-- -- AVAYA-IPSEC-MIB.my -- MIB generated by MG-SOFT Visual MIB Builder Version 3.0 Build 253 -- Sunday, February 27, 2005 at 15:25:17 -- -- Copyright © 2004 by Avaya Inc. All rights reserved. -- -- This AVAYA SNMP Management Information Base Specification (Specification) -- embodies AVAYA confidential and Proprietary intellectual property. -- AVAYA retains all Title and ownership in the Specification, including any -- revisions. -- -- It is AVAYA's intent to encourage the widespread use of this Specification -- in connection with the management of AVAYA products. AVAYA grants vendors, -- end-users, and other interested parties a non-exclusive license to use this -- Specification in connection with the management of AVAYA products. -- -- This Specification is supplied "as is," and AVAYA makes no warranty, either -- express or implied, as to the use, operation, condition, or performance of -- the Specification. -- -- ======================================================== -- SourceSafe Version Information: -- $Revision: 35 $ -- Check in $Date: 11/01/07 12:27p $ -- $Author: Sbiton $ -- $Archive: /MIBs/Version 1.0/Source/Avaya/AVAYA-IPSEC-MIB.my $ -- ======================================================== AVAYA-IPSEC-MIB DEFINITIONS ::= BEGIN IMPORTS avGatewayMibs FROM AVAYAGEN-MIB OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF IpAddress, Integer32, Unsigned32, Gauge32, Counter32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI RowStatus, DisplayString, TruthValue, TimeStamp, TEXTUAL-CONVENTION FROM SNMPv2-TC; avayaIpsecMib MODULE-IDENTITY LAST-UPDATED "200701081643Z" -- Januar 08, 2007 at 16:43 ORGANIZATION "Avaya, Inc." CONTACT-INFO " Avaya Customer Services Postal: Avaya, Inc. 211 Mt Airy Rd. Basking Ridge, NJ 07920 USA Tel: +1 908 953 6000 E-mail: executiveoffic@avaya.com WWW: http://www.avaya.com " DESCRIPTION "The MIB module for configuring IPSec functionality in Avaya converged Gateways." REVISION "200701081643Z" DESCRIPTION "Add time to failback to primary peer (seconds) - avipsIsakmpPeerGroupFailbacktoPrimaryInterval under the avipsIsakmpPeerTable." ::= { avGatewayMibs 1 } -- -- Textual conventions -- DiffHellmanGrp ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The Diffie Hellman Group used in negotiations." SYNTAX INTEGER { dhGroup1(1), dhGroup2(2), dhGroup5(5), dhGroup14(14), dhGroup15(15), dhGroup16(16), dhGroup17(17), dhGroup18(18), none(255) } IkeEncryptAlgo ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Values for encryption algorithms negotiated for the ISAKMP SA by IKE in Phase I. These are values for SA Attribute type Encryption Algorithm (1)." SYNTAX INTEGER { des(2), des3(3), aes(4), aes192(5), aes256(6), none(255) } IkeHashAlgo ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Values for hash algorithms negotiated for the ISAKMP SA by IKE in Phase I. These are values for SA Attribute type Hash Algorithm (2)." SYNTAX INTEGER { none(1), md5(2), sha(3) } EspHashTransform ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The ESP Authentication Algorithm used in the IPsec DOI as a SA Attributes definition in the Transform Payload of Phase II of an IKE negotiation. This set of values defines the AH authentication algorithm, when the associated Proposal Payload has a Protocol-ID of 2 (AH). This set of values defines the ESP authentication algorithm, when the associated Proposal Payload has a Protocol-ID of 3 (ESP)." SYNTAX INTEGER { none(1), md5(2), sha(3) } EspEncrTransform ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The values of the IPsec DOI ESP Transform Identifier which identify a particular algorithm to be used to provide secrecy protection for ESP. It is used in the Transform-ID field of a ISAKMP Transform Payload for the IPsec DOI, when the Protocol-Id of the associated Proposal Payload is 2 (AH), 3 (ESP), and 4 (IPCOMP)." SYNTAX INTEGER { null(1), des(2), des3(3), aes(4), aes192(5), aes256(6), none(255) } IsakmpIdentityType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This TC provides the semantics for a column with IsakmpIdentityValue TC. Wherever this TC is used, there should be an accompanying column which uses the IsakmpIdentityValue TC to specify the data for which the semantics apply. Values in the range [1..255] is the IPsec DOI Identification Type that is an 8-bit value which is used in the ID Type field as a discriminant for interpretation of the variable-length Identification Payload. Values in the range [256..260] are reserved for the following semantics, which can be used for local and remote peers: none(256) - this object is empty. peerGroup(257) - IsakmpIdentityValue is a peer-group name. Values in the range [261..Max] are reserved for the following semantics, which can be used for local peers only: ifName(270) - an interface name, which IP address is used as the local-peer's ID. " SYNTAX INTEGER { ipv4Address(1), fqdn(2), userFqdn(3), none(256), peerGroup(257), ifName(270) } IsakmpIdentityValue ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "IsakmpIdentityValue contains a string encoded Identity Type value to be used in comparisons against an IKE Identity payload. Wherever this TC is used, there should be an accompanying column which uses the IsakmpIdentityType TC to specify the type of data in this object. See the IsakmpIdentityType TC for the supported identity types available. Note that the IsakmpIdentityType TC specifies how to encode binary values, while this object will contain human readable string versions." SYNTAX OCTET STRING (SIZE (1..110)) IsakmpDpdKeepaliveMetric ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Specifies the type of worry-metric to be used for DPD." SYNTAX INTEGER { disabled(1), onDemand(2), periodic(3) } IpsecEncapMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "IPSec encapsulation mode." SYNTAX INTEGER { tunnel(1), transport(2) } -- -- Node definitions -- -- 1.3.6.1.4.1.6889.2.6.1.1 avipsMIBObjects OBJECT IDENTIFIER ::= { avayaIpsecMib 1 } -- 1.3.6.1.4.1.6889.2.6.1.1.1 avipsGlobals OBJECT IDENTIFIER ::= { avipsMIBObjects 1 } -- 1.3.6.1.4.1.6889.2.6.1.1.1.1 avipsGlobalsInvalidSpiRecovery OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object determines whether invalid-spi-recovery is enabled (true) or disabled (false). When enabled, the device shall open an IKE SA, if it does not already exist, in order to send DELETE message to the remote peer when receiving an invalid spi or invalid cookie with SIP of that remote peer. This causes faster recovery times in case of SADB inconsistency, but may cause D/DoS attack on the remote peer." ::= { avipsGlobals 1 } -- 1.3.6.1.4.1.6889.2.6.1.1.1.2 avipsNatTEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether IPSec NAT-T is invoked in the device. If this object is True then NAT-T is enabled." ::= { avipsGlobals 2 } -- 1.3.6.1.4.1.6889.2.6.1.1.1.3 avipsNatTKeepaliveInterval OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This object determines the NAT-T keepalive interval in seconds. If this object is set to 0 then NAT-T keepalives are disabled." ::= { avipsGlobals 3 } -- 1.3.6.1.4.1.6889.2.6.1.1.1.4 avipsCryptoEngineAccelEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of this object determines whether IPSec HW acceleration is enabled or disabled. In case the HW does not support acceleration the value of this object shall be false. " ::= { avipsGlobals 4 } -- 1.3.6.1.4.1.6889.2.6.1.1.2 avipsIsakmpGroup OBJECT IDENTIFIER ::= { avipsMIBObjects 2 } -- 1.3.6.1.4.1.6889.2.6.1.1.2.1 avipsIsakmpPeerTable OBJECT-TYPE SYNTAX SEQUENCE OF AvipsIsakmpPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a list of all the remote peers and peer-groups we are willing to establish an IPSec VPN connection with. Each entry represents a peer or a peer-group, and is indexed by the peer's IKE identification (type and value), or the peer-group name. Each peer entry points to the ISAKMP policy that will be used for IKE negotiations (as an initiator or a responder). Note that in case this entry represents a peer-group the value of IsakmpIdentityType shall be set to peerGroup. In that case certain columns in this row are N/A." ::= { avipsIsakmpGroup 1 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1 avipsIsakmpPeerEntry OBJECT-TYPE SYNTAX AvipsIsakmpPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A specific entry." INDEX { avipsIsakmpPeerIdType, IMPLIED avipsIsakmpPeerId } ::= { avipsIsakmpPeerTable 1 } AvipsIsakmpPeerEntry ::= SEQUENCE { avipsIsakmpPeerIdType IsakmpIdentityType, avipsIsakmpPeerId IsakmpIdentityValue, avipsIsakmpPeerDescription DisplayString, avipsIsakmpPeerIsaPlcyId1 Integer32, avipsIsakmpPeerInitiateMode INTEGER, avipsIsakmpPeerSelfIdType IsakmpIdentityType, avipsIsakmpPeerSelfId IsakmpIdentityValue, avipsIsakmpPeerKeepaliveMetric IsakmpDpdKeepaliveMetric, avipsIsakmpPeerKeepaliveInterval Integer32, avipsIsakmpPeerKeepaliveRetryInterval Integer32, avipsIsakmpPeerKeepaliveTrackId Integer32, avipsIsakmpPeerContChannel TruthValue, avipsIsakmpPeerRowStatus RowStatus, avipsIsakmpPeerGroupFailbacktoPrimaryInterval Integer32 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.1 avipsIsakmpPeerIdType OBJECT-TYPE SYNTAX IsakmpIdentityType (1..260) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object is an enumeration identifying the type of the Identity value. Note that value can also be peerGroup, in that case avipsIsakmpPeerId contains the peer-group's name. Also note that certain columns in this row are N/A for peer-group (refer to specific objects' descriptions for details). This is also the first index component of this table." ::= { avipsIsakmpPeerEntry 1 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.2 avipsIsakmpPeerId OBJECT-TYPE SYNTAX IsakmpIdentityValue MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object contains an Identity filter to be used to match against the identity payload in an IKE request. This is also the second index component of this table." ::= { avipsIsakmpPeerEntry 2 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.3 avipsIsakmpPeerDescription OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "Free text describing this row." DEFVAL { "" } ::= { avipsIsakmpPeerEntry 3 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.4 avipsIsakmpPeerIsaPlcyId1 OBJECT-TYPE SYNTAX Integer32 (0..9999) MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains the ID of the ISAKMP policy to be used in IKE Phase I negotiation with this peer. A value of 0 indicates that this object is empty. This object is N/A if avipsIsakmpPeerIdType is peerGroup." DEFVAL { 0 } ::= { avipsIsakmpPeerEntry 4 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.5 avipsIsakmpPeerInitiateMode OBJECT-TYPE SYNTAX INTEGER { none(1), main(2), aggressive(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies how to initiate IKE when communicating with this peer: none(1) - Never initiate IKE with this peer (i.e. respond only) main(2) - Initiate Main Mode (MM) aggressive(3) - Initiate Aggressive Mode (AM) This object is N/A if avipsIsakmpPeerIdType is peerGroup." DEFVAL { main } ::= { avipsIsakmpPeerEntry 5 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.6 avipsIsakmpPeerSelfIdType OBJECT-TYPE SYNTAX IsakmpIdentityType MAX-ACCESS read-write STATUS current DESCRIPTION "This object is an enumeration identifying the type of the Identity value which the local peer shall use in the its identity payload during Phase-1 negotiation. This object is N/A if avipsIsakmpPeerIdType is peerGroup." DEFVAL { ipv4Address } ::= { avipsIsakmpPeerEntry 6 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.7 avipsIsakmpPeerSelfId OBJECT-TYPE SYNTAX IsakmpIdentityValue MAX-ACCESS read-write STATUS current DESCRIPTION "If not empty, this object specifies the identity value which the local peer will send in the identification payload during IKE Phase-1 negotiation. If this object is empty, the default local identity shall be sent, according to the value of avipsIsakmpPeerSelfIdType. This object is N/A if avipsIsakmpPeerIdType is peerGroup. " DEFVAL { ''b } ::= { avipsIsakmpPeerEntry 7 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.8 avipsIsakmpPeerKeepaliveMetric OBJECT-TYPE SYNTAX IsakmpDpdKeepaliveMetric MAX-ACCESS read-write STATUS current DESCRIPTION "The worry-metric to be used for deciding when to send R-U-THERE message to the remote peer. This object is N/A if avipsIsakmpPeerIdType is peerGroup." DEFVAL { disabled } ::= { avipsIsakmpPeerEntry 8 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.9 avipsIsakmpPeerKeepaliveInterval OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The minimal interval, in seconds, between two consecutive R-U-THERE sent by the local peer, when the previous R-U-THERE message has been answered. The actual interval is based on this value and other parameters, such as the worry-metric. This object is N/A if avipsIsakmpPeerIdType is peerGroup." DEFVAL { 10 } ::= { avipsIsakmpPeerEntry 9 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.10 avipsIsakmpPeerKeepaliveRetryInterval OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The actual interval, in seconds, between R-U-THERE retries sent by the local peer, when the previous R-U-THERE message has not been answered. This object is N/A if avipsIsakmpPeerIdType is peerGroup." DEFVAL { 2 } ::= { avipsIsakmpPeerEntry 10 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.11 avipsIsakmpPeerKeepaliveTrackId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Bind the status of this peer to an object-tracker by specifying the ID of the object-tracker (avstrTrackerId in AVAYA-SAA-TRACK-MIB). A value of 0 means that peer is not bound to any object-tracker. This object is N/A if avipsIsakmpPeerIdType is peerGroup." DEFVAL { 0 } ::= { avipsIsakmpPeerEntry 11 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.12 avipsIsakmpPeerContChannel OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object determines whether continuous channel IKE mode is used for contacting the peer. Continuous channel IKE means that local peer tries to establish an IKE SA with the remote peer as soon as possible, also when there is no outbound traffic that requires it. This object is N/A if avipsIsakmpPeerIdType is peerGroup." DEFVAL { false } ::= { avipsIsakmpPeerEntry 12 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.13 avipsIsakmpPeerRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table. Use createAndGo (not createAndWait) to create this row." ::= { avipsIsakmpPeerEntry 13 } avipsIsakmpPeerGroupFailbacktoPrimaryInterval OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The amount of time in seconds that secondary peer shall be up (after primary peer went down) before there will be failback to primary peer (in case it is up again). The default value is 24 hours. Relevant for peer-group only (values 1 and up). For peer return value of 0. " DEFVAL { 86400 } ::= { avipsIsakmpPeerEntry 14 } -- 1.3.6.1.4.1.6889.2.6.1.1.2.2 avipsPeerGroupPeersTable OBJECT-TYPE SYNTAX SEQUENCE OF AvipsPeerGroupPeersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains all the associations between peer-groups and isakmp peers. The relation between peer-group and isakmp peer is many-to-many. A valid peer-group (i.e. a peer-group that can be associated with an active crypto-list) contains one or more isakmp peers. An isakmp peer may be contained in zero or more peer-groups." ::= { avipsIsakmpGroup 2 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1 avipsPeerGroupPeersEntry OBJECT-TYPE SYNTAX AvipsPeerGroupPeersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A specific entry." INDEX { avipsPeerGroupPeersPGrpName, avipsPeerGroupPeersPeerIndex } ::= { avipsPeerGroupPeersTable 1 } AvipsPeerGroupPeersEntry ::= SEQUENCE { avipsPeerGroupPeersPGrpName DisplayString, avipsPeerGroupPeersPeerIndex Integer32, avipsPeerGroupPeersPIdType IsakmpIdentityType, avipsPeerGroupPeersPIdValue IsakmpIdentityValue, avipsPeerGroupPeersRowStatus RowStatus } -- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.1 avipsPeerGroupPeersPGrpName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of the peer-group associated with this isakmp peer. Note that there must exist a matching active entry in avipsIsakmpPeerTable which avipsIsakmpPeerIdType is peerGroup, otherwise a 'set' operation shall fail." ::= { avipsPeerGroupPeersEntry 1 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.2 avipsPeerGroupPeersPeerIndex OBJECT-TYPE SYNTAX Integer32 (1..100) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ordered index of the peer within the peer-group." ::= { avipsPeerGroupPeersEntry 2 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.3 avipsPeerGroupPeersPIdType OBJECT-TYPE SYNTAX IsakmpIdentityType (1..256) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is an enumeration identifying the type of the Identity value of the peer associated with this IPSec connection. Note that value cannot be peerGroup. The contents of this object object is interpreted along with avipsPeerGroupPeersPIdValue." ::= { avipsPeerGroupPeersEntry 3 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.4 avipsPeerGroupPeersPIdValue OBJECT-TYPE SYNTAX IsakmpIdentityValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains value of the peer ID. The contents of this object object is interpreted along with avipsPeerGroupPeersPIdType." ::= { avipsPeerGroupPeersEntry 4 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.5 avipsPeerGroupPeersRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table. Use createAndWait (not createAndGo) to create this row. This object is active(1) after avipsPeerGroupPeersPIdType and avipsPeerGroupPeersPIdValue are set." ::= { avipsPeerGroupPeersEntry 5 } -- 1.3.6.1.4.1.6889.2.6.1.1.2.3 avipsIsakmpPlcyTable OBJECT-TYPE SYNTAX SEQUENCE OF AvipsIsakmpPlcyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table containing the list of all ISAKMP policy entries configured by the operator." ::= { avipsIsakmpGroup 3 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1 avipsIsakmpPlcyEntry OBJECT-TYPE SYNTAX AvipsIsakmpPlcyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the attributes associated with a single ISAKMP Policy entry." INDEX { avipsIsakmpPlcyId } ::= { avipsIsakmpPlcyTable 1 } AvipsIsakmpPlcyEntry ::= SEQUENCE { avipsIsakmpPlcyId Integer32, avipsIsakmpPlcyDescription DisplayString, avipsIsakmpPlcyDhGroup DiffHellmanGrp, avipsIsakmpPlcyEncrAlgo IkeEncryptAlgo, avipsIsakmpPlcyHashAlgo IkeHashAlgo, avipsIsakmpPlcyLifetime Integer32, avipsIsakmpPlcyAuth INTEGER, avipsIsakmpPlcyRowStatus RowStatus } -- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.1 avipsIsakmpPlcyId OBJECT-TYPE SYNTAX Integer32 (1..9999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ID of this ISAKMP Policy entry. This is also the index of this table." ::= { avipsIsakmpPlcyEntry 1 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.2 avipsIsakmpPlcyDescription OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "Free text describing this object." DEFVAL { "" } ::= { avipsIsakmpPlcyEntry 2 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.3 avipsIsakmpPlcyDhGroup OBJECT-TYPE SYNTAX DiffHellmanGrp MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the Oakley group used for Diffie Hellman exchange in the Main Mode. If this policy item is selected to negotiate Main Mode with an IKE peer, the local entity chooses the group specified by this object to perform Diffie Hellman exchange with the peer." DEFVAL { dhGroup1 } ::= { avipsIsakmpPlcyEntry 3 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.4 avipsIsakmpPlcyEncrAlgo OBJECT-TYPE SYNTAX IkeEncryptAlgo MAX-ACCESS read-write STATUS current DESCRIPTION "The encryption transform specified by this ISAKMP policy specification. The Internet Key Exchange (IKE) tunnels setup using this policy item would use the specified encryption transform to protect the ISAKMP PDUs." DEFVAL { des } ::= { avipsIsakmpPlcyEntry 4 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.5 avipsIsakmpPlcyHashAlgo OBJECT-TYPE SYNTAX IkeHashAlgo MAX-ACCESS read-write STATUS current DESCRIPTION "The hash transform specified by this ISAKMP policy specification. The IKE tunnels setup using this policy item would use the specified hash transform to protect the ISAKMP PDUs." DEFVAL { sha } ::= { avipsIsakmpPlcyEntry 5 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.6 avipsIsakmpPlcyLifetime OBJECT-TYPE SYNTAX Integer32 (60..86400) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the lifetime, in seconds, of the IKE tunnels generated using this policy specification." DEFVAL { 86400 } ::= { avipsIsakmpPlcyEntry 6 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.7 avipsIsakmpPlcyAuth OBJECT-TYPE SYNTAX INTEGER { none(1), preSharedKey(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The peer authentication method specified by this ISAKMP policy specification. If this policy entity is selected for negotiation with a peer, the local entity would authenticate the peer using the method specified by this object." DEFVAL { preSharedKey } ::= { avipsIsakmpPlcyEntry 7 } -- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.8 avipsIsakmpPlcyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table." ::= { avipsIsakmpPlcyEntry 8 } -- 1.3.6.1.4.1.6889.2.6.1.1.3 avipsIpsecGroup OBJECT IDENTIFIER ::= { avipsMIBObjects 3 } -- 1.3.6.1.4.1.6889.2.6.1.1.3.1 avipsCryptoMapTable OBJECT-TYPE SYNTAX SEQUENCE OF AvipsCryptoMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains all the crypto maps configured by the user. A crypto map essentially concentrates all the IPSec protection policy required for establishing IKE Phase-1 and Phase-2 connections." ::= { avipsIpsecGroup 1 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1 avipsCryptoMapEntry OBJECT-TYPE SYNTAX AvipsCryptoMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A specific crypto map entry." INDEX { avipsCryptoMapId } ::= { avipsCryptoMapTable 1 } AvipsCryptoMapEntry ::= SEQUENCE { avipsCryptoMapId Integer32, avipsCryptoMapDescription DisplayString, avipsCryptoMapPeerIdType IsakmpIdentityType, avipsCryptoMapPeerIdValue IsakmpIdentityValue, avipsCryptoMapTranSetName1 DisplayString, avipsCryptoMapIsReady TruthValue, avipsCryptoMapTunnelDscp Integer32, avipsCryptoMapContChannel TruthValue, avipsCryptoMapRowStatus RowStatus } -- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.1 avipsCryptoMapId OBJECT-TYPE SYNTAX Integer32 (1..9999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ID of the crypto map entry. This is also the index of this table." ::= { avipsCryptoMapEntry 1 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.2 avipsCryptoMapDescription OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "Free text describing this object." DEFVAL { "" } ::= { avipsCryptoMapEntry 2 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.3 avipsCryptoMapPeerIdType OBJECT-TYPE SYNTAX IsakmpIdentityType (1..260) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is an enumeration identifying the type of the Identity value of the peer associated with this IPSec connection. The contents of this object object is interpreted along with avipsCryptoMapPeerIdValue." ::= { avipsCryptoMapEntry 3 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.4 avipsCryptoMapPeerIdValue OBJECT-TYPE SYNTAX IsakmpIdentityValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains an Identity filter to be used to select the remote peer or peer-group when initiating IKE, and to match against the identity payload in an IKE request when responding to IKE. The contents of this object object is interpreted along with avipsCryptoMapPeerIdType." DEFVAL { "" } ::= { avipsCryptoMapEntry 4 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.5 avipsCryptoMapTranSetName1 OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "The name of the transforms-set for this crypto map. This object is the index into the avipsTranSetTable." DEFVAL { "" } ::= { avipsCryptoMapEntry 5 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.6 avipsCryptoMapIsReady OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This field is true if and only if this crypto map entry and all the descendent configuration objects pointed by it are in the ready state. Note that crypto list activation requires that all the crypto maps it points to be ready. " DEFVAL { false } ::= { avipsCryptoMapEntry 6 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.7 avipsCryptoMapTunnelDscp OBJECT-TYPE SYNTAX Integer32 (-1 | 0..63) MAX-ACCESS read-write STATUS current DESCRIPTION "The method used to set the high 6 bits of the TOS in the outer IP header. A value of -1 indicates that the bits are copied from the payload's header. A value between 0 and 63 inclusive indicates that the bit field is set to the indicated value." DEFVAL { -1 } ::= { avipsCryptoMapEntry 7 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.8 avipsCryptoMapContChannel OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object determines whether continuous channel IPSec mode is used for the rule pointing to this crypto map. Continuous channel IPSec means that local peer tries to establish an IPSec SA with the remote peer as soon as possible, also when there is no outbound traffic that requires it." DEFVAL { false } ::= { avipsCryptoMapEntry 8 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.9 avipsCryptoMapRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by an active crypto list." ::= { avipsCryptoMapEntry 9 } -- 1.3.6.1.4.1.6889.2.6.1.1.3.2 avipsTranSetTable OBJECT-TYPE SYNTAX SEQUENCE OF AvipsTranSetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists all the transform-sets which can be used to build or accept IPsec proposals." ::= { avipsIpsecGroup 2 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1 avipsTranSetEntry OBJECT-TYPE SYNTAX AvipsTranSetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the information on an IPsec transform-set." INDEX { IMPLIED avipsTranSetName } ::= { avipsTranSetTable 1 } AvipsTranSetEntry ::= SEQUENCE { avipsTranSetName DisplayString, avipsTranSetEspEncrTran EspEncrTransform, avipsTranSetEspHashTran EspHashTransform, avipsTranSetLifetime Integer32, avipsTranSetLifesize Integer32, avipsTranSetPfsGroup DiffHellmanGrp, avipsTranSetEncapMode IpsecEncapMode, avipsTranSetEspCompTran INTEGER, avipsTranRowStatus RowStatus } -- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.1 avipsTranSetName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of this particular transform-set be referred to by an avipsCryptoMapEntry. This is the index of this table." ::= { avipsTranSetEntry 1 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.2 avipsTranSetEspEncrTran OBJECT-TYPE SYNTAX EspEncrTransform MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the transform ID of the ESP encryption algorithm." DEFVAL { des } ::= { avipsTranSetEntry 2 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.3 avipsTranSetEspHashTran OBJECT-TYPE SYNTAX EspHashTransform MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the ESP hash algorithm ID." DEFVAL { sha } ::= { avipsTranSetEntry 3 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.4 avipsTranSetLifetime OBJECT-TYPE SYNTAX Integer32 (0 | 120..86400) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies how long, in seconds, the security association (SA) derived from this transform should be used. The value 0 is reserved for future use." DEFVAL { 3600 } ::= { avipsTranSetEntry 4 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.5 avipsTranSetLifesize OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 2560..536870912) UNITS "KBytes" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies how long, in Kilobytes, the security association (SA) derived from this transform should be used. The value -1 means that no size based lifetime will be offered to the other side. The value 0 is reserved for future use." DEFVAL { 4608000 } ::= { avipsTranSetEntry 5 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.6 avipsTranSetPfsGroup OBJECT-TYPE SYNTAX DiffHellmanGrp MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the DH group that shall be used for PFS in quick mode exchange, when creating the security association (SA) derived from this transform. The reserved value 'none' means that PFS shall not be used." DEFVAL { none } ::= { avipsTranSetEntry 6 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.7 avipsTranSetEncapMode OBJECT-TYPE SYNTAX IpsecEncapMode MAX-ACCESS read-write STATUS current DESCRIPTION "This object determines the ESP encapsulation mode that will be used. Possible values are 'tunnel' and 'transport'. In case transport mode is configured, it shall be used only if possible, i.e. the SIP and DIP of the relevant rule are equivalent to the LTEP and RTEP. Otherwise tunnel mode is used. " DEFVAL { tunnel } ::= { avipsTranSetEntry 7 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.8 avipsTranSetEspCompTran OBJECT-TYPE SYNTAX INTEGER { none(1), ippcpLzs(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the ESP compression algorithm: none(1) - no compression algorithm. ippcpLzs(2) - IPPCP with LZS compression. " DEFVAL { none } ::= { avipsTranSetEntry 8 } -- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.9 avipsTranRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table." ::= { avipsTranSetEntry 9 } -- 1.3.6.1.4.1.6889.2.6.1.1.4 avipsMonitoringGroup OBJECT IDENTIFIER ::= { avipsMIBObjects 4 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1 avipsMonitoringTables OBJECT IDENTIFIER ::= { avipsMonitoringGroup 1 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.1 avipsMonitoringTablesGlobals OBJECT IDENTIFIER ::= { avipsMonitoringTables 1 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.1.1 avipsMonitorRstCntrs OBJECT-TYPE SYNTAX INTEGER { running(1), reset(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Use this object to reset all the IPSec counters. Set this object to reset(2) in order to do that. This operation is equivalent to issuing the 'clear crypto sa counters' command in the CLI." ::= { avipsMonitoringTablesGlobals 1 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.1.2 avipsMonitorRstCntrsLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "sysUpTime when last IPSec counters reset by avipsMonitorRstCntrs or 'clear crypto sa counters' in CLI, in hundredths of a second." ::= { avipsMonitoringTablesGlobals 2 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.2 avipsPeerTable OBJECT-TYPE SYNTAX SEQUENCE OF AvipsPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains entries for every active isakmp peer in the system. The word 'active' suggests that in case the peer is part of a redundant list of peers within a crypto map, only the peer that is currently active will be included. " ::= { avipsMonitoringTables 2 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1 avipsPeerEntry OBJECT-TYPE SYNTAX AvipsPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A specific peer entry." INDEX { avipsPeerLocalId, avipsPeerRemoteId } ::= { avipsPeerTable 1 } AvipsPeerEntry ::= SEQUENCE { avipsPeerLocalId Unsigned32, avipsPeerRemoteId Unsigned32, avipsPeerLocalType IsakmpIdentityType, avipsPeerLocalValue IsakmpIdentityValue, avipsPeerRemoteType IsakmpIdentityType, avipsPeerRemoteValue IsakmpIdentityValue, avipsPeerRemoteDescription DisplayString, avipsPeerLocalAddress IpAddress, avipsPeerRemoteAddress IpAddress, avipsPeerRemotePeerGrpActiveIndex Integer32, avipsPeerRemotePeerGrpActiveIdType IsakmpIdentityType, avipsPeerRemotePeerGrpActiveIdValue IsakmpIdentityValue, avipsPeerIsakmpState INTEGER, avipsPeerIsakmpStateLastChange TimeStamp, avipsPeerTunnelsClosed Gauge32, avipsPeerTunnelsInProgress Gauge32, avipsPeerTunnelsEstablished Gauge32, avipsPeerTunnelsFailed Gauge32, avipsPeerInOctets Counter32, avipsPeerInOctetsWraps Counter32, avipsPeerInDecompOctets Counter32, avipsPeerInDecompOctetsWraps Counter32, avipsPeerInDecompRatio Gauge32, avipsPeerInPkts Counter32, avipsPeerInDropPkts Counter32, avipsPeerOutOctets Counter32, avipsPeerOutOctetsWraps Counter32, avipsPeerOutUncompOctets Counter32, avipsPeerOutUncompOctetsWraps Counter32, avipsPeerOutCompRatio Gauge32, avipsPeerOutPkts Counter32, avipsPeerOutDropPkts Counter32 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.1 avipsPeerLocalId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A synthetic ID that uniquely identifies the local peer for monitoring purpose. Note that this ID is persistent for this peer. This is also the first index component of this table. " ::= { avipsPeerEntry 1 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.2 avipsPeerRemoteId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A synthetic ID that uniquely identifies the remote peer for monitoring purpose. Note that this ID is persistent for this peer. This is also the second index component of this table." ::= { avipsPeerEntry 2 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.3 avipsPeerLocalType OBJECT-TYPE SYNTAX IsakmpIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the local peer identity, as it was configured. If the local peer ID was configured as an interface name, the value of this object shall be ifName." ::= { avipsPeerEntry 3 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.4 avipsPeerLocalValue OBJECT-TYPE SYNTAX IsakmpIdentityValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is an interface name, then this is the name of the interface which IP is used to identify the local peer. If the local peer type is a fqdn, then this is the fqdn used to identify the local peer." ::= { avipsPeerEntry 4 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.5 avipsPeerRemoteType OBJECT-TYPE SYNTAX IsakmpIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the remote peer identity. " ::= { avipsPeerEntry 5 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.6 avipsPeerRemoteValue OBJECT-TYPE SYNTAX IsakmpIdentityValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a fqdn, then this is the fqdn used to identify the remote peer." ::= { avipsPeerEntry 6 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.7 avipsPeerRemoteDescription OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Free text describing the remote peer or peer-group. The value of this field is taken from avipsIsakmpPeerDescription." ::= { avipsPeerEntry 7 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.8 avipsPeerLocalAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the local peer. This is derived from the local-address specified in the crypto-list that creates this connection. If the local peer type is an IP Address, then this is identical to avipsPeerLocalValue." ::= { avipsPeerEntry 8 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.9 avipsPeerRemoteAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the remote peer. If the remote peer type is an IP Address, then this is identical to avipsPeerRemoteValue. If the remote peer type is a fqdn, then this is the IP address that was received by DNS resolution of the fqdn specified in IsakmpIdentityValue." ::= { avipsPeerEntry 9 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.10 avipsPeerRemotePeerGrpActiveIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "In case the remote is a peer-group, i.e. avipsPeerRemoteType is peerGroup, this object specifies the index within the peer-group of the currently active peer. This value is taken from avipsPeerGroupPeersPeerIndex of the active peer in this peer-group." ::= { avipsPeerEntry 10 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.11 avipsPeerRemotePeerGrpActiveIdType OBJECT-TYPE SYNTAX IsakmpIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION "In case the remote is a peer-group, i.e. avipsPeerRemoteType is peerGroup, this object specifies the id-type of the currently active peer. This value is taken from avipsIsakmpPeerIdType of the active peer in this peer-group." ::= { avipsPeerEntry 11 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.12 avipsPeerRemotePeerGrpActiveIdValue OBJECT-TYPE SYNTAX IsakmpIdentityValue MAX-ACCESS read-only STATUS current DESCRIPTION "In case the remote is a peer-group, i.e. avipsPeerRemoteType is peerGroup, this object specifies the id-value of the currently active peer. This value is taken from avipsIsakmpPeerId of the active peer in this peer-group." ::= { avipsPeerEntry 12 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.13 avipsPeerIsakmpState OBJECT-TYPE SYNTAX INTEGER { closed(1), inProgress(2), established(3), failed(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the state of the IKE connection between the peers. 1. closed - No IKE SA exists between peers because it was not negotiated yet, or because last IKE closed normally due to hard timeout, clear by admin, or DELETE received from the remote peer. This is also the initial state of the row when it is created. 2. inProgress - No IKE SA exists between peers, but it is currently being negotiated in Phase-1. 3. established - IKE SA exists between peers. 4. failed - No IKE SA exists between peers because of a failure. Possible reasons are: 1. Last time we tried to establish IKE the negotiation failed. 2. Last time we tried to establish IKE the remote peer DNS resolution failed. 3. During last connection DPD signaled a connection failure. 4. During last connection a track object signaled a connection failure. 5. The interface used for local-address does not have an IP address asigned to it 1 minute or more after this row was created. 6. Last time we negotiated Phase-2 the negotiation timed-out, and the current IKE was subsequently deleted. NOTE: When continuous-channel IKE is used, the state shall remain 'established' during the normal transition time between one IKE SA and the next. However, if the IKE SA was deleted due to a suspected problem then the state will change normally during the transition (i.e. 'closed' and then 'inProgress'). [Suspected problem: if the last IKE SA was DELETEd by the remote peer after less then 5 minutes,or if it was deleted by local admin] " ::= { avipsPeerEntry 13 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.14 avipsPeerIsakmpStateLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "sysUpTime when the last change in avipsPeerIsakmpState occured, in hundredths of a second." ::= { avipsPeerEntry 14 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.15 avipsPeerTunnelsClosed OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of IPSec tunnels associated with these peers, which are in the 'closed' state." ::= { avipsPeerEntry 15 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.16 avipsPeerTunnelsInProgress OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of IPSec tunnels associated with these peers, which are in the 'inProgress' state." ::= { avipsPeerEntry 16 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.17 avipsPeerTunnelsEstablished OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of IPSec tunnels associated with these peers, which are in the 'established' state." ::= { avipsPeerEntry 17 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.18 avipsPeerTunnelsFailed OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of IPSec tunnels associated with these peers, which are in the 'failed' state." ::= { avipsPeerEntry 18 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.19 avipsPeerInOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The aggregate number of octets (bytes) successfully received through all the tunnels between the peers. This value is accumulated BEFORE determining whether or not the packet should be decompressed. This number is the sum of avipsTunnelInOctets together with avipsTunnelInOctetsWraps as a single 64-bit integer, for all the IPSec tunnels pertaining to the peers. See also avipsPeerInOctetsWraps for the number of times this counter has wrapped." ::= { avipsPeerEntry 19 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.20 avipsPeerInOctetsWraps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times avipsPeerInOctets has wrapped." ::= { avipsPeerEntry 20 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.21 avipsPeerInDecompOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The aggregate number of decompressed octets (bytes) successfully received through all the tunnels between the peers. This value is accumulated AFTER the packet is decompressed. If compression is not being used in any of the tunnels, this value will match the value of avipsPeerInOctets. This number is the sum of avipsTunnelInDecompOctets together with avipsTunnelInDecompOctetsWraps as a single 64-bit integer, for all the tunnels pertaining to the peers. See also avipsPeerInDecompOctetsWraps for the number of times this counter has wrapped." ::= { avipsPeerEntry 21 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.22 avipsPeerInDecompOctetsWraps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times avipsPeerInDecompOctets has wrapped." ::= { avipsPeerEntry 22 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.23 avipsPeerInDecompRatio OBJECT-TYPE SYNTAX Gauge32 UNITS "Ratio * 100" MAX-ACCESS read-only STATUS current DESCRIPTION "The overall decompression ratio * 100. This is the ratio between the number of octets received after decompression and the number of octets received before decompression. It is calculated as the integer of {[(avipsPeerInDecompOctetsWraps*2^32 + avipsPeerInDecompOctets) / (avipsPeerInOctetsWraps*2^32 + avipsPeerInOctets)] * 100}" ::= { avipsPeerEntry 23 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.24 avipsPeerInPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The aggregate number of packets successfully received through all the tunnels between the peers. This number is the sum of avipsTunnelInPkts for all the tunnels pertaining to the peers." ::= { avipsPeerEntry 24 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.25 avipsPeerInDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The aggregate number of packets dropped after being received through any of the tunnels between the peers. This number is the sum of avipsTunnelInDropTotalPkts for all the tunnels pertaining to the peers." ::= { avipsPeerEntry 25 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.26 avipsPeerOutOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The aggregate number of octets (bytes) successfully transmitted through all the tunnels between the peers. This value is accumulated AFTER determining whether or not the packet should be compressed. This number is the sum of avipsTunnelOutOctets together with vipsTunnelOutOctetsWraps as a single 64-bit integer, for all the tunnels pertaining to the peers. See also avipsPeerOutOctetsWraps for the number of times this counter has wrapped." ::= { avipsPeerEntry 26 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.27 avipsPeerOutOctetsWraps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times avipsPeerOutOctets has wrapped." ::= { avipsPeerEntry 27 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.28 avipsPeerOutUncompOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The aggregate number of uncompressed octets (bytes) successfully transmitted through this IPsec Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used in any of the tunnels, this value will match the value of avipsPeerOutOctets. This number is the sum of avipsTunnelOutUncompOctets together with avipsTunnelOutUncompOctetsWraps as a single 64-bit integer, for all the tunnels pertaining to the peers. See also avipsPeerOutUncompOctetsWraps for the number of times this counter has wrapped." ::= { avipsPeerEntry 28 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.29 avipsPeerOutUncompOctetsWraps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times avipsPeerInDecompOctets has wrapped." ::= { avipsPeerEntry 29 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.30 avipsPeerOutCompRatio OBJECT-TYPE SYNTAX Gauge32 UNITS "Ratio * 100" MAX-ACCESS read-only STATUS current DESCRIPTION "The overall compression ratio * 100. This is the ratio between the number of outbound octets before compression and the number of outbound octets after compression. It is calculated as the integer of {[(avipsPeerOutUncompOctetsWraps*2^32 + avipsPeerOutUncompOctets) / (avipsPeerOutOctetsWraps*2^32 + avipsPeerOutOctets)]* 100}" ::= { avipsPeerEntry 30 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.31 avipsPeerOutPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The aggregate number of packets successfully transmitted through all the tunnels between the peers. This number is the sum of avipsTunnelOutPkts for all the tunnels pertaining to the peers." ::= { avipsPeerEntry 31 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.32 avipsPeerOutDropPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The aggregate number of packets dropped before being transmitted through any of the tunnels between the peers. This number is the sum of avipsTunnelOutDropTotalPkts for all the tunnels pertaining to the peers." ::= { avipsPeerEntry 32 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3 avipsTunnelTable OBJECT-TYPE SYNTAX SEQUENCE OF AvipsTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a entries for all the tunnels in the system. A 'tunnel' is a rule within an active crypto-list." ::= { avipsMonitoringTables 3 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1 avipsTunnelEntry OBJECT-TYPE SYNTAX AvipsTunnelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A specific tunnel entry." INDEX { avipsTunnelIndex, avipsTunnelSubIndex, avipsTunnelPeerLocalId, avipsTunnelPeerRemoteId } ::= { avipsTunnelTable 1 } AvipsTunnelEntry ::= SEQUENCE { avipsTunnelPeerLocalId Unsigned32, avipsTunnelPeerRemoteId Unsigned32, avipsTunnelIndex Integer32, avipsTunnelSubIndex Integer32, avipsTunnelPeerLocalType IsakmpIdentityType, avipsTunnelPeerLocalValue IsakmpIdentityValue, avipsTunnelPeerRemoteType IsakmpIdentityType, avipsTunnelPeerRemoteValue IsakmpIdentityValue, avipsTunnelDescription DisplayString, avipsTunnelLocalAddress IpAddress, avipsTunnelRemoteAddress IpAddress, avipsTunnelProxyLocalSubnet IpAddress, avipsTunnelProxyLocalMask IpAddress, avipsTunnelProxyRemoteSubnet IpAddress, avipsTunnelProxyRemoteMask IpAddress, avipsTunnelState INTEGER, avipsTunnelStateLastChange TimeStamp, avipsTunnelLastCntrsReset TimeStamp, avipsTunnelInOctets Counter32, avipsTunnelInOctetsWraps Counter32, avipsTunnelInDecompOctets Counter32, avipsTunnelInDecompOctetsWraps Counter32, avipsTunnelInDecompRatio Gauge32, avipsTunnelInPkts Counter32, avipsTunnelInDropTotalPkts Counter32, avipsTunnelInDropAntiReplayPkts Counter32, avipsTunnelInDropHmacFailPkts Counter32, avipsTunnelInDropBadTrailerPkts Counter32, avipsTunnelInDropInvalidIdPkts Counter32, avipsTunnelInDropUnprotectPkts Counter32, avipsTunnelInDropInvalidLenPkts Counter32, avipsTunnelInDropSaExpiredPkts Counter32, avipsTunnelOutOctets Counter32, avipsTunnelOutOctetsWraps Counter32, avipsTunnelOutUncompOctets Counter32, avipsTunnelOutUncompOctetsWraps Counter32, avipsTunnelOutCompRatio Gauge32, avipsTunnelOutPkts Counter32, avipsTunnelOutDropTotalPkts Counter32, avipsTunnelOutDropNoSaPkts Counter32, avipsTunnelOutDropSeqRolPkts Counter32, avipsTunnelOutDropSaExpiredPkts Counter32 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.1 avipsTunnelPeerLocalId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A synthetic ID that uniquely identifies the local peer for monitoring purpose. Note that this ID is persistent for this peer. " ::= { avipsTunnelEntry 1 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.2 avipsTunnelPeerRemoteId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A synthetic ID that uniquely identifies the remote peer for monitoring purpose. Note that this ID is persistent for this peer." ::= { avipsTunnelEntry 2 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.3 avipsTunnelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ID of the crypto-list containing the rule that creates this tunnel. This is also the fifth index component of this table." ::= { avipsTunnelEntry 3 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.4 avipsTunnelSubIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the crypto-list rule that creates this tunnel. This is also the sixth index component of this table." ::= { avipsTunnelEntry 4 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.5 avipsTunnelPeerLocalType OBJECT-TYPE SYNTAX IsakmpIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the local peer identity, as it was configured. If the local peer ID was configured as an interface name, the value of this object shall be ifName. This is also the first index component of this table." ::= { avipsTunnelEntry 5 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.6 avipsTunnelPeerLocalValue OBJECT-TYPE SYNTAX IsakmpIdentityValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is an interface name, then this is the name of the interface which IP is used to identify the local peer. If the local peer type is a fqdn, then this is the fqdn used to identify the local peer. This is also the second index component of this table." ::= { avipsTunnelEntry 6 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.7 avipsTunnelPeerRemoteType OBJECT-TYPE SYNTAX IsakmpIdentityType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the remote peer identity. This is also the third index component of this table." ::= { avipsTunnelEntry 7 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.8 avipsTunnelPeerRemoteValue OBJECT-TYPE SYNTAX IsakmpIdentityValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a fqdn, then this is the fqdn used to identify the remote peer. This is also the fourth index component of this table." ::= { avipsTunnelEntry 8 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.9 avipsTunnelDescription OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Free text describing this tunnel. The value of this field is taken from the description specified for the crypto-list rule that creates this tunnel." ::= { avipsTunnelEntry 9 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.10 avipsTunnelLocalAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the local peer." ::= { avipsTunnelEntry 10 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.11 avipsTunnelRemoteAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the remote peer." ::= { avipsTunnelEntry 11 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.12 avipsTunnelProxyLocalSubnet OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The local subnet address this tunnel protects." ::= { avipsTunnelEntry 12 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.13 avipsTunnelProxyLocalMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The local subnet mask this tunnel protects." ::= { avipsTunnelEntry 13 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.14 avipsTunnelProxyRemoteSubnet OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The remote subnet address this tunnel protects." ::= { avipsTunnelEntry 14 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.15 avipsTunnelProxyRemoteMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The remote subnet mask this tunnel protects." ::= { avipsTunnelEntry 15 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.16 avipsTunnelState OBJECT-TYPE SYNTAX INTEGER { closed(1), inProgress(2), established(3), failed(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the state of this tunnel. 1. closed - The tunnel does not exist between the peers because it was not negotiated yet, or because last tunnel closed normally due to hard timeout, clear by admin or DELETE received from the remote peer. This is also the initial state of the row when it is created. 2. inProgress - The tunnel does not exist between peers, but it is currently being negotiated in IKE Quick Mode. 3. established - The tunnel exists between peers. 4. failed - The tunnel does not exist between peers because of a failure: 1. Last time we tried to establish this tunnel the negotiation failed. 2. The connection with the remote peer has failed due to one of the following, and hence all the corresponding ipsec tunnels were closed: a. Last time we tried to establish IKE the negotiation failed. b. During last connection a track object signaled a connection failure. c. The interface used for local-address does not have an IP address asigned to it 1 minute or more after this row was created. NOTE: The word 'tunnel' in this context refers to 1 or more IPSec SAs (ESP or AH) between the peers, pertaining to the proxy addresses specified in this entry. As long as there is at least 1 SA established, the tunnel state shall remain 'established'. " ::= { avipsTunnelEntry 16 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.17 avipsTunnelStateLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "sysUpTime when the last change in avipsTunnelState occured, in hundredths of a second." ::= { avipsTunnelEntry 17 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.18 avipsTunnelLastCntrsReset OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "sysUpTime when last counter reset for this tunnel occured, in hundredths of a second. Counters are zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 18 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.19 avipsTunnelInOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets (bytes) successfully received through this IPSec tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelInOctetsWraps for the number of times this counter has wrapped." ::= { avipsTunnelEntry 19 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.20 avipsTunnelInOctetsWraps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times avipsTunnelInOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 20 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.21 avipsTunnelInDecompOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of decompressed octets (bytes) successfully received through this IPsec Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of avipsTunnelInOctets. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelInDecompOctetsWraps for the number of times this counter has wrapped." ::= { avipsTunnelEntry 21 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.22 avipsTunnelInDecompOctetsWraps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times avipsTunnelInDecompOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 22 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.23 avipsTunnelInDecompRatio OBJECT-TYPE SYNTAX Gauge32 UNITS "Ratio * 100" MAX-ACCESS read-only STATUS current DESCRIPTION "The overall decompression ratio * 100. This is the ratio between the number of octets received after decompression and the number of octets received before decompression. It is calculated as the integer of {[(avipsTunnelInDecompOctetsWraps*2^32 + avipsTunnelInDecompOctets) / (avipsTunnelInOctetsWraps*2^32 + avipsTunnelInOctets)] * 100}" ::= { avipsTunnelEntry 23 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.24 avipsTunnelInPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets succesfully received through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 24 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.25 avipsTunnelInDropTotalPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets discarded after being received through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 25 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.26 avipsTunnelInDropAntiReplayPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded after being received through this tunnel due to anti-replay verification failure. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 26 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.27 avipsTunnelInDropHmacFailPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded after being received through this tunnel due to HMAC verification failure. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 27 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.28 avipsTunnelInDropBadTrailerPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded after being received through this tunnel due to bad ESP trailer format received failure. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 28 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.29 avipsTunnelInDropInvalidIdPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded after being received through this tunnel due to invalid identity: inner (original) IP header address doesn't match the configured tunnel proxy IPs. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 29 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.30 avipsTunnelInDropUnprotectPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded after being received in the clear (unprotected) although they were expected to arrive protected by this tunnel (i.e. unprotected packets with source and destination IP matching the proxy IPs of this tunnel). This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 30 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.31 avipsTunnelInDropInvalidLenPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded after being received through this tunnel due to length being not aligned to cipher block. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 31 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.32 avipsTunnelInDropSaExpiredPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded after being received through this tunnel due to SA KB lifetime being smaller then the external IP packet total length. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 32 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.33 avipsTunnelOutOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of octets (bytes) successfully transmitted through this IPSec tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelOutOctetsWraps for the number of times this counter has wrapped." ::= { avipsTunnelEntry 33 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.34 avipsTunnelOutOctetsWraps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times avipsTunnelOutOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 34 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.35 avipsTunnelOutUncompOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of uncompressed octets (bytes) successfully transmitted through this IPsec Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of avipsTunnelOutOctets. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelOutUncompOctetsWraps for the number of times this counter has wrapped." ::= { avipsTunnelEntry 35 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.36 avipsTunnelOutUncompOctetsWraps OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times avipsTunnelInDecompOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 36 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.37 avipsTunnelOutCompRatio OBJECT-TYPE SYNTAX Gauge32 UNITS "Ratio * 100" MAX-ACCESS read-only STATUS current DESCRIPTION "The overall compression ratio * 100. This is the ratio between the number of outbound octets before compression and the number of outbound octets after compression. It is calculated as the integer of {[(avipsTunnelOutUncompOctetsWraps*2^32 + avipsTunnelOutUncompOctets) / (avipsTunnelOutOctetsWraps*2^32 + avipsTunnelOutOctets)]* 100}" ::= { avipsTunnelEntry 37 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.38 avipsTunnelOutPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets succesfully transmitted through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 38 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.39 avipsTunnelOutDropTotalPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets dropped before being transmitted through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 39 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.40 avipsTunnelOutDropNoSaPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets dropped before being transmitted through this tunnel due to no IPSec SA existed when the packet arrived. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 40 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.41 avipsTunnelOutDropSeqRolPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets dropped before being transmitted through this tunnel due to sequence number rollover: the sequence number of the IPSec SA reached its capacity. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 41 } -- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.42 avipsTunnelOutDropSaExpiredPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets dropped before being transmitted through this tunnel due to SA expired: SA KB lifetime is smaller then the external IP packet total length. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config)." ::= { avipsTunnelEntry 42 } -- 1.3.6.1.4.1.6889.2.6.1.2 avipsMIBNotificationPrefix OBJECT IDENTIFIER ::= { avayaIpsecMib 2 } -- 1.3.6.1.4.1.6889.2.6.1.2.0 avipsMIBNotifications OBJECT IDENTIFIER ::= { avipsMIBNotificationPrefix 0 } -- 1.3.6.1.4.1.6889.2.6.1.2.0.1 avipsIskampEstablished NOTIFICATION-TYPE OBJECTS { avipsPeerLocalAddress, avipsPeerRemoteAddress, avipsPeerIsakmpStateLastChange, avipsPeerRemoteDescription } STATUS current DESCRIPTION "This notification is sent whenever avipsPeerIsakmpState moves into the 'established' state." ::= { avipsMIBNotifications 1 } -- 1.3.6.1.4.1.6889.2.6.1.2.0.2 avipsIskampClosed NOTIFICATION-TYPE OBJECTS { avipsPeerLocalAddress, avipsPeerRemoteAddress, avipsPeerIsakmpStateLastChange, avipsPeerRemoteDescription } STATUS current DESCRIPTION "This notification is sent whenever avipsPeerIsakmpState moves into the 'closed' state, excluding during row creation." ::= { avipsMIBNotifications 2 } -- 1.3.6.1.4.1.6889.2.6.1.2.0.3 avipsIskampFailed NOTIFICATION-TYPE OBJECTS { avipsPeerLocalAddress, avipsPeerRemoteAddress, avipsPeerIsakmpStateLastChange, avipsPeerRemoteDescription } STATUS current DESCRIPTION "This notification is sent whenever avipsPeerIsakmpState moves into the 'failed' state." ::= { avipsMIBNotifications 3 } -- 1.3.6.1.4.1.6889.2.6.1.2.0.4 avipsIpsecTunnelEstablished NOTIFICATION-TYPE OBJECTS { avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, avipsTunnelProxyRemoteSubnet, avipsTunnelProxyRemoteMask, avipsTunnelStateLastChange, avipsTunnelDescription } STATUS current DESCRIPTION "This notification is sent whenever avipsTunnelState moves into the 'established' state." ::= { avipsMIBNotifications 4 } -- 1.3.6.1.4.1.6889.2.6.1.2.0.5 avipsIpsecTunnelClosed NOTIFICATION-TYPE OBJECTS { avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, avipsTunnelProxyRemoteSubnet, avipsTunnelProxyRemoteMask, avipsTunnelStateLastChange, avipsTunnelDescription } STATUS current DESCRIPTION "This notification is sent whenever avipsTunnelState moves into the 'closed' state, excluding during row creation." ::= { avipsMIBNotifications 5 } -- 1.3.6.1.4.1.6889.2.6.1.2.0.6 avipsIpsecTunnelFailed NOTIFICATION-TYPE OBJECTS { avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, avipsTunnelProxyRemoteSubnet, avipsTunnelProxyRemoteMask, avipsTunnelStateLastChange, avipsTunnelDescription } STATUS current DESCRIPTION "This notification is sent whenever avipsTunnelState moves into the 'failed' state." ::= { avipsMIBNotifications 6 } -- 1.3.6.1.4.1.6889.2.6.1.3 avipsMIBConformance OBJECT IDENTIFIER ::= { avayaIpsecMib 3 } -- 1.3.6.1.4.1.6889.2.6.1.3.1 avipsMIBGroups OBJECT IDENTIFIER ::= { avipsMIBConformance 1 } -- 1.3.6.1.4.1.6889.2.6.1.3.1.1 avipsConfigurationGroup OBJECT-GROUP OBJECTS { avipsGlobalsInvalidSpiRecovery, avipsNatTEnabled, avipsNatTKeepaliveInterval, avipsIsakmpPeerDescription, avipsIsakmpPeerIsaPlcyId1, avipsIsakmpPeerSelfIdType, avipsIsakmpPeerSelfId, avipsIsakmpPeerKeepaliveMetric, avipsIsakmpPeerKeepaliveInterval, avipsIsakmpPeerKeepaliveRetryInterval, avipsIsakmpPeerKeepaliveTrackId, avipsIsakmpPeerContChannel, avipsIsakmpPeerRowStatus, avipsPeerGroupPeersPIdType, avipsPeerGroupPeersPIdValue, avipsPeerGroupPeersRowStatus, avipsIsakmpPlcyDescription, avipsIsakmpPlcyDhGroup, avipsIsakmpPlcyEncrAlgo, avipsIsakmpPlcyHashAlgo, avipsIsakmpPlcyLifetime, avipsIsakmpPlcyAuth, avipsIsakmpPlcyRowStatus, avipsCryptoMapDescription, avipsCryptoMapPeerIdType, avipsCryptoMapPeerIdValue, avipsCryptoMapTranSetName1, avipsCryptoMapIsReady, avipsCryptoMapTunnelDscp, avipsCryptoMapContChannel, avipsCryptoMapRowStatus, avipsTranSetEspEncrTran, avipsTranSetEspHashTran, avipsTranSetLifetime, avipsTranSetLifesize, avipsTranSetPfsGroup, avipsTranSetEncapMode, avipsTranSetEspCompTran, avipsTranRowStatus, avipsCryptoEngineAccelEnabled, avipsIsakmpPeerInitiateMode } STATUS current DESCRIPTION "This group consists of: 1) Global configuration objects. 2) Isakmp configuration objects. 3) IPsec configuration objects." ::= { avipsMIBGroups 1 } -- 1.3.6.1.4.1.6889.2.6.1.3.1.2 avipsMonitorGroup OBJECT-GROUP OBJECTS { avipsMonitorRstCntrs, avipsMonitorRstCntrsLastChange, avipsPeerRemoteDescription, avipsPeerLocalAddress, avipsPeerRemoteAddress, avipsPeerIsakmpState, avipsPeerIsakmpStateLastChange, avipsPeerInOctets, avipsPeerInOctetsWraps, avipsPeerInPkts, avipsPeerInDropPkts, avipsPeerOutOctets, avipsPeerOutOctetsWraps, avipsPeerOutPkts, avipsPeerOutDropPkts, avipsTunnelDescription, avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, avipsTunnelProxyRemoteSubnet, avipsTunnelProxyRemoteMask, avipsTunnelState, avipsTunnelStateLastChange, avipsTunnelInOctets, avipsTunnelInOctetsWraps, avipsTunnelInPkts, avipsTunnelInDropAntiReplayPkts, avipsTunnelInDropHmacFailPkts, avipsTunnelInDropBadTrailerPkts, avipsTunnelInDropInvalidIdPkts, avipsTunnelInDropUnprotectPkts, avipsTunnelInDropInvalidLenPkts, avipsTunnelInDropSaExpiredPkts, avipsTunnelOutOctets, avipsTunnelOutOctetsWraps, avipsTunnelOutPkts, avipsTunnelOutDropNoSaPkts, avipsTunnelOutDropSeqRolPkts, avipsTunnelOutDropSaExpiredPkts, avipsTunnelLastCntrsReset, avipsPeerRemotePeerGrpActiveIdValue, avipsPeerTunnelsClosed, avipsPeerTunnelsInProgress, avipsPeerTunnelsEstablished, avipsPeerTunnelsFailed, avipsTunnelInDecompOctets, avipsTunnelInDecompOctetsWraps, avipsTunnelOutUncompOctets, avipsTunnelOutUncompOctetsWraps, avipsPeerInDecompOctets, avipsPeerInDecompOctetsWraps, avipsPeerOutUncompOctetsWraps, avipsPeerOutUncompOctets, avipsPeerInDecompRatio, avipsPeerOutCompRatio, avipsTunnelInDecompRatio, avipsTunnelOutCompRatio, avipsPeerLocalType, avipsPeerLocalValue, avipsPeerRemoteType, avipsPeerRemoteValue, avipsTunnelPeerLocalType, avipsTunnelPeerLocalValue, avipsTunnelPeerRemoteType, avipsTunnelPeerRemoteValue, avipsPeerRemotePeerGrpActiveIdType, avipsPeerRemotePeerGrpActiveIndex, avipsTunnelInDropTotalPkts, avipsTunnelOutDropTotalPkts } STATUS current DESCRIPTION "This group consists of: 1) Global monitoring objects. 2) Peer monitoring objects. 3) IPSec tunnels monitoring objects." ::= { avipsMIBGroups 2 } -- 1.3.6.1.4.1.6889.2.6.1.3.2 avipsMIBCompliances OBJECT IDENTIFIER ::= { avipsMIBConformance 2 } -- 1.3.6.1.4.1.6889.2.6.1.3.2.1 avipsMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities the IP Security Protocol." MODULE -- this module MANDATORY-GROUPS { avipsConfigurationGroup, avipsMonitorGroup } ::= { avipsMIBCompliances 1 } END -- -- AVAYA-IPSEC-MIB.my --