mibs/MIBS/nortel/RAPID-IPSEC-SA-MON-MIB-EXT

2260 lines
78 KiB
Plaintext
Raw Normal View History

2023-12-05 12:25:34 +01:00
RAPID-IPSEC-SA-MON-MIB-EXT DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32,
Integer32, Integer32, NOTIFICATION-TYPE,
OBJECT-IDENTITY, enterprises
FROM SNMPv2-SMI
TEXTUAL-CONVENTION, TruthValue
FROM SNMPv2-TC
ifIndex FROM RFC1213-MIB
IpsecDoiIdentType,
IpsecDoiEncapsulationMode,
IpsecDoiEspTransform,
IpsecDoiAhTransform,
IpsecDoiAuthAlgorithm,
IpsecDoiIpcompTransform,
IpsecDoiSecProtocolId
FROM IPSEC-ISAKMP-IKE-DOI-TC
rapidstream
FROM RAPID-MIB;
rsIpsecSaMonModule MODULE-IDENTITY
LAST-UPDATED "200003211200Z"
ORGANIZATION "WatchGuard Technologies, Inc."
CONTACT-INFO
" Ella Yu
WatchGuard Technologies, Inc.
1841 Zanker Road
San Jose, CA 95112
USA
408-519-4888
ella.yu@watchguard.com "
DESCRIPTION
"The MIB module describes generic IPSec objects
defined in IETF working draft
'draft-ieft-ipsec-monitor-mib-01' and RapidStream's
extension."
REVISION "200003211200Z"
DESCRIPTION
"Initial revision."
REVISION "200211011200Z"
DESCRIPTION
"Changed CONTACT-INFO."
::= { rapidstream 3 }
IpsecSaCreatorIdent ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"A value indicating how an SA was created."
SYNTAX INTEGER {
unknown(0),
static(1), -- statically created
ike(2), -- IKE
other(3)
}
IpsecIpv6Address ::= TEXTUAL-CONVENTION
DISPLAY-HINT "2x:2x:2x:2x:2x:2x:1d.1d.1d.1d"
STATUS current
DESCRIPTION
"This data type is used to model IPv6 address prefixes. This
is a binary string of 16 octets in network byte-order."
SYNTAX OCTET STRING (SIZE (16))
rsIpsecSaMonitorMIB OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all IPSec branches."
::= { rsIpsecSaMonModule 1 }
-- significant branches
rsSaTables OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all SA tables."
::= { rsIpsecSaMonitorMIB 1 }
rsSaStatistics OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
are global counters for IPSec security associations."
::= { rsIpsecSaMonitorMIB 2 }
rsSaErrors OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
are global error counters for IPSec security associations."
::= { rsIpsecSaMonitorMIB 3 }
rsSaTraps OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
are traps for IPSec security associations."
::= { rsIpsecSaMonitorMIB 4 }
rsSaTrapObjects OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for objects which are
used as part of traps."
::= { rsIpsecSaMonitorMIB 5 }
rsSaTrapControl OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
are trap controls for IPSec security associations."
::= { rsIpsecSaMonitorMIB 6 }
rsSaGroups OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
describe the groups in this MIB."
::= { rsIpsecSaMonitorMIB 7 }
rsSaConformance OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
describe the conformance for this MIB."
::= { rsIpsecSaMonitorMIB 8 }
-- the IPSec Inbound ESP MIB-Group
--
-- a collection of objects providing information about
-- IPSec Inbound ESP SAs
rsIpsecSaEspInTable OBJECT-TYPE
SYNTAX SEQUENCE OF RSIpsecSaEspInEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing information on IPSec
inbound ESP SAs.
There should be one row for every inbound ESP security
association that exists in the entity. The maximum number of
rows is implementation dependent."
::= { rsSaTables 1 }
rsIpsecSaEspInEntry OBJECT-TYPE
SYNTAX RSIpsecSaEspInEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the information on a
particular IPSec inbound ESP SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table."
INDEX{ rsIpsecSaEspInAddress, rsIpsecSaEspInSpi }
::= { rsIpsecSaEspInTable 1 }
RSIpsecSaEspInEntry ::= SEQUENCE {
rsIpsecSaEspInAddress IpAddress,
rsIpsecSaEspInSpi Integer32,
rsIpsecSaEspInDestId OCTET STRING,
rsIpsecSaEspInDestIdType IpsecDoiIdentType,
rsIpsecSaEspInSourceId OCTET STRING,
rsIpsecSaEspInSourceIdType IpsecDoiIdentType,
rsIpsecSaEspInProtocol Integer32,
rsIpsecSaEspInDestPort Integer32,
rsIpsecSaEspInSourcePort Integer32,
rsIpsecSaEspInCreator IpsecSaCreatorIdent,
rsIpsecSaEspInEncapsulation IpsecDoiEncapsulationMode,
rsIpsecSaEspInEncAlg IpsecDoiEspTransform,
rsIpsecSaEspInEncKeyLength Integer32,
rsIpsecSaEspInAuthAlg IpsecDoiAuthAlgorithm,
rsIpsecSaEspInLimitSeconds Integer32,
rsIpsecSaEspInLimitKbytes Integer32,
rsIpsecSaEspInAccSeconds Counter32,
rsIpsecSaEspInAccKbytes Counter32,
rsIpsecSaEspInUserOctets Counter32,
rsIpsecSaEspInPackets Counter32,
rsIpsecSaEspInDecryptErrors Counter32,
rsIpsecSaEspInAuthErrors Counter32,
rsIpsecSaEspInReplayErrors Counter32,
rsIpsecSaEspInPolicyErrors Counter32,
rsIpsecSaEspInPadErrors Counter32,
rsIpsecSaEspInOtherReceiveErrors Counter32
}
rsIpsecSaEspInAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination address of the SA.
For implementations that do not support IPv6, this address
should appear as one of the IPv4-mapped IPv6 addresses as
defined in Section 2.5.4 of [IPV6AA].
Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
used for IPv4 only nodes, while the prefix
'0000:0000:0000:0000:0000:0000:' is used for bi-lingual
nodes."
::= { rsIpsecSaEspInEntry 1 }
rsIpsecSaEspInSpi OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The security parameters index of the SA."
REFERENCE "RFC 2406 Section 2.1"
::= { rsIpsecSaEspInEntry 2 }
rsIpsecSaEspInDestId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination identifier of the SA, or 0 if unknown or if
the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during SA creation negotiation."
::= { rsIpsecSaEspInEntry 3 }
rsIpsecSaEspInDestIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by 'rsIpsecSaEspInDestId',
or 0 if unknown or if the SA uses transport mode
encapsulation."
::= { rsIpsecSaEspInEntry 4 }
rsIpsecSaEspInSourceId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source identifier of the SA, or 0 if unknown or if the
SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchange during SA creation negotiation."
::= { rsIpsecSaEspInEntry 5 }
rsIpsecSaEspInSourceIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by 'rsIpsecSaEspInSourceId',
or 0 if unknown or if the SA uses transport mode
encapsulation."
::= { rsIpsecSaEspInEntry 6 }
rsIpsecSaEspInProtocol OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaEspInEntry 7 }
rsIpsecSaEspInDestPort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaEspInEntry 8 }
rsIpsecSaEspInSourcePort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaEspInEntry 9 }
rsIpsecSaEspInCreator OBJECT-TYPE
SYNTAX IpsecSaCreatorIdent
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method."
::= { rsIpsecSaEspInEntry 10 }
rsIpsecSaEspInEncapsulation OBJECT-TYPE
SYNTAX IpsecDoiEncapsulationMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of encapsulation used by this SA."
::= { rsIpsecSaEspInEntry 11 }
rsIpsecSaEspInEncAlg OBJECT-TYPE
SYNTAX IpsecDoiEspTransform
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique value representing the encryption algorithm
applied to traffic or 0 if there is no encryption used."
::= { rsIpsecSaEspInEntry 12 }
rsIpsecSaEspInEncKeyLength OBJECT-TYPE
SYNTAX Integer32 (0..65531)
UNITS "bits"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The length of the encryption key in bits used for the
algorithm specified in the 'rsIpsecSaEspInEncAlg' object, or 0
if the key length is implicit in the specified algorithm or
there is no encryption specified."
::= { rsIpsecSaEspInEntry 13 }
rsIpsecSaEspInAuthAlg OBJECT-TYPE
SYNTAX IpsecDoiAuthAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique value representing the hash algorithm applied to
traffic or 0 if there is no authentication used."
::= { rsIpsecSaEspInEntry 14 }
rsIpsecSaEspInLimitSeconds OBJECT-TYPE
SYNTAX Integer32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum lifetime in seconds of the SA, or 0 if there is
no time constraint on its expiration.
The display value is limited to 4294967295 seconds (more
than 136 years); values greater than that value will be
truncated."
::= { rsIpsecSaEspInEntry 15 }
rsIpsecSaEspInLimitKbytes OBJECT-TYPE
SYNTAX Integer32
UNITS "kilobytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum traffic in kilobytes that the SA is allowed to
support, or 0 if there is no traffic constraint on its
expiration.
The display value is limited to 4294967295 kilobytes; values
greater than that value will be truncated."
::= { rsIpsecSaEspInEntry 16 }
rsIpsecSaEspInAccSeconds OBJECT-TYPE
SYNTAX Counter32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of seconds accumulated against the SA's
expiration by time.
This is also the number of seconds that the SA has existed."
::= { rsIpsecSaEspInEntry 17 }
rsIpsecSaEspInAccKbytes OBJECT-TYPE
SYNTAX Counter32
UNITS "kilobytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of traffic accumulated that counts against the
SA's expiration by traffic limitation, measured in Kbytes.
This value may be 0 if the SA does not expire based on
traffic."
::= { rsIpsecSaEspInEntry 18 }
rsIpsecSaEspInUserOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of user level traffic measured in bytes handled
by the SA.
This is not necessarily the same as the amount of traffic
applied against the traffic expiration limit."
::= { rsIpsecSaEspInEntry 19 }
rsIpsecSaEspInPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets handled by the SA."
::= { rsIpsecSaEspInEntry 20 }
rsIpsecSaEspInDecryptErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to decryption
errors."
::= { rsIpsecSaEspInEntry 21 }
rsIpsecSaEspInAuthErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to
authentication errors."
::= { rsIpsecSaEspInEntry 22 }
rsIpsecSaEspInReplayErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to replay
errors."
::= { rsIpsecSaEspInEntry 23 }
rsIpsecSaEspInPolicyErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to policy
errors. This includes packets where the next protocol is
invalid."
::= { rsIpsecSaEspInEntry 24 }
rsIpsecSaEspInPadErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to pad value
errors.
Implementations that do not check this must not support this
object."
REFERENCE "RFC 2406 section 2.4"
::= { rsIpsecSaEspInEntry 25 }
rsIpsecSaEspInOtherReceiveErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to errors
other than decryption, authentication or replay errors. This
may include packets dropped due to a lack of receive
buffers, and may include packets dropped due to congestion
at the decryption element."
::= { rsIpsecSaEspInEntry 26 }
-- the IPSec Inbound AH MIB-Group
--
-- a collection of objects providing information about
-- IPSec Inbound AH SAs
rsIpsecSaAhInTable OBJECT-TYPE
SYNTAX SEQUENCE OF RSIpsecSaAhInEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing information on IPSec
inbound AH SAs.
There should be one row for every inbound AH security
association that exists in the entity. The maximum number of
rows is implementation dependent."
::= { rsSaTables 2 }
rsIpsecSaAhInEntry OBJECT-TYPE
SYNTAX RSIpsecSaAhInEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the information on a
particular IPSec inbound AH SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table."
INDEX{ rsIpsecSaAhInAddress, rsIpsecSaAhInSpi }
::= { rsIpsecSaAhInTable 1 }
RSIpsecSaAhInEntry ::= SEQUENCE {
rsIpsecSaAhInAddress IpAddress,
rsIpsecSaAhInSpi Integer32,
rsIpsecSaAhInDestId OCTET STRING,
rsIpsecSaAhInDestIdType IpsecDoiIdentType,
rsIpsecSaAhInSourceId OCTET STRING,
rsIpsecSaAhInSourceIdType IpsecDoiIdentType,
rsIpsecSaAhInProtocol Integer32,
rsIpsecSaAhInDestPort Integer32,
rsIpsecSaAhInSourcePort Integer32,
rsIpsecSaAhInCreator IpsecSaCreatorIdent,
rsIpsecSaAhInEncapsulation IpsecDoiEncapsulationMode,
rsIpsecSaAhInAuthAlg IpsecDoiAhTransform,
rsIpsecSaAhInLimitSeconds Integer32,
rsIpsecSaAhInLimitKbytes Integer32,
rsIpsecSaAhInAccSeconds Counter32,
rsIpsecSaAhInAccKbytes Counter32,
rsIpsecSaAhInUserOctets Counter32,
rsIpsecSaAhInPackets Counter32,
-- error statistics
rsIpsecSaAhInAuthErrors Counter32,
rsIpsecSaAhInReplayErrors Counter32,
rsIpsecSaAhInPolicyErrors Counter32,
rsIpsecSaAhInOtherReceiveErrors Counter32
}
rsIpsecSaAhInAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination address of the SA.
For implementations that do not support IPv6, this address
should appear as one of the IPv4-mapped IPv6 addresses as
defined in Section 2.5.4 of [IPV6AA].
Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
used for IPv4 only nodes, while the prefix
'0000:0000:0000:0000:0000:0000:' is used for bi-lingual
nodes."
::= { rsIpsecSaAhInEntry 1 }
rsIpsecSaAhInSpi OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The security parameters index of the SA."
REFERENCE "RFC 2402 Section 2.4"
::= { rsIpsecSaAhInEntry 2 }
rsIpsecSaAhInDestId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination identifier of the SA, or 0 if unknown or if
the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchange during SA creation negotiation."
::= { rsIpsecSaAhInEntry 3 }
rsIpsecSaAhInDestIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by 'rsIpsecSaAhInDestId', or
0 if unknown or if the SA uses transport mode
encapsulation."
::= { rsIpsecSaAhInEntry 4 }
rsIpsecSaAhInSourceId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source identifier of the SA, or 0 if unknown or if the
SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchange during SA creation negotiation."
::= { rsIpsecSaAhInEntry 5 }
rsIpsecSaAhInSourceIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by 'rsIpsecSaAhInSourceId',
or 0 if unknown or if the SA uses transport mode
encapsulation."
::= { rsIpsecSaAhInEntry 6 }
rsIpsecSaAhInProtocol OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaAhInEntry 7 }
rsIpsecSaAhInDestPort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaAhInEntry 8 }
rsIpsecSaAhInSourcePort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaAhInEntry 9 }
rsIpsecSaAhInCreator OBJECT-TYPE
SYNTAX IpsecSaCreatorIdent
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method."
::= { rsIpsecSaAhInEntry 10 }
rsIpsecSaAhInEncapsulation OBJECT-TYPE
SYNTAX IpsecDoiEncapsulationMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of encapsulation used by this SA."
::= { rsIpsecSaAhInEntry 11 }
rsIpsecSaAhInAuthAlg OBJECT-TYPE
SYNTAX IpsecDoiAhTransform
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique value representing the hash algorithm applied to
traffic carried by this SA if it uses ESP or 0 if there is
no authentication applied by ESP."
::= { rsIpsecSaAhInEntry 12 }
rsIpsecSaAhInLimitSeconds OBJECT-TYPE
SYNTAX Integer32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum lifetime in seconds of the SA, or 0 if there is
no time constraint on its expiration.
The display value is limited to 4294967295 seconds (more
than 136 years); values greater than that value will be
truncated."
::= { rsIpsecSaAhInEntry 13 }
rsIpsecSaAhInLimitKbytes OBJECT-TYPE
SYNTAX Integer32
UNITS "kilobytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum traffic in Kbytes that the SA is allowed to
support, or 0 if there is no traffic constraint on its
expiration.
The display value is limited to 4294967295 kilobytes; values
greater than that value will be truncated."
::= { rsIpsecSaAhInEntry 14 }
rsIpsecSaAhInAccSeconds OBJECT-TYPE
SYNTAX Counter32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of seconds accumulated against the SA's
expiration by time.
This is also the number of seconds that the SA has existed."
::= { rsIpsecSaAhInEntry 15 }
rsIpsecSaAhInAccKbytes OBJECT-TYPE
SYNTAX Counter32
UNITS "kilobytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of traffic accumulated that counts against the
SA's expiration by traffic limitation, measured in Kbytes.
This value may be 0 if the SA does not expire based on
traffic."
::= { rsIpsecSaAhInEntry 16 }
rsIpsecSaAhInUserOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of user level traffic measured in bytes handled
by the SA.
This is not necessarily the same as the amount of traffic
applied against the traffic expiration limit."
::= { rsIpsecSaAhInEntry 17 }
rsIpsecSaAhInPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets handled by the SA."
::= { rsIpsecSaAhInEntry 18 }
rsIpsecSaAhInAuthErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to
authentication errors."
::= { rsIpsecSaAhInEntry 19 }
rsIpsecSaAhInReplayErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to replay
errors."
::= { rsIpsecSaAhInEntry 20 }
rsIpsecSaAhInPolicyErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to policy
errors. This includes packets where the next protocol is
invalid."
::= { rsIpsecSaAhInEntry 21 }
rsIpsecSaAhInOtherReceiveErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to errors
other than decryption, authentication or replay errors. This
may include packets dropped due to a lack of receive
buffers, and may include packets dropped due to congestion
at the authentication element."
::= { rsIpsecSaAhInEntry 22 }
-- the IPSec Inbound IPCOMP MIB-Group
--
-- a collection of objects providing information about
-- IPSec Inbound IPCOMP SAs
rsIpsecSaIpcompInTable OBJECT-TYPE
SYNTAX SEQUENCE OF RSIpsecSaIpcompInEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing information on IPSec
inbound IPCOMP SAs.
There should be one row for every inbound IPCOMP (security)
association that exists in the entity. The maximum number of
rows is implementation dependent."
::= { rsSaTables 3 }
rsIpsecSaIpcompInEntry OBJECT-TYPE
SYNTAX RSIpsecSaIpcompInEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the information on a
particular IPSec inbound IPCOMP SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table."
INDEX{ rsIpsecSaIpcompInAddress, rsIpsecSaIpcompInCpi }
::= { rsIpsecSaIpcompInTable 1 }
RSIpsecSaIpcompInEntry ::= SEQUENCE {
rsIpsecSaIpcompInAddress IpAddress,
rsIpsecSaIpcompInCpi IpsecDoiIpcompTransform,
rsIpsecSaIpcompInDestId OCTET STRING,
rsIpsecSaIpcompInDestIdType IpsecDoiIdentType,
rsIpsecSaIpcompInSourceId OCTET STRING,
rsIpsecSaIpcompInSourceIdType IpsecDoiIdentType,
rsIpsecSaIpcompInProtocol Integer32,
rsIpsecSaIpcompInDestPort Integer32,
rsIpsecSaIpcompInSourcePort Integer32,
rsIpsecSaIpcompInCreator IpsecSaCreatorIdent,
rsIpsecSaIpcompInEncapsulation IpsecDoiEncapsulationMode,
rsIpsecSaIpcompInDecompAlg IpsecDoiIpcompTransform,
rsIpsecSaIpcompInSeconds Counter32,
rsIpsecSaIpcompInUserOctets Counter32,
rsIpsecSaIpcompInPackets Counter32,
rsIpsecSaIpcompInDecompErrors Counter32,
rsIpsecSaIpcompInOtherReceiveErrors Counter32
}
rsIpsecSaIpcompInAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination address of the SA.
For implementations that do not support IPv6, this address
should appear as one of the IPv4-mapped IPv6 addresses as
defined in Section 2.5.4 of [IPV6AA].
Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
used for IPv4 only nodes, while the prefix
'0000:0000:0000:0000:0000:0000:' is used for bi-lingual
nodes."
::= { rsIpsecSaIpcompInEntry 1 }
rsIpsecSaIpcompInCpi OBJECT-TYPE
SYNTAX IpsecDoiIpcompTransform
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The CPI of the SA. Since the lower values of CPIs are
reserved to be the same as the algorithm, the syntax for
this object is the same as the transform."
REFERENCE "RFC 2393 Section 3.3"
::= { rsIpsecSaIpcompInEntry 2 }
rsIpsecSaIpcompInDestId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination identifier of the SA, or 0 if unknown or if
the SA uses transport mode, or 0 if this SA is used with
multiple SAs in protection suites.
This value, if non-zero, is taken directly from the optional
ID payloads that are exchange during SA creation
negotiation."
::= { rsIpsecSaIpcompInEntry 3 }
rsIpsecSaIpcompInDestIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by
'rsIpsecSaIpcompInDestId', or 0 if unknown or if the SA uses
transport mode, or 0 if this SA is used with multiple SAs in
protection suites."
::= { rsIpsecSaIpcompInEntry 4 }
rsIpsecSaIpcompInSourceId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source identifier of the SA, or 0 if unknown or if the
SA uses transport mode encapsulation, or 0 if this SA is
used with multiple SAs in protection suites.
This value, if non-zero, is taken directly from the optional
ID payloads that are exchange during SA creation
negotiation."
::= { rsIpsecSaIpcompInEntry 5 }
rsIpsecSaIpcompInSourceIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by
'rsIpsecSaIpcompInSourceId', or 0 if unknown or if the SA uses
transport mode encapsulation, or 0 if this SA is used with
multiple SAs in protection suites."
::= { rsIpsecSaIpcompInEntry 6 }
rsIpsecSaIpcompInProtocol OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaIpcompInEntry 7 }
rsIpsecSaIpcompInDestPort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaIpcompInEntry 8 }
rsIpsecSaIpcompInSourcePort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaIpcompInEntry 9 }
rsIpsecSaIpcompInCreator OBJECT-TYPE
SYNTAX IpsecSaCreatorIdent
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method."
::= { rsIpsecSaIpcompInEntry 10 }
rsIpsecSaIpcompInEncapsulation OBJECT-TYPE
SYNTAX IpsecDoiEncapsulationMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of encapsulation used by this SA."
::= { rsIpsecSaIpcompInEntry 11 }
rsIpsecSaIpcompInDecompAlg OBJECT-TYPE
SYNTAX IpsecDoiIpcompTransform
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique value representing the decompression algorithm
applied to traffic."
::= { rsIpsecSaIpcompInEntry 12 }
rsIpsecSaIpcompInSeconds OBJECT-TYPE
SYNTAX Counter32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of seconds that the SA has existed."
::= { rsIpsecSaIpcompInEntry 13 }
rsIpsecSaIpcompInUserOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of user level traffic measured in bytes handled
by the SA."
::= { rsIpsecSaIpcompInEntry 14 }
rsIpsecSaIpcompInPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets handled by the SA."
::= { rsIpsecSaIpcompInEntry 15 }
rsIpsecSaIpcompInDecompErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to
decompression errors."
::= { rsIpsecSaIpcompInEntry 16 }
rsIpsecSaIpcompInOtherReceiveErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to errors
other than decompression errors. This may include packets
dropped due to a lack of receive buffers, and packets
dropped due to congestion at the decompression element."
::= { rsIpsecSaIpcompInEntry 17 }
-- the IPSec Outbound ESP MIB-Group
--
-- a collection of objects providing information about
-- IPSec Outbound ESP SAs
rsIpsecSaEspOutTable OBJECT-TYPE
SYNTAX SEQUENCE OF RSIpsecSaEspOutEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing information on IPSec
Outbound ESP SAs.
There should be one row for every outbound ESP security
association that exists in the entity. The maximum number of
rows is implementation dependent."
::= { rsSaTables 4 }
rsIpsecSaEspOutEntry OBJECT-TYPE
SYNTAX RSIpsecSaEspOutEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the information on a
particular IPSec Outbound ESP SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table."
INDEX{ rsIpsecSaEspOutAddress, rsIpsecSaEspOutSpi }
::= { rsIpsecSaEspOutTable 1 }
RSIpsecSaEspOutEntry ::= SEQUENCE {
rsIpsecSaEspOutAddress IpAddress,
rsIpsecSaEspOutSpi Integer32,
rsIpsecSaEspOutSourceId OCTET STRING,
rsIpsecSaEspOutSourceIdType IpsecDoiIdentType,
rsIpsecSaEspOutDestId OCTET STRING,
rsIpsecSaEspOutDestIdType IpsecDoiIdentType,
rsIpsecSaEspOutProtocol Integer32,
rsIpsecSaEspOutSourcePort Integer32,
rsIpsecSaEspOutDestPort Integer32,
rsIpsecSaEspOutCreator IpsecSaCreatorIdent,
rsIpsecSaEspOutEncapsulation IpsecDoiEncapsulationMode,
rsIpsecSaEspOutEncAlg IpsecDoiEspTransform,
rsIpsecSaEspOutEncKeyLength Integer32,
rsIpsecSaEspOutAuthAlg IpsecDoiAuthAlgorithm,
rsIpsecSaEspOutLimitSeconds Integer32,
rsIpsecSaEspOutLimitKbytes Integer32,
rsIpsecSaEspOutAccSeconds Counter32,
rsIpsecSaEspOutAccKbytes Counter32,
rsIpsecSaEspOutUserOctets Counter32,
rsIpsecSaEspOutPackets Counter32,
rsIpsecSaEspOutSendErrors Counter32
}
rsIpsecSaEspOutAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination address of the SA.
For implementations that do not support IPv6, this address
should appear as one of the IPv4-mapped IPv6 addresses as
defined in Section 2.5.4 of [IPV6AA].
Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
used for IPv4 only nodes, while the prefix
'0000:0000:0000:0000:0000:0000:' is used for bi-lingual
nodes."
::= { rsIpsecSaEspOutEntry 1 }
rsIpsecSaEspOutSpi OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The security parameters index of the SA."
REFERENCE "RFC 2406 Section 2.1"
::= { rsIpsecSaEspOutEntry 2 }
rsIpsecSaEspOutSourceId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (4..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source identifier of the SA, or 0 if unknown or if the
SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchange during phase 2 negotiations."
::= { rsIpsecSaEspOutEntry 3 }
rsIpsecSaEspOutSourceIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by
'rsIpsecSaEspOutSourceId', or 0 if unknown or if the SA uses
transport mode encapsulation."
::= { rsIpsecSaEspOutEntry 4 }
rsIpsecSaEspOutDestId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (4..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination identifier of the SA, or 0 if unknown or if
the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchange during phase 2 negotiations."
::= { rsIpsecSaEspOutEntry 5 }
rsIpsecSaEspOutDestIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by 'rsIpsecSaEspOutDestId',
or 0 if unknown or if the SA uses transport mode
encapsulation."
::= { rsIpsecSaEspOutEntry 6 }
rsIpsecSaEspOutProtocol OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaEspOutEntry 7 }
rsIpsecSaEspOutSourcePort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaEspOutEntry 8 }
rsIpsecSaEspOutDestPort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaEspOutEntry 9 }
rsIpsecSaEspOutCreator OBJECT-TYPE
SYNTAX IpsecSaCreatorIdent
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method."
::= { rsIpsecSaEspOutEntry 10 }
rsIpsecSaEspOutEncapsulation OBJECT-TYPE
SYNTAX IpsecDoiEncapsulationMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of encapsulation used by this SA."
::= { rsIpsecSaEspOutEntry 11 }
rsIpsecSaEspOutEncAlg OBJECT-TYPE
SYNTAX IpsecDoiEspTransform
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique value representing the encryption algorithm
applied to traffic or 0 if there is no encryption used."
::= { rsIpsecSaEspOutEntry 12 }
rsIpsecSaEspOutEncKeyLength OBJECT-TYPE
SYNTAX Integer32 (0..65531)
UNITS "bits"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The length of the encryption key in bits used for the
algorithm specified in the 'rsIpsecSaEspOutEncAlg' object, or
0 if the key length is implicit in the specified algorithm
or there is no encryption specified."
::= { rsIpsecSaEspOutEntry 13 }
rsIpsecSaEspOutAuthAlg OBJECT-TYPE
SYNTAX IpsecDoiAuthAlgorithm
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique value representing the hash algorithm applied to
traffic or 0 if there is no authentication used."
::= { rsIpsecSaEspOutEntry 14 }
rsIpsecSaEspOutLimitSeconds OBJECT-TYPE
SYNTAX Integer32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum lifetime in seconds of the SA, or 0 if there is
no time constraint on its expiration.
The display value is limited to 4294967295 seconds (more
than 136 years); values greater than that value will be
truncated."
::= { rsIpsecSaEspOutEntry 15 }
rsIpsecSaEspOutLimitKbytes OBJECT-TYPE
SYNTAX Integer32
UNITS "kilobytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum traffic in kbytes that the SA is allowed to
support, or 0 if there is no traffic constraint on its
expiration.
The display value is limited to 4294967295 kilobytes; values
greater than that value will be truncated."
::= { rsIpsecSaEspOutEntry 16 }
rsIpsecSaEspOutAccSeconds OBJECT-TYPE
SYNTAX Counter32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of seconds accumulated against the SA's
expiration by time.
This is also the number of seconds that the SA has existed."
::= { rsIpsecSaEspOutEntry 17 }
rsIpsecSaEspOutAccKbytes OBJECT-TYPE
SYNTAX Counter32
UNITS "kilobytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of traffic accumulated that counts against the
SA's expiration by traffic limitation, measured in Kbytes.
This value may be 0 if the SA does not expire based on
traffic."
::= { rsIpsecSaEspOutEntry 18 }
rsIpsecSaEspOutUserOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of user level traffic measured in bytes handled
by the SA.
This is not necessarily the same as the amount of traffic
applied against the traffic expiration limit."
::= { rsIpsecSaEspOutEntry 19 }
rsIpsecSaEspOutPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets handled by the SA."
::= { rsIpsecSaEspOutEntry 20 }
rsIpsecSaEspOutSendErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to any error.
This may include errors due to a lack of transmit buffers."
::= { rsIpsecSaEspOutEntry 21 }
-- the IPSec Outbound AH MIB-Group
--
-- a collection of objects providing information about
-- IPSec Outbound AH SAs
rsIpsecSaAhOutTable OBJECT-TYPE
SYNTAX SEQUENCE OF RSIpsecSaAhOutEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing information on IPSec
Outbound AH SAs.
There should be one row for every outbound AH security
association that exists in the entity. The maximum number of
rows is implementation dependent."
::= { rsSaTables 5 }
rsIpsecSaAhOutEntry OBJECT-TYPE
SYNTAX RSIpsecSaAhOutEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the information on a
particular IPSec Outbound AH SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table."
INDEX{ rsIpsecSaAhOutAddress, rsIpsecSaAhOutSpi }
::= { rsIpsecSaAhOutTable 1 }
RSIpsecSaAhOutEntry ::= SEQUENCE {
rsIpsecSaAhOutAddress IpAddress,
rsIpsecSaAhOutSpi Integer32,
rsIpsecSaAhOutSourceId OCTET STRING,
rsIpsecSaAhOutSourceIdType IpsecDoiIdentType,
rsIpsecSaAhOutDestId OCTET STRING,
rsIpsecSaAhOutDestIdType IpsecDoiIdentType,
rsIpsecSaAhOutProtocol Integer32,
rsIpsecSaAhOutSourcePort Integer32,
rsIpsecSaAhOutDestPort Integer32,
rsIpsecSaAhOutCreator IpsecSaCreatorIdent,
rsIpsecSaAhOutEncapsulation IpsecDoiEncapsulationMode,
rsIpsecSaAhOutAuthAlg IpsecDoiAhTransform,
rsIpsecSaAhOutLimitSeconds Integer32,
rsIpsecSaAhOutLimitKbytes Integer32,
rsIpsecSaAhOutAccSeconds Counter32,
rsIpsecSaAhOutAccKbytes Counter32,
rsIpsecSaAhOutUserOctets Counter32,
rsIpsecSaAhOutPackets Counter32,
rsIpsecSaAhOutSendErrors Counter32
}
rsIpsecSaAhOutAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination address of the SA.
For implementations that do not support IPv6, this address
should appear as one of the IPv4-mapped IPv6 addresses as
defined in Section 2.5.4 of [IPV6AA].
Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
used for IPv4 only nodes, while the prefix
'0000:0000:0000:0000:0000:0000:' is used for bi-lingual
nodes."
::= { rsIpsecSaAhOutEntry 1 }
rsIpsecSaAhOutSpi OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The security parameters index of the SA."
REFERENCE "RFC 2402 Section 2.4"
::= { rsIpsecSaAhOutEntry 2 }
rsIpsecSaAhOutSourceId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (4..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source identifier of the SA, or 0 if unknown or if the
SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchange during phase 2 negotiations."
::= { rsIpsecSaAhOutEntry 3 }
rsIpsecSaAhOutSourceIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by 'rsIpsecSaAhOutSourceId',
or 0 if unknown or if the SA uses transport mode
encapsulation."
::= { rsIpsecSaAhOutEntry 4 }
rsIpsecSaAhOutDestId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (4..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination identifier of the SA, or 0 if unknown or if
the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchange during phase 2 negotiations."
::= { rsIpsecSaAhOutEntry 5 }
rsIpsecSaAhOutDestIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by 'rsIpsecSaAhOutDestId',
or 0 if unknown or if the SA uses transport mode
encapsulation."
::= { rsIpsecSaAhOutEntry 6 }
rsIpsecSaAhOutProtocol OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaAhOutEntry 7 }
rsIpsecSaAhOutSourcePort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaAhOutEntry 8 }
rsIpsecSaAhOutDestPort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaAhOutEntry 9 }
rsIpsecSaAhOutCreator OBJECT-TYPE
SYNTAX IpsecSaCreatorIdent
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method."
::= { rsIpsecSaAhOutEntry 10 }
rsIpsecSaAhOutEncapsulation OBJECT-TYPE
SYNTAX IpsecDoiEncapsulationMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of encapsulation used by this SA."
::= { rsIpsecSaAhOutEntry 11 }
rsIpsecSaAhOutAuthAlg OBJECT-TYPE
SYNTAX IpsecDoiAhTransform
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique value representing the hash algorithm applied to
traffic or 0 if there is no authentication used."
::= { rsIpsecSaAhOutEntry 12 }
rsIpsecSaAhOutLimitSeconds OBJECT-TYPE
SYNTAX Integer32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum lifetime in seconds of the SA, or 0 if there is
no time constraint on its expiration.
The display value is limited to 4294967295 seconds (more
than 136 years); values greater than that value will be
truncated."
::= { rsIpsecSaAhOutEntry 13 }
rsIpsecSaAhOutLimitKbytes OBJECT-TYPE
SYNTAX Integer32
UNITS "kilobytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum traffic in Kbytes that the SA is allowed to
support, or 0 if there is no traffic constraint on its
expiration.
The display value is limited to 4294967295 kilobytes; values
greater than that value will be truncated."
::= { rsIpsecSaAhOutEntry 14 }
rsIpsecSaAhOutAccSeconds OBJECT-TYPE
SYNTAX Counter32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of seconds accumulated against the SA's
expiration by time.
This is also the number of seconds that the SA has existed."
::= { rsIpsecSaAhOutEntry 15 }
rsIpsecSaAhOutAccKbytes OBJECT-TYPE
SYNTAX Counter32
UNITS "kilobytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of traffic accumulated that counts against the
SA's expiration by traffic limitation, measured in Kbytes.
This value may be 0 if the SA does not expire based on
traffic."
::= { rsIpsecSaAhOutEntry 16 }
rsIpsecSaAhOutUserOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of user level traffic measured in bytes handled
by the SA.
This is not necessarily the same as the amount of traffic
applied against the traffic expiration limit."
::= { rsIpsecSaAhOutEntry 17 }
rsIpsecSaAhOutPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets handled by the SA."
::= { rsIpsecSaAhOutEntry 18 }
rsIpsecSaAhOutSendErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets discarded by the SA due to any error.
This may include errors due to a lack of transmit buffers."
::= { rsIpsecSaAhOutEntry 19 }
-- the IPSec Outbound IPCOMP MIB-Group
--
-- a collection of objects providing information about
-- IPSec Outbound IPCOMP SAs
rsIpsecSaIpcompOutTable OBJECT-TYPE
SYNTAX SEQUENCE OF RSIpsecSaIpcompOutEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing information on IPSec
Outbound IPCOMP SAs.
There should be one row for every outbound IPCOMP (security)
association that exists in the entity. The maximum number of
rows is implementation dependent."
::= { rsSaTables 6 }
rsIpsecSaIpcompOutEntry OBJECT-TYPE
SYNTAX RSIpsecSaIpcompOutEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the information on a
particular IPSec Outbound IPCOMP SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table."
INDEX{ rsIpsecSaIpcompOutAddress, rsIpsecSaIpcompOutCpi }
::= { rsIpsecSaIpcompOutTable 1 }
RSIpsecSaIpcompOutEntry ::= SEQUENCE {
rsIpsecSaIpcompOutAddress IpAddress,
rsIpsecSaIpcompOutCpi IpsecDoiIpcompTransform,
rsIpsecSaIpcompOutSourceId OCTET STRING,
rsIpsecSaIpcompOutSourceIdType IpsecDoiIdentType,
rsIpsecSaIpcompOutDestId OCTET STRING,
rsIpsecSaIpcompOutDestIdType IpsecDoiIdentType,
rsIpsecSaIpcompOutProtocol Integer32,
rsIpsecSaIpcompOutSourcePort Integer32,
rsIpsecSaIpcompOutDestPort Integer32,
rsIpsecSaIpcompOutCreator IpsecSaCreatorIdent,
rsIpsecSaIpcompOutEncapsulation IpsecDoiEncapsulationMode,
rsIpsecSaIpcompOutCompAlg IpsecDoiIpcompTransform,
rsIpsecSaIpcompOutSeconds Counter32,
rsIpsecSaIpcompOutUserOctets Counter32,
rsIpsecSaIpcompOutPackets Counter32
}
rsIpsecSaIpcompOutAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination address of the SA.
If the IPCOMP SA is shared across multiple SAs in protection
suites, this value may be 0.
For implementations that do not support IPv6, this address
should appear as one of the IPv4-mapped IPv6 addresses as
defined in Section 2.5.4 of [IPV6AA].
Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
used for IPv4 only nodes, while the prefix
'0000:0000:0000:0000:0000:0000:' is used for bi-lingual
nodes."
::= { rsIpsecSaIpcompOutEntry 1 }
rsIpsecSaIpcompOutCpi OBJECT-TYPE
SYNTAX IpsecDoiIpcompTransform
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The CPI of the SA. Since the lower values of CPIs are
reserved to be the same as the algorithm, the syntax for
this object is the same as the transform."
REFERENCE "RFC 2393 Section 3.3"
::= { rsIpsecSaIpcompOutEntry 2 }
rsIpsecSaIpcompOutSourceId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (4..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source identifier of the SA, or 0 if unknown or if the
SA uses transport mode encapsulation, or 0 if this SA is
used with multiple SAs in protection suites.
This value, if non-zero, is taken directly from the optional
ID payloads that are exchange during phase 2 negotiations."
::= { rsIpsecSaIpcompOutEntry 3 }
rsIpsecSaIpcompOutSourceIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by
'rsIpsecSaIpcompOutSourceId', or 0 if unknown or if the SA
uses transport mode encapsulation, or 0 if this SA is used
with multiple SAs in protection suites."
::= { rsIpsecSaIpcompOutEntry 4 }
rsIpsecSaIpcompOutDestId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (4..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination identifier of the SA, or 0 if unknown or if
the SA uses transport mode encapsulation, or 0 if this SA is
used with multiple SAs in protection suites.
This value, if non-zero, is taken directly from the optional
ID payloads that are exchange during phase 2 negotiations."
::= { rsIpsecSaIpcompOutEntry 5 }
rsIpsecSaIpcompOutDestIdType OBJECT-TYPE
SYNTAX IpsecDoiIdentType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of identifier presented by
'rsIpsecSaIpcompOutDestId', or 0 if unknown or if the SA uses
transport mode encapsulation, or 0 if this SA is used with
multiple SAs in protection suites."
::= { rsIpsecSaIpcompOutEntry 6 }
rsIpsecSaIpcompOutProtocol OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaIpcompOutEntry 7 }
rsIpsecSaIpcompOutSourcePort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaIpcompOutEntry 8 }
rsIpsecSaIpcompOutDestPort OBJECT-TYPE
SYNTAX Integer32 (0.. 65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination port number of the protocol that this SA
carries, or 0 if it carries any port number."
REFERENCE "RFC2401 section 4.4.2"
::= { rsIpsecSaIpcompOutEntry 9 }
rsIpsecSaIpcompOutCreator OBJECT-TYPE
SYNTAX IpsecSaCreatorIdent
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method."
::= { rsIpsecSaIpcompOutEntry 10 }
rsIpsecSaIpcompOutEncapsulation OBJECT-TYPE
SYNTAX IpsecDoiEncapsulationMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of encapsulation used by this SA."
::= { rsIpsecSaIpcompOutEntry 11 }
rsIpsecSaIpcompOutCompAlg OBJECT-TYPE
SYNTAX IpsecDoiIpcompTransform
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A unique value representing the compression algorithm
applied to traffic."
::= { rsIpsecSaIpcompOutEntry 12 }
rsIpsecSaIpcompOutSeconds OBJECT-TYPE
SYNTAX Counter32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of seconds that the SA has existed."
::= { rsIpsecSaIpcompOutEntry 13 }
rsIpsecSaIpcompOutUserOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of user level traffic measured in bytes handled
by the SA.
This is not necessarily the same as the amount of traffic
applied against the traffic expiration limit."
::= { rsIpsecSaIpcompOutEntry 14 }
rsIpsecSaIpcompOutPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets handled by the SA."
::= { rsIpsecSaIpcompOutEntry 15 }
--
-- entity IPSec statistics
--
rsIpsecEspCurrentInboundSAs OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of inbound ESP SAs in the entity."
::= { rsSaStatistics 1 }
rsIpsecEspTotalInboundSAs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of inbound ESP SAs created in the entity
since boot time."
::= { rsSaStatistics 2 }
rsIpsecEspCurrentOutboundSAs OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of outbound ESP SAs in the entity."
::= { rsSaStatistics 3 }
rsIpsecEspTotalOutboundSAs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of outbound ESP SAs created in the entity
since boot time."
::= { rsSaStatistics 4 }
rsIpsecAhCurrentInboundSAs OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of inbound AH SAs in the entity."
::= { rsSaStatistics 5 }
rsIpsecAhTotalInboundSAs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of inbound AH SAs created in the entity
since boot time."
::= { rsSaStatistics 6 }
rsIpsecAhCurrentOutboundSAs OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of outbound AH SAs in the entity."
::= { rsSaStatistics 7 }
rsIpsecAhTotalOutboundSAs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of outbound AH SAs created in the entity
since boot time."
::= { rsSaStatistics 8 }
rsIpsecIpcompCurrentInboundSAs OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of inbound IPCOMP SAs in the entity."
::= { rsSaStatistics 9 }
rsIpsecIpcompTotalInboundSAs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of inbound IPCOMP SAs created in the
entity since boot time."
::= { rsSaStatistics 10 }
rsIpsecIpcompCurrentOutboundSAs OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of outbound IPCOMP SAs in the entity."
::= { rsSaStatistics 11 }
rsIpsecIpcompTotalOutboundSAs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of outbound IPCOMP SAs created in the
entity since boot time."
::= { rsSaStatistics 12 }
--
-- IPSec error counts
--
rsIpsecDecryptionErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets received by the entity in SAs
since boot time with decryption errors."
::= { rsSaErrors 1 }
rsIpsecAuthenticationErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets received by the entity in SAs
since boot time with authentication errors.
This includes all packets in which the hash value is
determined to be invalid, for both ESP and AH SAs."
::= { rsSaErrors 2 }
rsIpsecReplayErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets received by the entity in SAs
since boot time with replay errors."
::= { rsSaErrors 3 }
rsIpsecPolicyErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets received by the entity in SAs
since boot time and discarded due to policy errors. This
includes packets that had selectors that were invalid for
the SA that carried them."
::= { rsSaErrors 4 }
rsIpsecOtherReceiveErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets received by the entity in SAs
since boot time and discarded due to errors not due to
decryption, authentication, replay or policy."
::= { rsSaErrors 5 }
rsIpsecSendErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets to be sent by the entity in SAs
since boot time and discarded due to errors."
::= { rsSaErrors 6 }
rsIpsecUnknownSpiErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets received by the entity since
boot time with SPIs or CPIs that were not valid."
::= { rsSaErrors 7 }
--
-- traps
--
--
-- some objects used in trap reporting
--
-- NOTE: A MAX-ACCESS value of 'accessible-for-notify' was wanted
-- for these objects; this would not compile with smicng 2.2.07
--
rsIpsecSecurityProtocol OBJECT-TYPE
SYNTAX IpsecDoiSecProtocolId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A security protocol associated with the trap."
::= { rsSaTrapObjects 1 }
rsIpsecSPI OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An SPI associated with a trap. Where the security protocol
associated with the trap is IPCOMP, this value has a maximum
of 65535."
::= { rsSaTrapObjects 2 }
rsIpsecLocalAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A local IP address associated with the trap."
::= { rsSaTrapObjects 3 }
rsIpsecPeerAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A peer IP address associated with the trap."
::= { rsSaTrapObjects 4 }
--
-- trap control
--
rsEspAuthFailureTrapEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether espAuthFailureTrap traps should be
generated."
DEFVAL { false }
::= { rsSaTrapControl 1 }
rsAhAuthFailureTrapEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether ahAuthFailureTrap traps should be
generated."
DEFVAL { false }
::= { rsSaTrapControl 2 }
rsEspReplayFailureTrapEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether espReplayFailureTrap traps should be
generated."
DEFVAL { false }
::= { rsSaTrapControl 3 }
rsAhReplayFailureTrapEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether ahReplayFailureTrap traps should be
generated."
DEFVAL { false }
::= { rsSaTrapControl 4 }
rsEspPolicyFailureTrapEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether espPolicyFailureTrap traps should be
generated."
DEFVAL { false }
::= { rsSaTrapControl 5 }
rsAhPolicyFailureTrapEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether ahPolicyFailureTrap traps should be
generated."
DEFVAL { false }
::= { rsSaTrapControl 6 }
rsInvalidSpiTrapEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether invalidSpiTrap traps should be
generated."
DEFVAL { false }
::= { rsSaTrapControl 7 }
--
-- the traps themselves
--
rsEspAuthFailureTrap NOTIFICATION-TYPE
OBJECTS {
rsIpsecSaEspInAuthErrors
}
STATUS current
DESCRIPTION
"IPSec packets with invalid hashes were found in an inbound
ESP SA. The total number of authentication errors
accumulated is sent for the specific row of the
'rsIpsecSaEspInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet."
::= { rsSaTraps 0 1 }
rsAhAuthFailureTrap NOTIFICATION-TYPE
OBJECTS {
rsIpsecSaAhInAuthErrors
}
STATUS current
DESCRIPTION
"IPSec packets with invalid hashes were found in an inbound
AH SA. The total number of authentication errors accumulated
is sent for the specific row of the 'rsIpsecSaAhInTable' table
for the SA; this provides the identity of the SA in which
the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet."
::= { rsSaTraps 0 2 }
rsEspReplayFailureTrap NOTIFICATION-TYPE
OBJECTS {
rsIpsecSaEspInReplayErrors
}
STATUS current
DESCRIPTION
"IPSec packets with invalid sequence numbers were found in
an inbound ESP SA. The total number of replay errors
accumulated is sent for the specific row of the
'rsIpsecSaEspInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet."
::= { rsSaTraps 0 3 }
rsAhReplayFailureTrap NOTIFICATION-TYPE
OBJECTS {
rsIpsecSaAhInReplayErrors
}
STATUS current
DESCRIPTION
"IPSec packets with invalid sequence numbers were found in
the specified AH SA. The total number of replay errors
accumulated is sent for the specific row of the
'rsIpsecSaAhInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet."
::= { rsSaTraps 0 4 }
rsEspPolicyFailureTrap NOTIFICATION-TYPE
OBJECTS {
rsIpsecSaEspInPolicyErrors
}
STATUS current
DESCRIPTION
"IPSec packets carrying packets with invalid selectors for
the specified ESP SA were found. The total number of policy
errors accumulated is sent for the specific row of the
'rsIpsecSaEspInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet."
::= { rsSaTraps 0 5 }
rsAhPolicyFailureTrap NOTIFICATION-TYPE
OBJECTS {
rsIpsecSaAhInPolicyErrors
}
STATUS current
DESCRIPTION
"IPSec packets carrying packets with invalid selectors for
the specified AH SA were found. The total number of policy
errors accumulated is sent for the specific row of the
'rsIpsecSaAhInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet."
::= { rsSaTraps 0 6 }
rsInvalidSpiTrap NOTIFICATION-TYPE
OBJECTS {
rsIpsecLocalAddress,
rsIpsecSecurityProtocol,
rsIpsecPeerAddress,
rsIpsecSPI,
ifIndex
}
STATUS current
DESCRIPTION
"A packet with an unknown SPI was detected from the
specified peer with the specified SPI using the specified
protocol. The destination address of the received packet is
specified by 'ipsecLocalAddress'.
The value 'ifIndex' may be 0 if this optional linkage is
unsupported.
If the object 'ipsecSecurityProtocol' has the value for
IPCOMP, then the 'ipsecSPI' object is the CPI of the packet.
Implementations SHOULD send one trap per peer (within a
reasonable time period), rather than sending one trap per
packet."
::= { rsSaTraps 0 7 }
END