CISCO-IPSEC-TC -- *------------------------------------------------------------------ -- * CISCO-IPSEC-TC: Cisco IPsec Textual Conventions -- * -- * Mar 2004, S Ramakrishnan -- * -- * Copyright (c) 2004 by cisco Systems, Inc. -- * All rights reserved. -- *------------------------------------------------------------------ CISCO-IPSEC-TC DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, Unsigned32, Gauge32 FROM SNMPv2-SMI TEXTUAL-CONVENTION FROM SNMPv2-TC ciscoMgmt FROM CISCO-SMI; ciscoIPsecTc MODULE-IDENTITY LAST-UPDATED "200407220000Z" ORGANIZATION "Cisco Systems Inc. and Tivoli Systems Inc." CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tivoli Systems Research Triangle Park, NC Tel: +1 800 553-NETS E-mail: cs-ipsecmib@external.cisco.com bret_harrison@tivoli.com " DESCRIPTION " This MIB module defines the textual conventions used in the IPsec suite of MIBs. This includes Internet DOI numbers defined in RFC 2407, ISAKMP numbers defined in RFC 2408, and IKE numbers defined in RFC 2409. " REVISION "200407220000Z" DESCRIPTION " Initial version of this module. " ::= { ciscoMgmt 422 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++ -- Definition of Textual Conventions for IPsec MIBs -- +++++++++++++++++++++++++++++++++++++++++++++++++++ CCryptoMD5Hash ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This type denotes a 128-bit MD5 output string of an input string" SYNTAX OCTET STRING(SIZE(16)) CIKEIsakmpDoi ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The Domain of Interpretation of the IKE implementation. This type is used to implement distinctions between the configuration of the IKE implementation for distinct Phase 2 protocols that use IKE. Description of enum constants of this type: isakmpDoiIPsec: Denotes that IPsec protocol is used in Phase-2 isakmpDoiFcsp: Denotes that FC-SP protocol is used in Phase-2 isakmpDoiCps: Denotes that Cps protocol is used in Phase-2 isakmpDoiFcCtAuth: Denotes that Fc-Ct-Auth protocol is used in Phase-2 " SYNTAX INTEGER { isakmpDoiUnknown(1), isakmpDoiOther(2), isakmpDoiIPsec(3), isakmpDoiFcsp(4), isakmpDoiCps(5), isakmpDoiFcCtAuth(6) } CIKELifetime ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " This type corresponds to the lifetime of ISAKMP security associations. The unit of information is seconds. " SYNTAX Unsigned32(60..86400) CIKELifesize ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " This type corresponds to the lifesize of a ISAKMP security association in the number of kilobytes of data that has been processed by the security association. The unit of information is kilobytes. " SYNTAX Unsigned32(2560..4294967295) CIPsecEncryptionKeySize ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " This type is used by objects that denote the size in bits of key of an encryption transform. The value of 0 has been allowed to provide for 'NULL' encryption transforms. " SYNTAX Unsigned32 (0..65535) CIPsecControlProtocol ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The protocol used for keying and control in IPsec connections. The value of 'cpManual' indicates manual administration of IPsec tunnels. This enumeration will be expanded as new keying protocols are standardized. The value 'cpAll' does not denote a specific keying protocol; it has been defined only as a convenience to facilitate aggregation of metrics across all control protocols. Description of enum constants of this type: cpManual: Denotes manual keying (i.e., no signaling). cpIkev1: Denotes keying signaling using IKEv1 protocol. cpIkev2: Denotes keying signaling using IKEv2 protocol. cpKink: Denotes keying signaling using KINK. cpPhoturis: Denotes keying signaling using Photuris. " SYNTAX INTEGER { cpUnknown(1), cpAll(2), cpOther(3), cpManual(4), cpIkev1(5), cpIkev2(6), cpKink(7), cpPhoturis(8) } CIPsecProtocol ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " A protocol used for encapsulating the Phase-2 tunneled traffic. The enumerations correspond to Authentication Header, Encapsulating Security Payload and IP compression protocols. The enum constants used in this denote the standard IPsec protocols, viz., Authentication Header (AH), ESP and IP compression. Description of enum constants of this type: ipsecProtAh: Denotes IPsec Authentication Header (AH) protocol. ipsecProtEsp: Denotes IPsec Encapsulating Security Payload (ESP) protocol. ipsecProtIPcomp: Denotes IPsec Packet Compression protocol. " REFERENCE "rfc2402, rfc2406 and rfc2409" SYNTAX INTEGER { ipsecProtUnknown(1), ipsecProtAh(2), ipsecProtEsp(3), ipsecProtIPcomp(4) } CIPsecPhase1PeerIdentityType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The type of IPsec Phase-1 peer identity. The peer may be identified by one of the ID types defined in IPSEC DOI. Description of enum constants of this type: idIpv4Addr: IPv4 address idFqdn: Fully QUalified Domain Name idDn: Represents the binary DER encoding of the identity. idIpv6Addr: IPv6 address idUserFqdn: User FQDN (such as an email address). idIpv4AddrSubnet: IPv4 subnet specification (comprising a subnet identifier and a subnet mask). idIpv6AddrSubnet: IPv6 subnet specification (comprising a subnet identifier and a subnet mask). idIpv4AddrRange: A range of IPv4 addresses (comprising a starting address and an ending address) idIpv6AddrRange: A range of IPv6 addresses (comprising a starting address and an ending address) idDerAsn1Gn: The ASN.1 encoded general number. idKeyId: This is the symbolic name (key identifier). idWwn: World Wide Number or the encoding of the layer-2 address used by MDS switches. " REFERENCE "rfc2408 and rfc2409" SYNTAX INTEGER { idOther(1), idIpv4Addr(2), idFqdn(3), idDn(4), idIpv6Addr(5), idUserFqdn(6), idIpv4AddrSubnet(7), idIpv6AddrSubnet(8), idIpv4AddrRange(9), idIpv6AddrRange(10), idDerAsn1Gn(11), idKeyId(12), idWwn(13) } CIPsecIkeNegoMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The negotiation mode used by IKE protocol in Phase-1. The type enumerates constants to denote the two distinct modes of operation of ISAKMP-based IPsec signaling in Phase-2, viz., Main Mode (mainMode) and Aggressive Mode (aggressiveMode). " REFERENCE "rfc2408 and rfc2409" SYNTAX INTEGER { mainMode(1), aggressiveMode(2) } CIPsecIkeHashAlgorithm ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The hash algorithm used in IPsec Phase-1 IKE negotiations. Description of enum constants of this type: md5: Hash payload using MD5 algorithm. sha: Hash payload using 96-bit SHA-1 algorithm as defined in FIPS 180-1. tiger: Hash payload using Tiger hash algorithm. sha256: Hash payload using 256-bit key SHA-1 algorithm. sha384: Hash payload using 384-bit key SHA-1 algorithm. sha512: Hash payload using 512-bit key SHA-1 algorithm. aesMac Hash payload using AES-XCBC-MAC-96 algorithm. " REFERENCE "rfc2408 and rfc2409" SYNTAX INTEGER { none(1), other(2), md5(3), sha(4), tiger(5), sha256(6), sha384(7), sha512(8), aesMac(9) } CIPsecIkeAuthMethod ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The authentication method used in IPsec Phase-1 IKE negotiations. Description of enum constants of this type: preSharedKey: Peer authentication using pre-shared keys. rsaSignature: Peer authentication using digital signatures. rsaEncryption: Peer authentication using encrypted nonces. revRsaEncryption: Peer authentication using revised RSA encryption. dssSignature: Peer authentication using DSS signatures. elGamalEncryption: Peer authentication using El Gamal. revElGamalEncryption: Peer authentication using revised El Gamal. ecdsaSignature: Peer authentication using Elliptic Curve Digital Signatures. gssApiV1: Peer authentication using Generic Security Services API v1. gssApiV2: Peer authentication using Generic Security Services API v2. " REFERENCE "rfc2408 and rfc2409" SYNTAX INTEGER { other(1), preSharedKey(2), rsaSignature(3), rsaEncryption(4), revRsaEncryption(5), dssSignature(6), elGamalEncryption(7), revElGamalEncryption(8), ecsdaSignature(9), gssApiV1(10), gssApiV2(11) } CIPsecDiffHellmanGrp ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " An indication of whether a Diffie Hellman Group has been specified to be used in negotiations and the type of group as follows. 'notDH' -- indicates no use of a Diffie Hellman 'modp768' -- 768-bit MODP 'modp1024' -- 1024-bit MODP 'modp1536' -- 1536-bit MODP group 'ec2nGP155' -- EC2N group on GP[2^155] 'ec2nGP185' -- EC2N group on GP[2^185] 'ec2nGF163' -- EC2N group over GF[2^163] 'ec2nGF283' -- EC2N group over GF[2^283] 'ec2nGF409' -- EC2N group over GF[2^409] 'ec2nGF571' -- EC2N group over GF[2^571] 'modp2048' -- 2048-bit MODP group " REFERENCE "rfc2408, rfc2409 and rfc3526" SYNTAX INTEGER { other(1), notDH(2), modp768(3), modp1024(4), ec2nGP155(5), ec2nGP185(6), modp1536(7), -- 1536-bit MODP group ec2nGF163(8), ec2nGF283(9), ec2nGF409(10), ec2nGF571(11), modp2048(12) } CIPsecEncapMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The encapsulation mode used by an IPsec Phase-2 Tunnel. The type enumerates values to denote the two modes of encapsulation of payload used by IPsec, viz., transport mode (encapTunnel) and tunnel mode (encapTransport). " REFERENCE "rfc2408 and rfc2409" SYNTAX INTEGER{ encapTunnel(1), encapTransport(2) } CIPsecTransform ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The transform to be used by an IPsec Phase-2 protocol (ESP or AH or IPCP). Description of enum constants of this type: xformAhRFC1829: Authentication Header per RFC1829 xformAhMD5: Authentication Header using MD5 xformAhSHA1: Authentication Header using SHA1 xformEspNULL: ESP with NULL encryption. xformEspDES: ESP with DES encryption. xformEsp3DES: ESP with 3DES encryption. xformEspAES128: ESP with AES encryption using CBC mode (128-bit key). xformEspAES192: ESP with AES encryption using CBC mode (192-bit key). xformEspAES256: ESP with AES encryption using CBC mode (256-bit key). xformEspMD5: ESP with MD5 hash. xformEspSHA1: ESP with SHA-1 hash. xformCompLZS: IP compression using LZS. xformEspRc5: Payload encryption using RC5. xformEspIdea: Payload encryption using International Data Encryption Algorithm. xformEspCast: Payload encryption using CAST. xformEspTwofish: Payload encryption using TwoFish. xformEspBlowfish: Payload encryption using BlowFish. xformEsp3idea: Payload encryption using International Data Encryption Algorithm. xformEspRc4: Payload encryption using RC4. xformEspDesMac: ESP with DES MAC hash. xformEspHmacSha256: ESP with HMAC SHA-1 hash (256-bit key). xformEspHmacSha384: ESP with HMAC SHA-1 has (384-bit key). xformEspHmacSha512: ESP with HMAC SHA-1 has (512-bit key). xformEspRipemd: ESP with RIPEMD cryptographic hash. xformAHDesMac: AH with DES MAC hash. xformAHHmacSha256: AH with HMAC SHA-1 hash (256-bit key). xformAHHmacSha384: AH with HMAC SHA-1 hash (384-bit key). xformAHHmacSha512: AH with HMAC SHA-1 hash (512-bit key). xformAHRipemd: AH with RIPEMD cryptographic hash. xformEspAESXCbcMac: ESP with AES XCBC MAC authentication. xformAHAESXCbcMac: AH with AES XCBC MAC authentication. " REFERENCE "rfc2408 and rfc2409" SYNTAX INTEGER{ xformNONE(1), xformOTHER(2), xformAhRFC1829(3), xformAhMD5(4), xformAhSHA1(5), xformEspNULL(6), xformEspDES(7), xformEsp3DES(8), xformEspAES128(9), xformEspAES192(10), xformEspAES256(11), xformEspMD5(12), xformEspSHA1(13), xformCompLZS(14), xformEspAESCtr128(15), xformEspAESCtr192(16), xformEspAESCtr256(17), xformEspRc5(18), xformEspIdea(19), xformEspCast(20), xformEspTwofish(21), xformEspBlowfish(22), xformEsp3idea(23), xformEspRc4(24), xformEspDesMac(25), xformEspHmacSha256(26), xformEspHmacSha384(27), xformEspHmacSha512(28), xformEspRipemd(29), xformAHDesMac(30), xformAHHmacSha256(31), xformAHHmacSha384(32), xformAHHmacSha512(33), xformAHRipemd(34), xformEspAESXCbcMac(35), xformAHAESXCbcMac(36) } CIPsecSecuritySuite ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The combination of IPsec Phase-2 protocols. suiteConfEsp: Confidentiality using ESP. suiteIntegEsp: Confidentiality and Integrity check using ESP. suiteIntegAh: Integrity check with AH. suiteConfComp: Confidentiality using ESP; Packet compression. suiteIntegEspComp: Packet Integrity using ESP; Packet compression. suiteIntegAhComp: Packet Integrity using AH; Packet compression. suiteConfAh: Confidentiality using ESP; Packet Integrity using AH. suiteConfAhComp: Confidentiality using ESP; Packet Integrity using AH; Packet compression. suiteIntegEspAh: Packet Integrity using ESP and AH. suiteIntegEspAhComp: Packet Integrity using ESP and AH; Packet compression. suiteConfIntegEsp: Confidentiality and Packet Integrity using ESP. suiteConfIntegEspComp: Confidentiality and Packet Integrity using ESP; Packet compression. suiteConfIntegEspAh: Confidentiality using ESP; Packet Integrity using ESP and AH. suiteConfIntegEspAhComp: Confidentiality using ESP; Packet Integrity using ESP and AH; Packet compression. suiteOther: A suite that does not fit any of the above definitions. " REFERENCE "rfc2408 and rfc2409" SYNTAX INTEGER{ suiteOther(1), suiteConfEsp(2), suiteIntegEsp(3), suiteIntegAh(4), suiteConfComp(5), suiteIntegEspComp(6), suiteIntegAhComp(7), suiteConfAh(8), suiteConfAhComp(9), suiteIntegEspAh(10), suiteIntegEspAhComp(11), suiteConfIntegEsp(12), suiteConfIntegEspComp(13), suiteConfIntegEspAh(14), suiteConfIntegEspAhComp(15) } CIPsecNATTraversalMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The encapsulation mode used to implement NAT traversal. Both 'EncapMode' and 'NATTraversalMode' are attributes of a Phase-2 IPsec tunnel. Value of an object of this type is constrained based on the value of its tunnel encapsulation mode: if the tunnel encapsulation mode is 'encapTransport', then the value of this attribute may be one of 'natEncapNone' or 'natEncapNATT'. Description of enum constants of this type: natEncapIPsecOverUdp: IPsec encapsulation over UDP. natEncapIPsecOverTcp: IPsec encapsulation over TCP. natEncapNATT: IPsec encapsulation over NAT-T protocol. " SYNTAX INTEGER{ natEncapNone(1), natEncapOther(2), natEncapIPsecOverUdp(3), natEncapIPsecOverTcp(4), natEncapNATT(5) } CIPsecEncryptAlgorithm ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The encryption algorithm used in negotiations. Since payload encryption is done by the ESP protocol, these enums are prefixed with 'esp'. Description of enum constants of this type: espDes: Payload encryption using 56-bit key DES. esp3des: Payload encryption using 168-bit 3DES. espRc5: Payload encryption using RC5. espIdea: Payload encryption using International Data Encryption Algorithm. espCast: Payload encryption using CAST. espTwofish: Payload encryption using TwoFish. espBlowfish: Payload encryption using BlowFish. esp3idea: Payload encryption using International Data Encryption Algorithm. espRc4: Payload encryption using RC4. espNull: NULL Payload encryption. espAes128: espAes192: espAes256: Payload encryption using AES CBC mode and keysizes of 128, 192 and 256 bit keys. espAesCtr128: espAesCtr192: espAesCtr256: Payload encryption using AES CTR mode and keysizes of 128, 192 and 256 bit keys. " SYNTAX INTEGER { none(1), other(2), espDes(3), esp3des(4), espRc5(5), espIdea(6), espCast(7), espTwofish(8), espBlowfish(9), esp3idea(10), espRc4(11), espNull(12), espAes128(13), espAes192(14), espAes256(15), espAesCtr128(16), espAesCtr192(17), espAesCtr256(18) } CIPsecSpi ::= TEXTUAL-CONVENTION DISPLAY-HINT "x" STATUS current DESCRIPTION " The type of the SPI (Security Parameter Index) associated with IPsec Phase-2 security associations. " SYNTAX Unsigned32 (256..4294967295) CIPsecAuthAlgorithm ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The authentication algorithm used by a security association of an IPsec Phase-2 Tunnel. Description of enum constants of this type: hmacMd5: Hash validation using HMAC MD5. hmacSha: Hash validation using HMAC SHA-1. desMac: Hash validation using DES as MAC. hmacSha256: Hash validation using 256-bit SHA-1. hmacSha384: Hash validation using 384-bit SHA-1. hmacSha512: Hash validation using 512-bit SHA-1. ripemd: Hash validation using RIPEMD cryptographic hash function. " SYNTAX INTEGER{ none(1), other(2), hmacMd5(3), hmacSha(4), desMac(5), hmacSha256(6), hmacSha384(7), hmacSha512(8), ripemd(9) } CIPsecCompAlgorithm ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The compression algorithm used by a security association of an IPsec Phase-2 Tunnel. Description of enum constants of this type: compOui: IP payload compression using a proprietary algorithm identified using an Organization Unique Identifier (OUI). compDeflate: IP payload compression using deflate algorithm. compLzs: IP payload compression using LZS algorithm. compLzjh: IP payload compression using LZJH algorithm. " SYNTAX INTEGER{ none(1), other(2), compOui(3), compDeflate(4), compLzs(5), compLzjh(6) } CIPsecEndPtType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The type of identity use to specify an IPsec End Point. For a description of the enum values, please refer to the description of type 'CIPsecPhase1PeerIdentityType'. " SYNTAX INTEGER { other(1), idIpv4Addr(2), idIpv4AddrRange(3), idIpv4AddrSubnet(4), idFqdn(5), idUserFqdn(6), idIpv6Addr(7), idIpv6AddrRange(8), idIpv6AddrSubnet(9), idDerAsn1Dn(10), idDerAsn1Gn(11), idKeyId(12) } CIPsecPhase2SaDirection ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " Phase-2 IPsec security associations are simplex. This textual convention is used as the type of attribute(s) of a Phase-2 security association. Description of enum constants of this type: saDirectionIn: The IPsec security association is used to process incoming traffic. saDirectionOut: The IPsec security association is used to process outgoing traffic. " REFERENCE "rfc2409" SYNTAX INTEGER { saDirectionUnknown(1), saDirectionIn(2), saDirectionOut(3) } CIPsecPhase1TunnelIndex ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The index of the IPsec Phase-1 (IKE) Tunnel Table. An index of this type is a number which begins at 1 and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647. " SYNTAX Unsigned32 (1..2147483647) CIPsecPhase1TunnelIndexOrZero ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " This type defines a range of values for index of the IPsec Phase-1 (IKE) Tunnel Table, including the invalid index '0'. An object of this type is used to implement a soft reference to an IKE tunnel. The value of zero is used to denote the fact that the reference points to a non-existent IKE tunnel. " SYNTAX Unsigned32 (0..2147483647) CIPsecPhase2TunnelIndex ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The type of the index of the IPsec Phase-2 Tunnel Table. An index of this type is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647. " SYNTAX Unsigned32 (1..2147483647) CIPsecPmtu ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The type of the Path MTU (Maximum Transmission Unit) of an IPsec Phase-2 Tunnel. " SYNTAX Unsigned32 (68..1500) CIPsecLifetime ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " This type corresponds to the lifetime in seconds of IPsec Phase-2 security associations. " SYNTAX Unsigned32 (0|120..86400) CIPsecLifesize ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " This type corresponds to the life-size of a Phase-2 security association in the number of kilobytes of data that has been processed by the security association. " SYNTAX Unsigned32(0|2560..4294967295) CIPsecTunnelIdleTime ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " This type corresponds to the time interval specified in seconds during which no traffic has been processed by a Phase-2 security association. " SYNTAX Unsigned32 (0|60..86400) CIPsecNumCryptoMaps ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " Integral units representing count of cryptomaps. " SYNTAX Gauge32(0..2147483647) CIPsecTunnelStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " This type represents the status of an IPsec Phase-1 or Phase-2 Tunnel. Objects of this type may be used to bring down the tunnel they represent by setting value of the object to destroy(5). Objects of this type cannot be used to create a tunnel. Description of enum constants of this type: initializePhase1: The tunnel is initializing Phase 1 operations (applies only to IKE tunnels). awaitXauth: The tunnel has concluded peer authentication successfully and is awaiting the completion of extended Authentication (applies only to IKE tunnels). awaitCommit: The tunnel has concluded initialization and is awaiting a signal (commit bit) from the peer to start operations. active: The tunnel is active. destroy: This value is used in SNMP SET operations to tear down the specified tunnel. rekey: This value is used in SNMP SET operations to force a rekeying. " SYNTAX INTEGER { initializePhase1(1), awaitXauth(2), awaitCommit(3), active(4), destroy(5), rekey(6) } CIPsecCryptomapType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The type of a cryptomap entry. Cryptomap is a unit of IOS IPSec policy specification. Description of enum constants of this type: cryptomapTypeMANUAL: The cryptomap entry uses manual keying. cryptomapTypeISAKMP: The cryptomap entry uses IKE protocol for keying. cryptomapTypeDYNAMIC: The cryptomap entry is dynamically instantiated. cryptomapTypeDYNAMICDISCOVERY: The cryptomap entry is dynamically instantiated and uses tunnel endpoint discovery to identify the peer during tunnel setup. " SYNTAX INTEGER { cryptomapTypeNONE(1), cryptomapTypeMANUAL(2), cryptomapTypeISAKMP(3), cryptomapTypeCET(4), cryptomapTypeDYNAMIC(5), cryptomapTypeDYNAMICDISCOVERY(6) } CIPsecCryptomapSetBindStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The status of the binding of a cryptomap set to the specified interface. The value when queried is always 'attached'. When set to 'detached', the cryptomap set if detached from the specified interface. Setting the value to 'attached' will result in SNMP General Error. Description of enum constants of this type: attached: The cryptomap set is attached to an interface. detached: The cryptomap set is not attached to any interface. " SYNTAX INTEGER { unknown(1), attached(2), detached(3) } CIPsecIkePRFAlgorithm ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION " The Pseudo Random Function algorithm used in IPsec Phase-1 IKEv2 negotiations. Description of enum constants of this type: prfHmacMd5: HMAC version of MDS. prfHmacSha1: HMAC version of SHA-1 algorithm " SYNTAX INTEGER{ none(1), other(2), prfHmacMd5(3), prfHmacSha1(4) } END