1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
|
IPSEC-ISAKMP-IKE-DOI-TC DEFINITIONS ::= BEGIN
IMPORTS
-- make this mib a temporary watchguard extension before it becomes RFC
watchguard
FROM WATCHGUARD-MIB
-- delete next line before release
experimental,
MODULE-IDENTITY, Unsigned32 FROM SNMPv2-SMI
-- uncomment next line before release
mib-2 FROM RFC1213-MIB
TEXTUAL-CONVENTION FROM SNMPv2-TC;
ipsecIsakmpIkeDoiTC MODULE-IDENTITY
LAST-UPDATED "9907132145Z"
ORGANIZATION "Shiva"
CONTACT-INFO "John Shriver
Intel Corporation
28 Crosby Drive
Bedford, MA 01730
Phone:
+1-781-687-1329
E-mail:
John.Shriver@intel.com"
DESCRIPTION "The MIB module which defines the textual conventions
used in IPSEC MIBs. This includes Internet DOI
numbers defined in RFC 2407, ISAKMP numbers defined
in RFC 2408, and IKE numbers defined in RFC 2409.
These Textual Conventions are defined in a seperate
MIB module since they are protocol numbers managed
by the IANA. Revision control after publication
will be under the authority of the IANA."
REVISION "9902181705Z"
DESCRIPTION "Added IsakmpDOI TEXTUAL-CONVENTION."
REVISION "9903051545Z"
DESCRIPTION "Changed CONTACT-INFO."
REVISION "9907132145Z"
DESCRIPTION "Put in real experimental branch number for module."
REVISION "9910051705Z"
DESCRIPTION "Added exchange types, tracked IKE standard. Split
IkeNotifyMessageType off of IsakmpNotifyMessageType."
REVISION "9910151950Z"
DESCRIPTION "Removed stray comma in IsakmpNotifyMessageType."
-- replace xxx in next line before release, uncomment before release
-- ::= { mib-2 xxx }
-- delete next line before release
-- ::= { experimental 100 }
::= { watchguard 100 }
-- The first group of textual conventions are based on definitions
-- in the IPSEC DOI, RFC 2407.
IpsecDoiSituation ::= TEXTUAL-CONVENTION
DISPLAY-HINT "x"
STATUS current
DESCRIPTION "The IPSEC DOI Situation provides information that
can be used by the responder to make a policy
determination about how to process the incoming
Security Association request.
It is a four (4) octet bitmask, with the following
values:
sitIdentityOnly 0x01
sitSecrecy 0x02
sitIntegrity 0x04
The upper two bits (0x80000000 and 0x40000000) are
reserved for private use amongst cooperating
systems."
REFERENCE "RFC 2407 sections 4.2 and 6.2"
SYNTAX Unsigned32 (0..4294967295)
-- The syntax is not BITS, because we want the representation
-- to be the same here as it is in the ISAKMP/IKE protocols.
IpsecDoiSecProtocolId ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "These are the IPSEC DOI values for the Protocol-Id
field in an ISAKMP Proposal Payload, and in all
Notification Payloads.
They are also used as the Protocol-ID In the
Notification Payload and the Delete Payload.
The values 249-255 are reserved for private use
amongst cooperating systems."
REFERENCE "RFC 2407 section 4.4.1"
SYNTAX INTEGER {
reserved(0), -- reserved in DOI
protoIsakmp(1), -- message protection
-- required during Phase I
-- of the IKE protocol
protoIpsecAh(2), -- IP packet authentication
-- via Authentication Header
protoIpsecEsp(3), -- IP packet confidentiality
-- via Encapsulating
-- Security Payload
protoIpcomp(4) -- IP payload compression
}
IpsecDoiTransformIdent ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "The IPSEC DOI ISAKMP Transform Identifier is an
8-bit value which identifies a key exchange protocol
to be used for the negotiation. It is used in the
Transform-Id field of an IKE Phase I Transform
Payload.
The values 249-255 are reserved for private use
amongst cooperating systems."
REFERENCE "RFC 2407 sections 4.4.2 and 6.3"
SYNTAX INTEGER {
reserved(0), -- reserved in DOI
keyIke(1) -- the hybrid ISAKMP/Oakley
-- Diffie-Hellman key
-- exchange
}
IpsecDoiAhTransform ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "The IPSEC DOI AH Transform Identifier is an 8-bit
value which identifies a particular algorithm to be
used to provide integrity protection for AH. It is
used in the Tranform-ID field of a ISAKMP Transform
Payload for the IPSEC DOI, when the Protocol-Id of
the associated Proposal Payload is 2 (AH).
The values 249-255 are reserved for private use
amongst cooperating systems."
REFERENCE "RFC 2407 sections 4.4.3 and 6.4"
SYNTAX INTEGER {
reserved(0), -- reserved in DOI
reserved1(1), -- reserved
ahMd5(2), -- generic AH transform
-- using MD5
ahSha(3), -- generic AH transform
-- using SHA-1
ahDes(4) -- generic AH transform
-- using DES
}
IpsecDoiEspTransform ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "The IPSEC DOI ESP Transform Identifier is an 8-bit
value which identifies a particular algorithm to be
used to provide secrecy protection for ESP. It is
used in the Tranform-ID field of a ISAKMP Transform
Payload for the IPSEC DOI, when the Protocol-Id of
the associated Proposal Payload is 2 (AH), 3 (ESP),
and 4 (IPCOMP).
The values 249-255 are reserved for private use
amongst cooperating systems."
REFERENCE "RFC 2407 sections 4.4.4 and 6.5"
SYNTAX INTEGER {
reserved(0), -- reserved in DOI
espDesIv64(1), -- DES-CBC transform defined
-- in RFC 1827 and RFC 1829
-- using a 64-bit IV
espDes(2), -- generic DES transform
-- using DES-CBC
esp3Des(3), -- generic triple-DES
-- transform
espRc5(4), -- RC5 transform
espIdea(5), -- IDEA transform
espCast(6), -- CAST transform
espBlowfish(7), -- BLOWFISH transform
esp3Idea(8), -- reserved for triple-IDEA
espDesIv32(9), -- DES-CBC transform defined
-- in RFC 1827 and RFC 1829
-- using a 32-bit IV
espRc4(10), -- reserved for RC4
espNull(11) -- no confidentiality
-- provided by ESP
}
IpsecDoiAuthAlgorithm ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "The ESP Authentication Algorithm used in the IPSEC
DOI as a SA Attributes definition in the Transform
Payload of Phase II of an IKE negotiation. This
set of values defines the AH authentication
algorithm, when the associated Proposal Payload has
a Protocol-ID of 2 (AH). This set of values
defines the ESP authentication algorithm, when the
associated Proposal Payload has a Protocol-ID
of 3 (ESP).
Values 5-61439 are reserved to IANA.
Values 61440-65535 are for private use.
In a MIB, a value of 0 indicates that ESP
has been negotiated without authentication."
REFERENCE "RFC 2407 section 4.5"
SYNTAX INTEGER {
reserved(0), -- reserved in DOI
hmacMd5(1),
hmacSha(2),
desMac(3),
kpdk(4)
}
IpsecDoiIpcompTransform ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "The IPSEC DOI IPCOMP Transform Identifier is an
8-bit value which identifies a particular algorithm
to be used to provide IP-level compression before
ESP. It is used in the Tranform-ID field of a ISAKMP
Transform Payload for the IPSEC DOI, when the
Protocol-Id of the associated Proposal Payload
is 4 (IPCOMP).
The values 1-47 are reserved for algorithms for which
an RFC has been approved for publication.
The values 48-63 are reserved for private use amongst
cooperating systems.
The values 64-255 are reserved for future expansion."
REFERENCE "RFC 2407 sections 4.4.5 and 6.6"
SYNTAX INTEGER {
reserved(0), -- reserved in DOI
ipcompOui(1), -- proprietary compression
-- transform
ipcompDeflate(2), -- "zlib" deflate algorithm
ipcompLzs(3) -- Stac Electronics LZS
}
IpsecDoiEncapsulationMode ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "The Encapsulation Mode used as an IPSEC DOI
SA Attributes definition in the Transform Payload
of a Phase II IKE negotiation. This set of
values defines encapsulation modes used for AH,
ESP, and IPCOMP when the associated Proposal Payload
has a Protocol-ID of 3 (ESP).
Values 3-61439 are reserved to IANA.
Values 61440-65535 are for private use."
SYNTAX INTEGER {
reserved(0), -- reserved in DOI
tunnel(1),
transport(2)
}
IpsecDoiIdentType ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "The IPSEC DOI Identification Type is an 8-bit value
which is used in the ID Type field as a discriminant
for interpretation of the variable-length
Identification Payload.
The values 249-255 are reserved for private use
amongst cooperating systems."
REFERENCE "RFC 2407 sections 4.4.5, 4.6.2.1, and 6.9"
SYNTAX INTEGER {
reserved(0), -- reserved in DOI
idIpv4Addr(1), -- a single four (4) octet
-- IPv4 address
idFqdn(2), -- fully-qualified domain
-- name string
idUserFqdn(3), -- fully-qualified username
-- string
idIpv4AddrSubnet(4),
-- a range of IPv4 addresses,
-- represented by two
-- four (4) octet values,
-- where the first is an
-- address and the second
-- is a mask
idIpv6Addr(5), -- a single sixteen (16)
-- octet IPv6 address
idIpv6AddrSubnet(6),
-- a range of IPv6 addresses,
-- represented by two
-- sixteen (16) octet values,
-- where the first is an
-- address and the second
-- is a mask
idIpv4AddrRange(7), -- a range of IPv4 addresses,
-- represented by two
-- four (4) octet values,
-- where the first is the
-- beginning IPv4 address
-- and the second is the
-- ending IPv4 address
idIpv6AddrRange(8), -- a range of IPv6 addresses,
-- represented by two
-- sixteen (16) octet values,
-- where the first is the
-- beginning IPv6 address
-- and the second is the
-- ending IPv6 address
idDerAsn1Dn(9), -- the binary DER encoding of
-- ASN1 X.500
-- DistinguishedName
idDerAsn1Gn(10), -- the binary DER encoding of
-- ASN1 X.500 GeneralName
idKeyId(11) -- opaque byte stream which
-- may be used to pass
-- vendor-specific
-- information
}
-- The second group of textual conventions are based on defintions
-- the ISAKMP protocol, RFC 2408.
IsakmpDOI ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "These are the domain of interpretation values for
the ISAKMP Protocol. They are a 32-bit value
used in the Domain of Interpretation field of the
Security Association Payload.
Values 2-4294967295 are reserved to the IANA."
REFERENCE "RFC 2048 section 3.4."
SYNTAX INTEGER {
isakmp(0), -- generic ISAKMP SA in
-- Phase 1, which can be
-- used for any protocol
-- in Phase 2
ipsecDOI(1) -- the IPsec DOI as
-- specified in RFC 2407
}
IsakmpCertificateEncoding ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "These are the values for the types of
certificate-related information contained in the
Certificate Data field of a Certificate Payload.
They are used in the Cert Encoding field of the
Certificate Payload.
Values 11-255 are reserved."
REFERENCE "RFC 2408 section 3.9"
SYNTAX INTEGER {
pkcs7(1), -- PKCS #7 wrapped
-- X.509 certificate
pgp(2), -- PGP Certificate
dnsSignedKey(3), -- DNS Signed Key
x509Signature(4), -- X.509 Certificate:
-- Signature
x509KeyExchange(5), -- X.509 Certificate:
-- Key Exchange
kerberosTokens(6), -- Kerberos Tokens
crl(7), -- Certificate Revocation
-- List (CRL)
arl(8), -- Authority Revocation
-- List (ARL)
spki(9), -- SPKI Certificate
x509Attribute(10) -- X.509 Certificate:
-- Attribute
}
IsakmpExchangeType ::= TEXTUAL-CONVENTION
--
-- When revising IsakmpExchangeType, consider revising
-- IkeExchangeType as well.
--
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "These are the values used for the exchange types in
the ISAKMP header.
Values up to 31 are reserved for future
DOI-independent assignment for ISAKMP.
The values 240-255 are reserved for private use
amongst cooperating systems."
REFERENCE "RFC 2408 section 3.1"
SYNTAX INTEGER {
reserved(0),
base(1), -- base mode
identityProtect(2), -- identity protection
authOnly(3), -- authentication only
aggressive(4), -- aggressive mode
informational(5) -- informational
}
IsakmpNotifyMessageType ::= TEXTUAL-CONVENTION
--
-- If you change this, you probably want to
-- change IkeNotifyMessageType.
--
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "These are the values for the types of notification
messages. They are used as the Notify Message Type
field in the Notification Payload.
This textual convention merges the types
for error types (in the range 1-16386) and for
notification types (in the range 16384-65535).
The values 16001-16383 are reserved for private use
as error types amongst cooperating systems.
The values 24576-32767 are reserved for use in
each DOI. Each DOI should have a clone of this
textual convention adding local values.
The values 32768-40958 are reserved for private use
as notification types amongst cooperating systems."
REFERENCE "RFC 2408 section 3.14.1"
SYNTAX INTEGER {
-- Values defined for errors in ISAKMP
--
reserved(0), -- reserved in DOI
invalidPayloadType(1),
doiNotSupported(2),
situationNotSupported(3),
invalidCookie(4),
invalidMajorVersion(5),
invalidMinorVersion(6),
invalidExchangeType(7),
invalidFlags(8),
invalidMessageId(9),
invalidProtocolId(10),
invalidSpi(11),
invalidTransformId(12),
attributesNotSupported(13),
noProposalChosen(14),
badProposalSyntax(15),
payloadMalformed(16),
invalidKeyInformation(17),
invalidIdInformation(18),
invalidCertEncoding(19),
invalidCertificate(20),
certTypeUnsupported(21),
invalidCertAuthority(22),
invalidHashInformation(23),
authenticationFailed(24),
invalidSignature(25),
addressNotification(26),
notifySaLifetime(27),
certificateUnavailable(28),
unsupportedExchangeType(29),
unequalPayloadLengths(30)
-- values defined for errors in IPSEC DOI
-- (none)
-- values defined for notification in ISAKMP
-- (none)
-- values defined for notification in
-- each DOI (clone this TC)
}
-- The third group of textual conventions are based on defintions
-- the IKE key exchange protocol, RFC 2409.
IkeExchangeType ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "These are the values used for the exchange types in
the ISAKMP header.
The values 32-239 are DOI-specific, these values are
for the IPSec DOI used by IKE.
The values 240-255 are reserved for private use
amongst cooperating systems."
REFERENCE "RFC 2409 Appendix A,
draft-ietf-ipsec-ike-01.txt appendix A"
SYNTAX INTEGER {
reserved(0),
base(1), -- base mode
mainMode(2), -- main mode
authOnly(3), -- authentication only
aggressive(4), -- aggressive mode
informational(5), -- informational
quickMode(32), -- quick mode
newGroupMode(33), -- new group mode
acknowledgedInfo(34)
-- acknowledged informational
}
IkeEncryptionAlgorithm ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "Values for encryption algorithms negotiated
for the ISAKMP SA by IKE in Phase I. These are
values for SA Attrbute type Encryption
Algorithm (1).
Values 7-65000 are reserved to IANA.
Values 65001-65535 are for private use among
mutually consenting parties."
REFERENCE "RFC 2409 appendix A"
SYNTAX INTEGER {
reserved(0), -- reserved in IKE
desCbc(1), -- RFC 2405
ideaCbc(2),
blowfishCbc(3),
rc5R16B64Cbc(4), -- RC5 R16 B64 CBC
tripleDesCbc(5), -- 3DES CBC
castCbc(6)
}
IkeHashAlgorithm ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "Values for hash algorithms negotiated
for the ISAKMP SA by IKE in Phase I. These are
values for SA Attrbute type Hash Algorithm (2).
Values 4-65000 are reserved to IANA.
Values 65001-65535 are for private use among
mutually consenting parties."
REFERENCE "RFC 2409 appendix A"
SYNTAX INTEGER {
reserved(0), -- reserved in IKE
md5(1), -- RFC 1321
sha(2), -- FIPS 180-1
tiger(3)
}
IkeAuthMethod ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "Values for authentication methods negotiated
for the ISAKMP SA by IKE in Phase I. These are
values for SA Attrbute type Authentication
Method (3).
Values 6-65000 are reserved to IANA.
Values 65001-65535 are for private use among
mutually consenting parties."
REFERENCE "RFC 2409 appendix A,
draft-ietf-ipsec-ike-01.txt appendix A"
SYNTAX INTEGER {
reserved(0), -- reserved in IKE
preSharedKey(1),
dssSignatures(2),
rsaSignatures(3),
encryptionWithRsa(4),
revisedEncryptionWithRsa(5),
encryptionWithElGamal(6),
revisedEncryptionWithElGamal(7)
}
IkeGroupDescription ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "Values for Oakley key computation groups for
Diffie-Hellman exchange negotiated for the ISAKMP
SA by IKE in Phase I. They are also used in Phase II
when perfect forward secrecy is in use. These are
values for SA Attrbute type Group Description (4)."
REFERENCE "RFC 2409 appendix A,
draft-ietf-ipsec-ike-01.txt appendix A"
SYNTAX INTEGER {
reserved(0), -- reserved in IKE
modp768(1), -- default 768-bit MODP group
modp1024(2), -- alternate 1024-bit MODP
-- group
ec2nGalois2P155(3), -- EC2N group on Galois
-- Field GF[2^155]
ec2nGalois2P185(4), -- EC2N group on Galois
-- Field GF[2^185]
modp1536(5) -- alternate 1536-bit MODP
-- group
}
IkeGroupType ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "Values for Oakley key computation group types
negotiated for the ISAKMP SA by IKE in Phase I.
They are also used in Phase II when perfect forward
secrecy is in use. These are values for SA Attribute
type Group Type (5)."
REFERENCE "RFC 2409 appendix A"
SYNTAX INTEGER {
reserved(0), -- reserved in IKE
modp(1), -- modular eponentiation
-- group
ecp(2), -- elliptic curve group over
-- Galois Field GF[P]
ec2n(3) -- elliptic curve group over
-- Galois Field GF[2^N]
}
IkePrf ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "Values for Pseudo-Random Functions used with
with the hash algorithm negotiated for the ISAKMP SA
by IKE in Phase I. There are currently no
pseudo-random functions defined, the default HMAC is
always used. These are values for SA Attribute type
PRF (13).
Values 1-65000 are reserved to IANA.
Values 65001-65535 are for private use among
mutually consenting parties."
REFERENCE "RFC 2409 appendix A"
SYNTAX Unsigned32 (0..65535)
IkeNotifyMessageType ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION "These are the values for the types of notification
messages. They are used as the Notify Message Type
field in the Notification Payload.
This textual convention merges the types
for error types (in the range 1-16386) and for
notification types (in the range 16384-65535).
This textual convention is a merge of values
defined by ISAKMP with the additional values
defined in the IPSEC DOI.
The values 16001-16383 are reserved for private use
as error types amongst cooperating systems.
The values 32001-32767 are reserved for private use
as notification types amongst cooperating systems."
REFERENCE "RFC 2408 section 3.14.1 and RFC 2407 sections 4.6.3
and 6.10"
SYNTAX INTEGER {
-- Values defined for errors in ISAKMP
--
reserved(0), -- reserved in DOI
invalidPayloadType(1),
doiNotSupported(2),
situationNotSupported(3),
invalidCookie(4),
invalidMajorVersion(5),
invalidMinorVersion(6),
invalidExchangeType(7),
invalidFlags(8),
invalidMessageId(9),
invalidProtocolId(10),
invalidSpi(11),
invalidTransformId(12),
attributesNotSupported(13),
noProposalChosen(14),
badProposalSyntax(15),
payloadMalformed(16),
invalidKeyInformation(17),
invalidIdInformation(18),
invalidCertEncoding(19),
invalidCertificate(20),
certTypeUnsupported(21),
invalidCertAuthority(22),
invalidHashInformation(23),
authenticationFailed(24),
invalidSignature(25),
addressNotification(26),
notifySaLifetime(27),
certificateUnavailable(28),
unsupportedExchangeType(29),
unequalPayloadLengths(30),
-- values defined for errors in IPSEC DOI
-- (none)
-- values defined for notification in ISAKMP
-- (none)
-- values defined for notification in IPSEC
-- DOI
responderLifetime(24576),
-- used to communicate IPSEC
-- SA lifetime chosen by the
-- responder
replayStatus(24577),
-- used for positive
-- confirmation of the
-- responder's election on
-- whether or not he is to
-- perform anti-replay
-- detection
initialContact(24578)
-- used when one side wishes
-- to inform the other that
-- this is the first SA being
-- established with the
-- remote system
}
END
|
