-- ==================================================================== -- Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P. -- -- Description: The MIB is designed to get IPSec tunnels' statistic information. -- Reference: -- Version: 1.5 -- History: -- V1.0: The initial version created by Caixiansen, Renweichun and -- Maoyu. -- V1.1: Modified by Caixiansen Mar.3 2005 -- Two values 'modp1536(5)' and 'modp2048(14)'are added for data -- type 'HpnicfDiffHellmanGrp'. -- V1.2: Modified by Sunludong Sep.1 2005 -- Descriptions of node 'hpnicfIPSecTunIKETunnelIndex', 'hpnicfIPSecTunLocalAddr', -- 'hpnicfIPSecTunRemoteAddr', 'hpnicfIPSecTunLifeSize', 'hpnicfIPSecTunLifeTime', -- 'hpnicfIPSecTunRemainTime', 'hpnicfIPSecTunActiveTime', 'hpnicfIPSecTunRemainSize' -- are modified. -- Ranges of node 'hpnicfIPSecTunRemainTime', 'hpnicfIPSecTunActiveTime', -- 'hpnicfIPSecTunRemainSize' are modified. -- Ranges of data type 'HpnicfIPSecNegoType', 'HpnicfEncapMode', -- 'HpnicfEncryptAlgo', 'HpnicfAuthAlgo', 'HpnicfDiffHellmanGrp' are modified. -- V1.3: Modified by Sunludong Feb.23 2006 -- Range and description of node 'hpnicfIPSecTunInitiator' are modified. -- V1.4: Modified by liukan Jan.12 2007 -- Range of data type 'HpnicfEncryptAlgo' are modified. -- V1.5: Modified by Liukan Dec.8 2008 -- Three values 'aesCbc128(9)', 'aesCbc192(10)' and 'aesCbc256(11)' are added -- to data type 'HpnicfEncryptAlgo'. -- Data type of node 'hpnicfIPSecTunLifeSize' and 'hpnicfIPSecTunRemainSize' are modified -- from Integer32 to Gauge32. -- ===================================================================== HPN-ICF-IPSEC-MONITOR-MIB DEFINITIONS ::= BEGIN IMPORTS ifIndex FROM RFC1213-MIB DisplayString,TEXTUAL-CONVENTION FROM SNMPv2-TC IpAddress, Integer32, Counter32, Counter64, OBJECT-TYPE, MODULE-IDENTITY, Gauge32, NOTIFICATION-TYPE, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF hpnicfCommon FROM HPN-ICF-OID-MIB; hpnicfIPSecMonitor MODULE-IDENTITY LAST-UPDATED "200410260000Z" -- Oct. 26, 2004 GMT ORGANIZATION "" CONTACT-INFO "" DESCRIPTION "The MIB is designed to get statistic information of IPSec tunnels. With this MIB, we can get information of a certain tunnel or all tunnels." ::= { hpnicfCommon 7 } HpnicfDiffHellmanGrp ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The Diffie Hellman Group used in the IKE and IPSec negotiations. invalidGroup(2147483647) is defined as invalid value." SYNTAX INTEGER { none(0), modp768(1), modp1024(2), modp1536(5), modp2048(14), invalidGroup(2147483647) } HpnicfEncapMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The encapsulation mode used by an IPSec Phase-2 Tunnel. invalidMode(2147483647) is defined as invalid value." SYNTAX INTEGER { tunnel(1), transport(2), invalidMode(2147483647) } HpnicfEncryptAlgo ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The encryption algorithm used in the IKE and IPSec negotiations. invalidAlg(2147483647) is defined as invalid value." SYNTAX INTEGER { none(0), desCbc(1), ideaCbc(2), blowfishCbc(3), rc5R16B64Cbc(4), tripledesCbc(5), castCbc(6), aesCbc(7), nsaCbc(8), aesCbc128(9), aesCbc192(10), aesCbc256(11), invalidAlg(2147483647) } HpnicfAuthAlgo ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The authentication algorithm used in the IKE negotiations. invalidAlg(2147483647) is defined as invalid value." SYNTAX INTEGER { none(0), md5(1), sha(2), invalidAlg(2147483647) } HpnicfSaProtocol ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The protocol of security association." SYNTAX INTEGER { reserved(0), isakmp(1), ah(2), esp(3), ipcomp(4) } HpnicfTrapStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The switch which determines whether send a trap or not." SYNTAX INTEGER { enabled(1), disabled(2) } HpnicfIPSecIDType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of IPSec Identity." SYNTAX INTEGER { reserved(0), ipv4Addr(1), fqdn(2), -- fully-qualified domain name userFqdn(3), -- fully-qualified username ipv4AddrSubnet(4), ipv6Addr(5), ipv6AddrSubnet(6), ipv4AddrRange(7), ipv6AddrRange(8), derAsn1Dn(9), -- the binary DER encoding of an ASN.1 X.500 Distinguished -- Name [X.501] of the princIPal whose certificates are -- being exchanged to establish the SA. derAsn1Gn(10), -- the binary DER encoding of an ASN.1 X.500 GeneralName -- [X.509] of the princIPal whose certificates are being -- exchanged to establish the SA. keyId(11) -- specifies an opaque byte stream which may be used to -- pass vendor-specific information necessary to identify -- which pre-shared key should be used to authenticate -- Aggressive mode negotiations. } HpnicfTrafficType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of the data flow." SYNTAX INTEGER { ipv4Addr(1), ipv4AddrSubnet(4), ipv6Addr(5), ipv6AddrSubnet(6), ipv4AddrRange(7), ipv6AddrRange(8) } HpnicfIPSecNegoType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The type of key used by an IPSec Phase-2 Tunnel. invalidType(2147483647) is defined as invalid value." SYNTAX INTEGER { ike(1), manual(2), invalidType(2147483647) } HpnicfIPSecTunnelState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The state of IPSec tunnel." SYNTAX INTEGER { active(1), timeout(2) } -- ======================================================================== -- Node definitions -- ======================================================================== --Begin the node of hpnicfIPSecObjects. hpnicfIPSecObjects OBJECT IDENTIFIER ::= { hpnicfIPSecMonitor 1 } -- =============================================== -- Begin the table of hpnicfIPSecTunnelTable. -- =============================================== hpnicfIPSecTunnelTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfIPSecTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPSec Phase-2 Tunnel Table. There is one entry in this table for each active IPSec Phase-2 Tunnel." ::= { hpnicfIPSecObjects 1 } hpnicfIPSecTunnelEntry OBJECT-TYPE SYNTAX HpnicfIPSecTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about hpnicfIPSecTunnelTable." INDEX { hpnicfIPSecTunIfIndex, hpnicfIPSecTunEntryIndex,hpnicfIPSecTunIndex } ::= { hpnicfIPSecTunnelTable 1 } HpnicfIPSecTunnelEntry ::= SEQUENCE { hpnicfIPSecTunIfIndex Integer32, hpnicfIPSecTunEntryIndex Integer32, hpnicfIPSecTunIndex Integer32, hpnicfIPSecTunIKETunnelIndex Integer32, hpnicfIPSecTunLocalAddr IpAddress, hpnicfIPSecTunRemoteAddr IpAddress, hpnicfIPSecTunKeyType HpnicfIPSecNegoType, hpnicfIPSecTunEncapMode HpnicfEncapMode, hpnicfIPSecTunInitiator INTEGER, hpnicfIPSecTunLifeSize Gauge32, hpnicfIPSecTunLifeTime Integer32, hpnicfIPSecTunRemainTime Integer32, hpnicfIPSecTunActiveTime Integer32, hpnicfIPSecTunRemainSize Gauge32, hpnicfIPSecTunTotalRefreshes Counter32, hpnicfIPSecTunCurrentSaInstances Gauge32, hpnicfIPSecTunInSaEncryptAlgo HpnicfEncryptAlgo, hpnicfIPSecTunInSaAhAuthAlgo HpnicfAuthAlgo, hpnicfIPSecTunInSaEspAuthAlgo HpnicfAuthAlgo, hpnicfIPSecTunDiffHellmanGrp HpnicfDiffHellmanGrp, hpnicfIPSecTunOutSaEncryptAlgo HpnicfEncryptAlgo, hpnicfIPSecTunOutSaAhAuthAlgo HpnicfAuthAlgo, hpnicfIPSecTunOutSaEspAuthAlgo HpnicfAuthAlgo, hpnicfIPSecTunPolicyName DisplayString, hpnicfIPSecTunPolicyNum Integer32, hpnicfIPSecTunStatus INTEGER } hpnicfIPSecTunIfIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The interface index( the ifIndex of ifTable )." ::= { hpnicfIPSecTunnelEntry 1 } hpnicfIPSecTunEntryIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of IPSec policy applied in the interface." ::= { hpnicfIPSecTunnelEntry 2 } hpnicfIPSecTunIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of IPSec Phase-2 Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647." ::= { hpnicfIPSecTunnelEntry 3 } hpnicfIPSecTunIKETunnelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the associated IPSec Phase-1 IKE Tunnel (IKETunIndex in the IKETunnelTable). 2147483647 is defined as invalid value. " ::= { hpnicfIPSecTunnelEntry 4 } hpnicfIPSecTunLocalAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the local peer for the IPSec Phase-2 Tunnel. 0.0.0.0 is defined as invalid value." ::= { hpnicfIPSecTunnelEntry 5 } hpnicfIPSecTunRemoteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the remote peer for the IPSec Phase-2 Tunnel. 0.0.0.0 is defined as invalid value." ::= { hpnicfIPSecTunnelEntry 6 } hpnicfIPSecTunKeyType OBJECT-TYPE SYNTAX HpnicfIPSecNegoType MAX-ACCESS read-only STATUS current DESCRIPTION "The key negotiate mode used by the IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelEntry 7 } hpnicfIPSecTunEncapMode OBJECT-TYPE SYNTAX HpnicfEncapMode MAX-ACCESS read-only STATUS current DESCRIPTION "The encapsulation mode used by the IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelEntry 8 } hpnicfIPSecTunInitiator OBJECT-TYPE SYNTAX INTEGER { local(1), remote(2), none(2147483647) } MAX-ACCESS read-only STATUS current DESCRIPTION "The initiator of this IPSec tunnel. Value none is used for manual IPsec tunnel, for there is no initiator or responder in this method." ::= { hpnicfIPSecTunnelEntry 9 } hpnicfIPSecTunLifeSize OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated LifeSize of the IPSec Phase-2 Tunnel in kilobytes. 0 is defined as invalid value." ::= { hpnicfIPSecTunnelEntry 10 } hpnicfIPSecTunLifeTime OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated LifeTime of the IPSec Phase-2 Tunnel in seconds. 2147483647 is defined as invalid value." ::= { hpnicfIPSecTunnelEntry 11 } hpnicfIPSecTunRemainTime OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The remain time of SA in seconds. 2147483647 is defined as invalid value." ::= { hpnicfIPSecTunnelEntry 12 } hpnicfIPSecTunActiveTime OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The duration the IPSec Phase-2 Tunnel has been active in hundredths of seconds. 2147483647 is defined as invalid value." ::= { hpnicfIPSecTunnelEntry 13 } hpnicfIPSecTunRemainSize OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The remain LifeSize of SA in kilobytes. 0 is defined as invalid value." ::= { hpnicfIPSecTunnelEntry 14 } hpnicfIPSecTunTotalRefreshes OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of security association refreshing performed." ::= { hpnicfIPSecTunnelEntry 15 } hpnicfIPSecTunCurrentSaInstances OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of security associations which are currently active or expiring." ::= { hpnicfIPSecTunnelEntry 16 } hpnicfIPSecTunInSaEncryptAlgo OBJECT-TYPE SYNTAX HpnicfEncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used by the inbound security association of the IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelEntry 17 } hpnicfIPSecTunInSaAhAuthAlgo OBJECT-TYPE SYNTAX HpnicfAuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the inbound authentication header (AH) security association of the IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelEntry 18 } hpnicfIPSecTunInSaEspAuthAlgo OBJECT-TYPE SYNTAX HpnicfAuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the inbound encapsulation security protocol(ESP) security association of the IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelEntry 19 } hpnicfIPSecTunDiffHellmanGrp OBJECT-TYPE SYNTAX HpnicfDiffHellmanGrp MAX-ACCESS read-only STATUS current DESCRIPTION "The Diffie Hellman Group used by the security association of the IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelEntry 20 } hpnicfIPSecTunOutSaEncryptAlgo OBJECT-TYPE SYNTAX HpnicfEncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used by the outbound security association of the IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelEntry 21 } hpnicfIPSecTunOutSaAhAuthAlgo OBJECT-TYPE SYNTAX HpnicfAuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the outbound authentication header (AH) security association of the IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelEntry 22 } hpnicfIPSecTunOutSaEspAuthAlgo OBJECT-TYPE SYNTAX HpnicfAuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the outbound encapsulation security protocol(ESP) security association of the IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelEntry 23 } hpnicfIPSecTunPolicyName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The policy name used by this IPSec tunnel." ::= { hpnicfIPSecTunnelEntry 24 } hpnicfIPSecTunPolicyNum OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The sequence number of policy used by this IPSec tunnel." ::= { hpnicfIPSecTunnelEntry 25 } hpnicfIPSecTunStatus OBJECT-TYPE SYNTAX INTEGER { initial(1), ready(2), rekeyed(3), closed(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the IPSec Tunnel." ::= { hpnicfIPSecTunnelEntry 26 } -- =============================================== -- Begin the table of hpnicfIPSecTunnelStatTable. -- =============================================== hpnicfIPSecTunnelStatTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfIPSecTunnelStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPSec Phase-2 Tunnel Statistics Table. " ::= { hpnicfIPSecObjects 2 } hpnicfIPSecTunnelStatEntry OBJECT-TYPE SYNTAX HpnicfIPSecTunnelStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about hpnicfIPSecTunnelStatTable." INDEX { hpnicfIPSecTunIfIndex,hpnicfIPSecTunEntryIndex,hpnicfIPSecTunIndex } ::= { hpnicfIPSecTunnelStatTable 1 } HpnicfIPSecTunnelStatEntry ::= SEQUENCE { hpnicfIPSecTunInOctets Counter64, hpnicfIPSecTunInDecompOctets Counter64, hpnicfIPSecTunInPkts Counter64, hpnicfIPSecTunInDropPkts Counter64, hpnicfIPSecTunInReplayDropPkts Counter32, hpnicfIPSecTunInAuthFails Counter32, hpnicfIPSecTunInDecryptFails Counter32, hpnicfIPSecTunOutOctets Counter64, hpnicfIPSecTunOutUncompOctets Counter64, hpnicfIPSecTunOutPkts Counter64, hpnicfIPSecTunOutDropPkts Counter64, hpnicfIPSecTunOutEncryptFails Counter32, hpnicfIPSecTunNoMemoryDropPkts Counter32, hpnicfIPSecTunQueueFullDropPkts Counter32, hpnicfIPSecTunInvalidLenDropPkts Counter32, hpnicfIPSecTunTooLongDropPkts Counter32, hpnicfIPSecTunInvalidSaDropPkts Counter32 } hpnicfIPSecTunInOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets received by this IPSec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed." ::= { hpnicfIPSecTunnelStatEntry 1 } hpnicfIPSecTunInDecompOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of decompressed octets received by this IPSec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed." ::= { hpnicfIPSecTunnelStatEntry 2 } hpnicfIPSecTunInPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 3 } hpnicfIPSecTunInDropPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receiving process by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 4 } hpnicfIPSecTunInReplayDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receiving process due to Anti-Replay process by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 5 } hpnicfIPSecTunInAuthFails OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound authentication's which ended in failure by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 6 } hpnicfIPSecTunInDecryptFails OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound decryption's which ended in failure by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 7 } hpnicfIPSecTunOutOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets sent by this IPSec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed." ::= { hpnicfIPSecTunnelStatEntry 8 } hpnicfIPSecTunOutUncompOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of uncompressed octets sent by this IPSec Phase-2 Tunnel.This value is accumulated BEFORE the packet is compressed." ::= { hpnicfIPSecTunnelStatEntry 9 } hpnicfIPSecTunOutPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 10 } hpnicfIPSecTunOutDropPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during sending process by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 11 } hpnicfIPSecTunOutEncryptFails OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound encryption's which ended in failure by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 12 } hpnicfIPSecTunNoMemoryDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to no enough memory by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 13 } hpnicfIPSecTunQueueFullDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to queue full by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 14 } hpnicfIPSecTunInvalidLenDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to invalid length packet by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 15 } hpnicfIPSecTunTooLongDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to too long packet by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 16 } hpnicfIPSecTunInvalidSaDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to invalid SA by this IPSec Phase-2 Tunnel." ::= { hpnicfIPSecTunnelStatEntry 17 } -- =============================================== -- Begin the table of hpnicfIPSecSaTable. -- =============================================== hpnicfIPSecSaTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfIPSecSaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPSec Phase-2 Security Protection Index Table. This table contains an entry for each active and expiring security association." ::= { hpnicfIPSecObjects 3 } hpnicfIPSecSaEntry OBJECT-TYPE SYNTAX HpnicfIPSecSaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about hpnicfIPSecSaTable." INDEX { hpnicfIPSecTunIfIndex,hpnicfIPSecTunEntryIndex,hpnicfIPSecTunIndex,hpnicfIPSecSaIndex } ::= { hpnicfIPSecSaTable 1 } HpnicfIPSecSaEntry ::= SEQUENCE { hpnicfIPSecSaIndex Integer32, hpnicfIPSecSaDirection INTEGER, hpnicfIPSecSaValue Unsigned32, hpnicfIPSecSaProtocol HpnicfSaProtocol, hpnicfIPSecSaEncryptAlgo HpnicfEncryptAlgo, hpnicfIPSecSaAuthAlgo HpnicfAuthAlgo, hpnicfIPSecSaStatus INTEGER } hpnicfIPSecSaIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The number of the Sa associated with the Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Sa associated with an IPSec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647." ::= { hpnicfIPSecSaEntry 1 } hpnicfIPSecSaDirection OBJECT-TYPE SYNTAX INTEGER { in(1), out(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The direction of the SA." ::= { hpnicfIPSecSaEntry 2 } hpnicfIPSecSaValue OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the SPI." ::= { hpnicfIPSecSaEntry 3 } hpnicfIPSecSaProtocol OBJECT-TYPE SYNTAX HpnicfSaProtocol MAX-ACCESS read-only STATUS current DESCRIPTION "The security protocol of the SA." ::= { hpnicfIPSecSaEntry 4 } hpnicfIPSecSaEncryptAlgo OBJECT-TYPE SYNTAX HpnicfEncryptAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm used by the security association of the IPSec Phase-2 Tunnel." ::= { hpnicfIPSecSaEntry 5 } hpnicfIPSecSaAuthAlgo OBJECT-TYPE SYNTAX HpnicfAuthAlgo MAX-ACCESS read-only STATUS current DESCRIPTION "The authentication algorithm used by the SA." ::= { hpnicfIPSecSaEntry 6 } hpnicfIPSecSaStatus OBJECT-TYPE SYNTAX INTEGER { active(1), expiring(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the SA." ::= { hpnicfIPSecSaEntry 7 } -- =============================================== -- Begin the table of hpnicfIPSecTrafficTable. -- =============================================== hpnicfIPSecTrafficTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfIPSecTrafficEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IPSec Phase-2 Tunnel Traffic Table. " ::= { hpnicfIPSecObjects 4 } hpnicfIPSecTrafficEntry OBJECT-TYPE SYNTAX HpnicfIPSecTrafficEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about hpnicfIPSecTrafficTable." INDEX { hpnicfIPSecTunIfIndex,hpnicfIPSecTunEntryIndex,hpnicfIPSecTunIndex } ::= { hpnicfIPSecTrafficTable 1 } HpnicfIPSecTrafficEntry ::= SEQUENCE { hpnicfIPSecTrafficLocalType HpnicfTrafficType, hpnicfIPSecTrafficLocalAddr1 IpAddress, hpnicfIPSecTrafficLocalAddr2 IpAddress, hpnicfIPSecTrafficLocalProtocol Integer32, hpnicfIPSecTrafficLocalPort Integer32, hpnicfIPSecTrafficRemoteType HpnicfTrafficType, hpnicfIPSecTrafficRemoteAddr1 IpAddress, hpnicfIPSecTrafficRemoteAddr2 IpAddress, hpnicfIPSecTrafficRemoteProtocol Integer32, hpnicfIPSecTrafficRemotePort Integer32 } hpnicfIPSecTrafficLocalType OBJECT-TYPE SYNTAX HpnicfTrafficType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of local peer. Possible values are: a single IP address, or an IP address range, or an IP subnet." ::= { hpnicfIPSecTrafficEntry 1 } hpnicfIPSecTrafficLocalAddr1 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The first specification of local peer's IP address. If the local peer type is single IP address, then this is the value of the IP address. If the local peer type is IP subnet, then this is the value of the subnet. If the local peer type is IP address range, then this is the value of beginning IP address of the range." ::= { hpnicfIPSecTrafficEntry 2 } hpnicfIPSecTrafficLocalAddr2 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The second specification of local peer's IP address. If the local peer type is single IP address, then this is the value of the IP address. If the local peer type is IP subnet, then this is the value of the subnet mask. If the local peer type is IP address range, then this is the value of ending IP address of the range." ::= { hpnicfIPSecTrafficEntry 3 } hpnicfIPSecTrafficLocalProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol number of the local peer's traffic." ::= { hpnicfIPSecTrafficEntry 4 } hpnicfIPSecTrafficLocalPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The port number of the local peer's traffic." ::= { hpnicfIPSecTrafficEntry 5 } hpnicfIPSecTrafficRemoteType OBJECT-TYPE SYNTAX HpnicfTrafficType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of remote peer. Possible values are: a single IP address, or an IP address range, or an IP subnet." ::= { hpnicfIPSecTrafficEntry 6 } hpnicfIPSecTrafficRemoteAddr1 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The first specification of remote peer's IP address. If the remote peer type is single IP address, then this is the value of the IP address. If the remote peer type is IP subnet, then this is the value of the subnet. If the remote peer type is IP address range, then this is the value of beginning IP address of the range." ::= { hpnicfIPSecTrafficEntry 7 } hpnicfIPSecTrafficRemoteAddr2 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Single IP address, then this is the value of the IP address. If the remote peer type is IP subnet, then this is the value of the subnet mask. If the remote peer type is IP address range, then this is the value of ending IP address of the range." ::= { hpnicfIPSecTrafficEntry 8 } hpnicfIPSecTrafficRemoteProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol number of the remote peer's traffic." ::= { hpnicfIPSecTrafficEntry 9 } hpnicfIPSecTrafficRemotePort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The port number of the remote peer's traffic." ::= { hpnicfIPSecTrafficEntry 10 } -- =============================================== -- Begin the hpnicfIPSecGlobalStats. -- =============================================== hpnicfIPSecGlobalStats OBJECT IDENTIFIER ::= { hpnicfIPSecObjects 5 } hpnicfIPSecGlobalActiveTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of currently active IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 1 } hpnicfIPSecGlobalActiveSas OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of currently active or expiring IPSec Phase-2 SA." ::= { hpnicfIPSecGlobalStats 2 } hpnicfIPSecGlobalInOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets received by all current and previous IPSec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed." ::= { hpnicfIPSecGlobalStats 3 } hpnicfIPSecGlobalInDecompOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of decompressed octets received by all current and previous IPSec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed." ::= { hpnicfIPSecGlobalStats 4 } hpnicfIPSecGlobalInPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 5 } hpnicfIPSecGlobalInDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receiving process by all current and previous IPSec Phase-2 Tunnels. " ::= { hpnicfIPSecGlobalStats 6 } hpnicfIPSecGlobalInReplayDrops OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during receiving process due to Anti-Replay process by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 7 } hpnicfIPSecGlobalInAuthFails OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound authentication's which ended in failure by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 8 } hpnicfIPSecGlobalInDecryptFails OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound decryption's which ended in failure by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 9 } hpnicfIPSecGlobalOutOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets sent by all current and previous IPSec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed." ::= { hpnicfIPSecGlobalStats 10 } hpnicfIPSecGlobalOutUncompOctets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of uncompressed octets sent by all current and previous IPSec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed." ::= { hpnicfIPSecGlobalStats 11 } hpnicfIPSecGlobalOutPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 12 } hpnicfIPSecGlobalOutDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped during sending process by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 13 } hpnicfIPSecGlobalOutEncryptFails OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound encryption's which ended in failure by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 14 } hpnicfIPSecGlobalNoMemoryDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to no enough memory by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 15 } hpnicfIPSecGlobalNoFindSaDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to not find SA by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 16 } hpnicfIPSecGlobalQueueFullDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to queue full by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 17 } hpnicfIPSecGlobalInvalidLenDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to invalid packet length by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 18 } hpnicfIPSecGlobalTooLongDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to too long packet by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 19 } hpnicfIPSecGlobalInvalidSaDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped due to invalid SA by all current and previous IPSec Phase-2 Tunnels." ::= { hpnicfIPSecGlobalStats 20 } -- =============================================== -- Begin the hpnicfIPSecTrapObject. -- =============================================== hpnicfIPSecTrapObject OBJECT IDENTIFIER ::= { hpnicfIPSecObjects 6 } hpnicfIPSecPolicyName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The IPSec policy name with a trap." ::= { hpnicfIPSecTrapObject 1 } hpnicfIPSecPolicySeqNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The IPSec policy sequence number with a trap." ::= { hpnicfIPSecTrapObject 2 } hpnicfIPSecPolicySize OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The number of IPSec policies with a trap." ::= { hpnicfIPSecTrapObject 3 } hpnicfIPSecSpiValue OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The SPI value associated with a trap." ::= { hpnicfIPSecTrapObject 4 } -- =============================================== -- Begin the hpnicfIPSecTrapCntl. -- =============================================== hpnicfIPSecTrapCntl OBJECT IDENTIFIER ::= { hpnicfIPSecObjects 7 } hpnicfIPSecTrapGlobalCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether all IPSec traps should be generated." ::= { hpnicfIPSecTrapCntl 1 } hpnicfIPSecTunnelStartTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSecTunnelStart traps should be generated." ::= { hpnicfIPSecTrapCntl 2 } hpnicfIPSecTunnelStopTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSecTunnelStop traps should be generated." ::= { hpnicfIPSecTrapCntl 3 } hpnicfIPSecNoSaTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSecNoSaFailure traps should be generated." ::= { hpnicfIPSecTrapCntl 4 } hpnicfIPSecAuthFailureTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSecAuthFailFailure traps should be generated." ::= { hpnicfIPSecTrapCntl 5 } hpnicfIPSecEncryFailureTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSecEncryFailFailure traps should be generated." ::= { hpnicfIPSecTrapCntl 6 } hpnicfIPSecDecryFailureTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSecDecryFailFailure traps should be generated." ::= { hpnicfIPSecTrapCntl 7 } hpnicfIPSecInvalidSaTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSec Invalid Sa Failure traps should be generated." ::= { hpnicfIPSecTrapCntl 8 } hpnicfIPSecPolicyAddTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSecPolicyAdd traps should be generated." ::= { hpnicfIPSecTrapCntl 9 } hpnicfIPSecPolicyDelTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSecPolicyDel traps should be generated." ::= { hpnicfIPSecTrapCntl 10 } hpnicfIPSecPolicyAttachTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSecPolicyAttach traps should be generated." ::= { hpnicfIPSecTrapCntl 11 } hpnicfIPSecPolicyDetachTrapCntl OBJECT-TYPE SYNTAX HpnicfTrapStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether hpnicfIPSecPolicyDetach traps should be generated." ::= { hpnicfIPSecTrapCntl 12 } -- =============================================== -- definition of traps. -- =============================================== hpnicfIPSecTrap OBJECT IDENTIFIER ::= { hpnicfIPSecObjects 8 } hpnicfIPSecNotifications OBJECT IDENTIFIER ::= { hpnicfIPSecTrap 1 } hpnicfIPSecTunnelStart NOTIFICATION-TYPE OBJECTS { hpnicfIPSecTunLocalAddr, hpnicfIPSecTunRemoteAddr, hpnicfIPSecTunLifeTime, hpnicfIPSecTunLifeSize } STATUS current DESCRIPTION "This notification is generated when an IPSec Phase-2 Tunnel is created." ::= { hpnicfIPSecNotifications 1 } hpnicfIPSecTunnelStop NOTIFICATION-TYPE OBJECTS { hpnicfIPSecTunLocalAddr, hpnicfIPSecTunRemoteAddr, hpnicfIPSecTunActiveTime } STATUS current DESCRIPTION "This notification is generated when an IPSec Phase-2 Tunnel is deleted." ::= { hpnicfIPSecNotifications 2 } hpnicfIPSecNoSaFailure NOTIFICATION-TYPE OBJECTS { hpnicfIPSecTunLocalAddr, hpnicfIPSecTunRemoteAddr } STATUS current DESCRIPTION "This notification is generated when an IPSec Phase-2 non-existent SA error occurs." ::= { hpnicfIPSecNotifications 3 } hpnicfIPSecAuthFailFailure NOTIFICATION-TYPE OBJECTS { hpnicfIPSecTunLocalAddr, hpnicfIPSecTunRemoteAddr } STATUS current DESCRIPTION "This notification is generated when the IPSec phase-2 authentication failure occurs." ::= { hpnicfIPSecNotifications 4 } hpnicfIPSecEncryFailFailure NOTIFICATION-TYPE OBJECTS { hpnicfIPSecTunLocalAddr, hpnicfIPSecTunRemoteAddr } STATUS current DESCRIPTION "This notification is generated when the IPSec phase-2 tunnel has an encrypting failure." ::= { hpnicfIPSecNotifications 5 } hpnicfIPSecDecryFailFailure NOTIFICATION-TYPE OBJECTS { hpnicfIPSecTunLocalAddr, hpnicfIPSecTunRemoteAddr } STATUS current DESCRIPTION "This notification is generated when the IPSec phase-2 tunnel has a decrypting failure." ::= { hpnicfIPSecNotifications 6 } hpnicfIPSecInvalidSaFailure NOTIFICATION-TYPE OBJECTS { hpnicfIPSecTunLocalAddr, hpnicfIPSecTunRemoteAddr, hpnicfIPSecSpiValue } STATUS current DESCRIPTION "This notification is generated when the IPSec phase-2 invalid SA failure occurs." ::= { hpnicfIPSecNotifications 7 } hpnicfIPSecPolicyAdd NOTIFICATION-TYPE OBJECTS { hpnicfIPSecPolicyName, hpnicfIPSecPolicySeqNum, hpnicfIPSecPolicySize } STATUS current DESCRIPTION "This notification is generated when an IPSec policy is added." ::= { hpnicfIPSecNotifications 8 } hpnicfIPSecPolicyDel NOTIFICATION-TYPE OBJECTS { hpnicfIPSecPolicyName, hpnicfIPSecPolicySeqNum, hpnicfIPSecPolicySize } STATUS current DESCRIPTION "This notification is generated when an IPSec policy is deleted." ::= { hpnicfIPSecNotifications 9 } hpnicfIPSecPolicyAttach NOTIFICATION-TYPE OBJECTS { hpnicfIPSecPolicyName, hpnicfIPSecPolicySize, ifIndex } STATUS current DESCRIPTION "This notification is generated when an IPSec policy is attached with one interface." ::= { hpnicfIPSecNotifications 10 } hpnicfIPSecPolicyDetach NOTIFICATION-TYPE OBJECTS { hpnicfIPSecPolicyName, hpnicfIPSecPolicySize, ifIndex } STATUS current DESCRIPTION "This notification is generated when an IPSec policy is detached with one interface." ::= { hpnicfIPSecNotifications 11 } -- =============================================== -- Conformance Information -- =============================================== hpnicfIPSecConformance OBJECT IDENTIFIER ::= { hpnicfIPSecMonitor 2 } hpnicfIPSecCompliances OBJECT IDENTIFIER ::= { hpnicfIPSecConformance 1 } hpnicfIPSecGroups OBJECT IDENTIFIER ::= { hpnicfIPSecConformance 2 } -- =============================================== -- Compliance Statements -- =============================================== hpnicfIPSecCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION " " MODULE -- this module MANDATORY-GROUPS { hpnicfIPSecTunnelTableGroup, hpnicfIPSecTunnelStatGroup, hpnicfIPSecSaGroup, hpnicfIPSecTrafficTableGroup, hpnicfIPSecGlobalStatsGroup, hpnicfIPSecTrapObjectGroup, hpnicfIPSecTrapCntlGroup, hpnicfIPSecTrapGroup } ::= { hpnicfIPSecCompliances 1 } hpnicfIPSecTunnelTableGroup OBJECT-GROUP OBJECTS { hpnicfIPSecTunIKETunnelIndex, hpnicfIPSecTunLocalAddr, hpnicfIPSecTunRemoteAddr, hpnicfIPSecTunKeyType, hpnicfIPSecTunEncapMode, hpnicfIPSecTunInitiator, hpnicfIPSecTunLifeSize, hpnicfIPSecTunLifeTime, hpnicfIPSecTunRemainTime, hpnicfIPSecTunActiveTime, hpnicfIPSecTunRemainSize, hpnicfIPSecTunTotalRefreshes, hpnicfIPSecTunCurrentSaInstances, hpnicfIPSecTunInSaEncryptAlgo, hpnicfIPSecTunInSaAhAuthAlgo, hpnicfIPSecTunInSaEspAuthAlgo, hpnicfIPSecTunDiffHellmanGrp, hpnicfIPSecTunOutSaEncryptAlgo, hpnicfIPSecTunOutSaAhAuthAlgo, hpnicfIPSecTunOutSaEspAuthAlgo, hpnicfIPSecTunPolicyName, hpnicfIPSecTunPolicyNum, hpnicfIPSecTunStatus } STATUS current DESCRIPTION "The group contains the IPSec tunnel's property information." ::= { hpnicfIPSecGroups 1 } hpnicfIPSecTunnelStatGroup OBJECT-GROUP OBJECTS { hpnicfIPSecTunInOctets, hpnicfIPSecTunInDecompOctets, hpnicfIPSecTunInPkts, hpnicfIPSecTunInDropPkts, hpnicfIPSecTunInReplayDropPkts, hpnicfIPSecTunInAuthFails, hpnicfIPSecTunInDecryptFails, hpnicfIPSecTunOutOctets, hpnicfIPSecTunOutUncompOctets, hpnicfIPSecTunOutPkts, hpnicfIPSecTunOutDropPkts, hpnicfIPSecTunOutEncryptFails, hpnicfIPSecTunNoMemoryDropPkts, hpnicfIPSecTunQueueFullDropPkts, hpnicfIPSecTunInvalidLenDropPkts, hpnicfIPSecTunTooLongDropPkts, hpnicfIPSecTunInvalidSaDropPkts } STATUS current DESCRIPTION "The group contains the IPSec tunnel's statistic information." ::= { hpnicfIPSecGroups 2 } hpnicfIPSecSaGroup OBJECT-GROUP OBJECTS { hpnicfIPSecSaDirection, hpnicfIPSecSaValue, hpnicfIPSecSaProtocol, hpnicfIPSecSaEncryptAlgo, hpnicfIPSecSaAuthAlgo, hpnicfIPSecSaStatus } STATUS current DESCRIPTION "The group contains the SA's property information." ::= { hpnicfIPSecGroups 3 } hpnicfIPSecTrafficTableGroup OBJECT-GROUP OBJECTS { hpnicfIPSecTrafficLocalType, hpnicfIPSecTrafficLocalAddr1, hpnicfIPSecTrafficLocalAddr2, hpnicfIPSecTrafficLocalProtocol, hpnicfIPSecTrafficLocalPort, hpnicfIPSecTrafficRemoteType, hpnicfIPSecTrafficRemoteAddr1, hpnicfIPSecTrafficRemoteAddr2, hpnicfIPSecTrafficRemoteProtocol, hpnicfIPSecTrafficRemotePort } STATUS current DESCRIPTION "The group contains the property information of the data flow protected by IPSec tunnel." ::= { hpnicfIPSecGroups 4 } hpnicfIPSecGlobalStatsGroup OBJECT-GROUP OBJECTS { hpnicfIPSecGlobalActiveTunnels, hpnicfIPSecGlobalActiveSas, hpnicfIPSecGlobalInOctets, hpnicfIPSecGlobalInDecompOctets, hpnicfIPSecGlobalInPkts, hpnicfIPSecGlobalInDrops, hpnicfIPSecGlobalInReplayDrops, hpnicfIPSecGlobalInAuthFails, hpnicfIPSecGlobalInDecryptFails, hpnicfIPSecGlobalOutOctets, hpnicfIPSecGlobalOutUncompOctets, hpnicfIPSecGlobalOutPkts, hpnicfIPSecGlobalOutDrops, hpnicfIPSecGlobalOutEncryptFails, hpnicfIPSecGlobalNoMemoryDropPkts, hpnicfIPSecGlobalNoFindSaDropPkts, hpnicfIPSecGlobalQueueFullDropPkts, hpnicfIPSecGlobalInvalidLenDropPkts, hpnicfIPSecGlobalTooLongDropPkts, hpnicfIPSecGlobalInvalidSaDropPkts } STATUS current DESCRIPTION "The group contains all of the IPSec tunnel's statistic information." ::= { hpnicfIPSecGroups 5 } hpnicfIPSecTrapObjectGroup OBJECT-GROUP OBJECTS { hpnicfIPSecPolicyName, hpnicfIPSecPolicySeqNum, hpnicfIPSecPolicySize, hpnicfIPSecSpiValue } STATUS current DESCRIPTION "The group contains all of trap objects of IPSec tunnels." ::= { hpnicfIPSecGroups 6 } hpnicfIPSecTrapCntlGroup OBJECT-GROUP OBJECTS { hpnicfIPSecTrapGlobalCntl, hpnicfIPSecTunnelStartTrapCntl, hpnicfIPSecTunnelStopTrapCntl, hpnicfIPSecNoSaTrapCntl, hpnicfIPSecAuthFailureTrapCntl, hpnicfIPSecEncryFailureTrapCntl, hpnicfIPSecDecryFailureTrapCntl, hpnicfIPSecInvalidSaTrapCntl, hpnicfIPSecPolicyAddTrapCntl, hpnicfIPSecPolicyDelTrapCntl, hpnicfIPSecPolicyAttachTrapCntl, hpnicfIPSecPolicyDetachTrapCntl } STATUS current DESCRIPTION "The group contains all of trap switches of IPSec tunnels." ::= { hpnicfIPSecGroups 7 } hpnicfIPSecTrapGroup NOTIFICATION-GROUP NOTIFICATIONS { hpnicfIPSecTunnelStart, hpnicfIPSecTunnelStop, hpnicfIPSecNoSaFailure, hpnicfIPSecAuthFailFailure, hpnicfIPSecEncryFailFailure, hpnicfIPSecDecryFailFailure, hpnicfIPSecInvalidSaFailure, hpnicfIPSecPolicyAdd, hpnicfIPSecPolicyDel, hpnicfIPSecPolicyAttach, hpnicfIPSecPolicyDetach } STATUS current DESCRIPTION "The group contains all of trap of IPSec tunnels." ::= { hpnicfIPSecGroups 8 } END