summaryrefslogtreecommitdiff
path: root/MIBS/junos/JUNIPER-IPSEC-FLOW-MON-MIB
diff options
context:
space:
mode:
authorDavid Leutgeb <david.leutgeb@mannundmouse.com>2023-12-05 12:25:34 +0100
committerDavid Leutgeb <david.leutgeb@mannundmouse.com>2023-12-05 12:25:34 +0100
commit98a672123c7872f6b9b75a9a2b6bb3aea504de6a (patch)
tree9b13bd7f563c3198047bd359195327cf28b3caf0 /MIBS/junos/JUNIPER-IPSEC-FLOW-MON-MIB
downloadmibs-98a672123c7872f6b9b75a9a2b6bb3aea504de6a.tar.gz
mibs-98a672123c7872f6b9b75a9a2b6bb3aea504de6a.zip
Initial commitHEADmain
Diffstat (limited to 'MIBS/junos/JUNIPER-IPSEC-FLOW-MON-MIB')
-rw-r--r--MIBS/junos/JUNIPER-IPSEC-FLOW-MON-MIB4605
1 files changed, 4605 insertions, 0 deletions
diff --git a/MIBS/junos/JUNIPER-IPSEC-FLOW-MON-MIB b/MIBS/junos/JUNIPER-IPSEC-FLOW-MON-MIB
new file mode 100644
index 0000000..033180d
--- /dev/null
+++ b/MIBS/junos/JUNIPER-IPSEC-FLOW-MON-MIB
@@ -0,0 +1,4605 @@
+-- *******************************************************************
+-- Juniper Networks IPSEC Generic Flow Monitoring object mibs
+--
+-- Copyright (c) 2001-2011, Juniper Networks, Inc.
+-- All rights reserved.
+--
+-- The contents of this document are subject to change without notice.
+-- *******************************************************************
+
+JUNIPER-IPSEC-FLOW-MON-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ MODULE-IDENTITY, OBJECT-TYPE, Counter32,
+ Counter64, Integer32, Unsigned32, NOTIFICATION-TYPE
+ FROM SNMPv2-SMI
+ InetAddress, InetAddressType, InetPortNumber
+ FROM INET-ADDRESS-MIB
+ TEXTUAL-CONVENTION, DisplayString, TimeInterval
+ FROM SNMPv2-TC
+ jnxIpSecMibRoot
+ FROM JUNIPER-SMI;
+
+
+ jnxIpSecFlowMonMIB MODULE-IDENTITY
+ LAST-UPDATED "202004290000Z" -- Wed Apr 29 00:00:00 2020 UTC
+ ORGANIZATION "Juniper Networks, Inc."
+ CONTACT-INFO
+ "Juniper Technical Assistance Center
+ Juniper Networks, Inc.
+ 1133 Innovation Way
+ Sunnyvale, CA 94089
+ E-mail: support@juniper.net"
+ DESCRIPTION
+ "This module defines the object used to monitor the
+ entries pertaining to IPSec objects and the management
+ of the IPSEC VPN functionalities.
+ tables:
+ - IKE tunnel table
+ - IPSec tunnel table
+ - IPSec security associations table.
+
+ This mib module is based on JNX-IPSEC-MONITOR-MIB.
+ Building on the existing IKE infrastruature, the
+ security IKE implementation integrates the value-added
+ features for the security products"
+
+ REVISION "202004290000Z" -- April 29, 2020
+ DESCRIPTION
+ "Added New field for jnxIkeGlobalInitiatorIkev2SaInitStats for
+ the global IKE stats"
+
+ REVISION "202004280000Z" -- April 28, 2020
+ DESCRIPTION
+ "A new field jnxIkeTunMonTunType of type JnxIkeTunType is added to
+ table jnxIkeTunnelMonTableunder which will identify the tunnel as
+ regular(1) or halink(2).
+
+ A new field jnxIpSecTunMonTunType of type JnxIkeTunType is added to
+ table jnxIpSecTunnelMonTable which will identify the tunnel as
+ regular(1) or halink(2).
+
+ A new table jnxIkeHaLinkGlobalStats is added which lists IKE
+ global stats for ha-link tunnels.
+
+ A new table jnxIpSecHaLinkGlobalStats is added which lists IPSec
+ global stats for ha-link tunnels.
+
+ A new field jnxIkePeerStatsTunType of type JnxIkeTunType is added
+ to table jnxIkePeerStatsTable which will identify the tunnel as
+ regular(1) or halink(2)."
+
+ REVISION "202004190000Z" -- April 19, 2020
+ DESCRIPTION
+ "Added New MIB jnxIpSecGlobalStats for the global IPsec stats"
+
+ REVISION "201909100000Z" -- September 10, 2019
+ DESCRIPTION
+ "Added IPSec-tunnel statistics counters to IPSec Tunnel monitor
+ entry table"
+
+ REVISION "201908220000Z" -- August 22, 2019
+ DESCRIPTION
+ "Added the IKE tunnel statistics counters to IKE tunnel monitor table"
+
+ REVISION "201606220000Z" -- June 22, 2016
+ DESCRIPTION
+ "Added traffic-selector-name and vpn-name to ipsec-tunnel
+ -monitor-entry table"
+
+ REVISION "200705160000Z" -- May 16, 2007
+ DESCRIPTION
+ "Revised the MIB to exlude platform/product specific attributes"
+
+ REVISION "201605310000Z" -- 31-May-16
+ DESCRIPTION
+ "Consolidated TC duplicated b/n jnx-ipsec-flow-mon.mib, jnx-ipsec-monitor-asp.mib"
+
+ ::= { jnxIpSecMibRoot 1 }
+
+ --
+ -- Branch tree objects
+ --
+ jnxIpSecFlowMonNotifications OBJECT IDENTIFIER ::= { jnxIpSecFlowMonMIB 0 }
+ jnxIpSecFlowMonPhaseOne OBJECT IDENTIFIER ::= { jnxIpSecFlowMonMIB 1 }
+ jnxIpSecFlowMonPhaseTwo OBJECT IDENTIFIER ::= { jnxIpSecFlowMonMIB 2 }
+
+
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- Local Textual Conventions
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ JnxIkePeerType ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The type of IPsec Phase-1 IKE peer identity. It is the
+ local IKE identify to send in the exchange.
+ The IKE peer may be identified by one of the ID types
+ defined in IPSEC DOI.
+ idIpv4Addr - IPv4 Address.
+ idIpv6Addr - IPv6 Address.
+ idUfqdn - user fully qualified domain name (user@hostname).
+ idFqdn - full qualified domain name
+ idDn - distinquished name"
+ SYNTAX INTEGER {
+ unknown (0),
+ idIpv4Addr (1),
+ idFqdn (2),
+ idDn (3),
+ idUfqdn (4),
+ idIpv6Addr (5)
+ }
+
+ JnxIkeNegoMode ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The IPsec Phase-1 IKE negotiation mode.
+ Main Mode: A six-message Phase 1 exchange that provides identity
+ protection.
+ Aggressive mode: a three-message phase 1 exchange that does
+ not provide identity protection"
+ SYNTAX INTEGER {
+ main (1),
+ aggressive (2),
+ ikev2(3)
+ }
+
+ JnxIkeHashAlgo ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The hash algorithm used in IPsec Phase-1 IKE negotiations."
+ SYNTAX INTEGER {
+ md5(1),
+ sha(2),
+ sha256(3),
+ sha384(4),
+ sha512(5)
+ }
+
+ JnxIkeAuthMethod ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The authentication method used in IPsec Phase-1 IKE
+ negotiations."
+ SYNTAX INTEGER {
+ preSharedKey (1),
+ dssSignature (2),
+ rsaSignature (3),
+ rsaEncryption (4),
+ revRsaEncryption (5),
+ xauthPreSharedKey (6),
+ xauthDssSignature (7),
+ xauthRsaSignature (8),
+ xauthRsaEncryption (9),
+ xauthRevRsaEncryption (10),
+ ecdsa256Signature (11),
+ ecdsa384Signature (12),
+ ecdsa521Signature (13)
+ }
+
+ JnxIkePeerRole ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "Role of the local endpoint in negotiating the IPsec Phase-1 IKE
+ security association. It can be either Initiator or Responder."
+ SYNTAX INTEGER {
+ initiator (1),
+ responder (2)
+ }
+
+ JnxIkeTunStateType ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "State of the Phase-1 IKE negotiation."
+ SYNTAX INTEGER {
+ up (1),
+ down (2)
+ }
+
+
+ JnxDiffHellmanGrp ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The Diffie Hellman Group used in negotiations.
+ modp768 -- 768-bit MODP
+ modp1024 -- 1024-bit MODP
+ modp1536 -- 1536-bit MODP
+ modp2048 -- 2048-bit MODP
+ modp3072 -- 3072-bit MODP
+ modp4096 -- 4096-bit MODP
+ ec-modp256 -- 256-bit EC-MODP
+ ec-modp384 -- 384-bit EC-MODP
+ ec-modp521 -- 521-bit EC-MODP
+ modp2048s256 -- 2048-bit MODP group with 256 bit subgroup
+ "
+ SYNTAX INTEGER {
+ unknown(0),
+ modp768(1),
+ modp1024(2),
+ modp1536(5),
+ modp2048(14),
+ modp3072(15),
+ modp4096(16),
+ ecmodp256(19),
+ ecmodp384(20),
+ ecmodp521(21),
+ modp2048s256(24)
+ }
+
+ JnxKeyType ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The type of key used by an IPsec Phase-2 Tunnel."
+ SYNTAX INTEGER{
+ unknown (0),
+ keyIke (1),
+ keyManual (2)
+ }
+
+ JnxEncapMode ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The encapsulation mode used by an IPsec Phase-2 Tunnel."
+ SYNTAX INTEGER{
+ unknown (0),
+ tunnel (1),
+ transport (2)
+ }
+
+ JnxEncryptAlgo ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The encryption algorithm used in negotiations."
+ SYNTAX INTEGER {
+ espDes (1),
+ esp3des (2),
+ espNull (3),
+ espAes128 (4),
+ espAes192 (5),
+ espAes256 (6),
+ espAesGcm128 (7),
+ espAesGcm192 (8),
+ espAesGcm256 (9)
+ }
+
+ JnxAuthAlgo ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The authentication algorithm used by a
+ security association of an IPsec Phase-2 Tunnel."
+ SYNTAX INTEGER{
+ unknown (0),
+ hmacMd5 (1),
+ hmacSha (2),
+ hmacSha256 (3),
+ hmacSha384 (4),
+ hmacSha512 (5)
+
+ }
+
+ JnxRemotePeerType ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The type of the remote peer gateway (endpoint). It can be one
+ of the following two types:
+ - static (Remote peer whose IP address is known beforehand)
+ - dynamic (Remote peer whose IP address is not known
+ beforehand).
+ "
+ SYNTAX INTEGER {
+ unknown (0),
+ static (1),
+ dynamic (2)
+ }
+
+ JnxPeerStateType ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "State of the IKE peer with which the managed entity
+ is currently associated."
+ SYNTAX INTEGER {
+ active (1),
+ inactive (2)
+ }
+
+ JnxSpiType ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "The type of the SPI associated with IPsec Phase-2 security
+ associations."
+ SYNTAX Unsigned32 (256..4294967295)
+
+
+ JnxSAType ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "SA Type manual or dynamic"
+ SYNTAX INTEGER {
+ unknown (0),
+ manual (1),
+ dynamic (2)
+ }
+
+ JnxEsnMode ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "ESN mode Enable or Disable"
+ SYNTAX INTEGER {
+ none (0),
+ enable (1),
+ disable (2)
+ }
+
+ JnxIkeTunType ::= TEXTUAL-CONVENTION
+ STATUS current
+ DESCRIPTION
+ "Type of the tunnel."
+ SYNTAX INTEGER {
+ regular (1),
+ halink (2)
+ }
+
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- Notifications
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIkeNotificationType OBJECT IDENTIFIER ::= { jnxIpSecFlowMonNotifications 0 }
+
+ jnxIkeNotificationObj OBJECT IDENTIFIER ::= { jnxIpSecFlowMonNotifications 1 }
+
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- Notifications - Variables
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIkeTrapPeerRemoteGwAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address type of the remote gateway (endpoint) for the
+ IKE SA negotiaton."
+ ::= { jnxIkeNotificationObj 1 }
+
+ jnxIkeTrapPeerRemoteGwAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the remote gateway (endpoint) for the IKE SA
+ negotiation."
+ ::= { jnxIkeNotificationObj 2 }
+
+ jnxIkeTrapPeerRemotePort OBJECT-TYPE
+ SYNTAX InetPortNumber
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The port number of the remote gateway (endpoint) for the IKE
+ SA negotiation. The port number zero means the input value is
+ ignored for this object and the default port is considered."
+ ::= { jnxIkeNotificationObj 3 }
+
+ jnxIkeTrapPeerLocalGwAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address type of the local endpoint (gateway) for the
+ IKE SA negotiation."
+ ::= { jnxIkeNotificationObj 4 }
+
+ jnxIkeTrapPeerLocalGwAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the local endpoint (gateway) for the IKE SA
+ negotiation."
+ ::= { jnxIkeNotificationObj 5 }
+
+ jnxIkeTrapPeerLocalPort OBJECT-TYPE
+ SYNTAX InetPortNumber
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The port number of the local gateway (endpoint) for the IKE SA
+ negotiation. The port number zero means the input value is
+ ignored for this object and the default port is considered."
+ ::= { jnxIkeNotificationObj 6 }
+
+ jnxIkeTrapPeerRoutingInstance OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Name of the routing instance."
+ ::= { jnxIkeNotificationObj 7 }
+
+ jnxIkeTrapPeerLocalIdType OBJECT-TYPE
+ SYNTAX JnxIkePeerType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of local peer identity. The local
+ peer may be identified by:
+ 1. an IP address, or
+ 2. or a fully qualified domain name string.
+ 3. or a distinguished name string."
+ ::= { jnxIkeNotificationObj 8 }
+
+ jnxIkeTrapPeerLocalIdValue OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of the local peer identity.
+
+ If the local peer type is an IP Address, then this
+ is the IP Address used to identify the local peer.
+
+ If the local peer type is id_fqdn, then this is
+ the FQDN of the remote peer.
+
+ If the local peer type is a id_dn, then this is
+ the distinguished name string of the local peer."
+ ::= { jnxIkeNotificationObj 9 }
+
+ jnxIkeTrapPeerRemoteIdType OBJECT-TYPE
+ SYNTAX JnxIkePeerType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of remote peer identity.
+ The remote peer may be identified by:
+ 1. an IP address, or
+ 2. or a fully qualified domain name string.
+ 3. or a distinguished name string."
+ ::= { jnxIkeNotificationObj 10 }
+
+ jnxIkeTrapPeerRemoteIdValue OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of the remote peer identity.
+
+ If the remote peer type is an IP Address, then this
+ is the IP Address used to identify the remote peer.
+
+ If the remote peer type is id_fqdn, then this is
+ the FQDN of the remote peer.
+
+ If the remote peer type is a id_dn, then this is
+ the distinguished named string of the remote peer."
+ ::= { jnxIkeNotificationObj 11 }
+
+ jnxIkeTrapPeerAAAUserName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Identifies the user with the specified authentication,
+ authorization and accounting (AAA) username, associated
+ with the IKE SA negotiation."
+ ::= { jnxIkeNotificationObj 12 }
+
+ jnxIkeTrapPeerGwName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Name of the IKE gateway."
+ ::= { jnxIkeNotificationObj 13 }
+
+ jnxIkeTrapIpSecTunVpnName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "IPsec tunnel VPN name."
+ ::= { jnxIkeNotificationObj 14 }
+
+ jnxIkeTrapIpSecTunTsName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "IPsec tunnel Traffic Selector name."
+ ::= { jnxIkeNotificationObj 15 }
+
+ jnxIkeTrapIpSecTunLocalTS OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Identifier for the local end of IPsec tunnel."
+ ::= { jnxIkeNotificationObj 16 }
+
+ jnxIkeTrapIpSecTunRemoteTS OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Identifier for the remote end of IPsec tunnel."
+ ::= { jnxIkeNotificationObj 17 }
+
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- Notifications - Traps
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIkePeerDown NOTIFICATION-TYPE
+ OBJECTS {
+ jnxIkeTrapPeerRemoteGwAddrType,
+ jnxIkeTrapPeerRemoteGwAddr,
+ jnxIkeTrapPeerRemotePort,
+ jnxIkeTrapPeerLocalGwAddrType,
+ jnxIkeTrapPeerLocalGwAddr,
+ jnxIkeTrapPeerLocalPort,
+ jnxIkeTrapPeerRoutingInstance,
+ jnxIkeTrapPeerLocalIdType,
+ jnxIkeTrapPeerLocalIdValue,
+ jnxIkeTrapPeerRemoteIdType,
+ jnxIkeTrapPeerRemoteIdValue,
+ jnxIkeTrapPeerAAAUserName,
+ jnxIkeTrapPeerGwName
+ }
+ STATUS current
+ DESCRIPTION
+ "To provide notification for the event when Peer goes down."
+ ::= { jnxIkeNotificationType 1 }
+
+ jnxIkePeerIPSecTunnelDown NOTIFICATION-TYPE
+ OBJECTS {
+ jnxIkeTrapPeerRemoteGwAddrType,
+ jnxIkeTrapPeerRemoteGwAddr,
+ jnxIkeTrapPeerRemotePort,
+ jnxIkeTrapPeerLocalGwAddrType,
+ jnxIkeTrapPeerLocalGwAddr,
+ jnxIkeTrapPeerLocalPort,
+ jnxIkeTrapPeerRoutingInstance,
+ jnxIkeTrapPeerLocalIdType,
+ jnxIkeTrapPeerLocalIdValue,
+ jnxIkeTrapPeerRemoteIdType,
+ jnxIkeTrapPeerRemoteIdValue,
+ jnxIkeTrapPeerAAAUserName,
+ jnxIkeTrapPeerGwName,
+ jnxIkeTrapIpSecTunVpnName,
+ jnxIkeTrapIpSecTunTsName,
+ jnxIkeTrapIpSecTunLocalTS,
+ jnxIkeTrapIpSecTunRemoteTS
+ }
+ STATUS current
+ DESCRIPTION
+ "To provide notification for the event of IPSec Tunnels
+ going down for a peer. These traps are not generated
+ if the corresponding peer has gone down."
+ ::= { jnxIkeNotificationType 2 }
+
+
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- Number of IKE Tunnels currently active
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIkeNumOfTunnels OBJECT-TYPE
+ SYNTAX INTEGER
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE Tunnels (phase-1) actively negotiating between
+ peers. The SA can be in either the up or down state.
+ This attribute should detail the number of IKE tunnels
+ in jnxIkeTunnelMonTable."
+ ::= { jnxIpSecFlowMonPhaseOne 1 }
+
+
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- The IPsec Phase-1 Internet Key Exchange Tunnel Table
+ --
+ -- Phase 1 is used to negotiate the parameter and key material required
+ -- to establish an ISAKMP AS.
+ --
+ -- The phase 1 IKE gateway key exchange: tunnel peer device. Phase 1
+ -- security association components include encryption algorithm,
+ -- authentication, Diffie-Hellman group values and anthentication method
+ -- such as pre-shared keys or certificates.
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIkeTunnelMonTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF JnxIkeTunnelMonEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The IPsec Phase-1 Internet Key Exchange Tunnel Table.
+ There is one entry in this table for each active IPsec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIpSecFlowMonPhaseOne 2 }
+
+ jnxIkeTunnelMonEntry OBJECT-TYPE
+ SYNTAX JnxIkeTunnelMonEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Each entry contains the attributes associated with
+ an active IPsec Phase-1 IKE Tunnel."
+ INDEX { jnxIkeTunMonRemoteGwAddrType,
+ jnxIkeTunMonRemoteGwAddr,
+ jnxIkeTunMonIndex }
+ ::= { jnxIkeTunnelMonTable 1 }
+
+ JnxIkeTunnelMonEntry ::= SEQUENCE {
+ jnxIkeTunMonRemoteGwAddrType InetAddressType,
+ jnxIkeTunMonRemoteGwAddr InetAddress,
+ jnxIkeTunMonIndex Integer32,
+ jnxIkeTunMonLocalGwAddrType InetAddressType,
+ jnxIkeTunMonLocalGwAddr InetAddress,
+ jnxIkeTunMonState JnxIkeTunStateType,
+ jnxIkeTunMonInitiatorCookie DisplayString,
+ jnxIkeTunMonResponderCookie DisplayString,
+ jnxIkeTunMonLocalRole JnxIkePeerRole,
+ jnxIkeTunMonLocalIdType JnxIkePeerType,
+ jnxIkeTunMonLocalIdValue DisplayString,
+ jnxIkeTunMonLocalCertName DisplayString,
+ jnxIkeTunMonRemoteIdType JnxIkePeerType,
+ jnxIkeTunMonRemoteIdValue DisplayString,
+ jnxIkeTunMonNegoMode JnxIkeNegoMode,
+ jnxIkeTunMonDiffHellmanGrp JnxDiffHellmanGrp,
+ jnxIkeTunMonEncryptAlgo JnxEncryptAlgo,
+ jnxIkeTunMonHashAlgo JnxIkeHashAlgo,
+ jnxIkeTunMonAuthMethod JnxIkeAuthMethod,
+ jnxIkeTunMonLifeTime Integer32,
+ jnxIkeTunMonActiveTime TimeInterval,
+ jnxIkeTunMonInOctets Counter64,
+ jnxIkeTunMonInPkts Counter32,
+ jnxIkeTunMonOutOctets Counter64,
+ jnxIkeTunMonOutPkts Counter32,
+ jnxIkeTunMonXAuthUserId DisplayString,
+ jnxIkeTunMonDPDDownCount Counter32,
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyRequestOut Counter64,
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResponseIn Counter64,
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyNoProposalChosenIn Counter64,
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyInvalidKeIn Counter64,
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyTsUnacceptableIn Counter64,
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifySaFail Counter64,
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifyDhGroupFail Counter64,
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifyTsFail Counter64,
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResDhComputeKeyFail Counter64,
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyRequestIn Counter64,
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyResponseOut Counter64,
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyNoProposalChosenOut Counter64,
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyInvalidKeOut Counter64,
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyTsUnacceptableOut Counter64,
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyResDhComputeKeyFail Counter64,
+ jnxIkeTunMonGwName DisplayString,
+ jnxIkeTunMonTunType JnxIkeTunType
+ }
+
+
+ jnxIkeTunMonRemoteGwAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The IP address type of the remote gateway (endpoint) for the IPsec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkeTunnelMonEntry 1 }
+
+ jnxIkeTunMonRemoteGwAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The IP address of the remote gateway (endpoint) for the IPsec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkeTunnelMonEntry 2 }
+
+ jnxIkeTunMonIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of the IPsec Phase-1 IKE Tunnel Table.
+ The value of the index is a number which begins
+ at one and is incremented with each tunnel that
+ is created. The value of this object will
+ wrap at 2,147,483,647."
+ ::= { jnxIkeTunnelMonEntry 3 }
+
+ jnxIkeTunMonLocalGwAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the local endpoint (gateway) for the IPsec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkeTunnelMonEntry 4 }
+
+ jnxIkeTunMonLocalGwAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address type of the local endpoint (gateway) for the IPsec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkeTunnelMonEntry 5 }
+
+ jnxIkeTunMonState OBJECT-TYPE
+ SYNTAX JnxIkeTunStateType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The state of the IKE tunnel, It can be:
+ 1. up - negotiation completed
+ 2. down- being negotiated"
+ ::= { jnxIkeTunnelMonEntry 6 }
+
+ jnxIkeTunMonInitiatorCookie OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Cookie as generated by the peer that initiated the IKE Phase-1
+ negotiation. This cookie is carried in the ISAKMP header."
+ ::= { jnxIkeTunnelMonEntry 7 }
+
+ jnxIkeTunMonResponderCookie OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Cookie as generated by the peer responding to the IKE Phase-1
+ negotiation initiated by the remote peer. This cookie is carried
+ in the ISAKMP header."
+ ::= { jnxIkeTunnelMonEntry 8 }
+
+ jnxIkeTunMonLocalRole OBJECT-TYPE
+ SYNTAX JnxIkePeerRole
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The role of local peer identity. The Role of the local peer can be:
+ 1. initiator.
+ 2. or responder."
+ ::= { jnxIkeTunnelMonEntry 9 }
+
+ jnxIkeTunMonLocalIdType OBJECT-TYPE
+ SYNTAX JnxIkePeerType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of local peer identity. The local
+ peer may be identified by:
+ 1. an IP address, or
+ 2. or a fully qualified domain name string.
+ 3. or a distinguished name string."
+ ::= { jnxIkeTunnelMonEntry 10 }
+
+ jnxIkeTunMonLocalIdValue OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of the local peer identity.
+
+ If the local peer type is an IP Address, then this
+ is the IP Address used to identify the local peer.
+
+ If the local peer type is id_fqdn, then this is
+ the FQDN of the remote peer.
+
+ If the local peer type is a id_dn, then this is
+ the distinguished name string of the local peer."
+ ::= { jnxIkeTunnelMonEntry 11 }
+
+ jnxIkeTunMonLocalCertName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Name of the certificate used for authentication of the local
+ tunnel endpoint. This object will have some valid value only
+ if negotiated IKE authentication method is other than pre-saherd
+ key. If the IKE negotiation do not use certificate based
+ authentication method, then the value of this object will be a
+ NULL string."
+ ::= { jnxIkeTunnelMonEntry 12 }
+
+ jnxIkeTunMonRemoteIdType OBJECT-TYPE
+ SYNTAX JnxIkePeerType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of remote peer identity.
+ The remote peer may be identified by:
+ 1. an IP address, or
+ 2. or a fully qualified domain name string.
+ 3. or a distinguished name string."
+ ::= { jnxIkeTunnelMonEntry 13 }
+
+ jnxIkeTunMonRemoteIdValue OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of the remote peer identity.
+
+ If the remote peer type is an IP Address, then this
+ is the IP Address used to identify the remote peer.
+
+ If the remote peer type is id_fqdn, then this is
+ the FQDN of the remote peer.
+
+ If the remote peer type is a id_dn, then this is
+ the distinguished named string of the remote peer."
+ ::= { jnxIkeTunnelMonEntry 14 }
+
+ jnxIkeTunMonNegoMode OBJECT-TYPE
+ SYNTAX JnxIkeNegoMode
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The negotiation mode of the IPsec Phase-1 IKE Tunnel."
+ ::= { jnxIkeTunnelMonEntry 15 }
+
+ jnxIkeTunMonDiffHellmanGrp OBJECT-TYPE
+ SYNTAX JnxDiffHellmanGrp
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The Diffie Hellman Group used in IPsec Phase-1 IKE
+ negotiations."
+ ::= { jnxIkeTunnelMonEntry 16 }
+
+ jnxIkeTunMonEncryptAlgo OBJECT-TYPE
+ SYNTAX JnxEncryptAlgo
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The encryption algorithm used in IPsec Phase-1 IKE negotiations."
+ ::= { jnxIkeTunnelMonEntry 17 }
+
+ jnxIkeTunMonHashAlgo OBJECT-TYPE
+ SYNTAX JnxIkeHashAlgo
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The hash algorithm used in IPsec Phase-1 IKE negotiations."
+ ::= { jnxIkeTunnelMonEntry 18 }
+
+ jnxIkeTunMonAuthMethod OBJECT-TYPE
+ SYNTAX JnxIkeAuthMethod
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The authentication method used in IPsec Phase-1 IKE
+ negotiations."
+ ::= { jnxIkeTunnelMonEntry 19 }
+
+ jnxIkeTunMonLifeTime OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
+ in seconds."
+ ::= { jnxIkeTunnelMonEntry 20 }
+
+ jnxIkeTunMonActiveTime OBJECT-TYPE
+ SYNTAX TimeInterval
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The length of time the IPsec Phase-1 IKE tunnel has been
+ active in hundredths of seconds."
+ ::= { jnxIkeTunnelMonEntry 21 }
+
+ jnxIkeTunMonInOctets OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Octets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of octets received by this IPsec Phase-1
+ IKE security association."
+ ::= { jnxIkeTunnelMonEntry 22 }
+
+ jnxIkeTunMonInPkts OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of packets received by this IPsec Phase-1
+ IKE security association."
+ ::= { jnxIkeTunnelMonEntry 23 }
+
+ jnxIkeTunMonOutOctets OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Octets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of octets sent by this IPsec Phase-1
+ IKE security association."
+ ::= { jnxIkeTunnelMonEntry 24 }
+
+ jnxIkeTunMonOutPkts OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of packets sent by this IPsec Phase-1
+ IKE security association."
+ ::= { jnxIkeTunnelMonEntry 25 }
+
+ jnxIkeTunMonXAuthUserId OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The extended Authentication (XAuth) User Identifier, identifies the
+ user associated with this IPSec Phase negotiation."
+ ::= { jnxIkeTunnelMonEntry 26 }
+
+ jnxIkeTunMonDPDDownCount OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS obsolete
+ DESCRIPTION
+ "The number of times that the remote peer is detected
+ in a dead (or down) state. This attribute is obsolete"
+ ::= { jnxIkeTunnelMonEntry 27 }
+
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA request
+ message sent by Initiator."
+ ::= { jnxIkeTunnelMonEntry 28 }
+
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response
+ message received by Initiator."
+ ::= { jnxIkeTunnelMonEntry 29 }
+
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA NO_PROPSAL_CHOSEN
+ Notification received by Initiator."
+ ::= { jnxIkeTunnelMonEntry 30 }
+
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyInvalidKeIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA INVALID_KE_PAYLOAD
+ received by Initiator."
+ ::= { jnxIkeTunnelMonEntry 31 }
+
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyTsUnacceptableIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA TS_UNACCEPTABLE
+ notification received by Initiator."
+ ::= { jnxIkeTunnelMonEntry 32 }
+
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifySaFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response message
+ verification of peer SA failed at Initiator."
+ ::= { jnxIkeTunnelMonEntry 33 }
+
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifyDhGroupFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response message
+ verification of DH group failed at Initiator."
+ ::= { jnxIkeTunnelMonEntry 34 }
+
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResVerifyTsFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response message
+ verification of TS failed at Initiator."
+ ::= { jnxIkeTunnelMonEntry 35 }
+
+ jnxIkeTunMonInitiatorIkev2IPSecSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response message
+ Diffie-Hellman compute key failed at Initiator."
+ ::= { jnxIkeTunnelMonEntry 36 }
+
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA request
+ message received by Responder."
+ ::= { jnxIkeTunnelMonEntry 37 }
+
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response
+ message sent by Responder."
+ ::= { jnxIkeTunnelMonEntry 38 }
+
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA NO_PROPSAL_CHOSEN
+ Notification sent by Responder."
+ ::= { jnxIkeTunnelMonEntry 39 }
+
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyInvalidKeOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA INVALID_KE_PAYLOAD
+ Notification sent by Responder."
+ ::= { jnxIkeTunnelMonEntry 40 }
+
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyTsUnacceptableOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA TS_UNACCEPTABLE
+ notification sent by Responder."
+ ::= { jnxIkeTunnelMonEntry 41 }
+
+ jnxIkeTunMonResponderIkev2IPSecSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response message
+ Diffie-Hellman compute key failed at Responder."
+ ::= { jnxIkeTunnelMonEntry 42 }
+
+ jnxIkeTunMonGwName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The gateway name"
+ ::= { jnxIkeTunnelMonEntry 43 }
+
+ jnxIkeTunMonTunType OBJECT-TYPE
+ SYNTAX JnxIkeTunType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The Tunnel type. It can be regular (1) or ha-link (2)"
+ ::= { jnxIkeTunnelMonEntry 44 }
+
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- The IKEv2 global Statistics
+ -- Provides global statistics for all IKE tunnels, active and previous.
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIkeGlobalStats OBJECT IDENTIFIER
+ ::= { jnxIpSecFlowMonPhaseOne 3 }
+
+
+ -- Initiator IKE_SA_INIT exchange stats
+
+ jnxIkeGlobalInitiatorIkev2SaInitStats OBJECT IDENTIFIER
+ ::= { jnxIkeGlobalStats 1 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT request message sent by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 1 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 2 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitResInvalidIkeSpi OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message containing invalid
+ SPI received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 3 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitInvalidKePayloadIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT INVALID_KE_PAYLOAD received
+ by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 4 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT NO_PROPSAL_CHOSEN received
+ by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 5 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitResVerifySaFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message verification
+ of peer SA failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 6 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitResIkeSaFillFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message IKE SA fill
+ operation failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 7 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitResVerifyDhGroupFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message verification of
+ DH group failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 8 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitCookieRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT COOKIE notification request
+ message received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 9 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitCookieResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT COOKIE notification
+ response message sent by Responder."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 10 }
+
+ jnxIkeGlobalInitiatorIkev2SaInitResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message Diffie-Hellman
+ compute key failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2SaInitStats 11 }
+
+ -- Responder IKE_SA_INIT exchange stats
+
+ jnxIkeGlobalResponderIkev2SaInitStats OBJECT IDENTIFIER
+ ::= { jnxIkeGlobalStats 2 }
+
+ jnxIkeGlobalResponderIkev2SaInitRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT request message received by Responder."
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 1 }
+
+ jnxIkeGlobalResponderIkev2SaInitResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 2 }
+
+ jnxIkeGlobalResponderIkev2SaInitNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT NO_PROPSAL_CHOSEN notification
+ sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 3 }
+
+ jnxIkeGlobalResponderIkev2SaInitInvalidKePayloadOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT INVALID_KE_PAYLOAD notification
+ sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 4 }
+
+ jnxIkeGlobalResponderIkev2SaInitResInvalidDhGroupConf OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message invalid DH group
+ configured at Responder."
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 5 }
+
+ jnxIkeGlobalResponderIkev2SaInitResDhGenKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message Diffie-Hellman
+ generate key failed at Responder"
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 6 }
+
+ jnxIkeGlobalResponderIkev2SaInitResGetCAsFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message get CAs failed at
+ Responder."
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 7 }
+
+ jnxIkeGlobalResponderIkev2SaInitResGetVidFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message get vendor ID
+ request failed at Responder."
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 8 }
+
+ jnxIkeGlobalResponderIkev2SaInitResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message Diffie-Hellman
+ compute key failed at Responder"
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 9 }
+
+ jnxIkeGlobalResponderIkev2SaInitCookieRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT COOKIE notification request message
+ sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 10 }
+
+ jnxIkeGlobalResponderIkev2SaInitCookieResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT COOKIE notification response
+ message received by Responder."
+ ::= { jnxIkeGlobalResponderIkev2SaInitStats 11 }
+
+
+ -- Initiator IKE_AUTH exchange stats
+
+ jnxIkeGlobalInitiatorIkev2AuthStats OBJECT IDENTIFIER
+ ::= { jnxIkeGlobalStats 3 }
+
+ jnxIkeGlobalInitiatorIkev2AuthRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH request message sent by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2AuthStats 1 }
+
+ jnxIkeGlobalInitiatorIkev2AuthResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH response message received by
+ Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2AuthStats 2 }
+
+ jnxIkeGlobalInitiatorIkev2AuthNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH NO_PROPSAL_CHOSEN notification
+ received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2AuthStats 3 }
+
+ jnxIkeGlobalInitiatorIkev2AuthTsUnacceptableIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH TS_UNACCEPTABLE notification
+ received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2AuthStats 4 }
+
+ jnxIkeGlobalInitiatorIkev2AuthAuthenticationFailedIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH AUTHENTICATION_FAILED
+ notification received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2AuthStats 5 }
+
+
+ -- Responder IKE_AUTH exchange stats
+
+ jnxIkeGlobalResponderIkev2AuthStats OBJECT IDENTIFIER
+ ::= { jnxIkeGlobalStats 4 }
+
+ jnxIkeGlobalResponderIkev2AuthRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH request message received by Responder."
+ ::= { jnxIkeGlobalResponderIkev2AuthStats 1 }
+
+ jnxIkeGlobalResponderIkev2AuthResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH response message sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2AuthStats 2 }
+
+ jnxIkeGlobalResponderIkev2AuthNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH NO_PROPSAL_CHOSEN notification
+ sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2AuthStats 3 }
+
+ jnxIkeGlobalResponderIkev2AuthTsUnacceptableOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH TS_UNACCEPTABLE notification
+ sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2AuthStats 4 }
+
+ jnxIkeGlobalResponderIkev2AuthAuthenticationFailedOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH request message AUTHENTICATION_FAILED
+ notification sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2AuthStats 5 }
+
+
+ --- Initiator IKE SA rekey CREATE_CHILD_SA exchange stats
+
+ jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats OBJECT IDENTIFIER
+ ::= { jnxIkeGlobalStats 5 }
+
+ jnxIkeGlobalInitiatorIkev2IkeSaRekeyRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey CREATE_CHILD_SA request message
+ sent by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 1 }
+
+ jnxIkeGlobalInitiatorIkev2IkeSaRekeyResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey CREATE_CHILD_SA response message
+ received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 2 }
+
+ jnxIkeGlobalInitiatorIkev2IkeSaRekeyNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey NO_PROPSAL_CHOSEN notification
+ received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 3 }
+
+ jnxIkeGlobalInitiatorIkev2IkeSaRekeyInvalidKeIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey INVALID_KE_PAYLOAD notification
+ received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 4 }
+
+ jnxIkeGlobalInitiatorIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ Diffie-Hellman compute key failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 5 }
+
+ jnxIkeGlobalInitiatorIkev2IkeSaRekeyResVerifySaFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ verification of peer SA failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 6 }
+
+ jnxIkeGlobalInitiatorIkev2IkeSaRekeyResFillIkeSaFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ fill IKE SA failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 7 }
+
+ jnxIkeGlobalInitiatorIkev2IkeSaRekeyResVerifyDhGroupFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ verification of DH group failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IkeSaRekeyStats 8 }
+
+
+ --- Responder IKE SA rekey CREATE_CHILD_SA exchange stats
+
+ jnxIkeGlobalResponderIkev2IkeSaRekeyStats OBJECT IDENTIFIER
+ ::= { jnxIkeGlobalStats 6 }
+
+ jnxIkeGlobalResponderIkev2IkeSaRekeyRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey request message
+ received by Responder."
+ ::= { jnxIkeGlobalResponderIkev2IkeSaRekeyStats 1 }
+
+ jnxIkeGlobalResponderIkev2IkeSaRekeyResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2IkeSaRekeyStats 2 }
+
+ jnxIkeGlobalResponderIkev2IkeSaRekeyNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey NO_PROPSAL_CHOSEN
+ notification sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2IkeSaRekeyStats 3 }
+
+ jnxIkeGlobalResponderIkev2IkeSaRekeyInvalidKeOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey INVALID_KE_PAYLOAD
+ notification sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2IkeSaRekeyStats 4 }
+
+ jnxIkeGlobalResponderIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ Diffie-Hellman compute key failed at Responder."
+ ::= { jnxIkeGlobalResponderIkev2IkeSaRekeyStats 5 }
+
+
+ --- Initiator IPSec SA rekey CREATE_CHILD_SA exchange stats
+
+ jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats OBJECT IDENTIFIER
+ ::= { jnxIkeGlobalStats 7 }
+
+ jnxIkeGlobalInitiatorIkev2IpsecSaRekeyRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey request
+ message sent by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 1 }
+
+ jnxIkeGlobalInitiatorIkev2IpsecSaRekeyResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response
+ message received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 2 }
+
+ jnxIkeGlobalInitiatorIkev2IpsecSaRekeyNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey NO_PROPSAL_CHOSEN
+ notification received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 3 }
+
+ jnxIkeGlobalInitiatorIkev2IpsecSaRekeyInvalidKeIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey INVALID_KE_PAYLOAD
+ notification received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 4 }
+
+ jnxIkeGlobalInitiatorIkev2IpsecSaRekeyTsUnacceptableIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey TS_UNACCEPTABLE
+ notification received by Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 5 }
+
+ jnxIkeGlobalInitiatorIkev2IpsecSaRekeyResVerifySaFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response message
+ verification of peer SA failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 6 }
+
+ jnxIkeGlobalInitiatorIkev2IpsecSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response message
+ Diffie-Hellman compute key failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 7 }
+
+ jnxIkeGlobalInitiatorIkev2IpsecSaRekeyResVerifyDhGroupFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response message
+ verification of DH group failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 8 }
+
+ jnxIkeGlobalInitiatorIkev2IpsecSaRekeyResVerifyTsFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response message
+ verification of TS failed at Initiator."
+ ::= { jnxIkeGlobalInitiatorIkev2IpsecSaRekeyStats 9 }
+
+
+ --- Responder IPSec SA rekey CREATE_CHILD_SA exchange stats
+
+ jnxIkeGlobalResponderIkev2IpsecSaRekeyStats OBJECT IDENTIFIER
+ ::= { jnxIkeGlobalStats 8 }
+
+ jnxIkeGlobalResponderIkev2IpsecSaRekeyRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey request
+ message received by Responder."
+ ::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 1 }
+
+ jnxIkeGlobalResponderIkev2IpsecSaRekeyResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response
+ message sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 2 }
+
+ jnxIkeGlobalResponderIkev2IpsecSaRekeyNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey NO_PROPSAL_CHOSEN
+ notification sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 3 }
+
+ jnxIkeGlobalResponderIkev2IpsecSaRekeyInvalidKeOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey INVALID_KE_PAYLOAD
+ notification sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 4 }
+
+ jnxIkeGlobalResponderIkev2IpsecSaRekeyTsUnacceptableOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey TS_UNACCEPTABLE
+ notification sent by Responder."
+ ::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 5 }
+
+ jnxIkeGlobalResponderIkev2IpsecSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response message
+ Diffie-Hellman compute key failed at Responder."
+ ::= { jnxIkeGlobalResponderIkev2IpsecSaRekeyStats 6 }
+
+
+ --- Message failure stats
+
+ jnxIkeGlobalIkev2MsgFailStats OBJECT IDENTIFIER
+ ::= { jnxIkeGlobalStats 9 }
+
+ jnxIkeGlobalIkev2TotalDiscarded OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of discarded messages. Includes the failures
+ encountered during decode of IKEv2 packets that is failures
+ before the IKEv2 exchange payload processing. Also this
+ counter encompasses all the other message failure counters."
+ ::= { jnxIkeGlobalIkev2MsgFailStats 1 }
+
+ jnxIkeGlobalIkev2TotalIdError OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages with ID error. Message ID is not
+ compliant with what is expected. For ex. IKE_SA_INIT message
+ with message ID larger than zero is encountered."
+ ::= { jnxIkeGlobalIkev2MsgFailStats 2 }
+
+ jnxIkeGlobalIkev2TotalIntegrityFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages with Integrity check failure."
+ ::= { jnxIkeGlobalIkev2MsgFailStats 3 }
+
+ jnxIkeGlobalIkev2TotalInvalidSPI OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages with Invalid SPI failure. Used one
+ of the SPIs to find the SA, but the other SPI is not matching.
+ Invalid IKE SPIs in IKE_SA_INIT response message at Initiator."
+ ::= { jnxIkeGlobalIkev2MsgFailStats 4 }
+
+ jnxIkeGlobalIkev2TotalInvalidExchgType OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages with unknown / unexpected exchange type
+ encountered during message exchange."
+ ::= { jnxIkeGlobalIkev2MsgFailStats 5 }
+
+ jnxIkeGlobalIkev2TotalInvalidLength OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages with Invalid length failure. During
+ decode a malformed message where length is inconsistent with
+ that indicated in header is encountered."
+ ::= { jnxIkeGlobalIkev2MsgFailStats 6 }
+
+ jnxIkeGlobalIkev2TotalDisorder OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages failure due to disorder. Packet message
+ ID is out of window. For a response packet the corresponding
+ request with given message ID is not found."
+ ::= { jnxIkeGlobalIkev2MsgFailStats 7 }
+
+
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- The Internet Key Exchange Peer Table
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIkePeerAddrTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF JnxIkePeerAddrEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The IKE Key Exchange Peer Address Table. There is one entry in this table
+ for each IKE peer with which the managed entity is currently associated."
+ ::= { jnxIpSecFlowMonPhaseOne 4 }
+
+ jnxIkePeerAddrEntry OBJECT-TYPE
+ SYNTAX JnxIkePeerAddrEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Each entry contains the attributes associated with
+ an IKE Peer."
+ INDEX { jnxIkePeerAddrState,
+ jnxIkePeerAddrRemoteGwAddrType,
+ jnxIkePeerAddrRemoteGwAddr,
+ jnxIkePeerAddrRemotePort,
+ jnxIkePeerAddrLocalGwAddrType,
+ jnxIkePeerAddrLocalGwAddr,
+ jnxIkePeerAddrLocalPort,
+ jnxIkePeerAddrRoutingInstance }
+ ::= { jnxIkePeerAddrTable 1 }
+
+ JnxIkePeerAddrEntry::= SEQUENCE {
+ jnxIkePeerAddrState JnxPeerStateType,
+ jnxIkePeerAddrRemoteGwAddrType InetAddressType,
+ jnxIkePeerAddrRemoteGwAddr InetAddress,
+ jnxIkePeerAddrRemotePort InetPortNumber,
+ jnxIkePeerAddrLocalGwAddrType InetAddressType,
+ jnxIkePeerAddrLocalGwAddr InetAddress,
+ jnxIkePeerAddrLocalPort InetPortNumber,
+ jnxIkePeerAddrRoutingInstance DisplayString,
+ jnxIkePeerAddrIndex Integer32
+ }
+
+ jnxIkePeerAddrState OBJECT-TYPE
+ SYNTAX JnxPeerStateType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The state of the peer, it can be:
+ 1. active - The IKE peer is currently associated by an active IKE SA.
+ There is at least one active IKE SA or Tunnel
+ termination on the managed entity from the peer.
+ 2. down - The IKE peer was associated with a previously
+ active IKE SA."
+ ::= { jnxIkePeerAddrEntry 1 }
+
+ jnxIkePeerAddrRemoteGwAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address type of the remote gateway (endpoint) for the IPSec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkePeerAddrEntry 2 }
+
+ jnxIkePeerAddrRemoteGwAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the remote gateway (endpoint) for the IPSec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkePeerAddrEntry 3 }
+
+ jnxIkePeerAddrRemotePort OBJECT-TYPE
+ SYNTAX InetPortNumber
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The port number of the remote gateway (endpoint) for the IKE
+ SA negotiation. The port number zero means the input value is
+ ignored for this object and the default port is considered."
+ ::= { jnxIkePeerAddrEntry 4 }
+
+ jnxIkePeerAddrLocalGwAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address type of the local endpoint (gateway) for the IPSec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkePeerAddrEntry 5 }
+
+ jnxIkePeerAddrLocalGwAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the local endpoint (gateway) for the IPSec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkePeerAddrEntry 6 }
+
+ jnxIkePeerAddrLocalPort OBJECT-TYPE
+ SYNTAX InetPortNumber
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The port number of the local gateway (endpoint) for the IKE SA
+ negotiation. The port number zero means the input value is
+ ignored for this object and the default port is considered."
+ ::= { jnxIkePeerAddrEntry 7 }
+
+ jnxIkePeerAddrRoutingInstance OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The VR ID."
+ ::= { jnxIkePeerAddrEntry 8 }
+
+ jnxIkePeerAddrIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The index of the IPSec Phase-1 key exchange Peer Table.
+ The value of the index is a number which begins
+ at one and is incremented with each peer that is created
+ due to an association. The value of this object will wrap
+ at 2,147,483,647."
+ ::= { jnxIkePeerAddrEntry 9 }
+
+
+ jnxIkePeerIdTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF JnxIkePeerIdEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The IKE Key Exchange Peer ID Table. There is one entry in this table
+ for each IKE peer with which the managed entity is currently associated.
+ In the index truncated value for Remote ID value, Local ID value and AAA
+ username is used to restrict the length of the SNMP index to a legal
+ size. In the index, for jnxIkePeerIdRemoteId and jnxIkePeerIdLocalId, any
+ string longer than 41 bytes will be truncated and only 41 bytes would be
+ considered. Similarly in the index, for jnxIkePeerIdAAAUserName, any
+ string longer than 25 bytes will be truncated and only 25 bytes would be
+ considered. Because of the truncation, the index may become same for
+ different peers, to keep the index unique, jnxIkePeerInternalIndex is
+ used to uniquely identify each peer."
+
+ ::= { jnxIpSecFlowMonPhaseOne 5 }
+
+ jnxIkePeerIdEntry OBJECT-TYPE
+ SYNTAX JnxIkePeerIdEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Each entry contains the attributes associated with
+ an IKE Peer."
+ INDEX { jnxIkePeerIdState,
+ jnxIkePeerIdRemoteIdType,
+ jnxIkePeerIdRemoteIdValue,
+ jnxIkePeerIdLocalIdType,
+ jnxIkePeerIdLocalIdValue,
+ jnxIkePeerIdAAAUserName,
+ jnxIkePeerInternalIndex }
+ ::= { jnxIkePeerIdTable 1 }
+
+ JnxIkePeerIdEntry::= SEQUENCE {
+ jnxIkePeerIdState JnxPeerStateType,
+ jnxIkePeerIdRemoteIdType JnxIkePeerType,
+ jnxIkePeerIdRemoteIdValue DisplayString,
+ jnxIkePeerIdLocalIdType JnxIkePeerType,
+ jnxIkePeerIdLocalIdValue DisplayString,
+ jnxIkePeerIdAAAUserName DisplayString,
+ jnxIkePeerIdIndex Integer32,
+ jnxIkePeerInternalIndex Integer32
+ }
+
+ jnxIkePeerIdState OBJECT-TYPE
+ SYNTAX JnxPeerStateType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The state of the peer, it can be:
+ 1. active - The IKE peer is currently associated by an active IKE SA.
+ There is at least one active IKE SA or Tunnel
+ termination on the managed entity from the peer.
+ 2. down - The IKE peer was associated with a previously
+ active IKE SA."
+ ::= { jnxIkePeerIdEntry 1 }
+
+ jnxIkePeerIdRemoteIdType OBJECT-TYPE
+ SYNTAX JnxIkePeerType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of remote peer identity.
+ The remote peer may be identified by:
+ 1. an IP address, or
+ 2. or a fully qualified domain name string.
+ 3. or a distinguished name string."
+ ::= { jnxIkePeerIdEntry 2 }
+
+ jnxIkePeerIdRemoteIdValue OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of the remote peer identity.
+
+ If the remote peer type is an IP Address, then this
+ is the IP Address used to identify the remote peer.
+
+ If the remote peer type is id_fqdn, then this is
+ the FQDN of the remote peer.
+
+ If the remote peer type is a id_dn, then this is
+ the distinguished named string of the remote peer."
+ ::= { jnxIkePeerIdEntry 3 }
+
+ jnxIkePeerIdLocalIdType OBJECT-TYPE
+ SYNTAX JnxIkePeerType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of local peer identity. The local
+ peer may be identified by:
+ 1. an IP address, or
+ 2. or a fully qualified domain name string.
+ 3. or a distinguished name string."
+ ::= { jnxIkePeerIdEntry 4 }
+
+ jnxIkePeerIdLocalIdValue OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of the local peer identity.
+
+ If the local peer type is an IP Address, then this
+ is the IP Address used to identify the local peer.
+
+ If the local peer type is id_fqdn, then this is
+ the FQDN of the remote peer.
+
+ If the local peer type is a id_dn, then this is
+ the distinguished name string of the local peer."
+ ::= { jnxIkePeerIdEntry 5 }
+
+ jnxIkePeerIdAAAUserName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Identifies the user with the specified authentication,
+ authorization and accounting (AAA) username, associated
+ with the IKE SA negotiation."
+ ::= { jnxIkePeerIdEntry 6 }
+
+ jnxIkePeerInternalIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The internal index of the Peer Id table.
+ This index is used to uniquely identify multiple
+ entry for the same truncated ids."
+ ::= { jnxIkePeerIdEntry 7 }
+
+ jnxIkePeerIdIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The index of the IPSec Phase-1 key exchange Peer Table.
+ The value of the index is a number which begins
+ at one and is incremented with each peer that is created
+ due to an association. The value of this object will wrap
+ at 2,147,483,647."
+ ::= { jnxIkePeerIdEntry 8 }
+
+
+ jnxIkePeerStatsTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF JnxIkePeerStatsEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The IKE Key Exchange Peer Stats Table. There is one entry in this table
+ for each IKE peer with which the managed entity is currently associated."
+ ::= { jnxIpSecFlowMonPhaseOne 6 }
+
+ jnxIkePeerStatsEntry OBJECT-TYPE
+ SYNTAX JnxIkePeerStatsEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Each entry contains the attributes associated with an IKE Peer."
+ INDEX { jnxIkePeerStatsState,
+ jnxIkePeerStatsIndex }
+ ::= { jnxIkePeerStatsTable 1 }
+
+ JnxIkePeerStatsEntry::= SEQUENCE {
+ jnxIkePeerStatsState JnxPeerStateType,
+ jnxIkePeerStatsIndex Integer32,
+ jnxIkePeerStatsRemoteGwAddrType InetAddressType,
+ jnxIkePeerStatsRemoteGwAddr InetAddress,
+ jnxIkePeerStatsRemotePort InetPortNumber,
+ jnxIkePeerStatsLocalGwAddrType InetAddressType,
+ jnxIkePeerStatsLocalGwAddr InetAddress,
+ jnxIkePeerStatsLocalPort InetPortNumber,
+ jnxIkePeerStatsRoutingInstance DisplayString,
+ jnxIkePeerStatsRemoteIdType JnxIkePeerType,
+ jnxIkePeerStatsRemoteIdValue DisplayString,
+ jnxIkePeerStatsLocalIdType JnxIkePeerType,
+ jnxIkePeerStatsLocalIdValue DisplayString,
+ jnxIkePeerStatsAAAUserName DisplayString,
+ jnxIkePeerStatsGwName DisplayString,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitRequestOut Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResponseIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResInvalidIkeSpi Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitInvalidKePayloadIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitNoProposalChosenIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResVerifySaFail Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResIkeSaFillFail Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResVerifyDhGroupFail Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitCookieRequestIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitCookieResponseOut Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResDhComputeKeyFail Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitRequestIn Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResponseOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitNoProposalChosenOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitInvalidKePayloadOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResInvalidDhGroupConf Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResDhGenKeyFail Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResGetCAsFail Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResGetVidFail Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResDhComputeKeyFail Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitCookieRequestOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitCookieResponseIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2AuthRequestOut Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2AuthResponseIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2AuthNoProposalChosenIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2AuthTsUnacceptableIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2AuthAuthenticationFailedIn Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2AuthRequestIn Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2AuthResponseOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2AuthAuthenticationFailedOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2AuthNoProposalChosenOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2AuthTsUnacceptableOut Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyRequestOut Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResponseIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyNoProposalChosenIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyInvalidKeIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResVerifySaFail Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResFillIkeSaFail Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResVerifyDhGroupFail Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResDhComputeKeyFail Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyRequestIn Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyResponseOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyNoProposalChosenOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyInvalidKeOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyResDhComputeKeyFail Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyRequestOut Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResponseIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyNoProposalChosenIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyInvalidKeIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyTsUnacceptableIn Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifySaFail Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifyDhGrpFail Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifyTsFail Counter64,
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResDhCompKeyFail Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyRequestIn Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyResponseOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyNoPropChosenOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyInvalidKeOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyTsUnacceptableOut Counter64,
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyResDhCompKeyFail Counter64,
+ jnxIkePeerStatsTunType JnxIkeTunType
+ }
+
+ jnxIkePeerStatsState OBJECT-TYPE
+ SYNTAX JnxPeerStateType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The state of the peer, it can be:
+ 1. active - The IKE peer is currently associated by an active IKE SA.
+ There is at least one active IKE SA or Tunnel
+ termination on the managed entity from the peer.
+ 2. down - The IKE peer was associated with a previously
+ active IKE SA."
+ ::= { jnxIkePeerStatsEntry 1 }
+
+ jnxIkePeerStatsIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The index of the IPSec Phase-1 key exchange Peer Table.
+ The value of the index is a number which begins
+ at one and is incremented with each peer that is created
+ due to an association. The value of this object will wrap
+ at 2,147,483,647."
+ ::= { jnxIkePeerStatsEntry 2 }
+
+ jnxIkePeerStatsRemoteGwAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address type of the remote gateway (endpoint) for the IPSec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkePeerStatsEntry 3 }
+
+ jnxIkePeerStatsRemoteGwAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the remote gateway (endpoint) for the IPSec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkePeerStatsEntry 4 }
+
+ jnxIkePeerStatsRemotePort OBJECT-TYPE
+ SYNTAX InetPortNumber
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value specifying a port associated with the remote gateway
+ (endpoint) for the IKE Tunnel. A value of zero means that the port should
+ be ignored."
+ ::= { jnxIkePeerStatsEntry 5 }
+
+ jnxIkePeerStatsLocalGwAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address type of the local endpoint (gateway) for the IPSec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkePeerStatsEntry 6 }
+
+ jnxIkePeerStatsLocalGwAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the local endpoint (gateway) for the IPSec
+ Phase-1 IKE Tunnel."
+ ::= { jnxIkePeerStatsEntry 7 }
+
+ jnxIkePeerStatsLocalPort OBJECT-TYPE
+ SYNTAX InetPortNumber
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value specifying a port associated with the local endpoint
+ (gateway) for the IKE Tunnel. A value of zero means that the port should
+ be ignored."
+ ::= { jnxIkePeerStatsEntry 8 }
+
+ jnxIkePeerStatsRoutingInstance OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The VR ID."
+ ::= { jnxIkePeerStatsEntry 9 }
+
+ jnxIkePeerStatsRemoteIdType OBJECT-TYPE
+ SYNTAX JnxIkePeerType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of remote peer identity.
+ The remote peer may be identified by:
+ 1. an IP address, or
+ 2. or a fully qualified domain name string.
+ 3. or a distinguished name string."
+ ::= { jnxIkePeerStatsEntry 10 }
+
+ jnxIkePeerStatsRemoteIdValue OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of the remote peer identity.
+ If the remote peer type is an IP Address, then this
+ is the IP Address used to identify the remote peer.
+ If the remote peer type is id_fqdn, then this is
+ the FQDN of the remote peer.
+ If the remote peer type is a id_dn, then this is
+ the distinguished named string of the remote peer."
+ ::= { jnxIkePeerStatsEntry 11 }
+
+ jnxIkePeerStatsLocalIdType OBJECT-TYPE
+ SYNTAX JnxIkePeerType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of local peer identity. The local
+ peer may be identified by:
+ 1. an IP address, or
+ 2. or a fully qualified domain name string.
+ 3. or a distinguished name string."
+ ::= { jnxIkePeerStatsEntry 12 }
+
+ jnxIkePeerStatsLocalIdValue OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of the local peer identity.
+ If the local peer type is an IP Address, then this
+ is the IP Address used to identify the local peer.
+ If the local peer type is id_fqdn, then this is
+ the FQDN of the remote peer.
+ If the local peer type is a id_dn, then this is
+ the distinguished name string of the local peer."
+ ::= { jnxIkePeerStatsEntry 13 }
+
+ jnxIkePeerStatsAAAUserName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The extended authentication User Name, identifies the
+ user associated with the IKE SA negotiation."
+ ::= { jnxIkePeerStatsEntry 14 }
+
+ jnxIkePeerStatsGwName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The gateway name"
+ ::= { jnxIkePeerStatsEntry 15 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT request message sent by
+ Initiator."
+ ::= { jnxIkePeerStatsEntry 16 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message received by
+ Initiator."
+ ::= { jnxIkePeerStatsEntry 17 }
+
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResInvalidIkeSpi OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message containing invalid
+ SPI received by Initiator."
+ ::= { jnxIkePeerStatsEntry 18 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitInvalidKePayloadIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of IKE_SA_INIT INVALID_KE_PAYLOAD received by
+ Initiator."
+ ::= { jnxIkePeerStatsEntry 19 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT NO_PROPSAL_CHOSEN received
+ by Initiator."
+ ::= { jnxIkePeerStatsEntry 20 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResVerifySaFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message verification
+ of peer SA failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 21 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResIkeSaFillFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message IKE_SA fill operation
+ failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 22 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResVerifyDhGroupFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message verification of
+ DH group failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 23 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitCookieRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of IKE_SA_INIT COOKIE notification request
+ message received by Initiator."
+ ::= { jnxIkePeerStatsEntry 24 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitCookieResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of IKE_SA_INIT COOKIE notification
+ response message sent by Responder."
+ ::= { jnxIkePeerStatsEntry 25 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2SaInitResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ Diffie-Hellman compute key failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 26 }
+
+ -- Responder IKE_SA_INIT exchange stats
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT request message received by
+ Responder."
+ ::= { jnxIkePeerStatsEntry 27 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message sent by
+ Responder."
+ ::= { jnxIkePeerStatsEntry 28 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT NO_PROPSAL_CHOSEN notification
+ sent by Responder"
+ ::= { jnxIkePeerStatsEntry 29 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitInvalidKePayloadOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT INVALID_KE_PAYLOAD notification sent by
+ Responder."
+ ::= { jnxIkePeerStatsEntry 30 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResInvalidDhGroupConf OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message invalid DH group
+ configured at Responder."
+ ::= { jnxIkePeerStatsEntry 31 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResDhGenKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message Diffie-Hellman
+ generate key failed at Responder"
+ ::= { jnxIkePeerStatsEntry 32 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResGetCAsFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message get CAs failed at
+ Responder."
+ ::= { jnxIkePeerStatsEntry 33 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResGetVidFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message get vendor ID request
+ failed at Responder."
+ ::= { jnxIkePeerStatsEntry 34 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT response message Diffie-Hellman
+ compute key failed at Responder"
+ ::= { jnxIkePeerStatsEntry 35 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitCookieRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT COOKIE notification request
+ sent by Responder."
+ ::= { jnxIkePeerStatsEntry 36 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2SaInitCookieResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA_INIT COOKIE notification response
+ message received by Responder."
+ ::= { jnxIkePeerStatsEntry 37 }
+
+ -- Initiator IKE_AUTH exchange stats
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2AuthRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of IKE_AUTH request message sent by Initiator."
+ ::= { jnxIkePeerStatsEntry 38 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2AuthResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of IKE_AUTH response message received by
+ Initiator."
+ ::= { jnxIkePeerStatsEntry 39 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2AuthNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_AUTH NO_PROPSAL_CHOSEN notification
+ received by Initiator."
+ ::= { jnxIkePeerStatsEntry 40 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2AuthTsUnacceptableIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_AUTH TS_UNACCEPTABLE notification
+ received by Initiator."
+ ::= { jnxIkePeerStatsEntry 41 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2AuthAuthenticationFailedIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_AUTH AUTHENTICATION_FAILED
+ notification received by Initiator."
+ ::= { jnxIkePeerStatsEntry 42 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2AuthRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_AUTH request message received by
+ Responder."
+ ::= { jnxIkePeerStatsEntry 43 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2AuthResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_AUTH response message sent by Responder."
+ ::= { jnxIkePeerStatsEntry 44 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2AuthAuthenticationFailedOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_AUTH request message AUTHENTICATION_FAILED
+ notification sent by Responder."
+ ::= { jnxIkePeerStatsEntry 45 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2AuthNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_AUTH NO_PROPSAL_CHOSEN notification
+ sent by Responder."
+ ::= { jnxIkePeerStatsEntry 46 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2AuthTsUnacceptableOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_AUTH TS_UNACCEPTABLE notification
+ sent by Responder."
+ ::= { jnxIkePeerStatsEntry 47 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA rekey CREATE_CHILD_SA request message
+ sent by Initiator."
+ ::= { jnxIkePeerStatsEntry 48 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA rekey CREATE_CHILD_SA response message
+ received by Initiator."
+ ::= { jnxIkePeerStatsEntry 49 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of CREATE_CHILD_SA IKE SA rekey NO_PROPSAL_CHOSEN
+ notification received by Initiator."
+ ::= { jnxIkePeerStatsEntry 50 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyInvalidKeIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of CREATE_CHILD_SA IKE SA rekey INVALID_KE_PAYLOAD
+ received by Initiator."
+ ::= { jnxIkePeerStatsEntry 51 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResVerifySaFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of CREATE_CHILD_SA IKE SA rekey response message
+ verification of peer SA failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 52 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResFillIkeSaFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA rekey CREATE_CHILD_SA response message
+ fill IKE_SA failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 53 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResVerifyDhGroupFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of CREATE_CHILD_SA IKE SA rekey response message
+ verification of DH group failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 54 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of CREATE_CHILD_SA IKE SA rekey response message
+ Diffie-Hellman compute key failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 55 }
+
+ --- Responder Rekeying IKE SA CREATE_CHILD_SA Exchange
+
+ jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA rekey CREATE_CHILD_SA request message
+ received by Responder."
+ ::= { jnxIkePeerStatsEntry 56 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA rekey CREATE_CHILD_SA response message
+ sent by Responder."
+ ::= { jnxIkePeerStatsEntry 57 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of CREATE_CHILD_SA IKE rekey NO_PROPSAL_CHOSEN
+ notification sent by Responder"
+ ::= { jnxIkePeerStatsEntry 58 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyInvalidKeOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IKE_SA rekey CREATE_CHILD_SA
+ INVALID_KE_PAYLOAD sent by Responder."
+ ::= { jnxIkePeerStatsEntry 59 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of CREATE_CHILD_SA IKE rekey response message
+ Diffie-Hellman compute key failed at Responder."
+ ::= { jnxIkePeerStatsEntry 60 }
+
+ --- Initiator Rekeying IPSec SA CREATE_CHILD_SA Exchange
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA request
+ message sent by Initiator."
+ ::= { jnxIkePeerStatsEntry 61 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response
+ message received by Initiator."
+ ::= { jnxIkePeerStatsEntry 62 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA NO_PROPSAL_CHOSEN
+ notification received by Initiator."
+ ::= { jnxIkePeerStatsEntry 63 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyInvalidKeIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA INVALID_KE_PAYLOAD
+ received by Initiator."
+ ::= { jnxIkePeerStatsEntry 64 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyTsUnacceptableIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA TS_UNACCEPTABLE
+ notification received by Initiator."
+ ::= { jnxIkePeerStatsEntry 65 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifySaFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response message
+ verification of peer SA failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 66 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifyDhGrpFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response message
+ verification of DH group failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 67 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResVerifyTsFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response message
+ verification of TS failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 68 }
+
+ jnxIkePeerStatsIkeSaInitiatorIkev2IPSecSaRekeyResDhCompKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response message
+ Diffie-Hellman compute key failed at Initiator."
+ ::= { jnxIkePeerStatsEntry 69 }
+
+ --- Responder Rekeying IPSec SAs CREATE_CHILD_SA Exchange
+
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of IPSec SA rekey CREATE_CHILD_SA request
+ message received by Responder."
+ ::= { jnxIkePeerStatsEntry 70 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of IPSec SA rekey CREATE_CHILD_SA response
+ message sent by Responder."
+ ::= { jnxIkePeerStatsEntry 71 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyNoPropChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA NO_PROPSAL_CHOSEN
+ Notification sent by Responder."
+ ::= { jnxIkePeerStatsEntry 72 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyInvalidKeOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA INVALID_KE_PAYLOAD
+ Notification sent by Responder."
+ ::= { jnxIkePeerStatsEntry 73 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyTsUnacceptableOut OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA TS_UNACCEPTABLE
+ notification sent by Responder."
+ ::= { jnxIkePeerStatsEntry 74 }
+
+ jnxIkePeerStatsIkeSaResponderIkev2IPSecSaRekeyResDhCompKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Messages"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of IPSec SA rekey CREATE_CHILD_SA response message
+ Diffie-Hellman compute key failed at Responder."
+ ::= { jnxIkePeerStatsEntry 75 }
+
+ jnxIkePeerStatsTunType OBJECT-TYPE
+ SYNTAX JnxIkeTunType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The Tunnel type. It can be regular (1) or ha-link (2)."
+ ::= { jnxIkePeerStatsEntry 76 }
+
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- The Peer association to active IKE SA - Correlation Table
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxPeerIkeSaCorrTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF JnxPeerIkeSaCorrEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The Peer Association to active IKE SA - Correlation Table.
+ There is one entry in this table for each active IKE SA."
+ ::= { jnxIpSecFlowMonPhaseOne 7 }
+
+ jnxPeerIkeSaCorrEntry OBJECT-TYPE
+ SYNTAX JnxPeerIkeSaCorrEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Each entry contains the attributes of an
+ Peer Association to active IKE SA Correlation."
+ INDEX { jnxPeerIkeSaCorrPeerIndex,
+ jnxPeerIkeSaCorrIntIndex }
+ ::= { jnxPeerIkeSaCorrTable 1 }
+
+ JnxPeerIkeSaCorrEntry ::= SEQUENCE {
+ jnxPeerIkeSaCorrPeerIndex Integer32,
+ jnxPeerIkeSaCorrIntIndex Integer32,
+ jnxPeerIkeSaCorrIkeTunMonIndex Integer32
+ }
+
+ jnxPeerIkeSaCorrPeerIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of the Peer (jnxPeerIndex in the
+ jnxIkePeerTable)."
+ ::= { jnxPeerIkeSaCorrEntry 1 }
+
+ jnxPeerIkeSaCorrIntIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The internal index of the Peer and IKE SA association.
+ This internal index is used to uniquely identify multiple
+ Instances of a unique association between the peer
+ and IKE SA."
+ ::= { jnxPeerIkeSaCorrEntry 2 }
+
+ jnxPeerIkeSaCorrIkeTunMonIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The index of the active IKE SA (jnxIkeTunMonIndex in
+ the jnxIkeTunnelMonTable) for this Peer association."
+ ::= { jnxPeerIkeSaCorrEntry 3 }
+
+
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- The Peer association to IPSec Tunnel Correlation Table
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxPeerIPSecTunnelCorrTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF JnxPeerIPSecTunnelCorrEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The Peer Association to IPSec Tunnel Correlation Table.
+ There is one entry in this table
+ for each active IPSec Tunnel."
+ ::= { jnxIpSecFlowMonPhaseOne 8 }
+
+ jnxPeerIPSecTunnelCorrEntry OBJECT-TYPE
+ SYNTAX JnxPeerIPSecTunnelCorrEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Each entry contains the attributes of an
+ Peer Association to active IPSec Tunnel Correlation."
+ INDEX { jnxPeerIPSecTunnelCorrPeerIndex,
+ jnxPeerIPSecTunnelCorrIntIndex }
+ ::= { jnxPeerIPSecTunnelCorrTable 1 }
+
+ JnxPeerIPSecTunnelCorrEntry ::= SEQUENCE {
+ jnxPeerIPSecTunnelCorrPeerIndex Integer32,
+ jnxPeerIPSecTunnelCorrIntIndex Integer32,
+ jnxPeerIPSecTunnelCorrIPSecTunMonIndex Integer32
+ }
+
+ jnxPeerIPSecTunnelCorrPeerIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of the Peer (jnxPeerIndex in the
+ jnxIkePeerTable)."
+ ::= { jnxPeerIPSecTunnelCorrEntry 1 }
+
+ jnxPeerIPSecTunnelCorrIntIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The internal index of the Peer and IPSec Tunnel association.
+ This index is used to uniquely identify multiple
+ association between the peer and IPSec Tunnel."
+ ::= { jnxPeerIPSecTunnelCorrEntry 2 }
+
+ jnxPeerIPSecTunnelCorrIPSecTunMonIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The index of the active IPSec Tunnel (jnxIpSecTunMonIndex in
+ the jnxIpSecTunnelMonTable) for this association between
+ Peer and IPSec Tunnel."
+ ::= { jnxPeerIPSecTunnelCorrEntry 3 }
+
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- The IKEv2 global HA Link Statistics
+ -- Provides global statistics for all HA Link IKE tunnels, active and previous.
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIkeHaLinkGlobalStats OBJECT IDENTIFIER
+ ::= { jnxIpSecFlowMonPhaseOne 9 }
+
+
+ -- Initiator IKE_SA_INIT exchange stats
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats OBJECT IDENTIFIER
+ ::= { jnxIkeHaLinkGlobalStats 1 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT request message sent by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 1 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 2 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitResInvalidIkeSpi OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message containing invalid
+ SPI received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 3 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitInvalidKePayloadIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT INVALID_KE_PAYLOAD received
+ by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 4 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT NO_PROPSAL_CHOSEN received
+ by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 5 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitResVerifySaFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message verification
+ of peer SA failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 6 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitResIkeSaFillFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message IKE SA fill
+ operation failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 7 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitResVerifyDhGroupFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message verification of
+ DH group failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 8 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitCookieRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT COOKIE notification request
+ message received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 9 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2SaInitCookieResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT COOKIE notification
+ response message sent by Responder."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2SaInitStats 10 }
+
+
+ -- Responder IKE_SA_INIT exchange stats
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitStats OBJECT IDENTIFIER
+ ::= { jnxIkeHaLinkGlobalStats 2 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT request message received by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 1 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 2 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT NO_PROPSAL_CHOSEN notification
+ sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 3 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitInvalidKePayloadOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT INVALID_KE_PAYLOAD notification
+ sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 4 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitResInvalidDhGroupConf OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message invalid DH group
+ configured at Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 5 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitResDhGenKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message Diffie-Hellman
+ generate key failed at Responder"
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 6 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitResGetCAsFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message get CAs failed at
+ Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 7 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitResGetVidFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message get vendor ID
+ request failed at Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 8 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT response message Diffie-Hellman
+ compute key failed at Responder"
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 9 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitCookieRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT COOKIE notification request message
+ sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 10 }
+
+ jnxIkeHaLinkGlobalResponderIkev2SaInitCookieResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_SA_INIT COOKIE notification response
+ message received by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2SaInitStats 11 }
+
+
+ -- Initiator IKE_AUTH exchange stats
+
+ jnxIkeHaLinkGlobalInitiatorIkev2AuthStats OBJECT IDENTIFIER
+ ::= { jnxIkeHaLinkGlobalStats 3 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2AuthRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH request message sent by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2AuthStats 1 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2AuthResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH response message received by
+ Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2AuthStats 2 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2AuthNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH NO_PROPSAL_CHOSEN notification
+ received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2AuthStats 3 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2AuthTsUnacceptableIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH TS_UNACCEPTABLE notification
+ received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2AuthStats 4 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2AuthAuthenticationFailedIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH AUTHENTICATION_FAILED
+ notification received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2AuthStats 5 }
+
+
+ -- Responder IKE_AUTH exchange stats
+
+ jnxIkeHaLinkGlobalResponderIkev2AuthStats OBJECT IDENTIFIER
+ ::= { jnxIkeHaLinkGlobalStats 4 }
+
+ jnxIkeHaLinkGlobalResponderIkev2AuthRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH request message received by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2AuthStats 1 }
+
+ jnxIkeHaLinkGlobalResponderIkev2AuthResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH response message sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2AuthStats 2 }
+
+ jnxIkeHaLinkGlobalResponderIkev2AuthNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH NO_PROPSAL_CHOSEN notification
+ sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2AuthStats 3 }
+
+ jnxIkeHaLinkGlobalResponderIkev2AuthTsUnacceptableOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH TS_UNACCEPTABLE notification
+ sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2AuthStats 4 }
+
+ jnxIkeHaLinkGlobalResponderIkev2AuthAuthenticationFailedOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE_AUTH request message AUTHENTICATION_FAILED
+ notification sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2AuthStats 5 }
+
+
+ --- Initiator IKE SA rekey CREATE_CHILD_SA exchange stats
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats OBJECT IDENTIFIER
+ ::= { jnxIkeHaLinkGlobalStats 5 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey CREATE_CHILD_SA request message
+ sent by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 1 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey CREATE_CHILD_SA response message
+ received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 2 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey NO_PROPSAL_CHOSEN notification
+ received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 3 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyInvalidKeIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey INVALID_KE_PAYLOAD notification
+ received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 4 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ Diffie-Hellman compute key failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 5 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyResVerifySaFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ verification of peer SA failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 6 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyResFillIkeSaFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ fill IKE SA failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 7 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyResVerifyDhGroupFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ verification of DH group failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IkeSaRekeyStats 8 }
+
+
+ --- Responder IKE SA rekey CREATE_CHILD_SA exchange stats
+
+ jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats OBJECT IDENTIFIER
+ ::= { jnxIkeHaLinkGlobalStats 6 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey request message
+ received by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats 1 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats 2 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey NO_PROPSAL_CHOSEN
+ notification sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats 3 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyInvalidKeOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey INVALID_KE_PAYLOAD
+ notification sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats 4 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IKE SA rekey response message
+ Diffie-Hellman compute key failed at Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IkeSaRekeyStats 5 }
+
+
+ --- Initiator IPSec SA rekey CREATE_CHILD_SA exchange stats
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats OBJECT IDENTIFIER
+ ::= { jnxIkeHaLinkGlobalStats 7 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyRequestOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey request
+ message sent by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 1 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyResponseIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response
+ message received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 2 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyNoProposalChosenIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey NO_PROPSAL_CHOSEN
+ notification received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 3 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyInvalidKeIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey INVALID_KE_PAYLOAD
+ notification received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 4 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyTsUnacceptableIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey TS_UNACCEPTABLE
+ notification received by Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 5 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyResVerifySaFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response message
+ verification of peer SA failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 6 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response message
+ Diffie-Hellman compute key failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 7 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyResVerifyDhGroupFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response message
+ verification of DH group failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 8 }
+
+ jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyResVerifyTsFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response message
+ verification of TS failed at Initiator."
+ ::= { jnxIkeHaLinkGlobalInitiatorIkev2IpsecSaRekeyStats 9 }
+
+
+ --- Responder IPSec SA rekey CREATE_CHILD_SA exchange stats
+
+ jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats OBJECT IDENTIFIER
+ ::= { jnxIkeHaLinkGlobalStats 8 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyRequestIn OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey request
+ message received by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 1 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyResponseOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response
+ message sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 2 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyNoProposalChosenOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey NO_PROPSAL_CHOSEN
+ notification sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 3 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyInvalidKeOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey INVALID_KE_PAYLOAD
+ notification sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 4 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyTsUnacceptableOut OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey TS_UNACCEPTABLE
+ notification sent by Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 5 }
+
+ jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyResDhComputeKeyFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSec SA rekey response message
+ Diffie-Hellman compute key failed at Responder."
+ ::= { jnxIkeHaLinkGlobalResponderIkev2IpsecSaRekeyStats 6 }
+
+
+ --- Message failure stats
+
+ jnxIkeHaLinkGlobalIkev2MsgFailStats OBJECT IDENTIFIER
+ ::= { jnxIkeHaLinkGlobalStats 9 }
+
+ jnxIkeHaLinkGlobalIkev2TotalDiscarded OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of discarded messages. Includes the failures
+ encountered during decode of IKEv2 packets that is failures
+ before the IKEv2 exchange payload processing. Also this
+ counter encompasses all the other message failure counters."
+ ::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 1 }
+
+ jnxIkeHaLinkGlobalIkev2TotalIdError OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages with ID error. Message ID is not
+ compliant with what is expected. For ex. IKE_SA_INIT message
+ with message ID larger than zero is encountered."
+ ::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 2 }
+
+ jnxIkeHaLinkGlobalIkev2TotalIntegrityFail OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages with Integrity check failure."
+ ::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 3 }
+
+ jnxIkeHaLinkGlobalIkev2TotalInvalidSPI OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages with Invalid SPI failure. Used one
+ of the SPIs to find the SA, but the other SPI is not matching.
+ Invalid IKE SPIs in IKE_SA_INIT response message at Initiator."
+ ::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 4 }
+
+ jnxIkeHaLinkGlobalIkev2TotalInvalidExchgType OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages with unknown / unexpected exchange type
+ encountered during message exchange."
+ ::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 5 }
+
+ jnxIkeHaLinkGlobalIkev2TotalInvalidLength OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages with Invalid length failure. During
+ decode a malformed message where length is inconsistent with
+ that indicated in header is encountered."
+ ::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 6 }
+
+ jnxIkeHaLinkGlobalIkev2TotalDisorder OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of messages failure due to disorder. Packet message
+ ID is out of window. For a response packet the corresponding
+ request with given message ID is not found."
+ ::= { jnxIkeHaLinkGlobalIkev2MsgFailStats 7 }
+
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- The IPsec Phase-2 Tunnel Table
+ --
+ -- During this phase, IKE negotiates IPSEC SA parameters and setup
+ -- matching IPSEC SA in the peers.
+ --
+ -- Phase 2 VPN: tunnel peer connection, associated with a specific policy
+ -- or a tunnel interface. Phase 2 security association components include
+ -- encryption and authentication algorithms, proxy-IDs and optional DH
+ -- group values.
+ -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIpSecNumOfTunnels OBJECT-TYPE
+ SYNTAX INTEGER
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of IPSEC VPN Tunnels.
+ This attribute should detail the number of IPSEC VPN tunnel
+ in jnxIpSecTunnelTable."
+ ::= { jnxIpSecFlowMonPhaseTwo 1 }
+
+
+ jnxIpSecTunnelMonTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF JnxIpSecTunnelMonEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The IPsec Phase-2 Tunnel Table.
+ There is one entry in this table for each active IPsec Phase-2
+ Tunnel. If the tunnel is terminated, then the entry is no longer
+ available after the table has been refreshed. "
+ ::= { jnxIpSecFlowMonPhaseTwo 2 }
+
+ jnxIpSecTunnelMonEntry OBJECT-TYPE
+ SYNTAX JnxIpSecTunnelMonEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Each entry contains the attributes
+ associated with an active IPsec Phase-2 Tunnel."
+ INDEX { jnxIpSecTunMonRemoteGwAddrType,
+ jnxIpSecTunMonRemoteGwAddr,
+ jnxIpSecTunMonIndex}
+ ::= { jnxIpSecTunnelMonTable 1 }
+
+ JnxIpSecTunnelMonEntry ::= SEQUENCE {
+ jnxIpSecTunMonRemoteGwAddrType InetAddressType,
+ jnxIpSecTunMonRemoteGwAddr InetAddress,
+ jnxIpSecTunMonIndex Integer32,
+ jnxIpSecTunMonLocalGwAddrType InetAddressType,
+ jnxIpSecTunMonLocalGwAddr InetAddress,
+ jnxIpSecTunMonLocalProxyId DisplayString,
+ jnxIpSecTunMonRemoteProxyId DisplayString,
+ jnxIpSecTunMonKeyType JnxKeyType,
+ jnxIpSecTunMonRemotePeerType JnxRemotePeerType,
+ jnxIpSecTunMonOutEncryptedBytes Counter64,
+ jnxIpSecTunMonOutEncryptedPkts Counter64,
+ jnxIpSecTunMonInDecryptedBytes Counter64,
+ jnxIpSecTunMonInDecryptedPkts Counter64,
+ jnxIpSecTunMonAHInBytes Counter64,
+ jnxIpSecTunMonAHInPkts Counter64,
+ jnxIpSecTunMonAHOutBytes Counter64,
+ jnxIpSecTunMonAHOutPkts Counter64,
+ jnxIpSecTunMonReplayDropPkts Counter64,
+ jnxIpSecTunMonAhAuthFails Counter64,
+ jnxIpSecTunMonEspAuthFails Counter64,
+ jnxIpSecTunMonDecryptFails Counter64,
+ jnxIpSecTunMonBadHeaders Counter64,
+ jnxIpSecTunMonBadTrailers Counter64,
+ jnxIpSecTunMonDroppedPkts Counter64, -- obsolete
+ jnxIpSecTunMonVpnName DisplayString,
+ jnxIpSecTunMonTsName DisplayString,
+ jnxIpSecTunMonMultiSa INTEGER,
+ jnxIpSecTunMonInvalidSpi Counter64,
+ jnxIpSecTunMonTsCheckFail Counter64,
+ jnxIpSecTunMonDiscarded Counter64,
+ jnxIpSecTunMonTunType JnxIkeTunType
+ }
+
+ jnxIpSecTunMonRemoteGwAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The IP address type of the remote gateway (endpoint) for the IPsec
+ Phase-2 Tunnel."
+ ::= { jnxIpSecTunnelMonEntry 1 }
+
+ jnxIpSecTunMonRemoteGwAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The IP address of the remote gateway (endpoint) for the IPsec
+ Phase-2 Tunnel."
+ ::= { jnxIpSecTunnelMonEntry 2 }
+
+ jnxIpSecTunMonIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index of the IPsec Phase-2 Tunnel Table.
+ The value of the index is a number which begins at one and
+ is incremented with each tunnel that is created. The value of
+ this object will wrap at 2,147,483,647."
+ ::= { jnxIpSecTunnelMonEntry 3 }
+
+ jnxIpSecTunMonLocalGwAddrType OBJECT-TYPE
+ SYNTAX InetAddressType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address type of the local gateway (endpoint) for the IPsec
+ Phase-2 Tunnel."
+ ::= { jnxIpSecTunnelMonEntry 4 }
+
+ jnxIpSecTunMonLocalGwAddr OBJECT-TYPE
+ SYNTAX InetAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the local gateway (endpoint) for the IPsec
+ Phase-2 Tunnel."
+ ::= { jnxIpSecTunnelMonEntry 5 }
+
+ jnxIpSecTunMonLocalProxyId OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Identifier for the local end."
+ ::= { jnxIpSecTunnelMonEntry 6 }
+
+ jnxIpSecTunMonRemoteProxyId OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Identifier for the remote end."
+ ::= { jnxIpSecTunnelMonEntry 7 }
+
+ jnxIpSecTunMonKeyType OBJECT-TYPE
+ SYNTAX JnxKeyType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of key used by the IPsec Phase-2 Tunnel. It can be
+ one of the following two types:
+ - IKE negotiated
+ - Manually installed"
+ ::= { jnxIpSecTunnelMonEntry 8 }
+
+ jnxIpSecTunMonRemotePeerType OBJECT-TYPE
+ SYNTAX JnxRemotePeerType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of the remote peer gateway (endpoint). It can be one
+ of the following two types:
+ - static (Remote peer whose IP address is known beforehand)
+ - dynamic (Remote peer whose IP address is not known
+ beforehand)"
+ ::= { jnxIpSecTunnelMonEntry 9 }
+
+ jnxIpSecTunMonOutEncryptedBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of bytes encrypted by this Phase-2 tunnel."
+ ::= { jnxIpSecTunnelMonEntry 10 }
+
+
+ jnxIpSecTunMonOutEncryptedPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets encrypted by this Phase-2 tunnel."
+ ::= { jnxIpSecTunnelMonEntry 11 }
+
+
+ jnxIpSecTunMonInDecryptedBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of bytes decrypted by this Phase-2 tunnel."
+ ::= { jnxIpSecTunnelMonEntry 12 }
+
+
+ jnxIpSecTunMonInDecryptedPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets decrypted by this Phase-2 tunnel."
+ ::= { jnxIpSecTunnelMonEntry 13 }
+
+
+ jnxIpSecTunMonAHInBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of incoming bytes authenticated using AH by this Phase-2
+ tunnel."
+ ::= { jnxIpSecTunnelMonEntry 14 }
+
+
+ jnxIpSecTunMonAHInPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of incoming packets authenticated using AH by this Phase-2
+ tunnel."
+ ::= { jnxIpSecTunnelMonEntry 15 }
+
+
+ jnxIpSecTunMonAHOutBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of outgoing bytes applied AH by this Phase-2 tunnel."
+ ::= { jnxIpSecTunnelMonEntry 16 }
+
+
+ jnxIpSecTunMonAHOutPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of outgoing packets applied AH by this Phase-2 tunnel."
+ ::= { jnxIpSecTunnelMonEntry 17 }
+
+ jnxIpSecTunMonReplayDropPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets dropped by this Phase-2 tunnel due to
+ anti replay check failure."
+ ::= { jnxIpSecTunnelMonEntry 18 }
+
+
+ jnxIpSecTunMonAhAuthFails OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by this Phase-2 tunnel that
+ failed AH authentication."
+ ::= { jnxIpSecTunnelMonEntry 19 }
+
+
+ jnxIpSecTunMonEspAuthFails OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by this Phase-2 tunnel that
+ failed ESP authentication."
+ ::= { jnxIpSecTunnelMonEntry 20 }
+
+
+ jnxIpSecTunMonDecryptFails OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by this Phase-2 tunnel that
+ failed decryption."
+ ::= { jnxIpSecTunnelMonEntry 21 }
+
+
+ jnxIpSecTunMonBadHeaders OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by this Phase-2 tunnel that
+ failed due to bad headers."
+ ::= { jnxIpSecTunnelMonEntry 22 }
+
+
+ jnxIpSecTunMonBadTrailers OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by this Phase-2 tunnel that
+ failed due to bad ESP trailers."
+ ::= { jnxIpSecTunnelMonEntry 23 }
+
+
+ jnxIpSecTunMonDroppedPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS obsolete
+ DESCRIPTION
+ "Total number of dropped packets for this Phase-2 tunnel.
+ This attribute is obsolete."
+ ::= { jnxIpSecTunnelMonEntry 26 }
+
+ jnxIpSecTunMonVpnName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "VPN tunnel name."
+ ::= { jnxIpSecTunnelMonEntry 27 }
+
+ jnxIpSecTunMonTsName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Traffic selector name."
+ ::= { jnxIpSecTunnelMonEntry 28 }
+
+ jnxIpSecTunMonMultiSa OBJECT-TYPE
+ SYNTAX INTEGER{
+ disable(0),
+ enable(1)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Multi-SA Configuration Status."
+ ::= { jnxIpSecTunnelMonEntry 29 }
+
+ jnxIpSecTunMonInvalidSpi OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of Invalid SPI for this IPSec tunnel."
+ ::= { jnxIpSecTunnelMonEntry 30 }
+
+ jnxIpSecTunMonTsCheckFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of TS check fail for this IPSec tunnel."
+ ::= { jnxIpSecTunnelMonEntry 31 }
+
+ jnxIpSecTunMonDiscarded OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of discarded packets for this IPSec tunnel."
+ ::= { jnxIpSecTunnelMonEntry 32 }
+
+ jnxIpSecTunMonTunType OBJECT-TYPE
+ SYNTAX JnxIkeTunType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The Tunnel type. It can be regular (1) or ha-link (2)."
+ ::= { jnxIpSecTunnelMonEntry 33 }
+
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- The IPsec Phase-2 Security Association (SA) Table
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIpSecSaMonTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF JnxIpSecSaMonEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The IPsec Phase-2 Security Association Table.
+ This table identifies the structure (in terms of
+ component SAs) of each active Phase-2 IPsec tunnel.
+ This table contains an entry for each active and
+ expiring security association and maps each entry
+ in the active Phase-2 tunnel table (ipSecTunTable)
+ into a number of entries in this table.
+
+ SA contains the information negotiated by IKE. The SA
+ is like a contract laying out the rules of the VPN
+ connection for the duration of the SA. An SA is assigned
+ a 32-bit number that, when used in conjunction with the
+ destination IP address, uniquely identifies the SA. This
+ number is called the Security Parameters Index or SPI.
+
+ IPSec SAs area unidirectional and they are unique in
+ each security protocol. A set of SAs are needed for a
+ protected data pipe, one per direction per protocol.
+ "
+ ::= { jnxIpSecFlowMonPhaseTwo 3 }
+
+ jnxIpSecSaMonEntry OBJECT-TYPE
+ SYNTAX JnxIpSecSaMonEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Each entry contains the attributes associated with
+ active and expiring IPsec Phase-2
+ security associations."
+ INDEX { jnxIpSecTunMonRemoteGwAddrType, -- From jnxIpSecTunnelTable
+ jnxIpSecTunMonRemoteGwAddr, -- From jnxIpSecTunnelTable
+ jnxIpSecTunMonIndex, -- From jnxIpSecTunnelTable
+ jnxIpSecSaMonIndex }
+ ::= { jnxIpSecSaMonTable 1 }
+
+ JnxIpSecSaMonEntry ::= SEQUENCE {
+ jnxIpSecSaMonIndex Integer32,
+ jnxIpSecSaMonProtocol INTEGER,
+ jnxIpSecSaMonInSpi JnxSpiType,
+ jnxIpSecSaMonOutSpi JnxSpiType,
+ jnxIpSecSaMonType JnxSAType,
+ jnxIpSecSaMonEncapMode JnxEncapMode,
+ jnxIpSecSaMonLifeSize Integer32,
+ jnxIpSecSaMonLifeTime Integer32,
+ jnxIpSecSaMonActiveTime TimeInterval,
+ jnxIpSecSaMonLifeSizeThreshold Integer32,
+ jnxIpSecSaMonLifeTimeThreshold Integer32,
+ jnxIpSecSaMonEncryptAlgo JnxEncryptAlgo,
+ jnxIpSecSaMonAuthAlgo JnxAuthAlgo,
+ jnxIpSecSaMonState INTEGER,
+ jnxIpSecSaMonFcName DisplayString,
+ jnxIpSecSaMonEsnMode JnxEsnMode
+ }
+
+ jnxIpSecSaMonIndex OBJECT-TYPE
+ SYNTAX Integer32 (1..65535)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The index, in the context of the IPsec tunnel ipSecTunIndex,
+ of the security association represented by this table entry.
+ The value of this index is a number which begins at one and
+ is incremented with each SPI associated with an IPsec Phase-2
+ Tunnel. The value of this object will wrap at 65535."
+ ::= { jnxIpSecSaMonEntry 1 }
+
+ jnxIpSecSaMonProtocol OBJECT-TYPE
+ SYNTAX INTEGER{
+ ah(1),
+ esp(2)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The index, represents the security protocol (AH, ESP or
+ IPComp) for which this security association was setup."
+ ::= { jnxIpSecSaMonEntry 2 }
+
+ jnxIpSecSaMonInSpi OBJECT-TYPE
+ SYNTAX JnxSpiType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of the incoming SPI."
+ ::= { jnxIpSecSaMonEntry 3 }
+
+ jnxIpSecSaMonOutSpi OBJECT-TYPE
+ SYNTAX JnxSpiType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The value of the outgoing SPI."
+ ::= { jnxIpSecSaMonEntry 4 }
+
+ jnxIpSecSaMonType OBJECT-TYPE
+ SYNTAX JnxSAType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This field represents the type of security associations
+ which can be either manual or dynamic"
+ ::= { jnxIpSecSaMonEntry 5 }
+
+ jnxIpSecSaMonEncapMode OBJECT-TYPE
+ SYNTAX JnxEncapMode
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The encapsulation mode used by an IPsec Phase-2 Tunnel. "
+ ::= { jnxIpSecSaMonEntry 6 }
+
+ jnxIpSecSaMonLifeSize OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. "
+ ::= { jnxIpSecSaMonEntry 7 }
+
+ jnxIpSecSaMonLifeTime OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. "
+ ::= { jnxIpSecSaMonEntry 8 }
+
+ jnxIpSecSaMonActiveTime OBJECT-TYPE
+ SYNTAX TimeInterval
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The length of time the IPsec Phase-2 Tunnel has been active in
+ hundredths of seconds. "
+ ::= { jnxIpSecSaMonEntry 9 }
+
+ jnxIpSecSaMonLifeSizeThreshold OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The security association LifeSize refresh threshold in kilobytes. "
+ ::= { jnxIpSecSaMonEntry 10 }
+
+ jnxIpSecSaMonLifeTimeThreshold OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The security association LifeTime refresh threshold in seconds. "
+ ::= { jnxIpSecSaMonEntry 11 }
+
+ jnxIpSecSaMonEncryptAlgo OBJECT-TYPE
+ SYNTAX JnxEncryptAlgo
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The Encryption algorithm used to encrypt the packets. "
+ ::= { jnxIpSecSaMonEntry 12 }
+
+ jnxIpSecSaMonAuthAlgo OBJECT-TYPE
+ SYNTAX JnxAuthAlgo
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The algorithm used for authentication of packets which
+ can be hmac-md5-96 or hmac-sha1-96 or hmac-sha-256-128"
+ ::= { jnxIpSecSaMonEntry 13 }
+
+ jnxIpSecSaMonState OBJECT-TYPE
+ SYNTAX INTEGER{
+ unknown (0),
+ active (1),
+ expiring (2)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This column represents the status of the security association
+ represented by this table entry. If the status of the SA is
+ 'active', the SA is ready for active use. The status
+ 'expiring' represents any of the various states that the
+ security association transitions through before being purged."
+ ::= { jnxIpSecSaMonEntry 14 }
+
+ jnxIpSecSaMonFcName OBJECT-TYPE
+ SYNTAX DisplayString
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Class-Of-Service Forwarding Class name."
+ ::= { jnxIpSecSaMonEntry 15 }
+
+ jnxIpSecSaMonEsnMode OBJECT-TYPE
+ SYNTAX JnxEsnMode
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This field represents whether IPSec extended sequence number
+ support is enabled or disabled"
+ ::= { jnxIpSecSaMonEntry 16 }
+
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- The IPsec Phase-2 Global Statistics
+ -- Provides global statistics for all phase 2 tunnels.
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIpSecGlobalStats OBJECT IDENTIFIER
+ ::= { jnxIpSecFlowMonPhaseTwo 4 }
+
+ jnxIpSecGlobalOutEncryptedBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of bytes encrypted by all Phase-2 tunnel."
+ ::= { jnxIpSecGlobalStats 1 }
+
+ jnxIpSecGlobalOutEncryptedPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets encrypted by all Phase-2 tunnel."
+ ::= { jnxIpSecGlobalStats 2 }
+
+ jnxIpSecGlobalInDecryptedBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of bytes decrypted by all Phase-2 tunnel."
+ ::= { jnxIpSecGlobalStats 3 }
+
+ jnxIpSecGlobalInDecryptedPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets decrypted by all Phase-2 tunnel."
+ ::= { jnxIpSecGlobalStats 4 }
+
+ jnxIpSecGlobalAHInBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of incoming bytes authenticated using AH by all Phase-2
+ tunnel."
+ ::= { jnxIpSecGlobalStats 5 }
+
+ jnxIpSecGlobalAHInPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of incoming packets authenticated using AH by all
+ Phase-2 tunnel."
+ ::= { jnxIpSecGlobalStats 6 }
+
+ jnxIpSecGlobalAHOutBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of outgoing bytes applied AH by all Phase-2 tunnel."
+ ::= { jnxIpSecGlobalStats 7 }
+
+ jnxIpSecGlobalAHOutPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of outgoing packets applied AH by all Phase-2 tunnel."
+ ::= { jnxIpSecGlobalStats 8 }
+
+ jnxIpSecGlobalReplayDropPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets dropped by all Phase-2 tunnel due to
+ anti-replay check failure."
+ ::= { jnxIpSecGlobalStats 9 }
+
+ jnxIpSecGlobalAhAuthFails OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by all Phase-2 tunnel that
+ failed AH authentication."
+ ::= { jnxIpSecGlobalStats 10 }
+
+ jnxIpSecGlobalEspAuthFails OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by all Phase-2 tunnel that
+ failed ESP authentication."
+ ::= { jnxIpSecGlobalStats 11 }
+
+ jnxIpSecGlobalDecryptFails OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by all Phase-2 tunnel that
+ failed decryption."
+ ::= { jnxIpSecGlobalStats 12 }
+
+ jnxIpSecGlobalBadHeaders OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by all Phase-2 tunnel that
+ failed due to bad headers."
+ ::= { jnxIpSecGlobalStats 13 }
+
+ jnxIpSecGlobalBadTrailers OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by all Phase-2 tunnel that
+ failed due to bad ESP trailers."
+ ::= { jnxIpSecGlobalStats 14 }
+
+ jnxIpSecGlobalInvalidSpi OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of Invalid SPI."
+ ::= { jnxIpSecGlobalStats 15 }
+
+ jnxIpSecGlobalTsCheckFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of TS check fail."
+ ::= { jnxIpSecGlobalStats 16 }
+
+ jnxIpSecGlobalDiscarded OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of discarded packets."
+ ::= { jnxIpSecGlobalStats 17 }
+
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ -- The IPsec Phase-2 HA Link Global Statistics
+ -- Provides global statistics for all HA Link phase 2 tunnels.
+ -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ jnxIpSecHaLinkGlobalStats OBJECT IDENTIFIER
+ ::= { jnxIpSecFlowMonPhaseTwo 5 }
+
+ jnxIpSecHaLinkGlobalOutEncryptedBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of bytes encrypted by all Phase-2 tunnel."
+ ::= { jnxIpSecHaLinkGlobalStats 1 }
+
+ jnxIpSecHaLinkGlobalOutEncryptedPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets encrypted by all Phase-2 tunnel."
+ ::= { jnxIpSecHaLinkGlobalStats 2 }
+
+ jnxIpSecHaLinkGlobalInDecryptedBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of bytes decrypted by all Phase-2 tunnel."
+ ::= { jnxIpSecHaLinkGlobalStats 3 }
+
+ jnxIpSecHaLinkGlobalInDecryptedPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets decrypted by all Phase-2 tunnel."
+ ::= { jnxIpSecHaLinkGlobalStats 4 }
+
+ jnxIpSecHaLinkGlobalAHInBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of incoming bytes authenticated using AH by all Phase-2
+ tunnel."
+ ::= { jnxIpSecHaLinkGlobalStats 5 }
+
+ jnxIpSecHaLinkGlobalAHInPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of incoming packets authenticated using AH by all
+ Phase-2 tunnel."
+ ::= { jnxIpSecHaLinkGlobalStats 6 }
+
+ jnxIpSecHaLinkGlobalAHOutBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of outgoing bytes applied AH by all Phase-2 tunnel."
+ ::= { jnxIpSecHaLinkGlobalStats 7 }
+
+ jnxIpSecHaLinkGlobalAHOutPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of outgoing packets applied AH by all Phase-2 tunnel."
+ ::= { jnxIpSecHaLinkGlobalStats 8 }
+
+ jnxIpSecHaLinkGlobalReplayDropPkts OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets dropped by all Phase-2 tunnel due to
+ anti-replay check failure."
+ ::= { jnxIpSecHaLinkGlobalStats 9 }
+
+ jnxIpSecHaLinkGlobalAhAuthFails OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by all Phase-2 tunnel that
+ failed AH authentication."
+ ::= { jnxIpSecHaLinkGlobalStats 10 }
+
+ jnxIpSecHaLinkGlobalEspAuthFails OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by all Phase-2 tunnel that
+ failed ESP authentication."
+ ::= { jnxIpSecHaLinkGlobalStats 11 }
+
+ jnxIpSecHaLinkGlobalDecryptFails OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by all Phase-2 tunnel that
+ failed decryption."
+ ::= { jnxIpSecHaLinkGlobalStats 12 }
+
+ jnxIpSecHaLinkGlobalBadHeaders OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by all Phase-2 tunnel that
+ failed due to bad headers."
+ ::= { jnxIpSecHaLinkGlobalStats 13 }
+
+ jnxIpSecHaLinkGlobalBadTrailers OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Number of packets received by all Phase-2 tunnel that
+ failed due to bad ESP trailers."
+ ::= { jnxIpSecHaLinkGlobalStats 14 }
+
+ jnxIpSecHaLinkGlobalInvalidSpi OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of Invalid SPI."
+ ::= { jnxIpSecHaLinkGlobalStats 15 }
+
+ jnxIpSecHaLinkGlobalTsCheckFail OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of TS check fail."
+ ::= { jnxIpSecHaLinkGlobalStats 16 }
+
+ jnxIpSecHaLinkGlobalDiscarded OBJECT-TYPE
+ SYNTAX Counter64
+ UNITS "Packets"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of discarded packets."
+ ::= { jnxIpSecHaLinkGlobalStats 17 }
+
+END
+
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-26 16:44:06 +0000