IKEv2 Negotiation Errors
The SNMP MIB is formed by appending the value in the SNMP MIB Ending column to 1.3.6.1.4.1.9148.3.9.1.3.X (apSecurityIkeInterfaceStatsEntry), where X specifies the interface index. For example, the SNMP MIB for the CPU Overload Errors is 1.3.6.1.4.1.9148.3.9.1.3.X.3, where X specifies the interface index.
| Name | Description | SNMP MIB Ending |
|---|---|---|
| CPU Overload Errors | The number of IKEv2 requests that were rejected because of CPU load constraints. | .3 |
| Init Cookie Errors | The number of all IKEv2 exchanges that failed because of faulty Security Parameter Index (SPI) values. SPIs provide a local SA identifier and are exchanged between IKEv2 peers in the common IKEv2 header and in Notify Payloads. | .4 |
| Auth Errors | The number of failed IKE_AUTH exchanges, regardless of the specific reason for failure. | .5 |
| EAP Access Request Errors | The number of authentication failures that occur ed during the EAP access phase. | .6 |
| EAP Access Challenge Errors | The number of authentication failures that occur ed during the EAP challenge phase. | .7 |
| TS Errors | The number of CREATE_CHILD_SA exchanges that failed because of faulty TS payload contents, or failure on the part of the remote peers to negotiate the offered traffic selectors. | .8 |
| CP Errors | The number of IKE_AUTH and/or CREATE_CHILD_SA exchanges that failed because of faulty, unsupported, or unknown Configuration Payload contents. | .9 |
| IKE Errors | The number of IKE_SA_INIT and/or CREATE_CHILD_SA exchanges that failed because of faulty, unsupported, or unknown Key Exchange Payload contents. | .10 |
| Proposal Errors | The number of failed negotiations that resulted from the inability to reconcile crytographic proposals contained in the Security Association Payloads exchanged by IKEv2 peers. Security Association Payloads are exchanged during the IKE_SA_INIT, IKE_AUTH, and CREATE_CHILD_SA stages. | .11 |
| Syntax Errors | The number of failed negotiations, of any type, resulting from otherwise uncharacterized errors. | .12 |
| Critical Payload Errors | The number of failed negotiations that resulted from the presence of a Critical flag in a payload that could not be parsed, or was not supported. IKEv2 adds a critical flag to each payload header for further flexibility for forward compatibility. If the critical flag is set and the payload type is unrecognized, the message must be rejected and the response to the IKE request containing that payload MUST include a Notify payload UNSUPPORTED_CRITICAL_PAYLOAD, indicating an unsupported critical payload was included. If the critical flag is not set and the payload type is unsupported, that payload must be ignored. | .13 |