IPSec Generic Flow Monitoring Object MIB Textual Conventions
- JnxIkePeerType—The type of IPsec Phase
1 IKE peer identity. This identity is the local IKE identity to send
in the exchange. The IKE peer can be identified by one of the ID types
defined in IPsec DOI (see Table 1).
Table 1: IKE Identity Type Textual Conventions
Type
Description
Syntax Integer
Unknown
Unknown type
(0)
idIpv4Addr
IPv4 address
(1)
idFqdn
Fully qualified domain name
(2)
idDn
Distinguished name
(3)
idUfqdn
User fully qualified domain name
(4)
- JnxIkeNegoMode—The IPsec Phase 1 IKE
negotiation mode (see Table 2).
Table 2: IKE Negotiation Mode Text Conventions
Type
Description
Syntax Integer
Main mode
A six-message Phase 1 exchange that provides identity protection
(1)
Aggressive mode
A three-message Phase 1 exchange that does not provide identity protection
(2)
- JnxIkeHashAlgo—The hash algorithm used
in IPsec Phase 1 IKE negotiations (see Table 3).
Table 3: IKE Negotiations Hash Alogorithms
Hash Alogorithm
Syntax Integer
md5
(1)
sha
(2)
- JnxIkeAuthMethod—The authentication method
used in IPsec Phase 1 IKE negotiations (see Table 4).
Table 4: IKE Authentication Method
Method
Syntax Integer
preSharedKey
(1)
dssSignature
(2)
rsaSignature
(3)
rsaEncryption
(4)
revRsaEncryption
(5)
xauthPreSharedKey
(6)
xauthDssSignature
(7)
xauthRsaSignature
(8)
xauthRsaEncryption
(9)
xauthRevRsaEncryption
(10)
- JnxIkePeerRole—The role of the local
endpoint in negotiating the IPsec Phase 1 IKE security association
(SA). It can be either initiator or responder (see Table 5).
Table 5: Role of Local Endpoint in Negotiations
Role
Syntax Integer
Initiator
(1)
Responder
(2)
- JnxIkeTunStateType—State of the Phase
1 IKE negotiation (see Table 6).
Table 6: State of Phase 1 IKE Negotiation
State
Syntax Integer
Up
(1)
Down
(2)
- JnxDiffHellmanGrp—The Diffie-Hellman
Group used in negotiations (see Table 7).
Table 7: Diffie-Hellman Group in Negotiations
Diffie Hellman Group
Description
Syntax Integer
Unknown
Unknown
(0)
modp768
768-bit MODP
(1)
modp1024
1024-bit MODP
(2)
modp1536
modp1536
(3)
- JnxKeyType—The type of key used by an
IPsec Phase 2 Tunnel (see Table 8).
Table 8: Key Used by IPsec Phase 2 Tunnel
Key
Syntax Integer
Unknown
(0)
keyIke
(1)
keyManual
(2)
- JnxEncryptAlgo —The encryption algorithm
used in negotiations (see Table 9).
Table 9: Encryption Algorithm in Negotiations
Algorithm
Syntax Integer
espDes
(1)
esp3des
(2)
espNull
(3)
espAes128
(4)
espAes192
(5)
espAes256
(6)
- JnxAuthAlgo—The authentication algorithm
used by an SA of an IPsec Phase 2 Tunnel (see Table 10).
Table 10: Role of Local Endpoint in Negotiations
Algorithm
Syntax Integer
Unknown
(0)
hmacMd5
(1)
hmacSha
(2)
- JnxRemotePeerType—The type of the remote
peer gateway (endpoint) (see Table 11).
Table 11: Type of Remote Peer Gateway
Gateway Type
Syntax Integer and Description
Unknown
(0)
Static
(1)
Static (remote peer whose IP address is known beforehand)
Dynamic
(2)
Dynamic (remote peer whose IP address is not known beforehand)
- JnxSpiType—The type of the SPI associated with IPsec Phase 2 SAs. An unsigned 32-bit integer (256. . . 4294967295).
- JnxSAType—The SA type (see Table 12).
Table 12: Role of Local Endpoint in Negotiations
SA Type
Syntax Integer
Unknown
(0)
Manual
(1)
Dynamic
(2)
