4606 lines
173 KiB
Plaintext
4606 lines
173 KiB
Plaintext
-- *******************************************************************
|
|
-- Juniper Networks IPSEC Generic Flow Monitoring object mibs
|
|
--
|
|
-- Copyright (c) 2001-2011, Juniper Networks, Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- The contents of this document are subject to change without notice.
|
|
-- *******************************************************************
|
|
|
|
JUNIPER-IPSEC-FLOW-MON-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Counter32,
|
|
Counter64, Integer32, Unsigned32, NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
InetAddress, InetAddressType, InetPortNumber
|
|
FROM INET-ADDRESS-MIB
|
|
TEXTUAL-CONVENTION, DisplayString, TimeInterval
|
|
FROM SNMPv2-TC
|
|
jnxIpSecMibRoot
|
|
FROM JUNIPER-SMI;
|
|
|
|
|
|
jnxIpSecFlowMonMIB MODULE-IDENTITY
|
|
LAST-UPDATED "202004290000Z" -- Wed Apr 29 00:00:00 2020 UTC
|
|
ORGANIZATION "Juniper Networks, Inc."
|
|
CONTACT-INFO
|
|
"Juniper Technical Assistance Center
|
|
Juniper Networks, Inc.
|
|
1133 Innovation Way
|
|
Sunnyvale, CA 94089
|
|
E-mail: support@juniper.net"
|
|
DESCRIPTION
|
|
"This module defines the object used to monitor the
|
|
entries pertaining to IPSec objects and the management
|
|
of the IPSEC VPN functionalities.
|
|
tables:
|
|
- IKE tunnel table
|
|
- IPSec tunnel table
|
|
- IPSec security associations table.
|
|
|
|
This mib module is based on JNX-IPSEC-MONITOR-MIB.
|
|
Building on the existing IKE infrastruature, the
|
|
security IKE implementation integrates the value-added
|
|
features for the security products"
|
|
|
|
REVISION "202004290000Z" -- April 29, 2020
|
|
DESCRIPTION
|
|
"Added New field for jnxIkeGlobalInitiatorIkev2SaInitStats for
|
|
the global IKE stats"
|
|
|
|
REVISION "202004280000Z" -- April 28, 2020
|
|
DESCRIPTION
|
|
"A new field jnxIkeTunMonTunType of type JnxIkeTunType is added to
|
|
table jnxIkeTunnelMonTableunder which will identify the tunnel as
|
|
regular(1) or halink(2).
|
|
|
|
A new field jnxIpSecTunMonTunType of type JnxIkeTunType is added to
|
|
table jnxIpSecTunnelMonTable which will identify the tunnel as
|
|
regular(1) or halink(2).
|
|
|
|
A new table jnxIkeHaLinkGlobalStats is added which lists IKE
|
|
global stats for ha-link tunnels.
|
|
|
|
A new table jnxIpSecHaLinkGlobalStats is added which lists IPSec
|
|
global stats for ha-link tunnels.
|
|
|
|
A new field jnxIkePeerStatsTunType of type JnxIkeTunType is added
|
|
to table jnxIkePeerStatsTable which will identify the tunnel as
|
|
regular(1) or halink(2)."
|
|
|
|
REVISION "202004190000Z" -- April 19, 2020
|
|
DESCRIPTION
|
|
"Added New MIB jnxIpSecGlobalStats for the global IPsec stats"
|
|
|
|
REVISION "201909100000Z" -- September 10, 2019
|
|
DESCRIPTION
|
|
"Added IPSec-tunnel statistics counters to IPSec Tunnel monitor
|
|
entry table"
|
|
|
|
REVISION "201908220000Z" -- August 22, 2019
|
|
DESCRIPTION
|
|
"Added the IKE tunnel statistics counters to IKE tunnel monitor table"
|
|
|
|
REVISION "201606220000Z" -- June 22, 2016
|
|
DESCRIPTION
|
|
"Added traffic-selector-name and vpn-name to ipsec-tunnel
|
|
-monitor-entry table"
|
|
|
|
REVISION "200705160000Z" -- May 16, 2007
|
|
DESCRIPTION
|
|
"Revised the MIB to exlude platform/product specific attributes"
|
|
|
|
REVISION "201605310000Z" -- 31-May-16
|
|
DESCRIPTION
|
|
"Consolidated TC duplicated b/n jnx-ipsec-flow-mon.mib, jnx-ipsec-monitor-asp.mib"
|
|
|
|
::= { jnxIpSecMibRoot 1 }
|
|
|
|
--
|
|
-- Branch tree objects
|
|
--
|
|
jnxIpSecFlowMonNotifications OBJECT IDENTIFIER ::= { jnxIpSecFlowMonMIB 0 }
|
|
jnxIpSecFlowMonPhaseOne OBJECT IDENTIFIER ::= { jnxIpSecFlowMonMIB 1 }
|
|
jnxIpSecFlowMonPhaseTwo OBJECT IDENTIFIER ::= { jnxIpSecFlowMonMIB 2 }
|
|
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- Local Textual Conventions
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
JnxIkePeerType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of IPsec Phase-1 IKE peer identity. It is the
|
|
local IKE identify to send in the exchange.
|
|
The IKE peer may be identified by one of the ID types
|
|
defined in IPSEC DOI.
|
|
idIpv4Addr - IPv4 Address.
|
|
idIpv6Addr - IPv6 Address.
|
|
idUfqdn - user fully qualified domain name (user@hostname).
|
|
idFqdn - full qualified domain name
|
|
idDn - distinquished name"
|
|
SYNTAX INTEGER {
|
|
unknown (0),
|
|
idIpv4Addr (1),
|
|
idFqdn (2),
|
|
idDn (3),
|
|
idUfqdn (4),
|
|
idIpv6Addr (5)
|
|
}
|
|
|
|
JnxIkeNegoMode ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IPsec Phase-1 IKE negotiation mode.
|
|
Main Mode: A six-message Phase 1 exchange that provides identity
|
|
protection.
|
|
Aggressive mode: a three-message phase 1 exchange that does
|
|
not provide identity protection"
|
|
SYNTAX INTEGER {
|
|
main (1),
|
|
aggressive (2),
|
|
ikev2(3)
|
|
}
|
|
|
|
JnxIkeHashAlgo ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The hash algorithm used in IPsec Phase-1 IKE negotiations."
|
|
SYNTAX INTEGER {
|
|
md5(1),
|
|
sha(2),
|
|
sha256(3),
|
|
sha384(4),
|
|
sha512(5)
|
|
}
|
|
|
|
JnxIkeAuthMethod ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication method used in IPsec Phase-1 IKE
|
|
negotiations."
|
|
SYNTAX INTEGER {
|
|
preSharedKey (1),
|
|
dssSignature (2),
|
|
rsaSignature (3),
|
|
rsaEncryption (4),
|
|
revRsaEncryption (5),
|
|
xauthPreSharedKey (6),
|
|
xauthDssSignature (7),
|
|
xauthRsaSignature (8),
|
|
xauthRsaEncryption (9),
|
|
xauthRevRsaEncryption (10),
|
|
ecdsa256Signature (11),
|
|
ecdsa384Signature (12),
|
|
ecdsa521Signature (13)
|
|
}
|
|
|
|
JnxIkePeerRole ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Role of the local endpoint in negotiating the IPsec Phase-1 IKE
|
|
security association. It can be either Initiator or Responder."
|
|
SYNTAX INTEGER {
|
|
initiator (1),
|
|
responder (2)
|
|
}
|
|
|
|
JnxIkeTunStateType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"State of the Phase-1 IKE negotiation."
|
|
SYNTAX INTEGER {
|
|
up (1),
|
|
down (2)
|
|
}
|
|
|
|
|
|
JnxDiffHellmanGrp ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Diffie Hellman Group used in negotiations.
|
|
modp768 -- 768-bit MODP
|
|
modp1024 -- 1024-bit MODP
|
|
modp1536 -- 1536-bit MODP
|
|
modp2048 -- 2048-bit MODP
|
|
modp3072 -- 3072-bit MODP
|
|
modp4096 -- 4096-bit MODP
|
|
ec-modp256 -- 256-bit EC-MODP
|
|
ec-modp384 -- 384-bit EC-MODP
|
|
ec-modp521 -- 521-bit EC-MODP
|
|
modp2048s256 -- 2048-bit MODP group with 256 bit subgroup
|
|
"
|
|
SYNTAX INTEGER {
|
|
unknown(0),
|
|
modp768(1),
|
|
modp1024(2),
|
|
modp1536(5),
|
|
modp2048(14),
|
|
modp3072(15),
|
|
modp4096(16),
|
|
ecmodp256(19),
|
|
ecmodp384(20),
|
|
ecmodp521(21),
|
|
modp2048s256(24)
|
|
}
|
|
|
|
JnxKeyType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of key used by an IPsec Phase-2 Tunnel."
|
|
SYNTAX INTEGER{
|
|
unknown (0),
|
|
keyIke (1),
|
|
keyManual (2)
|
|
}
|
|
|
|
JnxEncapMode ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encapsulation mode used by an IPsec Phase-2 Tunnel."
|
|
SYNTAX INTEGER{
|
|
unknown (0),
|
|
tunnel (1),
|
|
transport (2)
|
|
}
|
|
|
|
JnxEncryptAlgo ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encryption algorithm used in negotiations."
|
|
SYNTAX INTEGER {
|
|
espDes (1),
|
|
esp3des (2),
|
|
espNull (3),
|
|
espAes128 (4),
|
|
espAes192 (5),
|
|
espAes256 (6),
|
|
espAesGcm128 (7),
|
|
espAesGcm192 (8),
|
|
espAesGcm256 (9)
|
|
}
|
|
|
|
JnxAuthAlgo ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication algorithm used by a
|
|
security association of an IPsec Phase-2 Tunnel."
|
|
SYNTAX INTEGER{
|
|
unknown (0),
|
|
hmacMd5 (1),
|
|
hmacSha (2),
|
|
hmacSha256 (3),
|
|
hmacSha384 (4),
|
|
hmacSha512 (5)
|
|
|
|
}
|
|
|
|
JnxRemotePeerType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of the remote peer gateway (endpoint). It can be one
|
|
of the following two types:
|
|
- static (Remote peer whose IP address is known beforehand)
|
|
- dynamic (Remote peer whose IP address is not known
|
|
beforehand).
|
|
"
|
|
SYNTAX INTEGER {
|
|
unknown (0),
|
|
static (1),
|
|
dynamic (2)
|
|
}
|
|
|
|
JnxPeerStateType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"State of the IKE peer with which the managed entity
|
|
is currently associated."
|
|
SYNTAX INTEGER {
|
|
active (1),
|
|
inactive (2)
|
|
}
|
|
|
|
JnxSpiType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of the SPI associated with IPsec Phase-2 security
|
|
associations."
|
|
SYNTAX Unsigned32 (256..4294967295)
|
|
|
|
|
|
JnxSAType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SA Type manual or dynamic"
|
|
SYNTAX INTEGER {
|
|
unknown (0),
|
|
manual (1),
|
|
dynamic (2)
|
|
}
|
|
|
|
JnxEsnMode ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ESN mode Enable or Disable"
|
|
SYNTAX INTEGER {
|
|
none (0),
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
|
|
JnxIkeTunType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of the tunnel."
|
|
SYNTAX INTEGER {
|
|
regular (1),
|
|
halink (2)
|
|
}
|
|
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- Notifications
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIkeNotificationType OBJECT IDENTIFIER ::= { jnxIpSecFlowMonNotifications 0 }
|
|
|
|
jnxIkeNotificationObj OBJECT IDENTIFIER ::= { jnxIpSecFlowMonNotifications 1 }
|
|
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- Notifications - Variables
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIkeTrapPeerRemoteGwAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the remote gateway (endpoint) for the
|
|
IKE SA negotiaton."
|
|
::= { jnxIkeNotificationObj 1 }
|
|
|
|
jnxIkeTrapPeerRemoteGwAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the remote gateway (endpoint) for the IKE SA
|
|
negotiation."
|
|
::= { jnxIkeNotificationObj 2 }
|
|
|
|
jnxIkeTrapPeerRemotePort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number of the remote gateway (endpoint) for the IKE
|
|
SA negotiation. The port number zero means the input value is
|
|
ignored for this object and the default port is considered."
|
|
::= { jnxIkeNotificationObj 3 }
|
|
|
|
jnxIkeTrapPeerLocalGwAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the local endpoint (gateway) for the
|
|
IKE SA negotiation."
|
|
::= { jnxIkeNotificationObj 4 }
|
|
|
|
jnxIkeTrapPeerLocalGwAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the local endpoint (gateway) for the IKE SA
|
|
negotiation."
|
|
::= { jnxIkeNotificationObj 5 }
|
|
|
|
jnxIkeTrapPeerLocalPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number of the local gateway (endpoint) for the IKE SA
|
|
negotiation. The port number zero means the input value is
|
|
ignored for this object and the default port is considered."
|
|
::= { jnxIkeNotificationObj 6 }
|
|
|
|
jnxIkeTrapPeerRoutingInstance OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of the routing instance."
|
|
::= { jnxIkeNotificationObj 7 }
|
|
|
|
jnxIkeTrapPeerLocalIdType OBJECT-TYPE
|
|
SYNTAX JnxIkePeerType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of local peer identity. The local
|
|
peer may be identified by:
|
|
1. an IP address, or
|
|
2. or a fully qualified domain name string.
|
|
3. or a distinguished name string."
|
|
::= { jnxIkeNotificationObj 8 }
|
|
|
|
jnxIkeTrapPeerLocalIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the local peer identity.
|
|
|
|
If the local peer type is an IP Address, then this
|
|
is the IP Address used to identify the local peer.
|
|
|
|
If the local peer type is id_fqdn, then this is
|
|
the FQDN of the remote peer.
|
|
|
|
If the local peer type is a id_dn, then this is
|
|
the distinguished name string of the local peer."
|
|
::= { jnxIkeNotificationObj 9 }
|
|
|
|
jnxIkeTrapPeerRemoteIdType OBJECT-TYPE
|
|
SYNTAX JnxIkePeerType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of remote peer identity.
|
|
The remote peer may be identified by:
|
|
1. an IP address, or
|
|
2. or a fully qualified domain name string.
|
|
3. or a distinguished name string."
|
|
::= { jnxIkeNotificationObj 10 }
|
|
|
|
jnxIkeTrapPeerRemoteIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the remote peer identity.
|
|
|
|
If the remote peer type is an IP Address, then this
|
|
is the IP Address used to identify the remote peer.
|
|
|
|
If the remote peer type is id_fqdn, then this is
|
|
the FQDN of the remote peer.
|
|
|
|
If the remote peer type is a id_dn, then this is
|
|
the distinguished named string of the remote peer."
|
|
::= { jnxIkeNotificationObj 11 }
|
|
|
|
jnxIkeTrapPeerAAAUserName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifies the user with the specified authentication,
|
|
authorization and accounting (AAA) username, associated
|
|
with the IKE SA negotiation."
|
|
::= { jnxIkeNotificationObj 12 }
|
|
|
|
jnxIkeTrapPeerGwName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of the IKE gateway."
|
|
::= { jnxIkeNotificationObj 13 }
|
|
|
|
jnxIkeTrapIpSecTunVpnName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPsec tunnel VPN name."
|
|
::= { jnxIkeNotificationObj 14 }
|
|
|
|
jnxIkeTrapIpSecTunTsName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPsec tunnel Traffic Selector name."
|
|
::= { jnxIkeNotificationObj 15 }
|
|
|
|
jnxIkeTrapIpSecTunLocalTS OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifier for the local end of IPsec tunnel."
|
|
::= { jnxIkeNotificationObj 16 }
|
|
|
|
jnxIkeTrapIpSecTunRemoteTS OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifier for the remote end of IPsec tunnel."
|
|
::= { jnxIkeNotificationObj 17 }
|
|
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- Notifications - Traps
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIkePeerDown NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
jnxIkeTrapPeerRemoteGwAddrType,
|
|
jnxIkeTrapPeerRemoteGwAddr,
|
|
jnxIkeTrapPeerRemotePort,
|
|
jnxIkeTrapPeerLocalGwAddrType,
|
|
jnxIkeTrapPeerLocalGwAddr,
|
|
jnxIkeTrapPeerLocalPort,
|
|
jnxIkeTrapPeerRoutingInstance,
|
|
jnxIkeTrapPeerLocalIdType,
|
|
jnxIkeTrapPeerLocalIdValue,
|
|
jnxIkeTrapPeerRemoteIdType,
|
|
jnxIkeTrapPeerRemoteIdValue,
|
|
jnxIkeTrapPeerAAAUserName,
|
|
jnxIkeTrapPeerGwName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To provide notification for the event when Peer goes down."
|
|
::= { jnxIkeNotificationType 1 }
|
|
|
|
jnxIkePeerIPSecTunnelDown NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
jnxIkeTrapPeerRemoteGwAddrType,
|
|
jnxIkeTrapPeerRemoteGwAddr,
|
|
jnxIkeTrapPeerRemotePort,
|
|
jnxIkeTrapPeerLocalGwAddrType,
|
|
jnxIkeTrapPeerLocalGwAddr,
|
|
jnxIkeTrapPeerLocalPort,
|
|
jnxIkeTrapPeerRoutingInstance,
|
|
jnxIkeTrapPeerLocalIdType,
|
|
jnxIkeTrapPeerLocalIdValue,
|
|
jnxIkeTrapPeerRemoteIdType,
|
|
jnxIkeTrapPeerRemoteIdValue,
|
|
jnxIkeTrapPeerAAAUserName,
|
|
jnxIkeTrapPeerGwName,
|
|
jnxIkeTrapIpSecTunVpnName,
|
|
jnxIkeTrapIpSecTunTsName,
|
|
jnxIkeTrapIpSecTunLocalTS,
|
|
jnxIkeTrapIpSecTunRemoteTS
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To provide notification for the event of IPSec Tunnels
|
|
going down for a peer. These traps are not generated
|
|
if the corresponding peer has gone down."
|
|
::= { jnxIkeNotificationType 2 }
|
|
|
|
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- Number of IKE Tunnels currently active
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIkeNumOfTunnels OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE Tunnels (phase-1) actively negotiating between
|
|
peers. The SA can be in either the up or down state.
|
|
This attribute should detail the number of IKE tunnels
|
|
in jnxIkeTunnelMonTable."
|
|
::= { jnxIpSecFlowMonPhaseOne 1 }
|
|
|
|
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The IPsec Phase-1 Internet Key Exchange Tunnel Table
|
|
--
|
|
-- Phase 1 is used to negotiate the parameter and key material required
|
|
-- to establish an ISAKMP AS.
|
|
--
|
|
-- The phase 1 IKE gateway key exchange: tunnel peer device. Phase 1
|
|
-- security association components include encryption algorithm,
|
|
-- authentication, Diffie-Hellman group values and anthentication method
|
|
-- such as pre-shared keys or certificates.
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIkeTunnelMonTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF JnxIkeTunnelMonEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IPsec Phase-1 Internet Key Exchange Tunnel Table.
|
|
There is one entry in this table for each active IPsec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIpSecFlowMonPhaseOne 2 }
|
|
|
|
jnxIkeTunnelMonEntry OBJECT-TYPE
|
|
SYNTAX JnxIkeTunnelMonEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains the attributes associated with
|
|
an active IPsec Phase-1 IKE Tunnel."
|
|
INDEX { jnxIkeTunMonRemoteGwAddrType,
|
|
jnxIkeTunMonRemoteGwAddr,
|
|
jnxIkeTunMonIndex }
|
|
::= { jnxIkeTunnelMonTable 1 }
|
|
|
|
JnxIkeTunnelMonEntry ::= SEQUENCE {
|
|
jnxIkeTunMonRemoteGwAddrType InetAddressType,
|
|
jnxIkeTunMonRemoteGwAddr InetAddress,
|
|
jnxIkeTunMonIndex Integer32,
|
|
jnxIkeTunMonLocalGwAddrType InetAddressType,
|
|
jnxIkeTunMonLocalGwAddr InetAddress,
|
|
jnxIkeTunMonState JnxIkeTunStateType,
|
|
jnxIkeTunMonInitiatorCookie DisplayString,
|
|
jnxIkeTunMonResponderCookie DisplayString,
|
|
jnxIkeTunMonLocalRole JnxIkePeerRole,
|
|
jnxIkeTunMonLocalIdType JnxIkePeerType,
|
|
jnxIkeTunMonLocalIdValue DisplayString,
|
|
jnxIkeTunMonLocalCertName DisplayString,
|
|
jnxIkeTunMonRemoteIdType JnxIkePeerType,
|
|
jnxIkeTunMonRemoteIdValue DisplayString,
|
|
jnxIkeTunMonNegoMode JnxIkeNegoMode,
|
|
jnxIkeTunMonDiffHellmanGrp JnxDiffHellmanGrp,
|
|
jnxIkeTunMonEncryptAlgo JnxEncryptAlgo,
|
|
jnxIkeTunMonHashAlgo JnxIkeHashAlgo,
|
|
jnxIkeTunMonAuthMethod JnxIkeAuthMethod,
|
|
jnxIkeTunMonLifeTime Integer32,
|
|
jnxIkeTunMonActiveTime TimeInterval,
|
|
jnxIkeTunMonInOctets Counter64,
|
|
jnxIkeTunMonInPkts Counter32,
|
|
jnxIkeTunMonOutOctets Counter64,
|
|
jnxIkeTunMonOutPkts Counter32,
|
|
jnxIkeTunMonXAuthUserId DisplayString,
|
|
jnxIkeTunMonDPDDownCount Counter32,
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyRequestOut Counter64,
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResponseIn Counter64,
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyNoProposalChosenIn Counter64,
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyInvalidKeIn Counter64,
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyTsUnacceptableIn Counter64,
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifySaFail Counter64,
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifyDhGroupFail Counter64,
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifyTsFail Counter64,
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResDhComputeKeyFail Counter64,
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyRequestIn Counter64,
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyResponseOut Counter64,
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyNoProposalChosenOut Counter64,
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyInvalidKeOut Counter64,
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyTsUnacceptableOut Counter64,
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyResDhComputeKeyFail Counter64,
|
|
jnxIkeTunMonGwName DisplayString,
|
|
jnxIkeTunMonTunType JnxIkeTunType
|
|
}
|
|
|
|
|
|
jnxIkeTunMonRemoteGwAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the remote gateway (endpoint) for the IPsec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkeTunnelMonEntry 1 }
|
|
|
|
jnxIkeTunMonRemoteGwAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the remote gateway (endpoint) for the IPsec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkeTunnelMonEntry 2 }
|
|
|
|
jnxIkeTunMonIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the IPsec Phase-1 IKE Tunnel Table.
|
|
The value of the index is a number which begins
|
|
at one and is incremented with each tunnel that
|
|
is created. The value of this object will
|
|
wrap at 2,147,483,647."
|
|
::= { jnxIkeTunnelMonEntry 3 }
|
|
|
|
jnxIkeTunMonLocalGwAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the local endpoint (gateway) for the IPsec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkeTunnelMonEntry 4 }
|
|
|
|
jnxIkeTunMonLocalGwAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the local endpoint (gateway) for the IPsec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkeTunnelMonEntry 5 }
|
|
|
|
jnxIkeTunMonState OBJECT-TYPE
|
|
SYNTAX JnxIkeTunStateType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The state of the IKE tunnel, It can be:
|
|
1. up - negotiation completed
|
|
2. down- being negotiated"
|
|
::= { jnxIkeTunnelMonEntry 6 }
|
|
|
|
jnxIkeTunMonInitiatorCookie OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Cookie as generated by the peer that initiated the IKE Phase-1
|
|
negotiation. This cookie is carried in the ISAKMP header."
|
|
::= { jnxIkeTunnelMonEntry 7 }
|
|
|
|
jnxIkeTunMonResponderCookie OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Cookie as generated by the peer responding to the IKE Phase-1
|
|
negotiation initiated by the remote peer. This cookie is carried
|
|
in the ISAKMP header."
|
|
::= { jnxIkeTunnelMonEntry 8 }
|
|
|
|
jnxIkeTunMonLocalRole OBJECT-TYPE
|
|
SYNTAX JnxIkePeerRole
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The role of local peer identity. The Role of the local peer can be:
|
|
1. initiator.
|
|
2. or responder."
|
|
::= { jnxIkeTunnelMonEntry 9 }
|
|
|
|
jnxIkeTunMonLocalIdType OBJECT-TYPE
|
|
SYNTAX JnxIkePeerType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of local peer identity. The local
|
|
peer may be identified by:
|
|
1. an IP address, or
|
|
2. or a fully qualified domain name string.
|
|
3. or a distinguished name string."
|
|
::= { jnxIkeTunnelMonEntry 10 }
|
|
|
|
jnxIkeTunMonLocalIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the local peer identity.
|
|
|
|
If the local peer type is an IP Address, then this
|
|
is the IP Address used to identify the local peer.
|
|
|
|
If the local peer type is id_fqdn, then this is
|
|
the FQDN of the remote peer.
|
|
|
|
If the local peer type is a id_dn, then this is
|
|
the distinguished name string of the local peer."
|
|
::= { jnxIkeTunnelMonEntry 11 }
|
|
|
|
jnxIkeTunMonLocalCertName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of the certificate used for authentication of the local
|
|
tunnel endpoint. This object will have some valid value only
|
|
if negotiated IKE authentication method is other than pre-saherd
|
|
key. If the IKE negotiation do not use certificate based
|
|
authentication method, then the value of this object will be a
|
|
NULL string."
|
|
::= { jnxIkeTunnelMonEntry 12 }
|
|
|
|
jnxIkeTunMonRemoteIdType OBJECT-TYPE
|
|
SYNTAX JnxIkePeerType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of remote peer identity.
|
|
The remote peer may be identified by:
|
|
1. an IP address, or
|
|
2. or a fully qualified domain name string.
|
|
3. or a distinguished name string."
|
|
::= { jnxIkeTunnelMonEntry 13 }
|
|
|
|
jnxIkeTunMonRemoteIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the remote peer identity.
|
|
|
|
If the remote peer type is an IP Address, then this
|
|
is the IP Address used to identify the remote peer.
|
|
|
|
If the remote peer type is id_fqdn, then this is
|
|
the FQDN of the remote peer.
|
|
|
|
If the remote peer type is a id_dn, then this is
|
|
the distinguished named string of the remote peer."
|
|
::= { jnxIkeTunnelMonEntry 14 }
|
|
|
|
jnxIkeTunMonNegoMode OBJECT-TYPE
|
|
SYNTAX JnxIkeNegoMode
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The negotiation mode of the IPsec Phase-1 IKE Tunnel."
|
|
::= { jnxIkeTunnelMonEntry 15 }
|
|
|
|
jnxIkeTunMonDiffHellmanGrp OBJECT-TYPE
|
|
SYNTAX JnxDiffHellmanGrp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Diffie Hellman Group used in IPsec Phase-1 IKE
|
|
negotiations."
|
|
::= { jnxIkeTunnelMonEntry 16 }
|
|
|
|
jnxIkeTunMonEncryptAlgo OBJECT-TYPE
|
|
SYNTAX JnxEncryptAlgo
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encryption algorithm used in IPsec Phase-1 IKE negotiations."
|
|
::= { jnxIkeTunnelMonEntry 17 }
|
|
|
|
jnxIkeTunMonHashAlgo OBJECT-TYPE
|
|
SYNTAX JnxIkeHashAlgo
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The hash algorithm used in IPsec Phase-1 IKE negotiations."
|
|
::= { jnxIkeTunnelMonEntry 18 }
|
|
|
|
jnxIkeTunMonAuthMethod OBJECT-TYPE
|
|
SYNTAX JnxIkeAuthMethod
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication method used in IPsec Phase-1 IKE
|
|
negotiations."
|
|
::= { jnxIkeTunnelMonEntry 19 }
|
|
|
|
jnxIkeTunMonLifeTime OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
|
|
in seconds."
|
|
::= { jnxIkeTunnelMonEntry 20 }
|
|
|
|
jnxIkeTunMonActiveTime OBJECT-TYPE
|
|
SYNTAX TimeInterval
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of time the IPsec Phase-1 IKE tunnel has been
|
|
active in hundredths of seconds."
|
|
::= { jnxIkeTunnelMonEntry 21 }
|
|
|
|
jnxIkeTunMonInOctets OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Octets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of octets received by this IPsec Phase-1
|
|
IKE security association."
|
|
::= { jnxIkeTunnelMonEntry 22 }
|
|
|
|
jnxIkeTunMonInPkts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of packets received by this IPsec Phase-1
|
|
IKE security association."
|
|
::= { jnxIkeTunnelMonEntry 23 }
|
|
|
|
jnxIkeTunMonOutOctets OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Octets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of octets sent by this IPsec Phase-1
|
|
IKE security association."
|
|
::= { jnxIkeTunnelMonEntry 24 }
|
|
|
|
jnxIkeTunMonOutPkts OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of packets sent by this IPsec Phase-1
|
|
IKE security association."
|
|
::= { jnxIkeTunnelMonEntry 25 }
|
|
|
|
jnxIkeTunMonXAuthUserId OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The extended Authentication (XAuth) User Identifier, identifies the
|
|
user associated with this IPSec Phase negotiation."
|
|
::= { jnxIkeTunnelMonEntry 26 }
|
|
|
|
jnxIkeTunMonDPDDownCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"The number of times that the remote peer is detected
|
|
in a dead (or down) state. This attribute is obsolete"
|
|
::= { jnxIkeTunnelMonEntry 27 }
|
|
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA request
|
|
message sent by Initiator."
|
|
::= { jnxIkeTunnelMonEntry 28 }
|
|
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response
|
|
message received by Initiator."
|
|
::= { jnxIkeTunnelMonEntry 29 }
|
|
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA NO_PROPSAL_CHOSEN
|
|
Notification received by Initiator."
|
|
::= { jnxIkeTunnelMonEntry 30 }
|
|
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyInvalidKeIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA INVALID_KE_PAYLOAD
|
|
received by Initiator."
|
|
::= { jnxIkeTunnelMonEntry 31 }
|
|
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyTsUnacceptableIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA TS_UNACCEPTABLE
|
|
notification received by Initiator."
|
|
::= { jnxIkeTunnelMonEntry 32 }
|
|
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifySaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response message
|
|
verification of peer SA failed at Initiator."
|
|
::= { jnxIkeTunnelMonEntry 33 }
|
|
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifyDhGroupFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response message
|
|
verification of DH group failed at Initiator."
|
|
::= { jnxIkeTunnelMonEntry 34 }
|
|
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifyTsFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response message
|
|
verification of TS failed at Initiator."
|
|
::= { jnxIkeTunnelMonEntry 35 }
|
|
|
|
jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response message
|
|
Diffie-Hellman compute key failed at Initiator."
|
|
::= { jnxIkeTunnelMonEntry 36 }
|
|
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA request
|
|
message received by Responder."
|
|
::= { jnxIkeTunnelMonEntry 37 }
|
|
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response
|
|
message sent by Responder."
|
|
::= { jnxIkeTunnelMonEntry 38 }
|
|
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA NO_PROPSAL_CHOSEN
|
|
Notification sent by Responder."
|
|
::= { jnxIkeTunnelMonEntry 39 }
|
|
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyInvalidKeOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA INVALID_KE_PAYLOAD
|
|
Notification sent by Responder."
|
|
::= { jnxIkeTunnelMonEntry 40 }
|
|
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyTsUnacceptableOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA TS_UNACCEPTABLE
|
|
notification sent by Responder."
|
|
::= { jnxIkeTunnelMonEntry 41 }
|
|
|
|
jnxIkeTunMonResponderIkev2IPSecSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response message
|
|
Diffie-Hellman compute key failed at Responder."
|
|
::= { jnxIkeTunnelMonEntry 42 }
|
|
|
|
jnxIkeTunMonGwName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The gateway name"
|
|
::= { jnxIkeTunnelMonEntry 43 }
|
|
|
|
jnxIkeTunMonTunType OBJECT-TYPE
|
|
SYNTAX JnxIkeTunType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Tunnel type. It can be regular (1) or ha-link (2)"
|
|
::= { jnxIkeTunnelMonEntry 44 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The IKEv2 global Statistics
|
|
-- Provides global statistics for all IKE tunnels, active and previous.
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIkeGlobalStats OBJECT IDENTIFIER
|
|
::= { jnxIpSecFlowMonPhaseOne 3 }
|
|
|
|
|
|
-- Initiator IKE_SA_INIT exchange stats
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitStats OBJECT IDENTIFIER
|
|
::= { jnxIkeGlobalStats 1 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT request message sent by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 1 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 2 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitResInvalidIkeSpi OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message containing invalid
|
|
SPI received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 3 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitInvalidKePayloadIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT INVALID_KE_PAYLOAD received
|
|
by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 4 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT NO_PROPSAL_CHOSEN received
|
|
by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 5 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitResVerifySaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message verification
|
|
of peer SA failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 6 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitResIkeSaFillFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message IKE SA fill
|
|
operation failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 7 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitResVerifyDhGroupFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message verification of
|
|
DH group failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 8 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitCookieRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT COOKIE notification request
|
|
message received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 9 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitCookieResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT COOKIE notification
|
|
response message sent by Responder."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 10 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2SaInitResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message Diffie-Hellman
|
|
compute key failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2SaInitStats 11 }
|
|
|
|
-- Responder IKE_SA_INIT exchange stats
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitStats OBJECT IDENTIFIER
|
|
::= { jnxIkeGlobalStats 2 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT request message received by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 1 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 2 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT NO_PROPSAL_CHOSEN notification
|
|
sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 3 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitInvalidKePayloadOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT INVALID_KE_PAYLOAD notification
|
|
sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 4 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitResInvalidDhGroupConf OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message invalid DH group
|
|
configured at Responder."
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 5 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitResDhGenKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message Diffie-Hellman
|
|
generate key failed at Responder"
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 6 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitResGetCAsFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message get CAs failed at
|
|
Responder."
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 7 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitResGetVidFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message get vendor ID
|
|
request failed at Responder."
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 8 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message Diffie-Hellman
|
|
compute key failed at Responder"
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 9 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitCookieRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT COOKIE notification request message
|
|
sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 10 }
|
|
|
|
jnxIkeGlobalResponderIkev2SaInitCookieResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT COOKIE notification response
|
|
message received by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2SaInitStats 11 }
|
|
|
|
|
|
-- Initiator IKE_AUTH exchange stats
|
|
|
|
jnxIkeGlobalInitiatorIkev2AuthStats OBJECT IDENTIFIER
|
|
::= { jnxIkeGlobalStats 3 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2AuthRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH request message sent by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2AuthStats 1 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2AuthResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH response message received by
|
|
Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2AuthStats 2 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2AuthNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH NO_PROPSAL_CHOSEN notification
|
|
received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2AuthStats 3 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2AuthTsUnacceptableIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH TS_UNACCEPTABLE notification
|
|
received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2AuthStats 4 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2AuthAuthenticationFailedIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH AUTHENTICATION_FAILED
|
|
notification received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2AuthStats 5 }
|
|
|
|
|
|
-- Responder IKE_AUTH exchange stats
|
|
|
|
jnxIkeGlobalResponderIkev2AuthStats OBJECT IDENTIFIER
|
|
::= { jnxIkeGlobalStats 4 }
|
|
|
|
jnxIkeGlobalResponderIkev2AuthRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH request message received by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2AuthStats 1 }
|
|
|
|
jnxIkeGlobalResponderIkev2AuthResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH response message sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2AuthStats 2 }
|
|
|
|
jnxIkeGlobalResponderIkev2AuthNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH NO_PROPSAL_CHOSEN notification
|
|
sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2AuthStats 3 }
|
|
|
|
jnxIkeGlobalResponderIkev2AuthTsUnacceptableOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH TS_UNACCEPTABLE notification
|
|
sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2AuthStats 4 }
|
|
|
|
jnxIkeGlobalResponderIkev2AuthAuthenticationFailedOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH request message AUTHENTICATION_FAILED
|
|
notification sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2AuthStats 5 }
|
|
|
|
|
|
--- Initiator IKE SA rekey CREATE_CHILD_SA exchange stats
|
|
|
|
jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats OBJECT IDENTIFIER
|
|
::= { jnxIkeGlobalStats 5 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IkeSaRekeyRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey CREATE_CHILD_SA request message
|
|
sent by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 1 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IkeSaRekeyResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey CREATE_CHILD_SA response message
|
|
received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 2 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IkeSaRekeyNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey NO_PROPSAL_CHOSEN notification
|
|
received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 3 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IkeSaRekeyInvalidKeIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey INVALID_KE_PAYLOAD notification
|
|
received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 4 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
Diffie-Hellman compute key failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 5 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IkeSaRekeyResVerifySaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
verification of peer SA failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 6 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IkeSaRekeyResFillIkeSaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
fill IKE SA failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 7 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IkeSaRekeyResVerifyDhGroupFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
verification of DH group failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 8 }
|
|
|
|
|
|
--- Responder IKE SA rekey CREATE_CHILD_SA exchange stats
|
|
|
|
jnxIkeGlobalResponderIkev2IkeSaRekeyStats OBJECT IDENTIFIER
|
|
::= { jnxIkeGlobalStats 6 }
|
|
|
|
jnxIkeGlobalResponderIkev2IkeSaRekeyRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey request message
|
|
received by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IkeSaRekeyStats 1 }
|
|
|
|
jnxIkeGlobalResponderIkev2IkeSaRekeyResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IkeSaRekeyStats 2 }
|
|
|
|
jnxIkeGlobalResponderIkev2IkeSaRekeyNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey NO_PROPSAL_CHOSEN
|
|
notification sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IkeSaRekeyStats 3 }
|
|
|
|
jnxIkeGlobalResponderIkev2IkeSaRekeyInvalidKeOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey INVALID_KE_PAYLOAD
|
|
notification sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IkeSaRekeyStats 4 }
|
|
|
|
jnxIkeGlobalResponderIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
Diffie-Hellman compute key failed at Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IkeSaRekeyStats 5 }
|
|
|
|
|
|
--- Initiator IPSec SA rekey CREATE_CHILD_SA exchange stats
|
|
|
|
jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats OBJECT IDENTIFIER
|
|
::= { jnxIkeGlobalStats 7 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IpsecSaRekeyRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey request
|
|
message sent by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 1 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IpsecSaRekeyResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response
|
|
message received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 2 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IpsecSaRekeyNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey NO_PROPSAL_CHOSEN
|
|
notification received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 3 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IpsecSaRekeyInvalidKeIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey INVALID_KE_PAYLOAD
|
|
notification received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 4 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IpsecSaRekeyTsUnacceptableIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey TS_UNACCEPTABLE
|
|
notification received by Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 5 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IpsecSaRekeyResVerifySaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response message
|
|
verification of peer SA failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 6 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IpsecSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response message
|
|
Diffie-Hellman compute key failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 7 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IpsecSaRekeyResVerifyDhGroupFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response message
|
|
verification of DH group failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 8 }
|
|
|
|
jnxIkeGlobalInitiatorIkev2IpsecSaRekeyResVerifyTsFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response message
|
|
verification of TS failed at Initiator."
|
|
::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 9 }
|
|
|
|
|
|
--- Responder IPSec SA rekey CREATE_CHILD_SA exchange stats
|
|
|
|
jnxIkeGlobalResponderIkev2IpsecSaRekeyStats OBJECT IDENTIFIER
|
|
::= { jnxIkeGlobalStats 8 }
|
|
|
|
jnxIkeGlobalResponderIkev2IpsecSaRekeyRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey request
|
|
message received by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 1 }
|
|
|
|
jnxIkeGlobalResponderIkev2IpsecSaRekeyResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response
|
|
message sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 2 }
|
|
|
|
jnxIkeGlobalResponderIkev2IpsecSaRekeyNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey NO_PROPSAL_CHOSEN
|
|
notification sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 3 }
|
|
|
|
jnxIkeGlobalResponderIkev2IpsecSaRekeyInvalidKeOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey INVALID_KE_PAYLOAD
|
|
notification sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 4 }
|
|
|
|
jnxIkeGlobalResponderIkev2IpsecSaRekeyTsUnacceptableOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey TS_UNACCEPTABLE
|
|
notification sent by Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 5 }
|
|
|
|
jnxIkeGlobalResponderIkev2IpsecSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response message
|
|
Diffie-Hellman compute key failed at Responder."
|
|
::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 6 }
|
|
|
|
|
|
--- Message failure stats
|
|
|
|
jnxIkeGlobalIkev2MsgFailStats OBJECT IDENTIFIER
|
|
::= { jnxIkeGlobalStats 9 }
|
|
|
|
jnxIkeGlobalIkev2TotalDiscarded OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of discarded messages. Includes the failures
|
|
encountered during decode of IKEv2 packets that is failures
|
|
before the IKEv2 exchange payload processing. Also this
|
|
counter encompasses all the other message failure counters."
|
|
::= { jnxIkeGlobalIkev2MsgFailStats 1 }
|
|
|
|
jnxIkeGlobalIkev2TotalIdError OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages with ID error. Message ID is not
|
|
compliant with what is expected. For ex. IKE_SA_INIT message
|
|
with message ID larger than zero is encountered."
|
|
::= { jnxIkeGlobalIkev2MsgFailStats 2 }
|
|
|
|
jnxIkeGlobalIkev2TotalIntegrityFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages with Integrity check failure."
|
|
::= { jnxIkeGlobalIkev2MsgFailStats 3 }
|
|
|
|
jnxIkeGlobalIkev2TotalInvalidSPI OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages with Invalid SPI failure. Used one
|
|
of the SPIs to find the SA, but the other SPI is not matching.
|
|
Invalid IKE SPIs in IKE_SA_INIT response message at Initiator."
|
|
::= { jnxIkeGlobalIkev2MsgFailStats 4 }
|
|
|
|
jnxIkeGlobalIkev2TotalInvalidExchgType OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages with unknown / unexpected exchange type
|
|
encountered during message exchange."
|
|
::= { jnxIkeGlobalIkev2MsgFailStats 5 }
|
|
|
|
jnxIkeGlobalIkev2TotalInvalidLength OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages with Invalid length failure. During
|
|
decode a malformed message where length is inconsistent with
|
|
that indicated in header is encountered."
|
|
::= { jnxIkeGlobalIkev2MsgFailStats 6 }
|
|
|
|
jnxIkeGlobalIkev2TotalDisorder OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages failure due to disorder. Packet message
|
|
ID is out of window. For a response packet the corresponding
|
|
request with given message ID is not found."
|
|
::= { jnxIkeGlobalIkev2MsgFailStats 7 }
|
|
|
|
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The Internet Key Exchange Peer Table
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIkePeerAddrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF JnxIkePeerAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IKE Key Exchange Peer Address Table. There is one entry in this table
|
|
for each IKE peer with which the managed entity is currently associated."
|
|
::= { jnxIpSecFlowMonPhaseOne 4 }
|
|
|
|
jnxIkePeerAddrEntry OBJECT-TYPE
|
|
SYNTAX JnxIkePeerAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains the attributes associated with
|
|
an IKE Peer."
|
|
INDEX { jnxIkePeerAddrState,
|
|
jnxIkePeerAddrRemoteGwAddrType,
|
|
jnxIkePeerAddrRemoteGwAddr,
|
|
jnxIkePeerAddrRemotePort,
|
|
jnxIkePeerAddrLocalGwAddrType,
|
|
jnxIkePeerAddrLocalGwAddr,
|
|
jnxIkePeerAddrLocalPort,
|
|
jnxIkePeerAddrRoutingInstance }
|
|
::= { jnxIkePeerAddrTable 1 }
|
|
|
|
JnxIkePeerAddrEntry::= SEQUENCE {
|
|
jnxIkePeerAddrState JnxPeerStateType,
|
|
jnxIkePeerAddrRemoteGwAddrType InetAddressType,
|
|
jnxIkePeerAddrRemoteGwAddr InetAddress,
|
|
jnxIkePeerAddrRemotePort InetPortNumber,
|
|
jnxIkePeerAddrLocalGwAddrType InetAddressType,
|
|
jnxIkePeerAddrLocalGwAddr InetAddress,
|
|
jnxIkePeerAddrLocalPort InetPortNumber,
|
|
jnxIkePeerAddrRoutingInstance DisplayString,
|
|
jnxIkePeerAddrIndex Integer32
|
|
}
|
|
|
|
jnxIkePeerAddrState OBJECT-TYPE
|
|
SYNTAX JnxPeerStateType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The state of the peer, it can be:
|
|
1. active - The IKE peer is currently associated by an active IKE SA.
|
|
There is at least one active IKE SA or Tunnel
|
|
termination on the managed entity from the peer.
|
|
2. down - The IKE peer was associated with a previously
|
|
active IKE SA."
|
|
::= { jnxIkePeerAddrEntry 1 }
|
|
|
|
jnxIkePeerAddrRemoteGwAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the remote gateway (endpoint) for the IPSec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkePeerAddrEntry 2 }
|
|
|
|
jnxIkePeerAddrRemoteGwAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the remote gateway (endpoint) for the IPSec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkePeerAddrEntry 3 }
|
|
|
|
jnxIkePeerAddrRemotePort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number of the remote gateway (endpoint) for the IKE
|
|
SA negotiation. The port number zero means the input value is
|
|
ignored for this object and the default port is considered."
|
|
::= { jnxIkePeerAddrEntry 4 }
|
|
|
|
jnxIkePeerAddrLocalGwAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the local endpoint (gateway) for the IPSec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkePeerAddrEntry 5 }
|
|
|
|
jnxIkePeerAddrLocalGwAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the local endpoint (gateway) for the IPSec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkePeerAddrEntry 6 }
|
|
|
|
jnxIkePeerAddrLocalPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number of the local gateway (endpoint) for the IKE SA
|
|
negotiation. The port number zero means the input value is
|
|
ignored for this object and the default port is considered."
|
|
::= { jnxIkePeerAddrEntry 7 }
|
|
|
|
jnxIkePeerAddrRoutingInstance OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VR ID."
|
|
::= { jnxIkePeerAddrEntry 8 }
|
|
|
|
jnxIkePeerAddrIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the IPSec Phase-1 key exchange Peer Table.
|
|
The value of the index is a number which begins
|
|
at one and is incremented with each peer that is created
|
|
due to an association. The value of this object will wrap
|
|
at 2,147,483,647."
|
|
::= { jnxIkePeerAddrEntry 9 }
|
|
|
|
|
|
jnxIkePeerIdTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF JnxIkePeerIdEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IKE Key Exchange Peer ID Table. There is one entry in this table
|
|
for each IKE peer with which the managed entity is currently associated.
|
|
In the index truncated value for Remote ID value, Local ID value and AAA
|
|
username is used to restrict the length of the SNMP index to a legal
|
|
size. In the index, for jnxIkePeerIdRemoteId and jnxIkePeerIdLocalId, any
|
|
string longer than 41 bytes will be truncated and only 41 bytes would be
|
|
considered. Similarly in the index, for jnxIkePeerIdAAAUserName, any
|
|
string longer than 25 bytes will be truncated and only 25 bytes would be
|
|
considered. Because of the truncation, the index may become same for
|
|
different peers, to keep the index unique, jnxIkePeerInternalIndex is
|
|
used to uniquely identify each peer."
|
|
|
|
::= { jnxIpSecFlowMonPhaseOne 5 }
|
|
|
|
jnxIkePeerIdEntry OBJECT-TYPE
|
|
SYNTAX JnxIkePeerIdEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains the attributes associated with
|
|
an IKE Peer."
|
|
INDEX { jnxIkePeerIdState,
|
|
jnxIkePeerIdRemoteIdType,
|
|
jnxIkePeerIdRemoteIdValue,
|
|
jnxIkePeerIdLocalIdType,
|
|
jnxIkePeerIdLocalIdValue,
|
|
jnxIkePeerIdAAAUserName,
|
|
jnxIkePeerInternalIndex }
|
|
::= { jnxIkePeerIdTable 1 }
|
|
|
|
JnxIkePeerIdEntry::= SEQUENCE {
|
|
jnxIkePeerIdState JnxPeerStateType,
|
|
jnxIkePeerIdRemoteIdType JnxIkePeerType,
|
|
jnxIkePeerIdRemoteIdValue DisplayString,
|
|
jnxIkePeerIdLocalIdType JnxIkePeerType,
|
|
jnxIkePeerIdLocalIdValue DisplayString,
|
|
jnxIkePeerIdAAAUserName DisplayString,
|
|
jnxIkePeerIdIndex Integer32,
|
|
jnxIkePeerInternalIndex Integer32
|
|
}
|
|
|
|
jnxIkePeerIdState OBJECT-TYPE
|
|
SYNTAX JnxPeerStateType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The state of the peer, it can be:
|
|
1. active - The IKE peer is currently associated by an active IKE SA.
|
|
There is at least one active IKE SA or Tunnel
|
|
termination on the managed entity from the peer.
|
|
2. down - The IKE peer was associated with a previously
|
|
active IKE SA."
|
|
::= { jnxIkePeerIdEntry 1 }
|
|
|
|
jnxIkePeerIdRemoteIdType OBJECT-TYPE
|
|
SYNTAX JnxIkePeerType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of remote peer identity.
|
|
The remote peer may be identified by:
|
|
1. an IP address, or
|
|
2. or a fully qualified domain name string.
|
|
3. or a distinguished name string."
|
|
::= { jnxIkePeerIdEntry 2 }
|
|
|
|
jnxIkePeerIdRemoteIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the remote peer identity.
|
|
|
|
If the remote peer type is an IP Address, then this
|
|
is the IP Address used to identify the remote peer.
|
|
|
|
If the remote peer type is id_fqdn, then this is
|
|
the FQDN of the remote peer.
|
|
|
|
If the remote peer type is a id_dn, then this is
|
|
the distinguished named string of the remote peer."
|
|
::= { jnxIkePeerIdEntry 3 }
|
|
|
|
jnxIkePeerIdLocalIdType OBJECT-TYPE
|
|
SYNTAX JnxIkePeerType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of local peer identity. The local
|
|
peer may be identified by:
|
|
1. an IP address, or
|
|
2. or a fully qualified domain name string.
|
|
3. or a distinguished name string."
|
|
::= { jnxIkePeerIdEntry 4 }
|
|
|
|
jnxIkePeerIdLocalIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the local peer identity.
|
|
|
|
If the local peer type is an IP Address, then this
|
|
is the IP Address used to identify the local peer.
|
|
|
|
If the local peer type is id_fqdn, then this is
|
|
the FQDN of the remote peer.
|
|
|
|
If the local peer type is a id_dn, then this is
|
|
the distinguished name string of the local peer."
|
|
::= { jnxIkePeerIdEntry 5 }
|
|
|
|
jnxIkePeerIdAAAUserName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifies the user with the specified authentication,
|
|
authorization and accounting (AAA) username, associated
|
|
with the IKE SA negotiation."
|
|
::= { jnxIkePeerIdEntry 6 }
|
|
|
|
jnxIkePeerInternalIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The internal index of the Peer Id table.
|
|
This index is used to uniquely identify multiple
|
|
entry for the same truncated ids."
|
|
::= { jnxIkePeerIdEntry 7 }
|
|
|
|
jnxIkePeerIdIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the IPSec Phase-1 key exchange Peer Table.
|
|
The value of the index is a number which begins
|
|
at one and is incremented with each peer that is created
|
|
due to an association. The value of this object will wrap
|
|
at 2,147,483,647."
|
|
::= { jnxIkePeerIdEntry 8 }
|
|
|
|
|
|
jnxIkePeerStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF JnxIkePeerStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IKE Key Exchange Peer Stats Table. There is one entry in this table
|
|
for each IKE peer with which the managed entity is currently associated."
|
|
::= { jnxIpSecFlowMonPhaseOne 6 }
|
|
|
|
jnxIkePeerStatsEntry OBJECT-TYPE
|
|
SYNTAX JnxIkePeerStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains the attributes associated with an IKE Peer."
|
|
INDEX { jnxIkePeerStatsState,
|
|
jnxIkePeerStatsIndex }
|
|
::= { jnxIkePeerStatsTable 1 }
|
|
|
|
JnxIkePeerStatsEntry::= SEQUENCE {
|
|
jnxIkePeerStatsState JnxPeerStateType,
|
|
jnxIkePeerStatsIndex Integer32,
|
|
jnxIkePeerStatsRemoteGwAddrType InetAddressType,
|
|
jnxIkePeerStatsRemoteGwAddr InetAddress,
|
|
jnxIkePeerStatsRemotePort InetPortNumber,
|
|
jnxIkePeerStatsLocalGwAddrType InetAddressType,
|
|
jnxIkePeerStatsLocalGwAddr InetAddress,
|
|
jnxIkePeerStatsLocalPort InetPortNumber,
|
|
jnxIkePeerStatsRoutingInstance DisplayString,
|
|
jnxIkePeerStatsRemoteIdType JnxIkePeerType,
|
|
jnxIkePeerStatsRemoteIdValue DisplayString,
|
|
jnxIkePeerStatsLocalIdType JnxIkePeerType,
|
|
jnxIkePeerStatsLocalIdValue DisplayString,
|
|
jnxIkePeerStatsAAAUserName DisplayString,
|
|
jnxIkePeerStatsGwName DisplayString,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitRequestOut Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResponseIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResInvalidIkeSpi Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitInvalidKePayloadIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitNoProposalChosenIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResVerifySaFail Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResIkeSaFillFail Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResVerifyDhGroupFail Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitCookieRequestIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitCookieResponseOut Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResDhComputeKeyFail Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitRequestIn Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResponseOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitNoProposalChosenOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitInvalidKePayloadOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResInvalidDhGroupConf Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResDhGenKeyFail Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResGetCAsFail Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResGetVidFail Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResDhComputeKeyFail Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitCookieRequestOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitCookieResponseIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2AuthRequestOut Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2AuthResponseIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2AuthNoProposalChosenIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2AuthTsUnacceptableIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2AuthAuthenticationFailedIn Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2AuthRequestIn Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2AuthResponseOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2AuthAuthenticationFailedOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2AuthNoProposalChosenOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2AuthTsUnacceptableOut Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyRequestOut Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResponseIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyNoProposalChosenIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyInvalidKeIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResVerifySaFail Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResFillIkeSaFail Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResVerifyDhGroupFail Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResDhComputeKeyFail Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyRequestIn Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyResponseOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyNoProposalChosenOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyInvalidKeOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyResDhComputeKeyFail Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyRequestOut Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResponseIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyNoProposalChosenIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyInvalidKeIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyTsUnacceptableIn Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifySaFail Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifyDhGrpFail Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifyTsFail Counter64,
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResDhCompKeyFail Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyRequestIn Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyResponseOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyNoPropChosenOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyInvalidKeOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyTsUnacceptableOut Counter64,
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyResDhCompKeyFail Counter64,
|
|
jnxIkePeerStatsTunType JnxIkeTunType
|
|
}
|
|
|
|
jnxIkePeerStatsState OBJECT-TYPE
|
|
SYNTAX JnxPeerStateType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The state of the peer, it can be:
|
|
1. active - The IKE peer is currently associated by an active IKE SA.
|
|
There is at least one active IKE SA or Tunnel
|
|
termination on the managed entity from the peer.
|
|
2. down - The IKE peer was associated with a previously
|
|
active IKE SA."
|
|
::= { jnxIkePeerStatsEntry 1 }
|
|
|
|
jnxIkePeerStatsIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the IPSec Phase-1 key exchange Peer Table.
|
|
The value of the index is a number which begins
|
|
at one and is incremented with each peer that is created
|
|
due to an association. The value of this object will wrap
|
|
at 2,147,483,647."
|
|
::= { jnxIkePeerStatsEntry 2 }
|
|
|
|
jnxIkePeerStatsRemoteGwAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the remote gateway (endpoint) for the IPSec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkePeerStatsEntry 3 }
|
|
|
|
jnxIkePeerStatsRemoteGwAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the remote gateway (endpoint) for the IPSec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkePeerStatsEntry 4 }
|
|
|
|
jnxIkePeerStatsRemotePort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value specifying a port associated with the remote gateway
|
|
(endpoint) for the IKE Tunnel. A value of zero means that the port should
|
|
be ignored."
|
|
::= { jnxIkePeerStatsEntry 5 }
|
|
|
|
jnxIkePeerStatsLocalGwAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the local endpoint (gateway) for the IPSec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkePeerStatsEntry 6 }
|
|
|
|
jnxIkePeerStatsLocalGwAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the local endpoint (gateway) for the IPSec
|
|
Phase-1 IKE Tunnel."
|
|
::= { jnxIkePeerStatsEntry 7 }
|
|
|
|
jnxIkePeerStatsLocalPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value specifying a port associated with the local endpoint
|
|
(gateway) for the IKE Tunnel. A value of zero means that the port should
|
|
be ignored."
|
|
::= { jnxIkePeerStatsEntry 8 }
|
|
|
|
jnxIkePeerStatsRoutingInstance OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VR ID."
|
|
::= { jnxIkePeerStatsEntry 9 }
|
|
|
|
jnxIkePeerStatsRemoteIdType OBJECT-TYPE
|
|
SYNTAX JnxIkePeerType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of remote peer identity.
|
|
The remote peer may be identified by:
|
|
1. an IP address, or
|
|
2. or a fully qualified domain name string.
|
|
3. or a distinguished name string."
|
|
::= { jnxIkePeerStatsEntry 10 }
|
|
|
|
jnxIkePeerStatsRemoteIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the remote peer identity.
|
|
If the remote peer type is an IP Address, then this
|
|
is the IP Address used to identify the remote peer.
|
|
If the remote peer type is id_fqdn, then this is
|
|
the FQDN of the remote peer.
|
|
If the remote peer type is a id_dn, then this is
|
|
the distinguished named string of the remote peer."
|
|
::= { jnxIkePeerStatsEntry 11 }
|
|
|
|
jnxIkePeerStatsLocalIdType OBJECT-TYPE
|
|
SYNTAX JnxIkePeerType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of local peer identity. The local
|
|
peer may be identified by:
|
|
1. an IP address, or
|
|
2. or a fully qualified domain name string.
|
|
3. or a distinguished name string."
|
|
::= { jnxIkePeerStatsEntry 12 }
|
|
|
|
jnxIkePeerStatsLocalIdValue OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the local peer identity.
|
|
If the local peer type is an IP Address, then this
|
|
is the IP Address used to identify the local peer.
|
|
If the local peer type is id_fqdn, then this is
|
|
the FQDN of the remote peer.
|
|
If the local peer type is a id_dn, then this is
|
|
the distinguished name string of the local peer."
|
|
::= { jnxIkePeerStatsEntry 13 }
|
|
|
|
jnxIkePeerStatsAAAUserName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The extended authentication User Name, identifies the
|
|
user associated with the IKE SA negotiation."
|
|
::= { jnxIkePeerStatsEntry 14 }
|
|
|
|
jnxIkePeerStatsGwName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The gateway name"
|
|
::= { jnxIkePeerStatsEntry 15 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT request message sent by
|
|
Initiator."
|
|
::= { jnxIkePeerStatsEntry 16 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message received by
|
|
Initiator."
|
|
::= { jnxIkePeerStatsEntry 17 }
|
|
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResInvalidIkeSpi OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message containing invalid
|
|
SPI received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 18 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitInvalidKePayloadIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of IKE_SA_INIT INVALID_KE_PAYLOAD received by
|
|
Initiator."
|
|
::= { jnxIkePeerStatsEntry 19 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT NO_PROPSAL_CHOSEN received
|
|
by Initiator."
|
|
::= { jnxIkePeerStatsEntry 20 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResVerifySaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message verification
|
|
of peer SA failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 21 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResIkeSaFillFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message IKE_SA fill operation
|
|
failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 22 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResVerifyDhGroupFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message verification of
|
|
DH group failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 23 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitCookieRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of IKE_SA_INIT COOKIE notification request
|
|
message received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 24 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitCookieResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of IKE_SA_INIT COOKIE notification
|
|
response message sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 25 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
Diffie-Hellman compute key failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 26 }
|
|
|
|
-- Responder IKE_SA_INIT exchange stats
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT request message received by
|
|
Responder."
|
|
::= { jnxIkePeerStatsEntry 27 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message sent by
|
|
Responder."
|
|
::= { jnxIkePeerStatsEntry 28 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT NO_PROPSAL_CHOSEN notification
|
|
sent by Responder"
|
|
::= { jnxIkePeerStatsEntry 29 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitInvalidKePayloadOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT INVALID_KE_PAYLOAD notification sent by
|
|
Responder."
|
|
::= { jnxIkePeerStatsEntry 30 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResInvalidDhGroupConf OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message invalid DH group
|
|
configured at Responder."
|
|
::= { jnxIkePeerStatsEntry 31 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResDhGenKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message Diffie-Hellman
|
|
generate key failed at Responder"
|
|
::= { jnxIkePeerStatsEntry 32 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResGetCAsFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message get CAs failed at
|
|
Responder."
|
|
::= { jnxIkePeerStatsEntry 33 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResGetVidFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message get vendor ID request
|
|
failed at Responder."
|
|
::= { jnxIkePeerStatsEntry 34 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT response message Diffie-Hellman
|
|
compute key failed at Responder"
|
|
::= { jnxIkePeerStatsEntry 35 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitCookieRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT COOKIE notification request
|
|
sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 36 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2SaInitCookieResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA_INIT COOKIE notification response
|
|
message received by Responder."
|
|
::= { jnxIkePeerStatsEntry 37 }
|
|
|
|
-- Initiator IKE_AUTH exchange stats
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2AuthRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of IKE_AUTH request message sent by Initiator."
|
|
::= { jnxIkePeerStatsEntry 38 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2AuthResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of IKE_AUTH response message received by
|
|
Initiator."
|
|
::= { jnxIkePeerStatsEntry 39 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2AuthNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_AUTH NO_PROPSAL_CHOSEN notification
|
|
received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 40 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2AuthTsUnacceptableIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_AUTH TS_UNACCEPTABLE notification
|
|
received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 41 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2AuthAuthenticationFailedIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_AUTH AUTHENTICATION_FAILED
|
|
notification received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 42 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2AuthRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_AUTH request message received by
|
|
Responder."
|
|
::= { jnxIkePeerStatsEntry 43 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2AuthResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_AUTH response message sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 44 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2AuthAuthenticationFailedOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_AUTH request message AUTHENTICATION_FAILED
|
|
notification sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 45 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2AuthNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_AUTH NO_PROPSAL_CHOSEN notification
|
|
sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 46 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2AuthTsUnacceptableOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_AUTH TS_UNACCEPTABLE notification
|
|
sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 47 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA rekey CREATE_CHILD_SA request message
|
|
sent by Initiator."
|
|
::= { jnxIkePeerStatsEntry 48 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA rekey CREATE_CHILD_SA response message
|
|
received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 49 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of CREATE_CHILD_SA IKE SA rekey NO_PROPSAL_CHOSEN
|
|
notification received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 50 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyInvalidKeIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of CREATE_CHILD_SA IKE SA rekey INVALID_KE_PAYLOAD
|
|
received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 51 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResVerifySaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of CREATE_CHILD_SA IKE SA rekey response message
|
|
verification of peer SA failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 52 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResFillIkeSaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA rekey CREATE_CHILD_SA response message
|
|
fill IKE_SA failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 53 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResVerifyDhGroupFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of CREATE_CHILD_SA IKE SA rekey response message
|
|
verification of DH group failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 54 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of CREATE_CHILD_SA IKE SA rekey response message
|
|
Diffie-Hellman compute key failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 55 }
|
|
|
|
--- Responder Rekeying IKE SA CREATE_CHILD_SA Exchange
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA rekey CREATE_CHILD_SA request message
|
|
received by Responder."
|
|
::= { jnxIkePeerStatsEntry 56 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA rekey CREATE_CHILD_SA response message
|
|
sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 57 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of CREATE_CHILD_SA IKE rekey NO_PROPSAL_CHOSEN
|
|
notification sent by Responder"
|
|
::= { jnxIkePeerStatsEntry 58 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyInvalidKeOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IKE_SA rekey CREATE_CHILD_SA
|
|
INVALID_KE_PAYLOAD sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 59 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of CREATE_CHILD_SA IKE rekey response message
|
|
Diffie-Hellman compute key failed at Responder."
|
|
::= { jnxIkePeerStatsEntry 60 }
|
|
|
|
--- Initiator Rekeying IPSec SA CREATE_CHILD_SA Exchange
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA request
|
|
message sent by Initiator."
|
|
::= { jnxIkePeerStatsEntry 61 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response
|
|
message received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 62 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA NO_PROPSAL_CHOSEN
|
|
notification received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 63 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyInvalidKeIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA INVALID_KE_PAYLOAD
|
|
received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 64 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyTsUnacceptableIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA TS_UNACCEPTABLE
|
|
notification received by Initiator."
|
|
::= { jnxIkePeerStatsEntry 65 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifySaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response message
|
|
verification of peer SA failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 66 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifyDhGrpFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response message
|
|
verification of DH group failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 67 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifyTsFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response message
|
|
verification of TS failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 68 }
|
|
|
|
jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResDhCompKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response message
|
|
Diffie-Hellman compute key failed at Initiator."
|
|
::= { jnxIkePeerStatsEntry 69 }
|
|
|
|
--- Responder Rekeying IPSec SAs CREATE_CHILD_SA Exchange
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of IPSec SA rekey CREATE_CHILD_SA request
|
|
message received by Responder."
|
|
::= { jnxIkePeerStatsEntry 70 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of IPSec SA rekey CREATE_CHILD_SA response
|
|
message sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 71 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyNoPropChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA NO_PROPSAL_CHOSEN
|
|
Notification sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 72 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyInvalidKeOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA INVALID_KE_PAYLOAD
|
|
Notification sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 73 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyTsUnacceptableOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA TS_UNACCEPTABLE
|
|
notification sent by Responder."
|
|
::= { jnxIkePeerStatsEntry 74 }
|
|
|
|
jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyResDhCompKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of IPSec SA rekey CREATE_CHILD_SA response message
|
|
Diffie-Hellman compute key failed at Responder."
|
|
::= { jnxIkePeerStatsEntry 75 }
|
|
|
|
jnxIkePeerStatsTunType OBJECT-TYPE
|
|
SYNTAX JnxIkeTunType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Tunnel type. It can be regular (1) or ha-link (2)."
|
|
::= { jnxIkePeerStatsEntry 76 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The Peer association to active IKE SA - Correlation Table
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxPeerIkeSaCorrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF JnxPeerIkeSaCorrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Peer Association to active IKE SA - Correlation Table.
|
|
There is one entry in this table for each active IKE SA."
|
|
::= { jnxIpSecFlowMonPhaseOne 7 }
|
|
|
|
jnxPeerIkeSaCorrEntry OBJECT-TYPE
|
|
SYNTAX JnxPeerIkeSaCorrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains the attributes of an
|
|
Peer Association to active IKE SA Correlation."
|
|
INDEX { jnxPeerIkeSaCorrPeerIndex,
|
|
jnxPeerIkeSaCorrIntIndex }
|
|
::= { jnxPeerIkeSaCorrTable 1 }
|
|
|
|
JnxPeerIkeSaCorrEntry ::= SEQUENCE {
|
|
jnxPeerIkeSaCorrPeerIndex Integer32,
|
|
jnxPeerIkeSaCorrIntIndex Integer32,
|
|
jnxPeerIkeSaCorrIkeTunMonIndex Integer32
|
|
}
|
|
|
|
jnxPeerIkeSaCorrPeerIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the Peer (jnxPeerIndex in the
|
|
jnxIkePeerTable)."
|
|
::= { jnxPeerIkeSaCorrEntry 1 }
|
|
|
|
jnxPeerIkeSaCorrIntIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The internal index of the Peer and IKE SA association.
|
|
This internal index is used to uniquely identify multiple
|
|
Instances of a unique association between the peer
|
|
and IKE SA."
|
|
::= { jnxPeerIkeSaCorrEntry 2 }
|
|
|
|
jnxPeerIkeSaCorrIkeTunMonIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the active IKE SA (jnxIkeTunMonIndex in
|
|
the jnxIkeTunnelMonTable) for this Peer association."
|
|
::= { jnxPeerIkeSaCorrEntry 3 }
|
|
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The Peer association to IPSec Tunnel Correlation Table
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxPeerIPSecTunnelCorrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF JnxPeerIPSecTunnelCorrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Peer Association to IPSec Tunnel Correlation Table.
|
|
There is one entry in this table
|
|
for each active IPSec Tunnel."
|
|
::= { jnxIpSecFlowMonPhaseOne 8 }
|
|
|
|
jnxPeerIPSecTunnelCorrEntry OBJECT-TYPE
|
|
SYNTAX JnxPeerIPSecTunnelCorrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains the attributes of an
|
|
Peer Association to active IPSec Tunnel Correlation."
|
|
INDEX { jnxPeerIPSecTunnelCorrPeerIndex,
|
|
jnxPeerIPSecTunnelCorrIntIndex }
|
|
::= { jnxPeerIPSecTunnelCorrTable 1 }
|
|
|
|
JnxPeerIPSecTunnelCorrEntry ::= SEQUENCE {
|
|
jnxPeerIPSecTunnelCorrPeerIndex Integer32,
|
|
jnxPeerIPSecTunnelCorrIntIndex Integer32,
|
|
jnxPeerIPSecTunnelCorrIPSecTunMonIndex Integer32
|
|
}
|
|
|
|
jnxPeerIPSecTunnelCorrPeerIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the Peer (jnxPeerIndex in the
|
|
jnxIkePeerTable)."
|
|
::= { jnxPeerIPSecTunnelCorrEntry 1 }
|
|
|
|
jnxPeerIPSecTunnelCorrIntIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The internal index of the Peer and IPSec Tunnel association.
|
|
This index is used to uniquely identify multiple
|
|
association between the peer and IPSec Tunnel."
|
|
::= { jnxPeerIPSecTunnelCorrEntry 2 }
|
|
|
|
jnxPeerIPSecTunnelCorrIPSecTunMonIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the active IPSec Tunnel (jnxIpSecTunMonIndex in
|
|
the jnxIpSecTunnelMonTable) for this association between
|
|
Peer and IPSec Tunnel."
|
|
::= { jnxPeerIPSecTunnelCorrEntry 3 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The IKEv2 global HA Link Statistics
|
|
-- Provides global statistics for all HA Link IKE tunnels, active and previous.
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIkeHaLinkGlobalStats OBJECT IDENTIFIER
|
|
::= { jnxIpSecFlowMonPhaseOne 9 }
|
|
|
|
|
|
-- Initiator IKE_SA_INIT exchange stats
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats OBJECT IDENTIFIER
|
|
::= { jnxIkeHaLinkGlobalStats 1 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT request message sent by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 1 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 2 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitResInvalidIkeSpi OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message containing invalid
|
|
SPI received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 3 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitInvalidKePayloadIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT INVALID_KE_PAYLOAD received
|
|
by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 4 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT NO_PROPSAL_CHOSEN received
|
|
by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 5 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitResVerifySaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message verification
|
|
of peer SA failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 6 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitResIkeSaFillFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message IKE SA fill
|
|
operation failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 7 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitResVerifyDhGroupFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message verification of
|
|
DH group failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 8 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitCookieRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT COOKIE notification request
|
|
message received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 9 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2SaInitCookieResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT COOKIE notification
|
|
response message sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 10 }
|
|
|
|
|
|
-- Responder IKE_SA_INIT exchange stats
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitStats OBJECT IDENTIFIER
|
|
::= { jnxIkeHaLinkGlobalStats 2 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT request message received by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 1 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 2 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT NO_PROPSAL_CHOSEN notification
|
|
sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 3 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitInvalidKePayloadOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT INVALID_KE_PAYLOAD notification
|
|
sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 4 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitResInvalidDhGroupConf OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message invalid DH group
|
|
configured at Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 5 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitResDhGenKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message Diffie-Hellman
|
|
generate key failed at Responder"
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 6 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitResGetCAsFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message get CAs failed at
|
|
Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 7 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitResGetVidFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message get vendor ID
|
|
request failed at Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 8 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT response message Diffie-Hellman
|
|
compute key failed at Responder"
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 9 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitCookieRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT COOKIE notification request message
|
|
sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 10 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2SaInitCookieResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_SA_INIT COOKIE notification response
|
|
message received by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 11 }
|
|
|
|
|
|
-- Initiator IKE_AUTH exchange stats
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2AuthStats OBJECT IDENTIFIER
|
|
::= { jnxIkeHaLinkGlobalStats 3 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2AuthRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH request message sent by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2AuthStats 1 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2AuthResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH response message received by
|
|
Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2AuthStats 2 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2AuthNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH NO_PROPSAL_CHOSEN notification
|
|
received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2AuthStats 3 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2AuthTsUnacceptableIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH TS_UNACCEPTABLE notification
|
|
received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2AuthStats 4 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2AuthAuthenticationFailedIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH AUTHENTICATION_FAILED
|
|
notification received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2AuthStats 5 }
|
|
|
|
|
|
-- Responder IKE_AUTH exchange stats
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2AuthStats OBJECT IDENTIFIER
|
|
::= { jnxIkeHaLinkGlobalStats 4 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2AuthRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH request message received by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2AuthStats 1 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2AuthResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH response message sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2AuthStats 2 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2AuthNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH NO_PROPSAL_CHOSEN notification
|
|
sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2AuthStats 3 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2AuthTsUnacceptableOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH TS_UNACCEPTABLE notification
|
|
sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2AuthStats 4 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2AuthAuthenticationFailedOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE_AUTH request message AUTHENTICATION_FAILED
|
|
notification sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2AuthStats 5 }
|
|
|
|
|
|
--- Initiator IKE SA rekey CREATE_CHILD_SA exchange stats
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats OBJECT IDENTIFIER
|
|
::= { jnxIkeHaLinkGlobalStats 5 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey CREATE_CHILD_SA request message
|
|
sent by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 1 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey CREATE_CHILD_SA response message
|
|
received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 2 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey NO_PROPSAL_CHOSEN notification
|
|
received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 3 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyInvalidKeIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey INVALID_KE_PAYLOAD notification
|
|
received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 4 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
Diffie-Hellman compute key failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 5 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyResVerifySaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
verification of peer SA failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 6 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyResFillIkeSaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
fill IKE SA failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 7 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyResVerifyDhGroupFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
verification of DH group failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 8 }
|
|
|
|
|
|
--- Responder IKE SA rekey CREATE_CHILD_SA exchange stats
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats OBJECT IDENTIFIER
|
|
::= { jnxIkeHaLinkGlobalStats 6 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey request message
|
|
received by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats 1 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats 2 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey NO_PROPSAL_CHOSEN
|
|
notification sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats 3 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyInvalidKeOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey INVALID_KE_PAYLOAD
|
|
notification sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats 4 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IKE SA rekey response message
|
|
Diffie-Hellman compute key failed at Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats 5 }
|
|
|
|
|
|
--- Initiator IPSec SA rekey CREATE_CHILD_SA exchange stats
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats OBJECT IDENTIFIER
|
|
::= { jnxIkeHaLinkGlobalStats 7 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyRequestOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey request
|
|
message sent by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 1 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyResponseIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response
|
|
message received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 2 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyNoProposalChosenIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey NO_PROPSAL_CHOSEN
|
|
notification received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 3 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyInvalidKeIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey INVALID_KE_PAYLOAD
|
|
notification received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 4 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyTsUnacceptableIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey TS_UNACCEPTABLE
|
|
notification received by Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 5 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyResVerifySaFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response message
|
|
verification of peer SA failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 6 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response message
|
|
Diffie-Hellman compute key failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 7 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyResVerifyDhGroupFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response message
|
|
verification of DH group failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 8 }
|
|
|
|
jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyResVerifyTsFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response message
|
|
verification of TS failed at Initiator."
|
|
::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 9 }
|
|
|
|
|
|
--- Responder IPSec SA rekey CREATE_CHILD_SA exchange stats
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats OBJECT IDENTIFIER
|
|
::= { jnxIkeHaLinkGlobalStats 8 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyRequestIn OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey request
|
|
message received by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 1 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyResponseOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response
|
|
message sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 2 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyNoProposalChosenOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey NO_PROPSAL_CHOSEN
|
|
notification sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 3 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyInvalidKeOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey INVALID_KE_PAYLOAD
|
|
notification sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 4 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyTsUnacceptableOut OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey TS_UNACCEPTABLE
|
|
notification sent by Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 5 }
|
|
|
|
jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyResDhComputeKeyFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSec SA rekey response message
|
|
Diffie-Hellman compute key failed at Responder."
|
|
::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 6 }
|
|
|
|
|
|
--- Message failure stats
|
|
|
|
jnxIkeHaLinkGlobalIkev2MsgFailStats OBJECT IDENTIFIER
|
|
::= { jnxIkeHaLinkGlobalStats 9 }
|
|
|
|
jnxIkeHaLinkGlobalIkev2TotalDiscarded OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of discarded messages. Includes the failures
|
|
encountered during decode of IKEv2 packets that is failures
|
|
before the IKEv2 exchange payload processing. Also this
|
|
counter encompasses all the other message failure counters."
|
|
::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 1 }
|
|
|
|
jnxIkeHaLinkGlobalIkev2TotalIdError OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages with ID error. Message ID is not
|
|
compliant with what is expected. For ex. IKE_SA_INIT message
|
|
with message ID larger than zero is encountered."
|
|
::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 2 }
|
|
|
|
jnxIkeHaLinkGlobalIkev2TotalIntegrityFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages with Integrity check failure."
|
|
::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 3 }
|
|
|
|
jnxIkeHaLinkGlobalIkev2TotalInvalidSPI OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages with Invalid SPI failure. Used one
|
|
of the SPIs to find the SA, but the other SPI is not matching.
|
|
Invalid IKE SPIs in IKE_SA_INIT response message at Initiator."
|
|
::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 4 }
|
|
|
|
jnxIkeHaLinkGlobalIkev2TotalInvalidExchgType OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages with unknown / unexpected exchange type
|
|
encountered during message exchange."
|
|
::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 5 }
|
|
|
|
jnxIkeHaLinkGlobalIkev2TotalInvalidLength OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages with Invalid length failure. During
|
|
decode a malformed message where length is inconsistent with
|
|
that indicated in header is encountered."
|
|
::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 6 }
|
|
|
|
jnxIkeHaLinkGlobalIkev2TotalDisorder OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of messages failure due to disorder. Packet message
|
|
ID is out of window. For a response packet the corresponding
|
|
request with given message ID is not found."
|
|
::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 7 }
|
|
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The IPsec Phase-2 Tunnel Table
|
|
--
|
|
-- During this phase, IKE negotiates IPSEC SA parameters and setup
|
|
-- matching IPSEC SA in the peers.
|
|
--
|
|
-- Phase 2 VPN: tunnel peer connection, associated with a specific policy
|
|
-- or a tunnel interface. Phase 2 security association components include
|
|
-- encryption and authentication algorithms, proxy-IDs and optional DH
|
|
-- group values.
|
|
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIpSecNumOfTunnels OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of IPSEC VPN Tunnels.
|
|
This attribute should detail the number of IPSEC VPN tunnel
|
|
in jnxIpSecTunnelTable."
|
|
::= { jnxIpSecFlowMonPhaseTwo 1 }
|
|
|
|
|
|
jnxIpSecTunnelMonTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF JnxIpSecTunnelMonEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IPsec Phase-2 Tunnel Table.
|
|
There is one entry in this table for each active IPsec Phase-2
|
|
Tunnel. If the tunnel is terminated, then the entry is no longer
|
|
available after the table has been refreshed. "
|
|
::= { jnxIpSecFlowMonPhaseTwo 2 }
|
|
|
|
jnxIpSecTunnelMonEntry OBJECT-TYPE
|
|
SYNTAX JnxIpSecTunnelMonEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains the attributes
|
|
associated with an active IPsec Phase-2 Tunnel."
|
|
INDEX { jnxIpSecTunMonRemoteGwAddrType,
|
|
jnxIpSecTunMonRemoteGwAddr,
|
|
jnxIpSecTunMonIndex}
|
|
::= { jnxIpSecTunnelMonTable 1 }
|
|
|
|
JnxIpSecTunnelMonEntry ::= SEQUENCE {
|
|
jnxIpSecTunMonRemoteGwAddrType InetAddressType,
|
|
jnxIpSecTunMonRemoteGwAddr InetAddress,
|
|
jnxIpSecTunMonIndex Integer32,
|
|
jnxIpSecTunMonLocalGwAddrType InetAddressType,
|
|
jnxIpSecTunMonLocalGwAddr InetAddress,
|
|
jnxIpSecTunMonLocalProxyId DisplayString,
|
|
jnxIpSecTunMonRemoteProxyId DisplayString,
|
|
jnxIpSecTunMonKeyType JnxKeyType,
|
|
jnxIpSecTunMonRemotePeerType JnxRemotePeerType,
|
|
jnxIpSecTunMonOutEncryptedBytes Counter64,
|
|
jnxIpSecTunMonOutEncryptedPkts Counter64,
|
|
jnxIpSecTunMonInDecryptedBytes Counter64,
|
|
jnxIpSecTunMonInDecryptedPkts Counter64,
|
|
jnxIpSecTunMonAHInBytes Counter64,
|
|
jnxIpSecTunMonAHInPkts Counter64,
|
|
jnxIpSecTunMonAHOutBytes Counter64,
|
|
jnxIpSecTunMonAHOutPkts Counter64,
|
|
jnxIpSecTunMonReplayDropPkts Counter64,
|
|
jnxIpSecTunMonAhAuthFails Counter64,
|
|
jnxIpSecTunMonEspAuthFails Counter64,
|
|
jnxIpSecTunMonDecryptFails Counter64,
|
|
jnxIpSecTunMonBadHeaders Counter64,
|
|
jnxIpSecTunMonBadTrailers Counter64,
|
|
jnxIpSecTunMonDroppedPkts Counter64, -- obsolete
|
|
jnxIpSecTunMonVpnName DisplayString,
|
|
jnxIpSecTunMonTsName DisplayString,
|
|
jnxIpSecTunMonMultiSa INTEGER,
|
|
jnxIpSecTunMonInvalidSpi Counter64,
|
|
jnxIpSecTunMonTsCheckFail Counter64,
|
|
jnxIpSecTunMonDiscarded Counter64,
|
|
jnxIpSecTunMonTunType JnxIkeTunType
|
|
}
|
|
|
|
jnxIpSecTunMonRemoteGwAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the remote gateway (endpoint) for the IPsec
|
|
Phase-2 Tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 1 }
|
|
|
|
jnxIpSecTunMonRemoteGwAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the remote gateway (endpoint) for the IPsec
|
|
Phase-2 Tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 2 }
|
|
|
|
jnxIpSecTunMonIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the IPsec Phase-2 Tunnel Table.
|
|
The value of the index is a number which begins at one and
|
|
is incremented with each tunnel that is created. The value of
|
|
this object will wrap at 2,147,483,647."
|
|
::= { jnxIpSecTunnelMonEntry 3 }
|
|
|
|
jnxIpSecTunMonLocalGwAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the local gateway (endpoint) for the IPsec
|
|
Phase-2 Tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 4 }
|
|
|
|
jnxIpSecTunMonLocalGwAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the local gateway (endpoint) for the IPsec
|
|
Phase-2 Tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 5 }
|
|
|
|
jnxIpSecTunMonLocalProxyId OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifier for the local end."
|
|
::= { jnxIpSecTunnelMonEntry 6 }
|
|
|
|
jnxIpSecTunMonRemoteProxyId OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifier for the remote end."
|
|
::= { jnxIpSecTunnelMonEntry 7 }
|
|
|
|
jnxIpSecTunMonKeyType OBJECT-TYPE
|
|
SYNTAX JnxKeyType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of key used by the IPsec Phase-2 Tunnel. It can be
|
|
one of the following two types:
|
|
- IKE negotiated
|
|
- Manually installed"
|
|
::= { jnxIpSecTunnelMonEntry 8 }
|
|
|
|
jnxIpSecTunMonRemotePeerType OBJECT-TYPE
|
|
SYNTAX JnxRemotePeerType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of the remote peer gateway (endpoint). It can be one
|
|
of the following two types:
|
|
- static (Remote peer whose IP address is known beforehand)
|
|
- dynamic (Remote peer whose IP address is not known
|
|
beforehand)"
|
|
::= { jnxIpSecTunnelMonEntry 9 }
|
|
|
|
jnxIpSecTunMonOutEncryptedBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes encrypted by this Phase-2 tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 10 }
|
|
|
|
|
|
jnxIpSecTunMonOutEncryptedPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets encrypted by this Phase-2 tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 11 }
|
|
|
|
|
|
jnxIpSecTunMonInDecryptedBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes decrypted by this Phase-2 tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 12 }
|
|
|
|
|
|
jnxIpSecTunMonInDecryptedPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets decrypted by this Phase-2 tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 13 }
|
|
|
|
|
|
jnxIpSecTunMonAHInBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of incoming bytes authenticated using AH by this Phase-2
|
|
tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 14 }
|
|
|
|
|
|
jnxIpSecTunMonAHInPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of incoming packets authenticated using AH by this Phase-2
|
|
tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 15 }
|
|
|
|
|
|
jnxIpSecTunMonAHOutBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of outgoing bytes applied AH by this Phase-2 tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 16 }
|
|
|
|
|
|
jnxIpSecTunMonAHOutPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of outgoing packets applied AH by this Phase-2 tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 17 }
|
|
|
|
jnxIpSecTunMonReplayDropPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets dropped by this Phase-2 tunnel due to
|
|
anti replay check failure."
|
|
::= { jnxIpSecTunnelMonEntry 18 }
|
|
|
|
|
|
jnxIpSecTunMonAhAuthFails OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by this Phase-2 tunnel that
|
|
failed AH authentication."
|
|
::= { jnxIpSecTunnelMonEntry 19 }
|
|
|
|
|
|
jnxIpSecTunMonEspAuthFails OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by this Phase-2 tunnel that
|
|
failed ESP authentication."
|
|
::= { jnxIpSecTunnelMonEntry 20 }
|
|
|
|
|
|
jnxIpSecTunMonDecryptFails OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by this Phase-2 tunnel that
|
|
failed decryption."
|
|
::= { jnxIpSecTunnelMonEntry 21 }
|
|
|
|
|
|
jnxIpSecTunMonBadHeaders OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by this Phase-2 tunnel that
|
|
failed due to bad headers."
|
|
::= { jnxIpSecTunnelMonEntry 22 }
|
|
|
|
|
|
jnxIpSecTunMonBadTrailers OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by this Phase-2 tunnel that
|
|
failed due to bad ESP trailers."
|
|
::= { jnxIpSecTunnelMonEntry 23 }
|
|
|
|
|
|
jnxIpSecTunMonDroppedPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Total number of dropped packets for this Phase-2 tunnel.
|
|
This attribute is obsolete."
|
|
::= { jnxIpSecTunnelMonEntry 26 }
|
|
|
|
jnxIpSecTunMonVpnName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VPN tunnel name."
|
|
::= { jnxIpSecTunnelMonEntry 27 }
|
|
|
|
jnxIpSecTunMonTsName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Traffic selector name."
|
|
::= { jnxIpSecTunnelMonEntry 28 }
|
|
|
|
jnxIpSecTunMonMultiSa OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
disable(0),
|
|
enable(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Multi-SA Configuration Status."
|
|
::= { jnxIpSecTunnelMonEntry 29 }
|
|
|
|
jnxIpSecTunMonInvalidSpi OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of Invalid SPI for this IPSec tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 30 }
|
|
|
|
jnxIpSecTunMonTsCheckFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of TS check fail for this IPSec tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 31 }
|
|
|
|
jnxIpSecTunMonDiscarded OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of discarded packets for this IPSec tunnel."
|
|
::= { jnxIpSecTunnelMonEntry 32 }
|
|
|
|
jnxIpSecTunMonTunType OBJECT-TYPE
|
|
SYNTAX JnxIkeTunType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Tunnel type. It can be regular (1) or ha-link (2)."
|
|
::= { jnxIpSecTunnelMonEntry 33 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The IPsec Phase-2 Security Association (SA) Table
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIpSecSaMonTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF JnxIpSecSaMonEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IPsec Phase-2 Security Association Table.
|
|
This table identifies the structure (in terms of
|
|
component SAs) of each active Phase-2 IPsec tunnel.
|
|
This table contains an entry for each active and
|
|
expiring security association and maps each entry
|
|
in the active Phase-2 tunnel table (ipSecTunTable)
|
|
into a number of entries in this table.
|
|
|
|
SA contains the information negotiated by IKE. The SA
|
|
is like a contract laying out the rules of the VPN
|
|
connection for the duration of the SA. An SA is assigned
|
|
a 32-bit number that, when used in conjunction with the
|
|
destination IP address, uniquely identifies the SA. This
|
|
number is called the Security Parameters Index or SPI.
|
|
|
|
IPSec SAs area unidirectional and they are unique in
|
|
each security protocol. A set of SAs are needed for a
|
|
protected data pipe, one per direction per protocol.
|
|
"
|
|
::= { jnxIpSecFlowMonPhaseTwo 3 }
|
|
|
|
jnxIpSecSaMonEntry OBJECT-TYPE
|
|
SYNTAX JnxIpSecSaMonEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains the attributes associated with
|
|
active and expiring IPsec Phase-2
|
|
security associations."
|
|
INDEX { jnxIpSecTunMonRemoteGwAddrType, -- From jnxIpSecTunnelTable
|
|
jnxIpSecTunMonRemoteGwAddr, -- From jnxIpSecTunnelTable
|
|
jnxIpSecTunMonIndex, -- From jnxIpSecTunnelTable
|
|
jnxIpSecSaMonIndex }
|
|
::= { jnxIpSecSaMonTable 1 }
|
|
|
|
JnxIpSecSaMonEntry ::= SEQUENCE {
|
|
jnxIpSecSaMonIndex Integer32,
|
|
jnxIpSecSaMonProtocol INTEGER,
|
|
jnxIpSecSaMonInSpi JnxSpiType,
|
|
jnxIpSecSaMonOutSpi JnxSpiType,
|
|
jnxIpSecSaMonType JnxSAType,
|
|
jnxIpSecSaMonEncapMode JnxEncapMode,
|
|
jnxIpSecSaMonLifeSize Integer32,
|
|
jnxIpSecSaMonLifeTime Integer32,
|
|
jnxIpSecSaMonActiveTime TimeInterval,
|
|
jnxIpSecSaMonLifeSizeThreshold Integer32,
|
|
jnxIpSecSaMonLifeTimeThreshold Integer32,
|
|
jnxIpSecSaMonEncryptAlgo JnxEncryptAlgo,
|
|
jnxIpSecSaMonAuthAlgo JnxAuthAlgo,
|
|
jnxIpSecSaMonState INTEGER,
|
|
jnxIpSecSaMonFcName DisplayString,
|
|
jnxIpSecSaMonEsnMode JnxEsnMode
|
|
}
|
|
|
|
jnxIpSecSaMonIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index, in the context of the IPsec tunnel ipSecTunIndex,
|
|
of the security association represented by this table entry.
|
|
The value of this index is a number which begins at one and
|
|
is incremented with each SPI associated with an IPsec Phase-2
|
|
Tunnel. The value of this object will wrap at 65535."
|
|
::= { jnxIpSecSaMonEntry 1 }
|
|
|
|
jnxIpSecSaMonProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
ah(1),
|
|
esp(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index, represents the security protocol (AH, ESP or
|
|
IPComp) for which this security association was setup."
|
|
::= { jnxIpSecSaMonEntry 2 }
|
|
|
|
jnxIpSecSaMonInSpi OBJECT-TYPE
|
|
SYNTAX JnxSpiType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the incoming SPI."
|
|
::= { jnxIpSecSaMonEntry 3 }
|
|
|
|
jnxIpSecSaMonOutSpi OBJECT-TYPE
|
|
SYNTAX JnxSpiType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the outgoing SPI."
|
|
::= { jnxIpSecSaMonEntry 4 }
|
|
|
|
jnxIpSecSaMonType OBJECT-TYPE
|
|
SYNTAX JnxSAType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This field represents the type of security associations
|
|
which can be either manual or dynamic"
|
|
::= { jnxIpSecSaMonEntry 5 }
|
|
|
|
jnxIpSecSaMonEncapMode OBJECT-TYPE
|
|
SYNTAX JnxEncapMode
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encapsulation mode used by an IPsec Phase-2 Tunnel. "
|
|
::= { jnxIpSecSaMonEntry 6 }
|
|
|
|
jnxIpSecSaMonLifeSize OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. "
|
|
::= { jnxIpSecSaMonEntry 7 }
|
|
|
|
jnxIpSecSaMonLifeTime OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. "
|
|
::= { jnxIpSecSaMonEntry 8 }
|
|
|
|
jnxIpSecSaMonActiveTime OBJECT-TYPE
|
|
SYNTAX TimeInterval
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of time the IPsec Phase-2 Tunnel has been active in
|
|
hundredths of seconds. "
|
|
::= { jnxIpSecSaMonEntry 9 }
|
|
|
|
jnxIpSecSaMonLifeSizeThreshold OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The security association LifeSize refresh threshold in kilobytes. "
|
|
::= { jnxIpSecSaMonEntry 10 }
|
|
|
|
jnxIpSecSaMonLifeTimeThreshold OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The security association LifeTime refresh threshold in seconds. "
|
|
::= { jnxIpSecSaMonEntry 11 }
|
|
|
|
jnxIpSecSaMonEncryptAlgo OBJECT-TYPE
|
|
SYNTAX JnxEncryptAlgo
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Encryption algorithm used to encrypt the packets. "
|
|
::= { jnxIpSecSaMonEntry 12 }
|
|
|
|
jnxIpSecSaMonAuthAlgo OBJECT-TYPE
|
|
SYNTAX JnxAuthAlgo
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The algorithm used for authentication of packets which
|
|
can be hmac-md5-96 or hmac-sha1-96 or hmac-sha-256-128"
|
|
::= { jnxIpSecSaMonEntry 13 }
|
|
|
|
jnxIpSecSaMonState OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
unknown (0),
|
|
active (1),
|
|
expiring (2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This column represents the status of the security association
|
|
represented by this table entry. If the status of the SA is
|
|
'active', the SA is ready for active use. The status
|
|
'expiring' represents any of the various states that the
|
|
security association transitions through before being purged."
|
|
::= { jnxIpSecSaMonEntry 14 }
|
|
|
|
jnxIpSecSaMonFcName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Class-Of-Service Forwarding Class name."
|
|
::= { jnxIpSecSaMonEntry 15 }
|
|
|
|
jnxIpSecSaMonEsnMode OBJECT-TYPE
|
|
SYNTAX JnxEsnMode
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This field represents whether IPSec extended sequence number
|
|
support is enabled or disabled"
|
|
::= { jnxIpSecSaMonEntry 16 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The IPsec Phase-2 Global Statistics
|
|
-- Provides global statistics for all phase 2 tunnels.
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIpSecGlobalStats OBJECT IDENTIFIER
|
|
::= { jnxIpSecFlowMonPhaseTwo 4 }
|
|
|
|
jnxIpSecGlobalOutEncryptedBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes encrypted by all Phase-2 tunnel."
|
|
::= { jnxIpSecGlobalStats 1 }
|
|
|
|
jnxIpSecGlobalOutEncryptedPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets encrypted by all Phase-2 tunnel."
|
|
::= { jnxIpSecGlobalStats 2 }
|
|
|
|
jnxIpSecGlobalInDecryptedBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes decrypted by all Phase-2 tunnel."
|
|
::= { jnxIpSecGlobalStats 3 }
|
|
|
|
jnxIpSecGlobalInDecryptedPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets decrypted by all Phase-2 tunnel."
|
|
::= { jnxIpSecGlobalStats 4 }
|
|
|
|
jnxIpSecGlobalAHInBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of incoming bytes authenticated using AH by all Phase-2
|
|
tunnel."
|
|
::= { jnxIpSecGlobalStats 5 }
|
|
|
|
jnxIpSecGlobalAHInPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of incoming packets authenticated using AH by all
|
|
Phase-2 tunnel."
|
|
::= { jnxIpSecGlobalStats 6 }
|
|
|
|
jnxIpSecGlobalAHOutBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of outgoing bytes applied AH by all Phase-2 tunnel."
|
|
::= { jnxIpSecGlobalStats 7 }
|
|
|
|
jnxIpSecGlobalAHOutPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of outgoing packets applied AH by all Phase-2 tunnel."
|
|
::= { jnxIpSecGlobalStats 8 }
|
|
|
|
jnxIpSecGlobalReplayDropPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets dropped by all Phase-2 tunnel due to
|
|
anti-replay check failure."
|
|
::= { jnxIpSecGlobalStats 9 }
|
|
|
|
jnxIpSecGlobalAhAuthFails OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by all Phase-2 tunnel that
|
|
failed AH authentication."
|
|
::= { jnxIpSecGlobalStats 10 }
|
|
|
|
jnxIpSecGlobalEspAuthFails OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by all Phase-2 tunnel that
|
|
failed ESP authentication."
|
|
::= { jnxIpSecGlobalStats 11 }
|
|
|
|
jnxIpSecGlobalDecryptFails OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by all Phase-2 tunnel that
|
|
failed decryption."
|
|
::= { jnxIpSecGlobalStats 12 }
|
|
|
|
jnxIpSecGlobalBadHeaders OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by all Phase-2 tunnel that
|
|
failed due to bad headers."
|
|
::= { jnxIpSecGlobalStats 13 }
|
|
|
|
jnxIpSecGlobalBadTrailers OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by all Phase-2 tunnel that
|
|
failed due to bad ESP trailers."
|
|
::= { jnxIpSecGlobalStats 14 }
|
|
|
|
jnxIpSecGlobalInvalidSpi OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of Invalid SPI."
|
|
::= { jnxIpSecGlobalStats 15 }
|
|
|
|
jnxIpSecGlobalTsCheckFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of TS check fail."
|
|
::= { jnxIpSecGlobalStats 16 }
|
|
|
|
jnxIpSecGlobalDiscarded OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of discarded packets."
|
|
::= { jnxIpSecGlobalStats 17 }
|
|
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
-- The IPsec Phase-2 HA Link Global Statistics
|
|
-- Provides global statistics for all HA Link phase 2 tunnels.
|
|
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
jnxIpSecHaLinkGlobalStats OBJECT IDENTIFIER
|
|
::= { jnxIpSecFlowMonPhaseTwo 5 }
|
|
|
|
jnxIpSecHaLinkGlobalOutEncryptedBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes encrypted by all Phase-2 tunnel."
|
|
::= { jnxIpSecHaLinkGlobalStats 1 }
|
|
|
|
jnxIpSecHaLinkGlobalOutEncryptedPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets encrypted by all Phase-2 tunnel."
|
|
::= { jnxIpSecHaLinkGlobalStats 2 }
|
|
|
|
jnxIpSecHaLinkGlobalInDecryptedBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes decrypted by all Phase-2 tunnel."
|
|
::= { jnxIpSecHaLinkGlobalStats 3 }
|
|
|
|
jnxIpSecHaLinkGlobalInDecryptedPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets decrypted by all Phase-2 tunnel."
|
|
::= { jnxIpSecHaLinkGlobalStats 4 }
|
|
|
|
jnxIpSecHaLinkGlobalAHInBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of incoming bytes authenticated using AH by all Phase-2
|
|
tunnel."
|
|
::= { jnxIpSecHaLinkGlobalStats 5 }
|
|
|
|
jnxIpSecHaLinkGlobalAHInPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of incoming packets authenticated using AH by all
|
|
Phase-2 tunnel."
|
|
::= { jnxIpSecHaLinkGlobalStats 6 }
|
|
|
|
jnxIpSecHaLinkGlobalAHOutBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of outgoing bytes applied AH by all Phase-2 tunnel."
|
|
::= { jnxIpSecHaLinkGlobalStats 7 }
|
|
|
|
jnxIpSecHaLinkGlobalAHOutPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of outgoing packets applied AH by all Phase-2 tunnel."
|
|
::= { jnxIpSecHaLinkGlobalStats 8 }
|
|
|
|
jnxIpSecHaLinkGlobalReplayDropPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets dropped by all Phase-2 tunnel due to
|
|
anti-replay check failure."
|
|
::= { jnxIpSecHaLinkGlobalStats 9 }
|
|
|
|
jnxIpSecHaLinkGlobalAhAuthFails OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by all Phase-2 tunnel that
|
|
failed AH authentication."
|
|
::= { jnxIpSecHaLinkGlobalStats 10 }
|
|
|
|
jnxIpSecHaLinkGlobalEspAuthFails OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by all Phase-2 tunnel that
|
|
failed ESP authentication."
|
|
::= { jnxIpSecHaLinkGlobalStats 11 }
|
|
|
|
jnxIpSecHaLinkGlobalDecryptFails OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by all Phase-2 tunnel that
|
|
failed decryption."
|
|
::= { jnxIpSecHaLinkGlobalStats 12 }
|
|
|
|
jnxIpSecHaLinkGlobalBadHeaders OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by all Phase-2 tunnel that
|
|
failed due to bad headers."
|
|
::= { jnxIpSecHaLinkGlobalStats 13 }
|
|
|
|
jnxIpSecHaLinkGlobalBadTrailers OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets received by all Phase-2 tunnel that
|
|
failed due to bad ESP trailers."
|
|
::= { jnxIpSecHaLinkGlobalStats 14 }
|
|
|
|
jnxIpSecHaLinkGlobalInvalidSpi OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of Invalid SPI."
|
|
::= { jnxIpSecHaLinkGlobalStats 15 }
|
|
|
|
jnxIpSecHaLinkGlobalTsCheckFail OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of TS check fail."
|
|
::= { jnxIpSecHaLinkGlobalStats 16 }
|
|
|
|
jnxIpSecHaLinkGlobalDiscarded OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
UNITS "Packets"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of discarded packets."
|
|
::= { jnxIpSecHaLinkGlobalStats 17 }
|
|
|
|
END
|
|
|