You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > Cisco > CISCO-SSL-PROXY-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

CISCO-SSL-PROXY-MIB by vendor Cisco

CISCO-SSL-PROXY-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing CISCO-SSL-PROXY-MIB.


Vendor: Cisco
Mib: CISCO-SSL-PROXY-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
-- *****************************************************************
-- CISCO-SSL-PROXY-MIB.my: Cisco Secure Socket Layer Proxy MIB file
--
-- June 2003, Fatima Yu
--
-- Copyright (c) 2003 by cisco Systems, Inc.
-- All rights reserved.
-- *****************************************************************
--

CISCO-SSL-PROXY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, 
    OBJECT-TYPE, 
    NOTIFICATION-TYPE,
    Counter32,
    Gauge32,
    Integer32
        FROM SNMPv2-SMI
    NOTIFICATION-GROUP,
    MODULE-COMPLIANCE, 
    OBJECT-GROUP
        FROM SNMPv2-CONF
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    CiscoPort
        FROM CISCO-TC
    TimeStamp,
    RowStatus, 
    TruthValue
        FROM SNMPv2-TC
    ciscoMgmt              
        FROM CISCO-SMI
    InetAddressType,
    InetAddress
        FROM INET-ADDRESS-MIB;

    ciscoSslProxyMIB        MODULE-IDENTITY
        LAST-UPDATED        "200310270000Z"
        ORGANIZATION        "Cisco Systems, Inc."
        CONTACT-INFO
        "       Cisco Systems
                Customer Service

                Postal: 170 W Tasman Drive
                San Jose, CA  95134
                USA

                Tel: +1 800 553-NETS

                E-mail: cs-ssl@cisco.com" 
        DESCRIPTION
                "This MIB module is for managing a Secure Socket Layer
                (SSL) Proxy device which terminates and accelarates
                SSL and Transport Layer Security (TLS) transactions. 

                The proxy device can act as a SSL server or a SSL client
                depending on the configuration and the application.

                In one application, the device acts as a proxy SSL 
                server. It terminates SSL handshakes and TCP connections
                initiated by SSL clients. The device is configured with
                a key and a certificate bearing the identity of the SSL
                server. The device uses this identity to establish the 
                SSL session on behalf of the server, offloading the key
                establishment and data encryption and decryption work.

                After the SSL session has been successfully established
                between the client and the proxy device, the device 
                starts to receive and decrypt the encrypted data sent 
                from the client and forward to the server. The device 
                forwards the clear data to the server on a backend 
                connection. Clear data sent from the server is encrypted
                by the proxy device before it is forwarded to the SSL 
                client.
  
                Optionally, the proxy device is configured to reencrypt
                the decrypted data sent from the client to the server. 
                The proxy device acts as a SSL client to initiate a SSL
                session to the server. The decrypted data is encrypted 
                within this SSL session to be forwarded to the server. 
                The encrypted data sent from the server to the device 
                is decrypted and then reencrypted before it is 
                forwarded to the client.
 
                In another application, the proxy device forwards data
                generated by one or more sources to the destination 
                via a SSL session. The proxy device acts as a SSL 
                client and intiates a SSL session to the next hop 
                device. When data is received from the source, the 
                proxy device forwards the data to the next hop using 
                the SSL session.  The next hop can continue to forward 
                the data if it is not the destination.

                The proxy device supports a number of proxy services.
                Each proxy service defines the role of the proxy device,
                whether it acts as a SSL server or a SSL client. The 
                rest of the configuration include cryptographic and 
                protocol parameters.

                This MIB is used for monitoring the configuration, 
                statuses and statistics of the proxy services and 
                the protocols including TCP, SSL and TLS."

        REVISION            "200310270000Z"
        DESCRIPTION
                "Initial version of this MIB module."
        ::= { ciscoMgmt 370 }

--
--      Objects and groups in CISCO-SSL-PROXY-MIB
--

cspMIBNotifications       OBJECT IDENTIFIER ::= { ciscoSslProxyMIB 0 }
cspMIBObjects             OBJECT IDENTIFIER ::= { ciscoSslProxyMIB 1 }
cspMIBConformance         OBJECT IDENTIFIER ::= { ciscoSslProxyMIB 2 }

--
--      Objects and groups in cspMIBObjects
--

cspGlobalConfig            OBJECT IDENTIFIER ::= { cspMIBObjects 1 }
cspPsConfig                OBJECT IDENTIFIER ::= { cspMIBObjects 2 }
cspPsPolicyConfig          OBJECT IDENTIFIER ::= { cspMIBObjects 3 }
cspPsKeyCertConfig         OBJECT IDENTIFIER ::= { cspMIBObjects 4 }
cspTcpPolicyConfig         OBJECT IDENTIFIER ::= { cspMIBObjects 5 }
cspSslPolicyConfig         OBJECT IDENTIFIER ::= { cspMIBObjects 6 }
cspTcpCountersInfo         OBJECT IDENTIFIER ::= { cspMIBObjects 7 }
cspTcpCounters             OBJECT IDENTIFIER ::= { cspMIBObjects 8 }
cspSslCountersInfo         OBJECT IDENTIFIER ::= { cspMIBObjects 9 }
cspSslCounters             OBJECT IDENTIFIER ::= { cspMIBObjects 10}
cspSsl3Counters            OBJECT IDENTIFIER ::= { cspMIBObjects 11}
cspTls1Counters            OBJECT IDENTIFIER ::= { cspMIBObjects 12 }
cspSslCryptoCounters       OBJECT IDENTIFIER ::= { cspMIBObjects 13 }
cspSslErrorCounters        OBJECT IDENTIFIER ::= { cspMIBObjects 14 }
cspPsCounters              OBJECT IDENTIFIER ::= { cspMIBObjects 15 }
cspPsSsl3Counters          OBJECT IDENTIFIER ::= { cspMIBObjects 16 }
cspPsTls1Counters          OBJECT IDENTIFIER ::= { cspMIBObjects 17 }
cspCpuStatusInfo           OBJECT IDENTIFIER ::= { cspMIBObjects 18 }

    --
    --             The Global Configuration group              
    -- This group contains general configuration information
    -- for the SSL proxy device
    --

    cspGcVersion OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE(1..255)) 
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The version information of the SSL proxy device, for 
                display only."
        ::= { cspGlobalConfig 1 }

    cspGcFIPSMode OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "An indication of whether or not the proxy device is 
                operating in FIPS (Federal Information Processing 
                Standards) approved mode.

                If 'true', the proxy device is operating in FIPS mode.
                When the device operates in FIPS mode, only approved
                cryptographic algorithms and key strengths are enabled.
                Authentication and other security requirements of FIPS
                will also be enforced in this mode."
        REFERENCE
                "Federal Information Processing Standards Publication 
                140-2, Security Requirements for Cryptographic Modules."
        ::= { cspGlobalConfig 2 }

    cspGcRSArc4128md5 OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "An indication of whether or not the proxy device 
                supports the cipher suite RSA_WITH_RC4_128_MD5. 
                If 'true', the cipher suite is supported."
        REFERENCE  
                "1. RFC 2246, The TLS Protocol Version 1.0, A.5.
                 2. IETF Draft <draft-freier-ssl-version3-02.txt>,
                    The SSL Protocol Version 3.0, Appendix C."
        ::= { cspGlobalConfig 3 }

    cspGcRSArc4128sha OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "An indication of whether or not the proxy device 
                supports the cipher suite RSA_WITH_RC4_128_SHA. 
                If 'true', the cipher suite is supported."
        REFERENCE  
                "1. RFC 2246, The TLS Protocol Version 1.0, A.5.
                 2. IETF Draft <draft-freier-ssl-version3-02.txt>,
                    The SSL Protocol Version 3.0, Appendix C."
        ::= { cspGlobalConfig 4 }

    cspGcRSAdescbcsha OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "An indication of whether or not the proxy device 
                supports the cipher suite RSA_WITH_DES_CBC_SHA. 
                If 'true', the cipher suite is supported."
        REFERENCE  
                "1. RFC 2246, The TLS Protocol Version 1.0, A.5.
                 2. IETF Draft <draft-freier-ssl-version3-02.txt>,
                    The SSL Protocol Version 3.0, Appendix C."
        ::= { cspGlobalConfig 5 }

    cspGcRSA3descbcsha OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "An indication of whether or not the proxy device 
                supports the cipher suite RSA_WITH_3DES_EDE_CBC_SHA. 
                If 'true', the cipher suite is supported."
        REFERENCE  
                "1. RFC 2246, The TLS Protocol Version 1.0, A.5.
                 2. IETF Draft <draft-freier-ssl-version3-02.txt>,
                    The SSL Protocol Version 3.0, Appendix C."
        ::= { cspGlobalConfig 6 }

    cspGcNotifyProxyServOperStatus OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "An indication of whether or not a cspServOperStatus 
                notification should be issued when the operation
                status of proxy services changes.  

                If such a notification is desired, it is the 
                responsibility of the management entity to ensure that 
                the SNMP administrative model is configured in such a 
                way as to allow the notification to be delivered."
        DEFVAL { false }
        ::= { cspGlobalConfig 7 }

    cspGcNotifyPSCertExpiring OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "An indication of whether or not a cspServCertExpiring 
                notification should be issued when a proxy service 
                certificate will be expiring in the configured time 
                interval cspGcPSCertExpireInterval.

                If such a notification is desired, it is the 
                responsibility of the management entity to ensure that 
                the SNMP administrative model is configured in such a 
                way as to allow the notification to be delivered."
        DEFVAL { false }
        ::= { cspGlobalConfig 8 }

    cspGcPSCertExpireInterval OBJECT-TYPE
        SYNTAX     Integer32 (0..720)
        UNITS      "hours"
        MAX-ACCESS read-write
        STATUS     current
        DESCRIPTION
                "The proxy service certificate expiration time interval,
                used to determine when the cspServCertExpiring 
                notification should be issued if 
                cspGcNotifyPSCertExpiring is 'true'. 

                If this time interval is 0, no proxy service 
                certification expiration will be checked."
        DEFVAL { 0 }
        ::= { cspGlobalConfig 9 }

    --
    --           The Proxy Service configuration entries
    --

    cspPsTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF CspPsEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A list of proxy service configuration entries."
        ::= { cspPsConfig 1 }

    cspPsEntry OBJECT-TYPE
        SYNTAX     CspPsEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The proxy service configuration entry.

                Each entry indicates the name and the index of a proxy 
                service, and a set of configuration parameters to be 
                applied on this proxy service.

                A unique name can be assigned to each proxy service.
                Optionally, multiple proxy services can be grouped into
                a proxy list. All the services in a list have the
                same name, and each service is assigned a unique index
                within the list.

                Each proxy service has a virtual and a server address.
                This entry reports the address and port configuration,
                and the administrative and operational statuses of each 
                proxy service. If a service is not operational, the 
                reason for its being 'down' is also reported."
        INDEX   { cspPsName, cspPsListIndex }
        ::= { cspPsTable 1 }

    CspPsEntry ::=
        SEQUENCE {
            cspPsName               SnmpAdminString,
            cspPsListIndex          Integer32,
            cspPsServiceType        INTEGER,
            cspPsVirtualAddressType InetAddressType,
            cspPsVirtualAddress     InetAddress,
            cspPsVirtualPort        CiscoPort,
            cspPsServerAddressType  InetAddressType,
            cspPsServerAddress      InetAddress,
            cspPsServerPort         CiscoPort,
            cspPsAdminStatus        INTEGER,
            cspPsOperStatus         INTEGER,
            cspPsOperDownReason     INTEGER,
            cspPsConfigRowStatus    RowStatus
        }

    cspPsName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (1..50))
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The name of a proxy service. A unique name string 
                can be assigned to one proxy service or a list of 
                proxy services. 

                When the name is assigned to a list of proxy services, 
                each proxy service is identified by a unique index 
                within the list."
        ::= { cspPsEntry 1 }

    cspPsListIndex OBJECT-TYPE
        SYNTAX     Integer32 (0..256)
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The unique index of a proxy service within a list.

                If the cspPsName string is assigned to a list of 
                proxy services, this index is used to identify 
                a proxy service within the list.  

                If the cspPsName string is unique per proxy service, 
                this index is not used, and the value shall be 0."
        ::= { cspPsEntry 2 }

    cspPsServiceType OBJECT-TYPE
        SYNTAX     INTEGER {
                       server(1), -- Proxy is acting as SSL server
                       client(2)  -- Proxy is acting as SSL client 
                   }
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The type of proxy service: 'server(1)' or 'client(2)'.

                When servicing a 'server' type proxy service, the proxy 
                device acts as a SSL server. It terminates the SSL 
                handshake initiated by a SSL client, and forwards the 
                data sent from the client to the destination.

                When servicing a 'client' type proxy service, the proxy
                device acts as a SSL client. It initiates a SSL 
                handshake to a SSL server, and forwards data sent from 
                one or more data sources to the SSL server."
        DEFVAL { server }
        ::= { cspPsEntry 3 }

    cspPsVirtualAddressType OBJECT-TYPE
        SYNTAX     InetAddressType
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "An indication of the type of address contained in
                cspPsVirtualAddress."
        DEFVAL { ipv4 }
        ::= { cspPsEntry 4 }

    cspPsVirtualAddress OBJECT-TYPE
        SYNTAX     InetAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The virtual address. This address is used by the data 
                source to send data that can be received by the proxy
                device and forwarded to the destination."
        ::= { cspPsEntry 5 }

    cspPsVirtualPort OBJECT-TYPE
        SYNTAX     CiscoPort
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The virtual TCP port number. This port number is used 
                by the data source to send data that can be received
                by the proxy device and forwarded to the destination." 
        ::= { cspPsEntry 6 }

    cspPsServerAddressType OBJECT-TYPE        
        SYNTAX     InetAddressType
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "An indication of the type of address contained in 
                cspPsServerAddress."
        DEFVAL { ipv4 }
        ::= { cspPsEntry 7 }
    
    cspPsServerAddress OBJECT-TYPE        
        SYNTAX     InetAddress
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The server address. This address is used by the proxy 
                device to send or forward data to the destination."
        ::= { cspPsEntry 8 }

    cspPsServerPort OBJECT-TYPE
        SYNTAX     CiscoPort
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The server TCP port number. This port number is used 
                by the proxy device to send or forward data to the 
                destination."
        ::= { cspPsEntry 9 }

    cspPsAdminStatus OBJECT-TYPE
        SYNTAX     INTEGER {
                       up(1),
                       down(2)
                   }
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The administrative status of the proxy service.
                Each proxy service can be configured to be
                administratively 'up' or 'down'. If the Adminstrative
                Status is 'down', the service will not be operational."
        DEFVAL  { down }
        ::= { cspPsEntry 10 }

    cspPsOperStatus OBJECT-TYPE
        SYNTAX      INTEGER {
                       up(1),
                       down(2)
                    }
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION
                "The operational status of a proxy service.  For a 
                proxy service to be operational, its administrative 
                status needs to be 'up'.

                If the administrative status is 'up', the
                operational status will be changed from 'down' to 
                'up' automatically once all the required configuration 
                parameters and resources, including necessary keys and 
                certificates, become available.
               
                If one or more required resources are removed (e.g.
                the certificate has expired), the operational status 
                will be changed to 'down' automatically."
        ::= { cspPsEntry 11 }

    cspPsOperDownReason OBJECT-TYPE
        SYNTAX     INTEGER {
                       other(1),             -- Other reason
                       notApplicable(2),     -- Not applicable
                       noConnectivity(3),    -- No Connectivity
                       noVirtualAddr(4),     -- No Virtual Address
                       noServerAddr(5),      -- No Server Address
                       noCert(6),            -- NO Certificate
                       certNotConfigured(7)  -- Certificate Not 
                                             -- Configured
                   }       
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The reason for the operational status to be 'down'.
                Possible values are:
                other(1)            : Unknown or undefined reason,
                notApplicable(2)    : Administratively 'down',
                noConnectivity(3)   : No Connectivity to the client,
                                      the server, or the gateway,
                noVirtualAddr(4)    : Virtual Address not configured, 
                noServerAddr(5)     : Server Address not configured, 
                noCert(6)           : Certificate configured, but 
                                      invalid or missing,
                certNotConfigured(7): Certificate not configured."
        ::= { cspPsEntry 12 }

    cspPsConfigRowStatus OBJECT-TYPE
        SYNTAX     RowStatus
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The conceptual row status of the proxy service 
                configuration entry.

                An entry cannot have the status 'active' until values
                have been assigned to the following objects:
                    cspPsVirtualAddress, 
                    cspPsVirtualPort, 
                    cspPsServerAddress and 
                    cspPsServerPort. 
                This entry can be modified when the status is 'active'."
        ::= { cspPsEntry 13 }

    --
    --    The Proxy Service Policy configuration entries
    --

    cspPsPolicyTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF CspPsPolicyEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A list of proxy service policy configuration entries." 
        ::= { cspPsPolicyConfig 1 }

    cspPsPolicyEntry OBJECT-TYPE
        SYNTAX     CspPsPolicyEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The proxy service policy entry. Each proxy service 
                policy entry contains the name of each type of policy 
                configured for the proxy service.

                A policy is a set of configuration parameters and rules
                to observe for implementing a protocol or an operation. 

                One or more of the following policies can be configured
                for a proxy service:
                    TCP protocol policy for virtual connections,
                    TCP protocol policy for server connections,
                    SSL protocol policy, 
                    HTTP header insertion policy, and
                    URL rewrite policy."
        AUGMENTS { cspPsEntry }
        ::= { cspPsPolicyTable 1 }

    CspPsPolicyEntry ::=
        SEQUENCE {
            cspPspVirTcpPolicyName     SnmpAdminString,
            cspPspSerTcpPolicyName     SnmpAdminString,
            cspPspSslPolicyName        SnmpAdminString,
            cspPspHttpHdrPolicyName    SnmpAdminString,
            cspPspUrlRewritePolicyName SnmpAdminString
        }

    cspPspVirTcpPolicyName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The name of the TCP protocol policy configured for 
                the virtual side connections. If no TCP policy is 
                configured, the name will be a NULL string."
        ::= { cspPsPolicyEntry 1 }

    cspPspSerTcpPolicyName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The name of the TCP protocol policy configured for 
                the server side connections. If no TCP policy is 
                configured, the name will be a NULL string."
        ::= { cspPsPolicyEntry 2 }

    cspPspSslPolicyName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The name of the SSL protocol policy configured for 
                the SSL handshake and data encryption and decryption. 
                If no SSL policy is configured, the name will be a NULL 
                string."
        ::= { cspPsPolicyEntry 3 }

    cspPspHttpHdrPolicyName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The name of the HTTP header insertion policy. A number
                of fields can be inserted into the HTTP headers when 
                the proxy service is forwarding data. The policy
                specifies the header insertion parameters. If no policy
                is configured, the name will be a NULL string."
        ::= { cspPsPolicyEntry 4 }

    cspPspUrlRewritePolicyName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The name of the URL rewrite policy. The policy 
                specifies configuration parameters for rewriting URLs
                in HTTP headers and payload. If no policy is configured,
                the name will be a NULL string."
        ::= { cspPsPolicyEntry 5 }

    --
    --    The Proxy Service Key and Certificate configuration entries
    --

    cspPsKeyCertTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF CspPsKeyCertEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A list of proxy service key and certificate 
                configuration entries."
        ::= { cspPsKeyCertConfig 1 }

    cspPsKeyCertEntry OBJECT-TYPE
        SYNTAX     CspPsKeyCertEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The proxy service key and certificate configuration
                entry. This entry specifies the key usage, optionally 
                the trust point name, the certificate and the key file 
                names, the key size and time of generation or import, 
                and some important attributes of the certificate."
        INDEX   { cspPsName, cspPsListIndex, cspPskcKeyUsage }
        ::= { cspPsKeyCertTable 1 }

    CspPsKeyCertEntry ::=
        SEQUENCE {
            cspPskcKeyUsage                INTEGER, 
            cspPskcTrustPointName          SnmpAdminString,
            cspPskcCertFileName            SnmpAdminString,
            cspPskcKeyName                 SnmpAdminString,
            cspPskcKeyFileName             SnmpAdminString,
            cspPskcKeySize                 INTEGER,
            cspPskcKeyTime                 SnmpAdminString,
            cspPskcCertStatus              INTEGER,
            cspPskcCertSubjName            SnmpAdminString,
            cspPskcCertSerialNum           SnmpAdminString,
            cspPskcIssuerName              SnmpAdminString,
            cspPskcIssuerCertSerialNum     SnmpAdminString,
            cspPskcCertStartDate           SnmpAdminString,
            cspPskcCertEndDate             SnmpAdminString,
            cspPskcConfigRowStatus         RowStatus
        }

    cspPskcKeyUsage OBJECT-TYPE
        SYNTAX     INTEGER {
                       rsaSigning(1),       -- For signing only
                       rsaEncryption(2),    -- For encryption only
                       rsaGeneralPurpose(3) -- For general purpose
                   } 
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "An indication of the usage of a key assigned to a
                proxy service. Each proxy service can be assigned one 
                or more keys.

                The key can be used for signing only, for data 
                encryption and decryption only, or for general purpose 
                (that is, it can be used for both signing and data 
                encryption and decryption). 

                The following values are defined:
                rsaSigning(1)       : RSA key used for signing only,
                rsaEncryption(2)    : RSA key used for data encryption
                                      and decryption only,
                rsaGeneralPurpose(3): RSA key used for both signing and
                                      data encryption and decryption."
        ::= { cspPsKeyCertEntry 1 }

    cspPskcTrustPointName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The name of a trust point assigned to the proxy
                service. The trust point contains information that 
                can be used for certificate enrollment or for importing 
                keys and certificates.  

                A trust point may also contain identifying information
                about keys and certificates, and the path and the 
                protocol to be used for the proxy device to 
                communicate with a Certificate Authority which
                issues certificates for the proxy service. 
               
                If no trust point is assigned to the proxy service,
                the name will be a NULL string."
        ::= { cspPsKeyCertEntry 2 }

    cspPskcCertFileName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The name of the file storing the certificate.  If 
                there is no such file, the name will be a NULL string."
        ::= { cspPsKeyCertEntry 3 }

    cspPskcKeyName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The name of a key assigned to the proxy service.

                If there is no key assigned, the name will be a NULL
                string. If the key is stored in a file, the file name
                may be used to identify the key, and this name will be
                a NULL string."
        ::= { cspPsKeyCertEntry 4 }

    cspPskcKeyFileName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The name of the file storing the key. If there is no
                such file, the name will be a NULL string." 
        ::= { cspPsKeyCertEntry 5 }

    cspPskcKeySize OBJECT-TYPE
        SYNTAX     INTEGER {
                       other(1),   -- unspecified key size
                       rsa512(2),  -- 512-bit RSA key
                       rsa768(3),  -- 768-bit RSA key
                       rsa1024(4), -- 1024-bit RSA key
                       rsa1536(5), -- 1536-bit RSA key
                       rsa2048(6)  -- 2048-bit RSA key
                   }
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The size of the key.

                The following modulus sizes are defined for RSA keys: 
                512-bit, 768-bit, 1024-bit, 1536-bit and 2048-bit."
        ::= { cspPsKeyCertEntry 6 }

    cspPskcKeyTime OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..32))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The time of generation of the key, if known. If the key
                is imported to the proxy device, this time can indicate
                the time of import if the time of generation is unknown.

                If the time is not known, this will be a NULL string."
        ::= { cspPsKeyCertEntry 7 }

    cspPskcCertStatus OBJECT-TYPE
        SYNTAX     INTEGER {
                       valid(1),   -- within valid period
                       expired(2), -- has passed the end date
                       rollover(3) -- being renewed
                   }       
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The status of the certificate that is used to publish
                the public key.

                The following values are defined:
                    Valid(1)       : Certificate is valid,
                    Expired(2)     : Certificate has expired,
                    Rolling Over(3): Certificate is being renewed.

                Whether or not an expired certificate can be used for
                the proxy service is implementation specific."
        REFERENCE  
                "RFC 2459, Internet X.509 Public Key Infrastructure
                Certificate and CRL Profile, Section 4.1.2.5 about
                validity and Section 10 about key rollover" 
        ::= { cspPsKeyCertEntry 8 }

    cspPskcCertSubjName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The subject name of the certificate assigned to the
                proxy service. If there is no subject name on the 
                certificate, this will be a NULL string."
        REFERENCE  
                "RFC 2459, Internet X.509 Public Key Infrastructure
                Certificate and CRL Profile, Section 4.1.2.6" 
        ::= { cspPsKeyCertEntry 9 }

    cspPskcCertSerialNum OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The serial number of the certificate assigned to the
                proxy service. If there is no serial number on the
                certificate, this will be a NULL string."
        REFERENCE  
                "RFC 2459, Internet X.509 Public Key Infrastructure
                Certificate and CRL Profile, Section 4.1.2.2" 
        ::= { cspPsKeyCertEntry 10 }

    cspPskcIssuerName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The issuer name of the certificate assigned to the
                proxy service. If the issuer name of the certificate is
                not known, this will be a NULL string." 
        REFERENCE  
                "RFC 2459, Internet X.509 Public Key Infrastructure
                Certificate and CRL Profile, Section 5.1.2.3" 
        ::= { cspPsKeyCertEntry 11 }

    cspPskcIssuerCertSerialNum OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..255))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The serial number of the issuer's certificate.
                If the serial number of the issuer's certificate is not
                known, this will be a NULL string."
        REFERENCE  
                "RFC 2459, Internet X.509 Public Key Infrastructure
                Certificate and CRL Profile, Section 4.1.2.2 and
                Section 4.1.2.4" 
        ::= { cspPsKeyCertEntry 12 }

    cspPskcCertStartDate OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..32))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The time when the certificate starts to be valid,
                corresponding to the notBefore time on the certificate."
        REFERENCE  
                "RFC 2459, Internet X.509 Public Key Infrastructure
                Certificate and CRL Profile, Section 4.1.2.5" 
        ::= { cspPsKeyCertEntry 13 }

    cspPskcCertEndDate OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (0..32))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The time when the certificate validity ends,
                corresponding to the notAfter time on the certificate."
        REFERENCE  
                "RFC 2459, Internet X.509 Public Key Infrastructure
                Certificate and CRL Profile, Section 4.1.2.5" 
        ::= { cspPsKeyCertEntry 14 }

    cspPskcConfigRowStatus OBJECT-TYPE
        SYNTAX     RowStatus
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The conceptual row status of the proxy service key and 
                certificate configuration entry. This entry can be 
                modified when the status is 'active'."
        ::= { cspPsKeyCertEntry 15 }

    --
    --          The TCP Policy configuration entries
    --

    cspTcpPolicyTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF CspTcpPolicyEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A list of TCP Policy entries" 
        ::= { cspTcpPolicyConfig 1 }

    cspTcpPolicyEntry OBJECT-TYPE
        SYNTAX     CspTcpPolicyEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "TCP Policy configuration entry. Each entry defines 
                a set of TCP protocol parameters. A policy can be 
                applied to one or more proxy services."
        INDEX   { cspTpPolicyName }
        ::= { cspTcpPolicyTable 1 }

    CspTcpPolicyEntry ::=
        SEQUENCE {
            cspTpPolicyName        SnmpAdminString,
            cspTpSynTimeOut        Integer32,
            cspTpInActivityTimeOut Integer32,
            cspTpNagleAlgo         TruthValue,
            cspTpFinWaitTimeOut    Integer32,
            cspTpReassemTimeOut    Integer32,
            cspTpRcvBufShrLim      Integer32,
            cspTpTransBufShrLim    Integer32,
            cspTpMss               Integer32,
            cspTpPathMtuDisc       TruthValue,
            cspTpConfigRowStatus   RowStatus
        }

    cspTpPolicyName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (1..255))
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The unique name of a TCP policy."
        ::= { cspTcpPolicyEntry 1 }

    cspTpSynTimeOut OBJECT-TYPE
        SYNTAX     Integer32 (0..3600)
        UNITS      "seconds"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The TCP connection SYN timeout value. This is the
                amount of time the SSL proxy waits before failing the
                connection establishment attempt."
        DEFVAL { 75 }
        ::= { cspTcpPolicyEntry 2 }

    cspTpInActivityTimeOut OBJECT-TYPE
        SYNTAX     Integer32 (0..3600)
        UNITS      "seconds"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The TCP connection inactivity timeout value. This is
                the amount of time the SSL proxy waits for the next
                packet to arrive on a TCP connection, if no packet is 
                received within this period then the connection is 
                considered to be inactive and aborted."
        DEFVAL { 600 }
        ::= { cspTcpPolicyEntry 3 }

    cspTpNagleAlgo OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "If 'true', the Nagle Algorithm is enabled during the 
                SSL or TLS data phase to concatenate a number of small
                messages to avoid sending small messages into the 
                network."
        REFERENCE
                "RFC 896, Congestion Control in IP/TCP Internetworks"
        ::= { cspTcpPolicyEntry 4 }

    cspTpFinWaitTimeOut OBJECT-TYPE
        SYNTAX     Integer32 (0..3600)
        UNITS      "seconds"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The TCP connection FIN-WAIT2 state timeout value. 
                This  is the amount of time the SSL proxy waits
                for a FIN from the peer after it has initiated close
                and is in FIN-WAIT2 state."
        DEFVAL { 75 }
        ::= { cspTcpPolicyEntry 5 }

    cspTpReassemTimeOut OBJECT-TYPE
        SYNTAX     Integer32 (0..3600)
        UNITS      "seconds"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The TCP connection reassembly timeout value. This is
                the amount of time the SSL proxy waits during the TCP 
                out of order traffic reassembly process for the next
                expected in sequence segment to arrive."
        DEFVAL { 600 }
        ::= { cspTcpPolicyEntry 6 }

    cspTpRcvBufShrLim OBJECT-TYPE
        SYNTAX     Integer32 (8192..262144)
        UNITS      "bytes"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The receive buffer share limit per connection. This
                is used by SSL proxy to calculate the maximum window
                to advertise during the 3 way handshake, and is also
                the maximum share of the receive buffer pool that
                would be allocated for this connection."
        DEFVAL { 32768 }
        ::= { cspTcpPolicyEntry 7 }

    cspTpTransBufShrLim OBJECT-TYPE
        SYNTAX     Integer32 (8192..262144)
        UNITS      "bytes"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The transmit buffer share limit per connection. This
                is the maximum share of the send buffer pool that
                would be allocated for this connection."
        DEFVAL { 32768 }
        ::= { cspTcpPolicyEntry 8 }

    cspTpMss OBJECT-TYPE
        SYNTAX     Integer32 (256..1460)
        UNITS      "bytes"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The TCP maximum segment size. This is the MSS value
                offered by the SSL proxy during 3-way handshake"
        DEFVAL { 1460 }
        ::= { cspTcpPolicyEntry 9 }

    cspTpPathMtuDisc OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "If 'true', the Path MTU Discovery algorithm is 
                enabled."
        ::= { cspTcpPolicyEntry 10 }

    cspTpConfigRowStatus OBJECT-TYPE
        SYNTAX     RowStatus
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The conceptual row status of the TCP policy 
                configuration entry. This entry can be modified when 
                the status is 'active'."
        ::= { cspTcpPolicyEntry 11 }

    --
    --            The SSL Policy configuration entries
    --

    cspSslPolicyTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF CspSslPolicyEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A list of SSL protocol policy configuration entries."
        ::= { cspSslPolicyConfig 1 }

    cspSslPolicyEntry OBJECT-TYPE
        SYNTAX     CspSslPolicyEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A SSL policy defines a set of cipher suites to be 
                supported, and the SSL or TLS protocol parameters. 
                Each policy can be assigned to one or more proxy 
                services.  

                If no SSL policy is assigned to a proxy service, all 
                supported cipher suites and all protocol versions 
                will be enabled by default."
        INDEX   { cspSpPolicyName }
        ::= { cspSslPolicyTable 1 }

    CspSslPolicyEntry ::=
        SEQUENCE {
            cspSpPolicyName      SnmpAdminString,
            cspSpRSArc4128md5    TruthValue,
            cspSpRSArc4128sha    TruthValue,
            cspSpRSAdescbcsha    TruthValue,
            cspSpRSA3descbcsha   TruthValue,
            cspSpProtocol        INTEGER,
            cspSpCloseProtocol   TruthValue,
            cspSpSessionCache    Integer32,
            cspSpSessionTimeOut  Integer32,
            cspSpConfigRowStatus RowStatus
        }

    cspSpPolicyName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE (1..255))
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The unique name of a SSL protocol policy."
        ::= { cspSslPolicyEntry 1 }

    cspSpRSArc4128md5 OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "An indication of whether or not the cipher suite 
                RSA_WITH_RC4_128_MD5 is configured. If 'true', the
                cipher suite is configured."
        ::= { cspSslPolicyEntry 2 }

    cspSpRSArc4128sha OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "An indication of whether or not the cipher suite 
                RSA_WITH_RC4_128_SHA is configured. If 'true', the
                cipher suite is configured."
        ::= { cspSslPolicyEntry 3 }

    cspSpRSAdescbcsha OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "An indication of whether or not the cipher suite 
                RSA_WITH_DES_CBC_SHA is configured. If 'true', the
                cipher suite is configured."
        ::= { cspSslPolicyEntry 4 }

    cspSpRSA3descbcsha OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "An indication of whether or not the cipher suite 
                RSA_WITH_3DES_EDE_CBC_SHA is configured. If 'true',
                the cipher suite is configured."
        ::= { cspSslPolicyEntry 5 }

    cspSpProtocol OBJECT-TYPE
        SYNTAX     INTEGER {
                       other(1),      -- Other protocol
                       ssl3(2),       -- SSL 3.0 protocol
                       tls1(3),       -- TLS 1.0 protocol
                       ssl3AndTls1(4) -- SSL 3.0 and TLS 1.0 protocols
                   }
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The set of SSL and TLS protocols to be supported.

                The following values are defined:
                   other(1)        : An unspecified protocol,
                   SSL 3.0(2)      : Support SSL 3.0 protocol only, 
                   TLS 1.0(3)      : Support TLS 1.0 protocol only, 
                   ssl3AndTls1(3)  : Support both SSL 3.0 and TLS 1.0"
        REFERENCE  
                "1. RFC 2246, The TLS Protocol Version 1.0.
                 2. IETF Draft <draft-freier-ssl-version3-02.txt>,
                    The SSL Protocol Version 3.0"
        ::= { cspSslPolicyEntry 6 }

    cspSpCloseProtocol OBJECT-TYPE
        SYNTAX     TruthValue
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "An indication of whether or not the SSL close protocol
                is enforced.
                
                If 'true', the close protocol is enforced. A 
                close-notify alert message is sent to the peer, and a 
                close-notify alert message is expected from the peer. 

                If 'false', the close protocol is not enforced. The 
                proxy service sends a close-notify alert message to 
                the peer; however, the proxy service does not expect 
                a close-notify alert from the peer before tearing down 
                the session." 
        DEFVAL     { false }
        ::= { cspSslPolicyEntry 7}

    cspSpSessionCache OBJECT-TYPE
        SYNTAX     Integer32 (1..262143)
        UNITS      "bytes"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The SSL session cache size. The session cache is used
                to store a number of most recently used session 
                identifiers. 

                Session identifiers can be reused if a new connection
                requests to use a session identifier that is found in
                the cache. This object specifies the maximum size of
                the cache."
        ::= { cspSslPolicyEntry 8 }

    cspSpSessionTimeOut OBJECT-TYPE
        SYNTAX     Integer32 (0..72000)
        UNITS      "seconds"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The SSL session timeout value. The session entry
                will be removed from the session cache after the
                configured timeout. Once the session entry is 
                removed, subsequent connections cannot reuse the
                session.

                If this timeout value is 0, entries in the session 
                cache will not timeout."
        DEFVAL { 0 }
        ::= { cspSslPolicyEntry 9 }

    cspSpConfigRowStatus OBJECT-TYPE
        SYNTAX     RowStatus
        UNITS      "seconds"
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
                "The row status of the SSL policy configuration entry. 
                This entry can be modified when the status is 'active'."
        ::= { cspSslPolicyEntry 10 }

    --
    --           The TCP Counters 
    --

    cspTcpCountersClearTime OBJECT-TYPE
        SYNTAX     TimeStamp
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The last time when the TCP counters were cleared. 

                If the proxy device does not allow these counters to be 
                cleared, the timestamp should have a value of zero."
        ::= { cspTcpCountersInfo 1 }

    -- The TCP Global Counter group

    cspTcConnInit OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TCP connections initiated by the
                proxy device."
        ::= { cspTcpCounters 1 }

    cspTcConnAccept OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TCP connections accepted by the
                proxy device."
        ::= { cspTcpCounters 2 }

    cspTcConnEstab OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TCP connections established."
        ::= { cspTcpCounters 3 }
   
    cspTcConnDrop OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TCP connections dropped."
        ::= { cspTcpCounters 4 }

    cspTcConnClosed OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TCP connections closed."
        ::= { cspTcpCounters 5 }

    cspTcSynTimeOuts OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SYN timeouts."
        ::= { cspTcpCounters 6 }

    cspTcIdleTimeOuts OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of idle timeouts."
        ::= { cspTcpCounters 7 }

    cspTcTotalPktSent OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of packets"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TCP packets sent."
        ::= { cspTcpCounters 8 }

    cspTcDataPktSent OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of packets"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TCP data packets sent."
        ::= { cspTcpCounters 9 }

    cspTcDataByteSent OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "bytes"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total amount of data sent."
        ::= { cspTcpCounters 10 }

    cspTcTotalPktRcv OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of packets"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TCP packets received."
        ::= { cspTcpCounters 11 }

    cspTcPktRcvSeq OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of packets"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TCP data packets received in 
                sequence."
        ::= { cspTcpCounters 12 }

    cspTcByteRcvSeq OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "bytes"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total amount of data received in sequence."
        ::= { cspTcpCounters 13 }

    --
    --          The SSL Counters
    --

    --  Last time the SSL counters were cleared

    cspSslCountersClearTime OBJECT-TYPE
        SYNTAX     TimeStamp
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The last time when the SSL counters were cleared. 

                If the proxy device does not allow these counters to be
                cleared, the timestamp should have a value of zero."
        ::= { cspSslCountersInfo 1 }

    -- The SSL Global Counters group

    cspScConnAttempt OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL connections attempted."
        ::= { cspSslCounters 1 }

    cspScConnComplete OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL connections completed."
        ::= { cspSslCounters 2 }

    cspScConnInHandShake OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The number of SSL connections currently in handshake 
                phase."
        ::= { cspSslCounters 3 }
   
    cspScConnInDataPhase OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The number of SSL connections currently in data phase."
        ::= { cspSslCounters 4 }

    cspScRenegAttempt OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL renegotiations attempted."
        ::= { cspSslCounters 5 }

    cspScConnInReneg OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The number of SSL connections currently in 
                renegotiation phase"
        ::= { cspSslCounters 6 }

    cspScActiveSessions OBJECT-TYPE
        SYNTAX     Gauge32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The number of active SSL sessions. This number 
                indicates the number of valid session entries in
                the session cache."
        ::= { cspSslCounters 7 }

    cspScMaxHandShakeConns OBJECT-TYPE
        SYNTAX     Gauge32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "This indicates the maximum number of connections 
                present in handshake phase at any point of time"
        ::= { cspSslCounters 8 }

    cspScCurrDeviceQLen OBJECT-TYPE
        SYNTAX     Gauge32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The current device queue length. Indicates the number
                of requests pending with the device."
        ::= { cspSslCounters 9 }

    cspScMaxDeviceQLen OBJECT-TYPE
        SYNTAX     Gauge32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The maximum device queue length recorded. Indicates
                the maximum number of requests queued to the device
                at any point of time."
        ::= { cspSslCounters 10 }

    cspScSessionReuses OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The number of session reuses. Indicates the number
                of times the sessions got reused before the session
                timer expired."
        ::= { cspSslCounters 11 }


    -- The SSL 3.0 Protocol Counters group 

    cspS3cFullHandShake OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of full SSL 3.0 handshakes completed."
        ::= { cspSsl3Counters 1 }

    cspS3cResumedHandShake OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 resumed handshakes 
                completed."
        ::= { cspSsl3Counters 2 }

    cspS3cHandShakeFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections failed in 
                handshake phase."
        ::= { cspSsl3Counters 3 }
   
    cspS3cDataFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 sessions failed in 
                data phase."
        ::= { cspSsl3Counters 4 }

    cspS3cBadMacRcvd OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of received SSL 3.0 records 
                which have bad MAC (Message Authentication Code)."
        ::= { cspSsl3Counters 5 }

    cspS3cPadErrors OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of received SSL 3.0 records
                which have pad errors."
        ::= { cspSsl3Counters 6 }

    cspS3cRSArc4128md5 OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections which used 
                cipher suite RSA_WITH_RC4_128_MD5."
        ::= { cspSsl3Counters 7 }

    cspS3cRSArc4128sha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections which used 
                cipher suite RSA_WITH_RC4_128_SHA."
        ::= { cspSsl3Counters 8 }

    cspS3cRSAdescbcsha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections which used 
                cipher suite RSA_WITH_DES_CBC_SHA."
        ::= { cspSsl3Counters 9 }

    cspS3cRSA3desedecbcsha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections which used 
                cipher suite RSA_WITH_3DES_EDE_CBC_SHA."
        ::= { cspSsl3Counters 10 }


    -- The TLS 1.0 Protocol Counters group 

    cspTlcFullHandShake OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of full TLS 1.0 handshakes completed."
        ::= { cspTls1Counters 1 }

    cspTlcResumedHandShake OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of resumed TLS 1.0 handshakes
                completed."
        ::= { cspTls1Counters 2 }

    cspTlcHandShakeFailed OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections failed in 
                handshake phase."
        ::= { cspTls1Counters 3 }
   
    cspTlcDataFailed OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections failed in 
                data phase."
        ::= { cspTls1Counters 4 }

    cspTlcBadMacRcvd OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of received TLS 1.0 records
                which have bad MAC (Message Authentication Code."
        ::= { cspTls1Counters 5 }

    cspTlcPadErrors OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of received TLS 1.0 records
                which have pad errors."
        ::= { cspTls1Counters 6 }

    cspTlcRSArc4128md5 OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections which used 
                the cipher suite RSA_WITH_RC4_128_MD5."
        ::= { cspTls1Counters 7 }

    cspTlcRSArc4128sha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections which used 
                the cipher suite RSA_WITH_RC4_128_SHA."
        ::= { cspTls1Counters 8 }

    cspTlcRSAdescbcsha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections which used 
                the cipher suite RSA_WITH_DES_CBC_SHA."
        ::= { cspTls1Counters 9 }

    cspTlcRSA3desedecbcsha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections which used 
                the cipher suite RSA_WITH_3DES_EDE_CBC_SHA."
        ::= { cspTls1Counters 10 }

    -- The SSL Cryptographic Operations Counters group

    cspSccBlksEncrypted OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of data blocks that got encrypted."
        ::= { cspSslCryptoCounters 1 }

    cspSccBlksDecrypted OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of data blocks that got decrypted."
        ::= { cspSslCryptoCounters 2 }

    cspSccBytesEncrypted OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "bytes"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of bytes that got encrypted."
        ::= { cspSslCryptoCounters 3 }

    cspSccBytesDecrypted OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "bytes"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of bytes that got decrypted."
        ::= { cspSslCryptoCounters 4 }

    cspSccPublicKeyOpers OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of RSA public key operations 
                performed."
        ::= { cspSslCryptoCounters 5 }

    cspSccPrivateKeyOpers OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of RSA private key operations
                performed."
        ::= { cspSslCryptoCounters 6 }

    cspSccCryptoFails OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of failed cryptographic operations."
        ::= { cspSslCryptoCounters 7 }

    cspSccDmaErrors OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of cryptographic device DMA errors."
        ::= { cspSslCryptoCounters 8 }

    -- The SSL Error Counters group 

    cspSecSessAllocFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times SSL session could not
                be allocated."
        ::= { cspSslErrorCounters 1 }

    cspSecSessLimitExceed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times configured SSL session
                limit got exceeded. The new connections will be 
                rejected if the session limit is exceeded." 
        ::= { cspSslErrorCounters 2 }

    cspSecHShakeInitFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times SSL connections failed 
                even before the handshake phase got started. This
                typically indicates that there is some connectivity
                problem with the server."
        ::= { cspSslErrorCounters 3 }

    cspSecRenegFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times SSL renegotiation failed."
        ::= { cspSslErrorCounters 4 }

    cspSecFatalAlertsRcvd OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of fatal alerts received."
        REFERENCE  
                "1. RFC 2246, The TLS Protocol Version 1.0, A.3.
                 2. IETF Draft <draft-freier-ssl-version3-02.txt>,
                    The SSL Protocol Version 3.0, A.3."
        ::= { cspSslErrorCounters 5 }

    cspSecFatalAlertsSent OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of fatal alerts sent."
        REFERENCE  
                "1. RFC 2246, The TLS Protocol Version 1.0, A.3.
                 2. IETF Draft <draft-freier-ssl-version3-02.txt>,
                    The SSL Protocol Version 3.0, A.3."
        ::= { cspSslErrorCounters 6 }

    cspSecNoCipherAlerts OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of ALERT_HANDSHAKE_FAIL alerts sent
                due to unsupported cipher suites."
        REFERENCE  
                "1. RFC 2246, The TLS Protocol Version 1.0, A.3.
                 2. IETF Draft <draft-freier-ssl-version3-02.txt>,
                    The SSL Protocol Version 3.0, A.3."
        ::= { cspSslErrorCounters 7 }

    cspSecVerMismatchAlerts OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of ALERT_PROTOCOL_VERSION alerts 
                sent due to unsupported version number."
        REFERENCE  
                "1. RFC 2246, The TLS Protocol Version 1.0, A.3.
                 2. IETF Draft <draft-freier-ssl-version3-02.txt>,
                    The SSL Protocol Version 3.0, A.3."
        ::= { cspSslErrorCounters 8 }

    cspSecNoComprsnAlerts OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of ALERT_HANDSHAKE_FAIL alerts sent 
                due to unsupported compression scheme."
        REFERENCE  
                "1. RFC 2246, The TLS Protocol Version 1.0, A.3.
                 2. IETF Draft <draft-freier-ssl-version3-02.txt>,
                    The SSL Protocol Version 3.0, A.3."
        ::= { cspSslErrorCounters 9 }

    cspSecHShakeHndleMemFail OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of handshake handle memory allocation
                failure."
        ::= { cspSslErrorCounters 10 }

    cspSecStalePakDrop OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of stale packets dropped. Indicates
                the number of packets received after the SSL connection
                is torn down."
        ::= { cspSslErrorCounters 11 }

    cspSecServiceIdDiscard OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of connections rejected because of
                invalid service identifiers."
        ::= { cspSslErrorCounters 12 }

    cspSecHShakeLimitExceed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times simultaneous handshake 
                connection exceeded the capacity. The new connections 
                will be rejected if the total number of simultaneous
                handshake connections exceeds the limit."
        ::= { cspSslErrorCounters 13 }

    cspSecDevConnCtxtFail OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times device context could not
                be allocated."
        ::= { cspSslErrorCounters 14 }

    cspSecMemAllocFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times memory allocation failed."
        ::= { cspSslErrorCounters 15 }

    cspSecBuffAllocFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times buffer allocation failed."
        ::= { cspSslErrorCounters 16 }

    cspSecAlertSendFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of failure to send alerts. This is
                typically because of the memory allocation failure."
        ::= { cspSslErrorCounters 17 }

    cspSecOverloadDropped OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of connections rejected because
                of overload conditions. This indicates that the 
                incoming rate is higher than what can be handled."
        ::= { cspSslErrorCounters 18 }

    cspSecConnAborted OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL connections aborted."
        ::= { cspSslErrorCounters 19 }

    --
    --        The Proxy Service Counters 
    --

    -- The Proxy Service Global Counter table

    cspPsCountersTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF CspPsCounterEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A list of proxy service global counter entries"      
        ::= { cspPsCounters 1 }

    cspPsCounterEntry OBJECT-TYPE
        SYNTAX     CspPsCounterEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The proxy service global counter entry. Each entry
                displays the global SSL counters collected for a proxy 
                service."
        INDEX   { cspPsName, cspPsListIndex }
        ::= { cspPsCountersTable 1 }

    CspPsCounterEntry ::=
        SEQUENCE {
            cspPscClearTime              TimeStamp,
            cspPscConnAttempt            Counter32,
            cspPscConnComplete           Counter32,
            cspPscFullHandShake          Counter32,
            cspPscResumedHandShake       Counter32,
            cspPscConnInHandShake        Gauge32,
            cspPscConnInDataPhase        Gauge32,
            cspPscRenegAttempt           Counter32,
            cspPscConnInReneg            Gauge32,
            cspPscBlksEncrypted          Counter32,
            cspPscBlksDecrypted          Counter32,
            cspPscBytesEncrypted         Counter32,
            cspPscBytesDecrypted         Counter32,
            cspPscValidSessions          Counter32,
            cspPscSessLimitExceed        Counter32,
            cspPscHandShakeFailed        Counter32,
            cspPscDataFailed             Counter32,
            cspPscFatalAlertsRcvd        Counter32,
            cspPscFatalAlertsSent        Counter32,
            cspPscBadMacRcvd             Counter32,
            cspPscPadErrors              Counter32,
            cspPscNoCipherAlerts         Counter32,
            cspPscNoComprsnAlerts        Counter32,
            cspPscVerMismatchAlerts      Counter32
        }

    cspPscClearTime OBJECT-TYPE
        SYNTAX     TimeStamp
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The last time when counters in this entry were 
                cleared.

                If the proxy device does not allow these counters to be
                cleared, the timestamp should have a value of zero."
        ::= { cspPsCounterEntry 1 }

    cspPscConnAttempt OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL connections attempted."
        ::= { cspPsCounterEntry 2 }

    cspPscConnComplete OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL connections completed."
        ::= { cspPsCounterEntry 3 }

    cspPscFullHandShake OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of full handshakes completed."
        ::= { cspPsCounterEntry 4 }

    cspPscResumedHandShake OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of resumed handshakes completed."
        ::= { cspPsCounterEntry 5 }

    cspPscConnInHandShake OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The number of connections currently in handshake 
                phase."
        ::= { cspPsCounterEntry 6 }
   
    cspPscConnInDataPhase OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The number of connections currently in data phase."
        ::= { cspPsCounterEntry 7 }

    cspPscRenegAttempt OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL renegotiations attempted."
        ::= { cspPsCounterEntry 8 }

    cspPscConnInReneg OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The number of connections currently in renegotiation 
                phase."
        ::= { cspPsCounterEntry 9 }

    cspPscBlksEncrypted OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of data blocks that got encrypted."
        ::= { cspPsCounterEntry 10 }

    cspPscBlksDecrypted OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of data blocks that got decrypted."
        ::= { cspPsCounterEntry 11 }

    cspPscBytesEncrypted OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "bytes"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of bytes that got encrypted."
        ::= { cspPsCounterEntry 12 }

    cspPscBytesDecrypted OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "bytes"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of bytes that got decrypted."
        ::= { cspPsCounterEntry 13 }

    cspPscValidSessions OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of current valid sessions in the
                session cache."
        ::= { cspPsCounterEntry 14 }

    cspPscSessLimitExceed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times configured SSL session
                limit got exceeded. The new connections will be 
                rejected if the session limit is exceeded." 
        ::= { cspPsCounterEntry 15 }

    cspPscHandShakeFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times SSL connections failed 
                in handshake phase."
        ::= { cspPsCounterEntry 16 }
   
    cspPscDataFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of times SSL connections failed 
                in data phase."
        ::= { cspPsCounterEntry 17 }

    cspPscFatalAlertsRcvd OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of fatal alerts received."
        ::= { cspPsCounterEntry 18 }

    cspPscFatalAlertsSent OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of fatal alerts sent."
        ::= { cspPsCounterEntry 19 }

    cspPscBadMacRcvd OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of received SSL records which
                have bad MAC (Message Authentication Code)."
        ::= { cspPsCounterEntry 20 }

    cspPscPadErrors OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of received SSL records which
                have pad errors."
        ::= { cspPsCounterEntry 21 }

    cspPscNoCipherAlerts OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of alerts sent due to unsupported 
                cipher suites."
        ::= { cspPsCounterEntry 22 }

    cspPscNoComprsnAlerts OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of alerts sent due to unsupported
                compression scheme."
        ::= { cspPsCounterEntry 23 }

    cspPscVerMismatchAlerts OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of alerts sent due to unsupported 
                SSL or TLS version."
        ::= { cspPsCounterEntry 24 }

    --         The Proxy Service SSL 3.0 Protocol Counters

    cspPsSsl3CountersTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF CspPsSsl3CounterEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A list of proxy service SSL 3.0 counter entries."     
        ::= { cspPsSsl3Counters 1 }

    cspPsSsl3CounterEntry OBJECT-TYPE
        SYNTAX     CspPsSsl3CounterEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The proxy service SSL 3.0 counter entry. This entry
                reports the counters collected about the SSL 3.0 
                protocol for each proxy service."       
        INDEX   { cspPsName, cspPsListIndex }
        ::= { cspPsSsl3CountersTable 1 }

    CspPsSsl3CounterEntry ::=
        SEQUENCE {
            cspPs3cClearTime             TimeStamp,
            cspPs3cFullHandShake         Counter32,
            cspPs3cResumedHandShake      Counter32,
            cspPs3cHandShakeFailed       Counter32,
            cspPs3cDataFailed            Counter32,
            cspPs3cBadMacRcvd            Counter32,
            cspPs3cPadErrors             Counter32,
            cspPs3cRSArc4128md5          Counter32,
            cspPs3cRSArc4128sha          Counter32,
            cspPs3cRSAdescbcsha          Counter32,
            cspPs3cRSA3desedecbcsha      Counter32
        }

    cspPs3cClearTime OBJECT-TYPE
        SYNTAX     TimeStamp
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The last time when counters in this entry were cleared.

                If the proxy device does not allow these counters to be
                cleared, the timestamp should have the value of zero."
        ::= { cspPsSsl3CounterEntry 1 }

    cspPs3cFullHandShake OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 full handshakes completed."
        ::= { cspPsSsl3CounterEntry 2 }

    cspPs3cResumedHandShake OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 resumed handshakes 
                completed."
        ::= { cspPsSsl3CounterEntry 3 }

    cspPs3cHandShakeFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections failed in
                handshake phase."
        ::= { cspPsSsl3CounterEntry 4 }
   
    cspPs3cDataFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections failed in
                data phase."
        ::= { cspPsSsl3CounterEntry 5 }

    cspPs3cBadMacRcvd OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of received SSL 3.0 records 
                which have bad MAC (Message Authentication Code)."
        ::= { cspPsSsl3CounterEntry 6 }

    cspPs3cPadErrors OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of received SSL 3.0 records
                which have pad errors."
        ::= { cspPsSsl3CounterEntry 7 }

    cspPs3cRSArc4128md5 OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections that used the 
                cipher suite RSA_WITH_RC4_128_MD5."
        ::= { cspPsSsl3CounterEntry 8 }

    cspPs3cRSArc4128sha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections that used the 
                cipher suite RSA_WITH_RC4_128_SHA."
        ::= { cspPsSsl3CounterEntry 9 }

    cspPs3cRSAdescbcsha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections that used the 
                cipher suite RSA_WITH_DES_CBC_SHA."
        ::= { cspPsSsl3CounterEntry 10 }

    cspPs3cRSA3desedecbcsha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of SSL 3.0 connections that used the 
                cipher suite RSA_WITH_3DES_EDE_CBC_SHA."
        ::= { cspPsSsl3CounterEntry 11 }

    --          The Proxy Service TLS 1.0 Protocol Counters

    cspPsTls1CountersTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF CspPsTls1CounterEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A list of proxy service TLS 1.0 counter entries."
        ::= { cspPsTls1Counters 1 }

    cspPsTls1CounterEntry OBJECT-TYPE
        SYNTAX     CspPsTls1CounterEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The proxy service TLS 1.0 counter entry. This entry
                displays counters collected about the TLS 1.0 protocol 
                for each proxy service."
        INDEX   { cspPsName, cspPsListIndex }
        ::= { cspPsTls1CountersTable 1 }

    CspPsTls1CounterEntry ::=
        SEQUENCE {
            cspPt1cClearTime           TimeStamp,
            cspPt1cFullHandShake       Counter32,
            cspPt1cResumedHandShake    Counter32,
            cspPt1cHandShakeFailed     Counter32,
            cspPt1cDataFailed          Counter32,
            cspPt1cBadMacRcvd          Counter32,
            cspPt1cPadErrors           Counter32,
            cspPt1cRSArc4128md5        Counter32,
            cspPt1cRSArc4128sha        Counter32,
            cspPt1cRSAdescbcsha        Counter32,
            cspPt1cRSA3desedecbcsha    Counter32
        }

    cspPt1cClearTime OBJECT-TYPE
        SYNTAX     TimeStamp
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The last time when counters in this entry were cleared.

                If the proxy device does not allow these counters to be
                cleared, the timestamp should have a value of zero."
        ::= { cspPsTls1CounterEntry 1 }

    cspPt1cFullHandShake OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 full handshakes completed."
        ::= { cspPsTls1CounterEntry 2 }

    cspPt1cResumedHandShake OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 resumed handshakes 
                completed."
        ::= { cspPsTls1CounterEntry 3 }

    cspPt1cHandShakeFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections failed in
                handshake phase."
        ::= { cspPsTls1CounterEntry 4 }
   
    cspPt1cDataFailed OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections failed in
                data phase."
        ::= { cspPsTls1CounterEntry 5 }

    cspPt1cBadMacRcvd OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of received TLS 1.0 records 
                which have bad MAC (Message Authentication Code)."
        ::= { cspPsTls1CounterEntry 6 }

    cspPt1cPadErrors OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of received TLS 1.0 records
                which have pad errors."
        ::= { cspPsTls1CounterEntry 7 }

    cspPt1cRSArc4128md5 OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections that used the 
                cipher suite RSA_WITH_RC4_128_MD5."
        ::= { cspPsTls1CounterEntry 8 }

    cspPt1cRSArc4128sha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections that used the 
                cipher suite RSA_WITH_RC4_128_SHA."
        ::= { cspPsTls1CounterEntry 9 }

    cspPt1cRSAdescbcsha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections that used the 
                cipher suite RSA_WITH_DES_CBC_SHA."
        ::= { cspPsTls1CounterEntry 10 }

    cspPt1cRSA3desedecbcsha OBJECT-TYPE
        SYNTAX     Counter32
        UNITS      "number of connections"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The total number of TLS 1.0 connections that used the 
                cipher suite RSA_WITH_3DES_EDE_CBC_SHA."
        ::= { cspPsTls1CounterEntry 11 }

    --
    --         The CPU Status Information
    --

    cspCpuStatusTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF CspCpuStatusEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "A list of CPU status information entries."        
        ::= { cspCpuStatusInfo 1 }

    cspCpuStatusEntry OBJECT-TYPE
        SYNTAX     CspCpuStatusEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The CPU status information entry. Each entry displays
                the operational status and usage information about one 
                CPU on the proxy device. A proxy device can have one
                or more CPU's."  
        INDEX   { cspCpuName }
        ::= { cspCpuStatusTable 1 }

    CspCpuStatusEntry ::=
        SEQUENCE {
            cspCpuName                SnmpAdminString,
            cspCpuStatus              INTEGER,
            cspCpuClearTime           TimeStamp, 
            cspCpuProcessUtil         Gauge32,
            cspCpuInterruptUtil       Gauge32,
            cspCpuProcessUtilIn5Sec   Gauge32,
            cspCpuProcessUtilIn1Min   Gauge32,
            cspCpuProcessUtilIn5Min   Gauge32,
            cspCpuInterruptUtilIn5Sec Gauge32,
            cspCpuInterruptUtilIn1Min Gauge32,
            cspCpuInterruptUtilIn5Min Gauge32
        }

    cspCpuName OBJECT-TYPE
        SYNTAX     SnmpAdminString (SIZE(1..20))
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
                "The unique name of a CPU on the proxy device."
        ::= { cspCpuStatusEntry 1 }

    cspCpuStatus OBJECT-TYPE
        SYNTAX     INTEGER {
                       up(1),
                       down(2)
                   }
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The operational status of the CPU."
        ::= { cspCpuStatusEntry 2 }
 
    cspCpuClearTime OBJECT-TYPE
        SYNTAX     TimeStamp
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The last time when the CPU counters were cleared. 

                If the proxy device does not allow these counters to be
                cleared, the timestamp should have a value of zero."
        ::= { cspCpuStatusEntry 3 }

    cspCpuProcessUtil OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "percentage"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The percentage of CPU time utilized at process level."
        ::= { cspCpuStatusEntry 4 }

    cspCpuInterruptUtil OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "percentage"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The percentage of CPU time utilized at interrupt 
                level."
        ::= { cspCpuStatusEntry 5 }

    cspCpuProcessUtilIn5Sec OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "percentage"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The percentage of CPU time utilized at process level
                within the past five seconds."
        ::= { cspCpuStatusEntry 6 }

    cspCpuProcessUtilIn1Min OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "percentage"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The percentage of CPU time utilized at process level
                within the past minute."
        ::= { cspCpuStatusEntry 7 }

    cspCpuProcessUtilIn5Min OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "percentage"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The percentage of CPU time utilized at process level
                within the past five minutes."
        ::= { cspCpuStatusEntry 8 }

    cspCpuInterruptUtilIn5Sec OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "percentage"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The percentage of CPU time utilized at interrupt level 
                within the past five seconds."
        ::= { cspCpuStatusEntry 9 }

    cspCpuInterruptUtilIn1Min OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "percentage"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The percentage of CPU time utilized at interrupt level 
                within the past minute."
        ::= { cspCpuStatusEntry 10 }

    cspCpuInterruptUtilIn5Min OBJECT-TYPE
        SYNTAX     Gauge32
        UNITS      "percentage"
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The percentage of CPU time utilized at interrupt level 
                within the past five minutes."
        ::= { cspCpuStatusEntry 11 }

    --
    --       Notification Group
    --
        
    cspServOperStatus NOTIFICATION-TYPE
        OBJECTS { 
            cspPsOperStatus,
            cspPsOperDownReason
        }
        STATUS          current
        DESCRIPTION
                "The proxy service operation status change notification.

                When the Operation Status of a proxy service changes, 
                and cspGcNotifyProxyServOperStatus is 'true',
                a notification will be issued. The notification
                contains the current operation status and the down 
                reason of the proxy service." 
        ::= { cspMIBNotifications 1 }

    cspServCertExpiring NOTIFICATION-TYPE
        OBJECTS { 
            cspPskcCertSubjName,
            cspPskcCertSerialNum,
            cspPskcIssuerName,
            cspPskcIssuerCertSerialNum,
            cspPskcCertEndDate
        }
        STATUS          current
        DESCRIPTION
                "The proxy service certificate expiring notification.

                If the time interval cspGcPSCertExpireInterval is 
                positive, and cspGcNotifyPSCertExpiring is 'true', a 
                notification will be issued for every proxy service 
                certificate that will be expiring within this time 
                interval. 

                This notification is issued only once for each of 
                these certificates. If the interval is changed from a 
                positive value to 0, the proxy device will clear its 
                memory of notification issued in the past, and stop 
                issuing new notification.

                The notification contains the subject name, the
                serial number and the issuer name of the certificate,
                the serial number of the issuer's certificate,  
                and the end date on the certificate."
        ::= { cspMIBNotifications 2 }

    --
    --               Conformance Group
    --

    cspMIBCompliances OBJECT IDENTIFIER ::= 
                          { cspMIBConformance 1 }
    cspMIBGroups      OBJECT IDENTIFIER ::= 
                          { cspMIBConformance 2 }

    cspMIBCompliance MODULE-COMPLIANCE
        STATUS      current
        DESCRIPTION
                "The compliance statement for entities which
                implement the Cisco SSL Proxy MIB."
        MODULE
        MANDATORY-GROUPS { cspGlobalConfigGroup,
                           cspProxyServiceConfigGroup,
                           cspSslGroup,
                           cspSsl3Group,
                           cspTls1Group }

        GROUP       cspPolicyConfigGroup
        DESCRIPTION "This group is not mandatory." 

        GROUP       cspTcpGroup
        DESCRIPTION "This group is not mandatory." 

        GROUP       cspSslCryptoGroup
        DESCRIPTION "This group is not mandatory." 

        GROUP       cspSslErrorGroup
        DESCRIPTION "This group is not mandatory." 

        GROUP       cspProxyServiceStatsGroup
        DESCRIPTION "This group is not mandatory." 

        GROUP       cspProxyServiceSsl3Group
        DESCRIPTION "This group is not mandatory." 

        GROUP       cspProxyServiceTls1Group
        DESCRIPTION "This group is not mandatory." 

        GROUP       cspCpuStatusGroup
        DESCRIPTION "This group is not mandatory." 

        GROUP       cspProxyServiceNotificationGroup
        DESCRIPTION "This group is not mandatory." 

        OBJECT      cspGcFIPSMode
        MIN-ACCESS  read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT      cspGcNotifyProxyServOperStatus
        MIN-ACCESS  read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT      cspGcNotifyPSCertExpiring
        MIN-ACCESS  read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT      cspGcPSCertExpireInterval
        MIN-ACCESS  read-only
        DESCRIPTION
                "Write access is not required."

        OBJECT      cspPsServiceType
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPsVirtualAddressType
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPsVirtualAddress
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPsVirtualPort
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPsServerAddressType
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPsServerAddress
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPsServerPort
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPsAdminStatus
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPsConfigRowStatus
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPspVirTcpPolicyName
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPspSerTcpPolicyName
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPspSslPolicyName
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPspHttpHdrPolicyName
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPspUrlRewritePolicyName
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPskcTrustPointName
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPskcCertFileName
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPskcKeyName
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPskcKeyFileName
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspPskcConfigRowStatus
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspTpSynTimeOut
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspTpInActivityTimeOut
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspTpNagleAlgo
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspTpFinWaitTimeOut 
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspTpReassemTimeOut
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspTpRcvBufShrLim
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspTpTransBufShrLim
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspTpMss
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspTpPathMtuDisc
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspTpConfigRowStatus
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspSpRSArc4128md5
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspSpRSArc4128sha
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspSpRSAdescbcsha
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspSpRSA3descbcsha
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspSpProtocol
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspSpCloseProtocol
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspSpSessionCache
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspSpSessionTimeOut
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        OBJECT      cspSpConfigRowStatus
        MIN-ACCESS  read-only
        DESCRIPTION
                "Create/Write access is not required."

        ::= { cspMIBCompliances 1 }

    -- Units of Conformance

    cspGlobalConfigGroup OBJECT-GROUP
        OBJECTS  { 
            cspGcVersion, cspGcFIPSMode, cspGcRSArc4128md5, 
            cspGcRSArc4128sha, cspGcRSAdescbcsha, cspGcRSA3descbcsha,
            cspGcNotifyProxyServOperStatus, cspGcNotifyPSCertExpiring, 
            cspGcPSCertExpireInterval 
        }
        STATUS      current
        DESCRIPTION
                "A collection of global configuration objects." 
        ::= { cspMIBGroups 1 }

    cspProxyServiceConfigGroup OBJECT-GROUP
        OBJECTS  { 
            -- cspPsEntry
            cspPsServiceType, 
            cspPsVirtualAddressType, cspPsVirtualAddress, 
            cspPsVirtualPort, cspPsServerAddressType, 
            cspPsServerAddress, cspPsServerPort, cspPsAdminStatus, 
            cspPsOperStatus, cspPsOperDownReason, cspPsConfigRowStatus,
            -- cspPsPolicyEntry
            cspPspVirTcpPolicyName, cspPspSerTcpPolicyName, 
            cspPspSslPolicyName, cspPspHttpHdrPolicyName, 
            cspPspUrlRewritePolicyName, 
            -- cspPsKeyCertEntry
            cspPskcTrustPointName, 
            cspPskcCertFileName, cspPskcKeyName, cspPskcKeyFileName, 
            cspPskcKeySize, cspPskcKeyTime, cspPskcCertStatus, 
            cspPskcCertSubjName, cspPskcCertSerialNum, 
            cspPskcIssuerName, cspPskcIssuerCertSerialNum, 
            cspPskcCertStartDate, cspPskcCertEndDate, 
            cspPskcConfigRowStatus
        }
        STATUS      current
        DESCRIPTION
                "A collection of configuration objects for a proxy
                service."
        ::= { cspMIBGroups 2 }

    cspPolicyConfigGroup OBJECT-GROUP
        OBJECTS  { 
            -- cspTcpPolicyEntry 
            cspTpSynTimeOut, cspTpInActivityTimeOut, 
            cspTpNagleAlgo, cspTpFinWaitTimeOut, 
            cspTpReassemTimeOut, cspTpRcvBufShrLim, 
            cspTpTransBufShrLim, cspTpMss, cspTpPathMtuDisc,
            cspTpConfigRowStatus,
            -- cspSslPolicyEntry 
            cspSpRSArc4128md5, cspSpRSArc4128sha, 
            cspSpRSAdescbcsha, cspSpRSA3descbcsha, cspSpProtocol, 
            cspSpCloseProtocol, cspSpSessionCache, cspSpSessionTimeOut,
            cspSpConfigRowStatus 
        }
        STATUS      current
        DESCRIPTION
                "A collection of configuration objects for a policy."
        ::= { cspMIBGroups 3 }

    cspTcpGroup OBJECT-GROUP
        OBJECTS  { 
            cspTcpCountersClearTime, 
            -- cspTcpCounters 
            cspTcConnInit, cspTcConnAccept, cspTcConnEstab, 
            cspTcConnDrop, cspTcConnClosed, cspTcSynTimeOuts, 
            cspTcIdleTimeOuts, cspTcTotalPktSent, cspTcDataPktSent, 
            cspTcDataByteSent, cspTcTotalPktRcv, cspTcPktRcvSeq, 
            cspTcByteRcvSeq 
        }
        STATUS      current
        DESCRIPTION
                "A collection of TCP protocol objects." 
        ::= { cspMIBGroups 4 }

    cspSslGroup OBJECT-GROUP
        OBJECTS  { 
            cspSslCountersClearTime, 
            -- cspSslCounters 
            cspScConnAttempt, cspScConnComplete, cspScConnInHandShake, 
            cspScConnInDataPhase, cspScRenegAttempt, cspScConnInReneg, 
            cspScActiveSessions, cspScMaxHandShakeConns, 
            cspScCurrDeviceQLen, cspScMaxDeviceQLen, cspScSessionReuses
        }
        STATUS      current
        DESCRIPTION
                "A collection of SSL handshake protocol statistics." 
        ::= { cspMIBGroups 5 }

    cspSsl3Group OBJECT-GROUP
        OBJECTS  { 
            -- cspSsl3Counters 
            cspS3cFullHandShake, cspS3cResumedHandShake, 
            cspS3cHandShakeFailed, cspS3cDataFailed, cspS3cBadMacRcvd, 
            cspS3cPadErrors, cspS3cRSArc4128md5, cspS3cRSArc4128sha,
            cspS3cRSAdescbcsha, cspS3cRSA3desedecbcsha
        }
        STATUS      current
        DESCRIPTION
                "A collection of SSL 3.0 protocol statistics." 
        ::= { cspMIBGroups 6 }

    cspTls1Group OBJECT-GROUP
        OBJECTS  { 
            -- cspTls1Counters 
            cspTlcFullHandShake, cspTlcResumedHandShake, 
            cspTlcHandShakeFailed, cspTlcDataFailed, cspTlcBadMacRcvd, 
            cspTlcPadErrors, cspTlcRSArc4128md5, cspTlcRSArc4128sha,
            cspTlcRSAdescbcsha, cspTlcRSA3desedecbcsha
        }
        STATUS      current
        DESCRIPTION
                "A collection of TLS 1.0 protocol statistics." 
        ::= { cspMIBGroups 7 }

    cspSslCryptoGroup OBJECT-GROUP
        OBJECTS  { 
            -- cspSslCryptoCounters
            cspSccBlksEncrypted, cspSccBlksDecrypted, 
            cspSccBytesEncrypted, cspSccBytesDecrypted, 
            cspSccPublicKeyOpers, cspSccPrivateKeyOpers, 
            cspSccCryptoFails, cspSccDmaErrors
        }
        STATUS      current
        DESCRIPTION
                "A collection of cryptographic statistics." 
        ::= { cspMIBGroups 8 }

    cspSslErrorGroup OBJECT-GROUP
        OBJECTS  { 
            -- cspSslErrorCounters
            cspSecSessAllocFailed, cspSecSessLimitExceed, 
            cspSecHShakeInitFailed, cspSecRenegFailed, 
            cspSecFatalAlertsRcvd, cspSecFatalAlertsSent, 
            cspSecNoCipherAlerts, cspSecVerMismatchAlerts, 
            cspSecNoComprsnAlerts, cspSecHShakeHndleMemFail, 
            cspSecStalePakDrop, cspSecServiceIdDiscard, 
            cspSecHShakeLimitExceed, cspSecDevConnCtxtFail, 
            cspSecMemAllocFailed, cspSecBuffAllocFailed, 
            cspSecAlertSendFailed, cspSecOverloadDropped, 
            cspSecConnAborted 
        }
        STATUS      current
        DESCRIPTION
                "A collection of SSL protocol error counters."
        ::= { cspMIBGroups 9 }

    cspProxyServiceStatsGroup OBJECT-GROUP
        OBJECTS  { 
            -- cspPsCounterEntry
            cspPscClearTime, cspPscConnAttempt, cspPscConnComplete, 
            cspPscFullHandShake, cspPscResumedHandShake, 
            cspPscConnInHandShake, cspPscConnInDataPhase, 
            cspPscRenegAttempt, cspPscConnInReneg, cspPscBlksEncrypted,
            cspPscBlksDecrypted, cspPscBytesEncrypted, 
            cspPscBytesDecrypted, cspPscValidSessions, 
            cspPscSessLimitExceed, cspPscHandShakeFailed, 
            cspPscDataFailed, cspPscFatalAlertsRcvd, 
            cspPscFatalAlertsSent, cspPscBadMacRcvd, cspPscPadErrors,
            cspPscNoCipherAlerts, cspPscNoComprsnAlerts, 
            cspPscVerMismatchAlerts
        }
        STATUS      current
        DESCRIPTION
                "A collection of proxy service statistics."
        ::= { cspMIBGroups 10 }

    cspProxyServiceSsl3Group OBJECT-GROUP
        OBJECTS  { 
            -- cspPsSsl3CounterEntry 
            cspPs3cClearTime, cspPs3cFullHandShake, 
            cspPs3cResumedHandShake, cspPs3cHandShakeFailed, 
            cspPs3cDataFailed, cspPs3cBadMacRcvd, cspPs3cPadErrors,
            cspPs3cRSArc4128md5, cspPs3cRSArc4128sha, 
            cspPs3cRSAdescbcsha, cspPs3cRSA3desedecbcsha
        }
        STATUS      current
        DESCRIPTION
                "A collection of SSL 3.0 statistics for a proxy 
                service."
        ::= { cspMIBGroups 11 }

    cspProxyServiceTls1Group OBJECT-GROUP
        OBJECTS  { 
            -- cspPsTls1CounterEntry 
            cspPt1cClearTime, cspPt1cFullHandShake, 
            cspPt1cResumedHandShake, cspPt1cHandShakeFailed, 
            cspPt1cDataFailed, cspPt1cBadMacRcvd, cspPt1cPadErrors, 
            cspPt1cRSArc4128md5, cspPt1cRSArc4128sha, 
            cspPt1cRSAdescbcsha, cspPt1cRSA3desedecbcsha 
        }
        STATUS      current
        DESCRIPTION
                "A collection of TLS 1.0 statistics for a proxy 
                service."
        ::= { cspMIBGroups 12 }

    cspCpuStatusGroup OBJECT-GROUP
        OBJECTS  { 
            -- cspCpuStatusEntry 
            cspCpuStatus, cspCpuClearTime, 
            cspCpuProcessUtil, cspCpuInterruptUtil, 
            cspCpuProcessUtilIn5Sec, cspCpuProcessUtilIn1Min, 
            cspCpuProcessUtilIn5Min, cspCpuInterruptUtilIn5Sec, 
            cspCpuInterruptUtilIn1Min, cspCpuInterruptUtilIn5Min 
        }
        STATUS      current
        DESCRIPTION
                "A collection of statuses and usage information about 
                each CPU on the SSL proxy device."
        ::= { cspMIBGroups 13 }

    cspProxyServiceNotificationGroup NOTIFICATION-GROUP
        NOTIFICATIONS  { 
            cspServOperStatus,
            cspServCertExpiring 
        }
        STATUS      current
        DESCRIPTION
                "A collection of notifications for signaling important
                proxy service events."
        ::= { cspMIBGroups 14 }
END