WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/avaya/AVAYA-IPSEC-MIB

2722 lines
90 KiB
Plaintext
Raw Permalink Blame History

--
-- AVAYA-IPSEC-MIB.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 3.0 Build 253
-- Sunday, February 27, 2005 at 15:25:17
--
-- Copyright © 2004 by Avaya Inc. All rights reserved.
--
-- This AVAYA SNMP Management Information Base Specification (Specification)
-- embodies AVAYA confidential and Proprietary intellectual property.
-- AVAYA retains all Title and ownership in the Specification, including any
-- revisions.
--
-- It is AVAYA's intent to encourage the widespread use of this Specification
-- in connection with the management of AVAYA products. AVAYA grants vendors,
-- end-users, and other interested parties a non-exclusive license to use this
-- Specification in connection with the management of AVAYA products.
--
-- This Specification is supplied "as is," and AVAYA makes no warranty, either
-- express or implied, as to the use, operation, condition, or performance of
-- the Specification.
--
-- ========================================================
-- SourceSafe Version Information:
-- $Revision: 35 $
-- Check in $Date: 11/01/07 12:27p $
-- $Author: Sbiton $
-- $Archive: /MIBs/Version 1.0/Source/Avaya/AVAYA-IPSEC-MIB.my $
-- ========================================================
AVAYA-IPSEC-MIB DEFINITIONS ::= BEGIN
IMPORTS
avGatewayMibs
FROM AVAYAGEN-MIB
OBJECT-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF
IpAddress, Integer32, Unsigned32, Gauge32, Counter32,
OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
FROM SNMPv2-SMI
RowStatus, DisplayString, TruthValue, TimeStamp, TEXTUAL-CONVENTION
FROM SNMPv2-TC;
avayaIpsecMib MODULE-IDENTITY
LAST-UPDATED "200701081643Z" -- Januar 08, 2007 at 16:43
ORGANIZATION
"Avaya, Inc."
CONTACT-INFO
" Avaya Customer Services
Postal: Avaya, Inc.
211 Mt Airy Rd.
Basking Ridge, NJ 07920
USA
Tel: +1 908 953 6000
E-mail: executiveoffic@avaya.com
WWW: http://www.avaya.com
"
DESCRIPTION
"The MIB module for configuring IPSec functionality
in Avaya converged Gateways."
REVISION "200701081643Z"
DESCRIPTION
"Add time to failback to primary peer (seconds) -
avipsIsakmpPeerGroupFailbacktoPrimaryInterval under the
avipsIsakmpPeerTable."
::= { avGatewayMibs 1 }
--
-- Textual conventions
--
DiffHellmanGrp ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The Diffie Hellman Group used in negotiations."
SYNTAX INTEGER
{
dhGroup1(1),
dhGroup2(2),
dhGroup5(5),
dhGroup14(14),
dhGroup15(15),
dhGroup16(16),
dhGroup17(17),
dhGroup18(18),
none(255)
}
IkeEncryptAlgo ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Values for encryption algorithms negotiated
for the ISAKMP SA by IKE in Phase I. These are
values for SA Attribute type Encryption
Algorithm (1)."
SYNTAX INTEGER
{
des(2),
des3(3),
aes(4),
aes192(5),
aes256(6),
none(255)
}
IkeHashAlgo ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Values for hash algorithms negotiated
for the ISAKMP SA by IKE in Phase I. These are
values for SA Attribute type Hash Algorithm (2)."
SYNTAX INTEGER
{
none(1),
md5(2),
sha(3)
}
EspHashTransform ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The ESP Authentication Algorithm used in the IPsec
DOI as a SA Attributes definition in the Transform
Payload of Phase II of an IKE negotiation. This
set of values defines the AH authentication
algorithm, when the associated Proposal Payload has
a Protocol-ID of 2 (AH). This set of values
defines the ESP authentication algorithm, when the
associated Proposal Payload has a Protocol-ID
of 3 (ESP)."
SYNTAX INTEGER
{
none(1),
md5(2),
sha(3)
}
EspEncrTransform ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The values of the IPsec DOI ESP Transform Identifier
which identify a particular algorithm to be used to
provide secrecy protection for ESP. It is used in
the Transform-ID field of a ISAKMP Transform Payload
for the IPsec DOI, when the Protocol-Id of the
associated Proposal Payload is 2 (AH), 3 (ESP),
and 4 (IPCOMP)."
SYNTAX INTEGER
{
null(1),
des(2),
des3(3),
aes(4),
aes192(5),
aes256(6),
none(255)
}
IsakmpIdentityType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This TC provides the semantics for a column with
IsakmpIdentityValue TC. Wherever this TC is used, there
should be an accompanying column which uses the
IsakmpIdentityValue TC to specify the data for which the
semantics apply.
Values in the range [1..255] is the IPsec DOI Identification
Type that is an 8-bit value which is used in the ID Type
field as a discriminant for interpretation of the
variable-length Identification Payload.
Values in the range [256..260] are reserved for the
following semantics, which can be used for local and remote
peers:
none(256) - this object is empty.
peerGroup(257) - IsakmpIdentityValue is a peer-group name.
Values in the range [261..Max] are reserved for the
following semantics, which can be used for local peers only:
ifName(270) - an interface name, which IP address is used
as the local-peer's ID.
"
SYNTAX INTEGER
{
ipv4Address(1),
fqdn(2),
userFqdn(3),
none(256),
peerGroup(257),
ifName(270)
}
IsakmpIdentityValue ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"IsakmpIdentityValue contains a string encoded Identity Type
value to be used in comparisons against an IKE Identity
payload. Wherever this TC is used, there should be an
accompanying column which uses the IsakmpIdentityType TC to
specify the type of data in this object.
See the IsakmpIdentityType TC for the supported identity types
available. Note that the IsakmpIdentityType TC specifies how
to encode binary values, while this object will contain human
readable string versions."
SYNTAX OCTET STRING (SIZE (1..110))
IsakmpDpdKeepaliveMetric ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Specifies the type of worry-metric to be used
for DPD."
SYNTAX INTEGER
{
disabled(1),
onDemand(2),
periodic(3)
}
IpsecEncapMode ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"IPSec encapsulation mode."
SYNTAX INTEGER
{
tunnel(1),
transport(2)
}
--
-- Node definitions
--
-- 1.3.6.1.4.1.6889.2.6.1.1
avipsMIBObjects OBJECT IDENTIFIER ::= { avayaIpsecMib 1 }
-- 1.3.6.1.4.1.6889.2.6.1.1.1
avipsGlobals OBJECT IDENTIFIER ::= { avipsMIBObjects 1 }
-- 1.3.6.1.4.1.6889.2.6.1.1.1.1
avipsGlobalsInvalidSpiRecovery OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object determines whether invalid-spi-recovery
is enabled (true) or disabled (false).
When enabled, the device shall open an IKE SA,
if it does not already exist, in order to
send DELETE message to the remote peer when
receiving an invalid spi or invalid cookie
with SIP of that remote peer.
This causes faster recovery times in case of
SADB inconsistency, but may cause D/DoS attack
on the remote peer."
::= { avipsGlobals 1 }
-- 1.3.6.1.4.1.6889.2.6.1.1.1.2
avipsNatTEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether IPSec NAT-T is invoked in the device.
If this object is True then NAT-T is enabled."
::= { avipsGlobals 2 }
-- 1.3.6.1.4.1.6889.2.6.1.1.1.3
avipsNatTKeepaliveInterval OBJECT-TYPE
SYNTAX Integer32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object determines the NAT-T keepalive interval in seconds.
If this object is set to 0 then NAT-T keepalives are disabled."
::= { avipsGlobals 3 }
-- 1.3.6.1.4.1.6889.2.6.1.1.1.4
avipsCryptoEngineAccelEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of this object determines whether IPSec HW
acceleration is enabled or disabled.
In case the HW does not support acceleration the value
of this object shall be false.
"
::= { avipsGlobals 4 }
-- 1.3.6.1.4.1.6889.2.6.1.1.2
avipsIsakmpGroup OBJECT IDENTIFIER ::= { avipsMIBObjects 2 }
-- 1.3.6.1.4.1.6889.2.6.1.1.2.1
avipsIsakmpPeerTable OBJECT-TYPE
SYNTAX SEQUENCE OF AvipsIsakmpPeerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains a list of all the remote peers and peer-groups we are
willing to establish an IPSec VPN connection with. Each entry
represents a peer or a peer-group, and is indexed by the peer's IKE
identification (type and value), or the peer-group name.
Each peer entry points to the ISAKMP policy that will be
used for IKE negotiations (as an initiator or a responder).
Note that in case this entry represents a peer-group
the value of IsakmpIdentityType shall be set to peerGroup.
In that case certain columns in this row are N/A."
::= { avipsIsakmpGroup 1 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1
avipsIsakmpPeerEntry OBJECT-TYPE
SYNTAX AvipsIsakmpPeerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A specific entry."
INDEX { avipsIsakmpPeerIdType, IMPLIED avipsIsakmpPeerId }
::= { avipsIsakmpPeerTable 1 }
AvipsIsakmpPeerEntry ::=
SEQUENCE {
avipsIsakmpPeerIdType
IsakmpIdentityType,
avipsIsakmpPeerId
IsakmpIdentityValue,
avipsIsakmpPeerDescription
DisplayString,
avipsIsakmpPeerIsaPlcyId1
Integer32,
avipsIsakmpPeerInitiateMode
INTEGER,
avipsIsakmpPeerSelfIdType
IsakmpIdentityType,
avipsIsakmpPeerSelfId
IsakmpIdentityValue,
avipsIsakmpPeerKeepaliveMetric
IsakmpDpdKeepaliveMetric,
avipsIsakmpPeerKeepaliveInterval
Integer32,
avipsIsakmpPeerKeepaliveRetryInterval
Integer32,
avipsIsakmpPeerKeepaliveTrackId
Integer32,
avipsIsakmpPeerContChannel
TruthValue,
avipsIsakmpPeerRowStatus
RowStatus,
avipsIsakmpPeerGroupFailbacktoPrimaryInterval
Integer32
}
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.1
avipsIsakmpPeerIdType OBJECT-TYPE
SYNTAX IsakmpIdentityType (1..260)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object is an enumeration identifying the type of the
Identity value. Note that value can also be peerGroup,
in that case avipsIsakmpPeerId contains the peer-group's
name. Also note that certain columns in this row are N/A
for peer-group (refer to specific objects' descriptions
for details).
This is also the first index component of this table."
::= { avipsIsakmpPeerEntry 1 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.2
avipsIsakmpPeerId OBJECT-TYPE
SYNTAX IsakmpIdentityValue
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object contains an Identity filter to be used to match
against the identity payload in an IKE request.
This is also the second index component of this table."
::= { avipsIsakmpPeerEntry 2 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.3
avipsIsakmpPeerDescription OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Free text describing this row."
DEFVAL { "" }
::= { avipsIsakmpPeerEntry 3 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.4
avipsIsakmpPeerIsaPlcyId1 OBJECT-TYPE
SYNTAX Integer32 (0..9999)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object contains the ID of the ISAKMP policy to be used
in IKE Phase I negotiation with this peer.
A value of 0 indicates that this object is empty.
This object is N/A if avipsIsakmpPeerIdType is peerGroup."
DEFVAL { 0 }
::= { avipsIsakmpPeerEntry 4 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.5
avipsIsakmpPeerInitiateMode OBJECT-TYPE
SYNTAX INTEGER
{
none(1),
main(2),
aggressive(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies how to initiate IKE when communicating
with this peer:
none(1) - Never initiate IKE with this peer (i.e. respond only)
main(2) - Initiate Main Mode (MM)
aggressive(3) - Initiate Aggressive Mode (AM)
This object is N/A if avipsIsakmpPeerIdType is peerGroup."
DEFVAL { main }
::= { avipsIsakmpPeerEntry 5 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.6
avipsIsakmpPeerSelfIdType OBJECT-TYPE
SYNTAX IsakmpIdentityType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is an enumeration identifying the type
of the Identity value which the local peer shall
use in the its identity payload during Phase-1
negotiation.
This object is N/A if avipsIsakmpPeerIdType is peerGroup."
DEFVAL { ipv4Address }
::= { avipsIsakmpPeerEntry 6 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.7
avipsIsakmpPeerSelfId OBJECT-TYPE
SYNTAX IsakmpIdentityValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If not empty, this object specifies the identity value
which the local peer will send in the identification payload
during IKE Phase-1 negotiation.
If this object is empty, the default local identity shall be
sent, according to the value of avipsIsakmpPeerSelfIdType.
This object is N/A if avipsIsakmpPeerIdType is peerGroup.
"
DEFVAL { ''b }
::= { avipsIsakmpPeerEntry 7 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.8
avipsIsakmpPeerKeepaliveMetric OBJECT-TYPE
SYNTAX IsakmpDpdKeepaliveMetric
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The worry-metric to be used for deciding when to
send R-U-THERE message to the remote peer.
This object is N/A if avipsIsakmpPeerIdType is peerGroup."
DEFVAL { disabled }
::= { avipsIsakmpPeerEntry 8 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.9
avipsIsakmpPeerKeepaliveInterval OBJECT-TYPE
SYNTAX Integer32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The minimal interval, in seconds, between two
consecutive R-U-THERE sent by the local peer, when
the previous R-U-THERE message has been answered.
The actual interval is based on this value and
other parameters, such as the worry-metric.
This object is N/A if avipsIsakmpPeerIdType is peerGroup."
DEFVAL { 10 }
::= { avipsIsakmpPeerEntry 9 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.10
avipsIsakmpPeerKeepaliveRetryInterval OBJECT-TYPE
SYNTAX Integer32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The actual interval, in seconds, between R-U-THERE
retries sent by the local peer, when the previous
R-U-THERE message has not been answered.
This object is N/A if avipsIsakmpPeerIdType is peerGroup."
DEFVAL { 2 }
::= { avipsIsakmpPeerEntry 10 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.11
avipsIsakmpPeerKeepaliveTrackId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Bind the status of this peer to an object-tracker by specifying
the ID of the object-tracker (avstrTrackerId in
AVAYA-SAA-TRACK-MIB).
A value of 0 means that peer is not bound to any
object-tracker.
This object is N/A if avipsIsakmpPeerIdType is peerGroup."
DEFVAL { 0 }
::= { avipsIsakmpPeerEntry 11 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.12
avipsIsakmpPeerContChannel OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object determines whether continuous channel IKE
mode is used for contacting the peer.
Continuous channel IKE means that local peer
tries to establish an IKE SA with the remote peer
as soon as possible, also when there is no outbound
traffic that requires it.
This object is N/A if avipsIsakmpPeerIdType is peerGroup."
DEFVAL { false }
::= { avipsIsakmpPeerEntry 12 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.13
avipsIsakmpPeerRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table.
Use createAndGo (not createAndWait) to create this row."
::= { avipsIsakmpPeerEntry 13 }
avipsIsakmpPeerGroupFailbacktoPrimaryInterval OBJECT-TYPE
SYNTAX Integer32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The amount of time in seconds that secondary peer shall be up (after
primary peer went down) before there will be failback to primary
peer (in case it is up again). The default value is 24 hours.
Relevant for peer-group only (values 1 and up).
For peer return value of 0. "
DEFVAL { 86400 }
::= { avipsIsakmpPeerEntry 14 }
-- 1.3.6.1.4.1.6889.2.6.1.1.2.2
avipsPeerGroupPeersTable OBJECT-TYPE
SYNTAX SEQUENCE OF AvipsPeerGroupPeersEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains all the associations between peer-groups
and isakmp peers. The relation between peer-group and isakmp
peer is many-to-many. A valid peer-group (i.e. a peer-group
that can be associated with an active crypto-list) contains
one or more isakmp peers. An isakmp peer may be contained in
zero or more peer-groups."
::= { avipsIsakmpGroup 2 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1
avipsPeerGroupPeersEntry OBJECT-TYPE
SYNTAX AvipsPeerGroupPeersEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A specific entry."
INDEX { avipsPeerGroupPeersPGrpName, avipsPeerGroupPeersPeerIndex }
::= { avipsPeerGroupPeersTable 1 }
AvipsPeerGroupPeersEntry ::=
SEQUENCE {
avipsPeerGroupPeersPGrpName
DisplayString,
avipsPeerGroupPeersPeerIndex
Integer32,
avipsPeerGroupPeersPIdType
IsakmpIdentityType,
avipsPeerGroupPeersPIdValue
IsakmpIdentityValue,
avipsPeerGroupPeersRowStatus
RowStatus
}
-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.1
avipsPeerGroupPeersPGrpName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of the peer-group associated with this isakmp peer.
Note that there must exist a matching active entry in
avipsIsakmpPeerTable which avipsIsakmpPeerIdType is
peerGroup, otherwise a 'set' operation shall fail."
::= { avipsPeerGroupPeersEntry 1 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.2
avipsPeerGroupPeersPeerIndex OBJECT-TYPE
SYNTAX Integer32 (1..100)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ordered index of the peer within the peer-group."
::= { avipsPeerGroupPeersEntry 2 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.3
avipsPeerGroupPeersPIdType OBJECT-TYPE
SYNTAX IsakmpIdentityType (1..256)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is an enumeration identifying the type of the
Identity value of the peer associated with this IPSec
connection. Note that value cannot be peerGroup.
The contents of this object object is interpreted along
with avipsPeerGroupPeersPIdValue."
::= { avipsPeerGroupPeersEntry 3 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.4
avipsPeerGroupPeersPIdValue OBJECT-TYPE
SYNTAX IsakmpIdentityValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object contains value of the peer ID.
The contents of this object object is interpreted along
with avipsPeerGroupPeersPIdType."
::= { avipsPeerGroupPeersEntry 4 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.5
avipsPeerGroupPeersRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table.
Use createAndWait (not createAndGo) to create this row.
This object is active(1) after avipsPeerGroupPeersPIdType
and avipsPeerGroupPeersPIdValue are set."
::= { avipsPeerGroupPeersEntry 5 }
-- 1.3.6.1.4.1.6889.2.6.1.1.2.3
avipsIsakmpPlcyTable OBJECT-TYPE
SYNTAX SEQUENCE OF AvipsIsakmpPlcyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table containing the list of all
ISAKMP policy entries configured by the operator."
::= { avipsIsakmpGroup 3 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1
avipsIsakmpPlcyEntry OBJECT-TYPE
SYNTAX AvipsIsakmpPlcyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains the attributes
associated with a single ISAKMP
Policy entry."
INDEX { avipsIsakmpPlcyId }
::= { avipsIsakmpPlcyTable 1 }
AvipsIsakmpPlcyEntry ::=
SEQUENCE {
avipsIsakmpPlcyId
Integer32,
avipsIsakmpPlcyDescription
DisplayString,
avipsIsakmpPlcyDhGroup
DiffHellmanGrp,
avipsIsakmpPlcyEncrAlgo
IkeEncryptAlgo,
avipsIsakmpPlcyHashAlgo
IkeHashAlgo,
avipsIsakmpPlcyLifetime
Integer32,
avipsIsakmpPlcyAuth
INTEGER,
avipsIsakmpPlcyRowStatus
RowStatus
}
-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.1
avipsIsakmpPlcyId OBJECT-TYPE
SYNTAX Integer32 (1..9999)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ID of this ISAKMP Policy entry.
This is also the index of this table."
::= { avipsIsakmpPlcyEntry 1 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.2
avipsIsakmpPlcyDescription OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Free text describing this object."
DEFVAL { "" }
::= { avipsIsakmpPlcyEntry 2 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.3
avipsIsakmpPlcyDhGroup OBJECT-TYPE
SYNTAX DiffHellmanGrp
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the Oakley group used
for Diffie Hellman exchange in the Main Mode.
If this policy item is selected to negotiate
Main Mode with an IKE peer, the local entity
chooses the group specified by this object to
perform Diffie Hellman exchange with the
peer."
DEFVAL { dhGroup1 }
::= { avipsIsakmpPlcyEntry 3 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.4
avipsIsakmpPlcyEncrAlgo OBJECT-TYPE
SYNTAX IkeEncryptAlgo
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The encryption transform specified by this
ISAKMP policy specification. The Internet Key Exchange
(IKE) tunnels setup using this policy item would
use the specified encryption transform to protect the
ISAKMP PDUs."
DEFVAL { des }
::= { avipsIsakmpPlcyEntry 4 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.5
avipsIsakmpPlcyHashAlgo OBJECT-TYPE
SYNTAX IkeHashAlgo
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The hash transform specified by this
ISAKMP policy specification. The IKE tunnels
setup using this policy item would use the
specified hash transform to protect the
ISAKMP PDUs."
DEFVAL { sha }
::= { avipsIsakmpPlcyEntry 5 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.6
avipsIsakmpPlcyLifetime OBJECT-TYPE
SYNTAX Integer32 (60..86400)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the lifetime, in seconds,
of the IKE tunnels generated using this
policy specification."
DEFVAL { 86400 }
::= { avipsIsakmpPlcyEntry 6 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.7
avipsIsakmpPlcyAuth OBJECT-TYPE
SYNTAX INTEGER
{
none(1),
preSharedKey(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The peer authentication method specified by
this ISAKMP policy specification. If this policy
entity is selected for negotiation with a peer,
the local entity would authenticate the peer using
the method specified by this object."
DEFVAL { preSharedKey }
::= { avipsIsakmpPlcyEntry 7 }
-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.8
avipsIsakmpPlcyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table."
::= { avipsIsakmpPlcyEntry 8 }
-- 1.3.6.1.4.1.6889.2.6.1.1.3
avipsIpsecGroup OBJECT IDENTIFIER ::= { avipsMIBObjects 3 }
-- 1.3.6.1.4.1.6889.2.6.1.1.3.1
avipsCryptoMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF AvipsCryptoMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains all the crypto maps configured by the user.
A crypto map essentially concentrates all the IPSec protection
policy required for establishing IKE Phase-1 and Phase-2
connections."
::= { avipsIpsecGroup 1 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1
avipsCryptoMapEntry OBJECT-TYPE
SYNTAX AvipsCryptoMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A specific crypto map entry."
INDEX { avipsCryptoMapId }
::= { avipsCryptoMapTable 1 }
AvipsCryptoMapEntry ::=
SEQUENCE {
avipsCryptoMapId
Integer32,
avipsCryptoMapDescription
DisplayString,
avipsCryptoMapPeerIdType
IsakmpIdentityType,
avipsCryptoMapPeerIdValue
IsakmpIdentityValue,
avipsCryptoMapTranSetName1
DisplayString,
avipsCryptoMapIsReady
TruthValue,
avipsCryptoMapTunnelDscp
Integer32,
avipsCryptoMapContChannel
TruthValue,
avipsCryptoMapRowStatus
RowStatus
}
-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.1
avipsCryptoMapId OBJECT-TYPE
SYNTAX Integer32 (1..9999)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ID of the crypto map entry.
This is also the index of this table."
::= { avipsCryptoMapEntry 1 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.2
avipsCryptoMapDescription OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Free text describing this object."
DEFVAL { "" }
::= { avipsCryptoMapEntry 2 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.3
avipsCryptoMapPeerIdType OBJECT-TYPE
SYNTAX IsakmpIdentityType (1..260)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is an enumeration identifying the type of the
Identity value of the peer associated with this IPSec
connection.
The contents of this object object is interpreted along
with avipsCryptoMapPeerIdValue."
::= { avipsCryptoMapEntry 3 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.4
avipsCryptoMapPeerIdValue OBJECT-TYPE
SYNTAX IsakmpIdentityValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object contains an Identity filter to be used
to select the remote peer or peer-group when initiating IKE,
and to match against the identity payload in an IKE request
when responding to IKE.
The contents of this object object is interpreted along
with avipsCryptoMapPeerIdType."
DEFVAL { "" }
::= { avipsCryptoMapEntry 4 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.5
avipsCryptoMapTranSetName1 OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The name of the transforms-set for this crypto map.
This object is the index into the avipsTranSetTable."
DEFVAL { "" }
::= { avipsCryptoMapEntry 5 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.6
avipsCryptoMapIsReady OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This field is true if and only if this
crypto map entry and all the descendent
configuration objects pointed by it are in
the ready state.
Note that crypto list activation requires
that all the crypto maps it points to be ready.
"
DEFVAL { false }
::= { avipsCryptoMapEntry 6 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.7
avipsCryptoMapTunnelDscp OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..63)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The method used to set the high 6 bits of the TOS in the
outer IP header. A value of -1 indicates that the bits are
copied from the payload's header. A value
between 0 and 63 inclusive indicates that the bit field is
set to the indicated value."
DEFVAL { -1 }
::= { avipsCryptoMapEntry 7 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.8
avipsCryptoMapContChannel OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object determines whether continuous channel IPSec
mode is used for the rule pointing to this crypto map.
Continuous channel IPSec means that local peer
tries to establish an IPSec SA with the remote peer
as soon as possible, also when there is no outbound
traffic that requires it."
DEFVAL { false }
::= { avipsCryptoMapEntry 8 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.9
avipsCryptoMapRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by an active crypto list."
::= { avipsCryptoMapEntry 9 }
-- 1.3.6.1.4.1.6889.2.6.1.1.3.2
avipsTranSetTable OBJECT-TYPE
SYNTAX SEQUENCE OF AvipsTranSetEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table lists all the transform-sets which can be used to
build or accept IPsec proposals."
::= { avipsIpsecGroup 2 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1
avipsTranSetEntry OBJECT-TYPE
SYNTAX AvipsTranSetEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing the information on an IPsec transform-set."
INDEX { IMPLIED avipsTranSetName }
::= { avipsTranSetTable 1 }
AvipsTranSetEntry ::=
SEQUENCE {
avipsTranSetName
DisplayString,
avipsTranSetEspEncrTran
EspEncrTransform,
avipsTranSetEspHashTran
EspHashTransform,
avipsTranSetLifetime
Integer32,
avipsTranSetLifesize
Integer32,
avipsTranSetPfsGroup
DiffHellmanGrp,
avipsTranSetEncapMode
IpsecEncapMode,
avipsTranSetEspCompTran
INTEGER,
avipsTranRowStatus
RowStatus
}
-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.1
avipsTranSetName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of this particular transform-set be referred to by an
avipsCryptoMapEntry.
This is the index of this table."
::= { avipsTranSetEntry 1 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.2
avipsTranSetEspEncrTran OBJECT-TYPE
SYNTAX EspEncrTransform
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the transform ID of the ESP encryption
algorithm."
DEFVAL { des }
::= { avipsTranSetEntry 2 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.3
avipsTranSetEspHashTran OBJECT-TYPE
SYNTAX EspHashTransform
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the ESP hash algorithm ID."
DEFVAL { sha }
::= { avipsTranSetEntry 3 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.4
avipsTranSetLifetime OBJECT-TYPE
SYNTAX Integer32 (0 | 120..86400)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies how long, in seconds,
the security association (SA) derived from this
transform should be used.
The value 0 is reserved for future use."
DEFVAL { 3600 }
::= { avipsTranSetEntry 4 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.5
avipsTranSetLifesize OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 2560..536870912)
UNITS "KBytes"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies how long, in Kilobytes,
the security association (SA) derived from this
transform should be used.
The value -1 means that no size based lifetime
will be offered to the other side.
The value 0 is reserved for future use."
DEFVAL { 4608000 }
::= { avipsTranSetEntry 5 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.6
avipsTranSetPfsGroup OBJECT-TYPE
SYNTAX DiffHellmanGrp
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the DH group that shall
be used for PFS in quick mode exchange, when creating the
security association (SA) derived from this
transform.
The reserved value 'none' means that PFS shall not be used."
DEFVAL { none }
::= { avipsTranSetEntry 6 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.7
avipsTranSetEncapMode OBJECT-TYPE
SYNTAX IpsecEncapMode
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object determines the ESP encapsulation mode that
will be used. Possible values are 'tunnel' and
'transport'. In case transport mode is configured,
it shall be used only if possible, i.e. the SIP and
DIP of the relevant rule are equivalent to the LTEP
and RTEP. Otherwise tunnel mode is used.
"
DEFVAL { tunnel }
::= { avipsTranSetEntry 7 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.8
avipsTranSetEspCompTran OBJECT-TYPE
SYNTAX INTEGER
{
none(1),
ippcpLzs(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the ESP compression algorithm:
none(1) - no compression algorithm.
ippcpLzs(2) - IPPCP with LZS compression.
"
DEFVAL { none }
::= { avipsTranSetEntry 8 }
-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.9
avipsTranRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
If active, this object must remain active if it is referenced
by a row in another table."
::= { avipsTranSetEntry 9 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4
avipsMonitoringGroup OBJECT IDENTIFIER ::= { avipsMIBObjects 4 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1
avipsMonitoringTables OBJECT IDENTIFIER ::= { avipsMonitoringGroup 1 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.1
avipsMonitoringTablesGlobals OBJECT IDENTIFIER ::= { avipsMonitoringTables 1 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.1.1
avipsMonitorRstCntrs OBJECT-TYPE
SYNTAX INTEGER
{
running(1),
reset(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Use this object to reset all the IPSec counters.
Set this object to reset(2) in order to do that.
This operation is equivalent to issuing the
'clear crypto sa counters' command in the CLI."
::= { avipsMonitoringTablesGlobals 1 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.1.2
avipsMonitorRstCntrsLastChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"sysUpTime when last IPSec counters reset by
avipsMonitorRstCntrs or 'clear crypto sa counters'
in CLI, in hundredths of a second."
::= { avipsMonitoringTablesGlobals 2 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.2
avipsPeerTable OBJECT-TYPE
SYNTAX SEQUENCE OF AvipsPeerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains entries for every active isakmp
peer in the system. The word 'active' suggests that in case
the peer is part of a redundant list of peers within a
crypto map, only the peer that is currently active will be
included.
"
::= { avipsMonitoringTables 2 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1
avipsPeerEntry OBJECT-TYPE
SYNTAX AvipsPeerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A specific peer entry."
INDEX { avipsPeerLocalId, avipsPeerRemoteId }
::= { avipsPeerTable 1 }
AvipsPeerEntry ::=
SEQUENCE {
avipsPeerLocalId
Unsigned32,
avipsPeerRemoteId
Unsigned32,
avipsPeerLocalType
IsakmpIdentityType,
avipsPeerLocalValue
IsakmpIdentityValue,
avipsPeerRemoteType
IsakmpIdentityType,
avipsPeerRemoteValue
IsakmpIdentityValue,
avipsPeerRemoteDescription
DisplayString,
avipsPeerLocalAddress
IpAddress,
avipsPeerRemoteAddress
IpAddress,
avipsPeerRemotePeerGrpActiveIndex
Integer32,
avipsPeerRemotePeerGrpActiveIdType
IsakmpIdentityType,
avipsPeerRemotePeerGrpActiveIdValue
IsakmpIdentityValue,
avipsPeerIsakmpState
INTEGER,
avipsPeerIsakmpStateLastChange
TimeStamp,
avipsPeerTunnelsClosed
Gauge32,
avipsPeerTunnelsInProgress
Gauge32,
avipsPeerTunnelsEstablished
Gauge32,
avipsPeerTunnelsFailed
Gauge32,
avipsPeerInOctets
Counter32,
avipsPeerInOctetsWraps
Counter32,
avipsPeerInDecompOctets
Counter32,
avipsPeerInDecompOctetsWraps
Counter32,
avipsPeerInDecompRatio
Gauge32,
avipsPeerInPkts
Counter32,
avipsPeerInDropPkts
Counter32,
avipsPeerOutOctets
Counter32,
avipsPeerOutOctetsWraps
Counter32,
avipsPeerOutUncompOctets
Counter32,
avipsPeerOutUncompOctetsWraps
Counter32,
avipsPeerOutCompRatio
Gauge32,
avipsPeerOutPkts
Counter32,
avipsPeerOutDropPkts
Counter32
}
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.1
avipsPeerLocalId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A synthetic ID that uniquely identifies the local peer for
monitoring purpose.
Note that this ID is persistent for this peer.
This is also the first index component of this table.
"
::= { avipsPeerEntry 1 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.2
avipsPeerRemoteId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A synthetic ID that uniquely identifies the remote peer for
monitoring purpose.
Note that this ID is persistent for this peer.
This is also the second index component of this table."
::= { avipsPeerEntry 2 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.3
avipsPeerLocalType OBJECT-TYPE
SYNTAX IsakmpIdentityType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of the local peer identity, as it was configured.
If the local peer ID was configured as an interface name,
the value of this object shall be ifName."
::= { avipsPeerEntry 3 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.4
avipsPeerLocalValue OBJECT-TYPE
SYNTAX IsakmpIdentityValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the local peer identity.
If the local peer type is an IP Address, then this
is the IP Address used to identify the local peer.
If the local peer type is an interface name, then
this is the name of the interface which IP is used
to identify the local peer.
If the local peer type is a fqdn, then this is
the fqdn used to identify the local peer."
::= { avipsPeerEntry 4 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.5
avipsPeerRemoteType OBJECT-TYPE
SYNTAX IsakmpIdentityType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of the remote peer identity.
"
::= { avipsPeerEntry 5 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.6
avipsPeerRemoteValue OBJECT-TYPE
SYNTAX IsakmpIdentityValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the remote peer identity.
If the remote peer type is an IP Address, then this
is the IP Address used to identify the remote peer.
If the remote peer type is a fqdn, then this is
the fqdn used to identify the remote peer."
::= { avipsPeerEntry 6 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.7
avipsPeerRemoteDescription OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Free text describing the remote peer or peer-group.
The value of this field is taken from
avipsIsakmpPeerDescription."
::= { avipsPeerEntry 7 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.8
avipsPeerLocalAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the local peer.
This is derived from the local-address specified in the
crypto-list that creates this connection.
If the local peer type is an IP Address, then
this is identical to avipsPeerLocalValue."
::= { avipsPeerEntry 8 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.9
avipsPeerRemoteAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the remote peer.
If the remote peer type is an IP Address, then this
is identical to avipsPeerRemoteValue.
If the remote peer type is a fqdn, then this is
the IP address that was received by DNS resolution
of the fqdn specified in IsakmpIdentityValue."
::= { avipsPeerEntry 9 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.10
avipsPeerRemotePeerGrpActiveIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"In case the remote is a peer-group, i.e. avipsPeerRemoteType
is peerGroup, this object specifies the index within
the peer-group of the currently active peer. This value
is taken from avipsPeerGroupPeersPeerIndex of the
active peer in this peer-group."
::= { avipsPeerEntry 10 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.11
avipsPeerRemotePeerGrpActiveIdType OBJECT-TYPE
SYNTAX IsakmpIdentityType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"In case the remote is a peer-group, i.e. avipsPeerRemoteType
is peerGroup, this object specifies the id-type of the
currently active peer. This value is taken from
avipsIsakmpPeerIdType of the active peer in this
peer-group."
::= { avipsPeerEntry 11 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.12
avipsPeerRemotePeerGrpActiveIdValue OBJECT-TYPE
SYNTAX IsakmpIdentityValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"In case the remote is a peer-group, i.e. avipsPeerRemoteType
is peerGroup, this object specifies the id-value of the
currently active peer. This value is taken from
avipsIsakmpPeerId of the active peer in this
peer-group."
::= { avipsPeerEntry 12 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.13
avipsPeerIsakmpState OBJECT-TYPE
SYNTAX INTEGER
{
closed(1),
inProgress(2),
established(3),
failed(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the state of the IKE connection
between the peers.
1. closed - No IKE SA exists between peers because it was
not negotiated yet, or because last IKE closed
normally due to hard timeout, clear by admin,
or DELETE received from the remote peer.
This is also the initial state of the row when
it is created.
2. inProgress - No IKE SA exists between peers, but it is
currently being negotiated in Phase-1.
3. established - IKE SA exists between peers.
4. failed - No IKE SA exists between peers because of a
failure. Possible reasons are:
1. Last time we tried to establish IKE the
negotiation failed.
2. Last time we tried to establish IKE the
remote peer DNS resolution failed.
3. During last connection DPD signaled
a connection failure.
4. During last connection a track object
signaled a connection failure.
5. The interface used for local-address does
not have an IP address asigned to it 1 minute
or more after this row was created.
6. Last time we negotiated Phase-2 the
negotiation timed-out, and the current
IKE was subsequently deleted.
NOTE: When continuous-channel IKE is used, the state shall
remain 'established' during the normal transition time
between one IKE SA and the next. However, if the IKE SA
was deleted due to a suspected problem then the state
will change normally during the transition (i.e. 'closed'
and then 'inProgress').
[Suspected problem: if the last IKE SA was DELETEd by the
remote peer after less then 5 minutes,or if it was
deleted by local admin]
"
::= { avipsPeerEntry 13 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.14
avipsPeerIsakmpStateLastChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"sysUpTime when the last change in avipsPeerIsakmpState
occured, in hundredths of a second."
::= { avipsPeerEntry 14 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.15
avipsPeerTunnelsClosed OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of IPSec tunnels associated with these peers,
which are in the 'closed' state."
::= { avipsPeerEntry 15 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.16
avipsPeerTunnelsInProgress OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of IPSec tunnels associated with these peers,
which are in the 'inProgress' state."
::= { avipsPeerEntry 16 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.17
avipsPeerTunnelsEstablished OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of IPSec tunnels associated with these peers,
which are in the 'established' state."
::= { avipsPeerEntry 17 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.18
avipsPeerTunnelsFailed OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of IPSec tunnels associated with these peers,
which are in the 'failed' state."
::= { avipsPeerEntry 18 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.19
avipsPeerInOctets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The aggregate number of octets (bytes) successfully received
through all the tunnels between the peers.
This value is accumulated BEFORE determining whether or
not the packet should be decompressed.
This number is the sum of avipsTunnelInOctets
together with avipsTunnelInOctetsWraps as a single
64-bit integer, for all the IPSec tunnels pertaining to the
peers.
See also avipsPeerInOctetsWraps for the number of times
this counter has wrapped."
::= { avipsPeerEntry 19 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.20
avipsPeerInOctetsWraps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times avipsPeerInOctets has wrapped."
::= { avipsPeerEntry 20 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.21
avipsPeerInDecompOctets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The aggregate number of decompressed octets (bytes)
successfully received through all the tunnels between
the peers.
This value is accumulated AFTER the packet is decompressed.
If compression is not being used in any of the tunnels,
this value will match the value of avipsPeerInOctets.
This number is the sum of avipsTunnelInDecompOctets
together with avipsTunnelInDecompOctetsWraps as a single
64-bit integer, for all the tunnels pertaining to the peers.
See also avipsPeerInDecompOctetsWraps for the number of times
this counter has wrapped."
::= { avipsPeerEntry 21 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.22
avipsPeerInDecompOctetsWraps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times avipsPeerInDecompOctets has wrapped."
::= { avipsPeerEntry 22 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.23
avipsPeerInDecompRatio OBJECT-TYPE
SYNTAX Gauge32
UNITS "Ratio * 100"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The overall decompression ratio * 100.
This is the ratio between the number of octets received after
decompression and the number of octets received before
decompression. It is calculated as the integer of
{[(avipsPeerInDecompOctetsWraps*2^32 + avipsPeerInDecompOctets) /
(avipsPeerInOctetsWraps*2^32 + avipsPeerInOctets)] * 100}"
::= { avipsPeerEntry 23 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.24
avipsPeerInPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The aggregate number of packets successfully received through
all the tunnels between the peers.
This number is the sum of avipsTunnelInPkts for all
the tunnels pertaining to the peers."
::= { avipsPeerEntry 24 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.25
avipsPeerInDropPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The aggregate number of packets dropped after being
received through any of the tunnels between the peers.
This number is the sum of avipsTunnelInDropTotalPkts
for all the tunnels pertaining to the peers."
::= { avipsPeerEntry 25 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.26
avipsPeerOutOctets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The aggregate number of octets (bytes) successfully
transmitted through all the tunnels between the peers.
This value is accumulated AFTER determining whether or
not the packet should be compressed.
This number is the sum of avipsTunnelOutOctets
together with vipsTunnelOutOctetsWraps as a single
64-bit integer, for all the tunnels pertaining to the peers.
See also avipsPeerOutOctetsWraps for the number of times
this counter has wrapped."
::= { avipsPeerEntry 26 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.27
avipsPeerOutOctetsWraps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times avipsPeerOutOctets has wrapped."
::= { avipsPeerEntry 27 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.28
avipsPeerOutUncompOctets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The aggregate number of uncompressed octets (bytes)
successfully transmitted through this IPsec Tunnel.
This value is accumulated BEFORE the packet is compressed.
If compression is not being used in any of the tunnels,
this value will match the value of avipsPeerOutOctets.
This number is the sum of avipsTunnelOutUncompOctets
together with avipsTunnelOutUncompOctetsWraps as a single
64-bit integer, for all the tunnels pertaining to the peers.
See also avipsPeerOutUncompOctetsWraps for the number of times
this counter has wrapped."
::= { avipsPeerEntry 28 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.29
avipsPeerOutUncompOctetsWraps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times avipsPeerInDecompOctets has wrapped."
::= { avipsPeerEntry 29 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.30
avipsPeerOutCompRatio OBJECT-TYPE
SYNTAX Gauge32
UNITS "Ratio * 100"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The overall compression ratio * 100.
This is the ratio between the number of outbound octets before
compression and the number of outbound octets after
compression. It is calculated as the integer of
{[(avipsPeerOutUncompOctetsWraps*2^32 +
avipsPeerOutUncompOctets) / (avipsPeerOutOctetsWraps*2^32
+ avipsPeerOutOctets)]* 100}"
::= { avipsPeerEntry 30 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.31
avipsPeerOutPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The aggregate number of packets successfully transmitted
through all the tunnels between the peers.
This number is the sum of avipsTunnelOutPkts for all
the tunnels pertaining to the peers."
::= { avipsPeerEntry 31 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.32
avipsPeerOutDropPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The aggregate number of packets dropped before being
transmitted through any of the tunnels between the peers.
This number is the sum of avipsTunnelOutDropTotalPkts for
all the tunnels pertaining to the peers."
::= { avipsPeerEntry 32 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3
avipsTunnelTable OBJECT-TYPE
SYNTAX SEQUENCE OF AvipsTunnelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains a entries for all the tunnels in the
system. A 'tunnel' is a rule within an active crypto-list."
::= { avipsMonitoringTables 3 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1
avipsTunnelEntry OBJECT-TYPE
SYNTAX AvipsTunnelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A specific tunnel entry."
INDEX { avipsTunnelIndex, avipsTunnelSubIndex, avipsTunnelPeerLocalId, avipsTunnelPeerRemoteId }
::= { avipsTunnelTable 1 }
AvipsTunnelEntry ::=
SEQUENCE {
avipsTunnelPeerLocalId
Unsigned32,
avipsTunnelPeerRemoteId
Unsigned32,
avipsTunnelIndex
Integer32,
avipsTunnelSubIndex
Integer32,
avipsTunnelPeerLocalType
IsakmpIdentityType,
avipsTunnelPeerLocalValue
IsakmpIdentityValue,
avipsTunnelPeerRemoteType
IsakmpIdentityType,
avipsTunnelPeerRemoteValue
IsakmpIdentityValue,
avipsTunnelDescription
DisplayString,
avipsTunnelLocalAddress
IpAddress,
avipsTunnelRemoteAddress
IpAddress,
avipsTunnelProxyLocalSubnet
IpAddress,
avipsTunnelProxyLocalMask
IpAddress,
avipsTunnelProxyRemoteSubnet
IpAddress,
avipsTunnelProxyRemoteMask
IpAddress,
avipsTunnelState
INTEGER,
avipsTunnelStateLastChange
TimeStamp,
avipsTunnelLastCntrsReset
TimeStamp,
avipsTunnelInOctets
Counter32,
avipsTunnelInOctetsWraps
Counter32,
avipsTunnelInDecompOctets
Counter32,
avipsTunnelInDecompOctetsWraps
Counter32,
avipsTunnelInDecompRatio
Gauge32,
avipsTunnelInPkts
Counter32,
avipsTunnelInDropTotalPkts
Counter32,
avipsTunnelInDropAntiReplayPkts
Counter32,
avipsTunnelInDropHmacFailPkts
Counter32,
avipsTunnelInDropBadTrailerPkts
Counter32,
avipsTunnelInDropInvalidIdPkts
Counter32,
avipsTunnelInDropUnprotectPkts
Counter32,
avipsTunnelInDropInvalidLenPkts
Counter32,
avipsTunnelInDropSaExpiredPkts
Counter32,
avipsTunnelOutOctets
Counter32,
avipsTunnelOutOctetsWraps
Counter32,
avipsTunnelOutUncompOctets
Counter32,
avipsTunnelOutUncompOctetsWraps
Counter32,
avipsTunnelOutCompRatio
Gauge32,
avipsTunnelOutPkts
Counter32,
avipsTunnelOutDropTotalPkts
Counter32,
avipsTunnelOutDropNoSaPkts
Counter32,
avipsTunnelOutDropSeqRolPkts
Counter32,
avipsTunnelOutDropSaExpiredPkts
Counter32
}
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.1
avipsTunnelPeerLocalId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A synthetic ID that uniquely identifies the local peer for
monitoring purpose.
Note that this ID is persistent for this peer.
"
::= { avipsTunnelEntry 1 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.2
avipsTunnelPeerRemoteId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A synthetic ID that uniquely identifies the remote peer for
monitoring purpose.
Note that this ID is persistent for this peer."
::= { avipsTunnelEntry 2 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.3
avipsTunnelIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ID of the crypto-list containing the rule that
creates this tunnel.
This is also the fifth index component of this table."
::= { avipsTunnelEntry 3 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.4
avipsTunnelSubIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of the crypto-list rule that creates this tunnel.
This is also the sixth index component of this table."
::= { avipsTunnelEntry 4 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.5
avipsTunnelPeerLocalType OBJECT-TYPE
SYNTAX IsakmpIdentityType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of the local peer identity, as it was configured.
If the local peer ID was configured as an interface name,
the value of this object shall be ifName.
This is also the first index component of this table."
::= { avipsTunnelEntry 5 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.6
avipsTunnelPeerLocalValue OBJECT-TYPE
SYNTAX IsakmpIdentityValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the local peer identity.
If the local peer type is an IP Address, then this
is the IP Address used to identify the local peer.
If the local peer type is an interface name, then
this is the name of the interface which IP is used
to identify the local peer.
If the local peer type is a fqdn, then this is
the fqdn used to identify the local peer.
This is also the second index component of this table."
::= { avipsTunnelEntry 6 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.7
avipsTunnelPeerRemoteType OBJECT-TYPE
SYNTAX IsakmpIdentityType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of the remote peer identity.
This is also the third index component of this table."
::= { avipsTunnelEntry 7 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.8
avipsTunnelPeerRemoteValue OBJECT-TYPE
SYNTAX IsakmpIdentityValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the remote peer identity.
If the remote peer type is an IP Address, then this
is the IP Address used to identify the remote peer.
If the remote peer type is a fqdn, then this is
the fqdn used to identify the remote peer.
This is also the fourth index component of this table."
::= { avipsTunnelEntry 8 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.9
avipsTunnelDescription OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Free text describing this tunnel.
The value of this field is taken from the
description specified for the crypto-list rule that
creates this tunnel."
::= { avipsTunnelEntry 9 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.10
avipsTunnelLocalAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the local peer."
::= { avipsTunnelEntry 10 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.11
avipsTunnelRemoteAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the remote peer."
::= { avipsTunnelEntry 11 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.12
avipsTunnelProxyLocalSubnet OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The local subnet address this tunnel protects."
::= { avipsTunnelEntry 12 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.13
avipsTunnelProxyLocalMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The local subnet mask this tunnel protects."
::= { avipsTunnelEntry 13 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.14
avipsTunnelProxyRemoteSubnet OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The remote subnet address this tunnel protects."
::= { avipsTunnelEntry 14 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.15
avipsTunnelProxyRemoteMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The remote subnet mask this tunnel protects."
::= { avipsTunnelEntry 15 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.16
avipsTunnelState OBJECT-TYPE
SYNTAX INTEGER
{
closed(1),
inProgress(2),
established(3),
failed(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the state of this tunnel.
1. closed - The tunnel does not exist between the peers because
it was not negotiated yet, or because last tunnel
closed normally due to hard timeout, clear by admin
or DELETE received from the remote peer.
This is also the initial state of the row when
it is created.
2. inProgress - The tunnel does not exist between peers, but it
is currently being negotiated in IKE Quick Mode.
3. established - The tunnel exists between peers.
4. failed - The tunnel does not exist between peers because of a
failure:
1. Last time we tried to establish this tunnel
the negotiation failed.
2. The connection with the remote peer has failed due
to one of the following, and hence all the
corresponding ipsec tunnels were closed:
a. Last time we tried to establish IKE the
negotiation failed.
b. During last connection a track object
signaled a connection failure.
c. The interface used for local-address does
not have an IP address asigned to it 1 minute
or more after this row was created.
NOTE: The word 'tunnel' in this context refers to 1 or more
IPSec SAs (ESP or AH) between the peers, pertaining to the proxy
addresses specified in this entry. As long as there is at least
1 SA established, the tunnel state shall remain 'established'.
"
::= { avipsTunnelEntry 16 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.17
avipsTunnelStateLastChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"sysUpTime when the last change in avipsTunnelState
occured, in hundredths of a second."
::= { avipsTunnelEntry 17 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.18
avipsTunnelLastCntrsReset OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"sysUpTime when last counter reset for this tunnel
occured, in hundredths of a second.
Counters are zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 18 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.19
avipsTunnelInOctets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of octets (bytes) successfully received
through this IPSec tunnel.
This value is accumulated BEFORE determining whether or
not the packet should be decompressed.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config).
See also avipsTunnelInOctetsWraps for the number of times
this counter has wrapped."
::= { avipsTunnelEntry 19 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.20
avipsTunnelInOctetsWraps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times avipsTunnelInOctets has wrapped.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 20 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.21
avipsTunnelInDecompOctets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of decompressed octets (bytes) successfully
received through this IPsec Tunnel.
This value is accumulated AFTER the packet is decompressed.
If compression is not being used, this value will match the
value of avipsTunnelInOctets.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config).
See also avipsTunnelInDecompOctetsWraps for the number of times
this counter has wrapped."
::= { avipsTunnelEntry 21 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.22
avipsTunnelInDecompOctetsWraps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times avipsTunnelInDecompOctets has wrapped.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 22 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.23
avipsTunnelInDecompRatio OBJECT-TYPE
SYNTAX Gauge32
UNITS "Ratio * 100"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The overall decompression ratio * 100.
This is the ratio between the number of octets received after
decompression and the number of octets received before
decompression. It is calculated as the integer of
{[(avipsTunnelInDecompOctetsWraps*2^32 +
avipsTunnelInDecompOctets) /
(avipsTunnelInOctetsWraps*2^32 + avipsTunnelInOctets)] * 100}"
::= { avipsTunnelEntry 23 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.24
avipsTunnelInPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets succesfully received through this
tunnel.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 24 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.25
avipsTunnelInDropTotalPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets discarded after being received
through this tunnel.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 25 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.26
avipsTunnelInDropAntiReplayPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded after being received
through this tunnel due to anti-replay verification failure.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 26 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.27
avipsTunnelInDropHmacFailPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded after being received
through this tunnel due to HMAC verification failure.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 27 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.28
avipsTunnelInDropBadTrailerPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded after being received
through this tunnel due to bad ESP trailer format received
failure.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 28 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.29
avipsTunnelInDropInvalidIdPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded after being received
through this tunnel due to invalid identity: inner
(original) IP header address doesn't match the configured
tunnel proxy IPs.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 29 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.30
avipsTunnelInDropUnprotectPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded after being received
in the clear (unprotected) although they were expected
to arrive protected by this tunnel (i.e. unprotected
packets with source and destination IP matching the
proxy IPs of this tunnel).
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 30 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.31
avipsTunnelInDropInvalidLenPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded after being received
through this tunnel due to length being not aligned to
cipher block.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 31 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.32
avipsTunnelInDropSaExpiredPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded after being received
through this tunnel due to SA KB lifetime being smaller
then the external IP packet total length.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 32 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.33
avipsTunnelOutOctets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of octets (bytes) successfully transmitted
through this IPSec tunnel.
This value is accumulated AFTER determining whether or
not the packet should be compressed.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config).
See also avipsTunnelOutOctetsWraps for the number of times
this counter has wrapped."
::= { avipsTunnelEntry 33 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.34
avipsTunnelOutOctetsWraps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times avipsTunnelOutOctets has wrapped.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 34 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.35
avipsTunnelOutUncompOctets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of uncompressed octets (bytes) successfully
transmitted through this IPsec Tunnel.
This value is accumulated BEFORE the packet is compressed.
If compression is not being used, this value will match the
value of avipsTunnelOutOctets.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config).
See also avipsTunnelOutUncompOctetsWraps for the number of
times this counter has wrapped."
::= { avipsTunnelEntry 35 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.36
avipsTunnelOutUncompOctetsWraps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times avipsTunnelInDecompOctets has wrapped.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 36 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.37
avipsTunnelOutCompRatio OBJECT-TYPE
SYNTAX Gauge32
UNITS "Ratio * 100"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The overall compression ratio * 100.
This is the ratio between the number of outbound octets before
compression and the number of outbound octets after
compression. It is calculated as the integer of
{[(avipsTunnelOutUncompOctetsWraps*2^32 +
avipsTunnelOutUncompOctets) / (avipsTunnelOutOctetsWraps*2^32
+ avipsTunnelOutOctets)]* 100}"
::= { avipsTunnelEntry 37 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.38
avipsTunnelOutPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets succesfully transmitted through
this tunnel.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 38 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.39
avipsTunnelOutDropTotalPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets dropped before being transmitted
through this tunnel.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 39 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.40
avipsTunnelOutDropNoSaPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets dropped before being transmitted
through this tunnel due to no IPSec SA existed when
the packet arrived.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 40 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.41
avipsTunnelOutDropSeqRolPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets dropped before being transmitted
through this tunnel due to sequence number rollover:
the sequence number of the IPSec SA reached its capacity.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 41 }
-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.42
avipsTunnelOutDropSaExpiredPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets dropped before being transmitted
through this tunnel due to SA expired: SA KB lifetime
is smaller then the external IP packet total length.
This counter is zeroized when:
o Issuing 'clear crypto sa counters' in CLI.
o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
o Issuing 'clear crypto sa all' in CLI.
o Activating the crypto-list on an interface for the first
time.
o Failing-over to a different peer.
o Learning a new local-address (DHCP, PPPoE, user config)."
::= { avipsTunnelEntry 42 }
-- 1.3.6.1.4.1.6889.2.6.1.2
avipsMIBNotificationPrefix OBJECT IDENTIFIER ::= { avayaIpsecMib 2 }
-- 1.3.6.1.4.1.6889.2.6.1.2.0
avipsMIBNotifications OBJECT IDENTIFIER ::= { avipsMIBNotificationPrefix 0 }
-- 1.3.6.1.4.1.6889.2.6.1.2.0.1
avipsIskampEstablished NOTIFICATION-TYPE
OBJECTS { avipsPeerLocalAddress, avipsPeerRemoteAddress, avipsPeerIsakmpStateLastChange, avipsPeerRemoteDescription }
STATUS current
DESCRIPTION
"This notification is sent whenever avipsPeerIsakmpState moves
into the 'established' state."
::= { avipsMIBNotifications 1 }
-- 1.3.6.1.4.1.6889.2.6.1.2.0.2
avipsIskampClosed NOTIFICATION-TYPE
OBJECTS { avipsPeerLocalAddress, avipsPeerRemoteAddress, avipsPeerIsakmpStateLastChange, avipsPeerRemoteDescription }
STATUS current
DESCRIPTION
"This notification is sent whenever avipsPeerIsakmpState moves
into the 'closed' state, excluding during row creation."
::= { avipsMIBNotifications 2 }
-- 1.3.6.1.4.1.6889.2.6.1.2.0.3
avipsIskampFailed NOTIFICATION-TYPE
OBJECTS { avipsPeerLocalAddress, avipsPeerRemoteAddress, avipsPeerIsakmpStateLastChange, avipsPeerRemoteDescription }
STATUS current
DESCRIPTION
"This notification is sent whenever avipsPeerIsakmpState moves
into the 'failed' state."
::= { avipsMIBNotifications 3 }
-- 1.3.6.1.4.1.6889.2.6.1.2.0.4
avipsIpsecTunnelEstablished NOTIFICATION-TYPE
OBJECTS { avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, avipsTunnelProxyRemoteSubnet,
avipsTunnelProxyRemoteMask, avipsTunnelStateLastChange, avipsTunnelDescription }
STATUS current
DESCRIPTION
"This notification is sent whenever avipsTunnelState moves
into the 'established' state."
::= { avipsMIBNotifications 4 }
-- 1.3.6.1.4.1.6889.2.6.1.2.0.5
avipsIpsecTunnelClosed NOTIFICATION-TYPE
OBJECTS { avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, avipsTunnelProxyRemoteSubnet,
avipsTunnelProxyRemoteMask, avipsTunnelStateLastChange, avipsTunnelDescription }
STATUS current
DESCRIPTION
"This notification is sent whenever avipsTunnelState moves
into the 'closed' state, excluding during row creation."
::= { avipsMIBNotifications 5 }
-- 1.3.6.1.4.1.6889.2.6.1.2.0.6
avipsIpsecTunnelFailed NOTIFICATION-TYPE
OBJECTS { avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, avipsTunnelProxyRemoteSubnet,
avipsTunnelProxyRemoteMask, avipsTunnelStateLastChange, avipsTunnelDescription }
STATUS current
DESCRIPTION
"This notification is sent whenever avipsTunnelState moves
into the 'failed' state."
::= { avipsMIBNotifications 6 }
-- 1.3.6.1.4.1.6889.2.6.1.3
avipsMIBConformance OBJECT IDENTIFIER ::= { avayaIpsecMib 3 }
-- 1.3.6.1.4.1.6889.2.6.1.3.1
avipsMIBGroups OBJECT IDENTIFIER ::= { avipsMIBConformance 1 }
-- 1.3.6.1.4.1.6889.2.6.1.3.1.1
avipsConfigurationGroup OBJECT-GROUP
OBJECTS { avipsGlobalsInvalidSpiRecovery, avipsNatTEnabled, avipsNatTKeepaliveInterval, avipsIsakmpPeerDescription, avipsIsakmpPeerIsaPlcyId1,
avipsIsakmpPeerSelfIdType, avipsIsakmpPeerSelfId, avipsIsakmpPeerKeepaliveMetric, avipsIsakmpPeerKeepaliveInterval, avipsIsakmpPeerKeepaliveRetryInterval,
avipsIsakmpPeerKeepaliveTrackId, avipsIsakmpPeerContChannel, avipsIsakmpPeerRowStatus, avipsPeerGroupPeersPIdType, avipsPeerGroupPeersPIdValue,
avipsPeerGroupPeersRowStatus, avipsIsakmpPlcyDescription, avipsIsakmpPlcyDhGroup, avipsIsakmpPlcyEncrAlgo, avipsIsakmpPlcyHashAlgo,
avipsIsakmpPlcyLifetime, avipsIsakmpPlcyAuth, avipsIsakmpPlcyRowStatus, avipsCryptoMapDescription, avipsCryptoMapPeerIdType,
avipsCryptoMapPeerIdValue, avipsCryptoMapTranSetName1, avipsCryptoMapIsReady, avipsCryptoMapTunnelDscp, avipsCryptoMapContChannel,
avipsCryptoMapRowStatus, avipsTranSetEspEncrTran, avipsTranSetEspHashTran, avipsTranSetLifetime, avipsTranSetLifesize,
avipsTranSetPfsGroup, avipsTranSetEncapMode, avipsTranSetEspCompTran, avipsTranRowStatus, avipsCryptoEngineAccelEnabled,
avipsIsakmpPeerInitiateMode }
STATUS current
DESCRIPTION
"This group consists of:
1) Global configuration objects.
2) Isakmp configuration objects.
3) IPsec configuration objects."
::= { avipsMIBGroups 1 }
-- 1.3.6.1.4.1.6889.2.6.1.3.1.2
avipsMonitorGroup OBJECT-GROUP
OBJECTS { avipsMonitorRstCntrs, avipsMonitorRstCntrsLastChange, avipsPeerRemoteDescription, avipsPeerLocalAddress, avipsPeerRemoteAddress,
avipsPeerIsakmpState, avipsPeerIsakmpStateLastChange, avipsPeerInOctets, avipsPeerInOctetsWraps, avipsPeerInPkts,
avipsPeerInDropPkts, avipsPeerOutOctets, avipsPeerOutOctetsWraps, avipsPeerOutPkts, avipsPeerOutDropPkts,
avipsTunnelDescription, avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask,
avipsTunnelProxyRemoteSubnet, avipsTunnelProxyRemoteMask, avipsTunnelState, avipsTunnelStateLastChange, avipsTunnelInOctets,
avipsTunnelInOctetsWraps, avipsTunnelInPkts, avipsTunnelInDropAntiReplayPkts, avipsTunnelInDropHmacFailPkts, avipsTunnelInDropBadTrailerPkts,
avipsTunnelInDropInvalidIdPkts, avipsTunnelInDropUnprotectPkts, avipsTunnelInDropInvalidLenPkts, avipsTunnelInDropSaExpiredPkts, avipsTunnelOutOctets,
avipsTunnelOutOctetsWraps, avipsTunnelOutPkts, avipsTunnelOutDropNoSaPkts, avipsTunnelOutDropSeqRolPkts, avipsTunnelOutDropSaExpiredPkts,
avipsTunnelLastCntrsReset, avipsPeerRemotePeerGrpActiveIdValue, avipsPeerTunnelsClosed, avipsPeerTunnelsInProgress, avipsPeerTunnelsEstablished,
avipsPeerTunnelsFailed, avipsTunnelInDecompOctets, avipsTunnelInDecompOctetsWraps, avipsTunnelOutUncompOctets, avipsTunnelOutUncompOctetsWraps,
avipsPeerInDecompOctets, avipsPeerInDecompOctetsWraps, avipsPeerOutUncompOctetsWraps, avipsPeerOutUncompOctets, avipsPeerInDecompRatio,
avipsPeerOutCompRatio, avipsTunnelInDecompRatio, avipsTunnelOutCompRatio, avipsPeerLocalType, avipsPeerLocalValue,
avipsPeerRemoteType, avipsPeerRemoteValue, avipsTunnelPeerLocalType, avipsTunnelPeerLocalValue, avipsTunnelPeerRemoteType,
avipsTunnelPeerRemoteValue, avipsPeerRemotePeerGrpActiveIdType, avipsPeerRemotePeerGrpActiveIndex, avipsTunnelInDropTotalPkts, avipsTunnelOutDropTotalPkts
}
STATUS current
DESCRIPTION
"This group consists of:
1) Global monitoring objects.
2) Peer monitoring objects.
3) IPSec tunnels monitoring objects."
::= { avipsMIBGroups 2 }
-- 1.3.6.1.4.1.6889.2.6.1.3.2
avipsMIBCompliances OBJECT IDENTIFIER ::= { avipsMIBConformance 2 }
-- 1.3.6.1.4.1.6889.2.6.1.3.2.1
avipsMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities
the IP Security Protocol."
MODULE -- this module
MANDATORY-GROUPS { avipsConfigurationGroup, avipsMonitorGroup }
::= { avipsMIBCompliances 1 }
END
--
-- AVAYA-IPSEC-MIB.my
--
View Git Blame Copy Permalink