Hi @All
I am trying to monitor IPSec VPN tunnels on my Cisco ASA using SNMP and the CISCO-IPSEC-FLOW-MONITOR-MIB.
I am running into a discrepancy with the cipSecSAtunEncryptAlgo object (OID: 1.3.6.1.4.1.9.9.171.1.2.3.1.12).
According to the MIB definition I have loaded (and the versions I can find on the Cisco MIB Locator), the EncryptionAlgo TEXTUAL-CONVENTION only defines three values: 1: none 2: des 3: des3 (3DES)
However, when I poll this OID on my ASA, the device returns a value of 6.
My Setup: The tunnels are active and passing traffic. The transform set is configured for AES-256. Here is the relevant output from show crypto ipsec sa:
inbound esp sas: spi: 0x9DDC538F (2648462223)
SA State: active
transform: esp-aes-256 esp-sha-hmac no compression
My Question: It seems clear that the value 6 corresponds to AES, but I cannot find an official version of the MIB that actually defines this value.
Does a newer version of CISCO-IPSEC-FLOW-MONITOR-MIB exist that officially defines aes(6)?
If not, is there an official mapping document for these extended integer values
Any help pointing me to the correct MIB file or documentation would be appreciated.
Thanks!
