-- *****************************************************************
-- CISCO-SSL-PROXY-MIB.my: Cisco Secure Socket Layer Proxy MIB file
--
-- June 2003, Fatima Yu
--
-- Copyright (c) 2008 by cisco Systems, Inc.
-- All rights reserved.
-- *****************************************************************CISCO-SSL-PROXY-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,Counter32,Gauge32,Integer32FROM SNMPv2-SMI
NOTIFICATION-GROUP,MODULE-COMPLIANCE,
OBJECT-GROUPFROM SNMPv2-CONF
SnmpAdminStringFROM SNMP-FRAMEWORK-MIB
CiscoPort
FROM CISCO-TC
TimeStamp,RowStatus,TruthValueFROM SNMPv2-TC
ciscoMgmt
FROM CISCO-SMI
InetAddressType,InetAddressFROM INET-ADDRESS-MIB;ciscoSslProxyMIB MODULE-IDENTITYLAST-UPDATED"200310270000Z"ORGANIZATION"Cisco Systems, Inc."CONTACT-INFO"Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-ssl@cisco.com"DESCRIPTION"This MIB module is for managing a Secure Socket Layer
(SSL) Proxy device which terminates and accelarates
SSL and Transport Layer Security (TLS) transactions.
The proxy device can act as a SSL server or a SSL client
depending on the configuration and the application.
In one application, the device acts as a proxy SSL
server. It terminates SSL handshakes and TCP connections
initiated by SSL clients. The device is configured with
a key and a certificate bearing the identity of the SSL
server. The device uses this identity to establish the
SSL session on behalf of the server, offloading the key
establishment and data encryption and decryption work.
After the SSL session has been successfully established
between the client and the proxy device, the device
starts to receive and decrypt the encrypted data sent
from the client and forward to the server. The device
forwards the clear data to the server on a backend
connection. Clear data sent from the server is encrypted
by the proxy device before it is forwarded to the SSL
client.
Optionally, the proxy device is configured to reencrypt
the decrypted data sent from the client to the server.
The proxy device acts as a SSL client to initiate a SSL
session to the server. The decrypted data is encrypted
within this SSL session to be forwarded to the server.
The encrypted data sent from the server to the device
is decrypted and then reencrypted before it is
forwarded to the client.
In another application, the proxy device forwards data
generated by one or more sources to the destination
via a SSL session. The proxy device acts as a SSL
client and intiates a SSL session to the next hop
device. When data is received from the source, the
proxy device forwards the data to the next hop using
the SSL session. The next hop can continue to forward
the data if it is not the destination.
The proxy device supports a number of proxy services.
Each proxy service defines the role of the proxy device,
whether it acts as a SSL server or a SSL client. The
rest of the configuration include cryptographic and
protocol parameters.
This MIB is used for monitoring the configuration,
statuses and statistics of the proxy services and
the protocols including TCP, SSL and TLS."REVISION"200310270000Z"DESCRIPTION"Initial version of this MIB module."::={ ciscoMgmt 370}-- Objects and groups in CISCO-SSL-PROXY-MIBcspMIBNotifications OBJECTIDENTIFIER::={ ciscoSslProxyMIB 0}cspMIBObjects OBJECTIDENTIFIER::={ ciscoSslProxyMIB 1}cspMIBConformance OBJECTIDENTIFIER::={ ciscoSslProxyMIB 2}-- Objects and groups in cspMIBObjectscspGlobalConfig OBJECTIDENTIFIER::={ cspMIBObjects 1}cspPsConfig OBJECTIDENTIFIER::={ cspMIBObjects 2}
cspPsPolicyConfig OBJECTIDENTIFIER::={ cspMIBObjects 3}cspPsKeyCertConfig OBJECTIDENTIFIER::={ cspMIBObjects 4}cspTcpPolicyConfig OBJECTIDENTIFIER::={ cspMIBObjects 5}cspSslPolicyConfig OBJECTIDENTIFIER::={ cspMIBObjects 6}cspTcpCountersInfo OBJECTIDENTIFIER::={ cspMIBObjects 7}cspTcpCounters OBJECTIDENTIFIER::={ cspMIBObjects 8}cspSslCountersInfo OBJECTIDENTIFIER::={ cspMIBObjects 9}cspSslCounters OBJECTIDENTIFIER::={ cspMIBObjects 10}cspSsl3Counters OBJECTIDENTIFIER::={ cspMIBObjects 11}cspTls1Counters OBJECTIDENTIFIER::={ cspMIBObjects 12}cspSslCryptoCounters OBJECTIDENTIFIER::={ cspMIBObjects 13}cspSslErrorCounters OBJECTIDENTIFIER::={ cspMIBObjects 14}cspPsCounters OBJECTIDENTIFIER
::={ cspMIBObjects 15}cspPsSsl3Counters OBJECTIDENTIFIER::={ cspMIBObjects 16}cspPsTls1Counters OBJECTIDENTIFIER::={ cspMIBObjects 17}cspCpuStatusInfo OBJECTIDENTIFIER::={ cspMIBObjects 18}-- The Global Configuration group
-- This group contains general configuration information
-- for the SSL proxy devicecspGcVersion OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..255))MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The version information of the SSL proxy device, for
display only."::={ cspGlobalConfig 1}cspGcFIPSMode OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"An indication of whether or not the proxy device is
operating in FIPS (Federal Information Processing
Standards) approved mode.
If 'true', the proxy device is operating in FIPS mode.
When the device operates in FIPS mode, only approved
cryptographic algorithms and key strengths are enabled.
Authentication and other security requirements of FIPS
will also be enforced in this mode."REFERENCE"Federal Information Processing Standards Publication
140-2, Security Requirements for Cryptographic Modules."::={ cspGlobalConfig 2}cspGcRSArc4128md5 OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"An indication of whether or not the proxy device
supports the cipher suite RSA_WITH_RC4_128_MD5.
If 'true', the cipher suite is supported."REFERENCE"1. RFC 2246, The TLS Protocol Version 1.0, A.5.
2. IETF Draft <draft-freier-ssl-version3-02.txt>,
The SSL Protocol Version 3.0, Appendix C."::={ cspGlobalConfig 3}cspGcRSArc4128sha OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"An indication of whether or not the proxy device
supports the cipher suite RSA_WITH_RC4_128_SHA.
If 'true', the cipher suite is supported."REFERENCE"1. RFC 2246, The TLS Protocol Version 1.0, A.5.
2. IETF Draft <draft-freier-ssl-version3-02.txt>,
The SSL Protocol Version 3.0, Appendix C."::={ cspGlobalConfig 4}cspGcRSAdescbcsha OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"An indication of whether or not the proxy device
supports the cipher suite RSA_WITH_DES_CBC_SHA.
If 'true', the cipher suite is supported."REFERENCE"1. RFC 2246, The TLS Protocol Version 1.0, A.5.
2. IETF Draft <draft-freier-ssl-version3-02.txt>,
The SSL Protocol Version 3.0, Appendix C."::={ cspGlobalConfig 5}
cspGcRSA3descbcsha OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"An indication of whether or not the proxy device
supports the cipher suite RSA_WITH_3DES_EDE_CBC_SHA.
If 'true', the cipher suite is supported."REFERENCE"1. RFC 2246, The TLS Protocol Version 1.0, A.5.
2. IETF Draft <draft-freier-ssl-version3-02.txt>,
The SSL Protocol Version 3.0, Appendix C."::={ cspGlobalConfig 6}cspGcNotifyProxyServOperStatus OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"An indication of whether or not a cspServOperStatus
notification should be issued when the operation
status of proxy services changes.
If such a notification is desired, it is the
responsibility of the management entity to ensure that
the SNMP administrative model is configured in such a
way as to allow the notification to be delivered."DEFVAL{ false }::={ cspGlobalConfig 7}cspGcNotifyPSCertExpiring OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"An indication of whether or not a cspServCertExpiring
notification should be issued when a proxy service
certificate will be expiring in the configured time
interval cspGcPSCertExpireInterval.
If such a notification is desired, it is the
responsibility of the management entity to ensure that
the SNMP administrative model is configured in such a
way as to allow the notification to be delivered."DEFVAL{ false }::={ cspGlobalConfig 8}cspGcPSCertExpireInterval OBJECT-TYPESYNTAXInteger32(0..720)UNITS"hours"MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The proxy service certificate expiration time interval,
used to determine when the cspServCertExpiring
notification should be issued if
cspGcNotifyPSCertExpiring is 'true'.
If this time interval is 0, no proxy service
certification expiration will be checked."DEFVAL{0}::={ cspGlobalConfig 9}-- The Proxy Service configuration entriescspPsTable OBJECT-TYPESYNTAXSEQUENCEOF CspPsEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of proxy service configuration entries."::={ cspPsConfig 1}cspPsEntry OBJECT-TYPESYNTAX CspPsEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The proxy service configuration entry.
Each entry indicates the name and the index of a proxy
service, and a set of configuration parameters to be
applied on this proxy service.
A unique name can be assigned to each proxy service.
Optionally, multiple proxy services can be grouped into
a proxy list. All the services in a list have the
same name, and each service is assigned a unique index
within the list.
Each proxy service has a virtual and a server address.
This entry reports the address and port configuration,
and the administrative and operational statuses of each
proxy service. If a service is not operational, the
reason for its being 'down' is also reported."INDEX{
cspPsName,
cspPsListIndex
}::={ cspPsTable 1}
CspPsEntry ::=SEQUENCE{
cspPsName SnmpAdminString,
cspPsListIndex Integer32,
cspPsServiceType INTEGER,
cspPsVirtualAddressType InetAddressType,
cspPsVirtualAddress InetAddress,
cspPsVirtualPort CiscoPort,
cspPsServerAddressType InetAddressType,
cspPsServerAddress InetAddress,
cspPsServerPort CiscoPort,
cspPsAdminStatus INTEGER,
cspPsOperStatus INTEGER,
cspPsOperDownReason INTEGER,
cspPsConfigRowStatus RowStatus}cspPsName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..50))MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The name of a proxy service. A unique name string
can be assigned to one proxy service or a list of
proxy services.
When the name is assigned to a list of proxy services,
each proxy service is identified by a unique index
within the list."::={ cspPsEntry 1}cspPsListIndex OBJECT-TYPESYNTAXInteger32(0..256)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The unique index of a proxy service within a list.
If the cspPsName string is assigned to a list of
proxy services, this index is used to identify
a proxy service within the list.
If the cspPsName string is unique per proxy service,
this index is not used, and the value shall be 0."::={ cspPsEntry 2}cspPsServiceType OBJECT-TYPESYNTAXINTEGER{server(1),-- Proxy is acting as SSL serverclient(2)-- Proxy is acting as SSL client}MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The type of proxy service: 'server(1)' or 'client(2)'.
When servicing a 'server' type proxy service, the proxy
device acts as a SSL server. It terminates the SSL
handshake initiated by a SSL client, and forwards the
data sent from the client to the destination.
When servicing a 'client' type proxy service, the proxy
device acts as a SSL client. It initiates a SSL
handshake to a SSL server, and forwards data sent from
one or more data sources to the SSL server."DEFVAL{ server }::={ cspPsEntry 3}
cspPsVirtualAddressType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-createSTATUScurrentDESCRIPTION"An indication of the type of address contained in
cspPsVirtualAddress."DEFVAL{ ipv4 }::={ cspPsEntry 4}cspPsVirtualAddress OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The virtual address. This address is used by the data
source to send data that can be received by the proxy
device and forwarded to the destination."::={ cspPsEntry 5}cspPsVirtualPort OBJECT-TYPESYNTAX CiscoPort
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The virtual TCP port number. This port number is used
by the data source to send data that can be received
by the proxy device and forwarded to the destination."::={ cspPsEntry 6}cspPsServerAddressType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-createSTATUScurrentDESCRIPTION"An indication of the type of address contained in
cspPsServerAddress."DEFVAL{ ipv4 }::={ cspPsEntry 7}cspPsServerAddress OBJECT-TYPE
SYNTAXInetAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The server address. This address is used by the proxy
device to send or forward data to the destination."::={ cspPsEntry 8}cspPsServerPort OBJECT-TYPESYNTAX CiscoPort
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The server TCP port number. This port number is used
by the proxy device to send or forward data to the
destination."::={ cspPsEntry 9}cspPsAdminStatus OBJECT-TYPESYNTAXINTEGER{up(1),down(2)}MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The administrative status of the proxy service.
Each proxy service can be configured to be
administratively 'up' or 'down'. If the Adminstrative
Status is 'down', the service will not be operational."DEFVAL{ down }::={ cspPsEntry 10}cspPsOperStatus OBJECT-TYPESYNTAXINTEGER{up(1),down(2)}
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The operational status of a proxy service. For a
proxy service to be operational, its administrative
status needs to be 'up'.
If the administrative status is 'up', the
operational status will be changed from 'down' to
'up' automatically once all the required configuration
parameters and resources, including necessary keys and
certificates, become available.
If one or more required resources are removed (e.g.
the certificate has expired), the operational status
will be changed to 'down' automatically."::={ cspPsEntry 11}cspPsOperDownReason OBJECT-TYPESYNTAXINTEGER{other(1),-- Other reasonnotApplicable(2),-- Not applicablenoConnectivity(3),-- No ConnectivitynoVirtualAddr(4),-- No Virtual AddressnoServerAddr(5),-- No Server AddressnoCert(6),-- NO CertificatecertNotConfigured(7)-- Certificate Not-- Configured}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The reason for the operational status to be 'down'.
Possible values are:
other(1) : Unknown or undefined reason,
notApplicable(2) : Administratively 'down',
noConnectivity(3) : No Connectivity to the client,
the server, or the gateway,
noVirtualAddr(4) : Virtual Address not configured,
noServerAddr(5) : Server Address not configured,
noCert(6) : Certificate configured, but
invalid or missing,
certNotConfigured(7): Certificate not configured."::={ cspPsEntry 12}cspPsConfigRowStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The conceptual row status of the proxy service
configuration entry.
An entry cannot have the status 'active' until values
have been assigned to the following objects:
cspPsVirtualAddress,
cspPsVirtualPort,
cspPsServerAddress and
cspPsServerPort.
This entry can be modified when the status is 'active'."::={ cspPsEntry 13}-- The Proxy Service Policy configuration entriescspPsPolicyTable OBJECT-TYPESYNTAXSEQUENCEOF CspPsPolicyEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of proxy service policy configuration entries."::={ cspPsPolicyConfig 1}cspPsPolicyEntry OBJECT-TYPESYNTAX CspPsPolicyEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The proxy service policy entry. Each proxy service
policy entry contains the name of each type of policy
configured for the proxy service.
A policy is a set of configuration parameters and rules
to observe for implementing a protocol or an operation.
One or more of the following policies can be configured
for a proxy service:
TCP protocol policy for virtual connections,
TCP protocol policy for server connections,
SSL protocol policy,
HTTP header insertion policy, and
URL rewrite policy."AUGMENTS{ cspPsEntry }::={ cspPsPolicyTable 1}
CspPsPolicyEntry ::=SEQUENCE{
cspPspVirTcpPolicyName SnmpAdminString,
cspPspSerTcpPolicyName SnmpAdminString,
cspPspSslPolicyName SnmpAdminString,
cspPspHttpHdrPolicyName SnmpAdminString,
cspPspUrlRewritePolicyName SnmpAdminString}cspPspVirTcpPolicyName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The name of the TCP protocol policy configured for
the virtual side connections. If no TCP policy is
configured, the name will be a NULL string."::={ cspPsPolicyEntry 1}cspPspSerTcpPolicyName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The name of the TCP protocol policy configured for
the server side connections. If no TCP policy is
configured, the name will be a NULL string."::={ cspPsPolicyEntry 2}cspPspSslPolicyName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The name of the SSL protocol policy configured for
the SSL handshake and data encryption and decryption.
If no SSL policy is configured, the name will be a NULL
string."::={ cspPsPolicyEntry 3}cspPspHttpHdrPolicyName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The name of the HTTP header insertion policy. A number
of fields can be inserted into the HTTP headers when
the proxy service is forwarding data. The policy
specifies the header insertion parameters. If no policy
is configured, the name will be a NULL string."::={ cspPsPolicyEntry 4}cspPspUrlRewritePolicyName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The name of the URL rewrite policy. The policy
specifies configuration parameters for rewriting URLs
in HTTP headers and payload. If no policy is configured,
the name will be a NULL string."::={ cspPsPolicyEntry 5}-- The Proxy Service Key and Certificate configuration entriescspPsKeyCertTable OBJECT-TYPESYNTAXSEQUENCEOF CspPsKeyCertEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of proxy service key and certificate
configuration entries."::={ cspPsKeyCertConfig 1}cspPsKeyCertEntry OBJECT-TYPESYNTAX CspPsKeyCertEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The proxy service key and certificate configuration
entry. This entry specifies the key usage, optionally
the trust point name, the certificate and the key file
names, the key size and time of generation or import,
and some important attributes of the certificate."INDEX{
cspPsName,
cspPsListIndex,
cspPskcKeyUsage
}::={ cspPsKeyCertTable 1}
CspPsKeyCertEntry ::=SEQUENCE{
cspPskcKeyUsage INTEGER,
cspPskcTrustPointName SnmpAdminString,
cspPskcCertFileName SnmpAdminString,
cspPskcKeyName SnmpAdminString,
cspPskcKeyFileName SnmpAdminString,
cspPskcKeySize INTEGER,
cspPskcKeyTime SnmpAdminString,
cspPskcCertStatus INTEGER,
cspPskcCertSubjName SnmpAdminString,
cspPskcCertSerialNum SnmpAdminString,
cspPskcIssuerName SnmpAdminString,
cspPskcIssuerCertSerialNum SnmpAdminString,
cspPskcCertStartDate SnmpAdminString,
cspPskcCertEndDate SnmpAdminString,
cspPskcConfigRowStatus RowStatus}cspPskcKeyUsage OBJECT-TYPESYNTAXINTEGER{rsaSigning(1),-- For signing onlyrsaEncryption(2),-- For encryption onlyrsaGeneralPurpose(3)-- For general purpose}MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An indication of the usage of a key assigned to a
proxy service. Each proxy service can be assigned one
or more keys.
The key can be used for signing only, for data
encryption and decryption only, or for general purpose
(that is, it can be used for both signing and data
encryption and decryption).
The following values are defined:
rsaSigning(1) : RSA key used for signing only,
rsaEncryption(2) : RSA key used for data encryption
and decryption only,
rsaGeneralPurpose(3): RSA key used for both signing and
data encryption and decryption."::={ cspPsKeyCertEntry 1}cspPskcTrustPointName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The name of a trust point assigned to the proxy
service. The trust point contains information that
can be used for certificate enrollment or for importing
keys and certificates.
A trust point may also contain identifying information
about keys and certificates, and the path and the
protocol to be used for the proxy device to
communicate with a Certificate Authority which
issues certificates for the proxy service.
If no trust point is assigned to the proxy service,
the name will be a NULL string."::={ cspPsKeyCertEntry 2}cspPskcCertFileName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The name of the file storing the certificate. If
there is no such file, the name will be a NULL string."::={ cspPsKeyCertEntry 3}cspPskcKeyName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The name of a key assigned to the proxy service.
If there is no key assigned, the name will be a NULL
string. If the key is stored in a file, the file name
may be used to identify the key, and this name will be
a NULL string."::={ cspPsKeyCertEntry 4}cspPskcKeyFileName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The name of the file storing the key. If there is no
such file, the name will be a NULL string."::={ cspPsKeyCertEntry 5}cspPskcKeySize OBJECT-TYPESYNTAXINTEGER{other(1),-- unspecified key sizersa512(2),-- 512-bit RSA keyrsa768(3),-- 768-bit RSA keyrsa1024(4),-- 1024-bit RSA keyrsa1536(5),-- 1536-bit RSA keyrsa2048(6)-- 2048-bit RSA key}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The size of the key.
The following modulus sizes are defined for RSA keys:
512-bit, 768-bit, 1024-bit, 1536-bit and 2048-bit."::={ cspPsKeyCertEntry 6}
cspPskcKeyTime OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..32))MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The time of generation of the key, if known. If the key
is imported to the proxy device, this time can indicate
the time of import if the time of generation is unknown.
If the time is not known, this will be a NULL string."::={ cspPsKeyCertEntry 7}cspPskcCertStatus OBJECT-TYPESYNTAXINTEGER{valid(1),-- within valid periodexpired(2),-- has passed the end daterollover(3)-- being renewed}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The status of the certificate that is used to publish
the public key.
The following values are defined:
Valid(1) : Certificate is valid,
Expired(2) : Certificate has expired,
Rolling Over(3): Certificate is being renewed.
Whether or not an expired certificate can be used for
the proxy service is implementation specific."REFERENCE"RFC 2459, Internet X.509 Public Key Infrastructure
Certificate and CRL Profile, Section 4.1.2.5 about
validity and Section 10 about key rollover"::={ cspPsKeyCertEntry 8}cspPskcCertSubjName OBJECT-TYPE
SYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The subject name of the certificate assigned to the
proxy service. If there is no subject name on the
certificate, this will be a NULL string."REFERENCE"RFC 2459, Internet X.509 Public Key Infrastructure
Certificate and CRL Profile, Section 4.1.2.6"::={ cspPsKeyCertEntry 9}cspPskcCertSerialNum OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The serial number of the certificate assigned to the
proxy service. If there is no serial number on the
certificate, this will be a NULL string."REFERENCE"RFC 2459, Internet X.509 Public Key Infrastructure
Certificate and CRL Profile, Section 4.1.2.2"::={ cspPsKeyCertEntry 10}cspPskcIssuerName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The issuer name of the certificate assigned to the
proxy service. If the issuer name of the certificate is
not known, this will be a NULL string."
REFERENCE"RFC 2459, Internet X.509 Public Key Infrastructure
Certificate and CRL Profile, Section 5.1.2.3"::={ cspPsKeyCertEntry 11}cspPskcIssuerCertSerialNum OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..255))MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The serial number of the issuer's certificate.
If the serial number of the issuer's certificate is not
known, this will be a NULL string."REFERENCE"RFC 2459, Internet X.509 Public Key Infrastructure
Certificate and CRL Profile, Section 4.1.2.2 and
Section 4.1.2.4"::={ cspPsKeyCertEntry 12}cspPskcCertStartDate OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..32))MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The time when the certificate starts to be valid,
corresponding to the notBefore time on the certificate."REFERENCE"RFC 2459, Internet X.509 Public Key Infrastructure
Certificate and CRL Profile, Section 4.1.2.5"::={ cspPsKeyCertEntry 13}cspPskcCertEndDate OBJECT-TYPESYNTAXSnmpAdminString(SIZE(0..32))MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The time when the certificate validity ends,
corresponding to the notAfter time on the certificate."REFERENCE"RFC 2459, Internet X.509 Public Key Infrastructure
Certificate and CRL Profile, Section 4.1.2.5"::={ cspPsKeyCertEntry 14}cspPskcConfigRowStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The conceptual row status of the proxy service key and
certificate configuration entry. This entry can be
modified when the status is 'active'."::={ cspPsKeyCertEntry 15}-- The TCP Policy configuration entriescspTcpPolicyTable OBJECT-TYPESYNTAXSEQUENCEOF CspTcpPolicyEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of TCP Policy entries"::={ cspTcpPolicyConfig 1}cspTcpPolicyEntry OBJECT-TYPESYNTAX CspTcpPolicyEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"TCP Policy configuration entry. Each entry defines
a set of TCP protocol parameters. A policy can be
applied to one or more proxy services."INDEX{ cspTpPolicyName }::={ cspTcpPolicyTable 1}
CspTcpPolicyEntry ::=SEQUENCE{
cspTpPolicyName SnmpAdminString,
cspTpSynTimeOut Integer32,
cspTpInActivityTimeOut Integer32,
cspTpNagleAlgo TruthValue,
cspTpFinWaitTimeOut Integer32,
cspTpReassemTimeOut Integer32,
cspTpRcvBufShrLim Integer32,
cspTpTransBufShrLim Integer32,
cspTpMss Integer32,
cspTpPathMtuDisc TruthValue,
cspTpConfigRowStatus RowStatus}cspTpPolicyName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..255))MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The unique name of a TCP policy."::={ cspTcpPolicyEntry 1}cspTpSynTimeOut OBJECT-TYPESYNTAXInteger32(0..3600)UNITS"seconds"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The TCP connection SYN timeout value. This is the
amount of time the SSL proxy waits before failing the
connection establishment attempt."DEFVAL{75}::={ cspTcpPolicyEntry 2}cspTpInActivityTimeOut OBJECT-TYPE
SYNTAXInteger32(0..3600)UNITS"seconds"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The TCP connection inactivity timeout value. This is
the amount of time the SSL proxy waits for the next
packet to arrive on a TCP connection, if no packet is
received within this period then the connection is
considered to be inactive and aborted."DEFVAL{600}::={ cspTcpPolicyEntry 3}cspTpNagleAlgo OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-createSTATUScurrentDESCRIPTION"If 'true', the Nagle Algorithm is enabled during the
SSL or TLS data phase to concatenate a number of small
messages to avoid sending small messages into the
network."REFERENCE"RFC 896, Congestion Control in IP/TCP Internetworks"::={ cspTcpPolicyEntry 4}cspTpFinWaitTimeOut OBJECT-TYPESYNTAXInteger32(0..3600)UNITS"seconds"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The TCP connection FIN-WAIT2 state timeout value.
This is the amount of time the SSL proxy waits
for a FIN from the peer after it has initiated close
and is in FIN-WAIT2 state."DEFVAL{75}::={ cspTcpPolicyEntry 5}cspTpReassemTimeOut OBJECT-TYPESYNTAXInteger32(0..3600)UNITS"seconds"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The TCP connection reassembly timeout value. This is
the amount of time the SSL proxy waits during the TCP
out of order traffic reassembly process for the next
expected in sequence segment to arrive."DEFVAL{600}::={ cspTcpPolicyEntry 6}cspTpRcvBufShrLim OBJECT-TYPESYNTAXInteger32(8192..262144)UNITS"bytes"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The receive buffer share limit per connection. This
is used by SSL proxy to calculate the maximum window
to advertise during the 3 way handshake, and is also
the maximum share of the receive buffer pool that
would be allocated for this connection."DEFVAL{32768}::={ cspTcpPolicyEntry 7}cspTpTransBufShrLim OBJECT-TYPESYNTAXInteger32(8192..262144)UNITS"bytes"
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The transmit buffer share limit per connection. This
is the maximum share of the send buffer pool that
would be allocated for this connection."DEFVAL{32768}::={ cspTcpPolicyEntry 8}cspTpMss OBJECT-TYPESYNTAXInteger32(256..1460)UNITS"bytes"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The TCP maximum segment size. This is the MSS value
offered by the SSL proxy during 3-way handshake"DEFVAL{1460}::={ cspTcpPolicyEntry 9}cspTpPathMtuDisc OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-createSTATUScurrentDESCRIPTION"If 'true', the Path MTU Discovery algorithm is
enabled."::={ cspTcpPolicyEntry 10}cspTpConfigRowStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The conceptual row status of the TCP policy
configuration entry. This entry can be modified when
the status is 'active'."::={ cspTcpPolicyEntry 11}
-- The SSL Policy configuration entriescspSslPolicyTable OBJECT-TYPESYNTAXSEQUENCEOF CspSslPolicyEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of SSL protocol policy configuration entries."::={ cspSslPolicyConfig 1}cspSslPolicyEntry OBJECT-TYPESYNTAX CspSslPolicyEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A SSL policy defines a set of cipher suites to be
supported, and the SSL or TLS protocol parameters.
Each policy can be assigned to one or more proxy
services.
If no SSL policy is assigned to a proxy service, all
supported cipher suites and all protocol versions
will be enabled by default."INDEX{ cspSpPolicyName }::={ cspSslPolicyTable 1}
CspSslPolicyEntry ::=SEQUENCE{
cspSpPolicyName SnmpAdminString,
cspSpRSArc4128md5 TruthValue,
cspSpRSArc4128sha TruthValue,
cspSpRSAdescbcsha TruthValue,
cspSpRSA3descbcsha TruthValue,
cspSpProtocol INTEGER,
cspSpCloseProtocol TruthValue,
cspSpSessionCache Integer32,
cspSpSessionTimeOut Integer32,
cspSpConfigRowStatus RowStatus}cspSpPolicyName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..255))
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The unique name of a SSL protocol policy."::={ cspSslPolicyEntry 1}cspSpRSArc4128md5 OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-createSTATUScurrentDESCRIPTION"An indication of whether or not the cipher suite
RSA_WITH_RC4_128_MD5 is configured. If 'true', the
cipher suite is configured."::={ cspSslPolicyEntry 2}cspSpRSArc4128sha OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-createSTATUScurrentDESCRIPTION"An indication of whether or not the cipher suite
RSA_WITH_RC4_128_SHA is configured. If 'true', the
cipher suite is configured."::={ cspSslPolicyEntry 3}cspSpRSAdescbcsha OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-createSTATUScurrentDESCRIPTION"An indication of whether or not the cipher suite
RSA_WITH_DES_CBC_SHA is configured. If 'true', the
cipher suite is configured."::={ cspSslPolicyEntry 4}cspSpRSA3descbcsha OBJECT-TYPESYNTAXTruthValue
MAX-ACCESSread-createSTATUScurrentDESCRIPTION"An indication of whether or not the cipher suite
RSA_WITH_3DES_EDE_CBC_SHA is configured. If 'true',
the cipher suite is configured."::={ cspSslPolicyEntry 5}cspSpProtocol OBJECT-TYPESYNTAXINTEGER{other(1),-- Other protocolssl3(2),-- SSL 3.0 protocoltls1(3),-- TLS 1.0 protocolssl3AndTls1(4)-- SSL 3.0 and TLS 1.0 protocols}MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The set of SSL and TLS protocols to be supported.
The following values are defined:
other(1) : An unspecified protocol,
SSL 3.0(2) : Support SSL 3.0 protocol only,
TLS 1.0(3) : Support TLS 1.0 protocol only,
ssl3AndTls1(3) : Support both SSL 3.0 and TLS 1.0"REFERENCE"1. RFC 2246, The TLS Protocol Version 1.0.
2. IETF Draft <draft-freier-ssl-version3-02.txt>,
The SSL Protocol Version 3.0"::={ cspSslPolicyEntry 6}cspSpCloseProtocol OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-createSTATUScurrentDESCRIPTION"An indication of whether or not the SSL close protocol
is enforced.
If 'true', the close protocol is enforced. A
close-notify alert message is sent to the peer, and a
close-notify alert message is expected from the peer.
If 'false', the close protocol is not enforced. The
proxy service sends a close-notify alert message to
the peer; however, the proxy service does not expect
a close-notify alert from the peer before tearing down
the session."DEFVAL{ false }::={ cspSslPolicyEntry 7}cspSpSessionCache OBJECT-TYPESYNTAXInteger32(1..262143)UNITS"bytes"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The SSL session cache size. The session cache is used
to store a number of most recently used session
identifiers.
Session identifiers can be reused if a new connection
requests to use a session identifier that is found in
the cache. This object specifies the maximum size of
the cache."::={ cspSslPolicyEntry 8}cspSpSessionTimeOut OBJECT-TYPESYNTAXInteger32(0..72000)UNITS"seconds"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The SSL session timeout value. The session entry
will be removed from the session cache after the
configured timeout. Once the session entry is
removed, subsequent connections cannot reuse the
session.
If this timeout value is 0, entries in the session
cache will not timeout."DEFVAL{0}::={ cspSslPolicyEntry 9}cspSpConfigRowStatus OBJECT-TYPESYNTAXRowStatusUNITS"seconds"MAX-ACCESSread-createSTATUScurrentDESCRIPTION"The row status of the SSL policy configuration entry.
This entry can be modified when the status is 'active'."::={ cspSslPolicyEntry 10}-- The TCP CounterscspTcpCountersClearTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The last time when the TCP counters were cleared.
If the proxy device does not allow these counters to be
cleared, the timestamp should have a value of zero."::={ cspTcpCountersInfo 1}-- The TCP Global Counter groupcspTcConnInit OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TCP connections initiated by the
proxy device."::={ cspTcpCounters 1}cspTcConnAccept OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The total number of TCP connections accepted by the
proxy device."::={ cspTcpCounters 2}cspTcConnEstab OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TCP connections established."::={ cspTcpCounters 3}cspTcConnDrop OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TCP connections dropped."::={ cspTcpCounters 4}cspTcConnClosed OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TCP connections closed."::={ cspTcpCounters 5}cspTcSynTimeOuts OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SYN timeouts."::={ cspTcpCounters 6}
cspTcIdleTimeOuts OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of idle timeouts."::={ cspTcpCounters 7}cspTcTotalPktSent OBJECT-TYPESYNTAXCounter32UNITS"number of packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TCP packets sent."::={ cspTcpCounters 8}cspTcDataPktSent OBJECT-TYPESYNTAXCounter32UNITS"number of packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TCP data packets sent."::={ cspTcpCounters 9}cspTcDataByteSent OBJECT-TYPESYNTAXCounter32UNITS"bytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total amount of data sent."::={ cspTcpCounters 10}cspTcTotalPktRcv OBJECT-TYPESYNTAXCounter32UNITS"number of packets"MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The total number of TCP packets received."::={ cspTcpCounters 11}cspTcPktRcvSeq OBJECT-TYPESYNTAXCounter32UNITS"number of packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TCP data packets received in
sequence."::={ cspTcpCounters 12}cspTcByteRcvSeq OBJECT-TYPESYNTAXCounter32UNITS"bytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total amount of data received in sequence."::={ cspTcpCounters 13}-- The SSL Counters
---- Last time the SSL counters were clearedcspSslCountersClearTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The last time when the SSL counters were cleared.
If the proxy device does not allow these counters to be
cleared, the timestamp should have a value of zero."::={ cspSslCountersInfo 1}-- The SSL Global Counters groupcspScConnAttempt OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The total number of SSL connections attempted."::={ cspSslCounters 1}cspScConnComplete OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL connections completed."::={ cspSslCounters 2}cspScConnInHandShake OBJECT-TYPESYNTAXGauge32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of SSL connections currently in handshake
phase."::={ cspSslCounters 3}cspScConnInDataPhase OBJECT-TYPESYNTAXGauge32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of SSL connections currently in data phase."::={ cspSslCounters 4}cspScRenegAttempt OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL renegotiations attempted."::={ cspSslCounters 5}
cspScConnInReneg OBJECT-TYPESYNTAXGauge32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of SSL connections currently in
renegotiation phase"::={ cspSslCounters 6}cspScActiveSessions OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of active SSL sessions. This number
indicates the number of valid session entries in
the session cache."::={ cspSslCounters 7}cspScMaxHandShakeConns OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This indicates the maximum number of connections
present in handshake phase at any point of time"::={ cspSslCounters 8}cspScCurrDeviceQLen OBJECT-TYPESYNTAXGauge32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The current device queue length. Indicates the number
of requests pending with the device."::={ cspSslCounters 9}cspScMaxDeviceQLen OBJECT-TYPESYNTAXGauge32
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The maximum device queue length recorded. Indicates
the maximum number of requests queued to the device
at any point of time."::={ cspSslCounters 10}cspScSessionReuses OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of session reuses. Indicates the number
of times the sessions got reused before the session
timer expired."::={ cspSslCounters 11}-- The SSL 3.0 Protocol Counters groupcspS3cFullHandShake OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of full SSL 3.0 handshakes completed."::={ cspSsl3Counters 1}cspS3cResumedHandShake OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 resumed handshakes
completed."::={ cspSsl3Counters 2}cspS3cHandShakeFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections failed in
handshake phase."::={ cspSsl3Counters 3}cspS3cDataFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 sessions failed in
data phase."::={ cspSsl3Counters 4}cspS3cBadMacRcvd OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of received SSL 3.0 records
which have bad MAC (Message Authentication Code)."::={ cspSsl3Counters 5}cspS3cPadErrors OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of received SSL 3.0 records
which have pad errors."::={ cspSsl3Counters 6}cspS3cRSArc4128md5 OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections which used
cipher suite RSA_WITH_RC4_128_MD5."::={ cspSsl3Counters 7}cspS3cRSArc4128sha OBJECT-TYPESYNTAXCounter32
UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections which used
cipher suite RSA_WITH_RC4_128_SHA."::={ cspSsl3Counters 8}cspS3cRSAdescbcsha OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections which used
cipher suite RSA_WITH_DES_CBC_SHA."::={ cspSsl3Counters 9}cspS3cRSA3desedecbcsha OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections which used
cipher suite RSA_WITH_3DES_EDE_CBC_SHA."::={ cspSsl3Counters 10}-- The TLS 1.0 Protocol Counters groupcspTlcFullHandShake OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of full TLS 1.0 handshakes completed."::={ cspTls1Counters 1}cspTlcResumedHandShake OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The total number of resumed TLS 1.0 handshakes
completed."::={ cspTls1Counters 2}cspTlcHandShakeFailed OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections failed in
handshake phase."::={ cspTls1Counters 3}cspTlcDataFailed OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections failed in
data phase."::={ cspTls1Counters 4}cspTlcBadMacRcvd OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of received TLS 1.0 records
which have bad MAC (Message Authentication Code."::={ cspTls1Counters 5}cspTlcPadErrors OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of received TLS 1.0 records
which have pad errors."::={ cspTls1Counters 6}cspTlcRSArc4128md5 OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections which used
the cipher suite RSA_WITH_RC4_128_MD5."::={ cspTls1Counters 7}cspTlcRSArc4128sha OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections which used
the cipher suite RSA_WITH_RC4_128_SHA."::={ cspTls1Counters 8}cspTlcRSAdescbcsha OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections which used
the cipher suite RSA_WITH_DES_CBC_SHA."::={ cspTls1Counters 9}cspTlcRSA3desedecbcsha OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections which used
the cipher suite RSA_WITH_3DES_EDE_CBC_SHA."::={ cspTls1Counters 10}-- The SSL Cryptographic Operations Counters groupcspSccBlksEncrypted OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of data blocks that got encrypted."::={ cspSslCryptoCounters 1}cspSccBlksDecrypted OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of data blocks that got decrypted."::={ cspSslCryptoCounters 2}cspSccBytesEncrypted OBJECT-TYPESYNTAXCounter32UNITS"bytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of bytes that got encrypted."::={ cspSslCryptoCounters 3}cspSccBytesDecrypted OBJECT-TYPESYNTAXCounter32UNITS"bytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of bytes that got decrypted."::={ cspSslCryptoCounters 4}cspSccPublicKeyOpers OBJECT-TYPE
SYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of RSA public key operations
performed."::={ cspSslCryptoCounters 5}cspSccPrivateKeyOpers OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of RSA private key operations
performed."::={ cspSslCryptoCounters 6}cspSccCryptoFails OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of failed cryptographic operations."::={ cspSslCryptoCounters 7}cspSccDmaErrors OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of cryptographic device DMA errors."::={ cspSslCryptoCounters 8}-- The SSL Error Counters groupcspSecSessAllocFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of times SSL session could not
be allocated."::={ cspSslErrorCounters 1}
cspSecSessLimitExceed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of times configured SSL session
limit got exceeded. The new connections will be
rejected if the session limit is exceeded."::={ cspSslErrorCounters 2}cspSecHShakeInitFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of times SSL connections failed
even before the handshake phase got started. This
typically indicates that there is some connectivity
problem with the server."::={ cspSslErrorCounters 3}cspSecRenegFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of times SSL renegotiation failed."::={ cspSslErrorCounters 4}cspSecFatalAlertsRcvd OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of fatal alerts received."REFERENCE"1. RFC 2246, The TLS Protocol Version 1.0, A.3.
2. IETF Draft <draft-freier-ssl-version3-02.txt>,
The SSL Protocol Version 3.0, A.3."::={ cspSslErrorCounters 5}
cspSecFatalAlertsSent OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of fatal alerts sent."REFERENCE"1. RFC 2246, The TLS Protocol Version 1.0, A.3.
2. IETF Draft <draft-freier-ssl-version3-02.txt>,
The SSL Protocol Version 3.0, A.3."::={ cspSslErrorCounters 6}cspSecNoCipherAlerts OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of ALERT_HANDSHAKE_FAIL alerts sent
due to unsupported cipher suites."REFERENCE"1. RFC 2246, The TLS Protocol Version 1.0, A.3.
2. IETF Draft <draft-freier-ssl-version3-02.txt>,
The SSL Protocol Version 3.0, A.3."::={ cspSslErrorCounters 7}cspSecVerMismatchAlerts OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of ALERT_PROTOCOL_VERSION alerts
sent due to unsupported version number."REFERENCE"1. RFC 2246, The TLS Protocol Version 1.0, A.3.
2. IETF Draft <draft-freier-ssl-version3-02.txt>,
The SSL Protocol Version 3.0, A.3."::={ cspSslErrorCounters 8}cspSecNoComprsnAlerts OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The total number of ALERT_HANDSHAKE_FAIL alerts sent
due to unsupported compression scheme."REFERENCE"1. RFC 2246, The TLS Protocol Version 1.0, A.3.
2. IETF Draft <draft-freier-ssl-version3-02.txt>,
The SSL Protocol Version 3.0, A.3."::={ cspSslErrorCounters 9}cspSecHShakeHndleMemFail OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of handshake handle memory allocation
failure."::={ cspSslErrorCounters 10}cspSecStalePakDrop OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of stale packets dropped. Indicates
the number of packets received after the SSL connection
is torn down."::={ cspSslErrorCounters 11}cspSecServiceIdDiscard OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of connections rejected because of
invalid service identifiers."::={ cspSslErrorCounters 12}cspSecHShakeLimitExceed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The total number of times simultaneous handshake
connection exceeded the capacity. The new connections
will be rejected if the total number of simultaneous
handshake connections exceeds the limit."::={ cspSslErrorCounters 13}cspSecDevConnCtxtFail OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of times device context could not
be allocated."::={ cspSslErrorCounters 14}cspSecMemAllocFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of times memory allocation failed."::={ cspSslErrorCounters 15}cspSecBuffAllocFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of times buffer allocation failed."::={ cspSslErrorCounters 16}cspSecAlertSendFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of failure to send alerts. This is
typically because of the memory allocation failure."::={ cspSslErrorCounters 17}
cspSecOverloadDropped OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of connections rejected because
of overload conditions. This indicates that the
incoming rate is higher than what can be handled."::={ cspSslErrorCounters 18}cspSecConnAborted OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL connections aborted."::={ cspSslErrorCounters 19}-- The Proxy Service Counters
---- The Proxy Service Global Counter tablecspPsCountersTable OBJECT-TYPESYNTAXSEQUENCEOF CspPsCounterEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of proxy service global counter entries"::={ cspPsCounters 1}cspPsCounterEntry OBJECT-TYPESYNTAX CspPsCounterEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The proxy service global counter entry. Each entry
displays the global SSL counters collected for a proxy
service."INDEX{
cspPsName,
cspPsListIndex
}::={ cspPsCountersTable 1}
CspPsCounterEntry ::=SEQUENCE{
cspPscClearTime TimeStamp,
cspPscConnAttempt Counter32,
cspPscConnComplete Counter32,
cspPscFullHandShake Counter32,
cspPscResumedHandShake Counter32,
cspPscConnInHandShake Gauge32,
cspPscConnInDataPhase Gauge32,
cspPscRenegAttempt Counter32,
cspPscConnInReneg Gauge32,
cspPscBlksEncrypted Counter32,
cspPscBlksDecrypted Counter32,
cspPscBytesEncrypted Counter32,
cspPscBytesDecrypted Counter32,
cspPscValidSessions Counter32,
cspPscSessLimitExceed Counter32,
cspPscHandShakeFailed Counter32,
cspPscDataFailed Counter32,
cspPscFatalAlertsRcvd Counter32,
cspPscFatalAlertsSent Counter32,
cspPscBadMacRcvd Counter32,
cspPscPadErrors Counter32,
cspPscNoCipherAlerts Counter32,
cspPscNoComprsnAlerts Counter32,
cspPscVerMismatchAlerts Counter32}cspPscClearTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The last time when counters in this entry were
cleared.
If the proxy device does not allow these counters to be
cleared, the timestamp should have a value of zero."::={ cspPsCounterEntry 1}cspPscConnAttempt OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL connections attempted."::={ cspPsCounterEntry 2}cspPscConnComplete OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL connections completed."::={ cspPsCounterEntry 3}cspPscFullHandShake OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of full handshakes completed."::={ cspPsCounterEntry 4}cspPscResumedHandShake OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of resumed handshakes completed."::={ cspPsCounterEntry 5}
cspPscConnInHandShake OBJECT-TYPESYNTAXGauge32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections currently in handshake
phase."::={ cspPsCounterEntry 6}cspPscConnInDataPhase OBJECT-TYPESYNTAXGauge32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections currently in data phase."::={ cspPsCounterEntry 7}cspPscRenegAttempt OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL renegotiations attempted."::={ cspPsCounterEntry 8}cspPscConnInReneg OBJECT-TYPESYNTAXGauge32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections currently in renegotiation
phase."::={ cspPsCounterEntry 9}cspPscBlksEncrypted OBJECT-TYPESYNTAXCounter32
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of data blocks that got encrypted."::={ cspPsCounterEntry 10}cspPscBlksDecrypted OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of data blocks that got decrypted."::={ cspPsCounterEntry 11}cspPscBytesEncrypted OBJECT-TYPESYNTAXCounter32UNITS"bytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of bytes that got encrypted."::={ cspPsCounterEntry 12}cspPscBytesDecrypted OBJECT-TYPESYNTAXCounter32UNITS"bytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of bytes that got decrypted."::={ cspPsCounterEntry 13}cspPscValidSessions OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of current valid sessions in the
session cache."::={ cspPsCounterEntry 14}cspPscSessLimitExceed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of times configured SSL session
limit got exceeded. The new connections will be
rejected if the session limit is exceeded."::={ cspPsCounterEntry 15}cspPscHandShakeFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of times SSL connections failed
in handshake phase."::={ cspPsCounterEntry 16}cspPscDataFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of times SSL connections failed
in data phase."::={ cspPsCounterEntry 17}cspPscFatalAlertsRcvd OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of fatal alerts received."::={ cspPsCounterEntry 18}cspPscFatalAlertsSent OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The total number of fatal alerts sent."::={ cspPsCounterEntry 19}cspPscBadMacRcvd OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of received SSL records which
have bad MAC (Message Authentication Code)."::={ cspPsCounterEntry 20}cspPscPadErrors OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of received SSL records which
have pad errors."::={ cspPsCounterEntry 21}cspPscNoCipherAlerts OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of alerts sent due to unsupported
cipher suites."::={ cspPsCounterEntry 22}cspPscNoComprsnAlerts OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of alerts sent due to unsupported
compression scheme."::={ cspPsCounterEntry 23}cspPscVerMismatchAlerts OBJECT-TYPE
SYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of alerts sent due to unsupported
SSL or TLS version."::={ cspPsCounterEntry 24}-- The Proxy Service SSL 3.0 Protocol CounterscspPsSsl3CountersTable OBJECT-TYPESYNTAXSEQUENCEOF CspPsSsl3CounterEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of proxy service SSL 3.0 counter entries."::={ cspPsSsl3Counters 1}cspPsSsl3CounterEntry OBJECT-TYPESYNTAX CspPsSsl3CounterEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The proxy service SSL 3.0 counter entry. This entry
reports the counters collected about the SSL 3.0
protocol for each proxy service."INDEX{
cspPsName,
cspPsListIndex
}::={ cspPsSsl3CountersTable 1}
CspPsSsl3CounterEntry ::=SEQUENCE{
cspPs3cClearTime TimeStamp,
cspPs3cFullHandShake Counter32,
cspPs3cResumedHandShake Counter32,
cspPs3cHandShakeFailed Counter32,
cspPs3cDataFailed Counter32,
cspPs3cBadMacRcvd Counter32,
cspPs3cPadErrors Counter32,
cspPs3cRSArc4128md5 Counter32,
cspPs3cRSArc4128sha Counter32,
cspPs3cRSAdescbcsha Counter32,
cspPs3cRSA3desedecbcsha Counter32}cspPs3cClearTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The last time when counters in this entry were cleared.
If the proxy device does not allow these counters to be
cleared, the timestamp should have the value of zero."::={ cspPsSsl3CounterEntry 1}cspPs3cFullHandShake OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 full handshakes completed."::={ cspPsSsl3CounterEntry 2}cspPs3cResumedHandShake OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 resumed handshakes
completed."::={ cspPsSsl3CounterEntry 3}cspPs3cHandShakeFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections failed in
handshake phase."::={ cspPsSsl3CounterEntry 4}cspPs3cDataFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections failed in
data phase."::={ cspPsSsl3CounterEntry 5}cspPs3cBadMacRcvd OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of received SSL 3.0 records
which have bad MAC (Message Authentication Code)."::={ cspPsSsl3CounterEntry 6}cspPs3cPadErrors OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of received SSL 3.0 records
which have pad errors."::={ cspPsSsl3CounterEntry 7}cspPs3cRSArc4128md5 OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections that used the
cipher suite RSA_WITH_RC4_128_MD5."::={ cspPsSsl3CounterEntry 8}cspPs3cRSArc4128sha OBJECT-TYPESYNTAXCounter32
UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections that used the
cipher suite RSA_WITH_RC4_128_SHA."::={ cspPsSsl3CounterEntry 9}cspPs3cRSAdescbcsha OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections that used the
cipher suite RSA_WITH_DES_CBC_SHA."::={ cspPsSsl3CounterEntry 10}cspPs3cRSA3desedecbcsha OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of SSL 3.0 connections that used the
cipher suite RSA_WITH_3DES_EDE_CBC_SHA."::={ cspPsSsl3CounterEntry 11}-- The Proxy Service TLS 1.0 Protocol CounterscspPsTls1CountersTable OBJECT-TYPESYNTAXSEQUENCEOF CspPsTls1CounterEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of proxy service TLS 1.0 counter entries."::={ cspPsTls1Counters 1}cspPsTls1CounterEntry OBJECT-TYPE
SYNTAX CspPsTls1CounterEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The proxy service TLS 1.0 counter entry. This entry
displays counters collected about the TLS 1.0 protocol
for each proxy service."INDEX{
cspPsName,
cspPsListIndex
}::={ cspPsTls1CountersTable 1}
CspPsTls1CounterEntry ::=SEQUENCE{
cspPt1cClearTime TimeStamp,
cspPt1cFullHandShake Counter32,
cspPt1cResumedHandShake Counter32,
cspPt1cHandShakeFailed Counter32,
cspPt1cDataFailed Counter32,
cspPt1cBadMacRcvd Counter32,
cspPt1cPadErrors Counter32,
cspPt1cRSArc4128md5 Counter32,
cspPt1cRSArc4128sha Counter32,
cspPt1cRSAdescbcsha Counter32,
cspPt1cRSA3desedecbcsha Counter32}cspPt1cClearTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The last time when counters in this entry were cleared.
If the proxy device does not allow these counters to be
cleared, the timestamp should have a value of zero."::={ cspPsTls1CounterEntry 1}cspPt1cFullHandShake OBJECT-TYPESYNTAXCounter32
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 full handshakes completed."::={ cspPsTls1CounterEntry 2}cspPt1cResumedHandShake OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 resumed handshakes
completed."::={ cspPsTls1CounterEntry 3}cspPt1cHandShakeFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections failed in
handshake phase."::={ cspPsTls1CounterEntry 4}cspPt1cDataFailed OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections failed in
data phase."::={ cspPsTls1CounterEntry 5}cspPt1cBadMacRcvd OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of received TLS 1.0 records
which have bad MAC (Message Authentication Code)."::={ cspPsTls1CounterEntry 6}
cspPt1cPadErrors OBJECT-TYPESYNTAXCounter32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of received TLS 1.0 records
which have pad errors."::={ cspPsTls1CounterEntry 7}cspPt1cRSArc4128md5 OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections that used the
cipher suite RSA_WITH_RC4_128_MD5."::={ cspPsTls1CounterEntry 8}cspPt1cRSArc4128sha OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections that used the
cipher suite RSA_WITH_RC4_128_SHA."::={ cspPsTls1CounterEntry 9}cspPt1cRSAdescbcsha OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections that used the
cipher suite RSA_WITH_DES_CBC_SHA."::={ cspPsTls1CounterEntry 10}cspPt1cRSA3desedecbcsha OBJECT-TYPESYNTAXCounter32UNITS"number of connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of TLS 1.0 connections that used the
cipher suite RSA_WITH_3DES_EDE_CBC_SHA."::={ cspPsTls1CounterEntry 11}-- The CPU Status InformationcspCpuStatusTable OBJECT-TYPESYNTAXSEQUENCEOF CspCpuStatusEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A list of CPU status information entries."::={ cspCpuStatusInfo 1}cspCpuStatusEntry OBJECT-TYPESYNTAX CspCpuStatusEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The CPU status information entry. Each entry displays
the operational status and usage information about one
CPU on the proxy device. A proxy device can have one
or more CPU's."INDEX{ cspCpuName }::={ cspCpuStatusTable 1}
CspCpuStatusEntry ::=SEQUENCE{
cspCpuName SnmpAdminString,
cspCpuStatus INTEGER,
cspCpuClearTime TimeStamp,
cspCpuProcessUtil Gauge32,
cspCpuInterruptUtil Gauge32,
cspCpuProcessUtilIn5Sec Gauge32,
cspCpuProcessUtilIn1Min Gauge32,
cspCpuProcessUtilIn5Min Gauge32,
cspCpuInterruptUtilIn5Sec Gauge32,
cspCpuInterruptUtilIn1Min Gauge32,
cspCpuInterruptUtilIn5Min Gauge32}cspCpuName OBJECT-TYPESYNTAXSnmpAdminString(SIZE(1..20))MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The unique name of a CPU on the proxy device."::={ cspCpuStatusEntry 1}cspCpuStatus OBJECT-TYPESYNTAXINTEGER{up(1),down(2)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The operational status of the CPU."::={ cspCpuStatusEntry 2}cspCpuClearTime OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The last time when the CPU counters were cleared.
If the proxy device does not allow these counters to be
cleared, the timestamp should have a value of zero."::={ cspCpuStatusEntry 3}
cspCpuProcessUtil OBJECT-TYPESYNTAXGauge32UNITS"percentage"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The percentage of CPU time utilized at process level."::={ cspCpuStatusEntry 4}cspCpuInterruptUtil OBJECT-TYPESYNTAXGauge32UNITS"percentage"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The percentage of CPU time utilized at interrupt
level."::={ cspCpuStatusEntry 5}cspCpuProcessUtilIn5Sec OBJECT-TYPESYNTAXGauge32UNITS"percentage"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The percentage of CPU time utilized at process level
within the past five seconds."::={ cspCpuStatusEntry 6}cspCpuProcessUtilIn1Min OBJECT-TYPESYNTAXGauge32UNITS"percentage"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The percentage of CPU time utilized at process level
within the past minute."::={ cspCpuStatusEntry 7}cspCpuProcessUtilIn5Min OBJECT-TYPE
SYNTAXGauge32UNITS"percentage"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The percentage of CPU time utilized at process level
within the past five minutes."::={ cspCpuStatusEntry 8}cspCpuInterruptUtilIn5Sec OBJECT-TYPESYNTAXGauge32UNITS"percentage"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The percentage of CPU time utilized at interrupt level
within the past five seconds."::={ cspCpuStatusEntry 9}cspCpuInterruptUtilIn1Min OBJECT-TYPESYNTAXGauge32UNITS"percentage"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The percentage of CPU time utilized at interrupt level
within the past minute."::={ cspCpuStatusEntry 10}cspCpuInterruptUtilIn5Min OBJECT-TYPESYNTAXGauge32UNITS"percentage"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The percentage of CPU time utilized at interrupt level
within the past five minutes."::={ cspCpuStatusEntry 11}-- Notification Group
cspServOperStatus NOTIFICATION-TYPEOBJECTS{
cspPsOperStatus,
cspPsOperDownReason
}STATUScurrentDESCRIPTION"The proxy service operation status change notification.
When the Operation Status of a proxy service changes,
and cspGcNotifyProxyServOperStatus is 'true',
a notification will be issued. The notification
contains the current operation status and the down
reason of the proxy service."::={ cspMIBNotifications 1}cspServCertExpiring NOTIFICATION-TYPEOBJECTS{
cspPskcCertSubjName,
cspPskcCertSerialNum,
cspPskcIssuerName,
cspPskcIssuerCertSerialNum,
cspPskcCertEndDate
}STATUScurrentDESCRIPTION"The proxy service certificate expiring notification.
If the time interval cspGcPSCertExpireInterval is
positive, and cspGcNotifyPSCertExpiring is 'true', a
notification will be issued for every proxy service
certificate that will be expiring within this time
interval.
This notification is issued only once for each of
these certificates. If the interval is changed from a
positive value to 0, the proxy device will clear its
memory of notification issued in the past, and stop
issuing new notification.
The notification contains the subject name, the
serial number and the issuer name of the certificate,
the serial number of the issuer's certificate,
and the end date on the certificate."::={ cspMIBNotifications 2}-- Conformance GroupcspMIBCompliances OBJECTIDENTIFIER::={ cspMIBConformance 1}
cspMIBGroups OBJECTIDENTIFIER::={ cspMIBConformance 2}cspMIBCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for entities which
implement the Cisco SSL Proxy MIB."MODULE-- this moduleMANDATORY-GROUPS{
cspGlobalConfigGroup,
cspProxyServiceConfigGroup,
cspSslGroup,
cspSsl3Group,
cspTls1Group
}GROUP cspPolicyConfigGroup
DESCRIPTION"This group is not mandatory."GROUP cspTcpGroup
DESCRIPTION"This group is not mandatory."GROUP cspSslCryptoGroup
DESCRIPTION"This group is not mandatory."GROUP cspSslErrorGroup
DESCRIPTION"This group is not mandatory."GROUP cspProxyServiceStatsGroup
DESCRIPTION"This group is not mandatory."GROUP cspProxyServiceSsl3Group
DESCRIPTION"This group is not mandatory."GROUP cspProxyServiceTls1Group
DESCRIPTION"This group is not mandatory."GROUP cspCpuStatusGroup
DESCRIPTION"This group is not mandatory."GROUP cspProxyServiceNotificationGroup
DESCRIPTION"This group is not mandatory."OBJECT cspGcFIPSMode
MIN-ACCESSread-only
DESCRIPTION"Write access is not required."OBJECT cspGcNotifyProxyServOperStatus
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT cspGcNotifyPSCertExpiring
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT cspGcPSCertExpireInterval
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT cspPsServiceType
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPsVirtualAddressType
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPsVirtualAddress
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPsVirtualPort
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPsServerAddressType
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPsServerAddress
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPsServerPort
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPsAdminStatus
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPsConfigRowStatus
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPspVirTcpPolicyName
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPspSerTcpPolicyName
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPspSslPolicyName
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPspHttpHdrPolicyName
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPspUrlRewritePolicyName
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPskcTrustPointName
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPskcCertFileName
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPskcKeyName
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspPskcKeyFileName
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."
OBJECT cspPskcConfigRowStatus
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspTpSynTimeOut
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspTpInActivityTimeOut
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspTpNagleAlgo
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspTpFinWaitTimeOut
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspTpReassemTimeOut
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspTpRcvBufShrLim
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspTpTransBufShrLim
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspTpMss
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspTpPathMtuDisc
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspTpConfigRowStatus
MIN-ACCESSread-onlyDESCRIPTION
"Create/Write access is not required."OBJECT cspSpRSArc4128md5
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspSpRSArc4128sha
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspSpRSAdescbcsha
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspSpRSA3descbcsha
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspSpProtocol
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspSpCloseProtocol
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspSpSessionCache
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspSpSessionTimeOut
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."OBJECT cspSpConfigRowStatus
MIN-ACCESSread-onlyDESCRIPTION"Create/Write access is not required."::={ cspMIBCompliances 1}-- Units of ConformancecspGlobalConfigGroup OBJECT-GROUPOBJECTS{
cspGcVersion,
cspGcFIPSMode,
cspGcRSArc4128md5,
cspGcRSArc4128sha,
cspGcRSAdescbcsha,
cspGcRSA3descbcsha,
cspGcNotifyProxyServOperStatus,
cspGcNotifyPSCertExpiring,
cspGcPSCertExpireInterval
}STATUScurrentDESCRIPTION"A collection of global configuration objects."::={ cspMIBGroups 1}cspProxyServiceConfigGroup OBJECT-GROUPOBJECTS{
cspPsServiceType,
cspPsVirtualAddressType,
cspPsVirtualAddress,
cspPsVirtualPort,
cspPsServerAddressType,
cspPsServerAddress,
cspPsServerPort,
cspPsAdminStatus,
cspPsOperStatus,
cspPsOperDownReason,
cspPsConfigRowStatus,
cspPspVirTcpPolicyName,
cspPspSerTcpPolicyName,
cspPspSslPolicyName,
cspPspHttpHdrPolicyName,
cspPspUrlRewritePolicyName,
cspPskcTrustPointName,
cspPskcCertFileName,
cspPskcKeyName,
cspPskcKeyFileName,
cspPskcKeySize,
cspPskcKeyTime,
cspPskcCertStatus,
cspPskcCertSubjName,
cspPskcCertSerialNum,
cspPskcIssuerName,
cspPskcIssuerCertSerialNum,
cspPskcCertStartDate,
cspPskcCertEndDate,
cspPskcConfigRowStatus
}STATUScurrentDESCRIPTION"A collection of configuration objects for a proxy
service."::={ cspMIBGroups 2}cspPolicyConfigGroup OBJECT-GROUPOBJECTS{
cspTpSynTimeOut,
cspTpInActivityTimeOut,
cspTpNagleAlgo,
cspTpFinWaitTimeOut,
cspTpReassemTimeOut,
cspTpRcvBufShrLim,
cspTpTransBufShrLim,
cspTpMss,
cspTpPathMtuDisc,
cspTpConfigRowStatus,
cspSpRSArc4128md5,
cspSpRSArc4128sha,
cspSpRSAdescbcsha,
cspSpRSA3descbcsha,
cspSpProtocol,
cspSpCloseProtocol,
cspSpSessionCache,
cspSpSessionTimeOut,
cspSpConfigRowStatus
}STATUScurrentDESCRIPTION"A collection of configuration objects for a policy."::={ cspMIBGroups 3}cspTcpGroup OBJECT-GROUPOBJECTS{
cspTcpCountersClearTime,
cspTcConnInit,
cspTcConnAccept,
cspTcConnEstab,
cspTcConnDrop,
cspTcConnClosed,
cspTcSynTimeOuts,
cspTcIdleTimeOuts,
cspTcTotalPktSent,
cspTcDataPktSent,
cspTcDataByteSent,
cspTcTotalPktRcv,
cspTcPktRcvSeq,
cspTcByteRcvSeq
}STATUScurrentDESCRIPTION"A collection of TCP protocol objects."::={ cspMIBGroups 4}cspSslGroup OBJECT-GROUPOBJECTS{
cspSslCountersClearTime,
cspScConnAttempt,
cspScConnComplete,
cspScConnInHandShake,
cspScConnInDataPhase,
cspScRenegAttempt,
cspScConnInReneg,
cspScActiveSessions,
cspScMaxHandShakeConns,
cspScCurrDeviceQLen,
cspScMaxDeviceQLen,
cspScSessionReuses
}STATUScurrentDESCRIPTION"A collection of SSL handshake protocol statistics."::={ cspMIBGroups 5}cspSsl3Group OBJECT-GROUPOBJECTS{
cspS3cFullHandShake,
cspS3cResumedHandShake,
cspS3cHandShakeFailed,
cspS3cDataFailed,
cspS3cBadMacRcvd,
cspS3cPadErrors,
cspS3cRSArc4128md5,
cspS3cRSArc4128sha,
cspS3cRSAdescbcsha,
cspS3cRSA3desedecbcsha
}STATUScurrentDESCRIPTION"A collection of SSL 3.0 protocol statistics."::={ cspMIBGroups 6}cspTls1Group OBJECT-GROUPOBJECTS{
cspTlcFullHandShake,
cspTlcResumedHandShake,
cspTlcHandShakeFailed,
cspTlcDataFailed,
cspTlcBadMacRcvd,
cspTlcPadErrors,
cspTlcRSArc4128md5,
cspTlcRSArc4128sha,
cspTlcRSAdescbcsha,
cspTlcRSA3desedecbcsha
}STATUScurrentDESCRIPTION"A collection of TLS 1.0 protocol statistics."::={ cspMIBGroups 7}cspSslCryptoGroup OBJECT-GROUPOBJECTS{
cspSccBlksEncrypted,
cspSccBlksDecrypted,
cspSccBytesEncrypted,
cspSccBytesDecrypted,
cspSccPublicKeyOpers,
cspSccPrivateKeyOpers,
cspSccCryptoFails,
cspSccDmaErrors
}STATUScurrentDESCRIPTION"A collection of cryptographic statistics."::={ cspMIBGroups 8}cspSslErrorGroup OBJECT-GROUPOBJECTS{
cspSecSessAllocFailed,
cspSecSessLimitExceed,
cspSecHShakeInitFailed,
cspSecRenegFailed,
cspSecFatalAlertsRcvd,
cspSecFatalAlertsSent,
cspSecNoCipherAlerts,
cspSecVerMismatchAlerts,
cspSecNoComprsnAlerts,
cspSecHShakeHndleMemFail,
cspSecStalePakDrop,
cspSecServiceIdDiscard,
cspSecHShakeLimitExceed,
cspSecDevConnCtxtFail,
cspSecMemAllocFailed,
cspSecBuffAllocFailed,
cspSecAlertSendFailed,
cspSecOverloadDropped,
cspSecConnAborted
}STATUScurrentDESCRIPTION"A collection of SSL protocol error counters."::={ cspMIBGroups 9}cspProxyServiceStatsGroup OBJECT-GROUPOBJECTS{
cspPscClearTime,
cspPscConnAttempt,
cspPscConnComplete,
cspPscFullHandShake,
cspPscResumedHandShake,
cspPscConnInHandShake,
cspPscConnInDataPhase,
cspPscRenegAttempt,
cspPscConnInReneg,
cspPscBlksEncrypted,
cspPscBlksDecrypted,
cspPscBytesEncrypted,
cspPscBytesDecrypted,
cspPscValidSessions,
cspPscSessLimitExceed,
cspPscHandShakeFailed,
cspPscDataFailed,
cspPscFatalAlertsRcvd,
cspPscFatalAlertsSent,
cspPscBadMacRcvd,
cspPscPadErrors,
cspPscNoCipherAlerts,
cspPscNoComprsnAlerts,
cspPscVerMismatchAlerts
}STATUScurrentDESCRIPTION"A collection of proxy service statistics."::={ cspMIBGroups 10}cspProxyServiceSsl3Group OBJECT-GROUPOBJECTS{
cspPs3cClearTime,
cspPs3cFullHandShake,
cspPs3cResumedHandShake,
cspPs3cHandShakeFailed,
cspPs3cDataFailed,
cspPs3cBadMacRcvd,
cspPs3cPadErrors,
cspPs3cRSArc4128md5,
cspPs3cRSArc4128sha,
cspPs3cRSAdescbcsha,
cspPs3cRSA3desedecbcsha
}STATUScurrentDESCRIPTION"A collection of SSL 3.0 statistics for a proxy
service."::={ cspMIBGroups 11}cspProxyServiceTls1Group OBJECT-GROUPOBJECTS{
cspPt1cClearTime,
cspPt1cFullHandShake,
cspPt1cResumedHandShake,
cspPt1cHandShakeFailed,
cspPt1cDataFailed,
cspPt1cBadMacRcvd,
cspPt1cPadErrors,
cspPt1cRSArc4128md5,
cspPt1cRSArc4128sha,
cspPt1cRSAdescbcsha,
cspPt1cRSA3desedecbcsha
}STATUScurrentDESCRIPTION"A collection of TLS 1.0 statistics for a proxy
service."::={ cspMIBGroups 12}cspCpuStatusGroup OBJECT-GROUPOBJECTS{
cspCpuStatus,
cspCpuClearTime,
cspCpuProcessUtil,
cspCpuInterruptUtil,
cspCpuProcessUtilIn5Sec,
cspCpuProcessUtilIn1Min,
cspCpuProcessUtilIn5Min,
cspCpuInterruptUtilIn5Sec,
cspCpuInterruptUtilIn1Min,
cspCpuInterruptUtilIn5Min
}STATUScurrentDESCRIPTION"A collection of statuses and usage information about
each CPU on the SSL proxy device."::={ cspMIBGroups 13}cspProxyServiceNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS{
cspServOperStatus,
cspServCertExpiring
}STATUScurrentDESCRIPTION"A collection of notifications for signaling important
proxy service events."::={ cspMIBGroups 14}END