>> MIB - Management Information Base

>> Table: ipsecProfileTable - (.1.3.6.1.4.1.272.4.26.15.1)

Description: This object contains an IPSec phase 1 profile.

ipsecProfileTable
OIDNameTypeAccess
.1IndexINTEGERR
.2DescriptionDisplayStringRW
.3ProposalINTEGERRW
.4PfsGroupINTEGERRW
.5LifeTimeINTEGERRW
.6HeartbeatsENUMRW
.7PmtuDiscoveryENUMRW
.8GranularityENUMRW
.9KeepAliveENUMD
.10VerifyPadENUMRW
.11ForceTunnelModeENUMRW

Index
A unique index identifying this entry.
Description
An optional description for this profile.
Proposal
The index of the IPSec proposal used for this profile.
PfsGroup
The Diffie Hellman group used for additional Perfect
Forward Secrecy (PFS) DH exponentiations.
Possible values:
-1: do not use PFS 
0: use value from default profile (do not use PFS 
if this is the default profile)
1: a 768-bit MODP group, 
2: a 1024-bit MODP group, 
5: a 1536-bit MODP group.
LifeTime
This object specifies an index in the
ipsecLifeTimeTable.
Heartbeats
This object specifies whether heartbeats should be sent 
over phase 2 SAs for this profile.
Possible values:
none(1),     -- neither send nor expect heartbeats
expect(2), 	-- expect heartbeats
send(3),     -- send heartbeats
both(4).	-- send and expect heartbeats
default(5),	-- use settings from peer or global profile
(auto if this is the global profile)
auto(6)	-- detect support using vendor id.
Enumerations:
  • none (1)
  • expect (2)
  • send (3)
  • both (4)
  • default (5)
  • auto (6)
PmtuDiscovery
This object specifies the PMTU discovery policy for this peer.
Possible values:
disabled(1), -- do not perform PMTU discovery
enabled(2)   -- perform PMTU discovery
default(3)   -- use settings from peer or global profile
-- (enabled if this is the global profile).
Enumerations:
  • disabled (1)
  • enabled (2)
  • default (3)
Granularity
This object specifies the granularity with which SA's
are created with this profile.
Possible values:
default(1),	-- use granulaity settings from default profile
-- (coarse if this is the default profile)
coarse(2),	-- Create only one SA for each Traffic entry
ip(3),	-- Create one SA for each host
proto(4),	-- Create one SA for each protocol and host
port(5)	-- Create one SA for each port and host.
Enumerations:
  • default (1)
  • coarse (2)
  • ip (3)
  • proto (4)
  • port (5)
KeepAlive
This object specifies whether IKE SA's
are rekeyed even if there was no data transferred over
them.
Possible values:
true(1), 	-- rekey SA's even if no data was transferred
false(2),	-- do not rekey SA's if no data was transferred
default (3),	-- use value from default profile
-- (false if this is the default profile)
delete (4)	-- mark this entry for deletion.
Enumerations:
  • true (1)
  • false (2)
  • default (3)
  • delete (4)
VerifyPad
This object is a compatibility option for older ipsec 
implementations. It enables or disables an old way of ESP 
padding (no self describing padding).
Possible values:
true(1),	-- normal, self-describing ESP padding
false(2), 	-- old style ESP padding
default(3)	-- use setting from peer or global profile
(true if this is the global profile).
Enumerations:
  • true (1)
  • false (2)
  • default (3)
ForceTunnelMode
This object specifies the strategy when transport mode is used.
By default, the system always uses transport mode, if possible.
If this variable is set to true, always tunnel mode will be used
for this traffic entry, even if source and destination address 
match the tunnel endpoints.
Possible values:
true(1), -- Use tunnel mode even if transport mode is possible
false(2),   -- Use transport mode whenever possible
default(3)  -- Use settings from default profile 
(if this is the default, false is assumed).
Enumerations:
  • true (1)
  • false (2)
  • default (3)


Copyright ©2003 by BinTec Access Networks GmbH