david/mibs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
David Leutgeb
2023-12-05 12:25:34 +01:00
commit 98a672123c
4378 changed files with 8817503 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

944
MIBS/junos/JNX-IPSEC-MONITOR-MIB Normal file
View File

@ -0,0 +1,944 @@
JNX-IPSEC-MONITOR-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, Integer32, Unsigned32
FROM SNMPv2-SMI
InetAddress, InetAddressType
FROM INET-ADDRESS-MIB
TEXTUAL-CONVENTION, DisplayString, TimeInterval
FROM SNMPv2-TC
jnxMibs
FROM JUNIPER-SMI
jnxSpSvcSetName
FROM JUNIPER-SP-MIB
JnxIkePeerRole, JnxIkePeerType, JnxIkeNegoMode, JnxDiffHellmanGrp, JnxEncryptAlgo,
JnxIkeAuthMethod, JnxKeyType, JnxRemotePeerType, JnxSAType, JnxIkeHashAlgo, JnxEncapMode, JnxAuthAlgo
FROM JUNIPER-IPSEC-FLOW-MON-MIB;
jnxIpSecMonitorMIB MODULE-IDENTITY
LAST-UPDATED "201605310000Z" -- Tue May 31 00:00:00 2016 UTC
ORGANIZATION "Juniper Networks, Inc."
CONTACT-INFO
"Juniper Technical Assistance Center
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
E-mail: support@juniper.net"
DESCRIPTION " "
REVISION "201202102100Z"
DESCRIPTION
"Initial version implements only the following
tables:
- IKE tunnel table
- IPSec tunnel table
- IPSec security associations table
"
REVISION "201605310000Z" -- 31-May-16
DESCRIPTION
"Consolidated TC duplicated b/n jnx-ipsec-flow-mon.mib, jnx-ipsec-monitor-asp.mib"
::= { jnxMibs 22 }
-- +++++++++++++++++++++++++++++++++++++++++++++++++++
-- Local Textual Conventions
-- +++++++++++++++++++++++++++++++++++++++++++++++++++
JnxIkeNegState ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"State of the Phase-1 IKE negotiation."
SYNTAX INTEGER {
matured(1),
notmatured(2)
}
JnxSpi ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The type of the SPI associated with IPsec Phase-2 security
associations."
SYNTAX Unsigned32 (256..4294967295)
-- Umesh SYNTAX INTEGER (256..4294967295)
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec MIB Object Groups
--
-- This MIB module contains the following groups:
-- 1) IPsec Levels Group
-- 2) IPsec Phase-1 Group
-- 3) IPsec Phase-2 Group
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
jnxIpSecMIBObjects OBJECT IDENTIFIER
::= {jnxIpSecMonitorMIB 1}
jnxIpSecLevels OBJECT IDENTIFIER
::= { jnxIpSecMIBObjects 1 }
jnxIpSecPhaseOne OBJECT IDENTIFIER
::= { jnxIpSecMIBObjects 2 }
jnxIpSecPhaseTwo OBJECT IDENTIFIER
::= { jnxIpSecMIBObjects 3 }
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Levels Group
--
-- This group consists of a:
-- 1) IPsec MIB Level
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
jnxIpSecMibLevel OBJECT-TYPE
SYNTAX Integer32 (1..4096)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The version of the IPsec MIB."
::= { jnxIpSecLevels 1 }
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Internet Key Exchange Tunnel Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
jnxIkeTunnelTable OBJECT-TYPE
SYNTAX SEQUENCE OF JnxIkeTunnelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IPsec Phase-1 Internet Key Exchange Tunnel Table.
There is one entry in this table for each active IPsec
Phase-1 IKE Tunnel."
::= { jnxIpSecPhaseOne 1 }
jnxIkeTunnelEntry OBJECT-TYPE
SYNTAX JnxIkeTunnelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains the attributes associated with
an active IPsec Phase-1 IKE Tunnel."
INDEX { jnxSpSvcSetName, -- From the jnxSpSvcSetTable
jnxIkeTunRemoteGwAddrType,
jnxIkeTunRemoteGwAddr,
jnxIkeTunIndex }
::= { jnxIkeTunnelTable 1}
JnxIkeTunnelEntry ::= SEQUENCE {
jnxIkeTunIndex Integer32,
jnxIkeTunLocalRole JnxIkePeerRole,
jnxIkeTunNegState JnxIkeNegState,
jnxIkeTunInitiatorCookie DisplayString,
jnxIkeTunResponderCookie DisplayString,
jnxIkeTunLocalIdType JnxIkePeerType,
jnxIkeTunLocalIdValue DisplayString,
jnxIkeTunLocalGwAddrType InetAddressType,
jnxIkeTunLocalGwAddr InetAddress,
jnxIkeTunLocalCertName DisplayString,
jnxIkeTunRemoteIdType JnxIkePeerType,
jnxIkeTunRemoteIdValue DisplayString,
jnxIkeTunRemoteGwAddrType InetAddressType,
jnxIkeTunRemoteGwAddr InetAddress,
jnxIkeTunNegoMode JnxIkeNegoMode,
jnxIkeTunDiffHellmanGrp JnxDiffHellmanGrp,
jnxIkeTunEncryptAlgo JnxEncryptAlgo,
jnxIkeTunHashAlgo JnxIkeHashAlgo,
jnxIkeTunAuthMethod JnxIkeAuthMethod,
jnxIkeTunLifeTime Integer32,
jnxIkeTunActiveTime TimeInterval,
jnxIkeTunInOctets Counter64,
jnxIkeTunInPkts Counter32,
jnxIkeTunOutOctets Counter64,
jnxIkeTunOutPkts Counter32
}
jnxIkeTunIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of the IPsec Phase-1 IKE Tunnel Table.
The value of the index is a number which begins
at one and is incremented with each tunnel that
is created. The value of this object will
wrap at 2,147,483,647."
::= { jnxIkeTunnelEntry 1 }
jnxIkeTunLocalRole OBJECT-TYPE
SYNTAX JnxIkePeerRole
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The role of local peer identity. The Role of
the local peer can be:
1. initiator.
2. or responder."
::= { jnxIkeTunnelEntry 2 }
jnxIkeTunNegState OBJECT-TYPE
SYNTAX JnxIkeNegState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The state of the current negotiation , It can be
1. matured
2. not matured "
::= { jnxIkeTunnelEntry 3 }
jnxIkeTunInitiatorCookie OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Cookie as generated by the peer that initiated the IKE Phase-1
negotiation. This cookie is carried in the ISAKMP header."
::= { jnxIkeTunnelEntry 4 }
jnxIkeTunResponderCookie OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Cookie as generated by the peer responding to the IKE Phase-1
negotiation initiated by the remote peer. This cookie is carried
in the ISAKMP header."
::= { jnxIkeTunnelEntry 5 }
jnxIkeTunLocalIdType OBJECT-TYPE
SYNTAX JnxIkePeerType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of local peer identity. The local
peer may be identified by:
1. an IP address, or
2. or a fully qualified domain name string.
3. or a distinguished name string."
::= { jnxIkeTunnelEntry 6 }
jnxIkeTunLocalIdValue OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the local peer identity.
If the local peer type is an IP Address, then this
is the IP Address used to identify the local peer.
If the local peer type is id_fqdn, then this is
the FQDN of the remote peer.
If the local peer type is a id_dn, then this is
the distinguished name string of the local peer."
::= { jnxIkeTunnelEntry 7 }
jnxIkeTunLocalGwAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address type of the local endpoint (gateway) for the IPsec
Phase-1 IKE Tunnel."
::= { jnxIkeTunnelEntry 8 }
jnxIkeTunLocalGwAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the local endpoint (gateway) for the IPsec
Phase-1 IKE Tunnel."
::= { jnxIkeTunnelEntry 9 }
jnxIkeTunLocalCertName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Name of the certificate used for authentication of the local
tunnel endpoint. This object will have some valid value only
if negotiated IKE authentication method is other than pre-saherd
key. If the IKE negotiation do not use certificate based
authentication method, then the value of this object will be a
NULL string."
::= { jnxIkeTunnelEntry 10 }
jnxIkeTunRemoteIdType OBJECT-TYPE
SYNTAX JnxIkePeerType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of remote peer identity.
The remote peer may be identified by:
1. an IP address, or
2. or a fully qualified domain name string.
3. or a distinguished name string."
::= { jnxIkeTunnelEntry 11 }
jnxIkeTunRemoteIdValue OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the remote peer identity.
If the remote peer type is an IP Address, then this
is the IP Address used to identify the remote peer.
If the remote peer type is id_fqdn, then this is
the FQDN of the remote peer.
If the remote peer type is a id_dn, then this is
the distinguished named string of the remote peer."
::= { jnxIkeTunnelEntry 12 }
jnxIkeTunRemoteGwAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address type of the remote gateway (endpoint) for the IPsec
Phase-1 IKE Tunnel."
::= { jnxIkeTunnelEntry 13 }
jnxIkeTunRemoteGwAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the remote gateway (endpoint) for the IPsec
Phase-1 IKE Tunnel."
::= { jnxIkeTunnelEntry 14 }
jnxIkeTunNegoMode OBJECT-TYPE
SYNTAX JnxIkeNegoMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The negotiation mode of the IPsec Phase-1 IKE Tunnel."
::= { jnxIkeTunnelEntry 15 }
jnxIkeTunDiffHellmanGrp OBJECT-TYPE
SYNTAX JnxDiffHellmanGrp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Diffie Hellman Group used in IPsec Phase-1 IKE
negotiations."
::= { jnxIkeTunnelEntry 16 }
jnxIkeTunEncryptAlgo OBJECT-TYPE
SYNTAX JnxEncryptAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The encryption algorithm used in IPsec Phase-1 IKE
negotiations."
::= { jnxIkeTunnelEntry 17 }
jnxIkeTunHashAlgo OBJECT-TYPE
SYNTAX JnxIkeHashAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The hash algorithm used in IPsec Phase-1 IKE
negotiations."
::= { jnxIkeTunnelEntry 18 }
jnxIkeTunAuthMethod OBJECT-TYPE
SYNTAX JnxIkeAuthMethod
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The authentication method used in IPsec Phase-1 IKE
negotiations."
::= { jnxIkeTunnelEntry 19 }
jnxIkeTunLifeTime OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
in seconds."
::= { jnxIkeTunnelEntry 20 }
jnxIkeTunActiveTime OBJECT-TYPE
SYNTAX TimeInterval
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The length of time the IPsec Phase-1 IKE tunnel has been
active in hundredths of seconds."
::= { jnxIkeTunnelEntry 21 }
jnxIkeTunInOctets OBJECT-TYPE
SYNTAX Counter64
UNITS "Octets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of octets received by
this IPsec Phase-1 IKE security association."
::= { jnxIkeTunnelEntry 22 }
jnxIkeTunInPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets received by
this IPsec Phase-1 IKE security association."
::= { jnxIkeTunnelEntry 23 }
jnxIkeTunOutOctets OBJECT-TYPE
SYNTAX Counter64
UNITS "Octets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of octets sent by this IPsec Phase-1
IKE security association."
::= { jnxIkeTunnelEntry 24 }
jnxIkeTunOutPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "Packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets sent by this IPsec Phase-1
IKE security association."
::= { jnxIkeTunnelEntry 25 }
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
jnxIpSecTunnelTable OBJECT-TYPE
SYNTAX SEQUENCE OF JnxIpSecTunnelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IPsec Phase-2 Tunnel Table.
There is one entry in this table for
each active IPsec Phase-2 Tunnel."
::= { jnxIpSecPhaseTwo 1 }
jnxIpSecTunnelEntry OBJECT-TYPE
SYNTAX JnxIpSecTunnelEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains the attributes
associated with an active IPsec Phase-2 Tunnel."
INDEX {jnxSpSvcSetName, -- From the jnxSpSvcSetTable
jnxIpSecTunRemoteGwAddrType,
jnxIpSecTunRemoteGwAddr,
jnxIpSecTunIndex }
::= { jnxIpSecTunnelTable 1 }
JnxIpSecTunnelEntry ::= SEQUENCE {
jnxIpSecTunIndex Integer32,
jnxIpSecRuleName DisplayString,
jnxIpSecTermName DisplayString,
jnxIpSecTunLocalGwAddrType InetAddressType,
jnxIpSecTunLocalGwAddr InetAddress,
jnxIpSecTunRemoteGwAddrType InetAddressType,
jnxIpSecTunRemoteGwAddr InetAddress,
jnxIpSecTunLocalProxyId DisplayString,
jnxIpSecTunRemoteProxyId DisplayString,
jnxIpSecTunKeyType JnxKeyType,
jnxIpSecRemotePeerType JnxRemotePeerType,
jnxIpSecTunMtu Integer32,
jnxIpSecTunOutEncryptedBytes Counter64,
jnxIpSecTunOutEncryptedPkts Counter64,
jnxIpSecTunInDecryptedBytes Counter64,
jnxIpSecTunInDecryptedPkts Counter64,
jnxIpsSecTunAHInBytes Counter64,
jnxIpsSecTunAHInPkts Counter64,
jnxIpsSecTunAHOutBytes Counter64,
jnxIpsSecTunAHOutPkts Counter64,
jnxIpSecTunReplayDropPkts Counter64,
jnxIpSecTunAhAuthFails Counter64,
jnxIpSecTunEspAuthFails Counter64,
jnxIpSecTunDecryptFails Counter64,
jnxIpSecTunBadHeaders Counter64,
jnxIpSecTunBadTrailers Counter64,
jnxIpSecTunDroppedPkts Counter64
}
jnxIpSecTunIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of the IPsec Phase-2 Tunnel Table.
The value of the index is a number which begins
at one and is incremented with each tunnel that
is created. The value of this object will wrap
at 2,147,483,647."
::= { jnxIpSecTunnelEntry 1 }
jnxIpSecRuleName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Name of the rule configured in IPSec configuration."
::= { jnxIpSecTunnelEntry 2 }
jnxIpSecTermName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Name of the term configured under IPSec rule."
::= { jnxIpSecTunnelEntry 3 }
jnxIpSecTunLocalGwAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address type of the local gateway (endpoint) for the IPsec
Phase-2 Tunnel."
::= { jnxIpSecTunnelEntry 4 }
jnxIpSecTunLocalGwAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the local gateway (endpoint) for the IPsec
Phase-2 Tunnel."
::= { jnxIpSecTunnelEntry 5 }
jnxIpSecTunRemoteGwAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address type of the remote gateway (endpoint) for the IPsec
Phase-2 Tunnel."
::= { jnxIpSecTunnelEntry 6 }
jnxIpSecTunRemoteGwAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the remote gateway (endpoint) for the IPsec
Phase-2 Tunnel."
::= { jnxIpSecTunnelEntry 7 }
jnxIpSecTunLocalProxyId OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Identifier for the local end."
::= { jnxIpSecTunnelEntry 8 }
jnxIpSecTunRemoteProxyId OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Identifier for the remote end."
::= { jnxIpSecTunnelEntry 9 }
jnxIpSecTunKeyType OBJECT-TYPE
SYNTAX JnxKeyType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of key used by the IPsec Phase-2 Tunnel. It can be
one of the following two types:
- IKE negotiated
- Manually installed"
::= { jnxIpSecTunnelEntry 10 }
jnxIpSecRemotePeerType OBJECT-TYPE
SYNTAX JnxRemotePeerType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of the remote peer gateway (endpoint). It can be one
of the following two types:
- static (Remote peer whose IP address is known beforehand)
- dynamic (Remote peer whose IP address is not known
beforehand)"
::= { jnxIpSecTunnelEntry 11 }
jnxIpSecTunMtu OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"MTU value of this Phase-2 tunnel."
::= { jnxIpSecTunnelEntry 12 }
jnxIpSecTunOutEncryptedBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of bytes encrypted by this Phase-2 tunnel."
::= { jnxIpSecTunnelEntry 13 }
jnxIpSecTunOutEncryptedPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets encrypted by this Phase-2 tunnel."
::= { jnxIpSecTunnelEntry 14 }
jnxIpSecTunInDecryptedBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of bytes decrypted by this Phase-2 tunnel."
::= { jnxIpSecTunnelEntry 15 }
jnxIpSecTunInDecryptedPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets decrypted by this Phase-2 tunnel."
::= { jnxIpSecTunnelEntry 16 }
jnxIpsSecTunAHInBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of incoming bytes authenticated using AH by this Phase-2
tunnel."
::= { jnxIpSecTunnelEntry 17 }
jnxIpsSecTunAHInPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of incoming packets authenticated using AH by this Phase-2
tunnel."
::= { jnxIpSecTunnelEntry 18 }
jnxIpsSecTunAHOutBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of outgoing bytes applied AH by this Phase-2 tunnel."
::= { jnxIpSecTunnelEntry 19 }
jnxIpsSecTunAHOutPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of outgoing packets applied AH by this Phase-2 tunnel."
::= { jnxIpSecTunnelEntry 20 }
jnxIpSecTunReplayDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets dropped by this Phase-2 tunnel due to
anti replay check failure."
::= { jnxIpSecTunnelEntry 21 }
jnxIpSecTunAhAuthFails OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets received by this Phase-2 tunnel that
failed AH authentication."
::= { jnxIpSecTunnelEntry 22 }
jnxIpSecTunEspAuthFails OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets received by this Phase-2 tunnel that
failed ESP authentication."
::= { jnxIpSecTunnelEntry 23 }
jnxIpSecTunDecryptFails OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets received by this Phase-2 tunnel that
failed decryption."
::= { jnxIpSecTunnelEntry 24 }
jnxIpSecTunBadHeaders OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets received by this Phase-2 tunnel that
failed due to bad headers."
::= { jnxIpSecTunnelEntry 25 }
jnxIpSecTunBadTrailers OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets received by this Phase-2 tunnel that
failed due to bad ESP trailers."
::= { jnxIpSecTunnelEntry 26 }
jnxIpSecTunDroppedPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of dropped packets for this Phase-2 tunnel."
::= { jnxIpSecTunnelEntry 27 }
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Security Association Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
jnxIpSecSaTable OBJECT-TYPE
SYNTAX SEQUENCE OF JnxIpSecSaEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IPsec Phase-2 Security Association Table.
This table identifies the structure (in terms of
component SAs) of each active Phase-2 IPsec tunnel.
This table contains an entry for each active and
expiring security association and maps each entry
in the active Phase-2 tunnel table (ipSecTunTable)
into a number of entries in this table. The index of this
table reflects the
<destination-address, protocol, spi>
rule for identifying Security Associations."
::= { jnxIpSecPhaseTwo 2 }
jnxIpSecSaEntry OBJECT-TYPE
SYNTAX JnxIpSecSaEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry contains the attributes associated with
active and expiring IPsec Phase-2
security associations."
INDEX { jnxSpSvcSetName, -- From jnxSpSvcSetTable
jnxIpSecTunRemoteGwAddrType, -- From ipSecTunnelTable
jnxIpSecTunRemoteGwAddr, -- From ipSecTunnelTable
jnxIpSecTunIndex, -- From ipSecTunnelTable
jnxIpSecSaIndex }
::= { jnxIpSecSaTable 1 }
JnxIpSecSaEntry ::= SEQUENCE {
jnxIpSecSaProtocol INTEGER,
jnxIpSecSaIndex Integer32,
jnxIpSecSaInSpi JnxSpi,
jnxIpSecSaOutSpi JnxSpi,
jnxIpSecSaInAuxSpi JnxSpi,
jnxIpSecSaOutAuxSpi JnxSpi,
jnxIpSecSaType JnxSAType,
jnxIpSecSaEncapMode JnxEncapMode,
jnxIpSecSaLifeSize Integer32,
jnxIpSecSaLifeTime Integer32,
jnxIpSecSaActiveTime TimeInterval,
jnxIpSecSaLifeSizeThreshold Integer32,
jnxIpSecSaLifeTimeThreshold Integer32,
jnxIpSecSaEncryptAlgo JnxEncryptAlgo,
jnxIpSecSaAuthAlgo JnxAuthAlgo,
jnxIpSecSaState INTEGER
}
jnxIpSecSaProtocol OBJECT-TYPE
SYNTAX INTEGER{
ah(1),
esp(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index, represents the security protocol (AH, ESP or
IPComp) for which this security association was setup."
::= { jnxIpSecSaEntry 1 }
jnxIpSecSaIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index, in the context of the IPsec tunnel ipSecTunIndex,
of the security association represented by this table entry.
The value of this index is a number which begins at one and
is incremented with each SPI associated with an IPsec Phase-2
Tunnel. The value of this object will wrap at 2,147,483,647."
::= { jnxIpSecSaEntry 2 }
jnxIpSecSaInSpi OBJECT-TYPE
SYNTAX JnxSpi
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the incoming SPI."
::= { jnxIpSecSaEntry 3 }
jnxIpSecSaOutSpi OBJECT-TYPE
SYNTAX JnxSpi
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the outgoing SPI."
::= { jnxIpSecSaEntry 4 }
jnxIpSecSaInAuxSpi OBJECT-TYPE
SYNTAX JnxSpi
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the incoming auxiliary SPI. This is valid for AH
and ESP bundles."
::= { jnxIpSecSaEntry 5 }
jnxIpSecSaOutAuxSpi OBJECT-TYPE
SYNTAX JnxSpi
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the outgoing auxiliary SPI. This is valid for AH
and ESP bundles."
::= { jnxIpSecSaEntry 6 }
jnxIpSecSaType OBJECT-TYPE
SYNTAX JnxSAType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This field represents the type of security associations
which can be either manual or dynamic"
::= { jnxIpSecSaEntry 7 }
jnxIpSecSaEncapMode OBJECT-TYPE
SYNTAX JnxEncapMode
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The encapsulation mode used by an IPsec Phase-2 Tunnel. "
::= { jnxIpSecSaEntry 8 }
jnxIpSecSaLifeSize OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. "
::= { jnxIpSecSaEntry 9 }
jnxIpSecSaLifeTime OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. "
::= { jnxIpSecSaEntry 10 }
jnxIpSecSaActiveTime OBJECT-TYPE
SYNTAX TimeInterval
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The length of time the IPsec Phase-2 Tunnel has been active in seconds. "
::= { jnxIpSecSaEntry 11 }
jnxIpSecSaLifeSizeThreshold OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The security association LifeSize refresh threshold in kilobytes. "
::= { jnxIpSecSaEntry 12 }
jnxIpSecSaLifeTimeThreshold OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The security association LifeTime refresh threshold in seconds. "
::= { jnxIpSecSaEntry 13 }
jnxIpSecSaEncryptAlgo OBJECT-TYPE
SYNTAX JnxEncryptAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Encryption algorithm used to encrypt
the packets which can be either es-cbc or 3des-cbc. "
::= { jnxIpSecSaEntry 14 }
jnxIpSecSaAuthAlgo OBJECT-TYPE
SYNTAX JnxAuthAlgo
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The algorithm used for authentication of packets which
can be hmac-md5-96 or hmac-sha1-96"
::= { jnxIpSecSaEntry 15 }
jnxIpSecSaState OBJECT-TYPE
SYNTAX INTEGER{
unknown(0),
active(1),
expiring(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This column represents the status of the security association
represented by this table entry. If the status of the SA is
'active', the SA is ready for active use. The status
'expiring' represents any of the various states that the
security association transitions through before being purged."
::= { jnxIpSecSaEntry 16 }
END