AD | Application | AWS | Azure | Cloud | Database | Enterprise | Environmental | Event Log | File System | IoT | IT Service | Network/System | NIS2 | Infra | Performance | Protocol | SaaS | Security | Service Level | Storage | Linux | VMware | VoIP | Web | Wireless | SNMP

MonitorTools.com » Technical documentation » SNMP » MIB » Cisco » CISCO-IKE-CONFIGURATION-MIB » Objects

CISCO-IKE-CONFIGURATION-MIB.mib object

Introduction

Most network devices and programs ship with so-called MIB files to describe the parameters and meanings (i.e.: friendly names) which are available for monitoring via SNMP.
ActiveXperts Network Monitor 2025 can import vendor-specific MIB files, so it can be used to monitor specific OID's (Object Identifiers). This way, you can monitor your devices, computers, etc. by selecting your relevant OID's by name.

ActiveXperts Network Monitor 2025 can import MIB file CISCO-IKE-CONFIGURATION-MIB and use it to monitor vendor specific OID's.

CISCO-IKE-CONFIGURATION-MIB file content

Object view of CISCO-IKE-CONFIGURATION-MIB:

Scalar Object
cicIkeEnabled .1.3.6.1.4.1.9.9.423.1.1.1
This object reflects the operational status (enabled/ disabled) of the IKE entity on the managed device. 'true' - IKE is enabled. 'false' - IKE is disabled.
cicIkeAggressModeEnabled .1.3.6.1.4.1.9.9.423.1.1.2
This object reflects if the IKE entity on the managed device performs aggressive mode negotiations. 'true' - IKE entity performs aggressive mode negotiations. 'false' - IKE entity does not perform aggressive mode negotiations.
cicIkeCfgIdentityEntry .1.3.6.1.4.1.9.9.423.1.2.1.1
Each entry represents a Phase-1 identity used by IKE for a specific Phase-2 DOI.
cicIkeCfgInitiatorNextAvailEntry .1.3.6.1.4.1.9.9.423.1.2.2.1
Each entry represents a next available index for the cicIkeCfgInitiatorTable.
cicIkeCfgInitiatorEntry .1.3.6.1.4.1.9.9.423.1.2.3.1
Each entry represents the IKE protocol version initiated when connecting to a remote peer.
cicIkeCfgFailureRecovConfigEntry .1.3.6.1.4.1.9.9.423.1.3.1.1
Each entry represents a Phase I failure recovery configuration for the Phase 2 DOI corresponding to the conceptual row.
cicIkeCfgPskNextAvailEntry .1.3.6.1.4.1.9.9.423.1.4.1.1.1
Each entry represents a next available index for the cicIkeCfgPskTable.
cicIkeCfgPskEntry .1.3.6.1.4.1.9.9.423.1.4.1.2.1
Each entry represents a configured pre-shared authentication key for a specific peer.
cicIkeCfgPolicyEntry .1.3.6.1.4.1.9.9.423.1.5.1.1
Each entry contains the attributes associated with a single ISAKMP Policy entry.
cicNotifCntlIkeAllNotifs .1.3.6.1.4.1.9.9.423.1.7.1
This value of this object must be 'true' to enable any notification in addition to the notification-specific control variables defined below. A notification <foo> defined in this module is enabled if and only if the expression (cicNotifCntlIkeAllNotifs && cicNotifCntlIke<foo>) evaluates to 'true'.
cicNotifCntlIkeOperStateChanged .1.3.6.1.4.1.9.9.423.1.7.2
When cicNotifCntlIkeAllNotifs has the value 'true', this variable controls the generation of the ciscoIkeConfigOperStateChanged notification. When this variable is set to 'true', generation of the notification is enabled. When this variable is set to 'false', generation of the notification is disabled.
cicNotifCntlIkePskAdded .1.3.6.1.4.1.9.9.423.1.7.3
When cicNotifCntlIkeAllNotifs has the value 'true', this variable controls the generation of cicNotifCntlIkePskAdded notification. When this variable is set to 'true', generation of the notification is enabled. When this variable is set to 'false', generation of the notification is disabled.
cicNotifCntlIkePskDeleted .1.3.6.1.4.1.9.9.423.1.7.4
When cicNotifCntlIkeAllNotifs has the value 'true', this variable controls the generation of cicNotifCntlIkePskDeleted notification. When this variable is set to 'true', generation of the notification is enabled. When this variable is set to 'false', generation of the notification is disabled.
cicNotifCntlIkePolicyAdded .1.3.6.1.4.1.9.9.423.1.7.5
When cicNotifCntlIkeAllNotifs has the value 'true', this variable controls the generation of cicNotifCntlIkePolicyAdded notification. When this variable is set to 'true', generation of the notification is enabled. When this variable is set to 'false', generation of the notification is disabled.
cicNotifCntlIkePolicyDeleted .1.3.6.1.4.1.9.9.423.1.7.6
When cicNotifCntlIkeAllNotifs has the value 'true', this variable controls the generation of cicNotifCntlIkePolicyDeleted notification. When this variable is set to 'true', generation of the notification is enabled. When this variable is set to 'false', generation of the notification is disabled.
Tabular Object
cicIkeCfgIdentityDoi .1.3.6.1.4.1.9.9.423.1.2.1.1.1
This is the DOI type that is supported by this IKE entity on the managed device and for which the Phase-1 identity corresponding to this conceptual row is being defined.
cicIkeCfgIdentityType .1.3.6.1.4.1.9.9.423.1.2.1.1.2
The Phase I identity type used by the Phase-2 DOI corresponding to this conceptual row.
cicIkeCfgInitiatorNextAvailIndex .1.3.6.1.4.1.9.9.423.1.2.2.1.1
The object specifies the next available index for object cicIkeCfgInitiatorIndex which can be used for creating an entry in cicIkeCfgInitiatorTable.
cicIkeCfgInitiatorIndex .1.3.6.1.4.1.9.9.423.1.2.3.1.1
An arbitrary value identifying the configured IKE version initiated for a peer in this domain of interpretation, identified by cicIkeCfgIdentityDoi, on a managed device. This object could have the same value as cicIkeCfgInitiatorNextAvailIndex.
cicIkeCfgInitiatorPAddrType .1.3.6.1.4.1.9.9.423.1.2.3.1.2
The Phase 1 ID type of the remote peer for which this IKE protocol initiator is configured. This object cannot be modified while the corresponding value of cicIkeCfgInitiatorStatus is equal to 'active'.
cicIkeCfgInitiatorPAddr .1.3.6.1.4.1.9.9.423.1.2.3.1.3
This object represents the address of the remote peer corresponding to this conceptual row. This object cannot be modified while the corresponding value of cicIkeCfgInitiatorStatus is equal to 'active'.
cicIkeCfgInitiatorVer .1.3.6.1.4.1.9.9.423.1.2.3.1.4
This object represents the IKE protocol version used when connecting to a remote peer specified in cicIkeCfgInitiatorPAddr. This object cannot be modified while the corresponding value of cicIkeCfgInitiatorStatus is equal to 'active'.
cicIkeCfgInitiatorStatus .1.3.6.1.4.1.9.9.423.1.2.3.1.5
The status of this conceptual row. To configure an IKE version initiator entry, the NMS must do a multivarbind set containing cicIkeCfgInitiatorPAddrType, cicIkeCfgInitiatorPAddr and cicIkeCfgInitiatorVer. Creation of row can only be done via 'createAndGo'. To remove a row, set this object value to 'destroy'.
cicIkeKeepAliveEnabled .1.3.6.1.4.1.9.9.423.1.3.1.1.1
This object reflects if the IKE entity in the managed device performs keepalives with all the peers for the DOI corresponding to this conceptual row. 'true' - keepalives are performed. 'false' - no keepalives are performed.
cicIkeKeepAliveType .1.3.6.1.4.1.9.9.423.1.3.1.1.2
This object reflects the type of keepalives to be used by the IKE entity on the managed device with all the peers for the DOI corresponding to this conceptual row.
cicIkeKeepAliveInterval .1.3.6.1.4.1.9.9.423.1.3.1.1.3
This object reflects the keepalive interval in seconds used by the IKE entity on the managed device with all the peers for the DOI corresponding to this conceptual row.
cicIkeKeepAliveRetryInterval .1.3.6.1.4.1.9.9.423.1.3.1.1.4
This object reflects the keepalive retry interval in seconds used by the IKE entity on the managed device with all the peers for the DOI corresponding to this conceptual row.
cicIkeInvalidSpiNotify .1.3.6.1.4.1.9.9.423.1.3.1.1.5
This object reflects if the IKE entity on the managed device notifies any peer when an IPsec Phase-1 or Phase-2 packet with an invalid SPI is received from that peer for the DOI corresponding to this conceptual row. 'true' - IKE entity notifies peer. 'false' - IKE entity does not notify peer.
cicIkeCfgPskNextAvailIndex .1.3.6.1.4.1.9.9.423.1.4.1.1.1.1
The object specifies the next available index for object cicIkeCfgPskIndex which can be used for creating an entry in cicIkeCfgPskTable.
cicIkeCfgPskIndex .1.3.6.1.4.1.9.9.423.1.4.1.2.1.1
An arbitrary value identifying the configured pre-shared keys for IKE entity in this domain of interpretation, identified by cicIkeCfgIdentityDoi, on a managed device. This object could have the same value as cicIkeCfgPskNextAvailIndex.
cicIkeCfgPskKey .1.3.6.1.4.1.9.9.423.1.4.1.2.1.2
The pre-shared authorization key used in authenticating the peer corresponding to this conceptual row. This object cannot be modified while the corresponding value of cicIkeCfgPskStatus is equal to 'active'.
cicIkeCfgPskRemIdentType .1.3.6.1.4.1.9.9.423.1.4.1.2.1.3
The Phase 1 ID type of the remote peer identity for which this preshared key is configured. This object cannot be modified while the corresponding value of cicIkeCfgPskStatus is equal to 'active'.
cicIkeCfgPskRemIdentTypeStand .1.3.6.1.4.1.9.9.423.1.4.1.2.1.4
If the object 'cicIkeCfgPskRemIdentType' is one of idIpv4Addr idIpv6Addr idIpv4AddrRange idIpv6AddrRange idIpv4AddrSubnet idIpv6AddrSubnet then this object contains the type of InetAddress for the corresponding value(s) of cicIkeCfgPskRemIdAddrOrRg1OrSn, cicIkeCfgPskRemIdAddrRange2 and/or cicIkeCfgPskRemIdSubnetMask. This object would have a value 'unknown', for other values of cicIkeCfgPskRemIdentType.
cicIkeCfgPskRemIdentity .1.3.6.1.4.1.9.9.423.1.4.1.2.1.5
The Phase 1 ID identity of the peer for which this preshared key is configured on the local entity. This object cannot be modified while the corresponding value of cicIkeCfgPskStatus is equal to 'active'.
cicIkeCfgPskRemIdAddrOrRg1OrSn .1.3.6.1.4.1.9.9.423.1.4.1.2.1.6
If the object cicIkeCfgPskRemIdentType is one of idIpv4Addr idIpv6Addr idIpv4AddrRange idIpv6AddrRange idIpv4AddrSubnet idIpv6AddrSubnet then this object contains the first or only component of the Phase 1 identity. Otherwise, the value contained in this object will be a zero length string which should be disregarded.
cicIkeCfgPskRemIdAddrRange2 .1.3.6.1.4.1.9.9.423.1.4.1.2.1.7
If the object cicIkeCfgPskRemIdentType is one of idIpv4AddrRange idIpv6AddrRange then this object contains the second component of the Phase 1 identity. Otherwise, the value contained in this object will be a zero length string which should be disregarded.
cicIkeCfgPskRemIdSubnetMask .1.3.6.1.4.1.9.9.423.1.4.1.2.1.8
If the object 'cicIkeCfgPskRemIdentType' is one of idIpv4AddrSubnet idIpv6AddrSubnet then this object contains the second component of the Phase 1 identity. Otherwise, the value contained in this object will be zero which should be disregarded.
cicIkeCfgPskStatus .1.3.6.1.4.1.9.9.423.1.4.1.2.1.9
The status of this conceptual row. To configure an pre shared authentication key entry, the NMS must do a multivarbind set containing cicIkeCfgPskKey, cicIkeCfgPskRemIdentType,cicIkeCfgPskRemIdentity. Creation of row can only be done via 'createAndGo'. To remove a row, set this object value to 'destroy'.
cicIkeCfgPolicyPriority .1.3.6.1.4.1.9.9.423.1.5.1.1.1
The priority of this ISAKMP Policy entry. The policy with lower value would take precedence over the policy with higher value in the same DOI.
cicIkeCfgPolicyEncr .1.3.6.1.4.1.9.9.423.1.5.1.1.2
The encryption transform specified by this ISAKMP policy specification. The Internet Key Exchange (IKE) tunnels setup using this policy item would use the specified encryption transform to protect the ISAKMP PDUs.
cicIkeCfgPolicyHash .1.3.6.1.4.1.9.9.423.1.5.1.1.3
The hash transform specified by this ISAKMP policy specification. The IKE tunnels setup using this policy item would use the specified hash transform to protect the ISAKMP PDUs.
cicIkeCfgPolicyPRF .1.3.6.1.4.1.9.9.423.1.5.1.1.4
The Pseudo Random Function algorithm specified by this ISAKMP policy specification. The value of this object would only be used for IKEv2.
cicIkeCfgPolicyAuth .1.3.6.1.4.1.9.9.423.1.5.1.1.5
The peer authentication method specified by this ISAKMP policy specification. If this policy entity is selected for negotiation with a peer, the local entity would authenticate the peer using the method specified by this object.
cicIkeCfgPolicyDHGroup .1.3.6.1.4.1.9.9.423.1.5.1.1.6
This object specifies the Oakley group used for Diffie Hellman exchange in the Main Mode. If this policy item is selected to negotiate Main Mode with an IKE peer, the local entity chooses the group specified by this object to perform Diffie Hellman exchange with the peer.
cicIkeCfgPolicyLifetime .1.3.6.1.4.1.9.9.423.1.5.1.1.7
This object specifies the lifetime in seconds of the IKE tunnels generated using this policy specification.
cicIkeCfgPolicyLifesize .1.3.6.1.4.1.9.9.423.1.5.1.1.8
This object specifies the life size in Kbytes of the IKE tunnels generated using this policy specification.
cicIkeCfgPolicyStatus .1.3.6.1.4.1.9.9.423.1.5.1.1.9
This object specifies the status of the ISAKMP policy corresponding to this conceptual row. Creation of row can only be done via 'createAndGo'. To remove a row, set this object value to 'destroy'.
Table
cicIkeCfgIdentityTable .1.3.6.1.4.1.9.9.423.1.2.1
The table containing the list of Phase-1 identities used by the IKE protocol for the different Phase-2 DOIs it operates in.
cicIkeCfgInitiatorNextAvailTable .1.3.6.1.4.1.9.9.423.1.2.2
The table providing the next available index for the cicIkeCfgInitiatorTable, in a domain of interpretation(DOI), identified by cicIkeCfgIdentityDoi. This value is only a recommended value, but the user can choose to use a different value to create an entry in the cicIkeCfgInitiatorTable.
cicIkeCfgInitiatorTable .1.3.6.1.4.1.9.9.423.1.2.3
The table containing the IKE version initiators for peers.
cicIkeCfgFailureRecovConfigTable .1.3.6.1.4.1.9.9.423.1.3.1
The table containing the failure recovery configuration for IKE per supported DOI in the managed entity.
cicIkeCfgPskNextAvailTable .1.3.6.1.4.1.9.9.423.1.4.1.1
The table providing the next available index for the cicIkeCfgPskTable, in a domain of interpretation(DOI), identified by cicIkeCfgIdentityDoi. This value is only a recommended value, but the user can choose to use a different value to create an entry in the cicIkeCfgPskTable.
cicIkeCfgPskTable .1.3.6.1.4.1.9.9.423.1.4.1.2
The table containing the list of pre shared authentication keys configured to be used by IKE protocol catalogued by the DOI and the peer identity. It is possible to have multiple peers per DOI.
cicIkeCfgPolicyTable .1.3.6.1.4.1.9.9.423.1.5.1
The table containing the list of all ISAKMP policy entries configured by the operator.
Trap
ciscoIkeConfigOperStateChanged .1.3.6.1.4.1.9.9.423.0.1
The notification is generated when the operational state of IKE entity on the managed device has been changed.
ciscoIkeConfigPskAdded .1.3.6.1.4.1.9.9.423.0.2
This notification is generated when a new preshared key is configured on the managed device.
ciscoIkeConfigPskDeleted .1.3.6.1.4.1.9.9.423.0.3
This notification is generated when an existing preshared key is configured on the managed device is about to be deleted.
ciscoIkeConfigPolicyAdded .1.3.6.1.4.1.9.9.423.0.4
This notification is generated when a new ISAKMP policy is configured on the managed device.
ciscoIkeConfigPolicyDeleted .1.3.6.1.4.1.9.9.423.0.5
This notification is issued when an existing ISAKMP policy configured on the managed device is about to be deleted.
Object Identifier
ciscoIkeConfigMIB .1.3.6.1.4.1.9.9.423
This is a MIB Module for configuring and viewing IKE parameters and policies. Acronyms The following acronyms are used in this document: IPsec: Secure IP Protocol VPN: Virtual Private Network ISAKMP: Internet Security Association and Key Exchange Protocol IKE: Internet Key Exchange Protocol DOI: Domain of Interpretation (of the attributes of IKE protocol in the context of a specific Phase-2 protocol). SA: Security Association (ref: rfc2408). SPI: Security Parameter Index is the pointer or identifier used in accessing SA attributes (ref: rfc2408). MM: Main Mode - the process of setting up a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs Phase 1 Tunnel: An ISAKMP SA can be regarded as representing a flow of ISAKMP/IKE traffic. Hence an ISAKMP is referred to as a 'Phase 1 Tunnel' in this document. Phase 2 Tunnel: A Phase 2 Tunnel is an instance of a non-ISAKMP SA bundle in which all the SA share the same proxy identifiers (IDii,IDir) and protect the same stream of application traffic. Note that a Phase 2 tunnel may comprise one SA bundle at any given point of time, but the SA bundle changes with time due to key refresh. History of the MIB This MIB was originally written as CISCO-IPSEC-MIB which combined the configuration of IKE and IPsec protocols into a single MIB.
cicIkeConfigMIBNotifs .1.3.6.1.4.1.9.9.423.0
cicIkeConfigMIBObjects .1.3.6.1.4.1.9.9.423.1
cicIkeConfigMIBConform .1.3.6.1.4.1.9.9.423.2
cicIkeCfgOperations .1.3.6.1.4.1.9.9.423.1.1
cicIkeCfgIdentities .1.3.6.1.4.1.9.9.423.1.2
cicIkeCfgFailureRecovery .1.3.6.1.4.1.9.9.423.1.3
cicIkeCfgPeerAuth .1.3.6.1.4.1.9.9.423.1.4
cicIkeCfgPskAuthConfig .1.3.6.1.4.1.9.9.423.1.4.1
cicIkeCfgNonceAuthConfig .1.3.6.1.4.1.9.9.423.1.4.2
cicIkeCfgPkiAuthConfig .1.3.6.1.4.1.9.9.423.1.4.3
cicIkeCfgPolicies .1.3.6.1.4.1.9.9.423.1.5
cicIkeCfgServiceControl .1.3.6.1.4.1.9.9.423.1.6
cicIkeCfgCallAdmssionnCtrl .1.3.6.1.4.1.9.9.423.1.6.1
cicIkeCfgQoSControl .1.3.6.1.4.1.9.9.423.1.6.2
cicIkeConfigMibNotifCntl .1.3.6.1.4.1.9.9.423.1.7
cicIkeCfgMIBGroups .1.3.6.1.4.1.9.9.423.2.1
cicIkeCfgMIBCompliances .1.3.6.1.4.1.9.9.423.2.2
Group
cicIkeCfgOperGroup .1.3.6.1.4.1.9.9.423.2.1.1
This group consists of objects that reflect the operational state of the IKE entity on the managed device.
cicIkeCfgIdentitiesGroup .1.3.6.1.4.1.9.9.423.2.1.2
This group consists of objects that reflect the Phase 1 ID used by the IKE entity on the managed device.
cicIkeCfgPskAuthGroup .1.3.6.1.4.1.9.9.423.2.1.4
This group consists of objects that are used to view and configure the preshared keys configured on the managed entity.
cicIkeCfgPolicyGroup .1.3.6.1.4.1.9.9.423.2.1.5
This group consists of objects that are used to view and configure the ISAKMP policies configured on the managed device.
cicIkeCfgOptionalPolicyGroup .1.3.6.1.4.1.9.9.423.2.1.6
This group consists of objects pertaining to ISAKMP policy management which are optional and may not be supported by every implementation of IKE.
cicIkeCfgFailureRecoveryGroup .1.3.6.1.4.1.9.9.423.2.1.3
This group consists of objects that define how the local IKE entity is configured to respond to common failures.
cicIkeCfgNotificationGroup .1.3.6.1.4.1.9.9.423.2.1.8
This group contains the notifications to signal the changes to IKE on the managed device.
cicIkeCfgNotifCntlGroup .1.3.6.1.4.1.9.9.423.2.1.7
This group of objects controls the sending of notifications to signal the state of Phase-1 IKE configuration on the managed device.
M