smilint output for ./IPSEC-FLOW-MONITOR-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| severe | 8 |
| error | 8 |
| minor error | 3 |
| change recommended | 1 |
| warning | 2 |
| Message Types |
|---|
| Type | Count |
|---|
| comment-terminates (warning) | 1 |
| date-in-past (change recommended) | 1 |
| date-year-2digits (warning) | 1 |
| internal-other (severe) | 1 |
| lexical (severe) | 7 |
| revision-after-update (minor error) | 1 |
| revision-missing (minor error) | 1 |
| revision-not-descending (minor error) | 1 |
| underscore-in-identifier (error) | 8 |
Messages:
IPSEC-FLOW-MONITOR-MIB
1: -- extracted from draft-ietf-ipsec-flow-monitoring-mib-02.txt
2: -- at Sun Mar 9 06:12:35 2003
3:
4: IPSEC-FLOW-MONITOR-MIB DEFINITIONS ::= BEGIN
5:
6: -- PREFACE:
7: -- IPSEC-FLOW-MONITOR-MIB Module models
8: -- the standard, dynamic aspects of IPsec.
9: -- These include counters and objects that are of
10: -- management interest in a standard IPSec
11: -- implementation. The MIB does not define
12: -- vendor-specific IPSec attributes.
13:
14: IMPORTS
15: MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
16: Counter32, Counter64, Gauge32, Integer32, experimental
17: FROM SNMPv2-SMI
18: TEXTUAL-CONVENTION, DisplayString, TimeStamp,
19: TimeInterval, TruthValue
20: FROM SNMPv2-TC
21: MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
22: FROM SNMPv2-CONF
23:
24: ControlProtocol,
25: Phase1PeerIdentityType,
26: IkeNegoMode,
27: IkeHashAlgo,
28: IkeAuthMethod,
29: DiffHellmanGrp,
30: EncapMode,
31: EncryptAlgo,
32: Spi,
33: AuthAlgo,
34: CompAlgo,
35: EndPtType
36: FROM IPSEC-FLOW-MIB-TC;
37:
38:
39: ipSecFlowMonitorMIB MODULE-IDENTITY
40: LAST-UPDATED "200302171158Z"
41: ORGANIZATION "Tivoli Systems and Cisco Systems"
42: CONTACT-INFO
43: "Tivoli Systems
44: Research Triangle Park, NC
45:
46: Cisco Systems
47: 170 W Tasman Drive
48: San Jose, CA 95134
49: USA
50:
51: Tel: +1 800 553-NETS
52: E-mail: harrisob@us.ibm.com
53: cs-ipsecmib@external.cisco.com"
54:
55: DESCRIPTION
56: "This is a MIB Module for monitoring the structure
57: and status of IPSec-based networks. The MIB has bee
58: designed to be adopted as an IETF standard. Henc
59: vendor-specific features of IPSec protocol are exclude
60: from this MIB.
61:
62: Acronyms
63: The following acronyms are used in this document:
64:
65: IPSec: Secure IP Protocol
66:
67: VPN: Virtual Private Network
68:
69: ISAKMP: Internet Security Association and Key Exchange
70: Protocol
71:
72: IKE: Internet Key Exchange Protocol
73:
74: SA: Security Association
75:
76: MM: Main Mode - the process of setting up
77: a Phase 1 SA to secure the exchanges
78: required to setup Phase 2 SAs
79:
80: QM: Quick Mode - the process of setting up
81: Phase 2 Security Associations using
82: a Phase 1 SA.
83:
84: Phase 1 Tunnel:
85: An ISAKMP SA can be regarded as representing
86: a flow of ISAKMP/IKE traffic. Hence an ISAKMP
87: is referred to as a 'Phase 1 Tunnel' in this
88: document
89:
90: Control Tunnel:
91: Another term for a Phase 1 Tunnel.
92:
93: Phase 2 Tunnel:
94: AN instance of a non-ISAKMP SA bundle in which all
95: the SA share the same proxy identifiers (IDii,IDir)
96: protect the same stream of application traffic.
97: Such an SA bundle is termed a 'Phase 2 Tunnel'.
98: Note that a Phase 2 tunnel may comprise different
99: SA bundles and different number of SA bundles at
100: different times (due to key refresh).
101:
102:
103: Overview of IPsec MIB
104:
105: The MIB contains six major groups of objects which are
106: used to manage the IPSec Protocol. These groups include
107: a Levels Group, a Phase-1 Group, a Phase-2 Group,
108: a History Group, a Failure Group and a TRAP Control Group.
109: The following table illustrates the structure of the
110: IPSec MIB.
111:
112: The Phase 1 group models objects pertaining to
113: IKE negotiations and Phase 1 tunnels.
114:
115: The Phase 2 group models objects pertaining to
116: IPSec data tunnels.
117:
118: The History group is to aid applications that do
119: trending analysis.
120:
121: The Failure group is to enable an operator to
122: do troubleshooting and debugging of the VPN Router.
123: Further, counters are supported to aid detection
124: of potential security violations.
125:
126: In addition to the five major MIB Groups, there are
127: a number of Notifications. The following table
128: illustrates the name and description of the
129: IPSec TRAPs.
130:
131: For a detailed discussion, please refer to the IETF
132: draft draft-ietf-ipsec-flow-monitoring-mib-01.txt.
133: "
134:
135: REVISION "9911041800Z"
136: DESCRIPTION
137: "Initial version of this MIB module proposed to IETF."
138:
139: REVISION "2001031200Z"
139: warning -
warning: date specification `2001031200Z' contains a two-digit year representing `1920'
139: change recommended -
warning: date specification `2001031200Z' predates the SMI standard
140: DESCRIPTION
141: "Phase-1 group updated with mode config metrics in globals
142: as well as IKE peer table.
143: Phase-2 group updated with new group metrics. New grou
144: failures added to Failure group.
145: Notifications pertaining to new group added.
146: SPI table deprecated and an updated IPsec SA table added.
147: Compliance clauses updated."
148:
149: REVISION "200303021158Z"
149: minor error -
revision not in reverse chronological order
149: minor error -
revision date after last update
150: DESCRIPTION
151: "Third submission of the draft to IETF. Changes incorporated
152: based on comments received on the second draft. Highlights:
153: 1) IKE Group made optional
154: 2) Provision to accomodate other Phase 1 protocols.
155: 3) Phase 1 Peer Association table decoupled from
156: IKE group.
157: 4) Local and Remote value indices to Phase 1 Pee
158: Association table constrained to 128-bit length by MD5
159: hashing.
160: 5) Mapping of Phase 2 tunnels to Phase 1 tunnels
161: made generic (non-IKE).
162: 6) Phase 1 traps redefined as `Control Channel' traps.
163: 7) High capacity counters defined for Phase-1 and Phase-2
164: expired counters."
165:
166: -- Placeholder anchor
167: --::= { xxx 171 }
168: ::= { experimental 171 }
168: minor error -
revision for last update is missing
169:
170: -- +++++++++++++++++++++++++++++++++++++++++++++++++++
171: -- Local Textual Conventions
172: -- +++++++++++++++++++++++++++++++++++++++++++++++++++
173: HashedString ::= TEXTUAL-CONVENTION
174: STATUS current
175: DESCRIPTION
176: "128-bit MD5 output string of an input string"
177: SYNTAX OCTET STRING(SIZE(16))
178:
179: IPSIpAddress ::= TEXTUAL-CONVENTION
180: STATUS current
181: DESCRIPTION
182: "An IP V4 or V6 Address."
183: SYNTAX OCTET STRING(SIZE(4 | 16))
184: -- IP V4 or V6 Address
185:
186: IkePeerType ::= TEXTUAL-CONVENTION
187: STATUS deprecated
188: DESCRIPTION
189: "The type of IPsec Phase-1 IKE peer identity.
190: The IKE peer may be identified by one of the
191: ID types defined in IPSEC DOI.
192:
193: This textual convention has been deprecated in
194: favour of the more generic `Phase1PeerType'.
195: (defined in module IPSEC-FLOW-MIB-TC)."
196:
197: SYNTAX INTEGER {
198: reserved(0),
199: id_ipv4_addr(1),
199: error -
identifier `id_ipv4_addr' must not contain an underscore
200: id_fqdn(2),
200: error -
identifier `id_fqdn' must not contain an underscore
201: id_dn(3),
201: error -
identifier `id_dn' must not contain an underscore
202: id_ipv6_addr(4)
202: error -
identifier `id_ipv6_addr' must not contain an underscore
203: }
204:
205: KeyType ::= TEXTUAL-CONVENTION
206: STATUS deprecated
207: DESCRIPTION
208: "The type of key used by an IPsec Phase-2 Tunnel.
209:
210: This textual convention has been deprecated and has been
211: repaced by the standard textual convention ControlProtocol
212: (defined in module IPSEC-FLOW-MIB-TC)."
213:
214: SYNTAX INTEGER{
215: reserved(0),
216: key_ike(1),
216: error -
identifier `key_ike' must not contain an underscore
217: key_manual(2),
217: error -
identifier `key_manual' must not contain an underscore
218: key_kink(3),
218: error -
identifier `key_kink' must not contain an underscore
219: key_ikev2(4)
219: error -
identifier `key_ikev2' must not contain an underscore
220: }
221:
222: TunnelStatus ::= TEXTUAL-CONVENTION
223: STATUS current
224: DESCRIPTION
225: "The status of a Tunnel. Objects of this type may
226: be used to bring the tunnel down by setting
227: value of this object to destroy(4). Objects of this
228: type cannot be used to create a Tunnel."
229: SYNTAX INTEGER {
230: reserved(0),
231: awaitXauth(1), -- in Phase 1.5
232: awaitCommit(2), -- waiting for commit bit
233: active(3), -- ready for QM
234: destroy(4)
235: }
236:
237: TrapStatus ::= TEXTUAL-CONVENTION
238: STATUS current
239: DESCRIPTION
240: "The administrative status for sending a TRAP."
241: SYNTAX INTEGER {
242: reserved(0),
243: enabled(1),
244: disabled(2)
245: }
246:
247: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
248: -- IPsec MIB Object Groups
249: --
250: -- This MIB module contains the following groups:
251: -- 1) IPsec Levels Group
252: -- 2) IPsec Phase-1 Group
253: -- 3) IPsec Phase-2 Group
254: -- 4) IPsec History Group
255: -- 5) IPsec Failure Group
256: -- 6) IPsec TRAP Control Group
257: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
258:
259: ipSecMIBObjects OBJECT IDENTIFIER ::=
260: {ipSecFlowMonitorMIB 1}
261:
262: ipSecLevels OBJECT IDENTIFIER
263: ::= { ipSecMIBObjects 1 }
264: ipSecPhaseOne OBJECT IDENTIFIER
265: ::= { ipSecMIBObjects 2 }
266: ipSecPhaseTwo OBJECT IDENTIFIER
267: ::= { ipSecMIBObjects 3 }
268:
269: ipSecHistory OBJECT IDENTIFIER
270: ::= { ipSecMIBObjects 4 }
271: ipSecFailures OBJECT IDENTIFIER
272: ::= { ipSecMIBObjects 5 }
273: ipSecTrapCntl OBJECT IDENTIFIER
274: ::= { ipSecMIBObjects 6 }
275:
276: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
277: -- IPsec Levels Group
278: --
279: -- This group consists of a:
280: -- 1) IPsec MIB Level
281: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
282:
283: ipSecMibLevel OBJECT-TYPE
284: SYNTAX Integer32 (1..4096)
285: MAX-ACCESS read-only
286: STATUS current
287: DESCRIPTION
288: "The version of the IPsec MIB."
289: ::= { ipSecLevels 1 }
290:
291: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
292: -- The IPsec Phase-1 Internet Key Exchange (IKE) Group
293: --
294: -- This group consists of:
295: -- 1) IPsec Phase-1 Global Statistics
296: -- 2) IPsec Phase-1 Peer Table
297: -- 3) IPsec Phase-1 Tunnel Table
298: -- 4) IPsec Phase-1 Correlation Table
299: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
300:
301: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
302: -- The IPsec Phase-1 Global Statistics
303: -- This entire group is optional and needs to be implemented
304: -- only if the managed entity supports IKE.
305: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
306: ikeGroup OBJECT IDENTIFIER
307: ::= { ipSecPhaseOne 1 }
308:
309: ikeGlobalStats OBJECT IDENTIFIER
310: ::= { ikeGroup 1 }
311:
312: ikeGlobalActiveTunnels OBJECT-TYPE
313: SYNTAX Gauge32
314: MAX-ACCESS read-only
315: STATUS current
316: DESCRIPTION
317: "The number of currently active IPsec
318: Phase-1 IKE Tunnels. This is equal to the
319: number of ISAKMP SAs currently active."
320: ::= { ikeGlobalStats 1 }
321:
322: ikeGlobalPreviousTunnels OBJECT-TYPE
323: SYNTAX Counter32
324: UNITS "SAs"
325: MAX-ACCESS read-only
326: STATUS current
327: DESCRIPTION
328: "The total number of previously active
329: IPsec Phase-1 IKE Tunnels. This is equal to
330: the total number of ISAKMP SAs that were
331: active since the bootup of the device
332: but which have since expired."
333: ::= { ikeGlobalStats 2 }
334:
335: ikeGlobalInOctets OBJECT-TYPE
336: SYNTAX Counter32
337: UNITS "Octets"
338: MAX-ACCESS read-only
339: STATUS current
340: DESCRIPTION
341: "The total number of octets received by all currently
342: and previously active IPsec Phase-1 IKE Tunnels."
343: ::= { ikeGlobalStats 3 }
344:
345: ikeGlobalInPkts OBJECT-TYPE
346: SYNTAX Counter32
347: UNITS "Packets"
348: MAX-ACCESS read-only
349: STATUS current
350: DESCRIPTION
351: "The total number of packets received by all
352: currently and previously active IPsec
353: Phase-1 IKE Tunnels."
354: ::= { ikeGlobalStats 4 }
355:
356: ikeGlobalInDropPkts OBJECT-TYPE
357: SYNTAX Counter32
358: UNITS "Packets"
359: MAX-ACCESS read-only
360: STATUS current
361: DESCRIPTION
362: "The total number of packets which were
363: dropped during receive processing by all
364: currently and previously
365: active IPsec Phase-1 IKE Tunnels."
366: ::= { ikeGlobalStats 5 }
367:
368: ikeGlobalInNotifys OBJECT-TYPE
369: SYNTAX Counter32
370: UNITS "Notification Payloads"
371: MAX-ACCESS read-only
372: STATUS current
373: DESCRIPTION
374: "The total number of notifys received by
375: all currently and previously active IPsec
376: Phase-1 IKE Tunnels."
377: ::= { ikeGlobalStats 6 }
378:
379: ikeGlobalInP2Exchgs OBJECT-TYPE
380: SYNTAX Counter32
381: UNITS "SA Payloads"
382: MAX-ACCESS read-only
383: STATUS current
384: DESCRIPTION
385: "The total number of IPsec Phase-2 exchanges
386: received by all currently and previously
387: active IPsec Phase-1 IKE Tunnels."
388: ::= { ikeGlobalStats 7 }
389:
390: ikeGlobalInP2ExchgInvalids OBJECT-TYPE
391: SYNTAX Counter32
392: UNITS "SA Payloads"
393: MAX-ACCESS read-only
394: STATUS current
395: DESCRIPTION
396: "The total number of IPsec Phase-2 exchanges
397: which were received and found to be contain
398: references to unrecognized security parameters.
399: This value is accumulated across all currently
400: and previously active IPsec ISAKMP SAs."
401: ::= { ikeGlobalStats 8 }
402:
403: ikeGlobalInP2ExchgRejects OBJECT-TYPE
404: SYNTAX Counter32
405: UNITS "SA Payloads"
406: MAX-ACCESS read-only
407: STATUS current
408: DESCRIPTION
409: "The total number of IPsec Phase-2 exchanges
410: which were received and validated but were
411: rejected by the local policy. This value is
412: accumulated across all currently and previously
413: active IPsec ISAKMP SAs."
414: ::= { ikeGlobalStats 9 }
415:
416: ikeGlobalInP2SaDelRequests OBJECT-TYPE
417: SYNTAX Counter32
418: UNITS "Notification Payloads"
419: MAX-ACCESS read-only
420: STATUS current
421: DESCRIPTION
422: "The total number of IPsec Phase-2 security
423: association delete requests received by all
424: currently and previously
425: active and IPsec Phase-1 IKE Tunnels."
426: ::= { ikeGlobalStats 10 }
427:
428: ikeGlobalOutOctets OBJECT-TYPE
429: SYNTAX Counter32
430: UNITS "Octets"
431: MAX-ACCESS read-only
432: STATUS current
433: DESCRIPTION
434: "The total number of octets sent by all currently
435: and previously active and IPsec Phase-1
436: IKE Tunnels."
437: ::= { ikeGlobalStats 11 }
438:
439: ikeGlobalOutPkts OBJECT-TYPE
440: SYNTAX Counter32
441: UNITS "Packets"
442: MAX-ACCESS read-only
443: STATUS current
444: DESCRIPTION
445: "The total number of packets sent by all currently
446: and previously active and IPsec Phase-1
447: Tunnels."
448: ::= { ikeGlobalStats 12 }
449:
450: ikeGlobalOutDropPkts OBJECT-TYPE
451: SYNTAX Counter32
452: UNITS "Packets"
453: MAX-ACCESS read-only
454: STATUS current
455: DESCRIPTION
456: "The total number of packets which were dropped
457: during send processing by all currently
458: and previously
459: active IPsec Phase-1 IKE Tunnels."
460: ::= { ikeGlobalStats 13 }
461:
462: ikeGlobalOutNotifys OBJECT-TYPE
463: SYNTAX Counter32
464: UNITS "Notification Payloads"
465: MAX-ACCESS read-only
466: STATUS current
467: DESCRIPTION
468: "The total number of notifys sent by all currently
469: and previously active IPsec Phase-1 IKE Tunnels."
470: ::= { ikeGlobalStats 14 }
471:
472: ikeGlobalOutP2Exchgs OBJECT-TYPE
473: SYNTAX Counter32
474: UNITS "SA Payloads"
475: MAX-ACCESS read-only
476: STATUS current
477: DESCRIPTION
478: "The total number of IPsec Phase-2 exchanges
479: which were sent by all currently and previously
480: active IPsec Phase-1 IKE Tunnels."
481: ::= { ikeGlobalStats 15 }
482:
483: ikeGlobalOutP2ExchgInvalids OBJECT-TYPE
484: SYNTAX Counter32
485: UNITS "SA Payloads"
486: MAX-ACCESS read-only
487: STATUS current
488: DESCRIPTION
489: "The total number of IPsec Phase-2 exchanges
490: which were sent and were flagged by the peer to
491: contain references to unrecognized security
492: parameters. This value is accumulated across all
493: currently and previously active IPsec ISAKMP SAs."
494: ::= { ikeGlobalStats 16 }
495:
496: ikeGlobalOutP2ExchgRejects OBJECT-TYPE
497: SYNTAX Counter32
498: UNITS "SA Payloads"
499: MAX-ACCESS read-only
500: STATUS current
501: DESCRIPTION
502: "The total number of IPsec Phase-2 exchanges
503: which were sent, validated by the peer but were
504: rejected by the peer's policy. This value is
505: accumulated across all currently and previously
506: active IPsec ISAKMP SAs."
507: ::= { ikeGlobalStats 17 }
508:
509: ikeGlobalOutP2SaDelRequests OBJECT-TYPE
510: SYNTAX Counter32
511: UNITS "Notification Payloads"
512: MAX-ACCESS read-only
513: STATUS current
514: DESCRIPTION
515: "The total number of IPsec Phase-2 SA
516: delete requests sent by all currently and
517: previously active IPsec Phase-1 IKE Tunnels."
518: ::= { ikeGlobalStats 18 }
519:
520: ikeGlobalInitTunnels OBJECT-TYPE
521: SYNTAX Counter32
522: UNITS "SAs"
523: MAX-ACCESS read-only
524: STATUS current
525: DESCRIPTION
526: "The total number of IPsec Phase-1 IKE
527: Tunnels which were locally initiated."
528: ::= { ikeGlobalStats 19 }
529:
530: ikeGlobalInitTunnelFails OBJECT-TYPE
531: SYNTAX Counter32
532: UNITS "SAs"
533: MAX-ACCESS read-only
534: STATUS current
535: DESCRIPTION
536: "The total number of IPsec Phase-1 IKE Tunnels
537: which were locally initiated and failed to activate."
538: ::= { ikeGlobalStats 20 }
539:
540: ikeGlobalRespTunnelFails OBJECT-TYPE
541: SYNTAX Counter32
542: UNITS "SAs"
543: MAX-ACCESS read-only
544: STATUS current
545: DESCRIPTION
546: "The total number of IPsec Phase-1 IKE Tunnels
547: which were remotely initiated and failed to activate."
548: ::= { ikeGlobalStats 21 }
549:
550: ikeGlobalSysCapFails OBJECT-TYPE
551: SYNTAX Counter32
552: UNITS "Failures"
553: MAX-ACCESS read-only
554: STATUS current
555: DESCRIPTION
556: "The total number of system capcity failures
557: which occurred during processing of all current
558: and previously active IPsec Phase-1 IKE Tunnels."
559: ::= { ikeGlobalStats 22 }
560:
561: ikeGlobalAuthFails OBJECT-TYPE
562: SYNTAX Counter32
563: UNITS "Failures"
564: MAX-ACCESS read-only
565: STATUS current
566: DESCRIPTION
567: "The total number of authentications which ended
568: in failure by all current and previous IPsec Phase-1
569: IKE Tunnels."
570: ::= { ikeGlobalStats 23 }
571:
572: ikeGlobalDecryptFails OBJECT-TYPE
573: SYNTAX Counter32
574: UNITS "Failures"
575: MAX-ACCESS read-only
576: STATUS current
577: DESCRIPTION
578: "The total number of decryptions which ended
579: in failure by all current and previous IPsec Phase-1
580: IKE Tunnels."
581: ::= { ikeGlobalStats 24 }
582:
583: ikeGlobalHashValidFails OBJECT-TYPE
584: SYNTAX Counter32
585: UNITS "Failures"
586: MAX-ACCESS read-only
587: STATUS current
588: DESCRIPTION
589: "The total number of hash validations which ended
590: in failure by all current and previous IPsec Phase-1
591: IKE Tunnels."
592: ::= { ikeGlobalStats 25 }
593:
594: ikeGlobalNoSaFails OBJECT-TYPE
595: SYNTAX Counter32
596: UNITS "Failures"
597: MAX-ACCESS read-only
598: STATUS current
599: DESCRIPTION
600: "The total number of non-existent Security Association
601: in failures which occurred during processing of
602: all current and previous IPsec Phase-1 IKE Tunnels."
603: ::= { ikeGlobalStats 26 }
604:
605: ikeGlobalRespTunnels OBJECT-TYPE
606: SYNTAX Counter32
607: UNITS "SAs"
608: MAX-ACCESS read-only
609: STATUS current
610: DESCRIPTION
611: "The total number of IPsec Phase-1 IKE
612: Tunnels which were remotely initiated."
613: ::= { ikeGlobalStats 27 }
614:
615: ikeGlobalInXauthFailures OBJECT-TYPE
616: SYNTAX Counter32
617: UNITS "Failures"
618: MAX-ACCESS read-only
619: STATUS current
620: DESCRIPTION
621: "The number of times the extended authentication
622: information supplied by an IKE peer was found
623: to be invalid by the local entity."
624: ::= { ikeGlobalStats 28 }
625:
626: ikeGlobalOutXauthFailures OBJECT-TYPE
627: SYNTAX Counter32
628: UNITS "Failures"
629: MAX-ACCESS read-only
630: STATUS current
631: DESCRIPTION
632: "The number of times the extended authentication
633: information supplied by the managed entity to an
634: IKE peer was found to be invalid by the remote peer."
635: ::= { ikeGlobalStats 29 }
636:
637: ikeGlobalInP1SaDelRequests OBJECT-TYPE
638: SYNTAX Counter32
639: UNITS "Notification Payloads"
640: MAX-ACCESS read-only
641: STATUS current
642: DESCRIPTION
643: "The total number of ISAKMP security association
644: delete requests received by all currently and
645: previously active and ISAKMP security associations."
646: ::= { ikeGlobalStats 30 }
647:
648: ikeGlobalOutP1SaDelRequests OBJECT-TYPE
649: SYNTAX Counter32
650: UNITS "Notification Payloads"
651: MAX-ACCESS read-only
652: STATUS current
653: DESCRIPTION
654: "The total number of ISAKMP security association
655: delete requests sent by all currently and
656: previously active and ISAKMP security associations."
657: ::= { ikeGlobalStats 31 }
658:
659: ikeGlobalInConfigs OBJECT-TYPE
660: SYNTAX Counter32
661: UNITS "Mode Configuration Setting Payloads"
662: MAX-ACCESS read-only
663: STATUS current
664: DESCRIPTION
665: "The total number of Mode Configuration settings
666: received (either CFG_REPLY or CFG_SET payloads)
667: by this entity."
668: ::= { ikeGlobalStats 32 }
669:
670: ikeGlobalOutConfigs OBJECT-TYPE
671: SYNTAX Counter32
672: UNITS "Mode Configuration Setting Payloads"
673: MAX-ACCESS read-only
674: STATUS current
675: DESCRIPTION
676: "The total number of Mode Configuration settings
677: dispatched (either CFG_REPLY or CFG_SET payloads)
678: by this entity."
679: ::= { ikeGlobalStats 33 }
680:
681: ikeGlobalInConfigsRejects OBJECT-TYPE
682: SYNTAX Counter32
683: UNITS "Mode Configuration Setting Acknowledgements"
684: MAX-ACCESS read-only
685: STATUS current
686: DESCRIPTION
687: "The total number of Mode Configuration settings
688: which were received (either CFG_REPLY or CFG_SET
689: payloads) by this entity and which were rejected
690: by the local entity."
691: ::= { ikeGlobalStats 34 }
692:
693: ikeGlobalOutConfigsRejects OBJECT-TYPE
694: SYNTAX Counter32
695: UNITS "Mode Configuration Setting Acknowledgements"
696: MAX-ACCESS read-only
697: STATUS current
698: DESCRIPTION
699: "The total number of Mode Configuration settings
700: which were dispatched (either CFG_REPLY or CFG_SET
701: payloads) by this entity and which were rejected
702: by the client peer."
703: ::= { ikeGlobalStats 35 }
704:
705: ikeGlobalHcPreviousTunnels OBJECT-TYPE
706: SYNTAX Counter64
707: UNITS "Integral units"
708: MAX-ACCESS read-only
709: STATUS current
710: DESCRIPTION
711: "A high capacity count of the total number of
712: previously active IPsec Phase-1 IKE Tunnels. This i
713: equal to the total number of ISAKMP SAs that were
714: active since the bootup of the device but which
715: have since expired."
716: ::= { ikeGlobalStats 36 }
717:
718: ikeGlobalPreviousTunnelsWraps OBJECT-TYPE
719: SYNTAX Counter32
720: UNITS "Integral units"
721: MAX-ACCESS read-only
722: STATUS current
723: DESCRIPTION
724: "The number of times the quantit
725: `ikeGlobalPreviousTunnels' (previously active IPse
726: Phase-1 IKE tunnels) has wrapped."
727: ::= { ikeGlobalStats 37 }
728:
729:
730: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
731: -- The IPsec Phase-1 Internet Key Exchange Tunnel Table
732: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
733: ikeTunnelTable OBJECT-TYPE
734: SYNTAX SEQUENCE OF IkeTunnelEntry
735: MAX-ACCESS not-accessible
736: STATUS current
737: DESCRIPTION
738: "The IPsec Phase-1 Internet Key Exchange Tunnel Table.
739: There is one entry in this table for each active IPsec
740: Phase-1 IKE Tunnel."
741: ::= { ikeGroup 2 }
742:
743: ikeTunnelEntry OBJECT-TYPE
744: SYNTAX IkeTunnelEntry
745: MAX-ACCESS not-accessible
746: STATUS current
747: DESCRIPTION
748: "Each entry contains the attributes associated with
749: an active IPsec Phase-1 IKE Tunnel."
750: INDEX { ikeTunIndex }
751: ::= { ikeTunnelTable 1}
752:
753: IkeTunnelEntry ::= SEQUENCE {
754: ikeTunIndex Integer32,
755: ikeTunLocalType Phase1PeerIdentityType,
756: ikeTunLocalValue DisplayString,
757: ikeTunLocalAddr IPSIpAddress,
758: ikeTunLocalName DisplayString,
759: ikeTunRemoteType Phase1PeerIdentityType,
760: ikeTunRemoteValue DisplayString,
761: ikeTunRemoteAddr IPSIpAddress,
762: ikeTunRemoteName DisplayString,
763: ikeTunNegoMode IkeNegoMode,
764: ikeTunDiffHellmanGrp DiffHellmanGrp,
765: ikeTunEncryptAlgo EncryptAlgo,
766: ikeTunHashAlgo IkeHashAlgo,
767: ikeTunAuthMethod IkeAuthMethod,
768: ikeTunLifeTime Integer32,
769: ikeTunActiveTime TimeInterval,
770: ikeTunSaRefreshThreshold Integer32,
771: ikeTunTotalRefreshes Counter32,
772: ikeTunInOctets Counter32,
773: ikeTunInPkts Counter32,
774: ikeTunInDropPkts Counter32,
775: ikeTunInNotifys Counter32,
776: ikeTunInP2Exchgs Counter32,
777: ikeTunInP2ExchgInvalids Counter32,
778: ikeTunInP2ExchgRejects Counter32,
779: ikeTunInP2SaDelRequests Counter32,
780: ikeTunOutOctets Counter32,
781: ikeTunOutPkts Counter32,
782: ikeTunOutDropPkts Counter32,
783: ikeTunOutNotifys Counter32,
784: ikeTunOutP2Exchgs Counter32,
785: ikeTunOutP2ExchgInvalids Counter32,
786: ikeTunOutP2ExchgRejects Counter32,
787: ikeTunOutP2SaDelRequests Counter32,
788: ikeTunStatus TunnelStatus,
789: ikeTunInNewGrpReqs Counter32,
790: ikeTunOutNewGrpReqs Counter32,
791: ikeTunInNewGrpReqsRejected Counter32,
792: ikeTunOutNewGrpReqsRejected Counter32,
793: ikeTunInConfigs Counter32,
794: ikeTunOutConfigs Counter32,
795: ikeTunInConfigsRejects Counter32,
796: ikeTunOutConfigsRejects Counter32,
797: ikeTunEncryptKeySize Integer32
798: }
799:
800: ikeTunIndex OBJECT-TYPE
801: SYNTAX Integer32 (1..2147483647)
802: MAX-ACCESS not-accessible
803: STATUS current
804: DESCRIPTION
805: "The index of the IPsec Phase-1 IKE Tunnel Table.
806: The value of the index is a number which begins
807: at one and is incremented with each tunnel that
808: is created. The value of this object will
809: wrap at 2,147,483,647."
810: ::= { ikeTunnelEntry 1 }
811:
812: ikeTunLocalType OBJECT-TYPE
813: SYNTAX Phase1PeerIdentityType
814: MAX-ACCESS read-only
815: STATUS current
816: DESCRIPTION
817: "The type of local peer identity. The local
818: peer may be identified by:
819: 1. an IP address, or
820: 2. or a fully qualified domain name string.
821: 3. or a distinguished name string."
822: ::= { ikeTunnelEntry 2 }
823:
824: ikeTunLocalValue OBJECT-TYPE
825: SYNTAX DisplayString
826: MAX-ACCESS read-only
827: STATUS current
828: DESCRIPTION
829: "The value of the local peer identity.
830:
831: If the local peer type is an IP Address, then this
832: is the IP Address used to identify the local peer.
833: If the local peer type is id_fqdn, then this is
834: the FQDN of the remote peer.
835:
836: If the local peer type is a id_dn, then this is
837: the distinguished name string of the local peer."
838: ::= { ikeTunnelEntry 3 }
839:
840: ikeTunLocalAddr OBJECT-TYPE
841: SYNTAX IPSIpAddress
842: MAX-ACCESS read-only
843: STATUS current
844: DESCRIPTION
845: "The IP address of the local endpoint for the IPsec
846: Phase-1 IKE Tunnel."
847: ::= { ikeTunnelEntry 4 }
848:
849: ikeTunLocalName OBJECT-TYPE
850: SYNTAX DisplayString
851: MAX-ACCESS read-only
852: STATUS current
853: DESCRIPTION
854: "The DNS name of the local IP address for
855: the IPsec Phase-1 IKE Tunnel. If the DNS
856: name associated with the local tunnel endpoint
857: is not known, then the value of this
858: object will be a NULL string."
859: ::= { ikeTunnelEntry 5 }
860:
861: ikeTunRemoteType OBJECT-TYPE
862: SYNTAX Phase1PeerIdentityType
863: MAX-ACCESS read-only
864: STATUS current
865: DESCRIPTION
866: "The type of remote peer identity.
867: The remote peer may be identified by:
868: 1. an IP address, or
869: 2. or a fully qualified domain name string.
870: 3. or a distinguished name string."
871: ::= { ikeTunnelEntry 6 }
872:
873: ikeTunRemoteValue OBJECT-TYPE
874: SYNTAX DisplayString
875: MAX-ACCESS read-only
876: STATUS current
877: DESCRIPTION
878: "The value of the remote peer identity.
879: If the remote peer type is an IP Address, then this
880: is the IP Address used to identify the remote peer.
881:
882: If the remote peer type is id_fqdn, then this is
883: the FQDN of the remote peer.
884:
885: If the remote peer type is a id_dn, then this is
886: the distinguished named string of the remote peer."
887: ::= { ikeTunnelEntry 7 }
888:
889: ikeTunRemoteAddr OBJECT-TYPE
890: SYNTAX IPSIpAddress
891: MAX-ACCESS read-only
892: STATUS current
893: DESCRIPTION
894: "The IP address of the remote endpoint for the IPsec
895: Phase-1 IKE Tunnel."
896: ::= { ikeTunnelEntry 8 }
897:
898: ikeTunRemoteName OBJECT-TYPE
899: SYNTAX DisplayString
900: MAX-ACCESS read-only
901: STATUS current
902: DESCRIPTION
903: "The DNS name of the remote IP address of IPsec Phase-1
904: IKE Tunnel. If the DNS name associated with the remote
905: tunnel endpoint is not known, then the value of this
906: object will be a NULL string."
907: ::= { ikeTunnelEntry 9 }
908:
909: ikeTunNegoMode OBJECT-TYPE
910: SYNTAX IkeNegoMode
911: MAX-ACCESS read-only
912: STATUS current
913: DESCRIPTION
914: "The negotiation mode of the IPsec Phase-1 IKE Tunnel."
915: ::= { ikeTunnelEntry 10 }
916:
917: ikeTunDiffHellmanGrp OBJECT-TYPE
918: SYNTAX DiffHellmanGrp
919: MAX-ACCESS read-only
920: STATUS current
921: DESCRIPTION
922: "The Diffie Hellman Group used in IPsec Phase-1 IKE
923: negotiations."
924: ::= { ikeTunnelEntry 11 }
925:
926: ikeTunEncryptAlgo OBJECT-TYPE
927: SYNTAX EncryptAlgo
928: MAX-ACCESS read-only
929: STATUS current
930: DESCRIPTION
931: "The encryption algorithm used in IPsec Phase-1 IKE
932: negotiations."
933: ::= { ikeTunnelEntry 12 }
934:
935: ikeTunHashAlgo OBJECT-TYPE
936: SYNTAX IkeHashAlgo
937: MAX-ACCESS read-only
938: STATUS current
939: DESCRIPTION
940: "The hash algorithm used in IPsec Phase-1 IKE
941: negotiations."
942: ::= { ikeTunnelEntry 13 }
943:
944: ikeTunAuthMethod OBJECT-TYPE
945: SYNTAX IkeAuthMethod
946: MAX-ACCESS read-only
947: STATUS current
948: DESCRIPTION
949: "The authentication method used in IPsec Phase-1 IKE
950: negotiations."
951: ::= { ikeTunnelEntry 14 }
952:
953: ikeTunLifeTime OBJECT-TYPE
954: SYNTAX Integer32 (1..2147483647)
955: UNITS "seconds"
956: MAX-ACCESS read-only
957: STATUS current
958: DESCRIPTION
959: "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
960: in seconds."
961: ::= { ikeTunnelEntry 15 }
962:
963: ikeTunActiveTime OBJECT-TYPE
964: SYNTAX TimeInterval
965: MAX-ACCESS read-only
966: STATUS current
967: DESCRIPTION
968: "The length of time the IPsec Phase-1 IKE tunnel has been
969: active in hundredths of seconds."
970: ::= { ikeTunnelEntry 16 }
971:
972: ikeTunSaRefreshThreshold OBJECT-TYPE
973: SYNTAX Integer32 (1..2147483647)
974: UNITS "seconds"
975: MAX-ACCESS read-only
976: STATUS current
977: DESCRIPTION
978: "The security assoication refresh threshold in seconds."
979: ::= { ikeTunnelEntry 17 }
980:
981: ikeTunTotalRefreshes OBJECT-TYPE
982: SYNTAX Counter32
983: UNITS "QM Exchanges"
984: MAX-ACCESS read-only
985: STATUS current
986: DESCRIPTION
987: "The total number of security associations
988: refreshes performed."
989: ::= { ikeTunnelEntry 18 }
990:
991: ikeTunInOctets OBJECT-TYPE
992: SYNTAX Counter32
993: UNITS "Octets"
994: MAX-ACCESS read-only
995: STATUS current
996: DESCRIPTION
997: "The total number of octets received by
998: this IPsec Phase-1 IKE Tunnel."
999: ::= { ikeTunnelEntry 19 }
1000:
1001: ikeTunInPkts OBJECT-TYPE
1002: SYNTAX Counter32
1003: UNITS "Packets"
1004: MAX-ACCESS read-only
1005: STATUS current
1006: DESCRIPTION
1007: "The total number of packets received by
1008: this IPsec Phase-1 IKE Tunnel."
1009: ::= { ikeTunnelEntry 20 }
1010:
1011: ikeTunInDropPkts OBJECT-TYPE
1012: SYNTAX Counter32
1013: UNITS "Packets"
1014: MAX-ACCESS read-only
1015: STATUS current
1016: DESCRIPTION
1017: "The total number of packets dropped
1018: by this IPsec Phase-1 IKE Tunnel during
1019: receive processing."
1020: ::= { ikeTunnelEntry 21 }
1021:
1022: ikeTunInNotifys OBJECT-TYPE
1023: SYNTAX Counter32
1024: UNITS "Notification Payloads"
1025: MAX-ACCESS read-only
1026: STATUS current
1027: DESCRIPTION
1028: "The total number of notifys received by
1029: this IPsec Phase-1 IKE Tunnel."
1030: ::= { ikeTunnelEntry 22 }
1031:
1032: ikeTunInP2Exchgs OBJECT-TYPE
1033: SYNTAX Counter32
1034: UNITS "SA Payloads"
1035: MAX-ACCESS read-only
1036: STATUS current
1037: DESCRIPTION
1038: "The total number of IPsec Phase-2
1039: exchanges received by
1040: this IPsec Phase-1 IKE Tunnel."
1041: ::= { ikeTunnelEntry 23 }
1042:
1043: ikeTunInP2ExchgInvalids OBJECT-TYPE
1044: SYNTAX Counter32
1045: UNITS "SA Payloads"
1046: MAX-ACCESS read-only
1047: STATUS current
1048: DESCRIPTION
1049: "The total number of IPsec Phase-2 exchanges
1050: received on this tunnel that were found to
1051: contain references to unrecognized security
1052: parameters."
1053: ::= { ikeTunnelEntry 24 }
1054:
1055: ikeTunInP2ExchgRejects OBJECT-TYPE
1056: SYNTAX Counter32
1057: UNITS "SA Payloads"
1058: MAX-ACCESS read-only
1059: STATUS current
1060: DESCRIPTION
1061: "The total number of IPsec Phase-2 exchanges
1062: received on this tunnel that were validated but were
1063: rejected by the local policy."
1064: ::= { ikeTunnelEntry 25 }
1065:
1066: ikeTunInP2SaDelRequests OBJECT-TYPE
1067: SYNTAX Counter32
1068: UNITS "Notification Payloads"
1069: MAX-ACCESS read-only
1070: STATUS current
1071: DESCRIPTION
1072: "The total number of IPsec Phase-2
1073: security association delete requests received
1074: by this IPsec Phase-1 IKE Tunnel."
1075: ::= { ikeTunnelEntry 26 }
1076:
1077: ikeTunOutOctets OBJECT-TYPE
1078: SYNTAX Counter32
1079: UNITS "Octets"
1080: MAX-ACCESS read-only
1081: STATUS current
1082: DESCRIPTION
1083: "The total number of octets sent by this IPsec Phase-1
1084: IKE Tunnel."
1085: ::= { ikeTunnelEntry 27 }
1086:
1087: ikeTunOutPkts OBJECT-TYPE
1088: SYNTAX Counter32
1089: UNITS "Packets"
1090: MAX-ACCESS read-only
1091: STATUS current
1092: DESCRIPTION
1093: "The total number of packets sent by this IPsec Phase-1
1094: IKE Tunnel."
1095: ::= { ikeTunnelEntry 28 }
1096:
1097: ikeTunOutDropPkts OBJECT-TYPE
1098: SYNTAX Counter32
1099: UNITS "Packets"
1100: MAX-ACCESS read-only
1101: STATUS current
1102: DESCRIPTION
1103: "The total number of packets dropped by this
1104: IPsec Phase-1 IKE Tunnel during send processing."
1105: ::= { ikeTunnelEntry 29 }
1106:
1107: ikeTunOutNotifys OBJECT-TYPE
1108: SYNTAX Counter32
1109: UNITS "Notification Payloads"
1110: MAX-ACCESS read-only
1111: STATUS current
1112: DESCRIPTION
1113: "The total number of notifys sent by this
1114: IPsec Phase-1 Tunnel."
1115: ::= { ikeTunnelEntry 30 }
1116:
1117: ikeTunOutP2Exchgs OBJECT-TYPE
1118: SYNTAX Counter32
1119: UNITS "SA Payloads"
1120: MAX-ACCESS read-only
1121: STATUS current
1122: DESCRIPTION
1123: "The total number of IPsec Phase-2 exchanges sent by
1124: this IPsec Phase-1 IKE Tunnel."
1125: ::= { ikeTunnelEntry 31 }
1126:
1127: ikeTunOutP2ExchgInvalids OBJECT-TYPE
1128: SYNTAX Counter32
1129: UNITS "SA Payloads"
1130: MAX-ACCESS read-only
1131: STATUS current
1132: DESCRIPTION
1133: "The total number of IPsec Phase-2 exchanges
1134: sent on this tunnel that were found by the peer
1135: to contain references to security parameters
1136: not recognized by the peer."
1137: ::= { ikeTunnelEntry 32 }
1138:
1139: ikeTunOutP2ExchgRejects OBJECT-TYPE
1140: SYNTAX Counter32
1141: UNITS "SA Payloads"
1142: MAX-ACCESS read-only
1143: STATUS current
1144: DESCRIPTION
1145: "The total number of IPsec Phase-2 exchanges
1146: sent on this tunnel that were validated by the peer
1147: but were rejected by the peer's policy."
1148: ::= { ikeTunnelEntry 33 }
1149:
1150: ikeTunOutP2SaDelRequests OBJECT-TYPE
1151: SYNTAX Counter32
1152: UNITS "Notification Payloads"
1153: MAX-ACCESS read-only
1154: STATUS current
1155: DESCRIPTION
1156: "The total number of IPsec Phase-2 security association
1157: delete requests sent by this IPsec Phase-1 IKE Tunnel."
1158: ::= { ikeTunnelEntry 34 }
1159:
1160: ikeTunStatus OBJECT-TYPE
1161: SYNTAX TunnelStatus
1162: MAX-ACCESS read-write
1163: STATUS current
1164: DESCRIPTION
1165: "The status of the MIB table row.
1166:
1167: This object can be used to bring the tunnel down
1168: by setting value of this object to destroy(2).
1169:
1170: This object cannot be used to create
1171: a MIB table row."
1172: ::= { ikeTunnelEntry 35 }
1173:
1174: ikeTunInNewGrpReqs OBJECT-TYPE
1175: SYNTAX Counter32
1176: UNITS "Negotiations"
1177: MAX-ACCESS read-only
1178: STATUS current
1179: DESCRIPTION
1180: "The total number of New Group exchanges initiated
1181: remotely using this IKE tunnel."
1182: ::= { ikeTunnelEntry 36 }
1183:
1184: ikeTunOutNewGrpReqs OBJECT-TYPE
1185: SYNTAX Counter32
1186: UNITS "Negotiations"
1187: MAX-ACCESS read-only
1188: STATUS current
1189: DESCRIPTION
1190: "The total number of New Group exchanges initiated
1191: locally using this IKE tunnel."
1192: ::= { ikeTunnelEntry 37 }
1193:
1194: ikeTunInNewGrpReqsRejected OBJECT-TYPE
1195: SYNTAX Counter32
1196: UNITS "Negotiations"
1197: MAX-ACCESS read-only
1198: STATUS current
1199: DESCRIPTION
1200: "The total number of New Group exchanges initiated
1201: remotely using this IKE tunnel that ended in a failure."
1202: ::= { ikeTunnelEntry 38 }
1203:
1204: ikeTunOutNewGrpReqsRejected OBJECT-TYPE
1205: SYNTAX Counter32
1206: UNITS "Negotiations"
1207: MAX-ACCESS read-only
1208: STATUS current
1209: DESCRIPTION
1210: "The total number of New Group exchanges initiated
1211: locally using this IKE tunnel that ended in a failure."
1212: ::= { ikeTunnelEntry 39 }
1213:
1214: ikeTunInConfigs OBJECT-TYPE
1215: SYNTAX Counter32
1216: UNITS "Mode Configuration Setting Payloads"
1217: MAX-ACCESS read-only
1218: STATUS current
1219: DESCRIPTION
1220: "The total number of Mode Configuration settings
1221: received (either CFG_REPLY or CFG_SET payloads)
1222: by the local entity on the ISAKMP SA represented by this
1223: IKE tunnel."
1224: ::= { ikeTunnelEntry 40 }
1225:
1226: ikeTunOutConfigs OBJECT-TYPE
1227: SYNTAX Counter32
1228: UNITS "Mode Configuration Setting Payloads"
1229: MAX-ACCESS read-only
1230: STATUS current
1231: DESCRIPTION
1232: "The total number of Mode Configuration settings
1233: dispatched (either CFG_REPLY or CFG_SET payloads)
1234: by the local entity on the ISAKMP SA represented by this
1235: IKE tunnel."
1236: ::= { ikeTunnelEntry 41 }
1237:
1238: ikeTunInConfigsRejects OBJECT-TYPE
1239: SYNTAX Counter32
1240: UNITS "Mode Configuration Setting Payloads"
1241: MAX-ACCESS read-only
1242: STATUS current
1243: DESCRIPTION
1244: "The total number of Mode Configuration settings
1245: which were received (either CFG_REPLY or CFG_SET
1246: payloads) and rejected by this entity using the ISAKMP
1247: SA represented by this IKE tunnel."
1248: ::= { ikeTunnelEntry 42 }
1249:
1250: ikeTunOutConfigsRejects OBJECT-TYPE
1251: SYNTAX Counter32
1252: UNITS "Mode Configuration Setting Payloads"
1253: MAX-ACCESS read-only
1254: STATUS current
1255: DESCRIPTION
1256: "The total number of Mode Configuration settings
1257: which were dispatched (either CFG_REPLY or CFG_SET
1258: payloads) by this entity and were rejected by the
1259: peer (client) using the ISAKMP SA represented by this
1260: IKE tunnel."
1261: ::= { ikeTunnelEntry 43 }
1262:
1263: ikeTunEncryptKeySize OBJECT-TYPE
1264: SYNTAX Integer32
1265: UNITS "Bits"
1266: MAX-ACCESS read-only
1267: STATUS current
1268: DESCRIPTION
1269: "The key size in bits of the negotiated key to be
1270: used with the algorithm denoted by the column
1271: 'ikeTunEncryptAlgo'. For DES and 3DES the key size i
1272: respectively 56 and 168. For AES, this will denote th
1273: negotiated key size."
1274: ::= { ikeTunnelEntry 44 }
1275:
1276: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1277: -- The IPsec Phase-1 Internet Key Exchange Peer Table.
1278: -- This is a mandatory group. If all IPsec flows are manually
1279: -- administred, this table would be empty.
1280: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1281: phase1PeerTable OBJECT-TYPE
1282: SYNTAX SEQUENCE OF Phase1PeerEntry
1283: MAX-ACCESS not-accessible
1284: STATUS current
1285: DESCRIPTION
1286: "The IPsec Phase-1 Key Exchange Peer Table. Ther
1287: is one entry in this table for each IPsec Phase-1 pee
1288: with which the managed entity is currently associate
1289: by virtue of an active IPsec Phase-1 Control Tunnel.
1290: peer has an entry in this table, if and only if ther
1291: is at least one Phase-1 or Phase-2 tunnel terminatin
1292: on the managed entity from the peer. When all Phase-
1293: and Phase-2 tunnels to a peer have expired, the entr
1294: for the peer is deleted off this table."
1295: ::= { ipSecPhaseOne 2 }
1296:
1297: phase1PeerEntry OBJECT-TYPE
1298: SYNTAX Phase1PeerEntry
1299: MAX-ACCESS not-accessible
1300: STATUS current
1301: DESCRIPTION
1302: "Each entry contains the attributes associated
1303: with an IPsec Phase-1 IKE peer association."
1304: INDEX { phase1PeerLocalType,
1305: phase1PeerHLocalValue,
1306: phase1PeerRemoteType,
1307: phase1PeerHRemoteValue,
1308: phase1PeerIntIndex }
1309: ::= { phase1PeerTable 1}
1310:
1311: Phase1PeerEntry ::= SEQUENCE {
1312: phase1PeerLocalType Phase1PeerIdentityType,
1313: phase1PeerLocalValue DisplayString,
1314: phase1PeerHLocalValue HashedString,
1315: phase1PeerRemoteType Phase1PeerIdentityType,
1316: phase1PeerRemoteValue DisplayString,
1317: phase1PeerHRemoteValue HashedString,
1318: phase1PeerIntIndex Integer32,
1319: phase1PeerLocalAddr IPSIpAddress,
1320: phase1PeerRemoteAddr IPSIpAddress,
1321: phase1PeerActiveTime TimeInterval,
1322: phase1PeerActiveTunnelIndex Integer32,
1323: phase1PeerConfigAppVersion DisplayString,
1324: phase1PeerConfigAddress IPSIpAddress,
1325: phase1PeerConfigNetmask IPSIpAddress,
1326: phase1PeerConfigDns IPSIpAddress,
1327: phase1PeerConfigNbns IPSIpAddress,
1328: phase1PeerConfigDhcp IPSIpAddress,
1329: phase1Protocol ControlProtocol
1330: }
1331:
1332: phase1PeerLocalType OBJECT-TYPE
1333: SYNTAX Phase1PeerIdentityType
1334: MAX-ACCESS not-accessible
1335: STATUS current
1336: DESCRIPTION
1337: "The type of local peer identity. The local peer
1338: may be identified by:
1339: 1. an IP address, or
1340: 2. or a fully qualified domain name.
1341: 3. or a distinguished name."
1342: ::= { phase1PeerEntry 1 }
1343:
1344: phase1PeerLocalValue OBJECT-TYPE
1345: SYNTAX DisplayString
1346: MAX-ACCESS read-only
1347: STATUS current
1348: DESCRIPTION
1349: "The value of the local peer identity.
1350:
1351: If the local peer type is an IP Address, then this
1352: is the IP Address used to identify the local peer.
1353:
1354: If the local peer type is a id_fqdn, then this is
1355: the FQDN of the local peer.
1356:
1357: If the local peer type is id_dn, then this is
1358: the DN string of the local peer. Value of this object
1359: could be arbitrarily large making this object unsuitable
1360: to be used for indexing this table (please refer to
1361: the definition of 'phase1PeerHLocalValue'."
1362: ::= { phase1PeerEntry 2 }
1363:
1364: phase1PeerHLocalValue OBJECT-TYPE
1365: SYNTAX HashedString
1366: MAX-ACCESS not-accessible
1367: STATUS current
1368: DESCRIPTION
1369: "The 128-bit MD5 hash output of the value represente
1370: by the element phase1PeerLocalValue. The hashing is
1371: required to restrict the length of the SNMP index
1372: to a legal size:
1373:
1374: phase1PeerHRemoteValue = MD5(phase1PeerLocalValue)."
1375: ::= { phase1PeerEntry 3 }
1376:
1377: phase1PeerRemoteType OBJECT-TYPE
1378: SYNTAX Phase1PeerIdentityType
1379: MAX-ACCESS not-accessible
1380: STATUS current
1381: DESCRIPTION
1382: "The type of remote peer identity. The remote peer
1383: may be identified by:
1384: 1. an IP address, or
1385: 2. or a fully qualified domain name.
1386: 3. or a distinguished name."
1387: ::= { phase1PeerEntry 4 }
1388:
1389: phase1PeerRemoteValue OBJECT-TYPE
1390: SYNTAX DisplayString
1391: MAX-ACCESS read-only
1392: STATUS current
1393: DESCRIPTION
1394: "The value of the remote peer identity.
1395: If the remote peer type is an IP Address, then this
1396: is the IP Address used to identify the remote peer.
1397:
1398: If the remote peer type is id_fqdn, then this is
1399: the FQDN of the remote peer.
1400:
1401: If the remote peer type is a id_dn, then this is
1402: the DN string of the remote peer. Value of this object
1403: could be arbitrarily large making this object unsuitable
1404: to be used for indexing this table (please refer to
1405: the definition of 'phase1PeerHRemoteValue'."
1406: ::= { phase1PeerEntry 5 }
1407:
1408: phase1PeerHRemoteValue OBJECT-TYPE
1409: SYNTAX HashedString
1410: MAX-ACCESS not-accessible
1411: STATUS current
1412: DESCRIPTION
1413: "The 128-bit MD5 hash output of the value represente
1414: by the element phase1PeerRemoteValue. The hashing is
1415: required to restrict the length of the SNMP index
1416: to a legal size:
1417:
1418: phase1PeerHRemoteValue = MD5(phase1PeerRemoteValue)."
1419: ::= { phase1PeerEntry 6 }
1420:
1421: phase1PeerIntIndex OBJECT-TYPE
1422: SYNTAX Integer32 (1..2147483647)
1423: MAX-ACCESS not-accessible
1424: STATUS current
1425: DESCRIPTION
1426: "The internal index of the local-remote
1427: peer association. This internal index is used
1428: to uniquely identify multiple associations between
1429: the local and remote peer."
1430: ::= { phase1PeerEntry 7 }
1431:
1432: phase1PeerLocalAddr OBJECT-TYPE
1433: SYNTAX IPSIpAddress
1434: MAX-ACCESS read-only
1435: STATUS current
1436: DESCRIPTION
1437: "The IP address of the local peer."
1438: ::= { phase1PeerEntry 8 }
1439:
1440: phase1PeerRemoteAddr OBJECT-TYPE
1441: SYNTAX IPSIpAddress
1442: MAX-ACCESS read-only
1443: STATUS current
1444: DESCRIPTION
1445: "The IP address of the remote peer."
1446: ::= { phase1PeerEntry 9 }
1447:
1448: phase1PeerActiveTime OBJECT-TYPE
1449: SYNTAX TimeInterval
1450: MAX-ACCESS read-only
1451: STATUS current
1452: DESCRIPTION
1453: "The length of time that the peer association has
1454: existed in hundredths of a second."
1455: ::= { phase1PeerEntry 10 }
1456:
1457: phase1PeerActiveTunnelIndex OBJECT-TYPE
1458: SYNTAX Integer32 (1..2147483647)
1459: MAX-ACCESS read-only
1460: STATUS current
1461: DESCRIPTION
1462: "The index of the active IPsec Phase-1 IKE Tunnel
1463: (ikeTunIndex in the ikeTunnelTable) for this peer
1464: association. If an IPsec Phase-1 IKE Tunnel is
1465: not currently active, then the value of this
1466: object will be zero."
1467: ::= { phase1PeerEntry 11 }
1468:
1469: phase1PeerConfigAppVersion OBJECT-TYPE
1470: SYNTAX DisplayString
1471: MAX-ACCESS read-only
1472: STATUS current
1473: DESCRIPTION
1474: "The NULL terminated printable application version of the
1475: peer. If the peer did not issue the APPLICATION_VERSION
1476: attribute, this field is NULL."
1477: ::= { phase1PeerEntry 12 }
1478:
1479: phase1PeerConfigAddress OBJECT-TYPE
1480: SYNTAX IPSIpAddress
1481: MAX-ACCESS read-only
1482: STATUS current
1483: DESCRIPTION
1484: "The IP address configured by the peer on this entity.
1485: If the local entity did not receive either
1486: INTERNAL_IP4_ADDRESS or INTERNAL_IP6_ADDRESS from
1487: the peer, this field should have the NULL IP address."
1488: ::= { phase1PeerEntry 13 }
1489:
1490: phase1PeerConfigNetmask OBJECT-TYPE
1491: SYNTAX IPSIpAddress
1492: MAX-ACCESS read-only
1493: STATUS current
1494: DESCRIPTION
1495: "The netmask configured by the peer on this entity.
1496: If the local entity did not receive either
1497: INTERNAL_V4_MASK or INTERNAL_IP6_MASK from
1498: the peer, this field should have the NULL IP address."
1499: ::= { phase1PeerEntry 14 }
1500:
1501: phase1PeerConfigDns OBJECT-TYPE
1502: SYNTAX IPSIpAddress
1503: MAX-ACCESS read-only
1504: STATUS current
1505: DESCRIPTION
1506: "The address of the DNS server configured by the peer
1507: on the local entity using CFG_SET or CFG_REPLY. If the
1508: local entity did not receive either INTERNAL_V4_DNS or
1509: INTERNAL_IP6_DNS from the peer, this field should have
1510: the NULL IP address."
1511: ::= { phase1PeerEntry 15 }
1512:
1513: phase1PeerConfigNbns OBJECT-TYPE
1514: SYNTAX IPSIpAddress
1515: MAX-ACCESS read-only
1516: STATUS current
1517: DESCRIPTION
1518: "The address of the NetBios Name Server configured by
1519: the peer on the local entity using CFG_SET or CFG_REPLY.
1520: If the local entity did not receive either INTERNAL_V4_NBNS
1521: INTERNAL_IP6_NBNS from the peer, this field should have
1522: the NULL IP address."
1523: ::= { phase1PeerEntry 16 }
1524:
1525: phase1PeerConfigDhcp OBJECT-TYPE
1526: SYNTAX IPSIpAddress
1527: MAX-ACCESS read-only
1528: STATUS current
1529: DESCRIPTION
1530: "The address of the DHCP Server configured by the peer
1531: on the local entity using CFG_SET or CFG_REPLY.
1532: If the local entity did not receive either INTERNAL_V4_DHCP
1533: INTERNAL_IP6_DHCP from the peer, this field should have
1534: the NULL IP address."
1535: ::= { phase1PeerEntry 17 }
1536:
1537: phase1Protocol OBJECT-TYPE
1538: SYNTAX ControlProtocol
1539: MAX-ACCESS read-only
1540: STATUS current
1541: DESCRIPTION
1542: "The keying and control protocol used to setup
1543: and administer Phase-1 and Phase-2 tunnels to this
1544: peer."
1545: ::= { phase1PeerEntry 18 }
1546:
1547: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1548: -- The Phase-1 Peer Association to Phase-2 Tunnel Correlatio
1549: -- Table
1550: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1551: phase1PeerCorrTable OBJECT-TYPE
1552: SYNTAX SEQUENCE OF Phase1PeerCorrEntry
1553: MAX-ACCESS not-accessible
1554: STATUS current
1555: DESCRIPTION
1556: "The IPsec Phase-1 Peer Association to IPsec Phase-
1557: Tunnel Correlation Table. There is one entry in this tabl
1558: for each active IPsec Phase-2 Tunnel."
1559: ::= { ipSecPhaseOne 3 }
1560:
1561: phase1PeerCorrEntry OBJECT-TYPE
1562: SYNTAX Phase1PeerCorrEntry
1563: MAX-ACCESS not-accessible
1564: STATUS current
1565: DESCRIPTION
1566: "Each entry contains the attributes of an
1567: IPsec Phase-1 Peer Association to IPsec Phase-
1568: Tunnel Correlation."
1569: INDEX { phase1PeerCorrLocalType,
1570: phase1PeerCorrLocalValue,
1571: phase1PeerCorrRemoteType,
1572: phase1PeerCorrRemoteValue,
1573: phase1PeerCorrIntIndex,
1574: phase1PeerCorrSeqNum }
1575: ::= { phase1PeerCorrTable 1}
1576:
1577: Phase1PeerCorrEntry ::= SEQUENCE {
1578: phase1PeerCorrLocalType Phase1PeerIdentityType,
1579: phase1PeerCorrLocalValue DisplayString,
1580: phase1PeerCorrRemoteType Phase1PeerIdentityType,
1581: phase1PeerCorrRemoteValue DisplayString,
1582: phase1PeerCorrIntIndex Integer32,
1583: phase1PeerCorrSeqNum Integer32,
1584: phase1PeerCorrIpSecTunIndex Integer32,
1585: phase1PeerCorrControlProtocol ControlProtocol
1586: }
1587:
1588: phase1PeerCorrLocalType OBJECT-TYPE
1589: SYNTAX Phase1PeerIdentityType
1590: MAX-ACCESS not-accessible
1591: STATUS current
1592: DESCRIPTION
1593: "The type of local peer identity. The local peer
1594: may be identified by:
1595: 1. an IP address, or
1596: 2. or a fully qualified domain name.
1597: 3. or a distinguished name."
1598: ::= { phase1PeerCorrEntry 1 }
1599:
1600: phase1PeerCorrLocalValue OBJECT-TYPE
1601: SYNTAX DisplayString
1602: MAX-ACCESS not-accessible
1603: STATUS current
1604: DESCRIPTION
1605: "The value of the local peer identity.
1606:
1607: If the local peer type is an IP Address, then this
1608: is the IP Address used to identify the local peer.
1609:
1610: If the local peer type is id_fqdn, then this is
1611: the FQDN of the local entity.
1612:
1613: If the local peer type is a id_dn, then this is
1614: the distinguished named string of the local peer."
1615: ::= { phase1PeerCorrEntry 2 }
1616:
1617: phase1PeerCorrRemoteType OBJECT-TYPE
1618: SYNTAX Phase1PeerIdentityType
1619: MAX-ACCESS not-accessible
1620: STATUS current
1621: DESCRIPTION
1622: "The type of remote peer identity. The remote peer
1623: may be identified by:
1624: 1. an IP address, or
1625: 2. or a fully qualified domain name.
1626: 3. or a distinguished name."
1627: ::= { phase1PeerCorrEntry 3 }
1628:
1629: phase1PeerCorrRemoteValue OBJECT-TYPE
1630: SYNTAX DisplayString
1631: MAX-ACCESS not-accessible
1632: STATUS current
1633: DESCRIPTION
1634: "The value of the remote peer identity.
1635:
1636: If the remote peer type is an IP Address, then this
1637: is the IP Address used to identify the remote peer.
1638:
1639: If the remote peer type is id_fqdn, then this is
1640: the FQDN of the remote peer.
1641:
1642: If the remote peer type is a id_dn, then this is
1643: the distinguished named string of the remote peer."
1644: ::= { phase1PeerCorrEntry 4 }
1645:
1646: phase1PeerCorrIntIndex OBJECT-TYPE
1647: SYNTAX Integer32 (1..2147483647)
1648: MAX-ACCESS not-accessible
1649: STATUS current
1650: DESCRIPTION
1651: "The internal index of the local-remote
1652: peer association. This internal index is
1653: used to uniquely identify multiple associations
1654: between the local and remote peer."
1655: ::= { phase1PeerCorrEntry 5 }
1656:
1657: phase1PeerCorrSeqNum OBJECT-TYPE
1658: SYNTAX Integer32 (1..2147483647)
1659: MAX-ACCESS not-accessible
1660: STATUS current
1661: DESCRIPTION
1662: "The sequence number of the local-remote
1663: peer association. This sequence number is
1664: used to uniquely identify multiple instances
1665: of an unique association between
1666: the local and remote peer."
1667: ::= { phase1PeerCorrEntry 6 }
1668:
1669: phase1PeerCorrIpSecTunIndex OBJECT-TYPE
1670: SYNTAX Integer32 (1..2147483647)
1671: MAX-ACCESS read-only
1672: STATUS current
1673: DESCRIPTION
1674: "The index of the active IPsec Phase-2 Tunnel
1675: (ipSecTunIndex in the ipSecTunnelTable) for this
1676: IPsec Phase-1 IKE Peer Association."
1677: ::= { phase1PeerCorrEntry 7 }
1678:
1679: phase1PeerCorrControlProtocol OBJECT-TYPE
1680: SYNTAX ControlProtocol
1681: MAX-ACCESS read-only
1682: STATUS current
1683: DESCRIPTION
1684: "The keying and control protocol used to setup
1685: and administer the Phase-1 and Phase-2 tunnels thi
1686: table entry refers to."
1687: ::= { phase1PeerCorrEntry 8 }
1688:
1689: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1690: -- IPsec Phase-2 Group
1691: --
1692: -- This group consists of:
1693: -- 1) IPsec Phase-2 Global Statistics
1694: -- 2) IPsec Phase-2 Tunnel Table
1695: -- 3) IPsec Phase-2 Endpoint Table
1696: -- 4) IPsec Phase-2 Security Protection Index Table
1697: -- 4) IPsec Phase-2 Security Protection Index Objects
1698: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1699:
1700: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1701: -- The IPsec Phase-2 Global Tunnel Statistics
1702: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1703: ipSecGlobalStats OBJECT IDENTIFIER
1704: ::= { ipSecPhaseTwo 1 }
1705:
1706: ipSecGlobalActiveTunnels OBJECT-TYPE
1707: SYNTAX Gauge32
1708: UNITS "Integral units"
1709: MAX-ACCESS read-only
1710: STATUS current
1711: DESCRIPTION
1712: "The total number of currently active
1713: IPsec Phase-2 Tunnels."
1714: ::= { ipSecGlobalStats 1 }
1715:
1716: ipSecGlobalPreviousTunnels OBJECT-TYPE
1717: SYNTAX Counter32
1718: UNITS "Phase-2 Tunnels"
1719: MAX-ACCESS read-only
1720: STATUS current
1721: DESCRIPTION
1722: "The total number of previously active
1723: IPsec Phase-2 Tunnels."
1724: ::= { ipSecGlobalStats 2 }
1725:
1726: ipSecGlobalInOctets OBJECT-TYPE
1727: SYNTAX Counter32
1728: UNITS "Octets"
1729: MAX-ACCESS read-only
1730: STATUS current
1731: DESCRIPTION
1732: "The total number of octets received by all
1733: current and previous IPsec Phase-2 Tunnels.
1734: This value is
1735: accumulated BEFORE determining whether or not
1736: the packet should be decompressed. See also
1737: ipSecGlobalInOctWraps for the number of times
1738: this counter has wrapped."
1739: ::= { ipSecGlobalStats 3 }
1740:
1741: ipSecGlobalHcInOctets OBJECT-TYPE
1742: SYNTAX Counter64
1743: MAX-ACCESS read-only
1744: STATUS current
1745: DESCRIPTION
1746: "A high capacity count of the total number of
1747: octets received by all current and previous
1748: IPsec Phase-2 Tunnels. This value is accumulated
1749: BEFORE determining whether or not the packet
1750: should be decompressed."
1751: ::= { ipSecGlobalStats 4 }
1752:
1753: ipSecGlobalInOctWraps OBJECT-TYPE
1754: SYNTAX Counter32
1755: UNITS "Integral units"
1756: MAX-ACCESS read-only
1757: STATUS current
1758: DESCRIPTION
1759: "The number of times the global octets received
1760: counter (ipSecGlobalInOctets) has wrapped."
1761: ::= { ipSecGlobalStats 5 }
1762:
1763: ipSecGlobalInDecompOctets OBJECT-TYPE
1764: SYNTAX Counter32
1765: UNITS "Octets"
1766: MAX-ACCESS read-only
1767: STATUS current
1768: DESCRIPTION
1769: "The total number of decompressed octets received
1770: by all current and previous IPsec Phase-2 Tunnels.
1771: This value is accumulated AFTER the packet is
1772: decompressed. If compression is not being used,
1773: this value will match the value of ipSecGlobalInOctets.
1774: See also ipSecGlobalInDecompOctWraps
1775: for the number of times this counter has wrapped."
1776: ::= { ipSecGlobalStats 6 }
1777:
1778: ipSecGlobalHcInDecompOctets OBJECT-TYPE
1779: SYNTAX Counter64
1780: MAX-ACCESS read-only
1781: STATUS current
1782: DESCRIPTION
1783: "A high capacity count of the total number
1784: of decompressed octets received by all current
1785: and previous IPsec Phase-2 Tunnels. This value
1786: is accumulated AFTER the packet is decompressed.
1787: If compression is not being used, this value
1788: will match the value of ipSecGlobalHcInOctets."
1789: ::= { ipSecGlobalStats 7 }
1790:
1791: ipSecGlobalInDecompOctWraps OBJECT-TYPE
1792: SYNTAX Counter32
1793: UNITS "Integral units"
1794: MAX-ACCESS read-only
1795: STATUS current
1796: DESCRIPTION
1797: "The number of times the global decompressed
1798: octets received counter
1799: (ipSecGlobalInDecompOctets) has wrapped."
1800: ::= { ipSecGlobalStats 8 }
1801:
1802: ipSecGlobalInPkts OBJECT-TYPE
1803: SYNTAX Counter32
1804: UNITS "Packets"
1805: MAX-ACCESS read-only
1806: STATUS current
1807: DESCRIPTION
1808: "The total number of packets received
1809: by all current and previous
1810: IPsec Phase-2 Tunnels."
1811: ::= { ipSecGlobalStats 9 }
1812:
1813: ipSecGlobalInDrops OBJECT-TYPE
1814: SYNTAX Counter32
1815: UNITS "Packets"
1816: MAX-ACCESS read-only
1817: STATUS current
1818: DESCRIPTION
1819: "The total number of packets dropped
1820: during receive processing by all current and previous
1821: IPsec Phase-2 Tunnels. This count does
1822: NOT include packets dropped due to
1823: Anti-Replay processing."
1824: ::= { ipSecGlobalStats 10 }
1825:
1826: ipSecGlobalInReplayDrops OBJECT-TYPE
1827: SYNTAX Counter32
1828: UNITS "Packets"
1829: MAX-ACCESS read-only
1830: STATUS current
1831: DESCRIPTION
1832: "The total number of packets dropped during
1833: receive processing due to Anti-Replay
1834: processing by all current and previous IPsec
1835: Phase-2 Tunnels."
1836: ::= { ipSecGlobalStats 11 }
1837:
1838: ipSecGlobalInAuths OBJECT-TYPE
1839: SYNTAX Counter32
1840: UNITS "Events"
1841: MAX-ACCESS read-only
1842: STATUS current
1843: DESCRIPTION
1844: "The total number of inbound authentication's
1845: performed by all current and previous IPsec
1846: Phase-2 Tunnels."
1847: ::= { ipSecGlobalStats 12 }
1848:
1849: ipSecGlobalInAuthFails OBJECT-TYPE
1850: SYNTAX Counter32
1851: UNITS "Failures"
1852: MAX-ACCESS read-only
1853: STATUS current
1854: DESCRIPTION
1855: "The total number of inbound authentication's
1856: which ended in failure by all current and previous
1857: IPsec Phase-2 Tunnels."
1858: ::= { ipSecGlobalStats 13 }
1859:
1860: ipSecGlobalInDecrypts OBJECT-TYPE
1861: SYNTAX Counter32
1862: UNITS "Packets"
1863: MAX-ACCESS read-only
1864: STATUS current
1865: DESCRIPTION
1866: "The total number of inbound decryption's
1867: performed by all current and previous IPsec
1868: Phase-2 Tunnels."
1869: ::= { ipSecGlobalStats 14 }
1870:
1871: ipSecGlobalInDecryptFails OBJECT-TYPE
1872: SYNTAX Counter32
1873: UNITS "Packets"
1874: MAX-ACCESS read-only
1875: STATUS current
1876: DESCRIPTION
1877: "The total number of inbound decryption's
1878: which ended in failure by all current and
1879: previous IPsec Phase-2 Tunnels."
1880: ::= { ipSecGlobalStats 15 }
1881:
1882: ipSecGlobalOutOctets OBJECT-TYPE
1883: SYNTAX Counter32
1884: UNITS "Octets"
1885: MAX-ACCESS read-only
1886: STATUS current
1887: DESCRIPTION
1888: "The total number of octets sent by all
1889: current and previous IPsec Phase-2 Tunnels.
1890: This value is accumulated AFTER determining
1891: whether or not the packet should be compressed.
1892: See also ipSecGlobalOutOctWraps for the
1893: number of times this counter has wrapped."
1894: ::= { ipSecGlobalStats 16 }
1895:
1896: ipSecGlobalHcOutOctets OBJECT-TYPE
1897: SYNTAX Counter64
1898: MAX-ACCESS read-only
1899: STATUS current
1900: DESCRIPTION
1901: "A high capacity count of the total number
1902: of octets sent by all current and previous
1903: IPsec Phase-2 Tunnels. This value is accumulated
1904: AFTER determining whether or not the packet should
1905: be compressed."
1906: ::= { ipSecGlobalStats 17 }
1907:
1908: ipSecGlobalOutOctWraps OBJECT-TYPE
1909: SYNTAX Counter32
1910: UNITS "Integral units"
1911: MAX-ACCESS read-only
1912: STATUS current
1913: DESCRIPTION
1914: "The number of times the global octets sent counter
1915: (ipSecGlobalOutOctets) has wrapped."
1916: ::= { ipSecGlobalStats 18 }
1917:
1918: ipSecGlobalOutUncompOctets OBJECT-TYPE
1919: SYNTAX Counter32
1920: UNITS "Octets"
1921: MAX-ACCESS read-only
1922: STATUS current
1923: DESCRIPTION
1924: "The total number of uncompressed octets sent
1925: by all current and previous IPsec Phase-2 Tunnels.
1926: This value is accumulated BEFORE the packet is
1927: compressed. If compression is not being used, this
1928: value will match the value of ipSecGlobalOutOctets.
1929: See also ipSecGlobalOutDecompOctWraps for the number
1930: of times this counter has wrapped."
1931: ::= { ipSecGlobalStats 19 }
1932:
1933: ipSecGlobalHcOutUncompOctets OBJECT-TYPE
1934: SYNTAX Counter64
1935: UNITS "Octets"
1936: MAX-ACCESS read-only
1937: STATUS current
1938: DESCRIPTION
1939: "A high capacity count of the total number of
1940: uncompressed octets sent by all current and previous
1941: IPsec Phase-2 Tunnels. This value is accumulated
1942: BEFORE the packet is compressed. If compression is
1943: not being used, this value will match the
1944: value of ipSecGlobalHcOutOctets."
1945: ::= { ipSecGlobalStats 20 }
1946:
1947: ipSecGlobalOutUncompOctWraps OBJECT-TYPE
1948: SYNTAX Counter32
1949: UNITS "Integral units"
1950: MAX-ACCESS read-only
1951: STATUS current
1952: DESCRIPTION
1953: "The number of times the global uncompressed
1954: octets sent counter (ipSecGlobalOutUncompOctets)
1955: has wrapped."
1956: ::= { ipSecGlobalStats 21 }
1957:
1958: ipSecGlobalOutPkts OBJECT-TYPE
1959: SYNTAX Counter32
1960: UNITS "Packets"
1961: MAX-ACCESS read-only
1962: STATUS current
1963: DESCRIPTION
1964: "The total number of packets sent by all
1965: current and previous
1966: IPsec Phase-2 Tunnels."
1967: ::= { ipSecGlobalStats 22 }
1968:
1969: ipSecGlobalOutDrops OBJECT-TYPE
1970: SYNTAX Counter32
1971: UNITS "Packets"
1972: MAX-ACCESS read-only
1973: STATUS current
1974: DESCRIPTION
1975: "The total number of packets dropped during send
1976: processing by all current and previous IPsec
1977: Phase-2 Tunnels."
1978: ::= { ipSecGlobalStats 23 }
1979:
1980: ipSecGlobalOutAuths OBJECT-TYPE
1981: SYNTAX Counter32
1982: UNITS "Events"
1983: MAX-ACCESS read-only
1984: STATUS current
1985: DESCRIPTION
1986: "The total number of outbound authentication's
1987: performed by all current and previous IPsec
1988: Phase-2 Tunnels."
1989: ::= { ipSecGlobalStats 24 }
1990:
1991: ipSecGlobalOutAuthFails OBJECT-TYPE
1992: SYNTAX Counter32
1993: UNITS "Failures"
1994: MAX-ACCESS read-only
1995: STATUS current
1996: DESCRIPTION
1997: "The total number of outbound authentication's
1998: which ended in failure
1999: by all current and previous IPsec Phase-2 Tunnels."
2000: ::= { ipSecGlobalStats 25 }
2001:
2002: ipSecGlobalOutEncrypts OBJECT-TYPE
2003: SYNTAX Counter32
2004: UNITS "Packets"
2005: MAX-ACCESS read-only
2006: STATUS current
2007: DESCRIPTION
2008: "The total number of outbound encryption's performed
2009: by all current and previous IPsec Phase-2 Tunnels."
2010: ::= { ipSecGlobalStats 26 }
2011:
2012: ipSecGlobalOutEncryptFails OBJECT-TYPE
2013: SYNTAX Counter32
2014: UNITS "Failures"
2015: MAX-ACCESS read-only
2016: STATUS current
2017: DESCRIPTION
2018: "The total number of outbound encryption's
2019: which ended in failure by all current and
2020: previous IPsec Phase-2 Tunnels."
2021: ::= { ipSecGlobalStats 27 }
2022:
2023: ipSecGlobalOutCompressedPkts OBJECT-TYPE
2024: SYNTAX Counter32
2025: UNITS "Packets"
2026: MAX-ACCESS read-only
2027: STATUS current
2028: DESCRIPTION
2029: "The cumulative number of outbound packets across all
2030: IPsec flows terminating at this device which were
2031: successfully compressed.
2032: This number is cumulative since the last system start."
2033: ::= { ipSecGlobalStats 28 }
2034:
2035: ipSecGlobalOutCompSkippedPkts OBJECT-TYPE
2036: SYNTAX Counter32
2037: UNITS "Packets"
2038: MAX-ACCESS read-only
2039: STATUS current
2040: DESCRIPTION
2041: "The total number of outbound packets across all IPsec
2042: flows terminating at this devices that were to be compressed
2043: but which were skipped due to the compression hysteresis.
2044: This number is cumulative since the last system start."
2045: ::= { ipSecGlobalStats 29 }
2046:
2047: ipSecGlobalOutCompFailPkts OBJECT-TYPE
2048: SYNTAX Counter32
2049: UNITS "Packets"
2050: MAX-ACCESS read-only
2051: STATUS current
2052: DESCRIPTION
2053: "The total number of outbound packets across all IPsec
2054: flows terminating at this device that failed compression
2055: because they grew in size after compression.
2056: This number is cumulative since the last system start."
2057: ::= { ipSecGlobalStats 30 }
2058:
2059: ipSecGlobalOutCompTooSmallPkts OBJECT-TYPE
2060: SYNTAX Counter32
2061: UNITS "Packets"
2062: MAX-ACCESS read-only
2063: STATUS current
2064: DESCRIPTION
2065: "The total number of outbound packets across all IPsec
2066: flows terminating at this device that were to be compressed
2067: but were smaller than the compression threshold size.
2068: This number is cumulative since the last system start."
2069: ::= { ipSecGlobalStats 31 }
2070:
2071: ipSecGlobalProtocolUseFails OBJECT-TYPE
2072: SYNTAX Counter32
2073: UNITS "Failures"
2074: MAX-ACCESS read-only
2075: STATUS current
2076: DESCRIPTION
2077: "The total number of protocol use failures
2078: which occurred during processing of all current
2079: and previously active IPsec Phase-2 Tunnels."
2080: ::= { ipSecGlobalStats 32 }
2081:
2082: ipSecGlobalNoSaFails OBJECT-TYPE
2083: SYNTAX Counter32
2084: UNITS "Failures"
2085: MAX-ACCESS read-only
2086: STATUS current
2087: DESCRIPTION
2088: "The total number of non-existent Security Assocication
2089: in failures which occurred during processing of all
2090: current and previous IPsec Phase-2 Tunnels."
2091: ::= { ipSecGlobalStats 33 }
2092:
2093: ipSecGlobalSysCapFails OBJECT-TYPE
2094: SYNTAX Counter32
2095: UNITS "Failures"
2096: MAX-ACCESS read-only
2097: STATUS current
2098: DESCRIPTION
2099: "The total number of system capacity failures
2100: which occurred during processing of all current
2101: and previously active IPsec Phase-2 Tunnels."
2102: ::= { ipSecGlobalStats 34 }
2103:
2104: ipSecGlobalHcPreviousTunnels OBJECT-TYPE
2105: SYNTAX Counter64
2106: UNITS "Integral units"
2107: MAX-ACCESS read-only
2108: STATUS current
2109: DESCRIPTION
2110: "A high capacity count of the total number of
2111: previously active IPsec Phase-2 Tunnels."
2112: ::= { ipSecGlobalStats 35 }
2113:
2114: ipSecGlobalPreviousTunnelsWraps OBJECT-TYPE
2115: SYNTAX Counter32
2116: UNITS "Integral units"
2117: MAX-ACCESS read-only
2118: STATUS current
2119: DESCRIPTION
2120: "The number of times the quantit
2121: `ipSecGlobalPreviousTunnels' (previously active IPse
2122: Phase-2 tunnels) has wrapped."
2123: ::= { ipSecGlobalStats 36 }
2124:
2125:
2126: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
2127: -- The IPsec Phase-2 Tunnel Table
2128: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
2129: ipSecTunnelTable OBJECT-TYPE
2130: SYNTAX SEQUENCE OF IpSecTunnelEntry
2131: MAX-ACCESS not-accessible
2132: STATUS current
2133: DESCRIPTION
2134: "The IPsec Phase-2 Tunnel Table.
2135: There is one entry in this table for
2136: each active IPsec Phase-2 Tunnel."
2137: ::= { ipSecPhaseTwo 2 }
2138:
2139: ipSecTunnelEntry OBJECT-TYPE
2140: SYNTAX IpSecTunnelEntry
2141: MAX-ACCESS not-accessible
2142: STATUS current
2143: DESCRIPTION
2144: "Each entry contains the attributes
2145: associated with an active IPsec Phase-2 Tunnel."
2146:
2147: INDEX { ipSecTunIndex }
2148: ::= { ipSecTunnelTable 1 }
2149:
2150: IpSecTunnelEntry ::= SEQUENCE {
2151: ipSecTunIndex Integer32,
2152: ipSecTunIkeTunnelIndex Integer32,
2153: ipSecTunIkeTunnelAlive TruthValue,
2154: ipSecTunLocalAddr IPSIpAddress,
2155: ipSecTunRemoteAddr IPSIpAddress,
2156: ipSecTunKeyType KeyType,
2157: ipSecTunEncapMode EncapMode,
2158: ipSecTunLifeSize Integer32,
2159: ipSecTunLifeTime Integer32,
2160: ipSecTunActiveTime TimeInterval,
2161: ipSecTunSaLifeSizeThreshold Integer32,
2162: ipSecTunSaLifeTimeThreshold Integer32,
2163: ipSecTunTotalRefreshes Counter32,
2164: ipSecTunExpiredSaInstances Counter32,
2165: ipSecTunCurrentSaInstances Gauge32,
2166: ipSecTunInSaDiffHellmanGrp DiffHellmanGrp,
2167: ipSecTunInSaEncryptAlgo EncryptAlgo,
2168: ipSecTunInSaAhAuthAlgo AuthAlgo,
2169: ipSecTunInSaEspAuthAlgo AuthAlgo,
2170: ipSecTunInSaDecompAlgo CompAlgo,
2171: ipSecTunOutSaDiffHellmanGrp DiffHellmanGrp,
2172: ipSecTunOutSaEncryptAlgo EncryptAlgo,
2173: ipSecTunOutSaAhAuthAlgo AuthAlgo,
2174: ipSecTunOutSaEspAuthAlgo AuthAlgo,
2175: ipSecTunOutSaCompAlgo CompAlgo,
2176: ipSecTunPmtu Integer32,
2177: ipSecTunInOctets Counter32,
2178: ipSecTunHcInOctets Counter64,
2179: ipSecTunInOctWraps Counter32,
2180: ipSecTunInDecompOctets Counter32,
2181: ipSecTunHcInDecompOctets Counter64,
2182: ipSecTunInDecompOctWraps Counter32,
2183: ipSecTunInPkts Counter32,
2184: ipSecTunInDropPkts Counter32,
2185: ipSecTunInReplayDropPkts Counter32,
2186: ipSecTunInAuths Counter32,
2187: ipSecTunInAuthFails Counter32,
2188: ipSecTunInDecrypts Counter32,
2189: ipSecTunInDecryptFails Counter32,
2190: ipSecTunOutOctets Counter32,
2191: ipSecTunHcOutOctets Counter64,
2192: ipSecTunOutOctWraps Counter32,
2193: ipSecTunOutUncompOctets Counter32,
2194: ipSecTunHcOutUncompOctets Counter64,
2195: ipSecTunOutUncompOctWraps Counter32,
2196: ipSecTunOutPkts Counter32,
2197: ipSecTunOutDropPkts Counter32,
2198: ipSecTunOutAuths Counter32,
2199: ipSecTunOutAuthFails Counter32,
2200: ipSecTunOutEncrypts Counter32,
2201: ipSecTunOutEncryptFails Counter32,
2202: ipSecTunOutCompressedPkts Counter32,
2203: ipSecTunOutCompSkippedPkts Counter32,
2204: ipSecTunOutCompFailPkts Counter32,
2205: ipSecTunOutCompTooSmallPkts Counter32,
2206: ipSecTunStatus TunnelStatus,
2207: ipSecTunControlProtocol ControlProtocol,
2208: ipSecTunControlTunnelIndex Integer32,
2209: ipSecTunControlTunnelAlive TruthValue,
2210: ipSecTunInSaEncryptKeySize Integer32,
2211: ipSecTunOutSaEncryptKeySize Integer32
2212: }
2213:
2214: ipSecTunIndex OBJECT-TYPE
2215: SYNTAX Integer32 (1..2147483647)
2216: MAX-ACCESS not-accessible
2217: STATUS current
2218: DESCRIPTION
2219: "The index of the IPsec Phase-2 Tunnel Table.
2220: The value of the index is a number which begins
2221: at one and is incremented with each tunnel that
2222: is created. The value of this object will wrap
2223: at 2,147,483,647."
2224: ::= { ipSecTunnelEntry 1 }
2225:
2226: ipSecTunIkeTunnelIndex OBJECT-TYPE
2227: SYNTAX Integer32 (1..2147483647)
2228: MAX-ACCESS read-only
2229: STATUS deprecated
2230: DESCRIPTION
2231: "The index of the associated IPsec Phase-1
2232: IKE Tunnel.
2233: (ikeTunIndex in the ikeTunnelTable)"
2234: ::= { ipSecTunnelEntry 2 }
2235:
2236: ipSecTunIkeTunnelAlive OBJECT-TYPE
2237: SYNTAX TruthValue
2238: MAX-ACCESS read-only
2239: STATUS deprecated
2240: DESCRIPTION
2241: "An indicator which specifies whether or not the
2242: IPsec Phase-1 IKE Tunnel currently exists. This object
2243: has been deprecated in favour of more generic pointers
2244: to the control tunnel (ipSecTunControlTunnelIndex)."
2245: ::= { ipSecTunnelEntry 3 }
2246:
2247: ipSecTunLocalAddr OBJECT-TYPE
2248: SYNTAX IPSIpAddress
2249: MAX-ACCESS read-only
2250: STATUS current
2251: DESCRIPTION
2252: "The IP address of the local endpoint for the IPsec
2253: Phase-2 Tunnel."
2254: ::= { ipSecTunnelEntry 4 }
2255:
2256: ipSecTunRemoteAddr OBJECT-TYPE
2257: SYNTAX IPSIpAddress
2258: MAX-ACCESS read-only
2259: STATUS current
2260: DESCRIPTION
2261: "The IP address of the remote endpoint for the IPsec
2262: Phase-2 Tunnel."
2263: ::= { ipSecTunnelEntry 5 }
2264:
2265: ipSecTunKeyType OBJECT-TYPE
2266: SYNTAX KeyType
2267: MAX-ACCESS read-only
2268: STATUS deprecated
2269: DESCRIPTION
2270: "The type of key used by the IPsec Phase-2 Tunnel. This
2271: object has been deprecated in favour o
2272: ipSecTunControlProtocol."
2273: ::= { ipSecTunnelEntry 6 }
2274:
2275: ipSecTunEncapMode OBJECT-TYPE
2276: SYNTAX EncapMode
2277: MAX-ACCESS read-only
2278: STATUS current
2279: DESCRIPTION
2280: "The encapsulation mode used by the
2281: IPsec Phase-2 Tunnel."
2282: ::= { ipSecTunnelEntry 7 }
2283:
2284: ipSecTunLifeSize OBJECT-TYPE
2285: SYNTAX Integer32 (1..2147483647)
2286: UNITS "KBytes"
2287: MAX-ACCESS read-only
2288: STATUS current
2289: DESCRIPTION
2290: "The negotiated LifeSize of the
2291: IPsec Phase-2 Tunnel in kilobytes."
2292: ::= { ipSecTunnelEntry 8 }
2293:
2294: ipSecTunLifeTime OBJECT-TYPE
2295: SYNTAX Integer32 (0..2147483647)
2296: UNITS "Seconds"
2297: MAX-ACCESS read-only
2298: STATUS current
2299: DESCRIPTION
2300: "The negotiated LifeTime of the IPsec Phase-
2301: Tunnel in seconds.
2302:
2303: If the tunnel was setup manually, the value of this
2304: MIB element should be 0."
2305: ::= { ipSecTunnelEntry 9 }
2306:
2307: ipSecTunActiveTime OBJECT-TYPE
2308: SYNTAX TimeInterval
2309: MAX-ACCESS read-only
2310: STATUS current
2311: DESCRIPTION
2312: "The length of time the IPsec Phase-2
2313: Tunnel has been
2314: active in hundredths of seconds."
2315: ::= { ipSecTunnelEntry 10 }
2316:
2317: ipSecTunSaLifeSizeThreshold OBJECT-TYPE
2318: SYNTAX Integer32 (0..2147483647)
2319: UNITS "KBytes"
2320: MAX-ACCESS read-only
2321: STATUS current
2322: DESCRIPTION
2323: "The security association LifeSize refresh
2324: threshold in kilobytes.
2325:
2326: If the tunnel was setup manually, the value of this
2327: MIB element should be 0."
2328: ::= { ipSecTunnelEntry 11 }
2329:
2330: ipSecTunSaLifeTimeThreshold OBJECT-TYPE
2331: SYNTAX Integer32 (0..2147483647)
2332: UNITS "Seconds"
2333: MAX-ACCESS read-only
2334: STATUS current
2335: DESCRIPTION
2336: "The security association LifeTime refresh
2337: threshold in seconds.
2338:
2339: If the tunnel was setup manually, the value of this
2340: MIB element should be 0."
2341: ::= { ipSecTunnelEntry 12 }
2342:
2343: ipSecTunTotalRefreshes OBJECT-TYPE
2344: SYNTAX Counter32
2345: UNITS "QM Exchanges"
2346: MAX-ACCESS read-only
2347: STATUS current
2348: DESCRIPTION
2349: "The total number of security
2350: association refreshes performed."
2351: ::= { ipSecTunnelEntry 13 }
2352:
2353: ipSecTunExpiredSaInstances OBJECT-TYPE
2354: SYNTAX Counter32
2355: UNITS "SAs"
2356: MAX-ACCESS read-only
2357: STATUS current
2358: DESCRIPTION
2359: "The total number of security associations
2360: which have expired.
2361:
2362: If the tunnel was setup manually, the value of this
2363: MIB element should be 0."
2364: ::= { ipSecTunnelEntry 14 }
2365:
2366: ipSecTunCurrentSaInstances OBJECT-TYPE
2367: SYNTAX Gauge32
2368: MAX-ACCESS read-only
2369: STATUS current
2370: DESCRIPTION
2371: "The number of security associations
2372: which are currently active or expiring."
2373: ::= { ipSecTunnelEntry 15 }
2374:
2375: ipSecTunInSaDiffHellmanGrp OBJECT-TYPE
2376: SYNTAX DiffHellmanGrp
2377: MAX-ACCESS read-only
2378: STATUS current
2379: DESCRIPTION
2380: "The Diffie Hellman Group used
2381: by the inbound security association of the
2382: IPsec Phase-2 Tunnel.
2383:
2384: If the tunnel was setup manually, the value of this
2385: MIB element would be `none'."
2386: ::= { ipSecTunnelEntry 16 }
2387:
2388: ipSecTunInSaEncryptAlgo OBJECT-TYPE
2389: SYNTAX EncryptAlgo
2390: MAX-ACCESS read-only
2391: STATUS current
2392: DESCRIPTION
2393: "The encryption algorithm used by the inbound security
2394: association of the IPsec Phase-2 Tunnel."
2395: ::= { ipSecTunnelEntry 17 }
2396:
2397: ipSecTunInSaAhAuthAlgo OBJECT-TYPE
2398: SYNTAX AuthAlgo
2399: MAX-ACCESS read-only
2400: STATUS current
2401: DESCRIPTION
2402: "The authentication algorithm used by the inbound
2403: authentication header (AH) security association of
2404: the IPsec Phase-2 Tunnel."
2405: ::= { ipSecTunnelEntry 18 }
2406:
2407: ipSecTunInSaEspAuthAlgo OBJECT-TYPE
2408: SYNTAX AuthAlgo
2409: MAX-ACCESS read-only
2410: STATUS current
2411: DESCRIPTION
2412: "The authentication algorithm used by the inbound
2413: ecapsulation security protocol (ESP) security
2414: association of the IPsec Phase-2 Tunnel."
2415: ::= { ipSecTunnelEntry 19 }
2416:
2417: ipSecTunInSaDecompAlgo OBJECT-TYPE
2418: SYNTAX CompAlgo
2419: MAX-ACCESS read-only
2420: STATUS current
2421: DESCRIPTION
2422: "The decompression algorithm used by the inbound
2423: security association of the IPsec Phase-2 Tunnel."
2424: ::= { ipSecTunnelEntry 20 }
2425:
2426: ipSecTunOutSaDiffHellmanGrp OBJECT-TYPE
2427: SYNTAX DiffHellmanGrp
2428: MAX-ACCESS read-only
2429: STATUS current
2430: DESCRIPTION
2431: "The Diffie Hellman Group used by the outbound security
2432: association of the IPsec Phase-2 Tunnel.
2433:
2434: If the tunnel was setup manually, the value of this
2435: MIB element would be 'none'."
2436: ::= { ipSecTunnelEntry 21 }
2437:
2438: ipSecTunOutSaEncryptAlgo OBJECT-TYPE
2439: SYNTAX EncryptAlgo
2440: MAX-ACCESS read-only
2441: STATUS current
2442: DESCRIPTION
2443: "The encryption algorithm used by the outbound security
2444: association of the IPsec Phase-2 Tunnel."
2445: ::= { ipSecTunnelEntry 22 }
2446:
2447: ipSecTunOutSaAhAuthAlgo OBJECT-TYPE
2448: SYNTAX AuthAlgo
2449: MAX-ACCESS read-only
2450: STATUS current
2451: DESCRIPTION
2452: "The authentication algorithm used by the outbound
2453: authentication header (AH) security association of
2454: the IPsec Phase-2 Tunnel."
2455: ::= { ipSecTunnelEntry 23 }
2456:
2457: ipSecTunOutSaEspAuthAlgo OBJECT-TYPE
2458: SYNTAX AuthAlgo
2459: MAX-ACCESS read-only
2460: STATUS current
2461: DESCRIPTION
2462: "The authentication algorithm used by the inbound
2463: encapsulation security protocol (ESP)
2464: security association of the IPsec Phase-2 Tunnel."
2465: ::= { ipSecTunnelEntry 24 }
2466:
2467: ipSecTunOutSaCompAlgo OBJECT-TYPE
2468: SYNTAX CompAlgo
2469: MAX-ACCESS read-only
2470: STATUS current
2471: DESCRIPTION
2472: "The compression algorithm used by the inbound
2473: security association of the IPsec Phase-2 Tunnel."
2474: ::= { ipSecTunnelEntry 25 }
2475:
2476: ipSecTunPmtu OBJECT-TYPE
2477: SYNTAX Integer32 (68..1500)
2478: UNITS "Octets"
2479: MAX-ACCESS read-only
2480: STATUS current
2481: DESCRIPTION
2482: "The Path MTU for this IPsec Phase-2 tunnel, which ha
2483: been either learnt from the network or which has been
2484: specified by the administrator. The lower end of the
2485: range is 68 which is the minimum MTU for IPv4."
2486: ::= { ipSecTunnelEntry 26 }
2487:
2488: ipSecTunInOctets OBJECT-TYPE
2489: SYNTAX Counter32
2490: UNITS "Octets"
2491: MAX-ACCESS read-only
2492: STATUS current
2493: DESCRIPTION
2494: "The total number of octets received by this IPsec
2495: Phase-2 Tunnel. This value is accumulated
2496: BEFORE determining whether or not the packet should be
2497: decompressed. See also ipSecTunInOctWraps for the
2498: number of times this counter has wrapped."
2499: ::= { ipSecTunnelEntry 27 }
2500:
2501: ipSecTunHcInOctets OBJECT-TYPE
2502: SYNTAX Counter64
2503: UNITS "Octets"
2504: MAX-ACCESS read-only
2505: STATUS current
2506: DESCRIPTION
2507: "A high capacity count of the total number of octets
2508: received by this IPsec Phase-2 Tunnel. This value is
2509: accumulated BEFORE determining whether or not the packet
2510: should be decompressed."
2511: ::= { ipSecTunnelEntry 28 }
2512:
2513: ipSecTunInOctWraps OBJECT-TYPE
2514: SYNTAX Counter32
2515: UNITS "Integral units"
2516: MAX-ACCESS read-only
2517: STATUS current
2518: DESCRIPTION
2519: "The number of times the octets received counter
2520: (ipSecTunInOctets) has wrapped."
2521: ::= { ipSecTunnelEntry 29 }
2522:
2523: ipSecTunInDecompOctets OBJECT-TYPE
2524: SYNTAX Counter32
2525: UNITS "Octets"
2526: MAX-ACCESS read-only
2527: STATUS current
2528: DESCRIPTION
2529: "The total number of decompressed octets received
2530: by this IPsec Phase-2 Tunnel. This value is
2531: accumulated AFTER the packet is decompressed.
2532: If compression is not being
2533: used, this value will match the value of
2534: ipSecTunInOctets. See also ipSecTunInDecompOctWraps
2535: for the number of times
2536: this counter has wrapped."
2537: ::= { ipSecTunnelEntry 30 }
2538:
2539: ipSecTunHcInDecompOctets OBJECT-TYPE
2540: SYNTAX Counter64
2541: MAX-ACCESS read-only
2542: STATUS current
2543: DESCRIPTION
2544: "A high capacity count of the total number of decompressed
2545: octets received by this IPsec Phase-2 Tunnel. This value
2546: is accumulated AFTER the packet is decompressed. If
2547: compression is not being used, this value will match the
2548: value of ipSecTunHcInOctets."
2549: ::= { ipSecTunnelEntry 31 }
2550:
2551: ipSecTunInDecompOctWraps OBJECT-TYPE
2552: SYNTAX Counter32
2553: UNITS "Integral units"
2554: MAX-ACCESS read-only
2555: STATUS current
2556: DESCRIPTION
2557: "The number of times the decompressed
2558: octets received counter
2559: (ipSecTunInDecompOctets) has wrapped."
2560: ::= { ipSecTunnelEntry 32 }
2561:
2562: ipSecTunInPkts OBJECT-TYPE
2563: SYNTAX Counter32
2564: UNITS "Packets"
2565: MAX-ACCESS read-only
2566: STATUS current
2567: DESCRIPTION
2568: "The total number of packets received
2569: by this IPsec Phase-2 Tunnel."
2570: ::= { ipSecTunnelEntry 33 }
2571:
2572: ipSecTunInDropPkts OBJECT-TYPE
2573: SYNTAX Counter32
2574: UNITS "Packets"
2575: MAX-ACCESS read-only
2576: STATUS current
2577: DESCRIPTION
2578: "The total number of packets dropped
2579: during receive processing by this IPsec Phase-2
2580: Tunnel. This count does NOT include
2581: packets dropped due to Anti-Replay processing."
2582: ::= { ipSecTunnelEntry 34 }
2583:
2584: ipSecTunInReplayDropPkts OBJECT-TYPE
2585: SYNTAX Counter32
2586: UNITS "Packets"
2587: MAX-ACCESS read-only
2588: STATUS current
2589: DESCRIPTION
2590: "The total number of packets dropped during
2591: receive processing due to Anti-Replay processing
2592: by this IPsec Phase-2 Tunnel."
2593: ::= { ipSecTunnelEntry 35 }
2594:
2595: ipSecTunInAuths OBJECT-TYPE
2596: SYNTAX Counter32
2597: UNITS "Events"
2598: MAX-ACCESS read-only
2599: STATUS current
2600: DESCRIPTION
2601: "The total number of inbound
2602: authentication's performed by this
2603: IPsec Phase-2 Tunnel."
2604: ::= { ipSecTunnelEntry 36 }
2605:
2606: ipSecTunInAuthFails OBJECT-TYPE
2607: SYNTAX Counter32
2608: UNITS "Failures"
2609: MAX-ACCESS read-only
2610: STATUS current
2611: DESCRIPTION
2612: "The total number of inbound authentication's
2613: which ended in
2614: failure by this IPsec Phase-2 Tunnel ."
2615: ::= { ipSecTunnelEntry 37 }
2616:
2617: ipSecTunInDecrypts OBJECT-TYPE
2618: SYNTAX Counter32
2619: UNITS "Packets"
2620: MAX-ACCESS read-only
2621: STATUS current
2622: DESCRIPTION
2623: "The total number of inbound decryption's performed
2624: by this IPsec Phase-2 Tunnel."
2625: ::= { ipSecTunnelEntry 38 }
2626:
2627: ipSecTunInDecryptFails OBJECT-TYPE
2628: SYNTAX Counter32
2629: UNITS "Failures"
2630: MAX-ACCESS read-only
2631: STATUS current
2632: DESCRIPTION
2633: "The total number of inbound decryption's
2634: which ended in failure
2635: by this IPsec Phase-2 Tunnel."
2636: ::= { ipSecTunnelEntry 39 }
2637:
2638: ipSecTunOutOctets OBJECT-TYPE
2639: SYNTAX Counter32
2640: UNITS "Octets"
2641: MAX-ACCESS read-only
2642: STATUS current
2643: DESCRIPTION
2644: "The total number of octets sent by this IPsec
2645: Phase-2 Tunnel. This value is accumulated
2646: AFTER determining whether or not the packet should
2647: be compressed. See also ipSecTunOutOctWraps for
2648: the number of times this counter has wrapped."
2649: ::= { ipSecTunnelEntry 40 }
2650:
2651: ipSecTunHcOutOctets OBJECT-TYPE
2652: SYNTAX Counter64
2653: MAX-ACCESS read-only
2654: STATUS current
2655: DESCRIPTION
2656: "A high capacity count of the total number of octets
2657: sent by this IPsec Phase-2 Tunnel. This value is
2658: accumulated AFTER determining whether or not the
2659: packet
2660: should be compressed."
2661: ::= { ipSecTunnelEntry 41 }
2662:
2663: ipSecTunOutOctWraps OBJECT-TYPE
2664: SYNTAX Counter32
2665: UNITS "Integral units"
2666: MAX-ACCESS read-only
2667: STATUS current
2668: DESCRIPTION
2669: "The number of times the out octets counter
2670: (ipSecTunOutOctets) has wrapped."
2671: ::= { ipSecTunnelEntry 42 }
2672:
2673: ipSecTunOutUncompOctets OBJECT-TYPE
2674: SYNTAX Counter32
2675: UNITS "Octets"
2676: MAX-ACCESS read-only
2677: STATUS current
2678: DESCRIPTION
2679: "The total number of uncompressed octets sent
2680: by this IPsec Phase-2 Tunnel. This value
2681: is accumulated BEFORE the packet is compressed.
2682: If compression is not being used, this value
2683: will match the value of ipSecTunOutOctets.
2684: See also ipSecTunOutDecompOctWraps for the
2685: number of times this counter has wrapped."
2686: ::= { ipSecTunnelEntry 43 }
2687:
2688: ipSecTunHcOutUncompOctets OBJECT-TYPE
2689: SYNTAX Counter64
2690: MAX-ACCESS read-only
2691: STATUS current
2692: DESCRIPTION
2693: "A high capacity count of the total number
2694: of uncompressed octets sent by this IPsec
2695: Phase-2 Tunnel. This value is accumulated BEFORE
2696: the packet is compressed. If compression
2697: is not being used, this value will match the value
2698: of ipSecTunHcOutOctets."
2699: ::= { ipSecTunnelEntry 44 }
2700:
2701: ipSecTunOutUncompOctWraps OBJECT-TYPE
2702: SYNTAX Counter32
2703: UNITS "Integral units"
2704: MAX-ACCESS read-only
2705: STATUS current
2706: DESCRIPTION
2707: "The number of times the uncompressed octets sent
2708: counter (ipSecTunOutUncompOctets) has wrapped."
2709: ::= { ipSecTunnelEntry 45 }
2710:
2711: ipSecTunOutPkts OBJECT-TYPE
2712: SYNTAX Counter32
2713: UNITS "Packets"
2714: MAX-ACCESS read-only
2715: STATUS current
2716: DESCRIPTION
2717: "The total number of packets sent by this
2718: IPsec Phase-2 Tunnel."
2719: ::= { ipSecTunnelEntry 46 }
2720:
2721: ipSecTunOutDropPkts OBJECT-TYPE
2722: SYNTAX Counter32
2723: UNITS "Packets"
2724: MAX-ACCESS read-only
2725: STATUS current
2726: DESCRIPTION
2727: "The total number of packets dropped during
2728: send processing by this IPsec Phase-2 Tunnel."
2729: ::= { ipSecTunnelEntry 47 }
2730:
2731: ipSecTunOutAuths OBJECT-TYPE
2732: SYNTAX Counter32
2733: UNITS "Events"
2734: MAX-ACCESS read-only
2735: STATUS current
2736: DESCRIPTION
2737: "The total number of outbound authentication's performed
2738: by this IPsec Phase-2 Tunnel."
2739: ::= { ipSecTunnelEntry 48 }
2740:
2741: ipSecTunOutAuthFails OBJECT-TYPE
2742: SYNTAX Counter32
2743: UNITS "Failures"
2744: MAX-ACCESS read-only
2745: STATUS current
2746: DESCRIPTION
2747: "The total number of outbound
2748: authentication's which ended in failure
2749: by this IPsec Phase-2 Tunnel."
2750: ::= { ipSecTunnelEntry 49 }
2751:
2752: ipSecTunOutEncrypts OBJECT-TYPE
2753: SYNTAX Counter32
2754: UNITS "Packets"
2755: MAX-ACCESS read-only
2756: STATUS current
2757: DESCRIPTION
2758: "The total number of outbound encryption's performed
2759: by this IPsec Phase-2 Tunnel."
2760: ::= { ipSecTunnelEntry 50 }
2761:
2762: ipSecTunOutEncryptFails OBJECT-TYPE
2763: SYNTAX Counter32
2764: UNITS "Failures"
2765: MAX-ACCESS read-only
2766: STATUS current
2767: DESCRIPTION
2768: "The total number of outbound encryption's
2769: which ended in failure by this IPsec Phase-2 Tunnel."
2770: ::= { ipSecTunnelEntry 51 }
2771:
2772: ipSecTunOutCompressedPkts OBJECT-TYPE
2773: SYNTAX Counter32
2774: UNITS "Packets"
2775: MAX-ACCESS read-only
2776: STATUS current
2777: DESCRIPTION
2778: "The total number of outbound packets
2779: which were successfully compressed."
2780: ::= { ipSecTunnelEntry 52 }
2781:
2782: ipSecTunOutCompSkippedPkts OBJECT-TYPE
2783: SYNTAX Counter32
2784: UNITS "Packets"
2785: MAX-ACCESS read-only
2786: STATUS current
2787: DESCRIPTION
2788: "The total number of outbound packets that were to be
2789: compressed but which were skipped due to the compression
2790: hysteresis."
2791: ::= { ipSecTunnelEntry 53 }
2792:
2793: ipSecTunOutCompFailPkts OBJECT-TYPE
2794: SYNTAX Counter32
2795: UNITS "Packets"
2796: MAX-ACCESS read-only
2797: STATUS current
2798: DESCRIPTION
2799: "The total number of outbound packets that failed
2800: compression because they grew in size after compression."
2801: ::= { ipSecTunnelEntry 54 }
2802:
2803: ipSecTunOutCompTooSmallPkts OBJECT-TYPE
2804: SYNTAX Counter32
2805: UNITS "Packets"
2806: MAX-ACCESS read-only
2807: STATUS current
2808: DESCRIPTION
2809: "The total number of outbound packets that were to be
2810: compressed but were smaller than the compression threshold
2811: size."
2812: ::= { ipSecTunnelEntry 55 }
2813:
2814: ipSecTunStatus OBJECT-TYPE
2815: SYNTAX TunnelStatus
2816: MAX-ACCESS read-write
2817: STATUS current
2818: DESCRIPTION
2819: "The status of the MIB table row.
2820:
2821: This object can be used to bring the tunnel down
2822: by setting value of this object to destroy(2).
2823: When the value is set to destroy(2), the SA
2824: bundle is destroyed and this row is deleted
2825: from this table.
2826:
2827: When this MIB value is queried, the value of
2828: active(1) is always returned, if the instance
2829: exists.
2830:
2831: This object cannot be used to create a MIB
2832: table row."
2833: ::= { ipSecTunnelEntry 56 }
2834:
2835: ipSecTunControlProtocol OBJECT-TYPE
2836: SYNTAX ControlProtocol
2837: MAX-ACCESS read-only
2838: STATUS current
2839: DESCRIPTION
2840: "Identifies the protocol used to setup and administer this
2841: Phase-2 Ipsec tunnel. If IKE was used to setup this tunnel,
2842: then this value of this column would be `cp_ike'. A value of
2843: cp_none is indicative of a manually installed and administered
2844: Phase-2 tunnel."
2845: ::= { ipSecTunnelEntry 57 }
2846:
2847: ipSecTunControlTunnelIndex OBJECT-TYPE
2848: SYNTAX Integer32 (0..2147483647)
2849: MAX-ACCESS read-only
2850: STATUS current
2851: DESCRIPTION
2852: "The index of the associated IPsec Phase-1
2853: Tunnel (in case of IKE, this value would refer t
2854: ikeTunIndex in the ikeTunnelTable).
2855:
2856: A value of 0 identifies that this Phase-2 tunne
2857: was setup manually."
2858: ::= { ipSecTunnelEntry 58 }
2859:
2860: ipSecTunControlTunnelAlive OBJECT-TYPE
2861: SYNTAX TruthValue
2862: MAX-ACCESS read-only
2863: STATUS current
2864: DESCRIPTION
2865: "An indicator which specifies whether or not the
2866: IPsec Phase-1 Tunnel that spawned this Phase-2
2867: tunnel currently exists."
2868: ::= { ipSecTunnelEntry 59 }
2869:
2870: ipSecTunInSaEncryptKeySize OBJECT-TYPE
2871: SYNTAX Integer32
2872: UNITS "Bits"
2873: MAX-ACCESS read-only
2874: STATUS current
2875: DESCRIPTION
2876: "The key size in bits of the negotiated key to be
2877: used with the algorithm denoted by ipSecTunInSaEncryptAlgo.
2878: For DES and 3DES the key size is respectively 56 and
2879: 168. For AES, this will denote the negotiated key size."
2880: ::= { ipSecTunnelEntry 60 }
2881:
2882: ipSecTunOutSaEncryptKeySize OBJECT-TYPE
2883: SYNTAX Integer32
2884: UNITS "Bits"
2885: MAX-ACCESS read-only
2886: STATUS current
2887: DESCRIPTION
2888: "The key size in bits of the negotiated key to be
2889: used with the algorithm denoted by ipSecTunOutSaEncryptAlgo.
2890: For DES and 3DES the key size is respectively 56 and
2891: 168. For AES, this will denote the negotiated key size."
2892: ::= { ipSecTunnelEntry 61 }
2893:
2894:
2895: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
2896: -- The IPsec Phase-2 Tunnel Endpoint Table
2897: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
2898: ipSecEndPtTable OBJECT-TYPE
2899: SYNTAX SEQUENCE OF IpSecEndPtEntry
2900: MAX-ACCESS not-accessible
2901: STATUS current
2902: DESCRIPTION
2903: "The IPsec Phase-2 Tunnel Endpoint Table.
2904: This table contains an entry for each
2905: active endpoint associated with an IPsec
2906: Phase-2 Tunnel."
2907: ::= { ipSecPhaseTwo 3 }
2908:
2909: ipSecEndPtEntry OBJECT-TYPE
2910: SYNTAX IpSecEndPtEntry
2911: MAX-ACCESS not-accessible
2912: STATUS current
2913: DESCRIPTION
2914: "An IPsec Phase-2 Tunnel Endpoint entry."
2915: INDEX { ipSecTunIndex, -- from ipSecTunnelTable
2916: ipSecEndPtIndex }
2917: ::= { ipSecEndPtTable 1 }
2918:
2919: IpSecEndPtEntry ::= SEQUENCE {
2920: ipSecEndPtIndex Integer32,
2921: ipSecEndPtLocalName DisplayString,
2922: ipSecEndPtLocalType EndPtType,
2923: ipSecEndPtLocalAddr1 IPSIpAddress,
2924: ipSecEndPtLocalAddr2 IPSIpAddress,
2925: ipSecEndPtLocalProtocol Integer32,
2926: ipSecEndPtLocalPort Integer32,
2927: ipSecEndPtRemoteName DisplayString,
2928: ipSecEndPtRemoteType EndPtType,
2929: ipSecEndPtRemoteAddr1 IPSIpAddress,
2930: ipSecEndPtRemoteAddr2 IPSIpAddress,
2931: ipSecEndPtRemoteProtocol Integer32,
2932: ipSecEndPtRemotePort Integer32
2933: }
2934:
2935: ipSecEndPtIndex OBJECT-TYPE
2936: SYNTAX Integer32 (1..2147483647)
2937: MAX-ACCESS not-accessible
2938: STATUS current
2939: DESCRIPTION
2940: "The number of the Endpoint associated with the
2941: IPsec Phase-2 Tunnel Table. The value of this
2942: index is a number which begins at one and
2943: is incremented with each Endpoint associated
2944: with an IPsec Phase-2 Tunnel.
2945: The value of this object will wrap at 2,147,483,647."
2946: ::= { ipSecEndPtEntry 1 }
2947:
2948: ipSecEndPtLocalName OBJECT-TYPE
2949: SYNTAX DisplayString
2950: MAX-ACCESS read-only
2951: STATUS current
2952: DESCRIPTION
2953: "The DNS name of the local Endpoint."
2954: ::= { ipSecEndPtEntry 2 }
2955:
2956: ipSecEndPtLocalType OBJECT-TYPE
2957: SYNTAX EndPtType
2958: MAX-ACCESS read-only
2959: STATUS current
2960: DESCRIPTION
2961: "The type of identity for the local Endpoint.
2962: Possible values are:
2963: 1) a single IP address, or
2964: 2) an IP address range, or
2965: 3) an IP subnet."
2966: ::= { ipSecEndPtEntry 3 }
2967:
2968: ipSecEndPtLocalAddr1 OBJECT-TYPE
2969: SYNTAX IPSIpAddress
2970: MAX-ACCESS read-only
2971: STATUS current
2972: DESCRIPTION
2973: "The local Endpoint's first IP address specification.
2974:
2975: If the local Endpoint type is single IP address,
2976: then this is the value of the IP address.
2977:
2978: If the local Endpoint type is IP subnet, then this
2979: is the value of the subnet.
2980:
2981: If the local Endpoint type is IP address range,
2982: then this is the value of beginning IP address
2983: of the range."
2984: ::= { ipSecEndPtEntry 4 }
2985:
2986: ipSecEndPtLocalAddr2 OBJECT-TYPE
2987: SYNTAX IPSIpAddress
2988: MAX-ACCESS read-only
2989: STATUS current
2990: DESCRIPTION
2991: "The local Endpoint's second IP address specification.
2992: If the local Endpoint type is single IP address,
2993: then this is the value of the IP address.
2994:
2995: If the local Endpoint type is IP subnet, then this
2996: is the value of the subnet mask.
2997:
2998: If the local Endpoint type is IP address range,
2999: then this is the value of ending IP address
3000: of the range."
3001: ::= { ipSecEndPtEntry 5 }
3002:
3003: ipSecEndPtLocalProtocol OBJECT-TYPE
3004: SYNTAX Integer32 (0..255)
3005: MAX-ACCESS read-only
3006: STATUS current
3007: DESCRIPTION
3008: "The protocol number of the local Endpoint's traffic."
3009: ::= { ipSecEndPtEntry 6 }
3010:
3011: ipSecEndPtLocalPort OBJECT-TYPE
3012: SYNTAX Integer32 (0..65535)
3013: MAX-ACCESS read-only
3014: STATUS current
3015: DESCRIPTION
3016: "The port number of the local Endpoint's traffic."
3017: ::= { ipSecEndPtEntry 7 }
3018:
3019: ipSecEndPtRemoteName OBJECT-TYPE
3020: SYNTAX DisplayString
3021: MAX-ACCESS read-only
3022: STATUS current
3023: DESCRIPTION
3024: "The DNS name of the remote Endpoint."
3025: ::= { ipSecEndPtEntry 8 }
3026:
3027: ipSecEndPtRemoteType OBJECT-TYPE
3028: SYNTAX EndPtType
3029: MAX-ACCESS read-only
3030: STATUS current
3031: DESCRIPTION
3032: "The type of identity for the remote Endpoint.
3033: Possible values are:
3034: 1) a single IP address, or
3035: 2) an IP address range, or
3036: 3) an IP subnet."
3037: ::= { ipSecEndPtEntry 9 }
3038:
3039: ipSecEndPtRemoteAddr1 OBJECT-TYPE
3040: SYNTAX IPSIpAddress
3041: MAX-ACCESS read-only
3042: STATUS current
3043: DESCRIPTION
3044: "The remote Endpoint's first IP address specification.
3045:
3046: If the remote Endpoint type is single IP address,
3047: then this is the value of the IP address.
3048:
3049: If the remote Endpoint type is IP subnet, then this
3050: is the value of the subnet.
3051:
3052: If the remote Endpoint type is IP address range,
3053: then this is the value of beginning IP address
3054: of the range."
3055: ::= { ipSecEndPtEntry 10 }
3056:
3057: ipSecEndPtRemoteAddr2 OBJECT-TYPE
3058: SYNTAX IPSIpAddress
3059: MAX-ACCESS read-only
3060: STATUS current
3061: DESCRIPTION
3062: "The remote Endpoint's second IP address specification.
3063:
3064: If the remote Endpoint type is single IP address,
3065: then this is the value of the IP address.
3066:
3067: If the remote Endpoint type is IP subnet, then this
3068: is the value of the subnet mask.
3069:
3070: If the remote Endpoint type is IP address range,
3071: then this is the value of ending IP address of
3072: the range."
3073: ::= { ipSecEndPtEntry 11 }
3074:
3075: ipSecEndPtRemoteProtocol OBJECT-TYPE
3076: SYNTAX Integer32 (0..255)
3077: MAX-ACCESS read-only
3078: STATUS current
3079: DESCRIPTION
3080: "The protocol number of the remote Endpoint's traffic."
3081: ::= { ipSecEndPtEntry 12 }
3082:
3083: ipSecEndPtRemotePort OBJECT-TYPE
3084: SYNTAX Integer32 (0..65535)
3085: MAX-ACCESS read-only
3086: STATUS current
3087: DESCRIPTION
3088: "The port number of the remote Endpoint's traffic."
3089: ::= { ipSecEndPtEntry 13 }
3090:
3091: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3092: -- The IPsec Phase-2 Security Protection Index Table (deprecated)
3093: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3094:
3095: -- The tunnel SA decomposition table: This table has been deprecaterd
3096: -- and has been replaced ipSecSaTable. New IPsec devices will not
3097: -- support this table. Older products will continue to support
3098: -- this table for some time in order to be backwards compatible with
3099: -- existing network management applications.
3100:
3101: ipSecSpiTable OBJECT-TYPE
3102: SYNTAX SEQUENCE OF IpSecSpiEntry
3103: MAX-ACCESS not-accessible
3104: STATUS deprecated
3105: DESCRIPTION
3106: "The IPsec Phase-2 Security Protection Index Table.
3107: This table contains an entry for each active
3108: and expiring security
3109: association."
3110: ::= { ipSecPhaseTwo 4 }
3111:
3112: ipSecSpiEntry OBJECT-TYPE
3113: SYNTAX IpSecSpiEntry
3114: MAX-ACCESS not-accessible
3115: STATUS deprecated
3116: DESCRIPTION
3117: "Each entry contains the attributes associated with
3118: active and expiring IPsec Phase-2
3119: security associations."
3120: INDEX { ipSecTunIndex, -- from ipSecTunnelTable
3121: ipSecSpiIndex }
3122: ::= { ipSecSpiTable 1 }
3123:
3124: IpSecSpiEntry ::= SEQUENCE {
3125: ipSecSpiIndex Integer32,
3126: ipSecSpiDirection INTEGER,
3127: ipSecSpiValue Spi,
3128: ipSecSpiProtocol INTEGER,
3129: ipSecSpiStatus INTEGER
3130: }
3131:
3132: ipSecSpiIndex OBJECT-TYPE
3133: SYNTAX Integer32 (1..2147483647)
3134: MAX-ACCESS not-accessible
3135: STATUS deprecated
3136: DESCRIPTION
3137: "The number of the SPI associated with the
3138: Phase-2 Tunnel Table. The value of this
3139: index is a number which begins at one and is
3140: incremented with each SPI associated with an
3141: IPsec Phase-2 Tunnel. The value of this
3142: object will wrap at 2,147,483,647."
3143: ::= { ipSecSpiEntry 1 }
3144:
3145: ipSecSpiDirection OBJECT-TYPE
3146: SYNTAX INTEGER{
3147: in(1),
3148: out(2)
3149: }
3150: MAX-ACCESS read-only
3151: STATUS deprecated
3152: DESCRIPTION
3153: "The direction of the SPI."
3154: ::= { ipSecSpiEntry 2 }
3155:
3156: ipSecSpiValue OBJECT-TYPE
3157: SYNTAX Spi
3158: MAX-ACCESS read-only
3159: STATUS deprecated
3160: DESCRIPTION
3161: "The value of the SPI."
3162: ::= { ipSecSpiEntry 3 }
3163:
3164: ipSecSpiProtocol OBJECT-TYPE
3165: SYNTAX INTEGER{
3166: ah(1),
3167: esp(2),
3168: ipcomp(3)
3169: }
3170: MAX-ACCESS read-only
3171: STATUS deprecated
3172: DESCRIPTION
3173: "The protocol of the SPI."
3174: ::= { ipSecSpiEntry 4 }
3175:
3176: ipSecSpiStatus OBJECT-TYPE
3177: SYNTAX INTEGER{
3178: active(1),
3179: expiring(2)
3180:
3181: }
3182: MAX-ACCESS read-only
3183: STATUS deprecated
3184: DESCRIPTION
3185: "The status of the SPI."
3186: ::= { ipSecSpiEntry 5 }
3187:
3188: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3189: -- The IPsec New Group metrics
3190: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3191: ipSecGlobalNewGrpStats OBJECT IDENTIFIER
3192: ::= { ipSecPhaseTwo 5 }
3193:
3194: ipSecGlobalInNewGrpReqs OBJECT-TYPE
3195: SYNTAX Counter32
3196: UNITS "Negotiations"
3197: MAX-ACCESS read-only
3198: STATUS current
3199: DESCRIPTION
3200: "The total number of New Group exchanges initiated
3201: remotely."
3202: ::= { ipSecGlobalNewGrpStats 1 }
3203:
3204: ipSecGlobalOutNewGrpReqs OBJECT-TYPE
3205: SYNTAX Counter32
3206: UNITS "Negotiations"
3207: MAX-ACCESS read-only
3208: STATUS current
3209: DESCRIPTION
3210: "The total number of New Group exchanges initiated
3211: locally."
3212: ::= { ipSecGlobalNewGrpStats 2 }
3213:
3214: ipSecGlobalInNewGrpReqsRejected OBJECT-TYPE
3215: SYNTAX Counter32
3216: UNITS "Negotiations"
3217: MAX-ACCESS read-only
3218: STATUS current
3219: DESCRIPTION
3220: "The total number of New Group exchanges initiated
3221: remotely that ended in a failure."
3222: ::= { ipSecGlobalNewGrpStats 3 }
3223:
3224: ipSecGlobalOutNewGrpReqsRejected OBJECT-TYPE
3225: SYNTAX Counter32
3226: UNITS "Negotiations"
3227: MAX-ACCESS read-only
3228: STATUS current
3229: DESCRIPTION
3230: "The total number of New Group exchanges initiated
3231: locally that ended in a failure."
3232: ::= { ipSecGlobalNewGrpStats 4 }
3233:
3234: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3235: -- The IPsec Phase-2 Security Association Table
3236: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3237:
3238: -- The tunnel SA decomposition table: This table replaces the
3239: -- now deprecated ipSecSpiTable.
3240:
3241: ipSecSaTable OBJECT-TYPE
3242: SYNTAX SEQUENCE OF IpSecSaEntry
3243: MAX-ACCESS not-accessible
3244: STATUS current
3245: DESCRIPTION
3246: "The IPsec Phase-2 Security Association Table.
3247: This table identifies the structure (in terms of
3248: component SAs) of each active Phase-2 IPsec tunnel.
3249: This table contains an entry for each active and
3250: expiring security association and maps each entry
3251: in the active Phase-2 tunnel table (ipSecTunTable)
3252: into a number of entries in this table. The index of this
3253: table reflects the
3254:
3255: <destination-address, protocol, spi>
3256:
3257: rule for identifying Security Associations."
3258: ::= { ipSecPhaseTwo 6 }
3259:
3260: ipSecSaEntry OBJECT-TYPE
3261: SYNTAX IpSecSaEntry
3262: MAX-ACCESS not-accessible
3263: STATUS current
3264: DESCRIPTION
3265: "Each entry contains the attributes associated with
3266: active and expiring IPsec Phase-2
3267: security associations."
3268: INDEX { ipSecTunIndex, -- from ipSecTunnelTable
3269: ipSecSaProtocol,
3270: ipSecSaIndex }
3271: ::= { ipSecSaTable 1 }
3272:
3273: IpSecSaEntry ::= SEQUENCE {
3274: ipSecSaIndex Integer32,
3275: ipSecSaDirection INTEGER,
3276: ipSecSaValue Spi,
3277: ipSecSaProtocol INTEGER,
3278: ipSecSaStatus INTEGER
3279: }
3280:
3281: ipSecSaIndex OBJECT-TYPE
3282: SYNTAX Integer32 (1..2147483647)
3283: MAX-ACCESS not-accessible
3284: STATUS current
3285: DESCRIPTION
3286: "The index, in the context of the IPsec tunnel ipSecTunIndex,
3287: of the security association represented by this table entry.
3288: The value of this index is a number which begins at one and
3289: is incremented with each SPI associated with an IPsec Phase-2
3290: Tunnel. The value of this object will wrap at 2,147,483,647."
3291: ::= { ipSecSaEntry 1 }
3292:
3293: ipSecSaDirection OBJECT-TYPE
3294: SYNTAX INTEGER{
3295: in(1),
3296: out(2)
3297: }
3298: MAX-ACCESS read-only
3299: STATUS current
3300: DESCRIPTION
3301: "Phase-2 IPsec security associations are simplex. Hence
3302: a particular security association is used either
3303: for securing outgoing traffic or decoding incoming traffic.
3304: This column identifies the direction of the security
3305: association represented by this entry."
3306: ::= { ipSecSaEntry 2 }
3307:
3308: ipSecSaValue OBJECT-TYPE
3309: SYNTAX Spi
3310: MAX-ACCESS read-only
3311: STATUS current
3312: DESCRIPTION
3313: "This is the value of the Security Protection Index (SPI)
3314: assigned by the system to the security association represented
3315: by this entry."
3316: ::= { ipSecSaEntry 3 }
3317:
3318: ipSecSaProtocol OBJECT-TYPE
3319: SYNTAX INTEGER{
3320: reserved(0),
3321: ah(1),
3322: esp(2),
3323: ipcomp(3)
3324: }
3325: MAX-ACCESS read-only
3326: STATUS current
3327: DESCRIPTION
3328: "This column represents the security protocol (AH, ESP or
3329: IPComp) for which this security association was setup."
3330: ::= { ipSecSaEntry 4 }
3331:
3332: ipSecSaStatus OBJECT-TYPE
3333: SYNTAX INTEGER{
3334: unknown(0),
3335: active(1),
3336: expiring(2)
3337: }
3338: MAX-ACCESS read-only
3339: STATUS current
3340: DESCRIPTION
3341: "This column represents the status of the security association
3342: represented by this tabel entry. If the status of the SA is
3343: 'active', the SA is ready for active use. The status
3344: 'expiring' represents any of the various states that the
3345: security association transitions through before being purged."
3346: ::= { ipSecSaEntry 5 }
3347:
3348:
3349: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3350: -- The IPsec History Group
3351: --
3352: -- This group consists of a:
3353: -- 1) IPsec History Global Objects
3354: -- 2) IPsec Phase-1 History Objects
3355: -- 3) IPsec Phase-2 History Objects
3356: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3357: ipSecHistGlobal OBJECT IDENTIFIER
3358: ::= { ipSecHistory 1 }
3359: ipSecHistPhaseOne OBJECT IDENTIFIER
3360: ::= { ipSecHistory 2 }
3361: ipSecHistPhaseTwo OBJECT IDENTIFIER
3362: ::= { ipSecHistory 3 }
3363:
3364: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3365: -- IPsec History Global Control Objects
3366: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3367: ipSecHistGlobalCntl OBJECT IDENTIFIER
3368: ::= { ipSecHistGlobal 1 }
3369:
3370: ipSecHistTableSize OBJECT-TYPE
3371: SYNTAX Integer32 (1..2147483647)
3372: MAX-ACCESS read-write
3373: STATUS current
3374: DESCRIPTION
3375: "The window size of the IPsec Phase-1 and Phase-2
3376: History Tables.
3377:
3378: The IPsec Phase-1 and Phase-2 History Tables are
3379: implemented as a sliding window in which only the
3380: last n entries are maintained. This object is used
3381: specify the number of entries which will be
3382: maintained in the IPsec Phase-1 and
3383: Phase-2 History Tables.
3384:
3385: An implementation may choose suitable minimum and
3386: maximum values for this element based on the local
3387: policy and available resources. If an SNMP SET request
3388: specifies a value outside this window for this element,
3389: a BAD VALUE may be returned."
3390:
3391: ::= { ipSecHistGlobalCntl 1 }
3392:
3393: ipSecHistCheckPoint OBJECT-TYPE
3394: SYNTAX INTEGER {
3395: ready(1),
3396: checkPoint(2)
3397: }
3398:
3399: MAX-ACCESS read-write
3400: STATUS current
3401: DESCRIPTION
3402: "The current state of check point processing.
3403:
3404: This object will return ready when the agent is
3405: ready to create on-demand history entries for
3406: active IPsec Tunnels or checkPoint when the
3407: agent is currently creating on-demand history
3408: entries for active IPsec Tunnels.
3409:
3410: By setting this value to checkPoint, the agent
3411: will create:
3412: a) an entry in the IPsec Phase-1 Tunnel History
3413: for each active IPsec Phase-1 Tunnel and
3414: b) an entry in the IPsec Phase-2 Tunnel History
3415: Table and an entry in the IPsec Phase-2
3416: Tunnel EndPoint History Table
3417: for each active IPsec Phase-2 Tunnel."
3418: ::= { ipSecHistGlobalCntl 2 }
3419:
3420: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3421: -- The IPsec Phase-1 Tunnel History Table
3422: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3423: ikeTunnelHistTable OBJECT-TYPE
3424: SYNTAX SEQUENCE OF IkeTunnelHistEntry
3425: MAX-ACCESS not-accessible
3426: STATUS current
3427: DESCRIPTION
3428: "The IPsec Phase-1 Internet Key Exchange Tunnel
3429: History Table. This table is implemented as a
3430: sliding window in which only the last n entries
3431: are maintained. The maximum number of entries
3432: is specified by the ipSecHistTableSize object."
3433: ::= { ipSecHistPhaseOne 1 }
3434:
3435: ikeTunnelHistEntry OBJECT-TYPE
3436: SYNTAX IkeTunnelHistEntry
3437: MAX-ACCESS not-accessible
3438: STATUS current
3439: DESCRIPTION
3440: "Each entry contains the attributes
3441: associated with a previously active IPsec
3442: Phase-1 IKE Tunnel."
3443: INDEX { ikeTunHistIndex }
3444: ::= { ikeTunnelHistTable 1}
3445:
3446: IkeTunnelHistEntry ::= SEQUENCE {
3447: ikeTunHistIndex Integer32,
3448: ikeTunHistTermReason INTEGER,
3449: ikeTunHistActiveIndex Integer32,
3450: ikeTunHistPeerLocalType Phase1PeerIdentityType,
3451: ikeTunHistPeerLocalValue DisplayString,
3452: ikeTunHistPeerIntIndex Integer32,
3453: ikeTunHistPeerRemoteType Phase1PeerIdentityType,
3454: ikeTunHistPeerRemoteValue DisplayString,
3455: ikeTunHistLocalAddr IPSIpAddress,
3456: ikeTunHistLocalName DisplayString,
3457: ikeTunHistRemoteAddr IPSIpAddress,
3458: ikeTunHistRemoteName DisplayString,
3459: ikeTunHistNegoMode IkeNegoMode,
3460: ikeTunHistDiffHellmanGrp DiffHellmanGrp,
3461: ikeTunHistEncryptAlgo EncryptAlgo,
3462: ikeTunHistHashAlgo IkeHashAlgo,
3463: ikeTunHistAuthMethod IkeAuthMethod,
3464: ikeTunHistLifeTime Integer32,
3465: ikeTunHistStartTime TimeStamp,
3466: ikeTunHistActiveTime TimeInterval,
3467: ikeTunHistTotalRefreshes Counter32,
3468: ikeTunHistTotalSas Counter32,
3469: ikeTunHistInOctets Counter32,
3470: ikeTunHistInPkts Counter32,
3471: ikeTunHistInDropPkts Counter32,
3472: ikeTunHistInNotifys Counter32,
3473: ikeTunHistInP2Exchgs Counter32,
3474: ikeTunHistInP2ExchgInvalids Counter32,
3475: ikeTunHistInP2ExchgRejects Counter32,
3476: ikeTunHistInP2SaDelRequests Counter32,
3477: ikeTunHistOutOctets Counter32,
3478: ikeTunHistOutPkts Counter32,
3479: ikeTunHistOutDropPkts Counter32,
3480: ikeTunHistOutNotifys Counter32,
3481: ikeTunHistOutP2Exchgs Counter32,
3482: ikeTunHistOutP2ExchgInvalids Counter32,
3483: ikeTunHistOutP2ExchgRejects Counter32,
3484: ikeTunHistOutP2SaDelRequests Counter32,
3485: ikeTunHistInNewGrpReqs Counter32,
3486: ikeTunHistOutNewGrpReqs Counter32,
3487: ikeTunHistInNewGrpReqsRejected Counter32,
3488: ikeTunHistOutNewGrpReqsRejected Counter32,
3489: ikeTunHistInConfigs Counter32,
3490: ikeTunHistOutConfigs Counter32,
3491: ikeTunHistInConfigsRejects Counter32,
3492: ikeTunHistOutConfigsRejects Counter32,
3493: ikeTunHistEncryptKeySize Integer32
3494: }
3495:
3496: ikeTunHistIndex OBJECT-TYPE
3497: SYNTAX Integer32 (1..2147483647)
3498: MAX-ACCESS not-accessible
3499: STATUS current
3500: DESCRIPTION
3501: "The index of the IPsec Phase-1 IKE Tunnel History
3502: Table. The value of the index is a number which
3503: begins at one and is incremented with each
3504: tunnel that ends. The value of this object
3505: will wrap at 2,147,483,647."
3506: ::= { ikeTunnelHistEntry 1 }
3507:
3508: ikeTunHistTermReason OBJECT-TYPE
3509: SYNTAX INTEGER {
3510: other(1),
3511: normal(2),
3512: operRequest(3),
3513: peerDelRequest(4),
3514: peerLost(5),
3515: applicationInitiated(6),
3516: xauthFailure(7),
3517: localFailure(8),
3518: checkPointReg(9)
3519: }
3520: MAX-ACCESS read-only
3521: STATUS current
3522: DESCRIPTION
3523: "The reason the IPsec Phase-1 IKE Tunnel was terminated.
3524: Possible reasons include:
3525: 1 = other
3526: 2 = normal termination
3527: 3 = operator request
3528: 4 = peer delete request was received
3529: 5 = contact with peer was lost
3530: 6 = applicationInitiated (eg: L2TP requesting the termination)
3531: 7 = failure of extended authentication
3532: 8 = local failure occurred.
3533: 9 = operator initiated check point request"
3534: ::= { ikeTunnelHistEntry 2 }
3535:
3536: ikeTunHistActiveIndex OBJECT-TYPE
3537: SYNTAX Integer32 (1..2147483647)
3538: MAX-ACCESS read-only
3539: STATUS current
3540: DESCRIPTION
3541: "The index of the previously active IPsec
3542: Phase-1 IKE Tunnel."
3543: ::= { ikeTunnelHistEntry 3 }
3544:
3545: ikeTunHistPeerLocalType OBJECT-TYPE
3546: SYNTAX Phase1PeerIdentityType
3547: MAX-ACCESS read-only
3548: STATUS current
3549: DESCRIPTION
3550: "The type of local peer identity. The local peer
3551: may be indentified by:
3552: 1. an IP address, or
3553: 2. or a fully qualified domain name.
3554: 3. or a distinguished name."
3555: ::= { ikeTunnelHistEntry 4 }
3556:
3557: ikeTunHistPeerLocalValue OBJECT-TYPE
3558: SYNTAX DisplayString
3559: MAX-ACCESS read-only
3560: STATUS current
3561: DESCRIPTION
3562: "The value of the local peer identity.
3563:
3564: If the local peer type is an IP Address, then this
3565: is the IP Address used to identify the local peer.
3566:
3567: If the local peer type is id_fqdn, then this is
3568: the FQDN of the local entity.
3569:
3570: If the local peer type is a id_dn, then this is
3571: the distinguished named string of the local entity."
3572: ::= { ikeTunnelHistEntry 5 }
3573:
3574: ikeTunHistPeerIntIndex OBJECT-TYPE
3575: SYNTAX Integer32 (1..2147483647)
3576: MAX-ACCESS read-only
3577: STATUS current
3578: DESCRIPTION
3579: "The internal index of the local-remote peer
3580: association. This internal index is used to
3581: uniquely identify multiple associations between
3582: the local and remote peer."
3583: ::= { ikeTunnelHistEntry 6 }
3584:
3585: ikeTunHistPeerRemoteType OBJECT-TYPE
3586: SYNTAX Phase1PeerIdentityType
3587: MAX-ACCESS read-only
3588: STATUS current
3589: DESCRIPTION
3590: "The type of remote peer identity. The remote
3591: peer may be indentified by:
3592: 1. an IP address, or
3593: 2. or a fully qualified domain name.
3594: 3. or a distinguished name."
3595: ::= { ikeTunnelHistEntry 7 }
3596:
3597: ikeTunHistPeerRemoteValue OBJECT-TYPE
3598: SYNTAX DisplayString
3599: MAX-ACCESS read-only
3600: STATUS current
3601: DESCRIPTION
3602: "The value of the remote peer identity.
3603: If the remote peer type is an IP Address, then this
3604: is the IP Address used to identify the remote peer.
3605:
3606: If the remote peer type is id_fqdn, then this is
3607: the FQDN of the remote peer.
3608:
3609: If the remote peer type is a id_dn, then this is
3610: the distinguished named string of the remote peer."
3611: ::= { ikeTunnelHistEntry 8 }
3612:
3613: ikeTunHistLocalAddr OBJECT-TYPE
3614: SYNTAX IPSIpAddress
3615: MAX-ACCESS read-only
3616: STATUS current
3617: DESCRIPTION
3618: "The IP address of the local endpoint for the IPsec
3619: Phase-1 IKE Tunnel."
3620: ::= { ikeTunnelHistEntry 9 }
3621:
3622: ikeTunHistLocalName OBJECT-TYPE
3623: SYNTAX DisplayString
3624: MAX-ACCESS read-only
3625: STATUS current
3626: DESCRIPTION
3627: "The DNS name of the local IP address for
3628: the IPsec Phase-1 IKE Tunnel. If the DNS
3629: name associated with the local tunnel endpoint
3630: is not known, then the value of this
3631: object will be a NULL string."
3632: ::= { ikeTunnelHistEntry 10 }
3633:
3634: ikeTunHistRemoteAddr OBJECT-TYPE
3635: SYNTAX IPSIpAddress
3636: MAX-ACCESS read-only
3637: STATUS current
3638: DESCRIPTION
3639: "The IP address of the remote endpoint for the IPsec
3640: Phase-1 IKE Tunnel."
3641: ::= { ikeTunnelHistEntry 11 }
3642:
3643: ikeTunHistRemoteName OBJECT-TYPE
3644: SYNTAX DisplayString
3645: MAX-ACCESS read-only
3646: STATUS current
3647: DESCRIPTION
3648: "The DNS name of the remote IP address of IPsec Phase-1
3649: IKE Tunnel. If the DNS name associated with the remote
3650: tunnel endpoint is not known, then the value of this
3651: object will be a NULL string."
3652: ::= { ikeTunnelHistEntry 12 }
3653:
3654: ikeTunHistNegoMode OBJECT-TYPE
3655: SYNTAX IkeNegoMode
3656: MAX-ACCESS read-only
3657: STATUS current
3658: DESCRIPTION
3659: "The negotiation mode of the IPsec Phase-1 IKE Tunnel."
3660: ::= { ikeTunnelHistEntry 13 }
3661:
3662: ikeTunHistDiffHellmanGrp OBJECT-TYPE
3663: SYNTAX DiffHellmanGrp
3664: MAX-ACCESS read-only
3665: STATUS current
3666: DESCRIPTION
3667: "The Diffie Hellman Group used in IPsec Phase-1 IKE
3668: negotiations."
3669: ::= { ikeTunnelHistEntry 14 }
3670:
3671: ikeTunHistEncryptAlgo OBJECT-TYPE
3672: SYNTAX EncryptAlgo
3673: MAX-ACCESS read-only
3674: STATUS current
3675: DESCRIPTION
3676: "The encryption algorithm used in IPsec Phase-1 IKE
3677: negotiations."
3678: ::= { ikeTunnelHistEntry 15 }
3679:
3680: ikeTunHistHashAlgo OBJECT-TYPE
3681: SYNTAX IkeHashAlgo
3682: MAX-ACCESS read-only
3683: STATUS current
3684: DESCRIPTION
3685: "The hash algorithm used in IPsec Phase-1 IKE
3686: negotiations."
3687: ::= { ikeTunnelHistEntry 16 }
3688:
3689: ikeTunHistAuthMethod OBJECT-TYPE
3690: SYNTAX IkeAuthMethod
3691: MAX-ACCESS read-only
3692: STATUS current
3693: DESCRIPTION
3694: "The authentication method used in IPsec Phase-1 IKE
3695: negotiations."
3696: ::= { ikeTunnelHistEntry 17 }
3697:
3698: ikeTunHistLifeTime OBJECT-TYPE
3699: SYNTAX Integer32 (1..2147483647)
3700: MAX-ACCESS read-only
3701: STATUS current
3702: DESCRIPTION
3703: "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
3704: in seconds."
3705: ::= { ikeTunnelHistEntry 18 }
3706:
3707: ikeTunHistStartTime OBJECT-TYPE
3708: SYNTAX TimeStamp
3709: MAX-ACCESS read-only
3710: STATUS current
3711: DESCRIPTION
3712: "The value of sysUpTime in hundredths of seconds
3713: when the IPsec Phase-1 IKE tunnel was started."
3714: ::= { ikeTunnelHistEntry 19 }
3715:
3716: ikeTunHistActiveTime OBJECT-TYPE
3717: SYNTAX TimeInterval
3718: MAX-ACCESS read-only
3719: STATUS current
3720: DESCRIPTION
3721: "The length of time the IPsec Phase-1 IKE tunnel was been
3722: active in hundredths of seconds."
3723: ::= { ikeTunnelHistEntry 20 }
3724:
3725: ikeTunHistTotalRefreshes OBJECT-TYPE
3726: SYNTAX Counter32
3727: UNITS "QM Exchanges"
3728: MAX-ACCESS read-only
3729: STATUS current
3730: DESCRIPTION
3731: "The total number of security associations
3732: refreshes performed."
3733: ::= { ikeTunnelHistEntry 21 }
3734:
3735: ikeTunHistTotalSas OBJECT-TYPE
3736: SYNTAX Counter32
3737: UNITS "SAs"
3738: MAX-ACCESS read-only
3739: STATUS current
3740: DESCRIPTION
3741: "The total number of security associations
3742: used during the
3743: life of the IPsec Phase-1 IKE Tunnel."
3744: ::= { ikeTunnelHistEntry 22 }
3745:
3746: ikeTunHistInOctets OBJECT-TYPE
3747: SYNTAX Counter32
3748: UNITS "Octets"
3749: MAX-ACCESS read-only
3750: STATUS current
3751: DESCRIPTION
3752: "The total number of octets received by this
3753: IPsec Phase-1 IKE Tunnel."
3754: ::= { ikeTunnelHistEntry 23 }
3755:
3756: ikeTunHistInPkts OBJECT-TYPE
3757: SYNTAX Counter32
3758: UNITS "Packets"
3759: MAX-ACCESS read-only
3760: STATUS current
3761: DESCRIPTION
3762: "The total number of packets received
3763: by this IPsec Phase-1
3764: IKE Tunnel."
3765: ::= { ikeTunnelHistEntry 24 }
3766:
3767: ikeTunHistInDropPkts OBJECT-TYPE
3768: SYNTAX Counter32
3769: UNITS "Packets"
3770: MAX-ACCESS read-only
3771: STATUS current
3772: DESCRIPTION
3773: "The total number of packets dropped
3774: by this IPsec Phase-1
3775: IKE Tunnel during receive processing."
3776: ::= { ikeTunnelHistEntry 25 }
3777:
3778: ikeTunHistInNotifys OBJECT-TYPE
3779: SYNTAX Counter32
3780: UNITS "Notification Payloads"
3781: MAX-ACCESS read-only
3782: STATUS current
3783: DESCRIPTION
3784: "The total number of notifys received
3785: by this IPsec Phase-1
3786: IKE Tunnel."
3787: ::= { ikeTunnelHistEntry 26 }
3788:
3789: ikeTunHistInP2Exchgs OBJECT-TYPE
3790: SYNTAX Counter32
3791: UNITS "SA Payloads"
3792: MAX-ACCESS read-only
3793: STATUS current
3794: DESCRIPTION
3795: "The total number of IPsec Phase-2
3796: exchanges received by
3797: this IPsec Phase-1 IKE Tunnel."
3798: ::= { ikeTunnelHistEntry 27 }
3799:
3800: ikeTunHistInP2ExchgInvalids OBJECT-TYPE
3801: SYNTAX Counter32
3802: UNITS "SA Payloads"
3803: MAX-ACCESS read-only
3804: STATUS current
3805: DESCRIPTION
3806: "The total number of IPsec Phase-2 exchanges
3807: received on this tunnel that were found to
3808: contain references to unrecognized security
3809: parameters."
3810: ::= { ikeTunnelHistEntry 28 }
3811:
3812: ikeTunHistInP2ExchgRejects OBJECT-TYPE
3813: SYNTAX Counter32
3814: UNITS "SA Payloads"
3815: MAX-ACCESS read-only
3816: STATUS current
3817: DESCRIPTION
3818: "The total number of IPsec Phase-2 exchanges
3819: received on this tunnel that were validated but were
3820: rejected by the local policy."
3821: ::= { ikeTunnelHistEntry 29 }
3822:
3823: ikeTunHistInP2SaDelRequests OBJECT-TYPE
3824: SYNTAX Counter32
3825: UNITS "Notification Payloads"
3826: MAX-ACCESS read-only
3827: STATUS current
3828: DESCRIPTION
3829: "The total number of IPsec Phase-2 security association
3830: delete requests received by this IPsec
3831: Phase-1 IKE Tunnel."
3832: ::= { ikeTunnelHistEntry 30 }
3833:
3834: ikeTunHistOutOctets OBJECT-TYPE
3835: SYNTAX Counter32
3836: UNITS "Octets"
3837: MAX-ACCESS read-only
3838: STATUS current
3839: DESCRIPTION
3840: "The total number of octets sent by this IPsec Phase-1
3841: IKE Tunnel."
3842: ::= { ikeTunnelHistEntry 31 }
3843:
3844: ikeTunHistOutPkts OBJECT-TYPE
3845: SYNTAX Counter32
3846: UNITS "Packets"
3847: MAX-ACCESS read-only
3848: STATUS current
3849: DESCRIPTION
3850: "The total number of packets sent by this IPsec Phase-1
3851: IKE Tunnel."
3852: ::= { ikeTunnelHistEntry 32 }
3853:
3854: ikeTunHistOutDropPkts OBJECT-TYPE
3855: SYNTAX Counter32
3856: UNITS "Packets"
3857: MAX-ACCESS read-only
3858: STATUS current
3859: DESCRIPTION
3860: "The total number of packets dropped
3861: by this IPsec Phase-1
3862: IKE Tunnel during send processing."
3863: ::= { ikeTunnelHistEntry 33 }
3864:
3865: ikeTunHistOutNotifys OBJECT-TYPE
3866: SYNTAX Counter32
3867: UNITS "Notification Payloads"
3868: MAX-ACCESS read-only
3869: STATUS current
3870: DESCRIPTION
3871: "The total number of notifys sent by this IPsec Phase-1
3872: IKE Tunnel."
3873: ::= { ikeTunnelHistEntry 34 }
3874:
3875: ikeTunHistOutP2Exchgs OBJECT-TYPE
3876: SYNTAX Counter32
3877: UNITS "SA Payloads"
3878: MAX-ACCESS read-only
3879: STATUS current
3880: DESCRIPTION
3881: "The total number of IPsec Phase-2 exchanges sent by
3882: this IPsec Phase-1 IKE Tunnel."
3883: ::= { ikeTunnelHistEntry 35 }
3884:
3885: ikeTunHistOutP2ExchgInvalids OBJECT-TYPE
3886: SYNTAX Counter32
3887: UNITS "SA Payloads"
3888: MAX-ACCESS read-only
3889: STATUS current
3890: DESCRIPTION
3891: "The total number of IPsec Phase-2 exchanges
3892: sent on this tunnel that were found by the peer
3893: to contain references to security parameters
3894: not recognized by the peer."
3895: ::= { ikeTunnelHistEntry 36 }
3896:
3897: ikeTunHistOutP2ExchgRejects OBJECT-TYPE
3898: SYNTAX Counter32
3899: UNITS "SA Payloads"
3900: MAX-ACCESS read-only
3901: STATUS current
3902: DESCRIPTION
3903: "The total number of IPsec Phase-2 exchanges
3904: sent on this tunnel that were validated by the peer
3905: but were rejected by the peer's policy."
3906: ::= { ikeTunnelHistEntry 37 }
3907:
3908: ikeTunHistOutP2SaDelRequests OBJECT-TYPE
3909: SYNTAX Counter32
3910: UNITS "Notification Payloads"
3911: MAX-ACCESS read-only
3912: STATUS current
3913: DESCRIPTION
3914: "The total number of IPsec Phase-2 security association
3915: delete requests sent by this IPsec Phase-1 IKE Tunnel."
3916: ::= { ikeTunnelHistEntry 38 }
3917:
3918: ikeTunHistInNewGrpReqs OBJECT-TYPE
3919: SYNTAX Counter32
3920: UNITS "Negotiations"
3921: MAX-ACCESS read-only
3922: STATUS current
3923: DESCRIPTION
3924: "The total number of New Group exchanges initiated
3925: remotely using this IKE tunnel during its lifetime."
3926: ::= { ikeTunnelHistEntry 39 }
3927:
3928: ikeTunHistOutNewGrpReqs OBJECT-TYPE
3929: SYNTAX Counter32
3930: UNITS "Negotiations"
3931: MAX-ACCESS read-only
3932: STATUS current
3933: DESCRIPTION
3934: "The total number of New Group exchanges initiated
3935: locally using this IKE tunnel during its lifetime."
3936: ::= { ikeTunnelHistEntry 40 }
3937:
3938: ikeTunHistInNewGrpReqsRejected OBJECT-TYPE
3939: SYNTAX Counter32
3940: UNITS "Negotiations"
3941: MAX-ACCESS read-only
3942: STATUS current
3943: DESCRIPTION
3944: "The total number of New Group exchanges initiated
3945: remotely using this IKE tunnel during its lifetime
3946: that ended in a failure."
3947: ::= { ikeTunnelHistEntry 41 }
3948:
3949: ikeTunHistOutNewGrpReqsRejected OBJECT-TYPE
3950: SYNTAX Counter32
3951: UNITS "Negotiations"
3952: MAX-ACCESS read-only
3953: STATUS current
3954: DESCRIPTION
3955: "The total number of New Group exchanges initiated
3956: locally using this IKE tunnel during its lifetime
3957: that ended in a failure."
3958: ::= { ikeTunnelHistEntry 42 }
3959:
3960: ikeTunHistInConfigs OBJECT-TYPE
3961: SYNTAX Counter32
3962: UNITS "Mode Configuration Setting Payloads"
3963: MAX-ACCESS read-only
3964: STATUS current
3965: DESCRIPTION
3966: "The total number of Mode Configuration settings
3967: received (either CFG_REPLY or CFG_SET payloads)
3968: by the local entity on the ISAKMP SA represented by this
3969: IKE tunnel."
3970: ::= { ikeTunnelHistEntry 43 }
3971:
3972: ikeTunHistOutConfigs OBJECT-TYPE
3973: SYNTAX Counter32
3974: UNITS "Mode Configuration Setting Payloads"
3975: MAX-ACCESS read-only
3976: STATUS current
3977: DESCRIPTION
3978: "The total number of Mode Configuration settings
3979: dispatched (either CFG_REPLY or CFG_SET payloads)
3980: by the local entity on the ISAKMP SA represented by this
3981: IKE tunnel."
3982: ::= { ikeTunnelHistEntry 44 }
3983:
3984: ikeTunHistInConfigsRejects OBJECT-TYPE
3985: SYNTAX Counter32
3986: UNITS "Mode Configuration Setting Payloads"
3987: MAX-ACCESS read-only
3988: STATUS current
3989: DESCRIPTION
3990: "The total number of Mode Configuration settings
3991: which were received (either CFG_REPLY or CFG_SET
3992: payloads) and rejected by this entity using the ISAKMP
3993: SA represented by this IKE tunnel."
3994: ::= { ikeTunnelHistEntry 45 }
3995:
3996: ikeTunHistOutConfigsRejects OBJECT-TYPE
3997: SYNTAX Counter32
3998: UNITS "Mode Configuration Setting Payloads"
3999: MAX-ACCESS read-only
4000: STATUS current
4001: DESCRIPTION
4002: "The total number of Mode Configuration settings
4003: which were dispatched (either CFG_REPLY or CFG_SET
4004: payloads) by this entity and were rejected by the
4005: peer (client) using the ISAKMP SA represented by this
4006: IKE tunnel."
4007: ::= { ikeTunnelHistEntry 46 }
4008:
4009: ikeTunHistEncryptKeySize OBJECT-TYPE
4010: SYNTAX Integer32
4011: UNITS "Bits"
4012: MAX-ACCESS read-only
4013: STATUS current
4014: DESCRIPTION
4015: "The size in bits of the key which was negotiated
4016: for the IKE tunnel to be used with the algorithm denote
4017: by the column 'ikeTunEncryptAlgo'. For DES and 3DES the ke
4018: size is respectively 56 and 168. For AES, this will denot
4019: the negotiated key size."
4020: ::= { ikeTunnelHistEntry 47 }
4021:
4022:
4023: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
4024: -- The IPsec Phase-2 Tunnel History Table
4025: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
4026: ipSecTunnelHistTable OBJECT-TYPE
4027: SYNTAX SEQUENCE OF IpSecTunnelHistEntry
4028: MAX-ACCESS not-accessible
4029: STATUS current
4030: DESCRIPTION
4031: "The IPsec Phase-2 Tunnel History Table.
4032: This table is implemented as a sliding
4033: window in which only the
4034: last n entries are maintained. The maximum number
4035: of entries
4036: is specified by the ipSecHistTableSize object."
4037: ::= { ipSecHistPhaseTwo 1 }
4038:
4039: ipSecTunnelHistEntry OBJECT-TYPE
4040: SYNTAX IpSecTunnelHistEntry
4041: MAX-ACCESS not-accessible
4042: STATUS current
4043: DESCRIPTION
4044: "Each entry contains the attributes associated with
4045: a previously active IPsec Phase-2 Tunnel."
4046: INDEX { ipSecTunHistIndex }
4047: ::= { ipSecTunnelHistTable 1 }
4048:
4049: IpSecTunnelHistEntry ::= SEQUENCE {
4050: ipSecTunHistIndex Integer32,
4051: ipSecTunHistTermReason INTEGER,
4052: ipSecTunHistActiveIndex Integer32,
4053: ipSecTunHistIkeTunnelIndex Integer32,
4054: ipSecTunHistLocalAddr IPSIpAddress,
4055: ipSecTunHistRemoteAddr IPSIpAddress,
4056: ipSecTunHistKeyType KeyType,
4057: ipSecTunHistEncapMode EncapMode,
4058: ipSecTunHistLifeSize Integer32,
4059: ipSecTunHistLifeTime Integer32,
4060: ipSecTunHistStartTime TimeStamp,
4061: ipSecTunHistActiveTime TimeInterval,
4062: ipSecTunHistTotalRefreshes Counter32,
4063: ipSecTunHistTotalSas Counter32,
4064: ipSecTunHistInSaDiffHellmanGrp DiffHellmanGrp,
4065: ipSecTunHistInSaEncryptAlgo EncryptAlgo,
4066: ipSecTunHistInSaAhAuthAlgo AuthAlgo,
4067: ipSecTunHistInSaEspAuthAlgo AuthAlgo,
4068: ipSecTunHistInSaDecompAlgo CompAlgo,
4069: ipSecTunHistOutSaDiffHellmanGrp DiffHellmanGrp,
4070: ipSecTunHistOutSaEncryptAlgo EncryptAlgo,
4071: ipSecTunHistOutSaAhAuthAlgo AuthAlgo,
4072: ipSecTunHistOutSaEspAuthAlgo AuthAlgo,
4073: ipSecTunHistOutSaCompAlgo CompAlgo,
4074: ipSecTunHistPmtu Integer32,
4075: ipSecTunHistInOctets Counter32,
4076: ipSecTunHistHcInOctets Counter64,
4077: ipSecTunHistInOctWraps Counter32,
4078: ipSecTunHistInDecompOctets Counter32,
4079: ipSecTunHistHcInDecompOctets Counter64,
4080: ipSecTunHistInDecompOctWraps Counter32,
4081: ipSecTunHistInPkts Counter32,
4082: ipSecTunHistInReplayDropPkts Counter32,
4083: ipSecTunHistInDropPkts Counter32,
4084: ipSecTunHistInAuths Counter32,
4085: ipSecTunHistInAuthFails Counter32,
4086: ipSecTunHistInDecrypts Counter32,
4087: ipSecTunHistInDecryptFails Counter32,
4088: ipSecTunHistOutOctets Counter32,
4089: ipSecTunHistHcOutOctets Counter64,
4090: ipSecTunHistOutOctWraps Counter32,
4091: ipSecTunHistOutUncompOctets Counter32,
4092: ipSecTunHistHcOutUncompOctets Counter64,
4093: ipSecTunHistOutUncompOctWraps Counter32,
4094: ipSecTunHistOutPkts Counter32,
4095: ipSecTunHistOutDropPkts Counter32,
4096: ipSecTunHistOutAuths Counter32,
4097: ipSecTunHistOutAuthFails Counter32,
4098: ipSecTunHistOutEncrypts Counter32,
4099: ipSecTunHistOutEncryptFails Counter32,
4100: ipSecTunHistOutCompressedPkts Counter32,
4101: ipSecTunHistOutCompSkippedPkts Counter32,
4102: ipSecTunHistOutCompFailPkts Counter32,
4103: ipSecTunHistOutCompTooSmallPkts Counter32,
4104: ipSecTunHistControlProtocol ControlProtocol,
4105: ipSecTunHistControlTunnelIndex Integer32,
4106: ipSecTunHistInSaEncryptKeySize Integer32,
4107: ipSecTunHistOutSaEncryptKeySize Integer32
4108: }
4109:
4110: ipSecTunHistIndex OBJECT-TYPE
4111: SYNTAX Integer32 (1..2147483647)
4112: MAX-ACCESS not-accessible
4113: STATUS current
4114: DESCRIPTION
4115: "The index of the IPsec Phase-2 Tunnel History Table.
4116: The value of the index is a number which
4117: begins at one and is incremented with each tunnel
4118: that ends. The value
4119: of this object will wrap at 2,147,483,647."
4120: ::= { ipSecTunnelHistEntry 1 }
4121:
4122: ipSecTunHistTermReason OBJECT-TYPE
4123: SYNTAX INTEGER {
4124: other(1),
4125: normal(2),
4126: operRequest(3),
4127: peerDelRequest(4),
4128: peerLost(5),
4129: applicationInitiated(6),
4130: xauthFailure(7),
4131: seqNumRollOver(8),
4132: checkPointReq(9)
4133: }
4134: MAX-ACCESS read-only
4135: STATUS current
4136: DESCRIPTION
4137: "The reason the IPsec Phase-2 Tunnel was terminated.
4138: Possible reasons include:
4139: 1 = other
4140: 2 = normal termination
4141: 3 = operator request
4142: 4 = peer delete request was received
4143: 5 = contact with peer was lost
4144: 6 = applicationInitiated (eg: L2TP requesting the termination)
4145: 7 = failure of extended authentication
4146: 8 = local failure occurred
4147: 9 = operator initiated check point request"
4148: ::= { ipSecTunnelHistEntry 2 }
4149:
4150: ipSecTunHistActiveIndex OBJECT-TYPE
4151: SYNTAX Integer32 (1..2147483647)
4152: MAX-ACCESS read-only
4153: STATUS current
4154: DESCRIPTION
4155: "The index of the previously active
4156: IPsec Phase-2 Tunnel."
4157: ::= { ipSecTunnelHistEntry 3 }
4158:
4159: ipSecTunHistIkeTunnelIndex OBJECT-TYPE
4160: SYNTAX Integer32 (1..2147483647)
4161: MAX-ACCESS read-only
4162: STATUS deprecated
4163: DESCRIPTION
4164: "The index of the associated IPsec Phase-1 Tunnel
4165: (ikeTunIndex in the ikeTunnelTable)."
4166: ::= { ipSecTunnelHistEntry 4 }
4167:
4168: ipSecTunHistLocalAddr OBJECT-TYPE
4169: SYNTAX IPSIpAddress
4170: MAX-ACCESS read-only
4171: STATUS current
4172: DESCRIPTION
4173: "The IP address of the local endpoint for the IPsec
4174: Phase-2 Tunnel."
4175: ::= { ipSecTunnelHistEntry 5 }
4176:
4177: ipSecTunHistRemoteAddr OBJECT-TYPE
4178: SYNTAX IPSIpAddress
4179: MAX-ACCESS read-only
4180: STATUS current
4181: DESCRIPTION
4182: "The IP address of the remote endpoint for the IPsec
4183: Phase-2 Tunnel."
4184: ::= { ipSecTunnelHistEntry 6 }
4185:
4186: ipSecTunHistKeyType OBJECT-TYPE
4187: SYNTAX KeyType
4188: MAX-ACCESS read-only
4189: STATUS deprecated
4190: DESCRIPTION
4191: "The type of key used by the IPsec Phase-2 Tunnel."
4192: ::= { ipSecTunnelHistEntry 7 }
4193:
4194: ipSecTunHistEncapMode OBJECT-TYPE
4195: SYNTAX EncapMode
4196: MAX-ACCESS read-only
4197: STATUS current
4198: DESCRIPTION
4199: "The encapsulation mode used by the
4200: IPsec Phase-2 Tunnel."
4201: ::= { ipSecTunnelHistEntry 8 }
4202:
4203: ipSecTunHistLifeSize OBJECT-TYPE
4204: SYNTAX Integer32 (1..2147483647)
4205: UNITS "KBytes"
4206: MAX-ACCESS read-only
4207: STATUS current
4208: DESCRIPTION
4209: "The negotiated LifeSize of the IPsec Phase-2 Tunnel in
4210: kilobytes."
4211: ::= { ipSecTunnelHistEntry 9 }
4212:
4213: ipSecTunHistLifeTime OBJECT-TYPE
4214: SYNTAX Integer32 (1..2147483647)
4215: UNITS "Seconds"
4216: MAX-ACCESS read-only
4217: STATUS current
4218: DESCRIPTION
4219: "The negotiated LifeTime of the IPsec Phase-2 Tunnel in
4220: seconds."
4221: ::= { ipSecTunnelHistEntry 10 }
4222:
4223: ipSecTunHistStartTime OBJECT-TYPE
4224: SYNTAX TimeStamp
4225: MAX-ACCESS read-only
4226: STATUS current
4227: DESCRIPTION
4228: "The value of sysUpTime in hundredths of seconds
4229: when the IPsec Phase-2 Tunnel was started."
4230: ::= { ipSecTunnelHistEntry 11 }
4231:
4232: ipSecTunHistActiveTime OBJECT-TYPE
4233: SYNTAX TimeInterval
4234: MAX-ACCESS read-only
4235: STATUS current
4236: DESCRIPTION
4237: "The length of time the IPsec Phase-2 Tunnel has been
4238: active in hundredths of seconds."
4239: ::= { ipSecTunnelHistEntry 12 }
4240:
4241: ipSecTunHistTotalRefreshes OBJECT-TYPE
4242: SYNTAX Counter32
4243: UNITS "QM Exchanges"
4244: MAX-ACCESS read-only
4245: STATUS current
4246: DESCRIPTION
4247: "The total number of security association refreshes
4248: performed."
4249: ::= { ipSecTunnelHistEntry 13 }
4250:
4251: ipSecTunHistTotalSas OBJECT-TYPE
4252: SYNTAX Counter32
4253: UNITS "SAs"
4254: MAX-ACCESS read-only
4255: STATUS current
4256: DESCRIPTION
4257: "The total number of security associations used
4258: during the
4259: life of the IPsec Phase-2 Tunnel."
4260: ::= { ipSecTunnelHistEntry 14 }
4261:
4262: ipSecTunHistInSaDiffHellmanGrp OBJECT-TYPE
4263: SYNTAX DiffHellmanGrp
4264: MAX-ACCESS read-only
4265: STATUS current
4266: DESCRIPTION
4267: "The Diffie Hellman Group used by the inbound security
4268: association of the IPsec Phase-2 Tunnel."
4269: ::= { ipSecTunnelHistEntry 15 }
4270:
4271: ipSecTunHistInSaEncryptAlgo OBJECT-TYPE
4272: SYNTAX EncryptAlgo
4273: MAX-ACCESS read-only
4274: STATUS current
4275: DESCRIPTION
4276: "The encryption algorithm used by the inbound security
4277: association of the IPsec Phase-2 Tunnel."
4278: ::= { ipSecTunnelHistEntry 16 }
4279:
4280: ipSecTunHistInSaAhAuthAlgo OBJECT-TYPE
4281: SYNTAX AuthAlgo
4282: MAX-ACCESS read-only
4283: STATUS current
4284: DESCRIPTION
4285: "The authentication algorithm used by the inbound
4286: authentication header (AH) security association of
4287: the IPsec Phase-2 Tunnel."
4288: ::= { ipSecTunnelHistEntry 17 }
4289:
4290: ipSecTunHistInSaEspAuthAlgo OBJECT-TYPE
4291: SYNTAX AuthAlgo
4292: MAX-ACCESS read-only
4293: STATUS current
4294: DESCRIPTION
4295: "The authentication algorithm used by the inbound
4296: encapsulation security protocol (ESP)
4297: security association of
4298: the IPsec Phase-2 Tunnel."
4299: ::= { ipSecTunnelHistEntry 18 }
4300:
4301: ipSecTunHistInSaDecompAlgo OBJECT-TYPE
4302: SYNTAX CompAlgo
4303: MAX-ACCESS read-only
4304: STATUS current
4305: DESCRIPTION
4306: "The decompression algorithm used by the inbound
4307: security association of the IPsec Phase-2 Tunnel."
4308: ::= { ipSecTunnelHistEntry 19 }
4309:
4310: ipSecTunHistOutSaDiffHellmanGrp OBJECT-TYPE
4311: SYNTAX DiffHellmanGrp
4312: MAX-ACCESS read-only
4313: STATUS current
4314: DESCRIPTION
4315: "The Diffie Hellman Group used by the outbound security
4316: association of the IPsec Phase-2 Tunnel."
4317: ::= { ipSecTunnelHistEntry 20 }
4318:
4319: ipSecTunHistOutSaEncryptAlgo OBJECT-TYPE
4320: SYNTAX EncryptAlgo
4321: MAX-ACCESS read-only
4322: STATUS current
4323: DESCRIPTION
4324: "The encryption algorithm used by the outbound security
4325: association of the IPsec Phase-2 Tunnel."
4326: ::= { ipSecTunnelHistEntry 21 }
4327:
4328: ipSecTunHistOutSaAhAuthAlgo OBJECT-TYPE
4329: SYNTAX AuthAlgo
4330: MAX-ACCESS read-only
4331: STATUS current
4332: DESCRIPTION
4333: "The authentication algorithm used by the outbound
4334: authentication header (AH) security association of
4335: the IPsec Phase-2 Tunnel."
4336: ::= { ipSecTunnelHistEntry 22 }
4337:
4338: ipSecTunHistOutSaEspAuthAlgo OBJECT-TYPE
4339: SYNTAX AuthAlgo
4340: MAX-ACCESS read-only
4341: STATUS current
4342: DESCRIPTION
4343: "The authentication algorithm used by the inbound
4344: ecapsulation security protocol (ESP)
4345: security association of the IPsec Phase-2 Tunnel."
4346: ::= { ipSecTunnelHistEntry 23 }
4347:
4348: ipSecTunHistOutSaCompAlgo OBJECT-TYPE
4349: SYNTAX CompAlgo
4350: MAX-ACCESS read-only
4351: STATUS current
4352: DESCRIPTION
4353: "The compression algorithm used by the inbound
4354: security association of the IPsec Phase-2 Tunnel."
4355: ::= { ipSecTunnelHistEntry 24 }
4356:
4357: ipSecTunHistPmtu OBJECT-TYPE
4358: SYNTAX Integer32 (21..576)
4359: UNITS "Octets"
4360: MAX-ACCESS read-only
4361: STATUS current
4362: DESCRIPTION
4363: "The Path MTU that was determined for this IPsec
4364: Phase-2 tunnel."
4365: ::= { ipSecTunnelHistEntry 25 }
4366:
4367: ipSecTunHistInOctets OBJECT-TYPE
4368: SYNTAX Counter32
4369: UNITS "Octets"
4370: MAX-ACCESS read-only
4371: STATUS current
4372: DESCRIPTION
4373: "The total number of octets received by this IPsec
4374: Phase-2 Tunnel. This value is accumulated
4375: BEFORE determining whether or not the packet should
4376: be decompressed. See also ipSecTunInOctWraps for
4377: the number of times this counter has wrapped."
4378: ::= { ipSecTunnelHistEntry 26 }
4379:
4380: ipSecTunHistHcInOctets OBJECT-TYPE
4381: SYNTAX Counter64
4382: MAX-ACCESS read-only
4383: STATUS current
4384: DESCRIPTION
4385: "A high capacity count of the total number of octets
4386: received by this IPsec Phase-2 Tunnel. This value is
4387: accumulated BEFORE determining whether or not
4388: the packet should be decompressed."
4389: ::= { ipSecTunnelHistEntry 27 }
4390:
4391: ipSecTunHistInOctWraps OBJECT-TYPE
4392: SYNTAX Counter32
4393: UNITS "Integral units"
4394: MAX-ACCESS read-only
4395: STATUS current
4396: DESCRIPTION
4397: "The number of times the octets received counter
4398: (ipSecTunInOctets) has wrapped."
4399: ::= { ipSecTunnelHistEntry 28 }
4400:
4401: ipSecTunHistInDecompOctets OBJECT-TYPE
4402: SYNTAX Counter32
4403: UNITS "Octets"
4404: MAX-ACCESS read-only
4405: STATUS current
4406: DESCRIPTION
4407: "The total number of decompressed octets received by this
4408: IPsec Phase-2 Tunnel. This value is accumulated AFTER
4409: the packet is decompressed. If compression is not being
4410: used, this value will match the value of ipSecTunInOctets.
4411: See also ipSecTunInDecompOctWraps for the number of times
4412: this counter has wrapped."
4413: ::= { ipSecTunnelHistEntry 29 }
4414:
4415: ipSecTunHistHcInDecompOctets OBJECT-TYPE
4416: SYNTAX Counter64
4417: MAX-ACCESS read-only
4418: STATUS current
4419: DESCRIPTION
4420: "A high capacity count of the total number of decompressed
4421: octets received by this IPsec Phase-2 Tunnel. This value
4422: is accumulated AFTER the packet is decompressed. If
4423: compression is not being used, this value will match the
4424: value of ipSecTunHcInOctets."
4425: ::= { ipSecTunnelHistEntry 30 }
4426:
4427: ipSecTunHistInDecompOctWraps OBJECT-TYPE
4428: SYNTAX Counter32
4429: UNITS "Integral units"
4430: MAX-ACCESS read-only
4431: STATUS current
4432: DESCRIPTION
4433: "The number of times the decompressed octets
4434: received counter (ipSecTunInDecompOctets) has wrapped."
4435: ::= { ipSecTunnelHistEntry 31 }
4436:
4437: ipSecTunHistInPkts OBJECT-TYPE
4438: SYNTAX Counter32
4439: UNITS "Packets"
4440: MAX-ACCESS read-only
4441: STATUS current
4442: DESCRIPTION
4443: "The total number of packets received by this
4444: IPsec Phase-2 Tunnel."
4445: ::= { ipSecTunnelHistEntry 32 }
4446:
4447: ipSecTunHistInDropPkts OBJECT-TYPE
4448: SYNTAX Counter32
4449: UNITS "Packets"
4450: MAX-ACCESS read-only
4451: STATUS current
4452: DESCRIPTION
4453: "The total number of packets dropped during
4454: receive processing by this IPsec Phase-2 Tunnel.
4455: This count does NOT include packets
4456: dropped due to Anti-Replay processing."
4457: ::= { ipSecTunnelHistEntry 33 }
4458:
4459: ipSecTunHistInReplayDropPkts OBJECT-TYPE
4460: SYNTAX Counter32
4461: UNITS "Packets"
4462: MAX-ACCESS read-only
4463: STATUS current
4464: DESCRIPTION
4465: "The total number of packets dropped during
4466: receive processing due to Anti-Replay processing
4467: by this IPsec Phase-2 Tunnel."
4468: ::= { ipSecTunnelHistEntry 34 }
4469:
4470: ipSecTunHistInAuths OBJECT-TYPE
4471: SYNTAX Counter32
4472: UNITS "Events"
4473: MAX-ACCESS read-only
4474: STATUS current
4475: DESCRIPTION
4476: "The total number of inbound authentication's
4477: performed
4478: by this IPsec Phase-2 Tunnel."
4479: ::= { ipSecTunnelHistEntry 35 }
4480:
4481: ipSecTunHistInAuthFails OBJECT-TYPE
4482: SYNTAX Counter32
4483: UNITS "Failures"
4484: MAX-ACCESS read-only
4485: STATUS current
4486: DESCRIPTION
4487: "The total number of inbound authentication's
4488: which ended in
4489: failure by this IPsec Phase-2 Tunnel ."
4490: ::= { ipSecTunnelHistEntry 36 }
4491:
4492: ipSecTunHistInDecrypts OBJECT-TYPE
4493: SYNTAX Counter32
4494: UNITS "Packets"
4495: MAX-ACCESS read-only
4496: STATUS current
4497: DESCRIPTION
4498: "The total number of inbound decryption's performed
4499: by this IPsec Phase-2 Tunnel."
4500: ::= { ipSecTunnelHistEntry 37 }
4501:
4502: ipSecTunHistInDecryptFails OBJECT-TYPE
4503: SYNTAX Counter32
4504: UNITS "Failures"
4505: MAX-ACCESS read-only
4506: STATUS current
4507: DESCRIPTION
4508: "The total number of inbound decryption's
4509: which ended in failure
4510: by this IPsec Phase-2 Tunnel."
4511: ::= { ipSecTunnelHistEntry 38 }
4512:
4513: ipSecTunHistOutOctets OBJECT-TYPE
4514: SYNTAX Counter32
4515: UNITS "Octets"
4516: MAX-ACCESS read-only
4517: STATUS current
4518: DESCRIPTION
4519: "The total number of octets sent by this IPsec
4520: Phase-2 Tunnel. This value is accumulated
4521: AFTER determining whether or not the
4522: packet should be
4523: compressed. See also ipSecTunOutOctWraps for the
4524: number of times this counter has wrapped."
4525: ::= { ipSecTunnelHistEntry 39 }
4526:
4527: ipSecTunHistHcOutOctets OBJECT-TYPE
4528: SYNTAX Counter64
4529: MAX-ACCESS read-only
4530: STATUS current
4531: DESCRIPTION
4532: "A high capacity count of the total number of octets
4533: sent by this IPsec Phase-2 Tunnel. This value
4534: is accumulated AFTER determining whether or not
4535: the packet should be
4536: compressed."
4537: ::= { ipSecTunnelHistEntry 40 }
4538:
4539: ipSecTunHistOutOctWraps OBJECT-TYPE
4540: SYNTAX Counter32
4541: UNITS "Integral units"
4542: MAX-ACCESS read-only
4543: STATUS current
4544: DESCRIPTION
4545: "The number of times the octets sent counter
4546: (ipSecTunOutOctets) has wrapped."
4547: ::= { ipSecTunnelHistEntry 41 }
4548:
4549: ipSecTunHistOutUncompOctets OBJECT-TYPE
4550: SYNTAX Counter32
4551: UNITS "Octets"
4552: MAX-ACCESS read-only
4553: STATUS current
4554: DESCRIPTION
4555: "The total number of uncompressed octets sent by this
4556: IPsec Phase-2 Tunnel. This value is accumulated BEFORE
4557: the packet is compressed. If compression is not being
4558: used, this value will match the value of
4559: ipSecTunOutOctets. See also
4560: ipSecTunOutDecompOctWraps for the number of times
4561: this counter has wrapped."
4562: ::= { ipSecTunnelHistEntry 42 }
4563:
4564: ipSecTunHistHcOutUncompOctets OBJECT-TYPE
4565: SYNTAX Counter64
4566: UNITS "Octets"
4567: MAX-ACCESS read-only
4568: STATUS current
4569: DESCRIPTION
4570: "A high capacity count of the total
4571: number of uncompressed octets sent by this
4572: IPsec Phase-2 Tunnel. This value is accumulated
4573: BEFORE the packet is compressed. If compression
4574: is not being used, this value will match the value of
4575: ipSecTunHcOutOctets."
4576: ::= { ipSecTunnelHistEntry 43 }
4577:
4578: ipSecTunHistOutUncompOctWraps OBJECT-TYPE
4579: SYNTAX Counter32
4580: UNITS "Integral units"
4581: MAX-ACCESS read-only
4582: STATUS current
4583: DESCRIPTION
4584: "The number of times the uncompressed octets sent counter
4585: (ipSecTunOutUncompOctets) has wrapped."
4586: ::= { ipSecTunnelHistEntry 44 }
4587:
4588: ipSecTunHistOutPkts OBJECT-TYPE
4589: SYNTAX Counter32
4590: UNITS "Packets"
4591: MAX-ACCESS read-only
4592: STATUS current
4593: DESCRIPTION
4594: "The total number of packets sent by this
4595: IPsec Phase-2 Tunnel."
4596: ::= { ipSecTunnelHistEntry 45 }
4597:
4598: ipSecTunHistOutDropPkts OBJECT-TYPE
4599: SYNTAX Counter32
4600: UNITS "Packets"
4601: MAX-ACCESS read-only
4602: STATUS current
4603: DESCRIPTION
4604: "The total number of packets dropped
4605: during send processing
4606: by this IPsec Phase-2 Tunnel."
4607: ::= { ipSecTunnelHistEntry 46 }
4608:
4609: ipSecTunHistOutAuths OBJECT-TYPE
4610: SYNTAX Counter32
4611: UNITS "Events"
4612: MAX-ACCESS read-only
4613: STATUS current
4614: DESCRIPTION
4615: "The total number of outbound authentication's performed
4616: by this IPsec Phase-2 Tunnel."
4617: ::= { ipSecTunnelHistEntry 47 }
4618:
4619: ipSecTunHistOutAuthFails OBJECT-TYPE
4620: SYNTAX Counter32
4621: UNITS "Failures"
4622: MAX-ACCESS read-only
4623: STATUS current
4624: DESCRIPTION
4625: "The total number of outbound authentication's
4626: which ended in
4627: failure by this IPsec Phase-2 Tunnel."
4628: ::= { ipSecTunnelHistEntry 48 }
4629:
4630: ipSecTunHistOutEncrypts OBJECT-TYPE
4631: SYNTAX Counter32
4632: UNITS "Packets"
4633: MAX-ACCESS read-only
4634: STATUS current
4635: DESCRIPTION
4636: "The total number of outbound encryption's performed
4637: by this IPsec Phase-2 Tunnel."
4638: ::= { ipSecTunnelHistEntry 49 }
4639:
4640: ipSecTunHistOutEncryptFails OBJECT-TYPE
4641: SYNTAX Counter32
4642: UNITS "Failures"
4643: MAX-ACCESS read-only
4644: STATUS current
4645: DESCRIPTION
4646: "The total number of outbound encryption's
4647: which ended in failure
4648: by this IPsec Phase-2 Tunnel."
4649: ::= { ipSecTunnelHistEntry 50 }
4650:
4651: ipSecTunHistOutCompressedPkts OBJECT-TYPE
4652: SYNTAX Counter32
4653: UNITS "Packets"
4654: MAX-ACCESS read-only
4655: STATUS current
4656: DESCRIPTION
4657: "The total number of outbound packets
4658: which were successfully compressed."
4659: ::= { ipSecTunnelHistEntry 51 }
4660:
4661: ipSecTunHistOutCompSkippedPkts OBJECT-TYPE
4662: SYNTAX Counter32
4663: UNITS "Packets"
4664: MAX-ACCESS read-only
4665: STATUS current
4666: DESCRIPTION
4667: "The total number of outbound packets that were to be
4668: compressed but which were skipped due to the compression
4669: hysteresis."
4670: ::= { ipSecTunnelHistEntry 52 }
4671:
4672: ipSecTunHistOutCompFailPkts OBJECT-TYPE
4673: SYNTAX Counter32
4674: UNITS "Packets"
4675: MAX-ACCESS read-only
4676: STATUS current
4677: DESCRIPTION
4678: "The total number of outbound packets that failed
4679: compression because they grew in size after compression."
4680: ::= { ipSecTunnelHistEntry 53 }
4681:
4682: ipSecTunHistOutCompTooSmallPkts OBJECT-TYPE
4683: SYNTAX Counter32
4684: UNITS "Packets"
4685: MAX-ACCESS read-only
4686: STATUS current
4687: DESCRIPTION
4688: "The total number of outbound packets that were to be
4689: compressed but were smaller than the compression threshold
4690: size."
4691: ::= { ipSecTunnelHistEntry 54 }
4692:
4693: ipSecTunHistControlProtocol OBJECT-TYPE
4694: SYNTAX ControlProtocol
4695: MAX-ACCESS read-only
4696: STATUS current
4697: DESCRIPTION
4698: "Identifies the protocol that was used to setup and administer
4699: Phase-2 IPsec tunnel. If IKE was used to setup this tunnel,
4700: then this value of this column would be `cp_ike'."
4701: ::= { ipSecTunnelHistEntry 55 }
4702:
4703: ipSecTunHistControlTunnelIndex OBJECT-TYPE
4704: SYNTAX Integer32 (1..2147483647)
4705: MAX-ACCESS read-only
4706: STATUS current
4707: DESCRIPTION
4708: "The index of the IPsec Phase-1 Tunnel that spawned this
4709: Phase-2 tunnel (in case of IKE, this value would refer t
4710: ikeTunIndex in the ikeTunnelTable)"
4711: ::= { ipSecTunnelHistEntry 56 }
4712:
4713: ipSecTunHistInSaEncryptKeySize OBJECT-TYPE
4714: SYNTAX Integer32
4715: UNITS "Bits"
4716: MAX-ACCESS read-only
4717: STATUS current
4718: DESCRIPTION
4719: "The size in bits of the key which was negotiated to be use
4720: with the encryption transform used with this tunnel denote
4721: by ipSecTunHistInSaEncryptAlgo.
4722: For DES and 3DES the key size is respectively 56 and
4723: 168. For AES, this will denote the negotiated key size."
4724: ::= { ipSecTunnelHistEntry 57 }
4725:
4726: ipSecTunHistOutSaEncryptKeySize OBJECT-TYPE
4727: SYNTAX Integer32
4728: UNITS "Bits"
4729: MAX-ACCESS read-only
4730: STATUS current
4731: DESCRIPTION
4732: "The size in bits of the key which was negotiated to be use
4733: with the encryption transform used with this tunnel denote
4734: by ipSecTunHistOutSaEncryptAlgo.
4735: For DES and 3DES the key size is respectively 56 and
4736: 168. For AES, this will denote the negotiated key size."
4737: ::= { ipSecTunnelHistEntry 58 }
4738:
4739:
4740: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
4741: -- The IPsec Phase-2 Tunnel Endpoint History Table
4742: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
4743: ipSecEndPtHistTable OBJECT-TYPE
4744: SYNTAX SEQUENCE OF IpSecEndPtHistEntry
4745: MAX-ACCESS not-accessible
4746: STATUS current
4747: DESCRIPTION
4748: "The IPsec Phase-2 Tunnel Endpoint History Table.
4749: This table is implemented as a
4750: sliding window in which only the
4751: last n entries are maintained.
4752: The maximum number of entries
4753: is specified by the ipSecHistTableSize object."
4754: ::= { ipSecHistPhaseTwo 2 }
4755:
4756: ipSecEndPtHistEntry OBJECT-TYPE
4757: SYNTAX IpSecEndPtHistEntry
4758: MAX-ACCESS not-accessible
4759: STATUS current
4760: DESCRIPTION
4761: "Each entry contains the attributes associated with
4762: a previously active IPsec Phase-2 Tunnel Endpoint."
4763: INDEX { ipSecEndPtHistIndex }
4764: ::= { ipSecEndPtHistTable 1 }
4765:
4766: IpSecEndPtHistEntry ::= SEQUENCE {
4767: ipSecEndPtHistIndex Integer32,
4768: ipSecEndPtHistTunIndex Integer32,
4769: ipSecEndPtHistActiveIndex Integer32,
4770: ipSecEndPtHistLocalName DisplayString,
4771: ipSecEndPtHistLocalType EndPtType,
4772: ipSecEndPtHistLocalAddr1 IPSIpAddress,
4773: ipSecEndPtHistLocalAddr2 IPSIpAddress,
4774: ipSecEndPtHistLocalProtocol Integer32,
4775: ipSecEndPtHistLocalPort Integer32,
4776: ipSecEndPtHistRemoteName DisplayString,
4777: ipSecEndPtHistRemoteType EndPtType,
4778: ipSecEndPtHistRemoteAddr1 IPSIpAddress,
4779: ipSecEndPtHistRemoteAddr2 IPSIpAddress,
4780: ipSecEndPtHistRemoteProtocol Integer32,
4781: ipSecEndPtHistRemotePort Integer32
4782: }
4783:
4784: ipSecEndPtHistIndex OBJECT-TYPE
4785: SYNTAX Integer32 (1..2147483647)
4786: MAX-ACCESS not-accessible
4787: STATUS current
4788: DESCRIPTION
4789: "The number of the previously active
4790: Endpoint associated
4791: with a IPsec Phase-2 Tunnel Table. The value
4792: of this index is a number which begins at
4793: one and is incremented with each Endpoint
4794: associated with an IPsec Phase-2 Tunnel.
4795: The value of this object will wrap at 2,147,483,647."
4796: ::= { ipSecEndPtHistEntry 1 }
4797:
4798: ipSecEndPtHistTunIndex OBJECT-TYPE
4799: SYNTAX Integer32 (1..2147483647)
4800: MAX-ACCESS read-only
4801: STATUS current
4802: DESCRIPTION
4803: "The index of the previously active IPsec
4804: Phase-2 Tunnel Table."
4805: ::= { ipSecEndPtHistEntry 2 }
4806:
4807: ipSecEndPtHistActiveIndex OBJECT-TYPE
4808: SYNTAX Integer32 (1..2147483647)
4809: MAX-ACCESS read-only
4810: STATUS current
4811: DESCRIPTION
4812: "The index of the previously active Endpoint."
4813: ::= { ipSecEndPtHistEntry 3 }
4814:
4815: ipSecEndPtHistLocalName OBJECT-TYPE
4816: SYNTAX DisplayString
4817: MAX-ACCESS read-only
4818: STATUS current
4819: DESCRIPTION
4820: "The DNS name of the local Endpoint."
4821: ::= { ipSecEndPtHistEntry 4 }
4822:
4823: ipSecEndPtHistLocalType OBJECT-TYPE
4824: SYNTAX EndPtType
4825: --INTEGER {
4826: --singleIpAddr(1),
4827: --ipAddrRange(2),
4828: --ipSubnet(3)
4829: --}
4830: MAX-ACCESS read-only
4831: STATUS current
4832: DESCRIPTION
4833: "The type of identity for the local Endpoint.
4834: Possible values are:
4835: 1) a single IP address, or
4836: 2) an IP address range, or
4837: 3) an IP subnet."
4838: ::= { ipSecEndPtHistEntry 5 }
4839:
4840: ipSecEndPtHistLocalAddr1 OBJECT-TYPE
4841: SYNTAX IPSIpAddress
4842: MAX-ACCESS read-only
4843: STATUS current
4844: DESCRIPTION
4845: "The local Endpoint's first IP address specification.
4846:
4847: If the local Endpoint type is single IP address,
4848: then this is the value of the IP address.
4849:
4850: If the local Endpoint type is IP subnet, then this
4851: is the value of the subnet.
4852:
4853: If the local Endpoint type is IP address range,
4854: then this is the value of beginning IP address of
4855: the range."
4856: ::= { ipSecEndPtHistEntry 6 }
4857:
4858: ipSecEndPtHistLocalAddr2 OBJECT-TYPE
4859: SYNTAX IPSIpAddress
4860: MAX-ACCESS read-only
4861: STATUS current
4862: DESCRIPTION
4863: "The local Endpoint's second IP address specification.
4864:
4865: If the local Endpoint type is single IP address,
4866: then this is the value of the IP address.
4867:
4868: If the local Endpoint type is IP subnet, then this
4869: is the value of the subnet mask.
4870:
4871: If the local Endpoint type is IP address range,
4872: then this is the value of ending IP address of
4873: the range."
4874: ::= { ipSecEndPtHistEntry 7 }
4875:
4876: ipSecEndPtHistLocalProtocol OBJECT-TYPE
4877: SYNTAX Integer32 (0..255)
4878: MAX-ACCESS read-only
4879: STATUS current
4880: DESCRIPTION
4881: "The protocol number of the local Endpoint's traffic."
4882: ::= { ipSecEndPtHistEntry 8 }
4883:
4884: ipSecEndPtHistLocalPort OBJECT-TYPE
4885: SYNTAX Integer32 (0..65535)
4886: MAX-ACCESS read-only
4887: STATUS current
4888: DESCRIPTION
4889: "The port number of the local Endpoint's traffic."
4890: ::= { ipSecEndPtHistEntry 9 }
4891:
4892: ipSecEndPtHistRemoteName OBJECT-TYPE
4893: SYNTAX DisplayString
4894: MAX-ACCESS read-only
4895: STATUS current
4896: DESCRIPTION
4897: "The DNS name of the remote Endpoint."
4898: ::= { ipSecEndPtHistEntry 10 }
4899:
4900: ipSecEndPtHistRemoteType OBJECT-TYPE
4901: SYNTAX EndPtType
4902: --INTEGER {
4903: --singleIpAddr(1),
4904: --ipAddrRange(2),
4905: --ipSubnet(3)
4906: --}
4907: MAX-ACCESS read-only
4908: STATUS current
4909: DESCRIPTION
4910: "The type of identity for the remote Endpoint.
4911: Possible values are:
4912: 1) a single IP address, or
4913: 2) an IP address range, or
4914: 3) an IP subnet."
4915: ::= { ipSecEndPtHistEntry 11 }
4916:
4917: ipSecEndPtHistRemoteAddr1 OBJECT-TYPE
4918: SYNTAX IPSIpAddress
4919: MAX-ACCESS read-only
4920: STATUS current
4921: DESCRIPTION
4922: "The remote Endpoint's first IP address specification.
4923:
4924: If the remote Endpoint type is single IP address,
4925: then this is the value of the IP address.
4926:
4927: If the remote Endpoint type is IP subnet, then this
4928: is the value of the subnet.
4929:
4930: If the remote Endpoint type is IP address range,
4931: then this is the value of beginning IP address of
4932: the range."
4933: ::= { ipSecEndPtHistEntry 12 }
4934:
4935: ipSecEndPtHistRemoteAddr2 OBJECT-TYPE
4936: SYNTAX IPSIpAddress
4937: MAX-ACCESS read-only
4938: STATUS current
4939: DESCRIPTION
4940: "The remote Endpoint's second IP address specification.
4941:
4942: If the remote Endpoint type is single IP address,
4943: then this
4944: is the value of the IP address.
4945:
4946: If the remote Endpoint type is IP subnet, then this
4947: is the value of the subnet mask.
4948:
4949: If the remote Endpoint type is IP address range,
4950: then this
4951: is the value of ending IP address of the range."
4952: ::= { ipSecEndPtHistEntry 13 }
4953:
4954: ipSecEndPtHistRemoteProtocol OBJECT-TYPE
4955: SYNTAX Integer32 (0..255)
4956: MAX-ACCESS read-only
4957: STATUS current
4958: DESCRIPTION
4959: "The protocol number of the remote Endpoint's traffic."
4960: ::= { ipSecEndPtHistEntry 14 }
4961:
4962: ipSecEndPtHistRemotePort OBJECT-TYPE
4963: SYNTAX Integer32 (0..65535)
4964: MAX-ACCESS read-only
4965: STATUS current
4966: DESCRIPTION
4967: "The port number of the remote Endpoint's traffic."
4968: ::= { ipSecEndPtHistEntry 15 }
4969:
4970: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
4971: -- The IPsec Failure Group
4972: --
4973: -- This group consists of a:
4974: -- 1) IPsec Failure Global Objects
4975: -- 2) IPsec Phase-1 Tunnel Failure Table
4976: -- 3) IPsec Phase-2 Tunnel Failure Table
4977: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
4978: ipSecFailGlobal OBJECT IDENTIFIER
4979: ::= { ipSecFailures 1 }
4980: ipSecFailPhaseOne OBJECT IDENTIFIER
4981: ::= { ipSecFailures 2 }
4982: ipSecFailPhaseTwo OBJECT IDENTIFIER
4983: ::= { ipSecFailures 3 }
4984:
4985: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
4986: -- The IPsec Failure Global Control Objects
4987: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
4988: ipSecFailGlobalCntl OBJECT IDENTIFIER
4989: ::= { ipSecFailGlobal 1 }
4990:
4991: ipSecFailTableSize OBJECT-TYPE
4992: SYNTAX Integer32 (1..2147483647)
4993: MAX-ACCESS read-write
4994: STATUS current
4995: DESCRIPTION
4996: "The window size of the IPsec Phase-1 and Phase-2
4997: Failure Tables.
4998:
4999: The IPsec Phase-1 and Phase-2 Failure Tables are
5000: implemented as a sliding window in which only the
5001: last N entries are maintained. This object is used
5002: specify the number of entries which will be
5003: maintained in the IPsec Phase-1 and Phase-2 Failure
5004: Tables.
5005:
5006: An implementation may choose suitable minimum and
5007: maximum values for this element based on the local
5008: policy and available resources. If an SNMP SET request
5009: specifies a value outside this window for this element,
5010: a BAD VALUE may be returned."
5011:
5012: ::= { ipSecFailGlobalCntl 1 }
5013:
5014: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5015: -- The IPsec Phase-1 Failure Table
5016: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5017: ikeFailTable OBJECT-TYPE
5018: SYNTAX SEQUENCE OF IkeFailEntry
5019: MAX-ACCESS not-accessible
5020: STATUS current
5021: DESCRIPTION
5022: "The IPsec Phase-1 Failure Table.
5023: This table is implemented as a sliding
5024: window in which only the last n entries are
5025: maintained. The maximum number of entries
5026: is specified by the ipSecFailTableSize object."
5027: ::= { ipSecFailPhaseOne 1 }
5028:
5029: ikeFailEntry OBJECT-TYPE
5030: SYNTAX IkeFailEntry
5031: MAX-ACCESS not-accessible
5032: STATUS current
5033: DESCRIPTION
5034: "Each entry contains the attributes associated
5035: with an IPsec Phase-1 failure."
5036: INDEX { ikeFailIndex }
5037: ::= { ikeFailTable 1 }
5038:
5039: IkeFailEntry ::= SEQUENCE {
5040: ikeFailIndex Integer32,
5041: ikeFailReason INTEGER,
5042: ikeFailTime TimeStamp,
5043: ikeFailLocalType Phase1PeerIdentityType,
5044: ikeFailLocalValue DisplayString,
5045: ikeFailRemoteType Phase1PeerIdentityType,
5046: ikeFailRemoteValue DisplayString,
5047: ikeFailLocalAddr IPSIpAddress,
5048: ikeFailRemoteAddr IPSIpAddress
5049: }
5050:
5051: ikeFailIndex OBJECT-TYPE
5052: SYNTAX Integer32 (1..2147483647)
5053: MAX-ACCESS not-accessible
5054: STATUS current
5055: DESCRIPTION
5056: "The IPsec Phase-1 Failure Table index.
5057: The value of the index is a number which
5058: begins at one and is incremented with each
5059: IPsec Phase-1 failure. The value
5060: of this object will wrap at 2,147,483,647."
5061: ::= { ikeFailEntry 1 }
5062:
5063: ikeFailReason OBJECT-TYPE
5064: SYNTAX INTEGER{
5065: other(1),
5066: peerDelRequest(2),
5067: peerLost(3),
5068: localFailure(4),
5069: authFailure(5),
5070: hashValidation(6),
5071: encryptFailure(7),
5072: internalError(8),
5073: sysCapExceeded(9),
5074: proposalFailure(10),
5075: peerCertUnavailable(11),
5076: peerCertNotValid(12),
5077: localCertExpired(13),
5078: crlFailure(14),
5079: peerEncodingError(15),
5080: nonExistentSa(16),
5081: xauthFailure(17),
5082: operRequest(18)
5083: }
5084: MAX-ACCESS read-only
5085: STATUS current
5086: DESCRIPTION
5087: "The reason for the failure. Possible reasons include:
5088: 1 = other
5089: 2 = peer delete request was received
5090: 3 = contact with peer was lost
5091: 4 = local failure occurred
5092: 5 = authentication failure
5093: 6 = hash validation failure
5094: 7 = encryption failure
5095: 8 = internal error occurred
5096: 9 = system capacity failure
5097: 10 = proposal failure
5098: 11 = peer's certificate is unavailable
5099: 12 = peer's certificate was found invalid
5100: 13 = local certificate expired
5101: 14 = certificate revoke list (crl) failure
5102: 15 = peer encoding error
5103: 16 = ISAKMP PDU has pointer to non-existent cookie
5104: 17 = operator requested termination."
5105: ::= { ikeFailEntry 2 }
5106:
5107: ikeFailTime OBJECT-TYPE
5108: SYNTAX TimeStamp
5109: MAX-ACCESS read-only
5110: STATUS current
5111: DESCRIPTION
5112: "The value of sysUpTime in hundredths of seconds
5113: at the time of the failure."
5114: ::= { ikeFailEntry 3 }
5115:
5116: ikeFailLocalType OBJECT-TYPE
5117: SYNTAX Phase1PeerIdentityType
5118: MAX-ACCESS read-only
5119: STATUS current
5120: DESCRIPTION
5121: "The type of local peer identity. The local peer
5122: may be indentified by:
5123: 1. an IP address, or
5124: 2. or a fully qualified domain name.
5125: 3. or a distinguished name."
5126: ::= { ikeFailEntry 4 }
5127:
5128: ikeFailLocalValue OBJECT-TYPE
5129: SYNTAX DisplayString
5130: MAX-ACCESS read-only
5131: STATUS current
5132: DESCRIPTION
5133: "The value of the local peer identity.
5134:
5135: If the local peer type is an IP Address, then this
5136: is the IP Address used to identify the local peer.
5137:
5138: If the local peer type is id_fqdn, then this is
5139: the FQDN of the local entity.
5140:
5141: If the local peer type is a id_dn, then this is
5142: the distinguished named string of the local entity."
5143: ::= { ikeFailEntry 5 }
5144:
5145: ikeFailRemoteType OBJECT-TYPE
5146: SYNTAX Phase1PeerIdentityType
5147: MAX-ACCESS read-only
5148: STATUS current
5149: DESCRIPTION
5150: "The type of remote peer identity. The remote
5151: peer may be identified by:
5152: 1. an IP address, or
5153: 2. or a fully qualified domain name.
5154: 3. or a distinguished name."
5155: ::= { ikeFailEntry 6 }
5156:
5157: ikeFailRemoteValue OBJECT-TYPE
5158: SYNTAX DisplayString
5159: MAX-ACCESS read-only
5160: STATUS current
5161: DESCRIPTION
5162: "The value of the remote peer identity.
5163:
5164: If the remote peer type is an IP Address, then this
5165: is the IP Address used to identify the remote peer.
5166:
5167: If the remote peer type is id_fqdn, then this is
5168: the FQDN of the remote peer.
5169:
5170: If the remote peer type is a id_dn, then this is
5171: the distinguished named string of the remote peer."
5172: ::= { ikeFailEntry 7 }
5173:
5174: ikeFailLocalAddr OBJECT-TYPE
5175: SYNTAX IPSIpAddress
5176: MAX-ACCESS read-only
5177: STATUS current
5178: DESCRIPTION
5179: "The IP address of the local peer."
5180: ::= { ikeFailEntry 8 }
5181:
5182: ikeFailRemoteAddr OBJECT-TYPE
5183: SYNTAX IPSIpAddress
5184: MAX-ACCESS read-only
5185: STATUS current
5186: DESCRIPTION
5187: "The IP address of the remote peer."
5188: ::= { ikeFailEntry 9 }
5189:
5190: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5191: -- The IPsec Phase-2 Failure Table
5192: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5193: ipSecFailTable OBJECT-TYPE
5194: SYNTAX SEQUENCE OF IpSecFailEntry
5195: MAX-ACCESS not-accessible
5196: STATUS current
5197: DESCRIPTION
5198: "The IPsec Phase-2 Failure Table.
5199: This table is implemented as a sliding window
5200: in which only the last n entries are maintained.
5201: The maximum number of entries
5202: is specified by the ipSecFailTableSize object."
5203: ::= { ipSecFailPhaseTwo 1 }
5204:
5205: ipSecFailEntry OBJECT-TYPE
5206: SYNTAX IpSecFailEntry
5207: MAX-ACCESS not-accessible
5208: STATUS current
5209: DESCRIPTION
5210: "Each entry contains the attributes associated with
5211: an IPsec Phase-1 failure."
5212: INDEX { ipSecFailIndex }
5213: ::= { ipSecFailTable 1 }
5214:
5215: IpSecFailEntry ::= SEQUENCE {
5216: ipSecFailIndex Integer32,
5217: ipSecFailReason INTEGER,
5218: ipSecFailTime TimeStamp,
5219: ipSecFailTunnelIndex Integer32,
5220: ipSecFailSaSpi Integer32,
5221: ipSecFailPktSrcAddr IPSIpAddress,
5222: ipSecFailPktDstAddr IPSIpAddress
5223: }
5224:
5225: ipSecFailIndex OBJECT-TYPE
5226: SYNTAX Integer32 (1..2147483647)
5227: MAX-ACCESS not-accessible
5228: STATUS current
5229: DESCRIPTION
5230: "The IPsec Phase-2 Failure Table index.
5231: The value of the index is a number which
5232: begins at one and is incremented with each
5233: IPsec Phase-1 failure. The value
5234: of this object will wrap at 2,147,483,647."
5235: ::= { ipSecFailEntry 1 }
5236:
5237: ipSecFailReason OBJECT-TYPE
5238: SYNTAX INTEGER{
5239: other(1),
5240: internalError(2),
5241: peerEncodingError(3),
5242: proposalFailure(4),
5243: protocolUseFail(5),
5244: nonExistentSa(6),
5245: decryptFailure(7),
5246: encryptFailure(8),
5247: inAuthFailure(9),
5248: outAuthFailure(10),
5249: compression(11),
5250: sysCapExceeded(12),
5251: peerDelRequest(13),
5252: peerLost(14),
5253: seqNumRollOver(15),
5254: operRequest(16)
5255: }
5256: MAX-ACCESS read-only
5257: STATUS current
5258: DESCRIPTION
5259: "The reason for the failure. Possible reasons
5260: include:
5261: 1 = other
5262: 2 = internal error occurred
5263: 3 = peer encoding error
5264: 4 = proposal failure
5265: 5 = protocol use failure
5266: 6 = non-existent security association
5267: 7 = decryption failure
5268: 8 = encryption failure
5269: 9 = inbound authentication failure
5270: 10 = outbound authentication failure
5271: 11 = compression failure
5272: 12 = system capacity failure
5273: 13 = peer delete request was received
5274: 14 = contact with peer was lost
5275: 15 = sequence number rolled over
5276: 16 = operator requested termination."
5277: ::= { ipSecFailEntry 2 }
5278:
5279: ipSecFailTime OBJECT-TYPE
5280: SYNTAX TimeStamp
5281: MAX-ACCESS read-only
5282: STATUS current
5283: DESCRIPTION
5284: "The value of sysUpTime in hundredths of seconds
5285: at the time of the failure."
5286: ::= { ipSecFailEntry 3 }
5287:
5288: ipSecFailTunnelIndex OBJECT-TYPE
5289: SYNTAX Integer32 (1..2147483647)
5290: MAX-ACCESS read-only
5291: STATUS current
5292: DESCRIPTION
5293: "The Phase-2 Tunnel index (ipSecTunIndex)."
5294: ::= { ipSecFailEntry 4 }
5295:
5296: ipSecFailSaSpi OBJECT-TYPE
5297: SYNTAX Integer32 (0..2147483647)
5298: MAX-ACCESS read-only
5299: STATUS current
5300: DESCRIPTION
5301: "The security association SPI value."
5302: ::= { ipSecFailEntry 5 }
5303:
5304: ipSecFailPktSrcAddr OBJECT-TYPE
5305: SYNTAX IPSIpAddress
5306: MAX-ACCESS read-only
5307: STATUS current
5308: DESCRIPTION
5309: "The packet's source IP address."
5310: ::= { ipSecFailEntry 6 }
5311:
5312: ipSecFailPktDstAddr OBJECT-TYPE
5313: SYNTAX IPSIpAddress
5314: MAX-ACCESS read-only
5315: STATUS current
5316: DESCRIPTION
5317: "The packet's destination IP address."
5318: ::= { ipSecFailEntry 7 }
5319:
5320: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5321: -- The IPsec TRAP Control Group
5322: --
5323: -- This group of objects controls the sending of IPsec TRAPs.
5324: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5325: ipSecTrapCntlIkeTunnelStart OBJECT-TYPE
5326: SYNTAX TrapStatus
5327: MAX-ACCESS read-write
5328: STATUS current
5329: DESCRIPTION
5330: "This object defines the administrative state of
5331: sending the IPsec IKE Phase-1 Tunnel Start TRAP "
5332: DEFVAL { disabled }
5333: ::= { ipSecTrapCntl 1 }
5334:
5335: ipSecTrapCntlIkeTunnelStop OBJECT-TYPE
5336: SYNTAX TrapStatus
5337: MAX-ACCESS read-write
5338: STATUS current
5339: DESCRIPTION
5340: "This object defines the administrative state
5341: of sending the
5342: IPsec IKE Phase-1 Tunnel Stop TRAP "
5343: DEFVAL { disabled }
5344: ::= { ipSecTrapCntl 2 }
5345:
5346: ipSecTrapCntlIkeSysFailure OBJECT-TYPE
5347: SYNTAX TrapStatus
5348: MAX-ACCESS read-write
5349: STATUS current
5350: DESCRIPTION
5351: "This object defines the administrative state
5352: of sending the
5353: IPsec IKE Phase-1 System Failure TRAP "
5354: DEFVAL { disabled }
5355: ::= { ipSecTrapCntl 3 }
5356:
5357: ipSecTrapCntlIkeCertCrlFailure OBJECT-TYPE
5358: SYNTAX TrapStatus
5359: MAX-ACCESS read-write
5360: STATUS current
5361: DESCRIPTION
5362: "This object defines the administrative
5363: state of sending the
5364: IPsec IKE Phase-1 Certificate/CRL Failure TRAP "
5365: DEFVAL { disabled }
5366: ::= { ipSecTrapCntl 4 }
5367:
5368: ipSecTrapCntlIkeProtocolFail OBJECT-TYPE
5369: SYNTAX TrapStatus
5370: MAX-ACCESS read-write
5371: STATUS current
5372: DESCRIPTION
5373: "This object defines the administrative
5374: state of sending the
5375: IPsec IKE Phase-1 Protocol Failure TRAP "
5376: DEFVAL { disabled }
5377: ::= { ipSecTrapCntl 5 }
5378:
5379: ipSecTrapCntlIkeNoSa OBJECT-TYPE
5380: SYNTAX TrapStatus
5381: MAX-ACCESS read-write
5382: STATUS current
5383: DESCRIPTION
5384: "This object defines the administrative
5385: state of sending the IPsec IKE Phase-1
5386: No Security Association TRAP."
5387: DEFVAL { disabled }
5388: ::= { ipSecTrapCntl 6 }
5389:
5390: ipSecTrapCntlIpSecTunnelStart OBJECT-TYPE
5391: SYNTAX TrapStatus
5392: MAX-ACCESS read-write
5393: STATUS current
5394: DESCRIPTION
5395: "This object defines the administrative state
5396: of sending the IPsec
5397: Phase-2 Tunnel Start TRAP "
5398: DEFVAL { disabled }
5399: ::= { ipSecTrapCntl 7 }
5400:
5401: ipSecTrapCntlIpSecTunnelStop OBJECT-TYPE
5402: SYNTAX TrapStatus
5403: MAX-ACCESS read-write
5404: STATUS current
5405: DESCRIPTION
5406: "This object defines the administrative
5407: state of sending the IPsec
5408: Phase-2 Tunnel Stop TRAP "
5409: DEFVAL { disabled }
5410: ::= { ipSecTrapCntl 8 }
5411:
5412: ipSecTrapCntlIpSecSysFailure OBJECT-TYPE
5413: SYNTAX TrapStatus
5414: MAX-ACCESS read-write
5415: STATUS current
5416: DESCRIPTION
5417: "This object defines the administrative state
5418: of sending the IPsec
5419: Phase-2 System Failure TRAP "
5420: DEFVAL { disabled }
5421: ::= { ipSecTrapCntl 9 }
5422:
5423: ipSecTrapCntlIpSecSetUpFailure OBJECT-TYPE
5424: SYNTAX TrapStatus
5425: MAX-ACCESS read-write
5426: STATUS current
5427: DESCRIPTION
5428: "This object defines the administrative state
5429: of sending the IPsec
5430: Phase-2 Set Up Failure TRAP "
5431: DEFVAL { disabled }
5432: ::= { ipSecTrapCntl 10 }
5433:
5434: ipSecTrapCntlIpSecEarlyTunTerm OBJECT-TYPE
5435: SYNTAX TrapStatus
5436: MAX-ACCESS read-write
5437: STATUS current
5438: DESCRIPTION
5439: "This object defines the administrative state
5440: of sending the IPsec
5441: Phase-2 Early Tunnel Termination TRAP "
5442: DEFVAL { disabled }
5443: ::= { ipSecTrapCntl 11 }
5444:
5445: ipSecTrapCntlIpSecProtocolFail OBJECT-TYPE
5446: SYNTAX TrapStatus
5447: MAX-ACCESS read-write
5448: STATUS current
5449: DESCRIPTION
5450: "This object defines the administrative state
5451: of sending the IPsec
5452: Phase-2 Protocol Failure TRAP "
5453: DEFVAL { disabled }
5454: ::= { ipSecTrapCntl 12 }
5455:
5456: ipSecTrapCntlIpSecNoSa OBJECT-TYPE
5457: SYNTAX TrapStatus
5458: MAX-ACCESS read-write
5459: STATUS current
5460: DESCRIPTION
5461: "This object defines the administrative state
5462: of sending the IPsec Phase-2 No Security
5463: Association TRAP "
5464: DEFVAL { disabled }
5465: ::= { ipSecTrapCntl 13 }
5466:
5467: ipSecTrapCntlInNewGrpRejected OBJECT-TYPE
5468: SYNTAX TrapStatus
5469: MAX-ACCESS read-write
5470: STATUS current
5471: DESCRIPTION
5472: "This object defines the administrative state
5473: of sending the IPsec Phase-2 No Security
5474: Association TRAP "
5475: DEFVAL { disabled }
5476: ::= { ipSecTrapCntl 14 }
5477:
5478: ipSecTrapCntlOutNewGrpRejected OBJECT-TYPE
5479: SYNTAX TrapStatus
5480: MAX-ACCESS read-write
5481: STATUS current
5482: DESCRIPTION
5483: "This object defines the administrative state
5484: of sending the IPsec Phase-2 No Security
5485: Association TRAP "
5486: DEFVAL { disabled }
5487: ::= { ipSecTrapCntl 15 }
5488:
5489: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5490: -- IPsec Notifications - TRAPs
5491: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5492:
5493: ipSecMIBNotificationPrefix OBJECT IDENTIFIER
5494: ::= {ipSecFlowMonitorMIB 2}
5495:
5496: ipSecMIBNotifications OBJECT IDENTIFIER
5497: ::= { ipSecMIBNotificationPrefix 0}
5498:
5499: ikeTunnelStart NOTIFICATION-TYPE
5500: OBJECTS {
5501: phase1PeerLocalAddr,
5502: phase1PeerRemoteAddr,
5503: ikeTunLifeTime
5504: }
5505: STATUS current
5506: DESCRIPTION
5507: "This notification is generated when an IPsec Phase-1
5508: IKE Tunnel becomes active."
5509: ::= { ipSecMIBNotifications 1 }
5510:
5511: ikeTunnelStop NOTIFICATION-TYPE
5512: OBJECTS {
5513: ikeTunHistTermReason,
5514: phase1PeerLocalAddr,
5515: phase1PeerRemoteAddr,
5516: ikeTunActiveTime
5517: }
5518: STATUS current
5519: DESCRIPTION
5520: "This notification is generated when an IPsec Phase-1
5521: IKE Tunnel becomes inactive."
5522: ::= { ipSecMIBNotifications 2 }
5523:
5524: ikeSysFailure NOTIFICATION-TYPE
5525: OBJECTS {
5526: phase1PeerLocalAddr,
5527: phase1PeerRemoteAddr
5528: }
5529: STATUS current
5530: DESCRIPTION
5531: "This notification is generated when the processing for
5532: an IPsec Phase-1 IKE Tunnel experiences an internal
5533: or system capacity error."
5534: ::= { ipSecMIBNotifications 3 }
5535:
5536: ikeCertCrlFailure NOTIFICATION-TYPE
5537: OBJECTS {
5538: phase1PeerLocalAddr,
5539: phase1PeerRemoteAddr
5540: }
5541: STATUS current
5542: DESCRIPTION
5543: "This notification is generated when the processing for
5544: an IPsec Phase-1 IKE Tunnel experiences a Certificate
5545: or a Certificate Revoke List (CRL) related error."
5546: ::= { ipSecMIBNotifications 4 }
5547:
5548: ikeProtocolFailure NOTIFICATION-TYPE
5549: OBJECTS {
5550: phase1PeerLocalAddr,
5551: phase1PeerRemoteAddr
5552: }
5553: STATUS current
5554: DESCRIPTION
5555: "This notification is generated when the processing for
5556: an IPsec Phase-1 IKE Tunnel experiences a protocol
5557: related error."
5558: ::= { ipSecMIBNotifications 5 }
5559:
5560: ikeNoSa NOTIFICATION-TYPE
5561: OBJECTS {
5562: phase1PeerLocalAddr,
5563: phase1PeerRemoteAddr
5564: }
5565: STATUS current
5566: DESCRIPTION
5567: "This notification is generated when the IKE entity
5568: recieves an ISAKMP PDU with a reference to a non-existent
5569: cookie."
5570: ::= { ipSecMIBNotifications 6 }
5571:
5572: ipSecTunnelStart NOTIFICATION-TYPE
5573: OBJECTS {
5574: ipSecTunLifeTime,
5575: ipSecTunLifeSize
5576: }
5577:
5578: STATUS current
5579: DESCRIPTION
5580: "This notification is generated when an IPsec Phase-2
5581: Tunnel becomes active."
5582: ::= { ipSecMIBNotifications 7 }
5583:
5584: ipSecTunnelStop NOTIFICATION-TYPE
5585: OBJECTS {
5586: ipSecTunHistTermReason,
5587: ipSecTunActiveTime
5588: }
5589: STATUS current
5590: DESCRIPTION
5591: "This notification is generated when an IPsec Phase-2
5592: Tunnel becomes inactive."
5593: ::= { ipSecMIBNotifications 8 }
5594:
5595: ipSecSysFailure NOTIFICATION-TYPE
5596: OBJECTS {
5597: phase1PeerLocalAddr,
5598: phase1PeerRemoteAddr,
5599: ipSecTunActiveTime,
5600: ipSecSpiProtocol
5601: }
5602: STATUS current
5603: DESCRIPTION
5604: "This notification is generated when the processing for
5605: an IPsec Phase-2 Tunnel experiences an internal
5606: or system capacity error."
5607: ::= { ipSecMIBNotifications 9 }
5608:
5609: ipSecSetUpFailure NOTIFICATION-TYPE
5610: OBJECTS {
5611: phase1PeerLocalAddr,
5612: phase1PeerRemoteAddr
5613: }
5614: STATUS current
5615: DESCRIPTION
5616: "This notification is generated when the setup for
5617: an IPsec Phase-2 Tunnel fails."
5618: ::= { ipSecMIBNotifications 10 }
5619:
5620: ipSecEarlyTunTerm NOTIFICATION-TYPE
5621: OBJECTS {
5622: ipSecTunActiveTime,
5623: ipSecSpiProtocol
5624: }
5625:
5626: STATUS current
5627: DESCRIPTION
5628: "This notification is generated when an an IPsec Phase-2
5629: Tunnel is terminated earily or before expected."
5630: ::= { ipSecMIBNotifications 11 }
5631:
5632: ipSecProtocolFailure NOTIFICATION-TYPE
5633: OBJECTS {
5634: ipSecTunActiveTime,
5635: ipSecSpiProtocol
5636: }
5637: STATUS current
5638: DESCRIPTION
5639: "This notification is generated when the processing for
5640: an IPsec Phase-2 Tunnel experiences a protocol
5641: related error."
5642: ::= { ipSecMIBNotifications 12 }
5643:
5644: ipSecNoSa NOTIFICATION-TYPE
5645: STATUS current
5646: DESCRIPTION
5647: "This notification is generated when the managed entity
5648: receives an IPsec packet with a non-existent SPI."
5649: ::= { ipSecMIBNotifications 13 }
5650:
5651: ipSecInNewGrpRejected NOTIFICATION-TYPE
5652: OBJECTS {
5653: phase1PeerLocalAddr,
5654: phase1PeerRemoteAddr
5655: }
5656: STATUS current
5657: DESCRIPTION
5658: "This notification is generated when the managed entity
5659: receives and rejects an incoming new group proposal
5660: from an IKE peer (ikePeerRemoteAddr). The ISAKMP
5661: context of the exchange can be obtained from the IKE
5662: tunnel index which is contained in the index of the
5663: varbind objects of this trap."
5664: ::= { ipSecMIBNotifications 14 }
5665:
5666: ipSecOutNewGrpRejected NOTIFICATION-TYPE
5667: OBJECTS {
5668: phase1PeerLocalAddr,
5669: phase1PeerRemoteAddr
5670: }
5671: STATUS current
5672: DESCRIPTION
5673: "This notification is generated when the managed entity
5674: issues a new group proposal to the peer (ikePeerRemoteAddr)
5675: and the peer rejects the proposal. The ISAKMP context of
5676: the exchange can be obtained from the IKE tunnel index
5677: which is contained in the index of the varbind objects
5678: of this trap."
5679: ::= { ipSecMIBNotifications 15 }
5680:
5681:
5682: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5683: -- Conformance Information
5684: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5685: ipSecMIBConformance OBJECT IDENTIFIER
5686: ::= { ipSecFlowMonitorMIB 3 }
5687:
5688: ipSecMIBGroups OBJECT IDENTIFIER
5689: ::= { ipSecMIBConformance 1 }
5690:
5691: ipSecMIBCompliances OBJECT IDENTIFIER
5692: ::= { ipSecMIBConformance 2 }
5693:
5694: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5695: -- Compliance Statements
5696: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5697: ipSecMIBCompliance MODULE-COMPLIANCE
5698: STATUS current
5699: DESCRIPTION
5700: "The compliance statement for SNMP entities
5701: the IP Security Protocol."
5702:
5703: MODULE -- this module
5704: MANDATORY-GROUPS { ipSecLevelsGroup,
5705: ipSecPeerAssociationGroup,
5706: ipSecPhaseTwoGroup
5707: }
5708:
5709: --GROUP ipSecLevelsGroup
5710: --DESCRIPTION "The ipSecLevelsGroup is a mandatory group
5711: --containing objects providing meta-information
5712: --about the MIB itself and its version."
5713:
5714: --GROUP ipSecPhaseOneGroup
5715: --DESCRIPTION "The ipSecPhaseOneGroup is a mandatory group
5716: --containing objects providing information
5717: --about IKE and ISAKMP activity and structures
5718: --resulting from such activity in the managed
5719: --entity."
5720:
5721: GROUP ipSecIkeGroup
5722: DESCRIPTION "The ipSecIkeGroup is a conditional group
5723: containing objects providing information
5724: about IKE and ISAKMP activity and structures
5725: resulting from such activity in the managed
5726: entity."
5727:
5728: --GROUP ipSecPeerAssociationGroup
5729: --DESCRIPTION "The ipSecPeerAssociationGroup is a mandator
5730: --group containing objects providing information
5731: --about association of the managed entity
5732: --with peers in Phase 1."
5733:
5734: --GROUP ipSecIkeGroup
5735: --DESCRIPTION "The ipSecIkeGroup encloses all thge IKE
5736: --related MIB elements. This is an optional
5737: --group and needs to be implemented only if
5738: --the managed entity implements IKE protocol."
5739:
5740: --GROUP ipSecPhaseTwoGroup
5741: --DESCRIPTION "The ipSecPhaseTwoGroup is a mandatory group
5742: --containing objects providing information
5743: --about Phase-2 IPsec (Quick Mode & New Grp
5744: --Grp Mode) activity and structures resulting
5745: --from such --activity in the managed entity."
5745: warning -
warning: note, -- terminates a comment
5745: severe -
syntax error, unexpected LOWERCASE_IDENTIFIER, expecting COLON_COLON_EQUAL
5746:
5747: GROUP ipSecHistoryGroup
5748: DESCRIPTION "The ipSecHistoryGroup is an optional group
5749: containing objects providing information
5750: about expired structures pertaining to
5751: Phase-1 (IKE & ISAKMP) and Phase-2 IPsec
5751: severe -
lexically unexpected character, skipping to end of line
5752: (Quick Mode & New Grp Mode) activity.
5752: severe -
lexically unexpected character, skipping to end of line
5753:
5754: This group consists of:
5755: 1) IPsec History Global Objects
5756: 2) IPsec Phase-1 History Objects
5757: 3) IPsec Phase-2 History Objects"
5758:
5759: GROUP ipSecFailuresGroup
5760: DESCRIPTION "The ipSecFailuresGroup is an optional group
5761: containing objects providing information
5762: about failures of operations pertaining to
5763: Phase-1 (IKE & ISAKMP) and Phase-2 IPsec
5763: severe -
lexically unexpected character, skipping to end of line
5764: (Quick Mode & New Grp Mode) activity.
5764: severe -
lexically unexpected character, skipping to end of line
5765:
5766: This group consists of:
5767: 1) IPsec Failure Global Objects
5768: 2) IPsec Phase-1 Tunnel Failure Table
5769: 3) IPsec Phase-2 Tunnel Failure Table"
5770:
5771: GROUP ipSecTrapCntlGroup
5772: DESCRIPTION "The ipSecTrapCntlGroup is an optional group
5773: containing objects providing control of
5774: notifications pertaining to Phase-1 (IKE &
5774: severe -
lexically unexpected character, skipping to end of line
5775: ISAKMP) and Phase-2 IPsec (Quick Mode &
5775: severe -
lexically unexpected character, skipping to end of line
5776: New Grp Mode) activity."
5777:
5778: GROUP ipSecModeConfigGroup
5779: DESCRIPTION "The ipSecModeConfigGroup is an optional group
5780: containing objects providing information
5781: about the IKE Mode Configuration activity
5782: on the managed entity.
5783:
5784: This group consists of:
5785: 1) Global metrics about IKE Mod
5786: Configuration activity
5787: 2) Phase-1 IKE Tunnel-wise Mode Configuration
5788: metrics
5789: 3) Historical IKE Mode Configuration metrics
5790: on a per expired tunnel basis."
5791:
5792: GROUP ipSecNewGrpGroup
5793: DESCRIPTIO
5794: "The ipSecNewGrpGroup is an optional group
5795: containing objects providing information
5796: about the Phase-2 New Group activity on the
5797: managed entity.
5798:
5799: This group consists of:
5800: 1) Global metrics about new group negotiations
5801: 2) Phase-1 IKE Tunnel-wise new group metrics
5802: 3) Historical new group metrics on a per tunnel basis.
5803: 4) Notifications pertaining to new grp failures."
5804:
5805: OBJECT ikeTunStatus
5806: MIN-ACCESS read-only
5807: DESCRIPTION
5808: "Write access is not required."
5809:
5810: OBJECT ipSecTunStatus
5811: MIN-ACCESS read-only
5812: DESCRIPTION
5813: "Write access is not required."
5814: ::= { ipSecMIBCompliances 1 }
5815:
5816: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5817: -- Units of Conformance
5818: -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
5819: ipSecLevelsGroup OBJECT-GROUP
5820: OBJECTS {
5821: ipSecMibLevel
5822: }
5823: STATUS current
5824: DESCRIPTION
5825: "This group consists of a:
5826: 1) IPsec MIB Level"
5827: ::= { ipSecMIBGroups 1 }
5828:
5829: ipSecIkeGroup OBJECT-GROUP
5830: OBJECTS {
5831: -- The IPsec Phase-1 Global Statistics
5832: ikeGlobalActiveTunnels,
5833: ikeGlobalPreviousTunnels,
5834: ikeGlobalHcPreviousTunnels,
5835: ikeGlobalPreviousTunnelsWraps,
5836: ikeGlobalInOctets,
5837: ikeGlobalInPkts,
5838: ikeGlobalInDropPkts,
5839: ikeGlobalInNotifys,
5840: ikeGlobalInP2Exchgs,
5841: ikeGlobalInP2ExchgInvalids,
5842: ikeGlobalInP2ExchgRejects,
5843: ikeGlobalInP2SaDelRequests,
5844: ikeGlobalOutOctets,
5845: ikeGlobalOutPkts,
5846: ikeGlobalOutDropPkts,
5847: ikeGlobalOutNotifys,
5848: ikeGlobalOutP2Exchgs,
5849: ikeGlobalOutP2ExchgInvalids,
5850: ikeGlobalOutP2ExchgRejects,
5851: ikeGlobalOutP2SaDelRequests,
5852: ikeGlobalInitTunnels,
5853: ikeGlobalInitTunnelFails,
5854: ikeGlobalRespTunnelFails,
5855: ikeGlobalSysCapFails,
5856: ikeGlobalAuthFails,
5857: ikeGlobalDecryptFails,
5858: ikeGlobalHashValidFails,
5859: ikeGlobalNoSaFails,
5860: ikeGlobalRespTunnels,
5861: ikeGlobalInP1SaDelRequests,
5862: ikeGlobalOutP1SaDelRequests,
5863:
5864: -- The IPsec Phase-1 Internet Key Exchange
5865: -- Tunnel Table
5866: ikeTunLocalType,
5867: ikeTunLocalValue,
5868: ikeTunLocalAddr,
5869: ikeTunLocalName,
5870: ikeTunRemoteType,
5871: ikeTunRemoteValue,
5872: ikeTunRemoteAddr,
5873: ikeTunRemoteName,
5874: ikeTunNegoMode,
5875: ikeTunDiffHellmanGrp,
5876: ikeTunEncryptAlgo,
5877: ikeTunHashAlgo,
5878: ikeTunAuthMethod,
5879: ikeTunLifeTime,
5880: ikeTunActiveTime,
5881: ikeTunSaRefreshThreshold,
5882: ikeTunTotalRefreshes,
5883: ikeTunInOctets,
5884: ikeTunInPkts,
5885: ikeTunInDropPkts,
5886: ikeTunInNotifys,
5887: ikeTunInP2Exchgs,
5888: ikeTunInP2ExchgInvalids,
5889: ikeTunInP2ExchgRejects,
5890: ikeTunInP2SaDelRequests,
5891: ikeTunOutOctets,
5892: ikeTunOutPkts,
5893: ikeTunOutDropPkts,
5894: ikeTunOutNotifys,
5895: ikeTunOutP2Exchgs,
5896: ikeTunOutP2ExchgInvalids,
5897: ikeTunOutP2ExchgRejects,
5898: ikeTunOutP2SaDelRequests,
5899: ikeTunStatus,
5900: ikeTunEncryptKeySize
5901: }
5902: STATUS current
5903: DESCRIPTION
5904: "This group consists of:
5905: 1) IKE Global Objects
5906: 2) IKE Tunnel table."
5907: ::= { ipSecMIBGroups 2 }
5908:
5909: ipSecPeerAssociationGroup OBJECT-GROUP
5910: OBJECTS {
5911: -- The Phase-1 Peer Association group
5912: phase1PeerLocalValue,
5913: phase1PeerRemoteValue,
5914: phase1PeerLocalAddr,
5915: phase1PeerRemoteAddr,
5916: phase1PeerActiveTime,
5917: phase1PeerActiveTunnelIndex,
5918: phase1PeerConfigAppVersion,
5919: phase1PeerConfigAddress,
5920: phase1PeerConfigNetmask,
5921: phase1PeerConfigDns,
5922: phase1PeerConfigNbns,
5923: phase1PeerConfigDhcp,
5924: phase1Protocol,
5925: --
5926: --phase1PeerCorrLocalType,
5927: --phase1PeerCorrLocalValue,
5928: --phase1PeerCorrRemoteType,
5929: --phase1PeerCorrRemoteValue,
5930: --phase1PeerCorrIntIndex,
5931: --phase1PeerCorrSeqNum,
5932: phase1PeerCorrIpSecTunIndex,
5933: phase1PeerCorrControlProtocol
5934: }
5935: STATUS current
5936: DESCRIPTION
5937: "This group consists of:
5938: 1) IPsec Phase-1 Peer Association table.
5939: 2) IPsec Phase-1 Correlation Table"
5940: ::= { ipSecMIBGroups 3 }
5941:
5942: ipSecXauthGroup OBJECT-GROUP
5943: OBJECTS {
5944: -- The IPsec extended authentication (Phase-1.5)
5945: -- Global Statistics
5946: ikeGlobalInXauthFailures,
5947: ikeGlobalOutXauthFailures
5948: }
5949: STATUS current
5950: DESCRIPTION
5951: "This group consists of metrics pertaining to
5952: IKE extended authentication. Devices that do
5953: not support Xauth need not implement this group."
5954: ::= { ipSecMIBGroups 4 }
5955:
5956: ipSecPhaseTwoGroup OBJECT-GROUP
5957: OBJECTS {
5958: -- The IPsec Phase-2 Global Tunnel Statistics
5959: ipSecGlobalActiveTunnels,
5960: ipSecGlobalPreviousTunnels,
5961: ipSecGlobalHcPreviousTunnels,
5962: ipSecGlobalPreviousTunnelsWraps,
5963: ipSecGlobalInOctets,
5964: ipSecGlobalHcInOctets,
5965: ipSecGlobalInOctWraps,
5966: ipSecGlobalInDecompOctets,
5967: ipSecGlobalHcInDecompOctets,
5968: ipSecGlobalInDecompOctWraps,
5969: ipSecGlobalInPkts,
5970: ipSecGlobalInDrops,
5971: ipSecGlobalInReplayDrops,
5972: ipSecGlobalInAuths,
5973: ipSecGlobalInAuthFails,
5974: ipSecGlobalInDecrypts,
5975: ipSecGlobalInDecryptFails,
5976: ipSecGlobalOutOctets,
5977: ipSecGlobalHcOutOctets,
5978: ipSecGlobalOutOctWraps,
5979: ipSecGlobalOutUncompOctets,
5980: ipSecGlobalHcOutUncompOctets,
5981: ipSecGlobalOutUncompOctWraps,
5982: ipSecGlobalOutPkts,
5983: ipSecGlobalOutDrops,
5984: ipSecGlobalOutAuths,
5985: ipSecGlobalOutAuthFails,
5986: ipSecGlobalOutEncrypts,
5987: ipSecGlobalOutEncryptFails,
5988: ipSecGlobalProtocolUseFails,
5989: ipSecGlobalNoSaFails,
5990: ipSecGlobalSysCapFails,
5991: ipSecGlobalOutCompressedPkts,
5992: ipSecGlobalOutCompSkippedPkts,
5993: ipSecGlobalOutCompFailPkts,
5994: ipSecGlobalOutCompTooSmallPkts,
5995:
5996: -- The IPsec Phase-2 Tunnel Table
5997: -- ipSecTunIndex,
5998: -- ipSecTunIkeTunnelIndex,
5999: -- ipSecTunIkeTunnelAlive,
6000: ipSecTunLocalAddr,
6001: ipSecTunRemoteAddr,
6002: -- ipSecTunKeyType,
6003: ipSecTunEncapMode,
6004: ipSecTunLifeSize,
6005: ipSecTunLifeTime,
6006: ipSecTunActiveTime,
6007: ipSecTunSaLifeSizeThreshold,
6008: ipSecTunSaLifeTimeThreshold,
6009: ipSecTunTotalRefreshes,
6010: ipSecTunExpiredSaInstances,
6011: ipSecTunCurrentSaInstances,
6012: ipSecTunInSaDiffHellmanGrp,
6013: ipSecTunInSaEncryptAlgo,
6014: ipSecTunInSaAhAuthAlgo,
6015: ipSecTunInSaEspAuthAlgo,
6016: ipSecTunInSaDecompAlgo,
6017: ipSecTunOutSaDiffHellmanGrp,
6018: ipSecTunOutSaEncryptAlgo,
6019: ipSecTunOutSaAhAuthAlgo,
6020: ipSecTunOutSaEspAuthAlgo,
6021: ipSecTunOutSaCompAlgo,
6022: ipSecTunPmtu,
6023: ipSecTunInOctets,
6024: ipSecTunHcInOctets,
6025: ipSecTunInOctWraps,
6026: ipSecTunInDecompOctets,
6027: ipSecTunHcInDecompOctets,
6028: ipSecTunInDecompOctWraps,
6029: ipSecTunInPkts,
6030: ipSecTunInDropPkts,
6031: ipSecTunInReplayDropPkts,
6032: ipSecTunInAuths,
6033: ipSecTunInAuthFails,
6034: ipSecTunInDecrypts,
6035: ipSecTunInDecryptFails,
6036: ipSecTunOutOctets,
6037: ipSecTunHcOutOctets,
6038: ipSecTunOutOctWraps,
6039: ipSecTunOutUncompOctets,
6040: ipSecTunHcOutUncompOctets,
6041: ipSecTunOutUncompOctWraps,
6042: ipSecTunOutPkts,
6043: ipSecTunOutDropPkts,
6044: ipSecTunOutAuths,
6045: ipSecTunOutAuthFails,
6046: ipSecTunOutEncrypts,
6047: ipSecTunOutEncryptFails,
6048: ipSecTunOutCompressedPkts,
6049: ipSecTunOutCompSkippedPkts,
6050: ipSecTunOutCompFailPkts,
6051: ipSecTunOutCompTooSmallPkts,
6052: ipSecTunStatus,
6053: ipSecTunControlTunnelIndex,
6054: ipSecTunControlProtocol,
6055: ipSecTunControlTunnelAlive,
6056: ipSecTunInSaEncryptKeySize,
6057: ipSecTunOutSaEncryptKeySize,
6058:
6059: -- The IPsec Phase-2 Tunnel Endpoint Table
6060: -- ipSecEndPtIndex,
6061: ipSecEndPtLocalName,
6062: ipSecEndPtLocalType,
6063: ipSecEndPtLocalAddr1,
6064: ipSecEndPtLocalAddr2,
6065: ipSecEndPtLocalProtocol,
6066: ipSecEndPtLocalPort,
6067: ipSecEndPtRemoteName,
6068: ipSecEndPtRemoteType,
6069: ipSecEndPtRemoteAddr1,
6070: ipSecEndPtRemoteAddr2,
6071: ipSecEndPtRemoteProtocol,
6072: ipSecEndPtRemotePort,
6073:
6074: -- The IPsec Phase-2 Security Assocaition Table
6075: -- ipSecTunIndex
6076: ipSecSaDirection,
6077: ipSecSaValue,
6078: ipSecSaProtocol,
6079: ipSecSaStatus
6080: }
6081: STATUS current
6082: DESCRIPTION
6083: "This group consists of:
6084: 1) IPsec Phase-2 Global Statistics
6085: 2) IPsec Phase-2 Tunnel Table
6086: 3) IPsec Phase-2 Endpoint Table
6087: 4) IPsec Phase-2 Security Protection Index Table"
6088: ::= { ipSecMIBGroups 5 }
6089:
6090: ipSecHistoryGroup OBJECT-GROUP
6091: OBJECTS {
6092: -- IPsec History Global Control Objects
6093: ipSecHistTableSize,
6094: ipSecHistCheckPoint,
6095: -- The IPsec Phase-1 Tunnel History Table
6096: ikeTunHistTermReason,
6097: ikeTunHistActiveIndex,
6098: ikeTunHistPeerLocalType,
6099: ikeTunHistPeerLocalValue,
6100: ikeTunHistPeerIntIndex,
6101: ikeTunHistPeerRemoteType,
6102: ikeTunHistPeerRemoteValue,
6103: ikeTunHistLocalAddr,
6104: ikeTunHistLocalName,
6105: ikeTunHistRemoteAddr,
6106: ikeTunHistRemoteName,
6107: ikeTunHistNegoMode,
6108: ikeTunHistDiffHellmanGrp,
6109: ikeTunHistEncryptAlgo,
6110: ikeTunHistEncryptKeySize,
6111: ikeTunHistHashAlgo,
6112: ikeTunHistAuthMethod,
6113: ikeTunHistLifeTime,
6114: ikeTunHistStartTime,
6115: ikeTunHistActiveTime,
6116: ikeTunHistTotalRefreshes,
6117: ikeTunHistTotalSas,
6118: ikeTunHistInOctets,
6119: ikeTunHistInPkts,
6120: ikeTunHistInDropPkts,
6121: ikeTunHistInNotifys,
6122: ikeTunHistInP2Exchgs,
6123: ikeTunHistInP2ExchgInvalids,
6124: ikeTunHistInP2ExchgRejects,
6125: ikeTunHistInP2SaDelRequests,
6126: ikeTunHistOutOctets,
6127: ikeTunHistOutPkts,
6128: ikeTunHistOutDropPkts,
6129: ikeTunHistOutNotifys,
6130: ikeTunHistOutP2Exchgs,
6131: ikeTunHistOutP2ExchgInvalids,
6132: ikeTunHistOutP2ExchgRejects,
6133: ikeTunHistOutP2SaDelRequests,
6134:
6135: -- The IPsec Phase-2 Tunnel History Table
6136: -- ipSecTunHistIndex,
6137: ipSecTunHistTermReason,
6138: ipSecTunHistActiveIndex,
6139: --ipSecTunHistIkeTunnelIndex,
6140: ipSecTunHistLocalAddr,
6141: ipSecTunHistRemoteAddr,
6142: -- ipSecTunHistKeyType,
6143: ipSecTunHistEncapMode,
6144: ipSecTunHistLifeSize,
6145: ipSecTunHistLifeTime,
6146: ipSecTunHistStartTime,
6147: ipSecTunHistActiveTime,
6148: ipSecTunHistTotalRefreshes,
6149: ipSecTunHistTotalSas,
6150: ipSecTunHistInSaDiffHellmanGrp,
6151: ipSecTunHistInSaEncryptAlgo,
6152: ipSecTunHistInSaAhAuthAlgo,
6153: ipSecTunHistInSaEspAuthAlgo,
6154: ipSecTunHistInSaDecompAlgo,
6155: ipSecTunHistOutSaDiffHellmanGrp,
6156: ipSecTunHistOutSaEncryptAlgo,
6157: ipSecTunHistOutSaAhAuthAlgo,
6158: ipSecTunHistOutSaEspAuthAlgo,
6159: ipSecTunHistOutSaCompAlgo,
6160: ipSecTunHistPmtu,
6161: ipSecTunHistInOctets,
6162: ipSecTunHistHcInOctets,
6163: ipSecTunHistInOctWraps,
6164: ipSecTunHistInDecompOctets,
6165: ipSecTunHistHcInDecompOctets,
6166: ipSecTunHistInDecompOctWraps,
6167: ipSecTunHistInPkts,
6168: ipSecTunHistInDropPkts,
6169: ipSecTunHistInReplayDropPkts,
6170: ipSecTunHistInAuths,
6171: ipSecTunHistInAuthFails,
6172: ipSecTunHistInDecrypts,
6173: ipSecTunHistInDecryptFails,
6174: ipSecTunHistOutOctets,
6175: ipSecTunHistHcOutOctets,
6176: ipSecTunHistOutOctWraps,
6177: ipSecTunHistOutUncompOctets,
6178: ipSecTunHistHcOutUncompOctets,
6179: ipSecTunHistOutUncompOctWraps,
6180: ipSecTunHistOutPkts,
6181: ipSecTunHistOutDropPkts,
6182: ipSecTunHistOutAuths,
6183: ipSecTunHistOutAuthFails,
6184: ipSecTunHistOutEncrypts,
6185: ipSecTunHistOutEncryptFails,
6186: ipSecTunHistOutCompressedPkts,
6187: ipSecTunHistOutCompSkippedPkts,
6188: ipSecTunHistOutCompFailPkts,
6189: ipSecTunHistOutCompTooSmallPkts,
6190: ipSecTunHistControlProtocol,
6191: ipSecTunHistControlTunnelIndex,
6192: ipSecTunHistInSaEncryptKeySize,
6193: ipSecTunHistOutSaEncryptKeySize,
6194:
6195: -- The IPsec Phase-2 End Point History Table
6196: -- ipSecEndPtHistIndex,
6197: ipSecEndPtHistTunIndex,
6198: ipSecEndPtHistActiveIndex,
6199: ipSecEndPtHistLocalName,
6200: ipSecEndPtHistLocalType,
6201: ipSecEndPtHistLocalAddr1,
6202: ipSecEndPtHistLocalAddr2,
6203: ipSecEndPtHistLocalProtocol,
6204: ipSecEndPtHistLocalPort,
6205: ipSecEndPtHistRemoteName,
6206: ipSecEndPtHistRemoteType,
6207: ipSecEndPtHistRemoteAddr1,
6208: ipSecEndPtHistRemoteAddr2,
6209: ipSecEndPtHistRemoteProtocol,
6210: ipSecEndPtHistRemotePort
6211: }
6212: STATUS current
6213: DESCRIPTION
6214: "This group consists of:
6215: 1) IPsec History Global Objects
6216: 2) IPsec Phase-1 History Objects
6217: 3) IPsec Phase-2 History Objects"
6218: ::= { ipSecMIBGroups 6 }
6219:
6220: ipSecFailuresGroup OBJECT-GROUP
6221: OBJECTS {
6222: -- The IPsec Failure Global Control Objects
6223: ipSecFailTableSize,
6224:
6225: -- The IPsec Phase-1 Failure Table
6226: ikeFailReason,
6227: ikeFailTime,
6228: ikeFailLocalType,
6229: ikeFailLocalValue,
6230: ikeFailRemoteType,
6231: ikeFailRemoteValue,
6232: ikeFailLocalAddr,
6233: ikeFailRemoteAddr,
6234: -- The IPsec Phase-2 Failure Table
6235: -- ipSecFailIndex,
6236: ipSecFailReason,
6237: ipSecFailTime,
6238: ipSecFailTunnelIndex,
6239: ipSecFailSaSpi,
6240: ipSecFailPktSrcAddr,
6241: ipSecFailPktDstAddr
6242: }
6243: STATUS current
6244: DESCRIPTION
6245: "This group consists of:
6246: 1) IPsec Failure Global Objects
6247: 2) IPsec Phase-1 Tunnel Failure Table
6248: 3) IPsec Phase-2 Tunnel Failure Table"
6249: ::= { ipSecMIBGroups 7 }
6250:
6251: ipSecTrapCntlGroup OBJECT-GROUP
6252: OBJECTS {
6253: ipSecTrapCntlIkeTunnelStart,
6254: ipSecTrapCntlIkeTunnelStop,
6255: ipSecTrapCntlIkeSysFailure,
6256: ipSecTrapCntlIkeCertCrlFailure,
6257: ipSecTrapCntlIkeProtocolFail,
6258: ipSecTrapCntlIkeNoSa,
6259: ipSecTrapCntlIpSecTunnelStart,
6260: ipSecTrapCntlIpSecTunnelStop,
6261: ipSecTrapCntlIpSecSysFailure,
6262: ipSecTrapCntlIpSecSetUpFailure,
6263: ipSecTrapCntlIpSecEarlyTunTerm,
6264: ipSecTrapCntlIpSecProtocolFail,
6265: ipSecTrapCntlIpSecNoSa,
6266: ipSecTrapCntlInNewGrpRejected,
6267: ipSecTrapCntlOutNewGrpRejected
6268: }
6269: STATUS current
6270: DESCRIPTION
6271: "This group of objects controls the sending of IPsec TRAPs."
6272: ::= { ipSecMIBGroups 8 }
6273:
6274: ipSecNotificationGroup NOTIFICATION-GROUP
6275: NOTIFICATIONS {
6276: ikeTunnelStart,
6277: ikeTunnelStop,
6278: ikeSysFailure,
6279: ikeCertCrlFailure,
6280: ikeProtocolFailure,
6281: ikeNoSa,
6282: ipSecTunnelStart,
6283: ipSecTunnelStop,
6284: ipSecSysFailure,
6285: ipSecSetUpFailure,
6286: ipSecEarlyTunTerm,
6287: ipSecProtocolFailure,
6288: ipSecNoSa,
6289: ipSecInNewGrpRejected,
6290: ipSecOutNewGrpRejected
6291: }
6292: STATUS current
6293: DESCRIPTION
6294: "This group contains the notifications for the IPsec MIB."
6295: ::= { ipSecMIBGroups 9 }
6296:
6297: ipSecModeConfigGroup OBJECT-GROUP
6298: OBJECTS {
6299: -- The IPsec Mode Configuration group
6300: ikeGlobalInConfigs,
6301: ikeGlobalOutConfigs,
6302: ikeGlobalInConfigsRejects,
6303: ikeGlobalOutConfigsRejects,
6304: --ikePeerConfigAppVersion,
6305: --ikePeerConfigAddress,
6306: --ikePeerConfigNetmask,
6307: --ikePeerConfigDns,
6308: --ikePeerConfigNbns,
6309: --ikePeerConfigDhcp,
6310: ikeTunInConfigs,
6311: ikeTunOutConfigs,
6312: ikeTunInConfigsRejects,
6313: ikeTunOutConfigsRejects,
6314: ikeTunHistInConfigs,
6315: ikeTunHistOutConfigs,
6316: ikeTunHistInConfigsRejects,
6317: ikeTunHistOutConfigsRejects
6318: }
6319: STATUS current
6320: DESCRIPTION
6321: "This group consists of:
6322: 1) Global metrics about IKE Mode Configuration activity
6323: 2) Phase-1 IKE Tunnel-wise Mode Configuration metrics
6324: 3) Historical IKE Mode Configuration metrics on a per
6325: expired tunnel basis."
6326: ::= { ipSecMIBGroups 10 }
6327:
6328: ipSecNewGrpGroup OBJECT-GROUP
6329: OBJECTS {
6330: -- The IPsec New Group negotiation group
6331: ikeTunInNewGrpReqs,
6332: ikeTunOutNewGrpReqs,
6333: ikeTunInNewGrpReqsRejected,
6334: ikeTunOutNewGrpReqsRejected,
6335: ikeTunHistInNewGrpReqs,
6336: ikeTunHistOutNewGrpReqs,
6337: ikeTunHistInNewGrpReqsRejected,
6338: ikeTunHistOutNewGrpReqsRejected,
6339: ipSecGlobalInNewGrpReqs,
6340: ipSecGlobalOutNewGrpReqs,
6341: ipSecGlobalInNewGrpReqsRejected,
6342: ipSecGlobalOutNewGrpReqsRejected
6343: }
6344: STATUS current
6345: DESCRIPTION
6346: "This group consists of:
6347: 1) Global metrics about new group negotiations
6348: 2) Phase-1 IKE Tunnel-wise new group metrics
6349: 3) Historical new group metrics on a per tunnel basis.
6350: 4) Notifications pertaining to new grp failures."
6351: ::= { ipSecMIBGroups 11 }
6352:
6353: deprecatedObjectGroup OBJECT-GROUP
6354: OBJECTS {
6355: -- The deprecated table 'ipSecSpiTable'
6356: ipSecSpiDirection,
6357: ipSecSpiValue,
6358: ipSecSpiProtocol,
6359: ipSecSpiStatus,
6360: ipSecTunIkeTunnelIndex,
6361: ipSecTunIkeTunnelAlive,
6362: ipSecTunKeyType,
6363: ipSecTunHistIkeTunnelIndex,
6364: ipSecTunHistKeyType
6365: }
6366: STATUS deprecated
6367: DESCRIPTION "A collection of objects that have bee
6368: deprecated."
6369: ::= { ipSecMIBGroups 12 }
6370:
6371: END
6372:
6373: --
6374: -- Copyright (C) The Internet Society (2001). All Rights Reserved.
6375: -- This document and translations of it may be copied and furnished t
6376: -- others, and derivative works that comment on or otherwise explain it
6377: -- or assist in its implementation may be prepared, copied, publishe
6378: -- and distributed, in whole or in part, without restriction of an
6379: -- kind, provided that the above copyright notice and this paragraph ar
6380: -- included on all such copies and derivative works. However, thi
6381: -- document itself may not be modified in any way, such as by removin
6382: -- the copyright notice or references to the Internet Society or othe
6383: -- Internet organizations, except as needed for the purpose o
6384: -- developing Internet standards in which case the procedures fo
6385: -- copyrights defined in the Internet Standards process must b
6386: -- followed, or as required to translate it into languages other tha
6387: -- English.
6388: --
6389: -- The limited permissions granted above are perpetual and will not b
6390: -- revoked by the Internet Society or its successors or assigns.
6391: --
6392: -- This document and the information contained herein is provided on an
6393: -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERIN
6393: severe -
lexically unexpected character, skipping to end of line
6394: -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
6395: -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATIO
6396: -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
6397: -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
6398: