TIMETRA-IPSEC-MIB DEFINITIONS ::= BEGIN IMPORTS CounterBasedGauge64 FROM HCNUM-TC InterfaceIndex FROM IF-MIB InetAddress, InetAddressPrefixLength, InetAddressType, InetPortNumber FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF Counter32, Counter64, Gauge32, Integer32, MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI DateAndTime, DisplayString, RowStatus, StorageType, TEXTUAL-CONVENTION, TimeStamp, TruthValue FROM SNMPv2-TC TmnxEsaIdOrZero, TmnxEsaVmIdOrZero, TmnxHwIndexOrZero, tmnxCardSlotNum, tmnxChassisIndex, tmnxEsaId, tmnxEsaVmId, tmnxIPsecIsaGrpId, tmnxMDASlotNum FROM TIMETRA-CHASSIS-MIB TFilterID FROM TIMETRA-FILTER-MIB timetraSRMIBModules, tmnxSRConfs, tmnxSRNotifyPrefix, tmnxSRObjs FROM TIMETRA-GLOBAL-MIB sapEncapValue, sapPortId FROM TIMETRA-SAP-MIB svcId FROM TIMETRA-SERV-MIB TEntryId, TItemDescription, TItemLongDescription, TLNamedItemOrEmpty, TNamedItem, TNamedItemOrEmpty, TTcpUdpPort, TmnxAdminState, TmnxAuthAlgorithm, TmnxBfdSessOperState, TmnxEnabledDisabled, TmnxEncrAlgorithm, TmnxIPsecDirection, TmnxIPsecKeyingType, TmnxIPsecTunnelTemplateId, TmnxIPsecTunnelTemplateIdOrZero, TmnxIkePolicyAuthMethod, TmnxIkePolicyAutoEapMethod, TmnxIkePolicyAutoEapOwnMethod, TmnxIkePolicyDHGroupOrZero, TmnxIkePolicyOwnAuthMethod, TmnxOperState, TmnxServId, TmnxTunnelGroupIdOrZero, TmnxVRtrID, TmnxVRtrIDOrZero FROM TIMETRA-TC-MIB vRtrID, vRtrIfIndex FROM TIMETRA-VRTR-MIB ; timetraIPsecMIBModule MODULE-IDENTITY LAST-UPDATED "201701010000Z" ORGANIZATION "Nokia" CONTACT-INFO "Nokia SROS Support Web: http://www.nokia.com" DESCRIPTION "This document is the SNMP MIB module to manage and provision the Nokia SROS device with IPsec tunneling, encryption and other related features. Copyright 2008-2018 Nokia. All rights reserved. Reproduction of this document is authorized on the condition that the foregoing copyright notice is included. This SNMP MIB module (Specification) embodies Nokia's proprietary intellectual property. Nokia retains all title and ownership in the Specification, including any revisions. Nokia grants all interested parties a non-exclusive license to use and distribute an unmodified copy of this Specification in connection with management of Nokia products, and without fee, provided this copyright notice and license appear on all copies. This Specification is supplied `as is', and Nokia makes no warranty, either express or implied, as to the use, operation, condition, or performance of the Specification." REVISION "201701010000Z" DESCRIPTION "Rev 15.0 1 Jan 2017 00:00 15.0 release of the TIMETRA-IPSEC-MIB." REVISION "201601010000Z" DESCRIPTION "Rev 14.0 1 Jan 2016 00:00 14.0 release of the TIMETRA-IPSEC-MIB." REVISION "201501010000Z" DESCRIPTION "Rev 13.0 1 Jan 2015 00:00 13.0 release of the TIMETRA-IPSEC-MIB." REVISION "201401010000Z" DESCRIPTION "Rev 12.0 1 Jan 2014 00:00 12.0 release of the TIMETRA-IPSEC-MIB." REVISION "201102010000Z" DESCRIPTION "Rev 9.0 1 Feb 2011 00:00 9.0 release of the TIMETRA-IPSEC-MIB." REVISION "200902280000Z" DESCRIPTION "Rev 7.0 28 Feb 2009 00:00 7.0 release of the TIMETRA-IPSEC-MIB." REVISION "200807010000Z" DESCRIPTION "Rev 6.1 01 Jul 2008 00:00 6.1 release of the TIMETRA-IPSEC-MIB." REVISION "200801010000Z" DESCRIPTION "Rev 0.1 01 Jan 2008 00:00 Initial version of the TIMETRA-IPSEC-MIB." ::= { timetraSRMIBModules 48 } TmnxIPsecTransformId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A number used to identify an entry in the tmnxIPsecTransformTable." SYNTAX Unsigned32 (1..2048) TmnxIPsecTransformIdOrZero ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A number used to identify an entry in the tmnxIPsecTransformTable or zero." SYNTAX Unsigned32 (0..2048) TmnxIPsecIkeTransformId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A number used to uniquely identify an IKE transform entry." SYNTAX Unsigned32 (1..4096) TmnxIPsecIkeTransformIdOrZero ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A number used to uniquely identify an IKE transform entry or zero." SYNTAX Unsigned32 (0..4096) TmnxIkePolicyId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A number used to identify an entry in the tmnxIkePolicyTable." SYNTAX Unsigned32 (1..2048) TmnxIkePolicyIdOrZero ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A number used to identify an entry in the tmnxIkePolicyTable or zero." SYNTAX Unsigned32 (0..2048) TmnxIkeVersion ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxIkeVersion data type is an integer that indicates the version of IKE supported by the entry." SYNTAX INTEGER { version1 (1), version2 (2) } TmnxIkePolicyIkeMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxIkePolicyIkeMode data type is an enumerated integer that describes the values used to identify the IKE mode of operation. This determines the number of messages used to establish the session." SYNTAX INTEGER { main (1), aggressive (2) } TmnxIkePolicyDHGroup ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxIkePolicyDHGroup data type is an enumerated integer that describes the values used to identify the diffie-hellman group for calculating the session keys. Value Descriptions: group1 - 768 bits group2 - 1024 bits group5 - 1536 bits group14 - 2048 bits group15 - 3072 bits group19 - 256 bits random ECP group group20 - 384 bits random ECP group group21 - 521 bits random ECP group More bits provide a higher level of security, but require more processing." SYNTAX INTEGER { group1 (1), group2 (2), group5 (5), group14 (14), group15 (15), group19 (19), group20 (20), group21 (21) } TmnxIPsecTransformPfsDhGrp ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxIPsecTransformPfsDhGrp data type is similar to TmnxIkePolicyDHGroup but allows the value 'disablePfs (0)' and 'inherit (-1)'. Diffie-Hellman (DH) group is used by the system to achieve Perfect Forward Secrecy (PFS). disablePfs - the PFS functionality is disabled inherit - the value of DH group used by the system is inherited from another MIB object. Please refer to the description of the specific MIB object (e.g., tmnxIPsecTransformPfsDhGroup) for detail information." SYNTAX INTEGER { inherit (-1), disablePfs (0), group1 (1), group2 (2), group5 (5), group14 (14), group15 (15), group19 (19), group20 (20), group21 (21) } TmnxIPsecPolicyId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A number used to identify an entry in the tmnxIPsecPolicyTable." SYNTAX Unsigned32 (1..32768) TmnxIPsecPolicyIdOrZero ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A number used to identify an entry in the tmnxIPsecPolicyTable or zero." SYNTAX Unsigned32 (0..32768) TmnxIPsecDirection2 ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxIPsecDirection data type is an enumerated integer that describes the values used to identify the direction of an IPsec tunnel." SYNTAX INTEGER { inbound (1), outbound (2), bidirectional (3) } TmnxIPsecProtocol ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxIPsecProtocol data type is an enumerated integer that describes the values used to identify the used IPsec protocol." SYNTAX INTEGER { ah (1), esp (2) } TmnxIPsecLocalIdType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxIPsecLocalIdType data type is an enumerated integer that describes the local identifier type used for IDi or IDr for IKEv2." SYNTAX INTEGER { none (0), ipv4 (1), fqdn (2), dn (3), ipv6 (4) } TmnxCertRevStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxCertRevStatus data type is an enumerated integer that describes the certification revocation status." SYNTAX INTEGER { crl (1), ocsp (2) } TmnxCertRevStatusOrNone ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxCertRevStatus data type is an enumerated integer that describes the certification revocation status or none." SYNTAX INTEGER { none (0), crl (1), ocsp (2) } TmnxIkePolicyRelayUnSolCfgAttr ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The TmnxIkePolicyRelayUnSolCfgAttr indicates the unsolicited configuration attributes for IKEv2 remote-access tunnels. These attributes, when provided by the authentication server, are returned to the IKE peer regardless of whether or not they have been requested. Normally, only the requested attributes are returned." SYNTAX BITS { internalIp4Address (0), internalIp4Netmask (1), internalIp4Dns (2), internalIp6Address (3), internalIp6Dns (4) } TmnxIpsecTrafficSelSide ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxIpsecTrafficSelSide data type is an enumerated integer that describes the values used to identify the side of a traffic selector entry." SYNTAX INTEGER { local (1), remote (2) } TmnxIPsecHistStatsType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "TmnxIPsecHistStatsType data type is an enumerated integer that describes the values used to identify the type of IPsec historical statistics. Value Descriptions: numOfTotalIPsecTnls - The total number of IPsec tunnels numOfIPsecSL2LTnls - The number of IPsec static LAN-to-LAN (SL2L) tunnels numOfIPsecDL2LTnls - The number of IPsec dynamic LAN-to-LAN (DL2L) tunnels numOfIPsecRATnls - The number of IPsec remote access (RA) tunnels numOfIPsecEncrPkts - The number of encrypted IPsec packets numOfIPsecDecrPkts - The number of decrypted IPsec packets numOfIPsecEnDecrPkts - The number of encrypted and decrypted IPsec packets numOfIPsecEncrBits - The number of bits in the encrypted IPsec packets numOfIPsecDecrBits - The number of bits in the decrypted IPsec packets numOfIPsecEnDecrBits - The number of bits in the encrypted and decrypted IPsec packets numOfGreTnlEncapPkts - The number of encapsulated Generic Routing Encapsulation (GRE) tunnel packets numOfGreTnlDecapPkts - The number of decapsulated GRE tunnel packets numOfGreTnlEnDecapPkts - The number of encapsulated and decapsulated GRE tunnel packets numOfGreTnlEncapBits - The number of bits in the encapsulated GRE tunnel packets numOfGreTnlDecapBits - The number of bits in the decapsulated GRE tunnel packets numOfGreTnlEnDecapBits - The number of bits in the encapsulated and decapsulated GRE tunnel packets numOfIpTnlEncapPkts - The number of encapsulated IP tunnel packets numOfIpTnlDecapPkts - The number of decapsulated IP tunnel packets numOfIpTnlEnDecapPkts - The number of encapsulated and decapsulated IP tunnel packets numOfIpTnlEncapBits - The number of bits in the encapsulated IP tunnel packets numOfIpTnlDecapBits - The number of bits in the decapsulated IP tunnel packets numOfIpTnlEnDecapBits - The number of bits in the encapsulated and decapsulated IP tunnel packets numOfL2tpv3TnlEncapPkts - The number of encapsulated Layer 2 Tunneling Protocol Version 3 (L2TPv3) tunnel packets numOfL2tpv3TnlDecapPkts - The number of decapsulated L2TPv3 tunnel packets numOfL2tpv3TnlEnDecapPkts - The number of encapsulated and decapsulated L2TPv3 tunnel packets numOfL2tpv3TnlEncapBits - The number of bits in the encapsulated L2TPv3 tunnel packets numOfL2tpv3TnlDecapBits - The number of bits in the decapsulated L2TPv3 tunnel packets numOfL2tpv3TnlEnDecapBits - The number of bits in the encapsulated and decapsulated L2TPv3 tunnel packets numOfNewTotalIPsecTnls - The total number of new successfully created IPsec tunnels numOfNewIPsecSL2LTnls - The number of new successfully created IPsec static LAN-to-LAN (SL2L) tunnels numOfNewIPsecDL2LTnls - The number of new successfully created IPsec dynamic LAN-to-LAN (DL2L) tunnels numOfNewIPsecRATnls - The number of new successfully created IPsec remote access (RA) tunnels numOfIkeAuthFails - The number of IKE authentication failures numOfIkeNoPrpslFails - The number of IKE non-proposal chosen failures numOfIkeAddrAsgFails - The number of IKE address assignment failures numOfIkeInvldTsFails - The number of IKE invalid Traffic Selector (TS) failures numOfIkeInvldKeFails - The number of IKE invalid Key Exchange (KE) failures numOfIkeDpdTimeoutFails - The number of IKE Dead Peer Detection (DPD) timeout failures numOfIkeOtherReasonFails - The number of all other IKE exchange failures isaCtrolPlaneCpuUsageBp - ISA CPU usage base point in control plane 1 base point = 0.01% isaDataPlaneCpuUsageBp - ISA CPU usage base point in data plane numOfIsaMemAllocFailures - The number of ISA memory allocation failures All the above statistics are calculated in a certain sampling period. The statistical values are reset to zero at the beginning of each sampling period. The system maintains the history records for those statistics. The statistics listed below are calculated accumulatively since the start of statistics monitoring. The system only maintains the current values for those statistics. numOfAccumGreTnls - The number of accumulative Generic Routing Encapsulation (GRE) tunnels numOfAccumIpTnls - The number of accumulative IP tunnels numOfAccumL2tpv3Tnls - The number of accumulative Layer 2 Tunneling Protocol Version 3 (L2TPv3) tunnels numOfAccumIPsecEncrPkts - The number of accumulative encrypted IPsec packets numOfAccumIPsecDecrPkts - The number of accumulative decrypted IPsec packets numOfAccumIPsecEnDecrPkts - The number of accumulative encrypted and decrypted IPsec packets numOfAccumIPsecEncrKBs - The number of kibibytes (1 kibibyte == 1024 bytes) in the accumulative encrypted IPsec packets numOfAccumIPsecDecrKBs - The number of KBs in the accumulative decrypted IPsec packets numOfAccumIPsecEnDecrKBs - The number of KBs in the accumulative encrypted and decrypted IPsec packets numOfAccumGreTnlDecapPkts - The number of accumulative decrypted GRE tunnel packets numOfAccumGreTnlEnDecapPkts - The number of accumulative encrypted and decrypted GRE tunnel packets numOfAccumGreTnlEncapKBs - The number of KBs in the accumulative encrypted GRE tunnel packets numOfAccumGreTnlDecapKBs - The number of KBs in the accumulative decrypted GRE tunnel packets numOfAccumGreTnlEnDecapKBs - The number of KBs in the accumulative encrypted and decrypted GRE tunnel packets numOfAccumIpTnlDecapPkts - The number of accumulative decrypted IP tunnel packets numOfAccumIpTnlEnDecapPkts - The number of accumulative encrypted and decrypted IP tunnel packets numOfAccumIpTnlEncapKBs - The number of KBs in the accumulative encrypted IP tunnel packets numOfAccumIpTnlDecapKBs - The number of KBs in the accumulative decrypted IP tunnel packets numOfAccumIpTnlEnDecapKBs - The number of KBs in the accumulative encrypted and decrypted IP tunnel packets numOfAccumL2tpv3TnlDecapPkts - The number of accumulative decrypted L2TPv3 tunnel packets numOfAccumL2tpv3TnlEnDecapPkts - The number of accumulative encrypted and decrypted L2TPv3 tunnel packets numOfAccumL2tpv3TnlEncapKBs - The number of KBs in the accumulative encrypted L2TPv3 tunnel packets numOfAccumL2tpv3TnlDecapKBs - The number of KBs in the accumulative decrypted L2TPv3 tunnel packets numOfAccumL2tpv3TnlEnDecapKBs - The number of KBs in the accumulative encrypted and decrypted L2TPv3 tunnel packets ikev2IkeSaInitExchgPktsDrops - Early drops of IKE-SA-INIT exchange packet ikev2IkeAuthExchgPktsDrops - Early drops of IKE-AUTH exchange packet ikev2CrtCldInfoExchgPktsDrops - Early drops of Create-CHILD and Informational exchange packets" SYNTAX INTEGER { numOfTotalIPsecTnls (1), numOfIPsecSL2LTnls (2), numOfIPsecDL2LTnls (3), numOfIPsecRATnls (4), numOfAccumGreTnls (5), numOfAccumIpTnls (6), numOfAccumL2tpv3Tnls (7), numOfIPsecEncrPkts (100), numOfIPsecDecrPkts (101), numOfIPsecEnDecrPkts (102), numOfIPsecEncrBits (103), numOfIPsecDecrBits (104), numOfIPsecEnDecrBits (105), numOfGreTnlEncapPkts (120), numOfGreTnlDecapPkts (121), numOfGreTnlEnDecapPkts (122), numOfGreTnlEncapBits (123), numOfGreTnlDecapBits (124), numOfGreTnlEnDecapBits (125), numOfIpTnlEncapPkts (140), numOfIpTnlDecapPkts (141), numOfIpTnlEnDecapPkts (142), numOfIpTnlEncapBits (143), numOfIpTnlDecapBits (144), numOfIpTnlEnDecapBits (145), numOfL2tpv3TnlEncapPkts (160), numOfL2tpv3TnlDecapPkts (161), numOfL2tpv3TnlEnDecapPkts (162), numOfL2tpv3TnlEncapBits (163), numOfL2tpv3TnlDecapBits (164), numOfL2tpv3TnlEnDecapBits (165), numOfNewTotalIPsecTnls (200), numOfNewIPsecSL2LTnls (201), numOfNewIPsecDL2LTnls (202), numOfNewIPsecRATnls (203), numOfIkeAuthFails (300), numOfIkeNoPrpslFails (301), numOfIkeAddrAsgFails (302), numOfIkeInvldTsFails (303), numOfIkeInvldKeFails (304), numOfIkeDpdTimeoutFails (305), numOfIkeOtherReasonFails (306), numOfAccumIPsecEncrPkts (400), numOfAccumIPsecDecrPkts (401), numOfAccumIPsecEnDecrPkts (402), numOfAccumIPsecEncrKBs (403), numOfAccumIPsecDecrKBs (404), numOfAccumIPsecEnDecrKBs (405), numOfAccumGreTnlEncapPkts (420), numOfAccumGreTnlDecapPkts (421), numOfAccumGreTnlEnDecapPkts (422), numOfAccumGreTnlEncapKBs (423), numOfAccumGreTnlDecapKBs (424), numOfAccumGreTnlEnDecapKBs (425), numOfAccumIpTnlEncapPkts (440), numOfAccumIpTnlDecapPkts (441), numOfAccumIpTnlEnDecapPkts (442), numOfAccumIpTnlEncapKBs (443), numOfAccumIpTnlDecapKBs (444), numOfAccumIpTnlEnDecapKBs (445), numOfAccumL2tpv3TnlEncapPkts (460), numOfAccumL2tpv3TnlDecapPkts (461), numOfAccumL2tpv3TnlEnDecapPkts (462), numOfAccumL2tpv3TnlEncapKBs (463), numOfAccumL2tpv3TnlDecapKBs (464), numOfAccumL2tpv3TnlEnDecapKBs (465), isaCtrolPlaneCpuUsageBp (500), isaDataPlaneCpuUsageBp (501), numOfIsaMemAllocFailures (600), ikev2IkeSaInitExchgPktsDrops (700), ikev2IkeAuthExchgPktsDrops (701), ikev2CrtCldInfoExchgPktsDrops (702) } TmnxIPsecOperState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The TmnxIPsecOperState data type is an enumerated integer that describes the values used to identify the current operational state of IPsec functional modules." SYNTAX INTEGER { unknown (1), inService (2), outOfService (3), transition (4), limited (5) } TIPsecMulticastProtocol ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The TIPsecMulticastProtocol indicates the multicast protocol types supported by the IPsec application. Value descriptions: mld - Multicast Listener Discovery igmp - Internet Group Management Protocol" SYNTAX BITS { mld (0), igmp (1) } tmnxIPsecObjects OBJECT IDENTIFIER ::= { tmnxSRObjs 48 } tmnxIPsecTransformTblLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTransformTblLastChanged indicates the sysUpTime at the time of the last modification to tmnxIPsecTransformTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 1 } tmnxIPsecTransformTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecTransformEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IPsec transform entries." ::= { tmnxIPsecObjects 2 } tmnxIPsecTransformEntry OBJECT-TYPE SYNTAX TmnxIPsecTransformEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec transform entry." INDEX { tmnxIPsecTransformId } ::= { tmnxIPsecTransformTable 1 } TmnxIPsecTransformEntry ::= SEQUENCE { tmnxIPsecTransformId TmnxIPsecTransformId, tmnxIPsecTransformRowStatus RowStatus, tmnxIPsecTransformLastChanged TimeStamp, tmnxIPsecTransformAuthAlgorithm TmnxAuthAlgorithm, tmnxIPsecTransformEncrAlgorithm TmnxEncrAlgorithm, tmnxIPsecTransformPfsDhGroup TmnxIPsecTransformPfsDhGrp, tmnxIPsecTransformLifeTime Unsigned32 } tmnxIPsecTransformId OBJECT-TYPE SYNTAX TmnxIPsecTransformId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecTransformId specifies the id of a transform entry and is the primary index for the table tmnxIPsecTransformTable." ::= { tmnxIPsecTransformEntry 1 } tmnxIPsecTransformRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxIPsecTransformRowStatus object is used to create and delete rows in the tmnxIPsecTransformTable." ::= { tmnxIPsecTransformEntry 2 } tmnxIPsecTransformLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTransformLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecTransformEntry 3 } tmnxIPsecTransformAuthAlgorithm OBJECT-TYPE SYNTAX TmnxAuthAlgorithm MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTransformAuthAlgorithm specifies the Hashing algorithm used for the AH (Authentication Header) protocol's authentication function. If 'none' is used then AH protocol will not be used." DEFVAL { sha1 } ::= { tmnxIPsecTransformEntry 4 } tmnxIPsecTransformEncrAlgorithm OBJECT-TYPE SYNTAX TmnxEncrAlgorithm MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTransformEncrAlgorithm specifies the Encryption algorithm to be used for the IPsec session. Encryption only applies to ESP(Encapsulating Security Payload) configurations. If encryption is 'null', then ESP will not be used." DEFVAL { aes128 } ::= { tmnxIPsecTransformEntry 5 } tmnxIPsecTransformPfsDhGroup OBJECT-TYPE SYNTAX TmnxIPsecTransformPfsDhGrp MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTransformPfsDhGroup specifies the Diffie-hellman (DH) key exchange to be used each time the Security Association (SA) key is renegotiated. After the SA expires, the key is forgotten and another key is generated (if the SA remains up). This means that an attacker who cracks part of the exchange can only read the part that used the key before the key changed. There is no advantage of cracking the other parts if the attacker has already cracked one. The value of 'inherit (-1)' specifies that the IPsec tunnel or gateway which refers to this IPsec transform will reuse the DH group configurations from its associated IKE policy table (tmnxIkePolicyTable). Specifically, if the value of tmnxIkePolicyPFSEnabled is 'true (1)', the IPsec transform will use the value of tmnxIkePolicyPFSDHGroup. If the value of tmnxIkePolicyPFSEnabled is 'false (2)', the IPsec transform doesn't use any DH group." DEFVAL { inherit } ::= { tmnxIPsecTransformEntry 6 } tmnxIPsecTransformLifeTime OBJECT-TYPE SYNTAX Unsigned32 (0 | 1200..31536000) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTransformLifeTime specifies the lifetime of the phase 2 IKE key. The value of zero specifies that the IPsec tunnel or gateway which refers this IPsec transform will reuse the lifetime value (i.e. tmnxIkePolicyIPsecLifeTime) from its associated IKE policy." DEFVAL { 0 } ::= { tmnxIPsecTransformEntry 7 } tmnxIkePolicyTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIkePolicyTableLastChanged indicates the sysUpTime at the time of the last modification to tmnxIkePolicyTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 3 } tmnxIkePolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIkePolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IKE policy entries." ::= { tmnxIPsecObjects 4 } tmnxIkePolicyEntry OBJECT-TYPE SYNTAX TmnxIkePolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IKE policy entry." INDEX { tmnxIkePolicyId } ::= { tmnxIkePolicyTable 1 } TmnxIkePolicyEntry ::= SEQUENCE { tmnxIkePolicyId TmnxIkePolicyId, tmnxIkePolicyRowStatus RowStatus, tmnxIkePolicyLastChanged TimeStamp, tmnxIkePolicyDescription TItemDescription, tmnxIkePolicyIkeMode TmnxIkePolicyIkeMode, tmnxIkePolicyDHGroup TmnxIkePolicyDHGroup, tmnxIkePolicyPFSEnabled TruthValue, tmnxIkePolicyPFSDHGroup TmnxIkePolicyDHGroup, tmnxIkePolicyAuthAlgorithm TmnxAuthAlgorithm, tmnxIkePolicyEncrAlgorithm TmnxEncrAlgorithm, tmnxIkePolicyIsakmpLifeTime Unsigned32, tmnxIkePolicyIPsecLifeTime Unsigned32, tmnxIkePolicyNatTraversal INTEGER, tmnxIkePolicyNatTKeepAliveIntvl Unsigned32, tmnxIkePolicyNatTBehindNatOnly TruthValue, tmnxIkePolicyDpd INTEGER, tmnxIkePolicyDpdInterval Unsigned32, tmnxIkePolicyDpdMaxRetries Unsigned32, tmnxIkePolicyAuthMethod TmnxIkePolicyAuthMethod, tmnxIkePolicyIkeVersion TmnxIkeVersion, tmnxIkePolicyOwnAuthMethod TmnxIkePolicyOwnAuthMethod, tmnxIkePolicyMatchPeerToCert TruthValue, tmnxIkePolicyRelayUnSolCfgAttr TmnxIkePolicyRelayUnSolCfgAttr, tmnxIkePolicyAutoEapMethod TmnxIkePolicyAutoEapMethod, tmnxIkePolicyAutoEapOwnMethod TmnxIkePolicyAutoEapOwnMethod, tmnxIkePolicyLockout TmnxEnabledDisabled, tmnxIkePolicyLockoutFailedAtempt Unsigned32, tmnxIkePolicyLockoutDuration Unsigned32, tmnxIkePolicyLockoutBlock Unsigned32, tmnxIkePolicyLockoutMaxPortPerIp Unsigned32, tmnxIkePolicyV2Fragment TmnxEnabledDisabled, tmnxIkePolicyV2FragmentMtu Unsigned32, tmnxIkePolicyV2FragReassembTmOut Unsigned32, tmnxIkePolicySndIdrAftEapSuccess TruthValue, tmnxIkePolicyIkev1Ph1RespDelNtfy TruthValue, tmnxIkePolicyLimitInitExchange TruthValue, tmnxIkePolicyReducedMaxExchgTt Unsigned32 } tmnxIkePolicyId OBJECT-TYPE SYNTAX TmnxIkePolicyId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIkePolicyId specifies the id of a policy entry and is the primary index for the table tmnxIkePolicyTable." ::= { tmnxIkePolicyEntry 1 } tmnxIkePolicyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxIkePolicyRowStatus object is used to create and delete rows in the tmnxIkePolicyTable." ::= { tmnxIkePolicyEntry 2 } tmnxIkePolicyLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIkePolicyLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIkePolicyEntry 3 } tmnxIkePolicyDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyDescription specifies the user-provided description for each tmnxIkePolicyEntry in the table tmnxIkePolicyTable." DEFVAL { "" } ::= { tmnxIkePolicyEntry 4 } tmnxIkePolicyIkeMode OBJECT-TYPE SYNTAX TmnxIkePolicyIkeMode MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyIkeMode specifies the mode of operation, which determines the number of messages used to establish the session." DEFVAL { main } ::= { tmnxIkePolicyEntry 5 } tmnxIkePolicyDHGroup OBJECT-TYPE SYNTAX TmnxIkePolicyDHGroup MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIkePolicyDHGroup specifies the Diffie-Hellman group to be used for calculating session keys which will be used in the IKE proposal. This object has been marked obsolete in SROS Release 15.0. The functionality of this object is replaced by tmnxIPsecIkeTransformDhGroup." DEFVAL { group2 } ::= { tmnxIkePolicyEntry 6 } tmnxIkePolicyPFSEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyPFSEnabled specifies whether PFS (perfect forward secrecy) on the tunnel using this policy is enabled or not. When tmnxIkePolicyPFSDHGroup has a value of 'true', PFS is enabled." DEFVAL { false } ::= { tmnxIkePolicyEntry 7 } tmnxIkePolicyPFSDHGroup OBJECT-TYPE SYNTAX TmnxIkePolicyDHGroup MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyPFSDHGroup is used only if the value of the tmnxIkePolicyPFSEnabled is 'true'. The value of tmnxIkePolicyPFSDHGroup specifies the new Diffie-hellman key exchange each time the SA(Security Association) key is renegotiated. After the SA expires, the key is forgotten and another key is generated (if the SA remains up). This means that an attacker who cracks part of the exchange can only read the part that used the key before the key changed. There is no advantage of cracking the other parts if the attacker has already cracked one." DEFVAL { group2 } ::= { tmnxIkePolicyEntry 8 } tmnxIkePolicyAuthAlgorithm OBJECT-TYPE SYNTAX TmnxAuthAlgorithm MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIkePolicyAuthAlgorithm specifies the Hashing algorithm used in the phase 1 SA. This object has been marked obsolete in SROS Release 15.0. The functionality of this object is replaced by tmnxIPsecIkeTransformAuthAlg." DEFVAL { sha1 } ::= { tmnxIkePolicyEntry 9 } tmnxIkePolicyEncrAlgorithm OBJECT-TYPE SYNTAX TmnxEncrAlgorithm MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIkePolicyEncrAlgorithm specifies the Encryption algorithm to be used in the phase 1 SA. This object has been marked obsolete in SROS Release 15.0. The functionality of this object is replaced by tmnxIPsecIkeTransformEncrAlg." DEFVAL { aes128 } ::= { tmnxIkePolicyEntry 10 } tmnxIkePolicyIsakmpLifeTime OBJECT-TYPE SYNTAX Unsigned32 (1200..172800) UNITS "seconds" MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIkePolicyIsakmpLifeTime specifies the lifetime of the phase 1 IKE key. ISAKMP stands for Internet Security Association and Key Management Protocol. This object has been marked obsolete in SROS Release 15.0. The functionality of this object is replaced by tmnxIPsecIkeTransformIsakmpLifeT." DEFVAL { 86400 } ::= { tmnxIkePolicyEntry 11 } tmnxIkePolicyIPsecLifeTime OBJECT-TYPE SYNTAX Unsigned32 (1200..31536000) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyIPsecLifeTime specifies the lifetime of the phase 2 IKE key." DEFVAL { 3600 } ::= { tmnxIkePolicyEntry 12 } tmnxIkePolicyNatTraversal OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2), force (3) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyNatTraversal specifies whether NAT-T(network address translation traversal) is 'enabled', 'disabled' or in 'forced' mode." DEFVAL { disable } ::= { tmnxIkePolicyEntry 13 } tmnxIkePolicyNatTKeepAliveIntvl OBJECT-TYPE SYNTAX Unsigned32 (0 | 120..600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyNatTKeepAliveIntvl specifies the keep alive interval for NAT-T. If the value of tmnxIkePolicyNatTKeepAliveIntvl is '0', then keepalives are disabled." DEFVAL { 0 } ::= { tmnxIkePolicyEntry 14 } tmnxIkePolicyNatTBehindNatOnly OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyNatTBehindNatOnly specifies whether the keep alive packets should be sent only when behind a NAT." DEFVAL { true } ::= { tmnxIkePolicyEntry 15 } tmnxIkePolicyDpd OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2), replyOnly (3) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyDpd specifies whether DPD (dead peer detection) is 'enable', 'disable' or in 'replyOnly' mode. The DPD vendor ID is always advertised to the peer. To the extent that the peer advertises DPD support as well, the service-router will always reply to the peer's 'Are-You-There' messages. If tmnxIkePolicyDpd object is set to 'enable' the service-router will also send its own 'Are-You-There' message to the peer at the interval specified by tmnxIkePolicyDpdInterval. If tmnxIkePolicyDpd object is set to 'disable' the service-router will never send its own 'Are-You-There' message to the peer. If tmnxIkePolicyDpd object is set to 'replyOnly' the service-router will take the peer's 'Are-You-There' message as proof of 'liveliness' and will suppress the sending of its own 'Are-You-There' messages. Once it stops receiving 'Are-You-There' messages from the peer, it will start sending its own to determine if the peer is dead. The service-router will only send an 'Are-You-There' message when the other side has been idle (no traffic was forwarded through it) since the last tmnxIkePolicyDpdInterval. If the other side is active (as determined by its traffic counters) it is assumed the peer is alive and the 'Are-You-There' message is suppressed." DEFVAL { disable } ::= { tmnxIkePolicyEntry 16 } tmnxIkePolicyDpdInterval OBJECT-TYPE SYNTAX Unsigned32 (10..300) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyDpdInterval specifies the dead peer detection interval." DEFVAL { 30 } ::= { tmnxIkePolicyEntry 17 } tmnxIkePolicyDpdMaxRetries OBJECT-TYPE SYNTAX Unsigned32 (2..5) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyDpdMaxRetries specifies the number of retries done before the peer is determined dead." DEFVAL { 3 } ::= { tmnxIkePolicyEntry 18 } tmnxIkePolicyAuthMethod OBJECT-TYPE SYNTAX TmnxIkePolicyAuthMethod MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyAuthMethod specifies the authentication method used with this IKE policy for the remote-peer." DEFVAL { psk } ::= { tmnxIkePolicyEntry 19 } tmnxIkePolicyIkeVersion OBJECT-TYPE SYNTAX TmnxIkeVersion MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyIkeVersion specifies the IKE version to be used with this IKE policy." DEFVAL { version1 } ::= { tmnxIkePolicyEntry 20 } tmnxIkePolicyOwnAuthMethod OBJECT-TYPE SYNTAX TmnxIkePolicyOwnAuthMethod MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyOwnAuthMethod specifies the authentication method used with this IKE policy on its own side." DEFVAL { symmetric } ::= { tmnxIkePolicyEntry 21 } tmnxIkePolicyMatchPeerToCert OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyMatchPeerToCert specifies whether to enable checking that the IKE peer's ID matches the peer's certificate when performing certificate authentication." DEFVAL { false } ::= { tmnxIkePolicyEntry 22 } tmnxIkePolicyRelayUnSolCfgAttr OBJECT-TYPE SYNTAX TmnxIkePolicyRelayUnSolCfgAttr MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyRelayUnSolCfgAttr specifies the unsolicited configuration attributes for IKEv2 remote-access tunnels. These attributes, when provided by the authentication server, are returned to the IKE peer regardless of whether or not they have been requested. Normally, only the requested attributes are returned." DEFVAL { {} } ::= { tmnxIkePolicyEntry 23 } tmnxIkePolicyAutoEapMethod OBJECT-TYPE SYNTAX TmnxIkePolicyAutoEapMethod MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyAutoEapMethod specifies the automatic EAP fallback authentication method for the remote-peer used with this IKE policy. This object is only meaningful when the value of tmnxIkePolicyAuthMethod is 'autoEapRadius'." DEFVAL { cert } ::= { tmnxIkePolicyEntry 24 } tmnxIkePolicyAutoEapOwnMethod OBJECT-TYPE SYNTAX TmnxIkePolicyAutoEapOwnMethod MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyAutoEapOwnMethod specifies the automatic EAP fallback authentication method used with this IKE policy on its own side. This object is only meaningful when the value of tmnxIkePolicyAuthMethod is 'autoEap'." DEFVAL { cert } ::= { tmnxIkePolicyEntry 25 } tmnxIkePolicyLockout OBJECT-TYPE SYNTAX TmnxEnabledDisabled MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyLockout specifies whether or not the IPsec Client Lockout is enabled. The statistics information of remote lockout clients are in tmnxIPsecLockoutClientTable." DEFVAL { disabled } ::= { tmnxIkePolicyEntry 26 } tmnxIkePolicyLockoutFailedAtempt OBJECT-TYPE SYNTAX Unsigned32 (1..64) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyLockoutFailedAtempt specifies the maximum number of consecutive failed authentication attempts from the same remote client." DEFVAL { 3 } ::= { tmnxIkePolicyEntry 27 } tmnxIkePolicyLockoutDuration OBJECT-TYPE SYNTAX Unsigned32 (1..60) UNITS "minutes" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyLockoutDuration specifies the maximum duration in minutes that the system can afford tmnxIkePolicyLockoutFailedAtempt number of failed authentication attempts from the same remote client." DEFVAL { 5 } ::= { tmnxIkePolicyEntry 28 } tmnxIkePolicyLockoutBlock OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..1440) UNITS "minutes" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyLockoutBlock specifies the maximum time period that the system drops IKE packets after the maximum number of consecutive failed authentication attempts reaches tmnxIkePolicyLockoutFailedAtempt within tmnxIkePolicyLockoutDuration minutes. The value of zero means that the system keeps dropping the IKE packets until the system or ISA (Integrated Service Adaptor) is rebooted." DEFVAL { 10 } ::= { tmnxIkePolicyEntry 29 } tmnxIkePolicyLockoutMaxPortPerIp OBJECT-TYPE SYNTAX Unsigned32 (1..32000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyLockoutMaxPortPerIp specifies the maximum number of port that can be lockout under the same IP address. Once the number of lockout port under the same IP address reaches tmnxIkePolicyLockoutMaxPortPerIp, all ports under the same IP address will be lockout in the next tmnxIkePolicyLockoutBlock minutes." DEFVAL { 16 } ::= { tmnxIkePolicyEntry 30 } tmnxIkePolicyV2Fragment OBJECT-TYPE SYNTAX TmnxEnabledDisabled MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyV2Fragment specifies whether or not IKEv2 fragmentation is enabled." DEFVAL { disabled } ::= { tmnxIkePolicyEntry 31 } tmnxIkePolicyV2FragmentMtu OBJECT-TYPE SYNTAX Unsigned32 (512..9000) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyV2FragmentMtu specifies the MTU size for the IKEv2 fragmentation." DEFVAL { 1500 } ::= { tmnxIkePolicyEntry 32 } tmnxIkePolicyV2FragReassembTmOut OBJECT-TYPE SYNTAX Unsigned32 (1..5) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyV2FragReassembTmOut specifies the maximum number of seconds to wait to receive all fragments of an IKEv2 message for reassembly." DEFVAL { 2 } ::= { tmnxIkePolicyEntry 33 } tmnxIkePolicySndIdrAftEapSuccess OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicySndIdrAftEapSuccess specifies whether or not the system adds the Identification Responder (IDr) payload in the last IKE authentication response after the Extensible Authentication Protocol (EAP) success." DEFVAL { true } ::= { tmnxIkePolicyEntry 34 } tmnxIkePolicyIkev1Ph1RespDelNtfy OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyIkev1Ph1RespDelNtfy specifies whether or not the system, when deleting an IKEv1 phase 1 for which it was the responder, sends a delete notification to the peer. This object is only meaningful when the value of tmnxIkePolicyIkeVersion is 'version1 (1)'." DEFVAL { true } ::= { tmnxIkePolicyEntry 35 } tmnxIkePolicyLimitInitExchange OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyLimitInitExchange specifies whether or not the system limits the number of in-progress initial IKE exchanges to one per IPsec tunnel. The value of 'false' specifies that the system allows up to 32 in-progress initial IKE exchanges per IPsec tunnel. This value must be set in the same SNMP PDU as tmnxIkePolicyReducedMaxExchgTt." DEFVAL { true } ::= { tmnxIkePolicyEntry 36 } tmnxIkePolicyReducedMaxExchgTt OBJECT-TYPE SYNTAX Unsigned32 (0 | 2..60) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIkePolicyReducedMaxExchgTt specifies the maximum timeout for the in-progress initial IKE exchange. The value of '0' specifies that there is no reduction of the current exchange timeout which is 120 seconds. This value is only meaningful when the value of tmnxIkePolicyLimitInitExchange is 'true' and the system is being requested to start another initial IKE exchange while there is already one in progress. This value must be set in the same SNMP PDU as tmnxIkePolicyLimitInitExchange." DEFVAL { 2 } ::= { tmnxIkePolicyEntry 37 } tmnxIPsecTunnelTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelTableLastChanged indicates the sysUpTime at the time of the last modification to tmnxIPsecTunnelTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 5 } tmnxIPsecTunnelTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IPsec Tunnel entries." ::= { tmnxIPsecObjects 6 } tmnxIPsecTunnelEntry OBJECT-TYPE SYNTAX TmnxIPsecTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec Tunnel entry." INDEX { svcId, sapPortId, sapEncapValue, tmnxIPsecTunnelName } ::= { tmnxIPsecTunnelTable 1 } TmnxIPsecTunnelEntry ::= SEQUENCE { tmnxIPsecTunnelName TNamedItem, tmnxIPsecTunnelRowStatus RowStatus, tmnxIPsecTunnelLastChanged TimeStamp, tmnxIPsecTunnelDescription TItemDescription, tmnxIPsecTunnelLclGwAddrType InetAddressType, tmnxIPsecTunnelLclGwAddr InetAddress, tmnxIPsecTunnelRemGwAddrType InetAddressType, tmnxIPsecTunnelRemGwAddr InetAddress, tmnxIPsecTunnelPublicSvcId TmnxServId, tmnxIPsecTunnelSecurityPolicyId TmnxIPsecPolicyIdOrZero, tmnxIPsecTunnelKeyingType TmnxIPsecKeyingType, tmnxIPsecTunnelDynTransformId1 TmnxIPsecTransformIdOrZero, tmnxIPsecTunnelDynTransformId2 TmnxIPsecTransformIdOrZero, tmnxIPsecTunnelDynTransformId3 TmnxIPsecTransformIdOrZero, tmnxIPsecTunnelDynTransformId4 TmnxIPsecTransformIdOrZero, tmnxIPsecTunnelIkePolicyId TmnxIkePolicyIdOrZero, tmnxIPsecTunnelIkePreSharedKey OCTET STRING, tmnxIPsecTunnelAdminState TmnxAdminState, tmnxIPsecTunnelOperState TmnxIPsecOperState, tmnxIPsecTunnelOperFlags BITS, tmnxIPsecTunnelReplayWindow Unsigned32, tmnxIPsecTunnelAutoEstablish TruthValue, tmnxIPsecTunnelBfdDesignate TruthValue, tmnxIPsecTunnelCertTrustAnchor TNamedItemOrEmpty, tmnxIPsecTunnelCertFile DisplayString, tmnxIPsecTunnelKeyFile DisplayString, tmnxIPsecTunnelLocalIdType TmnxIPsecLocalIdType, tmnxIPsecTunnelLocalIdValue DisplayString, tmnxIPsecTunnelClearDfBit TruthValue, tmnxIPsecTunnelIpMtu Unsigned32, tmnxIPsecTunnelHostISA TmnxHwIndexOrZero, tmnxIPsecTunnelCSVPrimary TmnxCertRevStatus, tmnxIPsecTunnelCSVSecondary TmnxCertRevStatusOrNone, tmnxIPsecTunnelCSVDefResult INTEGER, tmnxIPsecTunnelCertProfile TNamedItemOrEmpty, tmnxIPsecTunnelMatchTrustAnchor TNamedItemOrEmpty, tmnxIPsecTunnelCertTrstAnchrProf TNamedItemOrEmpty, tmnxIPsecTunnelEncapIpMtu Unsigned32, tmnxIPsecTunnelIcmp6Pkt2Big TruthValue, tmnxIPsecTunnelIcmp6NumPkt2Big Unsigned32, tmnxIPsecTunnelIcmp6Pkt2BigTime Unsigned32, tmnxIPsecTunnelOperChanged TimeStamp, tmnxIPsecTunnelPubTcpMssAdjust Integer32, tmnxIPsecTunnelPrivTcpMssAdjust Integer32, tmnxIPsecTunnelMaxNumPh1SaKeys Unsigned32, tmnxIPsecTunnelMaxNumPh2SaKeys Unsigned32, tmnxIPsecTunnelPublicSvcName TLNamedItemOrEmpty, tmnxIPsecTunnelSecPlyStrictMatch TruthValue, tmnxIPsecTunnelHostEsa TmnxEsaIdOrZero, tmnxIPsecTunnelHostEsaVm TmnxEsaVmIdOrZero } tmnxIPsecTunnelName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecTunnelName specifies the name of the tunnel and is part of the index for the table tmnxIPsecTunnelTable." ::= { tmnxIPsecTunnelEntry 1 } tmnxIPsecTunnelRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxIPsecTunnelRowStatus object is used to create and delete rows in the tmnxIPsecTunnelTable." ::= { tmnxIPsecTunnelEntry 2 } tmnxIPsecTunnelLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecTunnelEntry 3 } tmnxIPsecTunnelDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelDescription specifies the user-provided description for each tmnxIPsecTunnelEntry in the table tmnxIPsecTunnelTable." DEFVAL { "" } ::= { tmnxIPsecTunnelEntry 4 } tmnxIPsecTunnelLclGwAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelLclGwAddrType specifies the address type of address in tmnxIPsecTunnelLclGwAddr." DEFVAL { unknown } ::= { tmnxIPsecTunnelEntry 5 } tmnxIPsecTunnelLclGwAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelLclGwAddr specifies the address of the interface on the local node of this IPsec tunnel." DEFVAL { ''H } ::= { tmnxIPsecTunnelEntry 6 } tmnxIPsecTunnelRemGwAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelRemGwAddrType specifies the address type of address in tmnxIPsecTunnelRemGwAddr." DEFVAL { unknown } ::= { tmnxIPsecTunnelEntry 7 } tmnxIPsecTunnelRemGwAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelRemGwAddr specifies the address of the interface on the remote node of this IPsec tunnel." DEFVAL { ''H } ::= { tmnxIPsecTunnelEntry 8 } tmnxIPsecTunnelPublicSvcId OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelPublicSvcId specifies the service-id of the tunnel delivery service. The tunnel cannot become operationally in service until the public service exists and has a TIMETRA-SERV-MIB::svcType of either 'ies (5)' or 'vprn (4)'. The values of tmnxIPsecTunnelPublicSvcId and tmnxIPsecTunnelPublicSvcName must be mutually exclusive and cannot simultaneously have non-default values." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 9 } tmnxIPsecTunnelSecurityPolicyId OBJECT-TYPE SYNTAX TmnxIPsecPolicyIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelSecurityPolicyId specifies the IPsec security policy entry in the tmnxIPsecPolicyTable that this tunnel will use." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 10 } tmnxIPsecTunnelKeyingType OBJECT-TYPE SYNTAX TmnxIPsecKeyingType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelKeyingType specifies the keying type that this tunnel will use." DEFVAL { none } ::= { tmnxIPsecTunnelEntry 11 } tmnxIPsecTunnelDynTransformId1 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelDynTransformId1 specifies the first IPsec transform entry in the table tmnxIPsecTransformTable that this tunnel will use." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 12 } tmnxIPsecTunnelDynTransformId2 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelDynTransformId2 specifies the second IPsec transform entry in the table tmnxIPsecTransformTable that this tunnel will use. The value of tmnxIPsecTunnelDynTransformId2 is valid and greater than 0, only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 13 } tmnxIPsecTunnelDynTransformId3 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelDynTransformId3 specifies the third IPsec transform entry in the table tmnxIPsecTransformTable that this tunnel will use. The value of tmnxIPsecTunnelDynTransformId3 is valid and greater than 0, only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 14 } tmnxIPsecTunnelDynTransformId4 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelDynTransformId4 specifies the fourth IPsec transform entry in the table tmnxIPsecTransformTable that this tunnel will use. The value of tmnxIPsecTunnelDynTransformId3 is valid and greater than 0, only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 15 } tmnxIPsecTunnelIkePolicyId OBJECT-TYPE SYNTAX TmnxIkePolicyIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The object tmnxIPsecTunnelIkePolicyId specifies the IKE policy entry that this tunnel will use. The value of tmnxIPsecTunnelIkePolicyId is valid and greater than 0, only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 16 } tmnxIPsecTunnelIkePreSharedKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelIkePreSharedKey specifies the shared secret between the two peers forming the tunnel. The value of tmnxIPsecTunnelIkePreSharedKey is a valid and non null string only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'." DEFVAL { "" } ::= { tmnxIPsecTunnelEntry 17 } tmnxIPsecTunnelAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelAdminState specifies the administrative state of the tmnxIPsecTunnelEntry." DEFVAL { outOfService } ::= { tmnxIPsecTunnelEntry 18 } tmnxIPsecTunnelOperState OBJECT-TYPE SYNTAX TmnxIPsecOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelOperState indicates the operational status of tmnxIPsecTunnelEntry." ::= { tmnxIPsecTunnelEntry 19 } tmnxIPsecTunnelOperFlags OBJECT-TYPE SYNTAX BITS { unresolvedLocalIp (0), tunnelAdminDown (1), sapDown (2), unresolvedPublicSvc (3), bfdSessionDown (4), reserved1 (5), unresolvedDstIp (6), invalidCertFile (7), invalidKeyFile (8), trustAnchorsDown (9), certProfileDown (10), invalidCertKeyCombo (11) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelOperFlags indicates the reason why the tunnel is operationally down." ::= { tmnxIPsecTunnelEntry 20 } tmnxIPsecTunnelReplayWindow OBJECT-TYPE SYNTAX Unsigned32 (0 | 32 | 64 | 128 | 256 | 512) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelReplayWindow specifies the size of the anti-replay window. If the value of tmnxIPsecTunnelReplayWindow is set to 0, then the anti-replay feature is disabled." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 21 } tmnxIPsecTunnelAutoEstablish OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelAutoEstablish specifies whether to attempt to establish a phase 1 exchange automatically." DEFVAL { false } ::= { tmnxIPsecTunnelEntry 22 } tmnxIPsecTunnelBfdDesignate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelBfdDesignate specifies whether this IPSec tunnel is the BFD designated tunnel." DEFVAL { false } ::= { tmnxIPsecTunnelEntry 23 } tmnxIPsecTunnelCertTrustAnchor OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelCertTrustAnchor specifies the name for Certificate-Authority Profile name associated with this SAP IPSec tunnel certificate. An 'inconsistentValue' error is returned if this object is modified when tmnxIPsecTunnelAdminState is in 'inService' state. This object has been marked obsolete in SROS Release 15.0. The functionality of this object is replaced by tmnxIPsecTunnelCertTrstAnchrProf." DEFVAL { ''H } ::= { tmnxIPsecTunnelEntry 24 } tmnxIPsecTunnelCertFile OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelCertFile specifies the local file URL of the certificate to be used with this SAP IPSec tunnel. An 'inconsistentValue' error is returned when tmnxIPsecTunnelCertProfile is set to non-default value and tmnxIPsecTunnelCertFile or tmnxIPsecTunnelKeyFile is set to non-default value. This object has been marked obsolete in SROS Release 15.0. The functionality of this object is replaced by tmnxIPsecTunnelCertProfile." DEFVAL { ''H } ::= { tmnxIPsecTunnelEntry 25 } tmnxIPsecTunnelKeyFile OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelKeyFile specifies the key-pair file to be used for X.509 certificate authentication with this SAP IPSec tunnel. An 'inconsistentValue' error is returned when tmnxIPsecTunnelCertProfile is set to non-default value and tmnxIPsecTunnelCertFile or tmnxIPsecTunnelKeyFile is set to non-default value. This object has been marked obsolete in SROS Release 15.0. The functionality of this object is replaced by tmnxIPsecTunnelCertProfile." DEFVAL { ''H } ::= { tmnxIPsecTunnelEntry 26 } tmnxIPsecTunnelLocalIdType OBJECT-TYPE SYNTAX TmnxIPsecLocalIdType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelLocalIdType specifies the local identifier type used for IDi or IDr for IKEv2. An 'inconsistentValue' error is returned if this object is modified when tmnxIPsecTunnelAdminState is in 'inService' state." DEFVAL { none } ::= { tmnxIPsecTunnelEntry 27 } tmnxIPsecTunnelLocalIdValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelLocalIdValue specifies the value associated with tmnxIPsecTunnelLocalIdType object. Value is extracted from the configured certificate when tmnxIPsecTunnelLocalIdType is set to 'dn'." DEFVAL { ''H } ::= { tmnxIPsecTunnelEntry 28 } tmnxIPsecTunnelClearDfBit OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelClearDfBit specifies whether to clear Do not Fragment (DF) bit in the outgoing packets in this tunnel." DEFVAL { false } ::= { tmnxIPsecTunnelEntry 29 } tmnxIPsecTunnelIpMtu OBJECT-TYPE SYNTAX Unsigned32 (0 | 512..9000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelIpMtu specifies the MTU size for IP packets for this tunnel. A value set to zero indicates maximum supported MTU size on the SAP for this tunnel." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 30 } tmnxIPsecTunnelHostISA OBJECT-TYPE SYNTAX TmnxHwIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelHostISA indicates the active ISA MDA that is being used to host this IPsec tunnel. This object will contain a nonzero value only when the tunnel is both operationally up and being hosted by an MDA. When the tunnel is being hosted by an ESA virtual machine, the host will be indicated by the tmnxIPsecTunnelHostEsa and tmnxIPsecTunnelHostEsaVm objects." ::= { tmnxIPsecTunnelEntry 31 } tmnxIPsecTunnelCSVPrimary OBJECT-TYPE SYNTAX TmnxCertRevStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelCSVPrimary specifies the primary method of Certificate Status Verification (CSV) that is used to verify revocation status of the certificate of the peer. This value must be set in the same PDU as tmnxIPsecTunnelCSVSecondary if the value of tmnxIPsecTunnelAdminState is equal to 'inService (2)'." DEFVAL { crl } ::= { tmnxIPsecTunnelEntry 32 } tmnxIPsecTunnelCSVSecondary OBJECT-TYPE SYNTAX TmnxCertRevStatusOrNone MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelCSVSecondary specifies the secondary method of Certificate Status Verification (CSV) that is used to verify revocation status of the certificate of the peer. This value must be set in the same PDU as tmnxIPsecTunnelCSVPrimary if the value of tmnxIPsecTunnelAdminState is equal to 'inService (2)'." DEFVAL { none } ::= { tmnxIPsecTunnelEntry 33 } tmnxIPsecTunnelCSVDefResult OBJECT-TYPE SYNTAX INTEGER { revoked (0), good (1) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelCSVDefResult specifies the default result of Certificate Status Verification (CSV) when both primary and secondary method failed to provide an answer." DEFVAL { revoked } ::= { tmnxIPsecTunnelEntry 34 } tmnxIPsecTunnelCertProfile OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelCertProfile specifies the certificate profile associated with this IPsec tunnel." DEFVAL { ''H } ::= { tmnxIPsecTunnelEntry 35 } tmnxIPsecTunnelMatchTrustAnchor OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelMatchTrustAnchor indicates the name for matched Certificate-Authority Profile name associated with this SAP IPSec tunnel certificate." ::= { tmnxIPsecTunnelEntry 36 } tmnxIPsecTunnelCertTrstAnchrProf OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelCertTrstAnchrProf specifies the name for Certificate-Authority Trust Anchor Profile name associated with this SAP IPSec tunnel certificate. An 'inconsistentValue' error is returned if this object is modified when tmnxIPsecTunnelAdminState is in 'inService' state." DEFVAL { ''H } ::= { tmnxIPsecTunnelEntry 37 } tmnxIPsecTunnelEncapIpMtu OBJECT-TYPE SYNTAX Unsigned32 (0 | 512..9000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelEncapIpMtu specifies the MTU size for IP packets after tunnel encapsulation has been added. A value set to zero indicates maximum supported MTU size on the SAP for this tunnel." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 38 } tmnxIPsecTunnelIcmp6Pkt2Big OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelIcmp6Pkt2Big specifies whether packet-too-big ICMP messages should be sent. When it is set to 'true', ICMPv6 packet-too-big messages are generated by this IPsec tunnel. When tmnxIPsecTunnelIcmp6Pkt2Big is set to 'false (2)', ICMPv6 packet-too-big messages are not sent. When the value of tmnxIPsecTunnelIcmp6Pkt2Big is 'false (2)', it must be set in the same SNMP PDU as tmnxIPsecTunnelIcmp6NumPkt2Big and tmnxIPsecTunnelIcmp6Pkt2BigTime. The value of tmnxIPsecTunnelIcmp6NumPkt2Big and tmnxIPsecTunnelIcmp6Pkt2BigTime must be their default values." DEFVAL { true } ::= { tmnxIPsecTunnelEntry 40 } tmnxIPsecTunnelIcmp6NumPkt2Big OBJECT-TYPE SYNTAX Unsigned32 (10..1000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelIcmp6NumPkt2Big specifies how many packet-too-big ICMPv6 messages are transmitted in the time frame specified by tmnxIPsecTunnelIcmp6Pkt2BigTime. This value must be set in the same SNMP SET PDU as tmnxIPsecTunnelIcmp6Pkt2Big." DEFVAL { 100 } ::= { tmnxIPsecTunnelEntry 41 } tmnxIPsecTunnelIcmp6Pkt2BigTime OBJECT-TYPE SYNTAX Unsigned32 (1..60) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelIcmp6Pkt2BigTime specifies the time frame in seconds that is used to limit the number of packet-too-big ICMPv6 messages transmitted per time frame. This value must be set in the same SNMP SET PDU as tmnxIPsecTunnelIcmp6Pkt2Big." DEFVAL { 10 } ::= { tmnxIPsecTunnelEntry 42 } tmnxIPsecTunnelOperChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelOperChanged indicates the sysUpTime at the time of the last operational status change of this entry." ::= { tmnxIPsecTunnelEntry 43 } tmnxIPsecTunnelPubTcpMssAdjust OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 512..9000) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelPubTcpMssAdjust specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the public network to the private network. The system may use this value to adjust or insert the MSS option in TCP SYN packet. The TCP MSS adjustment functionality on the public side network is disabled when the following conditions are met. 1) The value of tmnxIPsecTunnelPubTcpMssAdjust is '-1' or 2) The values of tmnxIPsecTunnelPubTcpMssAdjust and tmnxIPsecTunnelEncapIpMtu are both '0'. When the system receives a TCP SYN packet from the public network and this packet contains an MSS option, the system replaces the MSS option value with a new MSS when the new MSS is smaller than the MSS option value. When the system receives a TCP SYN packet from the public network and this packet does not contain an MSS option, the system inserts one with a new MSS. The new MSS is calculated based on the following rules. 1) When the value of tmnxIPsecTunnelPubTcpMssAdjust is '0' and tmnxIPsecTunnelEncapIpMtu has a non-zero value, New MSS = tmnxIPsecTunnelEncapIpMtu - total header size (e.g., encryption, encapsulation, TCP and IP headers) 2) When the value of tmnxIPsecTunnelPubTcpMssAdjust is in the range of (512..9000) New MSS = tmnxIPsecTunnelPubTcpMssAdjust" REFERENCE "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012" DEFVAL { -1 } ::= { tmnxIPsecTunnelEntry 49 } tmnxIPsecTunnelPrivTcpMssAdjust OBJECT-TYPE SYNTAX Integer32 (-1 | 512..9000) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelPrivTcpMssAdjust specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the private network to the public network. The system may use this value to adjust or insert the MSS option in TCP SYN packet. The value of '-1' specifies that the TCP MSS adjustment functionality on the private side is disabled. When the system receives a TCP SYN packet from the private network and this packet contains an MSS option, the system replaces the MSS option value with tmnxIPsecTunnelPrivTcpMssAdjust when the value of tmnxIPsecTunnelPrivTcpMssAdjust is smaller than the MSS option value. When the system receives a TCP SYN packet from the private network and this packet does not contain an MSS option, the system inserts one whose MSS is equal to tmnxIPsecTunnelPrivTcpMssAdjust." REFERENCE "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012" DEFVAL { -1 } ::= { tmnxIPsecTunnelEntry 50 } tmnxIPsecTunnelMaxNumPh1SaKeys OBJECT-TYPE SYNTAX Unsigned32 (0..3) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelMaxNumPh1SaKeys specifies the maximum number of security association (SA) phase 1 keys, which can be saved by the system, for this IPsec tunnel." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 51 } tmnxIPsecTunnelMaxNumPh2SaKeys OBJECT-TYPE SYNTAX Unsigned32 (0..48) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelMaxNumPh2SaKeys specifies the maximum number of security association (SA) phase 2 keys, which can be saved by the system, for this IPsec tunnel." DEFVAL { 0 } ::= { tmnxIPsecTunnelEntry 52 } tmnxIPsecTunnelPublicSvcName OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelPublicSvcName specifies the name of the tunnel delivery service. The tunnel cannot become operationally in service until the public service exists and has a TIMETRA-SERV-MIB::svcType of either 'ies (5)' or 'vprn (4)'. The values of tmnxIPsecTunnelPublicSvcName and tmnxIPsecTunnelPublicSvcId must be mutually exclusive and cannot simultaneously have non-default values." DEFVAL { ''H } ::= { tmnxIPsecTunnelEntry 53 } tmnxIPsecTunnelSecPlyStrictMatch OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTunnelSecPlyStrictMatch specifies whether or not the system does a strict match when it receives a CREATE_CHILD exchange request, which is not for rekey, for this IPsec tunnel." DEFVAL { false } ::= { tmnxIPsecTunnelEntry 54 } tmnxIPsecTunnelHostEsa OBJECT-TYPE SYNTAX TmnxEsaIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelHostEsa indicates the active ESA that is being used to host this IPsec tunnel. This object will contain a nonzero value only when the tunnel is both operationally up and being hosted by an ESA virtual machine. When the tunnel is being hosted by an ISA MDA, the host will be indicated by the tmnxIPsecTunnelHostISA object." ::= { tmnxIPsecTunnelEntry 56 } tmnxIPsecTunnelHostEsaVm OBJECT-TYPE SYNTAX TmnxEsaVmIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelHostEsaVm indicates the active ESA virtual machine that is being used to host this IPsec tunnel. This object will contain a nonzero value only when the tunnel is both operationally up and being hosted by an ESA virtual machine. When the tunnel is being hosted by an ISA MDA, the host will be indicated by the tmnxIPsecTunnelHostISA object." ::= { tmnxIPsecTunnelEntry 57 } tmnxIPsecTunnelStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecTunnelStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store IPsec Tunnel statistics" ::= { tmnxIPsecObjects 7 } tmnxIPsecTunnelStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecTunnelStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Statistics for a single IPsec Tunnel." INDEX { svcId, sapPortId, sapEncapValue, tmnxIPsecTunnelName } ::= { tmnxIPsecTunnelStatsTable 1 } TmnxIPsecTunnelStatsEntry ::= SEQUENCE { tmnxIPsecTunnelIsakmpState INTEGER, tmnxIPsecTunnelIsakmpEstabTime TimeStamp, tmnxIPsecTunnelIsakmpNegLifeTime Unsigned32, tmnxIPsecTunnelNumDpdTx Counter32, tmnxIPsecTunnelNumDpdRx Counter32, tmnxIPsecTunnelNumDpdAckTx Counter32, tmnxIPsecTunnelNumDpdAckRx Counter32, tmnxIPsecTunnelNumExpRx Counter32, tmnxIPsecTunnelNumInvalidDpdRx Counter32, tmnxIPsecTunnelNumCtrlPktsTx Counter32, tmnxIPsecTunnelNumCtrlPktsRx Counter32, tmnxIPsecTunnelNumCtrlTxErrors Counter32, tmnxIPsecTunnelNumCtrlRxErrors Counter32, tmnxIPsecTunnelMatCertEntryId Integer32, tmnxIPsecTunnelCertProfName TNamedItemOrEmpty, tmnxIPsecTunnelStatIsakmpAuthAlg TmnxAuthAlgorithm, tmnxIPsecTunnelStatIsakmpEncrAlg TmnxEncrAlgorithm, tmnxIPsecTunnelStatIsakmpPfsDhGp TmnxIkePolicyDHGroupOrZero, tmnxIPsecTunnelStatIkeTranPrfAlg INTEGER } tmnxIPsecTunnelIsakmpState OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelIsakmpState indicates the state of phase 1 IPsec negotiation." ::= { tmnxIPsecTunnelStatsEntry 1 } tmnxIPsecTunnelIsakmpEstabTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelIsakmpEstabTime indicates the sysUpTime at the time the IPsec phase 1 negotiation completed." ::= { tmnxIPsecTunnelStatsEntry 2 } tmnxIPsecTunnelIsakmpNegLifeTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelIsakmpNegLifeTime indicates the lifetime negotiated for phase1 IKE key." ::= { tmnxIPsecTunnelStatsEntry 3 } tmnxIPsecTunnelNumDpdTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelNumDpdTx indicates the number of Dead-Peer-Detection packets transmitted." ::= { tmnxIPsecTunnelStatsEntry 4 } tmnxIPsecTunnelNumDpdRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelNumDpdRx indicates the number of Dead-Peer-Detection packets received." ::= { tmnxIPsecTunnelStatsEntry 5 } tmnxIPsecTunnelNumDpdAckTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelNumDpdAckTx indicates the number of Dead-Peer-Detection acknowledgement packets transmitted." ::= { tmnxIPsecTunnelStatsEntry 6 } tmnxIPsecTunnelNumDpdAckRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelNumDpdAckRx indicates the number of Dead-Peer-Detection acknowledgement packets received." ::= { tmnxIPsecTunnelStatsEntry 7 } tmnxIPsecTunnelNumExpRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelNumExpRx indicates the number of DPD R-U-THERE packets that have not been acknowledged." ::= { tmnxIPsecTunnelStatsEntry 8 } tmnxIPsecTunnelNumInvalidDpdRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelNumInvalidDpdRx indicates the number of malformed DPD R-U-THERE acknowledgement packets received." ::= { tmnxIPsecTunnelStatsEntry 9 } tmnxIPsecTunnelNumCtrlPktsTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelNumCtrlPktsTx indicates the number of control packets this IPsec Tunnel has sent." ::= { tmnxIPsecTunnelStatsEntry 10 } tmnxIPsecTunnelNumCtrlPktsRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelNumCtrlPktsRx indicates the number of control packets this IPsec Tunnel has received." ::= { tmnxIPsecTunnelStatsEntry 11 } tmnxIPsecTunnelNumCtrlTxErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelNumCtrlTxErrors indicates the number of control packet transmit errors." ::= { tmnxIPsecTunnelStatsEntry 12 } tmnxIPsecTunnelNumCtrlRxErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelNumCtrlRxErrors indicates the number of control packet receive errors." ::= { tmnxIPsecTunnelStatsEntry 13 } tmnxIPsecTunnelMatCertEntryId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelMatCertEntryId indicates the matching certificate profile entry id used for this tunnel." ::= { tmnxIPsecTunnelStatsEntry 14 } tmnxIPsecTunnelCertProfName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelCertProfName indicates a specific IPsec tunnel certificate profile name used for this tunnel." ::= { tmnxIPsecTunnelStatsEntry 15 } tmnxIPsecTunnelStatIsakmpAuthAlg OBJECT-TYPE SYNTAX TmnxAuthAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelStatIsakmpAuthAlg indicates the authentication algorithm of the IPsec phase 1 negotiation for this IPsec tunnel." ::= { tmnxIPsecTunnelStatsEntry 17 } tmnxIPsecTunnelStatIsakmpEncrAlg OBJECT-TYPE SYNTAX TmnxEncrAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelStatIsakmpEncrAlg indicates the encryption algorithm of the IPsec phase 1 negotiation for this IPsec tunnel." ::= { tmnxIPsecTunnelStatsEntry 18 } tmnxIPsecTunnelStatIsakmpPfsDhGp OBJECT-TYPE SYNTAX TmnxIkePolicyDHGroupOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelStatIsakmpPfsDhGp indicates the Diffie-Hellman (DH) group of the IPsec phase 1 negotiation for this IPsec tunnel. The Diffie-Hellman (DH) group is used by the IPsec tunnel to achieve Perfect Forward Secrecy (PFS)." ::= { tmnxIPsecTunnelStatsEntry 19 } tmnxIPsecTunnelStatIkeTranPrfAlg OBJECT-TYPE SYNTAX INTEGER { md5 (2), sha1 (3), sha256 (4), sha384 (5), sha512 (6), aesXcbc (7), sameAsAuth (8) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTunnelStatIkeTranPrfAlg specifies the pseudo-random function (PRF)." ::= { tmnxIPsecTunnelStatsEntry 20 } tmnxIPsecPolicyTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecPolicyTableLastChanged indicates the sysUpTime at the time of the last modification to tmnxIPsecPolicyTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 8 } tmnxIPsecPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IPsec Security Policy entries." ::= { tmnxIPsecObjects 9 } tmnxIPsecPolicyEntry OBJECT-TYPE SYNTAX TmnxIPsecPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec Security Policy entry." INDEX { svcId, tmnxIPsecPolicyId } ::= { tmnxIPsecPolicyTable 1 } TmnxIPsecPolicyEntry ::= SEQUENCE { tmnxIPsecPolicyId TmnxIPsecPolicyId, tmnxIPsecPolicyRowStatus RowStatus, tmnxIPsecPolicyLastChanged TimeStamp } tmnxIPsecPolicyId OBJECT-TYPE SYNTAX TmnxIPsecPolicyId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecPolicyId specifies the id of a Security Policy entry and is the primary index for the table." ::= { tmnxIPsecPolicyEntry 1 } tmnxIPsecPolicyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxIPsecPolicyRowStatus object is used to create and delete rows in the tmnxIPsecPolicyTable." ::= { tmnxIPsecPolicyEntry 2 } tmnxIPsecPolicyLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecPolicyLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecPolicyEntry 3 } tmnxIPsecPlcyParamsTblLastChangd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecPlcyParamsTblLastChangd indicates the sysUpTime at the time of the last modification to tmnxIPsecPolicyParamsTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 10 } tmnxIPsecPolicyParamsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecPolicyParamsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IPsec Security Policy Params entries." ::= { tmnxIPsecObjects 11 } tmnxIPsecPolicyParamsEntry OBJECT-TYPE SYNTAX TmnxIPsecPolicyParamsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec Security policy params entry." INDEX { svcId, tmnxIPsecPolicyId, tmnxIPsecPolicyParamsId } ::= { tmnxIPsecPolicyParamsTable 1 } TmnxIPsecPolicyParamsEntry ::= SEQUENCE { tmnxIPsecPolicyParamsId Unsigned32, tmnxIPsecPolicyParamsRowStatus RowStatus, tmnxIPsecPolicyParamsLastChanged TimeStamp, tmnxIPsecPolicyParamsLclAddrAny TruthValue, tmnxIPsecPolicyParamsLclAddrType InetAddressType, tmnxIPsecPolicyParamsLclAddr InetAddress, tmnxIPsecPolicyParamsLclAPrefLen InetAddressPrefixLength, tmnxIPsecPolicyParamsRemAddrAny TruthValue, tmnxIPsecPolicyParamsRemAddrType InetAddressType, tmnxIPsecPolicyParamsRemAddr InetAddress, tmnxIPsecPolicyParamsRemAPrefLen InetAddressPrefixLength, tmnxIPsecPlcyParamsV6LclAddrAny TruthValue, tmnxIPsecPlcyParamsV6LclAddrType InetAddressType, tmnxIPsecPlcyParamsV6LclAddr InetAddress, tmnxIPsecPlcyParamsV6LclAPrefLen InetAddressPrefixLength, tmnxIPsecPlcyParamsV6RemAddrAny TruthValue, tmnxIPsecPlcyParamsV6RemAddrType InetAddressType, tmnxIPsecPlcyParamsV6RemAddr InetAddress, tmnxIPsecPlcyParamsV6RemAPrefLen InetAddressPrefixLength } tmnxIPsecPolicyParamsId OBJECT-TYPE SYNTAX Unsigned32 (1..16) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecPolicyParamsId specifies the id of an IPsec policy params entry and is part of the index for the tmnxIPsecPolicyParamsTable." ::= { tmnxIPsecPolicyParamsEntry 1 } tmnxIPsecPolicyParamsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxIPsecPolicyParamsRowStatus object is used to create and delete rows in the tmnxIPsecPolicyParamsTable." ::= { tmnxIPsecPolicyParamsEntry 2 } tmnxIPsecPolicyParamsLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecPolicyParamsLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecPolicyParamsEntry 3 } tmnxIPsecPolicyParamsLclAddrAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPolicyParamsLclAddrAny specifies whether the IP address on the vpn side can be any IP address. If the value is 'true' then local IP address can be any IP address. Please look at the following chart for more details: tmnxIPsecPolicyParamsLclAddrAny true false ----------------------------------------------------------------- tmnxIPsecPolicyParamsLclAddrType unknown unknown or ipv4 tmnxIPsecPolicyParamsLclAddr ''H ''H or valid ipv4 tmnxIPsecPolicyParamsLclAPrefLen 0 0 to 32" DEFVAL { false } ::= { tmnxIPsecPolicyParamsEntry 4 } tmnxIPsecPolicyParamsLclAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPolicyParamsLclAddrType specifies the address type of address in tmnxIPsecPolicyParamsLclAddr. If the value of tmnxIPsecPolicyParamsLclAddrAny is 'true' then the value of tmnxIPsecPolicyParamsLclAddrType will be 'unknown'." DEFVAL { unknown } ::= { tmnxIPsecPolicyParamsEntry 5 } tmnxIPsecPolicyParamsLclAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPolicyParamsLclAddr specifies the ip address on the vpn side. If the value of tmnxIPsecPolicyParamsLclAddrAny is 'true' then the value of tmnxIPsecPolicyParamsLclAddr will be empty(''H)." DEFVAL { ''H } ::= { tmnxIPsecPolicyParamsEntry 6 } tmnxIPsecPolicyParamsLclAPrefLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPolicyParamsLclAPrefLen specifies the number of bits to match of the tmnxIPsecPolicyParamsLclAddr. If the value of tmnxIPsecPolicyParamsLclAddrAny is 'true' then the value of tmnxIPsecPolicyParamsLclAPrefLen will be 0." DEFVAL { 0 } ::= { tmnxIPsecPolicyParamsEntry 7 } tmnxIPsecPolicyParamsRemAddrAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPolicyParamsRemAddrAny specifies whether the IP address on the tunnel side can be any IP address. If the value is 'true' then remote IP address can be any IP address. Please look at the following chart for more details: tmnxIPsecPolicyParamsRemAddrAny true false ----------------------------------------------------------------- tmnxIPsecPolicyParamsRemAddrType unknown unknown or ipv4 tmnxIPsecPolicyParamsRemAddr ''H ''H or valid ipv4 tmnxIPsecPolicyParamsRemAPrefLen 0 0 to 32" DEFVAL { false } ::= { tmnxIPsecPolicyParamsEntry 8 } tmnxIPsecPolicyParamsRemAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPolicyParamsRemAddrType specifies the address type of address in tmnxIPsecPolicyParamsRemAddr. If the value of tmnxIPsecPolicyParamsRemAddrAny is 'true' then the value of tmnxIPsecPolicyParamsRemAddrType will be 'unknown'." DEFVAL { unknown } ::= { tmnxIPsecPolicyParamsEntry 9 } tmnxIPsecPolicyParamsRemAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPolicyParamsRemAddr specifies the ip address on the tunnel side. If the value of tmnxIPsecPolicyParamsRemAddrAny is 'true' then the value of tmnxIPsecPolicyParamsRemAddr will be empty(''H)." DEFVAL { ''H } ::= { tmnxIPsecPolicyParamsEntry 10 } tmnxIPsecPolicyParamsRemAPrefLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPolicyParamsRemAPrefLen specifies the number of bits to match of the tmnxIPsecPolicyParamsRemAddr. If the value of tmnxIPsecPolicyParamsRemAddrAny is 'true' then the value of tmnxIPsecPolicyParamsRemAPrefLen will be 0." DEFVAL { 0 } ::= { tmnxIPsecPolicyParamsEntry 11 } tmnxIPsecPlcyParamsV6LclAddrAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPlcyParamsV6LclAddrAny specifies whether the ipv6 address on the vpn side can be any ipv6 address. If the value is 'true' then local ipv6 address can be any ipv6 address. Please look at the following chart for more details: tmnxIPsecPlcyParamsV6LclAddrAny true false ----------------------------------------------------------------- tmnxIPsecPlcyParamsV6LclAddrType unknown unknown or ipv6 tmnxIPsecPlcyParamsV6LclAddr ''H ''H or valid ipv6 tmnxIPsecPlcyParamsV6LclAPrefLen 0 0 to 128" DEFVAL { false } ::= { tmnxIPsecPolicyParamsEntry 12 } tmnxIPsecPlcyParamsV6LclAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPlcyParamsV6LclAddrType specifies the address type of address in tmnxIPsecPlcyParamsV6LclAddr. If the value of tmnxIPsecPlcyParamsV6LclAddrAny is 'true' then the value of tmnxIPsecPlcyParamsV6LclAddrType will be 'unknown'." DEFVAL { unknown } ::= { tmnxIPsecPolicyParamsEntry 13 } tmnxIPsecPlcyParamsV6LclAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPlcyParamsV6LclAddr specifies the ipv6 address on the vpn side. If the value of tmnxIPsecPlcyParamsV6LclAddrAny is 'true' then the value of tmnxIPsecPlcyParamsV6LclAddr will be empty(''H)." DEFVAL { ''H } ::= { tmnxIPsecPolicyParamsEntry 14 } tmnxIPsecPlcyParamsV6LclAPrefLen OBJECT-TYPE SYNTAX InetAddressPrefixLength (0 | 1..128) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPlcyParamsV6LclAPrefLen specifies the number of bits to match of the tmnxIPsecPlcyParamsV6LclAddr. If the value of tmnxIPsecPlcyParamsV6LclAddrAny is 'true' then the value of tmnxIPsecPlcyParamsV6LclAPrefLen will be 0." DEFVAL { 0 } ::= { tmnxIPsecPolicyParamsEntry 15 } tmnxIPsecPlcyParamsV6RemAddrAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPlcyParamsV6RemAddrAny specifies whether the ipv6 address on the tunnel side can be any ipv6 address. If the value is 'true' then remote ipv6 address can be any ipv6 address. Please look at the following chart for more details: tmnxIPsecPlcyParamsV6RemAddrAny true false ----------------------------------------------------------------- tmnxIPsecPlcyParamsV6RemAddrType unknown unknown or ipv6 tmnxIPsecPlcyParamsV6RemAddr ''H ''H or valid ipv6 tmnxIPsecPlcyParamsV6RemAPrefLen 0 0 to 128" DEFVAL { false } ::= { tmnxIPsecPolicyParamsEntry 16 } tmnxIPsecPlcyParamsV6RemAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPlcyParamsV6RemAddrType specifies the address type of address in tmnxIPsecPlcyParamsV6RemAddr. If the value of tmnxIPsecPlcyParamsV6RemAddrAny is 'true' then the value of tmnxIPsecPlcyParamsV6RemAddrType will be 'unknown'." DEFVAL { unknown } ::= { tmnxIPsecPolicyParamsEntry 17 } tmnxIPsecPlcyParamsV6RemAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPlcyParamsV6RemAddr specifies the ipv6 address on the tunnel side. If the value of tmnxIPsecPlcyParamsV6RemAddrAny is 'true' then the value of tmnxIPsecPlcyParamsV6RemAddr will be empty(''H)." DEFVAL { ''H } ::= { tmnxIPsecPolicyParamsEntry 18 } tmnxIPsecPlcyParamsV6RemAPrefLen OBJECT-TYPE SYNTAX InetAddressPrefixLength (0 | 1..128) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecPlcyParamsV6RemAPrefLen specifies the number of bits to match of the tmnxIPsecPlcyParamsV6RemAddr. If the value of tmnxIPsecPlcyParamsV6RemAddrAny is 'true' then the value of tmnxIPsecPlcyParamsV6RemAPrefLen will be 0." DEFVAL { 0 } ::= { tmnxIPsecPolicyParamsEntry 19 } tmnxIPsecSATableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSATableLastChanged indicates the sysUpTime at the time of the last modification to tmnxIPsecSATable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 12 } tmnxIPsecSATable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IPsec manual and dynamic SA entries." ::= { tmnxIPsecObjects 13 } tmnxIPsecSAEntry OBJECT-TYPE SYNTAX TmnxIPsecSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec SA entry." INDEX { svcId, sapPortId, sapEncapValue, tmnxIPsecTunnelName, tmnxIPsecSAId, tmnxIPsecSADirection, tmnxIPsecSAIndex } ::= { tmnxIPsecSATable 1 } TmnxIPsecSAEntry ::= SEQUENCE { tmnxIPsecSAId Unsigned32, tmnxIPsecSAIndex Unsigned32, tmnxIPsecSADirection TmnxIPsecDirection, tmnxIPsecSARowStatus RowStatus, tmnxIPsecSALastChanged TimeStamp, tmnxIPsecSAType TmnxIPsecKeyingType, tmnxIPsecSAEncryptionKey OCTET STRING, tmnxIPsecSAAuthenticationKey OCTET STRING, tmnxIPsecSASpi Unsigned32, tmnxIPsecSAManualTransformId TmnxIPsecTransformIdOrZero, tmnxIPsecSAAuthAlgorithm TmnxAuthAlgorithm, tmnxIPsecSAEncrAlgorithm TmnxEncrAlgorithm, tmnxIPsecSAStorageType StorageType, tmnxIPsecSAEstablishedTime TimeStamp, tmnxIPsecSANegotiatedLifeTime Unsigned32 } tmnxIPsecSAId OBJECT-TYPE SYNTAX Unsigned32 (1..16) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecSAId specifies the id of an SA entry and is part of the index for the tmnxIPsecSATable." ::= { tmnxIPsecSAEntry 1 } tmnxIPsecSAIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecSAIndex specifies an additional index to uniquely identify the SA entry in the tmnxIPsecSATable. The value of tmnxIPsecSAIndex is limited to a value of '1' when tmnxIPsecTunnelKeyingType corresponding to the tunnel specified tmnxIPsecTunnelName is set to 'static'." ::= { tmnxIPsecSAEntry 2 } tmnxIPsecSADirection OBJECT-TYPE SYNTAX TmnxIPsecDirection MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecSADirection specifies the direction on the IPsec tunnel to which this SA entry can be applied. The value of tmnxIPsecSADirection is also part of the index for the table tmnxIPsecSATable" ::= { tmnxIPsecSAEntry 3 } tmnxIPsecSARowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxIPsecSARowStatus object is used to create and delete rows in the tmnxIPsecSATable. When creating an entry in tmnxIPsecSATable, the value of tmnxIPsecSARowStatus must be 'createAndGo' and the objects tmnxIPsecSAEncryptionKey, tmnxIPsecSAAuthenticationKey, tmnxIPsecSASpi, tmnxIPsecSAManualTransformId are required to be set in the same request." ::= { tmnxIPsecSAEntry 4 } tmnxIPsecSALastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSALastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecSAEntry 5 } tmnxIPsecSAType OBJECT-TYPE SYNTAX TmnxIPsecKeyingType MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAType indicates whether this SA entry is created manually by the user or dynamically by the IPsec subsystem." ::= { tmnxIPsecSAEntry 6 } tmnxIPsecSAEncryptionKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecSAEncryptionKey specifies the key used for the encryption algorithm defined by the tmnxIPsecTransformEncrAlgorithm in the IPsec transform indexed by tmnxIPsecSAManualTransformId. The length of the key must match the length required by the encryption algorithm. If a key of another length is set, the request will fail with an 'inconsistentValue' error. There is no default value for tmnxIPsecSAEncryptionKey and this is a required object when creating an entry in tmnxIPsecSATable. If tmnxIPsecSAEncryptionKey is not specified when creating an entry, the request will fail with an 'inconsistentValue' error." ::= { tmnxIPsecSAEntry 7 } tmnxIPsecSAAuthenticationKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecSAAuthenticationKey specifies the key used for the authentication algorithm defined by the tmnxIPsecTransformAuthAlgorithm in the IPsec transform indexed by tmnxIPsecSAManualTransformId. The length of the key must match the length required by the authentication algorithm. If a key of another length is set, the request will fail with an 'inconsistentValue' error. There is no default value for tmnxIPsecSAAuthenticationKey and this is a required object when creating an entry in tmnxIPsecSATable. If tmnxIPsecSAAuthenticationKey is not specified when creating an entry, the request will fail with an 'inconsistentValue' error." ::= { tmnxIPsecSAEntry 8 } tmnxIPsecSASpi OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecSASpi specifies the SPI (Security Parameter Index) used to lookup the instruction to verify and decrypt the incoming IPsec packets when the value of tmnxIPsecSADirection is 'inbound'. The value of tmnxIPsecSASpi specifies the SPI that will be used in the encoding of the outgoing packets when the value of tmnxIPsecSADirection is 'outbound'. The remote node can use this SPI to lookup the instruction to verify and decrypt the packet. There is no default value for tmnxIPsecSASpi and this is a required object when creating an entry in tmnxIPsecSATable. If tmnxIPsecSAAuthenticationKey is not specified when creating an entry, the request will fail with an 'inconsistentValue' error. A 'wrongValue' error is returned if the value of tmnxIPsecSASpi is set to outside the range of 256 and 16383." ::= { tmnxIPsecSAEntry 9 } tmnxIPsecSAManualTransformId OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecSAManualTransformId specifies the transform entry that will be used by this SA entry. This object should be specified for all the entries created by the user which are manual SAs. If the value of tmnxIPsecSAType is 'dynamic', then the value of tmnxIPsecSAManualTransformId is irrelevant and will be zero. There is no default value for tmnxIPsecSAManualTransformId and this is a required object when creating an entry in tmnxIPsecSATable. If tmnxIPsecSAManualTransformId is not specified when creating an entry, the request will fail with an 'inconsistentValue' error." ::= { tmnxIPsecSAEntry 10 } tmnxIPsecSAAuthAlgorithm OBJECT-TYPE SYNTAX TmnxAuthAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAAuthAlgorithm indicates the authentication algorithm used with this SA." ::= { tmnxIPsecSAEntry 11 } tmnxIPsecSAEncrAlgorithm OBJECT-TYPE SYNTAX TmnxEncrAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAEncrAlgorithm indicates the encryption algorithm used with this SA." ::= { tmnxIPsecSAEntry 12 } tmnxIPsecSAStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStorageType indicates how the row is stored. Entries with tmnxIPsecSAStorageType of 'read-only' are dynamic SAs and are created by the IPsec subsystem and cannot be modified or destroyed. All the entries created by the user are manual SAs and will have the tmnxIPsecSAStorageType as 'nonVolatile'." ::= { tmnxIPsecSAEntry 13 } tmnxIPsecSAEstablishedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAEstablishedTime indicates the sysUpTime at the time the IPsec phase 2 negotiation completed." ::= { tmnxIPsecSAEntry 14 } tmnxIPsecSANegotiatedLifeTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSANegotiatedLifeTime indicates the lifetime negotiated for phase2 IKE key." ::= { tmnxIPsecSAEntry 15 } tmnxIPsecSAStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to retrieve the IPsec SA Statistics entries." ::= { tmnxIPsecObjects 14 } tmnxIPsecSAStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec SA Statistics entry." INDEX { svcId, sapPortId, sapEncapValue, tmnxIPsecTunnelName, tmnxIPsecSAId, tmnxIPsecSADirection, tmnxIPsecSAIndex } ::= { tmnxIPsecSAStatsTable 1 } TmnxIPsecSAStatsEntry ::= SEQUENCE { tmnxIPsecSAStatsBytesProcessed Counter64, tmnxIPsecSAStatsBytesProcLow32 Counter32, tmnxIPsecSAStatsBytesProcHigh32 Counter32, tmnxIPsecSAStatsPktsProcessed Counter64, tmnxIPsecSAStatsPktsProcLow32 Counter32, tmnxIPsecSAStatsPktsProcHigh32 Counter32, tmnxIPsecSAStatsCryptoErrors Counter32, tmnxIPsecSAStatsReplayErrors Counter32, tmnxIPsecSAStatsSAErrors Counter32, tmnxIPsecSAStatsPolicyErrors Counter32, tmnxIPsecSAStatsEncapOverhead Counter32, tmnxIPsecSAStatsPreEncapFragCnt Counter64, tmnxIPsecSAStatsPreEncapFragLtSz Unsigned32, tmnxIPsecSAStatsPstEncapFragCnt Counter64, tmnxIPsecSAStatsPstEncapFragLtSz Unsigned32, tmnxIPsecSAStatsPfsDhGroup TmnxIkePolicyDHGroupOrZero, tmnxIPsecSAStatsMulticastIfName TNamedItemOrEmpty, tmnxIPsecSAStatsMulticastProt TIPsecMulticastProtocol } tmnxIPsecSAStatsBytesProcessed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsBytesProcessed indicates the number of bytes successfully processed for this SA." ::= { tmnxIPsecSAStatsEntry 1 } tmnxIPsecSAStatsBytesProcLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsBytesProcLow32 indicates the lower 32 bits of the value of tmnxIPsecSAStatsBytesProcessed." ::= { tmnxIPsecSAStatsEntry 2 } tmnxIPsecSAStatsBytesProcHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsBytesProcHigh32 indicates the higher 32 bits of the value of tmnxIPsecSAStatsBytesProcessed." ::= { tmnxIPsecSAStatsEntry 3 } tmnxIPsecSAStatsPktsProcessed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsPktsProcessed indicates the number of packets successfully processed for this SA." ::= { tmnxIPsecSAStatsEntry 4 } tmnxIPsecSAStatsPktsProcLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsPktsProcLow32 indicates the lower 32 bits of the value of tmnxIPsecSAStatsPktsProcessed." ::= { tmnxIPsecSAStatsEntry 5 } tmnxIPsecSAStatsPktsProcHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsPktsProcHigh32 indicates the higher 32 bits of the value of tmnxIPsecSAStatsPktsProcessed." ::= { tmnxIPsecSAStatsEntry 6 } tmnxIPsecSAStatsCryptoErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsCryptoErrors indicates the number of crypto errors encountered on this SA. When the value of tmnxIPsecSADirection is 'inbound (1)', the tmnxIPsecSAStatsCryptoErrors will be set for the following errors: MAC miscompare Pad errors Illegal configure algorithm Illegal authentication algorithm Inner IP checksum errors Payload alignment errors Sequence number errors Protocol errors When the value of tmnxIPsecSADirection is 'outbound (2)', the tmnxIPsecSAStatsCryptoErrors will be set for the following errors: Sequence wrap errors Illegal configure algorithm Illegal authentication algorithm Expanded packet too big TTL decrement errors" ::= { tmnxIPsecSAStatsEntry 7 } tmnxIPsecSAStatsReplayErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsReplayErrors indicates the number of replay errors encountered on this SA." ::= { tmnxIPsecSAStatsEntry 8 } tmnxIPsecSAStatsSAErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsSAErrors indicates the number of SA errors encountered on this SA. The SA errors means ISA tried to use a CHILD SA that is marked for deletion." ::= { tmnxIPsecSAStatsEntry 9 } tmnxIPsecSAStatsPolicyErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsPolicyErrors indicates the number of policy errors encountered on this SA. The policy errors include bundled SA, selector check and policy direction error." ::= { tmnxIPsecSAStatsEntry 10 } tmnxIPsecSAStatsEncapOverhead OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsEncapOverhead indicates the encapsulation overhead for this outbound SA. This value is only significant when the value of tmnxIPsecSADirection is 'outbound'." ::= { tmnxIPsecSAStatsEntry 11 } tmnxIPsecSAStatsPreEncapFragCnt OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsPreEncapFragCnt indicates the number of fragmentations that occurred prior to encapsulation for this outbound SA. Pre-encapsulation fragmentation occurs for IPv4 packets whose size exceeds tmnxIPsecTunnelIpMtu. This value is only significant when the value of tmnxIPsecSADirection is 'outbound'." ::= { tmnxIPsecSAStatsEntry 12 } tmnxIPsecSAStatsPreEncapFragLtSz OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsPreEncapFragLtSz indicates the size of the last packet which caused a pre-encapsulation fragmentation to occur for this SA. This value is only significant when the value of tmnxIPsecSADirection is 'outbound'." ::= { tmnxIPsecSAStatsEntry 13 } tmnxIPsecSAStatsPstEncapFragCnt OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsPstEncapFragCnt indicates the number of fragmentations that occurred after encapsulation for this SA. Post-encapsulation fragmentation occurs when the encapsulated packet size exceeds tmnxIPsecTunnelEncapIpMtu. This value is only significant when the value of tmnxIPsecSADirection is 'outbound'." ::= { tmnxIPsecSAStatsEntry 14 } tmnxIPsecSAStatsPstEncapFragLtSz OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsPstEncapFragLtSz indicates the size of the last encapsulated packet which caused a post-encapsulation fragmentation to occur for this SA. This value is only significant when the value of tmnxIPsecSADirection is 'outbound'." ::= { tmnxIPsecSAStatsEntry 15 } tmnxIPsecSAStatsPfsDhGroup OBJECT-TYPE SYNTAX TmnxIkePolicyDHGroupOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsPfsDhGroup indicates the Diffie-Hellman (DH) group used with this SA. The Diffie-Hellman (DH) group is used by the SA to achieve Perfect Forward Secrecy (PFS)." ::= { tmnxIPsecSAStatsEntry 17 } tmnxIPsecSAStatsMulticastIfName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsMulticastIfName indicates the multicast interface name associated with this SA. This value is only significant when the value of tmnxIPsecSAType is 'dynamic (2)' and the value of tmnxIPsecSADirection is 'outbound (2)'." ::= { tmnxIPsecSAStatsEntry 18 } tmnxIPsecSAStatsMulticastProt OBJECT-TYPE SYNTAX TIPsecMulticastProtocol MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSAStatsMulticastProt indicates the supported protocol types of the multicast interface associated to this RA. This value is only significant when the value of tmnxIPsecSAType is 'dynamic (2)' and the value of tmnxIPsecSADirection is 'outbound (2)'." ::= { tmnxIPsecSAStatsEntry 19 } tmnxIPsecMdaDpStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecMdaDpStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to retrieve the IPsec Mda Data Path Statistics entries." ::= { tmnxIPsecObjects 15 } tmnxIPsecMdaDpStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecMdaDpStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec Mda Data Path Statistics entry." INDEX { tmnxChassisIndex, tmnxCardSlotNum, tmnxMDASlotNum } ::= { tmnxIPsecMdaDpStatsTable 1 } TmnxIPsecMdaDpStatsEntry ::= SEQUENCE { tmnxIPsecMdaDpStatsEncryptPkts Counter64, tmnxIPsecMdaDpStatsEncryptPktsLow32 Counter32, tmnxIPsecMdaDpStatsEncryptPktsHigh32 Counter32, tmnxIPsecMdaDpStatsEncryptBytes Counter64, tmnxIPsecMdaDpStatsEncryptBytesLow32 Counter32, tmnxIPsecMdaDpStatsEncryptBytesHigh32 Counter32, tmnxIPsecMdaDpStatsDecryptPkts Counter64, tmnxIPsecMdaDpStatsDecryptPktsLow32 Counter32, tmnxIPsecMdaDpStatsDecryptPktsHigh32 Counter32, tmnxIPsecMdaDpStatsDecryptBytes Counter64, tmnxIPsecMdaDpStatsDecryptBytesLow32 Counter32, tmnxIPsecMdaDpStatsDecryptBytesHigh32 Counter32, tmnxIPsecMdaDpStatsTxPktErrs Counter32, tmnxIPsecMdaDpStatsOutBDropPkts Counter64, tmnxIPsecMdaDpStatsOutBDropPktsLow32 Counter32, tmnxIPsecMdaDpStatsOutBDropPktsHigh32 Counter32, tmnxIPsecMdaDpStatsOutBSAMisses Counter64, tmnxIPsecMdaDpStatsOutBSAMissesLow32 Counter32, tmnxIPsecMdaDpStatsOutBSAMissesHigh32 Counter32, tmnxIPsecMdaDpStatsOutBPolicyEntryMisses Counter32, tmnxIPsecMdaDpStatsInBDropPkts Counter64, tmnxIPsecMdaDpStatsInBDropPktsLow32 Counter32, tmnxIPsecMdaDpStatsInBDropPktsHigh32 Counter32, tmnxIPsecMdaDpStatsInBSAMisses Counter64, tmnxIPsecMdaDpStatsInBSAMissesLow32 Counter32, tmnxIPsecMdaDpStatsInBSAMissesHigh32 Counter32, tmnxIPsecMdaDpStatsInBIPDstSrcMismatches Counter32, tmnxIPsecMdaDpInFragments Counter64, tmnxIPsecMdaDpInFragmentsLow32 Counter32, tmnxIPsecMdaDpInFragmentsHigh32 Counter32, tmnxIPsecMdaDpPktsReassem Counter64, tmnxIPsecMdaDpPktsReassemLow32 Counter32, tmnxIPsecMdaDpPktsReassemHigh32 Counter32, tmnxIPsecMdaDpFragDropTime Counter64, tmnxIPsecMdaDpFragDropTimeLow32 Counter32, tmnxIPsecMdaDpFragDropTimeHigh32 Counter32, tmnxIPsecMdaDpFragDropped Counter64, tmnxIPsecMdaDpFragDroppedLow32 Counter32, tmnxIPsecMdaDpFragDroppedHigh32 Counter32, tmnxIPsecMdaDpGreTnlInPkts Counter64, tmnxIPsecMdaDpGreTnlInPktsLo Counter32, tmnxIPsecMdaDpGreTnlInPktsHi Counter32, tmnxIPsecMdaDpGreTnlInBytes Counter64, tmnxIPsecMdaDpGreTnlInBytesLo Counter32, tmnxIPsecMdaDpGreTnlInBytesHi Counter32, tmnxIPsecMdaDpGreTnlInErrs Counter64, tmnxIPsecMdaDpGreTnlInErrsLo Counter32, tmnxIPsecMdaDpGreTnlInErrsHi Counter32, tmnxIPsecMdaDpGreTnlOutPkts Counter64, tmnxIPsecMdaDpGreTnlOutPktsLo Counter32, tmnxIPsecMdaDpGreTnlOutPktsHi Counter32, tmnxIPsecMdaDpGreTnlOutBytes Counter64, tmnxIPsecMdaDpGreTnlOutBytesLo Counter32, tmnxIPsecMdaDpGreTnlOutBytesHi Counter32, tmnxIPsecMdaDpGreTnlOutErrs Counter64, tmnxIPsecMdaDpGreTnlOutErrsLo Counter32, tmnxIPsecMdaDpGreTnlOutErrsHi Counter32, tmnxIPsecMdaDpPktsDropDfSet Counter64, tmnxIPsecMdaDpPktsDropDfSetLo Counter32, tmnxIPsecMdaDpPktsDropDfSetHi Counter32, tmnxIPsecMdaDpStaticIPsecTnls Counter32, tmnxIPsecMdaDpDynIPsecTnls Counter32, tmnxIPsecMdaDpIpGreTnls Counter32, tmnxIPsecMdaDpIpv4Tnls Counter32, tmnxIPsecMdaDpL2tpv3TnlInPkts Counter64, tmnxIPsecMdaDpL2tpv3TnlInBytes Counter64, tmnxIPsecMdaDpL2tpv3TnlInErrs Counter64, tmnxIPsecMdaDpL2tpv3TnlInCookErr Counter64, tmnxIPsecMdaDpL2tpv3TnlInSeIdErr Counter64, tmnxIPsecMdaDpL2tpv3TnlOutPkts Counter64, tmnxIPsecMdaDpL2tpv3TnlOutBytes Counter64, tmnxIPsecMdaDpL2tpv3TnlOutErrs Counter64, tmnxIPsecMdaDpL2tpv3Tnls Counter32 } tmnxIPsecMdaDpStatsEncryptPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsEncryptPkts indicates the number of packets encrypted by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 1 } tmnxIPsecMdaDpStatsEncryptPktsLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsEncryptPktsLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpStatsEncryptPkts." ::= { tmnxIPsecMdaDpStatsEntry 2 } tmnxIPsecMdaDpStatsEncryptPktsHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsEncryptPktsHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpStatsEncryptPkts." ::= { tmnxIPsecMdaDpStatsEntry 3 } tmnxIPsecMdaDpStatsEncryptBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsEncryptBytes indicates the number of bytes encrypted by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 4 } tmnxIPsecMdaDpStatsEncryptBytesLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsEncryptBytesLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpStatsEncryptBytes." ::= { tmnxIPsecMdaDpStatsEntry 5 } tmnxIPsecMdaDpStatsEncryptBytesHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsEncryptBytesHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpStatsEncryptBytes." ::= { tmnxIPsecMdaDpStatsEntry 6 } tmnxIPsecMdaDpStatsDecryptPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsDecryptPkts indicates the number of packets encrypted by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 7 } tmnxIPsecMdaDpStatsDecryptPktsLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsDecryptPktsLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpStatsDecryptPkts." ::= { tmnxIPsecMdaDpStatsEntry 8 } tmnxIPsecMdaDpStatsDecryptPktsHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsDecryptPktsHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpStatsDecryptPkts." ::= { tmnxIPsecMdaDpStatsEntry 9 } tmnxIPsecMdaDpStatsDecryptBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsDecryptBytes indicates the number of bytes encrypted by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 10 } tmnxIPsecMdaDpStatsDecryptBytesLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsDecryptBytesLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpStatsDecryptBytes." ::= { tmnxIPsecMdaDpStatsEntry 11 } tmnxIPsecMdaDpStatsDecryptBytesHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsDecryptBytesHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpStatsDecryptBytes." ::= { tmnxIPsecMdaDpStatsEntry 12 } tmnxIPsecMdaDpStatsTxPktErrs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsTxPktErrs indicates the number of packets transmit failures by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 13 } tmnxIPsecMdaDpStatsOutBDropPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsOutBDropPkts indicates the number of packets dropped before and during outbound (encryption) processing by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 14 } tmnxIPsecMdaDpStatsOutBDropPktsLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsOutBDropPktsLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpStatsOutBDropPkts." ::= { tmnxIPsecMdaDpStatsEntry 15 } tmnxIPsecMdaDpStatsOutBDropPktsHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsOutBDropPktsHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpStatsOutBDropPkts." ::= { tmnxIPsecMdaDpStatsEntry 16 } tmnxIPsecMdaDpStatsOutBSAMisses OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsOutBSAMisses indicates the number of packets dropped before outbound (encryption) processing by the IPsec data path due to no SA (security association) present." ::= { tmnxIPsecMdaDpStatsEntry 17 } tmnxIPsecMdaDpStatsOutBSAMissesLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsOutBSAMissesLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpStatsOutBSAMisses." ::= { tmnxIPsecMdaDpStatsEntry 18 } tmnxIPsecMdaDpStatsOutBSAMissesHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsOutBSAMissesHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpStatsOutBSAMisses." ::= { tmnxIPsecMdaDpStatsEntry 19 } tmnxIPsecMdaDpStatsOutBPolicyEntryMisses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsOutBPolicyEntryMisses indicates the number of packets dropped before outbound (encryption) processing by the IPsec data path due to no matching Policy Entry." ::= { tmnxIPsecMdaDpStatsEntry 20 } tmnxIPsecMdaDpStatsInBDropPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsInBDropPkts indicates the number of packets dropped before and during inbound (decryption) processing by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 21 } tmnxIPsecMdaDpStatsInBDropPktsLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsInBDropPktsLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpStatsInBDropPkts." ::= { tmnxIPsecMdaDpStatsEntry 22 } tmnxIPsecMdaDpStatsInBDropPktsHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsInBDropPktsHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpStatsInBDropPkts." ::= { tmnxIPsecMdaDpStatsEntry 23 } tmnxIPsecMdaDpStatsInBSAMisses OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsInBSAMisses indicates the number of packets dropped before inbound (decryption) processing by the IPsec data path due to no SA (security association) present." ::= { tmnxIPsecMdaDpStatsEntry 24 } tmnxIPsecMdaDpStatsInBSAMissesLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsInBSAMissesLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpStatsInBSAMisses." ::= { tmnxIPsecMdaDpStatsEntry 25 } tmnxIPsecMdaDpStatsInBSAMissesHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsInBSAMissesHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpStatsInBSAMisses." ::= { tmnxIPsecMdaDpStatsEntry 26 } tmnxIPsecMdaDpStatsInBIPDstSrcMismatches OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStatsInBIPDstSrcMismatches indicates the number of packets dropped before inbound (decryption) processing by the IPsec data path due to the received packet's outer IP destination or source address does not match the Tunnel's local or peer gateway address." ::= { tmnxIPsecMdaDpStatsEntry 27 } tmnxIPsecMdaDpInFragments OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpInFragments indicates the number of fragments received by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 28 } tmnxIPsecMdaDpInFragmentsLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpInFragmentsLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpInFragments." ::= { tmnxIPsecMdaDpStatsEntry 29 } tmnxIPsecMdaDpInFragmentsHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpInFragmentsHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpInFragments." ::= { tmnxIPsecMdaDpStatsEntry 30 } tmnxIPsecMdaDpPktsReassem OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpPktsReassem indicates the number of packets reassembled by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 31 } tmnxIPsecMdaDpPktsReassemLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpPktsReassemLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpPktsReassem." ::= { tmnxIPsecMdaDpStatsEntry 32 } tmnxIPsecMdaDpPktsReassemHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpPktsReassemHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpPktsReassem." ::= { tmnxIPsecMdaDpStatsEntry 33 } tmnxIPsecMdaDpFragDropTime OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpFragDropTime indicates the number of fragments dropped due to timeout by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 34 } tmnxIPsecMdaDpFragDropTimeLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpFragDropTimeLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpFragDropTime." ::= { tmnxIPsecMdaDpStatsEntry 35 } tmnxIPsecMdaDpFragDropTimeHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpFragDropTimeHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpFragDropTime." ::= { tmnxIPsecMdaDpStatsEntry 36 } tmnxIPsecMdaDpFragDropped OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpFragDropped indicates the number of total fragments dropped by the IPsec data path." ::= { tmnxIPsecMdaDpStatsEntry 37 } tmnxIPsecMdaDpFragDroppedLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpFragDroppedLow32 indicates the lower 32 bits of the value of tmnxIPsecMdaDpFragDropped." ::= { tmnxIPsecMdaDpStatsEntry 38 } tmnxIPsecMdaDpFragDroppedHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpFragDroppedHigh32 indicates the higher 32 bits of the value of tmnxIPsecMdaDpFragDropped." ::= { tmnxIPsecMdaDpStatsEntry 39 } tmnxIPsecMdaDpGreTnlInPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlInPkts indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 40 } tmnxIPsecMdaDpGreTnlInPktsLo OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlInPktsLo indicates the lower 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 41 } tmnxIPsecMdaDpGreTnlInPktsHi OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlInPktsHi indicates the higher 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 42 } tmnxIPsecMdaDpGreTnlInBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlInBytes indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 43 } tmnxIPsecMdaDpGreTnlInBytesLo OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlInBytesLo indicates the lower 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 44 } tmnxIPsecMdaDpGreTnlInBytesHi OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlInBytesHi indicates the higher 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 45 } tmnxIPsecMdaDpGreTnlInErrs OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlInErrs indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 46 } tmnxIPsecMdaDpGreTnlInErrsLo OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlInErrsLo indicates the lower 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 47 } tmnxIPsecMdaDpGreTnlInErrsHi OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlInErrsHi indicates the higher 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 48 } tmnxIPsecMdaDpGreTnlOutPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlOutPkts indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 49 } tmnxIPsecMdaDpGreTnlOutPktsLo OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlOutPktsLo indicates the lower 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 50 } tmnxIPsecMdaDpGreTnlOutPktsHi OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlOutPktsHi indicates the higher 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 51 } tmnxIPsecMdaDpGreTnlOutBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlOutBytes indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 52 } tmnxIPsecMdaDpGreTnlOutBytesLo OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlOutBytesLo indicates the lower 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 53 } tmnxIPsecMdaDpGreTnlOutBytesHi OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlOutBytesHi indicates the higher 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 54 } tmnxIPsecMdaDpGreTnlOutErrs OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlOutErrs indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 55 } tmnxIPsecMdaDpGreTnlOutErrsLo OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlOutErrsLo indicates the lower 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 56 } tmnxIPsecMdaDpGreTnlOutErrsHi OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpGreTnlOutErrsHi indicates the higher 32 bits of the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 57 } tmnxIPsecMdaDpPktsDropDfSet OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpPktsDropDfSet indicates the number of packets with DF bit set dropped in this Tunnel exceeding MTU size and with clear tunnel DF bit not set." ::= { tmnxIPsecMdaDpStatsEntry 58 } tmnxIPsecMdaDpPktsDropDfSetLo OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpPktsDropDfSetLo indicates lower 32 bits of the value of tmnxIPsecMdaDpPktsDropDfSet object." ::= { tmnxIPsecMdaDpStatsEntry 59 } tmnxIPsecMdaDpPktsDropDfSetHi OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpPktsDropDfSetHi indicates higher 32 bits of the value of tmnxIPsecMdaDpPktsDropDfSet object." ::= { tmnxIPsecMdaDpStatsEntry 60 } tmnxIPsecMdaDpStaticIPsecTnls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpStaticIPsecTnls indicates number of configured static IPsec tunnels on the MDA." ::= { tmnxIPsecMdaDpStatsEntry 61 } tmnxIPsecMdaDpDynIPsecTnls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpDynIPsecTnls indicates number of dynamic IPsec tunnels in use on the MDA." ::= { tmnxIPsecMdaDpStatsEntry 62 } tmnxIPsecMdaDpIpGreTnls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpIpGreTnls indicates number of configured IP tunnels (with GRE headers) on the MDA." ::= { tmnxIPsecMdaDpStatsEntry 63 } tmnxIPsecMdaDpIpv4Tnls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpIpv4Tnls indicates number of configured IPv4 tunnels on the MDA." ::= { tmnxIPsecMdaDpStatsEntry 64 } tmnxIPsecMdaDpL2tpv3TnlInPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpL2tpv3TnlInPkts indicates the number of packets received by the Layer Two Tunneling Protocol (L2TP) version 3 (L2TPv3) tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 65 } tmnxIPsecMdaDpL2tpv3TnlInBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpL2tpv3TnlInBytes indicates the number of bytes received by the L2TPv3 tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 66 } tmnxIPsecMdaDpL2tpv3TnlInErrs OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpL2tpv3TnlInErrs indicates the number of packets dropped while receiving by the L2TPv3 tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 67 } tmnxIPsecMdaDpL2tpv3TnlInCookErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpL2tpv3TnlInCookErr indicates the number of packets dropped because the Cookie value received by the L2TPv3 tunnel data path did not match the Cookie value negotiated during session establishment." ::= { tmnxIPsecMdaDpStatsEntry 68 } tmnxIPsecMdaDpL2tpv3TnlInSeIdErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpL2tpv3TnlInSeIdErr indicates the number of packets dropped because the Session ID value received by the L2TPv3 tunnel data path did not match the Session ID value negotiated during session establishment." ::= { tmnxIPsecMdaDpStatsEntry 69 } tmnxIPsecMdaDpL2tpv3TnlOutPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpL2tpv3TnlOutPkts indicates the number of packets transmitted by the L2TPv3 tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 70 } tmnxIPsecMdaDpL2tpv3TnlOutBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpL2tpv3TnlOutBytes indicates the number of bytes transmitted by the L2TPv3 tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 71 } tmnxIPsecMdaDpL2tpv3TnlOutErrs OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpL2tpv3TnlOutErrs indicates the number of packets dropped while transmitting by the L2TPv3 tunnel data path." ::= { tmnxIPsecMdaDpStatsEntry 72 } tmnxIPsecMdaDpL2tpv3Tnls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecMdaDpL2tpv3Tnls indicates number of configured L2TPv3 tunnels on the MDA." ::= { tmnxIPsecMdaDpStatsEntry 73 } tIPsecTnlTempTblLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTnlTempTblLastChanged indicates the sysUpTime at the time of the last modification to tIPsecTnlTempTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 16 } tIPsecTnlTempTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecTnlTempEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IPsec tunnel template entries." ::= { tmnxIPsecObjects 17 } tIPsecTnlTempEntry OBJECT-TYPE SYNTAX TIPsecTnlTempEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec tunnel template entry." INDEX { tIPsecTnlTempId } ::= { tIPsecTnlTempTable 1 } TIPsecTnlTempEntry ::= SEQUENCE { tIPsecTnlTempId TmnxIPsecTunnelTemplateId, tIPsecTnlTempRowStatus RowStatus, tIPsecTnlTempLastChanged TimeStamp, tIPsecTnlTempDescr TItemDescription, tIPsecTnlTempReverseRoute INTEGER, tIPsecTnlTempDynKeyTransformId1 TmnxIPsecTransformIdOrZero, tIPsecTnlTempDynKeyTransformId2 TmnxIPsecTransformIdOrZero, tIPsecTnlTempDynKeyTransformId3 TmnxIPsecTransformIdOrZero, tIPsecTnlTempDynKeyTransformId4 TmnxIPsecTransformIdOrZero, tIPsecTnlTempReplayWindow Unsigned32, tIPsecTnlTempIpMtu Unsigned32, tIPsecTnlTempEncapIpMtu Unsigned32, tIPsecTnlTempIcmp6Pkt2Big TruthValue, tIPsecTnlTempIcmp6NumPkt2Big Unsigned32, tIPsecTnlTempIcmp6Pkt2BigTime Unsigned32, tIPsecTnlTempClearDfBit TruthValue, tIPsecTnlTempPublicTcpMssAdjust Integer32, tIPsecTnlTempPrivateTcpMssAdjust Integer32, tIPsecTnlTempIgnoreDefaultRoute TruthValue } tIPsecTnlTempId OBJECT-TYPE SYNTAX TmnxIPsecTunnelTemplateId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecTnlTempId specifies the id of a tunnel template entry and is the primary index for the table tIPsecTnlTempTable." ::= { tIPsecTnlTempEntry 1 } tIPsecTnlTempRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tIPsecTnlTempRowStatus object is used to create and delete rows in the tIPsecTnlTempTable." ::= { tIPsecTnlTempEntry 2 } tIPsecTnlTempLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTnlTempLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tIPsecTnlTempEntry 3 } tIPsecTnlTempDescr OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempDescr specifies the user-provided description for the template." DEFVAL { "" } ::= { tIPsecTnlTempEntry 4 } tIPsecTnlTempReverseRoute OBJECT-TYPE SYNTAX INTEGER { none (0), reverseRoute (1), useSecurityPolicy (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempReverseRoute specifies whether node using this template will accept framed-routes sent by radius server and install them for the lifetime of the tunnel as managed routes. If this object is set to 'useSecurityPolicy' then the node using this template will add a route to every client-side-protected-subnet as signaled by the client. The value of 'reverseRoute' is not supported by the current release." DEFVAL { none } ::= { tIPsecTnlTempEntry 5 } tIPsecTnlTempDynKeyTransformId1 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempDynKeyTransformId1 specifies the first transform-id for this IPSec Tunnel template to use." DEFVAL { 0 } ::= { tIPsecTnlTempEntry 6 } tIPsecTnlTempDynKeyTransformId2 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempDynKeyTransformId2 specifies the second transform-id for this IPSec Tunnel template to use." DEFVAL { 0 } ::= { tIPsecTnlTempEntry 7 } tIPsecTnlTempDynKeyTransformId3 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempDynKeyTransformId3 specifies the third transform-id for this IPSec Tunnel template to use." DEFVAL { 0 } ::= { tIPsecTnlTempEntry 8 } tIPsecTnlTempDynKeyTransformId4 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempDynKeyTransformId4 specifies the fourth transform-id for this IPSec Tunnel template to use." DEFVAL { 0 } ::= { tIPsecTnlTempEntry 9 } tIPsecTnlTempReplayWindow OBJECT-TYPE SYNTAX Unsigned32 (0 | 32 | 64 | 128 | 256 | 512) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempReplayWindow specifies the size of the anti-replay window for the template. If the value of tmnxIPsecTunnelReplayWindow is set to 0, then the anti-replay feature is disabled." DEFVAL { 0 } ::= { tIPsecTnlTempEntry 10 } tIPsecTnlTempIpMtu OBJECT-TYPE SYNTAX Unsigned32 (0 | 512..9000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempIpMtu specifies the MTU size for IP packets for this tunnel. A value set to zero indicates maximum supported MTU size on the SAP for this tunnel." DEFVAL { 0 } ::= { tIPsecTnlTempEntry 11 } tIPsecTnlTempEncapIpMtu OBJECT-TYPE SYNTAX Unsigned32 (0 | 512..9000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempEncapIpMtu specifies the MTU size for IP packets after tunnel encapsulation has been added. A value set to zero indicates maximum supported MTU size on the SAP for this tunnel." DEFVAL { 0 } ::= { tIPsecTnlTempEntry 12 } tIPsecTnlTempIcmp6Pkt2Big OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempIcmp6Pkt2Big specifies whether packet-too-big ICMP messages should be sent. When it is set to 'true', ICMPv6 packet-too-big messages are generated by this IPsec tunnel. When tIPsecTnlTempIcmp6Pkt2Big is set to 'false (2)', ICMPv6 packet-too-big messages are not sent. When the value of tIPsecTnlTempIcmp6Pkt2Big is 'false (2)', it must be set in the same SNMP PDU as tIPsecTnlTempIcmp6NumPkt2Big and tIPsecTnlTempIcmp6Pkt2BigTime. The value of tIPsecTnlTempIcmp6NumPkt2Big and tIPsecTnlTempIcmp6Pkt2BigTime must be their default values." DEFVAL { true } ::= { tIPsecTnlTempEntry 14 } tIPsecTnlTempIcmp6NumPkt2Big OBJECT-TYPE SYNTAX Unsigned32 (10..1000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempIcmp6NumPkt2Big specifies how many packet-too-big ICMPv6 messages are transmitted in the time frame specified by tIPsecTnlTempIcmp6Pkt2BigTime. This value must be set in the same SNMP SET PDU as tIPsecTnlTempIcmp6Pkt2Big." DEFVAL { 100 } ::= { tIPsecTnlTempEntry 15 } tIPsecTnlTempIcmp6Pkt2BigTime OBJECT-TYPE SYNTAX Unsigned32 (1..60) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempIcmp6Pkt2BigTime specifies the time frame in seconds that is used to limit the number of packet-too-big ICMPv6 messages transmitted per time frame. This value must be set in the same SNMP SET PDU as tIPsecTnlTempIcmp6Pkt2Big." DEFVAL { 10 } ::= { tIPsecTnlTempEntry 16 } tIPsecTnlTempClearDfBit OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempClearDfBit specifies whether to clear Do not Fragment (DF) bit in the outgoing packets for tunnels created using this template." DEFVAL { false } ::= { tIPsecTnlTempEntry 17 } tIPsecTnlTempPublicTcpMssAdjust OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 512..9000) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempPublicTcpMssAdjust specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the public network to the private network. The system may use this value to adjust or insert the MSS option in TCP SYN packet. The TCP MSS adjustment functionality on the public side network is disabled when the following conditions are met. 1) The value of tIPsecTnlTempPublicTcpMssAdjust is '-1' or 2) The values of tIPsecTnlTempPublicTcpMssAdjust and tIPsecTnlTempEncapIpMtu are both '0'. When the system receives a TCP SYN packet from the public network and this packet contains an MSS option, the system replaces the MSS option value with a new MSS when the new MSS is smaller than the MSS option value. When the system receives a TCP SYN packet from the public network and this packet does not contain an MSS option, the system inserts one with a new MSS. The new MSS is calculated based on the following rules. 1) When the value of tIPsecTnlTempPublicTcpMssAdjust is '0' and tIPsecTnlTempEncapIpMtu has a non-zero value, New MSS = tIPsecTnlTempEncapIpMtu - total header size (e.g., encryption, encapsulation, TCP and IP headers) 2) When the value of tIPsecTnlTempPublicTcpMssAdjust is in the range of (512..9000) New MSS = tIPsecTnlTempPublicTcpMssAdjust" REFERENCE "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012" DEFVAL { -1 } ::= { tIPsecTnlTempEntry 23 } tIPsecTnlTempPrivateTcpMssAdjust OBJECT-TYPE SYNTAX Integer32 (-1 | 512..9000) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTnlTempPrivateTcpMssAdjust specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the private network to the public network. The system may use this value to adjust or insert the MSS option in TCP SYN packet. The value of '-1' specifies that the TCP MSS adjustment functionality on the private side is disabled. When the system receives a TCP SYN packet from the private network and this packet contains an MSS option, the system replaces the MSS option value with tIPsecTnlTempPrivateTcpMssAdjust when the value of tIPsecTnlTempPrivateTcpMssAdjust is smaller than the MSS option value. When the system receives a TCP SYN packet from the private network and this packet does not contain an MSS option, the system inserts one whose MSS is equal to tIPsecTnlTempPrivateTcpMssAdjust." REFERENCE "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012" DEFVAL { -1 } ::= { tIPsecTnlTempEntry 24 } tIPsecTnlTempIgnoreDefaultRoute OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value 'false' for tIPsecTnlTempIgnoreDefaultRoute will cause the IPsec gateway to remove dynamic lan-to-lan tunnels whenever IKE negotiates a remote traffic selector containing a default route (0.0.0.0/0 or ::/0). The value 'true' will cause the IPsec gateway to ignore such default routes in negotiated remote traffic selectors, thereby retaining the associated dynamic lan-to-lan tunnels with no impact on IPsec-managed reverse routes." DEFVAL { false } ::= { tIPsecTnlTempEntry 25 } tmnxIPsecGWTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWTblLastChgd indicates the sysUpTime at the time of the last modification of tmnxIPsecGWTable. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 18 } tmnxIPsecGWTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecGWEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains SAP IPSec gateway information." ::= { tmnxIPsecObjects 19 } tmnxIPsecGWEntry OBJECT-TYPE SYNTAX TmnxIPsecGWEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a SAP IPSec gateway." INDEX { svcId, sapPortId, sapEncapValue } ::= { tmnxIPsecGWTable 1 } TmnxIPsecGWEntry ::= SEQUENCE { tmnxIPsecGWRowStatus RowStatus, tmnxIPsecGWLastMgmtChange TimeStamp, tmnxIPsecGWAdminState TmnxAdminState, tmnxIPsecGWOperState TmnxIPsecOperState, tmnxIPsecGWTunnelPolicyTemp TmnxIPsecTunnelTemplateIdOrZero, tmnxIPsecGWSecureService TmnxServId, tmnxIPsecGWIfName TNamedItemOrEmpty, tmnxIPsecGWInetAddrType InetAddressType, tmnxIPsecGWInetAddress InetAddress, tmnxIPsecGWIkePolicyId TmnxIkePolicyIdOrZero, tmnxIPsecGWIkePreShared OCTET STRING, tmnxIPsecGWLclX509Cert DisplayString, tmnxIPsecGWLclPrivateKey DisplayString, tmnxIPsecGWOperFlags BITS, tmnxIPsecGWCACert DisplayString, tmnxIPsecGWCACertRevocList DisplayString, tmnxIPsecGWName TNamedItem, tmnxIPsecGWCertTrustAnchor TNamedItemOrEmpty, tmnxIPsecGWLocalIdType TmnxIPsecLocalIdType, tmnxIPsecGWLocalIdValue DisplayString, tmnxIPsecGWCSVPrimary TmnxCertRevStatus, tmnxIPsecGWCSVSecondary TmnxCertRevStatusOrNone, tmnxIPsecGWCSVDefResult INTEGER, tmnxIPsecGWRadAcctgPolicy TNamedItemOrEmpty, tmnxIPsecGWRadAuthPolicy TNamedItemOrEmpty, tmnxIPsecGWCertProfile TNamedItemOrEmpty, tmnxIPsecGWCertTrstAnchrProf TNamedItemOrEmpty, tmnxIPsecGWClientDatabaseName TNamedItemOrEmpty, tmnxIPsecGWClientDatabasFallback TruthValue, tmnxIPsecGWMaxNumPh1SaKeys Unsigned32, tmnxIPsecGWMaxNumPh2SaKeys Unsigned32, tmnxIPsecGWSecureServiceName TLNamedItemOrEmpty } tmnxIPsecGWRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWRowStatus controls the creation and deletion of rows in this table." ::= { tmnxIPsecGWEntry 1 } tmnxIPsecGWLastMgmtChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWLastMgmtChange indicates the value of sysUpTime at the time of the last management change of any writable object of this row." ::= { tmnxIPsecGWEntry 2 } tmnxIPsecGWAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWAdminState specifies the administrative state of SAP IPSec gateway entry." DEFVAL { outOfService } ::= { tmnxIPsecGWEntry 3 } tmnxIPsecGWOperState OBJECT-TYPE SYNTAX TmnxIPsecOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWOperState indicates the operating state of the SAP IPSec gateway." ::= { tmnxIPsecGWEntry 4 } tmnxIPsecGWTunnelPolicyTemp OBJECT-TYPE SYNTAX TmnxIPsecTunnelTemplateIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWTunnelPolicyTemp specifies the TIMETRA-IPSEC-MIB::tIPsecTnlTempId used by this SAP IPSec gateway." DEFVAL { 0 } ::= { tmnxIPsecGWEntry 5 } tmnxIPsecGWSecureService OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWSecureService specifies the service identifier of the default security service used by this SAP IPSec gateway. The values of tmnxIPsecGWSecureService and tmnxIPsecGWSecureServiceName must be mutually exclusive and cannot simultaneously have non-default values." DEFVAL { 0 } ::= { tmnxIPsecGWEntry 6 } tmnxIPsecGWIfName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWIfName specifies the IPSec interface used by the SAP." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 7 } tmnxIPsecGWInetAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWInetAddrType specifies the address type of the SAP IPSec gateway." DEFVAL { unknown } ::= { tmnxIPsecGWEntry 8 } tmnxIPsecGWInetAddress OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "This value of tmnxIPsecGWInetAddress specifies the address of the SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 9 } tmnxIPsecGWIkePolicyId OBJECT-TYPE SYNTAX TmnxIkePolicyIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWIkePolicyId specifies the policy id for this SAP IPSec gateway." DEFVAL { 0 } ::= { tmnxIPsecGWEntry 10 } tmnxIPsecGWIkePreShared OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWIkePreShared specifies the shared secret between the two peers forming the tunnel for the SAP IPSec gateway. The value of this object cannot contain double quotes or non-printable characters." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 11 } tmnxIPsecGWLclX509Cert OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIPsecGWLclX509Cert specifies the path-name of the local X509 Certificate to be used with this SAP IPSec gateway. This object has been marked obsolete in SROS Release 15.0. The functionality of this object is replaced by tmnxIPsecGWCertProfile." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 12 } tmnxIPsecGWLclPrivateKey OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIPsecGWLclPrivateKey specifies the path-name of the local private key to be used with this SAP IPSec gateway. This object has been marked obsolete in SROS Release 15.0. The functionality of this object is replaced by tmnxIPsecGWCertProfile." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 13 } tmnxIPsecGWOperFlags OBJECT-TYPE SYNTAX BITS { localIpUnreachable (0), gatewayAdminDown (1), x509CertUnavailable (2), privateKeyUnavailable (3), caCertUnavailable (4), caCRLUnavailable (5), trustAnchorsDown (6), certProfileDown (7), invalidCertKeyCombo (8), ikeNotReady (9) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWOperFlags indicates the reason why the gateway is operationally down." ::= { tmnxIPsecGWEntry 14 } tmnxIPsecGWCACert OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIPsecGWCACert specifies the path-name of the Certificate from the Certificate-Authority to be used with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 15 } tmnxIPsecGWCACertRevocList OBJECT-TYPE SYNTAX DisplayString (SIZE (0..180)) MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIPsecGWCACertRevocList specifies the path-name of the Certificate Revocation List (CRL) from Certificate-Authority to be used with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 16 } tmnxIPsecGWName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWName specifies the name for this IPSec gateway. An 'inconsistentValue' error is returned if value of this object is not set to unique value at the time of creation." ::= { tmnxIPsecGWEntry 17 } tmnxIPsecGWCertTrustAnchor OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIPsecGWCertTrustAnchor specifies the name for Certificate-Authority Profile name associated with this SAP IPSec gateway certificate. An 'inconsistentValue' error is returned if this object is modified when tmnxIPsecGWAdminState is in 'inService' state. This object has been marked obsolete in SROS Release 15.0. The functionality of this object is replaced by tmnxIPsecGWCertTrstAnchrProf." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 18 } tmnxIPsecGWLocalIdType OBJECT-TYPE SYNTAX TmnxIPsecLocalIdType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWLocalIdType specifies the local identifier of 7750 used for IDi or IDr for IKEv2. An 'inconsistentValue' error is returned if this object is modified when tmnxIPsecGWAdminState is in 'inService' state." DEFVAL { none } ::= { tmnxIPsecGWEntry 19 } tmnxIPsecGWLocalIdValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWLocalIdValue specifies the value associated with tmnxIPsecGWLocalIdType object. Value is extracted from the configured certificate when tmnxIPsecGWLocalIdType is set to 'dn'." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 20 } tmnxIPsecGWCSVPrimary OBJECT-TYPE SYNTAX TmnxCertRevStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWCSVPrimary specifies the primary method of Certificate Status Verification (CSV) that is used to verify revocation status of the certificate of the peer. This value must be set in the same PDU as tmnxIPsecGWCSVSecondary if the value of tmnxIPsecGWAdminState is equal to 'inService (2)'." DEFVAL { crl } ::= { tmnxIPsecGWEntry 21 } tmnxIPsecGWCSVSecondary OBJECT-TYPE SYNTAX TmnxCertRevStatusOrNone MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWCSVSecondary specifies the secondary method of Certificate Status Verification (CSV) that is used to verify revocation status of the certificate of the peer. This value must be set in the same PDU as tmnxIPsecGWCSVPrimary if the value of tmnxIPsecGWAdminState is equal to 'inService (2)'." DEFVAL { none } ::= { tmnxIPsecGWEntry 22 } tmnxIPsecGWCSVDefResult OBJECT-TYPE SYNTAX INTEGER { revoked (0), good (1) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWCSVDefResult specifies the default result of Certificate Status Verification (CSV) when both primary and secondary method failed to provide an answer." DEFVAL { revoked } ::= { tmnxIPsecGWEntry 23 } tmnxIPsecGWRadAcctgPolicy OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWRadAcctgPolicy specifies the radius accounting policy associated with this IPsec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 24 } tmnxIPsecGWRadAuthPolicy OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWRadAuthPolicy specifies the radius authentication policy associated with this IPsec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 25 } tmnxIPsecGWCertProfile OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWCertProfile specifies the certificate profile associated with this IPsec gateway. An 'inconsistentValue' error is returned when tmnxIPsecGWCertProfile is set to non-default value and tmnxIPsecGWLclX509Cert or tmnxIPsecGWLclPrivateKey is set to non-default value." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 26 } tmnxIPsecGWCertTrstAnchrProf OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWCertTrstAnchrProf specifies the name for Certificate-Authority Trust Anchor Profile name associated with this SAP IPSec gateway certificate." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 27 } tmnxIPsecGWClientDatabaseName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWClientDatabaseName specifies the name of the client database associated with this IPsec gateway. The IPsec client database is configured by tIPsecClientDatabaseTable." DEFVAL { "" } ::= { tmnxIPsecGWEntry 28 } tmnxIPsecGWClientDatabasFallback OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWClientDatabasFallback specifies whether or not this IPsec gateway falls back to the default authentication policy when the IPsec tunnel authentication request fails to match any clients in the IPsec database (i.e., tmnxIPsecGWClientDatabaseName)." DEFVAL { true } ::= { tmnxIPsecGWEntry 29 } tmnxIPsecGWMaxNumPh1SaKeys OBJECT-TYPE SYNTAX Unsigned32 (0..3) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWMaxNumPh1SaKeys specifies the maximum number of Security Association (SA) phase 1 keys, which can be saved by the system, for an IPsec tunnel associated to this gateway." DEFVAL { 0 } ::= { tmnxIPsecGWEntry 30 } tmnxIPsecGWMaxNumPh2SaKeys OBJECT-TYPE SYNTAX Unsigned32 (0..48) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWMaxNumPh2SaKeys specifies the maximum number of Security Association (SA) phase 2 keys, which can be saved by the system, for an IPsec tunnel associated to this gateway." DEFVAL { 0 } ::= { tmnxIPsecGWEntry 31 } tmnxIPsecGWSecureServiceName OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWSecureServiceName specifies the name of the default security service used by this SAP IPSec gateway. The values of tmnxIPsecGWSecureServiceName and tmnxIPsecGWSecureService must be mutually exclusive and cannot simultaneously have non-default values." DEFVAL { ''H } ::= { tmnxIPsecGWEntry 32 } tIPsecRUTnlTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecRUTnlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store dynamic IPsec Remote-User Tunnel entries." ::= { tmnxIPsecObjects 20 } tIPsecRUTnlEntry OBJECT-TYPE SYNTAX TIPsecRUTnlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single dynamic IPsec Remote-User Tunnel entry." INDEX { svcId, sapPortId, sapEncapValue, tIPsecRUTnlInetAddrType, tIPsecRUTnlInetAddress, tIPsecRUTnlPort } ::= { tIPsecRUTnlTable 1 } TIPsecRUTnlEntry ::= SEQUENCE { tIPsecRUTnlInetAddrType InetAddressType, tIPsecRUTnlInetAddress InetAddress, tIPsecRUTnlPort TTcpUdpPort, tIPsecRUTnlPrivateIpAddrType InetAddressType, tIPsecRUTnlPrivateIpAddr InetAddress, tIPsecRUTnlPrivateIpPrefixLen InetAddressPrefixLength, tIPsecRUTnlTempId TmnxIPsecTunnelTemplateId, tIPsecRUTnlIPsecSALifeTime Unsigned32, tIPsecRUTnlPfsDHGroup TmnxIkePolicyDHGroupOrZero, tIPsecRUTnlReplayWindow Unsigned32, tIPsecRUTnlPrivateSvcId TmnxServId, tIPsecRUTnlPrivateIfIndex InterfaceIndex, tIPsecRUTnlHasBiDirectionalSA TruthValue, tIPsecRUTnlHostISA TmnxHwIndexOrZero, tIPsecRUTnlMatchTrustAnchor TNamedItemOrEmpty, tIPsecRUTnlOperChanged TimeStamp, tIPsecRUTnlIkeIdType INTEGER, tIPsecRUTnlIkeIdValue DisplayString, tIPsecRUTnlPrivateIpAddr2Type InetAddressType, tIPsecRUTnlPrivateIpAddr2 InetAddress, tIPsecRUTnlPrivateIpPrefixLen2 InetAddressPrefixLength, tIPsecRUTnlInUseTsList TNamedItem, tIPsecRUTnlInUsePreSharedKey TLNamedItemOrEmpty, tIPsecRUTnlPubTcpMss Integer32, tIPsecRUTnlPrivTcpMss Integer32, tIPsecRUTnlInUseIkePolicy TmnxIkePolicyIdOrZero, tIPsecRUTnlHostEsa TmnxEsaIdOrZero, tIPsecRUTnlHostEsaVm TmnxEsaVmIdOrZero } tIPsecRUTnlInetAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUTnlInetAddrType indicates the address type of the SAP IPsec gateway to the tunnel." ::= { tIPsecRUTnlEntry 1 } tIPsecRUTnlInetAddress OBJECT-TYPE SYNTAX InetAddress (SIZE (4|16|20)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This value of tIPsecRUTnlInetAddress indicates the address of of the SAP IPsec gateway to the tunnel." ::= { tIPsecRUTnlEntry 2 } tIPsecRUTnlPort OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUTnlPort indicates the UDP port of the SAP IPsec gateway to the tunnel." ::= { tIPsecRUTnlEntry 3 } tIPsecRUTnlPrivateIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlPrivateIpAddrType indicates the address type of the private IP Address in the tunnel." ::= { tIPsecRUTnlEntry 4 } tIPsecRUTnlPrivateIpAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlPrivateIpAddr indicates the private IP address on the IPsec gateway tunnel." ::= { tIPsecRUTnlEntry 5 } tIPsecRUTnlPrivateIpPrefixLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlPrivateIpPrefixLen indicates the number of bits to match on the tIPsecRUTnlPrivateIpAddr." ::= { tIPsecRUTnlEntry 6 } tIPsecRUTnlTempId OBJECT-TYPE SYNTAX TmnxIPsecTunnelTemplateId MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlTempId indicates the id of a tunnel template entry used for the tunnel." ::= { tIPsecRUTnlEntry 7 } tIPsecRUTnlIPsecSALifeTime OBJECT-TYPE SYNTAX Unsigned32 (1200..31536000) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlIPsecSALifeTime indicates the lifetime of the phase 2 IKE key." ::= { tIPsecRUTnlEntry 8 } tIPsecRUTnlPfsDHGroup OBJECT-TYPE SYNTAX TmnxIkePolicyDHGroupOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlPfsDHGroup indicates the new Diffie-hellman key exchange each time the SA(Security Association) key is renegotiated. After the SA expires, the key is forgotten and another key is generated (if the SA remains up). This means that an attacker who cracks part of the exchange can only read the part that used the key before the key changed. There is no advantage of cracking the other parts if the attacker has already cracked one." ::= { tIPsecRUTnlEntry 9 } tIPsecRUTnlReplayWindow OBJECT-TYPE SYNTAX Unsigned32 (0 | 32 | 64 | 128 | 256 | 512) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlReplayWindow indicates the size of the anti-replay window." ::= { tIPsecRUTnlEntry 10 } tIPsecRUTnlPrivateSvcId OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlPrivateSvcId indicates the service-id of the Tunnel delivery service." ::= { tIPsecRUTnlEntry 11 } tIPsecRUTnlPrivateIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlPrivateIfIndex indicates the private interface index used by the tunnel." ::= { tIPsecRUTnlEntry 12 } tIPsecRUTnlHasBiDirectionalSA OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlHasBiDirectionalSA indicates whether this tunnel has bi-directional Security-Association entries." ::= { tIPsecRUTnlEntry 13 } tIPsecRUTnlHostISA OBJECT-TYPE SYNTAX TmnxHwIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlHostISA indicates the active ISA MDA that is being used to host this tunnel. This object will contain a nonzero value only when the tunnel is both operationally up and being hosted by an MDA. When the tunnel is being hosted by an ESA virtual machine, the host will be indicated by the tIPsecRUTnlHostEsa and tIPsecRUTnlHostEsaVm objects." ::= { tIPsecRUTnlEntry 14 } tIPsecRUTnlMatchTrustAnchor OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlMatchTrustAnchor indicates the name for matched Certificate-Authority Profile name associated with this SAP IPSec tunnel certificate." ::= { tIPsecRUTnlEntry 15 } tIPsecRUTnlOperChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlOperChanged indicates the sysUpTime at the time of the last operational status change of this entry." ::= { tIPsecRUTnlEntry 16 } tIPsecRUTnlIkeIdType OBJECT-TYPE SYNTAX INTEGER { notApplicable (0), ipv4Addr (1), fqdn (2), rfc822Addr (3), ipv6Addr (5), derAsn1Dn (9), derAsn1Gn (10), keyId (11) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlIkeIdType indicates the ID type for the IKE header used in the tunnel associated with this entry. If the tunnel is not an IKEv2 remote access tunnel, then the value of tIPsecRUTnlIkeIdType will be set to 'notApplicable', and the value of tIPsecRUTnlIkeIdValue will be an empty string." REFERENCE "RFC 5996" ::= { tIPsecRUTnlEntry 17 } tIPsecRUTnlIkeIdValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlIkeIdValue indicates the string presentation of the ID value for the IKE header used in the tunnel associated with this entry." REFERENCE "RFC 5996" ::= { tIPsecRUTnlEntry 18 } tIPsecRUTnlPrivateIpAddr2Type OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the tIPsecRUTnlPrivateIpAddr2Type indicates the address type of the second private address in the tunnel." ::= { tIPsecRUTnlEntry 19 } tIPsecRUTnlPrivateIpAddr2 OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlPrivateIpAddr2 indicates the second private address on the IPsec gateway tunnel." ::= { tIPsecRUTnlEntry 20 } tIPsecRUTnlPrivateIpPrefixLen2 OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlPrivateIpPrefixLen2 indicates the number of bits to match on the tIPsecRUTnlPrivateIpAddr2." ::= { tIPsecRUTnlEntry 21 } tIPsecRUTnlInUseTsList OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlInUseTsList indicates the traffic selector (TS) list used by this tunnel." ::= { tIPsecRUTnlEntry 22 } tIPsecRUTnlInUsePreSharedKey OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlInUsePreSharedKey indicates the pre-shared key used by this tunnel." ::= { tIPsecRUTnlEntry 23 } tIPsecRUTnlPubTcpMss OBJECT-TYPE SYNTAX Integer32 UNITS "octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlPubTcpMss indicates the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the public network to the private network." ::= { tIPsecRUTnlEntry 24 } tIPsecRUTnlPrivTcpMss OBJECT-TYPE SYNTAX Integer32 UNITS "octets" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlPrivTcpMss specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the private network to the public network." ::= { tIPsecRUTnlEntry 25 } tIPsecRUTnlInUseIkePolicy OBJECT-TYPE SYNTAX TmnxIkePolicyIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlInUseIkePolicy indicates the IKE policy identifier used by this tunnel." ::= { tIPsecRUTnlEntry 26 } tIPsecRUTnlHostEsa OBJECT-TYPE SYNTAX TmnxEsaIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlHostEsa indicates the active ESA that is being used to host this tunnel. This object will contain a nonzero value only when the tunnel is both operationally up and being hosted by an ESA virtual machine. When the tunnel is being hosted by an ISA MDA, the host will be indicated by the tIPsecRUTnlHostISA object." ::= { tIPsecRUTnlEntry 27 } tIPsecRUTnlHostEsaVm OBJECT-TYPE SYNTAX TmnxEsaVmIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlHostEsaVm indicates the active ESA virtual machine that is being used to host this tunnel. This object will contain a nonzero value only when the tunnel is both operationally up and being hosted by an ESA virtual machine. When the tunnel is being hosted by an ISA MDA, the host will be indicated by the tIPsecRUTnlHostISA object." ::= { tIPsecRUTnlEntry 28 } tIPsecRUTnlStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecRUTnlStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store IPsec Remote User Tunnel statistics" ::= { tmnxIPsecObjects 21 } tIPsecRUTnlStatsEntry OBJECT-TYPE SYNTAX TIPsecRUTnlStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Statistics for a single IPsec Remote User Tunnel." INDEX { svcId, sapPortId, sapEncapValue, tIPsecRUTnlInetAddrType, tIPsecRUTnlInetAddress, tIPsecRUTnlPort } ::= { tIPsecRUTnlStatsTable 1 } TIPsecRUTnlStatsEntry ::= SEQUENCE { tIPsecRUTnlIsakmpState INTEGER, tIPsecRUTnlIsakmpEstabTime TimeStamp, tIPsecRUTnlIsakmpNegLifeTime Unsigned32, tIPsecRUTnlNumDpdTx Counter32, tIPsecRUTnlNumDpdRx Counter32, tIPsecRUTnlNumDpdAckTx Counter32, tIPsecRUTnlNumDpdAckRx Counter32, tIPsecRUTnlNumExpRx Counter32, tIPsecRUTnlNumInvalidDpdRx Counter32, tIPsecRUTnlNumCtrlPktsTx Counter32, tIPsecRUTnlNumCtrlPktsRx Counter32, tIPsecRUTnlNumCtrlTxErrors Counter32, tIPsecRUTnlNumCtrlRxErrors Counter32, tIPsecRUTnlMatCertEntryId Integer32, tIPsecRUTnlCertProfName TNamedItemOrEmpty, tIPsecRUTnlClientDBClientId Unsigned32, tIPsecRUTnlStatsIsakmpAuthAlg TmnxAuthAlgorithm, tIPsecRUTnlStatsIsakmpEncrAlg TmnxEncrAlgorithm, tIPsecRUTnlStatsIsakmpPfsDhGrp TmnxIkePolicyDHGroupOrZero, tIPsecRUTnlStatsIkeTranPrfAlg INTEGER } tIPsecRUTnlIsakmpState OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlIsakmpState indicates the state of phase 1 IPsec negotiation." ::= { tIPsecRUTnlStatsEntry 1 } tIPsecRUTnlIsakmpEstabTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlIsakmpEstabTime indicates the sysUpTime at the time the IPsec phase 1 negotiation completed." ::= { tIPsecRUTnlStatsEntry 2 } tIPsecRUTnlIsakmpNegLifeTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlIsakmpNegLifeTime indicates the lifetime negotiated for phase1 IKE key." ::= { tIPsecRUTnlStatsEntry 3 } tIPsecRUTnlNumDpdTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlNumDpdTx indicates the number of Dead-Peer-Detection packets transmitted." ::= { tIPsecRUTnlStatsEntry 4 } tIPsecRUTnlNumDpdRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlNumDpdRx indicates the number of Dead-Peer-Detection packets received." ::= { tIPsecRUTnlStatsEntry 5 } tIPsecRUTnlNumDpdAckTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlNumDpdAckTx indicates the number of Dead-Peer-Detection acknowledgement packets transmitted." ::= { tIPsecRUTnlStatsEntry 6 } tIPsecRUTnlNumDpdAckRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlNumDpdAckRx indicates the number of Dead-Peer-Detection acknowledgement packets received." ::= { tIPsecRUTnlStatsEntry 7 } tIPsecRUTnlNumExpRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlNumExpRx indicates the number of DPD R-U-THERE packets that have not been acknowledged." ::= { tIPsecRUTnlStatsEntry 8 } tIPsecRUTnlNumInvalidDpdRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlNumInvalidDpdRx indicates the number of malformed DPD R-U-THERE acknowledgement packets received." ::= { tIPsecRUTnlStatsEntry 9 } tIPsecRUTnlNumCtrlPktsTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlNumCtrlPktsTx indicates the number of control packets this IPsec Tunnel has sent." ::= { tIPsecRUTnlStatsEntry 10 } tIPsecRUTnlNumCtrlPktsRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlNumCtrlPktsRx indicates the number of control packets this IPsec Tunnel has received." ::= { tIPsecRUTnlStatsEntry 11 } tIPsecRUTnlNumCtrlTxErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlNumCtrlTxErrors indicates the number of control packet transmit errors." ::= { tIPsecRUTnlStatsEntry 12 } tIPsecRUTnlNumCtrlRxErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlNumCtrlRxErrors indicates the number of control packet receive errors." ::= { tIPsecRUTnlStatsEntry 13 } tIPsecRUTnlMatCertEntryId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlMatCertEntryId indicates the matching certificate profile entry id used for this tunnel." ::= { tIPsecRUTnlStatsEntry 14 } tIPsecRUTnlCertProfName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlCertProfName indicates a specific IPsec tunnel certificate profile name used for this tunnel." ::= { tIPsecRUTnlStatsEntry 15 } tIPsecRUTnlClientDBClientId OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..8000) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlClientDBClientId indicates the client ID that was matched for this tunnel in the IPsec client database. The value of zero indicates that no IPsec database client was matched for this tunnel." ::= { tIPsecRUTnlStatsEntry 17 } tIPsecRUTnlStatsIsakmpAuthAlg OBJECT-TYPE SYNTAX TmnxAuthAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlStatsIsakmpAuthAlg indicates the authentication algorithm of the IPsec phase 1 negotiation for this IPsec tunnel." ::= { tIPsecRUTnlStatsEntry 18 } tIPsecRUTnlStatsIsakmpEncrAlg OBJECT-TYPE SYNTAX TmnxEncrAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlStatsIsakmpEncrAlg indicates the encryption algorithm of the IPsec phase 1 negotiation for this IPsec tunnel." ::= { tIPsecRUTnlStatsEntry 19 } tIPsecRUTnlStatsIsakmpPfsDhGrp OBJECT-TYPE SYNTAX TmnxIkePolicyDHGroupOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlStatsIsakmpPfsDhGrp indicates the Diffie-Hellman (DH) group of the IPsec phase 1 negotiation for this IPsec tunnel. The Diffie-Hellman (DH) group is used by the IPsec tunnel to achieve Perfect Forward Secrecy (PFS)." ::= { tIPsecRUTnlStatsEntry 20 } tIPsecRUTnlStatsIkeTranPrfAlg OBJECT-TYPE SYNTAX INTEGER { md5 (2), sha1 (3), sha256 (4), sha384 (5), sha512 (6), aesXcbc (7), sameAsAuth (8) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlStatsIkeTranPrfAlg specifies the pseudo-random function (PRF)." ::= { tIPsecRUTnlStatsEntry 21 } tIPsecRUSATable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecRUSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IPsec remote-user dynamic SA entries." ::= { tmnxIPsecObjects 22 } tIPsecRUSAEntry OBJECT-TYPE SYNTAX TIPsecRUSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec remote-user SA entry." INDEX { svcId, sapPortId, sapEncapValue, tIPsecRUTnlInetAddrType, tIPsecRUTnlInetAddress, tIPsecRUTnlPort, tIPsecRUSAId, tIPsecRUSADirection, tIPsecRUSAIndex } ::= { tIPsecRUSATable 1 } TIPsecRUSAEntry ::= SEQUENCE { tIPsecRUSAId Unsigned32, tIPsecRUSAIndex Unsigned32, tIPsecRUSADirection TmnxIPsecDirection, tIPsecRUSAEncryptionKey OCTET STRING, tIPsecRUSAAuthenticationKey OCTET STRING, tIPsecRUSASpi Unsigned32, tIPsecRUSAAuthAlgorithm TmnxAuthAlgorithm, tIPsecRUSAEncrAlgorithm TmnxEncrAlgorithm, tIPsecRUSAEstablishedTime TimeStamp, tIPsecRUSANegotiatedLifeTime Unsigned32, tIPsecRUSALclAddrType InetAddressType, tIPsecRUSALclAddr InetAddress, tIPsecRUSALclAPrefLen InetAddressPrefixLength, tIPsecRUSARemAddrType InetAddressType, tIPsecRUSARemAddr InetAddress, tIPsecRUSARemAPrefLen InetAddressPrefixLength } tIPsecRUSAId OBJECT-TYPE SYNTAX Unsigned32 (1..16) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSAId indicates the id of an SA entry and is part of the index for the tIPsecRUSATable." ::= { tIPsecRUSAEntry 1 } tIPsecRUSAIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSAIndex indicates an additional index to uniquely identify the SA entry in the tIPsecRUSATable." ::= { tIPsecRUSAEntry 2 } tIPsecRUSADirection OBJECT-TYPE SYNTAX TmnxIPsecDirection MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSADirection indicates the direction on the IPsec Tunnel to which this SA entry can be applied. The value of tIPsecRUSADirection is also part of the index for the table tIPsecRUSATable" ::= { tIPsecRUSAEntry 3 } tIPsecRUSAEncryptionKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAEncryptionKey indicates the key used for the encryption algorithm defined by the tIPsecRUSAEncrAlgorithm in the IPsec transform." ::= { tIPsecRUSAEntry 4 } tIPsecRUSAAuthenticationKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..64)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAAuthenticationKey indicates the key used for the authentication algorithm defined by the tIPsecRUSAAuthAlgorithm in the IPsec transform." ::= { tIPsecRUSAEntry 5 } tIPsecRUSASpi OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSASpi indicates the SPI (Security Parameter Index) used to lookup the instruction to verify and decrypt the incoming IPsec packets when the value of tIPsecRUSADirection is 'inbound'." ::= { tIPsecRUSAEntry 6 } tIPsecRUSAAuthAlgorithm OBJECT-TYPE SYNTAX TmnxAuthAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAAuthAlgorithm indicates the authentication algorithm used with this SA." ::= { tIPsecRUSAEntry 7 } tIPsecRUSAEncrAlgorithm OBJECT-TYPE SYNTAX TmnxEncrAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAEncrAlgorithm indicates the encryption algorithm used with this SA." ::= { tIPsecRUSAEntry 8 } tIPsecRUSAEstablishedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAEstablishedTime indicates the sysUpTime at the time the IPsec phase 2 negotiation completed." ::= { tIPsecRUSAEntry 9 } tIPsecRUSANegotiatedLifeTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSANegotiatedLifeTime indicates the lifetime negotiated for phase2 IKE key." ::= { tIPsecRUSAEntry 10 } tIPsecRUSALclAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tIPsecRUSALclAddrType indicates the address type of address in tIPsecRUSALclAddr." ::= { tIPsecRUSAEntry 11 } tIPsecRUSALclAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tIPsecRUSALclAddr indicates the IP address on the vpn side." ::= { tIPsecRUSAEntry 12 } tIPsecRUSALclAPrefLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tIPsecRUSALclAPrefLen indicates the number of bits to match of the tIPsecRUSALclAddr." ::= { tIPsecRUSAEntry 13 } tIPsecRUSARemAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tIPsecRUSARemAddrType indicates the address type of address in tIPsecRUSARemAddr." ::= { tIPsecRUSAEntry 14 } tIPsecRUSARemAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tIPsecRUSARemAddr indicates the IP address on the tunnel side." ::= { tIPsecRUSAEntry 15 } tIPsecRUSARemAPrefLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tIPsecRUSARemAPrefLen indicates the number of bits to match of the tIPsecRUSARemAddr." ::= { tIPsecRUSAEntry 16 } tIPsecRUSAStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecRUSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to retrieve the IPsec Remote-User SA Statistics entries." ::= { tmnxIPsecObjects 23 } tIPsecRUSAStatsEntry OBJECT-TYPE SYNTAX TIPsecRUSAStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec Remote-User SA Statistics entry." INDEX { svcId, sapPortId, sapEncapValue, tIPsecRUTnlInetAddrType, tIPsecRUTnlInetAddress, tIPsecRUTnlPort, tIPsecRUSAId, tIPsecRUSADirection, tIPsecRUSAIndex } ::= { tIPsecRUSAStatsTable 1 } TIPsecRUSAStatsEntry ::= SEQUENCE { tIPsecRUSAStatsBytesProcessed Counter64, tIPsecRUSAStatsBytesProcLow32 Counter32, tIPsecRUSAStatsBytesProcHigh32 Counter32, tIPsecRUSAStatsPktsProcessed Counter64, tIPsecRUSAStatsPktsProcLow32 Counter32, tIPsecRUSAStatsPktsProcHigh32 Counter32, tIPsecRUSAStatsCryptoErrors Counter32, tIPsecRUSAStatsReplayErrors Counter32, tIPsecRUSAStatsSAErrors Counter32, tIPsecRUSAStatsPolicyErrors Counter32, tIPsecRUSAStatsEncapOverhead Counter32, tIPsecRUSAStatsPreEncapFragCnt Counter64, tIPsecRUSAStatsPreEncapFragLtSz Unsigned32, tIPsecRUSAStatsPostEncapFragCnt Counter64, tIPsecRUSAStatsPostEncapFragLtSz Unsigned32, tIPsecRUSAStatsPfsDhGroup TmnxIkePolicyDHGroupOrZero, tIPsecRUSAStatsMulticastIfName TNamedItemOrEmpty, tIPsecRUSAStatsMulticastProt TIPsecMulticastProtocol } tIPsecRUSAStatsBytesProcessed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsBytesProcessed indicates the number of bytes successfully processed for this SA." ::= { tIPsecRUSAStatsEntry 1 } tIPsecRUSAStatsBytesProcLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsBytesProcLow32 indicates the lower 32 bits of the value of tIPsecRUSAStatsBytesProcessed." ::= { tIPsecRUSAStatsEntry 2 } tIPsecRUSAStatsBytesProcHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsBytesProcHigh32 indicates the higher 32 bits of the value of tIPsecRUSAStatsBytesProcessed." ::= { tIPsecRUSAStatsEntry 3 } tIPsecRUSAStatsPktsProcessed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsPktsProcessed indicates the number of packets successfully processed for this SA." ::= { tIPsecRUSAStatsEntry 4 } tIPsecRUSAStatsPktsProcLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsPktsProcLow32 indicates the lower 32 bits of the value of tIPsecRUSAStatsPktsProcessed." ::= { tIPsecRUSAStatsEntry 5 } tIPsecRUSAStatsPktsProcHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsPktsProcHigh32 indicates the higher 32 bits of the value of tIPsecRUSAStatsPktsProcessed." ::= { tIPsecRUSAStatsEntry 6 } tIPsecRUSAStatsCryptoErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsCryptoErrors indicates the number of crypto errors encountered on this SA. When the value of tIPsecRUSADirection is 'inbound (1)', the tIPsecRUSAStatsCryptoErrors will be set for the following errors: MAC miscompare Pad errors Illegal configure algorithm Illegal authentication algorithm Inner IP checksum errors Payload alignment errors Sequence number errors Protocol errors When the value of tIPsecRUSADirection is 'outbound (2)', the tIPsecRUSAStatsCryptoErrors will be set for the following errors: Sequence wrap errors Illegal configure algorithm Illegal authentication algorithm Expanded packet too big TTL decrement errors" ::= { tIPsecRUSAStatsEntry 7 } tIPsecRUSAStatsReplayErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsReplayErrors indicates the number of replay errors encountered on this SA." ::= { tIPsecRUSAStatsEntry 8 } tIPsecRUSAStatsSAErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsSAErrors indicates the number of SA errors encountered on this SA. The SA errors means ISA tried to use a CHILD SA that is marked for deletion." ::= { tIPsecRUSAStatsEntry 9 } tIPsecRUSAStatsPolicyErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsPolicyErrors indicates the number of policy errors encountered on this SA. The policy errors include bundled SA, selector check and policy direction error." ::= { tIPsecRUSAStatsEntry 10 } tIPsecRUSAStatsEncapOverhead OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsEncapOverhead indicates the encapsulation overhead for this outbound SA. This value is only significant when the value of tIPsecRUSADirection is 'outbound'." ::= { tIPsecRUSAStatsEntry 11 } tIPsecRUSAStatsPreEncapFragCnt OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsPreEncapFragCnt indicates the number of fragmentations that occurred prior to encapsulation for this outbound SA. Pre-encapsulation fragmentation occurs for IPv4 packets whose size exceeds tIPsecTnlTempIpMtu. This value is only significant when the value of tIPsecRUSADirection is 'outbound'." ::= { tIPsecRUSAStatsEntry 12 } tIPsecRUSAStatsPreEncapFragLtSz OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsPreEncapFragLtSz indicates the size of the last packet which caused a pre-encapsulation fragmentation to occur for this SA. This value is only significant when the value of tIPsecRUSADirection is 'outbound'." ::= { tIPsecRUSAStatsEntry 13 } tIPsecRUSAStatsPostEncapFragCnt OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsPostEncapFragCnt indicates the number of fragmentations that occurred after encapsulation for this SA. Post-encapsulation fragmentation occurs when the encapsulated packet size exceeds tIPsecTnlTempEncapIpMtu. This value is only significant when the value of tIPsecRUSADirection is 'outbound'." ::= { tIPsecRUSAStatsEntry 14 } tIPsecRUSAStatsPostEncapFragLtSz OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsPostEncapFragLtSz indicates the size of the last encapsulated packet which caused a post-encapsulation fragmentation to occur for this SA. This value is only significant when the value of tIPsecRUSADirection is 'outbound'." ::= { tIPsecRUSAStatsEntry 15 } tIPsecRUSAStatsPfsDhGroup OBJECT-TYPE SYNTAX TmnxIkePolicyDHGroupOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsPfsDhGroup indicates the Diffie-Hellman (DH) group used with this SA." ::= { tIPsecRUSAStatsEntry 17 } tIPsecRUSAStatsMulticastIfName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsMulticastIfName indicates the multicast interface name associated with this SA. This value is only significant when the value of tIPsecRUSADirection is 'outbound (2)'." ::= { tIPsecRUSAStatsEntry 18 } tIPsecRUSAStatsMulticastProt OBJECT-TYPE SYNTAX TIPsecMulticastProtocol MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSAStatsMulticastProt indicates the supported protocol types of the multicast interface associated to this SA. This value is only significant when the value of tIPsecRUSADirection is 'outbound (2)'." ::= { tIPsecRUSAStatsEntry 19 } tmnxIPsecTunnelCountObjs OBJECT IDENTIFIER ::= { tmnxIPsecObjects 24 } tmnxIPsecPskTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecPskTunnels indicates the number of total IPSec tunnels." ::= { tmnxIPsecTunnelCountObjs 1 } tmnxIPsecGWPskTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWPskTunnels indicates the number of IPSec gateway tunnels with tmnxIkePolicyAuthMethod set to 'psk'." ::= { tmnxIPsecTunnelCountObjs 2 } tmnxIPsecGWPskXAuthTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWPskXAuthTunnels indicates the number of IPSec gateway tunnels with tmnxIkePolicyAuthMethod set to 'plainPskXAuth'." ::= { tmnxIPsecTunnelCountObjs 3 } tmnxIPsecGWCertTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWCertTunnels indicates the number of IPSec gateway tunnels with tmnxIkePolicyAuthMethod set to 'cert'." ::= { tmnxIPsecTunnelCountObjs 4 } tmnxIPsecGWPskRadiusTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWPskRadiusTunnels indicates the number of IPSec gateway tunnels with tmnxIkePolicyAuthMethod set to 'psk-radius'." ::= { tmnxIPsecTunnelCountObjs 5 } tmnxIPsecGWCertRadiusTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWCertRadiusTunnels indicates the number of IPSec gateway tunnels with tmnxIkePolicyAuthMethod set to 'cert-radius'." ::= { tmnxIPsecTunnelCountObjs 6 } tmnxIPsecGWEapTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWEapTunnels indicates the number of IPSec gateway tunnels with tmnxIkePolicyAuthMethod set to 'eap'." ::= { tmnxIPsecTunnelCountObjs 7 } tmnxIPsecGWAutoEapRadiusTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWAutoEapRadiusTunnels indicates the number of IPsec gateway tunnels with tmnxIkePolicyAuthMethod set to 'autoEapRadius'." ::= { tmnxIPsecTunnelCountObjs 8 } tmnxIPsecGWAutoEapTunnels OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWAutoEapTunnels indicates the number of IPsec gateway tunnels with tmnxIkePolicyAuthMethod set to 'autoEap'." ::= { tmnxIPsecTunnelCountObjs 9 } tmnxIPsecTunnelBfdTableLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelBfdTableLastChgd indicates the sysUpTime at the time of the last modification to tmnxIPsecTunnelBfdTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value. This object has been marked obsolete in SROS Release 16.0. The functionality of this object is replaced by tmnxIPsecTnlBfdSessTableLChg." ::= { tmnxIPsecObjects 25 } tmnxIPsecTunnelBfdTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecTunnelBfdEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Table to store the IPsec Tunnel BFD session entries. This table has been marked obsolete in SROS Release 16.0. The functionality of this object is replaced by tmnxIPsecTnlBfdSessTable and tmnxIPsecTnlBfdSessStatTable." ::= { tmnxIPsecObjects 26 } tmnxIPsecTunnelBfdEntry OBJECT-TYPE SYNTAX TmnxIPsecTunnelBfdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec Tunnel BFD session entry." INDEX { svcId, sapPortId, sapEncapValue, tmnxIPsecTunnelName, tmnxIPsecTunnelBfdSvcId, tmnxIPsecTunnelBfdIfName, tmnxIPsecTunnelBfdDstAddrType, tmnxIPsecTunnelBfdDstAddr } ::= { tmnxIPsecTunnelBfdTable 1 } TmnxIPsecTunnelBfdEntry ::= SEQUENCE { tmnxIPsecTunnelBfdSvcId TmnxServId, tmnxIPsecTunnelBfdIfName TNamedItem, tmnxIPsecTunnelBfdDstAddrType InetAddressType, tmnxIPsecTunnelBfdDstAddr InetAddress, tmnxIPsecTunnelBfdRowStatus RowStatus, tmnxIPsecTunnelBfdLastChanged TimeStamp, tmnxIPsecTunnelBfdSrcAddrType InetAddressType, tmnxIPsecTunnelBfdSrcAddr InetAddress, tmnxIPsecTunnelBfdSessOperState TmnxBfdSessOperState } tmnxIPsecTunnelBfdSvcId OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelBfdSvcId specifies the service-id of the interface running BFD. This object has been marked obsolete in SROS Release 16.0. The functionality of this object is replaced by tmnxIPsecTnlBfdSessSvcId." ::= { tmnxIPsecTunnelBfdEntry 1 } tmnxIPsecTunnelBfdIfName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelBfdIfName specifies the IPSec interface used by the BFD session. This object has been marked obsolete in SROS Release 16.0. The functionality of this object is replaced by tmnxIPsecTnlBfdSessIfName." ::= { tmnxIPsecTunnelBfdEntry 2 } tmnxIPsecTunnelBfdDstAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelBfdDstAddrType specifies the address type of address in tmnxIPsecTunnelBfdDstAddr. This object has been marked obsolete in SROS Release 16.0. The functionality of this object is replaced by tmnxIPsecTnlBfdSessDstAddrT." ::= { tmnxIPsecTunnelBfdEntry 3 } tmnxIPsecTunnelBfdDstAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (4|16|20)) MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelBfdDstAddr specifies the destination ipaddress to be used for the BFD session. This object has been marked obsolete in SROS Release 16.0. The functionality of this object is replaced by tmnxIPsecTnlBfdSessDstAddr." ::= { tmnxIPsecTunnelBfdEntry 4 } tmnxIPsecTunnelBfdRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The tmnxIPsecTunnelBfdRowStatus object is used to create and delete rows in the tmnxIPsecTunnelBfdTable. This object has been marked obsolete in SROS Release 16.0. The functionality of this object is replaced by tmnxIPsecTnlBfdSessRowStatus." ::= { tmnxIPsecTunnelBfdEntry 5 } tmnxIPsecTunnelBfdLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelBfdLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value. This object has been marked obsolete in SROS Release 16.0. There is no replacement for this object." ::= { tmnxIPsecTunnelBfdEntry 6 } tmnxIPsecTunnelBfdSrcAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelBfdSrcAddrType indicates the address type of tmnxIPsecTunnelBfdSrcAddr object. This object has been marked obsolete in SROS Release 16.0. The functionality of this object is replaced by tmnxIPsecTnlBfdSessStatSrcAddrT." ::= { tmnxIPsecTunnelBfdEntry 7 } tmnxIPsecTunnelBfdSrcAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelBfdSrcAddr indicates the source IP address on the interface running BFD. This object has been marked obsolete in SROS Release 16.0. The functionality of this object is replaced by tmnxIPsecTnlBfdSessStatSrcAddr." ::= { tmnxIPsecTunnelBfdEntry 8 } tmnxIPsecTunnelBfdSessOperState OBJECT-TYPE SYNTAX TmnxBfdSessOperState MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The value of tmnxIPsecTunnelBfdSessOperState indicates the operational state of the BFD session the IPsec tunnel is relying upon for its fast triggering mechanism. This object has been marked obsolete in SROS Release 16.0. The functionality of this object is replaced by tmnxIPsecTnlBfdSessStatOperState." ::= { tmnxIPsecTunnelBfdEntry 9 } tIPsecRadAuthPlcyTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRadAuthPlcyTblLastChgd indicates the sysUpTime at the time of the last modification to tIPsecRadAuthPlcyTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 27 } tIPsecRadAuthPlcyTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecRadAuthPlcyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecRadAuthPlcyTable allows configuration of IPsec Radius authentication policy parameters." ::= { tmnxIPsecObjects 28 } tIPsecRadAuthPlcyEntry OBJECT-TYPE SYNTAX TIPsecRadAuthPlcyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tIPsecRadAuthPlcyEntry is an entry (conceptual row) in the tIPsecRadAuthPlcyTable. Each entry represents the configuration for a RADIUS authentication policy. Entries in this table can be created and deleted via SNMP SET operations to tIPsecRadAuthPlcyRowStatus. Entries have a presumed StorageType of nonVolatile." INDEX { tIPsecRadAuthPlcyName } ::= { tIPsecRadAuthPlcyTable 1 } TIPsecRadAuthPlcyEntry ::= SEQUENCE { tIPsecRadAuthPlcyName TNamedItem, tIPsecRadAuthPlcyRowStatus RowStatus, tIPsecRadAuthPlcyLastMgmtChange TimeStamp, tIPsecRadAuthPlcyInclAttr BITS, tIPsecRadAuthPlcyRadSrvPlcy TNamedItemOrEmpty, tIPsecRadAuthPlcyPassword DisplayString } tIPsecRadAuthPlcyName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRadAuthPlcyName specifies a specific IPsec RADIUS authentication policy." ::= { tIPsecRadAuthPlcyEntry 1 } tIPsecRadAuthPlcyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecRadAuthPlcyRowStatus controls the creation and deletion of rows in the table." ::= { tIPsecRadAuthPlcyEntry 2 } tIPsecRadAuthPlcyLastMgmtChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRadAuthPlcyLastMgmtChange indicates the sysUpTime at the time of the most recent management-initiated change to this Policy." ::= { tIPsecRadAuthPlcyEntry 3 } tIPsecRadAuthPlcyInclAttr OBJECT-TYPE SYNTAX BITS { callingStationId (0), calledStationId (1), nasPortId (2), nasIdentifier (3), nasIpAddr (4), certSubjectKeyId (5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecRadAuthPlcyInclAttr specifies what RADIUS attributes the system should include into RADIUS access-request messages. When the 'certSubjectKeyId (5)' bit value is configured, the system extracts the Subject Key Identifier (SKID) from the peer certificate and adds it as a Vendor-Specific Attribute (VSA) in the RADIUS access-request. If this field is configured and the peer certificate does not contain a SKID extension, the system will send an empty VSA in the RADIUS access-request. If the SKID length exceeds 247 bytes, the system will use the least significant 247 bytes of the SKID." REFERENCE "RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile', IETF, May 2008, section 4.2.1.2, 'Subject Key Identifier'." DEFVAL { {} } ::= { tIPsecRadAuthPlcyEntry 4 } tIPsecRadAuthPlcyRadSrvPlcy OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecRadAuthPlcyRadSrvPlcy specifies the RADIUS server policy as defined in TIMETRA-RADIUS-MIB::tmnxRadSrvPlcyTable to be applied in this IPsec RADIUS authentication policy." DEFVAL { "" } ::= { tIPsecRadAuthPlcyEntry 5 } tIPsecRadAuthPlcyPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecRadAuthPlcyPassword specifies the default password to be used in access-request messages to the RADIUS server. An empty string is returned on SNMP GET requests." DEFVAL { "" } ::= { tIPsecRadAuthPlcyEntry 6 } tIPsecRadAcctPlcyTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRadAcctPlcyTblLastChgd indicates the sysUpTime at the time of the last modification to tIPsecRadAcctPlcyTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 29 } tIPsecRadAcctPlcyTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecRadAcctPlcyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecRadAcctPlcyTable allows configuration of IPsec Radius accounting policy parameters." ::= { tmnxIPsecObjects 30 } tIPsecRadAcctPlcyEntry OBJECT-TYPE SYNTAX TIPsecRadAcctPlcyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tIPsecRadAcctPlcyEntry is an entry (conceptual row) in the tIPsecRadAcctPlcyTable. Each entry represents the configuration for a RADIUS accounting policy. Entries in this table can be created and deleted via SNMP SET operations to tIPsecRadAcctPlcyRowStatus. Entries have a presumed StorageType of nonVolatile." INDEX { tIPsecRadAcctPlcyName } ::= { tIPsecRadAcctPlcyTable 1 } TIPsecRadAcctPlcyEntry ::= SEQUENCE { tIPsecRadAcctPlcyName TNamedItem, tIPsecRadAcctPlcyRowStatus RowStatus, tIPsecRadAcctPlcyLastMgmtChange TimeStamp, tIPsecRadAcctPlcyInclAttr BITS, tIPsecRadAcctPlcyRadSrvPlcy TNamedItemOrEmpty, tIPsecRadAcctPlcyUpdateInterval Unsigned32, tIPsecRadAcctPlcyJitter Integer32 } tIPsecRadAcctPlcyName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRadAcctPlcyName specifies a specific IPsec RADIUS accounting policy." ::= { tIPsecRadAcctPlcyEntry 1 } tIPsecRadAcctPlcyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecRadAcctPlcyRowStatus controls the creation and deletion of rows in the table." ::= { tIPsecRadAcctPlcyEntry 2 } tIPsecRadAcctPlcyLastMgmtChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRadAcctPlcyLastMgmtChange indicates the sysUpTime at the time of the most recent management-initiated change to this Policy." ::= { tIPsecRadAcctPlcyEntry 3 } tIPsecRadAcctPlcyInclAttr OBJECT-TYPE SYNTAX BITS { callingStationId (0), calledStationId (1), nasPortId (2), nasIdentifier (3), nasIpAddr (4), framedIpAddr (5), framedIpv6Prefix (6), acctStats (7) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecRadAcctPlcyInclAttr specifies what RADIUS attributes the system should include into RADIUS access-request messages." DEFVAL { {} } ::= { tIPsecRadAcctPlcyEntry 4 } tIPsecRadAcctPlcyRadSrvPlcy OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecRadAcctPlcyRadSrvPlcy specifies the RADIUS server policy as defined in TIMETRA-RADIUS-MIB::tmnxRadSrvPlcyTable to be applied in this IPsec RADIUS accounting policy." DEFVAL { "" } ::= { tIPsecRadAcctPlcyEntry 5 } tIPsecRadAcctPlcyUpdateInterval OBJECT-TYPE SYNTAX Unsigned32 (0 | 5..259200) UNITS "minutes" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecRadAcctPlcyUpdateInterval specifies the update interval of the accounting data of the IPsec RADIUS accounting policy. A value of 0 specifies that no intermediate updates will be sent." DEFVAL { 10 } ::= { tIPsecRadAcctPlcyEntry 6 } tIPsecRadAcctPlcyJitter OBJECT-TYPE SYNTAX Integer32 (-1 | 0..3600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecRadAcctPlcyJitter specifies the amount of jitter to be applied on the update interval which is configured in tIPsecRadAcctPlcyUpdateInterval. A value between 0..3600 specifies the amount of jitter in seconds. A value of -1 indicates that tIPsecRadAcctPlcyJitter is not configured and its value is treated as 10% of the configured value of the update interval." DEFVAL { -1 } ::= { tIPsecRadAcctPlcyEntry 7 } tmnxIPsecTnlDstAddrTblLastChngd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlDstAddrTblLastChngd indicates the sysUpTime at the time of the last modification to tmnxIPsecTnlDstAddrTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 31 } tmnxIPsecTnlDstAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecTnlDstAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecTnlDstAddrTable contains destination addresses for each IPSec tunnel in the system. Entries are created and deleted by the user." ::= { tmnxIPsecObjects 32 } tmnxIPsecTnlDstAddrEntry OBJECT-TYPE SYNTAX TmnxIPsecTnlDstAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecTnlDstAddrEntry contains information about a single destination address in an IPSec Tunnel." INDEX { svcId, sapPortId, sapEncapValue, tmnxIPsecTunnelName, tmnxIPsecTnlDstAddrType, tmnxIPsecTnlDstAddr } ::= { tmnxIPsecTnlDstAddrTable 1 } TmnxIPsecTnlDstAddrEntry ::= SEQUENCE { tmnxIPsecTnlDstAddrType InetAddressType, tmnxIPsecTnlDstAddr InetAddress, tmnxIPsecTnlDstAddrRowStatus RowStatus, tmnxIPsecTnlDstAddrLastChanged TimeStamp, tmnxIPsecTnlDstAddrResolved TruthValue } tmnxIPsecTnlDstAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecTnlDstAddrType specifies the address type of address in tmnxIPsecTnlDstAddr." ::= { tmnxIPsecTnlDstAddrEntry 1 } tmnxIPsecTnlDstAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (4|16|20)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecTnlDstAddr specifies the address of the destination of this IPSec tunnel." ::= { tmnxIPsecTnlDstAddrEntry 2 } tmnxIPsecTnlDstAddrRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxIPsecTnlDstAddrRowStatus object is used to create and delete rows in the tmnxIPsecTnlDstAddrTable." ::= { tmnxIPsecTnlDstAddrEntry 3 } tmnxIPsecTnlDstAddrLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlDstAddrLastChanged indicates the sysUpTime at the time of the last modification of this entry." ::= { tmnxIPsecTnlDstAddrEntry 4 } tmnxIPsecTnlDstAddrResolved OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlDstAddrResolved indicates whether or not this IPsec tunnel destination address has been resolved as reachable by the virtual router" ::= { tmnxIPsecTnlDstAddrEntry 5 } tIPsecCertProfileTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecCertProfileTblLastChgd indicates the sysUpTime at the time of the last modification to tIPsecCertProfileTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 33 } tIPsecCertProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecCertProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecCertProfileTable allows configuration of IPsec certificate profile parameters." ::= { tmnxIPsecObjects 34 } tIPsecCertProfileEntry OBJECT-TYPE SYNTAX TIPsecCertProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecCertProfileEntry is an entry (conceptual row) in the tIPsecCertProfileTable. Each entry represents the configuration for a certificate profile. Entries in this table can be created and deleted via SNMP SET operations to tIPsecCertProfileRowStatus. Entries have a presumed StorageType of nonVolatile." INDEX { tIPsecCertProfileName } ::= { tIPsecCertProfileTable 1 } TIPsecCertProfileEntry ::= SEQUENCE { tIPsecCertProfileName TNamedItem, tIPsecCertProfileRowStatus RowStatus, tIPsecCertProfileLastChgd TimeStamp, tIPsecCertProfileAdminState TmnxAdminState, tIPsecCertProfileOperState TmnxOperState, tIPsecCertProfileOperFlags BITS } tIPsecCertProfileName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecCertProfileName specifies a specific IPsec certificate profile name." ::= { tIPsecCertProfileEntry 1 } tIPsecCertProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecCertProfileRowStatus controls the creation and deletion of rows in the table." ::= { tIPsecCertProfileEntry 2 } tIPsecCertProfileLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecCertProfileLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tIPsecCertProfileEntry 3 } tIPsecCertProfileAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecCertProfileAdminState specifies the administrative state of the tIPsecCertProfileEntry." DEFVAL { outOfService } ::= { tIPsecCertProfileEntry 4 } tIPsecCertProfileOperState OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecCertProfileOperState indicates the operational status of tIPsecCertProfileEntry." ::= { tIPsecCertProfileEntry 5 } tIPsecCertProfileOperFlags OBJECT-TYPE SYNTAX BITS { profileAdminDown (0), invalidCertFile (1), invalidKeyFile (2), invalidCertKeyCombo (3), caProfileOperDown (4), invalidCAProfEntry (5) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecCertProfileOperFlags indicates the operational condition of the certificate profile which is aggregated from all its configured entries." ::= { tIPsecCertProfileEntry 6 } tIPsecCertProfEntryIdTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecCertProfEntryIdTblLastChgd indicates the sysUpTime at the time of the last modification to tIPsecCertProfEntryIdTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 35 } tIPsecCertProfEntryIdTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecCertProfEntryIdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecCertProfEntryIdTable allows configuration of IPsec certificate profile entry parameters." ::= { tmnxIPsecObjects 36 } tIPsecCertProfEntryIdEntry OBJECT-TYPE SYNTAX TIPsecCertProfEntryIdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecCertProfEntryIdEntry is an entry (conceptual row) in the tIPsecCertProfEntryIdTable. Each entry represents the configuration for a certificate profile entry. Entries in this table can be created and deleted via SNMP SET operations to tIPsecCertProfEntryIdRowStatus. Entries have a presumed StorageType of nonVolatile." INDEX { tIPsecCertProfileName, tIPsecCertProfEntryId } ::= { tIPsecCertProfEntryIdTable 1 } TIPsecCertProfEntryIdEntry ::= SEQUENCE { tIPsecCertProfEntryId Integer32, tIPsecCertProfEntryIdRowStatus RowStatus, tIPsecCertProfEntryIdLastChgd TimeStamp, tIPsecCertProfEntryIdCertFile DisplayString, tIPsecCertProfEntryIdKeyFile DisplayString, tIPsecCertProfEntryIdCompChain INTEGER, tIPsecCertProfEntryIdOperFlags BITS, tIPsecCertProfEntryIdRsaSign INTEGER } tIPsecCertProfEntryId OBJECT-TYPE SYNTAX Integer32 (1..8) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecCertProfEntryId specifies a specific IPsec certificate profile entry identifier." ::= { tIPsecCertProfEntryIdEntry 1 } tIPsecCertProfEntryIdRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecCertProfEntryIdRowStatus controls the creation and deletion of rows in the table." ::= { tIPsecCertProfEntryIdEntry 2 } tIPsecCertProfEntryIdLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecCertProfEntryIdLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tIPsecCertProfEntryIdEntry 3 } tIPsecCertProfEntryIdCertFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..95)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecCertProfEntryIdCertFile specifies the file URL of the certificate to be used with this IPSEC certificate profile entry." DEFVAL { ''H } ::= { tIPsecCertProfEntryIdEntry 4 } tIPsecCertProfEntryIdKeyFile OBJECT-TYPE SYNTAX DisplayString (SIZE (0..95)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecCertProfEntryIdKeyFile specifies the key-pair file to be used for X.509 certificate authentication with this IPSEC certificate profile entry." DEFVAL { ''H } ::= { tIPsecCertProfEntryIdEntry 5 } tIPsecCertProfEntryIdCompChain OBJECT-TYPE SYNTAX INTEGER { notAvailable (0), partial (1), complete (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecCertProfEntryIdCompChain indicates the status of computed chain for this IPSEC certificate profile entry." ::= { tIPsecCertProfEntryIdEntry 6 } tIPsecCertProfEntryIdOperFlags OBJECT-TYPE SYNTAX BITS { profileAdminDown (0), invalidCertFile (1), invalidKeyFile (2), invalidCertKeyCombo (3), caProfileOperDown (4), invalidCAProfEntry (5) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecCertProfEntryIdOperFlags indicates the operational condition of this certificate profile entry." ::= { tIPsecCertProfEntryIdEntry 7 } tIPsecCertProfEntryIdRsaSign OBJECT-TYPE SYNTAX INTEGER { pkcs1 (1), pss (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecCertProfEntryIdRsaSign specifies the signature algorithm used by this certificate profile entry. pkcs1 - Public-Key Cryptography Standards 1 pss - RSA Probabilistic Signature Scheme" DEFVAL { pkcs1 } ::= { tIPsecCertProfEntryIdEntry 8 } tIPsecCompChainCAProfTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecCompChainCAProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecCompChainCAProfTable maintains Certificate-Authority (CA) profile which are part of computed chain per certificate profile entry." ::= { tmnxIPsecObjects 37 } tIPsecCompChainCAProfEntry OBJECT-TYPE SYNTAX TIPsecCompChainCAProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecCompChainCAProfEntry is an entry (conceptual row) in the tIPsecCompChainCAProfTable. Each entry represents a part of the computed chain per certificate profile entry." INDEX { tIPsecCertProfileName, tIPsecCertProfEntryId, tIPsecCompChainCAProfOrder } ::= { tIPsecCompChainCAProfTable 1 } TIPsecCompChainCAProfEntry ::= SEQUENCE { tIPsecCompChainCAProfOrder Integer32, tIPsecCompChainCAProfName TNamedItem } tIPsecCompChainCAProfOrder OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecCompChainCAProfOrder indicates the order in which certificate-authority (CA) profile are maintained for the computed chain of this certificate profile entry." ::= { tIPsecCompChainCAProfEntry 1 } tIPsecCompChainCAProfName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecCompChainCAProfName indicates the certificate-authority (CA) profile which is part of the computed chain for this certificate profile entry." ::= { tIPsecCompChainCAProfEntry 2 } tIPsecCertChainCAProfTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecCertChainCAProfTblLastChgd indicates the sysUpTime at the time of the last modification to tIPsecCertChainCAProfTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 41 } tIPsecCertChainCAProfTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecCertChainCAProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecCertChainCAProfTable maintains configuration of chain CA profiles for IPsec certificate profile entry parameters." ::= { tmnxIPsecObjects 42 } tIPsecCertChainCAProfEntry OBJECT-TYPE SYNTAX TIPsecCertChainCAProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecCertChainCAProfEntry is an entry (conceptual row) in the tIPsecCertChainCAProfTable. Each entry represents the configuration for a chain CA profile for certificate profile entry. Entries in this table can be created and deleted via SNMP SET operations to tIPsecCertChainCAProfRowStatus. Entries have a presumed StorageType of nonVolatile." INDEX { tIPsecCertProfileName, tIPsecCertProfEntryId, tIPsecCertChainCAProfName } ::= { tIPsecCertChainCAProfTable 1 } TIPsecCertChainCAProfEntry ::= SEQUENCE { tIPsecCertChainCAProfName TNamedItem, tIPsecCertChainCAProfRowStatus RowStatus, tIPsecCertChainCAProfLastChgd TimeStamp } tIPsecCertChainCAProfName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecCertChainCAProfName specifies the chain CA profile for certificate profile entry." ::= { tIPsecCertChainCAProfEntry 1 } tIPsecCertChainCAProfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tIPsecCertChainCAProfRowStatus controls the creation and deletion of rows in the table." ::= { tIPsecCertChainCAProfEntry 2 } tIPsecCertChainCAProfLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The tIPsecCertChainCAProfLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tIPsecCertChainCAProfEntry 3 } tIPsecTsListTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTsListTblLastChgd indicates the sysUpTime at the time of the last modification to tIPsecTsListTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 43 } tIPsecTsListTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecTsListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecTsListTable allows configuration of IPsec traffic selector list parameters." REFERENCE "RFC 5996, 'Internet Key Exchange Protocol Version 2 (IKEv2)', IETF, September 2010" ::= { tmnxIPsecObjects 44 } tIPsecTsListEntry OBJECT-TYPE SYNTAX TIPsecTsListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecTsListEntry is an entry (conceptual row) in the tIPsecTsListTable. Each entry represents the configuration for a traffic selector list. Entries in this table can be created and deleted via SNMP SET operations to tIPsecTsListRowStatus. Entries have a presumed StorageType of nonVolatile." INDEX { tIPsecTsListName } ::= { tIPsecTsListTable 1 } TIPsecTsListEntry ::= SEQUENCE { tIPsecTsListName TNamedItem, tIPsecTsListRowStatus RowStatus, tIPsecTsListLastChgd TimeStamp } tIPsecTsListName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecTsListName specifies a specific IPsec traffic selector list name." ::= { tIPsecTsListEntry 1 } tIPsecTsListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRowStatus controls the creation and deletion of rows in the table." ::= { tIPsecTsListEntry 2 } tIPsecTsListLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTsListLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tIPsecTsListEntry 3 } tIPsecTsListLclEntryTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryTblLastChgd indicates the sysUpTime at the time of the last modification to tIPsecTsListLclEntryTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 45 } tIPsecTsListLclEntryTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecTsListLclEntryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecTsListLclEntryTable allows configuration of IPsec traffic selector list local entry parameters." ::= { tmnxIPsecObjects 46 } tIPsecTsListLclEntryEntry OBJECT-TYPE SYNTAX TIPsecTsListLclEntryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecTsListLclEntryEntry is an entry (conceptual row) in the tIPsecTsListLclEntryTable. Each entry represents the configuration for a traffic selector list local entry. Entries in this table can be created and deleted via SNMP SET operations to tIPsecTsListLclEntryRowStatus. Entries have a presumed StorageType of nonVolatile." INDEX { tIPsecTsListName, tIPsecTsListLclEntryId } ::= { tIPsecTsListLclEntryTable 1 } TIPsecTsListLclEntryEntry ::= SEQUENCE { tIPsecTsListLclEntryId Integer32, tIPsecTsListLclEntryRowStatus RowStatus, tIPsecTsListLclEntryLastChgd TimeStamp, tIPsecTsListLclEntryFrAddrType InetAddressType, tIPsecTsListLclEntryFrAddr InetAddress, tIPsecTsListLclEntryToAddrType InetAddressType, tIPsecTsListLclEntryToAddr InetAddress, tIPsecTsListLclEntryPfxAddrType InetAddressType, tIPsecTsListLclEntryPfxAddr InetAddress, tIPsecTsListLclEntryPfxLen InetAddressPrefixLength, tIPsecTsListLclEntryMinPort InetPortNumber, tIPsecTsListLclEntryMaxPort InetPortNumber, tIPsecTsListLclEntryMinMhType Unsigned32, tIPsecTsListLclEntryMaxMhType Unsigned32, tIPsecTsListLclEntryMinIcmpType Unsigned32, tIPsecTsListLclEntryMaxIcmpType Unsigned32, tIPsecTsListLclEntryMinIcmpCode Unsigned32, tIPsecTsListLclEntryMaxIcmpCode Unsigned32, tIPsecTsListLclEntryProtocolId Integer32 } tIPsecTsListLclEntryId OBJECT-TYPE SYNTAX Integer32 (1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryId specifies a unique identifier for one IPsec traffic selector local entry configured in this system." ::= { tIPsecTsListLclEntryEntry 1 } tIPsecTsListLclEntryRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryRowStatus controls the creation and deletion of rows in the table." ::= { tIPsecTsListLclEntryEntry 2 } tIPsecTsListLclEntryLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tIPsecTsListLclEntryEntry 3 } tIPsecTsListLclEntryFrAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryFrAddrType specifies the address type of beginning address of the range for this entry. An 'inconsistentValue' error is returned if this object is set to non-default value when tIPsecTsListLclEntryPfxAddr is set to non-default value." DEFVAL { unknown } ::= { tIPsecTsListLclEntryEntry 5 } tIPsecTsListLclEntryFrAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryFrAddr specifies the beginning address of the range for this entry. An 'inconsistentValue' error is returned if this object is set to non-default value when tIPsecTsListLclEntryPfxAddr is set to non-default value." DEFVAL { ''H } ::= { tIPsecTsListLclEntryEntry 6 } tIPsecTsListLclEntryToAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryToAddrType specifies the address type of ending address of the range for this entry. An 'inconsistentValue' error is returned if this object is set to non-default value when tIPsecTsListLclEntryPfxAddr is set to non-default value." DEFVAL { unknown } ::= { tIPsecTsListLclEntryEntry 7 } tIPsecTsListLclEntryToAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryToAddr specifies the ending address of the range for this entry. An 'inconsistentValue' error is returned if this object is set to non-default value when tIPsecTsListLclEntryPfxAddr is set to non-default value." DEFVAL { ''H } ::= { tIPsecTsListLclEntryEntry 8 } tIPsecTsListLclEntryPfxAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryPfxAddrType specifies the address type of prefix address of the range for this entry. An 'inconsistentValue' error is returned if this object is set to non-default value when tIPsecTsListLclEntryFrAddr is set to non-default value." DEFVAL { unknown } ::= { tIPsecTsListLclEntryEntry 9 } tIPsecTsListLclEntryPfxAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryPfxAddr specifies the prefix address for this entry. An 'inconsistentValue' error is returned if this object is set to non-default value when tIPsecTsListLclEntryFrAddr is set to non-default value." DEFVAL { ''H } ::= { tIPsecTsListLclEntryEntry 10 } tIPsecTsListLclEntryPfxLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryPfxLen specifies the prefix length of the tIPsecTsListLclEntryPfxAddr. An 'inconsistentValue' error is returned if this object is set to non-default value when tIPsecTsListLclEntryFrAddr is set to non-default value." DEFVAL { 0 } ::= { tIPsecTsListLclEntryEntry 11 } tIPsecTsListLclEntryMinPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryMinPort specifies the minimum port of the range for this IPsec traffic selector list local entry. tIPsecTsListLclEntryMinPort is used for any Internet transport layer protocol except ICMP, ICMPv6 and MIPv6. When the value of tIPsecTsListLclEntryMinPort is '0' and the value of tIPsecTsListLclEntryMaxPort is '65535', it means that the IPsec traffic selector accepts any port number. This value must be set in the same SNMP SET PDU as tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMaxPort." DEFVAL { 0 } ::= { tIPsecTsListLclEntryEntry 12 } tIPsecTsListLclEntryMaxPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryMaxPort specifies the maximum port of the range for this IPsec traffic selector list local entry. tIPsecTsListLclEntryMaxPort is used for any Internet transport layer protocol except ICMP, ICMPv6 and MIPv6. When the value of tIPsecTsListLclEntryMaxPort is '0' and the value of tIPsecTsListLclEntryMinPort is '65535', it means that the IPsec traffic selector accepts the packet only when the corresponding port field is unavailable. This value must be set in the same SNMP SET PDU as tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMinPort." DEFVAL { 65535 } ::= { tIPsecTsListLclEntryEntry 13 } tIPsecTsListLclEntryMinMhType OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryMinMhType specifies the minimum Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec traffic selector list local entry. This value must be set in the same SNMP SET PDU as tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMaxMhType." REFERENCE "'Mobility Header Types - for the MH Type field in the Mobility Header', http://www.iana.org/assignments/mobility-parameters/ mobility-parameters.xhtml#mobility-parameters-1" DEFVAL { 0 } ::= { tIPsecTsListLclEntryEntry 14 } tIPsecTsListLclEntryMaxMhType OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryMaxMhType specifies the maximum Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec traffic selector list local entry. This value must be set in the same SNMP SET PDU as tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMinMhType." DEFVAL { 0 } ::= { tIPsecTsListLclEntryEntry 15 } tIPsecTsListLclEntryMinIcmpType OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryMinIcmpType specifies the minimum ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector list local entry. This value must be set in the same SNMP SET PDU as tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMaxIcmpType, tIPsecTsListLclEntryMinIcmpCode and tIPsecTsListLclEntryMaxIcmpCode." REFERENCE "'Internet Control Message Protocol (ICMP) Parameters', http://www.iana.org/assignments/icmp-parameters/icmp-parameters.txt, April 2013, and 'Internet Control Message Protocol version 6 (ICMPv6) Parameters', http://www.iana.org/assignments/icmpv6-parameters/ icmpv6-parameters.xhtml, January 2015." DEFVAL { 0 } ::= { tIPsecTsListLclEntryEntry 16 } tIPsecTsListLclEntryMaxIcmpType OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryMaxIcmpType specifies the maximum ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector list local entry. This value must be set in the same SNMP SET PDU as tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMinIcmpType, tIPsecTsListLclEntryMinIcmpCode and tIPsecTsListLclEntryMaxIcmpCode." DEFVAL { 0 } ::= { tIPsecTsListLclEntryEntry 17 } tIPsecTsListLclEntryMinIcmpCode OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryMinIcmpCode specifies the minimum ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector list local entry. This value must be set in the same SNMP SET PDU as tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMinIcmpType, tIPsecTsListLclEntryMaxIcmpType and tIPsecTsListLclEntryMaxIcmpCode." DEFVAL { 0 } ::= { tIPsecTsListLclEntryEntry 18 } tIPsecTsListLclEntryMaxIcmpCode OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryMaxIcmpCode specifies the maximum ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector list local entry. This value must be set in the same SNMP SET PDU as tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMinIcmpType, tIPsecTsListLclEntryMaxIcmpType and tIPsecTsListLclEntryMinIcmpCode." DEFVAL { 0 } ::= { tIPsecTsListLclEntryEntry 19 } tIPsecTsListLclEntryProtocolId OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListLclEntryProtocolId specifies the IP protocol number allowed by the IPsec traffic selector associated with this local entry. A value of zero specifies that the IPsec traffic selector will accept packets for any protocol. A value of '-1' specifies that this IPsec traffic selector local entry is not configured. When the value of tIPsecTsListLclEntryProtocolId is any value between -1 and 255, except 1 (ICMP), 58 (ICMPv6) and 135 (MIPv6), this value must be set in the SNMP SET PDU as tIPsecTsListLclEntryMinPort and tIPsecTsListLclEntryMaxPort. Especially when the value of tIPsecTsListLclEntryProtocolId is -1, tIPsecTsListLclEntryMinPort and tIPsecTsListLclEntryMaxPort must be 0 and 65535, respectively. When the value of tIPsecTsListLclEntryProtocolId is 1 or 58, this value must be set in the SNMP SET PDU as tIPsecTsListLclEntryMinIcmpType, tIPsecTsListLclEntryMaxIcmpType, tIPsecTsListLclEntryMinIcmpCode and tIPsecTsListLclEntryMaxIcmpCode. When the value of tIPsecTsListLclEntryProtocolId is 135, this value must be set in the SNMP SET PDU as tIPsecTsListLclEntryMinMhType and tIPsecTsListLclEntryMaxMhType." DEFVAL { -1 } ::= { tIPsecTsListLclEntryEntry 20 } tIPsecGWTsNegSelPlcyTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecGWTsNegSelPlcyTblLastChgd indicates the sysUpTime at the time of the last modification to tIPsecGWTsNegSelPlcyTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 47 } tIPsecGWTsNegSelPlcyTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecGWTsNegSelPlcyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecGWTsNegSelPlcyTable maintains traffic selector selection-policy information for IPsec gateway entries." ::= { tmnxIPsecObjects 48 } tIPsecGWTsNegSelPlcyEntry OBJECT-TYPE SYNTAX TIPsecGWTsNegSelPlcyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecGWTsNegSelPlcyEntry maintains information about a single IPsec gateway traffic selector negotiation selection-policy." INDEX { svcId, sapPortId, sapEncapValue, tIPsecGWTsNegSelPlcyName } ::= { tIPsecGWTsNegSelPlcyTable 1 } TIPsecGWTsNegSelPlcyEntry ::= SEQUENCE { tIPsecGWTsNegSelPlcyName TNamedItemOrEmpty, tIPsecGWTsNegSelPlcyRowStatus RowStatus, tIPsecGWTsNegSelPlcyLastChgd TimeStamp, tIPsecGWTsNegSelPlcyTsList TNamedItemOrEmpty } tIPsecGWTsNegSelPlcyName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecGWTsNegSelPlcyName specifies the IPsec selection-policy name associated with this SAP IPSec gateway traffic selector." ::= { tIPsecGWTsNegSelPlcyEntry 1 } tIPsecGWTsNegSelPlcyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tIPsecGWTsNegSelPlcyRowStatus object is used to create and delete rows in the tIPsecGWTsNegSelPlcyTable." ::= { tIPsecGWTsNegSelPlcyEntry 2 } tIPsecGWTsNegSelPlcyLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecGWTsNegSelPlcyLastChgd indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tIPsecGWTsNegSelPlcyEntry 3 } tIPsecGWTsNegSelPlcyTsList OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The tIPsecGWTsNegSelPlcyTsList object specifies the IPsec traffic selector list name associated with this traffic selector negotiation selection-policy on this gateway." DEFVAL { ''H } ::= { tIPsecGWTsNegSelPlcyEntry 4 } tIPsecTrustAnchorProfTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTrustAnchorProfTblLastChgd indicates the sysUpTime at the time of the last modification to tIPsecTrustAnchorProfTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 49 } tIPsecTrustAnchorProfTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecTrustAnchorProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecTrustAnchorProfTable allows configuration of IPsec trust anchor profile parameters." ::= { tmnxIPsecObjects 50 } tIPsecTrustAnchorProfEntry OBJECT-TYPE SYNTAX TIPsecTrustAnchorProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecTrustAnchorProfEntry is an entry (conceptual row) in the tIPsecTrustAnchorProfTable. Each entry represents the configuration for a trust anchor profile. Entries in this table can be created and deleted via SNMP SET operations to tIPsecTrustAnchorProfRowStatus. Entries have a presumed StorageType of nonVolatile." INDEX { tIPsecTrustAnchorProfName } ::= { tIPsecTrustAnchorProfTable 1 } TIPsecTrustAnchorProfEntry ::= SEQUENCE { tIPsecTrustAnchorProfName TNamedItem, tIPsecTrustAnchorProfRowStatus RowStatus, tIPsecTrustAnchorProfLastChgd TimeStamp, tIPsecTrustAnchorCAProfDown Integer32 } tIPsecTrustAnchorProfName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecTrustAnchorProfName specifies a specific IPsec trust anchor profile name." ::= { tIPsecTrustAnchorProfEntry 1 } tIPsecTrustAnchorProfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTrustAnchorProfRowStatus controls the creation and deletion of rows in the table." ::= { tIPsecTrustAnchorProfEntry 2 } tIPsecTrustAnchorProfLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTrustAnchorProfLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tIPsecTrustAnchorProfEntry 3 } tIPsecTrustAnchorCAProfDown OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTrustAnchorCAProfDown indicates the total number of trusted CA-profiles (Certificate-Authority) not operational in the trust-anchor-profile." ::= { tIPsecTrustAnchorProfEntry 4 } tIPsecTrustAnchorsTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTrustAnchorsTblLastChgd indicates the sysUpTime at the time of the last modification to tIPsecTrustAnchorsTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 51 } tIPsecTrustAnchorsTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecTrustAnchorsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecTrustAnchorsTable allows configuration of IPsec trust anchor profile entry parameters." ::= { tmnxIPsecObjects 52 } tIPsecTrustAnchorsEntry OBJECT-TYPE SYNTAX TIPsecTrustAnchorsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecTrustAnchorsEntry is an entry (conceptual row) in the tIPsecTrustAnchorsTable. Each entry represents the configuration for a trust anchor profile entry. Entries in this table can be created and deleted via SNMP SET operations to tIPsecTrustAnchorsRowStatus. Entries have a presumed StorageType of nonVolatile." INDEX { tIPsecTrustAnchorProfName, tIPsecTrustAnchorsCAProfile } ::= { tIPsecTrustAnchorsTable 1 } TIPsecTrustAnchorsEntry ::= SEQUENCE { tIPsecTrustAnchorsCAProfile TNamedItem, tIPsecTrustAnchorsRowStatus RowStatus, tIPsecTrustAnchorsLastChgd TimeStamp } tIPsecTrustAnchorsCAProfile OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecTrustAnchorsCAProfile specifies a specific IPsec trust anchor certificate profile name." ::= { tIPsecTrustAnchorsEntry 1 } tIPsecTrustAnchorsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTrustAnchorsRowStatus controls the creation and deletion of rows in the table." ::= { tIPsecTrustAnchorsEntry 2 } tIPsecTrustAnchorsLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTrustAnchorsLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tIPsecTrustAnchorsEntry 3 } tIPsecRUSATrafficSelTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecRUSATrafficSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecRUSATrafficSelTable stores the IPsec remote-user dynamic SA traffic selector entries." ::= { tmnxIPsecObjects 53 } tIPsecRUSATrafficSelEntry OBJECT-TYPE SYNTAX TIPsecRUSATrafficSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecRUSATrafficSelEntry maintains information about a single IPsec remote-user SA traffic selector entry." INDEX { svcId, sapPortId, sapEncapValue, tIPsecRUTnlInetAddrType, tIPsecRUTnlInetAddress, tIPsecRUTnlPort, tIPsecRUSAId, tIPsecRUSADirection, tIPsecRUSAIndex, tIPsecRUSATrafficSelSide, tIPsecRUSATrafficSelFrAddrType, tIPsecRUSATrafficSelFrAddr, tIPsecRUSATrafficSelToAddrType, tIPsecRUSATrafficSelToAddr, tIPsecRUSATrafficSelMinPort, tIPsecRUSATrafficSelMaxPort, tIPsecRUSATrafficSelProtocolId } ::= { tIPsecRUSATrafficSelTable 1 } TIPsecRUSATrafficSelEntry ::= SEQUENCE { tIPsecRUSATrafficSelSide TmnxIpsecTrafficSelSide, tIPsecRUSATrafficSelFrAddrType InetAddressType, tIPsecRUSATrafficSelFrAddr InetAddress, tIPsecRUSATrafficSelToAddrType InetAddressType, tIPsecRUSATrafficSelToAddr InetAddress, tIPsecRUSATrafficSelLastChgd TimeStamp, tIPsecRUSATrafficSelMinPort InetPortNumber, tIPsecRUSATrafficSelMaxPort InetPortNumber, tIPsecRUSATrafficSelProtocolId Unsigned32 } tIPsecRUSATrafficSelSide OBJECT-TYPE SYNTAX TmnxIpsecTrafficSelSide MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSATrafficSelSide specifies the side to which the traffic selector entry pertains." ::= { tIPsecRUSATrafficSelEntry 1 } tIPsecRUSATrafficSelFrAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSATrafficSelFrAddrType specifies the address type of the beginning address of the range for this traffic selector entry." ::= { tIPsecRUSATrafficSelEntry 2 } tIPsecRUSATrafficSelFrAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSATrafficSelFrAddr specifies the beginning address of the range for this traffic selector entry." ::= { tIPsecRUSATrafficSelEntry 3 } tIPsecRUSATrafficSelToAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSATrafficSelToAddrType specifies the address type of the end address of the range for this traffic selector entry." ::= { tIPsecRUSATrafficSelEntry 4 } tIPsecRUSATrafficSelToAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSATrafficSelToAddr specifies the end address of the range for this traffic selector entry." ::= { tIPsecRUSATrafficSelEntry 5 } tIPsecRUSATrafficSelLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUSATrafficSelLastChgd indicates the sysUpTime at the time of the most recent management-initiated change to this entry." ::= { tIPsecRUSATrafficSelEntry 6 } tIPsecRUSATrafficSelMinPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSATrafficSelMinPort specifies the minimum port number of the range for this IPsec traffic selector entry. When the value of tIPsecRUSATrafficSelMinPort is '0' and the value of tIPsecRUSATrafficSelMaxPort is '65535', it means that the IPsec traffic selector accepts any port number. When the value of tIPsecRUSATrafficSelProtocolId is '1' (ICMP) or '58' (ICMPv6), the bits from 0 to 7 of tIPsecRUSATrafficSelMinPort represent the minimum ICMP/ICMPv6 code and the bits from 8 to 15 represent the minimum ICMP/ICMPv6 type." ::= { tIPsecRUSATrafficSelEntry 7 } tIPsecRUSATrafficSelMaxPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSATrafficSelMaxPort specifies the maximum port number of the range for this IPsec traffic selector entry. When the value of tIPsecRUSATrafficSelMaxPort is '0' and the value of tIPsecRUSATrafficSelMinPort is '65535', it means that the IPsec traffic selector accepts the packet only when the corresponding port field is unavailable. When the value of tIPsecRUSATrafficSelProtocolId is '1' (ICMP) or '58' (ICMPv6), the bits from 0 to 7 of tIPsecRUSATrafficSelMaxPort represent the maximum ICMP/ICMPv6 code and the bits from 8 to 15 represent the maximum ICMP/ICMPv6 type." ::= { tIPsecRUSATrafficSelEntry 8 } tIPsecRUSATrafficSelProtocolId OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUSATrafficSelProtocolId specifies the IP protocol number for this IPsec traffic selector entry. A value of zero specifies that the IPsec traffic selector will accept packets for any protocol." ::= { tIPsecRUSATrafficSelEntry 9 } tmnxIPsecGWDhcpTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpTblLastChgd indicates the sysUpTime at the time of the last modification of tmnxIPsecGWDhcpTable. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 54 } tmnxIPsecGWDhcpTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecGWDhcpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains SAP IPSec gateway DHCP information." ::= { tmnxIPsecObjects 55 } tmnxIPsecGWDhcpEntry OBJECT-TYPE SYNTAX TmnxIPsecGWDhcpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a SAP IPSec gateway DHCP." INDEX { svcId, sapPortId, sapEncapValue } ::= { tmnxIPsecGWDhcpTable 1 } TmnxIPsecGWDhcpEntry ::= SEQUENCE { tmnxIPsecGWDhcpRowStatus RowStatus, tmnxIPsecGWDhcpLastChgd TimeStamp, tmnxIPsecGWDhcpAdminState TmnxAdminState, tmnxIPsecGWDhcpGiAddrType InetAddressType, tmnxIPsecGWDhcpGiAddr InetAddress, tmnxIPsecGWDhcpSendRelease TruthValue, tmnxIPsecGWDhcpServiceId TmnxServId, tmnxIPsecGWDhcpRouterId TmnxVRtrIDOrZero, tmnxIPsecGWDhcpSrvr1AddrType InetAddressType, tmnxIPsecGWDhcpSrvr1Addr InetAddress, tmnxIPsecGWDhcpSrvr2AddrType InetAddressType, tmnxIPsecGWDhcpSrvr2Addr InetAddress, tmnxIPsecGWDhcpSrvr3AddrType InetAddressType, tmnxIPsecGWDhcpSrvr3Addr InetAddress, tmnxIPsecGWDhcpSrvr4AddrType InetAddressType, tmnxIPsecGWDhcpSrvr4Addr InetAddress, tmnxIPsecGWDhcpSrvr5AddrType InetAddressType, tmnxIPsecGWDhcpSrvr5Addr InetAddress, tmnxIPsecGWDhcpSrvr6AddrType InetAddressType, tmnxIPsecGWDhcpSrvr6Addr InetAddress, tmnxIPsecGWDhcpSrvr7AddrType InetAddressType, tmnxIPsecGWDhcpSrvr7Addr InetAddress, tmnxIPsecGWDhcpSrvr8AddrType InetAddressType, tmnxIPsecGWDhcpSrvr8Addr InetAddress, tmnxIPsecGWDhcpServiceName TLNamedItemOrEmpty } tmnxIPsecGWDhcpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpRowStatus controls the creation and deletion of rows in the table." ::= { tmnxIPsecGWDhcpEntry 1 } tmnxIPsecGWDhcpLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpLastChgd indicates the value of sysUpTime at the time of the last management change of any writable object of this row." ::= { tmnxIPsecGWDhcpEntry 2 } tmnxIPsecGWDhcpAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpAdminState specifies the administrative state of SAP IPSec gateway DHCP entry." DEFVAL { outOfService } ::= { tmnxIPsecGWDhcpEntry 3 } tmnxIPsecGWDhcpGiAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpGiAddrType specifies the address type of address in tmnxIPsecGWDhcpGiAddr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpEntry 4 } tmnxIPsecGWDhcpGiAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpGiAddr specifies the address of the gateway interface on this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpEntry 5 } tmnxIPsecGWDhcpSendRelease OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSendRelease specifies whether to send DHCP release message when tunnel is removed on this SAP IPSec gateway." DEFVAL { true } ::= { tmnxIPsecGWDhcpEntry 6 } tmnxIPsecGWDhcpServiceId OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpServiceId specifies the service identifier whose virtual router provides reachability to the DHCP server addresses configured in the 'tmnxIPsecGWDhcpSrvrXAddr' objects. In order to specify a virtual router, exactly one of tmnxIPsecGWDhcpServiceId, tmnxIPsecGWDhcpServiceName and tmnxIPsecGWDhcpRouterId must be configured to a non-default value. For example, when the value of tmnxIPsecGWDhcpServiceId is default, the virtual router must be specified using tmnxIPsecGWDhcpServiceName or tmnxIPsecGWDhcpRouterId. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the DHCP servers." DEFVAL { 0 } ::= { tmnxIPsecGWDhcpEntry 7 } tmnxIPsecGWDhcpRouterId OBJECT-TYPE SYNTAX TmnxVRtrIDOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpRouterId specifies the virtual router instance that provides reachability to the DHCP server addresses configured in the 'tmnxIPsecGWDhcpSrvrXAddr' objects. In order to specify a virtual router, exactly one of tmnxIPsecGWDhcpServiceId, tmnxIPsecGWDhcpServiceName and tmnxIPsecGWDhcpRouterId must be configured to a non-default value. For example, when the value of tmnxIPsecGWDhcpRouterId is default, the virtual router must be specified using tmnxIPsecGWDhcpServiceId or tmnxIPsecGWDhcpServiceName. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the DHCP servers. Only those IDs corresponding to the 'Base' virtual routers may be set in this object. Refer to the vRtrName object from TIMETRA-VRTR-MIB.mib" DEFVAL { 0 } ::= { tmnxIPsecGWDhcpEntry 8 } tmnxIPsecGWDhcpSrvr1AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr1AddrType specifies the address type of address in tmnxIPsecGWDhcpSrvr1Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpEntry 9 } tmnxIPsecGWDhcpSrvr1Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr1Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpEntry 10 } tmnxIPsecGWDhcpSrvr2AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr2AddrType specifies the address type of address in tmnxIPsecGWDhcpSrvr2Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpEntry 11 } tmnxIPsecGWDhcpSrvr2Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr2Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpEntry 12 } tmnxIPsecGWDhcpSrvr3AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr3AddrType specifies the address type of address in tmnxIPsecGWDhcpSrvr3Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpEntry 13 } tmnxIPsecGWDhcpSrvr3Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr3Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpEntry 14 } tmnxIPsecGWDhcpSrvr4AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr4AddrType specifies the address type of address in tmnxIPsecGWDhcpSrvr4Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpEntry 15 } tmnxIPsecGWDhcpSrvr4Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr4Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpEntry 16 } tmnxIPsecGWDhcpSrvr5AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr5AddrType specifies the address type of address in tmnxIPsecGWDhcpSrvr5Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpEntry 17 } tmnxIPsecGWDhcpSrvr5Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr5Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpEntry 18 } tmnxIPsecGWDhcpSrvr6AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr6AddrType specifies the address type of address in tmnxIPsecGWDhcpSrvr6Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpEntry 19 } tmnxIPsecGWDhcpSrvr6Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr6Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpEntry 20 } tmnxIPsecGWDhcpSrvr7AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr7AddrType specifies the address type of address in tmnxIPsecGWDhcpSrvr7Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpEntry 21 } tmnxIPsecGWDhcpSrvr7Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr7Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpEntry 22 } tmnxIPsecGWDhcpSrvr8AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr8AddrType specifies the address type of address in tmnxIPsecGWDhcpSrvr8Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpEntry 23 } tmnxIPsecGWDhcpSrvr8Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpSrvr8Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpEntry 24 } tmnxIPsecGWDhcpServiceName OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpServiceName specifies the service name whose virtual router provides reachability to the DHCP server addresses configured in the 'tmnxIPsecGWDhcpSrvrXAddr' objects. In order to specify a virtual router, exactly one of tmnxIPsecGWDhcpServiceId, tmnxIPsecGWDhcpServiceName and tmnxIPsecGWDhcpRouterId must be configured to a non-default value. For example, when the value of tmnxIPsecGWDhcpServiceName is default, the virtual router must be specified using tmnxIPsecGWDhcpServiceId or tmnxIPsecGWDhcpRouterId. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the DHCP servers." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpEntry 25 } tIPsecGWLclAddrAssignTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignTblLastChgd indicates the sysUpTime at the time of the last modification of tIPsecGWLclAddrAssignTable. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 56 } tIPsecGWLclAddrAssignTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecGWLclAddrAssignEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecGWLclAddrAssignTable maintains Local-Address-Assignment information for all SAP IPSec gateways." ::= { tmnxIPsecObjects 57 } tIPsecGWLclAddrAssignEntry OBJECT-TYPE SYNTAX TIPsecGWLclAddrAssignEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecGWLclAddrAssignEntry maintains Local-Address-Assignment information for specific SAP IPSec gateway." INDEX { svcId, sapPortId, sapEncapValue } ::= { tIPsecGWLclAddrAssignTable 1 } TIPsecGWLclAddrAssignEntry ::= SEQUENCE { tIPsecGWLclAddrAssignRowStatus RowStatus, tIPsecGWLclAddrAssignLastChgd TimeStamp, tIPsecGWLclAddrAssignAdminState TmnxAdminState, tIPsecGWLclAddrAssignIp4SrvrName TNamedItemOrEmpty, tIPsecGWLclAddrAssignIp4SrvrSvc TmnxServId, tIPsecGWLclAddrAssignIp4SrvrRtr TmnxVRtrIDOrZero, tIPsecGWLclAddrAssignIp4PoolName TNamedItemOrEmpty, tIPsecGWLclAddrAssignIp6SrvrName TNamedItemOrEmpty, tIPsecGWLclAddrAssignIp6SrvrSvc TmnxServId, tIPsecGWLclAddrAssignIp6SrvrRtr TmnxVRtrIDOrZero, tIPsecGWLclAddrAssignIp6PoolName TNamedItemOrEmpty, tIPsecGWLclAddrAssignIp4PoolNam2 TNamedItemOrEmpty, tIPsecGWLclAddrAssignIp4SrvrSvcN TLNamedItemOrEmpty, tIPsecGWLclAddrAssignIp6SrvrSvcN TLNamedItemOrEmpty } tIPsecGWLclAddrAssignRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignRowStatus controls the creation and deletion of rows in the table." ::= { tIPsecGWLclAddrAssignEntry 1 } tIPsecGWLclAddrAssignLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignLastChgd indicates the value of sysUpTime at the time of the last management change of any writable object of this row." ::= { tIPsecGWLclAddrAssignEntry 2 } tIPsecGWLclAddrAssignAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignAdminState specifies the administrative state of SAP IPSec gateway DHCP entry." DEFVAL { outOfService } ::= { tIPsecGWLclAddrAssignEntry 3 } tIPsecGWLclAddrAssignIp4SrvrName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp4SrvrName specifies the name of the Local-Address-Assignment server associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tIPsecGWLclAddrAssignEntry 4 } tIPsecGWLclAddrAssignIp4SrvrSvc OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp4SrvrSvc specifies the service identifier whose virtual router provides reachability to the local-address-assignment server address configured in the tIPsecGWLclAddrAssignIp4SrvrName object. In order to specify a virtual router, exactly one of tIPsecGWLclAddrAssignIp4SrvrSvc, tIPsecGWLclAddrAssignIp4SrvrSvcN and tIPsecGWLclAddrAssignIp4SrvrRtr must be configured to a non-default value. For example, when the value of tIPsecGWLclAddrAssignIp4SrvrSvc is default, the virtual router must be specified using tIPsecGWLclAddrAssignIp4SrvrSvcN or tIPsecGWLclAddrAssignIp4SrvrRtr. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the local address assignment server." DEFVAL { 0 } ::= { tIPsecGWLclAddrAssignEntry 5 } tIPsecGWLclAddrAssignIp4SrvrRtr OBJECT-TYPE SYNTAX TmnxVRtrIDOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp4SrvrRtr specifies the virtual router instance that provides reachability to the local-address-assignment server address configured in the tIPsecGWLclAddrAssignIp4SrvrName object. In order to specify a virtual router, exactly one of tIPsecGWLclAddrAssignIp4SrvrSvc, tIPsecGWLclAddrAssignIp4SrvrSvcN and tIPsecGWLclAddrAssignIp4SrvrRtr must be configured to a non-default value. For example, when the value of tIPsecGWLclAddrAssignIp4SrvrRtr is default, the virtual router must be specified using tIPsecGWLclAddrAssignIp4SrvrSvc or tIPsecGWLclAddrAssignIp4SrvrSvcN. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the local address assignment server. Only those IDs corresponding to the 'Base', 'management', and 'vpls-management' virtual routers may be set in this object. Refer to the vRtrName object from TIMETRA-VRTR-MIB.mib" DEFVAL { 0 } ::= { tIPsecGWLclAddrAssignEntry 6 } tIPsecGWLclAddrAssignIp4PoolName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp4PoolName specifies the name of the primary IPv4 Local-Address-Assignment pool associated with this IPsec gateway." DEFVAL { ''H } ::= { tIPsecGWLclAddrAssignEntry 7 } tIPsecGWLclAddrAssignIp6SrvrName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp6SrvrName specifies the name of the Local-Address-Assignment server associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tIPsecGWLclAddrAssignEntry 8 } tIPsecGWLclAddrAssignIp6SrvrSvc OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp6SrvrSvc specifies the service identifier whose virtual router provides reachability to the local-address-assignment server address configured in the tIPsecGWLclAddrAssignIp6SrvrName object. In order to specify a virtual router, exactly one of tIPsecGWLclAddrAssignIp6SrvrSvc, tIPsecGWLclAddrAssignIp6SrvrSvcN and tIPsecGWLclAddrAssignIp6SrvrRtr must be configured to a non-default value. For example, when the value of tIPsecGWLclAddrAssignIp6SrvrSvc is default, the virtual router must be specified using tIPsecGWLclAddrAssignIp6SrvrSvcN or tIPsecGWLclAddrAssignIp6SrvrRtr. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the local address assignment server." DEFVAL { 0 } ::= { tIPsecGWLclAddrAssignEntry 9 } tIPsecGWLclAddrAssignIp6SrvrRtr OBJECT-TYPE SYNTAX TmnxVRtrIDOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp6SrvrRtr specifies the virtual router instance that provides reachability to the local-address-assignment server address configured in the tIPsecGWLclAddrAssignIp6SrvrName object. In order to specify a virtual router, exactly one of tIPsecGWLclAddrAssignIp6SrvrSvc, tIPsecGWLclAddrAssignIp6SrvrSvcN and tIPsecGWLclAddrAssignIp6SrvrRtr must be configured to a non-default value. For example, when the value of tIPsecGWLclAddrAssignIp6SrvrRtr is default, the virtual router must be specified using tIPsecGWLclAddrAssignIp6SrvrSvc or tIPsecGWLclAddrAssignIp6SrvrSvcN. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the local address assignment server. Only those IDs corresponding to the 'Base', 'management', and 'vpls-management' virtual routers may be set in this object. Refer to the vRtrName object from TIMETRA-VRTR-MIB.mib" DEFVAL { 0 } ::= { tIPsecGWLclAddrAssignEntry 10 } tIPsecGWLclAddrAssignIp6PoolName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp6PoolName specifies the name of the primary IPv6 Local-Address-Assignment pool associated with this IPsec gateway." DEFVAL { ''H } ::= { tIPsecGWLclAddrAssignEntry 11 } tIPsecGWLclAddrAssignIp4PoolNam2 OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp4PoolNam2 specifies the name of the secondary IPv4 Local-Address-Assignment pool associated with this IPsec gateway. The secondary pool will be used when all addresses in the primary pool (tIPsecGWLclAddrAssignIp4PoolName) are assigned. When tIPsecGWLclAddrAssignIp4PoolName is not configured, tIPsecGWLclAddrAssignIp4PoolNam2 also cannot be configured. When tIPsecGWLclAddrAssignIp4PoolName is configured, tIPsecGWLclAddrAssignIp4PoolNam2 cannot be set the the same value as tIPsecGWLclAddrAssignIp4PoolName." DEFVAL { ''H } ::= { tIPsecGWLclAddrAssignEntry 12 } tIPsecGWLclAddrAssignIp4SrvrSvcN OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp4SrvrSvcN specifies the service name whose virtual router provides reachability to the local-address-assignment server address configured in the tIPsecGWLclAddrAssignIp4SrvrName object. In order to specify a virtual router, exactly one of tIPsecGWLclAddrAssignIp4SrvrSvc, tIPsecGWLclAddrAssignIp4SrvrSvcN and tIPsecGWLclAddrAssignIp4SrvrRtr must be configured to a non-default value. For example, when the value of tIPsecGWLclAddrAssignIp4SrvrSvcN is default, the virtual router must be specified using tIPsecGWLclAddrAssignIp4SrvrSvc or tIPsecGWLclAddrAssignIp4SrvrRtr. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the local address assignment server." DEFVAL { ''H } ::= { tIPsecGWLclAddrAssignEntry 14 } tIPsecGWLclAddrAssignIp6SrvrSvcN OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecGWLclAddrAssignIp6SrvrSvcN specifies the service name whose virtual router provides reachability to the local-address-assignment server address configured in the tIPsecGWLclAddrAssignIp6SrvrName object. In order to specify a virtual router, exactly one of tIPsecGWLclAddrAssignIp6SrvrSvc, tIPsecGWLclAddrAssignIp6SrvrSvcN and tIPsecGWLclAddrAssignIp6SrvrRtr must be configured to a non-default value. For example, when the value of tIPsecGWLclAddrAssignIp6SrvrSvcN is default, the virtual router must be specified using tIPsecGWLclAddrAssignIp6SrvrSvc or tIPsecGWLclAddrAssignIp6SrvrRtr. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the local address assignment server." DEFVAL { ''H } ::= { tIPsecGWLclAddrAssignEntry 15 } tmnxIPsecGWDhcpV6TblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6TblLastChgd indicates the sysUpTime at the time of the last modification of tmnxIPsecGWDhcpV6Table. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 58 } tmnxIPsecGWDhcpV6Table OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecGWDhcpV6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains SAP IPSec gateway DHCPV6 information." ::= { tmnxIPsecObjects 59 } tmnxIPsecGWDhcpV6Entry OBJECT-TYPE SYNTAX TmnxIPsecGWDhcpV6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a SAP IPSec gateway DHCPV6." INDEX { svcId, sapPortId, sapEncapValue } ::= { tmnxIPsecGWDhcpV6Table 1 } TmnxIPsecGWDhcpV6Entry ::= SEQUENCE { tmnxIPsecGWDhcpV6RowStatus RowStatus, tmnxIPsecGWDhcpV6LastChgd TimeStamp, tmnxIPsecGWDhcpV6AdminState TmnxAdminState, tmnxIPsecGWDhcpV6LinkAddrType InetAddressType, tmnxIPsecGWDhcpV6LinkAddr InetAddress, tmnxIPsecGWDhcpV6SendRelease TruthValue, tmnxIPsecGWDhcpV6ServiceId TmnxServId, tmnxIPsecGWDhcpV6RouterId TmnxVRtrIDOrZero, tmnxIPsecGWDhcpV6Srvr1AddrType InetAddressType, tmnxIPsecGWDhcpV6Srvr1Addr InetAddress, tmnxIPsecGWDhcpV6Srvr2AddrType InetAddressType, tmnxIPsecGWDhcpV6Srvr2Addr InetAddress, tmnxIPsecGWDhcpV6Srvr3AddrType InetAddressType, tmnxIPsecGWDhcpV6Srvr3Addr InetAddress, tmnxIPsecGWDhcpV6Srvr4AddrType InetAddressType, tmnxIPsecGWDhcpV6Srvr4Addr InetAddress, tmnxIPsecGWDhcpV6Srvr5AddrType InetAddressType, tmnxIPsecGWDhcpV6Srvr5Addr InetAddress, tmnxIPsecGWDhcpV6Srvr6AddrType InetAddressType, tmnxIPsecGWDhcpV6Srvr6Addr InetAddress, tmnxIPsecGWDhcpV6Srvr7AddrType InetAddressType, tmnxIPsecGWDhcpV6Srvr7Addr InetAddress, tmnxIPsecGWDhcpV6Srvr8AddrType InetAddressType, tmnxIPsecGWDhcpV6Srvr8Addr InetAddress, tmnxIPsecGWDhcpV6ServiceName TLNamedItemOrEmpty } tmnxIPsecGWDhcpV6RowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6RowStatus controls the creation and deletion of rows in the table." ::= { tmnxIPsecGWDhcpV6Entry 1 } tmnxIPsecGWDhcpV6LastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6LastChgd indicates the value of sysUpTime at the time of the last management change of any writable object of this row." ::= { tmnxIPsecGWDhcpV6Entry 2 } tmnxIPsecGWDhcpV6AdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6AdminState specifies the administrative state of SAP IPSec gateway DHCP entry." DEFVAL { outOfService } ::= { tmnxIPsecGWDhcpV6Entry 3 } tmnxIPsecGWDhcpV6LinkAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6LinkAddrType specifies the address type of address in tmnxIPsecGWDhcpV6LinkAddr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpV6Entry 4 } tmnxIPsecGWDhcpV6LinkAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6LinkAddr specifies the address of the gateway interface on this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpV6Entry 5 } tmnxIPsecGWDhcpV6SendRelease OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6SendRelease specifies whether to send DHCP release message when tunnel is removed on this SAP IPSec gateway." DEFVAL { true } ::= { tmnxIPsecGWDhcpV6Entry 6 } tmnxIPsecGWDhcpV6ServiceId OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6ServiceId specifies the service identifier whose virtual router provides reachability to the DHCP server addresses configured in the 'tmnxIPsecGWDhcpV6SrvrXAddr' objects. In order to specify a virtual router, exactly one of tmnxIPsecGWDhcpV6ServiceId, tmnxIPsecGWDhcpV6ServiceName and tmnxIPsecGWDhcpV6RouterId must be configured to a non-default value. For example, when the value of tmnxIPsecGWDhcpV6ServiceId is default, the virtual router must be specified using tmnxIPsecGWDhcpV6ServiceName or tmnxIPsecGWDhcpV6RouterId. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the DHCP servers." DEFVAL { 0 } ::= { tmnxIPsecGWDhcpV6Entry 7 } tmnxIPsecGWDhcpV6RouterId OBJECT-TYPE SYNTAX TmnxVRtrIDOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6RouterId specifies the virtual router instance that provides reachability to the DHCP server addresses configured in the 'tmnxIPsecGWDhcpV6SrvrXAddr' objects. In order to specify a virtual router, exactly one of tmnxIPsecGWDhcpV6ServiceId, tmnxIPsecGWDhcpV6ServiceName and tmnxIPsecGWDhcpV6RouterId must be configured to a non-default value. For example, when the value of tmnxIPsecGWDhcpV6RouterId is default, the virtual router must be specified using tmnxIPsecGWDhcpV6ServiceId or tmnxIPsecGWDhcpV6ServiceName. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the DHCP servers. Only those IDs corresponding to the 'Base', 'management', and 'vpls-management' virtual routers may be set in this object. Refer to the vRtrName object from TIMETRA-VRTR-MIB.mib" DEFVAL { 0 } ::= { tmnxIPsecGWDhcpV6Entry 8 } tmnxIPsecGWDhcpV6Srvr1AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr1AddrType specifies the address type of address in tmnxIPsecGWDhcpV6Srvr1Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpV6Entry 9 } tmnxIPsecGWDhcpV6Srvr1Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr1Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpV6Entry 10 } tmnxIPsecGWDhcpV6Srvr2AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr2AddrType specifies the address type of address in tmnxIPsecGWDhcpV6Srvr2Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpV6Entry 11 } tmnxIPsecGWDhcpV6Srvr2Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr2Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpV6Entry 12 } tmnxIPsecGWDhcpV6Srvr3AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr3AddrType specifies the address type of address in tmnxIPsecGWDhcpV6Srvr3Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpV6Entry 13 } tmnxIPsecGWDhcpV6Srvr3Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr3Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpV6Entry 14 } tmnxIPsecGWDhcpV6Srvr4AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr4AddrType specifies the address type of address in tmnxIPsecGWDhcpV6Srvr4Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpV6Entry 15 } tmnxIPsecGWDhcpV6Srvr4Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr4Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpV6Entry 16 } tmnxIPsecGWDhcpV6Srvr5AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr5AddrType specifies the address type of address in tmnxIPsecGWDhcpV6Srvr5Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpV6Entry 17 } tmnxIPsecGWDhcpV6Srvr5Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr5Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpV6Entry 18 } tmnxIPsecGWDhcpV6Srvr6AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr6AddrType specifies the address type of address in tmnxIPsecGWDhcpV6Srvr6Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpV6Entry 19 } tmnxIPsecGWDhcpV6Srvr6Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr6Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpV6Entry 20 } tmnxIPsecGWDhcpV6Srvr7AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr7AddrType specifies the address type of address in tmnxIPsecGWDhcpV6Srvr7Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpV6Entry 21 } tmnxIPsecGWDhcpV6Srvr7Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr7Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpV6Entry 22 } tmnxIPsecGWDhcpV6Srvr8AddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr8AddrType specifies the address type of address in tmnxIPsecGWDhcpV6Srvr8Addr." DEFVAL { unknown } ::= { tmnxIPsecGWDhcpV6Entry 23 } tmnxIPsecGWDhcpV6Srvr8Addr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6Srvr8Addr specifies the DHCP server address associated with this SAP IPSec gateway." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpV6Entry 24 } tmnxIPsecGWDhcpV6ServiceName OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecGWDhcpV6ServiceName specifies the service name whose virtual router provides reachability to the DHCP server addresses configured in the 'tmnxIPsecGWDhcpV6SrvrXAddr' objects. In order to specify a virtual router, exactly one of tmnxIPsecGWDhcpV6ServiceId, tmnxIPsecGWDhcpV6ServiceName and tmnxIPsecGWDhcpV6RouterId must be configured to a non-default value. For example, when the value of tmnxIPsecGWDhcpV6ServiceName is default, the virtual router must be specified using tmnxIPsecGWDhcpV6ServiceId or tmnxIPsecGWDhcpV6RouterId. When all of the three objects are default, remote user tunnels will fail to acquire the addresses from any of the DHCP servers." DEFVAL { ''H } ::= { tmnxIPsecGWDhcpV6Entry 25 } tIPsecTsListRmtEntryTblLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryTblLastChgd indicates the time, since system startup, when tIPsecTsListRmtEntryTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxIPsecObjects 60 } tIPsecTsListRmtEntryTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecTsListRmtEntryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecTsListRmtEntryTable contains objects used to configure instances of IPsec traffic selector list remote entries. Entries in this table are created and destroyed via SNMP SET operations to tIPsecTsListRmtEntryRowStatus." ::= { tmnxIPsecObjects 61 } tIPsecTsListRmtEntryEntry OBJECT-TYPE SYNTAX TIPsecTsListRmtEntryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecTsListRmtEntryEntry contains the configuration of one IPsec traffic selector list remote entry." INDEX { tIPsecTsListName, tIPsecTsListRmtEntryId } ::= { tIPsecTsListRmtEntryTable 1 } TIPsecTsListRmtEntryEntry ::= SEQUENCE { tIPsecTsListRmtEntryId Unsigned32, tIPsecTsListRmtEntryRowStatus RowStatus, tIPsecTsListRmtEntryLastChgd TimeStamp, tIPsecTsListRmtEntryMinAddrType InetAddressType, tIPsecTsListRmtEntryMinAddr InetAddress, tIPsecTsListRmtEntryMaxAddrType InetAddressType, tIPsecTsListRmtEntryMaxAddr InetAddress, tIPsecTsListRmtEntryPfxAddrType InetAddressType, tIPsecTsListRmtEntryPfxAddr InetAddress, tIPsecTsListRmtEntryPfxLen InetAddressPrefixLength, tIPsecTsListRmtEntryMinPort InetPortNumber, tIPsecTsListRmtEntryMaxPort InetPortNumber, tIPsecTsListRmtEntryMinMhType Unsigned32, tIPsecTsListRmtEntryMaxMhType Unsigned32, tIPsecTsListRmtEntryMinIcmpType Unsigned32, tIPsecTsListRmtEntryMaxIcmpType Unsigned32, tIPsecTsListRmtEntryMinIcmpCode Unsigned32, tIPsecTsListRmtEntryMaxIcmpCode Unsigned32, tIPsecTsListRmtEntryProtocolId Integer32 } tIPsecTsListRmtEntryId OBJECT-TYPE SYNTAX Unsigned32 (1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryId specifies a unique identifier for one IPsec traffic selector remote entry configured in this system." ::= { tIPsecTsListRmtEntryEntry 1 } tIPsecTsListRmtEntryRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryRowStatus specifies the status of this row. It is used to create and destroy rows in tIPsecTsListRmtEntryTable." ::= { tIPsecTsListRmtEntryEntry 2 } tIPsecTsListRmtEntryLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryLastChgd indicates the time, since system startup, when the configuration of this row was created or modified." ::= { tIPsecTsListRmtEntryEntry 3 } tIPsecTsListRmtEntryMinAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMinAddrType specifies the address type of tIPsecTsListRmtEntryMinAddr. The values of tIPsecTsListRmtEntryMinAddrType and tIPsecTsListRmtEntryMaxAddrType must be the same. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryMinAddr, tIPsecTsListRmtEntryMaxAddrType and tIPsecTsListRmtEntryMaxAddr." DEFVAL { unknown } ::= { tIPsecTsListRmtEntryEntry 4 } tIPsecTsListRmtEntryMinAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMinAddr specifies the minimum address of the range for this IPsec traffic selector list remote entry. The configurations of tIPsecTsListRmtEntryMinAddr and tIPsecTsListRmtEntryPfxAddr are mutually exclusive. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryMinAddrType, tIPsecTsListRmtEntryMaxAddrType and tIPsecTsListRmtEntryMaxAddr." DEFVAL { ''H } ::= { tIPsecTsListRmtEntryEntry 5 } tIPsecTsListRmtEntryMaxAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMaxAddrType specifies the address type of tIPsecTsListRmtEntryMaxAddr. The values of tIPsecTsListRmtEntryMaxAddrType and tIPsecTsListRmtEntryMinAddrType must be the same. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryMinAddr, tIPsecTsListRmtEntryMinAddrType and tIPsecTsListRmtEntryMaxAddr." DEFVAL { unknown } ::= { tIPsecTsListRmtEntryEntry 6 } tIPsecTsListRmtEntryMaxAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMaxAddr specifies the maximum address of the range for this IPsec traffic selector list remote entry. The configurations of tIPsecTsListRmtEntryMaxAddr and tIPsecTsListRmtEntryPfxAddr are mutually exclusive. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryMinAddr, tIPsecTsListRmtEntryMinAddrType and tIPsecTsListRmtEntryMaxAddrType." DEFVAL { ''H } ::= { tIPsecTsListRmtEntryEntry 7 } tIPsecTsListRmtEntryPfxAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryPfxAddrType specifies the address type of tIPsecTsListRmtEntryPfxAddr. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryPfxAddr and tIPsecTsListRmtEntryPfxLen." DEFVAL { unknown } ::= { tIPsecTsListRmtEntryEntry 8 } tIPsecTsListRmtEntryPfxAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryPfxAddr specifies the prefix address for this IPsec traffic selector list remote entry. The configuration of tIPsecTsListRmtEntryPfxAddr and that of tIPsecTsListRmtEntryMinAddr and tIPsecTsListRmtEntryMaxAddr are mutually exclusive. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryPfxAddrType and tIPsecTsListRmtEntryPfxLen." DEFVAL { ''H } ::= { tIPsecTsListRmtEntryEntry 9 } tIPsecTsListRmtEntryPfxLen OBJECT-TYPE SYNTAX InetAddressPrefixLength (0..128) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryPfxLen specifies the prefix length of the tIPsecTsListRmtEntryPfxAddr. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryPfxAddrType and tIPsecTsListRmtEntryPfxAddr." DEFVAL { 0 } ::= { tIPsecTsListRmtEntryEntry 10 } tIPsecTsListRmtEntryMinPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMinPort specifies the minimum port of the range for this IPsec traffic selector list remote entry. tIPsecTsListRmtEntryMinPort is used for any Internet transport layer protocol except ICMP, ICMPv6 and MIPv6. When the value of tIPsecTsListRmtEntryMinPort is '0' and the value of tIPsecTsListRmtEntryMaxPort is '65535', it means that the IPsec traffic selector accepts any port number. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMaxPort." DEFVAL { 0 } ::= { tIPsecTsListRmtEntryEntry 11 } tIPsecTsListRmtEntryMaxPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMaxPort specifies the maximum port of the range for this IPsec traffic selector list remote entry. tIPsecTsListRmtEntryMaxPort is used for any Internet transport layer protocol except ICMP, ICMPv6 and MIPv6. When the value of tIPsecTsListRmtEntryMaxPort is '0' and the value of tIPsecTsListRmtEntryMinPort is '65535', it means that the IPsec traffic selector accepts the packet only when the corresponding port field field is unavailable. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMinPort." DEFVAL { 65535 } ::= { tIPsecTsListRmtEntryEntry 12 } tIPsecTsListRmtEntryMinMhType OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMinMhType specifies the minimum Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec traffic selector list remote entry. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMaxMhType." REFERENCE "'Mobility Header Types - for the MH Type field in the Mobility Header', http://www.iana.org/assignments/mobility-parameters/ mobility-parameters.xhtml#mobility-parameters-1" DEFVAL { 0 } ::= { tIPsecTsListRmtEntryEntry 13 } tIPsecTsListRmtEntryMaxMhType OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMaxMhType specifies the maximum Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec traffic selector list remote entry. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMinMhType." DEFVAL { 0 } ::= { tIPsecTsListRmtEntryEntry 14 } tIPsecTsListRmtEntryMinIcmpType OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMinIcmpType specifies the minimum ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector list remote entry. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMaxIcmpType, tIPsecTsListRmtEntryMinIcmpCode and tIPsecTsListRmtEntryMaxIcmpCode." REFERENCE "'Internet Control Message Protocol (ICMP) Parameters', http://www.iana.org/assignments/icmp-parameters/icmp-parameters.txt, April 2013, and 'Internet Control Message Protocol version 6 (ICMPv6) Parameters', http://www.iana.org/assignments/icmpv6-parameters/ icmpv6-parameters.xhtml, January 2015." DEFVAL { 0 } ::= { tIPsecTsListRmtEntryEntry 15 } tIPsecTsListRmtEntryMaxIcmpType OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMaxIcmpType specifies the maximum ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector list remote entry. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMinIcmpType, tIPsecTsListRmtEntryMinIcmpCode and tIPsecTsListRmtEntryMaxIcmpCode." DEFVAL { 0 } ::= { tIPsecTsListRmtEntryEntry 16 } tIPsecTsListRmtEntryMinIcmpCode OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMinIcmpCode specifies the minimum ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector list remote entry. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMinIcmpType, tIPsecTsListRmtEntryMaxIcmpType and tIPsecTsListRmtEntryMaxIcmpCode." DEFVAL { 0 } ::= { tIPsecTsListRmtEntryEntry 17 } tIPsecTsListRmtEntryMaxIcmpCode OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryMaxIcmpCode specifies the maximum ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector list remote entry. This value must be set in the same SNMP SET PDU as tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMinIcmpType, tIPsecTsListRmtEntryMaxIcmpType and tIPsecTsListRmtEntryMinIcmpCode." DEFVAL { 0 } ::= { tIPsecTsListRmtEntryEntry 18 } tIPsecTsListRmtEntryProtocolId OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecTsListRmtEntryProtocolId specifies the IP protocol number allowed by the IPsec traffic selector associated with this entry. A value of zero specifies that the IPsec traffic selector will accept packets for any protocol. A value of '-1' specifies that this IPsec traffic selector is not configured. When the value of tIPsecTsListRmtEntryProtocolId is any value between -1 and 255, except 1 (ICMP), 58 (ICMPv6) and 135 (MIPv6), this value must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinPort and tIPsecTsListRmtEntryMaxPort. Especially when the value of tIPsecTsListRmtEntryProtocolId is -1, tIPsecTsListRmtEntryMinPort and tIPsecTsListRmtEntryMaxPort must be 0 and 65535, respectively. When the value of tIPsecTsListRmtEntryProtocolId is any value between 1 and 255, except 1 (ICMP), 58 (ICMPv6) and 135 (MIPv6), this value must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinPort and tIPsecTsListRmtEntryMaxPort. When the value of tIPsecTsListRmtEntryProtocolId is 1 or 58 this value must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinIcmpType, tIPsecTsListRmtEntryMaxIcmpType, tIPsecTsListRmtEntryMinIcmpCode and tIPsecTsListRmtEntryMaxIcmpCode. When the value of tIPsecTsListRmtEntryProtocolId is 135, this value must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinMhType and tIPsecTsListRmtEntryMaxMhType." DEFVAL { -1 } ::= { tIPsecTsListRmtEntryEntry 19 } tmnxIPsecLockoutClientTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecLockoutClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecLockoutClientTable contains the statistics information of IPsec lockout clients. IPsec lockout clients are ones who are not successfully pass the IKE authentication process." ::= { tmnxIPsecObjects 62 } tmnxIPsecLockoutClientEntry OBJECT-TYPE SYNTAX TmnxIPsecLockoutClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxIPsecLockoutClientEntry contains the statistics information for one IPsec Lockout Client. tmnxCardSlotNum and tmnxMDASlotNum should be IPsec MDA." INDEX { tmnxCardSlotNum, tmnxMDASlotNum, tmnxIPsecLockoutClientRtrId, tmnxIPsecLockoutClientLclGwAddrT, tmnxIPsecLockoutClientLclGwAddr, tmnxIPsecLockoutClientAddressTyp, tmnxIPsecLockoutClientAddress, tmnxIPsecLockoutClientPort } ::= { tmnxIPsecLockoutClientTable 1 } TmnxIPsecLockoutClientEntry ::= SEQUENCE { tmnxIPsecLockoutClientRtrId TmnxVRtrID, tmnxIPsecLockoutClientLclGwAddrT InetAddressType, tmnxIPsecLockoutClientLclGwAddr InetAddress, tmnxIPsecLockoutClientAddressTyp InetAddressType, tmnxIPsecLockoutClientAddress InetAddress, tmnxIPsecLockoutClientPort InetPortNumber, tmnxIPsecLockoutClientStatus TruthValue, tmnxIPsecLockoutClientFailAtempt Unsigned32, tmnxIPsecLockoutClientDroppedPkt Unsigned32, tmnxIPsecLockoutClientRemainTime Integer32 } tmnxIPsecLockoutClientRtrId OBJECT-TYPE SYNTAX TmnxVRtrID MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecLockoutClientRtrId specifies the virtual router instance for IES or VPRN services. The value of tmnxIPsecLockoutClientRtrId is 1 for IES services." ::= { tmnxIPsecLockoutClientEntry 1 } tmnxIPsecLockoutClientLclGwAddrT OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecLockoutClientLclGwAddrT specifies the address type of the local SAP IPSec gateway." ::= { tmnxIPsecLockoutClientEntry 2 } tmnxIPsecLockoutClientLclGwAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecLockoutClientLclGwAddr specifies the IP address of the local SAP IPsec gateway." ::= { tmnxIPsecLockoutClientEntry 3 } tmnxIPsecLockoutClientAddressTyp OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecLockoutClientAddressTyp specifies the address type of the lockout client." ::= { tmnxIPsecLockoutClientEntry 4 } tmnxIPsecLockoutClientAddress OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecLockoutClientAddress specifies the address of the lockout client." ::= { tmnxIPsecLockoutClientEntry 5 } tmnxIPsecLockoutClientPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecLockoutClientPort specifies the port number of the lockout client. The value of zero means that all ports under tmnxIPsecLockoutClientAddress are locked out." ::= { tmnxIPsecLockoutClientEntry 6 } tmnxIPsecLockoutClientStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecLockoutClientStatus indicates whether a client is locked out by the system. The value of 'true (1)' indicates that the client is locked out and all IKE traffics from this client are rejected by the system. The value of 'false (2)' indicates that the system still accepts IKE traffic from this client; but the client has failed on certain IKE authentications." ::= { tmnxIPsecLockoutClientEntry 7 } tmnxIPsecLockoutClientFailAtempt OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecLockoutClientFailAtempt indicates the number of failed authentication attempts from the lockout client within the lockout duration(i.e., tmnxIkePolicyLockoutDuration)." ::= { tmnxIPsecLockoutClientEntry 8 } tmnxIPsecLockoutClientDroppedPkt OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecLockoutClientDroppedPkt indicates the number of dropped packets for the lockout client." ::= { tmnxIPsecLockoutClientEntry 9 } tmnxIPsecLockoutClientRemainTime OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecLockoutClientRemainTime indicates the time remaining until this client is unblocked. The total block time is defined by tmnxIkePolicyLockoutBlock. A value of zero indicates that this client will never be unblocked. A value of -1 indicates that this client is not blocked." ::= { tmnxIPsecLockoutClientEntry 10 } tIPsecRUTnlDhcpLeaseStatTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecRUTnlDhcpLeaseStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecRUTnlDhcpLeaseStatTable contains the statistics information of the private IP address DHCP leases in the dynamic IPsec remote user tunnel. Refer to tIPsecRUTnlTable for the information of the dynamic IPsec remote user tunnel. Each tunnel has at most two private IP addresses (i.e., tIPsecRUTnlPrivateIpAddr and tIPsecRUTnlPrivateIpAddr2)." ::= { tmnxIPsecObjects 63 } tIPsecRUTnlDhcpLeaseStatEntry OBJECT-TYPE SYNTAX TIPsecRUTnlDhcpLeaseStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecRUTnlDhcpLeaseStatEntry contains the statistics information of one private IP address DHCP lease in the dynamic IPsec remote user tunnel. Rows in this table are created when the value of tIPsecRUTnlPrivateIpAddr or tIPsecRUTnlPrivateIpAddr2 in the associated entry of tIPsecRUTnlTable is changed from all-zeros to any valid address that was obtained from a DHCP server. Rows in this table are destroyed when the associated entry is destroyed in tIPsecRUTnlTable." INDEX { svcId, sapPortId, sapEncapValue, tIPsecRUTnlInetAddrType, tIPsecRUTnlInetAddress, tIPsecRUTnlPort, tIPsecRUTnlDhcpLeaseStatPrivAddT, tIPsecRUTnlDhcpLeaseStatPrivAddr } ::= { tIPsecRUTnlDhcpLeaseStatTable 1 } TIPsecRUTnlDhcpLeaseStatEntry ::= SEQUENCE { tIPsecRUTnlDhcpLeaseStatPrivAddT InetAddressType, tIPsecRUTnlDhcpLeaseStatPrivAddr InetAddress, tIPsecRUTnlDhcpLeaseStatSverAddT InetAddressType, tIPsecRUTnlDhcpLeaseStatSverAddr InetAddress, tIPsecRUTnlDhcpLeaseStatAcquirTm DateAndTime, tIPsecRUTnlDhcpLeaseStatRenewTm DateAndTime, tIPsecRUTnlDhcpLeaseStatRebindTm DateAndTime, tIPsecRUTnlDhcpLeaseStatPrivPref DateAndTime, tIPsecRUTnlDhcpLeaseStatPrivVald DateAndTime } tIPsecRUTnlDhcpLeaseStatPrivAddT OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUTnlDhcpLeaseStatPrivAddT specifies the address type of tIPsecRUTnlDhcpLeaseStatPrivAddr." ::= { tIPsecRUTnlDhcpLeaseStatEntry 1 } tIPsecRUTnlDhcpLeaseStatPrivAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecRUTnlDhcpLeaseStatPrivAddr specifies the private IP address of the dynamic IPsec remote user tunnel. It can be either tIPsecRUTnlPrivateIpAddr or tIPsecRUTnlPrivateIpAddr2." ::= { tIPsecRUTnlDhcpLeaseStatEntry 2 } tIPsecRUTnlDhcpLeaseStatSverAddT OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlDhcpLeaseStatSverAddT indicates the address type of tIPsecRUTnlDhcpLeaseStatSverAddr. The value of tIPsecRUTnlDhcpLeaseStatSverAddT is always equal to tIPsecRUTnlDhcpLeaseStatPrivAddT." ::= { tIPsecRUTnlDhcpLeaseStatEntry 3 } tIPsecRUTnlDhcpLeaseStatSverAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlDhcpLeaseStatSverAddr indicates the DHCP server address." ::= { tIPsecRUTnlDhcpLeaseStatEntry 4 } tIPsecRUTnlDhcpLeaseStatAcquirTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlDhcpLeaseStatAcquirTm indicates the UTC date when the latest DHCP lease was acquired from the server. The address of the server is indicated by tIPsecRUTnlDhcpLeaseStatSverAddr. The value of tIPsecRUTnlDhcpLeaseStatAcquirTm can be the time when the private IP address (i.e., tIPsecRUTnlDhcpLeaseStatPrivAddr) of the dynamic IPsec user remote tunnel first obtained the DHCP lease, or the time when the lease was renewed or rebound." ::= { tIPsecRUTnlDhcpLeaseStatEntry 5 } tIPsecRUTnlDhcpLeaseStatRenewTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlDhcpLeaseStatRenewTm indicates the UTC date when the current DHCP lease needs to be renewed." ::= { tIPsecRUTnlDhcpLeaseStatEntry 6 } tIPsecRUTnlDhcpLeaseStatRebindTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlDhcpLeaseStatRebindTm indicates the UTC date when the current DHCP lease needs to be rebound." ::= { tIPsecRUTnlDhcpLeaseStatEntry 7 } tIPsecRUTnlDhcpLeaseStatPrivPref OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlDhcpLeaseStatPrivPref indicates the UTC date when the preferred lifetime of the private IP address (i.e., tIPsecRUTnlDhcpLeaseStatPrivAddr) for the dynamic IPsec user remote tunnel will expire. In the preferred state, tIPsecRUTnlDhcpLeaseStatPrivAddr can be used without any restriction. Once the lifetime expires, tIPsecRUTnlDhcpLeaseStatPrivAddr is still valid, but needs to be renewed or rebound. The value of tIPsecRUTnlDhcpLeaseStatPrivPref is meaningless when tIPsecRUTnlDhcpLeaseStatSverAddT is 'ipv4 (1)'." REFERENCE "RFC 4862. 'IPv6 Stateless Address Autoconfiguration', IETF, September 2007." ::= { tIPsecRUTnlDhcpLeaseStatEntry 8 } tIPsecRUTnlDhcpLeaseStatPrivVald OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecRUTnlDhcpLeaseStatPrivVald indicates the UTC date when the valid lifetime of the private IP address (i.e., tIPsecRUTnlDhcpLeaseStatPrivAddr) for the dynamic IPsec user remote tunnel will expire. Once the valid lifetime expires, tIPsecRUTnlDhcpLeaseStatPrivAddr must be renewed or rebound." REFERENCE "RFC 4862. 'IPv6 Stateless Address Autoconfiguration', IETF, September 2007." ::= { tIPsecRUTnlDhcpLeaseStatEntry 9 } tIPsecClientDatabaseTableLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecClientDatabaseTableLstChgd indicates the time, since system startup, when tIPsecClientDatabaseTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxIPsecObjects 64 } tIPsecClientDatabaseTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecClientDatabaseEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecClientDatabaseTable contains objects used to configure instances of IPsec client database entries. Each entry in this table specifies how the system matches the associated IPsec clients of this database. The IPsec clients are configured by tIPsecClientDBClientTable." ::= { tmnxIPsecObjects 65 } tIPsecClientDatabaseEntry OBJECT-TYPE SYNTAX TIPsecClientDatabaseEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecClientDatabaseEntry contains the configuration of one instance of the IPsec client database entry. Entries in this table are created and destroyed via SNMP SET operations to tIPsecClientDatabaseRowStatus. The maximum number of entries in this table is 1000." INDEX { tIPsecClientDatabaseName } ::= { tIPsecClientDatabaseTable 1 } TIPsecClientDatabaseEntry ::= SEQUENCE { tIPsecClientDatabaseName TNamedItem, tIPsecClientDatabaseLastChanged TimeStamp, tIPsecClientDatabaseRowStatus RowStatus, tIPsecClientDatabaseAdminState TmnxAdminState, tIPsecClientDatabaseDescription TItemDescription, tIPsecClientDatabaseMatchType BITS } tIPsecClientDatabaseName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecClientDatabaseName specifies the name of this IPsec client database entry." ::= { tIPsecClientDatabaseEntry 1 } tIPsecClientDatabaseLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecClientDatabaseLastChanged indicates time, since system startup, that the configuration of this entry was created or modified." ::= { tIPsecClientDatabaseEntry 2 } tIPsecClientDatabaseRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDatabaseRowStatus specifies the status of this entry. It is used to create and delete row entries in tIPsecClientDatabaseTable. In order to delete an entry, tIPsecClientDatabaseAdminState must first be set to 'outOfService (3)'." ::= { tIPsecClientDatabaseEntry 3 } tIPsecClientDatabaseAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDatabaseAdminState specifies the administrative state of this IPsec client database entry. tIPsecClientDatabaseAdminState can only be configured to 'inService (2)' if tIPsecClientDatabaseMatchType has non-default value. When the value of tIPsecClientDatabaseAdminState is 'outOfService (3)', the IPsec client matching is disabled." DEFVAL { outOfService } ::= { tIPsecClientDatabaseEntry 4 } tIPsecClientDatabaseDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDatabaseDescription specifies the description for this IPsec client database entry." DEFVAL { "" } ::= { tIPsecClientDatabaseEntry 5 } tIPsecClientDatabaseMatchType OBJECT-TYPE SYNTAX BITS { idi (0), peerIpPrefix (1) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDatabaseMatchType specifies what types of values are used by the client ID for this IPsec client database entry. The system uses the client ID as the criteria to match an IPsec client. idi (0) - Identification Initiator (IDi) in IKEv2 peerIpPrefix (1) - Peer IP prefix address" DEFVAL { {} } ::= { tIPsecClientDatabaseEntry 6 } tIPsecClientDBClientTableLstChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecClientDBClientTableLstChgd indicates the time, since system startup, when tIPsecClientDBClientTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxIPsecObjects 66 } tIPsecClientDBClientTable OBJECT-TYPE SYNTAX SEQUENCE OF TIPsecClientDBClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecClientDBClientTable contains objects used to configure instances of IPsec clients associated with an IPsec client database. The IPsec client database is configured by tIPsecClientDatabaseTable." ::= { tmnxIPsecObjects 67 } tIPsecClientDBClientEntry OBJECT-TYPE SYNTAX TIPsecClientDBClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tIPsecClientDBClientEntry contains the configuration of one instance of the IPsec client associated with the IPsec client database. Entries in this table are created and destroyed via SNMP SET operations to tIPsecClientDBClientRowStatus. The maximum number of entries in this table is 8000." INDEX { tIPsecClientDatabaseName, tIPsecClientDBClientIndex } ::= { tIPsecClientDBClientTable 1 } TIPsecClientDBClientEntry ::= SEQUENCE { tIPsecClientDBClientIndex Unsigned32, tIPsecClientDBClientLastChanged TimeStamp, tIPsecClientDBClientRowStatus RowStatus, tIPsecClientDBClientAdminState TmnxAdminState, tIPsecClientDBClientName TNamedItemOrEmpty, tIPsecClientDBClientIdIdiType INTEGER, tIPsecClientDBClientIdIdiValue DisplayString, tIPsecClientDBClientIdPeer4PfAny TruthValue, tIPsecClientDBClientIdPeer6PfAny TruthValue, tIPsecClientDBClientIdPeerPfxTyp InetAddressType, tIPsecClientDBClientIdPeerPfx InetAddress, tIPsecClientDBClientIdPeerPfxLen InetAddressPrefixLength, tIPsecClientDBClientTnlTempltId TmnxIPsecTunnelTemplateIdOrZero, tIPsecClientDBClientPrivateSvcId TmnxServId, tIPsecClientDBClientPrivIfName TNamedItemOrEmpty, tIPsecClientDBClientTsListName TNamedItemOrEmpty, tIPsecClientDBClientPreSharedKey OCTET STRING, tIPsecClientDBClientPrivateSvcNm TLNamedItemOrEmpty } tIPsecClientDBClientIndex OBJECT-TYPE SYNTAX Unsigned32 (1..8000) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tIPsecClientDBClientIndex specifies the index for this IPsec client entry." ::= { tIPsecClientDBClientEntry 1 } tIPsecClientDBClientLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tIPsecClientDBClientLastChanged indicates time, since system startup, that the configuration of this entry was created or modified." ::= { tIPsecClientDBClientEntry 2 } tIPsecClientDBClientRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientRowStatus specifies the status of this entry. It is used to create and delete row entries in tIPsecClientDBClientTable. In order to delete an entry, tIPsecClientDBClientAdminState must first be set to 'outOfService (3)'." ::= { tIPsecClientDBClientEntry 3 } tIPsecClientDBClientAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientAdminState specifies the administrative state of this IPsec client entry." DEFVAL { outOfService } ::= { tIPsecClientDBClientEntry 4 } tIPsecClientDBClientName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The tIPsecClientDBClientName specifies the name of this IPsec client entry." DEFVAL { "" } ::= { tIPsecClientDBClientEntry 5 } tIPsecClientDBClientIdIdiType OBJECT-TYPE SYNTAX INTEGER { none (1), any (2), ipv4Pfx (3), ipv4PfxAny (4), ipv6Pfx (5), ipv6PfxAny (6), fqdn (7), fqdnSuffix (8), rfc822 (9), rfc822Suffix (10) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientIdIdiType specifies the type of IDi value (i.e., tIPsecClientDBClientIdIdiValue) for this IPsec client entry. none - (1) The IDi value is not used by the client ID any - (2) Any IDi value will be accepted by the system ipv4Pfx - (3) IDi value is a specific valid IPv4 prefix ipv4PfxAny - (4) IDi value is any valid IPv4 prefix ipv6Pfx - (5) IDi value is a specific valid IPv6 prefix ipv6PfxAny - (6) IDi value is any valid IPv6 prefix fqdn - (7) IDi value is an Fully Qualified Domain Name (FQDN) fqdnSuffix - (8) IDi value is an FQDN suffix rfc822 - (9) IDi value is an Email address rfc822Domain - (10) IDi value is an Email domain This value must be set in the same SNMP SET PDU as tIPsecClientDBClientIdIdiValue." DEFVAL { none } ::= { tIPsecClientDBClientEntry 6 } tIPsecClientDBClientIdIdiValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientIdIdiValue specifies the IDi value within the client ID for this IPsec client entry. A client ID may consist of more than one values (e.g., IDi (i.e., tIPsecClientDBClientIdIdiValue), peer IP prefix (i.e., tIPsecClientDBClientIdPeerPfx)). Which type of values a client ID contains is configured by tIPsecClientDatabaseMatchType in the associated entry of tIPsecClientDatabaseTable. This value must be set in the same SNMP SET PDU as tIPsecClientDBClientIdIdiType. When the value of tIPsecClientDBClientIdIdiType is 'none (1)', 'any (2)', 'ipv4PfxAny (4)' or 'ipv6PfxAny (6)', the value of tIPsecClientDBClientIdIdiValue is ignored." DEFVAL { ''H } ::= { tIPsecClientDBClientEntry 7 } tIPsecClientDBClientIdPeer4PfAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientIdPeer4PfAny specifies whether or not the peer IP prefix can be any valid IPv4 prefix. When the value of tIPsecClientDBClientIdPeer4PfAny is 'true (1)', the value of tIPsecClientDBClientIdPeer6PfAny, tIPsecClientDBClientIdPeerPfxTyp, tIPsecClientDBClientIdPeerPfx and tIPsecClientDBClientIdPeerPfxLen will be ignored. tIPsecClientDBClientIdPeer4PfAny and tIPsecClientDBClientIdPeer6PfAny cannot be 'true (1)' at the same time." DEFVAL { false } ::= { tIPsecClientDBClientEntry 8 } tIPsecClientDBClientIdPeer6PfAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientIdPeer6PfAny specifies whether or not the peer IP prefix can be any valid IPv6 prefix. When the value of tIPsecClientDBClientIdPeer6PfAny is 'true (1)', the value of tIPsecClientDBClientIdPeer4PfAny, tIPsecClientDBClientIdPeerPfxTyp, tIPsecClientDBClientIdPeerPfx and tIPsecClientDBClientIdPeerPfxLen will be ignored. tIPsecClientDBClientIdPeer6PfAny and tIPsecClientDBClientIdPeer4PfAny cannot be 'true (1)' at the same time." DEFVAL { false } ::= { tIPsecClientDBClientEntry 9 } tIPsecClientDBClientIdPeerPfxTyp OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientIdPeerPfxTyp specifies the prefix type of tIPsecClientDBClientIdPeerPfx. This value must be set in the same SNMP SET PDU as tIPsecClientDBClientIdPeerPfx and tIPsecClientDBClientIdPeerPfxLen." DEFVAL { unknown } ::= { tIPsecClientDBClientEntry 10 } tIPsecClientDBClientIdPeerPfx OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientIdPeerPfx specifies the peer IP prefix within the client ID of this IPsec client entry. A client ID may consist of more than values (e.g., IDi (i.e., tIPsecClientDBClientIdIdiValue), peer IP prefix (i.e., tIPsecClientDBClientIdPeerPfx)). Which type of values a client ID contains is configured by tIPsecClientDatabaseMatchType in the associated entry of tIPsecClientDatabaseTable. This value must be set in the same SNMP SET PDU as tIPsecClientDBClientIdPeerPfxTyp and tIPsecClientDBClientIdPeerPfxLen. Once tIPsecClientDBClientIdPeerPfx is configured to any valid IP prefix, tIPsecClientDBClientIdPeer4PfAny and tIPsecClientDBClientIdPeer6PfAny must be configured to 'false (2)' in the same SNMP SET PDU." DEFVAL { ''H } ::= { tIPsecClientDBClientEntry 11 } tIPsecClientDBClientIdPeerPfxLen OBJECT-TYPE SYNTAX InetAddressPrefixLength (0..128) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientIdPeerPfxLen specifies the prefix length of tIPsecClientDBClientIdPeerPfx. This value must be set in the same SNMP SET PDU as tIPsecClientDBClientIdPeerPfxTyp and tIPsecClientDBClientIdPeerPfx." DEFVAL { 0 } ::= { tIPsecClientDBClientEntry 12 } tIPsecClientDBClientTnlTempltId OBJECT-TYPE SYNTAX TmnxIPsecTunnelTemplateIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientTnlTempltId specifies the identifier of the tunnel template." DEFVAL { 0 } ::= { tIPsecClientDBClientEntry 13 } tIPsecClientDBClientPrivateSvcId OBJECT-TYPE SYNTAX TmnxServId (0 | 1..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientPrivateSvcId specifies the private service ID of this IPsec client entry. The IPsec tunnel cannot be established until the public service ID exists and has a 'vprn (4)' TIMETRA-SERV-MIB::svcType. The values of tIPsecClientDBClientPrivateSvcId and tIPsecClientDBClientPrivateSvcNm must be mutually exclusive and cannot simultaneously have non-default values." DEFVAL { 0 } ::= { tIPsecClientDBClientEntry 14 } tIPsecClientDBClientPrivIfName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientPrivIfName specifies the private interface name of this IPsec client entry." DEFVAL { "" } ::= { tIPsecClientDBClientEntry 15 } tIPsecClientDBClientTsListName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientTsListName specifies the traffic selector list name of this IPsec client entry." DEFVAL { "" } ::= { tIPsecClientDBClientEntry 16 } tIPsecClientDBClientPreSharedKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientPreSharedKey specifies the shared key of this IPsec client entry." DEFVAL { ''H } ::= { tIPsecClientDBClientEntry 17 } tIPsecClientDBClientPrivateSvcNm OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tIPsecClientDBClientPrivateSvcNm specifies the private service name of this IPsec client entry. The values of tIPsecClientDBClientPrivateSvcId and tIPsecClientDBClientPrivateSvcNm must be mutually exclusive and cannot simultaneously have non-default values. The IPsec tunnel cannot be established until the public service name exists and has a 'vprn (4)' TIMETRA-SERV-MIB::svcType." DEFVAL { ''H } ::= { tIPsecClientDBClientEntry 18 } tmnxIPsecIkeTransformTableLstChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecIkeTransformTableLstChg indicates the time, since system startup, when tmnxIPsecIkeTransformTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxIPsecObjects 68 } tmnxIPsecIkeTransformTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecIkeTransformEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecIkeTransformTable contains objects used to configure instances of the IKE transform entries. Entries in this table are created and destroyed via SNMP SET operations to tmnxIPsecIkeTransformRowStatus." ::= { tmnxIPsecObjects 69 } tmnxIPsecIkeTransformEntry OBJECT-TYPE SYNTAX TmnxIPsecIkeTransformEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecIkeTransformEntry contains the configuration of one IKE transform entry." INDEX { tmnxIPsecIkeTransformId } ::= { tmnxIPsecIkeTransformTable 1 } TmnxIPsecIkeTransformEntry ::= SEQUENCE { tmnxIPsecIkeTransformId TmnxIPsecIkeTransformId, tmnxIPsecIkeTransformRowStatus RowStatus, tmnxIPsecIkeTransformLastChange TimeStamp, tmnxIPsecIkeTransformAuthAlg INTEGER, tmnxIPsecIkeTransformEncrAlg INTEGER, tmnxIPsecIkeTransformDhGroup TmnxIkePolicyDHGroup, tmnxIPsecIkeTransformIsakmpLifeT Unsigned32, tmnxIPsecIkeTransformPrfAlg INTEGER } tmnxIPsecIkeTransformId OBJECT-TYPE SYNTAX TmnxIPsecIkeTransformId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecIkeTransformId specifies a unique identifier for one IKE transform entry." ::= { tmnxIPsecIkeTransformEntry 1 } tmnxIPsecIkeTransformRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecIkeTransformRowStatus specifies the status of this row. It is used to create and destroy rows in tmnxIPsecIkeTransformTable." ::= { tmnxIPsecIkeTransformEntry 2 } tmnxIPsecIkeTransformLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecIkeTransformLastChange indicates the time, since system startup, that the configuration of this row was created or modified." ::= { tmnxIPsecIkeTransformEntry 3 } tmnxIPsecIkeTransformAuthAlg OBJECT-TYPE SYNTAX INTEGER { md5 (2), sha1 (3), sha256 (4), sha384 (5), sha512 (6), aesXcbc (7), authEncryption (8) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecIkeTransformAuthAlg specifies the hash algorithm used in phase 1 of the Security Association (SA)." DEFVAL { sha1 } ::= { tmnxIPsecIkeTransformEntry 4 } tmnxIPsecIkeTransformEncrAlg OBJECT-TYPE SYNTAX INTEGER { des (2), des3 (3), aes128 (4), aes192 (5), aes256 (6), aes128Gcm8 (7), aes128Gcm16 (9), aes256Gcm8 (13), aes256Gcm16 (15) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecIkeTransformEncrAlg specifies the encryption algorithm used in phase 1 of the Security Association (SA)." DEFVAL { aes128 } ::= { tmnxIPsecIkeTransformEntry 5 } tmnxIPsecIkeTransformDhGroup OBJECT-TYPE SYNTAX TmnxIkePolicyDHGroup MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecIkeTransformDhGroup specifies the Diffie-Hellman (DH) group to be used for calculating session keys which will be used in the IKE proposal." DEFVAL { group2 } ::= { tmnxIPsecIkeTransformEntry 6 } tmnxIPsecIkeTransformIsakmpLifeT OBJECT-TYPE SYNTAX Unsigned32 (1200..31536000) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecIkeTransformIsakmpLifeT specifies the lifetime of the phase 1 IKE key. ISAKMP stands for Internet Security Association and Key Management Protocol." DEFVAL { 86400 } ::= { tmnxIPsecIkeTransformEntry 7 } tmnxIPsecIkeTransformPrfAlg OBJECT-TYPE SYNTAX INTEGER { md5 (2), sha1 (3), sha256 (4), sha384 (5), sha512 (6), aesXcbc (7), sameAsAuth (8) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecIkeTransformPrfAlg specifies the pseudo-random function (PRF) used in phase 1 of the SA. The value of this object can not be 'sameAsAuth (7)' if the encryption algorithm (i.e. tmnxIPsecIkeTransformEncrAlg) is AES-GCM." DEFVAL { sameAsAuth } ::= { tmnxIPsecIkeTransformEntry 8 } tmnxIkePlcyIkeTransformTbLstChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIkePlcyIkeTransformTbLstChg indicates the time, since system startup, when tmnxIkePlcyIkeTransformTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxIPsecObjects 70 } tmnxIkePlcyIkeTransformTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIkePlcyIkeTransformEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIkePlcyIkeTransformTable contains objects used to configure instances of IKE transform information for each IKE policy entry." ::= { tmnxIPsecObjects 71 } tmnxIkePlcyIkeTransformEntry OBJECT-TYPE SYNTAX TmnxIkePlcyIkeTransformEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIkePlcyIkeTransformEntry contains the configuration of IKE transforms used by an IKE policy entry. Entries in this table are created or destroyed by the system when a row is created or destroyed in tmnxIkePolicyTable. The maximum number of associate rows in this table for each IKE Policy is four. When a row, whose index is 1, is created or destroyed in tmnxIkePolicyTable, up to four entries will be created or destroyed in the tmnxIkePlcyIkeTransformTable whose indexes are 1.1, 1.2, 1.3 and 1.4, respectively. This allows up to four IKE transforms to be used by an IPsec gateway or tunnel in the Phase 1 Security Association (SA)." INDEX { tmnxIkePolicyId, tmnxIkePlcyIkeTransformIndex } ::= { tmnxIkePlcyIkeTransformTable 1 } TmnxIkePlcyIkeTransformEntry ::= SEQUENCE { tmnxIkePlcyIkeTransformIndex Unsigned32, tmnxIkePlcyIkeTransformLstChange TimeStamp, tmnxIkePlcyIkeTransformId TmnxIPsecIkeTransformIdOrZero } tmnxIkePlcyIkeTransformIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIkePlcyIkeTransformIndex specifies the index of the IKE transform for each IKE policy configured in the system. IKE policy information is configured in tmnxIkePolicyTable." ::= { tmnxIkePlcyIkeTransformEntry 1 } tmnxIkePlcyIkeTransformLstChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIkePlcyIkeTransformLstChange indicates the time, since system startup, that the configuration of this row was created or modified." ::= { tmnxIkePlcyIkeTransformEntry 2 } tmnxIkePlcyIkeTransformId OBJECT-TYPE SYNTAX TmnxIPsecIkeTransformIdOrZero MAX-ACCESS read-write STATUS current DESCRIPTION "The value of tmnxIkePlcyIkeTransformId specifies the unique ID of the IKE transform that the specified IKE policy will use. For a certain tmnxIkePolicyId, the values of four associated tmnxIkePlcyIkeTransformId must be different. IKE transform information is configured in tmnxIPsecIkeTransformTable." DEFVAL { 0 } ::= { tmnxIkePlcyIkeTransformEntry 3 } tmnxIPsecGWHistStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecGWHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecGWHistStatsTable contains the historical statistics of IPsec gateways." ::= { tmnxIPsecObjects 72 } tmnxIPsecGWHistStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecGWHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecGWHistStatsEntry contains the historical statistics for a specific IPsec gateway." INDEX { svcId, sapPortId, sapEncapValue, tmnxIPsecGWHistStatsType, tmnxIPsecGWHistStatsIntvIdx } ::= { tmnxIPsecGWHistStatsTable 1 } TmnxIPsecGWHistStatsEntry ::= SEQUENCE { tmnxIPsecGWHistStatsType TmnxIPsecHistStatsType, tmnxIPsecGWHistStatsIntvIdx Unsigned32, tmnxIPsecGWHistStatsValue64 CounterBasedGauge64, tmnxIPsecGWHistStatsValue32 Integer32, tmnxIPsecGWHistStatsIntvStTm DateAndTime, tmnxIPsecGWHistStatsIntvDur Unsigned32, tmnxIPsecGWHistStatsFstFTm DateAndTime, tmnxIPsecGWHistStatsFstFDesc TItemLongDescription, tmnxIPsecGWHistStatsLstFTm DateAndTime, tmnxIPsecGWHistStatsLstFDesc TItemLongDescription } tmnxIPsecGWHistStatsType OBJECT-TYPE SYNTAX TmnxIPsecHistStatsType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecGWHistStatsType specifies the statistical type for this IPsec gateway." ::= { tmnxIPsecGWHistStatsEntry 1 } tmnxIPsecGWHistStatsIntvIdx OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecGWHistStatsIntvIdx specifies the index of the sampling interval period for this statistic. When the value of tmnxIPsecGWHistStatsIntvIdx is '1', it indicates that this is the current sampling interval and the value of tmnxIPsecGWHistStatsValue64 indicates the current statistical value. When the value of tmnxIPsecGWHistStatsIntvIdx is larger than '1', it indicates that this is a previous sampling interval period and the value of tmnxIPsecGWHistStatsValue64 indicates a previous statistical value. Specifically, when the value of tmnxIPsecGWHistStatsIntvIdx is '2', it indicates that this is the most recent finished sampling interval and the value of tmnxIPsecGWHistStatsValue64 indicates the most recent statistical value." ::= { tmnxIPsecGWHistStatsEntry 2 } tmnxIPsecGWHistStatsValue64 OBJECT-TYPE SYNTAX CounterBasedGauge64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWHistStatsValue64 indicates the statistical value during the corresponding sampling interval period. The unit of tmnxIPsecGWHistStatsValue64 is indicated by tmnxIPsecGWHistStatsType." ::= { tmnxIPsecGWHistStatsEntry 3 } tmnxIPsecGWHistStatsValue32 OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWHistStatsValue32 indicates a signed 32-bit integer representation of the value of tmnxIPsecGWHistStatsValue64. This object is used by Remote Network Monitoring (RMON) to monitor this statistical value. For most tmnxIPsecGWHistStatsType values, the value and unit of tmnxIPsecGWHistStatsValue32 are the same as the value and unit of tmnxIPsecGWHistStatsValue64. The exception are the following two cases. 1) Different values: The value of tmnxIPsecGWHistStatsValue32 is meaningless if this statistic (i.e. accumulative statistic) is not monitored by RMON. The values of accumulative statistical types are indicated by tmnxIPsecGWHistStatsType. 2) Different values and units: When the value of tmnxIPsecGWHistStatsType is equal to any of the following values, the unit of tmnxIPsecGWHistStatsValue32 is the number of mebibits (1 mebibit == 1024 * 1024 bits), instead of the number of bits which is used by tmnxIPsecGWHistStatsValue64. 'numOfIPsecEncrBits (103)' 'numOfIPsecDecrBits (104)' 'numOfIPsecEnDecrBits (105)' 'numOfGreTnlEncapBits (113)' 'numOfGreTnlDecapBits (114)' 'numOfGreTnlEnDecapBits (115)' 'numOfIpTnlEncapBits (123)' 'numOfIpTnlDecapBits (124)' 'numOfIpTnlEnDecapBits (125)' 'numOfL2tpv3TnlEncapBits (133)' 'numOfL2tpv3TnlDecapBits (134)' 'numOfL2tpv3TnlEnDecapBits (135)' When the value of tmnxIPsecGWHistStatsType is equal to any of the following values, the unit of tmnxIPsecGWHistStatsValue32 is the number of mebi-packets (1 mebi-packet == 1024 * 1024 packets), instead of the number of packets which is used by tmnxIPsecGWHistStatsValue64. 'numOfIPsecEncrPkts (100)' 'numOfIPsecDecrPkts (101)' 'numOfIPsecEnDecrPkts (102)' 'numOfGreTnlEncapPkts (110)' 'numOfGreTnlDecapPkts (111)' 'numOfGreTnlEnDecapPkts (112)' 'numOfIpTnlEncapPkts (120)' 'numOfIpTnlDecapPkts (121)' 'numOfIpTnlEnDecapPkts (122)' 'numOfL2tpv3TnlEncapPkts (130)' 'numOfL2tpv3TnlDecapPkts (131)' 'numOfL2tpv3TnlEnDecapPkts (132)'" ::= { tmnxIPsecGWHistStatsEntry 4 } tmnxIPsecGWHistStatsIntvStTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWHistStatsIntvStTm indicates the UTC date when the corresponding sampling interval started." ::= { tmnxIPsecGWHistStatsEntry 5 } tmnxIPsecGWHistStatsIntvDur OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWHistStatsIntvDur indicates the duration in seconds of the corresponding sampling interval." ::= { tmnxIPsecGWHistStatsEntry 6 } tmnxIPsecGWHistStatsFstFTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWHistStatsFstFTm indicates the UTC date when the first IKE exchange failure happened in the corresponding sampling interval. This value is only significant when tmnxIPsecGWHistStatsType is equal to any of the following values. 'numOfIkeAuthFails (300) 'numOfIkeNoPrpslFails (301) 'numOfIkeAddrAsgFails (302) 'numOfIkeInvldTsFails (303) 'numOfIkeInvldKeFails (304) 'numOfIkeDpdTimeoutFails (305) 'numOfIkeOtherReasonFails (306)" ::= { tmnxIPsecGWHistStatsEntry 7 } tmnxIPsecGWHistStatsFstFDesc OBJECT-TYPE SYNTAX TItemLongDescription (SIZE (0..160)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWHistStatsFstFDesc indicates the description of the place where the first IKE exchange failure happened. This value is only significant when tmnxIPsecGWHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecGWHistStatsFstFTm description)." ::= { tmnxIPsecGWHistStatsEntry 8 } tmnxIPsecGWHistStatsLstFTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWHistStatsLstFTm indicates the UTC date when the last IKE exchange failure happened in the corresponding sampling interval. This value is only significant when tmnxIPsecGWHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecGWHistStatsFstFTm description)." ::= { tmnxIPsecGWHistStatsEntry 9 } tmnxIPsecGWHistStatsLstFDesc OBJECT-TYPE SYNTAX TItemLongDescription (SIZE (0..160)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWHistStatsLstFDesc indicates the description of the place where the last IKE exchange failure happened. This value is only significant when tmnxIPsecGWHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecGWHistStatsLstFTm description)." ::= { tmnxIPsecGWHistStatsEntry 10 } tmnxIPsecIsaHistStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecIsaHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecIsaHistStatsTable contains the historical statistics of Integrated Services Adaptors (ISAs)." ::= { tmnxIPsecObjects 73 } tmnxIPsecIsaHistStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecIsaHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecIsaHistStatsEntry contains the historical statistics for a specific ISA." INDEX { tmnxChassisIndex, tmnxCardSlotNum, tmnxMDASlotNum, tmnxIPsecIsaHistStatsType, tmnxIPsecIsaHistStatsIntvIdx } ::= { tmnxIPsecIsaHistStatsTable 1 } TmnxIPsecIsaHistStatsEntry ::= SEQUENCE { tmnxIPsecIsaHistStatsType TmnxIPsecHistStatsType, tmnxIPsecIsaHistStatsIntvIdx Unsigned32, tmnxIPsecIsaHistStatsValue64 CounterBasedGauge64, tmnxIPsecIsaHistStatsValue32 Integer32, tmnxIPsecIsaHistStatsIntvStTm DateAndTime, tmnxIPsecIsaHistStatsIntvDur Unsigned32, tmnxIPsecIsaHistStatsFstFTm DateAndTime, tmnxIPsecIsaHistStatsFstFDesc TItemLongDescription, tmnxIPsecIsaHistStatsLstFTm DateAndTime, tmnxIPsecIsaHistStatsLstFDesc TItemLongDescription } tmnxIPsecIsaHistStatsType OBJECT-TYPE SYNTAX TmnxIPsecHistStatsType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecIsaHistStatsType specifies the statistical type for this ISA." ::= { tmnxIPsecIsaHistStatsEntry 1 } tmnxIPsecIsaHistStatsIntvIdx OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecIsaHistStatsIntvIdx specifies the index of the sampling interval period for this statistic. When the value of tmnxIPsecIsaHistStatsIntvIdx is '1', it indicates that this is the current sampling interval period and the value of tmnxIPsecIsaHistStatsValue64 indicates the current statistical value. When the value of tmnxIPsecIsaHistStatsIntvIdx is larger than '1', it indicates that this is a previous sampling interval and the value of tmnxIPsecIsaHistStatsValue64 indicates a previous statistical value. Specifically, when the value of tmnxIPsecIsaHistStatsIntvIdx is '2', it indicates that this is the most recent finished sampling interval and the value of tmnxIPsecIsaHistStatsValue64 indicates the most recent statistical value." ::= { tmnxIPsecIsaHistStatsEntry 2 } tmnxIPsecIsaHistStatsValue64 OBJECT-TYPE SYNTAX CounterBasedGauge64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecIsaHistStatsValue64 indicates the statistical value during the corresponding sampling interval period. The unit of tmnxIPsecIsaHistStatsValue64 is indicated by tmnxIPsecIsaHistStatsType." ::= { tmnxIPsecIsaHistStatsEntry 3 } tmnxIPsecIsaHistStatsValue32 OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecIsaHistStatsValue32 indicates a signed 32-bit integer representation of the value of tmnxIPsecIsaHistStatsValue64. This object is used by Remote Network Monitoring (RMON) to monitor this statistical value. For most tmnxIPsecIsaHistStatsType values, the value and unit of tmnxIPsecIsaHistStatsValue32 are the same as the value and unit of tmnxIPsecIsaHistStatsValue64. The exception are the following two cases. 1) Different values: The value of tmnxIPsecIsaHistStatsValue32 is meaningless if this statistic (i.e. accumulative statistic) is not monitored by RMON. The values of accumulative statistical types are indicated by tmnxIPsecIsaHistStatsType. 2) Different values and units: When the value of tmnxIPsecIsaHistStatsType is equal to any of the following values, the unit of tmnxIPsecIsaHistStatsValue32 is the number of mebibits (1 mebibit == 1024 * 1024 bits), instead of the number of bits which is used by tmnxIPsecIsaHistStatsValue64. 'numOfIPsecEncrBits (103)' 'numOfIPsecDecrBits (104)' 'numOfIPsecEnDecrBits (105)' 'numOfGreTnlEncapBits (113)' 'numOfGreTnlDecapBits (114)' 'numOfGreTnlEnDecapBits (115)' 'numOfIpTnlEncapBits (123)' 'numOfIpTnlDecapBits (124)' 'numOfIpTnlEnDecapBits (125)' 'numOfL2tpv3TnlEncapBits (133)' 'numOfL2tpv3TnlDecapBits (134)' 'numOfL2tpv3TnlEnDecapBits (135)' When the value of tmnxIPsecIsaHistStatsType is equal to any of the following values, the unit of tmnxIPsecIsaHistStatsValue32 is the number of mebi-packets (1 mebi-packet == 1024 * 1024 packets), instead of the number of packets which is used by tmnxIPsecIsaHistStatsValue64. 'numOfIPsecEncrPkts (100)' 'numOfIPsecDecrPkts (101)' 'numOfIPsecEnDecrPkts (102)' 'numOfGreTnlEncapPkts (110)' 'numOfGreTnlDecapPkts (111)' 'numOfGreTnlEnDecapPkts (112)' 'numOfIpTnlEncapPkts (120)' 'numOfIpTnlDecapPkts (121)' 'numOfIpTnlEnDecapPkts (122)' 'numOfL2tpv3TnlEncapPkts (130)' 'numOfL2tpv3TnlDecapPkts (131)' 'numOfL2tpv3TnlEnDecapPkts (132)'" ::= { tmnxIPsecIsaHistStatsEntry 4 } tmnxIPsecIsaHistStatsIntvStTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecIsaHistStatsIntvStTm indicates the UTC date when the corresponding sampling interval started." ::= { tmnxIPsecIsaHistStatsEntry 5 } tmnxIPsecIsaHistStatsIntvDur OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecIsaHistStatsIntvDur indicates the duration in seconds of the corresponding sampling interval." ::= { tmnxIPsecIsaHistStatsEntry 6 } tmnxIPsecIsaHistStatsFstFTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecIsaHistStatsFstFTm indicates the UTC date when the first IKE exchange failure happened in the corresponding sampling interval. This value is only significant when tmnxIPsecIsaHistStatsType is equal to any of the following values. 'numOfIkeAuthFails (300) 'numOfIkeNoPrpslFails (301) 'numOfIkeAddrAsgFails (302) 'numOfIkeInvldTsFails (303) 'numOfIkeInvldKeFails (304) 'numOfIkeDpdTimeoutFails (305) 'numOfIkeOtherReasonFails (306)" ::= { tmnxIPsecIsaHistStatsEntry 7 } tmnxIPsecIsaHistStatsFstFDesc OBJECT-TYPE SYNTAX TItemLongDescription (SIZE (0..160)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecIsaHistStatsFstFDesc indicates the description of the place where the first IKE exchange failure happened. This value is only significant when tmnxIPsecIsaHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecIsaHistStatsFstFTm description)." ::= { tmnxIPsecIsaHistStatsEntry 8 } tmnxIPsecIsaHistStatsLstFTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecIsaHistStatsLstFTm indicates the UTC date when the last IKE exchange failure happened in the corresponding sampling interval. This value is only significant when tmnxIPsecIsaHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecIsaHistStatsFstFTm description)." ::= { tmnxIPsecIsaHistStatsEntry 9 } tmnxIPsecIsaHistStatsLstFDesc OBJECT-TYPE SYNTAX TItemLongDescription (SIZE (0..160)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecIsaHistStatsLstFDesc indicates the description of the place where the last IKE exchange failure happened. This value is only significant when tmnxIPsecIsaHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecIsaHistStatsLstFTm description)." ::= { tmnxIPsecIsaHistStatsEntry 10 } tmnxIPsecSvcLevelCfgTableLastChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSvcLevelCfgTableLastChg indicates the time, since system startup, when tmnxIPsecSvcLevelCfgTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxIPsecObjects 74 } tmnxIPsecSvcLevelCfgTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecSvcLevelCfgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecSvcLevelCfgTable contains the service-specific IPsec configurations. Entries in this table are automatically created or destroyed by the system when entries are created or destroyed in TIMETRA-SERV-MIB::svcBaseInfoTable." ::= { tmnxIPsecObjects 75 } tmnxIPsecSvcLevelCfgEntry OBJECT-TYPE SYNTAX TmnxIPsecSvcLevelCfgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecSvcLevelCfgEntry contains IPsec configurations for a specific service." INDEX { svcId } ::= { tmnxIPsecSvcLevelCfgTable 1 } TmnxIPsecSvcLevelCfgEntry ::= SEQUENCE { tmnxIPsecSvcLevelCfgRsvRtrOvrd TruthValue, tmnxIPsecSvcLevelCfgRROvrdType INTEGER } tmnxIPsecSvcLevelCfgRsvRtrOvrd OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS obsolete DESCRIPTION "The value of tmnxIPsecSvcLevelCfgRsvRtrOvrd specifies that whether or not the system allows the override of the reverse route for the same user reconnecting within this service. This value is only significant when the value of TIMETRA-SERV-MIB::svcType is 'vprn (4)' in the associated entry of TIMETRA-SERV-MIB::svcBaseInfoTable. This object was obsoleted in release 20.2 on Nokia SROS series systems. It has been replaced with tmnxIPsecSvcLevelCfgRROvrdType." DEFVAL { false } ::= { tmnxIPsecSvcLevelCfgEntry 1 } tmnxIPsecSvcLevelCfgRROvrdType OBJECT-TYPE SYNTAX INTEGER { none (0), sameIdi (1), anyIdi (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecSvcLevelCfgRROvrdType specifies the override type that the system allows for the reverse route. Values: none - no override sameIdi - applicable to the same user reconnecting with this service anyIdi - applicable to any user reconnecting within this service This value is only significant when the value of TIMETRA-SERV-MIB::svcType is 'vprn (4)' in the associated entry of TIMETRA-SERV-MIB::svcBaseInfoTable." DEFVAL { none } ::= { tmnxIPsecSvcLevelCfgEntry 2 } tmnxIPsecTnlGrpHistStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecTnlGrpHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecTnlGrpHistStatsTable contains the historical statistics of Integrated Services Adaptor (ISA) tunnel groups." ::= { tmnxIPsecObjects 76 } tmnxIPsecTnlGrpHistStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecTnlGrpHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecTnlGrpHistStatsEntry contains the historical statistics for a specific ISA tunnel group." INDEX { tmnxIPsecIsaGrpId, tmnxIPsecTnlGrpHistStatsType, tmnxIPsecTnlGrpHistStatsIntvIdx } ::= { tmnxIPsecTnlGrpHistStatsTable 1 } TmnxIPsecTnlGrpHistStatsEntry ::= SEQUENCE { tmnxIPsecTnlGrpHistStatsType TmnxIPsecHistStatsType, tmnxIPsecTnlGrpHistStatsIntvIdx Unsigned32, tmnxIPsecTnlGrpHistStatsValue64 CounterBasedGauge64, tmnxIPsecTnlGrpHistStatsValue32 Integer32, tmnxIPsecTnlGrpHistStatsIntvStTm DateAndTime, tmnxIPsecTnlGrpHistStatsIntvDur Unsigned32, tmnxIPsecTnlGrpHistStatsFstFTm DateAndTime, tmnxIPsecTnlGrpHistStatsFstFDesc TItemDescription, tmnxIPsecTnlGrpHistStatsLstFTm DateAndTime, tmnxIPsecTnlGrpHistStatsLstFDesc TItemDescription } tmnxIPsecTnlGrpHistStatsType OBJECT-TYPE SYNTAX TmnxIPsecHistStatsType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecTnlGrpHistStatsType specifies the statistical type for this ISA tunnel group." ::= { tmnxIPsecTnlGrpHistStatsEntry 1 } tmnxIPsecTnlGrpHistStatsIntvIdx OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecTnlGrpHistStatsIntvIdx specifies the index of the sampling interval period for this statistic. When the value of tmnxIPsecTnlGrpHistStatsIntvIdx is '1', it indicates that this is the current sampling interval period and the value of tmnxIPsecTnlGrpHistStatsValue64 indicates the current statistical value. When the value of tmnxIPsecTnlGrpHistStatsIntvIdx is larger than '1', it indicates that this is a previous sampling interval and the value of tmnxIPsecTnlGrpHistStatsValue64 indicates a previous statistical value. Specifically, when the value of tmnxIPsecTnlGrpHistStatsIntvIdx is '2', it indicates that this is the most recent finished sampling interval and the value of tmnxIPsecTnlGrpHistStatsValue64 indicates the most recent statistical value." ::= { tmnxIPsecTnlGrpHistStatsEntry 2 } tmnxIPsecTnlGrpHistStatsValue64 OBJECT-TYPE SYNTAX CounterBasedGauge64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlGrpHistStatsValue64 indicates the statistical value during the corresponding sampling interval period. The unit of tmnxIPsecTnlGrpHistStatsValue64 is indicated by tmnxIPsecTnlGrpHistStatsType." ::= { tmnxIPsecTnlGrpHistStatsEntry 3 } tmnxIPsecTnlGrpHistStatsValue32 OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlGrpHistStatsValue32 indicates a signed 32-bit integer representation of the value of tmnxIPsecTnlGrpHistStatsValue64. This object is used by Remote Network Monitoring (RMON) to monitor this statistical value. For most tmnxIPsecTnlGrpHistStatsType values, the value and unit of tmnxIPsecTnlGrpHistStatsValue32 are the same as the value and unit of tmnxIPsecTnlGrpHistStatsValue64. The exception are the following two cases. 1) When the value of tmnxIPsecTnlGrpHistStatsType is equal to any of the following values, the unit of tmnxIPsecTnlGrpHistStatsValue32 is the number of mebibits (1 mebibit == 1024 * 1024 bits), instead of the number of bits which is used by tmnxIPsecTnlGrpHistStatsValue64. 'numOfIPsecEncrBits (103)' 'numOfIPsecDecrBits (104)' 'numOfIPsecEnDecrBits (105)' 'numOfGreTnlEncapBits (113)' 'numOfGreTnlDecapBits (114)' 'numOfGreTnlEnDecapBits (115)' 'numOfIpTnlEncapBits (123)' 'numOfIpTnlDecapBits (124)' 'numOfIpTnlEnDecapBits (125)' 'numOfL2tpv3TnlEncapBits (133)' 'numOfL2tpv3TnlDecapBits (134)' 'numOfL2tpv3TnlEnDecapBits (135)' 2) When the value of tmnxIPsecTnlGrpHistStatsType is equal to any of the following values, the unit of tmnxIPsecTnlGrpHistStatsValue32 is the number of mebi-packets (1 mebi-packet == 1024 * 1024 packets), instead of the number of packets which is used by tmnxIPsecTnlGrpHistStatsValue64. 'numOfIPsecEncrPkts (100)' 'numOfIPsecDecrPkts (101)' 'numOfIPsecEnDecrPkts (102)' 'numOfGreTnlEncapPkts (110)' 'numOfGreTnlDecapPkts (111)' 'numOfGreTnlEnDecapPkts (112)' 'numOfIpTnlEncapPkts (120)' 'numOfIpTnlDecapPkts (121)' 'numOfIpTnlEnDecapPkts (122)' 'numOfL2tpv3TnlEncapPkts (130)' 'numOfL2tpv3TnlDecapPkts (131)' 'numOfL2tpv3TnlEnDecapPkts (132)'" ::= { tmnxIPsecTnlGrpHistStatsEntry 4 } tmnxIPsecTnlGrpHistStatsIntvStTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlGrpHistStatsIntvStTm indicates the UTC date when the corresponding sampling interval started." ::= { tmnxIPsecTnlGrpHistStatsEntry 5 } tmnxIPsecTnlGrpHistStatsIntvDur OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlGrpHistStatsIntvDur indicates the duration in seconds of the corresponding sampling interval." ::= { tmnxIPsecTnlGrpHistStatsEntry 6 } tmnxIPsecTnlGrpHistStatsFstFTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlGrpHistStatsFstFTm indicates the UTC date when the first IKE exchange failure happened in the corresponding sampling interval. This value is only significant when tmnxIPsecTnlGrpHistStatsType is equal to any of the following values. 'numOfIkeAuthFails (300) 'numOfIkeNoPrpslFails (301) 'numOfIkeAddrAsgFails (302) 'numOfIkeInvldTsFails (303) 'numOfIkeInvldKeFails (304) 'numOfIkeDpdTimeoutFails (305) 'numOfIkeOtherReasonFails (306)" ::= { tmnxIPsecTnlGrpHistStatsEntry 7 } tmnxIPsecTnlGrpHistStatsFstFDesc OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlGrpHistStatsFstFDesc indicates the description of the place where the first IKE exchange failure happened. This value is only significant when tmnxIPsecTnlGrpHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecTnlGrpHistStatsFstFTm description)." ::= { tmnxIPsecTnlGrpHistStatsEntry 8 } tmnxIPsecTnlGrpHistStatsLstFTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlGrpHistStatsLstFTm indicates the UTC date when the last IKE exchange failure happened in the corresponding sampling interval. This value is only significant when tmnxIPsecTnlGrpHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecTnlGrpHistStatsFstFTm description)." ::= { tmnxIPsecTnlGrpHistStatsEntry 9 } tmnxIPsecTnlGrpHistStatsLstFDesc OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlGrpHistStatsLstFDesc indicates the description of the place where the last IKE exchange failure happened. This value is only significant when tmnxIPsecTnlGrpHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecTnlGrpHistStatsLstFTm description)." ::= { tmnxIPsecTnlGrpHistStatsEntry 10 } tmnxIPsecSysHistStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecSysHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecSysHistStatsTable contains the historical statistics of the entire system." ::= { tmnxIPsecObjects 77 } tmnxIPsecSysHistStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecSysHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecSysHistStatsEntry contains the historical statistics for a specific statistical type of the entire system." INDEX { tmnxIPsecSysHistStatsType, tmnxIPsecSysHistStatsIntvIdx } ::= { tmnxIPsecSysHistStatsTable 1 } TmnxIPsecSysHistStatsEntry ::= SEQUENCE { tmnxIPsecSysHistStatsType TmnxIPsecHistStatsType, tmnxIPsecSysHistStatsIntvIdx Unsigned32, tmnxIPsecSysHistStatsValue64 CounterBasedGauge64, tmnxIPsecSysHistStatsValue32 Integer32, tmnxIPsecSysHistStatsIntvStTm DateAndTime, tmnxIPsecSysHistStatsIntvDur Unsigned32, tmnxIPsecSysHistStatsFstFTm DateAndTime, tmnxIPsecSysHistStatsFstFDesc TItemDescription, tmnxIPsecSysHistStatsLstFTm DateAndTime, tmnxIPsecSysHistStatsLstFDesc TItemDescription } tmnxIPsecSysHistStatsType OBJECT-TYPE SYNTAX TmnxIPsecHistStatsType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecSysHistStatsType specifies the type for this statistic." ::= { tmnxIPsecSysHistStatsEntry 1 } tmnxIPsecSysHistStatsIntvIdx OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecSysHistStatsIntvIdx specifies the index of the sampling interval period for this statistic. When the value of tmnxIPsecSysHistStatsIntvIdx is '1', it indicates that this is the current sampling interval period and the value of tmnxIPsecSysHistStatsValue64 indicates the current statistical value. When the value of tmnxIPsecSysHistStatsIntvIdx is larger than '1', it indicates that this is a previous sampling interval and the value of tmnxIPsecSysHistStatsValue64 indicates a previous statistical value. Specifically, when the value of tmnxIPsecSysHistStatsIntvIdx is '2', it indicates that this is the most recent finished sampling interval and the value of tmnxIPsecSysHistStatsValue64 indicates the most recent statistical value." ::= { tmnxIPsecSysHistStatsEntry 2 } tmnxIPsecSysHistStatsValue64 OBJECT-TYPE SYNTAX CounterBasedGauge64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSysHistStatsValue64 indicates the statistical value during the corresponding sampling interval period. The unit of tmnxIPsecSysHistStatsValue64 is indicated by tmnxIPsecSysHistStatsType." ::= { tmnxIPsecSysHistStatsEntry 3 } tmnxIPsecSysHistStatsValue32 OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSysHistStatsValue32 indicates a signed 32-bit integer representation of the value of tmnxIPsecSysHistStatsValue64. This object is used by Remote Network Monitoring (RMON) to monitor this statistical value. For most tmnxIPsecSysHistStatsType values, the value and unit of tmnxIPsecSysHistStatsValue32 are the same as the value and unit of tmnxIPsecSysHistStatsValue64. The exception are the following two cases. 1) When the value of tmnxIPsecSysHistStatsType is equal to any of the following values, the unit of tmnxIPsecSysHistStatsValue32 is the number of mebibits (1 mebibit == 1024 * 1024 bits), instead of the number of bits which is used by tmnxIPsecSysHistStatsValue64. 'numOfIPsecEncrBits (103)' 'numOfIPsecDecrBits (104)' 'numOfIPsecEnDecrBits (105)' 'numOfGreTnlEncapBits (113)' 'numOfGreTnlDecapBits (114)' 'numOfGreTnlEnDecapBits (115)' 'numOfIpTnlEncapBits (123)' 'numOfIpTnlDecapBits (124)' 'numOfIpTnlEnDecapBits (125)' 'numOfL2tpv3TnlEncapBits (133)' 'numOfL2tpv3TnlDecapBits (134)' 'numOfL2tpv3TnlEnDecapBits (135)' 2) When the value of tmnxIPsecSysHistStatsType is equal to any of the following values, the unit of tmnxIPsecSysHistStatsValue32 is the number of mebi-packets (1 mebi-packet == 1024 * 1024 packets), instead of the number of packets which is used by tmnxIPsecSysHistStatsValue64. 'numOfIPsecEncrPkts (100)' 'numOfIPsecDecrPkts (101)' 'numOfIPsecEnDecrPkts (102)' 'numOfGreTnlEncapPkts (110)' 'numOfGreTnlDecapPkts (111)' 'numOfGreTnlEnDecapPkts (112)' 'numOfIpTnlEncapPkts (120)' 'numOfIpTnlDecapPkts (121)' 'numOfIpTnlEnDecapPkts (122)' 'numOfL2tpv3TnlEncapPkts (130)' 'numOfL2tpv3TnlDecapPkts (131)' 'numOfL2tpv3TnlEnDecapPkts (132)'" ::= { tmnxIPsecSysHistStatsEntry 4 } tmnxIPsecSysHistStatsIntvStTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSysHistStatsIntvStTm indicates the UTC date when the corresponding sampling interval started." ::= { tmnxIPsecSysHistStatsEntry 5 } tmnxIPsecSysHistStatsIntvDur OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSysHistStatsIntvDur indicates the duration in seconds of the corresponding sampling interval." ::= { tmnxIPsecSysHistStatsEntry 6 } tmnxIPsecSysHistStatsFstFTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSysHistStatsFstFTm indicates the UTC date when the first IKE exchange failure happened in the corresponding sampling interval. This value is only significant when tmnxIPsecSysHistStatsType is equal to any of the following values. 'numOfIkeAuthFails (300) 'numOfIkeNoPrpslFails (301) 'numOfIkeAddrAsgFails (302) 'numOfIkeInvldTsFails (303) 'numOfIkeInvldKeFails (304) 'numOfIkeDpdTimeoutFails (305) 'numOfIkeOtherReasonFails (306)" ::= { tmnxIPsecSysHistStatsEntry 7 } tmnxIPsecSysHistStatsFstFDesc OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSysHistStatsFstFDesc indicates the description of the place where the first IKE exchange failure happened. This value is only significant when tmnxIPsecSysHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecSysHistStatsFstFTm description)." ::= { tmnxIPsecSysHistStatsEntry 8 } tmnxIPsecSysHistStatsLstFTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSysHistStatsLstFTm indicates the UTC date when the last IKE exchange failure happened in the corresponding sampling interval. This value is only significant when tmnxIPsecSysHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecSysHistStatsFstFTm description)." ::= { tmnxIPsecSysHistStatsEntry 9 } tmnxIPsecSysHistStatsLstFDesc OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecSysHistStatsLstFDesc indicates the description of the place where the last IKE exchange failure happened. This value is only significant when tmnxIPsecSysHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecSysHistStatsLstFTm description)." ::= { tmnxIPsecSysHistStatsEntry 10 } tmnxIPsecTnlHistStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecTnlHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecTnlHistStatsTable contains the historical statistics of IPsec tunnels." ::= { tmnxIPsecObjects 78 } tmnxIPsecTnlHistStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecTnlHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecTnlHistStatsEntry contains the historical statistics for a specific IPsec tunnel." INDEX { svcId, sapPortId, sapEncapValue, tmnxIPsecTunnelName, tmnxIPsecTnlHistStatsType, tmnxIPsecTnlHistStatsIntvIdx } ::= { tmnxIPsecTnlHistStatsTable 1 } TmnxIPsecTnlHistStatsEntry ::= SEQUENCE { tmnxIPsecTnlHistStatsType TmnxIPsecHistStatsType, tmnxIPsecTnlHistStatsIntvIdx Unsigned32, tmnxIPsecTnlHistStatsValue64 CounterBasedGauge64, tmnxIPsecTnlHistStatsIntvStTm DateAndTime, tmnxIPsecTnlHistStatsIntvDur Unsigned32 } tmnxIPsecTnlHistStatsType OBJECT-TYPE SYNTAX TmnxIPsecHistStatsType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecTnlHistStatsType specifies the statistical type for this IPsec tunnel. The values of tmnxIPsecTnlHistStatsType supported by this table are listed below. numOfAccumIPsecEncrPkts (400) numOfAccumIPsecDecrPkts (401) numOfAccumIPsecEnDecrPkts (402) numOfAccumIPsecEncrKBs (403) numOfAccumIPsecDecrKBs (404) numOfAccumIPsecEnDecrKBs (405)" ::= { tmnxIPsecTnlHistStatsEntry 1 } tmnxIPsecTnlHistStatsIntvIdx OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecTnlHistStatsIntvIdx specifies the index of the sampling interval period for this statistic. The value of tmnxIPsecTnlHistStatsIntvIdx is '1', it indicates that this is the current sampling interval and the value of tmnxIPsecTnlHistStatsValue64 indicates the current statistical value. '1' is the only available value for tmnxIPsecTnlHistStatsIntvIdx in this release." ::= { tmnxIPsecTnlHistStatsEntry 2 } tmnxIPsecTnlHistStatsValue64 OBJECT-TYPE SYNTAX CounterBasedGauge64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlHistStatsValue64 indicates the statistical value during the corresponding sampling interval period. The unit of tmnxIPsecTnlHistStatsValue64 is indicated by tmnxIPsecTnlHistStatsType." ::= { tmnxIPsecTnlHistStatsEntry 3 } tmnxIPsecTnlHistStatsIntvStTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlHistStatsIntvStTm indicates the UTC date when the corresponding sampling interval started." ::= { tmnxIPsecTnlHistStatsEntry 4 } tmnxIPsecTnlHistStatsIntvDur OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlHistStatsIntvDur indicates the duration in seconds of the corresponding sampling interval." ::= { tmnxIPsecTnlHistStatsEntry 5 } tmnxIPsecRUTnlHistStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecRUTnlHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecRUTnlHistStatsTable contains the historical statistics of IPsec Remote-User tunnels. The typical usage of this table is to fill in the part of the index that identifies an IPsec Remote-User tunnel (svcId, sapPortId, sapEncapValue, tIPsecRUTnlInetAddrType, tIPsecRUTnlInetAddress and tIPsecRUTnlPort), and perform a partial walk to retrieve the statistics. Due to the huge size of this table, an SNMP walk without any index may take a long time to complete and is not recommended." ::= { tmnxIPsecObjects 79 } tmnxIPsecRUTnlHistStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecRUTnlHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecRUTnlHistStatsEntry contains the historical statistics for a specific IPsec Remote-User tunnel." INDEX { svcId, sapPortId, sapEncapValue, tIPsecRUTnlInetAddrType, tIPsecRUTnlInetAddress, tIPsecRUTnlPort, tmnxIPsecRUTnlHistStatsType, tmnxIPsecRUTnlHistStatsIntvIdx } ::= { tmnxIPsecRUTnlHistStatsTable 1 } TmnxIPsecRUTnlHistStatsEntry ::= SEQUENCE { tmnxIPsecRUTnlHistStatsType TmnxIPsecHistStatsType, tmnxIPsecRUTnlHistStatsIntvIdx Unsigned32, tmnxIPsecRUTnlHistStatsValue64 CounterBasedGauge64, tmnxIPsecRUTnlHistStatsIntvStTm DateAndTime, tmnxIPsecRUTnlHistStatsIntvDur Unsigned32 } tmnxIPsecRUTnlHistStatsType OBJECT-TYPE SYNTAX TmnxIPsecHistStatsType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecRUTnlHistStatsType specifies the statistical type for this IPsec Remote-User tunnel. The values of tmnxIPsecRUTnlHistStatsType supported by this table are listed below. numOfAccumIPsecEncrPkts (400) numOfAccumIPsecDecrPkts (401) numOfAccumIPsecEnDecrPkts (402) numOfAccumIPsecEncrKBs (403) numOfAccumIPsecDecrKBs (404) numOfAccumIPsecEnDecrKBs (405)" ::= { tmnxIPsecRUTnlHistStatsEntry 1 } tmnxIPsecRUTnlHistStatsIntvIdx OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecRUTnlHistStatsIntvIdx specifies the index of the sampling interval period for this statistic. The value of tmnxIPsecRUTnlHistStatsIntvIdx is '1', it indicates that this is the current sampling interval and the value of tmnxIPsecRUTnlHistStatsValue64 indicates the current statistical value. '1' is the only available value for tmnxIPsecRUTnlHistStatsIntvIdx in this release." ::= { tmnxIPsecRUTnlHistStatsEntry 2 } tmnxIPsecRUTnlHistStatsValue64 OBJECT-TYPE SYNTAX CounterBasedGauge64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecRUTnlHistStatsValue64 indicates the statistical value during the corresponding sampling interval period. The unit of tmnxIPsecRUTnlHistStatsValue64 is indicated by tmnxIPsecRUTnlHistStatsType." ::= { tmnxIPsecRUTnlHistStatsEntry 3 } tmnxIPsecRUTnlHistStatsIntvStTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecRUTnlHistStatsIntvStTm indicates the UTC date when the corresponding sampling interval started." ::= { tmnxIPsecRUTnlHistStatsEntry 4 } tmnxIPsecRUTnlHistStatsIntvDur OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecRUTnlHistStatsIntvDur indicates the duration in seconds of the corresponding sampling interval." ::= { tmnxIPsecRUTnlHistStatsEntry 5 } tmnxIPsecGWStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecGWStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecGWStatsTable contains the statistics of IPsec gateways." ::= { tmnxIPsecObjects 80 } tmnxIPsecGWStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecGWStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecGWStatsEntry contains the statistics for a specific IPsec gateway." INDEX { svcId, sapPortId, sapEncapValue } ::= { tmnxIPsecGWStatsTable 1 } TmnxIPsecGWStatsEntry ::= SEQUENCE { tmnxIPsecGWStatsNumOfDl2lTnls Unsigned32, tmnxIPsecGWStatsNumOfRaTnls Unsigned32 } tmnxIPsecGWStatsNumOfDl2lTnls OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWStatsNumOfDl2lTnls indicates the number of dynamic LAN-to-LAN (SL2L) tunnels associated with this IPsec gateway." ::= { tmnxIPsecGWStatsEntry 1 } tmnxIPsecGWStatsNumOfRaTnls OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecGWStatsNumOfRaTnls indicates the number of remote access (RA) tunnels associated to this IPsec gateway." ::= { tmnxIPsecGWStatsEntry 2 } tmnxIPsecNotifyObjs OBJECT IDENTIFIER ::= { tmnxIPsecObjects 100 } tIPsecNotifRUTnlInetAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifRUTnlInetAddrType indicates address type of tIPsecNotifRUTnlInetAddress object." ::= { tmnxIPsecNotifyObjs 1 } tIPsecNotifRUTnlInetAddress OBJECT-TYPE SYNTAX InetAddress (SIZE (4|16|20)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This value of tIPsecNotifRUTnlInetAddress indicates the address of of the SAP IPsec gateway to the tunnel." ::= { tmnxIPsecNotifyObjs 2 } tIPsecNotifRUTnlPort OBJECT-TYPE SYNTAX TTcpUdpPort MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifRUTnlPort indicates the UDP port of the SAP IPsec gateway to the tunnel." ::= { tmnxIPsecNotifyObjs 3 } tIPsecNotifReason OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifReason indicates the reason for the IPsec notification." ::= { tmnxIPsecNotifyObjs 4 } tIPsecNotifBfdIntfSvcId OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifBfdIntfSvcId specifies the service ID of the interface running BFD in the notification." ::= { tmnxIPsecNotifyObjs 5 } tIPsecNotifBfdIntfIfName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifBfdIntfIfName specifies the name of the interface running BFD in the notification." ::= { tmnxIPsecNotifyObjs 6 } tIPsecNotifBfdIntfDestIpType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifBfdIntfDestIpType specifies the address type of tIPsecNotifBfdIntfDestIp object." ::= { tmnxIPsecNotifyObjs 7 } tIPsecNotifBfdIntfDestIp OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifBfdIntfDestIp specifies the destination IP address on the interface running BFD in the notification." ::= { tmnxIPsecNotifyObjs 8 } tIPsecNotifBfdIntfSessState OBJECT-TYPE SYNTAX TmnxBfdSessOperState MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifBfdIntfSessState indicates the operational state of BFD session on the interface in the notification." ::= { tmnxIPsecNotifyObjs 9 } tIPsecRadAcctPlcyFailReason OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecRadAcctPlcyFailReason is a printable character string which contains information about the reason why the tIPsecRadAcctPlcyFailure notification was generated." ::= { tmnxIPsecNotifyObjs 10 } tIPsecNotifIPsecTunnelName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifIPsecTunnelName indicates the name of the IPsec tunnel name." ::= { tmnxIPsecNotifyObjs 11 } tIPsecNotifConfigIpMtu OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifConfigIpMtu indicates the IPsec tunnel's configured IP MTU for packets entering the tunnel from the non-encapsulated side." ::= { tmnxIPsecNotifyObjs 12 } tIPsecNotifEncapOverhead OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifEncapOverhead indicates the IPsec tunnel's outbound SA encapsulation overhead." ::= { tmnxIPsecNotifyObjs 13 } tIPsecNotifConfigEncapIpMtu OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifConfigEncapIpMtu indicates the IPsec tunnel's configured encapsulated IP MTU." ::= { tmnxIPsecNotifyObjs 14 } tIPsecNotifCertProfileName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifCertProfileName indicates the name of the certificate profile associated with the notification." ::= { tmnxIPsecNotifyObjs 15 } tIPsecNotifCertProfEntryId OBJECT-TYPE SYNTAX TEntryId MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifCertProfEntryId indicates the entry ID of the certificate profile associated with the notification." ::= { tmnxIPsecNotifyObjs 16 } tIPsecNotifCaProfNames OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of tIPsecNotifCaProfNames indicates the CA profile names of a certificate chain associated with the notification." ::= { tmnxIPsecNotifyObjs 17 } tIPsecNotifTunnelType OBJECT-TYPE SYNTAX INTEGER { static (1), secure-interface (2), dynamic (3) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The tIPsecNotifTunnelType indicates the type of tunnel." ::= { tmnxIPsecNotifyObjs 18 } tIPsecNotifTunnelIdentifier OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The tIPsecNotifTunnelIdentifier indicates the tunnel-name for the static/secure-interface tunnel or 'GW-REMOTE-IPADDR:REMOTE-PORT' for the dynamic tunnel." ::= { tmnxIPsecNotifyObjs 19 } tmnxIPsecScalarsObjs OBJECT IDENTIFIER ::= { tmnxIPsecObjects 101 } tmnxIPsecScalarObjsShowKeys OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecScalarObjsShowKeys specifies whether or not to show the IPsec Security Association keys in command line interfaces (CLI)." DEFVAL { false } ::= { tmnxIPsecScalarsObjs 1 } tmnxIPsecTnlBfdSessTableLChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlBfdSessTableLChg indicates the time, since system startup, when tmnxIPsecTnlBfdSessTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxIPsecObjects 102 } tmnxIPsecTnlBfdSessTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecTnlBfdSessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecTnlBfdSessTable contains configurable IPsec Tunnel Bidirectional Forwarding Detection (BFD) session information. Entries in this table are created and destroyed via SNMP SET operations to tmnxIPsecTnlBfdSessRowStatus. tmnxIPsecTnlBfdSessSvcId, tmnxIPsecTnlBfdSessSvcName, tmnxIPsecTnlBfdSessIfName, tmnxIPsecTnlBfdSessDstAddrT and tmnxIPsecTnlBfdSessDstAddr must be present in the same SNMP PDU as the row creation, otherwise the creation will fail." ::= { tmnxIPsecObjects 103 } tmnxIPsecTnlBfdSessEntry OBJECT-TYPE SYNTAX TmnxIPsecTnlBfdSessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecTnlBfdSessEntry contains the configuration of one IPsec Tunnel BFD session entry." INDEX { svcId, sapPortId, sapEncapValue, tmnxIPsecTunnelName } ::= { tmnxIPsecTnlBfdSessTable 1 } TmnxIPsecTnlBfdSessEntry ::= SEQUENCE { tmnxIPsecTnlBfdSessRowStatus RowStatus, tmnxIPsecTnlBfdSessSvcId TmnxServId, tmnxIPsecTnlBfdSessSvcName TLNamedItemOrEmpty, tmnxIPsecTnlBfdSessIfName TNamedItemOrEmpty, tmnxIPsecTnlBfdSessDstAddrT InetAddressType, tmnxIPsecTnlBfdSessDstAddr InetAddress } tmnxIPsecTnlBfdSessRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTnlBfdSessRowStatus specifies the status of this row. It is used to create and destroy rows in tmnxIPsecTnlBfdSessTable." ::= { tmnxIPsecTnlBfdSessEntry 1 } tmnxIPsecTnlBfdSessSvcId OBJECT-TYPE SYNTAX TmnxServId MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTnlBfdSessSvcId specifies the service identifier of the interface running BFD. The values of tmnxIPsecTnlBfdSessSvcId and tmnxIPsecTnlBfdSessSvcName must be mutually exclusive and cannot simultaneously have non-default values." DEFVAL { 0 } ::= { tmnxIPsecTnlBfdSessEntry 2 } tmnxIPsecTnlBfdSessSvcName OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTnlBfdSessSvcName specifies the service name of the interface running BFD. The values of tmnxIPsecTnlBfdSessSvcName and tmnxIPsecTnlBfdSessSvcId must be mutually exclusive and cannot simultaneously have non-default values." DEFVAL { ''H } ::= { tmnxIPsecTnlBfdSessEntry 3 } tmnxIPsecTnlBfdSessIfName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTnlBfdSessIfName specifies the IPSec interface used by the BFD session." DEFVAL { ''H } ::= { tmnxIPsecTnlBfdSessEntry 4 } tmnxIPsecTnlBfdSessDstAddrT OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTnlBfdSessDstAddrT specifies the address type of tmnxIPsecTnlBfdSessDstAddr." DEFVAL { ipv4 } ::= { tmnxIPsecTnlBfdSessEntry 5 } tmnxIPsecTnlBfdSessDstAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxIPsecTnlBfdSessDstAddr specifies the destination IP address to be used for the BFD session. The default value of tmnxIPsecTnlBfdSessDstAddr is 0.0.0.0." DEFVAL { '00000000'H } ::= { tmnxIPsecTnlBfdSessEntry 6 } tmnxIPsecTnlBfdSessStatTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecTnlBfdSessStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecTnlBfdSessStatTable contains the statistics of IPsec Tunnel BFD sessions." ::= { tmnxIPsecObjects 104 } tmnxIPsecTnlBfdSessStatEntry OBJECT-TYPE SYNTAX TmnxIPsecTnlBfdSessStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecTnlBfdSessStatEntry contains the statistics for a single IPsec Tunnel BFD session." INDEX { svcId, sapPortId, sapEncapValue, tmnxIPsecTunnelName } ::= { tmnxIPsecTnlBfdSessStatTable 1 } TmnxIPsecTnlBfdSessStatEntry ::= SEQUENCE { tmnxIPsecTnlBfdSessStatSrcAddrT InetAddressType, tmnxIPsecTnlBfdSessStatSrcAddr InetAddress, tmnxIPsecTnlBfdSessStatOperState TmnxBfdSessOperState } tmnxIPsecTnlBfdSessStatSrcAddrT OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlBfdSessStatSrcAddrT indicates the address type of tmnxIPsecTnlBfdSessStatSrcAddr." ::= { tmnxIPsecTnlBfdSessStatEntry 1 } tmnxIPsecTnlBfdSessStatSrcAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlBfdSessStatSrcAddr indicates the source IP address on the interface running BFD." ::= { tmnxIPsecTnlBfdSessStatEntry 2 } tmnxIPsecTnlBfdSessStatOperState OBJECT-TYPE SYNTAX TmnxBfdSessOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecTnlBfdSessStatOperState indicates the operational state of the BFD session the IPsec tunnel is relying upon for its fast triggering mechanism." ::= { tmnxIPsecTnlBfdSessStatEntry 3 } tmnxVRtIPsecTnlTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlTableLastChanged indicates the time, since system startup, when tmnxVRtIPsecTnlTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxIPsecObjects 105 } tmnxVRtIPsecTnlTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxVRtIPsecTnlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxVRtIPsecTnlTable contains configurable IPsec Tunnel information. Entries in this table are created and destroyed via SNMP SET operations to tmnxVRtIPsecTnlRowStatus." ::= { tmnxIPsecObjects 106 } tmnxVRtIPsecTnlEntry OBJECT-TYPE SYNTAX TmnxVRtIPsecTnlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxVRtIPsecTnlEntry contains the configuration of one IPsec Tunnel entry." INDEX { vRtrID, vRtrIfIndex, tmnxVRtIPsecTnlName } ::= { tmnxVRtIPsecTnlTable 1 } TmnxVRtIPsecTnlEntry ::= SEQUENCE { tmnxVRtIPsecTnlName TNamedItem, tmnxVRtIPsecTnlRowStatus RowStatus, tmnxVRtIPsecTnlLastChanged TimeStamp, tmnxVRtIPsecTnlAdminState TmnxAdminState, tmnxVRtIPsecTnlOperState TmnxIPsecOperState, tmnxVRtIPsecTnlDescription TItemDescription, tmnxVRtIPsecTnlLclGwAddrType InetAddressType, tmnxVRtIPsecTnlLclGwAddr InetAddress, tmnxVRtIPsecTnlRemGwAddrType InetAddressType, tmnxVRtIPsecTnlRemGwAddr InetAddress, tmnxVRtIPsecTnlSecurityPolicyId TmnxIPsecPolicyIdOrZero, tmnxVRtIPsecTnlKeyingType TmnxIPsecKeyingType, tmnxVRtIPsecTnlDynTransformId1 TmnxIPsecTransformIdOrZero, tmnxVRtIPsecTnlDynTransformId2 TmnxIPsecTransformIdOrZero, tmnxVRtIPsecTnlDynTransformId3 TmnxIPsecTransformIdOrZero, tmnxVRtIPsecTnlDynTransformId4 TmnxIPsecTransformIdOrZero, tmnxVRtIPsecTnlIkePolicyId TmnxIkePolicyIdOrZero, tmnxVRtIPsecTnlIkePreSharedKey OCTET STRING, tmnxVRtIPsecTnlOperFlags BITS, tmnxVRtIPsecTnlReplayWindow Unsigned32, tmnxVRtIPsecTnlAutoEstablish TruthValue, tmnxVRtIPsecTnlBfdDesignate TruthValue, tmnxVRtIPsecTnlLocalIdType TmnxIPsecLocalIdType, tmnxVRtIPsecTnlLocalIdValue DisplayString, tmnxVRtIPsecTnlClearDfBit TruthValue, tmnxVRtIPsecTnlIpMtu Unsigned32, tmnxVRtIPsecTnlHostISA TmnxHwIndexOrZero, tmnxVRtIPsecTnlCSVPrimary TmnxCertRevStatus, tmnxVRtIPsecTnlCSVSecondary TmnxCertRevStatusOrNone, tmnxVRtIPsecTnlCSVDefResult INTEGER, tmnxVRtIPsecTnlCertProfile TNamedItemOrEmpty, tmnxVRtIPsecTnlMatchTrustAnchor TNamedItemOrEmpty, tmnxVRtIPsecTnlCertTrstAnchrProf TNamedItemOrEmpty, tmnxVRtIPsecTnlEncapIpMtu Unsigned32, tmnxVRtIPsecTnlPropagateIpv6PMTU TruthValue, tmnxVRtIPsecTnlIcmp6Pkt2Big TruthValue, tmnxVRtIPsecTnlIcmp6NumPkt2Big Unsigned32, tmnxVRtIPsecTnlIcmp6Pkt2BigTime Unsigned32, tmnxVRtIPsecTnlOperChanged TimeStamp, tmnxVRtIPsecTnlPropagateIpv4PMTU TruthValue, tmnxVRtIPsecTnlIcmpFragReq TruthValue, tmnxVRtIPsecTnlIcmpFragReqNum Unsigned32, tmnxVRtIPsecTnlIcmpFragReqTime Unsigned32, tmnxVRtIPsecTnlPMTUDiscoverAging Unsigned32, tmnxVRtIPsecTnlPubTcpMssAdjust Integer32, tmnxVRtIPsecTnlPrivTcpMssAdjust Integer32, tmnxVRtIPsecTnlMaxNumPh1SaKeys Unsigned32, tmnxVRtIPsecTnlMaxNumPh2SaKeys Unsigned32, tmnxVRtIPsecTnlSecPlyStrictMatch TruthValue, tmnxVRtIPsecTnlPrivateSvcName TLNamedItemOrEmpty, tmnxVRtIPsecTnlPrivSap Unsigned32, tmnxVRtIPsecTnlLclGwAddrOvrdType InetAddressType, tmnxVRtIPsecTnlLclGwAddrOvrd InetAddress, tmnxVRtIPsecTnlHostEsa TmnxEsaIdOrZero, tmnxVRtIPsecTnlHostEsaVm TmnxEsaVmIdOrZero } tmnxVRtIPsecTnlName OBJECT-TYPE SYNTAX TNamedItem MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlName specifies the name of this IPsec tunnel." ::= { tmnxVRtIPsecTnlEntry 1 } tmnxVRtIPsecTnlRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlRowStatus specifies the status of this row. It is used to create and destroy rows in tmnxVRtIPsecTnlTable." ::= { tmnxVRtIPsecTnlEntry 2 } tmnxVRtIPsecTnlLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlLastChanged indicates the time, since system startup, that the configuration of this row was created or modified." ::= { tmnxVRtIPsecTnlEntry 3 } tmnxVRtIPsecTnlAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlAdminState specifies the administrative state of the tmnxVRtIPsecTnlEntry." DEFVAL { outOfService } ::= { tmnxVRtIPsecTnlEntry 4 } tmnxVRtIPsecTnlOperState OBJECT-TYPE SYNTAX TmnxIPsecOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlOperState indicates the operational status of tmnxVRtIPsecTnlEntry." ::= { tmnxVRtIPsecTnlEntry 5 } tmnxVRtIPsecTnlDescription OBJECT-TYPE SYNTAX TItemDescription MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlDescription specifies the user-provided description for this entry." DEFVAL { "" } ::= { tmnxVRtIPsecTnlEntry 6 } tmnxVRtIPsecTnlLclGwAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlLclGwAddrType specifies the address type of address in tmnxVRtIPsecTnlLclGwAddr." ::= { tmnxVRtIPsecTnlEntry 7 } tmnxVRtIPsecTnlLclGwAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlLclGwAddr specifies the address of the interface on the local node of this IPsec tunnel." ::= { tmnxVRtIPsecTnlEntry 8 } tmnxVRtIPsecTnlRemGwAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlRemGwAddrType specifies the address type of address in tmnxVRtIPsecTnlRemGwAddr." DEFVAL { unknown } ::= { tmnxVRtIPsecTnlEntry 9 } tmnxVRtIPsecTnlRemGwAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlRemGwAddr specifies the address of the interface on the remote node of this IPsec tunnel." DEFVAL { ''H } ::= { tmnxVRtIPsecTnlEntry 10 } tmnxVRtIPsecTnlSecurityPolicyId OBJECT-TYPE SYNTAX TmnxIPsecPolicyIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlSecurityPolicyId specifies the IPsec security policy entry in the tmnxIPsecPolicyTable that this tunnel will use." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 11 } tmnxVRtIPsecTnlKeyingType OBJECT-TYPE SYNTAX TmnxIPsecKeyingType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlKeyingType specifies the keying type that this tunnel will use." DEFVAL { none } ::= { tmnxVRtIPsecTnlEntry 12 } tmnxVRtIPsecTnlDynTransformId1 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlDynTransformId1 specifies the first IPsec transform entry in the table tmnxIPsecTransformTable that this tunnel will use." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 13 } tmnxVRtIPsecTnlDynTransformId2 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlDynTransformId2 specifies the second IPsec transform entry in the table tmnxIPsecTransformTable that this tunnel will use. The value of tmnxVRtIPsecTnlDynTransformId2 is valid and greater than 0, only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 14 } tmnxVRtIPsecTnlDynTransformId3 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlDynTransformId3 specifies the third IPsec transform entry in the table tmnxIPsecTransformTable that this tunnel will use. The value of tmnxVRtIPsecTnlDynTransformId3 is valid and greater than 0, only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 15 } tmnxVRtIPsecTnlDynTransformId4 OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlDynTransformId4 specifies the fourth IPsec transform entry in the table tmnxIPsecTransformTable that this tunnel will use. The value of tmnxVRtIPsecTnlDynTransformId3 is valid and greater than 0, only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 16 } tmnxVRtIPsecTnlIkePolicyId OBJECT-TYPE SYNTAX TmnxIkePolicyIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The object tmnxVRtIPsecTnlIkePolicyId specifies the IKE policy entry that this tunnel will use. The value of tmnxVRtIPsecTnlIkePolicyId is valid and greater than 0, only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 17 } tmnxVRtIPsecTnlIkePreSharedKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIkePreSharedKey specifies the shared secret between the two peers forming the tunnel. The value of tmnxVRtIPsecTnlIkePreSharedKey is a valid and non null string only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'." DEFVAL { "" } ::= { tmnxVRtIPsecTnlEntry 18 } tmnxVRtIPsecTnlOperFlags OBJECT-TYPE SYNTAX BITS { unresolvedLocalIp (0), tunnelAdminDown (1), sapDown (2), unresolvedPublicSvc (3), bfdSessionDown (4), reserved1 (5), unresolvedDstIp (6), invalidCertFile (7), invalidKeyFile (8), trustAnchorsDown (9), certProfileDown (10), invalidCertKeyCombo (11), securedIntfSourceAddrUnresolved (12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlOperFlags indicates the reason why the tunnel is operationally down." ::= { tmnxVRtIPsecTnlEntry 19 } tmnxVRtIPsecTnlReplayWindow OBJECT-TYPE SYNTAX Unsigned32 (0 | 32 | 64 | 128 | 256 | 512) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlReplayWindow specifies the size of the anti-replay window. If the value of tmnxVRtIPsecTnlReplayWindow is set to 0, then the anti-replay feature is disabled." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 20 } tmnxVRtIPsecTnlAutoEstablish OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlAutoEstablish specifies whether to attempt to establish a phase 1 exchange automatically." DEFVAL { false } ::= { tmnxVRtIPsecTnlEntry 21 } tmnxVRtIPsecTnlBfdDesignate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlBfdDesignate specifies whether this IPSec tunnel is the BFD designated tunnel." DEFVAL { false } ::= { tmnxVRtIPsecTnlEntry 22 } tmnxVRtIPsecTnlLocalIdType OBJECT-TYPE SYNTAX TmnxIPsecLocalIdType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlLocalIdType specifies the local identifier type used for IDi or IDr for IKEv2. An 'inconsistentValue' error is returned if this object is modified when tmnxVRtIPsecTnlAdminState is in 'inService' state." DEFVAL { none } ::= { tmnxVRtIPsecTnlEntry 23 } tmnxVRtIPsecTnlLocalIdValue OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlLocalIdValue specifies the value associated with tmnxVRtIPsecTnlLocalIdType object. Value is extracted from the configured certificate when tmnxVRtIPsecTnlLocalIdType is set to 'dn'." DEFVAL { ''H } ::= { tmnxVRtIPsecTnlEntry 24 } tmnxVRtIPsecTnlClearDfBit OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlClearDfBit specifies whether to clear Do not Fragment (DF) bit in the outgoing packets in this tunnel." DEFVAL { false } ::= { tmnxVRtIPsecTnlEntry 25 } tmnxVRtIPsecTnlIpMtu OBJECT-TYPE SYNTAX Unsigned32 (0 | 512..9000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIpMtu specifies the MTU size for IP packets for this tunnel. A value set to zero indicates maximum supported MTU size on the SAP for this tunnel." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 26 } tmnxVRtIPsecTnlHostISA OBJECT-TYPE SYNTAX TmnxHwIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlHostISA indicates the active ISA MDA that is being used to host this IPsec tunnel. This object will contain a nonzero value only when the tunnel is both operationally up and being hosted by an MDA. When the tunnel is being hosted by an ESA virtual machine, the host will be indicated by the tmnxVRtIPsecTnlHostEsa and tmnxVRtIPsecTnlHostEsaVm objects." ::= { tmnxVRtIPsecTnlEntry 27 } tmnxVRtIPsecTnlCSVPrimary OBJECT-TYPE SYNTAX TmnxCertRevStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlCSVPrimary specifies the primary method of Certificate Status Verification (CSV) that is used to verify revocation status of the certificate of the peer. This value must be set in the same PDU as tmnxVRtIPsecTnlCSVSecondary if the value of tmnxVRtIPsecTnlAdminState is equal to 'inService (2)'." DEFVAL { crl } ::= { tmnxVRtIPsecTnlEntry 28 } tmnxVRtIPsecTnlCSVSecondary OBJECT-TYPE SYNTAX TmnxCertRevStatusOrNone MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlCSVSecondary specifies the secondary method of Certificate Status Verification (CSV) that is used to verify revocation status of the certificate of the peer. This value must be set in the same PDU as tmnxVRtIPsecTnlCSVPrimary if the value of tmnxVRtIPsecTnlAdminState is equal to 'inService (2)'." DEFVAL { none } ::= { tmnxVRtIPsecTnlEntry 29 } tmnxVRtIPsecTnlCSVDefResult OBJECT-TYPE SYNTAX INTEGER { revoked (0), good (1) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlCSVDefResult specifies the default result of Certificate Status Verification (CSV) when both primary and secondary method failed to provide an answer." DEFVAL { revoked } ::= { tmnxVRtIPsecTnlEntry 30 } tmnxVRtIPsecTnlCertProfile OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlCertProfile specifies the certificate profile associated with this IPsec tunnel." DEFVAL { ''H } ::= { tmnxVRtIPsecTnlEntry 31 } tmnxVRtIPsecTnlMatchTrustAnchor OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlMatchTrustAnchor indicates the name for matched Certificate-Authority Profile name associated with this SAP IPSec tunnel certificate." ::= { tmnxVRtIPsecTnlEntry 32 } tmnxVRtIPsecTnlCertTrstAnchrProf OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlCertTrstAnchrProf specifies the name for Certificate-Authority Trust Anchor Profile name associated with this SAP IPSec tunnel certificate. An 'inconsistentValue' error is returned if this object is modified when tmnxVRtIPsecTnlAdminState is in 'inService' state." DEFVAL { ''H } ::= { tmnxVRtIPsecTnlEntry 33 } tmnxVRtIPsecTnlEncapIpMtu OBJECT-TYPE SYNTAX Unsigned32 (0 | 512..9000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlEncapIpMtu specifies the MTU size for IP packets after tunnel encapsulation has been added. A value set to zero indicates maximum supported MTU size on the SAP for this tunnel." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 34 } tmnxVRtIPsecTnlPropagateIpv6PMTU OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlPropagateIpv6PMTU specifies whether or not to propagate a path MTU to IPv6 hosts." DEFVAL { false } ::= { tmnxVRtIPsecTnlEntry 35 } tmnxVRtIPsecTnlIcmp6Pkt2Big OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIcmp6Pkt2Big specifies whether packet-too-big ICMP messages should be sent. When it is set to 'true', ICMPv6 packet-too-big messages are generated by this IPsec tunnel. When tmnxVRtIPsecTnlIcmp6Pkt2Big is set to 'false (2)', ICMPv6 packet-too-big messages are not sent. When the value of tmnxVRtIPsecTnlIcmp6Pkt2Big is 'false (2)', it must be set in the same SNMP PDU as tmnxVRtIPsecTnlIcmp6NumPkt2Big and tmnxVRtIPsecTnlIcmp6Pkt2BigTime. The value of tmnxVRtIPsecTnlIcmp6NumPkt2Big and tmnxVRtIPsecTnlIcmp6Pkt2BigTime must be their default values." DEFVAL { true } ::= { tmnxVRtIPsecTnlEntry 36 } tmnxVRtIPsecTnlIcmp6NumPkt2Big OBJECT-TYPE SYNTAX Unsigned32 (10..1000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIcmp6NumPkt2Big specifies how many packet-too-big ICMPv6 messages are transmitted in the time frame specified by tmnxVRtIPsecTnlIcmp6Pkt2BigTime. This value must be set in the same SNMP SET PDU as tmnxVRtIPsecTnlIcmp6Pkt2Big." DEFVAL { 100 } ::= { tmnxVRtIPsecTnlEntry 37 } tmnxVRtIPsecTnlIcmp6Pkt2BigTime OBJECT-TYPE SYNTAX Unsigned32 (1..60) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIcmp6Pkt2BigTime specifies the time frame in seconds that is used to limit the number of packet-too-big ICMPv6 messages transmitted per time frame. This value must be set in the same SNMP SET PDU as tmnxVRtIPsecTnlIcmp6Pkt2Big." DEFVAL { 10 } ::= { tmnxVRtIPsecTnlEntry 38 } tmnxVRtIPsecTnlOperChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlOperChanged indicates the sysUpTime at the time of the last operational status change of this entry." ::= { tmnxVRtIPsecTnlEntry 39 } tmnxVRtIPsecTnlPropagateIpv4PMTU OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlPropagateIpv4PMTU specifies whether or not to propagate a path MTU to IPv4 hosts." DEFVAL { false } ::= { tmnxVRtIPsecTnlEntry 40 } tmnxVRtIPsecTnlIcmpFragReq OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIcmpFragReq specifies whether or not 'Fragmentation required and DF flag set' ICMP messages should be sent. When it is set to 'true (1)', the ICMP messages are transmitted by this IPsec tunnel. When tmnxVRtIPsecTnlIcmpFragReq is set to 'false (2)', the ICMP messages are not sent. When the value of tmnxVRtIPsecTnlIcmpFragReq is 'false (2)', it must be set in the same SNMP PDU as tmnxVRtIPsecTnlIcmpFragReqNum and tmnxVRtIPsecTnlIcmpFragReqTime. The value of tmnxVRtIPsecTnlIcmpFragReqNum and tmnxVRtIPsecTnlIcmpFragReqTime must be their default values." DEFVAL { true } ::= { tmnxVRtIPsecTnlEntry 41 } tmnxVRtIPsecTnlIcmpFragReqNum OBJECT-TYPE SYNTAX Unsigned32 (10..1000) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIcmpFragReqNum specifies how many 'Fragmentation required and DF flag set' ICMP messages are transmitted in the time frame specified by tmnxVRtIPsecTnlIcmpFragReqTime. This value must be set in the same SNMP SET PDU as tmnxVRtIPsecTnlIcmpFragReq." DEFVAL { 100 } ::= { tmnxVRtIPsecTnlEntry 42 } tmnxVRtIPsecTnlIcmpFragReqTime OBJECT-TYPE SYNTAX Unsigned32 (1..60) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIcmpFragReqTime specifies the time frame in seconds that is used to limit the number of 'Fragmentation required and DF flag set' ICMP messages transmitted per time frame. This value must be set in the same SNMP SET PDU as tmnxVRtIPsecTnlIcmpFragReq." DEFVAL { 10 } ::= { tmnxVRtIPsecTnlEntry 43 } tmnxVRtIPsecTnlPMTUDiscoverAging OBJECT-TYPE SYNTAX Unsigned32 (900..3600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlPMTUDiscoverAging specifies the number of seconds used to age out the learned MTU, which is obtained through path MTU discovery." DEFVAL { 900 } ::= { tmnxVRtIPsecTnlEntry 44 } tmnxVRtIPsecTnlPubTcpMssAdjust OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 512..9000) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlPubTcpMssAdjust specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the public network to the private network. The system may use this value to adjust or insert the MSS option in TCP SYN packet. The TCP MSS adjustment functionality on the public side network is disabled when the following conditions are met. 1) The value of tmnxVRtIPsecTnlPubTcpMssAdjust is '-1' or 2) The values of tmnxVRtIPsecTnlPubTcpMssAdjust and tmnxVRtIPsecTnlEncapIpMtu are both '0'. When the system receives a TCP SYN packet from the public network and this packet contains an MSS option, the system replaces the MSS option value with a new MSS when the new MSS is smaller than the MSS option value. When the system receives a TCP SYN packet from the public network and this packet does not contain an MSS option, the system inserts one with a new MSS. The new MSS is calculated based on the following rules. 1) When the value of tmnxVRtIPsecTnlPubTcpMssAdjust is '0' and tmnxVRtIPsecTnlEncapIpMtu has a non-zero value, New MSS = tmnxVRtIPsecTnlEncapIpMtu - total header size (e.g., encryption, encapsulation, TCP and IP headers) 2) When the value of tmnxVRtIPsecTnlPubTcpMssAdjust is in the range of (512..9000) New MSS = tmnxVRtIPsecTnlPubTcpMssAdjust" REFERENCE "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012" DEFVAL { -1 } ::= { tmnxVRtIPsecTnlEntry 45 } tmnxVRtIPsecTnlPrivTcpMssAdjust OBJECT-TYPE SYNTAX Integer32 (-1 | 512..9000) UNITS "octets" MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlPrivTcpMssAdjust specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the private network to the public network. The system may use this value to adjust or insert the MSS option in TCP SYN packet. The value of '-1' specifies that the TCP MSS adjustment functionality on the private side is disabled. When the system receives a TCP SYN packet from the private network and this packet contains an MSS option, the system replaces the MSS option value with tmnxVRtIPsecTnlPrivTcpMssAdjust when the value of tmnxVRtIPsecTnlPrivTcpMssAdjust is smaller than the MSS option value. When the system receives a TCP SYN packet from the private network and this packet does not contain an MSS option, the system inserts one whose MSS is equal to tmnxVRtIPsecTnlPrivTcpMssAdjust." REFERENCE "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012" DEFVAL { -1 } ::= { tmnxVRtIPsecTnlEntry 46 } tmnxVRtIPsecTnlMaxNumPh1SaKeys OBJECT-TYPE SYNTAX Unsigned32 (0..3) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlMaxNumPh1SaKeys specifies the maximum number of security association (SA) phase 1 keys, which can be saved by the system, for this IPsec tunnel." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 47 } tmnxVRtIPsecTnlMaxNumPh2SaKeys OBJECT-TYPE SYNTAX Unsigned32 (0..48) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlMaxNumPh2SaKeys specifies the maximum number of security association (SA) phase 2 keys, which can be saved by the system, for this IPsec tunnel." DEFVAL { 0 } ::= { tmnxVRtIPsecTnlEntry 48 } tmnxVRtIPsecTnlSecPlyStrictMatch OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlSecPlyStrictMatch specifies whether or not the system does a strict match when it receives a CREATE_CHILD exchange request, which is not for rekey, for this IPsec tunnel." DEFVAL { false } ::= { tmnxVRtIPsecTnlEntry 49 } tmnxVRtIPsecTnlPrivateSvcName OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlPrivateSvcName specifies the private service name of this tunnel. The value of this object can only be specified during the row creation." DEFVAL { ''H } ::= { tmnxVRtIPsecTnlEntry 50 } tmnxVRtIPsecTnlPrivSap OBJECT-TYPE SYNTAX Unsigned32 (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlPrivSap specifies the SAP encapsulation value of this tunnel. This object must be specified a value during the row creation." ::= { tmnxVRtIPsecTnlEntry 51 } tmnxVRtIPsecTnlLclGwAddrOvrdType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlLclGwAddrOvrdType specifies the address type of address in tmnxVRtIPsecTnlLclGwAddrOvrd." DEFVAL { unknown } ::= { tmnxVRtIPsecTnlEntry 52 } tmnxVRtIPsecTnlLclGwAddrOvrd OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlLclGwAddrOvrd specifies the local IPsec tunnel endpoint that overrides the secured interface default source address." DEFVAL { ''H } ::= { tmnxVRtIPsecTnlEntry 53 } tmnxVRtIPsecTnlHostEsa OBJECT-TYPE SYNTAX TmnxEsaIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlHostEsa indicates the active ESA that is being used to host this IPsec tunnel. This object will contain a nonzero value only when the tunnel is both operationally up and being hosted by an ESA virtual machine. When the tunnel is being hosted by an ISA MDA, the host will be indicated by the tmnxVRtIPsecTnlHostISA object." ::= { tmnxVRtIPsecTnlEntry 54 } tmnxVRtIPsecTnlHostEsaVm OBJECT-TYPE SYNTAX TmnxEsaVmIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlHostEsaVm indicates the active ESA virtual machine that is being used to host this IPsec tunnel. This object will contain a nonzero value only when the tunnel is both operationally up and being hosted by an ESA virtual machine. When the tunnel is being hosted by an ISA MDA, the host will be indicated by the tmnxVRtIPsecTnlHostISA object." ::= { tmnxVRtIPsecTnlEntry 55 } tmnxVRtIPsecTnlBfdTableLChg OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlBfdTableLChg indicates the time, since system startup, when tmnxVRtIPsecTnlBfdTable last changed configuration. A value of zero indicates that no changes were made to this table since the system was last initialized." ::= { tmnxIPsecObjects 107 } tmnxVRtIPsecTnlBfdTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxVRtIPsecTnlBfdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxVRtIPsecTnlBfdTable contains configurable IPsec Tunnel Bidirectional Forwarding Detection (BFD) session information. Entries in this table are created and destroyed via SNMP SET operations to tmnxVRtIPsecTnlBfdRowStatus. tmnxVRtIPsecTnlBfdSvcName, tmnxVRtIPsecTnlBfdIfName, tmnxVRtIPsecTnlBfdDstAddrT and tmnxVRtIPsecTnlBfdDstAddr must be present in the same SNMP PDU as the row creation, otherwise the creation will fail." ::= { tmnxIPsecObjects 108 } tmnxVRtIPsecTnlBfdEntry OBJECT-TYPE SYNTAX TmnxVRtIPsecTnlBfdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxVRtIPsecTnlBfdEntry contains the configuration of one IPsec Tunnel BFD session entry." INDEX { vRtrID, vRtrIfIndex, tmnxVRtIPsecTnlName } ::= { tmnxVRtIPsecTnlBfdTable 1 } TmnxVRtIPsecTnlBfdEntry ::= SEQUENCE { tmnxVRtIPsecTnlBfdRowStatus RowStatus, tmnxVRtIPsecTnlBfdSvcName TLNamedItemOrEmpty, tmnxVRtIPsecTnlBfdIfName TNamedItemOrEmpty, tmnxVRtIPsecTnlBfdDstAddrT InetAddressType, tmnxVRtIPsecTnlBfdDstAddr InetAddress } tmnxVRtIPsecTnlBfdRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlBfdRowStatus specifies the status of this row. It is used to create and destroy rows in tmnxVRtIPsecTnlBfdTable." ::= { tmnxVRtIPsecTnlBfdEntry 1 } tmnxVRtIPsecTnlBfdSvcName OBJECT-TYPE SYNTAX TLNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlBfdSvcName specifies the service name of the interface running BFD." DEFVAL { ''H } ::= { tmnxVRtIPsecTnlBfdEntry 2 } tmnxVRtIPsecTnlBfdIfName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlBfdIfName specifies the IPSec interface used by the BFD session." DEFVAL { ''H } ::= { tmnxVRtIPsecTnlBfdEntry 3 } tmnxVRtIPsecTnlBfdDstAddrT OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlBfdDstAddrT specifies the address type of tmnxVRtIPsecTnlBfdDstAddr." DEFVAL { ipv4 } ::= { tmnxVRtIPsecTnlBfdEntry 4 } tmnxVRtIPsecTnlBfdDstAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (4)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlBfdDstAddr specifies the destination IP address to be used for the BFD session. The default value of tmnxVRtIPsecTnlBfdDstAddr is 0.0.0.0." DEFVAL { '00000000'H } ::= { tmnxVRtIPsecTnlBfdEntry 5 } tmnxVRtIPsecTnlBfdStatTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxVRtIPsecTnlBfdStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxVRtIPsecTnlBfdStatTable contains the statistics of IPsec Tunnel BFD sessions." ::= { tmnxIPsecObjects 109 } tmnxVRtIPsecTnlBfdStatEntry OBJECT-TYPE SYNTAX TmnxVRtIPsecTnlBfdStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxVRtIPsecTnlBfdStatEntry contains the statistics for a single IPsec Tunnel BFD session." INDEX { vRtrID, vRtrIfIndex, tmnxVRtIPsecTnlName } ::= { tmnxVRtIPsecTnlBfdStatTable 1 } TmnxVRtIPsecTnlBfdStatEntry ::= SEQUENCE { tmnxVRtIPsecTnlBfdStatSrcAddrT InetAddressType, tmnxVRtIPsecTnlBfdStatSrcAddr InetAddress, tmnxVRtIPsecTnlBfdStatOperState TmnxBfdSessOperState } tmnxVRtIPsecTnlBfdStatSrcAddrT OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlBfdStatSrcAddrT indicates the address type of tmnxVRtIPsecTnlBfdStatSrcAddr." ::= { tmnxVRtIPsecTnlBfdStatEntry 1 } tmnxVRtIPsecTnlBfdStatSrcAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlBfdStatSrcAddr indicates the source IP address on the interface running BFD." ::= { tmnxVRtIPsecTnlBfdStatEntry 2 } tmnxVRtIPsecTnlBfdStatOperState OBJECT-TYPE SYNTAX TmnxBfdSessOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlBfdStatOperState indicates the operational state of the BFD session the IPsec tunnel is relying upon for its fast triggering mechanism." ::= { tmnxVRtIPsecTnlBfdStatEntry 3 } tmnxVRtIPsecSATableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSATableLastChanged indicates the sysUpTime at the time of the last modification to tmnxVRtIPsecSATable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 112 } tmnxVRtIPsecSATable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxVRtIPsecSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IPsec manual and dynamic SA entries." ::= { tmnxIPsecObjects 113 } tmnxVRtIPsecSAEntry OBJECT-TYPE SYNTAX TmnxVRtIPsecSAEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec SA entry." INDEX { vRtrID, vRtrIfIndex, tmnxVRtIPsecTnlName, tmnxVRtIPsecSAId, tmnxVRtIPsecSADirection, tmnxVRtIPsecSAIndex } ::= { tmnxVRtIPsecSATable 1 } TmnxVRtIPsecSAEntry ::= SEQUENCE { tmnxVRtIPsecSAId Unsigned32, tmnxVRtIPsecSADirection TmnxIPsecDirection, tmnxVRtIPsecSAIndex Unsigned32, tmnxVRtIPsecSARowStatus RowStatus, tmnxVRtIPsecSALastChanged TimeStamp, tmnxVRtIPsecSAType TmnxIPsecKeyingType, tmnxVRtIPsecSAEncryptionKey OCTET STRING, tmnxVRtIPsecSAAuthenticationKey OCTET STRING, tmnxVRtIPsecSASpi Unsigned32, tmnxVRtIPsecSAManualTransformId TmnxIPsecTransformIdOrZero, tmnxVRtIPsecSAAuthAlgorithm TmnxAuthAlgorithm, tmnxVRtIPsecSAEncrAlgorithm TmnxEncrAlgorithm, tmnxVRtIPsecSAStorageType StorageType, tmnxVRtIPsecSAEstablishedTime TimeStamp, tmnxVRtIPsecSANegotiatedLifeTime Unsigned32 } tmnxVRtIPsecSAId OBJECT-TYPE SYNTAX Unsigned32 (1..16) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAId specifies the id of an SA entry and is part of the index for the tmnxVRtIPsecSATable." ::= { tmnxVRtIPsecSAEntry 1 } tmnxVRtIPsecSADirection OBJECT-TYPE SYNTAX TmnxIPsecDirection MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxVRtIPsecSADirection specifies the direction on the IPsec tunnel to which this SA entry can be applied. The value of tmnxVRtIPsecSADirection is also part of the index for the table tmnxVRtIPsecSATable" ::= { tmnxVRtIPsecSAEntry 2 } tmnxVRtIPsecSAIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAIndex specifies an additional index to uniquely identify the SA entry in the tmnxVRtIPsecSATable. The value of tmnxVRtIPsecSAIndex is limited to a value of '1' when tmnxIPsecTunnelKeyingType corresponding to the tunnel specified tmnxIPsecTunnelName is set to 'static'." ::= { tmnxVRtIPsecSAEntry 3 } tmnxVRtIPsecSARowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxVRtIPsecSARowStatus object is used to create and delete rows in the tmnxVRtIPsecSATable. When creating an entry in tmnxVRtIPsecSATable, the value of tmnxVRtIPsecSARowStatus must be 'createAndGo' and the objects tmnxVRtIPsecSAEncryptionKey, tmnxVRtIPsecSAAuthenticationKey, tmnxVRtIPsecSASpi, tmnxVRtIPsecSAManualTransformId are required to be set in the same request." ::= { tmnxVRtIPsecSAEntry 4 } tmnxVRtIPsecSALastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSALastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxVRtIPsecSAEntry 5 } tmnxVRtIPsecSAType OBJECT-TYPE SYNTAX TmnxIPsecKeyingType MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAType indicates whether this SA entry is created manually by the user or dynamically by the IPsec subsystem." ::= { tmnxVRtIPsecSAEntry 6 } tmnxVRtIPsecSAEncryptionKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAEncryptionKey specifies the key used for the encryption algorithm defined by the tmnxIPsecTransformEncrAlgorithm in the IPsec transform indexed by tmnxVRtIPsecSAManualTransformId. The length of the key must match the length required by the encryption algorithm. If a key of another length is set, the request will fail with an 'inconsistentValue' error. There is no default value for tmnxVRtIPsecSAEncryptionKey and this is a required object when creating an entry in tmnxVRtIPsecSATable. If tmnxVRtIPsecSAEncryptionKey is not specified when creating an entry, the request will fail with an 'inconsistentValue' error. A 'wrongLength' error is returned if the length of this object is set to outside the range of 0 and 32." ::= { tmnxVRtIPsecSAEntry 7 } tmnxVRtIPsecSAAuthenticationKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAAuthenticationKey specifies the key used for the authentication algorithm defined by the tmnxIPsecTransformAuthAlgorithm in the IPsec transform indexed by tmnxVRtIPsecSAManualTransformId. The length of the key must match the length required by the authentication algorithm. If a key of another length is set, the request will fail with an 'inconsistentValue' error. There is no default value for tmnxVRtIPsecSAAuthenticationKey and this is a required object when creating an entry in tmnxVRtIPsecSATable. If tmnxVRtIPsecSAAuthenticationKey is not specified when creating an entry, the request will fail with an 'inconsistentValue' error. A 'wrongLength' error is returned if the length of this object is set to outside the range of 0 and 64." ::= { tmnxVRtIPsecSAEntry 8 } tmnxVRtIPsecSASpi OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecSASpi specifies the SPI (Security Parameter Index) used to lookup the instruction to verify and decrypt the incoming IPsec packets when the value of tmnxVRtIPsecSADirection is 'inbound'. The value of tmnxVRtIPsecSASpi specifies the SPI that will be used in the encoding of the outgoing packets when the value of tmnxVRtIPsecSADirection is 'outbound'. The remote node can use this SPI to lookup the instruction to verify and decrypt the packet. There is no default value for tmnxVRtIPsecSASpi and this is a required object when creating an entry in tmnxVRtIPsecSATable. If tmnxVRtIPsecSAAuthenticationKey is not specified when creating an entry, the request will fail with an 'inconsistentValue' error. A 'wrongValue' error is returned if the value of tmnxVRtIPsecSASpi is set to outside the range of 256 and 16383." ::= { tmnxVRtIPsecSAEntry 9 } tmnxVRtIPsecSAManualTransformId OBJECT-TYPE SYNTAX TmnxIPsecTransformIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAManualTransformId specifies the transform entry that will be used by this SA entry. This object should be specified for all the entries created by the user which are manual SAs. If the value of tmnxVRtIPsecSAType is 'dynamic', then the value of tmnxVRtIPsecSAManualTransformId is irrelevant and will be zero. There is no default value for tmnxVRtIPsecSAManualTransformId and this is a required object when creating an entry in tmnxVRtIPsecSATable. If tmnxVRtIPsecSAManualTransformId is not specified when creating an entry, the request will fail with an 'inconsistentValue' error." ::= { tmnxVRtIPsecSAEntry 10 } tmnxVRtIPsecSAAuthAlgorithm OBJECT-TYPE SYNTAX TmnxAuthAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAAuthAlgorithm indicates the authentication algorithm used with this SA." ::= { tmnxVRtIPsecSAEntry 11 } tmnxVRtIPsecSAEncrAlgorithm OBJECT-TYPE SYNTAX TmnxEncrAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAEncrAlgorithm indicates the encryption algorithm used with this SA." ::= { tmnxVRtIPsecSAEntry 12 } tmnxVRtIPsecSAStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStorageType indicates how the row is stored. Entries with tmnxVRtIPsecSAStorageType of 'read-only' are dynamic SAs and are created by the IPsec subsystem and cannot be modified or destroyed. All the entries created by the user are manual SAs and will have the tmnxVRtIPsecSAStorageType as 'nonVolatile'." ::= { tmnxVRtIPsecSAEntry 13 } tmnxVRtIPsecSAEstablishedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAEstablishedTime indicates the sysUpTime at the time the IPsec phase 2 negotiation completed." ::= { tmnxVRtIPsecSAEntry 14 } tmnxVRtIPsecSANegotiatedLifeTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSANegotiatedLifeTime indicates the lifetime negotiated for phase2 IKE key." ::= { tmnxVRtIPsecSAEntry 15 } tmnxVRtIPsecSAStTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxVRtIPsecSAStEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to retrieve the IPsec SA Statistics entries." ::= { tmnxIPsecObjects 114 } tmnxVRtIPsecSAStEntry OBJECT-TYPE SYNTAX TmnxVRtIPsecSAStEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec SA Statistics entry." INDEX { vRtrID, vRtrIfIndex, tmnxVRtIPsecTnlName, tmnxVRtIPsecSAId, tmnxVRtIPsecSADirection, tmnxVRtIPsecSAIndex } ::= { tmnxVRtIPsecSAStTable 1 } TmnxVRtIPsecSAStEntry ::= SEQUENCE { tmnxVRtIPsecSAStBytesProcessed Counter64, tmnxVRtIPsecSAStBytesProcLow32 Counter32, tmnxVRtIPsecSAStBytesProcHigh32 Counter32, tmnxVRtIPsecSAStPktsProcessed Counter64, tmnxVRtIPsecSAStPktsProcLow32 Counter32, tmnxVRtIPsecSAStPktsProcHigh32 Counter32, tmnxVRtIPsecSAStCryptoErrors Counter32, tmnxVRtIPsecSAStReplayErrors Counter32, tmnxVRtIPsecSAStSAErrors Counter32, tmnxVRtIPsecSAStPolicyErrors Counter32, tmnxVRtIPsecSAStEncapOverhead Counter32, tmnxVRtIPsecSAStPreEncapFragCnt Counter64, tmnxVRtIPsecSAStPreEncapFragLtSz Unsigned32, tmnxVRtIPsecSAStPstEncapFragCnt Counter64, tmnxVRtIPsecSAStPstEncapFragLtSz Unsigned32, tmnxVRtIPsecSAStTempPrivMtu Unsigned32, tmnxVRtIPsecSAStPfsDhGroup TmnxIkePolicyDHGroupOrZero, tmnxVRtIPsecSAStMulticastIfName TNamedItemOrEmpty, tmnxVRtIPsecSAStMulticastProt TIPsecMulticastProtocol } tmnxVRtIPsecSAStBytesProcessed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStBytesProcessed indicates the number of bytes successfully processed for this SA." ::= { tmnxVRtIPsecSAStEntry 1 } tmnxVRtIPsecSAStBytesProcLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStBytesProcLow32 indicates the lower 32 bits of the value of tmnxVRtIPsecSAStBytesProcessed." ::= { tmnxVRtIPsecSAStEntry 2 } tmnxVRtIPsecSAStBytesProcHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStBytesProcHigh32 indicates the higher 32 bits of the value of tmnxVRtIPsecSAStBytesProcessed." ::= { tmnxVRtIPsecSAStEntry 3 } tmnxVRtIPsecSAStPktsProcessed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStPktsProcessed indicates the number of packets successfully processed for this SA." ::= { tmnxVRtIPsecSAStEntry 4 } tmnxVRtIPsecSAStPktsProcLow32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStPktsProcLow32 indicates the lower 32 bits of the value of tmnxVRtIPsecSAStPktsProcessed." ::= { tmnxVRtIPsecSAStEntry 5 } tmnxVRtIPsecSAStPktsProcHigh32 OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStPktsProcHigh32 indicates the higher 32 bits of the value of tmnxVRtIPsecSAStPktsProcessed." ::= { tmnxVRtIPsecSAStEntry 6 } tmnxVRtIPsecSAStCryptoErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStCryptoErrors indicates the number of crypto errors encountered on this SA. The crypto errors include errors on packets where protocol does not match or if the check on authentication header length failed." ::= { tmnxVRtIPsecSAStEntry 7 } tmnxVRtIPsecSAStReplayErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStReplayErrors indicates the number of replay errors encountered on this SA." ::= { tmnxVRtIPsecSAStEntry 8 } tmnxVRtIPsecSAStSAErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStSAErrors indicates the number of SA errors encountered on this SA. The SA errors include sequence number failure, invalid SA, policy version mismatch, illegal authentication algorithm, expanded packet too big, illegal configured algorithm and ttl decrement error." ::= { tmnxVRtIPsecSAStEntry 9 } tmnxVRtIPsecSAStPolicyErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStPolicyErrors indicates the number of policy errors encountered on this SA. The policy errors include bundled SA, selector check and policy direction error." ::= { tmnxVRtIPsecSAStEntry 10 } tmnxVRtIPsecSAStEncapOverhead OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStEncapOverhead indicates the encapsulation overhead for this outbound SA. This value is only significant when the value of tmnxVRtIPsecSADirection is 'outbound'." ::= { tmnxVRtIPsecSAStEntry 11 } tmnxVRtIPsecSAStPreEncapFragCnt OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStPreEncapFragCnt indicates the number of fragmentations that occurred prior to encapsulation for this outbound SA. Pre-encapsulation fragmentation occurs for IPv4 packets whose size exceeds tmnxIPsecTunnelIpMtu. This value is only significant when the value of tmnxVRtIPsecSADirection is 'outbound'." ::= { tmnxVRtIPsecSAStEntry 12 } tmnxVRtIPsecSAStPreEncapFragLtSz OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStPreEncapFragLtSz indicates the size of the last packet which caused a pre-encapsulation fragmentation to occur for this SA. This value is only significant when the value of tmnxVRtIPsecSADirection is 'outbound'." ::= { tmnxVRtIPsecSAStEntry 13 } tmnxVRtIPsecSAStPstEncapFragCnt OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStPstEncapFragCnt indicates the number of fragmentations that occurred after encapsulation for this SA. Post-encapsulation fragmentation occurs when the encapsulated packet size exceeds tmnxIPsecTunnelEncapIpMtu. This value is only significant when the value of tmnxVRtIPsecSADirection is 'outbound'." ::= { tmnxVRtIPsecSAStEntry 14 } tmnxVRtIPsecSAStPstEncapFragLtSz OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStPstEncapFragLtSz indicates the size of the last encapsulated packet which caused a post-encapsulation fragmentation to occur for this SA. This value is only significant when the value of tmnxVRtIPsecSADirection is 'outbound'." ::= { tmnxVRtIPsecSAStEntry 15 } tmnxVRtIPsecSAStTempPrivMtu OBJECT-TYPE SYNTAX Unsigned32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStTempPrivMtu indicates the size of temporary private MTU for this SA. This value is only significant when the value of tmnxVRtIPsecSADirection is 'outbound (2)'." ::= { tmnxVRtIPsecSAStEntry 16 } tmnxVRtIPsecSAStPfsDhGroup OBJECT-TYPE SYNTAX TmnxIkePolicyDHGroupOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStPfsDhGroup indicates the Diffie-Hellman (DH) group used with this SA. The Diffie-Hellman (DH) group is used by the SA to achieve Perfect Forward Secrecy (PFS)." ::= { tmnxVRtIPsecSAStEntry 17 } tmnxVRtIPsecSAStMulticastIfName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStMulticastIfName indicates the multicast interface name associated with this SA. This value is only significant when the value of tmnxVRtIPsecSAType is 'dynamic (2)' and the value of tmnxVRtIPsecSADirection is 'outbound (2)'." ::= { tmnxVRtIPsecSAStEntry 18 } tmnxVRtIPsecSAStMulticastProt OBJECT-TYPE SYNTAX TIPsecMulticastProtocol MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecSAStMulticastProt indicates the supported protocol types of the multicast interface associated to this RA. This value is only significant when the value of tmnxVRtIPsecSAType is 'dynamic (2)' and the value of tmnxVRtIPsecSADirection is 'outbound (2)'." ::= { tmnxVRtIPsecSAStEntry 19 } tmnxVRtSecPlcyTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyTableLastChanged indicates the sysUpTime at the time of the last modification to tmnxVRtSecPlcyTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 115 } tmnxVRtSecPlcyTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxVRtSecPlcyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IPsec Security Policy entries." ::= { tmnxIPsecObjects 116 } tmnxVRtSecPlcyEntry OBJECT-TYPE SYNTAX TmnxVRtSecPlcyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec Security Policy entry." INDEX { vRtrID, tmnxVRtSecPlcyId } ::= { tmnxVRtSecPlcyTable 1 } TmnxVRtSecPlcyEntry ::= SEQUENCE { tmnxVRtSecPlcyId TmnxIPsecPolicyId, tmnxVRtSecPlcyRowStatus RowStatus, tmnxVRtSecPlcyLastChanged TimeStamp } tmnxVRtSecPlcyId OBJECT-TYPE SYNTAX TmnxIPsecPolicyId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyId specifies the id of a Security Policy entry and is the primary index for the table." ::= { tmnxVRtSecPlcyEntry 1 } tmnxVRtSecPlcyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxVRtSecPlcyRowStatus object is used to create and delete rows in the tmnxVRtSecPlcyTable." ::= { tmnxVRtSecPlcyEntry 2 } tmnxVRtSecPlcyLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxVRtSecPlcyEntry 3 } tmnxVRtSecPlcyParamTblLastChangd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamTblLastChangd indicates the sysUpTime at the time of the last modification to tmnxVRtSecPlcyParamTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 117 } tmnxVRtSecPlcyParamTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxVRtSecPlcyParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store the IPsec Security Policy Params entries." ::= { tmnxIPsecObjects 118 } tmnxVRtSecPlcyParamEntry OBJECT-TYPE SYNTAX TmnxVRtSecPlcyParamEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec Security policy params entry." INDEX { vRtrID, tmnxVRtSecPlcyId, tmnxVRtSecPlcyParamId } ::= { tmnxVRtSecPlcyParamTable 1 } TmnxVRtSecPlcyParamEntry ::= SEQUENCE { tmnxVRtSecPlcyParamId Unsigned32, tmnxVRtSecPlcyParamRowStatus RowStatus, tmnxVRtSecPlcyParamLastChanged TimeStamp, tmnxVRtSecPlcyParamLclAddrAny TruthValue, tmnxVRtSecPlcyParamLclAddrType InetAddressType, tmnxVRtSecPlcyParamLclAddr InetAddress, tmnxVRtSecPlcyParamLclAPrefLen InetAddressPrefixLength, tmnxVRtSecPlcyParamRemAddrAny TruthValue, tmnxVRtSecPlcyParamRemAddrType InetAddressType, tmnxVRtSecPlcyParamRemAddr InetAddress, tmnxVRtSecPlcyParamRemAPrefLen InetAddressPrefixLength, tmnxVRtSecPlcyParam6LclAddrAny TruthValue, tmnxVRtSecPlcyParam6LclAddrType InetAddressType, tmnxVRtSecPlcyParam6LclAddr InetAddress, tmnxVRtSecPlcyParam6LclAPrefLen InetAddressPrefixLength, tmnxVRtSecPlcyParam6RemAddrAny TruthValue, tmnxVRtSecPlcyParam6RemAddrType InetAddressType, tmnxVRtSecPlcyParam6RemAddr InetAddress, tmnxVRtSecPlcyParam6RemAPrefLen InetAddressPrefixLength } tmnxVRtSecPlcyParamId OBJECT-TYPE SYNTAX Unsigned32 (1..16) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamId specifies the id of an IPsec policy params entry and is part of the index for the tmnxVRtSecPlcyParamTable." ::= { tmnxVRtSecPlcyParamEntry 1 } tmnxVRtSecPlcyParamRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxVRtSecPlcyParamRowStatus object is used to create and delete rows in the tmnxVRtSecPlcyParamTable." ::= { tmnxVRtSecPlcyParamEntry 2 } tmnxVRtSecPlcyParamLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamLastChanged indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxVRtSecPlcyParamEntry 3 } tmnxVRtSecPlcyParamLclAddrAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamLclAddrAny specifies whether the IP address on the vpn side can be any IP address. If the value is 'true' then local IP address can be any IP address. Please look at the following chart for more details: tmnxVRtSecPlcyParamLclAddrAny true false ----------------------------------------------------------------- tmnxVRtSecPlcyParamLclAddrType unknown unknown or ipv4 tmnxVRtSecPlcyParamLclAddr ''H ''H or valid ipv4 tmnxVRtSecPlcyParamLclAPrefLen 0 0 to 32" DEFVAL { false } ::= { tmnxVRtSecPlcyParamEntry 4 } tmnxVRtSecPlcyParamLclAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamLclAddrType specifies the address type of address in tmnxVRtSecPlcyParamLclAddr. If the value of tmnxVRtSecPlcyParamLclAddrAny is 'true' then the value of tmnxVRtSecPlcyParamLclAddrType will be 'unknown'." DEFVAL { unknown } ::= { tmnxVRtSecPlcyParamEntry 5 } tmnxVRtSecPlcyParamLclAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamLclAddr specifies the ip address on the vpn side. If the value of tmnxVRtSecPlcyParamLclAddrAny is 'true' then the value of tmnxVRtSecPlcyParamLclAddr will be empty(''H)." DEFVAL { ''H } ::= { tmnxVRtSecPlcyParamEntry 6 } tmnxVRtSecPlcyParamLclAPrefLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamLclAPrefLen specifies the number of bits to match of the tmnxVRtSecPlcyParamLclAddr. If the value of tmnxVRtSecPlcyParamLclAddrAny is 'true' then the value of tmnxVRtSecPlcyParamLclAPrefLen will be 0." DEFVAL { 0 } ::= { tmnxVRtSecPlcyParamEntry 7 } tmnxVRtSecPlcyParamRemAddrAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamRemAddrAny specifies whether the IP address on the tunnel side can be any IP address. If the value is 'true' then remote IP address can be any IP address. Please look at the following chart for more details: tmnxVRtSecPlcyParamRemAddrAny true false ----------------------------------------------------------------- tmnxVRtSecPlcyParamRemAddrType unknown unknown or ipv4 tmnxVRtSecPlcyParamRemAddr ''H ''H or valid ipv4 tmnxVRtSecPlcyParamRemAPrefLen 0 0 to 32" DEFVAL { false } ::= { tmnxVRtSecPlcyParamEntry 8 } tmnxVRtSecPlcyParamRemAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamRemAddrType specifies the address type of address in tmnxVRtSecPlcyParamRemAddr. If the value of tmnxVRtSecPlcyParamRemAddrAny is 'true' then the value of tmnxVRtSecPlcyParamRemAddrType will be 'unknown'." DEFVAL { unknown } ::= { tmnxVRtSecPlcyParamEntry 9 } tmnxVRtSecPlcyParamRemAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16|20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamRemAddr specifies the ip address on the tunnel side. If the value of tmnxVRtSecPlcyParamRemAddrAny is 'true' then the value of tmnxVRtSecPlcyParamRemAddr will be empty(''H)." DEFVAL { ''H } ::= { tmnxVRtSecPlcyParamEntry 10 } tmnxVRtSecPlcyParamRemAPrefLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParamRemAPrefLen specifies the number of bits to match of the tmnxVRtSecPlcyParamRemAddr. If the value of tmnxVRtSecPlcyParamRemAddrAny is 'true' then the value of tmnxVRtSecPlcyParamRemAPrefLen will be 0." DEFVAL { 0 } ::= { tmnxVRtSecPlcyParamEntry 11 } tmnxVRtSecPlcyParam6LclAddrAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParam6LclAddrAny specifies whether the ipv6 address on the vpn side can be any ipv6 address. If the value is 'true' then local ipv6 address can be any ipv6 address. Please look at the following chart for more details: tmnxVRtSecPlcyParam6LclAddrAny true false ----------------------------------------------------------------- tmnxVRtSecPlcyParam6LclAddrType unknown unknown or ipv6 tmnxVRtSecPlcyParam6LclAddr ''H ''H or valid ipv6 tmnxVRtSecPlcyParam6LclAPrefLen 0 0 to 128" DEFVAL { false } ::= { tmnxVRtSecPlcyParamEntry 12 } tmnxVRtSecPlcyParam6LclAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParam6LclAddrType specifies the address type of address in tmnxVRtSecPlcyParam6LclAddr. If the value of tmnxVRtSecPlcyParam6LclAddrAny is 'true' then the value of tmnxVRtSecPlcyParam6LclAddrType will be 'unknown'." DEFVAL { unknown } ::= { tmnxVRtSecPlcyParamEntry 13 } tmnxVRtSecPlcyParam6LclAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParam6LclAddr specifies the ipv6 address on the vpn side. If the value of tmnxVRtSecPlcyParam6LclAddrAny is 'true' then the value of tmnxVRtSecPlcyParam6LclAddr will be empty(''H)." DEFVAL { ''H } ::= { tmnxVRtSecPlcyParamEntry 14 } tmnxVRtSecPlcyParam6LclAPrefLen OBJECT-TYPE SYNTAX InetAddressPrefixLength (0 | 1..128) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParam6LclAPrefLen specifies the number of bits to match of the tmnxVRtSecPlcyParam6LclAddr. If the value of tmnxVRtSecPlcyParam6LclAddrAny is 'true' then the value of tmnxVRtSecPlcyParam6LclAPrefLen will be 0." DEFVAL { 0 } ::= { tmnxVRtSecPlcyParamEntry 15 } tmnxVRtSecPlcyParam6RemAddrAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParam6RemAddrAny specifies whether the ipv6 address on the tunnel side can be any ipv6 address. If the value is 'true' then remote ipv6 address can be any ipv6 address. Please look at the following chart for more details: tmnxVRtSecPlcyParam6RemAddrAny true false ----------------------------------------------------------------- tmnxVRtSecPlcyParam6RemAddrType unknown unknown or ipv6 tmnxVRtSecPlcyParam6RemAddr ''H ''H or valid ipv6 tmnxVRtSecPlcyParam6RemAPrefLen 0 0 to 128" DEFVAL { false } ::= { tmnxVRtSecPlcyParamEntry 16 } tmnxVRtSecPlcyParam6RemAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParam6RemAddrType specifies the address type of address in tmnxVRtSecPlcyParam6RemAddr. If the value of tmnxVRtSecPlcyParam6RemAddrAny is 'true' then the value of tmnxVRtSecPlcyParam6RemAddrType will be 'unknown'." DEFVAL { unknown } ::= { tmnxVRtSecPlcyParamEntry 17 } tmnxVRtSecPlcyParam6RemAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (0|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParam6RemAddr specifies the ipv6 address on the tunnel side. If the value of tmnxVRtSecPlcyParam6RemAddrAny is 'true' then the value of tmnxVRtSecPlcyParam6RemAddr will be empty(''H)." DEFVAL { ''H } ::= { tmnxVRtSecPlcyParamEntry 18 } tmnxVRtSecPlcyParam6RemAPrefLen OBJECT-TYPE SYNTAX InetAddressPrefixLength (0 | 1..128) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtSecPlcyParam6RemAPrefLen specifies the number of bits to match of the tmnxVRtSecPlcyParam6RemAddr. If the value of tmnxVRtSecPlcyParam6RemAddrAny is 'true' then the value of tmnxVRtSecPlcyParam6RemAPrefLen will be 0." DEFVAL { 0 } ::= { tmnxVRtSecPlcyParamEntry 19 } tmnxVRtIfIPsecTblLstCgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIfIPsecTblLstCgd indicates the sysUpTime at the time of the last modification to tmnxVRtIfIPsecTable by adding, deleting an entry or change to a writable object in the table. If no changes were made to the table since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxIPsecObjects 119 } tmnxVRtIfIPsecTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxVRtIfIPsecEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store IPsec entries." ::= { tmnxIPsecObjects 120 } tmnxVRtIfIPsecEntry OBJECT-TYPE SYNTAX TmnxVRtIfIPsecEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a single IPsec entry." INDEX { vRtrID, vRtrIfIndex } ::= { tmnxVRtIfIPsecTable 1 } TmnxVRtIfIPsecEntry ::= SEQUENCE { tmnxVRtIfIPsecRowStatus RowStatus, tmnxVRtIfIPsecLastChgd TimeStamp, tmnxVRtIfIPsecAdminState TmnxAdminState, tmnxVRtIfIPsecIpFilterInExcptId TFilterID, tmnxVRtIfIPsecIsaTnlGroup TmnxTunnelGroupIdOrZero, tmnxVRtIfIPsecPubSap Unsigned32, tmnxVRtIfIPsecIpv6FilterInExcId TFilterID } tmnxVRtIfIPsecRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The tmnxVRtIfIPsecRowStatus object is used to create and delete rows in the tmnxVRtIfIPsecTable." ::= { tmnxVRtIfIPsecEntry 1 } tmnxVRtIfIPsecLastChgd OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIfIPsecLastChgd indicates the sysUpTime at the time of the last modification of this entry. If no changes were made to the entry since the last re-initialization of the local network management subsystem, then this object contains a zero value." ::= { tmnxVRtIfIPsecEntry 2 } tmnxVRtIfIPsecAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIfIPsecAdminState specifies the administrative state of the tmnxVRtIfIPsecEntry." DEFVAL { outOfService } ::= { tmnxVRtIfIPsecEntry 3 } tmnxVRtIfIPsecIpFilterInExcptId OBJECT-TYPE SYNTAX TFilterID MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxVRtIfIPsecIpFilterInExcptId specifies the row index in the alu-nge:aluNgeIPExceptionTable corresponding to this IPv4 ingress exception, or zero if no exception is specified." DEFVAL { 0 } ::= { tmnxVRtIfIPsecEntry 4 } tmnxVRtIfIPsecIsaTnlGroup OBJECT-TYPE SYNTAX TmnxTunnelGroupIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIfIPsecIsaTnlGroup specifies the ISA tunnel group ID. This object must be specified to a non-zero value during the row creation." DEFVAL { 0 } ::= { tmnxVRtIfIPsecEntry 5 } tmnxVRtIfIPsecPubSap OBJECT-TYPE SYNTAX Unsigned32 (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of tmnxVRtIfIPsecPubSap specifies the SAP encapsulation value. This object must be specified to a value during the row creation." ::= { tmnxVRtIfIPsecEntry 6 } tmnxVRtIfIPsecIpv6FilterInExcId OBJECT-TYPE SYNTAX TFilterID MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxVRtIfIPsecIpv6FilterInExcId specifies the IPv6 exception filter for this interface. A value of 0 specifies that no IPv6 exception filter is configured on the interface. A non-zero value specifies the IPv6 exception filter configured in the table tIPv6ExceptionTable." DEFVAL { 0 } ::= { tmnxVRtIfIPsecEntry 7 } tmnxVRtIPsecTnlStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxVRtIPsecTnlStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to store IPsec Tunnel statistics" ::= { tmnxIPsecObjects 121 } tmnxVRtIPsecTnlStatsEntry OBJECT-TYPE SYNTAX TmnxVRtIPsecTnlStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Statistics for a single IPsec Tunnel." INDEX { vRtrID, vRtrIfIndex, tmnxVRtIPsecTnlName } ::= { tmnxVRtIPsecTnlStatsTable 1 } TmnxVRtIPsecTnlStatsEntry ::= SEQUENCE { tmnxVRtIPsecTnlIsakmpState INTEGER, tmnxVRtIPsecTnlIsakmpEstabTime TimeStamp, tmnxVRtIPsecTnlIsakmpNegLifeTime Unsigned32, tmnxVRtIPsecTnlNumDpdTx Counter32, tmnxVRtIPsecTnlNumDpdRx Counter32, tmnxVRtIPsecTnlNumDpdAckTx Counter32, tmnxVRtIPsecTnlNumDpdAckRx Counter32, tmnxVRtIPsecTnlNumExpRx Counter32, tmnxVRtIPsecTnlNumInvalidDpdRx Counter32, tmnxVRtIPsecTnlNumCtrlPktsTx Counter32, tmnxVRtIPsecTnlNumCtrlPktsRx Counter32, tmnxVRtIPsecTnlNumCtrlTxErrors Counter32, tmnxVRtIPsecTnlNumCtrlRxErrors Counter32, tmnxVRtIPsecTnlMatCertEntryId Integer32, tmnxVRtIPsecTnlCertProfName TNamedItemOrEmpty, tmnxVRtIPsecTnlStatIsakmpAuthAlg TmnxAuthAlgorithm, tmnxVRtIPsecTnlStatIsakmpEncrAlg TmnxEncrAlgorithm, tmnxVRtIPsecTnlStatIsakmpPfsDhGp TmnxIkePolicyDHGroupOrZero, tmnxVRtIPsecTnlStatIkeTranPrfAlg INTEGER } tmnxVRtIPsecTnlIsakmpState OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIsakmpState indicates the state of phase 1 IPsec negotiation." ::= { tmnxVRtIPsecTnlStatsEntry 1 } tmnxVRtIPsecTnlIsakmpEstabTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIsakmpEstabTime indicates the sysUpTime at the time the IPsec phase 1 negotiation completed." ::= { tmnxVRtIPsecTnlStatsEntry 2 } tmnxVRtIPsecTnlIsakmpNegLifeTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlIsakmpNegLifeTime indicates the lifetime negotiated for phase1 IKE key." ::= { tmnxVRtIPsecTnlStatsEntry 3 } tmnxVRtIPsecTnlNumDpdTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlNumDpdTx indicates the number of Dead-Peer-Detection packets transmitted." ::= { tmnxVRtIPsecTnlStatsEntry 4 } tmnxVRtIPsecTnlNumDpdRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlNumDpdRx indicates the number of Dead-Peer-Detection packets received." ::= { tmnxVRtIPsecTnlStatsEntry 5 } tmnxVRtIPsecTnlNumDpdAckTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlNumDpdAckTx indicates the number of Dead-Peer-Detection acknowledgement packets transmitted." ::= { tmnxVRtIPsecTnlStatsEntry 6 } tmnxVRtIPsecTnlNumDpdAckRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlNumDpdAckRx indicates the number of Dead-Peer-Detection acknowledgement packets received." ::= { tmnxVRtIPsecTnlStatsEntry 7 } tmnxVRtIPsecTnlNumExpRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlNumExpRx indicates the number of DPD R-U-THERE packets that have not been acknowledged." ::= { tmnxVRtIPsecTnlStatsEntry 8 } tmnxVRtIPsecTnlNumInvalidDpdRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlNumInvalidDpdRx indicates the number of malformed DPD R-U-THERE acknowledgement packets received." ::= { tmnxVRtIPsecTnlStatsEntry 9 } tmnxVRtIPsecTnlNumCtrlPktsTx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlNumCtrlPktsTx indicates the number of control packets this IPsec Tunnel has sent." ::= { tmnxVRtIPsecTnlStatsEntry 10 } tmnxVRtIPsecTnlNumCtrlPktsRx OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlNumCtrlPktsRx indicates the number of control packets this IPsec Tunnel has received." ::= { tmnxVRtIPsecTnlStatsEntry 11 } tmnxVRtIPsecTnlNumCtrlTxErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlNumCtrlTxErrors indicates the number of control packet transmit errors." ::= { tmnxVRtIPsecTnlStatsEntry 12 } tmnxVRtIPsecTnlNumCtrlRxErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlNumCtrlRxErrors indicates the number of control packet receive errors." ::= { tmnxVRtIPsecTnlStatsEntry 13 } tmnxVRtIPsecTnlMatCertEntryId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlMatCertEntryId indicates the matching certificate profile entry id used for this tunnel." ::= { tmnxVRtIPsecTnlStatsEntry 14 } tmnxVRtIPsecTnlCertProfName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlCertProfName indicates a specific IPsec tunnel certificate profile name used for this tunnel." ::= { tmnxVRtIPsecTnlStatsEntry 15 } tmnxVRtIPsecTnlStatIsakmpAuthAlg OBJECT-TYPE SYNTAX TmnxAuthAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlStatIsakmpAuthAlg indicates the authentication algorithm of the IPsec phase 1 negotiation for this IPsec tunnel." ::= { tmnxVRtIPsecTnlStatsEntry 17 } tmnxVRtIPsecTnlStatIsakmpEncrAlg OBJECT-TYPE SYNTAX TmnxEncrAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlStatIsakmpEncrAlg indicates the encryption algorithm of the IPsec phase 1 negotiation for this IPsec tunnel." ::= { tmnxVRtIPsecTnlStatsEntry 18 } tmnxVRtIPsecTnlStatIsakmpPfsDhGp OBJECT-TYPE SYNTAX TmnxIkePolicyDHGroupOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlStatIsakmpPfsDhGp indicates the Diffie-Hellman (DH) group of the IPsec phase 1 negotiation for this IPsec tunnel. The Diffie-Hellman (DH) group is used by the IPsec tunnel to achieve Perfect Forward Secrecy (PFS)." ::= { tmnxVRtIPsecTnlStatsEntry 19 } tmnxVRtIPsecTnlStatIkeTranPrfAlg OBJECT-TYPE SYNTAX INTEGER { md5 (2), sha1 (3), sha256 (4), sha384 (5), sha512 (6), aesXcbc (7), sameAsAuth (8) } MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxVRtIPsecTnlStatIkeTranPrfAlg specifies the pseudo-random function (PRF)." ::= { tmnxVRtIPsecTnlStatsEntry 20 } tmnxIPsecLOClientEsaTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecLOClientEsaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecLOClientEsaTable contains the statistics information of IPsec lockout clients. IPsec lockout clients are ones who are not successfully pass the IKE authentication process." ::= { tmnxIPsecObjects 122 } tmnxIPsecLOClientEsaEntry OBJECT-TYPE SYNTAX TmnxIPsecLOClientEsaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each tmnxIPsecLOClientEsaEntry contains the statistics information for one IPsec Lockout Client. tmnxEsaId and tmnxEsaVmId should be IPsec ESA and VM identifier." INDEX { tmnxEsaId, tmnxEsaVmId, tmnxIPsecLockoutClientRtrId, tmnxIPsecLockoutClientLclGwAddrT, tmnxIPsecLockoutClientLclGwAddr, tmnxIPsecLockoutClientAddressTyp, tmnxIPsecLockoutClientAddress, tmnxIPsecLockoutClientPort } ::= { tmnxIPsecLOClientEsaTable 1 } TmnxIPsecLOClientEsaEntry ::= SEQUENCE { tmnxIPsecLOClientEsaStatus TruthValue, tmnxIPsecLOClientEsaFailAtempt Unsigned32, tmnxIPsecLOClientEsaDroppedPkt Unsigned32, tmnxIPsecLOClientEsaRemainTime Integer32 } tmnxIPsecLOClientEsaStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecLOClientEsaStatus indicates whether a client is locked out by the system. The value of 'true (1)' indicates that the client is locked out and all IKE traffics from this client are rejected by the system. The value of 'false (2)' indicates that the system still accepts IKE traffic from this client; but the client has failed on certain IKE authentications." ::= { tmnxIPsecLOClientEsaEntry 1 } tmnxIPsecLOClientEsaFailAtempt OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecLOClientEsaFailAtempt indicates the number of failed authentication attempts from the lockout client within the lockout duration(i.e., tmnxIkePolicyLockoutDuration)." ::= { tmnxIPsecLOClientEsaEntry 2 } tmnxIPsecLOClientEsaDroppedPkt OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecLOClientEsaDroppedPkt indicates the number of dropped packets for the lockout client." ::= { tmnxIPsecLOClientEsaEntry 3 } tmnxIPsecLOClientEsaRemainTime OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecLOClientEsaRemainTime indicates the time remaining until this client is unblocked. The total block time is defined by tmnxIkePolicyLockoutBlock. A value of zero indicates that this client will never be unblocked. A value of -1 indicates that this client is not blocked." ::= { tmnxIPsecLOClientEsaEntry 4 } tmnxIPsecEsaHistStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecEsaHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecEsaHistStatsTable contains the historical statistics of Extended Services Appliances (ESAs)." ::= { tmnxIPsecObjects 123 } tmnxIPsecEsaHistStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecEsaHistStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecEsaHistStatsEntry contains the historical statistics for a specific ESA." INDEX { tmnxEsaId, tmnxEsaVmId, tmnxIPsecEsaHistStatsType, tmnxIPsecEsaHistStatsIntvIdx } ::= { tmnxIPsecEsaHistStatsTable 1 } TmnxIPsecEsaHistStatsEntry ::= SEQUENCE { tmnxIPsecEsaHistStatsType TmnxIPsecHistStatsType, tmnxIPsecEsaHistStatsIntvIdx Unsigned32, tmnxIPsecEsaHistStatsValue64 CounterBasedGauge64, tmnxIPsecEsaHistStatsValue32 Integer32, tmnxIPsecEsaHistStatsIntvStTm DateAndTime, tmnxIPsecEsaHistStatsIntvDur Unsigned32, tmnxIPsecEsaHistStatsFstFTm DateAndTime, tmnxIPsecEsaHistStatsFstFDesc TItemLongDescription, tmnxIPsecEsaHistStatsLstFTm DateAndTime, tmnxIPsecEsaHistStatsLstFDesc TItemLongDescription } tmnxIPsecEsaHistStatsType OBJECT-TYPE SYNTAX TmnxIPsecHistStatsType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecEsaHistStatsType specifies the statistical type for this ESA." ::= { tmnxIPsecEsaHistStatsEntry 1 } tmnxIPsecEsaHistStatsIntvIdx OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of tmnxIPsecEsaHistStatsIntvIdx specifies the index of the sampling interval period for this statistic. When the value of tmnxIPsecEsaHistStatsIntvIdx is '1', it indicates that this is the current sampling interval period and the value of tmnxIPsecEsaHistStatsValue64 indicates the current statistical value. When the value of tmnxIPsecEsaHistStatsIntvIdx is larger than '1', it indicates that this is a previous sampling interval and the value of tmnxIPsecEsaHistStatsValue64 indicates a previous statistical value. Specifically, when the value of tmnxIPsecEsaHistStatsIntvIdx is '2', it indicates that this is the most recent finished sampling interval and the value of tmnxIPsecEsaHistStatsValue64 indicates the most recent statistical value." ::= { tmnxIPsecEsaHistStatsEntry 2 } tmnxIPsecEsaHistStatsValue64 OBJECT-TYPE SYNTAX CounterBasedGauge64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaHistStatsValue64 indicates the statistical value during the corresponding sampling interval period. The unit of tmnxIPsecEsaHistStatsValue64 is indicated by tmnxIPsecEsaHistStatsType." ::= { tmnxIPsecEsaHistStatsEntry 3 } tmnxIPsecEsaHistStatsValue32 OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaHistStatsValue32 indicates a signed 32-bit integer representation of the value of tmnxIPsecEsaHistStatsValue64. This object is used by Remote Network Monitoring (RMON) to monitor this statistical value. For most tmnxIPsecEsaHistStatsType values, the value and unit of tmnxIPsecEsaHistStatsValue32 are the same as the value and unit of tmnxIPsecEsaHistStatsValue64. The exception are the following two cases. 1) Different values: The value of tmnxIPsecEsaHistStatsValue32 is meaningless if this statistic (i.e. accumulative statistic) is not monitored by RMON. The values of accumulative statistical types are indicated by tmnxIPsecEsaHistStatsType. 2) Different values and units: When the value of tmnxIPsecEsaHistStatsType is equal to any of the following values, the unit of tmnxIPsecEsaHistStatsValue32 is the number of mebibits (1 mebibit == 1024 * 1024 bits), instead of the number of bits which is used by tmnxIPsecEsaHistStatsValue64. 'numOfIPsecEncrBits (103)' 'numOfIPsecDecrBits (104)' 'numOfIPsecEnDecrBits (105)' 'numOfGreTnlEncapBits (113)' 'numOfGreTnlDecapBits (114)' 'numOfGreTnlEnDecapBits (115)' 'numOfIpTnlEncapBits (123)' 'numOfIpTnlDecapBits (124)' 'numOfIpTnlEnDecapBits (125)' 'numOfL2tpv3TnlEncapBits (133)' 'numOfL2tpv3TnlDecapBits (134)' 'numOfL2tpv3TnlEnDecapBits (135)' When the value of tmnxIPsecEsaHistStatsType is equal to any of the following values, the unit of tmnxIPsecEsaHistStatsValue32 is the number of mebi-packets (1 mebi-packet == 1024 * 1024 packets), instead of the number of packets which is used by tmnxIPsecEsaHistStatsValue64. 'numOfIPsecEncrPkts (100)' 'numOfIPsecDecrPkts (101)' 'numOfIPsecEnDecrPkts (102)' 'numOfGreTnlEncapPkts (110)' 'numOfGreTnlDecapPkts (111)' 'numOfGreTnlEnDecapPkts (112)' 'numOfIpTnlEncapPkts (120)' 'numOfIpTnlDecapPkts (121)' 'numOfIpTnlEnDecapPkts (122)' 'numOfL2tpv3TnlEncapPkts (130)' 'numOfL2tpv3TnlDecapPkts (131)' 'numOfL2tpv3TnlEnDecapPkts (132)'" ::= { tmnxIPsecEsaHistStatsEntry 4 } tmnxIPsecEsaHistStatsIntvStTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaHistStatsIntvStTm indicates the UTC date when the corresponding sampling interval started." ::= { tmnxIPsecEsaHistStatsEntry 5 } tmnxIPsecEsaHistStatsIntvDur OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaHistStatsIntvDur indicates the duration in seconds of the corresponding sampling interval." ::= { tmnxIPsecEsaHistStatsEntry 6 } tmnxIPsecEsaHistStatsFstFTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaHistStatsFstFTm indicates the UTC date when the first IKE exchange failure happened in the corresponding sampling interval. This value is only significant when tmnxIPsecEsaHistStatsType is equal to any of the following values. 'numOfIkeAuthFails (300) 'numOfIkeNoPrpslFails (301) 'numOfIkeAddrAsgFails (302) 'numOfIkeInvldTsFails (303) 'numOfIkeInvldKeFails (304) 'numOfIkeDpdTimeoutFails (305) 'numOfIkeOtherReasonFails (306)" ::= { tmnxIPsecEsaHistStatsEntry 7 } tmnxIPsecEsaHistStatsFstFDesc OBJECT-TYPE SYNTAX TItemLongDescription (SIZE (0..160)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaHistStatsFstFDesc indicates the description of the place where the first IKE exchange failure happened. This value is only significant when tmnxIPsecEsaHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecEsaHistStatsFstFTm description)." ::= { tmnxIPsecEsaHistStatsEntry 8 } tmnxIPsecEsaHistStatsLstFTm OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaHistStatsLstFTm indicates the UTC date when the last IKE exchange failure happened in the corresponding sampling interval. This value is only significant when tmnxIPsecEsaHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecEsaHistStatsFstFTm description)." ::= { tmnxIPsecEsaHistStatsEntry 9 } tmnxIPsecEsaHistStatsLstFDesc OBJECT-TYPE SYNTAX TItemLongDescription (SIZE (0..160)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaHistStatsLstFDesc indicates the description of the place where the last IKE exchange failure happened. This value is only significant when tmnxIPsecEsaHistStatsType is equal to any of the IKE exchange failure types (see tmnxIPsecEsaHistStatsLstFTm description)." ::= { tmnxIPsecEsaHistStatsEntry 10 } tmnxIPsecEsaDpStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxIPsecEsaDpStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecEsaDpStatsTable contains the data path statistics for Tunnel Extended Services Appliance virtual machines (esa-vm)." ::= { tmnxIPsecObjects 124 } tmnxIPsecEsaDpStatsEntry OBJECT-TYPE SYNTAX TmnxIPsecEsaDpStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxIPsecEsaDpStatsEntry contains the data path statistics for a specific tunnel esa-vm." INDEX { tmnxEsaId, tmnxEsaVmId } ::= { tmnxIPsecEsaDpStatsTable 1 } TmnxIPsecEsaDpStatsEntry ::= SEQUENCE { tmnxIPsecEsaDpStatsEncryptPkts Counter64, tmnxIPsecEsaDpStatsEncryptBytes Counter64, tmnxIPsecEsaDpStatsDecryptPkts Counter64, tmnxIPsecEsaDpStatsDecryptBytes Counter64, tmnxIPsecEsaDpStatsTxPktErrs Counter32, tmnxIPsecEsaDpStatsOutBDropPkts Counter64, tmnxIPsecEsaDpStatsOutBSAMisses Counter64, tmnxIPsecEsaDpStatsOutBPEMisses Counter32, tmnxIPsecEsaDpStatsInBDropPkts Counter64, tmnxIPsecEsaDpStatsInBSAMisses Counter64, tmnxIPsecEsaDpStatsInBIPMismatch Counter32, tmnxIPsecEsaDpInFragments Counter64, tmnxIPsecEsaDpPktsReassem Counter64, tmnxIPsecEsaDpFragDropTime Counter64, tmnxIPsecEsaDpFragDropped Counter64, tmnxIPsecEsaDpGreTnlInPkts Counter64, tmnxIPsecEsaDpGreTnlInBytes Counter64, tmnxIPsecEsaDpGreTnlInErrs Counter64, tmnxIPsecEsaDpGreTnlOutPkts Counter64, tmnxIPsecEsaDpGreTnlOutBytes Counter64, tmnxIPsecEsaDpGreTnlOutErrs Counter64, tmnxIPsecEsaDpPktsDropDfSet Counter64, tmnxIPsecEsaDpStaticIPsecTnls Counter32, tmnxIPsecEsaDpDynIPsecTnls Counter32, tmnxIPsecEsaDpIpGreTnls Counter32, tmnxIPsecEsaDpIpv4Tnls Counter32, tmnxIPsecEsaDpL2tpv3TnlInPkts Counter64, tmnxIPsecEsaDpL2tpv3TnlInBytes Counter64, tmnxIPsecEsaDpL2tpv3TnlInErrs Counter64, tmnxIPsecEsaDpL2tpv3TnlInCookErr Counter64, tmnxIPsecEsaDpL2tpv3TnlInSeIdErr Counter64, tmnxIPsecEsaDpL2tpv3TnlOutPkts Counter64, tmnxIPsecEsaDpL2tpv3TnlOutBytes Counter64, tmnxIPsecEsaDpL2tpv3TnlOutErrs Counter64, tmnxIPsecEsaDpL2tpv3Tnls Counter32 } tmnxIPsecEsaDpStatsEncryptPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsEncryptPkts indicates the number of packets encrypted by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 1 } tmnxIPsecEsaDpStatsEncryptBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsEncryptBytes indicates the number of bytes encrypted by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 2 } tmnxIPsecEsaDpStatsDecryptPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsDecryptPkts indicates the number of packets decrypted by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 3 } tmnxIPsecEsaDpStatsDecryptBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsDecryptBytes indicates the number of bytes decrypted by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 4 } tmnxIPsecEsaDpStatsTxPktErrs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsTxPktErrs indicates the number of packets transmit failures by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 5 } tmnxIPsecEsaDpStatsOutBDropPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsOutBDropPkts indicates the number of packets dropped before and during outbound (encryption) processing by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 6 } tmnxIPsecEsaDpStatsOutBSAMisses OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsOutBSAMisses indicates the number of packets dropped before outbound (encryption) processing by the IPsec data path due to no SA (security association) present." ::= { tmnxIPsecEsaDpStatsEntry 7 } tmnxIPsecEsaDpStatsOutBPEMisses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsOutBPEMisses indicates the number of packets dropped before outbound (encryption) processing by the IPsec data path due to no matching Policy Entry." ::= { tmnxIPsecEsaDpStatsEntry 8 } tmnxIPsecEsaDpStatsInBDropPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsInBDropPkts indicates the number of packets dropped before and during inbound (decryption) processing by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 9 } tmnxIPsecEsaDpStatsInBSAMisses OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsInBSAMisses indicates the number of packets dropped before inbound (decryption) processing by the IPsec data path due to no SA (security association) present." ::= { tmnxIPsecEsaDpStatsEntry 10 } tmnxIPsecEsaDpStatsInBIPMismatch OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStatsInBIPMismatch indicates the number of packets dropped before inbound (decryption) processing by the IPsec data path due to the received packet's outer IP destination or source address does not match the Tunnel's local or peer gateway address." ::= { tmnxIPsecEsaDpStatsEntry 11 } tmnxIPsecEsaDpInFragments OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpInFragments indicates the number of fragments received by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 12 } tmnxIPsecEsaDpPktsReassem OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpPktsReassem indicates the number of packets reassembled by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 13 } tmnxIPsecEsaDpFragDropTime OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpFragDropTime indicates the number of fragments dropped due to timeout by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 14 } tmnxIPsecEsaDpFragDropped OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpFragDropped indicates the number of total fragments dropped by the IPsec data path." ::= { tmnxIPsecEsaDpStatsEntry 15 } tmnxIPsecEsaDpGreTnlInPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpGreTnlInPkts indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 16 } tmnxIPsecEsaDpGreTnlInBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpGreTnlInBytes indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 17 } tmnxIPsecEsaDpGreTnlInErrs OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpGreTnlInErrs indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 18 } tmnxIPsecEsaDpGreTnlOutPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpGreTnlOutPkts indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 19 } tmnxIPsecEsaDpGreTnlOutBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpGreTnlOutBytes indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 20 } tmnxIPsecEsaDpGreTnlOutErrs OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpGreTnlOutErrs indicates the number of packets received by the GRE tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 21 } tmnxIPsecEsaDpPktsDropDfSet OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpPktsDropDfSet indicates the number of packets with DF bit set dropped in this Tunnel exceeding MTU size and with clear tunnel DF bit not set." ::= { tmnxIPsecEsaDpStatsEntry 22 } tmnxIPsecEsaDpStaticIPsecTnls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpStaticIPsecTnls indicates number of configured static IPsec tunnels on the esa-vm." ::= { tmnxIPsecEsaDpStatsEntry 23 } tmnxIPsecEsaDpDynIPsecTnls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpDynIPsecTnls indicates number of dynamic IPsec tunnels in use on the esa-vm." ::= { tmnxIPsecEsaDpStatsEntry 24 } tmnxIPsecEsaDpIpGreTnls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpIpGreTnls indicates number of configured IP tunnels (with GRE headers) on the esa-vm." ::= { tmnxIPsecEsaDpStatsEntry 25 } tmnxIPsecEsaDpIpv4Tnls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpIpv4Tnls indicates number of configured IPv4 tunnels on the esa-vm." ::= { tmnxIPsecEsaDpStatsEntry 26 } tmnxIPsecEsaDpL2tpv3TnlInPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpL2tpv3TnlInPkts indicates the number of packets received by the Layer Two Tunneling Protocol (L2TP) version 3 (L2TPv3) tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 27 } tmnxIPsecEsaDpL2tpv3TnlInBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpL2tpv3TnlInBytes indicates the number of bytes received by the L2TPv3 tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 28 } tmnxIPsecEsaDpL2tpv3TnlInErrs OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpL2tpv3TnlInErrs indicates the number of packets dropped while receiving by the L2TPv3 tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 29 } tmnxIPsecEsaDpL2tpv3TnlInCookErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpL2tpv3TnlInCookErr indicates the number of packets dropped because the Cookie value received by the L2TPv3 tunnel data path did not match the Cookie value negotiated during session establishment." ::= { tmnxIPsecEsaDpStatsEntry 30 } tmnxIPsecEsaDpL2tpv3TnlInSeIdErr OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpL2tpv3TnlInSeIdErr indicates the number of packets dropped because the Session ID value received by the L2TPv3 tunnel data path did not match the Session ID value negotiated during session establishment." ::= { tmnxIPsecEsaDpStatsEntry 31 } tmnxIPsecEsaDpL2tpv3TnlOutPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpL2tpv3TnlOutPkts indicates the number of packets transmitted by the L2TPv3 tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 32 } tmnxIPsecEsaDpL2tpv3TnlOutBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpL2tpv3TnlOutBytes indicates the number of bytes transmitted by the L2TPv3 tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 33 } tmnxIPsecEsaDpL2tpv3TnlOutErrs OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpL2tpv3TnlOutErrs indicates the number of packets dropped while transmitting by the L2TPv3 tunnel data path." ::= { tmnxIPsecEsaDpStatsEntry 34 } tmnxIPsecEsaDpL2tpv3Tnls OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of tmnxIPsecEsaDpL2tpv3Tnls indicates number of configured L2TPv3 tunnels on the esa-vm." ::= { tmnxIPsecEsaDpStatsEntry 35 } tmnxIPsecConformance OBJECT IDENTIFIER ::= { tmnxSRConfs 48 } tmnxIPsecCompliances OBJECT IDENTIFIER ::= { tmnxIPsecConformance 1 } tmnxIPsecCompliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems." MODULE MANDATORY-GROUPS { tmnxIPsecV6v0Group } ::= { tmnxIPsecCompliances 1 } tmnxIPsecV6v1Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems." MODULE MANDATORY-GROUPS { tmnxIPsecV6v0Group, tmnxIPsecMdaDpStatsV6v1Group } ::= { tmnxIPsecCompliances 2 } tmnxIPsecV7v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems." MODULE MANDATORY-GROUPS { tmnxIPsecV6v0Group, tmnxIPsecMdaDpStatsV6v1Group, tIPsecTnlTempGroup, tmnxIPsecGWGroup, tmnxIPsecNotifyObjsGroup, tmnxIPsecNotifGroup } ::= { tmnxIPsecCompliances 3 } tmnxIPsecV8v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems." MODULE MANDATORY-GROUPS { tmnxIPsecV6v0Group, tmnxIPsecMdaDpStatsV6v1Group, tIPsecTnlTempGroup, tmnxIPsecGWGroup, tmnxIPsecNotifyObjsGroup, tmnxIPsecNotifGroup, tmnxIPsecTnlBfdGroup, tmnxIPsecIkeGroup, tmnxIPsecMdaDpGroup } ::= { tmnxIPsecCompliances 4 } tmnxIPsecV9v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems." MODULE MANDATORY-GROUPS { tmnxIPsecV6v0Group, tmnxIPsecMdaDpStatsV6v1Group, tIPsecTnlTempGroup, tmnxIPsecGWGroup, tmnxIPsecNotifyObjsGroup, tmnxIPsecNotifGroup, tmnxIPsecTnlBfdGroup, tmnxIPsecIkeGroup, tmnxIPsecCertGroup, tmnxIPsecMdaDpGroup } ::= { tmnxIPsecCompliances 5 } tmnxIPsecV10v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems." MODULE MANDATORY-GROUPS { tmnxIPsecV6v0Group, tmnxIPsecMdaDpStatsV6v1Group, tIPsecTnlTempGroup, tmnxIPsecGWV10v0Group, tmnxIPsecNotifyObjsGroup, tmnxIPsecNotifGroup, tmnxIPsecTnlBfdGroup, tmnxIPsecIkeGroup, tmnxIPsecCertGroup, tmnxIPsecMdaDpGroup, tmnxIPsecV10v0Group, tmnxIPsecMdaDpStatsV10v0Group, tmnxIPsecTnlOperChgGroup } ::= { tmnxIPsecCompliances 6 } tmnxIPsecV11v0Compliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems." MODULE MANDATORY-GROUPS { tmnxIPsecV6v0Group, tmnxIPsecMdaDpStatsV6v1Group, tIPsecTnlTempGroup, tmnxIPsecGWV10v0Group, tmnxIPsecNotifyObjsGroup, tmnxIPsecNotifGroup, tmnxIPsecTnlBfdGroup, tmnxIPsecIkeGroup, tmnxIPsecCertGroup, tmnxIPsecMdaDpGroup, tmnxIPsecV10v0Group, tmnxIPsecV11v0Group, tmnxIPsecMdaDpStatsV10v0Group, tmnxIPsecIkev2RatGroup, tIPsecIkev2RaTunNotifyObjsGroup, tIPsecIkev2RaTunNotifGroup, tmnxIPsecTnlOperChgGroup } ::= { tmnxIPsecCompliances 7 } tmnxIPsecV12v0Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems in release 12.0." MODULE MANDATORY-GROUPS { tmnxIPsecV6v0Group, tmnxIPsecMdaDpStatsV6v1Group, tIPsecTnlTempGroup, tmnxIPsecGWV12v0Group, tmnxIPsecNotifyObjsGroup, tmnxIPsecNotifGroup, tmnxIPsecTnlBfdGroup, tmnxIPsecIkeGroup, tmnxIPsecCertGroup, tmnxIPsecMdaDpGroup, tmnxIPsecV10v0Group, tmnxIPsecV11v0Group, tmnxIPsecMdaDpStatsV10v0Group, tmnxIPsecIkev2RatGroup, tIPsecIkev2RaTunNotifyObjsGroup, tIPsecIkev2RaTunNotifGroup, tmnxIPsecTnlDstv12v0Group, tmnxIPsecV12v0Group, tIPsecIkev2CertAuthGroup, tIPsecIkev2CertAuthChainGroup, tIPsecTsReductionGroup, tIPsecRUSATrafficSelGroup, tIkev2SendUnSolCfgAttr12v0Group, tIPSecTrustAnchorProfNotifGroup, tmnxIPsecSAStatsV12v0Group, tmnxIPsecRUSAStatsV12v0Group, tmnxIPsecEncapNotifyObjsGroup, tIPSecTunnelEncapNotifGroup, tmnxIPsecTnlOperChgGroup, tmnxIkePolicyAutoEapRadiusGroup, tmnxIkePolicyAutoEapGroup } ::= { tmnxIPsecCompliances 8 } tmnxIPsecV13v0Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems in release 13.0." MODULE MANDATORY-GROUPS { tmnxIPsecGWDhcpGroup, tmnxIPsecGWDhcpV6Group, tmnxSecurityNotificationV13v0Grp, tmnxIPsecGWLclAddrGroup, tmnxIPsecRadInterimUpdGroup, tmnxIPsecIkev2IdiGroup, tmnxIPsecGWPrivIp2V13v0Group, tmnxIPSecGWNotifV13v0Group, tmnxIPSecTunnelNotifV11v0Group } ::= { tmnxIPsecCompliances 9 } tmnxIPsecV14v0Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems in release 14.0." MODULE MANDATORY-GROUPS { tmnxIPsecGWLAAIpPool2V14v0Group, tIPsecTrafficSelectorV14v0Group, tmnxIkePolicyLockoutV14v0Group, tIPsecRUTnlDhcpLeaseStatV14v0Grp, tIPsecClientDatabaseV14v0Group, tmnxIkePolicyV2FragV14v0Group, tmnxIPsecMdaDpStatsV14v0Group, tmnxIPsecRUTnlInUseCfgsV14v0Grp, tmnxIPsecIkePolicyV14v0Group, tmnxIPsecSvcLevelCfgV14v0Grp } ::= { tmnxIPsecCompliances 10 } tmnxIPsecV15v0Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems in release 15.0." MODULE MANDATORY-GROUPS { tmnxIPsecIkeTransformV15v0Group, tmnxIPsecHistStatsV15v0Group, tIPsecTcpMssAdjustV15v0Grp, tmnxIkePolicyObsoleteV15v0Group, tmnxIPsecTransformV15v0Group, tmnxIPsecEmbmsV15v0Group, tmnxIPsecGWStatsV15v0Grp, tmnxIkePolicyV15v0Group, tmnxIPsecTunnelV15v0Grp } ::= { tmnxIPsecCompliances 11 } tmnxIPsecV16v0Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems in release 16.0." MODULE MANDATORY-GROUPS { tmnxIPsecNoOfSaKeysV16v0Grp, tmnxIPsecSvcNameV16v0Grp, tmnxIPsecTnlBfdSessV16v0Grp, tmnxIPsecCertProfV16v0Group, tmnxIkeTransformV16v0Grp } ::= { tmnxIPsecCompliances 12 } tmnxIPsecV19v0Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems in release 17.0." MODULE MANDATORY-GROUPS { tmnxVRtrIdIPsecTnlV19v0Group, tIPsecTnlTempGroupV19v0Group, tmnxIPsecNotifyObjsV19v0Group, tmnxIPsecTunnelNotifV19v0Group, tmnxIPsecTunnelEsaVmV19v0Group } ::= { tmnxIPsecCompliances 13 } tmnxIPsecV20v0Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for management of IPsec features on Nokia SROS series systems in release 20.0." MODULE MANDATORY-GROUPS { tmnxVRtrIdIPsecTnlV19v0Group, tIPsecTnlTempGroupV19v0Group, tmnxIPsecNotifyObjsV19v0Group, tmnxIPsecTunnelNotifV19v0Group, tmnxIPsecTunnelEsaVmV19v0Group, tmnxIPsecTunnelEsaVmV20v0Group, tmnxIPsecSvcLevelCfgV20v0Grp } ::= { tmnxIPsecCompliances 14 } tmnxIPsecGroups OBJECT IDENTIFIER ::= { tmnxIPsecConformance 2 } tmnxIPsecV6v0Group OBJECT-GROUP OBJECTS { tmnxIPsecTransformTblLastChanged, tmnxIPsecTransformRowStatus, tmnxIPsecTransformLastChanged, tmnxIPsecTransformAuthAlgorithm, tmnxIPsecTransformEncrAlgorithm, tmnxIkePolicyTableLastChanged, tmnxIkePolicyRowStatus, tmnxIkePolicyLastChanged, tmnxIkePolicyDescription, tmnxIkePolicyIkeMode, tmnxIkePolicyPFSEnabled, tmnxIkePolicyPFSDHGroup, tmnxIkePolicyIPsecLifeTime, tmnxIkePolicyNatTraversal, tmnxIkePolicyNatTKeepAliveIntvl, tmnxIkePolicyNatTBehindNatOnly, tmnxIkePolicyDpd, tmnxIkePolicyDpdInterval, tmnxIkePolicyDpdMaxRetries, tmnxIPsecTunnelTableLastChanged, tmnxIPsecTunnelRowStatus, tmnxIPsecTunnelLastChanged, tmnxIPsecTunnelDescription, tmnxIPsecTunnelLclGwAddrType, tmnxIPsecTunnelLclGwAddr, tmnxIPsecTunnelRemGwAddrType, tmnxIPsecTunnelRemGwAddr, tmnxIPsecTunnelPublicSvcId, tmnxIPsecTunnelSecurityPolicyId, tmnxIPsecTunnelKeyingType, tmnxIPsecTunnelDynTransformId1, tmnxIPsecTunnelDynTransformId2, tmnxIPsecTunnelDynTransformId3, tmnxIPsecTunnelDynTransformId4, tmnxIPsecTunnelIkePolicyId, tmnxIPsecTunnelIkePreSharedKey, tmnxIPsecTunnelAdminState, tmnxIPsecTunnelOperState, tmnxIPsecTunnelOperFlags, tmnxIPsecTunnelReplayWindow, tmnxIPsecTunnelIsakmpState, tmnxIPsecTunnelIsakmpEstabTime, tmnxIPsecTunnelIsakmpNegLifeTime, tmnxIPsecTunnelNumDpdTx, tmnxIPsecTunnelNumDpdRx, tmnxIPsecTunnelNumDpdAckTx, tmnxIPsecTunnelNumDpdAckRx, tmnxIPsecTunnelNumExpRx, tmnxIPsecTunnelNumInvalidDpdRx, tmnxIPsecTunnelNumCtrlPktsTx, tmnxIPsecTunnelNumCtrlPktsRx, tmnxIPsecTunnelNumCtrlTxErrors, tmnxIPsecTunnelNumCtrlRxErrors, tmnxIPsecPolicyTableLastChanged, tmnxIPsecPolicyRowStatus, tmnxIPsecPolicyLastChanged, tmnxIPsecPlcyParamsTblLastChangd, tmnxIPsecPolicyParamsRowStatus, tmnxIPsecPolicyParamsLastChanged, tmnxIPsecPolicyParamsLclAddrAny, tmnxIPsecPolicyParamsLclAddrType, tmnxIPsecPolicyParamsLclAddr, tmnxIPsecPolicyParamsLclAPrefLen, tmnxIPsecPolicyParamsRemAddrAny, tmnxIPsecPolicyParamsRemAddrType, tmnxIPsecPolicyParamsRemAddr, tmnxIPsecPolicyParamsRemAPrefLen, tmnxIPsecSATableLastChanged, tmnxIPsecSARowStatus, tmnxIPsecSALastChanged, tmnxIPsecSAType, tmnxIPsecSAEncryptionKey, tmnxIPsecSAAuthenticationKey, tmnxIPsecSASpi, tmnxIPsecSAManualTransformId, tmnxIPsecSAAuthAlgorithm, tmnxIPsecSAEncrAlgorithm, tmnxIPsecSAStorageType, tmnxIPsecSAEstablishedTime, tmnxIPsecSANegotiatedLifeTime, tmnxIPsecSAStatsBytesProcessed, tmnxIPsecSAStatsBytesProcLow32, tmnxIPsecSAStatsBytesProcHigh32, tmnxIPsecSAStatsPktsProcessed, tmnxIPsecSAStatsPktsProcLow32, tmnxIPsecSAStatsPktsProcHigh32, tmnxIPsecSAStatsCryptoErrors, tmnxIPsecSAStatsReplayErrors, tmnxIPsecSAStatsSAErrors, tmnxIPsecSAStatsPolicyErrors } STATUS current DESCRIPTION "The group of objects supporting the IPsec Feature capabilities on Nokia SROS series systems." ::= { tmnxIPsecGroups 1 } tmnxIPsecMdaDpStatsV6v1Group OBJECT-GROUP OBJECTS { tmnxIPsecMdaDpStatsEncryptPkts, tmnxIPsecMdaDpStatsEncryptPktsLow32, tmnxIPsecMdaDpStatsEncryptPktsHigh32, tmnxIPsecMdaDpStatsEncryptBytes, tmnxIPsecMdaDpStatsEncryptBytesLow32, tmnxIPsecMdaDpStatsEncryptBytesHigh32, tmnxIPsecMdaDpStatsDecryptPkts, tmnxIPsecMdaDpStatsDecryptPktsLow32, tmnxIPsecMdaDpStatsDecryptPktsHigh32, tmnxIPsecMdaDpStatsDecryptBytes, tmnxIPsecMdaDpStatsDecryptBytesLow32, tmnxIPsecMdaDpStatsDecryptBytesHigh32, tmnxIPsecMdaDpStatsTxPktErrs, tmnxIPsecMdaDpStatsOutBDropPkts, tmnxIPsecMdaDpStatsOutBDropPktsLow32, tmnxIPsecMdaDpStatsOutBDropPktsHigh32, tmnxIPsecMdaDpStatsOutBSAMisses, tmnxIPsecMdaDpStatsOutBSAMissesLow32, tmnxIPsecMdaDpStatsOutBSAMissesHigh32, tmnxIPsecMdaDpStatsOutBPolicyEntryMisses, tmnxIPsecMdaDpStatsInBDropPkts, tmnxIPsecMdaDpStatsInBDropPktsLow32, tmnxIPsecMdaDpStatsInBDropPktsHigh32, tmnxIPsecMdaDpStatsInBSAMisses, tmnxIPsecMdaDpStatsInBSAMissesLow32, tmnxIPsecMdaDpStatsInBSAMissesHigh32, tmnxIPsecMdaDpStatsInBIPDstSrcMismatches } STATUS current DESCRIPTION "The group of objects for IPsec Mda Data Path Statistics on Nokia SROS series systems." ::= { tmnxIPsecGroups 2 } tIPsecTnlTempGroup OBJECT-GROUP OBJECTS { tIPsecTnlTempDescr, tIPsecTnlTempDynKeyTransformId1, tIPsecTnlTempDynKeyTransformId2, tIPsecTnlTempDynKeyTransformId3, tIPsecTnlTempDynKeyTransformId4, tIPsecTnlTempLastChanged, tIPsecTnlTempReplayWindow, tIPsecTnlTempReverseRoute, tIPsecTnlTempRowStatus, tIPsecTnlTempTblLastChanged, tmnxIkePolicyAuthMethod } STATUS current DESCRIPTION "The group of objects for IPsec tunnel template on Nokia SROS series systems." ::= { tmnxIPsecGroups 3 } tmnxIPsecGWGroup OBJECT-GROUP OBJECTS { tmnxIPsecTunnelAutoEstablish, tmnxIPsecGWAdminState, tmnxIPsecGWName, tmnxIPsecGWIfName, tmnxIPsecGWInetAddrType, tmnxIPsecGWInetAddress, tmnxIPsecGWLastMgmtChange, tmnxIPsecGWOperState, tmnxIPsecGWRowStatus, tmnxIPsecGWSecureService, tmnxIPsecGWTblLastChgd, tmnxIPsecGWTunnelPolicyTemp, tmnxIPsecGWIkePolicyId, tmnxIPsecGWIkePreShared, tmnxIPsecGWLclX509Cert, tmnxIPsecGWLclPrivateKey, tmnxIPsecGWOperFlags, tmnxIPsecGWCACert, tmnxIPsecGWCACertRevocList, tIPsecRUSAAuthAlgorithm, tIPsecRUSAAuthenticationKey, tIPsecRUSAEncrAlgorithm, tIPsecRUSAEncryptionKey, tIPsecRUSAEstablishedTime, tIPsecRUSANegotiatedLifeTime, tIPsecRUSASpi, tIPsecRUSAStatsBytesProcHigh32, tIPsecRUSAStatsBytesProcLow32, tIPsecRUSAStatsBytesProcessed, tIPsecRUSAStatsCryptoErrors, tIPsecRUSAStatsPktsProcHigh32, tIPsecRUSAStatsPktsProcLow32, tIPsecRUSAStatsPktsProcessed, tIPsecRUSAStatsPolicyErrors, tIPsecRUSAStatsReplayErrors, tIPsecRUSAStatsSAErrors, tIPsecRUTnlIPsecSALifeTime, tIPsecRUTnlIsakmpEstabTime, tIPsecRUTnlIsakmpNegLifeTime, tIPsecRUTnlIsakmpState, tIPsecRUTnlNumCtrlPktsRx, tIPsecRUTnlNumCtrlPktsTx, tIPsecRUTnlNumCtrlRxErrors, tIPsecRUTnlNumCtrlTxErrors, tIPsecRUTnlNumDpdAckRx, tIPsecRUTnlNumDpdAckTx, tIPsecRUTnlNumDpdRx, tIPsecRUTnlNumDpdTx, tIPsecRUTnlNumExpRx, tIPsecRUTnlNumInvalidDpdRx, tIPsecRUTnlPfsDHGroup, tIPsecRUTnlHasBiDirectionalSA, tIPsecRUTnlPrivateIfIndex, tIPsecRUTnlPrivateIpAddr, tIPsecRUTnlPrivateIpPrefixLen, tIPsecRUTnlPrivateIpAddrType, tIPsecRUTnlPrivateSvcId, tIPsecRUTnlReplayWindow, tIPsecRUTnlTempId, tIPsecRUSALclAPrefLen, tIPsecRUSALclAddr, tIPsecRUSALclAddrType, tIPsecRUSARemAPrefLen, tIPsecRUSARemAddr, tIPsecRUSARemAddrType, tmnxIPsecGWPskXAuthTunnels, tmnxIPsecGWPskTunnels, tmnxIPsecPskTunnels } STATUS obsolete DESCRIPTION "The group of objects supporting management of IPSec gateway capabilities for SAPs on Nokia SROS series systems." ::= { tmnxIPsecGroups 4 } tmnxIPsecNotifyObjsGroup OBJECT-GROUP OBJECTS { tIPsecNotifRUTnlInetAddrType, tIPsecNotifRUTnlInetAddress, tIPsecNotifRUTnlPort, tIPsecNotifReason, tIPsecNotifBfdIntfDestIp, tIPsecNotifBfdIntfDestIpType, tIPsecNotifBfdIntfIfName, tIPsecNotifBfdIntfSessState, tIPsecNotifBfdIntfSvcId } STATUS current DESCRIPTION "The group of objects supporting management of IPsec notification objects on Nokia SROS series systems." ::= { tmnxIPsecGroups 5 } tmnxIPsecTnlBfdGroup OBJECT-GROUP OBJECTS { tmnxIPsecTunnelBfdDesignate, tmnxIPsecTunnelBfdRowStatus, tmnxIPsecTunnelBfdSrcAddrType, tmnxIPsecTunnelBfdSrcAddr, tmnxIPsecTunnelBfdSessOperState, tmnxIPsecTunnelBfdLastChanged, tmnxIPsecTunnelBfdTableLastChgd } STATUS current DESCRIPTION "The group of objects for IPsec Tunnel BFD service on Nokia SROS series systems." ::= { tmnxIPsecGroups 6 } tmnxIPsecIkeGroup OBJECT-GROUP OBJECTS { tmnxIkePolicyIkeVersion } STATUS current DESCRIPTION "The group of objects supporting management of IPSec IKE specific capabilities on Nokia SROS series systems." ::= { tmnxIPsecGroups 7 } tmnxIPsecCertGroup OBJECT-GROUP OBJECTS { tmnxIPsecGWLocalIdType, tmnxIPsecGWLocalIdValue, tmnxIPsecTunnelLocalIdType, tmnxIPsecTunnelLocalIdValue, tmnxIPsecTunnelClearDfBit, tmnxIPsecTunnelIpMtu, tmnxIkePolicyOwnAuthMethod } STATUS current DESCRIPTION "The group of objects supporting management of IPSec X.509 certificate specific capabilities on Nokia SROS series systems." ::= { tmnxIPsecGroups 8 } tmnxIpsecObsoletedV10v0Group OBJECT-GROUP OBJECTS { tmnxIPsecGWCACert, tmnxIPsecGWCACertRevocList } STATUS current DESCRIPTION "The group of objects obsoleted related to management of IPSec specific capabilities on Nokia SROS series systems." ::= { tmnxIPsecGroups 9 } tmnxIPsecGWV10v0Group OBJECT-GROUP OBJECTS { tmnxIPsecTunnelAutoEstablish, tmnxIPsecGWAdminState, tmnxIPsecGWName, tmnxIPsecGWIfName, tmnxIPsecGWInetAddrType, tmnxIPsecGWInetAddress, tmnxIPsecGWLastMgmtChange, tmnxIPsecGWOperState, tmnxIPsecGWRowStatus, tmnxIPsecGWSecureService, tmnxIPsecGWTblLastChgd, tmnxIPsecGWTunnelPolicyTemp, tmnxIPsecGWIkePolicyId, tmnxIPsecGWIkePreShared, tmnxIPsecGWLclX509Cert, tmnxIPsecGWLclPrivateKey, tmnxIPsecGWOperFlags, tIPsecRUSAAuthAlgorithm, tIPsecRUSAAuthenticationKey, tIPsecRUSAEncrAlgorithm, tIPsecRUSAEncryptionKey, tIPsecRUSAEstablishedTime, tIPsecRUSANegotiatedLifeTime, tIPsecRUSASpi, tIPsecRUSAStatsBytesProcHigh32, tIPsecRUSAStatsBytesProcLow32, tIPsecRUSAStatsBytesProcessed, tIPsecRUSAStatsCryptoErrors, tIPsecRUSAStatsPktsProcHigh32, tIPsecRUSAStatsPktsProcLow32, tIPsecRUSAStatsPktsProcessed, tIPsecRUSAStatsPolicyErrors, tIPsecRUSAStatsReplayErrors, tIPsecRUSAStatsSAErrors, tIPsecRUTnlIPsecSALifeTime, tIPsecRUTnlIsakmpEstabTime, tIPsecRUTnlIsakmpNegLifeTime, tIPsecRUTnlIsakmpState, tIPsecRUTnlNumCtrlPktsRx, tIPsecRUTnlNumCtrlPktsTx, tIPsecRUTnlNumCtrlRxErrors, tIPsecRUTnlNumCtrlTxErrors, tIPsecRUTnlNumDpdAckRx, tIPsecRUTnlNumDpdAckTx, tIPsecRUTnlNumDpdRx, tIPsecRUTnlNumDpdTx, tIPsecRUTnlNumExpRx, tIPsecRUTnlNumInvalidDpdRx, tIPsecRUTnlPfsDHGroup, tIPsecRUTnlHasBiDirectionalSA, tIPsecRUTnlPrivateIfIndex, tIPsecRUTnlPrivateIpAddr, tIPsecRUTnlPrivateIpPrefixLen, tIPsecRUTnlPrivateIpAddrType, tIPsecRUTnlPrivateSvcId, tIPsecRUTnlReplayWindow, tIPsecRUTnlTempId, tIPsecRUSALclAPrefLen, tIPsecRUSALclAddr, tIPsecRUSALclAddrType, tIPsecRUSARemAPrefLen, tIPsecRUSARemAddr, tIPsecRUSARemAddrType, tmnxIPsecGWPskXAuthTunnels, tmnxIPsecGWPskTunnels, tmnxIPsecGWCertTunnels, tmnxIPsecPskTunnels } STATUS obsolete DESCRIPTION "The group of objects supporting management of IPSec gateway capabilities for SAPs on Nokia SROS series systems." ::= { tmnxIPsecGroups 10 } tmnxIPsecMdaDpStatsV10v0Group OBJECT-GROUP OBJECTS { tmnxIPsecMdaDpStaticIPsecTnls, tmnxIPsecMdaDpDynIPsecTnls, tmnxIPsecMdaDpIpGreTnls, tmnxIPsecMdaDpIpv4Tnls, tmnxIPsecMdaDpGreTnlInBytes, tmnxIPsecMdaDpGreTnlInBytesHi, tmnxIPsecMdaDpGreTnlInBytesLo, tmnxIPsecMdaDpGreTnlInErrs, tmnxIPsecMdaDpGreTnlInErrsHi, tmnxIPsecMdaDpGreTnlInErrsLo, tmnxIPsecMdaDpGreTnlInPkts, tmnxIPsecMdaDpGreTnlInPktsHi, tmnxIPsecMdaDpGreTnlInPktsLo, tmnxIPsecMdaDpGreTnlOutBytes, tmnxIPsecMdaDpGreTnlOutBytesHi, tmnxIPsecMdaDpGreTnlOutBytesLo, tmnxIPsecMdaDpGreTnlOutErrs, tmnxIPsecMdaDpGreTnlOutErrsHi, tmnxIPsecMdaDpGreTnlOutErrsLo, tmnxIPsecMdaDpGreTnlOutPkts, tmnxIPsecMdaDpGreTnlOutPktsHi, tmnxIPsecMdaDpGreTnlOutPktsLo, tmnxIPsecMdaDpFragDropTime, tmnxIPsecMdaDpFragDropTimeHigh32, tmnxIPsecMdaDpFragDropTimeLow32, tmnxIPsecMdaDpFragDropped, tmnxIPsecMdaDpFragDroppedHigh32, tmnxIPsecMdaDpFragDroppedLow32, tmnxIPsecMdaDpInFragments, tmnxIPsecMdaDpInFragmentsHigh32, tmnxIPsecMdaDpInFragmentsLow32, tmnxIPsecMdaDpPktsReassem, tmnxIPsecMdaDpPktsReassemHigh32, tmnxIPsecMdaDpPktsReassemLow32, tmnxIPsecMdaDpPktsDropDfSet, tmnxIPsecMdaDpPktsDropDfSetLo, tmnxIPsecMdaDpPktsDropDfSetHi } STATUS current DESCRIPTION "The group of objects for IPsec Mda Data Path Statistics on Nokia SROS series systems." ::= { tmnxIPsecGroups 11 } tmnxIPsecMdaDpGroup OBJECT-GROUP OBJECTS { tmnxIPsecMdaDpGreTnlInBytes, tmnxIPsecMdaDpGreTnlInBytesHi, tmnxIPsecMdaDpGreTnlInBytesLo, tmnxIPsecMdaDpGreTnlInErrs, tmnxIPsecMdaDpGreTnlInErrsHi, tmnxIPsecMdaDpGreTnlInErrsLo, tmnxIPsecMdaDpGreTnlInPkts, tmnxIPsecMdaDpGreTnlInPktsHi, tmnxIPsecMdaDpGreTnlInPktsLo, tmnxIPsecMdaDpGreTnlOutBytes, tmnxIPsecMdaDpGreTnlOutBytesHi, tmnxIPsecMdaDpGreTnlOutBytesLo, tmnxIPsecMdaDpGreTnlOutErrs, tmnxIPsecMdaDpGreTnlOutErrsHi, tmnxIPsecMdaDpGreTnlOutErrsLo, tmnxIPsecMdaDpGreTnlOutPkts, tmnxIPsecMdaDpGreTnlOutPktsHi, tmnxIPsecMdaDpGreTnlOutPktsLo } STATUS current DESCRIPTION "The group of objects for IPsec Mda Data Path Statistics on Nokia SROS series systems." ::= { tmnxIPsecGroups 12 } tmnxIPsecV10v0Group OBJECT-GROUP OBJECTS { tmnxIPsecTunnelHostISA, tIPsecRUTnlHostISA } STATUS current DESCRIPTION "The group of additional objects for IPsec feature on Nokia SROS series systems in 10.0 release." ::= { tmnxIPsecGroups 13 } tmnxIPsecV11v0Group OBJECT-GROUP OBJECTS { tmnxIPsecGWCSVPrimary, tmnxIPsecGWCSVSecondary, tmnxIPsecGWCSVDefResult, tmnxIPsecTunnelCSVPrimary, tmnxIPsecTunnelCSVSecondary, tmnxIPsecTunnelCSVDefResult } STATUS current DESCRIPTION "The group of additional objects for IPsec feature on Nokia SROS series systems in 11.0 release." ::= { tmnxIPsecGroups 14 } tmnxIPsecIkev2RatGroup OBJECT-GROUP OBJECTS { tmnxIPsecGWPskRadiusTunnels, tmnxIPsecGWCertRadiusTunnels, tmnxIPsecGWEapTunnels, tIPsecRadAcctPlcyTblLastChgd, tIPsecRadAcctPlcyRowStatus, tIPsecRadAcctPlcyLastMgmtChange, tIPsecRadAcctPlcyInclAttr, tIPsecRadAcctPlcyRadSrvPlcy, tIPsecRadAuthPlcyTblLastChgd, tIPsecRadAuthPlcyRowStatus, tIPsecRadAuthPlcyLastMgmtChange, tIPsecRadAuthPlcyPassword, tIPsecRadAuthPlcyInclAttr, tIPsecRadAuthPlcyRadSrvPlcy, tmnxIPsecGWRadAuthPolicy, tmnxIPsecGWRadAcctgPolicy, tmnxIkePolicyMatchPeerToCert } STATUS current DESCRIPTION "The group of additional objects for IPsec IKEv2 remote access tunnel feature on Nokia SROS series systems in 11.0 release." ::= { tmnxIPsecGroups 15 } tIPsecIkev2RaTunNotifyObjsGroup OBJECT-GROUP OBJECTS { tIPsecRadAcctPlcyFailReason } STATUS current DESCRIPTION "The group of objects supporting management of IPsec IKEv2 remote-access tunnel notification objects on Nokia SROS series systems." ::= { tmnxIPsecGroups 16 } tmnxIPsecTnlDstv12v0Group OBJECT-GROUP OBJECTS { tmnxIPsecTnlDstAddrLastChanged, tmnxIPsecTnlDstAddrRowStatus, tmnxIPsecTnlDstAddrTblLastChngd, tmnxIPsecTnlDstAddrResolved } STATUS current DESCRIPTION "The group of objects supporting management of IPsec tunnel destination address objects on Nokia SROS series systems." ::= { tmnxIPsecGroups 17 } tmnxIPsecV12v0Group OBJECT-GROUP OBJECTS { tmnxIPsecPlcyParamsV6LclAddrAny, tmnxIPsecPlcyParamsV6LclAddrType, tmnxIPsecPlcyParamsV6LclAddr, tmnxIPsecPlcyParamsV6LclAPrefLen, tmnxIPsecPlcyParamsV6RemAddrAny, tmnxIPsecPlcyParamsV6RemAddrType, tmnxIPsecPlcyParamsV6RemAddr, tmnxIPsecPlcyParamsV6RemAPrefLen, tmnxIPsecTunnelEncapIpMtu, tmnxIPsecTunnelIcmp6Pkt2Big, tmnxIPsecTunnelIcmp6NumPkt2Big, tmnxIPsecTunnelIcmp6Pkt2BigTime, tIPsecTnlTempIpMtu, tIPsecTnlTempEncapIpMtu, tIPsecTnlTempIcmp6Pkt2Big, tIPsecTnlTempIcmp6NumPkt2Big, tIPsecTnlTempIcmp6Pkt2BigTime, tIPsecTnlTempClearDfBit } STATUS current DESCRIPTION "The group of objects for IPsec feature on Nokia SROS series systems in 12.0 release." ::= { tmnxIPsecGroups 18 } tIPsecIkev2CertAuthGroup OBJECT-GROUP OBJECTS { tIPsecCompChainCAProfName, tmnxIPsecTunnelCertTrstAnchrProf, tmnxIPsecGWCertTrstAnchrProf, tIPsecTrustAnchorsTblLastChgd, tIPsecTrustAnchorsRowStatus, tIPsecTrustAnchorsLastChgd, tIPsecTrustAnchorProfTblLastChgd, tIPsecTrustAnchorProfRowStatus, tIPsecTrustAnchorProfLastChgd, tmnxIPsecTunnelMatchTrustAnchor, tIPsecRUTnlMatchTrustAnchor, tIPsecCertProfEntryIdTblLastChgd, tIPsecCertProfEntryIdRowStatus, tIPsecCertProfEntryIdLastChgd, tIPsecCertProfEntryIdCertFile, tIPsecCertProfEntryIdCompChain, tmnxIPsecTunnelCertProfile, tmnxIPsecGWCertProfile, tIPsecCertProfEntryIdKeyFile, tIPsecCertProfileTblLastChgd, tIPsecCertProfileRowStatus, tIPsecCertProfileLastChgd, tIPsecCertProfileAdminState, tIPsecCertProfileOperState, tIPsecCertProfileOperFlags, tIPsecTrustAnchorCAProfDown, tmnxIPsecTunnelMatCertEntryId, tmnxIPsecTunnelCertProfName, tIPsecRUTnlMatCertEntryId, tIPsecRUTnlCertProfName, tIPsecCertProfEntryIdOperFlags } STATUS current DESCRIPTION "The group of objects supporting management of IPsec IKEv2 certificate authentication objects on Nokia SROS series systems." ::= { tmnxIPsecGroups 19 } tIPsecIkev2CertAuthChainGroup OBJECT-GROUP OBJECTS { tIPsecCertChainCAProfTblLastChgd, tIPsecCertChainCAProfRowStatus, tIPsecCertChainCAProfLastChgd } STATUS current DESCRIPTION "The group of objects supporting management of IPsec IKEv2 certificate authentication chain objects on Nokia SROS series systems." ::= { tmnxIPsecGroups 20 } tIPsecTsReductionGroup OBJECT-GROUP OBJECTS { tIPsecGWTsNegSelPlcyLastChgd, tIPsecGWTsNegSelPlcyRowStatus, tIPsecGWTsNegSelPlcyTblLastChgd, tIPsecGWTsNegSelPlcyTsList, tIPsecTsListLastChgd, tIPsecTsListLclEntryFrAddr, tIPsecTsListLclEntryFrAddrType, tIPsecTsListLclEntryLastChgd, tIPsecTsListLclEntryPfxAddr, tIPsecTsListLclEntryPfxAddrType, tIPsecTsListLclEntryPfxLen, tIPsecTsListLclEntryRowStatus, tIPsecTsListLclEntryTblLastChgd, tIPsecTsListLclEntryToAddr, tIPsecTsListLclEntryToAddrType, tIPsecTsListRowStatus, tIPsecTsListTblLastChgd } STATUS current DESCRIPTION "The group of objects supporting management of IPsec IKEv2 certificate authentication chain objects on Nokia SROS series systems." ::= { tmnxIPsecGroups 21 } tIPsecRUSATrafficSelGroup OBJECT-GROUP OBJECTS { tIPsecRUSATrafficSelLastChgd } STATUS current DESCRIPTION "The group of objects supporting management of IPsec IKEv2 certificate authentication chain objects on Nokia SROS series systems." ::= { tmnxIPsecGroups 22 } tmnxIPsecGWV12v0Group OBJECT-GROUP OBJECTS { tmnxIPsecTunnelAutoEstablish, tmnxIPsecGWAdminState, tmnxIPsecGWName, tmnxIPsecGWIfName, tmnxIPsecGWInetAddrType, tmnxIPsecGWInetAddress, tmnxIPsecGWLastMgmtChange, tmnxIPsecGWOperState, tmnxIPsecGWRowStatus, tmnxIPsecGWSecureService, tmnxIPsecGWTblLastChgd, tmnxIPsecGWTunnelPolicyTemp, tmnxIPsecGWIkePolicyId, tmnxIPsecGWIkePreShared, tmnxIPsecGWOperFlags, tIPsecRUSAAuthAlgorithm, tIPsecRUSAAuthenticationKey, tIPsecRUSAEncrAlgorithm, tIPsecRUSAEncryptionKey, tIPsecRUSAEstablishedTime, tIPsecRUSANegotiatedLifeTime, tIPsecRUSASpi, tIPsecRUSAStatsBytesProcHigh32, tIPsecRUSAStatsBytesProcLow32, tIPsecRUSAStatsBytesProcessed, tIPsecRUSAStatsCryptoErrors, tIPsecRUSAStatsPktsProcHigh32, tIPsecRUSAStatsPktsProcLow32, tIPsecRUSAStatsPktsProcessed, tIPsecRUSAStatsPolicyErrors, tIPsecRUSAStatsReplayErrors, tIPsecRUSAStatsSAErrors, tIPsecRUTnlIPsecSALifeTime, tIPsecRUTnlIsakmpEstabTime, tIPsecRUTnlIsakmpNegLifeTime, tIPsecRUTnlIsakmpState, tIPsecRUTnlNumCtrlPktsRx, tIPsecRUTnlNumCtrlPktsTx, tIPsecRUTnlNumCtrlRxErrors, tIPsecRUTnlNumCtrlTxErrors, tIPsecRUTnlNumDpdAckRx, tIPsecRUTnlNumDpdAckTx, tIPsecRUTnlNumDpdRx, tIPsecRUTnlNumDpdTx, tIPsecRUTnlNumExpRx, tIPsecRUTnlNumInvalidDpdRx, tIPsecRUTnlPfsDHGroup, tIPsecRUTnlHasBiDirectionalSA, tIPsecRUTnlPrivateIfIndex, tIPsecRUTnlPrivateIpAddr, tIPsecRUTnlPrivateIpPrefixLen, tIPsecRUTnlPrivateIpAddrType, tIPsecRUTnlPrivateSvcId, tIPsecRUTnlReplayWindow, tIPsecRUTnlTempId, tmnxIPsecGWPskXAuthTunnels, tmnxIPsecGWPskTunnels, tmnxIPsecGWCertTunnels, tmnxIPsecPskTunnels } STATUS current DESCRIPTION "The group of objects supporting management of IPSec gateway capabilities for SAPs on Nokia SROS series systems." ::= { tmnxIPsecGroups 23 } tmnxIpsecObsoletedV12v0Group OBJECT-GROUP OBJECTS { tIPsecRUSALclAPrefLen, tIPsecRUSALclAddr, tIPsecRUSALclAddrType, tIPsecRUSARemAPrefLen, tIPsecRUSARemAddr, tIPsecRUSARemAddrType } STATUS current DESCRIPTION "The group of objects supporting management of IPSec gateway capabilities for SAPs obsoleted on Nokia SROS series systems." ::= { tmnxIPsecGroups 24 } tIkev2SendUnSolCfgAttr12v0Group OBJECT-GROUP OBJECTS { tmnxIkePolicyRelayUnSolCfgAttr } STATUS current DESCRIPTION "The group of objects for IKE Policy Version 2 Send Unsolicited config Attributes feature on Nokia SROS series systems in 12.0 release." ::= { tmnxIPsecGroups 26 } tmnxIPsecSAStatsV12v0Group OBJECT-GROUP OBJECTS { tmnxIPsecSAStatsEncapOverhead, tmnxIPsecSAStatsPreEncapFragCnt, tmnxIPsecSAStatsPreEncapFragLtSz, tmnxIPsecSAStatsPstEncapFragCnt, tmnxIPsecSAStatsPstEncapFragLtSz } STATUS current DESCRIPTION "The group of objects for new statistics of outbound SA feature on Nokia SROS series systems in 12.0 release." ::= { tmnxIPsecGroups 27 } tmnxIPsecRUSAStatsV12v0Group OBJECT-GROUP OBJECTS { tIPsecRUSAStatsEncapOverhead, tIPsecRUSAStatsPreEncapFragCnt, tIPsecRUSAStatsPreEncapFragLtSz, tIPsecRUSAStatsPostEncapFragCnt, tIPsecRUSAStatsPostEncapFragLtSz } STATUS current DESCRIPTION "The group of objects for new statistics of outbound SA feature on Nokia SROS series systems in 12.0 release." ::= { tmnxIPsecGroups 28 } tmnxIPsecEncapNotifyObjsGroup OBJECT-GROUP OBJECTS { tIPsecNotifIPsecTunnelName, tIPsecNotifConfigIpMtu, tIPsecNotifEncapOverhead, tIPsecNotifConfigEncapIpMtu } STATUS current DESCRIPTION "The group of objects for new trap for tunnel encapsulation feature on Nokia SROS series systems in 12.0 release." ::= { tmnxIPsecGroups 29 } tmnxIPsecTnlOperChgGroup OBJECT-GROUP OBJECTS { tmnxIPsecTunnelOperChanged, tIPsecRUTnlOperChanged } STATUS current DESCRIPTION "The group of objects for new statistics of outbound SA feature on Nokia SROS series systems in 12.0 release." ::= { tmnxIPsecGroups 30 } tmnxIkePolicyAutoEapRadiusGroup OBJECT-GROUP OBJECTS { tmnxIPsecGWAutoEapRadiusTunnels, tmnxIkePolicyAutoEapMethod, tmnxIkePolicyAutoEapOwnMethod } STATUS current DESCRIPTION "The group of objects for IKE Policy Version 2 auto EAP Radius feature on Nokia SROS series systems." ::= { tmnxIPsecGroups 31 } tmnxIkePolicyAutoEapGroup OBJECT-GROUP OBJECTS { tmnxIPsecGWAutoEapTunnels } STATUS current DESCRIPTION "The group of objects for IKE Policy Version 2 auto EAP feature on Nokia SROS series systems." ::= { tmnxIPsecGroups 32 } tmnxIPsecGWDhcpGroup OBJECT-GROUP OBJECTS { tmnxIPsecGWDhcpTblLastChgd, tmnxIPsecGWDhcpRowStatus, tmnxIPsecGWDhcpLastChgd, tmnxIPsecGWDhcpAdminState, tmnxIPsecGWDhcpGiAddrType, tmnxIPsecGWDhcpGiAddr, tmnxIPsecGWDhcpSendRelease, tmnxIPsecGWDhcpServiceId, tmnxIPsecGWDhcpRouterId, tmnxIPsecGWDhcpSrvr1AddrType, tmnxIPsecGWDhcpSrvr1Addr, tmnxIPsecGWDhcpSrvr2AddrType, tmnxIPsecGWDhcpSrvr2Addr, tmnxIPsecGWDhcpSrvr3AddrType, tmnxIPsecGWDhcpSrvr3Addr, tmnxIPsecGWDhcpSrvr4AddrType, tmnxIPsecGWDhcpSrvr4Addr, tmnxIPsecGWDhcpSrvr5AddrType, tmnxIPsecGWDhcpSrvr5Addr, tmnxIPsecGWDhcpSrvr6AddrType, tmnxIPsecGWDhcpSrvr6Addr, tmnxIPsecGWDhcpSrvr7AddrType, tmnxIPsecGWDhcpSrvr7Addr, tmnxIPsecGWDhcpSrvr8AddrType, tmnxIPsecGWDhcpSrvr8Addr } STATUS current DESCRIPTION "The tmnxIPsecGWDhcpGroup contains objects for IPSec Gateway DHCP feature on Nokia SROS series systems." ::= { tmnxIPsecGroups 33 } tmnxIPsecGWDhcpV6Group OBJECT-GROUP OBJECTS { tmnxIPsecGWDhcpV6TblLastChgd, tmnxIPsecGWDhcpV6RowStatus, tmnxIPsecGWDhcpV6LastChgd, tmnxIPsecGWDhcpV6AdminState, tmnxIPsecGWDhcpV6LinkAddrType, tmnxIPsecGWDhcpV6LinkAddr, tmnxIPsecGWDhcpV6SendRelease, tmnxIPsecGWDhcpV6ServiceId, tmnxIPsecGWDhcpV6RouterId, tmnxIPsecGWDhcpV6Srvr1AddrType, tmnxIPsecGWDhcpV6Srvr1Addr, tmnxIPsecGWDhcpV6Srvr2AddrType, tmnxIPsecGWDhcpV6Srvr2Addr, tmnxIPsecGWDhcpV6Srvr3AddrType, tmnxIPsecGWDhcpV6Srvr3Addr, tmnxIPsecGWDhcpV6Srvr4AddrType, tmnxIPsecGWDhcpV6Srvr4Addr, tmnxIPsecGWDhcpV6Srvr5AddrType, tmnxIPsecGWDhcpV6Srvr5Addr, tmnxIPsecGWDhcpV6Srvr6AddrType, tmnxIPsecGWDhcpV6Srvr6Addr, tmnxIPsecGWDhcpV6Srvr7AddrType, tmnxIPsecGWDhcpV6Srvr7Addr, tmnxIPsecGWDhcpV6Srvr8AddrType, tmnxIPsecGWDhcpV6Srvr8Addr } STATUS current DESCRIPTION "The tmnxIPsecGWDhcpV6Group contains objects for IPSec Gateway DHCP feature on Nokia SROS series systems." ::= { tmnxIPsecGroups 34 } tmnxSecNotifyObjsV13v0Group OBJECT-GROUP OBJECTS { tIPsecNotifCertProfileName, tIPsecNotifCertProfEntryId, tIPsecNotifCaProfNames } STATUS current DESCRIPTION "The group of objects supporting security notifications in revision 13.0 on Nokia SROS series systems." ::= { tmnxIPsecGroups 35 } tmnxSecurityNotificationV13v0Grp NOTIFICATION-GROUP NOTIFICATIONS { tmnxSecNotifCmptedCertHashChngd, tmnxSecNotifCmptedCertChnChngd, tmnxSecNotifSendChnNotInCmptChn } STATUS current DESCRIPTION "The group of notifications supporting security in revision 13.0 on Nokia SROS series systems." ::= { tmnxIPsecGroups 36 } tmnxIPsecGWLclAddrGroup OBJECT-GROUP OBJECTS { tIPsecGWLclAddrAssignTblLastChgd, tIPsecGWLclAddrAssignLastChgd, tIPsecGWLclAddrAssignRowStatus, tIPsecGWLclAddrAssignAdminState, tIPsecGWLclAddrAssignIp4SrvrName, tIPsecGWLclAddrAssignIp4SrvrSvc, tIPsecGWLclAddrAssignIp4SrvrRtr, tIPsecGWLclAddrAssignIp4PoolName, tIPsecGWLclAddrAssignIp6SrvrName, tIPsecGWLclAddrAssignIp6SrvrSvc, tIPsecGWLclAddrAssignIp6SrvrRtr, tIPsecGWLclAddrAssignIp6PoolName } STATUS current DESCRIPTION "The tmnxIPsecGWLclAddrGroup contains objects for IPSec Gateway Local Address feature on Nokia SROS series systems." ::= { tmnxIPsecGroups 37 } tmnxIPsecRadInterimUpdGroup OBJECT-GROUP OBJECTS { tIPsecRadAcctPlcyUpdateInterval, tIPsecRadAcctPlcyJitter } STATUS current DESCRIPTION "The tmnxIPsecRadInterimUpdGroup contains objects for IPSec Radius Interim Update feature on Nokia SROS series systems." ::= { tmnxIPsecGroups 38 } tmnxIPsecIkev2IdiGroup OBJECT-GROUP OBJECTS { tIPsecRUTnlIkeIdType, tIPsecRUTnlIkeIdValue } STATUS current DESCRIPTION "The tmnxIPsecIkev2IdiGroup contains objects for IPSec IKEv2 ID initiator information support on Nokia SROS series systems." ::= { tmnxIPsecGroups 39 } tmnxIPsecGWPrivIp2V13v0Group OBJECT-GROUP OBJECTS { tIPsecRUTnlPrivateIpAddr2Type, tIPsecRUTnlPrivateIpAddr2, tIPsecRUTnlPrivateIpPrefixLen2 } STATUS current DESCRIPTION "The group of objects supporting the second private address of the IPsec gateway tunnel on Nokia SROS series systems for release 13.0." ::= { tmnxIPsecGroups 40 } tmnxIPsecGWLAAIpPool2V14v0Group OBJECT-GROUP OBJECTS { tIPsecGWLclAddrAssignIp4PoolNam2 } STATUS current DESCRIPTION "The tmnxIPsecGWLAAIpPool2V14v0Group contains objects for the IPsec gateway's secondary Local-Address-Assignment pool feature on Nokia SROS series systems for release 14.0." ::= { tmnxIPsecGroups 41 } tIPsecTrafficSelectorV14v0Group OBJECT-GROUP OBJECTS { tIPsecTsListLclEntryMinPort, tIPsecTsListLclEntryMaxPort, tIPsecTsListLclEntryMinMhType, tIPsecTsListLclEntryMaxMhType, tIPsecTsListLclEntryMinIcmpType, tIPsecTsListLclEntryMaxIcmpType, tIPsecTsListLclEntryMinIcmpCode, tIPsecTsListLclEntryMaxIcmpCode, tIPsecTsListLclEntryProtocolId, tIPsecTsListRmtEntryTblLastChgd, tIPsecTsListRmtEntryRowStatus, tIPsecTsListRmtEntryLastChgd, tIPsecTsListRmtEntryMinAddrType, tIPsecTsListRmtEntryMinAddr, tIPsecTsListRmtEntryMaxAddrType, tIPsecTsListRmtEntryMaxAddr, tIPsecTsListRmtEntryPfxAddrType, tIPsecTsListRmtEntryPfxAddr, tIPsecTsListRmtEntryPfxLen, tIPsecTsListRmtEntryMinPort, tIPsecTsListRmtEntryMaxPort, tIPsecTsListRmtEntryMinMhType, tIPsecTsListRmtEntryMaxMhType, tIPsecTsListRmtEntryMinIcmpType, tIPsecTsListRmtEntryMaxIcmpType, tIPsecTsListRmtEntryMinIcmpCode, tIPsecTsListRmtEntryMaxIcmpCode, tIPsecTsListRmtEntryProtocolId } STATUS current DESCRIPTION "The tIPsecTrafficSelectorV14v0Group contains objects for the IPsec traffic selector feature on Nokia SROS series systems for release 14.0." ::= { tmnxIPsecGroups 43 } tmnxIkePolicyLockoutV14v0Group OBJECT-GROUP OBJECTS { tmnxIkePolicyLockout, tmnxIkePolicyLockoutFailedAtempt, tmnxIkePolicyLockoutDuration, tmnxIkePolicyLockoutBlock, tmnxIkePolicyLockoutMaxPortPerIp, tmnxIPsecLockoutClientFailAtempt, tmnxIPsecLockoutClientStatus, tmnxIPsecLockoutClientDroppedPkt, tmnxIPsecLockoutClientRemainTime } STATUS current DESCRIPTION "The tmnxIkePolicyLockoutV14v0Group contains objects for the IPsec client lockout feature on Nokia SROS series systems for release 14.0." ::= { tmnxIPsecGroups 44 } tIPsecRUTnlDhcpLeaseStatV14v0Grp OBJECT-GROUP OBJECTS { tIPsecRUTnlDhcpLeaseStatSverAddT, tIPsecRUTnlDhcpLeaseStatSverAddr, tIPsecRUTnlDhcpLeaseStatAcquirTm, tIPsecRUTnlDhcpLeaseStatRenewTm, tIPsecRUTnlDhcpLeaseStatRebindTm, tIPsecRUTnlDhcpLeaseStatPrivPref, tIPsecRUTnlDhcpLeaseStatPrivVald } STATUS current DESCRIPTION "The tIPsecRUTnlDhcpLeaseStatV14v0Grp contains objects for the IPsec DHCP lease statistics on Nokia SROS series systems for release 14.0." ::= { tmnxIPsecGroups 45 } tIPsecClientDatabaseV14v0Group OBJECT-GROUP OBJECTS { tIPsecClientDatabaseTableLstChgd, tIPsecClientDatabaseLastChanged, tIPsecClientDatabaseRowStatus, tIPsecClientDatabaseAdminState, tIPsecClientDatabaseDescription, tIPsecClientDatabaseMatchType, tIPsecClientDBClientTableLstChgd, tIPsecClientDBClientLastChanged, tIPsecClientDBClientRowStatus, tIPsecClientDBClientAdminState, tIPsecClientDBClientName, tIPsecClientDBClientIdIdiType, tIPsecClientDBClientIdIdiValue, tIPsecClientDBClientIdPeer4PfAny, tIPsecClientDBClientIdPeer6PfAny, tIPsecClientDBClientIdPeerPfxTyp, tIPsecClientDBClientIdPeerPfx, tIPsecClientDBClientIdPeerPfxLen, tIPsecClientDBClientTnlTempltId, tIPsecClientDBClientPrivateSvcId, tIPsecClientDBClientPrivIfName, tIPsecClientDBClientTsListName, tIPsecClientDBClientPreSharedKey, tmnxIPsecGWClientDatabaseName, tmnxIPsecGWClientDatabasFallback, tIPsecRUTnlClientDBClientId } STATUS current DESCRIPTION "The tIPsecClientDatabaseV14v0Group contains objects for the IPsec client database capability on Nokia SROS series systems for release 14.0." ::= { tmnxIPsecGroups 46 } tmnxIkePolicyV2FragV14v0Group OBJECT-GROUP OBJECTS { tmnxIkePolicyV2Fragment, tmnxIkePolicyV2FragmentMtu, tmnxIkePolicyV2FragReassembTmOut } STATUS current DESCRIPTION "The tmnxIkePolicyV2FragV14v0Group contains objects for the IKEv2 fragmentation capability on Nokia SROS series systems for release 14.0." ::= { tmnxIPsecGroups 47 } tmnxIPsecMdaDpStatsV14v0Group OBJECT-GROUP OBJECTS { tmnxIPsecMdaDpL2tpv3TnlInPkts, tmnxIPsecMdaDpL2tpv3TnlInBytes, tmnxIPsecMdaDpL2tpv3TnlInErrs, tmnxIPsecMdaDpL2tpv3TnlInCookErr, tmnxIPsecMdaDpL2tpv3TnlInSeIdErr, tmnxIPsecMdaDpL2tpv3TnlOutPkts, tmnxIPsecMdaDpL2tpv3TnlOutBytes, tmnxIPsecMdaDpL2tpv3TnlOutErrs, tmnxIPsecMdaDpL2tpv3Tnls } STATUS current DESCRIPTION "The group of objects for IPsec Mda Data Path Statistics added in release 14 of the Nokia SROS series systems." ::= { tmnxIPsecGroups 48 } tmnxIPsecRUTnlInUseCfgsV14v0Grp OBJECT-GROUP OBJECTS { tIPsecRUTnlInUseTsList, tIPsecRUTnlInUsePreSharedKey } STATUS current DESCRIPTION "The group of objects for IPsec tunnel in-use configurations added in release 14 of the Nokia SROS series systems." ::= { tmnxIPsecGroups 49 } tmnxIPsecIkeTransformV15v0Group OBJECT-GROUP OBJECTS { tmnxIPsecIkeTransformTableLstChg, tmnxIPsecIkeTransformRowStatus, tmnxIPsecIkeTransformLastChange, tmnxIPsecIkeTransformAuthAlg, tmnxIPsecIkeTransformEncrAlg, tmnxIPsecIkeTransformDhGroup, tmnxIPsecIkeTransformIsakmpLifeT, tmnxIkePlcyIkeTransformTbLstChg, tmnxIkePlcyIkeTransformLstChange, tmnxIkePlcyIkeTransformId } STATUS current DESCRIPTION "The tmnxIPsecIkeTransformV15v0Group contains objects for the IKE transform capability on Nokia SROS series systems for release 15.0." ::= { tmnxIPsecGroups 50 } tmnxIPsecIkePolicyV14v0Group OBJECT-GROUP OBJECTS { tmnxIkePolicySndIdrAftEapSuccess, tmnxIkePolicyIkev1Ph1RespDelNtfy } STATUS current DESCRIPTION "The tmnxIPsecIkePolicyV14v0Group contains objects for the IKE policy capability on Nokia SROS series systems for release 14.0." ::= { tmnxIPsecGroups 51 } tmnxIPsecHistStatsV15v0Group OBJECT-GROUP OBJECTS { tmnxIPsecGWHistStatsValue64, tmnxIPsecGWHistStatsValue32, tmnxIPsecGWHistStatsIntvStTm, tmnxIPsecGWHistStatsIntvDur, tmnxIPsecGWHistStatsFstFTm, tmnxIPsecGWHistStatsFstFDesc, tmnxIPsecGWHistStatsLstFTm, tmnxIPsecGWHistStatsLstFDesc, tmnxIPsecIsaHistStatsValue64, tmnxIPsecIsaHistStatsValue32, tmnxIPsecIsaHistStatsIntvStTm, tmnxIPsecIsaHistStatsIntvDur, tmnxIPsecIsaHistStatsFstFTm, tmnxIPsecIsaHistStatsFstFDesc, tmnxIPsecIsaHistStatsLstFTm, tmnxIPsecIsaHistStatsLstFDesc, tmnxIPsecTnlGrpHistStatsValue64, tmnxIPsecTnlGrpHistStatsValue32, tmnxIPsecTnlGrpHistStatsIntvStTm, tmnxIPsecTnlGrpHistStatsIntvDur, tmnxIPsecTnlGrpHistStatsFstFTm, tmnxIPsecTnlGrpHistStatsFstFDesc, tmnxIPsecTnlGrpHistStatsLstFTm, tmnxIPsecTnlGrpHistStatsLstFDesc, tmnxIPsecSysHistStatsValue64, tmnxIPsecSysHistStatsValue32, tmnxIPsecSysHistStatsIntvStTm, tmnxIPsecSysHistStatsIntvDur, tmnxIPsecSysHistStatsFstFTm, tmnxIPsecSysHistStatsFstFDesc, tmnxIPsecSysHistStatsLstFTm, tmnxIPsecSysHistStatsLstFDesc, tmnxIPsecTnlHistStatsValue64, tmnxIPsecTnlHistStatsIntvStTm, tmnxIPsecTnlHistStatsIntvDur, tmnxIPsecRUTnlHistStatsValue64, tmnxIPsecRUTnlHistStatsIntvStTm, tmnxIPsecRUTnlHistStatsIntvDur } STATUS current DESCRIPTION "The tmnxIPsecHistStatsV15v0Group contains objects for the IPsec historical statistics capability on Nokia SROS series systems for release 15.0." ::= { tmnxIPsecGroups 52 } tmnxIPsecCertObsoleteV15v0Group OBJECT-GROUP OBJECTS { tmnxIPsecTunnelCertTrustAnchor, tmnxIPsecTunnelCertFile, tmnxIPsecTunnelKeyFile, tmnxIPsecGWLclX509Cert, tmnxIPsecGWLclPrivateKey, tmnxIPsecGWCertTrustAnchor } STATUS current DESCRIPTION "The group of objects supporting management of IPSec X.509 certificate specific capabilities on Nokia SROS series systems that were made obsolete in release 15.0." ::= { tmnxIPsecGroups 53 } tIPsecTcpMssAdjustV15v0Grp OBJECT-GROUP OBJECTS { tIPsecTnlTempPublicTcpMssAdjust, tIPsecTnlTempPrivateTcpMssAdjust, tmnxIPsecTunnelPubTcpMssAdjust, tmnxIPsecTunnelPrivTcpMssAdjust, tIPsecRUTnlPubTcpMss, tIPsecRUTnlPrivTcpMss } STATUS current DESCRIPTION "The group of objects supporting management of the IPsec TCP MSS adjustment capability on Nokia SROS series systems for release 15.0." ::= { tmnxIPsecGroups 54 } tmnxIkePolicyObsoleteV15v0Group OBJECT-GROUP OBJECTS { tmnxIkePolicyDHGroup, tmnxIkePolicyAuthAlgorithm, tmnxIkePolicyEncrAlgorithm, tmnxIkePolicyIsakmpLifeTime } STATUS current DESCRIPTION "The group of objects supporting management of IKE policy capabilities on Nokia SROS series systems that were made obsolete in release 15.0." ::= { tmnxIPsecGroups 55 } tmnxIPsecSvcLevelCfgV14v0Grp OBJECT-GROUP OBJECTS { tmnxIPsecSvcLevelCfgTableLastChg } STATUS current DESCRIPTION "The group of objects supporting management of the IPsec configurations in the service level on Nokia SROS series systems for release 14.0." ::= { tmnxIPsecGroups 56 } tmnxIPsecTransformV15v0Group OBJECT-GROUP OBJECTS { tmnxIPsecTransformPfsDhGroup, tmnxIPsecTransformLifeTime, tmnxIPsecTunnelStatIsakmpAuthAlg, tmnxIPsecTunnelStatIsakmpEncrAlg, tmnxIPsecTunnelStatIsakmpPfsDhGp, tIPsecRUTnlStatsIsakmpAuthAlg, tIPsecRUTnlStatsIsakmpEncrAlg, tIPsecRUTnlStatsIsakmpPfsDhGrp, tIPsecRUSAStatsPfsDhGroup, tmnxIPsecSAStatsPfsDhGroup } STATUS current DESCRIPTION "The group of objects supporting management of the IPsec transform capabilities on Nokia SROS series systems for release 15.0." ::= { tmnxIPsecGroups 57 } tmnxIPsecEmbmsV15v0Group OBJECT-GROUP OBJECTS { tIPsecRUSAStatsMulticastIfName, tIPsecRUSAStatsMulticastProt, tmnxIPsecSAStatsMulticastIfName, tmnxIPsecSAStatsMulticastProt } STATUS current DESCRIPTION "The group of objects supporting management of the IPsec Evolved Multimedia Broadcast Multicast Service (eMBMS) capabilities on Nokia SROS series systems for release 15.0." ::= { tmnxIPsecGroups 58 } tmnxIPsecGWStatsV15v0Grp OBJECT-GROUP OBJECTS { tIPsecRUTnlInUseIkePolicy, tmnxIPsecGWStatsNumOfDl2lTnls, tmnxIPsecGWStatsNumOfRaTnls } STATUS current DESCRIPTION "The group of objects supporting management of IPsec gateway statistics on Nokia SROS series systems for release 15.0." ::= { tmnxIPsecGroups 59 } tmnxIPsecNoOfSaKeysV16v0Grp OBJECT-GROUP OBJECTS { tmnxIPsecGWMaxNumPh1SaKeys, tmnxIPsecGWMaxNumPh2SaKeys, tmnxIPsecTunnelMaxNumPh1SaKeys, tmnxIPsecTunnelMaxNumPh2SaKeys, tmnxIPsecScalarObjsShowKeys } STATUS current DESCRIPTION "The group of objects supporting management of IPsec Security Association (SA) key storage capabilities on Nokia SROS series systems for release 16.0." ::= { tmnxIPsecGroups 60 } tmnxIPsecSvcNameV16v0Grp OBJECT-GROUP OBJECTS { tmnxIPsecTunnelPublicSvcName, tmnxIPsecGWSecureServiceName, tmnxIPsecGWDhcpServiceName, tmnxIPsecGWDhcpV6ServiceName, tIPsecGWLclAddrAssignIp4SrvrSvcN, tIPsecGWLclAddrAssignIp6SrvrSvcN, tIPsecClientDBClientPrivateSvcNm } STATUS current DESCRIPTION "The group of objects supporting management of IPsec service name capabilities on Nokia SROS series systems for release 16.0." ::= { tmnxIPsecGroups 61 } tmnxIPsecTnlBfdSessV16v0Grp OBJECT-GROUP OBJECTS { tmnxIPsecTnlBfdSessTableLChg, tmnxIPsecTnlBfdSessRowStatus, tmnxIPsecTnlBfdSessSvcId, tmnxIPsecTnlBfdSessSvcName, tmnxIPsecTnlBfdSessIfName, tmnxIPsecTnlBfdSessDstAddrT, tmnxIPsecTnlBfdSessDstAddr, tmnxIPsecTnlBfdSessStatSrcAddrT, tmnxIPsecTnlBfdSessStatSrcAddr, tmnxIPsecTnlBfdSessStatOperState } STATUS current DESCRIPTION "The group of objects supporting management of IPsec tunnel BFD session capabilities on Nokia SROS series systems for release 16.0." ::= { tmnxIPsecGroups 62 } tmnxIPsecTnlBfdObsoleteV16v0Grp OBJECT-GROUP OBJECTS { tmnxIPsecTunnelBfdRowStatus, tmnxIPsecTunnelBfdSrcAddrType, tmnxIPsecTunnelBfdSrcAddr, tmnxIPsecTunnelBfdSessOperState, tmnxIPsecTunnelBfdLastChanged, tmnxIPsecTunnelBfdTableLastChgd } STATUS current DESCRIPTION "The group of obsoleted objects of IPsec tunnel BFD service capabality on Nokia SROS series systems for release 16.0." ::= { tmnxIPsecGroups 63 } tmnxIkePolicyV15v0Group OBJECT-GROUP OBJECTS { tmnxIkePolicyLimitInitExchange, tmnxIkePolicyReducedMaxExchgTt } STATUS current DESCRIPTION "The group of objects supporting management of IPsec IKE policy capabilities on Nokia SROS series systems for release 15.0." ::= { tmnxIPsecGroups 64 } tmnxIPsecCertProfV16v0Group OBJECT-GROUP OBJECTS { tIPsecCertProfEntryIdRsaSign } STATUS current DESCRIPTION "The group of objects supporting management of IPsec certificate profile capabilities on Nokia SROS series systems for release 16.0." ::= { tmnxIPsecGroups 65 } tmnxIkeTransformV16v0Grp OBJECT-GROUP OBJECTS { tmnxIPsecIkeTransformPrfAlg, tmnxIPsecTunnelStatIkeTranPrfAlg, tIPsecRUTnlStatsIkeTranPrfAlg } STATUS current DESCRIPTION "The group of objects supporting management of IKE transform capabilities on Nokia SROS series systems for release 16.0." ::= { tmnxIPsecGroups 67 } tmnxIPsecTunnelV15v0Grp OBJECT-GROUP OBJECTS { tmnxIPsecTunnelSecPlyStrictMatch } STATUS current DESCRIPTION "The group of objects supporting management of IPsec tunnel capabilities on Nokia SROS series systems for release 15.0." ::= { tmnxIPsecGroups 68 } tmnxVRtrIdIPsecTnlV19v0Group OBJECT-GROUP OBJECTS { tmnxVRtIPsecTnlTableLastChanged, tmnxVRtIPsecTnlRowStatus, tmnxVRtIPsecTnlLastChanged, tmnxVRtIPsecTnlAdminState, tmnxVRtIPsecTnlOperState, tmnxVRtIPsecTnlDescription, tmnxVRtIPsecTnlLclGwAddrType, tmnxVRtIPsecTnlLclGwAddr, tmnxVRtIPsecTnlRemGwAddrType, tmnxVRtIPsecTnlRemGwAddr, tmnxVRtIPsecTnlSecurityPolicyId, tmnxVRtIPsecTnlKeyingType, tmnxVRtIPsecTnlDynTransformId1, tmnxVRtIPsecTnlDynTransformId2, tmnxVRtIPsecTnlDynTransformId3, tmnxVRtIPsecTnlDynTransformId4, tmnxVRtIPsecTnlIkePolicyId, tmnxVRtIPsecTnlIkePreSharedKey, tmnxVRtIPsecTnlOperFlags, tmnxVRtIPsecTnlReplayWindow, tmnxVRtIPsecTnlAutoEstablish, tmnxVRtIPsecTnlBfdDesignate, tmnxVRtIPsecTnlLocalIdType, tmnxVRtIPsecTnlLocalIdValue, tmnxVRtIPsecTnlClearDfBit, tmnxVRtIPsecTnlIpMtu, tmnxVRtIPsecTnlHostISA, tmnxVRtIPsecTnlCSVPrimary, tmnxVRtIPsecTnlCSVSecondary, tmnxVRtIPsecTnlCSVDefResult, tmnxVRtIPsecTnlCertProfile, tmnxVRtIPsecTnlMatchTrustAnchor, tmnxVRtIPsecTnlCertTrstAnchrProf, tmnxVRtIPsecTnlEncapIpMtu, tmnxVRtIPsecTnlPropagateIpv6PMTU, tmnxVRtIPsecTnlIcmp6Pkt2Big, tmnxVRtIPsecTnlIcmp6NumPkt2Big, tmnxVRtIPsecTnlIcmp6Pkt2BigTime, tmnxVRtIPsecTnlOperChanged, tmnxVRtIPsecTnlPropagateIpv4PMTU, tmnxVRtIPsecTnlIcmpFragReq, tmnxVRtIPsecTnlIcmpFragReqNum, tmnxVRtIPsecTnlIcmpFragReqTime, tmnxVRtIPsecTnlPMTUDiscoverAging, tmnxVRtIPsecTnlPubTcpMssAdjust, tmnxVRtIPsecTnlPrivTcpMssAdjust, tmnxVRtIPsecTnlMaxNumPh1SaKeys, tmnxVRtIPsecTnlMaxNumPh2SaKeys, tmnxVRtIPsecTnlSecPlyStrictMatch, tmnxVRtIPsecTnlPrivateSvcName, tmnxVRtIPsecTnlPrivSap, tmnxVRtIPsecTnlBfdTableLChg, tmnxVRtIPsecTnlBfdRowStatus, tmnxVRtIPsecTnlBfdSvcName, tmnxVRtIPsecTnlBfdIfName, tmnxVRtIPsecTnlBfdDstAddrT, tmnxVRtIPsecTnlBfdDstAddr, tmnxVRtIPsecTnlBfdStatSrcAddrT, tmnxVRtIPsecTnlBfdStatSrcAddr, tmnxVRtIPsecTnlBfdStatOperState, tmnxVRtIPsecSATableLastChanged, tmnxVRtIPsecSARowStatus, tmnxVRtIPsecSALastChanged, tmnxVRtIPsecSAType, tmnxVRtIPsecSAEncryptionKey, tmnxVRtIPsecSAAuthenticationKey, tmnxVRtIPsecSASpi, tmnxVRtIPsecSAManualTransformId, tmnxVRtIPsecSAAuthAlgorithm, tmnxVRtIPsecSAEncrAlgorithm, tmnxVRtIPsecSAStorageType, tmnxVRtIPsecSAEstablishedTime, tmnxVRtIPsecSANegotiatedLifeTime, tmnxVRtIPsecSAStBytesProcessed, tmnxVRtIPsecSAStBytesProcLow32, tmnxVRtIPsecSAStBytesProcHigh32, tmnxVRtIPsecSAStPktsProcessed, tmnxVRtIPsecSAStPktsProcLow32, tmnxVRtIPsecSAStPktsProcHigh32, tmnxVRtIPsecSAStCryptoErrors, tmnxVRtIPsecSAStReplayErrors, tmnxVRtIPsecSAStSAErrors, tmnxVRtIPsecSAStPolicyErrors, tmnxVRtIPsecSAStEncapOverhead, tmnxVRtIPsecSAStPreEncapFragCnt, tmnxVRtIPsecSAStPreEncapFragLtSz, tmnxVRtIPsecSAStPstEncapFragCnt, tmnxVRtIPsecSAStPstEncapFragLtSz, tmnxVRtIPsecSAStPfsDhGroup, tmnxVRtIPsecSAStTempPrivMtu, tmnxVRtIPsecSAStMulticastIfName, tmnxVRtIPsecSAStMulticastProt, tmnxVRtSecPlcyTableLastChanged, tmnxVRtSecPlcyRowStatus, tmnxVRtSecPlcyLastChanged, tmnxVRtSecPlcyParamTblLastChangd, tmnxVRtSecPlcyParamRowStatus, tmnxVRtSecPlcyParamLastChanged, tmnxVRtSecPlcyParamLclAddrAny, tmnxVRtSecPlcyParamLclAddrType, tmnxVRtSecPlcyParamLclAddr, tmnxVRtSecPlcyParamLclAPrefLen, tmnxVRtSecPlcyParamRemAddrAny, tmnxVRtSecPlcyParamRemAddrType, tmnxVRtSecPlcyParamRemAddr, tmnxVRtSecPlcyParamRemAPrefLen, tmnxVRtSecPlcyParam6LclAddrAny, tmnxVRtSecPlcyParam6LclAddrType, tmnxVRtSecPlcyParam6LclAddr, tmnxVRtSecPlcyParam6LclAPrefLen, tmnxVRtSecPlcyParam6RemAddrAny, tmnxVRtSecPlcyParam6RemAddrType, tmnxVRtSecPlcyParam6RemAddr, tmnxVRtSecPlcyParam6RemAPrefLen, tmnxVRtIfIPsecTblLstCgd, tmnxVRtIfIPsecRowStatus, tmnxVRtIfIPsecLastChgd, tmnxVRtIfIPsecAdminState, tmnxVRtIfIPsecIpFilterInExcptId, tmnxVRtIfIPsecIsaTnlGroup, tmnxVRtIfIPsecPubSap, tmnxVRtIfIPsecIpv6FilterInExcId, tmnxVRtIPsecTnlLclGwAddrOvrd, tmnxVRtIPsecTnlLclGwAddrOvrdType, tmnxVRtIPsecTnlIsakmpState, tmnxVRtIPsecTnlIsakmpEstabTime, tmnxVRtIPsecTnlIsakmpNegLifeTime, tmnxVRtIPsecTnlNumDpdTx, tmnxVRtIPsecTnlNumDpdRx, tmnxVRtIPsecTnlNumDpdAckTx, tmnxVRtIPsecTnlNumDpdAckRx, tmnxVRtIPsecTnlNumExpRx, tmnxVRtIPsecTnlNumInvalidDpdRx, tmnxVRtIPsecTnlNumCtrlPktsTx, tmnxVRtIPsecTnlNumCtrlPktsRx, tmnxVRtIPsecTnlNumCtrlTxErrors, tmnxVRtIPsecTnlNumCtrlRxErrors, tmnxVRtIPsecTnlMatCertEntryId, tmnxVRtIPsecTnlCertProfName, tmnxVRtIPsecTnlStatIsakmpAuthAlg, tmnxVRtIPsecTnlStatIsakmpEncrAlg, tmnxVRtIPsecTnlStatIsakmpPfsDhGp, tmnxVRtIPsecTnlStatIkeTranPrfAlg } STATUS current DESCRIPTION "The group of objects supporting management of IPsec tunnel capabilities on Nokia SROS series systems for release 17.0." ::= { tmnxIPsecGroups 69 } tIPsecTnlTempGroupV19v0Group OBJECT-GROUP OBJECTS { tIPsecTnlTempDescr, tIPsecTnlTempDynKeyTransformId1, tIPsecTnlTempDynKeyTransformId2, tIPsecTnlTempDynKeyTransformId3, tIPsecTnlTempDynKeyTransformId4, tIPsecTnlTempLastChanged, tIPsecTnlTempReplayWindow, tIPsecTnlTempReverseRoute, tIPsecTnlTempRowStatus, tIPsecTnlTempTblLastChanged, tmnxIkePolicyAuthMethod, tIPsecTnlTempIgnoreDefaultRoute } STATUS current DESCRIPTION "The group of objects for IPsec tunnel template on Nokia SROS series systems for release 19.0" ::= { tmnxIPsecGroups 71 } tmnxIPsecNotifyObjsV19v0Group OBJECT-GROUP OBJECTS { tIPsecNotifTunnelType, tIPsecNotifTunnelIdentifier } STATUS current DESCRIPTION "The group of objects supporting management of IPsec notification objects on Nokia SROS series systems in release 19v0." ::= { tmnxIPsecGroups 72 } tmnxIPsecTunnelEsaVmV19v0Group OBJECT-GROUP OBJECTS { tmnxIPsecTunnelHostEsa, tmnxIPsecTunnelHostEsaVm, tIPsecRUTnlHostEsa, tIPsecRUTnlHostEsaVm, tmnxVRtIPsecTnlHostEsa, tmnxVRtIPsecTnlHostEsaVm, tmnxIPsecLOClientEsaStatus, tmnxIPsecLOClientEsaFailAtempt, tmnxIPsecLOClientEsaDroppedPkt, tmnxIPsecLOClientEsaRemainTime } STATUS current DESCRIPTION "The group of objects supporting management of IPsec tunnel functions on ESA virtual machines in release 19.0" ::= { tmnxIPsecGroups 73 } tmnxIPsecTunnelEsaVmV20v0Group OBJECT-GROUP OBJECTS { tmnxIPsecEsaHistStatsValue64, tmnxIPsecEsaHistStatsValue32, tmnxIPsecEsaHistStatsIntvStTm, tmnxIPsecEsaHistStatsIntvDur, tmnxIPsecEsaHistStatsFstFTm, tmnxIPsecEsaHistStatsFstFDesc, tmnxIPsecEsaHistStatsLstFTm, tmnxIPsecEsaHistStatsLstFDesc, tmnxIPsecEsaDpStatsEncryptPkts, tmnxIPsecEsaDpStatsEncryptBytes, tmnxIPsecEsaDpStatsDecryptPkts, tmnxIPsecEsaDpStatsDecryptBytes, tmnxIPsecEsaDpStatsTxPktErrs, tmnxIPsecEsaDpStatsOutBDropPkts, tmnxIPsecEsaDpStatsOutBSAMisses, tmnxIPsecEsaDpStatsOutBPEMisses, tmnxIPsecEsaDpStatsInBDropPkts, tmnxIPsecEsaDpStatsInBSAMisses, tmnxIPsecEsaDpStatsInBIPMismatch, tmnxIPsecEsaDpInFragments, tmnxIPsecEsaDpPktsReassem, tmnxIPsecEsaDpFragDropTime, tmnxIPsecEsaDpFragDropped, tmnxIPsecEsaDpGreTnlInPkts, tmnxIPsecEsaDpGreTnlInBytes, tmnxIPsecEsaDpGreTnlInErrs, tmnxIPsecEsaDpGreTnlOutPkts, tmnxIPsecEsaDpGreTnlOutBytes, tmnxIPsecEsaDpGreTnlOutErrs, tmnxIPsecEsaDpPktsDropDfSet, tmnxIPsecEsaDpStaticIPsecTnls, tmnxIPsecEsaDpDynIPsecTnls, tmnxIPsecEsaDpIpGreTnls, tmnxIPsecEsaDpIpv4Tnls, tmnxIPsecEsaDpL2tpv3TnlInPkts, tmnxIPsecEsaDpL2tpv3TnlInBytes, tmnxIPsecEsaDpL2tpv3TnlInErrs, tmnxIPsecEsaDpL2tpv3TnlInCookErr, tmnxIPsecEsaDpL2tpv3TnlInSeIdErr, tmnxIPsecEsaDpL2tpv3TnlOutPkts, tmnxIPsecEsaDpL2tpv3TnlOutBytes, tmnxIPsecEsaDpL2tpv3TnlOutErrs, tmnxIPsecEsaDpL2tpv3Tnls } STATUS current DESCRIPTION "The group of objects supporting management of IPsec tunnel functions on ESA virtual machines in release 20.0" ::= { tmnxIPsecGroups 74 } tmnxIPsecObsoleteV20v0Grp OBJECT-GROUP OBJECTS { tmnxIPsecSvcLevelCfgRsvRtrOvrd } STATUS current DESCRIPTION "The group of obsoleted objects suporting management of IPsec capabilities on Nokia SROS series systems for release 20.0." ::= { tmnxIPsecGroups 75 } tmnxIPsecSvcLevelCfgV20v0Grp OBJECT-GROUP OBJECTS { tmnxIPsecSvcLevelCfgRROvrdType } STATUS current DESCRIPTION "The group of additional objects supporting management of the IPsec configurations in the service level on Nokia SROS series systems for release 20.0." ::= { tmnxIPsecGroups 76 } tmnxIPsecNotifGroups OBJECT IDENTIFIER ::= { tmnxIPsecConformance 3 } tmnxIPsecNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { tIPsecRUTnlFailToCreate, tIPsecRUTnlRemoved, tIPsecRUSAFailToAddRoute, tIPsecBfdIntfSessStateChgd } STATUS current DESCRIPTION "The group of notifications supporting IPsec on the Nokia SROS series systems." ::= { tmnxIPsecNotifGroups 1 } tIPsecIkev2RaTunNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { tIPsecRadAcctPlcyFailure } STATUS current DESCRIPTION "The group of notifications supporting IPsec IKEv2 remote-access tunnel feature on the Nokia SROS series systems." ::= { tmnxIPsecNotifGroups 2 } tIPSecTrustAnchorProfNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { tIPSecTrustAnchorPrfOprChg } STATUS current DESCRIPTION "The group of notifications supporting IPsec trust anchor profiles feature on the Nokia SROS series systems release 12.0." ::= { tmnxIPsecNotifGroups 3 } tIPSecTunnelEncapNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { tIPsecTunnelEncapIpMtuTooSmall, tIPsecRuTnlEncapIpMtuTooSmall } STATUS current DESCRIPTION "The group of notifications supporting IPsec tunnel encapsulation feature on the Nokia SROS series systems release 12.0." ::= { tmnxIPsecNotifGroups 4 } tmnxIPSecTunnelNotifV11v0Group NOTIFICATION-GROUP NOTIFICATIONS { tmnxIPsecTunnelOperStateChange } STATUS current DESCRIPTION "The group of notifications supporting the IPsec tunnel feature on Nokia SROS series systems release 11.0." ::= { tmnxIPsecNotifGroups 5 } tmnxIPSecGWNotifV13v0Group NOTIFICATION-GROUP NOTIFICATIONS { tmnxIPsecGWOperStateChange } STATUS current DESCRIPTION "The group of additional notifications supporting the IPsec gateway feature on Nokia SROS series systems release 13.0." ::= { tmnxIPsecNotifGroups 6 } tmnxIPsecTunnelNotifV19v0Group NOTIFICATION-GROUP NOTIFICATIONS { tIPsecTunnelProtocolFailed } STATUS current DESCRIPTION "The group of notifications supporting IPsec on the Nokia SROS series systems release 19.0." ::= { tmnxIPsecNotifGroups 7 } tmnxIPsecMGCompliances OBJECT IDENTIFIER ::= { tmnxIPsecConformance 4 } tmnxIPsecMGGroups OBJECT IDENTIFIER ::= { tmnxIPsecConformance 5 } tmnxIPsecNotifyPrefix OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 48 } tmnxIPsecNotifications OBJECT IDENTIFIER ::= { tmnxIPsecNotifyPrefix 0 } tIPsecRUTnlFailToCreate NOTIFICATION-TYPE OBJECTS { svcId, sapPortId, sapEncapValue, tIPsecNotifRUTnlInetAddrType, tIPsecNotifRUTnlInetAddress, tIPsecNotifRUTnlPort, tIPsecNotifReason } STATUS current DESCRIPTION "The trap tIPsecRUTnlFailToCreate is sent when creation of a remote-user tunnel fails with reason indicated by tIPsecNotifReason." ::= { tmnxIPsecNotifications 1 } tIPsecRUSAFailToAddRoute NOTIFICATION-TYPE OBJECTS { tIPsecRUSARemAddrType, tIPsecRUSARemAddr, tIPsecRUSARemAPrefLen, tIPsecNotifReason } STATUS current DESCRIPTION "The trap tIPsecRUSAFailToAddRoute is sent when adding route to tIPsecRUSARemAddr for the remote-user tunnel fails with reason indicated by tIPsecNotifReason." ::= { tmnxIPsecNotifications 2 } tIPsecBfdIntfSessStateChgd NOTIFICATION-TYPE OBJECTS { tIPsecNotifBfdIntfSvcId, tIPsecNotifBfdIntfIfName, tIPsecNotifBfdIntfDestIpType, tIPsecNotifBfdIntfDestIp, tIPsecNotifBfdIntfSessState } STATUS current DESCRIPTION "The notification tIPsecBfdIntfSessStateChgd is generated when the operational state of BFD session of the IPSec instance changes." ::= { tmnxIPsecNotifications 3 } tIPsecRadAcctPlcyFailure NOTIFICATION-TYPE OBJECTS { tIPsecRadAcctPlcyRowStatus, tIPsecRadAcctPlcyFailReason } STATUS current DESCRIPTION "[CAUSE] The tIPsecRadAcctPlcyFailure notification is generated when a RADIUS accounting request was not sent out successfully to any of the RADIUS servers in the indicated accounting policy. [EFFECT] The RADIUS server may not receive the accounting information. [RECOVERY] Depending on the reason indicated as per 'tIPsecRadAcctPlcyFailReason', 'tIPsecRadAcctPlcyTable' configuration may need to be changed." ::= { tmnxIPsecNotifications 4 } tIPSecTrustAnchorPrfOprChg NOTIFICATION-TYPE OBJECTS { tIPsecTrustAnchorCAProfDown } STATUS current DESCRIPTION "[CAUSE] The tIPSecTrustAnchorPrfOprChg notification is generated when not all of the trust-anchors in a profile are operational. [EFFECT] Authentication of tunnels configured with the trust-anchor-profile will fail if the trusted CA (Certificate Authority) in the certificate chain is not operational. [RECOVERY] Bring the trusted CA-profile operational up" ::= { tmnxIPsecNotifications 5 } tIPsecTunnelEncapIpMtuTooSmall NOTIFICATION-TYPE OBJECTS { svcId, sapPortId, sapEncapValue, tIPsecNotifIPsecTunnelName, tIPsecNotifConfigIpMtu, tIPsecNotifEncapOverhead, tIPsecNotifConfigEncapIpMtu } STATUS current DESCRIPTION "[CAUSE] The tIPsecTunnelEncapIpMtuTooSmall notification is generated when the addition of tunnel encapsulation to a packet at or near the IPsec static tunnel's configured IP MTU may cause it to exceed the tunnel's configured encapsulated IP MTU. [EFFECT] The pre-encapsulated packet may be fragmented, and will require reassembly by the tunnel remote endpoint, causing a performance impact. [RECOVERY] Configured IP MTU and/or encapsulated IP MTU may need to be changed depending on the size of the encapsulation overhead as indicated in 'tIPsecNotifEncapOverhead', and the transmission capabilities of the tunnel's transport network." ::= { tmnxIPsecNotifications 6 } tIPsecRuTnlEncapIpMtuTooSmall NOTIFICATION-TYPE OBJECTS { svcId, sapPortId, sapEncapValue, tIPsecNotifRUTnlInetAddrType, tIPsecNotifRUTnlInetAddress, tIPsecNotifRUTnlPort, tIPsecNotifConfigIpMtu, tIPsecNotifEncapOverhead, tIPsecNotifConfigEncapIpMtu } STATUS current DESCRIPTION "[CAUSE] The tIPsecRuTnlEncapIpMtuTooSmall notification is generated when the addition of tunnel encapsulation to a packet at or near the IPsec remote user tunnel's configured IP MTU may cause it to exceed the tunnel's configured encapsulated IP MTU. [EFFECT] The pre-encapsulated packet may be fragmented, and will require reassembly by the tunnel remote endpoint, causing a performance impact. [RECOVERY] Configured IP MTU and/or encapsulated IP MTU may need to be changed depending on the size of the encapsulation overhead as indicated in 'tIPsecNotifEncapOverhead', and the transmission capabilities of the tunnel's transport network." ::= { tmnxIPsecNotifications 7 } tmnxSecNotifCmptedCertHashChngd NOTIFICATION-TYPE OBJECTS { tIPsecNotifCertProfileName, tIPsecNotifCertProfEntryId, tIPsecNotifCaProfNames } STATUS current DESCRIPTION "[CAUSE] The tmnxSecNotifCmptedCertHashChngd notification is generated when the hash of a certificate chain is changed. [EFFECT] The hash of the recomputed certificate chain will be used for choosing cert-profile entry during new IPsec tunnel establishment. [RECOVERY] If the changed CA certificate is used as a trust-anchor at the peer, then the certificate should be updated at the peer as well to ensure correct cert-profile entry selection." ::= { tmnxIPsecNotifications 8 } tmnxSecNotifCmptedCertChnChngd NOTIFICATION-TYPE OBJECTS { tIPsecNotifCertProfileName, tIPsecNotifCertProfEntryId, tIPsecNotifCaProfNames } STATUS current DESCRIPTION "[CAUSE] The tmnxSecNotifCmptedCertChnChngd notification is generated when a computed certificate chain is changed due to a dependent CA profile being changed and brought into service. [EFFECT] The hash of the recomputed certificate chain, if changed, will be used for choosing cert-profile entry during new IPsec tunnel establishment. [RECOVERY] If the changed CA certificate is used as a trust-anchor at the peer, then the certificate should be updated at the peer as well to ensure correct cert-profile entry selection." ::= { tmnxIPsecNotifications 9 } tmnxSecNotifSendChnNotInCmptChn NOTIFICATION-TYPE OBJECTS { tIPsecNotifCertProfileName, tIPsecNotifCertProfEntryId, tIPsecNotifCaProfNames } STATUS current DESCRIPTION "[CAUSE] The tmnxSecNotifSendChnNotInCmptChn notification is generated when a CA profile not belonging to the computed certificate chain is added to the send-chain of a cert-profile entry, or the certificate chain is changed such that a CA-profile in the send-chain is no longer a member of the chain. [EFFECT] The CA certificate(s) to be sent to the peer is not a member of the certificate chain that is requested by the peer for new IPsec tunnel establishment. [RECOVERY] Replace the send-chain CA profile that is not in the certificate chain with one that is." ::= { tmnxIPsecNotifications 10 } tmnxIPsecTunnelOperStateChange NOTIFICATION-TYPE OBJECTS { tmnxIPsecTunnelAdminState, tmnxIPsecTunnelOperState, tmnxIPsecTunnelOperFlags } STATUS current DESCRIPTION "[CAUSE] The tmnxIPsecTunnelOperStateChange notification is generated when there is a change in tmnxIPsecTunnelOperState for an IPsec tunnel. [EFFECT] When the value of tmnxIPsecTunnelOperState is 'outOfService (3)', the IPsec tunnel is operationally down and traffic arriving at the tunnel endpoints will not be encapsulated and transported. When the value of tmnxIPsecTunnelOperState is 'inService (2)', the IPsec tunnel is operationally up. When the value of tmnxIPsecGWOperState is 'limited (5)', the IPsec tunnel is operationally up but may not be ready to re-establish the connection until the conditions indicated in the tmnxIPsecTunnelOperFlags are cleared. [RECOVERY] Please refer to tmnxIPsecTunnelOperFlags for information on why the tunnel is operationally down." ::= { tmnxIPsecNotifications 11 } tmnxIPsecGWOperStateChange NOTIFICATION-TYPE OBJECTS { tmnxIPsecGWName, tmnxIPsecGWAdminState, tmnxIPsecGWOperState, tmnxIPsecGWOperFlags } STATUS current DESCRIPTION "[CAUSE] The tmnxIPsecGWOperStateChange notification is generated when there is a state change in tmnxIPsecGWOperState for an IPsec gateway. [EFFECT] When the value of tmnxIPsecGWOperState is 'outOfService (3)', the IPsec gateway is operationally down and it is not ready to negotiate IKE sessions with remote clients. When the value of tmnxIPsecGWOperState is 'inService (2)', the IPsec gateway is operationally up. When the value of tmnxIPsecGWOperState is 'limited (5)', the IPsec gateway is not fully operationally up due to the conditions indicated in tmnxIPsecTunnelOperFlags and can only negotiate limited new IKE sessions. [RECOVERY] Please refer to tmnxIPsecGWOperFlags for information on why the gateway is operationally down." ::= { tmnxIPsecNotifications 12 } tIPsecRUTnlRemoved NOTIFICATION-TYPE OBJECTS { svcId, sapPortId, sapEncapValue, tIPsecNotifRUTnlInetAddrType, tIPsecNotifRUTnlInetAddress, tIPsecNotifRUTnlPort, tIPsecNotifReason } STATUS current DESCRIPTION "[CAUSE] A tIPsecRUTnlRemoved notification is generated when a remote-user tunnel is removed under certain reasons, which are indicated by tIPsecNotifReason (e.g., failed to renew private address lease with DHCP server). [EFFECT] The IPsec tunnel becomes operationally out of service." ::= { tmnxIPsecNotifications 13 } tIPsecTunnelProtocolFailed NOTIFICATION-TYPE OBJECTS { tIPsecNotifTunnelType, tIPsecNotifTunnelIdentifier, tIPsecNotifReason } STATUS current DESCRIPTION "[CAUSE] A tIPsecTunnelProtocolFailed notification is generated when a whenever there is abnormal event from protocol perspective to the tunnel, which are indicated by tIPsecNotifReason (e.g., tunnel encounters a dpd-timeout, or no-proposal-chosen during rekey, etc). [EFFECT] These abnormal events don't always necessarily cause the tunnel to change its operational-status or to be removed. [RECOVERY] Please refer to operational-flags of the tunnel for more information." ::= { tmnxIPsecNotifications 14 } END