WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/fscom/FS-IPSEC-MIB

1220 lines
40 KiB
Plaintext
Raw Permalink Blame History

-- ====================================================================
-- Copyright (c) 2011 by FS.COM Inc.. All rights reserved.
--
-- Description: The MIB is designed to get IPSec tunnels' statistic information.
-- Reference: fs Enterprise MIB
-- =====================================================================
FS-IPSEC-MIB DEFINITIONS ::= BEGIN
IMPORTS
DisplayString,TEXTUAL-CONVENTION, TimeStamp
FROM SNMPv2-TC
IpAddress, Integer32, Counter32, Counter64, OBJECT-TYPE,
MODULE-IDENTITY, Gauge32, NOTIFICATION-TYPE, Unsigned32
FROM SNMPv2-SMI
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
fsMgmt
FROM FS-SMI;
fsIPSecMonitor MODULE-IDENTITY
LAST-UPDATED "201102170000Z"
ORGANIZATION
"FS.COM Inc.."
CONTACT-INFO
"Tel: 400-865-2852
E-mail: https://www.fs.com/live_chat_service_mail.html"
DESCRIPTION
"The MIB is designed to get statistic information of
IPSec tunnels. With this MIB, we can get information of a certain
tunnel or all tunnels."
REVISION "201102170000Z"
DESCRIPTION
"Initial version of this MIB module."
::= { fsMgmt 94 }
FSDiffHellmanGrp ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The Diffie Hellman Group used in the IKE and IPSec negotiations.
invalidAlg(2147483647) is defined as invalid value."
SYNTAX INTEGER {
none(0),
modp768(1),
modp1024(2),
invalidMode(2147483647)
}
FSEncapMode ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The encapsulation mode used by an IPSec Phase-2 Tunnel."
SYNTAX INTEGER {
tunnel(1),
transport(2),
invalidMode(2147483647)
}
FSEncryptAlgo ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The encryption algorithm used in the IKE and IPSec negotiations.
invalidAlg(2147483647) is defined as invalid value."
SYNTAX INTEGER {
none(0),
desCbc(2),
threedesCbc(3),
aesCbc(12),
sm1Cbc(128),
invalidAlg(2147483647)
}
FSAuthAlgo ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The authentication algorithm used in the IKE negotiations.
invalidAlg(2147483647) is defined as invalid value."
SYNTAX INTEGER {
none(0),
md5(1),
sha(2),
invalidAlg(2147483647)
}
FSSaProtocol ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The protocol of security association."
SYNTAX INTEGER {
reserved(0),
isakmp(1),
ah(2),
esp(3)
}
FSTunnelProtocol ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The protocol of security association."
SYNTAX INTEGER {
none(0),
icmp(1),
igmp(2),
ip(4),
tcp(6),
udp(17),
esp(50),
ah(51)
}
FSTrafficType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The type of the data flow."
SYNTAX INTEGER {
ipv4Addr(1),
ipv4AddrSubnet(2),
ipv6Addr(3),
ipv6AddrSubnet(4),
ipv4AddrRange(5),
ipv6AddrRange(6)
}
FSIPSecNegoType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The type of key used by an IPSec Phase-2 Tunnel. invalidType(2147483647)
is defined as invalid value."
SYNTAX INTEGER {
ike(1),
manual(2),
invalidType(2147483647)
}
FSIPSecTunnelState ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The state of IPSec tunnel."
SYNTAX INTEGER {
establishing(1),
active(2),
expiring(3)
}
-- ========================================================================
-- Node definitions
-- ========================================================================
--Begin the node of fsIPSecObjects.
fsIPSecObjects OBJECT IDENTIFIER ::= { fsIPSecMonitor 1 }
-- ===============================================
-- Begin the table of fsIPSecTunnelTable.
-- ===============================================
fsIPSecTunnelTable OBJECT-TYPE
SYNTAX SEQUENCE OF FSIPSecTunnelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IPSec Phase-2 Tunnel Table. There is one
entry in this table for each active IPSec Phase-2 Tunnel."
::= { fsIPSecObjects 1 }
fsIPSecTunnelEntry OBJECT-TYPE
SYNTAX FSIPSecTunnelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about fsIPSecTunnelTable."
INDEX { fsIPSecTunRemoteAddr }
::= { fsIPSecTunnelTable 1 }
FSIPSecTunnelEntry ::=
SEQUENCE {
fsIPSecTunIfIndex
Integer32,
fsIPSecTunIndex
Integer32,
fsIPSecTunIKETunnelIndex
Integer32,
fsIPSecTunLocalAddr
IpAddress,
fsIPSecTunRemoteAddr
IpAddress,
fsIPSecTunLocalHostname
DisplayString,
fsIPSecTunRemoteHostname
DisplayString,
fsIPSecTunKeyType
FSIPSecNegoType,
fsIPSecTunEncapMode
FSEncapMode,
fsIPSecTunInitiator
INTEGER,
fsIPSecTunLifeSize
Integer32,
fsIPSecTunLifeTime
Integer32,
fsIPSecTunRemainTime
Integer32,
fsIPSecTunActiveTime
Integer32,
fsIPSecTunCreateTime
TimeStamp,
fsIPSecTunRemainSize
Integer32,
fsIPSecTunTotalRefreshes
Counter32,
fsIPSecTunCurrentSaInstances
Gauge32,
fsIPSecTunInSaEncryptAlgo
FSEncryptAlgo,
fsIPSecTunInSaAhAuthAlgo
FSAuthAlgo,
fsIPSecTunInSaEspAuthAlgo
FSAuthAlgo,
fsIPSecTunDiffHellmanGrp
FSDiffHellmanGrp,
fsIPSecTunOutSaEncryptAlgo
FSEncryptAlgo,
fsIPSecTunOutSaAhAuthAlgo
FSAuthAlgo,
fsIPSecTunOutSaEspAuthAlgo
FSAuthAlgo,
fsIPSecTunMapName
DisplayString,
fsIPSecTunSeqNum
Integer32,
fsIPSecTunStatus
FSIPSecTunnelState
}
fsIPSecTunIfIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The interface index( the ifIndex of ifTable )."
::= { fsIPSecTunnelEntry 1 }
fsIPSecTunIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of IPSec Phase-2 Tunnel Table. The value of
the index is a number which begins at one and is
incremented with each tunnel that is created. The
value of this object will wrap at 2,147,483,647."
::= { fsIPSecTunnelEntry 2 }
fsIPSecTunIKETunnelIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The index of the associated IPSec Phase-1 IKE Tunnel
(IKETunIndex in the IKETunnelTable). 2147483647 is defined as
invalid value. "
::= { fsIPSecTunnelEntry 3 }
fsIPSecTunLocalAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the local peer for the IPSec Phase-2
Tunnel. 0.0.0.0 is defined as invalid value."
::= { fsIPSecTunnelEntry 4 }
fsIPSecTunRemoteAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the remote peer for the IPSec Phase-2
Tunnel. 0.0.0.0 is defined as invalid value."
::= { fsIPSecTunnelEntry 5 }
fsIPSecTunLocalHostname OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Hostname of the local peer for the IPSec Phase-2
Tunnel."
::= { fsIPSecTunnelEntry 6 }
fsIPSecTunRemoteHostname OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Hostname of the remote peer for the IPSec Phase-2
Tunnel. "
::= { fsIPSecTunnelEntry 7 }
fsIPSecTunKeyType OBJECT-TYPE
SYNTAX FSIPSecNegoType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The key negotiate mode used by the IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelEntry 8 }
fsIPSecTunEncapMode OBJECT-TYPE
SYNTAX FSEncapMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The encapsulation mode used by the IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelEntry 9 }
fsIPSecTunInitiator OBJECT-TYPE
SYNTAX INTEGER
{
local(1),
remote(2),
none(2147483647)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The initiator of this IPSec tunnel. Value none is used for manual
IPsec tunnel, for there is no initiator or responder in this method."
::= { fsIPSecTunnelEntry 10 }
fsIPSecTunLifeSize OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The negotiated LifeSize of the IPSec Phase-2 Tunnel in kilobytes.
2147483647 is defined as invalid value."
::= { fsIPSecTunnelEntry 11 }
fsIPSecTunLifeTime OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The negotiated LifeTime of the IPSec Phase-2 Tunnel in seconds.
2147483647 is defined as invalid value."
::= { fsIPSecTunnelEntry 12 }
fsIPSecTunRemainTime OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The remain time of SA in seconds. 2147483647 is defined as invalid
value."
::= { fsIPSecTunnelEntry 13 }
fsIPSecTunActiveTime OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The duration the IPSec Phase-2 Tunnel has been active in
hundredths of seconds. 2147483647 is defined as invalid value."
::= { fsIPSecTunnelEntry 14 }
fsIPSecTunCreateTime OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Time Stamp when the IPSec Phase-2 Tunnel created."
::= { fsIPSecTunnelEntry 15 }
fsIPSecTunRemainSize OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The remain LifeSize of SA in kilobytes. 2147483647 is defined as
invalid value."
::= { fsIPSecTunnelEntry 16 }
fsIPSecTunTotalRefreshes OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of security association refreshing performed."
::= { fsIPSecTunnelEntry 17 }
fsIPSecTunCurrentSaInstances OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of security associations which are currently active
or expiring."
::= { fsIPSecTunnelEntry 18 }
fsIPSecTunInSaEncryptAlgo OBJECT-TYPE
SYNTAX FSEncryptAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The encryption algorithm used by the inbound security association
of the IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelEntry 19 }
fsIPSecTunInSaAhAuthAlgo OBJECT-TYPE
SYNTAX FSAuthAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The authentication algorithm used by the inbound authentication
header (AH) security association of the IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelEntry 20 }
fsIPSecTunInSaEspAuthAlgo OBJECT-TYPE
SYNTAX FSAuthAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The authentication algorithm used by the inbound encapsulation
security protocol(ESP) security association of the IPSec
Phase-2 Tunnel."
::= { fsIPSecTunnelEntry 21 }
fsIPSecTunDiffHellmanGrp OBJECT-TYPE
SYNTAX FSDiffHellmanGrp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Diffie Hellman Group used by the security association of the
IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelEntry 22 }
fsIPSecTunOutSaEncryptAlgo OBJECT-TYPE
SYNTAX FSEncryptAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The encryption algorithm used by the outbound security
association of the IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelEntry 23 }
fsIPSecTunOutSaAhAuthAlgo OBJECT-TYPE
SYNTAX FSAuthAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The authentication algorithm used by the outbound
authentication header (AH) security association of
the IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelEntry 24 }
fsIPSecTunOutSaEspAuthAlgo OBJECT-TYPE
SYNTAX FSAuthAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The authentication algorithm used by the outbound encapsulation
security protocol(ESP) security association of the IPSec
Phase-2 Tunnel."
::= { fsIPSecTunnelEntry 25 }
fsIPSecTunMapName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Map name used by this IPSec tunnel."
::= { fsIPSecTunnelEntry 26 }
fsIPSecTunSeqNum OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The sequence number of policy used by this IPSec tunnel."
::= { fsIPSecTunnelEntry 27 }
fsIPSecTunStatus OBJECT-TYPE
SYNTAX FSIPSecTunnelState
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The status of the IPSec Tunnel."
::= { fsIPSecTunnelEntry 28 }
-- ===============================================
-- Begin the table of fsIPSecTunnelStatTable.
-- ===============================================
fsIPSecTunnelStatTable OBJECT-TYPE
SYNTAX SEQUENCE OF FSIPSecTunnelStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IPSec Phase-2 Tunnel Statistics Table. "
::= { fsIPSecObjects 2 }
fsIPSecTunnelStatEntry OBJECT-TYPE
SYNTAX FSIPSecTunnelStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about fsIPSecTunnelStatTable."
INDEX { fsIPSecTunRemoteAddr }
::= { fsIPSecTunnelStatTable 1 }
FSIPSecTunnelStatEntry ::=
SEQUENCE {
fsIPSecTunInOctets
Counter64,
fsIPSecTunInDecompOctets
Counter64,
fsIPSecTunInPkts
Counter64,
fsIPSecTunInSpeed
Counter64,
fsIPSecTunInDropPkts
Counter64,
fsIPSecTunOutOctets
Counter64,
fsIPSecTunOutUncompOctets
Counter64,
fsIPSecTunOutPkts
Counter64,
fsIPSecTunOutSpeed
Counter64,
fsIPSecTunOutDropPkts
Counter64
}
fsIPSecTunInOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of octets received by this IPSec Phase-2 Tunnel.
This value is accumulated BEFORE determining whether or not the
packet should be decompressed."
::= { fsIPSecTunnelStatEntry 1 }
fsIPSecTunInDecompOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of decompressed octets received by this IPSec
Phase-2 Tunnel. This value is accumulated AFTER the packet
is decompressed."
::= { fsIPSecTunnelStatEntry 2 }
fsIPSecTunInPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets received by this IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelStatEntry 3 }
fsIPSecTunInSpeed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Speed(bps) of packets received by this IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelStatEntry 4 }
fsIPSecTunInDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets dropped during receiving process
by this IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelStatEntry 5 }
fsIPSecTunOutOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of octets sent by this IPSec Phase-2 Tunnel.
This value is accumulated AFTER determining whether or not
the packet should be compressed."
::= { fsIPSecTunnelStatEntry 6 }
fsIPSecTunOutUncompOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of uncompressed octets sent by this IPSec Phase-2
Tunnel.This value is accumulated BEFORE the packet is compressed."
::= { fsIPSecTunnelStatEntry 7 }
fsIPSecTunOutPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets sent by this IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelStatEntry 8 }
fsIPSecTunOutSpeed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Speed(bps) of packets sent by this IPSec Phase-2 Tunnel. "
::= { fsIPSecTunnelStatEntry 9 }
fsIPSecTunOutDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets dropped during sending process
by this IPSec Phase-2 Tunnel."
::= { fsIPSecTunnelStatEntry 10 }
-- ===============================================
-- Begin the table of fsIPSecSaTable.
-- ===============================================
fsIPSecSaTable OBJECT-TYPE
SYNTAX SEQUENCE OF FSIPSecSaEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IPSec Phase-2 Security Protection Index Table. This table
contains an entry for each active and expiring security association."
::= { fsIPSecObjects 3 }
fsIPSecSaEntry OBJECT-TYPE
SYNTAX FSIPSecSaEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about fsIPSecSaTable."
INDEX { fsIPSecTunRemoteAddr }
::= { fsIPSecSaTable 1 }
FSIPSecSaEntry ::=
SEQUENCE {
fsIPSecSaIndex
Integer32,
fsIPSecSaDirection
INTEGER,
fsIPSecSaValue
Unsigned32,
fsIPSecSaProtocol
FSSaProtocol,
fsIPSecSaEncryptAlgo
FSEncryptAlgo,
fsIPSecSaAuthAlgo
FSAuthAlgo,
fsIPSecSaStatus
FSIPSecTunnelState
}
fsIPSecSaIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The number of the Sa associated with the Phase-2 Tunnel
Table. The value of this index is a number which begins
at one and is incremented with each Sa associated with
an IPSec Phase-2 Tunnel. The value of this object will
wrap at 2,147,483,647."
::= { fsIPSecSaEntry 1 }
fsIPSecSaDirection OBJECT-TYPE
SYNTAX INTEGER {
in(1),
out(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The direction of the SA."
::= { fsIPSecSaEntry 2 }
fsIPSecSaValue OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the SPI."
::= { fsIPSecSaEntry 3 }
fsIPSecSaProtocol OBJECT-TYPE
SYNTAX FSSaProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The security protocol of the SA."
::= { fsIPSecSaEntry 4 }
fsIPSecSaEncryptAlgo OBJECT-TYPE
SYNTAX FSEncryptAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The encryption algorithm used by the security association
of the IPSec Phase-2 Tunnel."
::= { fsIPSecSaEntry 5 }
fsIPSecSaAuthAlgo OBJECT-TYPE
SYNTAX FSAuthAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The authentication algorithm used by the SA."
::= { fsIPSecSaEntry 6 }
fsIPSecSaStatus OBJECT-TYPE
SYNTAX FSIPSecTunnelState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The status of the SA."
::= { fsIPSecSaEntry 7 }
-- ===============================================
-- Begin the table of fsIPSecTrafficTable.
-- ===============================================
fsIPSecTrafficTable OBJECT-TYPE
SYNTAX SEQUENCE OF FSIPSecTrafficEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IPSec Phase-2 Tunnel Traffic Table. "
::= { fsIPSecObjects 4 }
fsIPSecTrafficEntry OBJECT-TYPE
SYNTAX FSIPSecTrafficEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about fsIPSecTrafficTable."
INDEX { fsIPSecTunRemoteAddr }
::= { fsIPSecTrafficTable 1 }
FSIPSecTrafficEntry ::=
SEQUENCE {
fsIPSecTrafficLocalType
FSTrafficType,
fsIPSecTrafficLocalAddr1
IpAddress,
fsIPSecTrafficLocalAddr2
IpAddress,
fsIPSecTrafficLocalProtocol
FSTunnelProtocol,
fsIPSecTrafficLocalPort
Integer32,
fsIPSecTrafficLocalHostname
DisplayString,
fsIPSecTrafficRemoteType
FSTrafficType,
fsIPSecTrafficRemoteAddr1
IpAddress,
fsIPSecTrafficRemoteAddr2
IpAddress,
fsIPSecTrafficRemoteProtocol
FSTunnelProtocol,
fsIPSecTrafficRemotePort
Integer32,
fsIPSecTrafficRemoteHostname
DisplayString
}
fsIPSecTrafficLocalType OBJECT-TYPE
SYNTAX FSTrafficType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of local peer. Possible values are: a single
IP address, or an IP address range, or an IP subnet."
::= { fsIPSecTrafficEntry 1 }
fsIPSecTrafficLocalAddr1 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The first specification of local peer's IP address. If
the local peer type is single IP address, then this is the
value of the IP address. If the local peer type is IP subnet,
then this is the value of the subnet. If the local peer type
is IP address range, then this is the value of beginning IP
address of the range."
::= { fsIPSecTrafficEntry 2 }
fsIPSecTrafficLocalAddr2 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The second specification of local peer's IP address. If the local
peer type is single IP address, then this is the value of the
IP address. If the local peer type is IP subnet, then this is
the value of the subnet mask. If the local peer type is IP
address range, then this is the value of ending IP address of
the range."
::= { fsIPSecTrafficEntry 3 }
fsIPSecTrafficLocalProtocol OBJECT-TYPE
SYNTAX FSTunnelProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The protocol number of the local peer's traffic."
::= { fsIPSecTrafficEntry 4 }
fsIPSecTrafficLocalPort OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The port number of the local peer's traffic."
::= { fsIPSecTrafficEntry 5 }
fsIPSecTrafficLocalHostname OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Hostname of local peer's IP address."
::= { fsIPSecTrafficEntry 6 }
fsIPSecTrafficRemoteType OBJECT-TYPE
SYNTAX FSTrafficType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of remote peer. Possible values are: a single
IP address, or an IP address range, or an IP subnet."
::= { fsIPSecTrafficEntry 7 }
fsIPSecTrafficRemoteAddr1 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The first specification of remote peer's IP address.
If the remote peer type is single IP address, then
this is the value of the IP address. If the remote
peer type is IP subnet, then this is the value
of the subnet. If the remote peer type is IP
address range, then this is the value of beginning
IP address of the range."
::= { fsIPSecTrafficEntry 8 }
fsIPSecTrafficRemoteAddr2 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Single IP address, then this is the value of the IP
address. If the remote peer type is IP subnet,
then this is the value of the subnet mask. If the
remote peer type is IP address range, then this
is the value of ending IP address of the range."
::= { fsIPSecTrafficEntry 9 }
fsIPSecTrafficRemoteProtocol OBJECT-TYPE
SYNTAX FSTunnelProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The protocol number of the remote peer's traffic."
::= { fsIPSecTrafficEntry 10 }
fsIPSecTrafficRemotePort OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The port number of the remote peer's traffic."
::= { fsIPSecTrafficEntry 11 }
fsIPSecTrafficRemoteHostname OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Hostname of remote peer's IP address."
::= { fsIPSecTrafficEntry 12 }
-- ===============================================
-- Begin the fsIPSecGlobalStats.
-- ===============================================
fsIPSecGlobalStats OBJECT IDENTIFIER ::= { fsIPSecObjects 5 }
fsIPSecGlobalActiveTunnels OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of currently active IPSec Phase-2 Tunnels."
::= { fsIPSecGlobalStats 1 }
fsIPSecGlobalActiveSas OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of currently active or expiring IPSec Phase-2 SA."
::= { fsIPSecGlobalStats 2 }
fsIPSecGlobalInOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of octets received by all current and previous
IPSec Phase-2 Tunnels. This value is accumulated BEFORE determining
whether or not the packet should be decompressed."
::= { fsIPSecGlobalStats 3 }
fsIPSecGlobalInPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets received by all current and
previous IPSec Phase-2 Tunnels."
::= { fsIPSecGlobalStats 4 }
fsIPSecGlobalInSpeed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total speed(bps) of packets received by all current and
previous IPSec Phase-2 Tunnels."
::= { fsIPSecGlobalStats 5 }
fsIPSecGlobalInDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets dropped during receiving
process by all current and previous IPSec Phase-2
Tunnels. "
::= { fsIPSecGlobalStats 6 }
fsIPSecGlobalOutOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of octets sent by all current and previous
IPSec Phase-2 Tunnels. This value is accumulated AFTER
determining whether or not the packet should be compressed."
::= { fsIPSecGlobalStats 7 }
fsIPSecGlobalOutPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets sent by all current and previous
IPSec Phase-2 Tunnels."
::= { fsIPSecGlobalStats 8 }
fsIPSecGlobalOutSpeed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total speed(bps) of packets sent by all current and previous
IPSec Phase-2 Tunnels."
::= { fsIPSecGlobalStats 9 }
fsIPSecGlobalOutDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets dropped during sending process
by all current and previous IPSec Phase-2 Tunnels."
::= { fsIPSecGlobalStats 10 }
-- ===============================================
-- Begin the fsIPSecTrapObject.
-- ===============================================
fsIPSecTrapObject OBJECT IDENTIFIER ::= { fsIPSecObjects 6 }
fsIPSecMapName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The IPSec map name with a trap."
::= { fsIPSecTrapObject 1 }
fsIPSecSeqNum OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The IPSec map sequence number with a trap."
::= { fsIPSecTrapObject 2 }
fsIPSecSpiValue OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The SPI value associated with a trap."
::= { fsIPSecTrapObject 3 }
-- ===============================================
-- definition of traps.
-- ===============================================
fsIPSecTrap OBJECT IDENTIFIER ::= { fsIPSecObjects 7 }
fsIPSecNotifications OBJECT IDENTIFIER ::= { fsIPSecTrap 1 }
fsIPSecTunnelStart NOTIFICATION-TYPE
OBJECTS { fsIPSecTunLocalAddr,
fsIPSecTunRemoteAddr,
fsIPSecTunLocalHostname,
fsIPSecTunRemoteHostname,
fsIPSecTunLifeTime,
fsIPSecTunLifeSize
}
STATUS current
DESCRIPTION
"This notification is generated when an IPSec Phase-2
Tunnel is created."
::= { fsIPSecNotifications 1 }
fsIPSecTunnelStop NOTIFICATION-TYPE
OBJECTS { fsIPSecTunLocalAddr,
fsIPSecTunRemoteAddr,
fsIPSecTunLocalHostname,
fsIPSecTunRemoteHostname,
fsIPSecTunActiveTime
}
STATUS current
DESCRIPTION
"This notification is generated when an IPSec Phase-2
Tunnel is deleted."
::= { fsIPSecNotifications 2 }
-- ===============================================
-- Conformance Information
-- ===============================================
fsIPSecConformance OBJECT IDENTIFIER
::= { fsIPSecMonitor 2 }
fsIPSecCompliances OBJECT IDENTIFIER
::= { fsIPSecConformance 1 }
fsIPSecGroups OBJECT IDENTIFIER
::= { fsIPSecConformance 2 }
-- ===============================================
-- Compliance Statements
-- ===============================================
fsIPSecCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
" "
MODULE -- this module
MANDATORY-GROUPS
{
fsIPSecTunnelTableGroup,
fsIPSecTunnelStatGroup,
fsIPSecSaGroup,
fsIPSecTrafficTableGroup,
fsIPSecGlobalStatsGroup,
fsIPSecTrapObjectGroup,
fsIPSecTrapGroup
}
::= { fsIPSecCompliances 1 }
fsIPSecTunnelTableGroup OBJECT-GROUP
OBJECTS {
fsIPSecTunIKETunnelIndex,
fsIPSecTunLocalAddr,
fsIPSecTunRemoteAddr,
fsIPSecTunLocalHostname,
fsIPSecTunRemoteHostname,
fsIPSecTunKeyType,
fsIPSecTunEncapMode,
fsIPSecTunInitiator,
fsIPSecTunLifeSize,
fsIPSecTunLifeTime,
fsIPSecTunRemainTime,
fsIPSecTunActiveTime,
fsIPSecTunRemainSize,
fsIPSecTunTotalRefreshes,
fsIPSecTunCurrentSaInstances,
fsIPSecTunInSaEncryptAlgo,
fsIPSecTunInSaAhAuthAlgo,
fsIPSecTunInSaEspAuthAlgo,
fsIPSecTunDiffHellmanGrp,
fsIPSecTunOutSaEncryptAlgo,
fsIPSecTunOutSaAhAuthAlgo,
fsIPSecTunOutSaEspAuthAlgo,
--fsIPSecTunPolicyName,
--fsIPSecTunPolicyNum,
fsIPSecTunStatus
}
STATUS current
DESCRIPTION
"The group contains the IPSec tunnel's property information."
::= { fsIPSecGroups 1 }
fsIPSecTunnelStatGroup OBJECT-GROUP
OBJECTS {
fsIPSecTunInOctets,
fsIPSecTunInDecompOctets,
fsIPSecTunInPkts,
fsIPSecTunInSpeed,
fsIPSecTunInDropPkts,
fsIPSecTunOutOctets,
fsIPSecTunOutUncompOctets,
fsIPSecTunOutPkts,
fsIPSecTunOutSpeed,
fsIPSecTunOutDropPkts
}
STATUS current
DESCRIPTION
"The group contains the IPSec tunnel's statistic information."
::= { fsIPSecGroups 2 }
fsIPSecSaGroup OBJECT-GROUP
OBJECTS {
fsIPSecSaDirection,
fsIPSecSaValue,
fsIPSecSaProtocol,
fsIPSecSaEncryptAlgo,
fsIPSecSaAuthAlgo,
fsIPSecSaStatus
}
STATUS current
DESCRIPTION
"The group contains the SA's property information."
::= { fsIPSecGroups 3 }
fsIPSecTrafficTableGroup OBJECT-GROUP
OBJECTS {
fsIPSecTrafficLocalType,
fsIPSecTrafficLocalAddr1,
fsIPSecTrafficLocalAddr2,
fsIPSecTrafficLocalProtocol,
fsIPSecTrafficLocalPort,
fsIPSecTrafficLocalHostname,
fsIPSecTrafficRemoteType,
fsIPSecTrafficRemoteAddr1,
fsIPSecTrafficRemoteAddr2,
fsIPSecTrafficRemoteProtocol,
fsIPSecTrafficRemotePort,
fsIPSecTrafficRemoteHostname
}
STATUS current
DESCRIPTION
"The group contains the property information of the
data flow protected by IPSec tunnel."
::= { fsIPSecGroups 4 }
fsIPSecGlobalStatsGroup OBJECT-GROUP
OBJECTS {
fsIPSecGlobalActiveTunnels,
fsIPSecGlobalActiveSas,
fsIPSecGlobalInOctets,
fsIPSecGlobalInPkts,
fsIPSecGlobalInDrops,
fsIPSecGlobalInSpeed,
fsIPSecGlobalOutOctets,
fsIPSecGlobalOutPkts,
fsIPSecGlobalOutDrops,
fsIPSecGlobalOutSpeed
}
STATUS current
DESCRIPTION
"The group contains all of the IPSec tunnel's statistic
information."
::= { fsIPSecGroups 5 }
fsIPSecTrapObjectGroup OBJECT-GROUP
OBJECTS {
fsIPSecMapName,
fsIPSecSeqNum,
fsIPSecSpiValue
}
STATUS current
DESCRIPTION
"The group contains all of trap objects of IPSec tunnels."
::= { fsIPSecGroups 6 }
fsIPSecTrapGroup NOTIFICATION-GROUP
NOTIFICATIONS {
fsIPSecTunnelStart,
fsIPSecTunnelStop
}
STATUS current
DESCRIPTION
"The group contains all of trap of IPSec tunnels."
::= { fsIPSecGroups 7 }
END
View Git Blame Copy Permalink