AD | Application | AWS | Azure | Cloud | Database | Enterprise | Environmental | Event Log | File System | IoT | IT Service | Network/System | Infra | Performance | Protocol | SaaS | Security | Service Level | Storage | Linux | VMware | VoIP | Web | Wireless | SNMP

Crumbtrail

MonitorTools.com » Technical documentation » SNMP » MIB » Cisco » CISCO-IPSEC-FLOW-MONITOR-MIB

CISCO-IPSEC-FLOW-MONITOR-MIB device MIB details by Cisco

CISCO-IPSEC-FLOW-MONITOR-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing CISCO-IPSEC-FLOW-MONITOR-MIB.


Vendor: Cisco
Mib: CISCO-IPSEC-FLOW-MONITOR-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2024 [download]    (ships with advanced SNMP/MIB tools)
-- * $Source$
-- *********
-- *------------------------------------------------------------------
-- * CISCO-IPSEC-FLOW-MONITOR-MIB.my:  IPSec Flow Monitoring MIB.
-- *
-- * April 2000, S Ramakrishnan
-- *
-- * Copyright (c) 2000 by Cisco Systems, Inc.
-- * All rights reserved.
-- *
-- *------------------------------------------------------------------

CISCO-IPSEC-FLOW-MONITOR-MIB DEFINITIONS ::= BEGIN

  -- PREFACE:
  -- CISCO-IPSEC-FLOW-MONITOR-MIB Module models
  -- counters and objects that are of
  -- management interest in a standard IPSec
  -- implementation. The MIB does not define
  -- vendor-specific IPSec attributes. This has
  -- been proposed as an IETF IPSec Working Group Draft 
  -- (I-D).

   IMPORTS
      MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
      Counter32, Counter64, Gauge32, Integer32
        FROM SNMPv2-SMI
      TEXTUAL-CONVENTION, DisplayString, TimeStamp,
      TimeInterval, TruthValue
        FROM SNMPv2-TC
      MODULE-COMPLIANCE, OBJECT-GROUP
        FROM SNMPv2-CONF
      Unsigned32
        FROM CISCO-TC
      ciscoMgmt FROM CISCO-SMI;


   ciscoIpSecFlowMonitorMIB MODULE-IDENTITY
      LAST-UPDATED "200010131800Z"
      ORGANIZATION "Tivoli Systems and Cisco Systems"
      CONTACT-INFO
         "Tivoli Systems
          Research Triangle Park, NC

          Cisco Systems
          170 W Tasman Drive
          San Jose, CA  95134
          USA

          Tel: +1 800 553-NETS
          E-mail: cs-ipsecurity@cisco.com"

 DESCRIPTION
         "This is a MIB Module for monitoring the 
   structures in IPSec-based Virtual Private Networks.
   The MIB has been designed to be adopted as an IETF
   standard. Hence Cisco-specific features of IPSec
   protocol are excluded from this MIB. 

   Acronyms
   The following acronyms are used in this document:

    IPSec:      Secure IP Protocol

    VPN:        Virtual Private Network

    ISAKMP:     Internet Security Association and Key Exchange
                Protocol

    IKE:        Internet Key Exchange Protocol

    SA:         Security Association

    MM:         Main Mode - the process of setting up
                a Phase 1 SA to secure the exchanges
                required to setup Phase 2 SAs

    QM:         Quick Mode - the process of setting up
                Phase 2 Security Associations using 
                a Phase 1 SA.
    

    Overview of IPsec MIB

 The MIB contains six major groups of objects which are
 used to manage the IPSec Protocol. These groups include
 a Levels Group, a Phase-1 Group, a Phase-2 Group,
 a History Group, a Failure Group and a TRAP Control Group.
 The following table illustrates the structure of the
 IPSec MIB.

 The Phase 1 group models objects pertaining to
 IKE negotiations and tunnels.

 The Phase 2 group models objects pertaining to
 IPSec data tunnels.

 The History group is to aid applications that do
 trending analysis.

 The Failure group is to enable an operator to
 do troubleshooting and debugging of the VPN Router.
 Further, counters are supported to aid Intrusion 
 Detection.

 In addition to the five major MIB Groups, there are
 a number of Notifications. The following table
 illustrates the name and description of the 
 IPSec TRAPs.

 For a detailed discussion, please refer to the IETF
 draft draft-ietf-ipsec-flow-monitoring-mib-00.txt.
      "

        REVISION "200010131800Z"
        DESCRIPTION
                "Changed cipSecSpiValue to Unsigned32.
                 Changed Protocol ranges to
                 start at 0 instead of 1.
                 Removed comment(s) incorrectly indicating
                 this MIB was CiscoExperiment."

        REVISION "200008171259Z"
        DESCRIPTION
                "Initial version of this MIB module."

      ::= { ciscoMgmt 171 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++
-- Local Textual Conventions
-- +++++++++++++++++++++++++++++++++++++++++++++++++++
   IPSIpAddress ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "An IP V4 or V6 Address."
      SYNTAX  OCTET STRING(SIZE(4 | 16)) 
                    -- IP V4 or V6 Address

   IkePeerType  ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The type of IPsec Phase-1 IKE peer identity.  
         The IKE peer may be identified by:
          1. an IP address, or
          2. a host name."
      SYNTAX INTEGER {
                ipAddrPeer(1),
                namePeer(2)
             }

   IkeNegoMode  ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The IPsec Phase-1 IKE negotiation mode."
      SYNTAX INTEGER {
                main(1),
                aggressive(2)
             }

   IkeHashAlgo   ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The hash algorithm used in IPsec Phase-1 
         IKE negotiations."
      SYNTAX INTEGER {
                none(1),
                md5(2),
                sha(3)
             }

   IkeAuthMethod ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The authentication method used in IPsec Phase-1 IKE
          negotiations."
      SYNTAX INTEGER {
                none(1),
                preSharedKey(2),
                rsaSig(3),
                rsaEncrypt(4),
                revPublicKey(5)
             }

   DiffHellmanGrp ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The Diffie Hellman Group used in negotiations."
      SYNTAX INTEGER {
                none(1),
                dhGroup1(2),
                dhGroup2(3)
             }

   KeyType    ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The type of key used by an IPsec Phase-2 Tunnel."
      SYNTAX INTEGER{
               ike(1),
               manual(2)
             }

   EncapMode  ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The encapsulation mode used by an IPsec Phase-2 
         Tunnel."
      SYNTAX INTEGER{
               tunnel(1),
               transport(2)
             }

   EncryptAlgo   ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The encryption algorithm used in negotiations."
      SYNTAX INTEGER {
                none(1),
                des(2),
                des3(3)
             }

   AuthAlgo      ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The authentication algorithm used by a
          security association of an IPsec Phase-2 Tunnel."
      SYNTAX INTEGER{
                none(1),
                hmacMd5(2),
                hmacSha(3)
             }

   CompAlgo      ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The compression algorithm used by a
          security association of an IPsec Phase-2 Tunnel."
      SYNTAX INTEGER{
                none(1),
                ldf(2)
             }

   EndPtType     ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The type of identity use to specify an IPsec End Point."
      SYNTAX INTEGER {
                singleIpAddr(1),
                ipAddrRange(2),
                ipSubnet(3)
             }

   TunnelStatus  ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The status of a Tunnel.  Objects of this type may
          be used to bring the tunnel down by setting
          value of this object to destroy(2).  Objects of this
          type cannot be used to create a Tunnel."
      SYNTAX INTEGER {
                active(1),
                destroy(2)
             }

   TrapStatus    ::= TEXTUAL-CONVENTION
      STATUS     current
      DESCRIPTION
         "The administrative status for sending a TRAP."
      SYNTAX INTEGER {
                enabled(1),
                disabled(2)
             }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec MIB Object Groups
--
-- This MIB module contains the following groups:
-- 1) IPsec Levels Group
-- 2) IPsec Phase-1 Group
-- 3) IPsec Phase-2 Group
-- 4) IPsec History Group
-- 5) IPsec Failure Group
-- 6) IPsec TRAP Control Group
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++

   cipSecMIBObjects OBJECT IDENTIFIER  ::= 
                {ciscoIpSecFlowMonitorMIB 1}

   cipSecLevels OBJECT IDENTIFIER  
                  ::= { cipSecMIBObjects 1 }
   cipSecPhaseOne OBJECT IDENTIFIER  
                  ::= { cipSecMIBObjects 2 }
   cipSecPhaseTwo           OBJECT IDENTIFIER  
                  ::= { cipSecMIBObjects 3 }
   cipSecHistory            OBJECT IDENTIFIER  
                  ::= { cipSecMIBObjects 4 }
   cipSecFailures           OBJECT IDENTIFIER  
                  ::= { cipSecMIBObjects 5 }
   cipSecTrapCntl           OBJECT IDENTIFIER  
                  ::= { cipSecMIBObjects 6 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Levels Group
--
-- This group consists of a:
-- 1) IPsec MIB Level
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++

   cipSecMibLevel OBJECT-TYPE
      SYNTAX Integer32 (1..4096)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The level of the IPsec MIB."
      ::= { cipSecLevels 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Internet Key Exchange (IKE) Group
--
-- This group consists of:
-- 1) IPsec Phase-1 Global Statistics
-- 2) IPsec Phase-1 Peer Table
-- 3) IPsec Phase-1 Tunnel Table
-- 4) IPsec Phase-1 Correlation Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Global Statistics
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cikeGlobalStats  OBJECT IDENTIFIER  
              ::= { cipSecPhaseOne 1 }

   cikeGlobalActiveTunnels OBJECT-TYPE
      SYNTAX Gauge32
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of currently active IPsec 
         Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 1 }

   cikeGlobalPreviousTunnels OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SAs"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of previously active 
         IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 2 }

   cikeGlobalInOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets received by all currently
          and previously active IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 3 }

   cikeGlobalInPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets received by all 
         currently and previously active IPsec 
         Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 4 }

   cikeGlobalInDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets which were 
         dropped during receive processing by all 
         currently and previously
          active IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 5 }

   cikeGlobalInNotifys OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of notifys received by 
         all currently and previously active IPsec 
         Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 6 }

   cikeGlobalInP2Exchgs OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges 
         received by all currently and previously 
         active IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 7 }

   cikeGlobalInP2ExchgInvalids OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges 
         which were received and found to be invalid 
         by all currently and previously active IPsec 
         Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 8 }

   cikeGlobalInP2ExchgRejects OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges 
         which were received and rejected by all 
         currently and previously active IPsec Phase-1 
         IKE Tunnels."
      ::= { cikeGlobalStats 9 }

   cikeGlobalInP2SaDelRequests OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 security 
         association delete requests received by all 
         currently and previously
          active and IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 10 }

   cikeGlobalOutOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets sent by all currently
          and previously active and IPsec Phase-1 
          IKE Tunnels."
      ::= { cikeGlobalStats 11 }

   cikeGlobalOutPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets sent by all currently
          and previously active and IPsec Phase-1 
          Tunnels."
      ::= { cikeGlobalStats 12 }

   cikeGlobalOutDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets which were dropped 
         during send processing by all currently 
         and previously
          active IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 13 }

   cikeGlobalOutNotifys OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of notifys sent by all currently
          and previously active IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 14 }

   cikeGlobalOutP2Exchgs OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges 
         which were sent by all currently and previously 
         active IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 15 }

   cikeGlobalOutP2ExchgInvalids OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges 
         which were sent and found to be invalid by 
         all currently and previously active IPsec Phase-1 
         Tunnels."
      ::= { cikeGlobalStats 16 }

   cikeGlobalOutP2ExchgRejects OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges 
         which were sent and rejected by all currently and
          previously active IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 17 }

   cikeGlobalOutP2SaDelRequests OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 SA
          delete requests sent by all currently and 
          previously active IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 18 }

   cikeGlobalInitTunnels OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SAs"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-1 IKE 
         Tunnels which were locally initiated."
      ::= { cikeGlobalStats 19 }

   cikeGlobalInitTunnelFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SAs"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-1 IKE Tunnels 
         which were locally initiated and failed to activate."
      ::= { cikeGlobalStats 20 }

   cikeGlobalRespTunnelFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SAs"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-1 IKE Tunnels 
         which were remotely initiated and failed to activate."
      ::= { cikeGlobalStats 21 }

   cikeGlobalSysCapFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of system capcity failures 
         which occurred during processing of all current 
         and previously active IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 22 }

   cikeGlobalAuthFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of authentications which ended
          in failure by all current and previous IPsec Phase-1
          IKE Tunnels."
      ::= { cikeGlobalStats 23 }

   cikeGlobalDecryptFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of decryptions which ended
          in failure by all current and previous IPsec Phase-1
          IKE Tunnels."
      ::= { cikeGlobalStats 24 }

   cikeGlobalHashValidFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of hash validations which ended
          in failure by all current and previous IPsec Phase-1
          IKE Tunnels."
      ::= { cikeGlobalStats 25 }

   cikeGlobalNoSaFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of non-existent Security Association
          in failures which occurred during processing of 
          all current and previous IPsec Phase-1 IKE Tunnels."
      ::= { cikeGlobalStats 26 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Internet Key Exchange Peer Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cikePeerTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CikePeerEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-1 Internet Key Exchange Peer Table.
          There is one entry in this table for each IPsec
          Phase-1 IKE peer association which is currently
          associated with an active IPsec Phase-1 Tunnel.
          The IPsec Phase-1 IKE Tunnel associated with this
          IPsec Phase-1 IKE peer association may or may not
          be currently active."
     ::= { cipSecPhaseOne 2 }

   cikePeerEntry OBJECT-TYPE
      SYNTAX CikePeerEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
            "Each entry contains the attributes associated 
             with an IPsec Phase-1 IKE peer association."
      INDEX { cikePeerLocalType,
              cikePeerLocalValue,
              cikePeerRemoteType,
              cikePeerRemoteValue,
              cikePeerIntIndex }
      ::= { cikePeerTable 1}

   CikePeerEntry ::= SEQUENCE {
      cikePeerLocalType                IkePeerType,
      cikePeerLocalValue               DisplayString,
      cikePeerRemoteType               IkePeerType,
      cikePeerRemoteValue              DisplayString,
      cikePeerIntIndex                 Integer32,
      cikePeerLocalAddr                IPSIpAddress,
      cikePeerRemoteAddr               IPSIpAddress,
      cikePeerActiveTime               TimeInterval,
      cikePeerActiveTunnelIndex        Integer32
   }

   cikePeerLocalType OBJECT-TYPE
      SYNTAX IkePeerType
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The type of local peer identity.  The local peer 
          may be identified by:
          1. an IP address, or
          2. a host name."
      ::= { cikePeerEntry 1 }

   cikePeerLocalValue OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The value of the local peer identity.

          If the local peer type is an IP Address, then this
          is the IP Address used to identify the local peer.

          If the local peer type is a host name, then this is
          the host name used to identify the local peer."
      ::= { cikePeerEntry 2 }

   cikePeerRemoteType OBJECT-TYPE
      SYNTAX IkePeerType
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The type of remote peer identity.  The remote peer 
          may be identified by:
          1. an IP address, or
          2. a host name."
      ::= { cikePeerEntry 3 }

   cikePeerRemoteValue OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The value of the remote peer identity.

          If the remote peer type is an IP Address, then this
          is the IP Address used to identify the remote peer.

          If the remote peer type is a host name, then this is
          the host name used to identify the remote peer."
      ::= { cikePeerEntry 4 }

   cikePeerIntIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The internal index of the local-remote 
         peer association.  This internal index is used 
         to uniquely identify multiple associations between 
         the local and remote peer."
      ::= { cikePeerEntry 5 }

   cikePeerLocalAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the local peer."
      ::= { cikePeerEntry 6 }

   cikePeerRemoteAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the remote peer."
      ::= { cikePeerEntry 7 }

   cikePeerActiveTime OBJECT-TYPE
      SYNTAX TimeInterval
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The length of time that the peer association has
          existed in hundredths of a second."
      ::= { cikePeerEntry 8 }

   cikePeerActiveTunnelIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The index of the active IPsec Phase-1 IKE Tunnel
          (cikeTunIndex in the cikeTunnelTable) for this peer
          association.  If an IPsec Phase-1 IKE Tunnel is
          not currently active, then the value of this
          object will be zero."
      ::= { cikePeerEntry 9 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Internet Key Exchange Tunnel Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cikeTunnelTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CikeTunnelEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-1 Internet Key Exchange Tunnel Table.
          There is one entry in this table for each active IPsec
          Phase-1 IKE Tunnel."
     ::= { cipSecPhaseOne 3 }

   cikeTunnelEntry OBJECT-TYPE
      SYNTAX CikeTunnelEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
            "Each entry contains the attributes associated with
             an active IPsec Phase-1 IKE Tunnel."
      INDEX { cikeTunIndex }
      ::= { cikeTunnelTable 1}

   CikeTunnelEntry ::= SEQUENCE {
      cikeTunIndex                 Integer32,
      cikeTunLocalType             IkePeerType,
      cikeTunLocalValue            DisplayString,
      cikeTunLocalAddr             IPSIpAddress,
      cikeTunLocalName             DisplayString,
      cikeTunRemoteType            IkePeerType,
      cikeTunRemoteValue           DisplayString,
      cikeTunRemoteAddr            IPSIpAddress,
      cikeTunRemoteName            DisplayString,
      cikeTunNegoMode              IkeNegoMode,
      cikeTunDiffHellmanGrp        DiffHellmanGrp,
      cikeTunEncryptAlgo           EncryptAlgo,
      cikeTunHashAlgo              IkeHashAlgo,
      cikeTunAuthMethod            IkeAuthMethod,
      cikeTunLifeTime              Integer32,
      cikeTunActiveTime            TimeInterval,
      cikeTunSaRefreshThreshold    Integer32,
      cikeTunTotalRefreshes        Counter32,
      cikeTunInOctets              Counter32,
      cikeTunInPkts                Counter32,
      cikeTunInDropPkts            Counter32,
      cikeTunInNotifys             Counter32,
      cikeTunInP2Exchgs            Counter32,
      cikeTunInP2ExchgInvalids     Counter32,
      cikeTunInP2ExchgRejects      Counter32,
      cikeTunInP2SaDelRequests     Counter32,
      cikeTunOutOctets             Counter32,
      cikeTunOutPkts               Counter32,
      cikeTunOutDropPkts           Counter32,
      cikeTunOutNotifys            Counter32,
      cikeTunOutP2Exchgs           Counter32,
      cikeTunOutP2ExchgInvalids    Counter32,
      cikeTunOutP2ExchgRejects     Counter32,
      cikeTunOutP2SaDelRequests    Counter32,
      cikeTunStatus                TunnelStatus
   }

   cikeTunIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The index of the IPsec Phase-1 IKE Tunnel Table.
          The value of the index is a number which begins 
          at one and is incremented with each tunnel that 
          is created. The value of this object will 
          wrap at 2,147,483,647."
      ::= { cikeTunnelEntry 1 }

   cikeTunLocalType OBJECT-TYPE
      SYNTAX IkePeerType
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of local peer identity.  The local 
         peer may be identified by:
          1. an IP address, or
          2. a host name."
      ::= { cikeTunnelEntry 2 }

   cikeTunLocalValue OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of the local peer identity.

          If the local peer type is an IP Address, then this
          is the IP Address used to identify the local peer.

          If the local peer type is a host name, then this is
          the host name used to identify the local peer."
      ::= { cikeTunnelEntry 3 }

   cikeTunLocalAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the local endpoint for the IPsec
          Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 4 }

   cikeTunLocalName OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The DNS name of the local IP address for 
         the IPsec Phase-1 IKE Tunnel. If the DNS 
         name associated with the local tunnel endpoint 
         is not known, then the value of this
          object will be a NULL string."
      ::= { cikeTunnelEntry 5 }

   cikeTunRemoteType OBJECT-TYPE
      SYNTAX IkePeerType
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of remote peer identity.  
         The remote peer may be identified by:
          1. an IP address, or
          2. a host name."
      ::= { cikeTunnelEntry 6 }

   cikeTunRemoteValue OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of the remote peer identity.

          If the remote peer type is an IP Address, then this
          is the IP Address used to identify the remote peer.

          If the remote peer type is a host name, then 
          this is the host name used to identify the 
          remote peer."
      ::= { cikeTunnelEntry 7 }

   cikeTunRemoteAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the remote endpoint for the IPsec
          Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 8 }

   cikeTunRemoteName OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The DNS name of the remote IP address of IPsec Phase-1
          IKE Tunnel. If the DNS name associated with the remote
          tunnel endpoint is not known, then the value of this
          object will be a NULL string."
      ::= { cikeTunnelEntry 9 }

   cikeTunNegoMode OBJECT-TYPE
      SYNTAX IkeNegoMode
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The negotiation mode of the IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 10 }

   cikeTunDiffHellmanGrp OBJECT-TYPE
      SYNTAX DiffHellmanGrp
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The Diffie Hellman Group used in IPsec Phase-1 IKE
          negotiations."
      ::= { cikeTunnelEntry 11 }

   cikeTunEncryptAlgo OBJECT-TYPE
      SYNTAX EncryptAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The encryption algorithm used in IPsec Phase-1 IKE
          negotiations."
      ::= { cikeTunnelEntry 12 }

   cikeTunHashAlgo OBJECT-TYPE
      SYNTAX IkeHashAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The hash algorithm used in IPsec Phase-1 IKE
          negotiations."
      ::= { cikeTunnelEntry 13 }

   cikeTunAuthMethod OBJECT-TYPE
      SYNTAX IkeAuthMethod
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The authentication method used in IPsec Phase-1 IKE
          negotiations."
      ::= { cikeTunnelEntry 14 }

   cikeTunLifeTime OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      UNITS "seconds"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
          in seconds."
      ::= { cikeTunnelEntry 15 }

   cikeTunActiveTime OBJECT-TYPE
      SYNTAX TimeInterval
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The length of time the IPsec Phase-1 IKE tunnel has been
          active in hundredths of seconds."
      ::= { cikeTunnelEntry 16 }

   cikeTunSaRefreshThreshold OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      UNITS "seconds"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The security assoication refresh threshold in seconds."
      ::= { cikeTunnelEntry 17 }

   cikeTunTotalRefreshes OBJECT-TYPE
      SYNTAX Counter32
      UNITS "QM Exchanges"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of security associations 
         refreshes performed."
      ::= { cikeTunnelEntry 18 }

   cikeTunInOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets received by 
         this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 19 }

   cikeTunInPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets received by 
         this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 20 }

   cikeTunInDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped 
         by this IPsec Phase-1 IKE Tunnel during 
         receive processing."
      ::= { cikeTunnelEntry 21 }

   cikeTunInNotifys OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of notifys received by 
         this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 22 }

   cikeTunInP2Exchgs OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 
         exchanges received by
          this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 23 }

   cikeTunInP2ExchgInvalids OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 
         exchanges received and found to be invalid 
         by this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 24 }

   cikeTunInP2ExchgRejects OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges 
         received and rejected by this IPsec Phase-1 
         Tunnel."
      ::= { cikeTunnelEntry 25 }

   cikeTunInP2SaDelRequests OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 
         security association delete requests received 
         by this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 26 }

   cikeTunOutOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets sent by this IPsec Phase-1
          IKE Tunnel."
      ::= { cikeTunnelEntry 27 }

   cikeTunOutPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets sent by this IPsec Phase-1
          IKE Tunnel."
      ::= { cikeTunnelEntry 28 }

   cikeTunOutDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped by this 
         IPsec Phase-1 IKE Tunnel during send processing."
      ::= { cikeTunnelEntry 29 }

   cikeTunOutNotifys OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of notifys sent by this 
         IPsec Phase-1 Tunnel."
      ::= { cikeTunnelEntry 30 }

   cikeTunOutP2Exchgs OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges sent by
          this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 31 }

   cikeTunOutP2ExchgInvalids OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges sent and
          found to be invalid by this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 32 }

   cikeTunOutP2ExchgRejects OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges sent and
          rejected by this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 33 }

   cikeTunOutP2SaDelRequests OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 security association
          delete requests sent by this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelEntry 34 }

   cikeTunStatus OBJECT-TYPE
      SYNTAX TunnelStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "The status of the MIB table row.

          This object can be used to bring the tunnel down 
          by setting value of this object to destroy(2).

          This object cannot be used to create 
          a MIB table row."
      ::= { cikeTunnelEntry 35 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The Internet Key Exchange Peer Association to
-- Phase-2 Tunnel Correlation Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cikePeerCorrTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CikePeerCorrEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-1 Internet Key Exchange Peer
   Association to IPsec Phase-2 Tunnel
   Correlation Table. There is one entry in
   this table for each active IPsec Phase-2
   Tunnel."
     ::= { cipSecPhaseOne 4 }

   cikePeerCorrEntry OBJECT-TYPE
      SYNTAX CikePeerCorrEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
            "Each entry contains the attributes of an
      IPsec Phase-1 IKE Peer Association to IPsec
      Phase-2 Tunnel Correlation."
      INDEX { cikePeerCorrLocalType,
              cikePeerCorrLocalValue,
              cikePeerCorrRemoteType,
              cikePeerCorrRemoteValue,
              cikePeerCorrIntIndex,
              cikePeerCorrSeqNum  }
      ::= { cikePeerCorrTable 1}

   CikePeerCorrEntry ::= SEQUENCE {
      cikePeerCorrLocalType                IkePeerType,
      cikePeerCorrLocalValue               DisplayString,
      cikePeerCorrRemoteType               IkePeerType,
      cikePeerCorrRemoteValue              DisplayString,
      cikePeerCorrIntIndex                 Integer32,
      cikePeerCorrSeqNum                   Integer32,
      cikePeerCorrIpSecTunIndex            Integer32
   }

   cikePeerCorrLocalType OBJECT-TYPE
      SYNTAX IkePeerType
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The type of local peer identity. The local peer 
          may be identified by:
          1. an IP address, or
          2. a host name."
      ::= { cikePeerCorrEntry 1 }

   cikePeerCorrLocalValue OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The value of the local peer identity.

          If the local peer type is an IP Address, then this
          is the IP Address used to identify the local peer.

          If the local peer type is a host name, then this is
          the host name used to identify the local peer."
      ::= { cikePeerCorrEntry 2 }

   cikePeerCorrRemoteType OBJECT-TYPE
      SYNTAX IkePeerType
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The type of remote peer identity. The remote peer 
          may be identified by:
          1. an IP address, or
          2. a host name."
      ::= { cikePeerCorrEntry 3 }

   cikePeerCorrRemoteValue OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The value of the remote peer identity.

          If the remote peer type is an IP Address, then this
          is the IP Address used to identify the remote peer.

          If the remote peer type is a host name, then this is
          the host name used to identify the remote peer."
      ::= { cikePeerCorrEntry 4 }

   cikePeerCorrIntIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The internal index of the local-remote 
         peer association.  This internal index is 
         used to uniquely identify multiple associations 
         between the local and remote peer."
      ::= { cikePeerCorrEntry 5 }

   cikePeerCorrSeqNum   OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The sequence number of the local-remote 
         peer association.  This sequence number is 
         used to uniquely identify multiple instances 
         of an unique association between
          the local and remote peer."
      ::= { cikePeerCorrEntry 6 }

   cikePeerCorrIpSecTunIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The index of the active IPsec Phase-2 Tunnel
          (cipSecTunIndex in the cipSecTunnelTable) for this
          IPsec Phase-1 IKE Peer Association."
      ::= { cikePeerCorrEntry 7 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Phase-2 Group
--
-- This group consists of:
-- 1) IPsec Phase-2 Global Statistics
-- 2) IPsec Phase-2 Tunnel Table
-- 3) IPsec Phase-2 Endpoint Table
-- 4) IPsec Phase-2 Security Protection Index Table
-- 4) IPsec Phase-2 Security Protection Index Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Global Tunnel Statistics
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecGlobalStats          OBJECT IDENTIFIER 
                    ::= { cipSecPhaseTwo 1 }

   cipSecGlobalActiveTunnels OBJECT-TYPE
      SYNTAX Gauge32
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of currently active 
         IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 1 }

   cipSecGlobalPreviousTunnels OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Phase-2 Tunnels"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of previously active 
         IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 2 }

   cipSecGlobalInOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets received by all 
         current and previous IPsec Phase-2 Tunnels. 
         This value is
   accumulated BEFORE determining whether or not
   the packet should be decompressed. See also
   cipSecGlobalInOctWraps for the number of times
   this counter has wrapped."
      ::= { cipSecGlobalStats 3 }

   cipSecGlobalHcInOctets OBJECT-TYPE
      SYNTAX Counter64
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total number of
   octets received by all current and previous
   IPsec Phase-2 Tunnels. This value is accumulated
   BEFORE determining whether or not the packet
   should be decompressed."
      ::= { cipSecGlobalStats 4 }

   cipSecGlobalInOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the global octets received
   counter (cipSecGlobalInOctets) has wrapped."
      ::= { cipSecGlobalStats 5 }

   cipSecGlobalInDecompOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of decompressed octets received 
         by all current and previous IPsec Phase-2 Tunnels.  
         This value is accumulated AFTER the packet is 
         decompressed. If compression is not being used, 
         this value will match the value of cipSecGlobalInOctets. 
         See also cipSecGlobalInDecompOctWraps
          for the number of times this counter has wrapped."
      ::= { cipSecGlobalStats 6 }

   cipSecGlobalHcInDecompOctets OBJECT-TYPE
      SYNTAX Counter64
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total number 
         of decompressed octets received by all current 
         and previous IPsec Phase-2 Tunnels.  This value 
         is accumulated AFTER the packet is decompressed.
          If compression is not being used, this value 
          will match the value of cipSecGlobalHcInOctets."
      ::= { cipSecGlobalStats 7 }

   cipSecGlobalInDecompOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the global decompressed 
         octets received counter
          (cipSecGlobalInDecompOctets) has wrapped."
      ::= { cipSecGlobalStats 8 }

   cipSecGlobalInPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets received 
         by all current and previous
          IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 9 }

   cipSecGlobalInDrops OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped 
         during receive processing by all current and previous 
         IPsec Phase-2 Tunnels. This count does
         NOT include packets dropped due to 
         Anti-Replay processing."
      ::= { cipSecGlobalStats 10 }

   cipSecGlobalInReplayDrops OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped during 
         receive processing due to Anti-Replay 
         processing by all current and previous IPsec
          Phase-2 Tunnels."
      ::= { cipSecGlobalStats 11 }

   cipSecGlobalInAuths OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Events"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound authentication's 
         performed by all current and previous IPsec 
         Phase-2 Tunnels."
      ::= { cipSecGlobalStats 12 }

   cipSecGlobalInAuthFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound authentication's 
         which ended in failure by all current and previous 
         IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 13 }

   cipSecGlobalInDecrypts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound decryption's 
         performed by all current and previous IPsec 
         Phase-2 Tunnels."
      ::= { cipSecGlobalStats 14 }

   cipSecGlobalInDecryptFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound decryption's 
         which ended in failure by all current and 
         previous IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 15 }

   cipSecGlobalOutOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets sent by all 
         current and previous IPsec Phase-2 Tunnels.  
         This value is accumulated AFTER determining 
         whether or not the packet should be compressed.  
         See also cipSecGlobalOutOctWraps for the
          number of times this counter has wrapped."
      ::= { cipSecGlobalStats 16 }

   cipSecGlobalHcOutOctets OBJECT-TYPE
      SYNTAX Counter64
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total number 
         of octets sent by all current and previous 
         IPsec Phase-2 Tunnels.  This value is accumulated 
         AFTER determining whether or not the packet should 
         be compressed."
      ::= { cipSecGlobalStats 17 }

   cipSecGlobalOutOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the global octets sent counter
          (cipSecGlobalOutOctets) has wrapped."
      ::= { cipSecGlobalStats 18 }

   cipSecGlobalOutUncompOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of uncompressed octets sent 
       by all current and previous IPsec Phase-2 Tunnels.  
       This value is accumulated BEFORE the packet is 
       compressed. If compression is not being used, this 
       value will match the value of cipSecGlobalOutOctets. 
       See also cipSecGlobalOutDecompOctWraps for the number 
       of times this counter has wrapped."
      ::= { cipSecGlobalStats 19 }

   cipSecGlobalHcOutUncompOctets OBJECT-TYPE
      SYNTAX Counter64
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
    "A high capacity count of the total number of 
    uncompressed octets sent by all current and previous 
    IPsec Phase-2 Tunnels.  This value is accumulated 
    BEFORE the packet is compressed.  If compression is 
    not being used, this value will match the
          value of cipSecGlobalHcOutOctets."
      ::= { cipSecGlobalStats 20 }

   cipSecGlobalOutUncompOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the global uncompressed 
         octets sent counter (cipSecGlobalOutUncompOctets) 
         has wrapped."
      ::= { cipSecGlobalStats 21 }

   cipSecGlobalOutPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets sent by all 
         current and previous
          IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 22 }

   cipSecGlobalOutDrops OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped during send 
         processing by all current and previous IPsec 
         Phase-2 Tunnels."
      ::= { cipSecGlobalStats 23 }

   cipSecGlobalOutAuths OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Events"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound authentication's 
         performed by all current and previous IPsec 
         Phase-2 Tunnels."
      ::= { cipSecGlobalStats 24 }

   cipSecGlobalOutAuthFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound authentication's 
         which ended in failure
          by all current and previous IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 25 }

   cipSecGlobalOutEncrypts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound encryption's performed
          by all current and previous IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 26 }

   cipSecGlobalOutEncryptFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound encryption's 
         which ended in failure by all current and 
         previous IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 27 }

   cipSecGlobalProtocolUseFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of protocol use failures 
         which occurred during processing of all current 
         and previously active IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 28 }

   cipSecGlobalNoSaFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of non-existent 
         Security Assocication in failures which occurred 
         during processing of all current
          and previous IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 29 }

   cipSecGlobalSysCapFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of system capacity failures 
         which occurred during processing of all current 
         and previously active IPsec Phase-2 Tunnels."
      ::= { cipSecGlobalStats 30 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecTunnelTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CipSecTunnelEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-2 Tunnel Table.  
         There is one entry in this table for 
         each active IPsec Phase-2 Tunnel."
      ::= { cipSecPhaseTwo 2 }

   cipSecTunnelEntry OBJECT-TYPE
      SYNTAX CipSecTunnelEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "Each entry contains the attributes 
         associated with an active IPsec Phase-2 Tunnel."
      INDEX { cipSecTunIndex }
      ::= { cipSecTunnelTable 1 }

   CipSecTunnelEntry ::= SEQUENCE {
      cipSecTunIndex                Integer32,
      cipSecTunIkeTunnelIndex       Integer32,
      cipSecTunIkeTunnelAlive       TruthValue,
      cipSecTunLocalAddr            IPSIpAddress,
      cipSecTunRemoteAddr           IPSIpAddress,
      cipSecTunKeyType              KeyType,
      cipSecTunEncapMode            EncapMode,
      cipSecTunLifeSize             Integer32,
      cipSecTunLifeTime             Integer32,
      cipSecTunActiveTime           TimeInterval,
      cipSecTunSaLifeSizeThreshold  Integer32,
      cipSecTunSaLifeTimeThreshold  Integer32,
      cipSecTunTotalRefreshes       Counter32,
      cipSecTunExpiredSaInstances   Counter32,
      cipSecTunCurrentSaInstances   Gauge32,
      cipSecTunInSaDiffHellmanGrp   DiffHellmanGrp,
      cipSecTunInSaEncryptAlgo      EncryptAlgo,
      cipSecTunInSaAhAuthAlgo       AuthAlgo,
      cipSecTunInSaEspAuthAlgo      AuthAlgo,
      cipSecTunInSaDecompAlgo       CompAlgo,
      cipSecTunOutSaDiffHellmanGrp  DiffHellmanGrp,
      cipSecTunOutSaEncryptAlgo     EncryptAlgo,
      cipSecTunOutSaAhAuthAlgo      AuthAlgo,
      cipSecTunOutSaEspAuthAlgo     AuthAlgo,
      cipSecTunOutSaCompAlgo        CompAlgo,
      cipSecTunInOctets             Counter32,
      cipSecTunHcInOctets           Counter64,
      cipSecTunInOctWraps           Counter32,
      cipSecTunInDecompOctets       Counter32,
      cipSecTunHcInDecompOctets     Counter64,
      cipSecTunInDecompOctWraps     Counter32,
      cipSecTunInPkts               Counter32,
      cipSecTunInDropPkts           Counter32,
      cipSecTunInReplayDropPkts     Counter32,
      cipSecTunInAuths              Counter32,
      cipSecTunInAuthFails          Counter32,
      cipSecTunInDecrypts           Counter32,
      cipSecTunInDecryptFails       Counter32,
      cipSecTunOutOctets            Counter32,
      cipSecTunHcOutOctets          Counter64,
      cipSecTunOutOctWraps          Counter32,
      cipSecTunOutUncompOctets      Counter32,
      cipSecTunHcOutUncompOctets    Counter64,
      cipSecTunOutUncompOctWraps    Counter32,
      cipSecTunOutPkts              Counter32,
      cipSecTunOutDropPkts          Counter32,
      cipSecTunOutAuths             Counter32,
      cipSecTunOutAuthFails         Counter32,
      cipSecTunOutEncrypts          Counter32,
      cipSecTunOutEncryptFails      Counter32,
      cipSecTunStatus               TunnelStatus
   }

   cipSecTunIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The index of the IPsec Phase-2 Tunnel Table.
          The value of the index is a number which begins 
          at one and is incremented with each tunnel that 
          is created. The value of this object will wrap 
          at 2,147,483,647."
      ::= { cipSecTunnelEntry 1 }

   cipSecTunIkeTunnelIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The index of the associated IPsec Phase-1 
         IKE Tunnel.
          (cikeTunIndex in the cikeTunnelTable)"
      ::= { cipSecTunnelEntry 2 }

   cipSecTunIkeTunnelAlive OBJECT-TYPE
      SYNTAX TruthValue
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "An indicator which specifies whether or not the
          IPsec Phase-1 IKE Tunnel currently exists."
      ::= { cipSecTunnelEntry 3 }

   cipSecTunLocalAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the local endpoint for the IPsec
          Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 4 }

   cipSecTunRemoteAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the remote endpoint for the IPsec
          Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 5 }

   cipSecTunKeyType OBJECT-TYPE
      SYNTAX KeyType
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of key used by the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 6 }

   cipSecTunEncapMode OBJECT-TYPE
      SYNTAX EncapMode
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The encapsulation mode used by the 
         IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 7 }

   cipSecTunLifeSize OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      UNITS "KBytes"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The negotiated LifeSize of the 
         IPsec Phase-2 Tunnel in kilobytes."
      ::= { cipSecTunnelEntry 8 }

   cipSecTunLifeTime OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      UNITS "Seconds"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The negotiated LifeTime of the 
         IPsec Phase-2 Tunnel in seconds."
      ::= { cipSecTunnelEntry 9 }

   cipSecTunActiveTime OBJECT-TYPE
      SYNTAX TimeInterval
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The length of time the IPsec Phase-2 
         Tunnel has been
          active in hundredths of seconds."
      ::= { cipSecTunnelEntry 10 }

   cipSecTunSaLifeSizeThreshold OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      UNITS "KBytes"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The security association LifeSize refresh 
         threshold in kilobytes."
      ::= { cipSecTunnelEntry 11 }

   cipSecTunSaLifeTimeThreshold OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      UNITS "Seconds"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The security association LifeTime refresh 
         threshold in seconds."
      ::= { cipSecTunnelEntry 12 }

   cipSecTunTotalRefreshes OBJECT-TYPE
      SYNTAX Counter32
      UNITS "QM Exchanges"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of security 
         association refreshes performed."
      ::= { cipSecTunnelEntry 13 }

   cipSecTunExpiredSaInstances OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SAs"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of security associations 
         which have expired."
      ::= { cipSecTunnelEntry 14 }

   cipSecTunCurrentSaInstances OBJECT-TYPE
      SYNTAX Gauge32
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of security associations 
         which are currently active or expiring."
      ::= { cipSecTunnelEntry 15 }

   cipSecTunInSaDiffHellmanGrp OBJECT-TYPE
     SYNTAX DiffHellmanGrp
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The Diffie Hellman Group used 
         by the inbound security association of the 
         IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 16 }

   cipSecTunInSaEncryptAlgo OBJECT-TYPE
      SYNTAX EncryptAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The encryption algorithm used by the inbound security
          association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 17 }

   cipSecTunInSaAhAuthAlgo OBJECT-TYPE
      SYNTAX AuthAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The authentication algorithm used by the inbound
          authentication header (AH) security association of
          the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 18 }

   cipSecTunInSaEspAuthAlgo OBJECT-TYPE
      SYNTAX AuthAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The authentication algorithm used by the inbound
          ecapsulation security protocol (ESP) security 
          association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 19 }

   cipSecTunInSaDecompAlgo OBJECT-TYPE
      SYNTAX CompAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The decompression algorithm used by the inbound
          security association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 20 }

   cipSecTunOutSaDiffHellmanGrp OBJECT-TYPE
      SYNTAX DiffHellmanGrp
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The Diffie Hellman Group used by the outbound security
          association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 21 }

   cipSecTunOutSaEncryptAlgo OBJECT-TYPE
      SYNTAX EncryptAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The encryption algorithm used by the outbound security
          association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 22 }

   cipSecTunOutSaAhAuthAlgo OBJECT-TYPE
      SYNTAX AuthAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The authentication algorithm used by the outbound
          authentication header (AH) security association of
          the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 23 }

   cipSecTunOutSaEspAuthAlgo OBJECT-TYPE
      SYNTAX AuthAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The authentication algorithm used by the inbound
          encapsulation security protocol (ESP) 
          security association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 24 }

   cipSecTunOutSaCompAlgo OBJECT-TYPE
      SYNTAX CompAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The compression algorithm used by the inbound
          security association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 25 }

   cipSecTunInOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets received by this IPsec
          Phase-2 Tunnel.  This value is accumulated
          BEFORE determining whether or not the packet should be
          decompressed.  See also cipSecTunInOctWraps for the
          number of times this counter has wrapped."
      ::= { cipSecTunnelEntry 26 }

   cipSecTunHcInOctets OBJECT-TYPE
      SYNTAX Counter64
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total number of octets
          received by this IPsec Phase-2 Tunnel.  This value is
          accumulated BEFORE determining whether or not the packet
          should be decompressed."
      ::= { cipSecTunnelEntry 27 }

   cipSecTunInOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the octets received counter
          (cipSecTunInOctets) has wrapped."
      ::= { cipSecTunnelEntry 28 }

   cipSecTunInDecompOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of decompressed octets received 
         by this IPsec Phase-2 Tunnel. This value is 
         accumulated AFTER the packet is decompressed. 
         If compression is not being
          used, this value will match the value of 
          cipSecTunInOctets.  See also cipSecTunInDecompOctWraps 
          for the number of times
          this counter has wrapped."
      ::= { cipSecTunnelEntry 29 }

   cipSecTunHcInDecompOctets OBJECT-TYPE
      SYNTAX Counter64
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total number of decompressed
          octets received by this IPsec Phase-2 Tunnel.  This value
          is accumulated AFTER the packet is decompressed. If
          compression is not being used, this value will match the
          value of cipSecTunHcInOctets."
      ::= { cipSecTunnelEntry 30 }

   cipSecTunInDecompOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the decompressed 
         octets received counter
          (cipSecTunInDecompOctets) has wrapped."
      ::= { cipSecTunnelEntry 31 }

   cipSecTunInPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets received 
         by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 32 }

   cipSecTunInDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped 
         during receive processing by this IPsec Phase-2 
         Tunnel. This count does NOT include
          packets dropped due to Anti-Replay processing."
      ::= { cipSecTunnelEntry 33 }

   cipSecTunInReplayDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped during 
         receive processing due to Anti-Replay processing 
         by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 34 }

   cipSecTunInAuths OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Events"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound 
         authentication's performed by this 
         IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 35 }

   cipSecTunInAuthFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound authentication's 
         which ended in
          failure by this IPsec Phase-2 Tunnel ."
      ::= { cipSecTunnelEntry 36 }

   cipSecTunInDecrypts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound decryption's performed
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 37 }

   cipSecTunInDecryptFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound decryption's 
         which ended in failure
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 38 }

   cipSecTunOutOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets sent by this IPsec
          Phase-2 Tunnel.  This value is accumulated
          AFTER determining whether or not the packet should 
          be compressed.  See also cipSecTunOutOctWraps for
          the number of times this counter has wrapped."
      ::= { cipSecTunnelEntry 39 }

   cipSecTunHcOutOctets OBJECT-TYPE
      SYNTAX Counter64
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total number of octets
          sent by this IPsec Phase-2 Tunnel.  This value is
          accumulated AFTER determining whether or not the 
          packet
          should be compressed."
      ::= { cipSecTunnelEntry 40 }

   cipSecTunOutOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the out octets counter
          (cipSecTunOutOctets) has wrapped."
      ::= { cipSecTunnelEntry 41 }

   cipSecTunOutUncompOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of uncompressed octets sent 
         by this IPsec Phase-2 Tunnel.  This value 
         is accumulated BEFORE the packet is compressed. 
         If compression is not being used, this value 
         will match the value of cipSecTunOutOctets.
          See also cipSecTunOutDecompOctWraps for the 
          number of times this counter has wrapped."
      ::= { cipSecTunnelEntry 42 }

   cipSecTunHcOutUncompOctets OBJECT-TYPE
      SYNTAX Counter64
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total number 
         of uncompressed octets sent by this IPsec 
         Phase-2 Tunnel.  This value is accumulated BEFORE 
         the packet is compressed. If compression
          is not being used, this value will match the value
          of cipSecTunHcOutOctets."
      ::= { cipSecTunnelEntry 43 }

   cipSecTunOutUncompOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the uncompressed octets sent 
          counter (cipSecTunOutUncompOctets) has wrapped."
      ::= { cipSecTunnelEntry 44 }

   cipSecTunOutPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets sent by this 
         IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 45 }

   cipSecTunOutDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped during 
         send processing by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 46 }

   cipSecTunOutAuths OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Events"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound authentication's performed
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 47 }

   cipSecTunOutAuthFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound 
         authentication's which ended in failure 
         by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 48 }

   cipSecTunOutEncrypts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound encryption's performed
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 49 }

   cipSecTunOutEncryptFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound encryption's 
         which ended in failure by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelEntry 50 }

   cipSecTunStatus OBJECT-TYPE
      SYNTAX TunnelStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "The status of the MIB table row.

          This object can be used to bring the tunnel down
          by setting value of this object to destroy(2).
          When the value is set to destroy(2), the SA
          bundle is destroyed and this row is deleted
          from this table.

          When this MIB value is queried, the value of
          active(1) is always returned, if the instance 
          exists.

          This object cannot be used to create a MIB 
          table row."
      ::= { cipSecTunnelEntry 51 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel Endpoint Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecEndPtTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CipSecEndPtEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-2 Tunnel Endpoint Table. 
         This table contains an entry for each 
         active endpoint associated with an IPsec
          Phase-2 Tunnel."
      ::= { cipSecPhaseTwo 3 }

   cipSecEndPtEntry OBJECT-TYPE
      SYNTAX CipSecEndPtEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "An IPsec Phase-2 Tunnel Endpoint entry."
      INDEX { cipSecTunIndex,  -- from cipSecTunnelTable
              cipSecEndPtIndex  }
      ::= { cipSecEndPtTable 1 }

   CipSecEndPtEntry ::= SEQUENCE {
      cipSecEndPtIndex                Integer32,
      cipSecEndPtLocalName            DisplayString,
      cipSecEndPtLocalType            EndPtType,
      cipSecEndPtLocalAddr1           IPSIpAddress,
      cipSecEndPtLocalAddr2           IPSIpAddress,
      cipSecEndPtLocalProtocol        Integer32,
      cipSecEndPtLocalPort            Integer32,
      cipSecEndPtRemoteName           DisplayString,
      cipSecEndPtRemoteType           EndPtType,
      cipSecEndPtRemoteAddr1          IPSIpAddress,
      cipSecEndPtRemoteAddr2          IPSIpAddress,
      cipSecEndPtRemoteProtocol       Integer32,
      cipSecEndPtRemotePort           Integer32
   }

   cipSecEndPtIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The number of the Endpoint associated with the
          IPsec Phase-2 Tunnel Table.  The value of this
          index is a number which begins at one and 
          is incremented with each Endpoint associated 
          with an IPsec Phase-2 Tunnel.
          The value of this object will wrap at 2,147,483,647."
      ::= { cipSecEndPtEntry 1 }

   cipSecEndPtLocalName OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The DNS name of the local Endpoint."
      ::= { cipSecEndPtEntry 2 }

   cipSecEndPtLocalType OBJECT-TYPE
      SYNTAX EndPtType
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of identity for the local Endpoint.
          Possible values are:
          1) a single IP address, or
          2) an IP address range, or
          3) an IP subnet."
      ::= { cipSecEndPtEntry 3 }

   cipSecEndPtLocalAddr1 OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
        "The local Endpoint's first IP address specification.

         If the local Endpoint type is single IP address, 
         then this is the value of the IP address.

         If the local Endpoint type is IP subnet, then this
         is the value of the subnet.

         If the local Endpoint type is IP address range, 
         then this is the value of beginning IP address 
         of the range."
      ::= { cipSecEndPtEntry 4 }

   cipSecEndPtLocalAddr2 OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
        "The local Endpoint's second IP address specification.

         If the local Endpoint type is single IP address, 
         then this is the value of the IP address.

         If the local Endpoint type is IP subnet, then this
         is the value of the subnet mask.

         If the local Endpoint type is IP address range, 
         then this is the value of ending IP address 
         of the range."
      ::= { cipSecEndPtEntry 5 }

   cipSecEndPtLocalProtocol OBJECT-TYPE
      SYNTAX Integer32 (0..255)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The protocol number of the local Endpoint's traffic."
      ::= { cipSecEndPtEntry 6 }

   cipSecEndPtLocalPort OBJECT-TYPE
      SYNTAX Integer32 (0..65535)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The port number of the local Endpoint's traffic."
      ::= { cipSecEndPtEntry 7 }

   cipSecEndPtRemoteName OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The DNS name of the remote Endpoint."
      ::= { cipSecEndPtEntry 8 }

   cipSecEndPtRemoteType OBJECT-TYPE
      SYNTAX EndPtType
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of identity for the remote Endpoint.
          Possible values are:
          1) a single IP address, or
          2) an IP address range, or
          3) an IP subnet."
      ::= { cipSecEndPtEntry 9 }

   cipSecEndPtRemoteAddr1 OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
        "The remote Endpoint's first IP address specification.

         If the remote Endpoint type is single IP address, 
         then this is the value of the IP address.

         If the remote Endpoint type is IP subnet, then this
         is the value of the subnet.

         If the remote Endpoint type is IP address range, 
         then this is the value of beginning IP address 
         of the range."
      ::= { cipSecEndPtEntry 10 }

   cipSecEndPtRemoteAddr2 OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
        "The remote Endpoint's second IP address specification.

         If the remote Endpoint type is single IP address, 
         then this is the value of the IP address.

         If the remote Endpoint type is IP subnet, then this
         is the value of the subnet mask.

         If the remote Endpoint type is IP address range, 
         then this is the value of ending IP address of 
         the range."
      ::= { cipSecEndPtEntry 11 }

   cipSecEndPtRemoteProtocol OBJECT-TYPE
      SYNTAX Integer32 (0..255)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The protocol number of the remote Endpoint's traffic."
      ::= { cipSecEndPtEntry 12 }

   cipSecEndPtRemotePort OBJECT-TYPE
      SYNTAX Integer32 (0..65535)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The port number of the remote Endpoint's traffic."
      ::= { cipSecEndPtEntry 13 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Security Protection Index Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecSpiTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CipSecSpiEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-2 Security Protection Index Table.  
         This table contains an entry for each active 
         and expiring security
          association."
      ::= { cipSecPhaseTwo 4 }

   cipSecSpiEntry OBJECT-TYPE
      SYNTAX CipSecSpiEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "Each entry contains the attributes associated with
          active and expiring IPsec Phase-2 
          security associations."
      INDEX { cipSecTunIndex,  -- from cipSecTunnelTable
              cipSecSpiIndex  }
      ::= { cipSecSpiTable 1 }

   CipSecSpiEntry ::= SEQUENCE {
      cipSecSpiIndex                Integer32,
      cipSecSpiDirection            INTEGER,
      cipSecSpiValue                Unsigned32,
      cipSecSpiProtocol             INTEGER,
      cipSecSpiStatus               INTEGER
   }

   cipSecSpiIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The number of the SPI associated with the 
         Phase-2 Tunnel Table.  The value of this 
         index is a number which begins at one and is 
         incremented with each SPI associated with an 
         IPsec Phase-2 Tunnel.  The value of this 
         object will wrap at 2,147,483,647."
      ::= { cipSecSpiEntry 1 }

   cipSecSpiDirection OBJECT-TYPE
      SYNTAX INTEGER{
                in(1),
                out(2)
             }
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The direction of the SPI."
      ::= { cipSecSpiEntry 2 }

   cipSecSpiValue OBJECT-TYPE
      SYNTAX Unsigned32 (1..4294967295)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of the SPI."
      ::= { cipSecSpiEntry 3 }

   cipSecSpiProtocol OBJECT-TYPE
      SYNTAX INTEGER{
                ah(1),
                esp(2),
                ipcomp(3)
             }
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The protocol of the SPI."
      ::= { cipSecSpiEntry 4 }

   cipSecSpiStatus OBJECT-TYPE
      SYNTAX INTEGER{
                active(1),
                expiring(2)
             }
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The status of the SPI."
      ::= { cipSecSpiEntry 5 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec History Group
--
-- This group consists of a:
-- 1) IPsec History Global Objects
-- 2) IPsec Phase-1 History Objects
-- 3) IPsec Phase-2 History Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecHistGlobal           OBJECT IDENTIFIER 
                    ::= { cipSecHistory 1 }
   cipSecHistPhaseOne         OBJECT IDENTIFIER 
                    ::= { cipSecHistory 2 }
   cipSecHistPhaseTwo         OBJECT IDENTIFIER 
                    ::= { cipSecHistory 3 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec History Global Control Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecHistGlobalCntl OBJECT IDENTIFIER    
                    ::= { cipSecHistGlobal 1 }

   cipSecHistTableSize  OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "The window size of the IPsec Phase-1 and Phase-2
          History Tables.

          The IPsec Phase-1 and Phase-2 History Tables are
          implemented as a sliding window in which only the
          last n entries are maintained.  This object is used
          specify the number of entries which will be 
          maintained in the IPsec Phase-1 and 
          Phase-2 History Tables.

          An implementation may choose suitable minimum and 
          maximum values for this element based on the local 
          policy and available resources. If an SNMP SET request 
          specifies a value outside this window for this element, 
          a BAD VALUE may be returned."

      ::= { cipSecHistGlobalCntl 1 }

   cipSecHistCheckPoint OBJECT-TYPE
      SYNTAX INTEGER {  
                ready(1),         
                checkPoint(2)  
             }
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
          "The current state of check point processing.   

           This object will return ready when the agent is 
           ready to create on-demand history entries for 
           active IPsec Tunnels or checkPoint when the 
           agent is currently creating on-demand history 
           entries for active IPsec Tunnels.

           By setting this value to checkPoint, the agent 
           will create:
           a) an entry in the IPsec Phase-1 Tunnel History 
              for each active IPsec Phase-1 Tunnel and
           b) an entry in the IPsec Phase-2 Tunnel History 
              Table and an entry in the IPsec Phase-2 
              Tunnel EndPoint History Table
              for each active IPsec Phase-2 Tunnel."
      ::= { cipSecHistGlobalCntl 2 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Tunnel History Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cikeTunnelHistTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CikeTunnelHistEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-1 Internet Key Exchange Tunnel 
         History Table.  This table is implemented as a 
         sliding window in which only the last n entries 
         are maintained.  The maximum number of entries
          is specified by the cipSecHistTableSize object."
     ::= { cipSecHistPhaseOne 1 }

   cikeTunnelHistEntry OBJECT-TYPE
      SYNTAX CikeTunnelHistEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
            "Each entry contains the attributes 
            associated with a previously active IPsec 
            Phase-1 IKE Tunnel."
      INDEX { cikeTunHistIndex }
      ::= { cikeTunnelHistTable 1}

   CikeTunnelHistEntry ::= SEQUENCE {
      cikeTunHistIndex                 Integer32,
      cikeTunHistTermReason            INTEGER,
      cikeTunHistActiveIndex           Integer32,
      cikeTunHistPeerLocalType         IkePeerType,
      cikeTunHistPeerLocalValue        DisplayString,
      cikeTunHistPeerIntIndex          Integer32,
      cikeTunHistPeerRemoteType        IkePeerType,
      cikeTunHistPeerRemoteValue       DisplayString,
      cikeTunHistLocalAddr             IPSIpAddress,
      cikeTunHistLocalName             DisplayString,
      cikeTunHistRemoteAddr            IPSIpAddress,
      cikeTunHistRemoteName            DisplayString,
      cikeTunHistNegoMode              IkeNegoMode,
      cikeTunHistDiffHellmanGrp        DiffHellmanGrp,
      cikeTunHistEncryptAlgo           EncryptAlgo,
      cikeTunHistHashAlgo              IkeHashAlgo,
      cikeTunHistAuthMethod            IkeAuthMethod,
      cikeTunHistLifeTime              Integer32,
      cikeTunHistStartTime             TimeStamp,
      cikeTunHistActiveTime            TimeInterval,
      cikeTunHistTotalRefreshes        Counter32,
      cikeTunHistTotalSas              Counter32,
      cikeTunHistInOctets              Counter32,
      cikeTunHistInPkts                Counter32,
      cikeTunHistInDropPkts            Counter32,
      cikeTunHistInNotifys             Counter32,
      cikeTunHistInP2Exchgs            Counter32,
      cikeTunHistInP2ExchgInvalids     Counter32,
      cikeTunHistInP2ExchgRejects      Counter32,
      cikeTunHistInP2SaDelRequests     Counter32,
      cikeTunHistOutOctets             Counter32,
      cikeTunHistOutPkts               Counter32,
      cikeTunHistOutDropPkts           Counter32,
      cikeTunHistOutNotifys            Counter32,
      cikeTunHistOutP2Exchgs           Counter32,
      cikeTunHistOutP2ExchgInvalids    Counter32,
      cikeTunHistOutP2ExchgRejects     Counter32,
      cikeTunHistOutP2SaDelRequests    Counter32
   }

   cikeTunHistIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The index of the IPsec Phase-1 IKE Tunnel History 
         Table.  The value of the index is a number which 
         begins at one and is incremented with each 
         tunnel that ends. The value of this object 
         will wrap at 2,147,483,647."
      ::= { cikeTunnelHistEntry 1 }

   cikeTunHistTermReason  OBJECT-TYPE
      SYNTAX INTEGER {
                other(1),
                normal(2),
                operRequest(3),
                peerDelRequest(4),
                peerLost(5),
                localFailure(6),
                checkPointReg(7)
             }
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The reason the IPsec Phase-1 IKE Tunnel was terminated.
          Possible reasons include:
          1 = other
          2 = normal termination
          3 = operator request
          4 = peer delete request was received
          5 = contact with peer was lost
          6 = local failure occurred.
          7 = operator initiated check point request"
      ::= { cikeTunnelHistEntry 2 }

   cikeTunHistActiveIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The index of the previously active IPsec 
         Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 3 }

   cikeTunHistPeerLocalType OBJECT-TYPE
      SYNTAX IkePeerType
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of local peer identity.  The local peer 
         may be indentified by:
          1. an IP address, or
          2. a host name."
      ::= { cikeTunnelHistEntry 4 }

   cikeTunHistPeerLocalValue OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of the local peer identity.

          If the local peer type is an IP Address, then this
          is the IP Address used to identify the local peer.

          If the local peer type is a host name, then this is
          the host name used to identify the local peer."
      ::= { cikeTunnelHistEntry 5 }

   cikeTunHistPeerIntIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The internal index of the local-remote peer 
         association.  This internal index is used to 
         uniquely identify multiple associations between 
         the local and remote peer."
      ::= { cikeTunnelHistEntry 6 }

   cikeTunHistPeerRemoteType OBJECT-TYPE
      SYNTAX IkePeerType
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of remote peer identity.  The remote 
         peer may be indentified by:
          1. an IP address, or
          2. a host name."
      ::= { cikeTunnelHistEntry 7 }

   cikeTunHistPeerRemoteValue OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of the remote peer identity.

          If the remote peer type is an IP Address, then this
          is the IP Address used to identify the remote peer.

          If the remote peer type is a host name, then this is
          the host name used to identify the remote peer."
      ::= { cikeTunnelHistEntry 8 }

   cikeTunHistLocalAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the local endpoint for the IPsec
          Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 9 }

   cikeTunHistLocalName OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The DNS name of the local IP address for 
         the IPsec Phase-1 IKE Tunnel. If the DNS 
         name associated with the local tunnel endpoint 
         is not known, then the value of this
          object will be a NULL string."
      ::= { cikeTunnelHistEntry 10 }

   cikeTunHistRemoteAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the remote endpoint for the IPsec
          Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 11 }

   cikeTunHistRemoteName OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The DNS name of the remote IP address of IPsec Phase-1
          IKE Tunnel. If the DNS name associated with the remote
          tunnel endpoint is not known, then the value of this
          object will be a NULL string."
      ::= { cikeTunnelHistEntry 12 }

   cikeTunHistNegoMode OBJECT-TYPE
      SYNTAX IkeNegoMode
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The negotiation mode of the IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 13 }

   cikeTunHistDiffHellmanGrp OBJECT-TYPE
      SYNTAX DiffHellmanGrp
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The Diffie Hellman Group used in IPsec Phase-1 IKE
          negotiations."
      ::= { cikeTunnelHistEntry 14 }

   cikeTunHistEncryptAlgo OBJECT-TYPE
      SYNTAX EncryptAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The encryption algorithm used in IPsec Phase-1 IKE
          negotiations."
      ::= { cikeTunnelHistEntry 15 }

   cikeTunHistHashAlgo OBJECT-TYPE
      SYNTAX IkeHashAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The hash algorithm used in IPsec Phase-1 IKE
          negotiations."
      ::= { cikeTunnelHistEntry 16 }

   cikeTunHistAuthMethod OBJECT-TYPE
      SYNTAX IkeAuthMethod
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The authentication method used in IPsec Phase-1 IKE
          negotiations."
      ::= { cikeTunnelHistEntry 17 }

   cikeTunHistLifeTime OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
          in seconds."
      ::= { cikeTunnelHistEntry 18 }

   cikeTunHistStartTime OBJECT-TYPE
      SYNTAX TimeStamp
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of sysUpTime in hundredths of seconds
         when the IPsec Phase-1 IKE tunnel was started."
      ::= { cikeTunnelHistEntry 19 }

   cikeTunHistActiveTime OBJECT-TYPE
      SYNTAX TimeInterval
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The length of time the IPsec Phase-1 IKE tunnel was been
          active in hundredths of seconds."
      ::= { cikeTunnelHistEntry 20 }

   cikeTunHistTotalRefreshes OBJECT-TYPE
      SYNTAX Counter32
      UNITS "QM Exchanges"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of security associations 
         refreshes performed."
      ::= { cikeTunnelHistEntry 21 }

   cikeTunHistTotalSas       OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SAs"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of security associations 
         used during the
          life of the IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 22 }


   cikeTunHistInOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets 
         received by this IPsec Phase-1
          IKE Tunnel."
      ::= { cikeTunnelHistEntry 23 }

   cikeTunHistInPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets received 
         by this IPsec Phase-1
          IKE Tunnel."
      ::= { cikeTunnelHistEntry 24 }

   cikeTunHistInDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped 
         by this IPsec Phase-1
          IKE Tunnel during receive processing."
      ::= { cikeTunnelHistEntry 25 }

   cikeTunHistInNotifys OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of notifys received 
         by this IPsec Phase-1
          IKE Tunnel."
      ::= { cikeTunnelHistEntry 26 }

   cikeTunHistInP2Exchgs OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 
         exchanges received by
          this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 27 }

   cikeTunHistInP2ExchgInvalids OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 
         exchanges received and
          found to be invalid by this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 28 }

   cikeTunHistInP2ExchgRejects OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 
         exchanges received and
          rejected by this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 29 }

   cikeTunHistInP2SaDelRequests OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 security association
          delete requests received by this IPsec 
          Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 30 }

   cikeTunHistOutOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets sent by this IPsec Phase-1
          IKE Tunnel."
      ::= { cikeTunnelHistEntry 31 }

   cikeTunHistOutPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets sent by this IPsec Phase-1
          IKE Tunnel."
      ::= { cikeTunnelHistEntry 32 }

   cikeTunHistOutDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped 
         by this IPsec Phase-1
          IKE Tunnel during send processing."
      ::= { cikeTunnelHistEntry 33 }

   cikeTunHistOutNotifys OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of notifys sent by this IPsec Phase-1
          IKE Tunnel."
      ::= { cikeTunnelHistEntry 34 }

   cikeTunHistOutP2Exchgs OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges sent by
          this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 35 }

   cikeTunHistOutP2ExchgInvalids OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges sent and
          found to be invalid by this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 36 }

   cikeTunHistOutP2ExchgRejects OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SA Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 exchanges sent and
          rejected by this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 37 }

   cikeTunHistOutP2SaDelRequests OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Notification Payloads"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of IPsec Phase-2 security association
          delete requests sent by this IPsec Phase-1 IKE Tunnel."
      ::= { cikeTunnelHistEntry 38 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel History Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecTunnelHistTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CipSecTunnelHistEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-2 Tunnel History Table.
          This table is implemented as a sliding 
          window in which only the
          last n entries are maintained.  The maximum number 
          of entries
          is specified by the cipSecHistTableSize object."
      ::= { cipSecHistPhaseTwo 1 }

   cipSecTunnelHistEntry OBJECT-TYPE
      SYNTAX CipSecTunnelHistEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "Each entry contains the attributes associated with
          a previously active IPsec Phase-2 Tunnel."
      INDEX { cipSecTunHistIndex }
      ::= { cipSecTunnelHistTable 1 }

   CipSecTunnelHistEntry ::= SEQUENCE {
      cipSecTunHistIndex                Integer32,
      cipSecTunHistTermReason           INTEGER,
      cipSecTunHistActiveIndex          Integer32,
      cipSecTunHistIkeTunnelIndex       Integer32,
      cipSecTunHistLocalAddr            IPSIpAddress,
      cipSecTunHistRemoteAddr           IPSIpAddress,
      cipSecTunHistKeyType              KeyType,
      cipSecTunHistEncapMode            EncapMode,
      cipSecTunHistLifeSize             Integer32,
      cipSecTunHistLifeTime             Integer32,
      cipSecTunHistStartTime            TimeStamp,
      cipSecTunHistActiveTime           TimeInterval,
      cipSecTunHistTotalRefreshes       Counter32,
      cipSecTunHistTotalSas             Counter32,
      cipSecTunHistInSaDiffHellmanGrp   DiffHellmanGrp,
      cipSecTunHistInSaEncryptAlgo      EncryptAlgo,
      cipSecTunHistInSaAhAuthAlgo       AuthAlgo,
      cipSecTunHistInSaEspAuthAlgo      AuthAlgo,
      cipSecTunHistInSaDecompAlgo       CompAlgo,
      cipSecTunHistOutSaDiffHellmanGrp  DiffHellmanGrp,
      cipSecTunHistOutSaEncryptAlgo     EncryptAlgo,
      cipSecTunHistOutSaAhAuthAlgo      AuthAlgo,
      cipSecTunHistOutSaEspAuthAlgo     AuthAlgo,
      cipSecTunHistOutSaCompAlgo        CompAlgo,
      cipSecTunHistInOctets             Counter32,
      cipSecTunHistHcInOctets           Counter64,
      cipSecTunHistInOctWraps           Counter32,
      cipSecTunHistInDecompOctets       Counter32,
      cipSecTunHistHcInDecompOctets     Counter64,
      cipSecTunHistInDecompOctWraps     Counter32,
      cipSecTunHistInPkts               Counter32,
      cipSecTunHistInReplayDropPkts     Counter32,
      cipSecTunHistInDropPkts           Counter32,
      cipSecTunHistInAuths              Counter32,
      cipSecTunHistInAuthFails          Counter32,
      cipSecTunHistInDecrypts           Counter32,
      cipSecTunHistInDecryptFails       Counter32,
      cipSecTunHistOutOctets            Counter32,
      cipSecTunHistHcOutOctets          Counter64,
      cipSecTunHistOutOctWraps          Counter32,
      cipSecTunHistOutUncompOctets      Counter32,
      cipSecTunHistHcOutUncompOctets    Counter64,
      cipSecTunHistOutUncompOctWraps    Counter32,
      cipSecTunHistOutPkts              Counter32,
      cipSecTunHistOutDropPkts          Counter32,
      cipSecTunHistOutAuths             Counter32,
      cipSecTunHistOutAuthFails         Counter32,
      cipSecTunHistOutEncrypts          Counter32,
      cipSecTunHistOutEncryptFails      Counter32
   }

   cipSecTunHistIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The index of the IPsec Phase-2 Tunnel History Table.
          The value of the index is a number which 
          begins at one and is incremented with each tunnel 
          that ends. The value
          of this object will wrap at 2,147,483,647."
      ::= { cipSecTunnelHistEntry 1 }

   cipSecTunHistTermReason  OBJECT-TYPE
      SYNTAX INTEGER {
                other(1),
                normal(2),
                operRequest(3),
                peerDelRequest(4),
                peerLost(5),
                seqNumRollOver(6),
                checkPointReq(7)
             }
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The reason the IPsec Phase-2 Tunnel was terminated.
          Possible reasons include:
          1 = other
          2 = normal termination
          3 = operator request
          4 = peer delete request was received
          5 = contact with peer was lost
          6 = local failure occurred
          7 = operator initiated check point request"
      ::= { cipSecTunnelHistEntry 2 }

   cipSecTunHistActiveIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The index of the previously active 
         IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 3 }

   cipSecTunHistIkeTunnelIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The index of the associated IPsec Phase-1 Tunnel
          (cikeTunIndex in the cikeTunnelTable)."
      ::= { cipSecTunnelHistEntry 4 }

   cipSecTunHistLocalAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the local endpoint for the IPsec
          Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 5 }

   cipSecTunHistRemoteAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the remote endpoint for the IPsec
          Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 6 }

   cipSecTunHistKeyType OBJECT-TYPE
      SYNTAX KeyType
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of key used by the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 7 }

   cipSecTunHistEncapMode OBJECT-TYPE
      SYNTAX EncapMode
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The encapsulation mode used by the 
         IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 8 }

   cipSecTunHistLifeSize OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      UNITS "KBytes"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The negotiated LifeSize of the IPsec Phase-2 Tunnel in
          kilobytes."
      ::= { cipSecTunnelHistEntry 9 }

   cipSecTunHistLifeTime OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      UNITS "Seconds"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The negotiated LifeTime of the IPsec Phase-2 Tunnel in
          seconds."
      ::= { cipSecTunnelHistEntry 10 }

   cipSecTunHistStartTime OBJECT-TYPE
      SYNTAX TimeStamp
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of sysUpTime in hundredths of seconds
         when the IPsec Phase-2 Tunnel was started."
      ::= { cipSecTunnelHistEntry 11 }

   cipSecTunHistActiveTime OBJECT-TYPE
      SYNTAX TimeInterval
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The length of time the IPsec Phase-2 Tunnel has been
          active in hundredths of seconds."
      ::= { cipSecTunnelHistEntry 12 }

   cipSecTunHistTotalRefreshes OBJECT-TYPE
      SYNTAX Counter32
      UNITS "QM Exchanges"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of security association refreshes 
         performed."
      ::= { cipSecTunnelHistEntry 13 }

   cipSecTunHistTotalSas OBJECT-TYPE
      SYNTAX Counter32
      UNITS "SAs"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of security associations used 
         during the
          life of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 14 }

   cipSecTunHistInSaDiffHellmanGrp OBJECT-TYPE
      SYNTAX DiffHellmanGrp
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The Diffie Hellman Group used by the inbound security
          association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 15 }

   cipSecTunHistInSaEncryptAlgo OBJECT-TYPE
      SYNTAX EncryptAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The encryption algorithm used by the inbound security
          association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 16 }

   cipSecTunHistInSaAhAuthAlgo OBJECT-TYPE
      SYNTAX AuthAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The authentication algorithm used by the inbound
          authentication header (AH) security association of
          the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 17 }

   cipSecTunHistInSaEspAuthAlgo OBJECT-TYPE
      SYNTAX AuthAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The authentication algorithm used by the inbound
          encapsulation security protocol (ESP) 
          security association of
          the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 18 }

   cipSecTunHistInSaDecompAlgo OBJECT-TYPE
      SYNTAX CompAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The decompression algorithm used by the inbound
          security association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 19 }

   cipSecTunHistOutSaDiffHellmanGrp OBJECT-TYPE
      SYNTAX DiffHellmanGrp
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The Diffie Hellman Group used by the outbound security
          association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 20 }

   cipSecTunHistOutSaEncryptAlgo OBJECT-TYPE
      SYNTAX EncryptAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The encryption algorithm used by the outbound security
          association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 21 }

   cipSecTunHistOutSaAhAuthAlgo OBJECT-TYPE
      SYNTAX AuthAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The authentication algorithm used by the outbound
          authentication header (AH) security association of
          the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 22 }

   cipSecTunHistOutSaEspAuthAlgo OBJECT-TYPE
      SYNTAX AuthAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The authentication algorithm used by the inbound
          ecapsulation security protocol (ESP) 
          security association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 23 }

   cipSecTunHistOutSaCompAlgo OBJECT-TYPE
      SYNTAX CompAlgo
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The compression algorithm used by the inbound
          security association of the IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 24 }

   cipSecTunHistInOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets received by this IPsec
          Phase-2 Tunnel.  This value is accumulated
          BEFORE determining whether or not the packet should 
          be decompressed.  See also cipSecTunInOctWraps for 
          the number of times this counter has wrapped."
      ::= { cipSecTunnelHistEntry 25 }

   cipSecTunHistHcInOctets OBJECT-TYPE
      SYNTAX Counter64
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total number of octets
          received by this IPsec Phase-2 Tunnel.  This value is
          accumulated BEFORE determining whether or not 
          the packet should be decompressed."
      ::= { cipSecTunnelHistEntry 26 }

   cipSecTunHistInOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the octets received counter
          (cipSecTunInOctets) has wrapped."
      ::= { cipSecTunnelHistEntry 27 }

   cipSecTunHistInDecompOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of decompressed octets received by this
          IPsec Phase-2 Tunnel.  This value is accumulated AFTER
          the packet is decompressed. If compression is not being
          used, this value will match the value of cipSecTunInOctets.
          See also cipSecTunInDecompOctWraps for the number of times
          this counter has wrapped."
      ::= { cipSecTunnelHistEntry 28 }

   cipSecTunHistHcInDecompOctets OBJECT-TYPE
      SYNTAX Counter64
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total number of decompressed
          octets received by this IPsec Phase-2 Tunnel.  This value
          is accumulated AFTER the packet is decompressed. If
          compression is not being used, this value will match the
          value of cipSecTunHcInOctets."
      ::= { cipSecTunnelHistEntry 29 }

   cipSecTunHistInDecompOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the decompressed octets 
         received counter (cipSecTunInDecompOctets) has wrapped."
      ::= { cipSecTunnelHistEntry 30 }

   cipSecTunHistInPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets received by this 
         IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 31 }

   cipSecTunHistInDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped during 
         receive processing by this IPsec Phase-2 Tunnel. 
         This count does NOT include packets
          dropped due to Anti-Replay processing."
      ::= { cipSecTunnelHistEntry 32 }

   cipSecTunHistInReplayDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped during 
         receive processing due to Anti-Replay processing 
         by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 33 }

   cipSecTunHistInAuths OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Events"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound authentication's 
         performed
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 34 }

   cipSecTunHistInAuthFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound authentication's 
         which ended in
          failure by this IPsec Phase-2 Tunnel ."
      ::= { cipSecTunnelHistEntry 35 }

   cipSecTunHistInDecrypts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound decryption's performed
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 36 }

   cipSecTunHistInDecryptFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of inbound decryption's 
         which ended in failure
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 37 }

   cipSecTunHistOutOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of octets sent by this IPsec
          Phase-2 Tunnel.  This value is accumulated
          AFTER determining whether or not the 
          packet should be
          compressed.  See also cipSecTunOutOctWraps for the
          number of times this counter has wrapped."
      ::= { cipSecTunnelHistEntry 38 }

   cipSecTunHistHcOutOctets OBJECT-TYPE
      SYNTAX Counter64
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total number of octets
          sent by this IPsec Phase-2 Tunnel.  This value 
          is accumulated AFTER determining whether or not 
          the packet should be
          compressed."
      ::= { cipSecTunnelHistEntry 39 }

   cipSecTunHistOutOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the octets sent counter
          (cipSecTunOutOctets) has wrapped."
      ::= { cipSecTunnelHistEntry 40 }

   cipSecTunHistOutUncompOctets OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of uncompressed octets sent by this
          IPsec Phase-2 Tunnel.  This value is accumulated BEFORE
          the packet is compressed. If compression is not being
          used, this value will match the value of 
          cipSecTunOutOctets.  See also 
          cipSecTunOutDecompOctWraps for the number of times
          this counter has wrapped."
      ::= { cipSecTunnelHistEntry 41 }

   cipSecTunHistHcOutUncompOctets OBJECT-TYPE
      SYNTAX Counter64
      UNITS "Octets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "A high capacity count of the total 
         number of uncompressed octets sent by this 
         IPsec Phase-2 Tunnel.  This value is accumulated 
         BEFORE the packet is compressed. If compression
          is not being used, this value will match the value of
          cipSecTunHcOutOctets."
      ::= { cipSecTunnelHistEntry 42 }

   cipSecTunHistOutUncompOctWraps OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Integral units"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The number of times the uncompressed octets sent counter
          (cipSecTunOutUncompOctets) has wrapped."
      ::= { cipSecTunnelHistEntry 43 }

   cipSecTunHistOutPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets sent by this 
         IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 44 }

   cipSecTunHistOutDropPkts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of packets dropped 
         during send processing
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 45 }

   cipSecTunHistOutAuths OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Events"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound authentication's performed
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 46 }

   cipSecTunHistOutAuthFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound authentication's 
         which ended in
          failure by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 47 }

   cipSecTunHistOutEncrypts OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Packets"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound encryption's performed
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 48 }

   cipSecTunHistOutEncryptFails OBJECT-TYPE
      SYNTAX Counter32
      UNITS "Failures"
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The total number of outbound encryption's 
         which ended in failure
          by this IPsec Phase-2 Tunnel."
      ::= { cipSecTunnelHistEntry 49 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel Endpoint History Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecEndPtHistTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CipSecEndPtHistEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-2 Tunnel Endpoint History Table.
          This table is implemented as a 
          sliding window in which only the
          last n entries are maintained.  
          The maximum number of entries
          is specified by the cipSecHistTableSize object."
      ::= { cipSecHistPhaseTwo 2 }

   cipSecEndPtHistEntry OBJECT-TYPE
      SYNTAX CipSecEndPtHistEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "Each entry contains the attributes associated with
          a previously active IPsec Phase-2 Tunnel Endpoint."
      INDEX { cipSecEndPtHistIndex }
      ::= { cipSecEndPtHistTable 1 }

   CipSecEndPtHistEntry ::= SEQUENCE {
      cipSecEndPtHistIndex                Integer32,
      cipSecEndPtHistTunIndex             Integer32,
      cipSecEndPtHistActiveIndex          Integer32,
      cipSecEndPtHistLocalName            DisplayString,
      cipSecEndPtHistLocalType            EndPtType,
      cipSecEndPtHistLocalAddr1           IPSIpAddress,
      cipSecEndPtHistLocalAddr2           IPSIpAddress,
      cipSecEndPtHistLocalProtocol        Integer32,
      cipSecEndPtHistLocalPort            Integer32,
      cipSecEndPtHistRemoteName           DisplayString,
      cipSecEndPtHistRemoteType           EndPtType,
      cipSecEndPtHistRemoteAddr1          IPSIpAddress,
      cipSecEndPtHistRemoteAddr2          IPSIpAddress,
      cipSecEndPtHistRemoteProtocol       Integer32,
      cipSecEndPtHistRemotePort           Integer32
   }

   cipSecEndPtHistIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The number of the previously active 
         Endpoint associated
          with a IPsec Phase-2 Tunnel Table.  The value 
          of this index is a number which begins at 
          one and is incremented with each Endpoint 
          associated with an IPsec Phase-2 Tunnel.
          The value of this object will wrap at 2,147,483,647."
      ::= { cipSecEndPtHistEntry 1 }

   cipSecEndPtHistTunIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The index  of the previously active IPsec 
         Phase-2 Tunnel Table."
      ::= { cipSecEndPtHistEntry 2 }

   cipSecEndPtHistActiveIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The index  of the previously active Endpoint."
      ::= { cipSecEndPtHistEntry 3 }

   cipSecEndPtHistLocalName OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The DNS name of the local Endpoint."
      ::= { cipSecEndPtHistEntry 4 }

   cipSecEndPtHistLocalType OBJECT-TYPE
      SYNTAX EndPtType
             --INTEGER {
                --singleIpAddr(1),
                --ipAddrRange(2),
                --ipSubnet(3)
             --}
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of identity for the local Endpoint.
          Possible values are:
          1) a single IP address, or
          2) an IP address range, or
          3) an IP subnet."
      ::= { cipSecEndPtHistEntry 5 }

   cipSecEndPtHistLocalAddr1 OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
        "The local Endpoint's first IP address specification.

         If the local Endpoint type is single IP address, 
         then this is the value of the IP address.

         If the local Endpoint type is IP subnet, then this
         is the value of the subnet.

         If the local Endpoint type is IP address range, 
         then this is the value of beginning IP address of 
         the range."
      ::= { cipSecEndPtHistEntry 6 }

   cipSecEndPtHistLocalAddr2 OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
        "The local Endpoint's second IP address specification.

         If the local Endpoint type is single IP address, 
         then this is the value of the IP address.

         If the local Endpoint type is IP subnet, then this
         is the value of the subnet mask.

         If the local Endpoint type is IP address range, 
         then this
         is the value of ending IP address of the range."
      ::= { cipSecEndPtHistEntry 7 }

   cipSecEndPtHistLocalProtocol OBJECT-TYPE
      SYNTAX Integer32 (0..255)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The protocol number of the local Endpoint's traffic."
      ::= { cipSecEndPtHistEntry 8 }

   cipSecEndPtHistLocalPort OBJECT-TYPE
      SYNTAX Integer32 (0..65535)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The port number of the local Endpoint's traffic."
      ::= { cipSecEndPtHistEntry 9 }

   cipSecEndPtHistRemoteName OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The DNS name of the remote Endpoint."
      ::= { cipSecEndPtHistEntry 10 }

   cipSecEndPtHistRemoteType OBJECT-TYPE
      SYNTAX EndPtType
             --INTEGER {
                --singleIpAddr(1),
                --ipAddrRange(2),
                --ipSubnet(3)
             --}
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of identity for the remote Endpoint.
          Possible values are:
          1) a single IP address, or
          2) an IP address range, or
          3) an IP subnet."
      ::= { cipSecEndPtHistEntry 11 }

   cipSecEndPtHistRemoteAddr1 OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
        "The remote Endpoint's first IP address specification.

         If the remote Endpoint type is single IP address, 
         then this
         is the value of the IP address.

         If the remote Endpoint type is IP subnet, then this
         is the value of the subnet.

         If the remote Endpoint type is IP address range, 
         then this
         is the value of beginning IP address of the range."
      ::= { cipSecEndPtHistEntry 12 }

   cipSecEndPtHistRemoteAddr2 OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
        "The remote Endpoint's second IP address specification.

         If the remote Endpoint type is single IP address, 
         then this
         is the value of the IP address.

         If the remote Endpoint type is IP subnet, then this
         is the value of the subnet mask.

         If the remote Endpoint type is IP address range, 
         then this
         is the value of ending IP address of the range."
      ::= { cipSecEndPtHistEntry 13 }

   cipSecEndPtHistRemoteProtocol OBJECT-TYPE
      SYNTAX Integer32 (0..255)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The protocol number of the remote Endpoint's traffic."
      ::= { cipSecEndPtHistEntry 14 }

   cipSecEndPtHistRemotePort OBJECT-TYPE
      SYNTAX Integer32 (0..65535)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The port number of the remote Endpoint's traffic."
      ::= { cipSecEndPtHistEntry 15 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Failure Group
--
-- This group consists of a:
-- 1) IPsec Failure Global Objects
-- 2) IPsec Phase-1 Tunnel Failure Table
-- 3) IPsec Phase-2 Tunnel Failure Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecFailGlobal         OBJECT IDENTIFIER 
                   ::= { cipSecFailures 1 }
   cipSecFailPhaseOne       OBJECT IDENTIFIER 
                   ::= { cipSecFailures 2 }
   cipSecFailPhaseTwo       OBJECT IDENTIFIER 
                   ::= { cipSecFailures 3 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Failure Global Control Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecFailGlobalCntl  OBJECT IDENTIFIER    
                   ::= { cipSecFailGlobal 1 }

   cipSecFailTableSize  OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "The window size of the IPsec Phase-1 and Phase-2
          Failure Tables.

          The IPsec Phase-1 and Phase-2 Failure Tables are
          implemented as a sliding window in which only the
          last n entries are maintained.  This object is used
          specify the number of entries which will be 
          maintained in the IPsec Phase-1 and Phase-2 Failure 
          Tables.

          An implementation may choose suitable minimum and 
          maximum values for this element based on the local 
          policy and available resources. If an SNMP SET request 
          specifies a value outside this window for this element, 
          a BAD VALUE may be returned."

      ::= { cipSecFailGlobalCntl 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Failure Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cikeFailTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CikeFailEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-1 Failure Table.
          This table is implemented as a sliding 
          window in which only the last n entries are 
          maintained.  The maximum number of entries
          is specified by the cipSecFailTableSize object."
      ::= { cipSecFailPhaseOne 1 }

   cikeFailEntry OBJECT-TYPE
      SYNTAX CikeFailEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
            "Each entry contains the attributes associated 
            with
             an IPsec Phase-1 failure."
      INDEX { cikeFailIndex }
      ::= { cikeFailTable 1 }

   CikeFailEntry ::= SEQUENCE {
      cikeFailIndex                Integer32,
      cikeFailReason               INTEGER,
      cikeFailTime                 TimeStamp,
      cikeFailLocalType            IkePeerType,
      cikeFailLocalValue           DisplayString,
      cikeFailRemoteType           IkePeerType,
      cikeFailRemoteValue          DisplayString,
      cikeFailLocalAddr            IPSIpAddress,
      cikeFailRemoteAddr           IPSIpAddress
   }

   cikeFailIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-1 Failure Table index.
          The value of the index is a number which 
          begins at one and is incremented with each 
          IPsec Phase-1 failure. The value
          of this object will wrap at 2,147,483,647."
      ::= { cikeFailEntry 1 }

   cikeFailReason OBJECT-TYPE
      SYNTAX INTEGER{
               other(1),
               peerDelRequest(2),
               peerLost(3),
               localFailure(4),
               authFailure(5),
               hashValidation(6),
               encryptFailure(7),
               internalError(8),
               sysCapExceeded(9),  
               proposalFailure(10),
               peerCertUnavailable(11),
               peerCertNotValid(12),
               localCertExpired(13),
               crlFailure(14),
               peerEncodingError(15),
               nonExistentSa(16),
               operRequest(17)
             }
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The reason for the failure.  Possible reasons include:
           1 = other
           2 = peer delete request was received
           3 = contact with peer was lost
           4 = local failure occurred
           5 = authentication failure
           6 = hash validation failure
           7 = encryption failure
           8 = internal error occurred
           9 = system capacity failure
          10 = proposal failure
          11 = peer's certificate is unavailable
          12 = peer's certificate was found invalid
          13 = local certificate expired
          14 = certificate revoke list (crl) failure
          15 = peer encoding error
          16 = non-existent security association
          17 = operator requested termination."
      ::= { cikeFailEntry 2 }

   cikeFailTime OBJECT-TYPE
      SYNTAX TimeStamp
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of sysUpTime in hundredths of seconds
         at the time of the failure."
      ::= { cikeFailEntry 3 }

   cikeFailLocalType OBJECT-TYPE
      SYNTAX IkePeerType
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of local peer identity.  The local peer 
         may be indentified by:
          1. an IP address, or
          2. a host name."
      ::= { cikeFailEntry 4 }

   cikeFailLocalValue OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of the local peer identity.

          If the local peer type is an IP Address, then this
          is the IP Address used to identify the local peer.

          If the local peer type is a host name, then this is
          the host name used to identify the local peer."
      ::= { cikeFailEntry 5 }

   cikeFailRemoteType OBJECT-TYPE
      SYNTAX IkePeerType
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The type of remote peer identity.  The remote 
         peer may be identified by:
          1. an IP address, or
          2. a host name."
      ::= { cikeFailEntry 6 }

   cikeFailRemoteValue OBJECT-TYPE
      SYNTAX DisplayString
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of the remote peer identity.

          If the remote peer type is an IP Address, then this
          is the IP Address used to identify the remote peer.

          If the remote peer type is a host name, then this is
          the host name used to identify the remote peer."
      ::= { cikeFailEntry 7 }

   cikeFailLocalAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the local peer."
      ::= { cikeFailEntry 8 }

   cikeFailRemoteAddr OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The IP address of the remote peer."
      ::= { cikeFailEntry 9 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Failure Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecFailTable OBJECT-TYPE
      SYNTAX SEQUENCE OF CipSecFailEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-2 Failure Table.
          This table is implemented as a sliding window 
          in which only the last n entries are maintained.  
          The maximum number of entries
          is specified by the cipSecFailTableSize object."
      ::= { cipSecFailPhaseTwo 1 }

   cipSecFailEntry OBJECT-TYPE
      SYNTAX CipSecFailEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "Each entry contains the attributes associated with
          an IPsec Phase-1 failure."
      INDEX { cipSecFailIndex }
      ::= { cipSecFailTable 1 }

   CipSecFailEntry ::= SEQUENCE {
      cipSecFailIndex                Integer32,
      cipSecFailReason               INTEGER,
      cipSecFailTime                 TimeStamp,
      cipSecFailTunnelIndex          Integer32,
      cipSecFailSaSpi                Integer32,
      cipSecFailPktSrcAddr           IPSIpAddress,
      cipSecFailPktDstAddr           IPSIpAddress
   }

   cipSecFailIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
         "The IPsec Phase-2 Failure Table index.
          The value of the index is a number which 
          begins at one and is incremented with each 
          IPsec Phase-1 failure. The value
          of this object will wrap at 2,147,483,647."
      ::= { cipSecFailEntry 1 }

   cipSecFailReason OBJECT-TYPE
      SYNTAX INTEGER{
               other(1),
               internalError(2),
               peerEncodingError(3),
               proposalFailure(4),
               protocolUseFail(5),
               nonExistentSa(6),
               decryptFailure(7),
               encryptFailure(8),
               inAuthFailure(9),
               outAuthFailure(10),
               compression(11),
               sysCapExceeded(12),
               peerDelRequest(13),
               peerLost(14),
               seqNumRollOver(15),
               operRequest(16)
             }
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The reason for the failure.  Possible reasons 
         include:
           1 = other
           2 = internal error occurred
           3 = peer encoding error
           4 = proposal failure
           5 = protocol use failure
           6 = non-existent security association
           7 = decryption failure
           8 = encryption failure
           9 = inbound authentication failure
          10 = outbound authentication failure
          11 = compression failure
          12 = system capacity failure
          13 = peer delete request was received
          14 = contact with peer was lost
          15 = sequence number rolled over
          16 = operator requested termination."
      ::= { cipSecFailEntry 2 }

   cipSecFailTime OBJECT-TYPE
      SYNTAX TimeStamp
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The value of sysUpTime in hundredths of seconds
         at the time of the failure."
      ::= { cipSecFailEntry 3 }

   cipSecFailTunnelIndex OBJECT-TYPE
      SYNTAX Integer32 (1..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The Phase-2 Tunnel index (cipSecTunIndex)."
      ::= { cipSecFailEntry 4 }

   cipSecFailSaSpi  OBJECT-TYPE
      SYNTAX Integer32 (0..2147483647)
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The security association SPI value."
      ::= { cipSecFailEntry 5 }

   cipSecFailPktSrcAddr  OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The packet's source IP address."
      ::= { cipSecFailEntry 6 }

   cipSecFailPktDstAddr  OBJECT-TYPE
      SYNTAX IPSIpAddress
      MAX-ACCESS read-only
      STATUS current
      DESCRIPTION
         "The packet's destination IP address."
      ::= { cipSecFailEntry 7 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec TRAP Control Group
--
-- This group of objects controls the sending of IPsec TRAPs.
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecTrapCntlIkeTunnelStart OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative state of 
         sending the IPsec IKE Phase-1 Tunnel Start TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 1 }

   cipSecTrapCntlIkeTunnelStop OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative state 
         of sending the
          IPsec IKE Phase-1 Tunnel Stop TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 2 }

   cipSecTrapCntlIkeSysFailure OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative state 
         of sending the
          IPsec IKE Phase-1 System Failure TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 3 }

   cipSecTrapCntlIkeCertCrlFailure OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative 
         state of sending the
          IPsec IKE Phase-1 Certificate/CRL Failure TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 4 }

   cipSecTrapCntlIkeProtocolFail OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative 
         state of sending the
          IPsec IKE Phase-1 Protocol Failure TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 5 }

   cipSecTrapCntlIkeNoSa OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative 
         state of sending the
          IPsec IKE Phase-1 No Security Association TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 6 }

   cipSecTrapCntlIpSecTunnelStart OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative state 
         of sending the IPsec
          Phase-2 Tunnel Start TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 7 }

   cipSecTrapCntlIpSecTunnelStop OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative 
         state of sending the IPsec
          Phase-2 Tunnel Stop TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 8 }

   cipSecTrapCntlIpSecSysFailure OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative state 
         of sending the IPsec
          Phase-2 System Failure TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 9 }

   cipSecTrapCntlIpSecSetUpFailure OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative state 
         of sending the IPsec
          Phase-2 Set Up Failure TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 10 }

   cipSecTrapCntlIpSecEarlyTunTerm OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative state 
         of sending the IPsec
          Phase-2 Early Tunnel Termination TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 11 }

   cipSecTrapCntlIpSecProtocolFail OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative state 
         of sending the IPsec
          Phase-2 Protocol Failure TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 12 }

   cipSecTrapCntlIpSecNoSa OBJECT-TYPE
      SYNTAX TrapStatus
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION
         "This object defines the administrative state 
         of sending the IPsec
          Phase-2  No Security Association TRAP "
      DEFVAL { disabled }
      ::= { cipSecTrapCntl 13 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Notifications - TRAPs
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++

   cipSecMIBNotificationPrefix   OBJECT IDENTIFIER  
              ::= {ciscoIpSecFlowMonitorMIB 2}

   cipSecMIBNotifications   OBJECT IDENTIFIER  
              ::= { cipSecMIBNotificationPrefix   0}

   cikeTunnelStart NOTIFICATION-TYPE
      OBJECTS {
                cikePeerLocalAddr,
                cikePeerRemoteAddr,
                cikeTunLifeTime
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when an IPsec Phase-1
          IKE Tunnel becomes active."
      ::= { cipSecMIBNotifications 1 }

   cikeTunnelStop NOTIFICATION-TYPE
      OBJECTS {
                cikePeerLocalAddr,
                cikePeerRemoteAddr,
                cikeTunActiveTime
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when an IPsec Phase-1
          IKE Tunnel becomes inactive."
      ::= { cipSecMIBNotifications 2 }

   cikeSysFailure NOTIFICATION-TYPE
      OBJECTS {
                cikePeerLocalAddr,
                cikePeerRemoteAddr
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when the processing for
          an IPsec Phase-1 IKE Tunnel experiences an internal
          or system capacity error."
      ::= { cipSecMIBNotifications 3 }

   cikeCertCrlFailure NOTIFICATION-TYPE
      OBJECTS {
                cikePeerLocalAddr,
                cikePeerRemoteAddr
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when the processing for
          an IPsec Phase-1 IKE Tunnel experiences a Certificate
          or a Certificate Revoke List (CRL) related error."
      ::= { cipSecMIBNotifications 4 }

   cikeProtocolFailure NOTIFICATION-TYPE
      OBJECTS {
                cikePeerLocalAddr,
                cikePeerRemoteAddr
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when the processing for
          an IPsec Phase-1 IKE Tunnel experiences a protocol
          related error."
      ::= { cipSecMIBNotifications 5 }

   cikeNoSa NOTIFICATION-TYPE
      OBJECTS {
                cikePeerLocalAddr,
                cikePeerRemoteAddr
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when the processing for
          an IPsec Phase-1 IKE Tunnel experiences a non-existent
          security association error."
      ::= { cipSecMIBNotifications 6 }

   cipSecTunnelStart NOTIFICATION-TYPE
      OBJECTS {
                cipSecTunLifeTime,
                cipSecTunLifeSize
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when an IPsec Phase-2
          Tunnel becomes active."
       ::= { cipSecMIBNotifications 7 }

   cipSecTunnelStop NOTIFICATION-TYPE
      OBJECTS {
                cipSecTunActiveTime
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when an IPsec Phase-2
          Tunnel becomes inactive."
      ::= { cipSecMIBNotifications 8 }

   cipSecSysFailure NOTIFICATION-TYPE
      OBJECTS {
                cikePeerLocalAddr,
                cikePeerRemoteAddr,
                cipSecTunActiveTime,
                cipSecSpiProtocol
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when the processing for
          an IPsec Phase-2 Tunnel experiences an internal
          or system capacity error."
      ::= { cipSecMIBNotifications 9 }

   cipSecSetUpFailure NOTIFICATION-TYPE
      OBJECTS {
                cikePeerLocalAddr,
                cikePeerRemoteAddr
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when the setup for
          an IPsec Phase-2 Tunnel fails."
      ::= { cipSecMIBNotifications 10 }

   cipSecEarlyTunTerm NOTIFICATION-TYPE
      OBJECTS {
                cipSecTunActiveTime,
                cipSecSpiProtocol
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when an an IPsec Phase-2
          Tunnel is terminated earily or before expected."
      ::= { cipSecMIBNotifications 11 }

   cipSecProtocolFailure NOTIFICATION-TYPE
      OBJECTS {
                cipSecTunActiveTime,
                cipSecSpiProtocol
              }
      STATUS  current
      DESCRIPTION
         "This notification is generated when the processing for
          an IPsec Phase-2 Tunnel experiences a protocol
          related error."
      ::= { cipSecMIBNotifications 12 }

   cipSecNoSa NOTIFICATION-TYPE
      STATUS  current
      DESCRIPTION
         "This notification is generated when the processing for
          an IPsec Phase-2 Tunnel experiences a non-existent
          security association error."
      ::= { cipSecMIBNotifications 13 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Conformance Information
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecMIBConformance   OBJECT IDENTIFIER 
                   ::= { ciscoIpSecFlowMonitorMIB 3 }

   cipSecMIBGroups        OBJECT IDENTIFIER 
                   ::= { cipSecMIBConformance 1 }
   cipSecMIBCompliances   OBJECT IDENTIFIER 
                   ::= { cipSecMIBConformance 2 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Compliance Statements
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecMIBCompliance       MODULE-COMPLIANCE
      STATUS      current
      DESCRIPTION
        "The compliance statement for SNMP entities
         the IP Security Protocol."

      MODULE -- this module
        MANDATORY-GROUPS  { cipSecLevelsGroup,
                            cipSecPhaseOneGroup,
                            cipSecPhaseTwoGroup
                          }

        OBJECT   cikeTunStatus
        MIN-ACCESS read-only
        DESCRIPTION
          "Write access is not required."

        OBJECT   cipSecTunStatus
        MIN-ACCESS read-only
        DESCRIPTION
          "Write access is not required."

        ::= { cipSecMIBCompliances 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Units of Conformance
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
   cipSecLevelsGroup OBJECT-GROUP
      OBJECTS {
                cipSecMibLevel
              }
      STATUS current
      DESCRIPTION
         "This group consists of a:
          1) IPsec MIB Level"
      ::= { cipSecMIBGroups 1 }

   cipSecPhaseOneGroup OBJECT-GROUP
      OBJECTS {
                -- The IPsec Phase-1 Global Statistics
                cikeGlobalActiveTunnels,
                cikeGlobalPreviousTunnels,
                cikeGlobalInOctets,
                cikeGlobalInPkts,
                cikeGlobalInDropPkts,
                cikeGlobalInNotifys,
                cikeGlobalInP2Exchgs,
                cikeGlobalInP2ExchgInvalids,
                cikeGlobalInP2ExchgRejects,
                cikeGlobalInP2SaDelRequests,
                cikeGlobalOutOctets,
                cikeGlobalOutPkts,
                cikeGlobalOutDropPkts,
                cikeGlobalOutNotifys,
                cikeGlobalOutP2Exchgs,
                cikeGlobalOutP2ExchgInvalids,
                cikeGlobalOutP2ExchgRejects,
                cikeGlobalOutP2SaDelRequests,
                cikeGlobalInitTunnels,
                cikeGlobalInitTunnelFails,
                cikeGlobalRespTunnelFails,
                cikeGlobalSysCapFails,
                cikeGlobalAuthFails,
                cikeGlobalDecryptFails,
                cikeGlobalHashValidFails,
                cikeGlobalNoSaFails,

                -- The IPsec Phase-1 Internet Key Exchange 
                -- Peer Table
                cikePeerLocalAddr,
                cikePeerRemoteAddr,
                cikePeerActiveTime,
                cikePeerActiveTunnelIndex,

                -- The IPsec Phase-1 Internet Key Exchange 
                -- Tunnel Table
                cikeTunLocalType,
                cikeTunLocalValue,
                cikeTunLocalAddr,
                cikeTunLocalName,
                cikeTunRemoteType,
                cikeTunRemoteValue,
                cikeTunRemoteAddr,
                cikeTunRemoteName,
                cikeTunNegoMode,
                cikeTunDiffHellmanGrp,
                cikeTunEncryptAlgo,
                cikeTunHashAlgo,
                cikeTunAuthMethod,
                cikeTunLifeTime,
                cikeTunActiveTime,
                cikeTunSaRefreshThreshold,
                cikeTunTotalRefreshes,
                cikeTunInOctets,
                cikeTunInPkts,
                cikeTunInDropPkts,
                cikeTunInNotifys,
                cikeTunInP2Exchgs,
                cikeTunInP2ExchgInvalids,
                cikeTunInP2ExchgRejects,
                cikeTunInP2SaDelRequests,
                cikeTunOutOctets,
                cikeTunOutPkts,
                cikeTunOutDropPkts,
                cikeTunOutNotifys,
                cikeTunOutP2Exchgs,
                cikeTunOutP2ExchgInvalids,
                cikeTunOutP2ExchgRejects,
                cikeTunOutP2SaDelRequests,
                cikeTunStatus,

                -- The Internet Key Exchange Peer Association
  -- to Phase-2 Tunnel Correlation Table
  --
                -- cikePeerCorrLocalType,
                -- cikePeerCorrLocalValue,
                -- cikePeerCorrRemoteType,
                -- cikePeerCorrRemoteValue,
                -- cikePeerCorrIntIndex,
                -- cikePeerCorrSeqNum,
                cikePeerCorrIpSecTunIndex
              }
      STATUS current
      DESCRIPTION
         "This group consists of:
          1) IPsec Phase-1 Global Objects
          2) IPsec Phase-1 Peer Table
          3) IPsec Phase-1 Tunnel Table
          4) IPsec Phase-1 Correlation Table"
      ::= { cipSecMIBGroups 2 }

   cipSecPhaseTwoGroup OBJECT-GROUP
      OBJECTS {
                -- The IPsec Phase-2 Global Tunnel Statistics
                cipSecGlobalActiveTunnels,
                cipSecGlobalPreviousTunnels,
                cipSecGlobalInOctets,
                cipSecGlobalHcInOctets,
                cipSecGlobalInOctWraps,
                cipSecGlobalInDecompOctets,
                cipSecGlobalHcInDecompOctets,
                cipSecGlobalInDecompOctWraps,
                cipSecGlobalInPkts,
                cipSecGlobalInDrops,
                cipSecGlobalInReplayDrops,
                cipSecGlobalInAuths,
                cipSecGlobalInAuthFails,
                cipSecGlobalInDecrypts,
                cipSecGlobalInDecryptFails,
                cipSecGlobalOutOctets,
                cipSecGlobalHcOutOctets,
                cipSecGlobalOutOctWraps,
                cipSecGlobalOutUncompOctets,
                cipSecGlobalHcOutUncompOctets,
                cipSecGlobalOutUncompOctWraps,
                cipSecGlobalOutPkts,
                cipSecGlobalOutDrops,
                cipSecGlobalOutAuths,
                cipSecGlobalOutAuthFails,
                cipSecGlobalOutEncrypts,
                cipSecGlobalOutEncryptFails,
                cipSecGlobalProtocolUseFails,
                cipSecGlobalNoSaFails,
                cipSecGlobalSysCapFails,

                -- The IPsec Phase-2 Tunnel Table
                -- cipSecTunIndex,
                cipSecTunIkeTunnelIndex,
                cipSecTunIkeTunnelAlive,
                cipSecTunLocalAddr,
                cipSecTunRemoteAddr,
                cipSecTunKeyType,
                cipSecTunEncapMode,
                cipSecTunLifeSize,
                cipSecTunLifeTime,
                cipSecTunActiveTime,
                cipSecTunSaLifeSizeThreshold,
                cipSecTunSaLifeTimeThreshold,
                cipSecTunTotalRefreshes,
                cipSecTunExpiredSaInstances,
                cipSecTunCurrentSaInstances,
                cipSecTunInSaDiffHellmanGrp,
                cipSecTunInSaEncryptAlgo,
                cipSecTunInSaAhAuthAlgo,
                cipSecTunInSaEspAuthAlgo,
                cipSecTunInSaDecompAlgo,
                cipSecTunOutSaDiffHellmanGrp,
                cipSecTunOutSaEncryptAlgo,
                cipSecTunOutSaAhAuthAlgo,
                cipSecTunOutSaEspAuthAlgo,
                cipSecTunOutSaCompAlgo,
                cipSecTunInOctets,
                cipSecTunHcInOctets,
                cipSecTunInOctWraps,
                cipSecTunInDecompOctets,
                cipSecTunHcInDecompOctets,
                cipSecTunInDecompOctWraps,
                cipSecTunInPkts,
                cipSecTunInDropPkts,
                cipSecTunInReplayDropPkts,
                cipSecTunInAuths,
                cipSecTunInAuthFails,
                cipSecTunInDecrypts,
                cipSecTunInDecryptFails,
                cipSecTunOutOctets,
                cipSecTunHcOutOctets,
                cipSecTunOutOctWraps,
                cipSecTunOutUncompOctets,
                cipSecTunHcOutUncompOctets,
                cipSecTunOutUncompOctWraps,
                cipSecTunOutPkts,
                cipSecTunOutDropPkts,
                cipSecTunOutAuths,
                cipSecTunOutAuthFails,
                cipSecTunOutEncrypts,
                cipSecTunOutEncryptFails,
                cipSecTunStatus,

                -- The IPsec Phase-2 Tunnel Endpoint Table
                -- cipSecEndPtIndex,
                cipSecEndPtLocalName,
                cipSecEndPtLocalType,
                cipSecEndPtLocalAddr1,
                cipSecEndPtLocalAddr2,
                cipSecEndPtLocalProtocol,
                cipSecEndPtLocalPort,
                cipSecEndPtRemoteName,
                cipSecEndPtRemoteType,
                cipSecEndPtRemoteAddr1,
                cipSecEndPtRemoteAddr2,
                cipSecEndPtRemoteProtocol,
                cipSecEndPtRemotePort,

                -- The IPsec Phase-2 Security Protection Index Table
                -- cipSecSpiIndex,
                cipSecSpiDirection,
                cipSecSpiValue,
                cipSecSpiProtocol,
                cipSecSpiStatus
              }
      STATUS current
      DESCRIPTION
         "This group consists of:
          1) IPsec Phase-2 Global Statistics
          2) IPsec Phase-2 Tunnel Table
          3) IPsec Phase-2 Endpoint Table
          4) IPsec Phase-2 Security Protection Index Table"
      ::= { cipSecMIBGroups 3 }

   cipSecHistoryGroup OBJECT-GROUP
      OBJECTS {
                -- IPsec History Global Control Objects
                cipSecHistTableSize,
                cipSecHistCheckPoint, 

                -- The IPsec Phase-1 Tunnel History Table
                -- cikeTunHistIndex,
                cikeTunHistTermReason,
                cikeTunHistActiveIndex,
                cikeTunHistPeerLocalType,
                cikeTunHistPeerLocalValue,
                cikeTunHistPeerIntIndex,
                cikeTunHistPeerRemoteType,
                cikeTunHistPeerRemoteValue,
                cikeTunHistLocalAddr,
                cikeTunHistLocalName,
                cikeTunHistRemoteAddr,
                cikeTunHistRemoteName,
                cikeTunHistNegoMode,
                cikeTunHistDiffHellmanGrp,
                cikeTunHistEncryptAlgo,
                cikeTunHistHashAlgo,
                cikeTunHistAuthMethod,
                cikeTunHistLifeTime,
                cikeTunHistStartTime,
                cikeTunHistActiveTime,
                cikeTunHistTotalRefreshes,
                cikeTunHistTotalSas,
                cikeTunHistInOctets,
                cikeTunHistInPkts,
                cikeTunHistInDropPkts,
                cikeTunHistInNotifys,
                cikeTunHistInP2Exchgs,
                cikeTunHistInP2ExchgInvalids,
                cikeTunHistInP2ExchgRejects,
                cikeTunHistInP2SaDelRequests,
                cikeTunHistOutOctets,
                cikeTunHistOutPkts,
                cikeTunHistOutDropPkts,
                cikeTunHistOutNotifys,
                cikeTunHistOutP2Exchgs,
                cikeTunHistOutP2ExchgInvalids,
                cikeTunHistOutP2ExchgRejects,
                cikeTunHistOutP2SaDelRequests,

                -- The IPsec Phase-2 Tunnel History Table
                -- cipSecTunHistIndex,
                cipSecTunHistTermReason,
                cipSecTunHistActiveIndex,
                cipSecTunHistIkeTunnelIndex,
                cipSecTunHistLocalAddr,
                cipSecTunHistRemoteAddr,
                cipSecTunHistKeyType,
                cipSecTunHistEncapMode,
                cipSecTunHistLifeSize,
                cipSecTunHistLifeTime,
                cipSecTunHistStartTime,
                cipSecTunHistActiveTime,
                cipSecTunHistTotalRefreshes,
                cipSecTunHistTotalSas,
                cipSecTunHistInSaDiffHellmanGrp,
                cipSecTunHistInSaEncryptAlgo,
                cipSecTunHistInSaAhAuthAlgo,
                cipSecTunHistInSaEspAuthAlgo,
                cipSecTunHistInSaDecompAlgo,
                cipSecTunHistOutSaDiffHellmanGrp,
                cipSecTunHistOutSaEncryptAlgo,
                cipSecTunHistOutSaAhAuthAlgo,
                cipSecTunHistOutSaEspAuthAlgo,
                cipSecTunHistOutSaCompAlgo,
                cipSecTunHistInOctets,
                cipSecTunHistHcInOctets,
                cipSecTunHistInOctWraps,
                cipSecTunHistInDecompOctets,
                cipSecTunHistHcInDecompOctets,
                cipSecTunHistInDecompOctWraps,
                cipSecTunHistInPkts,
                cipSecTunHistInDropPkts,
                cipSecTunHistInReplayDropPkts,
                cipSecTunHistInAuths,
                cipSecTunHistInAuthFails,
                cipSecTunHistInDecrypts,
                cipSecTunHistInDecryptFails,
                cipSecTunHistOutOctets,
                cipSecTunHistHcOutOctets,
                cipSecTunHistOutOctWraps,
                cipSecTunHistOutUncompOctets,
                cipSecTunHistHcOutUncompOctets,
                cipSecTunHistOutUncompOctWraps,
                cipSecTunHistOutPkts,
                cipSecTunHistOutDropPkts,
                cipSecTunHistOutAuths,
                cipSecTunHistOutAuthFails,
                cipSecTunHistOutEncrypts,
                cipSecTunHistOutEncryptFails,

                -- The IPsec Phase-2 End Point History Table
                -- cipSecEndPtHistIndex,
                cipSecEndPtHistTunIndex,
                cipSecEndPtHistActiveIndex,
                cipSecEndPtHistLocalName,
                cipSecEndPtHistLocalType,
                cipSecEndPtHistLocalAddr1,
                cipSecEndPtHistLocalAddr2,
                cipSecEndPtHistLocalProtocol,
                cipSecEndPtHistLocalPort,
                cipSecEndPtHistRemoteName,
                cipSecEndPtHistRemoteType,
                cipSecEndPtHistRemoteAddr1,
                cipSecEndPtHistRemoteAddr2,
                cipSecEndPtHistRemoteProtocol,
                cipSecEndPtHistRemotePort
              }
      STATUS current
      DESCRIPTION
         "This group consists of:
          1) IPsec History Global Objects
          2) IPsec Phase-1 History Objects
          3) IPsec Phase-2 History Objects"
      ::= { cipSecMIBGroups 4 }

   cipSecFailuresGroup OBJECT-GROUP
      OBJECTS {
                -- The IPsec Failure Global Control Objects
                cipSecFailTableSize,

                -- The IPsec Phase-1 Failure Table
                -- cikeFailIndex,
                cikeFailReason,
                cikeFailTime,
                cikeFailLocalType,
                cikeFailLocalValue,
                cikeFailRemoteType,
                cikeFailRemoteValue,
                cikeFailLocalAddr,
                cikeFailRemoteAddr,

                -- The IPsec Phase-2 Failure Table
                -- cipSecFailIndex,
                cipSecFailReason,
                cipSecFailTime,
                cipSecFailTunnelIndex,
                cipSecFailSaSpi,
                cipSecFailPktSrcAddr,
                cipSecFailPktDstAddr
              }
      STATUS current
      DESCRIPTION
         "This group consists of:
          1) IPsec Failure Global Objects
          2) IPsec Phase-1 Tunnel Failure Table
          3) IPsec Phase-2 Tunnel Failure Table"
      ::= { cipSecMIBGroups 5 }

   cipSecTrapCntlGroup OBJECT-GROUP
      OBJECTS {
                cipSecTrapCntlIkeTunnelStart,
                cipSecTrapCntlIkeTunnelStop,
                cipSecTrapCntlIkeSysFailure,
                cipSecTrapCntlIkeCertCrlFailure,
                cipSecTrapCntlIkeProtocolFail,
                cipSecTrapCntlIkeNoSa,
                cipSecTrapCntlIpSecTunnelStart,
                cipSecTrapCntlIpSecTunnelStop,
                cipSecTrapCntlIpSecSysFailure,
                cipSecTrapCntlIpSecSetUpFailure,
                cipSecTrapCntlIpSecEarlyTunTerm,
                cipSecTrapCntlIpSecProtocolFail,
                cipSecTrapCntlIpSecNoSa
              }
      STATUS current
      DESCRIPTION
         "This group of objects controls the sending of IPsec TRAPs."
      ::= { cipSecMIBGroups 6 }

--   cipSecNotificationGroup    NOTIFICATION-GROUP
--      NOTIFICATIONS {
--                      cikeTunnelStart,
--                      cikeTunnelStop,
--                      cikeSysFailure,
--                      cikeCertCrlFailure,
--                      cikeProtocolFailure,
--                      cikeNoSa,
--                      cipSecTunnelStart,
--                      cipSecTunnelStop,
--                      cipSecSysFailure,
--                      cipSecSetUpFailure,
--                      cipSecEarlyTunTerm,
--                      cipSecProtocolFailure,
--                      cipSecNoSa
--                    }
--      STATUS current
--      DESCRIPTION
--         "This group contains the notifications for the IPsec MIB."
--      ::= { cipSecMIBGroups 7 }


END