mib-jnx-js-ipsec-vpn.txt

-- *******************************************************************
-- Juniper Networks Security IPSEC VPN object mibs 
-- This Mib provides extension to JUNIPER-IPSEC-FLOW-MON_MIB.
--
-- Copyright (c) 2001-2007, Juniper Networks, Inc.
-- All rights reserved.
--
-- The contents of this document are subject to change without notice.
-- *******************************************************************

JUNIPER-JS-IPSEC-VPN-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        MODULE-IDENTITY, OBJECT-TYPE  
            FROM SNMPv2-SMI
        TEXTUAL-CONVENTION, DisplayString 
            FROM SNMPv2-TC
        jnxJsIPSecVpn 
            FROM JUNIPER-JS-SMI
        jnxIpSecTunnelMonEntry
            FROM JUNIPER-IPSEC-FLOW-MON-MIB;

    jnxJsIpSecVpnMib  MODULE-IDENTITY
        LAST-UPDATED "200705112153Z" --  May 11, 2007 
        ORGANIZATION "Juniper Networks, Inc."
        CONTACT-INFO
                "Juniper Technical Assistance Center
                      Juniper Networks, Inc.
                      1194 N. Mathilda Avenue
                      Sunnyvale, CA 94089
                      E-mail: support@juniper.net"
        DESCRIPTION
            "This module defines the object used to monitor the
             entries pertaining to IPSec objects and the management
             of the IPSEC VPN functionalities for Juniper security 
             product lines.  

             This mib module extend Juniper's common IPSEC flow monitoring
             MIB, building on the existing common infrastruature, the  
             security implementation integrates the value-added 
             features for the security products"
        REVISION "200704270000Z"
        DESCRIPTION 
            "Create the jnxJsIpSecTunnelTable as an augmented table 
             to the jnxIpSecTunnelMonTable in JUNIPER-IPSEC-FLOW-MON-MIB."
        ::= { jnxJsIPSecVpn 1 } 


    jnxJsIpSecVpnNotifications OBJECT IDENTIFIER ::= { jnxJsIpSecVpnMib 0 }
    jnxJsIpSecVpnPhaseOne      OBJECT IDENTIFIER ::= { jnxJsIpSecVpnMib 1 }
    jnxJsIpSecVpnPhaseTwo      OBJECT IDENTIFIER ::= { jnxJsIpSecVpnMib 2 }
   

    -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    -- TEXTURE CONVENTION 
    -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    JnxJsIpSecVpnType  ::= TEXTUAL-CONVENTION
         STATUS     current
         DESCRIPTION
             "The type of the remote peer gateway (endpoint). It can be one
             of the following two types:
               - policyBased : tunnels requires a policy with action 
                 'tunnel' to trigger IPSEC VPN.  The device receives traffic
                 and matches it with policy that has action 'tunnel', it 
                 performs the encryption/decryption and authentication options
                 negotiated for this VPN phase 2 negotiation.  
               - routeBased : requires a tunnel interface a route directing
                 traffic to protected networks to exit the system using that 
                 tunnel interface.  The tunnel interface is bound to a Phase 2
                 VPN configuration that specifies all the tunnel parameters.
             "
         SYNTAX INTEGER {
                   policyBased (1),
                   routeBased  (2)
         }  

   -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   -- The IPsec Phase-2 Tunnel Table
   -- 
   -- During this phase, IKE negotiates IPSEC SA parameters and setup 
   -- matching IPSEC SA in the peers.
   -- 
   -- Phase 2 VPN: tunnel peer connection, associated with a specific policy
   -- or a tunnel interface.  Phase 2 security association components include
   -- encryption and authentication algorithms, proxy-IDs and optional DH 
   -- group values.
   -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

     jnxJsIpSecTunnelTable OBJECT-TYPE
         SYNTAX SEQUENCE OF JnxJsIpSecTunnelEntry
         MAX-ACCESS     not-accessible
         STATUS         current
         DESCRIPTION
            "The IPsec Phase-2 Tunnel Table.
             There is one entry in this table for each active IPsec Phase-2 
             Tunnel.  If the tunnel is terminated, then the entry is no longer 
             available after the table has been refreshed. "
         ::= { jnxJsIpSecVpnPhaseTwo 1 }

     jnxJsIpSecTunnelEntry OBJECT-TYPE
         SYNTAX     JnxJsIpSecTunnelEntry
         MAX-ACCESS not-accessible
         STATUS     current
         DESCRIPTION
            "Each entry contains the attributes
             associated with an active IPsec Phase-2 Tunnel."
         AUGMENTS   { jnxIpSecTunnelMonEntry }  -- This table augments the
                                                -- jnxIpSecTunnelMonTable
         ::= { jnxJsIpSecTunnelTable 1 }

      JnxJsIpSecTunnelEntry ::= SEQUENCE {
         jnxJsIpSecTunPolicyName           DisplayString,
         jnxJsIpSecVpnTunType              JnxJsIpSecVpnType, 
         jnxJsIpSecTunCfgMonState          INTEGER, 
         jnxJsIpSecTunState                INTEGER 
      }                                                                                 

      jnxJsIpSecTunPolicyName   OBJECT-TYPE
         SYNTAX         DisplayString(SIZE(0..80)) 
         MAX-ACCESS     read-only 
         STATUS         current 
         DESCRIPTION
            "The policy name assoicated with this tunnel if the 
             this IPSEC VPN is policy based.  Otherwise, this attribute
             is not applicable."
         ::= { jnxJsIpSecTunnelEntry 1 }
        

      jnxJsIpSecVpnTunType OBJECT-TYPE
         SYNTAX     JnxJsIpSecVpnType
         MAX-ACCESS read-only               
         STATUS     current
         DESCRIPTION
            "This attribute indicates the IPSEC VPN tunnel is policy
             based or route based."
         ::= { jnxJsIpSecTunnelEntry 2 }


      jnxJsIpSecTunCfgMonState OBJECT-TYPE
         SYNTAX     INTEGER {
                           disable     (1),
                           enable      (2)
                    }
         MAX-ACCESS     read-only 
         STATUS         current 
         DESCRIPTION
            "The user configuration states whether to monitor the  
             IPSec tunnel to be alive or not. " 
         ::= { jnxJsIpSecTunnelEntry 3 }


        jnxJsIpSecTunState OBJECT-TYPE
         SYNTAX     INTEGER {
                         up     (1),
                         down   (2),
                         vpnMonitoringDisabled (3)
                    }
         MAX-ACCESS     read-only 
         STATUS         current 
         DESCRIPTION
            "This attribute indicates whether the IPSec Tunnel is up or
                 down, determined by icmp ping if the jnxJsIpSecTunCfgMonState
             is enable.  

             Down: VPN monitor detects the tunnel is down
             Up:   VPN monitor detects the tunnel is up.
             vpnMonitoringDisabled: user has disabled VPN tunnel monitoring." 
         ::= { jnxJsIpSecTunnelEntry 4 }

END
OID .1.3.6.1.4.1.2636.3.39.1.5.1OID .1.3.6.1.4.1.2636.3.39.1.5.1.0OID .1.3.6.1.4.1.2636.3.39.1.5.1.1OID .1.3.6.1.4.1.2636.3.39.1.5.1.2OID .1.3.6.1.4.1.2636.3.39.1.5.1.2.1OID .1.3.6.1.4.1.2636.3.39.1.5.1.2.1.1OID .1.3.6.1.4.1.2636.3.39.1.5.1.2.1.1.1OID .1.3.6.1.4.1.2636.3.39.1.5.1.2.1.1.2OID .1.3.6.1.4.1.2636.3.39.1.5.1.2.1.1.3OID .1.3.6.1.4.1.2636.3.39.1.5.1.2.1.1.4