1-- *------------------------------------------------------------------ 2-- * CISCO-IPSEC-FLOW-MONITOR-MIB.my: IPSec Flow Monitoring MIB. 3-- * 4-- * April 2000, S Ramakrishnan 5-- * 6-- * Copyright (c) 2000, 2004, 2007 by Cisco Systems Inc. 7-- * All rights reserved. 8-- * 9-- *------------------------------------------------------------------ 10 11CISCO-IPSEC-FLOW-MONITOR-MIB DEFINITIONS ::= BEGIN 12 13IMPORTS 14 MODULE-IDENTITY, 15 OBJECT-TYPE, 16 NOTIFICATION-TYPE, 17 Counter32, 18 Counter64, 19 Gauge32, 20 Integer32, 21 Unsigned32 22 FROM SNMPv2-SMI 23 MODULE-COMPLIANCE, 24 OBJECT-GROUP, 25 NOTIFICATION-GROUP 26 FROM SNMPv2-CONF 27 TEXTUAL-CONVENTION, 28 DisplayString, 29 TimeStamp, 30 TimeInterval, 31 TruthValue 32 FROM SNMPv2-TC 33 cmgwIndex 34 FROM CISCO-MEDIA-GATEWAY-MIB 35 ciscoMgmt 36 FROM CISCO-SMI; 37 38 39ciscoIpSecFlowMonitorMIB MODULE-IDENTITY 40 LAST-UPDATED "200710240000Z" 41 ORGANIZATION "Tivoli Systems and Cisco Systems" 42 CONTACT-INFO 43 "Tivoli Systems 44 Research Triangle Park, NC 45 46 Cisco Systems 47 170 W Tasman Drive 48 San Jose, CA 95134 49 USA 50 51 Tel: +1 800 553-NETS 52 E-mail: cs-ipsecurity@cisco.com" 53 DESCRIPTION 54 "This is a MIB Module for monitoring the 55 structures in IPSec-based Virtual Private Networks. 56 The MIB has been designed to be adopted as an IETF 57 standard. Hence Cisco-specific features of IPSec 58 protocol are excluded from this MIB. 59 60 Acronyms 61 The following acronyms are used in this document: 62 63 IPSec: Secure IP Protocol 64 65 VPN: Virtual Private Network 66 67 ISAKMP: Internet Security Association and Key Exchange 68 Protocol 69 70 IKE: Internet Key Exchange Protocol 71 72 SA: Security Association 73 74 MM: Main Mode - the process of setting up 75 a Phase 1 SA to secure the exchanges 76 required to setup Phase 2 SAs 77 78 QM: Quick Mode - the process of setting up 79 Phase 2 Security Associations using 80 a Phase 1 SA. 81 82 83 Overview of IPsec MIB 84 85 The MIB contains six major groups of objects which are 86 used to manage the IPSec Protocol. These groups include 87 a Levels Group, a Phase-1 Group, a Phase-2 Group, 88 a History Group, a Failure Group and a TRAP Control Group. 89 The following table illustrates the structure of the 90 IPSec MIB. 91 92 The Phase 1 group models objects pertaining to 93 IKE negotiations and tunnels. 94 95 The Phase 2 group models objects pertaining to 96 IPSec data tunnels. 97 98 The History group is to aid applications that do 99 trending analysis. 100 101 The Failure group is to enable an operator to 102 do troubleshooting and debugging of the VPN Router. 103 Further, counters are supported to aid Intrusion 104 Detection. 105 106 In addition to the five major MIB Groups, there are 107 a number of Notifications. The following table 108 illustrates the name and description of the 109 IPSec TRAPs. 110 111 For a detailed discussion, please refer to the IETF 112 draft draft-ietf-ipsec-flow-monitoring-mib-00.txt." 113 REVISION "200710240000Z" 114 DESCRIPTION 115 "In the description of cipSecTunHistHcInDecompOctets, 116 cipSecTunHcInOctets has been changed to 117 cipSecTunHistHcInOctets. 118 119 In the description of cipSecTunHistOutUncompOctets, 120 cipSecTunOutOctets has been changed to 121 cipSecTunHistOutOctets. 122 123 In the description of cipSecTunHistHcOutUncompOctets, 124 cipSecTunHcOutOctets has been changed to 125 cipSecTunHistHcOutOctets. 126 127 In the description of cipSecTunHistInDecompOctets, 128 cipSecTunInOctets has been changed to 129 cipSecTunHistInOctets." 130 REVISION "200410120000Z" 131 DESCRIPTION 132 "Added two table for media gateway stats 133 information: 134 cikePhase1GWStatsTable (phase-1 IKE) 135 cipSecPhase2GWStatsTable (phase-2 IPsec)" 136 REVISION "200010131800Z" 137 DESCRIPTION 138 "Changed cipSecSpiValue to Unsigned32. 139 Changed Protocol ranges to 140 start at 0 instead of 1. 141 Removed comment(s) incorrectly indicating 142 this MIB was CiscoExperiment." 143 REVISION "200008171259Z" 144 DESCRIPTION 145 "Initial version of this MIB module." 146 ::= { ciscoMgmt 171 } 147 148 149 150-- +++++++++++++++++++++++++++++++++++++++++++++++++++ 151-- Local Textual Conventions 152-- +++++++++++++++++++++++++++++++++++++++++++++++++++ 153 154IPSIpAddress ::= TEXTUAL-CONVENTION 155 STATUS current 156 DESCRIPTION 157 "An IP V4 or V6 Address." 158 SYNTAX OCTET STRING (SIZE (4 | 16)) 159 160-- IP V4 or V6 Address 161 162IkePeerType ::= TEXTUAL-CONVENTION 163 STATUS current 164 DESCRIPTION 165 "The type of IPsec Phase-1 IKE peer identity. 166 The IKE peer may be identified by: 167 1. an IP address, or 168 2. a host name." 169 SYNTAX INTEGER { 170 ipAddrPeer(1), 171 namePeer(2) 172 } 173 174IkeNegoMode ::= TEXTUAL-CONVENTION 175 STATUS current 176 DESCRIPTION 177 "The IPsec Phase-1 IKE negotiation mode." 178 SYNTAX INTEGER { 179 main(1), 180 aggressive(2) 181 } 182 183IkeHashAlgo ::= TEXTUAL-CONVENTION 184 STATUS current 185 DESCRIPTION 186 "The hash algorithm used in IPsec Phase-1 187 IKE negotiations." 188 SYNTAX INTEGER { 189 none(1), 190 md5(2), 191 sha(3) 192 } 193 194IkeAuthMethod ::= TEXTUAL-CONVENTION 195 STATUS current 196 DESCRIPTION 197 "The authentication method used in IPsec Phase-1 IKE 198 negotiations." 199 SYNTAX INTEGER { 200 none(1), 201 preSharedKey(2), 202 rsaSig(3), 203 rsaEncrypt(4), 204 revPublicKey(5) 205 } 206 207DiffHellmanGrp ::= TEXTUAL-CONVENTION 208 STATUS current 209 DESCRIPTION 210 "The Diffie Hellman Group used in negotiations." 211 SYNTAX INTEGER { 212 none(1), 213 dhGroup1(2), 214 dhGroup2(3) 215 } 216 217KeyType ::= TEXTUAL-CONVENTION 218 STATUS current 219 DESCRIPTION 220 "The type of key used by an IPsec Phase-2 Tunnel." 221 SYNTAX INTEGER { 222 ike(1), 223 manual(2) 224 } 225 226EncapMode ::= TEXTUAL-CONVENTION 227 STATUS current 228 DESCRIPTION 229 "The encapsulation mode used by an IPsec Phase-2 230 Tunnel." 231 SYNTAX INTEGER { 232 tunnel(1), 233 transport(2) 234 } 235 236EncryptAlgo ::= TEXTUAL-CONVENTION 237 STATUS current 238 DESCRIPTION 239 "The encryption algorithm used in negotiations." 240 SYNTAX INTEGER { 241 none(1), 242 des(2), 243 des3(3) 244 } 245 246AuthAlgo ::= TEXTUAL-CONVENTION 247 STATUS current 248 DESCRIPTION 249 "The authentication algorithm used by a 250 security association of an IPsec Phase-2 Tunnel." 251 SYNTAX INTEGER { 252 none(1), 253 hmacMd5(2), 254 hmacSha(3) 255 } 256 257CompAlgo ::= TEXTUAL-CONVENTION 258 STATUS current 259 DESCRIPTION 260 "The compression algorithm used by a 261 security association of an IPsec Phase-2 Tunnel." 262 SYNTAX INTEGER { 263 none(1), 264 ldf(2) 265 } 266 267EndPtType ::= TEXTUAL-CONVENTION 268 STATUS current 269 DESCRIPTION 270 "The type of identity use to specify an IPsec End Point." 271 SYNTAX INTEGER { 272 singleIpAddr(1), 273 ipAddrRange(2), 274 ipSubnet(3) 275 } 276 277TunnelStatus ::= TEXTUAL-CONVENTION 278 STATUS current 279 DESCRIPTION 280 "The status of a Tunnel. Objects of this type may 281 be used to bring the tunnel down by setting 282 value of this object to destroy(2). Objects of this 283 type cannot be used to create a Tunnel." 284 SYNTAX INTEGER { 285 active(1), 286 destroy(2) 287 } 288 289TrapStatus ::= TEXTUAL-CONVENTION 290 STATUS current 291 DESCRIPTION 292 "The administrative status for sending a TRAP." 293 SYNTAX INTEGER { 294 enabled(1), 295 disabled(2) 296 } 297-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 298-- IPsec MIB Object Groups 299-- 300-- This MIB module contains the following groups: 301-- 1) IPsec Levels Group 302-- 2) IPsec Phase-1 Group 303-- 3) IPsec Phase-2 Group 304-- 4) IPsec History Group 305-- 5) IPsec Failure Group 306-- 6) IPsec TRAP Control Group 307-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 308 309cipSecMIBObjects OBJECT IDENTIFIER 310 ::= { ciscoIpSecFlowMonitorMIB 1 } 311 312cipSecLevels OBJECT IDENTIFIER 313 ::= { cipSecMIBObjects 1 } 314 315cipSecPhaseOne OBJECT IDENTIFIER 316 ::= { cipSecMIBObjects 2 } 317 318cipSecPhaseTwo OBJECT IDENTIFIER 319 ::= { cipSecMIBObjects 3 } 320 321cipSecHistory OBJECT IDENTIFIER 322 ::= { cipSecMIBObjects 4 } 323 324cipSecFailures OBJECT IDENTIFIER 325 ::= { cipSecMIBObjects 5 } 326 327cipSecTrapCntl OBJECT IDENTIFIER 328 ::= { cipSecMIBObjects 6 } 329 330 331-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 332-- IPsec Levels Group 333-- 334-- This group consists of a: 335-- 1) IPsec MIB Level 336-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 337 338cipSecMibLevel OBJECT-TYPE 339 SYNTAX Integer32 (1..4096 ) 340 MAX-ACCESS read-only 341 STATUS current 342 DESCRIPTION 343 "The level of the IPsec MIB." 344 ::= { cipSecLevels 1 } 345-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 346-- The IPsec Phase-1 Internet Key Exchange (IKE) Group 347-- 348-- This group consists of: 349-- 1) IPsec Phase-1 Global Statistics 350-- 2) IPsec Phase-1 Peer Table 351-- 3) IPsec Phase-1 Tunnel Table 352-- 4) IPsec Phase-1 Correlation Table 353-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 354-- 355-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 356-- The IPsec Phase-1 Global Statistics 357-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 358 359cikeGlobalStats OBJECT IDENTIFIER 360 ::= { cipSecPhaseOne 1 } 361 362 363cikeGlobalActiveTunnels OBJECT-TYPE 364 SYNTAX Gauge32 365 MAX-ACCESS read-only 366 STATUS current 367 DESCRIPTION 368 "The number of currently active IPsec 369 Phase-1 IKE Tunnels." 370 ::= { cikeGlobalStats 1 } 371 372cikeGlobalPreviousTunnels OBJECT-TYPE 373 SYNTAX Counter32 374 UNITS "SAs" 375 MAX-ACCESS read-only 376 STATUS current 377 DESCRIPTION 378 "The total number of previously active 379 IPsec Phase-1 IKE Tunnels." 380 ::= { cikeGlobalStats 2 } 381 382cikeGlobalInOctets OBJECT-TYPE 383 SYNTAX Counter32 384 UNITS "Octets" 385 MAX-ACCESS read-only 386 STATUS current 387 DESCRIPTION 388 "The total number of octets received by all currently 389 and previously active IPsec Phase-1 IKE Tunnels." 390 ::= { cikeGlobalStats 3 } 391 392cikeGlobalInPkts OBJECT-TYPE 393 SYNTAX Counter32 394 UNITS "Packets" 395 MAX-ACCESS read-only 396 STATUS current 397 DESCRIPTION 398 "The total number of packets received by all 399 currently and previously active IPsec 400 Phase-1 IKE Tunnels." 401 ::= { cikeGlobalStats 4 } 402 403cikeGlobalInDropPkts OBJECT-TYPE 404 SYNTAX Counter32 405 UNITS "Packets" 406 MAX-ACCESS read-only 407 STATUS current 408 DESCRIPTION 409 "The total number of packets which were 410 dropped during receive processing by all 411 currently and previously 412 active IPsec Phase-1 IKE Tunnels." 413 ::= { cikeGlobalStats 5 } 414 415cikeGlobalInNotifys OBJECT-TYPE 416 SYNTAX Counter32 417 UNITS "Notification Payloads" 418 MAX-ACCESS read-only 419 STATUS current 420 DESCRIPTION 421 "The total number of notifys received by 422 all currently and previously active IPsec 423 Phase-1 IKE Tunnels." 424 ::= { cikeGlobalStats 6 } 425 426cikeGlobalInP2Exchgs OBJECT-TYPE 427 SYNTAX Counter32 428 UNITS "SA Payloads" 429 MAX-ACCESS read-only 430 STATUS current 431 DESCRIPTION 432 "The total number of IPsec Phase-2 exchanges 433 received by all currently and previously 434 active IPsec Phase-1 IKE Tunnels." 435 ::= { cikeGlobalStats 7 } 436 437cikeGlobalInP2ExchgInvalids OBJECT-TYPE 438 SYNTAX Counter32 439 UNITS "SA Payloads" 440 MAX-ACCESS read-only 441 STATUS current 442 DESCRIPTION 443 "The total number of IPsec Phase-2 exchanges 444 which were received and found to be invalid 445 by all currently and previously active IPsec 446 Phase-1 IKE Tunnels." 447 ::= { cikeGlobalStats 8 } 448 449cikeGlobalInP2ExchgRejects OBJECT-TYPE 450 SYNTAX Counter32 451 UNITS "SA Payloads" 452 MAX-ACCESS read-only 453 STATUS current 454 DESCRIPTION 455 "The total number of IPsec Phase-2 exchanges 456 which were received and rejected by all 457 currently and previously active IPsec Phase-1 458 IKE Tunnels." 459 ::= { cikeGlobalStats 9 } 460 461cikeGlobalInP2SaDelRequests OBJECT-TYPE 462 SYNTAX Counter32 463 UNITS "Notification Payloads" 464 MAX-ACCESS read-only 465 STATUS current 466 DESCRIPTION 467 "The total number of IPsec Phase-2 security 468 association delete requests received by all 469 currently and previously 470 active and IPsec Phase-1 IKE Tunnels." 471 ::= { cikeGlobalStats 10 } 472 473cikeGlobalOutOctets OBJECT-TYPE 474 SYNTAX Counter32 475 UNITS "Octets" 476 MAX-ACCESS read-only 477 STATUS current 478 DESCRIPTION 479 "The total number of octets sent by all currently 480 and previously active and IPsec Phase-1 481 IKE Tunnels." 482 ::= { cikeGlobalStats 11 } 483 484cikeGlobalOutPkts OBJECT-TYPE 485 SYNTAX Counter32 486 UNITS "Packets" 487 MAX-ACCESS read-only 488 STATUS current 489 DESCRIPTION 490 "The total number of packets sent by all currently 491 and previously active and IPsec Phase-1 492 Tunnels." 493 ::= { cikeGlobalStats 12 } 494 495cikeGlobalOutDropPkts OBJECT-TYPE 496 SYNTAX Counter32 497 UNITS "Packets" 498 MAX-ACCESS read-only 499 STATUS current 500 DESCRIPTION 501 "The total number of packets which were dropped 502 during send processing by all currently 503 and previously 504 active IPsec Phase-1 IKE Tunnels." 505 ::= { cikeGlobalStats 13 } 506 507cikeGlobalOutNotifys OBJECT-TYPE 508 SYNTAX Counter32 509 UNITS "Notification Payloads" 510 MAX-ACCESS read-only 511 STATUS current 512 DESCRIPTION 513 "The total number of notifys sent by all currently 514 and previously active IPsec Phase-1 IKE Tunnels." 515 ::= { cikeGlobalStats 14 } 516 517cikeGlobalOutP2Exchgs OBJECT-TYPE 518 SYNTAX Counter32 519 UNITS "SA Payloads" 520 MAX-ACCESS read-only 521 STATUS current 522 DESCRIPTION 523 "The total number of IPsec Phase-2 exchanges 524 which were sent by all currently and previously 525 active IPsec Phase-1 IKE Tunnels." 526 ::= { cikeGlobalStats 15 } 527 528cikeGlobalOutP2ExchgInvalids OBJECT-TYPE 529 SYNTAX Counter32 530 UNITS "SA Payloads" 531 MAX-ACCESS read-only 532 STATUS current 533 DESCRIPTION 534 "The total number of IPsec Phase-2 exchanges 535 which were sent and found to be invalid by 536 all currently and previously active IPsec Phase-1 537 Tunnels." 538 ::= { cikeGlobalStats 16 } 539 540cikeGlobalOutP2ExchgRejects OBJECT-TYPE 541 SYNTAX Counter32 542 UNITS "SA Payloads" 543 MAX-ACCESS read-only 544 STATUS current 545 DESCRIPTION 546 "The total number of IPsec Phase-2 exchanges 547 which were sent and rejected by all currently and 548 previously active IPsec Phase-1 IKE Tunnels." 549 ::= { cikeGlobalStats 17 } 550 551cikeGlobalOutP2SaDelRequests OBJECT-TYPE 552 SYNTAX Counter32 553 UNITS "Notification Payloads" 554 MAX-ACCESS read-only 555 STATUS current 556 DESCRIPTION 557 "The total number of IPsec Phase-2 SA 558 delete requests sent by all currently and 559 previously active IPsec Phase-1 IKE Tunnels." 560 ::= { cikeGlobalStats 18 } 561 562cikeGlobalInitTunnels OBJECT-TYPE 563 SYNTAX Counter32 564 UNITS "SAs" 565 MAX-ACCESS read-only 566 STATUS current 567 DESCRIPTION 568 "The total number of IPsec Phase-1 IKE 569 Tunnels which were locally initiated." 570 ::= { cikeGlobalStats 19 } 571 572cikeGlobalInitTunnelFails OBJECT-TYPE 573 SYNTAX Counter32 574 UNITS "SAs" 575 MAX-ACCESS read-only 576 STATUS current 577 DESCRIPTION 578 "The total number of IPsec Phase-1 IKE Tunnels 579 which were locally initiated and failed to activate." 580 ::= { cikeGlobalStats 20 } 581 582cikeGlobalRespTunnelFails OBJECT-TYPE 583 SYNTAX Counter32 584 UNITS "SAs" 585 MAX-ACCESS read-only 586 STATUS current 587 DESCRIPTION 588 "The total number of IPsec Phase-1 IKE Tunnels 589 which were remotely initiated and failed to activate." 590 ::= { cikeGlobalStats 21 } 591 592cikeGlobalSysCapFails OBJECT-TYPE 593 SYNTAX Counter32 594 UNITS "Failures" 595 MAX-ACCESS read-only 596 STATUS current 597 DESCRIPTION 598 "The total number of system capacity failures 599 which occurred during processing of all current 600 and previously active IPsec Phase-1 IKE Tunnels." 601 ::= { cikeGlobalStats 22 } 602 603cikeGlobalAuthFails OBJECT-TYPE 604 SYNTAX Counter32 605 UNITS "Failures" 606 MAX-ACCESS read-only 607 STATUS current 608 DESCRIPTION 609 "The total number of authentications which ended 610 in failure by all current and previous IPsec Phase-1 611 IKE Tunnels." 612 ::= { cikeGlobalStats 23 } 613 614cikeGlobalDecryptFails OBJECT-TYPE 615 SYNTAX Counter32 616 UNITS "Failures" 617 MAX-ACCESS read-only 618 STATUS current 619 DESCRIPTION 620 "The total number of decryptions which ended 621 in failure by all current and previous IPsec Phase-1 622 IKE Tunnels." 623 ::= { cikeGlobalStats 24 } 624 625cikeGlobalHashValidFails OBJECT-TYPE 626 SYNTAX Counter32 627 UNITS "Failures" 628 MAX-ACCESS read-only 629 STATUS current 630 DESCRIPTION 631 "The total number of hash validations which ended 632 in failure by all current and previous IPsec Phase-1 633 IKE Tunnels." 634 ::= { cikeGlobalStats 25 } 635 636cikeGlobalNoSaFails OBJECT-TYPE 637 SYNTAX Counter32 638 UNITS "Failures" 639 MAX-ACCESS read-only 640 STATUS current 641 DESCRIPTION 642 "The total number of non-existent Security Association 643 in failures which occurred during processing of 644 all current and previous IPsec Phase-1 IKE Tunnels." 645 ::= { cikeGlobalStats 26 } 646-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 647-- The IPsec Phase-1 Internet Key Exchange Peer Table 648-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 649 650cikePeerTable OBJECT-TYPE 651 SYNTAX SEQUENCE OF CikePeerEntry 652 MAX-ACCESS not-accessible 653 STATUS current 654 DESCRIPTION 655 "The IPsec Phase-1 Internet Key Exchange Peer Table. 656 There is one entry in this table for each IPsec 657 Phase-1 IKE peer association which is currently 658 associated with an active IPsec Phase-1 Tunnel. 659 The IPsec Phase-1 IKE Tunnel associated with this 660 IPsec Phase-1 IKE peer association may or may not 661 be currently active." 662 ::= { cipSecPhaseOne 2 } 663 664cikePeerEntry OBJECT-TYPE 665 SYNTAX CikePeerEntry 666 MAX-ACCESS not-accessible 667 STATUS current 668 DESCRIPTION 669 "Each entry contains the attributes associated 670 with an IPsec Phase-1 IKE peer association." 671 INDEX { 672 cikePeerLocalType, 673 cikePeerLocalValue, 674 cikePeerRemoteType, 675 cikePeerRemoteValue, 676 cikePeerIntIndex 677 } 678 ::= { cikePeerTable 1 } 679 680CikePeerEntry ::= SEQUENCE { 681 cikePeerLocalType IkePeerType, 682 cikePeerLocalValue DisplayString, 683 cikePeerRemoteType IkePeerType, 684 cikePeerRemoteValue DisplayString, 685 cikePeerIntIndex Integer32, 686 cikePeerLocalAddr IPSIpAddress, 687 cikePeerRemoteAddr IPSIpAddress, 688 cikePeerActiveTime TimeInterval, 689 cikePeerActiveTunnelIndex Integer32 690} 691 692cikePeerLocalType OBJECT-TYPE 693 SYNTAX IkePeerType 694 MAX-ACCESS not-accessible 695 STATUS current 696 DESCRIPTION 697 "The type of local peer identity. The local peer 698 may be identified by: 699 1. an IP address, or 700 2. a host name." 701 ::= { cikePeerEntry 1 } 702 703cikePeerLocalValue OBJECT-TYPE 704 SYNTAX DisplayString 705 MAX-ACCESS not-accessible 706 STATUS current 707 DESCRIPTION 708 "The value of the local peer identity. 709 710 If the local peer type is an IP Address, then this 711 is the IP Address used to identify the local peer. 712 713 If the local peer type is a host name, then this is 714 the host name used to identify the local peer." 715 ::= { cikePeerEntry 2 } 716 717cikePeerRemoteType OBJECT-TYPE 718 SYNTAX IkePeerType 719 MAX-ACCESS not-accessible 720 STATUS current 721 DESCRIPTION 722 "The type of remote peer identity. The remote peer 723 may be identified by: 724 1. an IP address, or 725 2. a host name." 726 ::= { cikePeerEntry 3 } 727 728cikePeerRemoteValue OBJECT-TYPE 729 SYNTAX DisplayString 730 MAX-ACCESS not-accessible 731 STATUS current 732 DESCRIPTION 733 "The value of the remote peer identity. 734 735 If the remote peer type is an IP Address, then this 736 is the IP Address used to identify the remote peer. 737 738 If the remote peer type is a host name, then this is 739 the host name used to identify the remote peer." 740 ::= { cikePeerEntry 4 } 741 742cikePeerIntIndex OBJECT-TYPE 743 SYNTAX Integer32 (1..2147483647 ) 744 MAX-ACCESS not-accessible 745 STATUS current 746 DESCRIPTION 747 "The internal index of the local-remote 748 peer association. This internal index is used 749 to uniquely identify multiple associations between 750 the local and remote peer." 751 ::= { cikePeerEntry 5 } 752 753cikePeerLocalAddr OBJECT-TYPE 754 SYNTAX IPSIpAddress 755 MAX-ACCESS read-only 756 STATUS current 757 DESCRIPTION 758 "The IP address of the local peer." 759 ::= { cikePeerEntry 6 } 760 761cikePeerRemoteAddr OBJECT-TYPE 762 SYNTAX IPSIpAddress 763 MAX-ACCESS read-only 764 STATUS current 765 DESCRIPTION 766 "The IP address of the remote peer." 767 ::= { cikePeerEntry 7 } 768 769cikePeerActiveTime OBJECT-TYPE 770 SYNTAX TimeInterval 771 MAX-ACCESS read-only 772 STATUS current 773 DESCRIPTION 774 "The length of time that the peer association has 775 existed in hundredths of a second." 776 ::= { cikePeerEntry 8 } 777 778cikePeerActiveTunnelIndex OBJECT-TYPE 779 SYNTAX Integer32 (1..2147483647 ) 780 MAX-ACCESS read-only 781 STATUS current 782 DESCRIPTION 783 "The index of the active IPsec Phase-1 IKE Tunnel 784 (cikeTunIndex in the cikeTunnelTable) for this peer 785 association. If an IPsec Phase-1 IKE Tunnel is 786 not currently active, then the value of this 787 object will be zero." 788 ::= { cikePeerEntry 9 } 789 790 791-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 792-- The IPsec Phase-1 Internet Key Exchange Tunnel Table 793-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 794 795cikeTunnelTable OBJECT-TYPE 796 SYNTAX SEQUENCE OF CikeTunnelEntry 797 MAX-ACCESS not-accessible 798 STATUS current 799 DESCRIPTION 800 "The IPsec Phase-1 Internet Key Exchange Tunnel Table. 801 There is one entry in this table for each active IPsec 802 Phase-1 IKE Tunnel." 803 ::= { cipSecPhaseOne 3 } 804 805cikeTunnelEntry OBJECT-TYPE 806 SYNTAX CikeTunnelEntry 807 MAX-ACCESS not-accessible 808 STATUS current 809 DESCRIPTION 810 "Each entry contains the attributes associated with 811 an active IPsec Phase-1 IKE Tunnel." 812 INDEX { cikeTunIndex } 813 ::= { cikeTunnelTable 1 } 814 815CikeTunnelEntry ::= SEQUENCE { 816 cikeTunIndex Integer32, 817 cikeTunLocalType IkePeerType, 818 cikeTunLocalValue DisplayString, 819 cikeTunLocalAddr IPSIpAddress, 820 cikeTunLocalName DisplayString, 821 cikeTunRemoteType IkePeerType, 822 cikeTunRemoteValue DisplayString, 823 cikeTunRemoteAddr IPSIpAddress, 824 cikeTunRemoteName DisplayString, 825 cikeTunNegoMode IkeNegoMode, 826 cikeTunDiffHellmanGrp DiffHellmanGrp, 827 cikeTunEncryptAlgo EncryptAlgo, 828 cikeTunHashAlgo IkeHashAlgo, 829 cikeTunAuthMethod IkeAuthMethod, 830 cikeTunLifeTime Integer32, 831 cikeTunActiveTime TimeInterval, 832 cikeTunSaRefreshThreshold Integer32, 833 cikeTunTotalRefreshes Counter32, 834 cikeTunInOctets Counter32, 835 cikeTunInPkts Counter32, 836 cikeTunInDropPkts Counter32, 837 cikeTunInNotifys Counter32, 838 cikeTunInP2Exchgs Counter32, 839 cikeTunInP2ExchgInvalids Counter32, 840 cikeTunInP2ExchgRejects Counter32, 841 cikeTunInP2SaDelRequests Counter32, 842 cikeTunOutOctets Counter32, 843 cikeTunOutPkts Counter32, 844 cikeTunOutDropPkts Counter32, 845 cikeTunOutNotifys Counter32, 846 cikeTunOutP2Exchgs Counter32, 847 cikeTunOutP2ExchgInvalids Counter32, 848 cikeTunOutP2ExchgRejects Counter32, 849 cikeTunOutP2SaDelRequests Counter32, 850 cikeTunStatus TunnelStatus 851} 852 853cikeTunIndex OBJECT-TYPE 854 SYNTAX Integer32 (1..2147483647 ) 855 MAX-ACCESS not-accessible 856 STATUS current 857 DESCRIPTION 858 "The index of the IPsec Phase-1 IKE Tunnel Table. 859 The value of the index is a number which begins 860 at one and is incremented with each tunnel that 861 is created. The value of this object will 862 wrap at 2,147,483,647." 863 ::= { cikeTunnelEntry 1 } 864 865cikeTunLocalType OBJECT-TYPE 866 SYNTAX IkePeerType 867 MAX-ACCESS read-only 868 STATUS current 869 DESCRIPTION 870 "The type of local peer identity. The local 871 peer may be identified by: 872 1. an IP address, or 873 2. a host name." 874 ::= { cikeTunnelEntry 2 } 875 876cikeTunLocalValue OBJECT-TYPE 877 SYNTAX DisplayString 878 MAX-ACCESS read-only 879 STATUS current 880 DESCRIPTION 881 "The value of the local peer identity. 882 883 If the local peer type is an IP Address, then this 884 is the IP Address used to identify the local peer. 885 886 If the local peer type is a host name, then this is 887 the host name used to identify the local peer." 888 ::= { cikeTunnelEntry 3 } 889 890cikeTunLocalAddr OBJECT-TYPE 891 SYNTAX IPSIpAddress 892 MAX-ACCESS read-only 893 STATUS current 894 DESCRIPTION 895 "The IP address of the local endpoint for the IPsec 896 Phase-1 IKE Tunnel." 897 ::= { cikeTunnelEntry 4 } 898 899cikeTunLocalName OBJECT-TYPE 900 SYNTAX DisplayString 901 MAX-ACCESS read-only 902 STATUS current 903 DESCRIPTION 904 "The DNS name of the local IP address for 905 the IPsec Phase-1 IKE Tunnel. If the DNS 906 name associated with the local tunnel endpoint 907 is not known, then the value of this 908 object will be a NULL string." 909 ::= { cikeTunnelEntry 5 } 910 911cikeTunRemoteType OBJECT-TYPE 912 SYNTAX IkePeerType 913 MAX-ACCESS read-only 914 STATUS current 915 DESCRIPTION 916 "The type of remote peer identity. 917 The remote peer may be identified by: 918 1. an IP address, or 919 2. a host name." 920 ::= { cikeTunnelEntry 6 } 921 922cikeTunRemoteValue OBJECT-TYPE 923 SYNTAX DisplayString 924 MAX-ACCESS read-only 925 STATUS current 926 DESCRIPTION 927 "The value of the remote peer identity. 928 929 If the remote peer type is an IP Address, then this 930 is the IP Address used to identify the remote peer. 931 932 If the remote peer type is a host name, then 933 this is the host name used to identify the 934 remote peer." 935 ::= { cikeTunnelEntry 7 } 936 937cikeTunRemoteAddr OBJECT-TYPE 938 SYNTAX IPSIpAddress 939 MAX-ACCESS read-only 940 STATUS current 941 DESCRIPTION 942 "The IP address of the remote endpoint for the IPsec 943 Phase-1 IKE Tunnel." 944 ::= { cikeTunnelEntry 8 } 945 946cikeTunRemoteName OBJECT-TYPE 947 SYNTAX DisplayString 948 MAX-ACCESS read-only 949 STATUS current 950 DESCRIPTION 951 "The DNS name of the remote IP address of IPsec Phase-1 952 IKE Tunnel. If the DNS name associated with the remote 953 tunnel endpoint is not known, then the value of this 954 object will be a NULL string." 955 ::= { cikeTunnelEntry 9 } 956 957cikeTunNegoMode OBJECT-TYPE 958 SYNTAX IkeNegoMode 959 MAX-ACCESS read-only 960 STATUS current 961 DESCRIPTION 962 "The negotiation mode of the IPsec Phase-1 IKE Tunnel." 963 ::= { cikeTunnelEntry 10 } 964 965cikeTunDiffHellmanGrp OBJECT-TYPE 966 SYNTAX DiffHellmanGrp 967 MAX-ACCESS read-only 968 STATUS current 969 DESCRIPTION 970 "The Diffie Hellman Group used in IPsec Phase-1 IKE 971 negotiations." 972 ::= { cikeTunnelEntry 11 } 973 974cikeTunEncryptAlgo OBJECT-TYPE 975 SYNTAX EncryptAlgo 976 MAX-ACCESS read-only 977 STATUS current 978 DESCRIPTION 979 "The encryption algorithm used in IPsec Phase-1 IKE 980 negotiations." 981 ::= { cikeTunnelEntry 12 } 982 983cikeTunHashAlgo OBJECT-TYPE 984 SYNTAX IkeHashAlgo 985 MAX-ACCESS read-only 986 STATUS current 987 DESCRIPTION 988 "The hash algorithm used in IPsec Phase-1 IKE 989 negotiations." 990 ::= { cikeTunnelEntry 13 } 991 992cikeTunAuthMethod OBJECT-TYPE 993 SYNTAX IkeAuthMethod 994 MAX-ACCESS read-only 995 STATUS current 996 DESCRIPTION 997 "The authentication method used in IPsec Phase-1 IKE 998 negotiations." 999 ::= { cikeTunnelEntry 14 } 1000 1001cikeTunLifeTime OBJECT-TYPE 1002 SYNTAX Integer32 (1..2147483647 ) 1003 UNITS "seconds" 1004 MAX-ACCESS read-only 1005 STATUS current 1006 DESCRIPTION 1007 "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel 1008 in seconds." 1009 ::= { cikeTunnelEntry 15 } 1010 1011cikeTunActiveTime OBJECT-TYPE 1012 SYNTAX TimeInterval 1013 MAX-ACCESS read-only 1014 STATUS current 1015 DESCRIPTION 1016 "The length of time the IPsec Phase-1 IKE tunnel has been 1017 active in hundredths of seconds." 1018 ::= { cikeTunnelEntry 16 } 1019 1020cikeTunSaRefreshThreshold OBJECT-TYPE 1021 SYNTAX Integer32 (1..2147483647 ) 1022 UNITS "seconds" 1023 MAX-ACCESS read-only 1024 STATUS current 1025 DESCRIPTION 1026 "The security association refresh threshold in seconds." 1027 ::= { cikeTunnelEntry 17 } 1028 1029cikeTunTotalRefreshes OBJECT-TYPE 1030 SYNTAX Counter32 1031 UNITS "QM Exchanges" 1032 MAX-ACCESS read-only 1033 STATUS current 1034 DESCRIPTION 1035 "The total number of security associations 1036 refreshes performed." 1037 ::= { cikeTunnelEntry 18 } 1038 1039cikeTunInOctets OBJECT-TYPE 1040 SYNTAX Counter32 1041 UNITS "Octets" 1042 MAX-ACCESS read-only 1043 STATUS current 1044 DESCRIPTION 1045 "The total number of octets received by 1046 this IPsec Phase-1 IKE Tunnel." 1047 ::= { cikeTunnelEntry 19 } 1048 1049cikeTunInPkts OBJECT-TYPE 1050 SYNTAX Counter32 1051 UNITS "Packets" 1052 MAX-ACCESS read-only 1053 STATUS current 1054 DESCRIPTION 1055 "The total number of packets received by 1056 this IPsec Phase-1 IKE Tunnel." 1057 ::= { cikeTunnelEntry 20 } 1058 1059cikeTunInDropPkts OBJECT-TYPE 1060 SYNTAX Counter32 1061 UNITS "Packets" 1062 MAX-ACCESS read-only 1063 STATUS current 1064 DESCRIPTION 1065 "The total number of packets dropped 1066 by this IPsec Phase-1 IKE Tunnel during 1067 receive processing." 1068 ::= { cikeTunnelEntry 21 } 1069 1070cikeTunInNotifys OBJECT-TYPE 1071 SYNTAX Counter32 1072 UNITS "Notification Payloads" 1073 MAX-ACCESS read-only 1074 STATUS current 1075 DESCRIPTION 1076 "The total number of notifys received by 1077 this IPsec Phase-1 IKE Tunnel." 1078 ::= { cikeTunnelEntry 22 } 1079 1080cikeTunInP2Exchgs OBJECT-TYPE 1081 SYNTAX Counter32 1082 UNITS "SA Payloads" 1083 MAX-ACCESS read-only 1084 STATUS current 1085 DESCRIPTION 1086 "The total number of IPsec Phase-2 1087 exchanges received by 1088 this IPsec Phase-1 IKE Tunnel." 1089 ::= { cikeTunnelEntry 23 } 1090 1091cikeTunInP2ExchgInvalids OBJECT-TYPE 1092 SYNTAX Counter32 1093 UNITS "SA Payloads" 1094 MAX-ACCESS read-only 1095 STATUS current 1096 DESCRIPTION 1097 "The total number of IPsec Phase-2 1098 exchanges received and found to be invalid 1099 by this IPsec Phase-1 IKE Tunnel." 1100 ::= { cikeTunnelEntry 24 } 1101 1102cikeTunInP2ExchgRejects OBJECT-TYPE 1103 SYNTAX Counter32 1104 UNITS "SA Payloads" 1105 MAX-ACCESS read-only 1106 STATUS current 1107 DESCRIPTION 1108 "The total number of IPsec Phase-2 exchanges 1109 received and rejected by this IPsec Phase-1 1110 Tunnel." 1111 ::= { cikeTunnelEntry 25 } 1112 1113cikeTunInP2SaDelRequests OBJECT-TYPE 1114 SYNTAX Counter32 1115 UNITS "Notification Payloads" 1116 MAX-ACCESS read-only 1117 STATUS current 1118 DESCRIPTION 1119 "The total number of IPsec Phase-2 1120 security association delete requests received 1121 by this IPsec Phase-1 IKE Tunnel." 1122 ::= { cikeTunnelEntry 26 } 1123 1124cikeTunOutOctets OBJECT-TYPE 1125 SYNTAX Counter32 1126 UNITS "Octets" 1127 MAX-ACCESS read-only 1128 STATUS current 1129 DESCRIPTION 1130 "The total number of octets sent by this IPsec Phase-1 1131 IKE Tunnel." 1132 ::= { cikeTunnelEntry 27 } 1133 1134cikeTunOutPkts OBJECT-TYPE 1135 SYNTAX Counter32 1136 UNITS "Packets" 1137 MAX-ACCESS read-only 1138 STATUS current 1139 DESCRIPTION 1140 "The total number of packets sent by this IPsec Phase-1 1141 IKE Tunnel." 1142 ::= { cikeTunnelEntry 28 } 1143 1144cikeTunOutDropPkts OBJECT-TYPE 1145 SYNTAX Counter32 1146 UNITS "Packets" 1147 MAX-ACCESS read-only 1148 STATUS current 1149 DESCRIPTION 1150 "The total number of packets dropped by this 1151 IPsec Phase-1 IKE Tunnel during send processing." 1152 ::= { cikeTunnelEntry 29 } 1153 1154cikeTunOutNotifys OBJECT-TYPE 1155 SYNTAX Counter32 1156 UNITS "Notification Payloads" 1157 MAX-ACCESS read-only 1158 STATUS current 1159 DESCRIPTION 1160 "The total number of notifys sent by this 1161 IPsec Phase-1 Tunnel." 1162 ::= { cikeTunnelEntry 30 } 1163 1164cikeTunOutP2Exchgs OBJECT-TYPE 1165 SYNTAX Counter32 1166 UNITS "SA Payloads" 1167 MAX-ACCESS read-only 1168 STATUS current 1169 DESCRIPTION 1170 "The total number of IPsec Phase-2 exchanges sent by 1171 this IPsec Phase-1 IKE Tunnel." 1172 ::= { cikeTunnelEntry 31 } 1173 1174cikeTunOutP2ExchgInvalids OBJECT-TYPE 1175 SYNTAX Counter32 1176 UNITS "SA Payloads" 1177 MAX-ACCESS read-only 1178 STATUS current 1179 DESCRIPTION 1180 "The total number of IPsec Phase-2 exchanges sent and 1181 found to be invalid by this IPsec Phase-1 IKE Tunnel." 1182 ::= { cikeTunnelEntry 32 } 1183 1184cikeTunOutP2ExchgRejects OBJECT-TYPE 1185 SYNTAX Counter32 1186 UNITS "SA Payloads" 1187 MAX-ACCESS read-only 1188 STATUS current 1189 DESCRIPTION 1190 "The total number of IPsec Phase-2 exchanges sent and 1191 rejected by this IPsec Phase-1 IKE Tunnel." 1192 ::= { cikeTunnelEntry 33 } 1193 1194cikeTunOutP2SaDelRequests OBJECT-TYPE 1195 SYNTAX Counter32 1196 UNITS "Notification Payloads" 1197 MAX-ACCESS read-only 1198 STATUS current 1199 DESCRIPTION 1200 "The total number of IPsec Phase-2 security association 1201 delete requests sent by this IPsec Phase-1 IKE Tunnel." 1202 ::= { cikeTunnelEntry 34 } 1203 1204cikeTunStatus OBJECT-TYPE 1205 SYNTAX TunnelStatus 1206 MAX-ACCESS read-write 1207 STATUS current 1208 DESCRIPTION 1209 "The status of the MIB table row. 1210 1211 This object can be used to bring the tunnel down 1212 by setting value of this object to destroy(2). 1213 1214 This object cannot be used to create 1215 a MIB table row." 1216 ::= { cikeTunnelEntry 35 } 1217 1218 1219-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1220-- The Internet Key Exchange Peer Association to 1221-- Phase-2 Tunnel Correlation Table 1222-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1223 1224cikePeerCorrTable OBJECT-TYPE 1225 SYNTAX SEQUENCE OF CikePeerCorrEntry 1226 MAX-ACCESS not-accessible 1227 STATUS current 1228 DESCRIPTION 1229 "The IPsec Phase-1 Internet Key Exchange Peer 1230 Association to IPsec Phase-2 Tunnel 1231 Correlation Table. There is one entry in 1232 this table for each active IPsec Phase-2 1233 Tunnel." 1234 ::= { cipSecPhaseOne 4 } 1235 1236cikePeerCorrEntry OBJECT-TYPE 1237 SYNTAX CikePeerCorrEntry 1238 MAX-ACCESS not-accessible 1239 STATUS current 1240 DESCRIPTION 1241 "Each entry contains the attributes of an 1242 IPsec Phase-1 IKE Peer Association to IPsec 1243 Phase-2 Tunnel Correlation." 1244 INDEX { 1245 cikePeerCorrLocalType, 1246 cikePeerCorrLocalValue, 1247 cikePeerCorrRemoteType, 1248 cikePeerCorrRemoteValue, 1249 cikePeerCorrIntIndex, 1250 cikePeerCorrSeqNum 1251 } 1252 ::= { cikePeerCorrTable 1 } 1253 1254CikePeerCorrEntry ::= SEQUENCE { 1255 cikePeerCorrLocalType IkePeerType, 1256 cikePeerCorrLocalValue DisplayString, 1257 cikePeerCorrRemoteType IkePeerType, 1258 cikePeerCorrRemoteValue DisplayString, 1259 cikePeerCorrIntIndex Integer32, 1260 cikePeerCorrSeqNum Integer32, 1261 cikePeerCorrIpSecTunIndex Integer32 1262} 1263 1264cikePeerCorrLocalType OBJECT-TYPE 1265 SYNTAX IkePeerType 1266 MAX-ACCESS not-accessible 1267 STATUS current 1268 DESCRIPTION 1269 "The type of local peer identity. The local peer 1270 may be identified by: 1271 1. an IP address, or 1272 2. a host name." 1273 ::= { cikePeerCorrEntry 1 } 1274 1275cikePeerCorrLocalValue OBJECT-TYPE 1276 SYNTAX DisplayString 1277 MAX-ACCESS not-accessible 1278 STATUS current 1279 DESCRIPTION 1280 "The value of the local peer identity. 1281 1282 If the local peer type is an IP Address, then this 1283 is the IP Address used to identify the local peer. 1284 1285 If the local peer type is a host name, then this is 1286 the host name used to identify the local peer." 1287 ::= { cikePeerCorrEntry 2 } 1288 1289cikePeerCorrRemoteType OBJECT-TYPE 1290 SYNTAX IkePeerType 1291 MAX-ACCESS not-accessible 1292 STATUS current 1293 DESCRIPTION 1294 "The type of remote peer identity. The remote peer 1295 may be identified by: 1296 1. an IP address, or 1297 2. a host name." 1298 ::= { cikePeerCorrEntry 3 } 1299 1300cikePeerCorrRemoteValue OBJECT-TYPE 1301 SYNTAX DisplayString 1302 MAX-ACCESS not-accessible 1303 STATUS current 1304 DESCRIPTION 1305 "The value of the remote peer identity. 1306 1307 If the remote peer type is an IP Address, then this 1308 is the IP Address used to identify the remote peer. 1309 1310 If the remote peer type is a host name, then this is 1311 the host name used to identify the remote peer." 1312 ::= { cikePeerCorrEntry 4 } 1313 1314cikePeerCorrIntIndex OBJECT-TYPE 1315 SYNTAX Integer32 (1..2147483647 ) 1316 MAX-ACCESS not-accessible 1317 STATUS current 1318 DESCRIPTION 1319 "The internal index of the local-remote 1320 peer association. This internal index is 1321 used to uniquely identify multiple associations 1322 between the local and remote peer." 1323 ::= { cikePeerCorrEntry 5 } 1324 1325cikePeerCorrSeqNum OBJECT-TYPE 1326 SYNTAX Integer32 (1..2147483647 ) 1327 MAX-ACCESS not-accessible 1328 STATUS current 1329 DESCRIPTION 1330 "The sequence number of the local-remote 1331 peer association. This sequence number is 1332 used to uniquely identify multiple instances 1333 of an unique association between 1334 the local and remote peer." 1335 ::= { cikePeerCorrEntry 6 } 1336 1337cikePeerCorrIpSecTunIndex OBJECT-TYPE 1338 SYNTAX Integer32 (1..2147483647 ) 1339 MAX-ACCESS read-only 1340 STATUS current 1341 DESCRIPTION 1342 "The index of the active IPsec Phase-2 Tunnel 1343 (cipSecTunIndex in the cipSecTunnelTable) for this 1344 IPsec Phase-1 IKE Peer Association." 1345 ::= { cikePeerCorrEntry 7 } 1346 1347 1348-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1349-- 1350-- cikePhase1GWStatsTable 1351-- 1352-- Gateway Phase-1 IKE stats information 1353-- 1354-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1355 1356cikePhase1GWStatsTable OBJECT-TYPE 1357 SYNTAX SEQUENCE OF CikePhase1GWStatsEntry 1358 MAX-ACCESS not-accessible 1359 STATUS current 1360 DESCRIPTION 1361 "Phase-1 IKE stats information is included in this table. 1362 Each entry is related to a specific gateway which is 1363 identified by 'cmgwIndex'." 1364 ::= { cipSecPhaseOne 5 } 1365 1366cikePhase1GWStatsEntry OBJECT-TYPE 1367 SYNTAX CikePhase1GWStatsEntry 1368 MAX-ACCESS not-accessible 1369 STATUS current 1370 DESCRIPTION 1371 "Each entry contains the attributes of an Phase-1 IKE stats 1372 information for the related gateway. 1373 1374 There is only one entry for each gateway. The entry 1375 is created when a gateway up and cannot be deleted." 1376 INDEX { cmgwIndex } 1377 ::= { cikePhase1GWStatsTable 1 } 1378 1379CikePhase1GWStatsEntry ::= SEQUENCE { 1380 cikePhase1GWActiveTunnels Gauge32, 1381 cikePhase1GWPreviousTunnels Counter32, 1382 cikePhase1GWInOctets Counter32, 1383 cikePhase1GWInPkts Counter32, 1384 cikePhase1GWInDropPkts Counter32, 1385 cikePhase1GWInNotifys Counter32, 1386 cikePhase1GWInP2Exchgs Counter32, 1387 cikePhase1GWInP2ExchgInvalids Counter32, 1388 cikePhase1GWInP2ExchgRejects Counter32, 1389 cikePhase1GWInP2SaDelRequests Counter32, 1390 cikePhase1GWOutOctets Counter32, 1391 cikePhase1GWOutPkts Counter32, 1392 cikePhase1GWOutDropPkts Counter32, 1393 cikePhase1GWOutNotifys Counter32, 1394 cikePhase1GWOutP2Exchgs Counter32, 1395 cikePhase1GWOutP2ExchgInvalids Counter32, 1396 cikePhase1GWOutP2ExchgRejects Counter32, 1397 cikePhase1GWOutP2SaDelRequests Counter32, 1398 cikePhase1GWInitTunnels Counter32, 1399 cikePhase1GWInitTunnelFails Counter32, 1400 cikePhase1GWRespTunnelFails Counter32, 1401 cikePhase1GWSysCapFails Counter32, 1402 cikePhase1GWAuthFails Counter32, 1403 cikePhase1GWDecryptFails Counter32, 1404 cikePhase1GWHashValidFails Counter32, 1405 cikePhase1GWNoSaFails Counter32 1406} 1407 1408cikePhase1GWActiveTunnels OBJECT-TYPE 1409 SYNTAX Gauge32 1410 MAX-ACCESS read-only 1411 STATUS current 1412 DESCRIPTION 1413 "The number of currently active IPsec 1414 Phase-1 IKE Tunnels." 1415 ::= { cikePhase1GWStatsEntry 1 } 1416 1417cikePhase1GWPreviousTunnels OBJECT-TYPE 1418 SYNTAX Counter32 1419 UNITS "SAs" 1420 MAX-ACCESS read-only 1421 STATUS current 1422 DESCRIPTION 1423 "The total number of previously active 1424 IPsec Phase-1 IKE Tunnels." 1425 ::= { cikePhase1GWStatsEntry 2 } 1426 1427cikePhase1GWInOctets OBJECT-TYPE 1428 SYNTAX Counter32 1429 UNITS "Octets" 1430 MAX-ACCESS read-only 1431 STATUS current 1432 DESCRIPTION 1433 "The total number of octets received by all currently 1434 and previously active IPsec Phase-1 IKE Tunnels." 1435 ::= { cikePhase1GWStatsEntry 3 } 1436 1437cikePhase1GWInPkts OBJECT-TYPE 1438 SYNTAX Counter32 1439 UNITS "Packets" 1440 MAX-ACCESS read-only 1441 STATUS current 1442 DESCRIPTION 1443 "The total number of packets received by all 1444 currently and previously active IPsec 1445 Phase-1 IKE Tunnels." 1446 ::= { cikePhase1GWStatsEntry 4 } 1447 1448cikePhase1GWInDropPkts OBJECT-TYPE 1449 SYNTAX Counter32 1450 UNITS "Packets" 1451 MAX-ACCESS read-only 1452 STATUS current 1453 DESCRIPTION 1454 "The total number of packets which were 1455 dropped during receive processing by all 1456 currently and previously 1457 active IPsec Phase-1 IKE Tunnels." 1458 ::= { cikePhase1GWStatsEntry 5 } 1459 1460cikePhase1GWInNotifys OBJECT-TYPE 1461 SYNTAX Counter32 1462 UNITS "Notification Payloads" 1463 MAX-ACCESS read-only 1464 STATUS current 1465 DESCRIPTION 1466 "The total number of notifys received by 1467 all currently and previously active IPsec 1468 Phase-1 IKE Tunnels." 1469 ::= { cikePhase1GWStatsEntry 6 } 1470 1471cikePhase1GWInP2Exchgs OBJECT-TYPE 1472 SYNTAX Counter32 1473 UNITS "SA Payloads" 1474 MAX-ACCESS read-only 1475 STATUS current 1476 DESCRIPTION 1477 "The total number of IPsec Phase-2 exchanges 1478 received by all currently and previously 1479 active IPsec Phase-1 IKE Tunnels." 1480 ::= { cikePhase1GWStatsEntry 7 } 1481 1482cikePhase1GWInP2ExchgInvalids OBJECT-TYPE 1483 SYNTAX Counter32 1484 UNITS "SA Payloads" 1485 MAX-ACCESS read-only 1486 STATUS current 1487 DESCRIPTION 1488 "The total number of IPsec Phase-2 exchanges 1489 which were received and found to be invalid 1490 by all currently and previously active IPsec 1491 Phase-1 IKE Tunnels." 1492 ::= { cikePhase1GWStatsEntry 8 } 1493 1494cikePhase1GWInP2ExchgRejects OBJECT-TYPE 1495 SYNTAX Counter32 1496 UNITS "SA Payloads" 1497 MAX-ACCESS read-only 1498 STATUS current 1499 DESCRIPTION 1500 "The total number of IPsec Phase-2 exchanges 1501 which were received and rejected by all 1502 currently and previously active IPsec Phase-1 1503 IKE Tunnels." 1504 ::= { cikePhase1GWStatsEntry 9 } 1505 1506cikePhase1GWInP2SaDelRequests OBJECT-TYPE 1507 SYNTAX Counter32 1508 UNITS "Notification Payloads" 1509 MAX-ACCESS read-only 1510 STATUS current 1511 DESCRIPTION 1512 "The total number of IPsec Phase-2 'Security 1513 Association' delete requests received by all 1514 currently and previously active and IPsec 1515 Phase-1 IKE Tunnels." 1516 ::= { cikePhase1GWStatsEntry 10 } 1517 1518cikePhase1GWOutOctets OBJECT-TYPE 1519 SYNTAX Counter32 1520 UNITS "Octets" 1521 MAX-ACCESS read-only 1522 STATUS current 1523 DESCRIPTION 1524 "The total number of octets sent by all currently 1525 and previously active and IPsec Phase-1 1526 IKE Tunnels." 1527 ::= { cikePhase1GWStatsEntry 11 } 1528 1529cikePhase1GWOutPkts OBJECT-TYPE 1530 SYNTAX Counter32 1531 UNITS "Packets" 1532 MAX-ACCESS read-only 1533 STATUS current 1534 DESCRIPTION 1535 "The total number of packets sent by all currently 1536 and previously active and IPsec Phase-1 1537 Tunnels." 1538 ::= { cikePhase1GWStatsEntry 12 } 1539 1540cikePhase1GWOutDropPkts OBJECT-TYPE 1541 SYNTAX Counter32 1542 UNITS "Packets" 1543 MAX-ACCESS read-only 1544 STATUS current 1545 DESCRIPTION 1546 "The total number of packets which were dropped 1547 during send processing by all currently 1548 and previously 1549 active IPsec Phase-1 IKE Tunnels." 1550 ::= { cikePhase1GWStatsEntry 13 } 1551 1552cikePhase1GWOutNotifys OBJECT-TYPE 1553 SYNTAX Counter32 1554 UNITS "Notification Payloads" 1555 MAX-ACCESS read-only 1556 STATUS current 1557 DESCRIPTION 1558 "The total number of notifys sent by all currently 1559 and previously active IPsec Phase-1 IKE Tunnels." 1560 ::= { cikePhase1GWStatsEntry 14 } 1561 1562cikePhase1GWOutP2Exchgs OBJECT-TYPE 1563 SYNTAX Counter32 1564 UNITS "SA Payloads" 1565 MAX-ACCESS read-only 1566 STATUS current 1567 DESCRIPTION 1568 "The total number of IPsec Phase-2 exchanges 1569 which were sent by all currently and previously 1570 active IPsec Phase-1 IKE Tunnels." 1571 ::= { cikePhase1GWStatsEntry 15 } 1572 1573cikePhase1GWOutP2ExchgInvalids OBJECT-TYPE 1574 SYNTAX Counter32 1575 UNITS "SA Payloads" 1576 MAX-ACCESS read-only 1577 STATUS current 1578 DESCRIPTION 1579 "The total number of IPsec Phase-2 exchanges 1580 which were sent and found to be invalid by 1581 all currently and previously active IPsec Phase-1 1582 Tunnels." 1583 ::= { cikePhase1GWStatsEntry 16 } 1584 1585cikePhase1GWOutP2ExchgRejects OBJECT-TYPE 1586 SYNTAX Counter32 1587 UNITS "SA Payloads" 1588 MAX-ACCESS read-only 1589 STATUS current 1590 DESCRIPTION 1591 "The total number of IPsec Phase-2 exchanges 1592 which were sent and rejected by all currently and 1593 previously active IPsec Phase-1 IKE Tunnels." 1594 ::= { cikePhase1GWStatsEntry 17 } 1595 1596cikePhase1GWOutP2SaDelRequests OBJECT-TYPE 1597 SYNTAX Counter32 1598 UNITS "Notification Payloads" 1599 MAX-ACCESS read-only 1600 STATUS current 1601 DESCRIPTION 1602 "The total number of IPsec Phase-2 SA 1603 delete requests sent by all currently and 1604 previously active IPsec Phase-1 IKE Tunnels." 1605 ::= { cikePhase1GWStatsEntry 18 } 1606 1607cikePhase1GWInitTunnels OBJECT-TYPE 1608 SYNTAX Counter32 1609 UNITS "SAs" 1610 MAX-ACCESS read-only 1611 STATUS current 1612 DESCRIPTION 1613 "The total number of IPsec Phase-1 IKE 1614 Tunnels which were locally initiated." 1615 ::= { cikePhase1GWStatsEntry 19 } 1616 1617cikePhase1GWInitTunnelFails OBJECT-TYPE 1618 SYNTAX Counter32 1619 UNITS "SAs" 1620 MAX-ACCESS read-only 1621 STATUS current 1622 DESCRIPTION 1623 "The total number of IPsec Phase-1 IKE Tunnels 1624 which were locally initiated and failed to activate." 1625 ::= { cikePhase1GWStatsEntry 20 } 1626 1627cikePhase1GWRespTunnelFails OBJECT-TYPE 1628 SYNTAX Counter32 1629 UNITS "SAs" 1630 MAX-ACCESS read-only 1631 STATUS current 1632 DESCRIPTION 1633 "The total number of IPsec Phase-1 IKE Tunnels 1634 which were remotely initiated and failed to activate." 1635 ::= { cikePhase1GWStatsEntry 21 } 1636 1637cikePhase1GWSysCapFails OBJECT-TYPE 1638 SYNTAX Counter32 1639 UNITS "Failures" 1640 MAX-ACCESS read-only 1641 STATUS current 1642 DESCRIPTION 1643 "The total number of system capacity failures 1644 which occurred during processing of all current 1645 and previously active IPsec Phase-1 IKE Tunnels." 1646 ::= { cikePhase1GWStatsEntry 22 } 1647 1648cikePhase1GWAuthFails OBJECT-TYPE 1649 SYNTAX Counter32 1650 UNITS "Failures" 1651 MAX-ACCESS read-only 1652 STATUS current 1653 DESCRIPTION 1654 "The total number of authentications which ended 1655 in failure by all current and previous IPsec Phase-1 1656 IKE Tunnels." 1657 ::= { cikePhase1GWStatsEntry 23 } 1658 1659cikePhase1GWDecryptFails OBJECT-TYPE 1660 SYNTAX Counter32 1661 UNITS "Failures" 1662 MAX-ACCESS read-only 1663 STATUS current 1664 DESCRIPTION 1665 "The total number of decryptions which ended 1666 in failure by all current and previous IPsec Phase-1 1667 IKE Tunnels." 1668 ::= { cikePhase1GWStatsEntry 24 } 1669 1670cikePhase1GWHashValidFails OBJECT-TYPE 1671 SYNTAX Counter32 1672 UNITS "Failures" 1673 MAX-ACCESS read-only 1674 STATUS current 1675 DESCRIPTION 1676 "The total number of hash validations which ended 1677 in failure by all current and previous IPsec Phase-1 1678 IKE Tunnels." 1679 ::= { cikePhase1GWStatsEntry 25 } 1680 1681cikePhase1GWNoSaFails OBJECT-TYPE 1682 SYNTAX Counter32 1683 UNITS "Failures" 1684 MAX-ACCESS read-only 1685 STATUS current 1686 DESCRIPTION 1687 "The total number of non-existent 'Security Association' 1688 failures occurred during processing of current and 1689 previous IPsec Phase-1 IKE Tunnels." 1690 ::= { cikePhase1GWStatsEntry 26 } 1691 1692 1693-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1694-- IPsec Phase-2 Group 1695-- 1696-- This group consists of: 1697-- 1) IPsec Phase-2 Global Statistics 1698-- 2) IPsec Phase-2 Tunnel Table 1699-- 3) IPsec Phase-2 Endpoint Table 1700-- 4) IPsec Phase-2 Security Protection Index Table 1701-- 4) IPsec Phase-2 Security Protection Index Objects 1702-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1703-- 1704-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1705-- The IPsec Phase-2 Global Tunnel Statistics 1706-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1707 1708cipSecGlobalStats OBJECT IDENTIFIER 1709 ::= { cipSecPhaseTwo 1 } 1710 1711 1712cipSecGlobalActiveTunnels OBJECT-TYPE 1713 SYNTAX Gauge32 1714 MAX-ACCESS read-only 1715 STATUS current 1716 DESCRIPTION 1717 "The total number of currently active 1718 IPsec Phase-2 Tunnels." 1719 ::= { cipSecGlobalStats 1 } 1720 1721cipSecGlobalPreviousTunnels OBJECT-TYPE 1722 SYNTAX Counter32 1723 UNITS "Phase-2 Tunnels" 1724 MAX-ACCESS read-only 1725 STATUS current 1726 DESCRIPTION 1727 "The total number of previously active 1728 IPsec Phase-2 Tunnels." 1729 ::= { cipSecGlobalStats 2 } 1730 1731cipSecGlobalInOctets OBJECT-TYPE 1732 SYNTAX Counter32 1733 UNITS "Octets" 1734 MAX-ACCESS read-only 1735 STATUS current 1736 DESCRIPTION 1737 "The total number of octets received by all 1738 current and previous IPsec Phase-2 Tunnels. 1739 This value is 1740 accumulated BEFORE determining whether or not 1741 the packet should be decompressed. See also 1742 cipSecGlobalInOctWraps for the number of times 1743 this counter has wrapped." 1744 ::= { cipSecGlobalStats 3 } 1745 1746cipSecGlobalHcInOctets OBJECT-TYPE 1747 SYNTAX Counter64 1748 MAX-ACCESS read-only 1749 STATUS current 1750 DESCRIPTION 1751 "A high capacity count of the total number of 1752 octets received by all current and previous 1753 IPsec Phase-2 Tunnels. This value is accumulated 1754 BEFORE determining whether or not the packet 1755 should be decompressed." 1756 ::= { cipSecGlobalStats 4 } 1757 1758cipSecGlobalInOctWraps OBJECT-TYPE 1759 SYNTAX Counter32 1760 UNITS "Integral units" 1761 MAX-ACCESS read-only 1762 STATUS current 1763 DESCRIPTION 1764 "The number of times the global octets received 1765 counter (cipSecGlobalInOctets) has wrapped." 1766 ::= { cipSecGlobalStats 5 } 1767 1768cipSecGlobalInDecompOctets OBJECT-TYPE 1769 SYNTAX Counter32 1770 UNITS "Octets" 1771 MAX-ACCESS read-only 1772 STATUS current 1773 DESCRIPTION 1774 "The total number of decompressed octets received 1775 by all current and previous IPsec Phase-2 Tunnels. 1776 This value is accumulated AFTER the packet is 1777 decompressed. If compression is not being used, 1778 this value will match the value of cipSecGlobalInOctets. 1779 See also cipSecGlobalInDecompOctWraps 1780 for the number of times this counter has wrapped." 1781 ::= { cipSecGlobalStats 6 } 1782 1783cipSecGlobalHcInDecompOctets OBJECT-TYPE 1784 SYNTAX Counter64 1785 MAX-ACCESS read-only 1786 STATUS current 1787 DESCRIPTION 1788 "A high capacity count of the total number 1789 of decompressed octets received by all current 1790 and previous IPsec Phase-2 Tunnels. This value 1791 is accumulated AFTER the packet is decompressed. 1792 If compression is not being used, this value 1793 will match the value of cipSecGlobalHcInOctets." 1794 ::= { cipSecGlobalStats 7 } 1795 1796cipSecGlobalInDecompOctWraps OBJECT-TYPE 1797 SYNTAX Counter32 1798 UNITS "Integral units" 1799 MAX-ACCESS read-only 1800 STATUS current 1801 DESCRIPTION 1802 "The number of times the global decompressed 1803 octets received counter 1804 (cipSecGlobalInDecompOctets) has wrapped." 1805 ::= { cipSecGlobalStats 8 } 1806 1807cipSecGlobalInPkts OBJECT-TYPE 1808 SYNTAX Counter32 1809 UNITS "Packets" 1810 MAX-ACCESS read-only 1811 STATUS current 1812 DESCRIPTION 1813 "The total number of packets received 1814 by all current and previous 1815 IPsec Phase-2 Tunnels." 1816 ::= { cipSecGlobalStats 9 } 1817 1818cipSecGlobalInDrops OBJECT-TYPE 1819 SYNTAX Counter32 1820 UNITS "Packets" 1821 MAX-ACCESS read-only 1822 STATUS current 1823 DESCRIPTION 1824 "The total number of packets dropped 1825 during receive processing by all current and previous 1826 IPsec Phase-2 Tunnels. This count does 1827 NOT include packets dropped due to 1828 Anti-Replay processing." 1829 ::= { cipSecGlobalStats 10 } 1830 1831cipSecGlobalInReplayDrops OBJECT-TYPE 1832 SYNTAX Counter32 1833 UNITS "Packets" 1834 MAX-ACCESS read-only 1835 STATUS current 1836 DESCRIPTION 1837 "The total number of packets dropped during 1838 receive processing due to Anti-Replay 1839 processing by all current and previous IPsec 1840 Phase-2 Tunnels." 1841 ::= { cipSecGlobalStats 11 } 1842 1843cipSecGlobalInAuths OBJECT-TYPE 1844 SYNTAX Counter32 1845 UNITS "Events" 1846 MAX-ACCESS read-only 1847 STATUS current 1848 DESCRIPTION 1849 "The total number of inbound authentication's 1850 performed by all current and previous IPsec 1851 Phase-2 Tunnels." 1852 ::= { cipSecGlobalStats 12 } 1853 1854cipSecGlobalInAuthFails OBJECT-TYPE 1855 SYNTAX Counter32 1856 UNITS "Failures" 1857 MAX-ACCESS read-only 1858 STATUS current 1859 DESCRIPTION 1860 "The total number of inbound authentication's 1861 which ended in failure by all current and previous 1862 IPsec Phase-2 Tunnels." 1863 ::= { cipSecGlobalStats 13 } 1864 1865cipSecGlobalInDecrypts OBJECT-TYPE 1866 SYNTAX Counter32 1867 UNITS "Packets" 1868 MAX-ACCESS read-only 1869 STATUS current 1870 DESCRIPTION 1871 "The total number of inbound decryption's 1872 performed by all current and previous IPsec 1873 Phase-2 Tunnels." 1874 ::= { cipSecGlobalStats 14 } 1875 1876cipSecGlobalInDecryptFails OBJECT-TYPE 1877 SYNTAX Counter32 1878 UNITS "Packets" 1879 MAX-ACCESS read-only 1880 STATUS current 1881 DESCRIPTION 1882 "The total number of inbound decryption's 1883 which ended in failure by all current and 1884 previous IPsec Phase-2 Tunnels." 1885 ::= { cipSecGlobalStats 15 } 1886 1887cipSecGlobalOutOctets OBJECT-TYPE 1888 SYNTAX Counter32 1889 UNITS "Octets" 1890 MAX-ACCESS read-only 1891 STATUS current 1892 DESCRIPTION 1893 "The total number of octets sent by all 1894 current and previous IPsec Phase-2 Tunnels. 1895 This value is accumulated AFTER determining 1896 whether or not the packet should be compressed. 1897 See also cipSecGlobalOutOctWraps for the 1898 number of times this counter has wrapped." 1899 ::= { cipSecGlobalStats 16 } 1900 1901cipSecGlobalHcOutOctets OBJECT-TYPE 1902 SYNTAX Counter64 1903 MAX-ACCESS read-only 1904 STATUS current 1905 DESCRIPTION 1906 "A high capacity count of the total number 1907 of octets sent by all current and previous 1908 IPsec Phase-2 Tunnels. This value is accumulated 1909 AFTER determining whether or not the packet should 1910 be compressed." 1911 ::= { cipSecGlobalStats 17 } 1912 1913cipSecGlobalOutOctWraps OBJECT-TYPE 1914 SYNTAX Counter32 1915 UNITS "Integral units" 1916 MAX-ACCESS read-only 1917 STATUS current 1918 DESCRIPTION 1919 "The number of times the global octets sent counter 1920 (cipSecGlobalOutOctets) has wrapped." 1921 ::= { cipSecGlobalStats 18 } 1922 1923cipSecGlobalOutUncompOctets OBJECT-TYPE 1924 SYNTAX Counter32 1925 UNITS "Octets" 1926 MAX-ACCESS read-only 1927 STATUS current 1928 DESCRIPTION 1929 "The total number of uncompressed octets sent 1930 by all current and previous IPsec Phase-2 Tunnels. 1931 This value is accumulated BEFORE the packet is 1932 compressed. If compression is not being used, this 1933 value will match the value of cipSecGlobalOutOctets. 1934 See also cipSecGlobalOutDecompOctWraps for the number 1935 of times this counter has wrapped." 1936 ::= { cipSecGlobalStats 19 } 1937 1938cipSecGlobalHcOutUncompOctets OBJECT-TYPE 1939 SYNTAX Counter64 1940 UNITS "Octets" 1941 MAX-ACCESS read-only 1942 STATUS current 1943 DESCRIPTION 1944 "A high capacity count of the total number of 1945 uncompressed octets sent by all current and previous 1946 IPsec Phase-2 Tunnels. This value is accumulated 1947 BEFORE the packet is compressed. If compression is 1948 not being used, this value will match the 1949 value of cipSecGlobalHcOutOctets." 1950 ::= { cipSecGlobalStats 20 } 1951 1952cipSecGlobalOutUncompOctWraps OBJECT-TYPE 1953 SYNTAX Counter32 1954 UNITS "Integral units" 1955 MAX-ACCESS read-only 1956 STATUS current 1957 DESCRIPTION 1958 "The number of times the global uncompressed 1959 octets sent counter (cipSecGlobalOutUncompOctets) 1960 has wrapped." 1961 ::= { cipSecGlobalStats 21 } 1962 1963cipSecGlobalOutPkts OBJECT-TYPE 1964 SYNTAX Counter32 1965 UNITS "Packets" 1966 MAX-ACCESS read-only 1967 STATUS current 1968 DESCRIPTION 1969 "The total number of packets sent by all 1970 current and previous 1971 IPsec Phase-2 Tunnels." 1972 ::= { cipSecGlobalStats 22 } 1973 1974cipSecGlobalOutDrops OBJECT-TYPE 1975 SYNTAX Counter32 1976 UNITS "Packets" 1977 MAX-ACCESS read-only 1978 STATUS current 1979 DESCRIPTION 1980 "The total number of packets dropped during send 1981 processing by all current and previous IPsec 1982 Phase-2 Tunnels." 1983 ::= { cipSecGlobalStats 23 } 1984 1985cipSecGlobalOutAuths OBJECT-TYPE 1986 SYNTAX Counter32 1987 UNITS "Events" 1988 MAX-ACCESS read-only 1989 STATUS current 1990 DESCRIPTION 1991 "The total number of outbound authentication's 1992 performed by all current and previous IPsec 1993 Phase-2 Tunnels." 1994 ::= { cipSecGlobalStats 24 } 1995 1996cipSecGlobalOutAuthFails OBJECT-TYPE 1997 SYNTAX Counter32 1998 UNITS "Failures" 1999 MAX-ACCESS read-only 2000 STATUS current 2001 DESCRIPTION 2002 "The total number of outbound authentication's 2003 which ended in failure 2004 by all current and previous IPsec Phase-2 Tunnels." 2005 ::= { cipSecGlobalStats 25 } 2006 2007cipSecGlobalOutEncrypts OBJECT-TYPE 2008 SYNTAX Counter32 2009 UNITS "Packets" 2010 MAX-ACCESS read-only 2011 STATUS current 2012 DESCRIPTION 2013 "The total number of outbound encryption's performed 2014 by all current and previous IPsec Phase-2 Tunnels." 2015 ::= { cipSecGlobalStats 26 } 2016 2017cipSecGlobalOutEncryptFails OBJECT-TYPE 2018 SYNTAX Counter32 2019 UNITS "Failures" 2020 MAX-ACCESS read-only 2021 STATUS current 2022 DESCRIPTION 2023 "The total number of outbound encryption's 2024 which ended in failure by all current and 2025 previous IPsec Phase-2 Tunnels." 2026 ::= { cipSecGlobalStats 27 } 2027 2028cipSecGlobalProtocolUseFails OBJECT-TYPE 2029 SYNTAX Counter32 2030 UNITS "Failures" 2031 MAX-ACCESS read-only 2032 STATUS current 2033 DESCRIPTION 2034 "The total number of protocol use failures 2035 which occurred during processing of all current 2036 and previously active IPsec Phase-2 Tunnels." 2037 ::= { cipSecGlobalStats 28 } 2038 2039cipSecGlobalNoSaFails OBJECT-TYPE 2040 SYNTAX Counter32 2041 UNITS "Failures" 2042 MAX-ACCESS read-only 2043 STATUS current 2044 DESCRIPTION 2045 "The total number of non-existent 2046 Security Association in failures which occurred 2047 during processing of all current 2048 and previous IPsec Phase-2 Tunnels." 2049 ::= { cipSecGlobalStats 29 } 2050 2051cipSecGlobalSysCapFails OBJECT-TYPE 2052 SYNTAX Counter32 2053 UNITS "Failures" 2054 MAX-ACCESS read-only 2055 STATUS current 2056 DESCRIPTION 2057 "The total number of system capacity failures 2058 which occurred during processing of all current 2059 and previously active IPsec Phase-2 Tunnels." 2060 ::= { cipSecGlobalStats 30 } 2061-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2062-- The IPsec Phase-2 Tunnel Table 2063-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2064 2065cipSecTunnelTable OBJECT-TYPE 2066 SYNTAX SEQUENCE OF CipSecTunnelEntry 2067 MAX-ACCESS not-accessible 2068 STATUS current 2069 DESCRIPTION 2070 "The IPsec Phase-2 Tunnel Table. 2071 There is one entry in this table for 2072 each active IPsec Phase-2 Tunnel." 2073 ::= { cipSecPhaseTwo 2 } 2074 2075cipSecTunnelEntry OBJECT-TYPE 2076 SYNTAX CipSecTunnelEntry 2077 MAX-ACCESS not-accessible 2078 STATUS current 2079 DESCRIPTION 2080 "Each entry contains the attributes 2081 associated with an active IPsec Phase-2 Tunnel." 2082 INDEX { cipSecTunIndex } 2083 ::= { cipSecTunnelTable 1 } 2084 2085CipSecTunnelEntry ::= SEQUENCE { 2086 cipSecTunIndex Integer32, 2087 cipSecTunIkeTunnelIndex Integer32, 2088 cipSecTunIkeTunnelAlive TruthValue, 2089 cipSecTunLocalAddr IPSIpAddress, 2090 cipSecTunRemoteAddr IPSIpAddress, 2091 cipSecTunKeyType KeyType, 2092 cipSecTunEncapMode EncapMode, 2093 cipSecTunLifeSize Integer32, 2094 cipSecTunLifeTime Integer32, 2095 cipSecTunActiveTime TimeInterval, 2096 cipSecTunSaLifeSizeThreshold Integer32, 2097 cipSecTunSaLifeTimeThreshold Integer32, 2098 cipSecTunTotalRefreshes Counter32, 2099 cipSecTunExpiredSaInstances Counter32, 2100 cipSecTunCurrentSaInstances Gauge32, 2101 cipSecTunInSaDiffHellmanGrp DiffHellmanGrp, 2102 cipSecTunInSaEncryptAlgo EncryptAlgo, 2103 cipSecTunInSaAhAuthAlgo AuthAlgo, 2104 cipSecTunInSaEspAuthAlgo AuthAlgo, 2105 cipSecTunInSaDecompAlgo CompAlgo, 2106 cipSecTunOutSaDiffHellmanGrp DiffHellmanGrp, 2107 cipSecTunOutSaEncryptAlgo EncryptAlgo, 2108 cipSecTunOutSaAhAuthAlgo AuthAlgo, 2109 cipSecTunOutSaEspAuthAlgo AuthAlgo, 2110 cipSecTunOutSaCompAlgo CompAlgo, 2111 cipSecTunInOctets Counter32, 2112 cipSecTunHcInOctets Counter64, 2113 cipSecTunInOctWraps Counter32, 2114 cipSecTunInDecompOctets Counter32, 2115 cipSecTunHcInDecompOctets Counter64, 2116 cipSecTunInDecompOctWraps Counter32, 2117 cipSecTunInPkts Counter32, 2118 cipSecTunInDropPkts Counter32, 2119 cipSecTunInReplayDropPkts Counter32, 2120 cipSecTunInAuths Counter32, 2121 cipSecTunInAuthFails Counter32, 2122 cipSecTunInDecrypts Counter32, 2123 cipSecTunInDecryptFails Counter32, 2124 cipSecTunOutOctets Counter32, 2125 cipSecTunHcOutOctets Counter64, 2126 cipSecTunOutOctWraps Counter32, 2127 cipSecTunOutUncompOctets Counter32, 2128 cipSecTunHcOutUncompOctets Counter64, 2129 cipSecTunOutUncompOctWraps Counter32, 2130 cipSecTunOutPkts Counter32, 2131 cipSecTunOutDropPkts Counter32, 2132 cipSecTunOutAuths Counter32, 2133 cipSecTunOutAuthFails Counter32, 2134 cipSecTunOutEncrypts Counter32, 2135 cipSecTunOutEncryptFails Counter32, 2136 cipSecTunStatus TunnelStatus 2137} 2138 2139cipSecTunIndex OBJECT-TYPE 2140 SYNTAX Integer32 (1..2147483647 ) 2141 MAX-ACCESS not-accessible 2142 STATUS current 2143 DESCRIPTION 2144 "The index of the IPsec Phase-2 Tunnel Table. 2145 The value of the index is a number which begins 2146 at one and is incremented with each tunnel that 2147 is created. The value of this object will wrap 2148 at 2,147,483,647." 2149 ::= { cipSecTunnelEntry 1 } 2150 2151cipSecTunIkeTunnelIndex OBJECT-TYPE 2152 SYNTAX Integer32 (1..2147483647 ) 2153 MAX-ACCESS read-only 2154 STATUS current 2155 DESCRIPTION 2156 "The index of the associated IPsec Phase-1 2157 IKE Tunnel. 2158 (cikeTunIndex in the cikeTunnelTable)" 2159 ::= { cipSecTunnelEntry 2 } 2160 2161cipSecTunIkeTunnelAlive OBJECT-TYPE 2162 SYNTAX TruthValue 2163 MAX-ACCESS read-only 2164 STATUS current 2165 DESCRIPTION 2166 "An indicator which specifies whether or not the 2167 IPsec Phase-1 IKE Tunnel currently exists." 2168 ::= { cipSecTunnelEntry 3 } 2169 2170cipSecTunLocalAddr OBJECT-TYPE 2171 SYNTAX IPSIpAddress 2172 MAX-ACCESS read-only 2173 STATUS current 2174 DESCRIPTION 2175 "The IP address of the local endpoint for the IPsec 2176 Phase-2 Tunnel." 2177 ::= { cipSecTunnelEntry 4 } 2178 2179cipSecTunRemoteAddr OBJECT-TYPE 2180 SYNTAX IPSIpAddress 2181 MAX-ACCESS read-only 2182 STATUS current 2183 DESCRIPTION 2184 "The IP address of the remote endpoint for the IPsec 2185 Phase-2 Tunnel." 2186 ::= { cipSecTunnelEntry 5 } 2187 2188cipSecTunKeyType OBJECT-TYPE 2189 SYNTAX KeyType 2190 MAX-ACCESS read-only 2191 STATUS current 2192 DESCRIPTION 2193 "The type of key used by the IPsec Phase-2 Tunnel." 2194 ::= { cipSecTunnelEntry 6 } 2195 2196cipSecTunEncapMode OBJECT-TYPE 2197 SYNTAX EncapMode 2198 MAX-ACCESS read-only 2199 STATUS current 2200 DESCRIPTION 2201 "The encapsulation mode used by the 2202 IPsec Phase-2 Tunnel." 2203 ::= { cipSecTunnelEntry 7 } 2204 2205cipSecTunLifeSize OBJECT-TYPE 2206 SYNTAX Integer32 (1..2147483647 ) 2207 UNITS "KBytes" 2208 MAX-ACCESS read-only 2209 STATUS current 2210 DESCRIPTION 2211 "The negotiated LifeSize of the 2212 IPsec Phase-2 Tunnel in kilobytes." 2213 ::= { cipSecTunnelEntry 8 } 2214 2215cipSecTunLifeTime OBJECT-TYPE 2216 SYNTAX Integer32 (1..2147483647 ) 2217 UNITS "Seconds" 2218 MAX-ACCESS read-only 2219 STATUS current 2220 DESCRIPTION 2221 "The negotiated LifeTime of the 2222 IPsec Phase-2 Tunnel in seconds." 2223 ::= { cipSecTunnelEntry 9 } 2224 2225cipSecTunActiveTime OBJECT-TYPE 2226 SYNTAX TimeInterval 2227 MAX-ACCESS read-only 2228 STATUS current 2229 DESCRIPTION 2230 "The length of time the IPsec Phase-2 2231 Tunnel has been 2232 active in hundredths of seconds." 2233 ::= { cipSecTunnelEntry 10 } 2234 2235cipSecTunSaLifeSizeThreshold OBJECT-TYPE 2236 SYNTAX Integer32 (1..2147483647 ) 2237 UNITS "KBytes" 2238 MAX-ACCESS read-only 2239 STATUS current 2240 DESCRIPTION 2241 "The security association LifeSize refresh 2242 threshold in kilobytes." 2243 ::= { cipSecTunnelEntry 11 } 2244 2245cipSecTunSaLifeTimeThreshold OBJECT-TYPE 2246 SYNTAX Integer32 (1..2147483647 ) 2247 UNITS "Seconds" 2248 MAX-ACCESS read-only 2249 STATUS current 2250 DESCRIPTION 2251 "The security association LifeTime refresh 2252 threshold in seconds." 2253 ::= { cipSecTunnelEntry 12 } 2254 2255cipSecTunTotalRefreshes OBJECT-TYPE 2256 SYNTAX Counter32 2257 UNITS "QM Exchanges" 2258 MAX-ACCESS read-only 2259 STATUS current 2260 DESCRIPTION 2261 "The total number of security 2262 association refreshes performed." 2263 ::= { cipSecTunnelEntry 13 } 2264 2265cipSecTunExpiredSaInstances OBJECT-TYPE 2266 SYNTAX Counter32 2267 UNITS "SAs" 2268 MAX-ACCESS read-only 2269 STATUS current 2270 DESCRIPTION 2271 "The total number of security associations 2272 which have expired." 2273 ::= { cipSecTunnelEntry 14 } 2274 2275cipSecTunCurrentSaInstances OBJECT-TYPE 2276 SYNTAX Gauge32 2277 MAX-ACCESS read-only 2278 STATUS current 2279 DESCRIPTION 2280 "The number of security associations 2281 which are currently active or expiring." 2282 ::= { cipSecTunnelEntry 15 } 2283 2284cipSecTunInSaDiffHellmanGrp OBJECT-TYPE 2285 SYNTAX DiffHellmanGrp 2286 MAX-ACCESS read-only 2287 STATUS current 2288 DESCRIPTION 2289 "The Diffie Hellman Group used 2290 by the inbound security association of the 2291 IPsec Phase-2 Tunnel." 2292 ::= { cipSecTunnelEntry 16 } 2293 2294cipSecTunInSaEncryptAlgo OBJECT-TYPE 2295 SYNTAX EncryptAlgo 2296 MAX-ACCESS read-only 2297 STATUS current 2298 DESCRIPTION 2299 "The encryption algorithm used by the inbound security 2300 association of the IPsec Phase-2 Tunnel." 2301 ::= { cipSecTunnelEntry 17 } 2302 2303cipSecTunInSaAhAuthAlgo OBJECT-TYPE 2304 SYNTAX AuthAlgo 2305 MAX-ACCESS read-only 2306 STATUS current 2307 DESCRIPTION 2308 "The authentication algorithm used by the inbound 2309 authentication header (AH) security association of 2310 the IPsec Phase-2 Tunnel." 2311 ::= { cipSecTunnelEntry 18 } 2312 2313cipSecTunInSaEspAuthAlgo OBJECT-TYPE 2314 SYNTAX AuthAlgo 2315 MAX-ACCESS read-only 2316 STATUS current 2317 DESCRIPTION 2318 "The authentication algorithm used by the inbound 2319 encapsulation security protocol (ESP) security 2320 association of the IPsec Phase-2 Tunnel." 2321 ::= { cipSecTunnelEntry 19 } 2322 2323cipSecTunInSaDecompAlgo OBJECT-TYPE 2324 SYNTAX CompAlgo 2325 MAX-ACCESS read-only 2326 STATUS current 2327 DESCRIPTION 2328 "The decompression algorithm used by the inbound 2329 security association of the IPsec Phase-2 Tunnel." 2330 ::= { cipSecTunnelEntry 20 } 2331 2332cipSecTunOutSaDiffHellmanGrp OBJECT-TYPE 2333 SYNTAX DiffHellmanGrp 2334 MAX-ACCESS read-only 2335 STATUS current 2336 DESCRIPTION 2337 "The Diffie Hellman Group used by the outbound security 2338 association of the IPsec Phase-2 Tunnel." 2339 ::= { cipSecTunnelEntry 21 } 2340 2341cipSecTunOutSaEncryptAlgo OBJECT-TYPE 2342 SYNTAX EncryptAlgo 2343 MAX-ACCESS read-only 2344 STATUS current 2345 DESCRIPTION 2346 "The encryption algorithm used by the outbound security 2347 association of the IPsec Phase-2 Tunnel." 2348 ::= { cipSecTunnelEntry 22 } 2349 2350cipSecTunOutSaAhAuthAlgo OBJECT-TYPE 2351 SYNTAX AuthAlgo 2352 MAX-ACCESS read-only 2353 STATUS current 2354 DESCRIPTION 2355 "The authentication algorithm used by the outbound 2356 authentication header (AH) security association of 2357 the IPsec Phase-2 Tunnel." 2358 ::= { cipSecTunnelEntry 23 } 2359 2360cipSecTunOutSaEspAuthAlgo OBJECT-TYPE 2361 SYNTAX AuthAlgo 2362 MAX-ACCESS read-only 2363 STATUS current 2364 DESCRIPTION 2365 "The authentication algorithm used by the inbound 2366 encapsulation security protocol (ESP) 2367 security association of the IPsec Phase-2 Tunnel." 2368 ::= { cipSecTunnelEntry 24 } 2369 2370cipSecTunOutSaCompAlgo OBJECT-TYPE 2371 SYNTAX CompAlgo 2372 MAX-ACCESS read-only 2373 STATUS current 2374 DESCRIPTION 2375 "The compression algorithm used by the inbound 2376 security association of the IPsec Phase-2 Tunnel." 2377 ::= { cipSecTunnelEntry 25 } 2378 2379cipSecTunInOctets OBJECT-TYPE 2380 SYNTAX Counter32 2381 UNITS "Octets" 2382 MAX-ACCESS read-only 2383 STATUS current 2384 DESCRIPTION 2385 "The total number of octets received by this IPsec 2386 Phase-2 Tunnel. This value is accumulated 2387 BEFORE determining whether or not the packet should be 2388 decompressed. See also cipSecTunInOctWraps for the 2389 number of times this counter has wrapped." 2390 ::= { cipSecTunnelEntry 26 } 2391 2392cipSecTunHcInOctets OBJECT-TYPE 2393 SYNTAX Counter64 2394 UNITS "Octets" 2395 MAX-ACCESS read-only 2396 STATUS current 2397 DESCRIPTION 2398 "A high capacity count of the total number of octets 2399 received by this IPsec Phase-2 Tunnel. This value is 2400 accumulated BEFORE determining whether or not the packet 2401 should be decompressed." 2402 ::= { cipSecTunnelEntry 27 } 2403 2404cipSecTunInOctWraps OBJECT-TYPE 2405 SYNTAX Counter32 2406 UNITS "Integral units" 2407 MAX-ACCESS read-only 2408 STATUS current 2409 DESCRIPTION 2410 "The number of times the octets received counter 2411 (cipSecTunInOctets) has wrapped." 2412 ::= { cipSecTunnelEntry 28 } 2413 2414cipSecTunInDecompOctets OBJECT-TYPE 2415 SYNTAX Counter32 2416 UNITS "Octets" 2417 MAX-ACCESS read-only 2418 STATUS current 2419 DESCRIPTION 2420 "The total number of decompressed octets received 2421 by this IPsec Phase-2 Tunnel. This value is 2422 accumulated AFTER the packet is decompressed. 2423 If compression is not being 2424 used, this value will match the value of 2425 cipSecTunInOctets. See also cipSecTunInDecompOctWraps 2426 for the number of times 2427 this counter has wrapped." 2428 ::= { cipSecTunnelEntry 29 } 2429 2430cipSecTunHcInDecompOctets OBJECT-TYPE 2431 SYNTAX Counter64 2432 MAX-ACCESS read-only 2433 STATUS current 2434 DESCRIPTION 2435 "A high capacity count of the total number of decompressed 2436 octets received by this IPsec Phase-2 Tunnel. This value 2437 is accumulated AFTER the packet is decompressed. If 2438 compression is not being used, this value will match the 2439 value of cipSecTunHcInOctets." 2440 ::= { cipSecTunnelEntry 30 } 2441 2442cipSecTunInDecompOctWraps OBJECT-TYPE 2443 SYNTAX Counter32 2444 UNITS "Integral units" 2445 MAX-ACCESS read-only 2446 STATUS current 2447 DESCRIPTION 2448 "The number of times the decompressed 2449 octets received counter 2450 (cipSecTunInDecompOctets) has wrapped." 2451 ::= { cipSecTunnelEntry 31 } 2452 2453cipSecTunInPkts OBJECT-TYPE 2454 SYNTAX Counter32 2455 UNITS "Packets" 2456 MAX-ACCESS read-only 2457 STATUS current 2458 DESCRIPTION 2459 "The total number of packets received 2460 by this IPsec Phase-2 Tunnel." 2461 ::= { cipSecTunnelEntry 32 } 2462 2463cipSecTunInDropPkts OBJECT-TYPE 2464 SYNTAX Counter32 2465 UNITS "Packets" 2466 MAX-ACCESS read-only 2467 STATUS current 2468 DESCRIPTION 2469 "The total number of packets dropped 2470 during receive processing by this IPsec Phase-2 2471 Tunnel. This count does NOT include 2472 packets dropped due to Anti-Replay processing." 2473 ::= { cipSecTunnelEntry 33 } 2474 2475cipSecTunInReplayDropPkts OBJECT-TYPE 2476 SYNTAX Counter32 2477 UNITS "Packets" 2478 MAX-ACCESS read-only 2479 STATUS current 2480 DESCRIPTION 2481 "The total number of packets dropped during 2482 receive processing due to Anti-Replay processing 2483 by this IPsec Phase-2 Tunnel." 2484 ::= { cipSecTunnelEntry 34 } 2485 2486cipSecTunInAuths OBJECT-TYPE 2487 SYNTAX Counter32 2488 UNITS "Events" 2489 MAX-ACCESS read-only 2490 STATUS current 2491 DESCRIPTION 2492 "The total number of inbound 2493 authentication's performed by this 2494 IPsec Phase-2 Tunnel." 2495 ::= { cipSecTunnelEntry 35 } 2496 2497cipSecTunInAuthFails OBJECT-TYPE 2498 SYNTAX Counter32 2499 UNITS "Failures" 2500 MAX-ACCESS read-only 2501 STATUS current 2502 DESCRIPTION 2503 "The total number of inbound authentication's 2504 which ended in 2505 failure by this IPsec Phase-2 Tunnel ." 2506 ::= { cipSecTunnelEntry 36 } 2507 2508cipSecTunInDecrypts OBJECT-TYPE 2509 SYNTAX Counter32 2510 UNITS "Packets" 2511 MAX-ACCESS read-only 2512 STATUS current 2513 DESCRIPTION 2514 "The total number of inbound decryption's performed 2515 by this IPsec Phase-2 Tunnel." 2516 ::= { cipSecTunnelEntry 37 } 2517 2518cipSecTunInDecryptFails OBJECT-TYPE 2519 SYNTAX Counter32 2520 UNITS "Failures" 2521 MAX-ACCESS read-only 2522 STATUS current 2523 DESCRIPTION 2524 "The total number of inbound decryption's 2525 which ended in failure 2526 by this IPsec Phase-2 Tunnel." 2527 ::= { cipSecTunnelEntry 38 } 2528 2529cipSecTunOutOctets OBJECT-TYPE 2530 SYNTAX Counter32 2531 UNITS "Octets" 2532 MAX-ACCESS read-only 2533 STATUS current 2534 DESCRIPTION 2535 "The total number of octets sent by this IPsec 2536 Phase-2 Tunnel. This value is accumulated 2537 AFTER determining whether or not the packet should 2538 be compressed. See also cipSecTunOutOctWraps for 2539 the number of times this counter has wrapped." 2540 ::= { cipSecTunnelEntry 39 } 2541 2542cipSecTunHcOutOctets OBJECT-TYPE 2543 SYNTAX Counter64 2544 MAX-ACCESS read-only 2545 STATUS current 2546 DESCRIPTION 2547 "A high capacity count of the total number of octets 2548 sent by this IPsec Phase-2 Tunnel. This value is 2549 accumulated AFTER determining whether or not the 2550 packet 2551 should be compressed." 2552 ::= { cipSecTunnelEntry 40 } 2553 2554cipSecTunOutOctWraps OBJECT-TYPE 2555 SYNTAX Counter32 2556 UNITS "Integral units" 2557 MAX-ACCESS read-only 2558 STATUS current 2559 DESCRIPTION 2560 "The number of times the out octets counter 2561 (cipSecTunOutOctets) has wrapped." 2562 ::= { cipSecTunnelEntry 41 } 2563 2564cipSecTunOutUncompOctets OBJECT-TYPE 2565 SYNTAX Counter32 2566 UNITS "Octets" 2567 MAX-ACCESS read-only 2568 STATUS current 2569 DESCRIPTION 2570 "The total number of uncompressed octets sent 2571 by this IPsec Phase-2 Tunnel. This value 2572 is accumulated BEFORE the packet is compressed. 2573 If compression is not being used, this value 2574 will match the value of cipSecTunOutOctets. 2575 See also cipSecTunOutDecompOctWraps for the 2576 number of times this counter has wrapped." 2577 ::= { cipSecTunnelEntry 42 } 2578 2579cipSecTunHcOutUncompOctets OBJECT-TYPE 2580 SYNTAX Counter64 2581 MAX-ACCESS read-only 2582 STATUS current 2583 DESCRIPTION 2584 "A high capacity count of the total number 2585 of uncompressed octets sent by this IPsec 2586 Phase-2 Tunnel. This value is accumulated BEFORE 2587 the packet is compressed. If compression 2588 is not being used, this value will match the value 2589 of cipSecTunHcOutOctets." 2590 ::= { cipSecTunnelEntry 43 } 2591 2592cipSecTunOutUncompOctWraps OBJECT-TYPE 2593 SYNTAX Counter32 2594 UNITS "Integral units" 2595 MAX-ACCESS read-only 2596 STATUS current 2597 DESCRIPTION 2598 "The number of times the uncompressed octets sent 2599 counter (cipSecTunOutUncompOctets) has wrapped." 2600 ::= { cipSecTunnelEntry 44 } 2601 2602cipSecTunOutPkts OBJECT-TYPE 2603 SYNTAX Counter32 2604 UNITS "Packets" 2605 MAX-ACCESS read-only 2606 STATUS current 2607 DESCRIPTION 2608 "The total number of packets sent by this 2609 IPsec Phase-2 Tunnel." 2610 ::= { cipSecTunnelEntry 45 } 2611 2612cipSecTunOutDropPkts OBJECT-TYPE 2613 SYNTAX Counter32 2614 UNITS "Packets" 2615 MAX-ACCESS read-only 2616 STATUS current 2617 DESCRIPTION 2618 "The total number of packets dropped during 2619 send processing by this IPsec Phase-2 Tunnel." 2620 ::= { cipSecTunnelEntry 46 } 2621 2622cipSecTunOutAuths OBJECT-TYPE 2623 SYNTAX Counter32 2624 UNITS "Events" 2625 MAX-ACCESS read-only 2626 STATUS current 2627 DESCRIPTION 2628 "The total number of outbound authentication's performed 2629 by this IPsec Phase-2 Tunnel." 2630 ::= { cipSecTunnelEntry 47 } 2631 2632cipSecTunOutAuthFails OBJECT-TYPE 2633 SYNTAX Counter32 2634 UNITS "Failures" 2635 MAX-ACCESS read-only 2636 STATUS current 2637 DESCRIPTION 2638 "The total number of outbound 2639 authentication's which ended in failure 2640 by this IPsec Phase-2 Tunnel." 2641 ::= { cipSecTunnelEntry 48 } 2642 2643cipSecTunOutEncrypts OBJECT-TYPE 2644 SYNTAX Counter32 2645 UNITS "Packets" 2646 MAX-ACCESS read-only 2647 STATUS current 2648 DESCRIPTION 2649 "The total number of outbound encryption's performed 2650 by this IPsec Phase-2 Tunnel." 2651 ::= { cipSecTunnelEntry 49 } 2652 2653cipSecTunOutEncryptFails OBJECT-TYPE 2654 SYNTAX Counter32 2655 UNITS "Failures" 2656 MAX-ACCESS read-only 2657 STATUS current 2658 DESCRIPTION 2659 "The total number of outbound encryption's 2660 which ended in failure by this IPsec Phase-2 Tunnel." 2661 ::= { cipSecTunnelEntry 50 } 2662 2663cipSecTunStatus OBJECT-TYPE 2664 SYNTAX TunnelStatus 2665 MAX-ACCESS read-write 2666 STATUS current 2667 DESCRIPTION 2668 "The status of the MIB table row. 2669 2670 This object can be used to bring the tunnel down 2671 by setting value of this object to destroy(2). 2672 When the value is set to destroy(2), the SA 2673 bundle is destroyed and this row is deleted 2674 from this table. 2675 2676 When this MIB value is queried, the value of 2677 active(1) is always returned, if the instance 2678 exists. 2679 2680 This object cannot be used to create a MIB 2681 table row." 2682 ::= { cipSecTunnelEntry 51 } 2683 2684 2685-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2686-- The IPsec Phase-2 Tunnel Endpoint Table 2687-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2688 2689cipSecEndPtTable OBJECT-TYPE 2690 SYNTAX SEQUENCE OF CipSecEndPtEntry 2691 MAX-ACCESS not-accessible 2692 STATUS current 2693 DESCRIPTION 2694 "The IPsec Phase-2 Tunnel Endpoint Table. 2695 This table contains an entry for each 2696 active endpoint associated with an IPsec 2697 Phase-2 Tunnel." 2698 ::= { cipSecPhaseTwo 3 } 2699 2700cipSecEndPtEntry OBJECT-TYPE 2701 SYNTAX CipSecEndPtEntry 2702 MAX-ACCESS not-accessible 2703 STATUS current 2704 DESCRIPTION 2705 "An IPsec Phase-2 Tunnel Endpoint entry." 2706 INDEX { 2707 cipSecTunIndex, 2708 cipSecEndPtIndex 2709 } 2710 ::= { cipSecEndPtTable 1 } 2711 2712CipSecEndPtEntry ::= SEQUENCE { 2713 cipSecEndPtIndex Integer32, 2714 cipSecEndPtLocalName DisplayString, 2715 cipSecEndPtLocalType EndPtType, 2716 cipSecEndPtLocalAddr1 IPSIpAddress, 2717 cipSecEndPtLocalAddr2 IPSIpAddress, 2718 cipSecEndPtLocalProtocol Integer32, 2719 cipSecEndPtLocalPort Integer32, 2720 cipSecEndPtRemoteName DisplayString, 2721 cipSecEndPtRemoteType EndPtType, 2722 cipSecEndPtRemoteAddr1 IPSIpAddress, 2723 cipSecEndPtRemoteAddr2 IPSIpAddress, 2724 cipSecEndPtRemoteProtocol Integer32, 2725 cipSecEndPtRemotePort Integer32 2726} 2727 2728cipSecEndPtIndex OBJECT-TYPE 2729 SYNTAX Integer32 (1..2147483647 ) 2730 MAX-ACCESS not-accessible 2731 STATUS current 2732 DESCRIPTION 2733 "The number of the Endpoint associated with the 2734 IPsec Phase-2 Tunnel Table. The value of this 2735 index is a number which begins at one and 2736 is incremented with each Endpoint associated 2737 with an IPsec Phase-2 Tunnel. 2738 The value of this object will wrap at 2,147,483,647." 2739 ::= { cipSecEndPtEntry 1 } 2740 2741cipSecEndPtLocalName OBJECT-TYPE 2742 SYNTAX DisplayString 2743 MAX-ACCESS read-only 2744 STATUS current 2745 DESCRIPTION 2746 "The DNS name of the local Endpoint." 2747 ::= { cipSecEndPtEntry 2 } 2748 2749cipSecEndPtLocalType OBJECT-TYPE 2750 SYNTAX EndPtType 2751 MAX-ACCESS read-only 2752 STATUS current 2753 DESCRIPTION 2754 "The type of identity for the local Endpoint. 2755 Possible values are: 2756 1) a single IP address, or 2757 2) an IP address range, or 2758 3) an IP subnet." 2759 ::= { cipSecEndPtEntry 3 } 2760 2761cipSecEndPtLocalAddr1 OBJECT-TYPE 2762 SYNTAX IPSIpAddress 2763 MAX-ACCESS read-only 2764 STATUS current 2765 DESCRIPTION 2766 "The local Endpoint's first IP address specification. 2767 2768 If the local Endpoint type is single IP address, 2769 then this is the value of the IP address. 2770 2771 If the local Endpoint type is IP subnet, then this 2772 is the value of the subnet. 2773 2774 If the local Endpoint type is IP address range, 2775 then this is the value of beginning IP address 2776 of the range." 2777 ::= { cipSecEndPtEntry 4 } 2778 2779cipSecEndPtLocalAddr2 OBJECT-TYPE 2780 SYNTAX IPSIpAddress 2781 MAX-ACCESS read-only 2782 STATUS current 2783 DESCRIPTION 2784 "The local Endpoint's second IP address specification. 2785 2786 If the local Endpoint type is single IP address, 2787 then this is the value of the IP address. 2788 2789 If the local Endpoint type is IP subnet, then this 2790 is the value of the subnet mask. 2791 2792 If the local Endpoint type is IP address range, 2793 then this is the value of ending IP address 2794 of the range." 2795 ::= { cipSecEndPtEntry 5 } 2796 2797cipSecEndPtLocalProtocol OBJECT-TYPE 2798 SYNTAX Integer32 (0..255 ) 2799 MAX-ACCESS read-only 2800 STATUS current 2801 DESCRIPTION 2802 "The protocol number of the local Endpoint's traffic." 2803 ::= { cipSecEndPtEntry 6 } 2804 2805cipSecEndPtLocalPort OBJECT-TYPE 2806 SYNTAX Integer32 (0..65535 ) 2807 MAX-ACCESS read-only 2808 STATUS current 2809 DESCRIPTION 2810 "The port number of the local Endpoint's traffic." 2811 ::= { cipSecEndPtEntry 7 } 2812 2813cipSecEndPtRemoteName OBJECT-TYPE 2814 SYNTAX DisplayString 2815 MAX-ACCESS read-only 2816 STATUS current 2817 DESCRIPTION 2818 "The DNS name of the remote Endpoint." 2819 ::= { cipSecEndPtEntry 8 } 2820 2821cipSecEndPtRemoteType OBJECT-TYPE 2822 SYNTAX EndPtType 2823 MAX-ACCESS read-only 2824 STATUS current 2825 DESCRIPTION 2826 "The type of identity for the remote Endpoint. 2827 Possible values are: 2828 1) a single IP address, or 2829 2) an IP address range, or 2830 3) an IP subnet." 2831 ::= { cipSecEndPtEntry 9 } 2832 2833cipSecEndPtRemoteAddr1 OBJECT-TYPE 2834 SYNTAX IPSIpAddress 2835 MAX-ACCESS read-only 2836 STATUS current 2837 DESCRIPTION 2838 "The remote Endpoint's first IP address specification. 2839 2840 If the remote Endpoint type is single IP address, 2841 then this is the value of the IP address. 2842 2843 If the remote Endpoint type is IP subnet, then this 2844 is the value of the subnet. 2845 2846 If the remote Endpoint type is IP address range, 2847 then this is the value of beginning IP address 2848 of the range." 2849 ::= { cipSecEndPtEntry 10 } 2850 2851cipSecEndPtRemoteAddr2 OBJECT-TYPE 2852 SYNTAX IPSIpAddress 2853 MAX-ACCESS read-only 2854 STATUS current 2855 DESCRIPTION 2856 "The remote Endpoint's second IP address specification. 2857 2858 If the remote Endpoint type is single IP address, 2859 then this is the value of the IP address. 2860 2861 If the remote Endpoint type is IP subnet, then this 2862 is the value of the subnet mask. 2863 2864 If the remote Endpoint type is IP address range, 2865 then this is the value of ending IP address of 2866 the range." 2867 ::= { cipSecEndPtEntry 11 } 2868 2869cipSecEndPtRemoteProtocol OBJECT-TYPE 2870 SYNTAX Integer32 (0..255 ) 2871 MAX-ACCESS read-only 2872 STATUS current 2873 DESCRIPTION 2874 "The protocol number of the remote Endpoint's traffic." 2875 ::= { cipSecEndPtEntry 12 } 2876 2877cipSecEndPtRemotePort OBJECT-TYPE 2878 SYNTAX Integer32 (0..65535 ) 2879 MAX-ACCESS read-only 2880 STATUS current 2881 DESCRIPTION 2882 "The port number of the remote Endpoint's traffic." 2883 ::= { cipSecEndPtEntry 13 } 2884 2885 2886-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2887-- The IPsec Phase-2 Security Protection Index Table 2888-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2889 2890cipSecSpiTable OBJECT-TYPE 2891 SYNTAX SEQUENCE OF CipSecSpiEntry 2892 MAX-ACCESS not-accessible 2893 STATUS current 2894 DESCRIPTION 2895 "The IPsec Phase-2 Security Protection Index Table. 2896 This table contains an entry for each active 2897 and expiring security 2898 association." 2899 ::= { cipSecPhaseTwo 4 } 2900 2901cipSecSpiEntry OBJECT-TYPE 2902 SYNTAX CipSecSpiEntry 2903 MAX-ACCESS not-accessible 2904 STATUS current 2905 DESCRIPTION 2906 "Each entry contains the attributes associated with 2907 active and expiring IPsec Phase-2 2908 security associations." 2909 INDEX { 2910 cipSecTunIndex, 2911 cipSecSpiIndex 2912 } 2913 ::= { cipSecSpiTable 1 } 2914 2915CipSecSpiEntry ::= SEQUENCE { 2916 cipSecSpiIndex Integer32, 2917 cipSecSpiDirection INTEGER , 2918 cipSecSpiValue Unsigned32, 2919 cipSecSpiProtocol INTEGER , 2920 cipSecSpiStatus INTEGER 2921} 2922 2923cipSecSpiIndex OBJECT-TYPE 2924 SYNTAX Integer32 (1..2147483647 ) 2925 MAX-ACCESS not-accessible 2926 STATUS current 2927 DESCRIPTION 2928 "The number of the SPI associated with the 2929 Phase-2 Tunnel Table. The value of this 2930 index is a number which begins at one and is 2931 incremented with each SPI associated with an 2932 IPsec Phase-2 Tunnel. The value of this 2933 object will wrap at 2,147,483,647." 2934 ::= { cipSecSpiEntry 1 } 2935 2936cipSecSpiDirection OBJECT-TYPE 2937 SYNTAX INTEGER { 2938 in(1), 2939 out(2) 2940 } 2941 MAX-ACCESS read-only 2942 STATUS current 2943 DESCRIPTION 2944 "The direction of the SPI." 2945 ::= { cipSecSpiEntry 2 } 2946 2947cipSecSpiValue OBJECT-TYPE 2948 SYNTAX Unsigned32 (1..4294967295 ) 2949 MAX-ACCESS read-only 2950 STATUS current 2951 DESCRIPTION 2952 "The value of the SPI." 2953 ::= { cipSecSpiEntry 3 } 2954 2955cipSecSpiProtocol OBJECT-TYPE 2956 SYNTAX INTEGER { 2957 ah(1), 2958 esp(2), 2959 ipcomp(3) 2960 } 2961 MAX-ACCESS read-only 2962 STATUS current 2963 DESCRIPTION 2964 "The protocol of the SPI." 2965 ::= { cipSecSpiEntry 4 } 2966 2967cipSecSpiStatus OBJECT-TYPE 2968 SYNTAX INTEGER { 2969 active(1), 2970 expiring(2) 2971 } 2972 MAX-ACCESS read-only 2973 STATUS current 2974 DESCRIPTION 2975 "The status of the SPI." 2976 ::= { cipSecSpiEntry 5 } 2977 2978 2979-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2980-- 2981-- cipSecPhase2GWStatsTable 2982-- 2983-- Gateway Phase-2 IPsec stats information 2984-- 2985-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2986 2987cipSecPhase2GWStatsTable OBJECT-TYPE 2988 SYNTAX SEQUENCE OF CipSecPhase2GWStatsEntry 2989 MAX-ACCESS not-accessible 2990 STATUS current 2991 DESCRIPTION 2992 "Phase-2 IPsec stats information is included in this table. 2993 Each entry is related to a specific gateway which is 2994 identified by 'cmgwIndex'" 2995 ::= { cipSecPhaseTwo 5 } 2996 2997cipSecPhase2GWStatsEntry OBJECT-TYPE 2998 SYNTAX CipSecPhase2GWStatsEntry 2999 MAX-ACCESS not-accessible 3000 STATUS current 3001 DESCRIPTION 3002 "Each entry contains the attributes of an Phase-2 IPsec stats 3003 information for the related gateway. 3004 3005 There is only one entry for each gateway. The entry 3006 is created when a gateway up and cannot be deleted." 3007 INDEX { cmgwIndex } 3008 ::= { cipSecPhase2GWStatsTable 1 } 3009 3010CipSecPhase2GWStatsEntry ::= SEQUENCE { 3011 cipSecPhase2GWActiveTunnels Gauge32, 3012 cipSecPhase2GWPreviousTunnels Counter32, 3013 cipSecPhase2GWInOctets Counter32, 3014 cipSecPhase2GWInOctWraps Counter32, 3015 cipSecPhase2GWInDecompOctets Counter32, 3016 cipSecPhase2GWInDecompOctWraps Counter32, 3017 cipSecPhase2GWInPkts Counter32, 3018 cipSecPhase2GWInDrops Counter32, 3019 cipSecPhase2GWInReplayDrops Counter32, 3020 cipSecPhase2GWInAuths Counter32, 3021 cipSecPhase2GWInAuthFails Counter32, 3022 cipSecPhase2GWInDecrypts Counter32, 3023 cipSecPhase2GWInDecryptFails Counter32, 3024 cipSecPhase2GWOutOctets Counter32, 3025 cipSecPhase2GWOutOctWraps Counter32, 3026 cipSecPhase2GWOutUncompOctets Counter32, 3027 cipSecPhase2GWOutUncompOctWraps Counter32, 3028 cipSecPhase2GWOutPkts Counter32, 3029 cipSecPhase2GWOutDrops Counter32, 3030 cipSecPhase2GWOutAuths Counter32, 3031 cipSecPhase2GWOutAuthFails Counter32, 3032 cipSecPhase2GWOutEncrypts Counter32, 3033 cipSecPhase2GWOutEncryptFails Counter32, 3034 cipSecPhase2GWProtocolUseFails Counter32, 3035 cipSecPhase2GWNoSaFails Counter32, 3036 cipSecPhase2GWSysCapFails Counter32 3037} 3038 3039cipSecPhase2GWActiveTunnels OBJECT-TYPE 3040 SYNTAX Gauge32 3041 MAX-ACCESS read-only 3042 STATUS current 3043 DESCRIPTION 3044 "The total number of currently active 3045 IPsec Phase-2 Tunnels." 3046 ::= { cipSecPhase2GWStatsEntry 1 } 3047 3048cipSecPhase2GWPreviousTunnels OBJECT-TYPE 3049 SYNTAX Counter32 3050 UNITS "Phase-2 Tunnels" 3051 MAX-ACCESS read-only 3052 STATUS current 3053 DESCRIPTION 3054 "The total number of previously active 3055 IPsec Phase-2 Tunnels." 3056 ::= { cipSecPhase2GWStatsEntry 2 } 3057 3058cipSecPhase2GWInOctets OBJECT-TYPE 3059 SYNTAX Counter32 3060 UNITS "Octets" 3061 MAX-ACCESS read-only 3062 STATUS current 3063 DESCRIPTION 3064 "The total number of octets received by all 3065 current and previous IPsec Phase-2 Tunnels. 3066 This value is accumulated BEFORE determining 3067 whether or not the packet should be decompressed. 3068 See also cipSecGlobalInOctWraps for the number 3069 of times this counter has wrapped." 3070 ::= { cipSecPhase2GWStatsEntry 3 } 3071 3072cipSecPhase2GWInOctWraps OBJECT-TYPE 3073 SYNTAX Counter32 3074 UNITS "Integral units" 3075 MAX-ACCESS read-only 3076 STATUS current 3077 DESCRIPTION 3078 "The number of times the global octets received 3079 counter (cipSecGlobalInOctets) has wrapped." 3080 ::= { cipSecPhase2GWStatsEntry 4 } 3081 3082cipSecPhase2GWInDecompOctets OBJECT-TYPE 3083 SYNTAX Counter32 3084 UNITS "Octets" 3085 MAX-ACCESS read-only 3086 STATUS current 3087 DESCRIPTION 3088 "The total number of decompressed octets received 3089 by all current and previous IPsec Phase-2 Tunnels. 3090 This value is accumulated AFTER the packet is 3091 decompressed. If compression is not being used, 3092 this value will match the value of cipSecGlobalInOctets. 3093 See also cipSecGlobalInDecompOctWraps 3094 for the number of times this counter has wrapped." 3095 ::= { cipSecPhase2GWStatsEntry 5 } 3096 3097cipSecPhase2GWInDecompOctWraps OBJECT-TYPE 3098 SYNTAX Counter32 3099 UNITS "Integral units" 3100 MAX-ACCESS read-only 3101 STATUS current 3102 DESCRIPTION 3103 "The number of times the global decompressed 3104 octets received counter (cipSecGlobalInDecompOctets) 3105 has wrapped." 3106 ::= { cipSecPhase2GWStatsEntry 6 } 3107 3108cipSecPhase2GWInPkts OBJECT-TYPE 3109 SYNTAX Counter32 3110 UNITS "Packets" 3111 MAX-ACCESS read-only 3112 STATUS current 3113 DESCRIPTION 3114 "The total number of packets received 3115 by all current and previous IPsec Phase-2 Tunnels." 3116 ::= { cipSecPhase2GWStatsEntry 7 } 3117 3118cipSecPhase2GWInDrops OBJECT-TYPE 3119 SYNTAX Counter32 3120 UNITS "Packets" 3121 MAX-ACCESS read-only 3122 STATUS current 3123 DESCRIPTION 3124 "The total number of packets dropped 3125 during receive processing by all current and previous 3126 IPsec Phase-2 Tunnels. This count does NOT include 3127 packets dropped due to Anti-Replay processing." 3128 ::= { cipSecPhase2GWStatsEntry 8 } 3129 3130cipSecPhase2GWInReplayDrops OBJECT-TYPE 3131 SYNTAX Counter32 3132 UNITS "Packets" 3133 MAX-ACCESS read-only 3134 STATUS current 3135 DESCRIPTION 3136 "The total number of packets dropped during 3137 receive processing due to Anti-Replay 3138 processing by all current and previous IPsec 3139 Phase-2 Tunnels." 3140 ::= { cipSecPhase2GWStatsEntry 9 } 3141 3142cipSecPhase2GWInAuths OBJECT-TYPE 3143 SYNTAX Counter32 3144 UNITS "Events" 3145 MAX-ACCESS read-only 3146 STATUS current 3147 DESCRIPTION 3148 "The total number of inbound authentication's 3149 performed by all current and previous IPsec 3150 Phase-2 Tunnels." 3151 ::= { cipSecPhase2GWStatsEntry 10 } 3152 3153cipSecPhase2GWInAuthFails OBJECT-TYPE 3154 SYNTAX Counter32 3155 UNITS "Failures" 3156 MAX-ACCESS read-only 3157 STATUS current 3158 DESCRIPTION 3159 "The total number of inbound authentication's 3160 which ended in failure by all current and previous 3161 IPsec Phase-2 Tunnels." 3162 ::= { cipSecPhase2GWStatsEntry 11 } 3163 3164cipSecPhase2GWInDecrypts OBJECT-TYPE 3165 SYNTAX Counter32 3166 UNITS "Packets" 3167 MAX-ACCESS read-only 3168 STATUS current 3169 DESCRIPTION 3170 "The total number of inbound decryption's 3171 performed by all current and previous IPsec 3172 Phase-2 Tunnels." 3173 ::= { cipSecPhase2GWStatsEntry 12 } 3174 3175cipSecPhase2GWInDecryptFails OBJECT-TYPE 3176 SYNTAX Counter32 3177 UNITS "Packets" 3178 MAX-ACCESS read-only 3179 STATUS current 3180 DESCRIPTION 3181 "The total number of inbound decryption's 3182 which ended in failure by all current and 3183 previous IPsec Phase-2 Tunnels." 3184 ::= { cipSecPhase2GWStatsEntry 13 } 3185 3186cipSecPhase2GWOutOctets OBJECT-TYPE 3187 SYNTAX Counter32 3188 UNITS "Octets" 3189 MAX-ACCESS read-only 3190 STATUS current 3191 DESCRIPTION 3192 "The total number of octets sent by all 3193 current and previous IPsec Phase-2 Tunnels. 3194 This value is accumulated AFTER determining 3195 whether or not the packet should be compressed. 3196 See also cipSecGlobalOutOctWraps for the 3197 number of times this counter has wrapped." 3198 ::= { cipSecPhase2GWStatsEntry 14 } 3199 3200cipSecPhase2GWOutOctWraps OBJECT-TYPE 3201 SYNTAX Counter32 3202 UNITS "Integral units" 3203 MAX-ACCESS read-only 3204 STATUS current 3205 DESCRIPTION 3206 "The number of times the global octets sent counter 3207 (cipSecGlobalOutOctets) has wrapped." 3208 ::= { cipSecPhase2GWStatsEntry 15 } 3209 3210cipSecPhase2GWOutUncompOctets OBJECT-TYPE 3211 SYNTAX Counter32 3212 UNITS "Octets" 3213 MAX-ACCESS read-only 3214 STATUS current 3215 DESCRIPTION 3216 "The total number of uncompressed octets sent 3217 by all current and previous IPsec Phase-2 Tunnels. 3218 This value is accumulated BEFORE the packet is 3219 compressed. If compression is not being used, this 3220 value will match the value of cipSecGlobalOutOctets. 3221 See also cipSecGlobalOutDecompOctWraps for the number 3222 of times this counter has wrapped." 3223 ::= { cipSecPhase2GWStatsEntry 16 } 3224 3225cipSecPhase2GWOutUncompOctWraps OBJECT-TYPE 3226 SYNTAX Counter32 3227 UNITS "Integral units" 3228 MAX-ACCESS read-only 3229 STATUS current 3230 DESCRIPTION 3231 "The number of times the global uncompressed 3232 octets sent counter (cipSecGlobalOutUncompOctets) 3233 has wrapped." 3234 ::= { cipSecPhase2GWStatsEntry 17 } 3235 3236cipSecPhase2GWOutPkts OBJECT-TYPE 3237 SYNTAX Counter32 3238 UNITS "Packets" 3239 MAX-ACCESS read-only 3240 STATUS current 3241 DESCRIPTION 3242 "The total number of packets sent by all 3243 current and previous IPsec Phase-2 3244 Tunnels." 3245 ::= { cipSecPhase2GWStatsEntry 18 } 3246 3247cipSecPhase2GWOutDrops OBJECT-TYPE 3248 SYNTAX Counter32 3249 UNITS "Packets" 3250 MAX-ACCESS read-only 3251 STATUS current 3252 DESCRIPTION 3253 "The total number of packets dropped during send 3254 processing by all current and previous IPsec 3255 Phase-2 Tunnels." 3256 ::= { cipSecPhase2GWStatsEntry 19 } 3257 3258cipSecPhase2GWOutAuths OBJECT-TYPE 3259 SYNTAX Counter32 3260 UNITS "Events" 3261 MAX-ACCESS read-only 3262 STATUS current 3263 DESCRIPTION 3264 "The total number of outbound authentication's 3265 performed by all current and previous IPsec 3266 Phase-2 Tunnels." 3267 ::= { cipSecPhase2GWStatsEntry 20 } 3268 3269cipSecPhase2GWOutAuthFails OBJECT-TYPE 3270 SYNTAX Counter32 3271 UNITS "Failures" 3272 MAX-ACCESS read-only 3273 STATUS current 3274 DESCRIPTION 3275 "The total number of outbound authentication's 3276 which ended in failure 3277 by all current and previous IPsec Phase-2 Tunnels." 3278 ::= { cipSecPhase2GWStatsEntry 21 } 3279 3280cipSecPhase2GWOutEncrypts OBJECT-TYPE 3281 SYNTAX Counter32 3282 UNITS "Packets" 3283 MAX-ACCESS read-only 3284 STATUS current 3285 DESCRIPTION 3286 "The total number of outbound encryption's performed 3287 by all current and previous IPsec Phase-2 Tunnels." 3288 ::= { cipSecPhase2GWStatsEntry 22 } 3289 3290cipSecPhase2GWOutEncryptFails OBJECT-TYPE 3291 SYNTAX Counter32 3292 UNITS "Failures" 3293 MAX-ACCESS read-only 3294 STATUS current 3295 DESCRIPTION 3296 "The total number of outbound encryption's 3297 which ended in failure by all current and 3298 previous IPsec Phase-2 Tunnels." 3299 ::= { cipSecPhase2GWStatsEntry 23 } 3300 3301cipSecPhase2GWProtocolUseFails OBJECT-TYPE 3302 SYNTAX Counter32 3303 UNITS "Failures" 3304 MAX-ACCESS read-only 3305 STATUS current 3306 DESCRIPTION 3307 "The total number of protocol use failures 3308 which occurred during processing of all current 3309 and previously active IPsec Phase-2 Tunnels." 3310 ::= { cipSecPhase2GWStatsEntry 24 } 3311 3312cipSecPhase2GWNoSaFails OBJECT-TYPE 3313 SYNTAX Counter32 3314 UNITS "Failures" 3315 MAX-ACCESS read-only 3316 STATUS current 3317 DESCRIPTION 3318 "The total number of non-existent 3319 Security Association in failures which occurred 3320 during processing of all current 3321 and previous IPsec Phase-2 Tunnels." 3322 ::= { cipSecPhase2GWStatsEntry 25 } 3323 3324cipSecPhase2GWSysCapFails OBJECT-TYPE 3325 SYNTAX Counter32 3326 UNITS "Failures" 3327 MAX-ACCESS read-only 3328 STATUS current 3329 DESCRIPTION 3330 "The total number of system capacity failures 3331 which occurred during processing of all current 3332 and previously active IPsec Phase-2 Tunnels." 3333 ::= { cipSecPhase2GWStatsEntry 26 } 3334 3335 3336-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3337-- The IPsec History Group 3338-- 3339-- This group consists of a: 3340-- 1) IPsec History Global Objects 3341-- 2) IPsec Phase-1 History Objects 3342-- 3) IPsec Phase-2 History Objects 3343-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3344 3345cipSecHistGlobal OBJECT IDENTIFIER 3346 ::= { cipSecHistory 1 } 3347 3348cipSecHistPhaseOne OBJECT IDENTIFIER 3349 ::= { cipSecHistory 2 } 3350 3351cipSecHistPhaseTwo OBJECT IDENTIFIER 3352 ::= { cipSecHistory 3 } 3353 3354-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3355-- IPsec History Global Control Objects 3356-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3357 3358cipSecHistGlobalCntl OBJECT IDENTIFIER 3359 ::= { cipSecHistGlobal 1 } 3360 3361 3362cipSecHistTableSize OBJECT-TYPE 3363 SYNTAX Integer32 (1..2147483647 ) 3364 MAX-ACCESS read-write 3365 STATUS current 3366 DESCRIPTION 3367 "The window size of the IPsec Phase-1 and Phase-2 3368 History Tables. 3369 3370 The IPsec Phase-1 and Phase-2 History Tables are 3371 implemented as a sliding window in which only the 3372 last n entries are maintained. This object is used 3373 specify the number of entries which will be 3374 maintained in the IPsec Phase-1 and 3375 Phase-2 History Tables. 3376 3377 An implementation may choose suitable minimum and 3378 maximum values for this element based on the local 3379 policy and available resources. If an SNMP SET request 3380 specifies a value outside this window for this element, 3381 a BAD VALUE may be returned." 3382 ::= { cipSecHistGlobalCntl 1 } 3383 3384cipSecHistCheckPoint OBJECT-TYPE 3385 SYNTAX INTEGER { 3386 ready(1), 3387 checkPoint(2) 3388 } 3389 MAX-ACCESS read-write 3390 STATUS current 3391 DESCRIPTION 3392 "The current state of check point processing. 3393 3394 This object will return ready when the agent is 3395 ready to create on-demand history entries for 3396 active IPsec Tunnels or checkPoint when the 3397 agent is currently creating on-demand history 3398 entries for active IPsec Tunnels. 3399 3400 By setting this value to checkPoint, the agent 3401 will create: 3402 a) an entry in the IPsec Phase-1 Tunnel History 3403 for each active IPsec Phase-1 Tunnel and 3404 b) an entry in the IPsec Phase-2 Tunnel History 3405 Table and an entry in the IPsec Phase-2 3406 Tunnel EndPoint History Table 3407 for each active IPsec Phase-2 Tunnel." 3408 ::= { cipSecHistGlobalCntl 2 } 3409-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3410-- The IPsec Phase-1 Tunnel History Table 3411-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3412 3413cikeTunnelHistTable OBJECT-TYPE 3414 SYNTAX SEQUENCE OF CikeTunnelHistEntry 3415 MAX-ACCESS not-accessible 3416 STATUS current 3417 DESCRIPTION 3418 "The IPsec Phase-1 Internet Key Exchange Tunnel 3419 History Table. This table is implemented as a 3420 sliding window in which only the last n entries 3421 are maintained. The maximum number of entries 3422 is specified by the cipSecHistTableSize object." 3423 ::= { cipSecHistPhaseOne 1 } 3424 3425cikeTunnelHistEntry OBJECT-TYPE 3426 SYNTAX CikeTunnelHistEntry 3427 MAX-ACCESS not-accessible 3428 STATUS current 3429 DESCRIPTION 3430 "Each entry contains the attributes 3431 associated with a previously active IPsec 3432 Phase-1 IKE Tunnel." 3433 INDEX { cikeTunHistIndex } 3434 ::= { cikeTunnelHistTable 1 } 3435 3436CikeTunnelHistEntry ::= SEQUENCE { 3437 cikeTunHistIndex Integer32, 3438 cikeTunHistTermReason INTEGER , 3439 cikeTunHistActiveIndex Integer32, 3440 cikeTunHistPeerLocalType IkePeerType, 3441 cikeTunHistPeerLocalValue DisplayString, 3442 cikeTunHistPeerIntIndex Integer32, 3443 cikeTunHistPeerRemoteType IkePeerType, 3444 cikeTunHistPeerRemoteValue DisplayString, 3445 cikeTunHistLocalAddr IPSIpAddress, 3446 cikeTunHistLocalName DisplayString, 3447 cikeTunHistRemoteAddr IPSIpAddress, 3448 cikeTunHistRemoteName DisplayString, 3449 cikeTunHistNegoMode IkeNegoMode, 3450 cikeTunHistDiffHellmanGrp DiffHellmanGrp, 3451 cikeTunHistEncryptAlgo EncryptAlgo, 3452 cikeTunHistHashAlgo IkeHashAlgo, 3453 cikeTunHistAuthMethod IkeAuthMethod, 3454 cikeTunHistLifeTime Integer32, 3455 cikeTunHistStartTime TimeStamp, 3456 cikeTunHistActiveTime TimeInterval, 3457 cikeTunHistTotalRefreshes Counter32, 3458 cikeTunHistTotalSas Counter32, 3459 cikeTunHistInOctets Counter32, 3460 cikeTunHistInPkts Counter32, 3461 cikeTunHistInDropPkts Counter32, 3462 cikeTunHistInNotifys Counter32, 3463 cikeTunHistInP2Exchgs Counter32, 3464 cikeTunHistInP2ExchgInvalids Counter32, 3465 cikeTunHistInP2ExchgRejects Counter32, 3466 cikeTunHistInP2SaDelRequests Counter32, 3467 cikeTunHistOutOctets Counter32, 3468 cikeTunHistOutPkts Counter32, 3469 cikeTunHistOutDropPkts Counter32, 3470 cikeTunHistOutNotifys Counter32, 3471 cikeTunHistOutP2Exchgs Counter32, 3472 cikeTunHistOutP2ExchgInvalids Counter32, 3473 cikeTunHistOutP2ExchgRejects Counter32, 3474 cikeTunHistOutP2SaDelRequests Counter32 3475} 3476 3477cikeTunHistIndex OBJECT-TYPE 3478 SYNTAX Integer32 (1..2147483647 ) 3479 MAX-ACCESS not-accessible 3480 STATUS current 3481 DESCRIPTION 3482 "The index of the IPsec Phase-1 IKE Tunnel History 3483 Table. The value of the index is a number which 3484 begins at one and is incremented with each 3485 tunnel that ends. The value of this object 3486 will wrap at 2,147,483,647." 3487 ::= { cikeTunnelHistEntry 1 } 3488 3489cikeTunHistTermReason OBJECT-TYPE 3490 SYNTAX INTEGER { 3491 other(1), 3492 normal(2), 3493 operRequest(3), 3494 peerDelRequest(4), 3495 peerLost(5), 3496 localFailure(6), 3497 checkPointReg(7) 3498 } 3499 MAX-ACCESS read-only 3500 STATUS current 3501 DESCRIPTION 3502 "The reason the IPsec Phase-1 IKE Tunnel was terminated. 3503 Possible reasons include: 3504 1 = other 3505 2 = normal termination 3506 3 = operator request 3507 4 = peer delete request was received 3508 5 = contact with peer was lost 3509 6 = local failure occurred. 3510 7 = operator initiated check point request" 3511 ::= { cikeTunnelHistEntry 2 } 3512 3513cikeTunHistActiveIndex OBJECT-TYPE 3514 SYNTAX Integer32 (1..2147483647 ) 3515 MAX-ACCESS read-only 3516 STATUS current 3517 DESCRIPTION 3518 "The index of the previously active IPsec 3519 Phase-1 IKE Tunnel." 3520 ::= { cikeTunnelHistEntry 3 } 3521 3522cikeTunHistPeerLocalType OBJECT-TYPE 3523 SYNTAX IkePeerType 3524 MAX-ACCESS read-only 3525 STATUS current 3526 DESCRIPTION 3527 "The type of local peer identity. The local peer 3528 may be identified by: 3529 1. an IP address, or 3530 2. a host name." 3531 ::= { cikeTunnelHistEntry 4 } 3532 3533cikeTunHistPeerLocalValue OBJECT-TYPE 3534 SYNTAX DisplayString 3535 MAX-ACCESS read-only 3536 STATUS current 3537 DESCRIPTION 3538 "The value of the local peer identity. 3539 3540 If the local peer type is an IP Address, then this 3541 is the IP Address used to identify the local peer. 3542 3543 If the local peer type is a host name, then this is 3544 the host name used to identify the local peer." 3545 ::= { cikeTunnelHistEntry 5 } 3546 3547cikeTunHistPeerIntIndex OBJECT-TYPE 3548 SYNTAX Integer32 (1..2147483647 ) 3549 MAX-ACCESS read-only 3550 STATUS current 3551 DESCRIPTION 3552 "The internal index of the local-remote peer 3553 association. This internal index is used to 3554 uniquely identify multiple associations between 3555 the local and remote peer." 3556 ::= { cikeTunnelHistEntry 6 } 3557 3558cikeTunHistPeerRemoteType OBJECT-TYPE 3559 SYNTAX IkePeerType 3560 MAX-ACCESS read-only 3561 STATUS current 3562 DESCRIPTION 3563 "The type of remote peer identity. The remote 3564 peer may be identified by: 3565 1. an IP address, or 3566 2. a host name." 3567 ::= { cikeTunnelHistEntry 7 } 3568 3569cikeTunHistPeerRemoteValue OBJECT-TYPE 3570 SYNTAX DisplayString 3571 MAX-ACCESS read-only 3572 STATUS current 3573 DESCRIPTION 3574 "The value of the remote peer identity. 3575 3576 If the remote peer type is an IP Address, then this 3577 is the IP Address used to identify the remote peer. 3578 3579 If the remote peer type is a host name, then this is 3580 the host name used to identify the remote peer." 3581 ::= { cikeTunnelHistEntry 8 } 3582 3583cikeTunHistLocalAddr OBJECT-TYPE 3584 SYNTAX IPSIpAddress 3585 MAX-ACCESS read-only 3586 STATUS current 3587 DESCRIPTION 3588 "The IP address of the local endpoint for the IPsec 3589 Phase-1 IKE Tunnel." 3590 ::= { cikeTunnelHistEntry 9 } 3591 3592cikeTunHistLocalName OBJECT-TYPE 3593 SYNTAX DisplayString 3594 MAX-ACCESS read-only 3595 STATUS current 3596 DESCRIPTION 3597 "The DNS name of the local IP address for 3598 the IPsec Phase-1 IKE Tunnel. If the DNS 3599 name associated with the local tunnel endpoint 3600 is not known, then the value of this 3601 object will be a NULL string." 3602 ::= { cikeTunnelHistEntry 10 } 3603 3604cikeTunHistRemoteAddr OBJECT-TYPE 3605 SYNTAX IPSIpAddress 3606 MAX-ACCESS read-only 3607 STATUS current 3608 DESCRIPTION 3609 "The IP address of the remote endpoint for the IPsec 3610 Phase-1 IKE Tunnel." 3611 ::= { cikeTunnelHistEntry 11 } 3612 3613cikeTunHistRemoteName OBJECT-TYPE 3614 SYNTAX DisplayString 3615 MAX-ACCESS read-only 3616 STATUS current 3617 DESCRIPTION 3618 "The DNS name of the remote IP address of IPsec Phase-1 3619 IKE Tunnel. If the DNS name associated with the remote 3620 tunnel endpoint is not known, then the value of this 3621 object will be a NULL string." 3622 ::= { cikeTunnelHistEntry 12 } 3623 3624cikeTunHistNegoMode OBJECT-TYPE 3625 SYNTAX IkeNegoMode 3626 MAX-ACCESS read-only 3627 STATUS current 3628 DESCRIPTION 3629 "The negotiation mode of the IPsec Phase-1 IKE Tunnel." 3630 ::= { cikeTunnelHistEntry 13 } 3631 3632cikeTunHistDiffHellmanGrp OBJECT-TYPE 3633 SYNTAX DiffHellmanGrp 3634 MAX-ACCESS read-only 3635 STATUS current 3636 DESCRIPTION 3637 "The Diffie Hellman Group used in IPsec Phase-1 IKE 3638 negotiations." 3639 ::= { cikeTunnelHistEntry 14 } 3640 3641cikeTunHistEncryptAlgo OBJECT-TYPE 3642 SYNTAX EncryptAlgo 3643 MAX-ACCESS read-only 3644 STATUS current 3645 DESCRIPTION 3646 "The encryption algorithm used in IPsec Phase-1 IKE 3647 negotiations." 3648 ::= { cikeTunnelHistEntry 15 } 3649 3650cikeTunHistHashAlgo OBJECT-TYPE 3651 SYNTAX IkeHashAlgo 3652 MAX-ACCESS read-only 3653 STATUS current 3654 DESCRIPTION 3655 "The hash algorithm used in IPsec Phase-1 IKE 3656 negotiations." 3657 ::= { cikeTunnelHistEntry 16 } 3658 3659cikeTunHistAuthMethod OBJECT-TYPE 3660 SYNTAX IkeAuthMethod 3661 MAX-ACCESS read-only 3662 STATUS current 3663 DESCRIPTION 3664 "The authentication method used in IPsec Phase-1 IKE 3665 negotiations." 3666 ::= { cikeTunnelHistEntry 17 } 3667 3668cikeTunHistLifeTime OBJECT-TYPE 3669 SYNTAX Integer32 (1..2147483647 ) 3670 MAX-ACCESS read-only 3671 STATUS current 3672 DESCRIPTION 3673 "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel 3674 in seconds." 3675 ::= { cikeTunnelHistEntry 18 } 3676 3677cikeTunHistStartTime OBJECT-TYPE 3678 SYNTAX TimeStamp 3679 MAX-ACCESS read-only 3680 STATUS current 3681 DESCRIPTION 3682 "The value of sysUpTime in hundredths of seconds 3683 when the IPsec Phase-1 IKE tunnel was started." 3684 ::= { cikeTunnelHistEntry 19 } 3685 3686cikeTunHistActiveTime OBJECT-TYPE 3687 SYNTAX TimeInterval 3688 MAX-ACCESS read-only 3689 STATUS current 3690 DESCRIPTION 3691 "The length of time the IPsec Phase-1 IKE tunnel was been 3692 active in hundredths of seconds." 3693 ::= { cikeTunnelHistEntry 20 } 3694 3695cikeTunHistTotalRefreshes OBJECT-TYPE 3696 SYNTAX Counter32 3697 UNITS "QM Exchanges" 3698 MAX-ACCESS read-only 3699 STATUS current 3700 DESCRIPTION 3701 "The total number of security associations 3702 refreshes performed." 3703 ::= { cikeTunnelHistEntry 21 } 3704 3705cikeTunHistTotalSas OBJECT-TYPE 3706 SYNTAX Counter32 3707 UNITS "SAs" 3708 MAX-ACCESS read-only 3709 STATUS current 3710 DESCRIPTION 3711 "The total number of security associations 3712 used during the 3713 life of the IPsec Phase-1 IKE Tunnel." 3714 ::= { cikeTunnelHistEntry 22 } 3715 3716cikeTunHistInOctets OBJECT-TYPE 3717 SYNTAX Counter32 3718 UNITS "Octets" 3719 MAX-ACCESS read-only 3720 STATUS current 3721 DESCRIPTION 3722 "The total number of octets 3723 received by this IPsec Phase-1 3724 IKE Tunnel." 3725 ::= { cikeTunnelHistEntry 23 } 3726 3727cikeTunHistInPkts OBJECT-TYPE 3728 SYNTAX Counter32 3729 UNITS "Packets" 3730 MAX-ACCESS read-only 3731 STATUS current 3732 DESCRIPTION 3733 "The total number of packets received 3734 by this IPsec Phase-1 3735 IKE Tunnel." 3736 ::= { cikeTunnelHistEntry 24 } 3737 3738cikeTunHistInDropPkts OBJECT-TYPE 3739 SYNTAX Counter32 3740 UNITS "Packets" 3741 MAX-ACCESS read-only 3742 STATUS current 3743 DESCRIPTION 3744 "The total number of packets dropped 3745 by this IPsec Phase-1 3746 IKE Tunnel during receive processing." 3747 ::= { cikeTunnelHistEntry 25 } 3748 3749cikeTunHistInNotifys OBJECT-TYPE 3750 SYNTAX Counter32 3751 UNITS "Notification Payloads" 3752 MAX-ACCESS read-only 3753 STATUS current 3754 DESCRIPTION 3755 "The total number of notifys received 3756 by this IPsec Phase-1 3757 IKE Tunnel." 3758 ::= { cikeTunnelHistEntry 26 } 3759 3760cikeTunHistInP2Exchgs OBJECT-TYPE 3761 SYNTAX Counter32 3762 UNITS "SA Payloads" 3763 MAX-ACCESS read-only 3764 STATUS current 3765 DESCRIPTION 3766 "The total number of IPsec Phase-2 3767 exchanges received by 3768 this IPsec Phase-1 IKE Tunnel." 3769 ::= { cikeTunnelHistEntry 27 } 3770 3771cikeTunHistInP2ExchgInvalids OBJECT-TYPE 3772 SYNTAX Counter32 3773 UNITS "SA Payloads" 3774 MAX-ACCESS read-only 3775 STATUS current 3776 DESCRIPTION 3777 "The total number of IPsec Phase-2 3778 exchanges received and 3779 found to be invalid by this IPsec Phase-1 IKE Tunnel." 3780 ::= { cikeTunnelHistEntry 28 } 3781 3782cikeTunHistInP2ExchgRejects OBJECT-TYPE 3783 SYNTAX Counter32 3784 UNITS "SA Payloads" 3785 MAX-ACCESS read-only 3786 STATUS current 3787 DESCRIPTION 3788 "The total number of IPsec Phase-2 3789 exchanges received and 3790 rejected by this IPsec Phase-1 IKE Tunnel." 3791 ::= { cikeTunnelHistEntry 29 } 3792 3793cikeTunHistInP2SaDelRequests OBJECT-TYPE 3794 SYNTAX Counter32 3795 UNITS "Notification Payloads" 3796 MAX-ACCESS read-only 3797 STATUS current 3798 DESCRIPTION 3799 "The total number of IPsec Phase-2 security association 3800 delete requests received by this IPsec 3801 Phase-1 IKE Tunnel." 3802 ::= { cikeTunnelHistEntry 30 } 3803 3804cikeTunHistOutOctets OBJECT-TYPE 3805 SYNTAX Counter32 3806 UNITS "Octets" 3807 MAX-ACCESS read-only 3808 STATUS current 3809 DESCRIPTION 3810 "The total number of octets sent by this IPsec Phase-1 3811 IKE Tunnel." 3812 ::= { cikeTunnelHistEntry 31 } 3813 3814cikeTunHistOutPkts OBJECT-TYPE 3815 SYNTAX Counter32 3816 UNITS "Packets" 3817 MAX-ACCESS read-only 3818 STATUS current 3819 DESCRIPTION 3820 "The total number of packets sent by this IPsec Phase-1 3821 IKE Tunnel." 3822 ::= { cikeTunnelHistEntry 32 } 3823 3824cikeTunHistOutDropPkts OBJECT-TYPE 3825 SYNTAX Counter32 3826 UNITS "Packets" 3827 MAX-ACCESS read-only 3828 STATUS current 3829 DESCRIPTION 3830 "The total number of packets dropped 3831 by this IPsec Phase-1 3832 IKE Tunnel during send processing." 3833 ::= { cikeTunnelHistEntry 33 } 3834 3835cikeTunHistOutNotifys OBJECT-TYPE 3836 SYNTAX Counter32 3837 UNITS "Notification Payloads" 3838 MAX-ACCESS read-only 3839 STATUS current 3840 DESCRIPTION 3841 "The total number of notifys sent by this IPsec Phase-1 3842 IKE Tunnel." 3843 ::= { cikeTunnelHistEntry 34 } 3844 3845cikeTunHistOutP2Exchgs OBJECT-TYPE 3846 SYNTAX Counter32 3847 UNITS "SA Payloads" 3848 MAX-ACCESS read-only 3849 STATUS current 3850 DESCRIPTION 3851 "The total number of IPsec Phase-2 exchanges sent by 3852 this IPsec Phase-1 IKE Tunnel." 3853 ::= { cikeTunnelHistEntry 35 } 3854 3855cikeTunHistOutP2ExchgInvalids OBJECT-TYPE 3856 SYNTAX Counter32 3857 UNITS "SA Payloads" 3858 MAX-ACCESS read-only 3859 STATUS current 3860 DESCRIPTION 3861 "The total number of IPsec Phase-2 exchanges sent and 3862 found to be invalid by this IPsec Phase-1 IKE Tunnel." 3863 ::= { cikeTunnelHistEntry 36 } 3864 3865cikeTunHistOutP2ExchgRejects OBJECT-TYPE 3866 SYNTAX Counter32 3867 UNITS "SA Payloads" 3868 MAX-ACCESS read-only 3869 STATUS current 3870 DESCRIPTION 3871 "The total number of IPsec Phase-2 exchanges sent and 3872 rejected by this IPsec Phase-1 IKE Tunnel." 3873 ::= { cikeTunnelHistEntry 37 } 3874 3875cikeTunHistOutP2SaDelRequests OBJECT-TYPE 3876 SYNTAX Counter32 3877 UNITS "Notification Payloads" 3878 MAX-ACCESS read-only 3879 STATUS current 3880 DESCRIPTION 3881 "The total number of IPsec Phase-2 security association 3882 delete requests sent by this IPsec Phase-1 IKE Tunnel." 3883 ::= { cikeTunnelHistEntry 38 } 3884 3885 3886-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3887-- The IPsec Phase-2 Tunnel History Table 3888-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3889 3890cipSecTunnelHistTable OBJECT-TYPE 3891 SYNTAX SEQUENCE OF CipSecTunnelHistEntry 3892 MAX-ACCESS not-accessible 3893 STATUS current 3894 DESCRIPTION 3895 "The IPsec Phase-2 Tunnel History Table. 3896 This table is implemented as a sliding 3897 window in which only the 3898 last n entries are maintained. The maximum number 3899 of entries 3900 is specified by the cipSecHistTableSize object." 3901 ::= { cipSecHistPhaseTwo 1 } 3902 3903cipSecTunnelHistEntry OBJECT-TYPE 3904 SYNTAX CipSecTunnelHistEntry 3905 MAX-ACCESS not-accessible 3906 STATUS current 3907 DESCRIPTION 3908 "Each entry contains the attributes associated with 3909 a previously active IPsec Phase-2 Tunnel." 3910 INDEX { cipSecTunHistIndex } 3911 ::= { cipSecTunnelHistTable 1 } 3912 3913CipSecTunnelHistEntry ::= SEQUENCE { 3914 cipSecTunHistIndex Integer32, 3915 cipSecTunHistTermReason INTEGER , 3916 cipSecTunHistActiveIndex Integer32, 3917 cipSecTunHistIkeTunnelIndex Integer32, 3918 cipSecTunHistLocalAddr IPSIpAddress, 3919 cipSecTunHistRemoteAddr IPSIpAddress, 3920 cipSecTunHistKeyType KeyType, 3921 cipSecTunHistEncapMode EncapMode, 3922 cipSecTunHistLifeSize Integer32, 3923 cipSecTunHistLifeTime Integer32, 3924 cipSecTunHistStartTime TimeStamp, 3925 cipSecTunHistActiveTime TimeInterval, 3926 cipSecTunHistTotalRefreshes Counter32, 3927 cipSecTunHistTotalSas Counter32, 3928 cipSecTunHistInSaDiffHellmanGrp DiffHellmanGrp, 3929 cipSecTunHistInSaEncryptAlgo EncryptAlgo, 3930 cipSecTunHistInSaAhAuthAlgo AuthAlgo, 3931 cipSecTunHistInSaEspAuthAlgo AuthAlgo, 3932 cipSecTunHistInSaDecompAlgo CompAlgo, 3933 cipSecTunHistOutSaDiffHellmanGrp DiffHellmanGrp, 3934 cipSecTunHistOutSaEncryptAlgo EncryptAlgo, 3935 cipSecTunHistOutSaAhAuthAlgo AuthAlgo, 3936 cipSecTunHistOutSaEspAuthAlgo AuthAlgo, 3937 cipSecTunHistOutSaCompAlgo CompAlgo, 3938 cipSecTunHistInOctets Counter32, 3939 cipSecTunHistHcInOctets Counter64, 3940 cipSecTunHistInOctWraps Counter32, 3941 cipSecTunHistInDecompOctets Counter32, 3942 cipSecTunHistHcInDecompOctets Counter64, 3943 cipSecTunHistInDecompOctWraps Counter32, 3944 cipSecTunHistInPkts Counter32, 3945 cipSecTunHistInDropPkts Counter32, 3946 cipSecTunHistInReplayDropPkts Counter32, 3947 cipSecTunHistInAuths Counter32, 3948 cipSecTunHistInAuthFails Counter32, 3949 cipSecTunHistInDecrypts Counter32, 3950 cipSecTunHistInDecryptFails Counter32, 3951 cipSecTunHistOutOctets Counter32, 3952 cipSecTunHistHcOutOctets Counter64, 3953 cipSecTunHistOutOctWraps Counter32, 3954 cipSecTunHistOutUncompOctets Counter32, 3955 cipSecTunHistHcOutUncompOctets Counter64, 3956 cipSecTunHistOutUncompOctWraps Counter32, 3957 cipSecTunHistOutPkts Counter32, 3958 cipSecTunHistOutDropPkts Counter32, 3959 cipSecTunHistOutAuths Counter32, 3960 cipSecTunHistOutAuthFails Counter32, 3961 cipSecTunHistOutEncrypts Counter32, 3962 cipSecTunHistOutEncryptFails Counter32 3963} 3964 3965cipSecTunHistIndex OBJECT-TYPE 3966 SYNTAX Integer32 (1..2147483647 ) 3967 MAX-ACCESS not-accessible 3968 STATUS current 3969 DESCRIPTION 3970 "The index of the IPsec Phase-2 Tunnel History Table. 3971 The value of the index is a number which 3972 begins at one and is incremented with each tunnel 3973 that ends. The value 3974 of this object will wrap at 2,147,483,647." 3975 ::= { cipSecTunnelHistEntry 1 } 3976 3977cipSecTunHistTermReason OBJECT-TYPE 3978 SYNTAX INTEGER { 3979 other(1), 3980 normal(2), 3981 operRequest(3), 3982 peerDelRequest(4), 3983 peerLost(5), 3984 seqNumRollOver(6), 3985 checkPointReq(7) 3986 } 3987 MAX-ACCESS read-only 3988 STATUS current 3989 DESCRIPTION 3990 "The reason the IPsec Phase-2 Tunnel was terminated. 3991 Possible reasons include: 3992 1 = other 3993 2 = normal termination 3994 3 = operator request 3995 4 = peer delete request was received 3996 5 = contact with peer was lost 3997 6 = local failure occurred 3998 7 = operator initiated check point request" 3999 ::= { cipSecTunnelHistEntry 2 } 4000 4001cipSecTunHistActiveIndex OBJECT-TYPE 4002 SYNTAX Integer32 (1..2147483647 ) 4003 MAX-ACCESS read-only 4004 STATUS current 4005 DESCRIPTION 4006 "The index of the previously active 4007 IPsec Phase-2 Tunnel." 4008 ::= { cipSecTunnelHistEntry 3 } 4009 4010cipSecTunHistIkeTunnelIndex OBJECT-TYPE 4011 SYNTAX Integer32 (1..2147483647 ) 4012 MAX-ACCESS read-only 4013 STATUS current 4014 DESCRIPTION 4015 "The index of the associated IPsec Phase-1 Tunnel 4016 (cikeTunIndex in the cikeTunnelTable)." 4017 ::= { cipSecTunnelHistEntry 4 } 4018 4019cipSecTunHistLocalAddr OBJECT-TYPE 4020 SYNTAX IPSIpAddress 4021 MAX-ACCESS read-only 4022 STATUS current 4023 DESCRIPTION 4024 "The IP address of the local endpoint for the IPsec 4025 Phase-2 Tunnel." 4026 ::= { cipSecTunnelHistEntry 5 } 4027 4028cipSecTunHistRemoteAddr OBJECT-TYPE 4029 SYNTAX IPSIpAddress 4030 MAX-ACCESS read-only 4031 STATUS current 4032 DESCRIPTION 4033 "The IP address of the remote endpoint for the IPsec 4034 Phase-2 Tunnel." 4035 ::= { cipSecTunnelHistEntry 6 } 4036 4037cipSecTunHistKeyType OBJECT-TYPE 4038 SYNTAX KeyType 4039 MAX-ACCESS read-only 4040 STATUS current 4041 DESCRIPTION 4042 "The type of key used by the IPsec Phase-2 Tunnel." 4043 ::= { cipSecTunnelHistEntry 7 } 4044 4045cipSecTunHistEncapMode OBJECT-TYPE 4046 SYNTAX EncapMode 4047 MAX-ACCESS read-only 4048 STATUS current 4049 DESCRIPTION 4050 "The encapsulation mode used by the 4051 IPsec Phase-2 Tunnel." 4052 ::= { cipSecTunnelHistEntry 8 } 4053 4054cipSecTunHistLifeSize OBJECT-TYPE 4055 SYNTAX Integer32 (1..2147483647 ) 4056 UNITS "KBytes" 4057 MAX-ACCESS read-only 4058 STATUS current 4059 DESCRIPTION 4060 "The negotiated LifeSize of the IPsec Phase-2 Tunnel in 4061 kilobytes." 4062 ::= { cipSecTunnelHistEntry 9 } 4063 4064cipSecTunHistLifeTime OBJECT-TYPE 4065 SYNTAX Integer32 (1..2147483647 ) 4066 UNITS "Seconds" 4067 MAX-ACCESS read-only 4068 STATUS current 4069 DESCRIPTION 4070 "The negotiated LifeTime of the IPsec Phase-2 Tunnel in 4071 seconds." 4072 ::= { cipSecTunnelHistEntry 10 } 4073 4074cipSecTunHistStartTime OBJECT-TYPE 4075 SYNTAX TimeStamp 4076 MAX-ACCESS read-only 4077 STATUS current 4078 DESCRIPTION 4079 "The value of sysUpTime in hundredths of seconds 4080 when the IPsec Phase-2 Tunnel was started." 4081 ::= { cipSecTunnelHistEntry 11 } 4082 4083cipSecTunHistActiveTime OBJECT-TYPE 4084 SYNTAX TimeInterval 4085 MAX-ACCESS read-only 4086 STATUS current 4087 DESCRIPTION 4088 "The length of time the IPsec Phase-2 Tunnel has been 4089 active in hundredths of seconds." 4090 ::= { cipSecTunnelHistEntry 12 } 4091 4092cipSecTunHistTotalRefreshes OBJECT-TYPE 4093 SYNTAX Counter32 4094 UNITS "QM Exchanges" 4095 MAX-ACCESS read-only 4096 STATUS current 4097 DESCRIPTION 4098 "The total number of security association refreshes 4099 performed." 4100 ::= { cipSecTunnelHistEntry 13 } 4101 4102cipSecTunHistTotalSas OBJECT-TYPE 4103 SYNTAX Counter32 4104 UNITS "SAs" 4105 MAX-ACCESS read-only 4106 STATUS current 4107 DESCRIPTION 4108 "The total number of security associations used 4109 during the 4110 life of the IPsec Phase-2 Tunnel." 4111 ::= { cipSecTunnelHistEntry 14 } 4112 4113cipSecTunHistInSaDiffHellmanGrp OBJECT-TYPE 4114 SYNTAX DiffHellmanGrp 4115 MAX-ACCESS read-only 4116 STATUS current 4117 DESCRIPTION 4118 "The Diffie Hellman Group used by the inbound security 4119 association of the IPsec Phase-2 Tunnel." 4120 ::= { cipSecTunnelHistEntry 15 } 4121 4122cipSecTunHistInSaEncryptAlgo OBJECT-TYPE 4123 SYNTAX EncryptAlgo 4124 MAX-ACCESS read-only 4125 STATUS current 4126 DESCRIPTION 4127 "The encryption algorithm used by the inbound security 4128 association of the IPsec Phase-2 Tunnel." 4129 ::= { cipSecTunnelHistEntry 16 } 4130 4131cipSecTunHistInSaAhAuthAlgo OBJECT-TYPE 4132 SYNTAX AuthAlgo 4133 MAX-ACCESS read-only 4134 STATUS current 4135 DESCRIPTION 4136 "The authentication algorithm used by the inbound 4137 authentication header (AH) security association of 4138 the IPsec Phase-2 Tunnel." 4139 ::= { cipSecTunnelHistEntry 17 } 4140 4141cipSecTunHistInSaEspAuthAlgo OBJECT-TYPE 4142 SYNTAX AuthAlgo 4143 MAX-ACCESS read-only 4144 STATUS current 4145 DESCRIPTION 4146 "The authentication algorithm used by the inbound 4147 encapsulation security protocol (ESP) 4148 security association of 4149 the IPsec Phase-2 Tunnel." 4150 ::= { cipSecTunnelHistEntry 18 } 4151 4152cipSecTunHistInSaDecompAlgo OBJECT-TYPE 4153 SYNTAX CompAlgo 4154 MAX-ACCESS read-only 4155 STATUS current 4156 DESCRIPTION 4157 "The decompression algorithm used by the inbound 4158 security association of the IPsec Phase-2 Tunnel." 4159 ::= { cipSecTunnelHistEntry 19 } 4160 4161cipSecTunHistOutSaDiffHellmanGrp OBJECT-TYPE 4162 SYNTAX DiffHellmanGrp 4163 MAX-ACCESS read-only 4164 STATUS current 4165 DESCRIPTION 4166 "The Diffie Hellman Group used by the outbound security 4167 association of the IPsec Phase-2 Tunnel." 4168 ::= { cipSecTunnelHistEntry 20 } 4169 4170cipSecTunHistOutSaEncryptAlgo OBJECT-TYPE 4171 SYNTAX EncryptAlgo 4172 MAX-ACCESS read-only 4173 STATUS current 4174 DESCRIPTION 4175 "The encryption algorithm used by the outbound security 4176 association of the IPsec Phase-2 Tunnel." 4177 ::= { cipSecTunnelHistEntry 21 } 4178 4179cipSecTunHistOutSaAhAuthAlgo OBJECT-TYPE 4180 SYNTAX AuthAlgo 4181 MAX-ACCESS read-only 4182 STATUS current 4183 DESCRIPTION 4184 "The authentication algorithm used by the outbound 4185 authentication header (AH) security association of 4186 the IPsec Phase-2 Tunnel." 4187 ::= { cipSecTunnelHistEntry 22 } 4188 4189cipSecTunHistOutSaEspAuthAlgo OBJECT-TYPE 4190 SYNTAX AuthAlgo 4191 MAX-ACCESS read-only 4192 STATUS current 4193 DESCRIPTION 4194 "The authentication algorithm used by the inbound 4195 encapsulation security protocol (ESP) 4196 security association of the IPsec Phase-2 Tunnel." 4197 ::= { cipSecTunnelHistEntry 23 } 4198 4199cipSecTunHistOutSaCompAlgo OBJECT-TYPE 4200 SYNTAX CompAlgo 4201 MAX-ACCESS read-only 4202 STATUS current 4203 DESCRIPTION 4204 "The compression algorithm used by the inbound 4205 security association of the IPsec Phase-2 Tunnel." 4206 ::= { cipSecTunnelHistEntry 24 } 4207 4208cipSecTunHistInOctets OBJECT-TYPE 4209 SYNTAX Counter32 4210 UNITS "Octets" 4211 MAX-ACCESS read-only 4212 STATUS current 4213 DESCRIPTION 4214 "The total number of octets received by this IPsec 4215 Phase-2 Tunnel. This value is accumulated 4216 BEFORE determining whether or not the packet should 4217 be decompressed. See also cipSecTunInOctWraps for 4218 the number of times this counter has wrapped." 4219 ::= { cipSecTunnelHistEntry 25 } 4220 4221cipSecTunHistHcInOctets OBJECT-TYPE 4222 SYNTAX Counter64 4223 MAX-ACCESS read-only 4224 STATUS current 4225 DESCRIPTION 4226 "A high capacity count of the total number of octets 4227 received by this IPsec Phase-2 Tunnel. This value is 4228 accumulated BEFORE determining whether or not 4229 the packet should be decompressed." 4230 ::= { cipSecTunnelHistEntry 26 } 4231 4232cipSecTunHistInOctWraps OBJECT-TYPE 4233 SYNTAX Counter32 4234 UNITS "Integral units" 4235 MAX-ACCESS read-only 4236 STATUS current 4237 DESCRIPTION 4238 "The number of times the octets received counter 4239 (cipSecTunInOctets) has wrapped." 4240 ::= { cipSecTunnelHistEntry 27 } 4241 4242cipSecTunHistInDecompOctets OBJECT-TYPE 4243 SYNTAX Counter32 4244 UNITS "Octets" 4245 MAX-ACCESS read-only 4246 STATUS current 4247 DESCRIPTION 4248 "The total number of decompressed octets received by this 4249 IPsec Phase-2 Tunnel. This value is accumulated AFTER 4250 the packet is decompressed. If compression is not being 4251 used, this value will match the value of cipSecTunHistInOctets. 4252 See also cipSecTunInDecompOctWraps for the number of times 4253 this counter has wrapped." 4254 ::= { cipSecTunnelHistEntry 28 } 4255 4256cipSecTunHistHcInDecompOctets OBJECT-TYPE 4257 SYNTAX Counter64 4258 MAX-ACCESS read-only 4259 STATUS current 4260 DESCRIPTION 4261 "A high capacity count of the total number of decompressed 4262 octets received by this IPsec Phase-2 Tunnel. This value 4263 is accumulated AFTER the packet is decompressed. If 4264 compression is not being used, this value will match the 4265 value of cipSecTunHistHcInOctets." 4266 ::= { cipSecTunnelHistEntry 29 } 4267 4268cipSecTunHistInDecompOctWraps OBJECT-TYPE 4269 SYNTAX Counter32 4270 UNITS "Integral units" 4271 MAX-ACCESS read-only 4272 STATUS current 4273 DESCRIPTION 4274 "The number of times the decompressed octets 4275 received counter (cipSecTunInDecompOctets) has wrapped." 4276 ::= { cipSecTunnelHistEntry 30 } 4277 4278cipSecTunHistInPkts OBJECT-TYPE 4279 SYNTAX Counter32 4280 UNITS "Packets" 4281 MAX-ACCESS read-only 4282 STATUS current 4283 DESCRIPTION 4284 "The total number of packets received by this 4285 IPsec Phase-2 Tunnel." 4286 ::= { cipSecTunnelHistEntry 31 } 4287 4288cipSecTunHistInDropPkts OBJECT-TYPE 4289 SYNTAX Counter32 4290 UNITS "Packets" 4291 MAX-ACCESS read-only 4292 STATUS current 4293 DESCRIPTION 4294 "The total number of packets dropped during 4295 receive processing by this IPsec Phase-2 Tunnel. 4296 This count does NOT include packets 4297 dropped due to Anti-Replay processing." 4298 ::= { cipSecTunnelHistEntry 32 } 4299 4300cipSecTunHistInReplayDropPkts OBJECT-TYPE 4301 SYNTAX Counter32 4302 UNITS "Packets" 4303 MAX-ACCESS read-only 4304 STATUS current 4305 DESCRIPTION 4306 "The total number of packets dropped during 4307 receive processing due to Anti-Replay processing 4308 by this IPsec Phase-2 Tunnel." 4309 ::= { cipSecTunnelHistEntry 33 } 4310 4311cipSecTunHistInAuths OBJECT-TYPE 4312 SYNTAX Counter32 4313 UNITS "Events" 4314 MAX-ACCESS read-only 4315 STATUS current 4316 DESCRIPTION 4317 "The total number of inbound authentication's 4318 performed 4319 by this IPsec Phase-2 Tunnel." 4320 ::= { cipSecTunnelHistEntry 34 } 4321 4322cipSecTunHistInAuthFails OBJECT-TYPE 4323 SYNTAX Counter32 4324 UNITS "Failures" 4325 MAX-ACCESS read-only 4326 STATUS current 4327 DESCRIPTION 4328 "The total number of inbound authentication's 4329 which ended in 4330 failure by this IPsec Phase-2 Tunnel ." 4331 ::= { cipSecTunnelHistEntry 35 } 4332 4333cipSecTunHistInDecrypts OBJECT-TYPE 4334 SYNTAX Counter32 4335 UNITS "Packets" 4336 MAX-ACCESS read-only 4337 STATUS current 4338 DESCRIPTION 4339 "The total number of inbound decryption's performed 4340 by this IPsec Phase-2 Tunnel." 4341 ::= { cipSecTunnelHistEntry 36 } 4342 4343cipSecTunHistInDecryptFails OBJECT-TYPE 4344 SYNTAX Counter32 4345 UNITS "Failures" 4346 MAX-ACCESS read-only 4347 STATUS current 4348 DESCRIPTION 4349 "The total number of inbound decryption's 4350 which ended in failure 4351 by this IPsec Phase-2 Tunnel." 4352 ::= { cipSecTunnelHistEntry 37 } 4353 4354cipSecTunHistOutOctets OBJECT-TYPE 4355 SYNTAX Counter32 4356 UNITS "Octets" 4357 MAX-ACCESS read-only 4358 STATUS current 4359 DESCRIPTION 4360 "The total number of octets sent by this IPsec 4361 Phase-2 Tunnel. This value is accumulated 4362 AFTER determining whether or not the 4363 packet should be 4364 compressed. See also cipSecTunOutOctWraps for the 4365 number of times this counter has wrapped." 4366 ::= { cipSecTunnelHistEntry 38 } 4367 4368cipSecTunHistHcOutOctets OBJECT-TYPE 4369 SYNTAX Counter64 4370 MAX-ACCESS read-only 4371 STATUS current 4372 DESCRIPTION 4373 "A high capacity count of the total number of octets 4374 sent by this IPsec Phase-2 Tunnel. This value 4375 is accumulated AFTER determining whether or not 4376 the packet should be 4377 compressed." 4378 ::= { cipSecTunnelHistEntry 39 } 4379 4380cipSecTunHistOutOctWraps OBJECT-TYPE 4381 SYNTAX Counter32 4382 UNITS "Integral units" 4383 MAX-ACCESS read-only 4384 STATUS current 4385 DESCRIPTION 4386 "The number of times the octets sent counter 4387 (cipSecTunOutOctets) has wrapped." 4388 ::= { cipSecTunnelHistEntry 40 } 4389 4390cipSecTunHistOutUncompOctets OBJECT-TYPE 4391 SYNTAX Counter32 4392 UNITS "Octets" 4393 MAX-ACCESS read-only 4394 STATUS current 4395 DESCRIPTION 4396 "The total number of uncompressed octets sent by this 4397 IPsec Phase-2 Tunnel. This value is accumulated BEFORE 4398 the packet is compressed. If compression is not being 4399 used, this value will match the value of 4400 cipSecTunHistOutOctets. See also 4401 cipSecTunOutDecompOctWraps for the number of times 4402 this counter has wrapped." 4403 ::= { cipSecTunnelHistEntry 41 } 4404 4405cipSecTunHistHcOutUncompOctets OBJECT-TYPE 4406 SYNTAX Counter64 4407 UNITS "Octets" 4408 MAX-ACCESS read-only 4409 STATUS current 4410 DESCRIPTION 4411 "A high capacity count of the total 4412 number of uncompressed octets sent by this 4413 IPsec Phase-2 Tunnel. This value is accumulated 4414 BEFORE the packet is compressed. If compression 4415 is not being used, this value will match the value of 4416 cipSecTunHistHcOutOctets." 4417 ::= { cipSecTunnelHistEntry 42 } 4418 4419cipSecTunHistOutUncompOctWraps OBJECT-TYPE 4420 SYNTAX Counter32 4421 UNITS "Integral units" 4422 MAX-ACCESS read-only 4423 STATUS current 4424 DESCRIPTION 4425 "The number of times the uncompressed octets sent counter 4426 (cipSecTunOutUncompOctets) has wrapped." 4427 ::= { cipSecTunnelHistEntry 43 } 4428 4429cipSecTunHistOutPkts OBJECT-TYPE 4430 SYNTAX Counter32 4431 UNITS "Packets" 4432 MAX-ACCESS read-only 4433 STATUS current 4434 DESCRIPTION 4435 "The total number of packets sent by this 4436 IPsec Phase-2 Tunnel." 4437 ::= { cipSecTunnelHistEntry 44 } 4438 4439cipSecTunHistOutDropPkts OBJECT-TYPE 4440 SYNTAX Counter32 4441 UNITS "Packets" 4442 MAX-ACCESS read-only 4443 STATUS current 4444 DESCRIPTION 4445 "The total number of packets dropped 4446 during send processing 4447 by this IPsec Phase-2 Tunnel." 4448 ::= { cipSecTunnelHistEntry 45 } 4449 4450cipSecTunHistOutAuths OBJECT-TYPE 4451 SYNTAX Counter32 4452 UNITS "Events" 4453 MAX-ACCESS read-only 4454 STATUS current 4455 DESCRIPTION 4456 "The total number of outbound authentication's performed 4457 by this IPsec Phase-2 Tunnel." 4458 ::= { cipSecTunnelHistEntry 46 } 4459 4460cipSecTunHistOutAuthFails OBJECT-TYPE 4461 SYNTAX Counter32 4462 UNITS "Failures" 4463 MAX-ACCESS read-only 4464 STATUS current 4465 DESCRIPTION 4466 "The total number of outbound authentication's 4467 which ended in 4468 failure by this IPsec Phase-2 Tunnel." 4469 ::= { cipSecTunnelHistEntry 47 } 4470 4471cipSecTunHistOutEncrypts OBJECT-TYPE 4472 SYNTAX Counter32 4473 UNITS "Packets" 4474 MAX-ACCESS read-only 4475 STATUS current 4476 DESCRIPTION 4477 "The total number of outbound encryption's performed 4478 by this IPsec Phase-2 Tunnel." 4479 ::= { cipSecTunnelHistEntry 48 } 4480 4481cipSecTunHistOutEncryptFails OBJECT-TYPE 4482 SYNTAX Counter32 4483 UNITS "Failures" 4484 MAX-ACCESS read-only 4485 STATUS current 4486 DESCRIPTION 4487 "The total number of outbound encryption's 4488 which ended in failure 4489 by this IPsec Phase-2 Tunnel." 4490 ::= { cipSecTunnelHistEntry 49 } 4491 4492 4493-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4494-- The IPsec Phase-2 Tunnel Endpoint History Table 4495-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4496 4497cipSecEndPtHistTable OBJECT-TYPE 4498 SYNTAX SEQUENCE OF CipSecEndPtHistEntry 4499 MAX-ACCESS not-accessible 4500 STATUS current 4501 DESCRIPTION 4502 "The IPsec Phase-2 Tunnel Endpoint History Table. 4503 This table is implemented as a 4504 sliding window in which only the 4505 last n entries are maintained. 4506 The maximum number of entries 4507 is specified by the cipSecHistTableSize object." 4508 ::= { cipSecHistPhaseTwo 2 } 4509 4510cipSecEndPtHistEntry OBJECT-TYPE 4511 SYNTAX CipSecEndPtHistEntry 4512 MAX-ACCESS not-accessible 4513 STATUS current 4514 DESCRIPTION 4515 "Each entry contains the attributes associated with 4516 a previously active IPsec Phase-2 Tunnel Endpoint." 4517 INDEX { cipSecEndPtHistIndex } 4518 ::= { cipSecEndPtHistTable 1 } 4519 4520CipSecEndPtHistEntry ::= SEQUENCE { 4521 cipSecEndPtHistIndex Integer32, 4522 cipSecEndPtHistTunIndex Integer32, 4523 cipSecEndPtHistActiveIndex Integer32, 4524 cipSecEndPtHistLocalName DisplayString, 4525 cipSecEndPtHistLocalType EndPtType, 4526 cipSecEndPtHistLocalAddr1 IPSIpAddress, 4527 cipSecEndPtHistLocalAddr2 IPSIpAddress, 4528 cipSecEndPtHistLocalProtocol Integer32, 4529 cipSecEndPtHistLocalPort Integer32, 4530 cipSecEndPtHistRemoteName DisplayString, 4531 cipSecEndPtHistRemoteType EndPtType, 4532 cipSecEndPtHistRemoteAddr1 IPSIpAddress, 4533 cipSecEndPtHistRemoteAddr2 IPSIpAddress, 4534 cipSecEndPtHistRemoteProtocol Integer32, 4535 cipSecEndPtHistRemotePort Integer32 4536} 4537 4538cipSecEndPtHistIndex OBJECT-TYPE 4539 SYNTAX Integer32 (1..2147483647 ) 4540 MAX-ACCESS not-accessible 4541 STATUS current 4542 DESCRIPTION 4543 "The number of the previously active 4544 Endpoint associated 4545 with a IPsec Phase-2 Tunnel Table. The value 4546 of this index is a number which begins at 4547 one and is incremented with each Endpoint 4548 associated with an IPsec Phase-2 Tunnel. 4549 The value of this object will wrap at 2,147,483,647." 4550 ::= { cipSecEndPtHistEntry 1 } 4551 4552cipSecEndPtHistTunIndex OBJECT-TYPE 4553 SYNTAX Integer32 (1..2147483647 ) 4554 MAX-ACCESS read-only 4555 STATUS current 4556 DESCRIPTION 4557 "The index of the previously active IPsec 4558 Phase-2 Tunnel Table." 4559 ::= { cipSecEndPtHistEntry 2 } 4560 4561cipSecEndPtHistActiveIndex OBJECT-TYPE 4562 SYNTAX Integer32 (1..2147483647 ) 4563 MAX-ACCESS read-only 4564 STATUS current 4565 DESCRIPTION 4566 "The index of the previously active Endpoint." 4567 ::= { cipSecEndPtHistEntry 3 } 4568 4569cipSecEndPtHistLocalName OBJECT-TYPE 4570 SYNTAX DisplayString 4571 MAX-ACCESS read-only 4572 STATUS current 4573 DESCRIPTION 4574 "The DNS name of the local Endpoint." 4575 ::= { cipSecEndPtHistEntry 4 } 4576 4577cipSecEndPtHistLocalType OBJECT-TYPE 4578 SYNTAX EndPtType 4579 MAX-ACCESS read-only 4580 STATUS current 4581 DESCRIPTION 4582 "The type of identity for the local Endpoint. 4583 Possible values are: 4584 1) a single IP address, or 4585 2) an IP address range, or 4586 3) an IP subnet." 4587 ::= { cipSecEndPtHistEntry 5 } 4588 4589cipSecEndPtHistLocalAddr1 OBJECT-TYPE 4590 SYNTAX IPSIpAddress 4591 MAX-ACCESS read-only 4592 STATUS current 4593 DESCRIPTION 4594 "The local Endpoint's first IP address specification. 4595 4596 If the local Endpoint type is single IP address, 4597 then this is the value of the IP address. 4598 4599 If the local Endpoint type is IP subnet, then this 4600 is the value of the subnet. 4601 4602 If the local Endpoint type is IP address range, 4603 then this is the value of beginning IP address of 4604 the range." 4605 ::= { cipSecEndPtHistEntry 6 } 4606 4607cipSecEndPtHistLocalAddr2 OBJECT-TYPE 4608 SYNTAX IPSIpAddress 4609 MAX-ACCESS read-only 4610 STATUS current 4611 DESCRIPTION 4612 "The local Endpoint's second IP address specification. 4613 4614 If the local Endpoint type is single IP address, 4615 then this is the value of the IP address. 4616 4617 If the local Endpoint type is IP subnet, then this 4618 is the value of the subnet mask. 4619 4620 If the local Endpoint type is IP address range, 4621 then this 4622 is the value of ending IP address of the range." 4623 ::= { cipSecEndPtHistEntry 7 } 4624 4625cipSecEndPtHistLocalProtocol OBJECT-TYPE 4626 SYNTAX Integer32 (0..255 ) 4627 MAX-ACCESS read-only 4628 STATUS current 4629 DESCRIPTION 4630 "The protocol number of the local Endpoint's traffic." 4631 ::= { cipSecEndPtHistEntry 8 } 4632 4633cipSecEndPtHistLocalPort OBJECT-TYPE 4634 SYNTAX Integer32 (0..65535 ) 4635 MAX-ACCESS read-only 4636 STATUS current 4637 DESCRIPTION 4638 "The port number of the local Endpoint's traffic." 4639 ::= { cipSecEndPtHistEntry 9 } 4640 4641cipSecEndPtHistRemoteName OBJECT-TYPE 4642 SYNTAX DisplayString 4643 MAX-ACCESS read-only 4644 STATUS current 4645 DESCRIPTION 4646 "The DNS name of the remote Endpoint." 4647 ::= { cipSecEndPtHistEntry 10 } 4648 4649cipSecEndPtHistRemoteType OBJECT-TYPE 4650 SYNTAX EndPtType 4651 MAX-ACCESS read-only 4652 STATUS current 4653 DESCRIPTION 4654 "The type of identity for the remote Endpoint. 4655 Possible values are: 4656 1) a single IP address, or 4657 2) an IP address range, or 4658 3) an IP subnet." 4659 ::= { cipSecEndPtHistEntry 11 } 4660 4661cipSecEndPtHistRemoteAddr1 OBJECT-TYPE 4662 SYNTAX IPSIpAddress 4663 MAX-ACCESS read-only 4664 STATUS current 4665 DESCRIPTION 4666 "The remote Endpoint's first IP address specification. 4667 4668 If the remote Endpoint type is single IP address, 4669 then this 4670 is the value of the IP address. 4671 4672 If the remote Endpoint type is IP subnet, then this 4673 is the value of the subnet. 4674 4675 If the remote Endpoint type is IP address range, 4676 then this 4677 is the value of beginning IP address of the range." 4678 ::= { cipSecEndPtHistEntry 12 } 4679 4680cipSecEndPtHistRemoteAddr2 OBJECT-TYPE 4681 SYNTAX IPSIpAddress 4682 MAX-ACCESS read-only 4683 STATUS current 4684 DESCRIPTION 4685 "The remote Endpoint's second IP address specification. 4686 4687 If the remote Endpoint type is single IP address, 4688 then this 4689 is the value of the IP address. 4690 4691 If the remote Endpoint type is IP subnet, then this 4692 is the value of the subnet mask. 4693 4694 If the remote Endpoint type is IP address range, 4695 then this 4696 is the value of ending IP address of the range." 4697 ::= { cipSecEndPtHistEntry 13 } 4698 4699cipSecEndPtHistRemoteProtocol OBJECT-TYPE 4700 SYNTAX Integer32 (0..255 ) 4701 MAX-ACCESS read-only 4702 STATUS current 4703 DESCRIPTION 4704 "The protocol number of the remote Endpoint's traffic." 4705 ::= { cipSecEndPtHistEntry 14 } 4706 4707cipSecEndPtHistRemotePort OBJECT-TYPE 4708 SYNTAX Integer32 (0..65535 ) 4709 MAX-ACCESS read-only 4710 STATUS current 4711 DESCRIPTION 4712 "The port number of the remote Endpoint's traffic." 4713 ::= { cipSecEndPtHistEntry 15 } 4714 4715 4716-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4717-- The IPsec Failure Group 4718-- 4719-- This group consists of a: 4720-- 1) IPsec Failure Global Objects 4721-- 2) IPsec Phase-1 Tunnel Failure Table 4722-- 3) IPsec Phase-2 Tunnel Failure Table 4723-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4724 4725cipSecFailGlobal OBJECT IDENTIFIER 4726 ::= { cipSecFailures 1 } 4727 4728cipSecFailPhaseOne OBJECT IDENTIFIER 4729 ::= { cipSecFailures 2 } 4730 4731cipSecFailPhaseTwo OBJECT IDENTIFIER 4732 ::= { cipSecFailures 3 } 4733 4734-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4735-- The IPsec Failure Global Control Objects 4736-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4737 4738cipSecFailGlobalCntl OBJECT IDENTIFIER 4739 ::= { cipSecFailGlobal 1 } 4740 4741 4742cipSecFailTableSize OBJECT-TYPE 4743 SYNTAX Integer32 (1..2147483647 ) 4744 MAX-ACCESS read-write 4745 STATUS current 4746 DESCRIPTION 4747 "The window size of the IPsec Phase-1 and Phase-2 4748 Failure Tables. 4749 4750 The IPsec Phase-1 and Phase-2 Failure Tables are 4751 implemented as a sliding window in which only the 4752 last n entries are maintained. This object is used 4753 specify the number of entries which will be 4754 maintained in the IPsec Phase-1 and Phase-2 Failure 4755 Tables. 4756 4757 An implementation may choose suitable minimum and 4758 maximum values for this element based on the local 4759 policy and available resources. If an SNMP SET request 4760 specifies a value outside this window for this element, 4761 a BAD VALUE may be returned." 4762 ::= { cipSecFailGlobalCntl 1 } 4763-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4764-- The IPsec Phase-1 Failure Table 4765-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4766 4767cikeFailTable OBJECT-TYPE 4768 SYNTAX SEQUENCE OF CikeFailEntry 4769 MAX-ACCESS not-accessible 4770 STATUS current 4771 DESCRIPTION 4772 "The IPsec Phase-1 Failure Table. 4773 This table is implemented as a sliding 4774 window in which only the last n entries are 4775 maintained. The maximum number of entries 4776 is specified by the cipSecFailTableSize object." 4777 ::= { cipSecFailPhaseOne 1 } 4778 4779cikeFailEntry OBJECT-TYPE 4780 SYNTAX CikeFailEntry 4781 MAX-ACCESS not-accessible 4782 STATUS current 4783 DESCRIPTION 4784 "Each entry contains the attributes associated 4785 with 4786 an IPsec Phase-1 failure." 4787 INDEX { cikeFailIndex } 4788 ::= { cikeFailTable 1 } 4789 4790CikeFailEntry ::= SEQUENCE { 4791 cikeFailIndex Integer32, 4792 cikeFailReason INTEGER , 4793 cikeFailTime TimeStamp, 4794 cikeFailLocalType IkePeerType, 4795 cikeFailLocalValue DisplayString, 4796 cikeFailRemoteType IkePeerType, 4797 cikeFailRemoteValue DisplayString, 4798 cikeFailLocalAddr IPSIpAddress, 4799 cikeFailRemoteAddr IPSIpAddress 4800} 4801 4802cikeFailIndex OBJECT-TYPE 4803 SYNTAX Integer32 (1..2147483647 ) 4804 MAX-ACCESS not-accessible 4805 STATUS current 4806 DESCRIPTION 4807 "The IPsec Phase-1 Failure Table index. 4808 The value of the index is a number which 4809 begins at one and is incremented with each 4810 IPsec Phase-1 failure. The value 4811 of this object will wrap at 2,147,483,647." 4812 ::= { cikeFailEntry 1 } 4813 4814cikeFailReason OBJECT-TYPE 4815 SYNTAX INTEGER { 4816 other(1), 4817 peerDelRequest(2), 4818 peerLost(3), 4819 localFailure(4), 4820 authFailure(5), 4821 hashValidation(6), 4822 encryptFailure(7), 4823 internalError(8), 4824 sysCapExceeded(9), 4825 proposalFailure(10), 4826 peerCertUnavailable(11), 4827 peerCertNotValid(12), 4828 localCertExpired(13), 4829 crlFailure(14), 4830 peerEncodingError(15), 4831 nonExistentSa(16), 4832 operRequest(17) 4833 } 4834 MAX-ACCESS read-only 4835 STATUS current 4836 DESCRIPTION 4837 "The reason for the failure. Possible reasons include: 4838 1 = other 4839 2 = peer delete request was received 4840 3 = contact with peer was lost 4841 4 = local failure occurred 4842 5 = authentication failure 4843 6 = hash validation failure 4844 7 = encryption failure 4845 8 = internal error occurred 4846 9 = system capacity failure 4847 10 = proposal failure 4848 11 = peer's certificate is unavailable 4849 12 = peer's certificate was found invalid 4850 13 = local certificate expired 4851 14 = certificate revoke list (crl) failure 4852 15 = peer encoding error 4853 16 = non-existent security association 4854 17 = operator requested termination." 4855 ::= { cikeFailEntry 2 } 4856 4857cikeFailTime OBJECT-TYPE 4858 SYNTAX TimeStamp 4859 MAX-ACCESS read-only 4860 STATUS current 4861 DESCRIPTION 4862 "The value of sysUpTime in hundredths of seconds 4863 at the time of the failure." 4864 ::= { cikeFailEntry 3 } 4865 4866cikeFailLocalType OBJECT-TYPE 4867 SYNTAX IkePeerType 4868 MAX-ACCESS read-only 4869 STATUS current 4870 DESCRIPTION 4871 "The type of local peer identity. The local peer 4872 may be identified by: 4873 1. an IP address, or 4874 2. a host name." 4875 ::= { cikeFailEntry 4 } 4876 4877cikeFailLocalValue OBJECT-TYPE 4878 SYNTAX DisplayString 4879 MAX-ACCESS read-only 4880 STATUS current 4881 DESCRIPTION 4882 "The value of the local peer identity. 4883 4884 If the local peer type is an IP Address, then this 4885 is the IP Address used to identify the local peer. 4886 4887 If the local peer type is a host name, then this is 4888 the host name used to identify the local peer." 4889 ::= { cikeFailEntry 5 } 4890 4891cikeFailRemoteType OBJECT-TYPE 4892 SYNTAX IkePeerType 4893 MAX-ACCESS read-only 4894 STATUS current 4895 DESCRIPTION 4896 "The type of remote peer identity. The remote 4897 peer may be identified by: 4898 1. an IP address, or 4899 2. a host name." 4900 ::= { cikeFailEntry 6 } 4901 4902cikeFailRemoteValue OBJECT-TYPE 4903 SYNTAX DisplayString 4904 MAX-ACCESS read-only 4905 STATUS current 4906 DESCRIPTION 4907 "The value of the remote peer identity. 4908 4909 If the remote peer type is an IP Address, then this 4910 is the IP Address used to identify the remote peer. 4911 4912 If the remote peer type is a host name, then this is 4913 the host name used to identify the remote peer." 4914 ::= { cikeFailEntry 7 } 4915 4916cikeFailLocalAddr OBJECT-TYPE 4917 SYNTAX IPSIpAddress 4918 MAX-ACCESS read-only 4919 STATUS current 4920 DESCRIPTION 4921 "The IP address of the local peer." 4922 ::= { cikeFailEntry 8 } 4923 4924cikeFailRemoteAddr OBJECT-TYPE 4925 SYNTAX IPSIpAddress 4926 MAX-ACCESS read-only 4927 STATUS current 4928 DESCRIPTION 4929 "The IP address of the remote peer." 4930 ::= { cikeFailEntry 9 } 4931 4932 4933-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4934-- The IPsec Phase-2 Failure Table 4935-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4936 4937cipSecFailTable OBJECT-TYPE 4938 SYNTAX SEQUENCE OF CipSecFailEntry 4939 MAX-ACCESS not-accessible 4940 STATUS current 4941 DESCRIPTION 4942 "The IPsec Phase-2 Failure Table. 4943 This table is implemented as a sliding window 4944 in which only the last n entries are maintained. 4945 The maximum number of entries 4946 is specified by the cipSecFailTableSize object." 4947 ::= { cipSecFailPhaseTwo 1 } 4948 4949cipSecFailEntry OBJECT-TYPE 4950 SYNTAX CipSecFailEntry 4951 MAX-ACCESS not-accessible 4952 STATUS current 4953 DESCRIPTION 4954 "Each entry contains the attributes associated with 4955 an IPsec Phase-1 failure." 4956 INDEX { cipSecFailIndex } 4957 ::= { cipSecFailTable 1 } 4958 4959CipSecFailEntry ::= SEQUENCE { 4960 cipSecFailIndex Integer32, 4961 cipSecFailReason INTEGER , 4962 cipSecFailTime TimeStamp, 4963 cipSecFailTunnelIndex Integer32, 4964 cipSecFailSaSpi Integer32, 4965 cipSecFailPktSrcAddr IPSIpAddress, 4966 cipSecFailPktDstAddr IPSIpAddress 4967} 4968 4969cipSecFailIndex OBJECT-TYPE 4970 SYNTAX Integer32 (1..2147483647 ) 4971 MAX-ACCESS not-accessible 4972 STATUS current 4973 DESCRIPTION 4974 "The IPsec Phase-2 Failure Table index. 4975 The value of the index is a number which 4976 begins at one and is incremented with each 4977 IPsec Phase-1 failure. The value 4978 of this object will wrap at 2,147,483,647." 4979 ::= { cipSecFailEntry 1 } 4980 4981cipSecFailReason OBJECT-TYPE 4982 SYNTAX INTEGER { 4983 other(1), 4984 internalError(2), 4985 peerEncodingError(3), 4986 proposalFailure(4), 4987 protocolUseFail(5), 4988 nonExistentSa(6), 4989 decryptFailure(7), 4990 encryptFailure(8), 4991 inAuthFailure(9), 4992 outAuthFailure(10), 4993 compression(11), 4994 sysCapExceeded(12), 4995 peerDelRequest(13), 4996 peerLost(14), 4997 seqNumRollOver(15), 4998 operRequest(16) 4999 } 5000 MAX-ACCESS read-only 5001 STATUS current 5002 DESCRIPTION 5003 "The reason for the failure. Possible reasons 5004 include: 5005 1 = other 5006 2 = internal error occurred 5007 3 = peer encoding error 5008 4 = proposal failure 5009 5 = protocol use failure 5010 6 = non-existent security association 5011 7 = decryption failure 5012 8 = encryption failure 5013 9 = inbound authentication failure 5014 10 = outbound authentication failure 5015 11 = compression failure 5016 12 = system capacity failure 5017 13 = peer delete request was received 5018 14 = contact with peer was lost 5019 15 = sequence number rolled over 5020 16 = operator requested termination." 5021 ::= { cipSecFailEntry 2 } 5022 5023cipSecFailTime OBJECT-TYPE 5024 SYNTAX TimeStamp 5025 MAX-ACCESS read-only 5026 STATUS current 5027 DESCRIPTION 5028 "The value of sysUpTime in hundredths of seconds 5029 at the time of the failure." 5030 ::= { cipSecFailEntry 3 } 5031 5032cipSecFailTunnelIndex OBJECT-TYPE 5033 SYNTAX Integer32 (1..2147483647 ) 5034 MAX-ACCESS read-only 5035 STATUS current 5036 DESCRIPTION 5037 "The Phase-2 Tunnel index (cipSecTunIndex)." 5038 ::= { cipSecFailEntry 4 } 5039 5040cipSecFailSaSpi OBJECT-TYPE 5041 SYNTAX Integer32 (0..2147483647 ) 5042 MAX-ACCESS read-only 5043 STATUS current 5044 DESCRIPTION 5045 "The security association SPI value." 5046 ::= { cipSecFailEntry 5 } 5047 5048cipSecFailPktSrcAddr OBJECT-TYPE 5049 SYNTAX IPSIpAddress 5050 MAX-ACCESS read-only 5051 STATUS current 5052 DESCRIPTION 5053 "The packet's source IP address." 5054 ::= { cipSecFailEntry 6 } 5055 5056cipSecFailPktDstAddr OBJECT-TYPE 5057 SYNTAX IPSIpAddress 5058 MAX-ACCESS read-only 5059 STATUS current 5060 DESCRIPTION 5061 "The packet's destination IP address." 5062 ::= { cipSecFailEntry 7 } 5063 5064 5065 5066-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5067-- The IPsec TRAP Control Group 5068-- 5069-- This group of objects controls the sending of IPsec TRAPs. 5070-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5071 5072cipSecTrapCntlIkeTunnelStart OBJECT-TYPE 5073 SYNTAX TrapStatus 5074 MAX-ACCESS read-write 5075 STATUS current 5076 DESCRIPTION 5077 "This object defines the administrative state of 5078 sending the IPsec IKE Phase-1 Tunnel Start TRAP" 5079 DEFVAL { disabled } 5080 ::= { cipSecTrapCntl 1 } 5081 5082cipSecTrapCntlIkeTunnelStop OBJECT-TYPE 5083 SYNTAX TrapStatus 5084 MAX-ACCESS read-write 5085 STATUS current 5086 DESCRIPTION 5087 "This object defines the administrative state 5088 of sending the 5089 IPsec IKE Phase-1 Tunnel Stop TRAP" 5090 DEFVAL { disabled } 5091 ::= { cipSecTrapCntl 2 } 5092 5093cipSecTrapCntlIkeSysFailure OBJECT-TYPE 5094 SYNTAX TrapStatus 5095 MAX-ACCESS read-write 5096 STATUS current 5097 DESCRIPTION 5098 "This object defines the administrative state 5099 of sending the 5100 IPsec IKE Phase-1 System Failure TRAP" 5101 DEFVAL { disabled } 5102 ::= { cipSecTrapCntl 3 } 5103 5104cipSecTrapCntlIkeCertCrlFailure OBJECT-TYPE 5105 SYNTAX TrapStatus 5106 MAX-ACCESS read-write 5107 STATUS current 5108 DESCRIPTION 5109 "This object defines the administrative 5110 state of sending the 5111 IPsec IKE Phase-1 Certificate/CRL Failure TRAP" 5112 DEFVAL { disabled } 5113 ::= { cipSecTrapCntl 4 } 5114 5115cipSecTrapCntlIkeProtocolFail OBJECT-TYPE 5116 SYNTAX TrapStatus 5117 MAX-ACCESS read-write 5118 STATUS current 5119 DESCRIPTION 5120 "This object defines the administrative 5121 state of sending the 5122 IPsec IKE Phase-1 Protocol Failure TRAP" 5123 DEFVAL { disabled } 5124 ::= { cipSecTrapCntl 5 } 5125 5126cipSecTrapCntlIkeNoSa OBJECT-TYPE 5127 SYNTAX TrapStatus 5128 MAX-ACCESS read-write 5129 STATUS current 5130 DESCRIPTION 5131 "This object defines the administrative 5132 state of sending the 5133 IPsec IKE Phase-1 No Security Association TRAP" 5134 DEFVAL { disabled } 5135 ::= { cipSecTrapCntl 6 } 5136 5137cipSecTrapCntlIpSecTunnelStart OBJECT-TYPE 5138 SYNTAX TrapStatus 5139 MAX-ACCESS read-write 5140 STATUS current 5141 DESCRIPTION 5142 "This object defines the administrative state 5143 of sending the IPsec 5144 Phase-2 Tunnel Start TRAP" 5145 DEFVAL { disabled } 5146 ::= { cipSecTrapCntl 7 } 5147 5148cipSecTrapCntlIpSecTunnelStop OBJECT-TYPE 5149 SYNTAX TrapStatus 5150 MAX-ACCESS read-write 5151 STATUS current 5152 DESCRIPTION 5153 "This object defines the administrative 5154 state of sending the IPsec 5155 Phase-2 Tunnel Stop TRAP" 5156 DEFVAL { disabled } 5157 ::= { cipSecTrapCntl 8 } 5158 5159cipSecTrapCntlIpSecSysFailure OBJECT-TYPE 5160 SYNTAX TrapStatus 5161 MAX-ACCESS read-write 5162 STATUS current 5163 DESCRIPTION 5164 "This object defines the administrative state 5165 of sending the IPsec 5166 Phase-2 System Failure TRAP" 5167 DEFVAL { disabled } 5168 ::= { cipSecTrapCntl 9 } 5169 5170cipSecTrapCntlIpSecSetUpFailure OBJECT-TYPE 5171 SYNTAX TrapStatus 5172 MAX-ACCESS read-write 5173 STATUS current 5174 DESCRIPTION 5175 "This object defines the administrative state 5176 of sending the IPsec 5177 Phase-2 Set Up Failure TRAP" 5178 DEFVAL { disabled } 5179 ::= { cipSecTrapCntl 10 } 5180 5181cipSecTrapCntlIpSecEarlyTunTerm OBJECT-TYPE 5182 SYNTAX TrapStatus 5183 MAX-ACCESS read-write 5184 STATUS current 5185 DESCRIPTION 5186 "This object defines the administrative state 5187 of sending the IPsec 5188 Phase-2 Early Tunnel Termination TRAP" 5189 DEFVAL { disabled } 5190 ::= { cipSecTrapCntl 11 } 5191 5192cipSecTrapCntlIpSecProtocolFail OBJECT-TYPE 5193 SYNTAX TrapStatus 5194 MAX-ACCESS read-write 5195 STATUS current 5196 DESCRIPTION 5197 "This object defines the administrative state 5198 of sending the IPsec 5199 Phase-2 Protocol Failure TRAP" 5200 DEFVAL { disabled } 5201 ::= { cipSecTrapCntl 12 } 5202 5203cipSecTrapCntlIpSecNoSa OBJECT-TYPE 5204 SYNTAX TrapStatus 5205 MAX-ACCESS read-write 5206 STATUS current 5207 DESCRIPTION 5208 "This object defines the administrative state 5209 of sending the IPsec 5210 Phase-2 No Security Association TRAP" 5211 DEFVAL { disabled } 5212 ::= { cipSecTrapCntl 13 } 5213-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5214-- IPsec Notifications - TRAPs 5215-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5216 5217cipSecMIBNotificationPrefix OBJECT IDENTIFIER 5218 ::= { ciscoIpSecFlowMonitorMIB 2 } 5219 5220cipSecMIBNotifications OBJECT IDENTIFIER 5221 ::= { cipSecMIBNotificationPrefix 0 } 5222 5223 5224cikeTunnelStart NOTIFICATION-TYPE 5225 OBJECTS { 5226 cikePeerLocalAddr, 5227 cikePeerRemoteAddr, 5228 cikeTunLifeTime 5229 } 5230 STATUS current 5231 DESCRIPTION 5232 "This notification is generated when an IPsec Phase-1 5233 IKE Tunnel becomes active." 5234 ::= { cipSecMIBNotifications 1 } 5235 5236cikeTunnelStop NOTIFICATION-TYPE 5237 OBJECTS { 5238 cikePeerLocalAddr, 5239 cikePeerRemoteAddr, 5240 cikeTunActiveTime 5241 } 5242 STATUS current 5243 DESCRIPTION 5244 "This notification is generated when an IPsec Phase-1 5245 IKE Tunnel becomes inactive." 5246 ::= { cipSecMIBNotifications 2 } 5247 5248cikeSysFailure NOTIFICATION-TYPE 5249 OBJECTS { 5250 cikePeerLocalAddr, 5251 cikePeerRemoteAddr 5252 } 5253 STATUS current 5254 DESCRIPTION 5255 "This notification is generated when the processing for 5256 an IPsec Phase-1 IKE Tunnel experiences an internal 5257 or system capacity error." 5258 ::= { cipSecMIBNotifications 3 } 5259 5260cikeCertCrlFailure NOTIFICATION-TYPE 5261 OBJECTS { 5262 cikePeerLocalAddr, 5263 cikePeerRemoteAddr 5264 } 5265 STATUS current 5266 DESCRIPTION 5267 "This notification is generated when the processing for 5268 an IPsec Phase-1 IKE Tunnel experiences a Certificate 5269 or a Certificate Revoke List (CRL) related error." 5270 ::= { cipSecMIBNotifications 4 } 5271 5272cikeProtocolFailure NOTIFICATION-TYPE 5273 OBJECTS { 5274 cikePeerLocalAddr, 5275 cikePeerRemoteAddr 5276 } 5277 STATUS current 5278 DESCRIPTION 5279 "This notification is generated when the processing for 5280 an IPsec Phase-1 IKE Tunnel experiences a protocol 5281 related error." 5282 ::= { cipSecMIBNotifications 5 } 5283 5284cikeNoSa NOTIFICATION-TYPE 5285 OBJECTS { 5286 cikePeerLocalAddr, 5287 cikePeerRemoteAddr 5288 } 5289 STATUS current 5290 DESCRIPTION 5291 "This notification is generated when the processing for 5292 an IPsec Phase-1 IKE Tunnel experiences a non-existent 5293 security association error." 5294 ::= { cipSecMIBNotifications 6 } 5295 5296cipSecTunnelStart NOTIFICATION-TYPE 5297 OBJECTS { 5298 cipSecTunLifeTime, 5299 cipSecTunLifeSize 5300 } 5301 STATUS current 5302 DESCRIPTION 5303 "This notification is generated when an IPsec Phase-2 5304 Tunnel becomes active." 5305 ::= { cipSecMIBNotifications 7 } 5306 5307cipSecTunnelStop NOTIFICATION-TYPE 5308 OBJECTS { cipSecTunActiveTime } 5309 STATUS current 5310 DESCRIPTION 5311 "This notification is generated when an IPsec Phase-2 5312 Tunnel becomes inactive." 5313 ::= { cipSecMIBNotifications 8 } 5314 5315cipSecSysFailure NOTIFICATION-TYPE 5316 OBJECTS { 5317 cikePeerLocalAddr, 5318 cikePeerRemoteAddr, 5319 cipSecTunActiveTime, 5320 cipSecSpiProtocol 5321 } 5322 STATUS current 5323 DESCRIPTION 5324 "This notification is generated when the processing for 5325 an IPsec Phase-2 Tunnel experiences an internal 5326 or system capacity error." 5327 ::= { cipSecMIBNotifications 9 } 5328 5329cipSecSetUpFailure NOTIFICATION-TYPE 5330 OBJECTS { 5331 cikePeerLocalAddr, 5332 cikePeerRemoteAddr 5333 } 5334 STATUS current 5335 DESCRIPTION 5336 "This notification is generated when the setup for 5337 an IPsec Phase-2 Tunnel fails." 5338 ::= { cipSecMIBNotifications 10 } 5339 5340cipSecEarlyTunTerm NOTIFICATION-TYPE 5341 OBJECTS { 5342 cipSecTunActiveTime, 5343 cipSecSpiProtocol 5344 } 5345 STATUS current 5346 DESCRIPTION 5347 "This notification is generated when an an IPsec Phase-2 5348 Tunnel is terminated earily or before expected." 5349 ::= { cipSecMIBNotifications 11 } 5350 5351cipSecProtocolFailure NOTIFICATION-TYPE 5352 OBJECTS { 5353 cipSecTunActiveTime, 5354 cipSecSpiProtocol 5355 } 5356 STATUS current 5357 DESCRIPTION 5358 "This notification is generated when the processing for 5359 an IPsec Phase-2 Tunnel experiences a protocol 5360 related error." 5361 ::= { cipSecMIBNotifications 12 } 5362 5363cipSecNoSa NOTIFICATION-TYPE 5364 STATUS current 5365 DESCRIPTION 5366 "This notification is generated when the processing for 5367 an IPsec Phase-2 Tunnel experiences a non-existent 5368 security association error." 5369 ::= { cipSecMIBNotifications 13 } 5370-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5371-- Conformance Information 5372-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5373 5374cipSecMIBConformance OBJECT IDENTIFIER 5375 ::= { ciscoIpSecFlowMonitorMIB 3 } 5376 5377cipSecMIBGroups OBJECT IDENTIFIER 5378 ::= { cipSecMIBConformance 1 } 5379 5380cipSecMIBCompliances OBJECT IDENTIFIER 5381 ::= { cipSecMIBConformance 2 } 5382 5383 5384-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5385-- Compliance Statements 5386-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5387 5388cipSecMIBCompliance MODULE-COMPLIANCE 5389 STATUS deprecated 5390 DESCRIPTION 5391 "The compliance statement for SNMP entities 5392 the IP Security Protocol. 5393 This has been replaced by cipSecMIBComplianceRev1." 5394 MODULE -- this module 5395 MANDATORY-GROUPS { 5396 cipSecLevelsGroup, 5397 cipSecPhaseOneGroup, 5398 cipSecPhaseTwoGroup 5399 } 5400 5401 OBJECT cikeTunStatus 5402 MIN-ACCESS read-only 5403 DESCRIPTION 5404 "Write access is not required." 5405 5406 OBJECT cipSecTunStatus 5407 MIN-ACCESS read-only 5408 DESCRIPTION 5409 "Write access is not required." 5410 ::= { cipSecMIBCompliances 1 } 5411 5412cipSecMIBComplianceRev1 MODULE-COMPLIANCE 5413 STATUS current 5414 DESCRIPTION 5415 "The compliance statement for SNMP entities 5416 the IP Security Protocol." 5417 MODULE -- this module 5418 MANDATORY-GROUPS { 5419 cipSecLevelsGroup, 5420 cipSecPhaseOneGroup, 5421 cipSecPhaseTwoGroup 5422 } 5423 5424 GROUP cipSecGWStatsGroup 5425 DESCRIPTION 5426 "Implementation of this group is for the 5427 gateway supporting IPSec statistics 5428 information." 5429 5430 OBJECT cikeTunStatus 5431 MIN-ACCESS read-only 5432 DESCRIPTION 5433 "Write access is not required." 5434 5435 OBJECT cipSecTunStatus 5436 MIN-ACCESS read-only 5437 DESCRIPTION 5438 "Write access is not required." 5439 ::= { cipSecMIBCompliances 2 } 5440 5441-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5442-- Units of Conformance 5443-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5444 5445cipSecLevelsGroup OBJECT-GROUP 5446 OBJECTS { cipSecMibLevel } 5447 STATUS current 5448 DESCRIPTION 5449 "This group consists of a: 5450 1) IPsec MIB Level" 5451 ::= { cipSecMIBGroups 1 } 5452 5453cipSecPhaseOneGroup OBJECT-GROUP 5454 OBJECTS { 5455 cikeGlobalActiveTunnels, 5456 cikeGlobalPreviousTunnels, 5457 cikeGlobalInOctets, 5458 cikeGlobalInPkts, 5459 cikeGlobalInDropPkts, 5460 cikeGlobalInNotifys, 5461 cikeGlobalInP2Exchgs, 5462 cikeGlobalInP2ExchgInvalids, 5463 cikeGlobalInP2ExchgRejects, 5464 cikeGlobalInP2SaDelRequests, 5465 cikeGlobalOutOctets, 5466 cikeGlobalOutPkts, 5467 cikeGlobalOutDropPkts, 5468 cikeGlobalOutNotifys, 5469 cikeGlobalOutP2Exchgs, 5470 cikeGlobalOutP2ExchgInvalids, 5471 cikeGlobalOutP2ExchgRejects, 5472 cikeGlobalOutP2SaDelRequests, 5473 cikeGlobalInitTunnels, 5474 cikeGlobalInitTunnelFails, 5475 cikeGlobalRespTunnelFails, 5476 cikeGlobalSysCapFails, 5477 cikeGlobalAuthFails, 5478 cikeGlobalDecryptFails, 5479 cikeGlobalHashValidFails, 5480 cikeGlobalNoSaFails, 5481 cikePeerLocalAddr, 5482 cikePeerRemoteAddr, 5483 cikePeerActiveTime, 5484 cikePeerActiveTunnelIndex, 5485 cikeTunLocalType, 5486 cikeTunLocalValue, 5487 cikeTunLocalAddr, 5488 cikeTunLocalName, 5489 cikeTunRemoteType, 5490 cikeTunRemoteValue, 5491 cikeTunRemoteAddr, 5492 cikeTunRemoteName, 5493 cikeTunNegoMode, 5494 cikeTunDiffHellmanGrp, 5495 cikeTunEncryptAlgo, 5496 cikeTunHashAlgo, 5497 cikeTunAuthMethod, 5498 cikeTunLifeTime, 5499 cikeTunActiveTime, 5500 cikeTunSaRefreshThreshold, 5501 cikeTunTotalRefreshes, 5502 cikeTunInOctets, 5503 cikeTunInPkts, 5504 cikeTunInDropPkts, 5505 cikeTunInNotifys, 5506 cikeTunInP2Exchgs, 5507 cikeTunInP2ExchgInvalids, 5508 cikeTunInP2ExchgRejects, 5509 cikeTunInP2SaDelRequests, 5510 cikeTunOutOctets, 5511 cikeTunOutPkts, 5512 cikeTunOutDropPkts, 5513 cikeTunOutNotifys, 5514 cikeTunOutP2Exchgs, 5515 cikeTunOutP2ExchgInvalids, 5516 cikeTunOutP2ExchgRejects, 5517 cikeTunOutP2SaDelRequests, 5518 cikeTunStatus, 5519 cikePeerCorrIpSecTunIndex 5520 } 5521 STATUS current 5522 DESCRIPTION 5523 "This group consists of: 5524 1) IPsec Phase-1 Global Objects 5525 2) IPsec Phase-1 Peer Table 5526 3) IPsec Phase-1 Tunnel Table 5527 4) IPsec Phase-1 Correlation Table" 5528 ::= { cipSecMIBGroups 2 } 5529 5530cipSecPhaseTwoGroup OBJECT-GROUP 5531 OBJECTS { 5532 cipSecGlobalActiveTunnels, 5533 cipSecGlobalPreviousTunnels, 5534 cipSecGlobalInOctets, 5535 cipSecGlobalHcInOctets, 5536 cipSecGlobalInOctWraps, 5537 cipSecGlobalInDecompOctets, 5538 cipSecGlobalHcInDecompOctets, 5539 cipSecGlobalInDecompOctWraps, 5540 cipSecGlobalInPkts, 5541 cipSecGlobalInDrops, 5542 cipSecGlobalInReplayDrops, 5543 cipSecGlobalInAuths, 5544 cipSecGlobalInAuthFails, 5545 cipSecGlobalInDecrypts, 5546 cipSecGlobalInDecryptFails, 5547 cipSecGlobalOutOctets, 5548 cipSecGlobalHcOutOctets, 5549 cipSecGlobalOutOctWraps, 5550 cipSecGlobalOutUncompOctets, 5551 cipSecGlobalHcOutUncompOctets, 5552 cipSecGlobalOutUncompOctWraps, 5553 cipSecGlobalOutPkts, 5554 cipSecGlobalOutDrops, 5555 cipSecGlobalOutAuths, 5556 cipSecGlobalOutAuthFails, 5557 cipSecGlobalOutEncrypts, 5558 cipSecGlobalOutEncryptFails, 5559 cipSecGlobalProtocolUseFails, 5560 cipSecGlobalNoSaFails, 5561 cipSecGlobalSysCapFails, 5562 cipSecTunIkeTunnelIndex, 5563 cipSecTunIkeTunnelAlive, 5564 cipSecTunLocalAddr, 5565 cipSecTunRemoteAddr, 5566 cipSecTunKeyType, 5567 cipSecTunEncapMode, 5568 cipSecTunLifeSize, 5569 cipSecTunLifeTime, 5570 cipSecTunActiveTime, 5571 cipSecTunSaLifeSizeThreshold, 5572 cipSecTunSaLifeTimeThreshold, 5573 cipSecTunTotalRefreshes, 5574 cipSecTunExpiredSaInstances, 5575 cipSecTunCurrentSaInstances, 5576 cipSecTunInSaDiffHellmanGrp, 5577 cipSecTunInSaEncryptAlgo, 5578 cipSecTunInSaAhAuthAlgo, 5579 cipSecTunInSaEspAuthAlgo, 5580 cipSecTunInSaDecompAlgo, 5581 cipSecTunOutSaDiffHellmanGrp, 5582 cipSecTunOutSaEncryptAlgo, 5583 cipSecTunOutSaAhAuthAlgo, 5584 cipSecTunOutSaEspAuthAlgo, 5585 cipSecTunOutSaCompAlgo, 5586 cipSecTunInOctets, 5587 cipSecTunHcInOctets, 5588 cipSecTunInOctWraps, 5589 cipSecTunInDecompOctets, 5590 cipSecTunHcInDecompOctets, 5591 cipSecTunInDecompOctWraps, 5592 cipSecTunInPkts, 5593 cipSecTunInDropPkts, 5594 cipSecTunInReplayDropPkts, 5595 cipSecTunInAuths, 5596 cipSecTunInAuthFails, 5597 cipSecTunInDecrypts, 5598 cipSecTunInDecryptFails, 5599 cipSecTunOutOctets, 5600 cipSecTunHcOutOctets, 5601 cipSecTunOutOctWraps, 5602 cipSecTunOutUncompOctets, 5603 cipSecTunHcOutUncompOctets, 5604 cipSecTunOutUncompOctWraps, 5605 cipSecTunOutPkts, 5606 cipSecTunOutDropPkts, 5607 cipSecTunOutAuths, 5608 cipSecTunOutAuthFails, 5609 cipSecTunOutEncrypts, 5610 cipSecTunOutEncryptFails, 5611 cipSecTunStatus, 5612 cipSecEndPtLocalName, 5613 cipSecEndPtLocalType, 5614 cipSecEndPtLocalAddr1, 5615 cipSecEndPtLocalAddr2, 5616 cipSecEndPtLocalProtocol, 5617 cipSecEndPtLocalPort, 5618 cipSecEndPtRemoteName, 5619 cipSecEndPtRemoteType, 5620 cipSecEndPtRemoteAddr1, 5621 cipSecEndPtRemoteAddr2, 5622 cipSecEndPtRemoteProtocol, 5623 cipSecEndPtRemotePort, 5624 cipSecSpiDirection, 5625 cipSecSpiValue, 5626 cipSecSpiProtocol, 5627 cipSecSpiStatus 5628 } 5629 STATUS current 5630 DESCRIPTION 5631 "This group consists of: 5632 1) IPsec Phase-2 Global Statistics 5633 2) IPsec Phase-2 Tunnel Table 5634 3) IPsec Phase-2 Endpoint Table 5635 4) IPsec Phase-2 Security Protection Index Table" 5636 ::= { cipSecMIBGroups 3 } 5637 5638cipSecHistoryGroup OBJECT-GROUP 5639 OBJECTS { 5640 cipSecHistTableSize, 5641 cipSecHistCheckPoint, 5642 cikeTunHistTermReason, 5643 cikeTunHistActiveIndex, 5644 cikeTunHistPeerLocalType, 5645 cikeTunHistPeerLocalValue, 5646 cikeTunHistPeerIntIndex, 5647 cikeTunHistPeerRemoteType, 5648 cikeTunHistPeerRemoteValue, 5649 cikeTunHistLocalAddr, 5650 cikeTunHistLocalName, 5651 cikeTunHistRemoteAddr, 5652 cikeTunHistRemoteName, 5653 cikeTunHistNegoMode, 5654 cikeTunHistDiffHellmanGrp, 5655 cikeTunHistEncryptAlgo, 5656 cikeTunHistHashAlgo, 5657 cikeTunHistAuthMethod, 5658 cikeTunHistLifeTime, 5659 cikeTunHistStartTime, 5660 cikeTunHistActiveTime, 5661 cikeTunHistTotalRefreshes, 5662 cikeTunHistTotalSas, 5663 cikeTunHistInOctets, 5664 cikeTunHistInPkts, 5665 cikeTunHistInDropPkts, 5666 cikeTunHistInNotifys, 5667 cikeTunHistInP2Exchgs, 5668 cikeTunHistInP2ExchgInvalids, 5669 cikeTunHistInP2ExchgRejects, 5670 cikeTunHistInP2SaDelRequests, 5671 cikeTunHistOutOctets, 5672 cikeTunHistOutPkts, 5673 cikeTunHistOutDropPkts, 5674 cikeTunHistOutNotifys, 5675 cikeTunHistOutP2Exchgs, 5676 cikeTunHistOutP2ExchgInvalids, 5677 cikeTunHistOutP2ExchgRejects, 5678 cikeTunHistOutP2SaDelRequests, 5679 cipSecTunHistTermReason, 5680 cipSecTunHistActiveIndex, 5681 cipSecTunHistIkeTunnelIndex, 5682 cipSecTunHistLocalAddr, 5683 cipSecTunHistRemoteAddr, 5684 cipSecTunHistKeyType, 5685 cipSecTunHistEncapMode, 5686 cipSecTunHistLifeSize, 5687 cipSecTunHistLifeTime, 5688 cipSecTunHistStartTime, 5689 cipSecTunHistActiveTime, 5690 cipSecTunHistTotalRefreshes, 5691 cipSecTunHistTotalSas, 5692 cipSecTunHistInSaDiffHellmanGrp, 5693 cipSecTunHistInSaEncryptAlgo, 5694 cipSecTunHistInSaAhAuthAlgo, 5695 cipSecTunHistInSaEspAuthAlgo, 5696 cipSecTunHistInSaDecompAlgo, 5697 cipSecTunHistOutSaDiffHellmanGrp, 5698 cipSecTunHistOutSaEncryptAlgo, 5699 cipSecTunHistOutSaAhAuthAlgo, 5700 cipSecTunHistOutSaEspAuthAlgo, 5701 cipSecTunHistOutSaCompAlgo, 5702 cipSecTunHistInOctets, 5703 cipSecTunHistHcInOctets, 5704 cipSecTunHistInOctWraps, 5705 cipSecTunHistInDecompOctets, 5706 cipSecTunHistHcInDecompOctets, 5707 cipSecTunHistInDecompOctWraps, 5708 cipSecTunHistInPkts, 5709 cipSecTunHistInDropPkts, 5710 cipSecTunHistInReplayDropPkts, 5711 cipSecTunHistInAuths, 5712 cipSecTunHistInAuthFails, 5713 cipSecTunHistInDecrypts, 5714 cipSecTunHistInDecryptFails, 5715 cipSecTunHistOutOctets, 5716 cipSecTunHistHcOutOctets, 5717 cipSecTunHistOutOctWraps, 5718 cipSecTunHistOutUncompOctets, 5719 cipSecTunHistHcOutUncompOctets, 5720 cipSecTunHistOutUncompOctWraps, 5721 cipSecTunHistOutPkts, 5722 cipSecTunHistOutDropPkts, 5723 cipSecTunHistOutAuths, 5724 cipSecTunHistOutAuthFails, 5725 cipSecTunHistOutEncrypts, 5726 cipSecTunHistOutEncryptFails, 5727 cipSecEndPtHistTunIndex, 5728 cipSecEndPtHistActiveIndex, 5729 cipSecEndPtHistLocalName, 5730 cipSecEndPtHistLocalType, 5731 cipSecEndPtHistLocalAddr1, 5732 cipSecEndPtHistLocalAddr2, 5733 cipSecEndPtHistLocalProtocol, 5734 cipSecEndPtHistLocalPort, 5735 cipSecEndPtHistRemoteName, 5736 cipSecEndPtHistRemoteType, 5737 cipSecEndPtHistRemoteAddr1, 5738 cipSecEndPtHistRemoteAddr2, 5739 cipSecEndPtHistRemoteProtocol, 5740 cipSecEndPtHistRemotePort 5741 } 5742 STATUS current 5743 DESCRIPTION 5744 "This group consists of: 5745 1) IPsec History Global Objects 5746 2) IPsec Phase-1 History Objects 5747 3) IPsec Phase-2 History Objects" 5748 ::= { cipSecMIBGroups 4 } 5749 5750cipSecFailuresGroup OBJECT-GROUP 5751 OBJECTS { 5752 cipSecFailTableSize, 5753 cikeFailReason, 5754 cikeFailTime, 5755 cikeFailLocalType, 5756 cikeFailLocalValue, 5757 cikeFailRemoteType, 5758 cikeFailRemoteValue, 5759 cikeFailLocalAddr, 5760 cikeFailRemoteAddr, 5761 cipSecFailReason, 5762 cipSecFailTime, 5763 cipSecFailTunnelIndex, 5764 cipSecFailSaSpi, 5765 cipSecFailPktSrcAddr, 5766 cipSecFailPktDstAddr 5767 } 5768 STATUS current 5769 DESCRIPTION 5770 "This group consists of: 5771 1) IPsec Failure Global Objects 5772 2) IPsec Phase-1 Tunnel Failure Table 5773 3) IPsec Phase-2 Tunnel Failure Table" 5774 ::= { cipSecMIBGroups 5 } 5775 5776cipSecTrapCntlGroup OBJECT-GROUP 5777 OBJECTS { 5778 cipSecTrapCntlIkeTunnelStart, 5779 cipSecTrapCntlIkeTunnelStop, 5780 cipSecTrapCntlIkeSysFailure, 5781 cipSecTrapCntlIkeCertCrlFailure, 5782 cipSecTrapCntlIkeProtocolFail, 5783 cipSecTrapCntlIkeNoSa, 5784 cipSecTrapCntlIpSecTunnelStart, 5785 cipSecTrapCntlIpSecTunnelStop, 5786 cipSecTrapCntlIpSecSysFailure, 5787 cipSecTrapCntlIpSecSetUpFailure, 5788 cipSecTrapCntlIpSecEarlyTunTerm, 5789 cipSecTrapCntlIpSecProtocolFail, 5790 cipSecTrapCntlIpSecNoSa 5791 } 5792 STATUS current 5793 DESCRIPTION 5794 "This group of objects controls the sending of IPsec TRAPs." 5795 ::= { cipSecMIBGroups 6 } 5796 5797cipSecNotificationGroup NOTIFICATION-GROUP 5798 NOTIFICATIONS { 5799 cikeTunnelStart, 5800 cikeTunnelStop, 5801 cikeSysFailure, 5802 cikeCertCrlFailure, 5803 cikeProtocolFailure, 5804 cikeNoSa, 5805 cipSecTunnelStart, 5806 cipSecTunnelStop, 5807 cipSecSysFailure, 5808 cipSecSetUpFailure, 5809 cipSecEarlyTunTerm, 5810 cipSecProtocolFailure, 5811 cipSecNoSa 5812 } 5813 STATUS current 5814 DESCRIPTION 5815 "This group contains the notifications for the IPsec MIB." 5816 ::= { cipSecMIBGroups 7 } 5817 5818cipSecGWStatsGroup OBJECT-GROUP 5819 OBJECTS { 5820 cikePhase1GWActiveTunnels, 5821 cikePhase1GWPreviousTunnels, 5822 cikePhase1GWInOctets, 5823 cikePhase1GWInPkts, 5824 cikePhase1GWInDropPkts, 5825 cikePhase1GWInNotifys, 5826 cikePhase1GWInP2Exchgs, 5827 cikePhase1GWInP2ExchgInvalids, 5828 cikePhase1GWInP2ExchgRejects, 5829 cikePhase1GWInP2SaDelRequests, 5830 cikePhase1GWOutOctets, 5831 cikePhase1GWOutPkts, 5832 cikePhase1GWOutDropPkts, 5833 cikePhase1GWOutNotifys, 5834 cikePhase1GWOutP2Exchgs, 5835 cikePhase1GWOutP2ExchgInvalids, 5836 cikePhase1GWOutP2ExchgRejects, 5837 cikePhase1GWOutP2SaDelRequests, 5838 cikePhase1GWInitTunnels, 5839 cikePhase1GWInitTunnelFails, 5840 cikePhase1GWRespTunnelFails, 5841 cikePhase1GWSysCapFails, 5842 cikePhase1GWAuthFails, 5843 cikePhase1GWDecryptFails, 5844 cikePhase1GWHashValidFails, 5845 cikePhase1GWNoSaFails, 5846 cipSecPhase2GWActiveTunnels, 5847 cipSecPhase2GWPreviousTunnels, 5848 cipSecPhase2GWInOctets, 5849 cipSecPhase2GWInOctWraps, 5850 cipSecPhase2GWInDecompOctets, 5851 cipSecPhase2GWInDecompOctWraps, 5852 cipSecPhase2GWInPkts, 5853 cipSecPhase2GWInDrops, 5854 cipSecPhase2GWInReplayDrops, 5855 cipSecPhase2GWInAuths, 5856 cipSecPhase2GWInAuthFails, 5857 cipSecPhase2GWInDecrypts, 5858 cipSecPhase2GWInDecryptFails, 5859 cipSecPhase2GWOutOctets, 5860 cipSecPhase2GWOutOctWraps, 5861 cipSecPhase2GWOutUncompOctets, 5862 cipSecPhase2GWOutUncompOctWraps, 5863 cipSecPhase2GWOutPkts, 5864 cipSecPhase2GWOutDrops, 5865 cipSecPhase2GWOutAuths, 5866 cipSecPhase2GWOutAuthFails, 5867 cipSecPhase2GWOutEncrypts, 5868 cipSecPhase2GWOutEncryptFails, 5869 cipSecPhase2GWProtocolUseFails, 5870 cipSecPhase2GWNoSaFails, 5871 cipSecPhase2GWSysCapFails 5872 } 5873 STATUS current 5874 DESCRIPTION 5875 "" 5876 ::= { cipSecMIBGroups 8 } 5877 5878END 5879 5880 5881 5882