WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/nokia/TIMETRA-IPSEC-MIB

16902 lines
621 KiB
Plaintext
Raw Blame History

TIMETRA-IPSEC-MIB DEFINITIONS ::= BEGIN
IMPORTS
CounterBasedGauge64
FROM HCNUM-TC
InterfaceIndex
FROM IF-MIB
InetAddress, InetAddressPrefixLength,
InetAddressType, InetPortNumber
FROM INET-ADDRESS-MIB
MODULE-COMPLIANCE, NOTIFICATION-GROUP,
OBJECT-GROUP
FROM SNMPv2-CONF
Counter32, Counter64, Gauge32,
Integer32, MODULE-IDENTITY,
NOTIFICATION-TYPE, OBJECT-TYPE,
Unsigned32
FROM SNMPv2-SMI
DateAndTime, DisplayString, RowStatus,
StorageType, TEXTUAL-CONVENTION,
TimeStamp, TruthValue
FROM SNMPv2-TC
TmnxEsaIdOrZero, TmnxEsaVmIdOrZero,
TmnxHwIndexOrZero, tmnxCardSlotNum,
tmnxChassisIndex, tmnxEsaId,
tmnxEsaVmId, tmnxIPsecIsaGrpId,
tmnxMDASlotNum
FROM TIMETRA-CHASSIS-MIB
TFilterID
FROM TIMETRA-FILTER-MIB
timetraSRMIBModules, tmnxSRConfs,
tmnxSRNotifyPrefix, tmnxSRObjs
FROM TIMETRA-GLOBAL-MIB
sapEncapValue, sapPortId
FROM TIMETRA-SAP-MIB
svcId
FROM TIMETRA-SERV-MIB
TEntryId, TItemDescription,
TItemLongDescription,
TLNamedItemOrEmpty, TNamedItem,
TNamedItemOrEmpty, TTcpUdpPort,
TmnxAdminState, TmnxAuthAlgorithm,
TmnxBfdSessOperState,
TmnxEnabledDisabled, TmnxEncrAlgorithm,
TmnxIPsecDirection, TmnxIPsecKeyingType,
TmnxIPsecTunnelTemplateId,
TmnxIPsecTunnelTemplateIdOrZero,
TmnxIkePolicyAuthMethod,
TmnxIkePolicyAutoEapMethod,
TmnxIkePolicyAutoEapOwnMethod,
TmnxIkePolicyDHGroupOrZero,
TmnxIkePolicyOwnAuthMethod,
TmnxOperState, TmnxServId,
TmnxTunnelGroupIdOrZero, TmnxVRtrID,
TmnxVRtrIDOrZero
FROM TIMETRA-TC-MIB
vRtrID, vRtrIfIndex
FROM TIMETRA-VRTR-MIB
;
timetraIPsecMIBModule MODULE-IDENTITY
LAST-UPDATED "201701010000Z"
ORGANIZATION "Nokia"
CONTACT-INFO
"Nokia SROS Support
Web: http://www.nokia.com"
DESCRIPTION
"This document is the SNMP MIB module to manage and provision
the Nokia SROS device with IPsec tunneling, encryption
and other related features.
Copyright 2008-2018 Nokia. All rights reserved.
Reproduction of this document is authorized on the condition
that the foregoing copyright notice is included.
This SNMP MIB module (Specification) embodies Nokia's
proprietary intellectual property. Nokia retains all
title and ownership in the Specification, including any revisions.
Nokia grants all interested parties a non-exclusive license to use and
distribute an unmodified copy of this Specification in connection with
management of Nokia products, and without fee, provided this copyright
notice and license appear on all copies.
This Specification is supplied `as is', and Nokia
makes no warranty, either express or implied, as to the use,
operation, condition, or performance of the Specification."
REVISION "201701010000Z"
DESCRIPTION
"Rev 15.0 1 Jan 2017 00:00
15.0 release of the TIMETRA-IPSEC-MIB."
REVISION "201601010000Z"
DESCRIPTION
"Rev 14.0 1 Jan 2016 00:00
14.0 release of the TIMETRA-IPSEC-MIB."
REVISION "201501010000Z"
DESCRIPTION
"Rev 13.0 1 Jan 2015 00:00
13.0 release of the TIMETRA-IPSEC-MIB."
REVISION "201401010000Z"
DESCRIPTION
"Rev 12.0 1 Jan 2014 00:00
12.0 release of the TIMETRA-IPSEC-MIB."
REVISION "201102010000Z"
DESCRIPTION
"Rev 9.0 1 Feb 2011 00:00
9.0 release of the TIMETRA-IPSEC-MIB."
REVISION "200902280000Z"
DESCRIPTION
"Rev 7.0 28 Feb 2009 00:00
7.0 release of the TIMETRA-IPSEC-MIB."
REVISION "200807010000Z"
DESCRIPTION
"Rev 6.1 01 Jul 2008 00:00
6.1 release of the TIMETRA-IPSEC-MIB."
REVISION "200801010000Z"
DESCRIPTION
"Rev 0.1 01 Jan 2008 00:00
Initial version of the TIMETRA-IPSEC-MIB."
::= { timetraSRMIBModules 48 }
TmnxIPsecTransformId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A number used to identify an entry in the tmnxIPsecTransformTable."
SYNTAX Unsigned32 (1..2048)
TmnxIPsecTransformIdOrZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A number used to identify an entry in the tmnxIPsecTransformTable or
zero."
SYNTAX Unsigned32 (0..2048)
TmnxIPsecIkeTransformId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A number used to uniquely identify an IKE transform entry."
SYNTAX Unsigned32 (1..4096)
TmnxIPsecIkeTransformIdOrZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A number used to uniquely identify an IKE transform entry or zero."
SYNTAX Unsigned32 (0..4096)
TmnxIkePolicyId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A number used to identify an entry in the tmnxIkePolicyTable."
SYNTAX Unsigned32 (1..2048)
TmnxIkePolicyIdOrZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A number used to identify an entry in the tmnxIkePolicyTable or zero."
SYNTAX Unsigned32 (0..2048)
TmnxIkeVersion ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxIkeVersion data type is an integer that indicates the version of
IKE supported by the entry."
SYNTAX INTEGER {
version1 (1),
version2 (2)
}
TmnxIkePolicyIkeMode ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxIkePolicyIkeMode data type is an enumerated integer that describes
the values used to identify the IKE mode of operation. This determines
the number of messages used to establish the session."
SYNTAX INTEGER {
main (1),
aggressive (2)
}
TmnxIkePolicyDHGroup ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxIkePolicyDHGroup data type is an enumerated integer that describes
the values used to identify the diffie-hellman group for calculating
the session keys.
Value Descriptions:
group1 - 768 bits
group2 - 1024 bits
group5 - 1536 bits
group14 - 2048 bits
group15 - 3072 bits
group19 - 256 bits random ECP group
group20 - 384 bits random ECP group
group21 - 521 bits random ECP group
More bits provide a higher level of security, but require more
processing."
SYNTAX INTEGER {
group1 (1),
group2 (2),
group5 (5),
group14 (14),
group15 (15),
group19 (19),
group20 (20),
group21 (21)
}
TmnxIPsecTransformPfsDhGrp ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxIPsecTransformPfsDhGrp data type is similar to
TmnxIkePolicyDHGroup but allows the value 'disablePfs (0)' and
'inherit (-1)'.
Diffie-Hellman (DH) group is used by the system to achieve Perfect
Forward Secrecy (PFS).
disablePfs - the PFS functionality is disabled
inherit - the value of DH group used by the system is
inherited from another MIB object. Please refer
to the description of the specific MIB object
(e.g., tmnxIPsecTransformPfsDhGroup)
for detail information."
SYNTAX INTEGER {
inherit (-1),
disablePfs (0),
group1 (1),
group2 (2),
group5 (5),
group14 (14),
group15 (15),
group19 (19),
group20 (20),
group21 (21)
}
TmnxIPsecPolicyId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A number used to identify an entry in the tmnxIPsecPolicyTable."
SYNTAX Unsigned32 (1..32768)
TmnxIPsecPolicyIdOrZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A number used to identify an entry in the tmnxIPsecPolicyTable or
zero."
SYNTAX Unsigned32 (0..32768)
TmnxIPsecDirection2 ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxIPsecDirection data type is an enumerated integer that describes
the values used to identify the direction of an IPsec tunnel."
SYNTAX INTEGER {
inbound (1),
outbound (2),
bidirectional (3)
}
TmnxIPsecProtocol ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxIPsecProtocol data type is an enumerated integer that describes
the values used to identify the used IPsec protocol."
SYNTAX INTEGER {
ah (1),
esp (2)
}
TmnxIPsecLocalIdType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxIPsecLocalIdType data type is an enumerated integer that describes
the local identifier type used for IDi or IDr for IKEv2."
SYNTAX INTEGER {
none (0),
ipv4 (1),
fqdn (2),
dn (3),
ipv6 (4)
}
TmnxCertRevStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxCertRevStatus data type is an enumerated integer that describes
the certification revocation status."
SYNTAX INTEGER {
crl (1),
ocsp (2)
}
TmnxCertRevStatusOrNone ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxCertRevStatus data type is an enumerated integer that describes
the certification revocation status or none."
SYNTAX INTEGER {
none (0),
crl (1),
ocsp (2)
}
TmnxIkePolicyRelayUnSolCfgAttr ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The TmnxIkePolicyRelayUnSolCfgAttr indicates the unsolicited
configuration attributes for IKEv2 remote-access tunnels. These
attributes, when provided by the authentication server, are returned
to the IKE peer regardless of whether or not they have been requested.
Normally, only the requested attributes are returned."
SYNTAX BITS {
internalIp4Address (0),
internalIp4Netmask (1),
internalIp4Dns (2),
internalIp6Address (3),
internalIp6Dns (4)
}
TmnxIpsecTrafficSelSide ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxIpsecTrafficSelSide data type is an enumerated integer that
describes the values used to identify the side of a traffic selector
entry."
SYNTAX INTEGER {
local (1),
remote (2)
}
TmnxIPsecHistStatsType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxIPsecHistStatsType data type is an enumerated integer that
describes the values used to identify the type of IPsec historical
statistics.
Value Descriptions:
numOfTotalIPsecTnls - The total number of IPsec tunnels
numOfIPsecSL2LTnls - The number of IPsec static LAN-to-LAN
(SL2L) tunnels
numOfIPsecDL2LTnls - The number of IPsec dynamic LAN-to-LAN
(DL2L) tunnels
numOfIPsecRATnls - The number of IPsec remote access (RA)
tunnels
numOfIPsecEncrPkts - The number of encrypted IPsec packets
numOfIPsecDecrPkts - The number of decrypted IPsec packets
numOfIPsecEnDecrPkts - The number of encrypted and decrypted IPsec
packets
numOfIPsecEncrBits - The number of bits in the encrypted IPsec
packets
numOfIPsecDecrBits - The number of bits in the decrypted IPsec
packets
numOfIPsecEnDecrBits - The number of bits in the encrypted and
decrypted IPsec packets
numOfGreTnlEncapPkts - The number of encapsulated Generic Routing
Encapsulation (GRE) tunnel packets
numOfGreTnlDecapPkts - The number of decapsulated GRE tunnel
packets
numOfGreTnlEnDecapPkts - The number of encapsulated and
decapsulated GRE tunnel packets
numOfGreTnlEncapBits - The number of bits in the encapsulated GRE
tunnel packets
numOfGreTnlDecapBits - The number of bits in the decapsulated GRE
tunnel packets
numOfGreTnlEnDecapBits - The number of bits in the encapsulated and
decapsulated GRE tunnel packets
numOfIpTnlEncapPkts - The number of encapsulated IP tunnel
packets
numOfIpTnlDecapPkts - The number of decapsulated IP tunnel
packets
numOfIpTnlEnDecapPkts - The number of encapsulated and
decapsulated IP tunnel packets
numOfIpTnlEncapBits - The number of bits in the encapsulated IP
tunnel packets
numOfIpTnlDecapBits - The number of bits in the decapsulated IP
tunnel packets
numOfIpTnlEnDecapBits - The number of bits in the encapsulated and
decapsulated IP tunnel packets
numOfL2tpv3TnlEncapPkts - The number of encapsulated Layer 2
Tunneling Protocol Version 3 (L2TPv3)
tunnel packets
numOfL2tpv3TnlDecapPkts - The number of decapsulated L2TPv3 tunnel
packets
numOfL2tpv3TnlEnDecapPkts - The number of encapsulated and decapsulated
L2TPv3 tunnel packets
numOfL2tpv3TnlEncapBits - The number of bits in the encapsulated
L2TPv3 tunnel packets
numOfL2tpv3TnlDecapBits - The number of bits in the decapsulated
L2TPv3 tunnel packets
numOfL2tpv3TnlEnDecapBits - The number of bits in the encapsulated and
decapsulated L2TPv3 tunnel packets
numOfNewTotalIPsecTnls - The total number of new successfully
created IPsec tunnels
numOfNewIPsecSL2LTnls - The number of new successfully created
IPsec static LAN-to-LAN (SL2L) tunnels
numOfNewIPsecDL2LTnls - The number of new successfully created
IPsec dynamic LAN-to-LAN (DL2L) tunnels
numOfNewIPsecRATnls - The number of new successfully created
IPsec remote access (RA) tunnels
numOfIkeAuthFails - The number of IKE authentication failures
numOfIkeNoPrpslFails - The number of IKE non-proposal chosen
failures
numOfIkeAddrAsgFails - The number of IKE address assignment
failures
numOfIkeInvldTsFails - The number of IKE invalid Traffic
Selector (TS) failures
numOfIkeInvldKeFails - The number of IKE invalid Key Exchange (KE)
failures
numOfIkeDpdTimeoutFails - The number of IKE Dead Peer Detection
(DPD) timeout failures
numOfIkeOtherReasonFails - The number of all other IKE exchange
failures
isaCtrolPlaneCpuUsageBp - ISA CPU usage base point in control plane
1 base point = 0.01%
isaDataPlaneCpuUsageBp - ISA CPU usage base point in data plane
numOfIsaMemAllocFailures - The number of ISA memory allocation
failures
All the above statistics are calculated in a certain sampling period.
The statistical values are reset to zero at the beginning of each
sampling period. The system maintains the history records for those
statistics.
The statistics listed below are calculated accumulatively since the
start of statistics monitoring. The system only maintains the current
values for those statistics.
numOfAccumGreTnls - The number of accumulative Generic
Routing Encapsulation (GRE) tunnels
numOfAccumIpTnls - The number of accumulative IP tunnels
numOfAccumL2tpv3Tnls - The number of accumulative Layer 2
Tunneling Protocol Version 3 (L2TPv3)
tunnels
numOfAccumIPsecEncrPkts - The number of accumulative encrypted
IPsec packets
numOfAccumIPsecDecrPkts - The number of accumulative decrypted
IPsec packets
numOfAccumIPsecEnDecrPkts - The number of accumulative encrypted
and decrypted IPsec packets
numOfAccumIPsecEncrKBs - The number of kibibytes (1 kibibyte ==
1024 bytes) in the accumulative
encrypted IPsec packets
numOfAccumIPsecDecrKBs - The number of KBs in the accumulative
decrypted IPsec packets
numOfAccumIPsecEnDecrKBs - The number of KBs in the accumulative
encrypted and decrypted IPsec packets
numOfAccumGreTnlDecapPkts - The number of accumulative decrypted
GRE tunnel packets
numOfAccumGreTnlEnDecapPkts - The number of accumulative encrypted
and decrypted GRE tunnel packets
numOfAccumGreTnlEncapKBs - The number of KBs in the accumulative
encrypted GRE tunnel packets
numOfAccumGreTnlDecapKBs - The number of KBs in the accumulative
decrypted GRE tunnel packets
numOfAccumGreTnlEnDecapKBs - The number of KBs in the accumulative
encrypted and decrypted GRE tunnel
packets
numOfAccumIpTnlDecapPkts - The number of accumulative decrypted
IP tunnel packets
numOfAccumIpTnlEnDecapPkts - The number of accumulative encrypted
and decrypted IP tunnel packets
numOfAccumIpTnlEncapKBs - The number of KBs in the accumulative
encrypted IP tunnel packets
numOfAccumIpTnlDecapKBs - The number of KBs in the accumulative
decrypted IP tunnel packets
numOfAccumIpTnlEnDecapKBs - The number of KBs in the accumulative
encrypted and decrypted IP tunnel
packets
numOfAccumL2tpv3TnlDecapPkts - The number of accumulative decrypted
L2TPv3 tunnel packets
numOfAccumL2tpv3TnlEnDecapPkts - The number of accumulative encrypted
and decrypted L2TPv3 tunnel packets
numOfAccumL2tpv3TnlEncapKBs - The number of KBs in the accumulative
encrypted L2TPv3 tunnel packets
numOfAccumL2tpv3TnlDecapKBs - The number of KBs in the accumulative
decrypted L2TPv3 tunnel packets
numOfAccumL2tpv3TnlEnDecapKBs - The number of KBs in the accumulative
encrypted and decrypted L2TPv3 tunnel
packets
ikev2IkeSaInitExchgPktsDrops - Early drops of IKE-SA-INIT exchange packet
ikev2IkeAuthExchgPktsDrops - Early drops of IKE-AUTH exchange packet
ikev2CrtCldInfoExchgPktsDrops - Early drops of Create-CHILD and Informational
exchange packets"
SYNTAX INTEGER {
numOfTotalIPsecTnls (1),
numOfIPsecSL2LTnls (2),
numOfIPsecDL2LTnls (3),
numOfIPsecRATnls (4),
numOfAccumGreTnls (5),
numOfAccumIpTnls (6),
numOfAccumL2tpv3Tnls (7),
numOfIPsecEncrPkts (100),
numOfIPsecDecrPkts (101),
numOfIPsecEnDecrPkts (102),
numOfIPsecEncrBits (103),
numOfIPsecDecrBits (104),
numOfIPsecEnDecrBits (105),
numOfGreTnlEncapPkts (120),
numOfGreTnlDecapPkts (121),
numOfGreTnlEnDecapPkts (122),
numOfGreTnlEncapBits (123),
numOfGreTnlDecapBits (124),
numOfGreTnlEnDecapBits (125),
numOfIpTnlEncapPkts (140),
numOfIpTnlDecapPkts (141),
numOfIpTnlEnDecapPkts (142),
numOfIpTnlEncapBits (143),
numOfIpTnlDecapBits (144),
numOfIpTnlEnDecapBits (145),
numOfL2tpv3TnlEncapPkts (160),
numOfL2tpv3TnlDecapPkts (161),
numOfL2tpv3TnlEnDecapPkts (162),
numOfL2tpv3TnlEncapBits (163),
numOfL2tpv3TnlDecapBits (164),
numOfL2tpv3TnlEnDecapBits (165),
numOfNewTotalIPsecTnls (200),
numOfNewIPsecSL2LTnls (201),
numOfNewIPsecDL2LTnls (202),
numOfNewIPsecRATnls (203),
numOfIkeAuthFails (300),
numOfIkeNoPrpslFails (301),
numOfIkeAddrAsgFails (302),
numOfIkeInvldTsFails (303),
numOfIkeInvldKeFails (304),
numOfIkeDpdTimeoutFails (305),
numOfIkeOtherReasonFails (306),
numOfAccumIPsecEncrPkts (400),
numOfAccumIPsecDecrPkts (401),
numOfAccumIPsecEnDecrPkts (402),
numOfAccumIPsecEncrKBs (403),
numOfAccumIPsecDecrKBs (404),
numOfAccumIPsecEnDecrKBs (405),
numOfAccumGreTnlEncapPkts (420),
numOfAccumGreTnlDecapPkts (421),
numOfAccumGreTnlEnDecapPkts (422),
numOfAccumGreTnlEncapKBs (423),
numOfAccumGreTnlDecapKBs (424),
numOfAccumGreTnlEnDecapKBs (425),
numOfAccumIpTnlEncapPkts (440),
numOfAccumIpTnlDecapPkts (441),
numOfAccumIpTnlEnDecapPkts (442),
numOfAccumIpTnlEncapKBs (443),
numOfAccumIpTnlDecapKBs (444),
numOfAccumIpTnlEnDecapKBs (445),
numOfAccumL2tpv3TnlEncapPkts (460),
numOfAccumL2tpv3TnlDecapPkts (461),
numOfAccumL2tpv3TnlEnDecapPkts (462),
numOfAccumL2tpv3TnlEncapKBs (463),
numOfAccumL2tpv3TnlDecapKBs (464),
numOfAccumL2tpv3TnlEnDecapKBs (465),
isaCtrolPlaneCpuUsageBp (500),
isaDataPlaneCpuUsageBp (501),
numOfIsaMemAllocFailures (600),
ikev2IkeSaInitExchgPktsDrops (700),
ikev2IkeAuthExchgPktsDrops (701),
ikev2CrtCldInfoExchgPktsDrops (702)
}
TmnxIPsecOperState ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The TmnxIPsecOperState data type is an enumerated integer that
describes the values used to identify the current operational state of
IPsec functional modules."
SYNTAX INTEGER {
unknown (1),
inService (2),
outOfService (3),
transition (4),
limited (5)
}
TIPsecMulticastProtocol ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The TIPsecMulticastProtocol indicates the multicast protocol types
supported by the IPsec application.
Value descriptions:
mld - Multicast Listener Discovery
igmp - Internet Group Management Protocol"
SYNTAX BITS {
mld (0),
igmp (1)
}
tmnxIPsecObjects OBJECT IDENTIFIER ::= { tmnxSRObjs 48 }
tmnxIPsecTransformTblLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTransformTblLastChanged indicates the sysUpTime
at the time of the last modification to tmnxIPsecTransformTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 1 }
tmnxIPsecTransformTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecTransformEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IPsec transform entries."
::= { tmnxIPsecObjects 2 }
tmnxIPsecTransformEntry OBJECT-TYPE
SYNTAX TmnxIPsecTransformEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec transform entry."
INDEX { tmnxIPsecTransformId }
::= { tmnxIPsecTransformTable 1 }
TmnxIPsecTransformEntry ::= SEQUENCE
{
tmnxIPsecTransformId TmnxIPsecTransformId,
tmnxIPsecTransformRowStatus RowStatus,
tmnxIPsecTransformLastChanged TimeStamp,
tmnxIPsecTransformAuthAlgorithm TmnxAuthAlgorithm,
tmnxIPsecTransformEncrAlgorithm TmnxEncrAlgorithm,
tmnxIPsecTransformPfsDhGroup TmnxIPsecTransformPfsDhGrp,
tmnxIPsecTransformLifeTime Unsigned32
}
tmnxIPsecTransformId OBJECT-TYPE
SYNTAX TmnxIPsecTransformId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecTransformId specifies the id of a transform
entry and is the primary index for the table tmnxIPsecTransformTable."
::= { tmnxIPsecTransformEntry 1 }
tmnxIPsecTransformRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxIPsecTransformRowStatus object is used to create and delete
rows in the tmnxIPsecTransformTable."
::= { tmnxIPsecTransformEntry 2 }
tmnxIPsecTransformLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTransformLastChanged indicates the sysUpTime at
the time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecTransformEntry 3 }
tmnxIPsecTransformAuthAlgorithm OBJECT-TYPE
SYNTAX TmnxAuthAlgorithm
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTransformAuthAlgorithm specifies the Hashing
algorithm used for the AH (Authentication Header) protocol's
authentication function. If 'none' is used then AH protocol will not
be used."
DEFVAL { sha1 }
::= { tmnxIPsecTransformEntry 4 }
tmnxIPsecTransformEncrAlgorithm OBJECT-TYPE
SYNTAX TmnxEncrAlgorithm
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTransformEncrAlgorithm specifies the
Encryption algorithm to be used for the IPsec session. Encryption
only applies to ESP(Encapsulating Security Payload)
configurations. If encryption is 'null', then ESP will not be
used."
DEFVAL { aes128 }
::= { tmnxIPsecTransformEntry 5 }
tmnxIPsecTransformPfsDhGroup OBJECT-TYPE
SYNTAX TmnxIPsecTransformPfsDhGrp
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTransformPfsDhGroup specifies the Diffie-hellman
(DH) key exchange to be used each time the Security Association (SA)
key is renegotiated. After the SA expires, the key is forgotten and
another key is generated (if the SA remains up). This means that an
attacker who cracks part of the exchange can only read the part that
used the key before the key changed. There is no advantage of cracking
the other parts if the attacker has already cracked one.
The value of 'inherit (-1)' specifies that the IPsec tunnel or gateway
which refers to this IPsec transform will reuse the DH group
configurations from its associated IKE policy table
(tmnxIkePolicyTable). Specifically, if the value of
tmnxIkePolicyPFSEnabled is 'true (1)', the IPsec transform will use
the value of tmnxIkePolicyPFSDHGroup. If the value of
tmnxIkePolicyPFSEnabled is 'false (2)', the IPsec transform doesn't
use any DH group."
DEFVAL { inherit }
::= { tmnxIPsecTransformEntry 6 }
tmnxIPsecTransformLifeTime OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1200..31536000)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTransformLifeTime specifies the lifetime of the
phase 2 IKE key.
The value of zero specifies that the IPsec tunnel or gateway which
refers this IPsec transform will reuse the lifetime value (i.e.
tmnxIkePolicyIPsecLifeTime) from its associated IKE policy."
DEFVAL { 0 }
::= { tmnxIPsecTransformEntry 7 }
tmnxIkePolicyTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyTableLastChanged indicates the sysUpTime at
the time of the last modification to tmnxIkePolicyTable by adding,
deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 3 }
tmnxIkePolicyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIkePolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IKE policy entries."
::= { tmnxIPsecObjects 4 }
tmnxIkePolicyEntry OBJECT-TYPE
SYNTAX TmnxIkePolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IKE policy entry."
INDEX { tmnxIkePolicyId }
::= { tmnxIkePolicyTable 1 }
TmnxIkePolicyEntry ::= SEQUENCE
{
tmnxIkePolicyId TmnxIkePolicyId,
tmnxIkePolicyRowStatus RowStatus,
tmnxIkePolicyLastChanged TimeStamp,
tmnxIkePolicyDescription TItemDescription,
tmnxIkePolicyIkeMode TmnxIkePolicyIkeMode,
tmnxIkePolicyDHGroup TmnxIkePolicyDHGroup,
tmnxIkePolicyPFSEnabled TruthValue,
tmnxIkePolicyPFSDHGroup TmnxIkePolicyDHGroup,
tmnxIkePolicyAuthAlgorithm TmnxAuthAlgorithm,
tmnxIkePolicyEncrAlgorithm TmnxEncrAlgorithm,
tmnxIkePolicyIsakmpLifeTime Unsigned32,
tmnxIkePolicyIPsecLifeTime Unsigned32,
tmnxIkePolicyNatTraversal INTEGER,
tmnxIkePolicyNatTKeepAliveIntvl Unsigned32,
tmnxIkePolicyNatTBehindNatOnly TruthValue,
tmnxIkePolicyDpd INTEGER,
tmnxIkePolicyDpdInterval Unsigned32,
tmnxIkePolicyDpdMaxRetries Unsigned32,
tmnxIkePolicyAuthMethod TmnxIkePolicyAuthMethod,
tmnxIkePolicyIkeVersion TmnxIkeVersion,
tmnxIkePolicyOwnAuthMethod TmnxIkePolicyOwnAuthMethod,
tmnxIkePolicyMatchPeerToCert TruthValue,
tmnxIkePolicyRelayUnSolCfgAttr TmnxIkePolicyRelayUnSolCfgAttr,
tmnxIkePolicyAutoEapMethod TmnxIkePolicyAutoEapMethod,
tmnxIkePolicyAutoEapOwnMethod TmnxIkePolicyAutoEapOwnMethod,
tmnxIkePolicyLockout TmnxEnabledDisabled,
tmnxIkePolicyLockoutFailedAtempt Unsigned32,
tmnxIkePolicyLockoutDuration Unsigned32,
tmnxIkePolicyLockoutBlock Unsigned32,
tmnxIkePolicyLockoutMaxPortPerIp Unsigned32,
tmnxIkePolicyV2Fragment TmnxEnabledDisabled,
tmnxIkePolicyV2FragmentMtu Unsigned32,
tmnxIkePolicyV2FragReassembTmOut Unsigned32,
tmnxIkePolicySndIdrAftEapSuccess TruthValue,
tmnxIkePolicyIkev1Ph1RespDelNtfy TruthValue,
tmnxIkePolicyLimitInitExchange TruthValue,
tmnxIkePolicyReducedMaxExchgTt Unsigned32
}
tmnxIkePolicyId OBJECT-TYPE
SYNTAX TmnxIkePolicyId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyId specifies the id of a policy entry and is
the primary index for the table tmnxIkePolicyTable."
::= { tmnxIkePolicyEntry 1 }
tmnxIkePolicyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxIkePolicyRowStatus object is used to create and delete rows in
the tmnxIkePolicyTable."
::= { tmnxIkePolicyEntry 2 }
tmnxIkePolicyLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyLastChanged indicates the sysUpTime at the
time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIkePolicyEntry 3 }
tmnxIkePolicyDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyDescription specifies the user-provided
description for each tmnxIkePolicyEntry in the table
tmnxIkePolicyTable."
DEFVAL { "" }
::= { tmnxIkePolicyEntry 4 }
tmnxIkePolicyIkeMode OBJECT-TYPE
SYNTAX TmnxIkePolicyIkeMode
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyIkeMode specifies the mode of operation,
which determines the number of messages used to establish the session."
DEFVAL { main }
::= { tmnxIkePolicyEntry 5 }
tmnxIkePolicyDHGroup OBJECT-TYPE
SYNTAX TmnxIkePolicyDHGroup
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIkePolicyDHGroup specifies the Diffie-Hellman group
to be used for calculating session keys which will be used in the IKE
proposal.
This object has been marked obsolete in SROS Release 15.0. The
functionality of this object is replaced by
tmnxIPsecIkeTransformDhGroup."
DEFVAL { group2 }
::= { tmnxIkePolicyEntry 6 }
tmnxIkePolicyPFSEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyPFSEnabled specifies whether
PFS (perfect forward secrecy) on the tunnel using this policy
is enabled or not. When tmnxIkePolicyPFSDHGroup has a value
of 'true', PFS is enabled."
DEFVAL { false }
::= { tmnxIkePolicyEntry 7 }
tmnxIkePolicyPFSDHGroup OBJECT-TYPE
SYNTAX TmnxIkePolicyDHGroup
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyPFSDHGroup is used only if the value of the
tmnxIkePolicyPFSEnabled is 'true'.
The value of tmnxIkePolicyPFSDHGroup specifies the new
Diffie-hellman key exchange each time the SA(Security Association)
key is renegotiated. After the SA expires, the key is forgotten
and another key is generated (if the SA remains up). This means
that an attacker who cracks part of the exchange can only read the
part that used the key before the key changed. There is no
advantage of cracking the other parts if the attacker has already
cracked one."
DEFVAL { group2 }
::= { tmnxIkePolicyEntry 8 }
tmnxIkePolicyAuthAlgorithm OBJECT-TYPE
SYNTAX TmnxAuthAlgorithm
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIkePolicyAuthAlgorithm specifies the Hashing
algorithm used in the phase 1 SA.
This object has been marked obsolete in SROS Release 15.0. The
functionality of this object is replaced by
tmnxIPsecIkeTransformAuthAlg."
DEFVAL { sha1 }
::= { tmnxIkePolicyEntry 9 }
tmnxIkePolicyEncrAlgorithm OBJECT-TYPE
SYNTAX TmnxEncrAlgorithm
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIkePolicyEncrAlgorithm specifies the Encryption
algorithm to be used in the phase 1 SA.
This object has been marked obsolete in SROS Release 15.0. The
functionality of this object is replaced by
tmnxIPsecIkeTransformEncrAlg."
DEFVAL { aes128 }
::= { tmnxIkePolicyEntry 10 }
tmnxIkePolicyIsakmpLifeTime OBJECT-TYPE
SYNTAX Unsigned32 (1200..172800)
UNITS "seconds"
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIkePolicyIsakmpLifeTime specifies the lifetime of the
phase 1 IKE key.
ISAKMP stands for Internet Security Association and Key Management
Protocol.
This object has been marked obsolete in SROS Release 15.0. The
functionality of this object is replaced by
tmnxIPsecIkeTransformIsakmpLifeT."
DEFVAL { 86400 }
::= { tmnxIkePolicyEntry 11 }
tmnxIkePolicyIPsecLifeTime OBJECT-TYPE
SYNTAX Unsigned32 (1200..31536000)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyIPsecLifeTime specifies the lifetime of the
phase 2 IKE key."
DEFVAL { 3600 }
::= { tmnxIkePolicyEntry 12 }
tmnxIkePolicyNatTraversal OBJECT-TYPE
SYNTAX INTEGER {
enable (1),
disable (2),
force (3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyNatTraversal specifies whether NAT-T(network
address translation traversal) is 'enabled', 'disabled' or in 'forced'
mode."
DEFVAL { disable }
::= { tmnxIkePolicyEntry 13 }
tmnxIkePolicyNatTKeepAliveIntvl OBJECT-TYPE
SYNTAX Unsigned32 (0 | 120..600)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyNatTKeepAliveIntvl specifies the keep alive
interval for NAT-T. If the value of tmnxIkePolicyNatTKeepAliveIntvl is
'0', then keepalives are disabled."
DEFVAL { 0 }
::= { tmnxIkePolicyEntry 14 }
tmnxIkePolicyNatTBehindNatOnly OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyNatTBehindNatOnly specifies whether the keep
alive packets should be sent only when behind a NAT."
DEFVAL { true }
::= { tmnxIkePolicyEntry 15 }
tmnxIkePolicyDpd OBJECT-TYPE
SYNTAX INTEGER {
enable (1),
disable (2),
replyOnly (3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyDpd specifies whether DPD (dead peer
detection) is 'enable', 'disable' or in 'replyOnly' mode.
The DPD vendor ID is always advertised to the peer. To the extent that
the peer advertises DPD support as well, the service-router will
always reply to the peer's 'Are-You-There' messages.
If tmnxIkePolicyDpd object is set to 'enable' the service-router will
also send its own 'Are-You-There' message to the peer at the interval
specified by tmnxIkePolicyDpdInterval.
If tmnxIkePolicyDpd object is set to 'disable' the service-router will
never send its own 'Are-You-There' message to the peer.
If tmnxIkePolicyDpd object is set to 'replyOnly' the service-router
will take the peer's 'Are-You-There' message as proof of 'liveliness'
and will suppress the sending of its own 'Are-You-There' messages.
Once it stops receiving 'Are-You-There' messages from the peer, it
will start sending its own to determine if the peer is dead. The
service-router will only send an 'Are-You-There' message when the
other side has been idle (no traffic was forwarded through it) since
the last tmnxIkePolicyDpdInterval. If the other side is active (as
determined by its traffic counters) it is assumed the peer is alive
and the 'Are-You-There' message is suppressed."
DEFVAL { disable }
::= { tmnxIkePolicyEntry 16 }
tmnxIkePolicyDpdInterval OBJECT-TYPE
SYNTAX Unsigned32 (10..300)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyDpdInterval specifies the dead peer
detection interval."
DEFVAL { 30 }
::= { tmnxIkePolicyEntry 17 }
tmnxIkePolicyDpdMaxRetries OBJECT-TYPE
SYNTAX Unsigned32 (2..5)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyDpdMaxRetries specifies the number of
retries done before the peer is determined dead."
DEFVAL { 3 }
::= { tmnxIkePolicyEntry 18 }
tmnxIkePolicyAuthMethod OBJECT-TYPE
SYNTAX TmnxIkePolicyAuthMethod
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyAuthMethod specifies the authentication
method used with this IKE policy for the remote-peer."
DEFVAL { psk }
::= { tmnxIkePolicyEntry 19 }
tmnxIkePolicyIkeVersion OBJECT-TYPE
SYNTAX TmnxIkeVersion
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyIkeVersion specifies the IKE version to be
used with this IKE policy."
DEFVAL { version1 }
::= { tmnxIkePolicyEntry 20 }
tmnxIkePolicyOwnAuthMethod OBJECT-TYPE
SYNTAX TmnxIkePolicyOwnAuthMethod
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyOwnAuthMethod specifies the authentication
method used with this IKE policy on its own side."
DEFVAL { symmetric }
::= { tmnxIkePolicyEntry 21 }
tmnxIkePolicyMatchPeerToCert OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyMatchPeerToCert specifies whether to enable
checking that the IKE peer's ID matches the peer's certificate when
performing certificate authentication."
DEFVAL { false }
::= { tmnxIkePolicyEntry 22 }
tmnxIkePolicyRelayUnSolCfgAttr OBJECT-TYPE
SYNTAX TmnxIkePolicyRelayUnSolCfgAttr
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyRelayUnSolCfgAttr specifies the unsolicited
configuration attributes for IKEv2 remote-access tunnels. These
attributes, when provided by the authentication server, are returned
to the IKE peer regardless of whether or not they have been requested.
Normally, only the requested attributes are returned."
DEFVAL { {} }
::= { tmnxIkePolicyEntry 23 }
tmnxIkePolicyAutoEapMethod OBJECT-TYPE
SYNTAX TmnxIkePolicyAutoEapMethod
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyAutoEapMethod specifies the automatic
EAP fallback authentication method for the remote-peer used with
this IKE policy. This object is only meaningful when the value of
tmnxIkePolicyAuthMethod is 'autoEapRadius'."
DEFVAL { cert }
::= { tmnxIkePolicyEntry 24 }
tmnxIkePolicyAutoEapOwnMethod OBJECT-TYPE
SYNTAX TmnxIkePolicyAutoEapOwnMethod
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyAutoEapOwnMethod specifies the automatic EAP
fallback authentication method used with this IKE policy on its own
side.
This object is only meaningful when the value of
tmnxIkePolicyAuthMethod is 'autoEap'."
DEFVAL { cert }
::= { tmnxIkePolicyEntry 25 }
tmnxIkePolicyLockout OBJECT-TYPE
SYNTAX TmnxEnabledDisabled
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyLockout specifies whether or not the IPsec
Client Lockout is enabled.
The statistics information of remote lockout clients are in
tmnxIPsecLockoutClientTable."
DEFVAL { disabled }
::= { tmnxIkePolicyEntry 26 }
tmnxIkePolicyLockoutFailedAtempt OBJECT-TYPE
SYNTAX Unsigned32 (1..64)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyLockoutFailedAtempt specifies the maximum
number of consecutive failed authentication attempts from the same
remote client."
DEFVAL { 3 }
::= { tmnxIkePolicyEntry 27 }
tmnxIkePolicyLockoutDuration OBJECT-TYPE
SYNTAX Unsigned32 (1..60)
UNITS "minutes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyLockoutDuration specifies the maximum
duration in minutes that the system can afford
tmnxIkePolicyLockoutFailedAtempt number of failed authentication
attempts from the same remote client."
DEFVAL { 5 }
::= { tmnxIkePolicyEntry 28 }
tmnxIkePolicyLockoutBlock OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..1440)
UNITS "minutes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyLockoutBlock specifies the maximum time
period that the system drops IKE packets after the maximum number of
consecutive failed authentication attempts reaches
tmnxIkePolicyLockoutFailedAtempt within tmnxIkePolicyLockoutDuration
minutes.
The value of zero means that the system keeps dropping the IKE packets
until the system or ISA (Integrated Service Adaptor) is rebooted."
DEFVAL { 10 }
::= { tmnxIkePolicyEntry 29 }
tmnxIkePolicyLockoutMaxPortPerIp OBJECT-TYPE
SYNTAX Unsigned32 (1..32000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyLockoutMaxPortPerIp specifies the maximum
number of port that can be lockout under the same IP address. Once the
number of lockout port under the same IP address reaches
tmnxIkePolicyLockoutMaxPortPerIp, all ports under the same IP address
will be lockout in the next tmnxIkePolicyLockoutBlock minutes."
DEFVAL { 16 }
::= { tmnxIkePolicyEntry 30 }
tmnxIkePolicyV2Fragment OBJECT-TYPE
SYNTAX TmnxEnabledDisabled
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyV2Fragment specifies whether or not IKEv2
fragmentation is enabled."
DEFVAL { disabled }
::= { tmnxIkePolicyEntry 31 }
tmnxIkePolicyV2FragmentMtu OBJECT-TYPE
SYNTAX Unsigned32 (512..9000)
UNITS "octets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyV2FragmentMtu specifies the MTU size for the
IKEv2 fragmentation."
DEFVAL { 1500 }
::= { tmnxIkePolicyEntry 32 }
tmnxIkePolicyV2FragReassembTmOut OBJECT-TYPE
SYNTAX Unsigned32 (1..5)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyV2FragReassembTmOut specifies the maximum
number of seconds to wait to receive all fragments of an IKEv2 message
for reassembly."
DEFVAL { 2 }
::= { tmnxIkePolicyEntry 33 }
tmnxIkePolicySndIdrAftEapSuccess OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicySndIdrAftEapSuccess specifies whether or not
the system adds the Identification Responder (IDr) payload in the last
IKE authentication response after the Extensible Authentication
Protocol (EAP) success."
DEFVAL { true }
::= { tmnxIkePolicyEntry 34 }
tmnxIkePolicyIkev1Ph1RespDelNtfy OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyIkev1Ph1RespDelNtfy specifies whether or not
the system, when deleting an IKEv1 phase 1 for which it was the
responder, sends a delete notification to the peer. This object is
only meaningful when the value of tmnxIkePolicyIkeVersion is 'version1
(1)'."
DEFVAL { true }
::= { tmnxIkePolicyEntry 35 }
tmnxIkePolicyLimitInitExchange OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyLimitInitExchange specifies whether or not
the system limits the number of in-progress initial IKE exchanges to
one per IPsec tunnel.
The value of 'false' specifies that the system allows up to 32
in-progress initial IKE exchanges per IPsec tunnel.
This value must be set in the same SNMP PDU as
tmnxIkePolicyReducedMaxExchgTt."
DEFVAL { true }
::= { tmnxIkePolicyEntry 36 }
tmnxIkePolicyReducedMaxExchgTt OBJECT-TYPE
SYNTAX Unsigned32 (0 | 2..60)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIkePolicyReducedMaxExchgTt specifies the maximum
timeout for the in-progress initial IKE exchange.
The value of '0' specifies that there is no reduction of the current
exchange timeout which is 120 seconds.
This value is only meaningful when the value of
tmnxIkePolicyLimitInitExchange is 'true' and the system is being
requested to start another initial IKE exchange while there is already
one in progress.
This value must be set in the same SNMP PDU as
tmnxIkePolicyLimitInitExchange."
DEFVAL { 2 }
::= { tmnxIkePolicyEntry 37 }
tmnxIPsecTunnelTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelTableLastChanged indicates the sysUpTime
at the time of the last modification to tmnxIPsecTunnelTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 5 }
tmnxIPsecTunnelTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecTunnelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IPsec Tunnel entries."
::= { tmnxIPsecObjects 6 }
tmnxIPsecTunnelEntry OBJECT-TYPE
SYNTAX TmnxIPsecTunnelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec Tunnel entry."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxIPsecTunnelName
}
::= { tmnxIPsecTunnelTable 1 }
TmnxIPsecTunnelEntry ::= SEQUENCE
{
tmnxIPsecTunnelName TNamedItem,
tmnxIPsecTunnelRowStatus RowStatus,
tmnxIPsecTunnelLastChanged TimeStamp,
tmnxIPsecTunnelDescription TItemDescription,
tmnxIPsecTunnelLclGwAddrType InetAddressType,
tmnxIPsecTunnelLclGwAddr InetAddress,
tmnxIPsecTunnelRemGwAddrType InetAddressType,
tmnxIPsecTunnelRemGwAddr InetAddress,
tmnxIPsecTunnelPublicSvcId TmnxServId,
tmnxIPsecTunnelSecurityPolicyId TmnxIPsecPolicyIdOrZero,
tmnxIPsecTunnelKeyingType TmnxIPsecKeyingType,
tmnxIPsecTunnelDynTransformId1 TmnxIPsecTransformIdOrZero,
tmnxIPsecTunnelDynTransformId2 TmnxIPsecTransformIdOrZero,
tmnxIPsecTunnelDynTransformId3 TmnxIPsecTransformIdOrZero,
tmnxIPsecTunnelDynTransformId4 TmnxIPsecTransformIdOrZero,
tmnxIPsecTunnelIkePolicyId TmnxIkePolicyIdOrZero,
tmnxIPsecTunnelIkePreSharedKey OCTET STRING,
tmnxIPsecTunnelAdminState TmnxAdminState,
tmnxIPsecTunnelOperState TmnxIPsecOperState,
tmnxIPsecTunnelOperFlags BITS,
tmnxIPsecTunnelReplayWindow Unsigned32,
tmnxIPsecTunnelAutoEstablish TruthValue,
tmnxIPsecTunnelBfdDesignate TruthValue,
tmnxIPsecTunnelCertTrustAnchor TNamedItemOrEmpty,
tmnxIPsecTunnelCertFile DisplayString,
tmnxIPsecTunnelKeyFile DisplayString,
tmnxIPsecTunnelLocalIdType TmnxIPsecLocalIdType,
tmnxIPsecTunnelLocalIdValue DisplayString,
tmnxIPsecTunnelClearDfBit TruthValue,
tmnxIPsecTunnelIpMtu Unsigned32,
tmnxIPsecTunnelHostISA TmnxHwIndexOrZero,
tmnxIPsecTunnelCSVPrimary TmnxCertRevStatus,
tmnxIPsecTunnelCSVSecondary TmnxCertRevStatusOrNone,
tmnxIPsecTunnelCSVDefResult INTEGER,
tmnxIPsecTunnelCertProfile TNamedItemOrEmpty,
tmnxIPsecTunnelMatchTrustAnchor TNamedItemOrEmpty,
tmnxIPsecTunnelCertTrstAnchrProf TNamedItemOrEmpty,
tmnxIPsecTunnelEncapIpMtu Unsigned32,
tmnxIPsecTunnelIcmp6Pkt2Big TruthValue,
tmnxIPsecTunnelIcmp6NumPkt2Big Unsigned32,
tmnxIPsecTunnelIcmp6Pkt2BigTime Unsigned32,
tmnxIPsecTunnelOperChanged TimeStamp,
tmnxIPsecTunnelPubTcpMssAdjust Integer32,
tmnxIPsecTunnelPrivTcpMssAdjust Integer32,
tmnxIPsecTunnelMaxNumPh1SaKeys Unsigned32,
tmnxIPsecTunnelMaxNumPh2SaKeys Unsigned32,
tmnxIPsecTunnelPublicSvcName TLNamedItemOrEmpty,
tmnxIPsecTunnelSecPlyStrictMatch TruthValue,
tmnxIPsecTunnelHostEsa TmnxEsaIdOrZero,
tmnxIPsecTunnelHostEsaVm TmnxEsaVmIdOrZero
}
tmnxIPsecTunnelName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelName specifies the name of the tunnel and
is part of the index for the table tmnxIPsecTunnelTable."
::= { tmnxIPsecTunnelEntry 1 }
tmnxIPsecTunnelRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxIPsecTunnelRowStatus object is used to create and delete rows
in the tmnxIPsecTunnelTable."
::= { tmnxIPsecTunnelEntry 2 }
tmnxIPsecTunnelLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelLastChanged indicates the sysUpTime at the
time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecTunnelEntry 3 }
tmnxIPsecTunnelDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelDescription specifies the user-provided
description for each tmnxIPsecTunnelEntry in the table
tmnxIPsecTunnelTable."
DEFVAL { "" }
::= { tmnxIPsecTunnelEntry 4 }
tmnxIPsecTunnelLclGwAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelLclGwAddrType specifies the address type
of address in tmnxIPsecTunnelLclGwAddr."
DEFVAL { unknown }
::= { tmnxIPsecTunnelEntry 5 }
tmnxIPsecTunnelLclGwAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelLclGwAddr specifies the address of the
interface on the local node of this IPsec tunnel."
DEFVAL { ''H }
::= { tmnxIPsecTunnelEntry 6 }
tmnxIPsecTunnelRemGwAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelRemGwAddrType specifies the address type
of address in tmnxIPsecTunnelRemGwAddr."
DEFVAL { unknown }
::= { tmnxIPsecTunnelEntry 7 }
tmnxIPsecTunnelRemGwAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelRemGwAddr specifies the address of the
interface on the remote node of this IPsec tunnel."
DEFVAL { ''H }
::= { tmnxIPsecTunnelEntry 8 }
tmnxIPsecTunnelPublicSvcId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelPublicSvcId specifies the service-id of
the tunnel delivery service. The tunnel cannot become operationally in
service until the public service exists and has a
TIMETRA-SERV-MIB::svcType of either 'ies (5)' or 'vprn (4)'.
The values of tmnxIPsecTunnelPublicSvcId and
tmnxIPsecTunnelPublicSvcName must be mutually exclusive and cannot
simultaneously have non-default values."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 9 }
tmnxIPsecTunnelSecurityPolicyId OBJECT-TYPE
SYNTAX TmnxIPsecPolicyIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelSecurityPolicyId specifies the IPsec
security policy entry in the tmnxIPsecPolicyTable that this tunnel
will use."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 10 }
tmnxIPsecTunnelKeyingType OBJECT-TYPE
SYNTAX TmnxIPsecKeyingType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelKeyingType specifies the keying type that
this tunnel will use."
DEFVAL { none }
::= { tmnxIPsecTunnelEntry 11 }
tmnxIPsecTunnelDynTransformId1 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelDynTransformId1 specifies the first IPsec
transform entry in the table tmnxIPsecTransformTable that this tunnel
will use."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 12 }
tmnxIPsecTunnelDynTransformId2 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelDynTransformId2 specifies the second IPsec
transform entry in the table tmnxIPsecTransformTable that this tunnel
will use.
The value of tmnxIPsecTunnelDynTransformId2 is valid and greater than
0, only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 13 }
tmnxIPsecTunnelDynTransformId3 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelDynTransformId3 specifies the third IPsec
transform entry in the table tmnxIPsecTransformTable that this tunnel
will use.
The value of tmnxIPsecTunnelDynTransformId3 is valid and greater than
0, only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 14 }
tmnxIPsecTunnelDynTransformId4 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelDynTransformId4 specifies the fourth IPsec
transform entry in the table tmnxIPsecTransformTable that this tunnel
will use.
The value of tmnxIPsecTunnelDynTransformId3 is valid and greater than
0, only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 15 }
tmnxIPsecTunnelIkePolicyId OBJECT-TYPE
SYNTAX TmnxIkePolicyIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The object tmnxIPsecTunnelIkePolicyId specifies the IKE policy entry
that this tunnel will use.
The value of tmnxIPsecTunnelIkePolicyId is valid and greater than 0,
only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 16 }
tmnxIPsecTunnelIkePreSharedKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelIkePreSharedKey specifies the shared
secret between the two peers forming the tunnel.
The value of tmnxIPsecTunnelIkePreSharedKey is a valid and non null
string only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'."
DEFVAL { "" }
::= { tmnxIPsecTunnelEntry 17 }
tmnxIPsecTunnelAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelAdminState specifies the administrative
state of the tmnxIPsecTunnelEntry."
DEFVAL { outOfService }
::= { tmnxIPsecTunnelEntry 18 }
tmnxIPsecTunnelOperState OBJECT-TYPE
SYNTAX TmnxIPsecOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelOperState indicates the operational status
of tmnxIPsecTunnelEntry."
::= { tmnxIPsecTunnelEntry 19 }
tmnxIPsecTunnelOperFlags OBJECT-TYPE
SYNTAX BITS {
unresolvedLocalIp (0),
tunnelAdminDown (1),
sapDown (2),
unresolvedPublicSvc (3),
bfdSessionDown (4),
reserved1 (5),
unresolvedDstIp (6),
invalidCertFile (7),
invalidKeyFile (8),
trustAnchorsDown (9),
certProfileDown (10),
invalidCertKeyCombo (11)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelOperFlags indicates the reason why the
tunnel is operationally down."
::= { tmnxIPsecTunnelEntry 20 }
tmnxIPsecTunnelReplayWindow OBJECT-TYPE
SYNTAX Unsigned32 (0 | 32 | 64 | 128 | 256 | 512)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelReplayWindow specifies the size of the
anti-replay window.
If the value of tmnxIPsecTunnelReplayWindow is set to 0, then the
anti-replay feature is disabled."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 21 }
tmnxIPsecTunnelAutoEstablish OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelAutoEstablish specifies whether to attempt
to establish a phase 1 exchange automatically."
DEFVAL { false }
::= { tmnxIPsecTunnelEntry 22 }
tmnxIPsecTunnelBfdDesignate OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelBfdDesignate specifies whether this IPSec
tunnel is the BFD designated tunnel."
DEFVAL { false }
::= { tmnxIPsecTunnelEntry 23 }
tmnxIPsecTunnelCertTrustAnchor OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelCertTrustAnchor specifies the name for
Certificate-Authority Profile name associated with this SAP IPSec
tunnel certificate.
An 'inconsistentValue' error is returned if this object is modified
when tmnxIPsecTunnelAdminState is in 'inService' state.
This object has been marked obsolete in SROS Release 15.0. The
functionality of this object is replaced by
tmnxIPsecTunnelCertTrstAnchrProf."
DEFVAL { ''H }
::= { tmnxIPsecTunnelEntry 24 }
tmnxIPsecTunnelCertFile OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelCertFile specifies the local file URL of
the certificate to be used with this SAP IPSec tunnel.
An 'inconsistentValue' error is returned when
tmnxIPsecTunnelCertProfile is set to non-default value and
tmnxIPsecTunnelCertFile or tmnxIPsecTunnelKeyFile is set to
non-default value.
This object has been marked obsolete in SROS Release 15.0. The
functionality of this object is replaced by
tmnxIPsecTunnelCertProfile."
DEFVAL { ''H }
::= { tmnxIPsecTunnelEntry 25 }
tmnxIPsecTunnelKeyFile OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelKeyFile specifies the key-pair file to be
used for X.509 certificate authentication with this SAP IPSec tunnel.
An 'inconsistentValue' error is returned when
tmnxIPsecTunnelCertProfile is set to non-default value and
tmnxIPsecTunnelCertFile or tmnxIPsecTunnelKeyFile is set to
non-default value.
This object has been marked obsolete in SROS Release 15.0. The
functionality of this object is replaced by
tmnxIPsecTunnelCertProfile."
DEFVAL { ''H }
::= { tmnxIPsecTunnelEntry 26 }
tmnxIPsecTunnelLocalIdType OBJECT-TYPE
SYNTAX TmnxIPsecLocalIdType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelLocalIdType specifies the local identifier
type used for IDi or IDr for IKEv2.
An 'inconsistentValue' error is returned if this object is modified
when tmnxIPsecTunnelAdminState is in 'inService' state."
DEFVAL { none }
::= { tmnxIPsecTunnelEntry 27 }
tmnxIPsecTunnelLocalIdValue OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelLocalIdValue specifies the value
associated with tmnxIPsecTunnelLocalIdType object.
Value is extracted from the configured certificate when
tmnxIPsecTunnelLocalIdType is set to 'dn'."
DEFVAL { ''H }
::= { tmnxIPsecTunnelEntry 28 }
tmnxIPsecTunnelClearDfBit OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelClearDfBit specifies whether to clear Do
not Fragment (DF) bit in the outgoing packets in this tunnel."
DEFVAL { false }
::= { tmnxIPsecTunnelEntry 29 }
tmnxIPsecTunnelIpMtu OBJECT-TYPE
SYNTAX Unsigned32 (0 | 512..9000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelIpMtu specifies the MTU size for IP packets
for this tunnel.
A value set to zero indicates maximum supported MTU size on the SAP
for this tunnel."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 30 }
tmnxIPsecTunnelHostISA OBJECT-TYPE
SYNTAX TmnxHwIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelHostISA indicates the active ISA MDA that
is being used to host this IPsec tunnel.
This object will contain a nonzero value only when the tunnel is
both operationally up and being hosted by an MDA. When the tunnel
is being hosted by an ESA virtual machine, the host will be indicated
by the tmnxIPsecTunnelHostEsa and tmnxIPsecTunnelHostEsaVm objects."
::= { tmnxIPsecTunnelEntry 31 }
tmnxIPsecTunnelCSVPrimary OBJECT-TYPE
SYNTAX TmnxCertRevStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelCSVPrimary specifies the primary method of
Certificate Status Verification (CSV) that is used to verify
revocation status of the certificate of the peer.
This value must be set in the same PDU as tmnxIPsecTunnelCSVSecondary
if the value of tmnxIPsecTunnelAdminState is equal to 'inService (2)'."
DEFVAL { crl }
::= { tmnxIPsecTunnelEntry 32 }
tmnxIPsecTunnelCSVSecondary OBJECT-TYPE
SYNTAX TmnxCertRevStatusOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelCSVSecondary specifies the secondary
method of Certificate Status Verification (CSV) that is used to verify
revocation status of the certificate of the peer.
This value must be set in the same PDU as tmnxIPsecTunnelCSVPrimary if
the value of tmnxIPsecTunnelAdminState is equal to 'inService (2)'."
DEFVAL { none }
::= { tmnxIPsecTunnelEntry 33 }
tmnxIPsecTunnelCSVDefResult OBJECT-TYPE
SYNTAX INTEGER {
revoked (0),
good (1)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelCSVDefResult specifies the default result
of Certificate Status Verification (CSV) when both primary and
secondary method failed to provide an answer."
DEFVAL { revoked }
::= { tmnxIPsecTunnelEntry 34 }
tmnxIPsecTunnelCertProfile OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelCertProfile specifies the certificate
profile associated with this IPsec tunnel."
DEFVAL { ''H }
::= { tmnxIPsecTunnelEntry 35 }
tmnxIPsecTunnelMatchTrustAnchor OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelMatchTrustAnchor indicates the name for
matched Certificate-Authority Profile name associated with this SAP
IPSec tunnel certificate."
::= { tmnxIPsecTunnelEntry 36 }
tmnxIPsecTunnelCertTrstAnchrProf OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelCertTrstAnchrProf specifies the name for
Certificate-Authority Trust Anchor Profile name associated with this
SAP IPSec tunnel certificate.
An 'inconsistentValue' error is returned if this object is modified
when tmnxIPsecTunnelAdminState is in 'inService' state."
DEFVAL { ''H }
::= { tmnxIPsecTunnelEntry 37 }
tmnxIPsecTunnelEncapIpMtu OBJECT-TYPE
SYNTAX Unsigned32 (0 | 512..9000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelEncapIpMtu specifies the MTU size for IP
packets after tunnel encapsulation has been added.
A value set to zero indicates maximum supported MTU size on the SAP
for this tunnel."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 38 }
tmnxIPsecTunnelIcmp6Pkt2Big OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelIcmp6Pkt2Big specifies whether
packet-too-big ICMP messages should be sent. When it is set to 'true',
ICMPv6 packet-too-big messages are generated by this IPsec tunnel.
When tmnxIPsecTunnelIcmp6Pkt2Big is set to 'false (2)', ICMPv6
packet-too-big messages are not sent.
When the value of tmnxIPsecTunnelIcmp6Pkt2Big is 'false (2)', it must
be set in the same SNMP PDU as tmnxIPsecTunnelIcmp6NumPkt2Big and
tmnxIPsecTunnelIcmp6Pkt2BigTime. The value of
tmnxIPsecTunnelIcmp6NumPkt2Big and tmnxIPsecTunnelIcmp6Pkt2BigTime
must be their default values."
DEFVAL { true }
::= { tmnxIPsecTunnelEntry 40 }
tmnxIPsecTunnelIcmp6NumPkt2Big OBJECT-TYPE
SYNTAX Unsigned32 (10..1000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelIcmp6NumPkt2Big specifies how many
packet-too-big ICMPv6 messages are transmitted in the time frame
specified by tmnxIPsecTunnelIcmp6Pkt2BigTime.
This value must be set in the same SNMP SET PDU as
tmnxIPsecTunnelIcmp6Pkt2Big."
DEFVAL { 100 }
::= { tmnxIPsecTunnelEntry 41 }
tmnxIPsecTunnelIcmp6Pkt2BigTime OBJECT-TYPE
SYNTAX Unsigned32 (1..60)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelIcmp6Pkt2BigTime specifies the time frame
in seconds that is used to limit the number of packet-too-big ICMPv6
messages transmitted per time frame.
This value must be set in the same SNMP SET PDU as
tmnxIPsecTunnelIcmp6Pkt2Big."
DEFVAL { 10 }
::= { tmnxIPsecTunnelEntry 42 }
tmnxIPsecTunnelOperChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelOperChanged indicates the sysUpTime at the
time of the last operational status change of this entry."
::= { tmnxIPsecTunnelEntry 43 }
tmnxIPsecTunnelPubTcpMssAdjust OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 512..9000)
UNITS "octets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelPubTcpMssAdjust specifies the Maximum
Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
sent from the public network to the private network. The system may
use this value to adjust or insert the MSS option in TCP SYN packet.
The TCP MSS adjustment functionality on the public side network is
disabled when the following conditions are met.
1) The value of tmnxIPsecTunnelPubTcpMssAdjust is '-1' or
2) The values of tmnxIPsecTunnelPubTcpMssAdjust and
tmnxIPsecTunnelEncapIpMtu are both '0'.
When the system receives a TCP SYN packet from the public network and
this packet contains an MSS option, the system replaces the MSS option
value with a new MSS when the new MSS is smaller than the MSS option
value.
When the system receives a TCP SYN packet from the public network and
this packet does not contain an MSS option, the system inserts one
with a new MSS.
The new MSS is calculated based on the following rules.
1) When the value of tmnxIPsecTunnelPubTcpMssAdjust is '0' and
tmnxIPsecTunnelEncapIpMtu has a non-zero value,
New MSS = tmnxIPsecTunnelEncapIpMtu - total header size (e.g.,
encryption, encapsulation, TCP and IP headers)
2) When the value of tmnxIPsecTunnelPubTcpMssAdjust is in the range
of (512..9000)
New MSS = tmnxIPsecTunnelPubTcpMssAdjust"
REFERENCE
"RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
DEFVAL { -1 }
::= { tmnxIPsecTunnelEntry 49 }
tmnxIPsecTunnelPrivTcpMssAdjust OBJECT-TYPE
SYNTAX Integer32 (-1 | 512..9000)
UNITS "octets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelPrivTcpMssAdjust specifies the Maximum
Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
sent from the private network to the public network. The system may
use this value to adjust or insert the MSS option in TCP SYN packet.
The value of '-1' specifies that the TCP MSS adjustment functionality
on the private side is disabled.
When the system receives a TCP SYN packet from the private network and
this packet contains an MSS option, the system replaces the MSS option
value with tmnxIPsecTunnelPrivTcpMssAdjust when the value of
tmnxIPsecTunnelPrivTcpMssAdjust is smaller than the MSS option value.
When the system receives a TCP SYN packet from the private network and
this packet does not contain an MSS option, the system inserts one
whose MSS is equal to tmnxIPsecTunnelPrivTcpMssAdjust."
REFERENCE
"RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
DEFVAL { -1 }
::= { tmnxIPsecTunnelEntry 50 }
tmnxIPsecTunnelMaxNumPh1SaKeys OBJECT-TYPE
SYNTAX Unsigned32 (0..3)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelMaxNumPh1SaKeys specifies the maximum
number of security association (SA) phase 1 keys, which can be saved
by the system, for this IPsec tunnel."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 51 }
tmnxIPsecTunnelMaxNumPh2SaKeys OBJECT-TYPE
SYNTAX Unsigned32 (0..48)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelMaxNumPh2SaKeys specifies the maximum
number of security association (SA) phase 2 keys, which can be saved
by the system, for this IPsec tunnel."
DEFVAL { 0 }
::= { tmnxIPsecTunnelEntry 52 }
tmnxIPsecTunnelPublicSvcName OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelPublicSvcName specifies the name of the
tunnel delivery service. The tunnel cannot become operationally in
service until the public service exists and has a
TIMETRA-SERV-MIB::svcType of either 'ies (5)' or 'vprn (4)'.
The values of tmnxIPsecTunnelPublicSvcName and
tmnxIPsecTunnelPublicSvcId must be mutually exclusive and cannot
simultaneously have non-default values."
DEFVAL { ''H }
::= { tmnxIPsecTunnelEntry 53 }
tmnxIPsecTunnelSecPlyStrictMatch OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelSecPlyStrictMatch specifies whether or not
the system does a strict match when it receives a CREATE_CHILD
exchange request, which is not for rekey, for this IPsec tunnel."
DEFVAL { false }
::= { tmnxIPsecTunnelEntry 54 }
tmnxIPsecTunnelHostEsa OBJECT-TYPE
SYNTAX TmnxEsaIdOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelHostEsa indicates the active ESA that is
being used to host this IPsec tunnel.
This object will contain a nonzero value only when the tunnel is
both operationally up and being hosted by an ESA virtual machine.
When the tunnel is being hosted by an ISA MDA, the host will be
indicated by the tmnxIPsecTunnelHostISA object."
::= { tmnxIPsecTunnelEntry 56 }
tmnxIPsecTunnelHostEsaVm OBJECT-TYPE
SYNTAX TmnxEsaVmIdOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelHostEsaVm indicates the active ESA virtual
machine that is being used to host this IPsec tunnel.
This object will contain a nonzero value only when the tunnel is both
operationally up and being hosted by an ESA virtual machine. When the
tunnel is being hosted by an ISA MDA, the host will be indicated by
the tmnxIPsecTunnelHostISA object."
::= { tmnxIPsecTunnelEntry 57 }
tmnxIPsecTunnelStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecTunnelStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store IPsec Tunnel statistics"
::= { tmnxIPsecObjects 7 }
tmnxIPsecTunnelStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecTunnelStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Statistics for a single IPsec Tunnel."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxIPsecTunnelName
}
::= { tmnxIPsecTunnelStatsTable 1 }
TmnxIPsecTunnelStatsEntry ::= SEQUENCE
{
tmnxIPsecTunnelIsakmpState INTEGER,
tmnxIPsecTunnelIsakmpEstabTime TimeStamp,
tmnxIPsecTunnelIsakmpNegLifeTime Unsigned32,
tmnxIPsecTunnelNumDpdTx Counter32,
tmnxIPsecTunnelNumDpdRx Counter32,
tmnxIPsecTunnelNumDpdAckTx Counter32,
tmnxIPsecTunnelNumDpdAckRx Counter32,
tmnxIPsecTunnelNumExpRx Counter32,
tmnxIPsecTunnelNumInvalidDpdRx Counter32,
tmnxIPsecTunnelNumCtrlPktsTx Counter32,
tmnxIPsecTunnelNumCtrlPktsRx Counter32,
tmnxIPsecTunnelNumCtrlTxErrors Counter32,
tmnxIPsecTunnelNumCtrlRxErrors Counter32,
tmnxIPsecTunnelMatCertEntryId Integer32,
tmnxIPsecTunnelCertProfName TNamedItemOrEmpty,
tmnxIPsecTunnelStatIsakmpAuthAlg TmnxAuthAlgorithm,
tmnxIPsecTunnelStatIsakmpEncrAlg TmnxEncrAlgorithm,
tmnxIPsecTunnelStatIsakmpPfsDhGp TmnxIkePolicyDHGroupOrZero,
tmnxIPsecTunnelStatIkeTranPrfAlg INTEGER
}
tmnxIPsecTunnelIsakmpState OBJECT-TYPE
SYNTAX INTEGER {
up (1),
down (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelIsakmpState indicates the state of phase 1
IPsec negotiation."
::= { tmnxIPsecTunnelStatsEntry 1 }
tmnxIPsecTunnelIsakmpEstabTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelIsakmpEstabTime indicates the sysUpTime at
the time the IPsec phase 1 negotiation completed."
::= { tmnxIPsecTunnelStatsEntry 2 }
tmnxIPsecTunnelIsakmpNegLifeTime OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelIsakmpNegLifeTime indicates the lifetime
negotiated for phase1 IKE key."
::= { tmnxIPsecTunnelStatsEntry 3 }
tmnxIPsecTunnelNumDpdTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelNumDpdTx indicates the number of
Dead-Peer-Detection packets transmitted."
::= { tmnxIPsecTunnelStatsEntry 4 }
tmnxIPsecTunnelNumDpdRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelNumDpdRx indicates the number of
Dead-Peer-Detection packets received."
::= { tmnxIPsecTunnelStatsEntry 5 }
tmnxIPsecTunnelNumDpdAckTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelNumDpdAckTx indicates the number of
Dead-Peer-Detection acknowledgement packets transmitted."
::= { tmnxIPsecTunnelStatsEntry 6 }
tmnxIPsecTunnelNumDpdAckRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelNumDpdAckRx indicates the number of
Dead-Peer-Detection acknowledgement packets received."
::= { tmnxIPsecTunnelStatsEntry 7 }
tmnxIPsecTunnelNumExpRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelNumExpRx indicates the number of DPD
R-U-THERE packets that have not been acknowledged."
::= { tmnxIPsecTunnelStatsEntry 8 }
tmnxIPsecTunnelNumInvalidDpdRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelNumInvalidDpdRx indicates the number of
malformed DPD R-U-THERE acknowledgement packets received."
::= { tmnxIPsecTunnelStatsEntry 9 }
tmnxIPsecTunnelNumCtrlPktsTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelNumCtrlPktsTx indicates the number of
control packets this IPsec Tunnel has sent."
::= { tmnxIPsecTunnelStatsEntry 10 }
tmnxIPsecTunnelNumCtrlPktsRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelNumCtrlPktsRx indicates the number of
control packets this IPsec Tunnel has received."
::= { tmnxIPsecTunnelStatsEntry 11 }
tmnxIPsecTunnelNumCtrlTxErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelNumCtrlTxErrors indicates the number of
control packet transmit errors."
::= { tmnxIPsecTunnelStatsEntry 12 }
tmnxIPsecTunnelNumCtrlRxErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelNumCtrlRxErrors indicates the number of
control packet receive errors."
::= { tmnxIPsecTunnelStatsEntry 13 }
tmnxIPsecTunnelMatCertEntryId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelMatCertEntryId indicates the matching
certificate profile entry id used for this tunnel."
::= { tmnxIPsecTunnelStatsEntry 14 }
tmnxIPsecTunnelCertProfName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelCertProfName indicates a specific IPsec
tunnel certificate profile name used for this tunnel."
::= { tmnxIPsecTunnelStatsEntry 15 }
tmnxIPsecTunnelStatIsakmpAuthAlg OBJECT-TYPE
SYNTAX TmnxAuthAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelStatIsakmpAuthAlg indicates the
authentication algorithm of the IPsec phase 1 negotiation for this
IPsec tunnel."
::= { tmnxIPsecTunnelStatsEntry 17 }
tmnxIPsecTunnelStatIsakmpEncrAlg OBJECT-TYPE
SYNTAX TmnxEncrAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelStatIsakmpEncrAlg indicates the encryption
algorithm of the IPsec phase 1 negotiation for this IPsec tunnel."
::= { tmnxIPsecTunnelStatsEntry 18 }
tmnxIPsecTunnelStatIsakmpPfsDhGp OBJECT-TYPE
SYNTAX TmnxIkePolicyDHGroupOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelStatIsakmpPfsDhGp indicates the
Diffie-Hellman (DH) group of the IPsec phase 1 negotiation for this
IPsec tunnel.
The Diffie-Hellman (DH) group is used by the IPsec tunnel to achieve
Perfect Forward Secrecy (PFS)."
::= { tmnxIPsecTunnelStatsEntry 19 }
tmnxIPsecTunnelStatIkeTranPrfAlg OBJECT-TYPE
SYNTAX INTEGER {
md5 (2),
sha1 (3),
sha256 (4),
sha384 (5),
sha512 (6),
aesXcbc (7),
sameAsAuth (8)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTunnelStatIkeTranPrfAlg specifies the
pseudo-random function (PRF)."
::= { tmnxIPsecTunnelStatsEntry 20 }
tmnxIPsecPolicyTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyTableLastChanged indicates the sysUpTime
at the time of the last modification to tmnxIPsecPolicyTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 8 }
tmnxIPsecPolicyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecPolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IPsec Security Policy entries."
::= { tmnxIPsecObjects 9 }
tmnxIPsecPolicyEntry OBJECT-TYPE
SYNTAX TmnxIPsecPolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec Security Policy entry."
INDEX {
svcId,
tmnxIPsecPolicyId
}
::= { tmnxIPsecPolicyTable 1 }
TmnxIPsecPolicyEntry ::= SEQUENCE
{
tmnxIPsecPolicyId TmnxIPsecPolicyId,
tmnxIPsecPolicyRowStatus RowStatus,
tmnxIPsecPolicyLastChanged TimeStamp
}
tmnxIPsecPolicyId OBJECT-TYPE
SYNTAX TmnxIPsecPolicyId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyId specifies the id of a Security Policy
entry and is the primary index for the table."
::= { tmnxIPsecPolicyEntry 1 }
tmnxIPsecPolicyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxIPsecPolicyRowStatus object is used to create and delete rows
in the tmnxIPsecPolicyTable."
::= { tmnxIPsecPolicyEntry 2 }
tmnxIPsecPolicyLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyLastChanged indicates the sysUpTime at the
time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecPolicyEntry 3 }
tmnxIPsecPlcyParamsTblLastChangd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecPlcyParamsTblLastChangd indicates the sysUpTime
at the time of the last modification to tmnxIPsecPolicyParamsTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 10 }
tmnxIPsecPolicyParamsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecPolicyParamsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IPsec Security Policy Params entries."
::= { tmnxIPsecObjects 11 }
tmnxIPsecPolicyParamsEntry OBJECT-TYPE
SYNTAX TmnxIPsecPolicyParamsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec Security policy params entry."
INDEX {
svcId,
tmnxIPsecPolicyId,
tmnxIPsecPolicyParamsId
}
::= { tmnxIPsecPolicyParamsTable 1 }
TmnxIPsecPolicyParamsEntry ::= SEQUENCE
{
tmnxIPsecPolicyParamsId Unsigned32,
tmnxIPsecPolicyParamsRowStatus RowStatus,
tmnxIPsecPolicyParamsLastChanged TimeStamp,
tmnxIPsecPolicyParamsLclAddrAny TruthValue,
tmnxIPsecPolicyParamsLclAddrType InetAddressType,
tmnxIPsecPolicyParamsLclAddr InetAddress,
tmnxIPsecPolicyParamsLclAPrefLen InetAddressPrefixLength,
tmnxIPsecPolicyParamsRemAddrAny TruthValue,
tmnxIPsecPolicyParamsRemAddrType InetAddressType,
tmnxIPsecPolicyParamsRemAddr InetAddress,
tmnxIPsecPolicyParamsRemAPrefLen InetAddressPrefixLength,
tmnxIPsecPlcyParamsV6LclAddrAny TruthValue,
tmnxIPsecPlcyParamsV6LclAddrType InetAddressType,
tmnxIPsecPlcyParamsV6LclAddr InetAddress,
tmnxIPsecPlcyParamsV6LclAPrefLen InetAddressPrefixLength,
tmnxIPsecPlcyParamsV6RemAddrAny TruthValue,
tmnxIPsecPlcyParamsV6RemAddrType InetAddressType,
tmnxIPsecPlcyParamsV6RemAddr InetAddress,
tmnxIPsecPlcyParamsV6RemAPrefLen InetAddressPrefixLength
}
tmnxIPsecPolicyParamsId OBJECT-TYPE
SYNTAX Unsigned32 (1..16)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyParamsId specifies the id of an IPsec
policy params entry and is part of the index for the
tmnxIPsecPolicyParamsTable."
::= { tmnxIPsecPolicyParamsEntry 1 }
tmnxIPsecPolicyParamsRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxIPsecPolicyParamsRowStatus object is used to create and delete
rows in the tmnxIPsecPolicyParamsTable."
::= { tmnxIPsecPolicyParamsEntry 2 }
tmnxIPsecPolicyParamsLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyParamsLastChanged indicates the sysUpTime
at the time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecPolicyParamsEntry 3 }
tmnxIPsecPolicyParamsLclAddrAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyParamsLclAddrAny specifies whether the IP
address on the vpn side can be any IP address. If the value is 'true'
then local IP address can be any IP address.
Please look at the following chart for more details:
tmnxIPsecPolicyParamsLclAddrAny true false
-----------------------------------------------------------------
tmnxIPsecPolicyParamsLclAddrType unknown unknown or ipv4
tmnxIPsecPolicyParamsLclAddr ''H ''H or valid ipv4
tmnxIPsecPolicyParamsLclAPrefLen 0 0 to 32"
DEFVAL { false }
::= { tmnxIPsecPolicyParamsEntry 4 }
tmnxIPsecPolicyParamsLclAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyParamsLclAddrType specifies the address
type of address in tmnxIPsecPolicyParamsLclAddr. If the value of
tmnxIPsecPolicyParamsLclAddrAny is 'true' then the value of
tmnxIPsecPolicyParamsLclAddrType will be 'unknown'."
DEFVAL { unknown }
::= { tmnxIPsecPolicyParamsEntry 5 }
tmnxIPsecPolicyParamsLclAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyParamsLclAddr specifies the ip address on
the vpn side. If the value of tmnxIPsecPolicyParamsLclAddrAny is
'true' then the value of tmnxIPsecPolicyParamsLclAddr will be
empty(''H)."
DEFVAL { ''H }
::= { tmnxIPsecPolicyParamsEntry 6 }
tmnxIPsecPolicyParamsLclAPrefLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyParamsLclAPrefLen specifies the number of
bits to match of the tmnxIPsecPolicyParamsLclAddr. If the value of
tmnxIPsecPolicyParamsLclAddrAny is 'true' then the value of
tmnxIPsecPolicyParamsLclAPrefLen will be 0."
DEFVAL { 0 }
::= { tmnxIPsecPolicyParamsEntry 7 }
tmnxIPsecPolicyParamsRemAddrAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyParamsRemAddrAny specifies whether the IP
address on the tunnel side can be any IP address. If the value is
'true' then remote IP address can be any IP address.
Please look at the following chart for more details:
tmnxIPsecPolicyParamsRemAddrAny true false
-----------------------------------------------------------------
tmnxIPsecPolicyParamsRemAddrType unknown unknown or ipv4
tmnxIPsecPolicyParamsRemAddr ''H ''H or valid ipv4
tmnxIPsecPolicyParamsRemAPrefLen 0 0 to 32"
DEFVAL { false }
::= { tmnxIPsecPolicyParamsEntry 8 }
tmnxIPsecPolicyParamsRemAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyParamsRemAddrType specifies the address
type of address in tmnxIPsecPolicyParamsRemAddr. If the value of
tmnxIPsecPolicyParamsRemAddrAny is 'true' then the value of
tmnxIPsecPolicyParamsRemAddrType will be 'unknown'."
DEFVAL { unknown }
::= { tmnxIPsecPolicyParamsEntry 9 }
tmnxIPsecPolicyParamsRemAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyParamsRemAddr specifies the ip address on
the tunnel side. If the value of tmnxIPsecPolicyParamsRemAddrAny is
'true' then the value of tmnxIPsecPolicyParamsRemAddr will be
empty(''H)."
DEFVAL { ''H }
::= { tmnxIPsecPolicyParamsEntry 10 }
tmnxIPsecPolicyParamsRemAPrefLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPolicyParamsRemAPrefLen specifies the number of
bits to match of the tmnxIPsecPolicyParamsRemAddr. If the value of
tmnxIPsecPolicyParamsRemAddrAny is 'true' then the value of
tmnxIPsecPolicyParamsRemAPrefLen will be 0."
DEFVAL { 0 }
::= { tmnxIPsecPolicyParamsEntry 11 }
tmnxIPsecPlcyParamsV6LclAddrAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPlcyParamsV6LclAddrAny specifies whether the
ipv6 address on the vpn side can be any ipv6 address. If the value is
'true' then local ipv6 address can be any ipv6 address.
Please look at the following chart for more details:
tmnxIPsecPlcyParamsV6LclAddrAny true false
-----------------------------------------------------------------
tmnxIPsecPlcyParamsV6LclAddrType unknown unknown or ipv6
tmnxIPsecPlcyParamsV6LclAddr ''H ''H or valid ipv6
tmnxIPsecPlcyParamsV6LclAPrefLen 0 0 to 128"
DEFVAL { false }
::= { tmnxIPsecPolicyParamsEntry 12 }
tmnxIPsecPlcyParamsV6LclAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPlcyParamsV6LclAddrType specifies the address
type of address in tmnxIPsecPlcyParamsV6LclAddr. If the value of
tmnxIPsecPlcyParamsV6LclAddrAny is 'true' then the value of
tmnxIPsecPlcyParamsV6LclAddrType will be 'unknown'."
DEFVAL { unknown }
::= { tmnxIPsecPolicyParamsEntry 13 }
tmnxIPsecPlcyParamsV6LclAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPlcyParamsV6LclAddr specifies the ipv6 address
on the vpn side. If the value of tmnxIPsecPlcyParamsV6LclAddrAny is
'true' then the value of tmnxIPsecPlcyParamsV6LclAddr will be
empty(''H)."
DEFVAL { ''H }
::= { tmnxIPsecPolicyParamsEntry 14 }
tmnxIPsecPlcyParamsV6LclAPrefLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength (0 | 1..128)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPlcyParamsV6LclAPrefLen specifies the number of
bits to match of the tmnxIPsecPlcyParamsV6LclAddr. If the value of
tmnxIPsecPlcyParamsV6LclAddrAny is 'true' then the value of
tmnxIPsecPlcyParamsV6LclAPrefLen will be 0."
DEFVAL { 0 }
::= { tmnxIPsecPolicyParamsEntry 15 }
tmnxIPsecPlcyParamsV6RemAddrAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPlcyParamsV6RemAddrAny specifies whether the
ipv6 address on the tunnel side can be any ipv6 address. If the value
is 'true' then remote ipv6 address can be any ipv6 address.
Please look at the following chart for more details:
tmnxIPsecPlcyParamsV6RemAddrAny true false
-----------------------------------------------------------------
tmnxIPsecPlcyParamsV6RemAddrType unknown unknown or ipv6
tmnxIPsecPlcyParamsV6RemAddr ''H ''H or valid ipv6
tmnxIPsecPlcyParamsV6RemAPrefLen 0 0 to 128"
DEFVAL { false }
::= { tmnxIPsecPolicyParamsEntry 16 }
tmnxIPsecPlcyParamsV6RemAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPlcyParamsV6RemAddrType specifies the address
type of address in tmnxIPsecPlcyParamsV6RemAddr. If the value of
tmnxIPsecPlcyParamsV6RemAddrAny is 'true' then the value of
tmnxIPsecPlcyParamsV6RemAddrType will be 'unknown'."
DEFVAL { unknown }
::= { tmnxIPsecPolicyParamsEntry 17 }
tmnxIPsecPlcyParamsV6RemAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPlcyParamsV6RemAddr specifies the ipv6 address
on the tunnel side. If the value of tmnxIPsecPlcyParamsV6RemAddrAny is
'true' then the value of tmnxIPsecPlcyParamsV6RemAddr will be
empty(''H)."
DEFVAL { ''H }
::= { tmnxIPsecPolicyParamsEntry 18 }
tmnxIPsecPlcyParamsV6RemAPrefLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength (0 | 1..128)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecPlcyParamsV6RemAPrefLen specifies the number of
bits to match of the tmnxIPsecPlcyParamsV6RemAddr. If the value of
tmnxIPsecPlcyParamsV6RemAddrAny is 'true' then the value of
tmnxIPsecPlcyParamsV6RemAPrefLen will be 0."
DEFVAL { 0 }
::= { tmnxIPsecPolicyParamsEntry 19 }
tmnxIPsecSATableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSATableLastChanged indicates the sysUpTime at
the time of the last modification to tmnxIPsecSATable by adding,
deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 12 }
tmnxIPsecSATable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecSAEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IPsec manual and dynamic SA entries."
::= { tmnxIPsecObjects 13 }
tmnxIPsecSAEntry OBJECT-TYPE
SYNTAX TmnxIPsecSAEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec SA entry."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxIPsecTunnelName,
tmnxIPsecSAId,
tmnxIPsecSADirection,
tmnxIPsecSAIndex
}
::= { tmnxIPsecSATable 1 }
TmnxIPsecSAEntry ::= SEQUENCE
{
tmnxIPsecSAId Unsigned32,
tmnxIPsecSAIndex Unsigned32,
tmnxIPsecSADirection TmnxIPsecDirection,
tmnxIPsecSARowStatus RowStatus,
tmnxIPsecSALastChanged TimeStamp,
tmnxIPsecSAType TmnxIPsecKeyingType,
tmnxIPsecSAEncryptionKey OCTET STRING,
tmnxIPsecSAAuthenticationKey OCTET STRING,
tmnxIPsecSASpi Unsigned32,
tmnxIPsecSAManualTransformId TmnxIPsecTransformIdOrZero,
tmnxIPsecSAAuthAlgorithm TmnxAuthAlgorithm,
tmnxIPsecSAEncrAlgorithm TmnxEncrAlgorithm,
tmnxIPsecSAStorageType StorageType,
tmnxIPsecSAEstablishedTime TimeStamp,
tmnxIPsecSANegotiatedLifeTime Unsigned32
}
tmnxIPsecSAId OBJECT-TYPE
SYNTAX Unsigned32 (1..16)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAId specifies the id of an SA entry and is part
of the index for the tmnxIPsecSATable."
::= { tmnxIPsecSAEntry 1 }
tmnxIPsecSAIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..2)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAIndex specifies an additional index to
uniquely identify the SA entry in the tmnxIPsecSATable.
The value of tmnxIPsecSAIndex is limited to a value of '1' when
tmnxIPsecTunnelKeyingType corresponding to the tunnel specified
tmnxIPsecTunnelName is set to 'static'."
::= { tmnxIPsecSAEntry 2 }
tmnxIPsecSADirection OBJECT-TYPE
SYNTAX TmnxIPsecDirection
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecSADirection specifies the direction on the
IPsec tunnel to which this SA entry can be applied. The value
of tmnxIPsecSADirection is also part of the index for the table
tmnxIPsecSATable"
::= { tmnxIPsecSAEntry 3 }
tmnxIPsecSARowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxIPsecSARowStatus object is used to create and delete rows in
the tmnxIPsecSATable.
When creating an entry in tmnxIPsecSATable, the value of
tmnxIPsecSARowStatus must be 'createAndGo' and the objects
tmnxIPsecSAEncryptionKey, tmnxIPsecSAAuthenticationKey,
tmnxIPsecSASpi, tmnxIPsecSAManualTransformId are required to be set in
the same request."
::= { tmnxIPsecSAEntry 4 }
tmnxIPsecSALastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSALastChanged indicates the sysUpTime at the
time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecSAEntry 5 }
tmnxIPsecSAType OBJECT-TYPE
SYNTAX TmnxIPsecKeyingType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAType indicates whether this SA entry is
created manually by the user or dynamically by the IPsec subsystem."
::= { tmnxIPsecSAEntry 6 }
tmnxIPsecSAEncryptionKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAEncryptionKey specifies the key used for the
encryption algorithm defined by the tmnxIPsecTransformEncrAlgorithm in
the IPsec transform indexed by tmnxIPsecSAManualTransformId.
The length of the key must match the length required by the encryption
algorithm. If a key of another length is set, the request will fail
with an 'inconsistentValue' error.
There is no default value for tmnxIPsecSAEncryptionKey and this is a
required object when creating an entry in tmnxIPsecSATable. If
tmnxIPsecSAEncryptionKey is not specified when creating an entry, the
request will fail with an 'inconsistentValue' error."
::= { tmnxIPsecSAEntry 7 }
tmnxIPsecSAAuthenticationKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAAuthenticationKey specifies the key used for
the authentication algorithm defined by the
tmnxIPsecTransformAuthAlgorithm in the IPsec transform indexed by
tmnxIPsecSAManualTransformId.
The length of the key must match the length required by the
authentication algorithm. If a key of another length is set, the
request will fail with an 'inconsistentValue' error.
There is no default value for tmnxIPsecSAAuthenticationKey and this is
a required object when creating an entry in tmnxIPsecSATable. If
tmnxIPsecSAAuthenticationKey is not specified when creating an entry,
the request will fail with an 'inconsistentValue' error."
::= { tmnxIPsecSAEntry 8 }
tmnxIPsecSASpi OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecSASpi specifies the SPI (Security Parameter
Index) used to lookup the instruction to verify and decrypt the
incoming IPsec packets when the value of tmnxIPsecSADirection is
'inbound'.
The value of tmnxIPsecSASpi specifies the SPI that will be used
in the encoding of the outgoing packets when the value of
tmnxIPsecSADirection is 'outbound'. The remote node can use this
SPI to lookup the instruction to verify and decrypt the packet.
There is no default value for tmnxIPsecSASpi and this is a required
object when creating an entry in tmnxIPsecSATable. If
tmnxIPsecSAAuthenticationKey is not specified when creating an entry,
the request will fail with an 'inconsistentValue' error.
A 'wrongValue' error is returned if the value of tmnxIPsecSASpi is set
to outside the range of 256 and 16383."
::= { tmnxIPsecSAEntry 9 }
tmnxIPsecSAManualTransformId OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAManualTransformId specifies the transform
entry that will be used by this SA entry. This object should be
specified for all the entries created by the user which are manual
SAs. If the value of tmnxIPsecSAType is 'dynamic', then
the value of tmnxIPsecSAManualTransformId is irrelevant and
will be zero.
There is no default value for tmnxIPsecSAManualTransformId and this is
a required object when creating an entry in tmnxIPsecSATable. If
tmnxIPsecSAManualTransformId is not specified when creating an entry,
the request will fail with an 'inconsistentValue' error."
::= { tmnxIPsecSAEntry 10 }
tmnxIPsecSAAuthAlgorithm OBJECT-TYPE
SYNTAX TmnxAuthAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAAuthAlgorithm indicates the authentication
algorithm used with this SA."
::= { tmnxIPsecSAEntry 11 }
tmnxIPsecSAEncrAlgorithm OBJECT-TYPE
SYNTAX TmnxEncrAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAEncrAlgorithm indicates the encryption
algorithm used with this SA."
::= { tmnxIPsecSAEntry 12 }
tmnxIPsecSAStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStorageType indicates how the row is stored.
Entries with tmnxIPsecSAStorageType of 'read-only' are dynamic SAs
and are created by the IPsec subsystem and cannot be modified or
destroyed. All the entries created by the user are manual SAs and
will have the tmnxIPsecSAStorageType as 'nonVolatile'."
::= { tmnxIPsecSAEntry 13 }
tmnxIPsecSAEstablishedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAEstablishedTime indicates the sysUpTime at the
time the IPsec phase 2 negotiation completed."
::= { tmnxIPsecSAEntry 14 }
tmnxIPsecSANegotiatedLifeTime OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSANegotiatedLifeTime indicates the lifetime
negotiated for phase2 IKE key."
::= { tmnxIPsecSAEntry 15 }
tmnxIPsecSAStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecSAStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to retrieve the IPsec SA Statistics entries."
::= { tmnxIPsecObjects 14 }
tmnxIPsecSAStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecSAStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec SA Statistics entry."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxIPsecTunnelName,
tmnxIPsecSAId,
tmnxIPsecSADirection,
tmnxIPsecSAIndex
}
::= { tmnxIPsecSAStatsTable 1 }
TmnxIPsecSAStatsEntry ::= SEQUENCE
{
tmnxIPsecSAStatsBytesProcessed Counter64,
tmnxIPsecSAStatsBytesProcLow32 Counter32,
tmnxIPsecSAStatsBytesProcHigh32 Counter32,
tmnxIPsecSAStatsPktsProcessed Counter64,
tmnxIPsecSAStatsPktsProcLow32 Counter32,
tmnxIPsecSAStatsPktsProcHigh32 Counter32,
tmnxIPsecSAStatsCryptoErrors Counter32,
tmnxIPsecSAStatsReplayErrors Counter32,
tmnxIPsecSAStatsSAErrors Counter32,
tmnxIPsecSAStatsPolicyErrors Counter32,
tmnxIPsecSAStatsEncapOverhead Counter32,
tmnxIPsecSAStatsPreEncapFragCnt Counter64,
tmnxIPsecSAStatsPreEncapFragLtSz Unsigned32,
tmnxIPsecSAStatsPstEncapFragCnt Counter64,
tmnxIPsecSAStatsPstEncapFragLtSz Unsigned32,
tmnxIPsecSAStatsPfsDhGroup TmnxIkePolicyDHGroupOrZero,
tmnxIPsecSAStatsMulticastIfName TNamedItemOrEmpty,
tmnxIPsecSAStatsMulticastProt TIPsecMulticastProtocol
}
tmnxIPsecSAStatsBytesProcessed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsBytesProcessed indicates the number of
bytes successfully processed for this SA."
::= { tmnxIPsecSAStatsEntry 1 }
tmnxIPsecSAStatsBytesProcLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsBytesProcLow32 indicates the lower 32
bits of the value of tmnxIPsecSAStatsBytesProcessed."
::= { tmnxIPsecSAStatsEntry 2 }
tmnxIPsecSAStatsBytesProcHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsBytesProcHigh32 indicates the higher 32
bits of the value of tmnxIPsecSAStatsBytesProcessed."
::= { tmnxIPsecSAStatsEntry 3 }
tmnxIPsecSAStatsPktsProcessed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsPktsProcessed indicates the number of
packets successfully processed for this SA."
::= { tmnxIPsecSAStatsEntry 4 }
tmnxIPsecSAStatsPktsProcLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsPktsProcLow32 indicates the lower 32 bits
of the value of tmnxIPsecSAStatsPktsProcessed."
::= { tmnxIPsecSAStatsEntry 5 }
tmnxIPsecSAStatsPktsProcHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsPktsProcHigh32 indicates the higher 32
bits of the value of tmnxIPsecSAStatsPktsProcessed."
::= { tmnxIPsecSAStatsEntry 6 }
tmnxIPsecSAStatsCryptoErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsCryptoErrors indicates the number of
crypto errors encountered on this SA.
When the value of tmnxIPsecSADirection is 'inbound (1)', the
tmnxIPsecSAStatsCryptoErrors will be set for the following errors:
MAC miscompare
Pad errors
Illegal configure algorithm
Illegal authentication algorithm
Inner IP checksum errors
Payload alignment errors
Sequence number errors
Protocol errors
When the value of tmnxIPsecSADirection is 'outbound (2)', the
tmnxIPsecSAStatsCryptoErrors will be set for the following errors:
Sequence wrap errors
Illegal configure algorithm
Illegal authentication algorithm
Expanded packet too big
TTL decrement errors"
::= { tmnxIPsecSAStatsEntry 7 }
tmnxIPsecSAStatsReplayErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsReplayErrors indicates the number of
replay errors encountered on this SA."
::= { tmnxIPsecSAStatsEntry 8 }
tmnxIPsecSAStatsSAErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsSAErrors indicates the number of SA
errors encountered on this SA. The SA errors means ISA tried to use a
CHILD SA that is marked for deletion."
::= { tmnxIPsecSAStatsEntry 9 }
tmnxIPsecSAStatsPolicyErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsPolicyErrors indicates the number
of policy errors encountered on this SA. The policy errors include
bundled SA, selector check and policy direction error."
::= { tmnxIPsecSAStatsEntry 10 }
tmnxIPsecSAStatsEncapOverhead OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsEncapOverhead indicates the encapsulation
overhead for this outbound SA. This value is only significant when the
value of tmnxIPsecSADirection is 'outbound'."
::= { tmnxIPsecSAStatsEntry 11 }
tmnxIPsecSAStatsPreEncapFragCnt OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsPreEncapFragCnt indicates the number of
fragmentations that occurred prior to encapsulation for this outbound
SA. Pre-encapsulation fragmentation occurs for IPv4 packets whose size
exceeds tmnxIPsecTunnelIpMtu. This value is only significant when the
value of tmnxIPsecSADirection is 'outbound'."
::= { tmnxIPsecSAStatsEntry 12 }
tmnxIPsecSAStatsPreEncapFragLtSz OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsPreEncapFragLtSz indicates the size of
the last packet which caused a pre-encapsulation fragmentation to
occur for this SA. This value is only significant when the value of
tmnxIPsecSADirection is 'outbound'."
::= { tmnxIPsecSAStatsEntry 13 }
tmnxIPsecSAStatsPstEncapFragCnt OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsPstEncapFragCnt indicates the number of
fragmentations that occurred after encapsulation for this SA.
Post-encapsulation fragmentation occurs when the encapsulated packet
size exceeds tmnxIPsecTunnelEncapIpMtu. This value is only significant
when the value of tmnxIPsecSADirection is 'outbound'."
::= { tmnxIPsecSAStatsEntry 14 }
tmnxIPsecSAStatsPstEncapFragLtSz OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsPstEncapFragLtSz indicates the size of
the last encapsulated packet which caused a post-encapsulation
fragmentation to occur for this SA. This value is only significant
when the value of tmnxIPsecSADirection is 'outbound'."
::= { tmnxIPsecSAStatsEntry 15 }
tmnxIPsecSAStatsPfsDhGroup OBJECT-TYPE
SYNTAX TmnxIkePolicyDHGroupOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsPfsDhGroup indicates the Diffie-Hellman
(DH) group used with this SA.
The Diffie-Hellman (DH) group is used by the SA to achieve Perfect
Forward Secrecy (PFS)."
::= { tmnxIPsecSAStatsEntry 17 }
tmnxIPsecSAStatsMulticastIfName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsMulticastIfName indicates the multicast
interface name associated with this SA.
This value is only significant when the value of tmnxIPsecSAType is
'dynamic (2)' and the value of tmnxIPsecSADirection is 'outbound (2)'."
::= { tmnxIPsecSAStatsEntry 18 }
tmnxIPsecSAStatsMulticastProt OBJECT-TYPE
SYNTAX TIPsecMulticastProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSAStatsMulticastProt indicates the supported
protocol types of the multicast interface associated to this RA.
This value is only significant when the value of tmnxIPsecSAType is
'dynamic (2)' and the value of tmnxIPsecSADirection is 'outbound (2)'."
::= { tmnxIPsecSAStatsEntry 19 }
tmnxIPsecMdaDpStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecMdaDpStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to retrieve the IPsec Mda Data Path Statistics entries."
::= { tmnxIPsecObjects 15 }
tmnxIPsecMdaDpStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecMdaDpStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec Mda Data Path Statistics entry."
INDEX {
tmnxChassisIndex,
tmnxCardSlotNum,
tmnxMDASlotNum
}
::= { tmnxIPsecMdaDpStatsTable 1 }
TmnxIPsecMdaDpStatsEntry ::= SEQUENCE
{
tmnxIPsecMdaDpStatsEncryptPkts Counter64,
tmnxIPsecMdaDpStatsEncryptPktsLow32 Counter32,
tmnxIPsecMdaDpStatsEncryptPktsHigh32 Counter32,
tmnxIPsecMdaDpStatsEncryptBytes Counter64,
tmnxIPsecMdaDpStatsEncryptBytesLow32 Counter32,
tmnxIPsecMdaDpStatsEncryptBytesHigh32 Counter32,
tmnxIPsecMdaDpStatsDecryptPkts Counter64,
tmnxIPsecMdaDpStatsDecryptPktsLow32 Counter32,
tmnxIPsecMdaDpStatsDecryptPktsHigh32 Counter32,
tmnxIPsecMdaDpStatsDecryptBytes Counter64,
tmnxIPsecMdaDpStatsDecryptBytesLow32 Counter32,
tmnxIPsecMdaDpStatsDecryptBytesHigh32 Counter32,
tmnxIPsecMdaDpStatsTxPktErrs Counter32,
tmnxIPsecMdaDpStatsOutBDropPkts Counter64,
tmnxIPsecMdaDpStatsOutBDropPktsLow32 Counter32,
tmnxIPsecMdaDpStatsOutBDropPktsHigh32 Counter32,
tmnxIPsecMdaDpStatsOutBSAMisses Counter64,
tmnxIPsecMdaDpStatsOutBSAMissesLow32 Counter32,
tmnxIPsecMdaDpStatsOutBSAMissesHigh32 Counter32,
tmnxIPsecMdaDpStatsOutBPolicyEntryMisses Counter32,
tmnxIPsecMdaDpStatsInBDropPkts Counter64,
tmnxIPsecMdaDpStatsInBDropPktsLow32 Counter32,
tmnxIPsecMdaDpStatsInBDropPktsHigh32 Counter32,
tmnxIPsecMdaDpStatsInBSAMisses Counter64,
tmnxIPsecMdaDpStatsInBSAMissesLow32 Counter32,
tmnxIPsecMdaDpStatsInBSAMissesHigh32 Counter32,
tmnxIPsecMdaDpStatsInBIPDstSrcMismatches Counter32,
tmnxIPsecMdaDpInFragments Counter64,
tmnxIPsecMdaDpInFragmentsLow32 Counter32,
tmnxIPsecMdaDpInFragmentsHigh32 Counter32,
tmnxIPsecMdaDpPktsReassem Counter64,
tmnxIPsecMdaDpPktsReassemLow32 Counter32,
tmnxIPsecMdaDpPktsReassemHigh32 Counter32,
tmnxIPsecMdaDpFragDropTime Counter64,
tmnxIPsecMdaDpFragDropTimeLow32 Counter32,
tmnxIPsecMdaDpFragDropTimeHigh32 Counter32,
tmnxIPsecMdaDpFragDropped Counter64,
tmnxIPsecMdaDpFragDroppedLow32 Counter32,
tmnxIPsecMdaDpFragDroppedHigh32 Counter32,
tmnxIPsecMdaDpGreTnlInPkts Counter64,
tmnxIPsecMdaDpGreTnlInPktsLo Counter32,
tmnxIPsecMdaDpGreTnlInPktsHi Counter32,
tmnxIPsecMdaDpGreTnlInBytes Counter64,
tmnxIPsecMdaDpGreTnlInBytesLo Counter32,
tmnxIPsecMdaDpGreTnlInBytesHi Counter32,
tmnxIPsecMdaDpGreTnlInErrs Counter64,
tmnxIPsecMdaDpGreTnlInErrsLo Counter32,
tmnxIPsecMdaDpGreTnlInErrsHi Counter32,
tmnxIPsecMdaDpGreTnlOutPkts Counter64,
tmnxIPsecMdaDpGreTnlOutPktsLo Counter32,
tmnxIPsecMdaDpGreTnlOutPktsHi Counter32,
tmnxIPsecMdaDpGreTnlOutBytes Counter64,
tmnxIPsecMdaDpGreTnlOutBytesLo Counter32,
tmnxIPsecMdaDpGreTnlOutBytesHi Counter32,
tmnxIPsecMdaDpGreTnlOutErrs Counter64,
tmnxIPsecMdaDpGreTnlOutErrsLo Counter32,
tmnxIPsecMdaDpGreTnlOutErrsHi Counter32,
tmnxIPsecMdaDpPktsDropDfSet Counter64,
tmnxIPsecMdaDpPktsDropDfSetLo Counter32,
tmnxIPsecMdaDpPktsDropDfSetHi Counter32,
tmnxIPsecMdaDpStaticIPsecTnls Counter32,
tmnxIPsecMdaDpDynIPsecTnls Counter32,
tmnxIPsecMdaDpIpGreTnls Counter32,
tmnxIPsecMdaDpIpv4Tnls Counter32,
tmnxIPsecMdaDpL2tpv3TnlInPkts Counter64,
tmnxIPsecMdaDpL2tpv3TnlInBytes Counter64,
tmnxIPsecMdaDpL2tpv3TnlInErrs Counter64,
tmnxIPsecMdaDpL2tpv3TnlInCookErr Counter64,
tmnxIPsecMdaDpL2tpv3TnlInSeIdErr Counter64,
tmnxIPsecMdaDpL2tpv3TnlOutPkts Counter64,
tmnxIPsecMdaDpL2tpv3TnlOutBytes Counter64,
tmnxIPsecMdaDpL2tpv3TnlOutErrs Counter64,
tmnxIPsecMdaDpL2tpv3Tnls Counter32
}
tmnxIPsecMdaDpStatsEncryptPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsEncryptPkts indicates the number of
packets encrypted by the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 1 }
tmnxIPsecMdaDpStatsEncryptPktsLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsEncryptPktsLow32 indicates the lower
32 bits of the value of tmnxIPsecMdaDpStatsEncryptPkts."
::= { tmnxIPsecMdaDpStatsEntry 2 }
tmnxIPsecMdaDpStatsEncryptPktsHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsEncryptPktsHigh32 indicates the higher
32 bits of the value of tmnxIPsecMdaDpStatsEncryptPkts."
::= { tmnxIPsecMdaDpStatsEntry 3 }
tmnxIPsecMdaDpStatsEncryptBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsEncryptBytes indicates the number of
bytes encrypted by the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 4 }
tmnxIPsecMdaDpStatsEncryptBytesLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsEncryptBytesLow32 indicates the lower
32 bits of the value of tmnxIPsecMdaDpStatsEncryptBytes."
::= { tmnxIPsecMdaDpStatsEntry 5 }
tmnxIPsecMdaDpStatsEncryptBytesHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsEncryptBytesHigh32 indicates the
higher 32 bits of the value of tmnxIPsecMdaDpStatsEncryptBytes."
::= { tmnxIPsecMdaDpStatsEntry 6 }
tmnxIPsecMdaDpStatsDecryptPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsDecryptPkts indicates the number of
packets encrypted by the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 7 }
tmnxIPsecMdaDpStatsDecryptPktsLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsDecryptPktsLow32 indicates the lower
32 bits of the value of tmnxIPsecMdaDpStatsDecryptPkts."
::= { tmnxIPsecMdaDpStatsEntry 8 }
tmnxIPsecMdaDpStatsDecryptPktsHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsDecryptPktsHigh32 indicates the higher
32 bits of the value of tmnxIPsecMdaDpStatsDecryptPkts."
::= { tmnxIPsecMdaDpStatsEntry 9 }
tmnxIPsecMdaDpStatsDecryptBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsDecryptBytes indicates the number of
bytes encrypted by the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 10 }
tmnxIPsecMdaDpStatsDecryptBytesLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsDecryptBytesLow32 indicates the lower
32 bits of the value of tmnxIPsecMdaDpStatsDecryptBytes."
::= { tmnxIPsecMdaDpStatsEntry 11 }
tmnxIPsecMdaDpStatsDecryptBytesHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsDecryptBytesHigh32 indicates the
higher 32 bits of the value of tmnxIPsecMdaDpStatsDecryptBytes."
::= { tmnxIPsecMdaDpStatsEntry 12 }
tmnxIPsecMdaDpStatsTxPktErrs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsTxPktErrs indicates the number of
packets transmit failures by the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 13 }
tmnxIPsecMdaDpStatsOutBDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsOutBDropPkts indicates the number of
packets dropped before and during outbound (encryption) processing by
the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 14 }
tmnxIPsecMdaDpStatsOutBDropPktsLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsOutBDropPktsLow32 indicates the lower
32 bits of the value of tmnxIPsecMdaDpStatsOutBDropPkts."
::= { tmnxIPsecMdaDpStatsEntry 15 }
tmnxIPsecMdaDpStatsOutBDropPktsHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsOutBDropPktsHigh32 indicates the
higher 32 bits of the value of tmnxIPsecMdaDpStatsOutBDropPkts."
::= { tmnxIPsecMdaDpStatsEntry 16 }
tmnxIPsecMdaDpStatsOutBSAMisses OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsOutBSAMisses indicates the number of
packets dropped before outbound (encryption) processing by the IPsec
data path due to no SA (security association) present."
::= { tmnxIPsecMdaDpStatsEntry 17 }
tmnxIPsecMdaDpStatsOutBSAMissesLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsOutBSAMissesLow32 indicates the lower
32 bits of the value of tmnxIPsecMdaDpStatsOutBSAMisses."
::= { tmnxIPsecMdaDpStatsEntry 18 }
tmnxIPsecMdaDpStatsOutBSAMissesHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsOutBSAMissesHigh32 indicates the
higher 32 bits of the value of tmnxIPsecMdaDpStatsOutBSAMisses."
::= { tmnxIPsecMdaDpStatsEntry 19 }
tmnxIPsecMdaDpStatsOutBPolicyEntryMisses OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsOutBPolicyEntryMisses indicates the
number of packets dropped before outbound (encryption) processing by
the IPsec data path due to no matching Policy Entry."
::= { tmnxIPsecMdaDpStatsEntry 20 }
tmnxIPsecMdaDpStatsInBDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsInBDropPkts indicates the number of
packets dropped before and during inbound (decryption) processing by
the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 21 }
tmnxIPsecMdaDpStatsInBDropPktsLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsInBDropPktsLow32 indicates the lower
32 bits of the value of tmnxIPsecMdaDpStatsInBDropPkts."
::= { tmnxIPsecMdaDpStatsEntry 22 }
tmnxIPsecMdaDpStatsInBDropPktsHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsInBDropPktsHigh32 indicates the higher
32 bits of the value of tmnxIPsecMdaDpStatsInBDropPkts."
::= { tmnxIPsecMdaDpStatsEntry 23 }
tmnxIPsecMdaDpStatsInBSAMisses OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsInBSAMisses indicates the number of
packets dropped before inbound (decryption) processing by the IPsec
data path due to no SA (security association) present."
::= { tmnxIPsecMdaDpStatsEntry 24 }
tmnxIPsecMdaDpStatsInBSAMissesLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsInBSAMissesLow32 indicates the lower
32 bits of the value of tmnxIPsecMdaDpStatsInBSAMisses."
::= { tmnxIPsecMdaDpStatsEntry 25 }
tmnxIPsecMdaDpStatsInBSAMissesHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsInBSAMissesHigh32 indicates the higher
32 bits of the value of tmnxIPsecMdaDpStatsInBSAMisses."
::= { tmnxIPsecMdaDpStatsEntry 26 }
tmnxIPsecMdaDpStatsInBIPDstSrcMismatches OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStatsInBIPDstSrcMismatches indicates the
number of packets dropped before inbound (decryption) processing by
the IPsec data path due to the received packet's outer IP destination
or source address does not match the Tunnel's local or peer gateway
address."
::= { tmnxIPsecMdaDpStatsEntry 27 }
tmnxIPsecMdaDpInFragments OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpInFragments indicates the number of
fragments received by the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 28 }
tmnxIPsecMdaDpInFragmentsLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpInFragmentsLow32 indicates the lower 32
bits of the value of tmnxIPsecMdaDpInFragments."
::= { tmnxIPsecMdaDpStatsEntry 29 }
tmnxIPsecMdaDpInFragmentsHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpInFragmentsHigh32 indicates the higher 32
bits of the value of tmnxIPsecMdaDpInFragments."
::= { tmnxIPsecMdaDpStatsEntry 30 }
tmnxIPsecMdaDpPktsReassem OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpPktsReassem indicates the number of packets
reassembled by the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 31 }
tmnxIPsecMdaDpPktsReassemLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpPktsReassemLow32 indicates the lower 32
bits of the value of tmnxIPsecMdaDpPktsReassem."
::= { tmnxIPsecMdaDpStatsEntry 32 }
tmnxIPsecMdaDpPktsReassemHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpPktsReassemHigh32 indicates the higher 32
bits of the value of tmnxIPsecMdaDpPktsReassem."
::= { tmnxIPsecMdaDpStatsEntry 33 }
tmnxIPsecMdaDpFragDropTime OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpFragDropTime indicates the number of
fragments dropped due to timeout by the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 34 }
tmnxIPsecMdaDpFragDropTimeLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpFragDropTimeLow32 indicates the lower 32
bits of the value of tmnxIPsecMdaDpFragDropTime."
::= { tmnxIPsecMdaDpStatsEntry 35 }
tmnxIPsecMdaDpFragDropTimeHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpFragDropTimeHigh32 indicates the higher 32
bits of the value of tmnxIPsecMdaDpFragDropTime."
::= { tmnxIPsecMdaDpStatsEntry 36 }
tmnxIPsecMdaDpFragDropped OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpFragDropped indicates the number of total
fragments dropped by the IPsec data path."
::= { tmnxIPsecMdaDpStatsEntry 37 }
tmnxIPsecMdaDpFragDroppedLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpFragDroppedLow32 indicates the lower 32
bits of the value of tmnxIPsecMdaDpFragDropped."
::= { tmnxIPsecMdaDpStatsEntry 38 }
tmnxIPsecMdaDpFragDroppedHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpFragDroppedHigh32 indicates the higher 32
bits of the value of tmnxIPsecMdaDpFragDropped."
::= { tmnxIPsecMdaDpStatsEntry 39 }
tmnxIPsecMdaDpGreTnlInPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlInPkts indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 40 }
tmnxIPsecMdaDpGreTnlInPktsLo OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlInPktsLo indicates the lower 32 bits
of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 41 }
tmnxIPsecMdaDpGreTnlInPktsHi OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlInPktsHi indicates the higher 32 bits
of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 42 }
tmnxIPsecMdaDpGreTnlInBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlInBytes indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 43 }
tmnxIPsecMdaDpGreTnlInBytesLo OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlInBytesLo indicates the lower 32 bits
of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 44 }
tmnxIPsecMdaDpGreTnlInBytesHi OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlInBytesHi indicates the higher 32
bits of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 45 }
tmnxIPsecMdaDpGreTnlInErrs OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlInErrs indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 46 }
tmnxIPsecMdaDpGreTnlInErrsLo OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlInErrsLo indicates the lower 32 bits
of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 47 }
tmnxIPsecMdaDpGreTnlInErrsHi OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlInErrsHi indicates the higher 32 bits
of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 48 }
tmnxIPsecMdaDpGreTnlOutPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlOutPkts indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 49 }
tmnxIPsecMdaDpGreTnlOutPktsLo OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlOutPktsLo indicates the lower 32 bits
of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 50 }
tmnxIPsecMdaDpGreTnlOutPktsHi OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlOutPktsHi indicates the higher 32
bits of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 51 }
tmnxIPsecMdaDpGreTnlOutBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlOutBytes indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 52 }
tmnxIPsecMdaDpGreTnlOutBytesLo OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlOutBytesLo indicates the lower 32
bits of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 53 }
tmnxIPsecMdaDpGreTnlOutBytesHi OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlOutBytesHi indicates the higher 32
bits of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 54 }
tmnxIPsecMdaDpGreTnlOutErrs OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlOutErrs indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 55 }
tmnxIPsecMdaDpGreTnlOutErrsLo OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlOutErrsLo indicates the lower 32 bits
of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 56 }
tmnxIPsecMdaDpGreTnlOutErrsHi OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpGreTnlOutErrsHi indicates the higher 32
bits of the number of packets received by the GRE tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 57 }
tmnxIPsecMdaDpPktsDropDfSet OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpPktsDropDfSet indicates the number of
packets with DF bit set dropped in this Tunnel exceeding MTU size and
with clear tunnel DF bit not set."
::= { tmnxIPsecMdaDpStatsEntry 58 }
tmnxIPsecMdaDpPktsDropDfSetLo OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpPktsDropDfSetLo indicates lower 32 bits of
the value of tmnxIPsecMdaDpPktsDropDfSet object."
::= { tmnxIPsecMdaDpStatsEntry 59 }
tmnxIPsecMdaDpPktsDropDfSetHi OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpPktsDropDfSetHi indicates higher 32 bits of
the value of tmnxIPsecMdaDpPktsDropDfSet object."
::= { tmnxIPsecMdaDpStatsEntry 60 }
tmnxIPsecMdaDpStaticIPsecTnls OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpStaticIPsecTnls indicates number of
configured static IPsec tunnels on the MDA."
::= { tmnxIPsecMdaDpStatsEntry 61 }
tmnxIPsecMdaDpDynIPsecTnls OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpDynIPsecTnls indicates number of dynamic
IPsec tunnels in use on the MDA."
::= { tmnxIPsecMdaDpStatsEntry 62 }
tmnxIPsecMdaDpIpGreTnls OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpIpGreTnls indicates number of configured IP
tunnels (with GRE headers) on the MDA."
::= { tmnxIPsecMdaDpStatsEntry 63 }
tmnxIPsecMdaDpIpv4Tnls OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpIpv4Tnls indicates number of configured
IPv4 tunnels on the MDA."
::= { tmnxIPsecMdaDpStatsEntry 64 }
tmnxIPsecMdaDpL2tpv3TnlInPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpL2tpv3TnlInPkts indicates the number of
packets received by the Layer Two Tunneling Protocol (L2TP) version 3
(L2TPv3) tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 65 }
tmnxIPsecMdaDpL2tpv3TnlInBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpL2tpv3TnlInBytes indicates the number of
bytes received by the L2TPv3 tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 66 }
tmnxIPsecMdaDpL2tpv3TnlInErrs OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpL2tpv3TnlInErrs indicates the number of
packets dropped while receiving by the L2TPv3 tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 67 }
tmnxIPsecMdaDpL2tpv3TnlInCookErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpL2tpv3TnlInCookErr indicates the number of
packets dropped because the Cookie value received by the L2TPv3 tunnel
data path did not match the Cookie value negotiated during session
establishment."
::= { tmnxIPsecMdaDpStatsEntry 68 }
tmnxIPsecMdaDpL2tpv3TnlInSeIdErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpL2tpv3TnlInSeIdErr indicates the number of
packets dropped because the Session ID value received by the L2TPv3
tunnel data path did not match the Session ID value negotiated during
session establishment."
::= { tmnxIPsecMdaDpStatsEntry 69 }
tmnxIPsecMdaDpL2tpv3TnlOutPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpL2tpv3TnlOutPkts indicates the number of
packets transmitted by the L2TPv3 tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 70 }
tmnxIPsecMdaDpL2tpv3TnlOutBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpL2tpv3TnlOutBytes indicates the number of
bytes transmitted by the L2TPv3 tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 71 }
tmnxIPsecMdaDpL2tpv3TnlOutErrs OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpL2tpv3TnlOutErrs indicates the number of
packets dropped while transmitting by the L2TPv3 tunnel data path."
::= { tmnxIPsecMdaDpStatsEntry 72 }
tmnxIPsecMdaDpL2tpv3Tnls OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecMdaDpL2tpv3Tnls indicates number of configured
L2TPv3 tunnels on the MDA."
::= { tmnxIPsecMdaDpStatsEntry 73 }
tIPsecTnlTempTblLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempTblLastChanged indicates the sysUpTime at
the time of the last modification to tIPsecTnlTempTable by adding,
deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 16 }
tIPsecTnlTempTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecTnlTempEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IPsec tunnel template entries."
::= { tmnxIPsecObjects 17 }
tIPsecTnlTempEntry OBJECT-TYPE
SYNTAX TIPsecTnlTempEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec tunnel template entry."
INDEX { tIPsecTnlTempId }
::= { tIPsecTnlTempTable 1 }
TIPsecTnlTempEntry ::= SEQUENCE
{
tIPsecTnlTempId TmnxIPsecTunnelTemplateId,
tIPsecTnlTempRowStatus RowStatus,
tIPsecTnlTempLastChanged TimeStamp,
tIPsecTnlTempDescr TItemDescription,
tIPsecTnlTempReverseRoute INTEGER,
tIPsecTnlTempDynKeyTransformId1 TmnxIPsecTransformIdOrZero,
tIPsecTnlTempDynKeyTransformId2 TmnxIPsecTransformIdOrZero,
tIPsecTnlTempDynKeyTransformId3 TmnxIPsecTransformIdOrZero,
tIPsecTnlTempDynKeyTransformId4 TmnxIPsecTransformIdOrZero,
tIPsecTnlTempReplayWindow Unsigned32,
tIPsecTnlTempIpMtu Unsigned32,
tIPsecTnlTempEncapIpMtu Unsigned32,
tIPsecTnlTempIcmp6Pkt2Big TruthValue,
tIPsecTnlTempIcmp6NumPkt2Big Unsigned32,
tIPsecTnlTempIcmp6Pkt2BigTime Unsigned32,
tIPsecTnlTempClearDfBit TruthValue,
tIPsecTnlTempPublicTcpMssAdjust Integer32,
tIPsecTnlTempPrivateTcpMssAdjust Integer32,
tIPsecTnlTempIgnoreDefaultRoute TruthValue
}
tIPsecTnlTempId OBJECT-TYPE
SYNTAX TmnxIPsecTunnelTemplateId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempId specifies the id of a tunnel template
entry and is the primary index for the table tIPsecTnlTempTable."
::= { tIPsecTnlTempEntry 1 }
tIPsecTnlTempRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tIPsecTnlTempRowStatus object is used to create and delete rows in
the tIPsecTnlTempTable."
::= { tIPsecTnlTempEntry 2 }
tIPsecTnlTempLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempLastChanged indicates the sysUpTime at the
time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tIPsecTnlTempEntry 3 }
tIPsecTnlTempDescr OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempDescr specifies the user-provided
description for the template."
DEFVAL { "" }
::= { tIPsecTnlTempEntry 4 }
tIPsecTnlTempReverseRoute OBJECT-TYPE
SYNTAX INTEGER {
none (0),
reverseRoute (1),
useSecurityPolicy (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempReverseRoute specifies whether node using
this template will accept framed-routes sent by radius server and
install them for the lifetime of the tunnel as managed routes.
If this object is set to 'useSecurityPolicy' then the node using this
template will add a route to every client-side-protected-subnet as
signaled by the client.
The value of 'reverseRoute' is not supported by the current release."
DEFVAL { none }
::= { tIPsecTnlTempEntry 5 }
tIPsecTnlTempDynKeyTransformId1 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempDynKeyTransformId1 specifies the first
transform-id for this IPSec Tunnel template to use."
DEFVAL { 0 }
::= { tIPsecTnlTempEntry 6 }
tIPsecTnlTempDynKeyTransformId2 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempDynKeyTransformId2 specifies the second
transform-id for this IPSec Tunnel template to use."
DEFVAL { 0 }
::= { tIPsecTnlTempEntry 7 }
tIPsecTnlTempDynKeyTransformId3 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempDynKeyTransformId3 specifies the third
transform-id for this IPSec Tunnel template to use."
DEFVAL { 0 }
::= { tIPsecTnlTempEntry 8 }
tIPsecTnlTempDynKeyTransformId4 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempDynKeyTransformId4 specifies the fourth
transform-id for this IPSec Tunnel template to use."
DEFVAL { 0 }
::= { tIPsecTnlTempEntry 9 }
tIPsecTnlTempReplayWindow OBJECT-TYPE
SYNTAX Unsigned32 (0 | 32 | 64 | 128 | 256 | 512)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempReplayWindow specifies the size of the
anti-replay window for the template.
If the value of tmnxIPsecTunnelReplayWindow is set to 0, then the
anti-replay feature is disabled."
DEFVAL { 0 }
::= { tIPsecTnlTempEntry 10 }
tIPsecTnlTempIpMtu OBJECT-TYPE
SYNTAX Unsigned32 (0 | 512..9000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempIpMtu specifies the MTU size for IP packets
for this tunnel.
A value set to zero indicates maximum supported MTU size on the SAP
for this tunnel."
DEFVAL { 0 }
::= { tIPsecTnlTempEntry 11 }
tIPsecTnlTempEncapIpMtu OBJECT-TYPE
SYNTAX Unsigned32 (0 | 512..9000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempEncapIpMtu specifies the MTU size for IP
packets after tunnel encapsulation has been added.
A value set to zero indicates maximum supported MTU size on the SAP
for this tunnel."
DEFVAL { 0 }
::= { tIPsecTnlTempEntry 12 }
tIPsecTnlTempIcmp6Pkt2Big OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempIcmp6Pkt2Big specifies whether
packet-too-big ICMP messages should be sent. When it is set to 'true',
ICMPv6 packet-too-big messages are generated by this IPsec tunnel.
When tIPsecTnlTempIcmp6Pkt2Big is set to 'false (2)', ICMPv6
packet-too-big messages are not sent.
When the value of tIPsecTnlTempIcmp6Pkt2Big is 'false (2)', it must be
set in the same SNMP PDU as tIPsecTnlTempIcmp6NumPkt2Big and
tIPsecTnlTempIcmp6Pkt2BigTime. The value of
tIPsecTnlTempIcmp6NumPkt2Big and tIPsecTnlTempIcmp6Pkt2BigTime must be
their default values."
DEFVAL { true }
::= { tIPsecTnlTempEntry 14 }
tIPsecTnlTempIcmp6NumPkt2Big OBJECT-TYPE
SYNTAX Unsigned32 (10..1000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempIcmp6NumPkt2Big specifies how many
packet-too-big ICMPv6 messages are transmitted in the time frame
specified by tIPsecTnlTempIcmp6Pkt2BigTime.
This value must be set in the same SNMP SET PDU as
tIPsecTnlTempIcmp6Pkt2Big."
DEFVAL { 100 }
::= { tIPsecTnlTempEntry 15 }
tIPsecTnlTempIcmp6Pkt2BigTime OBJECT-TYPE
SYNTAX Unsigned32 (1..60)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempIcmp6Pkt2BigTime specifies the time frame in
seconds that is used to limit the number of packet-too-big ICMPv6
messages transmitted per time frame.
This value must be set in the same SNMP SET PDU as
tIPsecTnlTempIcmp6Pkt2Big."
DEFVAL { 10 }
::= { tIPsecTnlTempEntry 16 }
tIPsecTnlTempClearDfBit OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempClearDfBit specifies whether to clear Do not
Fragment (DF) bit in the outgoing packets for tunnels created using
this template."
DEFVAL { false }
::= { tIPsecTnlTempEntry 17 }
tIPsecTnlTempPublicTcpMssAdjust OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 512..9000)
UNITS "octets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempPublicTcpMssAdjust specifies the Maximum
Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
sent from the public network to the private network. The system may
use this value to adjust or insert the MSS option in TCP SYN packet.
The TCP MSS adjustment functionality on the public side network is
disabled when the following conditions are met.
1) The value of tIPsecTnlTempPublicTcpMssAdjust is '-1' or
2) The values of tIPsecTnlTempPublicTcpMssAdjust and
tIPsecTnlTempEncapIpMtu are both '0'.
When the system receives a TCP SYN packet from the public network and
this packet contains an MSS option, the system replaces the MSS option
value with a new MSS when the new MSS is smaller than the MSS option
value.
When the system receives a TCP SYN packet from the public network and
this packet does not contain an MSS option, the system inserts one
with a new MSS.
The new MSS is calculated based on the following rules.
1) When the value of tIPsecTnlTempPublicTcpMssAdjust is '0' and
tIPsecTnlTempEncapIpMtu has a non-zero value,
New MSS = tIPsecTnlTempEncapIpMtu - total header size (e.g.,
encryption, encapsulation, TCP and IP headers)
2) When the value of tIPsecTnlTempPublicTcpMssAdjust is in the range
of (512..9000)
New MSS = tIPsecTnlTempPublicTcpMssAdjust"
REFERENCE
"RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
DEFVAL { -1 }
::= { tIPsecTnlTempEntry 23 }
tIPsecTnlTempPrivateTcpMssAdjust OBJECT-TYPE
SYNTAX Integer32 (-1 | 512..9000)
UNITS "octets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTnlTempPrivateTcpMssAdjust specifies the Maximum
Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
sent from the private network to the public network. The system may
use this value to adjust or insert the MSS option in TCP SYN packet.
The value of '-1' specifies that the TCP MSS adjustment functionality
on the private side is disabled.
When the system receives a TCP SYN packet from the private network and
this packet contains an MSS option, the system replaces the MSS option
value with tIPsecTnlTempPrivateTcpMssAdjust when the value of
tIPsecTnlTempPrivateTcpMssAdjust is smaller than the MSS option value.
When the system receives a TCP SYN packet from the private network and
this packet does not contain an MSS option, the system inserts one
whose MSS is equal to tIPsecTnlTempPrivateTcpMssAdjust."
REFERENCE
"RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
DEFVAL { -1 }
::= { tIPsecTnlTempEntry 24 }
tIPsecTnlTempIgnoreDefaultRoute OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value 'false' for tIPsecTnlTempIgnoreDefaultRoute will cause the
IPsec gateway to remove dynamic lan-to-lan tunnels whenever IKE
negotiates a
remote traffic selector containing a default route (0.0.0.0/0 or
::/0).
The value 'true' will cause the IPsec gateway to ignore such default
routes in negotiated remote traffic selectors, thereby retaining the
associated dynamic lan-to-lan tunnels with no impact on IPsec-managed
reverse routes."
DEFVAL { false }
::= { tIPsecTnlTempEntry 25 }
tmnxIPsecGWTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWTblLastChgd indicates the sysUpTime at the
time of the last modification of tmnxIPsecGWTable.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 18 }
tmnxIPsecGWTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecGWEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains SAP IPSec gateway information."
::= { tmnxIPsecObjects 19 }
tmnxIPsecGWEntry OBJECT-TYPE
SYNTAX TmnxIPsecGWEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a SAP IPSec gateway."
INDEX {
svcId,
sapPortId,
sapEncapValue
}
::= { tmnxIPsecGWTable 1 }
TmnxIPsecGWEntry ::= SEQUENCE
{
tmnxIPsecGWRowStatus RowStatus,
tmnxIPsecGWLastMgmtChange TimeStamp,
tmnxIPsecGWAdminState TmnxAdminState,
tmnxIPsecGWOperState TmnxIPsecOperState,
tmnxIPsecGWTunnelPolicyTemp TmnxIPsecTunnelTemplateIdOrZero,
tmnxIPsecGWSecureService TmnxServId,
tmnxIPsecGWIfName TNamedItemOrEmpty,
tmnxIPsecGWInetAddrType InetAddressType,
tmnxIPsecGWInetAddress InetAddress,
tmnxIPsecGWIkePolicyId TmnxIkePolicyIdOrZero,
tmnxIPsecGWIkePreShared OCTET STRING,
tmnxIPsecGWLclX509Cert DisplayString,
tmnxIPsecGWLclPrivateKey DisplayString,
tmnxIPsecGWOperFlags BITS,
tmnxIPsecGWCACert DisplayString,
tmnxIPsecGWCACertRevocList DisplayString,
tmnxIPsecGWName TNamedItem,
tmnxIPsecGWCertTrustAnchor TNamedItemOrEmpty,
tmnxIPsecGWLocalIdType TmnxIPsecLocalIdType,
tmnxIPsecGWLocalIdValue DisplayString,
tmnxIPsecGWCSVPrimary TmnxCertRevStatus,
tmnxIPsecGWCSVSecondary TmnxCertRevStatusOrNone,
tmnxIPsecGWCSVDefResult INTEGER,
tmnxIPsecGWRadAcctgPolicy TNamedItemOrEmpty,
tmnxIPsecGWRadAuthPolicy TNamedItemOrEmpty,
tmnxIPsecGWCertProfile TNamedItemOrEmpty,
tmnxIPsecGWCertTrstAnchrProf TNamedItemOrEmpty,
tmnxIPsecGWClientDatabaseName TNamedItemOrEmpty,
tmnxIPsecGWClientDatabasFallback TruthValue,
tmnxIPsecGWMaxNumPh1SaKeys Unsigned32,
tmnxIPsecGWMaxNumPh2SaKeys Unsigned32,
tmnxIPsecGWSecureServiceName TLNamedItemOrEmpty
}
tmnxIPsecGWRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWRowStatus controls the creation and deletion
of rows in this table."
::= { tmnxIPsecGWEntry 1 }
tmnxIPsecGWLastMgmtChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWLastMgmtChange indicates the value of
sysUpTime at the time of the last management change of any writable
object of this row."
::= { tmnxIPsecGWEntry 2 }
tmnxIPsecGWAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWAdminState specifies the administrative state
of SAP IPSec gateway entry."
DEFVAL { outOfService }
::= { tmnxIPsecGWEntry 3 }
tmnxIPsecGWOperState OBJECT-TYPE
SYNTAX TmnxIPsecOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWOperState indicates the operating state of the
SAP IPSec gateway."
::= { tmnxIPsecGWEntry 4 }
tmnxIPsecGWTunnelPolicyTemp OBJECT-TYPE
SYNTAX TmnxIPsecTunnelTemplateIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWTunnelPolicyTemp specifies the
TIMETRA-IPSEC-MIB::tIPsecTnlTempId used by this SAP IPSec gateway."
DEFVAL { 0 }
::= { tmnxIPsecGWEntry 5 }
tmnxIPsecGWSecureService OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWSecureService specifies the service identifier
of the default security service used by this SAP IPSec gateway.
The values of tmnxIPsecGWSecureService and
tmnxIPsecGWSecureServiceName must be mutually exclusive and cannot
simultaneously have non-default values."
DEFVAL { 0 }
::= { tmnxIPsecGWEntry 6 }
tmnxIPsecGWIfName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWIfName specifies the IPSec interface used by
the SAP."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 7 }
tmnxIPsecGWInetAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWInetAddrType specifies the address type of the
SAP IPSec gateway."
DEFVAL { unknown }
::= { tmnxIPsecGWEntry 8 }
tmnxIPsecGWInetAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This value of tmnxIPsecGWInetAddress specifies the address of the SAP
IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 9 }
tmnxIPsecGWIkePolicyId OBJECT-TYPE
SYNTAX TmnxIkePolicyIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWIkePolicyId specifies the policy id for this
SAP IPSec gateway."
DEFVAL { 0 }
::= { tmnxIPsecGWEntry 10 }
tmnxIPsecGWIkePreShared OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWIkePreShared specifies the shared secret
between the two peers forming the tunnel for the SAP IPSec gateway.
The value of this object cannot contain double quotes or non-printable
characters."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 11 }
tmnxIPsecGWLclX509Cert OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecGWLclX509Cert specifies the path-name of the
local X509 Certificate to be used with this SAP IPSec gateway.
This object has been marked obsolete in SROS Release 15.0. The
functionality of this object is replaced by tmnxIPsecGWCertProfile."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 12 }
tmnxIPsecGWLclPrivateKey OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecGWLclPrivateKey specifies the path-name of the
local private key to be used with this SAP IPSec gateway.
This object has been marked obsolete in SROS Release 15.0. The
functionality of this object is replaced by tmnxIPsecGWCertProfile."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 13 }
tmnxIPsecGWOperFlags OBJECT-TYPE
SYNTAX BITS {
localIpUnreachable (0),
gatewayAdminDown (1),
x509CertUnavailable (2),
privateKeyUnavailable (3),
caCertUnavailable (4),
caCRLUnavailable (5),
trustAnchorsDown (6),
certProfileDown (7),
invalidCertKeyCombo (8),
ikeNotReady (9)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWOperFlags indicates the reason why the gateway
is operationally down."
::= { tmnxIPsecGWEntry 14 }
tmnxIPsecGWCACert OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecGWCACert specifies the path-name of the
Certificate from the Certificate-Authority to be used with this SAP
IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 15 }
tmnxIPsecGWCACertRevocList OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecGWCACertRevocList specifies the path-name of the
Certificate Revocation List (CRL) from Certificate-Authority to be
used with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 16 }
tmnxIPsecGWName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWName specifies the name for this IPSec
gateway.
An 'inconsistentValue' error is returned if value of this object is
not set to unique value at the time of creation."
::= { tmnxIPsecGWEntry 17 }
tmnxIPsecGWCertTrustAnchor OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecGWCertTrustAnchor specifies the name for
Certificate-Authority Profile name associated with this SAP IPSec
gateway certificate.
An 'inconsistentValue' error is returned if this object is modified
when tmnxIPsecGWAdminState is in 'inService' state.
This object has been marked obsolete in SROS Release 15.0. The
functionality of this object is replaced by
tmnxIPsecGWCertTrstAnchrProf."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 18 }
tmnxIPsecGWLocalIdType OBJECT-TYPE
SYNTAX TmnxIPsecLocalIdType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWLocalIdType specifies the local identifier of
7750 used for IDi or IDr for IKEv2.
An 'inconsistentValue' error is returned if this object is modified
when tmnxIPsecGWAdminState is in 'inService' state."
DEFVAL { none }
::= { tmnxIPsecGWEntry 19 }
tmnxIPsecGWLocalIdValue OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWLocalIdValue specifies the value associated
with tmnxIPsecGWLocalIdType object.
Value is extracted from the configured certificate when
tmnxIPsecGWLocalIdType is set to 'dn'."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 20 }
tmnxIPsecGWCSVPrimary OBJECT-TYPE
SYNTAX TmnxCertRevStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWCSVPrimary specifies the primary method of
Certificate Status Verification (CSV) that is used to verify
revocation status of the certificate of the peer.
This value must be set in the same PDU as tmnxIPsecGWCSVSecondary if
the value of tmnxIPsecGWAdminState is equal to 'inService (2)'."
DEFVAL { crl }
::= { tmnxIPsecGWEntry 21 }
tmnxIPsecGWCSVSecondary OBJECT-TYPE
SYNTAX TmnxCertRevStatusOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWCSVSecondary specifies the secondary method of
Certificate Status Verification (CSV) that is used to verify
revocation status of the certificate of the peer.
This value must be set in the same PDU as tmnxIPsecGWCSVPrimary if the
value of tmnxIPsecGWAdminState is equal to 'inService (2)'."
DEFVAL { none }
::= { tmnxIPsecGWEntry 22 }
tmnxIPsecGWCSVDefResult OBJECT-TYPE
SYNTAX INTEGER {
revoked (0),
good (1)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWCSVDefResult specifies the default result of
Certificate Status Verification (CSV) when both primary and secondary
method failed to provide an answer."
DEFVAL { revoked }
::= { tmnxIPsecGWEntry 23 }
tmnxIPsecGWRadAcctgPolicy OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWRadAcctgPolicy specifies the radius accounting
policy associated with this IPsec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 24 }
tmnxIPsecGWRadAuthPolicy OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWRadAuthPolicy specifies the radius
authentication policy associated with this IPsec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 25 }
tmnxIPsecGWCertProfile OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWCertProfile specifies the certificate profile
associated with this IPsec gateway.
An 'inconsistentValue' error is returned when tmnxIPsecGWCertProfile
is set to non-default value and tmnxIPsecGWLclX509Cert or
tmnxIPsecGWLclPrivateKey is set to non-default value."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 26 }
tmnxIPsecGWCertTrstAnchrProf OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWCertTrstAnchrProf specifies the name for
Certificate-Authority Trust Anchor Profile name associated with this
SAP IPSec gateway certificate."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 27 }
tmnxIPsecGWClientDatabaseName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWClientDatabaseName specifies the name of the
client database associated with this IPsec gateway.
The IPsec client database is configured by tIPsecClientDatabaseTable."
DEFVAL { "" }
::= { tmnxIPsecGWEntry 28 }
tmnxIPsecGWClientDatabasFallback OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWClientDatabasFallback specifies whether or not
this IPsec gateway falls back to the default authentication policy
when the IPsec tunnel authentication request fails to match any
clients in the IPsec database (i.e., tmnxIPsecGWClientDatabaseName)."
DEFVAL { true }
::= { tmnxIPsecGWEntry 29 }
tmnxIPsecGWMaxNumPh1SaKeys OBJECT-TYPE
SYNTAX Unsigned32 (0..3)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWMaxNumPh1SaKeys specifies the maximum number
of Security Association (SA) phase 1 keys, which can be saved by the
system, for an IPsec tunnel associated to this gateway."
DEFVAL { 0 }
::= { tmnxIPsecGWEntry 30 }
tmnxIPsecGWMaxNumPh2SaKeys OBJECT-TYPE
SYNTAX Unsigned32 (0..48)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWMaxNumPh2SaKeys specifies the maximum number
of Security Association (SA) phase 2 keys, which can be saved by the
system, for an IPsec tunnel associated to this gateway."
DEFVAL { 0 }
::= { tmnxIPsecGWEntry 31 }
tmnxIPsecGWSecureServiceName OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWSecureServiceName specifies the name of the
default security service used by this SAP IPSec gateway.
The values of tmnxIPsecGWSecureServiceName and
tmnxIPsecGWSecureService must be mutually exclusive and cannot
simultaneously have non-default values."
DEFVAL { ''H }
::= { tmnxIPsecGWEntry 32 }
tIPsecRUTnlTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecRUTnlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store dynamic IPsec Remote-User Tunnel entries."
::= { tmnxIPsecObjects 20 }
tIPsecRUTnlEntry OBJECT-TYPE
SYNTAX TIPsecRUTnlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single dynamic IPsec Remote-User Tunnel entry."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tIPsecRUTnlInetAddrType,
tIPsecRUTnlInetAddress,
tIPsecRUTnlPort
}
::= { tIPsecRUTnlTable 1 }
TIPsecRUTnlEntry ::= SEQUENCE
{
tIPsecRUTnlInetAddrType InetAddressType,
tIPsecRUTnlInetAddress InetAddress,
tIPsecRUTnlPort TTcpUdpPort,
tIPsecRUTnlPrivateIpAddrType InetAddressType,
tIPsecRUTnlPrivateIpAddr InetAddress,
tIPsecRUTnlPrivateIpPrefixLen InetAddressPrefixLength,
tIPsecRUTnlTempId TmnxIPsecTunnelTemplateId,
tIPsecRUTnlIPsecSALifeTime Unsigned32,
tIPsecRUTnlPfsDHGroup TmnxIkePolicyDHGroupOrZero,
tIPsecRUTnlReplayWindow Unsigned32,
tIPsecRUTnlPrivateSvcId TmnxServId,
tIPsecRUTnlPrivateIfIndex InterfaceIndex,
tIPsecRUTnlHasBiDirectionalSA TruthValue,
tIPsecRUTnlHostISA TmnxHwIndexOrZero,
tIPsecRUTnlMatchTrustAnchor TNamedItemOrEmpty,
tIPsecRUTnlOperChanged TimeStamp,
tIPsecRUTnlIkeIdType INTEGER,
tIPsecRUTnlIkeIdValue DisplayString,
tIPsecRUTnlPrivateIpAddr2Type InetAddressType,
tIPsecRUTnlPrivateIpAddr2 InetAddress,
tIPsecRUTnlPrivateIpPrefixLen2 InetAddressPrefixLength,
tIPsecRUTnlInUseTsList TNamedItem,
tIPsecRUTnlInUsePreSharedKey TLNamedItemOrEmpty,
tIPsecRUTnlPubTcpMss Integer32,
tIPsecRUTnlPrivTcpMss Integer32,
tIPsecRUTnlInUseIkePolicy TmnxIkePolicyIdOrZero,
tIPsecRUTnlHostEsa TmnxEsaIdOrZero,
tIPsecRUTnlHostEsaVm TmnxEsaVmIdOrZero
}
tIPsecRUTnlInetAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlInetAddrType indicates the address type of the
SAP IPsec gateway to the tunnel."
::= { tIPsecRUTnlEntry 1 }
tIPsecRUTnlInetAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16|20))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This value of tIPsecRUTnlInetAddress indicates the address of of the
SAP IPsec gateway to the tunnel."
::= { tIPsecRUTnlEntry 2 }
tIPsecRUTnlPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPort indicates the UDP port of the SAP IPsec
gateway to the tunnel."
::= { tIPsecRUTnlEntry 3 }
tIPsecRUTnlPrivateIpAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPrivateIpAddrType indicates the address type
of the private IP Address in the tunnel."
::= { tIPsecRUTnlEntry 4 }
tIPsecRUTnlPrivateIpAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPrivateIpAddr indicates the private IP address
on the IPsec gateway tunnel."
::= { tIPsecRUTnlEntry 5 }
tIPsecRUTnlPrivateIpPrefixLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPrivateIpPrefixLen indicates the number of
bits to match on the tIPsecRUTnlPrivateIpAddr."
::= { tIPsecRUTnlEntry 6 }
tIPsecRUTnlTempId OBJECT-TYPE
SYNTAX TmnxIPsecTunnelTemplateId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlTempId indicates the id of a tunnel template
entry used for the tunnel."
::= { tIPsecRUTnlEntry 7 }
tIPsecRUTnlIPsecSALifeTime OBJECT-TYPE
SYNTAX Unsigned32 (1200..31536000)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlIPsecSALifeTime indicates the lifetime of the
phase 2 IKE key."
::= { tIPsecRUTnlEntry 8 }
tIPsecRUTnlPfsDHGroup OBJECT-TYPE
SYNTAX TmnxIkePolicyDHGroupOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPfsDHGroup indicates the new
Diffie-hellman key exchange each time the SA(Security Association)
key is renegotiated. After the SA expires, the key is forgotten
and another key is generated (if the SA remains up). This means
that an attacker who cracks part of the exchange can only read the
part that used the key before the key changed. There is no
advantage of cracking the other parts if the attacker has already
cracked one."
::= { tIPsecRUTnlEntry 9 }
tIPsecRUTnlReplayWindow OBJECT-TYPE
SYNTAX Unsigned32 (0 | 32 | 64 | 128 | 256 | 512)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlReplayWindow indicates the size of the
anti-replay window."
::= { tIPsecRUTnlEntry 10 }
tIPsecRUTnlPrivateSvcId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPrivateSvcId indicates the service-id of the
Tunnel delivery service."
::= { tIPsecRUTnlEntry 11 }
tIPsecRUTnlPrivateIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPrivateIfIndex indicates the private interface
index used by the tunnel."
::= { tIPsecRUTnlEntry 12 }
tIPsecRUTnlHasBiDirectionalSA OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlHasBiDirectionalSA indicates whether this
tunnel has bi-directional Security-Association entries."
::= { tIPsecRUTnlEntry 13 }
tIPsecRUTnlHostISA OBJECT-TYPE
SYNTAX TmnxHwIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlHostISA indicates the active ISA MDA that is
being used to host this tunnel.
This object will contain a nonzero value only when the tunnel is
both operationally up and being hosted by an MDA. When the tunnel
is being hosted by an ESA virtual machine, the host will be indicated
by the tIPsecRUTnlHostEsa and tIPsecRUTnlHostEsaVm objects."
::= { tIPsecRUTnlEntry 14 }
tIPsecRUTnlMatchTrustAnchor OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlMatchTrustAnchor indicates the name for
matched Certificate-Authority Profile name associated with this SAP
IPSec tunnel certificate."
::= { tIPsecRUTnlEntry 15 }
tIPsecRUTnlOperChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlOperChanged indicates the sysUpTime at the
time of the last operational status change of this entry."
::= { tIPsecRUTnlEntry 16 }
tIPsecRUTnlIkeIdType OBJECT-TYPE
SYNTAX INTEGER {
notApplicable (0),
ipv4Addr (1),
fqdn (2),
rfc822Addr (3),
ipv6Addr (5),
derAsn1Dn (9),
derAsn1Gn (10),
keyId (11)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlIkeIdType indicates the ID type for the IKE
header used in the tunnel associated with this entry.
If the tunnel is not an IKEv2 remote access tunnel, then the value of
tIPsecRUTnlIkeIdType will be set to 'notApplicable', and the value of
tIPsecRUTnlIkeIdValue will be an empty string."
REFERENCE
"RFC 5996"
::= { tIPsecRUTnlEntry 17 }
tIPsecRUTnlIkeIdValue OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlIkeIdValue indicates the string presentation
of the ID value for the IKE header used in the tunnel associated with
this entry."
REFERENCE
"RFC 5996"
::= { tIPsecRUTnlEntry 18 }
tIPsecRUTnlPrivateIpAddr2Type OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the tIPsecRUTnlPrivateIpAddr2Type indicates the address
type of the second private address in the tunnel."
::= { tIPsecRUTnlEntry 19 }
tIPsecRUTnlPrivateIpAddr2 OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPrivateIpAddr2 indicates the second private
address on the IPsec gateway tunnel."
::= { tIPsecRUTnlEntry 20 }
tIPsecRUTnlPrivateIpPrefixLen2 OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPrivateIpPrefixLen2 indicates the number of
bits to match on the tIPsecRUTnlPrivateIpAddr2."
::= { tIPsecRUTnlEntry 21 }
tIPsecRUTnlInUseTsList OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlInUseTsList indicates the traffic selector
(TS) list used by this tunnel."
::= { tIPsecRUTnlEntry 22 }
tIPsecRUTnlInUsePreSharedKey OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlInUsePreSharedKey indicates the pre-shared key
used by this tunnel."
::= { tIPsecRUTnlEntry 23 }
tIPsecRUTnlPubTcpMss OBJECT-TYPE
SYNTAX Integer32
UNITS "octets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPubTcpMss indicates the Maximum Segment Size
(MSS) for the TCP traffic in an IPsec tunnel which is sent from the
public network to the private network."
::= { tIPsecRUTnlEntry 24 }
tIPsecRUTnlPrivTcpMss OBJECT-TYPE
SYNTAX Integer32
UNITS "octets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlPrivTcpMss specifies the Maximum Segment Size
(MSS) for the TCP traffic in an IPsec tunnel which is sent from the
private network to the public network."
::= { tIPsecRUTnlEntry 25 }
tIPsecRUTnlInUseIkePolicy OBJECT-TYPE
SYNTAX TmnxIkePolicyIdOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlInUseIkePolicy indicates the IKE policy
identifier used by this tunnel."
::= { tIPsecRUTnlEntry 26 }
tIPsecRUTnlHostEsa OBJECT-TYPE
SYNTAX TmnxEsaIdOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlHostEsa indicates the active ESA that is being
used to host this tunnel.
This object will contain a nonzero value only when the tunnel is both
operationally up and being hosted by an ESA virtual machine. When the
tunnel is being hosted by an ISA MDA, the host will be indicated by
the tIPsecRUTnlHostISA object."
::= { tIPsecRUTnlEntry 27 }
tIPsecRUTnlHostEsaVm OBJECT-TYPE
SYNTAX TmnxEsaVmIdOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlHostEsaVm indicates the active ESA virtual
machine that is being used to host this tunnel.
This object will contain a nonzero value only when the tunnel is both
operationally up and being hosted by an ESA virtual machine. When the
tunnel is being hosted by an ISA MDA, the host will be indicated by
the tIPsecRUTnlHostISA object."
::= { tIPsecRUTnlEntry 28 }
tIPsecRUTnlStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecRUTnlStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store IPsec Remote User Tunnel statistics"
::= { tmnxIPsecObjects 21 }
tIPsecRUTnlStatsEntry OBJECT-TYPE
SYNTAX TIPsecRUTnlStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Statistics for a single IPsec Remote User Tunnel."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tIPsecRUTnlInetAddrType,
tIPsecRUTnlInetAddress,
tIPsecRUTnlPort
}
::= { tIPsecRUTnlStatsTable 1 }
TIPsecRUTnlStatsEntry ::= SEQUENCE
{
tIPsecRUTnlIsakmpState INTEGER,
tIPsecRUTnlIsakmpEstabTime TimeStamp,
tIPsecRUTnlIsakmpNegLifeTime Unsigned32,
tIPsecRUTnlNumDpdTx Counter32,
tIPsecRUTnlNumDpdRx Counter32,
tIPsecRUTnlNumDpdAckTx Counter32,
tIPsecRUTnlNumDpdAckRx Counter32,
tIPsecRUTnlNumExpRx Counter32,
tIPsecRUTnlNumInvalidDpdRx Counter32,
tIPsecRUTnlNumCtrlPktsTx Counter32,
tIPsecRUTnlNumCtrlPktsRx Counter32,
tIPsecRUTnlNumCtrlTxErrors Counter32,
tIPsecRUTnlNumCtrlRxErrors Counter32,
tIPsecRUTnlMatCertEntryId Integer32,
tIPsecRUTnlCertProfName TNamedItemOrEmpty,
tIPsecRUTnlClientDBClientId Unsigned32,
tIPsecRUTnlStatsIsakmpAuthAlg TmnxAuthAlgorithm,
tIPsecRUTnlStatsIsakmpEncrAlg TmnxEncrAlgorithm,
tIPsecRUTnlStatsIsakmpPfsDhGrp TmnxIkePolicyDHGroupOrZero,
tIPsecRUTnlStatsIkeTranPrfAlg INTEGER
}
tIPsecRUTnlIsakmpState OBJECT-TYPE
SYNTAX INTEGER {
up (1),
down (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlIsakmpState indicates the state of phase 1
IPsec negotiation."
::= { tIPsecRUTnlStatsEntry 1 }
tIPsecRUTnlIsakmpEstabTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlIsakmpEstabTime indicates the sysUpTime at the
time the IPsec phase 1 negotiation completed."
::= { tIPsecRUTnlStatsEntry 2 }
tIPsecRUTnlIsakmpNegLifeTime OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlIsakmpNegLifeTime indicates the lifetime
negotiated for phase1 IKE key."
::= { tIPsecRUTnlStatsEntry 3 }
tIPsecRUTnlNumDpdTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlNumDpdTx indicates the number of
Dead-Peer-Detection packets transmitted."
::= { tIPsecRUTnlStatsEntry 4 }
tIPsecRUTnlNumDpdRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlNumDpdRx indicates the number of
Dead-Peer-Detection packets received."
::= { tIPsecRUTnlStatsEntry 5 }
tIPsecRUTnlNumDpdAckTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlNumDpdAckTx indicates the number of
Dead-Peer-Detection acknowledgement packets transmitted."
::= { tIPsecRUTnlStatsEntry 6 }
tIPsecRUTnlNumDpdAckRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlNumDpdAckRx indicates the number of
Dead-Peer-Detection acknowledgement packets received."
::= { tIPsecRUTnlStatsEntry 7 }
tIPsecRUTnlNumExpRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlNumExpRx indicates the number of DPD R-U-THERE
packets that have not been acknowledged."
::= { tIPsecRUTnlStatsEntry 8 }
tIPsecRUTnlNumInvalidDpdRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlNumInvalidDpdRx indicates the number of
malformed DPD R-U-THERE acknowledgement packets received."
::= { tIPsecRUTnlStatsEntry 9 }
tIPsecRUTnlNumCtrlPktsTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlNumCtrlPktsTx indicates the number of control
packets this IPsec Tunnel has sent."
::= { tIPsecRUTnlStatsEntry 10 }
tIPsecRUTnlNumCtrlPktsRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlNumCtrlPktsRx indicates the number of control
packets this IPsec Tunnel has received."
::= { tIPsecRUTnlStatsEntry 11 }
tIPsecRUTnlNumCtrlTxErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlNumCtrlTxErrors indicates the number of
control packet transmit errors."
::= { tIPsecRUTnlStatsEntry 12 }
tIPsecRUTnlNumCtrlRxErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlNumCtrlRxErrors indicates the number of
control packet receive errors."
::= { tIPsecRUTnlStatsEntry 13 }
tIPsecRUTnlMatCertEntryId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlMatCertEntryId indicates the matching
certificate profile entry id used for this tunnel."
::= { tIPsecRUTnlStatsEntry 14 }
tIPsecRUTnlCertProfName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlCertProfName indicates a specific IPsec tunnel
certificate profile name used for this tunnel."
::= { tIPsecRUTnlStatsEntry 15 }
tIPsecRUTnlClientDBClientId OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..8000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlClientDBClientId indicates the client ID that
was matched for this tunnel in the IPsec client database.
The value of zero indicates that no IPsec database client was matched
for this tunnel."
::= { tIPsecRUTnlStatsEntry 17 }
tIPsecRUTnlStatsIsakmpAuthAlg OBJECT-TYPE
SYNTAX TmnxAuthAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlStatsIsakmpAuthAlg indicates the
authentication algorithm of the IPsec phase 1 negotiation for this
IPsec tunnel."
::= { tIPsecRUTnlStatsEntry 18 }
tIPsecRUTnlStatsIsakmpEncrAlg OBJECT-TYPE
SYNTAX TmnxEncrAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlStatsIsakmpEncrAlg indicates the encryption
algorithm of the IPsec phase 1 negotiation for this IPsec tunnel."
::= { tIPsecRUTnlStatsEntry 19 }
tIPsecRUTnlStatsIsakmpPfsDhGrp OBJECT-TYPE
SYNTAX TmnxIkePolicyDHGroupOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlStatsIsakmpPfsDhGrp indicates the
Diffie-Hellman (DH) group of the IPsec phase 1 negotiation for this
IPsec tunnel.
The Diffie-Hellman (DH) group is used by the IPsec tunnel to achieve
Perfect Forward Secrecy (PFS)."
::= { tIPsecRUTnlStatsEntry 20 }
tIPsecRUTnlStatsIkeTranPrfAlg OBJECT-TYPE
SYNTAX INTEGER {
md5 (2),
sha1 (3),
sha256 (4),
sha384 (5),
sha512 (6),
aesXcbc (7),
sameAsAuth (8)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlStatsIkeTranPrfAlg specifies the pseudo-random
function (PRF)."
::= { tIPsecRUTnlStatsEntry 21 }
tIPsecRUSATable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecRUSAEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IPsec remote-user dynamic SA entries."
::= { tmnxIPsecObjects 22 }
tIPsecRUSAEntry OBJECT-TYPE
SYNTAX TIPsecRUSAEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec remote-user SA entry."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tIPsecRUTnlInetAddrType,
tIPsecRUTnlInetAddress,
tIPsecRUTnlPort,
tIPsecRUSAId,
tIPsecRUSADirection,
tIPsecRUSAIndex
}
::= { tIPsecRUSATable 1 }
TIPsecRUSAEntry ::= SEQUENCE
{
tIPsecRUSAId Unsigned32,
tIPsecRUSAIndex Unsigned32,
tIPsecRUSADirection TmnxIPsecDirection,
tIPsecRUSAEncryptionKey OCTET STRING,
tIPsecRUSAAuthenticationKey OCTET STRING,
tIPsecRUSASpi Unsigned32,
tIPsecRUSAAuthAlgorithm TmnxAuthAlgorithm,
tIPsecRUSAEncrAlgorithm TmnxEncrAlgorithm,
tIPsecRUSAEstablishedTime TimeStamp,
tIPsecRUSANegotiatedLifeTime Unsigned32,
tIPsecRUSALclAddrType InetAddressType,
tIPsecRUSALclAddr InetAddress,
tIPsecRUSALclAPrefLen InetAddressPrefixLength,
tIPsecRUSARemAddrType InetAddressType,
tIPsecRUSARemAddr InetAddress,
tIPsecRUSARemAPrefLen InetAddressPrefixLength
}
tIPsecRUSAId OBJECT-TYPE
SYNTAX Unsigned32 (1..16)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSAId indicates the id of an SA entry and is part
of the index for the tIPsecRUSATable."
::= { tIPsecRUSAEntry 1 }
tIPsecRUSAIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..2)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSAIndex indicates an additional index to uniquely
identify the SA entry in the tIPsecRUSATable."
::= { tIPsecRUSAEntry 2 }
tIPsecRUSADirection OBJECT-TYPE
SYNTAX TmnxIPsecDirection
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSADirection indicates the direction on the
IPsec Tunnel to which this SA entry can be applied. The value
of tIPsecRUSADirection is also part of the index for the table
tIPsecRUSATable"
::= { tIPsecRUSAEntry 3 }
tIPsecRUSAEncryptionKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAEncryptionKey indicates the key used for the
encryption algorithm defined by the tIPsecRUSAEncrAlgorithm in the
IPsec transform."
::= { tIPsecRUSAEntry 4 }
tIPsecRUSAAuthenticationKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAAuthenticationKey indicates the key used for
the authentication algorithm defined by the tIPsecRUSAAuthAlgorithm in
the IPsec transform."
::= { tIPsecRUSAEntry 5 }
tIPsecRUSASpi OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSASpi indicates the SPI (Security Parameter
Index) used to lookup the instruction to verify and decrypt the
incoming IPsec packets when the value of tIPsecRUSADirection is
'inbound'."
::= { tIPsecRUSAEntry 6 }
tIPsecRUSAAuthAlgorithm OBJECT-TYPE
SYNTAX TmnxAuthAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAAuthAlgorithm indicates the authentication
algorithm used with this SA."
::= { tIPsecRUSAEntry 7 }
tIPsecRUSAEncrAlgorithm OBJECT-TYPE
SYNTAX TmnxEncrAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAEncrAlgorithm indicates the encryption
algorithm used with this SA."
::= { tIPsecRUSAEntry 8 }
tIPsecRUSAEstablishedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAEstablishedTime indicates the sysUpTime at the
time the IPsec phase 2 negotiation completed."
::= { tIPsecRUSAEntry 9 }
tIPsecRUSANegotiatedLifeTime OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSANegotiatedLifeTime indicates the lifetime
negotiated for phase2 IKE key."
::= { tIPsecRUSAEntry 10 }
tIPsecRUSALclAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tIPsecRUSALclAddrType indicates the address type of
address in tIPsecRUSALclAddr."
::= { tIPsecRUSAEntry 11 }
tIPsecRUSALclAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tIPsecRUSALclAddr indicates the IP address on the vpn
side."
::= { tIPsecRUSAEntry 12 }
tIPsecRUSALclAPrefLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tIPsecRUSALclAPrefLen indicates the number of bits to
match of the tIPsecRUSALclAddr."
::= { tIPsecRUSAEntry 13 }
tIPsecRUSARemAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tIPsecRUSARemAddrType indicates the address type of
address in tIPsecRUSARemAddr."
::= { tIPsecRUSAEntry 14 }
tIPsecRUSARemAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tIPsecRUSARemAddr indicates the IP address on the tunnel
side."
::= { tIPsecRUSAEntry 15 }
tIPsecRUSARemAPrefLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tIPsecRUSARemAPrefLen indicates the number of bits to
match of the tIPsecRUSARemAddr."
::= { tIPsecRUSAEntry 16 }
tIPsecRUSAStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecRUSAStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to retrieve the IPsec Remote-User SA Statistics entries."
::= { tmnxIPsecObjects 23 }
tIPsecRUSAStatsEntry OBJECT-TYPE
SYNTAX TIPsecRUSAStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec Remote-User SA Statistics entry."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tIPsecRUTnlInetAddrType,
tIPsecRUTnlInetAddress,
tIPsecRUTnlPort,
tIPsecRUSAId,
tIPsecRUSADirection,
tIPsecRUSAIndex
}
::= { tIPsecRUSAStatsTable 1 }
TIPsecRUSAStatsEntry ::= SEQUENCE
{
tIPsecRUSAStatsBytesProcessed Counter64,
tIPsecRUSAStatsBytesProcLow32 Counter32,
tIPsecRUSAStatsBytesProcHigh32 Counter32,
tIPsecRUSAStatsPktsProcessed Counter64,
tIPsecRUSAStatsPktsProcLow32 Counter32,
tIPsecRUSAStatsPktsProcHigh32 Counter32,
tIPsecRUSAStatsCryptoErrors Counter32,
tIPsecRUSAStatsReplayErrors Counter32,
tIPsecRUSAStatsSAErrors Counter32,
tIPsecRUSAStatsPolicyErrors Counter32,
tIPsecRUSAStatsEncapOverhead Counter32,
tIPsecRUSAStatsPreEncapFragCnt Counter64,
tIPsecRUSAStatsPreEncapFragLtSz Unsigned32,
tIPsecRUSAStatsPostEncapFragCnt Counter64,
tIPsecRUSAStatsPostEncapFragLtSz Unsigned32,
tIPsecRUSAStatsPfsDhGroup TmnxIkePolicyDHGroupOrZero,
tIPsecRUSAStatsMulticastIfName TNamedItemOrEmpty,
tIPsecRUSAStatsMulticastProt TIPsecMulticastProtocol
}
tIPsecRUSAStatsBytesProcessed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsBytesProcessed indicates the number of
bytes successfully processed for this SA."
::= { tIPsecRUSAStatsEntry 1 }
tIPsecRUSAStatsBytesProcLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsBytesProcLow32 indicates the lower 32 bits
of the value of tIPsecRUSAStatsBytesProcessed."
::= { tIPsecRUSAStatsEntry 2 }
tIPsecRUSAStatsBytesProcHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsBytesProcHigh32 indicates the higher 32
bits of the value of tIPsecRUSAStatsBytesProcessed."
::= { tIPsecRUSAStatsEntry 3 }
tIPsecRUSAStatsPktsProcessed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsPktsProcessed indicates the number of
packets successfully processed for this SA."
::= { tIPsecRUSAStatsEntry 4 }
tIPsecRUSAStatsPktsProcLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsPktsProcLow32 indicates the lower 32 bits
of the value of tIPsecRUSAStatsPktsProcessed."
::= { tIPsecRUSAStatsEntry 5 }
tIPsecRUSAStatsPktsProcHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsPktsProcHigh32 indicates the higher 32
bits of the value of tIPsecRUSAStatsPktsProcessed."
::= { tIPsecRUSAStatsEntry 6 }
tIPsecRUSAStatsCryptoErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsCryptoErrors indicates the number
of crypto errors encountered on this SA.
When the value of tIPsecRUSADirection is 'inbound (1)', the
tIPsecRUSAStatsCryptoErrors will be set for the following errors:
MAC miscompare
Pad errors
Illegal configure algorithm
Illegal authentication algorithm
Inner IP checksum errors
Payload alignment errors
Sequence number errors
Protocol errors
When the value of tIPsecRUSADirection is 'outbound (2)', the
tIPsecRUSAStatsCryptoErrors will be set for the following errors:
Sequence wrap errors
Illegal configure algorithm
Illegal authentication algorithm
Expanded packet too big
TTL decrement errors"
::= { tIPsecRUSAStatsEntry 7 }
tIPsecRUSAStatsReplayErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsReplayErrors indicates the number of
replay errors encountered on this SA."
::= { tIPsecRUSAStatsEntry 8 }
tIPsecRUSAStatsSAErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsSAErrors indicates the number of SA errors
encountered on this SA. The SA errors means ISA tried to use a CHILD
SA that is marked for deletion."
::= { tIPsecRUSAStatsEntry 9 }
tIPsecRUSAStatsPolicyErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsPolicyErrors indicates the number
of policy errors encountered on this SA. The policy errors include
bundled SA, selector check and policy direction error."
::= { tIPsecRUSAStatsEntry 10 }
tIPsecRUSAStatsEncapOverhead OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsEncapOverhead indicates the encapsulation
overhead for this outbound SA. This value is only significant when the
value of tIPsecRUSADirection is 'outbound'."
::= { tIPsecRUSAStatsEntry 11 }
tIPsecRUSAStatsPreEncapFragCnt OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsPreEncapFragCnt indicates the number of
fragmentations that occurred prior to encapsulation for this outbound
SA. Pre-encapsulation fragmentation occurs for IPv4 packets whose size
exceeds tIPsecTnlTempIpMtu. This value is only significant when the
value of tIPsecRUSADirection is 'outbound'."
::= { tIPsecRUSAStatsEntry 12 }
tIPsecRUSAStatsPreEncapFragLtSz OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsPreEncapFragLtSz indicates the size of the
last packet which caused a pre-encapsulation fragmentation to occur
for this SA. This value is only significant when the value of
tIPsecRUSADirection is 'outbound'."
::= { tIPsecRUSAStatsEntry 13 }
tIPsecRUSAStatsPostEncapFragCnt OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsPostEncapFragCnt indicates the number of
fragmentations that occurred after encapsulation for this SA.
Post-encapsulation fragmentation occurs when the encapsulated packet
size exceeds tIPsecTnlTempEncapIpMtu. This value is only significant
when the value of tIPsecRUSADirection is 'outbound'."
::= { tIPsecRUSAStatsEntry 14 }
tIPsecRUSAStatsPostEncapFragLtSz OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsPostEncapFragLtSz indicates the size of
the last encapsulated packet which caused a post-encapsulation
fragmentation to occur for this SA. This value is only significant
when the value of tIPsecRUSADirection is 'outbound'."
::= { tIPsecRUSAStatsEntry 15 }
tIPsecRUSAStatsPfsDhGroup OBJECT-TYPE
SYNTAX TmnxIkePolicyDHGroupOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsPfsDhGroup indicates the Diffie-Hellman
(DH) group used with this SA."
::= { tIPsecRUSAStatsEntry 17 }
tIPsecRUSAStatsMulticastIfName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsMulticastIfName indicates the multicast
interface name associated with this SA.
This value is only significant when the value of tIPsecRUSADirection
is 'outbound (2)'."
::= { tIPsecRUSAStatsEntry 18 }
tIPsecRUSAStatsMulticastProt OBJECT-TYPE
SYNTAX TIPsecMulticastProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSAStatsMulticastProt indicates the supported
protocol types of the multicast interface associated to this SA.
This value is only significant when the value of tIPsecRUSADirection
is 'outbound (2)'."
::= { tIPsecRUSAStatsEntry 19 }
tmnxIPsecTunnelCountObjs OBJECT IDENTIFIER ::= { tmnxIPsecObjects 24 }
tmnxIPsecPskTunnels OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecPskTunnels indicates the number of total IPSec
tunnels."
::= { tmnxIPsecTunnelCountObjs 1 }
tmnxIPsecGWPskTunnels OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWPskTunnels indicates the number of IPSec
gateway tunnels with tmnxIkePolicyAuthMethod set to 'psk'."
::= { tmnxIPsecTunnelCountObjs 2 }
tmnxIPsecGWPskXAuthTunnels OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWPskXAuthTunnels indicates the number of IPSec
gateway tunnels with tmnxIkePolicyAuthMethod set to 'plainPskXAuth'."
::= { tmnxIPsecTunnelCountObjs 3 }
tmnxIPsecGWCertTunnels OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWCertTunnels indicates the number of IPSec
gateway tunnels with tmnxIkePolicyAuthMethod set to 'cert'."
::= { tmnxIPsecTunnelCountObjs 4 }
tmnxIPsecGWPskRadiusTunnels OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWPskRadiusTunnels indicates the number of IPSec
gateway tunnels with tmnxIkePolicyAuthMethod set to 'psk-radius'."
::= { tmnxIPsecTunnelCountObjs 5 }
tmnxIPsecGWCertRadiusTunnels OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWCertRadiusTunnels indicates the number of
IPSec gateway tunnels with tmnxIkePolicyAuthMethod set to
'cert-radius'."
::= { tmnxIPsecTunnelCountObjs 6 }
tmnxIPsecGWEapTunnels OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWEapTunnels indicates the number of IPSec
gateway tunnels with tmnxIkePolicyAuthMethod set to 'eap'."
::= { tmnxIPsecTunnelCountObjs 7 }
tmnxIPsecGWAutoEapRadiusTunnels OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWAutoEapRadiusTunnels indicates the number of
IPsec gateway tunnels with tmnxIkePolicyAuthMethod set to
'autoEapRadius'."
::= { tmnxIPsecTunnelCountObjs 8 }
tmnxIPsecGWAutoEapTunnels OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWAutoEapTunnels indicates the number of IPsec
gateway tunnels with tmnxIkePolicyAuthMethod set to 'autoEap'."
::= { tmnxIPsecTunnelCountObjs 9 }
tmnxIPsecTunnelBfdTableLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelBfdTableLastChgd indicates the sysUpTime
at the time of the last modification to tmnxIPsecTunnelBfdTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value.
This object has been marked obsolete in SROS Release 16.0. The
functionality of this object is replaced by
tmnxIPsecTnlBfdSessTableLChg."
::= { tmnxIPsecObjects 25 }
tmnxIPsecTunnelBfdTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecTunnelBfdEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"Table to store the IPsec Tunnel BFD session entries.
This table has been marked obsolete in SROS Release 16.0. The
functionality of this object is replaced by tmnxIPsecTnlBfdSessTable
and tmnxIPsecTnlBfdSessStatTable."
::= { tmnxIPsecObjects 26 }
tmnxIPsecTunnelBfdEntry OBJECT-TYPE
SYNTAX TmnxIPsecTunnelBfdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec Tunnel BFD session entry."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxIPsecTunnelName,
tmnxIPsecTunnelBfdSvcId,
tmnxIPsecTunnelBfdIfName,
tmnxIPsecTunnelBfdDstAddrType,
tmnxIPsecTunnelBfdDstAddr
}
::= { tmnxIPsecTunnelBfdTable 1 }
TmnxIPsecTunnelBfdEntry ::= SEQUENCE
{
tmnxIPsecTunnelBfdSvcId TmnxServId,
tmnxIPsecTunnelBfdIfName TNamedItem,
tmnxIPsecTunnelBfdDstAddrType InetAddressType,
tmnxIPsecTunnelBfdDstAddr InetAddress,
tmnxIPsecTunnelBfdRowStatus RowStatus,
tmnxIPsecTunnelBfdLastChanged TimeStamp,
tmnxIPsecTunnelBfdSrcAddrType InetAddressType,
tmnxIPsecTunnelBfdSrcAddr InetAddress,
tmnxIPsecTunnelBfdSessOperState TmnxBfdSessOperState
}
tmnxIPsecTunnelBfdSvcId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelBfdSvcId specifies the service-id of the
interface running BFD.
This object has been marked obsolete in SROS Release 16.0. The
functionality of this object is replaced by tmnxIPsecTnlBfdSessSvcId."
::= { tmnxIPsecTunnelBfdEntry 1 }
tmnxIPsecTunnelBfdIfName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelBfdIfName specifies the IPSec interface
used by the BFD session.
This object has been marked obsolete in SROS Release 16.0. The
functionality of this object is replaced by tmnxIPsecTnlBfdSessIfName."
::= { tmnxIPsecTunnelBfdEntry 2 }
tmnxIPsecTunnelBfdDstAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelBfdDstAddrType specifies the address type
of address in tmnxIPsecTunnelBfdDstAddr.
This object has been marked obsolete in SROS Release 16.0. The
functionality of this object is replaced by
tmnxIPsecTnlBfdSessDstAddrT."
::= { tmnxIPsecTunnelBfdEntry 3 }
tmnxIPsecTunnelBfdDstAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16|20))
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelBfdDstAddr specifies the destination
ipaddress to be used for the BFD session.
This object has been marked obsolete in SROS Release 16.0. The
functionality of this object is replaced by
tmnxIPsecTnlBfdSessDstAddr."
::= { tmnxIPsecTunnelBfdEntry 4 }
tmnxIPsecTunnelBfdRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The tmnxIPsecTunnelBfdRowStatus object is used to create and delete
rows in the tmnxIPsecTunnelBfdTable.
This object has been marked obsolete in SROS Release 16.0. The
functionality of this object is replaced by
tmnxIPsecTnlBfdSessRowStatus."
::= { tmnxIPsecTunnelBfdEntry 5 }
tmnxIPsecTunnelBfdLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelBfdLastChanged indicates the sysUpTime at
the time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value.
This object has been marked obsolete in SROS Release 16.0. There is no
replacement for this object."
::= { tmnxIPsecTunnelBfdEntry 6 }
tmnxIPsecTunnelBfdSrcAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelBfdSrcAddrType indicates the address type
of tmnxIPsecTunnelBfdSrcAddr object.
This object has been marked obsolete in SROS Release 16.0. The
functionality of this object is replaced by
tmnxIPsecTnlBfdSessStatSrcAddrT."
::= { tmnxIPsecTunnelBfdEntry 7 }
tmnxIPsecTunnelBfdSrcAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelBfdSrcAddr indicates the source IP address
on the interface running BFD.
This object has been marked obsolete in SROS Release 16.0. The
functionality of this object is replaced by
tmnxIPsecTnlBfdSessStatSrcAddr."
::= { tmnxIPsecTunnelBfdEntry 8 }
tmnxIPsecTunnelBfdSessOperState OBJECT-TYPE
SYNTAX TmnxBfdSessOperState
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecTunnelBfdSessOperState indicates the operational
state of the BFD session the IPsec tunnel is relying upon for its fast
triggering mechanism.
This object has been marked obsolete in SROS Release 16.0. The
functionality of this object is replaced by
tmnxIPsecTnlBfdSessStatOperState."
::= { tmnxIPsecTunnelBfdEntry 9 }
tIPsecRadAuthPlcyTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRadAuthPlcyTblLastChgd indicates the sysUpTime at
the time of the last modification to tIPsecRadAuthPlcyTable by adding,
deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 27 }
tIPsecRadAuthPlcyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecRadAuthPlcyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecRadAuthPlcyTable allows configuration of IPsec Radius
authentication policy parameters."
::= { tmnxIPsecObjects 28 }
tIPsecRadAuthPlcyEntry OBJECT-TYPE
SYNTAX TIPsecRadAuthPlcyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tIPsecRadAuthPlcyEntry is an entry (conceptual row) in the
tIPsecRadAuthPlcyTable. Each entry represents the configuration for a
RADIUS authentication policy.
Entries in this table can be created and deleted via SNMP SET
operations to tIPsecRadAuthPlcyRowStatus. Entries have a presumed
StorageType of nonVolatile."
INDEX { tIPsecRadAuthPlcyName }
::= { tIPsecRadAuthPlcyTable 1 }
TIPsecRadAuthPlcyEntry ::= SEQUENCE
{
tIPsecRadAuthPlcyName TNamedItem,
tIPsecRadAuthPlcyRowStatus RowStatus,
tIPsecRadAuthPlcyLastMgmtChange TimeStamp,
tIPsecRadAuthPlcyInclAttr BITS,
tIPsecRadAuthPlcyRadSrvPlcy TNamedItemOrEmpty,
tIPsecRadAuthPlcyPassword DisplayString
}
tIPsecRadAuthPlcyName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRadAuthPlcyName specifies a specific IPsec RADIUS
authentication policy."
::= { tIPsecRadAuthPlcyEntry 1 }
tIPsecRadAuthPlcyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecRadAuthPlcyRowStatus controls the creation and
deletion of rows in the table."
::= { tIPsecRadAuthPlcyEntry 2 }
tIPsecRadAuthPlcyLastMgmtChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRadAuthPlcyLastMgmtChange indicates the sysUpTime
at the time of the most recent management-initiated change to this
Policy."
::= { tIPsecRadAuthPlcyEntry 3 }
tIPsecRadAuthPlcyInclAttr OBJECT-TYPE
SYNTAX BITS {
callingStationId (0),
calledStationId (1),
nasPortId (2),
nasIdentifier (3),
nasIpAddr (4),
certSubjectKeyId (5)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecRadAuthPlcyInclAttr specifies what RADIUS
attributes the system should include into RADIUS access-request
messages.
When the 'certSubjectKeyId (5)' bit value is configured, the system
extracts the Subject Key Identifier (SKID) from the peer certificate
and adds it as a Vendor-Specific Attribute (VSA) in the RADIUS
access-request. If this field is configured and the peer certificate
does not contain a SKID extension, the system will send an empty VSA
in the RADIUS access-request. If the SKID length exceeds 247 bytes,
the system will use the least significant 247 bytes of the SKID."
REFERENCE
"RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile', IETF, May 2008,
section 4.2.1.2, 'Subject Key Identifier'."
DEFVAL { {} }
::= { tIPsecRadAuthPlcyEntry 4 }
tIPsecRadAuthPlcyRadSrvPlcy OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecRadAuthPlcyRadSrvPlcy specifies the RADIUS server
policy as defined in TIMETRA-RADIUS-MIB::tmnxRadSrvPlcyTable to be
applied in this IPsec RADIUS authentication policy."
DEFVAL { "" }
::= { tIPsecRadAuthPlcyEntry 5 }
tIPsecRadAuthPlcyPassword OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecRadAuthPlcyPassword specifies the default password
to be used in access-request messages to the RADIUS server. An empty
string is returned on SNMP GET requests."
DEFVAL { "" }
::= { tIPsecRadAuthPlcyEntry 6 }
tIPsecRadAcctPlcyTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRadAcctPlcyTblLastChgd indicates the sysUpTime at
the time of the last modification to tIPsecRadAcctPlcyTable by adding,
deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 29 }
tIPsecRadAcctPlcyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecRadAcctPlcyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecRadAcctPlcyTable allows configuration of IPsec Radius
accounting policy parameters."
::= { tmnxIPsecObjects 30 }
tIPsecRadAcctPlcyEntry OBJECT-TYPE
SYNTAX TIPsecRadAcctPlcyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tIPsecRadAcctPlcyEntry is an entry (conceptual row) in the
tIPsecRadAcctPlcyTable. Each entry represents the configuration for a
RADIUS accounting policy.
Entries in this table can be created and deleted via SNMP SET
operations to tIPsecRadAcctPlcyRowStatus. Entries have a presumed
StorageType of nonVolatile."
INDEX { tIPsecRadAcctPlcyName }
::= { tIPsecRadAcctPlcyTable 1 }
TIPsecRadAcctPlcyEntry ::= SEQUENCE
{
tIPsecRadAcctPlcyName TNamedItem,
tIPsecRadAcctPlcyRowStatus RowStatus,
tIPsecRadAcctPlcyLastMgmtChange TimeStamp,
tIPsecRadAcctPlcyInclAttr BITS,
tIPsecRadAcctPlcyRadSrvPlcy TNamedItemOrEmpty,
tIPsecRadAcctPlcyUpdateInterval Unsigned32,
tIPsecRadAcctPlcyJitter Integer32
}
tIPsecRadAcctPlcyName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRadAcctPlcyName specifies a specific IPsec RADIUS
accounting policy."
::= { tIPsecRadAcctPlcyEntry 1 }
tIPsecRadAcctPlcyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecRadAcctPlcyRowStatus controls the creation and
deletion of rows in the table."
::= { tIPsecRadAcctPlcyEntry 2 }
tIPsecRadAcctPlcyLastMgmtChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRadAcctPlcyLastMgmtChange indicates the sysUpTime
at the time of the most recent management-initiated change to this
Policy."
::= { tIPsecRadAcctPlcyEntry 3 }
tIPsecRadAcctPlcyInclAttr OBJECT-TYPE
SYNTAX BITS {
callingStationId (0),
calledStationId (1),
nasPortId (2),
nasIdentifier (3),
nasIpAddr (4),
framedIpAddr (5),
framedIpv6Prefix (6),
acctStats (7)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecRadAcctPlcyInclAttr specifies what RADIUS
attributes the system should include into RADIUS access-request
messages."
DEFVAL { {} }
::= { tIPsecRadAcctPlcyEntry 4 }
tIPsecRadAcctPlcyRadSrvPlcy OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecRadAcctPlcyRadSrvPlcy specifies the RADIUS server
policy as defined in TIMETRA-RADIUS-MIB::tmnxRadSrvPlcyTable to be
applied in this IPsec RADIUS accounting policy."
DEFVAL { "" }
::= { tIPsecRadAcctPlcyEntry 5 }
tIPsecRadAcctPlcyUpdateInterval OBJECT-TYPE
SYNTAX Unsigned32 (0 | 5..259200)
UNITS "minutes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecRadAcctPlcyUpdateInterval specifies the update
interval of the accounting data of the IPsec RADIUS accounting policy.
A value of 0 specifies that no intermediate updates will be sent."
DEFVAL { 10 }
::= { tIPsecRadAcctPlcyEntry 6 }
tIPsecRadAcctPlcyJitter OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..3600)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecRadAcctPlcyJitter specifies the amount of jitter to
be applied on the update interval which is configured in
tIPsecRadAcctPlcyUpdateInterval.
A value between 0..3600 specifies the amount of jitter in seconds.
A value of -1 indicates that tIPsecRadAcctPlcyJitter is not configured
and its value is treated as 10% of the configured value of the update
interval."
DEFVAL { -1 }
::= { tIPsecRadAcctPlcyEntry 7 }
tmnxIPsecTnlDstAddrTblLastChngd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlDstAddrTblLastChngd indicates the sysUpTime
at the time of the last modification to tmnxIPsecTnlDstAddrTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 31 }
tmnxIPsecTnlDstAddrTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecTnlDstAddrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecTnlDstAddrTable contains destination addresses for each
IPSec tunnel in the system.
Entries are created and deleted by the user."
::= { tmnxIPsecObjects 32 }
tmnxIPsecTnlDstAddrEntry OBJECT-TYPE
SYNTAX TmnxIPsecTnlDstAddrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecTnlDstAddrEntry contains information about a single
destination address in an IPSec Tunnel."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxIPsecTunnelName,
tmnxIPsecTnlDstAddrType,
tmnxIPsecTnlDstAddr
}
::= { tmnxIPsecTnlDstAddrTable 1 }
TmnxIPsecTnlDstAddrEntry ::= SEQUENCE
{
tmnxIPsecTnlDstAddrType InetAddressType,
tmnxIPsecTnlDstAddr InetAddress,
tmnxIPsecTnlDstAddrRowStatus RowStatus,
tmnxIPsecTnlDstAddrLastChanged TimeStamp,
tmnxIPsecTnlDstAddrResolved TruthValue
}
tmnxIPsecTnlDstAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlDstAddrType specifies the address type of
address in tmnxIPsecTnlDstAddr."
::= { tmnxIPsecTnlDstAddrEntry 1 }
tmnxIPsecTnlDstAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16|20))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlDstAddr specifies the address of the
destination of this IPSec tunnel."
::= { tmnxIPsecTnlDstAddrEntry 2 }
tmnxIPsecTnlDstAddrRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxIPsecTnlDstAddrRowStatus object is used to create and delete
rows in the tmnxIPsecTnlDstAddrTable."
::= { tmnxIPsecTnlDstAddrEntry 3 }
tmnxIPsecTnlDstAddrLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlDstAddrLastChanged indicates the sysUpTime at
the time of the last modification of this entry."
::= { tmnxIPsecTnlDstAddrEntry 4 }
tmnxIPsecTnlDstAddrResolved OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlDstAddrResolved indicates whether or not this
IPsec tunnel destination address has been resolved as reachable by the
virtual router"
::= { tmnxIPsecTnlDstAddrEntry 5 }
tIPsecCertProfileTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecCertProfileTblLastChgd indicates the sysUpTime at
the time of the last modification to tIPsecCertProfileTable by adding,
deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 33 }
tIPsecCertProfileTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecCertProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecCertProfileTable allows configuration of IPsec certificate
profile parameters."
::= { tmnxIPsecObjects 34 }
tIPsecCertProfileEntry OBJECT-TYPE
SYNTAX TIPsecCertProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecCertProfileEntry is an entry (conceptual row) in the
tIPsecCertProfileTable. Each entry represents the configuration for a
certificate profile.
Entries in this table can be created and deleted via SNMP SET
operations to tIPsecCertProfileRowStatus. Entries have a presumed
StorageType of nonVolatile."
INDEX { tIPsecCertProfileName }
::= { tIPsecCertProfileTable 1 }
TIPsecCertProfileEntry ::= SEQUENCE
{
tIPsecCertProfileName TNamedItem,
tIPsecCertProfileRowStatus RowStatus,
tIPsecCertProfileLastChgd TimeStamp,
tIPsecCertProfileAdminState TmnxAdminState,
tIPsecCertProfileOperState TmnxOperState,
tIPsecCertProfileOperFlags BITS
}
tIPsecCertProfileName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecCertProfileName specifies a specific IPsec
certificate profile name."
::= { tIPsecCertProfileEntry 1 }
tIPsecCertProfileRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecCertProfileRowStatus controls the creation and
deletion of rows in the table."
::= { tIPsecCertProfileEntry 2 }
tIPsecCertProfileLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecCertProfileLastChgd indicates the sysUpTime at the
time of the most recent management-initiated change to this entry."
::= { tIPsecCertProfileEntry 3 }
tIPsecCertProfileAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecCertProfileAdminState specifies the administrative
state of the tIPsecCertProfileEntry."
DEFVAL { outOfService }
::= { tIPsecCertProfileEntry 4 }
tIPsecCertProfileOperState OBJECT-TYPE
SYNTAX TmnxOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecCertProfileOperState indicates the operational
status of tIPsecCertProfileEntry."
::= { tIPsecCertProfileEntry 5 }
tIPsecCertProfileOperFlags OBJECT-TYPE
SYNTAX BITS {
profileAdminDown (0),
invalidCertFile (1),
invalidKeyFile (2),
invalidCertKeyCombo (3),
caProfileOperDown (4),
invalidCAProfEntry (5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecCertProfileOperFlags indicates the operational
condition of the certificate profile which is aggregated from all its
configured entries."
::= { tIPsecCertProfileEntry 6 }
tIPsecCertProfEntryIdTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecCertProfEntryIdTblLastChgd indicates the sysUpTime
at the time of the last modification to tIPsecCertProfEntryIdTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 35 }
tIPsecCertProfEntryIdTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecCertProfEntryIdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecCertProfEntryIdTable allows configuration of IPsec
certificate profile entry parameters."
::= { tmnxIPsecObjects 36 }
tIPsecCertProfEntryIdEntry OBJECT-TYPE
SYNTAX TIPsecCertProfEntryIdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecCertProfEntryIdEntry is an entry (conceptual row) in the
tIPsecCertProfEntryIdTable. Each entry represents the configuration
for a certificate profile entry.
Entries in this table can be created and deleted via SNMP SET
operations to tIPsecCertProfEntryIdRowStatus. Entries have a presumed
StorageType of nonVolatile."
INDEX {
tIPsecCertProfileName,
tIPsecCertProfEntryId
}
::= { tIPsecCertProfEntryIdTable 1 }
TIPsecCertProfEntryIdEntry ::= SEQUENCE
{
tIPsecCertProfEntryId Integer32,
tIPsecCertProfEntryIdRowStatus RowStatus,
tIPsecCertProfEntryIdLastChgd TimeStamp,
tIPsecCertProfEntryIdCertFile DisplayString,
tIPsecCertProfEntryIdKeyFile DisplayString,
tIPsecCertProfEntryIdCompChain INTEGER,
tIPsecCertProfEntryIdOperFlags BITS,
tIPsecCertProfEntryIdRsaSign INTEGER
}
tIPsecCertProfEntryId OBJECT-TYPE
SYNTAX Integer32 (1..8)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecCertProfEntryId specifies a specific IPsec
certificate profile entry identifier."
::= { tIPsecCertProfEntryIdEntry 1 }
tIPsecCertProfEntryIdRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecCertProfEntryIdRowStatus controls the creation and
deletion of rows in the table."
::= { tIPsecCertProfEntryIdEntry 2 }
tIPsecCertProfEntryIdLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecCertProfEntryIdLastChgd indicates the sysUpTime at
the time of the most recent management-initiated change to this entry."
::= { tIPsecCertProfEntryIdEntry 3 }
tIPsecCertProfEntryIdCertFile OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..95))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecCertProfEntryIdCertFile specifies the file URL of
the certificate to be used with this IPSEC certificate profile entry."
DEFVAL { ''H }
::= { tIPsecCertProfEntryIdEntry 4 }
tIPsecCertProfEntryIdKeyFile OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..95))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecCertProfEntryIdKeyFile specifies the key-pair file
to be used for X.509 certificate authentication with this IPSEC
certificate profile entry."
DEFVAL { ''H }
::= { tIPsecCertProfEntryIdEntry 5 }
tIPsecCertProfEntryIdCompChain OBJECT-TYPE
SYNTAX INTEGER {
notAvailable (0),
partial (1),
complete (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecCertProfEntryIdCompChain indicates the status of
computed chain for this IPSEC certificate profile entry."
::= { tIPsecCertProfEntryIdEntry 6 }
tIPsecCertProfEntryIdOperFlags OBJECT-TYPE
SYNTAX BITS {
profileAdminDown (0),
invalidCertFile (1),
invalidKeyFile (2),
invalidCertKeyCombo (3),
caProfileOperDown (4),
invalidCAProfEntry (5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecCertProfEntryIdOperFlags indicates the operational
condition of this certificate profile entry."
::= { tIPsecCertProfEntryIdEntry 7 }
tIPsecCertProfEntryIdRsaSign OBJECT-TYPE
SYNTAX INTEGER {
pkcs1 (1),
pss (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecCertProfEntryIdRsaSign specifies the signature
algorithm used by this certificate profile entry.
pkcs1 - Public-Key Cryptography Standards 1
pss - RSA Probabilistic Signature Scheme"
DEFVAL { pkcs1 }
::= { tIPsecCertProfEntryIdEntry 8 }
tIPsecCompChainCAProfTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecCompChainCAProfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecCompChainCAProfTable maintains Certificate-Authority (CA)
profile which are part of computed chain per certificate profile
entry."
::= { tmnxIPsecObjects 37 }
tIPsecCompChainCAProfEntry OBJECT-TYPE
SYNTAX TIPsecCompChainCAProfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecCompChainCAProfEntry is an entry (conceptual row) in the
tIPsecCompChainCAProfTable. Each entry represents a part of the
computed chain per certificate profile entry."
INDEX {
tIPsecCertProfileName,
tIPsecCertProfEntryId,
tIPsecCompChainCAProfOrder
}
::= { tIPsecCompChainCAProfTable 1 }
TIPsecCompChainCAProfEntry ::= SEQUENCE
{
tIPsecCompChainCAProfOrder Integer32,
tIPsecCompChainCAProfName TNamedItem
}
tIPsecCompChainCAProfOrder OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecCompChainCAProfOrder indicates the order in which
certificate-authority (CA) profile are maintained for the computed
chain of this certificate profile entry."
::= { tIPsecCompChainCAProfEntry 1 }
tIPsecCompChainCAProfName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecCompChainCAProfName indicates the
certificate-authority (CA) profile which is part of the computed chain
for this certificate profile entry."
::= { tIPsecCompChainCAProfEntry 2 }
tIPsecCertChainCAProfTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecCertChainCAProfTblLastChgd indicates the sysUpTime
at the time of the last modification to tIPsecCertChainCAProfTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 41 }
tIPsecCertChainCAProfTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecCertChainCAProfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecCertChainCAProfTable maintains configuration of chain CA
profiles for IPsec certificate profile entry parameters."
::= { tmnxIPsecObjects 42 }
tIPsecCertChainCAProfEntry OBJECT-TYPE
SYNTAX TIPsecCertChainCAProfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecCertChainCAProfEntry is an entry (conceptual row) in the
tIPsecCertChainCAProfTable. Each entry represents the configuration
for a chain CA profile for certificate profile entry.
Entries in this table can be created and deleted via SNMP SET
operations to tIPsecCertChainCAProfRowStatus. Entries have a presumed
StorageType of nonVolatile."
INDEX {
tIPsecCertProfileName,
tIPsecCertProfEntryId,
tIPsecCertChainCAProfName
}
::= { tIPsecCertChainCAProfTable 1 }
TIPsecCertChainCAProfEntry ::= SEQUENCE
{
tIPsecCertChainCAProfName TNamedItem,
tIPsecCertChainCAProfRowStatus RowStatus,
tIPsecCertChainCAProfLastChgd TimeStamp
}
tIPsecCertChainCAProfName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecCertChainCAProfName specifies the chain CA profile for
certificate profile entry."
::= { tIPsecCertChainCAProfEntry 1 }
tIPsecCertChainCAProfRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tIPsecCertChainCAProfRowStatus controls the creation and deletion
of rows in the table."
::= { tIPsecCertChainCAProfEntry 2 }
tIPsecCertChainCAProfLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tIPsecCertChainCAProfLastChgd indicates the sysUpTime at the time
of the most recent management-initiated change to this entry."
::= { tIPsecCertChainCAProfEntry 3 }
tIPsecTsListTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTsListTblLastChgd indicates the sysUpTime at the
time of the last modification to tIPsecTsListTable by adding, deleting
an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 43 }
tIPsecTsListTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecTsListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecTsListTable allows configuration of IPsec traffic selector
list parameters."
REFERENCE
"RFC 5996, 'Internet Key Exchange Protocol Version 2 (IKEv2)', IETF,
September 2010"
::= { tmnxIPsecObjects 44 }
tIPsecTsListEntry OBJECT-TYPE
SYNTAX TIPsecTsListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecTsListEntry is an entry (conceptual row) in the
tIPsecTsListTable. Each entry represents the configuration for a
traffic selector list.
Entries in this table can be created and deleted via SNMP SET
operations to tIPsecTsListRowStatus. Entries have a presumed
StorageType of nonVolatile."
INDEX { tIPsecTsListName }
::= { tIPsecTsListTable 1 }
TIPsecTsListEntry ::= SEQUENCE
{
tIPsecTsListName TNamedItem,
tIPsecTsListRowStatus RowStatus,
tIPsecTsListLastChgd TimeStamp
}
tIPsecTsListName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecTsListName specifies a specific IPsec traffic
selector list name."
::= { tIPsecTsListEntry 1 }
tIPsecTsListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRowStatus controls the creation and deletion
of rows in the table."
::= { tIPsecTsListEntry 2 }
tIPsecTsListLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTsListLastChgd indicates the sysUpTime at the time
of the most recent management-initiated change to this entry."
::= { tIPsecTsListEntry 3 }
tIPsecTsListLclEntryTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryTblLastChgd indicates the sysUpTime
at the time of the last modification to tIPsecTsListLclEntryTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 45 }
tIPsecTsListLclEntryTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecTsListLclEntryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecTsListLclEntryTable allows configuration of IPsec traffic
selector list local entry parameters."
::= { tmnxIPsecObjects 46 }
tIPsecTsListLclEntryEntry OBJECT-TYPE
SYNTAX TIPsecTsListLclEntryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecTsListLclEntryEntry is an entry (conceptual row) in the
tIPsecTsListLclEntryTable. Each entry represents the configuration for
a traffic selector list local entry.
Entries in this table can be created and deleted via SNMP SET
operations to tIPsecTsListLclEntryRowStatus. Entries have a presumed
StorageType of nonVolatile."
INDEX {
tIPsecTsListName,
tIPsecTsListLclEntryId
}
::= { tIPsecTsListLclEntryTable 1 }
TIPsecTsListLclEntryEntry ::= SEQUENCE
{
tIPsecTsListLclEntryId Integer32,
tIPsecTsListLclEntryRowStatus RowStatus,
tIPsecTsListLclEntryLastChgd TimeStamp,
tIPsecTsListLclEntryFrAddrType InetAddressType,
tIPsecTsListLclEntryFrAddr InetAddress,
tIPsecTsListLclEntryToAddrType InetAddressType,
tIPsecTsListLclEntryToAddr InetAddress,
tIPsecTsListLclEntryPfxAddrType InetAddressType,
tIPsecTsListLclEntryPfxAddr InetAddress,
tIPsecTsListLclEntryPfxLen InetAddressPrefixLength,
tIPsecTsListLclEntryMinPort InetPortNumber,
tIPsecTsListLclEntryMaxPort InetPortNumber,
tIPsecTsListLclEntryMinMhType Unsigned32,
tIPsecTsListLclEntryMaxMhType Unsigned32,
tIPsecTsListLclEntryMinIcmpType Unsigned32,
tIPsecTsListLclEntryMaxIcmpType Unsigned32,
tIPsecTsListLclEntryMinIcmpCode Unsigned32,
tIPsecTsListLclEntryMaxIcmpCode Unsigned32,
tIPsecTsListLclEntryProtocolId Integer32
}
tIPsecTsListLclEntryId OBJECT-TYPE
SYNTAX Integer32 (1..32)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryId specifies a unique identifier for
one IPsec traffic selector local entry configured in this system."
::= { tIPsecTsListLclEntryEntry 1 }
tIPsecTsListLclEntryRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryRowStatus controls the creation and
deletion of rows in the table."
::= { tIPsecTsListLclEntryEntry 2 }
tIPsecTsListLclEntryLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryLastChgd indicates the sysUpTime at
the time of the most recent management-initiated change to this entry."
::= { tIPsecTsListLclEntryEntry 3 }
tIPsecTsListLclEntryFrAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryFrAddrType specifies the address type
of beginning address of the range for this entry.
An 'inconsistentValue' error is returned if this object is set to
non-default value when tIPsecTsListLclEntryPfxAddr is set to
non-default value."
DEFVAL { unknown }
::= { tIPsecTsListLclEntryEntry 5 }
tIPsecTsListLclEntryFrAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryFrAddr specifies the beginning
address of the range for this entry.
An 'inconsistentValue' error is returned if this object is set to
non-default value when tIPsecTsListLclEntryPfxAddr is set to
non-default value."
DEFVAL { ''H }
::= { tIPsecTsListLclEntryEntry 6 }
tIPsecTsListLclEntryToAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryToAddrType specifies the address type
of ending address of the range for this entry.
An 'inconsistentValue' error is returned if this object is set to
non-default value when tIPsecTsListLclEntryPfxAddr is set to
non-default value."
DEFVAL { unknown }
::= { tIPsecTsListLclEntryEntry 7 }
tIPsecTsListLclEntryToAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryToAddr specifies the ending address
of the range for this entry.
An 'inconsistentValue' error is returned if this object is set to
non-default value when tIPsecTsListLclEntryPfxAddr is set to
non-default value."
DEFVAL { ''H }
::= { tIPsecTsListLclEntryEntry 8 }
tIPsecTsListLclEntryPfxAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryPfxAddrType specifies the address
type of prefix address of the range for this entry.
An 'inconsistentValue' error is returned if this object is set to
non-default value when tIPsecTsListLclEntryFrAddr is set to
non-default value."
DEFVAL { unknown }
::= { tIPsecTsListLclEntryEntry 9 }
tIPsecTsListLclEntryPfxAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryPfxAddr specifies the prefix address
for this entry.
An 'inconsistentValue' error is returned if this object is set to
non-default value when tIPsecTsListLclEntryFrAddr is set to
non-default value."
DEFVAL { ''H }
::= { tIPsecTsListLclEntryEntry 10 }
tIPsecTsListLclEntryPfxLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryPfxLen specifies the prefix length of
the tIPsecTsListLclEntryPfxAddr.
An 'inconsistentValue' error is returned if this object is set to
non-default value when tIPsecTsListLclEntryFrAddr is set to
non-default value."
DEFVAL { 0 }
::= { tIPsecTsListLclEntryEntry 11 }
tIPsecTsListLclEntryMinPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryMinPort specifies the minimum port of
the range for this IPsec traffic selector list local entry.
tIPsecTsListLclEntryMinPort is used for any Internet transport layer
protocol except ICMP, ICMPv6 and MIPv6.
When the value of tIPsecTsListLclEntryMinPort is '0' and the value of
tIPsecTsListLclEntryMaxPort is '65535', it means that the IPsec
traffic selector accepts any port number.
This value must be set in the same SNMP SET PDU as
tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMaxPort."
DEFVAL { 0 }
::= { tIPsecTsListLclEntryEntry 12 }
tIPsecTsListLclEntryMaxPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryMaxPort specifies the maximum port of
the range for this IPsec traffic selector list local entry.
tIPsecTsListLclEntryMaxPort is used for any Internet transport layer
protocol except ICMP, ICMPv6 and MIPv6.
When the value of tIPsecTsListLclEntryMaxPort is '0' and the value of
tIPsecTsListLclEntryMinPort is '65535', it means that the IPsec
traffic selector accepts the packet only when the corresponding port
field is unavailable.
This value must be set in the same SNMP SET PDU as
tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMinPort."
DEFVAL { 65535 }
::= { tIPsecTsListLclEntryEntry 13 }
tIPsecTsListLclEntryMinMhType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryMinMhType specifies the minimum
Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec
traffic selector list local entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMaxMhType."
REFERENCE
"'Mobility Header Types - for the MH Type field in the Mobility Header',
http://www.iana.org/assignments/mobility-parameters/
mobility-parameters.xhtml#mobility-parameters-1"
DEFVAL { 0 }
::= { tIPsecTsListLclEntryEntry 14 }
tIPsecTsListLclEntryMaxMhType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryMaxMhType specifies the maximum
Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec
traffic selector list local entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMinMhType."
DEFVAL { 0 }
::= { tIPsecTsListLclEntryEntry 15 }
tIPsecTsListLclEntryMinIcmpType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryMinIcmpType specifies the minimum
ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector
list local entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMaxIcmpType,
tIPsecTsListLclEntryMinIcmpCode and tIPsecTsListLclEntryMaxIcmpCode."
REFERENCE
"'Internet Control Message Protocol (ICMP) Parameters',
http://www.iana.org/assignments/icmp-parameters/icmp-parameters.txt,
April 2013, and
'Internet Control Message Protocol version 6 (ICMPv6) Parameters',
http://www.iana.org/assignments/icmpv6-parameters/
icmpv6-parameters.xhtml, January 2015."
DEFVAL { 0 }
::= { tIPsecTsListLclEntryEntry 16 }
tIPsecTsListLclEntryMaxIcmpType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryMaxIcmpType specifies the maximum
ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector
list local entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMinIcmpType,
tIPsecTsListLclEntryMinIcmpCode and tIPsecTsListLclEntryMaxIcmpCode."
DEFVAL { 0 }
::= { tIPsecTsListLclEntryEntry 17 }
tIPsecTsListLclEntryMinIcmpCode OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryMinIcmpCode specifies the minimum
ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector
list local entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMinIcmpType,
tIPsecTsListLclEntryMaxIcmpType and tIPsecTsListLclEntryMaxIcmpCode."
DEFVAL { 0 }
::= { tIPsecTsListLclEntryEntry 18 }
tIPsecTsListLclEntryMaxIcmpCode OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryMaxIcmpCode specifies the maximum
ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector
list local entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMinIcmpType,
tIPsecTsListLclEntryMaxIcmpType and tIPsecTsListLclEntryMinIcmpCode."
DEFVAL { 0 }
::= { tIPsecTsListLclEntryEntry 19 }
tIPsecTsListLclEntryProtocolId OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 1..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListLclEntryProtocolId specifies the IP protocol
number allowed by the IPsec traffic selector associated with this
local entry.
A value of zero specifies that the IPsec traffic selector will accept
packets for any protocol. A value of '-1' specifies that this IPsec
traffic selector local entry is not configured.
When the value of tIPsecTsListLclEntryProtocolId is any value between
-1 and 255, except 1 (ICMP), 58 (ICMPv6) and 135 (MIPv6), this value
must be set in the SNMP SET PDU as tIPsecTsListLclEntryMinPort and
tIPsecTsListLclEntryMaxPort. Especially when the value of
tIPsecTsListLclEntryProtocolId is -1, tIPsecTsListLclEntryMinPort and
tIPsecTsListLclEntryMaxPort must be 0 and 65535, respectively.
When the value of tIPsecTsListLclEntryProtocolId is 1 or 58, this
value must be set in the SNMP SET PDU as
tIPsecTsListLclEntryMinIcmpType, tIPsecTsListLclEntryMaxIcmpType,
tIPsecTsListLclEntryMinIcmpCode and tIPsecTsListLclEntryMaxIcmpCode.
When the value of tIPsecTsListLclEntryProtocolId is 135, this value
must be set in the SNMP SET PDU as tIPsecTsListLclEntryMinMhType and
tIPsecTsListLclEntryMaxMhType."
DEFVAL { -1 }
::= { tIPsecTsListLclEntryEntry 20 }
tIPsecGWTsNegSelPlcyTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecGWTsNegSelPlcyTblLastChgd indicates the sysUpTime
at the time of the last modification to tIPsecGWTsNegSelPlcyTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 47 }
tIPsecGWTsNegSelPlcyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecGWTsNegSelPlcyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecGWTsNegSelPlcyTable maintains traffic selector
selection-policy information for IPsec gateway entries."
::= { tmnxIPsecObjects 48 }
tIPsecGWTsNegSelPlcyEntry OBJECT-TYPE
SYNTAX TIPsecGWTsNegSelPlcyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecGWTsNegSelPlcyEntry maintains information about a single
IPsec gateway traffic selector negotiation selection-policy."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tIPsecGWTsNegSelPlcyName
}
::= { tIPsecGWTsNegSelPlcyTable 1 }
TIPsecGWTsNegSelPlcyEntry ::= SEQUENCE
{
tIPsecGWTsNegSelPlcyName TNamedItemOrEmpty,
tIPsecGWTsNegSelPlcyRowStatus RowStatus,
tIPsecGWTsNegSelPlcyLastChgd TimeStamp,
tIPsecGWTsNegSelPlcyTsList TNamedItemOrEmpty
}
tIPsecGWTsNegSelPlcyName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecGWTsNegSelPlcyName specifies the IPsec
selection-policy name associated with this SAP IPSec gateway traffic
selector."
::= { tIPsecGWTsNegSelPlcyEntry 1 }
tIPsecGWTsNegSelPlcyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tIPsecGWTsNegSelPlcyRowStatus object is used to create and delete
rows in the tIPsecGWTsNegSelPlcyTable."
::= { tIPsecGWTsNegSelPlcyEntry 2 }
tIPsecGWTsNegSelPlcyLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecGWTsNegSelPlcyLastChgd indicates the sysUpTime at
the time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tIPsecGWTsNegSelPlcyEntry 3 }
tIPsecGWTsNegSelPlcyTsList OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tIPsecGWTsNegSelPlcyTsList object specifies the IPsec traffic
selector list name associated with this traffic selector negotiation
selection-policy on this gateway."
DEFVAL { ''H }
::= { tIPsecGWTsNegSelPlcyEntry 4 }
tIPsecTrustAnchorProfTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTrustAnchorProfTblLastChgd indicates the sysUpTime
at the time of the last modification to tIPsecTrustAnchorProfTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 49 }
tIPsecTrustAnchorProfTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecTrustAnchorProfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecTrustAnchorProfTable allows configuration of IPsec trust
anchor profile parameters."
::= { tmnxIPsecObjects 50 }
tIPsecTrustAnchorProfEntry OBJECT-TYPE
SYNTAX TIPsecTrustAnchorProfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecTrustAnchorProfEntry is an entry (conceptual row) in the
tIPsecTrustAnchorProfTable. Each entry represents the configuration
for a trust anchor profile.
Entries in this table can be created and deleted via SNMP SET
operations to tIPsecTrustAnchorProfRowStatus. Entries have a presumed
StorageType of nonVolatile."
INDEX { tIPsecTrustAnchorProfName }
::= { tIPsecTrustAnchorProfTable 1 }
TIPsecTrustAnchorProfEntry ::= SEQUENCE
{
tIPsecTrustAnchorProfName TNamedItem,
tIPsecTrustAnchorProfRowStatus RowStatus,
tIPsecTrustAnchorProfLastChgd TimeStamp,
tIPsecTrustAnchorCAProfDown Integer32
}
tIPsecTrustAnchorProfName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecTrustAnchorProfName specifies a specific IPsec
trust anchor profile name."
::= { tIPsecTrustAnchorProfEntry 1 }
tIPsecTrustAnchorProfRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTrustAnchorProfRowStatus controls the creation and
deletion of rows in the table."
::= { tIPsecTrustAnchorProfEntry 2 }
tIPsecTrustAnchorProfLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTrustAnchorProfLastChgd indicates the sysUpTime at
the time of the most recent management-initiated change to this entry."
::= { tIPsecTrustAnchorProfEntry 3 }
tIPsecTrustAnchorCAProfDown OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTrustAnchorCAProfDown indicates the total number of
trusted CA-profiles (Certificate-Authority) not operational in the
trust-anchor-profile."
::= { tIPsecTrustAnchorProfEntry 4 }
tIPsecTrustAnchorsTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTrustAnchorsTblLastChgd indicates the sysUpTime at
the time of the last modification to tIPsecTrustAnchorsTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 51 }
tIPsecTrustAnchorsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecTrustAnchorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecTrustAnchorsTable allows configuration of IPsec trust anchor
profile entry parameters."
::= { tmnxIPsecObjects 52 }
tIPsecTrustAnchorsEntry OBJECT-TYPE
SYNTAX TIPsecTrustAnchorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecTrustAnchorsEntry is an entry (conceptual row) in the
tIPsecTrustAnchorsTable. Each entry represents the configuration for a
trust anchor profile entry.
Entries in this table can be created and deleted via SNMP SET
operations to tIPsecTrustAnchorsRowStatus. Entries have a presumed
StorageType of nonVolatile."
INDEX {
tIPsecTrustAnchorProfName,
tIPsecTrustAnchorsCAProfile
}
::= { tIPsecTrustAnchorsTable 1 }
TIPsecTrustAnchorsEntry ::= SEQUENCE
{
tIPsecTrustAnchorsCAProfile TNamedItem,
tIPsecTrustAnchorsRowStatus RowStatus,
tIPsecTrustAnchorsLastChgd TimeStamp
}
tIPsecTrustAnchorsCAProfile OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecTrustAnchorsCAProfile specifies a specific IPsec
trust anchor certificate profile name."
::= { tIPsecTrustAnchorsEntry 1 }
tIPsecTrustAnchorsRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTrustAnchorsRowStatus controls the creation and
deletion of rows in the table."
::= { tIPsecTrustAnchorsEntry 2 }
tIPsecTrustAnchorsLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTrustAnchorsLastChgd indicates the sysUpTime at the
time of the most recent management-initiated change to this entry."
::= { tIPsecTrustAnchorsEntry 3 }
tIPsecRUSATrafficSelTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecRUSATrafficSelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecRUSATrafficSelTable stores the IPsec remote-user dynamic SA
traffic selector entries."
::= { tmnxIPsecObjects 53 }
tIPsecRUSATrafficSelEntry OBJECT-TYPE
SYNTAX TIPsecRUSATrafficSelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecRUSATrafficSelEntry maintains information about a single
IPsec remote-user SA traffic selector entry."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tIPsecRUTnlInetAddrType,
tIPsecRUTnlInetAddress,
tIPsecRUTnlPort,
tIPsecRUSAId,
tIPsecRUSADirection,
tIPsecRUSAIndex,
tIPsecRUSATrafficSelSide,
tIPsecRUSATrafficSelFrAddrType,
tIPsecRUSATrafficSelFrAddr,
tIPsecRUSATrafficSelToAddrType,
tIPsecRUSATrafficSelToAddr,
tIPsecRUSATrafficSelMinPort,
tIPsecRUSATrafficSelMaxPort,
tIPsecRUSATrafficSelProtocolId
}
::= { tIPsecRUSATrafficSelTable 1 }
TIPsecRUSATrafficSelEntry ::= SEQUENCE
{
tIPsecRUSATrafficSelSide TmnxIpsecTrafficSelSide,
tIPsecRUSATrafficSelFrAddrType InetAddressType,
tIPsecRUSATrafficSelFrAddr InetAddress,
tIPsecRUSATrafficSelToAddrType InetAddressType,
tIPsecRUSATrafficSelToAddr InetAddress,
tIPsecRUSATrafficSelLastChgd TimeStamp,
tIPsecRUSATrafficSelMinPort InetPortNumber,
tIPsecRUSATrafficSelMaxPort InetPortNumber,
tIPsecRUSATrafficSelProtocolId Unsigned32
}
tIPsecRUSATrafficSelSide OBJECT-TYPE
SYNTAX TmnxIpsecTrafficSelSide
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSATrafficSelSide specifies the side to which the
traffic selector entry pertains."
::= { tIPsecRUSATrafficSelEntry 1 }
tIPsecRUSATrafficSelFrAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSATrafficSelFrAddrType specifies the address type
of the beginning address of the range for this traffic selector entry."
::= { tIPsecRUSATrafficSelEntry 2 }
tIPsecRUSATrafficSelFrAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSATrafficSelFrAddr specifies the beginning
address of the range for this traffic selector entry."
::= { tIPsecRUSATrafficSelEntry 3 }
tIPsecRUSATrafficSelToAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSATrafficSelToAddrType specifies the address type
of the end address of the range for this traffic selector entry."
::= { tIPsecRUSATrafficSelEntry 4 }
tIPsecRUSATrafficSelToAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSATrafficSelToAddr specifies the end address of
the range for this traffic selector entry."
::= { tIPsecRUSATrafficSelEntry 5 }
tIPsecRUSATrafficSelLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUSATrafficSelLastChgd indicates the sysUpTime at
the time of the most recent management-initiated change to this entry."
::= { tIPsecRUSATrafficSelEntry 6 }
tIPsecRUSATrafficSelMinPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSATrafficSelMinPort specifies the minimum port
number of the range for this IPsec traffic selector entry.
When the value of tIPsecRUSATrafficSelMinPort is '0' and the value of
tIPsecRUSATrafficSelMaxPort is '65535', it means that the IPsec
traffic selector accepts any port number.
When the value of tIPsecRUSATrafficSelProtocolId is '1' (ICMP) or '58'
(ICMPv6), the bits from 0 to 7 of tIPsecRUSATrafficSelMinPort
represent the minimum ICMP/ICMPv6 code and the bits from 8 to 15
represent the minimum ICMP/ICMPv6 type."
::= { tIPsecRUSATrafficSelEntry 7 }
tIPsecRUSATrafficSelMaxPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSATrafficSelMaxPort specifies the maximum port
number of the range for this IPsec traffic selector entry.
When the value of tIPsecRUSATrafficSelMaxPort is '0' and the value of
tIPsecRUSATrafficSelMinPort is '65535', it means that the IPsec
traffic selector accepts the packet only when the corresponding port
field is unavailable.
When the value of tIPsecRUSATrafficSelProtocolId is '1' (ICMP) or '58'
(ICMPv6), the bits from 0 to 7 of tIPsecRUSATrafficSelMaxPort
represent the maximum ICMP/ICMPv6 code and the bits from 8 to 15
represent the maximum ICMP/ICMPv6 type."
::= { tIPsecRUSATrafficSelEntry 8 }
tIPsecRUSATrafficSelProtocolId OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUSATrafficSelProtocolId specifies the IP protocol
number for this IPsec traffic selector entry.
A value of zero specifies that the IPsec traffic selector will accept
packets for any protocol."
::= { tIPsecRUSATrafficSelEntry 9 }
tmnxIPsecGWDhcpTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpTblLastChgd indicates the sysUpTime at the
time of the last modification of tmnxIPsecGWDhcpTable.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 54 }
tmnxIPsecGWDhcpTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecGWDhcpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains SAP IPSec gateway DHCP information."
::= { tmnxIPsecObjects 55 }
tmnxIPsecGWDhcpEntry OBJECT-TYPE
SYNTAX TmnxIPsecGWDhcpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a SAP IPSec gateway DHCP."
INDEX {
svcId,
sapPortId,
sapEncapValue
}
::= { tmnxIPsecGWDhcpTable 1 }
TmnxIPsecGWDhcpEntry ::= SEQUENCE
{
tmnxIPsecGWDhcpRowStatus RowStatus,
tmnxIPsecGWDhcpLastChgd TimeStamp,
tmnxIPsecGWDhcpAdminState TmnxAdminState,
tmnxIPsecGWDhcpGiAddrType InetAddressType,
tmnxIPsecGWDhcpGiAddr InetAddress,
tmnxIPsecGWDhcpSendRelease TruthValue,
tmnxIPsecGWDhcpServiceId TmnxServId,
tmnxIPsecGWDhcpRouterId TmnxVRtrIDOrZero,
tmnxIPsecGWDhcpSrvr1AddrType InetAddressType,
tmnxIPsecGWDhcpSrvr1Addr InetAddress,
tmnxIPsecGWDhcpSrvr2AddrType InetAddressType,
tmnxIPsecGWDhcpSrvr2Addr InetAddress,
tmnxIPsecGWDhcpSrvr3AddrType InetAddressType,
tmnxIPsecGWDhcpSrvr3Addr InetAddress,
tmnxIPsecGWDhcpSrvr4AddrType InetAddressType,
tmnxIPsecGWDhcpSrvr4Addr InetAddress,
tmnxIPsecGWDhcpSrvr5AddrType InetAddressType,
tmnxIPsecGWDhcpSrvr5Addr InetAddress,
tmnxIPsecGWDhcpSrvr6AddrType InetAddressType,
tmnxIPsecGWDhcpSrvr6Addr InetAddress,
tmnxIPsecGWDhcpSrvr7AddrType InetAddressType,
tmnxIPsecGWDhcpSrvr7Addr InetAddress,
tmnxIPsecGWDhcpSrvr8AddrType InetAddressType,
tmnxIPsecGWDhcpSrvr8Addr InetAddress,
tmnxIPsecGWDhcpServiceName TLNamedItemOrEmpty
}
tmnxIPsecGWDhcpRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpRowStatus controls the creation and
deletion of rows in the table."
::= { tmnxIPsecGWDhcpEntry 1 }
tmnxIPsecGWDhcpLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpLastChgd indicates the value of sysUpTime
at the time of the last management change of any writable object of
this row."
::= { tmnxIPsecGWDhcpEntry 2 }
tmnxIPsecGWDhcpAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpAdminState specifies the administrative
state of SAP IPSec gateway DHCP entry."
DEFVAL { outOfService }
::= { tmnxIPsecGWDhcpEntry 3 }
tmnxIPsecGWDhcpGiAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpGiAddrType specifies the address type of
address in tmnxIPsecGWDhcpGiAddr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpEntry 4 }
tmnxIPsecGWDhcpGiAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpGiAddr specifies the address of the
gateway interface on this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpEntry 5 }
tmnxIPsecGWDhcpSendRelease OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSendRelease specifies whether to send DHCP
release message when tunnel is removed on this SAP IPSec gateway."
DEFVAL { true }
::= { tmnxIPsecGWDhcpEntry 6 }
tmnxIPsecGWDhcpServiceId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpServiceId specifies the service identifier
whose virtual router provides reachability to the DHCP server
addresses configured in the 'tmnxIPsecGWDhcpSrvrXAddr' objects.
In order to specify a virtual router, exactly one of
tmnxIPsecGWDhcpServiceId, tmnxIPsecGWDhcpServiceName and
tmnxIPsecGWDhcpRouterId must be configured to a non-default value. For
example, when the value of tmnxIPsecGWDhcpServiceId is default, the
virtual router must be specified using tmnxIPsecGWDhcpServiceName or
tmnxIPsecGWDhcpRouterId.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the DHCP servers."
DEFVAL { 0 }
::= { tmnxIPsecGWDhcpEntry 7 }
tmnxIPsecGWDhcpRouterId OBJECT-TYPE
SYNTAX TmnxVRtrIDOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpRouterId specifies the virtual router
instance that provides reachability to the DHCP server addresses
configured in the 'tmnxIPsecGWDhcpSrvrXAddr' objects.
In order to specify a virtual router, exactly one of
tmnxIPsecGWDhcpServiceId, tmnxIPsecGWDhcpServiceName and
tmnxIPsecGWDhcpRouterId must be configured to a non-default value. For
example, when the value of tmnxIPsecGWDhcpRouterId is default, the
virtual router must be specified using tmnxIPsecGWDhcpServiceId or
tmnxIPsecGWDhcpServiceName.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the DHCP servers.
Only those IDs corresponding to the 'Base' virtual routers may be set
in this object. Refer to the vRtrName object from TIMETRA-VRTR-MIB.mib"
DEFVAL { 0 }
::= { tmnxIPsecGWDhcpEntry 8 }
tmnxIPsecGWDhcpSrvr1AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr1AddrType specifies the address type
of address in tmnxIPsecGWDhcpSrvr1Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpEntry 9 }
tmnxIPsecGWDhcpSrvr1Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr1Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpEntry 10 }
tmnxIPsecGWDhcpSrvr2AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr2AddrType specifies the address type
of address in tmnxIPsecGWDhcpSrvr2Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpEntry 11 }
tmnxIPsecGWDhcpSrvr2Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr2Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpEntry 12 }
tmnxIPsecGWDhcpSrvr3AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr3AddrType specifies the address type
of address in tmnxIPsecGWDhcpSrvr3Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpEntry 13 }
tmnxIPsecGWDhcpSrvr3Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr3Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpEntry 14 }
tmnxIPsecGWDhcpSrvr4AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr4AddrType specifies the address type
of address in tmnxIPsecGWDhcpSrvr4Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpEntry 15 }
tmnxIPsecGWDhcpSrvr4Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr4Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpEntry 16 }
tmnxIPsecGWDhcpSrvr5AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr5AddrType specifies the address type
of address in tmnxIPsecGWDhcpSrvr5Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpEntry 17 }
tmnxIPsecGWDhcpSrvr5Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr5Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpEntry 18 }
tmnxIPsecGWDhcpSrvr6AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr6AddrType specifies the address type
of address in tmnxIPsecGWDhcpSrvr6Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpEntry 19 }
tmnxIPsecGWDhcpSrvr6Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr6Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpEntry 20 }
tmnxIPsecGWDhcpSrvr7AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr7AddrType specifies the address type
of address in tmnxIPsecGWDhcpSrvr7Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpEntry 21 }
tmnxIPsecGWDhcpSrvr7Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr7Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpEntry 22 }
tmnxIPsecGWDhcpSrvr8AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr8AddrType specifies the address type
of address in tmnxIPsecGWDhcpSrvr8Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpEntry 23 }
tmnxIPsecGWDhcpSrvr8Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpSrvr8Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpEntry 24 }
tmnxIPsecGWDhcpServiceName OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpServiceName specifies the service name
whose virtual router provides reachability to the DHCP server
addresses configured in the 'tmnxIPsecGWDhcpSrvrXAddr' objects.
In order to specify a virtual router, exactly one of
tmnxIPsecGWDhcpServiceId, tmnxIPsecGWDhcpServiceName and
tmnxIPsecGWDhcpRouterId must be configured to a non-default value. For
example, when the value of tmnxIPsecGWDhcpServiceName is default, the
virtual router must be specified using tmnxIPsecGWDhcpServiceId or
tmnxIPsecGWDhcpRouterId.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the DHCP servers."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpEntry 25 }
tIPsecGWLclAddrAssignTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignTblLastChgd indicates the sysUpTime
at the time of the last modification of tIPsecGWLclAddrAssignTable.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 56 }
tIPsecGWLclAddrAssignTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecGWLclAddrAssignEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecGWLclAddrAssignTable maintains Local-Address-Assignment
information for all SAP IPSec gateways."
::= { tmnxIPsecObjects 57 }
tIPsecGWLclAddrAssignEntry OBJECT-TYPE
SYNTAX TIPsecGWLclAddrAssignEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecGWLclAddrAssignEntry maintains Local-Address-Assignment
information for specific SAP IPSec gateway."
INDEX {
svcId,
sapPortId,
sapEncapValue
}
::= { tIPsecGWLclAddrAssignTable 1 }
TIPsecGWLclAddrAssignEntry ::= SEQUENCE
{
tIPsecGWLclAddrAssignRowStatus RowStatus,
tIPsecGWLclAddrAssignLastChgd TimeStamp,
tIPsecGWLclAddrAssignAdminState TmnxAdminState,
tIPsecGWLclAddrAssignIp4SrvrName TNamedItemOrEmpty,
tIPsecGWLclAddrAssignIp4SrvrSvc TmnxServId,
tIPsecGWLclAddrAssignIp4SrvrRtr TmnxVRtrIDOrZero,
tIPsecGWLclAddrAssignIp4PoolName TNamedItemOrEmpty,
tIPsecGWLclAddrAssignIp6SrvrName TNamedItemOrEmpty,
tIPsecGWLclAddrAssignIp6SrvrSvc TmnxServId,
tIPsecGWLclAddrAssignIp6SrvrRtr TmnxVRtrIDOrZero,
tIPsecGWLclAddrAssignIp6PoolName TNamedItemOrEmpty,
tIPsecGWLclAddrAssignIp4PoolNam2 TNamedItemOrEmpty,
tIPsecGWLclAddrAssignIp4SrvrSvcN TLNamedItemOrEmpty,
tIPsecGWLclAddrAssignIp6SrvrSvcN TLNamedItemOrEmpty
}
tIPsecGWLclAddrAssignRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignRowStatus controls the creation and
deletion of rows in the table."
::= { tIPsecGWLclAddrAssignEntry 1 }
tIPsecGWLclAddrAssignLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignLastChgd indicates the value of
sysUpTime at the time of the last management change of any writable
object of this row."
::= { tIPsecGWLclAddrAssignEntry 2 }
tIPsecGWLclAddrAssignAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignAdminState specifies the
administrative state of SAP IPSec gateway DHCP entry."
DEFVAL { outOfService }
::= { tIPsecGWLclAddrAssignEntry 3 }
tIPsecGWLclAddrAssignIp4SrvrName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp4SrvrName specifies the name of
the Local-Address-Assignment server associated with this SAP IPSec
gateway."
DEFVAL { ''H }
::= { tIPsecGWLclAddrAssignEntry 4 }
tIPsecGWLclAddrAssignIp4SrvrSvc OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp4SrvrSvc specifies the service
identifier whose virtual router provides reachability to the
local-address-assignment server address configured in the
tIPsecGWLclAddrAssignIp4SrvrName object.
In order to specify a virtual router, exactly one of
tIPsecGWLclAddrAssignIp4SrvrSvc, tIPsecGWLclAddrAssignIp4SrvrSvcN and
tIPsecGWLclAddrAssignIp4SrvrRtr must be configured to a non-default
value. For example, when the value of tIPsecGWLclAddrAssignIp4SrvrSvc
is default, the virtual router must be specified using
tIPsecGWLclAddrAssignIp4SrvrSvcN or tIPsecGWLclAddrAssignIp4SrvrRtr.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the local address assignment
server."
DEFVAL { 0 }
::= { tIPsecGWLclAddrAssignEntry 5 }
tIPsecGWLclAddrAssignIp4SrvrRtr OBJECT-TYPE
SYNTAX TmnxVRtrIDOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp4SrvrRtr specifies the virtual
router instance that provides reachability to the
local-address-assignment server address configured in the
tIPsecGWLclAddrAssignIp4SrvrName object.
In order to specify a virtual router, exactly one of
tIPsecGWLclAddrAssignIp4SrvrSvc, tIPsecGWLclAddrAssignIp4SrvrSvcN and
tIPsecGWLclAddrAssignIp4SrvrRtr must be configured to a non-default
value. For example, when the value of tIPsecGWLclAddrAssignIp4SrvrRtr
is default, the virtual router must be specified using
tIPsecGWLclAddrAssignIp4SrvrSvc or tIPsecGWLclAddrAssignIp4SrvrSvcN.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the local address assignment
server.
Only those IDs corresponding to the 'Base', 'management', and
'vpls-management' virtual routers may be set in this object. Refer
to the vRtrName object from TIMETRA-VRTR-MIB.mib"
DEFVAL { 0 }
::= { tIPsecGWLclAddrAssignEntry 6 }
tIPsecGWLclAddrAssignIp4PoolName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp4PoolName specifies the name of
the primary IPv4 Local-Address-Assignment pool associated with this
IPsec gateway."
DEFVAL { ''H }
::= { tIPsecGWLclAddrAssignEntry 7 }
tIPsecGWLclAddrAssignIp6SrvrName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp6SrvrName specifies the name of
the Local-Address-Assignment server associated with this SAP IPSec
gateway."
DEFVAL { ''H }
::= { tIPsecGWLclAddrAssignEntry 8 }
tIPsecGWLclAddrAssignIp6SrvrSvc OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp6SrvrSvc specifies the service
identifier whose virtual router provides reachability to the
local-address-assignment server address configured in the
tIPsecGWLclAddrAssignIp6SrvrName object.
In order to specify a virtual router, exactly one of
tIPsecGWLclAddrAssignIp6SrvrSvc, tIPsecGWLclAddrAssignIp6SrvrSvcN and
tIPsecGWLclAddrAssignIp6SrvrRtr must be configured to a non-default
value. For example, when the value of tIPsecGWLclAddrAssignIp6SrvrSvc
is default, the virtual router must be specified using
tIPsecGWLclAddrAssignIp6SrvrSvcN or tIPsecGWLclAddrAssignIp6SrvrRtr.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the local address assignment
server."
DEFVAL { 0 }
::= { tIPsecGWLclAddrAssignEntry 9 }
tIPsecGWLclAddrAssignIp6SrvrRtr OBJECT-TYPE
SYNTAX TmnxVRtrIDOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp6SrvrRtr specifies the virtual
router instance that provides reachability to the
local-address-assignment server address configured in the
tIPsecGWLclAddrAssignIp6SrvrName object.
In order to specify a virtual router, exactly one of
tIPsecGWLclAddrAssignIp6SrvrSvc, tIPsecGWLclAddrAssignIp6SrvrSvcN and
tIPsecGWLclAddrAssignIp6SrvrRtr must be configured to a non-default
value. For example, when the value of tIPsecGWLclAddrAssignIp6SrvrRtr
is default, the virtual router must be specified using
tIPsecGWLclAddrAssignIp6SrvrSvc or tIPsecGWLclAddrAssignIp6SrvrSvcN.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the local address assignment
server.
Only those IDs corresponding to the 'Base', 'management', and
'vpls-management' virtual routers may be set in this object. Refer
to the vRtrName object from TIMETRA-VRTR-MIB.mib"
DEFVAL { 0 }
::= { tIPsecGWLclAddrAssignEntry 10 }
tIPsecGWLclAddrAssignIp6PoolName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp6PoolName specifies the name of
the primary IPv6 Local-Address-Assignment pool associated with this
IPsec gateway."
DEFVAL { ''H }
::= { tIPsecGWLclAddrAssignEntry 11 }
tIPsecGWLclAddrAssignIp4PoolNam2 OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp4PoolNam2 specifies the name of
the secondary IPv4 Local-Address-Assignment pool associated with this
IPsec gateway.
The secondary pool will be used when all addresses in the primary pool
(tIPsecGWLclAddrAssignIp4PoolName) are assigned.
When tIPsecGWLclAddrAssignIp4PoolName is not configured,
tIPsecGWLclAddrAssignIp4PoolNam2 also cannot be configured.
When tIPsecGWLclAddrAssignIp4PoolName is configured,
tIPsecGWLclAddrAssignIp4PoolNam2 cannot be set the the same value as
tIPsecGWLclAddrAssignIp4PoolName."
DEFVAL { ''H }
::= { tIPsecGWLclAddrAssignEntry 12 }
tIPsecGWLclAddrAssignIp4SrvrSvcN OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp4SrvrSvcN specifies the service
name whose virtual router provides reachability to the
local-address-assignment server address configured in the
tIPsecGWLclAddrAssignIp4SrvrName object.
In order to specify a virtual router, exactly one of
tIPsecGWLclAddrAssignIp4SrvrSvc, tIPsecGWLclAddrAssignIp4SrvrSvcN and
tIPsecGWLclAddrAssignIp4SrvrRtr must be configured to a non-default
value. For example, when the value of tIPsecGWLclAddrAssignIp4SrvrSvcN
is default, the virtual router must be specified using
tIPsecGWLclAddrAssignIp4SrvrSvc or tIPsecGWLclAddrAssignIp4SrvrRtr.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the local address assignment
server."
DEFVAL { ''H }
::= { tIPsecGWLclAddrAssignEntry 14 }
tIPsecGWLclAddrAssignIp6SrvrSvcN OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecGWLclAddrAssignIp6SrvrSvcN specifies the service
name whose virtual router provides reachability to the
local-address-assignment server address configured in the
tIPsecGWLclAddrAssignIp6SrvrName object.
In order to specify a virtual router, exactly one of
tIPsecGWLclAddrAssignIp6SrvrSvc, tIPsecGWLclAddrAssignIp6SrvrSvcN and
tIPsecGWLclAddrAssignIp6SrvrRtr must be configured to a non-default
value. For example, when the value of tIPsecGWLclAddrAssignIp6SrvrSvcN
is default, the virtual router must be specified using
tIPsecGWLclAddrAssignIp6SrvrSvc or tIPsecGWLclAddrAssignIp6SrvrRtr.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the local address assignment
server."
DEFVAL { ''H }
::= { tIPsecGWLclAddrAssignEntry 15 }
tmnxIPsecGWDhcpV6TblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6TblLastChgd indicates the sysUpTime at
the time of the last modification of tmnxIPsecGWDhcpV6Table.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 58 }
tmnxIPsecGWDhcpV6Table OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecGWDhcpV6Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that contains SAP IPSec gateway DHCPV6 information."
::= { tmnxIPsecObjects 59 }
tmnxIPsecGWDhcpV6Entry OBJECT-TYPE
SYNTAX TmnxIPsecGWDhcpV6Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a SAP IPSec gateway DHCPV6."
INDEX {
svcId,
sapPortId,
sapEncapValue
}
::= { tmnxIPsecGWDhcpV6Table 1 }
TmnxIPsecGWDhcpV6Entry ::= SEQUENCE
{
tmnxIPsecGWDhcpV6RowStatus RowStatus,
tmnxIPsecGWDhcpV6LastChgd TimeStamp,
tmnxIPsecGWDhcpV6AdminState TmnxAdminState,
tmnxIPsecGWDhcpV6LinkAddrType InetAddressType,
tmnxIPsecGWDhcpV6LinkAddr InetAddress,
tmnxIPsecGWDhcpV6SendRelease TruthValue,
tmnxIPsecGWDhcpV6ServiceId TmnxServId,
tmnxIPsecGWDhcpV6RouterId TmnxVRtrIDOrZero,
tmnxIPsecGWDhcpV6Srvr1AddrType InetAddressType,
tmnxIPsecGWDhcpV6Srvr1Addr InetAddress,
tmnxIPsecGWDhcpV6Srvr2AddrType InetAddressType,
tmnxIPsecGWDhcpV6Srvr2Addr InetAddress,
tmnxIPsecGWDhcpV6Srvr3AddrType InetAddressType,
tmnxIPsecGWDhcpV6Srvr3Addr InetAddress,
tmnxIPsecGWDhcpV6Srvr4AddrType InetAddressType,
tmnxIPsecGWDhcpV6Srvr4Addr InetAddress,
tmnxIPsecGWDhcpV6Srvr5AddrType InetAddressType,
tmnxIPsecGWDhcpV6Srvr5Addr InetAddress,
tmnxIPsecGWDhcpV6Srvr6AddrType InetAddressType,
tmnxIPsecGWDhcpV6Srvr6Addr InetAddress,
tmnxIPsecGWDhcpV6Srvr7AddrType InetAddressType,
tmnxIPsecGWDhcpV6Srvr7Addr InetAddress,
tmnxIPsecGWDhcpV6Srvr8AddrType InetAddressType,
tmnxIPsecGWDhcpV6Srvr8Addr InetAddress,
tmnxIPsecGWDhcpV6ServiceName TLNamedItemOrEmpty
}
tmnxIPsecGWDhcpV6RowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6RowStatus controls the creation and
deletion of rows in the table."
::= { tmnxIPsecGWDhcpV6Entry 1 }
tmnxIPsecGWDhcpV6LastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6LastChgd indicates the value of
sysUpTime at the time of the last management change of any writable
object of this row."
::= { tmnxIPsecGWDhcpV6Entry 2 }
tmnxIPsecGWDhcpV6AdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6AdminState specifies the administrative
state of SAP IPSec gateway DHCP entry."
DEFVAL { outOfService }
::= { tmnxIPsecGWDhcpV6Entry 3 }
tmnxIPsecGWDhcpV6LinkAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6LinkAddrType specifies the address type
of address in tmnxIPsecGWDhcpV6LinkAddr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpV6Entry 4 }
tmnxIPsecGWDhcpV6LinkAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6LinkAddr specifies the address of the
gateway interface on this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpV6Entry 5 }
tmnxIPsecGWDhcpV6SendRelease OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6SendRelease specifies whether to send
DHCP release message when tunnel is removed on this SAP IPSec gateway."
DEFVAL { true }
::= { tmnxIPsecGWDhcpV6Entry 6 }
tmnxIPsecGWDhcpV6ServiceId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6ServiceId specifies the service
identifier whose virtual router provides reachability to the DHCP
server addresses configured in the 'tmnxIPsecGWDhcpV6SrvrXAddr'
objects.
In order to specify a virtual router, exactly one of
tmnxIPsecGWDhcpV6ServiceId, tmnxIPsecGWDhcpV6ServiceName and
tmnxIPsecGWDhcpV6RouterId must be configured to a non-default value.
For example, when the value of tmnxIPsecGWDhcpV6ServiceId is default,
the virtual router must be specified using
tmnxIPsecGWDhcpV6ServiceName or tmnxIPsecGWDhcpV6RouterId.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the DHCP servers."
DEFVAL { 0 }
::= { tmnxIPsecGWDhcpV6Entry 7 }
tmnxIPsecGWDhcpV6RouterId OBJECT-TYPE
SYNTAX TmnxVRtrIDOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6RouterId specifies the virtual router
instance that provides reachability to the DHCP server addresses
configured in the 'tmnxIPsecGWDhcpV6SrvrXAddr' objects.
In order to specify a virtual router, exactly one of
tmnxIPsecGWDhcpV6ServiceId, tmnxIPsecGWDhcpV6ServiceName and
tmnxIPsecGWDhcpV6RouterId must be configured to a non-default value.
For example, when the value of tmnxIPsecGWDhcpV6RouterId is default,
the virtual router must be specified using tmnxIPsecGWDhcpV6ServiceId
or tmnxIPsecGWDhcpV6ServiceName.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the DHCP servers.
Only those IDs corresponding to the 'Base', 'management', and
'vpls-management' virtual routers may be set in this object. Refer
to the vRtrName object from TIMETRA-VRTR-MIB.mib"
DEFVAL { 0 }
::= { tmnxIPsecGWDhcpV6Entry 8 }
tmnxIPsecGWDhcpV6Srvr1AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr1AddrType specifies the address type
of address in tmnxIPsecGWDhcpV6Srvr1Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpV6Entry 9 }
tmnxIPsecGWDhcpV6Srvr1Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr1Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpV6Entry 10 }
tmnxIPsecGWDhcpV6Srvr2AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr2AddrType specifies the address type
of address in tmnxIPsecGWDhcpV6Srvr2Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpV6Entry 11 }
tmnxIPsecGWDhcpV6Srvr2Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr2Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpV6Entry 12 }
tmnxIPsecGWDhcpV6Srvr3AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr3AddrType specifies the address type
of address in tmnxIPsecGWDhcpV6Srvr3Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpV6Entry 13 }
tmnxIPsecGWDhcpV6Srvr3Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr3Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpV6Entry 14 }
tmnxIPsecGWDhcpV6Srvr4AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr4AddrType specifies the address type
of address in tmnxIPsecGWDhcpV6Srvr4Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpV6Entry 15 }
tmnxIPsecGWDhcpV6Srvr4Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr4Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpV6Entry 16 }
tmnxIPsecGWDhcpV6Srvr5AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr5AddrType specifies the address type
of address in tmnxIPsecGWDhcpV6Srvr5Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpV6Entry 17 }
tmnxIPsecGWDhcpV6Srvr5Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr5Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpV6Entry 18 }
tmnxIPsecGWDhcpV6Srvr6AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr6AddrType specifies the address type
of address in tmnxIPsecGWDhcpV6Srvr6Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpV6Entry 19 }
tmnxIPsecGWDhcpV6Srvr6Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr6Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpV6Entry 20 }
tmnxIPsecGWDhcpV6Srvr7AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr7AddrType specifies the address type
of address in tmnxIPsecGWDhcpV6Srvr7Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpV6Entry 21 }
tmnxIPsecGWDhcpV6Srvr7Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr7Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpV6Entry 22 }
tmnxIPsecGWDhcpV6Srvr8AddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr8AddrType specifies the address type
of address in tmnxIPsecGWDhcpV6Srvr8Addr."
DEFVAL { unknown }
::= { tmnxIPsecGWDhcpV6Entry 23 }
tmnxIPsecGWDhcpV6Srvr8Addr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6Srvr8Addr specifies the DHCP server
address associated with this SAP IPSec gateway."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpV6Entry 24 }
tmnxIPsecGWDhcpV6ServiceName OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWDhcpV6ServiceName specifies the service name
whose virtual router provides reachability to the DHCP server
addresses configured in the 'tmnxIPsecGWDhcpV6SrvrXAddr' objects.
In order to specify a virtual router, exactly one of
tmnxIPsecGWDhcpV6ServiceId, tmnxIPsecGWDhcpV6ServiceName and
tmnxIPsecGWDhcpV6RouterId must be configured to a non-default value.
For example, when the value of tmnxIPsecGWDhcpV6ServiceName is
default, the virtual router must be specified using
tmnxIPsecGWDhcpV6ServiceId or tmnxIPsecGWDhcpV6RouterId.
When all of the three objects are default, remote user tunnels will
fail to acquire the addresses from any of the DHCP servers."
DEFVAL { ''H }
::= { tmnxIPsecGWDhcpV6Entry 25 }
tIPsecTsListRmtEntryTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryTblLastChgd indicates the time, since
system startup, when tIPsecTsListRmtEntryTable last changed
configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxIPsecObjects 60 }
tIPsecTsListRmtEntryTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecTsListRmtEntryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecTsListRmtEntryTable contains objects used to configure
instances of IPsec traffic selector list remote entries.
Entries in this table are created and destroyed via SNMP SET
operations to tIPsecTsListRmtEntryRowStatus."
::= { tmnxIPsecObjects 61 }
tIPsecTsListRmtEntryEntry OBJECT-TYPE
SYNTAX TIPsecTsListRmtEntryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecTsListRmtEntryEntry contains the configuration of one IPsec
traffic selector list remote entry."
INDEX {
tIPsecTsListName,
tIPsecTsListRmtEntryId
}
::= { tIPsecTsListRmtEntryTable 1 }
TIPsecTsListRmtEntryEntry ::= SEQUENCE
{
tIPsecTsListRmtEntryId Unsigned32,
tIPsecTsListRmtEntryRowStatus RowStatus,
tIPsecTsListRmtEntryLastChgd TimeStamp,
tIPsecTsListRmtEntryMinAddrType InetAddressType,
tIPsecTsListRmtEntryMinAddr InetAddress,
tIPsecTsListRmtEntryMaxAddrType InetAddressType,
tIPsecTsListRmtEntryMaxAddr InetAddress,
tIPsecTsListRmtEntryPfxAddrType InetAddressType,
tIPsecTsListRmtEntryPfxAddr InetAddress,
tIPsecTsListRmtEntryPfxLen InetAddressPrefixLength,
tIPsecTsListRmtEntryMinPort InetPortNumber,
tIPsecTsListRmtEntryMaxPort InetPortNumber,
tIPsecTsListRmtEntryMinMhType Unsigned32,
tIPsecTsListRmtEntryMaxMhType Unsigned32,
tIPsecTsListRmtEntryMinIcmpType Unsigned32,
tIPsecTsListRmtEntryMaxIcmpType Unsigned32,
tIPsecTsListRmtEntryMinIcmpCode Unsigned32,
tIPsecTsListRmtEntryMaxIcmpCode Unsigned32,
tIPsecTsListRmtEntryProtocolId Integer32
}
tIPsecTsListRmtEntryId OBJECT-TYPE
SYNTAX Unsigned32 (1..32)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryId specifies a unique identifier for
one IPsec traffic selector remote entry configured in this system."
::= { tIPsecTsListRmtEntryEntry 1 }
tIPsecTsListRmtEntryRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryRowStatus specifies the status of
this row. It is used to create and destroy rows in
tIPsecTsListRmtEntryTable."
::= { tIPsecTsListRmtEntryEntry 2 }
tIPsecTsListRmtEntryLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryLastChgd indicates the time, since
system startup, when the configuration of this row was created or
modified."
::= { tIPsecTsListRmtEntryEntry 3 }
tIPsecTsListRmtEntryMinAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMinAddrType specifies the address
type of tIPsecTsListRmtEntryMinAddr.
The values of tIPsecTsListRmtEntryMinAddrType and
tIPsecTsListRmtEntryMaxAddrType must be the same.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryMinAddr, tIPsecTsListRmtEntryMaxAddrType and
tIPsecTsListRmtEntryMaxAddr."
DEFVAL { unknown }
::= { tIPsecTsListRmtEntryEntry 4 }
tIPsecTsListRmtEntryMinAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMinAddr specifies the minimum address
of the range for this IPsec traffic selector list remote entry.
The configurations of tIPsecTsListRmtEntryMinAddr and
tIPsecTsListRmtEntryPfxAddr are mutually exclusive.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryMinAddrType, tIPsecTsListRmtEntryMaxAddrType and
tIPsecTsListRmtEntryMaxAddr."
DEFVAL { ''H }
::= { tIPsecTsListRmtEntryEntry 5 }
tIPsecTsListRmtEntryMaxAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMaxAddrType specifies the address
type of tIPsecTsListRmtEntryMaxAddr.
The values of tIPsecTsListRmtEntryMaxAddrType and
tIPsecTsListRmtEntryMinAddrType must be the same.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryMinAddr, tIPsecTsListRmtEntryMinAddrType and
tIPsecTsListRmtEntryMaxAddr."
DEFVAL { unknown }
::= { tIPsecTsListRmtEntryEntry 6 }
tIPsecTsListRmtEntryMaxAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMaxAddr specifies the maximum address
of the range for this IPsec traffic selector list remote entry.
The configurations of tIPsecTsListRmtEntryMaxAddr and
tIPsecTsListRmtEntryPfxAddr are mutually exclusive.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryMinAddr, tIPsecTsListRmtEntryMinAddrType and
tIPsecTsListRmtEntryMaxAddrType."
DEFVAL { ''H }
::= { tIPsecTsListRmtEntryEntry 7 }
tIPsecTsListRmtEntryPfxAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryPfxAddrType specifies the address
type of tIPsecTsListRmtEntryPfxAddr.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryPfxAddr and tIPsecTsListRmtEntryPfxLen."
DEFVAL { unknown }
::= { tIPsecTsListRmtEntryEntry 8 }
tIPsecTsListRmtEntryPfxAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryPfxAddr specifies the prefix address
for this IPsec traffic selector list remote entry.
The configuration of tIPsecTsListRmtEntryPfxAddr and that of
tIPsecTsListRmtEntryMinAddr and tIPsecTsListRmtEntryMaxAddr are
mutually exclusive.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryPfxAddrType and tIPsecTsListRmtEntryPfxLen."
DEFVAL { ''H }
::= { tIPsecTsListRmtEntryEntry 9 }
tIPsecTsListRmtEntryPfxLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength (0..128)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryPfxLen specifies the prefix length of
the tIPsecTsListRmtEntryPfxAddr.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryPfxAddrType and tIPsecTsListRmtEntryPfxAddr."
DEFVAL { 0 }
::= { tIPsecTsListRmtEntryEntry 10 }
tIPsecTsListRmtEntryMinPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMinPort specifies the minimum port of
the range for this IPsec traffic selector list remote entry.
tIPsecTsListRmtEntryMinPort is used for any Internet transport layer
protocol except ICMP, ICMPv6 and MIPv6.
When the value of tIPsecTsListRmtEntryMinPort is '0' and the value of
tIPsecTsListRmtEntryMaxPort is '65535', it means that the IPsec
traffic selector accepts any port number.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMaxPort."
DEFVAL { 0 }
::= { tIPsecTsListRmtEntryEntry 11 }
tIPsecTsListRmtEntryMaxPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMaxPort specifies the maximum port of
the range for this IPsec traffic selector list remote entry.
tIPsecTsListRmtEntryMaxPort is used for any Internet transport layer
protocol except ICMP, ICMPv6 and MIPv6.
When the value of tIPsecTsListRmtEntryMaxPort is '0' and the value of
tIPsecTsListRmtEntryMinPort is '65535', it means that the IPsec
traffic selector accepts the packet only when the corresponding port
field field is unavailable.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMinPort."
DEFVAL { 65535 }
::= { tIPsecTsListRmtEntryEntry 12 }
tIPsecTsListRmtEntryMinMhType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMinMhType specifies the minimum
Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec
traffic selector list remote entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMaxMhType."
REFERENCE
"'Mobility Header Types - for the MH Type field in the Mobility Header',
http://www.iana.org/assignments/mobility-parameters/
mobility-parameters.xhtml#mobility-parameters-1"
DEFVAL { 0 }
::= { tIPsecTsListRmtEntryEntry 13 }
tIPsecTsListRmtEntryMaxMhType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMaxMhType specifies the maximum
Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec
traffic selector list remote entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMinMhType."
DEFVAL { 0 }
::= { tIPsecTsListRmtEntryEntry 14 }
tIPsecTsListRmtEntryMinIcmpType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMinIcmpType specifies the minimum
ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector
list remote entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMaxIcmpType,
tIPsecTsListRmtEntryMinIcmpCode and tIPsecTsListRmtEntryMaxIcmpCode."
REFERENCE
"'Internet Control Message Protocol (ICMP) Parameters',
http://www.iana.org/assignments/icmp-parameters/icmp-parameters.txt,
April 2013, and
'Internet Control Message Protocol version 6 (ICMPv6) Parameters',
http://www.iana.org/assignments/icmpv6-parameters/
icmpv6-parameters.xhtml, January 2015."
DEFVAL { 0 }
::= { tIPsecTsListRmtEntryEntry 15 }
tIPsecTsListRmtEntryMaxIcmpType OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMaxIcmpType specifies the maximum
ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector
list remote entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMinIcmpType,
tIPsecTsListRmtEntryMinIcmpCode and tIPsecTsListRmtEntryMaxIcmpCode."
DEFVAL { 0 }
::= { tIPsecTsListRmtEntryEntry 16 }
tIPsecTsListRmtEntryMinIcmpCode OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMinIcmpCode specifies the minimum
ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector
list remote entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMinIcmpType,
tIPsecTsListRmtEntryMaxIcmpType and tIPsecTsListRmtEntryMaxIcmpCode."
DEFVAL { 0 }
::= { tIPsecTsListRmtEntryEntry 17 }
tIPsecTsListRmtEntryMaxIcmpCode OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryMaxIcmpCode specifies the maximum
ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector
list remote entry.
This value must be set in the same SNMP SET PDU as
tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMinIcmpType,
tIPsecTsListRmtEntryMaxIcmpType and tIPsecTsListRmtEntryMinIcmpCode."
DEFVAL { 0 }
::= { tIPsecTsListRmtEntryEntry 18 }
tIPsecTsListRmtEntryProtocolId OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 1..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecTsListRmtEntryProtocolId specifies the IP protocol
number allowed by the IPsec traffic selector associated with this
entry.
A value of zero specifies that the IPsec traffic selector will accept
packets for any protocol. A value of '-1' specifies that this IPsec
traffic selector is not configured.
When the value of tIPsecTsListRmtEntryProtocolId is any value between
-1 and 255, except 1 (ICMP), 58 (ICMPv6) and 135 (MIPv6), this value
must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinPort and
tIPsecTsListRmtEntryMaxPort. Especially when the value of
tIPsecTsListRmtEntryProtocolId is -1, tIPsecTsListRmtEntryMinPort and
tIPsecTsListRmtEntryMaxPort must be 0 and 65535, respectively.
When the value of tIPsecTsListRmtEntryProtocolId is any value between
1 and 255, except 1 (ICMP), 58 (ICMPv6) and 135 (MIPv6), this value
must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinPort and
tIPsecTsListRmtEntryMaxPort.
When the value of tIPsecTsListRmtEntryProtocolId is 1 or 58 this value
must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinIcmpType,
tIPsecTsListRmtEntryMaxIcmpType, tIPsecTsListRmtEntryMinIcmpCode and
tIPsecTsListRmtEntryMaxIcmpCode.
When the value of tIPsecTsListRmtEntryProtocolId is 135, this value
must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinMhType and
tIPsecTsListRmtEntryMaxMhType."
DEFVAL { -1 }
::= { tIPsecTsListRmtEntryEntry 19 }
tmnxIPsecLockoutClientTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecLockoutClientEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecLockoutClientTable contains the statistics information of
IPsec lockout clients. IPsec lockout clients are ones who are not
successfully pass the IKE authentication process."
::= { tmnxIPsecObjects 62 }
tmnxIPsecLockoutClientEntry OBJECT-TYPE
SYNTAX TmnxIPsecLockoutClientEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each tmnxIPsecLockoutClientEntry contains the statistics information
for one IPsec Lockout Client. tmnxCardSlotNum and tmnxMDASlotNum
should be IPsec MDA."
INDEX {
tmnxCardSlotNum,
tmnxMDASlotNum,
tmnxIPsecLockoutClientRtrId,
tmnxIPsecLockoutClientLclGwAddrT,
tmnxIPsecLockoutClientLclGwAddr,
tmnxIPsecLockoutClientAddressTyp,
tmnxIPsecLockoutClientAddress,
tmnxIPsecLockoutClientPort
}
::= { tmnxIPsecLockoutClientTable 1 }
TmnxIPsecLockoutClientEntry ::= SEQUENCE
{
tmnxIPsecLockoutClientRtrId TmnxVRtrID,
tmnxIPsecLockoutClientLclGwAddrT InetAddressType,
tmnxIPsecLockoutClientLclGwAddr InetAddress,
tmnxIPsecLockoutClientAddressTyp InetAddressType,
tmnxIPsecLockoutClientAddress InetAddress,
tmnxIPsecLockoutClientPort InetPortNumber,
tmnxIPsecLockoutClientStatus TruthValue,
tmnxIPsecLockoutClientFailAtempt Unsigned32,
tmnxIPsecLockoutClientDroppedPkt Unsigned32,
tmnxIPsecLockoutClientRemainTime Integer32
}
tmnxIPsecLockoutClientRtrId OBJECT-TYPE
SYNTAX TmnxVRtrID
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecLockoutClientRtrId specifies the virtual router
instance for IES or VPRN services.
The value of tmnxIPsecLockoutClientRtrId is 1 for IES services."
::= { tmnxIPsecLockoutClientEntry 1 }
tmnxIPsecLockoutClientLclGwAddrT OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecLockoutClientLclGwAddrT specifies the address
type of the local SAP IPSec gateway."
::= { tmnxIPsecLockoutClientEntry 2 }
tmnxIPsecLockoutClientLclGwAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecLockoutClientLclGwAddr specifies the IP address
of the local SAP IPsec gateway."
::= { tmnxIPsecLockoutClientEntry 3 }
tmnxIPsecLockoutClientAddressTyp OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecLockoutClientAddressTyp specifies the address
type of the lockout client."
::= { tmnxIPsecLockoutClientEntry 4 }
tmnxIPsecLockoutClientAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecLockoutClientAddress specifies the address of
the lockout client."
::= { tmnxIPsecLockoutClientEntry 5 }
tmnxIPsecLockoutClientPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecLockoutClientPort specifies the port number of
the lockout client.
The value of zero means that all ports under
tmnxIPsecLockoutClientAddress are locked out."
::= { tmnxIPsecLockoutClientEntry 6 }
tmnxIPsecLockoutClientStatus OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecLockoutClientStatus indicates whether a client
is locked out by the system.
The value of 'true (1)' indicates that the client is locked out and
all IKE traffics from this client are rejected by the system. The
value of 'false (2)' indicates that the system still accepts IKE
traffic from this client; but the client has failed on certain IKE
authentications."
::= { tmnxIPsecLockoutClientEntry 7 }
tmnxIPsecLockoutClientFailAtempt OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecLockoutClientFailAtempt indicates the number of
failed authentication attempts from the lockout client within the
lockout duration(i.e., tmnxIkePolicyLockoutDuration)."
::= { tmnxIPsecLockoutClientEntry 8 }
tmnxIPsecLockoutClientDroppedPkt OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecLockoutClientDroppedPkt indicates the number of
dropped packets for the lockout client."
::= { tmnxIPsecLockoutClientEntry 9 }
tmnxIPsecLockoutClientRemainTime OBJECT-TYPE
SYNTAX Integer32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecLockoutClientRemainTime indicates the time
remaining until this client is unblocked.
The total block time is defined by tmnxIkePolicyLockoutBlock.
A value of zero indicates that this client will never be unblocked. A
value of -1 indicates that this client is not blocked."
::= { tmnxIPsecLockoutClientEntry 10 }
tIPsecRUTnlDhcpLeaseStatTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecRUTnlDhcpLeaseStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecRUTnlDhcpLeaseStatTable contains the statistics information
of the private IP address DHCP leases in the dynamic IPsec remote user
tunnel.
Refer to tIPsecRUTnlTable for the information of the dynamic IPsec
remote user tunnel. Each tunnel has at most two private IP addresses
(i.e., tIPsecRUTnlPrivateIpAddr and tIPsecRUTnlPrivateIpAddr2)."
::= { tmnxIPsecObjects 63 }
tIPsecRUTnlDhcpLeaseStatEntry OBJECT-TYPE
SYNTAX TIPsecRUTnlDhcpLeaseStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecRUTnlDhcpLeaseStatEntry contains the statistics information
of one private IP address DHCP lease in the dynamic IPsec remote user
tunnel.
Rows in this table are created when the value of
tIPsecRUTnlPrivateIpAddr or tIPsecRUTnlPrivateIpAddr2 in the
associated entry of tIPsecRUTnlTable is changed from all-zeros to any
valid address that was obtained from a DHCP server. Rows in this table
are destroyed when the associated entry is destroyed in
tIPsecRUTnlTable."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tIPsecRUTnlInetAddrType,
tIPsecRUTnlInetAddress,
tIPsecRUTnlPort,
tIPsecRUTnlDhcpLeaseStatPrivAddT,
tIPsecRUTnlDhcpLeaseStatPrivAddr
}
::= { tIPsecRUTnlDhcpLeaseStatTable 1 }
TIPsecRUTnlDhcpLeaseStatEntry ::= SEQUENCE
{
tIPsecRUTnlDhcpLeaseStatPrivAddT InetAddressType,
tIPsecRUTnlDhcpLeaseStatPrivAddr InetAddress,
tIPsecRUTnlDhcpLeaseStatSverAddT InetAddressType,
tIPsecRUTnlDhcpLeaseStatSverAddr InetAddress,
tIPsecRUTnlDhcpLeaseStatAcquirTm DateAndTime,
tIPsecRUTnlDhcpLeaseStatRenewTm DateAndTime,
tIPsecRUTnlDhcpLeaseStatRebindTm DateAndTime,
tIPsecRUTnlDhcpLeaseStatPrivPref DateAndTime,
tIPsecRUTnlDhcpLeaseStatPrivVald DateAndTime
}
tIPsecRUTnlDhcpLeaseStatPrivAddT OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlDhcpLeaseStatPrivAddT specifies the address
type of tIPsecRUTnlDhcpLeaseStatPrivAddr."
::= { tIPsecRUTnlDhcpLeaseStatEntry 1 }
tIPsecRUTnlDhcpLeaseStatPrivAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlDhcpLeaseStatPrivAddr specifies the private IP
address of the dynamic IPsec remote user tunnel. It can be either
tIPsecRUTnlPrivateIpAddr or tIPsecRUTnlPrivateIpAddr2."
::= { tIPsecRUTnlDhcpLeaseStatEntry 2 }
tIPsecRUTnlDhcpLeaseStatSverAddT OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlDhcpLeaseStatSverAddT indicates the address
type of tIPsecRUTnlDhcpLeaseStatSverAddr.
The value of tIPsecRUTnlDhcpLeaseStatSverAddT is always equal to
tIPsecRUTnlDhcpLeaseStatPrivAddT."
::= { tIPsecRUTnlDhcpLeaseStatEntry 3 }
tIPsecRUTnlDhcpLeaseStatSverAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlDhcpLeaseStatSverAddr indicates the DHCP
server address."
::= { tIPsecRUTnlDhcpLeaseStatEntry 4 }
tIPsecRUTnlDhcpLeaseStatAcquirTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlDhcpLeaseStatAcquirTm indicates the UTC date
when the latest DHCP lease was acquired from the server. The address
of the server is indicated by tIPsecRUTnlDhcpLeaseStatSverAddr.
The value of tIPsecRUTnlDhcpLeaseStatAcquirTm can be the time when the
private IP address (i.e., tIPsecRUTnlDhcpLeaseStatPrivAddr) of the
dynamic IPsec user remote tunnel first obtained the DHCP lease, or the
time when the lease was renewed or rebound."
::= { tIPsecRUTnlDhcpLeaseStatEntry 5 }
tIPsecRUTnlDhcpLeaseStatRenewTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlDhcpLeaseStatRenewTm indicates the UTC date
when the current DHCP lease needs to be renewed."
::= { tIPsecRUTnlDhcpLeaseStatEntry 6 }
tIPsecRUTnlDhcpLeaseStatRebindTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlDhcpLeaseStatRebindTm indicates the UTC date
when the current DHCP lease needs to be rebound."
::= { tIPsecRUTnlDhcpLeaseStatEntry 7 }
tIPsecRUTnlDhcpLeaseStatPrivPref OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlDhcpLeaseStatPrivPref indicates the UTC date
when the preferred lifetime of the private IP address (i.e.,
tIPsecRUTnlDhcpLeaseStatPrivAddr) for the dynamic IPsec user remote
tunnel will expire.
In the preferred state, tIPsecRUTnlDhcpLeaseStatPrivAddr can be used
without any restriction. Once the lifetime expires,
tIPsecRUTnlDhcpLeaseStatPrivAddr is still valid, but needs to be
renewed or rebound.
The value of tIPsecRUTnlDhcpLeaseStatPrivPref is meaningless when
tIPsecRUTnlDhcpLeaseStatSverAddT is 'ipv4 (1)'."
REFERENCE
"RFC 4862. 'IPv6 Stateless Address Autoconfiguration', IETF, September
2007."
::= { tIPsecRUTnlDhcpLeaseStatEntry 8 }
tIPsecRUTnlDhcpLeaseStatPrivVald OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecRUTnlDhcpLeaseStatPrivVald indicates the UTC date
when the valid lifetime of the private IP address (i.e.,
tIPsecRUTnlDhcpLeaseStatPrivAddr) for the dynamic IPsec user remote
tunnel will expire.
Once the valid lifetime expires, tIPsecRUTnlDhcpLeaseStatPrivAddr must
be renewed or rebound."
REFERENCE
"RFC 4862. 'IPv6 Stateless Address Autoconfiguration', IETF, September
2007."
::= { tIPsecRUTnlDhcpLeaseStatEntry 9 }
tIPsecClientDatabaseTableLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecClientDatabaseTableLstChgd indicates the time,
since system startup, when tIPsecClientDatabaseTable last changed
configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxIPsecObjects 64 }
tIPsecClientDatabaseTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecClientDatabaseEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecClientDatabaseTable contains objects used to configure
instances of IPsec client database entries.
Each entry in this table specifies how the system matches the
associated IPsec clients of this database.
The IPsec clients are configured by tIPsecClientDBClientTable."
::= { tmnxIPsecObjects 65 }
tIPsecClientDatabaseEntry OBJECT-TYPE
SYNTAX TIPsecClientDatabaseEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecClientDatabaseEntry contains the configuration of one
instance of the IPsec client database entry.
Entries in this table are created and destroyed via SNMP SET
operations to tIPsecClientDatabaseRowStatus.
The maximum number of entries in this table is 1000."
INDEX { tIPsecClientDatabaseName }
::= { tIPsecClientDatabaseTable 1 }
TIPsecClientDatabaseEntry ::= SEQUENCE
{
tIPsecClientDatabaseName TNamedItem,
tIPsecClientDatabaseLastChanged TimeStamp,
tIPsecClientDatabaseRowStatus RowStatus,
tIPsecClientDatabaseAdminState TmnxAdminState,
tIPsecClientDatabaseDescription TItemDescription,
tIPsecClientDatabaseMatchType BITS
}
tIPsecClientDatabaseName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecClientDatabaseName specifies the name of this IPsec client
database entry."
::= { tIPsecClientDatabaseEntry 1 }
tIPsecClientDatabaseLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecClientDatabaseLastChanged indicates time, since
system startup, that the configuration of this entry was created or
modified."
::= { tIPsecClientDatabaseEntry 2 }
tIPsecClientDatabaseRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDatabaseRowStatus specifies the status of
this entry. It is used to create and delete row entries in
tIPsecClientDatabaseTable.
In order to delete an entry, tIPsecClientDatabaseAdminState must first
be set to 'outOfService (3)'."
::= { tIPsecClientDatabaseEntry 3 }
tIPsecClientDatabaseAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDatabaseAdminState specifies the
administrative state of this IPsec client database entry.
tIPsecClientDatabaseAdminState can only be configured to 'inService
(2)' if tIPsecClientDatabaseMatchType has non-default value.
When the value of tIPsecClientDatabaseAdminState is 'outOfService
(3)', the IPsec client matching is disabled."
DEFVAL { outOfService }
::= { tIPsecClientDatabaseEntry 4 }
tIPsecClientDatabaseDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDatabaseDescription specifies the description
for this IPsec client database entry."
DEFVAL { "" }
::= { tIPsecClientDatabaseEntry 5 }
tIPsecClientDatabaseMatchType OBJECT-TYPE
SYNTAX BITS {
idi (0),
peerIpPrefix (1)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDatabaseMatchType specifies what types of
values are used by the client ID for this IPsec client database entry.
The system uses the client ID as the criteria to match an IPsec
client.
idi (0) - Identification Initiator (IDi) in IKEv2
peerIpPrefix (1) - Peer IP prefix address"
DEFVAL { {} }
::= { tIPsecClientDatabaseEntry 6 }
tIPsecClientDBClientTableLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientTableLstChgd indicates the time,
since system startup, when tIPsecClientDBClientTable last changed
configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxIPsecObjects 66 }
tIPsecClientDBClientTable OBJECT-TYPE
SYNTAX SEQUENCE OF TIPsecClientDBClientEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecClientDBClientTable contains objects used to configure
instances of IPsec clients associated with an IPsec client database.
The IPsec client database is configured by tIPsecClientDatabaseTable."
::= { tmnxIPsecObjects 67 }
tIPsecClientDBClientEntry OBJECT-TYPE
SYNTAX TIPsecClientDBClientEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tIPsecClientDBClientEntry contains the configuration of one
instance of the IPsec client associated with the IPsec client
database.
Entries in this table are created and destroyed via SNMP SET
operations to tIPsecClientDBClientRowStatus.
The maximum number of entries in this table is 8000."
INDEX {
tIPsecClientDatabaseName,
tIPsecClientDBClientIndex
}
::= { tIPsecClientDBClientTable 1 }
TIPsecClientDBClientEntry ::= SEQUENCE
{
tIPsecClientDBClientIndex Unsigned32,
tIPsecClientDBClientLastChanged TimeStamp,
tIPsecClientDBClientRowStatus RowStatus,
tIPsecClientDBClientAdminState TmnxAdminState,
tIPsecClientDBClientName TNamedItemOrEmpty,
tIPsecClientDBClientIdIdiType INTEGER,
tIPsecClientDBClientIdIdiValue DisplayString,
tIPsecClientDBClientIdPeer4PfAny TruthValue,
tIPsecClientDBClientIdPeer6PfAny TruthValue,
tIPsecClientDBClientIdPeerPfxTyp InetAddressType,
tIPsecClientDBClientIdPeerPfx InetAddress,
tIPsecClientDBClientIdPeerPfxLen InetAddressPrefixLength,
tIPsecClientDBClientTnlTempltId TmnxIPsecTunnelTemplateIdOrZero,
tIPsecClientDBClientPrivateSvcId TmnxServId,
tIPsecClientDBClientPrivIfName TNamedItemOrEmpty,
tIPsecClientDBClientTsListName TNamedItemOrEmpty,
tIPsecClientDBClientPreSharedKey OCTET STRING,
tIPsecClientDBClientPrivateSvcNm TLNamedItemOrEmpty
}
tIPsecClientDBClientIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..8000)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientIndex specifies the index for this
IPsec client entry."
::= { tIPsecClientDBClientEntry 1 }
tIPsecClientDBClientLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientLastChanged indicates time, since
system startup, that the configuration of this entry was created or
modified."
::= { tIPsecClientDBClientEntry 2 }
tIPsecClientDBClientRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientRowStatus specifies the status of
this entry. It is used to create and delete row entries in
tIPsecClientDBClientTable.
In order to delete an entry, tIPsecClientDBClientAdminState must first
be set to 'outOfService (3)'."
::= { tIPsecClientDBClientEntry 3 }
tIPsecClientDBClientAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientAdminState specifies the
administrative state of this IPsec client entry."
DEFVAL { outOfService }
::= { tIPsecClientDBClientEntry 4 }
tIPsecClientDBClientName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tIPsecClientDBClientName specifies the name of this IPsec client
entry."
DEFVAL { "" }
::= { tIPsecClientDBClientEntry 5 }
tIPsecClientDBClientIdIdiType OBJECT-TYPE
SYNTAX INTEGER {
none (1),
any (2),
ipv4Pfx (3),
ipv4PfxAny (4),
ipv6Pfx (5),
ipv6PfxAny (6),
fqdn (7),
fqdnSuffix (8),
rfc822 (9),
rfc822Suffix (10)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientIdIdiType specifies the type of IDi
value (i.e., tIPsecClientDBClientIdIdiValue) for this IPsec client
entry.
none - (1) The IDi value is not used by the client ID
any - (2) Any IDi value will be accepted by the system
ipv4Pfx - (3) IDi value is a specific valid IPv4 prefix
ipv4PfxAny - (4) IDi value is any valid IPv4 prefix
ipv6Pfx - (5) IDi value is a specific valid IPv6 prefix
ipv6PfxAny - (6) IDi value is any valid IPv6 prefix
fqdn - (7) IDi value is an Fully Qualified Domain Name (FQDN)
fqdnSuffix - (8) IDi value is an FQDN suffix
rfc822 - (9) IDi value is an Email address
rfc822Domain - (10) IDi value is an Email domain
This value must be set in the same SNMP SET PDU as
tIPsecClientDBClientIdIdiValue."
DEFVAL { none }
::= { tIPsecClientDBClientEntry 6 }
tIPsecClientDBClientIdIdiValue OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientIdIdiValue specifies the IDi value
within the client ID for this IPsec client entry.
A client ID may consist of more than one values (e.g., IDi (i.e.,
tIPsecClientDBClientIdIdiValue), peer IP prefix (i.e.,
tIPsecClientDBClientIdPeerPfx)). Which type of values a client ID
contains is configured by tIPsecClientDatabaseMatchType in the
associated entry of tIPsecClientDatabaseTable.
This value must be set in the same SNMP SET PDU as
tIPsecClientDBClientIdIdiType.
When the value of tIPsecClientDBClientIdIdiType is 'none (1)', 'any
(2)', 'ipv4PfxAny (4)' or 'ipv6PfxAny (6)', the value of
tIPsecClientDBClientIdIdiValue is ignored."
DEFVAL { ''H }
::= { tIPsecClientDBClientEntry 7 }
tIPsecClientDBClientIdPeer4PfAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientIdPeer4PfAny specifies whether or not
the peer IP prefix can be any valid IPv4 prefix.
When the value of tIPsecClientDBClientIdPeer4PfAny is 'true (1)', the
value of tIPsecClientDBClientIdPeer6PfAny,
tIPsecClientDBClientIdPeerPfxTyp, tIPsecClientDBClientIdPeerPfx and
tIPsecClientDBClientIdPeerPfxLen will be ignored.
tIPsecClientDBClientIdPeer4PfAny and tIPsecClientDBClientIdPeer6PfAny
cannot be 'true (1)' at the same time."
DEFVAL { false }
::= { tIPsecClientDBClientEntry 8 }
tIPsecClientDBClientIdPeer6PfAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientIdPeer6PfAny specifies whether or not
the peer IP prefix can be any valid IPv6 prefix.
When the value of tIPsecClientDBClientIdPeer6PfAny is 'true (1)', the
value of tIPsecClientDBClientIdPeer4PfAny,
tIPsecClientDBClientIdPeerPfxTyp, tIPsecClientDBClientIdPeerPfx and
tIPsecClientDBClientIdPeerPfxLen will be ignored.
tIPsecClientDBClientIdPeer6PfAny and tIPsecClientDBClientIdPeer4PfAny
cannot be 'true (1)' at the same time."
DEFVAL { false }
::= { tIPsecClientDBClientEntry 9 }
tIPsecClientDBClientIdPeerPfxTyp OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientIdPeerPfxTyp specifies the prefix
type of tIPsecClientDBClientIdPeerPfx.
This value must be set in the same SNMP SET PDU as
tIPsecClientDBClientIdPeerPfx and tIPsecClientDBClientIdPeerPfxLen."
DEFVAL { unknown }
::= { tIPsecClientDBClientEntry 10 }
tIPsecClientDBClientIdPeerPfx OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientIdPeerPfx specifies the peer IP
prefix within the client ID of this IPsec client entry.
A client ID may consist of more than values (e.g., IDi (i.e.,
tIPsecClientDBClientIdIdiValue), peer IP prefix (i.e.,
tIPsecClientDBClientIdPeerPfx)). Which type of values a client ID
contains is configured by tIPsecClientDatabaseMatchType in the
associated entry of tIPsecClientDatabaseTable.
This value must be set in the same SNMP SET PDU as
tIPsecClientDBClientIdPeerPfxTyp and tIPsecClientDBClientIdPeerPfxLen.
Once tIPsecClientDBClientIdPeerPfx is configured to any valid IP
prefix, tIPsecClientDBClientIdPeer4PfAny and
tIPsecClientDBClientIdPeer6PfAny must be configured to 'false (2)' in
the same SNMP SET PDU."
DEFVAL { ''H }
::= { tIPsecClientDBClientEntry 11 }
tIPsecClientDBClientIdPeerPfxLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength (0..128)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientIdPeerPfxLen specifies the prefix
length of tIPsecClientDBClientIdPeerPfx.
This value must be set in the same SNMP SET PDU as
tIPsecClientDBClientIdPeerPfxTyp and tIPsecClientDBClientIdPeerPfx."
DEFVAL { 0 }
::= { tIPsecClientDBClientEntry 12 }
tIPsecClientDBClientTnlTempltId OBJECT-TYPE
SYNTAX TmnxIPsecTunnelTemplateIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientTnlTempltId specifies the identifier
of the tunnel template."
DEFVAL { 0 }
::= { tIPsecClientDBClientEntry 13 }
tIPsecClientDBClientPrivateSvcId OBJECT-TYPE
SYNTAX TmnxServId (0 | 1..2147483647)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientPrivateSvcId specifies the private
service ID of this IPsec client entry.
The IPsec tunnel cannot be established until the public service ID
exists and has a 'vprn (4)' TIMETRA-SERV-MIB::svcType.
The values of tIPsecClientDBClientPrivateSvcId and
tIPsecClientDBClientPrivateSvcNm must be mutually exclusive and cannot
simultaneously have non-default values."
DEFVAL { 0 }
::= { tIPsecClientDBClientEntry 14 }
tIPsecClientDBClientPrivIfName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientPrivIfName specifies the private
interface name of this IPsec client entry."
DEFVAL { "" }
::= { tIPsecClientDBClientEntry 15 }
tIPsecClientDBClientTsListName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientTsListName specifies the traffic
selector list name of this IPsec client entry."
DEFVAL { "" }
::= { tIPsecClientDBClientEntry 16 }
tIPsecClientDBClientPreSharedKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientPreSharedKey specifies the shared key
of this IPsec client entry."
DEFVAL { ''H }
::= { tIPsecClientDBClientEntry 17 }
tIPsecClientDBClientPrivateSvcNm OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tIPsecClientDBClientPrivateSvcNm specifies the private
service name of this IPsec client entry.
The values of tIPsecClientDBClientPrivateSvcId and
tIPsecClientDBClientPrivateSvcNm must be mutually exclusive and cannot
simultaneously have non-default values.
The IPsec tunnel cannot be established until the public service name
exists and has a 'vprn (4)' TIMETRA-SERV-MIB::svcType."
DEFVAL { ''H }
::= { tIPsecClientDBClientEntry 18 }
tmnxIPsecIkeTransformTableLstChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecIkeTransformTableLstChg indicates the time,
since system startup, when tmnxIPsecIkeTransformTable last changed
configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxIPsecObjects 68 }
tmnxIPsecIkeTransformTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecIkeTransformEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecIkeTransformTable contains objects used to configure
instances of the IKE transform entries.
Entries in this table are created and destroyed via SNMP SET
operations to tmnxIPsecIkeTransformRowStatus."
::= { tmnxIPsecObjects 69 }
tmnxIPsecIkeTransformEntry OBJECT-TYPE
SYNTAX TmnxIPsecIkeTransformEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecIkeTransformEntry contains the configuration of one IKE
transform entry."
INDEX { tmnxIPsecIkeTransformId }
::= { tmnxIPsecIkeTransformTable 1 }
TmnxIPsecIkeTransformEntry ::= SEQUENCE
{
tmnxIPsecIkeTransformId TmnxIPsecIkeTransformId,
tmnxIPsecIkeTransformRowStatus RowStatus,
tmnxIPsecIkeTransformLastChange TimeStamp,
tmnxIPsecIkeTransformAuthAlg INTEGER,
tmnxIPsecIkeTransformEncrAlg INTEGER,
tmnxIPsecIkeTransformDhGroup TmnxIkePolicyDHGroup,
tmnxIPsecIkeTransformIsakmpLifeT Unsigned32,
tmnxIPsecIkeTransformPrfAlg INTEGER
}
tmnxIPsecIkeTransformId OBJECT-TYPE
SYNTAX TmnxIPsecIkeTransformId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecIkeTransformId specifies a unique identifier for
one IKE transform entry."
::= { tmnxIPsecIkeTransformEntry 1 }
tmnxIPsecIkeTransformRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecIkeTransformRowStatus specifies the status of
this row. It is used to create and destroy rows in
tmnxIPsecIkeTransformTable."
::= { tmnxIPsecIkeTransformEntry 2 }
tmnxIPsecIkeTransformLastChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecIkeTransformLastChange indicates the time, since
system startup, that the configuration of this row was created or
modified."
::= { tmnxIPsecIkeTransformEntry 3 }
tmnxIPsecIkeTransformAuthAlg OBJECT-TYPE
SYNTAX INTEGER {
md5 (2),
sha1 (3),
sha256 (4),
sha384 (5),
sha512 (6),
aesXcbc (7),
authEncryption (8)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecIkeTransformAuthAlg specifies the hash algorithm
used in phase 1 of the Security Association (SA)."
DEFVAL { sha1 }
::= { tmnxIPsecIkeTransformEntry 4 }
tmnxIPsecIkeTransformEncrAlg OBJECT-TYPE
SYNTAX INTEGER {
des (2),
des3 (3),
aes128 (4),
aes192 (5),
aes256 (6),
aes128Gcm8 (7),
aes128Gcm16 (9),
aes256Gcm8 (13),
aes256Gcm16 (15)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecIkeTransformEncrAlg specifies the encryption
algorithm used in phase 1 of the Security Association (SA)."
DEFVAL { aes128 }
::= { tmnxIPsecIkeTransformEntry 5 }
tmnxIPsecIkeTransformDhGroup OBJECT-TYPE
SYNTAX TmnxIkePolicyDHGroup
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecIkeTransformDhGroup specifies the Diffie-Hellman
(DH) group to be used for calculating session keys which will be used
in the IKE proposal."
DEFVAL { group2 }
::= { tmnxIPsecIkeTransformEntry 6 }
tmnxIPsecIkeTransformIsakmpLifeT OBJECT-TYPE
SYNTAX Unsigned32 (1200..31536000)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecIkeTransformIsakmpLifeT specifies the lifetime
of the phase 1 IKE key.
ISAKMP stands for Internet Security Association and Key Management
Protocol."
DEFVAL { 86400 }
::= { tmnxIPsecIkeTransformEntry 7 }
tmnxIPsecIkeTransformPrfAlg OBJECT-TYPE
SYNTAX INTEGER {
md5 (2),
sha1 (3),
sha256 (4),
sha384 (5),
sha512 (6),
aesXcbc (7),
sameAsAuth (8)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecIkeTransformPrfAlg specifies the pseudo-random
function (PRF) used in phase 1 of the SA.
The value of this object can not be 'sameAsAuth (7)' if the encryption
algorithm (i.e. tmnxIPsecIkeTransformEncrAlg) is AES-GCM."
DEFVAL { sameAsAuth }
::= { tmnxIPsecIkeTransformEntry 8 }
tmnxIkePlcyIkeTransformTbLstChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIkePlcyIkeTransformTbLstChg indicates the time, since
system startup, when tmnxIkePlcyIkeTransformTable last changed
configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxIPsecObjects 70 }
tmnxIkePlcyIkeTransformTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIkePlcyIkeTransformEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIkePlcyIkeTransformTable contains objects used to configure
instances of IKE transform information for each IKE policy entry."
::= { tmnxIPsecObjects 71 }
tmnxIkePlcyIkeTransformEntry OBJECT-TYPE
SYNTAX TmnxIkePlcyIkeTransformEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIkePlcyIkeTransformEntry contains the configuration of IKE
transforms used by an IKE policy entry.
Entries in this table are created or destroyed by the system when a
row is created or destroyed in tmnxIkePolicyTable. The maximum number
of associate rows in this table for each IKE Policy is four. When a
row, whose index is 1, is created or destroyed in tmnxIkePolicyTable,
up to four entries will be created or destroyed in the
tmnxIkePlcyIkeTransformTable whose indexes are 1.1, 1.2, 1.3 and 1.4,
respectively.
This allows up to four IKE transforms to be used by an IPsec gateway
or tunnel in the Phase 1 Security Association (SA)."
INDEX {
tmnxIkePolicyId,
tmnxIkePlcyIkeTransformIndex
}
::= { tmnxIkePlcyIkeTransformTable 1 }
TmnxIkePlcyIkeTransformEntry ::= SEQUENCE
{
tmnxIkePlcyIkeTransformIndex Unsigned32,
tmnxIkePlcyIkeTransformLstChange TimeStamp,
tmnxIkePlcyIkeTransformId TmnxIPsecIkeTransformIdOrZero
}
tmnxIkePlcyIkeTransformIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIkePlcyIkeTransformIndex specifies the index of the
IKE transform for each IKE policy configured in the system.
IKE policy information is configured in tmnxIkePolicyTable."
::= { tmnxIkePlcyIkeTransformEntry 1 }
tmnxIkePlcyIkeTransformLstChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIkePlcyIkeTransformLstChange indicates the time,
since system startup, that the configuration of this row was created
or modified."
::= { tmnxIkePlcyIkeTransformEntry 2 }
tmnxIkePlcyIkeTransformId OBJECT-TYPE
SYNTAX TmnxIPsecIkeTransformIdOrZero
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxIkePlcyIkeTransformId specifies the unique ID of the
IKE transform that the specified IKE policy will use.
For a certain tmnxIkePolicyId, the values of four associated
tmnxIkePlcyIkeTransformId must be different.
IKE transform information is configured in tmnxIPsecIkeTransformTable."
DEFVAL { 0 }
::= { tmnxIkePlcyIkeTransformEntry 3 }
tmnxIPsecGWHistStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecGWHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecGWHistStatsTable contains the historical statistics of
IPsec gateways."
::= { tmnxIPsecObjects 72 }
tmnxIPsecGWHistStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecGWHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecGWHistStatsEntry contains the historical statistics for a
specific IPsec gateway."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxIPsecGWHistStatsType,
tmnxIPsecGWHistStatsIntvIdx
}
::= { tmnxIPsecGWHistStatsTable 1 }
TmnxIPsecGWHistStatsEntry ::= SEQUENCE
{
tmnxIPsecGWHistStatsType TmnxIPsecHistStatsType,
tmnxIPsecGWHistStatsIntvIdx Unsigned32,
tmnxIPsecGWHistStatsValue64 CounterBasedGauge64,
tmnxIPsecGWHistStatsValue32 Integer32,
tmnxIPsecGWHistStatsIntvStTm DateAndTime,
tmnxIPsecGWHistStatsIntvDur Unsigned32,
tmnxIPsecGWHistStatsFstFTm DateAndTime,
tmnxIPsecGWHistStatsFstFDesc TItemLongDescription,
tmnxIPsecGWHistStatsLstFTm DateAndTime,
tmnxIPsecGWHistStatsLstFDesc TItemLongDescription
}
tmnxIPsecGWHistStatsType OBJECT-TYPE
SYNTAX TmnxIPsecHistStatsType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWHistStatsType specifies the statistical type
for this IPsec gateway."
::= { tmnxIPsecGWHistStatsEntry 1 }
tmnxIPsecGWHistStatsIntvIdx OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWHistStatsIntvIdx specifies the index of the
sampling interval period for this statistic.
When the value of tmnxIPsecGWHistStatsIntvIdx is '1', it indicates
that this is the current sampling interval and the value of
tmnxIPsecGWHistStatsValue64 indicates the current statistical value.
When the value of tmnxIPsecGWHistStatsIntvIdx is larger than '1', it
indicates that this is a previous sampling interval period and the
value of tmnxIPsecGWHistStatsValue64 indicates a previous statistical
value. Specifically, when the value of tmnxIPsecGWHistStatsIntvIdx is
'2', it indicates that this is the most recent finished sampling
interval and the value of tmnxIPsecGWHistStatsValue64 indicates the
most recent statistical value."
::= { tmnxIPsecGWHistStatsEntry 2 }
tmnxIPsecGWHistStatsValue64 OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWHistStatsValue64 indicates the statistical
value during the corresponding sampling interval period.
The unit of tmnxIPsecGWHistStatsValue64 is indicated by
tmnxIPsecGWHistStatsType."
::= { tmnxIPsecGWHistStatsEntry 3 }
tmnxIPsecGWHistStatsValue32 OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWHistStatsValue32 indicates a signed 32-bit
integer representation of the value of tmnxIPsecGWHistStatsValue64.
This object is used by Remote Network Monitoring (RMON) to monitor
this statistical value.
For most tmnxIPsecGWHistStatsType values, the value and unit of
tmnxIPsecGWHistStatsValue32 are the same as the value and unit of
tmnxIPsecGWHistStatsValue64. The exception are the following two
cases.
1) Different values:
The value of tmnxIPsecGWHistStatsValue32 is meaningless if this
statistic (i.e. accumulative statistic) is not monitored by RMON.
The values of accumulative statistical types are indicated by
tmnxIPsecGWHistStatsType.
2) Different values and units:
When the value of tmnxIPsecGWHistStatsType is equal to any of
the following values, the unit of tmnxIPsecGWHistStatsValue32
is the number of mebibits (1 mebibit == 1024 * 1024 bits),
instead of the number of bits which is used by
tmnxIPsecGWHistStatsValue64.
'numOfIPsecEncrBits (103)'
'numOfIPsecDecrBits (104)'
'numOfIPsecEnDecrBits (105)'
'numOfGreTnlEncapBits (113)'
'numOfGreTnlDecapBits (114)'
'numOfGreTnlEnDecapBits (115)'
'numOfIpTnlEncapBits (123)'
'numOfIpTnlDecapBits (124)'
'numOfIpTnlEnDecapBits (125)'
'numOfL2tpv3TnlEncapBits (133)'
'numOfL2tpv3TnlDecapBits (134)'
'numOfL2tpv3TnlEnDecapBits (135)'
When the value of tmnxIPsecGWHistStatsType is equal to any of
the following values, the unit of tmnxIPsecGWHistStatsValue32
is the number of mebi-packets (1 mebi-packet == 1024 * 1024
packets), instead of the number of packets which is used by
tmnxIPsecGWHistStatsValue64.
'numOfIPsecEncrPkts (100)'
'numOfIPsecDecrPkts (101)'
'numOfIPsecEnDecrPkts (102)'
'numOfGreTnlEncapPkts (110)'
'numOfGreTnlDecapPkts (111)'
'numOfGreTnlEnDecapPkts (112)'
'numOfIpTnlEncapPkts (120)'
'numOfIpTnlDecapPkts (121)'
'numOfIpTnlEnDecapPkts (122)'
'numOfL2tpv3TnlEncapPkts (130)'
'numOfL2tpv3TnlDecapPkts (131)'
'numOfL2tpv3TnlEnDecapPkts (132)'"
::= { tmnxIPsecGWHistStatsEntry 4 }
tmnxIPsecGWHistStatsIntvStTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWHistStatsIntvStTm indicates the UTC date when
the corresponding sampling interval started."
::= { tmnxIPsecGWHistStatsEntry 5 }
tmnxIPsecGWHistStatsIntvDur OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWHistStatsIntvDur indicates the duration in
seconds of the corresponding sampling interval."
::= { tmnxIPsecGWHistStatsEntry 6 }
tmnxIPsecGWHistStatsFstFTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWHistStatsFstFTm indicates the UTC date when
the first IKE exchange failure happened in the corresponding sampling
interval.
This value is only significant when tmnxIPsecGWHistStatsType is equal
to any of the following values.
'numOfIkeAuthFails (300)
'numOfIkeNoPrpslFails (301)
'numOfIkeAddrAsgFails (302)
'numOfIkeInvldTsFails (303)
'numOfIkeInvldKeFails (304)
'numOfIkeDpdTimeoutFails (305)
'numOfIkeOtherReasonFails (306)"
::= { tmnxIPsecGWHistStatsEntry 7 }
tmnxIPsecGWHistStatsFstFDesc OBJECT-TYPE
SYNTAX TItemLongDescription (SIZE (0..160))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWHistStatsFstFDesc indicates the description of
the place where the first IKE exchange failure happened.
This value is only significant when tmnxIPsecGWHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecGWHistStatsFstFTm description)."
::= { tmnxIPsecGWHistStatsEntry 8 }
tmnxIPsecGWHistStatsLstFTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWHistStatsLstFTm indicates the UTC date when
the last IKE exchange failure happened in the corresponding sampling
interval.
This value is only significant when tmnxIPsecGWHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecGWHistStatsFstFTm description)."
::= { tmnxIPsecGWHistStatsEntry 9 }
tmnxIPsecGWHistStatsLstFDesc OBJECT-TYPE
SYNTAX TItemLongDescription (SIZE (0..160))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWHistStatsLstFDesc indicates the description of
the place where the last IKE exchange failure happened.
This value is only significant when tmnxIPsecGWHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecGWHistStatsLstFTm description)."
::= { tmnxIPsecGWHistStatsEntry 10 }
tmnxIPsecIsaHistStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecIsaHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecIsaHistStatsTable contains the historical statistics of
Integrated Services Adaptors (ISAs)."
::= { tmnxIPsecObjects 73 }
tmnxIPsecIsaHistStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecIsaHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecIsaHistStatsEntry contains the historical statistics for
a specific ISA."
INDEX {
tmnxChassisIndex,
tmnxCardSlotNum,
tmnxMDASlotNum,
tmnxIPsecIsaHistStatsType,
tmnxIPsecIsaHistStatsIntvIdx
}
::= { tmnxIPsecIsaHistStatsTable 1 }
TmnxIPsecIsaHistStatsEntry ::= SEQUENCE
{
tmnxIPsecIsaHistStatsType TmnxIPsecHistStatsType,
tmnxIPsecIsaHistStatsIntvIdx Unsigned32,
tmnxIPsecIsaHistStatsValue64 CounterBasedGauge64,
tmnxIPsecIsaHistStatsValue32 Integer32,
tmnxIPsecIsaHistStatsIntvStTm DateAndTime,
tmnxIPsecIsaHistStatsIntvDur Unsigned32,
tmnxIPsecIsaHistStatsFstFTm DateAndTime,
tmnxIPsecIsaHistStatsFstFDesc TItemLongDescription,
tmnxIPsecIsaHistStatsLstFTm DateAndTime,
tmnxIPsecIsaHistStatsLstFDesc TItemLongDescription
}
tmnxIPsecIsaHistStatsType OBJECT-TYPE
SYNTAX TmnxIPsecHistStatsType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecIsaHistStatsType specifies the statistical type
for this ISA."
::= { tmnxIPsecIsaHistStatsEntry 1 }
tmnxIPsecIsaHistStatsIntvIdx OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecIsaHistStatsIntvIdx specifies the index of the
sampling interval period for this statistic.
When the value of tmnxIPsecIsaHistStatsIntvIdx is '1', it indicates
that this is the current sampling interval period and the value of
tmnxIPsecIsaHistStatsValue64 indicates the current statistical value.
When the value of tmnxIPsecIsaHistStatsIntvIdx is larger than '1', it
indicates that this is a previous sampling interval and the value of
tmnxIPsecIsaHistStatsValue64 indicates a previous statistical value.
Specifically, when the value of tmnxIPsecIsaHistStatsIntvIdx is '2',
it indicates that this is the most recent finished sampling interval
and the value of tmnxIPsecIsaHistStatsValue64 indicates the most
recent statistical value."
::= { tmnxIPsecIsaHistStatsEntry 2 }
tmnxIPsecIsaHistStatsValue64 OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecIsaHistStatsValue64 indicates the statistical
value during the corresponding sampling interval period.
The unit of tmnxIPsecIsaHistStatsValue64 is indicated by
tmnxIPsecIsaHistStatsType."
::= { tmnxIPsecIsaHistStatsEntry 3 }
tmnxIPsecIsaHistStatsValue32 OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecIsaHistStatsValue32 indicates a signed 32-bit
integer representation of the value of tmnxIPsecIsaHistStatsValue64.
This object is used by Remote Network Monitoring (RMON) to monitor
this statistical value.
For most tmnxIPsecIsaHistStatsType values, the value and unit of
tmnxIPsecIsaHistStatsValue32 are the same as the value and unit of
tmnxIPsecIsaHistStatsValue64. The exception are the following two
cases.
1) Different values:
The value of tmnxIPsecIsaHistStatsValue32 is meaningless if this
statistic (i.e. accumulative statistic) is not monitored by RMON.
The values of accumulative statistical types are indicated by
tmnxIPsecIsaHistStatsType.
2) Different values and units:
When the value of tmnxIPsecIsaHistStatsType is equal to any of
the following values, the unit of tmnxIPsecIsaHistStatsValue32
is the number of mebibits (1 mebibit == 1024 * 1024 bits),
instead of the number of bits which is used by
tmnxIPsecIsaHistStatsValue64.
'numOfIPsecEncrBits (103)'
'numOfIPsecDecrBits (104)'
'numOfIPsecEnDecrBits (105)'
'numOfGreTnlEncapBits (113)'
'numOfGreTnlDecapBits (114)'
'numOfGreTnlEnDecapBits (115)'
'numOfIpTnlEncapBits (123)'
'numOfIpTnlDecapBits (124)'
'numOfIpTnlEnDecapBits (125)'
'numOfL2tpv3TnlEncapBits (133)'
'numOfL2tpv3TnlDecapBits (134)'
'numOfL2tpv3TnlEnDecapBits (135)'
When the value of tmnxIPsecIsaHistStatsType is equal to any of
the following values, the unit of tmnxIPsecIsaHistStatsValue32
is the number of mebi-packets (1 mebi-packet == 1024 * 1024
packets), instead of the number of packets which is used by
tmnxIPsecIsaHistStatsValue64.
'numOfIPsecEncrPkts (100)'
'numOfIPsecDecrPkts (101)'
'numOfIPsecEnDecrPkts (102)'
'numOfGreTnlEncapPkts (110)'
'numOfGreTnlDecapPkts (111)'
'numOfGreTnlEnDecapPkts (112)'
'numOfIpTnlEncapPkts (120)'
'numOfIpTnlDecapPkts (121)'
'numOfIpTnlEnDecapPkts (122)'
'numOfL2tpv3TnlEncapPkts (130)'
'numOfL2tpv3TnlDecapPkts (131)'
'numOfL2tpv3TnlEnDecapPkts (132)'"
::= { tmnxIPsecIsaHistStatsEntry 4 }
tmnxIPsecIsaHistStatsIntvStTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecIsaHistStatsIntvStTm indicates the UTC date when
the corresponding sampling interval started."
::= { tmnxIPsecIsaHistStatsEntry 5 }
tmnxIPsecIsaHistStatsIntvDur OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecIsaHistStatsIntvDur indicates the duration in
seconds of the corresponding sampling interval."
::= { tmnxIPsecIsaHistStatsEntry 6 }
tmnxIPsecIsaHistStatsFstFTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecIsaHistStatsFstFTm indicates the UTC date when
the first IKE exchange failure happened in the corresponding sampling
interval.
This value is only significant when tmnxIPsecIsaHistStatsType is equal
to any of the following values.
'numOfIkeAuthFails (300)
'numOfIkeNoPrpslFails (301)
'numOfIkeAddrAsgFails (302)
'numOfIkeInvldTsFails (303)
'numOfIkeInvldKeFails (304)
'numOfIkeDpdTimeoutFails (305)
'numOfIkeOtherReasonFails (306)"
::= { tmnxIPsecIsaHistStatsEntry 7 }
tmnxIPsecIsaHistStatsFstFDesc OBJECT-TYPE
SYNTAX TItemLongDescription (SIZE (0..160))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecIsaHistStatsFstFDesc indicates the description
of the place where the first IKE exchange failure happened.
This value is only significant when tmnxIPsecIsaHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecIsaHistStatsFstFTm description)."
::= { tmnxIPsecIsaHistStatsEntry 8 }
tmnxIPsecIsaHistStatsLstFTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecIsaHistStatsLstFTm indicates the UTC date when
the last IKE exchange failure happened in the corresponding sampling
interval.
This value is only significant when tmnxIPsecIsaHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecIsaHistStatsFstFTm description)."
::= { tmnxIPsecIsaHistStatsEntry 9 }
tmnxIPsecIsaHistStatsLstFDesc OBJECT-TYPE
SYNTAX TItemLongDescription (SIZE (0..160))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecIsaHistStatsLstFDesc indicates the description
of the place where the last IKE exchange failure happened.
This value is only significant when tmnxIPsecIsaHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecIsaHistStatsLstFTm description)."
::= { tmnxIPsecIsaHistStatsEntry 10 }
tmnxIPsecSvcLevelCfgTableLastChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSvcLevelCfgTableLastChg indicates the time,
since system startup, when tmnxIPsecSvcLevelCfgTable last changed
configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxIPsecObjects 74 }
tmnxIPsecSvcLevelCfgTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecSvcLevelCfgEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecSvcLevelCfgTable contains the service-specific IPsec
configurations.
Entries in this table are automatically created or destroyed by the
system when entries are created or destroyed in
TIMETRA-SERV-MIB::svcBaseInfoTable."
::= { tmnxIPsecObjects 75 }
tmnxIPsecSvcLevelCfgEntry OBJECT-TYPE
SYNTAX TmnxIPsecSvcLevelCfgEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecSvcLevelCfgEntry contains IPsec configurations for a
specific service."
INDEX { svcId }
::= { tmnxIPsecSvcLevelCfgTable 1 }
TmnxIPsecSvcLevelCfgEntry ::= SEQUENCE
{
tmnxIPsecSvcLevelCfgRsvRtrOvrd TruthValue,
tmnxIPsecSvcLevelCfgRROvrdType INTEGER
}
tmnxIPsecSvcLevelCfgRsvRtrOvrd OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxIPsecSvcLevelCfgRsvRtrOvrd specifies that whether or
not the system allows the override of the reverse route for the same
user reconnecting within this service.
This value is only significant when the value of
TIMETRA-SERV-MIB::svcType is 'vprn (4)' in the associated entry of
TIMETRA-SERV-MIB::svcBaseInfoTable.
This object was obsoleted in release 20.2 on Nokia SROS series
systems. It has been replaced with tmnxIPsecSvcLevelCfgRROvrdType."
DEFVAL { false }
::= { tmnxIPsecSvcLevelCfgEntry 1 }
tmnxIPsecSvcLevelCfgRROvrdType OBJECT-TYPE
SYNTAX INTEGER {
none (0),
sameIdi (1),
anyIdi (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecSvcLevelCfgRROvrdType specifies the override
type that the system allows for the reverse route.
Values:
none - no override
sameIdi - applicable to the same user reconnecting with this service
anyIdi - applicable to any user reconnecting within this service
This value is only significant when the value of
TIMETRA-SERV-MIB::svcType is 'vprn (4)' in the associated entry of
TIMETRA-SERV-MIB::svcBaseInfoTable."
DEFVAL { none }
::= { tmnxIPsecSvcLevelCfgEntry 2 }
tmnxIPsecTnlGrpHistStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecTnlGrpHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecTnlGrpHistStatsTable contains the historical statistics
of Integrated Services Adaptor (ISA) tunnel groups."
::= { tmnxIPsecObjects 76 }
tmnxIPsecTnlGrpHistStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecTnlGrpHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecTnlGrpHistStatsEntry contains the historical statistics
for a specific ISA tunnel group."
INDEX {
tmnxIPsecIsaGrpId,
tmnxIPsecTnlGrpHistStatsType,
tmnxIPsecTnlGrpHistStatsIntvIdx
}
::= { tmnxIPsecTnlGrpHistStatsTable 1 }
TmnxIPsecTnlGrpHistStatsEntry ::= SEQUENCE
{
tmnxIPsecTnlGrpHistStatsType TmnxIPsecHistStatsType,
tmnxIPsecTnlGrpHistStatsIntvIdx Unsigned32,
tmnxIPsecTnlGrpHistStatsValue64 CounterBasedGauge64,
tmnxIPsecTnlGrpHistStatsValue32 Integer32,
tmnxIPsecTnlGrpHistStatsIntvStTm DateAndTime,
tmnxIPsecTnlGrpHistStatsIntvDur Unsigned32,
tmnxIPsecTnlGrpHistStatsFstFTm DateAndTime,
tmnxIPsecTnlGrpHistStatsFstFDesc TItemDescription,
tmnxIPsecTnlGrpHistStatsLstFTm DateAndTime,
tmnxIPsecTnlGrpHistStatsLstFDesc TItemDescription
}
tmnxIPsecTnlGrpHistStatsType OBJECT-TYPE
SYNTAX TmnxIPsecHistStatsType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlGrpHistStatsType specifies the statistical
type for this ISA tunnel group."
::= { tmnxIPsecTnlGrpHistStatsEntry 1 }
tmnxIPsecTnlGrpHistStatsIntvIdx OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlGrpHistStatsIntvIdx specifies the index of
the sampling interval period for this statistic.
When the value of tmnxIPsecTnlGrpHistStatsIntvIdx is '1', it indicates
that this is the current sampling interval period and the value of
tmnxIPsecTnlGrpHistStatsValue64 indicates the current statistical
value.
When the value of tmnxIPsecTnlGrpHistStatsIntvIdx is larger than '1',
it indicates that this is a previous sampling interval and the value
of tmnxIPsecTnlGrpHistStatsValue64 indicates a previous statistical
value. Specifically, when the value of tmnxIPsecTnlGrpHistStatsIntvIdx
is '2', it indicates that this is the most recent finished sampling
interval and the value of tmnxIPsecTnlGrpHistStatsValue64 indicates
the most recent statistical value."
::= { tmnxIPsecTnlGrpHistStatsEntry 2 }
tmnxIPsecTnlGrpHistStatsValue64 OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlGrpHistStatsValue64 indicates the statistical
value during the corresponding sampling interval period.
The unit of tmnxIPsecTnlGrpHistStatsValue64 is indicated by
tmnxIPsecTnlGrpHistStatsType."
::= { tmnxIPsecTnlGrpHistStatsEntry 3 }
tmnxIPsecTnlGrpHistStatsValue32 OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlGrpHistStatsValue32 indicates a signed 32-bit
integer representation of the value of
tmnxIPsecTnlGrpHistStatsValue64.
This object is used by Remote Network Monitoring (RMON) to monitor
this statistical value.
For most tmnxIPsecTnlGrpHistStatsType values, the value and unit of
tmnxIPsecTnlGrpHistStatsValue32 are the same as the value and unit of
tmnxIPsecTnlGrpHistStatsValue64. The exception are the following two
cases.
1) When the value of tmnxIPsecTnlGrpHistStatsType is equal to any of
the following values, the unit of tmnxIPsecTnlGrpHistStatsValue32
is the number of mebibits (1 mebibit == 1024 * 1024 bits),
instead of the number of bits which is used by
tmnxIPsecTnlGrpHistStatsValue64.
'numOfIPsecEncrBits (103)'
'numOfIPsecDecrBits (104)'
'numOfIPsecEnDecrBits (105)'
'numOfGreTnlEncapBits (113)'
'numOfGreTnlDecapBits (114)'
'numOfGreTnlEnDecapBits (115)'
'numOfIpTnlEncapBits (123)'
'numOfIpTnlDecapBits (124)'
'numOfIpTnlEnDecapBits (125)'
'numOfL2tpv3TnlEncapBits (133)'
'numOfL2tpv3TnlDecapBits (134)'
'numOfL2tpv3TnlEnDecapBits (135)'
2) When the value of tmnxIPsecTnlGrpHistStatsType is equal to any of
the following values, the unit of tmnxIPsecTnlGrpHistStatsValue32
is the number of mebi-packets (1 mebi-packet == 1024 * 1024
packets), instead of the number of packets which is used by
tmnxIPsecTnlGrpHistStatsValue64.
'numOfIPsecEncrPkts (100)'
'numOfIPsecDecrPkts (101)'
'numOfIPsecEnDecrPkts (102)'
'numOfGreTnlEncapPkts (110)'
'numOfGreTnlDecapPkts (111)'
'numOfGreTnlEnDecapPkts (112)'
'numOfIpTnlEncapPkts (120)'
'numOfIpTnlDecapPkts (121)'
'numOfIpTnlEnDecapPkts (122)'
'numOfL2tpv3TnlEncapPkts (130)'
'numOfL2tpv3TnlDecapPkts (131)'
'numOfL2tpv3TnlEnDecapPkts (132)'"
::= { tmnxIPsecTnlGrpHistStatsEntry 4 }
tmnxIPsecTnlGrpHistStatsIntvStTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlGrpHistStatsIntvStTm indicates the UTC date
when the corresponding sampling interval started."
::= { tmnxIPsecTnlGrpHistStatsEntry 5 }
tmnxIPsecTnlGrpHistStatsIntvDur OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlGrpHistStatsIntvDur indicates the duration in
seconds of the corresponding sampling interval."
::= { tmnxIPsecTnlGrpHistStatsEntry 6 }
tmnxIPsecTnlGrpHistStatsFstFTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlGrpHistStatsFstFTm indicates the UTC date
when the first IKE exchange failure happened in the corresponding
sampling interval.
This value is only significant when tmnxIPsecTnlGrpHistStatsType is
equal to any of the following values.
'numOfIkeAuthFails (300)
'numOfIkeNoPrpslFails (301)
'numOfIkeAddrAsgFails (302)
'numOfIkeInvldTsFails (303)
'numOfIkeInvldKeFails (304)
'numOfIkeDpdTimeoutFails (305)
'numOfIkeOtherReasonFails (306)"
::= { tmnxIPsecTnlGrpHistStatsEntry 7 }
tmnxIPsecTnlGrpHistStatsFstFDesc OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlGrpHistStatsFstFDesc indicates the
description of the place where the first IKE exchange failure
happened.
This value is only significant when tmnxIPsecTnlGrpHistStatsType is
equal to any of the IKE exchange failure types (see
tmnxIPsecTnlGrpHistStatsFstFTm description)."
::= { tmnxIPsecTnlGrpHistStatsEntry 8 }
tmnxIPsecTnlGrpHistStatsLstFTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlGrpHistStatsLstFTm indicates the UTC date
when the last IKE exchange failure happened in the corresponding
sampling interval.
This value is only significant when tmnxIPsecTnlGrpHistStatsType is
equal to any of the IKE exchange failure types (see
tmnxIPsecTnlGrpHistStatsFstFTm description)."
::= { tmnxIPsecTnlGrpHistStatsEntry 9 }
tmnxIPsecTnlGrpHistStatsLstFDesc OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlGrpHistStatsLstFDesc indicates the
description of the place where the last IKE exchange failure happened.
This value is only significant when tmnxIPsecTnlGrpHistStatsType is
equal to any of the IKE exchange failure types (see
tmnxIPsecTnlGrpHistStatsLstFTm description)."
::= { tmnxIPsecTnlGrpHistStatsEntry 10 }
tmnxIPsecSysHistStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecSysHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecSysHistStatsTable contains the historical statistics of
the entire system."
::= { tmnxIPsecObjects 77 }
tmnxIPsecSysHistStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecSysHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecSysHistStatsEntry contains the historical statistics for
a specific statistical type of the entire system."
INDEX {
tmnxIPsecSysHistStatsType,
tmnxIPsecSysHistStatsIntvIdx
}
::= { tmnxIPsecSysHistStatsTable 1 }
TmnxIPsecSysHistStatsEntry ::= SEQUENCE
{
tmnxIPsecSysHistStatsType TmnxIPsecHistStatsType,
tmnxIPsecSysHistStatsIntvIdx Unsigned32,
tmnxIPsecSysHistStatsValue64 CounterBasedGauge64,
tmnxIPsecSysHistStatsValue32 Integer32,
tmnxIPsecSysHistStatsIntvStTm DateAndTime,
tmnxIPsecSysHistStatsIntvDur Unsigned32,
tmnxIPsecSysHistStatsFstFTm DateAndTime,
tmnxIPsecSysHistStatsFstFDesc TItemDescription,
tmnxIPsecSysHistStatsLstFTm DateAndTime,
tmnxIPsecSysHistStatsLstFDesc TItemDescription
}
tmnxIPsecSysHistStatsType OBJECT-TYPE
SYNTAX TmnxIPsecHistStatsType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecSysHistStatsType specifies the type for this
statistic."
::= { tmnxIPsecSysHistStatsEntry 1 }
tmnxIPsecSysHistStatsIntvIdx OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecSysHistStatsIntvIdx specifies the index of the
sampling interval period for this statistic.
When the value of tmnxIPsecSysHistStatsIntvIdx is '1', it indicates
that this is the current sampling interval period and the value of
tmnxIPsecSysHistStatsValue64 indicates the current statistical value.
When the value of tmnxIPsecSysHistStatsIntvIdx is larger than '1', it
indicates that this is a previous sampling interval and the value of
tmnxIPsecSysHistStatsValue64 indicates a previous statistical value.
Specifically, when the value of tmnxIPsecSysHistStatsIntvIdx is '2',
it indicates that this is the most recent finished sampling interval
and the value of tmnxIPsecSysHistStatsValue64 indicates the most
recent statistical value."
::= { tmnxIPsecSysHistStatsEntry 2 }
tmnxIPsecSysHistStatsValue64 OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSysHistStatsValue64 indicates the statistical
value during the corresponding sampling interval period.
The unit of tmnxIPsecSysHistStatsValue64 is indicated by
tmnxIPsecSysHistStatsType."
::= { tmnxIPsecSysHistStatsEntry 3 }
tmnxIPsecSysHistStatsValue32 OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSysHistStatsValue32 indicates a signed 32-bit
integer representation of the value of tmnxIPsecSysHistStatsValue64.
This object is used by Remote Network Monitoring (RMON) to monitor
this statistical value.
For most tmnxIPsecSysHistStatsType values, the value and unit of
tmnxIPsecSysHistStatsValue32 are the same as the value and unit of
tmnxIPsecSysHistStatsValue64. The exception are the following two
cases.
1) When the value of tmnxIPsecSysHistStatsType is equal to any of
the following values, the unit of tmnxIPsecSysHistStatsValue32
is the number of mebibits (1 mebibit == 1024 * 1024 bits),
instead of the number of bits which is used by
tmnxIPsecSysHistStatsValue64.
'numOfIPsecEncrBits (103)'
'numOfIPsecDecrBits (104)'
'numOfIPsecEnDecrBits (105)'
'numOfGreTnlEncapBits (113)'
'numOfGreTnlDecapBits (114)'
'numOfGreTnlEnDecapBits (115)'
'numOfIpTnlEncapBits (123)'
'numOfIpTnlDecapBits (124)'
'numOfIpTnlEnDecapBits (125)'
'numOfL2tpv3TnlEncapBits (133)'
'numOfL2tpv3TnlDecapBits (134)'
'numOfL2tpv3TnlEnDecapBits (135)'
2) When the value of tmnxIPsecSysHistStatsType is equal to any of
the following values, the unit of tmnxIPsecSysHistStatsValue32
is the number of mebi-packets (1 mebi-packet == 1024 * 1024
packets), instead of the number of packets which is used by
tmnxIPsecSysHistStatsValue64.
'numOfIPsecEncrPkts (100)'
'numOfIPsecDecrPkts (101)'
'numOfIPsecEnDecrPkts (102)'
'numOfGreTnlEncapPkts (110)'
'numOfGreTnlDecapPkts (111)'
'numOfGreTnlEnDecapPkts (112)'
'numOfIpTnlEncapPkts (120)'
'numOfIpTnlDecapPkts (121)'
'numOfIpTnlEnDecapPkts (122)'
'numOfL2tpv3TnlEncapPkts (130)'
'numOfL2tpv3TnlDecapPkts (131)'
'numOfL2tpv3TnlEnDecapPkts (132)'"
::= { tmnxIPsecSysHistStatsEntry 4 }
tmnxIPsecSysHistStatsIntvStTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSysHistStatsIntvStTm indicates the UTC date when
the corresponding sampling interval started."
::= { tmnxIPsecSysHistStatsEntry 5 }
tmnxIPsecSysHistStatsIntvDur OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSysHistStatsIntvDur indicates the duration in
seconds of the corresponding sampling interval."
::= { tmnxIPsecSysHistStatsEntry 6 }
tmnxIPsecSysHistStatsFstFTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSysHistStatsFstFTm indicates the UTC date when
the first IKE exchange failure happened in the corresponding sampling
interval.
This value is only significant when tmnxIPsecSysHistStatsType is equal
to any of the following values.
'numOfIkeAuthFails (300)
'numOfIkeNoPrpslFails (301)
'numOfIkeAddrAsgFails (302)
'numOfIkeInvldTsFails (303)
'numOfIkeInvldKeFails (304)
'numOfIkeDpdTimeoutFails (305)
'numOfIkeOtherReasonFails (306)"
::= { tmnxIPsecSysHistStatsEntry 7 }
tmnxIPsecSysHistStatsFstFDesc OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSysHistStatsFstFDesc indicates the description
of the place where the first IKE exchange failure happened.
This value is only significant when tmnxIPsecSysHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecSysHistStatsFstFTm description)."
::= { tmnxIPsecSysHistStatsEntry 8 }
tmnxIPsecSysHistStatsLstFTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSysHistStatsLstFTm indicates the UTC date when
the last IKE exchange failure happened in the corresponding sampling
interval.
This value is only significant when tmnxIPsecSysHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecSysHistStatsFstFTm description)."
::= { tmnxIPsecSysHistStatsEntry 9 }
tmnxIPsecSysHistStatsLstFDesc OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecSysHistStatsLstFDesc indicates the description
of the place where the last IKE exchange failure happened.
This value is only significant when tmnxIPsecSysHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecSysHistStatsLstFTm description)."
::= { tmnxIPsecSysHistStatsEntry 10 }
tmnxIPsecTnlHistStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecTnlHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecTnlHistStatsTable contains the historical statistics of
IPsec tunnels."
::= { tmnxIPsecObjects 78 }
tmnxIPsecTnlHistStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecTnlHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecTnlHistStatsEntry contains the historical statistics for
a specific IPsec tunnel."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxIPsecTunnelName,
tmnxIPsecTnlHistStatsType,
tmnxIPsecTnlHistStatsIntvIdx
}
::= { tmnxIPsecTnlHistStatsTable 1 }
TmnxIPsecTnlHistStatsEntry ::= SEQUENCE
{
tmnxIPsecTnlHistStatsType TmnxIPsecHistStatsType,
tmnxIPsecTnlHistStatsIntvIdx Unsigned32,
tmnxIPsecTnlHistStatsValue64 CounterBasedGauge64,
tmnxIPsecTnlHistStatsIntvStTm DateAndTime,
tmnxIPsecTnlHistStatsIntvDur Unsigned32
}
tmnxIPsecTnlHistStatsType OBJECT-TYPE
SYNTAX TmnxIPsecHistStatsType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlHistStatsType specifies the statistical type
for this IPsec tunnel.
The values of tmnxIPsecTnlHistStatsType supported by this table are
listed below.
numOfAccumIPsecEncrPkts (400)
numOfAccumIPsecDecrPkts (401)
numOfAccumIPsecEnDecrPkts (402)
numOfAccumIPsecEncrKBs (403)
numOfAccumIPsecDecrKBs (404)
numOfAccumIPsecEnDecrKBs (405)"
::= { tmnxIPsecTnlHistStatsEntry 1 }
tmnxIPsecTnlHistStatsIntvIdx OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlHistStatsIntvIdx specifies the index of the
sampling interval period for this statistic.
The value of tmnxIPsecTnlHistStatsIntvIdx is '1', it indicates that
this is the current sampling interval and the value of
tmnxIPsecTnlHistStatsValue64 indicates the current statistical value.
'1' is the only available value for tmnxIPsecTnlHistStatsIntvIdx in
this release."
::= { tmnxIPsecTnlHistStatsEntry 2 }
tmnxIPsecTnlHistStatsValue64 OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlHistStatsValue64 indicates the statistical
value during the corresponding sampling interval period.
The unit of tmnxIPsecTnlHistStatsValue64 is indicated by
tmnxIPsecTnlHistStatsType."
::= { tmnxIPsecTnlHistStatsEntry 3 }
tmnxIPsecTnlHistStatsIntvStTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlHistStatsIntvStTm indicates the UTC date when
the corresponding sampling interval started."
::= { tmnxIPsecTnlHistStatsEntry 4 }
tmnxIPsecTnlHistStatsIntvDur OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlHistStatsIntvDur indicates the duration in
seconds of the corresponding sampling interval."
::= { tmnxIPsecTnlHistStatsEntry 5 }
tmnxIPsecRUTnlHistStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecRUTnlHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecRUTnlHistStatsTable contains the historical statistics of
IPsec Remote-User tunnels.
The typical usage of this table is to fill in the part of the index
that identifies an IPsec Remote-User tunnel (svcId, sapPortId,
sapEncapValue, tIPsecRUTnlInetAddrType, tIPsecRUTnlInetAddress and
tIPsecRUTnlPort), and perform a partial walk to retrieve the
statistics. Due to the huge size of this table, an SNMP walk without
any index may take a long time to complete and is not recommended."
::= { tmnxIPsecObjects 79 }
tmnxIPsecRUTnlHistStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecRUTnlHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecRUTnlHistStatsEntry contains the historical statistics
for a specific IPsec Remote-User tunnel."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tIPsecRUTnlInetAddrType,
tIPsecRUTnlInetAddress,
tIPsecRUTnlPort,
tmnxIPsecRUTnlHistStatsType,
tmnxIPsecRUTnlHistStatsIntvIdx
}
::= { tmnxIPsecRUTnlHistStatsTable 1 }
TmnxIPsecRUTnlHistStatsEntry ::= SEQUENCE
{
tmnxIPsecRUTnlHistStatsType TmnxIPsecHistStatsType,
tmnxIPsecRUTnlHistStatsIntvIdx Unsigned32,
tmnxIPsecRUTnlHistStatsValue64 CounterBasedGauge64,
tmnxIPsecRUTnlHistStatsIntvStTm DateAndTime,
tmnxIPsecRUTnlHistStatsIntvDur Unsigned32
}
tmnxIPsecRUTnlHistStatsType OBJECT-TYPE
SYNTAX TmnxIPsecHistStatsType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecRUTnlHistStatsType specifies the statistical
type for this IPsec Remote-User tunnel.
The values of tmnxIPsecRUTnlHistStatsType supported by this table are
listed below.
numOfAccumIPsecEncrPkts (400)
numOfAccumIPsecDecrPkts (401)
numOfAccumIPsecEnDecrPkts (402)
numOfAccumIPsecEncrKBs (403)
numOfAccumIPsecDecrKBs (404)
numOfAccumIPsecEnDecrKBs (405)"
::= { tmnxIPsecRUTnlHistStatsEntry 1 }
tmnxIPsecRUTnlHistStatsIntvIdx OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecRUTnlHistStatsIntvIdx specifies the index of the
sampling interval period for this statistic.
The value of tmnxIPsecRUTnlHistStatsIntvIdx is '1', it indicates that
this is the current sampling interval and the value of
tmnxIPsecRUTnlHistStatsValue64 indicates the current statistical
value.
'1' is the only available value for tmnxIPsecRUTnlHistStatsIntvIdx in
this release."
::= { tmnxIPsecRUTnlHistStatsEntry 2 }
tmnxIPsecRUTnlHistStatsValue64 OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecRUTnlHistStatsValue64 indicates the statistical
value during the corresponding sampling interval period.
The unit of tmnxIPsecRUTnlHistStatsValue64 is indicated by
tmnxIPsecRUTnlHistStatsType."
::= { tmnxIPsecRUTnlHistStatsEntry 3 }
tmnxIPsecRUTnlHistStatsIntvStTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecRUTnlHistStatsIntvStTm indicates the UTC date
when the corresponding sampling interval started."
::= { tmnxIPsecRUTnlHistStatsEntry 4 }
tmnxIPsecRUTnlHistStatsIntvDur OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecRUTnlHistStatsIntvDur indicates the duration in
seconds of the corresponding sampling interval."
::= { tmnxIPsecRUTnlHistStatsEntry 5 }
tmnxIPsecGWStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecGWStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecGWStatsTable contains the statistics of IPsec gateways."
::= { tmnxIPsecObjects 80 }
tmnxIPsecGWStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecGWStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecGWStatsEntry contains the statistics for a specific IPsec
gateway."
INDEX {
svcId,
sapPortId,
sapEncapValue
}
::= { tmnxIPsecGWStatsTable 1 }
TmnxIPsecGWStatsEntry ::= SEQUENCE
{
tmnxIPsecGWStatsNumOfDl2lTnls Unsigned32,
tmnxIPsecGWStatsNumOfRaTnls Unsigned32
}
tmnxIPsecGWStatsNumOfDl2lTnls OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWStatsNumOfDl2lTnls indicates the number of
dynamic LAN-to-LAN (SL2L) tunnels associated with this IPsec gateway."
::= { tmnxIPsecGWStatsEntry 1 }
tmnxIPsecGWStatsNumOfRaTnls OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecGWStatsNumOfRaTnls indicates the number of
remote access (RA) tunnels associated to this IPsec gateway."
::= { tmnxIPsecGWStatsEntry 2 }
tmnxIPsecNotifyObjs OBJECT IDENTIFIER ::= { tmnxIPsecObjects 100 }
tIPsecNotifRUTnlInetAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifRUTnlInetAddrType indicates address type of
tIPsecNotifRUTnlInetAddress object."
::= { tmnxIPsecNotifyObjs 1 }
tIPsecNotifRUTnlInetAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16|20))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This value of tIPsecNotifRUTnlInetAddress indicates the address of of
the SAP IPsec gateway to the tunnel."
::= { tmnxIPsecNotifyObjs 2 }
tIPsecNotifRUTnlPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifRUTnlPort indicates the UDP port of the SAP
IPsec gateway to the tunnel."
::= { tmnxIPsecNotifyObjs 3 }
tIPsecNotifReason OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifReason indicates the reason for the IPsec
notification."
::= { tmnxIPsecNotifyObjs 4 }
tIPsecNotifBfdIntfSvcId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifBfdIntfSvcId specifies the service ID of the
interface running BFD in the notification."
::= { tmnxIPsecNotifyObjs 5 }
tIPsecNotifBfdIntfIfName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifBfdIntfIfName specifies the name of the
interface running BFD in the notification."
::= { tmnxIPsecNotifyObjs 6 }
tIPsecNotifBfdIntfDestIpType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifBfdIntfDestIpType specifies the address type
of tIPsecNotifBfdIntfDestIp object."
::= { tmnxIPsecNotifyObjs 7 }
tIPsecNotifBfdIntfDestIp OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifBfdIntfDestIp specifies the destination IP
address on the interface running BFD in the notification."
::= { tmnxIPsecNotifyObjs 8 }
tIPsecNotifBfdIntfSessState OBJECT-TYPE
SYNTAX TmnxBfdSessOperState
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifBfdIntfSessState indicates the operational
state of BFD session on the interface in the notification."
::= { tmnxIPsecNotifyObjs 9 }
tIPsecRadAcctPlcyFailReason OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecRadAcctPlcyFailReason is a printable character
string which contains information about the reason why the
tIPsecRadAcctPlcyFailure notification was generated."
::= { tmnxIPsecNotifyObjs 10 }
tIPsecNotifIPsecTunnelName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifIPsecTunnelName indicates the name of the
IPsec tunnel name."
::= { tmnxIPsecNotifyObjs 11 }
tIPsecNotifConfigIpMtu OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifConfigIpMtu indicates the IPsec tunnel's
configured IP MTU for packets entering the tunnel from the
non-encapsulated side."
::= { tmnxIPsecNotifyObjs 12 }
tIPsecNotifEncapOverhead OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifEncapOverhead indicates the IPsec tunnel's
outbound SA encapsulation overhead."
::= { tmnxIPsecNotifyObjs 13 }
tIPsecNotifConfigEncapIpMtu OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifConfigEncapIpMtu indicates the IPsec tunnel's
configured encapsulated IP MTU."
::= { tmnxIPsecNotifyObjs 14 }
tIPsecNotifCertProfileName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifCertProfileName indicates the name of the
certificate profile associated with the notification."
::= { tmnxIPsecNotifyObjs 15 }
tIPsecNotifCertProfEntryId OBJECT-TYPE
SYNTAX TEntryId
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifCertProfEntryId indicates the entry ID of the
certificate profile associated with the notification."
::= { tmnxIPsecNotifyObjs 16 }
tIPsecNotifCaProfNames OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tIPsecNotifCaProfNames indicates the CA profile names of
a certificate chain associated with the notification."
::= { tmnxIPsecNotifyObjs 17 }
tIPsecNotifTunnelType OBJECT-TYPE
SYNTAX INTEGER {
static (1),
secure-interface (2),
dynamic (3)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The tIPsecNotifTunnelType indicates the type of tunnel."
::= { tmnxIPsecNotifyObjs 18 }
tIPsecNotifTunnelIdentifier OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The tIPsecNotifTunnelIdentifier indicates the tunnel-name for the
static/secure-interface tunnel or 'GW-REMOTE-IPADDR:REMOTE-PORT' for
the dynamic tunnel."
::= { tmnxIPsecNotifyObjs 19 }
tmnxIPsecScalarsObjs OBJECT IDENTIFIER ::= { tmnxIPsecObjects 101 }
tmnxIPsecScalarObjsShowKeys OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecScalarObjsShowKeys specifies whether or not to
show the IPsec Security Association keys in command line interfaces
(CLI)."
DEFVAL { false }
::= { tmnxIPsecScalarsObjs 1 }
tmnxIPsecTnlBfdSessTableLChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlBfdSessTableLChg indicates the time, since
system startup, when tmnxIPsecTnlBfdSessTable last changed
configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxIPsecObjects 102 }
tmnxIPsecTnlBfdSessTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecTnlBfdSessEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecTnlBfdSessTable contains configurable IPsec Tunnel
Bidirectional Forwarding Detection (BFD) session information.
Entries in this table are created and destroyed via SNMP SET
operations to tmnxIPsecTnlBfdSessRowStatus.
tmnxIPsecTnlBfdSessSvcId, tmnxIPsecTnlBfdSessSvcName,
tmnxIPsecTnlBfdSessIfName, tmnxIPsecTnlBfdSessDstAddrT and
tmnxIPsecTnlBfdSessDstAddr must be present in the same SNMP PDU as the
row creation, otherwise the creation will fail."
::= { tmnxIPsecObjects 103 }
tmnxIPsecTnlBfdSessEntry OBJECT-TYPE
SYNTAX TmnxIPsecTnlBfdSessEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecTnlBfdSessEntry contains the configuration of one IPsec
Tunnel BFD session entry."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxIPsecTunnelName
}
::= { tmnxIPsecTnlBfdSessTable 1 }
TmnxIPsecTnlBfdSessEntry ::= SEQUENCE
{
tmnxIPsecTnlBfdSessRowStatus RowStatus,
tmnxIPsecTnlBfdSessSvcId TmnxServId,
tmnxIPsecTnlBfdSessSvcName TLNamedItemOrEmpty,
tmnxIPsecTnlBfdSessIfName TNamedItemOrEmpty,
tmnxIPsecTnlBfdSessDstAddrT InetAddressType,
tmnxIPsecTnlBfdSessDstAddr InetAddress
}
tmnxIPsecTnlBfdSessRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlBfdSessRowStatus specifies the status of this
row. It is used to create and destroy rows in
tmnxIPsecTnlBfdSessTable."
::= { tmnxIPsecTnlBfdSessEntry 1 }
tmnxIPsecTnlBfdSessSvcId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlBfdSessSvcId specifies the service identifier
of the interface running BFD.
The values of tmnxIPsecTnlBfdSessSvcId and tmnxIPsecTnlBfdSessSvcName
must be mutually exclusive and cannot simultaneously have non-default
values."
DEFVAL { 0 }
::= { tmnxIPsecTnlBfdSessEntry 2 }
tmnxIPsecTnlBfdSessSvcName OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlBfdSessSvcName specifies the service name of
the interface running BFD.
The values of tmnxIPsecTnlBfdSessSvcName and tmnxIPsecTnlBfdSessSvcId
must be mutually exclusive and cannot simultaneously have non-default
values."
DEFVAL { ''H }
::= { tmnxIPsecTnlBfdSessEntry 3 }
tmnxIPsecTnlBfdSessIfName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlBfdSessIfName specifies the IPSec interface
used by the BFD session."
DEFVAL { ''H }
::= { tmnxIPsecTnlBfdSessEntry 4 }
tmnxIPsecTnlBfdSessDstAddrT OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlBfdSessDstAddrT specifies the address type of
tmnxIPsecTnlBfdSessDstAddr."
DEFVAL { ipv4 }
::= { tmnxIPsecTnlBfdSessEntry 5 }
tmnxIPsecTnlBfdSessDstAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlBfdSessDstAddr specifies the destination IP
address to be used for the BFD session.
The default value of tmnxIPsecTnlBfdSessDstAddr is 0.0.0.0."
DEFVAL { '00000000'H }
::= { tmnxIPsecTnlBfdSessEntry 6 }
tmnxIPsecTnlBfdSessStatTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecTnlBfdSessStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecTnlBfdSessStatTable contains the statistics of IPsec
Tunnel BFD sessions."
::= { tmnxIPsecObjects 104 }
tmnxIPsecTnlBfdSessStatEntry OBJECT-TYPE
SYNTAX TmnxIPsecTnlBfdSessStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecTnlBfdSessStatEntry contains the statistics for a single
IPsec Tunnel BFD session."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxIPsecTunnelName
}
::= { tmnxIPsecTnlBfdSessStatTable 1 }
TmnxIPsecTnlBfdSessStatEntry ::= SEQUENCE
{
tmnxIPsecTnlBfdSessStatSrcAddrT InetAddressType,
tmnxIPsecTnlBfdSessStatSrcAddr InetAddress,
tmnxIPsecTnlBfdSessStatOperState TmnxBfdSessOperState
}
tmnxIPsecTnlBfdSessStatSrcAddrT OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlBfdSessStatSrcAddrT indicates the address
type of tmnxIPsecTnlBfdSessStatSrcAddr."
::= { tmnxIPsecTnlBfdSessStatEntry 1 }
tmnxIPsecTnlBfdSessStatSrcAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlBfdSessStatSrcAddr indicates the source IP
address on the interface running BFD."
::= { tmnxIPsecTnlBfdSessStatEntry 2 }
tmnxIPsecTnlBfdSessStatOperState OBJECT-TYPE
SYNTAX TmnxBfdSessOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecTnlBfdSessStatOperState indicates the
operational state of the BFD session the IPsec tunnel is relying upon
for its fast triggering mechanism."
::= { tmnxIPsecTnlBfdSessStatEntry 3 }
tmnxVRtIPsecTnlTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlTableLastChanged indicates the time, since
system startup, when tmnxVRtIPsecTnlTable last changed configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxIPsecObjects 105 }
tmnxVRtIPsecTnlTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxVRtIPsecTnlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxVRtIPsecTnlTable contains configurable IPsec Tunnel
information.
Entries in this table are created and destroyed via SNMP SET
operations to tmnxVRtIPsecTnlRowStatus."
::= { tmnxIPsecObjects 106 }
tmnxVRtIPsecTnlEntry OBJECT-TYPE
SYNTAX TmnxVRtIPsecTnlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxVRtIPsecTnlEntry contains the configuration of one IPsec
Tunnel entry."
INDEX {
vRtrID,
vRtrIfIndex,
tmnxVRtIPsecTnlName
}
::= { tmnxVRtIPsecTnlTable 1 }
TmnxVRtIPsecTnlEntry ::= SEQUENCE
{
tmnxVRtIPsecTnlName TNamedItem,
tmnxVRtIPsecTnlRowStatus RowStatus,
tmnxVRtIPsecTnlLastChanged TimeStamp,
tmnxVRtIPsecTnlAdminState TmnxAdminState,
tmnxVRtIPsecTnlOperState TmnxIPsecOperState,
tmnxVRtIPsecTnlDescription TItemDescription,
tmnxVRtIPsecTnlLclGwAddrType InetAddressType,
tmnxVRtIPsecTnlLclGwAddr InetAddress,
tmnxVRtIPsecTnlRemGwAddrType InetAddressType,
tmnxVRtIPsecTnlRemGwAddr InetAddress,
tmnxVRtIPsecTnlSecurityPolicyId TmnxIPsecPolicyIdOrZero,
tmnxVRtIPsecTnlKeyingType TmnxIPsecKeyingType,
tmnxVRtIPsecTnlDynTransformId1 TmnxIPsecTransformIdOrZero,
tmnxVRtIPsecTnlDynTransformId2 TmnxIPsecTransformIdOrZero,
tmnxVRtIPsecTnlDynTransformId3 TmnxIPsecTransformIdOrZero,
tmnxVRtIPsecTnlDynTransformId4 TmnxIPsecTransformIdOrZero,
tmnxVRtIPsecTnlIkePolicyId TmnxIkePolicyIdOrZero,
tmnxVRtIPsecTnlIkePreSharedKey OCTET STRING,
tmnxVRtIPsecTnlOperFlags BITS,
tmnxVRtIPsecTnlReplayWindow Unsigned32,
tmnxVRtIPsecTnlAutoEstablish TruthValue,
tmnxVRtIPsecTnlBfdDesignate TruthValue,
tmnxVRtIPsecTnlLocalIdType TmnxIPsecLocalIdType,
tmnxVRtIPsecTnlLocalIdValue DisplayString,
tmnxVRtIPsecTnlClearDfBit TruthValue,
tmnxVRtIPsecTnlIpMtu Unsigned32,
tmnxVRtIPsecTnlHostISA TmnxHwIndexOrZero,
tmnxVRtIPsecTnlCSVPrimary TmnxCertRevStatus,
tmnxVRtIPsecTnlCSVSecondary TmnxCertRevStatusOrNone,
tmnxVRtIPsecTnlCSVDefResult INTEGER,
tmnxVRtIPsecTnlCertProfile TNamedItemOrEmpty,
tmnxVRtIPsecTnlMatchTrustAnchor TNamedItemOrEmpty,
tmnxVRtIPsecTnlCertTrstAnchrProf TNamedItemOrEmpty,
tmnxVRtIPsecTnlEncapIpMtu Unsigned32,
tmnxVRtIPsecTnlPropagateIpv6PMTU TruthValue,
tmnxVRtIPsecTnlIcmp6Pkt2Big TruthValue,
tmnxVRtIPsecTnlIcmp6NumPkt2Big Unsigned32,
tmnxVRtIPsecTnlIcmp6Pkt2BigTime Unsigned32,
tmnxVRtIPsecTnlOperChanged TimeStamp,
tmnxVRtIPsecTnlPropagateIpv4PMTU TruthValue,
tmnxVRtIPsecTnlIcmpFragReq TruthValue,
tmnxVRtIPsecTnlIcmpFragReqNum Unsigned32,
tmnxVRtIPsecTnlIcmpFragReqTime Unsigned32,
tmnxVRtIPsecTnlPMTUDiscoverAging Unsigned32,
tmnxVRtIPsecTnlPubTcpMssAdjust Integer32,
tmnxVRtIPsecTnlPrivTcpMssAdjust Integer32,
tmnxVRtIPsecTnlMaxNumPh1SaKeys Unsigned32,
tmnxVRtIPsecTnlMaxNumPh2SaKeys Unsigned32,
tmnxVRtIPsecTnlSecPlyStrictMatch TruthValue,
tmnxVRtIPsecTnlPrivateSvcName TLNamedItemOrEmpty,
tmnxVRtIPsecTnlPrivSap Unsigned32,
tmnxVRtIPsecTnlLclGwAddrOvrdType InetAddressType,
tmnxVRtIPsecTnlLclGwAddrOvrd InetAddress,
tmnxVRtIPsecTnlHostEsa TmnxEsaIdOrZero,
tmnxVRtIPsecTnlHostEsaVm TmnxEsaVmIdOrZero
}
tmnxVRtIPsecTnlName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlName specifies the name of this IPsec
tunnel."
::= { tmnxVRtIPsecTnlEntry 1 }
tmnxVRtIPsecTnlRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlRowStatus specifies the status of this
row. It is used to create and destroy rows in tmnxVRtIPsecTnlTable."
::= { tmnxVRtIPsecTnlEntry 2 }
tmnxVRtIPsecTnlLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlLastChanged indicates the time, since
system startup, that the configuration of this row was created or
modified."
::= { tmnxVRtIPsecTnlEntry 3 }
tmnxVRtIPsecTnlAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlAdminState specifies the administrative
state of the tmnxVRtIPsecTnlEntry."
DEFVAL { outOfService }
::= { tmnxVRtIPsecTnlEntry 4 }
tmnxVRtIPsecTnlOperState OBJECT-TYPE
SYNTAX TmnxIPsecOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlOperState indicates the operational status
of tmnxVRtIPsecTnlEntry."
::= { tmnxVRtIPsecTnlEntry 5 }
tmnxVRtIPsecTnlDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlDescription specifies the user-provided
description for this entry."
DEFVAL { "" }
::= { tmnxVRtIPsecTnlEntry 6 }
tmnxVRtIPsecTnlLclGwAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlLclGwAddrType specifies the address type
of address in tmnxVRtIPsecTnlLclGwAddr."
::= { tmnxVRtIPsecTnlEntry 7 }
tmnxVRtIPsecTnlLclGwAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlLclGwAddr specifies the address of the
interface on the local node of this IPsec tunnel."
::= { tmnxVRtIPsecTnlEntry 8 }
tmnxVRtIPsecTnlRemGwAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlRemGwAddrType specifies the address type
of address in tmnxVRtIPsecTnlRemGwAddr."
DEFVAL { unknown }
::= { tmnxVRtIPsecTnlEntry 9 }
tmnxVRtIPsecTnlRemGwAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlRemGwAddr specifies the address of the
interface on the remote node of this IPsec tunnel."
DEFVAL { ''H }
::= { tmnxVRtIPsecTnlEntry 10 }
tmnxVRtIPsecTnlSecurityPolicyId OBJECT-TYPE
SYNTAX TmnxIPsecPolicyIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlSecurityPolicyId specifies the IPsec
security policy entry in the tmnxIPsecPolicyTable that this tunnel
will use."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 11 }
tmnxVRtIPsecTnlKeyingType OBJECT-TYPE
SYNTAX TmnxIPsecKeyingType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlKeyingType specifies the keying type that
this tunnel will use."
DEFVAL { none }
::= { tmnxVRtIPsecTnlEntry 12 }
tmnxVRtIPsecTnlDynTransformId1 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlDynTransformId1 specifies the first IPsec
transform entry in the table tmnxIPsecTransformTable that this tunnel
will use."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 13 }
tmnxVRtIPsecTnlDynTransformId2 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlDynTransformId2 specifies the second IPsec
transform entry in the table tmnxIPsecTransformTable that this tunnel
will use.
The value of tmnxVRtIPsecTnlDynTransformId2 is valid and greater than
0, only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 14 }
tmnxVRtIPsecTnlDynTransformId3 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlDynTransformId3 specifies the third IPsec
transform entry in the table tmnxIPsecTransformTable that this tunnel
will use.
The value of tmnxVRtIPsecTnlDynTransformId3 is valid and greater than
0, only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 15 }
tmnxVRtIPsecTnlDynTransformId4 OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlDynTransformId4 specifies the fourth IPsec
transform entry in the table tmnxIPsecTransformTable that this tunnel
will use.
The value of tmnxVRtIPsecTnlDynTransformId3 is valid and greater than
0, only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 16 }
tmnxVRtIPsecTnlIkePolicyId OBJECT-TYPE
SYNTAX TmnxIkePolicyIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The object tmnxVRtIPsecTnlIkePolicyId specifies the IKE policy entry
that this tunnel will use.
The value of tmnxVRtIPsecTnlIkePolicyId is valid and greater than 0,
only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 17 }
tmnxVRtIPsecTnlIkePreSharedKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIkePreSharedKey specifies the shared
secret between the two peers forming the tunnel.
The value of tmnxVRtIPsecTnlIkePreSharedKey is a valid and non null
string only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'."
DEFVAL { "" }
::= { tmnxVRtIPsecTnlEntry 18 }
tmnxVRtIPsecTnlOperFlags OBJECT-TYPE
SYNTAX BITS {
unresolvedLocalIp (0),
tunnelAdminDown (1),
sapDown (2),
unresolvedPublicSvc (3),
bfdSessionDown (4),
reserved1 (5),
unresolvedDstIp (6),
invalidCertFile (7),
invalidKeyFile (8),
trustAnchorsDown (9),
certProfileDown (10),
invalidCertKeyCombo (11),
securedIntfSourceAddrUnresolved (12)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlOperFlags indicates the reason why the
tunnel is operationally down."
::= { tmnxVRtIPsecTnlEntry 19 }
tmnxVRtIPsecTnlReplayWindow OBJECT-TYPE
SYNTAX Unsigned32 (0 | 32 | 64 | 128 | 256 | 512)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlReplayWindow specifies the size of the
anti-replay window.
If the value of tmnxVRtIPsecTnlReplayWindow is set to 0, then the
anti-replay feature is disabled."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 20 }
tmnxVRtIPsecTnlAutoEstablish OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlAutoEstablish specifies whether to attempt
to establish a phase 1 exchange automatically."
DEFVAL { false }
::= { tmnxVRtIPsecTnlEntry 21 }
tmnxVRtIPsecTnlBfdDesignate OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlBfdDesignate specifies whether this IPSec
tunnel is the BFD designated tunnel."
DEFVAL { false }
::= { tmnxVRtIPsecTnlEntry 22 }
tmnxVRtIPsecTnlLocalIdType OBJECT-TYPE
SYNTAX TmnxIPsecLocalIdType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlLocalIdType specifies the local identifier
type used for IDi or IDr for IKEv2.
An 'inconsistentValue' error is returned if this object is modified
when tmnxVRtIPsecTnlAdminState is in 'inService' state."
DEFVAL { none }
::= { tmnxVRtIPsecTnlEntry 23 }
tmnxVRtIPsecTnlLocalIdValue OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlLocalIdValue specifies the value
associated with tmnxVRtIPsecTnlLocalIdType object.
Value is extracted from the configured certificate when
tmnxVRtIPsecTnlLocalIdType is set to 'dn'."
DEFVAL { ''H }
::= { tmnxVRtIPsecTnlEntry 24 }
tmnxVRtIPsecTnlClearDfBit OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlClearDfBit specifies whether to clear Do
not Fragment (DF) bit in the outgoing packets in this tunnel."
DEFVAL { false }
::= { tmnxVRtIPsecTnlEntry 25 }
tmnxVRtIPsecTnlIpMtu OBJECT-TYPE
SYNTAX Unsigned32 (0 | 512..9000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIpMtu specifies the MTU size for IP packets
for this tunnel.
A value set to zero indicates maximum supported MTU size on the SAP
for this tunnel."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 26 }
tmnxVRtIPsecTnlHostISA OBJECT-TYPE
SYNTAX TmnxHwIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlHostISA indicates the active ISA MDA that
is being used to host this IPsec tunnel.
This object will contain a nonzero value only when the tunnel is
both operationally up and being hosted by an MDA. When the tunnel
is being hosted by an ESA virtual machine, the host will be indicated
by the tmnxVRtIPsecTnlHostEsa and tmnxVRtIPsecTnlHostEsaVm objects."
::= { tmnxVRtIPsecTnlEntry 27 }
tmnxVRtIPsecTnlCSVPrimary OBJECT-TYPE
SYNTAX TmnxCertRevStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlCSVPrimary specifies the primary method of
Certificate Status Verification (CSV) that is used to verify
revocation status of the certificate of the peer.
This value must be set in the same PDU as tmnxVRtIPsecTnlCSVSecondary
if the value of tmnxVRtIPsecTnlAdminState is equal to 'inService (2)'."
DEFVAL { crl }
::= { tmnxVRtIPsecTnlEntry 28 }
tmnxVRtIPsecTnlCSVSecondary OBJECT-TYPE
SYNTAX TmnxCertRevStatusOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlCSVSecondary specifies the secondary
method of Certificate Status Verification (CSV) that is used to verify
revocation status of the certificate of the peer.
This value must be set in the same PDU as tmnxVRtIPsecTnlCSVPrimary if
the value of tmnxVRtIPsecTnlAdminState is equal to 'inService (2)'."
DEFVAL { none }
::= { tmnxVRtIPsecTnlEntry 29 }
tmnxVRtIPsecTnlCSVDefResult OBJECT-TYPE
SYNTAX INTEGER {
revoked (0),
good (1)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlCSVDefResult specifies the default result
of Certificate Status Verification (CSV) when both primary and
secondary method failed to provide an answer."
DEFVAL { revoked }
::= { tmnxVRtIPsecTnlEntry 30 }
tmnxVRtIPsecTnlCertProfile OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlCertProfile specifies the certificate
profile associated with this IPsec tunnel."
DEFVAL { ''H }
::= { tmnxVRtIPsecTnlEntry 31 }
tmnxVRtIPsecTnlMatchTrustAnchor OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlMatchTrustAnchor indicates the name for
matched Certificate-Authority Profile name associated with this SAP
IPSec tunnel certificate."
::= { tmnxVRtIPsecTnlEntry 32 }
tmnxVRtIPsecTnlCertTrstAnchrProf OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlCertTrstAnchrProf specifies the name for
Certificate-Authority Trust Anchor Profile name associated with this
SAP IPSec tunnel certificate.
An 'inconsistentValue' error is returned if this object is modified
when tmnxVRtIPsecTnlAdminState is in 'inService' state."
DEFVAL { ''H }
::= { tmnxVRtIPsecTnlEntry 33 }
tmnxVRtIPsecTnlEncapIpMtu OBJECT-TYPE
SYNTAX Unsigned32 (0 | 512..9000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlEncapIpMtu specifies the MTU size for IP
packets after tunnel encapsulation has been added.
A value set to zero indicates maximum supported MTU size on the SAP
for this tunnel."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 34 }
tmnxVRtIPsecTnlPropagateIpv6PMTU OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlPropagateIpv6PMTU specifies whether or not
to propagate a path MTU to IPv6 hosts."
DEFVAL { false }
::= { tmnxVRtIPsecTnlEntry 35 }
tmnxVRtIPsecTnlIcmp6Pkt2Big OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIcmp6Pkt2Big specifies whether
packet-too-big ICMP messages should be sent. When it is set to 'true',
ICMPv6 packet-too-big messages are generated by this IPsec tunnel.
When tmnxVRtIPsecTnlIcmp6Pkt2Big is set to 'false (2)', ICMPv6
packet-too-big messages are not sent.
When the value of tmnxVRtIPsecTnlIcmp6Pkt2Big is 'false (2)', it must
be set in the same SNMP PDU as tmnxVRtIPsecTnlIcmp6NumPkt2Big and
tmnxVRtIPsecTnlIcmp6Pkt2BigTime. The value of
tmnxVRtIPsecTnlIcmp6NumPkt2Big and tmnxVRtIPsecTnlIcmp6Pkt2BigTime
must be their default values."
DEFVAL { true }
::= { tmnxVRtIPsecTnlEntry 36 }
tmnxVRtIPsecTnlIcmp6NumPkt2Big OBJECT-TYPE
SYNTAX Unsigned32 (10..1000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIcmp6NumPkt2Big specifies how many
packet-too-big ICMPv6 messages are transmitted in the time frame
specified by tmnxVRtIPsecTnlIcmp6Pkt2BigTime.
This value must be set in the same SNMP SET PDU as
tmnxVRtIPsecTnlIcmp6Pkt2Big."
DEFVAL { 100 }
::= { tmnxVRtIPsecTnlEntry 37 }
tmnxVRtIPsecTnlIcmp6Pkt2BigTime OBJECT-TYPE
SYNTAX Unsigned32 (1..60)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIcmp6Pkt2BigTime specifies the time frame
in seconds that is used to limit the number of packet-too-big ICMPv6
messages transmitted per time frame.
This value must be set in the same SNMP SET PDU as
tmnxVRtIPsecTnlIcmp6Pkt2Big."
DEFVAL { 10 }
::= { tmnxVRtIPsecTnlEntry 38 }
tmnxVRtIPsecTnlOperChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlOperChanged indicates the sysUpTime at the
time of the last operational status change of this entry."
::= { tmnxVRtIPsecTnlEntry 39 }
tmnxVRtIPsecTnlPropagateIpv4PMTU OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlPropagateIpv4PMTU specifies whether or not
to propagate a path MTU to IPv4 hosts."
DEFVAL { false }
::= { tmnxVRtIPsecTnlEntry 40 }
tmnxVRtIPsecTnlIcmpFragReq OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIcmpFragReq specifies whether or not
'Fragmentation required and DF flag set' ICMP messages should be sent.
When it is set to 'true (1)', the ICMP messages are transmitted by
this IPsec tunnel. When tmnxVRtIPsecTnlIcmpFragReq is set to 'false
(2)', the ICMP messages are not sent.
When the value of tmnxVRtIPsecTnlIcmpFragReq is 'false (2)', it must
be set in the same SNMP PDU as tmnxVRtIPsecTnlIcmpFragReqNum and
tmnxVRtIPsecTnlIcmpFragReqTime. The value of
tmnxVRtIPsecTnlIcmpFragReqNum and tmnxVRtIPsecTnlIcmpFragReqTime must
be their default values."
DEFVAL { true }
::= { tmnxVRtIPsecTnlEntry 41 }
tmnxVRtIPsecTnlIcmpFragReqNum OBJECT-TYPE
SYNTAX Unsigned32 (10..1000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIcmpFragReqNum specifies how many
'Fragmentation required and DF flag set' ICMP messages are transmitted
in the time frame specified by tmnxVRtIPsecTnlIcmpFragReqTime.
This value must be set in the same SNMP SET PDU as
tmnxVRtIPsecTnlIcmpFragReq."
DEFVAL { 100 }
::= { tmnxVRtIPsecTnlEntry 42 }
tmnxVRtIPsecTnlIcmpFragReqTime OBJECT-TYPE
SYNTAX Unsigned32 (1..60)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIcmpFragReqTime specifies the time frame
in seconds that is used to limit the number of 'Fragmentation required
and DF flag set' ICMP messages transmitted per time frame.
This value must be set in the same SNMP SET PDU as
tmnxVRtIPsecTnlIcmpFragReq."
DEFVAL { 10 }
::= { tmnxVRtIPsecTnlEntry 43 }
tmnxVRtIPsecTnlPMTUDiscoverAging OBJECT-TYPE
SYNTAX Unsigned32 (900..3600)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlPMTUDiscoverAging specifies the number of
seconds used to age out the learned MTU, which is obtained through
path MTU discovery."
DEFVAL { 900 }
::= { tmnxVRtIPsecTnlEntry 44 }
tmnxVRtIPsecTnlPubTcpMssAdjust OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 512..9000)
UNITS "octets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlPubTcpMssAdjust specifies the Maximum
Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
sent from the public network to the private network. The system may
use this value to adjust or insert the MSS option in TCP SYN packet.
The TCP MSS adjustment functionality on the public side network is
disabled when the following conditions are met.
1) The value of tmnxVRtIPsecTnlPubTcpMssAdjust is '-1' or
2) The values of tmnxVRtIPsecTnlPubTcpMssAdjust and
tmnxVRtIPsecTnlEncapIpMtu are both '0'.
When the system receives a TCP SYN packet from the public network and
this packet contains an MSS option, the system replaces the MSS option
value with a new MSS when the new MSS is smaller than the MSS option
value.
When the system receives a TCP SYN packet from the public network and
this packet does not contain an MSS option, the system inserts one
with a new MSS.
The new MSS is calculated based on the following rules.
1) When the value of tmnxVRtIPsecTnlPubTcpMssAdjust is '0' and
tmnxVRtIPsecTnlEncapIpMtu has a non-zero value,
New MSS = tmnxVRtIPsecTnlEncapIpMtu - total header size (e.g.,
encryption, encapsulation, TCP and IP headers)
2) When the value of tmnxVRtIPsecTnlPubTcpMssAdjust is in the range
of (512..9000)
New MSS = tmnxVRtIPsecTnlPubTcpMssAdjust"
REFERENCE
"RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
DEFVAL { -1 }
::= { tmnxVRtIPsecTnlEntry 45 }
tmnxVRtIPsecTnlPrivTcpMssAdjust OBJECT-TYPE
SYNTAX Integer32 (-1 | 512..9000)
UNITS "octets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlPrivTcpMssAdjust specifies the Maximum
Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
sent from the private network to the public network. The system may
use this value to adjust or insert the MSS option in TCP SYN packet.
The value of '-1' specifies that the TCP MSS adjustment functionality
on the private side is disabled.
When the system receives a TCP SYN packet from the private network and
this packet contains an MSS option, the system replaces the MSS option
value with tmnxVRtIPsecTnlPrivTcpMssAdjust when the value of
tmnxVRtIPsecTnlPrivTcpMssAdjust is smaller than the MSS option value.
When the system receives a TCP SYN packet from the private network and
this packet does not contain an MSS option, the system inserts one
whose MSS is equal to tmnxVRtIPsecTnlPrivTcpMssAdjust."
REFERENCE
"RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
DEFVAL { -1 }
::= { tmnxVRtIPsecTnlEntry 46 }
tmnxVRtIPsecTnlMaxNumPh1SaKeys OBJECT-TYPE
SYNTAX Unsigned32 (0..3)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlMaxNumPh1SaKeys specifies the maximum
number of security association (SA) phase 1 keys, which can be saved
by the system, for this IPsec tunnel."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 47 }
tmnxVRtIPsecTnlMaxNumPh2SaKeys OBJECT-TYPE
SYNTAX Unsigned32 (0..48)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlMaxNumPh2SaKeys specifies the maximum
number of security association (SA) phase 2 keys, which can be saved
by the system, for this IPsec tunnel."
DEFVAL { 0 }
::= { tmnxVRtIPsecTnlEntry 48 }
tmnxVRtIPsecTnlSecPlyStrictMatch OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlSecPlyStrictMatch specifies whether or not
the system does a strict match when it receives a CREATE_CHILD
exchange request, which is not for rekey, for this IPsec tunnel."
DEFVAL { false }
::= { tmnxVRtIPsecTnlEntry 49 }
tmnxVRtIPsecTnlPrivateSvcName OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlPrivateSvcName specifies the private
service name of this tunnel.
The value of this object can only be specified during the row
creation."
DEFVAL { ''H }
::= { tmnxVRtIPsecTnlEntry 50 }
tmnxVRtIPsecTnlPrivSap OBJECT-TYPE
SYNTAX Unsigned32 (0..4094)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlPrivSap specifies the SAP encapsulation
value of this tunnel.
This object must be specified a value during the row creation."
::= { tmnxVRtIPsecTnlEntry 51 }
tmnxVRtIPsecTnlLclGwAddrOvrdType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlLclGwAddrOvrdType specifies the address
type of address in tmnxVRtIPsecTnlLclGwAddrOvrd."
DEFVAL { unknown }
::= { tmnxVRtIPsecTnlEntry 52 }
tmnxVRtIPsecTnlLclGwAddrOvrd OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlLclGwAddrOvrd specifies the local IPsec
tunnel endpoint that overrides the secured interface default source
address."
DEFVAL { ''H }
::= { tmnxVRtIPsecTnlEntry 53 }
tmnxVRtIPsecTnlHostEsa OBJECT-TYPE
SYNTAX TmnxEsaIdOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlHostEsa indicates the active ESA that is
being used to host this IPsec tunnel.
This object will contain a nonzero value only when the tunnel is both
operationally up and being hosted by an ESA virtual machine. When the
tunnel is being hosted by an ISA MDA, the host will be indicated by
the tmnxVRtIPsecTnlHostISA object."
::= { tmnxVRtIPsecTnlEntry 54 }
tmnxVRtIPsecTnlHostEsaVm OBJECT-TYPE
SYNTAX TmnxEsaVmIdOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlHostEsaVm indicates the active ESA virtual
machine that is being used to host this IPsec tunnel.
This object will contain a nonzero value only when the tunnel is both
operationally up and being hosted by an ESA virtual machine. When the
tunnel is being hosted by an ISA MDA, the host will be indicated by
the tmnxVRtIPsecTnlHostISA object."
::= { tmnxVRtIPsecTnlEntry 55 }
tmnxVRtIPsecTnlBfdTableLChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlBfdTableLChg indicates the time, since
system startup, when tmnxVRtIPsecTnlBfdTable last changed
configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxIPsecObjects 107 }
tmnxVRtIPsecTnlBfdTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxVRtIPsecTnlBfdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxVRtIPsecTnlBfdTable contains configurable IPsec Tunnel
Bidirectional Forwarding Detection (BFD) session information.
Entries in this table are created and destroyed via SNMP SET
operations to tmnxVRtIPsecTnlBfdRowStatus.
tmnxVRtIPsecTnlBfdSvcName, tmnxVRtIPsecTnlBfdIfName,
tmnxVRtIPsecTnlBfdDstAddrT and tmnxVRtIPsecTnlBfdDstAddr must be
present in the same SNMP PDU as the row creation, otherwise the
creation will fail."
::= { tmnxIPsecObjects 108 }
tmnxVRtIPsecTnlBfdEntry OBJECT-TYPE
SYNTAX TmnxVRtIPsecTnlBfdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxVRtIPsecTnlBfdEntry contains the configuration of one IPsec
Tunnel BFD session entry."
INDEX {
vRtrID,
vRtrIfIndex,
tmnxVRtIPsecTnlName
}
::= { tmnxVRtIPsecTnlBfdTable 1 }
TmnxVRtIPsecTnlBfdEntry ::= SEQUENCE
{
tmnxVRtIPsecTnlBfdRowStatus RowStatus,
tmnxVRtIPsecTnlBfdSvcName TLNamedItemOrEmpty,
tmnxVRtIPsecTnlBfdIfName TNamedItemOrEmpty,
tmnxVRtIPsecTnlBfdDstAddrT InetAddressType,
tmnxVRtIPsecTnlBfdDstAddr InetAddress
}
tmnxVRtIPsecTnlBfdRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlBfdRowStatus specifies the status of this
row. It is used to create and destroy rows in tmnxVRtIPsecTnlBfdTable."
::= { tmnxVRtIPsecTnlBfdEntry 1 }
tmnxVRtIPsecTnlBfdSvcName OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlBfdSvcName specifies the service name of
the interface running BFD."
DEFVAL { ''H }
::= { tmnxVRtIPsecTnlBfdEntry 2 }
tmnxVRtIPsecTnlBfdIfName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlBfdIfName specifies the IPSec interface
used by the BFD session."
DEFVAL { ''H }
::= { tmnxVRtIPsecTnlBfdEntry 3 }
tmnxVRtIPsecTnlBfdDstAddrT OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlBfdDstAddrT specifies the address type of
tmnxVRtIPsecTnlBfdDstAddr."
DEFVAL { ipv4 }
::= { tmnxVRtIPsecTnlBfdEntry 4 }
tmnxVRtIPsecTnlBfdDstAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlBfdDstAddr specifies the destination IP
address to be used for the BFD session.
The default value of tmnxVRtIPsecTnlBfdDstAddr is 0.0.0.0."
DEFVAL { '00000000'H }
::= { tmnxVRtIPsecTnlBfdEntry 5 }
tmnxVRtIPsecTnlBfdStatTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxVRtIPsecTnlBfdStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxVRtIPsecTnlBfdStatTable contains the statistics of IPsec
Tunnel BFD sessions."
::= { tmnxIPsecObjects 109 }
tmnxVRtIPsecTnlBfdStatEntry OBJECT-TYPE
SYNTAX TmnxVRtIPsecTnlBfdStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxVRtIPsecTnlBfdStatEntry contains the statistics for a single
IPsec Tunnel BFD session."
INDEX {
vRtrID,
vRtrIfIndex,
tmnxVRtIPsecTnlName
}
::= { tmnxVRtIPsecTnlBfdStatTable 1 }
TmnxVRtIPsecTnlBfdStatEntry ::= SEQUENCE
{
tmnxVRtIPsecTnlBfdStatSrcAddrT InetAddressType,
tmnxVRtIPsecTnlBfdStatSrcAddr InetAddress,
tmnxVRtIPsecTnlBfdStatOperState TmnxBfdSessOperState
}
tmnxVRtIPsecTnlBfdStatSrcAddrT OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlBfdStatSrcAddrT indicates the address type
of tmnxVRtIPsecTnlBfdStatSrcAddr."
::= { tmnxVRtIPsecTnlBfdStatEntry 1 }
tmnxVRtIPsecTnlBfdStatSrcAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlBfdStatSrcAddr indicates the source IP
address on the interface running BFD."
::= { tmnxVRtIPsecTnlBfdStatEntry 2 }
tmnxVRtIPsecTnlBfdStatOperState OBJECT-TYPE
SYNTAX TmnxBfdSessOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlBfdStatOperState indicates the operational
state of the BFD session the IPsec tunnel is relying upon for its fast
triggering mechanism."
::= { tmnxVRtIPsecTnlBfdStatEntry 3 }
tmnxVRtIPsecSATableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSATableLastChanged indicates the sysUpTime at
the time of the last modification to tmnxVRtIPsecSATable by adding,
deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 112 }
tmnxVRtIPsecSATable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxVRtIPsecSAEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IPsec manual and dynamic SA entries."
::= { tmnxIPsecObjects 113 }
tmnxVRtIPsecSAEntry OBJECT-TYPE
SYNTAX TmnxVRtIPsecSAEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec SA entry."
INDEX {
vRtrID,
vRtrIfIndex,
tmnxVRtIPsecTnlName,
tmnxVRtIPsecSAId,
tmnxVRtIPsecSADirection,
tmnxVRtIPsecSAIndex
}
::= { tmnxVRtIPsecSATable 1 }
TmnxVRtIPsecSAEntry ::= SEQUENCE
{
tmnxVRtIPsecSAId Unsigned32,
tmnxVRtIPsecSADirection TmnxIPsecDirection,
tmnxVRtIPsecSAIndex Unsigned32,
tmnxVRtIPsecSARowStatus RowStatus,
tmnxVRtIPsecSALastChanged TimeStamp,
tmnxVRtIPsecSAType TmnxIPsecKeyingType,
tmnxVRtIPsecSAEncryptionKey OCTET STRING,
tmnxVRtIPsecSAAuthenticationKey OCTET STRING,
tmnxVRtIPsecSASpi Unsigned32,
tmnxVRtIPsecSAManualTransformId TmnxIPsecTransformIdOrZero,
tmnxVRtIPsecSAAuthAlgorithm TmnxAuthAlgorithm,
tmnxVRtIPsecSAEncrAlgorithm TmnxEncrAlgorithm,
tmnxVRtIPsecSAStorageType StorageType,
tmnxVRtIPsecSAEstablishedTime TimeStamp,
tmnxVRtIPsecSANegotiatedLifeTime Unsigned32
}
tmnxVRtIPsecSAId OBJECT-TYPE
SYNTAX Unsigned32 (1..16)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAId specifies the id of an SA entry and is
part of the index for the tmnxVRtIPsecSATable."
::= { tmnxVRtIPsecSAEntry 1 }
tmnxVRtIPsecSADirection OBJECT-TYPE
SYNTAX TmnxIPsecDirection
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSADirection specifies the direction on the
IPsec tunnel to which this SA entry can be applied. The value
of tmnxVRtIPsecSADirection is also part of the index for the table
tmnxVRtIPsecSATable"
::= { tmnxVRtIPsecSAEntry 2 }
tmnxVRtIPsecSAIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..2)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAIndex specifies an additional index to
uniquely identify the SA entry in the tmnxVRtIPsecSATable.
The value of tmnxVRtIPsecSAIndex is limited to a value of '1' when
tmnxIPsecTunnelKeyingType corresponding to the tunnel specified
tmnxIPsecTunnelName is set to 'static'."
::= { tmnxVRtIPsecSAEntry 3 }
tmnxVRtIPsecSARowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxVRtIPsecSARowStatus object is used to create and delete rows
in the tmnxVRtIPsecSATable.
When creating an entry in tmnxVRtIPsecSATable, the value of
tmnxVRtIPsecSARowStatus must be 'createAndGo' and the objects
tmnxVRtIPsecSAEncryptionKey, tmnxVRtIPsecSAAuthenticationKey,
tmnxVRtIPsecSASpi, tmnxVRtIPsecSAManualTransformId are required to be
set in the same request."
::= { tmnxVRtIPsecSAEntry 4 }
tmnxVRtIPsecSALastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSALastChanged indicates the sysUpTime at the
time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxVRtIPsecSAEntry 5 }
tmnxVRtIPsecSAType OBJECT-TYPE
SYNTAX TmnxIPsecKeyingType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAType indicates whether this SA entry is
created manually by the user or dynamically by the IPsec subsystem."
::= { tmnxVRtIPsecSAEntry 6 }
tmnxVRtIPsecSAEncryptionKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAEncryptionKey specifies the key used for
the encryption algorithm defined by the
tmnxIPsecTransformEncrAlgorithm in the IPsec transform indexed by
tmnxVRtIPsecSAManualTransformId.
The length of the key must match the length required by the encryption
algorithm. If a key of another length is set, the request will fail
with an 'inconsistentValue' error.
There is no default value for tmnxVRtIPsecSAEncryptionKey and this is
a required object when creating an entry in tmnxVRtIPsecSATable. If
tmnxVRtIPsecSAEncryptionKey is not specified when creating an entry,
the request will fail with an 'inconsistentValue' error.
A 'wrongLength' error is returned if the length of this object is set
to outside the range of 0 and 32."
::= { tmnxVRtIPsecSAEntry 7 }
tmnxVRtIPsecSAAuthenticationKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAAuthenticationKey specifies the key used
for the authentication algorithm defined by the
tmnxIPsecTransformAuthAlgorithm in the IPsec transform indexed by
tmnxVRtIPsecSAManualTransformId.
The length of the key must match the length required by the
authentication algorithm. If a key of another length is set, the
request will fail with an 'inconsistentValue' error.
There is no default value for tmnxVRtIPsecSAAuthenticationKey and this
is a required object when creating an entry in tmnxVRtIPsecSATable. If
tmnxVRtIPsecSAAuthenticationKey is not specified when creating an
entry, the request will fail with an 'inconsistentValue' error.
A 'wrongLength' error is returned if the length of this object is set
to outside the range of 0 and 64."
::= { tmnxVRtIPsecSAEntry 8 }
tmnxVRtIPsecSASpi OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSASpi specifies the SPI (Security Parameter
Index) used to lookup the instruction to verify and decrypt the
incoming IPsec packets when the value of tmnxVRtIPsecSADirection is
'inbound'.
The value of tmnxVRtIPsecSASpi specifies the SPI that will be used
in the encoding of the outgoing packets when the value of
tmnxVRtIPsecSADirection is 'outbound'. The remote node can use this
SPI to lookup the instruction to verify and decrypt the packet.
There is no default value for tmnxVRtIPsecSASpi and this is a required
object when creating an entry in tmnxVRtIPsecSATable. If
tmnxVRtIPsecSAAuthenticationKey is not specified when creating an
entry, the request will fail with an 'inconsistentValue' error.
A 'wrongValue' error is returned if the value of tmnxVRtIPsecSASpi is
set to outside the range of 256 and 16383."
::= { tmnxVRtIPsecSAEntry 9 }
tmnxVRtIPsecSAManualTransformId OBJECT-TYPE
SYNTAX TmnxIPsecTransformIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAManualTransformId specifies the transform
entry that will be used by this SA entry. This object should be
specified for all the entries created by the user which are manual
SAs. If the value of tmnxVRtIPsecSAType is 'dynamic', then
the value of tmnxVRtIPsecSAManualTransformId is irrelevant and
will be zero.
There is no default value for tmnxVRtIPsecSAManualTransformId and this
is a required object when creating an entry in tmnxVRtIPsecSATable. If
tmnxVRtIPsecSAManualTransformId is not specified when creating an
entry, the request will fail with an 'inconsistentValue' error."
::= { tmnxVRtIPsecSAEntry 10 }
tmnxVRtIPsecSAAuthAlgorithm OBJECT-TYPE
SYNTAX TmnxAuthAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAAuthAlgorithm indicates the authentication
algorithm used with this SA."
::= { tmnxVRtIPsecSAEntry 11 }
tmnxVRtIPsecSAEncrAlgorithm OBJECT-TYPE
SYNTAX TmnxEncrAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAEncrAlgorithm indicates the encryption
algorithm used with this SA."
::= { tmnxVRtIPsecSAEntry 12 }
tmnxVRtIPsecSAStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStorageType indicates how the row is stored.
Entries with tmnxVRtIPsecSAStorageType of 'read-only' are dynamic SAs
and are created by the IPsec subsystem and cannot be modified or
destroyed. All the entries created by the user are manual SAs and
will have the tmnxVRtIPsecSAStorageType as 'nonVolatile'."
::= { tmnxVRtIPsecSAEntry 13 }
tmnxVRtIPsecSAEstablishedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAEstablishedTime indicates the sysUpTime at
the time the IPsec phase 2 negotiation completed."
::= { tmnxVRtIPsecSAEntry 14 }
tmnxVRtIPsecSANegotiatedLifeTime OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSANegotiatedLifeTime indicates the lifetime
negotiated for phase2 IKE key."
::= { tmnxVRtIPsecSAEntry 15 }
tmnxVRtIPsecSAStTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxVRtIPsecSAStEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to retrieve the IPsec SA Statistics entries."
::= { tmnxIPsecObjects 114 }
tmnxVRtIPsecSAStEntry OBJECT-TYPE
SYNTAX TmnxVRtIPsecSAStEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec SA Statistics entry."
INDEX {
vRtrID,
vRtrIfIndex,
tmnxVRtIPsecTnlName,
tmnxVRtIPsecSAId,
tmnxVRtIPsecSADirection,
tmnxVRtIPsecSAIndex
}
::= { tmnxVRtIPsecSAStTable 1 }
TmnxVRtIPsecSAStEntry ::= SEQUENCE
{
tmnxVRtIPsecSAStBytesProcessed Counter64,
tmnxVRtIPsecSAStBytesProcLow32 Counter32,
tmnxVRtIPsecSAStBytesProcHigh32 Counter32,
tmnxVRtIPsecSAStPktsProcessed Counter64,
tmnxVRtIPsecSAStPktsProcLow32 Counter32,
tmnxVRtIPsecSAStPktsProcHigh32 Counter32,
tmnxVRtIPsecSAStCryptoErrors Counter32,
tmnxVRtIPsecSAStReplayErrors Counter32,
tmnxVRtIPsecSAStSAErrors Counter32,
tmnxVRtIPsecSAStPolicyErrors Counter32,
tmnxVRtIPsecSAStEncapOverhead Counter32,
tmnxVRtIPsecSAStPreEncapFragCnt Counter64,
tmnxVRtIPsecSAStPreEncapFragLtSz Unsigned32,
tmnxVRtIPsecSAStPstEncapFragCnt Counter64,
tmnxVRtIPsecSAStPstEncapFragLtSz Unsigned32,
tmnxVRtIPsecSAStTempPrivMtu Unsigned32,
tmnxVRtIPsecSAStPfsDhGroup TmnxIkePolicyDHGroupOrZero,
tmnxVRtIPsecSAStMulticastIfName TNamedItemOrEmpty,
tmnxVRtIPsecSAStMulticastProt TIPsecMulticastProtocol
}
tmnxVRtIPsecSAStBytesProcessed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStBytesProcessed indicates the number of
bytes successfully processed for this SA."
::= { tmnxVRtIPsecSAStEntry 1 }
tmnxVRtIPsecSAStBytesProcLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStBytesProcLow32 indicates the lower 32
bits of the value of tmnxVRtIPsecSAStBytesProcessed."
::= { tmnxVRtIPsecSAStEntry 2 }
tmnxVRtIPsecSAStBytesProcHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStBytesProcHigh32 indicates the higher 32
bits of the value of tmnxVRtIPsecSAStBytesProcessed."
::= { tmnxVRtIPsecSAStEntry 3 }
tmnxVRtIPsecSAStPktsProcessed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStPktsProcessed indicates the number of
packets successfully processed for this SA."
::= { tmnxVRtIPsecSAStEntry 4 }
tmnxVRtIPsecSAStPktsProcLow32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStPktsProcLow32 indicates the lower 32 bits
of the value of tmnxVRtIPsecSAStPktsProcessed."
::= { tmnxVRtIPsecSAStEntry 5 }
tmnxVRtIPsecSAStPktsProcHigh32 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStPktsProcHigh32 indicates the higher 32
bits of the value of tmnxVRtIPsecSAStPktsProcessed."
::= { tmnxVRtIPsecSAStEntry 6 }
tmnxVRtIPsecSAStCryptoErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStCryptoErrors indicates the number
of crypto errors encountered on this SA. The crypto errors
include errors on packets where protocol does not match or
if the check on authentication header length failed."
::= { tmnxVRtIPsecSAStEntry 7 }
tmnxVRtIPsecSAStReplayErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStReplayErrors indicates the number of
replay errors encountered on this SA."
::= { tmnxVRtIPsecSAStEntry 8 }
tmnxVRtIPsecSAStSAErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStSAErrors indicates the number
of SA errors encountered on this SA. The SA errors include
sequence number failure, invalid SA, policy version mismatch,
illegal authentication algorithm, expanded packet too big,
illegal configured algorithm and ttl decrement error."
::= { tmnxVRtIPsecSAStEntry 9 }
tmnxVRtIPsecSAStPolicyErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStPolicyErrors indicates the number
of policy errors encountered on this SA. The policy errors include
bundled SA, selector check and policy direction error."
::= { tmnxVRtIPsecSAStEntry 10 }
tmnxVRtIPsecSAStEncapOverhead OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStEncapOverhead indicates the encapsulation
overhead for this outbound SA. This value is only significant when the
value of tmnxVRtIPsecSADirection is 'outbound'."
::= { tmnxVRtIPsecSAStEntry 11 }
tmnxVRtIPsecSAStPreEncapFragCnt OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStPreEncapFragCnt indicates the number of
fragmentations that occurred prior to encapsulation for this outbound
SA. Pre-encapsulation fragmentation occurs for IPv4 packets whose size
exceeds tmnxIPsecTunnelIpMtu. This value is only significant when the
value of tmnxVRtIPsecSADirection is 'outbound'."
::= { tmnxVRtIPsecSAStEntry 12 }
tmnxVRtIPsecSAStPreEncapFragLtSz OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStPreEncapFragLtSz indicates the size of
the last packet which caused a pre-encapsulation fragmentation to
occur for this SA. This value is only significant when the value of
tmnxVRtIPsecSADirection is 'outbound'."
::= { tmnxVRtIPsecSAStEntry 13 }
tmnxVRtIPsecSAStPstEncapFragCnt OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStPstEncapFragCnt indicates the number of
fragmentations that occurred after encapsulation for this SA.
Post-encapsulation fragmentation occurs when the encapsulated packet
size exceeds tmnxIPsecTunnelEncapIpMtu. This value is only significant
when the value of tmnxVRtIPsecSADirection is 'outbound'."
::= { tmnxVRtIPsecSAStEntry 14 }
tmnxVRtIPsecSAStPstEncapFragLtSz OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStPstEncapFragLtSz indicates the size of
the last encapsulated packet which caused a post-encapsulation
fragmentation to occur for this SA. This value is only significant
when the value of tmnxVRtIPsecSADirection is 'outbound'."
::= { tmnxVRtIPsecSAStEntry 15 }
tmnxVRtIPsecSAStTempPrivMtu OBJECT-TYPE
SYNTAX Unsigned32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStTempPrivMtu indicates the size of
temporary private MTU for this SA.
This value is only significant when the value of
tmnxVRtIPsecSADirection is 'outbound (2)'."
::= { tmnxVRtIPsecSAStEntry 16 }
tmnxVRtIPsecSAStPfsDhGroup OBJECT-TYPE
SYNTAX TmnxIkePolicyDHGroupOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStPfsDhGroup indicates the Diffie-Hellman
(DH) group used with this SA.
The Diffie-Hellman (DH) group is used by the SA to achieve Perfect
Forward Secrecy (PFS)."
::= { tmnxVRtIPsecSAStEntry 17 }
tmnxVRtIPsecSAStMulticastIfName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStMulticastIfName indicates the multicast
interface name associated with this SA.
This value is only significant when the value of tmnxVRtIPsecSAType is
'dynamic (2)' and the value of tmnxVRtIPsecSADirection is 'outbound
(2)'."
::= { tmnxVRtIPsecSAStEntry 18 }
tmnxVRtIPsecSAStMulticastProt OBJECT-TYPE
SYNTAX TIPsecMulticastProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecSAStMulticastProt indicates the supported
protocol types of the multicast interface associated to this RA.
This value is only significant when the value of tmnxVRtIPsecSAType is
'dynamic (2)' and the value of tmnxVRtIPsecSADirection is 'outbound
(2)'."
::= { tmnxVRtIPsecSAStEntry 19 }
tmnxVRtSecPlcyTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyTableLastChanged indicates the sysUpTime at
the time of the last modification to tmnxVRtSecPlcyTable by adding,
deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 115 }
tmnxVRtSecPlcyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxVRtSecPlcyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IPsec Security Policy entries."
::= { tmnxIPsecObjects 116 }
tmnxVRtSecPlcyEntry OBJECT-TYPE
SYNTAX TmnxVRtSecPlcyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec Security Policy entry."
INDEX {
vRtrID,
tmnxVRtSecPlcyId
}
::= { tmnxVRtSecPlcyTable 1 }
TmnxVRtSecPlcyEntry ::= SEQUENCE
{
tmnxVRtSecPlcyId TmnxIPsecPolicyId,
tmnxVRtSecPlcyRowStatus RowStatus,
tmnxVRtSecPlcyLastChanged TimeStamp
}
tmnxVRtSecPlcyId OBJECT-TYPE
SYNTAX TmnxIPsecPolicyId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyId specifies the id of a Security Policy
entry and is the primary index for the table."
::= { tmnxVRtSecPlcyEntry 1 }
tmnxVRtSecPlcyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxVRtSecPlcyRowStatus object is used to create and delete rows
in the tmnxVRtSecPlcyTable."
::= { tmnxVRtSecPlcyEntry 2 }
tmnxVRtSecPlcyLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyLastChanged indicates the sysUpTime at the
time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxVRtSecPlcyEntry 3 }
tmnxVRtSecPlcyParamTblLastChangd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamTblLastChangd indicates the sysUpTime
at the time of the last modification to tmnxVRtSecPlcyParamTable by
adding, deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 117 }
tmnxVRtSecPlcyParamTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxVRtSecPlcyParamEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the IPsec Security Policy Params entries."
::= { tmnxIPsecObjects 118 }
tmnxVRtSecPlcyParamEntry OBJECT-TYPE
SYNTAX TmnxVRtSecPlcyParamEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec Security policy params entry."
INDEX {
vRtrID,
tmnxVRtSecPlcyId,
tmnxVRtSecPlcyParamId
}
::= { tmnxVRtSecPlcyParamTable 1 }
TmnxVRtSecPlcyParamEntry ::= SEQUENCE
{
tmnxVRtSecPlcyParamId Unsigned32,
tmnxVRtSecPlcyParamRowStatus RowStatus,
tmnxVRtSecPlcyParamLastChanged TimeStamp,
tmnxVRtSecPlcyParamLclAddrAny TruthValue,
tmnxVRtSecPlcyParamLclAddrType InetAddressType,
tmnxVRtSecPlcyParamLclAddr InetAddress,
tmnxVRtSecPlcyParamLclAPrefLen InetAddressPrefixLength,
tmnxVRtSecPlcyParamRemAddrAny TruthValue,
tmnxVRtSecPlcyParamRemAddrType InetAddressType,
tmnxVRtSecPlcyParamRemAddr InetAddress,
tmnxVRtSecPlcyParamRemAPrefLen InetAddressPrefixLength,
tmnxVRtSecPlcyParam6LclAddrAny TruthValue,
tmnxVRtSecPlcyParam6LclAddrType InetAddressType,
tmnxVRtSecPlcyParam6LclAddr InetAddress,
tmnxVRtSecPlcyParam6LclAPrefLen InetAddressPrefixLength,
tmnxVRtSecPlcyParam6RemAddrAny TruthValue,
tmnxVRtSecPlcyParam6RemAddrType InetAddressType,
tmnxVRtSecPlcyParam6RemAddr InetAddress,
tmnxVRtSecPlcyParam6RemAPrefLen InetAddressPrefixLength
}
tmnxVRtSecPlcyParamId OBJECT-TYPE
SYNTAX Unsigned32 (1..16)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamId specifies the id of an IPsec policy
params entry and is part of the index for the
tmnxVRtSecPlcyParamTable."
::= { tmnxVRtSecPlcyParamEntry 1 }
tmnxVRtSecPlcyParamRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxVRtSecPlcyParamRowStatus object is used to create and delete
rows in the tmnxVRtSecPlcyParamTable."
::= { tmnxVRtSecPlcyParamEntry 2 }
tmnxVRtSecPlcyParamLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamLastChanged indicates the sysUpTime at
the time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxVRtSecPlcyParamEntry 3 }
tmnxVRtSecPlcyParamLclAddrAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamLclAddrAny specifies whether the IP
address on the vpn side can be any IP address. If the value is 'true'
then local IP address can be any IP address.
Please look at the following chart for more details:
tmnxVRtSecPlcyParamLclAddrAny true false
-----------------------------------------------------------------
tmnxVRtSecPlcyParamLclAddrType unknown unknown or ipv4
tmnxVRtSecPlcyParamLclAddr ''H ''H or valid ipv4
tmnxVRtSecPlcyParamLclAPrefLen 0 0 to 32"
DEFVAL { false }
::= { tmnxVRtSecPlcyParamEntry 4 }
tmnxVRtSecPlcyParamLclAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamLclAddrType specifies the address type
of address in tmnxVRtSecPlcyParamLclAddr. If the value of
tmnxVRtSecPlcyParamLclAddrAny is 'true' then the value of
tmnxVRtSecPlcyParamLclAddrType will be 'unknown'."
DEFVAL { unknown }
::= { tmnxVRtSecPlcyParamEntry 5 }
tmnxVRtSecPlcyParamLclAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamLclAddr specifies the ip address on
the vpn side. If the value of tmnxVRtSecPlcyParamLclAddrAny is 'true'
then the value of tmnxVRtSecPlcyParamLclAddr will be empty(''H)."
DEFVAL { ''H }
::= { tmnxVRtSecPlcyParamEntry 6 }
tmnxVRtSecPlcyParamLclAPrefLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamLclAPrefLen specifies the number of
bits to match of the tmnxVRtSecPlcyParamLclAddr. If the value of
tmnxVRtSecPlcyParamLclAddrAny is 'true' then the value of
tmnxVRtSecPlcyParamLclAPrefLen will be 0."
DEFVAL { 0 }
::= { tmnxVRtSecPlcyParamEntry 7 }
tmnxVRtSecPlcyParamRemAddrAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamRemAddrAny specifies whether the IP
address on the tunnel side can be any IP address. If the value is
'true' then remote IP address can be any IP address.
Please look at the following chart for more details:
tmnxVRtSecPlcyParamRemAddrAny true false
-----------------------------------------------------------------
tmnxVRtSecPlcyParamRemAddrType unknown unknown or ipv4
tmnxVRtSecPlcyParamRemAddr ''H ''H or valid ipv4
tmnxVRtSecPlcyParamRemAPrefLen 0 0 to 32"
DEFVAL { false }
::= { tmnxVRtSecPlcyParamEntry 8 }
tmnxVRtSecPlcyParamRemAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamRemAddrType specifies the address type
of address in tmnxVRtSecPlcyParamRemAddr. If the value of
tmnxVRtSecPlcyParamRemAddrAny is 'true' then the value of
tmnxVRtSecPlcyParamRemAddrType will be 'unknown'."
DEFVAL { unknown }
::= { tmnxVRtSecPlcyParamEntry 9 }
tmnxVRtSecPlcyParamRemAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamRemAddr specifies the ip address on
the tunnel side. If the value of tmnxVRtSecPlcyParamRemAddrAny is
'true' then the value of tmnxVRtSecPlcyParamRemAddr will be
empty(''H)."
DEFVAL { ''H }
::= { tmnxVRtSecPlcyParamEntry 10 }
tmnxVRtSecPlcyParamRemAPrefLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParamRemAPrefLen specifies the number of
bits to match of the tmnxVRtSecPlcyParamRemAddr. If the value of
tmnxVRtSecPlcyParamRemAddrAny is 'true' then the value of
tmnxVRtSecPlcyParamRemAPrefLen will be 0."
DEFVAL { 0 }
::= { tmnxVRtSecPlcyParamEntry 11 }
tmnxVRtSecPlcyParam6LclAddrAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParam6LclAddrAny specifies whether the ipv6
address on the vpn side can be any ipv6 address. If the value is
'true' then local ipv6 address can be any ipv6 address.
Please look at the following chart for more details:
tmnxVRtSecPlcyParam6LclAddrAny true false
-----------------------------------------------------------------
tmnxVRtSecPlcyParam6LclAddrType unknown unknown or ipv6
tmnxVRtSecPlcyParam6LclAddr ''H ''H or valid ipv6
tmnxVRtSecPlcyParam6LclAPrefLen 0 0 to 128"
DEFVAL { false }
::= { tmnxVRtSecPlcyParamEntry 12 }
tmnxVRtSecPlcyParam6LclAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParam6LclAddrType specifies the address
type of address in tmnxVRtSecPlcyParam6LclAddr. If the value of
tmnxVRtSecPlcyParam6LclAddrAny is 'true' then the value of
tmnxVRtSecPlcyParam6LclAddrType will be 'unknown'."
DEFVAL { unknown }
::= { tmnxVRtSecPlcyParamEntry 13 }
tmnxVRtSecPlcyParam6LclAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParam6LclAddr specifies the ipv6 address on
the vpn side. If the value of tmnxVRtSecPlcyParam6LclAddrAny is 'true'
then the value of tmnxVRtSecPlcyParam6LclAddr will be empty(''H)."
DEFVAL { ''H }
::= { tmnxVRtSecPlcyParamEntry 14 }
tmnxVRtSecPlcyParam6LclAPrefLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength (0 | 1..128)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParam6LclAPrefLen specifies the number of
bits to match of the tmnxVRtSecPlcyParam6LclAddr. If the value of
tmnxVRtSecPlcyParam6LclAddrAny is 'true' then the value of
tmnxVRtSecPlcyParam6LclAPrefLen will be 0."
DEFVAL { 0 }
::= { tmnxVRtSecPlcyParamEntry 15 }
tmnxVRtSecPlcyParam6RemAddrAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParam6RemAddrAny specifies whether the ipv6
address on the tunnel side can be any ipv6 address. If the value is
'true' then remote ipv6 address can be any ipv6 address.
Please look at the following chart for more details:
tmnxVRtSecPlcyParam6RemAddrAny true false
-----------------------------------------------------------------
tmnxVRtSecPlcyParam6RemAddrType unknown unknown or ipv6
tmnxVRtSecPlcyParam6RemAddr ''H ''H or valid ipv6
tmnxVRtSecPlcyParam6RemAPrefLen 0 0 to 128"
DEFVAL { false }
::= { tmnxVRtSecPlcyParamEntry 16 }
tmnxVRtSecPlcyParam6RemAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParam6RemAddrType specifies the address
type of address in tmnxVRtSecPlcyParam6RemAddr. If the value of
tmnxVRtSecPlcyParam6RemAddrAny is 'true' then the value of
tmnxVRtSecPlcyParam6RemAddrType will be 'unknown'."
DEFVAL { unknown }
::= { tmnxVRtSecPlcyParamEntry 17 }
tmnxVRtSecPlcyParam6RemAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParam6RemAddr specifies the ipv6 address on
the tunnel side. If the value of tmnxVRtSecPlcyParam6RemAddrAny is
'true' then the value of tmnxVRtSecPlcyParam6RemAddr will be
empty(''H)."
DEFVAL { ''H }
::= { tmnxVRtSecPlcyParamEntry 18 }
tmnxVRtSecPlcyParam6RemAPrefLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength (0 | 1..128)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtSecPlcyParam6RemAPrefLen specifies the number of
bits to match of the tmnxVRtSecPlcyParam6RemAddr. If the value of
tmnxVRtSecPlcyParam6RemAddrAny is 'true' then the value of
tmnxVRtSecPlcyParam6RemAPrefLen will be 0."
DEFVAL { 0 }
::= { tmnxVRtSecPlcyParamEntry 19 }
tmnxVRtIfIPsecTblLstCgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIfIPsecTblLstCgd indicates the sysUpTime at the
time of the last modification to tmnxVRtIfIPsecTable by adding,
deleting an entry or change to a writable object in the table.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxIPsecObjects 119 }
tmnxVRtIfIPsecTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxVRtIfIPsecEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store IPsec entries."
::= { tmnxIPsecObjects 120 }
tmnxVRtIfIPsecEntry OBJECT-TYPE
SYNTAX TmnxVRtIfIPsecEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single IPsec entry."
INDEX {
vRtrID,
vRtrIfIndex
}
::= { tmnxVRtIfIPsecTable 1 }
TmnxVRtIfIPsecEntry ::= SEQUENCE
{
tmnxVRtIfIPsecRowStatus RowStatus,
tmnxVRtIfIPsecLastChgd TimeStamp,
tmnxVRtIfIPsecAdminState TmnxAdminState,
tmnxVRtIfIPsecIpFilterInExcptId TFilterID,
tmnxVRtIfIPsecIsaTnlGroup TmnxTunnelGroupIdOrZero,
tmnxVRtIfIPsecPubSap Unsigned32,
tmnxVRtIfIPsecIpv6FilterInExcId TFilterID
}
tmnxVRtIfIPsecRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxVRtIfIPsecRowStatus object is used to create and delete rows
in the tmnxVRtIfIPsecTable."
::= { tmnxVRtIfIPsecEntry 1 }
tmnxVRtIfIPsecLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIfIPsecLastChgd indicates the sysUpTime at the
time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxVRtIfIPsecEntry 2 }
tmnxVRtIfIPsecAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIfIPsecAdminState specifies the administrative
state of the tmnxVRtIfIPsecEntry."
DEFVAL { outOfService }
::= { tmnxVRtIfIPsecEntry 3 }
tmnxVRtIfIPsecIpFilterInExcptId OBJECT-TYPE
SYNTAX TFilterID
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxVRtIfIPsecIpFilterInExcptId specifies the
row index in the alu-nge:aluNgeIPExceptionTable corresponding to this
IPv4 ingress exception, or zero if no exception is specified."
DEFVAL { 0 }
::= { tmnxVRtIfIPsecEntry 4 }
tmnxVRtIfIPsecIsaTnlGroup OBJECT-TYPE
SYNTAX TmnxTunnelGroupIdOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIfIPsecIsaTnlGroup specifies the ISA tunnel group
ID.
This object must be specified to a non-zero value during the row
creation."
DEFVAL { 0 }
::= { tmnxVRtIfIPsecEntry 5 }
tmnxVRtIfIPsecPubSap OBJECT-TYPE
SYNTAX Unsigned32 (0..4094)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxVRtIfIPsecPubSap specifies the SAP encapsulation
value.
This object must be specified to a value during the row creation."
::= { tmnxVRtIfIPsecEntry 6 }
tmnxVRtIfIPsecIpv6FilterInExcId OBJECT-TYPE
SYNTAX TFilterID
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxVRtIfIPsecIpv6FilterInExcId specifies the
IPv6 exception filter for this interface.
A value of 0 specifies that no IPv6 exception filter is configured on
the interface. A non-zero value specifies the IPv6 exception filter
configured in the table tIPv6ExceptionTable."
DEFVAL { 0 }
::= { tmnxVRtIfIPsecEntry 7 }
tmnxVRtIPsecTnlStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxVRtIPsecTnlStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store IPsec Tunnel statistics"
::= { tmnxIPsecObjects 121 }
tmnxVRtIPsecTnlStatsEntry OBJECT-TYPE
SYNTAX TmnxVRtIPsecTnlStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Statistics for a single IPsec Tunnel."
INDEX {
vRtrID,
vRtrIfIndex,
tmnxVRtIPsecTnlName
}
::= { tmnxVRtIPsecTnlStatsTable 1 }
TmnxVRtIPsecTnlStatsEntry ::= SEQUENCE
{
tmnxVRtIPsecTnlIsakmpState INTEGER,
tmnxVRtIPsecTnlIsakmpEstabTime TimeStamp,
tmnxVRtIPsecTnlIsakmpNegLifeTime Unsigned32,
tmnxVRtIPsecTnlNumDpdTx Counter32,
tmnxVRtIPsecTnlNumDpdRx Counter32,
tmnxVRtIPsecTnlNumDpdAckTx Counter32,
tmnxVRtIPsecTnlNumDpdAckRx Counter32,
tmnxVRtIPsecTnlNumExpRx Counter32,
tmnxVRtIPsecTnlNumInvalidDpdRx Counter32,
tmnxVRtIPsecTnlNumCtrlPktsTx Counter32,
tmnxVRtIPsecTnlNumCtrlPktsRx Counter32,
tmnxVRtIPsecTnlNumCtrlTxErrors Counter32,
tmnxVRtIPsecTnlNumCtrlRxErrors Counter32,
tmnxVRtIPsecTnlMatCertEntryId Integer32,
tmnxVRtIPsecTnlCertProfName TNamedItemOrEmpty,
tmnxVRtIPsecTnlStatIsakmpAuthAlg TmnxAuthAlgorithm,
tmnxVRtIPsecTnlStatIsakmpEncrAlg TmnxEncrAlgorithm,
tmnxVRtIPsecTnlStatIsakmpPfsDhGp TmnxIkePolicyDHGroupOrZero,
tmnxVRtIPsecTnlStatIkeTranPrfAlg INTEGER
}
tmnxVRtIPsecTnlIsakmpState OBJECT-TYPE
SYNTAX INTEGER {
up (1),
down (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIsakmpState indicates the state of phase 1
IPsec negotiation."
::= { tmnxVRtIPsecTnlStatsEntry 1 }
tmnxVRtIPsecTnlIsakmpEstabTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIsakmpEstabTime indicates the sysUpTime at
the time the IPsec phase 1 negotiation completed."
::= { tmnxVRtIPsecTnlStatsEntry 2 }
tmnxVRtIPsecTnlIsakmpNegLifeTime OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlIsakmpNegLifeTime indicates the lifetime
negotiated for phase1 IKE key."
::= { tmnxVRtIPsecTnlStatsEntry 3 }
tmnxVRtIPsecTnlNumDpdTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlNumDpdTx indicates the number of
Dead-Peer-Detection packets transmitted."
::= { tmnxVRtIPsecTnlStatsEntry 4 }
tmnxVRtIPsecTnlNumDpdRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlNumDpdRx indicates the number of
Dead-Peer-Detection packets received."
::= { tmnxVRtIPsecTnlStatsEntry 5 }
tmnxVRtIPsecTnlNumDpdAckTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlNumDpdAckTx indicates the number of
Dead-Peer-Detection acknowledgement packets transmitted."
::= { tmnxVRtIPsecTnlStatsEntry 6 }
tmnxVRtIPsecTnlNumDpdAckRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlNumDpdAckRx indicates the number of
Dead-Peer-Detection acknowledgement packets received."
::= { tmnxVRtIPsecTnlStatsEntry 7 }
tmnxVRtIPsecTnlNumExpRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlNumExpRx indicates the number of DPD
R-U-THERE packets that have not been acknowledged."
::= { tmnxVRtIPsecTnlStatsEntry 8 }
tmnxVRtIPsecTnlNumInvalidDpdRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlNumInvalidDpdRx indicates the number of
malformed DPD R-U-THERE acknowledgement packets received."
::= { tmnxVRtIPsecTnlStatsEntry 9 }
tmnxVRtIPsecTnlNumCtrlPktsTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlNumCtrlPktsTx indicates the number of
control packets this IPsec Tunnel has sent."
::= { tmnxVRtIPsecTnlStatsEntry 10 }
tmnxVRtIPsecTnlNumCtrlPktsRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlNumCtrlPktsRx indicates the number of
control packets this IPsec Tunnel has received."
::= { tmnxVRtIPsecTnlStatsEntry 11 }
tmnxVRtIPsecTnlNumCtrlTxErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlNumCtrlTxErrors indicates the number of
control packet transmit errors."
::= { tmnxVRtIPsecTnlStatsEntry 12 }
tmnxVRtIPsecTnlNumCtrlRxErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlNumCtrlRxErrors indicates the number of
control packet receive errors."
::= { tmnxVRtIPsecTnlStatsEntry 13 }
tmnxVRtIPsecTnlMatCertEntryId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlMatCertEntryId indicates the matching
certificate profile entry id used for this tunnel."
::= { tmnxVRtIPsecTnlStatsEntry 14 }
tmnxVRtIPsecTnlCertProfName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlCertProfName indicates a specific IPsec
tunnel certificate profile name used for this tunnel."
::= { tmnxVRtIPsecTnlStatsEntry 15 }
tmnxVRtIPsecTnlStatIsakmpAuthAlg OBJECT-TYPE
SYNTAX TmnxAuthAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlStatIsakmpAuthAlg indicates the
authentication algorithm of the IPsec phase 1 negotiation for this
IPsec tunnel."
::= { tmnxVRtIPsecTnlStatsEntry 17 }
tmnxVRtIPsecTnlStatIsakmpEncrAlg OBJECT-TYPE
SYNTAX TmnxEncrAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlStatIsakmpEncrAlg indicates the encryption
algorithm of the IPsec phase 1 negotiation for this IPsec tunnel."
::= { tmnxVRtIPsecTnlStatsEntry 18 }
tmnxVRtIPsecTnlStatIsakmpPfsDhGp OBJECT-TYPE
SYNTAX TmnxIkePolicyDHGroupOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlStatIsakmpPfsDhGp indicates the
Diffie-Hellman (DH) group of the IPsec phase 1 negotiation for this
IPsec tunnel.
The Diffie-Hellman (DH) group is used by the IPsec tunnel to achieve
Perfect Forward Secrecy (PFS)."
::= { tmnxVRtIPsecTnlStatsEntry 19 }
tmnxVRtIPsecTnlStatIkeTranPrfAlg OBJECT-TYPE
SYNTAX INTEGER {
md5 (2),
sha1 (3),
sha256 (4),
sha384 (5),
sha512 (6),
aesXcbc (7),
sameAsAuth (8)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxVRtIPsecTnlStatIkeTranPrfAlg specifies the
pseudo-random function (PRF)."
::= { tmnxVRtIPsecTnlStatsEntry 20 }
tmnxIPsecLOClientEsaTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecLOClientEsaEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecLOClientEsaTable contains the statistics information of
IPsec lockout clients. IPsec lockout clients are ones who are not
successfully pass the IKE authentication process."
::= { tmnxIPsecObjects 122 }
tmnxIPsecLOClientEsaEntry OBJECT-TYPE
SYNTAX TmnxIPsecLOClientEsaEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each tmnxIPsecLOClientEsaEntry contains the statistics information for
one IPsec Lockout Client. tmnxEsaId and tmnxEsaVmId should be IPsec
ESA and VM identifier."
INDEX {
tmnxEsaId,
tmnxEsaVmId,
tmnxIPsecLockoutClientRtrId,
tmnxIPsecLockoutClientLclGwAddrT,
tmnxIPsecLockoutClientLclGwAddr,
tmnxIPsecLockoutClientAddressTyp,
tmnxIPsecLockoutClientAddress,
tmnxIPsecLockoutClientPort
}
::= { tmnxIPsecLOClientEsaTable 1 }
TmnxIPsecLOClientEsaEntry ::= SEQUENCE
{
tmnxIPsecLOClientEsaStatus TruthValue,
tmnxIPsecLOClientEsaFailAtempt Unsigned32,
tmnxIPsecLOClientEsaDroppedPkt Unsigned32,
tmnxIPsecLOClientEsaRemainTime Integer32
}
tmnxIPsecLOClientEsaStatus OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecLOClientEsaStatus indicates whether a client is
locked out by the system.
The value of 'true (1)' indicates that the client is locked out and
all IKE traffics from this client are rejected by the system. The
value of 'false (2)' indicates that the system still accepts IKE
traffic from this client; but the client has failed on certain IKE
authentications."
::= { tmnxIPsecLOClientEsaEntry 1 }
tmnxIPsecLOClientEsaFailAtempt OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecLOClientEsaFailAtempt indicates the number of
failed authentication attempts from the lockout client within the
lockout duration(i.e., tmnxIkePolicyLockoutDuration)."
::= { tmnxIPsecLOClientEsaEntry 2 }
tmnxIPsecLOClientEsaDroppedPkt OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecLOClientEsaDroppedPkt indicates the number of
dropped packets for the lockout client."
::= { tmnxIPsecLOClientEsaEntry 3 }
tmnxIPsecLOClientEsaRemainTime OBJECT-TYPE
SYNTAX Integer32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecLOClientEsaRemainTime indicates the time
remaining until this client is unblocked.
The total block time is defined by tmnxIkePolicyLockoutBlock.
A value of zero indicates that this client will never be unblocked. A
value of -1 indicates that this client is not blocked."
::= { tmnxIPsecLOClientEsaEntry 4 }
tmnxIPsecEsaHistStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecEsaHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecEsaHistStatsTable contains the historical statistics of
Extended Services Appliances (ESAs)."
::= { tmnxIPsecObjects 123 }
tmnxIPsecEsaHistStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecEsaHistStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecEsaHistStatsEntry contains the historical statistics for
a specific ESA."
INDEX {
tmnxEsaId,
tmnxEsaVmId,
tmnxIPsecEsaHistStatsType,
tmnxIPsecEsaHistStatsIntvIdx
}
::= { tmnxIPsecEsaHistStatsTable 1 }
TmnxIPsecEsaHistStatsEntry ::= SEQUENCE
{
tmnxIPsecEsaHistStatsType TmnxIPsecHistStatsType,
tmnxIPsecEsaHistStatsIntvIdx Unsigned32,
tmnxIPsecEsaHistStatsValue64 CounterBasedGauge64,
tmnxIPsecEsaHistStatsValue32 Integer32,
tmnxIPsecEsaHistStatsIntvStTm DateAndTime,
tmnxIPsecEsaHistStatsIntvDur Unsigned32,
tmnxIPsecEsaHistStatsFstFTm DateAndTime,
tmnxIPsecEsaHistStatsFstFDesc TItemLongDescription,
tmnxIPsecEsaHistStatsLstFTm DateAndTime,
tmnxIPsecEsaHistStatsLstFDesc TItemLongDescription
}
tmnxIPsecEsaHistStatsType OBJECT-TYPE
SYNTAX TmnxIPsecHistStatsType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaHistStatsType specifies the statistical type
for this ESA."
::= { tmnxIPsecEsaHistStatsEntry 1 }
tmnxIPsecEsaHistStatsIntvIdx OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaHistStatsIntvIdx specifies the index of the
sampling interval period for this statistic.
When the value of tmnxIPsecEsaHistStatsIntvIdx is '1', it indicates
that this is the current sampling interval period and the value of
tmnxIPsecEsaHistStatsValue64 indicates the current statistical value.
When the value of tmnxIPsecEsaHistStatsIntvIdx is larger than '1', it
indicates that this is a previous sampling interval and the value of
tmnxIPsecEsaHistStatsValue64 indicates a previous statistical value.
Specifically, when the value of tmnxIPsecEsaHistStatsIntvIdx is '2',
it indicates that this is the most recent finished sampling interval
and the value of tmnxIPsecEsaHistStatsValue64 indicates the most
recent statistical value."
::= { tmnxIPsecEsaHistStatsEntry 2 }
tmnxIPsecEsaHistStatsValue64 OBJECT-TYPE
SYNTAX CounterBasedGauge64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaHistStatsValue64 indicates the statistical
value during the corresponding sampling interval period.
The unit of tmnxIPsecEsaHistStatsValue64 is indicated by
tmnxIPsecEsaHistStatsType."
::= { tmnxIPsecEsaHistStatsEntry 3 }
tmnxIPsecEsaHistStatsValue32 OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaHistStatsValue32 indicates a signed 32-bit
integer representation of the value of tmnxIPsecEsaHistStatsValue64.
This object is used by Remote Network Monitoring (RMON) to monitor
this statistical value.
For most tmnxIPsecEsaHistStatsType values, the value and unit of
tmnxIPsecEsaHistStatsValue32 are the same as the value and unit of
tmnxIPsecEsaHistStatsValue64. The exception are the following two
cases.
1) Different values:
The value of tmnxIPsecEsaHistStatsValue32 is meaningless if this
statistic (i.e. accumulative statistic) is not monitored by RMON.
The values of accumulative statistical types are indicated by
tmnxIPsecEsaHistStatsType.
2) Different values and units:
When the value of tmnxIPsecEsaHistStatsType is equal to any of
the following values, the unit of tmnxIPsecEsaHistStatsValue32
is the number of mebibits (1 mebibit == 1024 * 1024 bits),
instead of the number of bits which is used by
tmnxIPsecEsaHistStatsValue64.
'numOfIPsecEncrBits (103)'
'numOfIPsecDecrBits (104)'
'numOfIPsecEnDecrBits (105)'
'numOfGreTnlEncapBits (113)'
'numOfGreTnlDecapBits (114)'
'numOfGreTnlEnDecapBits (115)'
'numOfIpTnlEncapBits (123)'
'numOfIpTnlDecapBits (124)'
'numOfIpTnlEnDecapBits (125)'
'numOfL2tpv3TnlEncapBits (133)'
'numOfL2tpv3TnlDecapBits (134)'
'numOfL2tpv3TnlEnDecapBits (135)'
When the value of tmnxIPsecEsaHistStatsType is equal to any of
the following values, the unit of tmnxIPsecEsaHistStatsValue32
is the number of mebi-packets (1 mebi-packet == 1024 * 1024
packets), instead of the number of packets which is used by
tmnxIPsecEsaHistStatsValue64.
'numOfIPsecEncrPkts (100)'
'numOfIPsecDecrPkts (101)'
'numOfIPsecEnDecrPkts (102)'
'numOfGreTnlEncapPkts (110)'
'numOfGreTnlDecapPkts (111)'
'numOfGreTnlEnDecapPkts (112)'
'numOfIpTnlEncapPkts (120)'
'numOfIpTnlDecapPkts (121)'
'numOfIpTnlEnDecapPkts (122)'
'numOfL2tpv3TnlEncapPkts (130)'
'numOfL2tpv3TnlDecapPkts (131)'
'numOfL2tpv3TnlEnDecapPkts (132)'"
::= { tmnxIPsecEsaHistStatsEntry 4 }
tmnxIPsecEsaHistStatsIntvStTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaHistStatsIntvStTm indicates the UTC date when
the corresponding sampling interval started."
::= { tmnxIPsecEsaHistStatsEntry 5 }
tmnxIPsecEsaHistStatsIntvDur OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaHistStatsIntvDur indicates the duration in
seconds of the corresponding sampling interval."
::= { tmnxIPsecEsaHistStatsEntry 6 }
tmnxIPsecEsaHistStatsFstFTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaHistStatsFstFTm indicates the UTC date when
the first IKE exchange failure happened in the corresponding sampling
interval.
This value is only significant when tmnxIPsecEsaHistStatsType is equal
to any of the following values.
'numOfIkeAuthFails (300)
'numOfIkeNoPrpslFails (301)
'numOfIkeAddrAsgFails (302)
'numOfIkeInvldTsFails (303)
'numOfIkeInvldKeFails (304)
'numOfIkeDpdTimeoutFails (305)
'numOfIkeOtherReasonFails (306)"
::= { tmnxIPsecEsaHistStatsEntry 7 }
tmnxIPsecEsaHistStatsFstFDesc OBJECT-TYPE
SYNTAX TItemLongDescription (SIZE (0..160))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaHistStatsFstFDesc indicates the description
of the place where the first IKE exchange failure happened.
This value is only significant when tmnxIPsecEsaHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecEsaHistStatsFstFTm description)."
::= { tmnxIPsecEsaHistStatsEntry 8 }
tmnxIPsecEsaHistStatsLstFTm OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaHistStatsLstFTm indicates the UTC date when
the last IKE exchange failure happened in the corresponding sampling
interval.
This value is only significant when tmnxIPsecEsaHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecEsaHistStatsFstFTm description)."
::= { tmnxIPsecEsaHistStatsEntry 9 }
tmnxIPsecEsaHistStatsLstFDesc OBJECT-TYPE
SYNTAX TItemLongDescription (SIZE (0..160))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaHistStatsLstFDesc indicates the description
of the place where the last IKE exchange failure happened.
This value is only significant when tmnxIPsecEsaHistStatsType is equal
to any of the IKE exchange failure types (see
tmnxIPsecEsaHistStatsLstFTm description)."
::= { tmnxIPsecEsaHistStatsEntry 10 }
tmnxIPsecEsaDpStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPsecEsaDpStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecEsaDpStatsTable contains the data path statistics for
Tunnel Extended Services Appliance virtual machines (esa-vm)."
::= { tmnxIPsecObjects 124 }
tmnxIPsecEsaDpStatsEntry OBJECT-TYPE
SYNTAX TmnxIPsecEsaDpStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxIPsecEsaDpStatsEntry contains the data path statistics for a
specific tunnel esa-vm."
INDEX {
tmnxEsaId,
tmnxEsaVmId
}
::= { tmnxIPsecEsaDpStatsTable 1 }
TmnxIPsecEsaDpStatsEntry ::= SEQUENCE
{
tmnxIPsecEsaDpStatsEncryptPkts Counter64,
tmnxIPsecEsaDpStatsEncryptBytes Counter64,
tmnxIPsecEsaDpStatsDecryptPkts Counter64,
tmnxIPsecEsaDpStatsDecryptBytes Counter64,
tmnxIPsecEsaDpStatsTxPktErrs Counter32,
tmnxIPsecEsaDpStatsOutBDropPkts Counter64,
tmnxIPsecEsaDpStatsOutBSAMisses Counter64,
tmnxIPsecEsaDpStatsOutBPEMisses Counter32,
tmnxIPsecEsaDpStatsInBDropPkts Counter64,
tmnxIPsecEsaDpStatsInBSAMisses Counter64,
tmnxIPsecEsaDpStatsInBIPMismatch Counter32,
tmnxIPsecEsaDpInFragments Counter64,
tmnxIPsecEsaDpPktsReassem Counter64,
tmnxIPsecEsaDpFragDropTime Counter64,
tmnxIPsecEsaDpFragDropped Counter64,
tmnxIPsecEsaDpGreTnlInPkts Counter64,
tmnxIPsecEsaDpGreTnlInBytes Counter64,
tmnxIPsecEsaDpGreTnlInErrs Counter64,
tmnxIPsecEsaDpGreTnlOutPkts Counter64,
tmnxIPsecEsaDpGreTnlOutBytes Counter64,
tmnxIPsecEsaDpGreTnlOutErrs Counter64,
tmnxIPsecEsaDpPktsDropDfSet Counter64,
tmnxIPsecEsaDpStaticIPsecTnls Counter32,
tmnxIPsecEsaDpDynIPsecTnls Counter32,
tmnxIPsecEsaDpIpGreTnls Counter32,
tmnxIPsecEsaDpIpv4Tnls Counter32,
tmnxIPsecEsaDpL2tpv3TnlInPkts Counter64,
tmnxIPsecEsaDpL2tpv3TnlInBytes Counter64,
tmnxIPsecEsaDpL2tpv3TnlInErrs Counter64,
tmnxIPsecEsaDpL2tpv3TnlInCookErr Counter64,
tmnxIPsecEsaDpL2tpv3TnlInSeIdErr Counter64,
tmnxIPsecEsaDpL2tpv3TnlOutPkts Counter64,
tmnxIPsecEsaDpL2tpv3TnlOutBytes Counter64,
tmnxIPsecEsaDpL2tpv3TnlOutErrs Counter64,
tmnxIPsecEsaDpL2tpv3Tnls Counter32
}
tmnxIPsecEsaDpStatsEncryptPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsEncryptPkts indicates the number of
packets encrypted by the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 1 }
tmnxIPsecEsaDpStatsEncryptBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsEncryptBytes indicates the number of
bytes encrypted by the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 2 }
tmnxIPsecEsaDpStatsDecryptPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsDecryptPkts indicates the number of
packets decrypted by the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 3 }
tmnxIPsecEsaDpStatsDecryptBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsDecryptBytes indicates the number of
bytes decrypted by the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 4 }
tmnxIPsecEsaDpStatsTxPktErrs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsTxPktErrs indicates the number of
packets transmit failures by the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 5 }
tmnxIPsecEsaDpStatsOutBDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsOutBDropPkts indicates the number of
packets dropped before and during outbound (encryption) processing by
the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 6 }
tmnxIPsecEsaDpStatsOutBSAMisses OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsOutBSAMisses indicates the number of
packets dropped before outbound (encryption) processing by the IPsec
data path due to no SA (security association) present."
::= { tmnxIPsecEsaDpStatsEntry 7 }
tmnxIPsecEsaDpStatsOutBPEMisses OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsOutBPEMisses indicates the number of
packets dropped before outbound (encryption) processing by the IPsec
data path due to no matching Policy Entry."
::= { tmnxIPsecEsaDpStatsEntry 8 }
tmnxIPsecEsaDpStatsInBDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsInBDropPkts indicates the number of
packets dropped before and during inbound (decryption) processing by
the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 9 }
tmnxIPsecEsaDpStatsInBSAMisses OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsInBSAMisses indicates the number of
packets dropped before inbound (decryption) processing by the IPsec
data path due to no SA (security association) present."
::= { tmnxIPsecEsaDpStatsEntry 10 }
tmnxIPsecEsaDpStatsInBIPMismatch OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStatsInBIPMismatch indicates the number of
packets dropped before inbound (decryption) processing by the IPsec
data path due to the received packet's outer IP destination or source
address does not match the Tunnel's local or peer gateway address."
::= { tmnxIPsecEsaDpStatsEntry 11 }
tmnxIPsecEsaDpInFragments OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpInFragments indicates the number of
fragments received by the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 12 }
tmnxIPsecEsaDpPktsReassem OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpPktsReassem indicates the number of packets
reassembled by the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 13 }
tmnxIPsecEsaDpFragDropTime OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpFragDropTime indicates the number of
fragments dropped due to timeout by the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 14 }
tmnxIPsecEsaDpFragDropped OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpFragDropped indicates the number of total
fragments dropped by the IPsec data path."
::= { tmnxIPsecEsaDpStatsEntry 15 }
tmnxIPsecEsaDpGreTnlInPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpGreTnlInPkts indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 16 }
tmnxIPsecEsaDpGreTnlInBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpGreTnlInBytes indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 17 }
tmnxIPsecEsaDpGreTnlInErrs OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpGreTnlInErrs indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 18 }
tmnxIPsecEsaDpGreTnlOutPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpGreTnlOutPkts indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 19 }
tmnxIPsecEsaDpGreTnlOutBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpGreTnlOutBytes indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 20 }
tmnxIPsecEsaDpGreTnlOutErrs OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpGreTnlOutErrs indicates the number of
packets received by the GRE tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 21 }
tmnxIPsecEsaDpPktsDropDfSet OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpPktsDropDfSet indicates the number of
packets with DF bit set dropped in this Tunnel exceeding MTU size and
with clear tunnel DF bit not set."
::= { tmnxIPsecEsaDpStatsEntry 22 }
tmnxIPsecEsaDpStaticIPsecTnls OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpStaticIPsecTnls indicates number of
configured static IPsec tunnels on the esa-vm."
::= { tmnxIPsecEsaDpStatsEntry 23 }
tmnxIPsecEsaDpDynIPsecTnls OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpDynIPsecTnls indicates number of dynamic
IPsec tunnels in use on the esa-vm."
::= { tmnxIPsecEsaDpStatsEntry 24 }
tmnxIPsecEsaDpIpGreTnls OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpIpGreTnls indicates number of configured IP
tunnels (with GRE headers) on the esa-vm."
::= { tmnxIPsecEsaDpStatsEntry 25 }
tmnxIPsecEsaDpIpv4Tnls OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpIpv4Tnls indicates number of configured
IPv4 tunnels on the esa-vm."
::= { tmnxIPsecEsaDpStatsEntry 26 }
tmnxIPsecEsaDpL2tpv3TnlInPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpL2tpv3TnlInPkts indicates the number of
packets received by the Layer Two Tunneling Protocol (L2TP) version 3
(L2TPv3) tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 27 }
tmnxIPsecEsaDpL2tpv3TnlInBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpL2tpv3TnlInBytes indicates the number of
bytes received by the L2TPv3 tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 28 }
tmnxIPsecEsaDpL2tpv3TnlInErrs OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpL2tpv3TnlInErrs indicates the number of
packets dropped while receiving by the L2TPv3 tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 29 }
tmnxIPsecEsaDpL2tpv3TnlInCookErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpL2tpv3TnlInCookErr indicates the number of
packets dropped because the Cookie value received by the L2TPv3 tunnel
data path did not match the Cookie value negotiated during session
establishment."
::= { tmnxIPsecEsaDpStatsEntry 30 }
tmnxIPsecEsaDpL2tpv3TnlInSeIdErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpL2tpv3TnlInSeIdErr indicates the number of
packets dropped because the Session ID value received by the L2TPv3
tunnel data path did not match the Session ID value negotiated during
session establishment."
::= { tmnxIPsecEsaDpStatsEntry 31 }
tmnxIPsecEsaDpL2tpv3TnlOutPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpL2tpv3TnlOutPkts indicates the number of
packets transmitted by the L2TPv3 tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 32 }
tmnxIPsecEsaDpL2tpv3TnlOutBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpL2tpv3TnlOutBytes indicates the number of
bytes transmitted by the L2TPv3 tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 33 }
tmnxIPsecEsaDpL2tpv3TnlOutErrs OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpL2tpv3TnlOutErrs indicates the number of
packets dropped while transmitting by the L2TPv3 tunnel data path."
::= { tmnxIPsecEsaDpStatsEntry 34 }
tmnxIPsecEsaDpL2tpv3Tnls OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPsecEsaDpL2tpv3Tnls indicates number of configured
L2TPv3 tunnels on the esa-vm."
::= { tmnxIPsecEsaDpStatsEntry 35 }
tmnxIPsecConformance OBJECT IDENTIFIER ::= { tmnxSRConfs 48 }
tmnxIPsecCompliances OBJECT IDENTIFIER ::= { tmnxIPsecConformance 1 }
tmnxIPsecCompliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems."
MODULE
MANDATORY-GROUPS {
tmnxIPsecV6v0Group
}
::= { tmnxIPsecCompliances 1 }
tmnxIPsecV6v1Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems."
MODULE
MANDATORY-GROUPS {
tmnxIPsecV6v0Group,
tmnxIPsecMdaDpStatsV6v1Group
}
::= { tmnxIPsecCompliances 2 }
tmnxIPsecV7v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems."
MODULE
MANDATORY-GROUPS {
tmnxIPsecV6v0Group,
tmnxIPsecMdaDpStatsV6v1Group,
tIPsecTnlTempGroup,
tmnxIPsecGWGroup,
tmnxIPsecNotifyObjsGroup,
tmnxIPsecNotifGroup
}
::= { tmnxIPsecCompliances 3 }
tmnxIPsecV8v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems."
MODULE
MANDATORY-GROUPS {
tmnxIPsecV6v0Group,
tmnxIPsecMdaDpStatsV6v1Group,
tIPsecTnlTempGroup,
tmnxIPsecGWGroup,
tmnxIPsecNotifyObjsGroup,
tmnxIPsecNotifGroup,
tmnxIPsecTnlBfdGroup,
tmnxIPsecIkeGroup,
tmnxIPsecMdaDpGroup
}
::= { tmnxIPsecCompliances 4 }
tmnxIPsecV9v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems."
MODULE
MANDATORY-GROUPS {
tmnxIPsecV6v0Group,
tmnxIPsecMdaDpStatsV6v1Group,
tIPsecTnlTempGroup,
tmnxIPsecGWGroup,
tmnxIPsecNotifyObjsGroup,
tmnxIPsecNotifGroup,
tmnxIPsecTnlBfdGroup,
tmnxIPsecIkeGroup,
tmnxIPsecCertGroup,
tmnxIPsecMdaDpGroup
}
::= { tmnxIPsecCompliances 5 }
tmnxIPsecV10v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems."
MODULE
MANDATORY-GROUPS {
tmnxIPsecV6v0Group,
tmnxIPsecMdaDpStatsV6v1Group,
tIPsecTnlTempGroup,
tmnxIPsecGWV10v0Group,
tmnxIPsecNotifyObjsGroup,
tmnxIPsecNotifGroup,
tmnxIPsecTnlBfdGroup,
tmnxIPsecIkeGroup,
tmnxIPsecCertGroup,
tmnxIPsecMdaDpGroup,
tmnxIPsecV10v0Group,
tmnxIPsecMdaDpStatsV10v0Group,
tmnxIPsecTnlOperChgGroup
}
::= { tmnxIPsecCompliances 6 }
tmnxIPsecV11v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems."
MODULE
MANDATORY-GROUPS {
tmnxIPsecV6v0Group,
tmnxIPsecMdaDpStatsV6v1Group,
tIPsecTnlTempGroup,
tmnxIPsecGWV10v0Group,
tmnxIPsecNotifyObjsGroup,
tmnxIPsecNotifGroup,
tmnxIPsecTnlBfdGroup,
tmnxIPsecIkeGroup,
tmnxIPsecCertGroup,
tmnxIPsecMdaDpGroup,
tmnxIPsecV10v0Group,
tmnxIPsecV11v0Group,
tmnxIPsecMdaDpStatsV10v0Group,
tmnxIPsecIkev2RatGroup,
tIPsecIkev2RaTunNotifyObjsGroup,
tIPsecIkev2RaTunNotifGroup,
tmnxIPsecTnlOperChgGroup
}
::= { tmnxIPsecCompliances 7 }
tmnxIPsecV12v0Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems in release 12.0."
MODULE
MANDATORY-GROUPS {
tmnxIPsecV6v0Group,
tmnxIPsecMdaDpStatsV6v1Group,
tIPsecTnlTempGroup,
tmnxIPsecGWV12v0Group,
tmnxIPsecNotifyObjsGroup,
tmnxIPsecNotifGroup,
tmnxIPsecTnlBfdGroup,
tmnxIPsecIkeGroup,
tmnxIPsecCertGroup,
tmnxIPsecMdaDpGroup,
tmnxIPsecV10v0Group,
tmnxIPsecV11v0Group,
tmnxIPsecMdaDpStatsV10v0Group,
tmnxIPsecIkev2RatGroup,
tIPsecIkev2RaTunNotifyObjsGroup,
tIPsecIkev2RaTunNotifGroup,
tmnxIPsecTnlDstv12v0Group,
tmnxIPsecV12v0Group,
tIPsecIkev2CertAuthGroup,
tIPsecIkev2CertAuthChainGroup,
tIPsecTsReductionGroup,
tIPsecRUSATrafficSelGroup,
tIkev2SendUnSolCfgAttr12v0Group,
tIPSecTrustAnchorProfNotifGroup,
tmnxIPsecSAStatsV12v0Group,
tmnxIPsecRUSAStatsV12v0Group,
tmnxIPsecEncapNotifyObjsGroup,
tIPSecTunnelEncapNotifGroup,
tmnxIPsecTnlOperChgGroup,
tmnxIkePolicyAutoEapRadiusGroup,
tmnxIkePolicyAutoEapGroup
}
::= { tmnxIPsecCompliances 8 }
tmnxIPsecV13v0Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems in release 13.0."
MODULE
MANDATORY-GROUPS {
tmnxIPsecGWDhcpGroup,
tmnxIPsecGWDhcpV6Group,
tmnxSecurityNotificationV13v0Grp,
tmnxIPsecGWLclAddrGroup,
tmnxIPsecRadInterimUpdGroup,
tmnxIPsecIkev2IdiGroup,
tmnxIPsecGWPrivIp2V13v0Group,
tmnxIPSecGWNotifV13v0Group,
tmnxIPSecTunnelNotifV11v0Group
}
::= { tmnxIPsecCompliances 9 }
tmnxIPsecV14v0Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems in release 14.0."
MODULE
MANDATORY-GROUPS {
tmnxIPsecGWLAAIpPool2V14v0Group,
tIPsecTrafficSelectorV14v0Group,
tmnxIkePolicyLockoutV14v0Group,
tIPsecRUTnlDhcpLeaseStatV14v0Grp,
tIPsecClientDatabaseV14v0Group,
tmnxIkePolicyV2FragV14v0Group,
tmnxIPsecMdaDpStatsV14v0Group,
tmnxIPsecRUTnlInUseCfgsV14v0Grp,
tmnxIPsecIkePolicyV14v0Group,
tmnxIPsecSvcLevelCfgV14v0Grp
}
::= { tmnxIPsecCompliances 10 }
tmnxIPsecV15v0Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems in release 15.0."
MODULE
MANDATORY-GROUPS {
tmnxIPsecIkeTransformV15v0Group,
tmnxIPsecHistStatsV15v0Group,
tIPsecTcpMssAdjustV15v0Grp,
tmnxIkePolicyObsoleteV15v0Group,
tmnxIPsecTransformV15v0Group,
tmnxIPsecEmbmsV15v0Group,
tmnxIPsecGWStatsV15v0Grp,
tmnxIkePolicyV15v0Group,
tmnxIPsecTunnelV15v0Grp
}
::= { tmnxIPsecCompliances 11 }
tmnxIPsecV16v0Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems in release 16.0."
MODULE
MANDATORY-GROUPS {
tmnxIPsecNoOfSaKeysV16v0Grp,
tmnxIPsecSvcNameV16v0Grp,
tmnxIPsecTnlBfdSessV16v0Grp,
tmnxIPsecCertProfV16v0Group,
tmnxIkeTransformV16v0Grp
}
::= { tmnxIPsecCompliances 12 }
tmnxIPsecV19v0Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems in release 17.0."
MODULE
MANDATORY-GROUPS {
tmnxVRtrIdIPsecTnlV19v0Group,
tIPsecTnlTempGroupV19v0Group,
tmnxIPsecNotifyObjsV19v0Group,
tmnxIPsecTunnelNotifV19v0Group,
tmnxIPsecTunnelEsaVmV19v0Group
}
::= { tmnxIPsecCompliances 13 }
tmnxIPsecV20v0Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of IPsec features on Nokia
SROS series systems in release 20.0."
MODULE
MANDATORY-GROUPS {
tmnxVRtrIdIPsecTnlV19v0Group,
tIPsecTnlTempGroupV19v0Group,
tmnxIPsecNotifyObjsV19v0Group,
tmnxIPsecTunnelNotifV19v0Group,
tmnxIPsecTunnelEsaVmV19v0Group,
tmnxIPsecTunnelEsaVmV20v0Group,
tmnxIPsecSvcLevelCfgV20v0Grp
}
::= { tmnxIPsecCompliances 14 }
tmnxIPsecGroups OBJECT IDENTIFIER ::= { tmnxIPsecConformance 2 }
tmnxIPsecV6v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecTransformTblLastChanged,
tmnxIPsecTransformRowStatus,
tmnxIPsecTransformLastChanged,
tmnxIPsecTransformAuthAlgorithm,
tmnxIPsecTransformEncrAlgorithm,
tmnxIkePolicyTableLastChanged,
tmnxIkePolicyRowStatus,
tmnxIkePolicyLastChanged,
tmnxIkePolicyDescription,
tmnxIkePolicyIkeMode,
tmnxIkePolicyPFSEnabled,
tmnxIkePolicyPFSDHGroup,
tmnxIkePolicyIPsecLifeTime,
tmnxIkePolicyNatTraversal,
tmnxIkePolicyNatTKeepAliveIntvl,
tmnxIkePolicyNatTBehindNatOnly,
tmnxIkePolicyDpd,
tmnxIkePolicyDpdInterval,
tmnxIkePolicyDpdMaxRetries,
tmnxIPsecTunnelTableLastChanged,
tmnxIPsecTunnelRowStatus,
tmnxIPsecTunnelLastChanged,
tmnxIPsecTunnelDescription,
tmnxIPsecTunnelLclGwAddrType,
tmnxIPsecTunnelLclGwAddr,
tmnxIPsecTunnelRemGwAddrType,
tmnxIPsecTunnelRemGwAddr,
tmnxIPsecTunnelPublicSvcId,
tmnxIPsecTunnelSecurityPolicyId,
tmnxIPsecTunnelKeyingType,
tmnxIPsecTunnelDynTransformId1,
tmnxIPsecTunnelDynTransformId2,
tmnxIPsecTunnelDynTransformId3,
tmnxIPsecTunnelDynTransformId4,
tmnxIPsecTunnelIkePolicyId,
tmnxIPsecTunnelIkePreSharedKey,
tmnxIPsecTunnelAdminState,
tmnxIPsecTunnelOperState,
tmnxIPsecTunnelOperFlags,
tmnxIPsecTunnelReplayWindow,
tmnxIPsecTunnelIsakmpState,
tmnxIPsecTunnelIsakmpEstabTime,
tmnxIPsecTunnelIsakmpNegLifeTime,
tmnxIPsecTunnelNumDpdTx,
tmnxIPsecTunnelNumDpdRx,
tmnxIPsecTunnelNumDpdAckTx,
tmnxIPsecTunnelNumDpdAckRx,
tmnxIPsecTunnelNumExpRx,
tmnxIPsecTunnelNumInvalidDpdRx,
tmnxIPsecTunnelNumCtrlPktsTx,
tmnxIPsecTunnelNumCtrlPktsRx,
tmnxIPsecTunnelNumCtrlTxErrors,
tmnxIPsecTunnelNumCtrlRxErrors,
tmnxIPsecPolicyTableLastChanged,
tmnxIPsecPolicyRowStatus,
tmnxIPsecPolicyLastChanged,
tmnxIPsecPlcyParamsTblLastChangd,
tmnxIPsecPolicyParamsRowStatus,
tmnxIPsecPolicyParamsLastChanged,
tmnxIPsecPolicyParamsLclAddrAny,
tmnxIPsecPolicyParamsLclAddrType,
tmnxIPsecPolicyParamsLclAddr,
tmnxIPsecPolicyParamsLclAPrefLen,
tmnxIPsecPolicyParamsRemAddrAny,
tmnxIPsecPolicyParamsRemAddrType,
tmnxIPsecPolicyParamsRemAddr,
tmnxIPsecPolicyParamsRemAPrefLen,
tmnxIPsecSATableLastChanged,
tmnxIPsecSARowStatus,
tmnxIPsecSALastChanged,
tmnxIPsecSAType,
tmnxIPsecSAEncryptionKey,
tmnxIPsecSAAuthenticationKey,
tmnxIPsecSASpi,
tmnxIPsecSAManualTransformId,
tmnxIPsecSAAuthAlgorithm,
tmnxIPsecSAEncrAlgorithm,
tmnxIPsecSAStorageType,
tmnxIPsecSAEstablishedTime,
tmnxIPsecSANegotiatedLifeTime,
tmnxIPsecSAStatsBytesProcessed,
tmnxIPsecSAStatsBytesProcLow32,
tmnxIPsecSAStatsBytesProcHigh32,
tmnxIPsecSAStatsPktsProcessed,
tmnxIPsecSAStatsPktsProcLow32,
tmnxIPsecSAStatsPktsProcHigh32,
tmnxIPsecSAStatsCryptoErrors,
tmnxIPsecSAStatsReplayErrors,
tmnxIPsecSAStatsSAErrors,
tmnxIPsecSAStatsPolicyErrors
}
STATUS current
DESCRIPTION
"The group of objects supporting the IPsec Feature capabilities on
Nokia SROS series systems."
::= { tmnxIPsecGroups 1 }
tmnxIPsecMdaDpStatsV6v1Group OBJECT-GROUP
OBJECTS {
tmnxIPsecMdaDpStatsEncryptPkts,
tmnxIPsecMdaDpStatsEncryptPktsLow32,
tmnxIPsecMdaDpStatsEncryptPktsHigh32,
tmnxIPsecMdaDpStatsEncryptBytes,
tmnxIPsecMdaDpStatsEncryptBytesLow32,
tmnxIPsecMdaDpStatsEncryptBytesHigh32,
tmnxIPsecMdaDpStatsDecryptPkts,
tmnxIPsecMdaDpStatsDecryptPktsLow32,
tmnxIPsecMdaDpStatsDecryptPktsHigh32,
tmnxIPsecMdaDpStatsDecryptBytes,
tmnxIPsecMdaDpStatsDecryptBytesLow32,
tmnxIPsecMdaDpStatsDecryptBytesHigh32,
tmnxIPsecMdaDpStatsTxPktErrs,
tmnxIPsecMdaDpStatsOutBDropPkts,
tmnxIPsecMdaDpStatsOutBDropPktsLow32,
tmnxIPsecMdaDpStatsOutBDropPktsHigh32,
tmnxIPsecMdaDpStatsOutBSAMisses,
tmnxIPsecMdaDpStatsOutBSAMissesLow32,
tmnxIPsecMdaDpStatsOutBSAMissesHigh32,
tmnxIPsecMdaDpStatsOutBPolicyEntryMisses,
tmnxIPsecMdaDpStatsInBDropPkts,
tmnxIPsecMdaDpStatsInBDropPktsLow32,
tmnxIPsecMdaDpStatsInBDropPktsHigh32,
tmnxIPsecMdaDpStatsInBSAMisses,
tmnxIPsecMdaDpStatsInBSAMissesLow32,
tmnxIPsecMdaDpStatsInBSAMissesHigh32,
tmnxIPsecMdaDpStatsInBIPDstSrcMismatches
}
STATUS current
DESCRIPTION
"The group of objects for IPsec Mda Data Path Statistics on Nokia SROS
series systems."
::= { tmnxIPsecGroups 2 }
tIPsecTnlTempGroup OBJECT-GROUP
OBJECTS {
tIPsecTnlTempDescr,
tIPsecTnlTempDynKeyTransformId1,
tIPsecTnlTempDynKeyTransformId2,
tIPsecTnlTempDynKeyTransformId3,
tIPsecTnlTempDynKeyTransformId4,
tIPsecTnlTempLastChanged,
tIPsecTnlTempReplayWindow,
tIPsecTnlTempReverseRoute,
tIPsecTnlTempRowStatus,
tIPsecTnlTempTblLastChanged,
tmnxIkePolicyAuthMethod
}
STATUS current
DESCRIPTION
"The group of objects for IPsec tunnel template on Nokia SROS series
systems."
::= { tmnxIPsecGroups 3 }
tmnxIPsecGWGroup OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelAutoEstablish,
tmnxIPsecGWAdminState,
tmnxIPsecGWName,
tmnxIPsecGWIfName,
tmnxIPsecGWInetAddrType,
tmnxIPsecGWInetAddress,
tmnxIPsecGWLastMgmtChange,
tmnxIPsecGWOperState,
tmnxIPsecGWRowStatus,
tmnxIPsecGWSecureService,
tmnxIPsecGWTblLastChgd,
tmnxIPsecGWTunnelPolicyTemp,
tmnxIPsecGWIkePolicyId,
tmnxIPsecGWIkePreShared,
tmnxIPsecGWLclX509Cert,
tmnxIPsecGWLclPrivateKey,
tmnxIPsecGWOperFlags,
tmnxIPsecGWCACert,
tmnxIPsecGWCACertRevocList,
tIPsecRUSAAuthAlgorithm,
tIPsecRUSAAuthenticationKey,
tIPsecRUSAEncrAlgorithm,
tIPsecRUSAEncryptionKey,
tIPsecRUSAEstablishedTime,
tIPsecRUSANegotiatedLifeTime,
tIPsecRUSASpi,
tIPsecRUSAStatsBytesProcHigh32,
tIPsecRUSAStatsBytesProcLow32,
tIPsecRUSAStatsBytesProcessed,
tIPsecRUSAStatsCryptoErrors,
tIPsecRUSAStatsPktsProcHigh32,
tIPsecRUSAStatsPktsProcLow32,
tIPsecRUSAStatsPktsProcessed,
tIPsecRUSAStatsPolicyErrors,
tIPsecRUSAStatsReplayErrors,
tIPsecRUSAStatsSAErrors,
tIPsecRUTnlIPsecSALifeTime,
tIPsecRUTnlIsakmpEstabTime,
tIPsecRUTnlIsakmpNegLifeTime,
tIPsecRUTnlIsakmpState,
tIPsecRUTnlNumCtrlPktsRx,
tIPsecRUTnlNumCtrlPktsTx,
tIPsecRUTnlNumCtrlRxErrors,
tIPsecRUTnlNumCtrlTxErrors,
tIPsecRUTnlNumDpdAckRx,
tIPsecRUTnlNumDpdAckTx,
tIPsecRUTnlNumDpdRx,
tIPsecRUTnlNumDpdTx,
tIPsecRUTnlNumExpRx,
tIPsecRUTnlNumInvalidDpdRx,
tIPsecRUTnlPfsDHGroup,
tIPsecRUTnlHasBiDirectionalSA,
tIPsecRUTnlPrivateIfIndex,
tIPsecRUTnlPrivateIpAddr,
tIPsecRUTnlPrivateIpPrefixLen,
tIPsecRUTnlPrivateIpAddrType,
tIPsecRUTnlPrivateSvcId,
tIPsecRUTnlReplayWindow,
tIPsecRUTnlTempId,
tIPsecRUSALclAPrefLen,
tIPsecRUSALclAddr,
tIPsecRUSALclAddrType,
tIPsecRUSARemAPrefLen,
tIPsecRUSARemAddr,
tIPsecRUSARemAddrType,
tmnxIPsecGWPskXAuthTunnels,
tmnxIPsecGWPskTunnels,
tmnxIPsecPskTunnels
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of IPSec gateway
capabilities for SAPs on Nokia SROS series systems."
::= { tmnxIPsecGroups 4 }
tmnxIPsecNotifyObjsGroup OBJECT-GROUP
OBJECTS {
tIPsecNotifRUTnlInetAddrType,
tIPsecNotifRUTnlInetAddress,
tIPsecNotifRUTnlPort,
tIPsecNotifReason,
tIPsecNotifBfdIntfDestIp,
tIPsecNotifBfdIntfDestIpType,
tIPsecNotifBfdIntfIfName,
tIPsecNotifBfdIntfSessState,
tIPsecNotifBfdIntfSvcId
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec notification
objects on Nokia SROS series systems."
::= { tmnxIPsecGroups 5 }
tmnxIPsecTnlBfdGroup OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelBfdDesignate,
tmnxIPsecTunnelBfdRowStatus,
tmnxIPsecTunnelBfdSrcAddrType,
tmnxIPsecTunnelBfdSrcAddr,
tmnxIPsecTunnelBfdSessOperState,
tmnxIPsecTunnelBfdLastChanged,
tmnxIPsecTunnelBfdTableLastChgd
}
STATUS current
DESCRIPTION
"The group of objects for IPsec Tunnel BFD service on Nokia SROS series
systems."
::= { tmnxIPsecGroups 6 }
tmnxIPsecIkeGroup OBJECT-GROUP
OBJECTS {
tmnxIkePolicyIkeVersion
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPSec IKE specific
capabilities on Nokia SROS series systems."
::= { tmnxIPsecGroups 7 }
tmnxIPsecCertGroup OBJECT-GROUP
OBJECTS {
tmnxIPsecGWLocalIdType,
tmnxIPsecGWLocalIdValue,
tmnxIPsecTunnelLocalIdType,
tmnxIPsecTunnelLocalIdValue,
tmnxIPsecTunnelClearDfBit,
tmnxIPsecTunnelIpMtu,
tmnxIkePolicyOwnAuthMethod
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPSec X.509 certificate
specific capabilities on Nokia SROS series systems."
::= { tmnxIPsecGroups 8 }
tmnxIpsecObsoletedV10v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecGWCACert,
tmnxIPsecGWCACertRevocList
}
STATUS current
DESCRIPTION
"The group of objects obsoleted related to management of IPSec specific
capabilities on Nokia SROS series systems."
::= { tmnxIPsecGroups 9 }
tmnxIPsecGWV10v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelAutoEstablish,
tmnxIPsecGWAdminState,
tmnxIPsecGWName,
tmnxIPsecGWIfName,
tmnxIPsecGWInetAddrType,
tmnxIPsecGWInetAddress,
tmnxIPsecGWLastMgmtChange,
tmnxIPsecGWOperState,
tmnxIPsecGWRowStatus,
tmnxIPsecGWSecureService,
tmnxIPsecGWTblLastChgd,
tmnxIPsecGWTunnelPolicyTemp,
tmnxIPsecGWIkePolicyId,
tmnxIPsecGWIkePreShared,
tmnxIPsecGWLclX509Cert,
tmnxIPsecGWLclPrivateKey,
tmnxIPsecGWOperFlags,
tIPsecRUSAAuthAlgorithm,
tIPsecRUSAAuthenticationKey,
tIPsecRUSAEncrAlgorithm,
tIPsecRUSAEncryptionKey,
tIPsecRUSAEstablishedTime,
tIPsecRUSANegotiatedLifeTime,
tIPsecRUSASpi,
tIPsecRUSAStatsBytesProcHigh32,
tIPsecRUSAStatsBytesProcLow32,
tIPsecRUSAStatsBytesProcessed,
tIPsecRUSAStatsCryptoErrors,
tIPsecRUSAStatsPktsProcHigh32,
tIPsecRUSAStatsPktsProcLow32,
tIPsecRUSAStatsPktsProcessed,
tIPsecRUSAStatsPolicyErrors,
tIPsecRUSAStatsReplayErrors,
tIPsecRUSAStatsSAErrors,
tIPsecRUTnlIPsecSALifeTime,
tIPsecRUTnlIsakmpEstabTime,
tIPsecRUTnlIsakmpNegLifeTime,
tIPsecRUTnlIsakmpState,
tIPsecRUTnlNumCtrlPktsRx,
tIPsecRUTnlNumCtrlPktsTx,
tIPsecRUTnlNumCtrlRxErrors,
tIPsecRUTnlNumCtrlTxErrors,
tIPsecRUTnlNumDpdAckRx,
tIPsecRUTnlNumDpdAckTx,
tIPsecRUTnlNumDpdRx,
tIPsecRUTnlNumDpdTx,
tIPsecRUTnlNumExpRx,
tIPsecRUTnlNumInvalidDpdRx,
tIPsecRUTnlPfsDHGroup,
tIPsecRUTnlHasBiDirectionalSA,
tIPsecRUTnlPrivateIfIndex,
tIPsecRUTnlPrivateIpAddr,
tIPsecRUTnlPrivateIpPrefixLen,
tIPsecRUTnlPrivateIpAddrType,
tIPsecRUTnlPrivateSvcId,
tIPsecRUTnlReplayWindow,
tIPsecRUTnlTempId,
tIPsecRUSALclAPrefLen,
tIPsecRUSALclAddr,
tIPsecRUSALclAddrType,
tIPsecRUSARemAPrefLen,
tIPsecRUSARemAddr,
tIPsecRUSARemAddrType,
tmnxIPsecGWPskXAuthTunnels,
tmnxIPsecGWPskTunnels,
tmnxIPsecGWCertTunnels,
tmnxIPsecPskTunnels
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of IPSec gateway
capabilities for SAPs on Nokia SROS series systems."
::= { tmnxIPsecGroups 10 }
tmnxIPsecMdaDpStatsV10v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecMdaDpStaticIPsecTnls,
tmnxIPsecMdaDpDynIPsecTnls,
tmnxIPsecMdaDpIpGreTnls,
tmnxIPsecMdaDpIpv4Tnls,
tmnxIPsecMdaDpGreTnlInBytes,
tmnxIPsecMdaDpGreTnlInBytesHi,
tmnxIPsecMdaDpGreTnlInBytesLo,
tmnxIPsecMdaDpGreTnlInErrs,
tmnxIPsecMdaDpGreTnlInErrsHi,
tmnxIPsecMdaDpGreTnlInErrsLo,
tmnxIPsecMdaDpGreTnlInPkts,
tmnxIPsecMdaDpGreTnlInPktsHi,
tmnxIPsecMdaDpGreTnlInPktsLo,
tmnxIPsecMdaDpGreTnlOutBytes,
tmnxIPsecMdaDpGreTnlOutBytesHi,
tmnxIPsecMdaDpGreTnlOutBytesLo,
tmnxIPsecMdaDpGreTnlOutErrs,
tmnxIPsecMdaDpGreTnlOutErrsHi,
tmnxIPsecMdaDpGreTnlOutErrsLo,
tmnxIPsecMdaDpGreTnlOutPkts,
tmnxIPsecMdaDpGreTnlOutPktsHi,
tmnxIPsecMdaDpGreTnlOutPktsLo,
tmnxIPsecMdaDpFragDropTime,
tmnxIPsecMdaDpFragDropTimeHigh32,
tmnxIPsecMdaDpFragDropTimeLow32,
tmnxIPsecMdaDpFragDropped,
tmnxIPsecMdaDpFragDroppedHigh32,
tmnxIPsecMdaDpFragDroppedLow32,
tmnxIPsecMdaDpInFragments,
tmnxIPsecMdaDpInFragmentsHigh32,
tmnxIPsecMdaDpInFragmentsLow32,
tmnxIPsecMdaDpPktsReassem,
tmnxIPsecMdaDpPktsReassemHigh32,
tmnxIPsecMdaDpPktsReassemLow32,
tmnxIPsecMdaDpPktsDropDfSet,
tmnxIPsecMdaDpPktsDropDfSetLo,
tmnxIPsecMdaDpPktsDropDfSetHi
}
STATUS current
DESCRIPTION
"The group of objects for IPsec Mda Data Path Statistics on Nokia SROS
series systems."
::= { tmnxIPsecGroups 11 }
tmnxIPsecMdaDpGroup OBJECT-GROUP
OBJECTS {
tmnxIPsecMdaDpGreTnlInBytes,
tmnxIPsecMdaDpGreTnlInBytesHi,
tmnxIPsecMdaDpGreTnlInBytesLo,
tmnxIPsecMdaDpGreTnlInErrs,
tmnxIPsecMdaDpGreTnlInErrsHi,
tmnxIPsecMdaDpGreTnlInErrsLo,
tmnxIPsecMdaDpGreTnlInPkts,
tmnxIPsecMdaDpGreTnlInPktsHi,
tmnxIPsecMdaDpGreTnlInPktsLo,
tmnxIPsecMdaDpGreTnlOutBytes,
tmnxIPsecMdaDpGreTnlOutBytesHi,
tmnxIPsecMdaDpGreTnlOutBytesLo,
tmnxIPsecMdaDpGreTnlOutErrs,
tmnxIPsecMdaDpGreTnlOutErrsHi,
tmnxIPsecMdaDpGreTnlOutErrsLo,
tmnxIPsecMdaDpGreTnlOutPkts,
tmnxIPsecMdaDpGreTnlOutPktsHi,
tmnxIPsecMdaDpGreTnlOutPktsLo
}
STATUS current
DESCRIPTION
"The group of objects for IPsec Mda Data Path Statistics on Nokia SROS
series systems."
::= { tmnxIPsecGroups 12 }
tmnxIPsecV10v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelHostISA,
tIPsecRUTnlHostISA
}
STATUS current
DESCRIPTION
"The group of additional objects for IPsec feature on Nokia SROS series
systems in 10.0 release."
::= { tmnxIPsecGroups 13 }
tmnxIPsecV11v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecGWCSVPrimary,
tmnxIPsecGWCSVSecondary,
tmnxIPsecGWCSVDefResult,
tmnxIPsecTunnelCSVPrimary,
tmnxIPsecTunnelCSVSecondary,
tmnxIPsecTunnelCSVDefResult
}
STATUS current
DESCRIPTION
"The group of additional objects for IPsec feature on Nokia SROS series
systems in 11.0 release."
::= { tmnxIPsecGroups 14 }
tmnxIPsecIkev2RatGroup OBJECT-GROUP
OBJECTS {
tmnxIPsecGWPskRadiusTunnels,
tmnxIPsecGWCertRadiusTunnels,
tmnxIPsecGWEapTunnels,
tIPsecRadAcctPlcyTblLastChgd,
tIPsecRadAcctPlcyRowStatus,
tIPsecRadAcctPlcyLastMgmtChange,
tIPsecRadAcctPlcyInclAttr,
tIPsecRadAcctPlcyRadSrvPlcy,
tIPsecRadAuthPlcyTblLastChgd,
tIPsecRadAuthPlcyRowStatus,
tIPsecRadAuthPlcyLastMgmtChange,
tIPsecRadAuthPlcyPassword,
tIPsecRadAuthPlcyInclAttr,
tIPsecRadAuthPlcyRadSrvPlcy,
tmnxIPsecGWRadAuthPolicy,
tmnxIPsecGWRadAcctgPolicy,
tmnxIkePolicyMatchPeerToCert
}
STATUS current
DESCRIPTION
"The group of additional objects for IPsec IKEv2 remote access tunnel
feature on Nokia SROS series systems in 11.0 release."
::= { tmnxIPsecGroups 15 }
tIPsecIkev2RaTunNotifyObjsGroup OBJECT-GROUP
OBJECTS {
tIPsecRadAcctPlcyFailReason
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec IKEv2
remote-access tunnel notification objects on Nokia SROS series
systems."
::= { tmnxIPsecGroups 16 }
tmnxIPsecTnlDstv12v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecTnlDstAddrLastChanged,
tmnxIPsecTnlDstAddrRowStatus,
tmnxIPsecTnlDstAddrTblLastChngd,
tmnxIPsecTnlDstAddrResolved
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec tunnel destination
address objects on Nokia SROS series systems."
::= { tmnxIPsecGroups 17 }
tmnxIPsecV12v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecPlcyParamsV6LclAddrAny,
tmnxIPsecPlcyParamsV6LclAddrType,
tmnxIPsecPlcyParamsV6LclAddr,
tmnxIPsecPlcyParamsV6LclAPrefLen,
tmnxIPsecPlcyParamsV6RemAddrAny,
tmnxIPsecPlcyParamsV6RemAddrType,
tmnxIPsecPlcyParamsV6RemAddr,
tmnxIPsecPlcyParamsV6RemAPrefLen,
tmnxIPsecTunnelEncapIpMtu,
tmnxIPsecTunnelIcmp6Pkt2Big,
tmnxIPsecTunnelIcmp6NumPkt2Big,
tmnxIPsecTunnelIcmp6Pkt2BigTime,
tIPsecTnlTempIpMtu,
tIPsecTnlTempEncapIpMtu,
tIPsecTnlTempIcmp6Pkt2Big,
tIPsecTnlTempIcmp6NumPkt2Big,
tIPsecTnlTempIcmp6Pkt2BigTime,
tIPsecTnlTempClearDfBit
}
STATUS current
DESCRIPTION
"The group of objects for IPsec feature on Nokia SROS series systems in
12.0 release."
::= { tmnxIPsecGroups 18 }
tIPsecIkev2CertAuthGroup OBJECT-GROUP
OBJECTS {
tIPsecCompChainCAProfName,
tmnxIPsecTunnelCertTrstAnchrProf,
tmnxIPsecGWCertTrstAnchrProf,
tIPsecTrustAnchorsTblLastChgd,
tIPsecTrustAnchorsRowStatus,
tIPsecTrustAnchorsLastChgd,
tIPsecTrustAnchorProfTblLastChgd,
tIPsecTrustAnchorProfRowStatus,
tIPsecTrustAnchorProfLastChgd,
tmnxIPsecTunnelMatchTrustAnchor,
tIPsecRUTnlMatchTrustAnchor,
tIPsecCertProfEntryIdTblLastChgd,
tIPsecCertProfEntryIdRowStatus,
tIPsecCertProfEntryIdLastChgd,
tIPsecCertProfEntryIdCertFile,
tIPsecCertProfEntryIdCompChain,
tmnxIPsecTunnelCertProfile,
tmnxIPsecGWCertProfile,
tIPsecCertProfEntryIdKeyFile,
tIPsecCertProfileTblLastChgd,
tIPsecCertProfileRowStatus,
tIPsecCertProfileLastChgd,
tIPsecCertProfileAdminState,
tIPsecCertProfileOperState,
tIPsecCertProfileOperFlags,
tIPsecTrustAnchorCAProfDown,
tmnxIPsecTunnelMatCertEntryId,
tmnxIPsecTunnelCertProfName,
tIPsecRUTnlMatCertEntryId,
tIPsecRUTnlCertProfName,
tIPsecCertProfEntryIdOperFlags
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec IKEv2 certificate
authentication objects on Nokia SROS series systems."
::= { tmnxIPsecGroups 19 }
tIPsecIkev2CertAuthChainGroup OBJECT-GROUP
OBJECTS {
tIPsecCertChainCAProfTblLastChgd,
tIPsecCertChainCAProfRowStatus,
tIPsecCertChainCAProfLastChgd
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec IKEv2 certificate
authentication chain objects on Nokia SROS series systems."
::= { tmnxIPsecGroups 20 }
tIPsecTsReductionGroup OBJECT-GROUP
OBJECTS {
tIPsecGWTsNegSelPlcyLastChgd,
tIPsecGWTsNegSelPlcyRowStatus,
tIPsecGWTsNegSelPlcyTblLastChgd,
tIPsecGWTsNegSelPlcyTsList,
tIPsecTsListLastChgd,
tIPsecTsListLclEntryFrAddr,
tIPsecTsListLclEntryFrAddrType,
tIPsecTsListLclEntryLastChgd,
tIPsecTsListLclEntryPfxAddr,
tIPsecTsListLclEntryPfxAddrType,
tIPsecTsListLclEntryPfxLen,
tIPsecTsListLclEntryRowStatus,
tIPsecTsListLclEntryTblLastChgd,
tIPsecTsListLclEntryToAddr,
tIPsecTsListLclEntryToAddrType,
tIPsecTsListRowStatus,
tIPsecTsListTblLastChgd
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec IKEv2 certificate
authentication chain objects on Nokia SROS series systems."
::= { tmnxIPsecGroups 21 }
tIPsecRUSATrafficSelGroup OBJECT-GROUP
OBJECTS {
tIPsecRUSATrafficSelLastChgd
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec IKEv2 certificate
authentication chain objects on Nokia SROS series systems."
::= { tmnxIPsecGroups 22 }
tmnxIPsecGWV12v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelAutoEstablish,
tmnxIPsecGWAdminState,
tmnxIPsecGWName,
tmnxIPsecGWIfName,
tmnxIPsecGWInetAddrType,
tmnxIPsecGWInetAddress,
tmnxIPsecGWLastMgmtChange,
tmnxIPsecGWOperState,
tmnxIPsecGWRowStatus,
tmnxIPsecGWSecureService,
tmnxIPsecGWTblLastChgd,
tmnxIPsecGWTunnelPolicyTemp,
tmnxIPsecGWIkePolicyId,
tmnxIPsecGWIkePreShared,
tmnxIPsecGWOperFlags,
tIPsecRUSAAuthAlgorithm,
tIPsecRUSAAuthenticationKey,
tIPsecRUSAEncrAlgorithm,
tIPsecRUSAEncryptionKey,
tIPsecRUSAEstablishedTime,
tIPsecRUSANegotiatedLifeTime,
tIPsecRUSASpi,
tIPsecRUSAStatsBytesProcHigh32,
tIPsecRUSAStatsBytesProcLow32,
tIPsecRUSAStatsBytesProcessed,
tIPsecRUSAStatsCryptoErrors,
tIPsecRUSAStatsPktsProcHigh32,
tIPsecRUSAStatsPktsProcLow32,
tIPsecRUSAStatsPktsProcessed,
tIPsecRUSAStatsPolicyErrors,
tIPsecRUSAStatsReplayErrors,
tIPsecRUSAStatsSAErrors,
tIPsecRUTnlIPsecSALifeTime,
tIPsecRUTnlIsakmpEstabTime,
tIPsecRUTnlIsakmpNegLifeTime,
tIPsecRUTnlIsakmpState,
tIPsecRUTnlNumCtrlPktsRx,
tIPsecRUTnlNumCtrlPktsTx,
tIPsecRUTnlNumCtrlRxErrors,
tIPsecRUTnlNumCtrlTxErrors,
tIPsecRUTnlNumDpdAckRx,
tIPsecRUTnlNumDpdAckTx,
tIPsecRUTnlNumDpdRx,
tIPsecRUTnlNumDpdTx,
tIPsecRUTnlNumExpRx,
tIPsecRUTnlNumInvalidDpdRx,
tIPsecRUTnlPfsDHGroup,
tIPsecRUTnlHasBiDirectionalSA,
tIPsecRUTnlPrivateIfIndex,
tIPsecRUTnlPrivateIpAddr,
tIPsecRUTnlPrivateIpPrefixLen,
tIPsecRUTnlPrivateIpAddrType,
tIPsecRUTnlPrivateSvcId,
tIPsecRUTnlReplayWindow,
tIPsecRUTnlTempId,
tmnxIPsecGWPskXAuthTunnels,
tmnxIPsecGWPskTunnels,
tmnxIPsecGWCertTunnels,
tmnxIPsecPskTunnels
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPSec gateway
capabilities for SAPs on Nokia SROS series systems."
::= { tmnxIPsecGroups 23 }
tmnxIpsecObsoletedV12v0Group OBJECT-GROUP
OBJECTS {
tIPsecRUSALclAPrefLen,
tIPsecRUSALclAddr,
tIPsecRUSALclAddrType,
tIPsecRUSARemAPrefLen,
tIPsecRUSARemAddr,
tIPsecRUSARemAddrType
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPSec gateway
capabilities for SAPs obsoleted on Nokia SROS series systems."
::= { tmnxIPsecGroups 24 }
tIkev2SendUnSolCfgAttr12v0Group OBJECT-GROUP
OBJECTS {
tmnxIkePolicyRelayUnSolCfgAttr
}
STATUS current
DESCRIPTION
"The group of objects for IKE Policy Version 2 Send Unsolicited config
Attributes feature on Nokia SROS series systems in 12.0 release."
::= { tmnxIPsecGroups 26 }
tmnxIPsecSAStatsV12v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecSAStatsEncapOverhead,
tmnxIPsecSAStatsPreEncapFragCnt,
tmnxIPsecSAStatsPreEncapFragLtSz,
tmnxIPsecSAStatsPstEncapFragCnt,
tmnxIPsecSAStatsPstEncapFragLtSz
}
STATUS current
DESCRIPTION
"The group of objects for new statistics of outbound SA feature on
Nokia SROS series systems in 12.0 release."
::= { tmnxIPsecGroups 27 }
tmnxIPsecRUSAStatsV12v0Group OBJECT-GROUP
OBJECTS {
tIPsecRUSAStatsEncapOverhead,
tIPsecRUSAStatsPreEncapFragCnt,
tIPsecRUSAStatsPreEncapFragLtSz,
tIPsecRUSAStatsPostEncapFragCnt,
tIPsecRUSAStatsPostEncapFragLtSz
}
STATUS current
DESCRIPTION
"The group of objects for new statistics of outbound SA feature on
Nokia SROS series systems in 12.0 release."
::= { tmnxIPsecGroups 28 }
tmnxIPsecEncapNotifyObjsGroup OBJECT-GROUP
OBJECTS {
tIPsecNotifIPsecTunnelName,
tIPsecNotifConfigIpMtu,
tIPsecNotifEncapOverhead,
tIPsecNotifConfigEncapIpMtu
}
STATUS current
DESCRIPTION
"The group of objects for new trap for tunnel encapsulation feature on
Nokia SROS series systems in 12.0 release."
::= { tmnxIPsecGroups 29 }
tmnxIPsecTnlOperChgGroup OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelOperChanged,
tIPsecRUTnlOperChanged
}
STATUS current
DESCRIPTION
"The group of objects for new statistics of outbound SA feature on
Nokia SROS series systems in 12.0 release."
::= { tmnxIPsecGroups 30 }
tmnxIkePolicyAutoEapRadiusGroup OBJECT-GROUP
OBJECTS {
tmnxIPsecGWAutoEapRadiusTunnels,
tmnxIkePolicyAutoEapMethod,
tmnxIkePolicyAutoEapOwnMethod
}
STATUS current
DESCRIPTION
"The group of objects for IKE Policy Version 2 auto EAP Radius feature
on Nokia SROS series systems."
::= { tmnxIPsecGroups 31 }
tmnxIkePolicyAutoEapGroup OBJECT-GROUP
OBJECTS {
tmnxIPsecGWAutoEapTunnels
}
STATUS current
DESCRIPTION
"The group of objects for IKE Policy Version 2 auto EAP feature on
Nokia SROS series systems."
::= { tmnxIPsecGroups 32 }
tmnxIPsecGWDhcpGroup OBJECT-GROUP
OBJECTS {
tmnxIPsecGWDhcpTblLastChgd,
tmnxIPsecGWDhcpRowStatus,
tmnxIPsecGWDhcpLastChgd,
tmnxIPsecGWDhcpAdminState,
tmnxIPsecGWDhcpGiAddrType,
tmnxIPsecGWDhcpGiAddr,
tmnxIPsecGWDhcpSendRelease,
tmnxIPsecGWDhcpServiceId,
tmnxIPsecGWDhcpRouterId,
tmnxIPsecGWDhcpSrvr1AddrType,
tmnxIPsecGWDhcpSrvr1Addr,
tmnxIPsecGWDhcpSrvr2AddrType,
tmnxIPsecGWDhcpSrvr2Addr,
tmnxIPsecGWDhcpSrvr3AddrType,
tmnxIPsecGWDhcpSrvr3Addr,
tmnxIPsecGWDhcpSrvr4AddrType,
tmnxIPsecGWDhcpSrvr4Addr,
tmnxIPsecGWDhcpSrvr5AddrType,
tmnxIPsecGWDhcpSrvr5Addr,
tmnxIPsecGWDhcpSrvr6AddrType,
tmnxIPsecGWDhcpSrvr6Addr,
tmnxIPsecGWDhcpSrvr7AddrType,
tmnxIPsecGWDhcpSrvr7Addr,
tmnxIPsecGWDhcpSrvr8AddrType,
tmnxIPsecGWDhcpSrvr8Addr
}
STATUS current
DESCRIPTION
"The tmnxIPsecGWDhcpGroup contains objects for IPSec Gateway DHCP
feature on Nokia SROS series systems."
::= { tmnxIPsecGroups 33 }
tmnxIPsecGWDhcpV6Group OBJECT-GROUP
OBJECTS {
tmnxIPsecGWDhcpV6TblLastChgd,
tmnxIPsecGWDhcpV6RowStatus,
tmnxIPsecGWDhcpV6LastChgd,
tmnxIPsecGWDhcpV6AdminState,
tmnxIPsecGWDhcpV6LinkAddrType,
tmnxIPsecGWDhcpV6LinkAddr,
tmnxIPsecGWDhcpV6SendRelease,
tmnxIPsecGWDhcpV6ServiceId,
tmnxIPsecGWDhcpV6RouterId,
tmnxIPsecGWDhcpV6Srvr1AddrType,
tmnxIPsecGWDhcpV6Srvr1Addr,
tmnxIPsecGWDhcpV6Srvr2AddrType,
tmnxIPsecGWDhcpV6Srvr2Addr,
tmnxIPsecGWDhcpV6Srvr3AddrType,
tmnxIPsecGWDhcpV6Srvr3Addr,
tmnxIPsecGWDhcpV6Srvr4AddrType,
tmnxIPsecGWDhcpV6Srvr4Addr,
tmnxIPsecGWDhcpV6Srvr5AddrType,
tmnxIPsecGWDhcpV6Srvr5Addr,
tmnxIPsecGWDhcpV6Srvr6AddrType,
tmnxIPsecGWDhcpV6Srvr6Addr,
tmnxIPsecGWDhcpV6Srvr7AddrType,
tmnxIPsecGWDhcpV6Srvr7Addr,
tmnxIPsecGWDhcpV6Srvr8AddrType,
tmnxIPsecGWDhcpV6Srvr8Addr
}
STATUS current
DESCRIPTION
"The tmnxIPsecGWDhcpV6Group contains objects for IPSec Gateway DHCP
feature on Nokia SROS series systems."
::= { tmnxIPsecGroups 34 }
tmnxSecNotifyObjsV13v0Group OBJECT-GROUP
OBJECTS {
tIPsecNotifCertProfileName,
tIPsecNotifCertProfEntryId,
tIPsecNotifCaProfNames
}
STATUS current
DESCRIPTION
"The group of objects supporting security notifications in revision
13.0 on Nokia SROS series systems."
::= { tmnxIPsecGroups 35 }
tmnxSecurityNotificationV13v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxSecNotifCmptedCertHashChngd,
tmnxSecNotifCmptedCertChnChngd,
tmnxSecNotifSendChnNotInCmptChn
}
STATUS current
DESCRIPTION
"The group of notifications supporting security in revision 13.0 on
Nokia SROS series systems."
::= { tmnxIPsecGroups 36 }
tmnxIPsecGWLclAddrGroup OBJECT-GROUP
OBJECTS {
tIPsecGWLclAddrAssignTblLastChgd,
tIPsecGWLclAddrAssignLastChgd,
tIPsecGWLclAddrAssignRowStatus,
tIPsecGWLclAddrAssignAdminState,
tIPsecGWLclAddrAssignIp4SrvrName,
tIPsecGWLclAddrAssignIp4SrvrSvc,
tIPsecGWLclAddrAssignIp4SrvrRtr,
tIPsecGWLclAddrAssignIp4PoolName,
tIPsecGWLclAddrAssignIp6SrvrName,
tIPsecGWLclAddrAssignIp6SrvrSvc,
tIPsecGWLclAddrAssignIp6SrvrRtr,
tIPsecGWLclAddrAssignIp6PoolName
}
STATUS current
DESCRIPTION
"The tmnxIPsecGWLclAddrGroup contains objects for IPSec Gateway Local
Address feature on Nokia SROS series systems."
::= { tmnxIPsecGroups 37 }
tmnxIPsecRadInterimUpdGroup OBJECT-GROUP
OBJECTS {
tIPsecRadAcctPlcyUpdateInterval,
tIPsecRadAcctPlcyJitter
}
STATUS current
DESCRIPTION
"The tmnxIPsecRadInterimUpdGroup contains objects for IPSec Radius
Interim Update feature on Nokia SROS series systems."
::= { tmnxIPsecGroups 38 }
tmnxIPsecIkev2IdiGroup OBJECT-GROUP
OBJECTS {
tIPsecRUTnlIkeIdType,
tIPsecRUTnlIkeIdValue
}
STATUS current
DESCRIPTION
"The tmnxIPsecIkev2IdiGroup contains objects for IPSec IKEv2 ID
initiator information support on Nokia SROS series systems."
::= { tmnxIPsecGroups 39 }
tmnxIPsecGWPrivIp2V13v0Group OBJECT-GROUP
OBJECTS {
tIPsecRUTnlPrivateIpAddr2Type,
tIPsecRUTnlPrivateIpAddr2,
tIPsecRUTnlPrivateIpPrefixLen2
}
STATUS current
DESCRIPTION
"The group of objects supporting the second private address of the
IPsec gateway tunnel on Nokia SROS series systems for release 13.0."
::= { tmnxIPsecGroups 40 }
tmnxIPsecGWLAAIpPool2V14v0Group OBJECT-GROUP
OBJECTS {
tIPsecGWLclAddrAssignIp4PoolNam2
}
STATUS current
DESCRIPTION
"The tmnxIPsecGWLAAIpPool2V14v0Group contains objects for the IPsec
gateway's secondary Local-Address-Assignment pool feature on Nokia
SROS series systems for release 14.0."
::= { tmnxIPsecGroups 41 }
tIPsecTrafficSelectorV14v0Group OBJECT-GROUP
OBJECTS {
tIPsecTsListLclEntryMinPort,
tIPsecTsListLclEntryMaxPort,
tIPsecTsListLclEntryMinMhType,
tIPsecTsListLclEntryMaxMhType,
tIPsecTsListLclEntryMinIcmpType,
tIPsecTsListLclEntryMaxIcmpType,
tIPsecTsListLclEntryMinIcmpCode,
tIPsecTsListLclEntryMaxIcmpCode,
tIPsecTsListLclEntryProtocolId,
tIPsecTsListRmtEntryTblLastChgd,
tIPsecTsListRmtEntryRowStatus,
tIPsecTsListRmtEntryLastChgd,
tIPsecTsListRmtEntryMinAddrType,
tIPsecTsListRmtEntryMinAddr,
tIPsecTsListRmtEntryMaxAddrType,
tIPsecTsListRmtEntryMaxAddr,
tIPsecTsListRmtEntryPfxAddrType,
tIPsecTsListRmtEntryPfxAddr,
tIPsecTsListRmtEntryPfxLen,
tIPsecTsListRmtEntryMinPort,
tIPsecTsListRmtEntryMaxPort,
tIPsecTsListRmtEntryMinMhType,
tIPsecTsListRmtEntryMaxMhType,
tIPsecTsListRmtEntryMinIcmpType,
tIPsecTsListRmtEntryMaxIcmpType,
tIPsecTsListRmtEntryMinIcmpCode,
tIPsecTsListRmtEntryMaxIcmpCode,
tIPsecTsListRmtEntryProtocolId
}
STATUS current
DESCRIPTION
"The tIPsecTrafficSelectorV14v0Group contains objects for the IPsec
traffic selector feature on Nokia SROS series systems for release
14.0."
::= { tmnxIPsecGroups 43 }
tmnxIkePolicyLockoutV14v0Group OBJECT-GROUP
OBJECTS {
tmnxIkePolicyLockout,
tmnxIkePolicyLockoutFailedAtempt,
tmnxIkePolicyLockoutDuration,
tmnxIkePolicyLockoutBlock,
tmnxIkePolicyLockoutMaxPortPerIp,
tmnxIPsecLockoutClientFailAtempt,
tmnxIPsecLockoutClientStatus,
tmnxIPsecLockoutClientDroppedPkt,
tmnxIPsecLockoutClientRemainTime
}
STATUS current
DESCRIPTION
"The tmnxIkePolicyLockoutV14v0Group contains objects for the IPsec
client lockout feature on Nokia SROS series systems for release 14.0."
::= { tmnxIPsecGroups 44 }
tIPsecRUTnlDhcpLeaseStatV14v0Grp OBJECT-GROUP
OBJECTS {
tIPsecRUTnlDhcpLeaseStatSverAddT,
tIPsecRUTnlDhcpLeaseStatSverAddr,
tIPsecRUTnlDhcpLeaseStatAcquirTm,
tIPsecRUTnlDhcpLeaseStatRenewTm,
tIPsecRUTnlDhcpLeaseStatRebindTm,
tIPsecRUTnlDhcpLeaseStatPrivPref,
tIPsecRUTnlDhcpLeaseStatPrivVald
}
STATUS current
DESCRIPTION
"The tIPsecRUTnlDhcpLeaseStatV14v0Grp contains objects for the IPsec
DHCP lease statistics on Nokia SROS series systems for release 14.0."
::= { tmnxIPsecGroups 45 }
tIPsecClientDatabaseV14v0Group OBJECT-GROUP
OBJECTS {
tIPsecClientDatabaseTableLstChgd,
tIPsecClientDatabaseLastChanged,
tIPsecClientDatabaseRowStatus,
tIPsecClientDatabaseAdminState,
tIPsecClientDatabaseDescription,
tIPsecClientDatabaseMatchType,
tIPsecClientDBClientTableLstChgd,
tIPsecClientDBClientLastChanged,
tIPsecClientDBClientRowStatus,
tIPsecClientDBClientAdminState,
tIPsecClientDBClientName,
tIPsecClientDBClientIdIdiType,
tIPsecClientDBClientIdIdiValue,
tIPsecClientDBClientIdPeer4PfAny,
tIPsecClientDBClientIdPeer6PfAny,
tIPsecClientDBClientIdPeerPfxTyp,
tIPsecClientDBClientIdPeerPfx,
tIPsecClientDBClientIdPeerPfxLen,
tIPsecClientDBClientTnlTempltId,
tIPsecClientDBClientPrivateSvcId,
tIPsecClientDBClientPrivIfName,
tIPsecClientDBClientTsListName,
tIPsecClientDBClientPreSharedKey,
tmnxIPsecGWClientDatabaseName,
tmnxIPsecGWClientDatabasFallback,
tIPsecRUTnlClientDBClientId
}
STATUS current
DESCRIPTION
"The tIPsecClientDatabaseV14v0Group contains objects for the IPsec
client database capability on Nokia SROS series systems for release
14.0."
::= { tmnxIPsecGroups 46 }
tmnxIkePolicyV2FragV14v0Group OBJECT-GROUP
OBJECTS {
tmnxIkePolicyV2Fragment,
tmnxIkePolicyV2FragmentMtu,
tmnxIkePolicyV2FragReassembTmOut
}
STATUS current
DESCRIPTION
"The tmnxIkePolicyV2FragV14v0Group contains objects for the IKEv2
fragmentation capability on Nokia SROS series systems for release
14.0."
::= { tmnxIPsecGroups 47 }
tmnxIPsecMdaDpStatsV14v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecMdaDpL2tpv3TnlInPkts,
tmnxIPsecMdaDpL2tpv3TnlInBytes,
tmnxIPsecMdaDpL2tpv3TnlInErrs,
tmnxIPsecMdaDpL2tpv3TnlInCookErr,
tmnxIPsecMdaDpL2tpv3TnlInSeIdErr,
tmnxIPsecMdaDpL2tpv3TnlOutPkts,
tmnxIPsecMdaDpL2tpv3TnlOutBytes,
tmnxIPsecMdaDpL2tpv3TnlOutErrs,
tmnxIPsecMdaDpL2tpv3Tnls
}
STATUS current
DESCRIPTION
"The group of objects for IPsec Mda Data Path Statistics added in
release 14 of the Nokia SROS series systems."
::= { tmnxIPsecGroups 48 }
tmnxIPsecRUTnlInUseCfgsV14v0Grp OBJECT-GROUP
OBJECTS {
tIPsecRUTnlInUseTsList,
tIPsecRUTnlInUsePreSharedKey
}
STATUS current
DESCRIPTION
"The group of objects for IPsec tunnel in-use configurations added in
release 14 of the Nokia SROS series systems."
::= { tmnxIPsecGroups 49 }
tmnxIPsecIkeTransformV15v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecIkeTransformTableLstChg,
tmnxIPsecIkeTransformRowStatus,
tmnxIPsecIkeTransformLastChange,
tmnxIPsecIkeTransformAuthAlg,
tmnxIPsecIkeTransformEncrAlg,
tmnxIPsecIkeTransformDhGroup,
tmnxIPsecIkeTransformIsakmpLifeT,
tmnxIkePlcyIkeTransformTbLstChg,
tmnxIkePlcyIkeTransformLstChange,
tmnxIkePlcyIkeTransformId
}
STATUS current
DESCRIPTION
"The tmnxIPsecIkeTransformV15v0Group contains objects for the IKE
transform capability on Nokia SROS series systems for release 15.0."
::= { tmnxIPsecGroups 50 }
tmnxIPsecIkePolicyV14v0Group OBJECT-GROUP
OBJECTS {
tmnxIkePolicySndIdrAftEapSuccess,
tmnxIkePolicyIkev1Ph1RespDelNtfy
}
STATUS current
DESCRIPTION
"The tmnxIPsecIkePolicyV14v0Group contains objects for the IKE policy
capability on Nokia SROS series systems for release 14.0."
::= { tmnxIPsecGroups 51 }
tmnxIPsecHistStatsV15v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecGWHistStatsValue64,
tmnxIPsecGWHistStatsValue32,
tmnxIPsecGWHistStatsIntvStTm,
tmnxIPsecGWHistStatsIntvDur,
tmnxIPsecGWHistStatsFstFTm,
tmnxIPsecGWHistStatsFstFDesc,
tmnxIPsecGWHistStatsLstFTm,
tmnxIPsecGWHistStatsLstFDesc,
tmnxIPsecIsaHistStatsValue64,
tmnxIPsecIsaHistStatsValue32,
tmnxIPsecIsaHistStatsIntvStTm,
tmnxIPsecIsaHistStatsIntvDur,
tmnxIPsecIsaHistStatsFstFTm,
tmnxIPsecIsaHistStatsFstFDesc,
tmnxIPsecIsaHistStatsLstFTm,
tmnxIPsecIsaHistStatsLstFDesc,
tmnxIPsecTnlGrpHistStatsValue64,
tmnxIPsecTnlGrpHistStatsValue32,
tmnxIPsecTnlGrpHistStatsIntvStTm,
tmnxIPsecTnlGrpHistStatsIntvDur,
tmnxIPsecTnlGrpHistStatsFstFTm,
tmnxIPsecTnlGrpHistStatsFstFDesc,
tmnxIPsecTnlGrpHistStatsLstFTm,
tmnxIPsecTnlGrpHistStatsLstFDesc,
tmnxIPsecSysHistStatsValue64,
tmnxIPsecSysHistStatsValue32,
tmnxIPsecSysHistStatsIntvStTm,
tmnxIPsecSysHistStatsIntvDur,
tmnxIPsecSysHistStatsFstFTm,
tmnxIPsecSysHistStatsFstFDesc,
tmnxIPsecSysHistStatsLstFTm,
tmnxIPsecSysHistStatsLstFDesc,
tmnxIPsecTnlHistStatsValue64,
tmnxIPsecTnlHistStatsIntvStTm,
tmnxIPsecTnlHistStatsIntvDur,
tmnxIPsecRUTnlHistStatsValue64,
tmnxIPsecRUTnlHistStatsIntvStTm,
tmnxIPsecRUTnlHistStatsIntvDur
}
STATUS current
DESCRIPTION
"The tmnxIPsecHistStatsV15v0Group contains objects for the IPsec
historical statistics capability on Nokia SROS series systems for
release 15.0."
::= { tmnxIPsecGroups 52 }
tmnxIPsecCertObsoleteV15v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelCertTrustAnchor,
tmnxIPsecTunnelCertFile,
tmnxIPsecTunnelKeyFile,
tmnxIPsecGWLclX509Cert,
tmnxIPsecGWLclPrivateKey,
tmnxIPsecGWCertTrustAnchor
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPSec X.509 certificate
specific capabilities on Nokia SROS series systems that were made
obsolete in release 15.0."
::= { tmnxIPsecGroups 53 }
tIPsecTcpMssAdjustV15v0Grp OBJECT-GROUP
OBJECTS {
tIPsecTnlTempPublicTcpMssAdjust,
tIPsecTnlTempPrivateTcpMssAdjust,
tmnxIPsecTunnelPubTcpMssAdjust,
tmnxIPsecTunnelPrivTcpMssAdjust,
tIPsecRUTnlPubTcpMss,
tIPsecRUTnlPrivTcpMss
}
STATUS current
DESCRIPTION
"The group of objects supporting management of the IPsec TCP MSS
adjustment capability on Nokia SROS series systems for release 15.0."
::= { tmnxIPsecGroups 54 }
tmnxIkePolicyObsoleteV15v0Group OBJECT-GROUP
OBJECTS {
tmnxIkePolicyDHGroup,
tmnxIkePolicyAuthAlgorithm,
tmnxIkePolicyEncrAlgorithm,
tmnxIkePolicyIsakmpLifeTime
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IKE policy capabilities
on Nokia SROS series systems that were made obsolete in release 15.0."
::= { tmnxIPsecGroups 55 }
tmnxIPsecSvcLevelCfgV14v0Grp OBJECT-GROUP
OBJECTS {
tmnxIPsecSvcLevelCfgTableLastChg
}
STATUS current
DESCRIPTION
"The group of objects supporting management of the IPsec configurations
in the service level on Nokia SROS series systems for release 14.0."
::= { tmnxIPsecGroups 56 }
tmnxIPsecTransformV15v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecTransformPfsDhGroup,
tmnxIPsecTransformLifeTime,
tmnxIPsecTunnelStatIsakmpAuthAlg,
tmnxIPsecTunnelStatIsakmpEncrAlg,
tmnxIPsecTunnelStatIsakmpPfsDhGp,
tIPsecRUTnlStatsIsakmpAuthAlg,
tIPsecRUTnlStatsIsakmpEncrAlg,
tIPsecRUTnlStatsIsakmpPfsDhGrp,
tIPsecRUSAStatsPfsDhGroup,
tmnxIPsecSAStatsPfsDhGroup
}
STATUS current
DESCRIPTION
"The group of objects supporting management of the IPsec transform
capabilities on Nokia SROS series systems for release 15.0."
::= { tmnxIPsecGroups 57 }
tmnxIPsecEmbmsV15v0Group OBJECT-GROUP
OBJECTS {
tIPsecRUSAStatsMulticastIfName,
tIPsecRUSAStatsMulticastProt,
tmnxIPsecSAStatsMulticastIfName,
tmnxIPsecSAStatsMulticastProt
}
STATUS current
DESCRIPTION
"The group of objects supporting management of the IPsec Evolved
Multimedia Broadcast Multicast Service (eMBMS) capabilities on Nokia
SROS series systems for release 15.0."
::= { tmnxIPsecGroups 58 }
tmnxIPsecGWStatsV15v0Grp OBJECT-GROUP
OBJECTS {
tIPsecRUTnlInUseIkePolicy,
tmnxIPsecGWStatsNumOfDl2lTnls,
tmnxIPsecGWStatsNumOfRaTnls
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec gateway statistics
on Nokia SROS series systems for release 15.0."
::= { tmnxIPsecGroups 59 }
tmnxIPsecNoOfSaKeysV16v0Grp OBJECT-GROUP
OBJECTS {
tmnxIPsecGWMaxNumPh1SaKeys,
tmnxIPsecGWMaxNumPh2SaKeys,
tmnxIPsecTunnelMaxNumPh1SaKeys,
tmnxIPsecTunnelMaxNumPh2SaKeys,
tmnxIPsecScalarObjsShowKeys
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec Security
Association (SA) key storage capabilities on Nokia SROS series systems
for release 16.0."
::= { tmnxIPsecGroups 60 }
tmnxIPsecSvcNameV16v0Grp OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelPublicSvcName,
tmnxIPsecGWSecureServiceName,
tmnxIPsecGWDhcpServiceName,
tmnxIPsecGWDhcpV6ServiceName,
tIPsecGWLclAddrAssignIp4SrvrSvcN,
tIPsecGWLclAddrAssignIp6SrvrSvcN,
tIPsecClientDBClientPrivateSvcNm
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec service name
capabilities on Nokia SROS series systems for release 16.0."
::= { tmnxIPsecGroups 61 }
tmnxIPsecTnlBfdSessV16v0Grp OBJECT-GROUP
OBJECTS {
tmnxIPsecTnlBfdSessTableLChg,
tmnxIPsecTnlBfdSessRowStatus,
tmnxIPsecTnlBfdSessSvcId,
tmnxIPsecTnlBfdSessSvcName,
tmnxIPsecTnlBfdSessIfName,
tmnxIPsecTnlBfdSessDstAddrT,
tmnxIPsecTnlBfdSessDstAddr,
tmnxIPsecTnlBfdSessStatSrcAddrT,
tmnxIPsecTnlBfdSessStatSrcAddr,
tmnxIPsecTnlBfdSessStatOperState
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec tunnel BFD session
capabilities on Nokia SROS series systems for release 16.0."
::= { tmnxIPsecGroups 62 }
tmnxIPsecTnlBfdObsoleteV16v0Grp OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelBfdRowStatus,
tmnxIPsecTunnelBfdSrcAddrType,
tmnxIPsecTunnelBfdSrcAddr,
tmnxIPsecTunnelBfdSessOperState,
tmnxIPsecTunnelBfdLastChanged,
tmnxIPsecTunnelBfdTableLastChgd
}
STATUS current
DESCRIPTION
"The group of obsoleted objects of IPsec tunnel BFD service capabality
on Nokia SROS series systems for release 16.0."
::= { tmnxIPsecGroups 63 }
tmnxIkePolicyV15v0Group OBJECT-GROUP
OBJECTS {
tmnxIkePolicyLimitInitExchange,
tmnxIkePolicyReducedMaxExchgTt
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec IKE policy
capabilities on Nokia SROS series systems for release 15.0."
::= { tmnxIPsecGroups 64 }
tmnxIPsecCertProfV16v0Group OBJECT-GROUP
OBJECTS {
tIPsecCertProfEntryIdRsaSign
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec certificate
profile capabilities on Nokia SROS series systems for release 16.0."
::= { tmnxIPsecGroups 65 }
tmnxIkeTransformV16v0Grp OBJECT-GROUP
OBJECTS {
tmnxIPsecIkeTransformPrfAlg,
tmnxIPsecTunnelStatIkeTranPrfAlg,
tIPsecRUTnlStatsIkeTranPrfAlg
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IKE transform
capabilities on Nokia SROS series systems for release 16.0."
::= { tmnxIPsecGroups 67 }
tmnxIPsecTunnelV15v0Grp OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelSecPlyStrictMatch
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec tunnel
capabilities on Nokia SROS series systems for release 15.0."
::= { tmnxIPsecGroups 68 }
tmnxVRtrIdIPsecTnlV19v0Group OBJECT-GROUP
OBJECTS {
tmnxVRtIPsecTnlTableLastChanged,
tmnxVRtIPsecTnlRowStatus,
tmnxVRtIPsecTnlLastChanged,
tmnxVRtIPsecTnlAdminState,
tmnxVRtIPsecTnlOperState,
tmnxVRtIPsecTnlDescription,
tmnxVRtIPsecTnlLclGwAddrType,
tmnxVRtIPsecTnlLclGwAddr,
tmnxVRtIPsecTnlRemGwAddrType,
tmnxVRtIPsecTnlRemGwAddr,
tmnxVRtIPsecTnlSecurityPolicyId,
tmnxVRtIPsecTnlKeyingType,
tmnxVRtIPsecTnlDynTransformId1,
tmnxVRtIPsecTnlDynTransformId2,
tmnxVRtIPsecTnlDynTransformId3,
tmnxVRtIPsecTnlDynTransformId4,
tmnxVRtIPsecTnlIkePolicyId,
tmnxVRtIPsecTnlIkePreSharedKey,
tmnxVRtIPsecTnlOperFlags,
tmnxVRtIPsecTnlReplayWindow,
tmnxVRtIPsecTnlAutoEstablish,
tmnxVRtIPsecTnlBfdDesignate,
tmnxVRtIPsecTnlLocalIdType,
tmnxVRtIPsecTnlLocalIdValue,
tmnxVRtIPsecTnlClearDfBit,
tmnxVRtIPsecTnlIpMtu,
tmnxVRtIPsecTnlHostISA,
tmnxVRtIPsecTnlCSVPrimary,
tmnxVRtIPsecTnlCSVSecondary,
tmnxVRtIPsecTnlCSVDefResult,
tmnxVRtIPsecTnlCertProfile,
tmnxVRtIPsecTnlMatchTrustAnchor,
tmnxVRtIPsecTnlCertTrstAnchrProf,
tmnxVRtIPsecTnlEncapIpMtu,
tmnxVRtIPsecTnlPropagateIpv6PMTU,
tmnxVRtIPsecTnlIcmp6Pkt2Big,
tmnxVRtIPsecTnlIcmp6NumPkt2Big,
tmnxVRtIPsecTnlIcmp6Pkt2BigTime,
tmnxVRtIPsecTnlOperChanged,
tmnxVRtIPsecTnlPropagateIpv4PMTU,
tmnxVRtIPsecTnlIcmpFragReq,
tmnxVRtIPsecTnlIcmpFragReqNum,
tmnxVRtIPsecTnlIcmpFragReqTime,
tmnxVRtIPsecTnlPMTUDiscoverAging,
tmnxVRtIPsecTnlPubTcpMssAdjust,
tmnxVRtIPsecTnlPrivTcpMssAdjust,
tmnxVRtIPsecTnlMaxNumPh1SaKeys,
tmnxVRtIPsecTnlMaxNumPh2SaKeys,
tmnxVRtIPsecTnlSecPlyStrictMatch,
tmnxVRtIPsecTnlPrivateSvcName,
tmnxVRtIPsecTnlPrivSap,
tmnxVRtIPsecTnlBfdTableLChg,
tmnxVRtIPsecTnlBfdRowStatus,
tmnxVRtIPsecTnlBfdSvcName,
tmnxVRtIPsecTnlBfdIfName,
tmnxVRtIPsecTnlBfdDstAddrT,
tmnxVRtIPsecTnlBfdDstAddr,
tmnxVRtIPsecTnlBfdStatSrcAddrT,
tmnxVRtIPsecTnlBfdStatSrcAddr,
tmnxVRtIPsecTnlBfdStatOperState,
tmnxVRtIPsecSATableLastChanged,
tmnxVRtIPsecSARowStatus,
tmnxVRtIPsecSALastChanged,
tmnxVRtIPsecSAType,
tmnxVRtIPsecSAEncryptionKey,
tmnxVRtIPsecSAAuthenticationKey,
tmnxVRtIPsecSASpi,
tmnxVRtIPsecSAManualTransformId,
tmnxVRtIPsecSAAuthAlgorithm,
tmnxVRtIPsecSAEncrAlgorithm,
tmnxVRtIPsecSAStorageType,
tmnxVRtIPsecSAEstablishedTime,
tmnxVRtIPsecSANegotiatedLifeTime,
tmnxVRtIPsecSAStBytesProcessed,
tmnxVRtIPsecSAStBytesProcLow32,
tmnxVRtIPsecSAStBytesProcHigh32,
tmnxVRtIPsecSAStPktsProcessed,
tmnxVRtIPsecSAStPktsProcLow32,
tmnxVRtIPsecSAStPktsProcHigh32,
tmnxVRtIPsecSAStCryptoErrors,
tmnxVRtIPsecSAStReplayErrors,
tmnxVRtIPsecSAStSAErrors,
tmnxVRtIPsecSAStPolicyErrors,
tmnxVRtIPsecSAStEncapOverhead,
tmnxVRtIPsecSAStPreEncapFragCnt,
tmnxVRtIPsecSAStPreEncapFragLtSz,
tmnxVRtIPsecSAStPstEncapFragCnt,
tmnxVRtIPsecSAStPstEncapFragLtSz,
tmnxVRtIPsecSAStPfsDhGroup,
tmnxVRtIPsecSAStTempPrivMtu,
tmnxVRtIPsecSAStMulticastIfName,
tmnxVRtIPsecSAStMulticastProt,
tmnxVRtSecPlcyTableLastChanged,
tmnxVRtSecPlcyRowStatus,
tmnxVRtSecPlcyLastChanged,
tmnxVRtSecPlcyParamTblLastChangd,
tmnxVRtSecPlcyParamRowStatus,
tmnxVRtSecPlcyParamLastChanged,
tmnxVRtSecPlcyParamLclAddrAny,
tmnxVRtSecPlcyParamLclAddrType,
tmnxVRtSecPlcyParamLclAddr,
tmnxVRtSecPlcyParamLclAPrefLen,
tmnxVRtSecPlcyParamRemAddrAny,
tmnxVRtSecPlcyParamRemAddrType,
tmnxVRtSecPlcyParamRemAddr,
tmnxVRtSecPlcyParamRemAPrefLen,
tmnxVRtSecPlcyParam6LclAddrAny,
tmnxVRtSecPlcyParam6LclAddrType,
tmnxVRtSecPlcyParam6LclAddr,
tmnxVRtSecPlcyParam6LclAPrefLen,
tmnxVRtSecPlcyParam6RemAddrAny,
tmnxVRtSecPlcyParam6RemAddrType,
tmnxVRtSecPlcyParam6RemAddr,
tmnxVRtSecPlcyParam6RemAPrefLen,
tmnxVRtIfIPsecTblLstCgd,
tmnxVRtIfIPsecRowStatus,
tmnxVRtIfIPsecLastChgd,
tmnxVRtIfIPsecAdminState,
tmnxVRtIfIPsecIpFilterInExcptId,
tmnxVRtIfIPsecIsaTnlGroup,
tmnxVRtIfIPsecPubSap,
tmnxVRtIfIPsecIpv6FilterInExcId,
tmnxVRtIPsecTnlLclGwAddrOvrd,
tmnxVRtIPsecTnlLclGwAddrOvrdType,
tmnxVRtIPsecTnlIsakmpState,
tmnxVRtIPsecTnlIsakmpEstabTime,
tmnxVRtIPsecTnlIsakmpNegLifeTime,
tmnxVRtIPsecTnlNumDpdTx,
tmnxVRtIPsecTnlNumDpdRx,
tmnxVRtIPsecTnlNumDpdAckTx,
tmnxVRtIPsecTnlNumDpdAckRx,
tmnxVRtIPsecTnlNumExpRx,
tmnxVRtIPsecTnlNumInvalidDpdRx,
tmnxVRtIPsecTnlNumCtrlPktsTx,
tmnxVRtIPsecTnlNumCtrlPktsRx,
tmnxVRtIPsecTnlNumCtrlTxErrors,
tmnxVRtIPsecTnlNumCtrlRxErrors,
tmnxVRtIPsecTnlMatCertEntryId,
tmnxVRtIPsecTnlCertProfName,
tmnxVRtIPsecTnlStatIsakmpAuthAlg,
tmnxVRtIPsecTnlStatIsakmpEncrAlg,
tmnxVRtIPsecTnlStatIsakmpPfsDhGp,
tmnxVRtIPsecTnlStatIkeTranPrfAlg
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec tunnel
capabilities on Nokia SROS series systems for release 17.0."
::= { tmnxIPsecGroups 69 }
tIPsecTnlTempGroupV19v0Group OBJECT-GROUP
OBJECTS {
tIPsecTnlTempDescr,
tIPsecTnlTempDynKeyTransformId1,
tIPsecTnlTempDynKeyTransformId2,
tIPsecTnlTempDynKeyTransformId3,
tIPsecTnlTempDynKeyTransformId4,
tIPsecTnlTempLastChanged,
tIPsecTnlTempReplayWindow,
tIPsecTnlTempReverseRoute,
tIPsecTnlTempRowStatus,
tIPsecTnlTempTblLastChanged,
tmnxIkePolicyAuthMethod,
tIPsecTnlTempIgnoreDefaultRoute
}
STATUS current
DESCRIPTION
"The group of objects for IPsec tunnel template on Nokia SROS series
systems for release 19.0"
::= { tmnxIPsecGroups 71 }
tmnxIPsecNotifyObjsV19v0Group OBJECT-GROUP
OBJECTS {
tIPsecNotifTunnelType,
tIPsecNotifTunnelIdentifier
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec notification
objects on Nokia SROS series systems in release 19v0."
::= { tmnxIPsecGroups 72 }
tmnxIPsecTunnelEsaVmV19v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecTunnelHostEsa,
tmnxIPsecTunnelHostEsaVm,
tIPsecRUTnlHostEsa,
tIPsecRUTnlHostEsaVm,
tmnxVRtIPsecTnlHostEsa,
tmnxVRtIPsecTnlHostEsaVm,
tmnxIPsecLOClientEsaStatus,
tmnxIPsecLOClientEsaFailAtempt,
tmnxIPsecLOClientEsaDroppedPkt,
tmnxIPsecLOClientEsaRemainTime
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec tunnel functions
on ESA virtual machines in release 19.0"
::= { tmnxIPsecGroups 73 }
tmnxIPsecTunnelEsaVmV20v0Group OBJECT-GROUP
OBJECTS {
tmnxIPsecEsaHistStatsValue64,
tmnxIPsecEsaHistStatsValue32,
tmnxIPsecEsaHistStatsIntvStTm,
tmnxIPsecEsaHistStatsIntvDur,
tmnxIPsecEsaHistStatsFstFTm,
tmnxIPsecEsaHistStatsFstFDesc,
tmnxIPsecEsaHistStatsLstFTm,
tmnxIPsecEsaHistStatsLstFDesc,
tmnxIPsecEsaDpStatsEncryptPkts,
tmnxIPsecEsaDpStatsEncryptBytes,
tmnxIPsecEsaDpStatsDecryptPkts,
tmnxIPsecEsaDpStatsDecryptBytes,
tmnxIPsecEsaDpStatsTxPktErrs,
tmnxIPsecEsaDpStatsOutBDropPkts,
tmnxIPsecEsaDpStatsOutBSAMisses,
tmnxIPsecEsaDpStatsOutBPEMisses,
tmnxIPsecEsaDpStatsInBDropPkts,
tmnxIPsecEsaDpStatsInBSAMisses,
tmnxIPsecEsaDpStatsInBIPMismatch,
tmnxIPsecEsaDpInFragments,
tmnxIPsecEsaDpPktsReassem,
tmnxIPsecEsaDpFragDropTime,
tmnxIPsecEsaDpFragDropped,
tmnxIPsecEsaDpGreTnlInPkts,
tmnxIPsecEsaDpGreTnlInBytes,
tmnxIPsecEsaDpGreTnlInErrs,
tmnxIPsecEsaDpGreTnlOutPkts,
tmnxIPsecEsaDpGreTnlOutBytes,
tmnxIPsecEsaDpGreTnlOutErrs,
tmnxIPsecEsaDpPktsDropDfSet,
tmnxIPsecEsaDpStaticIPsecTnls,
tmnxIPsecEsaDpDynIPsecTnls,
tmnxIPsecEsaDpIpGreTnls,
tmnxIPsecEsaDpIpv4Tnls,
tmnxIPsecEsaDpL2tpv3TnlInPkts,
tmnxIPsecEsaDpL2tpv3TnlInBytes,
tmnxIPsecEsaDpL2tpv3TnlInErrs,
tmnxIPsecEsaDpL2tpv3TnlInCookErr,
tmnxIPsecEsaDpL2tpv3TnlInSeIdErr,
tmnxIPsecEsaDpL2tpv3TnlOutPkts,
tmnxIPsecEsaDpL2tpv3TnlOutBytes,
tmnxIPsecEsaDpL2tpv3TnlOutErrs,
tmnxIPsecEsaDpL2tpv3Tnls
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IPsec tunnel functions
on ESA virtual machines in release 20.0"
::= { tmnxIPsecGroups 74 }
tmnxIPsecObsoleteV20v0Grp OBJECT-GROUP
OBJECTS {
tmnxIPsecSvcLevelCfgRsvRtrOvrd
}
STATUS current
DESCRIPTION
"The group of obsoleted objects suporting management of IPsec
capabilities on Nokia SROS series systems for release 20.0."
::= { tmnxIPsecGroups 75 }
tmnxIPsecSvcLevelCfgV20v0Grp OBJECT-GROUP
OBJECTS {
tmnxIPsecSvcLevelCfgRROvrdType
}
STATUS current
DESCRIPTION
"The group of additional objects supporting management of the IPsec
configurations in the service level on Nokia SROS series systems for
release 20.0."
::= { tmnxIPsecGroups 76 }
tmnxIPsecNotifGroups OBJECT IDENTIFIER ::= { tmnxIPsecConformance 3 }
tmnxIPsecNotifGroup NOTIFICATION-GROUP
NOTIFICATIONS {
tIPsecRUTnlFailToCreate,
tIPsecRUTnlRemoved,
tIPsecRUSAFailToAddRoute,
tIPsecBfdIntfSessStateChgd
}
STATUS current
DESCRIPTION
"The group of notifications supporting IPsec on the Nokia SROS series
systems."
::= { tmnxIPsecNotifGroups 1 }
tIPsecIkev2RaTunNotifGroup NOTIFICATION-GROUP
NOTIFICATIONS {
tIPsecRadAcctPlcyFailure
}
STATUS current
DESCRIPTION
"The group of notifications supporting IPsec IKEv2 remote-access tunnel
feature on the Nokia SROS series systems."
::= { tmnxIPsecNotifGroups 2 }
tIPSecTrustAnchorProfNotifGroup NOTIFICATION-GROUP
NOTIFICATIONS {
tIPSecTrustAnchorPrfOprChg
}
STATUS current
DESCRIPTION
"The group of notifications supporting IPsec trust anchor profiles
feature on the Nokia SROS series systems release 12.0."
::= { tmnxIPsecNotifGroups 3 }
tIPSecTunnelEncapNotifGroup NOTIFICATION-GROUP
NOTIFICATIONS {
tIPsecTunnelEncapIpMtuTooSmall,
tIPsecRuTnlEncapIpMtuTooSmall
}
STATUS current
DESCRIPTION
"The group of notifications supporting IPsec tunnel encapsulation
feature on the Nokia SROS series systems release 12.0."
::= { tmnxIPsecNotifGroups 4 }
tmnxIPSecTunnelNotifV11v0Group NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxIPsecTunnelOperStateChange
}
STATUS current
DESCRIPTION
"The group of notifications supporting the IPsec tunnel feature on
Nokia SROS series systems release 11.0."
::= { tmnxIPsecNotifGroups 5 }
tmnxIPSecGWNotifV13v0Group NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxIPsecGWOperStateChange
}
STATUS current
DESCRIPTION
"The group of additional notifications supporting the IPsec gateway
feature on Nokia SROS series systems release 13.0."
::= { tmnxIPsecNotifGroups 6 }
tmnxIPsecTunnelNotifV19v0Group NOTIFICATION-GROUP
NOTIFICATIONS {
tIPsecTunnelProtocolFailed
}
STATUS current
DESCRIPTION
"The group of notifications supporting IPsec on the Nokia SROS series
systems release 19.0."
::= { tmnxIPsecNotifGroups 7 }
tmnxIPsecMGCompliances OBJECT IDENTIFIER ::= { tmnxIPsecConformance 4 }
tmnxIPsecMGGroups OBJECT IDENTIFIER ::= { tmnxIPsecConformance 5 }
tmnxIPsecNotifyPrefix OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 48 }
tmnxIPsecNotifications OBJECT IDENTIFIER ::= { tmnxIPsecNotifyPrefix 0 }
tIPsecRUTnlFailToCreate NOTIFICATION-TYPE
OBJECTS {
svcId,
sapPortId,
sapEncapValue,
tIPsecNotifRUTnlInetAddrType,
tIPsecNotifRUTnlInetAddress,
tIPsecNotifRUTnlPort,
tIPsecNotifReason
}
STATUS current
DESCRIPTION
"The trap tIPsecRUTnlFailToCreate is sent when creation of a
remote-user tunnel fails with reason indicated by tIPsecNotifReason."
::= { tmnxIPsecNotifications 1 }
tIPsecRUSAFailToAddRoute NOTIFICATION-TYPE
OBJECTS {
tIPsecRUSARemAddrType,
tIPsecRUSARemAddr,
tIPsecRUSARemAPrefLen,
tIPsecNotifReason
}
STATUS current
DESCRIPTION
"The trap tIPsecRUSAFailToAddRoute is sent when adding route to
tIPsecRUSARemAddr for the remote-user tunnel fails with reason
indicated by tIPsecNotifReason."
::= { tmnxIPsecNotifications 2 }
tIPsecBfdIntfSessStateChgd NOTIFICATION-TYPE
OBJECTS {
tIPsecNotifBfdIntfSvcId,
tIPsecNotifBfdIntfIfName,
tIPsecNotifBfdIntfDestIpType,
tIPsecNotifBfdIntfDestIp,
tIPsecNotifBfdIntfSessState
}
STATUS current
DESCRIPTION
"The notification tIPsecBfdIntfSessStateChgd is generated when the
operational state of BFD session of the IPSec instance changes."
::= { tmnxIPsecNotifications 3 }
tIPsecRadAcctPlcyFailure NOTIFICATION-TYPE
OBJECTS {
tIPsecRadAcctPlcyRowStatus,
tIPsecRadAcctPlcyFailReason
}
STATUS current
DESCRIPTION
"[CAUSE] The tIPsecRadAcctPlcyFailure notification is generated when a
RADIUS accounting request was not sent out successfully to any of the
RADIUS servers in the indicated accounting policy.
[EFFECT] The RADIUS server may not receive the accounting information.
[RECOVERY] Depending on the reason indicated as per
'tIPsecRadAcctPlcyFailReason', 'tIPsecRadAcctPlcyTable' configuration
may need to be changed."
::= { tmnxIPsecNotifications 4 }
tIPSecTrustAnchorPrfOprChg NOTIFICATION-TYPE
OBJECTS {
tIPsecTrustAnchorCAProfDown
}
STATUS current
DESCRIPTION
"[CAUSE] The tIPSecTrustAnchorPrfOprChg notification is generated when
not all of the trust-anchors in a profile are operational.
[EFFECT] Authentication of tunnels configured with the
trust-anchor-profile will fail if the trusted CA (Certificate
Authority) in the certificate chain is not operational.
[RECOVERY] Bring the trusted CA-profile operational up"
::= { tmnxIPsecNotifications 5 }
tIPsecTunnelEncapIpMtuTooSmall NOTIFICATION-TYPE
OBJECTS {
svcId,
sapPortId,
sapEncapValue,
tIPsecNotifIPsecTunnelName,
tIPsecNotifConfigIpMtu,
tIPsecNotifEncapOverhead,
tIPsecNotifConfigEncapIpMtu
}
STATUS current
DESCRIPTION
"[CAUSE] The tIPsecTunnelEncapIpMtuTooSmall notification is generated
when the addition of tunnel encapsulation to a packet at or near the
IPsec static tunnel's configured IP MTU may cause it to exceed the
tunnel's configured encapsulated IP MTU.
[EFFECT] The pre-encapsulated packet may be fragmented, and will
require reassembly by the tunnel remote endpoint, causing a
performance impact.
[RECOVERY] Configured IP MTU and/or encapsulated IP MTU may need to be
changed depending on the size of the encapsulation overhead as
indicated in 'tIPsecNotifEncapOverhead', and the transmission
capabilities of the tunnel's transport network."
::= { tmnxIPsecNotifications 6 }
tIPsecRuTnlEncapIpMtuTooSmall NOTIFICATION-TYPE
OBJECTS {
svcId,
sapPortId,
sapEncapValue,
tIPsecNotifRUTnlInetAddrType,
tIPsecNotifRUTnlInetAddress,
tIPsecNotifRUTnlPort,
tIPsecNotifConfigIpMtu,
tIPsecNotifEncapOverhead,
tIPsecNotifConfigEncapIpMtu
}
STATUS current
DESCRIPTION
"[CAUSE] The tIPsecRuTnlEncapIpMtuTooSmall notification is generated
when the addition of tunnel encapsulation to a packet at or near the
IPsec remote user tunnel's configured IP MTU may cause it to exceed
the tunnel's configured encapsulated IP MTU.
[EFFECT] The pre-encapsulated packet may be fragmented, and will
require reassembly by the tunnel remote endpoint, causing a
performance impact.
[RECOVERY] Configured IP MTU and/or encapsulated IP MTU may need to be
changed depending on the size of the encapsulation overhead as
indicated in 'tIPsecNotifEncapOverhead', and the transmission
capabilities of the tunnel's transport network."
::= { tmnxIPsecNotifications 7 }
tmnxSecNotifCmptedCertHashChngd NOTIFICATION-TYPE
OBJECTS {
tIPsecNotifCertProfileName,
tIPsecNotifCertProfEntryId,
tIPsecNotifCaProfNames
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxSecNotifCmptedCertHashChngd notification is generated
when the hash of a certificate chain is changed.
[EFFECT] The hash of the recomputed certificate chain will be used for
choosing cert-profile entry during new IPsec tunnel establishment.
[RECOVERY] If the changed CA certificate is used as a trust-anchor at
the peer, then the certificate should be updated at the peer as well
to ensure correct cert-profile entry selection."
::= { tmnxIPsecNotifications 8 }
tmnxSecNotifCmptedCertChnChngd NOTIFICATION-TYPE
OBJECTS {
tIPsecNotifCertProfileName,
tIPsecNotifCertProfEntryId,
tIPsecNotifCaProfNames
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxSecNotifCmptedCertChnChngd notification is generated
when a computed certificate chain is changed due to a dependent CA
profile being changed and brought into service.
[EFFECT] The hash of the recomputed certificate chain, if changed,
will be used for choosing cert-profile entry during new IPsec tunnel
establishment.
[RECOVERY] If the changed CA certificate is used as a trust-anchor at
the peer, then the certificate should be updated at the peer as well
to ensure correct cert-profile entry selection."
::= { tmnxIPsecNotifications 9 }
tmnxSecNotifSendChnNotInCmptChn NOTIFICATION-TYPE
OBJECTS {
tIPsecNotifCertProfileName,
tIPsecNotifCertProfEntryId,
tIPsecNotifCaProfNames
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxSecNotifSendChnNotInCmptChn notification is generated
when a CA profile not belonging to the computed certificate chain is
added to the send-chain of a cert-profile entry, or the certificate
chain is changed such that a CA-profile in the send-chain is no longer
a member of the chain.
[EFFECT] The CA certificate(s) to be sent to the peer is not a member
of the certificate chain that is requested by the peer for new IPsec
tunnel establishment.
[RECOVERY] Replace the send-chain CA profile that is not in the
certificate chain with one that is."
::= { tmnxIPsecNotifications 10 }
tmnxIPsecTunnelOperStateChange NOTIFICATION-TYPE
OBJECTS {
tmnxIPsecTunnelAdminState,
tmnxIPsecTunnelOperState,
tmnxIPsecTunnelOperFlags
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxIPsecTunnelOperStateChange notification is generated
when there is a change in tmnxIPsecTunnelOperState for an IPsec
tunnel.
[EFFECT] When the value of tmnxIPsecTunnelOperState is
'outOfService (3)', the IPsec tunnel is operationally down and
traffic arriving at the tunnel endpoints will not be encapsulated
and transported. When the value of tmnxIPsecTunnelOperState is
'inService (2)', the IPsec tunnel is operationally up. When the
value of tmnxIPsecGWOperState is 'limited (5)', the IPsec tunnel is
operationally up but may not be ready to re-establish the connection
until the conditions indicated in the tmnxIPsecTunnelOperFlags are
cleared.
[RECOVERY] Please refer to tmnxIPsecTunnelOperFlags for information on
why the tunnel is operationally down."
::= { tmnxIPsecNotifications 11 }
tmnxIPsecGWOperStateChange NOTIFICATION-TYPE
OBJECTS {
tmnxIPsecGWName,
tmnxIPsecGWAdminState,
tmnxIPsecGWOperState,
tmnxIPsecGWOperFlags
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxIPsecGWOperStateChange notification is generated when
there is a state change in tmnxIPsecGWOperState for an IPsec gateway.
[EFFECT] When the value of tmnxIPsecGWOperState is 'outOfService (3)',
the IPsec gateway is operationally down and it is not ready to
negotiate IKE sessions with remote clients. When the value of
tmnxIPsecGWOperState is 'inService (2)', the IPsec gateway is
operationally up. When the value of tmnxIPsecGWOperState is 'limited
(5)', the IPsec gateway is not fully operationally up due to the
conditions indicated in tmnxIPsecTunnelOperFlags and can only
negotiate limited new IKE sessions.
[RECOVERY] Please refer to tmnxIPsecGWOperFlags for information on why
the gateway is operationally down."
::= { tmnxIPsecNotifications 12 }
tIPsecRUTnlRemoved NOTIFICATION-TYPE
OBJECTS {
svcId,
sapPortId,
sapEncapValue,
tIPsecNotifRUTnlInetAddrType,
tIPsecNotifRUTnlInetAddress,
tIPsecNotifRUTnlPort,
tIPsecNotifReason
}
STATUS current
DESCRIPTION
"[CAUSE] A tIPsecRUTnlRemoved notification is generated when a
remote-user tunnel is removed under certain reasons, which are
indicated by tIPsecNotifReason (e.g., failed to renew private address
lease with DHCP server).
[EFFECT] The IPsec tunnel becomes operationally out of service."
::= { tmnxIPsecNotifications 13 }
tIPsecTunnelProtocolFailed NOTIFICATION-TYPE
OBJECTS {
tIPsecNotifTunnelType,
tIPsecNotifTunnelIdentifier,
tIPsecNotifReason
}
STATUS current
DESCRIPTION
"[CAUSE] A tIPsecTunnelProtocolFailed notification is generated when a
whenever there is abnormal event from protocol perspective to the
tunnel, which are indicated by tIPsecNotifReason (e.g., tunnel
encounters a dpd-timeout, or no-proposal-chosen during rekey, etc).
[EFFECT] These abnormal events don't always necessarily cause the
tunnel to change its operational-status or to be removed.
[RECOVERY] Please refer to operational-flags of the tunnel for more
information."
::= { tmnxIPsecNotifications 14 }
END
View Git Blame Copy Permalink