1507 lines
48 KiB
Plaintext
1507 lines
48 KiB
Plaintext
--------------------------------------------------------------------------------
|
|
--ACMEPACKET-SECURITY-MIB: Acme Packet SECURITY MIB file
|
|
--
|
|
--April 2008
|
|
--
|
|
--Copyright (c) by Acme Packet, Inc.
|
|
--All rights reserved.
|
|
--------------------------------------------------------------------------------
|
|
--This MIB provides a means to gather information about the
|
|
--Acme Management Interface running at the Net-Net SBC
|
|
--
|
|
|
|
APSECURITY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32,
|
|
IpAddress, Unsigned32, Counter32
|
|
FROM SNMPv2-SMI
|
|
OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
DisplayString, TruthValue
|
|
FROM SNMPv2-TC
|
|
acmepacketMgmt
|
|
FROM ACMEPACKET-SMI
|
|
InetAddress, InetAddressType, InetPortNumber
|
|
FROM INET-ADDRESS-MIB;
|
|
|
|
apSecurityModule MODULE-IDENTITY
|
|
LAST-UPDATED "201207160000Z"
|
|
ORGANIZATION "Acme Packet, Inc"
|
|
CONTACT-INFO " Customer Service
|
|
Postal: Acme Packet, Inc
|
|
100 Crosby Drive
|
|
Bedford, MA 01730
|
|
US
|
|
Tel: 1-781-328-4400
|
|
E-mail: support@acmepacket.com"
|
|
DESCRIPTION "The Net-Net SECURITY MIB for Acme Packet"
|
|
REVISION "201207160000Z"
|
|
DESCRIPTION "Updated contact info"
|
|
::= { acmepacketMgmt 9 }
|
|
|
|
apSecurityMIBObjects OBJECT IDENTIFIER ::= { apSecurityModule 1 }
|
|
|
|
apSecurityIPsecTunCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "tunnels"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPsec tunnels currently in progress."
|
|
::= { apSecurityMIBObjects 1 }
|
|
|
|
apSecurityIPsecTunCapPct OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..100)
|
|
UNITS "%"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The percentage of licensed IPsec tunnels currently in progress."
|
|
::= { apSecurityMIBObjects 2 }
|
|
|
|
apSecurityIkeInterfaceStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ApSecurityIkeInterfaceStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of Ike statistics per ike-interface for IKE negotiations."
|
|
::= { apSecurityMIBObjects 3 }
|
|
apSecurityIkeInterfaceStatsEntry OBJECT-TYPE
|
|
SYNTAX ApSecurityIkeInterfaceStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IKE negotiation statistics for an IKE-interface."
|
|
INDEX { apSecurityIkeInterfaceType, apSecurityIkeInterfaceAddress }
|
|
::= { apSecurityIkeInterfaceStatsTable 1 }
|
|
|
|
ApSecurityIkeInterfaceStatsEntry ::=
|
|
SEQUENCE {
|
|
apSecurityIkeInterfaceType InetAddressType,
|
|
apSecurityIkeInterfaceAddress InetAddress,
|
|
apSecurityIkeInterfaceCpuOverloadErrors Unsigned32,
|
|
apSecurityIkeInterfaceInitCookieErrors Unsigned32,
|
|
apSecurityIkeInterfaceAuthErrors Unsigned32,
|
|
apSecurityIkeInterfaceEapAccessRequestErrors Unsigned32,
|
|
apSecurityIkeInterfaceEapAccessChallengeErrors Unsigned32,
|
|
apSecurityIkeInterfaceTsErrors Unsigned32,
|
|
apSecurityIkeInterfaceCpErrors Unsigned32,
|
|
apSecurityIkeInterfaceKeErrors Unsigned32,
|
|
apSecurityIkeInterfaceProposalErrors Unsigned32,
|
|
apSecurityIkeInterfaceSyntaxErrors Unsigned32,
|
|
apSecurityIkeInterfaceCriticalPayloadErrors Unsigned32,
|
|
apSecurityIkeInterfaceAuthFailureTca Unsigned32,
|
|
apSecurityIkeInterfaceTunnelRemovalsTca Unsigned32,
|
|
apSecurityIkeInterfaceDpdTca Unsigned32
|
|
}
|
|
|
|
apSecurityIkeInterfaceType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPAddress type of the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 1 }
|
|
|
|
apSecurityIkeInterfaceAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPAddress of the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 2 }
|
|
|
|
apSecurityIkeInterfaceCpuOverloadErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of CPU overload rejections on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 3 }
|
|
|
|
apSecurityIkeInterfaceInitCookieErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of IKE COOKIE errors on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 4 }
|
|
|
|
apSecurityIkeInterfaceAuthErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of IKE AUTH payload errors on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 5 }
|
|
|
|
apSecurityIkeInterfaceEapAccessRequestErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of IKE EAP access request errors on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 6 }
|
|
|
|
apSecurityIkeInterfaceEapAccessChallengeErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of IKE EAP access challenge errors on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 7 }
|
|
|
|
apSecurityIkeInterfaceTsErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of IKE TS errors on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 8 }
|
|
|
|
apSecurityIkeInterfaceCpErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of IKE config payload errors on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 9 }
|
|
|
|
apSecurityIkeInterfaceKeErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of IKE KE errors on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 10 }
|
|
|
|
apSecurityIkeInterfaceProposalErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of IKE proposal payload errors on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 11 }
|
|
|
|
apSecurityIkeInterfaceSyntaxErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of IKE Syntax errors on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 12 }
|
|
|
|
apSecurityIkeInterfaceCriticalPayloadErrors OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of IKE critical payload errors on the IKE-interface"
|
|
::= { apSecurityIkeInterfaceStatsEntry 13 }
|
|
|
|
apSecurityIkeInterfaceAuthFailureTca OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Dummy object for the IKE authentication failure TCA"
|
|
::= { apSecurityIkeInterfaceStatsEntry 14 }
|
|
|
|
apSecurityIkeInterfaceTunnelRemovalsTca OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Dummy object for the IPsec tunnel removals TCA"
|
|
::= { apSecurityIkeInterfaceStatsEntry 15 }
|
|
|
|
apSecurityIkeInterfaceDpdTca OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Dummy object for the IKE dead peer detection TCA"
|
|
::= { apSecurityIkeInterfaceStatsEntry 16 }
|
|
|
|
apSecurityTacacsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ApSecurityTacacsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of all tacacs, including the system-wide
|
|
consolidated license (always index 1)"
|
|
::= { apSecurityMIBObjects 4 }
|
|
|
|
apSecurityTacacsEntry OBJECT-TYPE
|
|
SYNTAX ApSecurityTacacsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table of all licenses"
|
|
INDEX { apSecurityTacacsIndex }
|
|
::= { apSecurityTacacsTable 1}
|
|
|
|
|
|
ApSecurityTacacsEntry ::=
|
|
SEQUENCE {
|
|
apSecurityTacacsIndex Integer32 (1..2147483647),
|
|
apSecurityTacacsServer DisplayString,
|
|
apSecurityTacacsCliCommands Unsigned32,
|
|
apSecurityTacacsSuccessAuthentication Unsigned32,
|
|
apSecurityTacacsFailureAuthentication Unsigned32,
|
|
apSecurityTacacsSuccessAuthorization Unsigned32,
|
|
apSecurityTacacsFailureAuthorization Unsigned32
|
|
}
|
|
|
|
apSecurityTacacsIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique index for the tacacs table. "
|
|
::= { apSecurityTacacsEntry 1 }
|
|
|
|
|
|
apSecurityTacacsServer OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Server for last transaction"
|
|
::= { apSecurityTacacsEntry 2 }
|
|
|
|
apSecurityTacacsCliCommands OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of CLI commands sent for TACACS+ accounting"
|
|
::= { apSecurityTacacsEntry 3 }
|
|
|
|
apSecurityTacacsSuccessAuthentication OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of successful TACACS+ authentication requests"
|
|
::= { apSecurityTacacsEntry 4 }
|
|
|
|
apSecurityTacacsFailureAuthentication OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of failed TACACS+ authentication requests"
|
|
::= { apSecurityTacacsEntry 5 }
|
|
|
|
apSecurityTacacsSuccessAuthorization OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of successful TACACS+ authorization requests"
|
|
::= { apSecurityTacacsEntry 6 }
|
|
|
|
apSecurityTacacsFailureAuthorization OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of failed TACACS+ authorization requests"
|
|
::= { apSecurityTacacsEntry 7 }
|
|
|
|
apSecurityOCSRIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"OCSR server IP address."
|
|
::= { apSecurityMIBObjects 5 }
|
|
|
|
apSecurityOCSRHostname OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "OCSR server hostname."
|
|
::= { apSecurityMIBObjects 6 }
|
|
|
|
apSecurityCrlIssuer OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "CRL issuer name."
|
|
::= { apSecurityMIBObjects 7 }
|
|
|
|
apSecurityCspName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "Cert-status-profile object name for fetching the CRL.
|
|
If the CRL is just loaded from local file, then it is
|
|
specified as file"
|
|
::= { apSecurityMIBObjects 8 }
|
|
|
|
apSecurityIkeInterfaceInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ApSecurityIkeInterfaceInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of Ike Info per ike-interface for IKE negotiations."
|
|
::= { apSecurityMIBObjects 9 }
|
|
|
|
apSecurityIkeInterfaceInfoEntry OBJECT-TYPE
|
|
SYNTAX ApSecurityIkeInterfaceInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "IKE info for an IKE-interface."
|
|
AUGMENTS { apSecurityIkeInterfaceStatsEntry }
|
|
::= { apSecurityIkeInterfaceInfoTable 1 }
|
|
|
|
ApSecurityIkeInterfaceInfoEntry ::=
|
|
SEQUENCE {
|
|
apSecurityIkeInterfaceChildSaRequest Unsigned32,
|
|
apSecurityIkeInterfaceChildSaSuccess Unsigned32,
|
|
apSecurityIkeInterfaceChildSaFail Unsigned32,
|
|
apSecurityIkeInterfaceChildSaDelRequest Unsigned32,
|
|
apSecurityIkeInterfaceChildSaDelSuccess Unsigned32,
|
|
apSecurityIkeInterfaceChildSaDelFail Unsigned32,
|
|
apSecurityIkeInterfaceChildSaRekey Unsigned32,
|
|
apSecurityIkeInterfaceInitialChildSa Unsigned32,
|
|
apSecurityIkeInterfaceDPDRecvPortChange Unsigned32,
|
|
apSecurityIkeInterfaceDPDRecvIPChange Unsigned32,
|
|
apSecurityIkeInterfaceDPDRespRecv Unsigned32,
|
|
apSecurityIkeInterfaceDPDRespNotRecv Unsigned32,
|
|
apSecurityIkeInterfaceDPDRecv Unsigned32,
|
|
apSecurityIkeInterfaceDPDRetran Unsigned32,
|
|
apSecurityIkeInterfaceDPDSent Unsigned32,
|
|
apSecurityIkeInterfaceIKESAPacketSent Unsigned32,
|
|
apSecurityIkeInterfaceIKESAPacketRcv Unsigned32,
|
|
apSecurityIkeInterfaceIKESAPacketDropped Unsigned32,
|
|
apSecurityIkeInterfaceAuthFailure Unsigned32,
|
|
apSecurityIkeInterfaceMsgError Unsigned32,
|
|
apSecurityIkeInterfaceAuthIDError Unsigned32,
|
|
apSecurityIkeInterfaceAuthCertCheckRequest Unsigned32,
|
|
apSecurityIkeInterfaceAuthCertCheckSuccess Unsigned32,
|
|
apSecurityIkeInterfaceAuthCertCheckFailure Unsigned32,
|
|
apSecurityIkeInterfaceDDosSent Unsigned32,
|
|
apSecurityIkeInterfaceDDosRecv Unsigned32,
|
|
apSecurityIkeInterfaceMessageRetrans Unsigned32,
|
|
apSecurityIkeInterfaceSAInitMsgRecv Unsigned32,
|
|
apSecurityIkeInterfaceSAInitMsgSent Unsigned32,
|
|
apSecurityIkeInterfaceSAEstablishmentAttempts Unsigned32,
|
|
apSecurityIkeInterfaceSAEstablishmentSuccess Unsigned32,
|
|
apSecurityIkeInterfaceTunnelRate Unsigned32,
|
|
apSecurityIkeInterfaceCurrentChildSaPair Unsigned32
|
|
}
|
|
|
|
apSecurityIkeInterfaceChildSaRequest OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Child SA Requests on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 1 }
|
|
|
|
apSecurityIkeInterfaceChildSaSuccess OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Child SA Success on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 2 }
|
|
|
|
apSecurityIkeInterfaceChildSaFail OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Child SA Failures on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 3 }
|
|
|
|
apSecurityIkeInterfaceChildSaDelRequest OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Child SA Delete Requests on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 4 }
|
|
|
|
apSecurityIkeInterfaceChildSaDelSuccess OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Child SA Delete Success on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 5 }
|
|
|
|
apSecurityIkeInterfaceChildSaDelFail OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Child SA Delete Failures on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 6 }
|
|
|
|
apSecurityIkeInterfaceChildSaRekey OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Child SA Rekeys on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 7 }
|
|
|
|
apSecurityIkeInterfaceInitialChildSa OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Initial Child SA Establishments on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 8 }
|
|
|
|
apSecurityIkeInterfaceDPDRecvPortChange OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of DPD Port Change Received on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 9 }
|
|
|
|
apSecurityIkeInterfaceDPDRecvIPChange OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of DPD IP Change Received on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 10 }
|
|
|
|
apSecurityIkeInterfaceDPDRespRecv OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of DPD Responses Received on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 11 }
|
|
|
|
apSecurityIkeInterfaceDPDRespNotRecv OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of DPD Responses Not Received on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 12 }
|
|
|
|
apSecurityIkeInterfaceDPDRecv OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of DPD Packets Received on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 13 }
|
|
|
|
apSecurityIkeInterfaceDPDRetran OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of DPD Packets Retransmitted on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 14 }
|
|
|
|
apSecurityIkeInterfaceDPDSent OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of DPD Packets Sent on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 15 }
|
|
|
|
apSecurityIkeInterfaceIKESAPacketSent OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA Packets Sent on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 16 }
|
|
|
|
apSecurityIkeInterfaceIKESAPacketRcv OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA Packets Received on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 17 }
|
|
|
|
apSecurityIkeInterfaceIKESAPacketDropped OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA Packets dropped on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 18 }
|
|
|
|
apSecurityIkeInterfaceAuthFailure OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Authentication Failures on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 19 }
|
|
|
|
apSecurityIkeInterfaceMsgError OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE Message Errors on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 20 }
|
|
|
|
apSecurityIkeInterfaceAuthIDError OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Authentication ID Errors on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 21 }
|
|
|
|
apSecurityIkeInterfaceAuthCertCheckRequest OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Certificate Status Requests on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 22 }
|
|
|
|
apSecurityIkeInterfaceAuthCertCheckSuccess OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Certificate Status Success on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 23 }
|
|
|
|
apSecurityIkeInterfaceAuthCertCheckFailure OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Certificate Status Failures on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 24 }
|
|
|
|
apSecurityIkeInterfaceDDosSent OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of DDoS Sent on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 25 }
|
|
|
|
apSecurityIkeInterfaceDDosRecv OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of DDoS Received on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 26 }
|
|
|
|
apSecurityIkeInterfaceMessageRetrans OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE Message Retransmissions on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 27 }
|
|
|
|
|
|
apSecurityIkeInterfaceSAInitMsgRecv OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT messages received on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 28 }
|
|
|
|
apSecurityIkeInterfaceSAInitMsgSent OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT messages sent on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 29 }
|
|
|
|
apSecurityIkeInterfaceSAEstablishmentAttempts OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA establishment attempts on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 30 }
|
|
|
|
apSecurityIkeInterfaceSAEstablishmentSuccess OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA establishment success on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 31 }
|
|
|
|
apSecurityIkeInterfaceTunnelRate OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Tunnels per second averaged over 100sec window on the IKE-interface."
|
|
::= { apSecurityIkeInterfaceInfoEntry 32 }
|
|
|
|
apSecurityIkeInterfaceCurrentChildSaPair OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32
|
|
|
|
MAX-ACCESS read-only
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Current number of Child Security Association Pairs (Tunnels) on the IKE-interface."
|
|
|
|
::= { apSecurityIkeInterfaceInfoEntry 33 }
|
|
|
|
-- certificate table (read only)
|
|
apSecurityCertificateTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ApSecurityCertificateEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of locally installed certifcate."
|
|
::= { apSecurityMIBObjects 10 }
|
|
|
|
apSecurityCertificateEntry OBJECT-TYPE
|
|
SYNTAX ApSecurityCertificateEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The certificate entry."
|
|
INDEX { apSecurityCertificateConfigId, apSecurityCertificateIndex }
|
|
::= { apSecurityCertificateTable 1 }
|
|
|
|
ApSecurityCertificateEntry ::=
|
|
SEQUENCE {
|
|
apSecurityCertificateConfigId Unsigned32,
|
|
apSecurityCertificateIndex Unsigned32,
|
|
apSecurityCertificateRecordName DisplayString,
|
|
apSecurityCertificateCertSubject DisplayString,
|
|
apSecurityCertificateCertStart DisplayString,
|
|
apSecurityCertificateCertExpire DisplayString,
|
|
apSecurityCertificateCertIssuer DisplayString,
|
|
apSecurityCertificateCertIsCA TruthValue
|
|
}
|
|
|
|
|
|
apSecurityCertificateConfigId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The internal configuration ID of the certificate. "
|
|
::= { apSecurityCertificateEntry 1 }
|
|
|
|
apSecurityCertificateIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The internal index of the certificate.
|
|
Combined with configuration ID is the unique ID of a certificate "
|
|
::= { apSecurityCertificateEntry 2 }
|
|
|
|
apSecurityCertificateRecordName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SBC's configuration record name for the certificate. "
|
|
::= { apSecurityCertificateEntry 3 }
|
|
|
|
apSecurityCertificateCertSubject OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The certificate subject. "
|
|
::= { apSecurityCertificateEntry 4 }
|
|
|
|
apSecurityCertificateCertStart OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The start time and date of the certificate. "
|
|
::= { apSecurityCertificateEntry 5 }
|
|
|
|
apSecurityCertificateCertExpire OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The expiration time and date of the certificate. "
|
|
::= { apSecurityCertificateEntry 6 }
|
|
|
|
apSecurityCertificateCertIssuer OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The issuer of the certificate."
|
|
::= { apSecurityCertificateEntry 7 }
|
|
|
|
apSecurityCertificateCertIsCA OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Boolean value indicating if the certificate is a CA certificate."
|
|
::= { apSecurityCertificateEntry 8 }
|
|
|
|
|
|
apSecurityNotificationObjects OBJECT IDENTIFIER ::= { apSecurityModule 2 }
|
|
|
|
apSecuritySpi OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "Tunnel security-policy-index."
|
|
|
|
::= { apSecurityNotificationObjects 1 }
|
|
|
|
apSecuritySrcIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address."
|
|
::= { apSecurityNotificationObjects 2 }
|
|
|
|
apSecurityDstIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address."
|
|
::= { apSecurityNotificationObjects 3 }
|
|
|
|
apSecurityIPSECMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
tunnel(0),
|
|
transport(1)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSec mode."
|
|
::= { apSecurityNotificationObjects 4 }
|
|
|
|
apSecurityEncryptionAlg OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(0),
|
|
alg-des(1),
|
|
alg-3des(2),
|
|
alg-blowfish(3),
|
|
alg-aes(4),
|
|
null(5)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of the encryption algorithms supported in the tunnel setup."
|
|
::= { apSecurityNotificationObjects 5 }
|
|
|
|
apSecurityAuthAlg OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(0),
|
|
md5(1),
|
|
sha1(2)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of the authentication algorithms supported in the tunnel setup."
|
|
::= { apSecurityNotificationObjects 6 }
|
|
|
|
apSecuritySecProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ah(0),
|
|
esp(1),
|
|
esp-auth(2),
|
|
esp-null(3)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of the security protocol supported in the tunnel setup."
|
|
::= { apSecurityNotificationObjects 7 }
|
|
|
|
apSecurityFailureCause OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
incorrect-id(0),
|
|
incorrect-user-passwd(1),
|
|
incorrect-shared-secret(2),
|
|
incorrect-dh-group(3),
|
|
incorrect-encryption-alg(4),
|
|
incorrect-auth-alg(5),
|
|
incorrect-sec-protocol(6),
|
|
incorrect-hash(7),
|
|
incorrect-mode(8),
|
|
service-unavailable(9),
|
|
access-reject(10),
|
|
initiator-timeout(11),
|
|
invalid-certificate(12),
|
|
authentication-failure(13),
|
|
authorization-failure(14),
|
|
accounting-failure(15)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reason for failure in the IKE, IPSec or RADIUS areas."
|
|
::= { apSecurityNotificationObjects 8 }
|
|
|
|
apSecurityFailureArea OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ike(0),
|
|
ipsec(1),
|
|
radius(2),
|
|
tacacs(3)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Where the failure happened."
|
|
::= { apSecurityNotificationObjects 9 }
|
|
|
|
|
|
apSecurityStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
success (1),
|
|
failure (2)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "Status."
|
|
|
|
::= { apSecurityNotificationObjects 10 }
|
|
|
|
apSecurityDateTime OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "Time as configured at the Net-Net SBC when an
|
|
event completes."
|
|
::= { apSecurityNotificationObjects 11 }
|
|
|
|
apSecurityUser OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "User name"
|
|
::= { apSecurityNotificationObjects 12 }
|
|
|
|
apSecurityPeerPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "IKE peer port"
|
|
|
|
::= { apSecurityNotificationObjects 13 }
|
|
|
|
apSecurityPeerIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IKE peer IP address."
|
|
::= { apSecurityNotificationObjects 14 }
|
|
|
|
apSecurityCRLServer OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "CRL Server FQDN if configured."
|
|
::= { apSecurityNotificationObjects 15 }
|
|
|
|
apSecurityCRLRetrievalFailureCause OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
internal(0),
|
|
incorrect-response(1),
|
|
timeout(2)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reason for failure in the CRL retrieval."
|
|
::= { apSecurityNotificationObjects 16 }
|
|
|
|
apSecurityLastSuccessfulCRLRetrieval OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Last successful CRL retrieval."
|
|
::= { apSecurityNotificationObjects 17 }
|
|
|
|
apSecurityCRLServerIPAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"CRL Server IP address."
|
|
::= { apSecurityNotificationObjects 18 }
|
|
|
|
apSecurityGTPProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "GTP Profile Name configured."
|
|
::= { apSecurityNotificationObjects 19 }
|
|
|
|
apSecurityGTPHostName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "GGSN Host Name if configured."
|
|
::= { apSecurityNotificationObjects 20 }
|
|
|
|
apSecurityGTPLinkFailureCause OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
internal(0),
|
|
timeout(1),
|
|
versionError(2)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "Reason for failure in the GTPCRL retrieval."
|
|
::= { apSecurityNotificationObjects 21 }
|
|
|
|
apSecurityGTPIPAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "GGSN IP address."
|
|
::= { apSecurityNotificationObjects 22 }
|
|
|
|
apSecuritySrcAddressFamily OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address family IPv4 or IPv6."
|
|
::= { apSecurityNotificationObjects 23 }
|
|
|
|
apSecuritySrcAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address."
|
|
::= { apSecurityNotificationObjects 24 }
|
|
|
|
apSecurityDstAddressFamily OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address family IPv4 or IPv6."
|
|
::= { apSecurityNotificationObjects 25 }
|
|
|
|
apSecurityDstAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address."
|
|
::= { apSecurityNotificationObjects 26 }
|
|
|
|
apSecurityPeerAddressFamily OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IKE peer IP address family IPv4 or IPv6."
|
|
::= { apSecurityNotificationObjects 27 }
|
|
|
|
apSecurityPeerAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IKE peer IP address."
|
|
::= { apSecurityNotificationObjects 28 }
|
|
|
|
|
|
|
|
-- Notifications
|
|
|
|
apSecurityNotifications OBJECT IDENTIFIER ::= { apSecurityModule 3 }
|
|
apSecurityAuthNotificationsPrefix
|
|
OBJECT IDENTIFIER ::= { apSecurityNotifications 1 }
|
|
apSecurityAuthNotifications
|
|
OBJECT IDENTIFIER ::= { apSecurityAuthNotificationsPrefix 0 }
|
|
|
|
apSecurityTunnelFailureNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecuritySpi,
|
|
apSecuritySrcIpAddress,
|
|
apSecurityDstIpAddress,
|
|
apSecurityFailureCause,
|
|
apSecurityFailureArea,
|
|
apSecurityStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The notification will be generated whenever IPSEC IKEV2 tunnel fails to
|
|
establish. "
|
|
::= { apSecurityAuthNotifications 1 }
|
|
|
|
apSecurityRadiusFailureNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityUser,
|
|
apSecurityFailureCause,
|
|
apSecurityFailureArea,
|
|
apSecurityStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The notification will be generated whenever Radius authentication request fails."
|
|
::= { apSecurityAuthNotifications 2 }
|
|
|
|
apSecurityAuthFailureThresholdNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityUser,
|
|
apSecurityPeerIpAddress,
|
|
apSecurityPeerPort
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The notification will be generated when IKE DDos auth-failure-threshold is reached and
|
|
report mode includes SNMP trap"
|
|
::= { apSecurityAuthNotifications 3 }
|
|
|
|
apSecurityTacacsFailureNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityUser,
|
|
apSecurityFailureCause,
|
|
apSecurityFailureArea,
|
|
apSecurityStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The notification will be generated whenever TACACS authentication requests fail."
|
|
::= { apSecurityAuthNotifications 4 }
|
|
|
|
apSecurityTunnelFailureInetNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecuritySpi,
|
|
apSecuritySrcAddressFamily,
|
|
apSecuritySrcAddress,
|
|
apSecurityDstAddressFamily,
|
|
apSecurityDstAddress,
|
|
apSecurityFailureCause,
|
|
apSecurityFailureArea,
|
|
apSecurityStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The notification will be generated whenever IPSEC IKEV2 tunnel fails to
|
|
establish. "
|
|
::= { apSecurityAuthNotifications 5 }
|
|
|
|
apSecurityAuthFailureThresholdInetNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityUser,
|
|
apSecurityPeerAddressFamily,
|
|
apSecurityPeerAddress,
|
|
apSecurityPeerPort
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The notification will be generated when IKE DDos auth-failure-threshold is reached and
|
|
report mode includes SNMP trap"
|
|
::= { apSecurityAuthNotifications 6 }
|
|
|
|
apSecurityGeneralNotificationsPrefix
|
|
OBJECT IDENTIFIER ::= { apSecurityNotifications 2 }
|
|
apSecurityGeneralNotifications
|
|
OBJECT IDENTIFIER ::= { apSecurityGeneralNotificationsPrefix 0 }
|
|
apSecurityTunnelDPDNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecuritySpi,
|
|
apSecuritySrcIpAddress,
|
|
apSecurityDstIpAddress,
|
|
apSecurityFailureArea,
|
|
apSecurityStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The notification will be generated whenever IPSEC IKEV2 tunnel fails
|
|
due to Dead Peer Detection(DPD). "
|
|
::= { apSecurityGeneralNotifications 1 }
|
|
|
|
apSecurityIPsecTunCapNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityIPsecTunCapPct
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent when the percentage of licensed
|
|
IPsec tunnels exceeds an IPsec tunnel alarm threshold.
|
|
The apSecurityIPsecTunCapPct object indicates the current
|
|
percentage."
|
|
::= { apSecurityGeneralNotifications 2 }
|
|
|
|
apSecurityIPsecTunCapClearNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityIPsecTunCapPct
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap is sent when the percentage of licensed IPsec
|
|
tunnels no longer exceeds an IPsec tunnel alarm threshold.
|
|
The apSecurityIPsecTunCapPct object indicates the current
|
|
percentage."
|
|
::= { apSecurityGeneralNotifications 3 }
|
|
|
|
|
|
apSecurityTunnelDPDInetNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecuritySpi,
|
|
apSecuritySrcAddressFamily,
|
|
apSecuritySrcAddress,
|
|
apSecurityDstAddressFamily,
|
|
apSecurityDstAddress,
|
|
apSecurityFailureArea,
|
|
apSecurityStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The notification will be generated whenever IPSEC IKEV2 tunnel fails
|
|
due to Dead Peer Detection(DPD). "
|
|
::= { apSecurityGeneralNotifications 4 }
|
|
|
|
apSecurityOCSRNotificationsPrefix
|
|
OBJECT IDENTIFIER ::= { apSecurityNotifications 3 }
|
|
apSecurityOCSRNotifications
|
|
OBJECT IDENTIFIER ::= { apSecurityOCSRNotificationsPrefix 0 }
|
|
|
|
apSecurityOCSRDownNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityOCSRHostname,
|
|
apSecurityOCSRIpAddress
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent when a OCSR server
|
|
becomes unreachable."
|
|
::= { apSecurityOCSRNotifications 1 }
|
|
|
|
apSecurityOCSRUpNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityOCSRHostname,
|
|
apSecurityOCSRIpAddress
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent when a OCSR server
|
|
becomes reachable."
|
|
::= { apSecurityOCSRNotifications 2 }
|
|
|
|
apSecurityCrlNotificationsPrefix
|
|
OBJECT IDENTIFIER ::= { apSecurityNotifications 4 }
|
|
apSecurityCrlNotifications
|
|
OBJECT IDENTIFIER ::= { apSecurityCrlNotificationsPrefix 0 }
|
|
|
|
apSecurityCrlInvalidNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityCrlIssuer,
|
|
apSecurityCspName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent when an invalid CRL
|
|
is detected."
|
|
::= { apSecurityCrlNotifications 1 }
|
|
|
|
|
|
apSecurityCRLRetrievalNotificationsPrefix
|
|
OBJECT IDENTIFIER ::= { apSecurityNotifications 5 }
|
|
apSecurityCRLRetrievalNotifications
|
|
OBJECT IDENTIFIER ::= { apSecurityCRLRetrievalNotificationsPrefix 0 }
|
|
|
|
apSecurityCRLRetrievalFailNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityCRLServer,
|
|
apSecurityCRLRetrievalFailureCause,
|
|
apSecurityLastSuccessfulCRLRetrieval,
|
|
apSecurityCRLServerIPAddress
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent when there is a
|
|
failure in CRL retrieval."
|
|
::= { apSecurityCRLRetrievalNotifications 1 }
|
|
|
|
apSecurityCRLRetrievalClearNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityCRLServer,
|
|
apSecurityCRLServerIPAddress
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent when there is a
|
|
success in CRL retrieval."
|
|
::= { apSecurityCRLRetrievalNotifications 2 }
|
|
|
|
-- certificate expiration notifications
|
|
apSecurityCertNotificationsPrefix
|
|
OBJECT IDENTIFIER ::= { apSecurityNotifications 6 }
|
|
apSecurityCertNotifications
|
|
OBJECT IDENTIFIER ::= { apSecurityCertNotificationsPrefix 0 }
|
|
|
|
apSecurityCertExpiredNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityCertificateRecordName,
|
|
apSecurityCertificateCertSubject,
|
|
apSecurityCertificateCertExpire,
|
|
apSecurityCertificateCertIssuer
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The notification will be generated periodically if a locally installed
|
|
certificate has expired. "
|
|
::= { apSecurityCertNotifications 1 }
|
|
|
|
apSecurityCertExpireSoonNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityCertificateRecordName,
|
|
apSecurityCertificateCertSubject,
|
|
apSecurityCertificateCertExpire,
|
|
apSecurityCertificateCertIssuer
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The notification will be generated periodically if a locally installed
|
|
certificate will soon expire. "
|
|
::= { apSecurityCertNotifications 2 }
|
|
|
|
|
|
apSecurityGTPFailureNotificationsPrefix
|
|
OBJECT IDENTIFIER ::= { apSecurityNotifications 7 }
|
|
apSecurityGTPFailureNotifications
|
|
OBJECT IDENTIFIER ::= { apSecurityGTPFailureNotificationsPrefix 0 }
|
|
|
|
apSecurityGTPLinkFailureNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityGTPProfileName,
|
|
apSecurityGTPHostName,
|
|
apSecurityGTPLinkFailureCause,
|
|
apSecurityGTPIPAddress
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent when there is a link failure with GGSN on GTP Profile."
|
|
::= { apSecurityGTPFailureNotifications 1 }
|
|
|
|
apSecurityGTPLinkClearNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
apSecurityGTPProfileName,
|
|
apSecurityGTPHostName,
|
|
apSecurityGTPIPAddress
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is sent when the link is restored with GGSN on GTP Profile."
|
|
::= { apSecurityGTPFailureNotifications 2 }
|
|
|
|
|
|
-- Conformance information
|
|
|
|
apSecurityConformance OBJECT IDENTIFIER ::= { apSecurityModule 4 }
|
|
apSecurityCompliances OBJECT IDENTIFIER ::= { apSecurityConformance 1 }
|
|
apSecurityGroups OBJECT IDENTIFIER ::= { apSecurityConformance 2 }
|
|
apSecurityNotificationsGroups
|
|
OBJECT IDENTIFIER ::= { apSecurityConformance 3 }
|
|
------objects group
|
|
|
|
apSecurityIPsecTunnelsObjectsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
apSecurityIPsecTunCount,
|
|
apSecurityIPsecTunCapPct
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects for monitoring IPsec tunnel capacity."
|
|
::= { apSecurityGroups 1 }
|
|
|
|
apSecurityIkeInterfaceObjectsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
apSecurityIkeInterfaceInitCookieErrors,
|
|
apSecurityIkeInterfaceAuthErrors,
|
|
apSecurityIkeInterfaceEapAccessRequestErrors,
|
|
apSecurityIkeInterfaceEapAccessChallengeErrors,
|
|
apSecurityIkeInterfaceTsErrors,
|
|
apSecurityIkeInterfaceCpErrors,
|
|
apSecurityIkeInterfaceKeErrors,
|
|
apSecurityIkeInterfaceProposalErrors,
|
|
apSecurityIkeInterfaceSyntaxErrors,
|
|
apSecurityIkeInterfaceCriticalPayloadErrors
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects for monitoring IKE negotiation errors."
|
|
::= { apSecurityGroups 2 }
|
|
|
|
apSecurityTacacsObjectsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
apSecurityTacacsServer,
|
|
apSecurityTacacsCliCommands,
|
|
apSecurityTacacsSuccessAuthentication,
|
|
apSecurityTacacsFailureAuthentication,
|
|
apSecurityTacacsSuccessAuthorization,
|
|
apSecurityTacacsFailureAuthorization
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects for monitoring TACACS+ transactions."
|
|
::= { apSecurityGroups 3 }
|
|
|
|
apSecurityCertObjectsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
apSecurityCertificateRecordName,
|
|
apSecurityCertificateCertSubject,
|
|
apSecurityCertificateCertStart,
|
|
apSecurityCertificateCertExpire,
|
|
apSecurityCertificateCertIssuer,
|
|
apSecurityCertificateCertIsCA
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects for managing locally installed certificates. "
|
|
::= { apSecurityGroups 4 }
|
|
|
|
apSecurityIkeInterfaceInfoObjectsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
apSecurityIkeInterfaceTunnelRate,
|
|
apSecurityIkeInterfaceCurrentChildSaPair
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Objects for monitoring IKE interface tunnel information"
|
|
::= { apSecurityGroups 5 }
|
|
|
|
-- notification groups
|
|
|
|
apSecurityNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
apSecurityTunnelFailureNotification,
|
|
apSecurityRadiusFailureNotification,
|
|
apSecurityTunnelDPDNotification,
|
|
apSecurityTacacsFailureNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for security "
|
|
::= { apSecurityNotificationsGroups 1 }
|
|
|
|
apSecurityIPsecTunnelsNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
apSecurityIPsecTunCapNotification,
|
|
apSecurityIPsecTunCapClearNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for IPsec tunnel capacity."
|
|
::= { apSecurityNotificationsGroups 2 }
|
|
|
|
apSecurityDDosNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
apSecurityAuthFailureThresholdNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for IKEv2 DDos "
|
|
::= { apSecurityNotificationsGroups 3 }
|
|
|
|
apSecurityOCSRNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
apSecurityOCSRDownNotification,
|
|
apSecurityOCSRUpNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for OCSRs "
|
|
::= { apSecurityNotificationsGroups 4 }
|
|
|
|
apSecurityCrlNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
apSecurityCrlInvalidNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for CRLs "
|
|
::= { apSecurityNotificationsGroups 5 }
|
|
|
|
|
|
apSecurityCRLRetrievalNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
apSecurityCRLRetrievalFailNotification,
|
|
apSecurityCRLRetrievalClearNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for CRL Retrieval "
|
|
::= { apSecurityNotificationsGroups 6 }
|
|
|
|
|
|
apSecurityCertNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
apSecurityCertExpiredNotification,
|
|
apSecurityCertExpireSoonNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for CRLs "
|
|
::= { apSecurityNotificationsGroups 7 }
|
|
|
|
apSecurityGTPNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
apSecurityGTPLinkFailureNotification,
|
|
apSecurityGTPLinkClearNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for GTP peer communication "
|
|
::= { apSecurityNotificationsGroups 8 }
|
|
|
|
apSecurityNotificationsInetGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
apSecurityTunnelFailureInetNotification,
|
|
apSecurityRadiusFailureNotification,
|
|
apSecurityTunnelDPDInetNotification,
|
|
apSecurityTacacsFailureNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for security "
|
|
::= { apSecurityNotificationsGroups 9 }
|
|
|
|
apSecurityDDosNotificationsInetGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
apSecurityAuthFailureThresholdInetNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications for IKEv2 DDos "
|
|
::= { apSecurityNotificationsGroups 10 }
|
|
|
|
END
|
|
|
|
|