1-- *------------------------------------------------------------------ 2-- * CISCO-ENHANCED-IPSEC-FLOW-MIB.my: 3-- * Enhanced IPsec Flow Monitoring MIB. 4-- * 5-- * August 2004, S Ramakrishnan, John Fan 6-- * 7-- * Copyright (c) 2004, 2011, 2013 by cisco Systems Inc. 8-- * All rights reserved. 9-- *------------------------------------------------------------------ 10 11CISCO-ENHANCED-IPSEC-FLOW-MIB DEFINITIONS ::= BEGIN 12 13IMPORTS 14 MODULE-IDENTITY, 15 OBJECT-TYPE, 16 NOTIFICATION-TYPE, 17 Counter32, 18 Counter64, 19 Gauge32, 20 Unsigned32 21 FROM SNMPv2-SMI 22 MODULE-COMPLIANCE, 23 OBJECT-GROUP, 24 NOTIFICATION-GROUP 25 FROM SNMPv2-CONF 26 TimeStamp, 27 DateAndTime, 28 TimeInterval, 29 TruthValue 30 FROM SNMPv2-TC 31 InetAddressType, 32 InetAddress 33 FROM INET-ADDRESS-MIB 34 SnmpAdminString 35 FROM SNMP-FRAMEWORK-MIB 36 ifIndex, 37 InterfaceIndex 38 FROM IF-MIB 39 CiscoIpProtocol, 40 CiscoPort 41 FROM CISCO-TC 42 CIPsecEncryptionKeySize, 43 CIPsecControlProtocol, 44 CIPsecDiffHellmanGrp, 45 CIPsecEncapMode, 46 CIPsecEncryptAlgorithm, 47 CIPsecSpi, 48 CIPsecAuthAlgorithm, 49 CIPsecCompAlgorithm, 50 CIPsecEndPtType, 51 CIPsecNATTraversalMode, 52 CIPsecPhase1TunnelIndexOrZero, 53 CIPsecPhase2TunnelIndex, 54 CIPsecPhase2SaDirection, 55 CIPsecProtocol, 56 CIPsecPmtu, 57 CIPsecTunnelStatus 58 FROM CISCO-IPSEC-TC 59 ciscoMgmt 60 FROM CISCO-SMI; 61 62 63ciscoEnhancedIpsecFlowMIB MODULE-IDENTITY 64 LAST-UPDATED "201306280000Z" 65 ORGANIZATION "Cisco Systems, Inc." 66 CONTACT-INFO 67 "Cisco Systems 68 Customer Service 69 70 Postal: 170 W Tasman Drive 71 San Jose, CA 95134 72 USA 73 74 Tel: +1 800 553-NETS 75 E-mail: cs-ipsecmib@external.cisco.com" 76 DESCRIPTION 77 "This is a MIB Module for monitoring the structures 78 and status of IPSec-based networks. The MIB has been 79 designed to be adopted as an IETF standard. Hence 80 vendor-specific features of IPSec protocol are excluded 81 from this MIB. 82 83 Acronyms 84 The following acronyms are used in this document: 85 86 IPsec: Secure IP Protocol 87 88 VPN: Virtual Private Network 89 90 ISAKMP: Internet Security Association and Key Exchange 91 Protocol 92 93 IKE: Internet Key Exchange Protocol 94 95 SA: Security Association 96 (ref: rfc2408). 97 98 SPI: Security Parameter Index is the pointer or 99 identifier used in accessing SA attributes 100 (ref: rfc2408). 101 102 MM: Main Mode - the process of setting up 103 a Phase 1 SA to secure the exchanges 104 required to setup Phase 2 SAs 105 106 QM: Quick Mode - the process of setting up 107 Phase 2 Security Associations using 108 a Phase 1 SA. 109 110 Phase 1 Tunnel: 111 An ISAKMP SA can be regarded as representing 112 a flow of ISAKMP/IKE traffic. Hence an ISAKMP 113 is referred to as a 'Phase 1 Tunnel' in this 114 document. 115 116 Control Tunnel: 117 Another term for a Phase 1 Tunnel. 118 119 Phase 2 Tunnel: 120 An instance of a non-ISAKMP SA bundle in which all 121 the SA share the same proxy identifiers (IDii,IDir) 122 protect the same stream of application traffic. 123 Such an SA bundle is termed a 'Phase 2 Tunnel'. 124 Note that a Phase 2 tunnel may comprise different 125 SA bundles and different number of SA bundles at 126 different times (due to key refresh). 127 128 MTU: 129 Maximum Transmission Unit (of an IPsec tunnel). 130 131 History of the MIB 132 A precursor to this MIB was written by Tivoli and implemented 133 in IBM Nways routers in 1999. During late 1999, Cisco adopted 134 the MIB and together with Tivoli publised the IPsec Flow 135 Monitor MIB in IETF IPsec WG in 136 draft-ietf-ipsec-flow-monitoring-mib-00.txt. In 2000, the 137 MIB was Cisco-ized and implemented this draft as 138 CISCO-IPSEC-FLOW-MONITOR-MIB in IOS and VPN3000 platforms. 139 140 With the evolution of IKEv2, the MIB was modified and 141 presented to the IPsec WG again in May 2003 in 142 draft-ietf-ipsec-flow-monitoring-mib-02.txt. 143 144 With the emergence of multiple IPsec signaling protocols, 145 it became apparent that the signaling aspects of IPsec 146 need to be instrumented separately in their own right. 147 Thus, the IPsec control attributes and metrics were 148 separated out into CISCO-IPSEC-SIGNALING-MIB and 149 CISCO-IKE-FLOW-MIB. 150 151 This version of the draft is the version of the draft 152 that models that IPsec data protocol, structures and 153 activity alone. 154 155 Overview of MIB 156 157 The MIB contains four major groups of objects which are 158 used to manage the IPsec Protocol. These groups include 159 a Levels Group, a Phase-1 Group, a Phase-2 Group, 160 a History Group, a Failure Group and a TRAP Control Group. 161 The following table illustrates the structure of the 162 IPsec MIB. 163 164 The Phase 2 group models objects pertaining to 165 IPsec data tunnels. 166 167 The History group is to aid applications that do 168 trending analysis. 169 170 The Failure group is to enable an operator to 171 do troubleshooting and debugging of the VPN Router. 172 Further, counters are supported to aid detection 173 of potential security violations. 174 175 In addition to the three major MIB Groups, there are 176 a number of Notifications. The following table 177 illustrates the name and description of the 178 IPsec TRAPs." 179 REVISION "201306280000Z" 180 DESCRIPTION 181 "Added ciscoEnhIPsecFlowPerformanceThroughputGroup group 182 Added performanceUtilization to ceipSecFailReason" 183 REVISION "201107190000Z" 184 DESCRIPTION 185 "Added ciscoEnhIPsecFlowNotifCntlGroupSup01 control group with 186 certificate objects: 187 ceipSecNotifCntlCertExpiry 188 ceipSecNotifCntlCertRenewal 189 Added ciscoEnhIPsecFlowNotifGroupSup01 notification group with 190 certificate objects: 191 ciscoEnhIpsecFlowCertExpiry 192 ciscoEnhIpsecFlowCertRenewal 193 Added ciscoEnhIPsecFlowCertObjectGroup with certificate 194 objects: 195 ceipSecCertSubjectName 196 ceipSecCertSerialNumber 197 ceipSecCertIssuerName 198 ceipSecCertRenewalStatus 199 ceipSecCertExpiryStatus 200 Added certificate groups and objects to 201 ciscoEnhIPsecFlowMIBComplianceRev1" 202 REVISION "200501120000Z" 203 DESCRIPTION 204 "Added a new table, ceipSecTunnelSaTable" 205 REVISION "200408310000Z" 206 DESCRIPTION 207 "Initial version of this module." 208 ::= { ciscoMgmt 432 } 209 210 211ciscoEnhancedIpsecFlowMIBNotifs OBJECT IDENTIFIER 212 ::= { ciscoEnhancedIpsecFlowMIB 0 } 213 214ciscoEnhancedIpsecFlowMIBObjects OBJECT IDENTIFIER 215 ::= { ciscoEnhancedIpsecFlowMIB 1 } 216 217ciscoEnhancedIpsecFlowMIBConform OBJECT IDENTIFIER 218 ::= { ciscoEnhancedIpsecFlowMIB 2 } 219 220ceipSecPhaseTwo OBJECT IDENTIFIER 221 ::= { ciscoEnhancedIpsecFlowMIBObjects 1 } 222 223ceipSecHistory OBJECT IDENTIFIER 224 ::= { ciscoEnhancedIpsecFlowMIBObjects 2 } 225 226ceipSecFailures OBJECT IDENTIFIER 227 ::= { ciscoEnhancedIpsecFlowMIBObjects 3 } 228 229ceipSecNotificationCntl OBJECT IDENTIFIER 230 ::= { ciscoEnhancedIpsecFlowMIBObjects 5 } 231 232ceipSecCertNotification OBJECT IDENTIFIER 233 ::= { ciscoEnhancedIpsecFlowMIBObjects 6 } 234 235-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 236-- IPsec Phase-2 Group 237-- 238-- This group consists of: 239-- 1) IPsec Phase-2 Global Statistics 240-- 2) IPsec Phase-2 Tunnel Table 241-- 3) IPsec Phase-2 Endpoint Table 242-- 4) IPsec Phase-2 Security Protection Index Table 243-- 4) IPsec Phase-2 Security Protection Index Objects 244-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 245-- 246-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 247-- The IPsec Phase-2 Global Tunnel Statistics 248-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 249 250ceipSecGlobalStats OBJECT IDENTIFIER 251 ::= { ceipSecPhaseTwo 1 } 252 253 254ceipSecGlobalActiveTunnels OBJECT-TYPE 255 SYNTAX Gauge32 256 UNITS "Tunnels" 257 MAX-ACCESS read-only 258 STATUS current 259 DESCRIPTION 260 "The total number of currently active 261 IPsec Phase-2 Tunnels." 262 ::= { ceipSecGlobalStats 1 } 263 264ceipSecGlobalPreviousTunnels OBJECT-TYPE 265 SYNTAX Counter64 266 UNITS "Tunnels" 267 MAX-ACCESS read-only 268 STATUS current 269 DESCRIPTION 270 "The total number of previously active 271 IPsec Phase-2 Tunnels." 272 ::= { ceipSecGlobalStats 2 } 273 274ceipSecGlobalInOctets OBJECT-TYPE 275 SYNTAX Counter64 276 UNITS "Octets" 277 MAX-ACCESS read-only 278 STATUS current 279 DESCRIPTION 280 "A high capacity count of the total number of 281 octets received by all current and previous 282 IPsec Phase-2 Tunnels. This value is accumulated 283 BEFORE determining whether or not the packet 284 should be decompressed." 285 ::= { ceipSecGlobalStats 3 } 286 287ceipSecGlobalInDecompOctets OBJECT-TYPE 288 SYNTAX Counter64 289 UNITS "Octets" 290 MAX-ACCESS read-only 291 STATUS current 292 DESCRIPTION 293 "A high capacity count of the total number 294 of decompressed octets received by all current 295 and previous IPsec Phase-2 Tunnels. This value 296 is accumulated AFTER the packet is decompressed. 297 If compression is not being used, this value 298 will match the value of ceipSecGlobalInOctets." 299 ::= { ceipSecGlobalStats 4 } 300 301ceipSecGlobalInPkts OBJECT-TYPE 302 SYNTAX Counter64 303 UNITS "Packets" 304 MAX-ACCESS read-only 305 STATUS current 306 DESCRIPTION 307 "The total number of packets received 308 by all current and previous 309 IPsec Phase-2 Tunnels." 310 ::= { ceipSecGlobalStats 5 } 311 312ceipSecGlobalInDrops OBJECT-TYPE 313 SYNTAX Counter64 314 UNITS "Packets" 315 MAX-ACCESS read-only 316 STATUS current 317 DESCRIPTION 318 "The total number of packets dropped 319 during receive processing by all current and 320 previous IPsec Phase-2 Tunnels. This count does 321 NOT include packets dropped due to 322 Anti-Replay processing." 323 ::= { ceipSecGlobalStats 6 } 324 325ceipSecGlobalInReplayDrops OBJECT-TYPE 326 SYNTAX Counter64 327 UNITS "Packets" 328 MAX-ACCESS read-only 329 STATUS current 330 DESCRIPTION 331 "The total number of packets dropped during 332 receive processing due to Anti-Replay 333 processing by all current and previous IPsec 334 Phase-2 Tunnels." 335 ::= { ceipSecGlobalStats 7 } 336 337ceipSecGlobalInAuths OBJECT-TYPE 338 SYNTAX Counter64 339 UNITS "Events" 340 MAX-ACCESS read-only 341 STATUS current 342 DESCRIPTION 343 "The total number of inbound authentication's 344 performed by all current and previous IPsec 345 Phase-2 Tunnels." 346 ::= { ceipSecGlobalStats 8 } 347 348ceipSecGlobalInAuthFails OBJECT-TYPE 349 SYNTAX Counter64 350 UNITS "Failures" 351 MAX-ACCESS read-only 352 STATUS current 353 DESCRIPTION 354 "The total number of inbound authentication's 355 which ended in failure by all current and 356 previous IPsec Phase-2 Tunnels." 357 ::= { ceipSecGlobalStats 9 } 358 359ceipSecGlobalInDecrypts OBJECT-TYPE 360 SYNTAX Counter64 361 UNITS "Packets" 362 MAX-ACCESS read-only 363 STATUS current 364 DESCRIPTION 365 "The total number of inbound decryption's 366 performed by all current and previous IPsec 367 Phase-2 Tunnels." 368 ::= { ceipSecGlobalStats 10 } 369 370ceipSecGlobalInDecryptFails OBJECT-TYPE 371 SYNTAX Counter64 372 UNITS "Failures" 373 MAX-ACCESS read-only 374 STATUS current 375 DESCRIPTION 376 "The total number of inbound decryption's 377 which ended in failure by all current and 378 previous IPsec Phase-2 Tunnels." 379 ::= { ceipSecGlobalStats 11 } 380 381ceipSecGlobalOutOctets OBJECT-TYPE 382 SYNTAX Counter64 383 UNITS "Octets" 384 MAX-ACCESS read-only 385 STATUS current 386 DESCRIPTION 387 "A high capacity count of the total number 388 of octets sent by all current and previous 389 IPsec Phase-2 Tunnels. This value is accumulated 390 AFTER determining whether or not the packet should 391 be compressed." 392 ::= { ceipSecGlobalStats 12 } 393 394ceipSecGlobalOutUncompOctets OBJECT-TYPE 395 SYNTAX Counter64 396 UNITS "Octets" 397 MAX-ACCESS read-only 398 STATUS current 399 DESCRIPTION 400 "A high capacity count of the total number of 401 uncompressed octets sent by all current and previous 402 IPsec Phase-2 Tunnels. This value is accumulated 403 BEFORE the packet is compressed. If compression is 404 not being used, this value will match the 405 value of ceipSecGlobalOutOctets." 406 ::= { ceipSecGlobalStats 13 } 407 408ceipSecGlobalOutPkts OBJECT-TYPE 409 SYNTAX Counter64 410 UNITS "Packets" 411 MAX-ACCESS read-only 412 STATUS current 413 DESCRIPTION 414 "The total number of packets sent by all 415 current and previous IPsec Phase-2 Tunnels." 416 ::= { ceipSecGlobalStats 14 } 417 418ceipSecGlobalOutDrops OBJECT-TYPE 419 SYNTAX Counter64 420 UNITS "Packets" 421 MAX-ACCESS read-only 422 STATUS current 423 DESCRIPTION 424 "The total number of packets dropped during send 425 processing by all current and previous IPsec 426 Phase-2 Tunnels." 427 ::= { ceipSecGlobalStats 15 } 428 429ceipSecGlobalOutAuths OBJECT-TYPE 430 SYNTAX Counter64 431 UNITS "Events" 432 MAX-ACCESS read-only 433 STATUS current 434 DESCRIPTION 435 "The total number of outbound authentication's 436 performed by all current and previous IPsec 437 Phase-2 Tunnels." 438 ::= { ceipSecGlobalStats 16 } 439 440ceipSecGlobalOutAuthFails OBJECT-TYPE 441 SYNTAX Counter64 442 UNITS "Failures" 443 MAX-ACCESS read-only 444 STATUS current 445 DESCRIPTION 446 "The total number of outbound authentication's 447 which ended in failure 448 by all current and previous IPsec Phase-2 Tunnels." 449 ::= { ceipSecGlobalStats 17 } 450 451ceipSecGlobalOutEncrypts OBJECT-TYPE 452 SYNTAX Counter64 453 UNITS "Packets" 454 MAX-ACCESS read-only 455 STATUS current 456 DESCRIPTION 457 "The total number of outbound encryption's performed 458 by all current and previous IPsec Phase-2 Tunnels." 459 ::= { ceipSecGlobalStats 18 } 460 461ceipSecCertSubjectName OBJECT-TYPE 462 SYNTAX SnmpAdminString 463 MAX-ACCESS read-only 464 STATUS current 465 DESCRIPTION 466 "This object provides the subject name from the X.509 467 certificate, or the alternate subject name if it is available. 468 The subject name is formatted as a character string matching the 469 output of a ssh-certview command-line application, except that 470 the application sending the notification may limit the string 471 length. 472 Example Subject Name: C=US, OU=DEV, CN=Test-01 473 Example Subject Alternative Name: 474 2001:0022:0022:0020:0000:0000:0000:0102" 475 REFERENCE 476 "RFC 3280 section 4.1.2.6 Subject 477 RFC 3280 section 4.2.1.7 Subject Alternative Name" 478 ::= { ceipSecCertNotification 1 } 479 480ceipSecCertSerialNumber OBJECT-TYPE 481 SYNTAX SnmpAdminString 482 MAX-ACCESS read-only 483 STATUS current 484 DESCRIPTION 485 "This object provides the serial number from the X.509 486 certificate. The serial number is formatted as a character 487 string matching the output of a ssh-certview command-line 488 application. The issuer name and the serial number identify a 489 unique certificate. 490 Example: 1000655533" 491 REFERENCE "RFC 3280 section 4.1.2.2 Serial number" 492 ::= { ceipSecCertNotification 2 } 493 494ceipSecCertIssuerName OBJECT-TYPE 495 SYNTAX SnmpAdminString 496 MAX-ACCESS read-only 497 STATUS current 498 DESCRIPTION 499 "This object provides the issuer name from the X.509 500 certificate. The issuer name is formatted as a character string 501 matching the output of a ssh-certview command-line application, 502 except that the application sending the notification may limit 503 the string length. The issuer name and the serial number 504 identify a unique certificate. 505 Example: C=US, O=Cisco, OU=MITG, CN=Lnx-Insta-RootCA-1" 506 REFERENCE "RFC 3280 section 5.1.2.3 Issuer Name" 507 ::= { ceipSecCertNotification 3 } 508 509ceipSecCertExpiryTime OBJECT-TYPE 510 SYNTAX SnmpAdminString 511 MAX-ACCESS read-only 512 STATUS current 513 DESCRIPTION 514 "This object provides the validity notAfter time from the X.509 515 certificate. The notAfter time is the time after which the 516 certificate is not valid. The time is formatted as a character 517 string matching the output of a ssh-certview command-line 518 application. 519 Example: 2012 Apr 14th, 19:01:45 GMT" 520 REFERENCE "RFC 3280 section 4.1.2.5 Validity" 521 ::= { ceipSecCertNotification 4 } 522 523ceipSecCertRenewalStatus OBJECT-TYPE 524 SYNTAX INTEGER { 525 renewalNotNeeded(1), -- valid 526 renewalRequestNeeded(2), 527 renewalRequested(3), 528 renewalSuccess(4), 529 renewalFailedUpdate(5), 530 renewalFailedExpired(6) 531 } 532 MAX-ACCESS read-only 533 STATUS current 534 DESCRIPTION 535 "This object provides the renewal status of the X.509 536 certificate on the application sending the notification. 537 renewalNotNeeded(1) = certificate is OK and does not need to 538 be renewed renewalRequestNeeded(2) = certificate renewal request 539 is needed 540 renewalRequested(3) = certificate renewal has been requested 541 and the renewal process is proceeding 542 renewalSuccess(4) = certificate has been renewed and will 543 be OK (renewalNotNeeded) 544 renewalFailedUpdate(5) = certificate renewal failed, but 545 certificate is still usable until the validity expiration time 546 provided in the notification, or otherwise restricted by the 547 application 548 renewalFailedExpired(6) = certificate is no longer valid, the 549 current time is after the certificate's validity notAfter time, 550 which is provided in this notification" 551 ::= { ceipSecCertNotification 5 } 552 553ceipSecCertExpiryStatus OBJECT-TYPE 554 SYNTAX INTEGER { 555 certOK(1), 556 certGoingExpired(2), 557 certExpired(3) 558 } 559 MAX-ACCESS read-only 560 STATUS current 561 DESCRIPTION 562 "This object provides the expiration status of the X.509 563 certificate on the application sending the notification. 564 The notification is sent when the value of this object is 565 changed from certOK(1) to certGoingExpired(2). 566 certOK(1) = certificate is OK and is not within the 567 configured time threshold for going to expire 568 certGoingExpired(2) = certificate is within the configured time 569 threshold for going to expire 570 certExpired(3) = certificate has expired, the current time 571 is after the certificate's validity notAfter time" 572 ::= { ceipSecCertNotification 6 } 573 574ceipSecGlobalOutEncryptFails OBJECT-TYPE 575 SYNTAX Counter64 576 UNITS "Failures" 577 MAX-ACCESS read-only 578 STATUS current 579 DESCRIPTION 580 "The total number of outbound encryption's 581 which ended in failure by all current and 582 previous IPsec Phase-2 Tunnels." 583 ::= { ceipSecGlobalStats 19 } 584 585ceipSecGlobalProtocolUseFails OBJECT-TYPE 586 SYNTAX Counter64 587 UNITS "Failures" 588 MAX-ACCESS read-only 589 STATUS current 590 DESCRIPTION 591 "The total number of protocol use failures 592 which occurred during processing of all current 593 and previously active IPsec Phase-2 Tunnels." 594 ::= { ceipSecGlobalStats 20 } 595 596ceipSecGlobalNoSaFails OBJECT-TYPE 597 SYNTAX Counter64 598 UNITS "Failures" 599 MAX-ACCESS read-only 600 STATUS current 601 DESCRIPTION 602 "The total number of non-existent Security 603 Association in failures which occurred during 604 processing of all current and previous IPsec 605 Phase-2 Tunnels." 606 ::= { ceipSecGlobalStats 21 } 607 608ceipSecGlobalSysCapFails OBJECT-TYPE 609 SYNTAX Counter64 610 UNITS "Failures" 611 MAX-ACCESS read-only 612 STATUS current 613 DESCRIPTION 614 "The total number of system capacity failures 615 which occurred during processing of all current 616 and previously active IPsec Phase-2 Tunnels." 617 ::= { ceipSecGlobalStats 22 } 618 619ceipSecGlobalOutCompressedPkts OBJECT-TYPE 620 SYNTAX Counter64 621 UNITS "Packets" 622 MAX-ACCESS read-only 623 STATUS current 624 DESCRIPTION 625 "The cumulative number of outbound packets across all 626 IPsec flows terminating at this device which were 627 successfully compressed." 628 ::= { ceipSecGlobalStats 23 } 629 630ceipSecGlobalOutCompSkippedPkts OBJECT-TYPE 631 SYNTAX Counter64 632 UNITS "Packets" 633 MAX-ACCESS read-only 634 STATUS current 635 DESCRIPTION 636 "The total number of outbound packets across all 637 IPsec flows terminating at this devices that were 638 to be compressed but which were skipped due to 639 the compression hysteresis." 640 ::= { ceipSecGlobalStats 24 } 641 642ceipSecGlobalOutCompFailPkts OBJECT-TYPE 643 SYNTAX Counter64 644 UNITS "Packets" 645 MAX-ACCESS read-only 646 STATUS current 647 DESCRIPTION 648 "The total number of outbound packets across all IPsec 649 flows terminating at this device that failed compression 650 because they grew in size after compression." 651 ::= { ceipSecGlobalStats 25 } 652 653ceipSecGlobalOutCompTooSmallPkts OBJECT-TYPE 654 SYNTAX Counter64 655 UNITS "Packets" 656 MAX-ACCESS read-only 657 STATUS current 658 DESCRIPTION 659 "The total number of outbound packets across all IPsec 660 flows terminating at this device that were to be 661 compressed but were smaller than the compression 662 threshold size. This number is cumulative since the 663 last system start." 664 ::= { ceipSecGlobalStats 26 } 665 666ceipSecGlobalThroughputUtilizatioinTimeInterval OBJECT-TYPE 667 SYNTAX Unsigned32 668 UNITS "Seconds" 669 MAX-ACCESS read-only 670 STATUS current 671 DESCRIPTION 672 "The object is the length of the time interval 673 to measure the throughtput utilization." 674 ::= { ceipSecGlobalStats 27 } 675 676ceipSecGlobalThroughputLastUpdatedTime OBJECT-TYPE 677 SYNTAX TimeStamp 678 MAX-ACCESS read-only 679 STATUS current 680 DESCRIPTION 681 "The timestamp is the end of the last throughput 682 utilization time interval." 683 ::= { ceipSecGlobalStats 28 } 684 685ceipSecGlobalLastAveragePacketSize OBJECT-TYPE 686 SYNTAX Unsigned32 687 UNITS "bytes" 688 MAX-ACCESS read-only 689 STATUS current 690 DESCRIPTION 691 "This object is the average packet size in the 692 last throughput utilization time interval that 693 ended at ceipSecGlobalThroughputLastUpdatedTime." 694 ::= { ceipSecGlobalStats 29 } 695 696ceipSecGlobalLastThroughputInMbps OBJECT-TYPE 697 SYNTAX Unsigned32 698 UNITS "Mbps" 699 MAX-ACCESS read-only 700 STATUS current 701 DESCRIPTION 702 "The object is the total throughput in Mbps in 703 the last throughput utilization time interval that 704 ended at ceipSecGlobalThroughputLastUpdatedTime." 705 ::= { ceipSecGlobalStats 30 } 706 707ceipSecGlobalLastThroughputInKpps OBJECT-TYPE 708 SYNTAX Unsigned32 709 UNITS "Kpps" 710 MAX-ACCESS read-only 711 STATUS current 712 DESCRIPTION 713 "The object is the total throughput in Kpps in 714 the last throughput utilization time interval that 715 ended at ceipSecGlobalThroughputLastUpdatedTime." 716 ::= { ceipSecGlobalStats 31 } 717 718ceipSecGlobalLastThroughputUtilization OBJECT-TYPE 719 SYNTAX Unsigned32 720 UNITS "Percent" 721 MAX-ACCESS read-only 722 STATUS current 723 DESCRIPTION 724 "The object is the throughput utilization in 725 percentage in the last performance utilization 726 time interval that ended at 727 ceipSecGlobalThroughputLastUpdatedTime." 728 ::= { ceipSecGlobalStats 32 } 729 730ceipSecGlobalPeakThroughputUtilization OBJECT-TYPE 731 SYNTAX Unsigned32 732 UNITS "Percent" 733 MAX-ACCESS read-only 734 STATUS current 735 DESCRIPTION 736 "The object is the peak throughput utilization 737 in percentage since the managed system is active. 738 It was observed in the throughput utilization 739 time interval that ended at 740 ceipSecGlobalPeakThroughputDateAndTime." 741 ::= { ceipSecGlobalStats 33 } 742 743ceipSecGlobalPeakThroughputDateAndTime OBJECT-TYPE 744 SYNTAX DateAndTime 745 MAX-ACCESS read-only 746 STATUS current 747 DESCRIPTION 748 "The date and time when 749 ceipSecGlobalPeakThroughputUtilization is 750 updated." 751 ::= { ceipSecGlobalStats 34 } 752 753ceipSecGlobalPeakThroughputInMbps OBJECT-TYPE 754 SYNTAX Unsigned32 755 UNITS "Mbps" 756 MAX-ACCESS read-only 757 STATUS current 758 DESCRIPTION 759 "The object indicates the peak value of throughput 760 in Mbps." 761 ::= { ceipSecGlobalStats 35 } 762 763ceipSecGlobalPeakAvgPacketSize OBJECT-TYPE 764 SYNTAX Unsigned32 765 UNITS "bytes" 766 MAX-ACCESS read-only 767 STATUS current 768 DESCRIPTION 769 "This object indicates the average packet size in 770 bytes in the throughput utilization time interval 771 that ended at ceipSecGlobalPeakThroughputDateAndTime." 772 ::= { ceipSecGlobalStats 36 } 773-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 774-- The IPsec Phase-2 Tunnel Table 775-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 776 777ceipSecTunnelTable OBJECT-TYPE 778 SYNTAX SEQUENCE OF CeipSecTunnelEntry 779 MAX-ACCESS not-accessible 780 STATUS current 781 DESCRIPTION 782 "The IPsec Phase-2 Tunnel Table. 783 There is one entry in this table for 784 each active IPsec Phase-2 Tunnel." 785 ::= { ceipSecPhaseTwo 2 } 786 787ceipSecTunnelEntry OBJECT-TYPE 788 SYNTAX CeipSecTunnelEntry 789 MAX-ACCESS not-accessible 790 STATUS current 791 DESCRIPTION 792 "Each entry contains the attributes 793 associated with an active IPsec Phase-2 Tunnel." 794 INDEX { ceipSecTunIndex } 795 ::= { ceipSecTunnelTable 1 } 796 797CeipSecTunnelEntry ::= SEQUENCE { 798 ceipSecTunIndex CIPsecPhase2TunnelIndex, 799 ceipSecTunLocalAddressType InetAddressType, 800 ceipSecTunLocalAddress InetAddress, 801 ceipSecTunRemoteAddressType InetAddressType, 802 ceipSecTunRemoteAddress InetAddress, 803 ceipSecTunControlProtocol CIPsecControlProtocol, 804 ceipSecTunControlTunnelIndex CIPsecPhase1TunnelIndexOrZero, 805 ceipSecTunControlTunnelAlive TruthValue, 806 ceipSecTunEncapMode CIPsecEncapMode, 807 ceipSecTunNATTraversalMode CIPsecNATTraversalMode, 808 ceipSecTunLifeSize Unsigned32, 809 ceipSecTunLifeTime Unsigned32, 810 ceipSecTunActiveTime TimeInterval, 811 ceipSecTunSaLifeSizeThreshold Unsigned32, 812 ceipSecTunSaLifeTimeThreshold Unsigned32, 813 ceipSecTunTotalRefreshes Counter32, 814 ceipSecTunExpiredSaInstances Counter32, 815 ceipSecTunCurrentSaInstances Gauge32, 816 ceipSecTunInSaDHGrp CIPsecDiffHellmanGrp, 817 ceipSecTunInSaEncryptAlgo CIPsecEncryptAlgorithm, 818 ceipSecTunInSaEncryptKeySize CIPsecEncryptionKeySize, 819 ceipSecTunInSaAhAuthAlgo CIPsecAuthAlgorithm, 820 ceipSecTunInSaEspAuthAlgo CIPsecAuthAlgorithm, 821 ceipSecTunInSaDecompAlgo CIPsecCompAlgorithm, 822 ceipSecTunOutSaDHGrp CIPsecDiffHellmanGrp, 823 ceipSecTunOutSaEncryptAlgo CIPsecEncryptAlgorithm, 824 ceipSecTunOutSaEncryptKeySize CIPsecEncryptionKeySize, 825 ceipSecTunOutSaAhAuthAlgo CIPsecAuthAlgorithm, 826 ceipSecTunOutSaEspAuthAlgo CIPsecAuthAlgorithm, 827 ceipSecTunOutSaCompAlgo CIPsecCompAlgorithm, 828 ceipSecTunPmtu CIPsecPmtu, 829 ceipSecTunInOctets Counter64, 830 ceipSecTunInDecompOctets Counter64, 831 ceipSecTunInPkts Counter32, 832 ceipSecTunInDropPkts Counter32, 833 ceipSecTunInReplayDropPkts Counter32, 834 ceipSecTunInAuths Counter32, 835 ceipSecTunInAuthFails Counter32, 836 ceipSecTunInDecrypts Counter32, 837 ceipSecTunInDecryptFails Counter32, 838 ceipSecTunOutOctets Counter64, 839 ceipSecTunOutUncompOctets Counter64, 840 ceipSecTunOutPkts Counter32, 841 ceipSecTunOutDropPkts Counter32, 842 ceipSecTunOutAuths Counter32, 843 ceipSecTunOutAuthFails Counter32, 844 ceipSecTunOutEncrypts Counter32, 845 ceipSecTunOutEncryptFails Counter32, 846 ceipSecTunOutCompressedPkts Counter32, 847 ceipSecTunOutCompSkippedPkts Counter32, 848 ceipSecTunOutCompFailPkts Counter32, 849 ceipSecTunOutCompTooSmallPkts Counter32, 850 ceipSecIfIndex InterfaceIndex, 851 ceipSecTunStatus CIPsecTunnelStatus 852} 853 854ceipSecTunIndex OBJECT-TYPE 855 SYNTAX CIPsecPhase2TunnelIndex 856 MAX-ACCESS not-accessible 857 STATUS current 858 DESCRIPTION 859 "The index of the IPsec Phase-2 Tunnel Table. 860 The value of the index is a number which begins 861 at 1 and is incremented with each tunnel that is 862 created. The value of this object will wrap at 863 2,147,483,647. 864 865 Since this object must correspond to a valid 866 Phase-2 IPsec tunnel, this object may not assume 867 the value of 0." 868 ::= { ceipSecTunnelEntry 1 } 869 870ceipSecTunLocalAddressType OBJECT-TYPE 871 SYNTAX InetAddressType 872 MAX-ACCESS read-only 873 STATUS current 874 DESCRIPTION 875 "The type of the IP address of the local endpoint 876 for the IPsec Phase-2 Tunnel." 877 ::= { ceipSecTunnelEntry 2 } 878 879ceipSecTunLocalAddress OBJECT-TYPE 880 SYNTAX InetAddress 881 MAX-ACCESS read-only 882 STATUS current 883 DESCRIPTION 884 "The IP address of the local endpoint 885 for the IPsec Phase-2 Tunnel." 886 ::= { ceipSecTunnelEntry 3 } 887 888ceipSecTunRemoteAddressType OBJECT-TYPE 889 SYNTAX InetAddressType 890 MAX-ACCESS read-only 891 STATUS current 892 DESCRIPTION 893 "The type of the IP address of the remote 894 endpoint for the IPsec Phase-2 Tunnel." 895 ::= { ceipSecTunnelEntry 4 } 896 897ceipSecTunRemoteAddress OBJECT-TYPE 898 SYNTAX InetAddress 899 MAX-ACCESS read-only 900 STATUS current 901 DESCRIPTION 902 "The IP address of the remote endpoint for 903 the IPsec Phase-2 Tunnel." 904 ::= { ceipSecTunnelEntry 5 } 905 906ceipSecTunControlProtocol OBJECT-TYPE 907 SYNTAX CIPsecControlProtocol 908 MAX-ACCESS read-only 909 STATUS current 910 DESCRIPTION 911 "Identifies the protocol used to setup and 912 administer this Phase-2 IPsec tunnel. 913 914 In case this tunnel was spawned by an IPsec 915 signaling protocol, this MIB object contains the 916 value of the object 'cisgIpsSgProtocol' defined 917 in CISCO-IPSEC-SIGNALING-MIB in the table 918 'cisgIpsSgTunnelTable' in the row corresponding 919 to the control tunnel. 920 921 A value of 'cpManual' is indicative of a 922 manually installed and administered Phase-2 923 tunnel." 924 ::= { ceipSecTunnelEntry 6 } 925 926ceipSecTunControlTunnelIndex OBJECT-TYPE 927 SYNTAX CIPsecPhase1TunnelIndexOrZero 928 MAX-ACCESS read-only 929 STATUS current 930 DESCRIPTION 931 "The index of the associated IPsec Phase-1 932 Tunnel. In case this tunnel was spawned by an 933 IPsec signaling protocol, this MIB object 934 contains the value of the object 'cisgIpsSgTunIndex' 935 defined in CISCO-IPSEC-SIGNALING-MIB in the table 936 'cisgIpsSgTunnelTable' in the row corresponding to 937 the control tunnel. 938 939 A value of 0 identifies that this Phase-2 tunnel 940 was setup manually." 941 ::= { ceipSecTunnelEntry 7 } 942 943ceipSecTunControlTunnelAlive OBJECT-TYPE 944 SYNTAX TruthValue 945 MAX-ACCESS read-only 946 STATUS current 947 DESCRIPTION 948 "An indicator which specifies whether or not the 949 IPsec Phase-1 Tunnel that spawned this Phase-2 950 tunnel currently exists." 951 ::= { ceipSecTunnelEntry 8 } 952 953ceipSecTunEncapMode OBJECT-TYPE 954 SYNTAX CIPsecEncapMode 955 MAX-ACCESS read-only 956 STATUS current 957 DESCRIPTION 958 "The encapsulation mode used by the 959 IPsec Phase-2 Tunnel." 960 ::= { ceipSecTunnelEntry 9 } 961 962ceipSecTunNATTraversalMode OBJECT-TYPE 963 SYNTAX CIPsecNATTraversalMode 964 MAX-ACCESS read-only 965 STATUS current 966 DESCRIPTION 967 "The encapsulation used by the IPsec Phase-2 968 tunnel for NAT traversal. 969 970 The value of this object is constrained based on 971 the value of the column 'ceipSecTunEncapMode'. If 972 the value of 'ceipSecTunEncapMode' is 'encapTransport', 973 then this object may not assume the values 974 'natEncapIPsecOverUdp' or 'natEncapIPsecOverTcp'." 975 ::= { ceipSecTunnelEntry 10 } 976 977ceipSecTunLifeSize OBJECT-TYPE 978 SYNTAX Unsigned32 (1..4294967295) 979 UNITS "KBytes" 980 MAX-ACCESS read-only 981 STATUS current 982 DESCRIPTION 983 "The negotiated LifeSize of the 984 IPsec Phase-2 Tunnel in kilobytes." 985 ::= { ceipSecTunnelEntry 11 } 986 987ceipSecTunLifeTime OBJECT-TYPE 988 SYNTAX Unsigned32 989 UNITS "Seconds" 990 MAX-ACCESS read-only 991 STATUS current 992 DESCRIPTION 993 "The negotiated LifeTime of the IPsec Phase-2 994 Tunnel in seconds. 995 996 If the tunnel was setup manually, the value of this 997 MIB element should be 0." 998 ::= { ceipSecTunnelEntry 12 } 999 1000ceipSecTunActiveTime OBJECT-TYPE 1001 SYNTAX TimeInterval 1002 MAX-ACCESS read-only 1003 STATUS current 1004 DESCRIPTION 1005 "The length of time the IPsec Phase-2 1006 Tunnel has been active in hundredths of seconds." 1007 ::= { ceipSecTunnelEntry 13 } 1008 1009ceipSecTunSaLifeSizeThreshold OBJECT-TYPE 1010 SYNTAX Unsigned32 1011 UNITS "KBytes" 1012 MAX-ACCESS read-only 1013 STATUS current 1014 DESCRIPTION 1015 "The security association LifeSize refresh 1016 threshold in kilobytes. 1017 1018 If the tunnel was setup manually, the value of this 1019 MIB element should be 0." 1020 ::= { ceipSecTunnelEntry 14 } 1021 1022ceipSecTunSaLifeTimeThreshold OBJECT-TYPE 1023 SYNTAX Unsigned32 1024 UNITS "Seconds" 1025 MAX-ACCESS read-only 1026 STATUS current 1027 DESCRIPTION 1028 "The security association LifeTime refresh 1029 threshold in seconds. 1030 1031 If the tunnel was setup manually, the value of this 1032 MIB element should be 0." 1033 ::= { ceipSecTunnelEntry 15 } 1034 1035ceipSecTunTotalRefreshes OBJECT-TYPE 1036 SYNTAX Counter32 1037 UNITS "QM Exchanges" 1038 MAX-ACCESS read-only 1039 STATUS current 1040 DESCRIPTION 1041 "The total number of security 1042 association refreshes performed." 1043 ::= { ceipSecTunnelEntry 16 } 1044 1045ceipSecTunExpiredSaInstances OBJECT-TYPE 1046 SYNTAX Counter32 1047 UNITS "SAs" 1048 MAX-ACCESS read-only 1049 STATUS current 1050 DESCRIPTION 1051 "The total number of security associations 1052 which have expired. 1053 1054 If the tunnel was setup manually, the value of this 1055 MIB element should be 0." 1056 ::= { ceipSecTunnelEntry 17 } 1057 1058ceipSecTunCurrentSaInstances OBJECT-TYPE 1059 SYNTAX Gauge32 1060 MAX-ACCESS read-only 1061 STATUS current 1062 DESCRIPTION 1063 "The number of security associations 1064 which are currently active or expiring." 1065 ::= { ceipSecTunnelEntry 18 } 1066 1067ceipSecTunInSaDHGrp OBJECT-TYPE 1068 SYNTAX CIPsecDiffHellmanGrp 1069 MAX-ACCESS read-only 1070 STATUS current 1071 DESCRIPTION 1072 "The Diffie Hellman Group used 1073 by the inbound security association of the 1074 IPsec Phase-2 Tunnel. 1075 1076 If the tunnel was setup manually, the value of this 1077 MIB element would be `none'." 1078 ::= { ceipSecTunnelEntry 19 } 1079 1080ceipSecTunInSaEncryptAlgo OBJECT-TYPE 1081 SYNTAX CIPsecEncryptAlgorithm 1082 MAX-ACCESS read-only 1083 STATUS current 1084 DESCRIPTION 1085 "The encryption algorithm used by the inbound security 1086 association of the IPsec Phase-2 Tunnel." 1087 ::= { ceipSecTunnelEntry 20 } 1088 1089ceipSecTunInSaEncryptKeySize OBJECT-TYPE 1090 SYNTAX CIPsecEncryptionKeySize 1091 UNITS "Bits" 1092 MAX-ACCESS read-only 1093 STATUS current 1094 DESCRIPTION 1095 "The key size in bits of the negotiated key to be 1096 used with the algorithm denoted by 1097 'ceipSecTunInSaEncryptAlgo'. 1098 1099 For DES and 3DES the key size is respectively 56 and 1100 168. For AES, this will denote the negotiated key size." 1101 ::= { ceipSecTunnelEntry 21 } 1102 1103ceipSecTunInSaAhAuthAlgo OBJECT-TYPE 1104 SYNTAX CIPsecAuthAlgorithm 1105 MAX-ACCESS read-only 1106 STATUS current 1107 DESCRIPTION 1108 "The authentication algorithm used by the inbound 1109 authentication header (AH) security association of 1110 the IPsec Phase-2 Tunnel." 1111 ::= { ceipSecTunnelEntry 22 } 1112 1113ceipSecTunInSaEspAuthAlgo OBJECT-TYPE 1114 SYNTAX CIPsecAuthAlgorithm 1115 MAX-ACCESS read-only 1116 STATUS current 1117 DESCRIPTION 1118 "The authentication algorithm used by the inbound 1119 ecapsulation security protocol (ESP) security 1120 association of the IPsec Phase-2 Tunnel." 1121 ::= { ceipSecTunnelEntry 23 } 1122 1123ceipSecTunInSaDecompAlgo OBJECT-TYPE 1124 SYNTAX CIPsecCompAlgorithm 1125 MAX-ACCESS read-only 1126 STATUS current 1127 DESCRIPTION 1128 "The decompression algorithm used by the inbound 1129 security association of the IPsec Phase-2 Tunnel." 1130 ::= { ceipSecTunnelEntry 24 } 1131 1132ceipSecTunOutSaDHGrp OBJECT-TYPE 1133 SYNTAX CIPsecDiffHellmanGrp 1134 MAX-ACCESS read-only 1135 STATUS current 1136 DESCRIPTION 1137 "The Diffie Hellman Group used by the outbound security 1138 association of the IPsec Phase-2 Tunnel. 1139 1140 If the tunnel was setup manually, the value of this 1141 MIB element would be 'none'." 1142 ::= { ceipSecTunnelEntry 25 } 1143 1144ceipSecTunOutSaEncryptAlgo OBJECT-TYPE 1145 SYNTAX CIPsecEncryptAlgorithm 1146 MAX-ACCESS read-only 1147 STATUS current 1148 DESCRIPTION 1149 "The encryption algorithm used by the outbound security 1150 association of the IPsec Phase-2 Tunnel." 1151 ::= { ceipSecTunnelEntry 26 } 1152 1153ceipSecTunOutSaEncryptKeySize OBJECT-TYPE 1154 SYNTAX CIPsecEncryptionKeySize 1155 UNITS "Bits" 1156 MAX-ACCESS read-only 1157 STATUS current 1158 DESCRIPTION 1159 "The key size in bits of the negotiated key to be 1160 used with the algorithm denoted by 1161 'ceipSecTunOutSaEncryptAlgo'. 1162 1163 For DES and 3DES the key size is respectively 56 and 1164 168. For AES, this will denote the negotiated key size." 1165 ::= { ceipSecTunnelEntry 27 } 1166 1167ceipSecTunOutSaAhAuthAlgo OBJECT-TYPE 1168 SYNTAX CIPsecAuthAlgorithm 1169 MAX-ACCESS read-only 1170 STATUS current 1171 DESCRIPTION 1172 "The authentication algorithm used by the outbound 1173 authentication header (AH) security association of 1174 the IPsec Phase-2 Tunnel." 1175 ::= { ceipSecTunnelEntry 28 } 1176 1177ceipSecTunOutSaEspAuthAlgo OBJECT-TYPE 1178 SYNTAX CIPsecAuthAlgorithm 1179 MAX-ACCESS read-only 1180 STATUS current 1181 DESCRIPTION 1182 "The authentication algorithm used by the inbound 1183 encapsulation security protocol (ESP) 1184 security association of the IPsec Phase-2 Tunnel." 1185 ::= { ceipSecTunnelEntry 29 } 1186 1187ceipSecTunOutSaCompAlgo OBJECT-TYPE 1188 SYNTAX CIPsecCompAlgorithm 1189 MAX-ACCESS read-only 1190 STATUS current 1191 DESCRIPTION 1192 "The compression algorithm used by the inbound 1193 security association of the IPsec Phase-2 Tunnel." 1194 ::= { ceipSecTunnelEntry 30 } 1195 1196ceipSecTunPmtu OBJECT-TYPE 1197 SYNTAX CIPsecPmtu 1198 UNITS "Octets" 1199 MAX-ACCESS read-only 1200 STATUS current 1201 DESCRIPTION 1202 "The Path MTU for this IPsec Phase-2 tunnel, which has 1203 been either learnt from the network or which has been 1204 specified by the administrator. The lower end of the 1205 range is 68 which is the minimum MTU for IPv4." 1206 ::= { ceipSecTunnelEntry 31 } 1207 1208ceipSecTunInOctets OBJECT-TYPE 1209 SYNTAX Counter64 1210 UNITS "Octets" 1211 MAX-ACCESS read-only 1212 STATUS current 1213 DESCRIPTION 1214 "A high capacity count of the total number of octets 1215 received by this IPsec Phase-2 Tunnel. This value is 1216 accumulated BEFORE determining whether or not the packet 1217 should be decompressed." 1218 ::= { ceipSecTunnelEntry 32 } 1219 1220ceipSecTunInDecompOctets OBJECT-TYPE 1221 SYNTAX Counter64 1222 MAX-ACCESS read-only 1223 STATUS current 1224 DESCRIPTION 1225 "A high capacity count of the total number of decompressed 1226 octets received by this IPsec Phase-2 Tunnel. This value 1227 is accumulated AFTER the packet is decompressed. If 1228 compression is not being used, this value will match the 1229 value of ceipSecTunInOctets." 1230 ::= { ceipSecTunnelEntry 33 } 1231 1232ceipSecTunInPkts OBJECT-TYPE 1233 SYNTAX Counter32 1234 UNITS "Packets" 1235 MAX-ACCESS read-only 1236 STATUS current 1237 DESCRIPTION 1238 "The total number of packets received by this IPsec 1239 Phase-2 Tunnel." 1240 ::= { ceipSecTunnelEntry 34 } 1241 1242ceipSecTunInDropPkts OBJECT-TYPE 1243 SYNTAX Counter32 1244 UNITS "Packets" 1245 MAX-ACCESS read-only 1246 STATUS current 1247 DESCRIPTION 1248 "The total number of packets dropped 1249 during receive processing by this IPsec Phase-2 1250 Tunnel. This count does NOT include 1251 packets dropped due to Anti-Replay processing." 1252 ::= { ceipSecTunnelEntry 35 } 1253 1254ceipSecTunInReplayDropPkts OBJECT-TYPE 1255 SYNTAX Counter32 1256 UNITS "Packets" 1257 MAX-ACCESS read-only 1258 STATUS current 1259 DESCRIPTION 1260 "The total number of packets dropped during 1261 receive processing due to Anti-Replay processing 1262 by this IPsec Phase-2 Tunnel." 1263 ::= { ceipSecTunnelEntry 36 } 1264 1265ceipSecTunInAuths OBJECT-TYPE 1266 SYNTAX Counter32 1267 UNITS "Events" 1268 MAX-ACCESS read-only 1269 STATUS current 1270 DESCRIPTION 1271 "The total number of inbound 1272 authentication's performed by this 1273 IPsec Phase-2 Tunnel." 1274 ::= { ceipSecTunnelEntry 37 } 1275 1276ceipSecTunInAuthFails OBJECT-TYPE 1277 SYNTAX Counter32 1278 UNITS "Failures" 1279 MAX-ACCESS read-only 1280 STATUS current 1281 DESCRIPTION 1282 "The total number of inbound authentication's 1283 which ended in failure by this IPsec Phase-2 Tunnel ." 1284 ::= { ceipSecTunnelEntry 38 } 1285 1286ceipSecTunInDecrypts OBJECT-TYPE 1287 SYNTAX Counter32 1288 UNITS "Packets" 1289 MAX-ACCESS read-only 1290 STATUS current 1291 DESCRIPTION 1292 "The total number of inbound decryption's performed 1293 by this IPsec Phase-2 Tunnel." 1294 ::= { ceipSecTunnelEntry 39 } 1295 1296ceipSecTunInDecryptFails OBJECT-TYPE 1297 SYNTAX Counter32 1298 UNITS "Failures" 1299 MAX-ACCESS read-only 1300 STATUS current 1301 DESCRIPTION 1302 "The total number of inbound decryption's 1303 which ended in failure by this IPsec Phase-2 Tunnel." 1304 ::= { ceipSecTunnelEntry 40 } 1305 1306ceipSecTunOutOctets OBJECT-TYPE 1307 SYNTAX Counter64 1308 MAX-ACCESS read-only 1309 STATUS current 1310 DESCRIPTION 1311 "A high capacity count of the total number of octets 1312 sent by this IPsec Phase-2 Tunnel. This value is 1313 accumulated AFTER determining whether or not the 1314 packet should be compressed." 1315 ::= { ceipSecTunnelEntry 41 } 1316 1317ceipSecTunOutUncompOctets OBJECT-TYPE 1318 SYNTAX Counter64 1319 MAX-ACCESS read-only 1320 STATUS current 1321 DESCRIPTION 1322 "A high capacity count of the total number 1323 of uncompressed octets sent by this IPsec 1324 Phase-2 Tunnel. This value is accumulated BEFORE 1325 the packet is compressed. If compression 1326 is not being used, this value will match the value 1327 of ceipSecTunOutOctets." 1328 ::= { ceipSecTunnelEntry 42 } 1329 1330ceipSecTunOutPkts OBJECT-TYPE 1331 SYNTAX Counter32 1332 UNITS "Packets" 1333 MAX-ACCESS read-only 1334 STATUS current 1335 DESCRIPTION 1336 "The total number of packets sent by this 1337 IPsec Phase-2 Tunnel." 1338 ::= { ceipSecTunnelEntry 43 } 1339 1340ceipSecTunOutDropPkts OBJECT-TYPE 1341 SYNTAX Counter32 1342 UNITS "Packets" 1343 MAX-ACCESS read-only 1344 STATUS current 1345 DESCRIPTION 1346 "The total number of packets dropped during 1347 send processing by this IPsec Phase-2 Tunnel." 1348 ::= { ceipSecTunnelEntry 44 } 1349 1350ceipSecTunOutAuths OBJECT-TYPE 1351 SYNTAX Counter32 1352 UNITS "Events" 1353 MAX-ACCESS read-only 1354 STATUS current 1355 DESCRIPTION 1356 "The total number of outbound authentication's performed 1357 by this IPsec Phase-2 Tunnel." 1358 ::= { ceipSecTunnelEntry 45 } 1359 1360ceipSecTunOutAuthFails OBJECT-TYPE 1361 SYNTAX Counter32 1362 UNITS "Failures" 1363 MAX-ACCESS read-only 1364 STATUS current 1365 DESCRIPTION 1366 "The total number of outbound 1367 authentication's which ended in failure 1368 by this IPsec Phase-2 Tunnel." 1369 ::= { ceipSecTunnelEntry 46 } 1370 1371ceipSecTunOutEncrypts OBJECT-TYPE 1372 SYNTAX Counter32 1373 UNITS "Packets" 1374 MAX-ACCESS read-only 1375 STATUS current 1376 DESCRIPTION 1377 "The total number of outbound encryption's performed 1378 by this IPsec Phase-2 Tunnel." 1379 ::= { ceipSecTunnelEntry 47 } 1380 1381ceipSecTunOutEncryptFails OBJECT-TYPE 1382 SYNTAX Counter32 1383 UNITS "Failures" 1384 MAX-ACCESS read-only 1385 STATUS current 1386 DESCRIPTION 1387 "The total number of outbound encryption's 1388 which ended in failure by this IPsec Phase-2 Tunnel." 1389 ::= { ceipSecTunnelEntry 48 } 1390 1391ceipSecTunOutCompressedPkts OBJECT-TYPE 1392 SYNTAX Counter32 1393 UNITS "Packets" 1394 MAX-ACCESS read-only 1395 STATUS current 1396 DESCRIPTION 1397 "The total number of outbound packets 1398 which were successfully compressed." 1399 ::= { ceipSecTunnelEntry 49 } 1400 1401ceipSecTunOutCompSkippedPkts OBJECT-TYPE 1402 SYNTAX Counter32 1403 UNITS "Packets" 1404 MAX-ACCESS read-only 1405 STATUS current 1406 DESCRIPTION 1407 "The total number of outbound packets that were to be 1408 compressed but which were skipped due to the compression 1409 hysteresis." 1410 ::= { ceipSecTunnelEntry 50 } 1411 1412ceipSecTunOutCompFailPkts OBJECT-TYPE 1413 SYNTAX Counter32 1414 UNITS "Packets" 1415 MAX-ACCESS read-only 1416 STATUS current 1417 DESCRIPTION 1418 "The total number of outbound packets that failed 1419 compression because they grew in size after compression." 1420 ::= { ceipSecTunnelEntry 51 } 1421 1422ceipSecTunOutCompTooSmallPkts OBJECT-TYPE 1423 SYNTAX Counter32 1424 UNITS "Packets" 1425 MAX-ACCESS read-only 1426 STATUS current 1427 DESCRIPTION 1428 "The total number of outbound packets that were to be 1429 compressed but were smaller than the compression threshold 1430 size." 1431 ::= { ceipSecTunnelEntry 52 } 1432 1433ceipSecIfIndex OBJECT-TYPE 1434 SYNTAX InterfaceIndex 1435 MAX-ACCESS read-only 1436 STATUS current 1437 DESCRIPTION 1438 "This object represents the ifIndex of an interface 1439 where this tunnel is created. 1440 Multiple IPsec tunnels can be created using the same 1441 interface." 1442 ::= { ceipSecTunnelEntry 53 } 1443 1444ceipSecTunStatus OBJECT-TYPE 1445 SYNTAX CIPsecTunnelStatus 1446 MAX-ACCESS read-write 1447 STATUS current 1448 DESCRIPTION 1449 "The status of the MIB table row. 1450 1451 This object can be used to bring the tunnel down 1452 or force a rekeying. 1453 When the value is set to destroy(5), the SA 1454 bundle is destroyed and this row is deleted 1455 from this table. When the value is set to rekey(6), 1456 then rekeying is forced on this tunnel. 1457 1458 When this MIB value is queried, the value of 1459 active(4) is always returned, if the instance 1460 exists. 1461 1462 This object cannot be used to create a MIB 1463 table row." 1464 ::= { ceipSecTunnelEntry 54 } 1465 1466 1467-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1468-- The IPsec Phase-2 Tunnel Endpoint Table 1469-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1470 1471ceipSecEndPtTable OBJECT-TYPE 1472 SYNTAX SEQUENCE OF CeipSecEndPtEntry 1473 MAX-ACCESS not-accessible 1474 STATUS current 1475 DESCRIPTION 1476 "The IPsec Phase-2 Tunnel Endpoint Table. 1477 This table contains an entry for each 1478 active endpoint associated with an IPsec 1479 Phase-2 Tunnel." 1480 ::= { ceipSecPhaseTwo 3 } 1481 1482ceipSecEndPtEntry OBJECT-TYPE 1483 SYNTAX CeipSecEndPtEntry 1484 MAX-ACCESS not-accessible 1485 STATUS current 1486 DESCRIPTION 1487 "An IPsec Phase-2 Tunnel Endpoint entry." 1488 INDEX { 1489 ceipSecTunIndex, 1490 ceipSecEndPtIndex 1491 } 1492 ::= { ceipSecEndPtTable 1 } 1493 1494CeipSecEndPtEntry ::= SEQUENCE { 1495 ceipSecEndPtIndex Unsigned32, 1496 ceipSecEndPtLocalName SnmpAdminString, 1497 ceipSecEndPtLocalType CIPsecEndPtType, 1498 ceipSecEndPtLocalAddrType1 InetAddressType, 1499 ceipSecEndPtLocalAddr1 InetAddress, 1500 ceipSecEndPtLocalAddrType2 InetAddressType, 1501 ceipSecEndPtLocalAddr2 InetAddress, 1502 ceipSecEndPtLocalProtocol CiscoIpProtocol, 1503 ceipSecEndPtLocalPort CiscoPort, 1504 ceipSecEndPtRemoteName SnmpAdminString, 1505 ceipSecEndPtRemoteType CIPsecEndPtType, 1506 ceipSecEndPtRemoteAddrType1 InetAddressType, 1507 ceipSecEndPtRemoteAddr1 InetAddress, 1508 ceipSecEndPtRemoteAddrType2 InetAddressType, 1509 ceipSecEndPtRemoteAddr2 InetAddress, 1510 ceipSecEndPtRemoteProtocol CiscoIpProtocol, 1511 ceipSecEndPtRemotePort CiscoPort 1512} 1513 1514ceipSecEndPtIndex OBJECT-TYPE 1515 SYNTAX Unsigned32 (1..4294967295) 1516 MAX-ACCESS not-accessible 1517 STATUS current 1518 DESCRIPTION 1519 "The number of the Endpoint associated with the 1520 IPsec Phase-2 Tunnel Table. The value of this 1521 index is a number which begins at one and 1522 is incremented with each Endpoint associated 1523 with an IPsec Phase-2 Tunnel. 1524 The value of this object will wrap at 4,294,967,295." 1525 ::= { ceipSecEndPtEntry 1 } 1526 1527ceipSecEndPtLocalName OBJECT-TYPE 1528 SYNTAX SnmpAdminString 1529 MAX-ACCESS read-only 1530 STATUS current 1531 DESCRIPTION 1532 "The DNS name of the local Endpoint." 1533 ::= { ceipSecEndPtEntry 2 } 1534 1535ceipSecEndPtLocalType OBJECT-TYPE 1536 SYNTAX CIPsecEndPtType 1537 MAX-ACCESS read-only 1538 STATUS current 1539 DESCRIPTION 1540 "The type of identity for the local Endpoint." 1541 ::= { ceipSecEndPtEntry 3 } 1542 1543ceipSecEndPtLocalAddrType1 OBJECT-TYPE 1544 SYNTAX InetAddressType 1545 MAX-ACCESS read-only 1546 STATUS current 1547 DESCRIPTION 1548 "The type of the IP address for this local Endpoint's 1549 first IP address." 1550 ::= { ceipSecEndPtEntry 4 } 1551 1552ceipSecEndPtLocalAddr1 OBJECT-TYPE 1553 SYNTAX InetAddress 1554 MAX-ACCESS read-only 1555 STATUS current 1556 DESCRIPTION 1557 "The local Endpoint's first IP address specification. 1558 1559 If the local Endpoint type is single IP address, 1560 then this is the value of the IP address. 1561 1562 If the local Endpoint type is IP subnet, then this 1563 is the value of the subnet. 1564 1565 If the local Endpoint type is IP address range, 1566 then this is the value of beginning IP address 1567 of the range. 1568 1569 If the type is an IP address, a range or a subnet, 1570 the type of the address can be inferred from 1571 ceipSecEndPtLocalType." 1572 ::= { ceipSecEndPtEntry 5 } 1573 1574ceipSecEndPtLocalAddrType2 OBJECT-TYPE 1575 SYNTAX InetAddressType 1576 MAX-ACCESS read-only 1577 STATUS current 1578 DESCRIPTION 1579 "The type of the IP address for this local Endpoint's 1580 second IP address." 1581 ::= { ceipSecEndPtEntry 6 } 1582 1583ceipSecEndPtLocalAddr2 OBJECT-TYPE 1584 SYNTAX InetAddress 1585 MAX-ACCESS read-only 1586 STATUS current 1587 DESCRIPTION 1588 "The local Endpoint's second IP address specification. 1589 1590 If the local Endpoint type is single IP address, 1591 then this is the value of the IP address. 1592 1593 If the local Endpoint type is IP subnet, then this 1594 is the value of the subnet mask. 1595 1596 If the local Endpoint type is IP address range, 1597 then this is the value of ending IP address 1598 of the range. 1599 1600 If the type is an IP address, a range or a subnet, 1601 the type of the address can be inferred from 1602 ceipSecEndPtLocalType." 1603 ::= { ceipSecEndPtEntry 7 } 1604 1605ceipSecEndPtLocalProtocol OBJECT-TYPE 1606 SYNTAX CiscoIpProtocol 1607 MAX-ACCESS read-only 1608 STATUS current 1609 DESCRIPTION 1610 "The protocol number of the local Endpoint's traffic." 1611 ::= { ceipSecEndPtEntry 8 } 1612 1613ceipSecEndPtLocalPort OBJECT-TYPE 1614 SYNTAX CiscoPort 1615 MAX-ACCESS read-only 1616 STATUS current 1617 DESCRIPTION 1618 "The port number of the local Endpoint's traffic." 1619 ::= { ceipSecEndPtEntry 9 } 1620 1621ceipSecEndPtRemoteName OBJECT-TYPE 1622 SYNTAX SnmpAdminString 1623 MAX-ACCESS read-only 1624 STATUS current 1625 DESCRIPTION 1626 "The DNS name of the remote Endpoint." 1627 ::= { ceipSecEndPtEntry 10 } 1628 1629ceipSecEndPtRemoteType OBJECT-TYPE 1630 SYNTAX CIPsecEndPtType 1631 MAX-ACCESS read-only 1632 STATUS current 1633 DESCRIPTION 1634 "The type of identity for the remote Endpoint." 1635 ::= { ceipSecEndPtEntry 11 } 1636 1637ceipSecEndPtRemoteAddrType1 OBJECT-TYPE 1638 SYNTAX InetAddressType 1639 MAX-ACCESS read-only 1640 STATUS current 1641 DESCRIPTION 1642 "The type of the IP address for this remote Endpoint's 1643 first IP address." 1644 ::= { ceipSecEndPtEntry 12 } 1645 1646ceipSecEndPtRemoteAddr1 OBJECT-TYPE 1647 SYNTAX InetAddress 1648 MAX-ACCESS read-only 1649 STATUS current 1650 DESCRIPTION 1651 "The remote Endpoint's first IP address specification. 1652 1653 If the remote Endpoint type is single IP address, 1654 then this is the value of the IP address. 1655 1656 If the remote Endpoint type is IP subnet, then this 1657 is the value of the subnet. 1658 1659 If the remote Endpoint type is IP address range, 1660 then this is the value of beginning IP address 1661 of the range. 1662 1663 If the type is an IP address, a range or a subnet, 1664 the type of the address can be inferred from 1665 ceipSecEndPtRemoteType." 1666 ::= { ceipSecEndPtEntry 13 } 1667 1668ceipSecEndPtRemoteAddrType2 OBJECT-TYPE 1669 SYNTAX InetAddressType 1670 MAX-ACCESS read-only 1671 STATUS current 1672 DESCRIPTION 1673 "The type of the IP address for this remote Endpoint's 1674 second IP address." 1675 ::= { ceipSecEndPtEntry 14 } 1676 1677ceipSecEndPtRemoteAddr2 OBJECT-TYPE 1678 SYNTAX InetAddress 1679 MAX-ACCESS read-only 1680 STATUS current 1681 DESCRIPTION 1682 "The remote Endpoint's second IP address specification. 1683 1684 If the remote Endpoint type is single IP address, 1685 then this is the value of the IP address. 1686 1687 If the remote Endpoint type is IP subnet, then this 1688 is the value of the subnet mask. 1689 1690 If the remote Endpoint type is IP address range, 1691 then this is the value of ending IP address of 1692 the range. 1693 1694 If the type is an IP address, a range or a subnet, 1695 the type of the address can be inferred from 1696 ceipSecEndPtRemoteType." 1697 ::= { ceipSecEndPtEntry 15 } 1698 1699ceipSecEndPtRemoteProtocol OBJECT-TYPE 1700 SYNTAX CiscoIpProtocol 1701 MAX-ACCESS read-only 1702 STATUS current 1703 DESCRIPTION 1704 "The protocol number of the remote Endpoint's traffic." 1705 ::= { ceipSecEndPtEntry 16 } 1706 1707ceipSecEndPtRemotePort OBJECT-TYPE 1708 SYNTAX CiscoPort 1709 MAX-ACCESS read-only 1710 STATUS current 1711 DESCRIPTION 1712 "The port number of the remote Endpoint's traffic." 1713 ::= { ceipSecEndPtEntry 17 } 1714 1715 1716-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1717-- The IPsec Phase-2 Security Association Table 1718-- This table provides the security association (SA) 1719-- decomposition of the tunnels listed in the tunnel table. 1720-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1721 1722ceipSecSaTable OBJECT-TYPE 1723 SYNTAX SEQUENCE OF CeipSecSaEntry 1724 MAX-ACCESS not-accessible 1725 STATUS current 1726 DESCRIPTION 1727 "The IPsec Phase-2 Security Association Table. 1728 This table identifies the structure (in terms of 1729 component SAs) of each active Phase-2 IPsec tunnel. 1730 This table contains an entry for each active and 1731 expiring security association and maps each entry 1732 in the active Phase-2 tunnel table (ceipSecTunTable) 1733 into a number of entries in this table. The index 1734 of this table reflects the 1735 1736 <destination-address, protocol, spi> 1737 1738 rule for identifying Security Associations." 1739 ::= { ceipSecPhaseTwo 4 } 1740 1741ceipSecSaEntry OBJECT-TYPE 1742 SYNTAX CeipSecSaEntry 1743 MAX-ACCESS not-accessible 1744 STATUS current 1745 DESCRIPTION 1746 "Each entry contains the attributes associated with 1747 active and expiring IPsec Phase-2 1748 security associations." 1749 INDEX { 1750 ceipSecTunIndex, 1751 ceipSecSaProtocol, 1752 ceipSecSaIndex 1753 } 1754 ::= { ceipSecSaTable 1 } 1755 1756CeipSecSaEntry ::= SEQUENCE { 1757 ceipSecSaProtocol CIPsecProtocol, 1758 ceipSecSaIndex Unsigned32, 1759 ceipSecSaDirection CIPsecPhase2SaDirection, 1760 ceipSecSaValue CIPsecSpi, 1761 ceipSecSaStatus INTEGER 1762} 1763 1764ceipSecSaProtocol OBJECT-TYPE 1765 SYNTAX CIPsecProtocol 1766 MAX-ACCESS not-accessible 1767 STATUS current 1768 DESCRIPTION 1769 "This column represents the security protocol (AH, 1770 ESP or IPComp) for which this security association 1771 was setup." 1772 ::= { ceipSecSaEntry 1 } 1773 1774ceipSecSaIndex OBJECT-TYPE 1775 SYNTAX Unsigned32 (1..4294967295) 1776 MAX-ACCESS not-accessible 1777 STATUS current 1778 DESCRIPTION 1779 "The object, in the context of the IPsec tunnel 1780 'ceipSecTunIndex', is an index of security 1781 associations comprising the Phase-2 IPsec tunnel 1782 represented by the tunnel index 'ceipSecTunIndex'. 1783 1784 The value of this index is a number which begins at 1785 1 and is incremented with each SPI associated with 1786 the corresponding IPsec Phase-2 Tunnel." 1787 ::= { ceipSecSaEntry 2 } 1788 1789ceipSecSaDirection OBJECT-TYPE 1790 SYNTAX CIPsecPhase2SaDirection 1791 MAX-ACCESS read-only 1792 STATUS current 1793 DESCRIPTION 1794 "Phase-2 IPsec security associations are simplex. 1795 Hence a particular security association is used either 1796 for securing outgoing traffic or decoding incoming 1797 traffic. This column identifies the direction of the 1798 security association represented by this entry." 1799 ::= { ceipSecSaEntry 3 } 1800 1801ceipSecSaValue OBJECT-TYPE 1802 SYNTAX CIPsecSpi 1803 MAX-ACCESS read-only 1804 STATUS current 1805 DESCRIPTION 1806 "This is the value of the Security Protection Index 1807 (SPI) assigned by the system to the security 1808 association represented by this entry." 1809 ::= { ceipSecSaEntry 4 } 1810 1811ceipSecSaStatus OBJECT-TYPE 1812 SYNTAX INTEGER { 1813 unknown(1), 1814 active(2), 1815 expiring(3) 1816 } 1817 MAX-ACCESS read-only 1818 STATUS current 1819 DESCRIPTION 1820 "This column represents the status of the security 1821 association represented by this conceptual row. If 1822 the status of the SA is 'active', the SA is ready 1823 for active use. The status 'expiring' represents any 1824 of the various states that the security association 1825 transitions through before being purged." 1826 ::= { ceipSecSaEntry 5 } 1827 1828 1829 1830ceipSecTunnelSaTable OBJECT-TYPE 1831 SYNTAX SEQUENCE OF CeipSecTunnelSaEntry 1832 MAX-ACCESS not-accessible 1833 STATUS current 1834 DESCRIPTION 1835 "The IPsec Phase-2 Tunnel Security Association Table. 1836 This table identifies the SAs that are currently 1837 associated with an active Phase-2 tunnel. 1838 This table contains an entry for each active or 1839 expiring security association (SA) which is 1840 associated with an ceipSecTunnelEntry in 'active' state 1841 and provides statistic information of this SA. 1842 There might be multiple SAs associated with one 1843 ceipSecTunnelEntry." 1844 ::= { ceipSecPhaseTwo 5 } 1845 1846ceipSecTunnelSaEntry OBJECT-TYPE 1847 SYNTAX CeipSecTunnelSaEntry 1848 MAX-ACCESS not-accessible 1849 STATUS current 1850 DESCRIPTION 1851 "Each entry contains the attributes and statistics 1852 associated with an active or expiring IPsec Phase-2 1853 security associations." 1854 INDEX { 1855 ceipSecTunIndex, 1856 ceipSecTunSaProtocol, 1857 ceipSecTunSaIndex, 1858 ceipSecTunSaDirection 1859 } 1860 ::= { ceipSecTunnelSaTable 1 } 1861 1862CeipSecTunnelSaEntry ::= SEQUENCE { 1863 ceipSecTunSaProtocol CIPsecProtocol, 1864 ceipSecTunSaIndex Unsigned32, 1865 ceipSecTunSaDirection CIPsecPhase2SaDirection, 1866 ceipSecTunSaValue CIPsecSpi, 1867 ceipSecTunSaIfIndex InterfaceIndex, 1868 ceipSecTunSaInOctets Counter64, 1869 ceipSecTunSaInDecompOctets Counter64, 1870 ceipSecTunSaInPkts Counter64, 1871 ceipSecTunSaInDropPkts Counter64, 1872 ceipSecTunSaInReplayDropPkts Counter64, 1873 ceipSecTunSaInAuths Counter64, 1874 ceipSecTunSaInAuthFails Counter64, 1875 ceipSecTunSaInDecrypts Counter64, 1876 ceipSecTunSaInDecryptFails Counter64, 1877 ceipSecTunSaOutOctets Counter64, 1878 ceipSecTunSaOutUncompOctets Counter64, 1879 ceipSecTunSaOutPkts Counter64, 1880 ceipSecTunSaOutDropPkts Counter64, 1881 ceipSecTunSaOutAuths Counter64, 1882 ceipSecTunSaOutAuthFails Counter64, 1883 ceipSecTunSaOutEncrypts Counter64, 1884 ceipSecTunSaOutEncryptFails Counter64, 1885 ceipSecTunSaOutCompressedPkts Counter64, 1886 ceipSecTunSaOutCompSkippedPkts Counter64, 1887 ceipSecTunSaOutCompFailPkts Counter64, 1888 ceipSecTunSaOutCompTooSmallPkts Counter64, 1889 ceipSecTunSaStatus INTEGER 1890} 1891 1892ceipSecTunSaProtocol OBJECT-TYPE 1893 SYNTAX CIPsecProtocol 1894 MAX-ACCESS not-accessible 1895 STATUS current 1896 DESCRIPTION 1897 "This column represents the security protocol (AH, 1898 ESP or IPComp) for which this security association 1899 was setup." 1900 ::= { ceipSecTunnelSaEntry 1 } 1901 1902ceipSecTunSaIndex OBJECT-TYPE 1903 SYNTAX Unsigned32 (1..4294967295) 1904 MAX-ACCESS not-accessible 1905 STATUS current 1906 DESCRIPTION 1907 "The object, in the context of the IPsec tunnel 1908 'ceipSecTunIndex', is an index of security 1909 associations comprising the Phase-2 IPsec tunnel 1910 represented by the tunnel index 'ceipSecTunIndex'. 1911 1912 The value of this index is a number which begins at 1913 1 and is incremented with each SPI associated with 1914 the corresponding IPsec Phase-2 Tunnel." 1915 ::= { ceipSecTunnelSaEntry 2 } 1916 1917ceipSecTunSaDirection OBJECT-TYPE 1918 SYNTAX CIPsecPhase2SaDirection 1919 MAX-ACCESS not-accessible 1920 STATUS current 1921 DESCRIPTION 1922 "Phase-2 IPsec security associations are simplex. 1923 Hence a particular security association is used either 1924 for securing outgoing traffic or decoding incoming 1925 traffic. This column identifies the direction of the 1926 security association represented by this entry." 1927 ::= { ceipSecTunnelSaEntry 3 } 1928 1929ceipSecTunSaValue OBJECT-TYPE 1930 SYNTAX CIPsecSpi 1931 MAX-ACCESS read-only 1932 STATUS current 1933 DESCRIPTION 1934 "This is the value of the Security Protection Index 1935 (SPI) assigned by the system to the security 1936 association represented by this entry." 1937 ::= { ceipSecTunnelSaEntry 4 } 1938 1939ceipSecTunSaIfIndex OBJECT-TYPE 1940 SYNTAX InterfaceIndex 1941 MAX-ACCESS read-only 1942 STATUS current 1943 DESCRIPTION 1944 "This object represents the ifIndex of an interface 1945 where a tunnel with ceipSecTunIndex is created. 1946 Multiple IPsec tunnels can be created using the same 1947 interface." 1948 ::= { ceipSecTunnelSaEntry 5 } 1949 1950ceipSecTunSaInOctets OBJECT-TYPE 1951 SYNTAX Counter64 1952 MAX-ACCESS read-only 1953 STATUS current 1954 DESCRIPTION 1955 "A high capacity count of the total number of octets 1956 received by using this SA. This value is 1957 accumulated BEFORE determining whether or not the packet 1958 should be decompressed." 1959 ::= { ceipSecTunnelSaEntry 6 } 1960 1961ceipSecTunSaInDecompOctets OBJECT-TYPE 1962 SYNTAX Counter64 1963 MAX-ACCESS read-only 1964 STATUS current 1965 DESCRIPTION 1966 "A high capacity count of the total number of decompressed 1967 octets received by using this SA. This value 1968 is accumulated AFTER the packet is decompressed. If 1969 compression is not being used, this value will match the 1970 value of ceipSecTunSaTunInOctets." 1971 ::= { ceipSecTunnelSaEntry 7 } 1972 1973ceipSecTunSaInPkts OBJECT-TYPE 1974 SYNTAX Counter64 1975 MAX-ACCESS read-only 1976 STATUS current 1977 DESCRIPTION 1978 "The total number of packets received by using this SA." 1979 ::= { ceipSecTunnelSaEntry 8 } 1980 1981ceipSecTunSaInDropPkts OBJECT-TYPE 1982 SYNTAX Counter64 1983 MAX-ACCESS read-only 1984 STATUS current 1985 DESCRIPTION 1986 "The total number of packets dropped 1987 during receive process by using this SA. 1988 This count does NOT include packets dropped due 1989 to Anti-Replay processing." 1990 ::= { ceipSecTunnelSaEntry 9 } 1991 1992ceipSecTunSaInReplayDropPkts OBJECT-TYPE 1993 SYNTAX Counter64 1994 MAX-ACCESS read-only 1995 STATUS current 1996 DESCRIPTION 1997 "The total number of packets dropped during 1998 receive processing due to Anti-Replay processing 1999 by using this SA." 2000 ::= { ceipSecTunnelSaEntry 10 } 2001 2002ceipSecTunSaInAuths OBJECT-TYPE 2003 SYNTAX Counter64 2004 MAX-ACCESS read-only 2005 STATUS current 2006 DESCRIPTION 2007 "The total number of inbound authentication's 2008 performed by using this SA." 2009 ::= { ceipSecTunnelSaEntry 11 } 2010 2011ceipSecTunSaInAuthFails OBJECT-TYPE 2012 SYNTAX Counter64 2013 MAX-ACCESS read-only 2014 STATUS current 2015 DESCRIPTION 2016 "The total number of inbound authentication's 2017 which ended in failure by using this SA." 2018 ::= { ceipSecTunnelSaEntry 12 } 2019 2020ceipSecTunSaInDecrypts OBJECT-TYPE 2021 SYNTAX Counter64 2022 MAX-ACCESS read-only 2023 STATUS current 2024 DESCRIPTION 2025 "The total number of inbound decryption's performed 2026 by this SA." 2027 ::= { ceipSecTunnelSaEntry 13 } 2028 2029ceipSecTunSaInDecryptFails OBJECT-TYPE 2030 SYNTAX Counter64 2031 MAX-ACCESS read-only 2032 STATUS current 2033 DESCRIPTION 2034 "The total number of inbound decryption's 2035 which ended in failure by using this SA." 2036 ::= { ceipSecTunnelSaEntry 14 } 2037 2038ceipSecTunSaOutOctets OBJECT-TYPE 2039 SYNTAX Counter64 2040 MAX-ACCESS read-only 2041 STATUS current 2042 DESCRIPTION 2043 "A high capacity count of the total number of octets 2044 sent by using this SA. This value is 2045 accumulated AFTER determining whether or not the packet 2046 should be compressed." 2047 ::= { ceipSecTunnelSaEntry 15 } 2048 2049ceipSecTunSaOutUncompOctets OBJECT-TYPE 2050 SYNTAX Counter64 2051 MAX-ACCESS read-only 2052 STATUS current 2053 DESCRIPTION 2054 "A high capacity count of the total number 2055 of uncompressed octets sent by using this SA. 2056 This value is accumulated BEFORE 2057 the packet is compressed. If compression 2058 is not being used, this value will match the value 2059 of ceipSecTunSaTunOutOctets." 2060 ::= { ceipSecTunnelSaEntry 16 } 2061 2062ceipSecTunSaOutPkts OBJECT-TYPE 2063 SYNTAX Counter64 2064 MAX-ACCESS read-only 2065 STATUS current 2066 DESCRIPTION 2067 "The total number of packets sent by using this SA." 2068 ::= { ceipSecTunnelSaEntry 17 } 2069 2070ceipSecTunSaOutDropPkts OBJECT-TYPE 2071 SYNTAX Counter64 2072 MAX-ACCESS read-only 2073 STATUS current 2074 DESCRIPTION 2075 "The total number of packets dropped during 2076 send processing by using this SA." 2077 ::= { ceipSecTunnelSaEntry 18 } 2078 2079ceipSecTunSaOutAuths OBJECT-TYPE 2080 SYNTAX Counter64 2081 MAX-ACCESS read-only 2082 STATUS current 2083 DESCRIPTION 2084 "The total number of outbound authentication's performed 2085 by using this SA." 2086 ::= { ceipSecTunnelSaEntry 19 } 2087 2088ceipSecTunSaOutAuthFails OBJECT-TYPE 2089 SYNTAX Counter64 2090 MAX-ACCESS read-only 2091 STATUS current 2092 DESCRIPTION 2093 "The total number of outbound 2094 authentication's which ended in failure 2095 by using this SA." 2096 ::= { ceipSecTunnelSaEntry 20 } 2097 2098ceipSecTunSaOutEncrypts OBJECT-TYPE 2099 SYNTAX Counter64 2100 MAX-ACCESS read-only 2101 STATUS current 2102 DESCRIPTION 2103 "The total number of outbound encryption's performed 2104 by using this SA." 2105 ::= { ceipSecTunnelSaEntry 21 } 2106 2107ceipSecTunSaOutEncryptFails OBJECT-TYPE 2108 SYNTAX Counter64 2109 MAX-ACCESS read-only 2110 STATUS current 2111 DESCRIPTION 2112 "The total number of outbound encryption's 2113 which ended in failure by using this SA." 2114 ::= { ceipSecTunnelSaEntry 22 } 2115 2116ceipSecTunSaOutCompressedPkts OBJECT-TYPE 2117 SYNTAX Counter64 2118 MAX-ACCESS read-only 2119 STATUS current 2120 DESCRIPTION 2121 "The total number of outbound packets 2122 which were successfully compressed by using this 2123 SA." 2124 ::= { ceipSecTunnelSaEntry 23 } 2125 2126ceipSecTunSaOutCompSkippedPkts OBJECT-TYPE 2127 SYNTAX Counter64 2128 MAX-ACCESS read-only 2129 STATUS current 2130 DESCRIPTION 2131 "The total number of outbound packets that were to be 2132 compressed but which were skipped due to the compression 2133 hysteresis when using this SA." 2134 ::= { ceipSecTunnelSaEntry 24 } 2135 2136ceipSecTunSaOutCompFailPkts OBJECT-TYPE 2137 SYNTAX Counter64 2138 MAX-ACCESS read-only 2139 STATUS current 2140 DESCRIPTION 2141 "The total number of outbound packets that failed 2142 compression because they grew in size after compression 2143 when using this SA." 2144 ::= { ceipSecTunnelSaEntry 25 } 2145 2146ceipSecTunSaOutCompTooSmallPkts OBJECT-TYPE 2147 SYNTAX Counter64 2148 MAX-ACCESS read-only 2149 STATUS current 2150 DESCRIPTION 2151 "The total number of outbound packets that were to be 2152 compressed but were smaller than the compression threshold 2153 size when using this SA." 2154 ::= { ceipSecTunnelSaEntry 26 } 2155 2156ceipSecTunSaStatus OBJECT-TYPE 2157 SYNTAX INTEGER { 2158 unknown(1), 2159 active(2), 2160 expiring(3) 2161 } 2162 MAX-ACCESS read-only 2163 STATUS current 2164 DESCRIPTION 2165 "This column represents the status of the security 2166 association represented by this conceptual row. If 2167 the status of the SA is 'active', the SA is ready 2168 for active use. The status 'expiring' represents any 2169 of the various states that the security association 2170 transitions through before being purged." 2171 ::= { ceipSecTunnelSaEntry 27 } 2172 2173 2174 2175ceipSecIfTunnelTable OBJECT-TYPE 2176 SYNTAX SEQUENCE OF CeipSecIfTunnelEntry 2177 MAX-ACCESS not-accessible 2178 STATUS current 2179 DESCRIPTION 2180 "The IPsec Phase-2 Tunnels to Interface association 2181 table. This table contains an entry for each 2182 active IPsec Phase-2 Tunnel created under an interface. 2183 Multiple IPsec Phase-2 Tunnels can be created using the 2184 same interface." 2185 ::= { ceipSecPhaseTwo 6 } 2186 2187ceipSecIfTunnelEntry OBJECT-TYPE 2188 SYNTAX CeipSecIfTunnelEntry 2189 MAX-ACCESS not-accessible 2190 STATUS current 2191 DESCRIPTION 2192 "Each entry contains the IPsec Phase-2 Tunnel 2193 associated with an interface." 2194 INDEX { 2195 ifIndex, 2196 ceipSecTunIndex 2197 } 2198 ::= { ceipSecIfTunnelTable 1 } 2199 2200CeipSecIfTunnelEntry ::= SEQUENCE { 2201 ceipSecIfTunnelStatus CIPsecTunnelStatus 2202} 2203 2204ceipSecIfTunnelStatus OBJECT-TYPE 2205 SYNTAX CIPsecTunnelStatus 2206 MAX-ACCESS read-only 2207 STATUS current 2208 DESCRIPTION 2209 "This object corresponds to the status of 2210 a IPsec Phase-2 Tunnel in ceipSecTunnelTable 2211 indexed by ceipSecTunIndex. The valid status 2212 this object can have are 'active' and 2213 'awaitCommit'." 2214 ::= { ceipSecIfTunnelEntry 1 } 2215 2216 2217-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2218-- The IPsec History Group 2219-- 2220-- This group consists of: 2221-- 1) IPsec History Global Objects 2222-- 2) IPsec Phase-2 History Objects 2223-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2224 2225ceipSecHistGlobal OBJECT IDENTIFIER 2226 ::= { ceipSecHistory 1 } 2227 2228-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2229-- IPsec History Global Control Objects 2230-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2231 2232ceipSecHistGlobalCntl OBJECT IDENTIFIER 2233 ::= { ceipSecHistGlobal 1 } 2234 2235 2236ceipSecHistTableSize OBJECT-TYPE 2237 SYNTAX Unsigned32 2238 MAX-ACCESS read-write 2239 STATUS current 2240 DESCRIPTION 2241 "The window size of the IPsec Phase-2 History Tables. 2242 2243 The IPsec Phase-2 History Tables are implemented as 2244 a sliding window in which only the last 'N' entries 2245 are maintained. This object is used specify the number 2246 of entries which will be maintained in the IPsec 2247 Phase-2 History Tables. 2248 2249 An implementation may choose suitable minimum and 2250 maximum values for this element based on the local 2251 policy and available resources. If an SNMP SET request 2252 specifies a value outside this window for this element, 2253 in appropriate SNMP error code should be returned. 2254 2255 Setting this value to zero is equivalent to deleting 2256 all conceptual rows in the archiving tables 2257 ('ceipSecHistTable' and 'ceipSecEndPtHistTable') and 2258 disabling the archiving of entries in the tables." 2259 ::= { ceipSecHistGlobalCntl 1 } 2260-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2261-- The IPsec Phase-2 Tunnel History Table 2262-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2263 2264ceipSecTunnelHistTable OBJECT-TYPE 2265 SYNTAX SEQUENCE OF CeipSecTunnelHistEntry 2266 MAX-ACCESS not-accessible 2267 STATUS current 2268 DESCRIPTION 2269 "The IPsec Phase-2 Tunnel History Table. 2270 This table is conceptually a sliding window in 2271 which only the last 'N' entries are maintained, 2272 where 'N' is the value of the object 2273 'ceipSecHistTableSize'. 2274 2275 If the value of 'ceipSecHistTableSize' is 0, 2276 archiving of entries in this table is disabled." 2277 ::= { ceipSecHistory 2 } 2278 2279ceipSecTunnelHistEntry OBJECT-TYPE 2280 SYNTAX CeipSecTunnelHistEntry 2281 MAX-ACCESS not-accessible 2282 STATUS current 2283 DESCRIPTION 2284 "Each entry contains the attributes associated 2285 with a previously active IPsec Phase-2 Tunnel." 2286 INDEX { ceipSecTunHistIndex } 2287 ::= { ceipSecTunnelHistTable 1 } 2288 2289CeipSecTunnelHistEntry ::= SEQUENCE { 2290 ceipSecTunHistIndex Unsigned32, 2291 ceipSecTunHistTermReason INTEGER, 2292 ceipSecTunHistActiveIndex CIPsecPhase2TunnelIndex, 2293 ceipSecTunHistLocalAddressType InetAddressType, 2294 ceipSecTunHistLocalAddress InetAddress, 2295 ceipSecTunHistRemoteAddressType InetAddressType, 2296 ceipSecTunHistRemoteAddress InetAddress, 2297 ceipSecTunHistControlProtocol CIPsecControlProtocol, 2298 ceipSecTunHistControlTunnelIndex CIPsecPhase1TunnelIndexOrZero, 2299 ceipSecTunHistEncapMode CIPsecEncapMode, 2300 ceipSecTunHistNATTraversalMode CIPsecNATTraversalMode, 2301 ceipSecTunHistLifeSize Unsigned32, 2302 ceipSecTunHistLifeTime Unsigned32, 2303 ceipSecTunHistStartTime TimeStamp, 2304 ceipSecTunHistActiveTime TimeInterval, 2305 ceipSecTunHistTotalRefreshes Counter32, 2306 ceipSecTunHistTotalSas Counter32, 2307 ceipSecTunHistInSaDHGrp CIPsecDiffHellmanGrp, 2308 ceipSecTunHistInSaEncryptAlgo CIPsecEncryptAlgorithm, 2309 ceipSecTunHistInSaEncryptKeySize CIPsecEncryptionKeySize, 2310 ceipSecTunHistInSaAhAuthAlgo CIPsecAuthAlgorithm, 2311 ceipSecTunHistInSaEspAuthAlgo CIPsecAuthAlgorithm, 2312 ceipSecTunHistInSaDecompAlgo CIPsecCompAlgorithm, 2313 ceipSecTunHistOutSaDHGrp CIPsecDiffHellmanGrp, 2314 ceipSecTunHistOutSaEncryptAlgo CIPsecEncryptAlgorithm, 2315 ceipSecTunHistOutSaEncryptKeySz CIPsecEncryptionKeySize, 2316 ceipSecTunHistOutSaAhAuthAlgo CIPsecAuthAlgorithm, 2317 ceipSecTunHistOutSaEspAuthAlgo CIPsecAuthAlgorithm, 2318 ceipSecTunHistOutSaCompAlgo CIPsecCompAlgorithm, 2319 ceipSecTunHistPmtu CIPsecPmtu, 2320 ceipSecTunHistInOctets Counter64, 2321 ceipSecTunHistInDecompOctets Counter64, 2322 ceipSecTunHistInPkts Counter32, 2323 ceipSecTunHistInDropPkts Counter32, 2324 ceipSecTunHistInReplayDropPkts Counter32, 2325 ceipSecTunHistInAuths Counter32, 2326 ceipSecTunHistInAuthFails Counter32, 2327 ceipSecTunHistInDecrypts Counter32, 2328 ceipSecTunHistInDecryptFails Counter32, 2329 ceipSecTunHistOutOctets Counter64, 2330 ceipSecTunHistOutUncompOctets Counter64, 2331 ceipSecTunHistOutPkts Counter32, 2332 ceipSecTunHistOutDropPkts Counter32, 2333 ceipSecTunHistOutAuths Counter32, 2334 ceipSecTunHistOutAuthFails Counter32, 2335 ceipSecTunHistOutEncrypts Counter32, 2336 ceipSecTunHistOutEncryptFails Counter32, 2337 ceipSecTunHistOutCompressedPkts Counter32, 2338 ceipSecTunHistOutCompSkippedPkts Counter32, 2339 ceipSecTunHistOutCompFailPkts Counter32, 2340 ceipSecTunHistOutCompSmallPkts Counter32 2341} 2342 2343ceipSecTunHistIndex OBJECT-TYPE 2344 SYNTAX Unsigned32 (1..4294967295) 2345 MAX-ACCESS not-accessible 2346 STATUS current 2347 DESCRIPTION 2348 "The index of the IPsec Phase-2 Tunnel History Table. 2349 The value of the index is a number which 2350 begins at one and is incremented with each tunnel 2351 that ends. The value 2352 of this object will wrap at 4,294,967,295." 2353 ::= { ceipSecTunnelHistEntry 1 } 2354 2355ceipSecTunHistTermReason OBJECT-TYPE 2356 SYNTAX INTEGER { 2357 other(1), 2358 normal(2), 2359 operRequest(3), 2360 peerDelRequest(4), 2361 peerLost(5), 2362 applicationInitiated(6), 2363 xauthFailure(7), 2364 seqNumRollOver(8), 2365 checkPointReq(9) 2366 } 2367 MAX-ACCESS read-only 2368 STATUS current 2369 DESCRIPTION 2370 "The reason the IPsec Phase-2 Tunnel was terminated. 2371 Possible reasons include: 2372 1 = other 2373 2 = normal termination 2374 3 = operator request 2375 4 = peer delete request was received 2376 5 = contact with peer was lost 2377 6 = applicationInitiated (eg: L2TP requesting the 2378 termination) 2379 7 = failure of extended authentication 2380 8 = local failure occurred 2381 9 = operator initiated check point request" 2382 ::= { ceipSecTunnelHistEntry 2 } 2383 2384ceipSecTunHistActiveIndex OBJECT-TYPE 2385 SYNTAX CIPsecPhase2TunnelIndex 2386 MAX-ACCESS read-only 2387 STATUS current 2388 DESCRIPTION 2389 "The index of the previously active IPsec Phase-2 2390 Tunnel. 2391 2392 This object must correspond to an expired IPsec 2393 tunnel; hence this object may not assume the value 2394 of 0." 2395 ::= { ceipSecTunnelHistEntry 3 } 2396 2397ceipSecTunHistLocalAddressType OBJECT-TYPE 2398 SYNTAX InetAddressType 2399 MAX-ACCESS read-only 2400 STATUS current 2401 DESCRIPTION 2402 "The type of the IP address of the local endpoint for 2403 the IPsec Phase-2 Tunnel." 2404 ::= { ceipSecTunnelHistEntry 4 } 2405 2406ceipSecTunHistLocalAddress OBJECT-TYPE 2407 SYNTAX InetAddress 2408 MAX-ACCESS read-only 2409 STATUS current 2410 DESCRIPTION 2411 "The IP address of the local endpoint for 2412 the IPsec Phase-2 Tunnel." 2413 ::= { ceipSecTunnelHistEntry 5 } 2414 2415ceipSecTunHistRemoteAddressType OBJECT-TYPE 2416 SYNTAX InetAddressType 2417 MAX-ACCESS read-only 2418 STATUS current 2419 DESCRIPTION 2420 "The type of the IP address of the remote endpoint 2421 for the IPsec Phase-2 Tunnel." 2422 ::= { ceipSecTunnelHistEntry 6 } 2423 2424ceipSecTunHistRemoteAddress OBJECT-TYPE 2425 SYNTAX InetAddress 2426 MAX-ACCESS read-only 2427 STATUS current 2428 DESCRIPTION 2429 "The IP address of the remote endpoint for 2430 the IPsec Phase-2 Tunnel." 2431 ::= { ceipSecTunnelHistEntry 7 } 2432 2433ceipSecTunHistControlProtocol OBJECT-TYPE 2434 SYNTAX CIPsecControlProtocol 2435 MAX-ACCESS read-only 2436 STATUS current 2437 DESCRIPTION 2438 "Identifies the protocol that was used to setup 2439 and administer Phase-2 IPsec tunnel." 2440 ::= { ceipSecTunnelHistEntry 8 } 2441 2442ceipSecTunHistControlTunnelIndex OBJECT-TYPE 2443 SYNTAX CIPsecPhase1TunnelIndexOrZero 2444 MAX-ACCESS read-only 2445 STATUS current 2446 DESCRIPTION 2447 "The index of the IPsec Phase-1 Tunnel that spawned 2448 this Phase-2 tunnel (in case of IKE, this value 2449 would refer to 'csikeTunIndex' in the 'csikeTunnelTable'). 2450 2451 If the IPsec tunnel corresponding to this entry 2452 was setup manually, the value of this object should 2453 be zero." 2454 ::= { ceipSecTunnelHistEntry 9 } 2455 2456ceipSecTunHistEncapMode OBJECT-TYPE 2457 SYNTAX CIPsecEncapMode 2458 MAX-ACCESS read-only 2459 STATUS current 2460 DESCRIPTION 2461 "The encapsulation mode used by the 2462 IPsec Phase-2 Tunnel." 2463 ::= { ceipSecTunnelHistEntry 10 } 2464 2465ceipSecTunHistNATTraversalMode OBJECT-TYPE 2466 SYNTAX CIPsecNATTraversalMode 2467 MAX-ACCESS read-only 2468 STATUS current 2469 DESCRIPTION 2470 "The encapsulation used by the IPsec Phase-2 2471 tunnel corresponding to this conceptual row 2472 for NAT traversal." 2473 ::= { ceipSecTunnelHistEntry 11 } 2474 2475ceipSecTunHistLifeSize OBJECT-TYPE 2476 SYNTAX Unsigned32 (1..4294967295) 2477 UNITS "KBytes" 2478 MAX-ACCESS read-only 2479 STATUS current 2480 DESCRIPTION 2481 "The negotiated LifeSize of the IPsec Phase-2 Tunnel in 2482 kilobytes." 2483 ::= { ceipSecTunnelHistEntry 12 } 2484 2485ceipSecTunHistLifeTime OBJECT-TYPE 2486 SYNTAX Unsigned32 (1..4294967295) 2487 UNITS "Seconds" 2488 MAX-ACCESS read-only 2489 STATUS current 2490 DESCRIPTION 2491 "The negotiated LifeTime of the IPsec Phase-2 Tunnel in 2492 seconds." 2493 ::= { ceipSecTunnelHistEntry 13 } 2494 2495ceipSecTunHistStartTime OBJECT-TYPE 2496 SYNTAX TimeStamp 2497 MAX-ACCESS read-only 2498 STATUS current 2499 DESCRIPTION 2500 "The value of sysUpTime in hundredths of seconds 2501 when the IPsec Phase-2 Tunnel was started." 2502 ::= { ceipSecTunnelHistEntry 14 } 2503 2504ceipSecTunHistActiveTime OBJECT-TYPE 2505 SYNTAX TimeInterval 2506 MAX-ACCESS read-only 2507 STATUS current 2508 DESCRIPTION 2509 "The length of time the IPsec Phase-2 Tunnel has been 2510 active in hundredths of seconds." 2511 ::= { ceipSecTunnelHistEntry 15 } 2512 2513ceipSecTunHistTotalRefreshes OBJECT-TYPE 2514 SYNTAX Counter32 2515 UNITS "QM Exchanges" 2516 MAX-ACCESS read-only 2517 STATUS current 2518 DESCRIPTION 2519 "The total number of security association refreshes 2520 performed." 2521 ::= { ceipSecTunnelHistEntry 16 } 2522 2523ceipSecTunHistTotalSas OBJECT-TYPE 2524 SYNTAX Counter32 2525 UNITS "SAs" 2526 MAX-ACCESS read-only 2527 STATUS current 2528 DESCRIPTION 2529 "The total number of security associations used 2530 during the life of the IPsec Phase-2 Tunnel." 2531 ::= { ceipSecTunnelHistEntry 17 } 2532 2533ceipSecTunHistInSaDHGrp OBJECT-TYPE 2534 SYNTAX CIPsecDiffHellmanGrp 2535 MAX-ACCESS read-only 2536 STATUS current 2537 DESCRIPTION 2538 "The Diffie Hellman Group used by the inbound security 2539 association of the IPsec Phase-2 Tunnel." 2540 ::= { ceipSecTunnelHistEntry 18 } 2541 2542ceipSecTunHistInSaEncryptAlgo OBJECT-TYPE 2543 SYNTAX CIPsecEncryptAlgorithm 2544 MAX-ACCESS read-only 2545 STATUS current 2546 DESCRIPTION 2547 "The encryption algorithm used by the inbound security 2548 association of the IPsec Phase-2 Tunnel." 2549 ::= { ceipSecTunnelHistEntry 19 } 2550 2551ceipSecTunHistInSaEncryptKeySize OBJECT-TYPE 2552 SYNTAX CIPsecEncryptionKeySize 2553 UNITS "Bits" 2554 MAX-ACCESS read-only 2555 STATUS current 2556 DESCRIPTION 2557 "The size in bits of the key which was negotiated to 2558 be used with the encryption transform used with this 2559 tunnel denoted by ceipSecTunHistInSaEncryptAlgo. 2560 2561 For DES and 3DES the key size is respectively 56 and 2562 168. For AES, this will denote the negotiated key size." 2563 ::= { ceipSecTunnelHistEntry 20 } 2564 2565ceipSecTunHistInSaAhAuthAlgo OBJECT-TYPE 2566 SYNTAX CIPsecAuthAlgorithm 2567 MAX-ACCESS read-only 2568 STATUS current 2569 DESCRIPTION 2570 "The authentication algorithm used by the inbound 2571 authentication header (AH) security association of 2572 the IPsec Phase-2 Tunnel." 2573 ::= { ceipSecTunnelHistEntry 21 } 2574 2575ceipSecTunHistInSaEspAuthAlgo OBJECT-TYPE 2576 SYNTAX CIPsecAuthAlgorithm 2577 MAX-ACCESS read-only 2578 STATUS current 2579 DESCRIPTION 2580 "The authentication algorithm used by the inbound 2581 encapsulation security protocol (ESP) 2582 security association of the IPsec Phase-2 Tunnel." 2583 ::= { ceipSecTunnelHistEntry 22 } 2584 2585ceipSecTunHistInSaDecompAlgo OBJECT-TYPE 2586 SYNTAX CIPsecCompAlgorithm 2587 MAX-ACCESS read-only 2588 STATUS current 2589 DESCRIPTION 2590 "The decompression algorithm used by the inbound 2591 security association of the IPsec Phase-2 Tunnel." 2592 ::= { ceipSecTunnelHistEntry 23 } 2593 2594ceipSecTunHistOutSaDHGrp OBJECT-TYPE 2595 SYNTAX CIPsecDiffHellmanGrp 2596 MAX-ACCESS read-only 2597 STATUS current 2598 DESCRIPTION 2599 "The Diffie Hellman Group used by the outbound security 2600 association of the IPsec Phase-2 Tunnel." 2601 ::= { ceipSecTunnelHistEntry 24 } 2602 2603ceipSecTunHistOutSaEncryptAlgo OBJECT-TYPE 2604 SYNTAX CIPsecEncryptAlgorithm 2605 MAX-ACCESS read-only 2606 STATUS current 2607 DESCRIPTION 2608 "The encryption algorithm used by the outbound security 2609 association of the IPsec Phase-2 Tunnel." 2610 ::= { ceipSecTunnelHistEntry 25 } 2611 2612ceipSecTunHistOutSaEncryptKeySz OBJECT-TYPE 2613 SYNTAX CIPsecEncryptionKeySize 2614 UNITS "Bits" 2615 MAX-ACCESS read-only 2616 STATUS current 2617 DESCRIPTION 2618 "The size in bits of the key which was negotiated to 2619 be used with the encryption transform used with this 2620 tunnel denoted by ceipSecTunHistOutSaEncryptAlgo. 2621 2622 For DES and 3DES the key size is respectively 56 and 2623 168. For AES, this will denote the negotiated key 2624 size." 2625 ::= { ceipSecTunnelHistEntry 26 } 2626 2627ceipSecTunHistOutSaAhAuthAlgo OBJECT-TYPE 2628 SYNTAX CIPsecAuthAlgorithm 2629 MAX-ACCESS read-only 2630 STATUS current 2631 DESCRIPTION 2632 "The authentication algorithm used by the outbound 2633 authentication header (AH) security association of 2634 the IPsec Phase-2 Tunnel." 2635 ::= { ceipSecTunnelHistEntry 27 } 2636 2637ceipSecTunHistOutSaEspAuthAlgo OBJECT-TYPE 2638 SYNTAX CIPsecAuthAlgorithm 2639 MAX-ACCESS read-only 2640 STATUS current 2641 DESCRIPTION 2642 "The authentication algorithm used by the inbound 2643 ecapsulation security protocol (ESP) 2644 security association of the IPsec Phase-2 Tunnel." 2645 ::= { ceipSecTunnelHistEntry 28 } 2646 2647ceipSecTunHistOutSaCompAlgo OBJECT-TYPE 2648 SYNTAX CIPsecCompAlgorithm 2649 MAX-ACCESS read-only 2650 STATUS current 2651 DESCRIPTION 2652 "The compression algorithm used by the inbound 2653 security association of the IPsec Phase-2 Tunnel." 2654 ::= { ceipSecTunnelHistEntry 29 } 2655 2656ceipSecTunHistPmtu OBJECT-TYPE 2657 SYNTAX CIPsecPmtu 2658 UNITS "Octets" 2659 MAX-ACCESS read-only 2660 STATUS current 2661 DESCRIPTION 2662 "The Path MTU that was determined for this IPsec 2663 Phase-2 tunnel." 2664 ::= { ceipSecTunnelHistEntry 30 } 2665 2666ceipSecTunHistInOctets OBJECT-TYPE 2667 SYNTAX Counter64 2668 MAX-ACCESS read-only 2669 STATUS current 2670 DESCRIPTION 2671 "A high capacity count of the total number of octets 2672 received by this IPsec Phase-2 Tunnel. This value 2673 is accumulated BEFORE determining whether or not 2674 the packet should be decompressed." 2675 ::= { ceipSecTunnelHistEntry 31 } 2676 2677ceipSecTunHistInDecompOctets OBJECT-TYPE 2678 SYNTAX Counter64 2679 MAX-ACCESS read-only 2680 STATUS current 2681 DESCRIPTION 2682 "A high capacity count of the total number of 2683 decompressed octets received by this IPsec Phase-2 Tunnel. 2684 This value is accumulated AFTER the packet is 2685 decompressed. 2686 If compression is not being used, this value will match 2687 the value of ceipSecTunInOctets." 2688 ::= { ceipSecTunnelHistEntry 32 } 2689 2690ceipSecTunHistInPkts OBJECT-TYPE 2691 SYNTAX Counter32 2692 UNITS "Packets" 2693 MAX-ACCESS read-only 2694 STATUS current 2695 DESCRIPTION 2696 "The total number of packets received by this 2697 IPsec Phase-2 Tunnel." 2698 ::= { ceipSecTunnelHistEntry 33 } 2699 2700ceipSecTunHistInDropPkts OBJECT-TYPE 2701 SYNTAX Counter32 2702 UNITS "Packets" 2703 MAX-ACCESS read-only 2704 STATUS current 2705 DESCRIPTION 2706 "The total number of packets dropped during 2707 receive processing by this IPsec Phase-2 Tunnel. 2708 This count does NOT include packets 2709 dropped due to Anti-Replay processing." 2710 ::= { ceipSecTunnelHistEntry 34 } 2711 2712ceipSecTunHistInReplayDropPkts OBJECT-TYPE 2713 SYNTAX Counter32 2714 UNITS "Packets" 2715 MAX-ACCESS read-only 2716 STATUS current 2717 DESCRIPTION 2718 "The total number of packets dropped during 2719 receive processing due to Anti-Replay processing 2720 by this IPsec Phase-2 Tunnel." 2721 ::= { ceipSecTunnelHistEntry 35 } 2722 2723ceipSecTunHistInAuths OBJECT-TYPE 2724 SYNTAX Counter32 2725 UNITS "Events" 2726 MAX-ACCESS read-only 2727 STATUS current 2728 DESCRIPTION 2729 "The total number of inbound authentication's 2730 performed by this IPsec Phase-2 Tunnel." 2731 ::= { ceipSecTunnelHistEntry 36 } 2732 2733ceipSecTunHistInAuthFails OBJECT-TYPE 2734 SYNTAX Counter32 2735 UNITS "Failures" 2736 MAX-ACCESS read-only 2737 STATUS current 2738 DESCRIPTION 2739 "The total number of inbound authentication's 2740 which ended in failure by this IPsec Phase-2 Tunnel ." 2741 ::= { ceipSecTunnelHistEntry 37 } 2742 2743ceipSecTunHistInDecrypts OBJECT-TYPE 2744 SYNTAX Counter32 2745 UNITS "Packets" 2746 MAX-ACCESS read-only 2747 STATUS current 2748 DESCRIPTION 2749 "The total number of inbound decryption's performed 2750 by this IPsec Phase-2 Tunnel." 2751 ::= { ceipSecTunnelHistEntry 38 } 2752 2753ceipSecTunHistInDecryptFails OBJECT-TYPE 2754 SYNTAX Counter32 2755 UNITS "Failures" 2756 MAX-ACCESS read-only 2757 STATUS current 2758 DESCRIPTION 2759 "The total number of inbound decryption's 2760 which ended in failure by this IPsec Phase-2 Tunnel." 2761 ::= { ceipSecTunnelHistEntry 39 } 2762 2763ceipSecTunHistOutOctets OBJECT-TYPE 2764 SYNTAX Counter64 2765 MAX-ACCESS read-only 2766 STATUS current 2767 DESCRIPTION 2768 "A high capacity count of the total number of octets 2769 sent by this IPsec Phase-2 Tunnel. This value 2770 is accumulated AFTER determining whether or not 2771 the packet should be compressed." 2772 ::= { ceipSecTunnelHistEntry 40 } 2773 2774ceipSecTunHistOutUncompOctets OBJECT-TYPE 2775 SYNTAX Counter64 2776 UNITS "Octets" 2777 MAX-ACCESS read-only 2778 STATUS current 2779 DESCRIPTION 2780 "A high capacity count of the total 2781 number of uncompressed octets sent by this 2782 IPsec Phase-2 Tunnel. This value is accumulated 2783 BEFORE the packet is compressed. If compression 2784 is not being used, this value will match the value 2785 of 'ceipSecTunOutOctets'." 2786 ::= { ceipSecTunnelHistEntry 41 } 2787 2788ceipSecTunHistOutPkts OBJECT-TYPE 2789 SYNTAX Counter32 2790 UNITS "Packets" 2791 MAX-ACCESS read-only 2792 STATUS current 2793 DESCRIPTION 2794 "The total number of packets sent by this 2795 IPsec Phase-2 Tunnel." 2796 ::= { ceipSecTunnelHistEntry 42 } 2797 2798ceipSecTunHistOutDropPkts OBJECT-TYPE 2799 SYNTAX Counter32 2800 UNITS "Packets" 2801 MAX-ACCESS read-only 2802 STATUS current 2803 DESCRIPTION 2804 "The total number of packets dropped during 2805 send processing by this IPsec Phase-2 Tunnel." 2806 ::= { ceipSecTunnelHistEntry 43 } 2807 2808ceipSecTunHistOutAuths OBJECT-TYPE 2809 SYNTAX Counter32 2810 UNITS "Events" 2811 MAX-ACCESS read-only 2812 STATUS current 2813 DESCRIPTION 2814 "The total number of outbound authentication's 2815 performed by this IPsec Phase-2 Tunnel." 2816 ::= { ceipSecTunnelHistEntry 44 } 2817 2818ceipSecTunHistOutAuthFails OBJECT-TYPE 2819 SYNTAX Counter32 2820 UNITS "Failures" 2821 MAX-ACCESS read-only 2822 STATUS current 2823 DESCRIPTION 2824 "The total number of outbound authentication's 2825 which ended in failure by this IPsec Phase-2 Tunnel." 2826 ::= { ceipSecTunnelHistEntry 45 } 2827 2828ceipSecTunHistOutEncrypts OBJECT-TYPE 2829 SYNTAX Counter32 2830 UNITS "Packets" 2831 MAX-ACCESS read-only 2832 STATUS current 2833 DESCRIPTION 2834 "The total number of outbound encryption's performed 2835 by this IPsec Phase-2 Tunnel." 2836 ::= { ceipSecTunnelHistEntry 46 } 2837 2838ceipSecTunHistOutEncryptFails OBJECT-TYPE 2839 SYNTAX Counter32 2840 UNITS "Failures" 2841 MAX-ACCESS read-only 2842 STATUS current 2843 DESCRIPTION 2844 "The total number of outbound encryption's 2845 which ended in failure by this IPsec Phase-2 Tunnel." 2846 ::= { ceipSecTunnelHistEntry 47 } 2847 2848ceipSecTunHistOutCompressedPkts OBJECT-TYPE 2849 SYNTAX Counter32 2850 UNITS "Packets" 2851 MAX-ACCESS read-only 2852 STATUS current 2853 DESCRIPTION 2854 "The total number of outbound packets 2855 which were successfully compressed." 2856 ::= { ceipSecTunnelHistEntry 48 } 2857 2858ceipSecTunHistOutCompSkippedPkts OBJECT-TYPE 2859 SYNTAX Counter32 2860 UNITS "Packets" 2861 MAX-ACCESS read-only 2862 STATUS current 2863 DESCRIPTION 2864 "The total number of outbound packets that were to be 2865 compressed but which were skipped due to the 2866 compression hysteresis." 2867 ::= { ceipSecTunnelHistEntry 49 } 2868 2869ceipSecTunHistOutCompFailPkts OBJECT-TYPE 2870 SYNTAX Counter32 2871 UNITS "Packets" 2872 MAX-ACCESS read-only 2873 STATUS current 2874 DESCRIPTION 2875 "The total number of outbound packets that failed 2876 compression because they grew in size after compression." 2877 ::= { ceipSecTunnelHistEntry 50 } 2878 2879ceipSecTunHistOutCompSmallPkts OBJECT-TYPE 2880 SYNTAX Counter32 2881 UNITS "Packets" 2882 MAX-ACCESS read-only 2883 STATUS current 2884 DESCRIPTION 2885 "The total number of outbound packets that were 2886 to be compressed but were smaller than the 2887 compression threshold size." 2888 ::= { ceipSecTunnelHistEntry 51 } 2889 2890 2891-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2892-- The IPsec Phase-2 Tunnel Endpoint History Table 2893-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2894 2895ceipSecEndPtHistTable OBJECT-TYPE 2896 SYNTAX SEQUENCE OF CeipSecEndPtHistEntry 2897 MAX-ACCESS not-accessible 2898 STATUS current 2899 DESCRIPTION 2900 "The IPsec Phase-2 Tunnel Endpoint History Table. 2901 This table is conceptually a sliding window in 2902 which only the last 'N' entries are maintained, 2903 where 'N' is the value of the object 2904 'ceipSecHistTableSize'. 2905 2906 If the value of 'ceipSecHistTableSize' is 0, 2907 archiving of entries in this table is disabled." 2908 ::= { ceipSecHistory 3 } 2909 2910ceipSecEndPtHistEntry OBJECT-TYPE 2911 SYNTAX CeipSecEndPtHistEntry 2912 MAX-ACCESS not-accessible 2913 STATUS current 2914 DESCRIPTION 2915 "Each entry contains the attributes associated with 2916 a previously active IPsec Phase-2 Tunnel Endpoint." 2917 INDEX { ceipSecEndPtHistIndex } 2918 ::= { ceipSecEndPtHistTable 1 } 2919 2920CeipSecEndPtHistEntry ::= SEQUENCE { 2921 ceipSecEndPtHistIndex Unsigned32, 2922 ceipSecEndPtHistTunIndex Unsigned32, 2923 ceipSecEndPtHistActiveIndex Unsigned32, 2924 ceipSecEndPtHistLocalName SnmpAdminString, 2925 ceipSecEndPtHistLocalType CIPsecEndPtType, 2926 ceipSecEndPtHistLocalAddrType1 InetAddressType, 2927 ceipSecEndPtHistLocalAddr1 InetAddress, 2928 ceipSecEndPtHistLocalAddrType2 InetAddressType, 2929 ceipSecEndPtHistLocalAddr2 InetAddress, 2930 ceipSecEndPtHistLocalProtocol CiscoIpProtocol, 2931 ceipSecEndPtHistLocalPort CiscoPort, 2932 ceipSecEndPtHistRemoteName SnmpAdminString, 2933 ceipSecEndPtHistRemoteType CIPsecEndPtType, 2934 ceipSecEndPtHistRemoteAddrType1 InetAddressType, 2935 ceipSecEndPtHistRemoteAddr1 InetAddress, 2936 ceipSecEndPtHistRemoteAddrType2 InetAddressType, 2937 ceipSecEndPtHistRemoteAddr2 InetAddress, 2938 ceipSecEndPtHistRemoteProtocol CiscoIpProtocol, 2939 ceipSecEndPtHistRemotePort CiscoPort 2940} 2941 2942ceipSecEndPtHistIndex OBJECT-TYPE 2943 SYNTAX Unsigned32 (1..4294967295) 2944 MAX-ACCESS not-accessible 2945 STATUS current 2946 DESCRIPTION 2947 "The number of the previously active Endpoint 2948 associated with a IPsec Phase-2 Tunnel Table. 2949 The value of this index is a number which begins 2950 at one and is incremented with each Endpoint 2951 associated with an IPsec Phase-2 Tunnel. 2952 The value of this object will wrap at 4,294,967,295." 2953 ::= { ceipSecEndPtHistEntry 1 } 2954 2955ceipSecEndPtHistTunIndex OBJECT-TYPE 2956 SYNTAX Unsigned32 (1..4294967295) 2957 MAX-ACCESS read-only 2958 STATUS current 2959 DESCRIPTION 2960 "The index of the previously active IPsec 2961 Phase-2 Tunnel Table." 2962 ::= { ceipSecEndPtHistEntry 2 } 2963 2964ceipSecEndPtHistActiveIndex OBJECT-TYPE 2965 SYNTAX Unsigned32 (1..4294967295) 2966 MAX-ACCESS read-only 2967 STATUS current 2968 DESCRIPTION 2969 "The index of the previously active Endpoint." 2970 ::= { ceipSecEndPtHistEntry 3 } 2971 2972ceipSecEndPtHistLocalName OBJECT-TYPE 2973 SYNTAX SnmpAdminString 2974 MAX-ACCESS read-only 2975 STATUS current 2976 DESCRIPTION 2977 "The DNS name of the local Endpoint." 2978 ::= { ceipSecEndPtHistEntry 4 } 2979 2980ceipSecEndPtHistLocalType OBJECT-TYPE 2981 SYNTAX CIPsecEndPtType 2982 MAX-ACCESS read-only 2983 STATUS current 2984 DESCRIPTION 2985 "The type of identity for the local Endpoint." 2986 ::= { ceipSecEndPtHistEntry 5 } 2987 2988ceipSecEndPtHistLocalAddrType1 OBJECT-TYPE 2989 SYNTAX InetAddressType 2990 MAX-ACCESS read-only 2991 STATUS current 2992 DESCRIPTION 2993 "The type of the IP address for this local Endpoint's 2994 first IP address." 2995 ::= { ceipSecEndPtHistEntry 6 } 2996 2997ceipSecEndPtHistLocalAddr1 OBJECT-TYPE 2998 SYNTAX InetAddress 2999 MAX-ACCESS read-only 3000 STATUS current 3001 DESCRIPTION 3002 "The local Endpoint's first IP address specification. 3003 3004 If the local Endpoint type is single IP address, 3005 then this is the value of the IP address. 3006 3007 If the local Endpoint type is IP subnet, then this 3008 is the value of the subnet. 3009 3010 If the local Endpoint type is IP address range, 3011 then this is the value of beginning IP address of 3012 the range. 3013 3014 If the type is an IP address, a range or a subnet, 3015 the type of the address can be inferred from 3016 cceipSecEndPtLocalType." 3017 ::= { ceipSecEndPtHistEntry 7 } 3018 3019ceipSecEndPtHistLocalAddrType2 OBJECT-TYPE 3020 SYNTAX InetAddressType 3021 MAX-ACCESS read-only 3022 STATUS current 3023 DESCRIPTION 3024 "The type of the IP address for this local Endpoint's 3025 second IP address." 3026 ::= { ceipSecEndPtHistEntry 8 } 3027 3028ceipSecEndPtHistLocalAddr2 OBJECT-TYPE 3029 SYNTAX InetAddress 3030 MAX-ACCESS read-only 3031 STATUS current 3032 DESCRIPTION 3033 "The local Endpoint's second IP address 3034 specification. 3035 3036 If the local Endpoint type is single IP address, 3037 then this is the value of the IP address. 3038 3039 If the local Endpoint type is IP subnet, then this 3040 is the value of the subnet mask. 3041 3042 If the local Endpoint type is IP address range, 3043 then this is the value of ending IP address of 3044 the range. 3045 3046 If the type is an IP address, a range or a subnet, 3047 the type of the address can be inferred from 3048 cceipSecEndPtLocalType." 3049 ::= { ceipSecEndPtHistEntry 9 } 3050 3051ceipSecEndPtHistLocalProtocol OBJECT-TYPE 3052 SYNTAX CiscoIpProtocol 3053 MAX-ACCESS read-only 3054 STATUS current 3055 DESCRIPTION 3056 "The protocol number of the local Endpoint's 3057 traffic." 3058 ::= { ceipSecEndPtHistEntry 10 } 3059 3060ceipSecEndPtHistLocalPort OBJECT-TYPE 3061 SYNTAX CiscoPort 3062 MAX-ACCESS read-only 3063 STATUS current 3064 DESCRIPTION 3065 "The port number of the local Endpoint's traffic." 3066 ::= { ceipSecEndPtHistEntry 11 } 3067 3068ceipSecEndPtHistRemoteName OBJECT-TYPE 3069 SYNTAX SnmpAdminString 3070 MAX-ACCESS read-only 3071 STATUS current 3072 DESCRIPTION 3073 "The DNS name of the remote Endpoint." 3074 ::= { ceipSecEndPtHistEntry 12 } 3075 3076ceipSecEndPtHistRemoteType OBJECT-TYPE 3077 SYNTAX CIPsecEndPtType 3078 MAX-ACCESS read-only 3079 STATUS current 3080 DESCRIPTION 3081 "The type of identity for the remote Endpoint." 3082 ::= { ceipSecEndPtHistEntry 13 } 3083 3084ceipSecEndPtHistRemoteAddrType1 OBJECT-TYPE 3085 SYNTAX InetAddressType 3086 MAX-ACCESS read-only 3087 STATUS current 3088 DESCRIPTION 3089 "The type of the IP address for this remote Endpoint's 3090 first IP address." 3091 ::= { ceipSecEndPtHistEntry 14 } 3092 3093ceipSecEndPtHistRemoteAddr1 OBJECT-TYPE 3094 SYNTAX InetAddress 3095 MAX-ACCESS read-only 3096 STATUS current 3097 DESCRIPTION 3098 "The remote Endpoint's first IP address 3099 specification. 3100 3101 If the remote Endpoint type is single IP address, 3102 then this is the value of the IP address. 3103 3104 If the remote Endpoint type is IP subnet, then this 3105 is the value of the subnet. 3106 3107 If the remote Endpoint type is IP address range, 3108 then this is the value of beginning IP address of 3109 the range. 3110 3111 If the type is an IP address, a range or a subnet, 3112 the type of the address can be inferred from 3113 cceipSecEndPtRemoteType." 3114 ::= { ceipSecEndPtHistEntry 15 } 3115 3116ceipSecEndPtHistRemoteAddrType2 OBJECT-TYPE 3117 SYNTAX InetAddressType 3118 MAX-ACCESS read-only 3119 STATUS current 3120 DESCRIPTION 3121 "The type of the IP address for this remote Endpoint's 3122 second IP address." 3123 ::= { ceipSecEndPtHistEntry 16 } 3124 3125ceipSecEndPtHistRemoteAddr2 OBJECT-TYPE 3126 SYNTAX InetAddress 3127 MAX-ACCESS read-only 3128 STATUS current 3129 DESCRIPTION 3130 "The remote Endpoint's second IP address 3131 specification. 3132 3133 If the remote Endpoint type is single IP address, 3134 then this is the value of the IP address. 3135 3136 If the remote Endpoint type is IP subnet, then this 3137 is the value of the subnet mask. 3138 3139 If the remote Endpoint type is IP address range, 3140 then this is the value of ending IP address of the 3141 range. 3142 3143 If the type is an IP address, a range or a subnet, 3144 the type of the address can be inferred from 3145 cceipSecEndPtRemoteType." 3146 ::= { ceipSecEndPtHistEntry 17 } 3147 3148ceipSecEndPtHistRemoteProtocol OBJECT-TYPE 3149 SYNTAX CiscoIpProtocol 3150 MAX-ACCESS read-only 3151 STATUS current 3152 DESCRIPTION 3153 "The protocol number of the remote Endpoint's traffic." 3154 ::= { ceipSecEndPtHistEntry 18 } 3155 3156ceipSecEndPtHistRemotePort OBJECT-TYPE 3157 SYNTAX CiscoPort 3158 MAX-ACCESS read-only 3159 STATUS current 3160 DESCRIPTION 3161 "The port number of the remote Endpoint's traffic." 3162 ::= { ceipSecEndPtHistEntry 19 } 3163 3164 3165-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3166-- The IPsec Failure Group 3167-- 3168-- This group consists of: 3169-- 1) IPsec Failure Global Objects 3170-- 2) IPsec Phase-2 Tunnel Failure Table 3171-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3172 3173ceipSecFailGlobal OBJECT IDENTIFIER 3174 ::= { ceipSecFailures 1 } 3175 3176-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3177-- The IPsec Failure Global Control Objects 3178-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3179 3180ceipSecFailGlobalCntl OBJECT IDENTIFIER 3181 ::= { ceipSecFailGlobal 1 } 3182 3183 3184ceipSecFailTableSize OBJECT-TYPE 3185 SYNTAX Unsigned32 3186 MAX-ACCESS read-write 3187 STATUS current 3188 DESCRIPTION 3189 "The window size of the IPsec Phase-2 Failure Table. 3190 3191 The IPsec Phase-2 Failure Tables are implemented as 3192 a sliding window in which only the last N entries are 3193 maintained. This object is used specify the number of 3194 entries which will be maintained in the IPsec Phase-2 3195 Failure Tables. 3196 3197 An implementation may choose suitable minimum and 3198 maximum values for this element based on the local 3199 policy and available resources. If an SNMP SET 3200 request specifies a value outside this window for 3201 this element, an appropriate SNMP error vode must 3202 be returned. 3203 3204 Setting this value to zero is equivalent to deleting 3205 all conceptual rows in the archiving table 3206 'ceipSecFailTable' and disabling the archiving of 3207 entries in these tables." 3208 ::= { ceipSecFailGlobalCntl 1 } 3209-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3210-- The IPsec Phase-2 Failure Table 3211-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3212 3213ceipSecFailTable OBJECT-TYPE 3214 SYNTAX SEQUENCE OF CeipSecFailEntry 3215 MAX-ACCESS not-accessible 3216 STATUS current 3217 DESCRIPTION 3218 "The IPsec Phase-2 Failure Table. 3219 This table is implemented as a sliding window 3220 in which only the last n entries are maintained. 3221 The maximum number of entries 3222 is specified by the ceipSecFailTableSize object." 3223 ::= { ceipSecFailures 2 } 3224 3225ceipSecFailEntry OBJECT-TYPE 3226 SYNTAX CeipSecFailEntry 3227 MAX-ACCESS not-accessible 3228 STATUS current 3229 DESCRIPTION 3230 "Each entry contains the attributes associated with 3231 an IPsec Phase-1 failure." 3232 INDEX { ceipSecFailIndex } 3233 ::= { ceipSecFailTable 1 } 3234 3235CeipSecFailEntry ::= SEQUENCE { 3236 ceipSecFailIndex Unsigned32, 3237 ceipSecFailReason INTEGER, 3238 ceipSecFailTime TimeStamp, 3239 ceipSecFailTunnelIndex CIPsecPhase2TunnelIndex, 3240 ceipSecFailSaSpi CIPsecSpi, 3241 ceipSecFailPktSrcAddressType InetAddressType, 3242 ceipSecFailPktSrcAddress InetAddress, 3243 ceipSecFailPktDstAddressType InetAddressType, 3244 ceipSecFailPktDstAddress InetAddress 3245} 3246 3247ceipSecFailIndex OBJECT-TYPE 3248 SYNTAX Unsigned32 (1..4294967295) 3249 MAX-ACCESS not-accessible 3250 STATUS current 3251 DESCRIPTION 3252 "The IPsec Phase-2 Failure Table index. 3253 The value of the index is a number which 3254 begins at one and is incremented with each 3255 IPsec Phase-1 failure. The value of this 3256 object will wrap at 4,294,967,295." 3257 ::= { ceipSecFailEntry 1 } 3258 3259ceipSecFailReason OBJECT-TYPE 3260 SYNTAX INTEGER { 3261 other(1), 3262 internalError(2), 3263 peerEncodingError(3), 3264 proposalFailure(4), 3265 protocolUseFail(5), 3266 nonExistentSa(6), 3267 decryptFailure(7), 3268 encryptFailure(8), 3269 inAuthFailure(9), 3270 outAuthFailure(10), 3271 compression(11), 3272 sysCapExceeded(12), 3273 peerDelRequest(13), 3274 peerLost(14), 3275 seqNumRollOver(15), 3276 operRequest(16), 3277 performanceUtilization(17) 3278 } 3279 MAX-ACCESS read-only 3280 STATUS current 3281 DESCRIPTION 3282 "The reason for the failure. Possible reasons 3283 include: 3284 1 = other 3285 2 = internal error occurred 3286 3 = peer encoding error 3287 4 = proposal failure 3288 5 = protocol use failure 3289 6 = non-existent security association 3290 7 = decryption failure 3291 8 = encryption failure 3292 9 = inbound authentication failure 3293 10 = outbound authentication failure 3294 11 = compression failure 3295 12 = system capacity failure 3296 13 = peer delete request was received 3297 14 = contact with peer was lost 3298 15 = sequence number rolled over 3299 16 = operator requested termination 3300 17 = performance utilization exceeding the threshold." 3301 ::= { ceipSecFailEntry 2 } 3302 3303ceipSecFailTime OBJECT-TYPE 3304 SYNTAX TimeStamp 3305 MAX-ACCESS read-only 3306 STATUS current 3307 DESCRIPTION 3308 "The value of sysUpTime in hundredths of seconds 3309 at the time of the failure." 3310 ::= { ceipSecFailEntry 3 } 3311 3312ceipSecFailTunnelIndex OBJECT-TYPE 3313 SYNTAX CIPsecPhase2TunnelIndex 3314 MAX-ACCESS read-only 3315 STATUS current 3316 DESCRIPTION 3317 "The Phase-2 Tunnel index (ceipSecTunIndex). 3318 3319 If this conceptual row corresponds to an operation 3320 failure (that is, the failure of an established 3321 Phase-2 IPsec tunnel), then the value of this object 3322 may not be zero." 3323 ::= { ceipSecFailEntry 4 } 3324 3325ceipSecFailSaSpi OBJECT-TYPE 3326 SYNTAX CIPsecSpi 3327 MAX-ACCESS read-only 3328 STATUS current 3329 DESCRIPTION 3330 "The security association SPI value. 3331 3332 If this conceptual row corresponds to a setup 3333 failure (failure to establish the tunnel), the 3334 value of this MIB object is undefined." 3335 ::= { ceipSecFailEntry 5 } 3336 3337ceipSecFailPktSrcAddressType OBJECT-TYPE 3338 SYNTAX InetAddressType 3339 MAX-ACCESS read-only 3340 STATUS current 3341 DESCRIPTION 3342 "The type of the packet's source IP address." 3343 ::= { ceipSecFailEntry 6 } 3344 3345ceipSecFailPktSrcAddress OBJECT-TYPE 3346 SYNTAX InetAddress 3347 MAX-ACCESS read-only 3348 STATUS current 3349 DESCRIPTION 3350 "The packet's source IP address." 3351 ::= { ceipSecFailEntry 7 } 3352 3353ceipSecFailPktDstAddressType OBJECT-TYPE 3354 SYNTAX InetAddressType 3355 MAX-ACCESS read-only 3356 STATUS current 3357 DESCRIPTION 3358 "The type of the packet's destination IP address." 3359 ::= { ceipSecFailEntry 8 } 3360 3361ceipSecFailPktDstAddress OBJECT-TYPE 3362 SYNTAX InetAddress 3363 MAX-ACCESS read-only 3364 STATUS current 3365 DESCRIPTION 3366 "The packet's destination IP address." 3367 ::= { ceipSecFailEntry 9 } 3368 3369 3370 3371-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3372-- The IPsec Notification Control Group 3373-- 3374-- This group of objects controls the sending of IPsec 3375-- SNMP notifications. 3376-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3377 3378ceipSecNotiCntlIpSecAllNotifs OBJECT-TYPE 3379 SYNTAX TruthValue 3380 MAX-ACCESS read-write 3381 STATUS current 3382 DESCRIPTION 3383 "This object 3384 sending any notification 3385 defined in this MIB module. That is, a particular 3386 notification 'foo' defined in this MIB module is 3387 enabled if and only if the expression 3388 3389 (ceipSecNotiCntlIpSecAllNotifs && ceipSecNotiCntl<foo>) 3390 3391 evaluates to 'true', where ceipSecNotiCntl<foo> is a 3392 notification defined in this MIB module." 3393 DEFVAL { true } 3394 ::= { ceipSecNotificationCntl 1 } 3395 3396ceipSecNotifCntlIpSecTunnelStart OBJECT-TYPE 3397 SYNTAX TruthValue 3398 MAX-ACCESS read-write 3399 STATUS current 3400 DESCRIPTION 3401 "This object defines the administrative state 3402 of sending the IPsec Phase-2 Tunnel Start TRAP. 3403 3404 If the value of this object is 'true', the issuing 3405 of the notification 'ciscoEnhIpsecFlowTunnelStart' 3406 is enabled." 3407 DEFVAL { true } 3408 ::= { ceipSecNotificationCntl 2 } 3409 3410ceipSecNotifCntlIpSecTunnelStop OBJECT-TYPE 3411 SYNTAX TruthValue 3412 MAX-ACCESS read-write 3413 STATUS current 3414 DESCRIPTION 3415 "This object defines the administrative state of 3416 sending the IPsec Phase-2 Tunnel Stop TRAP. 3417 3418 If the value of this object is 'true', the issuing 3419 of the notification 'ciscoEnhIpsecFlowTunnelStop' 3420 is enabled." 3421 DEFVAL { true } 3422 ::= { ceipSecNotificationCntl 3 } 3423 3424ceipSecNotifCntlIpSecSysFailure OBJECT-TYPE 3425 SYNTAX TruthValue 3426 MAX-ACCESS read-write 3427 STATUS current 3428 DESCRIPTION 3429 "This object defines the administrative state 3430 of sending the IPsec Phase-2 System Failure TRAP. 3431 3432 If the value of this object is 'true', the issuing 3433 of the notification 'ciscoEnhIpsecFlowSysFailure' 3434 is enabled." 3435 DEFVAL { true } 3436 ::= { ceipSecNotificationCntl 4 } 3437 3438ceipSecNotifCntlIpSecSetUpFail OBJECT-TYPE 3439 SYNTAX TruthValue 3440 MAX-ACCESS read-write 3441 STATUS current 3442 DESCRIPTION 3443 "This object defines the administrative state 3444 of sending the IPsec Phase-2 Set Up Failure TRAP. 3445 3446 If the value of this object is 'true', the issuing 3447 of the notification 'ciscoEnhIpsecFlowSetupFail' 3448 is enabled." 3449 DEFVAL { true } 3450 ::= { ceipSecNotificationCntl 5 } 3451 3452ceipSecNotifCntlIpSecBadSa OBJECT-TYPE 3453 SYNTAX TruthValue 3454 MAX-ACCESS read-write 3455 STATUS current 3456 DESCRIPTION 3457 "This object defines the administrative state of 3458 sending the IPsec Phase-2 No Security Association 3459 trap. 3460 3461 If the value of this object is 'true', the issuing 3462 of the notification 'ciscoEnhIpsecFlowBadSa' is 3463 enabled." 3464 DEFVAL { true } 3465 ::= { ceipSecNotificationCntl 6 } 3466 3467ceipSecNotifCntlCertExpiry OBJECT-TYPE 3468 SYNTAX TruthValue 3469 MAX-ACCESS read-write 3470 STATUS current 3471 DESCRIPTION 3472 "This object defines the administrative state of sending the 3473 IPSec certificate expiry notification. 3474 3475 If the value of this object is 'true', the issuing of the 3476 notification 'ciscoEnhIpsecFlowCertExpiry' is enabled, 3477 otherwise notification 'ciscoEnhIpsecFlowCertExpiry' is 3478 disabled." 3479 DEFVAL { true } 3480 ::= { ceipSecNotificationCntl 7 } 3481 3482ceipSecNotifCntlCertRenewal OBJECT-TYPE 3483 SYNTAX TruthValue 3484 MAX-ACCESS read-write 3485 STATUS current 3486 DESCRIPTION 3487 "This object defines the administrative state of sending the 3488 IPSec X.509 certificate renewal status notification. 3489 3490 If the value of this object is 'true', the issuing of the 3491 notification 'ciscoEnhIpsecFlowCertRenewal' is enabled, 3492 otherwise notification 'ciscoEnhIpsecFlowCertRenewal' is 3493 disabled." 3494 DEFVAL { true } 3495 ::= { ceipSecNotificationCntl 8 } 3496 3497-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3498-- IPsec Notifications - TRAPs 3499-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3500 3501ciscoEnhIpsecFlowTunnelStart NOTIFICATION-TYPE 3502 OBJECTS { 3503 ceipSecTunLifeTime, 3504 ceipSecTunLifeSize 3505 } 3506 STATUS current 3507 DESCRIPTION 3508 "This notification is generated when an IPsec Phase-2 3509 Tunnel becomes active." 3510 ::= { ciscoEnhancedIpsecFlowMIBNotifs 1 } 3511 3512ciscoEnhIpsecFlowTunnelStop NOTIFICATION-TYPE 3513 OBJECTS { 3514 ceipSecTunHistTermReason, 3515 ceipSecTunActiveTime 3516 } 3517 STATUS current 3518 DESCRIPTION 3519 "This notification is generated when an IPsec Phase-2 3520 Tunnel becomes inactive." 3521 ::= { ciscoEnhancedIpsecFlowMIBNotifs 2 } 3522 3523ciscoEnhIpsecFlowSysFailure NOTIFICATION-TYPE 3524 OBJECTS { 3525 ceipSecFailReason, 3526 ceipSecFailPktSrcAddressType, 3527 ceipSecFailPktSrcAddress, 3528 ceipSecFailPktDstAddressType, 3529 ceipSecFailPktDstAddress 3530 } 3531 STATUS current 3532 DESCRIPTION 3533 "This notification is generated when the processing 3534 for an IPsec Phase-2 Tunnel experiences an internal 3535 or system capacity error." 3536 ::= { ciscoEnhancedIpsecFlowMIBNotifs 3 } 3537 3538ciscoEnhIpsecFlowSetupFail NOTIFICATION-TYPE 3539 OBJECTS { 3540 ceipSecFailReason, 3541 ceipSecFailPktSrcAddressType, 3542 ceipSecFailPktSrcAddress, 3543 ceipSecFailPktDstAddressType, 3544 ceipSecFailPktDstAddress 3545 } 3546 STATUS current 3547 DESCRIPTION 3548 "This notification is generated when the setup for 3549 an IPsec Phase-2 Tunnel fails." 3550 ::= { ciscoEnhancedIpsecFlowMIBNotifs 4 } 3551 3552ciscoEnhIpsecFlowBadSa NOTIFICATION-TYPE 3553 OBJECTS { ceipSecFailSaSpi } 3554 STATUS current 3555 DESCRIPTION 3556 "This notification is generated when the managed 3557 entity receives an IPsec packet with a non-existent 3558 (non-existant in the local Security Association 3559 Database) SPI." 3560 ::= { ciscoEnhancedIpsecFlowMIBNotifs 5 } 3561 3562ciscoEnhIpsecFlowCertExpiry NOTIFICATION-TYPE 3563 OBJECTS { 3564 ceipSecCertSubjectName, 3565 ceipSecCertSerialNumber, 3566 ceipSecCertIssuerName, 3567 ceipSecCertExpiryTime, 3568 ceipSecCertExpiryStatus 3569 } 3570 STATUS current 3571 DESCRIPTION 3572 "This notification is generated to notify that an X.509 3573 certificate is going to expire. The notification is triggered 3574 the time threshold configured on the application for 3575 notification before the certificate is going to expire, which 3576 is when the value of ceipSecCertExpiryStatus is changed from 3577 certOK(1) to certGoingExpired(2). The user should take action 3578 to renew the certificate identified in the notification prior 3579 to the certificate expiration, which is at the validity 3580 notAfter time provided in the notification." 3581 ::= { ciscoEnhancedIpsecFlowMIBNotifs 6 } 3582 3583ciscoEnhIpsecFlowCertRenewal NOTIFICATION-TYPE 3584 OBJECTS { 3585 ceipSecCertSubjectName, 3586 ceipSecCertSerialNumber, 3587 ceipSecCertIssuerName, 3588 ceipSecCertRenewalStatus, 3589 ceipSecCertExpiryTime 3590 } 3591 STATUS current 3592 DESCRIPTION 3593 "This notification is generated to report a status transition 3594 for an X.509 certificate renewal performed by the application. 3595 The notification is generated when the value of 3596 ceipSecCertRenewalStatus is changed from 3597 1. renewalNotNeeded(1) to renewalRequestNeeded(2) or 3598 renewalRequested(3) 3599 2. renewalRequestNeeded(2) to renewalRequested(3) 3600 3. renewalRequested(3) to renewalSuccess(4) or 3601 renewalFailedUpdate(5) or renewalFailedExpired(6) 3602 4. renewalFailedUpdate(5) to renewalFailedExpired(6)" 3603 ::= { ciscoEnhancedIpsecFlowMIBNotifs 7 } 3604-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3605-- Conformance Information 3606-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3607 3608ciscoEnhIPsecFlowMIBCompliances OBJECT IDENTIFIER 3609 ::= { ciscoEnhancedIpsecFlowMIBConform 1 } 3610 3611ciscoIPsecFlowMIBGroups OBJECT IDENTIFIER 3612 ::= { ciscoEnhancedIpsecFlowMIBConform 2 } 3613 3614 3615-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3616-- Compliance Statements 3617-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3618 3619ciscoEnhIPsecFlowMIBCompliance MODULE-COMPLIANCE 3620 STATUS deprecated 3621 DESCRIPTION 3622 "The compliance statement for SNMP entities 3623 pertaining to Phase-2 of IP Security Protocol." 3624 MODULE -- this module 3625 MANDATORY-GROUPS { 3626 ciscoEnhIPsecFlowActivityGroup, 3627 ciscoEnhIPsecFlowCoreHistGroup, 3628 ciscoEnhIPsecFlowCoreFailGroup, 3629 ciscoEnhIPsecFlowTunnelSaGroup 3630 } 3631 3632 GROUP ciscoEnhIPsecFlowHistoryGroup 3633 DESCRIPTION 3634 "This group is optional and must be implemented 3635 by the agent of the managed entity if the managed 3636 entity implements historical archiving of IPsec 3637 flows." 3638 3639 GROUP ciscoEnhIPsecFlowFailureGroup 3640 DESCRIPTION 3641 "This group is optional and must be implemented 3642 by the agent of the managed entity if the 3643 managed entity implements historical archiving 3644 of failure of IPsec Phase-2 operations and tunnels." 3645 3646 GROUP ciscoEnhIPsecFlowNotifGroup 3647 DESCRIPTION 3648 "The group is optional." 3649 3650 GROUP ciscoEnhIPsecFlowNotifCntlGroup 3651 DESCRIPTION 3652 "The agent must implement this group if it implements 3653 the group 'ciscoEnhIPsecFlowNotifGroup'." 3654 3655 OBJECT ceipSecTunStatus 3656 MIN-ACCESS read-only 3657 DESCRIPTION 3658 "Write access is not required." 3659 3660 OBJECT ceipSecHistTableSize 3661 MIN-ACCESS read-only 3662 DESCRIPTION 3663 "Write access is not required. In addition, 3664 implementations which want to disable archiving 3665 of tunnels may set the value of this object to 3666 zero." 3667 3668 OBJECT ceipSecFailTableSize 3669 MIN-ACCESS read-only 3670 DESCRIPTION 3671 "Write access is not required. In addition, 3672 implementations which want to disable archiving 3673 of failures may set the value of this object to 3674 zero." 3675 3676 OBJECT ceipSecNotiCntlIpSecAllNotifs 3677 MIN-ACCESS read-only 3678 DESCRIPTION 3679 "Write access is not required." 3680 3681 OBJECT ceipSecNotifCntlIpSecTunnelStart 3682 MIN-ACCESS read-only 3683 DESCRIPTION 3684 "Write access is not required." 3685 3686 OBJECT ceipSecNotifCntlIpSecTunnelStop 3687 MIN-ACCESS read-only 3688 DESCRIPTION 3689 "Write access is not required." 3690 3691 OBJECT ceipSecNotifCntlIpSecSysFailure 3692 MIN-ACCESS read-only 3693 DESCRIPTION 3694 "Write access is not required." 3695 3696 OBJECT ceipSecNotifCntlIpSecSetUpFail 3697 MIN-ACCESS read-only 3698 DESCRIPTION 3699 "Write access is not required." 3700 3701 OBJECT ceipSecNotifCntlIpSecBadSa 3702 MIN-ACCESS read-only 3703 DESCRIPTION 3704 "Write access is not required." 3705 ::= { ciscoEnhIPsecFlowMIBCompliances 1 } 3706 3707-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3708-- Compliance Statements 3709-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3710 3711ciscoEnhIPsecFlowMIBComplianceRev1 MODULE-COMPLIANCE 3712 STATUS deprecated 3713 DESCRIPTION 3714 "The compliance statement for SNMP entities 3715 pertaining to Phase-2 of IP Security Protocol." 3716 MODULE -- this module 3717 MANDATORY-GROUPS { 3718 ciscoEnhIPsecFlowActivityGroup, 3719 ciscoEnhIPsecFlowCoreHistGroup, 3720 ciscoEnhIPsecFlowCoreFailGroup, 3721 ciscoEnhIPsecFlowTunnelSaGroup 3722 } 3723 3724 GROUP ciscoEnhIPsecFlowHistoryGroup 3725 DESCRIPTION 3726 "This group is optional and must be implemented 3727 by the agent of the managed entity if the managed 3728 entity implements historical archiving of IPsec 3729 flows." 3730 3731 GROUP ciscoEnhIPsecFlowFailureGroup 3732 DESCRIPTION 3733 "This group is optional and must be implemented 3734 by the agent of the managed entity if the 3735 managed entity implements historical archiving 3736 of failure of IPsec Phase-2 operations and tunnels." 3737 3738 GROUP ciscoEnhIPsecFlowNotifGroup 3739 DESCRIPTION 3740 "The group is optional." 3741 3742 GROUP ciscoEnhIPsecFlowNotifCntlGroup 3743 DESCRIPTION 3744 "The agent must implement this group if it implements 3745 the group 'ciscoEnhIPsecFlowNotifGroup'." 3746 3747 GROUP ciscoEnhIPsecFlowNotifGroupSup01 3748 DESCRIPTION 3749 "This group is optional." 3750 3751 GROUP ciscoEnhIPsecFlowNotifCntlGroupSup01 3752 DESCRIPTION 3753 "The agent must implement this group if it implements 3754 the group 'ciscoEnhIPsecFlowNotifGroupSup01'." 3755 3756 GROUP ciscoEnhIPsecFlowCertObjectGroup 3757 DESCRIPTION 3758 "The agent must implement this group if it implements 3759 the group 'ciscoEnhIPsecFlowNotifGroupSup01'." 3760 3761 OBJECT ceipSecTunStatus 3762 MIN-ACCESS read-only 3763 DESCRIPTION 3764 "Write access is not required." 3765 3766 OBJECT ceipSecHistTableSize 3767 MIN-ACCESS read-only 3768 DESCRIPTION 3769 "Write access is not required. In addition, 3770 implementations which want to disable archiving 3771 of tunnels may set the value of this object to 3772 zero." 3773 3774 OBJECT ceipSecFailTableSize 3775 MIN-ACCESS read-only 3776 DESCRIPTION 3777 "Write access is not required. In addition, 3778 implementations which want to disable archiving 3779 of failures may set the value of this object to 3780 zero." 3781 3782 OBJECT ceipSecNotiCntlIpSecAllNotifs 3783 MIN-ACCESS read-only 3784 DESCRIPTION 3785 "Write access is not required." 3786 3787 OBJECT ceipSecNotifCntlIpSecTunnelStart 3788 MIN-ACCESS read-only 3789 DESCRIPTION 3790 "Write access is not required." 3791 3792 OBJECT ceipSecNotifCntlIpSecTunnelStop 3793 MIN-ACCESS read-only 3794 DESCRIPTION 3795 "Write access is not required." 3796 3797 OBJECT ceipSecNotifCntlIpSecSysFailure 3798 MIN-ACCESS read-only 3799 DESCRIPTION 3800 "Write access is not required." 3801 3802 OBJECT ceipSecNotifCntlIpSecSetUpFail 3803 MIN-ACCESS read-only 3804 DESCRIPTION 3805 "Write access is not required." 3806 3807 OBJECT ceipSecNotifCntlIpSecBadSa 3808 MIN-ACCESS read-only 3809 DESCRIPTION 3810 "Write access is not required." 3811 ::= { ciscoEnhIPsecFlowMIBCompliances 2 } 3812 3813-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3814-- Compliance Statements 3815-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3816 3817ciscoEnhIPsecFlowMIBComplianceRev2 MODULE-COMPLIANCE 3818 STATUS current 3819 DESCRIPTION 3820 "The compliance statement for SNMP entities 3821 pertaining to Phase-2 of IP Security Protocol." 3822 MODULE -- this module 3823 MANDATORY-GROUPS { 3824 ciscoEnhIPsecFlowActivityGroup, 3825 ciscoEnhIPsecFlowCoreHistGroup, 3826 ciscoEnhIPsecFlowCoreFailGroup, 3827 ciscoEnhIPsecFlowTunnelSaGroup 3828 } 3829 3830 GROUP ciscoEnhIPsecFlowHistoryGroup 3831 DESCRIPTION 3832 "This group is optional and must be implemented 3833 by the agent of the managed entity if the managed 3834 entity implements historical archiving of IPsec 3835 flows." 3836 3837 GROUP ciscoEnhIPsecFlowFailureGroup 3838 DESCRIPTION 3839 "This group is optional and must be implemented 3840 by the agent of the managed entity if the 3841 managed entity implements historical archiving 3842 of failure of IPsec Phase-2 operations and tunnels." 3843 3844 GROUP ciscoEnhIPsecFlowNotifGroup 3845 DESCRIPTION 3846 "The group is optional." 3847 3848 GROUP ciscoEnhIPsecFlowNotifCntlGroup 3849 DESCRIPTION 3850 "The agent must implement this group if it implements 3851 the group 'ciscoEnhIPsecFlowNotifGroup'." 3852 3853 GROUP ciscoEnhIPsecFlowNotifGroupSup01 3854 DESCRIPTION 3855 "This group is optional." 3856 3857 GROUP ciscoEnhIPsecFlowNotifCntlGroupSup01 3858 DESCRIPTION 3859 "The agent must implement this group if it implements 3860 the group 'ciscoEnhIPsecFlowNotifGroupSup01'." 3861 3862 GROUP ciscoEnhIPsecFlowCertObjectGroup 3863 DESCRIPTION 3864 "The agent must implement this group if it implements 3865 the group 'ciscoEnhIPsecFlowNotifGroupSup01'." 3866 3867 GROUP ciscoEnhIPsecFlowPerformanceThroughputGroup 3868 DESCRIPTION 3869 "This group is optional." 3870 3871 OBJECT ceipSecTunStatus 3872 MIN-ACCESS read-only 3873 DESCRIPTION 3874 "Write access is not required." 3875 3876 OBJECT ceipSecHistTableSize 3877 MIN-ACCESS read-only 3878 DESCRIPTION 3879 "Write access is not required. In addition, 3880 implementations which want to disable archiving 3881 of tunnels may set the value of this object to 3882 zero." 3883 3884 OBJECT ceipSecFailTableSize 3885 MIN-ACCESS read-only 3886 DESCRIPTION 3887 "Write access is not required. In addition, 3888 implementations which want to disable archiving 3889 of failures may set the value of this object to 3890 zero." 3891 3892 OBJECT ceipSecNotiCntlIpSecAllNotifs 3893 MIN-ACCESS read-only 3894 DESCRIPTION 3895 "Write access is not required." 3896 3897 OBJECT ceipSecNotifCntlIpSecTunnelStart 3898 MIN-ACCESS read-only 3899 DESCRIPTION 3900 "Write access is not required." 3901 3902 OBJECT ceipSecNotifCntlIpSecTunnelStop 3903 MIN-ACCESS read-only 3904 DESCRIPTION 3905 "Write access is not required." 3906 3907 OBJECT ceipSecNotifCntlIpSecSysFailure 3908 MIN-ACCESS read-only 3909 DESCRIPTION 3910 "Write access is not required." 3911 3912 OBJECT ceipSecNotifCntlIpSecSetUpFail 3913 MIN-ACCESS read-only 3914 DESCRIPTION 3915 "Write access is not required." 3916 3917 OBJECT ceipSecNotifCntlIpSecBadSa 3918 MIN-ACCESS read-only 3919 DESCRIPTION 3920 "Write access is not required." 3921 ::= { ciscoEnhIPsecFlowMIBCompliances 3 } 3922 3923-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3924-- Units of Conformance: List of current groups 3925-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3926 3927ciscoEnhIPsecFlowActivityGroup OBJECT-GROUP 3928 OBJECTS { 3929 ceipSecGlobalActiveTunnels, 3930 ceipSecGlobalPreviousTunnels, 3931 ceipSecGlobalInOctets, 3932 ceipSecGlobalInDecompOctets, 3933 ceipSecGlobalInPkts, 3934 ceipSecGlobalInDrops, 3935 ceipSecGlobalInReplayDrops, 3936 ceipSecGlobalInAuths, 3937 ceipSecGlobalInAuthFails, 3938 ceipSecGlobalInDecrypts, 3939 ceipSecGlobalInDecryptFails, 3940 ceipSecGlobalOutOctets, 3941 ceipSecGlobalOutUncompOctets, 3942 ceipSecGlobalOutPkts, 3943 ceipSecGlobalOutDrops, 3944 ceipSecGlobalOutAuths, 3945 ceipSecGlobalOutAuthFails, 3946 ceipSecGlobalOutEncrypts, 3947 ceipSecGlobalOutEncryptFails, 3948 ceipSecGlobalProtocolUseFails, 3949 ceipSecGlobalNoSaFails, 3950 ceipSecGlobalSysCapFails, 3951 ceipSecGlobalOutCompressedPkts, 3952 ceipSecGlobalOutCompSkippedPkts, 3953 ceipSecGlobalOutCompFailPkts, 3954 ceipSecGlobalOutCompTooSmallPkts, 3955 ceipSecTunEncapMode, 3956 ceipSecTunLifeSize, 3957 ceipSecTunLifeTime, 3958 ceipSecTunActiveTime, 3959 ceipSecTunSaLifeSizeThreshold, 3960 ceipSecTunSaLifeTimeThreshold, 3961 ceipSecTunTotalRefreshes, 3962 ceipSecTunExpiredSaInstances, 3963 ceipSecTunCurrentSaInstances, 3964 ceipSecTunInSaDHGrp, 3965 ceipSecTunInSaEncryptAlgo, 3966 ceipSecTunInSaAhAuthAlgo, 3967 ceipSecTunInSaEspAuthAlgo, 3968 ceipSecTunInSaDecompAlgo, 3969 ceipSecTunOutSaDHGrp, 3970 ceipSecTunOutSaEncryptAlgo, 3971 ceipSecTunOutSaAhAuthAlgo, 3972 ceipSecTunOutSaEspAuthAlgo, 3973 ceipSecTunOutSaCompAlgo, 3974 ceipSecTunPmtu, 3975 ceipSecTunInOctets, 3976 ceipSecTunInDecompOctets, 3977 ceipSecTunInPkts, 3978 ceipSecTunInDropPkts, 3979 ceipSecTunInReplayDropPkts, 3980 ceipSecTunInAuths, 3981 ceipSecTunInAuthFails, 3982 ceipSecTunInDecrypts, 3983 ceipSecTunInDecryptFails, 3984 ceipSecTunOutOctets, 3985 ceipSecTunOutUncompOctets, 3986 ceipSecTunOutPkts, 3987 ceipSecTunOutDropPkts, 3988 ceipSecTunOutAuths, 3989 ceipSecTunOutAuthFails, 3990 ceipSecTunOutEncrypts, 3991 ceipSecTunOutEncryptFails, 3992 ceipSecTunOutCompressedPkts, 3993 ceipSecTunOutCompSkippedPkts, 3994 ceipSecTunOutCompFailPkts, 3995 ceipSecTunOutCompTooSmallPkts, 3996 ceipSecIfIndex, 3997 ceipSecTunStatus, 3998 ceipSecTunControlTunnelIndex, 3999 ceipSecTunControlProtocol, 4000 ceipSecTunControlTunnelAlive, 4001 ceipSecTunInSaEncryptKeySize, 4002 ceipSecTunOutSaEncryptKeySize, 4003 ceipSecTunLocalAddressType, 4004 ceipSecTunLocalAddress, 4005 ceipSecTunRemoteAddressType, 4006 ceipSecTunRemoteAddress, 4007 ceipSecTunNATTraversalMode, 4008 ceipSecEndPtLocalName, 4009 ceipSecEndPtLocalType, 4010 ceipSecEndPtLocalAddrType1, 4011 ceipSecEndPtLocalAddr1, 4012 ceipSecEndPtLocalAddrType2, 4013 ceipSecEndPtLocalAddr2, 4014 ceipSecEndPtLocalProtocol, 4015 ceipSecEndPtLocalPort, 4016 ceipSecEndPtRemoteName, 4017 ceipSecEndPtRemoteType, 4018 ceipSecEndPtRemoteAddrType1, 4019 ceipSecEndPtRemoteAddr1, 4020 ceipSecEndPtRemoteAddrType2, 4021 ceipSecEndPtRemoteAddr2, 4022 ceipSecEndPtRemoteProtocol, 4023 ceipSecEndPtRemotePort, 4024 ceipSecSaDirection, 4025 ceipSecSaValue, 4026 ceipSecSaStatus 4027 } 4028 STATUS current 4029 DESCRIPTION 4030 "This group consists of: 4031 1) IPsec Phase-2 Global Statistics 4032 2) IPsec Phase-2 Tunnel Table 4033 3) IPsec Phase-2 Endpoint Table 4034 4) IPsec Phase-2 Security Association Table" 4035 REFERENCE "rfc2408, rfc2407; rfc2409 section 5.5" 4036 ::= { ciscoIPsecFlowMIBGroups 1 } 4037 4038ciscoEnhIPsecFlowCoreHistGroup OBJECT-GROUP 4039 OBJECTS { ceipSecHistTableSize } 4040 STATUS current 4041 DESCRIPTION 4042 "This group consists of the core (mandatory) 4043 objects pertaining to maintaining history of 4044 IPsec activity." 4045 ::= { ciscoIPsecFlowMIBGroups 2 } 4046 4047ciscoEnhIPsecFlowHistoryGroup OBJECT-GROUP 4048 OBJECTS { 4049 ceipSecTunHistTermReason, 4050 ceipSecTunHistActiveIndex, 4051 ceipSecTunHistEncapMode, 4052 ceipSecTunHistLifeSize, 4053 ceipSecTunHistLifeTime, 4054 ceipSecTunHistStartTime, 4055 ceipSecTunHistActiveTime, 4056 ceipSecTunHistTotalRefreshes, 4057 ceipSecTunHistTotalSas, 4058 ceipSecTunHistInSaDHGrp, 4059 ceipSecTunHistInSaEncryptAlgo, 4060 ceipSecTunHistInSaAhAuthAlgo, 4061 ceipSecTunHistInSaEspAuthAlgo, 4062 ceipSecTunHistInSaDecompAlgo, 4063 ceipSecTunHistOutSaDHGrp, 4064 ceipSecTunHistOutSaEncryptAlgo, 4065 ceipSecTunHistOutSaAhAuthAlgo, 4066 ceipSecTunHistOutSaEspAuthAlgo, 4067 ceipSecTunHistOutSaCompAlgo, 4068 ceipSecTunHistPmtu, 4069 ceipSecTunHistInOctets, 4070 ceipSecTunHistInDecompOctets, 4071 ceipSecTunHistInPkts, 4072 ceipSecTunHistInDropPkts, 4073 ceipSecTunHistInReplayDropPkts, 4074 ceipSecTunHistInAuths, 4075 ceipSecTunHistInAuthFails, 4076 ceipSecTunHistInDecrypts, 4077 ceipSecTunHistInDecryptFails, 4078 ceipSecTunHistOutOctets, 4079 ceipSecTunHistOutUncompOctets, 4080 ceipSecTunHistOutPkts, 4081 ceipSecTunHistOutDropPkts, 4082 ceipSecTunHistOutAuths, 4083 ceipSecTunHistOutAuthFails, 4084 ceipSecTunHistOutEncrypts, 4085 ceipSecTunHistOutEncryptFails, 4086 ceipSecTunHistOutCompressedPkts, 4087 ceipSecTunHistOutCompSkippedPkts, 4088 ceipSecTunHistOutCompFailPkts, 4089 ceipSecTunHistOutCompSmallPkts, 4090 ceipSecTunHistControlProtocol, 4091 ceipSecTunHistControlTunnelIndex, 4092 ceipSecTunHistInSaEncryptKeySize, 4093 ceipSecTunHistOutSaEncryptKeySz, 4094 ceipSecTunHistLocalAddressType, 4095 ceipSecTunHistLocalAddress, 4096 ceipSecTunHistRemoteAddressType, 4097 ceipSecTunHistRemoteAddress, 4098 ceipSecTunHistNATTraversalMode, 4099 ceipSecEndPtHistTunIndex, 4100 ceipSecEndPtHistActiveIndex, 4101 ceipSecEndPtHistLocalName, 4102 ceipSecEndPtHistLocalType, 4103 ceipSecEndPtHistLocalAddrType1, 4104 ceipSecEndPtHistLocalAddr1, 4105 ceipSecEndPtHistLocalAddrType2, 4106 ceipSecEndPtHistLocalAddr2, 4107 ceipSecEndPtHistLocalProtocol, 4108 ceipSecEndPtHistLocalPort, 4109 ceipSecEndPtHistRemoteName, 4110 ceipSecEndPtHistRemoteType, 4111 ceipSecEndPtHistRemoteAddrType1, 4112 ceipSecEndPtHistRemoteAddr1, 4113 ceipSecEndPtHistRemoteAddrType2, 4114 ceipSecEndPtHistRemoteAddr2, 4115 ceipSecEndPtHistRemoteProtocol, 4116 ceipSecEndPtHistRemotePort 4117 } 4118 STATUS current 4119 DESCRIPTION 4120 "This group consists of objects that pertain 4121 to maintenance of history of IPsec Phase 2 4122 activity." 4123 ::= { ciscoIPsecFlowMIBGroups 3 } 4124 4125ciscoEnhIPsecFlowCoreFailGroup OBJECT-GROUP 4126 OBJECTS { ceipSecFailTableSize } 4127 STATUS current 4128 DESCRIPTION 4129 "This group consists of the core (mandatory) 4130 objects pertaining to maintaining history of 4131 failure IPsec activity." 4132 ::= { ciscoIPsecFlowMIBGroups 4 } 4133 4134ciscoEnhIPsecFlowFailureGroup OBJECT-GROUP 4135 OBJECTS { 4136 ceipSecFailReason, 4137 ceipSecFailTime, 4138 ceipSecFailTunnelIndex, 4139 ceipSecFailSaSpi, 4140 ceipSecFailPktSrcAddressType, 4141 ceipSecFailPktSrcAddress, 4142 ceipSecFailPktDstAddressType, 4143 ceipSecFailPktDstAddress 4144 } 4145 STATUS current 4146 DESCRIPTION 4147 "This group consists of objects that pertain 4148 to maintenance of history of failures 4149 associated with Phase 2 IPsec activity." 4150 ::= { ciscoIPsecFlowMIBGroups 5 } 4151 4152ciscoEnhIPsecFlowNotifCntlGroup OBJECT-GROUP 4153 OBJECTS { 4154 ceipSecNotiCntlIpSecAllNotifs, 4155 ceipSecNotifCntlIpSecTunnelStart, 4156 ceipSecNotifCntlIpSecTunnelStop, 4157 ceipSecNotifCntlIpSecSysFailure, 4158 ceipSecNotifCntlIpSecSetUpFail, 4159 ceipSecNotifCntlIpSecBadSa 4160 } 4161 STATUS current 4162 DESCRIPTION 4163 "This group of objects controls the sending 4164 of notifications pertaining to IPsec Phase-2 4165 processing." 4166 ::= { ciscoIPsecFlowMIBGroups 6 } 4167 4168ciscoEnhIPsecFlowNotifGroup NOTIFICATION-GROUP 4169 NOTIFICATIONS { 4170 ciscoEnhIpsecFlowTunnelStart, 4171 ciscoEnhIpsecFlowTunnelStop, 4172 ciscoEnhIpsecFlowSysFailure, 4173 ciscoEnhIpsecFlowSetupFail, 4174 ciscoEnhIpsecFlowBadSa 4175 } 4176 STATUS current 4177 DESCRIPTION 4178 "This group contains the notifications pertaining 4179 to Phase-2 operations and data transfer." 4180 REFERENCE "rfc2408, rfc2407; rfc2409 section 5.5" 4181 ::= { ciscoIPsecFlowMIBGroups 7 } 4182 4183ciscoEnhIPsecFlowTunnelSaGroup OBJECT-GROUP 4184 OBJECTS { 4185 ceipSecTunSaValue, 4186 ceipSecTunSaIfIndex, 4187 ceipSecTunSaInOctets, 4188 ceipSecTunSaInDecompOctets, 4189 ceipSecTunSaInPkts, 4190 ceipSecTunSaInDropPkts, 4191 ceipSecTunSaInReplayDropPkts, 4192 ceipSecTunSaInAuths, 4193 ceipSecTunSaInAuthFails, 4194 ceipSecTunSaInDecrypts, 4195 ceipSecTunSaInDecryptFails, 4196 ceipSecTunSaOutOctets, 4197 ceipSecTunSaOutUncompOctets, 4198 ceipSecTunSaOutPkts, 4199 ceipSecTunSaOutDropPkts, 4200 ceipSecTunSaOutAuths, 4201 ceipSecTunSaOutAuthFails, 4202 ceipSecTunSaOutEncrypts, 4203 ceipSecTunSaOutEncryptFails, 4204 ceipSecTunSaOutCompressedPkts, 4205 ceipSecTunSaOutCompSkippedPkts, 4206 ceipSecTunSaOutCompFailPkts, 4207 ceipSecTunSaOutCompTooSmallPkts, 4208 ceipSecTunSaStatus, 4209 ceipSecIfTunnelStatus 4210 } 4211 STATUS current 4212 DESCRIPTION 4213 "This group consists of the Phase-2 IPsec tunnel 4214 Security Association and traffic information." 4215 ::= { ciscoIPsecFlowMIBGroups 8 } 4216 4217ciscoEnhIPsecFlowNotifCntlGroupSup01 OBJECT-GROUP 4218 OBJECTS { 4219 ceipSecNotifCntlCertExpiry, 4220 ceipSecNotifCntlCertRenewal 4221 } 4222 STATUS current 4223 DESCRIPTION 4224 "This supplement group of objects controls the sending of X.509 4225 certificate IPSec notifications." 4226 ::= { ciscoIPsecFlowMIBGroups 9 } 4227 4228ciscoEnhIPsecFlowNotifGroupSup01 NOTIFICATION-GROUP 4229 NOTIFICATIONS { 4230 ciscoEnhIpsecFlowCertExpiry, 4231 ciscoEnhIpsecFlowCertRenewal 4232 } 4233 STATUS current 4234 DESCRIPTION 4235 "This supplement group contains the X.509 certificate 4236 notifications for the IPSec MIB." 4237 ::= { ciscoIPsecFlowMIBGroups 10 } 4238 4239-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4240-- Units of Conformance 4241-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4242 4243ciscoEnhIPsecFlowCertObjectGroup OBJECT-GROUP 4244 OBJECTS { 4245 ceipSecCertSubjectName, 4246 ceipSecCertSerialNumber, 4247 ceipSecCertIssuerName, 4248 ceipSecCertExpiryTime, 4249 ceipSecCertRenewalStatus, 4250 ceipSecCertExpiryStatus 4251 } 4252 STATUS current 4253 DESCRIPTION 4254 "This group consists of objects to support X.509 certificates." 4255 ::= { ciscoIPsecFlowMIBGroups 11 } 4256 4257ciscoEnhIPsecFlowPerformanceThroughputGroup OBJECT-GROUP 4258 OBJECTS { 4259 ceipSecGlobalThroughputUtilizatioinTimeInterval, 4260 ceipSecGlobalThroughputLastUpdatedTime, 4261 ceipSecGlobalLastAveragePacketSize, 4262 ceipSecGlobalLastThroughputInMbps, 4263 ceipSecGlobalLastThroughputInKpps, 4264 ceipSecGlobalLastThroughputUtilization, 4265 ceipSecGlobalPeakThroughputUtilization, 4266 ceipSecGlobalPeakThroughputDateAndTime, 4267 ceipSecGlobalPeakThroughputInMbps, 4268 ceipSecGlobalPeakAvgPacketSize 4269 } 4270 STATUS current 4271 DESCRIPTION 4272 "This group consists of objects to show the the performance 4273 utilization." 4274 ::= { ciscoIPsecFlowMIBGroups 12 } 4275 4276END 4277 4278 4279 4280