567 lines
20 KiB
Plaintext
567 lines
20 KiB
Plaintext
RAPID-IPSEC-TUNNEL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter64,
|
|
OBJECT-IDENTITY, enterprises,
|
|
IpAddress, TimeTicks FROM SNMPv2-SMI
|
|
DateAndTime FROM SNMPv2-TC
|
|
rapidstream FROM RAPID-MIB;
|
|
|
|
rsInfoModule MODULE-IDENTITY
|
|
LAST-UPDATED "0103061200Z"
|
|
ORGANIZATION "WatchGuard Technologies, Inc."
|
|
CONTACT-INFO
|
|
" Ella Yu
|
|
WatchGuard Technologies, Inc.
|
|
1841 Zanker Road
|
|
San Jose, CA 95112
|
|
USA
|
|
|
|
408-519-4888
|
|
ella.yu@watchguard.com "
|
|
|
|
DESCRIPTION
|
|
"The MIB module describes various tunnel objects
|
|
of RapidStream system."
|
|
|
|
|
|
REVISION "200104201200Z"
|
|
DESCRIPTION
|
|
"Initial revision."
|
|
REVISION "200211011200Z"
|
|
DESCRIPTION
|
|
"Changed CONTACT-INFO."
|
|
::= { rapidstream 6 }
|
|
|
|
rsIpsecTunnelMIB OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the base object identifier for all tunnel
|
|
branches."
|
|
::= { rsInfoModule 5 }
|
|
|
|
rsIpsecTunnel OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the base object identifier for all
|
|
tunnel information."
|
|
::= { rsIpsecTunnelMIB 1 }
|
|
|
|
rsIpsecTunnelNum OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of entries in the rsIpsecTunnelTable. "
|
|
::= { rsIpsecTunnel 1 }
|
|
|
|
rsIpsecTunnelTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RSIpsecTunnelEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the connection table describing all current
|
|
tunnels exist on this entity."
|
|
::= { rsIpsecTunnel 2 }
|
|
|
|
|
|
rsIpsecTunnelEntry OBJECT-TYPE
|
|
SYNTAX RSIpsecTunnelEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) containing the information on a
|
|
tunnel between two security gateways."
|
|
INDEX{ rsIpsecTunnelID }
|
|
::= { rsIpsecTunnelTable 1 }
|
|
|
|
RSIpsecTunnelEntry ::= SEQUENCE {
|
|
|
|
rsIpsecTunnelID Integer32,
|
|
|
|
rsIpsecTunnelLocalAddr IpAddress,
|
|
rsIpsecTunnelPeerAddr IpAddress,
|
|
|
|
|
|
rsIpsecTunnelInSpi Integer32,
|
|
rsIpsecTunnelOutSpi Integer32,
|
|
rsIpsecTunnelCreateTime DateAndTime,
|
|
rsIpsecTunnelDeviceID Unsigned32,
|
|
rsIpsecTunnelEspEncryptAlg INTEGER,
|
|
rsIpsecTunnelEspAuthAlg INTEGER,
|
|
rsIpsecTunnelAhAuthAlg INTEGER,
|
|
rsIpsecTunnelMode INTEGER,
|
|
rsIpsecTunnelKeyMode INTEGER,
|
|
rsIpsecTunnelLifeTime TimeTicks,
|
|
rsIpsecTunnelLifeLength Counter32,
|
|
rsIpsecTunnelInSaBytes Counter32,
|
|
rsIpsecTunnelOutSaBytes Counter32,
|
|
rsIpsecTunnelAccSecs Counter32,
|
|
rsIpsecTunnelSelectorProtocol INTEGER,
|
|
rsIpsecTunnelSelectorRemoteIPType INTEGER,
|
|
rsIpsecTunnelSelectorRemoteIPOne IpAddress,
|
|
rsIpsecTunnelSelectorRemoteIPTwo IpAddress,
|
|
rsIpsecTunnelSelectorRemotePort INTEGER,
|
|
rsIpsecTunnelSelectorLocalIPType INTEGER,
|
|
rsIpsecTunnelSelectorLocalIPOne IpAddress,
|
|
rsIpsecTunnelSelectorLocalIPTwo IpAddress,
|
|
rsIpsecTunnelSelectorLocalPort INTEGER,
|
|
rsIpsecTunnelNumRekey Counter32,
|
|
rsIpsecTunnelInKbytes Counter32,
|
|
rsIpsecTunnelOutKbytes Counter32,
|
|
rsIpsecTunnelInPackets Counter32,
|
|
rsIpsecTunnelOutPackets Counter32,
|
|
rsIpsecTunnelInDecryptErrors Counter32,
|
|
rsIpsecTunnelInAuthErrors Counter32,
|
|
rsIpsecTunnelInReplayErrors Counter32,
|
|
rsIpsecTunnelInOtherErrors Counter32,
|
|
rsIpsecTunnelOutDecryptErrors Counter32,
|
|
rsIpsecTunnelOutAuthErrors Counter32,
|
|
rsIpsecTunnelOutReplayErrors Counter32,
|
|
rsIpsecTunnelOutOtherErrors Counter32,
|
|
rsIpsecTunnelUdpEncap INTEGER,
|
|
rsIpsecTunnelPeerUdpPort INTEGER,
|
|
rsIpsecTunnelOrigPeerAddr IpAddress
|
|
}
|
|
|
|
rsIpsecTunnelID OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The running index of this tunnel."
|
|
::= { rsIpsecTunnelEntry 1 }
|
|
|
|
rsIpsecTunnelLocalAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The local IP address of the current tunnel."
|
|
::= { rsIpsecTunnelEntry 2 }
|
|
|
|
rsIpsecTunnelPeerAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The remote IP address of the current tunnel."
|
|
::= { rsIpsecTunnelEntry 3 }
|
|
|
|
rsIpsecTunnelInSpi OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The security parameters index of inbound SA's within this
|
|
tunnel."
|
|
::= { rsIpsecTunnelEntry 4 }
|
|
|
|
rsIpsecTunnelOutSpi OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The security parameters index of outbound SA's within this
|
|
tunnel."
|
|
::= { rsIpsecTunnelEntry 5 }
|
|
|
|
rsIpsecTunnelCreateTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The date and time when the tunnel is created."
|
|
::= { rsIpsecTunnelEntry 6 }
|
|
|
|
rsIpsecTunnelDeviceID OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The identifier of target device where the SA resides."
|
|
::= { rsIpsecTunnelEntry 7 }
|
|
|
|
rsIpsecTunnelEspEncryptAlg OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
unknown(0),
|
|
des(2),
|
|
three-des(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encryption algorithm used in the tunnel. It's 0
|
|
if ESP is not used."
|
|
::= { rsIpsecTunnelEntry 8 }
|
|
|
|
rsIpsecTunnelEspAuthAlg OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
unknown(0),
|
|
md5(2),
|
|
sha(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication algorithm used in the tunnel. It's
|
|
0 if ESP is not used."
|
|
::= { rsIpsecTunnelEntry 9 }
|
|
|
|
rsIpsecTunnelAhAuthAlg OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
unknown(0),
|
|
md5(2),
|
|
sha(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The AH authentication algorithm used in the tunnel.
|
|
It's 0 if AH is not used."
|
|
::= { rsIpsecTunnelEntry 10 }
|
|
|
|
rsIpsecTunnelMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
unknown(0),
|
|
tunnel(1),
|
|
transport(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The tunnel/transport mode of the tunnel."
|
|
::= { rsIpsecTunnelEntry 11 }
|
|
|
|
rsIpsecTunnelKeyMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
unknown(0),
|
|
manual(1),
|
|
auto-ike(2),
|
|
other(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The key mode of the tunnel."
|
|
::= { rsIpsecTunnelEntry 12 }
|
|
|
|
rsIpsecTunnelLifeTime OBJECT-TYPE
|
|
SYNTAX TimeTicks
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The life time (in hundredths of a second) of the tunnel."
|
|
::= { rsIpsecTunnelEntry 13 }
|
|
|
|
rsIpsecTunnelLifeLength OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum traffic in bytes that the tunnel is allowed to support."
|
|
::= { rsIpsecTunnelEntry 14 }
|
|
|
|
rsIpsecTunnelInSaBytes OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current active inbound SA bytes of the tunnel."
|
|
::= { rsIpsecTunnelEntry 15 }
|
|
|
|
rsIpsecTunnelOutSaBytes OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current active outbound SA bytes of the tunnel."
|
|
::= { rsIpsecTunnelEntry 16 }
|
|
|
|
rsIpsecTunnelAccSecs OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds that the tunnel has existed."
|
|
::= { rsIpsecTunnelEntry 17 }
|
|
|
|
rsIpsecTunnelSelectorProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(0),
|
|
icmp(1),
|
|
igmp(2),
|
|
ipip(4),
|
|
tcp(6),
|
|
egp(8),
|
|
pup(12),
|
|
udp(17),
|
|
idp(22),
|
|
tp(29),
|
|
ipv6(41),
|
|
ipv6-routing(43),
|
|
ipv6-fragmentation(44),
|
|
rsvp(46),
|
|
gre(47),
|
|
esp(50),
|
|
ah(51),
|
|
icmpv6(58),
|
|
none(59),
|
|
dstopts(60),
|
|
mtp(92),
|
|
encap(98),
|
|
pim(103),
|
|
raw(255)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ip protocol number that this SA selector carries, or
|
|
0 if it carries any protocol."
|
|
::= { rsIpsecTunnelEntry 18 }
|
|
|
|
rsIpsecTunnelSelectorRemoteIPType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ip-addr-single(1),
|
|
ip-addr-subnet(2),
|
|
ip-addr-range(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of remote IP address of the SA selector in
|
|
the entity."
|
|
::= { rsIpsecTunnelEntry 19 }
|
|
|
|
rsIpsecTunnelSelectorRemoteIPOne OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The first remote IP address of the SA selector in the entity.
|
|
It's IP address if remote IP of this selector only has one address.
|
|
It's IP address of subnet if the remote IP of this selector is IP subnet.
|
|
It's the start IP address if the remote IP of this selector
|
|
has a range of addresses."
|
|
::= { rsIpsecTunnelEntry 20 }
|
|
|
|
rsIpsecTunnelSelectorRemoteIPTwo OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The second remote IP address of the SA selector in the entity.
|
|
It's 0 if remote IP of this selector only has one address.
|
|
It's netmask of subnet if the remote IP of this selector is IP subnet.
|
|
It's the end IP address if the remote IP of this selector
|
|
has a range of addresses."
|
|
::= { rsIpsecTunnelEntry 21 }
|
|
|
|
rsIpsecTunnelSelectorRemotePort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The remote port used by this selector in the entity."
|
|
::= { rsIpsecTunnelEntry 22 }
|
|
|
|
rsIpsecTunnelSelectorLocalIPType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ip-addr-single(1),
|
|
ip-addr-subnet(2),
|
|
ip-addr-range(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of local IP address of the SA selector in
|
|
the entity."
|
|
::= { rsIpsecTunnelEntry 23 }
|
|
|
|
rsIpsecTunnelSelectorLocalIPOne OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The first local IP address of the SA selector in the entity.
|
|
It's IP address if local IP of this selector only has one address.
|
|
It's IP address of subnet if the local IP of this selector is IP subnet.
|
|
It's the start IP address if the local IP of this selector
|
|
has a range of IP addresses."
|
|
::= { rsIpsecTunnelEntry 24 }
|
|
|
|
rsIpsecTunnelSelectorLocalIPTwo OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The second local IP address of the SA selector in the entity.
|
|
It's 0 if local IP of this selector only has one address.
|
|
It's netmask of subnet if the local IP of this selector is IP subnet.
|
|
It's the end IP address if the local IP of this selector
|
|
has a range of IP addresses."
|
|
::= { rsIpsecTunnelEntry 25 }
|
|
|
|
rsIpsecTunnelSelectorLocalPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The local port used by this selector in the entity."
|
|
::= { rsIpsecTunnelEntry 26 }
|
|
|
|
rsIpsecTunnelNumRekey OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of rekeys of the tunnel."
|
|
::= { rsIpsecTunnelEntry 27 }
|
|
|
|
rsIpsecTunnelInKbytes OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Kbytes"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total inbound traffic in Kbytes since the establish of
|
|
this tunnel."
|
|
::= { rsIpsecTunnelEntry 28 }
|
|
|
|
rsIpsecTunnelOutKbytes OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "Kbytes"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total outound traffic in Kbytes since the establish of
|
|
this connection."
|
|
::= { rsIpsecTunnelEntry 29 }
|
|
|
|
rsIpsecTunnelInPackets OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of inbound packets since the establish of
|
|
this connection."
|
|
::= { rsIpsecTunnelEntry 30 }
|
|
|
|
rsIpsecTunnelOutPackets OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of outound packets since the establish of
|
|
this connection."
|
|
::= { rsIpsecTunnelEntry 31 }
|
|
|
|
rsIpsecTunnelInDecryptErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets discarded due to decryption
|
|
error since the establish of this connection."
|
|
::= { rsIpsecTunnelEntry 32 }
|
|
|
|
rsIpsecTunnelInAuthErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets discarded due to authentication
|
|
error since the establish of this connection."
|
|
::= { rsIpsecTunnelEntry 33 }
|
|
|
|
rsIpsecTunnelInReplayErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets discarded due to replay
|
|
error since the establish of this connection."
|
|
::= { rsIpsecTunnelEntry 34}
|
|
|
|
rsIpsecTunnelInOtherErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets discarded due to errors
|
|
other than decryption, authentication or replay errors. This
|
|
may include packets dropped due to a lack of receive
|
|
buffers, and may include packets dropped due to congestion
|
|
at the decryption element."
|
|
::= { rsIpsecTunnelEntry 35 }
|
|
|
|
rsIpsecTunnelOutDecryptErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets discarded due to decryption
|
|
error since the establish of this connection."
|
|
::= { rsIpsecTunnelEntry 36 }
|
|
|
|
rsIpsecTunnelOutAuthErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets discarded due to authentication
|
|
error since the establish of this connection."
|
|
::= { rsIpsecTunnelEntry 37 }
|
|
|
|
rsIpsecTunnelOutReplayErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets discarded due to replay
|
|
error since the establish of this connection."
|
|
::= { rsIpsecTunnelEntry 38 }
|
|
|
|
rsIpsecTunnelOutOtherErrors OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets discarded due to errors
|
|
other than decryption, authentication or replay errors. This
|
|
may include packets dropped due to a lack of receive
|
|
buffers, and may include packets dropped due to congestion
|
|
at the decryption element."
|
|
::= { rsIpsecTunnelEntry 39 }
|
|
|
|
rsIpsecTunnelUdpEncap OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disabled(0),
|
|
enabled(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether if UDP encapsulated IPSec has been enabled."
|
|
::= { rsIpsecTunnelEntry 40 }
|
|
|
|
rsIpsecTunnelPeerUdpPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The peer's UDP port of current tunnel when UDP encapsulated IPSec
|
|
is enabled."
|
|
::= { rsIpsecTunnelEntry 41 }
|
|
|
|
rsIpsecTunnelOrigPeerAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The original peer ip address of current tunnel when UDP encapsulated
|
|
IPSec is enabled"
|
|
::= { rsIpsecTunnelEntry 42 }
|
|
|
|
END
|