IPsec Security Policy Database Configuration MIB
RFC 4807
Document Type RFC - Proposed Standard (March 2007; Errata)
Was draft-ietf-ipsp-spd-mib (individual in sec area)
Authors Robert Story  , Ricky Charlet  , Michael Baer  , Cliff Wang  , Wes Hardaker 
Last updated 2020-01-21
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Reviews
SECDIR Early Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4807 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to (None)
Email authors IPR References Referenced by Nits 
Network Working Group                                            M. Baer
Request for Comments: 4807                                  Sparta, Inc.
Category: Standards Track                                     R. Charlet
                                                                    Self
                                                             W. Hardaker
                                                            Sparta, Inc.
                                                                R. Story
                                                     Revelstone Software
                                                                 C. Wang
                                                                     ARO
                                                              March 2007

            IPsec Security Policy Database Configuration MIB

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document defines a Structure of Management Information Version 2
   (SMIv2) Management Information Base (MIB) module for configuring the
   security policy database of a device implementing the IPsec protocol.
   The policy-based packet filtering and the corresponding execution of
   actions described in this document are of a more general nature than
   for IPsec configuration alone, such as for configuration of a
   firewall.  This MIB module is designed to be extensible with other
   enterprise or standards-based defined packet filters and actions.

Baer, et al.                Standards Track                     [Page 1]
RFC 4807              IPsec SPD configuration MIB             March 2007

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  The Internet-Standard Management Framework . . . . . . . . . .  3
   4.  Relationship to the DMTF Policy Model  . . . . . . . . . . . .  3
   5.  MIB Module Overview  . . . . . . . . . . . . . . . . . . . . .  4
     5.1.  Usage Tutorial . . . . . . . . . . . . . . . . . . . . . .  6
       5.1.1.  Notational Conventions . . . . . . . . . . . . . . . .  6
       5.1.2.  Implementing an Example SPD Policy . . . . . . . . . .  7
   6.  MIB Definition . . . . . . . . . . . . . . . . . . . . . . . .  8
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 65
     7.1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . 65
     7.2.  Protecting against Unauthenticated Access  . . . . . . . . 66
     7.3.  Protecting against Involuntary Disclosure  . . . . . . . . 66
     7.4.  Bootstrapping Your Configuration . . . . . . . . . . . . . 67
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 67
   9.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 68
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 68
     10.1. Normative References . . . . . . . . . . . . . . . . . . . 68
     10.2. Informative References . . . . . . . . . . . . . . . . . . 69

Baer, et al.                Standards Track                     [Page 2]
RFC 4807              IPsec SPD configuration MIB             March 2007

1.  Introduction

   This document defines a MIB module for configuration of an IPsec
   security policy database (SPD).  The IPsec model this MIB is designed
   to configure is based on the "IPsec Configuration Policy Model"
   (IPCP) [RFC3585].  The IPCP's IPsec model is, in turn, derived from
   the Distributed Management Task Force's (DMTF) IPsec model (see
   below) and from the IPsec model specified in RFC 2401 [RFC2401].
   Note: RFC 2401 has been updated by RFC 4301 [RFC4301], but this
   implementation is based on RFC 2401.  The policy-based packet
   filtering and the corresponding execution of actions configured by
   this MIB is of a more general nature than for IPsec configuration
   only, such as for configuration of a firewall.  It is possible to
   extend this MIB module and add other packet-transforming actions that
   are performed conditionally on an interface's network traffic.

   The IPsec- and IKE-specific actions are as documented in
   [IPsec-ACTION] and [IKE-ACTION], respectively, and are not documented
   in this document.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

3.  The Internet-Standard Management Framework

   For a detailed overview of the documents that describe the current
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools