-- *------------------------------------------------------------------
-- * CISCO-IPSEC-FLOW-MONITOR-MIB.my: IPSec Flow Monitoring MIB.
-- *
-- * April 2000, S Ramakrishnan
-- *
-- * Copyright (c) 2000, 2004, 2007 by Cisco Systems Inc.
-- * All rights reserved.
-- *
-- *------------------------------------------------------------------CISCO-IPSEC-FLOW-MONITOR-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,Counter32,Counter64,Gauge32,Integer32,Unsigned32FROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUP,NOTIFICATION-GROUPFROM SNMPv2-CONF
TEXTUAL-CONVENTION,DisplayString,TimeStamp,TimeInterval,TruthValueFROM SNMPv2-TC
cmgwIndex
FROM CISCO-MEDIA-GATEWAY-MIB
ciscoMgmt
FROM CISCO-SMI;ciscoIpSecFlowMonitorMIB MODULE-IDENTITYLAST-UPDATED"200710240000Z"ORGANIZATION"Tivoli Systems and Cisco Systems"CONTACT-INFO"Tivoli Systems
Research Triangle Park, NC
Cisco Systems
170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-ipsecurity@cisco.com"DESCRIPTION"This is a MIB Module for monitoring the
structures in IPSec-based Virtual Private Networks.
The MIB has been designed to be adopted as an IETF
standard. Hence Cisco-specific features of IPSec
protocol are excluded from this MIB.
Acronyms
The following acronyms are used in this document:
IPSec: Secure IP Protocol
VPN: Virtual Private Network
ISAKMP: Internet Security Association and Key Exchange
Protocol
IKE: Internet Key Exchange Protocol
SA: Security Association
MM: Main Mode - the process of setting up
a Phase 1 SA to secure the exchanges
required to setup Phase 2 SAs
QM: Quick Mode - the process of setting up
Phase 2 Security Associations using
a Phase 1 SA.
Overview of IPsec MIB
The MIB contains six major groups of objects which are
used to manage the IPSec Protocol. These groups include
a Levels Group, a Phase-1 Group, a Phase-2 Group,
a History Group, a Failure Group and a TRAP Control Group.
The following table illustrates the structure of the
IPSec MIB.
The Phase 1 group models objects pertaining to
IKE negotiations and tunnels.
The Phase 2 group models objects pertaining to
IPSec data tunnels.
The History group is to aid applications that do
trending analysis.
The Failure group is to enable an operator to
do troubleshooting and debugging of the VPN Router.
Further, counters are supported to aid Intrusion
Detection.
In addition to the five major MIB Groups, there are
a number of Notifications. The following table
illustrates the name and description of the
IPSec TRAPs.
For a detailed discussion, please refer to the IETF
draft draft-ietf-ipsec-flow-monitoring-mib-00.txt."REVISION"200710240000Z"DESCRIPTION"In the description of cipSecTunHistHcInDecompOctets,
cipSecTunHcInOctets has been changed to
cipSecTunHistHcInOctets.
In the description of cipSecTunHistOutUncompOctets,
cipSecTunOutOctets has been changed to
cipSecTunHistOutOctets.
In the description of cipSecTunHistHcOutUncompOctets,
cipSecTunHcOutOctets has been changed to
cipSecTunHistHcOutOctets.
In the description of cipSecTunHistInDecompOctets,
cipSecTunInOctets has been changed to
cipSecTunHistInOctets."REVISION"200410120000Z"DESCRIPTION"Added two table for media gateway stats
information:
cikePhase1GWStatsTable (phase-1 IKE)
cipSecPhase2GWStatsTable (phase-2 IPsec)"REVISION"200010131800Z"DESCRIPTION"Changed cipSecSpiValue to Unsigned32.
Changed Protocol ranges to
start at 0 instead of 1.
Removed comment(s) incorrectly indicating
this MIB was CiscoExperiment."REVISION"200008171259Z"DESCRIPTION"Initial version of this MIB module."::={ ciscoMgmt 171}-- +++++++++++++++++++++++++++++++++++++++++++++++++++
-- Local Textual Conventions
-- +++++++++++++++++++++++++++++++++++++++++++++++++++IPSIpAddress ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"An IP V4 or V6 Address."SYNTAXOCTETSTRING(SIZE(4 | 16))-- IP V4 or V6 AddressIkePeerType ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The type of IPsec Phase-1 IKE peer identity.
The IKE peer may be identified by:
1. an IP address, or
2. a host name."SYNTAXINTEGER{ipAddrPeer(1),namePeer(2)}IkeNegoMode ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The IPsec Phase-1 IKE negotiation mode."SYNTAXINTEGER{main(1),aggressive(2)}IkeHashAlgo ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The hash algorithm used in IPsec Phase-1
IKE negotiations."SYNTAXINTEGER{none(1),md5(2),sha(3)}IkeAuthMethod ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The authentication method used in IPsec Phase-1 IKE
negotiations."SYNTAXINTEGER{none(1),
preSharedKey(2),rsaSig(3),rsaEncrypt(4),revPublicKey(5)}DiffHellmanGrp ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The Diffie Hellman Group used in negotiations."SYNTAXINTEGER{none(1),dhGroup1(2),dhGroup2(3)}KeyType ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The type of key used by an IPsec Phase-2 Tunnel."SYNTAXINTEGER{ike(1),manual(2)}EncapMode ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The encapsulation mode used by an IPsec Phase-2
Tunnel."SYNTAXINTEGER{tunnel(1),transport(2)}EncryptAlgo ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The encryption algorithm used in negotiations."SYNTAXINTEGER{none(1),des(2),des3(3)}AuthAlgo ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The authentication algorithm used by a
security association of an IPsec Phase-2 Tunnel."SYNTAXINTEGER{none(1),hmacMd5(2),hmacSha(3)}CompAlgo ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The compression algorithm used by a
security association of an IPsec Phase-2 Tunnel."SYNTAXINTEGER{none(1),
ldf(2)}EndPtType ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The type of identity use to specify an IPsec End Point."SYNTAXINTEGER{singleIpAddr(1),ipAddrRange(2),ipSubnet(3)}TunnelStatus ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The status of a Tunnel. Objects of this type may
be used to bring the tunnel down by setting
value of this object to destroy(2). Objects of this
type cannot be used to create a Tunnel."SYNTAXINTEGER{active(1),destroy(2)}TrapStatus ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The administrative status for sending a TRAP."SYNTAXINTEGER{enabled(1),disabled(2)}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec MIB Object Groups
--
-- This MIB module contains the following groups:
-- 1) IPsec Levels Group
-- 2) IPsec Phase-1 Group
-- 3) IPsec Phase-2 Group
-- 4) IPsec History Group
-- 5) IPsec Failure Group
-- 6) IPsec TRAP Control Group
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecMIBObjects OBJECTIDENTIFIER::={ ciscoIpSecFlowMonitorMIB 1}cipSecLevels OBJECTIDENTIFIER::={ cipSecMIBObjects 1}cipSecPhaseOne OBJECTIDENTIFIER::={ cipSecMIBObjects 2}cipSecPhaseTwo OBJECTIDENTIFIER::={ cipSecMIBObjects 3}cipSecHistory OBJECTIDENTIFIER::={ cipSecMIBObjects 4}cipSecFailures OBJECTIDENTIFIER::={ cipSecMIBObjects 5}cipSecTrapCntl OBJECTIDENTIFIER::={ cipSecMIBObjects 6}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Levels Group
--
-- This group consists of a:
-- 1) IPsec MIB Level
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecMibLevel OBJECT-TYPESYNTAXInteger32(1..4096)
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The level of the IPsec MIB."::={ cipSecLevels 1}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Internet Key Exchange (IKE) Group
--
-- This group consists of:
-- 1) IPsec Phase-1 Global Statistics
-- 2) IPsec Phase-1 Peer Table
-- 3) IPsec Phase-1 Tunnel Table
-- 4) IPsec Phase-1 Correlation Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Global Statistics
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cikeGlobalStats OBJECTIDENTIFIER::={ cipSecPhaseOne 1}cikeGlobalActiveTunnels OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of currently active IPsec
Phase-1 IKE Tunnels."::={ cikeGlobalStats 1}cikeGlobalPreviousTunnels OBJECT-TYPESYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of previously active
IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 2}cikeGlobalInOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets received by all currently
and previously active IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 3}cikeGlobalInPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets received by all
currently and previously active IPsec
Phase-1 IKE Tunnels."::={ cikeGlobalStats 4}cikeGlobalInDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets which were
dropped during receive processing by all
currently and previously
active IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 5}cikeGlobalInNotifys OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The total number of notifys received by
all currently and previously active IPsec
Phase-1 IKE Tunnels."::={ cikeGlobalStats 6}cikeGlobalInP2Exchgs OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
received by all currently and previously
active IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 7}cikeGlobalInP2ExchgInvalids OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
which were received and found to be invalid
by all currently and previously active IPsec
Phase-1 IKE Tunnels."::={ cikeGlobalStats 8}cikeGlobalInP2ExchgRejects OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
which were received and rejected by all
currently and previously active IPsec Phase-1
IKE Tunnels."::={ cikeGlobalStats 9}cikeGlobalInP2SaDelRequests OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 security
association delete requests received by all
currently and previously
active and IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 10}cikeGlobalOutOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets sent by all currently
and previously active and IPsec Phase-1
IKE Tunnels."::={ cikeGlobalStats 11}cikeGlobalOutPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets sent by all currently
and previously active and IPsec Phase-1
Tunnels."::={ cikeGlobalStats 12}cikeGlobalOutDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets which were dropped
during send processing by all currently
and previously
active IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 13}cikeGlobalOutNotifys OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of notifys sent by all currently
and previously active IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 14}cikeGlobalOutP2Exchgs OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
which were sent by all currently and previously
active IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 15}cikeGlobalOutP2ExchgInvalids OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
which were sent and found to be invalid by
all currently and previously active IPsec Phase-1
Tunnels."::={ cikeGlobalStats 16}cikeGlobalOutP2ExchgRejects OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
which were sent and rejected by all currently and
previously active IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 17}cikeGlobalOutP2SaDelRequests OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 SA
delete requests sent by all currently and
previously active IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 18}cikeGlobalInitTunnels OBJECT-TYPESYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-1 IKE
Tunnels which were locally initiated."::={ cikeGlobalStats 19}cikeGlobalInitTunnelFails OBJECT-TYPE
SYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-1 IKE Tunnels
which were locally initiated and failed to activate."::={ cikeGlobalStats 20}cikeGlobalRespTunnelFails OBJECT-TYPESYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-1 IKE Tunnels
which were remotely initiated and failed to activate."::={ cikeGlobalStats 21}cikeGlobalSysCapFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of system capacity failures
which occurred during processing of all current
and previously active IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 22}cikeGlobalAuthFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of authentications which ended
in failure by all current and previous IPsec Phase-1
IKE Tunnels."::={ cikeGlobalStats 23}cikeGlobalDecryptFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of decryptions which ended
in failure by all current and previous IPsec Phase-1
IKE Tunnels."::={ cikeGlobalStats 24}cikeGlobalHashValidFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of hash validations which ended
in failure by all current and previous IPsec Phase-1
IKE Tunnels."::={ cikeGlobalStats 25}cikeGlobalNoSaFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of non-existent Security Association
in failures which occurred during processing of
all current and previous IPsec Phase-1 IKE Tunnels."::={ cikeGlobalStats 26}
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Internet Key Exchange Peer Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cikePeerTable OBJECT-TYPESYNTAXSEQUENCEOF CikePeerEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-1 Internet Key Exchange Peer Table.
There is one entry in this table for each IPsec
Phase-1 IKE peer association which is currently
associated with an active IPsec Phase-1 Tunnel.
The IPsec Phase-1 IKE Tunnel associated with this
IPsec Phase-1 IKE peer association may or may not
be currently active."::={ cipSecPhaseOne 2}cikePeerEntry OBJECT-TYPESYNTAX CikePeerEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes associated
with an IPsec Phase-1 IKE peer association."INDEX{
cikePeerLocalType,
cikePeerLocalValue,
cikePeerRemoteType,
cikePeerRemoteValue,
cikePeerIntIndex
}::={ cikePeerTable 1}
CikePeerEntry ::=SEQUENCE{
cikePeerLocalType IkePeerType,
cikePeerLocalValue DisplayString,
cikePeerRemoteType IkePeerType,
cikePeerRemoteValue DisplayString,
cikePeerIntIndex Integer32,
cikePeerLocalAddr IPSIpAddress,
cikePeerRemoteAddr IPSIpAddress,
cikePeerActiveTime TimeInterval,
cikePeerActiveTunnelIndex Integer32}cikePeerLocalType OBJECT-TYPESYNTAX IkePeerType
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The type of local peer identity. The local peer
may be identified by:
1. an IP address, or
2. a host name."::={ cikePeerEntry 1}cikePeerLocalValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The value of the local peer identity.
If the local peer type is an IP Address, then this
is the IP Address used to identify the local peer.
If the local peer type is a host name, then this is
the host name used to identify the local peer."::={ cikePeerEntry 2}cikePeerRemoteType OBJECT-TYPESYNTAX IkePeerType
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The type of remote peer identity. The remote peer
may be identified by:
1. an IP address, or
2. a host name."::={ cikePeerEntry 3}
cikePeerRemoteValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The value of the remote peer identity.
If the remote peer type is an IP Address, then this
is the IP Address used to identify the remote peer.
If the remote peer type is a host name, then this is
the host name used to identify the remote peer."::={ cikePeerEntry 4}cikePeerIntIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The internal index of the local-remote
peer association. This internal index is used
to uniquely identify multiple associations between
the local and remote peer."::={ cikePeerEntry 5}cikePeerLocalAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the local peer."::={ cikePeerEntry 6}cikePeerRemoteAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the remote peer."::={ cikePeerEntry 7}cikePeerActiveTime OBJECT-TYPESYNTAXTimeIntervalMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The length of time that the peer association has
existed in hundredths of a second."::={ cikePeerEntry 8}cikePeerActiveTunnelIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The index of the active IPsec Phase-1 IKE Tunnel
(cikeTunIndex in the cikeTunnelTable) for this peer
association. If an IPsec Phase-1 IKE Tunnel is
not currently active, then the value of this
object will be zero."::={ cikePeerEntry 9}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Internet Key Exchange Tunnel Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cikeTunnelTable OBJECT-TYPESYNTAXSEQUENCEOF CikeTunnelEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-1 Internet Key Exchange Tunnel Table.
There is one entry in this table for each active IPsec
Phase-1 IKE Tunnel."
::={ cipSecPhaseOne 3}cikeTunnelEntry OBJECT-TYPESYNTAX CikeTunnelEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes associated with
an active IPsec Phase-1 IKE Tunnel."INDEX{ cikeTunIndex }::={ cikeTunnelTable 1}
CikeTunnelEntry ::=SEQUENCE{
cikeTunIndex Integer32,
cikeTunLocalType IkePeerType,
cikeTunLocalValue DisplayString,
cikeTunLocalAddr IPSIpAddress,
cikeTunLocalName DisplayString,
cikeTunRemoteType IkePeerType,
cikeTunRemoteValue DisplayString,
cikeTunRemoteAddr IPSIpAddress,
cikeTunRemoteName DisplayString,
cikeTunNegoMode IkeNegoMode,
cikeTunDiffHellmanGrp DiffHellmanGrp,
cikeTunEncryptAlgo EncryptAlgo,
cikeTunHashAlgo IkeHashAlgo,
cikeTunAuthMethod IkeAuthMethod,
cikeTunLifeTime Integer32,
cikeTunActiveTime TimeInterval,
cikeTunSaRefreshThreshold Integer32,
cikeTunTotalRefreshes Counter32,
cikeTunInOctets Counter32,
cikeTunInPkts Counter32,
cikeTunInDropPkts Counter32,
cikeTunInNotifys Counter32,
cikeTunInP2Exchgs Counter32,
cikeTunInP2ExchgInvalids Counter32,
cikeTunInP2ExchgRejects Counter32,
cikeTunInP2SaDelRequests Counter32,
cikeTunOutOctets Counter32,
cikeTunOutPkts Counter32,
cikeTunOutDropPkts Counter32,
cikeTunOutNotifys Counter32,
cikeTunOutP2Exchgs Counter32,
cikeTunOutP2ExchgInvalids Counter32,
cikeTunOutP2ExchgRejects Counter32,
cikeTunOutP2SaDelRequests Counter32,
cikeTunStatus TunnelStatus
}cikeTunIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The index of the IPsec Phase-1 IKE Tunnel Table.
The value of the index is a number which begins
at one and is incremented with each tunnel that
is created. The value of this object will
wrap at 2,147,483,647."::={ cikeTunnelEntry 1}cikeTunLocalType OBJECT-TYPESYNTAX IkePeerType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of local peer identity. The local
peer may be identified by:
1. an IP address, or
2. a host name."::={ cikeTunnelEntry 2}cikeTunLocalValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the local peer identity.
If the local peer type is an IP Address, then this
is the IP Address used to identify the local peer.
If the local peer type is a host name, then this is
the host name used to identify the local peer."::={ cikeTunnelEntry 3}cikeTunLocalAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the local endpoint for the IPsec
Phase-1 IKE Tunnel."::={ cikeTunnelEntry 4}cikeTunLocalName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The DNS name of the local IP address for
the IPsec Phase-1 IKE Tunnel. If the DNS
name associated with the local tunnel endpoint
is not known, then the value of this
object will be a NULL string."::={ cikeTunnelEntry 5}cikeTunRemoteType OBJECT-TYPESYNTAX IkePeerType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of remote peer identity.
The remote peer may be identified by:
1. an IP address, or
2. a host name."::={ cikeTunnelEntry 6}cikeTunRemoteValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the remote peer identity.
If the remote peer type is an IP Address, then this
is the IP Address used to identify the remote peer.
If the remote peer type is a host name, then
this is the host name used to identify the
remote peer."::={ cikeTunnelEntry 7}cikeTunRemoteAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the remote endpoint for the IPsec
Phase-1 IKE Tunnel."::={ cikeTunnelEntry 8}cikeTunRemoteName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The DNS name of the remote IP address of IPsec Phase-1
IKE Tunnel. If the DNS name associated with the remote
tunnel endpoint is not known, then the value of this
object will be a NULL string."::={ cikeTunnelEntry 9}cikeTunNegoMode OBJECT-TYPESYNTAX IkeNegoMode
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiation mode of the IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 10}cikeTunDiffHellmanGrp OBJECT-TYPESYNTAX DiffHellmanGrp
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The Diffie Hellman Group used in IPsec Phase-1 IKE
negotiations."::={ cikeTunnelEntry 11}cikeTunEncryptAlgo OBJECT-TYPESYNTAX EncryptAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encryption algorithm used in IPsec Phase-1 IKE
negotiations."::={ cikeTunnelEntry 12}cikeTunHashAlgo OBJECT-TYPESYNTAX IkeHashAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The hash algorithm used in IPsec Phase-1 IKE
negotiations."::={ cikeTunnelEntry 13}cikeTunAuthMethod OBJECT-TYPESYNTAX IkeAuthMethod
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The authentication method used in IPsec Phase-1 IKE
negotiations."::={ cikeTunnelEntry 14}cikeTunLifeTime OBJECT-TYPESYNTAXInteger32(1..2147483647)UNITS"seconds"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
in seconds."::={ cikeTunnelEntry 15}cikeTunActiveTime OBJECT-TYPESYNTAXTimeIntervalMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The length of time the IPsec Phase-1 IKE tunnel has been
active in hundredths of seconds."::={ cikeTunnelEntry 16}cikeTunSaRefreshThreshold OBJECT-TYPESYNTAXInteger32(1..2147483647)UNITS"seconds"MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The security association refresh threshold in seconds."::={ cikeTunnelEntry 17}cikeTunTotalRefreshes OBJECT-TYPESYNTAXCounter32UNITS"QM Exchanges"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of security associations
refreshes performed."::={ cikeTunnelEntry 18}cikeTunInOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets received by
this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 19}cikeTunInPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets received by
this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 20}cikeTunInDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped
by this IPsec Phase-1 IKE Tunnel during
receive processing."::={ cikeTunnelEntry 21}cikeTunInNotifys OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of notifys received by
this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 22}cikeTunInP2Exchgs OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2
exchanges received by
this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 23}cikeTunInP2ExchgInvalids OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2
exchanges received and found to be invalid
by this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 24}
cikeTunInP2ExchgRejects OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
received and rejected by this IPsec Phase-1
Tunnel."::={ cikeTunnelEntry 25}cikeTunInP2SaDelRequests OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2
security association delete requests received
by this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 26}cikeTunOutOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets sent by this IPsec Phase-1
IKE Tunnel."::={ cikeTunnelEntry 27}cikeTunOutPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets sent by this IPsec Phase-1
IKE Tunnel."::={ cikeTunnelEntry 28}cikeTunOutDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped by this
IPsec Phase-1 IKE Tunnel during send processing."::={ cikeTunnelEntry 29}cikeTunOutNotifys OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of notifys sent by this
IPsec Phase-1 Tunnel."::={ cikeTunnelEntry 30}cikeTunOutP2Exchgs OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges sent by
this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 31}cikeTunOutP2ExchgInvalids OBJECT-TYPESYNTAXCounter32
UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges sent and
found to be invalid by this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 32}cikeTunOutP2ExchgRejects OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges sent and
rejected by this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 33}cikeTunOutP2SaDelRequests OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 security association
delete requests sent by this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelEntry 34}cikeTunStatus OBJECT-TYPESYNTAX TunnelStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The status of the MIB table row.
This object can be used to bring the tunnel down
by setting value of this object to destroy(2).
This object cannot be used to create
a MIB table row."::={ cikeTunnelEntry 35}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The Internet Key Exchange Peer Association to
-- Phase-2 Tunnel Correlation Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cikePeerCorrTable OBJECT-TYPESYNTAXSEQUENCEOF CikePeerCorrEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-1 Internet Key Exchange Peer
Association to IPsec Phase-2 Tunnel
Correlation Table. There is one entry in
this table for each active IPsec Phase-2
Tunnel."::={ cipSecPhaseOne 4}cikePeerCorrEntry OBJECT-TYPESYNTAX CikePeerCorrEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes of an
IPsec Phase-1 IKE Peer Association to IPsec
Phase-2 Tunnel Correlation."INDEX{
cikePeerCorrLocalType,
cikePeerCorrLocalValue,
cikePeerCorrRemoteType,
cikePeerCorrRemoteValue,
cikePeerCorrIntIndex,
cikePeerCorrSeqNum
}::={ cikePeerCorrTable 1}
CikePeerCorrEntry ::=SEQUENCE{
cikePeerCorrLocalType IkePeerType,
cikePeerCorrLocalValue DisplayString,
cikePeerCorrRemoteType IkePeerType,
cikePeerCorrRemoteValue DisplayString,
cikePeerCorrIntIndex Integer32,
cikePeerCorrSeqNum Integer32,
cikePeerCorrIpSecTunIndex Integer32}cikePeerCorrLocalType OBJECT-TYPESYNTAX IkePeerType
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The type of local peer identity. The local peer
may be identified by:
1. an IP address, or
2. a host name."::={ cikePeerCorrEntry 1}cikePeerCorrLocalValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The value of the local peer identity.
If the local peer type is an IP Address, then this
is the IP Address used to identify the local peer.
If the local peer type is a host name, then this is
the host name used to identify the local peer."::={ cikePeerCorrEntry 2}cikePeerCorrRemoteType OBJECT-TYPESYNTAX IkePeerType
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The type of remote peer identity. The remote peer
may be identified by:
1. an IP address, or
2. a host name."::={ cikePeerCorrEntry 3}cikePeerCorrRemoteValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The value of the remote peer identity.
If the remote peer type is an IP Address, then this
is the IP Address used to identify the remote peer.
If the remote peer type is a host name, then this is
the host name used to identify the remote peer."::={ cikePeerCorrEntry 4}cikePeerCorrIntIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The internal index of the local-remote
peer association. This internal index is
used to uniquely identify multiple associations
between the local and remote peer."::={ cikePeerCorrEntry 5}cikePeerCorrSeqNum OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The sequence number of the local-remote
peer association. This sequence number is
used to uniquely identify multiple instances
of an unique association between
the local and remote peer."::={ cikePeerCorrEntry 6}cikePeerCorrIpSecTunIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The index of the active IPsec Phase-2 Tunnel
(cipSecTunIndex in the cipSecTunnelTable) for this
IPsec Phase-1 IKE Peer Association."::={ cikePeerCorrEntry 7}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
-- cikePhase1GWStatsTable
--
-- Gateway Phase-1 IKE stats information
--
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cikePhase1GWStatsTable OBJECT-TYPESYNTAXSEQUENCEOF CikePhase1GWStatsEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Phase-1 IKE stats information is included in this table.
Each entry is related to a specific gateway which is
identified by 'cmgwIndex'."::={ cipSecPhaseOne 5}cikePhase1GWStatsEntry OBJECT-TYPESYNTAX CikePhase1GWStatsEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes of an Phase-1 IKE stats
information for the related gateway.
There is only one entry for each gateway. The entry
is created when a gateway up and cannot be deleted."INDEX{ cmgwIndex }::={ cikePhase1GWStatsTable 1}
CikePhase1GWStatsEntry ::=SEQUENCE{
cikePhase1GWActiveTunnels Gauge32,
cikePhase1GWPreviousTunnels Counter32,
cikePhase1GWInOctets Counter32,
cikePhase1GWInPkts Counter32,
cikePhase1GWInDropPkts Counter32,
cikePhase1GWInNotifys Counter32,
cikePhase1GWInP2Exchgs Counter32,
cikePhase1GWInP2ExchgInvalids Counter32,
cikePhase1GWInP2ExchgRejects Counter32,
cikePhase1GWInP2SaDelRequests Counter32,
cikePhase1GWOutOctets Counter32,
cikePhase1GWOutPkts Counter32,
cikePhase1GWOutDropPkts Counter32,
cikePhase1GWOutNotifys Counter32,
cikePhase1GWOutP2Exchgs Counter32,
cikePhase1GWOutP2ExchgInvalids Counter32,
cikePhase1GWOutP2ExchgRejects Counter32,
cikePhase1GWOutP2SaDelRequests Counter32,
cikePhase1GWInitTunnels Counter32,
cikePhase1GWInitTunnelFails Counter32,
cikePhase1GWRespTunnelFails Counter32,
cikePhase1GWSysCapFails Counter32,
cikePhase1GWAuthFails Counter32,
cikePhase1GWDecryptFails Counter32,
cikePhase1GWHashValidFails Counter32,
cikePhase1GWNoSaFails Counter32}cikePhase1GWActiveTunnels OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of currently active IPsec
Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 1}cikePhase1GWPreviousTunnels OBJECT-TYPESYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of previously active
IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 2}cikePhase1GWInOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets received by all currently
and previously active IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 3}cikePhase1GWInPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets received by all
currently and previously active IPsec
Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 4}cikePhase1GWInDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets which were
dropped during receive processing by all
currently and previously
active IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 5}cikePhase1GWInNotifys OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of notifys received by
all currently and previously active IPsec
Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 6}cikePhase1GWInP2Exchgs OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The total number of IPsec Phase-2 exchanges
received by all currently and previously
active IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 7}cikePhase1GWInP2ExchgInvalids OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
which were received and found to be invalid
by all currently and previously active IPsec
Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 8}cikePhase1GWInP2ExchgRejects OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
which were received and rejected by all
currently and previously active IPsec Phase-1
IKE Tunnels."::={ cikePhase1GWStatsEntry 9}cikePhase1GWInP2SaDelRequests OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 'Security
Association' delete requests received by all
currently and previously active and IPsec
Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 10}cikePhase1GWOutOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets sent by all currently
and previously active and IPsec Phase-1
IKE Tunnels."::={ cikePhase1GWStatsEntry 11}cikePhase1GWOutPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets sent by all currently
and previously active and IPsec Phase-1
Tunnels."::={ cikePhase1GWStatsEntry 12}cikePhase1GWOutDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets which were dropped
during send processing by all currently
and previously
active IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 13}cikePhase1GWOutNotifys OBJECT-TYPE
SYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of notifys sent by all currently
and previously active IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 14}cikePhase1GWOutP2Exchgs OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
which were sent by all currently and previously
active IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 15}cikePhase1GWOutP2ExchgInvalids OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
which were sent and found to be invalid by
all currently and previously active IPsec Phase-1
Tunnels."::={ cikePhase1GWStatsEntry 16}cikePhase1GWOutP2ExchgRejects OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges
which were sent and rejected by all currently and
previously active IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 17}cikePhase1GWOutP2SaDelRequests OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 SA
delete requests sent by all currently and
previously active IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 18}cikePhase1GWInitTunnels OBJECT-TYPESYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-1 IKE
Tunnels which were locally initiated."::={ cikePhase1GWStatsEntry 19}cikePhase1GWInitTunnelFails OBJECT-TYPESYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-1 IKE Tunnels
which were locally initiated and failed to activate."::={ cikePhase1GWStatsEntry 20}
cikePhase1GWRespTunnelFails OBJECT-TYPESYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-1 IKE Tunnels
which were remotely initiated and failed to activate."::={ cikePhase1GWStatsEntry 21}cikePhase1GWSysCapFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of system capacity failures
which occurred during processing of all current
and previously active IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 22}cikePhase1GWAuthFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of authentications which ended
in failure by all current and previous IPsec Phase-1
IKE Tunnels."::={ cikePhase1GWStatsEntry 23}cikePhase1GWDecryptFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of decryptions which ended
in failure by all current and previous IPsec Phase-1
IKE Tunnels."::={ cikePhase1GWStatsEntry 24}cikePhase1GWHashValidFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of hash validations which ended
in failure by all current and previous IPsec Phase-1
IKE Tunnels."::={ cikePhase1GWStatsEntry 25}cikePhase1GWNoSaFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of non-existent 'Security Association'
failures occurred during processing of current and
previous IPsec Phase-1 IKE Tunnels."::={ cikePhase1GWStatsEntry 26}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Phase-2 Group
--
-- This group consists of:
-- 1) IPsec Phase-2 Global Statistics
-- 2) IPsec Phase-2 Tunnel Table
-- 3) IPsec Phase-2 Endpoint Table
-- 4) IPsec Phase-2 Security Protection Index Table
-- 4) IPsec Phase-2 Security Protection Index Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Global Tunnel Statistics
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecGlobalStats OBJECTIDENTIFIER::={ cipSecPhaseTwo 1}cipSecGlobalActiveTunnels OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of currently active
IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 1}cipSecGlobalPreviousTunnels OBJECT-TYPESYNTAXCounter32UNITS"Phase-2 Tunnels"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of previously active
IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 2}cipSecGlobalInOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets received by all
current and previous IPsec Phase-2 Tunnels.
This value is
accumulated BEFORE determining whether or not
the packet should be decompressed. See also
cipSecGlobalInOctWraps for the number of times
this counter has wrapped."::={ cipSecGlobalStats 3}cipSecGlobalHcInOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number of
octets received by all current and previous
IPsec Phase-2 Tunnels. This value is accumulated
BEFORE determining whether or not the packet
should be decompressed."::={ cipSecGlobalStats 4}cipSecGlobalInOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the global octets received
counter (cipSecGlobalInOctets) has wrapped."::={ cipSecGlobalStats 5}cipSecGlobalInDecompOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of decompressed octets received
by all current and previous IPsec Phase-2 Tunnels.
This value is accumulated AFTER the packet is
decompressed. If compression is not being used,
this value will match the value of cipSecGlobalInOctets.
See also cipSecGlobalInDecompOctWraps
for the number of times this counter has wrapped."::={ cipSecGlobalStats 6}cipSecGlobalHcInDecompOctets OBJECT-TYPE
SYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number
of decompressed octets received by all current
and previous IPsec Phase-2 Tunnels. This value
is accumulated AFTER the packet is decompressed.
If compression is not being used, this value
will match the value of cipSecGlobalHcInOctets."::={ cipSecGlobalStats 7}cipSecGlobalInDecompOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the global decompressed
octets received counter
(cipSecGlobalInDecompOctets) has wrapped."::={ cipSecGlobalStats 8}cipSecGlobalInPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets received
by all current and previous
IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 9}cipSecGlobalInDrops OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped
during receive processing by all current and previous
IPsec Phase-2 Tunnels. This count does
NOT include packets dropped due to
Anti-Replay processing."::={ cipSecGlobalStats 10}cipSecGlobalInReplayDrops OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped during
receive processing due to Anti-Replay
processing by all current and previous IPsec
Phase-2 Tunnels."::={ cipSecGlobalStats 11}cipSecGlobalInAuths OBJECT-TYPESYNTAXCounter32UNITS"Events"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound authentication's
performed by all current and previous IPsec
Phase-2 Tunnels."::={ cipSecGlobalStats 12}cipSecGlobalInAuthFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound authentication's
which ended in failure by all current and previous
IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 13}cipSecGlobalInDecrypts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound decryption's
performed by all current and previous IPsec
Phase-2 Tunnels."::={ cipSecGlobalStats 14}cipSecGlobalInDecryptFails OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound decryption's
which ended in failure by all current and
previous IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 15}cipSecGlobalOutOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets sent by all
current and previous IPsec Phase-2 Tunnels.
This value is accumulated AFTER determining
whether or not the packet should be compressed.
See also cipSecGlobalOutOctWraps for the
number of times this counter has wrapped."::={ cipSecGlobalStats 16}cipSecGlobalHcOutOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number
of octets sent by all current and previous
IPsec Phase-2 Tunnels. This value is accumulated
AFTER determining whether or not the packet should
be compressed."::={ cipSecGlobalStats 17}cipSecGlobalOutOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the global octets sent counter
(cipSecGlobalOutOctets) has wrapped."::={ cipSecGlobalStats 18}cipSecGlobalOutUncompOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of uncompressed octets sent
by all current and previous IPsec Phase-2 Tunnels.
This value is accumulated BEFORE the packet is
compressed. If compression is not being used, this
value will match the value of cipSecGlobalOutOctets.
See also cipSecGlobalOutDecompOctWraps for the number
of times this counter has wrapped."::={ cipSecGlobalStats 19}
cipSecGlobalHcOutUncompOctets OBJECT-TYPESYNTAXCounter64UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number of
uncompressed octets sent by all current and previous
IPsec Phase-2 Tunnels. This value is accumulated
BEFORE the packet is compressed. If compression is
not being used, this value will match the
value of cipSecGlobalHcOutOctets."::={ cipSecGlobalStats 20}cipSecGlobalOutUncompOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the global uncompressed
octets sent counter (cipSecGlobalOutUncompOctets)
has wrapped."::={ cipSecGlobalStats 21}cipSecGlobalOutPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets sent by all
current and previous
IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 22}cipSecGlobalOutDrops OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped during send
processing by all current and previous IPsec
Phase-2 Tunnels."::={ cipSecGlobalStats 23}cipSecGlobalOutAuths OBJECT-TYPESYNTAXCounter32UNITS"Events"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound authentication's
performed by all current and previous IPsec
Phase-2 Tunnels."::={ cipSecGlobalStats 24}cipSecGlobalOutAuthFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound authentication's
which ended in failure
by all current and previous IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 25}cipSecGlobalOutEncrypts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION
"The total number of outbound encryption's performed
by all current and previous IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 26}cipSecGlobalOutEncryptFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound encryption's
which ended in failure by all current and
previous IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 27}cipSecGlobalProtocolUseFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of protocol use failures
which occurred during processing of all current
and previously active IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 28}cipSecGlobalNoSaFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of non-existent
Security Association in failures which occurred
during processing of all current
and previous IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 29}cipSecGlobalSysCapFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of system capacity failures
which occurred during processing of all current
and previously active IPsec Phase-2 Tunnels."::={ cipSecGlobalStats 30}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecTunnelTable OBJECT-TYPESYNTAXSEQUENCEOF CipSecTunnelEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-2 Tunnel Table.
There is one entry in this table for
each active IPsec Phase-2 Tunnel."::={ cipSecPhaseTwo 2}cipSecTunnelEntry OBJECT-TYPESYNTAX CipSecTunnelEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes
associated with an active IPsec Phase-2 Tunnel."INDEX{ cipSecTunIndex }::={ cipSecTunnelTable 1}
CipSecTunnelEntry ::=SEQUENCE{
cipSecTunIndex Integer32,
cipSecTunIkeTunnelIndex Integer32,
cipSecTunIkeTunnelAlive TruthValue,
cipSecTunLocalAddr IPSIpAddress,
cipSecTunRemoteAddr IPSIpAddress,
cipSecTunKeyType KeyType,
cipSecTunEncapMode EncapMode,
cipSecTunLifeSize Integer32,
cipSecTunLifeTime Integer32,
cipSecTunActiveTime TimeInterval,
cipSecTunSaLifeSizeThreshold Integer32,
cipSecTunSaLifeTimeThreshold Integer32,
cipSecTunTotalRefreshes Counter32,
cipSecTunExpiredSaInstances Counter32,
cipSecTunCurrentSaInstances Gauge32,
cipSecTunInSaDiffHellmanGrp DiffHellmanGrp,
cipSecTunInSaEncryptAlgo EncryptAlgo,
cipSecTunInSaAhAuthAlgo AuthAlgo,
cipSecTunInSaEspAuthAlgo AuthAlgo,
cipSecTunInSaDecompAlgo CompAlgo,
cipSecTunOutSaDiffHellmanGrp DiffHellmanGrp,
cipSecTunOutSaEncryptAlgo EncryptAlgo,
cipSecTunOutSaAhAuthAlgo AuthAlgo,
cipSecTunOutSaEspAuthAlgo AuthAlgo,
cipSecTunOutSaCompAlgo CompAlgo,
cipSecTunInOctets Counter32,
cipSecTunHcInOctets Counter64,
cipSecTunInOctWraps Counter32,
cipSecTunInDecompOctets Counter32,
cipSecTunHcInDecompOctets Counter64,
cipSecTunInDecompOctWraps Counter32,
cipSecTunInPkts Counter32,
cipSecTunInDropPkts Counter32,
cipSecTunInReplayDropPkts Counter32,
cipSecTunInAuths Counter32,
cipSecTunInAuthFails Counter32,
cipSecTunInDecrypts Counter32,
cipSecTunInDecryptFails Counter32,
cipSecTunOutOctets Counter32,
cipSecTunHcOutOctets Counter64,
cipSecTunOutOctWraps Counter32,
cipSecTunOutUncompOctets Counter32,
cipSecTunHcOutUncompOctets Counter64,
cipSecTunOutUncompOctWraps Counter32,
cipSecTunOutPkts Counter32,
cipSecTunOutDropPkts Counter32,
cipSecTunOutAuths Counter32,
cipSecTunOutAuthFails Counter32,
cipSecTunOutEncrypts Counter32,
cipSecTunOutEncryptFails Counter32,
cipSecTunStatus TunnelStatus
}cipSecTunIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION
"The index of the IPsec Phase-2 Tunnel Table.
The value of the index is a number which begins
at one and is incremented with each tunnel that
is created. The value of this object will wrap
at 2,147,483,647."::={ cipSecTunnelEntry 1}cipSecTunIkeTunnelIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The index of the associated IPsec Phase-1
IKE Tunnel.
(cikeTunIndex in the cikeTunnelTable)"::={ cipSecTunnelEntry 2}cipSecTunIkeTunnelAlive OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"An indicator which specifies whether or not the
IPsec Phase-1 IKE Tunnel currently exists."::={ cipSecTunnelEntry 3}cipSecTunLocalAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the local endpoint for the IPsec
Phase-2 Tunnel."::={ cipSecTunnelEntry 4}cipSecTunRemoteAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the remote endpoint for the IPsec
Phase-2 Tunnel."::={ cipSecTunnelEntry 5}cipSecTunKeyType OBJECT-TYPESYNTAX KeyType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of key used by the IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 6}cipSecTunEncapMode OBJECT-TYPESYNTAX EncapMode
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encapsulation mode used by the
IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 7}cipSecTunLifeSize OBJECT-TYPESYNTAXInteger32(1..2147483647)UNITS"KBytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiated LifeSize of the
IPsec Phase-2 Tunnel in kilobytes."::={ cipSecTunnelEntry 8}cipSecTunLifeTime OBJECT-TYPESYNTAXInteger32(1..2147483647)
UNITS"Seconds"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiated LifeTime of the
IPsec Phase-2 Tunnel in seconds."::={ cipSecTunnelEntry 9}cipSecTunActiveTime OBJECT-TYPESYNTAXTimeIntervalMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The length of time the IPsec Phase-2
Tunnel has been
active in hundredths of seconds."::={ cipSecTunnelEntry 10}cipSecTunSaLifeSizeThreshold OBJECT-TYPESYNTAXInteger32(1..2147483647)UNITS"KBytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The security association LifeSize refresh
threshold in kilobytes."::={ cipSecTunnelEntry 11}cipSecTunSaLifeTimeThreshold OBJECT-TYPESYNTAXInteger32(1..2147483647)UNITS"Seconds"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The security association LifeTime refresh
threshold in seconds."::={ cipSecTunnelEntry 12}cipSecTunTotalRefreshes OBJECT-TYPESYNTAXCounter32UNITS"QM Exchanges"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of security
association refreshes performed."::={ cipSecTunnelEntry 13}cipSecTunExpiredSaInstances OBJECT-TYPESYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of security associations
which have expired."::={ cipSecTunnelEntry 14}cipSecTunCurrentSaInstances OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of security associations
which are currently active or expiring."::={ cipSecTunnelEntry 15}cipSecTunInSaDiffHellmanGrp OBJECT-TYPESYNTAX DiffHellmanGrp
MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The Diffie Hellman Group used
by the inbound security association of the
IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 16}cipSecTunInSaEncryptAlgo OBJECT-TYPESYNTAX EncryptAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encryption algorithm used by the inbound security
association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 17}cipSecTunInSaAhAuthAlgo OBJECT-TYPESYNTAX AuthAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The authentication algorithm used by the inbound
authentication header (AH) security association of
the IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 18}cipSecTunInSaEspAuthAlgo OBJECT-TYPESYNTAX AuthAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The authentication algorithm used by the inbound
encapsulation security protocol (ESP) security
association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 19}cipSecTunInSaDecompAlgo OBJECT-TYPESYNTAX CompAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The decompression algorithm used by the inbound
security association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 20}cipSecTunOutSaDiffHellmanGrp OBJECT-TYPESYNTAX DiffHellmanGrp
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The Diffie Hellman Group used by the outbound security
association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 21}cipSecTunOutSaEncryptAlgo OBJECT-TYPESYNTAX EncryptAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encryption algorithm used by the outbound security
association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 22}cipSecTunOutSaAhAuthAlgo OBJECT-TYPESYNTAX AuthAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The authentication algorithm used by the outbound
authentication header (AH) security association of
the IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 23}cipSecTunOutSaEspAuthAlgo OBJECT-TYPESYNTAX AuthAlgo
MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The authentication algorithm used by the inbound
encapsulation security protocol (ESP)
security association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 24}cipSecTunOutSaCompAlgo OBJECT-TYPESYNTAX CompAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The compression algorithm used by the inbound
security association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 25}cipSecTunInOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets received by this IPsec
Phase-2 Tunnel. This value is accumulated
BEFORE determining whether or not the packet should be
decompressed. See also cipSecTunInOctWraps for the
number of times this counter has wrapped."::={ cipSecTunnelEntry 26}cipSecTunHcInOctets OBJECT-TYPESYNTAXCounter64UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number of octets
received by this IPsec Phase-2 Tunnel. This value is
accumulated BEFORE determining whether or not the packet
should be decompressed."::={ cipSecTunnelEntry 27}cipSecTunInOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the octets received counter
(cipSecTunInOctets) has wrapped."::={ cipSecTunnelEntry 28}cipSecTunInDecompOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of decompressed octets received
by this IPsec Phase-2 Tunnel. This value is
accumulated AFTER the packet is decompressed.
If compression is not being
used, this value will match the value of
cipSecTunInOctets. See also cipSecTunInDecompOctWraps
for the number of times
this counter has wrapped."::={ cipSecTunnelEntry 29}cipSecTunHcInDecompOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number of decompressed
octets received by this IPsec Phase-2 Tunnel. This value
is accumulated AFTER the packet is decompressed. If
compression is not being used, this value will match the
value of cipSecTunHcInOctets."::={ cipSecTunnelEntry 30}cipSecTunInDecompOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the decompressed
octets received counter
(cipSecTunInDecompOctets) has wrapped."::={ cipSecTunnelEntry 31}cipSecTunInPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets received
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 32}cipSecTunInDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped
during receive processing by this IPsec Phase-2
Tunnel. This count does NOT include
packets dropped due to Anti-Replay processing."::={ cipSecTunnelEntry 33}cipSecTunInReplayDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped during
receive processing due to Anti-Replay processing
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 34}cipSecTunInAuths OBJECT-TYPESYNTAXCounter32UNITS"Events"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound
authentication's performed by this
IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 35}cipSecTunInAuthFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound authentication's
which ended in
failure by this IPsec Phase-2 Tunnel ."::={ cipSecTunnelEntry 36}cipSecTunInDecrypts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound decryption's performed
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 37}cipSecTunInDecryptFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound decryption's
which ended in failure
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 38}cipSecTunOutOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets sent by this IPsec
Phase-2 Tunnel. This value is accumulated
AFTER determining whether or not the packet should
be compressed. See also cipSecTunOutOctWraps for
the number of times this counter has wrapped."::={ cipSecTunnelEntry 39}cipSecTunHcOutOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number of octets
sent by this IPsec Phase-2 Tunnel. This value is
accumulated AFTER determining whether or not the
packet
should be compressed."::={ cipSecTunnelEntry 40}cipSecTunOutOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the out octets counter
(cipSecTunOutOctets) has wrapped."::={ cipSecTunnelEntry 41}cipSecTunOutUncompOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of uncompressed octets sent
by this IPsec Phase-2 Tunnel. This value
is accumulated BEFORE the packet is compressed.
If compression is not being used, this value
will match the value of cipSecTunOutOctets.
See also cipSecTunOutDecompOctWraps for the
number of times this counter has wrapped."::={ cipSecTunnelEntry 42}cipSecTunHcOutUncompOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number
of uncompressed octets sent by this IPsec
Phase-2 Tunnel. This value is accumulated BEFORE
the packet is compressed. If compression
is not being used, this value will match the value
of cipSecTunHcOutOctets."::={ cipSecTunnelEntry 43}cipSecTunOutUncompOctWraps OBJECT-TYPESYNTAXCounter32
UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the uncompressed octets sent
counter (cipSecTunOutUncompOctets) has wrapped."::={ cipSecTunnelEntry 44}cipSecTunOutPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets sent by this
IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 45}cipSecTunOutDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped during
send processing by this IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 46}cipSecTunOutAuths OBJECT-TYPESYNTAXCounter32UNITS"Events"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound authentication's performed
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 47}cipSecTunOutAuthFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound
authentication's which ended in failure
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 48}cipSecTunOutEncrypts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound encryption's performed
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 49}cipSecTunOutEncryptFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound encryption's
which ended in failure by this IPsec Phase-2 Tunnel."::={ cipSecTunnelEntry 50}cipSecTunStatus OBJECT-TYPESYNTAX TunnelStatus
MAX-ACCESSread-writeSTATUScurrent
DESCRIPTION"The status of the MIB table row.
This object can be used to bring the tunnel down
by setting value of this object to destroy(2).
When the value is set to destroy(2), the SA
bundle is destroyed and this row is deleted
from this table.
When this MIB value is queried, the value of
active(1) is always returned, if the instance
exists.
This object cannot be used to create a MIB
table row."::={ cipSecTunnelEntry 51}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel Endpoint Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecEndPtTable OBJECT-TYPESYNTAXSEQUENCEOF CipSecEndPtEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-2 Tunnel Endpoint Table.
This table contains an entry for each
active endpoint associated with an IPsec
Phase-2 Tunnel."::={ cipSecPhaseTwo 3}cipSecEndPtEntry OBJECT-TYPESYNTAX CipSecEndPtEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An IPsec Phase-2 Tunnel Endpoint entry."INDEX{
cipSecTunIndex,
cipSecEndPtIndex
}::={ cipSecEndPtTable 1}
CipSecEndPtEntry ::=SEQUENCE{
cipSecEndPtIndex Integer32,
cipSecEndPtLocalName DisplayString,
cipSecEndPtLocalType EndPtType,
cipSecEndPtLocalAddr1 IPSIpAddress,
cipSecEndPtLocalAddr2 IPSIpAddress,
cipSecEndPtLocalProtocol Integer32,
cipSecEndPtLocalPort Integer32,
cipSecEndPtRemoteName DisplayString,
cipSecEndPtRemoteType EndPtType,
cipSecEndPtRemoteAddr1 IPSIpAddress,
cipSecEndPtRemoteAddr2 IPSIpAddress,
cipSecEndPtRemoteProtocol Integer32,
cipSecEndPtRemotePort Integer32}cipSecEndPtIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The number of the Endpoint associated with the
IPsec Phase-2 Tunnel Table. The value of this
index is a number which begins at one and
is incremented with each Endpoint associated
with an IPsec Phase-2 Tunnel.
The value of this object will wrap at 2,147,483,647."::={ cipSecEndPtEntry 1}cipSecEndPtLocalName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The DNS name of the local Endpoint."::={ cipSecEndPtEntry 2}
cipSecEndPtLocalType OBJECT-TYPESYNTAX EndPtType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of identity for the local Endpoint.
Possible values are:
1) a single IP address, or
2) an IP address range, or
3) an IP subnet."::={ cipSecEndPtEntry 3}cipSecEndPtLocalAddr1 OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The local Endpoint's first IP address specification.
If the local Endpoint type is single IP address,
then this is the value of the IP address.
If the local Endpoint type is IP subnet, then this
is the value of the subnet.
If the local Endpoint type is IP address range,
then this is the value of beginning IP address
of the range."::={ cipSecEndPtEntry 4}cipSecEndPtLocalAddr2 OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The local Endpoint's second IP address specification.
If the local Endpoint type is single IP address,
then this is the value of the IP address.
If the local Endpoint type is IP subnet, then this
is the value of the subnet mask.
If the local Endpoint type is IP address range,
then this is the value of ending IP address
of the range."::={ cipSecEndPtEntry 5}cipSecEndPtLocalProtocol OBJECT-TYPESYNTAXInteger32(0..255)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The protocol number of the local Endpoint's traffic."::={ cipSecEndPtEntry 6}cipSecEndPtLocalPort OBJECT-TYPESYNTAXInteger32(0..65535)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The port number of the local Endpoint's traffic."::={ cipSecEndPtEntry 7}cipSecEndPtRemoteName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The DNS name of the remote Endpoint."::={ cipSecEndPtEntry 8}cipSecEndPtRemoteType OBJECT-TYPESYNTAX EndPtType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of identity for the remote Endpoint.
Possible values are:
1) a single IP address, or
2) an IP address range, or
3) an IP subnet."::={ cipSecEndPtEntry 9}cipSecEndPtRemoteAddr1 OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The remote Endpoint's first IP address specification.
If the remote Endpoint type is single IP address,
then this is the value of the IP address.
If the remote Endpoint type is IP subnet, then this
is the value of the subnet.
If the remote Endpoint type is IP address range,
then this is the value of beginning IP address
of the range."::={ cipSecEndPtEntry 10}cipSecEndPtRemoteAddr2 OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The remote Endpoint's second IP address specification.
If the remote Endpoint type is single IP address,
then this is the value of the IP address.
If the remote Endpoint type is IP subnet, then this
is the value of the subnet mask.
If the remote Endpoint type is IP address range,
then this is the value of ending IP address of
the range."::={ cipSecEndPtEntry 11}cipSecEndPtRemoteProtocol OBJECT-TYPESYNTAXInteger32(0..255)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The protocol number of the remote Endpoint's traffic."::={ cipSecEndPtEntry 12}cipSecEndPtRemotePort OBJECT-TYPESYNTAXInteger32(0..65535)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The port number of the remote Endpoint's traffic."::={ cipSecEndPtEntry 13}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Security Protection Index Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecSpiTable OBJECT-TYPESYNTAXSEQUENCEOF CipSecSpiEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-2 Security Protection Index Table.
This table contains an entry for each active
and expiring security
association."::={ cipSecPhaseTwo 4}cipSecSpiEntry OBJECT-TYPESYNTAX CipSecSpiEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes associated with
active and expiring IPsec Phase-2
security associations."INDEX{
cipSecTunIndex,
cipSecSpiIndex
}::={ cipSecSpiTable 1}
CipSecSpiEntry ::=SEQUENCE{
cipSecSpiIndex Integer32,
cipSecSpiDirection INTEGER,
cipSecSpiValue Unsigned32,
cipSecSpiProtocol INTEGER,
cipSecSpiStatus INTEGER}cipSecSpiIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The number of the SPI associated with the
Phase-2 Tunnel Table. The value of this
index is a number which begins at one and is
incremented with each SPI associated with an
IPsec Phase-2 Tunnel. The value of this
object will wrap at 2,147,483,647."::={ cipSecSpiEntry 1}cipSecSpiDirection OBJECT-TYPESYNTAXINTEGER{in(1),out(2)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The direction of the SPI."::={ cipSecSpiEntry 2}cipSecSpiValue OBJECT-TYPESYNTAXUnsigned32(1..4294967295)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the SPI."::={ cipSecSpiEntry 3}cipSecSpiProtocol OBJECT-TYPESYNTAXINTEGER{ah(1),esp(2),ipcomp(3)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The protocol of the SPI."::={ cipSecSpiEntry 4}cipSecSpiStatus OBJECT-TYPESYNTAXINTEGER{active(1),expiring(2)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The status of the SPI."::={ cipSecSpiEntry 5}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
-- cipSecPhase2GWStatsTable
--
-- Gateway Phase-2 IPsec stats information
--
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecPhase2GWStatsTable OBJECT-TYPESYNTAXSEQUENCEOF CipSecPhase2GWStatsEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Phase-2 IPsec stats information is included in this table.
Each entry is related to a specific gateway which is
identified by 'cmgwIndex'"::={ cipSecPhaseTwo 5}cipSecPhase2GWStatsEntry OBJECT-TYPESYNTAX CipSecPhase2GWStatsEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes of an Phase-2 IPsec stats
information for the related gateway.
There is only one entry for each gateway. The entry
is created when a gateway up and cannot be deleted."INDEX{ cmgwIndex }::={ cipSecPhase2GWStatsTable 1}
CipSecPhase2GWStatsEntry ::=SEQUENCE{
cipSecPhase2GWActiveTunnels Gauge32,
cipSecPhase2GWPreviousTunnels Counter32,
cipSecPhase2GWInOctets Counter32,
cipSecPhase2GWInOctWraps Counter32,
cipSecPhase2GWInDecompOctets Counter32,
cipSecPhase2GWInDecompOctWraps Counter32,
cipSecPhase2GWInPkts Counter32,
cipSecPhase2GWInDrops Counter32,
cipSecPhase2GWInReplayDrops Counter32,
cipSecPhase2GWInAuths Counter32,
cipSecPhase2GWInAuthFails Counter32,
cipSecPhase2GWInDecrypts Counter32,
cipSecPhase2GWInDecryptFails Counter32,
cipSecPhase2GWOutOctets Counter32,
cipSecPhase2GWOutOctWraps Counter32,
cipSecPhase2GWOutUncompOctets Counter32,
cipSecPhase2GWOutUncompOctWraps Counter32,
cipSecPhase2GWOutPkts Counter32,
cipSecPhase2GWOutDrops Counter32,
cipSecPhase2GWOutAuths Counter32,
cipSecPhase2GWOutAuthFails Counter32,
cipSecPhase2GWOutEncrypts Counter32,
cipSecPhase2GWOutEncryptFails Counter32,
cipSecPhase2GWProtocolUseFails Counter32,
cipSecPhase2GWNoSaFails Counter32,
cipSecPhase2GWSysCapFails Counter32}cipSecPhase2GWActiveTunnels OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of currently active
IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 1}
cipSecPhase2GWPreviousTunnels OBJECT-TYPESYNTAXCounter32UNITS"Phase-2 Tunnels"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of previously active
IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 2}cipSecPhase2GWInOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets received by all
current and previous IPsec Phase-2 Tunnels.
This value is accumulated BEFORE determining
whether or not the packet should be decompressed.
See also cipSecGlobalInOctWraps for the number
of times this counter has wrapped."::={ cipSecPhase2GWStatsEntry 3}cipSecPhase2GWInOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the global octets received
counter (cipSecGlobalInOctets) has wrapped."::={ cipSecPhase2GWStatsEntry 4}cipSecPhase2GWInDecompOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of decompressed octets received
by all current and previous IPsec Phase-2 Tunnels.
This value is accumulated AFTER the packet is
decompressed. If compression is not being used,
this value will match the value of cipSecGlobalInOctets.
See also cipSecGlobalInDecompOctWraps
for the number of times this counter has wrapped."::={ cipSecPhase2GWStatsEntry 5}cipSecPhase2GWInDecompOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the global decompressed
octets received counter (cipSecGlobalInDecompOctets)
has wrapped."::={ cipSecPhase2GWStatsEntry 6}cipSecPhase2GWInPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets received
by all current and previous IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 7}cipSecPhase2GWInDrops OBJECT-TYPESYNTAXCounter32UNITS"Packets"
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped
during receive processing by all current and previous
IPsec Phase-2 Tunnels. This count does NOT include
packets dropped due to Anti-Replay processing."::={ cipSecPhase2GWStatsEntry 8}cipSecPhase2GWInReplayDrops OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped during
receive processing due to Anti-Replay
processing by all current and previous IPsec
Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 9}cipSecPhase2GWInAuths OBJECT-TYPESYNTAXCounter32UNITS"Events"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound authentication's
performed by all current and previous IPsec
Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 10}cipSecPhase2GWInAuthFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound authentication's
which ended in failure by all current and previous
IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 11}cipSecPhase2GWInDecrypts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound decryption's
performed by all current and previous IPsec
Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 12}cipSecPhase2GWInDecryptFails OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound decryption's
which ended in failure by all current and
previous IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 13}cipSecPhase2GWOutOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets sent by all
current and previous IPsec Phase-2 Tunnels.
This value is accumulated AFTER determining
whether or not the packet should be compressed.
See also cipSecGlobalOutOctWraps for the
number of times this counter has wrapped."::={ cipSecPhase2GWStatsEntry 14}cipSecPhase2GWOutOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the global octets sent counter
(cipSecGlobalOutOctets) has wrapped."::={ cipSecPhase2GWStatsEntry 15}cipSecPhase2GWOutUncompOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of uncompressed octets sent
by all current and previous IPsec Phase-2 Tunnels.
This value is accumulated BEFORE the packet is
compressed. If compression is not being used, this
value will match the value of cipSecGlobalOutOctets.
See also cipSecGlobalOutDecompOctWraps for the number
of times this counter has wrapped."::={ cipSecPhase2GWStatsEntry 16}cipSecPhase2GWOutUncompOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the global uncompressed
octets sent counter (cipSecGlobalOutUncompOctets)
has wrapped."::={ cipSecPhase2GWStatsEntry 17}cipSecPhase2GWOutPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets sent by all
current and previous IPsec Phase-2
Tunnels."::={ cipSecPhase2GWStatsEntry 18}cipSecPhase2GWOutDrops OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped during send
processing by all current and previous IPsec
Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 19}cipSecPhase2GWOutAuths OBJECT-TYPESYNTAXCounter32UNITS"Events"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound authentication's
performed by all current and previous IPsec
Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 20}cipSecPhase2GWOutAuthFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound authentication's
which ended in failure
by all current and previous IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 21}cipSecPhase2GWOutEncrypts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound encryption's performed
by all current and previous IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 22}cipSecPhase2GWOutEncryptFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound encryption's
which ended in failure by all current and
previous IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 23}cipSecPhase2GWProtocolUseFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of protocol use failures
which occurred during processing of all current
and previously active IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 24}cipSecPhase2GWNoSaFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of non-existent
Security Association in failures which occurred
during processing of all current
and previous IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 25}cipSecPhase2GWSysCapFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of system capacity failures
which occurred during processing of all current
and previously active IPsec Phase-2 Tunnels."::={ cipSecPhase2GWStatsEntry 26}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec History Group
--
-- This group consists of a:
-- 1) IPsec History Global Objects
-- 2) IPsec Phase-1 History Objects
-- 3) IPsec Phase-2 History Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecHistGlobal OBJECTIDENTIFIER::={ cipSecHistory 1}cipSecHistPhaseOne OBJECTIDENTIFIER::={ cipSecHistory 2}
cipSecHistPhaseTwo OBJECTIDENTIFIER::={ cipSecHistory 3}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec History Global Control Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecHistGlobalCntl OBJECTIDENTIFIER::={ cipSecHistGlobal 1}cipSecHistTableSize OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The window size of the IPsec Phase-1 and Phase-2
History Tables.
The IPsec Phase-1 and Phase-2 History Tables are
implemented as a sliding window in which only the
last n entries are maintained. This object is used
specify the number of entries which will be
maintained in the IPsec Phase-1 and
Phase-2 History Tables.
An implementation may choose suitable minimum and
maximum values for this element based on the local
policy and available resources. If an SNMP SET request
specifies a value outside this window for this element,
a BAD VALUE may be returned."::={ cipSecHistGlobalCntl 1}cipSecHistCheckPoint OBJECT-TYPESYNTAXINTEGER{ready(1),checkPoint(2)}MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The current state of check point processing.
This object will return ready when the agent is
ready to create on-demand history entries for
active IPsec Tunnels or checkPoint when the
agent is currently creating on-demand history
entries for active IPsec Tunnels.
By setting this value to checkPoint, the agent
will create:
a) an entry in the IPsec Phase-1 Tunnel History
for each active IPsec Phase-1 Tunnel and
b) an entry in the IPsec Phase-2 Tunnel History
Table and an entry in the IPsec Phase-2
Tunnel EndPoint History Table
for each active IPsec Phase-2 Tunnel."::={ cipSecHistGlobalCntl 2}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Tunnel History Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cikeTunnelHistTable OBJECT-TYPESYNTAXSEQUENCEOF CikeTunnelHistEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-1 Internet Key Exchange Tunnel
History Table. This table is implemented as a
sliding window in which only the last n entries
are maintained. The maximum number of entries
is specified by the cipSecHistTableSize object."::={ cipSecHistPhaseOne 1}cikeTunnelHistEntry OBJECT-TYPESYNTAX CikeTunnelHistEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes
associated with a previously active IPsec
Phase-1 IKE Tunnel."INDEX{ cikeTunHistIndex }::={ cikeTunnelHistTable 1}
CikeTunnelHistEntry ::=SEQUENCE{
cikeTunHistIndex Integer32,
cikeTunHistTermReason INTEGER,
cikeTunHistActiveIndex Integer32,
cikeTunHistPeerLocalType IkePeerType,
cikeTunHistPeerLocalValue DisplayString,
cikeTunHistPeerIntIndex Integer32,
cikeTunHistPeerRemoteType IkePeerType,
cikeTunHistPeerRemoteValue DisplayString,
cikeTunHistLocalAddr IPSIpAddress,
cikeTunHistLocalName DisplayString,
cikeTunHistRemoteAddr IPSIpAddress,
cikeTunHistRemoteName DisplayString,
cikeTunHistNegoMode IkeNegoMode,
cikeTunHistDiffHellmanGrp DiffHellmanGrp,
cikeTunHistEncryptAlgo EncryptAlgo,
cikeTunHistHashAlgo IkeHashAlgo,
cikeTunHistAuthMethod IkeAuthMethod,
cikeTunHistLifeTime Integer32,
cikeTunHistStartTime TimeStamp,
cikeTunHistActiveTime TimeInterval,
cikeTunHistTotalRefreshes Counter32,
cikeTunHistTotalSas Counter32,
cikeTunHistInOctets Counter32,
cikeTunHistInPkts Counter32,
cikeTunHistInDropPkts Counter32,
cikeTunHistInNotifys Counter32,
cikeTunHistInP2Exchgs Counter32,
cikeTunHistInP2ExchgInvalids Counter32,
cikeTunHistInP2ExchgRejects Counter32,
cikeTunHistInP2SaDelRequests Counter32,
cikeTunHistOutOctets Counter32,
cikeTunHistOutPkts Counter32,
cikeTunHistOutDropPkts Counter32,
cikeTunHistOutNotifys Counter32,
cikeTunHistOutP2Exchgs Counter32,
cikeTunHistOutP2ExchgInvalids Counter32,
cikeTunHistOutP2ExchgRejects Counter32,
cikeTunHistOutP2SaDelRequests Counter32}cikeTunHistIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The index of the IPsec Phase-1 IKE Tunnel History
Table. The value of the index is a number which
begins at one and is incremented with each
tunnel that ends. The value of this object
will wrap at 2,147,483,647."::={ cikeTunnelHistEntry 1}cikeTunHistTermReason OBJECT-TYPE
SYNTAXINTEGER{other(1),normal(2),operRequest(3),peerDelRequest(4),peerLost(5),localFailure(6),checkPointReg(7)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The reason the IPsec Phase-1 IKE Tunnel was terminated.
Possible reasons include:
1 = other
2 = normal termination
3 = operator request
4 = peer delete request was received
5 = contact with peer was lost
6 = local failure occurred.
7 = operator initiated check point request"::={ cikeTunnelHistEntry 2}cikeTunHistActiveIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The index of the previously active IPsec
Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 3}cikeTunHistPeerLocalType OBJECT-TYPESYNTAX IkePeerType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of local peer identity. The local peer
may be identified by:
1. an IP address, or
2. a host name."::={ cikeTunnelHistEntry 4}cikeTunHistPeerLocalValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the local peer identity.
If the local peer type is an IP Address, then this
is the IP Address used to identify the local peer.
If the local peer type is a host name, then this is
the host name used to identify the local peer."::={ cikeTunnelHistEntry 5}cikeTunHistPeerIntIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The internal index of the local-remote peer
association. This internal index is used to
uniquely identify multiple associations between
the local and remote peer."::={ cikeTunnelHistEntry 6}cikeTunHistPeerRemoteType OBJECT-TYPESYNTAX IkePeerType
MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The type of remote peer identity. The remote
peer may be identified by:
1. an IP address, or
2. a host name."::={ cikeTunnelHistEntry 7}cikeTunHistPeerRemoteValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the remote peer identity.
If the remote peer type is an IP Address, then this
is the IP Address used to identify the remote peer.
If the remote peer type is a host name, then this is
the host name used to identify the remote peer."::={ cikeTunnelHistEntry 8}cikeTunHistLocalAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the local endpoint for the IPsec
Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 9}cikeTunHistLocalName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The DNS name of the local IP address for
the IPsec Phase-1 IKE Tunnel. If the DNS
name associated with the local tunnel endpoint
is not known, then the value of this
object will be a NULL string."::={ cikeTunnelHistEntry 10}cikeTunHistRemoteAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the remote endpoint for the IPsec
Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 11}cikeTunHistRemoteName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The DNS name of the remote IP address of IPsec Phase-1
IKE Tunnel. If the DNS name associated with the remote
tunnel endpoint is not known, then the value of this
object will be a NULL string."::={ cikeTunnelHistEntry 12}cikeTunHistNegoMode OBJECT-TYPESYNTAX IkeNegoMode
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiation mode of the IPsec Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 13}cikeTunHistDiffHellmanGrp OBJECT-TYPESYNTAX DiffHellmanGrp
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The Diffie Hellman Group used in IPsec Phase-1 IKE
negotiations."::={ cikeTunnelHistEntry 14}cikeTunHistEncryptAlgo OBJECT-TYPE
SYNTAX EncryptAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encryption algorithm used in IPsec Phase-1 IKE
negotiations."::={ cikeTunnelHistEntry 15}cikeTunHistHashAlgo OBJECT-TYPESYNTAX IkeHashAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The hash algorithm used in IPsec Phase-1 IKE
negotiations."::={ cikeTunnelHistEntry 16}cikeTunHistAuthMethod OBJECT-TYPESYNTAX IkeAuthMethod
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The authentication method used in IPsec Phase-1 IKE
negotiations."::={ cikeTunnelHistEntry 17}cikeTunHistLifeTime OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
in seconds."::={ cikeTunnelHistEntry 18}cikeTunHistStartTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of sysUpTime in hundredths of seconds
when the IPsec Phase-1 IKE tunnel was started."::={ cikeTunnelHistEntry 19}cikeTunHistActiveTime OBJECT-TYPESYNTAXTimeIntervalMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The length of time the IPsec Phase-1 IKE tunnel was been
active in hundredths of seconds."::={ cikeTunnelHistEntry 20}cikeTunHistTotalRefreshes OBJECT-TYPESYNTAXCounter32UNITS"QM Exchanges"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of security associations
refreshes performed."::={ cikeTunnelHistEntry 21}cikeTunHistTotalSas OBJECT-TYPESYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of security associations
used during the
life of the IPsec Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 22}
cikeTunHistInOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets
received by this IPsec Phase-1
IKE Tunnel."::={ cikeTunnelHistEntry 23}cikeTunHistInPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets received
by this IPsec Phase-1
IKE Tunnel."::={ cikeTunnelHistEntry 24}cikeTunHistInDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped
by this IPsec Phase-1
IKE Tunnel during receive processing."::={ cikeTunnelHistEntry 25}cikeTunHistInNotifys OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of notifys received
by this IPsec Phase-1
IKE Tunnel."::={ cikeTunnelHistEntry 26}cikeTunHistInP2Exchgs OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2
exchanges received by
this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 27}cikeTunHistInP2ExchgInvalids OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2
exchanges received and
found to be invalid by this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 28}cikeTunHistInP2ExchgRejects OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2
exchanges received and
rejected by this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 29}cikeTunHistInP2SaDelRequests OBJECT-TYPE
SYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 security association
delete requests received by this IPsec
Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 30}cikeTunHistOutOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets sent by this IPsec Phase-1
IKE Tunnel."::={ cikeTunnelHistEntry 31}cikeTunHistOutPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets sent by this IPsec Phase-1
IKE Tunnel."::={ cikeTunnelHistEntry 32}cikeTunHistOutDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped
by this IPsec Phase-1
IKE Tunnel during send processing."::={ cikeTunnelHistEntry 33}cikeTunHistOutNotifys OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of notifys sent by this IPsec Phase-1
IKE Tunnel."::={ cikeTunnelHistEntry 34}cikeTunHistOutP2Exchgs OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges sent by
this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 35}cikeTunHistOutP2ExchgInvalids OBJECT-TYPESYNTAXCounter32UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges sent and
found to be invalid by this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 36}cikeTunHistOutP2ExchgRejects OBJECT-TYPESYNTAXCounter32
UNITS"SA Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 exchanges sent and
rejected by this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 37}cikeTunHistOutP2SaDelRequests OBJECT-TYPESYNTAXCounter32UNITS"Notification Payloads"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of IPsec Phase-2 security association
delete requests sent by this IPsec Phase-1 IKE Tunnel."::={ cikeTunnelHistEntry 38}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel History Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecTunnelHistTable OBJECT-TYPESYNTAXSEQUENCEOF CipSecTunnelHistEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-2 Tunnel History Table.
This table is implemented as a sliding
window in which only the
last n entries are maintained. The maximum number
of entries
is specified by the cipSecHistTableSize object."::={ cipSecHistPhaseTwo 1}cipSecTunnelHistEntry OBJECT-TYPESYNTAX CipSecTunnelHistEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes associated with
a previously active IPsec Phase-2 Tunnel."INDEX{ cipSecTunHistIndex }::={ cipSecTunnelHistTable 1}
CipSecTunnelHistEntry ::=SEQUENCE{
cipSecTunHistIndex Integer32,
cipSecTunHistTermReason INTEGER,
cipSecTunHistActiveIndex Integer32,
cipSecTunHistIkeTunnelIndex Integer32,
cipSecTunHistLocalAddr IPSIpAddress,
cipSecTunHistRemoteAddr IPSIpAddress,
cipSecTunHistKeyType KeyType,
cipSecTunHistEncapMode EncapMode,
cipSecTunHistLifeSize Integer32,
cipSecTunHistLifeTime Integer32,
cipSecTunHistStartTime TimeStamp,
cipSecTunHistActiveTime TimeInterval,
cipSecTunHistTotalRefreshes Counter32,
cipSecTunHistTotalSas Counter32,
cipSecTunHistInSaDiffHellmanGrp DiffHellmanGrp,
cipSecTunHistInSaEncryptAlgo EncryptAlgo,
cipSecTunHistInSaAhAuthAlgo AuthAlgo,
cipSecTunHistInSaEspAuthAlgo AuthAlgo,
cipSecTunHistInSaDecompAlgo CompAlgo,
cipSecTunHistOutSaDiffHellmanGrp DiffHellmanGrp,
cipSecTunHistOutSaEncryptAlgo EncryptAlgo,
cipSecTunHistOutSaAhAuthAlgo AuthAlgo,
cipSecTunHistOutSaEspAuthAlgo AuthAlgo,
cipSecTunHistOutSaCompAlgo CompAlgo,
cipSecTunHistInOctets Counter32,
cipSecTunHistHcInOctets Counter64,
cipSecTunHistInOctWraps Counter32,
cipSecTunHistInDecompOctets Counter32,
cipSecTunHistHcInDecompOctets Counter64,
cipSecTunHistInDecompOctWraps Counter32,
cipSecTunHistInPkts Counter32,
cipSecTunHistInDropPkts Counter32,
cipSecTunHistInReplayDropPkts Counter32,
cipSecTunHistInAuths Counter32,
cipSecTunHistInAuthFails Counter32,
cipSecTunHistInDecrypts Counter32,
cipSecTunHistInDecryptFails Counter32,
cipSecTunHistOutOctets Counter32,
cipSecTunHistHcOutOctets Counter64,
cipSecTunHistOutOctWraps Counter32,
cipSecTunHistOutUncompOctets Counter32,
cipSecTunHistHcOutUncompOctets Counter64,
cipSecTunHistOutUncompOctWraps Counter32,
cipSecTunHistOutPkts Counter32,
cipSecTunHistOutDropPkts Counter32,
cipSecTunHistOutAuths Counter32,
cipSecTunHistOutAuthFails Counter32,
cipSecTunHistOutEncrypts Counter32,
cipSecTunHistOutEncryptFails Counter32}cipSecTunHistIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The index of the IPsec Phase-2 Tunnel History Table.
The value of the index is a number which
begins at one and is incremented with each tunnel
that ends. The value
of this object will wrap at 2,147,483,647."::={ cipSecTunnelHistEntry 1}cipSecTunHistTermReason OBJECT-TYPESYNTAXINTEGER{other(1),normal(2),operRequest(3),peerDelRequest(4),peerLost(5),seqNumRollOver(6),checkPointReq(7)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION
"The reason the IPsec Phase-2 Tunnel was terminated.
Possible reasons include:
1 = other
2 = normal termination
3 = operator request
4 = peer delete request was received
5 = contact with peer was lost
6 = local failure occurred
7 = operator initiated check point request"::={ cipSecTunnelHistEntry 2}cipSecTunHistActiveIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The index of the previously active
IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 3}cipSecTunHistIkeTunnelIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The index of the associated IPsec Phase-1 Tunnel
(cikeTunIndex in the cikeTunnelTable)."::={ cipSecTunnelHistEntry 4}cipSecTunHistLocalAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the local endpoint for the IPsec
Phase-2 Tunnel."::={ cipSecTunnelHistEntry 5}cipSecTunHistRemoteAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the remote endpoint for the IPsec
Phase-2 Tunnel."::={ cipSecTunnelHistEntry 6}cipSecTunHistKeyType OBJECT-TYPESYNTAX KeyType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of key used by the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 7}cipSecTunHistEncapMode OBJECT-TYPESYNTAX EncapMode
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encapsulation mode used by the
IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 8}cipSecTunHistLifeSize OBJECT-TYPESYNTAXInteger32(1..2147483647)UNITS"KBytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiated LifeSize of the IPsec Phase-2 Tunnel in
kilobytes."::={ cipSecTunnelHistEntry 9}
cipSecTunHistLifeTime OBJECT-TYPESYNTAXInteger32(1..2147483647)UNITS"Seconds"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiated LifeTime of the IPsec Phase-2 Tunnel in
seconds."::={ cipSecTunnelHistEntry 10}cipSecTunHistStartTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of sysUpTime in hundredths of seconds
when the IPsec Phase-2 Tunnel was started."::={ cipSecTunnelHistEntry 11}cipSecTunHistActiveTime OBJECT-TYPESYNTAXTimeIntervalMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The length of time the IPsec Phase-2 Tunnel has been
active in hundredths of seconds."::={ cipSecTunnelHistEntry 12}cipSecTunHistTotalRefreshes OBJECT-TYPESYNTAXCounter32UNITS"QM Exchanges"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of security association refreshes
performed."::={ cipSecTunnelHistEntry 13}cipSecTunHistTotalSas OBJECT-TYPESYNTAXCounter32UNITS"SAs"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of security associations used
during the
life of the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 14}cipSecTunHistInSaDiffHellmanGrp OBJECT-TYPESYNTAX DiffHellmanGrp
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The Diffie Hellman Group used by the inbound security
association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 15}cipSecTunHistInSaEncryptAlgo OBJECT-TYPESYNTAX EncryptAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encryption algorithm used by the inbound security
association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 16}cipSecTunHistInSaAhAuthAlgo OBJECT-TYPESYNTAX AuthAlgo
MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The authentication algorithm used by the inbound
authentication header (AH) security association of
the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 17}cipSecTunHistInSaEspAuthAlgo OBJECT-TYPESYNTAX AuthAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The authentication algorithm used by the inbound
encapsulation security protocol (ESP)
security association of
the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 18}cipSecTunHistInSaDecompAlgo OBJECT-TYPESYNTAX CompAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The decompression algorithm used by the inbound
security association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 19}cipSecTunHistOutSaDiffHellmanGrp OBJECT-TYPESYNTAX DiffHellmanGrp
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The Diffie Hellman Group used by the outbound security
association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 20}cipSecTunHistOutSaEncryptAlgo OBJECT-TYPESYNTAX EncryptAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encryption algorithm used by the outbound security
association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 21}cipSecTunHistOutSaAhAuthAlgo OBJECT-TYPESYNTAX AuthAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The authentication algorithm used by the outbound
authentication header (AH) security association of
the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 22}cipSecTunHistOutSaEspAuthAlgo OBJECT-TYPESYNTAX AuthAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The authentication algorithm used by the inbound
encapsulation security protocol (ESP)
security association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 23}cipSecTunHistOutSaCompAlgo OBJECT-TYPESYNTAX CompAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The compression algorithm used by the inbound
security association of the IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 24}cipSecTunHistInOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets received by this IPsec
Phase-2 Tunnel. This value is accumulated
BEFORE determining whether or not the packet should
be decompressed. See also cipSecTunInOctWraps for
the number of times this counter has wrapped."::={ cipSecTunnelHistEntry 25}cipSecTunHistHcInOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number of octets
received by this IPsec Phase-2 Tunnel. This value is
accumulated BEFORE determining whether or not
the packet should be decompressed."::={ cipSecTunnelHistEntry 26}cipSecTunHistInOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the octets received counter
(cipSecTunInOctets) has wrapped."::={ cipSecTunnelHistEntry 27}cipSecTunHistInDecompOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of decompressed octets received by this
IPsec Phase-2 Tunnel. This value is accumulated AFTER
the packet is decompressed. If compression is not being
used, this value will match the value of cipSecTunHistInOctets.
See also cipSecTunInDecompOctWraps for the number of times
this counter has wrapped."::={ cipSecTunnelHistEntry 28}cipSecTunHistHcInDecompOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number of decompressed
octets received by this IPsec Phase-2 Tunnel. This value
is accumulated AFTER the packet is decompressed. If
compression is not being used, this value will match the
value of cipSecTunHistHcInOctets."::={ cipSecTunnelHistEntry 29}cipSecTunHistInDecompOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the decompressed octets
received counter (cipSecTunInDecompOctets) has wrapped."::={ cipSecTunnelHistEntry 30}cipSecTunHistInPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION
"The total number of packets received by this
IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 31}cipSecTunHistInDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped during
receive processing by this IPsec Phase-2 Tunnel.
This count does NOT include packets
dropped due to Anti-Replay processing."::={ cipSecTunnelHistEntry 32}cipSecTunHistInReplayDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped during
receive processing due to Anti-Replay processing
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 33}cipSecTunHistInAuths OBJECT-TYPESYNTAXCounter32UNITS"Events"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound authentication's
performed
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 34}cipSecTunHistInAuthFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound authentication's
which ended in
failure by this IPsec Phase-2 Tunnel ."::={ cipSecTunnelHistEntry 35}cipSecTunHistInDecrypts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound decryption's performed
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 36}cipSecTunHistInDecryptFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of inbound decryption's
which ended in failure
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 37}cipSecTunHistOutOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The total number of octets sent by this IPsec
Phase-2 Tunnel. This value is accumulated
AFTER determining whether or not the
packet should be
compressed. See also cipSecTunOutOctWraps for the
number of times this counter has wrapped."::={ cipSecTunnelHistEntry 38}cipSecTunHistHcOutOctets OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total number of octets
sent by this IPsec Phase-2 Tunnel. This value
is accumulated AFTER determining whether or not
the packet should be
compressed."::={ cipSecTunnelHistEntry 39}cipSecTunHistOutOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the octets sent counter
(cipSecTunOutOctets) has wrapped."::={ cipSecTunnelHistEntry 40}cipSecTunHistOutUncompOctets OBJECT-TYPESYNTAXCounter32UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of uncompressed octets sent by this
IPsec Phase-2 Tunnel. This value is accumulated BEFORE
the packet is compressed. If compression is not being
used, this value will match the value of
cipSecTunHistOutOctets. See also
cipSecTunOutDecompOctWraps for the number of times
this counter has wrapped."::={ cipSecTunnelHistEntry 41}cipSecTunHistHcOutUncompOctets OBJECT-TYPESYNTAXCounter64UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"A high capacity count of the total
number of uncompressed octets sent by this
IPsec Phase-2 Tunnel. This value is accumulated
BEFORE the packet is compressed. If compression
is not being used, this value will match the value of
cipSecTunHistHcOutOctets."::={ cipSecTunnelHistEntry 42}cipSecTunHistOutUncompOctWraps OBJECT-TYPESYNTAXCounter32UNITS"Integral units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the uncompressed octets sent counter
(cipSecTunOutUncompOctets) has wrapped."::={ cipSecTunnelHistEntry 43}cipSecTunHistOutPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets sent by this
IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 44}cipSecTunHistOutDropPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets dropped
during send processing
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 45}cipSecTunHistOutAuths OBJECT-TYPESYNTAXCounter32UNITS"Events"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound authentication's performed
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 46}cipSecTunHistOutAuthFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound authentication's
which ended in
failure by this IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 47}cipSecTunHistOutEncrypts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound encryption's performed
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 48}cipSecTunHistOutEncryptFails OBJECT-TYPESYNTAXCounter32UNITS"Failures"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of outbound encryption's
which ended in failure
by this IPsec Phase-2 Tunnel."::={ cipSecTunnelHistEntry 49}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel Endpoint History Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecEndPtHistTable OBJECT-TYPESYNTAXSEQUENCEOF CipSecEndPtHistEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-2 Tunnel Endpoint History Table.
This table is implemented as a
sliding window in which only the
last n entries are maintained.
The maximum number of entries
is specified by the cipSecHistTableSize object."::={ cipSecHistPhaseTwo 2}cipSecEndPtHistEntry OBJECT-TYPESYNTAX CipSecEndPtHistEntry
MAX-ACCESSnot-accessible
STATUScurrentDESCRIPTION"Each entry contains the attributes associated with
a previously active IPsec Phase-2 Tunnel Endpoint."INDEX{ cipSecEndPtHistIndex }::={ cipSecEndPtHistTable 1}
CipSecEndPtHistEntry ::=SEQUENCE{
cipSecEndPtHistIndex Integer32,
cipSecEndPtHistTunIndex Integer32,
cipSecEndPtHistActiveIndex Integer32,
cipSecEndPtHistLocalName DisplayString,
cipSecEndPtHistLocalType EndPtType,
cipSecEndPtHistLocalAddr1 IPSIpAddress,
cipSecEndPtHistLocalAddr2 IPSIpAddress,
cipSecEndPtHistLocalProtocol Integer32,
cipSecEndPtHistLocalPort Integer32,
cipSecEndPtHistRemoteName DisplayString,
cipSecEndPtHistRemoteType EndPtType,
cipSecEndPtHistRemoteAddr1 IPSIpAddress,
cipSecEndPtHistRemoteAddr2 IPSIpAddress,
cipSecEndPtHistRemoteProtocol Integer32,
cipSecEndPtHistRemotePort Integer32}cipSecEndPtHistIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The number of the previously active
Endpoint associated
with a IPsec Phase-2 Tunnel Table. The value
of this index is a number which begins at
one and is incremented with each Endpoint
associated with an IPsec Phase-2 Tunnel.
The value of this object will wrap at 2,147,483,647."::={ cipSecEndPtHistEntry 1}cipSecEndPtHistTunIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The index of the previously active IPsec
Phase-2 Tunnel Table."::={ cipSecEndPtHistEntry 2}cipSecEndPtHistActiveIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The index of the previously active Endpoint."::={ cipSecEndPtHistEntry 3}cipSecEndPtHistLocalName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The DNS name of the local Endpoint."::={ cipSecEndPtHistEntry 4}cipSecEndPtHistLocalType OBJECT-TYPE
SYNTAX EndPtType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of identity for the local Endpoint.
Possible values are:
1) a single IP address, or
2) an IP address range, or
3) an IP subnet."::={ cipSecEndPtHistEntry 5}cipSecEndPtHistLocalAddr1 OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The local Endpoint's first IP address specification.
If the local Endpoint type is single IP address,
then this is the value of the IP address.
If the local Endpoint type is IP subnet, then this
is the value of the subnet.
If the local Endpoint type is IP address range,
then this is the value of beginning IP address of
the range."::={ cipSecEndPtHistEntry 6}cipSecEndPtHistLocalAddr2 OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The local Endpoint's second IP address specification.
If the local Endpoint type is single IP address,
then this is the value of the IP address.
If the local Endpoint type is IP subnet, then this
is the value of the subnet mask.
If the local Endpoint type is IP address range,
then this
is the value of ending IP address of the range."::={ cipSecEndPtHistEntry 7}cipSecEndPtHistLocalProtocol OBJECT-TYPESYNTAXInteger32(0..255)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The protocol number of the local Endpoint's traffic."::={ cipSecEndPtHistEntry 8}cipSecEndPtHistLocalPort OBJECT-TYPESYNTAXInteger32(0..65535)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The port number of the local Endpoint's traffic."::={ cipSecEndPtHistEntry 9}cipSecEndPtHistRemoteName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The DNS name of the remote Endpoint."::={ cipSecEndPtHistEntry 10}cipSecEndPtHistRemoteType OBJECT-TYPESYNTAX EndPtType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of identity for the remote Endpoint.
Possible values are:
1) a single IP address, or
2) an IP address range, or
3) an IP subnet."::={ cipSecEndPtHistEntry 11}
cipSecEndPtHistRemoteAddr1 OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The remote Endpoint's first IP address specification.
If the remote Endpoint type is single IP address,
then this
is the value of the IP address.
If the remote Endpoint type is IP subnet, then this
is the value of the subnet.
If the remote Endpoint type is IP address range,
then this
is the value of beginning IP address of the range."::={ cipSecEndPtHistEntry 12}cipSecEndPtHistRemoteAddr2 OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The remote Endpoint's second IP address specification.
If the remote Endpoint type is single IP address,
then this
is the value of the IP address.
If the remote Endpoint type is IP subnet, then this
is the value of the subnet mask.
If the remote Endpoint type is IP address range,
then this
is the value of ending IP address of the range."::={ cipSecEndPtHistEntry 13}cipSecEndPtHistRemoteProtocol OBJECT-TYPESYNTAXInteger32(0..255)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The protocol number of the remote Endpoint's traffic."::={ cipSecEndPtHistEntry 14}cipSecEndPtHistRemotePort OBJECT-TYPESYNTAXInteger32(0..65535)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The port number of the remote Endpoint's traffic."::={ cipSecEndPtHistEntry 15}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Failure Group
--
-- This group consists of a:
-- 1) IPsec Failure Global Objects
-- 2) IPsec Phase-1 Tunnel Failure Table
-- 3) IPsec Phase-2 Tunnel Failure Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecFailGlobal OBJECTIDENTIFIER::={ cipSecFailures 1}cipSecFailPhaseOne OBJECTIDENTIFIER::={ cipSecFailures 2}cipSecFailPhaseTwo OBJECTIDENTIFIER::={ cipSecFailures 3}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Failure Global Control Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecFailGlobalCntl OBJECTIDENTIFIER::={ cipSecFailGlobal 1}cipSecFailTableSize OBJECT-TYPESYNTAXInteger32(1..2147483647)
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The window size of the IPsec Phase-1 and Phase-2
Failure Tables.
The IPsec Phase-1 and Phase-2 Failure Tables are
implemented as a sliding window in which only the
last n entries are maintained. This object is used
specify the number of entries which will be
maintained in the IPsec Phase-1 and Phase-2 Failure
Tables.
An implementation may choose suitable minimum and
maximum values for this element based on the local
policy and available resources. If an SNMP SET request
specifies a value outside this window for this element,
a BAD VALUE may be returned."::={ cipSecFailGlobalCntl 1}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Failure Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cikeFailTable OBJECT-TYPESYNTAXSEQUENCEOF CikeFailEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-1 Failure Table.
This table is implemented as a sliding
window in which only the last n entries are
maintained. The maximum number of entries
is specified by the cipSecFailTableSize object."::={ cipSecFailPhaseOne 1}cikeFailEntry OBJECT-TYPESYNTAX CikeFailEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes associated
with
an IPsec Phase-1 failure."INDEX{ cikeFailIndex }::={ cikeFailTable 1}
CikeFailEntry ::=SEQUENCE{
cikeFailIndex Integer32,
cikeFailReason INTEGER,
cikeFailTime TimeStamp,
cikeFailLocalType IkePeerType,
cikeFailLocalValue DisplayString,
cikeFailRemoteType IkePeerType,
cikeFailRemoteValue DisplayString,
cikeFailLocalAddr IPSIpAddress,
cikeFailRemoteAddr IPSIpAddress
}cikeFailIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-1 Failure Table index.
The value of the index is a number which
begins at one and is incremented with each
IPsec Phase-1 failure. The value
of this object will wrap at 2,147,483,647."::={ cikeFailEntry 1}cikeFailReason OBJECT-TYPESYNTAXINTEGER{other(1),peerDelRequest(2),peerLost(3),
localFailure(4),authFailure(5),hashValidation(6),encryptFailure(7),internalError(8),sysCapExceeded(9),proposalFailure(10),peerCertUnavailable(11),peerCertNotValid(12),localCertExpired(13),crlFailure(14),peerEncodingError(15),nonExistentSa(16),operRequest(17)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The reason for the failure. Possible reasons include:
1 = other
2 = peer delete request was received
3 = contact with peer was lost
4 = local failure occurred
5 = authentication failure
6 = hash validation failure
7 = encryption failure
8 = internal error occurred
9 = system capacity failure
10 = proposal failure
11 = peer's certificate is unavailable
12 = peer's certificate was found invalid
13 = local certificate expired
14 = certificate revoke list (crl) failure
15 = peer encoding error
16 = non-existent security association
17 = operator requested termination."::={ cikeFailEntry 2}cikeFailTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of sysUpTime in hundredths of seconds
at the time of the failure."::={ cikeFailEntry 3}cikeFailLocalType OBJECT-TYPESYNTAX IkePeerType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of local peer identity. The local peer
may be identified by:
1. an IP address, or
2. a host name."::={ cikeFailEntry 4}cikeFailLocalValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the local peer identity.
If the local peer type is an IP Address, then this
is the IP Address used to identify the local peer.
If the local peer type is a host name, then this is
the host name used to identify the local peer."::={ cikeFailEntry 5}
cikeFailRemoteType OBJECT-TYPESYNTAX IkePeerType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of remote peer identity. The remote
peer may be identified by:
1. an IP address, or
2. a host name."::={ cikeFailEntry 6}cikeFailRemoteValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the remote peer identity.
If the remote peer type is an IP Address, then this
is the IP Address used to identify the remote peer.
If the remote peer type is a host name, then this is
the host name used to identify the remote peer."::={ cikeFailEntry 7}cikeFailLocalAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the local peer."::={ cikeFailEntry 8}cikeFailRemoteAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the remote peer."::={ cikeFailEntry 9}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Failure Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecFailTable OBJECT-TYPESYNTAXSEQUENCEOF CipSecFailEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-2 Failure Table.
This table is implemented as a sliding window
in which only the last n entries are maintained.
The maximum number of entries
is specified by the cipSecFailTableSize object."::={ cipSecFailPhaseTwo 1}cipSecFailEntry OBJECT-TYPESYNTAX CipSecFailEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes associated with
an IPsec Phase-1 failure."INDEX{ cipSecFailIndex }::={ cipSecFailTable 1}
CipSecFailEntry ::=SEQUENCE{
cipSecFailIndex Integer32,
cipSecFailReason INTEGER,
cipSecFailTime TimeStamp,
cipSecFailTunnelIndex Integer32,
cipSecFailSaSpi Integer32,
cipSecFailPktSrcAddr IPSIpAddress,
cipSecFailPktDstAddr IPSIpAddress
}cipSecFailIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-2 Failure Table index.
The value of the index is a number which
begins at one and is incremented with each
IPsec Phase-1 failure. The value
of this object will wrap at 2,147,483,647."::={ cipSecFailEntry 1}cipSecFailReason OBJECT-TYPESYNTAXINTEGER{other(1),internalError(2),peerEncodingError(3),proposalFailure(4),protocolUseFail(5),nonExistentSa(6),decryptFailure(7),encryptFailure(8),inAuthFailure(9),outAuthFailure(10),compression(11),sysCapExceeded(12),peerDelRequest(13),peerLost(14),seqNumRollOver(15),operRequest(16)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The reason for the failure. Possible reasons
include:
1 = other
2 = internal error occurred
3 = peer encoding error
4 = proposal failure
5 = protocol use failure
6 = non-existent security association
7 = decryption failure
8 = encryption failure
9 = inbound authentication failure
10 = outbound authentication failure
11 = compression failure
12 = system capacity failure
13 = peer delete request was received
14 = contact with peer was lost
15 = sequence number rolled over
16 = operator requested termination."::={ cipSecFailEntry 2}cipSecFailTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of sysUpTime in hundredths of seconds
at the time of the failure."::={ cipSecFailEntry 3}cipSecFailTunnelIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The Phase-2 Tunnel index (cipSecTunIndex)."::={ cipSecFailEntry 4}cipSecFailSaSpi OBJECT-TYPESYNTAXInteger32(0..2147483647)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The security association SPI value."::={ cipSecFailEntry 5}cipSecFailPktSrcAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The packet's source IP address."::={ cipSecFailEntry 6}cipSecFailPktDstAddr OBJECT-TYPESYNTAX IPSIpAddress
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The packet's destination IP address."::={ cipSecFailEntry 7}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec TRAP Control Group
--
-- This group of objects controls the sending of IPsec TRAPs.
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecTrapCntlIkeTunnelStart OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state of
sending the IPsec IKE Phase-1 Tunnel Start TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 1}cipSecTrapCntlIkeTunnelStop OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state
of sending the
IPsec IKE Phase-1 Tunnel Stop TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 2}cipSecTrapCntlIkeSysFailure OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state
of sending the
IPsec IKE Phase-1 System Failure TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 3}cipSecTrapCntlIkeCertCrlFailure OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative
state of sending the
IPsec IKE Phase-1 Certificate/CRL Failure TRAP"
DEFVAL{ disabled }::={ cipSecTrapCntl 4}cipSecTrapCntlIkeProtocolFail OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative
state of sending the
IPsec IKE Phase-1 Protocol Failure TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 5}cipSecTrapCntlIkeNoSa OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative
state of sending the
IPsec IKE Phase-1 No Security Association TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 6}cipSecTrapCntlIpSecTunnelStart OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state
of sending the IPsec
Phase-2 Tunnel Start TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 7}cipSecTrapCntlIpSecTunnelStop OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative
state of sending the IPsec
Phase-2 Tunnel Stop TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 8}cipSecTrapCntlIpSecSysFailure OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state
of sending the IPsec
Phase-2 System Failure TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 9}cipSecTrapCntlIpSecSetUpFailure OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state
of sending the IPsec
Phase-2 Set Up Failure TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 10}cipSecTrapCntlIpSecEarlyTunTerm OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state
of sending the IPsec
Phase-2 Early Tunnel Termination TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 11}cipSecTrapCntlIpSecProtocolFail OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state
of sending the IPsec
Phase-2 Protocol Failure TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 12}cipSecTrapCntlIpSecNoSa OBJECT-TYPESYNTAX TrapStatus
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state
of sending the IPsec
Phase-2 No Security Association TRAP"DEFVAL{ disabled }::={ cipSecTrapCntl 13}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Notifications - TRAPs
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecMIBNotificationPrefix OBJECTIDENTIFIER::={ ciscoIpSecFlowMonitorMIB 2}cipSecMIBNotifications OBJECTIDENTIFIER::={ cipSecMIBNotificationPrefix 0}cikeTunnelStart NOTIFICATION-TYPEOBJECTS{
cikePeerLocalAddr,
cikePeerRemoteAddr,
cikeTunLifeTime
}STATUScurrentDESCRIPTION"This notification is generated when an IPsec Phase-1
IKE Tunnel becomes active."::={ cipSecMIBNotifications 1}cikeTunnelStop NOTIFICATION-TYPEOBJECTS{
cikePeerLocalAddr,
cikePeerRemoteAddr,
cikeTunActiveTime
}STATUScurrentDESCRIPTION"This notification is generated when an IPsec Phase-1
IKE Tunnel becomes inactive."::={ cipSecMIBNotifications 2}cikeSysFailure NOTIFICATION-TYPEOBJECTS{
cikePeerLocalAddr,
cikePeerRemoteAddr
}STATUScurrentDESCRIPTION"This notification is generated when the processing for
an IPsec Phase-1 IKE Tunnel experiences an internal
or system capacity error."::={ cipSecMIBNotifications 3}cikeCertCrlFailure NOTIFICATION-TYPEOBJECTS{
cikePeerLocalAddr,
cikePeerRemoteAddr
}STATUScurrent
DESCRIPTION"This notification is generated when the processing for
an IPsec Phase-1 IKE Tunnel experiences a Certificate
or a Certificate Revoke List (CRL) related error."::={ cipSecMIBNotifications 4}cikeProtocolFailure NOTIFICATION-TYPEOBJECTS{
cikePeerLocalAddr,
cikePeerRemoteAddr
}STATUScurrentDESCRIPTION"This notification is generated when the processing for
an IPsec Phase-1 IKE Tunnel experiences a protocol
related error."::={ cipSecMIBNotifications 5}cikeNoSa NOTIFICATION-TYPEOBJECTS{
cikePeerLocalAddr,
cikePeerRemoteAddr
}STATUScurrentDESCRIPTION"This notification is generated when the processing for
an IPsec Phase-1 IKE Tunnel experiences a non-existent
security association error."::={ cipSecMIBNotifications 6}cipSecTunnelStart NOTIFICATION-TYPEOBJECTS{
cipSecTunLifeTime,
cipSecTunLifeSize
}STATUScurrentDESCRIPTION"This notification is generated when an IPsec Phase-2
Tunnel becomes active."::={ cipSecMIBNotifications 7}cipSecTunnelStop NOTIFICATION-TYPEOBJECTS{ cipSecTunActiveTime }STATUScurrentDESCRIPTION"This notification is generated when an IPsec Phase-2
Tunnel becomes inactive."::={ cipSecMIBNotifications 8}cipSecSysFailure NOTIFICATION-TYPEOBJECTS{
cikePeerLocalAddr,
cikePeerRemoteAddr,
cipSecTunActiveTime,
cipSecSpiProtocol
}STATUScurrentDESCRIPTION"This notification is generated when the processing for
an IPsec Phase-2 Tunnel experiences an internal
or system capacity error."::={ cipSecMIBNotifications 9}cipSecSetUpFailure NOTIFICATION-TYPEOBJECTS{
cikePeerLocalAddr,
cikePeerRemoteAddr
}STATUScurrentDESCRIPTION"This notification is generated when the setup for
an IPsec Phase-2 Tunnel fails."::={ cipSecMIBNotifications 10}cipSecEarlyTunTerm NOTIFICATION-TYPEOBJECTS{
cipSecTunActiveTime,
cipSecSpiProtocol
}
STATUScurrentDESCRIPTION"This notification is generated when an an IPsec Phase-2
Tunnel is terminated earily or before expected."::={ cipSecMIBNotifications 11}cipSecProtocolFailure NOTIFICATION-TYPEOBJECTS{
cipSecTunActiveTime,
cipSecSpiProtocol
}STATUScurrentDESCRIPTION"This notification is generated when the processing for
an IPsec Phase-2 Tunnel experiences a protocol
related error."::={ cipSecMIBNotifications 12}cipSecNoSa NOTIFICATION-TYPESTATUScurrentDESCRIPTION"This notification is generated when the processing for
an IPsec Phase-2 Tunnel experiences a non-existent
security association error."::={ cipSecMIBNotifications 13}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Conformance Information
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecMIBConformance OBJECTIDENTIFIER::={ ciscoIpSecFlowMonitorMIB 3}cipSecMIBGroups OBJECTIDENTIFIER::={ cipSecMIBConformance 1}cipSecMIBCompliances OBJECTIDENTIFIER::={ cipSecMIBConformance 2}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Compliance Statements
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecMIBCompliance MODULE-COMPLIANCESTATUSdeprecatedDESCRIPTION"The compliance statement for SNMP entities
the IP Security Protocol.
This has been replaced by cipSecMIBComplianceRev1."MODULE-- this moduleMANDATORY-GROUPS{
cipSecLevelsGroup,
cipSecPhaseOneGroup,
cipSecPhaseTwoGroup
}OBJECT cikeTunStatus
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT cipSecTunStatus
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."::={ cipSecMIBCompliances 1}cipSecMIBComplianceRev1 MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for SNMP entities
the IP Security Protocol."MODULE-- this moduleMANDATORY-GROUPS{
cipSecLevelsGroup,
cipSecPhaseOneGroup,
cipSecPhaseTwoGroup
}GROUP cipSecGWStatsGroup
DESCRIPTION"Implementation of this group is for the
gateway supporting IPSec statistics
information."OBJECT cikeTunStatus
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT cipSecTunStatus
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."::={ cipSecMIBCompliances 2}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Units of Conformance
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cipSecLevelsGroup OBJECT-GROUPOBJECTS{ cipSecMibLevel }STATUScurrentDESCRIPTION"This group consists of a:
1) IPsec MIB Level"::={ cipSecMIBGroups 1}cipSecPhaseOneGroup OBJECT-GROUPOBJECTS{
cikeGlobalActiveTunnels,
cikeGlobalPreviousTunnels,
cikeGlobalInOctets,
cikeGlobalInPkts,
cikeGlobalInDropPkts,
cikeGlobalInNotifys,
cikeGlobalInP2Exchgs,
cikeGlobalInP2ExchgInvalids,
cikeGlobalInP2ExchgRejects,
cikeGlobalInP2SaDelRequests,
cikeGlobalOutOctets,
cikeGlobalOutPkts,
cikeGlobalOutDropPkts,
cikeGlobalOutNotifys,
cikeGlobalOutP2Exchgs,
cikeGlobalOutP2ExchgInvalids,
cikeGlobalOutP2ExchgRejects,
cikeGlobalOutP2SaDelRequests,
cikeGlobalInitTunnels,
cikeGlobalInitTunnelFails,
cikeGlobalRespTunnelFails,
cikeGlobalSysCapFails,
cikeGlobalAuthFails,
cikeGlobalDecryptFails,
cikeGlobalHashValidFails,
cikeGlobalNoSaFails,
cikePeerLocalAddr,
cikePeerRemoteAddr,
cikePeerActiveTime,
cikePeerActiveTunnelIndex,
cikeTunLocalType,
cikeTunLocalValue,
cikeTunLocalAddr,
cikeTunLocalName,
cikeTunRemoteType,
cikeTunRemoteValue,
cikeTunRemoteAddr,
cikeTunRemoteName,
cikeTunNegoMode,
cikeTunDiffHellmanGrp,
cikeTunEncryptAlgo,
cikeTunHashAlgo,
cikeTunAuthMethod,
cikeTunLifeTime,
cikeTunActiveTime,
cikeTunSaRefreshThreshold,
cikeTunTotalRefreshes,
cikeTunInOctets,
cikeTunInPkts,
cikeTunInDropPkts,
cikeTunInNotifys,
cikeTunInP2Exchgs,
cikeTunInP2ExchgInvalids,
cikeTunInP2ExchgRejects,
cikeTunInP2SaDelRequests,
cikeTunOutOctets,
cikeTunOutPkts,
cikeTunOutDropPkts,
cikeTunOutNotifys,
cikeTunOutP2Exchgs,
cikeTunOutP2ExchgInvalids,
cikeTunOutP2ExchgRejects,
cikeTunOutP2SaDelRequests,
cikeTunStatus,
cikePeerCorrIpSecTunIndex
}STATUScurrentDESCRIPTION"This group consists of:
1) IPsec Phase-1 Global Objects
2) IPsec Phase-1 Peer Table
3) IPsec Phase-1 Tunnel Table
4) IPsec Phase-1 Correlation Table"::={ cipSecMIBGroups 2}cipSecPhaseTwoGroup OBJECT-GROUPOBJECTS{
cipSecGlobalActiveTunnels,
cipSecGlobalPreviousTunnels,
cipSecGlobalInOctets,
cipSecGlobalHcInOctets,
cipSecGlobalInOctWraps,
cipSecGlobalInDecompOctets,
cipSecGlobalHcInDecompOctets,
cipSecGlobalInDecompOctWraps,
cipSecGlobalInPkts,
cipSecGlobalInDrops,
cipSecGlobalInReplayDrops,
cipSecGlobalInAuths,
cipSecGlobalInAuthFails,
cipSecGlobalInDecrypts,
cipSecGlobalInDecryptFails,
cipSecGlobalOutOctets,
cipSecGlobalHcOutOctets,
cipSecGlobalOutOctWraps,
cipSecGlobalOutUncompOctets,
cipSecGlobalHcOutUncompOctets,
cipSecGlobalOutUncompOctWraps,
cipSecGlobalOutPkts,
cipSecGlobalOutDrops,
cipSecGlobalOutAuths,
cipSecGlobalOutAuthFails,
cipSecGlobalOutEncrypts,
cipSecGlobalOutEncryptFails,
cipSecGlobalProtocolUseFails,
cipSecGlobalNoSaFails,
cipSecGlobalSysCapFails,
cipSecTunIkeTunnelIndex,
cipSecTunIkeTunnelAlive,
cipSecTunLocalAddr,
cipSecTunRemoteAddr,
cipSecTunKeyType,
cipSecTunEncapMode,
cipSecTunLifeSize,
cipSecTunLifeTime,
cipSecTunActiveTime,
cipSecTunSaLifeSizeThreshold,
cipSecTunSaLifeTimeThreshold,
cipSecTunTotalRefreshes,
cipSecTunExpiredSaInstances,
cipSecTunCurrentSaInstances,
cipSecTunInSaDiffHellmanGrp,
cipSecTunInSaEncryptAlgo,
cipSecTunInSaAhAuthAlgo,
cipSecTunInSaEspAuthAlgo,
cipSecTunInSaDecompAlgo,
cipSecTunOutSaDiffHellmanGrp,
cipSecTunOutSaEncryptAlgo,
cipSecTunOutSaAhAuthAlgo,
cipSecTunOutSaEspAuthAlgo,
cipSecTunOutSaCompAlgo,
cipSecTunInOctets,
cipSecTunHcInOctets,
cipSecTunInOctWraps,
cipSecTunInDecompOctets,
cipSecTunHcInDecompOctets,
cipSecTunInDecompOctWraps,
cipSecTunInPkts,
cipSecTunInDropPkts,
cipSecTunInReplayDropPkts,
cipSecTunInAuths,
cipSecTunInAuthFails,
cipSecTunInDecrypts,
cipSecTunInDecryptFails,
cipSecTunOutOctets,
cipSecTunHcOutOctets,
cipSecTunOutOctWraps,
cipSecTunOutUncompOctets,
cipSecTunHcOutUncompOctets,
cipSecTunOutUncompOctWraps,
cipSecTunOutPkts,
cipSecTunOutDropPkts,
cipSecTunOutAuths,
cipSecTunOutAuthFails,
cipSecTunOutEncrypts,
cipSecTunOutEncryptFails,
cipSecTunStatus,
cipSecEndPtLocalName,
cipSecEndPtLocalType,
cipSecEndPtLocalAddr1,
cipSecEndPtLocalAddr2,
cipSecEndPtLocalProtocol,
cipSecEndPtLocalPort,
cipSecEndPtRemoteName,
cipSecEndPtRemoteType,
cipSecEndPtRemoteAddr1,
cipSecEndPtRemoteAddr2,
cipSecEndPtRemoteProtocol,
cipSecEndPtRemotePort,
cipSecSpiDirection,
cipSecSpiValue,
cipSecSpiProtocol,
cipSecSpiStatus
}STATUScurrentDESCRIPTION"This group consists of:
1) IPsec Phase-2 Global Statistics
2) IPsec Phase-2 Tunnel Table
3) IPsec Phase-2 Endpoint Table
4) IPsec Phase-2 Security Protection Index Table"::={ cipSecMIBGroups 3}cipSecHistoryGroup OBJECT-GROUPOBJECTS{
cipSecHistTableSize,
cipSecHistCheckPoint,
cikeTunHistTermReason,
cikeTunHistActiveIndex,
cikeTunHistPeerLocalType,
cikeTunHistPeerLocalValue,
cikeTunHistPeerIntIndex,
cikeTunHistPeerRemoteType,
cikeTunHistPeerRemoteValue,
cikeTunHistLocalAddr,
cikeTunHistLocalName,
cikeTunHistRemoteAddr,
cikeTunHistRemoteName,
cikeTunHistNegoMode,
cikeTunHistDiffHellmanGrp,
cikeTunHistEncryptAlgo,
cikeTunHistHashAlgo,
cikeTunHistAuthMethod,
cikeTunHistLifeTime,
cikeTunHistStartTime,
cikeTunHistActiveTime,
cikeTunHistTotalRefreshes,
cikeTunHistTotalSas,
cikeTunHistInOctets,
cikeTunHistInPkts,
cikeTunHistInDropPkts,
cikeTunHistInNotifys,
cikeTunHistInP2Exchgs,
cikeTunHistInP2ExchgInvalids,
cikeTunHistInP2ExchgRejects,
cikeTunHistInP2SaDelRequests,
cikeTunHistOutOctets,
cikeTunHistOutPkts,
cikeTunHistOutDropPkts,
cikeTunHistOutNotifys,
cikeTunHistOutP2Exchgs,
cikeTunHistOutP2ExchgInvalids,
cikeTunHistOutP2ExchgRejects,
cikeTunHistOutP2SaDelRequests,
cipSecTunHistTermReason,
cipSecTunHistActiveIndex,
cipSecTunHistIkeTunnelIndex,
cipSecTunHistLocalAddr,
cipSecTunHistRemoteAddr,
cipSecTunHistKeyType,
cipSecTunHistEncapMode,
cipSecTunHistLifeSize,
cipSecTunHistLifeTime,
cipSecTunHistStartTime,
cipSecTunHistActiveTime,
cipSecTunHistTotalRefreshes,
cipSecTunHistTotalSas,
cipSecTunHistInSaDiffHellmanGrp,
cipSecTunHistInSaEncryptAlgo,
cipSecTunHistInSaAhAuthAlgo,
cipSecTunHistInSaEspAuthAlgo,
cipSecTunHistInSaDecompAlgo,
cipSecTunHistOutSaDiffHellmanGrp,
cipSecTunHistOutSaEncryptAlgo,
cipSecTunHistOutSaAhAuthAlgo,
cipSecTunHistOutSaEspAuthAlgo,
cipSecTunHistOutSaCompAlgo,
cipSecTunHistInOctets,
cipSecTunHistHcInOctets,
cipSecTunHistInOctWraps,
cipSecTunHistInDecompOctets,
cipSecTunHistHcInDecompOctets,
cipSecTunHistInDecompOctWraps,
cipSecTunHistInPkts,
cipSecTunHistInDropPkts,
cipSecTunHistInReplayDropPkts,
cipSecTunHistInAuths,
cipSecTunHistInAuthFails,
cipSecTunHistInDecrypts,
cipSecTunHistInDecryptFails,
cipSecTunHistOutOctets,
cipSecTunHistHcOutOctets,
cipSecTunHistOutOctWraps,
cipSecTunHistOutUncompOctets,
cipSecTunHistHcOutUncompOctets,
cipSecTunHistOutUncompOctWraps,
cipSecTunHistOutPkts,
cipSecTunHistOutDropPkts,
cipSecTunHistOutAuths,
cipSecTunHistOutAuthFails,
cipSecTunHistOutEncrypts,
cipSecTunHistOutEncryptFails,
cipSecEndPtHistTunIndex,
cipSecEndPtHistActiveIndex,
cipSecEndPtHistLocalName,
cipSecEndPtHistLocalType,
cipSecEndPtHistLocalAddr1,
cipSecEndPtHistLocalAddr2,
cipSecEndPtHistLocalProtocol,
cipSecEndPtHistLocalPort,
cipSecEndPtHistRemoteName,
cipSecEndPtHistRemoteType,
cipSecEndPtHistRemoteAddr1,
cipSecEndPtHistRemoteAddr2,
cipSecEndPtHistRemoteProtocol,
cipSecEndPtHistRemotePort
}STATUScurrentDESCRIPTION"This group consists of:
1) IPsec History Global Objects
2) IPsec Phase-1 History Objects
3) IPsec Phase-2 History Objects"::={ cipSecMIBGroups 4}cipSecFailuresGroup OBJECT-GROUPOBJECTS{
cipSecFailTableSize,
cikeFailReason,
cikeFailTime,
cikeFailLocalType,
cikeFailLocalValue,
cikeFailRemoteType,
cikeFailRemoteValue,
cikeFailLocalAddr,
cikeFailRemoteAddr,
cipSecFailReason,
cipSecFailTime,
cipSecFailTunnelIndex,
cipSecFailSaSpi,
cipSecFailPktSrcAddr,
cipSecFailPktDstAddr
}STATUScurrentDESCRIPTION"This group consists of:
1) IPsec Failure Global Objects
2) IPsec Phase-1 Tunnel Failure Table
3) IPsec Phase-2 Tunnel Failure Table"::={ cipSecMIBGroups 5}cipSecTrapCntlGroup OBJECT-GROUPOBJECTS{
cipSecTrapCntlIkeTunnelStart,
cipSecTrapCntlIkeTunnelStop,
cipSecTrapCntlIkeSysFailure,
cipSecTrapCntlIkeCertCrlFailure,
cipSecTrapCntlIkeProtocolFail,
cipSecTrapCntlIkeNoSa,
cipSecTrapCntlIpSecTunnelStart,
cipSecTrapCntlIpSecTunnelStop,
cipSecTrapCntlIpSecSysFailure,
cipSecTrapCntlIpSecSetUpFailure,
cipSecTrapCntlIpSecEarlyTunTerm,
cipSecTrapCntlIpSecProtocolFail,
cipSecTrapCntlIpSecNoSa
}STATUScurrentDESCRIPTION"This group of objects controls the sending of IPsec TRAPs."::={ cipSecMIBGroups 6}cipSecNotificationGroup NOTIFICATION-GROUPNOTIFICATIONS{
cikeTunnelStart,
cikeTunnelStop,
cikeSysFailure,
cikeCertCrlFailure,
cikeProtocolFailure,
cikeNoSa,
cipSecTunnelStart,
cipSecTunnelStop,
cipSecSysFailure,
cipSecSetUpFailure,
cipSecEarlyTunTerm,
cipSecProtocolFailure,
cipSecNoSa
}STATUScurrentDESCRIPTION"This group contains the notifications for the IPsec MIB."::={ cipSecMIBGroups 7}cipSecGWStatsGroup OBJECT-GROUPOBJECTS{
cikePhase1GWActiveTunnels,
cikePhase1GWPreviousTunnels,
cikePhase1GWInOctets,
cikePhase1GWInPkts,
cikePhase1GWInDropPkts,
cikePhase1GWInNotifys,
cikePhase1GWInP2Exchgs,
cikePhase1GWInP2ExchgInvalids,
cikePhase1GWInP2ExchgRejects,
cikePhase1GWInP2SaDelRequests,
cikePhase1GWOutOctets,
cikePhase1GWOutPkts,
cikePhase1GWOutDropPkts,
cikePhase1GWOutNotifys,
cikePhase1GWOutP2Exchgs,
cikePhase1GWOutP2ExchgInvalids,
cikePhase1GWOutP2ExchgRejects,
cikePhase1GWOutP2SaDelRequests,
cikePhase1GWInitTunnels,
cikePhase1GWInitTunnelFails,
cikePhase1GWRespTunnelFails,
cikePhase1GWSysCapFails,
cikePhase1GWAuthFails,
cikePhase1GWDecryptFails,
cikePhase1GWHashValidFails,
cikePhase1GWNoSaFails,
cipSecPhase2GWActiveTunnels,
cipSecPhase2GWPreviousTunnels,
cipSecPhase2GWInOctets,
cipSecPhase2GWInOctWraps,
cipSecPhase2GWInDecompOctets,
cipSecPhase2GWInDecompOctWraps,
cipSecPhase2GWInPkts,
cipSecPhase2GWInDrops,
cipSecPhase2GWInReplayDrops,
cipSecPhase2GWInAuths,
cipSecPhase2GWInAuthFails,
cipSecPhase2GWInDecrypts,
cipSecPhase2GWInDecryptFails,
cipSecPhase2GWOutOctets,
cipSecPhase2GWOutOctWraps,
cipSecPhase2GWOutUncompOctets,
cipSecPhase2GWOutUncompOctWraps,
cipSecPhase2GWOutPkts,
cipSecPhase2GWOutDrops,
cipSecPhase2GWOutAuths,
cipSecPhase2GWOutAuthFails,
cipSecPhase2GWOutEncrypts,
cipSecPhase2GWOutEncryptFails,
cipSecPhase2GWProtocolUseFails,
cipSecPhase2GWNoSaFails,
cipSecPhase2GWSysCapFails
}STATUScurrentDESCRIPTION""::={ cipSecMIBGroups 8}END