AD | Application | AWS | Azure | Cloud | Database | Enterprise | Environmental | Event Log | File System | IoT | IT Service | Network/System | Infra | Performance | Protocol | SaaS | Security | Service Level | Storage | Linux | VMware | VoIP | Web | Wireless | SNMP

Crumbtrail

MonitorTools.com » Technical documentation » SNMP » MIB » Cisco » CISCO-IKE-CONFIGURATION-MIB

CISCO-IKE-CONFIGURATION-MIB device MIB details by Cisco

CISCO-IKE-CONFIGURATION-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing CISCO-IKE-CONFIGURATION-MIB.


Vendor: Cisco
Mib: CISCO-IKE-CONFIGURATION-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2024 [download]    (ships with advanced SNMP/MIB tools)
-- *------------------------------------------------------------------
-- * CISCO-IKE-CONFIGURATION-MIB.my
-- *                   IKE Configuration MIB
-- *
-- * September 2004, S Ramakrishnan
-- *
-- * Copyright (c) 2004 by cisco Systems, Inc.
-- * All rights reserved.
-- *------------------------------------------------------------------

CISCO-IKE-CONFIGURATION-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY, OBJECT-TYPE, 
        NOTIFICATION-TYPE,
        Unsigned32                             FROM SNMPv2-SMI
        RowStatus, TruthValue,
        TEXTUAL-CONVENTION                     FROM SNMPv2-TC
        MODULE-COMPLIANCE, OBJECT-GROUP, 
        NOTIFICATION-GROUP                     FROM SNMPv2-CONF
        InetAddress, InetAddressType,
        InetAddressPrefixLength                FROM INET-ADDRESS-MIB
        CIPsecPhase1PeerIdentityType,
        CIPsecIkeAuthMethod,
        CIPsecDiffHellmanGrp,
        CIPsecIkeHashAlgorithm,
        CIPsecEncryptAlgorithm,
        CIPsecIkePRFAlgorithm,
        CIKEIsakmpDoi,
        CIKELifetime,
        CIPsecControlProtocol,
        CIKELifesize                           FROM CISCO-IPSEC-TC
        ciscoMgmt                              FROM CISCO-SMI;

ciscoIkeConfigMIB MODULE-IDENTITY
        LAST-UPDATED        "200409160000Z"
        ORGANIZATION        "Cisco Systems"
        CONTACT-INFO
                "       Cisco Systems
                        Customer Service

                Postal: 170 W Tasman Drive
                        San Jose, CA  95134
                        USA

                   Tel: +1 800 553-NETS

                E-mail: cs-ipsecmib@external.cisco.com"
        DESCRIPTION
                "This is a MIB Module for configuring and viewing IKE 
                parameters and policies. 
    
                Acronyms
                The following acronyms are used in this document:

                IPsec:      Secure IP Protocol

                VPN:        Virtual Private Network

                ISAKMP:     Internet Security Association and Key Exchange
                            Protocol

                IKE:        Internet Key Exchange Protocol

                DOI:        Domain of Interpretation (of the attributes
                            of IKE protocol in the context of a specific 
                            Phase-2 protocol).

                SA:         Security Association
                            (ref: rfc2408).

                SPI:        Security Parameter Index is the pointer or
                            identifier used in accessing SA attributes
                            (ref: rfc2408).

                MM:         Main Mode - the process of setting up
                            a Phase 1 SA to secure the exchanges
                            required to setup Phase 2 SAs

                Phase 1 Tunnel:
                            An ISAKMP SA can be regarded as representing
                            a flow of ISAKMP/IKE traffic. Hence an ISAKMP
                            is referred to as a 'Phase 1 Tunnel' in this
                            document. 

                Phase 2 Tunnel:
                            A Phase 2 Tunnel is an instance of a
                            non-ISAKMP SA bundle in which all the SA
                            share the same proxy identifiers (IDii,IDir)
                            and protect the same stream of application
                            traffic.
                            Note that a Phase 2 tunnel may comprise one
                            SA bundle at any given point of time, but 
                            the SA bundle changes with time due to 
                            key refresh.


                History of the MIB
                This MIB was originally written as CISCO-IPSEC-MIB
                which combined the configuration of IKE and IPsec
                protocols into a single MIB.
                " 
        REVISION        "200409160000Z"
        DESCRIPTION 
                "Initial version of this MIB module."
        ::= { ciscoMgmt 423 }

cicIkeConfigMIBNotifs  OBJECT IDENTIFIER 
        ::= { ciscoIkeConfigMIB 0 }

cicIkeConfigMIBObjects OBJECT IDENTIFIER  
        ::= { ciscoIkeConfigMIB 1 }
                     
cicIkeConfigMIBConform OBJECT IDENTIFIER  
        ::= { ciscoIkeConfigMIB 2 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IKE Configuration MIB Object Groups
--
-- This MIB module contains the following groups:
-- 1) IKE Enabler group
-- 2) IKE Identitiy group
-- 3) IKE Failure Recovery group
-- 4) IKE Peer authentication group
-- 5) IKE Connection policies
-- 6) IKE Service control
-- 7) IKE configuration Notifications
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
cicIkeCfgOperations  OBJECT IDENTIFIER
        ::= { cicIkeConfigMIBObjects 1 }

cicIkeCfgIdentities  OBJECT IDENTIFIER 
        ::= { cicIkeConfigMIBObjects 2 }

cicIkeCfgFailureRecovery   OBJECT IDENTIFIER
        ::= { cicIkeConfigMIBObjects 3 }

cicIkeCfgPeerAuth  OBJECT IDENTIFIER
        ::= { cicIkeConfigMIBObjects 4 }

cicIkeCfgPskAuthConfig  OBJECT IDENTIFIER  
        ::= { cicIkeCfgPeerAuth 1 }

cicIkeCfgNonceAuthConfig   OBJECT IDENTIFIER
        ::= { cicIkeCfgPeerAuth 2 }

cicIkeCfgPkiAuthConfig   OBJECT IDENTIFIER
        ::= { cicIkeCfgPeerAuth 3 }

cicIkeCfgPolicies   OBJECT IDENTIFIER
        ::= { cicIkeConfigMIBObjects 5 }

cicIkeCfgServiceControl   OBJECT IDENTIFIER
        ::= { cicIkeConfigMIBObjects 6 }

cicIkeCfgCallAdmssionnCtrl   OBJECT IDENTIFIER
        ::= { cicIkeCfgServiceControl 1 }

cicIkeCfgQoSControl OBJECT IDENTIFIER
        ::= { cicIkeCfgServiceControl 2 }

cicIkeConfigMibNotifCntl  OBJECT IDENTIFIER
        ::= { cicIkeConfigMIBObjects 7 }

-- Textual conventions
CicIkeConfigPskIndex ::= TEXTUAL-CONVENTION
        STATUS    current
        DESCRIPTION
                "An arbitrary unique value identifying the
                configured pre-shared keys."
        SYNTAX    Unsigned32(1..65535)

CicIkeConfigInitiatorIndex ::= TEXTUAL-CONVENTION
        STATUS    current
        DESCRIPTION
                "An arbitrary unique value identifying the
                configured IKE version initiator."
        SYNTAX    Unsigned32(1..65535)

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Objects to control the IKE operational state.
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
cicIkeEnabled OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "
                This object reflects the operational status (enabled/
                disabled) of the IKE entity on the managed device.
                'true'  - IKE is enabled.
                'false' - IKE is disabled.
                "
        ::= { cicIkeCfgOperations 1 }

cicIkeAggressModeEnabled OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "
                This object reflects if the IKE entity on the managed 
                device performs aggressive mode negotiations.
                'true'  - IKE entity performs aggressive mode
                          negotiations.
                'false' - IKE entity does not perform aggressive mode
                          negotiations.
                "
        ::= { cicIkeCfgOperations 2 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Objects to show and control the IKE identity of the
-- local entity.
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
cicIkeCfgIdentityTable OBJECT-TYPE
        SYNTAX SEQUENCE OF CicIkeCfgIdentityEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                The table containing the list of Phase-1 identities
                used by the IKE protocol for the different Phase-2
                DOIs it operates in.
                "
        ::= { cicIkeCfgIdentities 1 }

cicIkeCfgIdentityEntry OBJECT-TYPE
        SYNTAX     CicIkeCfgIdentityEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                Each entry represents a Phase-1 identity
                used by IKE for a specific Phase-2 DOI.
                "
        INDEX { cicIkeCfgIdentityDoi }
        ::= { cicIkeCfgIdentityTable 1 }

CicIkeCfgIdentityEntry ::= SEQUENCE {
        cicIkeCfgIdentityDoi   CIKEIsakmpDoi,
        cicIkeCfgIdentityType  CIPsecPhase1PeerIdentityType
        }

cicIkeCfgIdentityDoi OBJECT-TYPE
        SYNTAX     CIKEIsakmpDoi
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                This is the DOI type that is supported 
                by this IKE entity on the managed device and
                for which the Phase-1 identity corresponding to this
                conceptual row is being defined.
                "
        ::= { cicIkeCfgIdentityEntry 1 }

cicIkeCfgIdentityType OBJECT-TYPE
        SYNTAX     CIPsecPhase1PeerIdentityType
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "
                The Phase I identity type used by the Phase-2 DOI
                corresponding to this conceptual row.
                "
        ::= { cicIkeCfgIdentityEntry 2 }

cicIkeCfgInitiatorNextAvailTable OBJECT-TYPE
        SYNTAX SEQUENCE OF CicIkeCfgInitiatorNextAvailEntry 
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                The table providing the next available index for
                the cicIkeCfgInitiatorTable, in a domain of
                interpretation(DOI), identified by
                cicIkeCfgIdentityDoi.  This value is only a
                recommended value, but the user can choose to
                use a different value to create an entry
                in the cicIkeCfgInitiatorTable. 
                "
        ::= { cicIkeCfgIdentities 2 }

cicIkeCfgInitiatorNextAvailEntry OBJECT-TYPE
        SYNTAX     CicIkeCfgInitiatorNextAvailEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                Each entry represents a next available index
                for the cicIkeCfgInitiatorTable.
                "
        AUGMENTS { cicIkeCfgIdentityEntry }
        ::= { cicIkeCfgInitiatorNextAvailTable 1 }

CicIkeCfgInitiatorNextAvailEntry ::= SEQUENCE {
        cicIkeCfgInitiatorNextAvailIndex CicIkeConfigInitiatorIndex
        }

cicIkeCfgInitiatorNextAvailIndex OBJECT-TYPE
        SYNTAX     CicIkeConfigInitiatorIndex
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
               "
               The object specifies the next available index for
               object cicIkeCfgInitiatorIndex which can be used for 
               creating an entry in cicIkeCfgInitiatorTable.
               "
        ::= { cicIkeCfgInitiatorNextAvailEntry 1 }

cicIkeCfgInitiatorTable OBJECT-TYPE
        SYNTAX SEQUENCE OF CicIkeCfgInitiatorEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
                "The table containing the IKE version initiators
                for peers. 
                "
        ::= { cicIkeCfgIdentities 3 }

cicIkeCfgInitiatorEntry OBJECT-TYPE
        SYNTAX      CicIkeCfgInitiatorEntry 
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
                "Each entry represents the IKE protocol version
                initiated when connecting to a remote peer.
                "
        INDEX { cicIkeCfgIdentityDoi, cicIkeCfgInitiatorIndex }
        ::= { cicIkeCfgInitiatorTable 1 }

CicIkeCfgInitiatorEntry ::= SEQUENCE {
        cicIkeCfgInitiatorIndex     CicIkeConfigInitiatorIndex,
        cicIkeCfgInitiatorPAddrType CIPsecPhase1PeerIdentityType,
        cicIkeCfgInitiatorPAddr     OCTET STRING,
        cicIkeCfgInitiatorVer       CIPsecControlProtocol,
        cicIkeCfgInitiatorStatus    RowStatus
        }
cicIkeCfgInitiatorIndex OBJECT-TYPE
        SYNTAX       CicIkeConfigInitiatorIndex
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
                "An arbitrary value identifying the configured
                IKE version initiated for a peer in this domain of
                interpretation, identified by cicIkeCfgIdentityDoi,
                on a managed device. This object could have the
                same value as cicIkeCfgInitiatorNextAvailIndex.
                "
        ::= { cicIkeCfgInitiatorEntry 1 }

cicIkeCfgInitiatorPAddrType OBJECT-TYPE
        SYNTAX       CIPsecPhase1PeerIdentityType
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
                "
                The Phase 1 ID type of the remote peer for which
                this IKE protocol initiator is configured.

                This object cannot be modified while the
                corresponding value of cicIkeCfgInitiatorStatus is
                equal to 'active'.
                "
        ::= { cicIkeCfgInitiatorEntry 2 }

cicIkeCfgInitiatorPAddr OBJECT-TYPE
        SYNTAX       OCTET STRING(SIZE(1..255))
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
                "This object represents the address of the remote
                peer corresponding to this conceptual row.

                This object cannot be modified while the
                corresponding value of cicIkeCfgInitiatorStatus is
                equal to 'active'.
                "
        ::= { cicIkeCfgInitiatorEntry 3 }

cicIkeCfgInitiatorVer OBJECT-TYPE
        SYNTAX       CIPsecControlProtocol
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
                "This object represents the IKE protocol version
                used when connecting to a remote peer specified in
                cicIkeCfgInitiatorPAddr.

                This object cannot be modified while the
                corresponding value of cicIkeCfgInitiatorStatus is
                equal to 'active'.
                "
        ::= { cicIkeCfgInitiatorEntry 4 }

cicIkeCfgInitiatorStatus OBJECT-TYPE
        SYNTAX       RowStatus
        MAX-ACCESS   read-create
        STATUS       current
        DESCRIPTION
                "The status of this conceptual row. To configure an
                IKE version initiator entry, the NMS must do a
                multivarbind set containing
                cicIkeCfgInitiatorPAddrType, cicIkeCfgInitiatorPAddr
                and cicIkeCfgInitiatorVer.
                Creation of row can only be done via 'createAndGo'.
                To remove a row, set this object value to 'destroy'.
                "
        ::= { cicIkeCfgInitiatorEntry 5 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Objects to show and control IKE failure recovery.
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
cicIkeCfgFailureRecovConfigTable OBJECT-TYPE
        SYNTAX SEQUENCE OF CicIkeCfgFailureRecovConfigEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The table containing the failure recovery
                configuration for IKE per supported DOI in the
                managed entity.
                "
        ::= { cicIkeCfgFailureRecovery 1 }

cicIkeCfgFailureRecovConfigEntry OBJECT-TYPE
        SYNTAX      CicIkeCfgFailureRecovConfigEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
                "Each entry represents a Phase I failure recovery
                configuration for the Phase 2 DOI corresponding
                to the conceptual row."
        AUGMENTS { cicIkeCfgIdentityEntry }
        ::= { cicIkeCfgFailureRecovConfigTable 1 }

CicIkeCfgFailureRecovConfigEntry ::= SEQUENCE {
        cicIkeKeepAliveEnabled       TruthValue,
        cicIkeKeepAliveType          INTEGER,
        cicIkeKeepAliveInterval      Unsigned32,
        cicIkeKeepAliveRetryInterval Unsigned32,
        cicIkeInvalidSpiNotify       TruthValue
        }

cicIkeKeepAliveEnabled OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "
                This object reflects if the IKE entity in the
                managed device performs keepalives with all the
                peers for the DOI corresponding to this
                conceptual row. 
                'true'  - keepalives are performed.
                'false' - no keepalives are performed.
                "
        ::= { cicIkeCfgFailureRecovConfigEntry 1 }

cicIkeKeepAliveType OBJECT-TYPE
        SYNTAX     INTEGER { none(1), periodic(2), ondemand(3) }
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
        "
        This object reflects the type of keepalives to be used
        by the IKE entity on the managed device with all the
        peers for the DOI corresponding to this conceptual row.
        "
        ::= { cicIkeCfgFailureRecovConfigEntry 2 }

cicIkeKeepAliveInterval OBJECT-TYPE
        SYNTAX     Unsigned32(1..86400)
        UNITS      "seconds"
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "
                This object reflects the keepalive interval in
                seconds used by the IKE entity on the managed
                device with all the peers for the DOI corresponding
                to this conceptual row.
                "
        ::= { cicIkeCfgFailureRecovConfigEntry 3 }

cicIkeKeepAliveRetryInterval OBJECT-TYPE
        SYNTAX     Unsigned32(1..600)
        UNITS      "seconds"
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "
                This object reflects the keepalive retry interval
                in seconds used by the IKE entity on the managed
                device with all the peers for the DOI corresponding
                to this conceptual row.
                "
        ::= { cicIkeCfgFailureRecovConfigEntry 4 }

cicIkeInvalidSpiNotify OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "
                This object reflects if the IKE entity on the managed 
                device notifies any peer when an IPsec Phase-1 or
                Phase-2 packet with an invalid SPI is received from
                that peer for the DOI corresponding to this
                conceptual row.
                'true'  - IKE entity notifies peer.
                'false' - IKE entity does not notify peer.
                "
        ::= { cicIkeCfgFailureRecovConfigEntry 5 }

--
-- Table giving next available index for pre-shared 
-- authentication key table
--
 
cicIkeCfgPskNextAvailTable OBJECT-TYPE
        SYNTAX SEQUENCE OF CicIkeCfgPskNextAvailEntry 
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                The table providing the next available index for the
                cicIkeCfgPskTable, in a domain of interpretation(DOI),
                identified by cicIkeCfgIdentityDoi.
                This value is only a recommended value, but the user
                can choose to use a different value to create an
                entry in the cicIkeCfgPskTable. 
                "
        ::= { cicIkeCfgPskAuthConfig 1 }

cicIkeCfgPskNextAvailEntry OBJECT-TYPE
        SYNTAX     CicIkeCfgPskNextAvailEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                Each entry represents a next available index for the
                cicIkeCfgPskTable.
                "
        AUGMENTS { cicIkeCfgIdentityEntry }
        ::= { cicIkeCfgPskNextAvailTable 1 }

CicIkeCfgPskNextAvailEntry ::= SEQUENCE {
        cicIkeCfgPskNextAvailIndex    CicIkeConfigPskIndex
        }

cicIkeCfgPskNextAvailIndex OBJECT-TYPE
        SYNTAX     CicIkeConfigPskIndex
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "
                The object specifies the next available index for
                object cicIkeCfgPskIndex which can be used for 
                creating an entry in cicIkeCfgPskTable.
                "
        ::= { cicIkeCfgPskNextAvailEntry 1 }
  
---
---  IKE pre-shared authentication key table
---

cicIkeCfgPskTable OBJECT-TYPE
        SYNTAX SEQUENCE OF CicIkeCfgPskEntry 
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                The table containing the list of pre shared
                authentication keys configured to be used by
                IKE protocol catalogued by the DOI and the peer
                identity. It is possible to have 
                multiple peers per DOI.
                "
        ::= { cicIkeCfgPskAuthConfig 2 }

cicIkeCfgPskEntry OBJECT-TYPE
        SYNTAX     CicIkeCfgPskEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                Each entry represents a configured pre-shared
                authentication key for a specific peer.
        "
        INDEX { cicIkeCfgIdentityDoi, cicIkeCfgPskIndex }
        ::= { cicIkeCfgPskTable 1 }

CicIkeCfgPskEntry ::= SEQUENCE {
        cicIkeCfgPskIndex              CicIkeConfigPskIndex,
        cicIkeCfgPskKey                OCTET STRING,
        cicIkeCfgPskRemIdentType       CIPsecPhase1PeerIdentityType,
        cicIkeCfgPskRemIdentTypeStand  InetAddressType,
        cicIkeCfgPskRemIdentity        OCTET STRING,
        cicIkeCfgPskRemIdAddrOrRg1OrSn InetAddress,
        cicIkeCfgPskRemIdAddrRange2    InetAddress,
        cicIkeCfgPskRemIdSubnetMask    InetAddressPrefixLength,
        cicIkeCfgPskStatus             RowStatus
        }

cicIkeCfgPskIndex OBJECT-TYPE
        SYNTAX     CicIkeConfigPskIndex
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                An arbitrary value identifying the configured
                pre-shared keys for IKE entity in this domain of
                interpretation, identified by cicIkeCfgIdentityDoi,
                on a managed device. This object could have the
                same value as cicIkeCfgPskNextAvailIndex.
                "
        ::= { cicIkeCfgPskEntry 1 }

cicIkeCfgPskKey OBJECT-TYPE
        SYNTAX     OCTET STRING(SIZE(1..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                The pre-shared authorization key used in
                authenticating the peer corresponding to this
                conceptual row.

                This object cannot be modified while the
                corresponding value of cicIkeCfgPskStatus is equal
                to 'active'. 
                "
        ::= { cicIkeCfgPskEntry 2 }

cicIkeCfgPskRemIdentType OBJECT-TYPE
        SYNTAX     CIPsecPhase1PeerIdentityType
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                The Phase 1 ID type of the remote peer identity for
                which this preshared key is configured.

                This object cannot be modified while the
                corresponding value of cicIkeCfgPskStatus is equal
                to 'active'.  
                "
        ::= { cicIkeCfgPskEntry 3 }
   
cicIkeCfgPskRemIdentTypeStand OBJECT-TYPE
        SYNTAX     InetAddressType
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "If the object 'cicIkeCfgPskRemIdentType' is one
                of
                       idIpv4Addr
                       idIpv6Addr
                       idIpv4AddrRange
                       idIpv6AddrRange
                       idIpv4AddrSubnet
                       idIpv6AddrSubnet
                then this object contains the type of InetAddress
                for the corresponding value(s) of
                cicIkeCfgPskRemIdAddrOrRg1OrSn,
                cicIkeCfgPskRemIdAddrRange2 and/or
                cicIkeCfgPskRemIdSubnetMask.

                This object would have a value 'unknown', for other
                values of cicIkeCfgPskRemIdentType. 
                "
        ::= { cicIkeCfgPskEntry 4 }
       
cicIkeCfgPskRemIdentity OBJECT-TYPE
        SYNTAX     OCTET STRING(SIZE(1..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                The Phase 1 ID identity of the peer for which
                this preshared key is configured on the local entity. 
        
                This object cannot be modified while the
                corresponding value of cicIkeCfgPskStatus is equal to 
                'active'. 
                "
        ::= { cicIkeCfgPskEntry 5 }

cicIkeCfgPskRemIdAddrOrRg1OrSn OBJECT-TYPE
        SYNTAX     InetAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                If the object cicIkeCfgPskRemIdentType is one 
                of
                        idIpv4Addr
                        idIpv6Addr
                        idIpv4AddrRange
                        idIpv6AddrRange
                        idIpv4AddrSubnet
                        idIpv6AddrSubnet

                then this object contains the first or only
                component of the Phase 1 identity. Otherwise, the
                value contained in this object will be a zero
                length string which should be disregarded.
                "
        ::= { cicIkeCfgPskEntry 6 }

cicIkeCfgPskRemIdAddrRange2 OBJECT-TYPE
        SYNTAX     InetAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                If the object cicIkeCfgPskRemIdentType is one 
                of
                        idIpv4AddrRange
                        idIpv6AddrRange

                then this object contains the second component of 
                the Phase 1 identity.   Otherwise, the
                value contained in this object will be a zero 
                length string which should be disregarded.
                "
        ::= { cicIkeCfgPskEntry 7 }
              
cicIkeCfgPskRemIdSubnetMask OBJECT-TYPE
        SYNTAX     InetAddressPrefixLength
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                If the object 'cicIkeCfgPskRemIdentType' is one of 
                        idIpv4AddrSubnet
                        idIpv6AddrSubnet 
        
                then this object contains the second component of 
                the Phase 1 identity.
                Otherwise, the value contained in this object will
                be zero which should be disregarded.
                "
        ::= { cicIkeCfgPskEntry 8 }

cicIkeCfgPskStatus OBJECT-TYPE
        SYNTAX     RowStatus
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The status of this conceptual row. To configure
                an pre shared authentication key entry, the NMS must
                do a multivarbind set containing cicIkeCfgPskKey,
                cicIkeCfgPskRemIdentType,cicIkeCfgPskRemIdentity.

                Creation of row can only be done via 'createAndGo'.
                To remove a row, set this object value to 'destroy'.
                "
        ::= { cicIkeCfgPskEntry 9 }

-- 
-- Cisco ISAKMP Policy Entries
-- 
cicIkeCfgPolicyTable OBJECT-TYPE
        SYNTAX SEQUENCE OF CicIkeCfgPolicyEntry
        MAX-ACCESS         not-accessible
        STATUS             current
        DESCRIPTION
                "
                The table containing the list of all
                ISAKMP policy entries configured by the operator.
                "
        ::= { cicIkeCfgPolicies 1 }

cicIkeCfgPolicyEntry OBJECT-TYPE
        SYNTAX     CicIkeCfgPolicyEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                Each entry contains the attributes associated with
                a single ISAKMP Policy entry.
                "
        INDEX { cicIkeCfgIdentityDoi, cicIkeCfgPolicyPriority }
        ::= { cicIkeCfgPolicyTable 1 }

CicIkeCfgPolicyEntry ::= SEQUENCE {
        cicIkeCfgPolicyPriority   Unsigned32,
        cicIkeCfgPolicyEncr       CIPsecEncryptAlgorithm,
        cicIkeCfgPolicyHash       CIPsecIkeHashAlgorithm,
        cicIkeCfgPolicyPRF        CIPsecIkePRFAlgorithm,        
        cicIkeCfgPolicyAuth       CIPsecIkeAuthMethod,
        cicIkeCfgPolicyDHGroup    CIPsecDiffHellmanGrp,
        cicIkeCfgPolicyLifetime   CIKELifetime,
        cicIkeCfgPolicyLifesize   CIKELifesize,
        cicIkeCfgPolicyStatus     RowStatus
        }

cicIkeCfgPolicyPriority OBJECT-TYPE
        SYNTAX     Unsigned32(1..65534)
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "
                The priority of this ISAKMP Policy entry. The policy
                with lower value would take precedence over
                the policy with higher value in the same DOI.   
                "
        ::= { cicIkeCfgPolicyEntry 1 }

cicIkeCfgPolicyEncr OBJECT-TYPE
        SYNTAX     CIPsecEncryptAlgorithm
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                The encryption transform specified by this 
                ISAKMP policy specification. The Internet Key
                Exchange (IKE) tunnels setup using this policy item
                would use the specified encryption transform to protect
                the ISAKMP PDUs.
                "
        DEFVAL { esp3des }
        ::= { cicIkeCfgPolicyEntry 2 }

cicIkeCfgPolicyHash OBJECT-TYPE
        SYNTAX     CIPsecIkeHashAlgorithm
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                The hash transform specified by this 
                ISAKMP policy specification. The IKE tunnels
                setup using this policy item would use the 
                specified hash transform to protect the
                ISAKMP PDUs.
                "
        DEFVAL { sha }
        ::= { cicIkeCfgPolicyEntry 3 }
      
cicIkeCfgPolicyPRF OBJECT-TYPE
        SYNTAX     CIPsecIkePRFAlgorithm
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                The Pseudo Random Function algorithm specified by
                this ISAKMP policy specification. The value of this
                object would only be used for IKEv2.
                "
        DEFVAL { prfHmacSha1 }
        ::= { cicIkeCfgPolicyEntry 4 }

cicIkeCfgPolicyAuth OBJECT-TYPE
        SYNTAX     CIPsecIkeAuthMethod
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                The peer authentication method specified by
                this ISAKMP policy specification. If this policy
                entity is selected for negotiation with a peer,
                the local entity would authenticate the peer using 
                the method specified by this object.
                "
        DEFVAL { preSharedKey }
        ::= { cicIkeCfgPolicyEntry 5 }

cicIkeCfgPolicyDHGroup OBJECT-TYPE
        SYNTAX     CIPsecDiffHellmanGrp
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                This object specifies the Oakley group used 
                for Diffie Hellman exchange in the Main Mode. 
                If this policy item is selected to negotiate
                Main Mode with an IKE peer, the local entity 
                chooses the group specified by this object to
                perform Diffie Hellman exchange with the
                peer.
                "
        DEFVAL { modp1024 }
        ::= { cicIkeCfgPolicyEntry 6 }

cicIkeCfgPolicyLifetime OBJECT-TYPE
        SYNTAX     CIKELifetime
        UNITS      "seconds"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                This object specifies the lifetime in seconds
                of the IKE tunnels generated using this 
                policy specification.
                "
        DEFVAL { 86400 }
        ::= { cicIkeCfgPolicyEntry 7 }

cicIkeCfgPolicyLifesize OBJECT-TYPE
        SYNTAX     CIKELifesize
        UNITS      "kbytes"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                This object specifies the life size in Kbytes
                of the IKE tunnels generated using this 
                policy specification.
                "
        DEFVAL { 2560 }
        ::= { cicIkeCfgPolicyEntry 8 }

cicIkeCfgPolicyStatus OBJECT-TYPE
        SYNTAX     RowStatus
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "
                This object specifies the status of the ISAKMP
                policy corresponding to this conceptual row.

                Creation of row can only be done via 'createAndGo'.
                To remove a row, set this object value to 'destroy'.
                "
        ::= { cicIkeCfgPolicyEntry 9 }

--
-- Notification    Configuration
--
cicNotifCntlIkeAllNotifs OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "
                This value of this object must be 'true' to enable
                any notification in addition to the
                notification-specific control variables
                defined below.

                A notification <foo> defined in this module is
                enabled if and only if the expression

                (cicNotifCntlIkeAllNotifs && cicNotifCntlIke<foo>)

                evaluates to 'true'.
                "
        DEFVAL { true }
        ::= { cicIkeConfigMibNotifCntl 1 }

cicNotifCntlIkeOperStateChanged OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "When cicNotifCntlIkeAllNotifs has the value
                'true', this variable controls the generation of
                the ciscoIkeConfigOperStateChanged notification.

                When this variable is set to 'true', generation 
                of the notification is enabled. When this variable 
                is set to 'false', generation of the notification 
                is disabled.
                "
        DEFVAL { true }
        ::= { cicIkeConfigMibNotifCntl 2 }

cicNotifCntlIkePskAdded OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "When cicNotifCntlIkeAllNotifs has the value 'true',
                this variable controls the generation of
                cicNotifCntlIkePskAdded notification.
     
                When this variable is set to 'true', generation 
                of the notification is enabled. When this variable 
                is set to 'false', generation of the notification 
                is disabled.
                "
        DEFVAL { true }
        ::= { cicIkeConfigMibNotifCntl 3 }

cicNotifCntlIkePskDeleted OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "When cicNotifCntlIkeAllNotifs has the value 'true',
                this variable controls the generation of
                cicNotifCntlIkePskDeleted notification.

                When this variable is set to 'true', generation 
                of the notification is enabled. When this variable 
                is set to 'false', generation of the notification 
                is disabled.
                "
        DEFVAL { true }
        ::= { cicIkeConfigMibNotifCntl 4 }

cicNotifCntlIkePolicyAdded OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "When cicNotifCntlIkeAllNotifs has the value 'true',
                this variable controls the generation of
                cicNotifCntlIkePolicyAdded notification.

                When this variable is set to 'true', generation 
                of the notification is enabled. When this variable 
                is set to 'false', generation of the notification 
                is disabled.
                "
        DEFVAL { true }
        ::= { cicIkeConfigMibNotifCntl 5 }

cicNotifCntlIkePolicyDeleted OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "When cicNotifCntlIkeAllNotifs has the value 'true',
                this variable controls the generation of
                cicNotifCntlIkePolicyDeleted notification.

                When this variable is set to 'true', generation 
                of the notification is enabled. When this variable 
                is set to 'false', generation of the notification 
                is disabled.
                "
        DEFVAL { true }
        ::= { cicIkeConfigMibNotifCntl 6 }


-- ******************************************************************
-- Notifications
-- ******************************************************************
ciscoIkeConfigOperStateChanged NOTIFICATION-TYPE
        OBJECTS   { cicIkeEnabled }
        STATUS    current
        DESCRIPTION
                "
                The notification is generated when the operational
                state of IKE entity on the managed device has
                been changed.
                "
        ::= { cicIkeConfigMIBNotifs 1 }

ciscoIkeConfigPskAdded NOTIFICATION-TYPE
        OBJECTS   { cicIkeCfgPskRemIdentType, 
                    cicIkeCfgPskRemIdentity }
        STATUS    current
        DESCRIPTION
                "
                This notification is generated when a new preshared
                key is configured on the managed device.
                "
        ::= { cicIkeConfigMIBNotifs 2 }

ciscoIkeConfigPskDeleted NOTIFICATION-TYPE
        OBJECTS   { cicIkeCfgPskRemIdentType, 
                    cicIkeCfgPskRemIdentity }
        STATUS    current
        DESCRIPTION
                "
                This notification is generated when an existing
                preshared key is configured on the managed device is
                about to be deleted.
                "
        ::= { cicIkeConfigMIBNotifs 3 }

ciscoIkeConfigPolicyAdded NOTIFICATION-TYPE
        OBJECTS   { cicIkeCfgPolicyEncr,
                    cicIkeCfgPolicyHash,
                    cicIkeCfgPolicyAuth,
                    cicIkeCfgPolicyDHGroup }
        STATUS    current
        DESCRIPTION
                "
                This notification is generated when a new ISAKMP
                policy is configured on the managed device.
                "
        ::= { cicIkeConfigMIBNotifs 4 }

ciscoIkeConfigPolicyDeleted NOTIFICATION-TYPE
        OBJECTS   { cicIkeCfgPolicyEncr,
                    cicIkeCfgPolicyHash,
                    cicIkeCfgPolicyAuth,
                    cicIkeCfgPolicyDHGroup }
        STATUS    current
        DESCRIPTION
                "
                This notification is issued when an existing ISAKMP
                policy configured on the managed device is about
                to be deleted.
                "
        ::= { cicIkeConfigMIBNotifs 5 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Conformance Information
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
cicIkeCfgMIBGroups        OBJECT IDENTIFIER
        ::= { cicIkeConfigMIBConform 1 }

cicIkeCfgMIBCompliances   OBJECT IDENTIFIER
        ::= { cicIkeConfigMIBConform 2 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Compliance Statements
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
cicIkeCfgMIBCompliance MODULE-COMPLIANCE
        STATUS      current
        DESCRIPTION
                "The compliance statement for SNMP entities
                the Internet Key Exchange Protocol
                configuration MIB."

        MODULE -- this module
                MANDATORY-GROUPS  { 
                        cicIkeCfgOperGroup,
                        cicIkeCfgIdentitiesGroup,
                        cicIkeCfgPskAuthGroup,
                        cicIkeCfgPolicyGroup
                } 
                   
        GROUP cicIkeCfgOptionalPolicyGroup 
        DESCRIPTION   
                "This group is optional."
               
        GROUP cicIkeCfgFailureRecoveryGroup 
        DESCRIPTION   
                "
                This group is conditionally mandatory and must be
                implemented by the agent of the managed entity
                if and only if
                 a) the managed entity implements Internet Key 
                    Exchange keepalive operations or
                 b) the managed entity implements IKE
                    failure signaling (such as the Invalid SPI 
                    notification).
                "

        GROUP cicIkeCfgNotificationGroup 
        DESCRIPTION   
                "This group is optional."

        GROUP cicIkeCfgNotifCntlGroup 
        DESCRIPTION   
                "The agent must implement this group if it
                implements the group 'cicIkeCfgNotificationGroup'."

        OBJECT   cicIkeEnabled 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeAggressModeEnabled 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeKeepAliveEnabled 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeKeepAliveType 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeKeepAliveInterval 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required. It is compliant
                to support only a subset of the values in the
                range defined."

        OBJECT   cicIkeKeepAliveRetryInterval 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required. It is compliant
                to support only a subset of the values in the
                range defined."

        OBJECT   cicIkeInvalidSpiNotify 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeCfgPskKey                 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeCfgPskRemIdentType    
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required.
                 Note that an implementation need not support all
                 identity types listed in the definition of the
                 textual convention CIPsecPhase1PeerIdentityType."

        OBJECT   cicIkeCfgPskRemIdentity    
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeCfgPskRemIdAddrOrRg1OrSn 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeCfgPskRemIdAddrRange2 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."
       
        OBJECT   cicIkeCfgPskRemIdSubnetMask 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."
         
        OBJECT   cicIkeCfgPskStatus
        SYNTAX   INTEGER {             
                        active(1),
                        createAndGo(4),
                        destroy(6)}             
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required.
                Only three values 'createAndGo', 'destroy' and 
                'active' out of the six enumerated values need to
                be supported if write is supported."

--      OBJECT   cicIkeCfgPolicyPriority
--      SYNTAX   Unsigned32(1..255)
--      DESCRIPTION
--              "It is compliant to support a maximum value for
--              this object which is smaller than the defined
--              maximum value."
        
        OBJECT   cicIkeCfgPolicyStatus
        SYNTAX   INTEGER {             
                        active(1),
                        createAndGo(4),
                        destroy(6)}             
        DESCRIPTION
                " Only three values 'createAndGo', 'destroy' and 
                'active' out of the six enumerated values need to
                be supported if write is supported."

        OBJECT   cicNotifCntlIkeAllNotifs
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicNotifCntlIkeOperStateChanged 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicNotifCntlIkePskAdded 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicNotifCntlIkePskDeleted 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicNotifCntlIkePolicyAdded 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicNotifCntlIkePolicyDeleted 
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeCfgInitiatorPAddrType
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeCfgInitiatorPAddr    
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT   cicIkeCfgInitiatorVer
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required."
         
        OBJECT   cicIkeCfgInitiatorStatus
        SYNTAX   INTEGER {             
                        active(1),
                        createAndGo(4),
                        destroy(6)}             
        MIN-ACCESS read-only
        DESCRIPTION
                "Write access is not required.
                Only three values 'createAndGo', 'destroy' and 
                'active' out of the six enumerated values need to
                be supported if write is supported."

        ::= { cicIkeCfgMIBCompliances 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Units of Conformance: List of current groups
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
cicIkeCfgOperGroup OBJECT-GROUP
        OBJECTS {
                cicIkeEnabled,
                cicIkeAggressModeEnabled
                }
        STATUS  current
        DESCRIPTION
                "
                This group consists of objects that reflect the
                operational state of the IKE entity on the
                managed device.
                "
        ::= { cicIkeCfgMIBGroups 1 }

cicIkeCfgIdentitiesGroup OBJECT-GROUP
        OBJECTS {
                cicIkeCfgIdentityType,
                cicIkeCfgInitiatorNextAvailIndex,
                cicIkeCfgInitiatorPAddrType,
                cicIkeCfgInitiatorPAddr,
                cicIkeCfgInitiatorVer,
                cicIkeCfgInitiatorStatus
                }
        STATUS  current
        DESCRIPTION
                "
                This group consists of objects that reflect the
                Phase 1 ID used by the IKE entity on the
                managed device.
                "
        ::= { cicIkeCfgMIBGroups 2 }

cicIkeCfgFailureRecoveryGroup OBJECT-GROUP
        OBJECTS {
                cicIkeKeepAliveEnabled ,
                cicIkeKeepAliveType ,
                cicIkeKeepAliveInterval ,
                cicIkeKeepAliveRetryInterval ,
                cicIkeInvalidSpiNotify 
                }
        STATUS  current
        DESCRIPTION
                "
                This group consists of objects that define how the
                local IKE entity is configured to respond to
                common failures.
                "
        ::= { cicIkeCfgMIBGroups 3 }
                 
cicIkeCfgPskAuthGroup OBJECT-GROUP
        OBJECTS {  
                cicIkeCfgPskNextAvailIndex,
                cicIkeCfgPskKey,
                cicIkeCfgPskRemIdentType,
                cicIkeCfgPskRemIdentTypeStand,
                cicIkeCfgPskRemIdentity,
                cicIkeCfgPskRemIdAddrOrRg1OrSn,
                cicIkeCfgPskRemIdAddrRange2,
                cicIkeCfgPskRemIdSubnetMask,
                cicIkeCfgPskStatus
                }
        STATUS  current
        DESCRIPTION
                "
                This group consists of objects that are used to
                view and configure the preshared keys configured on
                the managed entity.
                "
        ::= { cicIkeCfgMIBGroups 4 }

cicIkeCfgPolicyGroup OBJECT-GROUP
        OBJECTS {
                cicIkeCfgPolicyEncr,
                cicIkeCfgPolicyHash,
                cicIkeCfgPolicyPRF,
                cicIkeCfgPolicyAuth,
                cicIkeCfgPolicyDHGroup,
                cicIkeCfgPolicyLifetime,
                cicIkeCfgPolicyStatus
                }
        STATUS current
        DESCRIPTION
                "
                This group consists of objects that are used to
                view and configure the ISAKMP policies configured on
                the managed device.
                "
        ::= { cicIkeCfgMIBGroups 5 }

cicIkeCfgOptionalPolicyGroup OBJECT-GROUP
        OBJECTS {
                cicIkeCfgPolicyLifesize
                }
        STATUS current
        DESCRIPTION
                "
                This group consists of objects pertaining to ISAKMP
                policy management which are optional and may not be
                supported by every implementation of IKE.
                "
        ::= { cicIkeCfgMIBGroups 6 }

cicIkeCfgNotifCntlGroup OBJECT-GROUP
        OBJECTS {
                cicNotifCntlIkeAllNotifs,
                cicNotifCntlIkeOperStateChanged,
                cicNotifCntlIkePskAdded,
                cicNotifCntlIkePskDeleted,
                cicNotifCntlIkePolicyAdded,
                cicNotifCntlIkePolicyDeleted 
                }
        STATUS current
        DESCRIPTION
                "
                This group of objects controls the sending 
                of notifications to signal the state of Phase-1 IKE
                configuration on the managed device.
                "
        ::= { cicIkeCfgMIBGroups 7 }

cicIkeCfgNotificationGroup NOTIFICATION-GROUP
        NOTIFICATIONS {
                ciscoIkeConfigOperStateChanged,
                ciscoIkeConfigPskAdded ,
                ciscoIkeConfigPskDeleted ,
                ciscoIkeConfigPolicyAdded ,
                ciscoIkeConfigPolicyDeleted 
                }
        STATUS current
        DESCRIPTION
                "
                This group contains the notifications to signal the 
                changes to IKE on the managed device.
                "
        ::= { cicIkeCfgMIBGroups 8 }
                 
END