{ "openapi": "3.0.0", "info": { "title": "CISCO-IPSEC-POLICY-MAP-MIB MIB API", "version": "1.0.0", "description": "The MIB module maps the IPSec\n entities created dynamically to the policy entities\n that caused them. This is an appendix to the\n IPSEC-MONITOR-MIB that has been proposed to\n IETF for monitoring IPSec based Virtual Private \n Networks.\n \n Overview of Cisco IPsec Policy Map MIB\n \n MIB description\n \n There are two components to this MIB: \n #1 a table that maps an IPSec Phase-1 \n tunnel to the Internet Security Association \n and Key Exchange (ISAKMP) Policy \n \n and \n \n #2 a table that maps an IPSec Phase-2 \n tunnel to the corresponding IPSec Policy\n element - called 'cryptomaps' - in IOS \n (Internet Operating System)\n \n The first mappin (also called Internet Key Exchange\n or IKE mapping) yields, given the index of\n the IKE tunnel in the ikeTunnelTable\n (IPSEC-MONITOR-MIB), the ISAKMP policy definition\n defined using the CLI on the managed entity.\n \n The IPSec mapping yields, given the index\n of the IPSec tunnel in the ipSecTunnelTable\n (IPSEC-MONITOR-MIB), the IPSec transform and\n the cryptomap definition that gave rise to\n this tunnel.\n \n In implementation and usage, this MIB cannot\n exist independent of the IPSEC-MONITOR-MIB.\n\nāš ļø **IMPORTANT - MIB DATA ACCESS**:\nThis YANG model exists for SMIv2-to-YANG translation purposes, but MIB data on IOS-XE devices is primarily accessed via **SNMP protocol**, not RESTCONF.\n\n**RESTCONF Limitation**: Many MIB paths may return 404 errors via RESTCONF `/data` endpoints because the device exposes MIB data through SNMP, not the YANG datastore.\n\n**Recommended Access Methods**:\n- Use SNMP (v2c/v3) to query MIB data directly\n- Use NETCONF `` operations for devices supporting YANG-modeled MIB access\n- Check device capabilities: some newer IOS-XE versions may support limited RESTCONF access to specific MIBs\n\n**YANG Model Purpose**: These YANG models define the structure of SNMP MIBs in YANG format for tooling compatibility, but do not guarantee RESTCONF data availability.\n\n\n**šŸ“Š YANG Tree:** [View CISCO-IPSEC-POLICY-MAP-MIB structure](https://jeremycohoe.github.io/cisco-ios-xe-openapi-swagger/yang-trees/CISCO-IPSEC-POLICY-MAP-MIB.html)", "contact": { "name": "Cisco DevNet", "url": "https://developer.cisco.com" }, "x-yang-module": "CISCO-IPSEC-POLICY-MAP-MIB", "x-model-type": "mib" }, "servers": [ { "url": "https://{device}/restconf", "description": "RESTCONF server", "variables": { "device": { "default": "10.1.1.1", "description": "Device hostname or IP address" } } } ], "paths": { "/data/CISCO-IPSEC-POLICY-MAP-MIB:ikePolMapTable": { "get": { "summary": "Get ikePolMapTable data", "description": "Retrieve ikePolMapTable operational data from MIB", "tags": [ "CISCO-IPSEC-POLICY-MAP-MIB" ], "responses": { "200": { "description": "Success", "content": { "application/yang-data+json": { "schema": { "type": "object", "description": "The IPSec Phase-1 Internet Key Exchange Tunnel\n to Policy Mapping Table. There is one entry in\n this table for each active IPSec Phase-1\n Tunnel.", "properties": { "ikePolMapEntry": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-1 IKE Tunnel\n to it's configured Policy definition.", "items": { "type": "object", "properties": { "ikePolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-1 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-1 Tunnel in\n the IPSec MIB (ikeTunIndex in the\n ikeTunnelTable).", "minimum": -2147483648, "maximum": 2147483647 }, "ikePolMapPolicyNum": { "type": "integer", "description": "The number of the locally defined ISAKMP policy\n used to establish the IPSec IKE Phase-1 Tunnel.\n This is the number which was used on the crypto\n command. For example, if the configuration command\n was:\n \n ==> crypto isakmp policy 15\n \n then the value of this object would be 15.\n If ISAKMP was not used to establish this tunnel,\n then the value of this object will be zero.", "minimum": -2147483648, "maximum": 2147483647 } } } } } }, "example": { "CISCO-IPSEC-POLICY-MAP-MIB:ikePolMapTable": { "ikePolMapEntry": [ { "ikePolMapTunIndex": 1, "ikePolMapPolicyNum": -2147483648 }, { "ikePolMapTunIndex": 2, "ikePolMapPolicyNum": -2147483648 }, { "ikePolMapTunIndex": 3, "ikePolMapPolicyNum": -2147483648 } ] } } } } }, "403": { "description": "Forbidden ā€” insufficient access rights (NACM)", "content": { "application/yang-data+json": { "schema": { "$ref": "#/components/schemas/restconf-error" } } } } }, "operationId": "get-ikePolMapTable", "parameters": [ { "name": "Accept", "in": "header", "required": false, "description": "RESTCONF response media type (RFC 8040)", "schema": { "type": "string", "default": "application/yang-data+json", "enum": [ "application/yang-data+json", "application/yang-data+xml" ] } }, { "name": "depth", "in": "query", "required": false, "description": "Limit the depth of returned sub-tree data (RFC 8040 Section 4.8.2). Use 'unbounded' for full depth.", "schema": { "type": "string", "default": "unbounded" } }, { "name": "fields", "in": "query", "required": false, "description": "Select specific fields to return (RFC 8040 Section 4.8.3). Example: fields=name;status", "schema": { "type": "string" } }, { "name": "content", "in": "query", "required": false, "description": "Filter by config state: 'config' (config true only), 'nonconfig' (config false only), or 'all'.", "schema": { "type": "string", "enum": [ "config", "nonconfig", "all" ], "default": "all" } } ] }, "x-yang-path": "/ikePolMapTable", "x-restconf-kind": "container" }, "/data/CISCO-IPSEC-POLICY-MAP-MIB:ikePolMapTable/ikePolMapEntry": { "get": { "summary": "Get ikePolMapEntry list", "description": "Retrieve list of ikePolMapEntry entries from MIB", "tags": [ "CISCO-IPSEC-POLICY-MAP-MIB" ], "responses": { "200": { "description": "Success", "content": { "application/yang-data+json": { "schema": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-1 IKE Tunnel\n to it's configured Policy definition.", "items": { "type": "object", "properties": { "ikePolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-1 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-1 Tunnel in\n the IPSec MIB (ikeTunIndex in the\n ikeTunnelTable).", "minimum": -2147483648, "maximum": 2147483647 }, "ikePolMapPolicyNum": { "type": "integer", "description": "The number of the locally defined ISAKMP policy\n used to establish the IPSec IKE Phase-1 Tunnel.\n This is the number which was used on the crypto\n command. For example, if the configuration command\n was:\n \n ==> crypto isakmp policy 15\n \n then the value of this object would be 15.\n If ISAKMP was not used to establish this tunnel,\n then the value of this object will be zero.", "minimum": -2147483648, "maximum": 2147483647 } } } }, "example": { "CISCO-IPSEC-POLICY-MAP-MIB:ikePolMapEntry": [ { "ikePolMapTunIndex": 1, "ikePolMapPolicyNum": -2147483648 } ] } } } }, "403": { "description": "Forbidden ā€” insufficient access rights (NACM)", "content": { "application/yang-data+json": { "schema": { "$ref": "#/components/schemas/restconf-error" } } } } }, "operationId": "get-ikePolMapEntry", "parameters": [ { "name": "Accept", "in": "header", "required": false, "description": "RESTCONF response media type (RFC 8040)", "schema": { "type": "string", "default": "application/yang-data+json", "enum": [ "application/yang-data+json", "application/yang-data+xml" ] } }, { "name": "depth", "in": "query", "required": false, "description": "Limit the depth of returned sub-tree data (RFC 8040 Section 4.8.2). Use 'unbounded' for full depth.", "schema": { "type": "string", "default": "unbounded" } }, { "name": "fields", "in": "query", "required": false, "description": "Select specific fields to return (RFC 8040 Section 4.8.3). Example: fields=name;status", "schema": { "type": "string" } }, { "name": "content", "in": "query", "required": false, "description": "Filter by config state: 'config' (config true only), 'nonconfig' (config false only), or 'all'.", "schema": { "type": "string", "enum": [ "config", "nonconfig", "all" ], "default": "all" } } ] }, "x-yang-path": "/ikePolMapTable/ikePolMapEntry", "x-restconf-kind": "container" }, "/data/CISCO-IPSEC-POLICY-MAP-MIB:ikePolMapTable/ikePolMapEntry={ikePolMapTunIndex}": { "get": { "summary": "Get ikePolMapEntry entry", "description": "Retrieve specific ikePolMapEntry entry by key from MIB", "tags": [ "CISCO-IPSEC-POLICY-MAP-MIB" ], "parameters": [ { "name": "ikePolMapTunIndex", "in": "path", "required": true, "schema": { "type": "string" }, "example": "1" }, { "name": "Accept", "in": "header", "required": false, "description": "RESTCONF response media type (RFC 8040)", "schema": { "type": "string", "default": "application/yang-data+json", "enum": [ "application/yang-data+json", "application/yang-data+xml" ] } }, { "name": "depth", "in": "query", "required": false, "description": "Limit the depth of returned sub-tree data (RFC 8040 Section 4.8.2). Use 'unbounded' for full depth.", "schema": { "type": "string", "default": "unbounded" } }, { "name": "fields", "in": "query", "required": false, "description": "Select specific fields to return (RFC 8040 Section 4.8.3). Example: fields=name;status", "schema": { "type": "string" } }, { "name": "content", "in": "query", "required": false, "description": "Filter by config state: 'config' (config true only), 'nonconfig' (config false only), or 'all'.", "schema": { "type": "string", "enum": [ "config", "nonconfig", "all" ], "default": "all" } } ], "responses": { "200": { "description": "Success", "content": { "application/yang-data+json": { "schema": { "type": "object", "properties": { "ikePolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-1 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-1 Tunnel in\n the IPSec MIB (ikeTunIndex in the\n ikeTunnelTable).", "minimum": -2147483648, "maximum": 2147483647 }, "ikePolMapPolicyNum": { "type": "integer", "description": "The number of the locally defined ISAKMP policy\n used to establish the IPSec IKE Phase-1 Tunnel.\n This is the number which was used on the crypto\n command. For example, if the configuration command\n was:\n \n ==> crypto isakmp policy 15\n \n then the value of this object would be 15.\n If ISAKMP was not used to establish this tunnel,\n then the value of this object will be zero.", "minimum": -2147483648, "maximum": 2147483647 } } }, "example": { "CISCO-IPSEC-POLICY-MAP-MIB:ikePolMapEntry": { "ikePolMapTunIndex": 1, "ikePolMapPolicyNum": -2147483648 } } } } }, "403": { "description": "Forbidden ā€” insufficient access rights (NACM)", "content": { "application/yang-data+json": { "schema": { "$ref": "#/components/schemas/restconf-error" } } } } }, "operationId": "get-ikePolMapEntry-2" }, "x-yang-path": "/ikePolMapTable/ikePolMapEntry={ikePolMapTunIndex}", "x-restconf-kind": "list-instance", "x-list-keys": [ "ikePolMapTunIndex" ] }, "/data/CISCO-IPSEC-POLICY-MAP-MIB:ipSecPolMapTable": { "get": { "summary": "Get ipSecPolMapTable data", "description": "Retrieve ipSecPolMapTable operational data from MIB", "tags": [ "CISCO-IPSEC-POLICY-MAP-MIB" ], "responses": { "200": { "description": "Success", "content": { "application/yang-data+json": { "schema": { "type": "object", "description": "The IPSec Phase-2 Tunnel to Policy Mapping Table.\n There is one entry in this table for each active\n IPSec Phase-2 Tunnel.", "properties": { "ipSecPolMapEntry": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-2 Tunnel\n to its configured Policy definition.", "items": { "type": "object", "properties": { "ipSecPolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-2 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-2 Tunnel in\n the IPSec MIB (ipSecTunIndex in the\n ipSecTunnelTable).", "minimum": -2147483648, "maximum": 2147483647 }, "ipSecPolMapCryptoMapName": { "type": "string", "description": "The value of this object should be the name of \n the IPSec Policy (cryptomap) as assigned by the \n operator while configuring the policy of \n the IPSec traffic.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 'ftpPolicy'.", "x-yang-type": "snmpv2-tc:DisplayString" }, "ipSecPolMapCryptoMapNum": { "type": "integer", "description": "The value of this object should be the priority\n of the IPSec Policy (cryptomap) assigned by the \n operator while configuring the policy of \n this IPSec tunnel.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 10.", "minimum": -2147483648, "maximum": 2147483647 }, "ipSecPolMapAclString": { "type": "string", "description": "The value of this object is the number or\n the name of the access control string (ACL) \n that caused this IPSec tunnel to be established. \n The ACL that causes an IPSec tunnel\n to be established is referenced by the \n cryptomap of the tunnel.\n \n The ACL identifies the traffic that requires\n protection as defined by the policy.\n \n For instance, the ACL that requires FTP\n traffic between local subnet 172.16.14.0 and a\n remote subnet 172.16.16.0 to be protected\n is defined as\n \n ==>access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n \n When this command causes an IPSec tunnel to be\n established, the object 'ipSecPolMapAclString'\n assumes the string value '101'.\n \n If the ACL is a named list such as\n ==> ip access-list standard myAcl\n permit 172.16.16.8 0.0.0.0\n \n then the value of this MIB element corresponding to \n IPSec tunnel that was created by this ACL would\n be 'myAcl'.", "x-yang-type": "snmpv2-tc:DisplayString" }, "ipSecPolMapAceString": { "type": "string", "description": "The value of this object is the access control \n entry (ACE) within the ACL that caused this IPSec \n tunnel to be established. \n \n For instance, if an ACL defines access for two\n traffic streams (FTP and SNMP) as follows:\n \n access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161\n \n \n When associated with an IPSec policy, the second\n element of the ACL gives rise to an IPSec tunnel\n in the wake of SNMP traffic. The value of the\n object 'ipSecPolMapAceString' for the IPSec tunnel\n would be then the string\n 'access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161'", "x-yang-type": "snmpv2-tc:DisplayString" } } } } } }, "example": { "CISCO-IPSEC-POLICY-MAP-MIB:ipSecPolMapTable": { "ipSecPolMapEntry": [ { "ipSecPolMapTunIndex": 1, "ipSecPolMapCryptoMapName": "192.168.1.1", "ipSecPolMapCryptoMapNum": -2147483648, "ipSecPolMapAclString": "192.168.1.1", "ipSecPolMapAceString": "192.168.1.1" }, { "ipSecPolMapTunIndex": 2, "ipSecPolMapCryptoMapName": "192.168.1.1", "ipSecPolMapCryptoMapNum": -2147483648, "ipSecPolMapAclString": "192.168.1.1", "ipSecPolMapAceString": "192.168.1.1" }, { "ipSecPolMapTunIndex": 3, "ipSecPolMapCryptoMapName": "192.168.1.1", "ipSecPolMapCryptoMapNum": -2147483648, "ipSecPolMapAclString": "192.168.1.1", "ipSecPolMapAceString": "192.168.1.1" } ] } } } } }, "403": { "description": "Forbidden ā€” insufficient access rights (NACM)", "content": { "application/yang-data+json": { "schema": { "$ref": "#/components/schemas/restconf-error" } } } } }, "operationId": "get-ipSecPolMapTable", "parameters": [ { "name": "Accept", "in": "header", "required": false, "description": "RESTCONF response media type (RFC 8040)", "schema": { "type": "string", "default": "application/yang-data+json", "enum": [ "application/yang-data+json", "application/yang-data+xml" ] } }, { "name": "depth", "in": "query", "required": false, "description": "Limit the depth of returned sub-tree data (RFC 8040 Section 4.8.2). Use 'unbounded' for full depth.", "schema": { "type": "string", "default": "unbounded" } }, { "name": "fields", "in": "query", "required": false, "description": "Select specific fields to return (RFC 8040 Section 4.8.3). Example: fields=name;status", "schema": { "type": "string" } }, { "name": "content", "in": "query", "required": false, "description": "Filter by config state: 'config' (config true only), 'nonconfig' (config false only), or 'all'.", "schema": { "type": "string", "enum": [ "config", "nonconfig", "all" ], "default": "all" } } ] }, "x-yang-path": "/ipSecPolMapTable", "x-restconf-kind": "container" }, "/data/CISCO-IPSEC-POLICY-MAP-MIB:ipSecPolMapTable/ipSecPolMapEntry": { "get": { "summary": "Get ipSecPolMapEntry list", "description": "Retrieve list of ipSecPolMapEntry entries from MIB", "tags": [ "CISCO-IPSEC-POLICY-MAP-MIB" ], "responses": { "200": { "description": "Success", "content": { "application/yang-data+json": { "schema": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-2 Tunnel\n to its configured Policy definition.", "items": { "type": "object", "properties": { "ipSecPolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-2 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-2 Tunnel in\n the IPSec MIB (ipSecTunIndex in the\n ipSecTunnelTable).", "minimum": -2147483648, "maximum": 2147483647 }, "ipSecPolMapCryptoMapName": { "type": "string", "description": "The value of this object should be the name of \n the IPSec Policy (cryptomap) as assigned by the \n operator while configuring the policy of \n the IPSec traffic.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 'ftpPolicy'.", "x-yang-type": "snmpv2-tc:DisplayString" }, "ipSecPolMapCryptoMapNum": { "type": "integer", "description": "The value of this object should be the priority\n of the IPSec Policy (cryptomap) assigned by the \n operator while configuring the policy of \n this IPSec tunnel.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 10.", "minimum": -2147483648, "maximum": 2147483647 }, "ipSecPolMapAclString": { "type": "string", "description": "The value of this object is the number or\n the name of the access control string (ACL) \n that caused this IPSec tunnel to be established. \n The ACL that causes an IPSec tunnel\n to be established is referenced by the \n cryptomap of the tunnel.\n \n The ACL identifies the traffic that requires\n protection as defined by the policy.\n \n For instance, the ACL that requires FTP\n traffic between local subnet 172.16.14.0 and a\n remote subnet 172.16.16.0 to be protected\n is defined as\n \n ==>access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n \n When this command causes an IPSec tunnel to be\n established, the object 'ipSecPolMapAclString'\n assumes the string value '101'.\n \n If the ACL is a named list such as\n ==> ip access-list standard myAcl\n permit 172.16.16.8 0.0.0.0\n \n then the value of this MIB element corresponding to \n IPSec tunnel that was created by this ACL would\n be 'myAcl'.", "x-yang-type": "snmpv2-tc:DisplayString" }, "ipSecPolMapAceString": { "type": "string", "description": "The value of this object is the access control \n entry (ACE) within the ACL that caused this IPSec \n tunnel to be established. \n \n For instance, if an ACL defines access for two\n traffic streams (FTP and SNMP) as follows:\n \n access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161\n \n \n When associated with an IPSec policy, the second\n element of the ACL gives rise to an IPSec tunnel\n in the wake of SNMP traffic. The value of the\n object 'ipSecPolMapAceString' for the IPSec tunnel\n would be then the string\n 'access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161'", "x-yang-type": "snmpv2-tc:DisplayString" } } } }, "example": { "CISCO-IPSEC-POLICY-MAP-MIB:ipSecPolMapEntry": [ { "ipSecPolMapTunIndex": 1, "ipSecPolMapCryptoMapName": "192.168.1.1", "ipSecPolMapCryptoMapNum": -2147483648, "ipSecPolMapAclString": "192.168.1.1", "ipSecPolMapAceString": "192.168.1.1" } ] } } } }, "403": { "description": "Forbidden ā€” insufficient access rights (NACM)", "content": { "application/yang-data+json": { "schema": { "$ref": "#/components/schemas/restconf-error" } } } } }, "operationId": "get-ipSecPolMapEntry", "parameters": [ { "name": "Accept", "in": "header", "required": false, "description": "RESTCONF response media type (RFC 8040)", "schema": { "type": "string", "default": "application/yang-data+json", "enum": [ "application/yang-data+json", "application/yang-data+xml" ] } }, { "name": "depth", "in": "query", "required": false, "description": "Limit the depth of returned sub-tree data (RFC 8040 Section 4.8.2). Use 'unbounded' for full depth.", "schema": { "type": "string", "default": "unbounded" } }, { "name": "fields", "in": "query", "required": false, "description": "Select specific fields to return (RFC 8040 Section 4.8.3). Example: fields=name;status", "schema": { "type": "string" } }, { "name": "content", "in": "query", "required": false, "description": "Filter by config state: 'config' (config true only), 'nonconfig' (config false only), or 'all'.", "schema": { "type": "string", "enum": [ "config", "nonconfig", "all" ], "default": "all" } } ] }, "x-yang-path": "/ipSecPolMapTable/ipSecPolMapEntry", "x-restconf-kind": "container" }, "/data/CISCO-IPSEC-POLICY-MAP-MIB:ipSecPolMapTable/ipSecPolMapEntry={ipSecPolMapTunIndex}": { "get": { "summary": "Get ipSecPolMapEntry entry", "description": "Retrieve specific ipSecPolMapEntry entry by key from MIB", "tags": [ "CISCO-IPSEC-POLICY-MAP-MIB" ], "parameters": [ { "name": "ipSecPolMapTunIndex", "in": "path", "required": true, "schema": { "type": "string" }, "example": "1" }, { "name": "Accept", "in": "header", "required": false, "description": "RESTCONF response media type (RFC 8040)", "schema": { "type": "string", "default": "application/yang-data+json", "enum": [ "application/yang-data+json", "application/yang-data+xml" ] } }, { "name": "depth", "in": "query", "required": false, "description": "Limit the depth of returned sub-tree data (RFC 8040 Section 4.8.2). Use 'unbounded' for full depth.", "schema": { "type": "string", "default": "unbounded" } }, { "name": "fields", "in": "query", "required": false, "description": "Select specific fields to return (RFC 8040 Section 4.8.3). Example: fields=name;status", "schema": { "type": "string" } }, { "name": "content", "in": "query", "required": false, "description": "Filter by config state: 'config' (config true only), 'nonconfig' (config false only), or 'all'.", "schema": { "type": "string", "enum": [ "config", "nonconfig", "all" ], "default": "all" } } ], "responses": { "200": { "description": "Success", "content": { "application/yang-data+json": { "schema": { "type": "object", "properties": { "ipSecPolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-2 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-2 Tunnel in\n the IPSec MIB (ipSecTunIndex in the\n ipSecTunnelTable).", "minimum": -2147483648, "maximum": 2147483647 }, "ipSecPolMapCryptoMapName": { "type": "string", "description": "The value of this object should be the name of \n the IPSec Policy (cryptomap) as assigned by the \n operator while configuring the policy of \n the IPSec traffic.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 'ftpPolicy'.", "x-yang-type": "snmpv2-tc:DisplayString" }, "ipSecPolMapCryptoMapNum": { "type": "integer", "description": "The value of this object should be the priority\n of the IPSec Policy (cryptomap) assigned by the \n operator while configuring the policy of \n this IPSec tunnel.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 10.", "minimum": -2147483648, "maximum": 2147483647 }, "ipSecPolMapAclString": { "type": "string", "description": "The value of this object is the number or\n the name of the access control string (ACL) \n that caused this IPSec tunnel to be established. \n The ACL that causes an IPSec tunnel\n to be established is referenced by the \n cryptomap of the tunnel.\n \n The ACL identifies the traffic that requires\n protection as defined by the policy.\n \n For instance, the ACL that requires FTP\n traffic between local subnet 172.16.14.0 and a\n remote subnet 172.16.16.0 to be protected\n is defined as\n \n ==>access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n \n When this command causes an IPSec tunnel to be\n established, the object 'ipSecPolMapAclString'\n assumes the string value '101'.\n \n If the ACL is a named list such as\n ==> ip access-list standard myAcl\n permit 172.16.16.8 0.0.0.0\n \n then the value of this MIB element corresponding to \n IPSec tunnel that was created by this ACL would\n be 'myAcl'.", "x-yang-type": "snmpv2-tc:DisplayString" }, "ipSecPolMapAceString": { "type": "string", "description": "The value of this object is the access control \n entry (ACE) within the ACL that caused this IPSec \n tunnel to be established. \n \n For instance, if an ACL defines access for two\n traffic streams (FTP and SNMP) as follows:\n \n access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161\n \n \n When associated with an IPSec policy, the second\n element of the ACL gives rise to an IPSec tunnel\n in the wake of SNMP traffic. The value of the\n object 'ipSecPolMapAceString' for the IPSec tunnel\n would be then the string\n 'access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161'", "x-yang-type": "snmpv2-tc:DisplayString" } } }, "example": { "CISCO-IPSEC-POLICY-MAP-MIB:ipSecPolMapEntry": { "ipSecPolMapTunIndex": 1, "ipSecPolMapCryptoMapName": "192.168.1.1", "ipSecPolMapCryptoMapNum": -2147483648, "ipSecPolMapAclString": "192.168.1.1", "ipSecPolMapAceString": "192.168.1.1" } } } } }, "403": { "description": "Forbidden ā€” insufficient access rights (NACM)", "content": { "application/yang-data+json": { "schema": { "$ref": "#/components/schemas/restconf-error" } } } } }, "operationId": "get-ipSecPolMapEntry-2" }, "x-yang-path": "/ipSecPolMapTable/ipSecPolMapEntry={ipSecPolMapTunIndex}", "x-restconf-kind": "list-instance", "x-list-keys": [ "ipSecPolMapTunIndex" ] }, "/data/CISCO-IPSEC-POLICY-MAP-MIB:ikePolMapEntry": { "get": { "summary": "Get ikePolMapEntry list", "description": "Retrieve list of ikePolMapEntry entries from MIB", "tags": [ "CISCO-IPSEC-POLICY-MAP-MIB" ], "responses": { "200": { "description": "Success", "content": { "application/yang-data+json": { "schema": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-1 IKE Tunnel\n to it's configured Policy definition.", "items": { "type": "object", "properties": { "ikePolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-1 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-1 Tunnel in\n the IPSec MIB (ikeTunIndex in the\n ikeTunnelTable).", "minimum": -2147483648, "maximum": 2147483647 }, "ikePolMapPolicyNum": { "type": "integer", "description": "The number of the locally defined ISAKMP policy\n used to establish the IPSec IKE Phase-1 Tunnel.\n This is the number which was used on the crypto\n command. For example, if the configuration command\n was:\n \n ==> crypto isakmp policy 15\n \n then the value of this object would be 15.\n If ISAKMP was not used to establish this tunnel,\n then the value of this object will be zero.", "minimum": -2147483648, "maximum": 2147483647 } } } }, "example": { "CISCO-IPSEC-POLICY-MAP-MIB:ikePolMapEntry": [ { "ikePolMapTunIndex": 1, "ikePolMapPolicyNum": -2147483648 } ] } } } }, "403": { "description": "Forbidden ā€” insufficient access rights (NACM)", "content": { "application/yang-data+json": { "schema": { "$ref": "#/components/schemas/restconf-error" } } } } }, "operationId": "get-ikePolMapEntry-3", "parameters": [ { "name": "Accept", "in": "header", "required": false, "description": "RESTCONF response media type (RFC 8040)", "schema": { "type": "string", "default": "application/yang-data+json", "enum": [ "application/yang-data+json", "application/yang-data+xml" ] } }, { "name": "depth", "in": "query", "required": false, "description": "Limit the depth of returned sub-tree data (RFC 8040 Section 4.8.2). Use 'unbounded' for full depth.", "schema": { "type": "string", "default": "unbounded" } }, { "name": "fields", "in": "query", "required": false, "description": "Select specific fields to return (RFC 8040 Section 4.8.3). Example: fields=name;status", "schema": { "type": "string" } }, { "name": "content", "in": "query", "required": false, "description": "Filter by config state: 'config' (config true only), 'nonconfig' (config false only), or 'all'.", "schema": { "type": "string", "enum": [ "config", "nonconfig", "all" ], "default": "all" } } ] }, "x-yang-path": "/ikePolMapEntry", "x-restconf-kind": "container" }, "/data/CISCO-IPSEC-POLICY-MAP-MIB:ikePolMapEntry={ikePolMapTunIndex}": { "get": { "summary": "Get ikePolMapEntry entry", "description": "Retrieve specific ikePolMapEntry entry by key from MIB", "tags": [ "CISCO-IPSEC-POLICY-MAP-MIB" ], "parameters": [ { "name": "ikePolMapTunIndex", "in": "path", "required": true, "schema": { "type": "string" }, "example": "1" }, { "name": "Accept", "in": "header", "required": false, "description": "RESTCONF response media type (RFC 8040)", "schema": { "type": "string", "default": "application/yang-data+json", "enum": [ "application/yang-data+json", "application/yang-data+xml" ] } }, { "name": "depth", "in": "query", "required": false, "description": "Limit the depth of returned sub-tree data (RFC 8040 Section 4.8.2). Use 'unbounded' for full depth.", "schema": { "type": "string", "default": "unbounded" } }, { "name": "fields", "in": "query", "required": false, "description": "Select specific fields to return (RFC 8040 Section 4.8.3). Example: fields=name;status", "schema": { "type": "string" } }, { "name": "content", "in": "query", "required": false, "description": "Filter by config state: 'config' (config true only), 'nonconfig' (config false only), or 'all'.", "schema": { "type": "string", "enum": [ "config", "nonconfig", "all" ], "default": "all" } } ], "responses": { "200": { "description": "Success", "content": { "application/yang-data+json": { "schema": { "type": "object", "properties": { "ikePolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-1 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-1 Tunnel in\n the IPSec MIB (ikeTunIndex in the\n ikeTunnelTable).", "minimum": -2147483648, "maximum": 2147483647 }, "ikePolMapPolicyNum": { "type": "integer", "description": "The number of the locally defined ISAKMP policy\n used to establish the IPSec IKE Phase-1 Tunnel.\n This is the number which was used on the crypto\n command. For example, if the configuration command\n was:\n \n ==> crypto isakmp policy 15\n \n then the value of this object would be 15.\n If ISAKMP was not used to establish this tunnel,\n then the value of this object will be zero.", "minimum": -2147483648, "maximum": 2147483647 } } }, "example": { "CISCO-IPSEC-POLICY-MAP-MIB:ikePolMapEntry": { "ikePolMapTunIndex": 1, "ikePolMapPolicyNum": -2147483648 } } } } }, "403": { "description": "Forbidden ā€” insufficient access rights (NACM)", "content": { "application/yang-data+json": { "schema": { "$ref": "#/components/schemas/restconf-error" } } } } }, "operationId": "get-ikePolMapEntry-4" }, "x-yang-path": "/ikePolMapEntry={ikePolMapTunIndex}", "x-restconf-kind": "list-instance", "x-list-keys": [ "ikePolMapTunIndex" ] }, "/data/CISCO-IPSEC-POLICY-MAP-MIB:ipSecPolMapEntry": { "get": { "summary": "Get ipSecPolMapEntry list", "description": "Retrieve list of ipSecPolMapEntry entries from MIB", "tags": [ "CISCO-IPSEC-POLICY-MAP-MIB" ], "responses": { "200": { "description": "Success", "content": { "application/yang-data+json": { "schema": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-2 Tunnel\n to its configured Policy definition.", "items": { "type": "object", "properties": { "ipSecPolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-2 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-2 Tunnel in\n the IPSec MIB (ipSecTunIndex in the\n ipSecTunnelTable).", "minimum": -2147483648, "maximum": 2147483647 }, "ipSecPolMapCryptoMapName": { "type": "string", "description": "The value of this object should be the name of \n the IPSec Policy (cryptomap) as assigned by the \n operator while configuring the policy of \n the IPSec traffic.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 'ftpPolicy'.", "x-yang-type": "snmpv2-tc:DisplayString" }, "ipSecPolMapCryptoMapNum": { "type": "integer", "description": "The value of this object should be the priority\n of the IPSec Policy (cryptomap) assigned by the \n operator while configuring the policy of \n this IPSec tunnel.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 10.", "minimum": -2147483648, "maximum": 2147483647 }, "ipSecPolMapAclString": { "type": "string", "description": "The value of this object is the number or\n the name of the access control string (ACL) \n that caused this IPSec tunnel to be established. \n The ACL that causes an IPSec tunnel\n to be established is referenced by the \n cryptomap of the tunnel.\n \n The ACL identifies the traffic that requires\n protection as defined by the policy.\n \n For instance, the ACL that requires FTP\n traffic between local subnet 172.16.14.0 and a\n remote subnet 172.16.16.0 to be protected\n is defined as\n \n ==>access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n \n When this command causes an IPSec tunnel to be\n established, the object 'ipSecPolMapAclString'\n assumes the string value '101'.\n \n If the ACL is a named list such as\n ==> ip access-list standard myAcl\n permit 172.16.16.8 0.0.0.0\n \n then the value of this MIB element corresponding to \n IPSec tunnel that was created by this ACL would\n be 'myAcl'.", "x-yang-type": "snmpv2-tc:DisplayString" }, "ipSecPolMapAceString": { "type": "string", "description": "The value of this object is the access control \n entry (ACE) within the ACL that caused this IPSec \n tunnel to be established. \n \n For instance, if an ACL defines access for two\n traffic streams (FTP and SNMP) as follows:\n \n access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161\n \n \n When associated with an IPSec policy, the second\n element of the ACL gives rise to an IPSec tunnel\n in the wake of SNMP traffic. The value of the\n object 'ipSecPolMapAceString' for the IPSec tunnel\n would be then the string\n 'access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161'", "x-yang-type": "snmpv2-tc:DisplayString" } } } }, "example": { "CISCO-IPSEC-POLICY-MAP-MIB:ipSecPolMapEntry": [ { "ipSecPolMapTunIndex": 1, "ipSecPolMapCryptoMapName": "192.168.1.1", "ipSecPolMapCryptoMapNum": -2147483648, "ipSecPolMapAclString": "192.168.1.1", "ipSecPolMapAceString": "192.168.1.1" } ] } } } }, "403": { "description": "Forbidden ā€” insufficient access rights (NACM)", "content": { "application/yang-data+json": { "schema": { "$ref": "#/components/schemas/restconf-error" } } } } }, "operationId": "get-ipSecPolMapEntry-3", "parameters": [ { "name": "Accept", "in": "header", "required": false, "description": "RESTCONF response media type (RFC 8040)", "schema": { "type": "string", "default": "application/yang-data+json", "enum": [ "application/yang-data+json", "application/yang-data+xml" ] } }, { "name": "depth", "in": "query", "required": false, "description": "Limit the depth of returned sub-tree data (RFC 8040 Section 4.8.2). Use 'unbounded' for full depth.", "schema": { "type": "string", "default": "unbounded" } }, { "name": "fields", "in": "query", "required": false, "description": "Select specific fields to return (RFC 8040 Section 4.8.3). Example: fields=name;status", "schema": { "type": "string" } }, { "name": "content", "in": "query", "required": false, "description": "Filter by config state: 'config' (config true only), 'nonconfig' (config false only), or 'all'.", "schema": { "type": "string", "enum": [ "config", "nonconfig", "all" ], "default": "all" } } ] }, "x-yang-path": "/ipSecPolMapEntry", "x-restconf-kind": "container" }, "/data/CISCO-IPSEC-POLICY-MAP-MIB:ipSecPolMapEntry={ipSecPolMapTunIndex}": { "get": { "summary": "Get ipSecPolMapEntry entry", "description": "Retrieve specific ipSecPolMapEntry entry by key from MIB", "tags": [ "CISCO-IPSEC-POLICY-MAP-MIB" ], "parameters": [ { "name": "ipSecPolMapTunIndex", "in": "path", "required": true, "schema": { "type": "string" }, "example": "1" }, { "name": "Accept", "in": "header", "required": false, "description": "RESTCONF response media type (RFC 8040)", "schema": { "type": "string", "default": "application/yang-data+json", "enum": [ "application/yang-data+json", "application/yang-data+xml" ] } }, { "name": "depth", "in": "query", "required": false, "description": "Limit the depth of returned sub-tree data (RFC 8040 Section 4.8.2). Use 'unbounded' for full depth.", "schema": { "type": "string", "default": "unbounded" } }, { "name": "fields", "in": "query", "required": false, "description": "Select specific fields to return (RFC 8040 Section 4.8.3). Example: fields=name;status", "schema": { "type": "string" } }, { "name": "content", "in": "query", "required": false, "description": "Filter by config state: 'config' (config true only), 'nonconfig' (config false only), or 'all'.", "schema": { "type": "string", "enum": [ "config", "nonconfig", "all" ], "default": "all" } } ], "responses": { "200": { "description": "Success", "content": { "application/yang-data+json": { "schema": { "type": "object", "properties": { "ipSecPolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-2 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-2 Tunnel in\n the IPSec MIB (ipSecTunIndex in the\n ipSecTunnelTable).", "minimum": -2147483648, "maximum": 2147483647 }, "ipSecPolMapCryptoMapName": { "type": "string", "description": "The value of this object should be the name of \n the IPSec Policy (cryptomap) as assigned by the \n operator while configuring the policy of \n the IPSec traffic.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 'ftpPolicy'.", "x-yang-type": "snmpv2-tc:DisplayString" }, "ipSecPolMapCryptoMapNum": { "type": "integer", "description": "The value of this object should be the priority\n of the IPSec Policy (cryptomap) assigned by the \n operator while configuring the policy of \n this IPSec tunnel.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 10.", "minimum": -2147483648, "maximum": 2147483647 }, "ipSecPolMapAclString": { "type": "string", "description": "The value of this object is the number or\n the name of the access control string (ACL) \n that caused this IPSec tunnel to be established. \n The ACL that causes an IPSec tunnel\n to be established is referenced by the \n cryptomap of the tunnel.\n \n The ACL identifies the traffic that requires\n protection as defined by the policy.\n \n For instance, the ACL that requires FTP\n traffic between local subnet 172.16.14.0 and a\n remote subnet 172.16.16.0 to be protected\n is defined as\n \n ==>access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n \n When this command causes an IPSec tunnel to be\n established, the object 'ipSecPolMapAclString'\n assumes the string value '101'.\n \n If the ACL is a named list such as\n ==> ip access-list standard myAcl\n permit 172.16.16.8 0.0.0.0\n \n then the value of this MIB element corresponding to \n IPSec tunnel that was created by this ACL would\n be 'myAcl'.", "x-yang-type": "snmpv2-tc:DisplayString" }, "ipSecPolMapAceString": { "type": "string", "description": "The value of this object is the access control \n entry (ACE) within the ACL that caused this IPSec \n tunnel to be established. \n \n For instance, if an ACL defines access for two\n traffic streams (FTP and SNMP) as follows:\n \n access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161\n \n \n When associated with an IPSec policy, the second\n element of the ACL gives rise to an IPSec tunnel\n in the wake of SNMP traffic. The value of the\n object 'ipSecPolMapAceString' for the IPSec tunnel\n would be then the string\n 'access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161'", "x-yang-type": "snmpv2-tc:DisplayString" } } }, "example": { "CISCO-IPSEC-POLICY-MAP-MIB:ipSecPolMapEntry": { "ipSecPolMapTunIndex": 1, "ipSecPolMapCryptoMapName": "192.168.1.1", "ipSecPolMapCryptoMapNum": -2147483648, "ipSecPolMapAclString": "192.168.1.1", "ipSecPolMapAceString": "192.168.1.1" } } } } }, "403": { "description": "Forbidden ā€” insufficient access rights (NACM)", "content": { "application/yang-data+json": { "schema": { "$ref": "#/components/schemas/restconf-error" } } } } }, "operationId": "get-ipSecPolMapEntry-4" }, "x-yang-path": "/ipSecPolMapEntry={ipSecPolMapTunIndex}", "x-restconf-kind": "list-instance", "x-list-keys": [ "ipSecPolMapTunIndex" ] } }, "components": { "schemas": { "CISCO-IPSEC-POLICY-MAP-MIB_CISCO-IPSEC-POLICY-MAP-MIB": { "type": "object", "description": "The IPSec Phase-1 Internet Key Exchange Tunnel\n to Policy Mapping Table. There is one entry in\n this table for each active IPSec Phase-1\n Tunnel.", "properties": { "ikePolMapEntry": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-1 IKE Tunnel\n to it's configured Policy definition.", "items": { "type": "object", "properties": { "ikePolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-1 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-1 Tunnel in\n the IPSec MIB (ikeTunIndex in the\n ikeTunnelTable).", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true }, "ikePolMapPolicyNum": { "type": "integer", "description": "The number of the locally defined ISAKMP policy\n used to establish the IPSec IKE Phase-1 Tunnel.\n This is the number which was used on the crypto\n command. For example, if the configuration command\n was:\n \n ==> crypto isakmp policy 15\n \n then the value of this object would be 15.\n If ISAKMP was not used to establish this tunnel,\n then the value of this object will be zero.", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true } } }, "readOnly": true }, "ipSecPolMapEntry": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-2 Tunnel\n to its configured Policy definition.", "items": { "type": "object", "properties": { "ipSecPolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-2 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-2 Tunnel in\n the IPSec MIB (ipSecTunIndex in the\n ipSecTunnelTable).", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true }, "ipSecPolMapCryptoMapName": { "type": "string", "description": "The value of this object should be the name of \n the IPSec Policy (cryptomap) as assigned by the \n operator while configuring the policy of \n the IPSec traffic.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 'ftpPolicy'.", "x-yang-type": "snmpv2-tc:DisplayString", "readOnly": true }, "ipSecPolMapCryptoMapNum": { "type": "integer", "description": "The value of this object should be the priority\n of the IPSec Policy (cryptomap) assigned by the \n operator while configuring the policy of \n this IPSec tunnel.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 10.", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true }, "ipSecPolMapAclString": { "type": "string", "description": "The value of this object is the number or\n the name of the access control string (ACL) \n that caused this IPSec tunnel to be established. \n The ACL that causes an IPSec tunnel\n to be established is referenced by the \n cryptomap of the tunnel.\n \n The ACL identifies the traffic that requires\n protection as defined by the policy.\n \n For instance, the ACL that requires FTP\n traffic between local subnet 172.16.14.0 and a\n remote subnet 172.16.16.0 to be protected\n is defined as\n \n ==>access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n \n When this command causes an IPSec tunnel to be\n established, the object 'ipSecPolMapAclString'\n assumes the string value '101'.\n \n If the ACL is a named list such as\n ==> ip access-list standard myAcl\n permit 172.16.16.8 0.0.0.0\n \n then the value of this MIB element corresponding to \n IPSec tunnel that was created by this ACL would\n be 'myAcl'.", "x-yang-type": "snmpv2-tc:DisplayString", "readOnly": true }, "ipSecPolMapAceString": { "type": "string", "description": "The value of this object is the access control \n entry (ACE) within the ACL that caused this IPSec \n tunnel to be established. \n \n For instance, if an ACL defines access for two\n traffic streams (FTP and SNMP) as follows:\n \n access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161\n \n \n When associated with an IPSec policy, the second\n element of the ACL gives rise to an IPSec tunnel\n in the wake of SNMP traffic. The value of the\n object 'ipSecPolMapAceString' for the IPSec tunnel\n would be then the string\n 'access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161'", "x-yang-type": "snmpv2-tc:DisplayString", "readOnly": true } } }, "readOnly": true }, "ikePolMapTable": { "type": "object", "description": "The IPSec Phase-1 Internet Key Exchange Tunnel\n to Policy Mapping Table. There is one entry in\n this table for each active IPSec Phase-1\n Tunnel.", "properties": { "ikePolMapEntry": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-1 IKE Tunnel\n to it's configured Policy definition.", "items": { "type": "object", "properties": { "ikePolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-1 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-1 Tunnel in\n the IPSec MIB (ikeTunIndex in the\n ikeTunnelTable).", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true }, "ikePolMapPolicyNum": { "type": "integer", "description": "The number of the locally defined ISAKMP policy\n used to establish the IPSec IKE Phase-1 Tunnel.\n This is the number which was used on the crypto\n command. For example, if the configuration command\n was:\n \n ==> crypto isakmp policy 15\n \n then the value of this object would be 15.\n If ISAKMP was not used to establish this tunnel,\n then the value of this object will be zero.", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true } } }, "readOnly": true } }, "readOnly": true }, "ipSecPolMapTable": { "type": "object", "description": "The IPSec Phase-2 Tunnel to Policy Mapping Table.\n There is one entry in this table for each active\n IPSec Phase-2 Tunnel.", "properties": { "ipSecPolMapEntry": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-2 Tunnel\n to its configured Policy definition.", "items": { "type": "object", "properties": { "ipSecPolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-2 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-2 Tunnel in\n the IPSec MIB (ipSecTunIndex in the\n ipSecTunnelTable).", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true }, "ipSecPolMapCryptoMapName": { "type": "string", "description": "The value of this object should be the name of \n the IPSec Policy (cryptomap) as assigned by the \n operator while configuring the policy of \n the IPSec traffic.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 'ftpPolicy'.", "x-yang-type": "snmpv2-tc:DisplayString", "readOnly": true }, "ipSecPolMapCryptoMapNum": { "type": "integer", "description": "The value of this object should be the priority\n of the IPSec Policy (cryptomap) assigned by the \n operator while configuring the policy of \n this IPSec tunnel.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 10.", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true }, "ipSecPolMapAclString": { "type": "string", "description": "The value of this object is the number or\n the name of the access control string (ACL) \n that caused this IPSec tunnel to be established. \n The ACL that causes an IPSec tunnel\n to be established is referenced by the \n cryptomap of the tunnel.\n \n The ACL identifies the traffic that requires\n protection as defined by the policy.\n \n For instance, the ACL that requires FTP\n traffic between local subnet 172.16.14.0 and a\n remote subnet 172.16.16.0 to be protected\n is defined as\n \n ==>access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n \n When this command causes an IPSec tunnel to be\n established, the object 'ipSecPolMapAclString'\n assumes the string value '101'.\n \n If the ACL is a named list such as\n ==> ip access-list standard myAcl\n permit 172.16.16.8 0.0.0.0\n \n then the value of this MIB element corresponding to \n IPSec tunnel that was created by this ACL would\n be 'myAcl'.", "x-yang-type": "snmpv2-tc:DisplayString", "readOnly": true }, "ipSecPolMapAceString": { "type": "string", "description": "The value of this object is the access control \n entry (ACE) within the ACL that caused this IPSec \n tunnel to be established. \n \n For instance, if an ACL defines access for two\n traffic streams (FTP and SNMP) as follows:\n \n access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161\n \n \n When associated with an IPSec policy, the second\n element of the ACL gives rise to an IPSec tunnel\n in the wake of SNMP traffic. The value of the\n object 'ipSecPolMapAceString' for the IPSec tunnel\n would be then the string\n 'access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161'", "x-yang-type": "snmpv2-tc:DisplayString", "readOnly": true } } }, "readOnly": true } }, "readOnly": true } } }, "CISCO-IPSEC-POLICY-MAP-MIB_ikePolMapEntry": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-1 IKE Tunnel\n to it's configured Policy definition.", "items": { "type": "object", "properties": { "ikePolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-1 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-1 Tunnel in\n the IPSec MIB (ikeTunIndex in the\n ikeTunnelTable).", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true }, "ikePolMapPolicyNum": { "type": "integer", "description": "The number of the locally defined ISAKMP policy\n used to establish the IPSec IKE Phase-1 Tunnel.\n This is the number which was used on the crypto\n command. For example, if the configuration command\n was:\n \n ==> crypto isakmp policy 15\n \n then the value of this object would be 15.\n If ISAKMP was not used to establish this tunnel,\n then the value of this object will be zero.", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true } } } }, "CISCO-IPSEC-POLICY-MAP-MIB_ipSecPolMapEntry": { "type": "array", "description": "Each entry contains the attributes associated\n with mapping an active IPSec Phase-2 Tunnel\n to its configured Policy definition.", "items": { "type": "object", "properties": { "ipSecPolMapTunIndex": { "type": "integer", "description": "The index of the IPSec Phase-2 Tunnel to Policy\n Map Table. The value of the index is the number\n used to represent this IPSec Phase-2 Tunnel in\n the IPSec MIB (ipSecTunIndex in the\n ipSecTunnelTable).", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true }, "ipSecPolMapCryptoMapName": { "type": "string", "description": "The value of this object should be the name of \n the IPSec Policy (cryptomap) as assigned by the \n operator while configuring the policy of \n the IPSec traffic.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 'ftpPolicy'.", "x-yang-type": "snmpv2-tc:DisplayString", "readOnly": true }, "ipSecPolMapCryptoMapNum": { "type": "integer", "description": "The value of this object should be the priority\n of the IPSec Policy (cryptomap) assigned by the \n operator while configuring the policy of \n this IPSec tunnel.\n \n For instance, on an IOS router, the if the command\n entered to configure the IPSec policy was \n \n ==> crypto map ftpPolicy 10 ipsec-isakmp\n \n then the value of this object would be 10.", "minimum": -2147483648, "maximum": 2147483647, "readOnly": true }, "ipSecPolMapAclString": { "type": "string", "description": "The value of this object is the number or\n the name of the access control string (ACL) \n that caused this IPSec tunnel to be established. \n The ACL that causes an IPSec tunnel\n to be established is referenced by the \n cryptomap of the tunnel.\n \n The ACL identifies the traffic that requires\n protection as defined by the policy.\n \n For instance, the ACL that requires FTP\n traffic between local subnet 172.16.14.0 and a\n remote subnet 172.16.16.0 to be protected\n is defined as\n \n ==>access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n \n When this command causes an IPSec tunnel to be\n established, the object 'ipSecPolMapAclString'\n assumes the string value '101'.\n \n If the ACL is a named list such as\n ==> ip access-list standard myAcl\n permit 172.16.16.8 0.0.0.0\n \n then the value of this MIB element corresponding to \n IPSec tunnel that was created by this ACL would\n be 'myAcl'.", "x-yang-type": "snmpv2-tc:DisplayString", "readOnly": true }, "ipSecPolMapAceString": { "type": "string", "description": "The value of this object is the access control \n entry (ACE) within the ACL that caused this IPSec \n tunnel to be established. \n \n For instance, if an ACL defines access for two\n traffic streams (FTP and SNMP) as follows:\n \n access-list 101 permit tcp 172.16.14.0 0.0.0.255\n 172.16.16.0 0.0.0.255 eq ftp\n access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161\n \n \n When associated with an IPSec policy, the second\n element of the ACL gives rise to an IPSec tunnel\n in the wake of SNMP traffic. The value of the\n object 'ipSecPolMapAceString' for the IPSec tunnel\n would be then the string\n 'access-list 101 permit udp 172.16.14.0 0.0.0.255\n host 172.16.16.1 eq 161'", "x-yang-type": "snmpv2-tc:DisplayString", "readOnly": true } } } }, "restconf-error": { "type": "object", "description": "Standard RESTCONF error response (RFC 8040 Section 7.1)", "properties": { "ietf-restconf:errors": { "type": "object", "properties": { "error": { "type": "array", "items": { "type": "object", "properties": { "error-type": { "type": "string", "enum": [ "transport", "rpc", "protocol", "application" ], "description": "Layer where the error occurred" }, "error-tag": { "type": "string", "description": "Enumerated error tag (e.g. invalid-value, data-missing, access-denied)" }, "error-severity": { "type": "string", "enum": [ "error", "warning" ], "description": "Error severity" }, "error-app-tag": { "type": "string", "description": "Application-specific error tag" }, "error-path": { "type": "string", "description": "YANG instance-identifier of the error node" }, "error-message": { "type": "string", "description": "Human-readable error description" } }, "required": [ "error-type", "error-tag" ] } } } } }, "example": { "ietf-restconf:errors": { "error": [ { "error-type": "protocol", "error-tag": "invalid-value", "error-severity": "error", "error-message": "Invalid input parameter" } ] } } } }, "securitySchemes": { "basicAuth": { "type": "http", "scheme": "basic" } } }, "security": [ { "basicAuth": [] } ], "tags": [ { "name": "CISCO-IPSEC-POLICY-MAP-MIB", "description": "MIB operations for CISCO-IPSEC-POLICY-MAP-MIB" } ], "externalDocs": { "description": "Cisco SNMP Object Navigator", "url": "https://snmp.cloudapps.cisco.com/Support/IOS/do/BrowseMIB.do" } }