From 3a40db48b863ba653d83091069a1f9fd7affb8cc Mon Sep 17 00:00:00 2001 From: Adam Amstrong Date: Mon, 5 Jul 2010 19:34:52 +0000 Subject: [PATCH] cleanup checks add some mibs git-svn-id: http://www.observium.org/svn/observer/trunk@1301 61d68cd4-352d-0410-923a-c4978735b2b8 --- html/includes/authenticate.inc.php | 6 +- mibs/CISCO-FIREWALL-MIB.my | 1336 ++++++ mibs/CISCO-IPSEC-FLOW-MONITOR-MIB.my | 5881 ++++++++++++++++++++++++++ mibs/CISCO-MEDIA-GATEWAY-MIB.my | 2282 ++++++++++ 4 files changed, 9502 insertions(+), 3 deletions(-) create mode 100644 mibs/CISCO-FIREWALL-MIB.my create mode 100644 mibs/CISCO-IPSEC-FLOW-MONITOR-MIB.my create mode 100644 mibs/CISCO-MEDIA-GATEWAY-MIB.my diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php index 4d7d7c1814..fac51d25c4 100644 --- a/html/includes/authenticate.inc.php +++ b/html/includes/authenticate.inc.php @@ -8,13 +8,13 @@ session_start(); if(!is_dir($config['rrd_dir'])) echo "
RRD Log Directory is missing ({$config['rrd_dir']}). Graphing may fail.
"; -if(!is_writable($config['rrd_dir'])) +if(!$config['rrdcached'] && !is_writable($config['rrd_dir'])) echo "
RRD Log Directory is not writable ({$config['rrd_dir']}). Graphing may fail.
"; -if(!is_dir($config['tmp_dir'])) +if(!is_dir($config['temp_dir'])) echo "
Temp Directory is missing ({$config['tmp_dir']}). Graphing may fail.
"; -if(!is_writable($config['tmp_dir'])) +if(!is_writable($config['temp_dir'])) echo "
Temp Directory is not writable ({$config['tmp_dir']}). Graphing may fail.
"; diff --git a/mibs/CISCO-FIREWALL-MIB.my b/mibs/CISCO-FIREWALL-MIB.my new file mode 100644 index 0000000000..8472ad5942 --- /dev/null +++ b/mibs/CISCO-FIREWALL-MIB.my @@ -0,0 +1,1336 @@ +-- ***************************************************************** +-- CISCO-FIREWALL-MIB +-- +-- April, 1999 Jim Fitzgerald +-- +-- Copyright (c) 1999-2005 by cisco Systems, Inc. +-- All rights reserved. +-- ***************************************************************** + +CISCO-FIREWALL-MIB DEFINITIONS ::= BEGIN + +IMPORTS + OBJECT-GROUP, + NOTIFICATION-GROUP, + MODULE-COMPLIANCE FROM SNMPv2-CONF + + MODULE-IDENTITY, + OBJECT-TYPE, + NOTIFICATION-TYPE, + Counter32, + Gauge32, + Unsigned32, + IpAddress FROM SNMPv2-SMI + + DateAndTime, + TEXTUAL-CONVENTION, + RowPointer FROM SNMPv2-TC + + SnmpAdminString FROM SNMP-FRAMEWORK-MIB + InterfaceIndexOrZero FROM IF-MIB + ciscoMgmt FROM CISCO-SMI; + + +ciscoFirewallMIB MODULE-IDENTITY + LAST-UPDATED "200512060000Z" + ORGANIZATION "Cisco Systems, Inc." + CONTACT-INFO + " Cisco Systems + Customer Service + + Postal: 170 W Tasman Drive + San Jose, CA 95134 + USA + + Tel: +1 800 553-NETS + + E-mail: cs-pix@cisco.com + cs-iosfw@cisco.com" + DESCRIPTION "MIB module for monitoring Cisco Firewalls." + REVISION "200512060000Z" + DESCRIPTION + "Added the copyright statement and updated the imports + such that Unsigned32 is imported from SNMPv2-SMI instead + of CISCO-TC. Added a new NOTIFICATION-GROUP + ciscoFirewallMIBNotificationGroupRev1 to include all the + notifications defined in the MIB. Obsoleted the + OBJECT-GROUP ciscoFirewallMIBNotificationGroup. Deprecated + the MODULE-COMPLIANCE ciscoFirewallMIBCompliance and added + a new MODULE-COMPLIANCE ciscoFirewallMIBComplianceRev1." + REVISION "9904291200Z" + DESCRIPTION + "Initial version of this MIB module." + ::= { ciscoMgmt 147 } + +ciscoFirewallMIBObjects OBJECT IDENTIFIER ::= { ciscoFirewallMIB 1 } + +cfwEvents OBJECT IDENTIFIER ::= { ciscoFirewallMIBObjects 1 } + cfwBasicEvents OBJECT IDENTIFIER ::= { cfwEvents 1 } + cfwNetEvents OBJECT IDENTIFIER ::= { cfwEvents 2 } + + +cfwSystem OBJECT IDENTIFIER ::= { ciscoFirewallMIBObjects 2 } + cfwStatus OBJECT IDENTIFIER ::= { cfwSystem 1 } + cfwStatistics OBJECT IDENTIFIER ::= { cfwSystem 2 } + +-- Textual Conventions + +ResourceStatistics ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to identify various statistics + that are related to the resources on a firewall. + + highUse : The highest load the resource has had for a + time period. The time period will be + implementation dependent. + highLoad : The highest load the resource has had since + startup. + maximum : The maximum amount of the resource that is + available. + minimum : The minimum amount of the resource that is + available. + low : The lowest amount of the resource that has been + available since startup. + high : The highest amount of the resource that has been + available since startup. + average : The average amount of the resource that has been + available since startup. + free : The amount of the resource that is currently + available since startup. + inUse : The amount of the resource that is currently + in use, eg. CPU usage, memory usage." + SYNTAX INTEGER { + highUse(1), + highLoad(2), + maximum(3), + minimum(4), + low(5), + high(6), + average(7), + free(8), + inUse(9) + } + +Hardware ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various hardware + resouces that can be monitored by the firewall. + + memory - identifies memory. + disk - identifies disk. + power - identifies power. + netInterface - identifies a network interface. + tape - identifies a tape drive. + controller - identifies hardware controller. + cpu - identifies CPU. + primaryUnit - identifies the primary unit of the two + identical firewalls configured redundancy. + secondaryUnit - identifies the secondary unit of the two + identical firewalls configured redundancy. + other - identifies other hardware." + SYNTAX INTEGER { + memory(1), + disk(2), + power(3), + netInterface(4), + cpu(5), + primaryUnit(6), + secondaryUnit(7), + other(8) + } + +Services ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + + "This textual convention is used to describe various services + that are monitored by the firewall. + + otherFWService - a service that does not fit into any + other category. + fileXferFtp - identifies FTP, File Transfer Protocol. + fileXferTftp - identifies TFTP, Trivial File + Transfer Protocol + fileXferFtps - identifies FTP, File Transfer + Protocol running over Secure Sockets Layer. + loginTelnet - identifies telnet + loginRlogin - identifies rlogin. + loginTelnets - identifies telnet over + Secure Sockets Layer(SSL). + remoteExecSunRPC - identifies Sun Remote + Procedure Call Protocol. + remoteExecMSRPC - identifies Microsoft Remote + Procedure Call Protocol. + remoteExecRsh - identifies the remote shell. + remoteExecXserver - identifies the Xwindows server. + webHttp - identifies Hyper Text Transfer Protocol. + webHttps - identifies the secure HTTP protocol. + mailSmtp - identifies SMTP, Simple Mail Transfer Protocol. + mailSmtps - identifies SMTP, Simple Mail Transfer Protocol + running over Secure Sockets Layer (SSL). + multimediaStreamworks - identifies streamworks. + multimediaH323 - identifies H323. + multimediaNetShow - identifies NetShow. + multimediaVDOLive - identifies vDOLive. + multimediaRealAV - identifies RealAV. + multimediaRTSP - identifies Real Time Streaming Protocol + dbOracle - identifies Oracle's SQL*Net. + dbMSsql - identifies MicroSoft SQL. + contInspProgLang - identifies a payload as a programming + language such as Java or ActiveX. + contInspUrl - identifies a payload as a URL. + directoryNis - identifies NIS, Network Information Service. + directoryDns - identifies DNS, Domain Name Service. + directoryNetbiosns - identifies NetBIOSNS - NetBIOS Name Service. + directoryNetbiosdgm - identifies NetBIOSNS - NetBIOS + datagram Service. + directoryNetbiosssn - identifies NetBIOSNS - NetBIOS + Session Service. + directoryWins - identifies Windows Internet Naming + Service (WINS). + qryWhois - identifies WhoIs service. + qryFinger - identifies finger. + qryIdent - identifies Ident. + fsNfsStatus - identifies Network File System (NFS) Status. + fsNfs - identifies Network File System (NFS). + fsCifs - identifies CIFS, Common Internet + File Service. + protoIcmp - identifies ICMP, Internet Control Message Protocol. + protoTcp - identifies TCP, Transmission Control Protocol. + protoUdp - identifies UDP, User Datagram Protocol. + protoIp - identifies IP, Internet Protocol. + protoSnmp - identifies SNMP, Simple Network Management Protocol." + + SYNTAX INTEGER { + otherFWService(1), + fileXferFtp(2), + fileXferTftp(3), + fileXferFtps(4), + loginTelnet(5), + loginRlogin(6), + loginTelnets(7), + remoteExecSunRPC(8), + remoteExecMSRPC(9), + remoteExecRsh(10), + remoteExecXserver(11), + webHttp(12), + webHttps(13), + mailSmtp(14), + multimediaStreamworks(15), + multimediaH323(16), + multimediaNetShow(17), + multimediaVDOLive(18), + multimediaRealAV(19), + multimediaRTSP(20), + dbOracle(21), + dbMSsql(22), + contInspProgLang(23), + contInspUrl(24), + directoryNis(25), + directoryDns(26), + directoryNetbiosns(27), + directoryNetbiosdgm(28), + directoryNetbiosssn(29), + directoryWins(30), + qryWhois(31), + qryFinger(32), + qryIdent(33), + fsNfsStatus(34), + fsNfs(35), + fsCifs(36), + protoIcmp(37), + protoTcp(38), + protoUdp(39), + protoIp(40), + protoSnmp(41) + } + +HardwareStatus ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various events + that are related to the resources on a firewall. + other : Generic resource event. + up : The resource is in service. + down : The resource is not in service. + error : There has been an error for this resource. + overTemp : The resource is overheating. + busy : The resource is busy. + noMedia : A device doesn't have its needed media. + backup : Processing has switched to the backup. + active : This is the active unit. + standby : This is the standby unit." + + SYNTAX INTEGER { + other(1), + up(2), + down(3), + error(4), + overTemp(5), + busy(6), + noMedia(7), + backup(8), + active(9), + standby(10) + } + +SecurityEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various + security-related events and statistics on a firewall. + + other : Generic attack event. + none : No attack is occurring, an informational + event. + dos : A denial of service attack has been detected. + recon : A pattern of reconnaissance activity has been + detected. + pakFwd : A packet forwarding attack has been detected. + addrSpoof : A spoofed address has been detected. + svcSpoof : A spoofed service (eg., DNS) has been detected. + thirdParty : This site is being used as a third-party for + an attack on another network. For example, the + 'smurf' attack or email spamming. + complete : An attack has terminated + invlPak : An invalid packet with attack characteristics + has been detected. + illegCmd : An illegal command has been found. + policy : An attempt has reen made to violate a security + policy." + + SYNTAX INTEGER { + other(1), + none(2), + dos(3), + recon(4), + pakFwd(5), + addrSpoof(6), + svcSpoof(7), + thirdParty(8), + complete(9), + invalPak(10), + illegCom(11), + policy(12) + } + +ContentInspectionEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Content inspection events, these events report that + something was found in the application payload. The + details entry in the event can report on what was + found (eg., virus, company private info., etc), what it + was found in (eg., html, win32 executable, e-mail), and + what was done with it (eg., the quarantine location). + + other : A content inspection event. Used to indicate + that some content inspection has occurred that + is not covered by the other content inspection + enumerations. + okay : The check of the content was okay, nothing 'bad' + was found. + error : There was an error while checking the content. + found : Something was found that the content inspection + engine has determined merits attention. + clean : The content inspection engine has found something + that violates the security policy and has + neutralized the content in the data flow. + reject : The content inspection engine has found something + that violates the security policy and has discarded + the content. + saved : The content inspection engine has found something + that violates the security policy and has stored + it in a quarentine storage area." + SYNTAX INTEGER { + other(1), + okay(2), + error(3), + found(4), + clean(5), + reject(6), + saved(7) + } + +ConnectionEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various events + and statistics that are related to the connections that + occur on a firewall. + + other : A generic connection event. + accept : A connection has been acccepted. + error : An error has occurred for a connection. + drop : The connection has been dropped. + close : A connection has been closed. + timeout : A connection has been timed out. + refused : A connection has been refused. + reset : A connection has been reset. + noResp : A connection has received no response." + SYNTAX INTEGER { + other(1), + accept(2), + error(3), + drop(4), + close(5), + timeout(6), + refused(7), + reset(8), + noResp(9) + } + +ConnectionStat ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various + connections statistics. + + other : A generic connection event. + totalOpen : Total open connections since reboot. + currentOpen : The number of connections currently open. + currentClosing : The number of connections currently closing. + currentHalfOpen : The number of connections currently half-open. + currentInUse : The number of connections currently in use. + high : The highest number of connections in use at + any one time since system startup." + SYNTAX INTEGER { + other(1), + totalOpen(2), + currentOpen(3), + currentClosing(4), + currentHalfOpen(5), + currentInUse(6), + high(7) + } + +AccessEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various events + and statistics that are related to the access control on a + firewall. + + other : Miscellaneous access event. + grant : A service has allowed access based on all + of its access checks. + deny : a client was denied use of a service. + denyMult : A client was denied use of a service + multiple times. + error : An error has ocurred during the access + control process." + SYNTAX INTEGER { + other(1), + grant(2), + deny(3), + denyMult(4), + error(5) + } + +AuthenticationEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various events + and statistics that are related to authorization. + + other : Miscellaneous authentication event. + succ : A client successfuly authenticated. + error : Error while authenticating. + fail : A client failed an authenticating. + succPriv : A client accessed a service with special + privileges. + failPriv : A client failed to access a service with + special privileges. + failMult : Multiple failed authentication attempts by + a client." + SYNTAX INTEGER { + other(1), + succ(2), + error(3), + fail(4), + succPriv(5), + failPriv(6), + failMult(7) + } + +GenericEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Generic Events - events for which there is no more specific + enumeration + abnormal : An abnormal event has occurred that is neither + 'okay' nor an 'error'. + okay : A normal event occurred or the system has changed + from an abnormal state to a normal state + error : An error event occurred" + SYNTAX INTEGER { + abnormal(1), + okay(2), + error(3) + } + +-- +-- The cfwBasicEventsGroup +-- +-- This group defines the table containing information that is +-- for every logged event on the firewall. The table is +-- defined along with one variable to obtain the index value of +-- the last row in the table. The table is indexed by the +-- integer-valued cfwBasicEventIndex which is assigned to events +-- in ascending chronological order, such that the oldest event +-- stored in the table has the numerically smallest value of +-- cfwBasicEventIndex." +-- +-- The index of the last row also indicates the total number +-- modulo 2**32 of events logged in the table since reboot. +-- Events are not retained across reboots. +-- + +cfwBasicEventsTableLastRow OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index value of the most recently created row + in the cfwBasicEventsTable. This number starts at + 1 and increase by one with each new log entry. When + this number wraps, all events are deleted." + ::= { cfwBasicEvents 1 } + +cfwBasicEventsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CfwBasicEventsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of basic data for firewall events. The agent + may choose to delete the instances of cfwBasicEventsEntry + as required because of lack of memory. The oldest Events + will be selected first for deletion." + ::= { cfwBasicEvents 2 } + +cfwBasicEventsEntry OBJECT-TYPE + SYNTAX CfwBasicEventsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing general information + about an event. This table will always be sparse, i.e., + each row will instanciate only a subet of the columnar + objects." + INDEX { cfwBasicEventIndex } + ::= { cfwBasicEventsTable 1 } + +CfwBasicEventsEntry ::= SEQUENCE { + cfwBasicEventIndex Unsigned32, + cfwBasicEventTime DateAndTime, + cfwBasicSecurityEventType SecurityEvent, + cfwBasicContentInspEventType ContentInspectionEvent, + cfwBasicConnectionEventType ConnectionEvent, + cfwBasicAccessEventType AccessEvent, + cfwBasicAuthenticationEventType AuthenticationEvent, + cfwBasicGenericEventType GenericEvent, + cfwBasicEventDescription SnmpAdminString, + cfwBasicEventDetailsTableRow RowPointer + } + +cfwBasicEventIndex OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the + log table. These indices are assigned beginning + with 1 and increase by one with each new event logged." + ::= { cfwBasicEventsEntry 1 } + +cfwBasicEventTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time that the event occurred." + ::= { cfwBasicEventsEntry 2 } + +cfwBasicSecurityEventType OBJECT-TYPE + SYNTAX SecurityEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of security-related event that this row contains. + If the event is not security-related this object will not + be instantiated." + ::= { cfwBasicEventsEntry 3 } + +cfwBasicContentInspEventType OBJECT-TYPE + SYNTAX ContentInspectionEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of content inspection-related event that this row + contains. If the event is not content inspection-related + this object will not be instantiated." + ::= { cfwBasicEventsEntry 4 } + +cfwBasicConnectionEventType OBJECT-TYPE + SYNTAX ConnectionEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of connection-related event that this row contains. + If the event is not connection-related this object will not + be instantiated." + ::= { cfwBasicEventsEntry 5 } + +cfwBasicAccessEventType OBJECT-TYPE + SYNTAX AccessEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of access-related event that this row contains. + If the event is not access-related this object will not be + instantiated." + ::= { cfwBasicEventsEntry 6 } + +cfwBasicAuthenticationEventType OBJECT-TYPE + SYNTAX AuthenticationEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of authentication-related event that this row + contains. If the event is not authentication-related this + object will not be instantiated." + ::= { cfwBasicEventsEntry 7 } + +cfwBasicGenericEventType OBJECT-TYPE + SYNTAX GenericEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of generic event that this row contains. If the + event does not fall into one of the other categories this + object will be populated. Otherwise, this object will not + be instantiated." + ::= { cfwBasicEventsEntry 8 } + +cfwBasicEventDescription OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A description of the event. The value of the object may + be a zero-length string." + ::= { cfwBasicEventsEntry 9 } + +cfwBasicEventDetailsTableRow OBJECT-TYPE + SYNTAX RowPointer + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A pointer to a row in the table containing details + about this event. Generally, the table will be the + cfwNetEventsTable but a Cisco-defined table may also + appear here. If there there is no more detailed + information for this event the value of this object + will have the value {0 0}." + ::= { cfwBasicEventsEntry 10 } + +-- +-- Network Events +-- +-- A details table with information related to network events +-- or events involving "users" of the firewall resources and services +-- (eg., traffic flows through the firewall or a user authenticating +-- to use a firewall service). + +cfwNetEventsTableLastRow OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index value of the last row in the + cfwNetEventsTable. This number starts at 1 and + increase by one with each new log entry. When this + number wraps, all events are deleted." + ::= { cfwNetEvents 1 } + +cfwNetEventsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CfwNetEventsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of detailed data for network events. The + agent may choose to delete the instances of + cfwBasicEventsEntry as required because of lack of + memory. It is an implementation-specific matter as + to when this deletion may occur. It is recommended + that the oldest log instances are deleted first." + ::= { cfwNetEvents 2} + +cfwNetEventsEntry OBJECT-TYPE + SYNTAX CfwNetEventsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing detailed information + about an event. Note that this table may be sparse. + If Network Address Translation is not enabled + cfwNetEventInsideSrcIpAddress and + cfwNetEventInsideDstIpAddress will not be instantiated + in the row. If Port Address Translation is not enabled + cfwNetEventInsideSrcIpPort and + cfwNetEventInsideDstIpPort will not be instantiated + in the row. Entries are added to this table at the + same time that events are added to the cfwBasicEventsTable. + These two tables may be configured to be different + sizes so there may not be a one-to-one correspondence + between rows in the two tables." + INDEX { cfwNetEventIndex } + ::= { cfwNetEventsTable 1 } + + +CfwNetEventsEntry ::= SEQUENCE { + cfwNetEventIndex Unsigned32, + cfwNetEventInterface InterfaceIndexOrZero, + cfwNetEventSrcIpAddress IpAddress, + cfwNetEventInsideSrcIpAddress IpAddress, + cfwNetEventDstIpAddress IpAddress, + cfwNetEventInsideDstIpAddress IpAddress, + cfwNetEventSrcIpPort INTEGER, + cfwNetEventInsideSrcIpPort INTEGER, + cfwNetEventDstIpPort INTEGER, + cfwNetEventInsideDstIpPort INTEGER, + cfwNetEventService Services, + cfwNetEventServiceInformation SnmpAdminString, + cfwNetEventIdentity SnmpAdminString, + cfwNetEventDescription SnmpAdminString + } + +cfwNetEventIndex OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the + log table. These indices are assigned beginning with + one and increase by one with each new log entry. When + this number wraps, all events are deleted in order to + allow the NMS to differentiate between old and new + events." + ::= { cfwNetEventsEntry 1 } + +cfwNetEventInterface OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The interface most closely associated with this event. + For example, for an event that relates to the receipt of + a packet, this object identifies the interface on which + the packet was received. If there are multiple interfaces + associated with an event, the interface most closely + associated with the cause of the event will be used. + For example, for an event for the setup of a TCP + connection, the interface on the initiator's side + of the connection would be preferred. If there is no + associated interface, then this object has the value zero." + ::= { cfwNetEventsEntry 2 } + +cfwNetEventSrcIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Source IP address in the IP packet that caused the + event. If there is no packet associated with the + event this object has the value of zero. If the event is + the result of multiple packets with different source + addresses, this value may be zero or an address taken + from an arbitrarily chosen packet in the sequence of + packets causing the event." + ::= { cfwNetEventsEntry 3 } + +cfwNetEventInsideSrcIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Source IP address after Network Address Translation + has been applied. If NAT has not been applied to the + source address in this packet this object will not + be instantiated, resulting in a sparse table. If the + event is the result of multiple packets with different + source addresses, this value may be zero or an address + taken from an arbitrarily chosen packet in the sequence + of packets causing the event." + ::= { cfwNetEventsEntry 4 } + +cfwNetEventDstIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Destination IP address in the IP packet that caused + the event. If there is no packet associated with + the event this object has the value of zero. If the event + is the result of multiple packets with different destination + addresses, this value may be zero or an address taken + from an arbitrarily chosen packet in the sequence of + packets causing the event." + ::= { cfwNetEventsEntry 5 } + +cfwNetEventInsideDstIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Destination IP address after Network Address Translation + has been applied. If NAT has not been applied to the + destination address in this packet this object will not + be instantiated, resulting in a sparse table. If the event + is the result of multiple packets with different destination + addresses, this value may be zero or an address taken + from an arbitrarily chosen packet in the sequence of + packets causing the event." + ::= { cfwNetEventsEntry 6 } + +cfwNetEventSrcIpPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Source UDP/TCP port in the IP packet that caused + the event. If there is no packet associated with the + event this object has the value of zero. If the event + is the result of multiple packets with different source + ports, this value may be zero or a port taken from an + arbitrarily chosen packet in the sequence of packets + causing the event." + ::= { cfwNetEventsEntry 7 } + + +cfwNetEventInsideSrcIpPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Source UDP/TCP port after Port Address Translation + has been applied. If PAT has not been applied to the + source port in this packet this object will not be + instantiated, resulting in a sparse table. If the + event is the result of multiple packets with different + source ports, this value may be zero or a port taken + from an arbitrarily chosen packet in the sequence of + packets causing the event." + ::= { cfwNetEventsEntry 8 } + +cfwNetEventDstIpPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Destination UDP/TCP port in the IP packet that caused + the event. If there is no packet associated with the + event this object has the value of zero. If the event is + the result of multiple packets with different destination + ports, this value may be zero or a port taken from an + arbitrarily chosen packet in the sequence of packets + causing the event." + ::= { cfwNetEventsEntry 9 } + +cfwNetEventInsideDstIpPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Destination UDP/TCP port after Port Address Translation + has been applied. If PAT has not been applied to the + Destination port in this packet this object will not be + instantiated, resulting in a sparse table. If the event + is the result of multiple packets with different + destination ports, this value may be zero or a port + taken from an arbitrarily chosen packet in the sequence + of packets causing the event." + ::= { cfwNetEventsEntry 10 } + +cfwNetEventService OBJECT-TYPE + SYNTAX Services + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The identification of the type of service involved + with this event." + ::= { cfwNetEventsEntry 11 } + +cfwNetEventServiceInformation OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Specific service information. This can be used to + describe the particular service indentified by + cfwNetEventService and can reflect whether the service + is a local service or a gateway service. For example, + if the value for cfwNetEventService is loginTelnet + then the string provided might be 'local telnet'." + ::= { cfwNetEventsEntry 12 } + +cfwNetEventIdentity OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object will contain a description of the entity that + caused the event. The entity could be a userid, username, + processid or other identifier for the entity using the service. + If there is no such information then this object will contain + a zero-length string." + ::= { cfwNetEventsEntry 13 } + +cfwNetEventDescription OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A detailed description of the event." + ::= { cfwNetEventsEntry 14 } + +-- The cfwHardwareStatus +-- +-- The resource information related queries, this table is for +-- providing the status of the resources on the firewall. Resources +-- can include hardware or software modules on the firewall. + +cfwHardwareStatusTable OBJECT-TYPE + SYNTAX SEQUENCE OF CfwHardwareStatusEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of firewall cfwHardwareStatusEntry entries." + ::= { cfwStatus 1 } + +cfwHardwareStatusEntry OBJECT-TYPE + SYNTAX CfwHardwareStatusEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing status information + about a resource." + INDEX { cfwHardwareType } + ::= { cfwHardwareStatusTable 1 } + +CfwHardwareStatusEntry ::= SEQUENCE { + cfwHardwareType Hardware, + cfwHardwareInformation SnmpAdminString, + cfwHardwareStatusValue HardwareStatus, + cfwHardwareStatusDetail SnmpAdminString + } + +cfwHardwareType OBJECT-TYPE + SYNTAX Hardware + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The hardware type for which this row provides + status information." + ::= { cfwHardwareStatusEntry 1 } + +cfwHardwareInformation OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A detailed textual description of the resource + identified by cfwHardwareType." + ::= { cfwHardwareStatusEntry 2 } + +cfwHardwareStatusValue OBJECT-TYPE + SYNTAX HardwareStatus + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object contains the current status of the resource." + ::= { cfwHardwareStatusEntry 3 } + +cfwHardwareStatusDetail OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A detailed textual description of the current status of + the resource which may provide a more specific description + than cfwHardwareStatusValue." + ::= { cfwHardwareStatusEntry 4 } + +-- The cfwBufferStatistics +-- +-- This table is for providing the statistics for the buffers +-- on the firewall. + +cfwBufferStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CfwBufferStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table conatining status information about a firewall's + buffers." + ::= { cfwStatistics 1 } + +cfwBufferStatsEntry OBJECT-TYPE + SYNTAX CfwBufferStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing status information + about a particular statistic for the set of buffers + of a particular size." + INDEX { cfwBufferStatSize, cfwBufferStatType } + ::= { cfwBufferStatsTable 1 } + +CfwBufferStatsEntry ::= SEQUENCE { + cfwBufferStatSize Unsigned32, + cfwBufferStatType ResourceStatistics, + cfwBufferStatInformation SnmpAdminString, + cfwBufferStatValue Gauge32 + } + +cfwBufferStatSize OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This object contains the size of the set of buffers + for which this row contains the statistics given by + cfwBufferStatType." + ::= { cfwBufferStatsEntry 1 } + +cfwBufferStatType OBJECT-TYPE + SYNTAX ResourceStatistics + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This object identifies the type of statistic given by + this row for the particular set of buffers identified by + cfwBufferStatSize." + ::= { cfwBufferStatsEntry 2 } + +cfwBufferStatInformation OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A detailed textual description of the statistic + identified by cfwBufferStatType." + ::= { cfwBufferStatsEntry 3 } + +cfwBufferStatValue OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the buffer statistic." + ::= { cfwBufferStatsEntry 4 } + +-- +-- The Firewall Connection Statistics Table +-- +-- This table can be used to provide the statistics for firewall +-- connection events or services. These "connections" can be +-- connections in a loose sense of the word - a UDP transaction +-- would qualify as a connection if the firewall maintains +-- state information to monitor the packets traversing the firewall +-- for this "connection". A uni-directional UDP "connection" could be +-- described as being "half-open" by a value of 'halfOpen' in +-- cfwConnectionStatType. +-- +-- This table contains multiple rows for each service to which the +-- statistic applies. +-- + +cfwConnectionStatTable OBJECT-TYPE + SYNTAX SEQUENCE OF CfwConnectionStatEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of firewall statistic instances." + ::= { cfwStatistics 2 } + +cfwConnectionStatEntry OBJECT-TYPE + SYNTAX CfwConnectionStatEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing information about a + firewall statistic." + INDEX { cfwConnectionStatService, cfwConnectionStatType } + ::= { cfwConnectionStatTable 1 } + +CfwConnectionStatEntry ::= SEQUENCE { + cfwConnectionStatService Services, + cfwConnectionStatType ConnectionStat, + cfwConnectionStatDescription SnmpAdminString, + cfwConnectionStatCount Counter32, + cfwConnectionStatValue Gauge32 + } + +cfwConnectionStatService OBJECT-TYPE + SYNTAX Services + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The identification of the type of connection providing + statistics." + ::= { cfwConnectionStatEntry 1 } + +cfwConnectionStatType OBJECT-TYPE + SYNTAX ConnectionStat + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The state of the connections that this row contains + statistics for." + ::= { cfwConnectionStatEntry 2 } + +cfwConnectionStatDescription OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A detailed textual description of this statistic." + ::= { cfwConnectionStatEntry 3 } + +cfwConnectionStatCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an integer that contains the value of the + resource statistic. If a type of 'gauge' is more + appropriate this object will be omitted resulting + in a sparse table." + ::= { cfwConnectionStatEntry 4 } + +cfwConnectionStatValue OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an integer that contains the value of the + resource statistic. If a type of 'counter' is more + appropriate this object will be omitted resulting + in a sparse table." + ::= { cfwConnectionStatEntry 5 } + + +-- Notifications + +ciscoFirewallMIBNotificationPrefix OBJECT IDENTIFIER ::= + { ciscoFirewallMIB 2 } +ciscoFirewallMIBNotifications OBJECT IDENTIFIER ::= + { ciscoFirewallMIBNotificationPrefix 0 } + +cfwSecurityNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicSecurityEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used for events involving security + events. The included objects provide more detailed + information about the event." + ::= { ciscoFirewallMIBNotifications 2 } + +cfwContentInspectNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicContentInspEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used to notify the NMS of content + inspection events. The included objects provide more + detailed information about the event." + ::= { ciscoFirewallMIBNotifications 3 } + +cfwConnNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicConnectionEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used to notify the NMS of + connection-oriented events. The included objects provide + more detailed information about the event." + ::= { ciscoFirewallMIBNotifications 4 } + +cfwAccessNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicAccessEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used to notify the NMS of access + events. The included objects provide more detailed + information about the event." + ::= { ciscoFirewallMIBNotifications 5 } + +cfwAuthNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicAuthenticationEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used to notify the NMS of + authentication events. The included objects provide + more detailed information about the event." + ::= { ciscoFirewallMIBNotifications 6 } + +cfwGenericNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicGenericEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used to notify the NMS of events + that do not fall into the other categories. The included + objects provide more detailed information about the event." + ::= { ciscoFirewallMIBNotifications 7 } + + +-- Conformance + +ciscoFirewallMIBConformance OBJECT IDENTIFIER ::= { ciscoFirewallMIB 3 } +ciscoFirewallMIBCompliances OBJECT IDENTIFIER ::= + { ciscoFirewallMIBConformance 1 } +ciscoFirewallMIBGroups OBJECT IDENTIFIER ::= + { ciscoFirewallMIBConformance 2 } + +-- Conformance + +ciscoFirewallMIBCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for entities which implement + the Cisco FirewallMIB." + MODULE -- this module + MANDATORY-GROUPS { ciscoFirewallMIBStatisticsGroup } + ::= { ciscoFirewallMIBCompliances 1 } + +ciscoFirewallMIBComplianceRev1 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which implement + the Cisco FirewallMIB." + MODULE -- this module + MANDATORY-GROUPS { ciscoFirewallMIBStatisticsGroup } + + GROUP ciscoFirewallMIBEventsGroup + DESCRIPTION + "Implementation of these objects is not required." + GROUP ciscoFirewallMIBNotificationGroupRev1 + DESCRIPTION + "Implementation of these notifications is not required." + + ::= { ciscoFirewallMIBCompliances 2 } + +-- Units of Conformance + +ciscoFirewallMIBEventsGroup OBJECT-GROUP + OBJECTS { + cfwBasicEventsTableLastRow, + cfwBasicEventTime, + cfwBasicSecurityEventType, + cfwBasicContentInspEventType, + cfwBasicConnectionEventType, + cfwBasicAccessEventType, + cfwBasicAuthenticationEventType, + cfwBasicGenericEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow, + cfwNetEventsTableLastRow, + cfwNetEventInterface, + cfwNetEventSrcIpAddress, + cfwNetEventInsideSrcIpAddress, + cfwNetEventDstIpAddress, + cfwNetEventInsideDstIpAddress, + cfwNetEventSrcIpPort, + cfwNetEventInsideSrcIpPort, + cfwNetEventDstIpPort, + cfwNetEventInsideDstIpPort, + cfwNetEventService, + cfwNetEventServiceInformation, + cfwNetEventIdentity, + cfwNetEventDescription + } + STATUS current + DESCRIPTION + "Firewall events" + ::= { ciscoFirewallMIBGroups 1 } + +ciscoFirewallMIBStatisticsGroup OBJECT-GROUP + OBJECTS { + cfwHardwareInformation, + cfwHardwareStatusValue, + cfwHardwareStatusDetail, + cfwBufferStatInformation, + cfwBufferStatValue, + cfwConnectionStatDescription, + cfwConnectionStatCount, + cfwConnectionStatValue + } + STATUS current + DESCRIPTION + "Firewall statistics" + ::= { ciscoFirewallMIBGroups 2 } + +ciscoFirewallMIBNotificationGroup OBJECT-GROUP + OBJECTS { + cfwBasicEventTime, + cfwBasicSecurityEventType, + cfwBasicContentInspEventType, + cfwBasicConnectionEventType, + cfwBasicAccessEventType, + cfwBasicAuthenticationEventType, + cfwBasicGenericEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS obsolete + DESCRIPTION + "Firewall Notifications" + ::= { ciscoFirewallMIBGroups 3 } + +ciscoFirewallMIBNotificationGroupRev1 NOTIFICATION-GROUP + NOTIFICATIONS { + cfwSecurityNotification, + cfwContentInspectNotification, + cfwConnNotification, + cfwAccessNotification, + cfwAuthNotification, + cfwGenericNotification + } + STATUS current + DESCRIPTION + "Firewall Notifications" + ::= { ciscoFirewallMIBGroups 4 } + +END + diff --git a/mibs/CISCO-IPSEC-FLOW-MONITOR-MIB.my b/mibs/CISCO-IPSEC-FLOW-MONITOR-MIB.my new file mode 100644 index 0000000000..bda06d6c29 --- /dev/null +++ b/mibs/CISCO-IPSEC-FLOW-MONITOR-MIB.my @@ -0,0 +1,5881 @@ +-- *------------------------------------------------------------------ +-- * CISCO-IPSEC-FLOW-MONITOR-MIB.my: IPSec Flow Monitoring MIB. +-- * +-- * April 2000, S Ramakrishnan +-- * +-- * Copyright (c) 2000, 2004, 2007 by Cisco Systems Inc. +-- * All rights reserved. +-- * +-- *------------------------------------------------------------------ + +CISCO-IPSEC-FLOW-MONITOR-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, + OBJECT-TYPE, + NOTIFICATION-TYPE, + Counter32, + Counter64, + Gauge32, + Integer32, + Unsigned32 + FROM SNMPv2-SMI + MODULE-COMPLIANCE, + OBJECT-GROUP, + NOTIFICATION-GROUP + FROM SNMPv2-CONF + TEXTUAL-CONVENTION, + DisplayString, + TimeStamp, + TimeInterval, + TruthValue + FROM SNMPv2-TC + cmgwIndex + FROM CISCO-MEDIA-GATEWAY-MIB + ciscoMgmt + FROM CISCO-SMI; + + +ciscoIpSecFlowMonitorMIB MODULE-IDENTITY + LAST-UPDATED "200710240000Z" + ORGANIZATION "Tivoli Systems and Cisco Systems" + CONTACT-INFO + "Tivoli Systems + Research Triangle Park, NC + + Cisco Systems + 170 W Tasman Drive + San Jose, CA 95134 + USA + + Tel: +1 800 553-NETS + E-mail: cs-ipsecurity@cisco.com" + DESCRIPTION + "This is a MIB Module for monitoring the + structures in IPSec-based Virtual Private Networks. + The MIB has been designed to be adopted as an IETF + standard. Hence Cisco-specific features of IPSec + protocol are excluded from this MIB. + + Acronyms + The following acronyms are used in this document: + + IPSec: Secure IP Protocol + + VPN: Virtual Private Network + + ISAKMP: Internet Security Association and Key Exchange + Protocol + + IKE: Internet Key Exchange Protocol + + SA: Security Association + + MM: Main Mode - the process of setting up + a Phase 1 SA to secure the exchanges + required to setup Phase 2 SAs + + QM: Quick Mode - the process of setting up + Phase 2 Security Associations using + a Phase 1 SA. + + + Overview of IPsec MIB + + The MIB contains six major groups of objects which are + used to manage the IPSec Protocol. These groups include + a Levels Group, a Phase-1 Group, a Phase-2 Group, + a History Group, a Failure Group and a TRAP Control Group. + The following table illustrates the structure of the + IPSec MIB. + + The Phase 1 group models objects pertaining to + IKE negotiations and tunnels. + + The Phase 2 group models objects pertaining to + IPSec data tunnels. + + The History group is to aid applications that do + trending analysis. + + The Failure group is to enable an operator to + do troubleshooting and debugging of the VPN Router. + Further, counters are supported to aid Intrusion + Detection. + + In addition to the five major MIB Groups, there are + a number of Notifications. The following table + illustrates the name and description of the + IPSec TRAPs. + + For a detailed discussion, please refer to the IETF + draft draft-ietf-ipsec-flow-monitoring-mib-00.txt." + REVISION "200710240000Z" + DESCRIPTION + "In the description of cipSecTunHistHcInDecompOctets, + cipSecTunHcInOctets has been changed to + cipSecTunHistHcInOctets. + + In the description of cipSecTunHistOutUncompOctets, + cipSecTunOutOctets has been changed to + cipSecTunHistOutOctets. + + In the description of cipSecTunHistHcOutUncompOctets, + cipSecTunHcOutOctets has been changed to + cipSecTunHistHcOutOctets. + + In the description of cipSecTunHistInDecompOctets, + cipSecTunInOctets has been changed to + cipSecTunHistInOctets." + REVISION "200410120000Z" + DESCRIPTION + "Added two table for media gateway stats + information: + cikePhase1GWStatsTable (phase-1 IKE) + cipSecPhase2GWStatsTable (phase-2 IPsec)" + REVISION "200010131800Z" + DESCRIPTION + "Changed cipSecSpiValue to Unsigned32. + Changed Protocol ranges to + start at 0 instead of 1. + Removed comment(s) incorrectly indicating + this MIB was CiscoExperiment." + REVISION "200008171259Z" + DESCRIPTION + "Initial version of this MIB module." + ::= { ciscoMgmt 171 } + + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++ +-- Local Textual Conventions +-- +++++++++++++++++++++++++++++++++++++++++++++++++++ + +IPSIpAddress ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "An IP V4 or V6 Address." + SYNTAX OCTET STRING (SIZE (4 | 16)) + +-- IP V4 or V6 Address + +IkePeerType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The type of IPsec Phase-1 IKE peer identity. + The IKE peer may be identified by: + 1. an IP address, or + 2. a host name." + SYNTAX INTEGER { + ipAddrPeer(1), + namePeer(2) + } + +IkeNegoMode ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The IPsec Phase-1 IKE negotiation mode." + SYNTAX INTEGER { + main(1), + aggressive(2) + } + +IkeHashAlgo ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The hash algorithm used in IPsec Phase-1 + IKE negotiations." + SYNTAX INTEGER { + none(1), + md5(2), + sha(3) + } + +IkeAuthMethod ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The authentication method used in IPsec Phase-1 IKE + negotiations." + SYNTAX INTEGER { + none(1), + preSharedKey(2), + rsaSig(3), + rsaEncrypt(4), + revPublicKey(5) + } + +DiffHellmanGrp ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The Diffie Hellman Group used in negotiations." + SYNTAX INTEGER { + none(1), + dhGroup1(2), + dhGroup2(3) + } + +KeyType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The type of key used by an IPsec Phase-2 Tunnel." + SYNTAX INTEGER { + ike(1), + manual(2) + } + +EncapMode ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The encapsulation mode used by an IPsec Phase-2 + Tunnel." + SYNTAX INTEGER { + tunnel(1), + transport(2) + } + +EncryptAlgo ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The encryption algorithm used in negotiations." + SYNTAX INTEGER { + none(1), + des(2), + des3(3) + } + +AuthAlgo ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The authentication algorithm used by a + security association of an IPsec Phase-2 Tunnel." + SYNTAX INTEGER { + none(1), + hmacMd5(2), + hmacSha(3) + } + +CompAlgo ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The compression algorithm used by a + security association of an IPsec Phase-2 Tunnel." + SYNTAX INTEGER { + none(1), + ldf(2) + } + +EndPtType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The type of identity use to specify an IPsec End Point." + SYNTAX INTEGER { + singleIpAddr(1), + ipAddrRange(2), + ipSubnet(3) + } + +TunnelStatus ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The status of a Tunnel. Objects of this type may + be used to bring the tunnel down by setting + value of this object to destroy(2). Objects of this + type cannot be used to create a Tunnel." + SYNTAX INTEGER { + active(1), + destroy(2) + } + +TrapStatus ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The administrative status for sending a TRAP." + SYNTAX INTEGER { + enabled(1), + disabled(2) + } +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- IPsec MIB Object Groups +-- +-- This MIB module contains the following groups: +-- 1) IPsec Levels Group +-- 2) IPsec Phase-1 Group +-- 3) IPsec Phase-2 Group +-- 4) IPsec History Group +-- 5) IPsec Failure Group +-- 6) IPsec TRAP Control Group +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecMIBObjects OBJECT IDENTIFIER + ::= { ciscoIpSecFlowMonitorMIB 1 } + +cipSecLevels OBJECT IDENTIFIER + ::= { cipSecMIBObjects 1 } + +cipSecPhaseOne OBJECT IDENTIFIER + ::= { cipSecMIBObjects 2 } + +cipSecPhaseTwo OBJECT IDENTIFIER + ::= { cipSecMIBObjects 3 } + +cipSecHistory OBJECT IDENTIFIER + ::= { cipSecMIBObjects 4 } + +cipSecFailures OBJECT IDENTIFIER + ::= { cipSecMIBObjects 5 } + +cipSecTrapCntl OBJECT IDENTIFIER + ::= { cipSecMIBObjects 6 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- IPsec Levels Group +-- +-- This group consists of a: +-- 1) IPsec MIB Level +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecMibLevel OBJECT-TYPE + SYNTAX Integer32 (1..4096 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The level of the IPsec MIB." + ::= { cipSecLevels 1 } +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-1 Internet Key Exchange (IKE) Group +-- +-- This group consists of: +-- 1) IPsec Phase-1 Global Statistics +-- 2) IPsec Phase-1 Peer Table +-- 3) IPsec Phase-1 Tunnel Table +-- 4) IPsec Phase-1 Correlation Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-1 Global Statistics +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cikeGlobalStats OBJECT IDENTIFIER + ::= { cipSecPhaseOne 1 } + + +cikeGlobalActiveTunnels OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of currently active IPsec + Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 1 } + +cikeGlobalPreviousTunnels OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of previously active + IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 2 } + +cikeGlobalInOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received by all currently + and previously active IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 3 } + +cikeGlobalInPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received by all + currently and previously active IPsec + Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 4 } + +cikeGlobalInDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets which were + dropped during receive processing by all + currently and previously + active IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 5 } + +cikeGlobalInNotifys OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of notifys received by + all currently and previously active IPsec + Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 6 } + +cikeGlobalInP2Exchgs OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + received by all currently and previously + active IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 7 } + +cikeGlobalInP2ExchgInvalids OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + which were received and found to be invalid + by all currently and previously active IPsec + Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 8 } + +cikeGlobalInP2ExchgRejects OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + which were received and rejected by all + currently and previously active IPsec Phase-1 + IKE Tunnels." + ::= { cikeGlobalStats 9 } + +cikeGlobalInP2SaDelRequests OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 security + association delete requests received by all + currently and previously + active and IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 10 } + +cikeGlobalOutOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets sent by all currently + and previously active and IPsec Phase-1 + IKE Tunnels." + ::= { cikeGlobalStats 11 } + +cikeGlobalOutPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets sent by all currently + and previously active and IPsec Phase-1 + Tunnels." + ::= { cikeGlobalStats 12 } + +cikeGlobalOutDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets which were dropped + during send processing by all currently + and previously + active IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 13 } + +cikeGlobalOutNotifys OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of notifys sent by all currently + and previously active IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 14 } + +cikeGlobalOutP2Exchgs OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + which were sent by all currently and previously + active IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 15 } + +cikeGlobalOutP2ExchgInvalids OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + which were sent and found to be invalid by + all currently and previously active IPsec Phase-1 + Tunnels." + ::= { cikeGlobalStats 16 } + +cikeGlobalOutP2ExchgRejects OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + which were sent and rejected by all currently and + previously active IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 17 } + +cikeGlobalOutP2SaDelRequests OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 SA + delete requests sent by all currently and + previously active IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 18 } + +cikeGlobalInitTunnels OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-1 IKE + Tunnels which were locally initiated." + ::= { cikeGlobalStats 19 } + +cikeGlobalInitTunnelFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-1 IKE Tunnels + which were locally initiated and failed to activate." + ::= { cikeGlobalStats 20 } + +cikeGlobalRespTunnelFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-1 IKE Tunnels + which were remotely initiated and failed to activate." + ::= { cikeGlobalStats 21 } + +cikeGlobalSysCapFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of system capacity failures + which occurred during processing of all current + and previously active IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 22 } + +cikeGlobalAuthFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of authentications which ended + in failure by all current and previous IPsec Phase-1 + IKE Tunnels." + ::= { cikeGlobalStats 23 } + +cikeGlobalDecryptFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of decryptions which ended + in failure by all current and previous IPsec Phase-1 + IKE Tunnels." + ::= { cikeGlobalStats 24 } + +cikeGlobalHashValidFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of hash validations which ended + in failure by all current and previous IPsec Phase-1 + IKE Tunnels." + ::= { cikeGlobalStats 25 } + +cikeGlobalNoSaFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of non-existent Security Association + in failures which occurred during processing of + all current and previous IPsec Phase-1 IKE Tunnels." + ::= { cikeGlobalStats 26 } +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-1 Internet Key Exchange Peer Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cikePeerTable OBJECT-TYPE + SYNTAX SEQUENCE OF CikePeerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-1 Internet Key Exchange Peer Table. + There is one entry in this table for each IPsec + Phase-1 IKE peer association which is currently + associated with an active IPsec Phase-1 Tunnel. + The IPsec Phase-1 IKE Tunnel associated with this + IPsec Phase-1 IKE peer association may or may not + be currently active." + ::= { cipSecPhaseOne 2 } + +cikePeerEntry OBJECT-TYPE + SYNTAX CikePeerEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes associated + with an IPsec Phase-1 IKE peer association." + INDEX { + cikePeerLocalType, + cikePeerLocalValue, + cikePeerRemoteType, + cikePeerRemoteValue, + cikePeerIntIndex + } + ::= { cikePeerTable 1 } + +CikePeerEntry ::= SEQUENCE { + cikePeerLocalType IkePeerType, + cikePeerLocalValue DisplayString, + cikePeerRemoteType IkePeerType, + cikePeerRemoteValue DisplayString, + cikePeerIntIndex Integer32, + cikePeerLocalAddr IPSIpAddress, + cikePeerRemoteAddr IPSIpAddress, + cikePeerActiveTime TimeInterval, + cikePeerActiveTunnelIndex Integer32 +} + +cikePeerLocalType OBJECT-TYPE + SYNTAX IkePeerType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The type of local peer identity. The local peer + may be identified by: + 1. an IP address, or + 2. a host name." + ::= { cikePeerEntry 1 } + +cikePeerLocalValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The value of the local peer identity. + + If the local peer type is an IP Address, then this + is the IP Address used to identify the local peer. + + If the local peer type is a host name, then this is + the host name used to identify the local peer." + ::= { cikePeerEntry 2 } + +cikePeerRemoteType OBJECT-TYPE + SYNTAX IkePeerType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The type of remote peer identity. The remote peer + may be identified by: + 1. an IP address, or + 2. a host name." + ::= { cikePeerEntry 3 } + +cikePeerRemoteValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The value of the remote peer identity. + + If the remote peer type is an IP Address, then this + is the IP Address used to identify the remote peer. + + If the remote peer type is a host name, then this is + the host name used to identify the remote peer." + ::= { cikePeerEntry 4 } + +cikePeerIntIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The internal index of the local-remote + peer association. This internal index is used + to uniquely identify multiple associations between + the local and remote peer." + ::= { cikePeerEntry 5 } + +cikePeerLocalAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the local peer." + ::= { cikePeerEntry 6 } + +cikePeerRemoteAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the remote peer." + ::= { cikePeerEntry 7 } + +cikePeerActiveTime OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The length of time that the peer association has + existed in hundredths of a second." + ::= { cikePeerEntry 8 } + +cikePeerActiveTunnelIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the active IPsec Phase-1 IKE Tunnel + (cikeTunIndex in the cikeTunnelTable) for this peer + association. If an IPsec Phase-1 IKE Tunnel is + not currently active, then the value of this + object will be zero." + ::= { cikePeerEntry 9 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-1 Internet Key Exchange Tunnel Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cikeTunnelTable OBJECT-TYPE + SYNTAX SEQUENCE OF CikeTunnelEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-1 Internet Key Exchange Tunnel Table. + There is one entry in this table for each active IPsec + Phase-1 IKE Tunnel." + ::= { cipSecPhaseOne 3 } + +cikeTunnelEntry OBJECT-TYPE + SYNTAX CikeTunnelEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes associated with + an active IPsec Phase-1 IKE Tunnel." + INDEX { cikeTunIndex } + ::= { cikeTunnelTable 1 } + +CikeTunnelEntry ::= SEQUENCE { + cikeTunIndex Integer32, + cikeTunLocalType IkePeerType, + cikeTunLocalValue DisplayString, + cikeTunLocalAddr IPSIpAddress, + cikeTunLocalName DisplayString, + cikeTunRemoteType IkePeerType, + cikeTunRemoteValue DisplayString, + cikeTunRemoteAddr IPSIpAddress, + cikeTunRemoteName DisplayString, + cikeTunNegoMode IkeNegoMode, + cikeTunDiffHellmanGrp DiffHellmanGrp, + cikeTunEncryptAlgo EncryptAlgo, + cikeTunHashAlgo IkeHashAlgo, + cikeTunAuthMethod IkeAuthMethod, + cikeTunLifeTime Integer32, + cikeTunActiveTime TimeInterval, + cikeTunSaRefreshThreshold Integer32, + cikeTunTotalRefreshes Counter32, + cikeTunInOctets Counter32, + cikeTunInPkts Counter32, + cikeTunInDropPkts Counter32, + cikeTunInNotifys Counter32, + cikeTunInP2Exchgs Counter32, + cikeTunInP2ExchgInvalids Counter32, + cikeTunInP2ExchgRejects Counter32, + cikeTunInP2SaDelRequests Counter32, + cikeTunOutOctets Counter32, + cikeTunOutPkts Counter32, + cikeTunOutDropPkts Counter32, + cikeTunOutNotifys Counter32, + cikeTunOutP2Exchgs Counter32, + cikeTunOutP2ExchgInvalids Counter32, + cikeTunOutP2ExchgRejects Counter32, + cikeTunOutP2SaDelRequests Counter32, + cikeTunStatus TunnelStatus +} + +cikeTunIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index of the IPsec Phase-1 IKE Tunnel Table. + The value of the index is a number which begins + at one and is incremented with each tunnel that + is created. The value of this object will + wrap at 2,147,483,647." + ::= { cikeTunnelEntry 1 } + +cikeTunLocalType OBJECT-TYPE + SYNTAX IkePeerType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of local peer identity. The local + peer may be identified by: + 1. an IP address, or + 2. a host name." + ::= { cikeTunnelEntry 2 } + +cikeTunLocalValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the local peer identity. + + If the local peer type is an IP Address, then this + is the IP Address used to identify the local peer. + + If the local peer type is a host name, then this is + the host name used to identify the local peer." + ::= { cikeTunnelEntry 3 } + +cikeTunLocalAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the local endpoint for the IPsec + Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 4 } + +cikeTunLocalName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The DNS name of the local IP address for + the IPsec Phase-1 IKE Tunnel. If the DNS + name associated with the local tunnel endpoint + is not known, then the value of this + object will be a NULL string." + ::= { cikeTunnelEntry 5 } + +cikeTunRemoteType OBJECT-TYPE + SYNTAX IkePeerType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of remote peer identity. + The remote peer may be identified by: + 1. an IP address, or + 2. a host name." + ::= { cikeTunnelEntry 6 } + +cikeTunRemoteValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the remote peer identity. + + If the remote peer type is an IP Address, then this + is the IP Address used to identify the remote peer. + + If the remote peer type is a host name, then + this is the host name used to identify the + remote peer." + ::= { cikeTunnelEntry 7 } + +cikeTunRemoteAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the remote endpoint for the IPsec + Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 8 } + +cikeTunRemoteName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The DNS name of the remote IP address of IPsec Phase-1 + IKE Tunnel. If the DNS name associated with the remote + tunnel endpoint is not known, then the value of this + object will be a NULL string." + ::= { cikeTunnelEntry 9 } + +cikeTunNegoMode OBJECT-TYPE + SYNTAX IkeNegoMode + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The negotiation mode of the IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 10 } + +cikeTunDiffHellmanGrp OBJECT-TYPE + SYNTAX DiffHellmanGrp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Diffie Hellman Group used in IPsec Phase-1 IKE + negotiations." + ::= { cikeTunnelEntry 11 } + +cikeTunEncryptAlgo OBJECT-TYPE + SYNTAX EncryptAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The encryption algorithm used in IPsec Phase-1 IKE + negotiations." + ::= { cikeTunnelEntry 12 } + +cikeTunHashAlgo OBJECT-TYPE + SYNTAX IkeHashAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The hash algorithm used in IPsec Phase-1 IKE + negotiations." + ::= { cikeTunnelEntry 13 } + +cikeTunAuthMethod OBJECT-TYPE + SYNTAX IkeAuthMethod + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The authentication method used in IPsec Phase-1 IKE + negotiations." + ::= { cikeTunnelEntry 14 } + +cikeTunLifeTime OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel + in seconds." + ::= { cikeTunnelEntry 15 } + +cikeTunActiveTime OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The length of time the IPsec Phase-1 IKE tunnel has been + active in hundredths of seconds." + ::= { cikeTunnelEntry 16 } + +cikeTunSaRefreshThreshold OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The security association refresh threshold in seconds." + ::= { cikeTunnelEntry 17 } + +cikeTunTotalRefreshes OBJECT-TYPE + SYNTAX Counter32 + UNITS "QM Exchanges" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of security associations + refreshes performed." + ::= { cikeTunnelEntry 18 } + +cikeTunInOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received by + this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 19 } + +cikeTunInPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received by + this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 20 } + +cikeTunInDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped + by this IPsec Phase-1 IKE Tunnel during + receive processing." + ::= { cikeTunnelEntry 21 } + +cikeTunInNotifys OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of notifys received by + this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 22 } + +cikeTunInP2Exchgs OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 + exchanges received by + this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 23 } + +cikeTunInP2ExchgInvalids OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 + exchanges received and found to be invalid + by this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 24 } + +cikeTunInP2ExchgRejects OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + received and rejected by this IPsec Phase-1 + Tunnel." + ::= { cikeTunnelEntry 25 } + +cikeTunInP2SaDelRequests OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 + security association delete requests received + by this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 26 } + +cikeTunOutOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets sent by this IPsec Phase-1 + IKE Tunnel." + ::= { cikeTunnelEntry 27 } + +cikeTunOutPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets sent by this IPsec Phase-1 + IKE Tunnel." + ::= { cikeTunnelEntry 28 } + +cikeTunOutDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped by this + IPsec Phase-1 IKE Tunnel during send processing." + ::= { cikeTunnelEntry 29 } + +cikeTunOutNotifys OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of notifys sent by this + IPsec Phase-1 Tunnel." + ::= { cikeTunnelEntry 30 } + +cikeTunOutP2Exchgs OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges sent by + this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 31 } + +cikeTunOutP2ExchgInvalids OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges sent and + found to be invalid by this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 32 } + +cikeTunOutP2ExchgRejects OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges sent and + rejected by this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 33 } + +cikeTunOutP2SaDelRequests OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 security association + delete requests sent by this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelEntry 34 } + +cikeTunStatus OBJECT-TYPE + SYNTAX TunnelStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The status of the MIB table row. + + This object can be used to bring the tunnel down + by setting value of this object to destroy(2). + + This object cannot be used to create + a MIB table row." + ::= { cikeTunnelEntry 35 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The Internet Key Exchange Peer Association to +-- Phase-2 Tunnel Correlation Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cikePeerCorrTable OBJECT-TYPE + SYNTAX SEQUENCE OF CikePeerCorrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-1 Internet Key Exchange Peer + Association to IPsec Phase-2 Tunnel + Correlation Table. There is one entry in + this table for each active IPsec Phase-2 + Tunnel." + ::= { cipSecPhaseOne 4 } + +cikePeerCorrEntry OBJECT-TYPE + SYNTAX CikePeerCorrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes of an + IPsec Phase-1 IKE Peer Association to IPsec + Phase-2 Tunnel Correlation." + INDEX { + cikePeerCorrLocalType, + cikePeerCorrLocalValue, + cikePeerCorrRemoteType, + cikePeerCorrRemoteValue, + cikePeerCorrIntIndex, + cikePeerCorrSeqNum + } + ::= { cikePeerCorrTable 1 } + +CikePeerCorrEntry ::= SEQUENCE { + cikePeerCorrLocalType IkePeerType, + cikePeerCorrLocalValue DisplayString, + cikePeerCorrRemoteType IkePeerType, + cikePeerCorrRemoteValue DisplayString, + cikePeerCorrIntIndex Integer32, + cikePeerCorrSeqNum Integer32, + cikePeerCorrIpSecTunIndex Integer32 +} + +cikePeerCorrLocalType OBJECT-TYPE + SYNTAX IkePeerType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The type of local peer identity. The local peer + may be identified by: + 1. an IP address, or + 2. a host name." + ::= { cikePeerCorrEntry 1 } + +cikePeerCorrLocalValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The value of the local peer identity. + + If the local peer type is an IP Address, then this + is the IP Address used to identify the local peer. + + If the local peer type is a host name, then this is + the host name used to identify the local peer." + ::= { cikePeerCorrEntry 2 } + +cikePeerCorrRemoteType OBJECT-TYPE + SYNTAX IkePeerType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The type of remote peer identity. The remote peer + may be identified by: + 1. an IP address, or + 2. a host name." + ::= { cikePeerCorrEntry 3 } + +cikePeerCorrRemoteValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The value of the remote peer identity. + + If the remote peer type is an IP Address, then this + is the IP Address used to identify the remote peer. + + If the remote peer type is a host name, then this is + the host name used to identify the remote peer." + ::= { cikePeerCorrEntry 4 } + +cikePeerCorrIntIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The internal index of the local-remote + peer association. This internal index is + used to uniquely identify multiple associations + between the local and remote peer." + ::= { cikePeerCorrEntry 5 } + +cikePeerCorrSeqNum OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The sequence number of the local-remote + peer association. This sequence number is + used to uniquely identify multiple instances + of an unique association between + the local and remote peer." + ::= { cikePeerCorrEntry 6 } + +cikePeerCorrIpSecTunIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the active IPsec Phase-2 Tunnel + (cipSecTunIndex in the cipSecTunnelTable) for this + IPsec Phase-1 IKE Peer Association." + ::= { cikePeerCorrEntry 7 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- +-- cikePhase1GWStatsTable +-- +-- Gateway Phase-1 IKE stats information +-- +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cikePhase1GWStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CikePhase1GWStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Phase-1 IKE stats information is included in this table. + Each entry is related to a specific gateway which is + identified by 'cmgwIndex'." + ::= { cipSecPhaseOne 5 } + +cikePhase1GWStatsEntry OBJECT-TYPE + SYNTAX CikePhase1GWStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes of an Phase-1 IKE stats + information for the related gateway. + + There is only one entry for each gateway. The entry + is created when a gateway up and cannot be deleted." + INDEX { cmgwIndex } + ::= { cikePhase1GWStatsTable 1 } + +CikePhase1GWStatsEntry ::= SEQUENCE { + cikePhase1GWActiveTunnels Gauge32, + cikePhase1GWPreviousTunnels Counter32, + cikePhase1GWInOctets Counter32, + cikePhase1GWInPkts Counter32, + cikePhase1GWInDropPkts Counter32, + cikePhase1GWInNotifys Counter32, + cikePhase1GWInP2Exchgs Counter32, + cikePhase1GWInP2ExchgInvalids Counter32, + cikePhase1GWInP2ExchgRejects Counter32, + cikePhase1GWInP2SaDelRequests Counter32, + cikePhase1GWOutOctets Counter32, + cikePhase1GWOutPkts Counter32, + cikePhase1GWOutDropPkts Counter32, + cikePhase1GWOutNotifys Counter32, + cikePhase1GWOutP2Exchgs Counter32, + cikePhase1GWOutP2ExchgInvalids Counter32, + cikePhase1GWOutP2ExchgRejects Counter32, + cikePhase1GWOutP2SaDelRequests Counter32, + cikePhase1GWInitTunnels Counter32, + cikePhase1GWInitTunnelFails Counter32, + cikePhase1GWRespTunnelFails Counter32, + cikePhase1GWSysCapFails Counter32, + cikePhase1GWAuthFails Counter32, + cikePhase1GWDecryptFails Counter32, + cikePhase1GWHashValidFails Counter32, + cikePhase1GWNoSaFails Counter32 +} + +cikePhase1GWActiveTunnels OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of currently active IPsec + Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 1 } + +cikePhase1GWPreviousTunnels OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of previously active + IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 2 } + +cikePhase1GWInOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received by all currently + and previously active IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 3 } + +cikePhase1GWInPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received by all + currently and previously active IPsec + Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 4 } + +cikePhase1GWInDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets which were + dropped during receive processing by all + currently and previously + active IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 5 } + +cikePhase1GWInNotifys OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of notifys received by + all currently and previously active IPsec + Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 6 } + +cikePhase1GWInP2Exchgs OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + received by all currently and previously + active IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 7 } + +cikePhase1GWInP2ExchgInvalids OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + which were received and found to be invalid + by all currently and previously active IPsec + Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 8 } + +cikePhase1GWInP2ExchgRejects OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + which were received and rejected by all + currently and previously active IPsec Phase-1 + IKE Tunnels." + ::= { cikePhase1GWStatsEntry 9 } + +cikePhase1GWInP2SaDelRequests OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 'Security + Association' delete requests received by all + currently and previously active and IPsec + Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 10 } + +cikePhase1GWOutOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets sent by all currently + and previously active and IPsec Phase-1 + IKE Tunnels." + ::= { cikePhase1GWStatsEntry 11 } + +cikePhase1GWOutPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets sent by all currently + and previously active and IPsec Phase-1 + Tunnels." + ::= { cikePhase1GWStatsEntry 12 } + +cikePhase1GWOutDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets which were dropped + during send processing by all currently + and previously + active IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 13 } + +cikePhase1GWOutNotifys OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of notifys sent by all currently + and previously active IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 14 } + +cikePhase1GWOutP2Exchgs OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + which were sent by all currently and previously + active IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 15 } + +cikePhase1GWOutP2ExchgInvalids OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + which were sent and found to be invalid by + all currently and previously active IPsec Phase-1 + Tunnels." + ::= { cikePhase1GWStatsEntry 16 } + +cikePhase1GWOutP2ExchgRejects OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges + which were sent and rejected by all currently and + previously active IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 17 } + +cikePhase1GWOutP2SaDelRequests OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 SA + delete requests sent by all currently and + previously active IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 18 } + +cikePhase1GWInitTunnels OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-1 IKE + Tunnels which were locally initiated." + ::= { cikePhase1GWStatsEntry 19 } + +cikePhase1GWInitTunnelFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-1 IKE Tunnels + which were locally initiated and failed to activate." + ::= { cikePhase1GWStatsEntry 20 } + +cikePhase1GWRespTunnelFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-1 IKE Tunnels + which were remotely initiated and failed to activate." + ::= { cikePhase1GWStatsEntry 21 } + +cikePhase1GWSysCapFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of system capacity failures + which occurred during processing of all current + and previously active IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 22 } + +cikePhase1GWAuthFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of authentications which ended + in failure by all current and previous IPsec Phase-1 + IKE Tunnels." + ::= { cikePhase1GWStatsEntry 23 } + +cikePhase1GWDecryptFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of decryptions which ended + in failure by all current and previous IPsec Phase-1 + IKE Tunnels." + ::= { cikePhase1GWStatsEntry 24 } + +cikePhase1GWHashValidFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of hash validations which ended + in failure by all current and previous IPsec Phase-1 + IKE Tunnels." + ::= { cikePhase1GWStatsEntry 25 } + +cikePhase1GWNoSaFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of non-existent 'Security Association' + failures occurred during processing of current and + previous IPsec Phase-1 IKE Tunnels." + ::= { cikePhase1GWStatsEntry 26 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- IPsec Phase-2 Group +-- +-- This group consists of: +-- 1) IPsec Phase-2 Global Statistics +-- 2) IPsec Phase-2 Tunnel Table +-- 3) IPsec Phase-2 Endpoint Table +-- 4) IPsec Phase-2 Security Protection Index Table +-- 4) IPsec Phase-2 Security Protection Index Objects +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-2 Global Tunnel Statistics +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecGlobalStats OBJECT IDENTIFIER + ::= { cipSecPhaseTwo 1 } + + +cipSecGlobalActiveTunnels OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of currently active + IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 1 } + +cipSecGlobalPreviousTunnels OBJECT-TYPE + SYNTAX Counter32 + UNITS "Phase-2 Tunnels" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of previously active + IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 2 } + +cipSecGlobalInOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received by all + current and previous IPsec Phase-2 Tunnels. + This value is + accumulated BEFORE determining whether or not + the packet should be decompressed. See also + cipSecGlobalInOctWraps for the number of times + this counter has wrapped." + ::= { cipSecGlobalStats 3 } + +cipSecGlobalHcInOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number of + octets received by all current and previous + IPsec Phase-2 Tunnels. This value is accumulated + BEFORE determining whether or not the packet + should be decompressed." + ::= { cipSecGlobalStats 4 } + +cipSecGlobalInOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the global octets received + counter (cipSecGlobalInOctets) has wrapped." + ::= { cipSecGlobalStats 5 } + +cipSecGlobalInDecompOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of decompressed octets received + by all current and previous IPsec Phase-2 Tunnels. + This value is accumulated AFTER the packet is + decompressed. If compression is not being used, + this value will match the value of cipSecGlobalInOctets. + See also cipSecGlobalInDecompOctWraps + for the number of times this counter has wrapped." + ::= { cipSecGlobalStats 6 } + +cipSecGlobalHcInDecompOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number + of decompressed octets received by all current + and previous IPsec Phase-2 Tunnels. This value + is accumulated AFTER the packet is decompressed. + If compression is not being used, this value + will match the value of cipSecGlobalHcInOctets." + ::= { cipSecGlobalStats 7 } + +cipSecGlobalInDecompOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the global decompressed + octets received counter + (cipSecGlobalInDecompOctets) has wrapped." + ::= { cipSecGlobalStats 8 } + +cipSecGlobalInPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received + by all current and previous + IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 9 } + +cipSecGlobalInDrops OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped + during receive processing by all current and previous + IPsec Phase-2 Tunnels. This count does + NOT include packets dropped due to + Anti-Replay processing." + ::= { cipSecGlobalStats 10 } + +cipSecGlobalInReplayDrops OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped during + receive processing due to Anti-Replay + processing by all current and previous IPsec + Phase-2 Tunnels." + ::= { cipSecGlobalStats 11 } + +cipSecGlobalInAuths OBJECT-TYPE + SYNTAX Counter32 + UNITS "Events" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound authentication's + performed by all current and previous IPsec + Phase-2 Tunnels." + ::= { cipSecGlobalStats 12 } + +cipSecGlobalInAuthFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound authentication's + which ended in failure by all current and previous + IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 13 } + +cipSecGlobalInDecrypts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound decryption's + performed by all current and previous IPsec + Phase-2 Tunnels." + ::= { cipSecGlobalStats 14 } + +cipSecGlobalInDecryptFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound decryption's + which ended in failure by all current and + previous IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 15 } + +cipSecGlobalOutOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets sent by all + current and previous IPsec Phase-2 Tunnels. + This value is accumulated AFTER determining + whether or not the packet should be compressed. + See also cipSecGlobalOutOctWraps for the + number of times this counter has wrapped." + ::= { cipSecGlobalStats 16 } + +cipSecGlobalHcOutOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number + of octets sent by all current and previous + IPsec Phase-2 Tunnels. This value is accumulated + AFTER determining whether or not the packet should + be compressed." + ::= { cipSecGlobalStats 17 } + +cipSecGlobalOutOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the global octets sent counter + (cipSecGlobalOutOctets) has wrapped." + ::= { cipSecGlobalStats 18 } + +cipSecGlobalOutUncompOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of uncompressed octets sent + by all current and previous IPsec Phase-2 Tunnels. + This value is accumulated BEFORE the packet is + compressed. If compression is not being used, this + value will match the value of cipSecGlobalOutOctets. + See also cipSecGlobalOutDecompOctWraps for the number + of times this counter has wrapped." + ::= { cipSecGlobalStats 19 } + +cipSecGlobalHcOutUncompOctets OBJECT-TYPE + SYNTAX Counter64 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number of + uncompressed octets sent by all current and previous + IPsec Phase-2 Tunnels. This value is accumulated + BEFORE the packet is compressed. If compression is + not being used, this value will match the + value of cipSecGlobalHcOutOctets." + ::= { cipSecGlobalStats 20 } + +cipSecGlobalOutUncompOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the global uncompressed + octets sent counter (cipSecGlobalOutUncompOctets) + has wrapped." + ::= { cipSecGlobalStats 21 } + +cipSecGlobalOutPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets sent by all + current and previous + IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 22 } + +cipSecGlobalOutDrops OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped during send + processing by all current and previous IPsec + Phase-2 Tunnels." + ::= { cipSecGlobalStats 23 } + +cipSecGlobalOutAuths OBJECT-TYPE + SYNTAX Counter32 + UNITS "Events" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound authentication's + performed by all current and previous IPsec + Phase-2 Tunnels." + ::= { cipSecGlobalStats 24 } + +cipSecGlobalOutAuthFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound authentication's + which ended in failure + by all current and previous IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 25 } + +cipSecGlobalOutEncrypts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound encryption's performed + by all current and previous IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 26 } + +cipSecGlobalOutEncryptFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound encryption's + which ended in failure by all current and + previous IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 27 } + +cipSecGlobalProtocolUseFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of protocol use failures + which occurred during processing of all current + and previously active IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 28 } + +cipSecGlobalNoSaFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of non-existent + Security Association in failures which occurred + during processing of all current + and previous IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 29 } + +cipSecGlobalSysCapFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of system capacity failures + which occurred during processing of all current + and previously active IPsec Phase-2 Tunnels." + ::= { cipSecGlobalStats 30 } +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-2 Tunnel Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecTunnelTable OBJECT-TYPE + SYNTAX SEQUENCE OF CipSecTunnelEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-2 Tunnel Table. + There is one entry in this table for + each active IPsec Phase-2 Tunnel." + ::= { cipSecPhaseTwo 2 } + +cipSecTunnelEntry OBJECT-TYPE + SYNTAX CipSecTunnelEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes + associated with an active IPsec Phase-2 Tunnel." + INDEX { cipSecTunIndex } + ::= { cipSecTunnelTable 1 } + +CipSecTunnelEntry ::= SEQUENCE { + cipSecTunIndex Integer32, + cipSecTunIkeTunnelIndex Integer32, + cipSecTunIkeTunnelAlive TruthValue, + cipSecTunLocalAddr IPSIpAddress, + cipSecTunRemoteAddr IPSIpAddress, + cipSecTunKeyType KeyType, + cipSecTunEncapMode EncapMode, + cipSecTunLifeSize Integer32, + cipSecTunLifeTime Integer32, + cipSecTunActiveTime TimeInterval, + cipSecTunSaLifeSizeThreshold Integer32, + cipSecTunSaLifeTimeThreshold Integer32, + cipSecTunTotalRefreshes Counter32, + cipSecTunExpiredSaInstances Counter32, + cipSecTunCurrentSaInstances Gauge32, + cipSecTunInSaDiffHellmanGrp DiffHellmanGrp, + cipSecTunInSaEncryptAlgo EncryptAlgo, + cipSecTunInSaAhAuthAlgo AuthAlgo, + cipSecTunInSaEspAuthAlgo AuthAlgo, + cipSecTunInSaDecompAlgo CompAlgo, + cipSecTunOutSaDiffHellmanGrp DiffHellmanGrp, + cipSecTunOutSaEncryptAlgo EncryptAlgo, + cipSecTunOutSaAhAuthAlgo AuthAlgo, + cipSecTunOutSaEspAuthAlgo AuthAlgo, + cipSecTunOutSaCompAlgo CompAlgo, + cipSecTunInOctets Counter32, + cipSecTunHcInOctets Counter64, + cipSecTunInOctWraps Counter32, + cipSecTunInDecompOctets Counter32, + cipSecTunHcInDecompOctets Counter64, + cipSecTunInDecompOctWraps Counter32, + cipSecTunInPkts Counter32, + cipSecTunInDropPkts Counter32, + cipSecTunInReplayDropPkts Counter32, + cipSecTunInAuths Counter32, + cipSecTunInAuthFails Counter32, + cipSecTunInDecrypts Counter32, + cipSecTunInDecryptFails Counter32, + cipSecTunOutOctets Counter32, + cipSecTunHcOutOctets Counter64, + cipSecTunOutOctWraps Counter32, + cipSecTunOutUncompOctets Counter32, + cipSecTunHcOutUncompOctets Counter64, + cipSecTunOutUncompOctWraps Counter32, + cipSecTunOutPkts Counter32, + cipSecTunOutDropPkts Counter32, + cipSecTunOutAuths Counter32, + cipSecTunOutAuthFails Counter32, + cipSecTunOutEncrypts Counter32, + cipSecTunOutEncryptFails Counter32, + cipSecTunStatus TunnelStatus +} + +cipSecTunIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index of the IPsec Phase-2 Tunnel Table. + The value of the index is a number which begins + at one and is incremented with each tunnel that + is created. The value of this object will wrap + at 2,147,483,647." + ::= { cipSecTunnelEntry 1 } + +cipSecTunIkeTunnelIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the associated IPsec Phase-1 + IKE Tunnel. + (cikeTunIndex in the cikeTunnelTable)" + ::= { cipSecTunnelEntry 2 } + +cipSecTunIkeTunnelAlive OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An indicator which specifies whether or not the + IPsec Phase-1 IKE Tunnel currently exists." + ::= { cipSecTunnelEntry 3 } + +cipSecTunLocalAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the local endpoint for the IPsec + Phase-2 Tunnel." + ::= { cipSecTunnelEntry 4 } + +cipSecTunRemoteAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the remote endpoint for the IPsec + Phase-2 Tunnel." + ::= { cipSecTunnelEntry 5 } + +cipSecTunKeyType OBJECT-TYPE + SYNTAX KeyType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of key used by the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 6 } + +cipSecTunEncapMode OBJECT-TYPE + SYNTAX EncapMode + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The encapsulation mode used by the + IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 7 } + +cipSecTunLifeSize OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + UNITS "KBytes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The negotiated LifeSize of the + IPsec Phase-2 Tunnel in kilobytes." + ::= { cipSecTunnelEntry 8 } + +cipSecTunLifeTime OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + UNITS "Seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The negotiated LifeTime of the + IPsec Phase-2 Tunnel in seconds." + ::= { cipSecTunnelEntry 9 } + +cipSecTunActiveTime OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The length of time the IPsec Phase-2 + Tunnel has been + active in hundredths of seconds." + ::= { cipSecTunnelEntry 10 } + +cipSecTunSaLifeSizeThreshold OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + UNITS "KBytes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The security association LifeSize refresh + threshold in kilobytes." + ::= { cipSecTunnelEntry 11 } + +cipSecTunSaLifeTimeThreshold OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + UNITS "Seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The security association LifeTime refresh + threshold in seconds." + ::= { cipSecTunnelEntry 12 } + +cipSecTunTotalRefreshes OBJECT-TYPE + SYNTAX Counter32 + UNITS "QM Exchanges" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of security + association refreshes performed." + ::= { cipSecTunnelEntry 13 } + +cipSecTunExpiredSaInstances OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of security associations + which have expired." + ::= { cipSecTunnelEntry 14 } + +cipSecTunCurrentSaInstances OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of security associations + which are currently active or expiring." + ::= { cipSecTunnelEntry 15 } + +cipSecTunInSaDiffHellmanGrp OBJECT-TYPE + SYNTAX DiffHellmanGrp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Diffie Hellman Group used + by the inbound security association of the + IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 16 } + +cipSecTunInSaEncryptAlgo OBJECT-TYPE + SYNTAX EncryptAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The encryption algorithm used by the inbound security + association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 17 } + +cipSecTunInSaAhAuthAlgo OBJECT-TYPE + SYNTAX AuthAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The authentication algorithm used by the inbound + authentication header (AH) security association of + the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 18 } + +cipSecTunInSaEspAuthAlgo OBJECT-TYPE + SYNTAX AuthAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The authentication algorithm used by the inbound + encapsulation security protocol (ESP) security + association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 19 } + +cipSecTunInSaDecompAlgo OBJECT-TYPE + SYNTAX CompAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The decompression algorithm used by the inbound + security association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 20 } + +cipSecTunOutSaDiffHellmanGrp OBJECT-TYPE + SYNTAX DiffHellmanGrp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Diffie Hellman Group used by the outbound security + association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 21 } + +cipSecTunOutSaEncryptAlgo OBJECT-TYPE + SYNTAX EncryptAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The encryption algorithm used by the outbound security + association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 22 } + +cipSecTunOutSaAhAuthAlgo OBJECT-TYPE + SYNTAX AuthAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The authentication algorithm used by the outbound + authentication header (AH) security association of + the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 23 } + +cipSecTunOutSaEspAuthAlgo OBJECT-TYPE + SYNTAX AuthAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The authentication algorithm used by the inbound + encapsulation security protocol (ESP) + security association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 24 } + +cipSecTunOutSaCompAlgo OBJECT-TYPE + SYNTAX CompAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The compression algorithm used by the inbound + security association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 25 } + +cipSecTunInOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received by this IPsec + Phase-2 Tunnel. This value is accumulated + BEFORE determining whether or not the packet should be + decompressed. See also cipSecTunInOctWraps for the + number of times this counter has wrapped." + ::= { cipSecTunnelEntry 26 } + +cipSecTunHcInOctets OBJECT-TYPE + SYNTAX Counter64 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number of octets + received by this IPsec Phase-2 Tunnel. This value is + accumulated BEFORE determining whether or not the packet + should be decompressed." + ::= { cipSecTunnelEntry 27 } + +cipSecTunInOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the octets received counter + (cipSecTunInOctets) has wrapped." + ::= { cipSecTunnelEntry 28 } + +cipSecTunInDecompOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of decompressed octets received + by this IPsec Phase-2 Tunnel. This value is + accumulated AFTER the packet is decompressed. + If compression is not being + used, this value will match the value of + cipSecTunInOctets. See also cipSecTunInDecompOctWraps + for the number of times + this counter has wrapped." + ::= { cipSecTunnelEntry 29 } + +cipSecTunHcInDecompOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number of decompressed + octets received by this IPsec Phase-2 Tunnel. This value + is accumulated AFTER the packet is decompressed. If + compression is not being used, this value will match the + value of cipSecTunHcInOctets." + ::= { cipSecTunnelEntry 30 } + +cipSecTunInDecompOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the decompressed + octets received counter + (cipSecTunInDecompOctets) has wrapped." + ::= { cipSecTunnelEntry 31 } + +cipSecTunInPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 32 } + +cipSecTunInDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped + during receive processing by this IPsec Phase-2 + Tunnel. This count does NOT include + packets dropped due to Anti-Replay processing." + ::= { cipSecTunnelEntry 33 } + +cipSecTunInReplayDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped during + receive processing due to Anti-Replay processing + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 34 } + +cipSecTunInAuths OBJECT-TYPE + SYNTAX Counter32 + UNITS "Events" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound + authentication's performed by this + IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 35 } + +cipSecTunInAuthFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound authentication's + which ended in + failure by this IPsec Phase-2 Tunnel ." + ::= { cipSecTunnelEntry 36 } + +cipSecTunInDecrypts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound decryption's performed + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 37 } + +cipSecTunInDecryptFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound decryption's + which ended in failure + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 38 } + +cipSecTunOutOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets sent by this IPsec + Phase-2 Tunnel. This value is accumulated + AFTER determining whether or not the packet should + be compressed. See also cipSecTunOutOctWraps for + the number of times this counter has wrapped." + ::= { cipSecTunnelEntry 39 } + +cipSecTunHcOutOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number of octets + sent by this IPsec Phase-2 Tunnel. This value is + accumulated AFTER determining whether or not the + packet + should be compressed." + ::= { cipSecTunnelEntry 40 } + +cipSecTunOutOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the out octets counter + (cipSecTunOutOctets) has wrapped." + ::= { cipSecTunnelEntry 41 } + +cipSecTunOutUncompOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of uncompressed octets sent + by this IPsec Phase-2 Tunnel. This value + is accumulated BEFORE the packet is compressed. + If compression is not being used, this value + will match the value of cipSecTunOutOctets. + See also cipSecTunOutDecompOctWraps for the + number of times this counter has wrapped." + ::= { cipSecTunnelEntry 42 } + +cipSecTunHcOutUncompOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number + of uncompressed octets sent by this IPsec + Phase-2 Tunnel. This value is accumulated BEFORE + the packet is compressed. If compression + is not being used, this value will match the value + of cipSecTunHcOutOctets." + ::= { cipSecTunnelEntry 43 } + +cipSecTunOutUncompOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the uncompressed octets sent + counter (cipSecTunOutUncompOctets) has wrapped." + ::= { cipSecTunnelEntry 44 } + +cipSecTunOutPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets sent by this + IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 45 } + +cipSecTunOutDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped during + send processing by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 46 } + +cipSecTunOutAuths OBJECT-TYPE + SYNTAX Counter32 + UNITS "Events" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound authentication's performed + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 47 } + +cipSecTunOutAuthFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound + authentication's which ended in failure + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 48 } + +cipSecTunOutEncrypts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound encryption's performed + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 49 } + +cipSecTunOutEncryptFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound encryption's + which ended in failure by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelEntry 50 } + +cipSecTunStatus OBJECT-TYPE + SYNTAX TunnelStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The status of the MIB table row. + + This object can be used to bring the tunnel down + by setting value of this object to destroy(2). + When the value is set to destroy(2), the SA + bundle is destroyed and this row is deleted + from this table. + + When this MIB value is queried, the value of + active(1) is always returned, if the instance + exists. + + This object cannot be used to create a MIB + table row." + ::= { cipSecTunnelEntry 51 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-2 Tunnel Endpoint Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecEndPtTable OBJECT-TYPE + SYNTAX SEQUENCE OF CipSecEndPtEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-2 Tunnel Endpoint Table. + This table contains an entry for each + active endpoint associated with an IPsec + Phase-2 Tunnel." + ::= { cipSecPhaseTwo 3 } + +cipSecEndPtEntry OBJECT-TYPE + SYNTAX CipSecEndPtEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An IPsec Phase-2 Tunnel Endpoint entry." + INDEX { + cipSecTunIndex, + cipSecEndPtIndex + } + ::= { cipSecEndPtTable 1 } + +CipSecEndPtEntry ::= SEQUENCE { + cipSecEndPtIndex Integer32, + cipSecEndPtLocalName DisplayString, + cipSecEndPtLocalType EndPtType, + cipSecEndPtLocalAddr1 IPSIpAddress, + cipSecEndPtLocalAddr2 IPSIpAddress, + cipSecEndPtLocalProtocol Integer32, + cipSecEndPtLocalPort Integer32, + cipSecEndPtRemoteName DisplayString, + cipSecEndPtRemoteType EndPtType, + cipSecEndPtRemoteAddr1 IPSIpAddress, + cipSecEndPtRemoteAddr2 IPSIpAddress, + cipSecEndPtRemoteProtocol Integer32, + cipSecEndPtRemotePort Integer32 +} + +cipSecEndPtIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The number of the Endpoint associated with the + IPsec Phase-2 Tunnel Table. The value of this + index is a number which begins at one and + is incremented with each Endpoint associated + with an IPsec Phase-2 Tunnel. + The value of this object will wrap at 2,147,483,647." + ::= { cipSecEndPtEntry 1 } + +cipSecEndPtLocalName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The DNS name of the local Endpoint." + ::= { cipSecEndPtEntry 2 } + +cipSecEndPtLocalType OBJECT-TYPE + SYNTAX EndPtType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of identity for the local Endpoint. + Possible values are: + 1) a single IP address, or + 2) an IP address range, or + 3) an IP subnet." + ::= { cipSecEndPtEntry 3 } + +cipSecEndPtLocalAddr1 OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local Endpoint's first IP address specification. + + If the local Endpoint type is single IP address, + then this is the value of the IP address. + + If the local Endpoint type is IP subnet, then this + is the value of the subnet. + + If the local Endpoint type is IP address range, + then this is the value of beginning IP address + of the range." + ::= { cipSecEndPtEntry 4 } + +cipSecEndPtLocalAddr2 OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local Endpoint's second IP address specification. + + If the local Endpoint type is single IP address, + then this is the value of the IP address. + + If the local Endpoint type is IP subnet, then this + is the value of the subnet mask. + + If the local Endpoint type is IP address range, + then this is the value of ending IP address + of the range." + ::= { cipSecEndPtEntry 5 } + +cipSecEndPtLocalProtocol OBJECT-TYPE + SYNTAX Integer32 (0..255 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The protocol number of the local Endpoint's traffic." + ::= { cipSecEndPtEntry 6 } + +cipSecEndPtLocalPort OBJECT-TYPE + SYNTAX Integer32 (0..65535 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The port number of the local Endpoint's traffic." + ::= { cipSecEndPtEntry 7 } + +cipSecEndPtRemoteName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The DNS name of the remote Endpoint." + ::= { cipSecEndPtEntry 8 } + +cipSecEndPtRemoteType OBJECT-TYPE + SYNTAX EndPtType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of identity for the remote Endpoint. + Possible values are: + 1) a single IP address, or + 2) an IP address range, or + 3) an IP subnet." + ::= { cipSecEndPtEntry 9 } + +cipSecEndPtRemoteAddr1 OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remote Endpoint's first IP address specification. + + If the remote Endpoint type is single IP address, + then this is the value of the IP address. + + If the remote Endpoint type is IP subnet, then this + is the value of the subnet. + + If the remote Endpoint type is IP address range, + then this is the value of beginning IP address + of the range." + ::= { cipSecEndPtEntry 10 } + +cipSecEndPtRemoteAddr2 OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remote Endpoint's second IP address specification. + + If the remote Endpoint type is single IP address, + then this is the value of the IP address. + + If the remote Endpoint type is IP subnet, then this + is the value of the subnet mask. + + If the remote Endpoint type is IP address range, + then this is the value of ending IP address of + the range." + ::= { cipSecEndPtEntry 11 } + +cipSecEndPtRemoteProtocol OBJECT-TYPE + SYNTAX Integer32 (0..255 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The protocol number of the remote Endpoint's traffic." + ::= { cipSecEndPtEntry 12 } + +cipSecEndPtRemotePort OBJECT-TYPE + SYNTAX Integer32 (0..65535 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The port number of the remote Endpoint's traffic." + ::= { cipSecEndPtEntry 13 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-2 Security Protection Index Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecSpiTable OBJECT-TYPE + SYNTAX SEQUENCE OF CipSecSpiEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-2 Security Protection Index Table. + This table contains an entry for each active + and expiring security + association." + ::= { cipSecPhaseTwo 4 } + +cipSecSpiEntry OBJECT-TYPE + SYNTAX CipSecSpiEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes associated with + active and expiring IPsec Phase-2 + security associations." + INDEX { + cipSecTunIndex, + cipSecSpiIndex + } + ::= { cipSecSpiTable 1 } + +CipSecSpiEntry ::= SEQUENCE { + cipSecSpiIndex Integer32, + cipSecSpiDirection INTEGER , + cipSecSpiValue Unsigned32, + cipSecSpiProtocol INTEGER , + cipSecSpiStatus INTEGER +} + +cipSecSpiIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The number of the SPI associated with the + Phase-2 Tunnel Table. The value of this + index is a number which begins at one and is + incremented with each SPI associated with an + IPsec Phase-2 Tunnel. The value of this + object will wrap at 2,147,483,647." + ::= { cipSecSpiEntry 1 } + +cipSecSpiDirection OBJECT-TYPE + SYNTAX INTEGER { + in(1), + out(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The direction of the SPI." + ::= { cipSecSpiEntry 2 } + +cipSecSpiValue OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the SPI." + ::= { cipSecSpiEntry 3 } + +cipSecSpiProtocol OBJECT-TYPE + SYNTAX INTEGER { + ah(1), + esp(2), + ipcomp(3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The protocol of the SPI." + ::= { cipSecSpiEntry 4 } + +cipSecSpiStatus OBJECT-TYPE + SYNTAX INTEGER { + active(1), + expiring(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The status of the SPI." + ::= { cipSecSpiEntry 5 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- +-- cipSecPhase2GWStatsTable +-- +-- Gateway Phase-2 IPsec stats information +-- +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecPhase2GWStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CipSecPhase2GWStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Phase-2 IPsec stats information is included in this table. + Each entry is related to a specific gateway which is + identified by 'cmgwIndex'" + ::= { cipSecPhaseTwo 5 } + +cipSecPhase2GWStatsEntry OBJECT-TYPE + SYNTAX CipSecPhase2GWStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes of an Phase-2 IPsec stats + information for the related gateway. + + There is only one entry for each gateway. The entry + is created when a gateway up and cannot be deleted." + INDEX { cmgwIndex } + ::= { cipSecPhase2GWStatsTable 1 } + +CipSecPhase2GWStatsEntry ::= SEQUENCE { + cipSecPhase2GWActiveTunnels Gauge32, + cipSecPhase2GWPreviousTunnels Counter32, + cipSecPhase2GWInOctets Counter32, + cipSecPhase2GWInOctWraps Counter32, + cipSecPhase2GWInDecompOctets Counter32, + cipSecPhase2GWInDecompOctWraps Counter32, + cipSecPhase2GWInPkts Counter32, + cipSecPhase2GWInDrops Counter32, + cipSecPhase2GWInReplayDrops Counter32, + cipSecPhase2GWInAuths Counter32, + cipSecPhase2GWInAuthFails Counter32, + cipSecPhase2GWInDecrypts Counter32, + cipSecPhase2GWInDecryptFails Counter32, + cipSecPhase2GWOutOctets Counter32, + cipSecPhase2GWOutOctWraps Counter32, + cipSecPhase2GWOutUncompOctets Counter32, + cipSecPhase2GWOutUncompOctWraps Counter32, + cipSecPhase2GWOutPkts Counter32, + cipSecPhase2GWOutDrops Counter32, + cipSecPhase2GWOutAuths Counter32, + cipSecPhase2GWOutAuthFails Counter32, + cipSecPhase2GWOutEncrypts Counter32, + cipSecPhase2GWOutEncryptFails Counter32, + cipSecPhase2GWProtocolUseFails Counter32, + cipSecPhase2GWNoSaFails Counter32, + cipSecPhase2GWSysCapFails Counter32 +} + +cipSecPhase2GWActiveTunnels OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of currently active + IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 1 } + +cipSecPhase2GWPreviousTunnels OBJECT-TYPE + SYNTAX Counter32 + UNITS "Phase-2 Tunnels" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of previously active + IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 2 } + +cipSecPhase2GWInOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received by all + current and previous IPsec Phase-2 Tunnels. + This value is accumulated BEFORE determining + whether or not the packet should be decompressed. + See also cipSecGlobalInOctWraps for the number + of times this counter has wrapped." + ::= { cipSecPhase2GWStatsEntry 3 } + +cipSecPhase2GWInOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the global octets received + counter (cipSecGlobalInOctets) has wrapped." + ::= { cipSecPhase2GWStatsEntry 4 } + +cipSecPhase2GWInDecompOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of decompressed octets received + by all current and previous IPsec Phase-2 Tunnels. + This value is accumulated AFTER the packet is + decompressed. If compression is not being used, + this value will match the value of cipSecGlobalInOctets. + See also cipSecGlobalInDecompOctWraps + for the number of times this counter has wrapped." + ::= { cipSecPhase2GWStatsEntry 5 } + +cipSecPhase2GWInDecompOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the global decompressed + octets received counter (cipSecGlobalInDecompOctets) + has wrapped." + ::= { cipSecPhase2GWStatsEntry 6 } + +cipSecPhase2GWInPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received + by all current and previous IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 7 } + +cipSecPhase2GWInDrops OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped + during receive processing by all current and previous + IPsec Phase-2 Tunnels. This count does NOT include + packets dropped due to Anti-Replay processing." + ::= { cipSecPhase2GWStatsEntry 8 } + +cipSecPhase2GWInReplayDrops OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped during + receive processing due to Anti-Replay + processing by all current and previous IPsec + Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 9 } + +cipSecPhase2GWInAuths OBJECT-TYPE + SYNTAX Counter32 + UNITS "Events" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound authentication's + performed by all current and previous IPsec + Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 10 } + +cipSecPhase2GWInAuthFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound authentication's + which ended in failure by all current and previous + IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 11 } + +cipSecPhase2GWInDecrypts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound decryption's + performed by all current and previous IPsec + Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 12 } + +cipSecPhase2GWInDecryptFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound decryption's + which ended in failure by all current and + previous IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 13 } + +cipSecPhase2GWOutOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets sent by all + current and previous IPsec Phase-2 Tunnels. + This value is accumulated AFTER determining + whether or not the packet should be compressed. + See also cipSecGlobalOutOctWraps for the + number of times this counter has wrapped." + ::= { cipSecPhase2GWStatsEntry 14 } + +cipSecPhase2GWOutOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the global octets sent counter + (cipSecGlobalOutOctets) has wrapped." + ::= { cipSecPhase2GWStatsEntry 15 } + +cipSecPhase2GWOutUncompOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of uncompressed octets sent + by all current and previous IPsec Phase-2 Tunnels. + This value is accumulated BEFORE the packet is + compressed. If compression is not being used, this + value will match the value of cipSecGlobalOutOctets. + See also cipSecGlobalOutDecompOctWraps for the number + of times this counter has wrapped." + ::= { cipSecPhase2GWStatsEntry 16 } + +cipSecPhase2GWOutUncompOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the global uncompressed + octets sent counter (cipSecGlobalOutUncompOctets) + has wrapped." + ::= { cipSecPhase2GWStatsEntry 17 } + +cipSecPhase2GWOutPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets sent by all + current and previous IPsec Phase-2 + Tunnels." + ::= { cipSecPhase2GWStatsEntry 18 } + +cipSecPhase2GWOutDrops OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped during send + processing by all current and previous IPsec + Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 19 } + +cipSecPhase2GWOutAuths OBJECT-TYPE + SYNTAX Counter32 + UNITS "Events" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound authentication's + performed by all current and previous IPsec + Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 20 } + +cipSecPhase2GWOutAuthFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound authentication's + which ended in failure + by all current and previous IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 21 } + +cipSecPhase2GWOutEncrypts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound encryption's performed + by all current and previous IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 22 } + +cipSecPhase2GWOutEncryptFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound encryption's + which ended in failure by all current and + previous IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 23 } + +cipSecPhase2GWProtocolUseFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of protocol use failures + which occurred during processing of all current + and previously active IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 24 } + +cipSecPhase2GWNoSaFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of non-existent + Security Association in failures which occurred + during processing of all current + and previous IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 25 } + +cipSecPhase2GWSysCapFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of system capacity failures + which occurred during processing of all current + and previously active IPsec Phase-2 Tunnels." + ::= { cipSecPhase2GWStatsEntry 26 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec History Group +-- +-- This group consists of a: +-- 1) IPsec History Global Objects +-- 2) IPsec Phase-1 History Objects +-- 3) IPsec Phase-2 History Objects +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecHistGlobal OBJECT IDENTIFIER + ::= { cipSecHistory 1 } + +cipSecHistPhaseOne OBJECT IDENTIFIER + ::= { cipSecHistory 2 } + +cipSecHistPhaseTwo OBJECT IDENTIFIER + ::= { cipSecHistory 3 } + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- IPsec History Global Control Objects +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecHistGlobalCntl OBJECT IDENTIFIER + ::= { cipSecHistGlobal 1 } + + +cipSecHistTableSize OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The window size of the IPsec Phase-1 and Phase-2 + History Tables. + + The IPsec Phase-1 and Phase-2 History Tables are + implemented as a sliding window in which only the + last n entries are maintained. This object is used + specify the number of entries which will be + maintained in the IPsec Phase-1 and + Phase-2 History Tables. + + An implementation may choose suitable minimum and + maximum values for this element based on the local + policy and available resources. If an SNMP SET request + specifies a value outside this window for this element, + a BAD VALUE may be returned." + ::= { cipSecHistGlobalCntl 1 } + +cipSecHistCheckPoint OBJECT-TYPE + SYNTAX INTEGER { + ready(1), + checkPoint(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The current state of check point processing. + + This object will return ready when the agent is + ready to create on-demand history entries for + active IPsec Tunnels or checkPoint when the + agent is currently creating on-demand history + entries for active IPsec Tunnels. + + By setting this value to checkPoint, the agent + will create: + a) an entry in the IPsec Phase-1 Tunnel History + for each active IPsec Phase-1 Tunnel and + b) an entry in the IPsec Phase-2 Tunnel History + Table and an entry in the IPsec Phase-2 + Tunnel EndPoint History Table + for each active IPsec Phase-2 Tunnel." + ::= { cipSecHistGlobalCntl 2 } +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-1 Tunnel History Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cikeTunnelHistTable OBJECT-TYPE + SYNTAX SEQUENCE OF CikeTunnelHistEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-1 Internet Key Exchange Tunnel + History Table. This table is implemented as a + sliding window in which only the last n entries + are maintained. The maximum number of entries + is specified by the cipSecHistTableSize object." + ::= { cipSecHistPhaseOne 1 } + +cikeTunnelHistEntry OBJECT-TYPE + SYNTAX CikeTunnelHistEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes + associated with a previously active IPsec + Phase-1 IKE Tunnel." + INDEX { cikeTunHistIndex } + ::= { cikeTunnelHistTable 1 } + +CikeTunnelHistEntry ::= SEQUENCE { + cikeTunHistIndex Integer32, + cikeTunHistTermReason INTEGER , + cikeTunHistActiveIndex Integer32, + cikeTunHistPeerLocalType IkePeerType, + cikeTunHistPeerLocalValue DisplayString, + cikeTunHistPeerIntIndex Integer32, + cikeTunHistPeerRemoteType IkePeerType, + cikeTunHistPeerRemoteValue DisplayString, + cikeTunHistLocalAddr IPSIpAddress, + cikeTunHistLocalName DisplayString, + cikeTunHistRemoteAddr IPSIpAddress, + cikeTunHistRemoteName DisplayString, + cikeTunHistNegoMode IkeNegoMode, + cikeTunHistDiffHellmanGrp DiffHellmanGrp, + cikeTunHistEncryptAlgo EncryptAlgo, + cikeTunHistHashAlgo IkeHashAlgo, + cikeTunHistAuthMethod IkeAuthMethod, + cikeTunHistLifeTime Integer32, + cikeTunHistStartTime TimeStamp, + cikeTunHistActiveTime TimeInterval, + cikeTunHistTotalRefreshes Counter32, + cikeTunHistTotalSas Counter32, + cikeTunHistInOctets Counter32, + cikeTunHistInPkts Counter32, + cikeTunHistInDropPkts Counter32, + cikeTunHistInNotifys Counter32, + cikeTunHistInP2Exchgs Counter32, + cikeTunHistInP2ExchgInvalids Counter32, + cikeTunHistInP2ExchgRejects Counter32, + cikeTunHistInP2SaDelRequests Counter32, + cikeTunHistOutOctets Counter32, + cikeTunHistOutPkts Counter32, + cikeTunHistOutDropPkts Counter32, + cikeTunHistOutNotifys Counter32, + cikeTunHistOutP2Exchgs Counter32, + cikeTunHistOutP2ExchgInvalids Counter32, + cikeTunHistOutP2ExchgRejects Counter32, + cikeTunHistOutP2SaDelRequests Counter32 +} + +cikeTunHistIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index of the IPsec Phase-1 IKE Tunnel History + Table. The value of the index is a number which + begins at one and is incremented with each + tunnel that ends. The value of this object + will wrap at 2,147,483,647." + ::= { cikeTunnelHistEntry 1 } + +cikeTunHistTermReason OBJECT-TYPE + SYNTAX INTEGER { + other(1), + normal(2), + operRequest(3), + peerDelRequest(4), + peerLost(5), + localFailure(6), + checkPointReg(7) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The reason the IPsec Phase-1 IKE Tunnel was terminated. + Possible reasons include: + 1 = other + 2 = normal termination + 3 = operator request + 4 = peer delete request was received + 5 = contact with peer was lost + 6 = local failure occurred. + 7 = operator initiated check point request" + ::= { cikeTunnelHistEntry 2 } + +cikeTunHistActiveIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the previously active IPsec + Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 3 } + +cikeTunHistPeerLocalType OBJECT-TYPE + SYNTAX IkePeerType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of local peer identity. The local peer + may be identified by: + 1. an IP address, or + 2. a host name." + ::= { cikeTunnelHistEntry 4 } + +cikeTunHistPeerLocalValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the local peer identity. + + If the local peer type is an IP Address, then this + is the IP Address used to identify the local peer. + + If the local peer type is a host name, then this is + the host name used to identify the local peer." + ::= { cikeTunnelHistEntry 5 } + +cikeTunHistPeerIntIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The internal index of the local-remote peer + association. This internal index is used to + uniquely identify multiple associations between + the local and remote peer." + ::= { cikeTunnelHistEntry 6 } + +cikeTunHistPeerRemoteType OBJECT-TYPE + SYNTAX IkePeerType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of remote peer identity. The remote + peer may be identified by: + 1. an IP address, or + 2. a host name." + ::= { cikeTunnelHistEntry 7 } + +cikeTunHistPeerRemoteValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the remote peer identity. + + If the remote peer type is an IP Address, then this + is the IP Address used to identify the remote peer. + + If the remote peer type is a host name, then this is + the host name used to identify the remote peer." + ::= { cikeTunnelHistEntry 8 } + +cikeTunHistLocalAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the local endpoint for the IPsec + Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 9 } + +cikeTunHistLocalName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The DNS name of the local IP address for + the IPsec Phase-1 IKE Tunnel. If the DNS + name associated with the local tunnel endpoint + is not known, then the value of this + object will be a NULL string." + ::= { cikeTunnelHistEntry 10 } + +cikeTunHistRemoteAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the remote endpoint for the IPsec + Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 11 } + +cikeTunHistRemoteName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The DNS name of the remote IP address of IPsec Phase-1 + IKE Tunnel. If the DNS name associated with the remote + tunnel endpoint is not known, then the value of this + object will be a NULL string." + ::= { cikeTunnelHistEntry 12 } + +cikeTunHistNegoMode OBJECT-TYPE + SYNTAX IkeNegoMode + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The negotiation mode of the IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 13 } + +cikeTunHistDiffHellmanGrp OBJECT-TYPE + SYNTAX DiffHellmanGrp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Diffie Hellman Group used in IPsec Phase-1 IKE + negotiations." + ::= { cikeTunnelHistEntry 14 } + +cikeTunHistEncryptAlgo OBJECT-TYPE + SYNTAX EncryptAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The encryption algorithm used in IPsec Phase-1 IKE + negotiations." + ::= { cikeTunnelHistEntry 15 } + +cikeTunHistHashAlgo OBJECT-TYPE + SYNTAX IkeHashAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The hash algorithm used in IPsec Phase-1 IKE + negotiations." + ::= { cikeTunnelHistEntry 16 } + +cikeTunHistAuthMethod OBJECT-TYPE + SYNTAX IkeAuthMethod + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The authentication method used in IPsec Phase-1 IKE + negotiations." + ::= { cikeTunnelHistEntry 17 } + +cikeTunHistLifeTime OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel + in seconds." + ::= { cikeTunnelHistEntry 18 } + +cikeTunHistStartTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime in hundredths of seconds + when the IPsec Phase-1 IKE tunnel was started." + ::= { cikeTunnelHistEntry 19 } + +cikeTunHistActiveTime OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The length of time the IPsec Phase-1 IKE tunnel was been + active in hundredths of seconds." + ::= { cikeTunnelHistEntry 20 } + +cikeTunHistTotalRefreshes OBJECT-TYPE + SYNTAX Counter32 + UNITS "QM Exchanges" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of security associations + refreshes performed." + ::= { cikeTunnelHistEntry 21 } + +cikeTunHistTotalSas OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of security associations + used during the + life of the IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 22 } + +cikeTunHistInOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets + received by this IPsec Phase-1 + IKE Tunnel." + ::= { cikeTunnelHistEntry 23 } + +cikeTunHistInPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received + by this IPsec Phase-1 + IKE Tunnel." + ::= { cikeTunnelHistEntry 24 } + +cikeTunHistInDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped + by this IPsec Phase-1 + IKE Tunnel during receive processing." + ::= { cikeTunnelHistEntry 25 } + +cikeTunHistInNotifys OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of notifys received + by this IPsec Phase-1 + IKE Tunnel." + ::= { cikeTunnelHistEntry 26 } + +cikeTunHistInP2Exchgs OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 + exchanges received by + this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 27 } + +cikeTunHistInP2ExchgInvalids OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 + exchanges received and + found to be invalid by this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 28 } + +cikeTunHistInP2ExchgRejects OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 + exchanges received and + rejected by this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 29 } + +cikeTunHistInP2SaDelRequests OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 security association + delete requests received by this IPsec + Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 30 } + +cikeTunHistOutOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets sent by this IPsec Phase-1 + IKE Tunnel." + ::= { cikeTunnelHistEntry 31 } + +cikeTunHistOutPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets sent by this IPsec Phase-1 + IKE Tunnel." + ::= { cikeTunnelHistEntry 32 } + +cikeTunHistOutDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped + by this IPsec Phase-1 + IKE Tunnel during send processing." + ::= { cikeTunnelHistEntry 33 } + +cikeTunHistOutNotifys OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of notifys sent by this IPsec Phase-1 + IKE Tunnel." + ::= { cikeTunnelHistEntry 34 } + +cikeTunHistOutP2Exchgs OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges sent by + this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 35 } + +cikeTunHistOutP2ExchgInvalids OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges sent and + found to be invalid by this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 36 } + +cikeTunHistOutP2ExchgRejects OBJECT-TYPE + SYNTAX Counter32 + UNITS "SA Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 exchanges sent and + rejected by this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 37 } + +cikeTunHistOutP2SaDelRequests OBJECT-TYPE + SYNTAX Counter32 + UNITS "Notification Payloads" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of IPsec Phase-2 security association + delete requests sent by this IPsec Phase-1 IKE Tunnel." + ::= { cikeTunnelHistEntry 38 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-2 Tunnel History Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecTunnelHistTable OBJECT-TYPE + SYNTAX SEQUENCE OF CipSecTunnelHistEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-2 Tunnel History Table. + This table is implemented as a sliding + window in which only the + last n entries are maintained. The maximum number + of entries + is specified by the cipSecHistTableSize object." + ::= { cipSecHistPhaseTwo 1 } + +cipSecTunnelHistEntry OBJECT-TYPE + SYNTAX CipSecTunnelHistEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes associated with + a previously active IPsec Phase-2 Tunnel." + INDEX { cipSecTunHistIndex } + ::= { cipSecTunnelHistTable 1 } + +CipSecTunnelHistEntry ::= SEQUENCE { + cipSecTunHistIndex Integer32, + cipSecTunHistTermReason INTEGER , + cipSecTunHistActiveIndex Integer32, + cipSecTunHistIkeTunnelIndex Integer32, + cipSecTunHistLocalAddr IPSIpAddress, + cipSecTunHistRemoteAddr IPSIpAddress, + cipSecTunHistKeyType KeyType, + cipSecTunHistEncapMode EncapMode, + cipSecTunHistLifeSize Integer32, + cipSecTunHistLifeTime Integer32, + cipSecTunHistStartTime TimeStamp, + cipSecTunHistActiveTime TimeInterval, + cipSecTunHistTotalRefreshes Counter32, + cipSecTunHistTotalSas Counter32, + cipSecTunHistInSaDiffHellmanGrp DiffHellmanGrp, + cipSecTunHistInSaEncryptAlgo EncryptAlgo, + cipSecTunHistInSaAhAuthAlgo AuthAlgo, + cipSecTunHistInSaEspAuthAlgo AuthAlgo, + cipSecTunHistInSaDecompAlgo CompAlgo, + cipSecTunHistOutSaDiffHellmanGrp DiffHellmanGrp, + cipSecTunHistOutSaEncryptAlgo EncryptAlgo, + cipSecTunHistOutSaAhAuthAlgo AuthAlgo, + cipSecTunHistOutSaEspAuthAlgo AuthAlgo, + cipSecTunHistOutSaCompAlgo CompAlgo, + cipSecTunHistInOctets Counter32, + cipSecTunHistHcInOctets Counter64, + cipSecTunHistInOctWraps Counter32, + cipSecTunHistInDecompOctets Counter32, + cipSecTunHistHcInDecompOctets Counter64, + cipSecTunHistInDecompOctWraps Counter32, + cipSecTunHistInPkts Counter32, + cipSecTunHistInDropPkts Counter32, + cipSecTunHistInReplayDropPkts Counter32, + cipSecTunHistInAuths Counter32, + cipSecTunHistInAuthFails Counter32, + cipSecTunHistInDecrypts Counter32, + cipSecTunHistInDecryptFails Counter32, + cipSecTunHistOutOctets Counter32, + cipSecTunHistHcOutOctets Counter64, + cipSecTunHistOutOctWraps Counter32, + cipSecTunHistOutUncompOctets Counter32, + cipSecTunHistHcOutUncompOctets Counter64, + cipSecTunHistOutUncompOctWraps Counter32, + cipSecTunHistOutPkts Counter32, + cipSecTunHistOutDropPkts Counter32, + cipSecTunHistOutAuths Counter32, + cipSecTunHistOutAuthFails Counter32, + cipSecTunHistOutEncrypts Counter32, + cipSecTunHistOutEncryptFails Counter32 +} + +cipSecTunHistIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index of the IPsec Phase-2 Tunnel History Table. + The value of the index is a number which + begins at one and is incremented with each tunnel + that ends. The value + of this object will wrap at 2,147,483,647." + ::= { cipSecTunnelHistEntry 1 } + +cipSecTunHistTermReason OBJECT-TYPE + SYNTAX INTEGER { + other(1), + normal(2), + operRequest(3), + peerDelRequest(4), + peerLost(5), + seqNumRollOver(6), + checkPointReq(7) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The reason the IPsec Phase-2 Tunnel was terminated. + Possible reasons include: + 1 = other + 2 = normal termination + 3 = operator request + 4 = peer delete request was received + 5 = contact with peer was lost + 6 = local failure occurred + 7 = operator initiated check point request" + ::= { cipSecTunnelHistEntry 2 } + +cipSecTunHistActiveIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the previously active + IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 3 } + +cipSecTunHistIkeTunnelIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the associated IPsec Phase-1 Tunnel + (cikeTunIndex in the cikeTunnelTable)." + ::= { cipSecTunnelHistEntry 4 } + +cipSecTunHistLocalAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the local endpoint for the IPsec + Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 5 } + +cipSecTunHistRemoteAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the remote endpoint for the IPsec + Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 6 } + +cipSecTunHistKeyType OBJECT-TYPE + SYNTAX KeyType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of key used by the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 7 } + +cipSecTunHistEncapMode OBJECT-TYPE + SYNTAX EncapMode + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The encapsulation mode used by the + IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 8 } + +cipSecTunHistLifeSize OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + UNITS "KBytes" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The negotiated LifeSize of the IPsec Phase-2 Tunnel in + kilobytes." + ::= { cipSecTunnelHistEntry 9 } + +cipSecTunHistLifeTime OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + UNITS "Seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The negotiated LifeTime of the IPsec Phase-2 Tunnel in + seconds." + ::= { cipSecTunnelHistEntry 10 } + +cipSecTunHistStartTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime in hundredths of seconds + when the IPsec Phase-2 Tunnel was started." + ::= { cipSecTunnelHistEntry 11 } + +cipSecTunHistActiveTime OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The length of time the IPsec Phase-2 Tunnel has been + active in hundredths of seconds." + ::= { cipSecTunnelHistEntry 12 } + +cipSecTunHistTotalRefreshes OBJECT-TYPE + SYNTAX Counter32 + UNITS "QM Exchanges" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of security association refreshes + performed." + ::= { cipSecTunnelHistEntry 13 } + +cipSecTunHistTotalSas OBJECT-TYPE + SYNTAX Counter32 + UNITS "SAs" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of security associations used + during the + life of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 14 } + +cipSecTunHistInSaDiffHellmanGrp OBJECT-TYPE + SYNTAX DiffHellmanGrp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Diffie Hellman Group used by the inbound security + association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 15 } + +cipSecTunHistInSaEncryptAlgo OBJECT-TYPE + SYNTAX EncryptAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The encryption algorithm used by the inbound security + association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 16 } + +cipSecTunHistInSaAhAuthAlgo OBJECT-TYPE + SYNTAX AuthAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The authentication algorithm used by the inbound + authentication header (AH) security association of + the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 17 } + +cipSecTunHistInSaEspAuthAlgo OBJECT-TYPE + SYNTAX AuthAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The authentication algorithm used by the inbound + encapsulation security protocol (ESP) + security association of + the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 18 } + +cipSecTunHistInSaDecompAlgo OBJECT-TYPE + SYNTAX CompAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The decompression algorithm used by the inbound + security association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 19 } + +cipSecTunHistOutSaDiffHellmanGrp OBJECT-TYPE + SYNTAX DiffHellmanGrp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Diffie Hellman Group used by the outbound security + association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 20 } + +cipSecTunHistOutSaEncryptAlgo OBJECT-TYPE + SYNTAX EncryptAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The encryption algorithm used by the outbound security + association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 21 } + +cipSecTunHistOutSaAhAuthAlgo OBJECT-TYPE + SYNTAX AuthAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The authentication algorithm used by the outbound + authentication header (AH) security association of + the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 22 } + +cipSecTunHistOutSaEspAuthAlgo OBJECT-TYPE + SYNTAX AuthAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The authentication algorithm used by the inbound + encapsulation security protocol (ESP) + security association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 23 } + +cipSecTunHistOutSaCompAlgo OBJECT-TYPE + SYNTAX CompAlgo + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The compression algorithm used by the inbound + security association of the IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 24 } + +cipSecTunHistInOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets received by this IPsec + Phase-2 Tunnel. This value is accumulated + BEFORE determining whether or not the packet should + be decompressed. See also cipSecTunInOctWraps for + the number of times this counter has wrapped." + ::= { cipSecTunnelHistEntry 25 } + +cipSecTunHistHcInOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number of octets + received by this IPsec Phase-2 Tunnel. This value is + accumulated BEFORE determining whether or not + the packet should be decompressed." + ::= { cipSecTunnelHistEntry 26 } + +cipSecTunHistInOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the octets received counter + (cipSecTunInOctets) has wrapped." + ::= { cipSecTunnelHistEntry 27 } + +cipSecTunHistInDecompOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of decompressed octets received by this + IPsec Phase-2 Tunnel. This value is accumulated AFTER + the packet is decompressed. If compression is not being + used, this value will match the value of cipSecTunHistInOctets. + See also cipSecTunInDecompOctWraps for the number of times + this counter has wrapped." + ::= { cipSecTunnelHistEntry 28 } + +cipSecTunHistHcInDecompOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number of decompressed + octets received by this IPsec Phase-2 Tunnel. This value + is accumulated AFTER the packet is decompressed. If + compression is not being used, this value will match the + value of cipSecTunHistHcInOctets." + ::= { cipSecTunnelHistEntry 29 } + +cipSecTunHistInDecompOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the decompressed octets + received counter (cipSecTunInDecompOctets) has wrapped." + ::= { cipSecTunnelHistEntry 30 } + +cipSecTunHistInPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received by this + IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 31 } + +cipSecTunHistInDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped during + receive processing by this IPsec Phase-2 Tunnel. + This count does NOT include packets + dropped due to Anti-Replay processing." + ::= { cipSecTunnelHistEntry 32 } + +cipSecTunHistInReplayDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped during + receive processing due to Anti-Replay processing + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 33 } + +cipSecTunHistInAuths OBJECT-TYPE + SYNTAX Counter32 + UNITS "Events" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound authentication's + performed + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 34 } + +cipSecTunHistInAuthFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound authentication's + which ended in + failure by this IPsec Phase-2 Tunnel ." + ::= { cipSecTunnelHistEntry 35 } + +cipSecTunHistInDecrypts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound decryption's performed + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 36 } + +cipSecTunHistInDecryptFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound decryption's + which ended in failure + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 37 } + +cipSecTunHistOutOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of octets sent by this IPsec + Phase-2 Tunnel. This value is accumulated + AFTER determining whether or not the + packet should be + compressed. See also cipSecTunOutOctWraps for the + number of times this counter has wrapped." + ::= { cipSecTunnelHistEntry 38 } + +cipSecTunHistHcOutOctets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total number of octets + sent by this IPsec Phase-2 Tunnel. This value + is accumulated AFTER determining whether or not + the packet should be + compressed." + ::= { cipSecTunnelHistEntry 39 } + +cipSecTunHistOutOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the octets sent counter + (cipSecTunOutOctets) has wrapped." + ::= { cipSecTunnelHistEntry 40 } + +cipSecTunHistOutUncompOctets OBJECT-TYPE + SYNTAX Counter32 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of uncompressed octets sent by this + IPsec Phase-2 Tunnel. This value is accumulated BEFORE + the packet is compressed. If compression is not being + used, this value will match the value of + cipSecTunHistOutOctets. See also + cipSecTunOutDecompOctWraps for the number of times + this counter has wrapped." + ::= { cipSecTunnelHistEntry 41 } + +cipSecTunHistHcOutUncompOctets OBJECT-TYPE + SYNTAX Counter64 + UNITS "Octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A high capacity count of the total + number of uncompressed octets sent by this + IPsec Phase-2 Tunnel. This value is accumulated + BEFORE the packet is compressed. If compression + is not being used, this value will match the value of + cipSecTunHistHcOutOctets." + ::= { cipSecTunnelHistEntry 42 } + +cipSecTunHistOutUncompOctWraps OBJECT-TYPE + SYNTAX Counter32 + UNITS "Integral units" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of times the uncompressed octets sent counter + (cipSecTunOutUncompOctets) has wrapped." + ::= { cipSecTunnelHistEntry 43 } + +cipSecTunHistOutPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets sent by this + IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 44 } + +cipSecTunHistOutDropPkts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets dropped + during send processing + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 45 } + +cipSecTunHistOutAuths OBJECT-TYPE + SYNTAX Counter32 + UNITS "Events" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound authentication's performed + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 46 } + +cipSecTunHistOutAuthFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound authentication's + which ended in + failure by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 47 } + +cipSecTunHistOutEncrypts OBJECT-TYPE + SYNTAX Counter32 + UNITS "Packets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound encryption's performed + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 48 } + +cipSecTunHistOutEncryptFails OBJECT-TYPE + SYNTAX Counter32 + UNITS "Failures" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of outbound encryption's + which ended in failure + by this IPsec Phase-2 Tunnel." + ::= { cipSecTunnelHistEntry 49 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-2 Tunnel Endpoint History Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecEndPtHistTable OBJECT-TYPE + SYNTAX SEQUENCE OF CipSecEndPtHistEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-2 Tunnel Endpoint History Table. + This table is implemented as a + sliding window in which only the + last n entries are maintained. + The maximum number of entries + is specified by the cipSecHistTableSize object." + ::= { cipSecHistPhaseTwo 2 } + +cipSecEndPtHistEntry OBJECT-TYPE + SYNTAX CipSecEndPtHistEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes associated with + a previously active IPsec Phase-2 Tunnel Endpoint." + INDEX { cipSecEndPtHistIndex } + ::= { cipSecEndPtHistTable 1 } + +CipSecEndPtHistEntry ::= SEQUENCE { + cipSecEndPtHistIndex Integer32, + cipSecEndPtHistTunIndex Integer32, + cipSecEndPtHistActiveIndex Integer32, + cipSecEndPtHistLocalName DisplayString, + cipSecEndPtHistLocalType EndPtType, + cipSecEndPtHistLocalAddr1 IPSIpAddress, + cipSecEndPtHistLocalAddr2 IPSIpAddress, + cipSecEndPtHistLocalProtocol Integer32, + cipSecEndPtHistLocalPort Integer32, + cipSecEndPtHistRemoteName DisplayString, + cipSecEndPtHistRemoteType EndPtType, + cipSecEndPtHistRemoteAddr1 IPSIpAddress, + cipSecEndPtHistRemoteAddr2 IPSIpAddress, + cipSecEndPtHistRemoteProtocol Integer32, + cipSecEndPtHistRemotePort Integer32 +} + +cipSecEndPtHistIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The number of the previously active + Endpoint associated + with a IPsec Phase-2 Tunnel Table. The value + of this index is a number which begins at + one and is incremented with each Endpoint + associated with an IPsec Phase-2 Tunnel. + The value of this object will wrap at 2,147,483,647." + ::= { cipSecEndPtHistEntry 1 } + +cipSecEndPtHistTunIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the previously active IPsec + Phase-2 Tunnel Table." + ::= { cipSecEndPtHistEntry 2 } + +cipSecEndPtHistActiveIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index of the previously active Endpoint." + ::= { cipSecEndPtHistEntry 3 } + +cipSecEndPtHistLocalName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The DNS name of the local Endpoint." + ::= { cipSecEndPtHistEntry 4 } + +cipSecEndPtHistLocalType OBJECT-TYPE + SYNTAX EndPtType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of identity for the local Endpoint. + Possible values are: + 1) a single IP address, or + 2) an IP address range, or + 3) an IP subnet." + ::= { cipSecEndPtHistEntry 5 } + +cipSecEndPtHistLocalAddr1 OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local Endpoint's first IP address specification. + + If the local Endpoint type is single IP address, + then this is the value of the IP address. + + If the local Endpoint type is IP subnet, then this + is the value of the subnet. + + If the local Endpoint type is IP address range, + then this is the value of beginning IP address of + the range." + ::= { cipSecEndPtHistEntry 6 } + +cipSecEndPtHistLocalAddr2 OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The local Endpoint's second IP address specification. + + If the local Endpoint type is single IP address, + then this is the value of the IP address. + + If the local Endpoint type is IP subnet, then this + is the value of the subnet mask. + + If the local Endpoint type is IP address range, + then this + is the value of ending IP address of the range." + ::= { cipSecEndPtHistEntry 7 } + +cipSecEndPtHistLocalProtocol OBJECT-TYPE + SYNTAX Integer32 (0..255 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The protocol number of the local Endpoint's traffic." + ::= { cipSecEndPtHistEntry 8 } + +cipSecEndPtHistLocalPort OBJECT-TYPE + SYNTAX Integer32 (0..65535 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The port number of the local Endpoint's traffic." + ::= { cipSecEndPtHistEntry 9 } + +cipSecEndPtHistRemoteName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The DNS name of the remote Endpoint." + ::= { cipSecEndPtHistEntry 10 } + +cipSecEndPtHistRemoteType OBJECT-TYPE + SYNTAX EndPtType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of identity for the remote Endpoint. + Possible values are: + 1) a single IP address, or + 2) an IP address range, or + 3) an IP subnet." + ::= { cipSecEndPtHistEntry 11 } + +cipSecEndPtHistRemoteAddr1 OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remote Endpoint's first IP address specification. + + If the remote Endpoint type is single IP address, + then this + is the value of the IP address. + + If the remote Endpoint type is IP subnet, then this + is the value of the subnet. + + If the remote Endpoint type is IP address range, + then this + is the value of beginning IP address of the range." + ::= { cipSecEndPtHistEntry 12 } + +cipSecEndPtHistRemoteAddr2 OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The remote Endpoint's second IP address specification. + + If the remote Endpoint type is single IP address, + then this + is the value of the IP address. + + If the remote Endpoint type is IP subnet, then this + is the value of the subnet mask. + + If the remote Endpoint type is IP address range, + then this + is the value of ending IP address of the range." + ::= { cipSecEndPtHistEntry 13 } + +cipSecEndPtHistRemoteProtocol OBJECT-TYPE + SYNTAX Integer32 (0..255 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The protocol number of the remote Endpoint's traffic." + ::= { cipSecEndPtHistEntry 14 } + +cipSecEndPtHistRemotePort OBJECT-TYPE + SYNTAX Integer32 (0..65535 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The port number of the remote Endpoint's traffic." + ::= { cipSecEndPtHistEntry 15 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Failure Group +-- +-- This group consists of a: +-- 1) IPsec Failure Global Objects +-- 2) IPsec Phase-1 Tunnel Failure Table +-- 3) IPsec Phase-2 Tunnel Failure Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecFailGlobal OBJECT IDENTIFIER + ::= { cipSecFailures 1 } + +cipSecFailPhaseOne OBJECT IDENTIFIER + ::= { cipSecFailures 2 } + +cipSecFailPhaseTwo OBJECT IDENTIFIER + ::= { cipSecFailures 3 } + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Failure Global Control Objects +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecFailGlobalCntl OBJECT IDENTIFIER + ::= { cipSecFailGlobal 1 } + + +cipSecFailTableSize OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The window size of the IPsec Phase-1 and Phase-2 + Failure Tables. + + The IPsec Phase-1 and Phase-2 Failure Tables are + implemented as a sliding window in which only the + last n entries are maintained. This object is used + specify the number of entries which will be + maintained in the IPsec Phase-1 and Phase-2 Failure + Tables. + + An implementation may choose suitable minimum and + maximum values for this element based on the local + policy and available resources. If an SNMP SET request + specifies a value outside this window for this element, + a BAD VALUE may be returned." + ::= { cipSecFailGlobalCntl 1 } +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-1 Failure Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cikeFailTable OBJECT-TYPE + SYNTAX SEQUENCE OF CikeFailEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-1 Failure Table. + This table is implemented as a sliding + window in which only the last n entries are + maintained. The maximum number of entries + is specified by the cipSecFailTableSize object." + ::= { cipSecFailPhaseOne 1 } + +cikeFailEntry OBJECT-TYPE + SYNTAX CikeFailEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes associated + with + an IPsec Phase-1 failure." + INDEX { cikeFailIndex } + ::= { cikeFailTable 1 } + +CikeFailEntry ::= SEQUENCE { + cikeFailIndex Integer32, + cikeFailReason INTEGER , + cikeFailTime TimeStamp, + cikeFailLocalType IkePeerType, + cikeFailLocalValue DisplayString, + cikeFailRemoteType IkePeerType, + cikeFailRemoteValue DisplayString, + cikeFailLocalAddr IPSIpAddress, + cikeFailRemoteAddr IPSIpAddress +} + +cikeFailIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-1 Failure Table index. + The value of the index is a number which + begins at one and is incremented with each + IPsec Phase-1 failure. The value + of this object will wrap at 2,147,483,647." + ::= { cikeFailEntry 1 } + +cikeFailReason OBJECT-TYPE + SYNTAX INTEGER { + other(1), + peerDelRequest(2), + peerLost(3), + localFailure(4), + authFailure(5), + hashValidation(6), + encryptFailure(7), + internalError(8), + sysCapExceeded(9), + proposalFailure(10), + peerCertUnavailable(11), + peerCertNotValid(12), + localCertExpired(13), + crlFailure(14), + peerEncodingError(15), + nonExistentSa(16), + operRequest(17) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The reason for the failure. Possible reasons include: + 1 = other + 2 = peer delete request was received + 3 = contact with peer was lost + 4 = local failure occurred + 5 = authentication failure + 6 = hash validation failure + 7 = encryption failure + 8 = internal error occurred + 9 = system capacity failure + 10 = proposal failure + 11 = peer's certificate is unavailable + 12 = peer's certificate was found invalid + 13 = local certificate expired + 14 = certificate revoke list (crl) failure + 15 = peer encoding error + 16 = non-existent security association + 17 = operator requested termination." + ::= { cikeFailEntry 2 } + +cikeFailTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime in hundredths of seconds + at the time of the failure." + ::= { cikeFailEntry 3 } + +cikeFailLocalType OBJECT-TYPE + SYNTAX IkePeerType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of local peer identity. The local peer + may be identified by: + 1. an IP address, or + 2. a host name." + ::= { cikeFailEntry 4 } + +cikeFailLocalValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the local peer identity. + + If the local peer type is an IP Address, then this + is the IP Address used to identify the local peer. + + If the local peer type is a host name, then this is + the host name used to identify the local peer." + ::= { cikeFailEntry 5 } + +cikeFailRemoteType OBJECT-TYPE + SYNTAX IkePeerType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of remote peer identity. The remote + peer may be identified by: + 1. an IP address, or + 2. a host name." + ::= { cikeFailEntry 6 } + +cikeFailRemoteValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the remote peer identity. + + If the remote peer type is an IP Address, then this + is the IP Address used to identify the remote peer. + + If the remote peer type is a host name, then this is + the host name used to identify the remote peer." + ::= { cikeFailEntry 7 } + +cikeFailLocalAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the local peer." + ::= { cikeFailEntry 8 } + +cikeFailRemoteAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address of the remote peer." + ::= { cikeFailEntry 9 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec Phase-2 Failure Table +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecFailTable OBJECT-TYPE + SYNTAX SEQUENCE OF CipSecFailEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-2 Failure Table. + This table is implemented as a sliding window + in which only the last n entries are maintained. + The maximum number of entries + is specified by the cipSecFailTableSize object." + ::= { cipSecFailPhaseTwo 1 } + +cipSecFailEntry OBJECT-TYPE + SYNTAX CipSecFailEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry contains the attributes associated with + an IPsec Phase-1 failure." + INDEX { cipSecFailIndex } + ::= { cipSecFailTable 1 } + +CipSecFailEntry ::= SEQUENCE { + cipSecFailIndex Integer32, + cipSecFailReason INTEGER , + cipSecFailTime TimeStamp, + cipSecFailTunnelIndex Integer32, + cipSecFailSaSpi Integer32, + cipSecFailPktSrcAddr IPSIpAddress, + cipSecFailPktDstAddr IPSIpAddress +} + +cipSecFailIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IPsec Phase-2 Failure Table index. + The value of the index is a number which + begins at one and is incremented with each + IPsec Phase-1 failure. The value + of this object will wrap at 2,147,483,647." + ::= { cipSecFailEntry 1 } + +cipSecFailReason OBJECT-TYPE + SYNTAX INTEGER { + other(1), + internalError(2), + peerEncodingError(3), + proposalFailure(4), + protocolUseFail(5), + nonExistentSa(6), + decryptFailure(7), + encryptFailure(8), + inAuthFailure(9), + outAuthFailure(10), + compression(11), + sysCapExceeded(12), + peerDelRequest(13), + peerLost(14), + seqNumRollOver(15), + operRequest(16) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The reason for the failure. Possible reasons + include: + 1 = other + 2 = internal error occurred + 3 = peer encoding error + 4 = proposal failure + 5 = protocol use failure + 6 = non-existent security association + 7 = decryption failure + 8 = encryption failure + 9 = inbound authentication failure + 10 = outbound authentication failure + 11 = compression failure + 12 = system capacity failure + 13 = peer delete request was received + 14 = contact with peer was lost + 15 = sequence number rolled over + 16 = operator requested termination." + ::= { cipSecFailEntry 2 } + +cipSecFailTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime in hundredths of seconds + at the time of the failure." + ::= { cipSecFailEntry 3 } + +cipSecFailTunnelIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Phase-2 Tunnel index (cipSecTunIndex)." + ::= { cipSecFailEntry 4 } + +cipSecFailSaSpi OBJECT-TYPE + SYNTAX Integer32 (0..2147483647 ) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The security association SPI value." + ::= { cipSecFailEntry 5 } + +cipSecFailPktSrcAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The packet's source IP address." + ::= { cipSecFailEntry 6 } + +cipSecFailPktDstAddr OBJECT-TYPE + SYNTAX IPSIpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The packet's destination IP address." + ::= { cipSecFailEntry 7 } + + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- The IPsec TRAP Control Group +-- +-- This group of objects controls the sending of IPsec TRAPs. +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecTrapCntlIkeTunnelStart OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative state of + sending the IPsec IKE Phase-1 Tunnel Start TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 1 } + +cipSecTrapCntlIkeTunnelStop OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative state + of sending the + IPsec IKE Phase-1 Tunnel Stop TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 2 } + +cipSecTrapCntlIkeSysFailure OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative state + of sending the + IPsec IKE Phase-1 System Failure TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 3 } + +cipSecTrapCntlIkeCertCrlFailure OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative + state of sending the + IPsec IKE Phase-1 Certificate/CRL Failure TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 4 } + +cipSecTrapCntlIkeProtocolFail OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative + state of sending the + IPsec IKE Phase-1 Protocol Failure TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 5 } + +cipSecTrapCntlIkeNoSa OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative + state of sending the + IPsec IKE Phase-1 No Security Association TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 6 } + +cipSecTrapCntlIpSecTunnelStart OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative state + of sending the IPsec + Phase-2 Tunnel Start TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 7 } + +cipSecTrapCntlIpSecTunnelStop OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative + state of sending the IPsec + Phase-2 Tunnel Stop TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 8 } + +cipSecTrapCntlIpSecSysFailure OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative state + of sending the IPsec + Phase-2 System Failure TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 9 } + +cipSecTrapCntlIpSecSetUpFailure OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative state + of sending the IPsec + Phase-2 Set Up Failure TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 10 } + +cipSecTrapCntlIpSecEarlyTunTerm OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative state + of sending the IPsec + Phase-2 Early Tunnel Termination TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 11 } + +cipSecTrapCntlIpSecProtocolFail OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative state + of sending the IPsec + Phase-2 Protocol Failure TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 12 } + +cipSecTrapCntlIpSecNoSa OBJECT-TYPE + SYNTAX TrapStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object defines the administrative state + of sending the IPsec + Phase-2 No Security Association TRAP" + DEFVAL { disabled } + ::= { cipSecTrapCntl 13 } +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- IPsec Notifications - TRAPs +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecMIBNotificationPrefix OBJECT IDENTIFIER + ::= { ciscoIpSecFlowMonitorMIB 2 } + +cipSecMIBNotifications OBJECT IDENTIFIER + ::= { cipSecMIBNotificationPrefix 0 } + + +cikeTunnelStart NOTIFICATION-TYPE + OBJECTS { + cikePeerLocalAddr, + cikePeerRemoteAddr, + cikeTunLifeTime + } + STATUS current + DESCRIPTION + "This notification is generated when an IPsec Phase-1 + IKE Tunnel becomes active." + ::= { cipSecMIBNotifications 1 } + +cikeTunnelStop NOTIFICATION-TYPE + OBJECTS { + cikePeerLocalAddr, + cikePeerRemoteAddr, + cikeTunActiveTime + } + STATUS current + DESCRIPTION + "This notification is generated when an IPsec Phase-1 + IKE Tunnel becomes inactive." + ::= { cipSecMIBNotifications 2 } + +cikeSysFailure NOTIFICATION-TYPE + OBJECTS { + cikePeerLocalAddr, + cikePeerRemoteAddr + } + STATUS current + DESCRIPTION + "This notification is generated when the processing for + an IPsec Phase-1 IKE Tunnel experiences an internal + or system capacity error." + ::= { cipSecMIBNotifications 3 } + +cikeCertCrlFailure NOTIFICATION-TYPE + OBJECTS { + cikePeerLocalAddr, + cikePeerRemoteAddr + } + STATUS current + DESCRIPTION + "This notification is generated when the processing for + an IPsec Phase-1 IKE Tunnel experiences a Certificate + or a Certificate Revoke List (CRL) related error." + ::= { cipSecMIBNotifications 4 } + +cikeProtocolFailure NOTIFICATION-TYPE + OBJECTS { + cikePeerLocalAddr, + cikePeerRemoteAddr + } + STATUS current + DESCRIPTION + "This notification is generated when the processing for + an IPsec Phase-1 IKE Tunnel experiences a protocol + related error." + ::= { cipSecMIBNotifications 5 } + +cikeNoSa NOTIFICATION-TYPE + OBJECTS { + cikePeerLocalAddr, + cikePeerRemoteAddr + } + STATUS current + DESCRIPTION + "This notification is generated when the processing for + an IPsec Phase-1 IKE Tunnel experiences a non-existent + security association error." + ::= { cipSecMIBNotifications 6 } + +cipSecTunnelStart NOTIFICATION-TYPE + OBJECTS { + cipSecTunLifeTime, + cipSecTunLifeSize + } + STATUS current + DESCRIPTION + "This notification is generated when an IPsec Phase-2 + Tunnel becomes active." + ::= { cipSecMIBNotifications 7 } + +cipSecTunnelStop NOTIFICATION-TYPE + OBJECTS { cipSecTunActiveTime } + STATUS current + DESCRIPTION + "This notification is generated when an IPsec Phase-2 + Tunnel becomes inactive." + ::= { cipSecMIBNotifications 8 } + +cipSecSysFailure NOTIFICATION-TYPE + OBJECTS { + cikePeerLocalAddr, + cikePeerRemoteAddr, + cipSecTunActiveTime, + cipSecSpiProtocol + } + STATUS current + DESCRIPTION + "This notification is generated when the processing for + an IPsec Phase-2 Tunnel experiences an internal + or system capacity error." + ::= { cipSecMIBNotifications 9 } + +cipSecSetUpFailure NOTIFICATION-TYPE + OBJECTS { + cikePeerLocalAddr, + cikePeerRemoteAddr + } + STATUS current + DESCRIPTION + "This notification is generated when the setup for + an IPsec Phase-2 Tunnel fails." + ::= { cipSecMIBNotifications 10 } + +cipSecEarlyTunTerm NOTIFICATION-TYPE + OBJECTS { + cipSecTunActiveTime, + cipSecSpiProtocol + } + STATUS current + DESCRIPTION + "This notification is generated when an an IPsec Phase-2 + Tunnel is terminated earily or before expected." + ::= { cipSecMIBNotifications 11 } + +cipSecProtocolFailure NOTIFICATION-TYPE + OBJECTS { + cipSecTunActiveTime, + cipSecSpiProtocol + } + STATUS current + DESCRIPTION + "This notification is generated when the processing for + an IPsec Phase-2 Tunnel experiences a protocol + related error." + ::= { cipSecMIBNotifications 12 } + +cipSecNoSa NOTIFICATION-TYPE + STATUS current + DESCRIPTION + "This notification is generated when the processing for + an IPsec Phase-2 Tunnel experiences a non-existent + security association error." + ::= { cipSecMIBNotifications 13 } +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- Conformance Information +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecMIBConformance OBJECT IDENTIFIER + ::= { ciscoIpSecFlowMonitorMIB 3 } + +cipSecMIBGroups OBJECT IDENTIFIER + ::= { cipSecMIBConformance 1 } + +cipSecMIBCompliances OBJECT IDENTIFIER + ::= { cipSecMIBConformance 2 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- Compliance Statements +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecMIBCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for SNMP entities + the IP Security Protocol. + This has been replaced by cipSecMIBComplianceRev1." + MODULE -- this module + MANDATORY-GROUPS { + cipSecLevelsGroup, + cipSecPhaseOneGroup, + cipSecPhaseTwoGroup + } + + OBJECT cikeTunStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT cipSecTunStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + ::= { cipSecMIBCompliances 1 } + +cipSecMIBComplianceRev1 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities + the IP Security Protocol." + MODULE -- this module + MANDATORY-GROUPS { + cipSecLevelsGroup, + cipSecPhaseOneGroup, + cipSecPhaseTwoGroup + } + + GROUP cipSecGWStatsGroup + DESCRIPTION + "Implementation of this group is for the + gateway supporting IPSec statistics + information." + + OBJECT cikeTunStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + + OBJECT cipSecTunStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + ::= { cipSecMIBCompliances 2 } + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- Units of Conformance +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +cipSecLevelsGroup OBJECT-GROUP + OBJECTS { cipSecMibLevel } + STATUS current + DESCRIPTION + "This group consists of a: + 1) IPsec MIB Level" + ::= { cipSecMIBGroups 1 } + +cipSecPhaseOneGroup OBJECT-GROUP + OBJECTS { + cikeGlobalActiveTunnels, + cikeGlobalPreviousTunnels, + cikeGlobalInOctets, + cikeGlobalInPkts, + cikeGlobalInDropPkts, + cikeGlobalInNotifys, + cikeGlobalInP2Exchgs, + cikeGlobalInP2ExchgInvalids, + cikeGlobalInP2ExchgRejects, + cikeGlobalInP2SaDelRequests, + cikeGlobalOutOctets, + cikeGlobalOutPkts, + cikeGlobalOutDropPkts, + cikeGlobalOutNotifys, + cikeGlobalOutP2Exchgs, + cikeGlobalOutP2ExchgInvalids, + cikeGlobalOutP2ExchgRejects, + cikeGlobalOutP2SaDelRequests, + cikeGlobalInitTunnels, + cikeGlobalInitTunnelFails, + cikeGlobalRespTunnelFails, + cikeGlobalSysCapFails, + cikeGlobalAuthFails, + cikeGlobalDecryptFails, + cikeGlobalHashValidFails, + cikeGlobalNoSaFails, + cikePeerLocalAddr, + cikePeerRemoteAddr, + cikePeerActiveTime, + cikePeerActiveTunnelIndex, + cikeTunLocalType, + cikeTunLocalValue, + cikeTunLocalAddr, + cikeTunLocalName, + cikeTunRemoteType, + cikeTunRemoteValue, + cikeTunRemoteAddr, + cikeTunRemoteName, + cikeTunNegoMode, + cikeTunDiffHellmanGrp, + cikeTunEncryptAlgo, + cikeTunHashAlgo, + cikeTunAuthMethod, + cikeTunLifeTime, + cikeTunActiveTime, + cikeTunSaRefreshThreshold, + cikeTunTotalRefreshes, + cikeTunInOctets, + cikeTunInPkts, + cikeTunInDropPkts, + cikeTunInNotifys, + cikeTunInP2Exchgs, + cikeTunInP2ExchgInvalids, + cikeTunInP2ExchgRejects, + cikeTunInP2SaDelRequests, + cikeTunOutOctets, + cikeTunOutPkts, + cikeTunOutDropPkts, + cikeTunOutNotifys, + cikeTunOutP2Exchgs, + cikeTunOutP2ExchgInvalids, + cikeTunOutP2ExchgRejects, + cikeTunOutP2SaDelRequests, + cikeTunStatus, + cikePeerCorrIpSecTunIndex + } + STATUS current + DESCRIPTION + "This group consists of: + 1) IPsec Phase-1 Global Objects + 2) IPsec Phase-1 Peer Table + 3) IPsec Phase-1 Tunnel Table + 4) IPsec Phase-1 Correlation Table" + ::= { cipSecMIBGroups 2 } + +cipSecPhaseTwoGroup OBJECT-GROUP + OBJECTS { + cipSecGlobalActiveTunnels, + cipSecGlobalPreviousTunnels, + cipSecGlobalInOctets, + cipSecGlobalHcInOctets, + cipSecGlobalInOctWraps, + cipSecGlobalInDecompOctets, + cipSecGlobalHcInDecompOctets, + cipSecGlobalInDecompOctWraps, + cipSecGlobalInPkts, + cipSecGlobalInDrops, + cipSecGlobalInReplayDrops, + cipSecGlobalInAuths, + cipSecGlobalInAuthFails, + cipSecGlobalInDecrypts, + cipSecGlobalInDecryptFails, + cipSecGlobalOutOctets, + cipSecGlobalHcOutOctets, + cipSecGlobalOutOctWraps, + cipSecGlobalOutUncompOctets, + cipSecGlobalHcOutUncompOctets, + cipSecGlobalOutUncompOctWraps, + cipSecGlobalOutPkts, + cipSecGlobalOutDrops, + cipSecGlobalOutAuths, + cipSecGlobalOutAuthFails, + cipSecGlobalOutEncrypts, + cipSecGlobalOutEncryptFails, + cipSecGlobalProtocolUseFails, + cipSecGlobalNoSaFails, + cipSecGlobalSysCapFails, + cipSecTunIkeTunnelIndex, + cipSecTunIkeTunnelAlive, + cipSecTunLocalAddr, + cipSecTunRemoteAddr, + cipSecTunKeyType, + cipSecTunEncapMode, + cipSecTunLifeSize, + cipSecTunLifeTime, + cipSecTunActiveTime, + cipSecTunSaLifeSizeThreshold, + cipSecTunSaLifeTimeThreshold, + cipSecTunTotalRefreshes, + cipSecTunExpiredSaInstances, + cipSecTunCurrentSaInstances, + cipSecTunInSaDiffHellmanGrp, + cipSecTunInSaEncryptAlgo, + cipSecTunInSaAhAuthAlgo, + cipSecTunInSaEspAuthAlgo, + cipSecTunInSaDecompAlgo, + cipSecTunOutSaDiffHellmanGrp, + cipSecTunOutSaEncryptAlgo, + cipSecTunOutSaAhAuthAlgo, + cipSecTunOutSaEspAuthAlgo, + cipSecTunOutSaCompAlgo, + cipSecTunInOctets, + cipSecTunHcInOctets, + cipSecTunInOctWraps, + cipSecTunInDecompOctets, + cipSecTunHcInDecompOctets, + cipSecTunInDecompOctWraps, + cipSecTunInPkts, + cipSecTunInDropPkts, + cipSecTunInReplayDropPkts, + cipSecTunInAuths, + cipSecTunInAuthFails, + cipSecTunInDecrypts, + cipSecTunInDecryptFails, + cipSecTunOutOctets, + cipSecTunHcOutOctets, + cipSecTunOutOctWraps, + cipSecTunOutUncompOctets, + cipSecTunHcOutUncompOctets, + cipSecTunOutUncompOctWraps, + cipSecTunOutPkts, + cipSecTunOutDropPkts, + cipSecTunOutAuths, + cipSecTunOutAuthFails, + cipSecTunOutEncrypts, + cipSecTunOutEncryptFails, + cipSecTunStatus, + cipSecEndPtLocalName, + cipSecEndPtLocalType, + cipSecEndPtLocalAddr1, + cipSecEndPtLocalAddr2, + cipSecEndPtLocalProtocol, + cipSecEndPtLocalPort, + cipSecEndPtRemoteName, + cipSecEndPtRemoteType, + cipSecEndPtRemoteAddr1, + cipSecEndPtRemoteAddr2, + cipSecEndPtRemoteProtocol, + cipSecEndPtRemotePort, + cipSecSpiDirection, + cipSecSpiValue, + cipSecSpiProtocol, + cipSecSpiStatus + } + STATUS current + DESCRIPTION + "This group consists of: + 1) IPsec Phase-2 Global Statistics + 2) IPsec Phase-2 Tunnel Table + 3) IPsec Phase-2 Endpoint Table + 4) IPsec Phase-2 Security Protection Index Table" + ::= { cipSecMIBGroups 3 } + +cipSecHistoryGroup OBJECT-GROUP + OBJECTS { + cipSecHistTableSize, + cipSecHistCheckPoint, + cikeTunHistTermReason, + cikeTunHistActiveIndex, + cikeTunHistPeerLocalType, + cikeTunHistPeerLocalValue, + cikeTunHistPeerIntIndex, + cikeTunHistPeerRemoteType, + cikeTunHistPeerRemoteValue, + cikeTunHistLocalAddr, + cikeTunHistLocalName, + cikeTunHistRemoteAddr, + cikeTunHistRemoteName, + cikeTunHistNegoMode, + cikeTunHistDiffHellmanGrp, + cikeTunHistEncryptAlgo, + cikeTunHistHashAlgo, + cikeTunHistAuthMethod, + cikeTunHistLifeTime, + cikeTunHistStartTime, + cikeTunHistActiveTime, + cikeTunHistTotalRefreshes, + cikeTunHistTotalSas, + cikeTunHistInOctets, + cikeTunHistInPkts, + cikeTunHistInDropPkts, + cikeTunHistInNotifys, + cikeTunHistInP2Exchgs, + cikeTunHistInP2ExchgInvalids, + cikeTunHistInP2ExchgRejects, + cikeTunHistInP2SaDelRequests, + cikeTunHistOutOctets, + cikeTunHistOutPkts, + cikeTunHistOutDropPkts, + cikeTunHistOutNotifys, + cikeTunHistOutP2Exchgs, + cikeTunHistOutP2ExchgInvalids, + cikeTunHistOutP2ExchgRejects, + cikeTunHistOutP2SaDelRequests, + cipSecTunHistTermReason, + cipSecTunHistActiveIndex, + cipSecTunHistIkeTunnelIndex, + cipSecTunHistLocalAddr, + cipSecTunHistRemoteAddr, + cipSecTunHistKeyType, + cipSecTunHistEncapMode, + cipSecTunHistLifeSize, + cipSecTunHistLifeTime, + cipSecTunHistStartTime, + cipSecTunHistActiveTime, + cipSecTunHistTotalRefreshes, + cipSecTunHistTotalSas, + cipSecTunHistInSaDiffHellmanGrp, + cipSecTunHistInSaEncryptAlgo, + cipSecTunHistInSaAhAuthAlgo, + cipSecTunHistInSaEspAuthAlgo, + cipSecTunHistInSaDecompAlgo, + cipSecTunHistOutSaDiffHellmanGrp, + cipSecTunHistOutSaEncryptAlgo, + cipSecTunHistOutSaAhAuthAlgo, + cipSecTunHistOutSaEspAuthAlgo, + cipSecTunHistOutSaCompAlgo, + cipSecTunHistInOctets, + cipSecTunHistHcInOctets, + cipSecTunHistInOctWraps, + cipSecTunHistInDecompOctets, + cipSecTunHistHcInDecompOctets, + cipSecTunHistInDecompOctWraps, + cipSecTunHistInPkts, + cipSecTunHistInDropPkts, + cipSecTunHistInReplayDropPkts, + cipSecTunHistInAuths, + cipSecTunHistInAuthFails, + cipSecTunHistInDecrypts, + cipSecTunHistInDecryptFails, + cipSecTunHistOutOctets, + cipSecTunHistHcOutOctets, + cipSecTunHistOutOctWraps, + cipSecTunHistOutUncompOctets, + cipSecTunHistHcOutUncompOctets, + cipSecTunHistOutUncompOctWraps, + cipSecTunHistOutPkts, + cipSecTunHistOutDropPkts, + cipSecTunHistOutAuths, + cipSecTunHistOutAuthFails, + cipSecTunHistOutEncrypts, + cipSecTunHistOutEncryptFails, + cipSecEndPtHistTunIndex, + cipSecEndPtHistActiveIndex, + cipSecEndPtHistLocalName, + cipSecEndPtHistLocalType, + cipSecEndPtHistLocalAddr1, + cipSecEndPtHistLocalAddr2, + cipSecEndPtHistLocalProtocol, + cipSecEndPtHistLocalPort, + cipSecEndPtHistRemoteName, + cipSecEndPtHistRemoteType, + cipSecEndPtHistRemoteAddr1, + cipSecEndPtHistRemoteAddr2, + cipSecEndPtHistRemoteProtocol, + cipSecEndPtHistRemotePort + } + STATUS current + DESCRIPTION + "This group consists of: + 1) IPsec History Global Objects + 2) IPsec Phase-1 History Objects + 3) IPsec Phase-2 History Objects" + ::= { cipSecMIBGroups 4 } + +cipSecFailuresGroup OBJECT-GROUP + OBJECTS { + cipSecFailTableSize, + cikeFailReason, + cikeFailTime, + cikeFailLocalType, + cikeFailLocalValue, + cikeFailRemoteType, + cikeFailRemoteValue, + cikeFailLocalAddr, + cikeFailRemoteAddr, + cipSecFailReason, + cipSecFailTime, + cipSecFailTunnelIndex, + cipSecFailSaSpi, + cipSecFailPktSrcAddr, + cipSecFailPktDstAddr + } + STATUS current + DESCRIPTION + "This group consists of: + 1) IPsec Failure Global Objects + 2) IPsec Phase-1 Tunnel Failure Table + 3) IPsec Phase-2 Tunnel Failure Table" + ::= { cipSecMIBGroups 5 } + +cipSecTrapCntlGroup OBJECT-GROUP + OBJECTS { + cipSecTrapCntlIkeTunnelStart, + cipSecTrapCntlIkeTunnelStop, + cipSecTrapCntlIkeSysFailure, + cipSecTrapCntlIkeCertCrlFailure, + cipSecTrapCntlIkeProtocolFail, + cipSecTrapCntlIkeNoSa, + cipSecTrapCntlIpSecTunnelStart, + cipSecTrapCntlIpSecTunnelStop, + cipSecTrapCntlIpSecSysFailure, + cipSecTrapCntlIpSecSetUpFailure, + cipSecTrapCntlIpSecEarlyTunTerm, + cipSecTrapCntlIpSecProtocolFail, + cipSecTrapCntlIpSecNoSa + } + STATUS current + DESCRIPTION + "This group of objects controls the sending of IPsec TRAPs." + ::= { cipSecMIBGroups 6 } + +cipSecNotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { + cikeTunnelStart, + cikeTunnelStop, + cikeSysFailure, + cikeCertCrlFailure, + cikeProtocolFailure, + cikeNoSa, + cipSecTunnelStart, + cipSecTunnelStop, + cipSecSysFailure, + cipSecSetUpFailure, + cipSecEarlyTunTerm, + cipSecProtocolFailure, + cipSecNoSa + } + STATUS current + DESCRIPTION + "This group contains the notifications for the IPsec MIB." + ::= { cipSecMIBGroups 7 } + +cipSecGWStatsGroup OBJECT-GROUP + OBJECTS { + cikePhase1GWActiveTunnels, + cikePhase1GWPreviousTunnels, + cikePhase1GWInOctets, + cikePhase1GWInPkts, + cikePhase1GWInDropPkts, + cikePhase1GWInNotifys, + cikePhase1GWInP2Exchgs, + cikePhase1GWInP2ExchgInvalids, + cikePhase1GWInP2ExchgRejects, + cikePhase1GWInP2SaDelRequests, + cikePhase1GWOutOctets, + cikePhase1GWOutPkts, + cikePhase1GWOutDropPkts, + cikePhase1GWOutNotifys, + cikePhase1GWOutP2Exchgs, + cikePhase1GWOutP2ExchgInvalids, + cikePhase1GWOutP2ExchgRejects, + cikePhase1GWOutP2SaDelRequests, + cikePhase1GWInitTunnels, + cikePhase1GWInitTunnelFails, + cikePhase1GWRespTunnelFails, + cikePhase1GWSysCapFails, + cikePhase1GWAuthFails, + cikePhase1GWDecryptFails, + cikePhase1GWHashValidFails, + cikePhase1GWNoSaFails, + cipSecPhase2GWActiveTunnels, + cipSecPhase2GWPreviousTunnels, + cipSecPhase2GWInOctets, + cipSecPhase2GWInOctWraps, + cipSecPhase2GWInDecompOctets, + cipSecPhase2GWInDecompOctWraps, + cipSecPhase2GWInPkts, + cipSecPhase2GWInDrops, + cipSecPhase2GWInReplayDrops, + cipSecPhase2GWInAuths, + cipSecPhase2GWInAuthFails, + cipSecPhase2GWInDecrypts, + cipSecPhase2GWInDecryptFails, + cipSecPhase2GWOutOctets, + cipSecPhase2GWOutOctWraps, + cipSecPhase2GWOutUncompOctets, + cipSecPhase2GWOutUncompOctWraps, + cipSecPhase2GWOutPkts, + cipSecPhase2GWOutDrops, + cipSecPhase2GWOutAuths, + cipSecPhase2GWOutAuthFails, + cipSecPhase2GWOutEncrypts, + cipSecPhase2GWOutEncryptFails, + cipSecPhase2GWProtocolUseFails, + cipSecPhase2GWNoSaFails, + cipSecPhase2GWSysCapFails + } + STATUS current + DESCRIPTION + "" + ::= { cipSecMIBGroups 8 } + +END + + + diff --git a/mibs/CISCO-MEDIA-GATEWAY-MIB.my b/mibs/CISCO-MEDIA-GATEWAY-MIB.my new file mode 100644 index 0000000000..11255cc961 --- /dev/null +++ b/mibs/CISCO-MEDIA-GATEWAY-MIB.my @@ -0,0 +1,2282 @@ +-- ********************************************************************* +-- CISCO-MEDIA-GATEWAY-MIB +-- +-- This MIB defines the attributes of a Media Gateway. +-- +-- March 2003 Yizhong Shen +-- +-- Copyright (c) 2003, 2004, 2005 by cisco Systems, Inc. +-- All rights reserved. +-- +-- ********************************************************************* + +CISCO-MEDIA-GATEWAY-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Integer32, Gauge32, Unsigned32 + FROM SNMPv2-SMI + RowStatus, TruthValue, TEXTUAL-CONVENTION + FROM SNMPv2-TC + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB + InterfaceIndexOrZero + FROM IF-MIB + InetAddress, InetAddressType, + InetAddressPrefixLength, + InetPortNumber + FROM INET-ADDRESS-MIB + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + CiscoPort, EntPhysicalIndexOrZero + FROM CISCO-TC + ciscoMgmt + FROM CISCO-SMI; + +ciscoMediaGatewayMIB MODULE-IDENTITY + LAST-UPDATED "200902250000Z" + ORGANIZATION "Cisco Systems, Inc." + CONTACT-INFO + " Cisco Systems + Customer Service + Postal: 170 W Tasman Drive + San Jose, CA 95134 + USA + Tel: +1 800 553-NETS + E-mail: cs-voice-gateway@cisco.com" + + DESCRIPTION + "The MIB module for managing Trunk Media Gateway. + + A Media Gateway is a network element that provides conversion + between the audio signals carried on telephone circuits and + data packets carried over the Internet or over other packet + data networks. + + Trunk Media Gateway interface is between the telephone network + and a Voice over IP/ATM network. + The interface on a Trunk Gateway terminates a trunk connected + to PSTN switch (e.g., Class 5, Class 4, etc.). + + Media Gateways use a call control architecture where the call + control 'intelligence' is outside the gateways and handled by + external call control elements, called Media Gateway + Controllers (MGCs). + The MGCs or Call Agents, synchronize with each other to + send coherent commands to the gateways under their control. + + MGCs use master/slave protocols to command the gateways under + their control. Examples of these protocols are: + * Simple Gateway Control Protocol + * Media Gateway Control Protocol + * Megaco (H.248) + * Simple Resource Control Protocol + + To connect MG to MGCs using these control protocols through + an IP/UDP Ports which must be configured. To resolve IP + Addresses, DNS name services may be used. + " + REVISION "200902250000Z" + DESCRIPTION + "Added object cmgwV23Enabled to + cMediaGwTable." + + REVISION "200606150000Z" + DESCRIPTION + "Added object cmgwLawInterceptEnabled to + cMediaGwTable. + Added object cMediaGwCcCfgDefRtpNamePrefix to + cMediaGwCallControlConfigTable. + " + REVISION "200509010000Z" + DESCRIPTION + "Added object cmgwSrcFilterEnabled to + cMediaGwTable. + Added object cmgwSignalProtocolConfigVer + to cmgwSignalProtocolTable. + Added cMediaGwRscStatsTable." + + REVISION "200411190000Z" + DESCRIPTION + "Added object cmgwSignalProtocolPreference to + cmgwSignalProtocolTable." + + REVISION "200407300000Z" + DESCRIPTION + "(1) Added the following objects: + cmgwVtMappingMode, + cMediaGwCcCfgDefBearerTraffic, + cmgwSignalMgcProtocolPort + + (2) Added new enum 'tgcp' to cmgwSignalProtocol + " + + REVISION "200304070000Z" + DESCRIPTION + "Initial version of this MIB module" + ::= { ciscoMgmt 324 } + +-- +-- Object Identifiers used for Packetized Voice Switch Management +-- + +ciscoMediaGatewayMIBNotifs OBJECT IDENTIFIER + ::= {ciscoMediaGatewayMIB 0} + +ciscoMediaGatewayMIBObjects OBJECT IDENTIFIER + ::= { ciscoMediaGatewayMIB 1 } + +cMediaGwConfig OBJECT IDENTIFIER + ::= { ciscoMediaGatewayMIBObjects 1 } + +cMediaGwStats OBJECT IDENTIFIER + ::= { ciscoMediaGatewayMIBObjects 2 } + +-- ********************************************************************* +-- TEXTUAL CONVENTIONS USED IN THIS MIB +-- ********************************************************************* + +CGwServiceState ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention defines the service state of media + gateway. + The possible service states are: + + inService: + Gateway is ready to provide service. + In this state, Gateway will respond to connection control + requests, send autonomous messages to the call agent + as applicable, etc. + + forcedOutOfService: + Gateway is in Out-Of-Service State. + All calls destroyed on the GW. + A Service Change message with FORCED method is sent to CA. + No new connections are allowed. + + gracefulOutOfService: + Gateway is in Out-Of-Service State. + All existing calls will not be affected. + A Service Change message with GRACEFUL method is sent to CA. + No new connections are allowed." + SYNTAX INTEGER { + inService (1), + forcedOutOfService (2), + gracefulOutOfService (3) + } + +CGwAdminState ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention defines the administrative state of + media gateway. + + The possible administrative states are as follows: + inService: + Gateway would be restored to in-service status + and a ServiceChange with method RESTART message will be + sent to Call Agent + + forcefulOutOfService: + Gateway would be in Out-Of-Service State + Any existing connections on the GW will be deleted. + A ServiceChange with method FORCED message will be + sent to call agent. + New connections would be blocked. + + gracefulOutOfService: + Gateway would be in in Out-Of-Service State + Any existing connections on the GW will not be affected. + A ServiceChange with method GRACEFUL message will be + sent to call agent. + New connections would be blocked." + + SYNTAX INTEGER { + inService (1), + forcedOutOfService (2), + gracefulOutOfService (3) + } + +GatewayLifNumber ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "An index that uniquely identifies a LIF (Logical Interface) + in the media gateway. + LIF is a logical interface which groups TDM(DS1) interfaces + into packet resource partitions (PVCs) in the media gateway. + LIF is used for: + AAL5 (VoIP) switching + AAL2 (VoATM) switching, only if support virtual gateway " + SYNTAX Unsigned32 (1..255) + +CVoiceTonePlanIndex ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention defines the type of index for + identifying a voice tone plane in a Media gateway." + SYNTAX Unsigned32 (1..65535) + +CVoiceTonePlanIndexOrZero ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention uniquely identifies the voice tone plan + to be used in a voice DS0 group. + + The value of 0 means the default tone plan specified in + the media gateway (the value of cMediaGwCcCfgDefaultTonePlanId) + to be used. + + A value greater than 0 means the tone plan specified by the + index of the cvtcTonePlanTable to be used (same as + cvtcTonePlanId)." + SYNTAX Unsigned32 (0..65535) + +CCallControlProfileIndex ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention defines the type of index that is + used for identifying a call control profile of XGCP and + H.248 protocol." + SYNTAX Unsigned32 (1..65535) + +CCallControlProfileIndexOrZero ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is an extension of the + CCallControlProfileIndex convention. + The latter defines a greater than zero value used to identify + a call control profile in a media gateway. + This extension permits the additional value of zero. + The value of '0' means the default call control profile of the + media gateway." + SYNTAX Unsigned32 (0..65535) + +CCallControlJitterDelayMode ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention defines the jitter buffer mode in + a call connection. + + adaptive(1) - means to use jitter nominal delay as the + initial jitter buffers size and let the DSP + pick the optimal value of the jitter buffer + size between the range of jitter maximum delay + and jitter minimum delay. + + fixed(2) - means to use a constant jitter buffer size + which is specified by jitter nominal delay. + " + SYNTAX INTEGER { + adaptive (1), + fixed (2) + } + +-- ********************************************************************* +-- cMediaGwTable +-- ********************************************************************* + +cMediaGwTable OBJECT-TYPE + SYNTAX SEQUENCE OF CMediaGwEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains the global media gateway parameters + information. + It supports the modification of the global media gateway + parameters." + ::= { cMediaGwConfig 1 } + +cMediaGwEntry OBJECT-TYPE + SYNTAX CMediaGwEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A Media Gateway Entry. + At system power-up, an entry is created by the agent + if the system detects a media gateway module has been added + to the system, and an entry is deleted if the entry associated + media gateway module has been removed from the system." + INDEX { cmgwIndex } + ::= { cMediaGwTable 1 } + +CMediaGwEntry::= SEQUENCE { + cmgwIndex Integer32, + cmgwDomainName SnmpAdminString, + cmgwPhysicalIndex EntPhysicalIndexOrZero, + cmgwServiceState CGwServiceState, + cmgwAdminState CGwAdminState, + cmgwGraceTime Integer32, + cmgwVtMappingMode INTEGER, + cmgwSrcFilterEnabled TruthValue, + cmgwLawInterceptEnabled TruthValue, + cmgwV23Enabled TruthValue + } + +cmgwIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the + cMediaGwTable." + ::= { cMediaGwEntry 1 } + +cmgwDomainName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object is used to represent a domain name under which + the Media Gateway could also be registered in a DNS name + server. + + The value of this object reflects the value of + cmgwConfigDomainName from the entry with a value of + 'gateway(1)' for object cmgwConfigDomainNameEntity of + cMediaGwDomainNameConfigTable. + + If there is no entry in cMediaGwDomainNameConfigTable with + 'gateway(1)' of cmgwConfigDomainNameEntity, then + the value of this object will be empty string." + ::= { cMediaGwEntry 2 } + +cmgwPhysicalIndex OBJECT-TYPE + SYNTAX EntPhysicalIndexOrZero + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object represents the entPhysicalIndex of the + card in which media gateway is running. It will contain + value 0 if the entPhysicalIndex value is not available or + not applicable" + ::= { cMediaGwEntry 3 } + + +cmgwServiceState OBJECT-TYPE + SYNTAX CGwServiceState + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates the current service state of the Media + Gateway. + This object is controlled by 'cmgwAdminState' + object." + ::= { cMediaGwEntry 4 } + +cmgwAdminState OBJECT-TYPE + SYNTAX CGwAdminState + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is used to change the service state of + the Media Gateway from inService to outOfService or from + outOfService to inService. + The resulting service state of the gateway is represented + by 'cmgwServiceState'." + ::= { cMediaGwEntry 5 } + +cmgwGraceTime OBJECT-TYPE + SYNTAX Integer32(-1..65535) + UNITS "seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is used to represent grace period. + The grace period (restart delay in RSIP message) is + expressed in a number of seconds. + It means how soon the gateway will be taken out of service. + The value -1 indicates that the grace period time is + disabled." + DEFVAL { -1 } + ::= { cMediaGwEntry 6 } + +cmgwVtMappingMode OBJECT-TYPE + SYNTAX INTEGER { + standard (1), + titan (2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is used to represent the VT (sonet Virtual + Tributary) counting. + + standard - standard counting (based on Bellcore TR253) + titan - TITAN5500 counting (based on Tellabs TITAN 5500) + + Note: 'titan' is valid only if sonet line medium type + (sonetMediumType of SONET-MIB) is 'sonet' and + sonet path payload type (cspSonetPathPayload of + CISCO-SONET-MIB) is 'vt15vc11'. + " + ::= { cMediaGwEntry 7 } + +cmgwSrcFilterEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is used to enable or disable the source IP + and port filtering with MGC for security consideration + as follows: + 'true' - source IP and port filter is enabled + 'false' - source IP and port filter is disable + " + DEFVAL { false } + ::= { cMediaGwEntry 8 } + +cmgwLawInterceptEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is used to enable or disable the lawful + intercept for government. + as follows: + 'true' - enable lawful intercept + 'false' - disable lawful intercept + " + DEFVAL { false } + ::= { cMediaGwEntry 9 } +cmgwV23Enabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is to enable or disable V23 tone. + Setting the object value to 'true', will cause VXSM (Voice Switching + Service Module) to detect V23 tone. + " + DEFVAL { false } + ::= { cMediaGwEntry 10 } + + +-- ********************************************************************* +-- Media Gateway Protocol Table +-- ********************************************************************* + +cmgwSignalProtocolTable OBJECT-TYPE + SYNTAX SEQUENCE OF CmgwSignalProtocolEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains the available signaling protocols that + are supported by the media gateway for communication with + MGCs." + ::= { cMediaGwConfig 2 } + +cmgwSignalProtocolEntry OBJECT-TYPE + SYNTAX CmgwSignalProtocolEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry represents an signaling protocol supported + by the media gateway." + INDEX { cmgwIndex, cmgwSignalProtocolIndex } + ::= { cmgwSignalProtocolTable 1 } + +CmgwSignalProtocolEntry::= SEQUENCE { + cmgwSignalProtocolIndex Integer32, + cmgwSignalProtocol INTEGER, + cmgwSignalProtocolVersion SnmpAdminString, + cmgwSignalProtocolPort CiscoPort, + cmgwSignalMgcProtocolPort InetPortNumber, + cmgwSignalProtocolPreference Integer32, + cmgwSignalProtocolConfigVer SnmpAdminString + } + + +cmgwSignalProtocolIndex OBJECT-TYPE + SYNTAX Integer32(1..65535) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in + cmgwSignalProtocolTable." + ::= { cmgwSignalProtocolEntry 1 } + + +cmgwSignalProtocol OBJECT-TYPE + SYNTAX INTEGER { + other (1), + mgcp (2), + h248 (3), + tgcp (4) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object is used to represent the protocol type. + other - None of the following types. + mgcp - Media Gateway Control Protocol + h248 - Media Gateway Control (ITU H.248) + tgcp - Trunking Gateway Control Protocol" + ::= { cmgwSignalProtocolEntry 2 } + + +cmgwSignalProtocolVersion OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..16)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object is used to represent the protocol version. + For example cmgwSignalProtocol is 'mgcp(2)' and + this object is string '1.0'. cmgwSignalProtocol is + 'h248(3)' and this object is set to '2.0'." + REFERENCE + "MCGP 1.0 is documented in RFC2705." + ::= { cmgwSignalProtocolEntry 3 } + + +cmgwSignalProtocolPort OBJECT-TYPE + SYNTAX CiscoPort + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object is used to represent the UDP port associated + with the protocol. + If the value of cmgwSignalProtocol is 'mgcp(2)' and the + value of cmgwSignalProtcolVersion is '1.0', the default + value of this object is '2727'. + If the value of cmgwSignalProtocol is 'h248(3)' and the + value of cmgwSignalProtcolVersion is '1.0', the default + value of this object is '2944'." + ::= { cmgwSignalProtocolEntry 4 } + +cmgwSignalMgcProtocolPort OBJECT-TYPE + SYNTAX InetPortNumber + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the protocol port of the Media Gateway + Controller (MGC). + If the value of cmgwSignalProtocol is 'mgcp(2)' or 'tgcp(4)' + and the value of cmgwSignalProtcolVersion is '1.0', the + default value of this object is '2427'. + If the value of cmgwSignalProtocol is 'h248(3)' and the + value of cmgwSignalProtcolVersion is '1.0', the default + value of this object is '2944'." + ::= { cmgwSignalProtocolEntry 5 } + +cmgwSignalProtocolPreference OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the preference of the signal protocol + supported in the media gateway. + + If this object is set to 0, the corresponding signal + protocol will not be used by the gateway. + + The value of this object is unique within the corresponding + gateway. The entry with lower value has higher preference." + + ::= { cmgwSignalProtocolEntry 6 } + +cmgwSignalProtocolConfigVer OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..16)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the protocol version + used by the gateway in the messages to MGC + in order to exchange the service capabilities. + + For example cmgwSignalProtocol is 'h248(3)' and + this object can be string '1' or '1.0', '2' or '2.0'. + + 'MAX' is a special string indicating the gateway will + use the highest protocol version supported in the + gateway, but it can be changed to lower version after + it negotiates with MGC. The final negotiated protocol + version will be indicated in cmgwSignalProtocolVersion. + + The version strings other than 'MAX' can be specified for + the gateway to communicate with the MGC which doesn't + support service capabilities negotiation. For example if + a MGC supports only version 1.0 MGCP, this object should + be set to '1' to instruct the gateway using MGCP + version 1.0 format messages to communicate with MGC. " + ::= { cmgwSignalProtocolEntry 7 } + +-- ********************************************************************* +-- cMediaGwIpConfigTable +-- ********************************************************************* + +cMediaGwIpConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF CMediaGwIpConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains a list of media gateway IP address and + the IP address associated interface information. + + If IP address associated interface is PVC, only + aal5 control PVC or aal5 bearer PVC are valid. + When the PVC is aal5 control, the IP address is used to + communicate to MGC; when the PVC is aal5 bearer, the IP + address is used to communicate to other gateway. + The PVC information is kept in cwAtmChanExtConfigTable: + cwacChanPvcType: aal5/aal2/aal1 + cwacChanApplication: control/bearer/signaling + + If IP address associated interface is not PVC, refer to the + IP addresses associated interface table for the usage + of IP address." + ::= { cMediaGwConfig 3 } + + +cMediaGwIpConfigEntry OBJECT-TYPE + SYNTAX CMediaGwIpConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A Media Gateway IP configuration entry. + Each entry represents a media gateway IP address for MGCs + to communicate with the media gateway." + INDEX { cmgwIndex, cmgwIpConfigIndex } + ::= { cMediaGwIpConfigTable 1 } + + +CMediaGwIpConfigEntry ::= SEQUENCE { + cmgwIpConfigIndex Integer32, + cmgwIpConfigIfIndex InterfaceIndexOrZero, + cmgwIpConfigVpi Integer32, + cmgwIpConfigVci Integer32, + cmgwIpConfigAddrType InetAddressType, + cmgwIpConfigAddress InetAddress, + cmgwIpConfigSubnetMask InetAddressPrefixLength, + cmgwIpConfigDefaultGwIp TruthValue, + cmgwIpConfigForRemoteMapping TruthValue, + cmgwIpConfigRowStatus RowStatus +} + +cmgwIpConfigIndex OBJECT-TYPE + SYNTAX Integer32 (1..64) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A unique index to identify each media gateway IP address." + ::= { cMediaGwIpConfigEntry 1 } + + +cmgwIpConfigIfIndex OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is ifIndex of the interface which is associated + to the media gateway IP address. + + For ATM interface, the IP address should be associated to + an existing PVC: + cmgwIpConfigIfIndex represents port of the PVC + cmgwIpConfigVpi represents VPI of the PVC + cmgwIpConfigVci represents VCI of the PVC + And one PVC only can be associated with one IP address. + + If this object is set to zero which means the IP address + is not associated to any interface." + ::= { cMediaGwIpConfigEntry 2 } + + +cmgwIpConfigVpi OBJECT-TYPE + SYNTAX Integer32 (-1..4095) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object represents VPI of the PVC which is associated + to the IP address. + If the IP address is not associated to PVC, the value + of this object is set to -1." + ::= { cMediaGwIpConfigEntry 3 } + +cmgwIpConfigVci OBJECT-TYPE + SYNTAX Integer32 (-1..65535) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object represents VCI of the PVC which is associated + to the IP address. + If the IP address is not associated to PVC, the value + of this object is set to -1." + ::= { cMediaGwIpConfigEntry 4 } + +cmgwIpConfigAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is the IP address type. + " + DEFVAL { ipv4 } + ::= { cMediaGwIpConfigEntry 5 } + +cmgwIpConfigAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The configured IP address of media gateway. + This object can not be modified. + " + ::= { cMediaGwIpConfigEntry 6 } + + +cmgwIpConfigSubnetMask OBJECT-TYPE + SYNTAX InetAddressPrefixLength + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to specify the number of leading one + bits which from the mask to be logical-ANDed with the media + gateway address before being compared to the value in the + cmgwIpCofigAddress. + + Any assignment (implicit or otherwise) of an instance of + this object to a value x must be rejected if the bitwise + logical-AND of the mask formed from x with the value + of the corresponding instance of the cmgwIpCofigAddress + object is not equal to cmgwIpCofigAddress." + ::= { cMediaGwIpConfigEntry 7 } + +cmgwIpConfigDefaultGwIp OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies cmgwIpConfigAddress of the entry + will become the default gateway address. + This object can be set to 'true' for only one entry in + the table." + DEFVAL { false } + ::= { cMediaGwIpConfigEntry 8 } + +cmgwIpConfigForRemoteMapping OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies whether the address defined in + cmgwIpConfigAddress is the address mapping at the + remote end of this PVC. + + If this object is set to 'true', the address defined + in cmgwIpConfigAddress is for the remote end of the PVC. + If this object is set to 'false', the address defined + in cmgwIpConfigAddress is for the local end of the PVC." + DEFVAL { false } + ::= { cMediaGwIpConfigEntry 9 } + +cmgwIpConfigRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to add and delete an entry. + + When an entry of the table is created, the following + objects are mandatory: + cmgwIpConfigIfIndex + cmgwIpConfigVpi + cmgwIpConfigVci + cmgwIpConfigAddress + cmgwIpConfigSubnetMask + + These objects can not be modified after the value of this + object is set to 'active'. + Modification can only be done by deleting and re-adding the + entry again. + + After the system verify the validity of the data, it + will set the cmgwIpConfigRowStatus to 'active'." + ::= { cMediaGwIpConfigEntry 10 } + + +-- ********************************************************************* +-- cMediaGwDomainNameConfigTable +-- ********************************************************************* + +cMediaGwDomainNameConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF CMediaGwDomainNameConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table provides the domain names which are configured by + users. + The domain names can be used to represent IP addresses + for: + gateway + External DNS name server + MGC (call agent) " + ::= { cMediaGwConfig 4 } + + +cMediaGwDomainNameConfigEntry OBJECT-TYPE + SYNTAX CMediaGwDomainNameConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry represents a domain name used in the system. + + Creation and deletion are supported. Modification + is prohibited." + INDEX { cmgwIndex, cmgwConfigDomainNameIndex } + ::= { cMediaGwDomainNameConfigTable 1 } + + +CMediaGwDomainNameConfigEntry ::= + SEQUENCE{ + cmgwConfigDomainNameIndex Integer32, + cmgwConfigDomainNameEntity INTEGER, + cmgwConfigDomainName SnmpAdminString, + cmgwConfigDomainNameRowStatus RowStatus + } + +cmgwConfigDomainNameIndex OBJECT-TYPE + SYNTAX Integer32(1..128) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index that is uniquely identifies a domain name + configured in the system." + ::= {cMediaGwDomainNameConfigEntry 1} + +cmgwConfigDomainNameEntity OBJECT-TYPE + SYNTAX INTEGER { + gateway (1), + dnsServer (2), + mgc (3) + } + + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object indicates which entity to use this domain name. + + gateway(1) - The domain name of media gateway. + With the same cmgwIndex, there is one and + only one entry allowed with the value + 'gateway(1)' of this object. + + dnsServer(2) - The domain name of DNS name server that is used + by Media gateway to find Internet Network + Address from a DNS name. + + mgc(3) - The domain name of a MGC (Media Gateway + Controller) associated with the media + gateway. " + ::= {cMediaGwDomainNameConfigEntry 2} + +cmgwConfigDomainName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..64)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies the domain name. + + The domain name should be unique if there are more than + one entries having the same value in the object + cmgwConfigDomainNameEntity. + For example, the gateway domain name should be unique + if the cmgwConfigDomainNameEntity has the value of + 'gateway(1)'." + ::= {cMediaGwDomainNameConfigEntry 3} + +cmgwConfigDomainNameRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to add and delete an entry. + + When an entry is created, the following objects + are mandatory: + cmgwConfigDomainName + cmgwConfigDomainNameEntity + + When deleting domain name of DNS name server + (cmgwConfigDomainNameEntity is dnsServer (2)), the + cMediaGwDnsIpConfigTable should be empty. + + Adding/deleting entry with cmgwConfigDomainNameEntity + of 'mgc' will cause adding/deleting entry in + cMgcConfigTable (CISCO-MGC-MIB) automatically. + + The cmgwConfigDomainName and cmgwConfigDomainNameEntity + can not be modified if the value of this object is + 'active'. " + ::= {cMediaGwDomainNameConfigEntry 4} + +-- ********************************************************************* +-- cMediaGwDnsIpConfigTable +-- ********************************************************************* + +cMediaGwDnsIpConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF CMediaGwDnsIpConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "There is only one DNS name server on a gateway + and the domain name of the DNS name server is put on + cMediaGwDomainNameConfigTable with 'dnsServer (2)'. + + There could be multi IP addresses are associated with the + DNS name server, this table is used to store these IP + addresses. + + If any domain name using external resolution, the last entry + of this table is not allowed to be deleted." + ::= { cMediaGwConfig 5 } + + +cMediaGwDnsIpConfigEntry OBJECT-TYPE + SYNTAX CMediaGwDnsIpConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry represents an IP address of the DNS name + server." + INDEX { cmgwIndex, cmgwDnsIpIndex } + ::= { cMediaGwDnsIpConfigTable 1 } + +CMediaGwDnsIpConfigEntry ::= + SEQUENCE{ + cmgwDnsIpIndex Integer32, + cmgwDnsDomainName SnmpAdminString, + cmgwDnsIpType InetAddressType, + cmgwDnsIp InetAddress, + cmgwDnsIpRowStatus RowStatus + } + +cmgwDnsIpIndex OBJECT-TYPE + SYNTAX Integer32(1..6) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index that uniquely identifies an IP address of DNS + name server." + ::= {cMediaGwDnsIpConfigEntry 1} + +cmgwDnsDomainName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..64)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The domain name of DNS name server. + + The value of this object reflects the value of + cmgwConfigDomainName from the entry with a value of + 'dnsServer(2)' for object cmgwConfigDomainNameEntity of + cMediaGwDomainNameConfigTable. + + If there is no entry in cMediaGwDomainNameConfigTable with + 'dnsServer(2)' of cmgwConfigDomainNameEntity, then + the value of this object will be empty string." + ::= {cMediaGwDnsIpConfigEntry 2} + +cmgwDnsIpType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "DNS name server IP address type." + DEFVAL { ipv4 } + ::= {cMediaGwDnsIpConfigEntry 3} + +cmgwDnsIp OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The IP address of DNS name server. + The IP address of DNS name server must be unique + in this table." + ::= {cMediaGwDnsIpConfigEntry 4} + +cmgwDnsIpRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to add and delete an entry. + + When an entry of the table is created, the value of + this object should be set to 'createAndGo' and the + following objects are mandatory: + cmgwDnsIp + + When the user wants to delete the entry, the value of + this object should be set to 'destroy'. + + The entry can not be modified if the value of this + object is 'active'." + ::= {cMediaGwDnsIpConfigEntry 5} + +-- ********************************************************************* +-- +-- A LIF (Logical InterFace) is a group of TDM ports +-- (DSx1 lines) associated with a set of PVCs. +-- +-- ********************************************************************* + +cmgwLifTable OBJECT-TYPE + SYNTAX SEQUENCE OF CmgwLifEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table is for managing LIF (Logical Interface) + in a media gateway. + + LIF is a logical interface which groups the TDM + DSx1s associated with a set of packet resource partitions + (PVCs) in a media gateway. + + LIF is used for: + 1. VoIP switching + 2. VoATM switching " + + ::= { cMediaGwConfig 6 } + +cmgwLifEntry OBJECT-TYPE + SYNTAX CmgwLifEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry of this table is created by the media gateway + when it supports the VoIP/VoATM application." + INDEX { cmgwIndex, cmgwLifNumber } + ::= { cmgwLifTable 1 } + +CmgwLifEntry::= SEQUENCE { + cmgwLifNumber GatewayLifNumber, + cmgwLifPvcCount Gauge32, + cmgwLifVoiceIfCount Gauge32 +} + +cmgwLifNumber OBJECT-TYPE + SYNTAX GatewayLifNumber + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index that uniquely identifies a LIF in the + media gateway." + ::= { cmgwLifEntry 1 } + +cmgwLifPvcCount OBJECT-TYPE + SYNTAX Gauge32(0..10000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object represents the total number of PVC within + this LIF. + + When users associate/disassociate a PVC with a LIF + by giving a non-zero/zero value of cwacChanLifNum + in cwAtmChanExtConfigTable, the value of this object + will be incremented/decremented accordingly. + + The value zero means there is no PVC associated with + the LIF." + ::= { cmgwLifEntry 2 } + +cmgwLifVoiceIfCount OBJECT-TYPE + SYNTAX Gauge32(0..1000) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object represents the total number of Voice Interfaces + within this LIF. + + When users associate/disassociate a Voice Interface with + a LIF by giving a non-zero/zero value of + ccasVoiceCfgLifNumber for the DS0 group in + ccasVoiceExtCfgTable, the value of this object will be + incremented/decremented accordingly. + + The value zero means there is no Voice Interface associated + with the LIF." + ::= { cmgwLifEntry 3 } + +-- ******************************************************************** +-- +-- cMediaGwCallControlConfigTable +-- +-- ******************************************************************** +cMediaGwCallControlConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF CMediaGwCallControlConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table defines general call control attributes for + the media gateway." + ::= { cMediaGwConfig 7 } + +cMediaGwCallControlConfigEntry OBJECT-TYPE + SYNTAX CMediaGwCallControlConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "One entry for each media gateway which supports call control + protocol." + INDEX { cmgwIndex } + ::= { cMediaGwCallControlConfigTable 1 } + +CMediaGwCallControlConfigEntry ::= SEQUENCE + { + cMediaGwCcCfgControlTos Unsigned32, + cMediaGwCcCfgBearerTos Unsigned32, + cMediaGwCcCfgNtePayload Unsigned32, + cMediaGwCcCfgNsePayload Unsigned32, + cMediaGwCcCfgNseRespTimer Unsigned32, + cMediaGwCcCfgVbdJitterDelayMode CCallControlJitterDelayMode, + cMediaGwCcCfgVbdJitterMaxDelay Unsigned32, + cMediaGwCcCfgVbdJitterNomDelay Unsigned32, + cMediaGwCcCfgVbdJitterMinDelay Unsigned32, + cMediaGwCcCfgDefaultTonePlanId CVoiceTonePlanIndex, + cMediaGwCcCfgDescrInfoEnabled TruthValue, + cMediaGwCcCfgDsNamePrefix SnmpAdminString, + cMediaGwCcCfgRtpNamePrefix SnmpAdminString, + cMediaGwCcCfgAal1SvcNamePrefix SnmpAdminString, + cMediaGwCcCfgAal2SvcNamePrefix SnmpAdminString, + cMediaGwCcCfgClusterEnabled INTEGER, + cMediaGwCcCfgDefBearerTraffic INTEGER, + cMediaGwCcCfgDefRtpNamePrefix SnmpAdminString + } + +cMediaGwCcCfgControlTos OBJECT-TYPE + SYNTAX Unsigned32 (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies Type Of Service (TOS) field of + IP header for the signaling control packet in VoIP + application." + DEFVAL { 96 } + ::= { cMediaGwCallControlConfigEntry 1 } + +cMediaGwCcCfgBearerTos OBJECT-TYPE + SYNTAX Unsigned32 (0..255) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies Type Of Service (TOS) field + of IP header for the voice payload packet in VoIP + application." + DEFVAL { 160 } + ::= { cMediaGwCallControlConfigEntry 2 } + +cMediaGwCcCfgNtePayload OBJECT-TYPE + SYNTAX Unsigned32 (96..127) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies NTE (Named Telephony Events) + payload type." + REFERENCE + "RFC2833, 3. RTP Payload Format for Named Telephone Events" + DEFVAL { 101 } + ::= { cMediaGwCallControlConfigEntry 3 } + +cMediaGwCcCfgNsePayload OBJECT-TYPE + SYNTAX Unsigned32 (98..117) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies NSE (Network Signaling Events) + payload type." + DEFVAL { 100 } + ::= { cMediaGwCallControlConfigEntry 4 } + +cMediaGwCcCfgNseRespTimer OBJECT-TYPE + SYNTAX Unsigned32 (250..10000) + UNITS "milliseconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies Network Signaling Event (NSE) + timeout value." + DEFVAL { 1000 } + ::= { cMediaGwCallControlConfigEntry 5 } + +cMediaGwCcCfgVbdJitterDelayMode OBJECT-TYPE + SYNTAX CCallControlJitterDelayMode + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The object specifies the jitter buffer mode applied to + a VBD (Voice Band Data) call connection. + + adaptive - means to use cMediaGwCcCfgVbdJitterNomDelay as + the initial jitter buffers size and let the DSP + pick the optimal value of the jitter buffer + size between the range of + cMediaGwCcCfgVbcJitterMaxDelay and + cMediaGwCcCfgVbcJitterMinDelay. + + fixed - means to use a constant jitter buffer size + which is specified by cMediaGwCcCfgVbdJitterNomDelay. + " + DEFVAL { fixed } + ::= { cMediaGwCallControlConfigEntry 6 } + +cMediaGwCcCfgVbdJitterMaxDelay OBJECT-TYPE + SYNTAX Unsigned32 (20..135) + UNITS "milliseconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the maximum jitter buffer size + in VBD (Voice Band Data)" + DEFVAL { 135 } + ::= { cMediaGwCallControlConfigEntry 7 } + +cMediaGwCcCfgVbdJitterNomDelay OBJECT-TYPE + SYNTAX Unsigned32 (5..135) + UNITS "milliseconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the nominal jitter buffer size + in VBD (Voice Band Data)" + DEFVAL { 70 } + ::= { cMediaGwCallControlConfigEntry 8 } + +cMediaGwCcCfgVbdJitterMinDelay OBJECT-TYPE + SYNTAX Unsigned32 (0..135) + UNITS "milliseconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the nominal jitter buffer size + in VBD (Voice Band Data)" + DEFVAL { 0 } + ::= { cMediaGwCallControlConfigEntry 9 } + +cMediaGwCcCfgDefaultTonePlanId OBJECT-TYPE + SYNTAX CVoiceTonePlanIndex + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the default tone plan index + (the value of cvtcTonePlanId) for the media gateway." + DEFVAL { 1 } + ::= { cMediaGwCallControlConfigEntry 10 } + +cMediaGwCcCfgDescrInfoEnabled OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies whether the media gateway supports + descriptive suffix of the name schema for terminations. + + There are two parts in name schema of termination, prefix + and suffix. For example the name schema for a DS (Digital + Subscriber) termination, can be 'DS/OC3_2/DS1_6/DS0_24'. + It represents DS type termination in 2nd OC3 line, + 6th DS1 and 24th DS0 channel. In this example, 'DS' is + the prefix, 'OC3_2/DS1_6/DS0_24' is the suffix. + + The name schema in above example has a descriptive suffix. + The non-descriptive suffix for the same termination is + '2/6/24' and name schema becomes 'DS/2/6/24'. + + This object can not be modified if there is any termination + existing in the media gateway." + DEFVAL { false } + ::= { cMediaGwCallControlConfigEntry 11 } + +cMediaGwCcCfgDsNamePrefix OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..64)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the prefix of the name schema for + DS (Digital Subscriber) terminations. + The value of this object must be unique among the + following objects: + cMediaGwCcCfgDsNamePrefix + cMediaGwCcCfgRtpNamePrefix + cMediaGwCcCfgAal2SvcNamePrefix + cMediaGwCcCfgAal2SvcNamePrefix + cMediaGwCcCfgDefRtpNamePrefix + This object can not be modified when there is any + DS termination existing in the media gateway. + It is default to 'DS'." + DEFVAL { '4453'H } + ::= { cMediaGwCallControlConfigEntry 12 } + +cMediaGwCcCfgRtpNamePrefix OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..64)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the prefix of the name schema for + RTP (Real-Time Transport Protocol) terminations. + The value of this object must be unique among the + following objects: + cMediaGwCcCfgDsNamePrefix + cMediaGwCcCfgRtpNamePrefix + cMediaGwCcCfgAal2SvcNamePrefix + cMediaGwCcCfgAal2SvcNamePrefix + cMediaGwCcCfgDefRtpNamePrefix + This object can not be modified when there is any + RTP termination type existing in the media gateway. + It is default to 'RTP'." + DEFVAL { '525450'H } + ::= { cMediaGwCallControlConfigEntry 13 } + +cMediaGwCcCfgAal1SvcNamePrefix OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..64)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the prefix of the name schema for + voice over AAL1 SVC (Switched Virtual Circuit) + terminations. + The value of this object must be unique among the + following objects: + cMediaGwCcCfgDsNamePrefix + cMediaGwCcCfgRtpNamePrefix + cMediaGwCcCfgAal2SvcNamePrefix + cMediaGwCcCfgAal2SvcNamePrefix + cMediaGwCcCfgDefRtpNamePrefix + This object can not be modified when there is any + AAL1 SVC termination type existing in the media gateway. + It is default to 'AAL1/SVC'." + DEFVAL { '41414C312F535643'H } + ::= { cMediaGwCallControlConfigEntry 14 } + +cMediaGwCcCfgAal2SvcNamePrefix OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..64)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the prefix of the name schema for + voice over AAL2 SVC (Switched Virtual Circuit) + terminations. + The value of this object must be unique among the + following objects: + cMediaGwCcCfgDsNamePrefix + cMediaGwCcCfgRtpNamePrefix + cMediaGwCcCfgAal2SvcNamePrefix + cMediaGwCcCfgAal2SvcNamePrefix + cMediaGwCcCfgDefRtpNamePrefix + This object can not be modified when there is any + AAL2 SVC termination type existing in the media gateway. + It is default to 'AAL2/SVC'." + DEFVAL { '41414C322F535643'H } + ::= { cMediaGwCallControlConfigEntry 15 } + +cMediaGwCcCfgClusterEnabled OBJECT-TYPE + SYNTAX INTEGER { + disabled (1), + enabled (2), + conditionalEnabled (3) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the condition of the cluster generation + in the call control. + + A cluster is a group of endpoints that share a particular + bearer possibility for connections among each other. + + disabled(1) - The generation of the cluster attribute + is disabled. + enabled(2) - Unconditionally generate the cluster + attribute. + conditionalEnabled(3) - The generation of the cluster + attribute is upon MGC request. + " + DEFVAL { disabled } + ::= { cMediaGwCallControlConfigEntry 16 } + + +cMediaGwCcCfgDefBearerTraffic OBJECT-TYPE + SYNTAX INTEGER { + ipPvcAal5 (1), + atmPvcAal2 (2), + atmSvcAal2 (3), + atmSvcAal1 (4) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the combination of the network + type (IP/ATM), virtual circuit type (PVC/SVC) and + ATM adaptation layer type (AAL1/AAL2/AAL5) for the + connection used in transporting bearer traffic. + + ipPvcAal5 (1) - The bearer traffic is transported in + IP network, through Permanent Virtual + Circuit(PVC) over AAL5 adaptation layer. + atmPvcAal2 (2) - The bearer traffic is transported in + ATM network, through Permanent Virtual + Circuit(PVC) over AAL2 adaptation layer. + atmSvcAal2 (3) - The bearer traffic is transported in + ATM network, through Switching Virtual + Circuit(SVC) over AAL2 adaptation layer. + atmSvcAal1 (4) - The bearer traffic is transported in + ATM network, through Switching Virtual + Circuit(SVC) over AAL1 adaptation layer. + + In MGCP, if the call agent specifies the bear traffic type + in the local connection options (CRCX request), + configuration of this object will have no effect, + otherwise the value of this object will be used when + media gateway sending CRCX response." + DEFVAL { ipPvcAal5 } + ::= { cMediaGwCallControlConfigEntry 17 } + +cMediaGwCcCfgDefRtpNamePrefix OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..64)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies the prefix of the name schema for + default RTP terminations. + The value of this object must be unique among the + following objects: + cMediaGwCcCfgDsNamePrefix + cMediaGwCcCfgRtpNamePrefix + cMediaGwCcCfgAal1SvcNamePrefix + cMediaGwCcCfgAal2SvcNamePrefix + + It is defaulted to 'TGWRTP'." + DEFVAL { '544757525450'H } + ::= { cMediaGwCallControlConfigEntry 18 } + + + + +-- +-- GW resource statistics table +-- + +cMediaGwRscStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CMediaGwRscStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table stores the gateway resource statistics + information. + " + ::= { cMediaGwStats 1 } + +cMediaGwRscStatsEntry OBJECT-TYPE + SYNTAX CMediaGwRscStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each entry stores the statistics + information for a specific resource. + " + INDEX { cmgwIndex, cmgwRscStatsIndex} + ::= { cMediaGwRscStatsTable 1 } + +CMediaGwRscStatsEntry::= SEQUENCE { + cmgwRscStatsIndex INTEGER, + cmgwRscMaximumUtilization Gauge32, + cmgwRscMinimumUtilization Gauge32, + cmgwRscAverageUtilization Gauge32, + cmgwRscSinceLastReset Unsigned32 + } + +cmgwRscStatsIndex OBJECT-TYPE + SYNTAX INTEGER { + cpu (1), + staticmemory (2), + dynamicmemory (3), + sysmemory (4), + commbuffer (5), + msgq (6), + atmq (7), + svccongestion (8), + rsvpq (9), + dspq (10), + h248congestion (11), + callpersec (12), + smallipcbuffer (13), + mediumipcbuffer (14), + largeipcbuffer (15), + hugeipcbuffer (16), + mblkipcbuffer (17) + } + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index that uniquely identifies a specific gateway + resource. + " + ::= { cMediaGwRscStatsEntry 1 } + + +cmgwRscMaximumUtilization OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates the maximum utilization of the + resource over the interval specified by the + 'cmgwRscSinceLastReset'. + " + ::= { cMediaGwRscStatsEntry 2 } + +cmgwRscMinimumUtilization OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates the minimum utilization of the + resource over the interval specified by the + 'cmgwRscSinceLastReset'. + " + ::= { cMediaGwRscStatsEntry 3 } + +cmgwRscAverageUtilization OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object indicates the average utilization of the + resource over the interval specified by the + 'cmgwRscSinceLastReset'. + " + ::= { cMediaGwRscStatsEntry 4 } + + +cmgwRscSinceLastReset OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "seconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The elapsed time (in seconds) from the last periodic reset. + + The following objects are reset at the last reset: + + 'cmgwRscMaximumUtilization' + 'cmgwRscMinimumUtilization' + 'cmgwRscAverageUtilization' + " + ::= { cMediaGwRscStatsEntry 5 } + + +--********************************************************************** +--Conformance +--********************************************************************** + +cMediaGwMIBConformance + OBJECT IDENTIFIER ::= { ciscoMediaGatewayMIB 2 } + +cMediaGwMIBCompliances + OBJECT IDENTIFIER ::= { cMediaGwMIBConformance 1 } + +cMediaGwMIBGroups + OBJECT IDENTIFIER ::= { cMediaGwMIBConformance 2 } + + +-- +--Conformance and compliance statements +-- + +cMediaGwMIBCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for the SNMP entities which implement + Media Gateway MIB. + This has been replaced by cMediaGwMIBComplianceRev1" + MODULE -- this module + MANDATORY-GROUPS { + cMediaGwGroup + } + + GROUP cmgwSignalProtocolGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more signaling protocol stacks." + + GROUP cmgwDomainNameGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more domain name." + + GROUP cMediaGwIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more IP address." + + GROUP cmgwDnsIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + DNS name server." + + GROUP cmgwLifGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + LIF (logical interface)." + + GROUP cmgwCallControlGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + any signaling protocol." + + OBJECT cmgwIpConfigAddrType +-- SYNTAX InetAddressType { ipv4(1) } + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwIpConfigAddress + SYNTAX InetAddress (SIZE(4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + + OBJECT cmgwDnsIpType +-- SYNTAX InetAddressType { ipv4(1) } + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwDnsIp + SYNTAX InetAddress (SIZE(4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + + + ::= { cMediaGwMIBCompliances 1 } + +cMediaGwMIBComplianceRev1 MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for the SNMP entities which implement + Media Gateway MIB. + This has been replaced by cMediaGwMIBComplianceRev2." + MODULE -- this module + MANDATORY-GROUPS { + cMediaGwGroupRev1 + } + + GROUP cmgwSignalProtocolGroupRev1 + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more signaling protocol stacks." + + GROUP cmgwDomainNameGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more domain name." + + GROUP cMediaGwIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more IP address." + + GROUP cmgwDnsIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + DNS name server." + + GROUP cmgwLifGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + LIF (logical interface)." + + GROUP cmgwCallControlGroupRev1 + DESCRIPTION + "This group is mandatory for a media gateway which supports + any signaling protocol." + + + OBJECT cmgwIpConfigAddrType +-- SYNTAX InetAddressType { ipv4(1) } + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwIpConfigAddress + SYNTAX InetAddress (SIZE(4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + + OBJECT cmgwDnsIpType +-- SYNTAX InetAddressType { ipv4(1) } + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwDnsIp + SYNTAX InetAddress (SIZE(4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + + ::= { cMediaGwMIBCompliances 2 } + +cMediaGwMIBComplianceRev2 MODULE-COMPLIANCE + STATUS deprecated -- by cMediaGwMIBComplianceRev3 + DESCRIPTION + "The compliance statement for the SNMP entities which implement + Media Gateway MIB." + MODULE -- this module + MANDATORY-GROUPS { + cMediaGwGroupRev1 + } + + GROUP cmgwSignalProtocolGroupRev2 + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more signaling protocol stacks." + + GROUP cmgwDomainNameGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more domain name." + + GROUP cMediaGwIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more IP address." + + GROUP cmgwDnsIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + DNS name server." + + GROUP cmgwLifGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + LIF (logical interface)." + + GROUP cmgwCallControlGroupRev1 + DESCRIPTION + "This group is mandatory for a media gateway which supports + any signaling protocol." + + OBJECT cmgwIpConfigAddrType +-- SYNTAX InetAddressType { ipv4(1) } + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwIpConfigAddress + SYNTAX InetAddress (SIZE(4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + + OBJECT cmgwDnsIpType +-- SYNTAX InetAddressType { ipv4(1) } + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwDnsIp + SYNTAX InetAddress (SIZE(4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + + ::= { cMediaGwMIBCompliances 3 } + +cMediaGwMIBComplianceRev3 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for the SNMP entities which implement + Media Gateway MIB." + MODULE -- this module + MANDATORY-GROUPS { + cMediaGwGroupRev1, + cMediaGwGroupExtra + } + + GROUP cmgwSignalProtocolGroupRev2 + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more signaling protocol stacks." + + GROUP cmgwSignalProtocolGroupRev3 + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more signaling protocol stacks." + + GROUP cmgwDomainNameGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more domain name." + + GROUP cMediaGwIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more IP address." + + GROUP cmgwDnsIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + DNS name server." + + GROUP cmgwLifGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + LIF (logical interface)." + + GROUP cmgwCallControlGroupRev1 + DESCRIPTION + "This group is mandatory for a media gateway which supports + any signaling protocol." + + GROUP cMediaGwRscStatsGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + gateway resource statistics." + + OBJECT cmgwIpConfigAddrType +-- SYNTAX InetAddressType { ipv4(1) } + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwIpConfigAddress + SYNTAX InetAddress (SIZE(4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + + OBJECT cmgwDnsIpType +-- SYNTAX InetAddressType { ipv4(1) } + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwDnsIp + SYNTAX InetAddress (SIZE(4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + + ::= { cMediaGwMIBCompliances 4 } + +cMediaGwMIBComplianceRev4 MODULE-COMPLIANCE + STATUS deprecated -- by cMediaGwMIBComplianceRev5 + DESCRIPTION + "The compliance statement for the SNMP entities which implement + Media Gateway MIB." + MODULE -- this module + MANDATORY-GROUPS { + cMediaGwGroupRev1, + cMediaGwGroupExtra + } + + GROUP cmgwSignalProtocolGroupRev2 + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more signaling protocol stacks." + + GROUP cmgwSignalProtocolGroupRev3 + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more signaling protocol stacks." + + GROUP cmgwDomainNameGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more domain name." + + GROUP cMediaGwIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more IP address." + GROUP cmgwDnsIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + DNS name server." + + GROUP cmgwLifGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + LIF (logical interface)." + + GROUP cmgwCallControlGroupRev2 + DESCRIPTION + "This group is mandatory for a media gateway which supports + any signaling protocol." + + GROUP cMediaGwRscStatsGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + gateway resource statistics." + + OBJECT cmgwIpConfigAddrType + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwIpConfigAddress + SYNTAX InetAddress (SIZE (4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + + OBJECT cmgwDnsIpType + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwDnsIp + SYNTAX InetAddress (SIZE (4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + ::= { cMediaGwMIBCompliances 5 } + + +cMediaGwMIBComplianceRev5 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for the SNMP entities which implement + Media Gateway MIB." + MODULE -- this module + MANDATORY-GROUPS { + cMediaGwGroupRev1, + cMediaGwGroupExtra + } + + GROUP cMediaGwGroupRev2 + DESCRIPTION + "This group is mendatory for media gateway which supports + Enable/Disable V23 mode at gateway level." + + GROUP cmgwSignalProtocolGroupRev2 + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more signaling protocol stacks." + + GROUP cmgwSignalProtocolGroupRev3 + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more signaling protocol stacks." + + GROUP cmgwDomainNameGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more domain name." + + GROUP cMediaGwIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + one or more IP address." + + GROUP cmgwDnsIpGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + DNS name server." + + GROUP cmgwLifGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + LIF (logical interface)." + + GROUP cmgwCallControlGroupRev2 + DESCRIPTION + "This group is mandatory for a media gateway which supports + any signaling protocol." + + GROUP cMediaGwRscStatsGroup + DESCRIPTION + "This group is mandatory for a media gateway which supports + gateway resource statistics." + + OBJECT cmgwIpConfigAddrType + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwIpConfigAddress + SYNTAX InetAddress (SIZE (4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + + OBJECT cmgwDnsIpType + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address type" + + OBJECT cmgwDnsIp + SYNTAX InetAddress (SIZE (4)) + DESCRIPTION + "The minimal requirement for supporting this object is 'ipv4' + address" + ::= { cMediaGwMIBCompliances 6 } + +-- +--units of conformance +-- +--MIB Groups +-- + +cMediaGwGroup OBJECT-GROUP + OBJECTS { + cmgwDomainName, + cmgwPhysicalIndex, + cmgwServiceState, + cmgwAdminState, + cmgwGraceTime + } + STATUS deprecated + DESCRIPTION + "This group contains objects that apply to the media gateway + configuration table." + ::= { cMediaGwMIBGroups 1 } + +cmgwSignalProtocolGroup OBJECT-GROUP + OBJECTS { + cmgwSignalProtocol, + cmgwSignalProtocolVersion, + cmgwSignalProtocolPort + } + STATUS deprecated + DESCRIPTION + "A collection of objects providing signaling + protocol information a media gateway." + ::= { cMediaGwMIBGroups 2 } + + +cmgwDomainNameGroup OBJECT-GROUP + OBJECTS { + cmgwConfigDomainNameEntity, + cmgwConfigDomainName, + cmgwConfigDomainNameRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects providing DNS name + configuration for a media gateway." + ::= { cMediaGwMIBGroups 3 } + +cMediaGwIpGroup OBJECT-GROUP + OBJECTS { + cmgwIpConfigIfIndex, + cmgwIpConfigVpi, + cmgwIpConfigVci, + cmgwIpConfigAddrType, + cmgwIpConfigAddress, + cmgwIpConfigSubnetMask, + cmgwIpConfigDefaultGwIp, + cmgwIpConfigForRemoteMapping, + cmgwIpConfigRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects providing IP address + configuration for a media gateway." + ::= { cMediaGwMIBGroups 4 } + +cmgwDnsIpGroup OBJECT-GROUP + OBJECTS { + cmgwDnsDomainName, + cmgwDnsIp, + cmgwDnsIpType, + cmgwDnsIpRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects providing DSN name server + IP address configuration for a media gateway." + ::= { cMediaGwMIBGroups 5 } + +cmgwLifGroup OBJECT-GROUP + OBJECTS { + cmgwLifPvcCount, + cmgwLifVoiceIfCount + } + STATUS current + DESCRIPTION + "A collection of objects providing LIF(logical interface) + information for a media gateway." + ::= { cMediaGwMIBGroups 6 } + +cmgwCallControlGroup OBJECT-GROUP + OBJECTS { + cMediaGwCcCfgControlTos, + cMediaGwCcCfgBearerTos, + cMediaGwCcCfgNtePayload, + cMediaGwCcCfgNsePayload, + cMediaGwCcCfgNseRespTimer, + cMediaGwCcCfgVbdJitterDelayMode, + cMediaGwCcCfgVbdJitterMaxDelay, + cMediaGwCcCfgVbdJitterNomDelay, + cMediaGwCcCfgVbdJitterMinDelay, + cMediaGwCcCfgDefaultTonePlanId, + cMediaGwCcCfgDescrInfoEnabled, + cMediaGwCcCfgDsNamePrefix, + cMediaGwCcCfgRtpNamePrefix, + cMediaGwCcCfgAal1SvcNamePrefix, + cMediaGwCcCfgAal2SvcNamePrefix, + cMediaGwCcCfgClusterEnabled + } + STATUS deprecated + DESCRIPTION + "A collection of objects providing general call control + information in a media gateway." + ::= { cMediaGwMIBGroups 7 } + +cMediaGwGroupRev1 OBJECT-GROUP + OBJECTS { + cmgwDomainName, + cmgwPhysicalIndex, + cmgwServiceState, + cmgwAdminState, + cmgwGraceTime, + cmgwVtMappingMode + } + STATUS current + DESCRIPTION + "This group replaces cMediaGwGroup. + It contains objects that apply to the media gateway + configuration table." + ::= { cMediaGwMIBGroups 8 } + +cmgwCallControlGroupRev1 OBJECT-GROUP + OBJECTS { + cMediaGwCcCfgControlTos, + cMediaGwCcCfgBearerTos, + cMediaGwCcCfgNtePayload, + cMediaGwCcCfgNsePayload, + cMediaGwCcCfgNseRespTimer, + cMediaGwCcCfgVbdJitterDelayMode, + cMediaGwCcCfgVbdJitterMaxDelay, + cMediaGwCcCfgVbdJitterNomDelay, + cMediaGwCcCfgVbdJitterMinDelay, + cMediaGwCcCfgDefaultTonePlanId, + cMediaGwCcCfgDescrInfoEnabled, + cMediaGwCcCfgDsNamePrefix, + cMediaGwCcCfgRtpNamePrefix, + cMediaGwCcCfgAal1SvcNamePrefix, + cMediaGwCcCfgAal2SvcNamePrefix, + cMediaGwCcCfgClusterEnabled, + cMediaGwCcCfgDefBearerTraffic + } + STATUS current + DESCRIPTION + "This group replaces cmgwCallControlGroup. + It contains the objects providing general call control + information in a media gateway." + ::= { cMediaGwMIBGroups 9 } + +cmgwSignalProtocolGroupRev1 OBJECT-GROUP + OBJECTS { + cmgwSignalProtocol, + cmgwSignalProtocolVersion, + cmgwSignalProtocolPort, + cmgwSignalMgcProtocolPort + } + STATUS deprecated + DESCRIPTION + "This group replaces cmgwSignalProtocolGroup. + It contains the objects providing signaling + protocol information a media gateway." + ::= { cMediaGwMIBGroups 10 } + +cmgwSignalProtocolGroupRev2 OBJECT-GROUP + OBJECTS { + cmgwSignalProtocol, + cmgwSignalProtocolVersion, + cmgwSignalProtocolPort, + cmgwSignalMgcProtocolPort, + cmgwSignalProtocolPreference + } + STATUS current + DESCRIPTION + "This group replaces cmgwSignalProtocolGroupRev1. + It contains the objects providing signaling + protocol information a media gateway." + ::= { cMediaGwMIBGroups 11 } + +cmgwSignalProtocolGroupRev3 OBJECT-GROUP + OBJECTS { + cmgwSignalProtocolConfigVer + } + STATUS current + DESCRIPTION + "Additional objects for cmgwSignalProtocolGroupRev2." + ::= { cMediaGwMIBGroups 12 } + +cMediaGwRscStatsGroup OBJECT-GROUP + OBJECTS { + cmgwRscMaximumUtilization, + cmgwRscMinimumUtilization, + cmgwRscAverageUtilization, + cmgwRscSinceLastReset + } + STATUS current + DESCRIPTION + "This group includes gateway resource statistics + information. + " + ::= { cMediaGwMIBGroups 13 } + + +cMediaGwGroupExtra OBJECT-GROUP + OBJECTS { + cmgwSrcFilterEnabled, + cmgwLawInterceptEnabled + } + STATUS current + DESCRIPTION + "Additional objects for cMediaGwGroupRev1." + ::= { cMediaGwMIBGroups 14 } + + cmgwCallControlGroupRev2 OBJECT-GROUP + OBJECTS { + cMediaGwCcCfgControlTos, + cMediaGwCcCfgBearerTos, + cMediaGwCcCfgNtePayload, + cMediaGwCcCfgNsePayload, + cMediaGwCcCfgNseRespTimer, + cMediaGwCcCfgVbdJitterDelayMode, + cMediaGwCcCfgVbdJitterMaxDelay, + cMediaGwCcCfgVbdJitterNomDelay, + cMediaGwCcCfgVbdJitterMinDelay, + cMediaGwCcCfgDefaultTonePlanId, + cMediaGwCcCfgDescrInfoEnabled, + cMediaGwCcCfgDsNamePrefix, + cMediaGwCcCfgRtpNamePrefix, + cMediaGwCcCfgAal1SvcNamePrefix, + cMediaGwCcCfgAal2SvcNamePrefix, + cMediaGwCcCfgClusterEnabled, + cMediaGwCcCfgDefBearerTraffic, + cMediaGwCcCfgDefRtpNamePrefix + } + + STATUS current + DESCRIPTION + "This group replaces cmgwCallControlGroup. + It contains the objects providing general call control + information in a media gateway." + ::= { cMediaGwMIBGroups 15 } + + cMediaGwGroupRev2 OBJECT-GROUP + OBJECTS { + cmgwDomainName, + cmgwPhysicalIndex, + cmgwServiceState, + cmgwAdminState, + cmgwGraceTime, + cmgwVtMappingMode, + cmgwV23Enabled + } + STATUS current + DESCRIPTION + "Additional object cmgwV23Enabled in CMediaGwEntry Table." + ::= { cMediaGwMIBGroups 16 } + +END +