JNX-IPSEC-MONITOR-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,Counter32,Counter64,Integer32,Unsigned32FROM SNMPv2-SMI
InetAddress,InetAddressTypeFROM INET-ADDRESS-MIB
TEXTUAL-CONVENTION,DisplayString,TimeIntervalFROM SNMPv2-TC
jnxMibs
FROM JUNIPER-SMI
jnxSpSvcSetName
FROM JUNIPER-SP-MIB;
jnxIpSecMonitorMIB MODULE-IDENTITYLAST-UPDATED"200508312153Z"-- 2005 UTCORGANIZATION"Juniper Networks, Inc."CONTACT-INFO"Juniper Technical Assistance Center
Juniper Networks, Inc.
1194 N. Mathilda Avenue
Sunnyvale, CA 94089
E-mail: support@juniper.net"DESCRIPTION" "REVISION"200508312153Z"DESCRIPTION"Initial version implements only the following
tables:
- IKE tunnel table
- IPSec tunnel table
- IPSec security associations table
"::={ jnxMibs 22}-- +++++++++++++++++++++++++++++++++++++++++++++++++++-- Local Textual Conventions-- +++++++++++++++++++++++++++++++++++++++++++++++++++JnxIkePeerType ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The type of IPsec Phase-1 IKE peer identity.
The IKE peer may be identified by one of the
ID types defined in IPSEC DOI."SYNTAXINTEGER{
unknown(0),idIpv4Addr(1),idFqdn(2),idDn(3)}JnxIkeNegoMode ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The IPsec Phase-1 IKE negotiation mode."SYNTAXINTEGER{main(1),aggressive(2)}JnxIkeHashAlgo ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The hash algorithm used in IPsec Phase-1
IKE negotiations."SYNTAXINTEGER{md5(1),sha(2)}JnxIkeAuthMethod ::=TEXTUAL-CONVENTION
STATUScurrentDESCRIPTION"The authentication method used in IPsec Phase-1 IKE
negotiations."SYNTAXINTEGER{preSharedKey(1),dssSignature(2),rsaSignature(3),rsaEncryption(4),revRsaEncryption(5)}JnxIkePeerRole ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"Role of the local endpoint in negotiating the IPsec Phase-1 IKE
security association. It can be either Initiator or Responder."SYNTAXINTEGER{initiator(1),responder(2)}JnxIkeNegState ::=TEXTUAL-CONVENTIONSTATUScurrent
DESCRIPTION"State of the Phase-1 IKE negotiation."SYNTAXINTEGER{matured(1),notmatured(2)}JnxDiffHellmanGrp ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The Diffie Hellman Group used in negotiations.
modp768 -- 768-bit MODP
modp1024 -- 1024-bit MODP
"SYNTAXINTEGER{unknown(0),modp768(1),modp1024(2)}JnxKeyType ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The type of key used by an IPsec Phase-2 Tunnel."SYNTAXINTEGER{unknown(0),
keyIke(1),keyManual(2)}JnxEncapMode ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The encapsulation mode used by an IPsec Phase-2
Tunnel."SYNTAXINTEGER{unknown(0),tunnel(1),transport(2)}JnxEncryptAlgo ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The encryption algorithm used in negotiations."SYNTAXINTEGER{espDes(1),esp3des(2),espNull(3)}JnxSpi ::=TEXTUAL-CONVENTION
STATUScurrentDESCRIPTION"The type of the SPI associated with IPsec Phase-2 security
associations."SYNTAXUnsigned32(256..4294967295)-- Umesh SYNTAX INTEGER (256..4294967295)JnxAuthAlgo ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The authentication algorithm used by a
security association of an IPsec Phase-2 Tunnel."SYNTAXINTEGER{unknown(0),hmacMd5(2),hmacSha(3)}JnxRemotePeerType ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"The type of the remote peer gateway (endpoint). It can be one
of the following two types:
- static (Remote peer whose IP address is known beforehand)
- dynamic (Remote peer whose IP address is not known
beforehand)"SYNTAXINTEGER{unknown(0),static(1),dynamic(2)}JnxSAType ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"SA Type manual or dynamic"SYNTAXINTEGER{unknown(0),manual(1),dynamic(2)}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- IPsec MIB Object Groups---- This MIB module contains the following groups:-- 1) IPsec Levels Group-- 2) IPsec Phase-1 Group-- 3) IPsec Phase-2 Group-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++jnxIpSecMIBObjects OBJECTIDENTIFIER::={jnxIpSecMonitorMIB 1}
jnxIpSecLevels OBJECTIDENTIFIER::={ jnxIpSecMIBObjects 1}jnxIpSecPhaseOne OBJECTIDENTIFIER::={ jnxIpSecMIBObjects 2}jnxIpSecPhaseTwo OBJECTIDENTIFIER::={ jnxIpSecMIBObjects 3}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- IPsec Levels Group---- This group consists of a:-- 1) IPsec MIB Level-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++jnxIpSecMibLevel OBJECT-TYPESYNTAXInteger32(1..4096)MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The version of the IPsec MIB."::={ jnxIpSecLevels 1}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Internet Key Exchange Tunnel Table-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++jnxIkeTunnelTable OBJECT-TYPESYNTAXSEQUENCEOF JnxIkeTunnelEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-1 Internet Key Exchange Tunnel Table.
There is one entry in this table for each active IPsec
Phase-1 IKE Tunnel."::={ jnxIpSecPhaseOne 1}jnxIkeTunnelEntry OBJECT-TYPESYNTAX JnxIkeTunnelEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes associated with
an active IPsec Phase-1 IKE Tunnel."INDEX{ jnxSpSvcSetName,-- From the jnxSpSvcSetTable
jnxIkeTunRemoteGwAddrType,
jnxIkeTunRemoteGwAddr,
jnxIkeTunIndex }::={ jnxIkeTunnelTable 1}
JnxIkeTunnelEntry ::=SEQUENCE{
jnxIkeTunIndex Integer32,
jnxIkeTunLocalRole JnxIkePeerRole,
jnxIkeTunNegState JnxIkeNegState,
jnxIkeTunInitiatorCookie DisplayString,
jnxIkeTunResponderCookie DisplayString,
jnxIkeTunLocalIdType JnxIkePeerType,
jnxIkeTunLocalIdValue DisplayString,
jnxIkeTunLocalGwAddrType InetAddressType,
jnxIkeTunLocalGwAddr InetAddress,
jnxIkeTunLocalCertName DisplayString,
jnxIkeTunRemoteIdType JnxIkePeerType,
jnxIkeTunRemoteIdValue DisplayString,
jnxIkeTunRemoteGwAddrType InetAddressType,
jnxIkeTunRemoteGwAddr InetAddress,
jnxIkeTunNegoMode JnxIkeNegoMode,
jnxIkeTunDiffHellmanGrp JnxDiffHellmanGrp,
jnxIkeTunEncryptAlgo JnxEncryptAlgo,
jnxIkeTunHashAlgo JnxIkeHashAlgo,
jnxIkeTunAuthMethod JnxIkeAuthMethod,
jnxIkeTunLifeTime Integer32,
jnxIkeTunActiveTime TimeInterval,
jnxIkeTunInOctets Counter64,
jnxIkeTunInPkts Counter32,
jnxIkeTunOutOctets Counter64,
jnxIkeTunOutPkts Counter32}jnxIkeTunIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The index of the IPsec Phase-1 IKE Tunnel Table.
The value of the index is a number which begins
at one and is incremented with each tunnel that
is created. The value of this object will
wrap at 2,147,483,647."::={ jnxIkeTunnelEntry 1}jnxIkeTunLocalRole OBJECT-TYPESYNTAX JnxIkePeerRole
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The role of local peer identity. The Role of
the local peer can be:
1. initiator.
2. or responder."::={ jnxIkeTunnelEntry 2}
jnxIkeTunNegState OBJECT-TYPESYNTAX JnxIkeNegState
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The state of the current negotiation , It can be
1. matured
2. not matured "::={ jnxIkeTunnelEntry 3}jnxIkeTunInitiatorCookie OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Cookie as generated by the peer that initiated the IKE Phase-1
negotiation. This cookie is carried in the ISAKMP header."::={ jnxIkeTunnelEntry 4}jnxIkeTunResponderCookie OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Cookie as generated by the peer responding to the IKE Phase-1
negotiation initiated by the remote peer. This cookie is carried
in the ISAKMP header."::={ jnxIkeTunnelEntry 5}
jnxIkeTunLocalIdType OBJECT-TYPESYNTAX JnxIkePeerType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of local peer identity. The local
peer may be identified by:
1. an IP address, or
2. or a fully qualified domain name string.
3. or a distinguished name string."::={ jnxIkeTunnelEntry 6}jnxIkeTunLocalIdValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the local peer identity.
If the local peer type is an IP Address, then this
is the IP Address used to identify the local peer.
If the local peer type is id_fqdn, then this is
the FQDN of the remote peer.
If the local peer type is a id_dn, then this is
the distinguished name string of the local peer."::={ jnxIkeTunnelEntry 7}jnxIkeTunLocalGwAddrType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-only
STATUScurrentDESCRIPTION"The IP address type of the local endpoint (gateway) for the IPsec
Phase-1 IKE Tunnel."::={ jnxIkeTunnelEntry 8}jnxIkeTunLocalGwAddr OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the local endpoint (gateway) for the IPsec
Phase-1 IKE Tunnel."::={ jnxIkeTunnelEntry 9}jnxIkeTunLocalCertName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Name of the certificate used for authentication of the local
tunnel endpoint. This object will have some valid value only
if negotiated IKE authentication method is other than pre-saherd
key. If the IKE negotiation do not use certificate based
authentication method, then the value of this object will be a
NULL string."::={ jnxIkeTunnelEntry 10}
jnxIkeTunRemoteIdType OBJECT-TYPESYNTAX JnxIkePeerType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of remote peer identity.
The remote peer may be identified by:
1. an IP address, or
2. or a fully qualified domain name string.
3. or a distinguished name string."::={ jnxIkeTunnelEntry 11}jnxIkeTunRemoteIdValue OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the remote peer identity.
If the remote peer type is an IP Address, then this
is the IP Address used to identify the remote peer.
If the remote peer type is id_fqdn, then this is
the FQDN of the remote peer.
If the remote peer type is a id_dn, then this is
the distinguished named string of the remote peer."::={ jnxIkeTunnelEntry 12}jnxIkeTunRemoteGwAddrType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The IP address type of the remote gateway (endpoint) for the IPsec
Phase-1 IKE Tunnel."::={ jnxIkeTunnelEntry 13}jnxIkeTunRemoteGwAddr OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the remote gateway (endpoint) for the IPsec
Phase-1 IKE Tunnel."::={ jnxIkeTunnelEntry 14}jnxIkeTunNegoMode OBJECT-TYPESYNTAX JnxIkeNegoMode
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiation mode of the IPsec Phase-1 IKE Tunnel."::={ jnxIkeTunnelEntry 15}jnxIkeTunDiffHellmanGrp OBJECT-TYPESYNTAX JnxDiffHellmanGrp
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The Diffie Hellman Group used in IPsec Phase-1 IKE
negotiations."::={ jnxIkeTunnelEntry 16}jnxIkeTunEncryptAlgo OBJECT-TYPESYNTAX JnxEncryptAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encryption algorithm used in IPsec Phase-1 IKE
negotiations."::={ jnxIkeTunnelEntry 17}jnxIkeTunHashAlgo OBJECT-TYPESYNTAX JnxIkeHashAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The hash algorithm used in IPsec Phase-1 IKE
negotiations."::={ jnxIkeTunnelEntry 18}jnxIkeTunAuthMethod OBJECT-TYPESYNTAX JnxIkeAuthMethod
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The authentication method used in IPsec Phase-1 IKE
negotiations."::={ jnxIkeTunnelEntry 19}jnxIkeTunLifeTime OBJECT-TYPE
SYNTAXInteger32(1..2147483647)UNITS"seconds"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
in seconds."::={ jnxIkeTunnelEntry 20}jnxIkeTunActiveTime OBJECT-TYPESYNTAXTimeIntervalMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The length of time the IPsec Phase-1 IKE tunnel has been
active in hundredths of seconds."::={ jnxIkeTunnelEntry 21}jnxIkeTunInOctets OBJECT-TYPESYNTAXCounter64UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets received by
this IPsec Phase-1 IKE security association."
::={ jnxIkeTunnelEntry 22}jnxIkeTunInPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets received by
this IPsec Phase-1 IKE security association."::={ jnxIkeTunnelEntry 23}jnxIkeTunOutOctets OBJECT-TYPESYNTAXCounter64UNITS"Octets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of octets sent by this IPsec Phase-1
IKE security association."::={ jnxIkeTunnelEntry 24}jnxIkeTunOutPkts OBJECT-TYPESYNTAXCounter32UNITS"Packets"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The total number of packets sent by this IPsec Phase-1
IKE security association."::={ jnxIkeTunnelEntry 25}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- The IPsec Phase-2 Tunnel Table-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++jnxIpSecTunnelTable OBJECT-TYPESYNTAXSEQUENCEOF JnxIpSecTunnelEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-2 Tunnel Table.
There is one entry in this table for
each active IPsec Phase-2 Tunnel."::={ jnxIpSecPhaseTwo 1}jnxIpSecTunnelEntry OBJECT-TYPESYNTAX JnxIpSecTunnelEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes
associated with an active IPsec Phase-2 Tunnel."INDEX{jnxSpSvcSetName,-- From the jnxSpSvcSetTable
jnxIpSecTunRemoteGwAddrType,
jnxIpSecTunRemoteGwAddr,
jnxIpSecTunIndex }::={ jnxIpSecTunnelTable 1}
JnxIpSecTunnelEntry ::=SEQUENCE{
jnxIpSecTunIndex Integer32,
jnxIpSecRuleName DisplayString,
jnxIpSecTermName DisplayString,
jnxIpSecTunLocalGwAddrType InetAddressType,
jnxIpSecTunLocalGwAddr InetAddress,
jnxIpSecTunRemoteGwAddrType InetAddressType,
jnxIpSecTunRemoteGwAddr InetAddress,
jnxIpSecTunLocalProxyId DisplayString,
jnxIpSecTunRemoteProxyId DisplayString,
jnxIpSecTunKeyType JnxKeyType,
jnxIpSecRemotePeerType JnxRemotePeerType,
jnxIpSecTunMtu Integer32,
jnxIpSecTunOutEncryptedBytes Counter64,
jnxIpSecTunOutEncryptedPkts Counter64,
jnxIpSecTunInDecryptedBytes Counter64,
jnxIpSecTunInDecryptedPkts Counter64,
jnxIpsSecTunAHInBytes Counter64,
jnxIpsSecTunAHInPkts Counter64,
jnxIpsSecTunAHOutBytes Counter64,
jnxIpsSecTunAHOutPkts Counter64,
jnxIpSecTunReplayDropPkts Counter64,
jnxIpSecTunAhAuthFails Counter64,
jnxIpSecTunEspAuthFails Counter64,
jnxIpSecTunDecryptFails Counter64,
jnxIpSecTunBadHeaders Counter64,
jnxIpSecTunBadTrailers Counter64,
jnxIpSecTunDroppedPkts Counter64}jnxIpSecTunIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The index of the IPsec Phase-2 Tunnel Table.
The value of the index is a number which begins
at one and is incremented with each tunnel that
is created. The value of this object will wrap
at 2,147,483,647."::={ jnxIpSecTunnelEntry 1}
jnxIpSecRuleName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Name of the rule configured in IPSec configuration."::={ jnxIpSecTunnelEntry 2}jnxIpSecTermName OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Name of the term configured under IPSec rule."::={ jnxIpSecTunnelEntry 3}jnxIpSecTunLocalGwAddrType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address type of the local gateway (endpoint) for the IPsec
Phase-2 Tunnel."::={ jnxIpSecTunnelEntry 4}jnxIpSecTunLocalGwAddr OBJECT-TYPE
SYNTAXInetAddressMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the local gateway (endpoint) for the IPsec
Phase-2 Tunnel."::={ jnxIpSecTunnelEntry 5}jnxIpSecTunRemoteGwAddrType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address type of the remote gateway (endpoint) for the IPsec
Phase-2 Tunnel."::={ jnxIpSecTunnelEntry 6}jnxIpSecTunRemoteGwAddr OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The IP address of the remote gateway (endpoint) for the IPsec
Phase-2 Tunnel."::={ jnxIpSecTunnelEntry 7}jnxIpSecTunLocalProxyId OBJECT-TYPESYNTAXDisplayString
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Identifier for the local end."::={ jnxIpSecTunnelEntry 8}jnxIpSecTunRemoteProxyId OBJECT-TYPESYNTAXDisplayStringMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Identifier for the remote end."::={ jnxIpSecTunnelEntry 9}jnxIpSecTunKeyType OBJECT-TYPESYNTAX JnxKeyType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of key used by the IPsec Phase-2 Tunnel. It can be
one of the following two types:
- IKE negotiated
- Manually installed"::={ jnxIpSecTunnelEntry 10}jnxIpSecRemotePeerType OBJECT-TYPESYNTAX JnxRemotePeerType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The type of the remote peer gateway (endpoint). It can be one
of the following two types:
- static (Remote peer whose IP address is known beforehand)
- dynamic (Remote peer whose IP address is not known
beforehand)"::={ jnxIpSecTunnelEntry 11}jnxIpSecTunMtu OBJECT-TYPESYNTAXInteger32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"MTU value of this Phase-2 tunnel."::={ jnxIpSecTunnelEntry 12}jnxIpSecTunOutEncryptedBytes OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of bytes encrypted by this Phase-2 tunnel."::={ jnxIpSecTunnelEntry 13}jnxIpSecTunOutEncryptedPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of packets encrypted by this Phase-2 tunnel."::={ jnxIpSecTunnelEntry 14}jnxIpSecTunInDecryptedBytes OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of bytes decrypted by this Phase-2 tunnel."::={ jnxIpSecTunnelEntry 15}jnxIpSecTunInDecryptedPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of packets decrypted by this Phase-2 tunnel."::={ jnxIpSecTunnelEntry 16}jnxIpsSecTunAHInBytes OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION
"Number of incoming bytes authenticated using AH by this Phase-2
tunnel."::={ jnxIpSecTunnelEntry 17}jnxIpsSecTunAHInPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of incoming packets authenticated using AH by this Phase-2
tunnel."::={ jnxIpSecTunnelEntry 18}jnxIpsSecTunAHOutBytes OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of outgoing bytes applied AH by this Phase-2 tunnel."::={ jnxIpSecTunnelEntry 19}jnxIpsSecTunAHOutPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of outgoing packets applied AH by this Phase-2 tunnel."
::={ jnxIpSecTunnelEntry 20}jnxIpSecTunReplayDropPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of packets dropped by this Phase-2 tunnel due to
anti replay check failure."::={ jnxIpSecTunnelEntry 21}jnxIpSecTunAhAuthFails OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of packets received by this Phase-2 tunnel that
failed AH authentication."::={ jnxIpSecTunnelEntry 22}jnxIpSecTunEspAuthFails OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of packets received by this Phase-2 tunnel that
failed ESP authentication."
::={ jnxIpSecTunnelEntry 23}jnxIpSecTunDecryptFails OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of packets received by this Phase-2 tunnel that
failed decryption."::={ jnxIpSecTunnelEntry 24}jnxIpSecTunBadHeaders OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of packets received by this Phase-2 tunnel that
failed due to bad headers."::={ jnxIpSecTunnelEntry 25}jnxIpSecTunBadTrailers OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of packets received by this Phase-2 tunnel that
failed due to bad ESP trailers."
::={ jnxIpSecTunnelEntry 26}jnxIpSecTunDroppedPkts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Total number of dropped packets for this Phase-2 tunnel."::={ jnxIpSecTunnelEntry 27}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- The IPsec Phase-2 Security Association Table-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++jnxIpSecSaTable OBJECT-TYPESYNTAXSEQUENCEOF JnxIpSecSaEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The IPsec Phase-2 Security Association Table.
This table identifies the structure (in terms of
component SAs) of each active Phase-2 IPsec tunnel.
This table contains an entry for each active and
expiring security association and maps each entry
in the active Phase-2 tunnel table (ipSecTunTable)
into a number of entries in this table. The index of this
table reflects the
<destination-address, protocol, spi>
rule for identifying Security Associations."::={ jnxIpSecPhaseTwo 2}jnxIpSecSaEntry OBJECT-TYPESYNTAX JnxIpSecSaEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the attributes associated with
active and expiring IPsec Phase-2
security associations."INDEX{ jnxSpSvcSetName,-- From jnxSpSvcSetTable
jnxIpSecTunRemoteGwAddrType,-- From ipSecTunnelTable
jnxIpSecTunRemoteGwAddr,-- From ipSecTunnelTable
jnxIpSecTunIndex,-- From ipSecTunnelTable
jnxIpSecSaIndex }::={ jnxIpSecSaTable 1}
JnxIpSecSaEntry ::=SEQUENCE{
jnxIpSecSaProtocol INTEGER,
jnxIpSecSaIndex Integer32,
jnxIpSecSaInSpi JnxSpi,
jnxIpSecSaOutSpi JnxSpi,
jnxIpSecSaInAuxSpi JnxSpi,
jnxIpSecSaOutAuxSpi JnxSpi,
jnxIpSecSaType JnxSAType,
jnxIpSecSaEncapMode JnxEncapMode,
jnxIpSecSaLifeSize Integer32,
jnxIpSecSaLifeTime Integer32,
jnxIpSecSaActiveTime TimeInterval,
jnxIpSecSaLifeSizeThreshold Integer32,
jnxIpSecSaLifeTimeThreshold Integer32,
jnxIpSecSaEncryptAlgo JnxEncryptAlgo,
jnxIpSecSaAuthAlgo JnxAuthAlgo,
jnxIpSecSaState INTEGER}jnxIpSecSaProtocol OBJECT-TYPESYNTAXINTEGER{ah(1),esp(2)}MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The index, represents the security protocol (AH, ESP or
IPComp) for which this security association was setup."::={ jnxIpSecSaEntry 1}
jnxIpSecSaIndex OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The index, in the context of the IPsec tunnel ipSecTunIndex,
of the security association represented by this table entry.
The value of this index is a number which begins at one and
is incremented with each SPI associated with an IPsec Phase-2
Tunnel. The value of this object will wrap at 2,147,483,647."::={ jnxIpSecSaEntry 2}jnxIpSecSaInSpi OBJECT-TYPESYNTAX JnxSpi
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the incoming SPI."::={ jnxIpSecSaEntry 3}jnxIpSecSaOutSpi OBJECT-TYPESYNTAX JnxSpi
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the outgoing SPI."
::={ jnxIpSecSaEntry 4}jnxIpSecSaInAuxSpi OBJECT-TYPESYNTAX JnxSpi
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the incoming auxiliary SPI. This is valid for AH
and ESP bundles."::={ jnxIpSecSaEntry 5}jnxIpSecSaOutAuxSpi OBJECT-TYPESYNTAX JnxSpi
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value of the outgoing auxiliary SPI. This is valid for AH
and ESP bundles."::={ jnxIpSecSaEntry 6}jnxIpSecSaType OBJECT-TYPESYNTAX JnxSAType
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This field represents the type of security associations
which can be either manual or dynamic"::={ jnxIpSecSaEntry 7}
jnxIpSecSaEncapMode OBJECT-TYPESYNTAX JnxEncapMode
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encapsulation mode used by an IPsec Phase-2 Tunnel. "::={ jnxIpSecSaEntry 8}jnxIpSecSaLifeSize OBJECT-TYPESYNTAXInteger32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. "::={ jnxIpSecSaEntry 9}jnxIpSecSaLifeTime OBJECT-TYPESYNTAXInteger32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. "::={ jnxIpSecSaEntry 10}jnxIpSecSaActiveTime OBJECT-TYPESYNTAXTimeIntervalMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The length of time the IPsec Phase-2 Tunnel has been active in seconds. "::={ jnxIpSecSaEntry 11}jnxIpSecSaLifeSizeThreshold OBJECT-TYPESYNTAXInteger32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The security association LifeSize refresh threshold in kilobytes. "::={ jnxIpSecSaEntry 12}jnxIpSecSaLifeTimeThreshold OBJECT-TYPESYNTAXInteger32MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The security association LifeTime refresh threshold in seconds. "::={ jnxIpSecSaEntry 13}jnxIpSecSaEncryptAlgo OBJECT-TYPESYNTAX JnxEncryptAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The Encryption algorithm used to encrypt
the packets which can be either es-cbc or 3des-cbc. "::={ jnxIpSecSaEntry 14}jnxIpSecSaAuthAlgo OBJECT-TYPESYNTAX JnxAuthAlgo
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The algorithm used for authentication of packets which
can be hmac-md5-96 or hmac-sha1-96"::={ jnxIpSecSaEntry 15}jnxIpSecSaState OBJECT-TYPESYNTAXINTEGER{unknown(0),active(1),expiring(2)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This column represents the status of the security association
represented by this table entry. If the status of the SA is
'active', the SA is ready for active use. The status
'expiring' represents any of the various states that the
security association transitions through before being purged."::={ jnxIpSecSaEntry 16}END