smilint output for ./IPSEC-POLICY-MIB


Message Severities
SeverityCount
error2
minor error2
warning2
Message Types
TypeCount
bad-identifier-case (error)1
import-unused (warning)1
object-identifier-not-prefix (error)1
revision-after-update (minor error)1
revision-missing (minor error)1
type-without-format (warning)1

Messages:

IPSEC-POLICY-MIB

   1: -- extracted from draft-ietf-ipsp-ipsec-conf-mib-06.txt
   2: -- at Sun Mar  9 06:12:36 2003
   3: 
   4: IPSEC-POLICY-MIB DEFINITIONS ::= BEGIN
   5: 
   6: 
   7: IMPORTS
   8:     MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32,
   9:     Unsigned32, mib-2, experimental                   FROM SNMPv2-SMI
   9: warning - warning: identifier `experimental' imported from module `SNMPv2-SMI' is never used
  10: 
  11:     TEXTUAL-CONVENTION, RowStatus, TruthValue,
  12:     TimeStamp, StorageType, VariablePointer, DateAndTime
  13:                                         FROM SNMPv2-TC
  14: 
  15:     MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
  16:                                         FROM SNMPv2-CONF
  17: 
  18:     SnmpAdminString                     FROM SNMP-FRAMEWORK-MIB
  19:     InetAddressType, InetAddress, InetPortNumber
  20:                                         FROM INET-ADDRESS-MIB
  21: 
  22:     IkeHashAlgorithm,
  23:     IpsecDoiEncapsulationMode,
  24:     IpsecDoiIpcompTransform,
  25:     IpsecDoiAuthAlgorithm,
  26:     IpsecDoiEspTransform,
  27:     IpsecDoiSecProtocolId,
  28:     IkeGroupDescription, IpsecDoiIdentType,
  29:     IkeEncryptionAlgorithm, IkeAuthMethod
  30:                                         FROM IPSEC-ISAKMP-IKE-DOI-TC;
  31: 
  32: --
  33: -- module identity
  34: --
  35: 
  36: ipspMIB MODULE-IDENTITY
  37:     LAST-UPDATED "200212100000Z"            -- 12 December 2002
  38:     ORGANIZATION "IETF IP Security Policy Working Group"
  39:     CONTACT-INFO "Michael Baer
  40:                   Network Associates, Inc.
  41:                   3965 Freedom Circle, Suite 500
  42:                   Santa Clara, CA  95054
  43:                   Phone: +1 530 902 3131
  44:                   Email: mike_baer@nai.com
  45: 
  46:                   Ricky Charlet
  47:                   Email: rcharlet@alumni.calpoly.edu
  48: 
  49:                   Wes Hardaker
  50:                   Network Associates, Inc.
  51:                   3965 Freedom Circle, Suite 500
  52:                   Santa Clara, CA  95054
  53:                   Phone: +1 530 400 2774
  54:                   Email: wes_hardaker@nai.com
  55: 
  56:                   Robert Story
  57:                   Revelstone Software
  58:                   PO Box 1474
  59:                   Duluth, GA 30096
  60:                   Phone: +1 770 617 3722
  61:                   Email: ipsp-mib@revelstone.com
  62: 
  63:                   Cliff Wang
  64:                   SmartPipes Inc.
  65:                   Suite 300, 565 Metro Place South
  66:                   Dublin, OH 43017
  67:                   Phone: +1 614 923 6241
  68:                   E-Mail: CWang@smartpipes.com"
  69:     DESCRIPTION
  70:      "The MIB module for defining IPsec Policy filters and actions.
  71: 
  72:       Copyright (C) The Internet Society (2003). This version of this
  73:       MIB module is part of RFC XXXX, see the RFC itself for full
  74:       legal notices."
  75: 
  76: -- Revision History
  77: 
  78:     REVISION     "200301070000Z"            -- 7 January 2003
  78: minor error - revision date after last update
  79:     DESCRIPTION  "Initial version, published as RFC xxxx."
  80:     -- RFC-editor assigns xxxx
  81: 
  82: -- XXX: To be assigned by IANA
  83:     ::= { mib-2 XXX }
  83: minor error - revision for last update is missing
  83: error -
`XXX' should start with a lower case letter

  83: error - Object identifier element `XXX' name only allowed as first element
  84: 
  85: --
  86: -- groups of related objects
  87: --
  88: 
  89: ipspConfigObjects         OBJECT IDENTIFIER
  90:      ::= { ipspMIB 1 }
  91: ipspNotificationObjects   OBJECT IDENTIFIER
  92:      ::= { ipspMIB 2 }
  93: ipspConformanceObjects    OBJECT IDENTIFIER
  94:      ::= { ipspMIB 3 }
  95: 
  96: --
  97: -- Textual Conventions
  98: --
  99: 
 100: IpspBooleanOperator ::= TEXTUAL-CONVENTION
 101:     STATUS   current
 102:     DESCRIPTION
 103:         "The IpspBooleanOperator operator is used to specify whether
 104:          sub-components in a decision making process are ANDed or ORed
 105:          together to decide if the resulting expression is true or
 106:          false."
 107:     SYNTAX      INTEGER { or(1), and(2) }
 108: 
 109: IpspAdminStatus ::= TEXTUAL-CONVENTION
 110:     STATUS   current
 111:     DESCRIPTION
 112:         "The IpspAdminStatus is used to specify the administrative
 113:          status of an object. Objects which are disabled must not
 114:          be used by the packet processing engine."
 115: 
 116:     SYNTAX      INTEGER { enabled(1), disabled(2) }
 117: 
 118: IpspSADirection ::= TEXTUAL-CONVENTION
 119:     STATUS   current
 120:     DESCRIPTION
 121:         "The IpspSADirection operator is used to specify whether
 122:          or not a row should apply to outgoing or incoming SAs."
 123:     SYNTAX      INTEGER { outgoing(1), incoming(2) }
 124: 
 125: IpspIPPacketLogging ::= TEXTUAL-CONVENTION
 125: warning - warning: type `IpspIPPacketLogging' has no format specification
 126:     STATUS   current
 127:     DESCRIPTION
 128:         "IpspIPPacketLogging specifies whether or not an audit
 129:          message should be logged when a packet is passed through an
 130:          SA.  A value of '-1' indicates no logging.  A value of '0' or
 131:          greater indicates that logging should be done and how many
 132:          bytes of the beginning of the packet to place in the log.
 133:          Values greater than the size of the packet being processed
 134:          indicate that the entire packet should be sent.
 135: 
 136:          Examples:
 137:          '-1' no logging
 138:          '0'  log but do not include any of the packet in the log
 139:          '20' log and include the first 20 bytes of the packet in the
 140:               log."
 141:     SYNTAX      Integer32 (-1..65536)
 142: 
 143: IpspIdentityFilter ::=  TEXTUAL-CONVENTION
 144:     STATUS   current
 145:     DESCRIPTION
 146:         "IpspIdentityFilter contains a string encoded Identity Type
 147:          value to be used in comparisons against an IKE Identity
 148:          payload.  Wherever this TC is used, there should be an
 149:          accompanying column which uses the IpsecDoiIdentType TC to
 150:          specify the type of data in this object.
 151: 
 152:          See the IpsecDoiIdentType TC for the supported identity types
 153:          available.  Note that the IpsecDoiIdentType TC sepcifies how
 154:          to encode binary values, while this object will contain human
 155:          readable string versions."
 156:     SYNTAX      OCTET STRING (SIZE(1..256))
 157: 
 158: IpspCredentialType ::= TEXTUAL-CONVENTION
 159:     STATUS   current
 160:     DESCRIPTION
 161:         "IpspCredentialType identifies the type of credential
 162:          contained in a corresponding IpspIdentityFilter object."
 163:     SYNTAX      INTEGER { reserved(0),
 164:                            unknown(1),
 165:                           sharedSecret(2),
 166:                           x509(3),
 167:                           kerberos(4) }
 168: 
 169: 
 170: --
 171: -- Policy group definitions
 172: --
 173: 
 174: ipspLocalConfigObjects OBJECT IDENTIFIER
 175:      ::= { ipspConfigObjects 1 }
 176: 
 177: ipspSystemPolicyGroupName OBJECT-TYPE
 178:     SYNTAX      SnmpAdminString (SIZE(0..32))
 179:     MAX-ACCESS  read-write
 180:     STATUS      current
 181:     DESCRIPTION
 182:         "This object indicates the policy group containing the global
 183:          system policy that is to be applied when a given endpoint
 184:          does not contain a policy definition.  Its value can be used
 185:          as an index into the ipspGroupContentsTable to retrieve a
 186:          list of policies.  A zero length string indicates no system
 187:          wide policy exists and the default policy of 'accept' should
 188:          be executed until one is imposed by either this object or by
 189:          the endpoint processing a given packet."
 190:     ::= { ipspLocalConfigObjects 1 }
 191: 
 192: ipspEndpointToGroupTable OBJECT-TYPE
 193:     SYNTAX      SEQUENCE OF IpspEndpointToGroupEntry
 194:     MAX-ACCESS  not-accessible
 195:     STATUS      current
 196:     DESCRIPTION
 197:         "This table is used to map policy (groupings) onto an endpoint
 198:          where traffic is to pass by.  Any policy group assigned to an
 199:          endpoint is then used to control access to the traffic
 200:          passing by it.
 201: 
 202:          If an endpoint has been configured with a policy group and no
 203:          contained rule matches the incoming packet, the default
 204:          action in this case shall be to drop the packet.
 205: 
 206:          If no policy group has been assigned to an endpoint, then the
 207:          policy group specified by ipspSystemPolicyGroupName should be
 208:          used for the endpoint."
 209:     ::= { ipspConfigObjects 2 }
 210: 
 211: ipspEndpointToGroupEntry OBJECT-TYPE
 212:     SYNTAX      IpspEndpointToGroupEntry
 213:     MAX-ACCESS  not-accessible
 214:     STATUS      current
 215:     DESCRIPTION
 216:         "A mapping assigning a policy group to an endpoint."
 217:     INDEX       { ipspEndGroupIdentType, ipspEndGroupAddress }
 218:     ::= { ipspEndpointToGroupTable 1 }
 219: 
 220: IpspEndpointToGroupEntry ::= SEQUENCE {
 221:     ipspEndGroupIdentType                      InetAddressType,
 222:     ipspEndGroupAddress                        InetAddress,
 223:     ipspEndGroupName                           SnmpAdminString,
 224:     ipspEndGroupLastChanged                    TimeStamp,
 225:     ipspEndGroupStorageType                    StorageType,
 226:     ipspEndGroupRowStatus                      RowStatus
 227: }
 228: 
 229: ipspEndGroupIdentType OBJECT-TYPE
 230:     SYNTAX      InetAddressType
 231:     MAX-ACCESS  not-accessible
 232:     STATUS      current
 233:     DESCRIPTION
 234:         "The Internet Protocol version of the address associated with
 235:          a given endpoint.  All addresses are represented as an array
 236:          of octets in network byte order.  When combined with the
 237:          ipspEndGroupAddress these objects can be used to uniquely
 238:          identify an endpoint that a set of policy groups should be
 239:          applied to.  Devices supporting IPv4 MUST support the ipv4
 240:          value, and devices supporting IPv6 MUST support the ipv6
 241:          value.
 242: 
 243:          Values of unknown, ipv4z, ipv6z and dns are not legal values
 244:          for this object."
 245:     ::= { ipspEndpointToGroupEntry 1 }
 246: 
 247: ipspEndGroupAddress OBJECT-TYPE
 248:     SYNTAX      InetAddress (SIZE (4|16))
 249:     MAX-ACCESS  not-accessible
 250:     STATUS      current
 251:     DESCRIPTION
 252:         "The address of a given endpoint, the format of which is
 253:          specified by the ipspEndGroupIdentType object."
 254:     ::= { ipspEndpointToGroupEntry 2 }
 255: 
 256: 
 257: ipspEndGroupName OBJECT-TYPE
 258:     SYNTAX      SnmpAdminString (SIZE(1..32))
 259:     MAX-ACCESS  read-create
 260:     STATUS      current
 261:     DESCRIPTION
 262:         "The policy group name to apply to this endpoint.  The
 263:          value of the ipspEndGroupName object should then be used as
 264:          an index into the ipspGroupContentsTable to come up with a
 265:          list of rules that MUST be applied to this endpoint."
 266:     ::= { ipspEndpointToGroupEntry 3 }
 267: 
 268: ipspEndGroupLastChanged OBJECT-TYPE
 269:     SYNTAX      TimeStamp
 270:     MAX-ACCESS  read-only
 271:     STATUS      current
 272:     DESCRIPTION
 273:         "The value of sysUpTime when this row was last modified or
 274:          created either through SNMP SETs or by some other external
 275:          means."
 276:     ::= { ipspEndpointToGroupEntry 4 }
 277: 
 278: ipspEndGroupStorageType OBJECT-TYPE
 279:     SYNTAX      StorageType
 280:     MAX-ACCESS  read-create
 281:     STATUS      current
 282:     DESCRIPTION
 283:         "The storage type for this row.  Rows in this table which were
 284:          created through an external process may have a storage type
 285:          of readOnly or permanent."
 286:     DEFVAL { nonVolatile }
 287:     ::= { ipspEndpointToGroupEntry 5 }
 288: 
 289: ipspEndGroupRowStatus OBJECT-TYPE
 290:     SYNTAX      RowStatus
 291:     MAX-ACCESS  read-create
 292:     STATUS      current
 293:     DESCRIPTION
 294:         "This object indicates the conceptual status of this row.
 295: 
 296:          The value of this object has no effect on whether other
 297:          objects in this conceptual row can be modified.
 298: 
 299:          This object may not be set to active until one or more active
 300:          rows exist within the ipspGroupContentsTable for the group
 301:          referenced by the ipspEndGroupName object."
 302:     ::= { ipspEndpointToGroupEntry 6 }
 303: 
 304: --
 305: -- policy group definition table
 306: --
 307: ipspGroupContentsTable OBJECT-TYPE
 308:     SYNTAX      SEQUENCE OF IpspGroupContentsEntry
 309:     MAX-ACCESS  not-accessible
 310:     STATUS      current
 311:     DESCRIPTION
 312:         "This table contains a list of rules and/or subgroups
 313:          contained within a given policy group.  The entries are
 314:          sorted by the ipspGroupContPriority object and MUST be
 315:          executed in order according to this value, starting with the
 316:          lowest value.  Once a group item has been processed, the
 317:          processor MUST stop processing this packet if an action was
 318:          executed as a result of the processing of a given group.
 319:          Iterating into the next policy group item by finding the next
 320:          largest ipspGroupContPriority object shall only be done if no
 321:          actions were run when processing the last item for a given
 322:          packet."
 323:     ::= { ipspConfigObjects 3 }
 324: 
 325: ipspGroupContentsEntry OBJECT-TYPE
 326:     SYNTAX      IpspGroupContentsEntry
 327:     MAX-ACCESS  not-accessible
 328:     STATUS      current
 329:     DESCRIPTION
 330:         "Defines a given sub-item within a policy group."
 331:     INDEX   { ipspGroupContName, ipspGroupContPriority }
 332:     ::= { ipspGroupContentsTable 1 }
 333: 
 334: IpspGroupContentsEntry ::= SEQUENCE {
 335:     ipspGroupContName                        SnmpAdminString,
 336:     ipspGroupContPriority                    Integer32,
 337:     ipspGroupContFilter                      VariablePointer,
 338:     ipspGroupContComponentType               INTEGER,
 339:     ipspGroupContComponentName               SnmpAdminString,
 340:     ipspGroupContLastChanged                 TimeStamp,
 341:     ipspGroupContStorageType                 StorageType,
 342:     ipspGroupContRowStatus                   RowStatus
 343: }
 344: 
 345: ipspGroupContName OBJECT-TYPE
 346:     SYNTAX      SnmpAdminString (SIZE(1..32))
 347:     MAX-ACCESS  not-accessible
 348:     STATUS      current
 349:     DESCRIPTION
 350:         "The administrative name of this group."
 351:     ::= { ipspGroupContentsEntry 1 }
 352: 
 353: ipspGroupContPriority OBJECT-TYPE
 354:     SYNTAX      Integer32 (0..65536)
 355:     MAX-ACCESS  not-accessible
 356:     STATUS      current
 357:     DESCRIPTION
 358:         "The priority (sequence number) of the sub-component in this
 359:          group."
 360:     ::= { ipspGroupContentsEntry 2 }
 361: 
 362: ipspGroupContFilter OBJECT-TYPE
 363:     SYNTAX      VariablePointer
 364:     MAX-ACCESS  read-create
 365:     STATUS      current
 366:     DESCRIPTION
 367:         "ipspGroupContFilter points to a filter which is evaluated
 368:          to determine whether the sub-component within this group
 369:          should be exercised.  Managers can use this object to
 370:          classify groups of rules or subgroups together in order to
 371:          achieve a greater degree of control and optimization over the
 372:          execution order of the items within the group.  If the filter
 373:          evaluates to false, the rule or subgroup will be skipped and
 374:          the next rule or subgroup will be evaluated instead.
 375: 
 376:          An example usage of this object would be to limit a group of
 377:          rules to executing only when the IP packet being process is
 378:          designated to be processed by IKE.  This effecitevly creates
 379:          a group of IKE specific rules.
 380: 
 381:          This MIB defines the following tables and scalars which may
 382:          be pointed to by this column.  Implementations may choose to
 383:          provide support for other filter tables or scalars as well:
 384: 
 385:                 ipspIpHeaderFilterTable
 386:                 ipspIpOffsetFilterTable
 387:                 ipspTimeFilterTable
 388:                 ipspCompoundFilterTable
 389:                 ipspTrueFilter
 390: 
 391:          If this column is set to a VariablePointer value which
 392:          references a non-existent row in an otherwise supported
 393:          table, the inconsistentName exception should be returned.  If
 394:          the table or scalar pointed to by the VariablePointer is not
 395:          supported at all, then an inconsistentValue exception should
 396:          be returned."
 397:     DEFVAL { ipspTrueFilterInstance }
 398:     ::= { ipspGroupContentsEntry 3 }
 399: 
 400: ipspGroupContComponentType OBJECT-TYPE
 401:     SYNTAX      INTEGER { reserved(0), group(1), rule(2) }
 402:     MAX-ACCESS  read-create
 403:     STATUS      current
 404:     DESCRIPTION
 405:         "Indicates whether the ipspGroupContComponentName object is
 406:          the name of another group defined within the
 407:          ipspGroupContentsTable or is the name of a rule defined
 408:          within the ipspRuleDefinitionTable."
 409:     DEFVAL { rule }
 410:     ::= { ipspGroupContentsEntry 4 }
 411: 
 412: ipspGroupContComponentName OBJECT-TYPE
 413:     SYNTAX      SnmpAdminString (SIZE(1..32))
 414:     MAX-ACCESS  read-create
 415:     STATUS      current
 416:     DESCRIPTION
 417:         "The name of the policy rule or subgroup contained within this
 418:          group, as indicated by the ipspGroupContComponentType
 419:          object."
 420:     ::= { ipspGroupContentsEntry 5 }
 421: 
 422: ipspGroupContLastChanged OBJECT-TYPE
 423:     SYNTAX      TimeStamp
 424:     MAX-ACCESS  read-only
 425:     STATUS      current
 426:     DESCRIPTION
 427:         "The value of sysUpTime when this row was last modified or
 428:          created either through SNMP SETs or by some other external
 429:          means."
 430:     ::= { ipspGroupContentsEntry 6 }
 431: 
 432: ipspGroupContStorageType OBJECT-TYPE
 433:     SYNTAX      StorageType
 434:     MAX-ACCESS  read-create
 435:     STATUS      current
 436:     DESCRIPTION
 437:         "The storage type for this row.  Rows in this table which were
 438:          created through an external process may have a storage type
 439:          of readOnly or permanent."
 440:     DEFVAL { nonVolatile }
 441:     ::= { ipspGroupContentsEntry 7 }
 442: 
 443: ipspGroupContRowStatus OBJECT-TYPE
 444:     SYNTAX      RowStatus
 445:     MAX-ACCESS  read-create
 446:     STATUS      current
 447:     DESCRIPTION
 448:         "This object indicates the conceptual status of this row.
 449: 
 450:          The value of this object has no effect on whether other
 451:          objects in this conceptual row can be modified.
 452: 
 453:          This object may not be set to active until the row to which
 454:          the ipspGroupContComponentName points to exists."
 455:     ::= { ipspGroupContentsEntry 8 }
 456: 
 457: 
 458: --
 459: -- policy definition table
 460: --
 461: 
 462: ipspRuleDefinitionTable OBJECT-TYPE
 463:     SYNTAX      SEQUENCE OF IpspRuleDefinitionEntry
 464:     MAX-ACCESS  not-accessible
 465:     STATUS      current
 466:     DESCRIPTION
 467:         "This table defines a policy rule by associating a filter or a
 468:          set of filters to an action to be executed."
 469:     ::= { ipspConfigObjects 4 }
 470: 
 471: ipspRuleDefinitionEntry OBJECT-TYPE
 472:     SYNTAX      IpspRuleDefinitionEntry
 473:     MAX-ACCESS  not-accessible
 474:     STATUS      current
 475:     DESCRIPTION
 476:         "A row defining a particular policy definition.  A rule
 477:          definition binds a filter pointer to an action pointer."
 478:     INDEX   { ipspRuleDefName }
 479:     ::= { ipspRuleDefinitionTable 1 }
 480: 
 481: IpspRuleDefinitionEntry ::= SEQUENCE {
 482:     ipspRuleDefName                          SnmpAdminString,
 483:     ipspRuleDefDescription                   SnmpAdminString,
 484:     ipspRuleDefFilter                        VariablePointer,
 485:     ipspRuleDefFilterNegated                 TruthValue,
 486:     ipspRuleDefAction                        VariablePointer,
 487:     ipspRuleDefAdminStatus                   IpspAdminStatus,
 488:     ipspRuleDefLastChanged                   TimeStamp,
 489:     ipspRuleDefStorageType                   StorageType,
 490:     ipspRuleDefRowStatus                     RowStatus
 491: }
 492: 
 493: ipspRuleDefName OBJECT-TYPE
 494:     SYNTAX      SnmpAdminString (SIZE(1..32))
 495:     MAX-ACCESS  not-accessible
 496:     STATUS      current
 497:     DESCRIPTION
 498:         "ipspRuleDefName is the administratively assigned name of the
 499:          rule referred to by the ipspGroupContComponentName object."
 500:     ::= { ipspRuleDefinitionEntry 1 }
 501: 
 502: ipspRuleDefDescription OBJECT-TYPE
 503:     SYNTAX      SnmpAdminString
 504:     MAX-ACCESS  read-create
 505:     STATUS      current
 506:     DESCRIPTION
 507:         "A user definable string.  This field may be used for your
 508:          administrative tracking purposes."
 509:     DEFVAL { "" }
 510:     ::= { ipspRuleDefinitionEntry 2 }
 511: 
 512: ipspRuleDefFilter OBJECT-TYPE
 513:     SYNTAX      VariablePointer
 514:     MAX-ACCESS  read-create
 515:     STATUS      current
 516:     DESCRIPTION
 517:         "ipspRuleDefFilter points to a filter which is used to
 518:          evaluate whether the action associated with this row should
 519:          be fired or not.  The action will only fire if the filter
 520:          referenced by this object evaluates to TRUE after first
 521:          applying any negation required by the
 522:          ipspRuleDefFilterNegated object.
 523: 
 524:          This MIB defines the following tables and scalars which may
 525:          be pointed to by this column.  Implementations may choose to
 526:          provide support for other filter tables or scalars as well:
 527: 
 528:                 ipspIpHeaderFilterTable
 529:                 ipspIpOffsetFilterTable
 530:                 ipspTimeFilterTable
 531:                 ipspCompoundFilterTable
 532:                 ipspTrueFilter
 533: 
 534:          If this column is set to a VariablePointer value which
 535:          references a non-existent row in an otherwise supported
 536:          table, the inconsistentName exception should be returned.  If
 537:          the table or scalar pointed to by the VariablePointer is not
 538:          supported at all, then an inconsistentValue exception should
 539:          be returned."
 540:     ::= { ipspRuleDefinitionEntry 3 }
 541: 
 542: ipspRuleDefFilterNegated OBJECT-TYPE
 543:     SYNTAX      TruthValue
 544:     MAX-ACCESS  read-create
 545:     STATUS      current
 546:     DESCRIPTION
 547:         "ipspRuleDefFilterNegated specifies whether the filter
 548:          referenced by the ipspRuleDefFilter object should be negated
 549:          or not."
 550:     DEFVAL { false }
 551:     ::= { ipspRuleDefinitionEntry 4 }
 552: 
 553: ipspRuleDefAction OBJECT-TYPE
 554:     SYNTAX      VariablePointer
 555:     MAX-ACCESS  read-create
 556:     STATUS      current
 557:     DESCRIPTION
 558:         "This column points to the action to be taken.  It may, but is
 559:          not limited to, point to a row in one of the following
 560:          tables:
 561: 
 562:             ipspCompoundActionTable
 563:             ipspSaPreconfiguredActionTable
 564:             ipspIkeActionTable
 565:             ipspIpsecActionTable
 566: 
 567:          It may also point to one of the scalar objects beneath
 568:          ipspStaticActions.
 569: 
 570:          If this object is set to a pointer to a row in an unsupported
 571:          (or unknown) table, an inconsistentValue error should be
 572:          returned.
 573: 
 574:          If this object is set to point to a non-existent row in an
 575:          otherwise supported table, an inconsistentName error should
 576:          be returned."
 577:     ::= { ipspRuleDefinitionEntry 5 }
 578: 
 579: ipspRuleDefAdminStatus OBJECT-TYPE
 580:     SYNTAX      IpspAdminStatus
 581:     MAX-ACCESS  read-create
 582:     STATUS      current
 583:     DESCRIPTION
 584:         "Indicates whether the current rule definition should be
 585:          considered active.  If enabled, it should be evaluated when
 586:          processing packets.  If disabled, packets should continue to
 587:          be processed by the rest of the rules defined in the
 588:          ipspGroupContentsTable as if this rule's filters had
 589:          effectively failed."
 590:     DEFVAL { enabled }
 591:     ::= { ipspRuleDefinitionEntry 6 }
 592: 
 593: ipspRuleDefLastChanged OBJECT-TYPE
 594:     SYNTAX      TimeStamp
 595:     MAX-ACCESS  read-only
 596:     STATUS      current
 597:     DESCRIPTION
 598:         "The value of sysUpTime when this row was last modified or
 599:          created either through SNMP SETs or by some other external
 600:          means."
 601:     ::= { ipspRuleDefinitionEntry 7 }
 602: 
 603: ipspRuleDefStorageType OBJECT-TYPE
 604:     SYNTAX      StorageType
 605:     MAX-ACCESS  read-create
 606:     STATUS      current
 607:     DESCRIPTION
 608:         "The storage type for this row.  Rows in this table which were
 609:          created through an external process may have a storage type
 610:          of readOnly or permanent."
 611:     DEFVAL { nonVolatile }
 612:     ::= { ipspRuleDefinitionEntry 8 }
 613: 
 614: ipspRuleDefRowStatus OBJECT-TYPE
 615:     SYNTAX      RowStatus
 616:     MAX-ACCESS  read-create
 617:     STATUS      current
 618:     DESCRIPTION
 619:         "This object indicates the conceptual status of this row.
 620: 
 621:          The value of this object has no effect on whether other
 622:          objects in this conceptual row can be modified.
 623: 
 624:          This object may not be set to active until the containing
 625:          contitions, filters and actions have been defined.  Once
 626:          active, it must remain active until no policyGroupContents
 627:          entries are referencing it."
 628:     ::= { ipspRuleDefinitionEntry 9 }
 629: 
 630: --
 631: -- Policy compound filter definition table
 632: --
 633: 
 634: ipspCompoundFilterTable OBJECT-TYPE
 635:     SYNTAX      SEQUENCE OF IpspCompoundFilterEntry
 636:     MAX-ACCESS  not-accessible
 637:     STATUS      current
 638:     DESCRIPTION
 639:         "A table defining a compound set of filters and their
 640:          associated parameters.  A row in this table can either be
 641:          pointed to by a ipspRuleDefFilter object or by a ficSubFilter
 642:          object."
 643:     ::= { ipspConfigObjects 5 }
 644: 
 645: ipspCompoundFilterEntry OBJECT-TYPE
 646:     SYNTAX      IpspCompoundFilterEntry
 647:     MAX-ACCESS  not-accessible
 648:     STATUS      current
 649:     DESCRIPTION
 650:         "An entry in the ipspCompoundFilterTable.  A filter defined by
 651:          this table is considered to have a TRUE return value if and
 652:          only if:
 653: 
 654:            ipspCompFiltLogicType is AND and all of the sub-filters
 655:            associated with it, as defined in the ipspSubfiltersTable,
 656:            are all true themselves (after applying any requried
 657:            negation as defined by the ficFilterIsNegated object).
 658: 
 659:            ipspCompFiltLogicType is OR and at least one of the
 660:            sub-filters associated with it, as defined in the
 661:            ipspSubfiltersTable, is true itself (after applying any
 662:            requried negation as defined by the ficFilterIsNegated
 663:            object)."
 664:     INDEX       { ipspCompFiltName }
 665:     ::= { ipspCompoundFilterTable 1 }
 666: 
 667: IpspCompoundFilterEntry ::= SEQUENCE {
 668:     ipspCompFiltName                          SnmpAdminString,
 669:     ipspCompFiltDescription                   SnmpAdminString,
 670:     ipspCompFiltLogicType                     IpspBooleanOperator,
 671:     ipspCompFiltLastChanged                   TimeStamp,
 672:     ipspCompFiltStorageType                   StorageType,
 673:     ipspCompFiltRowStatus                     RowStatus
 674: }
 675: 
 676: ipspCompFiltName OBJECT-TYPE
 677:     SYNTAX      SnmpAdminString (SIZE(1..32))
 678:     MAX-ACCESS  not-accessible
 679:     STATUS      current
 680:     DESCRIPTION
 681:         "A user definable string.  You may use this field for your
 682:          administrative tracking purposes."
 683:     ::= { ipspCompoundFilterEntry 1 }
 684: 
 685: ipspCompFiltDescription OBJECT-TYPE
 686:     SYNTAX      SnmpAdminString
 687:     MAX-ACCESS  read-create
 688:     STATUS      current
 689:     DESCRIPTION
 690:         "A user definable string.  You may use this field for your
 691:          administrative tracking purposes."
 692:     DEFVAL { ''H }
 693:     ::= { ipspCompoundFilterEntry 2 }
 694: 
 695: 
 696: ipspCompFiltLogicType OBJECT-TYPE
 697:     SYNTAX      IpspBooleanOperator
 698:     MAX-ACCESS  read-create
 699:     STATUS      current
 700:     DESCRIPTION
 701:         "Indicates whether the filters contained within this filter
 702:          are functionally ANDed or ORed together."
 703:     DEFVAL { and }
 704:     ::= { ipspCompoundFilterEntry 3 }
 705: 
 706: ipspCompFiltLastChanged OBJECT-TYPE
 707:     SYNTAX      TimeStamp
 708:     MAX-ACCESS  read-only
 709:     STATUS      current
 710:     DESCRIPTION
 711:         "The value of sysUpTime when this row was last modified or
 712:          created either through SNMP SETs or by some other external
 713:          means."
 714:     ::= { ipspCompoundFilterEntry 4 }
 715: 
 716: ipspCompFiltStorageType OBJECT-TYPE
 717:     SYNTAX      StorageType
 718:     MAX-ACCESS  read-create
 719:     STATUS      current
 720:     DESCRIPTION
 721:         "The storage type for this row.  Rows in this table which were
 722:          created through an external process may have a storage type
 723:          of readOnly or permanent."
 724:     DEFVAL { nonVolatile }
 725:     ::= { ipspCompoundFilterEntry 5 }
 726: 
 727: ipspCompFiltRowStatus OBJECT-TYPE
 728:     SYNTAX      RowStatus
 729:     MAX-ACCESS  read-create
 730:     STATUS      current
 731:     DESCRIPTION
 732:         "This object indicates the conceptual status of this row.
 733: 
 734:          The value of this object has no effect on whether other
 735:          objects in this conceptual row can be modified.
 736: 
 737:          Once active, it may not have its value changed if any active
 738:          rows in the ipspRuleDefinitionTable are currently pointing
 739:          at this row."
 740:     ::= { ipspCompoundFilterEntry 6 }
 741: 
 742: --
 743: -- Policy filters in a cf table
 744: --
 745: 
 746: ipspSubfiltersTable OBJECT-TYPE
 747:     SYNTAX      SEQUENCE OF IpspSubfiltersEntry
 748:     MAX-ACCESS  not-accessible
 749:     STATUS      current
 750:     DESCRIPTION
 751:         "This table defines a list of filters contained within a given
 752:          compound filter set defined in the ipspCompoundFilterTable."
 753:     ::= { ipspConfigObjects 6 }
 754: 
 755: ipspSubfiltersEntry OBJECT-TYPE
 756:     SYNTAX      IpspSubfiltersEntry
 757:     MAX-ACCESS  not-accessible
 758:     STATUS      current
 759:     DESCRIPTION
 760:         "An entry into the list of filters for a given compound
 761:          filter."
 762:     INDEX       {  ipspCompFiltName, ipspSubFiltPriority }
 763:     ::= { ipspSubfiltersTable 1 }
 764: 
 765: IpspSubfiltersEntry ::= SEQUENCE {
 766:     ipspSubFiltPriority                              Integer32,
 767:     ipspSubFiltSubfilter                             VariablePointer,
 768:     ipspSubFiltSubfilterIsNegated                    TruthValue,
 769:     ipspSubFiltLastChanged                           TimeStamp,
 770:     ipspSubFiltStorageType                           StorageType,
 771:     ipspSubFiltRowStatus                             RowStatus
 772: }
 773: 
 774: ipspSubFiltPriority OBJECT-TYPE
 775:     SYNTAX      Integer32 (0..65536)
 776:     MAX-ACCESS  not-accessible
 777:     STATUS      current
 778:     DESCRIPTION
 779:         "The priority of a given filter within a condition.
 780:          Implementations MAY choose to follow the ordering indicated
 781:          by the manager that created the rows in order to allow the
 782:          manager to intelligently construct filter lists such that
 783:          faster filters are evaluated first."
 784:     ::= { ipspSubfiltersEntry 1 }
 785: 
 786: ipspSubFiltSubfilter OBJECT-TYPE
 787:     SYNTAX      VariablePointer
 788:     MAX-ACCESS  read-create
 789:     STATUS      current
 790:     DESCRIPTION
 791:         "The location of the contained filter.  The value of this
 792:          column should be a VariablePointer which references the
 793:          properties for the filter to be included in this compound
 794:          filter.
 795: 
 796:          This MIB defines the following tables and scalars which may
 797:          be pointed to by this column.  Implementations may choose to
 798:          provide support for other filter tables or scalars as well:
 799: 
 800:                 ipspIpHeaderFilterTable
 801:                 ipspIpOffsetFilterTable
 802:                 ipspTimeFilterTable
 803:                 ipspCompoundFilterTable
 804:                 ipspTrueFilter
 805: 
 806:          If this column is set to a VariablePointer value which
 807:          references a non-existent row in an otherwise supported
 808:          table, the inconsistentName exception should be returned.  If
 809:          the table or scalar pointed to by the VariablePointer is not
 810:          supported at all, then an inconsistentValue exception should
 811:          be returned."
 812:     ::= { ipspSubfiltersEntry 2 }
 813: 
 814: ipspSubFiltSubfilterIsNegated OBJECT-TYPE
 815:     SYNTAX      TruthValue
 816:     MAX-ACCESS  read-create
 817:     STATUS      current
 818:     DESCRIPTION
 819:         "Indicates whether the result of applying this subfilter
 820:          should be negated or not."
 821:     DEFVAL { false }
 822:     ::= { ipspSubfiltersEntry 3 }
 823: 
 824: ipspSubFiltLastChanged OBJECT-TYPE
 825:     SYNTAX      TimeStamp
 826:     MAX-ACCESS  read-only
 827:     STATUS      current
 828:     DESCRIPTION
 829:         "The value of sysUpTime when this row was last modified or
 830:          created either through SNMP SETs or by some other external
 831:          means."
 832:     ::= { ipspSubfiltersEntry 4 }
 833: 
 834: ipspSubFiltStorageType OBJECT-TYPE
 835:     SYNTAX      StorageType
 836:     MAX-ACCESS  read-create
 837:     STATUS      current
 838:     DESCRIPTION
 839:         "The storage type for this row.  Rows in this table which were
 840:          created through an external process may have a storage type
 841:          of readOnly or permanent."
 842:     DEFVAL { nonVolatile }
 843:     ::= { ipspSubfiltersEntry 5 }
 844: 
 845: ipspSubFiltRowStatus OBJECT-TYPE
 846:     SYNTAX      RowStatus
 847:     MAX-ACCESS  read-create
 848:     STATUS      current
 849:     DESCRIPTION
 850:         "This object indicates the conceptual status of this row.
 851: 
 852:          The value of this object has no effect on whether other
 853:          objects in this conceptual row can be modified.
 854: 
 855:          This object can not be made active until the filter
 856:          referenced by the ficSubFilter object is both defined and is
 857:          active.  An attempt to do so will result in an
 858:          inconsistentValue error."
 859:     ::= { ipspSubfiltersEntry 6 }
 860: 
 861: --
 862: -- Static Filters
 863: --
 864: 
 865: ipspStaticFilters OBJECT IDENTIFIER ::= { ipspConfigObjects 7 }
 866: 
 867: ipspTrueFilter OBJECT-TYPE
 868:         SYNTAX      Integer32
 869:         MAX-ACCESS  read-only
 870:         STATUS      current
 871:         DESCRIPTION
 872:             "This scalar indicates a (automatic) true result for a
 873:              filter.  I.e. this is a filter that is always true,
 874:              useful for adding as a default filter for a default
 875:              action or a set of actions."
 876:         ::= { ipspStaticFilters 1 }
 877: 
 878: ipspTrueFilterInstance OBJECT IDENTIFIER ::= { ipspTrueFilter 0 }
 879: 
 880: ipspIkePhase1Filter OBJECT-TYPE
 881:         SYNTAX      Integer32
 882:         MAX-ACCESS  read-only
 883:         STATUS      current
 884:         DESCRIPTION
 885:             "This static filter can be used to test if a packet is
 886:              part of an IKE phase-1 negotiation."
 887:         ::= { ipspStaticFilters 2 }
 888: 
 889: ipspIkePhase2Filter OBJECT-TYPE
 890:         SYNTAX      Integer32
 891:         MAX-ACCESS  read-only
 892:         STATUS      current
 893:         DESCRIPTION
 894:             "This static filter can be used to test if a packet is
 895:              part of an IKE phase-2 negotiation."
 896:         ::= { ipspStaticFilters 3 }
 897: 
 898: --
 899: -- Policy IPHeader filter definition table
 900: --
 901: 
 902: ipspIpHeaderFilterTable OBJECT-TYPE
 903:     SYNTAX      SEQUENCE OF IpspIpHeaderFilterEntry
 904:     MAX-ACCESS  not-accessible
 905:     STATUS      current
 906:     DESCRIPTION
 907:         "This table contains a list of filter definitions to be used
 908:          within the ipspRuleDefinitionTable or the
 909:          ipspSubfilterTable table."
 910:     ::= { ipspConfigObjects 8 }
 911: 
 912: ipspIpHeaderFilterEntry OBJECT-TYPE
 913:     SYNTAX      IpspIpHeaderFilterEntry
 914:     MAX-ACCESS  not-accessible
 915:     STATUS      current
 916:     DESCRIPTION
 917:         "A definition of a particular filter."
 918:     INDEX       {  ipspIpHeadFiltName }
 919:     ::= { ipspIpHeaderFilterTable 1 }
 920: 
 921: IpspIpHeaderFilterEntry ::= SEQUENCE {
 922:     ipspIpHeadFiltName                               SnmpAdminString,
 923:     ipspIpHeadFiltType                               BITS,
 924:     ipspIpHeadFiltIPVersion                          InetAddressType,
 925:     ipspIpHeadFiltSrcAddressBegin                    InetAddress,
 926:     ipspIpHeadFiltSrcAddressEnd                      InetAddress,
 927:     ipspIpHeadFiltDstAddressBegin                    InetAddress,
 928:     ipspIpHeadFiltDstAddressEnd                      InetAddress,
 929:     ipspIpHeadFiltSrcLowPort                         InetPortNumber,
 930:     ipspIpHeadFiltSrcHighPort                        InetPortNumber,
 931:     ipspIpHeadFiltDstLowPort                         InetPortNumber,
 932:     ipspIpHeadFiltDstHighPort                        InetPortNumber,
 933:     ipspIpHeadFiltProtocol                           Integer32,
 934:     ipspIpHeadFiltIPv6FlowLabel                      Integer32,
 935:     ipspIpHeadFiltLastChanged                        TimeStamp,
 936:     ipspIpHeadFiltStorageType                        StorageType,
 937:     ipspIpHeadFiltRowStatus                          RowStatus
 938: }
 939: 
 940: ipspIpHeadFiltName OBJECT-TYPE
 941:     SYNTAX      SnmpAdminString (SIZE(1..32))
 942:     MAX-ACCESS  not-accessible
 943:     STATUS      current
 944:     DESCRIPTION
 945:         "The administrative name for this filter."
 946:     ::= { ipspIpHeaderFilterEntry 1 }
 947: 
 948: ipspIpHeadFiltType OBJECT-TYPE
 949:     SYNTAX      BITS { sourceAddress(0), destinationAddress(1),
 950:                        sourcePort(2), destinationPort(3),
 951:                        protocol(4), ipv6FlowLabel(5) }
 952:     MAX-ACCESS  read-create
 953:     STATUS      current
 954:     DESCRIPTION
 955:         "This defines the various tests that are used when evaluating
 956:          a given filter.  The results of each test are ANDed together
 957:          to produce the result of the entire filter.  When processing
 958:          this filter, it is recommended for efficiency reasons that
 959:          the filter halt processing the instant any of the specified
 960:          tests fail.
 961: 
 962:          Once a row is 'active', this object's value may not be
 963:          changed unless all the appropriate columns needed by the new
 964:          value to be imposed on this object have been appropriately
 965:          configured.
 966: 
 967:          The various tests definable in this table are as follows:
 968: 
 969:          sourceAddress:
 970:            - Tests if the source address in the packet lies between
 971:              the ipspIpHeadFiltSrcAddressBegin and
 972:              ipspIpHeadFiltSrcAddressEnd objects.
 973: 
 974:              Note that setting these two objects to the same address
 975:              will limit the search to the exact match of a single
 976:              address.  The format and length of the address objects
 977:              are defined by the ipspIpHeadFiltIPVersion column.
 978:              A row in this table containing a ipspIpHeadFiltType
 979:              object with the sourceAddress object bit but without the
 980:              ipspIpHeadFiltIPVersion, ipspIpHeadFiltSrcAddressBegin
 981:              and ipspIpHeadFiltSrcAddressEnd objects set will cause
 982:              the ipspIpHeadFiltRowStatus object to return the notReady
 983:              state.
 984: 
 985:          destinationAddress:
 986:            - Tests if the destination address in the packet lies
 987:              between the ipspIpHeadFiltDstAddressBegin and
 988:              ipspIpHeadFiltDstAddressEnd objects.  Note that setting
 989:              these two objects to the same address will limit the
 990:              search to the exact match of a single address.  The
 991:              format and length of the address objects are defined by
 992:              the ipspIpHeadFiltIPVersion column.
 993: 
 994:              A row in this table containing a ipspIpHeadFiltType
 995:              object with the destinationAddress object bit but without
 996:              the ipspIpHeadFiltIPVersion,
 997:              ipspIpHeadFiltDstAddressBegin and
 998: 
 999:              ipspIpHeadFiltDstAddressEnd objects set will cause the
1000:              ipspIpHeadFiltRowStatus object to return the notReady
1001:              state.
1002: 
1003:          sourcePort:
1004:            - Tests if the source port of IP packets using a protocol
1005:              that uses port numbers (at this time, UDP or TCP) lies
1006:              between the ipspIpHeadFiltSrcLowPort and
1007:              ipspIpHeadFiltSrcHighPort objects.  Note that setting
1008:              these two objects to the same address will limit the
1009:              search to the exact match of a single port.
1010: 
1011:              A row in this table containing a ipspIpHeadFiltType
1012:              object with the sourcePort object bit but without the
1013:              ipspIpHeadFiltSrcLowPort, and ipspIpHeadFiltSrcHighPort
1014:              objects set will cause the ipspIpHeadFiltRowStatus object
1015:              to return the notReady state.
1016: 
1017:          destinationPort:
1018:            - Tests if the source port of IP packets using a protocol
1019:              that uses port numbers (at this time, UDP or TCP) lies
1020:              between the ipspIpHeadFiltDstLowPort and
1021:              ipspIpHeadFiltDstHighPort objects.  Note that setting
1022:              these two objects to the same address will limit the
1023:              search to the exact match of a single port.
1024: 
1025:              A row in this table containing a ipspIpHeadFiltType
1026:              object with the sourcePort object bit but without the
1027:              ipspIpHeadFiltDstLowPort, and ipspIpHeadFiltDstHighPort
1028:              objects set will cause the ipspIpHeadFiltRowStatus object
1029:              to return the notReady state.
1030: 
1031:          protocol:
1032:            - Tests to see if the packet being processed is for the
1033:              given protocol type.
1034: 
1035:              A row in this table containing a ipspIpHeadFiltType
1036:              object with the protocol object bit but without the
1037:              ipspIpHeadFiltProtocol object set will cause the
1038:              ipspIpHeadFiltRowStatus object to return the notReady
1039:              state.
1040: 
1041:          ipv6FlowLabel:
1042:            - Tests to see if the packet being processed contains an
1043:              ipv6 Flow Label which matches the value in the
1044:              ipfIPv6FlowLabel object.  Setting this bit mandates that
1045:              for the packet to match the filter, it must be an IPv6
1046:              packet.
1047: 
1048:              A row in this table containing a ipspIpHeadFiltType
1049:              object with the ipv6FlowLabel object bit but without the
1050:              ipfIPv6FlowLabel object set will cause the
1051:              ipspIpHeadFiltRowStatus object to return the notReady
1052:              state."
1053:     ::= { ipspIpHeaderFilterEntry 2 }
1054: 
1055: ipspIpHeadFiltIPVersion OBJECT-TYPE
1056:     SYNTAX      InetAddressType
1057:     MAX-ACCESS  read-create
1058:     STATUS      current
1059:     DESCRIPTION
1060:         "The Internet Protocol version the addresses are to match
1061:          against.  The value of this property determines the size and
1062:          format of the ipspIpHeadFiltSrcAddressBegin,
1063:          ipspIpHeadFiltSrcAddressEnd, ipspIpHeadFiltDstAddressBegin,
1064:          and ipspIpHeadFiltDstAddressEnd objects.
1065: 
1066:          Values of unknown, ipv4z, ipv6z and dns are not legal values
1067:          for this object."
1068:     DEFVAL  { ipv6 }
1069:     ::= { ipspIpHeaderFilterEntry 3 }
1070: 
1071: ipspIpHeadFiltSrcAddressBegin OBJECT-TYPE
1072:     SYNTAX      InetAddress
1073:     MAX-ACCESS  read-create
1074:     STATUS      current
1075:     DESCRIPTION
1076:         "The starting address of a source address range that the
1077:          packet must match against for this filter to be considered
1078:          TRUE.
1079: 
1080:          This object is only used if sourceAddress is set in
1081:          ipspIpHeadFiltType."
1082:     ::= { ipspIpHeaderFilterEntry 4 }
1083: 
1084: ipspIpHeadFiltSrcAddressEnd OBJECT-TYPE
1085:     SYNTAX      InetAddress
1086:     MAX-ACCESS  read-create
1087:     STATUS      current
1088:     DESCRIPTION
1089:         "The ending address of a source address range to check a
1090:          packet against, where the starting is specified by the
1091:          ipspIpHeadFiltSrcAddressBegin object.  Set this column to the
1092:          same value as the ipspIpHeadFiltSrcAddressBegin column to get
1093:          an exact single address match.
1094: 
1095:          This object is only used if sourceAddress is set in
1096:          ipspIpHeadFiltType."
1097:     ::= { ipspIpHeaderFilterEntry 5 }
1098: 
1099: ipspIpHeadFiltDstAddressBegin OBJECT-TYPE
1100:     SYNTAX      InetAddress
1101:     MAX-ACCESS  read-create
1102:     STATUS      current
1103:     DESCRIPTION
1104:         "The starting address of a destination address range that the
1105:          packet must match against for this filter to be considered
1106:          TRUE.
1107: 
1108:          This object is only used if destinationAddress is set in
1109:          ipspIpHeadFiltType."
1110:     ::= { ipspIpHeaderFilterEntry 6 }
1111: 
1112: ipspIpHeadFiltDstAddressEnd OBJECT-TYPE
1113:     SYNTAX      InetAddress
1114:     MAX-ACCESS  read-create
1115:     STATUS      current
1116:     DESCRIPTION
1117:         "The ending address of a destination address range to check a
1118:          packet against, where the first is specified by the
1119:          ipspIpHeadFiltDstAddressBegin object.  Set this column to the
1120:          same value as the ipspIpHeadFiltDstAddressBegin column to get
1121:          an exact single address match.
1122:          This object is only used if destinationAddress is set in
1123:          ipspIpHeadFiltType."
1124:     ::= { ipspIpHeaderFilterEntry 7 }
1125: 
1126: ipspIpHeadFiltSrcLowPort OBJECT-TYPE
1127:     SYNTAX      InetPortNumber
1128:     MAX-ACCESS  read-create
1129:     STATUS      current
1130:     DESCRIPTION
1131:         "The low port of the port range a packet's source must match
1132:          against.  To match, the port number must be greater than or
1133:          equal to this value.
1134: 
1135:          This object is only used if sourcePort is set in
1136:          ipspIpHeadFiltType.
1137: 
1138:          The value of 0 for this object is illegal."
1139:     ::= { ipspIpHeaderFilterEntry 8 }
1140: 
1141: ipspIpHeadFiltSrcHighPort OBJECT-TYPE
1142:     SYNTAX      InetPortNumber
1143:     MAX-ACCESS  read-create
1144:     STATUS      current
1145:     DESCRIPTION
1146:         "The high port of the port range a packet's source must match
1147:          against.  To match, the port number must be less than or
1148:          equal to this value.
1149: 
1150:          This object is only used if sourcePort is set in
1151:          ipspIpHeadFiltType.
1152: 
1153:          The value of 0 for this object is illegal."
1154:     ::= { ipspIpHeaderFilterEntry 9 }
1155: 
1156: ipspIpHeadFiltDstLowPort OBJECT-TYPE
1157:     SYNTAX      InetPortNumber
1158:     MAX-ACCESS  read-create
1159:     STATUS      current
1160:     DESCRIPTION
1161:         "The low port of the port range a packet's destination must
1162:          match against.  To match, the port number must be greater
1163:          than or equal to this value.
1164: 
1165:          This object is only used if destinationPort is set in
1166:          ipspIpHeadFiltType.
1167: 
1168:          The value of 0 for this object is illegal."
1169:     ::= { ipspIpHeaderFilterEntry 10 }
1170: 
1171: ipspIpHeadFiltDstHighPort OBJECT-TYPE
1172:     SYNTAX      InetPortNumber
1173:     MAX-ACCESS  read-create
1174:     STATUS      current
1175:     DESCRIPTION
1176:         "The high port of the port range a packet's destination must
1177:          match against.  To match, the port number must be less than
1178:          or equal to this value.
1179: 
1180:          This object is only used if destinationPort is set in
1181:          ipspIpHeadFiltType.
1182: 
1183:          The value of 0 for this object is illegal."
1184:     ::= { ipspIpHeaderFilterEntry 11 }
1185: 
1186: ipspIpHeadFiltProtocol OBJECT-TYPE
1187:     SYNTAX      Integer32 (0..255)
1188:     MAX-ACCESS  read-create
1189:     STATUS      current
1190:     DESCRIPTION
1191:         "The protocol number the incoming packet must match against
1192:          for this filter to be evaluated as true.
1193: 
1194:          This object is only used if protocol is set in
1195:          ipspIpHeadFiltType."
1196:     ::= { ipspIpHeaderFilterEntry 12 }
1197: 
1198: ipspIpHeadFiltIPv6FlowLabel OBJECT-TYPE
1199:     SYNTAX      Integer32 (0..1048575)
1200:     MAX-ACCESS  read-create
1201:     STATUS      current
1202:     DESCRIPTION
1203:         "The IPv6 Flow Label that the packet must match against.
1204: 
1205:         This object is only used if ipv6FlowLabel is set in
1206:         ipspIpHeadFiltType."
1207:     ::= { ipspIpHeaderFilterEntry 13 }
1208: 
1209: ipspIpHeadFiltLastChanged OBJECT-TYPE
1210:     SYNTAX      TimeStamp
1211:     MAX-ACCESS  read-only
1212:     STATUS      current
1213:     DESCRIPTION
1214:         "The value of sysUpTime when this row was last modified or
1215:          created either through SNMP SETs or by some other external
1216:          means."
1217:     ::= { ipspIpHeaderFilterEntry 14 }
1218: 
1219: ipspIpHeadFiltStorageType OBJECT-TYPE
1220:     SYNTAX      StorageType
1221:     MAX-ACCESS  read-create
1222:     STATUS      current
1223:     DESCRIPTION
1224:         "The storage type for this row.  Rows in this table which were
1225:          created through an external process may have a storage type
1226:          of readOnly or permanent."
1227:     DEFVAL { nonVolatile }
1228:     ::= { ipspIpHeaderFilterEntry 15 }
1229: 
1230: ipspIpHeadFiltRowStatus OBJECT-TYPE
1231:     SYNTAX      RowStatus
1232:     MAX-ACCESS  read-create
1233:     STATUS      current
1234:     DESCRIPTION
1235:         "This object indicates the conceptual status of this row.
1236: 
1237:          This object may not be set to active if the requirements of
1238:          the ipspIpHeadFiltType object are not met.  In other words,
1239:          if the associated value columns needed by a particular test
1240:          have not been set, then attempting to change this row to an
1241:          active state will result in an inconsistentValue error.  See
1242:          the ipspIpHeadFiltType object description for further
1243:          details."
1244:     ::= { ipspIpHeaderFilterEntry 16 }
1245: 
1246: 
1247: --
1248: -- Policy IP Offset filter definition table
1249: --
1250: 
1251: ipspIpOffsetFilterTable OBJECT-TYPE
1252:     SYNTAX      SEQUENCE OF IpspIpOffsetFilterEntry
1253:     MAX-ACCESS  not-accessible
1254:     STATUS      current
1255:     DESCRIPTION
1256:         "This table contains a list of filter definitions to be used
1257:          within the ipspRuleDefinitionTable or the
1258:          ipspSubfilterTable."
1259:     ::= { ipspConfigObjects 9 }
1260: 
1261: ipspIpOffsetFilterEntry OBJECT-TYPE
1262:     SYNTAX      IpspIpOffsetFilterEntry
1263:     MAX-ACCESS  not-accessible
1264:     STATUS      current
1265:     DESCRIPTION
1266:         "A definition of a particular filter."
1267: 
1268:     INDEX       {  ipspIpOffFiltName }
1269:     ::= { ipspIpOffsetFilterTable 1 }
1270: 
1271: IpspIpOffsetFilterEntry ::= SEQUENCE {
1272:     ipspIpOffFiltName                               SnmpAdminString,
1273:     ipspIpOffFiltOffset                             Integer32,
1274:     ipspIpOffFiltType                               INTEGER,
1275:     ipspIpOffFiltNumber                             Integer32,
1276:     ipspIpOffFiltValue                              OCTET STRING,
1277:     ipspIpOffFiltLastChanged                        TimeStamp,
1278:     ipspIpOffFiltStorageType                        StorageType,
1279:     ipspIpOffFiltRowStatus                          RowStatus
1280: }
1281: 
1282: ipspIpOffFiltName OBJECT-TYPE
1283:     SYNTAX      SnmpAdminString (SIZE(1..32))
1284:     MAX-ACCESS  not-accessible
1285:     STATUS      current
1286:     DESCRIPTION
1287:         "The administrative name for this filter."
1288:     ::= { ipspIpOffsetFilterEntry 1 }
1289: 
1290: ipspIpOffFiltOffset OBJECT-TYPE
1291:     SYNTAX      Integer32 (0..65536)
1292:     MAX-ACCESS  read-create
1293:     STATUS      current
1294:     DESCRIPTION
1295:         "This is the byte offset from the front of the IP packet where
1296:          the value or arithmetic comparison is done.  A value of '0'
1297:          indicates the first byte in the packet."
1298:     ::= { ipspIpOffsetFilterEntry 2 }
1299: 
1300: ipspIpOffFiltType OBJECT-TYPE
1301:     SYNTAX INTEGER { valueMatch(1),
1302:                      valueNotMatch(2),
1303:                      arithmeticEqual(3),
1304:                      arithmeticNotEqual(4),
1305:                      arithmeticLess(5),
1306:                      arithmeticGreaterOrEqual(6),
1307:                      arithmeticGreater(7),
1308:                      arithmeticLessOrEqual(8) }
1309:     MAX-ACCESS  read-create
1310:     STATUS      current
1311:     DESCRIPTION
1312:         "This defines the various tests that are used when evaluating
1313:          a given filter.
1314: 
1315:          Once a row is 'active', this object's value may not be
1316:          changed unless the appropriate columns, ipspIpOffFiltNumber
1317:          or ipspIpOffFiltValue, needed by the new value to be imposed
1318:          on this object have been appropriately configured.
1319: 
1320:          The various tests definable in this table are as follows:
1321: 
1322:          valueMatch:
1323:            - Tests if the OCTET STRING, 'ipspIpOffFiltValue', matches
1324:              a value in the packet starting at the given offset in the
1325:              packet and comparing the entire OCTET STRING of
1326:              'ipspIpOffFiltValue'.
1327: 
1328:          valueNotMatch:
1329:            - Tests if the OCTET STRING, 'ipspIpOffFiltValue', does not
1330:              match a value in the packet starting at the given offset
1331:              in the packet and comparing to the entire OCTET STRING of
1332:              'ipspIpOffFiltValue'.
1333: 
1334:          arithmeticEqual:
1335:            - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1336:              arithmetically equal ('=') to the 4 byte value starting
1337:              at the given offset within the packet.  The value in the
1338:              packet is assumed to be in network byte order.
1339: 
1340:          arithmeticNotEqual:
1341:            - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1342:              arithmetically not equal ('!=') to the 4 byte value
1343:              starting at the given offset within the packet.  The
1344:              value in the packet is assumed to be in network byte
1345:              order.
1346: 
1347:          arithmeticLess:
1348:            - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1349:              arithmetically less than ('<') the 4 byte value starting
1350:              at the given offset within the packet.  The value in the
1351:              packet is assumed to be in network byte order.
1352: 
1353:          arithmeticGreaterOrEqual:
1354:            - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1355:              arithmetically greater than or equal to ('>=') the 4 byte
1356:              value starting at the given offset within the packet.
1357:              The value in the packet is assumed to be in network byte
1358:              order.
1359: 
1360:          arithmeticGreater:
1361:            - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1362:              arithmetically greater than ('>') the 4 byte value
1363:              starting at the given offset within the packet.  The
1364:              value in the packet is assumed to be in network byte
1365:              order.
1366: 
1367:          arithmeticLessOrEqual:
1368:            - Tests if the Integer32, 'ipspIpOffFiltNumber', is
1369:              arithmetically less than or equal to ('<=') the 4 byte
1370:              value starting at the given offset within the packet.
1371:              The value in the packet is assumed to be in network byte
1372:              order."
1373: 
1374:     ::= { ipspIpOffsetFilterEntry 3 }
1375: 
1376: ipspIpOffFiltNumber OBJECT-TYPE
1377:     SYNTAX      Integer32 (0..65536)
1378:     MAX-ACCESS  read-create
1379:     STATUS      current
1380:     DESCRIPTION
1381: 
1382:         "ipspIpOffFiltNumber is used for arithmetic matching of a
1383:          packets at ipspIpOffFiltOffset.  This object is only used if
1384:          one of
1385:          the arithmetic types is chosen in ipspIpOffFiltType."
1386:     ::= { ipspIpOffsetFilterEntry 4 }
1387: 
1388: ipspIpOffFiltValue OBJECT-TYPE
1389:     SYNTAX      OCTET STRING (SIZE(0..1024))
1390:     MAX-ACCESS  read-create
1391:     STATUS      current
1392:     DESCRIPTION
1393:         "ipspIpOffFiltValue is used for match comparisons of a packet at
1394:          ipspIpOffFiltOffset.  This object is only used if one of the
1395:          match types is chosen in ipspIpOffFiltType."
1396:     ::= { ipspIpOffsetFilterEntry 5 }
1397: 
1398: ipspIpOffFiltLastChanged OBJECT-TYPE
1399:     SYNTAX      TimeStamp
1400:     MAX-ACCESS  read-only
1401:     STATUS      current
1402:     DESCRIPTION
1403:         "The value of sysUpTime when this row was last modified or
1404:          created either through SNMP SETs or by some other external
1405:          means."
1406:     ::= { ipspIpOffsetFilterEntry 6 }
1407: 
1408: 
1409: ipspIpOffFiltStorageType OBJECT-TYPE
1410:     SYNTAX      StorageType
1411:     MAX-ACCESS  read-create
1412:     STATUS      current
1413:     DESCRIPTION
1414:         "The storage type for this row.  Rows in this table which were
1415:          created through an external process may have a storage type
1416:          of readOnly or permanent."
1417:     DEFVAL { nonVolatile }
1418:     ::= { ipspIpOffsetFilterEntry 7 }
1419: 
1420: ipspIpOffFiltRowStatus OBJECT-TYPE
1421:     SYNTAX      RowStatus
1422:     MAX-ACCESS  read-create
1423:     STATUS      current
1424:     DESCRIPTION
1425:         "This object indicates the conceptual status of this row.
1426: 
1427:          This object may not be set to active if the requirements of
1428:          the ipspIpOffFiltType object are not met.  In other words, if
1429:          the associated value columns needed by a particular test have
1430:          not been set, then attempting to change this row to an active
1431:          state will result in an inconsistentValue error.  See the
1432:          ipspIpOffFiltType object description for further details."
1433:     ::= { ipspIpOffsetFilterEntry 8 }
1434: 
1435: 
1436: --
1437: -- Time/scheduling filter table
1438: --
1439: 
1440: ipspTimeFilterTable OBJECT-TYPE
1441:     SYNTAX      SEQUENCE OF IpspTimeFilterEntry
1442:     MAX-ACCESS  not-accessible
1443:     STATUS      current
1444:     DESCRIPTION
1445:         "Defines a table of filters which can be used to effectively
1446:          enable or disable policies based on a valid time range."
1447:     ::= { ipspConfigObjects 10 }
1448: 
1449: ipspTimeFilterEntry OBJECT-TYPE
1450:     SYNTAX      IpspTimeFilterEntry
1451:     MAX-ACCESS  not-accessible
1452:     STATUS      current
1453:     DESCRIPTION
1454:         "A row describing a given time frame for which a policy may be
1455:          filtered on to place the rule active or inactive."
1456:     INDEX   { ipspTimeFiltName }
1457:     ::= { ipspTimeFilterTable 1 }
1458: 
1459: IpspTimeFilterEntry ::= SEQUENCE {
1460:     ipspTimeFiltName                 SnmpAdminString,
1461:     ipspTimeFiltPeriodStart          DateAndTime,
1462:     ipspTimeFiltPeriodEnd            DateAndTime,
1463:     ipspTimeFiltMonthOfYearMask      BITS,
1464:     ipspTimeFiltDayOfMonthMask       OCTET STRING,
1465:     ipspTimeFiltDayOfWeekMask        BITS,
1466:     ipspTimeFiltTimeOfDayMaskStart   DateAndTime,
1467:     ipspTimeFiltTimeOfDayMaskEnd     DateAndTime,
1468:     ipspTimeFiltLastChanged          TimeStamp,
1469:     ipspTimeFiltStorageType          StorageType,
1470:     ipspTimeFiltRowStatus            RowStatus
1471: }
1472: 
1473: ipspTimeFiltName OBJECT-TYPE
1474:     SYNTAX      SnmpAdminString (SIZE(1..32))
1475:     MAX-ACCESS  not-accessible
1476:     STATUS      current
1477:     DESCRIPTION
1478:         "An administratively assigned name for this filter."
1479:     ::= { ipspTimeFilterEntry 1 }
1480: 
1481: 
1482: ipspTimeFiltPeriodStart OBJECT-TYPE
1483:     SYNTAX      DateAndTime
1484:     MAX-ACCESS  read-create
1485:     STATUS      current
1486:     DESCRIPTION
1487:         "The starting time period for this filter.  In addition to a
1488:          normal DateAndTime string, this object may be set to the
1489:          OCTET STRING value THISANDPRIOR which indicates that the
1490:          filter is valid from any time before now up until (at least)
1491:          now."
1492:     DEFVAL { '00000101000000002b0000'H }
1493:     ::= { ipspTimeFilterEntry 2 }
1494: 
1495: ipspTimeFiltPeriodEnd OBJECT-TYPE
1496:     SYNTAX      DateAndTime
1497:     MAX-ACCESS  read-create
1498:     STATUS      current
1499:     DESCRIPTION
1500:         "The ending time period for this filter.  In addition to a
1501:          normal DateAndTime string, this object may be set to the
1502:          OCTET STRING value THISANDFUTURE which indicates that the
1503:          filter is valid without an ending date and/or time."
1504:     DEFVAL { '99991231235959092b0000'H }
1505:     ::= { ipspTimeFilterEntry 3 }
1506: 
1507: ipspTimeFiltMonthOfYearMask OBJECT-TYPE
1508:     SYNTAX      BITS { january(0), february(1), march(2), april(3),
1509:                        may(4), june(5), july(6), august(7),
1510:                        september(8), october(9),november(10),
1511:                        december(11) }
1512:     MAX-ACCESS  read-create
1513:     STATUS      current
1514:     DESCRIPTION
1515:         "A bit mask which overlays the ipspTimeFiltPeriodStart to
1516:          ipspTimeFiltPeriodEnd date range to further restrict the time
1517:          period to a restricted set of months of the year."
1518:     DEFVAL { { january, february, march, april, may, june, july,
1519:                august, september, october, november, december } }
1520:     ::= { ipspTimeFilterEntry 4 }
1521: 
1522: ipspTimeFiltDayOfMonthMask OBJECT-TYPE
1523:     SYNTAX      OCTET STRING (SIZE(4))
1524:     MAX-ACCESS  read-create
1525:     STATUS      current
1526:     DESCRIPTION
1527:         "Defines which days of the month this time period is valid
1528:          for.  It is a sequence of 32 BITS, where each BIT represents
1529:          a corresponding day of the month starting from the left most
1530:          bit being equal to the first day of the month.  The last bit
1531:          in the string MUST be zero."
1532:     DEFVAL { 'fffffffe'H }
1533:     ::= { ipspTimeFilterEntry 5 }
1534: 
1535: ipspTimeFiltDayOfWeekMask OBJECT-TYPE
1536:     SYNTAX      BITS { monday(0), tuesday(1), wednesday(2),
1537:                        thursday(3), friday(4), saturday(5),
1538:                        sunday(6) }
1539:     MAX-ACCESS  read-create
1540:     STATUS      current
1541:     DESCRIPTION
1542:         "A bit mask which overlays the ipspTimeFiltPeriodStart to
1543:          ipspTimeFiltPeriodEnd date range to further restrict the time
1544:          period to a restricted set of days within a given week."
1545:     DEFVAL { { monday, tuesday, wednesday, thursday, friday,
1546:                saturday, sunday } }
1547:     ::= { ipspTimeFilterEntry 6 }
1548: 
1549: 
1550: ipspTimeFiltTimeOfDayMaskStart OBJECT-TYPE
1551:     SYNTAX      DateAndTime
1552:     MAX-ACCESS  read-create
1553:     STATUS      current
1554:     DESCRIPTION
1555:         "Indicates the starting time of day for which this filter
1556:          evaluates to true.  The date portions of the DateAndTime TC
1557:          are ignored for purposes of evaluating this mask and only the
1558:          time specific portions are used."
1559:     DEFVAL { '00000000000000002b0000'H }
1560:     ::= { ipspTimeFilterEntry 7 }
1561: 
1562: ipspTimeFiltTimeOfDayMaskEnd OBJECT-TYPE
1563:     SYNTAX      DateAndTime
1564:     MAX-ACCESS  read-create
1565:     STATUS      current
1566:     DESCRIPTION
1567:         "Indicates the ending time of day for which this filter
1568:          evaluates to true.  The date portions of the DateAndTime TC
1569:          are ignored for purposes of evaluating this mask and only the
1570:          time specific portions are used.  If this starting and ending
1571:          time values indicated by the ipspTimeFiltTimeOfDayMaskStart
1572:          and ipspTimeFiltTimeOfDayMaskEnd objects are equal, the
1573:          filter is expected to be evaluated over the entire 24 hour
1574:          period."
1575:     DEFVAL { '00000000000000002b0000'H }
1576:     ::= { ipspTimeFilterEntry 8 }
1577: 
1578: ipspTimeFiltLastChanged OBJECT-TYPE
1579:     SYNTAX      TimeStamp
1580:     MAX-ACCESS  read-only
1581:     STATUS      current
1582:     DESCRIPTION
1583:         "The value of sysUpTime when this row was last modified or
1584:          created either through SNMP SETs or by some other external
1585:          means."
1586:     ::= { ipspTimeFilterEntry 9 }
1587: 
1588: ipspTimeFiltStorageType OBJECT-TYPE
1589:     SYNTAX      StorageType
1590:     MAX-ACCESS  read-create
1591:     STATUS      current
1592:     DESCRIPTION
1593:         "The storage type for this row.  Rows in this table which were
1594:          created through an external process may have a storage type
1595:          of readOnly or permanent."
1596:     DEFVAL { nonVolatile }
1597:     ::= { ipspTimeFilterEntry 10 }
1598: 
1599: ipspTimeFiltRowStatus OBJECT-TYPE
1600:     SYNTAX      RowStatus
1601:     MAX-ACCESS  read-create
1602:     STATUS      current
1603:     DESCRIPTION
1604:         "This object indicates the conceptual status of this row."
1605:     ::= { ipspTimeFilterEntry 11 }
1606: 
1607: --
1608: -- IPSO protection authority filtering
1609: --
1610: 
1611: ipspIpsoHeaderFilterTable OBJECT-TYPE
1612:     SYNTAX      SEQUENCE OF IpspIpsoHeaderFilterEntry
1613:     MAX-ACCESS  not-accessible
1614:     STATUS      current
1615:     DESCRIPTION
1616:         "This table contains a list of IPSO header filter definitions
1617:          to be used within the ipspRuleDefinitionTable or the
1618:          ipspSubfilterTable.  IPSO headers and their values
1619:          are described in RFC1108."
1620:     ::= { ipspConfigObjects 11 }
1621: 
1622: ipspIpsoHeaderFilterEntry OBJECT-TYPE
1623:     SYNTAX      IpspIpsoHeaderFilterEntry
1624:     MAX-ACCESS  not-accessible
1625:     STATUS      current
1626:     DESCRIPTION
1627:         "A definition of a particular filter."
1628:     INDEX       {  ipspIpsoHeadFiltName }
1629:     ::= { ipspIpsoHeaderFilterTable 1 }
1630: 
1631: IpspIpsoHeaderFilterEntry ::= SEQUENCE {
1632:     ipspIpsoHeadFiltName                               SnmpAdminString,
1633:     ipspIpsoHeadFiltType                               BITS,
1634:     ipspIpsoHeadFiltClassification                     INTEGER,
1635:     ipspIpsoHeadFiltProtectionAuth                     INTEGER,
1636:     ipspIpsoHeadFiltLastChanged                        TimeStamp,
1637:     ipspIpsoHeadFiltStorageType                        StorageType,
1638:     ipspIpsoHeadFiltRowStatus                          RowStatus
1639: }
1640: 
1641: ipspIpsoHeadFiltName OBJECT-TYPE
1642:     SYNTAX      SnmpAdminString (SIZE(1..32))
1643:     MAX-ACCESS  not-accessible
1644:     STATUS      current
1645:     DESCRIPTION
1646:         "The administrative name for this filter."
1647:     ::= { ipspIpsoHeaderFilterEntry 1 }
1648: 
1649: ipspIpsoHeadFiltType OBJECT-TYPE
1650:     SYNTAX      BITS { classificationLevel(0),
1651:                        protectionAuthority(1) }
1652:     MAX-ACCESS  read-create
1653:     STATUS      current
1654:     DESCRIPTION
1655:         "The IPSO header fields to match the value against."
1656:     ::= { ipspIpsoHeaderFilterEntry 2 }
1657: 
1658: ipspIpsoHeadFiltClassification OBJECT-TYPE
1659:     SYNTAX      INTEGER { topSecret(61), secret(90),
1660:                           confidential(150), unclassified(171) }
1661:     MAX-ACCESS  read-create
1662:     STATUS      current
1663:     DESCRIPTION
1664:         "The IPSO classification header field value must match the
1665:          value in this column if the classificationLevel bit is set in
1666:          the ipspIpsoHeadFiltType field.
1667: 
1668:          The values of these enumerations are defined by RFC1108."
1669:     ::= { ipspIpsoHeaderFilterEntry 3 }
1670: 
1671: ipspIpsoHeadFiltProtectionAuth OBJECT-TYPE
1672:     SYNTAX      INTEGER { genser(0), siopesi(1), sci(2),
1673:                           nsa(3), doe(4) }
1674:     MAX-ACCESS  read-create
1675:     STATUS      current
1676:     DESCRIPTION
1677:         "The IPSO protection authority header field value must match
1678:          the value in this column if the protection authority bit is
1679:          set in the ipspIpsoHeadFiltType field.
1680: 
1681:          The values of these enumerations are defined by RFC1108.
1682:          Hence the reason the SMIv2 convention of not using 0 in enum
1683:          lists is violated here."
1684:     ::= { ipspIpsoHeaderFilterEntry 4 }
1685: 
1686: ipspIpsoHeadFiltLastChanged OBJECT-TYPE
1687:     SYNTAX      TimeStamp
1688:     MAX-ACCESS  read-only
1689:     STATUS      current
1690:     DESCRIPTION
1691:         "The value of sysUpTime when this row was last modified or
1692:          created either through SNMP SETs or by some other external
1693:          means."
1694:     ::= { ipspIpsoHeaderFilterEntry 5 }
1695: 
1696: ipspIpsoHeadFiltStorageType OBJECT-TYPE
1697:     SYNTAX      StorageType
1698:     MAX-ACCESS  read-create
1699:     STATUS      current
1700:     DESCRIPTION
1701:         "The storage type for this row.  Rows in this table which were
1702:          created through an external process may have a storage type
1703:          of readOnly or permanent."
1704:     DEFVAL { nonVolatile }
1705:     ::= { ipspIpsoHeaderFilterEntry 6 }
1706: 
1707: ipspIpsoHeadFiltRowStatus OBJECT-TYPE
1708:     SYNTAX      RowStatus
1709:     MAX-ACCESS  read-create
1710:     STATUS      current
1711:     DESCRIPTION
1712:         "This object indicates the conceptual status of this row.
1713: 
1714:          This object may not be set to active if the requirements of
1715:          the ipspIpsoHeadFiltType object are not met.  In other words,
1716:          if the associated value columns needed by a particular test
1717:          have not been set, then attempting to change this row to an
1718:          active state will result in an inconsistentValue error.  See
1719:          the ipspIpsoHeadFiltType object description for further
1720:          details."
1721:     ::= { ipspIpsoHeaderFilterEntry 7 }
1722: 
1723: --
1724: -- credential filter table
1725: --
1726: 
1727: ipspCredentialFilterTable OBJECT-TYPE
1728:     SYNTAX      SEQUENCE OF IpspCredentialFilterEntry
1729:     MAX-ACCESS  not-accessible
1730:     STATUS      current
1731:     DESCRIPTION
1732:         "This table defines filters which can be used to match
1733:          credentials of IKE peers, where the credentials in question
1734:          have been obtained from an IKE phase 1 exchange.  They may be
1735:          X.509 certificates, Kerberos tickets, etc..."
1736:     ::= { ipspConfigObjects 12 }
1737: 
1738: ipspCredentialFilterEntry OBJECT-TYPE
1739:     SYNTAX      IpspCredentialFilterEntry
1740:     MAX-ACCESS  not-accessible
1741:     STATUS      current
1742:     DESCRIPTION
1743:         "A row defining a particular credential filter"
1744:     INDEX   { ipspCredFiltName }
1745:     ::= { ipspCredentialFilterTable 1 }
1746: 
1747: IpspCredentialFilterEntry ::= SEQUENCE {
1748:     ipspCredFiltName                      SnmpAdminString,
1749:     ipspCredFiltCredentialType            IpspCredentialType,
1750:     ipspCredFiltMatchFieldName            OCTET STRING,
1751:     ipspCredFiltMatchFieldValue           OCTET STRING,
1752:     ipspCredFiltAcceptCredFrom            OCTET STRING,
1753:     ipspCredFiltLastChanged               TimeStamp,
1754:     ipspCredFiltStorageType               StorageType,
1755:     ipspCredFiltRowStatus                 RowStatus
1756: }
1757: 
1758: ipspCredFiltName OBJECT-TYPE
1759:     SYNTAX      SnmpAdminString (SIZE(1..32))
1760:     MAX-ACCESS  not-accessible
1761:     STATUS      current
1762:     DESCRIPTION
1763:         "The administrative name of this filter."
1764:     ::= { ipspCredentialFilterEntry 1 }
1765: 
1766: ipspCredFiltCredentialType OBJECT-TYPE
1767:     SYNTAX      IpspCredentialType
1768:     MAX-ACCESS  read-create
1769:     STATUS      current
1770:     DESCRIPTION
1771:         "The credential type that is expected for this filter to
1772:          succeed."
1773:     DEFVAL { x509 }
1774:     ::= { ipspCredentialFilterEntry 2 }
1775: 
1776: ipspCredFiltMatchFieldName OBJECT-TYPE
1777:     SYNTAX      OCTET STRING (SIZE(0..256))
1778:     MAX-ACCESS  read-create
1779:     STATUS      current
1780:     DESCRIPTION
1781:         "The piece of the credential to match against.  Examples:
1782:          serialNumber, signatureAlgorithm, issuerName or subjectName.
1783: 
1784:          For credential types without fields (e.g. shared secrec),
1785:          this field should be left empty, and the entire credential
1786:          will be matched against the ipspCredFiltMatchFieldValue."
1787:     ::= { ipspCredentialFilterEntry 3 }
1788: 
1789: ipspCredFiltMatchFieldValue OBJECT-TYPE
1790:     SYNTAX      OCTET STRING (SIZE(1..4096))
1791:     MAX-ACCESS  read-create
1792:     STATUS      current
1793:     DESCRIPTION
1794:         "The value that the field indicated by the
1795:          ipspCredFiltMatchFieldName must match against for the filter
1796:          to be considered TRUE."
1797:     ::= { ipspCredentialFilterEntry 4 }
1798: 
1799: ipspCredFiltAcceptCredFrom OBJECT-TYPE
1800:     SYNTAX      OCTET STRING(SIZE(1..117))
1801:     MAX-ACCESS  read-create
1802:     STATUS      current
1803:     DESCRIPTION
1804:         "This value is used to look up a row in the
1805:          ipspIpsecCredMngServiceTable for the Certificate Authority (CA)
1806:          Information.  This value is empty if there is no CA used for
1807:          this filter."
1808:     ::= { ipspCredentialFilterEntry 5 }
1809: 
1810: ipspCredFiltLastChanged OBJECT-TYPE
1811:     SYNTAX      TimeStamp
1812:     MAX-ACCESS  read-only
1813:     STATUS      current
1814:     DESCRIPTION
1815:         "The value of sysUpTime when this row was last modified or
1816:          created either through SNMP SETs or by some other external
1817:          means."
1818:     ::= { ipspCredentialFilterEntry 6 }
1819: 
1820: ipspCredFiltStorageType OBJECT-TYPE
1821:     SYNTAX      StorageType
1822:     MAX-ACCESS  read-create
1823:     STATUS      current
1824:     DESCRIPTION
1825:         "The storage type for this row.  Rows in this table which were
1826:          created through an external process may have a storage type
1827:          of readOnly or permanent."
1828:     DEFVAL { nonVolatile }
1829:     ::= { ipspCredentialFilterEntry 7 }
1830: 
1831: ipspCredFiltRowStatus OBJECT-TYPE
1832:     SYNTAX      RowStatus
1833:     MAX-ACCESS  read-create
1834:     STATUS      current
1835:     DESCRIPTION
1836:         "This object indicates the conceptual status of this row."
1837:     ::= { ipspCredentialFilterEntry 8 }
1838: 
1839: --
1840: -- Peer Identity Filter Table
1841: --
1842: ipspPeerIdentityFilterTable OBJECT-TYPE
1843:     SYNTAX      SEQUENCE OF IpspPeerIdentityFilterEntry
1844:     MAX-ACCESS  not-accessible
1845:     STATUS      current
1846:     DESCRIPTION
1847:         "This table defines filters which can be used to match
1848:          credentials of IKE peers, where the credentials in question
1849:          have been obtained from an IKE phase 1 exchange.  They may be
1850:          X.509 certificates, Kerberos tickets, etc..."
1851:     ::= { ipspConfigObjects 13 }
1852: 
1853: ipspPeerIdentityFilterEntry OBJECT-TYPE
1854:     SYNTAX      IpspPeerIdentityFilterEntry
1855:     MAX-ACCESS  not-accessible
1856:     STATUS      current
1857:     DESCRIPTION
1858:         "A row defining a particular credential filter"
1859:     INDEX   { ipspPeerIdFiltName }
1860:     ::= { ipspPeerIdentityFilterTable 1 }
1861: 
1862: IpspPeerIdentityFilterEntry ::= SEQUENCE {
1863:     ipspPeerIdFiltName                      SnmpAdminString,
1864:     ipspPeerIdFiltIdentityType              IpsecDoiIdentType,
1865:     ipspPeerIdFiltIdentityValue             IpspIdentityFilter,
1866:     ipspPeerIdFiltLastChanged               TimeStamp,
1867:     ipspPeerIdFiltStorageType               StorageType,
1868:     ipspPeerIdFiltRowStatus                 RowStatus
1869: }
1870: 
1871: ipspPeerIdFiltName OBJECT-TYPE
1872:     SYNTAX      SnmpAdminString (SIZE(1..32))
1873:     MAX-ACCESS  not-accessible
1874:     STATUS      current
1875:     DESCRIPTION
1876:         "The administrative name of this filter."
1877:     ::= { ipspPeerIdentityFilterEntry 1 }
1878: 
1879: ipspPeerIdFiltIdentityType OBJECT-TYPE
1880:     SYNTAX      IpsecDoiIdentType
1881:     MAX-ACCESS  read-create
1882:     STATUS      current
1883:     DESCRIPTION
1884:         "The type of identity field in the peer ID payload to match
1885:          against."
1886:     ::= { ipspPeerIdentityFilterEntry 2 }
1887: 
1888: ipspPeerIdFiltIdentityValue OBJECT-TYPE
1889:     SYNTAX      IpspIdentityFilter
1890:     MAX-ACCESS  read-create
1891:     STATUS      current
1892:     DESCRIPTION
1893:         "The string representation of the value that the peer ID
1894:          payload value must match against. Wildcard mechanisms MUST be
1895:          supported such that:
1896: 
1897:          - a ipspPeerIdFiltIdentityValue of '*@example.com' will match
1898:            a userFqdn ID payload of 'JDOE@EXAMPLE.COM'
1899: 
1900:          - a ipspPeerIdFiltIdentityValue of '*.example.com' will match
1901:            a fqdn ID payload of 'WWW.EXAMPLE.COM'
1902: 
1903:          - a ipspPeerIdFiltIdentityValue of:
1904:               'cn=*,ou=engineering,o=company,c=us'
1905:            will match a DER DN ID payload of
1906:               'cn=John Doe,ou=engineering,o=company,c=us'
1907: 
1908:          - a ipspPeerIdFiltIdentityValue of '192.0.2.0/24' will match
1909:            an IPv4 address ID payload of 192.0.2.10
1910: 
1911:          - a ipspPeerIdFiltIdentityValue of '192.0.2.*' will also
1912:            match an IPv4 address ID payload of 192.0.2.10.
1913: 
1914:          The character '*' replaces 0 or multiple instances of any
1915:          character."
1916:     ::= { ipspPeerIdentityFilterEntry 3 }
1917: 
1918: ipspPeerIdFiltLastChanged OBJECT-TYPE
1919:     SYNTAX      TimeStamp
1920:     MAX-ACCESS  read-only
1921:     STATUS      current
1922:     DESCRIPTION
1923:         "The value of sysUpTime when this row was last modified or
1924:          created either through SNMP SETs or by some other external
1925:          means."
1926:     ::= { ipspPeerIdentityFilterEntry 4 }
1927: 
1928: ipspPeerIdFiltStorageType OBJECT-TYPE
1929:     SYNTAX      StorageType
1930:     MAX-ACCESS  read-create
1931:     STATUS      current
1932:     DESCRIPTION
1933:         "The storage type for this row.  Rows in this table which were
1934:          created through an external process may have a storage type
1935:          of readOnly or permanent."
1936:     DEFVAL { nonVolatile }
1937:     ::= { ipspPeerIdentityFilterEntry 5 }
1938: 
1939: ipspPeerIdFiltRowStatus OBJECT-TYPE
1940:     SYNTAX      RowStatus
1941:     MAX-ACCESS  read-create
1942:     STATUS      current
1943:     DESCRIPTION
1944:         "This object indicates the conceptual status of this row.
1945:          This object can not be considered active unless the
1946:          ipspPeerIdFiltIdentityType and ipspPeerIdFiltIdentityValue
1947:          column values are defined."
1948:     ::= { ipspPeerIdentityFilterEntry 6 }
1949: 
1950: --
1951: -- compound actions table
1952: --
1953: 
1954: ipspCompoundActionTable OBJECT-TYPE
1955:     SYNTAX      SEQUENCE OF IpspCompoundActionEntry
1956:     MAX-ACCESS  not-accessible
1957:     STATUS      current
1958:     DESCRIPTION
1959:         "Table used to allow multiple actions to be associated with a
1960:          rule.  It uses the ipspSubactionsTable to do this."
1961:     ::= { ipspConfigObjects 14 }
1962: 
1963: ipspCompoundActionEntry OBJECT-TYPE
1964:     SYNTAX      IpspCompoundActionEntry
1965:     MAX-ACCESS  not-accessible
1966:     STATUS      current
1967:     DESCRIPTION
1968:         "A row in the ipspCompoundActionTable."
1969:     INDEX   { ipspCompActName }
1970:     ::= { ipspCompoundActionTable 1 }
1971: 
1972: IpspCompoundActionEntry ::= SEQUENCE {
1973:     ipspCompActName                                   SnmpAdminString,
1974:     ipspCompActExecutionStrategy                      INTEGER,
1975:     ipspCompActLastChanged                            TimeStamp,
1976:     ipspCompActStorageType                            StorageType,
1977:     ipspCompActRowStatus                              RowStatus
1978: }
1979: 
1980: ipspCompActName OBJECT-TYPE
1981:     SYNTAX      SnmpAdminString (SIZE(1..32))
1982:     MAX-ACCESS  not-accessible
1983:     STATUS      current
1984:     DESCRIPTION
1985:         "This is an administratively assigned name of this compound
1986:          action."
1987:     ::= { ipspCompoundActionEntry 1 }
1988: 
1989: ipspCompActExecutionStrategy OBJECT-TYPE
1990:     SYNTAX      INTEGER { reserved(0),
1991:                           doAll(1),
1992:                           doUntilSuccess(2),
1993:                           doUntilFailure(3) }
1994:     MAX-ACCESS  read-create
1995:     STATUS      current
1996:     DESCRIPTION
1997:         "This object indicates how the sub-actions are executed based
1998:          on the success of the actions as they finish executing.
1999: 
2000:          doAll           - run each sub-action regardless of the
2001:                            exit status of the previous action.  This
2002:                            parent action is always considered to have
2003:                            acted successfully.
2004: 
2005:          doUntilSuccess  - run each sub-action until one succeeds, at
2006:                            which point stop processing the sub-actions
2007:                            within this parent compound action.  If one
2008:                            of the sub-actions did execute
2009:                            successfully, this parent action is also
2010:                            considered to have executed sucessfully.
2011: 
2012:          doUntilFailure  - run each sub-action until one fails, at
2013:                            which point stop processing the sub-actions
2014:                            within this compound action.  If any
2015:                            sub-action fails, the result of this parent
2016:                            action is considered to have failed."
2017:     DEFVAL { doUntilSuccess }
2018:     ::= { ipspCompoundActionEntry 2 }
2019: 
2020: ipspCompActLastChanged OBJECT-TYPE
2021:     SYNTAX      TimeStamp
2022:     MAX-ACCESS  read-only
2023:     STATUS      current
2024:     DESCRIPTION
2025:         "The value of sysUpTime when this row was last modified or
2026:          created either through SNMP SETs or by some other external
2027:          means."
2028:     ::= { ipspCompoundActionEntry 3 }
2029: 
2030: ipspCompActStorageType OBJECT-TYPE
2031:     SYNTAX      StorageType
2032:     MAX-ACCESS  read-create
2033:     STATUS      current
2034:     DESCRIPTION
2035:         "The storage type for this row.  Rows in this table which were
2036:          created through an external process may have a storage type
2037:          of readOnly or permanent."
2038:     DEFVAL { nonVolatile }
2039:     ::= { ipspCompoundActionEntry 4 }
2040: 
2041: ipspCompActRowStatus OBJECT-TYPE
2042:     SYNTAX      RowStatus
2043:     MAX-ACCESS  read-create
2044:     STATUS      current
2045:     DESCRIPTION
2046:         "This object indicates the conceptual status of this row.
2047: 
2048:          The value of this object has no effect on whether other
2049:          objects in this conceptual row can be modified.
2050: 
2051:          Once a row in the ipspCompoundActionTable has been made active,
2052:          this object may not be set to destroy without first
2053:          destroying all the contained rows listed in the
2054:          ipspSubactionsTable."
2055:     ::= { ipspCompoundActionEntry 5 }
2056: 
2057: 
2058: --
2059: -- actions contained within a compound action
2060: --
2061: 
2062: ipspSubactionsTable OBJECT-TYPE
2063:     SYNTAX      SEQUENCE OF IpspSubactionsEntry
2064:     MAX-ACCESS  not-accessible
2065:     STATUS      current
2066:     DESCRIPTION
2067:         "This table contains a list of the sub-actions within a given
2068:          compound action.  Compound actions executing these actions
2069:          MUST execute them in series based on the ipspSubActPriority
2070:          value, with the lowest value executing first."
2071:     ::= { ipspConfigObjects 15 }
2072: 
2073: ipspSubactionsEntry OBJECT-TYPE
2074:     SYNTAX      IpspSubactionsEntry
2075:     MAX-ACCESS  not-accessible
2076:     STATUS      current
2077:     DESCRIPTION
2078:         "A row containing a reference to a given compound-action
2079:          sub-action."
2080:     INDEX   { ipspCompActName, ipspSubActPriority }
2081:     ::= { ipspSubactionsTable 1 }
2082: 
2083: IpspSubactionsEntry ::= SEQUENCE {
2084:     ipspSubActPriority                             Integer32,
2085:     ipspSubActSubActionName                        VariablePointer,
2086:     aiipspCompActLastChanged                       TimeStamp,
2087:     aiipspCompActStorageType                       StorageType,
2088:     aiipspCompActRowStatus                         RowStatus
2089: }
2090: 
2091: ipspSubActPriority OBJECT-TYPE
2092:     SYNTAX      Integer32 (0..65536)
2093:     MAX-ACCESS  not-accessible
2094:     STATUS      current
2095:     DESCRIPTION
2096:         "The priority of a given sub-action within a compound action.
2097:          The order in which sub-actions should be executed are based
2098:          on the value from this column, with the lowest numeric value
2099:          executing first."
2100:     ::= { ipspSubactionsEntry 1 }
2101: 
2102: ipspSubActSubActionName OBJECT-TYPE
2103:     SYNTAX      VariablePointer
2104:     MAX-ACCESS  read-create
2105:     STATUS      current
2106:     DESCRIPTION
2107:         "This column points to the action to be taken.  It may, but is
2108:          not limited to, point to a row in one of the following
2109:          tables:
2110: 
2111:             ipspCompoundActionTable          - Allowing recursion
2112:             ipspSaPreconfiguredActionTable
2113:             ipspIkeActionTable
2114:             ipspIpsecActionTable
2115: 
2116:          It may also point to one of the scalar objects beneath
2117:          ipspStaticActions.
2118: 
2119:          If this object is set to a pointer to a row in an unsupported
2120:          (or unknown) table, an inconsistentValue error should be
2121:          returned.
2122: 
2123:          If this object is set to point to a non-existent row in an
2124:          otherwise supported table, an inconsistentName error should
2125:          be returned."
2126:     ::= { ipspSubactionsEntry 2 }
2127: 
2128: aiipspCompActLastChanged OBJECT-TYPE
2129:     SYNTAX      TimeStamp
2130:     MAX-ACCESS  read-only
2131:     STATUS      current
2132:     DESCRIPTION
2133:         "The value of sysUpTime when this row was last modified or
2134:          created either through SNMP SETs or by some other external
2135:          means."
2136:     ::= { ipspSubactionsEntry 3 }
2137: 
2138: aiipspCompActStorageType OBJECT-TYPE
2139:     SYNTAX      StorageType
2140:     MAX-ACCESS  read-create
2141:     STATUS      current
2142:     DESCRIPTION
2143:         "The storage type for this row.  Rows in this table which were
2144:          created through an external process may have a storage type
2145:          of readOnly or permanent."
2146:     DEFVAL { nonVolatile }
2147:     ::= { ipspSubactionsEntry 4 }
2148: 
2149: aiipspCompActRowStatus OBJECT-TYPE
2150:     SYNTAX      RowStatus
2151:     MAX-ACCESS  read-create
2152:     STATUS      current
2153:     DESCRIPTION
2154:         "This object indicates the conceptual status of this row.
2155: 
2156:          The value of this object has no effect on whether other
2157:          objects in this conceptual row can be modified."
2158:     ::= { ipspSubactionsEntry 5 }
2159: 
2160: --
2161: -- Static Actions
2162: --
2163: 
2164: -- these are static actions which can be pointed to by the
2165: -- ipspRuleDefAction or the ipspSubActSubActionName objects to drop,
2166: -- accept or reject packets.
2167: 
2168: ipspStaticActions OBJECT IDENTIFIER ::= { ipspConfigObjects 16 }
2169: 
2170: ipspDropAction    OBJECT-TYPE
2171:     SYNTAX      Integer32
2172:     MAX-ACCESS  read-only
2173:     STATUS      current
2174:     DESCRIPTION
2175:         "This scalar indicates that a packet should be dropped WITHOUT
2176:          action/packet logging.  This object returns a value
2177:          of 1 for IPsec policy implementations that support the drop
2178:          static action."
2179:     ::= { ipspStaticActions 1 }
2180: 
2181: ipspDropActionLog OBJECT-TYPE
2182:     SYNTAX      Integer32
2183:     MAX-ACCESS  read-only
2184:     STATUS      current
2185:     DESCRIPTION
2186:         "This scalar indicates that a packet should be dropped WITH
2187:          action/packet logging.  This object returns a value
2188:          of 1 for IPsec policy implementations that support the drop
2189:          static action with logging."
2190:     ::= { ipspStaticActions 2 }
2191: 
2192: ipspAcceptAction OBJECT-TYPE
2193:     SYNTAX      Integer32
2194:     MAX-ACCESS  read-only
2195:     STATUS      current
2196:     DESCRIPTION
2197:         "This Scalar indicates that a packet should be accepted
2198:          (pass-through) WITHOUT action/packet logging.  This object
2199:          returns a value of 1 for IPsec policy implementations that
2200:          support the accept static action."
2201:     ::= { ipspStaticActions 3 }
2202: 
2203: ipspAcceptActionLog OBJECT-TYPE
2204:     SYNTAX      Integer32
2205:     MAX-ACCESS  read-only
2206:     STATUS      current
2207:     DESCRIPTION
2208:         "This scalar indicates that a packet should be accepted
2209:          (pass-through) WITH action/packet logging.  This object
2210:          returns a value of 1 for IPsec policy implementations that
2211:          support the accept static action with logging."
2212:     ::= { ipspStaticActions 4 }
2213: 
2214: ipspRejectIKEAction OBJECT-TYPE
2215:     SYNTAX      Integer32
2216:     MAX-ACCESS  read-only
2217:     STATUS      current
2218:     DESCRIPTION
2219:         "This scalar indicates that a packet should be rejected
2220:          WITHOUT action/packet logging.  This object returns a value
2221:          of 1 for IPsec policy implementations that support the reject
2222:          static action."
2223:     ::= { ipspStaticActions 5 }
2224: 
2225: ipspRejectIKEActionLog OBJECT-TYPE
2226:     SYNTAX      Integer32
2227:     MAX-ACCESS  read-only
2228:     STATUS      current
2229:     DESCRIPTION
2230:         "This scalar indicates that a packet should be rejected
2231:          WITH action/packet logging.  This object returns a value of 1
2232:          for IPsec policy implementations that support the reject
2233:          static action with logging."
2234:     ::= { ipspStaticActions 6 }
2235: 
2236: 
2237: --
2238: -- Preconfigured Action Table
2239: --
2240: 
2241: 
2242: ipspSaPreconfiguredActionTable OBJECT-TYPE
2243:     SYNTAX      SEQUENCE OF IpspSaPreconfiguredActionEntry
2244:     MAX-ACCESS  not-accessible
2245:     STATUS      current
2246:     DESCRIPTION
2247:         "This table is a list of non-negotiated IPsec actions (SAs)
2248:          that can be performed and contains or indicates the data
2249:          necessary to create such an SA."
2250:     ::= { ipspConfigObjects 17 }
2251: 
2252: ipspSaPreconfiguredActionEntry OBJECT-TYPE
2253:     SYNTAX      IpspSaPreconfiguredActionEntry
2254:     MAX-ACCESS  not-accessible
2255:     STATUS      current
2256:     DESCRIPTION
2257:         "One entry in the ipspSaPreconfiguredActionTable."
2258:     INDEX       { ipspSaPreActActionName, ipspSaPreActSADirection }
2259:     ::= { ipspSaPreconfiguredActionTable 1 }
2260: 
2261: IpspSaPreconfiguredActionEntry ::= SEQUENCE {
2262:     ipspSaPreActActionName                   SnmpAdminString,
2263:     ipspSaPreActSADirection                  IpspSADirection,
2264:     ipspSaPreActActionDescription            SnmpAdminString,
2265:     ipspSaPreActActionLifetimeSec            Unsigned32,
2266:     ipspSaPreActActionLifetimeKB             Unsigned32,
2267:     ipspSaPreActDoActionLogging              TruthValue,
2268:     ipspSaPreActDoPacketLogging              IpspIPPacketLogging,
2269:     ipspSaPreActDFHandling                   INTEGER,
2270:     ipspSaPreActActionType                   IpsecDoiEncapsulationMode,
2271:     ipspSaPreActAHSPI                        Integer32,
2272:     ipspSaPreActAHTransformName              SnmpAdminString,
2273:     ipspSaPreActAHSharedSecretName           SnmpAdminString,
2274:     ipspSaPreActESPSPI                       Integer32,
2275:     ipspSaPreActESPTransformName             SnmpAdminString,
2276:     ipspSaPreActESPEncSecretName             SnmpAdminString,
2277:     ipspSaPreActESPAuthSecretName            SnmpAdminString,
2278:     ipspSaPreActIPCompSPI                    Integer32,
2279:     ipspSaPreActIPCompTransformName          SnmpAdminString,
2280:     ipspSaPreActPeerGatewayIdName            SnmpAdminString,
2281:     ipspSaPreActLastChanged                  TimeStamp,
2282:     ipspSaPreActStorageType                  StorageType,
2283:     ipspSaPreActRowStatus                    RowStatus
2284: }
2285: 
2286: ipspSaPreActActionName OBJECT-TYPE
2287:     SYNTAX      SnmpAdminString (SIZE(1..32))
2288:     MAX-ACCESS  not-accessible
2289:     STATUS      current
2290:     DESCRIPTION
2291:         "This object contains the name of this
2292:          SaPreconfiguredActionEntry."
2293:     ::= { ipspSaPreconfiguredActionEntry 1 }
2294: 
2295: ipspSaPreActSADirection OBJECT-TYPE
2296:     SYNTAX      IpspSADirection
2297:     MAX-ACCESS  not-accessible
2298:     STATUS      current
2299:     DESCRIPTION
2300:         "This object indicates whether a row should apply to outgoing
2301:          or incoming SAs"
2302:     ::= { ipspSaPreconfiguredActionEntry 2 }
2303: 
2304: 
2305: ipspSaPreActActionDescription OBJECT-TYPE
2306:     SYNTAX      SnmpAdminString
2307:     MAX-ACCESS  read-create
2308:     STATUS      current
2309:     DESCRIPTION
2310:         "An administratively assigned string which may be used
2311:          to describe what the action does."
2312:     DEFVAL { "" }
2313:     ::= { ipspSaPreconfiguredActionEntry 3 }
2314: 
2315: ipspSaPreActActionLifetimeSec OBJECT-TYPE
2316:     SYNTAX      Unsigned32
2317:     MAX-ACCESS  read-create
2318:     STATUS      current
2319:     DESCRIPTION
2320:         "ipspSaPreActActionLifetimeSec specifies how long in seconds the
2321:          security association derived from this action should be used.
2322:          The default lifetime is 8 hours.
2323:          Note: the actual lifetime of the preconfigured SA will be the
2324:          lesser of the value of this object and of the value of the
2325:          MaxLifetimeSecs property of the associated transform.
2326: 
2327:          A value of 0 indicates no time limit on the lifetime
2328:          of the SA."
2329:     DEFVAL      { 28800 }
2330:     ::= { ipspSaPreconfiguredActionEntry 4 }
2331: 
2332: ipspSaPreActActionLifetimeKB OBJECT-TYPE
2333:     SYNTAX      Unsigned32
2334:     MAX-ACCESS  read-create
2335:     STATUS      current
2336:     DESCRIPTION
2337:         "ipspSaPreActActionLifetimeKB specifies how long the
2338:          security association derived from this action should be used.
2339:          After this value in KiloBytes has passed through the security
2340:          association, it should no longer be used.
2341: 
2342:          Note: the actual lifetime of the preconfigured SA will be the
2343:          lesser of the value of this object and of the value of the
2344:          MaxLifetimeKB property of the associated transform.
2345: 
2346:          The default value, '0', indicates no kilobyte limit."
2347:     DEFVAL      { 0 }
2348:     ::= { ipspSaPreconfiguredActionEntry 5 }
2349: 
2350: ipspSaPreActDoActionLogging OBJECT-TYPE
2351:     SYNTAX      TruthValue
2352:     MAX-ACCESS  read-create
2353:     STATUS      current
2354:     DESCRIPTION
2355:         "ipspSaPreActDoActionLogging specifies whether or not an audit
2356:          message should be logged when a preconfigured SA is created."
2357:     DEFVAL { false }
2358:     ::= { ipspSaPreconfiguredActionEntry 6 }
2359: 
2360: ipspSaPreActDoPacketLogging OBJECT-TYPE
2361:     SYNTAX      IpspIPPacketLogging
2362:     MAX-ACCESS  read-create
2363:     STATUS      current
2364:     DESCRIPTION
2365:         "ipspSaPreActDoPacketLogging specifies whether or not an audit
2366:          message should be logged and if there is logging, how many
2367:          bytes of the packet to place in the notification."
2368:     DEFVAL { -1 }
2369:     ::= { ipspSaPreconfiguredActionEntry 7 }
2370: 
2371: ipspSaPreActDFHandling OBJECT-TYPE
2372:     SYNTAX     INTEGER {
2373:                  reserved(0),  -- reserved
2374:                  copy(1),      -- indicates copy the DF bit from the
2375:                                -- internal to external IP header.
2376:                  set(2),       -- set the DF bit in the external IP
2377:                                -- header to 1.
2378:                  clear(3)      -- clear the DF bit in the external IP
2379:                                -- header to 0.
2380:                 }
2381:     MAX-ACCESS  read-create
2382:     STATUS      current
2383:     DESCRIPTION
2384:         "This object specifies how to process the DF bit in packets
2385:          sent through the preconfigured SA.  This object is not used
2386:          for transport SAs."
2387:     DEFVAL { copy }
2388:     ::= { ipspSaPreconfiguredActionEntry 8 }
2389: 
2390: ipspSaPreActActionType OBJECT-TYPE
2391:     SYNTAX      IpsecDoiEncapsulationMode
2392:     MAX-ACCESS  read-create
2393:     STATUS      current
2394:     DESCRIPTION
2395:         "This object specifies the encapsulation mode to use for the
2396:          preconfigured SA: tunnel or transport mode."
2397:     DEFVAL { tunnel }
2398:     ::= { ipspSaPreconfiguredActionEntry 9 }
2399: 
2400: ipspSaPreActAHSPI OBJECT-TYPE
2401:     SYNTAX      Integer32
2402:     MAX-ACCESS  read-create
2403:     STATUS      current
2404:     DESCRIPTION
2405:         "This object represents the SPI value for the AH SA."
2406:     ::= { ipspSaPreconfiguredActionEntry 10 }
2407: 
2408: ipspSaPreActAHTransformName OBJECT-TYPE
2409:     SYNTAX      SnmpAdminString (SIZE(0..32))
2410:     MAX-ACCESS  read-create
2411:     STATUS      current
2412:     DESCRIPTION
2413:         "This object is the name of the AH transform to use as an
2414:          index into the AHTransformTable.  A zero length value
2415:          indicates no transform of this type is used."
2416:     ::= { ipspSaPreconfiguredActionEntry 11 }
2417: 
2418: ipspSaPreActAHSharedSecretName OBJECT-TYPE
2419:     SYNTAX      SnmpAdminString(SIZE(0..32))
2420:     MAX-ACCESS  read-create
2421:     STATUS      current
2422:     DESCRIPTION
2423:         "This object contains a name value to be used as an index into
2424:          the ipspCredentialTable which holds the pertinent keying
2425:          information for the AH SA."
2426:     ::= { ipspSaPreconfiguredActionEntry 12 }
2427: 
2428: ipspSaPreActESPSPI OBJECT-TYPE
2429:     SYNTAX      Integer32
2430:     MAX-ACCESS  read-create
2431:     STATUS      current
2432:     DESCRIPTION
2433:         "This object represents the SPI value for the ESP SA."
2434:     ::= { ipspSaPreconfiguredActionEntry 13 }
2435: 
2436: ipspSaPreActESPTransformName OBJECT-TYPE
2437:     SYNTAX      SnmpAdminString (SIZE(0..32))
2438:     MAX-ACCESS  read-create
2439:     STATUS      current
2440:     DESCRIPTION
2441:         "This object is the name of the ESP transform to use as an
2442:          index into the ESPTransformTable.  A zero length value
2443:          indicates no transform of this type is used."
2444:     ::= { ipspSaPreconfiguredActionEntry 14 }
2445: 
2446: ipspSaPreActESPEncSecretName OBJECT-TYPE
2447:     SYNTAX      SnmpAdminString(SIZE(0..32))
2448:     MAX-ACCESS  read-create
2449:     STATUS      current
2450:     DESCRIPTION
2451:         "This object contains a name value to be used as an index into
2452:          the ipspCredentialTable which holds the pertinent keying
2453:          information for the encryption algorithm of the ESP SA."
2454:     ::= { ipspSaPreconfiguredActionEntry 15 }
2455: 
2456: ipspSaPreActESPAuthSecretName OBJECT-TYPE
2457:     SYNTAX      SnmpAdminString(SIZE(0..32))
2458:     MAX-ACCESS  read-create
2459:     STATUS      current
2460:     DESCRIPTION
2461:         "This object contains a name value to be used as an index into
2462:          the ipspCredentialTable which holds the pertinent keying
2463:          information for the authentication algorithm of the ESP SA."
2464:     ::= { ipspSaPreconfiguredActionEntry 16 }
2465: 
2466: ipspSaPreActIPCompSPI OBJECT-TYPE
2467:     SYNTAX      Integer32
2468:     MAX-ACCESS  read-create
2469:     STATUS      current
2470:     DESCRIPTION
2471:         "This object represents the SPI value for the IPComp SA."
2472:     ::= { ipspSaPreconfiguredActionEntry 17 }
2473: 
2474: ipspSaPreActIPCompTransformName OBJECT-TYPE
2475:     SYNTAX      SnmpAdminString (SIZE(0..32))
2476:     MAX-ACCESS  read-create
2477:     STATUS      current
2478:     DESCRIPTION
2479:         "This object is the name of the IPComp transform to use as an
2480:          index into the IPCompTransformTable.  A zero length value
2481:          indicates no transform of this type is used."
2482:     ::= { ipspSaPreconfiguredActionEntry 18 }
2483: 
2484: ipspSaPreActPeerGatewayIdName OBJECT-TYPE
2485:     SYNTAX      SnmpAdminString (SIZE(0..32))
2486:     MAX-ACCESS  read-create
2487:     STATUS      current
2488:     DESCRIPTION
2489:         "This object indicates the peer id name of the peer
2490:          gateway.  This object can be used to look up the peer gateway
2491:          address in the ipspPeerIdentityTable.
2492: 
2493:          This object is only used when initiating a tunnel SA, and
2494:          is not used for transport SAs.  If ipspSaPreActActionType
2495:          specifies tunnel mode and this object is empty, the peer
2496:          gateway should be determined from the source or destination
2497:          of the packet."
2498:      DEFVAL { "" }
2499:     ::= { ipspSaPreconfiguredActionEntry 19 }
2500: 
2501: ipspSaPreActLastChanged  OBJECT-TYPE
2502:     SYNTAX      TimeStamp
2503:     MAX-ACCESS  read-only
2504:     STATUS      current
2505:     DESCRIPTION
2506:         "The value of sysUpTime when this row was last modified or
2507:          created either through SNMP SETs or by some other external
2508:          means."
2509:     ::= { ipspSaPreconfiguredActionEntry 20 }
2510: 
2511: ipspSaPreActStorageType OBJECT-TYPE
2512:     SYNTAX      StorageType
2513:     MAX-ACCESS  read-create
2514:     STATUS      current
2515:     DESCRIPTION
2516:         "The storage type for this row.  Rows in this table which were
2517:          created through an external process may have a storage type
2518:          of readOnly or permanent."
2519:     DEFVAL { nonVolatile }
2520:     ::= { ipspSaPreconfiguredActionEntry 21 }
2521: 
2522: ipspSaPreActRowStatus OBJECT-TYPE
2523:     SYNTAX      RowStatus
2524:     MAX-ACCESS  read-create
2525:     STATUS      current
2526:     DESCRIPTION
2527:         "This object indicates the conceptual status of this row.
2528: 
2529:          The value of this object has no effect on whether other
2530:          objects in this conceptual row can be modified.
2531: 
2532:          If active, this object must remain active if it is referenced
2533:          by a row in another table."
2534:     ::= { ipspSaPreconfiguredActionEntry 22 }
2535: 
2536: 
2537: --
2538: -- ipspSaNegotiationParametersTable
2539: --
2540: 
2541: --   PROPERTIES   MinLifetimeSeconds
2542: --                MinLifetimeKilobytes
2543: --                RefreshThresholdSeconds
2544: --                RefreshThresholdKilobytes
2545: --                IdleDurationSeconds
2546: 
2547: ipspSaNegotiationParametersTable OBJECT-TYPE
2548:     SYNTAX      SEQUENCE OF IpspSaNegotiationParametersEntry
2549:     MAX-ACCESS  not-accessible
2550:     STATUS      current
2551:     DESCRIPTION
2552:         "This table contains reusable parameters that can be pointed
2553:          to by the ipspIkeActionTable and ipspIpsecActionTable.  These
2554:          parameters are reusable since it is likely an administrator
2555:          will want to make global policy changes to lifetime
2556:          parameters that apply to multiple actions.  This table allows
2557:          multiple rows in the other actions tables to reuse global
2558:          lifetime parameters in this table by repeatedly pointing to a
2559:          row cointained within this table."
2560:     ::= { ipspConfigObjects 18 }
2561: 
2562: ipspSaNegotiationParametersEntry OBJECT-TYPE
2563:     SYNTAX      IpspSaNegotiationParametersEntry
2564:     MAX-ACCESS  not-accessible
2565:     STATUS      current
2566:     DESCRIPTION
2567:         "Contains the attributes of one row in the
2568:          ipspSaNegotiationParametersTable."
2569:     INDEX       { ipspSaNegParamName }
2570:     ::= { ipspSaNegotiationParametersTable 1 }
2571: 
2572: IpspSaNegotiationParametersEntry ::= SEQUENCE {
2573:     ipspSaNegParamName                  SnmpAdminString,
2574:     ipspSaNegParamMinLifetimeSecs       Unsigned32,
2575:     ipspSaNegParamMinLifetimeKB         Unsigned32,
2576:     ipspSaNegParamRefreshThreshSecs     Unsigned32,
2577:     ipspSaNegParamRefreshThresholdKB    Unsigned32,
2578:     ipspSaNegParamIdleDurationSecs      Unsigned32,
2579:     ipspSaNegParamLastChanged           TimeStamp,
2580:     ipspSaNegParamStorageType           StorageType,
2581:     ipspSaNegParamRowStatus             RowStatus
2582: }
2583: 
2584: ipspSaNegParamName OBJECT-TYPE
2585:     SYNTAX      SnmpAdminString (SIZE(1..32))
2586:     MAX-ACCESS  not-accessible
2587:     STATUS      current
2588:     DESCRIPTION
2589:         "This object contains the administrative name of this
2590:          SaNegotiationParametersEntry.  This row can be referred
2591:          to by this name in other policy action tables."
2592:     ::= { ipspSaNegotiationParametersEntry 1 }
2593: 
2594: ipspSaNegParamMinLifetimeSecs OBJECT-TYPE
2595:     SYNTAX      Unsigned32
2596:     MAX-ACCESS  read-create
2597:     STATUS      current
2598:     DESCRIPTION
2599:         "ipspSaNegParamMinLifetimeSecs specifies the minimum seconds
2600:           lifetime that will be accepted from the peer."
2601:     ::= { ipspSaNegotiationParametersEntry 2 }
2602: 
2603: ipspSaNegParamMinLifetimeKB OBJECT-TYPE
2604:     SYNTAX      Unsigned32
2605:     MAX-ACCESS  read-create
2606:     STATUS      current
2607:     DESCRIPTION
2608:         "ipspSaNegParamMinLifetimeKB  specifies the minimum kilobyte
2609:           lifetime that will be accepted from the peer."
2610:     ::= { ipspSaNegotiationParametersEntry 3 }
2611: 
2612: ipspSaNegParamRefreshThreshSecs OBJECT-TYPE
2613:     SYNTAX      Unsigned32 (1..100)
2614:     MAX-ACCESS  read-create
2615:     STATUS      current
2616:     DESCRIPTION
2617:         "ipspSaNegParamRefreshThreshSecs specifies what percentage of
2618:          the seconds lifetime can expire before IKE should attempt to
2619:          renegotiate the IPsec security association.
2620:          A value between 1 and 100 representing a percentage.  A
2621:          value of 100 indicates that the IPsec security
2622:          association should not be renegotiated until the
2623:          seconds lifetime has been completely reached."
2624:     ::= { ipspSaNegotiationParametersEntry 4 }
2625: 
2626: ipspSaNegParamRefreshThresholdKB OBJECT-TYPE
2627:     SYNTAX      Unsigned32 (1..100)
2628:     MAX-ACCESS  read-create
2629:     STATUS      current
2630:     DESCRIPTION
2631:         "ipspSaNegParamRefreshThresholdKB specifies what percentage of
2632:          the kilobyte lifetime can expire before IKE should attempt
2633:          to renegotiate the IPsec security association.  A value
2634:          between 1 and 100 representing a percentage.  A value of 100
2635:          indicates that the IPsec security association should not be
2636:          renegotiated until the kilobyte lifetime has been reached."
2637:     ::= { ipspSaNegotiationParametersEntry 5 }
2638: 
2639: ipspSaNegParamIdleDurationSecs OBJECT-TYPE
2640:     SYNTAX      Unsigned32
2641:     MAX-ACCESS  read-create
2642:     STATUS      current
2643:     DESCRIPTION
2644:         "ipspSaNegParamIdleDurationSecs specifies how many seconds a
2645:          security association may remain idle (i.e., no traffic
2646:          protected using the security association) before it is
2647:          deleted.  A value of zero indicates that idle detection
2648:          should not be used for the security association.  Any
2649:          non-zero value indicates the number of seconds the security
2650:          association may remain unused."
2651:     ::= { ipspSaNegotiationParametersEntry 6 }
2652: 
2653: ipspSaNegParamLastChanged OBJECT-TYPE
2654:     SYNTAX      TimeStamp
2655:     MAX-ACCESS  read-only
2656:     STATUS      current
2657:     DESCRIPTION
2658:         "The value of sysUpTime when this row was last modified or
2659:          created either through SNMP SETs or by some other external
2660:          means."
2661:     ::= { ipspSaNegotiationParametersEntry 7 }
2662: 
2663: ipspSaNegParamStorageType OBJECT-TYPE
2664:     SYNTAX      StorageType
2665:     MAX-ACCESS  read-create
2666:     STATUS      current
2667:     DESCRIPTION
2668:         "The storage type for this row.  Rows in this table which were
2669:          created through an external process may have a storage type
2670:          of readOnly or permanent."
2671:     DEFVAL { nonVolatile }
2672:     ::= { ipspSaNegotiationParametersEntry 8 }
2673: 
2674: ipspSaNegParamRowStatus OBJECT-TYPE
2675:     SYNTAX      RowStatus
2676:     MAX-ACCESS  read-create
2677:     STATUS      current
2678:     DESCRIPTION
2679:         "This object indicates the conceptual status of this row.
2680: 
2681:          The value of this object has no effect on whether other
2682:          objects in this conceptual row can be modified.
2683: 
2684:          This object may not be set to destroy if refered to by other
2685:          rows in other action tables."
2686:     ::= { ipspSaNegotiationParametersEntry 9 }
2687: 
2688: --
2689: -- ipspIkeActionTable
2690: --
2691: 
2692: ipspIkeActionTable OBJECT-TYPE
2693:     SYNTAX          SEQUENCE OF IpspIkeActionEntry
2694:     MAX-ACCESS  not-accessible
2695:     STATUS          current
2696:     DESCRIPTION
2697:         "The ipspIkeActionTable contains a list of the parameters used
2698:          for an IKE phase 1 SA DOI negotiation.  See the corresponding
2699:          table ipspIkeActionProposalsTable for a list of proposals
2700:          contained within a given IKE Action."
2701:     ::= { ipspConfigObjects 19 }
2702: 
2703: ipspIkeActionEntry OBJECT-TYPE
2704:     SYNTAX          IpspIkeActionEntry
2705:     MAX-ACCESS  not-accessible
2706:     STATUS          current
2707:     DESCRIPTION
2708:         "The ipspIkeActionEntry lists the IKE negotiation attributes."
2709:     INDEX       { ipspIkeActName }
2710:     ::= { ipspIkeActionTable 1 }
2711: 
2712: IpspIkeActionEntry ::= SEQUENCE {
2713:     ipspIkeActName                              SnmpAdminString,
2714:     ipspIkeActParametersName                    SnmpAdminString,
2715:     ipspIkeActThresholdDerivedKeys              Integer32,
2716:     ipspIkeActExchangeMode                      INTEGER,
2717:     ipspIkeActAgressiveModeGroupId              IkeGroupDescription,
2718:     ipspIkeActIdentityType                      IpsecDoiIdentType,
2719:     ipspIkeActIdentityContext                   SnmpAdminString,
2720:     ipspIkeActPeerName                          SnmpAdminString,
2721:     ipspIkeActDoActionLogging                   TruthValue,
2722:     ipspIkeActDoPacketLogging                   IpspIPPacketLogging,
2723:     ipspIkeActVendorId                          OCTET STRING,
2724:     ipspIkeActLastChanged                       TimeStamp,
2725:     ipspIkeActStorageType                       StorageType,
2726:     ipspIkeActRowStatus                         RowStatus
2727: }
2728: 
2729: ipspIkeActName OBJECT-TYPE
2730:     SYNTAX           SnmpAdminString (SIZE(1..32))
2731:     MAX-ACCESS       not-accessible
2732:     STATUS           current
2733:     DESCRIPTION
2734:         "This object contains the name of this ikeAction entry."
2735:     ::= { ipspIkeActionEntry 1 }
2736: 
2737: ipspIkeActParametersName OBJECT-TYPE
2738:     SYNTAX           SnmpAdminString (SIZE(1..32))
2739:     MAX-ACCESS       read-create
2740:     STATUS           current
2741:     DESCRIPTION
2742:         "This object is administratively assigned to reference a row
2743:          in the ipspSaNegotiationParametersTable where additional
2744:          parameters affecting this action may be found."
2745:     ::= { ipspIkeActionEntry 2 }
2746: 
2747: ipspIkeActThresholdDerivedKeys OBJECT-TYPE
2748:     SYNTAX           Integer32 (0..100)
2749:     MAX-ACCESS       read-create
2750:     STATUS           current
2751:     DESCRIPTION
2752:         "ipspIkeActThresholdDerivedKeys specifies what percentage
2753:          of the derived key limit (see the LifetimeDerivedKeys
2754:          property of IKEProposal) can expire before IKE should attempt
2755:          to renegotiate the IKE phase 1 security association."
2756: 
2757:     DEFVAL           { 100 }
2758:     ::= { ipspIkeActionEntry 3 }
2759: 
2760: ipspIkeActExchangeMode OBJECT-TYPE
2761:     SYNTAX           INTEGER { main(1), agressive(2) }
2762:     MAX-ACCESS       read-create
2763:     STATUS           current
2764:     DESCRIPTION
2765:         "ipspIkeActExchangeMode specifies the IKE Phase 1 negotiation
2766:          mode."
2767:     DEFVAL { main }
2768:     ::= { ipspIkeActionEntry 4 }
2769: 
2770: ipspIkeActAgressiveModeGroupId OBJECT-TYPE
2771:     SYNTAX           IkeGroupDescription
2772:     MAX-ACCESS       read-create
2773:     STATUS           current
2774:     DESCRIPTION
2775:         "The values to be used for Diffie-Hellman exchange."
2776:     ::= { ipspIkeActionEntry 5 }
2777: 
2778: ipspIkeActIdentityType OBJECT-TYPE
2779:     SYNTAX      IpsecDoiIdentType
2780:     MAX-ACCESS  read-create
2781:     STATUS      current
2782:     DESCRIPTION
2783:         "This column along with ipspIkeActIdentityContext and endpoint
2784:          information is used to refer an ipspIkeIdentityEntry in the
2785:          ipspIkeIdentityTable."
2786:     ::= { ipspIkeActionEntry 6 }
2787: 
2788: ipspIkeActIdentityContext   OBJECT-TYPE
2789:     SYNTAX           SnmpAdminString (SIZE(1..32))
2790:     MAX-ACCESS       read-create
2791:     STATUS           current
2792:     DESCRIPTION
2793:         "This column, along with ipspIkeActIdentityType and endpoint
2794:          information, is used to refer to an ipspIkeIdentityEntry in the
2795:          ipspIkeIdentityTable."
2796:     ::= { ipspIkeActionEntry 7 }
2797: 
2798: ipspIkeActPeerName OBJECT-TYPE
2799:     SYNTAX      SnmpAdminString(SIZE(0..32))
2800:     MAX-ACCESS  read-create
2801:     STATUS      current
2802:     DESCRIPTION
2803:         "This object indicates the peer id name of the IKE peer.  This
2804:          object can be used to look up the peer id value, address,
2805:          credentials and other values in the ipspPeerIdentityTable."
2806:     ::= { ipspIkeActionEntry 8 }
2807: 
2808: 
2809: ipspIkeActDoActionLogging OBJECT-TYPE
2810:     SYNTAX      TruthValue
2811:     MAX-ACCESS  read-create
2812:     STATUS      current
2813:     DESCRIPTION
2814:         "ikeDoActionLogging specifies whether or not an audit
2815:          message should be logged when this ike SA is created."
2816:      DEFVAL { false }
2817:     ::= { ipspIkeActionEntry 9 }
2818: 
2819: ipspIkeActDoPacketLogging OBJECT-TYPE
2820:     SYNTAX      IpspIPPacketLogging
2821:     MAX-ACCESS  read-create
2822:     STATUS      current
2823:     DESCRIPTION
2824:         "ikeDoPacketLogging specifies whether or not an audit message
2825:          should be logged and if there is logging, how many bytes of
2826:          the packet to place in the notification."
2827:      DEFVAL { -1 }
2828:     ::= { ipspIkeActionEntry 10 }
2829: 
2830: ipspIkeActVendorId    OBJECT-TYPE
2831:     SYNTAX           OCTET STRING (SIZE(0..65535))
2832:     MAX-ACCESS       read-create
2833:     STATUS           current
2834:     DESCRIPTION
2835:         "Vendor ID Payload.  A value of NULL means that Vendor ID
2836:          payload will be neither generated nor accepted.  A non-NULL
2837:          value means that a Vendor ID payload will be generated (when
2838:          acting as an initiator) or is expected (when acting as a
2839:          responder)."
2840:     DEFVAL { "" }
2841:     ::= { ipspIkeActionEntry 11 }
2842: 
2843: ipspIkeActLastChanged OBJECT-TYPE
2844:     SYNTAX           TimeStamp
2845:     MAX-ACCESS       read-only
2846:     STATUS           current
2847:     DESCRIPTION
2848:         "The value of sysUpTime when this row was last modified or
2849:          created either through SNMP SETs or by some other external
2850:          means."
2851:     ::= { ipspIkeActionEntry 12 }
2852: 
2853: ipspIkeActStorageType OBJECT-TYPE
2854:     SYNTAX           StorageType
2855:     MAX-ACCESS       read-create
2856:     STATUS           current
2857:     DESCRIPTION
2858:         "The storage type for this row.  Rows in this table which were
2859:          created through an external process may have a storage type
2860:          of readOnly or permanent."
2861:     DEFVAL { nonVolatile }
2862:     ::= { ipspIkeActionEntry 13 }
2863: 
2864: ipspIkeActRowStatus OBJECT-TYPE
2865:     SYNTAX           RowStatus
2866:     MAX-ACCESS       read-create
2867:     STATUS           current
2868:     DESCRIPTION
2869:         "This object indicates the conceptual status of this row.
2870: 
2871:          The value of this object has no effect on whether other
2872:          objects in this conceptual row can be modified.
2873: 
2874:          This object may not be set to destroy if refered to by other
2875:          rows in other action tables."
2876:     ::= { ipspIkeActionEntry 14 }
2877: 
2878: --
2879: -- ipspIkeActionProposalsTable proposals contained within a ikeAction
2880: --
2881: 
2882: ipspIkeActionProposalsTable OBJECT-TYPE
2883:     SYNTAX      SEQUENCE OF IpspIkeActionProposalsEntry
2884:     MAX-ACCESS   not-accessible
2885:     STATUS      current
2886:     DESCRIPTION
2887:         "This table contains a list of all ike proposal names found
2888:          within a given IKE Action."
2889:     ::= { ipspConfigObjects 20 }
2890: 
2891: ipspIkeActionProposalsEntry OBJECT-TYPE
2892:     SYNTAX      IpspIkeActionProposalsEntry
2893:     MAX-ACCESS  not-accessible
2894:     STATUS      current
2895:     DESCRIPTION
2896:         "a row containing one ike proposal reference"
2897:     INDEX   { ipspIkeActName, ipspIkeActPropPriority }
2898:     ::= { ipspIkeActionProposalsTable 1 }
2899: 
2900: IpspIkeActionProposalsEntry ::= SEQUENCE {
2901:     ipspIkeActPropPriority                   Integer32,
2902:     ipspIkeActPropName                       SnmpAdminString,
2903:     ipspIkeActPropLastChanged                TimeStamp,
2904:     ipspIkeActPropStorageType                StorageType,
2905:     ipspIkeActPropRowStatus                  RowStatus
2906: }
2907: 
2908: ipspIkeActPropPriority OBJECT-TYPE
2909:     SYNTAX      Integer32 (0..65535)
2910:     MAX-ACCESS  not-accessible
2911:     STATUS      current
2912:     DESCRIPTION
2913:         "The numeric priority of a given contained proposal inside an
2914:          ike Action.  This index should be used to order the proposals
2915:          in an IKE Phase I negotiation, lowest value first."
2916:     ::= { ipspIkeActionProposalsEntry 1 }
2917: 
2918: ipspIkeActPropName OBJECT-TYPE
2919:     SYNTAX      SnmpAdminString (SIZE(1..32))
2920:     MAX-ACCESS  read-create
2921:     STATUS      current
2922:     DESCRIPTION
2923:         "The administratively assigned name that can be used to
2924:          reference a set of values contained within the
2925:          ipspIkeProposalTable."
2926:     ::= { ipspIkeActionProposalsEntry 2 }
2927: 
2928: 
2929: ipspIkeActPropLastChanged OBJECT-TYPE
2930:     SYNTAX           TimeStamp
2931:     MAX-ACCESS       read-only
2932:     STATUS           current
2933:     DESCRIPTION
2934:         "The value of sysUpTime when this row was last modified or
2935:          created either through SNMP SETs or by some other external
2936:          means."
2937:     ::= { ipspIkeActionProposalsEntry 3 }
2938: 
2939: ipspIkeActPropStorageType OBJECT-TYPE
2940:     SYNTAX           StorageType
2941:     MAX-ACCESS       read-create
2942:     STATUS           current
2943:     DESCRIPTION
2944:         "The storage type for this row.  Rows in this table which were
2945:          created through an external process may have a storage type
2946:          of readOnly or permanent."
2947:     DEFVAL { nonVolatile }
2948:     ::= { ipspIkeActionProposalsEntry 4 }
2949: 
2950: ipspIkeActPropRowStatus OBJECT-TYPE
2951:     SYNTAX           RowStatus
2952:     MAX-ACCESS       read-create
2953:     STATUS           current
2954:     DESCRIPTION
2955:         "This object indicates the conceptual status of this row.
2956: 
2957:          The value of this object has no effect on whether other
2958:          objects in this conceptual row can be modified."
2959:     ::= { ipspIkeActionProposalsEntry 5 }
2960: 
2961: --
2962: -- IKE proposal definition table
2963: --
2964: 
2965: 
2966: ipspIkeProposalTable OBJECT-TYPE
2967:     SYNTAX      SEQUENCE OF IpspIkeProposalEntry
2968:     MAX-ACCESS  not-accessible
2969:     STATUS      current
2970:     DESCRIPTION
2971:         "This table contains a list of IKE proposals which are used in
2972:          an IKE negotiation."
2973:     ::= { ipspConfigObjects 21 }
2974: 
2975: ipspIkeProposalEntry OBJECT-TYPE
2976:     SYNTAX      IpspIkeProposalEntry
2977:     MAX-ACCESS  not-accessible
2978:     STATUS      current
2979:     DESCRIPTION
2980:         "One IKE proposal entry."
2981:     INDEX       { ipspIkeActPropName }
2982:     ::= { ipspIkeProposalTable 1 }
2983: 
2984: IpspIkeProposalEntry ::= SEQUENCE {
2985:     ipspIkePropLifetimeDerivedKeys              Unsigned32,
2986:     ipspIkePropCipherAlgorithm                  IkeEncryptionAlgorithm,
2987:     ipspIkePropCipherKeyLength                  Unsigned32,
2988:     ipspIkePropCipherKeyRounds                  Unsigned32,
2989:     ipspIkePropHashAlgorithm                    IkeHashAlgorithm,
2990:     ipspIkePropPrfAlgorithm                     INTEGER,
2991:     ipspIkePropVendorId                         OCTET STRING,
2992:     ipspIkePropDhGroup                          IkeGroupDescription,
2993:     ipspIkePropAuthenticationMethod             IkeAuthMethod,
2994:     ipspIkePropMaxLifetimeSecs                  Unsigned32,
2995:     ipspIkePropMaxLifetimeKB                    Unsigned32,
2996:     ipspIkePropProposalLastChanged              TimeStamp,
2997:     ipspIkePropProposalStorageType              StorageType,
2998:     ipspIkePropProposalRowStatus                RowStatus
2999: }
3000: 
3001: ipspIkePropLifetimeDerivedKeys OBJECT-TYPE
3002:     SYNTAX      Unsigned32
3003:     MAX-ACCESS  read-create
3004:     STATUS      current
3005:     DESCRIPTION
3006:         "ipspIkePropLifetimeDerivedKeys specifies the number of times
3007:          that a phase 1 key will be used to derive a phase 2 key
3008:          before the phase 1 security association needs renegotiated."
3009:     ::= { ipspIkeProposalEntry 1 }
3010: 
3011: ipspIkePropCipherAlgorithm OBJECT-TYPE
3012:     SYNTAX      IkeEncryptionAlgorithm
3013:     MAX-ACCESS  read-create
3014:     STATUS      current
3015:     DESCRIPTION
3016:         "ipspIkePropCipherAlgorithm specifies the proposed phase 1
3017:          security association encryption algorithm."
3018:     ::= { ipspIkeProposalEntry 2 }
3019: 
3020: ipspIkePropCipherKeyLength OBJECT-TYPE
3021:     SYNTAX      Unsigned32
3022:     MAX-ACCESS  read-create
3023:     STATUS      current
3024:     DESCRIPTION
3025:         "This object specifies, in bits, the key length for
3026:          the cipher algorithm used in IKE Phase 1 negotiation."
3027:     ::= { ipspIkeProposalEntry 3 }
3028: 
3029: ipspIkePropCipherKeyRounds OBJECT-TYPE
3030:     SYNTAX      Unsigned32
3031:     MAX-ACCESS  read-create
3032:     STATUS      current
3033:     DESCRIPTION
3034:         "This object specifies the number of key rounds for
3035:          the cipher algorithm used in IKE Phase 1 negotiation."
3036:     ::= { ipspIkeProposalEntry 4 }
3037: 
3038: ipspIkePropHashAlgorithm OBJECT-TYPE
3039:     SYNTAX      IkeHashAlgorithm
3040:     MAX-ACCESS  read-create
3041:     STATUS      current
3042:     DESCRIPTION
3043:         "ipspIkePropHashAlgorithm specifies the proposed phase 1
3044:          security assocation hash algorithm."
3045:     ::= { ipspIkeProposalEntry 5 }
3046: 
3047: ipspIkePropPrfAlgorithm OBJECT-TYPE
3048:     SYNTAX      INTEGER { reserved(0) }
3049:     MAX-ACCESS  read-create
3050:     STATUS      current
3051:     DESCRIPTION
3052:         "ipPRFAlgorithm specifies the proposed phase 1 security
3053:          association psuedo-random function.
3054: 
3055:          Note: currently no prf algorithms are defined."
3056:     ::= { ipspIkeProposalEntry 6 }
3057: 
3058: ipspIkePropVendorId OBJECT-TYPE
3059:     SYNTAX      OCTET STRING (SIZE(0..255))
3060:     MAX-ACCESS  read-create
3061:     STATUS      current
3062:     DESCRIPTION
3063:         "The VendorID property is used to identify vendor-defined key
3064:          exchange GroupIDs."
3065:     ::= { ipspIkeProposalEntry 7 }
3066: 
3067: ipspIkePropDhGroup OBJECT-TYPE
3068:     SYNTAX      IkeGroupDescription
3069:     MAX-ACCESS  read-create
3070:     STATUS      current
3071:     DESCRIPTION
3072:         "This object specifies the proposed phase 1 security
3073:          association Diffie-Hellman group"
3074:     ::= { ipspIkeProposalEntry 8 }
3075: 
3076: ipspIkePropAuthenticationMethod OBJECT-TYPE
3077:     SYNTAX      IkeAuthMethod
3078:     MAX-ACCESS  read-create
3079:     STATUS      current
3080:     DESCRIPTION
3081:         "This object specifies the proposed authentication
3082:          method for the phase 1 security association."
3083:     ::= { ipspIkeProposalEntry 9 }
3084: 
3085: ipspIkePropMaxLifetimeSecs OBJECT-TYPE
3086:     SYNTAX      Unsigned32
3087:     MAX-ACCESS  read-create
3088:     STATUS      current
3089:     DESCRIPTION
3090:         "ipspIkePropMaxLifetimeSecs specifies the maximum amount of
3091:          time to propose a security association remain valid.
3092: 
3093:          A value of 0 indicates that the default lifetime of
3094:          8 hours should be used."
3095:     ::= { ipspIkeProposalEntry 10 }
3096: 
3097: ipspIkePropMaxLifetimeKB OBJECT-TYPE
3098:     SYNTAX      Unsigned32
3099:     MAX-ACCESS  read-create
3100:     STATUS      current
3101:     DESCRIPTION
3102:         "ipspIkePropMaxLifetimeKB specifies the maximum kilobyte
3103:          lifetime to propose a security association remain valid."
3104:     ::= { ipspIkeProposalEntry 11 }
3105: 
3106: ipspIkePropProposalLastChanged OBJECT-TYPE
3107:     SYNTAX      TimeStamp
3108:     MAX-ACCESS  read-only
3109:     STATUS      current
3110:     DESCRIPTION
3111:         "The value of sysUpTime when this row was last modified or
3112:          created either through SNMP SETs or by some other external
3113:          means."
3114:     ::= { ipspIkeProposalEntry 12 }
3115: 
3116: ipspIkePropProposalStorageType OBJECT-TYPE
3117:     SYNTAX      StorageType
3118:     MAX-ACCESS  read-create
3119:     STATUS      current
3120:     DESCRIPTION
3121:         "The storage type for this row.  Rows in this table which were
3122:          created through an external process may have a storage type
3123:          of readOnly or permanent."
3124:     DEFVAL { nonVolatile }
3125:     ::= { ipspIkeProposalEntry 13 }
3126: 
3127: ipspIkePropProposalRowStatus OBJECT-TYPE
3128:     SYNTAX      RowStatus
3129:     MAX-ACCESS  read-create
3130:     STATUS      current
3131:     DESCRIPTION
3132:         "This object indicates the conceptual status of this row.
3133: 
3134:          The value of this object has no effect on whether other
3135:          objects in this conceptual row can be modified."
3136:     ::= { ipspIkeProposalEntry 14 }
3137: 
3138: 
3139: --
3140: -- IPsec action definition table
3141: --
3142: ipspIpsecActionTable OBJECT-TYPE
3143:     SYNTAX      SEQUENCE OF IpspIpsecActionEntry
3144:     MAX-ACCESS  not-accessible
3145:     STATUS      current
3146:     DESCRIPTION
3147:         "The ipspIpsecActionTable contains a list of the parameters
3148:          used for an IKE phase 2 IPsec DOI negotiation."
3149:     ::= { ipspConfigObjects 22 }
3150: 
3151: ipspIpsecActionEntry OBJECT-TYPE
3152:     SYNTAX      IpspIpsecActionEntry
3153:     MAX-ACCESS  not-accessible
3154:     STATUS      current
3155:     DESCRIPTION
3156:         "The ipspIpsecActionEntry lists the IPsec negotiation
3157:          attributes."
3158:     INDEX       { ipspIpsecActName }
3159:     ::= { ipspIpsecActionTable 1 }
3160: 
3161: IpspIpsecActionEntry ::= SEQUENCE {
3162:     ipspIpsecActName                          SnmpAdminString,
3163:     ipspIpsecActParametersName                SnmpAdminString,
3164:     ipspIpsecActProposalsName                 SnmpAdminString,
3165:     ipspIpsecActUsePfs                        TruthValue,
3166:     ipspIpsecActVendorId                      OCTET STRING,
3167:     ipspIpsecActGroupId                       IkeGroupDescription,
3168:     ipspIpsecActPeerGatewayIdName             OCTET STRING,
3169:     ipspIpsecActUseIkeGroup                   TruthValue,
3170:     ipspIpsecActGranularity                   INTEGER,
3171:     ipspIpsecActMode                          INTEGER,
3172:     ipspIpsecActDFHandling                    INTEGER,
3173:     ipspIpsecActDoActionLogging               TruthValue,
3174:     ipspIpsecActDoPacketLogging               IpspIPPacketLogging,
3175:     ipspIpsecActLastChanged                   TimeStamp,
3176:     ipspIpsecActStorageType                   StorageType,
3177:     ipspIpsecActRowStatus                     RowStatus
3178: }
3179: 
3180: ipspIpsecActName OBJECT-TYPE
3181:     SYNTAX      SnmpAdminString (SIZE(1..32))
3182:     MAX-ACCESS  not-accessible
3183:     STATUS      current
3184:     DESCRIPTION
3185:          "ipspIpsecActName is the name of the ipsecAction entry."
3186:     ::= { ipspIpsecActionEntry 1 }
3187: 
3188: 
3189: ipspIpsecActParametersName OBJECT-TYPE
3190:     SYNTAX           SnmpAdminString (SIZE(1..32))
3191:     MAX-ACCESS       read-create
3192:     STATUS           current
3193:     DESCRIPTION
3194:         "This object is used to reference a row in the
3195:          ipspSaNegotiationParametersTable where additional parameters
3196:          affecting this action may be found."
3197:     ::= { ipspIpsecActionEntry 2 }
3198: 
3199: ipspIpsecActProposalsName OBJECT-TYPE
3200:     SYNTAX           SnmpAdminString (SIZE(1..32))
3201:     MAX-ACCESS       read-create
3202:     STATUS           current
3203:     DESCRIPTION
3204:         "This object is used to reference one or more rows in the
3205:          ipspIpsecProposalsTable where an ordered list of proposals
3206:          affecting this action may be found."
3207:     ::= { ipspIpsecActionEntry 3 }
3208: 
3209: ipspIpsecActUsePfs OBJECT-TYPE
3210:     SYNTAX      TruthValue
3211:     MAX-ACCESS  read-create
3212:     STATUS      current
3213:     DESCRIPTION
3214:         "This MIB object specifies whether or not perfect forward
3215:          secrecy should be used when refreshing keys.
3216:          A value of true indicates that PFS should be used."
3217:     ::= { ipspIpsecActionEntry 4 }
3218: 
3219: ipspIpsecActVendorId OBJECT-TYPE
3220:     SYNTAX      OCTET STRING (SIZE(0..255))
3221:     MAX-ACCESS  read-create
3222:     STATUS      current
3223:     DESCRIPTION
3224:         "The VendorID property is used to identify vendor-defined key
3225:          exchange GroupIDs."
3226:     ::= { ipspIpsecActionEntry 5 }
3227: 
3228: ipspIpsecActGroupId OBJECT-TYPE
3229:     SYNTAX      IkeGroupDescription
3230:     MAX-ACCESS  read-create
3231:     STATUS      current
3232:     DESCRIPTION
3233:         "This object specifies the Diffie-Hellman group to use for
3234:          phase 2 when the object ipspIpsecActUsePfs is true and the
3235:          object ipspIpsecActUseIkeGroup is false.  If the GroupID
3236:          number is from the vendor-specific range (32768-65535), the
3237:          VendorID qualifies the group number."
3238:     ::= { ipspIpsecActionEntry 6 }
3239: 
3240: ipspIpsecActPeerGatewayIdName OBJECT-TYPE
3241:     SYNTAX      OCTET STRING (SIZE(0..116))
3242:     MAX-ACCESS  read-create
3243:     STATUS      current
3244:     DESCRIPTION
3245:         "This object indicates the peer id name of the peer
3246:          gateway.  This object can be used to look up the peer id
3247:          value, address and other values in the ipspPeerIdentityTable.
3248:          This object is used when initiating a tunnel SA.  This object
3249:          is not used for transport SAs.  If no value is set and
3250:          ipspIpsecActMode is tunnel, the peer gateway should be
3251:          determined from the source or destination address of the
3252:          packet."
3253:     ::= { ipspIpsecActionEntry 7 }
3254: 
3255: ipspIpsecActUseIkeGroup OBJECT-TYPE
3256:     SYNTAX      TruthValue
3257:     MAX-ACCESS  read-create
3258:     STATUS      current
3259:     DESCRIPTION
3260:         "This object specifies whether or not to use the same GroupId
3261:          for phase 2 as was used in phase 1.  If UsePFS is false, this
3262:          entry should be ignored."
3263:     ::= { ipspIpsecActionEntry 8 }
3264: 
3265: ipspIpsecActGranularity OBJECT-TYPE
3266:     SYNTAX      INTEGER { subnet(1), address(2), protocol(3),
3267:                           port(4) }
3268:     MAX-ACCESS  read-create
3269:     STATUS      current
3270:     DESCRIPTION
3271:         "This object specifies how the proposed selector for the
3272:          security association will be created.  The selector is
3273:          created by using the FilterList information.  The selector
3274:          can be subnet, address, porotocol, or port."
3275:     ::= { ipspIpsecActionEntry 9 }
3276: 
3277: ipspIpsecActMode OBJECT-TYPE
3278:     SYNTAX      INTEGER { tunnel(1), transport(2) }
3279:     MAX-ACCESS  read-create
3280:     STATUS      current
3281:     DESCRIPTION
3282:         "This object specifies the encapsulation of the IPsec SA
3283:          to be negotiated."
3284:     DEFVAL { tunnel }
3285:     ::= { ipspIpsecActionEntry 10 }
3286: 
3287: ipspIpsecActDFHandling OBJECT-TYPE
3288:     SYNTAX      INTEGER { copy(1), set(2), clear(3) }
3289:     MAX-ACCESS  read-create
3290:     STATUS      current
3291:     DESCRIPTION
3292:         "This object specifies the processing of DF bit by the
3293:          negotiated IPsec tunnel.
3294:          1 - DF bit is copied.
3295:          2 - DF bit is set.
3296:          3 - DF bit is cleared."
3297:     DEFVAL { copy }
3298:     ::= { ipspIpsecActionEntry 11 }
3299: 
3300: ipspIpsecActDoActionLogging OBJECT-TYPE
3301:     SYNTAX      TruthValue
3302:     MAX-ACCESS  read-create
3303:     STATUS      current
3304:     DESCRIPTION
3305:         "ipspIpsecActDoActionLogging specifies whether or not an audit
3306:          message should be logged when this ipsec SA is created."
3307:      DEFVAL { false }
3308:     ::= { ipspIpsecActionEntry 12 }
3309: 
3310: ipspIpsecActDoPacketLogging OBJECT-TYPE
3311:     SYNTAX      IpspIPPacketLogging
3312:     MAX-ACCESS  read-create
3313:     STATUS      current
3314:     DESCRIPTION
3315:         "ipspIpsecActDoPacketLogging specifies whether or not an audit
3316:          message should be logged and if there is logging, how many
3317:          bytes of the packet to place in the notification."
3318:      DEFVAL { -1 }
3319:     ::= { ipspIpsecActionEntry 13 }
3320: 
3321: ipspIpsecActLastChanged OBJECT-TYPE
3322:     SYNTAX      TimeStamp
3323:     MAX-ACCESS  read-only
3324:     STATUS      current
3325:     DESCRIPTION
3326:         "The value of sysUpTime when this row was last modified or
3327:          created either through SNMP SETs or by some other external
3328:          means."
3329:     ::= { ipspIpsecActionEntry 14 }
3330: 
3331: ipspIpsecActStorageType OBJECT-TYPE
3332:     SYNTAX      StorageType
3333:     MAX-ACCESS  read-create
3334:     STATUS      current
3335:     DESCRIPTION
3336:         "The storage type for this row.  Rows in this table which were
3337:          created through an external process may have a storage type
3338:          of readOnly or permanent."
3339:     DEFVAL { nonVolatile }
3340:     ::= { ipspIpsecActionEntry 15 }
3341: 
3342: ipspIpsecActRowStatus OBJECT-TYPE
3343:     SYNTAX      RowStatus
3344:     MAX-ACCESS  read-create
3345:     STATUS      current
3346:     DESCRIPTION
3347:         "This object indicates the conceptual status of this row.
3348: 
3349:          The value of this object has no effect on whether other
3350:          objects in this conceptual row can be modified.
3351: 
3352:          If active, this object must remain active if it is referenced
3353:          by a row in another table."
3354:     ::= { ipspIpsecActionEntry 16 }
3355: 
3356: --
3357: -- ipspIpsecProposalsTable
3358: --
3359: 
3360: 
3361: ipspIpsecProposalsTable OBJECT-TYPE
3362:     SYNTAX      SEQUENCE OF IpspIpsecProposalsEntry
3363:     MAX-ACCESS  not-accessible
3364:     STATUS      current
3365:     DESCRIPTION
3366:         "This table lists one or more IPsec proposals for
3367:          IPsec actions."
3368:     ::= { ipspConfigObjects 23 }
3369: 
3370: ipspIpsecProposalsEntry OBJECT-TYPE
3371:     SYNTAX      IpspIpsecProposalsEntry
3372:     MAX-ACCESS  not-accessible
3373:     STATUS      current
3374:     DESCRIPTION
3375:         "An entry containing (possibly a portion of) a proposal."
3376:     INDEX       { ipspIpsecPropName, ipspIpsecPropPriority,
3377:                   ipspIpsecPropProtocolId }
3378:     ::= { ipspIpsecProposalsTable 1 }
3379: 
3380: IpspIpsecProposalsEntry ::= SEQUENCE {
3381:     ipspIpsecPropName                   SnmpAdminString,
3382:     ipspIpsecPropPriority               Integer32,
3383:     ipspIpsecPropProtocolId             IpsecDoiSecProtocolId,
3384:     ipspIpsecPropTransformsName         SnmpAdminString,
3385:     ipspIpsecPropLastChanged            TimeStamp,
3386:     ipspIpsecPropStorageType            StorageType,
3387:     ipspIpsecPropRowStatus              RowStatus
3388: }
3389: 
3390: ipspIpsecPropName OBJECT-TYPE
3391:     SYNTAX      SnmpAdminString (SIZE(1..32))
3392:     MAX-ACCESS  not-accessible
3393:     STATUS      current
3394:     DESCRIPTION
3395:         "The name of this proposal."
3396:     ::= { ipspIpsecProposalsEntry 1 }
3397: 
3398: ipspIpsecPropPriority OBJECT-TYPE
3399:     SYNTAX      Integer32 (0..65535)
3400:     MAX-ACCESS  not-accessible
3401:     STATUS      current
3402:     DESCRIPTION
3403:         "The priority level (AKA sequence level) of this proposal.
3404:          A lower number indicates a higher precedence."
3405:     ::= { ipspIpsecProposalsEntry 2 }
3406: 
3407: ipspIpsecPropProtocolId OBJECT-TYPE
3408:     SYNTAX      IpsecDoiSecProtocolId
3409:     MAX-ACCESS  not-accessible
3410:     STATUS      current
3411:     DESCRIPTION
3412:         "The protocol Id for the transforms for this proposal.  The
3413:          protoIsakmp(1) value is not valid for this object.
3414:          This object, along with the ipspIpsecPropTransformsName,
3415:          is the index into the ipspIpsecTransformsTable."
3416:     ::= { ipspIpsecProposalsEntry 3 }
3417: 
3418: ipspIpsecPropTransformsName OBJECT-TYPE
3419:     SYNTAX      SnmpAdminString (SIZE(1..32))
3420:     MAX-ACCESS  read-create
3421:     STATUS      current
3422:     DESCRIPTION
3423:         "The name of the transform or group of transforms for this
3424:          protocol.  This object, along with the
3425:          ipspIpsecPropProtocolId, is the index into the
3426:          ipspIpsecTransformsTable."
3427:     ::= { ipspIpsecProposalsEntry 4 }
3428: 
3429: ipspIpsecPropLastChanged OBJECT-TYPE
3430:     SYNTAX      TimeStamp
3431:     MAX-ACCESS  read-only
3432:     STATUS      current
3433:     DESCRIPTION
3434:         "The value of sysUpTime when this row was last modified or
3435:          created either through SNMP SETs or by some other external
3436:          means."
3437:     ::= { ipspIpsecProposalsEntry 5 }
3438: 
3439: ipspIpsecPropStorageType OBJECT-TYPE
3440:     SYNTAX      StorageType
3441:     MAX-ACCESS  read-create
3442:     STATUS      current
3443:     DESCRIPTION
3444:         "The storage type for this row.  Rows in this table which were
3445:          created through an external process may have a storage type
3446:          of readOnly or permanent."
3447:     DEFVAL { nonVolatile }
3448:     ::= { ipspIpsecProposalsEntry 6 }
3449: 
3450: ipspIpsecPropRowStatus OBJECT-TYPE
3451:     SYNTAX      RowStatus
3452:     MAX-ACCESS  read-create
3453:     STATUS      current
3454:     DESCRIPTION
3455:         "This object indicates the conceptual status of this row.
3456: 
3457:          The value of this object has no effect on whether other
3458:          objects in this conceptual row can be modified.
3459: 
3460:          This row may not be set to active until the corresponding row
3461:          in the ipspIpsecTransformsTable exists and is active."
3462:     ::= { ipspIpsecProposalsEntry 7 }
3463: 
3464: --
3465: -- ipspIpsecTransformsTable
3466: --
3467: 
3468: 
3469: ipspIpsecTransformsTable OBJECT-TYPE
3470:     SYNTAX      SEQUENCE OF IpspIpsecTransformsEntry
3471:     MAX-ACCESS  not-accessible
3472:     STATUS      current
3473:     DESCRIPTION
3474:         "This table lists the IPsec proposals contained within a given
3475:          IPsec action and the transforms within each of those
3476:          proposals.  These proposals and transforms can then be used
3477:          to create phase 2 negotiation proposals."
3478:     ::= { ipspConfigObjects 24 }
3479: 
3480: ipspIpsecTransformsEntry OBJECT-TYPE
3481:     SYNTAX      IpspIpsecTransformsEntry
3482:     MAX-ACCESS  not-accessible
3483:     STATUS      current
3484:     DESCRIPTION
3485:         "An entry containing the information on an IPsec transform."
3486:     INDEX       { ipspIpsecTranType, ipspIpsecTranName,
3487:                   ipspIpsecTranPriority }
3488:     ::= { ipspIpsecTransformsTable 1 }
3489: 
3490: IpspIpsecTransformsEntry ::= SEQUENCE {
3491:     ipspIpsecTranType                        IpsecDoiSecProtocolId,
3492:     ipspIpsecTranName                        SnmpAdminString,
3493:     ipspIpsecTranPriority                    Integer32,
3494:     ipspIpsecTranTransformName               SnmpAdminString,
3495:     ipspIpsecTranLastChanged                 TimeStamp,
3496:     ipspIpsecTranStorageType                 StorageType,
3497:     ipspIpsecTranRowStatus                   RowStatus
3498: }
3499: 
3500: ipspIpsecTranType OBJECT-TYPE
3501:     SYNTAX      IpsecDoiSecProtocolId
3502:     MAX-ACCESS  not-accessible
3503:     STATUS      current
3504:     DESCRIPTION
3505:         "The protocol type for this transform.  The protoIsakmp(1)
3506:          value is not valid for this object."
3507:     ::= { ipspIpsecTransformsEntry 1 }
3508: 
3509: ipspIpsecTranName OBJECT-TYPE
3510:     SYNTAX      SnmpAdminString (SIZE(1..32))
3511:     MAX-ACCESS  not-accessible
3512:     STATUS      current
3513:     DESCRIPTION
3514:         "The name for this transform or group of transforms."
3515:     ::= { ipspIpsecTransformsEntry 2 }
3516: 
3517: ipspIpsecTranPriority OBJECT-TYPE
3518:     SYNTAX      Integer32 (0..65535)
3519:     MAX-ACCESS  not-accessible
3520:     STATUS      current
3521:     DESCRIPTION
3522:         "The priority level (AKA sequence level) of the this transform
3523:          within the group of transforms.  This indicates the
3524:          preference for which algorithms are requested when the list
3525:          of transforms are sent to the remote host.  A lower number
3526:          indicates a higher precedence."
3527:     ::= { ipspIpsecTransformsEntry 3 }
3528: 
3529: ipspIpsecTranTransformName OBJECT-TYPE
3530:     SYNTAX      SnmpAdminString (SIZE(1..32))
3531:     MAX-ACCESS  read-create
3532:     STATUS      current
3533:     DESCRIPTION
3534:         "The name for the given transform.  Depending on the value of
3535:          ipspIpsecTranType, this value should be used to lookup the
3536:          transform's specific parameters in the ipspAhTransformTable,
3537:          the ipspEspTransformTable or the ipspIpcompTransformTable."
3538:     ::= { ipspIpsecTransformsEntry 4 }
3539: 
3540: ipspIpsecTranLastChanged OBJECT-TYPE
3541:     SYNTAX      TimeStamp
3542:     MAX-ACCESS  read-only
3543:     STATUS      current
3544:     DESCRIPTION
3545:         "The value of sysUpTime when this row was last modified or
3546:          created either through SNMP SETs or by some other external
3547:          means."
3548:     ::= { ipspIpsecTransformsEntry 5 }
3549: 
3550: ipspIpsecTranStorageType OBJECT-TYPE
3551:     SYNTAX      StorageType
3552:     MAX-ACCESS  read-create
3553:     STATUS      current
3554:     DESCRIPTION
3555:         "The storage type for this row.  Rows in this table which were
3556:          created through an external process may have a storage type
3557:          of readOnly or permanent."
3558:     DEFVAL { nonVolatile }
3559:     ::= { ipspIpsecTransformsEntry 6 }
3560: 
3561: ipspIpsecTranRowStatus OBJECT-TYPE
3562:     SYNTAX      RowStatus
3563:     MAX-ACCESS  read-create
3564:     STATUS      current
3565:     DESCRIPTION
3566:         "This object indicates the conceptual status of this row.
3567: 
3568:          The value of this object has no effect on whether other
3569:          objects in this conceptual row can be modified.
3570: 
3571:          This row may not be set to active until the corresponding row
3572:          in the ipspAhTransformTable, ipspEspTransformTable or the
3573:          ipspIpcompTransformTable exists."
3574:     ::= { ipspIpsecTransformsEntry 7 }
3575: 
3576: --
3577: -- AH transform definition table
3578: --
3579: 
3580: 
3581: ipspAhTransformTable OBJECT-TYPE
3582:     SYNTAX      SEQUENCE OF IpspAhTransformEntry
3583:     MAX-ACCESS  not-accessible
3584:     STATUS      current
3585:     DESCRIPTION
3586:         "This table lists all the AH transforms which can be used to
3587:          build IPsec proposals."
3588:     ::= { ipspConfigObjects 25 }
3589: 
3590: ipspAhTransformEntry OBJECT-TYPE
3591:     SYNTAX      IpspAhTransformEntry
3592:     MAX-ACCESS  not-accessible
3593:     STATUS      current
3594:     DESCRIPTION
3595:         "This entry contains the attributes of one AH transform."
3596:     INDEX       { ipspAhTranName }
3597:     ::= { ipspAhTransformTable 1 }
3598: 
3599: IpspAhTransformEntry ::= SEQUENCE {
3600:     ipspAhTranName                     SnmpAdminString,
3601:     ipspAhTranMaxLifetimeSec           Unsigned32,
3602:     ipspAhTranMaxLifetimeKB            Unsigned32,
3603:     ipspAhTranAlgorithm                IpsecDoiAuthAlgorithm,
3604:     ipspAhTranReplayProtection         TruthValue,
3605:     ipspAhTranReplayWindowSize         Unsigned32,
3606:     ipspAhTranLastChanged              TimeStamp,
3607:     ipspAhTranStorageType              StorageType,
3608:     ipspAhTranRowStatus                RowStatus
3609: }
3610: 
3611: ipspAhTranName OBJECT-TYPE
3612:     SYNTAX      SnmpAdminString (SIZE(1..32))
3613:     MAX-ACCESS  not-accessible
3614:     STATUS      current
3615:     DESCRIPTION
3616:         "This object contains the name of this AH transform.  This row
3617:          will be referred to by an ipspIpsecTransformsEntry."
3618:     ::= { ipspAhTransformEntry 1 }
3619: 
3620: ipspAhTranMaxLifetimeSec OBJECT-TYPE
3621:     SYNTAX      Unsigned32
3622:     MAX-ACCESS  read-create
3623:     STATUS      current
3624:     DESCRIPTION
3625:         "ipspAhTranMaxLifetimeSec specifies how long in seconds the
3626:          security association derived from this transform should be
3627:          used.
3628: 
3629:          A value of 0 indicates that the default lifetime of
3630:          8 hours should be used."
3631:     ::= { ipspAhTransformEntry 2 }
3632: 
3633: ipspAhTranMaxLifetimeKB OBJECT-TYPE
3634:     SYNTAX      Unsigned32
3635:     MAX-ACCESS  read-create
3636:     STATUS      current
3637:     DESCRIPTION
3638:         "ipspAhTranMaxLifetimeKB specifies how long in kilobytes the
3639:          security association derived from this transform should be
3640:          used."
3641:     ::= { ipspAhTransformEntry 3 }
3642: 
3643: ipspAhTranAlgorithm OBJECT-TYPE
3644:     SYNTAX      IpsecDoiAuthAlgorithm
3645:     MAX-ACCESS  read-create
3646:     STATUS      current
3647:     DESCRIPTION
3648:         "This object specifies the AH algorithm for this transform."
3649:     ::= { ipspAhTransformEntry 4 }
3650: 
3651: ipspAhTranReplayProtection OBJECT-TYPE
3652:     SYNTAX      TruthValue
3653:     MAX-ACCESS  read-create
3654:     STATUS      current
3655:     DESCRIPTION
3656:         "ipspAhTranReplayProtection indicates whether or not anti replay
3657:          service is to be provided by this SA."
3658:     ::= { ipspAhTransformEntry 5 }
3659: 
3660: ipspAhTranReplayWindowSize OBJECT-TYPE
3661:     SYNTAX      Unsigned32
3662:     MAX-ACCESS  read-create
3663:     STATUS      current
3664:     DESCRIPTION
3665:         "ipspAhTranReplayWindowSize indicates the size, in bits, of
3666:          the replay window to use if replay protection is true for
3667:          this transform.  The window size is assumed to be a power of
3668:          two.  If Replay Protection is false, this value can be
3669:          ignored."
3670:     ::= { ipspAhTransformEntry 6 }
3671: 
3672: ipspAhTranLastChanged OBJECT-TYPE
3673:     SYNTAX      TimeStamp
3674:     MAX-ACCESS  read-only
3675:     STATUS      current
3676:     DESCRIPTION
3677:         "The value of sysUpTime when this row was last modified or
3678:          created either through SNMP SETs or by some other external
3679:          means."
3680:     ::= { ipspAhTransformEntry 7 }
3681: 
3682: ipspAhTranStorageType OBJECT-TYPE
3683:     SYNTAX      StorageType
3684:     MAX-ACCESS  read-create
3685:     STATUS      current
3686:     DESCRIPTION
3687:         "The storage type for this row.  Rows in this table which were
3688:          created through an external process may have a storage type
3689:          of readOnly or permanent."
3690:     DEFVAL { nonVolatile }
3691:     ::= { ipspAhTransformEntry 8 }
3692: 
3693: ipspAhTranRowStatus OBJECT-TYPE
3694:     SYNTAX      RowStatus
3695:     MAX-ACCESS  read-create
3696:     STATUS      current
3697:     DESCRIPTION
3698:         "This object indicates the conceptual status of this row.
3699: 
3700:          The value of this object has no effect on whether other
3701:          objects in this conceptual row can be modified.
3702: 
3703:          If active, this object must remain active if it is referenced
3704:          by a row in another table."
3705:     ::= { ipspAhTransformEntry 9 }
3706: 
3707: 
3708: --
3709: -- ESP transform definition table
3710: --
3711: 
3712: 
3713: ipspEspTransformTable OBJECT-TYPE
3714:     SYNTAX      SEQUENCE OF IpspEspTransformEntry
3715:     MAX-ACCESS  not-accessible
3716:     STATUS      current
3717:     DESCRIPTION
3718:         "This table lists all the ESP transforms which can be used to
3719:          build IPsec proposals"
3720:     ::= { ipspConfigObjects 26 }
3721: 
3722: ipspEspTransformEntry OBJECT-TYPE
3723:     SYNTAX      IpspEspTransformEntry
3724:     MAX-ACCESS  not-accessible
3725:     STATUS      current
3726:     DESCRIPTION
3727:         "This entry contains the attributes of one ESP transform."
3728:     INDEX       { ipspEspTranName }
3729:     ::= { ipspEspTransformTable 1 }
3730: 
3731: IpspEspTransformEntry ::= SEQUENCE {
3732:     ipspEspTranName                         SnmpAdminString,
3733:     ipspEspTranMaxLifetimeSec               Unsigned32,
3734:     ipspEspTranMaxLifetimeKB                Unsigned32,
3735:     ipspEspTranCipherTransformId            IpsecDoiEspTransform,
3736:     ipspEspTranCipherKeyLength              Unsigned32,
3737:     ipspEspTranCipherKeyRounds              Unsigned32,
3738:     ipspEspTranIntegrityAlgorithmId         IpsecDoiAuthAlgorithm,
3739:     ipspEspTranReplayPrevention             TruthValue,
3740:     ipspEspTranReplayWindowSize             Unsigned32,
3741:     ipspEspTranLastChanged                  TimeStamp,
3742:     ipspEspTranStorageType                  StorageType,
3743:     ipspEspTranRowStatus                    RowStatus
3744: }
3745: 
3746: ipspEspTranName OBJECT-TYPE
3747:     SYNTAX      SnmpAdminString (SIZE(1..32))
3748:     MAX-ACCESS  not-accessible
3749:     STATUS      current
3750:     DESCRIPTION
3751:         "The name of this particular espTransform be referred to by an
3752:          ipspIpsecTransformsEntry."
3753:     ::= { ipspEspTransformEntry 1 }
3754: 
3755: ipspEspTranMaxLifetimeSec OBJECT-TYPE
3756:     SYNTAX      Unsigned32
3757:     MAX-ACCESS  read-create
3758:     STATUS      current
3759:     DESCRIPTION
3760:         "ipspEspTranMaxLifetimeSec specifies how long in seconds the
3761:          security association derived from this transform should be
3762:          used.
3763: 
3764:          A value of 0 indicates that the default lifetime of
3765:          8 hours should be used."
3766:     ::= { ipspEspTransformEntry 2 }
3767: 
3768: ipspEspTranMaxLifetimeKB OBJECT-TYPE
3769:     SYNTAX      Unsigned32
3770:     MAX-ACCESS  read-create
3771:     STATUS      current
3772:     DESCRIPTION
3773:         "ipspEspTranMaxLifetimeKB specifies how long in kilobytes the
3774:          security association derived from this transform should be
3775:          used."
3776:     ::= { ipspEspTransformEntry 3 }
3777: 
3778: ipspEspTranCipherTransformId OBJECT-TYPE
3779:     SYNTAX      IpsecDoiEspTransform
3780:     MAX-ACCESS  read-create
3781:     STATUS      current
3782:     DESCRIPTION
3783:         "This object specifies the transform ID of the ESP cipher
3784:          algorithm."
3785:     ::= { ipspEspTransformEntry 4 }
3786: 
3787: 
3788: ipspEspTranCipherKeyLength OBJECT-TYPE
3789:     SYNTAX      Unsigned32
3790:     MAX-ACCESS  read-create
3791:     STATUS      current
3792:     DESCRIPTION
3793:         "This object specifies, in bits, the key length for
3794:          the ESP cipher algorithm."
3795:     ::= { ipspEspTransformEntry 5 }
3796: 
3797: ipspEspTranCipherKeyRounds OBJECT-TYPE
3798:     SYNTAX      Unsigned32
3799:     MAX-ACCESS  read-create
3800:     STATUS      current
3801:     DESCRIPTION
3802:         "This object specifies the number of key rounds for
3803:          the ESP cipher algorithm."
3804:     ::= { ipspEspTransformEntry 6 }
3805: 
3806: ipspEspTranIntegrityAlgorithmId OBJECT-TYPE
3807:     SYNTAX      IpsecDoiAuthAlgorithm
3808:     MAX-ACCESS  read-create
3809:     STATUS      current
3810:     DESCRIPTION
3811:         "This object specifies the ESP integrity algorithm ID."
3812:     ::= { ipspEspTransformEntry 7 }
3813: 
3814: ipspEspTranReplayPrevention OBJECT-TYPE
3815:     SYNTAX      TruthValue
3816:     MAX-ACCESS  read-create
3817:     STATUS      current
3818:     DESCRIPTION
3819:         "ipspEspTranReplayPrevention indicates whether or not
3820:          anti-replay service is to be provided by this SA."
3821:     ::= { ipspEspTransformEntry 8 }
3822: 
3823: ipspEspTranReplayWindowSize OBJECT-TYPE
3824:     SYNTAX      Unsigned32
3825:     MAX-ACCESS  read-create
3826:     STATUS      current
3827:     DESCRIPTION
3828:         "ipspEspTranReplayWindowSize indicates the size, in bits, of
3829:          the replay window to use if replay protection is true for
3830:          this transform.  The window size is assumed to be a power of
3831:          two.  If Replay Protection is false, this value can be
3832:          ignored."
3833:     ::= { ipspEspTransformEntry 9 }
3834: 
3835: ipspEspTranLastChanged OBJECT-TYPE
3836:     SYNTAX      TimeStamp
3837:     MAX-ACCESS  read-only
3838:     STATUS      current
3839:     DESCRIPTION
3840:         "The value of sysUpTime when this row was last modified or
3841:          created either through SNMP SETs or by some other external
3842:          means."
3843:     ::= { ipspEspTransformEntry 10 }
3844: 
3845: ipspEspTranStorageType OBJECT-TYPE
3846:     SYNTAX      StorageType
3847:     MAX-ACCESS  read-create
3848:     STATUS      current
3849:     DESCRIPTION
3850:         "The storage type for this row.  Rows in this table which were
3851:          created through an external process may have a storage type
3852:          of readOnly or permanent."
3853:     DEFVAL { nonVolatile }
3854:     ::= { ipspEspTransformEntry 11 }
3855: 
3856: ipspEspTranRowStatus OBJECT-TYPE
3857:     SYNTAX      RowStatus
3858:     MAX-ACCESS  read-create
3859:     STATUS      current
3860:     DESCRIPTION
3861:         "This object indicates the conceptual status of this row.
3862: 
3863:          The value of this object has no effect on whether other
3864:          objects in this conceptual row can be modified.
3865: 
3866:          If active, this object must remain active if it is referenced
3867:          by a row in another table."
3868:     ::= { ipspEspTransformEntry 12 }
3869: 
3870: 
3871: --
3872: -- IP compression transform definition table
3873: --
3874: 
3875: 
3876: ipspIpcompTransformTable OBJECT-TYPE
3877:     SYNTAX      SEQUENCE OF IpspIpcompTransformEntry
3878:     MAX-ACCESS  not-accessible
3879:     STATUS      current
3880:     DESCRIPTION
3881:         "This table lists all the IP compression transforms which
3882:          can be used to build IPsec proposals during negotiation of
3883:          a phase 2 SA."
3884:     ::= { ipspConfigObjects 27 }
3885: 
3886: ipspIpcompTransformEntry OBJECT-TYPE
3887:     SYNTAX      IpspIpcompTransformEntry
3888:     MAX-ACCESS  not-accessible
3889:     STATUS      current
3890:     DESCRIPTION
3891:         "This entry contains the attributes of one IP compression
3892:          transform."
3893:     INDEX       { ipspIpcompTranName }
3894:     ::= { ipspIpcompTransformTable 1 }
3895: 
3896: IpspIpcompTransformEntry ::= SEQUENCE {
3897:     ipspIpcompTranName                      SnmpAdminString,
3898:     ipspIpcompTranMaxLifetimeSec            Unsigned32,
3899:     ipspIpcompTranMaxLifetimeKB             Unsigned32,
3900:     ipspIpcompTranAlgorithm                 IpsecDoiIpcompTransform,
3901:     ipspIpcompTranDictionarySize            Unsigned32,
3902:     ipspIpcompTranPrivateAlgorithm          Unsigned32,
3903:     ipspIpcompTranLastChanged               TimeStamp,
3904:     ipspIpcompTranStorageType               StorageType,
3905:     ipspIpcompTranRowStatus                 RowStatus
3906: }
3907: 
3908: ipspIpcompTranName OBJECT-TYPE
3909:     SYNTAX      SnmpAdminString (SIZE(1..32))
3910:     MAX-ACCESS  not-accessible
3911:     STATUS      current
3912:     DESCRIPTION
3913:         "The name of this ipspIpcompTransformEntry."
3914:     ::= { ipspIpcompTransformEntry 1 }
3915: 
3916: ipspIpcompTranMaxLifetimeSec OBJECT-TYPE
3917:     SYNTAX      Unsigned32
3918:     MAX-ACCESS  read-create
3919:     STATUS      current
3920:     DESCRIPTION
3921:         "ipspIpcompTranMaxLifetimeSec specifies how long in seconds
3922:          the security association derived from this transform should
3923:          be used.
3924: 
3925:          A value of 0 indicates that the default lifetime of
3926:          8 hours should be used."
3927:     ::= { ipspIpcompTransformEntry 2 }
3928: 
3929: ipspIpcompTranMaxLifetimeKB OBJECT-TYPE
3930:     SYNTAX      Unsigned32
3931:     MAX-ACCESS  read-create
3932:     STATUS      current
3933:     DESCRIPTION
3934:         "ipspIpcompTranMaxLifetimeKB specifies how long in kilobytes
3935:          the security association derived from this transform should
3936:          be used."
3937:     ::= { ipspIpcompTransformEntry 3 }
3938: 
3939: ipspIpcompTranAlgorithm OBJECT-TYPE
3940:     SYNTAX      IpsecDoiIpcompTransform
3941:     MAX-ACCESS  read-create
3942:     STATUS      current
3943:     DESCRIPTION
3944:         "ipspIpcompTranAlgorithm specifies the transform ID of the IP
3945:          compression algorithm."
3946:     ::= { ipspIpcompTransformEntry 4 }
3947: 
3948: ipspIpcompTranDictionarySize OBJECT-TYPE
3949:     SYNTAX      Unsigned32
3950:     MAX-ACCESS  read-create
3951:     STATUS      current
3952:     DESCRIPTION
3953:         "If the algorithm in ipspIpcompTranAlgorithm requires a
3954:          dictionary size configuration parameter, then this is the
3955:          place to put it.  This object specifies the log2 maximum size
3956:          of the dictionary for the compression algorithm."
3957:     ::= { ipspIpcompTransformEntry 5 }
3958: 
3959: ipspIpcompTranPrivateAlgorithm OBJECT-TYPE
3960:     SYNTAX      Unsigned32
3961:     MAX-ACCESS  read-create
3962:     STATUS      current
3963:     DESCRIPTION
3964:         "If ipspIpcompTranPrivateAlgorithm has a value other zero,
3965:          then it is up to the vendors implementation to determine the
3966:          meaning of this field and substitute a data compression
3967:          algorithm in place of ipspIpcompTranAlgorithm."
3968:     ::= { ipspIpcompTransformEntry 6 }
3969: 
3970: ipspIpcompTranLastChanged OBJECT-TYPE
3971:     SYNTAX      TimeStamp
3972:     MAX-ACCESS  read-only
3973:     STATUS      current
3974:     DESCRIPTION
3975:         "The value of sysUpTime when this row was last modified or
3976:          created either through SNMP SETs or by some other external
3977:          means."
3978:     ::= { ipspIpcompTransformEntry 7 }
3979: 
3980: ipspIpcompTranStorageType OBJECT-TYPE
3981:     SYNTAX      StorageType
3982:     MAX-ACCESS  read-create
3983:     STATUS      current
3984:     DESCRIPTION
3985:         "The storage type for this row.  Rows in this table which were
3986:          created through an external process may have a storage type
3987:          of readOnly or permanent."
3988:     DEFVAL { nonVolatile }
3989:     ::= { ipspIpcompTransformEntry 8 }
3990: 
3991: ipspIpcompTranRowStatus OBJECT-TYPE
3992:     SYNTAX      RowStatus
3993:     MAX-ACCESS  read-create
3994:     STATUS      current
3995:     DESCRIPTION
3996:         "This object indicates the conceptual status of this row.
3997: 
3998:          The value of this object has no effect on whether other
3999:          objects in this conceptual row can be modified.
4000: 
4001:          If active, this object must remain active if it is referenced
4002:          by a row in another table."
4003:     ::= { ipspIpcompTransformEntry 9 }
4004: 
4005: 
4006: --
4007: -- IKE identity definition table
4008: --
4009: 
4010: 
4011: ipspIkeIdentityTable OBJECT-TYPE
4012:     SYNTAX      SEQUENCE OF IpspIkeIdentityEntry
4013:     MAX-ACCESS  not-accessible
4014:     STATUS      current
4015:     DESCRIPTION
4016:         "IKEIdentity is used to represent the identities that may be
4017:          used for an IPProtocolEndpoint (or collection of
4018:          IPProtocolEndpoints) to identify itself in IKE phase 1
4019:          negotiations.  The column ikeIdentityName in an
4020:          ipspIkeActionEntry together with the ipspEndGroupIdentType
4021:          and the ipspEndGroupAddress in the PolicyEndpointToGroupTable
4022:          specifies the unique identity to use in a negotiation
4023:          exchange."
4024:     ::= { ipspConfigObjects 28 }
4025: 
4026: ipspIkeIdentityEntry OBJECT-TYPE
4027:     SYNTAX      IpspIkeIdentityEntry
4028:     MAX-ACCESS  not-accessible
4029:     STATUS      current
4030:     DESCRIPTION
4031:         "ikeIdentity lists the attributes of an IKE identity."
4032:     INDEX { ipspEndGroupIdentType, ipspEndGroupAddress,
4033:             ipspIkeActIdentityType, ipspIkeActIdentityContext }
4034:     ::= { ipspIkeIdentityTable 1 }
4035: 
4036: IpspIkeIdentityEntry ::= SEQUENCE {
4037:     ipspIkeIdCredentialName                 SnmpAdminString,
4038:     ipspIkeIdLastChanged                    TimeStamp,
4039:     ipspIkeIdStorageType                    StorageType,
4040:     ipspIkeIdRowStatus                      RowStatus
4041: }
4042: 
4043: ipspIkeIdCredentialName OBJECT-TYPE
4044:     SYNTAX      SnmpAdminString (SIZE(0..32))
4045:     MAX-ACCESS  read-create
4046:     STATUS      current
4047:     DESCRIPTION
4048:         "This value is used as an index into the ipspCredentialTable to
4049:          look up the actual credential value and other credential
4050:          information.
4051: 
4052:          For ID's without associated credential information, this
4053:          value is left blank.
4054: 
4055:          For ID's that are address types, this value may be left blank
4056:          and the associated IPProtocolEndpoint or appropriate member
4057:          of the Collection of endpoints is used."
4058:     ::= { ipspIkeIdentityEntry 1 }
4059: 
4060: ipspIkeIdLastChanged OBJECT-TYPE
4061:     SYNTAX      TimeStamp
4062:     MAX-ACCESS  read-only
4063:     STATUS      current
4064:     DESCRIPTION
4065:         "The value of sysUpTime when this row was last modified or
4066:          created either through SNMP SETs or by some other external
4067:          means."
4068:     ::= { ipspIkeIdentityEntry 2 }
4069: 
4070: ipspIkeIdStorageType OBJECT-TYPE
4071:     SYNTAX      StorageType
4072:     MAX-ACCESS  read-create
4073:     STATUS      current
4074:     DESCRIPTION
4075:         "The storage type for this row.  Rows in this table which were
4076:          created through an external process may have a storage type
4077:          of readOnly or permanent."
4078:     DEFVAL { nonVolatile }
4079:     ::= { ipspIkeIdentityEntry 3 }
4080: 
4081: ipspIkeIdRowStatus OBJECT-TYPE
4082:     SYNTAX      RowStatus
4083:     MAX-ACCESS  read-create
4084:     STATUS      current
4085:     DESCRIPTION
4086:         "This object indicates the conceptual status of this row.
4087: 
4088:          The value of this object has no effect on whether other
4089:          objects in this conceptual row can be modified.
4090: 
4091:          If active, this object must remain active if it is referenced
4092:          by a row in another table."
4093:     ::= { ipspIkeIdentityEntry 4 }
4094: 
4095: 
4096: --
4097: -- Peer Identity Table
4098: --
4099: 
4100: 
4101: ipspPeerIdentityTable OBJECT-TYPE
4102:     SYNTAX      SEQUENCE OF IpspPeerIdentityEntry
4103:     MAX-ACCESS  not-accessible
4104:     STATUS      current
4105:     DESCRIPTION
4106:         "PeerIdentity is used to represent the identities that may be
4107:          used for peers to identify themselves in IKE phase I/II
4108:          negotiations.  PeerIdentityTable aggregates the table entries
4109:          that provide mappings between identities and their
4110:          addresses."
4111:     ::= { ipspConfigObjects 29 }
4112: 
4113: ipspPeerIdentityEntry OBJECT-TYPE
4114:     SYNTAX      IpspPeerIdentityEntry
4115:     MAX-ACCESS  not-accessible
4116:     STATUS      current
4117:     DESCRIPTION
4118:         "peerIdentity matches a peer's identity to its address."
4119:     INDEX { ipspPeerIdName, ipspPeerIdPriority }
4120:     ::= { ipspPeerIdentityTable 1 }
4121: 
4122: IpspPeerIdentityEntry ::= SEQUENCE {
4123:     ipspPeerIdName                          SnmpAdminString,
4124:     ipspPeerIdPriority                      Integer32,
4125:     ipspPeerIdType                          IpsecDoiIdentType,
4126:     ipspPeerIdValue                         IpspIdentityFilter,
4127:     ipspPeerIdAddressType                   InetAddressType,
4128:     ipspPeerIdAddress                       InetAddress,
4129:     ipspPeerIdCredentialName                SnmpAdminString,
4130:     ipspPeerIdLastChanged                   TimeStamp,
4131:     ipspPeerIdStorageType                   StorageType,
4132:     ipspPeerIdRowStatus                     RowStatus
4133: }
4134: 
4135: ipspPeerIdName OBJECT-TYPE
4136:     SYNTAX      SnmpAdminString (SIZE(1..32))
4137:     MAX-ACCESS  not-accessible
4138:     STATUS      current
4139:     DESCRIPTION
4140:         "This is an administratively assigned value that, together
4141:          with ipspPeerIdPriority, uniquely identifies an entry in this
4142:          table."
4143:     ::= { ipspPeerIdentityEntry 1 }
4144: 
4145: ipspPeerIdPriority OBJECT-TYPE
4146:     SYNTAX      Integer32 (0..2147483647)
4147:     MAX-ACCESS  not-accessible
4148:     STATUS      current
4149:     DESCRIPTION
4150:         "This object, along with ipspPeerIdName, uniquely identifies an
4151:          entry in this table.  The priority also indicates the order
4152:          of peer gateways to initiate or accept SAs from (i.e. try
4153:          until success)."
4154:     ::= { ipspPeerIdentityEntry 2 }
4155: 
4156: ipspPeerIdType       OBJECT-TYPE
4157:     SYNTAX      IpsecDoiIdentType
4158:     MAX-ACCESS  read-create
4159:     STATUS      current
4160:     DESCRIPTION
4161:         "ipspPeerIdType is an enumeration identifying the type of the
4162:          Identity value."
4163:     ::= { ipspPeerIdentityEntry 3 }
4164: 
4165: ipspPeerIdValue     OBJECT-TYPE
4166:     SYNTAX      IpspIdentityFilter
4167:     MAX-ACCESS  read-create
4168:     STATUS      current
4169:     DESCRIPTION
4170:         "ipspPeerIdValue contains an Identity filter to be used to match
4171:          against the identity payload in an IKE request. If this value
4172:          matches the value in the identity payload, the credential for
4173:          the peer can be found using the ipspPeerIdCredentialName as
4174:          an index into the credential table."
4175:     ::= { ipspPeerIdentityEntry 4 }
4176: 
4177: ipspPeerIdAddressType OBJECT-TYPE
4178:     SYNTAX      InetAddressType
4179:     MAX-ACCESS  read-create
4180:     STATUS      current
4181:     DESCRIPTION
4182:         "The property ipspPeerIdAddressType specifies the format of the
4183:          ipspPeerIdAddress property value."
4184:     ::= { ipspPeerIdentityEntry 5 }
4185: 
4186: ipspPeerIdAddress OBJECT-TYPE
4187:     SYNTAX      InetAddress
4188:     MAX-ACCESS  read-create
4189:     STATUS      current
4190:     DESCRIPTION
4191:         "The property PeerAddress specifies the IP address of the
4192:          peer.  The format is specified by the ipspPeerIdAddressType.
4193: 
4194:          Values of unknown, ipv4z, ipv6z and dns are not legal values
4195:          for this object."
4196:     ::= { ipspPeerIdentityEntry 6 }
4197: 
4198: ipspPeerIdCredentialName OBJECT-TYPE
4199:     SYNTAX      SnmpAdminString (SIZE(0..32))
4200:     MAX-ACCESS  read-create
4201:     STATUS      current
4202:     DESCRIPTION
4203:         "This value is used as an index into the ipspCredentialTable to
4204:          look up the actual credential value and other credential
4205:          information.  For peer IDs that have no associated credential
4206:          information, this value is left blank."
4207:     ::= { ipspPeerIdentityEntry 7 }
4208: 
4209: ipspPeerIdLastChanged OBJECT-TYPE
4210:     SYNTAX      TimeStamp
4211:     MAX-ACCESS  read-only
4212:     STATUS      current
4213:     DESCRIPTION
4214:         "The value of sysUpTime when this row was last modified or
4215:          created either through SNMP SETs or by some other external
4216:          means."
4217:     ::= { ipspPeerIdentityEntry 8 }
4218: 
4219: ipspPeerIdStorageType OBJECT-TYPE
4220:     SYNTAX      StorageType
4221:     MAX-ACCESS  read-create
4222:     STATUS      current
4223:     DESCRIPTION
4224:         "The storage type for this row.  Rows in this table which were
4225:          created through an external process may have a storage type
4226:          of readOnly or permanent."
4227:     DEFVAL { nonVolatile }
4228:     ::= { ipspPeerIdentityEntry 9 }
4229: 
4230: ipspPeerIdRowStatus OBJECT-TYPE
4231:     SYNTAX      RowStatus
4232:     MAX-ACCESS  read-create
4233:     STATUS      current
4234:     DESCRIPTION
4235:         "This object indicates the conceptual status of this row.
4236: 
4237:          The value of this object has no effect on whether other
4238:          objects in this conceptual row can be modified.
4239: 
4240:          If active, this object must remain active if it is referenced
4241:          by a row in another table."
4242:     ::= { ipspPeerIdentityEntry 10 }
4243: 
4244: 
4245: --
4246: -- autostart IKE Table
4247: --
4248: ipspAutostartIkeTable OBJECT-TYPE
4249:     SYNTAX      SEQUENCE OF IpspAutostartIkeEntry
4250:     MAX-ACCESS  not-accessible
4251:     STATUS      current
4252:     DESCRIPTION
4253:         "The parameters in the autostart IKE Table are used to
4254:          automatically initiate IKE phaes I and II (i.e. IPsec)
4255:          negotiations on startup.  It also will initiate IKE phase I
4256:          and II negotiations for a row at the time of that row's
4257:          creation"
4258:     ::= { ipspConfigObjects 30 }
4259: 
4260: ipspAutostartIkeEntry OBJECT-TYPE
4261:     SYNTAX      IpspAutostartIkeEntry
4262:     MAX-ACCESS  not-accessible
4263:     STATUS      current
4264:     DESCRIPTION
4265:         "autostart ike provides the set of parameters to automatically
4266:          start IKE and IPsec SA's."
4267:     INDEX { ipspAutoIkePriority }
4268:     ::= { ipspAutostartIkeTable 1 }
4269: 
4270: IpspAutostartIkeEntry ::= SEQUENCE {
4271:     ipspAutoIkePriority                     Integer32,
4272:     ipspAutoIkeAction                       VariablePointer,
4273:     ipspAutoIkeAddressType                  InetAddressType,
4274:     ipspAutoIkeSourceAddress                InetAddress,
4275:     ipspAutoIkeSourcePort                   InetPortNumber,
4276:     ipspAutoIkeDestAddress                  InetAddress,
4277:     ipspAutoIkeDestPort                     InetPortNumber,
4278:     ipspAutoIkeProtocol                     Unsigned32,
4279:     ipspAutoIkeLastChanged                  TimeStamp,
4280:     ipspAutoIkeStorageType                  StorageType,
4281:     ipspAutoIkeRowStatus                    RowStatus
4282: }
4283: 
4284: ipspAutoIkePriority  OBJECT-TYPE
4285:     SYNTAX       Integer32 (0..65535)
4286:     MAX-ACCESS   not-accessible
4287:     STATUS       current
4288:     DESCRIPTION
4289:         "ipspAutoIkePriority is an index into the autostartIkeAction
4290:          table and can be used to order the autostart IKE actions."
4291:     ::= { ipspAutostartIkeEntry 1 }
4292: 
4293: ipspAutoIkeAction   OBJECT-TYPE
4294:     SYNTAX      VariablePointer
4295:     MAX-ACCESS  read-create
4296:     STATUS      current
4297:     DESCRIPTION
4298:         "This pointer is used to point to the action or compound
4299:          action that should be initiated by this row."
4300:     ::= { ipspAutostartIkeEntry 2 }
4301: 
4302: ipspAutoIkeAddressType OBJECT-TYPE
4303:     SYNTAX      InetAddressType
4304:     MAX-ACCESS  read-create
4305:     STATUS      current
4306:     DESCRIPTION
4307:         "The property ipspAutoIkeAddressType specifies the format of the
4308:          autoIke source and destination Address values.
4309: 
4310:          Values of unknown, ipv4z, ipv6z and dns are not legal values
4311:          for this object."
4312:     ::= { ipspAutostartIkeEntry 3 }
4313: 
4314: ipspAutoIkeSourceAddress OBJECT-TYPE
4315:     SYNTAX           InetAddress
4316:     MAX-ACCESS       read-create
4317:     STATUS           current
4318:     DESCRIPTION
4319:         "The property autoIkeSourecAddress specifies Source IP address
4320:          for autostarting IKE SA's, formatted according to the
4321:          appropriate convention as defined in the
4322:          ipspAutoIkeAddressType property."
4323:     ::= { ipspAutostartIkeEntry 4 }
4324: 
4325: ipspAutoIkeSourcePort OBJECT-TYPE
4326:     SYNTAX        InetPortNumber
4327:     MAX-ACCESS    read-create
4328:     STATUS        current
4329:     DESCRIPTION
4330:         "The property ipspAutoIkeSourcePort specifies the port number
4331:          for the source port for auotstarting IKE SA's.
4332: 
4333:          The value of 0 for this object is illegal."
4334:     ::= { ipspAutostartIkeEntry 5 }
4335: 
4336: ipspAutoIkeDestAddress OBJECT-TYPE
4337:     SYNTAX           InetAddress
4338:     MAX-ACCESS       read-create
4339:     STATUS           current
4340:     DESCRIPTION
4341:         "The property ipspAutoIkeDestAddress specifies the Destination
4342:          IP address for autostarting IKE SA's, formatted according to
4343:          the appropriate convention as defined in the
4344:          ipspAutoIkeAddressType property."
4345:     ::= { ipspAutostartIkeEntry 6 }
4346: 
4347: ipspAutoIkeDestPort OBJECT-TYPE
4348:     SYNTAX        InetPortNumber
4349:     MAX-ACCESS    read-create
4350:     STATUS        current
4351:     DESCRIPTION
4352:         "The property ipspAutoIkeDestPort specifies the port number for
4353:          the destination port for auotstarting IKE SA's.
4354: 
4355:          The value of 0 for this object is illegal."
4356:     ::= { ipspAutostartIkeEntry 7 }
4357: 
4358: ipspAutoIkeProtocol OBJECT-TYPE
4359:     SYNTAX      Unsigned32 (0..255)
4360:     MAX-ACCESS  read-create
4361:     STATUS      current
4362:     DESCRIPTION
4363:         "The property Protocol specifies the protocol number used in
4364:          comparing with policy filter entries and used in any phase 2
4365:          negotiations."
4366:     ::= { ipspAutostartIkeEntry 8 }
4367: 
4368: ipspAutoIkeLastChanged OBJECT-TYPE
4369:     SYNTAX      TimeStamp
4370:     MAX-ACCESS  read-only
4371:     STATUS      current
4372:     DESCRIPTION
4373:         "The value of sysUpTime when this row was last modified or
4374:          created either through SNMP SETs or by some other external
4375:          means."
4376:     ::= { ipspAutostartIkeEntry 9 }
4377: 
4378: ipspAutoIkeStorageType OBJECT-TYPE
4379:     SYNTAX      StorageType
4380:     MAX-ACCESS  read-create
4381:     STATUS      current
4382:     DESCRIPTION
4383:         "The storage type for this row.  Rows in this table which were
4384:          created through an external process may have a storage type
4385:          of readOnly or permanent."
4386:     DEFVAL { nonVolatile }
4387:     ::= { ipspAutostartIkeEntry 10 }
4388: 
4389: ipspAutoIkeRowStatus OBJECT-TYPE
4390:     SYNTAX      RowStatus
4391:     MAX-ACCESS  read-create
4392:     STATUS      current
4393:     DESCRIPTION
4394:         "This object indicates the conceptual status of this row.
4395: 
4396:          The value of this object has no effect on whether other
4397:          objects in this conceptual row can be modified."
4398: 
4399:     ::= { ipspAutostartIkeEntry 11 }
4400: 
4401: 
4402: --
4403: -- CA Table
4404: --
4405: 
4406: ipspIpsecCredMngServiceTable OBJECT-TYPE
4407:     SYNTAX      SEQUENCE OF IpspIpsecCredMngServiceEntry
4408:     MAX-ACCESS  not-accessible
4409:     STATUS      current
4410:     DESCRIPTION
4411:         "A table of Credential Management Service values.  This table
4412:          is usually used for credential/certificate values that are
4413:          used with a management service (e.g. Certificate
4414:          Authorities)."
4415:     ::= { ipspConfigObjects 31 }
4416: 
4417: ipspIpsecCredMngServiceEntry OBJECT-TYPE
4418:     SYNTAX      IpspIpsecCredMngServiceEntry
4419:     MAX-ACCESS  not-accessible
4420:     STATUS      current
4421:     DESCRIPTION
4422:         "A row in the ipspIpsecCredMngServiceTable."
4423:     INDEX   { ipspIcmsName }
4424:     ::= { ipspIpsecCredMngServiceTable 1 }
4425: 
4426: IpspIpsecCredMngServiceEntry ::= SEQUENCE {
4427:         ipspIcmsName                SnmpAdminString,
4428:         ipspIcmsDistinguishedName   OCTET STRING,
4429:         ipspIcmsPolicyStatement     OCTET STRING,
4430:         ipspIcmsMaxChainLength      Integer32,
4431:         ipspIcmsCredentialName      SnmpAdminString,
4432:         ipspIcmsLastChanged         TimeStamp,
4433:         ipspIcmsStorageType         StorageType,
4434:         ipspIcmsRowStatus           RowStatus
4435: }
4436: 
4437: ipspIcmsName OBJECT-TYPE
4438:     SYNTAX      SnmpAdminString(SIZE(1..32))
4439:     MAX-ACCESS  not-accessible
4440:     STATUS      current
4441:     DESCRIPTION
4442:         "This is an administratively assigned string used to index
4443:          this table."
4444:     ::= { ipspIpsecCredMngServiceEntry 1 }
4445: 
4446: ipspIcmsDistinguishedName OBJECT-TYPE
4447:     SYNTAX      OCTET STRING (SIZE(1..256))
4448:     MAX-ACCESS  read-create
4449:     STATUS      current
4450:     DESCRIPTION
4451:         "This value represents the Distinguished Name of the
4452:          Credential Management Service."
4453:     ::= { ipspIpsecCredMngServiceEntry 2 }
4454: 
4455: ipspIcmsPolicyStatement OBJECT-TYPE
4456:     SYNTAX      OCTET STRING (SIZE(0..1024))
4457:     MAX-ACCESS  read-create
4458:     STATUS      current
4459:     DESCRIPTION
4460:         "This Value represents the Credential Management Service
4461:          Policy Statement, or a reference describing how to obtain it
4462:          (e.g., a URL).  If one doesn't exist, this value can be left
4463:          blank"
4464:     ::= { ipspIpsecCredMngServiceEntry 3 }
4465: 
4466: ipspIcmsMaxChainLength OBJECT-TYPE
4467:     SYNTAX      Integer32 (0..255)
4468:     MAX-ACCESS  read-create
4469:     STATUS      current
4470:     DESCRIPTION
4471:         "This value is the maximum length of the chain allowble from
4472:          the Credential Management Service to the credential in
4473:          question."
4474:     DEFVAL     { 0 }
4475:     ::= { ipspIpsecCredMngServiceEntry 4}
4476: 
4477: ipspIcmsCredentialName OBJECT-TYPE
4478:     SYNTAX      SnmpAdminString (SIZE(0..32))
4479:     MAX-ACCESS  read-create
4480:     STATUS      current
4481:     DESCRIPTION
4482:         "This value is used as an index into the ipspCredentialTable
4483:          to look up the actual credential value."
4484:     ::= { ipspIpsecCredMngServiceEntry 5 }
4485: 
4486: ipspIcmsLastChanged  OBJECT-TYPE
4487:     SYNTAX      TimeStamp
4488:     MAX-ACCESS  read-only
4489:     STATUS      current
4490:     DESCRIPTION
4491:         "The value of sysUpTime when this row was last modified or
4492:          created either through SNMP SETs or by some other external
4493:          means."
4494:     ::= { ipspIpsecCredMngServiceEntry 6 }
4495: 
4496: ipspIcmsStorageType OBJECT-TYPE
4497:     SYNTAX      StorageType
4498:     MAX-ACCESS  read-create
4499:     STATUS      current
4500:     DESCRIPTION
4501:         "The storage type for this row.  Rows in this table which were
4502:          created through an external process may have a storage type
4503:          of readOnly or permanent."
4504:     DEFVAL { nonVolatile }
4505:     ::= { ipspIpsecCredMngServiceEntry 7 }
4506: 
4507: ipspIcmsRowStatus OBJECT-TYPE
4508:     SYNTAX      RowStatus
4509:     MAX-ACCESS  read-create
4510:     STATUS      current
4511:     DESCRIPTION
4512:         "This object indicates the conceptual status of this row.
4513: 
4514:          The value of this object has no effect on whether other
4515:          objects in this conceptual row can be modified.
4516: 
4517:          If active, this object must remain active if it is referenced
4518:          by a row in another table."
4519:     ::= { ipspIpsecCredMngServiceEntry 8 }
4520: 
4521: 
4522: --
4523: -- CRL Table
4524: --
4525: 
4526: ipspCredMngCRLTable OBJECT-TYPE
4527:     SYNTAX      SEQUENCE OF IpspCredMngCRLEntry
4528:     MAX-ACCESS  not-accessible
4529:     STATUS      current
4530:     DESCRIPTION
4531:         "A table of the Credential Revocation Lists (CRL) for
4532:          credential managment services."
4533:     ::= { ipspConfigObjects 32 }
4534: 
4535: ipspCredMngCRLEntry OBJECT-TYPE
4536:     SYNTAX      IpspCredMngCRLEntry
4537:     MAX-ACCESS  not-accessible
4538:     STATUS      current
4539:     DESCRIPTION
4540:         "A row in the ipspCredMngCRLTable."
4541:     INDEX   { ipspIcmsName , ipspCmcCRLName }
4542:     ::= { ipspCredMngCRLTable 1 }
4543: 
4544: IpspCredMngCRLEntry ::= SEQUENCE {
4545:         ipspCmcCRLName             SnmpAdminString,
4546:         ipspCmcDistributionPoint   OCTET STRING,
4547:         ipspCmcThisUpdate          OCTET STRING,
4548:         ipspCmcNextUpdate          OCTET STRING,
4549:         ipspCmcLastChanged         TimeStamp,
4550:         ipspCmcStorageType         StorageType,
4551:         ipspCmcRowStatus           RowStatus
4552: }
4553: 
4554: ipspCmcCRLName OBJECT-TYPE
4555:     SYNTAX      SnmpAdminString(SIZE(1..32))
4556:     MAX-ACCESS  not-accessible
4557:     STATUS      current
4558:     DESCRIPTION
4559:         "This is an administratively assigned string used to index
4560:          this table. It represents a CRL for a given CA from a given
4561:          distribution point."
4562:     ::= { ipspCredMngCRLEntry 1 }
4563: 
4564: ipspCmcDistributionPoint OBJECT-TYPE
4565:     SYNTAX      OCTET STRING (SIZE(0..256))
4566:     MAX-ACCESS  read-create
4567:     STATUS      current
4568:     DESCRIPTION
4569:         "This Value represents a Distribution Point for a Credential
4570:          Revocation List. It can be relative to the Credential
4571:          Management Service or a full name (URL, e-mail, etc...)."
4572:     ::= { ipspCredMngCRLEntry 2 }
4573: 
4574: ipspCmcThisUpdate OBJECT-TYPE
4575:     SYNTAX      OCTET STRING (SIZE(0..32))
4576:     MAX-ACCESS  read-create
4577:     STATUS      current
4578:     DESCRIPTION
4579:         "This value is the issue date of this CRL. This
4580:          should be in utctime or generalizedtime."
4581:     ::= { ipspCredMngCRLEntry 3 }
4582: 
4583: ipspCmcNextUpdate OBJECT-TYPE
4584:     SYNTAX      OCTET STRING (SIZE(0..32))
4585:     MAX-ACCESS  read-create
4586:     STATUS      current
4587:     DESCRIPTION
4588:         "This value indicates the date the next version of this CRL
4589:          will be issued. This should be in utctime or
4590:          generalizedtime."
4591:     ::= { ipspCredMngCRLEntry 4 }
4592: 
4593: ipspCmcLastChanged  OBJECT-TYPE
4594:     SYNTAX      TimeStamp
4595:     MAX-ACCESS  read-only
4596:     STATUS      current
4597:     DESCRIPTION
4598:         "The value of sysUpTime when this row was last modified or
4599:          created either through SNMP SETs or by some other external
4600:          means."
4601:     ::= { ipspCredMngCRLEntry 5 }
4602: 
4603: ipspCmcStorageType OBJECT-TYPE
4604:     SYNTAX      StorageType
4605:     MAX-ACCESS  read-create
4606:     STATUS      current
4607:     DESCRIPTION
4608:         "The storage type for this row.  Rows in this table which were
4609:          created through an external process may have a storage type
4610:          of readOnly or permanent."
4611:     DEFVAL { nonVolatile }
4612:     ::= { ipspCredMngCRLEntry 6 }
4613: 
4614: ipspCmcRowStatus OBJECT-TYPE
4615:     SYNTAX      RowStatus
4616:     MAX-ACCESS  read-create
4617:     STATUS      current
4618:     DESCRIPTION
4619:         "This object indicates the conceptual status of this row.
4620: 
4621:          The value of this object has no effect on whether other
4622:          objects in this conceptual row can be modified.
4623: 
4624:          If active, this object must remain active if it is referenced
4625:          by a row in another table."
4626:     ::= { ipspCredMngCRLEntry 7 }
4627: 
4628: 
4629: --
4630: -- Revoked Certificate Table
4631: --
4632: ipspRevokedCertificateTable OBJECT-TYPE
4633:     SYNTAX      SEQUENCE OF IpspRevokedCertificateEntry
4634:     MAX-ACCESS  not-accessible
4635:     STATUS      current
4636:     DESCRIPTION
4637:         "A table of Credentials revoked by credential managment
4638:          services.  That is, this table is a table of Certificates
4639:          that are on CRL's, Credential Revocation Lists."
4640:     ::= { ipspConfigObjects 33 }
4641: 
4642: ipspRevokedCertificateEntry OBJECT-TYPE
4643:     SYNTAX      IpspRevokedCertificateEntry
4644:     MAX-ACCESS  not-accessible
4645:     STATUS      current
4646:     DESCRIPTION
4647:         "A row in the ipspRevokedCertificateTable."
4648:     INDEX   { ipspCmcCRLName, ipspRctCertSerialNumber}
4649:     ::= { ipspRevokedCertificateTable 1 }
4650: 
4651: IpspRevokedCertificateEntry ::= SEQUENCE {
4652:         ipspRctCertSerialNumber    Unsigned32,
4653:         ipspRctRevokedDate         OCTET STRING,
4654:         ipspRctRevokedReason       INTEGER,
4655:         ipspRctLastChanged         TimeStamp,
4656:         ipspRctStorageType         StorageType,
4657:         ipspRctRowStatus           RowStatus
4658: }
4659: 
4660: ipspRctCertSerialNumber OBJECT-TYPE
4661:     SYNTAX      Unsigned32 (0..4294967295)
4662:     MAX-ACCESS  not-accessible
4663:     STATUS      current
4664:     DESCRIPTION
4665:         "This value is the serial number of the revoked certificate."
4666:     ::= { ipspRevokedCertificateEntry 1 }
4667: 
4668: ipspRctRevokedDate OBJECT-TYPE
4669:     SYNTAX      OCTET STRING (SIZE(0..32))
4670:     MAX-ACCESS  read-create
4671:     STATUS      current
4672:     DESCRIPTION
4673:         "This value is the revocation date of the certificate. This
4674:          should be in utctime or generaltime."
4675:     ::= { ipspRevokedCertificateEntry 2 }
4676: 
4677: ipspRctRevokedReason OBJECT-TYPE
4678:     SYNTAX INTEGER { reserved(0), unspecified(1), keyCompromise(2),
4679:                      cACompromise(3), affiliationChanged(4),
4680:                      superseded(5), cessationOfOperation(6),
4681:                      certificateHold(7), removeFromCRL(8) }
4682:     MAX-ACCESS  read-create
4683:     STATUS      current
4684:     DESCRIPTION
4685:         "This value is the reason this certificate was revoked."
4686:     DEFVAL         { unspecified }
4687:     ::= { ipspRevokedCertificateEntry 3 }
4688: 
4689: ipspRctLastChanged  OBJECT-TYPE
4690:     SYNTAX      TimeStamp
4691:     MAX-ACCESS  read-only
4692:     STATUS      current
4693:     DESCRIPTION
4694:         "The value of sysUpTime when this row was last modified or
4695:          created either through SNMP SETs or by some other external
4696:          means."
4697:     ::= { ipspRevokedCertificateEntry 4 }
4698: 
4699: ipspRctStorageType OBJECT-TYPE
4700:     SYNTAX      StorageType
4701:     MAX-ACCESS  read-create
4702:     STATUS      current
4703:     DESCRIPTION
4704:         "The storage type for this row.  Rows in this table which were
4705:          created through an external process may have a storage type
4706:          of readOnly or permanent."
4707:     DEFVAL { nonVolatile }
4708:     ::= { ipspRevokedCertificateEntry 5 }
4709: 
4710: ipspRctRowStatus OBJECT-TYPE
4711:     SYNTAX      RowStatus
4712:     MAX-ACCESS  read-create
4713:     STATUS      current
4714:     DESCRIPTION
4715:         "This object indicates the conceptual status of this row.
4716: 
4717:          The value of this object has no effect on whether other
4718:          objects in this conceptual row can be modified.
4719: 
4720:          If active, this object must remain active if it is referenced
4721:          by a row in another table."
4722:     ::= { ipspRevokedCertificateEntry 6 }
4723: 
4724: 
4725: --
4726: -- Credential Table
4727: --
4728: ipspCredentialTable OBJECT-TYPE
4729:     SYNTAX      SEQUENCE OF IpspCredentialEntry
4730:     MAX-ACCESS  not-accessible
4731:     STATUS      current
4732:     DESCRIPTION
4733:         "A table of credential values.  Example of Credentials are
4734:          shared secrets, certificates or kerberos tickets."
4735:     ::= { ipspConfigObjects 34 }
4736: 
4737: ipspCredentialEntry OBJECT-TYPE
4738:     SYNTAX      IpspCredentialEntry
4739:     MAX-ACCESS  not-accessible
4740:     STATUS      current
4741:     DESCRIPTION
4742:         "A row in the ipspCredentialTable."
4743:     INDEX   { ipspCredName }
4744:     ::= { ipspCredentialTable 1 }
4745: 
4746: IpspCredentialEntry ::= SEQUENCE {
4747:         ipspCredName                 SnmpAdminString,
4748:         ipspCredType                 IpspCredentialType,
4749:         ipspCredCredential           OCTET STRING,
4750:         ipspCredSize                 Integer32,
4751:         ipspCredMngName              SnmpAdminString,
4752:         ipspCredRemoteID             OCTET STRING,
4753:         ipspCredAdminStatus          IpspAdminStatus,
4754:         ipspCredLastChanged          TimeStamp,
4755:         ipspCredStorageType          StorageType,
4756:         ipspCredRowStatus            RowStatus
4757: }
4758: 
4759: ipspCredName OBJECT-TYPE
4760:     SYNTAX      SnmpAdminString(SIZE(1..32))
4761:     MAX-ACCESS  not-accessible
4762:     STATUS      current
4763:     DESCRIPTION
4764:         "This object represents the name for an entry in this table."
4765:     ::= { ipspCredentialEntry 1 }
4766: 
4767: ipspCredType OBJECT-TYPE
4768:     SYNTAX      IpspCredentialType
4769:     MAX-ACCESS  read-create
4770:     STATUS      current
4771:     DESCRIPTION
4772:         "This object represents the type of the credential for this
4773:          row."
4774:     ::= { ipspCredentialEntry 2 }
4775: 
4776: ipspCredCredential OBJECT-TYPE
4777:     SYNTAX      OCTET STRING (SIZE(0..1024))
4778:     MAX-ACCESS  read-create
4779:     STATUS      current
4780:     DESCRIPTION
4781:         "This object represents the credential value.
4782: 
4783:          If the size of the credential is greater than 1024, the
4784:          credential must be configured via the ipspCredSegmentTable.
4785: 
4786:          For credential type where the disclosure of the credential
4787:          would compromise the credential (e.g. shared secrets), when
4788:          this object is accessed for reading, it MUST return a null
4789:          length (0 length) string and MUST NOT return the configured
4790:          credential."
4791:     ::= { ipspCredentialEntry 3 }
4792: 
4793: ipspCredSize OBJECT-TYPE
4794:     SYNTAX      Integer32
4795:     MAX-ACCESS  read-only
4796:     STATUS      current
4797:     DESCRIPTION
4798:         "This value represents the size of the credential.
4799: 
4800:          If this value is greater than 1024, the ipspCreCredential
4801:          column will return an empty (0 length) string. In this case,
4802:          the value of the credential must be retrived from the
4803:          ipspCredSegmentTable.
4804: 
4805:          For credential type where the disclosure of the credential
4806:          would compromise the credential (e.g. shared secrets), when
4807:          this object is accessed for reading, it MUST return a value
4808:          of 0 and MUST NOT return the size credential."
4809:     ::= { ipspCredentialEntry 4 }
4810: 
4811: ipspCredMngName OBJECT-TYPE
4812:     SYNTAX      SnmpAdminString (SIZE(0..32))
4813:     MAX-ACCESS  read-create
4814:     STATUS      current
4815:     DESCRIPTION
4816:         "This value is used as an index into the
4817:          ipspIpsecCredMngServiceTable.  For IDs that have no credential
4818:          management service, this value is left blank."
4819:     ::= { ipspCredentialEntry 5 }
4820: 
4821: ipspCredRemoteID OBJECT-TYPE
4822:     SYNTAX      OCTET STRING(SIZE(0..256))
4823:     MAX-ACCESS  read-create
4824:     STATUS      current
4825:     DESCRIPTION
4826:         "This object represents the Identification (e.g. user name) of
4827:          the user of the key information on the remote site.  If there
4828:          is no ID associated with this credential, the value of this
4829:          object should be the null string."
4830:     ::= { ipspCredentialEntry 6 }
4831: 
4832: ipspCredAdminStatus OBJECT-TYPE
4833:     SYNTAX      IpspAdminStatus
4834:     MAX-ACCESS  read-create
4835:     STATUS      current
4836:     DESCRIPTION
4837:         "Indicates whether this credential should be considered active.
4838:          Rows with a disabled status must not be used for any purpose,
4839:          including IKE or IPSEC processing.
4840: 
4841:          For credentials whose size does not execeed the maximum size
4842:          for the ipspCredCredential, it may be set to enabled during
4843:          row creation. For larger credentials, it should be left as
4844:          disabled until all rows have been uploaded to the
4845:          ipspCredSegmentTable."
4846:     DEFVAL { disabled }
4847:     ::= { ipspCredentialEntry 7 }
4848: 
4849: ipspCredLastChanged  OBJECT-TYPE
4850:     SYNTAX      TimeStamp
4851:     MAX-ACCESS  read-only
4852:     STATUS      current
4853:     DESCRIPTION
4854:         "The value of sysUpTime when this row was last modified or
4855:          created either through SNMP SETs or by some other external
4856:          means."
4857:     ::= { ipspCredentialEntry 8 }
4858: 
4859: ipspCredStorageType OBJECT-TYPE
4860:     SYNTAX      StorageType
4861:     MAX-ACCESS  read-create
4862:     STATUS      current
4863:     DESCRIPTION
4864:         "The storage type for this row.  Rows in this table which were
4865:          created through an external process may have a storage type
4866:          of readOnly or permanent."
4867:     DEFVAL { nonVolatile }
4868:     ::= { ipspCredentialEntry 9 }
4869: 
4870: ipspCredRowStatus OBJECT-TYPE
4871:     SYNTAX      RowStatus
4872:     MAX-ACCESS  read-create
4873:     STATUS      current
4874:     DESCRIPTION
4875:         "This object indicates the conceptual status of this row.
4876: 
4877:          The value of this object has no effect on whether other
4878:          objects in this conceptual row can be modified.
4879: 
4880:          If active, this object must remain active if it is referenced
4881:          by a row in another table."
4882:     ::= { ipspCredentialEntry 10 }
4883: 
4884: 
4885: --
4886: -- Credential Segement Value Table
4887: --
4888: 
4889: ipspCredentialSegmentTable OBJECT-TYPE
4890:     SYNTAX      SEQUENCE OF IpspCredentialSegmentEntry
4891:     MAX-ACCESS  not-accessible
4892:     STATUS      current
4893:     DESCRIPTION
4894:         "A table of credential segments.  This table is used for
4895:          credentials which are larger than the maximum size allowed
4896:          for ipspCredCredential."
4897:     ::= { ipspConfigObjects 35 }
4898: 
4899: ipspCredentialSegmentEntry OBJECT-TYPE
4900:     SYNTAX      IpspCredentialSegmentEntry
4901:     MAX-ACCESS  not-accessible
4902:     STATUS      current
4903:     DESCRIPTION
4904:         "A row in the ipspCredentialSegmentTable."
4905:     INDEX   { ipspCredName, ipspCredSegIndex }
4906:     ::= { ipspCredentialSegmentTable 1 }
4907: 
4908: IpspCredentialSegmentEntry ::= SEQUENCE {
4909:         ipspCredSegIndex                Integer32,
4910:         ipspCredSegValue                OCTET STRING,
4911:         ipspCredSegLastChanged          TimeStamp,
4912:         ipspCredSegStorageType          StorageType,
4913:         ipspCredSegRowStatus            RowStatus
4914: }
4915: 
4916: ipspCredSegIndex OBJECT-TYPE
4917:     SYNTAX      Integer32 (1..65535)
4918:     MAX-ACCESS  not-accessible
4919:     STATUS      current
4920:     DESCRIPTION
4921:         "This object represents the segment number for this segment.
4922: 
4923:          By default, each segment will be 1024 octets. However, when
4924:          this table is accessed using a context of 'ipsp4096',
4925:          'ipsp8192' or 'ipsp16384' a segment size of 4096, 8192 or
4926:          16384 (respectively) will be used instead.
4927: 
4928:          The number of rows which need to be retrieved or set can be
4929:          calculated by obtaining the value of the ipspCredSize column
4930:          from the corresponding ipspCredentialTable row and dividing it
4931:          by the segment size."
4932:     ::= { ipspCredentialSegmentEntry 1 }
4933: 
4934: ipspCredSegValue OBJECT-TYPE
4935:     SYNTAX      OCTET STRING
4936:     MAX-ACCESS  read-create
4937:     STATUS      current
4938:     DESCRIPTION
4939:         "This object represents one segment of the credential.
4940: 
4941:          By default, each complete segment will be 1024 octets. (The
4942:          last  row for a given credential might be smaller, if the
4943:          credential size is not a multiple of the segment size).
4944: 
4945:          An implementation may optionally support segment sizes of
4946:          256, 4096, 8192 or the full object size when this table is
4947:          is accessed using a context of 'ipspCred256', 'ipspCred4096',
4948:          'ipspCred8192' or 'ipspCredFull' (respectively).
4949: 
4950:          The number of rows which need to be retrieved or set can be
4951:          calculated by obtaining the value of the ipspCredSize column
4952:          from the corresponding ipspCredentialTable row and dividing it
4953:          by the segment size."
4954:     ::= { ipspCredentialSegmentEntry 2 }
4955: 
4956: ipspCredSegLastChanged  OBJECT-TYPE
4957:     SYNTAX      TimeStamp
4958:     MAX-ACCESS  read-only
4959:     STATUS      current
4960:     DESCRIPTION
4961:         "The value of sysUpTime when this credential was last modified
4962:          or created either through SNMP SETs or by some other external
4963:          means. Note that the last changed type will be the same for
4964:          all segemnts of the credential."
4965:     ::= { ipspCredentialSegmentEntry 3 }
4966: 
4967: ipspCredSegStorageType OBJECT-TYPE
4968:     SYNTAX      StorageType
4969:     MAX-ACCESS  read-only
4970:     STATUS      current
4971:     DESCRIPTION
4972:         "The storage type for this row.  This object is read-only. Rows
4973:          in this table have the same value as the ipspCredStorageType
4974:          for the corresponding row in the ipspCredentialTable."
4975:     DEFVAL { nonVolatile }
4976:     ::= { ipspCredentialSegmentEntry 4 }
4977: 
4978: ipspCredSegRowStatus OBJECT-TYPE
4979:     SYNTAX      RowStatus
4980:     MAX-ACCESS  read-create
4981:     STATUS      current
4982:     DESCRIPTION
4983:         "This object indicates the conceptual status of this row.
4984: 
4985:          The segment of this object has no effect on whether other
4986:          objects in this conceptual row can be modified.
4987: 
4988:          If active, this object must remain active if it is referenced
4989:          by a row in another table."
4990:     ::= { ipspCredentialSegmentEntry 5 }
4991: 
4992: --
4993: --
4994: -- Notification objects information
4995: --
4996: --
4997: 
4998: ipspNotificationVariables OBJECT IDENTIFIER ::=
4999:    { ipspNotificationObjects 1 }
5000: 
5001: ipspNotifications OBJECT IDENTIFIER ::=
5002:    { ipspNotificationObjects 0 }
5003: 
5004: ipspActionExecuted OBJECT-TYPE
5005:     SYNTAX      VariablePointer
5006:     MAX-ACCESS  accessible-for-notify
5007:     STATUS      current
5008:     DESCRIPTION
5009:         "Points to the action instance that was executed that
5010:          resulted in the notification being sent."
5011:     ::= { ipspNotificationVariables 1 }
5012: 
5013: ipspIPInterfaceType OBJECT-TYPE
5014:     SYNTAX      InetAddressType
5015:     MAX-ACCESS  accessible-for-notify
5016:     STATUS      current
5017:     DESCRIPTION
5018:         "Contains the interface type for the interface that the
5019:          packet which triggered the notification in question is
5020:          passing through."
5021:     ::= { ipspNotificationVariables 2 }
5022: 
5023: ipspIPInterfaceAddress OBJECT-TYPE
5024:     SYNTAX      InetAddress
5025:     MAX-ACCESS  accessible-for-notify
5026:     STATUS      current
5027:     DESCRIPTION
5028:         "Contains the interface address for the interface that the
5029:          packet which triggered the notification in question is
5030:          passing through."
5031:     ::= { ipspNotificationVariables 3 }
5032: 
5033: ipspIPSourceType OBJECT-TYPE
5034:     SYNTAX      InetAddressType
5035:     MAX-ACCESS  accessible-for-notify
5036:     STATUS      current
5037:     DESCRIPTION
5038:         "Contains the source address type of the packet which
5039:          triggered the notification in question."
5040:     ::= { ipspNotificationVariables 4 }
5041: 
5042: ipspIPSourceAddress OBJECT-TYPE
5043:     SYNTAX      InetAddress
5044:     MAX-ACCESS  accessible-for-notify
5045:     STATUS      current
5046:     DESCRIPTION
5047:         "Contains the source address of the packet which triggered the
5048:          notification in question."
5049:     ::= { ipspNotificationVariables 5 }
5050: 
5051: ipspIPDestinationType OBJECT-TYPE
5052:     SYNTAX      InetAddressType
5053:     MAX-ACCESS  accessible-for-notify
5054:     STATUS      current
5055:     DESCRIPTION
5056:         "Contains the destination address type of the packet which
5057:          triggered the notification in question."
5058:     ::= { ipspNotificationVariables 6 }
5059: 
5060: ipspIPDestinationAddress OBJECT-TYPE
5061:     SYNTAX      InetAddress
5062:     MAX-ACCESS  accessible-for-notify
5063:     STATUS      current
5064:     DESCRIPTION
5065:         "Contains the destination address of the packet which
5066:          triggered the notification in question."
5067:     ::= { ipspNotificationVariables 7 }
5068: 
5069: ipspPacketDirection OBJECT-TYPE
5070:     SYNTAX      INTEGER { inbound(1), outbound(2) }
5071:     MAX-ACCESS  accessible-for-notify
5072:     STATUS      current
5073:     DESCRIPTION
5074:         "Indicates if the packet whic triggered the action in
5075:          questions was inbound our outbound."
5076:     ::= { ipspNotificationVariables 8 }
5077: 
5078: ipspPacketPart OBJECT-TYPE
5079:     SYNTAX      OCTET STRING
5080:     MAX-ACCESS  accessible-for-notify
5081:     STATUS      current
5082:     DESCRIPTION
5083:         "Is the front part of the packet that triggered this
5084:          notification.  The size is determined by the value of
5085:          'IpspIPPacketLogging' or the size of the packet, whichever
5086:          is smaller."
5087:     ::= { ipspNotificationVariables 9 }
5088: 
5089: ipspActionNotification NOTIFICATION-TYPE
5090:     OBJECTS { ipspActionExecuted, ipspIPInterfaceType,
5091:               ipspIPInterfaceAddress,
5092:               ipspIPSourceType, ipspIPSourceAddress,
5093:               ipspIPDestinationType,
5094:               ipspIPDestinationAddress,
5095:               ipspPacketDirection }
5096:     STATUS  current
5097:     DESCRIPTION
5098:         "Notification that an action was executed by a rule.  Only
5099:          actions with logging enabled will result in this notification
5100:          getting sent.  The objects sent must include the
5101:          ipspActionExecuted object which will indicate which
5102:          action was executed within the scope of the rule.
5103:          Additionally the ipspIPSourceType,
5104:          ipspIPSourceAddress, ipspIPDestinationType, and
5105:          ipspIPDestinationAddress objects must be included to
5106:          indicate the packet source and destination of the packet that
5107:          triggered the action.  Finally the
5108:          ipspIPInterfaceType, ipspIPInterfaceAddress,
5109:          and ipspPacketDirection objects are included to
5110:          indicate which interface the action was executed in
5111:          association with and if the packet was inbound or outbond
5112:          through the endpoint.
5113: 
5114:          Note that compound actions with multiple
5115:          executed subactions may result in multiple notifications
5116:          being sent from a single rule execution."
5117:     ::= { ipspNotifications 1 }
5118: 
5119: ipspPacketNotification NOTIFICATION-TYPE
5120:     OBJECTS { ipspActionExecuted, ipspIPInterfaceType,
5121:               ipspIPInterfaceAddress,
5122:               ipspIPSourceType, ipspIPSourceAddress,
5123:               ipspIPDestinationType,
5124:               ipspIPDestinationAddress,
5125:               ipspPacketDirection,
5126:               ipspPacketPart }
5127:     STATUS  current
5128:     DESCRIPTION
5129:         "Notification that a packet passed through an SA.  Only
5130:          SA's created by actions with packet logging enabled will
5131:          result in this notification getting sent.  The objects sent
5132:          must include the ipspActionExecuted which will
5133:          indicate which action was executed within the scope of the
5134:          rule.  Additionally, the ipspIPSourceType,
5135:          ipspIPSourceAddress, ipspIPDestinationType, and
5136:          ipspIPDestinationAddress, objects must be included to
5137:          indicate the packet source and destination of the packet that
5138:          triggered the action.  The ipspIPInterfaceType,
5139:          ipspIPInterfaceAddress, and ipspPacketDirection
5140:          objects are included to indicate which endpoint the packet
5141:          was associated with.  Finally, ipspPacketPart is
5142:          including for sending a variable sized part of the front of
5143:          the packet depending on the value of IpspIPPacketLogging."
5144: 
5145:     ::= { ipspNotifications 2 }
5146: 
5147: 
5148: --
5149: --
5150: -- Conformance information
5151: --
5152: --
5153: 
5154: ipspCompliances OBJECT IDENTIFIER
5155:     ::= { ipspConformanceObjects 1 }
5156: ipspGroups OBJECT IDENTIFIER
5157:     ::= { ipspConformanceObjects 2 }
5158: 
5159: --
5160: -- Compliance statements
5161: --
5162: --
5163: ipspRuleFilterCompliance MODULE-COMPLIANCE
5164:     STATUS      current
5165:     DESCRIPTION
5166:         "The compliance statement for SNMP entities that include an
5167:          IPsec MIB implementation with Endpoint, Rules, and filters
5168:          support."
5169:     MODULE -- This Module
5170:         MANDATORY-GROUPS { ipspEndpointGroup,
5171:                            ipspGroupContentsGroup,
5172:                            ipspRuleDefinitionGroup,
5173:                            ipspIPHeaderFilterGroup,
5174:                            ipspStaticFilterGroup }
5175: 
5176:         GROUP ipspIpsecSystemPolicyNameGroup
5177:         DESCRIPTION
5178:             "This group is mandatory for IPsec Policy
5179:              implementations which support a system policy group
5180:              name."
5181: 
5182:         GROUP ipspCompoundFilterGroup
5183:         DESCRIPTION
5184:             "This group is mandatory for IPsec Policy
5185:              implementations which support compound filters."
5186: 
5187:         GROUP ipspIPOffsetFilterGroup
5188:         DESCRIPTION
5189:             "This group is mandatory for IPsec Policy
5190:              implementations which support IP Offset filters.  In
5191:              general, this SHOULD be supported by a compliant IPsec
5192:              Policy implementation."
5193: 
5194:         GROUP ipspTimeFilterGroup
5195:         DESCRIPTION
5196:             "This group is mandatory for IPsec Policy
5197:              implementations which support time filters."
5198: 
5199:         GROUP ipspIpsoHeaderFilterGroup
5200:         DESCRIPTION
5201:             "This group is mandatory for IPsec Policy
5202:              implementations which support IPSO Header filters."
5203: 
5204:         GROUP ipspCredentialFilterGroup
5205:         DESCRIPTION
5206:             "This group is mandatory for IPsec Policy
5207:              implementations which support Credential filters."
5208: 
5209:         GROUP ipspPeerIdFilterGroup
5210:         DESCRIPTION
5211:             "This group is mandatory for IPsec Policy
5212:              implementations which support Peer Identity filters."
5213: 
5214:         OBJECT      ipspEndGroupRowStatus
5215:         SYNTAX      RowStatus {
5216:                 active(1), createAndGo(4), destroy(6)
5217:         }
5218:         DESCRIPTION
5219:             "Support of the values notInService(2), notReady(3),
5220:              and createAndWait(5) is not required."
5221: 
5222:         OBJECT      ipspEndGroupLastChanged
5223:         MIN-ACCESS  not-accessible
5224:         DESCRIPTION
5225:              "This object not required for compliance."
5226: 
5227:         OBJECT      ipspGroupContComponentType
5228:         SYNTAX      INTEGER {
5229:                 rule(2)
5230:         }
5231:         DESCRIPTION
5232:             "Support of the value group(1) is only required for
5233:              implementations which support Policy Groups within Policy
5234:              Groups."
5235: 
5236:         OBJECT      ipspGroupContRowStatus
5237:         SYNTAX      RowStatus {
5238:                 active(1), createAndGo(4), destroy(6)
5239:         }
5240:         DESCRIPTION
5241:             "Support of the values notInService(2), notReady(3),
5242:              and createAndWait(5) is not required."
5243: 
5244:         OBJECT      ipspGroupContLastChanged
5245:         MIN-ACCESS  not-accessible
5246:         DESCRIPTION
5247:              "This object not required for compliance."
5248: 
5249:         OBJECT      ipspRuleDefRowStatus
5250:         SYNTAX      RowStatus {
5251:                 active(1), createAndGo(4), destroy(6)
5252:         }
5253:         DESCRIPTION
5254:             "Support of the values notInService(2), notReady(3),
5255:              and createAndWait(5) is not required."
5256: 
5257:         OBJECT      ipspRuleDefLastChanged
5258:         MIN-ACCESS  not-accessible
5259:         DESCRIPTION
5260:              "This object not required for compliance."
5261: 
5262:         OBJECT      ipspCompFiltRowStatus
5263:         SYNTAX      RowStatus {
5264:                 active(1), createAndGo(4), destroy(6)
5265:         }
5266:         DESCRIPTION
5267:             "Support of the values notInService(2), notReady(3),
5268:              and createAndWait(5) is not required."
5269: 
5270:         OBJECT      ipspCompFiltLastChanged
5271:         MIN-ACCESS  not-accessible
5272:         DESCRIPTION
5273:              "This object not required for compliance."
5274: 
5275:         OBJECT      ipspSubFiltRowStatus
5276:         SYNTAX      RowStatus {
5277:                 active(1), createAndGo(4), destroy(6)
5278:         }
5279:         DESCRIPTION
5280:             "Support of the values notInService(2), notReady(3),
5281:              and createAndWait(5) is not required."
5282: 
5283:         OBJECT      ipspSubFiltLastChanged
5284:         MIN-ACCESS  not-accessible
5285:         DESCRIPTION
5286:              "This object not required for compliance."
5287: 
5288:         OBJECT      ipspIpHeadFiltIPVersion
5289:         SYNTAX      InetAddressType {
5290:                 ipv4(1), ipv6(2)
5291:         }
5292:         DESCRIPTION
5293:             "Only the ipv4 and ipv6 values make sense for this
5294:             object."
5295: 
5296:         OBJECT      ipspIpHeadFiltRowStatus
5297:         SYNTAX      RowStatus {
5298:                 active(1), createAndGo(4), destroy(6)
5299:         }
5300:         DESCRIPTION
5301:             "Support of the values notInService(2), notReady(3),
5302:              and createAndWait(5) is not required."
5303: 
5304:         OBJECT      ipspIpHeadFiltLastChanged
5305:         MIN-ACCESS  not-accessible
5306:         DESCRIPTION
5307:              "This object not required for compliance."
5308: 
5309:         OBJECT      ipspIpOffFiltRowStatus
5310:         SYNTAX      RowStatus {
5311:                 active(1), createAndGo(4), destroy(6)
5312:         }
5313:         DESCRIPTION
5314:             "Support of the values notInService(2), notReady(3),
5315:              and createAndWait(5) is not required."
5316: 
5317:         OBJECT      ipspIpOffFiltLastChanged
5318:         MIN-ACCESS  not-accessible
5319:         DESCRIPTION
5320:              "This object not required for compliance."
5321: 
5322:         OBJECT      ipspTimeFiltRowStatus
5323:         SYNTAX      RowStatus {
5324:                 active(1), createAndGo(4), destroy(6)
5325:         }
5326:         DESCRIPTION
5327:             "Support of the values notInService(2), notReady(3),
5328:              and createAndWait(5) is not required."
5329: 
5330:         OBJECT      ipspTimeFiltLastChanged
5331:         MIN-ACCESS  not-accessible
5332:         DESCRIPTION
5333:              "This object not required for compliance."
5334: 
5335:         OBJECT      ipspIpsoHeadFiltRowStatus
5336:         SYNTAX      RowStatus {
5337:                 active(1), createAndGo(4), destroy(6)
5338:         }
5339:         DESCRIPTION
5340:             "Support of the values notInService(2), notReady(3),
5341:              and createAndWait(5) is not required."
5342: 
5343:         OBJECT      ipspIpsoHeadFiltLastChanged
5344:         MIN-ACCESS  not-accessible
5345:         DESCRIPTION
5346:              "This object not required for compliance."
5347: 
5348:         OBJECT      ipspCmcDistributionPoint
5349:         MIN-ACCESS  read-only
5350:         DESCRIPTION
5351:              "Only read-only access is required for compliance."
5352: 
5353:         OBJECT      ipspCmcThisUpdate
5354:         MIN-ACCESS  read-only
5355:         DESCRIPTION
5356:              "Only read-only access is required for compliance."
5357: 
5358:         OBJECT      ipspCmcNextUpdate
5359:         MIN-ACCESS  read-only
5360:         DESCRIPTION
5361:             "Only read-only access is required for compliance."
5362: 
5363:         OBJECT      ipspCmcLastChanged
5364:         MIN-ACCESS  not-accessible
5365:         DESCRIPTION
5366:              "This object not required for compliance."
5367: 
5368:         OBJECT      ipspCmcStorageType
5369:         MIN-ACCESS  read-only
5370:         DESCRIPTION
5371:             "Only read-only access is required for compliance."
5372: 
5373:         OBJECT      ipspCmcRowStatus
5374:         SYNTAX      RowStatus {
5375:                 active(1), createAndGo(4), destroy(6)
5376:         }
5377:         MIN-ACCESS  read-only
5378:         DESCRIPTION
5379:             "Support of the values notInService(2), notReady(3),
5380:              and createAndWait(5) is not required. Only read-only
5381:              access is required for compliance."
5382: 
5383:         OBJECT      ipspRctRevokedDate
5384:         MIN-ACCESS  read-only
5385:         DESCRIPTION
5386:            "Only read-only access is required for compliance."
5387: 
5388:         OBJECT      ipspRctRevokedReason
5389:         MIN-ACCESS  read-only
5390:         DESCRIPTION
5391:            "Only read-only access is required for compliance."
5392: 
5393:         OBJECT      ipspRctLastChanged
5394:         MIN-ACCESS  not-accessible
5395:         DESCRIPTION
5396:              "This object not required for compliance."
5397: 
5398:         OBJECT      ipspRctStorageType
5399:         MIN-ACCESS  read-only
5400:         DESCRIPTION
5401:            "Only read-only access is required for compliance."
5402: 
5403:         OBJECT      ipspRctRowStatus
5404:         SYNTAX      RowStatus {
5405:                 active(1), createAndGo(4), destroy(6)
5406:         }
5407:         MIN-ACCESS  read-only
5408:         DESCRIPTION
5409:             "Support of the values notInService(2), notReady(3),
5410:              and createAndWait(5) is not required. Only read-only
5411:              access is required for compliance."
5412: 
5413:         OBJECT      ipspIcmsDistinguishedName
5414:         MIN-ACCESS  read-only
5415:         DESCRIPTION
5416:             "Only read-only access is required for compliance."
5417: 
5418:         OBJECT      ipspIcmsPolicyStatement
5419:         MIN-ACCESS  read-only
5420:         DESCRIPTION
5421:             "Only read-only access is required for compliance."
5422: 
5423:         OBJECT      ipspIcmsMaxChainLength
5424:         MIN-ACCESS  read-only
5425:         DESCRIPTION
5426:             "Only read-only access is required for compliance."
5427: 
5428:         OBJECT      ipspIcmsCredentialName
5429:         MIN-ACCESS  read-only
5430:         DESCRIPTION
5431:             "Only read-only access is required for compliance."
5432: 
5433:         OBJECT      ipspIcmsLastChanged
5434:         MIN-ACCESS  not-accessible
5435:         DESCRIPTION
5436:              "This object not required for compliance."
5437: 
5438:         OBJECT      ipspIcmsStorageType
5439:         MIN-ACCESS  read-only
5440:         DESCRIPTION
5441:             "Only read-only access is required for compliance."
5442: 
5443:         OBJECT      ipspIcmsRowStatus
5444:         SYNTAX      RowStatus {
5445:                 active(1), createAndGo(4), destroy(6)
5446:         }
5447:         MIN-ACCESS  read-only
5448:         DESCRIPTION
5449:             "Support of the values notInService(2), notReady(3),
5450:              and createAndWait(5) is not required. Only read-only
5451:              access is required for compliance."
5452: 
5453:         OBJECT      ipspCredType
5454:         MIN-ACCESS  read-only
5455:         DESCRIPTION
5456:             "Only read-only access is required for compliance."
5457: 
5458:         OBJECT      ipspCredCredential
5459:         MIN-ACCESS  read-only
5460:         DESCRIPTION
5461:             "Only read-only access is required for compliance."
5462: 
5463:         OBJECT      ipspCredMngName
5464:         MIN-ACCESS  read-only
5465:         DESCRIPTION
5466:             "Only read-only access is required for compliance."
5467: 
5468:         OBJECT      ipspCredRemoteID
5469:         MIN-ACCESS  read-only
5470:         DESCRIPTION
5471:             "Only read-only access is required for compliance."
5472: 
5473:         OBJECT      ipspCredStorageType
5474:         MIN-ACCESS  read-only
5475:         DESCRIPTION
5476:             "Only read-only access is required for compliance."
5477: 
5478:         OBJECT      ipspCredRowStatus
5479:         SYNTAX      RowStatus {
5480:                 active(1), createAndGo(4), destroy(6)
5481:         }
5482:         DESCRIPTION
5483:             "Support of the values notInService(2), notReady(3),
5484:              and createAndWait(5) is not required."
5485: 
5486:         OBJECT      ipspCredLastChanged
5487:         MIN-ACCESS  not-accessible
5488:         DESCRIPTION
5489:              "This object is optional so as not to impose an undue
5490:               burden on resource-constrained devices."
5491: 
5492:         OBJECT      ipspCredFiltRowStatus
5493:         SYNTAX      RowStatus {
5494:                 active(1), createAndGo(4), destroy(6)
5495:         }
5496:         DESCRIPTION
5497:             "Support of the values notInService(2), notReady(3),
5498:              and createAndWait(5) is not required."
5499: 
5500:         OBJECT      ipspCredFiltLastChanged
5501:         MIN-ACCESS  not-accessible
5502:         DESCRIPTION
5503:              "This object not required for compliance."
5504: 
5505:         OBJECT      ipspPeerIdFiltRowStatus
5506:         SYNTAX      RowStatus {
5507:                 active(1), createAndGo(4), destroy(6)
5508:         }
5509:         DESCRIPTION
5510:             "Support of the values notInService(2), notReady(3),
5511:              and createAndWait(5) is not required."
5512: 
5513:         OBJECT      ipspPeerIdFiltLastChanged
5514:         MIN-ACCESS  not-accessible
5515:         DESCRIPTION
5516:              "This object not required for compliance."
5517: 
5518:     ::= { ipspCompliances 1 }
5519: 
5520: 
5521: ipspIPsecCompliance MODULE-COMPLIANCE
5522:     STATUS      current
5523:     DESCRIPTION
5524:         "The compliance statement for SNMP entities that include an
5525:          IPsec MIB implementation and supports IPsec actions."
5526:     MODULE -- This Module
5527:         MANDATORY-GROUPS { ipspIpsecGroup,
5528:                            ipspStaticActionGroup,
5529:                            ipspPreconfiguredGroup }
5530: 
5531:         GROUP  ipspCompoundActionGroup
5532:         DESCRIPTION
5533:             "This group is mandatory for IPsec Policy
5534:              implementations which support compound actions."
5535: 
5536:         OBJECT      ipspCompActRowStatus
5537:         SYNTAX      RowStatus {
5538:                 active(1), createAndGo(4), destroy(6)
5539:         }
5540:         DESCRIPTION
5541:             "Support of the values notInService(2), notReady(3),
5542:              and createAndWait(5) is not required."
5543: 
5544:         OBJECT      ipspCompActLastChanged
5545:         MIN-ACCESS  not-accessible
5546:         DESCRIPTION
5547:              "This object is optional so as not to impose an undue
5548:               burden on resource-constrained devices."
5549: 
5550:         OBJECT      aiipspCompActRowStatus
5551:         SYNTAX      RowStatus {
5552:                 active(1), createAndGo(4), destroy(6)
5553:         }
5554:         DESCRIPTION
5555:             "Support of the values notInService(2), notReady(3),
5556:              and createAndWait(5) is not required."
5557: 
5558:         OBJECT      aiipspCompActLastChanged
5559:         MIN-ACCESS  not-accessible
5560:         DESCRIPTION
5561:              "This object is optional so as not to impose an undue
5562:               burden on resource-constrained devices."
5563: 
5564:         OBJECT      ipspIpsecActRowStatus
5565:         SYNTAX      RowStatus {
5566:                 active(1), createAndGo(4), destroy(6)
5567:         }
5568:         DESCRIPTION
5569:             "Support of the values notInService(2), notReady(3),
5570:              and createAndWait(5) is not required."
5571: 
5572:         OBJECT      ipspIpsecActLastChanged
5573:         MIN-ACCESS  not-accessible
5574:         DESCRIPTION
5575:              "This object is optional so as not to impose an undue
5576:               burden on resource-constrained devices."
5577: 
5578:         OBJECT      ipspIpsecPropRowStatus
5579:         SYNTAX      RowStatus {
5580:                 active(1), createAndGo(4), destroy(6)
5581:         }
5582:         DESCRIPTION
5583:             "Support of the values notInService(2), notReady(3),
5584:              and createAndWait(5) is not required."
5585: 
5586:         OBJECT      ipspIpsecPropLastChanged
5587:         MIN-ACCESS  not-accessible
5588:         DESCRIPTION
5589:              "This object is optional so as not to impose an undue
5590:               burden on resource-constrained devices."
5591: 
5592:         OBJECT      ipspIpsecTranRowStatus
5593:         SYNTAX      RowStatus {
5594:                 active(1), createAndGo(4), destroy(6)
5595:         }
5596:         DESCRIPTION
5597:             "Support of the values notInService(2), notReady(3),
5598:              and createAndWait(5) is not required."
5599: 
5600:         OBJECT      ipspIpsecTranLastChanged
5601:         MIN-ACCESS  not-accessible
5602:         DESCRIPTION
5603:              "This object is optional so as not to impose an undue
5604:               burden on resource-constrained devices."
5605: 
5606:         OBJECT      ipspSaNegParamRowStatus
5607:         SYNTAX      RowStatus {
5608:                 active(1), createAndGo(4), destroy(6)
5609:         }
5610:         DESCRIPTION
5611:             "Support of the values notInService(2), notReady(3),
5612:              and createAndWait(5) is not required."
5613: 
5614:         OBJECT      ipspSaNegParamLastChanged
5615:         MIN-ACCESS  not-accessible
5616:         DESCRIPTION
5617:              "This object is optional so as not to impose an undue
5618:               burden on resource-constrained devices."
5619: 
5620:         OBJECT      ipspAhTranRowStatus
5621:         SYNTAX      RowStatus {
5622:                 active(1), createAndGo(4), destroy(6)
5623:         }
5624:         DESCRIPTION
5625:             "Support of the values notInService(2), notReady(3),
5626:              and createAndWait(5) is not required."
5627: 
5628:         OBJECT      ipspAhTranLastChanged
5629:         MIN-ACCESS  not-accessible
5630:         DESCRIPTION
5631:              "This object is optional so as not to impose an undue
5632:               burden on resource-constrained devices."
5633: 
5634:         OBJECT      ipspEspTranRowStatus
5635:         SYNTAX      RowStatus {
5636:                 active(1), createAndGo(4), destroy(6)
5637:         }
5638:         DESCRIPTION
5639:             "Support of the values notInService(2), notReady(3),
5640:              and createAndWait(5) is not required."
5641: 
5642:         OBJECT      ipspEspTranLastChanged
5643:         MIN-ACCESS  not-accessible
5644:         DESCRIPTION
5645:              "This object is optional so as not to impose an undue
5646:               burden on resource-constrained devices."
5647: 
5648:         OBJECT      ipspIpcompTranRowStatus
5649:         SYNTAX      RowStatus {
5650:                 active(1), createAndGo(4), destroy(6)
5651:         }
5652:         DESCRIPTION
5653:             "Support of the values notInService(2), notReady(3),
5654:              and createAndWait(5) is not required."
5655: 
5656:         OBJECT      ipspIpcompTranLastChanged
5657:         MIN-ACCESS  not-accessible
5658:         DESCRIPTION
5659:              "This object is optional so as not to impose an undue
5660:               burden on resource-constrained devices."
5661: 
5662:         OBJECT      ipspPeerIdAddressType
5663:         SYNTAX      InetAddressType {
5664:                 ipv4(1), ipv6(2)
5665:         }
5666:         DESCRIPTION
5667:             "Only the ipv4 and ipv6 values make sense for this
5668:             object."
5669: 
5670:         OBJECT      ipspPeerIdRowStatus
5671:         SYNTAX      RowStatus {
5672:                 active(1), createAndGo(4), destroy(6)
5673:         }
5674:         DESCRIPTION
5675:             "Support of the values notInService(2), notReady(3),
5676:              and createAndWait(5) is not required."
5677: 
5678:         OBJECT      ipspPeerIdLastChanged
5679:         MIN-ACCESS  not-accessible
5680:         DESCRIPTION
5681:              "This object is optional so as not to impose an undue
5682:               burden on resource-constrained devices."
5683: 
5684:         OBJECT      ipspCredRowStatus
5685:         SYNTAX      RowStatus {
5686:                 active(1), createAndGo(4), destroy(6)
5687:         }
5688:         DESCRIPTION
5689:             "Support of the values notInService(2), notReady(3),
5690:              and createAndWait(5) is not required."
5691: 
5692:         OBJECT      ipspCredLastChanged
5693:         MIN-ACCESS  not-accessible
5694:         DESCRIPTION
5695:              "This object is optional so as not to impose an undue
5696:               burden on resource-constrained devices."
5697: 
5698:         OBJECT      ipspCredSegRowStatus
5699:         SYNTAX      RowStatus {
5700:                 active(1), createAndGo(4), destroy(6)
5701:         }
5702:         DESCRIPTION
5703:             "Support of the values notInService(2), notReady(3),
5704:              and createAndWait(5) is not required."
5705: 
5706:         OBJECT      ipspCredSegLastChanged
5707:         MIN-ACCESS  not-accessible
5708:         DESCRIPTION
5709:              "This object is optional so as not to impose an undue
5710:               burden on resource-constrained devices."
5711: 
5712:         OBJECT      ipspSaPreActRowStatus
5713:         SYNTAX      RowStatus {
5714:                 active(1), createAndGo(4), destroy(6)
5715:         }
5716:         DESCRIPTION
5717:             "Support of the values notInService(2), notReady(3),
5718:              and createAndWait(5) is not required."
5719: 
5720:         OBJECT      ipspSaPreActLastChanged
5721:         MIN-ACCESS  not-accessible
5722:         DESCRIPTION
5723:              "This object is optional so as not to impose an undue
5724:               burden on resource-constrained devices."
5725: 
5726:     ::= { ipspCompliances 2 }
5727: 
5728: ipspIKECompliance MODULE-COMPLIANCE
5729:     STATUS      current
5730:     DESCRIPTION
5731:         "The compliance statement for SNMP entities that include an
5732:          IPsec MIB implementation and supports IKE actions."
5733:     MODULE -- This Module
5734:         MANDATORY-GROUPS { ipspIkeGroup }
5735: 
5736:         GROUP  ipspCompoundActionGroup
5737:         DESCRIPTION
5738:             "This group is mandatory for IPsec Policy
5739:              implementations which support compound actions."
5740: 
5741:         OBJECT      ipspCompActRowStatus
5742:         SYNTAX      RowStatus {
5743:                 active(1), createAndGo(4), destroy(6)
5744:         }
5745:         DESCRIPTION
5746:             "Support of the values notInService(2), notReady(3),
5747:              and createAndWait(5) is not required."
5748: 
5749:         OBJECT      ipspCompActLastChanged
5750:         MIN-ACCESS  not-accessible
5751:         DESCRIPTION
5752:              "This object is optional so as not to impose an undue
5753:               burden on resource-constrained devices."
5754: 
5755:         OBJECT      aiipspCompActRowStatus
5756:         SYNTAX      RowStatus {
5757:                 active(1), createAndGo(4), destroy(6)
5758:         }
5759:         DESCRIPTION
5760:             "Support of the values notInService(2), notReady(3),
5761:              and createAndWait(5) is not required."
5762: 
5763:         OBJECT      aiipspCompActLastChanged
5764:         MIN-ACCESS  not-accessible
5765:         DESCRIPTION
5766:              "This object is optional so as not to impose an undue
5767:               burden on resource-constrained devices."
5768: 
5769:         OBJECT      ipspIkeActRowStatus
5770:         SYNTAX      RowStatus {
5771:                 active(1), createAndGo(4), destroy(6)
5772:         }
5773:         DESCRIPTION
5774:             "Support of the values notInService(2), notReady(3),
5775:              and createAndWait(5) is not required."
5776: 
5777:         OBJECT      ipspIkeActLastChanged
5778:         MIN-ACCESS  not-accessible
5779:         DESCRIPTION
5780:              "This object is optional so as not to impose an undue
5781:               burden on resource-constrained devices."
5782: 
5783:         OBJECT      ipspIkeActPropRowStatus
5784:         SYNTAX      RowStatus {
5785:                 active(1), createAndGo(4), destroy(6)
5786: 
5787:         }
5788:         DESCRIPTION
5789:             "Support of the values notInService(2), notReady(3),
5790:              and createAndWait(5) is not required."
5791: 
5792:         OBJECT      ipspIkeActPropLastChanged
5793:         MIN-ACCESS  not-accessible
5794:         DESCRIPTION
5795:              "This object is optional so as not to impose an undue
5796:               burden on resource-constrained devices."
5797: 
5798:         OBJECT      ipspIkePropProposalRowStatus
5799:         SYNTAX      RowStatus {
5800:                 active(1), createAndGo(4), destroy(6)
5801:         }
5802:         DESCRIPTION
5803:             "Support of the values notInService(2), notReady(3),
5804:              and createAndWait(5) is not required."
5805: 
5806:         OBJECT      ipspIkePropProposalLastChanged
5807:         MIN-ACCESS  not-accessible
5808:         DESCRIPTION
5809:              "This object is optional so as not to impose an undue
5810:               burden on resource-constrained devices."
5811: 
5812:         OBJECT      ipspSaNegParamRowStatus
5813:         SYNTAX      RowStatus {
5814:                 active(1), createAndGo(4), destroy(6)
5815:         }
5816:         DESCRIPTION
5817:             "Support of the values notInService(2), notReady(3),
5818:              and createAndWait(5) is not required."
5819: 
5820:         OBJECT      ipspSaNegParamLastChanged
5821:         MIN-ACCESS  not-accessible
5822:         DESCRIPTION
5823:              "This object is optional so as not to impose an undue
5824:               burden on resource-constrained devices."
5825: 
5826:         OBJECT      ipspIkeIdRowStatus
5827:         SYNTAX      RowStatus {
5828:                 active(1), createAndGo(4), destroy(6)
5829:         }
5830:         DESCRIPTION
5831:             "Support of the values notInService(2), notReady(3),
5832:              and createAndWait(5) is not required."
5833: 
5834:         OBJECT      ipspIkeIdLastChanged
5835:         MIN-ACCESS  not-accessible
5836:         DESCRIPTION
5837:              "This object is optional so as not to impose an undue
5838:               burden on resource-constrained devices."
5839: 
5840:         OBJECT      ipspPeerIdRowStatus
5841:         SYNTAX      RowStatus {
5842:                 active(1), createAndGo(4), destroy(6)
5843:         }
5844:         DESCRIPTION
5845:             "Support of the values notInService(2), notReady(3),
5846:              and createAndWait(5) is not required."
5847: 
5848:         OBJECT      ipspPeerIdLastChanged
5849:         MIN-ACCESS  not-accessible
5850:         DESCRIPTION
5851:              "This object is optional so as not to impose an undue
5852:               burden on resource-constrained devices."
5853: 
5854:         OBJECT      ipspAutoIkeAddressType
5855:         SYNTAX      InetAddressType {
5856:                 ipv4(1), ipv6(2)
5857:         }
5858:         DESCRIPTION
5859:             "Only the ipv4 and ipv6 values make sense for this
5860:              object."
5861: 
5862:         OBJECT      ipspAutoIkeRowStatus
5863:         SYNTAX      RowStatus {
5864:                 active(1), createAndGo(4), destroy(6)
5865:         }
5866:         DESCRIPTION
5867:             "Support of the values notInService(2), notReady(3),
5868:              and createAndWait(5) is not required."
5869: 
5870:         OBJECT      ipspAutoIkeLastChanged
5871:         MIN-ACCESS  not-accessible
5872:         DESCRIPTION
5873:              "This object is optional so as not to impose an undue
5874:               burden on resource-constrained devices."
5875: 
5876:         OBJECT      ipspCmcDistributionPoint
5877:         MIN-ACCESS  read-only
5878:         DESCRIPTION
5879:              "Only read-only access is required for compliance."
5880: 
5881:         OBJECT      ipspCmcThisUpdate
5882:         MIN-ACCESS  read-only
5883:         DESCRIPTION
5884:              "Only read-only access is required for compliance."
5885: 
5886:         OBJECT      ipspCmcNextUpdate
5887:         MIN-ACCESS  read-only
5888:         DESCRIPTION
5889:             "Only read-only access is required for compliance."
5890: 
5891:         OBJECT      ipspCmcLastChanged
5892:         MIN-ACCESS  not-accessible
5893:         DESCRIPTION
5894:              "This object not required for compliance."
5895: 
5896:         OBJECT      ipspCmcStorageType
5897:         MIN-ACCESS  read-only
5898:         DESCRIPTION
5899:             "Only read-only access is required for compliance."
5900: 
5901:         OBJECT      ipspCmcRowStatus
5902:         SYNTAX      RowStatus {
5903:                 active(1), createAndGo(4), destroy(6)
5904:         }
5905:         MIN-ACCESS  read-only
5906:         DESCRIPTION
5907:             "Support of the values notInService(2), notReady(3),
5908:              and createAndWait(5) is not required. Only read-only
5909:              access is required for compliance."
5910: 
5911:         OBJECT      ipspRctRevokedDate
5912:         MIN-ACCESS  read-only
5913:         DESCRIPTION
5914:            "Only read-only access is required for compliance."
5915: 
5916:         OBJECT      ipspRctRevokedReason
5917:         MIN-ACCESS  read-only
5918:         DESCRIPTION
5919:            "Only read-only access is required for compliance."
5920: 
5921:         OBJECT      ipspRctLastChanged
5922:         MIN-ACCESS  not-accessible
5923:         DESCRIPTION
5924:              "This object not required for compliance."
5925: 
5926:         OBJECT      ipspRctStorageType
5927:         MIN-ACCESS  read-only
5928:         DESCRIPTION
5929:            "Only read-only access is required for compliance."
5930: 
5931:         OBJECT      ipspRctRowStatus
5932:         SYNTAX      RowStatus {
5933:                 active(1), createAndGo(4), destroy(6)
5934:         }
5935:         MIN-ACCESS  read-only
5936:         DESCRIPTION
5937:             "Support of the values notInService(2), notReady(3),
5938:              and createAndWait(5) is not required. Only read-only
5939:              access is required for compliance."
5940: 
5941:         OBJECT      ipspIcmsDistinguishedName
5942:         MIN-ACCESS  read-only
5943:         DESCRIPTION
5944:             "Only read-only access is required for compliance."
5945: 
5946:         OBJECT      ipspIcmsPolicyStatement
5947:         MIN-ACCESS  read-only
5948:         DESCRIPTION
5949:             "Only read-only access is required for compliance."
5950: 
5951:         OBJECT      ipspIcmsMaxChainLength
5952:         MIN-ACCESS  read-only
5953:         DESCRIPTION
5954:             "Only read-only access is required for compliance."
5955: 
5956:         OBJECT      ipspIcmsCredentialName
5957:         MIN-ACCESS  read-only
5958:         DESCRIPTION
5959:             "Only read-only access is required for compliance."
5960: 
5961:         OBJECT      ipspIcmsLastChanged
5962:         MIN-ACCESS  not-accessible
5963:         DESCRIPTION
5964:              "This object not required for compliance."
5965: 
5966:         OBJECT      ipspIcmsStorageType
5967:         MIN-ACCESS  read-only
5968:         DESCRIPTION
5969:             "Only read-only access is required for compliance."
5970: 
5971:         OBJECT      ipspIcmsRowStatus
5972:         SYNTAX      RowStatus {
5973:                 active(1), createAndGo(4), destroy(6)
5974:         }
5975:         MIN-ACCESS  read-only
5976:         DESCRIPTION
5977:             "Support of the values notInService(2), notReady(3),
5978:              and createAndWait(5) is not required. Only read-only
5979:              access is required for compliance."
5980: 
5981:         OBJECT      ipspCredRowStatus
5982:         SYNTAX      RowStatus {
5983:                 active(1), createAndGo(4), destroy(6)
5984:         }
5985:         DESCRIPTION
5986:             "Support of the values notInService(2), notReady(3),
5987:              and createAndWait(5) is not required."
5988: 
5989:         OBJECT      ipspCredLastChanged
5990:         MIN-ACCESS  not-accessible
5991:         DESCRIPTION
5992:              "This object is optional so as not to impose an undue
5993:               burden on resource-constrained devices."
5994: 
5995:         OBJECT      ipspCredSegRowStatus
5996:         SYNTAX      RowStatus {
5997:                 active(1), createAndGo(4), destroy(6)
5998:         }
5999:         DESCRIPTION
6000:             "Support of the values notInService(2), notReady(3),
6001:              and createAndWait(5) is not required."
6002: 
6003:         OBJECT      ipspCredSegLastChanged
6004:         MIN-ACCESS  not-accessible
6005:         DESCRIPTION
6006:              "This object is optional so as not to impose an undue
6007:               burden on resource-constrained devices."
6008: 
6009:     ::= { ipspCompliances 3 }
6010: 
6011: ipspLoggingCompliance MODULE-COMPLIANCE
6012:     STATUS      current
6013:     DESCRIPTION
6014:         "The compliance statement for SNMP entities that support
6015:          sending notifications when actions are invoked."
6016:     MODULE -- This Module
6017:         MANDATORY-GROUPS { ipspActionLoggingObjectGroup,
6018:                            ipspActionNotificationGroup }
6019: 
6020:     ::= { ipspCompliances 4 }
6021: 
6022: 
6023: --
6024: --
6025: -- Compliance Groups Definitions
6026: --
6027: --
6028: -- Endpoint, Rule, Filter Compliance Groups
6029: --
6030: 
6031: ipspEndpointGroup OBJECT-GROUP
6032:     OBJECTS {
6033:         ipspEndGroupName, ipspEndGroupLastChanged,
6034:         ipspEndGroupStorageType, ipspEndGroupRowStatus
6035:     }
6036:     STATUS current
6037:     DESCRIPTION
6038:         "The IPsec Policy Endpoint Table Group."
6039:     ::= { ipspGroups 1 }
6040: 
6041: ipspGroupContentsGroup OBJECT-GROUP
6042:     OBJECTS {
6043:         ipspGroupContComponentType, ipspGroupContFilter,
6044:         ipspGroupContComponentName, ipspGroupContLastChanged,
6045:         ipspGroupContStorageType, ipspGroupContRowStatus
6046:     }
6047:     STATUS current
6048:     DESCRIPTION
6049:         "The IPsec Policy Group Contents Table Group."
6050:     ::= { ipspGroups 2 }
6051: 
6052: ipspIpsecSystemPolicyNameGroup OBJECT-GROUP
6053:     OBJECTS {
6054:         ipspSystemPolicyGroupName
6055:     }
6056:     STATUS current
6057:     DESCRIPTION
6058:         "The System Policy Group Name Group."
6059:     ::= { ipspGroups 3}
6060: 
6061: ipspRuleDefinitionGroup OBJECT-GROUP
6062:     OBJECTS {
6063:         ipspRuleDefDescription, ipspRuleDefFilter,
6064:         ipspRuleDefFilterNegated, ipspRuleDefAction,
6065:         ipspRuleDefAdminStatus, ipspRuleDefLastChanged,
6066:         ipspRuleDefStorageType, ipspRuleDefRowStatus
6067:     }
6068:     STATUS current
6069:     DESCRIPTION
6070:         "The IPsec Policy Rule Definition Table Group."
6071:     ::= { ipspGroups 4 }
6072: 
6073: ipspCompoundFilterGroup OBJECT-GROUP
6074:     OBJECTS {
6075:         ipspCompFiltDescription, ipspCompFiltLogicType,
6076:         ipspCompFiltLastChanged, ipspCompFiltStorageType,
6077:         ipspCompFiltRowStatus, ipspSubFiltSubfilter,
6078:         ipspSubFiltSubfilterIsNegated, ipspSubFiltLastChanged,
6079:         ipspSubFiltStorageType, ipspSubFiltRowStatus
6080:     }
6081:     STATUS current
6082:     DESCRIPTION
6083:         "The IPsec Policy Compound Filter Table and Filters in
6084:          Compound Filters Table Group."
6085:     ::= { ipspGroups 5 }
6086: 
6087: ipspStaticFilterGroup OBJECT-GROUP
6088:         OBJECTS { ipspTrueFilter, ipspIkePhase1Filter,
6089:                   ipspIkePhase2Filter }
6090:      STATUS current
6091:      DESCRIPTION
6092:          "The static filter group.  Currently this is just a true
6093:           filter."
6094:     ::= { ipspGroups 6 }
6095: 
6096: ipspIPHeaderFilterGroup OBJECT-GROUP
6097:     OBJECTS {
6098:         ipspIpHeadFiltType, ipspIpHeadFiltIPVersion,
6099:         ipspIpHeadFiltSrcAddressBegin, ipspIpHeadFiltSrcAddressEnd,
6100:         ipspIpHeadFiltDstAddressBegin, ipspIpHeadFiltDstAddressEnd,
6101:         ipspIpHeadFiltSrcLowPort, ipspIpHeadFiltSrcHighPort,
6102:         ipspIpHeadFiltDstLowPort, ipspIpHeadFiltDstHighPort,
6103:         ipspIpHeadFiltProtocol, ipspIpHeadFiltIPv6FlowLabel,
6104:         ipspIpHeadFiltLastChanged, ipspIpHeadFiltStorageType,
6105:         ipspIpHeadFiltRowStatus
6106:     }
6107:     STATUS current
6108:     DESCRIPTION
6109:         "The IPsec Policy IP Header Filter Table Group."
6110:     ::= { ipspGroups 7 }
6111: 
6112: ipspIPOffsetFilterGroup OBJECT-GROUP
6113:     OBJECTS {
6114:         ipspIpOffFiltOffset, ipspIpOffFiltType, ipspIpOffFiltNumber,
6115:         ipspIpOffFiltValue, ipspIpOffFiltLastChanged,
6116:         ipspIpOffFiltStorageType, ipspIpOffFiltRowStatus
6117:     }
6118: 
6119:     STATUS current
6120:     DESCRIPTION
6121:         "The IPsec Policy IP Offset Filter Table Group."
6122:     ::= { ipspGroups 8 }
6123: 
6124: ipspTimeFilterGroup OBJECT-GROUP
6125:     OBJECTS {
6126:         ipspTimeFiltPeriodStart, ipspTimeFiltPeriodEnd,
6127:         ipspTimeFiltMonthOfYearMask, ipspTimeFiltDayOfMonthMask,
6128:         ipspTimeFiltDayOfWeekMask, ipspTimeFiltTimeOfDayMaskStart,
6129:         ipspTimeFiltTimeOfDayMaskEnd, ipspTimeFiltLastChanged,
6130:         ipspTimeFiltStorageType, ipspTimeFiltRowStatus
6131:     }
6132:     STATUS current
6133:     DESCRIPTION
6134:         "The IPsec Policy Time Filter Table Group."
6135:     ::= { ipspGroups 9 }
6136: 
6137: ipspIpsoHeaderFilterGroup OBJECT-GROUP
6138:     OBJECTS {
6139:         ipspIpsoHeadFiltType, ipspIpsoHeadFiltClassification,
6140:         ipspIpsoHeadFiltProtectionAuth, ipspIpsoHeadFiltLastChanged,
6141:         ipspIpsoHeadFiltStorageType, ipspIpsoHeadFiltRowStatus
6142:     }
6143:     STATUS current
6144:     DESCRIPTION
6145:         "The IPsec Policy IPSO Header Filter Table Group."
6146:     ::= { ipspGroups 10 }
6147: 
6148: ipspCredentialFilterGroup OBJECT-GROUP
6149:     OBJECTS {
6150:         ipspCredFiltCredentialType, ipspCredFiltMatchFieldName,
6151:         ipspCredFiltMatchFieldValue, ipspCredFiltAcceptCredFrom,
6152:         ipspCredFiltLastChanged, ipspCredFiltStorageType,
6153:         ipspCredFiltRowStatus,
6154: 
6155:         ipspCmcDistributionPoint, ipspCmcThisUpdate, ipspCmcNextUpdate,
6156:         ipspCmcLastChanged, ipspCmcStorageType, ipspCmcRowStatus,
6157: 
6158:         ipspRctRevokedDate, ipspRctRevokedReason,
6159:         ipspRctLastChanged, ipspRctStorageType, ipspRctRowStatus,
6160: 
6161:         ipspIcmsDistinguishedName, ipspIcmsPolicyStatement,
6162:         ipspIcmsMaxChainLength, ipspIcmsCredentialName,
6163:         ipspIcmsLastChanged, ipspIcmsStorageType, ipspIcmsRowStatus,
6164: 
6165:         ipspCredType, ipspCredCredential, ipspCredMngName, ipspCredSize,
6166:         ipspCredRemoteID, ipspCredAdminStatus, ipspCredLastChanged,
6167:         ipspCredStorageType, ipspCredRowStatus,
6168: 
6169:         ipspCredSegValue, ipspCredSegLastChanged,
6170:         ipspCredSegStorageType, ipspCredSegRowStatus
6171:     }
6172:     STATUS current
6173:     DESCRIPTION
6174:         "The IPsec Policy Credential Filter Table Group."
6175:     ::= { ipspGroups 11 }
6176: 
6177: ipspPeerIdFilterGroup OBJECT-GROUP
6178:     OBJECTS {
6179:         ipspPeerIdFiltIdentityType, ipspPeerIdFiltIdentityValue,
6180:         ipspPeerIdFiltLastChanged, ipspPeerIdFiltStorageType,
6181:         ipspPeerIdFiltRowStatus
6182:     }
6183:     STATUS current
6184:     DESCRIPTION
6185:         "The IPsec Policy Peer Identity Filter Table Group."
6186:     ::= { ipspGroups 12 }
6187: 
6188: --
6189: -- action compliance groups
6190: --
6191: 
6192: ipspCompoundActionGroup OBJECT-GROUP
6193:     OBJECTS {
6194:         ipspCompActExecutionStrategy, ipspCompActLastChanged,
6195:         ipspCompActStorageType,
6196: 
6197:         ipspCompActRowStatus, ipspSubActSubActionName,
6198:         aiipspCompActLastChanged, aiipspCompActStorageType,
6199:         aiipspCompActRowStatus
6200:     }
6201:     STATUS current
6202:     DESCRIPTION
6203:         "The IPsec Policy Compound Action Table and Actions In
6204:          Compound Action Table Group."
6205:     ::= { ipspGroups 13 }
6206: 
6207: ipspPreconfiguredGroup OBJECT-GROUP
6208:     OBJECTS {
6209:         ipspSaPreActActionDescription, ipspSaPreActActionLifetimeSec,
6210:         ipspSaPreActActionLifetimeKB, ipspSaPreActDoActionLogging,
6211:         ipspSaPreActDoPacketLogging, ipspSaPreActDFHandling,
6212:         ipspSaPreActActionType, ipspSaPreActAHSPI,
6213:         ipspSaPreActAHTransformName, ipspSaPreActAHSharedSecretName,
6214:         ipspSaPreActESPSPI, ipspSaPreActESPTransformName,
6215:         ipspSaPreActESPEncSecretName, ipspSaPreActESPAuthSecretName,
6216:         ipspSaPreActIPCompSPI, ipspSaPreActIPCompTransformName,
6217:         ipspSaPreActPeerGatewayIdName, ipspSaPreActLastChanged,
6218:         ipspSaPreActStorageType, ipspSaPreActRowStatus,
6219:         ipspAhTranMaxLifetimeSec, ipspAhTranMaxLifetimeKB,
6220:         ipspAhTranAlgorithm, ipspAhTranReplayProtection,
6221:         ipspAhTranReplayWindowSize, ipspAhTranLastChanged,
6222:         ipspAhTranStorageType,
6223: 
6224:         ipspEspTranMaxLifetimeSec, ipspEspTranMaxLifetimeKB,
6225:         ipspEspTranCipherTransformId, ipspEspTranCipherKeyLength,
6226:         ipspEspTranCipherKeyRounds, ipspEspTranIntegrityAlgorithmId,
6227:         ipspEspTranReplayPrevention, ipspEspTranReplayWindowSize,
6228:         ipspEspTranLastChanged, ipspEspTranStorageType,
6229:         ipspEspTranRowStatus,
6230: 
6231:         ipspIpcompTranDictionarySize, ipspIpcompTranMaxLifetimeSec,
6232:         ipspIpcompTranMaxLifetimeKB, ipspIpcompTranPrivateAlgorithm,
6233:         ipspIpcompTranLastChanged, ipspIpcompTranStorageType,
6234:         ipspIpcompTranRowStatus,
6235: 
6236:         ipspPeerIdValue, ipspPeerIdType, ipspPeerIdAddress,
6237:         ipspPeerIdAddressType, ipspPeerIdCredentialName,
6238:         ipspPeerIdLastChanged, ipspPeerIdStorageType,
6239:         ipspPeerIdRowStatus,
6240: 
6241:         ipspCredType, ipspCredCredential, ipspCredMngName, ipspCredSize,
6242:         ipspCredRemoteID, ipspCredAdminStatus, ipspCredLastChanged,
6243:         ipspCredStorageType, ipspCredRowStatus,
6244: 
6245:         ipspCredSegValue, ipspCredSegLastChanged,
6246:         ipspCredSegStorageType, ipspCredSegRowStatus
6247:     }
6248:     STATUS current
6249:     DESCRIPTION
6250:         "This group is the set of objects that support preconfigured
6251:          IPsec actions.  These objects are from The Preconfigured
6252:          Action Table.  This group also includes objects from the
6253:          shared tables: Peer Identity Table, Credential Table,
6254:          Credential Management Service Table and the AH, ESP, and
6255:          IPComp Transform Tables."
6256:     ::= { ipspGroups 14 }
6257: 
6258: ipspStaticActionGroup OBJECT-GROUP
6259:     OBJECTS {
6260:         ipspDropAction, ipspAcceptAction, ipspRejectIKEAction,
6261:         ipspDropActionLog, ipspAcceptActionLog, ipspRejectIKEActionLog
6262:     }
6263:     STATUS current
6264:     DESCRIPTION
6265:         "The IPsec Policy Static Actions Group."
6266:     ::= { ipspGroups 15 }
6267: 
6268: ipspIpsecGroup OBJECT-GROUP
6269:     OBJECTS {
6270:         ipspIpsecActParametersName, ipspIpsecActProposalsName,
6271:         ipspIpsecActUsePfs, ipspIpsecActVendorId, ipspIpsecActGroupId,
6272:         ipspIpsecActPeerGatewayIdName, ipspIpsecActUseIkeGroup,
6273:         ipspIpsecActGranularity, ipspIpsecActMode,
6274:         ipspIpsecActDFHandling, ipspIpsecActDoActionLogging,
6275:         ipspIpsecActDoPacketLogging, ipspIpsecActLastChanged,
6276:         ipspIpsecActStorageType, ipspIpsecActRowStatus,
6277: 
6278:         ipspIpsecPropTransformsName, ipspIpsecPropLastChanged,
6279:         ipspIpsecPropStorageType, ipspIpsecPropRowStatus,
6280: 
6281:         ipspIpsecTranTransformName, ipspIpsecTranLastChanged,
6282:         ipspIpsecTranStorageType, ipspIpsecTranRowStatus,
6283: 
6284:         ipspSaNegParamMinLifetimeSecs, ipspSaNegParamMinLifetimeKB,
6285:         ipspSaNegParamRefreshThreshSecs,
6286:         ipspSaNegParamRefreshThresholdKB,
6287:         ipspSaNegParamIdleDurationSecs, ipspSaNegParamLastChanged,
6288:         ipspSaNegParamStorageType, ipspSaNegParamRowStatus,
6289: 
6290:         ipspAhTranMaxLifetimeSec, ipspAhTranMaxLifetimeKB,
6291:         ipspAhTranAlgorithm, ipspAhTranReplayProtection,
6292:         ipspAhTranReplayWindowSize, ipspAhTranLastChanged,
6293:         ipspAhTranStorageType, ipspAhTranRowStatus,
6294: 
6295:         ipspEspTranMaxLifetimeSec, ipspEspTranMaxLifetimeKB,
6296:         ipspEspTranCipherTransformId, ipspEspTranCipherKeyLength,
6297:         ipspEspTranCipherKeyRounds, ipspEspTranIntegrityAlgorithmId,
6298:         ipspEspTranReplayPrevention, ipspEspTranReplayWindowSize,
6299:         ipspEspTranLastChanged, ipspEspTranStorageType,
6300:         ipspEspTranRowStatus,
6301: 
6302:         ipspIpcompTranDictionarySize, ipspIpcompTranAlgorithm,
6303:         ipspIpcompTranMaxLifetimeSec, ipspIpcompTranMaxLifetimeKB,
6304:         ipspIpcompTranPrivateAlgorithm, ipspIpcompTranLastChanged,
6305:         ipspIpcompTranStorageType, ipspIpcompTranRowStatus,
6306: 
6307:         ipspPeerIdValue, ipspPeerIdType, ipspPeerIdAddress,
6308:         ipspPeerIdAddressType, ipspPeerIdCredentialName,
6309:         ipspPeerIdLastChanged, ipspPeerIdStorageType,
6310:         ipspPeerIdRowStatus,
6311: 
6312:         ipspCredType, ipspCredCredential, ipspCredMngName, ipspCredSize,
6313:         ipspCredRemoteID, ipspCredAdminStatus, ipspCredLastChanged,
6314:         ipspCredStorageType, ipspCredRowStatus,
6315:         ipspCredSegValue, ipspCredSegLastChanged,
6316:         ipspCredSegStorageType, ipspCredSegRowStatus
6317:     }
6318:     STATUS current
6319:     DESCRIPTION
6320:         "This group is the set of objects that support IPsec
6321:          actions.  These objects are from The IPsec Policy IPsec
6322:          Actions Table, The IPsec Proposal Table, and The IPsec
6323:          Transform Table.  This group also includes objects from the
6324:          shared tables: Peer Identity Table, Credential Table,
6325:          Negotiation Parameters Table, Credential Management Service
6326:          Table and the AH, ESP, and IPComp Transform Table."
6327:     ::= { ipspGroups 16 }
6328: 
6329: ipspIkeGroup OBJECT-GROUP
6330:     OBJECTS {
6331:         ipspIkeActParametersName, ipspIkeActThresholdDerivedKeys,
6332:         ipspIkeActExchangeMode, ipspIkeActAgressiveModeGroupId,
6333:         ipspIkeActIdentityType, ipspIkeActIdentityContext,
6334:         ipspIkeActPeerName, ipspIkeActVendorId, ipspIkeActPropName,
6335:         ipspIkeActDoActionLogging, ipspIkeActDoPacketLogging,
6336:         ipspIkeActLastChanged, ipspIkeActStorageType,
6337:         ipspIkeActRowStatus,
6338: 
6339:         ipspIkeActPropLastChanged, ipspIkeActPropStorageType,
6340:         ipspIkeActPropRowStatus,
6341: 
6342:         ipspIkePropLifetimeDerivedKeys, ipspIkePropCipherAlgorithm,
6343:         ipspIkePropCipherKeyLength, ipspIkePropCipherKeyRounds,
6344:         ipspIkePropHashAlgorithm, ipspIkePropPrfAlgorithm,
6345:         ipspIkePropVendorId, ipspIkePropDhGroup,
6346:         ipspIkePropAuthenticationMethod, ipspIkePropMaxLifetimeSecs,
6347:         ipspIkePropMaxLifetimeKB, ipspIkePropProposalLastChanged,
6348:         ipspIkePropProposalStorageType, ipspIkePropProposalRowStatus,
6349: 
6350:         ipspSaNegParamMinLifetimeSecs, ipspSaNegParamMinLifetimeKB,
6351:         ipspSaNegParamRefreshThreshSecs,
6352:         ipspSaNegParamRefreshThresholdKB,
6353:         ipspSaNegParamIdleDurationSecs, ipspSaNegParamLastChanged,
6354:         ipspSaNegParamStorageType, ipspSaNegParamRowStatus,
6355: 
6356:         ipspIkeIdCredentialName,
6357:         ipspIkeIdLastChanged, ipspIkeIdStorageType, ipspIkeIdRowStatus,
6358: 
6359:         ipspAutoIkeAction, ipspAutoIkeAddressType,
6360:         ipspAutoIkeSourceAddress, ipspAutoIkeSourcePort,
6361:         ipspAutoIkeDestAddress, ipspAutoIkeDestPort,
6362:         ipspAutoIkeProtocol, ipspAutoIkeLastChanged,
6363:         ipspAutoIkeStorageType, ipspAutoIkeRowStatus,
6364: 
6365:         ipspPeerIdValue, ipspPeerIdType, ipspPeerIdAddress,
6366:         ipspPeerIdAddressType, ipspPeerIdCredentialName,
6367:         ipspPeerIdLastChanged, ipspPeerIdStorageType,
6368:         ipspPeerIdRowStatus,
6369: 
6370:         ipspCmcDistributionPoint, ipspCmcThisUpdate, ipspCmcNextUpdate,
6371:         ipspCmcLastChanged, ipspCmcStorageType, ipspCmcRowStatus,
6372: 
6373:         ipspRctRevokedDate, ipspRctRevokedReason,
6374:         ipspRctLastChanged, ipspRctStorageType, ipspRctRowStatus,
6375: 
6376:         ipspIcmsDistinguishedName, ipspIcmsPolicyStatement,
6377:         ipspIcmsMaxChainLength, ipspIcmsCredentialName,
6378:         ipspIcmsLastChanged, ipspIcmsStorageType, ipspIcmsRowStatus,
6379: 
6380:         ipspCredType, ipspCredCredential, ipspCredMngName, ipspCredSize,
6381:         ipspCredRemoteID, ipspCredAdminStatus, ipspCredLastChanged,
6382:         ipspCredStorageType, ipspCredRowStatus,
6383: 
6384:         ipspCredSegValue, ipspCredSegLastChanged,
6385:         ipspCredSegStorageType, ipspCredSegRowStatus
6386:     }
6387:     STATUS current
6388:     DESCRIPTION
6389:         "This group is the set of objects that support IKE
6390:          actions.  These objects are from The IPsec Policy IKE Action
6391:          Table, The IKE Action Proposals Table, The IKE Proposal
6392:          Table, The autostart IKE Table and The IKE Identity Table.
6393:          This group also includes objects from the shared tables: Peer
6394:          Identity Table, Credential Management Service Table and
6395:          Negotiation Parameters Table."
6396:     ::= { ipspGroups 17 }
6397: 
6398: ipspActionLoggingObjectGroup OBJECT-GROUP
6399:     OBJECTS {
6400:         ipspActionExecuted,
6401:         ipspIPInterfaceType,   ipspIPInterfaceAddress,
6402:         ipspIPSourceType,      ipspIPSourceAddress,
6403:         ipspIPDestinationType, ipspIPDestinationAddress,
6404:         ipspPacketDirection,   ipspPacketPart
6405:     }
6406:     STATUS current
6407:     DESCRIPTION
6408:         "Notification objects."
6409:     ::= { ipspGroups 18 }
6410: 
6411: ipspActionNotificationGroup NOTIFICATION-GROUP
6412:     NOTIFICATIONS {
6413:         ipspActionNotification,
6414:         ipspPacketNotification
6415:     }
6416:     STATUS current
6417:     DESCRIPTION
6418:             "Notifications."
6419:     ::= { ipspGroups 19 }
6420: 
6421: 
6422: END
6423: 
6424: -- 
6425: --     Copyright (C) The Internet Society (2003).  All Rights Reserved.
6426: -- 
6427: --     This document and translations of it may be copied and furnished to
6428: --     others, and derivative works that comment on or otherwise explain it
6429: --     or assist in its implementation may be prepared, copied, published
6430: --     and distributed, in whole or in part, without restriction of any
6431: --     kind, provided that the above copyright notice and this paragraph
6432: --     are included on all such copies and derivative works.  However, this
6433: --     document itself may not be modified in any way, such as by removing
6434: --     the copyright notice or references to the Internet Society or other
6435: --     Internet organizations, except as needed for the purpose of
6436: --     developing Internet standards in which case the procedures for
6437: --     copyrights defined in the Internet Standards process must be
6438: --     followed, or as required to translate it into languages other than
6439: --     English.
6440: -- 
6441: --     The limited permissions granted above are perpetual and will not be
6442: --     revoked by the Internet Society or its successors or assigns.
6443: -- 
6444: --     This document and the information contained herein is provided on an
6445: --     "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
6446: --     TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
6447: --     BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
6448: --     HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
6449: --     MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
6450: