-- These MIBs were created on 05/27/2001
-- This module defines enterprise MIBs for NAT
--
-- Copyright (c) 1999-2004, Juniper Networks, Inc.
-- All rights reserved.
---- MODULE-IDENTITY
-- OrgName
-- Juniper Networks, Inc.
-- ContactInfo
-- Customer Support
--
-- 1194 North Mathilda Avenue
-- Sunnyvale, California 94089-1206
-- USA
--
-- Tel: 1-800-638-8296
-- E-mail: customerservice@juniper.net
-- HTTP://www.juniper.net"
--
-- Descr
-- This module defines the managed objects for Netscreen NAT
--
-- Last modified date: 03/03/2005
-- Added dip pool utilization attribute
--
-- Last modified date: 05/03/2004
-- Modified copyright and contact info
--
-- change VIP configuration per physical interface
-- Last modified date: 6/3/2003
--NETSCREEN-NAT-MIB DEFINITIONS::=BEGIN
IMPORTSDisplayStringFROM RFC1213-MIB
netscreenNAT FROM NETSCREEN-SMI;nsNatMipTable OBJECT-TYPESYNTAXSEQUENCEOF NsNatMipEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"Mapped IP(MIP) is a direct one-to-one maping of traffic destined
for one IP address ot another IP address. On NetScreen device,
MIP addresses for tunnel and untrusted interfaces can be created."::={ netscreenNAT 1}nsNatMipEntry OBJECT-TYPESYNTAX NsNatMipEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"An entry containing attributes of a mip address"INDEX{ nsNatMipIndex }::={ nsNatMipTable 1}
NsNatMipEntry ::=SEQUENCE{
nsNatMipIndex
INTEGER,
nsNatMipIp
IpAddress,
nsNatMipNetmask
IpAddress,
nsNatMipHost
IpAddress,
nsNatMipIfIp
IpAddress,
nsNatMipIfNetmask
IpAddress,
nsNatMipVsys
INTEGER}nsNatMipIndex OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"A unique value for each address. Its value
ranges between 0 and 65535 and may not be contingous."::={ nsNatMipEntry 1}nsNatMipIp OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"mip address. A MIP must be in the same subnet as the tunnel interface
to which it is linked to; however, for the untrusted interface, a MIP
does not need to be in the same subnet. In either case, a MIP must not
be the same as the interface address or be in any DIP pool that might
also be on that subnet."::={ nsNatMipEntry 2}nsNatMipNetmask OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"Subnet mask for this MIP."::={ nsNatMipEntry 3}nsNatMipHost OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"Host ip address mip mapping to."::={ nsNatMipEntry 4}nsNatMipIfIp OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"Interface's ip address that a MIP is linked to."::={ nsNatMipEntry 5}nsNatMipIfNetmask OBJECT-TYPESYNTAXIpAddressACCESSread-only
STATUSmandatoryDESCRIPTION"Interface's netmask that a MIP is linked to."::={ nsNatMipEntry 6}nsNatMipVsys OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Virtual system this mip belongs to."::={ nsNatMipEntry 7}nsNatDipTable OBJECT-TYPESYNTAXSEQUENCEOF NsNatDipEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"A DIP(Dynamic IP) pool is a range of IP addresses from which
the NetScreen device can dynamically take addresses to use when
performing NAT on the source IP address of outgoing or incoming
IP packets."::={ netscreenNAT 2}nsNatDipEntry OBJECT-TYPESYNTAX NsNatDipEntry
ACCESSnot-accessibleSTATUSmandatory
DESCRIPTION"An entry containing attributes of a dynamic address"INDEX{ nsNatDipIndex }::={ nsNatDipTable 1}
NsNatDipEntry ::=SEQUENCE{
nsNatDipIndex
INTEGER,
nsNatDipId
INTEGER,
nsNatDipLow
IpAddress,
nsNatDipHigh
IpAddress,
nsNatDipIfIp
IpAddress,
nsNatDipIfNetmask
IpAddress,
nsNatDipPTEnable
INTEGER,
nsNatDipVsys
INTEGER,
nsNatDipUtil
INTEGER}nsNatDipIndex OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"A unique value for each address. Its value
ranges between 0 and 65535 and may not be contigous."::={ nsNatDipEntry 1}nsNatDipId OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"DIP pool id."::={ nsNatDipEntry 2}nsNatDipLow OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"Start IP Address Range. The range of addresses in a DIP pool must be
in the same subnet as the interface IP address, but the DIP pool
should not contain the interface IP or any MIP or VIP address that
might on that subnet."::={ nsNatDipEntry 3}nsNatDipHigh OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"End IP Address Range. The range of addresses in a DIP pool must be
in the same subnet as the interface IP address, but the DIP pool
should not contain the interface IP or any MIP or VIP address that
might on that subnet."::={ nsNatDipEntry 4}nsNatDipIfIp OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"Interface's ip address that a DIP is linked to."::={ nsNatDipEntry 5}nsNatDipIfNetmask OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"interface's ip address that a DIP is linked to."::={ nsNatDipEntry 6}nsNatDipPTEnable OBJECT-TYPESYNTAXINTEGER{disable(0),enabled(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"Enable Port Translation"::={ nsNatDipEntry 7}
nsNatDipVsys OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"virtual system this dip belongs to"::={ nsNatDipEntry 8}nsNatDipUtil OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"dip pool utization for this entry. Only applicable to fixed dip. If this is not a fixed dip this will return 0"::={ nsNatDipEntry 9}nsNatVip OBJECTIDENTIFIER::={ netscreenNAT 3}nsNatVipCfgTable OBJECT-TYPESYNTAXSEQUENCEOF NsNatVipCfgEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"VIP(Virtual IP) allows you to map routable IP addresses to internal
servers, therby providing transparent connections for a NAT networks
to the Internet. This table collects all VIP configurations in NetScreen
device."::={ nsNatVip 1}nsNatVipCfgEntry OBJECT-TYPESYNTAX NsNatVipCfgEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"Each entry in the nsNatVipCfgTable holds a set of configuration parameters
associated with an instance of VIP."INDEX{ nsNatVipCfgIndex }::={ nsNatVipCfgTable 1}
NsNatVipCfgEntry ::=SEQUENCE{
nsNatVipCfgIndex
INTEGER,
nsNatVipCfgIp
IpAddress,
nsNatVipCfgPort
INTEGER,
nsNatVipCfgService
DisplayString,
nsNatVipCfgStatus
INTEGER,
nsNatVipCfgLoadBalance
INTEGER}nsNatVipCfgIndex OBJECT-TYPE
SYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"A unique value for each vip configuation. Its value
ranges between 1 and 65535 and may not be contingous."::={ nsNatVipCfgEntry 1}nsNatVipCfgIp OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"The IP address for the VIP, which must be in the same subnet as the
untrusted interface and can even be the same address as the untrusted
interface."::={ nsNatVipCfgEntry 2}nsNatVipCfgPort OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"The port number for communication between the trusted server and the
untrusted interfce on the NetScreen device."::={ nsNatVipCfgEntry 3}nsNatVipCfgService OBJECT-TYPESYNTAXDisplayString(SIZE(0..255))
ACCESSread-onlySTATUSmandatoryDESCRIPTION"Service for the server on the trusted interface."::={ nsNatVipCfgEntry 4}nsNatVipCfgStatus OBJECT-TYPESYNTAXINTEGER{not-available(0),available(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"The status of the server on the trusted/DMZ interface."::={ nsNatVipCfgEntry 5}nsNatVipCfgLoadBalance OBJECT-TYPESYNTAXINTEGER{null(0),round-robin(1),weighted-round-robin(2),
least-conns(3),weighted-least-conns(4)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"Load balance algorithm for the Virtual IP servers."::={ nsNatVipCfgEntry 6}nsNatVipServerTable OBJECT-TYPESYNTAXSEQUENCEOF NsNatVipServerEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"Ballancing the loads on NetScreen servers allow traffic intended
for a server(one IP address on the untrusted network) to be mapped
to several different IP addresses on the DMZ or trusted network.
There can be up to eight servers in one load balancing group, which
apperas as a single virtual server.This table collects all the
server pool configurations for the virtual ip server."::={ nsNatVip 2}nsNatVipServerEntry OBJECT-TYPESYNTAX NsNatVipServerEntry
ACCESSnot-accessible
STATUSmandatoryDESCRIPTION"An entry containing attributes of a vip configuration's server pool."INDEX{ nsNatVipServerIndex }::={ nsNatVipServerTable 1}
NsNatVipServerEntry ::=SEQUENCE{
nsNatVipServerIndex
INTEGER,
nsNatVipServerVIP
IpAddress,
nsNatVipServerService
INTEGER,
nsNatVipServerLoadBalance
INTEGER,
nsNatVipServerIp
IpAddress,
nsNatVipServerWeight
INTEGER,
nsNatVipServerStatus
INTEGER}nsNatVipServerIndex OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"A unique value for each vip server configuation. Its value
ranges between 1 and 65535 and may not be contigous."::={ nsNatVipServerEntry 1}nsNatVipServerVIP OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"The IP address for the VIP."::={ nsNatVipServerEntry 2}nsNatVipServerService OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Service provideing through the VIP."::={ nsNatVipServerEntry 3}nsNatVipServerLoadBalance OBJECT-TYPESYNTAXINTEGER{null(0),round-robin(1),weighted-round-robin(2),least-conns(3),weighted-least-conns(4)
}ACCESSread-onlySTATUSmandatoryDESCRIPTION"Load balance algorithm for the vitural IP servers."::={ nsNatVipServerEntry 4}nsNatVipServerIp OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"Virtual IP server's IP address."::={ nsNatVipServerEntry 5}nsNatVipServerWeight OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Loadbalance algorithm weight."::={ nsNatVipServerEntry 6}nsNatVipServerStatus OBJECT-TYPESYNTAXINTEGER{down(0),up(1)
}ACCESSread-onlySTATUSmandatoryDESCRIPTION"Virtual IP server's status."::={ nsNatVipServerEntry 7}END