Wellfleet-IPSEC-MIB device MIB details by Wellfleet
Wellfleet-IPSEC-MIB file content
The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.
Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.
Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing Wellfleet-IPSEC-MIB.
| Vendor: | Wellfleet |
|---|---|
| Mib: | Wellfleet-IPSEC-MIB [download] [view objects] |
| Tool: | ActiveXperts Network Monitor 2024 [download] (ships with advanced SNMP/MIB tools) |
Wellfleet-IPSEC-MIB DEFINITIONS ::= BEGIN IMPORTS IpAddress, Counter, Gauge, Opaque FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212 DisplayString FROM RFC1213-MIB wfIpsecGroup FROM Wellfleet-COMMON-MIB; wfIpsecBase OBJECT IDENTIFIER ::= { wfIpsecGroup 1 } wfIpsecBaseCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Create/Delete parameter. Default is created. Users perform a set operation on this object in order to create/delete IPSec." DEFVAL { created } ::= { wfIpsecBase 1 } wfIpsecBaseEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Enable/Disable parameter. Default is enabled. Users perform a set operation on this object in order to enable/disable IPSec." DEFVAL { enabled } ::= { wfIpsecBase 2 } wfIpsecBaseState OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), notpresent(3) } ACCESS read-only STATUS mandatory DESCRIPTION "The current state of IPsec." DEFVAL { notpresent } ::= { wfIpsecBase 3 } wfIpsecBaseEspEncipherEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Used to control the whether ESP enciphers packets or not. Set this attribute to disable for debugging purposes only. When set to disabled, packets that match a policy that uses ESP to encipher the payload will not be enciphered. This allows one to view the plaintext inner headers for debugging purposes." DEFVAL { enabled } ::= { wfIpsecBase 4 } wfIpsecBaseMaxManualSpi OBJECT-TYPE SYNTAX INTEGER(256..65535) ACCESS read-write STATUS mandatory DESCRIPTION "The maximum SPI value that will be accepted for manually configured SAs. The SA values 0 - 255 is reserved. To enter this value add the number of SAs belonging to a particular IPSec protocol ex ESP to 255. The default value is maximum of 32 unique ESP SAs. The value 255 will cause no manual SAs supported" DEFVAL { 384 } ::= { wfIpsecBase 5 } ----------------------- -- -- end of IpsecBase -- ----------------------- wfIpsecSelectorInTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecSelectorInEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table of selectors used to identify which IP security policy should be applied to a packet." ::= { wfIpsecGroup 2 } wfIpsecSelectorInEntry OBJECT-TYPE SYNTAX WfIpsecSelectorInEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "IP Security Selectors for a policy" INDEX { wfIpsecSelectorInInterface, wfIpsecSelectorInCircuit, wfIpsecSelectorInPolicyNumber, wfIpsecSelectorInFragment } ::= { wfIpsecSelectorInTable 1 } WfIpsecSelectorInEntry ::= SEQUENCE { wfIpsecSelectorInCreate INTEGER, wfIpsecSelectorInEnable INTEGER, wfIpsecSelectorInStatus INTEGER, wfIpsecSelectorInCounter Counter, wfIpsecSelectorInDefinition Opaque, wfIpsecSelectorInReserved INTEGER, wfIpsecSelectorInInterface IpAddress, wfIpsecSelectorInCircuit INTEGER, wfIpsecSelectorInPolicyNumber INTEGER, wfIpsecSelectorInFragment INTEGER, wfIpsecSelectorInName DisplayString } wfIpsecSelectorInCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Defines the existence of the policy's selectors: created - instance exists delete - instance should be deleted." DEFVAL { created } ::= { wfIpsecSelectorInEntry 1 } wfIpsecSelectorInEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Defines whether or not the policy should be used: enabled - activate the policy's selectors. disabled - deactivate the policy's selectors." DEFVAL { enabled } ::= { wfIpsecSelectorInEntry 2 } wfIpsecSelectorInStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), inactive(3), notpresent(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Defines the current status of the this instance: up: this instance is in use down: this instance is misconfigured inactive: this instance is disabled notpresent: the IPsec code isn't loaded" DEFVAL { notpresent } ::= { wfIpsecSelectorInEntry 3 } wfIpsecSelectorInCounter OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets that have matched the selectors." ::= { wfIpsecSelectorInEntry 4 } wfIpsecSelectorInDefinition OBJECT-TYPE SYNTAX Opaque ACCESS read-write STATUS mandatory DESCRIPTION "The policy's selector definition." ::= { wfIpsecSelectorInEntry 5 } wfIpsecSelectorInReserved OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Reserved field." ::= { wfIpsecSelectorInEntry 6 } wfIpsecSelectorInInterface OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The network address of the IP interface to which the corresponding policy is applied." ::= { wfIpsecSelectorInEntry 7 } wfIpsecSelectorInCircuit OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The ID of the Circuit to which the corresponding policy is applied." ::= { wfIpsecSelectorInEntry 8 } wfIpsecSelectorInPolicyNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "ID policy's selectors." ::= { wfIpsecSelectorInEntry 9 } wfIpsecSelectorInFragment OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Fragment number - for large sets of selectors." ::= { wfIpsecSelectorInEntry 10 } wfIpsecSelectorInName OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "name of this instance of selectors." ::= { wfIpsecSelectorInEntry 11 } ----------------------- -- -- end of IpsecSelectorIn -- ----------------------- wfIpsecSelectorOutTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecSelectorOutEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table of selectors used to identify which IP security policy should be applied to a packet." ::= { wfIpsecGroup 3 } wfIpsecSelectorOutEntry OBJECT-TYPE SYNTAX WfIpsecSelectorOutEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "IP Security Selectors for a policy" INDEX { wfIpsecSelectorOutInterface, wfIpsecSelectorOutCircuit, wfIpsecSelectorOutPolicyNumber, wfIpsecSelectorOutFragment } ::= { wfIpsecSelectorOutTable 1 } WfIpsecSelectorOutEntry ::= SEQUENCE { wfIpsecSelectorOutCreate INTEGER, wfIpsecSelectorOutEnable INTEGER, wfIpsecSelectorOutStatus INTEGER, wfIpsecSelectorOutCounter Counter, wfIpsecSelectorOutDefinition Opaque, wfIpsecSelectorOutReserved INTEGER, wfIpsecSelectorOutInterface IpAddress, wfIpsecSelectorOutCircuit INTEGER, wfIpsecSelectorOutPolicyNumber INTEGER, wfIpsecSelectorOutFragment INTEGER, wfIpsecSelectorOutName DisplayString } wfIpsecSelectorOutCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Defines the existence of the policy's selectors: created - instance exists delete - instance should be deleted." DEFVAL { created } ::= { wfIpsecSelectorOutEntry 1 } wfIpsecSelectorOutEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Defines whether or not the policy should be used: enabled - activate the policy's selectors. disabled - deactivate the policy's selectors." DEFVAL { enabled } ::= { wfIpsecSelectorOutEntry 2 } wfIpsecSelectorOutStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), inactive(3), notpresent(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Defines the current status of the this instance: up: this instance is in use down: this instance is misconfigured inactive: this instance is disabled notpresent: the IPsec code isn't loaded" DEFVAL { notpresent } ::= { wfIpsecSelectorOutEntry 3 } wfIpsecSelectorOutCounter OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets that have matched the selectors." ::= { wfIpsecSelectorOutEntry 4 } wfIpsecSelectorOutDefinition OBJECT-TYPE SYNTAX Opaque ACCESS read-write STATUS mandatory DESCRIPTION "The policy's selector definition." ::= { wfIpsecSelectorOutEntry 5 } wfIpsecSelectorOutReserved OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Reserved field." ::= { wfIpsecSelectorOutEntry 6 } wfIpsecSelectorOutInterface OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The network address of the IP interface to which the corresponding policy is applied." ::= { wfIpsecSelectorOutEntry 7 } wfIpsecSelectorOutCircuit OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The ID of the Circuit to which the corresponding policy is applied." ::= { wfIpsecSelectorOutEntry 8 } wfIpsecSelectorOutPolicyNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "ID policy's selectors." ::= { wfIpsecSelectorOutEntry 9 } wfIpsecSelectorOutFragment OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Fragment number - for large sets of selectors." ::= { wfIpsecSelectorOutEntry 10 } wfIpsecSelectorOutName OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "name of this instance of selectors." ::= { wfIpsecSelectorOutEntry 11 } ----------------------- -- -- end of IpsecSelectorOut -- ----------------------- wfIpsecDescriptorTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecDescriptorEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of IP security descriptors" ::= { wfIpsecGroup 4 } wfIpsecDescriptorEntry OBJECT-TYPE SYNTAX WfIpsecDescriptorEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An IP security Descriptor" INDEX { wfIpsecDescriptorInterface, wfIpsecDescriptorCircuit, wfIpsecDescriptorPolicyNumber } ::= { wfIpsecDescriptorTable 1 } WfIpsecDescriptorEntry ::= SEQUENCE { wfIpsecDescriptorCreate INTEGER, wfIpsecDescriptorStatus INTEGER, wfIpsecDescriptorPolicyNumber INTEGER, wfIpsecDescriptorInterface IpAddress, wfIpsecDescriptorCircuit INTEGER, wfIpsecDescriptorManualSaList Opaque, wfIpsecDescriptorSaMode INTEGER, wfIpsecDescriptorPfs INTEGER, wfIpsecDescriptorProposals Opaque, wfIpsecDescriptorSourceForDestAddr INTEGER, wfIpsecDescriptorSourceForSrcAddr INTEGER, wfIpsecDescriptorSourceForProtocol INTEGER, wfIpsecDescriptorStartSourceAddr IpAddress, wfIpsecDescriptorEndSourceAddr IpAddress, wfIpsecDescriptorStartDestAddr IpAddress, wfIpsecDescriptorEndDestAddr IpAddress, wfIpsecDescriptorPort INTEGER, wfIpsecDescriptorProtocol INTEGER, wfIpsecDescriptorPrimarySG IpAddress, wfIpsecDescriptorInboundIdleTimer INTEGER } wfIpsecDescriptorCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Create/Delete parameter. Default is created." DEFVAL { created } ::= { wfIpsecDescriptorEntry 1 } wfIpsecDescriptorStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), inactive(3), notpresent(4) } ACCESS read-only STATUS mandatory DESCRIPTION "The status of this instance: up: this instance is in use down: this instance is misconfigured inactive: this instance is disabled notpresent: the IPsec code isn't loaded" DEFVAL { notpresent } ::= { wfIpsecDescriptorEntry 2 } wfIpsecDescriptorPolicyNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Allows instance of wfIpsecSelectorOutEntry to be matched with this instance." ::= { wfIpsecDescriptorEntry 3 } wfIpsecDescriptorInterface OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the security gateway which this descriptor belongs to." ::= { wfIpsecDescriptorEntry 4 } wfIpsecDescriptorCircuit OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The ID of the Circuit to which this instance applies." ::= { wfIpsecDescriptorEntry 5 } wfIpsecDescriptorManualSaList OBJECT-TYPE SYNTAX Opaque ACCESS read-write STATUS mandatory DESCRIPTION "the octet string represents an ordered list of Security Associations (SAs). the format of each 9 byte sequence is: ------------+-----------+-----------+------------+----------- | protocol | Peer IP Address | ------------+-----------+-----------+------------+----------- | SPI | ------------+-----------+-----------+------------+ " ::= { wfIpsecDescriptorEntry 6 } wfIpsecDescriptorSaMode OBJECT-TYPE SYNTAX INTEGER { tunnel(1), transport(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Identifies mode of the SA for this policy." DEFVAL { tunnel } ::= { wfIpsecDescriptorEntry 7 } wfIpsecDescriptorPfs OBJECT-TYPE SYNTAX INTEGER { true(1), false(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Identifies whether perfect forward secrecy is required or not." DEFVAL { false } ::= { wfIpsecDescriptorEntry 8 } wfIpsecDescriptorProposals OBJECT-TYPE SYNTAX Opaque ACCESS read-write STATUS mandatory DESCRIPTION "the octet string represents an ordered list of proposals. Every 2 octets in the string contains a number which corresponds to an instance I.D. of wfIpsecProposalEntry. The list of proposals is a logically ORed list." ::= { wfIpsecDescriptorEntry 9 } wfIpsecDescriptorSourceForDestAddr OBJECT-TYPE SYNTAX INTEGER { packet(1), policy(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The source for the destination IP address value to be used in the SA. 'packet' limits use of the SA to those packets which have a matching IP addr even if the policy permits a range. 'policy' allows more than one traffic flow to use the SA if the policy permits a range of IP addresses." DEFVAL { policy } ::= { wfIpsecDescriptorEntry 10 } wfIpsecDescriptorSourceForSrcAddr OBJECT-TYPE SYNTAX INTEGER { packet(1), policy(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The source for the destination IP address value to be used in the SA. 'packet' limits use of the SA to those packets which have a matching IP addr even if the policy permits a range. 'policy' allows more than one traffic flow to use the SA if the policy permits a range of IP addresses." DEFVAL { policy } ::= { wfIpsecDescriptorEntry 11 } wfIpsecDescriptorSourceForProtocol OBJECT-TYPE SYNTAX INTEGER { packet(1), policy(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The source for the destination IP address value to be used in the SA. 'packet' limits use of the SA to those packets which have a matching IP addr even if the policy permits a range. 'policy' allows more than one traffic flow to use the SA if the policy permits a range of IP addresses." DEFVAL { policy } ::= { wfIpsecDescriptorEntry 12 } wfIpsecDescriptorStartSourceAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The start Source IP address for the dynamic SA." ::= { wfIpsecDescriptorEntry 13 } wfIpsecDescriptorEndSourceAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The end Source IP address for the dynamic SA." ::= { wfIpsecDescriptorEntry 14 } wfIpsecDescriptorStartDestAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The start Destination IP address for the dynamic SA." ::= { wfIpsecDescriptorEntry 15 } wfIpsecDescriptorEndDestAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The end Source IP address for the dynamic SA." ::= { wfIpsecDescriptorEntry 16 } wfIpsecDescriptorPort OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The port number for the dynamic SA." ::= { wfIpsecDescriptorEntry 17 } wfIpsecDescriptorProtocol OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The IP protocol for the dynamic SA." ::= { wfIpsecDescriptorEntry 18 } wfIpsecDescriptorPrimarySG OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The address of the remote gateway." ::= { wfIpsecDescriptorEntry 19 } wfIpsecDescriptorInboundIdleTimer OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Inbound (Unprotect) SA inactivity timer, in minutes. If no traffic is received on an automated inbound SA for the indicated time, both SAs for this policy will be deleted. A value of zero disables the timer." DEFVAL { 15 } ::= { wfIpsecDescriptorEntry 20 } ----------------------- -- -- end of IpsecDescriptor -- ----------------------- wfIpsecEspSaTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecEspSaEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The ESP security association table" ::= { wfIpsecGroup 5 } wfIpsecEspSaEntry OBJECT-TYPE SYNTAX WfIpsecEspSaEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Entry in ESP security association table" INDEX { wfIpsecEspSaSrc, wfIpsecEspSaDest, wfIpsecEspSaSpi } ::= { wfIpsecEspSaTable 1 } WfIpsecEspSaEntry ::= SEQUENCE { wfIpsecEspSaCreate INTEGER, wfIpsecEspSaStatus INTEGER, wfIpsecEspSaSrc IpAddress, wfIpsecEspSaDest IpAddress, wfIpsecEspSaSpi INTEGER, wfIpsecEspSaCipherAlg INTEGER, wfIpsecEspSaManualCipherKey OCTET STRING, wfIpsecEspSaDesKeyStrength INTEGER, wfIpsecEspSaIntegrityAlg INTEGER, wfIpsecEspSaManualIntegrityKey OCTET STRING, wfIpsecEspSaVerifyPad INTEGER, wfIpsecEspSaReset INTEGER, wfIpsecEspSaBadAuthen Counter, wfIpsecEspSaBadDecrypt Counter, wfIpsecEspSaBadPad Counter, wfIpsecEspSaProtectPkt Counter, wfIpsecEspSaUnprotectPkt Counter, wfIpsecEspSaEncryptByte Counter, wfIpsecEspSaDecryptByte Counter, wfIpsecEspSaMode INTEGER, wfIpsecEspSaPfs INTEGER, wfIpsecEspSaExpiryType INTEGER, wfIpsecEspSaExpiryValue INTEGER } wfIpsecEspSaCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Create/Delete parameter." DEFVAL { created } ::= { wfIpsecEspSaEntry 1 } wfIpsecEspSaStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), inactive(3), notpresent(4) } ACCESS read-only STATUS mandatory DESCRIPTION "The current status of this Security Association: up: this SA is in use down: this SA is misconfigured inactive: this SA is disabled notpresent: the IPsec code isn't loaded" DEFVAL { notpresent } ::= { wfIpsecEspSaEntry 2 } wfIpsecEspSaSrc OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the SA's source." ::= { wfIpsecEspSaEntry 3 } wfIpsecEspSaDest OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the SA's destination." ::= { wfIpsecEspSaEntry 4 } wfIpsecEspSaSpi OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The security parameters index" ::= { wfIpsecEspSaEntry 5 } wfIpsecEspSaCipherAlg OBJECT-TYPE SYNTAX INTEGER { none(1), des(2), desede(3) } ACCESS read-write STATUS mandatory DESCRIPTION "Identifies cipher algorithm for this SA." DEFVAL { des } ::= { wfIpsecEspSaEntry 6 } wfIpsecEspSaManualCipherKey OBJECT-TYPE SYNTAX OCTET STRING ACCESS read-write STATUS mandatory DESCRIPTION "The key for a manually-keyed SA's cipher algorithm" ::= { wfIpsecEspSaEntry 7 } wfIpsecEspSaDesKeyStrength OBJECT-TYPE SYNTAX INTEGER { fortybit(1), fiftysixbit(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The strength of the cipher key." DEFVAL { fiftysixbit } ::= { wfIpsecEspSaEntry 8 } wfIpsecEspSaIntegrityAlg OBJECT-TYPE SYNTAX INTEGER { none(1), hmacMd5(2), hmacSha1(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The algorithm for ESP Auth." DEFVAL { none } ::= { wfIpsecEspSaEntry 9 } wfIpsecEspSaManualIntegrityKey OBJECT-TYPE SYNTAX OCTET STRING ACCESS read-write STATUS mandatory DESCRIPTION "The key for a manually-keyed SA's integrity algorithm" ::= { wfIpsecEspSaEntry 10 } wfIpsecEspSaVerifyPad OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This attribute enables checking of the pad field of ESP packets making sure it is in expected numeric ascending order. Packets with bad padding are discarded." DEFVAL { disabled } ::= { wfIpsecEspSaEntry 11 } wfIpsecEspSaReset OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Reset IPSec SA statistics indicator." ::= { wfIpsecEspSaEntry 12 } wfIpsecEspSaBadAuthen OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received encrypted packets that could not be properly authenticated." ::= { wfIpsecEspSaEntry 13 } wfIpsecEspSaBadDecrypt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets that could not be properly decrypted." ::= { wfIpsecEspSaEntry 14 } wfIpsecEspSaBadPad OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets that contained bad padding information." ::= { wfIpsecEspSaEntry 15 } wfIpsecEspSaProtectPkt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of successfully encrypted packets." ::= { wfIpsecEspSaEntry 16 } wfIpsecEspSaUnprotectPkt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of successfully decrypted packets." ::= { wfIpsecEspSaEntry 17 } wfIpsecEspSaEncryptByte OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of successfully encrypted bytes." ::= { wfIpsecEspSaEntry 18 } wfIpsecEspSaDecryptByte OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of successfully encrypted bytes." ::= { wfIpsecEspSaEntry 19 } wfIpsecEspSaMode OBJECT-TYPE SYNTAX INTEGER { tunnel(1), transport(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Identifies mode of the SA." DEFVAL { tunnel } ::= { wfIpsecEspSaEntry 20 } wfIpsecEspSaPfs OBJECT-TYPE SYNTAX INTEGER { true(1), false(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Identifies whether this SA has perfect forward secrecy or not." DEFVAL { true } ::= { wfIpsecEspSaEntry 21 } wfIpsecEspSaExpiryType OBJECT-TYPE SYNTAX INTEGER { seconds(1), kilobytes(2), none(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The units used to interpret the expiry value. The SA's keys don't expire when this is set to none." DEFVAL { none } ::= { wfIpsecEspSaEntry 22 } wfIpsecEspSaExpiryValue OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The value used to determine when the keys for this SA expire." ::= { wfIpsecEspSaEntry 23 } ----------------------- -- -- end of IpsecEspSaTable -- ----------------------- wfIpsecStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecStatsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The interface statistics table" ::= { wfIpsecGroup 6 } wfIpsecStatsEntry OBJECT-TYPE SYNTAX WfIpsecStatsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Entry in Interface Statistics Table" INDEX { wfIpsecStatsInterface, wfIpsecStatsCircuit } ::= { wfIpsecStatsTable 1 } WfIpsecStatsEntry ::= SEQUENCE { wfIpsecStatsCreate INTEGER, wfIpsecStatsInterface IpAddress, wfIpsecStatsCircuit INTEGER, wfIpsecStatsReset INTEGER, wfIpsecStatsUnprotectPkt Counter, wfIpsecStatsProtectPkt Counter, wfIpsecStatsBypassPkt Counter, wfIpsecStatsDropPkt Counter, wfIpsecStatsNoSa Counter, wfIpsecStatsLastBadSpi INTEGER, wfIpsecStatsNoPolicyMatch Counter, wfIpsecStatsSaExpDropBytes Counter, wfIpsecStatsOutClips Counter, wfIpsecStatsInClips Counter } wfIpsecStatsCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-only STATUS mandatory DESCRIPTION "Create/Delete parameter." DEFVAL { created } ::= { wfIpsecStatsEntry 1 } wfIpsecStatsInterface OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the security gateway which these statistics belong to." ::= { wfIpsecStatsEntry 2 } wfIpsecStatsCircuit OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The ID of the Circuit to which this instance applies." ::= { wfIpsecStatsEntry 3 } wfIpsecStatsReset OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Reset IPSec statistics indicator." ::= { wfIpsecStatsEntry 4 } wfIpsecStatsUnprotectPkt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets successfully decrypted." ::= { wfIpsecStatsEntry 5 } wfIpsecStatsProtectPkt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets successfully encrypted." ::= { wfIpsecStatsEntry 6 } wfIpsecStatsBypassPkt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets that have bypassed." ::= { wfIpsecStatsEntry 7 } wfIpsecStatsDropPkt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets that have been dropped." ::= { wfIpsecStatsEntry 8 } wfIpsecStatsNoSa OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets for which no SA was found." ::= { wfIpsecStatsEntry 9 } wfIpsecStatsLastBadSpi OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The last security parameters index for which no SA could be found." ::= { wfIpsecStatsEntry 10 } wfIpsecStatsNoPolicyMatch OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets for which no policy match could be found." ::= { wfIpsecStatsEntry 11 } wfIpsecStatsSaExpDropBytes OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of bytes discarded owing to SA Expiry" ::= { wfIpsecStatsEntry 12 } wfIpsecStatsOutClips OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of outbound packets clipped due to buffer congestion." ::= { wfIpsecStatsEntry 13 } wfIpsecStatsInClips OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of inbound packets clipped due to buffer congestion." ::= { wfIpsecStatsEntry 14 } ----------------------- -- -- end of IpsecStats -- ----------------------- wfIpsecRemoteGatewayTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecRemoteGatewayEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table of known remote Security Gateways." ::= { wfIpsecGroup 7 } wfIpsecRemoteGatewayEntry OBJECT-TYPE SYNTAX WfIpsecRemoteGatewayEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A remote Security Gateway" INDEX { wfIpsecRemoteGatewayInterface, wfIpsecRemoteGatewayCircuit, wfIpsecRemoteGatewayIndex } ::= { wfIpsecRemoteGatewayTable 1 } WfIpsecRemoteGatewayEntry ::= SEQUENCE { wfIpsecRemoteGatewayCreate INTEGER, wfIpsecRemoteGatewayEnable INTEGER, wfIpsecRemoteGatewayStatus INTEGER, wfIpsecRemoteGatewayInterface IpAddress, wfIpsecRemoteGatewayCircuit INTEGER, wfIpsecRemoteGatewayIndex INTEGER, wfIpsecRemoteGatewayIpAddr IpAddress, wfIpsecRemoteGatewayRange OCTET STRING, wfIpsecRemoteGatewayName DisplayString } wfIpsecRemoteGatewayCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-write STATUS mandatory DESCRIPTION "creates or deletes an instance." DEFVAL { created } ::= { wfIpsecRemoteGatewayEntry 1 } wfIpsecRemoteGatewayEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "enables and disables this instance." DEFVAL { enabled } ::= { wfIpsecRemoteGatewayEntry 2 } wfIpsecRemoteGatewayStatus OBJECT-TYPE SYNTAX INTEGER { active(1), error(2), inactive(3), notpresent(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Defines the current status of the instance: inactive - ? active - ? error - ?" DEFVAL { notpresent } ::= { wfIpsecRemoteGatewayEntry 3 } wfIpsecRemoteGatewayInterface OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The address of the IP interface to which this instance applies." ::= { wfIpsecRemoteGatewayEntry 4 } wfIpsecRemoteGatewayCircuit OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The ID of the Circuit to which the instance applies." ::= { wfIpsecRemoteGatewayEntry 5 } wfIpsecRemoteGatewayIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "An index used to differentiate remote gateway instances." ::= { wfIpsecRemoteGatewayEntry 6 } wfIpsecRemoteGatewayIpAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The address of the remote gateway." ::= { wfIpsecRemoteGatewayEntry 7 } wfIpsecRemoteGatewayRange OBJECT-TYPE SYNTAX OCTET STRING ACCESS read-write STATUS mandatory DESCRIPTION "The range of destination IP addresses that the remote security gateway represents." ::= { wfIpsecRemoteGatewayEntry 8 } wfIpsecRemoteGatewayName OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "name of the remote security gateway." ::= { wfIpsecRemoteGatewayEntry 9 } ----------------------- -- -- end of IpsecRemoteGateway -- ----------------------- wfIpsecProposalTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecProposalEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of IP security proposals" ::= { wfIpsecGroup 8 } wfIpsecProposalEntry OBJECT-TYPE SYNTAX WfIpsecProposalEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An IP security Proposal. This is essentially a sequence of protection suites represented by wfIpsecSuiteEntry instances" INDEX { wfIpsecProposalNumber } ::= { wfIpsecProposalTable 1 } WfIpsecProposalEntry ::= SEQUENCE { wfIpsecProposalCreate INTEGER, wfIpsecProposalStatus INTEGER, wfIpsecProposalName DisplayString, wfIpsecProposalNumber INTEGER, wfIpsecProposalSuites Opaque } wfIpsecProposalCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Create/Delete parameter. Default is created." DEFVAL { created } ::= { wfIpsecProposalEntry 1 } wfIpsecProposalStatus OBJECT-TYPE SYNTAX INTEGER { active(1), error(2), inactive(3), notpresent(4) } ACCESS read-only STATUS mandatory DESCRIPTION "The status of this Proposal." DEFVAL { notpresent } ::= { wfIpsecProposalEntry 2 } wfIpsecProposalName OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "Proposal name." ::= { wfIpsecProposalEntry 3 } wfIpsecProposalNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A number that identifies this proposal." ::= { wfIpsecProposalEntry 4 } wfIpsecProposalSuites OBJECT-TYPE SYNTAX Opaque ACCESS read-write STATUS mandatory DESCRIPTION "the octet string contains a list of ordered, 2 byte numbers that correspond to wfIpsecSuiteEntry instance ID's. The list of protection suites is a logically ANDed list. This allows multiple protocols to be used for a policy." ::= { wfIpsecProposalEntry 5 } ----------------------- -- -- end of IpsecProposal -- ----------------------- wfIpsecSuiteTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecSuiteEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of IP security protection suites" ::= { wfIpsecGroup 9 } wfIpsecSuiteEntry OBJECT-TYPE SYNTAX WfIpsecSuiteEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An IP security protection suite" INDEX { wfIpsecSuiteNumber } ::= { wfIpsecSuiteTable 1 } WfIpsecSuiteEntry ::= SEQUENCE { wfIpsecSuiteCreate INTEGER, wfIpsecSuiteStatus INTEGER, wfIpsecSuiteName DisplayString, wfIpsecSuiteNumber INTEGER, -- only one of the next three attributes should be non-zero. the first -- non-zero attribute is used. configurators should enforce this rule. wfIpsecSuiteEspProtocol Opaque, wfIpsecSuiteAhProtocol Opaque } wfIpsecSuiteCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Create/Delete parameter. Default is created." DEFVAL { created } ::= { wfIpsecSuiteEntry 1 } wfIpsecSuiteStatus OBJECT-TYPE SYNTAX INTEGER { active(1), error(2), inactive(3), notpresent(4) } ACCESS read-only STATUS mandatory DESCRIPTION "The status of this Suite." DEFVAL { notpresent } ::= { wfIpsecSuiteEntry 2 } wfIpsecSuiteName OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "Suite name." ::= { wfIpsecSuiteEntry 3 } wfIpsecSuiteNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A number that identifies this protection suite." ::= { wfIpsecSuiteEntry 4 } wfIpsecSuiteEspProtocol OBJECT-TYPE SYNTAX Opaque ACCESS read-write STATUS mandatory DESCRIPTION "The ordered sequence of wfIpsecEspTransformEntry instances that comprise this protection suite." ::= { wfIpsecSuiteEntry 5 } wfIpsecSuiteAhProtocol OBJECT-TYPE SYNTAX Opaque ACCESS read-write STATUS mandatory DESCRIPTION "The ordered sequence of wfIpsecAhProposalEntry instances that comprise this protection suite." ::= { wfIpsecSuiteEntry 6 } ----------------------- -- -- end of IpsecSuite -- ----------------------- wfIpsecEspTransformTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecEspTransformEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of IP security policies" ::= { wfIpsecGroup 10 } wfIpsecEspTransformEntry OBJECT-TYPE SYNTAX WfIpsecEspTransformEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An IP security ESP Transform" INDEX { wfIpsecEspTransformNumber } ::= { wfIpsecEspTransformTable 1 } WfIpsecEspTransformEntry ::= SEQUENCE { wfIpsecEspTransformCreate INTEGER, wfIpsecEspTransformStatus INTEGER, wfIpsecEspTransformName DisplayString, wfIpsecEspTransformNumber INTEGER, wfIpsecEspTransformCipherAlg INTEGER, wfIpsecEspTransformKeyLength INTEGER, wfIpsecEspTransformIntegrityAlg INTEGER, wfIpsecEspTransformExpiryTime INTEGER, wfIpsecEspTransformExpiryMBytes INTEGER, wfIpsecEspTransformExpiryPref INTEGER } wfIpsecEspTransformCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Create/Delete parameter. Default is created." DEFVAL { created } ::= { wfIpsecEspTransformEntry 1 } wfIpsecEspTransformStatus OBJECT-TYPE SYNTAX INTEGER { active(1), error(2), inactive(3), notpresent(4) } ACCESS read-only STATUS mandatory DESCRIPTION "The status of this ESP Transform." DEFVAL { notpresent } ::= { wfIpsecEspTransformEntry 2 } wfIpsecEspTransformName OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "ESP Transform name." ::= { wfIpsecEspTransformEntry 3 } wfIpsecEspTransformNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A number that identifies this ESP proposal." ::= { wfIpsecEspTransformEntry 4 } wfIpsecEspTransformCipherAlg OBJECT-TYPE SYNTAX INTEGER { none(1), des(2), desede(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The cipher algorithm for ESP." DEFVAL { des } ::= { wfIpsecEspTransformEntry 5 } wfIpsecEspTransformKeyLength OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The key length for the ESP cipher algorithm." ::= { wfIpsecEspTransformEntry 6 } wfIpsecEspTransformIntegrityAlg OBJECT-TYPE SYNTAX INTEGER { none(1), hmacMd5(2), hmacSha1(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The algorithm for ESP Auth." DEFVAL { none } ::= { wfIpsecEspTransformEntry 7 } wfIpsecEspTransformExpiryTime OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The value used to determine when the keys for this SA expire due to the passage of time. The units are minutes. The minium recommended value is 10 min. " DEFVAL { 480 } ::= { wfIpsecEspTransformEntry 8 } wfIpsecEspTransformExpiryMBytes OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The value used to determine when the keys for this SA expire due to the number of bytes processed. The units are mega-bytes. The minium recommended value is 10 Mbytes. A value of 0 indicates that MByte expiry is not desired." DEFVAL { 1024 } ::= { wfIpsecEspTransformEntry 9 } wfIpsecEspTransformExpiryPref OBJECT-TYPE SYNTAX INTEGER { minutes(1), mbytes(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The value used to determine precedence between time/kbyte expiry" DEFVAL { minutes } ::= { wfIpsecEspTransformEntry 10 } ----------------------- -- -- end of IpsecEspTransform -- ----------------------- wfIpsecAhTransformTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecAhTransformEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of IP security policies" ::= { wfIpsecGroup 11 } wfIpsecAhTransformEntry OBJECT-TYPE SYNTAX WfIpsecAhTransformEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An IP security AhTransform" INDEX { wfIpsecAhTransformNumber } ::= { wfIpsecAhTransformTable 1 } WfIpsecAhTransformEntry ::= SEQUENCE { wfIpsecAhTransformCreate INTEGER, wfIpsecAhTransformStatus INTEGER, wfIpsecAhTransformName DisplayString, wfIpsecAhTransformNumber INTEGER, wfIpsecAhTransformIntegrityAlg INTEGER, wfIpsecAhTransformGroup INTEGER, wfIpsecAhTransformExpiryType INTEGER, wfIpsecAhTransformExpiryValue INTEGER } wfIpsecAhTransformCreate OBJECT-TYPE SYNTAX INTEGER { created(1), deleted(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Create/Delete parameter. Default is created." DEFVAL { created } ::= { wfIpsecAhTransformEntry 1 } wfIpsecAhTransformStatus OBJECT-TYPE SYNTAX INTEGER { active(1), error(2), inactive(3), notpresent(4) } ACCESS read-only STATUS mandatory DESCRIPTION "The status of this AhTransform." DEFVAL { notpresent } ::= { wfIpsecAhTransformEntry 2 } wfIpsecAhTransformName OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "AhTransform name." ::= { wfIpsecAhTransformEntry 3 } wfIpsecAhTransformNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A number that identifies this AH proposal." ::= { wfIpsecAhTransformEntry 4 } wfIpsecAhTransformIntegrityAlg OBJECT-TYPE SYNTAX INTEGER { none(1), hmacMd5(2), hmacSha1(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The algorithm for AH." DEFVAL { hmacMd5 } ::= { wfIpsecAhTransformEntry 5 } wfIpsecAhTransformGroup OBJECT-TYPE SYNTAX INTEGER { one(1) } ACCESS read-write STATUS mandatory DESCRIPTION "The DH group" DEFVAL { one } ::= { wfIpsecAhTransformEntry 6 } wfIpsecAhTransformExpiryType OBJECT-TYPE SYNTAX INTEGER { seconds(1), kilobytes(2), none(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The units used to interpret the expiry value. The SA's keys don't expire when this is set to none." DEFVAL { kilobytes } ::= { wfIpsecAhTransformEntry 7 } wfIpsecAhTransformExpiryValue OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The value used to determine when the keys for this SA expire." DEFVAL { 1024 } ::= { wfIpsecAhTransformEntry 8 } ----------------------- -- -- end of IpsecAhTransform -- ----------------------- wfIpsecSaStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF WfIpsecSaStatsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The Ipsec automated SA table" ::= { wfIpsecGroup 12 } wfIpsecSaStatsEntry OBJECT-TYPE SYNTAX WfIpsecSaStatsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Entry in Automated ESP SA table" INDEX { wfIpsecSaStatsSrc, wfIpsecSaStatsDest, wfIpsecSaStatsSpi } ::= { wfIpsecSaStatsTable 1 } WfIpsecSaStatsEntry ::= SEQUENCE { wfIpsecSaStatsStatus INTEGER, wfIpsecSaStatsSrc IpAddress, wfIpsecSaStatsDest IpAddress, wfIpsecSaStatsSpi Gauge, wfIpsecSaStatsProto INTEGER, wfIpsecSaStatsCipherAlg INTEGER, wfIpsecSaStatsIntegrityAlg INTEGER, wfIpsecSaStatsBadAuthen Counter, wfIpsecSaStatsBadDecrypt Counter, wfIpsecSaStatsBadPad Counter, wfIpsecSaStatsProtectPkt Counter, wfIpsecSaStatsUnprotectPkt Counter, wfIpsecSaStatsEncryptByte Counter, wfIpsecSaStatsDecryptByte Counter, wfIpsecSaStatsMode INTEGER, wfIpsecSaStatsPfs INTEGER, wfIpsecSaStatsExpiryType INTEGER, wfIpsecSaStatsExpiryValue INTEGER } wfIpsecSaStatsStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), inactive(3), notpresent(4) } ACCESS read-only STATUS mandatory DESCRIPTION "The current status of this Security Association: up: this SA is in use down: this SA is misconfigured ??? inactive: this SA is disabled ??? notpresent: the IPsec code isn't loaded ??? " DEFVAL { notpresent } ::= { wfIpsecSaStatsEntry 1 } wfIpsecSaStatsSrc OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the SA's source." ::= { wfIpsecSaStatsEntry 2 } wfIpsecSaStatsDest OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the SA's destination." ::= { wfIpsecSaStatsEntry 3 } wfIpsecSaStatsSpi OBJECT-TYPE SYNTAX Gauge ACCESS read-only STATUS mandatory DESCRIPTION "The security parameters index" ::= { wfIpsecSaStatsEntry 4 } wfIpsecSaStatsProto OBJECT-TYPE SYNTAX INTEGER { none(1), esp(2), ah(3) } ACCESS read-only STATUS mandatory DESCRIPTION "The protocol used by this SA." DEFVAL { none } ::= { wfIpsecSaStatsEntry 5 } wfIpsecSaStatsCipherAlg OBJECT-TYPE SYNTAX INTEGER { none(1), des(2), desede(3) } ACCESS read-only STATUS mandatory DESCRIPTION "Identifies cipher algorithm for this SA." DEFVAL { des } ::= { wfIpsecSaStatsEntry 6 } wfIpsecSaStatsIntegrityAlg OBJECT-TYPE SYNTAX INTEGER { none(1), hmacMd5(2), hmacSha1(3) } ACCESS read-only STATUS mandatory DESCRIPTION "The algorithm for ESP Auth." DEFVAL { none } ::= { wfIpsecSaStatsEntry 7 } wfIpsecSaStatsBadAuthen OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received encrypted packets that could not be properly authenticated." ::= { wfIpsecSaStatsEntry 8 } wfIpsecSaStatsBadDecrypt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets that could not be properly decrypted." ::= { wfIpsecSaStatsEntry 9 } wfIpsecSaStatsBadPad OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of received packets that contained bad padding information." ::= { wfIpsecSaStatsEntry 10 } wfIpsecSaStatsProtectPkt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of successfully encrypted packets." ::= { wfIpsecSaStatsEntry 11 } wfIpsecSaStatsUnprotectPkt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of successfully decrypted packets." ::= { wfIpsecSaStatsEntry 12 } wfIpsecSaStatsEncryptByte OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of successfully encrypted bytes." ::= { wfIpsecSaStatsEntry 13 } wfIpsecSaStatsDecryptByte OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of successfully encrypted bytes." ::= { wfIpsecSaStatsEntry 14 } wfIpsecSaStatsMode OBJECT-TYPE SYNTAX INTEGER { tunnel(1), transport(2) } ACCESS read-only STATUS mandatory DESCRIPTION "Identifies mode of the SA." DEFVAL { tunnel } ::= { wfIpsecSaStatsEntry 15 } wfIpsecSaStatsPfs OBJECT-TYPE SYNTAX INTEGER { true(1), false(2) } ACCESS read-only STATUS mandatory DESCRIPTION "Identifies whether this SA has perfect forward secrecy or not." DEFVAL { true } ::= { wfIpsecSaStatsEntry 16 } wfIpsecSaStatsExpiryType OBJECT-TYPE SYNTAX INTEGER { seconds(1), kilobytes(2), none(3) } ACCESS read-only STATUS mandatory DESCRIPTION "The units used to interpret the expiry value. The SA's keys don't expire when this is set to none." DEFVAL { none } ::= { wfIpsecSaStatsEntry 17 } wfIpsecSaStatsExpiryValue OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The value used to determine when the keys for this SA expire." ::= { wfIpsecSaStatsEntry 18 } END -- Wellfleet-IPSEC-MIB