>> MIB - Management Information Base

>> Table: ipsecTrafficTable - (.1.3.6.1.4.1.272.4.26.7.1)

Description: This object contains a description of a type of IP traffic and the action which should be applied to it together with the necessary parameters.

ipsecTrafficTable
OIDNameTypeAccess
.1IndexINTEGERR
.2NextIndexINTEGERRW
.3DescriptionDisplayStringRW
.4LocalAddressIpAddressRW
.5LocalMaskLenINTEGERRW
.6LocalRangeIpAddressRW
.7RemoteAddressIpAddressRW
.8RemoteMaskLenINTEGERRW
.9RemoteRangeIpAddressRW
.10ProtoENUMRW
.11LocalPortINTEGERRW
.12RemotePortINTEGERRW
.13ActionENUMD
.14ProposalINTEGERR
.15ForceTunnelModeENUMR
.16LifeTimeINTEGERR
.17GranularityENUMR
.18KeepAliveENUMR
.19InterfaceINTEGERRW
.20DirectionENUMRW
.21LocalAddressTypeENUMRW
.22RemoteAddressTypeENUMRW
.23ProfileINTEGERRW
.36CreatorENUMR

Index
A unique index identifying this entry.
NextIndex
This object specifies the index of the next traffic
entry in hierarchy.
Description
An optional human readable description for this traffic entry.
LocalAddress
The source IP-address of this traffic entry. It maybe
either a single address, a network address (in
combination with ipsecTrSrcMask), or the first address
of an address range (in combination with
ipsecTrLocalRange).
LocalMaskLen
The length of the network mask for a source network.
LocalRange
The last address of a source address range. If this
field is nonzero, the ipsecTrLocalMaskLen field is
ignored and the source is considered as a range of
addresses beginning with ipsecTrLocalAddress and ending
with ipsecTrLocalRange.
RemoteAddress
The destination IP-address of this traffic entry. It maybe
either a single address, a network address (in
combination with ipsecTrDstMask), or the first address
of an address range (in combination with
ipsecTrRemoteRange).
RemoteMaskLen
The length of the network mask for a destination network.
RemoteRange
The last address of a destination address range. If
this field is nonzero, the ipsecTrRemoteMaskLen field is
ignored and the source is considered as a range of
addresses beginning with ipsecTrRemoteAddress and ending
with ipsecTrRemoteRange.
Proto
The transport protocol defined for this entry.
Enumerations:
  • icmp (1)
  • igmp (2)
  • ggp (3)
  • ipip (4)
  • st (5)
  • tcp (6)
  • cbt (7)
  • egp (8)
  • igp (9)
  • bbn (10)
  • nvp (11)
  • pup (12)
  • argus (13)
  • emcon (14)
  • xnet (15)
  • chaos (16)
  • udp (17)
  • mux (18)
  • dcn (19)
  • hmp (20)
  • prm (21)
  • xns (22)
  • trunk1 (23)
  • trunk2 (24)
  • leaf1 (25)
  • leaf2 (26)
  • rdp (27)
  • irtp (28)
  • isotp4 (29)
  • netblt (30)
  • mfe (31)
  • merit (32)
  • sep (33)
  • pc3 (34)
  • idpr (35)
  • xtp (36)
  • ddp (37)
  • idprc (38)
  • tp (39)
  • il (40)
  • ipv6 (41)
  • sdrp (42)
  • ipv6route (43)
  • ipv6frag (44)
  • idrp (45)
  • rsvp (46)
  • gre (47)
  • mhrp (48)
  • bna (49)
  • esp (50)
  • ah (51)
  • inlsp (52)
  • swipe (53)
  • narp (54)
  • mobile (55)
  • tlsp (56)
  • skip (57)
  • ipv6icmp (58)
  • ipv6nonxt (59)
  • ipv6opts (60)
  • ipproto-61 (61)
  • cftp (62)
  • local (63)
  • sat (64)
  • kryptolan (65)
  • rvd (66)
  • ippc (67)
  • distfs (68)
  • satmon (69)
  • visa (70)
  • ipcv (71)
  • cpnx (72)
  • cphb (73)
  • wsn (74)
  • pvp (75)
  • brsatmon (76)
  • sunnd (77)
  • wbmon (78)
  • wbexpak (79)
  • isoip (80)
  • vmtp (81)
  • securevmtp (82)
  • vines (83)
  • ttp (84)
  • nsfnet (85)
  • dgp (86)
  • tcf (87)
  • eigrp (88)
  • ospfigp (89)
  • sprite (90)
  • larp (91)
  • mtp (92)
  • ax25 (93)
  • ipwip (94)
  • micp (95)
  • scc (96)
  • etherip (97)
  • encap (98)
  • encrypt (99)
  • gmtp (100)
  • ifmp (101)
  • pnni (102)
  • pim (103)
  • aris (104)
  • scps (105)
  • qnx (106)
  • an (107)
  • ippcp (108)
  • snp (109)
  • compaq (110)
  • ipxip (111)
  • vrrp (112)
  • pgm (113)
  • hop0 (114)
  • l2tp (115)
  • ipproto-116 (116)
  • ipproto-117 (117)
  • ipproto-118 (118)
  • ipproto-119 (119)
  • ipproto-120 (120)
  • ipproto-121 (121)
  • ipproto-122 (122)
  • ipproto-123 (123)
  • ipproto-124 (124)
  • ipproto-125 (125)
  • ipproto-126 (126)
  • ipproto-127 (127)
  • ipproto-128 (128)
  • ipproto-129 (129)
  • ipproto-130 (130)
  • ipproto-131 (131)
  • ipproto-132 (132)
  • ipproto-133 (133)
  • ipproto-134 (134)
  • ipproto-135 (135)
  • ipproto-136 (136)
  • ipproto-137 (137)
  • ipproto-138 (138)
  • ipproto-139 (139)
  • ipproto-140 (140)
  • ipproto-141 (141)
  • ipproto-142 (142)
  • ipproto-143 (143)
  • ipproto-144 (144)
  • ipproto-145 (145)
  • ipproto-146 (146)
  • ipproto-147 (147)
  • ipproto-148 (148)
  • ipproto-149 (149)
  • ipproto-150 (150)
  • ipproto-151 (151)
  • ipproto-152 (152)
  • ipproto-153 (153)
  • ipproto-154 (154)
  • ipproto-155 (155)
  • ipproto-156 (156)
  • ipproto-157 (157)
  • ipproto-158 (158)
  • ipproto-159 (159)
  • ipproto-160 (160)
  • ipproto-161 (161)
  • ipproto-162 (162)
  • ipproto-163 (163)
  • ipproto-164 (164)
  • ipproto-165 (165)
  • ipproto-166 (166)
  • ipproto-167 (167)
  • ipproto-168 (168)
  • ipproto-169 (169)
  • ipproto-170 (170)
  • ipproto-171 (171)
  • ipproto-172 (172)
  • ipproto-173 (173)
  • ipproto-174 (174)
  • ipproto-175 (175)
  • ipproto-176 (176)
  • ipproto-177 (177)
  • ipproto-178 (178)
  • ipproto-179 (179)
  • ipproto-180 (180)
  • ipproto-181 (181)
  • ipproto-182 (182)
  • ipproto-183 (183)
  • ipproto-184 (184)
  • ipproto-185 (185)
  • ipproto-186 (186)
  • ipproto-187 (187)
  • ipproto-188 (188)
  • ipproto-189 (189)
  • ipproto-190 (190)
  • ipproto-191 (191)
  • ipproto-192 (192)
  • ipproto-193 (193)
  • ipproto-194 (194)
  • ipproto-195 (195)
  • ipproto-196 (196)
  • ipproto-197 (197)
  • ipproto-198 (198)
  • ipproto-199 (199)
  • ipproto-200 (200)
  • ipproto-201 (201)
  • ipproto-202 (202)
  • ipproto-203 (203)
  • ipproto-204 (204)
  • ipproto-205 (205)
  • ipproto-206 (206)
  • ipproto-207 (207)
  • ipproto-208 (208)
  • ipproto-209 (209)
  • ipproto-210 (210)
  • ipproto-211 (211)
  • ipproto-212 (212)
  • ipproto-213 (213)
  • ipproto-214 (214)
  • ipproto-215 (215)
  • ipproto-216 (216)
  • ipproto-217 (217)
  • ipproto-218 (218)
  • ipproto-219 (219)
  • ipproto-220 (220)
  • ipproto-221 (221)
  • ipproto-222 (222)
  • ipproto-223 (223)
  • ipproto-224 (224)
  • ipproto-225 (225)
  • ipproto-226 (226)
  • ipproto-227 (227)
  • ipproto-228 (228)
  • ipproto-229 (229)
  • ipproto-230 (230)
  • ipproto-231 (231)
  • ipproto-232 (232)
  • ipproto-233 (233)
  • ipproto-234 (234)
  • ipproto-235 (235)
  • ipproto-236 (236)
  • ipproto-237 (237)
  • ipproto-238 (238)
  • ipproto-239 (239)
  • ipproto-240 (240)
  • ipproto-241 (241)
  • ipproto-242 (242)
  • ipproto-243 (243)
  • ipproto-244 (244)
  • ipproto-245 (245)
  • ipproto-246 (246)
  • ipproto-247 (247)
  • ipproto-248 (248)
  • ipproto-249 (249)
  • ipproto-250 (250)
  • ipproto-251 (251)
  • ipproto-252 (252)
  • ipproto-253 (253)
  • ipproto-254 (254)
  • dont-verify (255)
LocalPort
The source port defined for this traffic entry.
RemotePort
The destination port defined for this traffic entry.
Action
The action to be applied to traffic matching this entry.
Possible values:
delete(1),		   -- Delete this entry
always-plain(2),        -- Forward the packets without
-- protection even if there is a
-- matching SA and independent from 
-- the position of the traffic entry
-- in the list.
pass(3),		   -- Forward the packets without 
-- protection
protect(4),             -- Protect the traffic as specified 
-- in the proposal. Drop unprotected
-- traffic of this kind.
drop(5)		   -- Drop all packets matching this 
-- traffic entry.
Enumerations:
  • delete (1)
  • always-plain (2)
  • pass (3)
  • protect (4)
  • drop (5)
Proposal
This object specifies an index in the
ipsecProposalTable. This may be the first proposal of
possibly a choice of multiple, optionally nested
proposals which is to be offered with IKE (automatic
keying) or a manual proposal (manual keying).
ForceTunnelMode
This object specifies the strategy when transport mode is used.
By default, the system always uses transport mode, if possible.
If this variable is set to true, always tunnel mode will be used
for this traffic entry, even if source and destination address 
match the tunnel endpoints.
Possible values:
true(1),  -- Use tunnel mode even if transport mode is possible
false(2)  -- Use transport mode whenever possible.
Enumerations:
  • true (1)
  • false (2)
LifeTime
This object specifies an index in the
ipsecLifeTimeTable. This lifetime overwrites the
lifetimes specified for all proposals referenced by
this traffic entry. It may itself be overwritten by
an explicit lifetime specified for the peer entry
referencing this traffic entry. If the lifetime
pointed to by this index does not exist or is
inappropriate, the default lifetime from the
ipsecGlobalsTable is used.
Granularity
This object specifies the granularity with which SA's
must be created for this kind of traffic.
Possible values:
default(1), 	-- use the setting from the ipsecPeerTable
coarse(2),	-- Create only one SA for each Traffic entry
ip(3),	-- Create one SA for each host
proto(4),	-- Create one SA for each protocol and host
port(5)	-- Create one SA for each port and host.
Enumerations:
  • default (1)
  • coarse (2)
  • ip (3)
  • proto (4)
  • port (5)
KeepAlive
This object specifies whether SA's created for this kind
of traffic should be rekeyed on expiration of soft
lifetimes even if there has not been sent any traffic
over them.
Possible values:
true(1), 	-- rekey SA's even if no data was transferred
false(2),	-- do not rekey SA's if no data was transferred
default(3)	-- use the default setting from the peer entry 
-- referencing this traffic entry.
Enumerations:
  • true (1)
  • false (2)
  • default (3)
Interface
This object specifies the interface for which the traffic
entry should be valid (pass, drop and protect entries).
If this object is set to -1, there is no interface 
restriction.
Direction
This object specifies the direction for which this traffic 
entry should match. 
It only applies for pass and drop entries, for protect entries
it is meaningless.
Possible values:
bidirectional(1), -- matches packets from remote to local
-- and vice versa
inbound(2), 	     -- matches only packets from remote to local
outbound(3) 	     -- matches only packets from local to remote.
Enumerations:
  • bidirectional (1)
  • inbound (2)
  • outbound (3)
LocalAddressType
The type of the local address specification.
This may be either a statically configured address or a 
dynamic address which is taken from some state information.
Enumerations:
  • fixed (1)
  • ph1 (2)
RemoteAddressType
The type of the remote address specification.
This may be either a statically configured address or a 
dynamic address which is taken from some state information.
Enumerations:
  • fixed (1)
  • ph1 (2)
  • dhcp (3)
Profile
The index from the ipsecProfileTable containing a special 
phase 2 profile to use for this traffic entry.
Creator
This object shows the creator of the traffic entry.
Enumerations:
  • config (1)
  • radius-preset (2)
  • radius (3)
  • ike (4)


MIB Reference to Software Version 7.5.1 generated on 2006/08/03. Provided by webmaster@funkwerk-ec.com
Copyright ©2006 by Funkwerk Enterprise Communications GmbH