CISCO-IPSEC-FLOW-MONITOR-MIB device MIB details by Cisco
CISCO-IPSEC-FLOW-MONITOR-MIB file content
The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.
Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.
Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing CISCO-IPSEC-FLOW-MONITOR-MIB.
Vendor: | Cisco |
---|---|
Mib: | CISCO-IPSEC-FLOW-MONITOR-MIB [download] [view objects] |
Tool: | ActiveXperts Network Monitor 2024 [download] (ships with advanced SNMP/MIB tools) |
-- * $Source$ -- ********* -- *------------------------------------------------------------------ -- * CISCO-IPSEC-FLOW-MONITOR-MIB.my: IPSec Flow Monitoring MIB. -- * -- * April 2000, S Ramakrishnan -- * -- * Copyright (c) 2000 by Cisco Systems, Inc. -- * All rights reserved. -- * -- *------------------------------------------------------------------ CISCO-IPSEC-FLOW-MONITOR-MIB DEFINITIONS ::= BEGIN -- PREFACE: -- CISCO-IPSEC-FLOW-MONITOR-MIB Module models -- counters and objects that are of -- management interest in a standard IPSec -- implementation. The MIB does not define -- vendor-specific IPSec attributes. This has -- been proposed as an IETF IPSec Working Group Draft -- (I-D). IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Counter64, Gauge32, Integer32 FROM SNMPv2-SMI TEXTUAL-CONVENTION, DisplayString, TimeStamp, TimeInterval, TruthValue FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF Unsigned32 FROM CISCO-TC ciscoMgmt FROM CISCO-SMI; ciscoIpSecFlowMonitorMIB MODULE-IDENTITY LAST-UPDATED "200010131800Z" ORGANIZATION "Tivoli Systems and Cisco Systems" CONTACT-INFO "Tivoli Systems Research Triangle Park, NC Cisco Systems 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-ipsecurity@cisco.com" DESCRIPTION "This is a MIB Module for monitoring the structures in IPSec-based Virtual Private Networks. The MIB has been designed to be adopted as an IETF standard. Hence Cisco-specific features of IPSec protocol are excluded from this MIB. Acronyms The following acronyms are used in this document: IPSec: Secure IP Protocol VPN: Virtual Private Network ISAKMP: Internet Security Association and Key Exchange Protocol IKE: Internet Key Exchange Protocol SA: Security Association MM: Main Mode - the process of setting up a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs QM: Quick Mode - the process of setting up Phase 2 Security Associations using a Phase 1 SA. Overview of IPsec MIB The MIB contains six major groups of objects which are used to manage the IPSec Protocol. These groups include a Levels Group, a Phase-1 Group, a Phase-2 Group, a History Group, a Failure Group and a TRAP Control Group. The following table illustrates the structure of the IPSec MIB. The Phase 1 group models objects pertaining to IKE negotiations and tunnels. The Phase 2 group models objects pertaining to IPSec data tunnels. The History group is to aid applications that do trending analysis. The Failure group is to enable an operator to do troubleshooting and debugging of the VPN Router. Further, counters are supported to aid Intrusion Detection. In addition to the five major MIB Groups, there are a number of Notifications. The following table illustrates the name and description of the IPSec TRAPs. For a detailed discussion, please refer to the IETF draft draft-ietf-ipsec-flow-monitoring-mib-00.txt. " REVISION "200010131800Z" DESCRIPTION "Changed cipSecSpiValue to Unsigned32. Changed Protocol ranges to start at 0 instead of 1. Removed comment(s) incorrectly indicating this MIB was CiscoExperiment." REVISION "200008171259Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 171 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++ -- Local Textual Conventions -- +++++++++++++++++++++++++++++++++++++++++++++++++++ IPSIpAddress ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An IP V4 or V6 Address." SYNTAX OCTET STRING(SIZE(4 | 16)) -- IP V4 or V6 Address IkePeerType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of IPsec Phase-1 IKE peer identity. The IKE peer may be identified by: 1. an IP address, or 2. a host name." SYNTAX INTEGER { ipAddrPeer(1), namePeer(2) } IkeNegoMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The IPsec Phase-1 IKE negotiation mode." SYNTAX INTEGER { main(1), aggressive(2) } IkeHashAlgo ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The hash algorithm used in IPsec Phase-1 IKE negotiations." SYNTAX INTEGER { none(1), md5(2), sha(3) } IkeAuthMethod ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authentication method used in IPsec Phase-1 IKE negotiations." SYNTAX INTEGER { none(1), preSharedKey(2), rsaSig(3), rsaEncrypt(4), revPublicKey(5) } DiffHellmanGrp ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The Diffie Hellman Group used in negotiations." SYNTAX INTEGER { none(1), dhGroup1(2), dhGroup2(3) } KeyType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of key used by an IPsec Phase-2 Tunnel." SYNTAX INTEGER{ ike(1), manual(2) } EncapMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The encapsulation mode used by an IPsec Phase-2 Tunnel." SYNTAX INTEGER{ tunnel(1), transport(2) } EncryptAlgo ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The encryption algorithm used in negotiations." SYNTAX INTEGER { none(1), des(2), des3(3) } AuthAlgo ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authentication algorithm used by a security association of an IPsec Phase-2 Tunnel." SYNTAX INTEGER{ none(1), hmacMd5(2), hmacSha(3) } CompAlgo ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The compression algorithm used by a security association of an IPsec Phase-2 Tunnel." SYNTAX INTEGER{ none(1), ldf(2) } EndPtType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of identity use to specify an IPsec End Point." SYNTAX INTEGER { singleIpAddr(1), ipAddrRange(2), ipSubnet(3) } TunnelStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The status of a Tunnel. Objects of this type may be used to bring the tunnel down by setting value of this object to destroy(2). Objects of this type cannot be used to create a Tunnel." SYNTAX INTEGER { active(1), destroy(2) } TrapStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The administrative status for sending a TRAP." SYNTAX INTEGER { enabled(1), disabled(2) } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- IPsec MIB Object Groups -- -- This MIB module contains the following groups: -- 1) IPsec Levels Group -- 2) IPsec Phase-1 Group -- 3) IPsec Phase-2 Group -- 4) IPsec History Group -- 5) IPsec Failure Group -- 6) IPsec TRAP Control Group -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecMIBObjects OBJECT IDENTIFIER ::= {ciscoIpSecFlowMonitorMIB 1} cipSecLevels OBJECT IDENTIFIER ::= { cipSecMIBObjects 1 } cipSecPhaseOne OBJECT IDENTIFIER ::= { cipSecMIBObjects 2 } cipSecPhaseTwo OBJECT IDENTIFIER ::= { cipSecMIBObjects 3 } cipSecHistory OBJECT IDENTIFIER ::= { cipSecMIBObjects 4 } cipSecFailures OBJECT IDENTIFIER ::= { cipSecMIBObjects 5 } cipSecTrapCntl OBJECT IDENTIFIER ::= { cipSecMIBObjects 6 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- IPsec Levels Group -- -- This group consists of a: -- 1) IPsec MIB Level -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecMibLevel OBJECT-TYPE SYNTAX Integer32 (1..4096) MAX-ACCESS read-only STATUS current DESCRIPTION "The level of the IPsec MIB." ::= { cipSecLevels 1 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-1 Internet Key Exchange (IKE) Group -- -- This group consists of: -- 1) IPsec Phase-1 Global Statistics -- 2) IPsec Phase-1 Peer Table -- 3) IPsec Phase-1 Tunnel Table -- 4) IPsec Phase-1 Correlation Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-1 Global Statistics -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cikeGlobalStats OBJECT IDENTIFIER ::= { cipSecPhaseOne 1 } cikeGlobalActiveTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of currently active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 1 } cikeGlobalPreviousTunnels OBJECT-TYPE SYNTAX Counter32 UNITS "SAs" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 2 } cikeGlobalInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets received by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 3 } cikeGlobalInPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 4 } cikeGlobalInDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets which were dropped during receive processing by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 5 } cikeGlobalInNotifys OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of notifys received by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 6 } cikeGlobalInP2Exchgs OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges received by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 7 } cikeGlobalInP2ExchgInvalids OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges which were received and found to be invalid by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 8 } cikeGlobalInP2ExchgRejects OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges which were received and rejected by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 9 } cikeGlobalInP2SaDelRequests OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 security association delete requests received by all currently and previously active and IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 10 } cikeGlobalOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets sent by all currently and previously active and IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 11 } cikeGlobalOutPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by all currently and previously active and IPsec Phase-1 Tunnels." ::= { cikeGlobalStats 12 } cikeGlobalOutDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets which were dropped during send processing by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 13 } cikeGlobalOutNotifys OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of notifys sent by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 14 } cikeGlobalOutP2Exchgs OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 15 } cikeGlobalOutP2ExchgInvalids OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges which were sent and found to be invalid by all currently and previously active IPsec Phase-1 Tunnels." ::= { cikeGlobalStats 16 } cikeGlobalOutP2ExchgRejects OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges which were sent and rejected by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 17 } cikeGlobalOutP2SaDelRequests OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 SA delete requests sent by all currently and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 18 } cikeGlobalInitTunnels OBJECT-TYPE SYNTAX Counter32 UNITS "SAs" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-1 IKE Tunnels which were locally initiated." ::= { cikeGlobalStats 19 } cikeGlobalInitTunnelFails OBJECT-TYPE SYNTAX Counter32 UNITS "SAs" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-1 IKE Tunnels which were locally initiated and failed to activate." ::= { cikeGlobalStats 20 } cikeGlobalRespTunnelFails OBJECT-TYPE SYNTAX Counter32 UNITS "SAs" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated and failed to activate." ::= { cikeGlobalStats 21 } cikeGlobalSysCapFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of system capcity failures which occurred during processing of all current and previously active IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 22 } cikeGlobalAuthFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of authentications which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 23 } cikeGlobalDecryptFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of decryptions which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 24 } cikeGlobalHashValidFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of hash validations which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 25 } cikeGlobalNoSaFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of non-existent Security Association in failures which occurred during processing of all current and previous IPsec Phase-1 IKE Tunnels." ::= { cikeGlobalStats 26 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-1 Internet Key Exchange Peer Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cikePeerTable OBJECT-TYPE SYNTAX SEQUENCE OF CikePeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-1 Internet Key Exchange Peer Table. There is one entry in this table for each IPsec Phase-1 IKE peer association which is currently associated with an active IPsec Phase-1 Tunnel. The IPsec Phase-1 IKE Tunnel associated with this IPsec Phase-1 IKE peer association may or may not be currently active." ::= { cipSecPhaseOne 2 } cikePeerEntry OBJECT-TYPE SYNTAX CikePeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes associated with an IPsec Phase-1 IKE peer association." INDEX { cikePeerLocalType, cikePeerLocalValue, cikePeerRemoteType, cikePeerRemoteValue, cikePeerIntIndex } ::= { cikePeerTable 1} CikePeerEntry ::= SEQUENCE { cikePeerLocalType IkePeerType, cikePeerLocalValue DisplayString, cikePeerRemoteType IkePeerType, cikePeerRemoteValue DisplayString, cikePeerIntIndex Integer32, cikePeerLocalAddr IPSIpAddress, cikePeerRemoteAddr IPSIpAddress, cikePeerActiveTime TimeInterval, cikePeerActiveTunnelIndex Integer32 } cikePeerLocalType OBJECT-TYPE SYNTAX IkePeerType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. a host name." ::= { cikePeerEntry 1 } cikePeerLocalValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a host name, then this is the host name used to identify the local peer." ::= { cikePeerEntry 2 } cikePeerRemoteType OBJECT-TYPE SYNTAX IkePeerType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. a host name." ::= { cikePeerEntry 3 } cikePeerRemoteValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a host name, then this is the host name used to identify the remote peer." ::= { cikePeerEntry 4 } cikePeerIntIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer." ::= { cikePeerEntry 5 } cikePeerLocalAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the local peer." ::= { cikePeerEntry 6 } cikePeerRemoteAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the remote peer." ::= { cikePeerEntry 7 } cikePeerActiveTime OBJECT-TYPE SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION "The length of time that the peer association has existed in hundredths of a second." ::= { cikePeerEntry 8 } cikePeerActiveTunnelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the active IPsec Phase-1 IKE Tunnel (cikeTunIndex in the cikeTunnelTable) for this peer association. If an IPsec Phase-1 IKE Tunnel is not currently active, then the value of this object will be zero." ::= { cikePeerEntry 9 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-1 Internet Key Exchange Tunnel Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cikeTunnelTable OBJECT-TYPE SYNTAX SEQUENCE OF CikeTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-1 Internet Key Exchange Tunnel Table. There is one entry in this table for each active IPsec Phase-1 IKE Tunnel." ::= { cipSecPhaseOne 3 } cikeTunnelEntry OBJECT-TYPE SYNTAX CikeTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes associated with an active IPsec Phase-1 IKE Tunnel." INDEX { cikeTunIndex } ::= { cikeTunnelTable 1} CikeTunnelEntry ::= SEQUENCE { cikeTunIndex Integer32, cikeTunLocalType IkePeerType, cikeTunLocalValue DisplayString, cikeTunLocalAddr IPSIpAddress, cikeTunLocalName DisplayString, cikeTunRemoteType IkePeerType, cikeTunRemoteValue DisplayString, cikeTunRemoteAddr IPSIpAddress, cikeTunRemoteName DisplayString, cikeTunNegoMode IkeNegoMode, cikeTunDiffHellmanGrp DiffHellmanGrp, cikeTunEncryptAlgo EncryptAlgo, cikeTunHashAlgo IkeHashAlgo, cikeTunAuthMethod IkeAuthMethod, cikeTunLifeTime Integer32, cikeTunActiveTime TimeInterval, cikeTunSaRefreshThreshold Integer32, cikeTunTotalRefreshes Counter32, cikeTunInOctets Counter32, cikeTunInPkts Counter32, cikeTunInDropPkts Counter32, cikeTunInNotifys Counter32, cikeTunInP2Exchgs Counter32, cikeTunInP2ExchgInvalids Counter32, cikeTunInP2ExchgRejects Counter32, cikeTunInP2SaDelRequests Counter32, cikeTunOutOctets Counter32, cikeTunOutPkts Counter32, cikeTunOutDropPkts Counter32, cikeTunOutNotifys Counter32, cikeTunOutP2Exchgs Counter32, cikeTunOutP2ExchgInvalids Counter32, cikeTunOutP2ExchgRejects Counter32, cikeTunOutP2SaDelRequests Counter32, cikeTunStatus TunnelStatus } cikeTunIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the IPsec Phase-1 IKE Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647." ::= { cikeTunnelEntry 1 } cikeTunLocalType OBJECT-TYPE SYNTAX IkePeerType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. a host name." ::= { cikeTunnelEntry 2 } cikeTunLocalValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a host name, then this is the host name used to identify the local peer." ::= { cikeTunnelEntry 3 } cikeTunLocalAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 4 } cikeTunLocalName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS name of the local IP address for the IPsec Phase-1 IKE Tunnel. If the DNS name associated with the local tunnel endpoint is not known, then the value of this object will be a NULL string." ::= { cikeTunnelEntry 5 } cikeTunRemoteType OBJECT-TYPE SYNTAX IkePeerType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. a host name." ::= { cikeTunnelEntry 6 } cikeTunRemoteValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a host name, then this is the host name used to identify the remote peer." ::= { cikeTunnelEntry 7 } cikeTunRemoteAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 8 } cikeTunRemoteName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS name of the remote IP address of IPsec Phase-1 IKE Tunnel. If the DNS name associated with the remote tunnel endpoint is not known, then the value of this object will be a NULL string." ::= { cikeTunnelEntry 9 } cikeTunNegoMode OBJECT-TYPE SYNTAX IkeNegoMode MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiation mode of the IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 10 } cikeTunDiffHellmanGrp OBJECT-TYPE SYNTAX DiffHellmanGrp MAX-ACCESS read-only STATUS current DESCRIPTION "The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations." ::= { cikeTunnelEntry 11 } cikeTunEncryptAlgo OBJECT-TYPE SYNTAX EncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used in IPsec Phase-1 IKE negotiations." ::= { cikeTunnelEntry 12 } cikeTunHashAlgo OBJECT-TYPE SYNTAX IkeHashAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The hash algorithm used in IPsec Phase-1 IKE negotiations." ::= { cikeTunnelEntry 13 } cikeTunAuthMethod OBJECT-TYPE SYNTAX IkeAuthMethod MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication method used in IPsec Phase-1 IKE negotiations." ::= { cikeTunnelEntry 14 } cikeTunLifeTime OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds." ::= { cikeTunnelEntry 15 } cikeTunActiveTime OBJECT-TYPE SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION "The length of time the IPsec Phase-1 IKE tunnel has been active in hundredths of seconds." ::= { cikeTunnelEntry 16 } cikeTunSaRefreshThreshold OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The security assoication refresh threshold in seconds." ::= { cikeTunnelEntry 17 } cikeTunTotalRefreshes OBJECT-TYPE SYNTAX Counter32 UNITS "QM Exchanges" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of security associations refreshes performed." ::= { cikeTunnelEntry 18 } cikeTunInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets received by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 19 } cikeTunInPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 20 } cikeTunInDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during receive processing." ::= { cikeTunnelEntry 21 } cikeTunInNotifys OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of notifys received by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 22 } cikeTunInP2Exchgs OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 23 } cikeTunInP2ExchgInvalids OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges received and found to be invalid by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 24 } cikeTunInP2ExchgRejects OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges received and rejected by this IPsec Phase-1 Tunnel." ::= { cikeTunnelEntry 25 } cikeTunInP2SaDelRequests OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 26 } cikeTunOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets sent by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 27 } cikeTunOutPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 28 } cikeTunOutDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during send processing." ::= { cikeTunnelEntry 29 } cikeTunOutNotifys OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of notifys sent by this IPsec Phase-1 Tunnel." ::= { cikeTunnelEntry 30 } cikeTunOutP2Exchgs OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 31 } cikeTunOutP2ExchgInvalids OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges sent and found to be invalid by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 32 } cikeTunOutP2ExchgRejects OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges sent and rejected by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 33 } cikeTunOutP2SaDelRequests OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelEntry 34 } cikeTunStatus OBJECT-TYPE SYNTAX TunnelStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The status of the MIB table row. This object can be used to bring the tunnel down by setting value of this object to destroy(2). This object cannot be used to create a MIB table row." ::= { cikeTunnelEntry 35 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The Internet Key Exchange Peer Association to -- Phase-2 Tunnel Correlation Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cikePeerCorrTable OBJECT-TYPE SYNTAX SEQUENCE OF CikePeerCorrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-1 Internet Key Exchange Peer Association to IPsec Phase-2 Tunnel Correlation Table. There is one entry in this table for each active IPsec Phase-2 Tunnel." ::= { cipSecPhaseOne 4 } cikePeerCorrEntry OBJECT-TYPE SYNTAX CikePeerCorrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes of an IPsec Phase-1 IKE Peer Association to IPsec Phase-2 Tunnel Correlation." INDEX { cikePeerCorrLocalType, cikePeerCorrLocalValue, cikePeerCorrRemoteType, cikePeerCorrRemoteValue, cikePeerCorrIntIndex, cikePeerCorrSeqNum } ::= { cikePeerCorrTable 1} CikePeerCorrEntry ::= SEQUENCE { cikePeerCorrLocalType IkePeerType, cikePeerCorrLocalValue DisplayString, cikePeerCorrRemoteType IkePeerType, cikePeerCorrRemoteValue DisplayString, cikePeerCorrIntIndex Integer32, cikePeerCorrSeqNum Integer32, cikePeerCorrIpSecTunIndex Integer32 } cikePeerCorrLocalType OBJECT-TYPE SYNTAX IkePeerType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. a host name." ::= { cikePeerCorrEntry 1 } cikePeerCorrLocalValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a host name, then this is the host name used to identify the local peer." ::= { cikePeerCorrEntry 2 } cikePeerCorrRemoteType OBJECT-TYPE SYNTAX IkePeerType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. a host name." ::= { cikePeerCorrEntry 3 } cikePeerCorrRemoteValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a host name, then this is the host name used to identify the remote peer." ::= { cikePeerCorrEntry 4 } cikePeerCorrIntIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer." ::= { cikePeerCorrEntry 5 } cikePeerCorrSeqNum OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The sequence number of the local-remote peer association. This sequence number is used to uniquely identify multiple instances of an unique association between the local and remote peer." ::= { cikePeerCorrEntry 6 } cikePeerCorrIpSecTunIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the active IPsec Phase-2 Tunnel (cipSecTunIndex in the cipSecTunnelTable) for this IPsec Phase-1 IKE Peer Association." ::= { cikePeerCorrEntry 7 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- IPsec Phase-2 Group -- -- This group consists of: -- 1) IPsec Phase-2 Global Statistics -- 2) IPsec Phase-2 Tunnel Table -- 3) IPsec Phase-2 Endpoint Table -- 4) IPsec Phase-2 Security Protection Index Table -- 4) IPsec Phase-2 Security Protection Index Objects -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-2 Global Tunnel Statistics -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecGlobalStats OBJECT IDENTIFIER ::= { cipSecPhaseTwo 1 } cipSecGlobalActiveTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of currently active IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 1 } cipSecGlobalPreviousTunnels OBJECT-TYPE SYNTAX Counter32 UNITS "Phase-2 Tunnels" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of previously active IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 2 } cipSecGlobalInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also cipSecGlobalInOctWraps for the number of times this counter has wrapped." ::= { cipSecGlobalStats 3 } cipSecGlobalHcInOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed." ::= { cipSecGlobalStats 4 } cipSecGlobalInOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the global octets received counter (cipSecGlobalInOctets) has wrapped." ::= { cipSecGlobalStats 5 } cipSecGlobalInDecompOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecGlobalInOctets. See also cipSecGlobalInDecompOctWraps for the number of times this counter has wrapped." ::= { cipSecGlobalStats 6 } cipSecGlobalHcInDecompOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecGlobalHcInOctets." ::= { cipSecGlobalStats 7 } cipSecGlobalInDecompOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the global decompressed octets received counter (cipSecGlobalInDecompOctets) has wrapped." ::= { cipSecGlobalStats 8 } cipSecGlobalInPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 9 } cipSecGlobalInDrops OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels. This count does NOT include packets dropped due to Anti-Replay processing." ::= { cipSecGlobalStats 10 } cipSecGlobalInReplayDrops OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 11 } cipSecGlobalInAuths OBJECT-TYPE SYNTAX Counter32 UNITS "Events" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 12 } cipSecGlobalInAuthFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 13 } cipSecGlobalInDecrypts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 14 } cipSecGlobalInDecryptFails OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 15 } cipSecGlobalOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed. See also cipSecGlobalOutOctWraps for the number of times this counter has wrapped." ::= { cipSecGlobalStats 16 } cipSecGlobalHcOutOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed." ::= { cipSecGlobalStats 17 } cipSecGlobalOutOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the global octets sent counter (cipSecGlobalOutOctets) has wrapped." ::= { cipSecGlobalStats 18 } cipSecGlobalOutUncompOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecGlobalOutOctets. See also cipSecGlobalOutDecompOctWraps for the number of times this counter has wrapped." ::= { cipSecGlobalStats 19 } cipSecGlobalHcOutUncompOctets OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecGlobalHcOutOctets." ::= { cipSecGlobalStats 20 } cipSecGlobalOutUncompOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the global uncompressed octets sent counter (cipSecGlobalOutUncompOctets) has wrapped." ::= { cipSecGlobalStats 21 } cipSecGlobalOutPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 22 } cipSecGlobalOutDrops OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 23 } cipSecGlobalOutAuths OBJECT-TYPE SYNTAX Counter32 UNITS "Events" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 24 } cipSecGlobalOutAuthFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 25 } cipSecGlobalOutEncrypts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 26 } cipSecGlobalOutEncryptFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 27 } cipSecGlobalProtocolUseFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of protocol use failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 28 } cipSecGlobalNoSaFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of non-existent Security Assocication in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 29 } cipSecGlobalSysCapFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels." ::= { cipSecGlobalStats 30 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-2 Tunnel Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecTunnelTable OBJECT-TYPE SYNTAX SEQUENCE OF CipSecTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-2 Tunnel Table. There is one entry in this table for each active IPsec Phase-2 Tunnel." ::= { cipSecPhaseTwo 2 } cipSecTunnelEntry OBJECT-TYPE SYNTAX CipSecTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes associated with an active IPsec Phase-2 Tunnel." INDEX { cipSecTunIndex } ::= { cipSecTunnelTable 1 } CipSecTunnelEntry ::= SEQUENCE { cipSecTunIndex Integer32, cipSecTunIkeTunnelIndex Integer32, cipSecTunIkeTunnelAlive TruthValue, cipSecTunLocalAddr IPSIpAddress, cipSecTunRemoteAddr IPSIpAddress, cipSecTunKeyType KeyType, cipSecTunEncapMode EncapMode, cipSecTunLifeSize Integer32, cipSecTunLifeTime Integer32, cipSecTunActiveTime TimeInterval, cipSecTunSaLifeSizeThreshold Integer32, cipSecTunSaLifeTimeThreshold Integer32, cipSecTunTotalRefreshes Counter32, cipSecTunExpiredSaInstances Counter32, cipSecTunCurrentSaInstances Gauge32, cipSecTunInSaDiffHellmanGrp DiffHellmanGrp, cipSecTunInSaEncryptAlgo EncryptAlgo, cipSecTunInSaAhAuthAlgo AuthAlgo, cipSecTunInSaEspAuthAlgo AuthAlgo, cipSecTunInSaDecompAlgo CompAlgo, cipSecTunOutSaDiffHellmanGrp DiffHellmanGrp, cipSecTunOutSaEncryptAlgo EncryptAlgo, cipSecTunOutSaAhAuthAlgo AuthAlgo, cipSecTunOutSaEspAuthAlgo AuthAlgo, cipSecTunOutSaCompAlgo CompAlgo, cipSecTunInOctets Counter32, cipSecTunHcInOctets Counter64, cipSecTunInOctWraps Counter32, cipSecTunInDecompOctets Counter32, cipSecTunHcInDecompOctets Counter64, cipSecTunInDecompOctWraps Counter32, cipSecTunInPkts Counter32, cipSecTunInDropPkts Counter32, cipSecTunInReplayDropPkts Counter32, cipSecTunInAuths Counter32, cipSecTunInAuthFails Counter32, cipSecTunInDecrypts Counter32, cipSecTunInDecryptFails Counter32, cipSecTunOutOctets Counter32, cipSecTunHcOutOctets Counter64, cipSecTunOutOctWraps Counter32, cipSecTunOutUncompOctets Counter32, cipSecTunHcOutUncompOctets Counter64, cipSecTunOutUncompOctWraps Counter32, cipSecTunOutPkts Counter32, cipSecTunOutDropPkts Counter32, cipSecTunOutAuths Counter32, cipSecTunOutAuthFails Counter32, cipSecTunOutEncrypts Counter32, cipSecTunOutEncryptFails Counter32, cipSecTunStatus TunnelStatus } cipSecTunIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the IPsec Phase-2 Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647." ::= { cipSecTunnelEntry 1 } cipSecTunIkeTunnelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the associated IPsec Phase-1 IKE Tunnel. (cikeTunIndex in the cikeTunnelTable)" ::= { cipSecTunnelEntry 2 } cipSecTunIkeTunnelAlive OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "An indicator which specifies whether or not the IPsec Phase-1 IKE Tunnel currently exists." ::= { cipSecTunnelEntry 3 } cipSecTunLocalAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the local endpoint for the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 4 } cipSecTunRemoteAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the remote endpoint for the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 5 } cipSecTunKeyType OBJECT-TYPE SYNTAX KeyType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of key used by the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 6 } cipSecTunEncapMode OBJECT-TYPE SYNTAX EncapMode MAX-ACCESS read-only STATUS current DESCRIPTION "The encapsulation mode used by the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 7 } cipSecTunLifeSize OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes." ::= { cipSecTunnelEntry 8 } cipSecTunLifeTime OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "Seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds." ::= { cipSecTunnelEntry 9 } cipSecTunActiveTime OBJECT-TYPE SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION "The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds." ::= { cipSecTunnelEntry 10 } cipSecTunSaLifeSizeThreshold OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The security association LifeSize refresh threshold in kilobytes." ::= { cipSecTunnelEntry 11 } cipSecTunSaLifeTimeThreshold OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "Seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The security association LifeTime refresh threshold in seconds." ::= { cipSecTunnelEntry 12 } cipSecTunTotalRefreshes OBJECT-TYPE SYNTAX Counter32 UNITS "QM Exchanges" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of security association refreshes performed." ::= { cipSecTunnelEntry 13 } cipSecTunExpiredSaInstances OBJECT-TYPE SYNTAX Counter32 UNITS "SAs" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of security associations which have expired." ::= { cipSecTunnelEntry 14 } cipSecTunCurrentSaInstances OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of security associations which are currently active or expiring." ::= { cipSecTunnelEntry 15 } cipSecTunInSaDiffHellmanGrp OBJECT-TYPE SYNTAX DiffHellmanGrp MAX-ACCESS read-only STATUS current DESCRIPTION "The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 16 } cipSecTunInSaEncryptAlgo OBJECT-TYPE SYNTAX EncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 17 } cipSecTunInSaAhAuthAlgo OBJECT-TYPE SYNTAX AuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 18 } cipSecTunInSaEspAuthAlgo OBJECT-TYPE SYNTAX AuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 19 } cipSecTunInSaDecompAlgo OBJECT-TYPE SYNTAX CompAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 20 } cipSecTunOutSaDiffHellmanGrp OBJECT-TYPE SYNTAX DiffHellmanGrp MAX-ACCESS read-only STATUS current DESCRIPTION "The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 21 } cipSecTunOutSaEncryptAlgo OBJECT-TYPE SYNTAX EncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 22 } cipSecTunOutSaAhAuthAlgo OBJECT-TYPE SYNTAX AuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 23 } cipSecTunOutSaEspAuthAlgo OBJECT-TYPE SYNTAX AuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 24 } cipSecTunOutSaCompAlgo OBJECT-TYPE SYNTAX CompAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 25 } cipSecTunInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also cipSecTunInOctWraps for the number of times this counter has wrapped." ::= { cipSecTunnelEntry 26 } cipSecTunHcInOctets OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed." ::= { cipSecTunnelEntry 27 } cipSecTunInOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the octets received counter (cipSecTunInOctets) has wrapped." ::= { cipSecTunnelEntry 28 } cipSecTunInDecompOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecTunInOctets. See also cipSecTunInDecompOctWraps for the number of times this counter has wrapped." ::= { cipSecTunnelEntry 29 } cipSecTunHcInDecompOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecTunHcInOctets." ::= { cipSecTunnelEntry 30 } cipSecTunInDecompOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the decompressed octets received counter (cipSecTunInDecompOctets) has wrapped." ::= { cipSecTunnelEntry 31 } cipSecTunInPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 32 } cipSecTunInDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing." ::= { cipSecTunnelEntry 33 } cipSecTunInReplayDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 34 } cipSecTunInAuths OBJECT-TYPE SYNTAX Counter32 UNITS "Events" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 35 } cipSecTunInAuthFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel ." ::= { cipSecTunnelEntry 36 } cipSecTunInDecrypts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 37 } cipSecTunInDecryptFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 38 } cipSecTunOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. See also cipSecTunOutOctWraps for the number of times this counter has wrapped." ::= { cipSecTunnelEntry 39 } cipSecTunHcOutOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed." ::= { cipSecTunnelEntry 40 } cipSecTunOutOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the out octets counter (cipSecTunOutOctets) has wrapped." ::= { cipSecTunnelEntry 41 } cipSecTunOutUncompOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecTunOutOctets. See also cipSecTunOutDecompOctWraps for the number of times this counter has wrapped." ::= { cipSecTunnelEntry 42 } cipSecTunHcOutUncompOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecTunHcOutOctets." ::= { cipSecTunnelEntry 43 } cipSecTunOutUncompOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the uncompressed octets sent counter (cipSecTunOutUncompOctets) has wrapped." ::= { cipSecTunnelEntry 44 } cipSecTunOutPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 45 } cipSecTunOutDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 46 } cipSecTunOutAuths OBJECT-TYPE SYNTAX Counter32 UNITS "Events" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 47 } cipSecTunOutAuthFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 48 } cipSecTunOutEncrypts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 49 } cipSecTunOutEncryptFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelEntry 50 } cipSecTunStatus OBJECT-TYPE SYNTAX TunnelStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The status of the MIB table row. This object can be used to bring the tunnel down by setting value of this object to destroy(2). When the value is set to destroy(2), the SA bundle is destroyed and this row is deleted from this table. When this MIB value is queried, the value of active(1) is always returned, if the instance exists. This object cannot be used to create a MIB table row." ::= { cipSecTunnelEntry 51 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-2 Tunnel Endpoint Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecEndPtTable OBJECT-TYPE SYNTAX SEQUENCE OF CipSecEndPtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-2 Tunnel Endpoint Table. This table contains an entry for each active endpoint associated with an IPsec Phase-2 Tunnel." ::= { cipSecPhaseTwo 3 } cipSecEndPtEntry OBJECT-TYPE SYNTAX CipSecEndPtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An IPsec Phase-2 Tunnel Endpoint entry." INDEX { cipSecTunIndex, -- from cipSecTunnelTable cipSecEndPtIndex } ::= { cipSecEndPtTable 1 } CipSecEndPtEntry ::= SEQUENCE { cipSecEndPtIndex Integer32, cipSecEndPtLocalName DisplayString, cipSecEndPtLocalType EndPtType, cipSecEndPtLocalAddr1 IPSIpAddress, cipSecEndPtLocalAddr2 IPSIpAddress, cipSecEndPtLocalProtocol Integer32, cipSecEndPtLocalPort Integer32, cipSecEndPtRemoteName DisplayString, cipSecEndPtRemoteType EndPtType, cipSecEndPtRemoteAddr1 IPSIpAddress, cipSecEndPtRemoteAddr2 IPSIpAddress, cipSecEndPtRemoteProtocol Integer32, cipSecEndPtRemotePort Integer32 } cipSecEndPtIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The number of the Endpoint associated with the IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647." ::= { cipSecEndPtEntry 1 } cipSecEndPtLocalName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS name of the local Endpoint." ::= { cipSecEndPtEntry 2 } cipSecEndPtLocalType OBJECT-TYPE SYNTAX EndPtType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identity for the local Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet." ::= { cipSecEndPtEntry 3 } cipSecEndPtLocalAddr1 OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range." ::= { cipSecEndPtEntry 4 } cipSecEndPtLocalAddr2 OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range." ::= { cipSecEndPtEntry 5 } cipSecEndPtLocalProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol number of the local Endpoint's traffic." ::= { cipSecEndPtEntry 6 } cipSecEndPtLocalPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The port number of the local Endpoint's traffic." ::= { cipSecEndPtEntry 7 } cipSecEndPtRemoteName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS name of the remote Endpoint." ::= { cipSecEndPtEntry 8 } cipSecEndPtRemoteType OBJECT-TYPE SYNTAX EndPtType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identity for the remote Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet." ::= { cipSecEndPtEntry 9 } cipSecEndPtRemoteAddr1 OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range." ::= { cipSecEndPtEntry 10 } cipSecEndPtRemoteAddr2 OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range." ::= { cipSecEndPtEntry 11 } cipSecEndPtRemoteProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol number of the remote Endpoint's traffic." ::= { cipSecEndPtEntry 12 } cipSecEndPtRemotePort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The port number of the remote Endpoint's traffic." ::= { cipSecEndPtEntry 13 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-2 Security Protection Index Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecSpiTable OBJECT-TYPE SYNTAX SEQUENCE OF CipSecSpiEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-2 Security Protection Index Table. This table contains an entry for each active and expiring security association." ::= { cipSecPhaseTwo 4 } cipSecSpiEntry OBJECT-TYPE SYNTAX CipSecSpiEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes associated with active and expiring IPsec Phase-2 security associations." INDEX { cipSecTunIndex, -- from cipSecTunnelTable cipSecSpiIndex } ::= { cipSecSpiTable 1 } CipSecSpiEntry ::= SEQUENCE { cipSecSpiIndex Integer32, cipSecSpiDirection INTEGER, cipSecSpiValue Unsigned32, cipSecSpiProtocol INTEGER, cipSecSpiStatus INTEGER } cipSecSpiIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The number of the SPI associated with the Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each SPI associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647." ::= { cipSecSpiEntry 1 } cipSecSpiDirection OBJECT-TYPE SYNTAX INTEGER{ in(1), out(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The direction of the SPI." ::= { cipSecSpiEntry 2 } cipSecSpiValue OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the SPI." ::= { cipSecSpiEntry 3 } cipSecSpiProtocol OBJECT-TYPE SYNTAX INTEGER{ ah(1), esp(2), ipcomp(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol of the SPI." ::= { cipSecSpiEntry 4 } cipSecSpiStatus OBJECT-TYPE SYNTAX INTEGER{ active(1), expiring(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the SPI." ::= { cipSecSpiEntry 5 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec History Group -- -- This group consists of a: -- 1) IPsec History Global Objects -- 2) IPsec Phase-1 History Objects -- 3) IPsec Phase-2 History Objects -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecHistGlobal OBJECT IDENTIFIER ::= { cipSecHistory 1 } cipSecHistPhaseOne OBJECT IDENTIFIER ::= { cipSecHistory 2 } cipSecHistPhaseTwo OBJECT IDENTIFIER ::= { cipSecHistory 3 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- IPsec History Global Control Objects -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecHistGlobalCntl OBJECT IDENTIFIER ::= { cipSecHistGlobal 1 } cipSecHistTableSize OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "The window size of the IPsec Phase-1 and Phase-2 History Tables. The IPsec Phase-1 and Phase-2 History Tables are implemented as a sliding window in which only the last n entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-1 and Phase-2 History Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, a BAD VALUE may be returned." ::= { cipSecHistGlobalCntl 1 } cipSecHistCheckPoint OBJECT-TYPE SYNTAX INTEGER { ready(1), checkPoint(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The current state of check point processing. This object will return ready when the agent is ready to create on-demand history entries for active IPsec Tunnels or checkPoint when the agent is currently creating on-demand history entries for active IPsec Tunnels. By setting this value to checkPoint, the agent will create: a) an entry in the IPsec Phase-1 Tunnel History for each active IPsec Phase-1 Tunnel and b) an entry in the IPsec Phase-2 Tunnel History Table and an entry in the IPsec Phase-2 Tunnel EndPoint History Table for each active IPsec Phase-2 Tunnel." ::= { cipSecHistGlobalCntl 2 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-1 Tunnel History Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cikeTunnelHistTable OBJECT-TYPE SYNTAX SEQUENCE OF CikeTunnelHistEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-1 Internet Key Exchange Tunnel History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the cipSecHistTableSize object." ::= { cipSecHistPhaseOne 1 } cikeTunnelHistEntry OBJECT-TYPE SYNTAX CikeTunnelHistEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes associated with a previously active IPsec Phase-1 IKE Tunnel." INDEX { cikeTunHistIndex } ::= { cikeTunnelHistTable 1} CikeTunnelHistEntry ::= SEQUENCE { cikeTunHistIndex Integer32, cikeTunHistTermReason INTEGER, cikeTunHistActiveIndex Integer32, cikeTunHistPeerLocalType IkePeerType, cikeTunHistPeerLocalValue DisplayString, cikeTunHistPeerIntIndex Integer32, cikeTunHistPeerRemoteType IkePeerType, cikeTunHistPeerRemoteValue DisplayString, cikeTunHistLocalAddr IPSIpAddress, cikeTunHistLocalName DisplayString, cikeTunHistRemoteAddr IPSIpAddress, cikeTunHistRemoteName DisplayString, cikeTunHistNegoMode IkeNegoMode, cikeTunHistDiffHellmanGrp DiffHellmanGrp, cikeTunHistEncryptAlgo EncryptAlgo, cikeTunHistHashAlgo IkeHashAlgo, cikeTunHistAuthMethod IkeAuthMethod, cikeTunHistLifeTime Integer32, cikeTunHistStartTime TimeStamp, cikeTunHistActiveTime TimeInterval, cikeTunHistTotalRefreshes Counter32, cikeTunHistTotalSas Counter32, cikeTunHistInOctets Counter32, cikeTunHistInPkts Counter32, cikeTunHistInDropPkts Counter32, cikeTunHistInNotifys Counter32, cikeTunHistInP2Exchgs Counter32, cikeTunHistInP2ExchgInvalids Counter32, cikeTunHistInP2ExchgRejects Counter32, cikeTunHistInP2SaDelRequests Counter32, cikeTunHistOutOctets Counter32, cikeTunHistOutPkts Counter32, cikeTunHistOutDropPkts Counter32, cikeTunHistOutNotifys Counter32, cikeTunHistOutP2Exchgs Counter32, cikeTunHistOutP2ExchgInvalids Counter32, cikeTunHistOutP2ExchgRejects Counter32, cikeTunHistOutP2SaDelRequests Counter32 } cikeTunHistIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the IPsec Phase-1 IKE Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 2,147,483,647." ::= { cikeTunnelHistEntry 1 } cikeTunHistTermReason OBJECT-TYPE SYNTAX INTEGER { other(1), normal(2), operRequest(3), peerDelRequest(4), peerLost(5), localFailure(6), checkPointReg(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The reason the IPsec Phase-1 IKE Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = local failure occurred. 7 = operator initiated check point request" ::= { cikeTunnelHistEntry 2 } cikeTunHistActiveIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the previously active IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 3 } cikeTunHistPeerLocalType OBJECT-TYPE SYNTAX IkePeerType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of local peer identity. The local peer may be indentified by: 1. an IP address, or 2. a host name." ::= { cikeTunnelHistEntry 4 } cikeTunHistPeerLocalValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a host name, then this is the host name used to identify the local peer." ::= { cikeTunnelHistEntry 5 } cikeTunHistPeerIntIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer." ::= { cikeTunnelHistEntry 6 } cikeTunHistPeerRemoteType OBJECT-TYPE SYNTAX IkePeerType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of remote peer identity. The remote peer may be indentified by: 1. an IP address, or 2. a host name." ::= { cikeTunnelHistEntry 7 } cikeTunHistPeerRemoteValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a host name, then this is the host name used to identify the remote peer." ::= { cikeTunnelHistEntry 8 } cikeTunHistLocalAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 9 } cikeTunHistLocalName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS name of the local IP address for the IPsec Phase-1 IKE Tunnel. If the DNS name associated with the local tunnel endpoint is not known, then the value of this object will be a NULL string." ::= { cikeTunnelHistEntry 10 } cikeTunHistRemoteAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 11 } cikeTunHistRemoteName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS name of the remote IP address of IPsec Phase-1 IKE Tunnel. If the DNS name associated with the remote tunnel endpoint is not known, then the value of this object will be a NULL string." ::= { cikeTunnelHistEntry 12 } cikeTunHistNegoMode OBJECT-TYPE SYNTAX IkeNegoMode MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiation mode of the IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 13 } cikeTunHistDiffHellmanGrp OBJECT-TYPE SYNTAX DiffHellmanGrp MAX-ACCESS read-only STATUS current DESCRIPTION "The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations." ::= { cikeTunnelHistEntry 14 } cikeTunHistEncryptAlgo OBJECT-TYPE SYNTAX EncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used in IPsec Phase-1 IKE negotiations." ::= { cikeTunnelHistEntry 15 } cikeTunHistHashAlgo OBJECT-TYPE SYNTAX IkeHashAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The hash algorithm used in IPsec Phase-1 IKE negotiations." ::= { cikeTunnelHistEntry 16 } cikeTunHistAuthMethod OBJECT-TYPE SYNTAX IkeAuthMethod MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication method used in IPsec Phase-1 IKE negotiations." ::= { cikeTunnelHistEntry 17 } cikeTunHistLifeTime OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds." ::= { cikeTunnelHistEntry 18 } cikeTunHistStartTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime in hundredths of seconds when the IPsec Phase-1 IKE tunnel was started." ::= { cikeTunnelHistEntry 19 } cikeTunHistActiveTime OBJECT-TYPE SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION "The length of time the IPsec Phase-1 IKE tunnel was been active in hundredths of seconds." ::= { cikeTunnelHistEntry 20 } cikeTunHistTotalRefreshes OBJECT-TYPE SYNTAX Counter32 UNITS "QM Exchanges" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of security associations refreshes performed." ::= { cikeTunnelHistEntry 21 } cikeTunHistTotalSas OBJECT-TYPE SYNTAX Counter32 UNITS "SAs" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of security associations used during the life of the IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 22 } cikeTunHistInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets received by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 23 } cikeTunHistInPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 24 } cikeTunHistInDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during receive processing." ::= { cikeTunnelHistEntry 25 } cikeTunHistInNotifys OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of notifys received by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 26 } cikeTunHistInP2Exchgs OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 27 } cikeTunHistInP2ExchgInvalids OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges received and found to be invalid by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 28 } cikeTunHistInP2ExchgRejects OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges received and rejected by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 29 } cikeTunHistInP2SaDelRequests OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 30 } cikeTunHistOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets sent by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 31 } cikeTunHistOutPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 32 } cikeTunHistOutDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during send processing." ::= { cikeTunnelHistEntry 33 } cikeTunHistOutNotifys OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of notifys sent by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 34 } cikeTunHistOutP2Exchgs OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 35 } cikeTunHistOutP2ExchgInvalids OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges sent and found to be invalid by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 36 } cikeTunHistOutP2ExchgRejects OBJECT-TYPE SYNTAX Counter32 UNITS "SA Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 exchanges sent and rejected by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 37 } cikeTunHistOutP2SaDelRequests OBJECT-TYPE SYNTAX Counter32 UNITS "Notification Payloads" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel." ::= { cikeTunnelHistEntry 38 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-2 Tunnel History Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecTunnelHistTable OBJECT-TYPE SYNTAX SEQUENCE OF CipSecTunnelHistEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-2 Tunnel History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the cipSecHistTableSize object." ::= { cipSecHistPhaseTwo 1 } cipSecTunnelHistEntry OBJECT-TYPE SYNTAX CipSecTunnelHistEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel." INDEX { cipSecTunHistIndex } ::= { cipSecTunnelHistTable 1 } CipSecTunnelHistEntry ::= SEQUENCE { cipSecTunHistIndex Integer32, cipSecTunHistTermReason INTEGER, cipSecTunHistActiveIndex Integer32, cipSecTunHistIkeTunnelIndex Integer32, cipSecTunHistLocalAddr IPSIpAddress, cipSecTunHistRemoteAddr IPSIpAddress, cipSecTunHistKeyType KeyType, cipSecTunHistEncapMode EncapMode, cipSecTunHistLifeSize Integer32, cipSecTunHistLifeTime Integer32, cipSecTunHistStartTime TimeStamp, cipSecTunHistActiveTime TimeInterval, cipSecTunHistTotalRefreshes Counter32, cipSecTunHistTotalSas Counter32, cipSecTunHistInSaDiffHellmanGrp DiffHellmanGrp, cipSecTunHistInSaEncryptAlgo EncryptAlgo, cipSecTunHistInSaAhAuthAlgo AuthAlgo, cipSecTunHistInSaEspAuthAlgo AuthAlgo, cipSecTunHistInSaDecompAlgo CompAlgo, cipSecTunHistOutSaDiffHellmanGrp DiffHellmanGrp, cipSecTunHistOutSaEncryptAlgo EncryptAlgo, cipSecTunHistOutSaAhAuthAlgo AuthAlgo, cipSecTunHistOutSaEspAuthAlgo AuthAlgo, cipSecTunHistOutSaCompAlgo CompAlgo, cipSecTunHistInOctets Counter32, cipSecTunHistHcInOctets Counter64, cipSecTunHistInOctWraps Counter32, cipSecTunHistInDecompOctets Counter32, cipSecTunHistHcInDecompOctets Counter64, cipSecTunHistInDecompOctWraps Counter32, cipSecTunHistInPkts Counter32, cipSecTunHistInReplayDropPkts Counter32, cipSecTunHistInDropPkts Counter32, cipSecTunHistInAuths Counter32, cipSecTunHistInAuthFails Counter32, cipSecTunHistInDecrypts Counter32, cipSecTunHistInDecryptFails Counter32, cipSecTunHistOutOctets Counter32, cipSecTunHistHcOutOctets Counter64, cipSecTunHistOutOctWraps Counter32, cipSecTunHistOutUncompOctets Counter32, cipSecTunHistHcOutUncompOctets Counter64, cipSecTunHistOutUncompOctWraps Counter32, cipSecTunHistOutPkts Counter32, cipSecTunHistOutDropPkts Counter32, cipSecTunHistOutAuths Counter32, cipSecTunHistOutAuthFails Counter32, cipSecTunHistOutEncrypts Counter32, cipSecTunHistOutEncryptFails Counter32 } cipSecTunHistIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the IPsec Phase-2 Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 2,147,483,647." ::= { cipSecTunnelHistEntry 1 } cipSecTunHistTermReason OBJECT-TYPE SYNTAX INTEGER { other(1), normal(2), operRequest(3), peerDelRequest(4), peerLost(5), seqNumRollOver(6), checkPointReq(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The reason the IPsec Phase-2 Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = local failure occurred 7 = operator initiated check point request" ::= { cipSecTunnelHistEntry 2 } cipSecTunHistActiveIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the previously active IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 3 } cipSecTunHistIkeTunnelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the associated IPsec Phase-1 Tunnel (cikeTunIndex in the cikeTunnelTable)." ::= { cipSecTunnelHistEntry 4 } cipSecTunHistLocalAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the local endpoint for the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 5 } cipSecTunHistRemoteAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the remote endpoint for the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 6 } cipSecTunHistKeyType OBJECT-TYPE SYNTAX KeyType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of key used by the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 7 } cipSecTunHistEncapMode OBJECT-TYPE SYNTAX EncapMode MAX-ACCESS read-only STATUS current DESCRIPTION "The encapsulation mode used by the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 8 } cipSecTunHistLifeSize OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes." ::= { cipSecTunnelHistEntry 9 } cipSecTunHistLifeTime OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "Seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds." ::= { cipSecTunnelHistEntry 10 } cipSecTunHistStartTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started." ::= { cipSecTunnelHistEntry 11 } cipSecTunHistActiveTime OBJECT-TYPE SYNTAX TimeInterval MAX-ACCESS read-only STATUS current DESCRIPTION "The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds." ::= { cipSecTunnelHistEntry 12 } cipSecTunHistTotalRefreshes OBJECT-TYPE SYNTAX Counter32 UNITS "QM Exchanges" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of security association refreshes performed." ::= { cipSecTunnelHistEntry 13 } cipSecTunHistTotalSas OBJECT-TYPE SYNTAX Counter32 UNITS "SAs" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of security associations used during the life of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 14 } cipSecTunHistInSaDiffHellmanGrp OBJECT-TYPE SYNTAX DiffHellmanGrp MAX-ACCESS read-only STATUS current DESCRIPTION "The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 15 } cipSecTunHistInSaEncryptAlgo OBJECT-TYPE SYNTAX EncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 16 } cipSecTunHistInSaAhAuthAlgo OBJECT-TYPE SYNTAX AuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 17 } cipSecTunHistInSaEspAuthAlgo OBJECT-TYPE SYNTAX AuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 18 } cipSecTunHistInSaDecompAlgo OBJECT-TYPE SYNTAX CompAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 19 } cipSecTunHistOutSaDiffHellmanGrp OBJECT-TYPE SYNTAX DiffHellmanGrp MAX-ACCESS read-only STATUS current DESCRIPTION "The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 20 } cipSecTunHistOutSaEncryptAlgo OBJECT-TYPE SYNTAX EncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 21 } cipSecTunHistOutSaAhAuthAlgo OBJECT-TYPE SYNTAX AuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 22 } cipSecTunHistOutSaEspAuthAlgo OBJECT-TYPE SYNTAX AuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 23 } cipSecTunHistOutSaCompAlgo OBJECT-TYPE SYNTAX CompAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 24 } cipSecTunHistInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also cipSecTunInOctWraps for the number of times this counter has wrapped." ::= { cipSecTunnelHistEntry 25 } cipSecTunHistHcInOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed." ::= { cipSecTunnelHistEntry 26 } cipSecTunHistInOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the octets received counter (cipSecTunInOctets) has wrapped." ::= { cipSecTunnelHistEntry 27 } cipSecTunHistInDecompOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecTunInOctets. See also cipSecTunInDecompOctWraps for the number of times this counter has wrapped." ::= { cipSecTunnelHistEntry 28 } cipSecTunHistHcInDecompOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecTunHcInOctets." ::= { cipSecTunnelHistEntry 29 } cipSecTunHistInDecompOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the decompressed octets received counter (cipSecTunInDecompOctets) has wrapped." ::= { cipSecTunnelHistEntry 30 } cipSecTunHistInPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 31 } cipSecTunHistInDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing." ::= { cipSecTunnelHistEntry 32 } cipSecTunHistInReplayDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 33 } cipSecTunHistInAuths OBJECT-TYPE SYNTAX Counter32 UNITS "Events" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 34 } cipSecTunHistInAuthFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel ." ::= { cipSecTunnelHistEntry 35 } cipSecTunHistInDecrypts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 36 } cipSecTunHistInDecryptFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 37 } cipSecTunHistOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. See also cipSecTunOutOctWraps for the number of times this counter has wrapped." ::= { cipSecTunnelHistEntry 38 } cipSecTunHistHcOutOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed." ::= { cipSecTunnelHistEntry 39 } cipSecTunHistOutOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the octets sent counter (cipSecTunOutOctets) has wrapped." ::= { cipSecTunnelHistEntry 40 } cipSecTunHistOutUncompOctets OBJECT-TYPE SYNTAX Counter32 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecTunOutOctets. See also cipSecTunOutDecompOctWraps for the number of times this counter has wrapped." ::= { cipSecTunnelHistEntry 41 } cipSecTunHistHcOutUncompOctets OBJECT-TYPE SYNTAX Counter64 UNITS "Octets" MAX-ACCESS read-only STATUS current DESCRIPTION "A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecTunHcOutOctets." ::= { cipSecTunnelHistEntry 42 } cipSecTunHistOutUncompOctWraps OBJECT-TYPE SYNTAX Counter32 UNITS "Integral units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the uncompressed octets sent counter (cipSecTunOutUncompOctets) has wrapped." ::= { cipSecTunnelHistEntry 43 } cipSecTunHistOutPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 44 } cipSecTunHistOutDropPkts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 45 } cipSecTunHistOutAuths OBJECT-TYPE SYNTAX Counter32 UNITS "Events" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 46 } cipSecTunHistOutAuthFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 47 } cipSecTunHistOutEncrypts OBJECT-TYPE SYNTAX Counter32 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 48 } cipSecTunHistOutEncryptFails OBJECT-TYPE SYNTAX Counter32 UNITS "Failures" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel." ::= { cipSecTunnelHistEntry 49 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-2 Tunnel Endpoint History Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecEndPtHistTable OBJECT-TYPE SYNTAX SEQUENCE OF CipSecEndPtHistEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-2 Tunnel Endpoint History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the cipSecHistTableSize object." ::= { cipSecHistPhaseTwo 2 } cipSecEndPtHistEntry OBJECT-TYPE SYNTAX CipSecEndPtHistEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel Endpoint." INDEX { cipSecEndPtHistIndex } ::= { cipSecEndPtHistTable 1 } CipSecEndPtHistEntry ::= SEQUENCE { cipSecEndPtHistIndex Integer32, cipSecEndPtHistTunIndex Integer32, cipSecEndPtHistActiveIndex Integer32, cipSecEndPtHistLocalName DisplayString, cipSecEndPtHistLocalType EndPtType, cipSecEndPtHistLocalAddr1 IPSIpAddress, cipSecEndPtHistLocalAddr2 IPSIpAddress, cipSecEndPtHistLocalProtocol Integer32, cipSecEndPtHistLocalPort Integer32, cipSecEndPtHistRemoteName DisplayString, cipSecEndPtHistRemoteType EndPtType, cipSecEndPtHistRemoteAddr1 IPSIpAddress, cipSecEndPtHistRemoteAddr2 IPSIpAddress, cipSecEndPtHistRemoteProtocol Integer32, cipSecEndPtHistRemotePort Integer32 } cipSecEndPtHistIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The number of the previously active Endpoint associated with a IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647." ::= { cipSecEndPtHistEntry 1 } cipSecEndPtHistTunIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the previously active IPsec Phase-2 Tunnel Table." ::= { cipSecEndPtHistEntry 2 } cipSecEndPtHistActiveIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the previously active Endpoint." ::= { cipSecEndPtHistEntry 3 } cipSecEndPtHistLocalName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS name of the local Endpoint." ::= { cipSecEndPtHistEntry 4 } cipSecEndPtHistLocalType OBJECT-TYPE SYNTAX EndPtType --INTEGER { --singleIpAddr(1), --ipAddrRange(2), --ipSubnet(3) --} MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identity for the local Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet." ::= { cipSecEndPtHistEntry 5 } cipSecEndPtHistLocalAddr1 OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range." ::= { cipSecEndPtHistEntry 6 } cipSecEndPtHistLocalAddr2 OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range." ::= { cipSecEndPtHistEntry 7 } cipSecEndPtHistLocalProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol number of the local Endpoint's traffic." ::= { cipSecEndPtHistEntry 8 } cipSecEndPtHistLocalPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The port number of the local Endpoint's traffic." ::= { cipSecEndPtHistEntry 9 } cipSecEndPtHistRemoteName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The DNS name of the remote Endpoint." ::= { cipSecEndPtHistEntry 10 } cipSecEndPtHistRemoteType OBJECT-TYPE SYNTAX EndPtType --INTEGER { --singleIpAddr(1), --ipAddrRange(2), --ipSubnet(3) --} MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identity for the remote Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet." ::= { cipSecEndPtHistEntry 11 } cipSecEndPtHistRemoteAddr1 OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range." ::= { cipSecEndPtHistEntry 12 } cipSecEndPtHistRemoteAddr2 OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range." ::= { cipSecEndPtHistEntry 13 } cipSecEndPtHistRemoteProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol number of the remote Endpoint's traffic." ::= { cipSecEndPtHistEntry 14 } cipSecEndPtHistRemotePort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The port number of the remote Endpoint's traffic." ::= { cipSecEndPtHistEntry 15 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Failure Group -- -- This group consists of a: -- 1) IPsec Failure Global Objects -- 2) IPsec Phase-1 Tunnel Failure Table -- 3) IPsec Phase-2 Tunnel Failure Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecFailGlobal OBJECT IDENTIFIER ::= { cipSecFailures 1 } cipSecFailPhaseOne OBJECT IDENTIFIER ::= { cipSecFailures 2 } cipSecFailPhaseTwo OBJECT IDENTIFIER ::= { cipSecFailures 3 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Failure Global Control Objects -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecFailGlobalCntl OBJECT IDENTIFIER ::= { cipSecFailGlobal 1 } cipSecFailTableSize OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "The window size of the IPsec Phase-1 and Phase-2 Failure Tables. The IPsec Phase-1 and Phase-2 Failure Tables are implemented as a sliding window in which only the last n entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-1 and Phase-2 Failure Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, a BAD VALUE may be returned." ::= { cipSecFailGlobalCntl 1 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-1 Failure Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cikeFailTable OBJECT-TYPE SYNTAX SEQUENCE OF CikeFailEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-1 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the cipSecFailTableSize object." ::= { cipSecFailPhaseOne 1 } cikeFailEntry OBJECT-TYPE SYNTAX CikeFailEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes associated with an IPsec Phase-1 failure." INDEX { cikeFailIndex } ::= { cikeFailTable 1 } CikeFailEntry ::= SEQUENCE { cikeFailIndex Integer32, cikeFailReason INTEGER, cikeFailTime TimeStamp, cikeFailLocalType IkePeerType, cikeFailLocalValue DisplayString, cikeFailRemoteType IkePeerType, cikeFailRemoteValue DisplayString, cikeFailLocalAddr IPSIpAddress, cikeFailRemoteAddr IPSIpAddress } cikeFailIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-1 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 2,147,483,647." ::= { cikeFailEntry 1 } cikeFailReason OBJECT-TYPE SYNTAX INTEGER{ other(1), peerDelRequest(2), peerLost(3), localFailure(4), authFailure(5), hashValidation(6), encryptFailure(7), internalError(8), sysCapExceeded(9), proposalFailure(10), peerCertUnavailable(11), peerCertNotValid(12), localCertExpired(13), crlFailure(14), peerEncodingError(15), nonExistentSa(16), operRequest(17) } MAX-ACCESS read-only STATUS current DESCRIPTION "The reason for the failure. Possible reasons include: 1 = other 2 = peer delete request was received 3 = contact with peer was lost 4 = local failure occurred 5 = authentication failure 6 = hash validation failure 7 = encryption failure 8 = internal error occurred 9 = system capacity failure 10 = proposal failure 11 = peer's certificate is unavailable 12 = peer's certificate was found invalid 13 = local certificate expired 14 = certificate revoke list (crl) failure 15 = peer encoding error 16 = non-existent security association 17 = operator requested termination." ::= { cikeFailEntry 2 } cikeFailTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime in hundredths of seconds at the time of the failure." ::= { cikeFailEntry 3 } cikeFailLocalType OBJECT-TYPE SYNTAX IkePeerType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of local peer identity. The local peer may be indentified by: 1. an IP address, or 2. a host name." ::= { cikeFailEntry 4 } cikeFailLocalValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a host name, then this is the host name used to identify the local peer." ::= { cikeFailEntry 5 } cikeFailRemoteType OBJECT-TYPE SYNTAX IkePeerType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. a host name." ::= { cikeFailEntry 6 } cikeFailRemoteValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a host name, then this is the host name used to identify the remote peer." ::= { cikeFailEntry 7 } cikeFailLocalAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the local peer." ::= { cikeFailEntry 8 } cikeFailRemoteAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the remote peer." ::= { cikeFailEntry 9 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec Phase-2 Failure Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecFailTable OBJECT-TYPE SYNTAX SEQUENCE OF CipSecFailEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-2 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the cipSecFailTableSize object." ::= { cipSecFailPhaseTwo 1 } cipSecFailEntry OBJECT-TYPE SYNTAX CipSecFailEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes associated with an IPsec Phase-1 failure." INDEX { cipSecFailIndex } ::= { cipSecFailTable 1 } CipSecFailEntry ::= SEQUENCE { cipSecFailIndex Integer32, cipSecFailReason INTEGER, cipSecFailTime TimeStamp, cipSecFailTunnelIndex Integer32, cipSecFailSaSpi Integer32, cipSecFailPktSrcAddr IPSIpAddress, cipSecFailPktDstAddr IPSIpAddress } cipSecFailIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPsec Phase-2 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 2,147,483,647." ::= { cipSecFailEntry 1 } cipSecFailReason OBJECT-TYPE SYNTAX INTEGER{ other(1), internalError(2), peerEncodingError(3), proposalFailure(4), protocolUseFail(5), nonExistentSa(6), decryptFailure(7), encryptFailure(8), inAuthFailure(9), outAuthFailure(10), compression(11), sysCapExceeded(12), peerDelRequest(13), peerLost(14), seqNumRollOver(15), operRequest(16) } MAX-ACCESS read-only STATUS current DESCRIPTION "The reason for the failure. Possible reasons include: 1 = other 2 = internal error occurred 3 = peer encoding error 4 = proposal failure 5 = protocol use failure 6 = non-existent security association 7 = decryption failure 8 = encryption failure 9 = inbound authentication failure 10 = outbound authentication failure 11 = compression failure 12 = system capacity failure 13 = peer delete request was received 14 = contact with peer was lost 15 = sequence number rolled over 16 = operator requested termination." ::= { cipSecFailEntry 2 } cipSecFailTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime in hundredths of seconds at the time of the failure." ::= { cipSecFailEntry 3 } cipSecFailTunnelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The Phase-2 Tunnel index (cipSecTunIndex)." ::= { cipSecFailEntry 4 } cipSecFailSaSpi OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The security association SPI value." ::= { cipSecFailEntry 5 } cipSecFailPktSrcAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The packet's source IP address." ::= { cipSecFailEntry 6 } cipSecFailPktDstAddr OBJECT-TYPE SYNTAX IPSIpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The packet's destination IP address." ::= { cipSecFailEntry 7 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- The IPsec TRAP Control Group -- -- This group of objects controls the sending of IPsec TRAPs. -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecTrapCntlIkeTunnelStart OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec IKE Phase-1 Tunnel Start TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 1 } cipSecTrapCntlIkeTunnelStop OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec IKE Phase-1 Tunnel Stop TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 2 } cipSecTrapCntlIkeSysFailure OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec IKE Phase-1 System Failure TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 3 } cipSecTrapCntlIkeCertCrlFailure OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec IKE Phase-1 Certificate/CRL Failure TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 4 } cipSecTrapCntlIkeProtocolFail OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec IKE Phase-1 Protocol Failure TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 5 } cipSecTrapCntlIkeNoSa OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec IKE Phase-1 No Security Association TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 6 } cipSecTrapCntlIpSecTunnelStart OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec Phase-2 Tunnel Start TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 7 } cipSecTrapCntlIpSecTunnelStop OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec Phase-2 Tunnel Stop TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 8 } cipSecTrapCntlIpSecSysFailure OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec Phase-2 System Failure TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 9 } cipSecTrapCntlIpSecSetUpFailure OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec Phase-2 Set Up Failure TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 10 } cipSecTrapCntlIpSecEarlyTunTerm OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec Phase-2 Early Tunnel Termination TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 11 } cipSecTrapCntlIpSecProtocolFail OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec Phase-2 Protocol Failure TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 12 } cipSecTrapCntlIpSecNoSa OBJECT-TYPE SYNTAX TrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the IPsec Phase-2 No Security Association TRAP " DEFVAL { disabled } ::= { cipSecTrapCntl 13 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- IPsec Notifications - TRAPs -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecMIBNotificationPrefix OBJECT IDENTIFIER ::= {ciscoIpSecFlowMonitorMIB 2} cipSecMIBNotifications OBJECT IDENTIFIER ::= { cipSecMIBNotificationPrefix 0} cikeTunnelStart NOTIFICATION-TYPE OBJECTS { cikePeerLocalAddr, cikePeerRemoteAddr, cikeTunLifeTime } STATUS current DESCRIPTION "This notification is generated when an IPsec Phase-1 IKE Tunnel becomes active." ::= { cipSecMIBNotifications 1 } cikeTunnelStop NOTIFICATION-TYPE OBJECTS { cikePeerLocalAddr, cikePeerRemoteAddr, cikeTunActiveTime } STATUS current DESCRIPTION "This notification is generated when an IPsec Phase-1 IKE Tunnel becomes inactive." ::= { cipSecMIBNotifications 2 } cikeSysFailure NOTIFICATION-TYPE OBJECTS { cikePeerLocalAddr, cikePeerRemoteAddr } STATUS current DESCRIPTION "This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences an internal or system capacity error." ::= { cipSecMIBNotifications 3 } cikeCertCrlFailure NOTIFICATION-TYPE OBJECTS { cikePeerLocalAddr, cikePeerRemoteAddr } STATUS current DESCRIPTION "This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences a Certificate or a Certificate Revoke List (CRL) related error." ::= { cipSecMIBNotifications 4 } cikeProtocolFailure NOTIFICATION-TYPE OBJECTS { cikePeerLocalAddr, cikePeerRemoteAddr } STATUS current DESCRIPTION "This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences a protocol related error." ::= { cipSecMIBNotifications 5 } cikeNoSa NOTIFICATION-TYPE OBJECTS { cikePeerLocalAddr, cikePeerRemoteAddr } STATUS current DESCRIPTION "This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences a non-existent security association error." ::= { cipSecMIBNotifications 6 } cipSecTunnelStart NOTIFICATION-TYPE OBJECTS { cipSecTunLifeTime, cipSecTunLifeSize } STATUS current DESCRIPTION "This notification is generated when an IPsec Phase-2 Tunnel becomes active." ::= { cipSecMIBNotifications 7 } cipSecTunnelStop NOTIFICATION-TYPE OBJECTS { cipSecTunActiveTime } STATUS current DESCRIPTION "This notification is generated when an IPsec Phase-2 Tunnel becomes inactive." ::= { cipSecMIBNotifications 8 } cipSecSysFailure NOTIFICATION-TYPE OBJECTS { cikePeerLocalAddr, cikePeerRemoteAddr, cipSecTunActiveTime, cipSecSpiProtocol } STATUS current DESCRIPTION "This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences an internal or system capacity error." ::= { cipSecMIBNotifications 9 } cipSecSetUpFailure NOTIFICATION-TYPE OBJECTS { cikePeerLocalAddr, cikePeerRemoteAddr } STATUS current DESCRIPTION "This notification is generated when the setup for an IPsec Phase-2 Tunnel fails." ::= { cipSecMIBNotifications 10 } cipSecEarlyTunTerm NOTIFICATION-TYPE OBJECTS { cipSecTunActiveTime, cipSecSpiProtocol } STATUS current DESCRIPTION "This notification is generated when an an IPsec Phase-2 Tunnel is terminated earily or before expected." ::= { cipSecMIBNotifications 11 } cipSecProtocolFailure NOTIFICATION-TYPE OBJECTS { cipSecTunActiveTime, cipSecSpiProtocol } STATUS current DESCRIPTION "This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences a protocol related error." ::= { cipSecMIBNotifications 12 } cipSecNoSa NOTIFICATION-TYPE STATUS current DESCRIPTION "This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences a non-existent security association error." ::= { cipSecMIBNotifications 13 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Conformance Information -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecMIBConformance OBJECT IDENTIFIER ::= { ciscoIpSecFlowMonitorMIB 3 } cipSecMIBGroups OBJECT IDENTIFIER ::= { cipSecMIBConformance 1 } cipSecMIBCompliances OBJECT IDENTIFIER ::= { cipSecMIBConformance 2 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Compliance Statements -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities the IP Security Protocol." MODULE -- this module MANDATORY-GROUPS { cipSecLevelsGroup, cipSecPhaseOneGroup, cipSecPhaseTwoGroup } OBJECT cikeTunStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cipSecTunStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { cipSecMIBCompliances 1 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Units of Conformance -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cipSecLevelsGroup OBJECT-GROUP OBJECTS { cipSecMibLevel } STATUS current DESCRIPTION "This group consists of a: 1) IPsec MIB Level" ::= { cipSecMIBGroups 1 } cipSecPhaseOneGroup OBJECT-GROUP OBJECTS { -- The IPsec Phase-1 Global Statistics cikeGlobalActiveTunnels, cikeGlobalPreviousTunnels, cikeGlobalInOctets, cikeGlobalInPkts, cikeGlobalInDropPkts, cikeGlobalInNotifys, cikeGlobalInP2Exchgs, cikeGlobalInP2ExchgInvalids, cikeGlobalInP2ExchgRejects, cikeGlobalInP2SaDelRequests, cikeGlobalOutOctets, cikeGlobalOutPkts, cikeGlobalOutDropPkts, cikeGlobalOutNotifys, cikeGlobalOutP2Exchgs, cikeGlobalOutP2ExchgInvalids, cikeGlobalOutP2ExchgRejects, cikeGlobalOutP2SaDelRequests, cikeGlobalInitTunnels, cikeGlobalInitTunnelFails, cikeGlobalRespTunnelFails, cikeGlobalSysCapFails, cikeGlobalAuthFails, cikeGlobalDecryptFails, cikeGlobalHashValidFails, cikeGlobalNoSaFails, -- The IPsec Phase-1 Internet Key Exchange -- Peer Table cikePeerLocalAddr, cikePeerRemoteAddr, cikePeerActiveTime, cikePeerActiveTunnelIndex, -- The IPsec Phase-1 Internet Key Exchange -- Tunnel Table cikeTunLocalType, cikeTunLocalValue, cikeTunLocalAddr, cikeTunLocalName, cikeTunRemoteType, cikeTunRemoteValue, cikeTunRemoteAddr, cikeTunRemoteName, cikeTunNegoMode, cikeTunDiffHellmanGrp, cikeTunEncryptAlgo, cikeTunHashAlgo, cikeTunAuthMethod, cikeTunLifeTime, cikeTunActiveTime, cikeTunSaRefreshThreshold, cikeTunTotalRefreshes, cikeTunInOctets, cikeTunInPkts, cikeTunInDropPkts, cikeTunInNotifys, cikeTunInP2Exchgs, cikeTunInP2ExchgInvalids, cikeTunInP2ExchgRejects, cikeTunInP2SaDelRequests, cikeTunOutOctets, cikeTunOutPkts, cikeTunOutDropPkts, cikeTunOutNotifys, cikeTunOutP2Exchgs, cikeTunOutP2ExchgInvalids, cikeTunOutP2ExchgRejects, cikeTunOutP2SaDelRequests, cikeTunStatus, -- The Internet Key Exchange Peer Association -- to Phase-2 Tunnel Correlation Table -- -- cikePeerCorrLocalType, -- cikePeerCorrLocalValue, -- cikePeerCorrRemoteType, -- cikePeerCorrRemoteValue, -- cikePeerCorrIntIndex, -- cikePeerCorrSeqNum, cikePeerCorrIpSecTunIndex } STATUS current DESCRIPTION "This group consists of: 1) IPsec Phase-1 Global Objects 2) IPsec Phase-1 Peer Table 3) IPsec Phase-1 Tunnel Table 4) IPsec Phase-1 Correlation Table" ::= { cipSecMIBGroups 2 } cipSecPhaseTwoGroup OBJECT-GROUP OBJECTS { -- The IPsec Phase-2 Global Tunnel Statistics cipSecGlobalActiveTunnels, cipSecGlobalPreviousTunnels, cipSecGlobalInOctets, cipSecGlobalHcInOctets, cipSecGlobalInOctWraps, cipSecGlobalInDecompOctets, cipSecGlobalHcInDecompOctets, cipSecGlobalInDecompOctWraps, cipSecGlobalInPkts, cipSecGlobalInDrops, cipSecGlobalInReplayDrops, cipSecGlobalInAuths, cipSecGlobalInAuthFails, cipSecGlobalInDecrypts, cipSecGlobalInDecryptFails, cipSecGlobalOutOctets, cipSecGlobalHcOutOctets, cipSecGlobalOutOctWraps, cipSecGlobalOutUncompOctets, cipSecGlobalHcOutUncompOctets, cipSecGlobalOutUncompOctWraps, cipSecGlobalOutPkts, cipSecGlobalOutDrops, cipSecGlobalOutAuths, cipSecGlobalOutAuthFails, cipSecGlobalOutEncrypts, cipSecGlobalOutEncryptFails, cipSecGlobalProtocolUseFails, cipSecGlobalNoSaFails, cipSecGlobalSysCapFails, -- The IPsec Phase-2 Tunnel Table -- cipSecTunIndex, cipSecTunIkeTunnelIndex, cipSecTunIkeTunnelAlive, cipSecTunLocalAddr, cipSecTunRemoteAddr, cipSecTunKeyType, cipSecTunEncapMode, cipSecTunLifeSize, cipSecTunLifeTime, cipSecTunActiveTime, cipSecTunSaLifeSizeThreshold, cipSecTunSaLifeTimeThreshold, cipSecTunTotalRefreshes, cipSecTunExpiredSaInstances, cipSecTunCurrentSaInstances, cipSecTunInSaDiffHellmanGrp, cipSecTunInSaEncryptAlgo, cipSecTunInSaAhAuthAlgo, cipSecTunInSaEspAuthAlgo, cipSecTunInSaDecompAlgo, cipSecTunOutSaDiffHellmanGrp, cipSecTunOutSaEncryptAlgo, cipSecTunOutSaAhAuthAlgo, cipSecTunOutSaEspAuthAlgo, cipSecTunOutSaCompAlgo, cipSecTunInOctets, cipSecTunHcInOctets, cipSecTunInOctWraps, cipSecTunInDecompOctets, cipSecTunHcInDecompOctets, cipSecTunInDecompOctWraps, cipSecTunInPkts, cipSecTunInDropPkts, cipSecTunInReplayDropPkts, cipSecTunInAuths, cipSecTunInAuthFails, cipSecTunInDecrypts, cipSecTunInDecryptFails, cipSecTunOutOctets, cipSecTunHcOutOctets, cipSecTunOutOctWraps, cipSecTunOutUncompOctets, cipSecTunHcOutUncompOctets, cipSecTunOutUncompOctWraps, cipSecTunOutPkts, cipSecTunOutDropPkts, cipSecTunOutAuths, cipSecTunOutAuthFails, cipSecTunOutEncrypts, cipSecTunOutEncryptFails, cipSecTunStatus, -- The IPsec Phase-2 Tunnel Endpoint Table -- cipSecEndPtIndex, cipSecEndPtLocalName, cipSecEndPtLocalType, cipSecEndPtLocalAddr1, cipSecEndPtLocalAddr2, cipSecEndPtLocalProtocol, cipSecEndPtLocalPort, cipSecEndPtRemoteName, cipSecEndPtRemoteType, cipSecEndPtRemoteAddr1, cipSecEndPtRemoteAddr2, cipSecEndPtRemoteProtocol, cipSecEndPtRemotePort, -- The IPsec Phase-2 Security Protection Index Table -- cipSecSpiIndex, cipSecSpiDirection, cipSecSpiValue, cipSecSpiProtocol, cipSecSpiStatus } STATUS current DESCRIPTION "This group consists of: 1) IPsec Phase-2 Global Statistics 2) IPsec Phase-2 Tunnel Table 3) IPsec Phase-2 Endpoint Table 4) IPsec Phase-2 Security Protection Index Table" ::= { cipSecMIBGroups 3 } cipSecHistoryGroup OBJECT-GROUP OBJECTS { -- IPsec History Global Control Objects cipSecHistTableSize, cipSecHistCheckPoint, -- The IPsec Phase-1 Tunnel History Table -- cikeTunHistIndex, cikeTunHistTermReason, cikeTunHistActiveIndex, cikeTunHistPeerLocalType, cikeTunHistPeerLocalValue, cikeTunHistPeerIntIndex, cikeTunHistPeerRemoteType, cikeTunHistPeerRemoteValue, cikeTunHistLocalAddr, cikeTunHistLocalName, cikeTunHistRemoteAddr, cikeTunHistRemoteName, cikeTunHistNegoMode, cikeTunHistDiffHellmanGrp, cikeTunHistEncryptAlgo, cikeTunHistHashAlgo, cikeTunHistAuthMethod, cikeTunHistLifeTime, cikeTunHistStartTime, cikeTunHistActiveTime, cikeTunHistTotalRefreshes, cikeTunHistTotalSas, cikeTunHistInOctets, cikeTunHistInPkts, cikeTunHistInDropPkts, cikeTunHistInNotifys, cikeTunHistInP2Exchgs, cikeTunHistInP2ExchgInvalids, cikeTunHistInP2ExchgRejects, cikeTunHistInP2SaDelRequests, cikeTunHistOutOctets, cikeTunHistOutPkts, cikeTunHistOutDropPkts, cikeTunHistOutNotifys, cikeTunHistOutP2Exchgs, cikeTunHistOutP2ExchgInvalids, cikeTunHistOutP2ExchgRejects, cikeTunHistOutP2SaDelRequests, -- The IPsec Phase-2 Tunnel History Table -- cipSecTunHistIndex, cipSecTunHistTermReason, cipSecTunHistActiveIndex, cipSecTunHistIkeTunnelIndex, cipSecTunHistLocalAddr, cipSecTunHistRemoteAddr, cipSecTunHistKeyType, cipSecTunHistEncapMode, cipSecTunHistLifeSize, cipSecTunHistLifeTime, cipSecTunHistStartTime, cipSecTunHistActiveTime, cipSecTunHistTotalRefreshes, cipSecTunHistTotalSas, cipSecTunHistInSaDiffHellmanGrp, cipSecTunHistInSaEncryptAlgo, cipSecTunHistInSaAhAuthAlgo, cipSecTunHistInSaEspAuthAlgo, cipSecTunHistInSaDecompAlgo, cipSecTunHistOutSaDiffHellmanGrp, cipSecTunHistOutSaEncryptAlgo, cipSecTunHistOutSaAhAuthAlgo, cipSecTunHistOutSaEspAuthAlgo, cipSecTunHistOutSaCompAlgo, cipSecTunHistInOctets, cipSecTunHistHcInOctets, cipSecTunHistInOctWraps, cipSecTunHistInDecompOctets, cipSecTunHistHcInDecompOctets, cipSecTunHistInDecompOctWraps, cipSecTunHistInPkts, cipSecTunHistInDropPkts, cipSecTunHistInReplayDropPkts, cipSecTunHistInAuths, cipSecTunHistInAuthFails, cipSecTunHistInDecrypts, cipSecTunHistInDecryptFails, cipSecTunHistOutOctets, cipSecTunHistHcOutOctets, cipSecTunHistOutOctWraps, cipSecTunHistOutUncompOctets, cipSecTunHistHcOutUncompOctets, cipSecTunHistOutUncompOctWraps, cipSecTunHistOutPkts, cipSecTunHistOutDropPkts, cipSecTunHistOutAuths, cipSecTunHistOutAuthFails, cipSecTunHistOutEncrypts, cipSecTunHistOutEncryptFails, -- The IPsec Phase-2 End Point History Table -- cipSecEndPtHistIndex, cipSecEndPtHistTunIndex, cipSecEndPtHistActiveIndex, cipSecEndPtHistLocalName, cipSecEndPtHistLocalType, cipSecEndPtHistLocalAddr1, cipSecEndPtHistLocalAddr2, cipSecEndPtHistLocalProtocol, cipSecEndPtHistLocalPort, cipSecEndPtHistRemoteName, cipSecEndPtHistRemoteType, cipSecEndPtHistRemoteAddr1, cipSecEndPtHistRemoteAddr2, cipSecEndPtHistRemoteProtocol, cipSecEndPtHistRemotePort } STATUS current DESCRIPTION "This group consists of: 1) IPsec History Global Objects 2) IPsec Phase-1 History Objects 3) IPsec Phase-2 History Objects" ::= { cipSecMIBGroups 4 } cipSecFailuresGroup OBJECT-GROUP OBJECTS { -- The IPsec Failure Global Control Objects cipSecFailTableSize, -- The IPsec Phase-1 Failure Table -- cikeFailIndex, cikeFailReason, cikeFailTime, cikeFailLocalType, cikeFailLocalValue, cikeFailRemoteType, cikeFailRemoteValue, cikeFailLocalAddr, cikeFailRemoteAddr, -- The IPsec Phase-2 Failure Table -- cipSecFailIndex, cipSecFailReason, cipSecFailTime, cipSecFailTunnelIndex, cipSecFailSaSpi, cipSecFailPktSrcAddr, cipSecFailPktDstAddr } STATUS current DESCRIPTION "This group consists of: 1) IPsec Failure Global Objects 2) IPsec Phase-1 Tunnel Failure Table 3) IPsec Phase-2 Tunnel Failure Table" ::= { cipSecMIBGroups 5 } cipSecTrapCntlGroup OBJECT-GROUP OBJECTS { cipSecTrapCntlIkeTunnelStart, cipSecTrapCntlIkeTunnelStop, cipSecTrapCntlIkeSysFailure, cipSecTrapCntlIkeCertCrlFailure, cipSecTrapCntlIkeProtocolFail, cipSecTrapCntlIkeNoSa, cipSecTrapCntlIpSecTunnelStart, cipSecTrapCntlIpSecTunnelStop, cipSecTrapCntlIpSecSysFailure, cipSecTrapCntlIpSecSetUpFailure, cipSecTrapCntlIpSecEarlyTunTerm, cipSecTrapCntlIpSecProtocolFail, cipSecTrapCntlIpSecNoSa } STATUS current DESCRIPTION "This group of objects controls the sending of IPsec TRAPs." ::= { cipSecMIBGroups 6 } -- cipSecNotificationGroup NOTIFICATION-GROUP -- NOTIFICATIONS { -- cikeTunnelStart, -- cikeTunnelStop, -- cikeSysFailure, -- cikeCertCrlFailure, -- cikeProtocolFailure, -- cikeNoSa, -- cipSecTunnelStart, -- cipSecTunnelStop, -- cipSecSysFailure, -- cipSecSetUpFailure, -- cipSecEarlyTunTerm, -- cipSecProtocolFailure, -- cipSecNoSa -- } -- STATUS current -- DESCRIPTION -- "This group contains the notifications for the IPsec MIB." -- ::= { cipSecMIBGroups 7 } END