BIANCA-BRICK-IPSEC-MIB

File: BIANCA-BRICK-IPSEC-MIB.mib (83644 bytes)

Imported modules

RFC1155-SMI RFC-1212

Imported symbols

IpAddress Counter TimeTicks
OBJECT-TYPE

Defined Types

DisplayString  
STRING    

HexValue  
INTEGER    

IpsecPubKeyEntry  
SEQUENCE    
  ipsecPubKeyIndex INTEGER
  ipsecPubKeyDescription DisplayString
  ipsecPubKeyAlgorithm INTEGER
  ipsecPubKeyKeyLength INTEGER

IpsecSaEntry  
SEQUENCE    
  ipsecSaIndex INTEGER
  ipsecSaState INTEGER
  ipsecSaCreator INTEGER
  ipsecSaDir INTEGER
  ipsecSaMode INTEGER
  ipsecSaSecProto INTEGER
  ipsecSaPeerIp IpAddress
  ipsecSaLocalIp IpAddress
  ipsecSaSrcAddress IpAddress
  ipsecSaSrcMaskLen INTEGER
  ipsecSaSrcRange IpAddress
  ipsecSaDstAddress IpAddress
  ipsecSaDstMaskLen INTEGER
  ipsecSaDstRange IpAddress
  ipsecSaPeerIp IpAddress
  ipsecSaSpi HexValue
  ipsecSaAuthAlg INTEGER
  ipsecSaEncAlg INTEGER
  ipsecSaAuthKeyLen INTEGER
  ipsecSaEncKeyLen INTEGER
  ipsecSaLifeKBytes INTEGER
  ipsecSaLifeSeconds INTEGER
  ipsecSaProto INTEGER
  ipsecSaSrcPort INTEGER
  ipsecSaDstPort INTEGER
  ipsecSaSeconds INTEGER
  ipsecSaBytes INTEGER
  ipsecSaPackets INTEGER
  ipsecSaReplayErrors INTEGER
  ipsecSaRecvErrors INTEGER
  ipsecSaDecryptErrors INTEGER

IkeSaEntry  
SEQUENCE    
  ikeSaIndex INTEGER
  ikeSaState INTEGER
  ikeSaXchType INTEGER
  ikeSaAuthMethod INTEGER
  ikeSaAlgs DisplayString
  ikeSaRole INTEGER
  ikeSaLocalId DisplayString
  ikeSaRemoteId DisplayString
  ikeSaRemoteIp IpAddress
  ikeSaCookieI STRING
  ikeSaCookieR STRING
  ikeSaTimes DisplayString
  ikeSaNumCerts INTEGER
  ikeSaNumNegotiations INTEGER
  ikeSaBytes INTEGER
  ikeSaMajVersion INTEGER
  ikeSaMinVersion INTEGER

IpsecPeerEntry  
SEQUENCE    
  ipsecPeerIndex INTEGER
  ipsecPeerNextIndex INTEGER
  ipsecPeerDescription DisplayString
  ipsecPeerPeerIds DisplayString
  ipsecPeerPeerAddress IpAddress
  ipsecPeerLocalId DisplayString
  ipsecPeerLocalAddress IpAddress
  ipsecPeerLocalCert INTEGER
  ipsecPeerIkeProposals INTEGER
  ipsecPeerTrafficList INTEGER
  ipsecPeerAuthMethod INTEGER
  ipsecPeerPreSharedKey DisplayString
  ipsecPeerIkeGroup INTEGER
  ipsecPeerPfsGroup INTEGER
  ipsecPeerPh1Mode INTEGER
  ipsecPeerIkeLifeTime INTEGER
  ipsecPeerIpsecLifeTime INTEGER
  ipsecPeerKeepAlive INTEGER
  ipsecPeerGranularity INTEGER
  ipsecPeerDontVerifyPad INTEGER
  ipsecPeerDefaultIpsecProposals INTEGER
  ipsecPeerPreSharedKeyData STRING

IkeProposalEntry  
SEQUENCE    
  ikePropIndex INTEGER
  ikePropNextChoice INTEGER
  ikePropDescription DisplayString
  ikePropEncAlg INTEGER
  ikePropHashAlg INTEGER

IpsecTrafficEntry  
SEQUENCE    
  ipsecTrIndex INTEGER
  ipsecTrNextIndex INTEGER
  ipsecTrDescription DisplayString
  ipsecTrLocalAddress IpAddress
  ipsecTrLocalMaskLen INTEGER
  ipsecTrLocalRange IpAddress
  ipsecTrRemoteAddress IpAddress
  ipsecTrRemoteMaskLen INTEGER
  ipsecTrRemoteRange IpAddress
  ipsecTrProto INTEGER
  ipsecTrLocalPort INTEGER
  ipsecTrRemotePort INTEGER
  ipsecTrAction INTEGER
  ipsecTrProposal INTEGER
  ipsecTrForceTunnelMode INTEGER
  ipsecTrLifeTime INTEGER
  ipsecTrGranularity INTEGER
  ipsecTrKeepAlive INTEGER

IpsecProposalEntry  
SEQUENCE    
  ipsecPropIndex INTEGER
  ipsecPropNext INTEGER
  ipsecPropBoolOp INTEGER
  ipsecPropDescription DisplayString
  ipsecPropProto INTEGER
  ipsecPropEncAlg INTEGER
  ipsecPropAuthAlg INTEGER
  ipsecPropLifeTime INTEGER
  ipsecPropInSpi HexValue
  ipsecPropOutSpi HexValue
  ipsecPropEncKeyIn DisplayString
  ipsecPropEncKeyOut DisplayString
  ipsecPropAuthKeyIn DisplayString
  ipsecPropAuthKeyOut DisplayString
  ipsecPropEncKeyDataIn STRING
  ipsecPropEncKeyDataOut STRING
  ipsecPropAuthKeyDataIn STRING
  ipsecPropAuthKeyDataOut STRING

IpsecLifeTimeEntry  
SEQUENCE    
  ipsecLifeIndex INTEGER
  ipsecLifeType INTEGER
  ipsecLifeSoftKb INTEGER
  ipsecLifeSoftSec INTEGER
  ipsecLifeHardKb INTEGER
  ipsecLifeHardSec INTEGER

Defined Values

org 1.3
OBJECT IDENTIFIER    

dod 1.3.6
OBJECT IDENTIFIER    

internet 1.3.6.1
OBJECT IDENTIFIER    

private 1.3.6.1.4
OBJECT IDENTIFIER    

enterprises 1.3.6.1.4.1
OBJECT IDENTIFIER    

bintec 1.3.6.1.4.1.272
OBJECT IDENTIFIER    

bibo 1.3.6.1.4.1.272.4
OBJECT IDENTIFIER    

ipsec 1.3.6.1.4.1.272.4.26
OBJECT IDENTIFIER    

ipsecGlobals 1.3.6.1.4.1.272.4.26.1
OBJECT IDENTIFIER    

ipsecGlobPeerIndex 1.3.6.1.4.1.272.4.26.1.1
Index of first IPsec peer in ipsecPeerTable. If this object is set to a Value <= 0, IPSec is switched explicitly off. If the peer referenced by this object does not exist in the table, all packets will be dropped.
OBJECT-TYPE    
  INTEGER  

ipsecGlobDefaultAuthMethod 1.3.6.1.4.1.272.4.26.1.2
The authentication method used by default. If the ipsecPeerAuthMethod field of an ipsecPeerEntry is set to 'default', this value is assumed. Possible values: pre-sh-key(1), -- Authentication using pre shared keys dss-sig(2), -- Authentication using DSS signatures rsa-sig(3), -- Authentication using RSA signatures rsa-enc(4) -- Authentication using RSA encryption.
OBJECT-TYPE    
  INTEGER pre-sh-key(1), dss-sig(2), rsa-sig(3), rsa-enc(4)  

ipsecGlobDefaultCertificate 1.3.6.1.4.1.272.4.26.1.3
The index of the default certificate in the certTable used for local authentication for ike keyed rules with non pre-shared-key authentication. This may be overwritten by the certificate specified for the individual ipsec peers.
OBJECT-TYPE    
  INTEGER  

ipsecGlobDefaultLocalId 1.3.6.1.4.1.272.4.26.1.4
The default ID used for local authentication for ike keyed rules. If this is an empty or invaid id string one of the subject alternative names or the subject name from the default certificate is used. This does not relpace an empty local id string for an IPsec peer with a valid certificate. The subject name or one of the subject alternative names from this certificate is used then
OBJECT-TYPE    
  DisplayString  

ipsecGlobDefaultIpsecProposal 1.3.6.1.4.1.272.4.26.1.5
Index of default ipsec proposal used for traffic entries with empty ipsec proposal, defined for peers with empty default ipsec proposal.
OBJECT-TYPE    
  INTEGER  

ipsecGlobDefaultIkeProposal 1.3.6.1.4.1.272.4.26.1.6
Index of default ike proposal used for peers with empty default ike proposal.
OBJECT-TYPE    
  INTEGER  

ipsecGlobDefaultIpsecLifeTime 1.3.6.1.4.1.272.4.26.1.7
Index of default lifetime for ike SA's in ipsecLifeTimeTable. This lifetime is used, when there is no valid lifetime entry specified for an IPsec peer entry.
OBJECT-TYPE    
  INTEGER  

ipsecGlobDefaultIkeLifeTime 1.3.6.1.4.1.272.4.26.1.8
Index of default lifetime for ipsec SA's in ipsecLifeTimeTable. This lifetime is used, when there is no valid lifetime entry specified for an IPsec SA, its traffic entry and its peer entry.
OBJECT-TYPE    
  INTEGER  

ipsecGlobDefaultIkeGroup 1.3.6.1.4.1.272.4.26.1.9
Index of default IKE group used for peer entries with empty or invalid ike group. Possible values: 1 (768 bit MODP), 2 (1024 bit MODP), 5 (1536 bit MODP).
OBJECT-TYPE    
  INTEGER  

ipsecGlobMaxSysLogLevel 1.3.6.1.4.1.272.4.26.1.10
Maximum level for syslog messages issued by IPSec. All messages with a level higher than this value are suppressed, independently from other global syslog level settings. Possible settings: emerg(1), alert(2), crit(3), err(4), warning(5), notice(6), info(7), debug(8).
OBJECT-TYPE    
  INTEGER emerg(1), alert(2), crit(3), err(4), warning(5), notice(6), info(7), debug(8)  

ipsecGlobDefaultGranularity 1.3.6.1.4.1.272.4.26.1.11
This object specifies the default granularity used for IPSEC SA negotiation. Possible values: coarse(2), -- Create only one SA for each Traffic entry ip(3), -- Create one SA for each host proto(4), -- Create one SA for each protocol and host port(5) -- Create one SA for each port and host.
OBJECT-TYPE    
  INTEGER coarse(2), ip(3), proto(4), port(5)  

ipsecGlobDefaultPh1Mode 1.3.6.1.4.1.272.4.26.1.12
This object specifies the default exchange mode used for IKE SA negotiation. Possible values: id-protect(1), -- Use identity protection (main) mode aggressive(2) -- Use aggressive mode.
OBJECT-TYPE    
  INTEGER id-protect(1), aggressive(2)  

ipsecGlobDefaultPfsGroup 1.3.6.1.4.1.272.4.26.1.13
This object specifies the PFS group to use. PFS is done only for phase 2, i.e. the Phase 1 SAs are not deleted after phase 2 negotiation is completed. Note however, that if the peer has configured PFS for identity and destroys phase 1 SAs, this side will also destroy them when notified. Possible values: 0 (no PFS) 1 (768 bit MODP), 2 (1024 bit MODP), 5 (1536 bit MODP).
OBJECT-TYPE    
  INTEGER  

ipsecGlobIkePort 1.3.6.1.4.1.272.4.26.1.20
This object specifies the port the IKE key management service listens to.
OBJECT-TYPE    
  INTEGER  

ipsecGlobMaxRetries 1.3.6.1.4.1.272.4.26.1.21
This object specifies the maximum number of retries sent by IKE for one message.
OBJECT-TYPE    
  INTEGER  

ipsecGlobRetryTimeout0milli 1.3.6.1.4.1.272.4.26.1.22
This object specifies the period of time in milliseconds before an IKE message is repeated for the first time if the answer is missing. After each retry, this timeout is increased up to the value specified in ipsecGlobRetryTimeoutMaxsec.
OBJECT-TYPE    
  INTEGER  

ipsecGlobRetryTimeoutMaxsec 1.3.6.1.4.1.272.4.26.1.23
This object specifies the maximum period of time in seconds before an IKE message is repeated if the answer is missing. The retry timeout is not increased beyond this limit.
OBJECT-TYPE    
  INTEGER  

ipsecGlobMaxNegotiationTimeoutsec 1.3.6.1.4.1.272.4.26.1.24
This object specifies the maximum number of seconds after which a negotiation is canceled if it is not finished.
OBJECT-TYPE    
  INTEGER  

ipsecGlobMaxIkeSas 1.3.6.1.4.1.272.4.26.1.25
This object specifies the maximum number of simultaneous ISAKMP Security associations allowed. If this limit is reached, the entries are removed from the database, starting with the ones that will expire very soon. If that is not enough, the entries are deleted in reverse LRU order.
OBJECT-TYPE    
  INTEGER  

ipsecGlobAntiCloggingLength 1.3.6.1.4.1.272.4.26.1.26
This object specifies the length in bits of the local secret used for ISAKMP anti-clogging cookies.
OBJECT-TYPE    
  INTEGER  

ipsecGlobAntiCloggingHash 1.3.6.1.4.1.272.4.26.1.27
This object specifies the algorithm which is used for creating anti-clogging-tokens. Possible values: md5(3), -- MD5 hash algorithm sha1(4) -- SHA hash algorithm.
OBJECT-TYPE    
  INTEGER md5(3), sha1(4)  

ipsecGlobLocalSecretPeriodsec 1.3.6.1.4.1.272.4.26.1.28
This object specifies the period of time in seconds after which a new secret for creating local anti-clogging tokens is created. The previous secret is remembered, so that the anti-clogging tokens created with the previous secret are also recognized as valid. After the local secret is recreated again, the old tokens are not recognized anymore and all IKE packets belonging to the old security associations are discarded. This means that the maximum lifetime of an ISAKMP SA is twice the value of this timer.
OBJECT-TYPE    
  INTEGER  

ipsecGlobIgnoreCrPayloads 1.3.6.1.4.1.272.4.26.1.29
This object specifies whether certificate request payloads should be ignored by IKE. Possible values: true(1), -- ignore all certificate requests false(2) -- process certificate request payloads.
OBJECT-TYPE    
  INTEGER true(1), false(2)  

ipsecGlobNoCrPayloads 1.3.6.1.4.1.272.4.26.1.30
This object specifies whether IKE should suppress certificate requests. Possible values: true(1), -- suppress certificate requests false(2) -- send certificate requests.
OBJECT-TYPE    
  INTEGER true(1), false(2)  

ipsecGlobNoKeyHashPayloads 1.3.6.1.4.1.272.4.26.1.31
This object specifies whether IKE should suppress key hash payloads. Possible values: true(1), -- suppress key hash payloads false(2) -- send key hash payloads.
OBJECT-TYPE    
  INTEGER true(1), false(2)  

ipsecGlobNoCrls 1.3.6.1.4.1.272.4.26.1.32
This object specifies whether IKE should send certificate revocation lists. Possible values: true(1), -- do not send certificate revocation lists false(2) -- send certificate revocation lists.
OBJECT-TYPE    
  INTEGER true(1), false(2)  

ipsecGlobSendFullCertChains 1.3.6.1.4.1.272.4.26.1.33
This object specifies whether IKE should send full certificate chains. Possible values: true(1), -- send full certificate chains false(2) -- do not send full certificate chains.
OBJECT-TYPE    
  INTEGER true(1), false(2)  

ipsecGlobTrustIcmpMsg 1.3.6.1.4.1.272.4.26.1.34
This object specifies whether IKE should trust icmp port and host unreachable error messages. ICMP port and host unreachable messages are only trusted if there have not yet been received any datagrams from the remote host in this negotiation. This means, if the local side receives an ICMP port or host unreachable message as the first response to the initial packet of a new phase 1 negotiation, it cancels the negotiation immediately. Possible values: true(1), -- trust ICMP messages false(2) -- do not trust ICMP messages.
OBJECT-TYPE    
  INTEGER true(1), false(2)  

ipsecGlobSpiSize 1.3.6.1.4.1.272.4.26.1.35
A compatibility flag that specifies the length of the SPI in bytes, which is used when an ISAKMP SA SPI (Cookie) is sent to the remote peer. This field takes effect only if ipsecGlobZeroIsakmpCookies is true.
OBJECT-TYPE    
  INTEGER  

ipsecGlobZeroIsakmpCookies 1.3.6.1.4.1.272.4.26.1.36
This object specifies whether zeroed ISAKMP cookies should be sent. Possible Values: true(1), -- send zero cookies in ISAKMP messages false(2) -- send ISAKMP cookies.
OBJECT-TYPE    
  INTEGER true(1), false(2)  

ipsecGlobMaxKeyLength 1.3.6.1.4.1.272.4.26.1.37
This object specifies the maximum length of an encryption key (in bits) that is accepted from the remote end. This limit prevents denial of service attacks where the attacker asks for a huge key for an encryption algorithm that allows variable length keys.
OBJECT-TYPE    
  INTEGER  

ipsecGlobNoInitialContact 1.3.6.1.4.1.272.4.26.1.38
Do not send IKE initial contact messages in IKE negotiations even if no SA's exist with a peer. Possible values: true(1), -- do not send initial contact messages false(2) -- send initial comntact messages if appropriate.
OBJECT-TYPE    
  INTEGER true(1), false(2)  

ipsecGlobalsContinued 1.3.6.1.4.1.272.4.26.11
OBJECT IDENTIFIER    

ipsecGlobContPreIpsecRules 1.3.6.1.4.1.272.4.26.11.1
This object specifies an index in the IPsec traffic table containing a list of traffic definitions which has to be considered prior to the traffic lists of the IPSec peers in IPSec traffic processing. It may contain either pass or drop entries (protect entries are ignored, if erroneously configured).
OBJECT-TYPE    
  INTEGER  

ipsecGlobContDefaultRule 1.3.6.1.4.1.272.4.26.11.2
This object specifies how to treat packets which do not match any entry in the traffic lists of the active peers. Possible values: drop(1), -- drop all packets pass(2) -- allow all packets pass plain.
OBJECT-TYPE    
  INTEGER drop(1), pass(2)  

ipsecPublicKeyTable 1.3.6.1.4.1.272.4.26.2
This table contains the list of public key pairs and ID's used with IPSec.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecPubKeyEntry

ipsecPubKeyEntry 1.3.6.1.4.1.272.4.26.2.1
This object contains a key pair for a certain public key algorithm and the ids used together with this key.
OBJECT-TYPE    
  IpsecPubKeyEntry  

ipsecPubKeyIndex 1.3.6.1.4.1.272.4.26.2.1.1
A unique index for this entry.
OBJECT-TYPE    
  INTEGER  

ipsecPubKeyDescription 1.3.6.1.4.1.272.4.26.2.1.2
An optional description for this key.
OBJECT-TYPE    
  DisplayString  

ipsecPubKeyAlgorithm 1.3.6.1.4.1.272.4.26.2.1.3
This object specifies the algorithm for which the key is used. Possible values: rsa(2), -- The RSA encryption algorithm dsa(3) -- The digital signature algorithm.
OBJECT-TYPE    
  INTEGER rsa(2), dsa(3)  

ipsecPubKeyKeyLength 1.3.6.1.4.1.272.4.26.2.1.4
The size of the public and private keys in bits.
OBJECT-TYPE    
  INTEGER  

ipsecSaTable 1.3.6.1.4.1.272.4.26.3
This table contains the list of currently active IPSec security associations.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecSaEntry

ipsecSaEntry 1.3.6.1.4.1.272.4.26.3.1
This object contains an IPSec security association.
OBJECT-TYPE    
  IpsecSaEntry  

ipsecSaIndex 1.3.6.1.4.1.272.4.26.3.1.1
A unique index for this entry.
OBJECT-TYPE    
  INTEGER  

ipsecSaState 1.3.6.1.4.1.272.4.26.3.1.3
The current state of the security association Possible values: alive(1), -- The SA is alive and will eventually be rekeyed expired(2), -- The SA is expired and will not be rekeyed delete (3) -- mark this sa for deletion.
OBJECT-TYPE    
  INTEGER alive(1), expired(2), delete(3)  

ipsecSaCreator 1.3.6.1.4.1.272.4.26.3.1.4
This object specifies how the SA was created Possible values: manual(1), -- A manually keyed IPSec SA ike(2) -- An automatically keyed SA created by IKE.
OBJECT-TYPE    
  INTEGER manual(1), ike(2)  

ipsecSaDir 1.3.6.1.4.1.272.4.26.3.1.5
This object specifies whether the SA is used for inbound or outbound processing. Possible values: inbound(1), -- An inbound security association outbound(2) -- An outbound security association.
OBJECT-TYPE    
  INTEGER inbound(1), outbound(2)  

ipsecSaMode 1.3.6.1.4.1.272.4.26.3.1.6
This object specifies whether the SA is in tunnel or transport mode. Possible values: tunnel(1), -- A tunnel mode SA transport(2) -- A transport mode SA.
OBJECT-TYPE    
  INTEGER tunnel(1), transport(2)  

ipsecSaSecProto 1.3.6.1.4.1.272.4.26.3.1.7
This object specifies the security protocol applied by this SA. Possible values: esp(50), -- Encapsulating Security Payload ah(51), -- Authentication Header ipcomp(108) -- Internet Payload Compression Protocol.
OBJECT-TYPE    
  INTEGER esp(50), ah(51), ipcomp(108)  

ipsecSaLocalIp 1.3.6.1.4.1.272.4.26.3.1.8
The local IP address of the outer packet header. For transport mode SAs, this address is the same as the ipsecSaSrcAddress.
OBJECT-TYPE    
  IpAddress  

ipsecSaPeerIp 1.3.6.1.4.1.272.4.26.3.1.9
The destination IP address of the outer packet header. For transport mode SAs, this address is the same as the ipsecSaDstAddress.
OBJECT-TYPE    
  IpAddress  

ipsecSaSrcAddress 1.3.6.1.4.1.272.4.26.3.1.10
The address of the source network this SA covers (if the SrcRange field is nonzero, this is the first address of a range of addresses).
OBJECT-TYPE    
  IpAddress  

ipsecSaSrcMaskLen 1.3.6.1.4.1.272.4.26.3.1.11
The mask length of the source network this SA covers (only meaningful, if the SrcRange field is zero).
OBJECT-TYPE    
  INTEGER  

ipsecSaSrcRange 1.3.6.1.4.1.272.4.26.3.1.12
The last address of a range of source addresses (starting with SrcAddress) this SA covers. Overrides SrcMaskLen.
OBJECT-TYPE    
  IpAddress  

ipsecSaDstAddress 1.3.6.1.4.1.272.4.26.3.1.13
The address of the destination network this SA covers (if the DstRange field is nonzero, this is the first address of a range of addresses).
OBJECT-TYPE    
  IpAddress  

ipsecSaDstMaskLen 1.3.6.1.4.1.272.4.26.3.1.14
The mask length of the destination network this SA covers (only meaningful, if the DstRange field is zero).
OBJECT-TYPE    
  INTEGER  

ipsecSaDstRange 1.3.6.1.4.1.272.4.26.3.1.15
The last address of a range of destination addresses (starting with DstAddress) this SA covers. Overrides DstMaskLen.
OBJECT-TYPE    
  IpAddress  

ipsecSaSpi 1.3.6.1.4.1.272.4.26.3.1.17
The Security Parameters Index of this SA.
OBJECT-TYPE    
  HexValue  

ipsecSaAuthAlg 1.3.6.1.4.1.272.4.26.3.1.18
The hash algorithm used, if any. Possible Values: none(2), -- No hash algorithm applied md5-96(4), -- The MD5 hash algorithm sha1-96(6) -- The Secure Hash Algorithm.
OBJECT-TYPE    
  INTEGER none(2), md5-96(4), sha1-96(6)  

ipsecSaEncAlg 1.3.6.1.4.1.272.4.26.3.1.19
The encryption algorithm used, if any. Possible Values: none(1), -- No encryption applied des-cbc(2), -- DES in CBC mode des3-cbc(3), -- Triple DES in CBC mode blowfish-cbc(4), -- Blowfish in CBC mode cast128-cbc(5) -- CAST with 128 bit key in CBC mode.
OBJECT-TYPE    
  INTEGER none(1), des-cbc(2), des3-cbc(3), blowfish-cbc(4), cast128-cbc(5)  

ipsecSaAuthKeyLen 1.3.6.1.4.1.272.4.26.3.1.21
The length of the key used for authentication, if any.
OBJECT-TYPE    
  INTEGER  

ipsecSaEncKeyLen 1.3.6.1.4.1.272.4.26.3.1.22
The length of the key used for encryption, if any.
OBJECT-TYPE    
  INTEGER  

ipsecSaLifeSeconds 1.3.6.1.4.1.272.4.26.3.1.25
The period in seconds after which this SA will be destroyed.
OBJECT-TYPE    
  INTEGER  

ipsecSaLifeKBytes 1.3.6.1.4.1.272.4.26.3.1.26
The amount of data allowed to be protected by this SA until it is destroyed.
OBJECT-TYPE    
  INTEGER  

ipsecSaProto 1.3.6.1.4.1.272.4.26.3.1.27
The protocol this SA covers.
OBJECT-TYPE    
  INTEGER icmp(1), igmp(2), ggp(3), ipip(4), st(5), tcp(6), cbt(7), egp(8), igp(9), bbn(10), nvp(11), pup(12), argus(13), emcon(14), xnet(15), chaos(16), udp(17), mux(18), dcn(19), hmp(20), prm(21), xns(22), trunk1(23), trunk2(24), leaf1(25), leaf2(26), rdp(27), irtp(28), isotp4(29), netblt(30), mfe(31), merit(32), sep(33), pc3(34), idpr(35), xtp(36), ddp(37), idprc(38), tp(39), il(40), ipv6(41), sdrp(42), ipv6route(43), ipv6frag(44), idrp(45), rsvp(46), gre(47), mhrp(48), bna(49), esp(50), ah(51), inlsp(52), swipe(53), narp(54), mobile(55), tlsp(56), skip(57), ipv6icmp(58), ipv6nonxt(59), ipv6opts(60), ipproto-61(61), cftp(62), local(63), sat(64), kryptolan(65), rvd(66), ippc(67), distfs(68), satmon(69), visa(70), ipcv(71), cpnx(72), cphb(73), wsn(74), pvp(75), brsatmon(76), sunnd(77), wbmon(78), wbexpak(79), isoip(80), vmtp(81), securevmtp(82), vines(83), ttp(84), nsfnet(85), dgp(86), tcf(87), eigrp(88), ospfigp(89), sprite(90), larp(91), mtp(92), ax25(93), ipwip(94), micp(95), scc(96), etherip(97), encap(98), encrypt(99), gmtp(100), ifmp(101), pnni(102), pim(103), aris(104), scps(105), qnx(106), an(107), ippcp(108), snp(109), compaq(110), ipxip(111), vrrp(112), pgm(113), hop0(114), l2tp(115), ipproto-116(116), ipproto-117(117), ipproto-118(118), ipproto-119(119), ipproto-120(120), ipproto-121(121), ipproto-122(122), ipproto-123(123), ipproto-124(124), ipproto-125(125), ipproto-126(126), ipproto-127(127), ipproto-128(128), ipproto-129(129), ipproto-130(130), ipproto-131(131), ipproto-132(132), ipproto-133(133), ipproto-134(134), ipproto-135(135), ipproto-136(136), ipproto-137(137), ipproto-138(138), ipproto-139(139), ipproto-140(140), ipproto-141(141), ipproto-142(142), ipproto-143(143), ipproto-144(144), ipproto-145(145), ipproto-146(146), ipproto-147(147), ipproto-148(148), ipproto-149(149), ipproto-150(150), ipproto-151(151), ipproto-152(152), ipproto-153(153), ipproto-154(154), ipproto-155(155), ipproto-156(156), ipproto-157(157), ipproto-158(158), ipproto-159(159), ipproto-160(160), ipproto-161(161), ipproto-162(162), ipproto-163(163), ipproto-164(164), ipproto-165(165), ipproto-166(166), ipproto-167(167), ipproto-168(168), ipproto-169(169), ipproto-170(170), ipproto-171(171), ipproto-172(172), ipproto-173(173), ipproto-174(174), ipproto-175(175), ipproto-176(176), ipproto-177(177), ipproto-178(178), ipproto-179(179), ipproto-180(180), ipproto-181(181), ipproto-182(182), ipproto-183(183), ipproto-184(184), ipproto-185(185), ipproto-186(186), ipproto-187(187), ipproto-188(188), ipproto-189(189), ipproto-190(190), ipproto-191(191), ipproto-192(192), ipproto-193(193), ipproto-194(194), ipproto-195(195), ipproto-196(196), ipproto-197(197), ipproto-198(198), ipproto-199(199), ipproto-200(200), ipproto-201(201), ipproto-202(202), ipproto-203(203), ipproto-204(204), ipproto-205(205), ipproto-206(206), ipproto-207(207), ipproto-208(208), ipproto-209(209), ipproto-210(210), ipproto-211(211), ipproto-212(212), ipproto-213(213), ipproto-214(214), ipproto-215(215), ipproto-216(216), ipproto-217(217), ipproto-218(218), ipproto-219(219), ipproto-220(220), ipproto-221(221), ipproto-222(222), ipproto-223(223), ipproto-224(224), ipproto-225(225), ipproto-226(226), ipproto-227(227), ipproto-228(228), ipproto-229(229), ipproto-230(230), ipproto-231(231), ipproto-232(232), ipproto-233(233), ipproto-234(234), ipproto-235(235), ipproto-236(236), ipproto-237(237), ipproto-238(238), ipproto-239(239), ipproto-240(240), ipproto-241(241), ipproto-242(242), ipproto-243(243), ipproto-244(244), ipproto-245(245), ipproto-246(246), ipproto-247(247), ipproto-248(248), ipproto-249(249), ipproto-250(250), ipproto-251(251), ipproto-252(252), ipproto-253(253), ipproto-254(254), dont-verify(255)  

ipsecSaSrcPort 1.3.6.1.4.1.272.4.26.3.1.28
The source port this SA covers, 0 for any.
OBJECT-TYPE    
  INTEGER  

ipsecSaDstPort 1.3.6.1.4.1.272.4.26.3.1.29
The destination port this SA covers, 0 for any.
OBJECT-TYPE    
  INTEGER  

ipsecSaSeconds 1.3.6.1.4.1.272.4.26.3.1.30
The number of seconds since this SA was created.
OBJECT-TYPE    
  INTEGER  

ipsecSaBytes 1.3.6.1.4.1.272.4.26.3.1.31
The amount of data in kilobytes protected by this SA.
OBJECT-TYPE    
  INTEGER  

ipsecSaPackets 1.3.6.1.4.1.272.4.26.3.1.32
The number of packets protected by this SA.
OBJECT-TYPE    
  INTEGER  

ipsecSaReplayErrors 1.3.6.1.4.1.272.4.26.3.1.33
The number of replayed packets detected for this SA.
OBJECT-TYPE    
  INTEGER  

ipsecSaRecvErrors 1.3.6.1.4.1.272.4.26.3.1.34
The number of receive errors (replayed packets not counted) detected for this SA.
OBJECT-TYPE    
  INTEGER  

ipsecSaDecryptErrors 1.3.6.1.4.1.272.4.26.3.1.35
The number of decryption errors (ESP only) detected for this SA.
OBJECT-TYPE    
  INTEGER  

ikeSaTable 1.3.6.1.4.1.272.4.26.4
This table contains the list of currently active IKE security associations.
OBJECT-TYPE    
  SEQUENCE OF  
    IkeSaEntry

ikeSaEntry 1.3.6.1.4.1.272.4.26.4.1
This object contains an IKE security association.
OBJECT-TYPE    
  IkeSaEntry  

ikeSaIndex 1.3.6.1.4.1.272.4.26.4.1.1
A unique index for this entry.
OBJECT-TYPE    
  INTEGER  

ikeSaState 1.3.6.1.4.1.272.4.26.4.1.3
This object specifies the state of the SA. Possible values: negotiating(1), -- the SA is still being negotiated established(2), -- the SA negotiation is finished waiting-for-remove(3), -- the SA is waiting for removal delete(7) -- mark the SA for deletion.
OBJECT-TYPE    
  INTEGER negotiating(1), established(2), waiting-for-remove(3), delete(7)  

ikeSaXchType 1.3.6.1.4.1.272.4.26.4.1.4
The exchange mode used to create the SA. Possible values: base(1), -- IKE base mode mode id-protect(2), -- IKE identity protection -- (oakley main mode) authentication-only(3), -- Authentication only mode aggressive(4), -- IKE (oakley) aggressive mode info(5), -- IKE informational exchange mode quick(32), -- IKE quick mode new-group(33), -- IKE new group mode any(256) -- Other mode.
OBJECT-TYPE    
  INTEGER base(1), id-protect(2), authentication-only(3), aggressive(4), info(5), quick(32), new-group(33), any(256)  

ikeSaAuthMethod 1.3.6.1.4.1.272.4.26.4.1.5
The authenticatin method used when negotiating this SA. Possible values: pre-sh-key(1), -- Authentication using pre shared keys dss-sig(2), -- Authentication using DSS signatures rsa-sig(3), -- Authentication using RSA signatures rsa-enc(4) -- Authentication using RSA encryption.
OBJECT-TYPE    
  INTEGER pre-sh-key(1), dss-sig(2), rsa-sig(3), rsa-enc(4)  

ikeSaAlgs 1.3.6.1.4.1.272.4.26.4.1.6
The names of the encryption and hash algorithm and of the prf.
OBJECT-TYPE    
  DisplayString  

ikeSaRole 1.3.6.1.4.1.272.4.26.4.1.7
This object specifies by which side the SA negotiation was initiated. Possible values: true(1), -- this end initiated the SA negotiation false(2) -- the remote end initiated the SA negotiation.
OBJECT-TYPE    
  INTEGER initiator(1), responder(2)  

ikeSaLocalId 1.3.6.1.4.1.272.4.26.4.1.8
The local ID used for authentication.
OBJECT-TYPE    
  DisplayString  

ikeSaRemoteId 1.3.6.1.4.1.272.4.26.4.1.9
The remote ID used for authentication.
OBJECT-TYPE    
  DisplayString  

ikeSaRemoteIp 1.3.6.1.4.1.272.4.26.4.1.11
The remote IP address used in the IKE communication.
OBJECT-TYPE    
  IpAddress  

ikeSaCookieI 1.3.6.1.4.1.272.4.26.4.1.12
The cookie of the initiator.
OBJECT-TYPE    
  STRING  

ikeSaCookieR 1.3.6.1.4.1.272.4.26.4.1.13
The cookie of the responder.
OBJECT-TYPE    
  STRING  

ikeSaTimes 1.3.6.1.4.1.272.4.26.4.1.14
The creation time and last used time of the SA in human readable format.
OBJECT-TYPE    
  DisplayString  

ikeSaNumCerts 1.3.6.1.4.1.272.4.26.4.1.15
The number of certificates received from the remote side when negotiating this SA.
OBJECT-TYPE    
  INTEGER  

ikeSaNumNegotiations 1.3.6.1.4.1.272.4.26.4.1.16
This object specifies the number of currently active negotiations for this SA.
OBJECT-TYPE    
  INTEGER  

ikeSaBytes 1.3.6.1.4.1.272.4.26.4.1.17
Number of bytes transmitted using this SA.
OBJECT-TYPE    
  INTEGER  

ikeSaMajVersion 1.3.6.1.4.1.272.4.26.4.1.18
The IKE major version number.
OBJECT-TYPE    
  INTEGER  

ikeSaMinVersion 1.3.6.1.4.1.272.4.26.4.1.19
The IKE minor version number.
OBJECT-TYPE    
  INTEGER  

ipsecPeerTable 1.3.6.1.4.1.272.4.26.5
This table contains the list of IPSec peers.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecPeerEntry

ipsecPeerEntry 1.3.6.1.4.1.272.4.26.5.1
This object contains the description of an IPSec peer.
OBJECT-TYPE    
  IpsecPeerEntry  

ipsecPeerIndex 1.3.6.1.4.1.272.4.26.5.1.1
A unique index identifying this entry.
OBJECT-TYPE    
  INTEGER  

ipsecPeerNextIndex 1.3.6.1.4.1.272.4.26.5.1.2
The index of the next peer in hierarchy.
OBJECT-TYPE    
  INTEGER  

ipsecPeerDescription 1.3.6.1.4.1.272.4.26.5.1.3
An optional description for this peer.
OBJECT-TYPE    
  DisplayString  

ipsecPeerPeerIds 1.3.6.1.4.1.272.4.26.5.1.5
The IDs of the peer which are accepted for authentication.
OBJECT-TYPE    
  DisplayString  

ipsecPeerPeerAddress 1.3.6.1.4.1.272.4.26.5.1.6
The IP-address of the peer.
OBJECT-TYPE    
  IpAddress  

ipsecPeerLocalId 1.3.6.1.4.1.272.4.26.5.1.7
The local ID used for authentication.
OBJECT-TYPE    
  DisplayString  

ipsecPeerLocalAddress 1.3.6.1.4.1.272.4.26.5.1.8
The local address used for IPSec encrypted packets.
OBJECT-TYPE    
  IpAddress  

ipsecPeerLocalCert 1.3.6.1.4.1.272.4.26.5.1.9
The index of the certificate used for local authentication in the certTable. Only useful for automatically keyed traffic with dsa or rsa authentication.
OBJECT-TYPE    
  INTEGER  

ipsecPeerIkeProposals 1.3.6.1.4.1.272.4.26.5.1.10
The index of the first IKE proposal which may be used for IKE SA negotiation with this peer.
OBJECT-TYPE    
  INTEGER  

ipsecPeerTrafficList 1.3.6.1.4.1.272.4.26.5.1.11
This object specifies the first entry of possibly a chain of traffic entries from the ipsecTrafficTable which should be protected with IPSec using this peer.
OBJECT-TYPE    
  INTEGER  

ipsecPeerAuthMethod 1.3.6.1.4.1.272.4.26.5.1.20
The authentication method used. Possible values: pre-sh-key(1), -- Authentication using pre shared keys dss-sig(2), -- Authentication using DSS signatures rsa-sig(3), -- Authentication using RSA signatures rsa-enc(4), -- Authentication using RSA encryption default(14), -- Use the default settings from the -- ipsecGlobals table delete(15) -- mark this entry for deletion.
OBJECT-TYPE    
  INTEGER pre-sh-key(1), dss-sig(2), rsa-sig(3), rsa-enc(4), default(14), delete(15)  

ipsecPeerPreSharedKey 1.3.6.1.4.1.272.4.26.5.1.21
The pre-shared-key used with this peer, if pre-shared-keys are used for authentication. This field serves only as an input field and its contents are replaced with a single asterisk immediately after it is set.
OBJECT-TYPE    
  DisplayString  

ipsecPeerIkeGroup 1.3.6.1.4.1.272.4.26.5.1.22
The Group used for Diffie Hellman key agreement algorithm. Possible values: 0: use default value from ipsecGlobals table 1: a 768-bit MODP group 2: a 1024-bit MODP group 3: a GF[2^155] group 4: a GF[2^185] group 5: a 1536-bit MODP group
OBJECT-TYPE    
  INTEGER  

ipsecPeerPfsGroup 1.3.6.1.4.1.272.4.26.5.1.23
The Diffie Hellman group used for additional Perfect Forward Secrecy (PFS) DH exponentiations. Possible values: -1: explicitly do not use PFS (overrides ipsecGlob2DefaultPfsGroup), 0: use default value from ipsecGlob2DefaultPfsGroup, 1: a 768-bit MODP group, 2: a 1024-bit MODP group, 5: a 1536-bit MODP group.
OBJECT-TYPE    
  INTEGER  

ipsecPeerPh1Mode 1.3.6.1.4.1.272.4.26.5.1.24
This object specifies the exchange mode used for IKE SA negotiation. Possible values: id-protect(1), -- Use identity protection (main) mode aggressive(2), -- Use aggressive mode default(3) -- Use default settings from the -- ipsecGlobalsTable.
OBJECT-TYPE    
  INTEGER id-protect(1), aggressive(2), default(3)  

ipsecPeerIkeLifeTime 1.3.6.1.4.1.272.4.26.5.1.25
This object specifies an index in the ipsecLifeTimeTable. If the lifetime pointed to by this index does not exist or is inappropriate, the default lifetime from the ipsecGlobalsTable is used.
OBJECT-TYPE    
  INTEGER  

ipsecPeerIpsecLifeTime 1.3.6.1.4.1.272.4.26.5.1.26
This object specifies an index in the ipsecLifeTimeTable. This lifetime overwrites the lifetimes specified for all traffic entries and their proposals referenced by this peer entry. If the lifetime pointed to by this index does not exist or is inappropriate, the default lifetime from the ipsecGlobalsTable is used.
OBJECT-TYPE    
  INTEGER  

ipsecPeerKeepAlive 1.3.6.1.4.1.272.4.26.5.1.29
This object specifies whether IKE SA's with this peer are rekeyed even if there was no data transferred over them. Possible values: true(1), -- rekey SA's even if no data was transferred false(2) -- do not rekey SA's if no data was transferred.
OBJECT-TYPE    
  INTEGER true(1), false(2)  

ipsecPeerGranularity 1.3.6.1.4.1.272.4.26.5.1.30
This object specifies the granularity with which SA's with this peer are created. Possible values: default(1), -- use the setting from the ipsecGlobalsTable coarse(2), -- Create only one SA for each Traffic entry ip(3), -- Create one SA for each host proto(4), -- Create one SA for each protocol and host port(5) -- Create one SA for each port and host.
OBJECT-TYPE    
  INTEGER default(1), coarse(2), ip(3), proto(4), port(5)  

ipsecPeerDontVerifyPad 1.3.6.1.4.1.272.4.26.5.1.31
This object is a compatibility option for older ipsec implementations. It enables or disables an old way of ESP padding (no self describing padding). Possible values: false(1), -- normal, self-describing ESP padding true(2) -- old style ESP padding.
OBJECT-TYPE    
  INTEGER false(1), true(2)  

ipsecPeerDefaultIpsecProposals 1.3.6.1.4.1.272.4.26.5.1.42
The index of the default IPSec proposal used for encrypting all the traffic bound to the (optional) logical interface created for this peer.
OBJECT-TYPE    
  INTEGER  

ipsecPeerPreSharedKeyData 1.3.6.1.4.1.272.4.26.5.1.63
Field used for storing the pre-shared-key permanently.
OBJECT-TYPE    
  STRING  

ikeProposalTable 1.3.6.1.4.1.272.4.26.6
This table contains the list of IKE proposals. The entries may be concatenated on a logical or basis using the NextChoice field to choices of multiple proposals.
OBJECT-TYPE    
  SEQUENCE OF  
    IkeProposalEntry

ikeProposalEntry 1.3.6.1.4.1.272.4.26.6.1
This object contains an IKE proposal, i.e. the encryption algorithm and the hash algorithm used to protect traffic sent over an IKE SA.
OBJECT-TYPE    
  IkeProposalEntry  

ikePropIndex 1.3.6.1.4.1.272.4.26.6.1.1
A unique index identifying this entry.
OBJECT-TYPE    
  INTEGER  

ikePropNextChoice 1.3.6.1.4.1.272.4.26.6.1.2
This object specifies the index of the next proposal of a choice of proposals. If this object is 0, this marks the end of a proposal chain.
OBJECT-TYPE    
  INTEGER  

ikePropDescription 1.3.6.1.4.1.272.4.26.6.1.3
An optional textual description of the proposal chain beginning at this entry.
OBJECT-TYPE    
  DisplayString  

ikePropEncAlg 1.3.6.1.4.1.272.4.26.6.1.4
This object specifies the encryption algorithm used to protect traffic sent over an IKE SA. Possible values: none(1), -- No encryption applied des-cbc(2), -- DES in CBC mode des3-cbc(3), -- Triple DES in CBC mode blowfish-cbc(4), -- Blowfish in CBC mode cast128-cbc(5) -- CAST in CBC mode with 128 bit key.
OBJECT-TYPE    
  INTEGER none(1), des-cbc(2), des3-cbc(3), blowfish-cbc(4), cast128-cbc(5)  

ikePropHashAlg 1.3.6.1.4.1.272.4.26.6.1.5
This object specifies the hash algorithm used to protect traffic sent over an IKE SA. Possible values: delete(1), -- Delete this entry none(2), -- No hash algorithm md5(3), -- The MD5 hash algorithm sha1(4), -- The Secure Hash Algorithm.
OBJECT-TYPE    
  INTEGER delete(1), none(2), md5(3), sha1(4)  

ipsecTrafficTable 1.3.6.1.4.1.272.4.26.7
This table contains lists of Traffic and the actions which should be applied to it, together with the necessary parameters.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecTrafficEntry

ipsecTrafficEntry 1.3.6.1.4.1.272.4.26.7.1
This object contains a description of a type of IP traffic and the action which should be applied to it together with the necessary parameters.
OBJECT-TYPE    
  IpsecTrafficEntry  

ipsecTrIndex 1.3.6.1.4.1.272.4.26.7.1.1
A unique index identifying this entry.
OBJECT-TYPE    
  INTEGER  

ipsecTrNextIndex 1.3.6.1.4.1.272.4.26.7.1.2
This object specifies the index of the next traffic entry in hierarchy.
OBJECT-TYPE    
  INTEGER  

ipsecTrDescription 1.3.6.1.4.1.272.4.26.7.1.3
An optional human readable description for this traffic entry.
OBJECT-TYPE    
  DisplayString  

ipsecTrLocalAddress 1.3.6.1.4.1.272.4.26.7.1.4
The source IP-address of this traffic entry. It maybe either a single address, a network address (in combination with ipsecTrSrcMask), or the first address of an address range (in combination with ipsecTrLocalRange).
OBJECT-TYPE    
  IpAddress  

ipsecTrLocalMaskLen 1.3.6.1.4.1.272.4.26.7.1.5
The length of the network mask for a source network.
OBJECT-TYPE    
  INTEGER  

ipsecTrLocalRange 1.3.6.1.4.1.272.4.26.7.1.6
The last address of a source address range. If this field is nonzero, the ipsecTrLocalMaskLen field is ignored and the source is considered as a range of addresses beginning with ipsecTrLocalAddress and ending with ipsecTrLocalRange.
OBJECT-TYPE    
  IpAddress  

ipsecTrRemoteAddress 1.3.6.1.4.1.272.4.26.7.1.7
The destination IP-address of this traffic entry. It maybe either a single address, a network address (in combination with ipsecTrDstMask), or the first address of an address range (in combination with ipsecTrRemoteRange).
OBJECT-TYPE    
  IpAddress  

ipsecTrRemoteMaskLen 1.3.6.1.4.1.272.4.26.7.1.8
The length of the network mask for a destination network.
OBJECT-TYPE    
  INTEGER  

ipsecTrRemoteRange 1.3.6.1.4.1.272.4.26.7.1.9
The last address of a destination address range. If this field is nonzero, the ipsecTrRemoteMaskLen field is ignored and the source is considered as a range of addresses beginning with ipsecTrRemoteAddress and ending with ipsecTrRemoteRange.
OBJECT-TYPE    
  IpAddress  

ipsecTrProto 1.3.6.1.4.1.272.4.26.7.1.10
The transport protocol defined for this entry.
OBJECT-TYPE    
  INTEGER icmp(1), igmp(2), ggp(3), ipip(4), st(5), tcp(6), cbt(7), egp(8), igp(9), bbn(10), nvp(11), pup(12), argus(13), emcon(14), xnet(15), chaos(16), udp(17), mux(18), dcn(19), hmp(20), prm(21), xns(22), trunk1(23), trunk2(24), leaf1(25), leaf2(26), rdp(27), irtp(28), isotp4(29), netblt(30), mfe(31), merit(32), sep(33), pc3(34), idpr(35), xtp(36), ddp(37), idprc(38), tp(39), il(40), ipv6(41), sdrp(42), ipv6route(43), ipv6frag(44), idrp(45), rsvp(46), gre(47), mhrp(48), bna(49), esp(50), ah(51), inlsp(52), swipe(53), narp(54), mobile(55), tlsp(56), skip(57), ipv6icmp(58), ipv6nonxt(59), ipv6opts(60), ipproto-61(61), cftp(62), local(63), sat(64), kryptolan(65), rvd(66), ippc(67), distfs(68), satmon(69), visa(70), ipcv(71), cpnx(72), cphb(73), wsn(74), pvp(75), brsatmon(76), sunnd(77), wbmon(78), wbexpak(79), isoip(80), vmtp(81), securevmtp(82), vines(83), ttp(84), nsfnet(85), dgp(86), tcf(87), eigrp(88), ospfigp(89), sprite(90), larp(91), mtp(92), ax25(93), ipwip(94), micp(95), scc(96), etherip(97), encap(98), encrypt(99), gmtp(100), ifmp(101), pnni(102), pim(103), aris(104), scps(105), qnx(106), an(107), ippcp(108), snp(109), compaq(110), ipxip(111), vrrp(112), pgm(113), hop0(114), l2tp(115), ipproto-116(116), ipproto-117(117), ipproto-118(118), ipproto-119(119), ipproto-120(120), ipproto-121(121), ipproto-122(122), ipproto-123(123), ipproto-124(124), ipproto-125(125), ipproto-126(126), ipproto-127(127), ipproto-128(128), ipproto-129(129), ipproto-130(130), ipproto-131(131), ipproto-132(132), ipproto-133(133), ipproto-134(134), ipproto-135(135), ipproto-136(136), ipproto-137(137), ipproto-138(138), ipproto-139(139), ipproto-140(140), ipproto-141(141), ipproto-142(142), ipproto-143(143), ipproto-144(144), ipproto-145(145), ipproto-146(146), ipproto-147(147), ipproto-148(148), ipproto-149(149), ipproto-150(150), ipproto-151(151), ipproto-152(152), ipproto-153(153), ipproto-154(154), ipproto-155(155), ipproto-156(156), ipproto-157(157), ipproto-158(158), ipproto-159(159), ipproto-160(160), ipproto-161(161), ipproto-162(162), ipproto-163(163), ipproto-164(164), ipproto-165(165), ipproto-166(166), ipproto-167(167), ipproto-168(168), ipproto-169(169), ipproto-170(170), ipproto-171(171), ipproto-172(172), ipproto-173(173), ipproto-174(174), ipproto-175(175), ipproto-176(176), ipproto-177(177), ipproto-178(178), ipproto-179(179), ipproto-180(180), ipproto-181(181), ipproto-182(182), ipproto-183(183), ipproto-184(184), ipproto-185(185), ipproto-186(186), ipproto-187(187), ipproto-188(188), ipproto-189(189), ipproto-190(190), ipproto-191(191), ipproto-192(192), ipproto-193(193), ipproto-194(194), ipproto-195(195), ipproto-196(196), ipproto-197(197), ipproto-198(198), ipproto-199(199), ipproto-200(200), ipproto-201(201), ipproto-202(202), ipproto-203(203), ipproto-204(204), ipproto-205(205), ipproto-206(206), ipproto-207(207), ipproto-208(208), ipproto-209(209), ipproto-210(210), ipproto-211(211), ipproto-212(212), ipproto-213(213), ipproto-214(214), ipproto-215(215), ipproto-216(216), ipproto-217(217), ipproto-218(218), ipproto-219(219), ipproto-220(220), ipproto-221(221), ipproto-222(222), ipproto-223(223), ipproto-224(224), ipproto-225(225), ipproto-226(226), ipproto-227(227), ipproto-228(228), ipproto-229(229), ipproto-230(230), ipproto-231(231), ipproto-232(232), ipproto-233(233), ipproto-234(234), ipproto-235(235), ipproto-236(236), ipproto-237(237), ipproto-238(238), ipproto-239(239), ipproto-240(240), ipproto-241(241), ipproto-242(242), ipproto-243(243), ipproto-244(244), ipproto-245(245), ipproto-246(246), ipproto-247(247), ipproto-248(248), ipproto-249(249), ipproto-250(250), ipproto-251(251), ipproto-252(252), ipproto-253(253), ipproto-254(254), dont-verify(255)  

ipsecTrLocalPort 1.3.6.1.4.1.272.4.26.7.1.11
The source port defined for this traffic entry.
OBJECT-TYPE    
  INTEGER  

ipsecTrRemotePort 1.3.6.1.4.1.272.4.26.7.1.12
The destination port defined for this traffic entry.
OBJECT-TYPE    
  INTEGER  

ipsecTrAction 1.3.6.1.4.1.272.4.26.7.1.13
The action to be applied to traffic matching this entry. Possible values: delete(1), -- Delete this entry always-plain(2), -- Forward the packets without -- protection even if there is a -- matching SA and independent from -- the position of the traffic entry -- in the list. pass(3), -- Forward the packets without -- protection protect(4), -- Protect the traffic as specified -- in the proposal. Drop unprotected -- traffic of this kind. drop(5) -- Drop all packets matching this -- traffic entry.
OBJECT-TYPE    
  INTEGER delete(1), always-plain(2), pass(3), protect(4), drop(5)  

ipsecTrProposal 1.3.6.1.4.1.272.4.26.7.1.14
This object specifies an index in the ipsecProposalTable. This may be the first proposal of possibly a choice of multiple, optionally nested proposals which is to be offered with IKE (automatic keying) or a manual proposal (manual keying).
OBJECT-TYPE    
  INTEGER  

ipsecTrForceTunnelMode 1.3.6.1.4.1.272.4.26.7.1.15
This object specifies the strategy when transport mode is used. By default, the system always uses transport mode, if possible. If this variable is set to true, always tunnel mode will be used for this traffic entry, even if source and destination address match the tunnel endpoints. Possible values: true(1), -- Use tunnel mode even if transport mode is possible false(2) -- Use transport mode whenever possible.
OBJECT-TYPE    
  INTEGER true(1), false(2)  

ipsecTrLifeTime 1.3.6.1.4.1.272.4.26.7.1.16
This object specifies an index in the ipsecLifeTimeTable. This lifetime overwrites the lifetimes specified for all proposals referenced by this traffic entry. It may itself be overwritten by an explicit lifetime specified for the peer entry referencing this traffic entry. If the lifetime pointed to by this index does not exist or is inappropriate, the default lifetime from the ipsecGlobalsTable is used.
OBJECT-TYPE    
  INTEGER  

ipsecTrGranularity 1.3.6.1.4.1.272.4.26.7.1.17
This object specifies the granularity with which SA's must be created for this kind of traffic. Possible values: default(1), -- use the setting from the ipsecPeerTable coarse(2), -- Create only one SA for each Traffic entry ip(3), -- Create one SA for each host proto(4), -- Create one SA for each protocol and host port(5) -- Create one SA for each port and host.
OBJECT-TYPE    
  INTEGER default(1), coarse(2), ip(3), proto(4), port(5)  

ipsecTrKeepAlive 1.3.6.1.4.1.272.4.26.7.1.18
This object specifies whether SA's created for this kind of traffic should be rekeyed on expiration of soft lifetimes even if there has not been sent any traffic over them. Possible values: true(1), -- rekey SA's even if no data was transferred false(2), -- do not rekey SA's if no data was transferred default(3) -- use the default setting from the peer entry -- referencing this traffic entry.
OBJECT-TYPE    
  INTEGER true(1), false(2), default(3)  

ipsecProposalTable 1.3.6.1.4.1.272.4.26.8
This table contains the list of IPSec proposals. The entries may be concatenated on a logical 'or' or a logical 'and' basis -depending on the setting of the 'BoolOp' field- using the 'Next' field. This makes the configuration of multiple choices of proposal bundles possible. Possible concatenation: (proposal1 or propsal2 or ... proposaln) and (proposal1 or propsal2 or ... proposaln) and : : (proposal1 or propsal2 or ... proposaln) This table also includes manually keyed security associations, which may not be concatenated to choices with BoolOp set to 'or'
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecProposalEntry

ipsecProposalEntry 1.3.6.1.4.1.272.4.26.8.1
This object contains an IPSec proposal, i.e. a proposed set of security parameters applied to traffic sent over an IPSec security association.
OBJECT-TYPE    
  IpsecProposalEntry  

ipsecPropIndex 1.3.6.1.4.1.272.4.26.8.1.1
A unique index for this entry.
OBJECT-TYPE    
  INTEGER  

ipsecPropNext 1.3.6.1.4.1.272.4.26.8.1.2
The index of the next Proposal in the actual chain.
OBJECT-TYPE    
  INTEGER  

ipsecPropBoolOp 1.3.6.1.4.1.272.4.26.8.1.3
This object specifies how the proposal referenced by Next should be concatenated. Possible values: delete(1), -- Delete this entry or(2), -- Concatenation with logical 'or' and(3) -- Concatenation with logical 'and'.
OBJECT-TYPE    
  INTEGER delete(1), or(2), and(3)  

ipsecPropDescription 1.3.6.1.4.1.272.4.26.8.1.4
An optional human readable description for this proposal.
OBJECT-TYPE    
  DisplayString  

ipsecPropProto 1.3.6.1.4.1.272.4.26.8.1.6
The security protocol to apply. Possible values: esp(1), -- Encapsulating Security Payload ah(2) -- Authentication Header.
OBJECT-TYPE    
  INTEGER esp(1), ah(2)  

ipsecPropEncAlg 1.3.6.1.4.1.272.4.26.8.1.7
The encryption algorithm to apply, if any. Possible values: none(1), -- No encryption applied des-cbc(2), -- DES in CBC mode des3-cbc(3), -- Triple DES in CBC mode blowfish(4), -- Blowfish in CBC mode cast128-cbc(5) -- CAST with 128 bit key in CBC mode.
OBJECT-TYPE    
  INTEGER none(1), des-cbc(2), des3-cbc(3), blowfish-cbc(4), cast128-cbc(5)  

ipsecPropAuthAlg 1.3.6.1.4.1.272.4.26.8.1.8
The hmac algorithm to use for authentication, if any. Possible values: none(2), -- No hmac md5-96(4), -- Use the MD5 hash algorithm with 96 bit -- output sha1-96(6) -- Use the Secure Hash Algorithm with 96 bit -- output.
OBJECT-TYPE    
  INTEGER none(2), md5-96(4), sha1-96(6)  

ipsecPropLifeTime 1.3.6.1.4.1.272.4.26.8.1.10
The index in the ipsecLifeTimeTable containing the lifetime values ued for an SA created from this proposal. This field may be overwritten by an explicit lifetime specified for the traffic entry which references this proposal entry, or by an explicit lifetime specified for the peer entry referencing that traffic entry. If this field is empty or points to a nonexistent or inappropriate lifetime entry, the default life time from the ipsecGlobalsTable is used.
OBJECT-TYPE    
  INTEGER  

ipsecPropInSpi 1.3.6.1.4.1.272.4.26.8.1.11
This object specifies the Security Parameters Index (SPI) which should be used for the inbound SA of a manually keyed Proposal. The SPI is used to distinguish between multiple IPSec connections to the same peer with the same security protocol. The outbound SPI of the remote sides' corresponding proposal entry has to be equal to this value. This object is ignored for automatically keyed SAs, as it is chosen randomly by the initiator.
OBJECT-TYPE    
  HexValue  

ipsecPropOutSpi 1.3.6.1.4.1.272.4.26.8.1.12
This object specifies the Security Parameters Index (SPI) which should be used for the outbound SA of a manually keyed Proposal. The SPI is used to distinguish between multiple IPSec connections to the same peer with the same security protocol. The inbound SPI of the remote sides' corresponding proposal entry has to be equal to this value. This object is ignored for automatically keyed SAs, as it is chosen randomly by the initiator.
OBJECT-TYPE    
  HexValue  

ipsecPropEncKeyIn 1.3.6.1.4.1.272.4.26.8.1.14
This object serves as an input field for the inbound encryption key used with manually keyed SAs. Its contents are reset to a single asterisk immediately after the set operation (or input via the console). It is not evaluated for automatic proposals or for proposals which do not require an encryption key.
OBJECT-TYPE    
  DisplayString  

ipsecPropEncKeyOut 1.3.6.1.4.1.272.4.26.8.1.15
This object serves as an input field for the outbound encryption key used with manually keyed SAs. Its contents are reset to a single asterisk immediately after the set operation (or input via the console). It is not evaluated for automatic proposals or for proposals which do not require an encryption key.
OBJECT-TYPE    
  DisplayString  

ipsecPropAuthKeyIn 1.3.6.1.4.1.272.4.26.8.1.17
This object serves as an input field for the inbound authentication key used with manually keyed SAs. Its contents are reset to a single asterisk immediately after the set operation (or input via the console). It is not evaluated for automatic proposals or for proposals which do not require an authentication key.
OBJECT-TYPE    
  DisplayString  

ipsecPropAuthKeyOut 1.3.6.1.4.1.272.4.26.8.1.18
This object serves as an input field for the outbound authentication key used with manually keyed SAs. Its contents are reset to a single asterisk immediately after the set operation (or input via the console). It is not evaluated for automatic proposals or for proposals which do not require an authentication key.
OBJECT-TYPE    
  DisplayString  

ipsecPropEncKeyDataIn 1.3.6.1.4.1.272.4.26.8.1.33
Tok_String
OBJECT-TYPE    
  STRING  

ipsecPropEncKeyDataOut 1.3.6.1.4.1.272.4.26.8.1.34
Tok_String
OBJECT-TYPE    
  STRING  

ipsecPropAuthKeyDataIn 1.3.6.1.4.1.272.4.26.8.1.35
Tok_String
OBJECT-TYPE    
  STRING  

ipsecPropAuthKeyDataOut 1.3.6.1.4.1.272.4.26.8.1.36
Tok_String
OBJECT-TYPE    
  STRING  

ipsecLifeTimeTable 1.3.6.1.4.1.272.4.26.9
This table contains the list of defined lifetimes for IPsec and IKE SAs.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecLifeTimeEntry

ipsecLifeTimeEntry 1.3.6.1.4.1.272.4.26.9.1
This object contains a lifetime, i.e. the soft and hard expiry limits for IPsec and IKE SA's.
OBJECT-TYPE    
  IpsecLifeTimeEntry  

ipsecLifeIndex 1.3.6.1.4.1.272.4.26.9.1.1
A unique index identifying this entry.
OBJECT-TYPE    
  INTEGER  

ipsecLifeType 1.3.6.1.4.1.272.4.26.9.1.2
This object specifies the type of a lifetime entry.
OBJECT-TYPE    
  INTEGER delete(1), generic(2)  

ipsecLifeSoftKb 1.3.6.1.4.1.272.4.26.9.1.3
The maximum amount of data (in KB) which may be protected by an SA before it is refreshed.
OBJECT-TYPE    
  INTEGER  

ipsecLifeSoftSec 1.3.6.1.4.1.272.4.26.9.1.4
The maximum time (in seconds) after which an SA will be refreshed,.
OBJECT-TYPE    
  INTEGER  

ipsecLifeHardKb 1.3.6.1.4.1.272.4.26.9.1.5
The maximum amount of data (in KB) which may be protected by an SA before it is deleted.
OBJECT-TYPE    
  INTEGER  

ipsecLifeHardSec 1.3.6.1.4.1.272.4.26.9.1.6
The maximum time (in seconds) after which an SA will be refreshed,.
OBJECT-TYPE    
  INTEGER  

ipsecStats 1.3.6.1.4.1.272.4.26.10
OBJECT IDENTIFIER    

ipsecStatsCurrentIkeSas 1.3.6.1.4.1.272.4.26.10.1
Current number of IKE SA's.
OBJECT-TYPE    
  INTEGER  

ipsecStatsCurrentIpsecSas 1.3.6.1.4.1.272.4.26.10.2
Current number of IPSec SA's.
OBJECT-TYPE    
  INTEGER  

ipsecStatsIp 1.3.6.1.4.1.272.4.26.10.3
Number of IP packets processed.
OBJECT-TYPE    
  INTEGER  

ipsecStatsNonIp 1.3.6.1.4.1.272.4.26.10.4
Number of non-IP packets processed.
OBJECT-TYPE    
  INTEGER  

ipsecStatsAh 1.3.6.1.4.1.272.4.26.10.5
Number of AH packets processed.
OBJECT-TYPE    
  INTEGER  

ipsecStatsEsp 1.3.6.1.4.1.272.4.26.10.6
Number of ESP packets processed.
OBJECT-TYPE    
  INTEGER  

ipsecStatsDrop 1.3.6.1.4.1.272.4.26.10.7
Number of packets dropped.
OBJECT-TYPE    
  INTEGER  

ipsecStatsPass 1.3.6.1.4.1.272.4.26.10.8
Number of packets passed plain.
OBJECT-TYPE    
  INTEGER  

ipsecStatsTrig 1.3.6.1.4.1.272.4.26.10.9
Number of packets which triggered an IKE negotiation.
OBJECT-TYPE    
  INTEGER  

ipsecStatsFragPkt 1.3.6.1.4.1.272.4.26.10.10
Number of partial packets currently being reassembled.
OBJECT-TYPE    
  INTEGER  

ipsecStatsFragBytes 1.3.6.1.4.1.272.4.26.10.11
Total size of the partial packets currently being reassembled.
OBJECT-TYPE    
  INTEGER  

ipsecStatsFragNonfirst 1.3.6.1.4.1.272.4.26.10.12
Number of non-first fragments currently queued.
OBJECT-TYPE    
  INTEGER