)
  • narp (54)
  • mobile (55)
  • tlsp (56)
  • skip (57)
  • ipv6icmp (58)
  • ipv6nonxt (59)
  • ipv6opts (60)
  • ipproto-61 (61)
  • cftp (62)
  • local (63)
  • sat (64)
  • kryptolan (65)
  • rvd (66)
  • ippc (67)
  • distfs (68)
  • satmon (69)
  • visa (70)
  • ipcv (71)
  • cpnx (72)
  • cphb (73)
  • wsn (74)
  • pvp (75)
  • brsatmon (76)
  • sunnd (77)
  • wbmon (78)
  • wbexpak (79)
  • isoip (80)
  • vmtp (81)
  • securevmtp (82)
  • vines (83)
  • ttp (84)
  • nsfnet (85)
  • dgp (86)
  • tcf (87)
  • eigrp (88)
  • ospfigp (89)
  • sprite (90)
  • larp (91)
  • mtp (92)
  • ax25 (93)
  • ipwip (94)
  • micp (95)
  • scc (96)
  • etherip (97)
  • encap (98)
  • encrypt (99)
  • gmtp (100)
  • ifmp (101)
  • pnni (102)
  • pim (103)
  • aris (104)
  • scps (105)
  • qnx (106)
  • an (107)
  • ippcp (108)
  • snp (109)
  • compaq (110)
  • ipxip (111)
  • vrrp (112)
  • pgm (113)
  • hop0 (114)
  • l2tp (115)
  • ipproto-116 (116)
  • ipproto-117 (117)
  • ipproto-118 (118)
  • ipproto-119 (119)
  • ipproto-120 (120)
  • ipproto-121 (121)
  • ipproto-122 (122)
  • ipproto-123 (123)
  • ipproto-124 (124)
  • ipproto-125 (125)
  • ipproto-126 (126)
  • ipproto-127 (127)
  • ipproto-128 (128)
  • ipproto-129 (129)
  • ipproto-130 (130)
  • ipproto-131 (131)
  • ipproto-132 (132)
  • ipproto-133 (133)
  • ipproto-134 (134)
  • ipproto-135 (135)
  • ipproto-136 (136)
  • ipproto-137 (137)
  • ipproto-138 (138)
  • ipproto-139 (139)
  • ipproto-140 (140)
  • ipproto-141 (141)
  • ipproto-142 (142)
  • ipproto-143 (143)
  • ipproto-144 (144)
  • ipproto-145 (145)
  • ipproto-146 (146)
  • ipproto-147 (147)
  • ipproto-148 (148)
  • ipproto-149 (149)
  • ipproto-150 (150)
  • ipproto-151 (151)
  • ipproto-152 (152)
  • ipproto-153 (153)
  • ipproto-154 (154)
  • ipproto-155 (155)
  • ipproto-156 (156)
  • ipproto-157 (157)
  • ipproto-158 (158)
  • ipproto-159 (159)
  • ipproto-160 (160)
  • ipproto-161 (161)
  • ipproto-162 (162)
  • ipproto-163 (163)
  • ipproto-164 (164)
  • ipproto-165 (165)
  • ipproto-166 (166)
  • ipproto-167 (167)
  • ipproto-168 (168)
  • ipproto-169 (169)
  • ipproto-170 (170)
  • ipproto-171 (171)
  • ipproto-172 (172)
  • ipproto-173 (173)
  • ipproto-174 (174)
  • ipproto-175 (175)
  • ipproto-176 (176)
  • ipproto-177 (177)
  • ipproto-178 (178)
  • ipproto-179 (179)
  • ipproto-180 (180)
  • ipproto-181 (181)
  • ipproto-182 (182)
  • ipproto-183 (183)
  • ipproto-184 (184)
  • ipproto-185 (185)
  • ipproto-186 (186)
  • ipproto-187 (187)
  • ipproto-188 (188)
  • ipproto-189 (189)
  • ipproto-190 (190)
  • ipproto-191 (191)
  • ipproto-192 (192)
  • ipproto-193 (193)
  • ipproto-194 (194)
  • ipproto-195 (195)
  • ipproto-196 (196)
  • ipproto-197 (197)
  • ipproto-198 (198)
  • ipproto-199 (199)
  • ipproto-200 (200)
  • ipproto-201 (201)
  • ipproto-202 (202)
  • ipproto-203 (203)
  • ipproto-204 (204)
  • ipproto-205 (205)
  • ipproto-206 (206)
  • ipproto-207 (207)
  • ipproto-208 (208)
  • ipproto-209 (209)
  • ipproto-210 (210)
  • ipproto-211 (211)
  • ipproto-212 (212)
  • ipproto-213 (213)
  • ipproto-214 (214)
  • ipproto-215 (215)
  • ipproto-216 (216)
  • ipproto-217 (217)
  • ipproto-218 (218)
  • ipproto-219 (219)
  • ipproto-220 (220)
  • ipproto-221 (221)
  • ipproto-222 (222)
  • ipproto-223 (223)
  • ipproto-224 (224)
  • ipproto-225 (225)
  • ipproto-226 (226)
  • ipproto-227 (227)
  • ipproto-228 (228)
  • ipproto-229 (229)
  • ipproto-230 (230)
  • ipproto-231 (231)
  • ipproto-232 (232)
  • ipproto-233 (233)
  • ipproto-234 (234)
  • ipproto-235 (235)
  • ipproto-236 (236)
  • ipproto-237 (237)
  • ipproto-238 (238)
  • ipproto-239 (239)
  • ipproto-240 (240)
  • ipproto-241 (241)
  • ipproto-242 (242)
  • ipproto-243 (243)
  • ipproto-244 (244)
  • ipproto-245 (245)
  • ipproto-246 (246)
  • ipproto-247 (247)
  • ipproto-248 (248)
  • ipproto-249 (249)
  • ipproto-250 (250)
  • ipproto-251 (251)
  • ipproto-252 (252)
  • ipproto-253 (253)
  • ipproto-254 (254)
  • dont-verify (255)
LocalPort
The source port defined for this traffic entry.
RemotePort
The destination port defined for this traffic entry.
Action
The action to be applied to traffic matching this entry.
Possible values:
delete(1),		   -- Delete this entry
always-plain(2),        -- Forward the packets without
-- protection even if there is a
-- matching SA and independent from 
-- the position of the traffic entry
-- in the list.
pass(3),		   -- Forward the packets without 
-- protection
protect(4),             -- Protect the traffic as specified 
-- in the proposal. Drop unprotected
-- traffic of this kind.
drop(5)		   -- Drop all packets matching this 
-- traffic entry.
Enumerations:
  • delete (1)
  • always-plain (2)
  • pass (3)
  • protect (4)
  • drop (5)
Proposal
This object specifies an index in the
ipsecProposalTable. This may be the first proposal of
possibly a choice of multiple, optionally nested
proposals which is to be offered with IKE (automatic
keying) or a manual proposal (manual keying).
ForceTunnelMode
This object specifies the strategy when transport mode is used.
By default, the system always uses transport mode, if possible.
If this variable is set to true, always tunnel mode will be used
for this traffic entry, even if source and destination address 
match the tunnel endpoints.
Possible values:
true(1),  -- Use tunnel mode even if transport mode is possible
false(2)  -- Use transport mode whenever possible.
Enumerations:
  • true (1)
  • false (2)
LifeTime
This object specifies an index in the
ipsecLifeTimeTable. This lifetime overwrites the
lifetimes specified for all proposals referenced by
this traffic entry. It may itself be overwritten by
an explicit lifetime specified for the peer entry
referencing this traffic entry. If the lifetime
pointed to by this index does not exist or is
inappropriate, the default lifetime from the
ipsecGlobalsTable is used.
Granularity
This object specifies the granularity with which SA's
must be created for this kind of traffic.
Possible values:
default(1), 	-- use the setting from the ipsecPeerTable
coarse(2),	-- Create only one SA for each Traffic entry
ip(3),	-- Create one SA for each host
proto(4),	-- Create one SA for each protocol and host
port(5)	-- Create one SA for each port and host.
Enumerations:
  • default (1)
  • coarse (2)
  • ip (3)
  • proto (4)
  • port (5)
KeepAlive
This object specifies whether SA's created for this kind
of traffic should be rekeyed on expiration of soft
lifetimes even if there has not been sent any traffic
over them.
Possible values:
true(1), 	-- rekey SA's even if no data was transferred
false(2),	-- do not rekey SA's if no data was transferred
default(3)	-- use the default setting from the peer entry 
-- referencing this traffic entry.
Enumerations:
  • true (1)
  • false (2)
  • default (3)
Interface
This object specifies the interface for which the traffic
entry should be valid (pass and drop entries only).
If ipsecTrAction is set to ipsecTrAction_protect, this object
is ignored.
If this object is set to -1, there is no interface 
restriction.
Direction
This object specifies the direction for which this traffic 
entry should match. 
It only applies for pass and drop entries, for protect entries
it is meaningless.
Possible values:
bidirectional(1), -- matches packets from remote to local
-- and vice versa
inbound(2), 	     -- matches only packets from local to remote
outbound(3) 	     -- matches only packets from remote to local.
Enumerations:
  • bidirectional (1)
  • inbound (2)
  • outbound (3)
LocalAddressType
The type of the local address specification.
This may be either a statically configured address or a 
dynamic address which is taken from some state information.
Enumerations:
  • fixed (1)
  • ph1 (2)
RemoteAddressType
The type of the remote address specification.
This may be either a statically configured address or a 
dynamic address which is taken from some state information.
Enumerations:
  • fixed (1)
  • ph1 (2)
  • dhcp (3)
InSpi
This object specifies the Security Parameters Index
(SPI) which should be used for the inbound SA of a
manually keyed traffic entry. The SPI is used to
distinguish between multiple IPSec connections to the
same peer with the same security protocol. The
outbound SPI of the remote sides' corresponding
traffic entry has to be equal to this value. This
object is ignored for automatically keyed SAs, as it
is chosen randomly by the initiator.
OutSpi
This object specifies the Security Parameters Index
(SPI) which should be used for the outbound SA of a
manually keyed traffic entry. The SPI is used to
distinguish between multiple IPSec connections to the
same peer with the same security protocol. The
inbound SPI of the remote sides' corresponding
traffic entry has to be equal to this value. This
object is ignored for automatically keyed SAs, as it
is chosen randomly by the initiator.
EncKeyIn
This object serves as an input field for the inbound
encryption key used with manually keyed SAs. Its
contents are reset to a single asterisk immediately
after the set operation (or input via the
console). It is not evaluated for automatically keyed 
traffic entries or for traffic entries which do not 
require an encryption key.
EncKeyOut
This object serves as an input field for the outbound
encryption key used with manually keyed SAs. Its
contents are reset to a single asterisk immediately
after the set operation (or input via the
console). It is not evaluated for automatically keyed
traffic entries or for traffic entries which do not 
require an encryption key.
AuthKeyIn
This object serves as an input field for the inbound
authentication key used with manually keyed SAs. Its
contents are reset to a single asterisk immediately
after the set operation (or input via the
console). It is not evaluated for automatically keyed 
traffic entries or for traffic entries which do not 
require an authentication key.
AuthKeyOut
This object serves as an input field for the outbound
authentication key used with manually keyed SAs. Its
contents are reset to a single asterisk immediately
after the set operation (or input via the
console). It is not evaluated for automatically keyed 
traffic entries or for traffic entries which do not
require an authentication key.
Creator
This object shows the creator of the traffic entry.
Enumerations:
  • config (1)
  • radius-preset (2)


Copyright ©2003 by BinTec Access Networks GmbH
This page was last modified on: 11.03.2003 by Projectmanager Maintenance