-- These MIBs were created on 08/027/2000
-- This module defines enterprise MIBs for VPN tunnel monitoring
--
-- Copyright (c) 1999-2004, Juniper Networks, Inc.
-- All rights reserved.
--
-- MODULE-IDENTITY
-- OrgName
-- Juniper Networks, Inc.
-- ContactInfo
-- Customer Support
--
-- 1194 North Mathilda Avenue
-- Sunnyvale, California 94089-1206
-- USA
--
-- Tel: 1-800-638-8296
-- E-mail: customerservice@juniper.net
-- HTTP://www.juniper.net"
--
-- Last modified date: 05/03/2004
-- Modified copyright and contact info
--
-- Last modified date: 09/28/2001
--
-- Last modified date: 11/13/2003
-- Correct spelling mistake
--NETSCREEN-VPN-MON-MIB DEFINITIONS::=BEGIN
IMPORTSDisplayStringFROM RFC1213-MIB
netscreenVpn FROM NETSCREEN-SMI;netscreenVpnMon OBJECTIDENTIFIER::={ netscreenVpn 1}-- This module defines the object that are used to monitor
-- VPN tunnels
---- the active VPN tunnel table-- The VPN tunnel table contains information on the Netscreen's-- active tunnels. It contains both Phase1 and Phase 2-- information for an autokey tunnel established by IKE.-- It also contains information about the policy with which it is-- associated.nsVpnMonTable OBJECT-TYPESYNTAXSEQUENCEOF NsVpnMonEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"A list of active VPN tunnel entries. "::={ netscreenVpnMon 1}
nsVpnMonEntry OBJECT-TYPESYNTAX NsVpnMonEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"A VPN tunnel entry containing attributes for both IKE
Phase 1 and Phase 2 as well as associated policy"INDEX{ nsVpnMonIndex }::={ nsVpnMonTable 1}
NsVpnMonEntry ::=SEQUENCE{
nsVpnMonIndex
INTEGER,
nsVpnMonInPlyId
INTEGER,
nsVpnMonOutPlyId
INTEGER,
nsVpnMonVpnName
DisplayString,
nsVpnMonVsysName
DisplayString,
nsVpnMonTunnelType
INTEGER,
nsVpnMonEspEncAlg
INTEGER,
nsVpnMonEspAuthAlg
INTEGER,
nsVpnMonAhAlg
INTEGER,
nsVpnMonKeyType
INTEGER,
nsVpnMonP1Auth
INTEGER,
nsVpnMonVpnType
INTEGER,
nsVpnMonRmtGwIp
IpAddress,
nsVpnMonRmtGwId
DisplayString,
nsVpnMonMyGwIp
IpAddress,
nsVpnMonMyGwId
DisplayString,
nsVpnMonOutSpi
INTEGER,
nsVpnMonInSpi
INTEGER,
nsVpnMonMonState
INTEGER,
nsVpnMonTunnelState
INTEGER,
nsVpnMonP1State
INTEGER,
nsVpnMonP1LifeTime
INTEGER,
nsVpnMonP2State
INTEGER,
nsVpnMonP2LifeTime
INTEGER,
nsVpnMonP2LifeBytes
INTEGER,
nsVpnMonDelayAvg
INTEGER,
nsVpnMonDelayLast
INTEGER,
nsVpnMonAvail
INTEGER,
nsVpnMonSaId
INTEGER,
nsVpnMonGroupId
INTEGER,
nsVpnMonUsrId
INTEGER,
nsVpnMonStartSessRequestTime
TimeTicks,
nsVpnMonStartSessEstTime
TimeTicks,
nsVpnMonEndSessTime
TimeTicks,
nsVpnMonBytesIn
Counter,
nsVpnMonBytesOut
Counter,
nsVpnMonPacketsIn
Counter,
nsVpnMonPacketsOut
Counter,
nsVpnMonIfIndex
INTEGER,
nsVpnMonUpdateTime
TimeTicks,
nsVpnMonDN
DisplayString,
nsVpnMonIfInfo
INTEGER}nsVpnMonIndex OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"A unique value for each active VPN tunnel. Its value
ranges between 1 and 65535 and may not be contiguous.
Due to the dynamic nature of active VPN tunnels, the index
has no other meaning but a pure index"::={ nsVpnMonEntry 1}nsVpnMonInPlyId OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"The incoming policy ID for which this tunnel is created for.
-1 means no policy associates with this SA."::={ nsVpnMonEntry 2}nsVpnMonOutPlyId OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatory
DESCRIPTION"The outgoing policy ID for which this tunnel is created for.
-1 means no policy associates with this SA."::={ nsVpnMonEntry 3}nsVpnMonVpnName OBJECT-TYPESYNTAXDisplayString(SIZE(0..32))ACCESSread-onlySTATUSmandatoryDESCRIPTION"A textual string contains information about the
VPN entity from which this tunnel was derived. "::={ nsVpnMonEntry 4}nsVpnMonVsysName OBJECT-TYPESYNTAXDisplayString(SIZE(0..32))ACCESSread-onlySTATUSmandatoryDESCRIPTION"A textual string contains the
Virtual system to which this tunnel belongs."::={ nsVpnMonEntry 5}nsVpnMonTunnelType OBJECT-TYPESYNTAXINTEGER{reserved(0),proto-isakmp(1),proto-ipsec_ah(2),
proto-ipsec_esp(3),proto-ipcomp(4)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"Protocol type used for the tunnel"::={ nsVpnMonEntry 6}nsVpnMonEspEncAlg OBJECT-TYPESYNTAXINTEGER{reserved(0),esp-des-iv64(1),esp-des(2),esp-3des(3),esp-rc5(4),esp-idea(5),esp-cast(6),esp-blowfish(7),esp-3idea(8),esp-des-iv32(9),esp-rc4(10),esp-null(11),esp-aes(12),esp-aes192(20),
esp-aes256(21)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"a value which identifies a particular algorithm to be
used to provide secrecy protection for ESP. "::={ nsVpnMonEntry 7}nsVpnMonEspAuthAlg OBJECT-TYPESYNTAXINTEGER{reserved(0),hmac-md5(1),hmac-sha(2),des-mac(3),ipdk(4)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"The ESP Authentication Algorithm used in the IPsec. "::={ nsVpnMonEntry 8}nsVpnMonAhAlg OBJECT-TYPESYNTAXINTEGER{reserved(0),ah-md5(2),ah-sha(3),ah-des(4)
}ACCESSread-onlySTATUSmandatoryDESCRIPTION"a value which identifies a particular algorithm to be
used to provide integrity protection for AH. "::={ nsVpnMonEntry 9}nsVpnMonKeyType OBJECT-TYPESYNTAXINTEGER{manual(0),auto-ike(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"a value which identifies a key exchange protocol
to be used for the negotiation "::={ nsVpnMonEntry 10}nsVpnMonP1Auth OBJECT-TYPESYNTAXINTEGER{unused(0),preshared-key(1),dss-Signature(2),rsa-Signature(3),rsa-Encryption1(4),rsa-Encryption2(5)}ACCESSread-onlySTATUSmandatory
DESCRIPTION"a value which identifies Phase 1 authentication method"::={ nsVpnMonEntry 11}nsVpnMonVpnType OBJECT-TYPESYNTAXINTEGER{reserved(0),dialup(1),site-to-site(2)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"The type of this VPN tunnel, either a dialup or site-to-site "::={ nsVpnMonEntry 12}nsVpnMonRmtGwIp OBJECT-TYPESYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"The peer Gateway's IP address "::={ nsVpnMonEntry 13}nsVpnMonRmtGwId OBJECT-TYPESYNTAXDisplayStringACCESSread-onlySTATUSmandatoryDESCRIPTION"The peer Gateway's ID "::={ nsVpnMonEntry 14}nsVpnMonMyGwIp OBJECT-TYPE
SYNTAXIpAddressACCESSread-onlySTATUSmandatoryDESCRIPTION"The local Gateway's IP address "::={ nsVpnMonEntry 15}nsVpnMonMyGwId OBJECT-TYPESYNTAXDisplayStringACCESSread-onlySTATUSmandatoryDESCRIPTION"The local Gateway's ID "::={ nsVpnMonEntry 16}nsVpnMonOutSpi OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"The SPI for outgoing packets "::={ nsVpnMonEntry 17}nsVpnMonInSpi OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"The SPI for incoming packets "::={ nsVpnMonEntry 18}nsVpnMonMonState OBJECT-TYPESYNTAXINTEGER{off(0),
on(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"The monitoring status, if it is on, an icmp ping will be sent over
the tunnel periodically to test the connectivity and latency "::={ nsVpnMonEntry 19}nsVpnMonTunnelState OBJECT-TYPESYNTAXINTEGER{down(0),up(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"The current tunnel status determined by the icmp ping
if The monitoring status is on."::={ nsVpnMonEntry 20}nsVpnMonP1State OBJECT-TYPESYNTAXINTEGER{inactive(0),active(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"The IKE's Phase 1 status"::={ nsVpnMonEntry 21}nsVpnMonP1LifeTime OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"an active Phase 1 sa's time left before re-key.
-1 means unlimited lifetime."::={ nsVpnMonEntry 22}nsVpnMonP2State OBJECT-TYPESYNTAXINTEGER{inactive(0),active(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"The IKE's Phase 2 status"::={ nsVpnMonEntry 23}nsVpnMonP2LifeTime OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"an active Phase 2 sa's time left before re-key.
-1 means unlimited life time."::={ nsVpnMonEntry 24}nsVpnMonP2LifeBytes OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION
"an active Phase 2 sa's bytes left before re-key.
-1 means unlimited life bytes."::={ nsVpnMonEntry 25}nsVpnMonDelayAvg OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"a kind of rolling average of latency, in milliseconds.
-1 has no meaning here, which means nsVpnMonDelayAvg
has not been calculated yet."::={ nsVpnMonEntry 26}nsVpnMonDelayLast OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"latency in last sample, in milliseconds.
-1 means either vpn tunnel is inactive or vpn tunnel
monitor is not turned on."::={ nsVpnMonEntry 27}nsVpnMonAvail OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"percentage over 30 samples"::={ nsVpnMonEntry 28}nsVpnMonSaId OBJECT-TYPESYNTAXINTEGER
ACCESSread-onlySTATUSmandatoryDESCRIPTION"SA identifier, also used as table index"::={ nsVpnMonEntry 29}nsVpnMonGroupId OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Group Identifier"::={ nsVpnMonEntry 30}nsVpnMonUsrId OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"User Identifier"::={ nsVpnMonEntry 31}nsVpnMonStartSessRequestTime OBJECT-TYPESYNTAXTimeTicksACCESSread-onlySTATUSmandatoryDESCRIPTION"Start Session request timestamp "::={ nsVpnMonEntry 32}nsVpnMonStartSessEstTime OBJECT-TYPESYNTAXTimeTicksACCESSread-onlySTATUSmandatoryDESCRIPTION
"Start Session establish timestamp "::={ nsVpnMonEntry 33}nsVpnMonEndSessTime OBJECT-TYPESYNTAXTimeTicksACCESSread-onlySTATUSmandatoryDESCRIPTION"End Session timestamp [when session terminates]"::={ nsVpnMonEntry 34}nsVpnMonBytesIn OBJECT-TYPESYNTAXCounterACCESSread-onlySTATUSmandatoryDESCRIPTION"Incoming bytes through this sa."::={ nsVpnMonEntry 35}nsVpnMonBytesOut OBJECT-TYPESYNTAXCounterACCESSread-onlySTATUSmandatoryDESCRIPTION"Outgoing bytes through this sa."::={ nsVpnMonEntry 36}nsVpnMonPacketsIn OBJECT-TYPESYNTAXCounterACCESSread-onlySTATUSmandatoryDESCRIPTION"Incoming packets through this sa."::={ nsVpnMonEntry 37}
nsVpnMonPacketsOut OBJECT-TYPESYNTAXCounterACCESSread-onlySTATUSmandatoryDESCRIPTION"Outgoing packets through this sa."::={ nsVpnMonEntry 38}nsVpnMonIfIndex OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"interface index."::={ nsVpnMonEntry 39}nsVpnMonUpdateTime OBJECT-TYPESYNTAXTimeTicksACCESSread-onlySTATUSmandatoryDESCRIPTION"Timestamp [Whenever any member of the row gets updated, the timestamp is updated] "::={ nsVpnMonEntry 40}nsVpnMonDN OBJECT-TYPESYNTAXDisplayString(SIZE(0..64))ACCESSread-onlySTATUSmandatoryDESCRIPTION"DN name"::={ nsVpnMonEntry 41}
nsVpnMonIfInfo OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Internal id assigned to this interface. Stays persistent across resets."::={ nsVpnMonEntry 42}END