1082 lines
40 KiB
Plaintext
1082 lines
40 KiB
Plaintext
-- Copyright (C) 2006-2012 Aricent Group . All Rights Reserved
|
|
|
|
-- $Id: fssecv6.mib,v 1.13 2012/09/07 09:52:06 siva Exp $
|
|
|
|
ARICENT-IPSECV6-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
enterprises, MODULE-IDENTITY, OBJECT-TYPE,
|
|
Integer32, Counter32
|
|
FROM SNMPv2-SMI
|
|
RowStatus, DisplayString,TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC;
|
|
|
|
|
|
fsipv6Sec MODULE-IDENTITY
|
|
LAST-UPDATED "201209050000Z"
|
|
ORGANIZATION "ARICENT COMMUNICATIONS SOFTWARE"
|
|
CONTACT-INFO "support@aricent.com"
|
|
DESCRIPTION
|
|
"The MIB module that describes managed objects of
|
|
general use by the IPSEC Protocol."
|
|
REVISION "201209050000Z"
|
|
DESCRIPTION
|
|
"The MIB module that describes managed objects of
|
|
general use by the IPSEC Protocol."
|
|
|
|
::= { enterprises futuresoftware (2076) 29 }
|
|
|
|
|
|
fsipv6SecScalars OBJECT IDENTIFIER ::= { fsipv6Sec 1 }
|
|
fsipv6SecConfig OBJECT IDENTIFIER ::= { fsipv6Sec 2 }
|
|
fsipv6SecStats OBJECT IDENTIFIER ::= { fsipv6Sec 3 }
|
|
|
|
--
|
|
-- IPSEC group
|
|
--
|
|
|
|
Ipv6IfIndex ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "d"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique value, greater than zero for each
|
|
internetwork-layer interface in the managed
|
|
system. It is recommended that values are assigned
|
|
contiguously starting from 1. The value for each
|
|
internetwork-layer interface must remain constant
|
|
at least from one re-initialization of the entity's
|
|
network management system to the next
|
|
re-initialization."
|
|
SYNTAX Integer32 (1..2147483647)
|
|
|
|
-- definition of textual conventions
|
|
|
|
-- fsipv6SecScalars Scalars BEGIN
|
|
|
|
fsipv6SecGlobalStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object enables/disables the IPSEC processing
|
|
administratively.By Default it is set to disable"
|
|
::= { fsipv6SecScalars 1 }
|
|
|
|
fsipv6SecVersion OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Version number of this IPSEC module running on
|
|
the stack."
|
|
::= { fsipv6SecScalars 2 }
|
|
|
|
fsipv6SecGlobalDebug OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disableall (0),
|
|
enableall (1),
|
|
initshut (2),
|
|
manageMent (3),
|
|
dataPath (4),
|
|
ctrlPath (5),
|
|
pktDump (6),
|
|
osresource (7),
|
|
allfailure (8),
|
|
buffer (9)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The mask which is used to enable selective debug levels in
|
|
IPSec module.
|
|
|
|
disableall : disable all the traces.
|
|
enableall : enable all tarce levels.
|
|
management : traces for configuration
|
|
datapath : traces for data packets
|
|
ctrlplane : all control packet related traces
|
|
dump : ppp packet decode
|
|
resourceError : trace for os resource failure
|
|
genError : unexpected error condition
|
|
semTrc : PPP State Event Machine Trace
|
|
alarmTrc : enable PPP Alarms
|
|
|
|
All values except disableall and enableall will add a
|
|
particular trace level to the existing trace levels.
|
|
If we want to have only a particular trace level
|
|
(say 'ctrlplane' do the following:
|
|
(i) configure the value as disableall
|
|
(ii) configure the particular trace level('ctrlplane')."
|
|
|
|
::= { fsipv6SecScalars 3 }
|
|
|
|
fsipv6SecMaxSA OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"Specifies the maximum number of security associations present in
|
|
the system. This sizable parameter determines the number of selector,
|
|
policy, access list and security association entries in the system"
|
|
::= { fsipv6SecScalars 4 }
|
|
|
|
--fsipv6SecScalars Scalars END
|
|
|
|
--fsipv6SecConfig Tables BEGIN
|
|
|
|
-- Selector Table.
|
|
|
|
fsipv6SecSelectorTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsIpv6SecSelectorEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The list of selectors for the interface."
|
|
::= { fsipv6SecConfig 1 }
|
|
|
|
fsIpv6SecSelectorEntry OBJECT-TYPE
|
|
SYNTAX FsIpv6SecSelectorEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the Selector Table. Each entry
|
|
is a set of IP or Upper layer protocol
|
|
fields used by security policy database to
|
|
map to security association entry or bundle."
|
|
INDEX { fsipv6SelIfIndex,
|
|
fsipv6SelProtoIndex,
|
|
fsipv6SelAccessIndex,
|
|
fsipv6SelPort,
|
|
fsipv6SelPktDirection }
|
|
::= { fsipv6SecSelectorTable 1 }
|
|
|
|
FsIpv6SecSelectorEntry ::= SEQUENCE {
|
|
fsipv6SelIfIndex
|
|
Integer32,
|
|
fsipv6SelProtoIndex
|
|
INTEGER,
|
|
fsipv6SelAccessIndex
|
|
Integer32,
|
|
fsipv6SelPort
|
|
Integer32,
|
|
fsipv6SelPktDirection
|
|
INTEGER,
|
|
fsipv6SelFilterFlag
|
|
INTEGER,
|
|
fsipv6SelPolicyIndex
|
|
Integer32,
|
|
fsipv6SelIfIpAddress
|
|
OCTET STRING,
|
|
fsipv6SelStatus
|
|
RowStatus
|
|
}
|
|
|
|
fsipv6SelIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index value which uniquely identifies
|
|
the IPv6 interface on which this Selector
|
|
Table entry exists. The interface indentified
|
|
by a particular value of this index is the same
|
|
interface as identified by the value of
|
|
ipv6IfIndex."
|
|
::= { fsIpv6SecSelectorEntry 1 }
|
|
|
|
fsipv6SelProtoIndex OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
tcp (6),
|
|
udp (17),
|
|
icmpv6 (58),
|
|
ahproto (51),
|
|
espproto (50),
|
|
any (9000)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Proto index value which uniquely identifies
|
|
the protocol for which this Selector Table entry
|
|
exists.In case of no specific protocol any can be
|
|
used whose value is assigned as 9000"
|
|
::= { fsIpv6SecSelectorEntry 2 }
|
|
|
|
fsipv6SelAccessIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value of the object is same as that of the
|
|
index of the access table. This index can be used
|
|
to get a range of source and destination IPv6 addresses
|
|
from the access table for validating the src and destination
|
|
addr of the packets."
|
|
::= { fsIpv6SecSelectorEntry 3 }
|
|
|
|
fsipv6SelPort OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port to Specify the user application for
|
|
a given protocol.In case of no specific port
|
|
any can be used whose value is assigned to 9000"
|
|
::= { fsIpv6SecSelectorEntry 4 }
|
|
|
|
fsipv6SelPktDirection OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
inbound (1),
|
|
outbound (2),
|
|
any (3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Decides the Packet Direction"
|
|
::= { fsIpv6SecSelectorEntry 5 }
|
|
|
|
fsipv6SelFilterFlag OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
filter (1),
|
|
allow (2)
|
|
}
|
|
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Flag to specify the filtering of the packets
|
|
based on the protocol field."
|
|
::= { fsIpv6SecSelectorEntry 6 }
|
|
|
|
fsipv6SelPolicyIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of this object is same as that of
|
|
the index of the security policy table. This
|
|
object can be configured only when there is a
|
|
corresponding entry for the specified value in
|
|
the policy table.This object cannot be configured
|
|
if for the given value there is an entry in the
|
|
policy table which in turn points to the secassoc
|
|
entries in transport mode."
|
|
::= { fsIpv6SecSelectorEntry 7 }
|
|
|
|
fsipv6SelIfIpAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..16))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique non-zero value identifying the local
|
|
tunnel termination address. This
|
|
object should be set when working with IKE"
|
|
::= { fsIpv6SecSelectorEntry 8 }
|
|
|
|
fsipv6SelStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to create and delete rows
|
|
from the fsipv6SecSelectorTable. It can be set
|
|
to the value of createAndGo(4),createAndWait(5),
|
|
notInService(2),active(1) and destroy(6).
|
|
This object can be configured only when the
|
|
ipsec admin status is disable."
|
|
::= { fsIpv6SecSelectorEntry 9 }
|
|
|
|
-- Access Table
|
|
|
|
fsipv6SecAccessTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsIpv6SecAccessEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Range of Ip addresses allowed for a domain"
|
|
::= { fsipv6SecConfig 2 }
|
|
|
|
fsIpv6SecAccessEntry OBJECT-TYPE
|
|
SYNTAX FsIpv6SecAccessEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the access Table that specifies
|
|
the range of address allowed for a domain"
|
|
|
|
INDEX { fsipv6SecAccessIndex }
|
|
::= { fsipv6SecAccessTable 1 }
|
|
|
|
FsIpv6SecAccessEntry ::=
|
|
SEQUENCE {
|
|
fsipv6SecAccessIndex
|
|
Integer32,
|
|
fsipv6SecAccessStatus
|
|
RowStatus,
|
|
fsipv6SecSrcNet
|
|
OCTET STRING,
|
|
fsipv6SecSrcAddrPrefixLen
|
|
Integer32,
|
|
fsipv6SecDestNet
|
|
OCTET STRING,
|
|
fsipv6SecDestAddrPrefixLen
|
|
Integer32
|
|
}
|
|
|
|
fsipv6SecAccessIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value of the object is used to get a unique
|
|
entry in the access table. This index is used
|
|
by the selector table to get an entry from the
|
|
access table. This index is used to get a
|
|
range of source IPv6 addresses from the access
|
|
table for validating the src addr and destination
|
|
address of the packets"
|
|
::= { fsIpv6SecAccessEntry 1 }
|
|
|
|
fsipv6SecAccessStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to create and delete rows
|
|
from the fsipv6SecAccessTable. It can be set
|
|
to the value of createAndGo(4),createAndWait(5),
|
|
notInService(2),active(1) and destroy(6).
|
|
This object can be configured only when the
|
|
ipsec admin status is disable"
|
|
|
|
::= { fsIpv6SecAccessEntry 2 }
|
|
|
|
fsipv6SecSrcNet OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..16))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique non-zero value identifying the source IPv6
|
|
network for a given access index."
|
|
::= { fsIpv6SecAccessEntry 3 }
|
|
|
|
fsipv6SecSrcAddrPrefixLen OBJECT-TYPE
|
|
SYNTAX Integer32 (1..128)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the prefix (in bits) associated with the
|
|
IPv6 source address of this entry."
|
|
::= { fsIpv6SecAccessEntry 4 }
|
|
|
|
fsipv6SecDestNet OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..16))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique non-zero value identifying the destination IPv6
|
|
network for a given access index."
|
|
::= { fsIpv6SecAccessEntry 5 }
|
|
|
|
fsipv6SecDestAddrPrefixLen OBJECT-TYPE
|
|
SYNTAX Integer32 (1..128)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the prefix (in bits) associated with the
|
|
IPv6 destination address of this entry."
|
|
::= { fsIpv6SecAccessEntry 6 }
|
|
|
|
-- Security Policy Database
|
|
|
|
fsipv6SecPolicyTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsIpv6SecPolicyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"List of policies that determine the disposition
|
|
of all IP traffic"
|
|
::= { fsipv6SecConfig 3 }
|
|
|
|
fsIpv6SecPolicyEntry OBJECT-TYPE
|
|
SYNTAX FsIpv6SecPolicyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the Security Policy Table that
|
|
specifies what services are to be offered to
|
|
IP datagrams and in what fashion. "
|
|
INDEX { fsipv6SecPolicyIndex }
|
|
::= { fsipv6SecPolicyTable 1 }
|
|
|
|
FsIpv6SecPolicyEntry ::=
|
|
SEQUENCE {
|
|
fsipv6SecPolicyIndex
|
|
Integer32,
|
|
fsipv6SecPolicyFlag
|
|
INTEGER,
|
|
fsipv6SecPolicyMode
|
|
INTEGER,
|
|
fsipv6SecPolicySaBundle
|
|
DisplayString,
|
|
fsipv6SecPolicyOptionsIndex
|
|
Integer32,
|
|
fsipv6SecPolicyStatus
|
|
RowStatus
|
|
}
|
|
|
|
fsipv6SecPolicyIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique non-zero value identifying the particular
|
|
security policy entry.This index is used by the
|
|
the selector table to get the policy entry for a
|
|
given selector entry"
|
|
::= { fsIpv6SecPolicyEntry 1 }
|
|
|
|
fsipv6SecPolicyFlag OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
apply (3), -- applies IPSEC on the packet
|
|
bypass (4) -- bypasses the IPSEC for the packet
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The choices that can be applied on
|
|
any outbound/inbound datagrams."
|
|
::= { fsIpv6SecPolicyEntry 2 }
|
|
|
|
fsipv6SecPolicyMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
manual (1),
|
|
automatic (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mode of creation of security association
|
|
entries."
|
|
::= { fsIpv6SecPolicyEntry 3 }
|
|
|
|
fsipv6SecPolicySaBundle OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to associate Security
|
|
association entries with each policy entry.
|
|
The Policy entry is mapped to the secassoc
|
|
entries by specifying the secassoc indicies
|
|
in the format (1.2.3.4) where (1,2,3,4) are
|
|
the indicies of the 4 Independent secassoc
|
|
entries.If only one secassoc is to be mapped
|
|
then the index of that particular secassoc
|
|
alone can be specified"
|
|
::= { fsIpv6SecPolicyEntry 4 }
|
|
|
|
fsipv6SecPolicyOptionsIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Refers to the IKE Options."
|
|
::= { fsIpv6SecPolicyEntry 5 }
|
|
|
|
fsipv6SecPolicyStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to create and delete rows
|
|
from the fsipv6SecPolicyTable. It can be set
|
|
to the value of createAndGo(4),createAndWait(5),
|
|
notInService(2),active(1) and destroy(6).
|
|
This object can be configured only when the ipsec
|
|
admin status is disable"
|
|
::= { fsIpv6SecPolicyEntry 6 }
|
|
|
|
|
|
-- Security Association Table.
|
|
-- The IPv6 Security Association table contains the security
|
|
-- association between a source and destination. This table
|
|
-- is consulted for authenticating and encrypting incoming
|
|
-- and outgoing datagrams. Each entry represents a security
|
|
-- mapping between a source and destination and specifies the
|
|
-- Authentication algorithm and key, the Security Parameter
|
|
-- Index (SPI) value and the direction of the mapping.
|
|
-- Entries created/deleted from SNMP.
|
|
|
|
|
|
fsipv6SecAssocTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Fsipv6SecAssocEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the security association
|
|
between a source and destination. It is
|
|
consulted for authentication and Ciphering of
|
|
inbound and outbound datagrams.Datagrams which
|
|
are forwarded by this entity are not authenticated."
|
|
::= { fsipv6SecConfig 4 }
|
|
|
|
fsipv6SecAssocEntry OBJECT-TYPE
|
|
SYNTAX Fsipv6SecAssocEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the IPv6 Security Association Table.
|
|
Each entry specifies the mapping between a
|
|
particular source and destination address. The
|
|
entry specifies the authentication algorithm and
|
|
key to use, the direction of authentication
|
|
(inbound or outbound) and a Security Parameter Index (SPI)."
|
|
INDEX { fsipv6SecAssocIndex }
|
|
::= { fsipv6SecAssocTable 1 }
|
|
|
|
Fsipv6SecAssocEntry ::=
|
|
SEQUENCE {
|
|
fsipv6SecAssocIndex
|
|
Integer32,
|
|
fsipv6SecAssocDstAddr
|
|
OCTET STRING,
|
|
fsipv6SecAssocProtocol
|
|
INTEGER,
|
|
fsipv6SecAssocSpi
|
|
Integer32,
|
|
fsipv6SecAssocMode
|
|
INTEGER,
|
|
fsipv6SecAssocAhAlgo
|
|
INTEGER,
|
|
fsipv6SecAssocAhKey
|
|
OCTET STRING,
|
|
fsipv6SecAssocEspAlgo
|
|
INTEGER,
|
|
fsipv6SecAssocEspKey
|
|
OCTET STRING,
|
|
fsipv6SecAssocEspKey2
|
|
OCTET STRING,
|
|
fsipv6SecAssocEspKey3
|
|
OCTET STRING,
|
|
fsipv6SecAssocLifetimeInBytes
|
|
INTEGER,
|
|
fsipv6SecAssocLifetime
|
|
Integer32,
|
|
fsipv6SecAssocAntiReplay
|
|
INTEGER,
|
|
fsipv6SecAssocStatus
|
|
RowStatus
|
|
}
|
|
|
|
fsipv6SecAssocIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique non-zero value identifying the
|
|
particular Security Association.
|
|
This index value is used by the object
|
|
fsipv6SecPolicySaBundle of the policy
|
|
table to associate the policy entries to
|
|
the secassoc entries"
|
|
::= { fsipv6SecAssocEntry 1 }
|
|
|
|
fsipv6SecAssocDstAddr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..16))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This destination address is matched with the
|
|
destination address in the packet during
|
|
authentication of inbound and outbound datagrams."
|
|
::= { fsipv6SecAssocEntry 2 }
|
|
|
|
fsipv6SecAssocProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
espproto(50),
|
|
ahproto(51)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security header used for either authentication
|
|
(AH) or encryption (ESP)."
|
|
::= { fsipv6SecAssocEntry 3 }
|
|
|
|
fsipv6SecAssocSpi OBJECT-TYPE
|
|
SYNTAX Integer32 (256..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is an arbitrary 32-bit value identifying
|
|
the security association for this datagram. The
|
|
Security Parameter Index value 0 is reserved to
|
|
Indicate that 'no security association exists'.
|
|
The set of Security Parameters Index values
|
|
In the range 1 through 255 are reserved to
|
|
the IANA for future use. Any SPI value greater
|
|
than 255 can be configured."
|
|
::= { fsipv6SecAssocEntry 4 }
|
|
|
|
fsipv6SecAssocMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
tunnel (1), -- tunnel mode
|
|
transport (2) -- transport mode
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The supporting security association mode.
|
|
The secassoc mode is configured as Transport or Tunnel
|
|
when the router is acting as a host. A Security gateway
|
|
can be configured only in tunnel mode"
|
|
::= { fsipv6SecAssocEntry 5 }
|
|
|
|
fsipv6SecAssocAhAlgo OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
null (0),
|
|
hmacmd5 (1),
|
|
hmacsha1 (2),
|
|
keyedmd5 (3),
|
|
md5 (4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication algorithm configured for
|
|
the particular security association entry.
|
|
This object is not mandatory for creation
|
|
of an entry.Setting the algorithm to keyed-md5(2)
|
|
or hmac-md5 (3),hmacsha1(4) requires a key for
|
|
authentication."
|
|
::= { fsipv6SecAssocEntry 6 }
|
|
|
|
fsipv6SecAssocAhKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the key used for authentication
|
|
when the algorithm configured is either
|
|
keyed-md5 or hmac-md5 or hmach-sha1 .
|
|
This object is not mandatory for creation
|
|
of an entry. If the algorithm is md5,
|
|
no key needs to be specified.For KeyedMd5
|
|
and HmacMd5 the key size must be 16 bytes and
|
|
for HmacSha1 the key size must be 20 bytes "
|
|
::= { fsipv6SecAssocEntry 7 }
|
|
|
|
fsipv6SecAssocEspAlgo OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
descbc (2),
|
|
threedescbc (3),
|
|
null (11),
|
|
aes (12)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of algorithm used for Encapsulation
|
|
Security Palyload (ESP) Header.This object is to
|
|
be configured only if the Security protocol to be
|
|
used is ESP"
|
|
::= { fsipv6SecAssocEntry 8 }
|
|
|
|
fsipv6SecAssocEspKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..8))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ESP authentication key.This must be of
|
|
8 Bytes only "
|
|
::= { fsipv6SecAssocEntry 9 }
|
|
|
|
fsipv6SecAssocEspKey2 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..8))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used for configuring the second key
|
|
of 3des-cbc.This key must be 8 Bytes only "
|
|
::= { fsipv6SecAssocEntry 10 }
|
|
|
|
fsipv6SecAssocEspKey3 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..8))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used for configuring the third key
|
|
of 3des-cbc.This key must be 8 Bytes only"
|
|
::= { fsipv6SecAssocEntry 11 }
|
|
fsipv6SecAssocLifetimeInBytes OBJECT-TYPE
|
|
SYNTAX INTEGER(0 .. 2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The timer interval interms of number of bytes.
|
|
IPSEC counts the number of bytes to which the
|
|
IPSEC algorithm is applied. This object specifies the
|
|
allowed maximum number of bytes. If the value is 0,
|
|
it signifies that the lifetime is infinity.
|
|
By default it is set to infinity."
|
|
::= { fsipv6SecAssocEntry 12 }
|
|
|
|
fsipv6SecAssocLifetime OBJECT-TYPE
|
|
SYNTAX Integer32 (0|300 .. 2592000)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" This specifies the duration in seconds for which
|
|
this Security Association remains active. After this
|
|
time interval, the entry becomes inactive and has to
|
|
be manually made active again. If the value is 0,
|
|
it signifies that the lifetime is infinity. By default
|
|
it is set to infinity. Valid values are in the
|
|
range 300 to 2592000."
|
|
::= { fsipv6SecAssocEntry 13 }
|
|
|
|
|
|
fsipv6SecAssocAntiReplay OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object is used for activating the anti
|
|
repaly functionality of the security protocols"
|
|
|
|
::= { fsipv6SecAssocEntry 14 }
|
|
|
|
|
|
|
|
fsipv6SecAssocStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to create and delete rows
|
|
from the fsipv6SecAssocTable. It can be set
|
|
to the value of createAndGo(4),createAndWait(5),
|
|
notInService(2),active(1) and destroy(6).
|
|
This object can be configured only when the ipsec
|
|
admin status is disable"
|
|
::= { fsipv6SecAssocEntry 15 }
|
|
|
|
--fsipv6SecConfig Tables END
|
|
|
|
-- fsipv6SecStats Tables BEGIN
|
|
|
|
-- Interface Specific IPSEC Statistics table
|
|
|
|
fsipv6SecIfStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsIpv6SecIfStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPSEC statistics table based on per interface."
|
|
::= { fsipv6SecStats 1 }
|
|
|
|
fsIpv6SecIfStatsEntry OBJECT-TYPE
|
|
SYNTAX FsIpv6SecIfStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the Interface Statistics table."
|
|
INDEX { fsipv6SecIfIndex }
|
|
::= { fsipv6SecIfStatsTable 1 }
|
|
|
|
FsIpv6SecIfStatsEntry ::=
|
|
SEQUENCE {
|
|
fsipv6SecIfIndex
|
|
Integer32,
|
|
fsipv6SecIfInPkts
|
|
Counter32,
|
|
fsipv6SecIfOutPkts
|
|
Counter32,
|
|
fsipv6SecIfPktsApply
|
|
Counter32,
|
|
fsipv6SecIfPktsDiscard
|
|
Counter32,
|
|
fsipv6SecIfPktsBypass
|
|
Counter32
|
|
}
|
|
|
|
fsipv6SecIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..100)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index value which uniquely identifies
|
|
the IPv6 interface on which this interface
|
|
statistics table entry exists. The interface
|
|
identified by a particular value of this index is
|
|
the same interface as identified by the same value of
|
|
ipv6IfIndex."
|
|
::= { fsIpv6SecIfStatsEntry 1 }
|
|
|
|
fsipv6SecIfInPkts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets recieved on the specified
|
|
interface."
|
|
::= { fsIpv6SecIfStatsEntry 2 }
|
|
|
|
fsipv6SecIfOutPkts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets sent on the specified
|
|
interface."
|
|
::= { fsIpv6SecIfStatsEntry 3 }
|
|
|
|
fsipv6SecIfPktsApply OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets for which security is
|
|
applied which are of either inbound or
|
|
outbound."
|
|
::= { fsIpv6SecIfStatsEntry 4 }
|
|
|
|
fsipv6SecIfPktsDiscard OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets dropped either of
|
|
inbound or outbound."
|
|
::= { fsIpv6SecIfStatsEntry 5 }
|
|
|
|
fsipv6SecIfPktsBypass OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets for which IPSEC is not
|
|
applied which are of either inbound
|
|
or outbound."
|
|
::= { fsIpv6SecIfStatsEntry 6 }
|
|
|
|
-- AH/ESP Specific IPSEC Statistics table
|
|
|
|
fsipv6SecAhEspStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsIpv6SecAhEspStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"AH/ESP related statistics table."
|
|
::= { fsipv6SecStats 2 }
|
|
|
|
fsIpv6SecAhEspStatsEntry OBJECT-TYPE
|
|
SYNTAX FsIpv6SecAhEspStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the AH/ESP statistics Table. "
|
|
INDEX { fsipv6SecAhEspIfIndex }
|
|
::= { fsipv6SecAhEspStatsTable 1 }
|
|
|
|
FsIpv6SecAhEspStatsEntry ::=
|
|
SEQUENCE {
|
|
fsipv6SecAhEspIfIndex
|
|
INTEGER,
|
|
fsipv6SecInAhPkts
|
|
Counter32,
|
|
fsipv6SecOutAhPkts
|
|
Counter32,
|
|
fsipv6SecAhPktsAllow
|
|
Counter32,
|
|
fsipv6SecAhPktsDiscard
|
|
Counter32,
|
|
fsipv6SecInEspPkts
|
|
Counter32,
|
|
fsipv6SecOutEspPkts
|
|
Counter32,
|
|
fsipv6SecEspPktsAllow
|
|
Counter32,
|
|
fsipv6SecEspPktsDiscard
|
|
Counter32
|
|
}
|
|
|
|
fsipv6SecAhEspIfIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (1..100)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index value which uniquely identifies
|
|
the IPv6 interface on which this statistics
|
|
table entry exists. The interface identified by a
|
|
particular value of this index is the same
|
|
interface as identified by the same value of ipv6IfIndex."
|
|
::= { fsIpv6SecAhEspStatsEntry 1 }
|
|
|
|
fsipv6SecInAhPkts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of AH packets recieved."
|
|
::= { fsIpv6SecAhEspStatsEntry 2 }
|
|
|
|
fsipv6SecOutAhPkts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of AH packets sent."
|
|
::= { fsIpv6SecAhEspStatsEntry 3 }
|
|
|
|
fsipv6SecAhPktsAllow OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of AH packets allowed."
|
|
::= { fsIpv6SecAhEspStatsEntry 4 }
|
|
|
|
fsipv6SecAhPktsDiscard OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of AH packets discarded."
|
|
::= { fsIpv6SecAhEspStatsEntry 5 }
|
|
|
|
fsipv6SecInEspPkts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ESP packets received."
|
|
::= { fsIpv6SecAhEspStatsEntry 6 }
|
|
|
|
fsipv6SecOutEspPkts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ESP packets sent."
|
|
::= { fsIpv6SecAhEspStatsEntry 7 }
|
|
|
|
fsipv6SecEspPktsAllow OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ESP packets allowed."
|
|
::= { fsIpv6SecAhEspStatsEntry 8 }
|
|
|
|
fsipv6SecEspPktsDiscard OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ESP packets discarded."
|
|
::= { fsIpv6SecAhEspStatsEntry 9 }
|
|
|
|
-- AH/ESP Specific IPSEC Intru table
|
|
|
|
fsipv6SecAhEspIntruTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsIpv6SecAhEspIntruEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"AH/ESP related Intru table."
|
|
::= { fsipv6SecStats 3}
|
|
|
|
fsIpv6SecAhEspIntruEntry OBJECT-TYPE
|
|
SYNTAX FsIpv6SecAhEspIntruEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the AH/ESP intruder Table. "
|
|
INDEX { fsipv6SecAhEspIntruIndex }
|
|
::= { fsipv6SecAhEspIntruTable 1 }
|
|
|
|
FsIpv6SecAhEspIntruEntry ::=
|
|
SEQUENCE {
|
|
fsipv6SecAhEspIntruIndex
|
|
Integer32,
|
|
fsipv6SecAhEspIntruIfIndex
|
|
Integer32,
|
|
fsipv6SecAhEspIntruSrcAddr
|
|
OCTET STRING,
|
|
fsipv6SecAhEspIntruDestAddr
|
|
OCTET STRING,
|
|
fsipv6SecAhEspIntruProto
|
|
INTEGER,
|
|
fsipv6SecAhEspIntruTime
|
|
Counter32
|
|
}
|
|
|
|
fsipv6SecAhEspIntruIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the index of the entry in the table."
|
|
::= { fsIpv6SecAhEspIntruEntry 1 }
|
|
|
|
fsipv6SecAhEspIntruIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..100)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index value which uniquely identifies
|
|
the IPv6 interface on which this statistics
|
|
table entry exists. The interface identified
|
|
by a particular value of this index is the same
|
|
interface as identified by the same value of
|
|
ipv6IfIndex."
|
|
::= { fsIpv6SecAhEspIntruEntry 2 }
|
|
|
|
fsipv6SecAhEspIntruSrcAddr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..16))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Intru's source address."
|
|
::= { fsIpv6SecAhEspIntruEntry 3 }
|
|
|
|
fsipv6SecAhEspIntruDestAddr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..16))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Intru's destination address."
|
|
::= { fsIpv6SecAhEspIntruEntry 4 }
|
|
|
|
fsipv6SecAhEspIntruProto OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ahproto (51),
|
|
espproto (50)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Intru's Protocol."
|
|
::= { fsIpv6SecAhEspIntruEntry 5 }
|
|
|
|
fsipv6SecAhEspIntruTime OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time of intruders attack."
|
|
::= { fsIpv6SecAhEspIntruEntry 6 }
|
|
|
|
-- fsipv6SecStats Tables END
|
|
END
|