WATCHGUARD-IPSEC-SA-MON-MIB-EXT DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32, Integer32, Integer32, NOTIFICATION-TYPE, OBJECT-IDENTITY, enterprises FROM SNMPv2-SMI TEXTUAL-CONVENTION, TruthValue FROM SNMPv2-TC ifIndex FROM RFC1213-MIB IpsecDoiIdentType, IpsecDoiEncapsulationMode, IpsecDoiEspTransform, IpsecDoiAhTransform, IpsecDoiAuthAlgorithm, IpsecDoiIpcompTransform, IpsecDoiSecProtocolId FROM IPSEC-ISAKMP-IKE-DOI-TC watchguard FROM WATCHGUARD-MIB; wgIpsecSaMonModule MODULE-IDENTITY LAST-UPDATED "200701251200Z" ORGANIZATION "WatchGuard Technologies, Inc." CONTACT-INFO " Ella Yu WatchGuard Technologies, Inc. 1841 Zanker Road San Jose, CA 95112 USA 408-519-4888 " DESCRIPTION "The MIB module describes generic IPSec objects defined in IETF working draft 'draft-ieft-ipsec-monitor-mib-01' and WatchGuard's extension." REVISION "200701251200Z" DESCRIPTION "Initial revision." ::= { watchguard 3 } IpsecSaCreatorIdent ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "A value indicating how an SA was created." SYNTAX INTEGER { unknown(0), static(1), -- statically created ike(2), -- IKE other(3) } IpsecIpv6Address ::= TEXTUAL-CONVENTION DISPLAY-HINT "2x:2x:2x:2x:2x:2x:1d.1d.1d.1d" STATUS current DESCRIPTION "This data type is used to model IPv6 address prefixes. This is a binary string of 16 octets in network byte-order." SYNTAX OCTET STRING (SIZE (16)) wgIpsecSaMonitorMIB OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all IPSec branches." ::= { wgIpsecSaMonModule 1 } -- significant branches wgSaTables OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all SA tables." ::= { wgIpsecSaMonitorMIB 1 } wgSaStatistics OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global counters for IPSec security associations." ::= { wgIpsecSaMonitorMIB 2 } wgSaErrors OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global error counters for IPSec security associations." ::= { wgIpsecSaMonitorMIB 3 } -- the IPSec Inbound ESP MIB-Group -- -- a collection of objects providing information about -- IPSec Inbound ESP SAs wgIpsecSaEspInTable OBJECT-TYPE SYNTAX SEQUENCE OF WGIpsecSaEspInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table containing information on IPSec inbound ESP SAs. There should be one row for every inbound ESP security association that exists in the entity. The maximum number of rows is implementation dependent." ::= { wgSaTables 1 } wgIpsecSaEspInEntry OBJECT-TYPE SYNTAX WGIpsecSaEspInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) containing the information on a particular IPSec inbound ESP SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table." INDEX{ wgIpsecSaEspInAddress, wgIpsecSaEspInSpi } ::= { wgIpsecSaEspInTable 1 } WGIpsecSaEspInEntry ::= SEQUENCE { wgIpsecSaEspInAddress IpAddress, wgIpsecSaEspInSpi Integer32, wgIpsecSaEspInDestId OCTET STRING, wgIpsecSaEspInDestIdType IpsecDoiIdentType, wgIpsecSaEspInSourceId OCTET STRING, wgIpsecSaEspInSourceIdType IpsecDoiIdentType, wgIpsecSaEspInProtocol Integer32, wgIpsecSaEspInDestPort Integer32, wgIpsecSaEspInSourcePort Integer32, wgIpsecSaEspInCreator IpsecSaCreatorIdent, wgIpsecSaEspInEncapsulation IpsecDoiEncapsulationMode, wgIpsecSaEspInEncAlg IpsecDoiEspTransform, wgIpsecSaEspInEncKeyLength Integer32, wgIpsecSaEspInAuthAlg IpsecDoiAuthAlgorithm, wgIpsecSaEspInLimitSeconds Integer32, wgIpsecSaEspInLimitKbytes Integer32, wgIpsecSaEspInAccSeconds Counter32, wgIpsecSaEspInAccKbytes Counter32, wgIpsecSaEspInUserOctets Counter32, wgIpsecSaEspInPackets Counter32, wgIpsecSaEspInDecryptErrors Counter32, wgIpsecSaEspInAuthErrors Counter32, wgIpsecSaEspInReplayErrors Counter32, wgIpsecSaEspInPolicyErrors Counter32, wgIpsecSaEspInPadErrors Counter32, wgIpsecSaEspInOtherReceiveErrors Counter32 } wgIpsecSaEspInAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The destination address of the SA. For implementations that do not support IPv6, this address should appear as one of the IPv4-mapped IPv6 addresses as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is used for IPv4 only nodes, while the prefix '0000:0000:0000:0000:0000:0000:' is used for bi-lingual nodes." ::= { wgIpsecSaEspInEntry 1 } wgIpsecSaEspInSpi OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The security parameters index of the SA." REFERENCE "RFC 2406 Section 2.1" ::= { wgIpsecSaEspInEntry 2 } wgIpsecSaEspInDestId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during SA creation negotiation." ::= { wgIpsecSaEspInEntry 3 } wgIpsecSaEspInDestIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaEspInDestId', or 0 if unknown or if the SA uses transport mode encapsulation." ::= { wgIpsecSaEspInEntry 4 } wgIpsecSaEspInSourceId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The source identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchange during SA creation negotiation." ::= { wgIpsecSaEspInEntry 5 } wgIpsecSaEspInSourceIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaEspInSourceId', or 0 if unknown or if the SA uses transport mode encapsulation." ::= { wgIpsecSaEspInEntry 6 } wgIpsecSaEspInProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The transport-layer protocol number that this SA carries, or 0 if it carries any protocol." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaEspInEntry 7 } wgIpsecSaEspInDestPort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaEspInEntry 8 } wgIpsecSaEspInSourcePort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The source port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaEspInEntry 9 } wgIpsecSaEspInCreator OBJECT-TYPE SYNTAX IpsecSaCreatorIdent MAX-ACCESS read-only STATUS current DESCRIPTION "The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method." ::= { wgIpsecSaEspInEntry 10 } wgIpsecSaEspInEncapsulation OBJECT-TYPE SYNTAX IpsecDoiEncapsulationMode MAX-ACCESS read-only STATUS current DESCRIPTION "The type of encapsulation used by this SA." ::= { wgIpsecSaEspInEntry 11 } wgIpsecSaEspInEncAlg OBJECT-TYPE SYNTAX IpsecDoiEspTransform MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value representing the encryption algorithm applied to traffic or 0 if there is no encryption used." ::= { wgIpsecSaEspInEntry 12 } wgIpsecSaEspInEncKeyLength OBJECT-TYPE SYNTAX Integer32 (0..65531) UNITS "bits" MAX-ACCESS read-only STATUS current DESCRIPTION "The length of the encryption key in bits used for the algorithm specified in the 'wgIpsecSaEspInEncAlg' object, or 0 if the key length is implicit in the specified algorithm or there is no encryption specified." ::= { wgIpsecSaEspInEntry 13 } wgIpsecSaEspInAuthAlg OBJECT-TYPE SYNTAX IpsecDoiAuthAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value representing the hash algorithm applied to traffic or 0 if there is no authentication used." ::= { wgIpsecSaEspInEntry 14 } wgIpsecSaEspInLimitSeconds OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated." ::= { wgIpsecSaEspInEntry 15 } wgIpsecSaEspInLimitKbytes OBJECT-TYPE SYNTAX Integer32 UNITS "kilobytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum traffic in kilobytes that the SA is allowed to support, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated." ::= { wgIpsecSaEspInEntry 16 } wgIpsecSaEspInAccSeconds OBJECT-TYPE SYNTAX Counter32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed." ::= { wgIpsecSaEspInEntry 17 } wgIpsecSaEspInAccKbytes OBJECT-TYPE SYNTAX Counter32 UNITS "kilobytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in Kbytes. This value may be 0 if the SA does not expire based on traffic." ::= { wgIpsecSaEspInEntry 18 } wgIpsecSaEspInUserOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of user level traffic measured in bytes handled by the SA. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit." ::= { wgIpsecSaEspInEntry 19 } wgIpsecSaEspInPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets handled by the SA." ::= { wgIpsecSaEspInEntry 20 } wgIpsecSaEspInDecryptErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to decryption errors." ::= { wgIpsecSaEspInEntry 21 } wgIpsecSaEspInAuthErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to authentication errors." ::= { wgIpsecSaEspInEntry 22 } wgIpsecSaEspInReplayErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to replay errors." ::= { wgIpsecSaEspInEntry 23 } wgIpsecSaEspInPolicyErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to policy errors. This includes packets where the next protocol is invalid." ::= { wgIpsecSaEspInEntry 24 } wgIpsecSaEspInPadErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to pad value errors. Implementations that do not check this must not support this object." REFERENCE "RFC 2406 section 2.4" ::= { wgIpsecSaEspInEntry 25 } wgIpsecSaEspInOtherReceiveErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to errors other than decryption, authentication or replay errors. This may include packets dropped due to a lack of receive buffers, and may include packets dropped due to congestion at the decryption element." ::= { wgIpsecSaEspInEntry 26 } -- the IPSec Inbound AH MIB-Group -- -- a collection of objects providing information about -- IPSec Inbound AH SAs wgIpsecSaAhInTable OBJECT-TYPE SYNTAX SEQUENCE OF WGIpsecSaAhInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table containing information on IPSec inbound AH SAs. There should be one row for every inbound AH security association that exists in the entity. The maximum number of rows is implementation dependent." ::= { wgSaTables 2 } wgIpsecSaAhInEntry OBJECT-TYPE SYNTAX WGIpsecSaAhInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) containing the information on a particular IPSec inbound AH SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table." INDEX{ wgIpsecSaAhInAddress, wgIpsecSaAhInSpi } ::= { wgIpsecSaAhInTable 1 } WGIpsecSaAhInEntry ::= SEQUENCE { wgIpsecSaAhInAddress IpAddress, wgIpsecSaAhInSpi Integer32, wgIpsecSaAhInDestId OCTET STRING, wgIpsecSaAhInDestIdType IpsecDoiIdentType, wgIpsecSaAhInSourceId OCTET STRING, wgIpsecSaAhInSourceIdType IpsecDoiIdentType, wgIpsecSaAhInProtocol Integer32, wgIpsecSaAhInDestPort Integer32, wgIpsecSaAhInSourcePort Integer32, wgIpsecSaAhInCreator IpsecSaCreatorIdent, wgIpsecSaAhInEncapsulation IpsecDoiEncapsulationMode, wgIpsecSaAhInAuthAlg IpsecDoiAhTransform, wgIpsecSaAhInLimitSeconds Integer32, wgIpsecSaAhInLimitKbytes Integer32, wgIpsecSaAhInAccSeconds Counter32, wgIpsecSaAhInAccKbytes Counter32, wgIpsecSaAhInUserOctets Counter32, wgIpsecSaAhInPackets Counter32, -- error statistics wgIpsecSaAhInAuthErrors Counter32, wgIpsecSaAhInReplayErrors Counter32, wgIpsecSaAhInPolicyErrors Counter32, wgIpsecSaAhInOtherReceiveErrors Counter32 } wgIpsecSaAhInAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The destination address of the SA. For implementations that do not support IPv6, this address should appear as one of the IPv4-mapped IPv6 addresses as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is used for IPv4 only nodes, while the prefix '0000:0000:0000:0000:0000:0000:' is used for bi-lingual nodes." ::= { wgIpsecSaAhInEntry 1 } wgIpsecSaAhInSpi OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The security parameters index of the SA." REFERENCE "RFC 2402 Section 2.4" ::= { wgIpsecSaAhInEntry 2 } wgIpsecSaAhInDestId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchange during SA creation negotiation." ::= { wgIpsecSaAhInEntry 3 } wgIpsecSaAhInDestIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaAhInDestId', or 0 if unknown or if the SA uses transport mode encapsulation." ::= { wgIpsecSaAhInEntry 4 } wgIpsecSaAhInSourceId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The source identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchange during SA creation negotiation." ::= { wgIpsecSaAhInEntry 5 } wgIpsecSaAhInSourceIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaAhInSourceId', or 0 if unknown or if the SA uses transport mode encapsulation." ::= { wgIpsecSaAhInEntry 6 } wgIpsecSaAhInProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The transport-layer protocol number that this SA carries, or 0 if it carries any protocol." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaAhInEntry 7 } wgIpsecSaAhInDestPort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaAhInEntry 8 } wgIpsecSaAhInSourcePort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The source port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaAhInEntry 9 } wgIpsecSaAhInCreator OBJECT-TYPE SYNTAX IpsecSaCreatorIdent MAX-ACCESS read-only STATUS current DESCRIPTION "The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method." ::= { wgIpsecSaAhInEntry 10 } wgIpsecSaAhInEncapsulation OBJECT-TYPE SYNTAX IpsecDoiEncapsulationMode MAX-ACCESS read-only STATUS current DESCRIPTION "The type of encapsulation used by this SA." ::= { wgIpsecSaAhInEntry 11 } wgIpsecSaAhInAuthAlg OBJECT-TYPE SYNTAX IpsecDoiAhTransform MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value representing the hash algorithm applied to traffic carried by this SA if it uses ESP or 0 if there is no authentication applied by ESP." ::= { wgIpsecSaAhInEntry 12 } wgIpsecSaAhInLimitSeconds OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated." ::= { wgIpsecSaAhInEntry 13 } wgIpsecSaAhInLimitKbytes OBJECT-TYPE SYNTAX Integer32 UNITS "kilobytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum traffic in Kbytes that the SA is allowed to support, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated." ::= { wgIpsecSaAhInEntry 14 } wgIpsecSaAhInAccSeconds OBJECT-TYPE SYNTAX Counter32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed." ::= { wgIpsecSaAhInEntry 15 } wgIpsecSaAhInAccKbytes OBJECT-TYPE SYNTAX Counter32 UNITS "kilobytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in Kbytes. This value may be 0 if the SA does not expire based on traffic." ::= { wgIpsecSaAhInEntry 16 } wgIpsecSaAhInUserOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of user level traffic measured in bytes handled by the SA. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit." ::= { wgIpsecSaAhInEntry 17 } wgIpsecSaAhInPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets handled by the SA." ::= { wgIpsecSaAhInEntry 18 } wgIpsecSaAhInAuthErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to authentication errors." ::= { wgIpsecSaAhInEntry 19 } wgIpsecSaAhInReplayErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to replay errors." ::= { wgIpsecSaAhInEntry 20 } wgIpsecSaAhInPolicyErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to policy errors. This includes packets where the next protocol is invalid." ::= { wgIpsecSaAhInEntry 21 } wgIpsecSaAhInOtherReceiveErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to errors other than decryption, authentication or replay errors. This may include packets dropped due to a lack of receive buffers, and may include packets dropped due to congestion at the authentication element." ::= { wgIpsecSaAhInEntry 22 } -- the IPSec Inbound IPCOMP MIB-Group -- -- a collection of objects providing information about -- IPSec Inbound IPCOMP SAs wgIpsecSaIpcompInTable OBJECT-TYPE SYNTAX SEQUENCE OF WGIpsecSaIpcompInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table containing information on IPSec inbound IPCOMP SAs. There should be one row for every inbound IPCOMP (security) association that exists in the entity. The maximum number of rows is implementation dependent." ::= { wgSaTables 3 } wgIpsecSaIpcompInEntry OBJECT-TYPE SYNTAX WGIpsecSaIpcompInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) containing the information on a particular IPSec inbound IPCOMP SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table." INDEX{ wgIpsecSaIpcompInAddress, wgIpsecSaIpcompInCpi } ::= { wgIpsecSaIpcompInTable 1 } WGIpsecSaIpcompInEntry ::= SEQUENCE { wgIpsecSaIpcompInAddress IpAddress, wgIpsecSaIpcompInCpi IpsecDoiIpcompTransform, wgIpsecSaIpcompInDestId OCTET STRING, wgIpsecSaIpcompInDestIdType IpsecDoiIdentType, wgIpsecSaIpcompInSourceId OCTET STRING, wgIpsecSaIpcompInSourceIdType IpsecDoiIdentType, wgIpsecSaIpcompInProtocol Integer32, wgIpsecSaIpcompInDestPort Integer32, wgIpsecSaIpcompInSourcePort Integer32, wgIpsecSaIpcompInCreator IpsecSaCreatorIdent, wgIpsecSaIpcompInEncapsulation IpsecDoiEncapsulationMode, wgIpsecSaIpcompInDecompAlg IpsecDoiIpcompTransform, wgIpsecSaIpcompInSeconds Counter32, wgIpsecSaIpcompInUserOctets Counter32, wgIpsecSaIpcompInPackets Counter32, wgIpsecSaIpcompInDecompErrors Counter32, wgIpsecSaIpcompInOtherReceiveErrors Counter32 } wgIpsecSaIpcompInAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The destination address of the SA. For implementations that do not support IPv6, this address should appear as one of the IPv4-mapped IPv6 addresses as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is used for IPv4 only nodes, while the prefix '0000:0000:0000:0000:0000:0000:' is used for bi-lingual nodes." ::= { wgIpsecSaIpcompInEntry 1 } wgIpsecSaIpcompInCpi OBJECT-TYPE SYNTAX IpsecDoiIpcompTransform MAX-ACCESS read-only STATUS current DESCRIPTION "The CPI of the SA. Since the lower values of CPIs are reserved to be the same as the algorithm, the syntax for this object is the same as the transform." REFERENCE "RFC 2393 Section 3.3" ::= { wgIpsecSaIpcompInEntry 2 } wgIpsecSaIpcompInDestId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination identifier of the SA, or 0 if unknown or if the SA uses transport mode, or 0 if this SA is used with multiple SAs in protection suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchange during SA creation negotiation." ::= { wgIpsecSaIpcompInEntry 3 } wgIpsecSaIpcompInDestIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaIpcompInDestId', or 0 if unknown or if the SA uses transport mode, or 0 if this SA is used with multiple SAs in protection suites." ::= { wgIpsecSaIpcompInEntry 4 } wgIpsecSaIpcompInSourceId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The source identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation, or 0 if this SA is used with multiple SAs in protection suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchange during SA creation negotiation." ::= { wgIpsecSaIpcompInEntry 5 } wgIpsecSaIpcompInSourceIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaIpcompInSourceId', or 0 if unknown or if the SA uses transport mode encapsulation, or 0 if this SA is used with multiple SAs in protection suites." ::= { wgIpsecSaIpcompInEntry 6 } wgIpsecSaIpcompInProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The transport-layer protocol number that this SA carries, or 0 if it carries any protocol." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaIpcompInEntry 7 } wgIpsecSaIpcompInDestPort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaIpcompInEntry 8 } wgIpsecSaIpcompInSourcePort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The source port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaIpcompInEntry 9 } wgIpsecSaIpcompInCreator OBJECT-TYPE SYNTAX IpsecSaCreatorIdent MAX-ACCESS read-only STATUS current DESCRIPTION "The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method." ::= { wgIpsecSaIpcompInEntry 10 } wgIpsecSaIpcompInEncapsulation OBJECT-TYPE SYNTAX IpsecDoiEncapsulationMode MAX-ACCESS read-only STATUS current DESCRIPTION "The type of encapsulation used by this SA." ::= { wgIpsecSaIpcompInEntry 11 } wgIpsecSaIpcompInDecompAlg OBJECT-TYPE SYNTAX IpsecDoiIpcompTransform MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value representing the decompression algorithm applied to traffic." ::= { wgIpsecSaIpcompInEntry 12 } wgIpsecSaIpcompInSeconds OBJECT-TYPE SYNTAX Counter32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of seconds that the SA has existed." ::= { wgIpsecSaIpcompInEntry 13 } wgIpsecSaIpcompInUserOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of user level traffic measured in bytes handled by the SA." ::= { wgIpsecSaIpcompInEntry 14 } wgIpsecSaIpcompInPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets handled by the SA." ::= { wgIpsecSaIpcompInEntry 15 } wgIpsecSaIpcompInDecompErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to decompression errors." ::= { wgIpsecSaIpcompInEntry 16 } wgIpsecSaIpcompInOtherReceiveErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to errors other than decompression errors. This may include packets dropped due to a lack of receive buffers, and packets dropped due to congestion at the decompression element." ::= { wgIpsecSaIpcompInEntry 17 } -- the IPSec Outbound ESP MIB-Group -- -- a collection of objects providing information about -- IPSec Outbound ESP SAs wgIpsecSaEspOutTable OBJECT-TYPE SYNTAX SEQUENCE OF WGIpsecSaEspOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table containing information on IPSec Outbound ESP SAs. There should be one row for every outbound ESP security association that exists in the entity. The maximum number of rows is implementation dependent." ::= { wgSaTables 4 } wgIpsecSaEspOutEntry OBJECT-TYPE SYNTAX WGIpsecSaEspOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) containing the information on a particular IPSec Outbound ESP SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table." INDEX{ wgIpsecSaEspOutAddress, wgIpsecSaEspOutSpi } ::= { wgIpsecSaEspOutTable 1 } WGIpsecSaEspOutEntry ::= SEQUENCE { wgIpsecSaEspOutAddress IpAddress, wgIpsecSaEspOutSpi Integer32, wgIpsecSaEspOutSourceId OCTET STRING, wgIpsecSaEspOutSourceIdType IpsecDoiIdentType, wgIpsecSaEspOutDestId OCTET STRING, wgIpsecSaEspOutDestIdType IpsecDoiIdentType, wgIpsecSaEspOutProtocol Integer32, wgIpsecSaEspOutSourcePort Integer32, wgIpsecSaEspOutDestPort Integer32, wgIpsecSaEspOutCreator IpsecSaCreatorIdent, wgIpsecSaEspOutEncapsulation IpsecDoiEncapsulationMode, wgIpsecSaEspOutEncAlg IpsecDoiEspTransform, wgIpsecSaEspOutEncKeyLength Integer32, wgIpsecSaEspOutAuthAlg IpsecDoiAuthAlgorithm, wgIpsecSaEspOutLimitSeconds Integer32, wgIpsecSaEspOutLimitKbytes Integer32, wgIpsecSaEspOutAccSeconds Counter32, wgIpsecSaEspOutAccKbytes Counter32, wgIpsecSaEspOutUserOctets Counter32, wgIpsecSaEspOutPackets Counter32, wgIpsecSaEspOutSendErrors Counter32 } wgIpsecSaEspOutAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The destination address of the SA. For implementations that do not support IPv6, this address should appear as one of the IPv4-mapped IPv6 addresses as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is used for IPv4 only nodes, while the prefix '0000:0000:0000:0000:0000:0000:' is used for bi-lingual nodes." ::= { wgIpsecSaEspOutEntry 1 } wgIpsecSaEspOutSpi OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The security parameters index of the SA." REFERENCE "RFC 2406 Section 2.1" ::= { wgIpsecSaEspOutEntry 2 } wgIpsecSaEspOutSourceId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (4..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The source identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchange during phase 2 negotiations." ::= { wgIpsecSaEspOutEntry 3 } wgIpsecSaEspOutSourceIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaEspOutSourceId', or 0 if unknown or if the SA uses transport mode encapsulation." ::= { wgIpsecSaEspOutEntry 4 } wgIpsecSaEspOutDestId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (4..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchange during phase 2 negotiations." ::= { wgIpsecSaEspOutEntry 5 } wgIpsecSaEspOutDestIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaEspOutDestId', or 0 if unknown or if the SA uses transport mode encapsulation." ::= { wgIpsecSaEspOutEntry 6 } wgIpsecSaEspOutProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The transport-layer protocol number that this SA carries, or 0 if it carries any protocol." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaEspOutEntry 7 } wgIpsecSaEspOutSourcePort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The source port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaEspOutEntry 8 } wgIpsecSaEspOutDestPort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaEspOutEntry 9 } wgIpsecSaEspOutCreator OBJECT-TYPE SYNTAX IpsecSaCreatorIdent MAX-ACCESS read-only STATUS current DESCRIPTION "The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method." ::= { wgIpsecSaEspOutEntry 10 } wgIpsecSaEspOutEncapsulation OBJECT-TYPE SYNTAX IpsecDoiEncapsulationMode MAX-ACCESS read-only STATUS current DESCRIPTION "The type of encapsulation used by this SA." ::= { wgIpsecSaEspOutEntry 11 } wgIpsecSaEspOutEncAlg OBJECT-TYPE SYNTAX IpsecDoiEspTransform MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value representing the encryption algorithm applied to traffic or 0 if there is no encryption used." ::= { wgIpsecSaEspOutEntry 12 } wgIpsecSaEspOutEncKeyLength OBJECT-TYPE SYNTAX Integer32 (0..65531) UNITS "bits" MAX-ACCESS read-only STATUS current DESCRIPTION "The length of the encryption key in bits used for the algorithm specified in the 'wgIpsecSaEspOutEncAlg' object, or 0 if the key length is implicit in the specified algorithm or there is no encryption specified." ::= { wgIpsecSaEspOutEntry 13 } wgIpsecSaEspOutAuthAlg OBJECT-TYPE SYNTAX IpsecDoiAuthAlgorithm MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value representing the hash algorithm applied to traffic or 0 if there is no authentication used." ::= { wgIpsecSaEspOutEntry 14 } wgIpsecSaEspOutLimitSeconds OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated." ::= { wgIpsecSaEspOutEntry 15 } wgIpsecSaEspOutLimitKbytes OBJECT-TYPE SYNTAX Integer32 UNITS "kilobytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum traffic in kbytes that the SA is allowed to support, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated." ::= { wgIpsecSaEspOutEntry 16 } wgIpsecSaEspOutAccSeconds OBJECT-TYPE SYNTAX Counter32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed." ::= { wgIpsecSaEspOutEntry 17 } wgIpsecSaEspOutAccKbytes OBJECT-TYPE SYNTAX Counter32 UNITS "kilobytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in Kbytes. This value may be 0 if the SA does not expire based on traffic." ::= { wgIpsecSaEspOutEntry 18 } wgIpsecSaEspOutUserOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of user level traffic measured in bytes handled by the SA. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit." ::= { wgIpsecSaEspOutEntry 19 } wgIpsecSaEspOutPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets handled by the SA." ::= { wgIpsecSaEspOutEntry 20 } wgIpsecSaEspOutSendErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to any error. This may include errors due to a lack of transmit buffers." ::= { wgIpsecSaEspOutEntry 21 } -- the IPSec Outbound AH MIB-Group -- -- a collection of objects providing information about -- IPSec Outbound AH SAs wgIpsecSaAhOutTable OBJECT-TYPE SYNTAX SEQUENCE OF WGIpsecSaAhOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table containing information on IPSec Outbound AH SAs. There should be one row for every outbound AH security association that exists in the entity. The maximum number of rows is implementation dependent." ::= { wgSaTables 5 } wgIpsecSaAhOutEntry OBJECT-TYPE SYNTAX WGIpsecSaAhOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) containing the information on a particular IPSec Outbound AH SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table." INDEX{ wgIpsecSaAhOutAddress, wgIpsecSaAhOutSpi } ::= { wgIpsecSaAhOutTable 1 } WGIpsecSaAhOutEntry ::= SEQUENCE { wgIpsecSaAhOutAddress IpAddress, wgIpsecSaAhOutSpi Integer32, wgIpsecSaAhOutSourceId OCTET STRING, wgIpsecSaAhOutSourceIdType IpsecDoiIdentType, wgIpsecSaAhOutDestId OCTET STRING, wgIpsecSaAhOutDestIdType IpsecDoiIdentType, wgIpsecSaAhOutProtocol Integer32, wgIpsecSaAhOutSourcePort Integer32, wgIpsecSaAhOutDestPort Integer32, wgIpsecSaAhOutCreator IpsecSaCreatorIdent, wgIpsecSaAhOutEncapsulation IpsecDoiEncapsulationMode, wgIpsecSaAhOutAuthAlg IpsecDoiAhTransform, wgIpsecSaAhOutLimitSeconds Integer32, wgIpsecSaAhOutLimitKbytes Integer32, wgIpsecSaAhOutAccSeconds Counter32, wgIpsecSaAhOutAccKbytes Counter32, wgIpsecSaAhOutUserOctets Counter32, wgIpsecSaAhOutPackets Counter32, wgIpsecSaAhOutSendErrors Counter32 } wgIpsecSaAhOutAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The destination address of the SA. For implementations that do not support IPv6, this address should appear as one of the IPv4-mapped IPv6 addresses as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is used for IPv4 only nodes, while the prefix '0000:0000:0000:0000:0000:0000:' is used for bi-lingual nodes." ::= { wgIpsecSaAhOutEntry 1 } wgIpsecSaAhOutSpi OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The security parameters index of the SA." REFERENCE "RFC 2402 Section 2.4" ::= { wgIpsecSaAhOutEntry 2 } wgIpsecSaAhOutSourceId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (4..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The source identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchange during phase 2 negotiations." ::= { wgIpsecSaAhOutEntry 3 } wgIpsecSaAhOutSourceIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaAhOutSourceId', or 0 if unknown or if the SA uses transport mode encapsulation." ::= { wgIpsecSaAhOutEntry 4 } wgIpsecSaAhOutDestId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (4..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchange during phase 2 negotiations." ::= { wgIpsecSaAhOutEntry 5 } wgIpsecSaAhOutDestIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaAhOutDestId', or 0 if unknown or if the SA uses transport mode encapsulation." ::= { wgIpsecSaAhOutEntry 6 } wgIpsecSaAhOutProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The transport-layer protocol number that this SA carries, or 0 if it carries any protocol." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaAhOutEntry 7 } wgIpsecSaAhOutSourcePort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The source port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaAhOutEntry 8 } wgIpsecSaAhOutDestPort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaAhOutEntry 9 } wgIpsecSaAhOutCreator OBJECT-TYPE SYNTAX IpsecSaCreatorIdent MAX-ACCESS read-only STATUS current DESCRIPTION "The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method." ::= { wgIpsecSaAhOutEntry 10 } wgIpsecSaAhOutEncapsulation OBJECT-TYPE SYNTAX IpsecDoiEncapsulationMode MAX-ACCESS read-only STATUS current DESCRIPTION "The type of encapsulation used by this SA." ::= { wgIpsecSaAhOutEntry 11 } wgIpsecSaAhOutAuthAlg OBJECT-TYPE SYNTAX IpsecDoiAhTransform MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value representing the hash algorithm applied to traffic or 0 if there is no authentication used." ::= { wgIpsecSaAhOutEntry 12 } wgIpsecSaAhOutLimitSeconds OBJECT-TYPE SYNTAX Integer32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated." ::= { wgIpsecSaAhOutEntry 13 } wgIpsecSaAhOutLimitKbytes OBJECT-TYPE SYNTAX Integer32 UNITS "kilobytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum traffic in Kbytes that the SA is allowed to support, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated." ::= { wgIpsecSaAhOutEntry 14 } wgIpsecSaAhOutAccSeconds OBJECT-TYPE SYNTAX Counter32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed." ::= { wgIpsecSaAhOutEntry 15 } wgIpsecSaAhOutAccKbytes OBJECT-TYPE SYNTAX Counter32 UNITS "kilobytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in Kbytes. This value may be 0 if the SA does not expire based on traffic." ::= { wgIpsecSaAhOutEntry 16 } wgIpsecSaAhOutUserOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of user level traffic measured in bytes handled by the SA. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit." ::= { wgIpsecSaAhOutEntry 17 } wgIpsecSaAhOutPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets handled by the SA." ::= { wgIpsecSaAhOutEntry 18 } wgIpsecSaAhOutSendErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets discarded by the SA due to any error. This may include errors due to a lack of transmit buffers." ::= { wgIpsecSaAhOutEntry 19 } -- the IPSec Outbound IPCOMP MIB-Group -- -- a collection of objects providing information about -- IPSec Outbound IPCOMP SAs wgIpsecSaIpcompOutTable OBJECT-TYPE SYNTAX SEQUENCE OF WGIpsecSaIpcompOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table containing information on IPSec Outbound IPCOMP SAs. There should be one row for every outbound IPCOMP (security) association that exists in the entity. The maximum number of rows is implementation dependent." ::= { wgSaTables 6 } wgIpsecSaIpcompOutEntry OBJECT-TYPE SYNTAX WGIpsecSaIpcompOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) containing the information on a particular IPSec Outbound IPCOMP SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table." INDEX{ wgIpsecSaIpcompOutAddress, wgIpsecSaIpcompOutCpi } ::= { wgIpsecSaIpcompOutTable 1 } WGIpsecSaIpcompOutEntry ::= SEQUENCE { wgIpsecSaIpcompOutAddress IpAddress, wgIpsecSaIpcompOutCpi IpsecDoiIpcompTransform, wgIpsecSaIpcompOutSourceId OCTET STRING, wgIpsecSaIpcompOutSourceIdType IpsecDoiIdentType, wgIpsecSaIpcompOutDestId OCTET STRING, wgIpsecSaIpcompOutDestIdType IpsecDoiIdentType, wgIpsecSaIpcompOutProtocol Integer32, wgIpsecSaIpcompOutSourcePort Integer32, wgIpsecSaIpcompOutDestPort Integer32, wgIpsecSaIpcompOutCreator IpsecSaCreatorIdent, wgIpsecSaIpcompOutEncapsulation IpsecDoiEncapsulationMode, wgIpsecSaIpcompOutCompAlg IpsecDoiIpcompTransform, wgIpsecSaIpcompOutSeconds Counter32, wgIpsecSaIpcompOutUserOctets Counter32, wgIpsecSaIpcompOutPackets Counter32 } wgIpsecSaIpcompOutAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The destination address of the SA. If the IPCOMP SA is shared across multiple SAs in protection suites, this value may be 0. For implementations that do not support IPv6, this address should appear as one of the IPv4-mapped IPv6 addresses as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is used for IPv4 only nodes, while the prefix '0000:0000:0000:0000:0000:0000:' is used for bi-lingual nodes." ::= { wgIpsecSaIpcompOutEntry 1 } wgIpsecSaIpcompOutCpi OBJECT-TYPE SYNTAX IpsecDoiIpcompTransform MAX-ACCESS read-only STATUS current DESCRIPTION "The CPI of the SA. Since the lower values of CPIs are reserved to be the same as the algorithm, the syntax for this object is the same as the transform." REFERENCE "RFC 2393 Section 3.3" ::= { wgIpsecSaIpcompOutEntry 2 } wgIpsecSaIpcompOutSourceId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (4..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The source identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation, or 0 if this SA is used with multiple SAs in protection suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchange during phase 2 negotiations." ::= { wgIpsecSaIpcompOutEntry 3 } wgIpsecSaIpcompOutSourceIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaIpcompOutSourceId', or 0 if unknown or if the SA uses transport mode encapsulation, or 0 if this SA is used with multiple SAs in protection suites." ::= { wgIpsecSaIpcompOutEntry 4 } wgIpsecSaIpcompOutDestId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (4..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination identifier of the SA, or 0 if unknown or if the SA uses transport mode encapsulation, or 0 if this SA is used with multiple SAs in protection suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchange during phase 2 negotiations." ::= { wgIpsecSaIpcompOutEntry 5 } wgIpsecSaIpcompOutDestIdType OBJECT-TYPE SYNTAX IpsecDoiIdentType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of identifier presented by 'wgIpsecSaIpcompOutDestId', or 0 if unknown or if the SA uses transport mode encapsulation, or 0 if this SA is used with multiple SAs in protection suites." ::= { wgIpsecSaIpcompOutEntry 6 } wgIpsecSaIpcompOutProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The transport-layer protocol number that this SA carries, or 0 if it carries any protocol." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaIpcompOutEntry 7 } wgIpsecSaIpcompOutSourcePort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The source port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaIpcompOutEntry 8 } wgIpsecSaIpcompOutDestPort OBJECT-TYPE SYNTAX Integer32 (0.. 65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The destination port number of the protocol that this SA carries, or 0 if it carries any port number." REFERENCE "RFC2401 section 4.4.2" ::= { wgIpsecSaIpcompOutEntry 9 } wgIpsecSaIpcompOutCreator OBJECT-TYPE SYNTAX IpsecSaCreatorIdent MAX-ACCESS read-only STATUS current DESCRIPTION "The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method." ::= { wgIpsecSaIpcompOutEntry 10 } wgIpsecSaIpcompOutEncapsulation OBJECT-TYPE SYNTAX IpsecDoiEncapsulationMode MAX-ACCESS read-only STATUS current DESCRIPTION "The type of encapsulation used by this SA." ::= { wgIpsecSaIpcompOutEntry 11 } wgIpsecSaIpcompOutCompAlg OBJECT-TYPE SYNTAX IpsecDoiIpcompTransform MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value representing the compression algorithm applied to traffic." ::= { wgIpsecSaIpcompOutEntry 12 } wgIpsecSaIpcompOutSeconds OBJECT-TYPE SYNTAX Counter32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of seconds that the SA has existed." ::= { wgIpsecSaIpcompOutEntry 13 } wgIpsecSaIpcompOutUserOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of user level traffic measured in bytes handled by the SA. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit." ::= { wgIpsecSaIpcompOutEntry 14 } wgIpsecSaIpcompOutPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets handled by the SA." ::= { wgIpsecSaIpcompOutEntry 15 } -- -- entity IPSec statistics -- wgIpsecEspCurrentInboundSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of inbound ESP SAs in the entity." ::= { wgSaStatistics 1 } wgIpsecEspTotalInboundSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound ESP SAs created in the entity since boot time." ::= { wgSaStatistics 2 } wgIpsecEspCurrentOutboundSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of outbound ESP SAs in the entity." ::= { wgSaStatistics 3 } wgIpsecEspTotalOutboundSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound ESP SAs created in the entity since boot time." ::= { wgSaStatistics 4 } wgIpsecAhCurrentInboundSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of inbound AH SAs in the entity." ::= { wgSaStatistics 5 } wgIpsecAhTotalInboundSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound AH SAs created in the entity since boot time." ::= { wgSaStatistics 6 } wgIpsecAhCurrentOutboundSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of outbound AH SAs in the entity." ::= { wgSaStatistics 7 } wgIpsecAhTotalOutboundSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound AH SAs created in the entity since boot time." ::= { wgSaStatistics 8 } wgIpsecIpcompCurrentInboundSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of inbound IPCOMP SAs in the entity." ::= { wgSaStatistics 9 } wgIpsecIpcompTotalInboundSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of inbound IPCOMP SAs created in the entity since boot time." ::= { wgSaStatistics 10 } wgIpsecIpcompCurrentOutboundSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of outbound IPCOMP SAs in the entity." ::= { wgSaStatistics 11 } wgIpsecIpcompTotalOutboundSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of outbound IPCOMP SAs created in the entity since boot time." ::= { wgSaStatistics 12 } -- -- IPSec error counts -- wgIpsecDecryptionErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the entity in SAs since boot time with decryption errors." ::= { wgSaErrors 1 } wgIpsecAuthenticationErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the entity in SAs since boot time with authentication errors. This includes all packets in which the hash value is determined to be invalid, for both ESP and AH SAs." ::= { wgSaErrors 2 } wgIpsecReplayErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the entity in SAs since boot time with replay errors." ::= { wgSaErrors 3 } wgIpsecPolicyErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the entity in SAs since boot time and discarded due to policy errors. This includes packets that had selectors that were invalid for the SA that carried them." ::= { wgSaErrors 4 } wgIpsecOtherReceiveErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the entity in SAs since boot time and discarded due to errors not due to decryption, authentication, replay or policy." ::= { wgSaErrors 5 } wgIpsecSendErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets to be sent by the entity in SAs since boot time and discarded due to errors." ::= { wgSaErrors 6 } wgIpsecUnknownSpiErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the entity since boot time with SPIs or CPIs that were not valid." ::= { wgSaErrors 7 } END