-- ==================================================================== -- Copyright (c) 2011 by FS.COM Inc.. All rights reserved. -- -- Description: The MIB is designed to get IPSec tunnels' statistic information. -- Reference: fs Enterprise MIB -- ===================================================================== FS-IPSEC-MIB DEFINITIONS ::= BEGIN IMPORTS DisplayString,TEXTUAL-CONVENTION, TimeStamp FROM SNMPv2-TC IpAddress, Integer32, Counter32, Counter64, OBJECT-TYPE, MODULE-IDENTITY, Gauge32, NOTIFICATION-TYPE, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF fsMgmt FROM FS-SMI; fsIPSecMonitor MODULE-IDENTITY LAST-UPDATED "201102170000Z" ORGANIZATION "FS.COM Inc.." CONTACT-INFO "Tel: 400-865-2852 E-mail: https://www.fs.com/live_chat_service_mail.html" DESCRIPTION "The MIB is designed to get statistic information of IPSec tunnels. With this MIB, we can get information of a certain tunnel or all tunnels." REVISION "201102170000Z" DESCRIPTION "Initial version of this MIB module." ::= { fsMgmt 94 } FSDiffHellmanGrp ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The Diffie Hellman Group used in the IKE and IPSec negotiations. invalidAlg(2147483647) is defined as invalid value." SYNTAX INTEGER { none(0), modp768(1), modp1024(2), invalidMode(2147483647) } FSEncapMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The encapsulation mode used by an IPSec Phase-2 Tunnel." SYNTAX INTEGER { tunnel(1), transport(2), invalidMode(2147483647) } FSEncryptAlgo ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The encryption algorithm used in the IKE and IPSec negotiations. invalidAlg(2147483647) is defined as invalid value." SYNTAX INTEGER { none(0), desCbc(2), threedesCbc(3), aesCbc(12), sm1Cbc(128), invalidAlg(2147483647) } FSAuthAlgo ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authentication algorithm used in the IKE negotiations. invalidAlg(2147483647) is defined as invalid value." SYNTAX INTEGER { none(0), md5(1), sha(2), invalidAlg(2147483647) } FSSaProtocol ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The protocol of security association." SYNTAX INTEGER { reserved(0), isakmp(1), ah(2), esp(3) } FSTunnelProtocol ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The protocol of security association." SYNTAX INTEGER { none(0), icmp(1), igmp(2), ip(4), tcp(6), udp(17), esp(50), ah(51) } FSTrafficType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of the data flow." SYNTAX INTEGER { ipv4Addr(1), ipv4AddrSubnet(2), ipv6Addr(3), ipv6AddrSubnet(4), ipv4AddrRange(5), ipv6AddrRange(6) } FSIPSecNegoType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of key used by an IPSec Phase-2 Tunnel. invalidType(2147483647) is defined as invalid value." SYNTAX INTEGER { ike(1), manual(2), invalidType(2147483647) } FSIPSecTunnelState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The state of IPSec tunnel." SYNTAX INTEGER { establishing(1), active(2), expiring(3) } -- ======================================================================== -- Node definitions -- ======================================================================== --Begin the node of fsIPSecObjects. fsIPSecObjects OBJECT IDENTIFIER ::= { fsIPSecMonitor 1 } -- =============================================== -- Begin the table of fsIPSecTunnelTable. -- =============================================== fsIPSecTunnelTable OBJECT-TYPE SYNTAX SEQUENCE OF FSIPSecTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPSec Phase-2 Tunnel Table. There is one entry in this table for each active IPSec Phase-2 Tunnel." ::= { fsIPSecObjects 1 } fsIPSecTunnelEntry OBJECT-TYPE SYNTAX FSIPSecTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about fsIPSecTunnelTable." INDEX { fsIPSecTunRemoteAddr } ::= { fsIPSecTunnelTable 1 } FSIPSecTunnelEntry ::= SEQUENCE { fsIPSecTunIfIndex Integer32, fsIPSecTunIndex Integer32, fsIPSecTunIKETunnelIndex Integer32, fsIPSecTunLocalAddr IpAddress, fsIPSecTunRemoteAddr IpAddress, fsIPSecTunLocalHostname DisplayString, fsIPSecTunRemoteHostname DisplayString, fsIPSecTunKeyType FSIPSecNegoType, fsIPSecTunEncapMode FSEncapMode, fsIPSecTunInitiator INTEGER, fsIPSecTunLifeSize Integer32, fsIPSecTunLifeTime Integer32, fsIPSecTunRemainTime Integer32, fsIPSecTunActiveTime Integer32, fsIPSecTunCreateTime TimeStamp, fsIPSecTunRemainSize Integer32, fsIPSecTunTotalRefreshes Counter32, fsIPSecTunCurrentSaInstances Gauge32, fsIPSecTunInSaEncryptAlgo FSEncryptAlgo, fsIPSecTunInSaAhAuthAlgo FSAuthAlgo, fsIPSecTunInSaEspAuthAlgo FSAuthAlgo, fsIPSecTunDiffHellmanGrp FSDiffHellmanGrp, fsIPSecTunOutSaEncryptAlgo FSEncryptAlgo, fsIPSecTunOutSaAhAuthAlgo FSAuthAlgo, fsIPSecTunOutSaEspAuthAlgo FSAuthAlgo, fsIPSecTunMapName DisplayString, fsIPSecTunSeqNum Integer32, fsIPSecTunStatus FSIPSecTunnelState } fsIPSecTunIfIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The interface index( the ifIndex of ifTable )." ::= { fsIPSecTunnelEntry 1 } fsIPSecTunIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of IPSec Phase-2 Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647." ::= { fsIPSecTunnelEntry 2 } fsIPSecTunIKETunnelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the associated IPSec Phase-1 IKE Tunnel (IKETunIndex in the IKETunnelTable). 2147483647 is defined as invalid value. " ::= { fsIPSecTunnelEntry 3 } fsIPSecTunLocalAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the local peer for the IPSec Phase-2 Tunnel. 0.0.0.0 is defined as invalid value." ::= { fsIPSecTunnelEntry 4 } fsIPSecTunRemoteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the remote peer for the IPSec Phase-2 Tunnel. 0.0.0.0 is defined as invalid value." ::= { fsIPSecTunnelEntry 5 } fsIPSecTunLocalHostname OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The Hostname of the local peer for the IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelEntry 6 } fsIPSecTunRemoteHostname OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The Hostname of the remote peer for the IPSec Phase-2 Tunnel. " ::= { fsIPSecTunnelEntry 7 } fsIPSecTunKeyType OBJECT-TYPE SYNTAX FSIPSecNegoType MAX-ACCESS read-only STATUS current DESCRIPTION "The key negotiate mode used by the IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelEntry 8 } fsIPSecTunEncapMode OBJECT-TYPE SYNTAX FSEncapMode MAX-ACCESS read-only STATUS current DESCRIPTION "The encapsulation mode used by the IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelEntry 9 } fsIPSecTunInitiator OBJECT-TYPE SYNTAX INTEGER { local(1), remote(2), none(2147483647) } MAX-ACCESS read-only STATUS current DESCRIPTION "The initiator of this IPSec tunnel. Value none is used for manual IPsec tunnel, for there is no initiator or responder in this method." ::= { fsIPSecTunnelEntry 10 } fsIPSecTunLifeSize OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated LifeSize of the IPSec Phase-2 Tunnel in kilobytes. 2147483647 is defined as invalid value." ::= { fsIPSecTunnelEntry 11 } fsIPSecTunLifeTime OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated LifeTime of the IPSec Phase-2 Tunnel in seconds. 2147483647 is defined as invalid value." ::= { fsIPSecTunnelEntry 12 } fsIPSecTunRemainTime OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The remain time of SA in seconds. 2147483647 is defined as invalid value." ::= { fsIPSecTunnelEntry 13 } fsIPSecTunActiveTime OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The duration the IPSec Phase-2 Tunnel has been active in hundredths of seconds. 2147483647 is defined as invalid value." ::= { fsIPSecTunnelEntry 14 } fsIPSecTunCreateTime OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The Time Stamp when the IPSec Phase-2 Tunnel created." ::= { fsIPSecTunnelEntry 15 } fsIPSecTunRemainSize OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The remain LifeSize of SA in kilobytes. 2147483647 is defined as invalid value." ::= { fsIPSecTunnelEntry 16 } fsIPSecTunTotalRefreshes OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of security association refreshing performed." ::= { fsIPSecTunnelEntry 17 } fsIPSecTunCurrentSaInstances OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of security associations which are currently active or expiring." ::= { fsIPSecTunnelEntry 18 } fsIPSecTunInSaEncryptAlgo OBJECT-TYPE SYNTAX FSEncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used by the inbound security association of the IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelEntry 19 } fsIPSecTunInSaAhAuthAlgo OBJECT-TYPE SYNTAX FSAuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the inbound authentication header (AH) security association of the IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelEntry 20 } fsIPSecTunInSaEspAuthAlgo OBJECT-TYPE SYNTAX FSAuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the inbound encapsulation security protocol(ESP) security association of the IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelEntry 21 } fsIPSecTunDiffHellmanGrp OBJECT-TYPE SYNTAX FSDiffHellmanGrp MAX-ACCESS read-only STATUS current DESCRIPTION "The Diffie Hellman Group used by the security association of the IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelEntry 22 } fsIPSecTunOutSaEncryptAlgo OBJECT-TYPE SYNTAX FSEncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used by the outbound security association of the IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelEntry 23 } fsIPSecTunOutSaAhAuthAlgo OBJECT-TYPE SYNTAX FSAuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the outbound authentication header (AH) security association of the IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelEntry 24 } fsIPSecTunOutSaEspAuthAlgo OBJECT-TYPE SYNTAX FSAuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the outbound encapsulation security protocol(ESP) security association of the IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelEntry 25 } fsIPSecTunMapName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The Map name used by this IPSec tunnel." ::= { fsIPSecTunnelEntry 26 } fsIPSecTunSeqNum OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The sequence number of policy used by this IPSec tunnel." ::= { fsIPSecTunnelEntry 27 } fsIPSecTunStatus OBJECT-TYPE SYNTAX FSIPSecTunnelState MAX-ACCESS read-write STATUS current DESCRIPTION "The status of the IPSec Tunnel." ::= { fsIPSecTunnelEntry 28 } -- =============================================== -- Begin the table of fsIPSecTunnelStatTable. -- =============================================== fsIPSecTunnelStatTable OBJECT-TYPE SYNTAX SEQUENCE OF FSIPSecTunnelStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPSec Phase-2 Tunnel Statistics Table. " ::= { fsIPSecObjects 2 } fsIPSecTunnelStatEntry OBJECT-TYPE SYNTAX FSIPSecTunnelStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about fsIPSecTunnelStatTable." INDEX { fsIPSecTunRemoteAddr } ::= { fsIPSecTunnelStatTable 1 } FSIPSecTunnelStatEntry ::= SEQUENCE { fsIPSecTunInOctets Counter64, fsIPSecTunInDecompOctets Counter64, fsIPSecTunInPkts Counter64, fsIPSecTunInSpeed Counter64, fsIPSecTunInDropPkts Counter64, fsIPSecTunOutOctets Counter64, fsIPSecTunOutUncompOctets Counter64, fsIPSecTunOutPkts Counter64, fsIPSecTunOutSpeed Counter64, fsIPSecTunOutDropPkts Counter64 } fsIPSecTunInOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets received by this IPSec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed." ::= { fsIPSecTunnelStatEntry 1 } fsIPSecTunInDecompOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of decompressed octets received by this IPSec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed." ::= { fsIPSecTunnelStatEntry 2 } fsIPSecTunInPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by this IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelStatEntry 3 } fsIPSecTunInSpeed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The Speed(bps) of packets received by this IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelStatEntry 4 } fsIPSecTunInDropPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receiving process by this IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelStatEntry 5 } fsIPSecTunOutOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets sent by this IPSec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed." ::= { fsIPSecTunnelStatEntry 6 } fsIPSecTunOutUncompOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of uncompressed octets sent by this IPSec Phase-2 Tunnel.This value is accumulated BEFORE the packet is compressed." ::= { fsIPSecTunnelStatEntry 7 } fsIPSecTunOutPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by this IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelStatEntry 8 } fsIPSecTunOutSpeed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The Speed(bps) of packets sent by this IPSec Phase-2 Tunnel. " ::= { fsIPSecTunnelStatEntry 9 } fsIPSecTunOutDropPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during sending process by this IPSec Phase-2 Tunnel." ::= { fsIPSecTunnelStatEntry 10 } -- =============================================== -- Begin the table of fsIPSecSaTable. -- =============================================== fsIPSecSaTable OBJECT-TYPE SYNTAX SEQUENCE OF FSIPSecSaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPSec Phase-2 Security Protection Index Table. This table contains an entry for each active and expiring security association." ::= { fsIPSecObjects 3 } fsIPSecSaEntry OBJECT-TYPE SYNTAX FSIPSecSaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about fsIPSecSaTable." INDEX { fsIPSecTunRemoteAddr } ::= { fsIPSecSaTable 1 } FSIPSecSaEntry ::= SEQUENCE { fsIPSecSaIndex Integer32, fsIPSecSaDirection INTEGER, fsIPSecSaValue Unsigned32, fsIPSecSaProtocol FSSaProtocol, fsIPSecSaEncryptAlgo FSEncryptAlgo, fsIPSecSaAuthAlgo FSAuthAlgo, fsIPSecSaStatus FSIPSecTunnelState } fsIPSecSaIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The number of the Sa associated with the Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Sa associated with an IPSec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647." ::= { fsIPSecSaEntry 1 } fsIPSecSaDirection OBJECT-TYPE SYNTAX INTEGER { in(1), out(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The direction of the SA." ::= { fsIPSecSaEntry 2 } fsIPSecSaValue OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the SPI." ::= { fsIPSecSaEntry 3 } fsIPSecSaProtocol OBJECT-TYPE SYNTAX FSSaProtocol MAX-ACCESS read-only STATUS current DESCRIPTION "The security protocol of the SA." ::= { fsIPSecSaEntry 4 } fsIPSecSaEncryptAlgo OBJECT-TYPE SYNTAX FSEncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used by the security association of the IPSec Phase-2 Tunnel." ::= { fsIPSecSaEntry 5 } fsIPSecSaAuthAlgo OBJECT-TYPE SYNTAX FSAuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the SA." ::= { fsIPSecSaEntry 6 } fsIPSecSaStatus OBJECT-TYPE SYNTAX FSIPSecTunnelState MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the SA." ::= { fsIPSecSaEntry 7 } -- =============================================== -- Begin the table of fsIPSecTrafficTable. -- =============================================== fsIPSecTrafficTable OBJECT-TYPE SYNTAX SEQUENCE OF FSIPSecTrafficEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPSec Phase-2 Tunnel Traffic Table. " ::= { fsIPSecObjects 4 } fsIPSecTrafficEntry OBJECT-TYPE SYNTAX FSIPSecTrafficEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about fsIPSecTrafficTable." INDEX { fsIPSecTunRemoteAddr } ::= { fsIPSecTrafficTable 1 } FSIPSecTrafficEntry ::= SEQUENCE { fsIPSecTrafficLocalType FSTrafficType, fsIPSecTrafficLocalAddr1 IpAddress, fsIPSecTrafficLocalAddr2 IpAddress, fsIPSecTrafficLocalProtocol FSTunnelProtocol, fsIPSecTrafficLocalPort Integer32, fsIPSecTrafficLocalHostname DisplayString, fsIPSecTrafficRemoteType FSTrafficType, fsIPSecTrafficRemoteAddr1 IpAddress, fsIPSecTrafficRemoteAddr2 IpAddress, fsIPSecTrafficRemoteProtocol FSTunnelProtocol, fsIPSecTrafficRemotePort Integer32, fsIPSecTrafficRemoteHostname DisplayString } fsIPSecTrafficLocalType OBJECT-TYPE SYNTAX FSTrafficType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of local peer. Possible values are: a single IP address, or an IP address range, or an IP subnet." ::= { fsIPSecTrafficEntry 1 } fsIPSecTrafficLocalAddr1 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The first specification of local peer's IP address. If the local peer type is single IP address, then this is the value of the IP address. If the local peer type is IP subnet, then this is the value of the subnet. If the local peer type is IP address range, then this is the value of beginning IP address of the range." ::= { fsIPSecTrafficEntry 2 } fsIPSecTrafficLocalAddr2 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The second specification of local peer's IP address. If the local peer type is single IP address, then this is the value of the IP address. If the local peer type is IP subnet, then this is the value of the subnet mask. If the local peer type is IP address range, then this is the value of ending IP address of the range." ::= { fsIPSecTrafficEntry 3 } fsIPSecTrafficLocalProtocol OBJECT-TYPE SYNTAX FSTunnelProtocol MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol number of the local peer's traffic." ::= { fsIPSecTrafficEntry 4 } fsIPSecTrafficLocalPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The port number of the local peer's traffic." ::= { fsIPSecTrafficEntry 5 } fsIPSecTrafficLocalHostname OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The Hostname of local peer's IP address." ::= { fsIPSecTrafficEntry 6 } fsIPSecTrafficRemoteType OBJECT-TYPE SYNTAX FSTrafficType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of remote peer. Possible values are: a single IP address, or an IP address range, or an IP subnet." ::= { fsIPSecTrafficEntry 7 } fsIPSecTrafficRemoteAddr1 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The first specification of remote peer's IP address. If the remote peer type is single IP address, then this is the value of the IP address. If the remote peer type is IP subnet, then this is the value of the subnet. If the remote peer type is IP address range, then this is the value of beginning IP address of the range." ::= { fsIPSecTrafficEntry 8 } fsIPSecTrafficRemoteAddr2 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Single IP address, then this is the value of the IP address. If the remote peer type is IP subnet, then this is the value of the subnet mask. If the remote peer type is IP address range, then this is the value of ending IP address of the range." ::= { fsIPSecTrafficEntry 9 } fsIPSecTrafficRemoteProtocol OBJECT-TYPE SYNTAX FSTunnelProtocol MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol number of the remote peer's traffic." ::= { fsIPSecTrafficEntry 10 } fsIPSecTrafficRemotePort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The port number of the remote peer's traffic." ::= { fsIPSecTrafficEntry 11 } fsIPSecTrafficRemoteHostname OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The Hostname of remote peer's IP address." ::= { fsIPSecTrafficEntry 12 } -- =============================================== -- Begin the fsIPSecGlobalStats. -- =============================================== fsIPSecGlobalStats OBJECT IDENTIFIER ::= { fsIPSecObjects 5 } fsIPSecGlobalActiveTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of currently active IPSec Phase-2 Tunnels." ::= { fsIPSecGlobalStats 1 } fsIPSecGlobalActiveSas OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of currently active or expiring IPSec Phase-2 SA." ::= { fsIPSecGlobalStats 2 } fsIPSecGlobalInOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets received by all current and previous IPSec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed." ::= { fsIPSecGlobalStats 3 } fsIPSecGlobalInPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by all current and previous IPSec Phase-2 Tunnels." ::= { fsIPSecGlobalStats 4 } fsIPSecGlobalInSpeed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total speed(bps) of packets received by all current and previous IPSec Phase-2 Tunnels." ::= { fsIPSecGlobalStats 5 } fsIPSecGlobalInDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receiving process by all current and previous IPSec Phase-2 Tunnels. " ::= { fsIPSecGlobalStats 6 } fsIPSecGlobalOutOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets sent by all current and previous IPSec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed." ::= { fsIPSecGlobalStats 7 } fsIPSecGlobalOutPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by all current and previous IPSec Phase-2 Tunnels." ::= { fsIPSecGlobalStats 8 } fsIPSecGlobalOutSpeed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total speed(bps) of packets sent by all current and previous IPSec Phase-2 Tunnels." ::= { fsIPSecGlobalStats 9 } fsIPSecGlobalOutDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during sending process by all current and previous IPSec Phase-2 Tunnels." ::= { fsIPSecGlobalStats 10 } -- =============================================== -- Begin the fsIPSecTrapObject. -- =============================================== fsIPSecTrapObject OBJECT IDENTIFIER ::= { fsIPSecObjects 6 } fsIPSecMapName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The IPSec map name with a trap." ::= { fsIPSecTrapObject 1 } fsIPSecSeqNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The IPSec map sequence number with a trap." ::= { fsIPSecTrapObject 2 } fsIPSecSpiValue OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The SPI value associated with a trap." ::= { fsIPSecTrapObject 3 } -- =============================================== -- definition of traps. -- =============================================== fsIPSecTrap OBJECT IDENTIFIER ::= { fsIPSecObjects 7 } fsIPSecNotifications OBJECT IDENTIFIER ::= { fsIPSecTrap 1 } fsIPSecTunnelStart NOTIFICATION-TYPE OBJECTS { fsIPSecTunLocalAddr, fsIPSecTunRemoteAddr, fsIPSecTunLocalHostname, fsIPSecTunRemoteHostname, fsIPSecTunLifeTime, fsIPSecTunLifeSize } STATUS current DESCRIPTION "This notification is generated when an IPSec Phase-2 Tunnel is created." ::= { fsIPSecNotifications 1 } fsIPSecTunnelStop NOTIFICATION-TYPE OBJECTS { fsIPSecTunLocalAddr, fsIPSecTunRemoteAddr, fsIPSecTunLocalHostname, fsIPSecTunRemoteHostname, fsIPSecTunActiveTime } STATUS current DESCRIPTION "This notification is generated when an IPSec Phase-2 Tunnel is deleted." ::= { fsIPSecNotifications 2 } -- =============================================== -- Conformance Information -- =============================================== fsIPSecConformance OBJECT IDENTIFIER ::= { fsIPSecMonitor 2 } fsIPSecCompliances OBJECT IDENTIFIER ::= { fsIPSecConformance 1 } fsIPSecGroups OBJECT IDENTIFIER ::= { fsIPSecConformance 2 } -- =============================================== -- Compliance Statements -- =============================================== fsIPSecCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION " " MODULE -- this module MANDATORY-GROUPS { fsIPSecTunnelTableGroup, fsIPSecTunnelStatGroup, fsIPSecSaGroup, fsIPSecTrafficTableGroup, fsIPSecGlobalStatsGroup, fsIPSecTrapObjectGroup, fsIPSecTrapGroup } ::= { fsIPSecCompliances 1 } fsIPSecTunnelTableGroup OBJECT-GROUP OBJECTS { fsIPSecTunIKETunnelIndex, fsIPSecTunLocalAddr, fsIPSecTunRemoteAddr, fsIPSecTunLocalHostname, fsIPSecTunRemoteHostname, fsIPSecTunKeyType, fsIPSecTunEncapMode, fsIPSecTunInitiator, fsIPSecTunLifeSize, fsIPSecTunLifeTime, fsIPSecTunRemainTime, fsIPSecTunActiveTime, fsIPSecTunRemainSize, fsIPSecTunTotalRefreshes, fsIPSecTunCurrentSaInstances, fsIPSecTunInSaEncryptAlgo, fsIPSecTunInSaAhAuthAlgo, fsIPSecTunInSaEspAuthAlgo, fsIPSecTunDiffHellmanGrp, fsIPSecTunOutSaEncryptAlgo, fsIPSecTunOutSaAhAuthAlgo, fsIPSecTunOutSaEspAuthAlgo, --fsIPSecTunPolicyName, --fsIPSecTunPolicyNum, fsIPSecTunStatus } STATUS current DESCRIPTION "The group contains the IPSec tunnel's property information." ::= { fsIPSecGroups 1 } fsIPSecTunnelStatGroup OBJECT-GROUP OBJECTS { fsIPSecTunInOctets, fsIPSecTunInDecompOctets, fsIPSecTunInPkts, fsIPSecTunInSpeed, fsIPSecTunInDropPkts, fsIPSecTunOutOctets, fsIPSecTunOutUncompOctets, fsIPSecTunOutPkts, fsIPSecTunOutSpeed, fsIPSecTunOutDropPkts } STATUS current DESCRIPTION "The group contains the IPSec tunnel's statistic information." ::= { fsIPSecGroups 2 } fsIPSecSaGroup OBJECT-GROUP OBJECTS { fsIPSecSaDirection, fsIPSecSaValue, fsIPSecSaProtocol, fsIPSecSaEncryptAlgo, fsIPSecSaAuthAlgo, fsIPSecSaStatus } STATUS current DESCRIPTION "The group contains the SA's property information." ::= { fsIPSecGroups 3 } fsIPSecTrafficTableGroup OBJECT-GROUP OBJECTS { fsIPSecTrafficLocalType, fsIPSecTrafficLocalAddr1, fsIPSecTrafficLocalAddr2, fsIPSecTrafficLocalProtocol, fsIPSecTrafficLocalPort, fsIPSecTrafficLocalHostname, fsIPSecTrafficRemoteType, fsIPSecTrafficRemoteAddr1, fsIPSecTrafficRemoteAddr2, fsIPSecTrafficRemoteProtocol, fsIPSecTrafficRemotePort, fsIPSecTrafficRemoteHostname } STATUS current DESCRIPTION "The group contains the property information of the data flow protected by IPSec tunnel." ::= { fsIPSecGroups 4 } fsIPSecGlobalStatsGroup OBJECT-GROUP OBJECTS { fsIPSecGlobalActiveTunnels, fsIPSecGlobalActiveSas, fsIPSecGlobalInOctets, fsIPSecGlobalInPkts, fsIPSecGlobalInDrops, fsIPSecGlobalInSpeed, fsIPSecGlobalOutOctets, fsIPSecGlobalOutPkts, fsIPSecGlobalOutDrops, fsIPSecGlobalOutSpeed } STATUS current DESCRIPTION "The group contains all of the IPSec tunnel's statistic information." ::= { fsIPSecGroups 5 } fsIPSecTrapObjectGroup OBJECT-GROUP OBJECTS { fsIPSecMapName, fsIPSecSeqNum, fsIPSecSpiValue } STATUS current DESCRIPTION "The group contains all of trap objects of IPSec tunnels." ::= { fsIPSecGroups 6 } fsIPSecTrapGroup NOTIFICATION-GROUP NOTIFICATIONS { fsIPSecTunnelStart, fsIPSecTunnelStop } STATUS current DESCRIPTION "The group contains all of trap of IPSec tunnels." ::= { fsIPSecGroups 7 } END