CISCO-ENHANCED-IPSEC-FLOW-MIB

File: CISCO-ENHANCED-IPSEC-FLOW-MIB.mib (151630 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
INET-ADDRESS-MIB SNMP-FRAMEWORK-MIB IF-MIB
CISCO-TC CISCO-IPSEC-TC CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE NOTIFICATION-TYPE
Counter32 Counter64 Gauge32
Unsigned32 MODULE-COMPLIANCE OBJECT-GROUP
NOTIFICATION-GROUP TimeStamp DateAndTime
TimeInterval TruthValue InetAddressType
InetAddress SnmpAdminString ifIndex
InterfaceIndex CiscoIpProtocol CiscoPort
CIPsecEncryptionKeySize CIPsecControlProtocol CIPsecDiffHellmanGrp
CIPsecEncapMode CIPsecEncryptAlgorithm CIPsecSpi
CIPsecAuthAlgorithm CIPsecCompAlgorithm CIPsecEndPtType
CIPsecNATTraversalMode CIPsecPhase1TunnelIndexOrZero CIPsecPhase2TunnelIndex
CIPsecPhase2SaDirection CIPsecProtocol CIPsecPmtu
CIPsecTunnelStatus ciscoMgmt

Defined Types

CeipSecTunnelEntry  
SEQUENCE    
  ceipSecTunIndex CIPsecPhase2TunnelIndex
  ceipSecTunLocalAddressType InetAddressType
  ceipSecTunLocalAddress InetAddress
  ceipSecTunRemoteAddressType InetAddressType
  ceipSecTunRemoteAddress InetAddress
  ceipSecTunControlProtocol CIPsecControlProtocol
  ceipSecTunControlTunnelIndex CIPsecPhase1TunnelIndexOrZero
  ceipSecTunControlTunnelAlive TruthValue
  ceipSecTunEncapMode CIPsecEncapMode
  ceipSecTunNATTraversalMode CIPsecNATTraversalMode
  ceipSecTunLifeSize Unsigned32
  ceipSecTunLifeTime Unsigned32
  ceipSecTunActiveTime TimeInterval
  ceipSecTunSaLifeSizeThreshold Unsigned32
  ceipSecTunSaLifeTimeThreshold Unsigned32
  ceipSecTunTotalRefreshes Counter32
  ceipSecTunExpiredSaInstances Counter32
  ceipSecTunCurrentSaInstances Gauge32
  ceipSecTunInSaDHGrp CIPsecDiffHellmanGrp
  ceipSecTunInSaEncryptAlgo CIPsecEncryptAlgorithm
  ceipSecTunInSaEncryptKeySize CIPsecEncryptionKeySize
  ceipSecTunInSaAhAuthAlgo CIPsecAuthAlgorithm
  ceipSecTunInSaEspAuthAlgo CIPsecAuthAlgorithm
  ceipSecTunInSaDecompAlgo CIPsecCompAlgorithm
  ceipSecTunOutSaDHGrp CIPsecDiffHellmanGrp
  ceipSecTunOutSaEncryptAlgo CIPsecEncryptAlgorithm
  ceipSecTunOutSaEncryptKeySize CIPsecEncryptionKeySize
  ceipSecTunOutSaAhAuthAlgo CIPsecAuthAlgorithm
  ceipSecTunOutSaEspAuthAlgo CIPsecAuthAlgorithm
  ceipSecTunOutSaCompAlgo CIPsecCompAlgorithm
  ceipSecTunPmtu CIPsecPmtu
  ceipSecTunInOctets Counter64
  ceipSecTunInDecompOctets Counter64
  ceipSecTunInPkts Counter32
  ceipSecTunInDropPkts Counter32
  ceipSecTunInReplayDropPkts Counter32
  ceipSecTunInAuths Counter32
  ceipSecTunInAuthFails Counter32
  ceipSecTunInDecrypts Counter32
  ceipSecTunInDecryptFails Counter32
  ceipSecTunOutOctets Counter64
  ceipSecTunOutUncompOctets Counter64
  ceipSecTunOutPkts Counter32
  ceipSecTunOutDropPkts Counter32
  ceipSecTunOutAuths Counter32
  ceipSecTunOutAuthFails Counter32
  ceipSecTunOutEncrypts Counter32
  ceipSecTunOutEncryptFails Counter32
  ceipSecTunOutCompressedPkts Counter32
  ceipSecTunOutCompSkippedPkts Counter32
  ceipSecTunOutCompFailPkts Counter32
  ceipSecTunOutCompTooSmallPkts Counter32
  ceipSecIfIndex InterfaceIndex
  ceipSecTunStatus CIPsecTunnelStatus

CeipSecEndPtEntry  
SEQUENCE    
  ceipSecEndPtIndex Unsigned32
  ceipSecEndPtLocalName SnmpAdminString
  ceipSecEndPtLocalType CIPsecEndPtType
  ceipSecEndPtLocalAddrType1 InetAddressType
  ceipSecEndPtLocalAddr1 InetAddress
  ceipSecEndPtLocalAddrType2 InetAddressType
  ceipSecEndPtLocalAddr2 InetAddress
  ceipSecEndPtLocalProtocol CiscoIpProtocol
  ceipSecEndPtLocalPort CiscoPort
  ceipSecEndPtRemoteName SnmpAdminString
  ceipSecEndPtRemoteType CIPsecEndPtType
  ceipSecEndPtRemoteAddrType1 InetAddressType
  ceipSecEndPtRemoteAddr1 InetAddress
  ceipSecEndPtRemoteAddrType2 InetAddressType
  ceipSecEndPtRemoteAddr2 InetAddress
  ceipSecEndPtRemoteProtocol CiscoIpProtocol
  ceipSecEndPtRemotePort CiscoPort

CeipSecSaEntry  
SEQUENCE    
  ceipSecSaProtocol CIPsecProtocol
  ceipSecSaIndex Unsigned32
  ceipSecSaDirection CIPsecPhase2SaDirection
  ceipSecSaValue CIPsecSpi
  ceipSecSaStatus INTEGER

CeipSecTunnelSaEntry  
SEQUENCE    
  ceipSecTunSaProtocol CIPsecProtocol
  ceipSecTunSaIndex Unsigned32
  ceipSecTunSaDirection CIPsecPhase2SaDirection
  ceipSecTunSaValue CIPsecSpi
  ceipSecTunSaIfIndex InterfaceIndex
  ceipSecTunSaInOctets Counter64
  ceipSecTunSaInDecompOctets Counter64
  ceipSecTunSaInPkts Counter64
  ceipSecTunSaInDropPkts Counter64
  ceipSecTunSaInReplayDropPkts Counter64
  ceipSecTunSaInAuths Counter64
  ceipSecTunSaInAuthFails Counter64
  ceipSecTunSaInDecrypts Counter64
  ceipSecTunSaInDecryptFails Counter64
  ceipSecTunSaOutOctets Counter64
  ceipSecTunSaOutUncompOctets Counter64
  ceipSecTunSaOutPkts Counter64
  ceipSecTunSaOutDropPkts Counter64
  ceipSecTunSaOutAuths Counter64
  ceipSecTunSaOutAuthFails Counter64
  ceipSecTunSaOutEncrypts Counter64
  ceipSecTunSaOutEncryptFails Counter64
  ceipSecTunSaOutCompressedPkts Counter64
  ceipSecTunSaOutCompSkippedPkts Counter64
  ceipSecTunSaOutCompFailPkts Counter64
  ceipSecTunSaOutCompTooSmallPkts Counter64
  ceipSecTunSaStatus INTEGER

CeipSecIfTunnelEntry  
SEQUENCE    
  ceipSecIfTunnelStatus CIPsecTunnelStatus

CeipSecTunnelHistEntry  
SEQUENCE    
  ceipSecTunHistIndex Unsigned32
  ceipSecTunHistTermReason INTEGER
  ceipSecTunHistActiveIndex CIPsecPhase2TunnelIndex
  ceipSecTunHistLocalAddressType InetAddressType
  ceipSecTunHistLocalAddress InetAddress
  ceipSecTunHistRemoteAddressType InetAddressType
  ceipSecTunHistRemoteAddress InetAddress
  ceipSecTunHistControlProtocol CIPsecControlProtocol
  ceipSecTunHistControlTunnelIndex CIPsecPhase1TunnelIndexOrZero
  ceipSecTunHistEncapMode CIPsecEncapMode
  ceipSecTunHistNATTraversalMode CIPsecNATTraversalMode
  ceipSecTunHistLifeSize Unsigned32
  ceipSecTunHistLifeTime Unsigned32
  ceipSecTunHistStartTime TimeStamp
  ceipSecTunHistActiveTime TimeInterval
  ceipSecTunHistTotalRefreshes Counter32
  ceipSecTunHistTotalSas Counter32
  ceipSecTunHistInSaDHGrp CIPsecDiffHellmanGrp
  ceipSecTunHistInSaEncryptAlgo CIPsecEncryptAlgorithm
  ceipSecTunHistInSaEncryptKeySize CIPsecEncryptionKeySize
  ceipSecTunHistInSaAhAuthAlgo CIPsecAuthAlgorithm
  ceipSecTunHistInSaEspAuthAlgo CIPsecAuthAlgorithm
  ceipSecTunHistInSaDecompAlgo CIPsecCompAlgorithm
  ceipSecTunHistOutSaDHGrp CIPsecDiffHellmanGrp
  ceipSecTunHistOutSaEncryptAlgo CIPsecEncryptAlgorithm
  ceipSecTunHistOutSaEncryptKeySz CIPsecEncryptionKeySize
  ceipSecTunHistOutSaAhAuthAlgo CIPsecAuthAlgorithm
  ceipSecTunHistOutSaEspAuthAlgo CIPsecAuthAlgorithm
  ceipSecTunHistOutSaCompAlgo CIPsecCompAlgorithm
  ceipSecTunHistPmtu CIPsecPmtu
  ceipSecTunHistInOctets Counter64
  ceipSecTunHistInDecompOctets Counter64
  ceipSecTunHistInPkts Counter32
  ceipSecTunHistInDropPkts Counter32
  ceipSecTunHistInReplayDropPkts Counter32
  ceipSecTunHistInAuths Counter32
  ceipSecTunHistInAuthFails Counter32
  ceipSecTunHistInDecrypts Counter32
  ceipSecTunHistInDecryptFails Counter32
  ceipSecTunHistOutOctets Counter64
  ceipSecTunHistOutUncompOctets Counter64
  ceipSecTunHistOutPkts Counter32
  ceipSecTunHistOutDropPkts Counter32
  ceipSecTunHistOutAuths Counter32
  ceipSecTunHistOutAuthFails Counter32
  ceipSecTunHistOutEncrypts Counter32
  ceipSecTunHistOutEncryptFails Counter32
  ceipSecTunHistOutCompressedPkts Counter32
  ceipSecTunHistOutCompSkippedPkts Counter32
  ceipSecTunHistOutCompFailPkts Counter32
  ceipSecTunHistOutCompSmallPkts Counter32

CeipSecEndPtHistEntry  
SEQUENCE    
  ceipSecEndPtHistIndex Unsigned32
  ceipSecEndPtHistTunIndex Unsigned32
  ceipSecEndPtHistActiveIndex Unsigned32
  ceipSecEndPtHistLocalName SnmpAdminString
  ceipSecEndPtHistLocalType CIPsecEndPtType
  ceipSecEndPtHistLocalAddrType1 InetAddressType
  ceipSecEndPtHistLocalAddr1 InetAddress
  ceipSecEndPtHistLocalAddrType2 InetAddressType
  ceipSecEndPtHistLocalAddr2 InetAddress
  ceipSecEndPtHistLocalProtocol CiscoIpProtocol
  ceipSecEndPtHistLocalPort CiscoPort
  ceipSecEndPtHistRemoteName SnmpAdminString
  ceipSecEndPtHistRemoteType CIPsecEndPtType
  ceipSecEndPtHistRemoteAddrType1 InetAddressType
  ceipSecEndPtHistRemoteAddr1 InetAddress
  ceipSecEndPtHistRemoteAddrType2 InetAddressType
  ceipSecEndPtHistRemoteAddr2 InetAddress
  ceipSecEndPtHistRemoteProtocol CiscoIpProtocol
  ceipSecEndPtHistRemotePort CiscoPort

CeipSecFailEntry  
SEQUENCE    
  ceipSecFailIndex Unsigned32
  ceipSecFailReason INTEGER
  ceipSecFailTime TimeStamp
  ceipSecFailTunnelIndex CIPsecPhase2TunnelIndex
  ceipSecFailSaSpi CIPsecSpi
  ceipSecFailPktSrcAddressType InetAddressType
  ceipSecFailPktSrcAddress InetAddress
  ceipSecFailPktDstAddressType InetAddressType
  ceipSecFailPktDstAddress InetAddress

Defined Values

ciscoEnhancedIpsecFlowMIB 1.3.6.1.4.1.9.9.432
This is a MIB Module for monitoring the structures and status of IPSec-based networks. The MIB has been designed to be adopted as an IETF standard. Hence vendor-specific features of IPSec protocol are excluded from this MIB. Acronyms The following acronyms are used in this document: IPsec: Secure IP Protocol VPN: Virtual Private Network ISAKMP: Internet Security Association and Key Exchange Protocol IKE: Internet Key Exchange Protocol SA: Security Association (ref: rfc2408). SPI: Security Parameter Index is the pointer or identifier used in accessing SA attributes (ref: rfc2408). MM: Main Mode - the process of setting up a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs QM: Quick Mode - the process of setting up Phase 2 Security Associations using a Phase 1 SA. Phase 1 Tunnel: An ISAKMP SA can be regarded as representing a flow of ISAKMP/IKE traffic. Hence an ISAKMP is referred to as a 'Phase 1 Tunnel' in this document. Control Tunnel: Another term for a Phase 1 Tunnel. Phase 2 Tunnel: An instance of a non-ISAKMP SA bundle in which all the SA share the same proxy identifiers (IDii,IDir) protect the same stream of application traffic. Such an SA bundle is termed a 'Phase 2 Tunnel'. Note that a Phase 2 tunnel may comprise different SA bundles and different number of SA bundles at different times (due to key refresh). MTU: Maximum Transmission Unit (of an IPsec tunnel). History of the MIB A precursor to this MIB was written by Tivoli and implemented in IBM Nways routers in 1999. During late 1999, Cisco adopted the MIB and together with Tivoli publised the IPsec Flow Monitor MIB in IETF IPsec WG in draft-ietf-ipsec-flow-monitoring-mib-00.txt. In 2000, the MIB was Cisco-ized and implemented this draft as CISCO-IPSEC-FLOW-MONITOR-MIB in IOS and VPN3000 platforms. With the evolution of IKEv2, the MIB was modified and presented to the IPsec WG again in May 2003 in draft-ietf-ipsec-flow-monitoring-mib-02.txt. With the emergence of multiple IPsec signaling protocols, it became apparent that the signaling aspects of IPsec need to be instrumented separately in their own right. Thus, the IPsec control attributes and metrics were separated out into CISCO-IPSEC-SIGNALING-MIB and CISCO-IKE-FLOW-MIB. This version of the draft is the version of the draft that models that IPsec data protocol, structures and activity alone. Overview of MIB The MIB contains four major groups of objects which are used to manage the IPsec Protocol. These groups include a Levels Group, a Phase-1 Group, a Phase-2 Group, a History Group, a Failure Group and a TRAP Control Group. The following table illustrates the structure of the IPsec MIB. The Phase 2 group models objects pertaining to IPsec data tunnels. The History group is to aid applications that do trending analysis. The Failure group is to enable an operator to do troubleshooting and debugging of the VPN Router. Further, counters are supported to aid detection of potential security violations. In addition to the three major MIB Groups, there are a number of Notifications. The following table illustrates the name and description of the IPsec TRAPs.
MODULE-IDENTITY    

ciscoEnhancedIpsecFlowMIBNotifs 1.3.6.1.4.1.9.9.432.0
OBJECT IDENTIFIER    

ciscoEnhancedIpsecFlowMIBObjects 1.3.6.1.4.1.9.9.432.1
OBJECT IDENTIFIER    

ciscoEnhancedIpsecFlowMIBConform 1.3.6.1.4.1.9.9.432.2
OBJECT IDENTIFIER    

ceipSecPhaseTwo 1.3.6.1.4.1.9.9.432.1.1
OBJECT IDENTIFIER    

ceipSecHistory 1.3.6.1.4.1.9.9.432.1.2
OBJECT IDENTIFIER    

ceipSecFailures 1.3.6.1.4.1.9.9.432.1.3
OBJECT IDENTIFIER    

ceipSecNotificationCntl 1.3.6.1.4.1.9.9.432.1.5
OBJECT IDENTIFIER    

ceipSecCertNotification 1.3.6.1.4.1.9.9.432.1.6
OBJECT IDENTIFIER    

ceipSecGlobalStats 1.3.6.1.4.1.9.9.432.1.1.1
OBJECT IDENTIFIER    

ceipSecGlobalActiveTunnels 1.3.6.1.4.1.9.9.432.1.1.1.1
The total number of currently active IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Gauge32  

ceipSecGlobalPreviousTunnels 1.3.6.1.4.1.9.9.432.1.1.1.2
The total number of previously active IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalInOctets 1.3.6.1.4.1.9.9.432.1.1.1.3
A high capacity count of the total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalInDecompOctets 1.3.6.1.4.1.9.9.432.1.1.1.4
A high capacity count of the total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecGlobalInOctets.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalInPkts 1.3.6.1.4.1.9.9.432.1.1.1.5
The total number of packets received by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalInDrops 1.3.6.1.4.1.9.9.432.1.1.1.6
The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels. This count does NOT include packets dropped due to Anti-Replay processing.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalInReplayDrops 1.3.6.1.4.1.9.9.432.1.1.1.7
The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalInAuths 1.3.6.1.4.1.9.9.432.1.1.1.8
The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalInAuthFails 1.3.6.1.4.1.9.9.432.1.1.1.9
The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalInDecrypts 1.3.6.1.4.1.9.9.432.1.1.1.10
The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalInDecryptFails 1.3.6.1.4.1.9.9.432.1.1.1.11
The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutOctets 1.3.6.1.4.1.9.9.432.1.1.1.12
A high capacity count of the total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutUncompOctets 1.3.6.1.4.1.9.9.432.1.1.1.13
A high capacity count of the total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ceipSecGlobalOutOctets.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutPkts 1.3.6.1.4.1.9.9.432.1.1.1.14
The total number of packets sent by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutDrops 1.3.6.1.4.1.9.9.432.1.1.1.15
The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutAuths 1.3.6.1.4.1.9.9.432.1.1.1.16
The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutAuthFails 1.3.6.1.4.1.9.9.432.1.1.1.17
The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutEncrypts 1.3.6.1.4.1.9.9.432.1.1.1.18
The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecCertSubjectName 1.3.6.1.4.1.9.9.432.1.6.1
This object provides the subject name from the X.509 certificate, or the alternate subject name if it is available. The subject name is formatted as a character string matching the output of a ssh-certview command-line application, except that the application sending the notification may limit the string length. Example Subject Name: C=US, OU=DEV, CN=Test-01 Example Subject Alternative Name: 2001:0022:0022:0020:0000:0000:0000:0102
OBJECT-TYPE    
  SnmpAdminString  

ceipSecCertSerialNumber 1.3.6.1.4.1.9.9.432.1.6.2
This object provides the serial number from the X.509 certificate. The serial number is formatted as a character string matching the output of a ssh-certview command-line application. The issuer name and the serial number identify a unique certificate. Example: 1000655533
OBJECT-TYPE    
  SnmpAdminString  

ceipSecCertIssuerName 1.3.6.1.4.1.9.9.432.1.6.3
This object provides the issuer name from the X.509 certificate. The issuer name is formatted as a character string matching the output of a ssh-certview command-line application, except that the application sending the notification may limit the string length. The issuer name and the serial number identify a unique certificate. Example: C=US, O=Cisco, OU=MITG, CN=Lnx-Insta-RootCA-1
OBJECT-TYPE    
  SnmpAdminString  

ceipSecCertExpiryTime 1.3.6.1.4.1.9.9.432.1.6.4
This object provides the validity notAfter time from the X.509 certificate. The notAfter time is the time after which the certificate is not valid. The time is formatted as a character string matching the output of a ssh-certview command-line application. Example: 2012 Apr 14th, 19:01:45 GMT
OBJECT-TYPE    
  SnmpAdminString  

ceipSecCertRenewalStatus 1.3.6.1.4.1.9.9.432.1.6.5
This object provides the renewal status of the X.509 certificate on the application sending the notification. renewalNotNeeded(1) = certificate is OK and does not need to be renewed renewalRequestNeeded(2) = certificate renewal request is needed renewalRequested(3) = certificate renewal has been requested and the renewal process is proceeding renewalSuccess(4) = certificate has been renewed and will be OK (renewalNotNeeded) renewalFailedUpdate(5) = certificate renewal failed, but certificate is still usable until the validity expiration time provided in the notification, or otherwise restricted by the application renewalFailedExpired(6) = certificate is no longer valid, the current time is after the certificate's validity notAfter time, which is provided in this notification
OBJECT-TYPE    
  INTEGER renewalNotNeeded(1), renewalRequestNeeded(2), renewalRequested(3), renewalSuccess(4), renewalFailedUpdate(5), renewalFailedExpired(6)  

ceipSecCertExpiryStatus 1.3.6.1.4.1.9.9.432.1.6.6
This object provides the expiration status of the X.509 certificate on the application sending the notification. The notification is sent when the value of this object is changed from certOK(1) to certGoingExpired(2). certOK(1) = certificate is OK and is not within the configured time threshold for going to expire certGoingExpired(2) = certificate is within the configured time threshold for going to expire certExpired(3) = certificate has expired, the current time is after the certificate's validity notAfter time
OBJECT-TYPE    
  INTEGER certOK(1), certGoingExpired(2), certExpired(3)  

ceipSecGlobalOutEncryptFails 1.3.6.1.4.1.9.9.432.1.1.1.19
The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalProtocolUseFails 1.3.6.1.4.1.9.9.432.1.1.1.20
The total number of protocol use failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalNoSaFails 1.3.6.1.4.1.9.9.432.1.1.1.21
The total number of non-existent Security Association in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalSysCapFails 1.3.6.1.4.1.9.9.432.1.1.1.22
The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutCompressedPkts 1.3.6.1.4.1.9.9.432.1.1.1.23
The cumulative number of outbound packets across all IPsec flows terminating at this device which were successfully compressed.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutCompSkippedPkts 1.3.6.1.4.1.9.9.432.1.1.1.24
The total number of outbound packets across all IPsec flows terminating at this devices that were to be compressed but which were skipped due to the compression hysteresis.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutCompFailPkts 1.3.6.1.4.1.9.9.432.1.1.1.25
The total number of outbound packets across all IPsec flows terminating at this device that failed compression because they grew in size after compression.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalOutCompTooSmallPkts 1.3.6.1.4.1.9.9.432.1.1.1.26
The total number of outbound packets across all IPsec flows terminating at this device that were to be compressed but were smaller than the compression threshold size. This number is cumulative since the last system start.
OBJECT-TYPE    
  Counter64  

ceipSecGlobalThroughputUtilizatioinTimeInterval 1.3.6.1.4.1.9.9.432.1.1.1.27
The object is the length of the time interval to measure the throughtput utilization.
OBJECT-TYPE    
  Unsigned32  

ceipSecGlobalThroughputLastUpdatedTime 1.3.6.1.4.1.9.9.432.1.1.1.28
The timestamp is the end of the last throughput utilization time interval.
OBJECT-TYPE    
  TimeStamp  

ceipSecGlobalLastAveragePacketSize 1.3.6.1.4.1.9.9.432.1.1.1.29
This object is the average packet size in the last throughput utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime.
OBJECT-TYPE    
  Unsigned32  

ceipSecGlobalLastThroughputInMbps 1.3.6.1.4.1.9.9.432.1.1.1.30
The object is the total throughput in Mbps in the last throughput utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime.
OBJECT-TYPE    
  Unsigned32  

ceipSecGlobalLastThroughputInKpps 1.3.6.1.4.1.9.9.432.1.1.1.31
The object is the total throughput in Kpps in the last throughput utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime.
OBJECT-TYPE    
  Unsigned32  

ceipSecGlobalLastThroughputUtilization 1.3.6.1.4.1.9.9.432.1.1.1.32
The object is the throughput utilization in percentage in the last performance utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime.
OBJECT-TYPE    
  Unsigned32  

ceipSecGlobalPeakThroughputUtilization 1.3.6.1.4.1.9.9.432.1.1.1.33
The object is the peak throughput utilization in percentage since the managed system is active. It was observed in the throughput utilization time interval that ended at ceipSecGlobalPeakThroughputDateAndTime.
OBJECT-TYPE    
  Unsigned32  

ceipSecGlobalPeakThroughputDateAndTime 1.3.6.1.4.1.9.9.432.1.1.1.34
The date and time when ceipSecGlobalPeakThroughputUtilization is updated.
OBJECT-TYPE    
  DateAndTime  

ceipSecGlobalPeakThroughputInMbps 1.3.6.1.4.1.9.9.432.1.1.1.35
The object indicates the peak value of throughput in Mbps.
OBJECT-TYPE    
  Unsigned32  

ceipSecGlobalPeakAvgPacketSize 1.3.6.1.4.1.9.9.432.1.1.1.36
This object indicates the average packet size in bytes in the throughput utilization time interval that ended at ceipSecGlobalPeakThroughputDateAndTime.
OBJECT-TYPE    
  Unsigned32  

ceipSecTunnelTable 1.3.6.1.4.1.9.9.432.1.1.2
The IPsec Phase-2 Tunnel Table. There is one entry in this table for each active IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  SEQUENCE OF  
    CeipSecTunnelEntry

ceipSecTunnelEntry 1.3.6.1.4.1.9.9.432.1.1.2.1
Each entry contains the attributes associated with an active IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CeipSecTunnelEntry  

ceipSecTunIndex 1.3.6.1.4.1.9.9.432.1.1.2.1.1
The index of the IPsec Phase-2 Tunnel Table. The value of the index is a number which begins at 1 and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647. Since this object must correspond to a valid Phase-2 IPsec tunnel, this object may not assume the value of 0.
OBJECT-TYPE    
  CIPsecPhase2TunnelIndex  

ceipSecTunLocalAddressType 1.3.6.1.4.1.9.9.432.1.1.2.1.2
The type of the IP address of the local endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  InetAddressType  

ceipSecTunLocalAddress 1.3.6.1.4.1.9.9.432.1.1.2.1.3
The IP address of the local endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  InetAddress  

ceipSecTunRemoteAddressType 1.3.6.1.4.1.9.9.432.1.1.2.1.4
The type of the IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  InetAddressType  

ceipSecTunRemoteAddress 1.3.6.1.4.1.9.9.432.1.1.2.1.5
The IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  InetAddress  

ceipSecTunControlProtocol 1.3.6.1.4.1.9.9.432.1.1.2.1.6
Identifies the protocol used to setup and administer this Phase-2 IPsec tunnel. In case this tunnel was spawned by an IPsec signaling protocol, this MIB object contains the value of the object 'cisgIpsSgProtocol' defined in CISCO-IPSEC-SIGNALING-MIB in the table 'cisgIpsSgTunnelTable' in the row corresponding to the control tunnel. A value of 'cpManual' is indicative of a manually installed and administered Phase-2 tunnel.
OBJECT-TYPE    
  CIPsecControlProtocol  

ceipSecTunControlTunnelIndex 1.3.6.1.4.1.9.9.432.1.1.2.1.7
The index of the associated IPsec Phase-1 Tunnel. In case this tunnel was spawned by an IPsec signaling protocol, this MIB object contains the value of the object 'cisgIpsSgTunIndex' defined in CISCO-IPSEC-SIGNALING-MIB in the table 'cisgIpsSgTunnelTable' in the row corresponding to the control tunnel. A value of 0 identifies that this Phase-2 tunnel was setup manually.
OBJECT-TYPE    
  CIPsecPhase1TunnelIndexOrZero  

ceipSecTunControlTunnelAlive 1.3.6.1.4.1.9.9.432.1.1.2.1.8
An indicator which specifies whether or not the IPsec Phase-1 Tunnel that spawned this Phase-2 tunnel currently exists.
OBJECT-TYPE    
  TruthValue  

ceipSecTunEncapMode 1.3.6.1.4.1.9.9.432.1.1.2.1.9
The encapsulation mode used by the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecEncapMode  

ceipSecTunNATTraversalMode 1.3.6.1.4.1.9.9.432.1.1.2.1.10
The encapsulation used by the IPsec Phase-2 tunnel for NAT traversal. The value of this object is constrained based on the value of the column 'ceipSecTunEncapMode'. If the value of 'ceipSecTunEncapMode' is 'encapTransport', then this object may not assume the values 'natEncapIPsecOverUdp' or 'natEncapIPsecOverTcp'.
OBJECT-TYPE    
  CIPsecNATTraversalMode  

ceipSecTunLifeSize 1.3.6.1.4.1.9.9.432.1.1.2.1.11
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecTunLifeTime 1.3.6.1.4.1.9.9.432.1.1.2.1.12
The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. If the tunnel was setup manually, the value of this MIB element should be 0.
OBJECT-TYPE    
  Unsigned32  

ceipSecTunActiveTime 1.3.6.1.4.1.9.9.432.1.1.2.1.13
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
OBJECT-TYPE    
  TimeInterval  

ceipSecTunSaLifeSizeThreshold 1.3.6.1.4.1.9.9.432.1.1.2.1.14
The security association LifeSize refresh threshold in kilobytes. If the tunnel was setup manually, the value of this MIB element should be 0.
OBJECT-TYPE    
  Unsigned32  

ceipSecTunSaLifeTimeThreshold 1.3.6.1.4.1.9.9.432.1.1.2.1.15
The security association LifeTime refresh threshold in seconds. If the tunnel was setup manually, the value of this MIB element should be 0.
OBJECT-TYPE    
  Unsigned32  

ceipSecTunTotalRefreshes 1.3.6.1.4.1.9.9.432.1.1.2.1.16
The total number of security association refreshes performed.
OBJECT-TYPE    
  Counter32  

ceipSecTunExpiredSaInstances 1.3.6.1.4.1.9.9.432.1.1.2.1.17
The total number of security associations which have expired. If the tunnel was setup manually, the value of this MIB element should be 0.
OBJECT-TYPE    
  Counter32  

ceipSecTunCurrentSaInstances 1.3.6.1.4.1.9.9.432.1.1.2.1.18
The number of security associations which are currently active or expiring.
OBJECT-TYPE    
  Gauge32  

ceipSecTunInSaDHGrp 1.3.6.1.4.1.9.9.432.1.1.2.1.19
The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. If the tunnel was setup manually, the value of this MIB element would be `none'.
OBJECT-TYPE    
  CIPsecDiffHellmanGrp  

ceipSecTunInSaEncryptAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.20
The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecEncryptAlgorithm  

ceipSecTunInSaEncryptKeySize 1.3.6.1.4.1.9.9.432.1.1.2.1.21
The key size in bits of the negotiated key to be used with the algorithm denoted by 'ceipSecTunInSaEncryptAlgo'. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
OBJECT-TYPE    
  CIPsecEncryptionKeySize  

ceipSecTunInSaAhAuthAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.22
The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecAuthAlgorithm  

ceipSecTunInSaEspAuthAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.23
The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecAuthAlgorithm  

ceipSecTunInSaDecompAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.24
The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecCompAlgorithm  

ceipSecTunOutSaDHGrp 1.3.6.1.4.1.9.9.432.1.1.2.1.25
The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. If the tunnel was setup manually, the value of this MIB element would be 'none'.
OBJECT-TYPE    
  CIPsecDiffHellmanGrp  

ceipSecTunOutSaEncryptAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.26
The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecEncryptAlgorithm  

ceipSecTunOutSaEncryptKeySize 1.3.6.1.4.1.9.9.432.1.1.2.1.27
The key size in bits of the negotiated key to be used with the algorithm denoted by 'ceipSecTunOutSaEncryptAlgo'. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
OBJECT-TYPE    
  CIPsecEncryptionKeySize  

ceipSecTunOutSaAhAuthAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.28
The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecAuthAlgorithm  

ceipSecTunOutSaEspAuthAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.29
The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecAuthAlgorithm  

ceipSecTunOutSaCompAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.30
The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecCompAlgorithm  

ceipSecTunPmtu 1.3.6.1.4.1.9.9.432.1.1.2.1.31
The Path MTU for this IPsec Phase-2 tunnel, which has been either learnt from the network or which has been specified by the administrator. The lower end of the range is 68 which is the minimum MTU for IPv4.
OBJECT-TYPE    
  CIPsecPmtu  

ceipSecTunInOctets 1.3.6.1.4.1.9.9.432.1.1.2.1.32
A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
OBJECT-TYPE    
  Counter64  

ceipSecTunInDecompOctets 1.3.6.1.4.1.9.9.432.1.1.2.1.33
A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecTunInOctets.
OBJECT-TYPE    
  Counter64  

ceipSecTunInPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.34
The total number of packets received by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunInDropPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.35
The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing.
OBJECT-TYPE    
  Counter32  

ceipSecTunInReplayDropPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.36
The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunInAuths 1.3.6.1.4.1.9.9.432.1.1.2.1.37
The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunInAuthFails 1.3.6.1.4.1.9.9.432.1.1.2.1.38
The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel .
OBJECT-TYPE    
  Counter32  

ceipSecTunInDecrypts 1.3.6.1.4.1.9.9.432.1.1.2.1.39
The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunInDecryptFails 1.3.6.1.4.1.9.9.432.1.1.2.1.40
The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunOutOctets 1.3.6.1.4.1.9.9.432.1.1.2.1.41
A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed.
OBJECT-TYPE    
  Counter64  

ceipSecTunOutUncompOctets 1.3.6.1.4.1.9.9.432.1.1.2.1.42
A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ceipSecTunOutOctets.
OBJECT-TYPE    
  Counter64  

ceipSecTunOutPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.43
The total number of packets sent by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunOutDropPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.44
The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunOutAuths 1.3.6.1.4.1.9.9.432.1.1.2.1.45
The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunOutAuthFails 1.3.6.1.4.1.9.9.432.1.1.2.1.46
The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunOutEncrypts 1.3.6.1.4.1.9.9.432.1.1.2.1.47
The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunOutEncryptFails 1.3.6.1.4.1.9.9.432.1.1.2.1.48
The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunOutCompressedPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.49
The total number of outbound packets which were successfully compressed.
OBJECT-TYPE    
  Counter32  

ceipSecTunOutCompSkippedPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.50
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis.
OBJECT-TYPE    
  Counter32  

ceipSecTunOutCompFailPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.51
The total number of outbound packets that failed compression because they grew in size after compression.
OBJECT-TYPE    
  Counter32  

ceipSecTunOutCompTooSmallPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.52
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size.
OBJECT-TYPE    
  Counter32  

ceipSecIfIndex 1.3.6.1.4.1.9.9.432.1.1.2.1.53
This object represents the ifIndex of an interface where this tunnel is created. Multiple IPsec tunnels can be created using the same interface.
OBJECT-TYPE    
  InterfaceIndex  

ceipSecTunStatus 1.3.6.1.4.1.9.9.432.1.1.2.1.54
The status of the MIB table row. This object can be used to bring the tunnel down or force a rekeying. When the value is set to destroy(5), the SA bundle is destroyed and this row is deleted from this table. When the value is set to rekey(6), then rekeying is forced on this tunnel. When this MIB value is queried, the value of active(4) is always returned, if the instance exists. This object cannot be used to create a MIB table row.
OBJECT-TYPE    
  CIPsecTunnelStatus  

ceipSecEndPtTable 1.3.6.1.4.1.9.9.432.1.1.3
The IPsec Phase-2 Tunnel Endpoint Table. This table contains an entry for each active endpoint associated with an IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  SEQUENCE OF  
    CeipSecEndPtEntry

ceipSecEndPtEntry 1.3.6.1.4.1.9.9.432.1.1.3.1
An IPsec Phase-2 Tunnel Endpoint entry.
OBJECT-TYPE    
  CeipSecEndPtEntry  

ceipSecEndPtIndex 1.3.6.1.4.1.9.9.432.1.1.3.1.1
The number of the Endpoint associated with the IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 4,294,967,295.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecEndPtLocalName 1.3.6.1.4.1.9.9.432.1.1.3.1.2
The DNS name of the local Endpoint.
OBJECT-TYPE    
  SnmpAdminString  

ceipSecEndPtLocalType 1.3.6.1.4.1.9.9.432.1.1.3.1.3
The type of identity for the local Endpoint.
OBJECT-TYPE    
  CIPsecEndPtType  

ceipSecEndPtLocalAddrType1 1.3.6.1.4.1.9.9.432.1.1.3.1.4
The type of the IP address for this local Endpoint's first IP address.
OBJECT-TYPE    
  InetAddressType  

ceipSecEndPtLocalAddr1 1.3.6.1.4.1.9.9.432.1.1.3.1.5
The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtLocalType.
OBJECT-TYPE    
  InetAddress  

ceipSecEndPtLocalAddrType2 1.3.6.1.4.1.9.9.432.1.1.3.1.6
The type of the IP address for this local Endpoint's second IP address.
OBJECT-TYPE    
  InetAddressType  

ceipSecEndPtLocalAddr2 1.3.6.1.4.1.9.9.432.1.1.3.1.7
The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtLocalType.
OBJECT-TYPE    
  InetAddress  

ceipSecEndPtLocalProtocol 1.3.6.1.4.1.9.9.432.1.1.3.1.8
The protocol number of the local Endpoint's traffic.
OBJECT-TYPE    
  CiscoIpProtocol  

ceipSecEndPtLocalPort 1.3.6.1.4.1.9.9.432.1.1.3.1.9
The port number of the local Endpoint's traffic.
OBJECT-TYPE    
  CiscoPort  

ceipSecEndPtRemoteName 1.3.6.1.4.1.9.9.432.1.1.3.1.10
The DNS name of the remote Endpoint.
OBJECT-TYPE    
  SnmpAdminString  

ceipSecEndPtRemoteType 1.3.6.1.4.1.9.9.432.1.1.3.1.11
The type of identity for the remote Endpoint.
OBJECT-TYPE    
  CIPsecEndPtType  

ceipSecEndPtRemoteAddrType1 1.3.6.1.4.1.9.9.432.1.1.3.1.12
The type of the IP address for this remote Endpoint's first IP address.
OBJECT-TYPE    
  InetAddressType  

ceipSecEndPtRemoteAddr1 1.3.6.1.4.1.9.9.432.1.1.3.1.13
The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtRemoteType.
OBJECT-TYPE    
  InetAddress  

ceipSecEndPtRemoteAddrType2 1.3.6.1.4.1.9.9.432.1.1.3.1.14
The type of the IP address for this remote Endpoint's second IP address.
OBJECT-TYPE    
  InetAddressType  

ceipSecEndPtRemoteAddr2 1.3.6.1.4.1.9.9.432.1.1.3.1.15
The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtRemoteType.
OBJECT-TYPE    
  InetAddress  

ceipSecEndPtRemoteProtocol 1.3.6.1.4.1.9.9.432.1.1.3.1.16
The protocol number of the remote Endpoint's traffic.
OBJECT-TYPE    
  CiscoIpProtocol  

ceipSecEndPtRemotePort 1.3.6.1.4.1.9.9.432.1.1.3.1.17
The port number of the remote Endpoint's traffic.
OBJECT-TYPE    
  CiscoPort  

ceipSecSaTable 1.3.6.1.4.1.9.9.432.1.1.4
The IPsec Phase-2 Security Association Table. This table identifies the structure (in terms of component SAs) of each active Phase-2 IPsec tunnel. This table contains an entry for each active and expiring security association and maps each entry in the active Phase-2 tunnel table (ceipSecTunTable) into a number of entries in this table. The index of this table reflects the rule for identifying Security Associations.
OBJECT-TYPE    
  SEQUENCE OF  
    CeipSecSaEntry

ceipSecSaEntry 1.3.6.1.4.1.9.9.432.1.1.4.1
Each entry contains the attributes associated with active and expiring IPsec Phase-2 security associations.
OBJECT-TYPE    
  CeipSecSaEntry  

ceipSecSaProtocol 1.3.6.1.4.1.9.9.432.1.1.4.1.1
This column represents the security protocol (AH, ESP or IPComp) for which this security association was setup.
OBJECT-TYPE    
  CIPsecProtocol  

ceipSecSaIndex 1.3.6.1.4.1.9.9.432.1.1.4.1.2
The object, in the context of the IPsec tunnel 'ceipSecTunIndex', is an index of security associations comprising the Phase-2 IPsec tunnel represented by the tunnel index 'ceipSecTunIndex'. The value of this index is a number which begins at 1 and is incremented with each SPI associated with the corresponding IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecSaDirection 1.3.6.1.4.1.9.9.432.1.1.4.1.3
Phase-2 IPsec security associations are simplex. Hence a particular security association is used either for securing outgoing traffic or decoding incoming traffic. This column identifies the direction of the security association represented by this entry.
OBJECT-TYPE    
  CIPsecPhase2SaDirection  

ceipSecSaValue 1.3.6.1.4.1.9.9.432.1.1.4.1.4
This is the value of the Security Protection Index (SPI) assigned by the system to the security association represented by this entry.
OBJECT-TYPE    
  CIPsecSpi  

ceipSecSaStatus 1.3.6.1.4.1.9.9.432.1.1.4.1.5
This column represents the status of the security association represented by this conceptual row. If the status of the SA is 'active', the SA is ready for active use. The status 'expiring' represents any of the various states that the security association transitions through before being purged.
OBJECT-TYPE    
  INTEGER unknown(1), active(2), expiring(3)  

ceipSecTunnelSaTable 1.3.6.1.4.1.9.9.432.1.1.5
The IPsec Phase-2 Tunnel Security Association Table. This table identifies the SAs that are currently associated with an active Phase-2 tunnel. This table contains an entry for each active or expiring security association (SA) which is associated with an ceipSecTunnelEntry in 'active' state and provides statistic information of this SA. There might be multiple SAs associated with one ceipSecTunnelEntry.
OBJECT-TYPE    
  SEQUENCE OF  
    CeipSecTunnelSaEntry

ceipSecTunnelSaEntry 1.3.6.1.4.1.9.9.432.1.1.5.1
Each entry contains the attributes and statistics associated with an active or expiring IPsec Phase-2 security associations.
OBJECT-TYPE    
  CeipSecTunnelSaEntry  

ceipSecTunSaProtocol 1.3.6.1.4.1.9.9.432.1.1.5.1.1
This column represents the security protocol (AH, ESP or IPComp) for which this security association was setup.
OBJECT-TYPE    
  CIPsecProtocol  

ceipSecTunSaIndex 1.3.6.1.4.1.9.9.432.1.1.5.1.2
The object, in the context of the IPsec tunnel 'ceipSecTunIndex', is an index of security associations comprising the Phase-2 IPsec tunnel represented by the tunnel index 'ceipSecTunIndex'. The value of this index is a number which begins at 1 and is incremented with each SPI associated with the corresponding IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecTunSaDirection 1.3.6.1.4.1.9.9.432.1.1.5.1.3
Phase-2 IPsec security associations are simplex. Hence a particular security association is used either for securing outgoing traffic or decoding incoming traffic. This column identifies the direction of the security association represented by this entry.
OBJECT-TYPE    
  CIPsecPhase2SaDirection  

ceipSecTunSaValue 1.3.6.1.4.1.9.9.432.1.1.5.1.4
This is the value of the Security Protection Index (SPI) assigned by the system to the security association represented by this entry.
OBJECT-TYPE    
  CIPsecSpi  

ceipSecTunSaIfIndex 1.3.6.1.4.1.9.9.432.1.1.5.1.5
This object represents the ifIndex of an interface where a tunnel with ceipSecTunIndex is created. Multiple IPsec tunnels can be created using the same interface.
OBJECT-TYPE    
  InterfaceIndex  

ceipSecTunSaInOctets 1.3.6.1.4.1.9.9.432.1.1.5.1.6
A high capacity count of the total number of octets received by using this SA. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaInDecompOctets 1.3.6.1.4.1.9.9.432.1.1.5.1.7
A high capacity count of the total number of decompressed octets received by using this SA. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecTunSaTunInOctets.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaInPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.8
The total number of packets received by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaInDropPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.9
The total number of packets dropped during receive process by using this SA. This count does NOT include packets dropped due to Anti-Replay processing.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaInReplayDropPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.10
The total number of packets dropped during receive processing due to Anti-Replay processing by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaInAuths 1.3.6.1.4.1.9.9.432.1.1.5.1.11
The total number of inbound authentication's performed by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaInAuthFails 1.3.6.1.4.1.9.9.432.1.1.5.1.12
The total number of inbound authentication's which ended in failure by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaInDecrypts 1.3.6.1.4.1.9.9.432.1.1.5.1.13
The total number of inbound decryption's performed by this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaInDecryptFails 1.3.6.1.4.1.9.9.432.1.1.5.1.14
The total number of inbound decryption's which ended in failure by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutOctets 1.3.6.1.4.1.9.9.432.1.1.5.1.15
A high capacity count of the total number of octets sent by using this SA. This value is accumulated AFTER determining whether or not the packet should be compressed.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutUncompOctets 1.3.6.1.4.1.9.9.432.1.1.5.1.16
A high capacity count of the total number of uncompressed octets sent by using this SA. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ceipSecTunSaTunOutOctets.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.17
The total number of packets sent by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutDropPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.18
The total number of packets dropped during send processing by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutAuths 1.3.6.1.4.1.9.9.432.1.1.5.1.19
The total number of outbound authentication's performed by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutAuthFails 1.3.6.1.4.1.9.9.432.1.1.5.1.20
The total number of outbound authentication's which ended in failure by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutEncrypts 1.3.6.1.4.1.9.9.432.1.1.5.1.21
The total number of outbound encryption's performed by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutEncryptFails 1.3.6.1.4.1.9.9.432.1.1.5.1.22
The total number of outbound encryption's which ended in failure by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutCompressedPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.23
The total number of outbound packets which were successfully compressed by using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutCompSkippedPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.24
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis when using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutCompFailPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.25
The total number of outbound packets that failed compression because they grew in size after compression when using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaOutCompTooSmallPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.26
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size when using this SA.
OBJECT-TYPE    
  Counter64  

ceipSecTunSaStatus 1.3.6.1.4.1.9.9.432.1.1.5.1.27
This column represents the status of the security association represented by this conceptual row. If the status of the SA is 'active', the SA is ready for active use. The status 'expiring' represents any of the various states that the security association transitions through before being purged.
OBJECT-TYPE    
  INTEGER unknown(1), active(2), expiring(3)  

ceipSecIfTunnelTable 1.3.6.1.4.1.9.9.432.1.1.6
The IPsec Phase-2 Tunnels to Interface association table. This table contains an entry for each active IPsec Phase-2 Tunnel created under an interface. Multiple IPsec Phase-2 Tunnels can be created using the same interface.
OBJECT-TYPE    
  SEQUENCE OF  
    CeipSecIfTunnelEntry

ceipSecIfTunnelEntry 1.3.6.1.4.1.9.9.432.1.1.6.1
Each entry contains the IPsec Phase-2 Tunnel associated with an interface.
OBJECT-TYPE    
  CeipSecIfTunnelEntry  

ceipSecIfTunnelStatus 1.3.6.1.4.1.9.9.432.1.1.6.1.1
This object corresponds to the status of a IPsec Phase-2 Tunnel in ceipSecTunnelTable indexed by ceipSecTunIndex. The valid status this object can have are 'active' and 'awaitCommit'.
OBJECT-TYPE    
  CIPsecTunnelStatus  

ceipSecHistGlobal 1.3.6.1.4.1.9.9.432.1.2.1
OBJECT IDENTIFIER    

ceipSecHistGlobalCntl 1.3.6.1.4.1.9.9.432.1.2.1.1
OBJECT IDENTIFIER    

ceipSecHistTableSize 1.3.6.1.4.1.9.9.432.1.2.1.1.1
The window size of the IPsec Phase-2 History Tables. The IPsec Phase-2 History Tables are implemented as a sliding window in which only the last 'N' entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-2 History Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, in appropriate SNMP error code should be returned. Setting this value to zero is equivalent to deleting all conceptual rows in the archiving tables ('ceipSecHistTable' and 'ceipSecEndPtHistTable') and disabling the archiving of entries in the tables.
OBJECT-TYPE    
  Unsigned32  

ceipSecTunnelHistTable 1.3.6.1.4.1.9.9.432.1.2.2
The IPsec Phase-2 Tunnel History Table. This table is conceptually a sliding window in which only the last 'N' entries are maintained, where 'N' is the value of the object 'ceipSecHistTableSize'. If the value of 'ceipSecHistTableSize' is 0, archiving of entries in this table is disabled.
OBJECT-TYPE    
  SEQUENCE OF  
    CeipSecTunnelHistEntry

ceipSecTunnelHistEntry 1.3.6.1.4.1.9.9.432.1.2.2.1
Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CeipSecTunnelHistEntry  

ceipSecTunHistIndex 1.3.6.1.4.1.9.9.432.1.2.2.1.1
The index of the IPsec Phase-2 Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 4,294,967,295.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecTunHistTermReason 1.3.6.1.4.1.9.9.432.1.2.2.1.2
The reason the IPsec Phase-2 Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = applicationInitiated (eg: L2TP requesting the termination) 7 = failure of extended authentication 8 = local failure occurred 9 = operator initiated check point request
OBJECT-TYPE    
  INTEGER other(1), normal(2), operRequest(3), peerDelRequest(4), peerLost(5), applicationInitiated(6), xauthFailure(7), seqNumRollOver(8), checkPointReq(9)  

ceipSecTunHistActiveIndex 1.3.6.1.4.1.9.9.432.1.2.2.1.3
The index of the previously active IPsec Phase-2 Tunnel. This object must correspond to an expired IPsec tunnel; hence this object may not assume the value of 0.
OBJECT-TYPE    
  CIPsecPhase2TunnelIndex  

ceipSecTunHistLocalAddressType 1.3.6.1.4.1.9.9.432.1.2.2.1.4
The type of the IP address of the local endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  InetAddressType  

ceipSecTunHistLocalAddress 1.3.6.1.4.1.9.9.432.1.2.2.1.5
The IP address of the local endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  InetAddress  

ceipSecTunHistRemoteAddressType 1.3.6.1.4.1.9.9.432.1.2.2.1.6
The type of the IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  InetAddressType  

ceipSecTunHistRemoteAddress 1.3.6.1.4.1.9.9.432.1.2.2.1.7
The IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  InetAddress  

ceipSecTunHistControlProtocol 1.3.6.1.4.1.9.9.432.1.2.2.1.8
Identifies the protocol that was used to setup and administer Phase-2 IPsec tunnel.
OBJECT-TYPE    
  CIPsecControlProtocol  

ceipSecTunHistControlTunnelIndex 1.3.6.1.4.1.9.9.432.1.2.2.1.9
The index of the IPsec Phase-1 Tunnel that spawned this Phase-2 tunnel (in case of IKE, this value would refer to 'csikeTunIndex' in the 'csikeTunnelTable'). If the IPsec tunnel corresponding to this entry was setup manually, the value of this object should be zero.
OBJECT-TYPE    
  CIPsecPhase1TunnelIndexOrZero  

ceipSecTunHistEncapMode 1.3.6.1.4.1.9.9.432.1.2.2.1.10
The encapsulation mode used by the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecEncapMode  

ceipSecTunHistNATTraversalMode 1.3.6.1.4.1.9.9.432.1.2.2.1.11
The encapsulation used by the IPsec Phase-2 tunnel corresponding to this conceptual row for NAT traversal.
OBJECT-TYPE    
  CIPsecNATTraversalMode  

ceipSecTunHistLifeSize 1.3.6.1.4.1.9.9.432.1.2.2.1.12
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecTunHistLifeTime 1.3.6.1.4.1.9.9.432.1.2.2.1.13
The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecTunHistStartTime 1.3.6.1.4.1.9.9.432.1.2.2.1.14
The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started.
OBJECT-TYPE    
  TimeStamp  

ceipSecTunHistActiveTime 1.3.6.1.4.1.9.9.432.1.2.2.1.15
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
OBJECT-TYPE    
  TimeInterval  

ceipSecTunHistTotalRefreshes 1.3.6.1.4.1.9.9.432.1.2.2.1.16
The total number of security association refreshes performed.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistTotalSas 1.3.6.1.4.1.9.9.432.1.2.2.1.17
The total number of security associations used during the life of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistInSaDHGrp 1.3.6.1.4.1.9.9.432.1.2.2.1.18
The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecDiffHellmanGrp  

ceipSecTunHistInSaEncryptAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.19
The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecEncryptAlgorithm  

ceipSecTunHistInSaEncryptKeySize 1.3.6.1.4.1.9.9.432.1.2.2.1.20
The size in bits of the key which was negotiated to be used with the encryption transform used with this tunnel denoted by ceipSecTunHistInSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
OBJECT-TYPE    
  CIPsecEncryptionKeySize  

ceipSecTunHistInSaAhAuthAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.21
The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecAuthAlgorithm  

ceipSecTunHistInSaEspAuthAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.22
The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecAuthAlgorithm  

ceipSecTunHistInSaDecompAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.23
The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecCompAlgorithm  

ceipSecTunHistOutSaDHGrp 1.3.6.1.4.1.9.9.432.1.2.2.1.24
The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecDiffHellmanGrp  

ceipSecTunHistOutSaEncryptAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.25
The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecEncryptAlgorithm  

ceipSecTunHistOutSaEncryptKeySz 1.3.6.1.4.1.9.9.432.1.2.2.1.26
The size in bits of the key which was negotiated to be used with the encryption transform used with this tunnel denoted by ceipSecTunHistOutSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
OBJECT-TYPE    
  CIPsecEncryptionKeySize  

ceipSecTunHistOutSaAhAuthAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.27
The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecAuthAlgorithm  

ceipSecTunHistOutSaEspAuthAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.28
The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecAuthAlgorithm  

ceipSecTunHistOutSaCompAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.29
The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CIPsecCompAlgorithm  

ceipSecTunHistPmtu 1.3.6.1.4.1.9.9.432.1.2.2.1.30
The Path MTU that was determined for this IPsec Phase-2 tunnel.
OBJECT-TYPE    
  CIPsecPmtu  

ceipSecTunHistInOctets 1.3.6.1.4.1.9.9.432.1.2.2.1.31
A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
OBJECT-TYPE    
  Counter64  

ceipSecTunHistInDecompOctets 1.3.6.1.4.1.9.9.432.1.2.2.1.32
A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecTunInOctets.
OBJECT-TYPE    
  Counter64  

ceipSecTunHistInPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.33
The total number of packets received by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistInDropPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.34
The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistInReplayDropPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.35
The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistInAuths 1.3.6.1.4.1.9.9.432.1.2.2.1.36
The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistInAuthFails 1.3.6.1.4.1.9.9.432.1.2.2.1.37
The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel .
OBJECT-TYPE    
  Counter32  

ceipSecTunHistInDecrypts 1.3.6.1.4.1.9.9.432.1.2.2.1.38
The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistInDecryptFails 1.3.6.1.4.1.9.9.432.1.2.2.1.39
The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistOutOctets 1.3.6.1.4.1.9.9.432.1.2.2.1.40
A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed.
OBJECT-TYPE    
  Counter64  

ceipSecTunHistOutUncompOctets 1.3.6.1.4.1.9.9.432.1.2.2.1.41
A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of 'ceipSecTunOutOctets'.
OBJECT-TYPE    
  Counter64  

ceipSecTunHistOutPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.42
The total number of packets sent by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistOutDropPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.43
The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistOutAuths 1.3.6.1.4.1.9.9.432.1.2.2.1.44
The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistOutAuthFails 1.3.6.1.4.1.9.9.432.1.2.2.1.45
The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistOutEncrypts 1.3.6.1.4.1.9.9.432.1.2.2.1.46
The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistOutEncryptFails 1.3.6.1.4.1.9.9.432.1.2.2.1.47
The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistOutCompressedPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.48
The total number of outbound packets which were successfully compressed.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistOutCompSkippedPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.49
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistOutCompFailPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.50
The total number of outbound packets that failed compression because they grew in size after compression.
OBJECT-TYPE    
  Counter32  

ceipSecTunHistOutCompSmallPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.51
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size.
OBJECT-TYPE    
  Counter32  

ceipSecEndPtHistTable 1.3.6.1.4.1.9.9.432.1.2.3
The IPsec Phase-2 Tunnel Endpoint History Table. This table is conceptually a sliding window in which only the last 'N' entries are maintained, where 'N' is the value of the object 'ceipSecHistTableSize'. If the value of 'ceipSecHistTableSize' is 0, archiving of entries in this table is disabled.
OBJECT-TYPE    
  SEQUENCE OF  
    CeipSecEndPtHistEntry

ceipSecEndPtHistEntry 1.3.6.1.4.1.9.9.432.1.2.3.1
Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel Endpoint.
OBJECT-TYPE    
  CeipSecEndPtHistEntry  

ceipSecEndPtHistIndex 1.3.6.1.4.1.9.9.432.1.2.3.1.1
The number of the previously active Endpoint associated with a IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 4,294,967,295.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecEndPtHistTunIndex 1.3.6.1.4.1.9.9.432.1.2.3.1.2
The index of the previously active IPsec Phase-2 Tunnel Table.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecEndPtHistActiveIndex 1.3.6.1.4.1.9.9.432.1.2.3.1.3
The index of the previously active Endpoint.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecEndPtHistLocalName 1.3.6.1.4.1.9.9.432.1.2.3.1.4
The DNS name of the local Endpoint.
OBJECT-TYPE    
  SnmpAdminString  

ceipSecEndPtHistLocalType 1.3.6.1.4.1.9.9.432.1.2.3.1.5
The type of identity for the local Endpoint.
OBJECT-TYPE    
  CIPsecEndPtType  

ceipSecEndPtHistLocalAddrType1 1.3.6.1.4.1.9.9.432.1.2.3.1.6
The type of the IP address for this local Endpoint's first IP address.
OBJECT-TYPE    
  InetAddressType  

ceipSecEndPtHistLocalAddr1 1.3.6.1.4.1.9.9.432.1.2.3.1.7
The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtLocalType.
OBJECT-TYPE    
  InetAddress  

ceipSecEndPtHistLocalAddrType2 1.3.6.1.4.1.9.9.432.1.2.3.1.8
The type of the IP address for this local Endpoint's second IP address.
OBJECT-TYPE    
  InetAddressType  

ceipSecEndPtHistLocalAddr2 1.3.6.1.4.1.9.9.432.1.2.3.1.9
The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtLocalType.
OBJECT-TYPE    
  InetAddress  

ceipSecEndPtHistLocalProtocol 1.3.6.1.4.1.9.9.432.1.2.3.1.10
The protocol number of the local Endpoint's traffic.
OBJECT-TYPE    
  CiscoIpProtocol  

ceipSecEndPtHistLocalPort 1.3.6.1.4.1.9.9.432.1.2.3.1.11
The port number of the local Endpoint's traffic.
OBJECT-TYPE    
  CiscoPort  

ceipSecEndPtHistRemoteName 1.3.6.1.4.1.9.9.432.1.2.3.1.12
The DNS name of the remote Endpoint.
OBJECT-TYPE    
  SnmpAdminString  

ceipSecEndPtHistRemoteType 1.3.6.1.4.1.9.9.432.1.2.3.1.13
The type of identity for the remote Endpoint.
OBJECT-TYPE    
  CIPsecEndPtType  

ceipSecEndPtHistRemoteAddrType1 1.3.6.1.4.1.9.9.432.1.2.3.1.14
The type of the IP address for this remote Endpoint's first IP address.
OBJECT-TYPE    
  InetAddressType  

ceipSecEndPtHistRemoteAddr1 1.3.6.1.4.1.9.9.432.1.2.3.1.15
The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtRemoteType.
OBJECT-TYPE    
  InetAddress  

ceipSecEndPtHistRemoteAddrType2 1.3.6.1.4.1.9.9.432.1.2.3.1.16
The type of the IP address for this remote Endpoint's second IP address.
OBJECT-TYPE    
  InetAddressType  

ceipSecEndPtHistRemoteAddr2 1.3.6.1.4.1.9.9.432.1.2.3.1.17
The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtRemoteType.
OBJECT-TYPE    
  InetAddress  

ceipSecEndPtHistRemoteProtocol 1.3.6.1.4.1.9.9.432.1.2.3.1.18
The protocol number of the remote Endpoint's traffic.
OBJECT-TYPE    
  CiscoIpProtocol  

ceipSecEndPtHistRemotePort 1.3.6.1.4.1.9.9.432.1.2.3.1.19
The port number of the remote Endpoint's traffic.
OBJECT-TYPE    
  CiscoPort  

ceipSecFailGlobal 1.3.6.1.4.1.9.9.432.1.3.1
OBJECT IDENTIFIER    

ceipSecFailGlobalCntl 1.3.6.1.4.1.9.9.432.1.3.1.1
OBJECT IDENTIFIER    

ceipSecFailTableSize 1.3.6.1.4.1.9.9.432.1.3.1.1.1
The window size of the IPsec Phase-2 Failure Table. The IPsec Phase-2 Failure Tables are implemented as a sliding window in which only the last N entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-2 Failure Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, an appropriate SNMP error vode must be returned. Setting this value to zero is equivalent to deleting all conceptual rows in the archiving table 'ceipSecFailTable' and disabling the archiving of entries in these tables.
OBJECT-TYPE    
  Unsigned32  

ceipSecFailTable 1.3.6.1.4.1.9.9.432.1.3.2
The IPsec Phase-2 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ceipSecFailTableSize object.
OBJECT-TYPE    
  SEQUENCE OF  
    CeipSecFailEntry

ceipSecFailEntry 1.3.6.1.4.1.9.9.432.1.3.2.1
Each entry contains the attributes associated with an IPsec Phase-1 failure.
OBJECT-TYPE    
  CeipSecFailEntry  

ceipSecFailIndex 1.3.6.1.4.1.9.9.432.1.3.2.1.1
The IPsec Phase-2 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 4,294,967,295.
OBJECT-TYPE    
  Unsigned32 1..4294967295  

ceipSecFailReason 1.3.6.1.4.1.9.9.432.1.3.2.1.2
The reason for the failure. Possible reasons include: 1 = other 2 = internal error occurred 3 = peer encoding error 4 = proposal failure 5 = protocol use failure 6 = non-existent security association 7 = decryption failure 8 = encryption failure 9 = inbound authentication failure 10 = outbound authentication failure 11 = compression failure 12 = system capacity failure 13 = peer delete request was received 14 = contact with peer was lost 15 = sequence number rolled over 16 = operator requested termination 17 = performance utilization exceeding the threshold.
OBJECT-TYPE    
  INTEGER other(1), internalError(2), peerEncodingError(3), proposalFailure(4), protocolUseFail(5), nonExistentSa(6), decryptFailure(7), encryptFailure(8), inAuthFailure(9), outAuthFailure(10), compression(11), sysCapExceeded(12), peerDelRequest(13), peerLost(14), seqNumRollOver(15), operRequest(16), performanceUtilization(17)  

ceipSecFailTime 1.3.6.1.4.1.9.9.432.1.3.2.1.3
The value of sysUpTime in hundredths of seconds at the time of the failure.
OBJECT-TYPE    
  TimeStamp  

ceipSecFailTunnelIndex 1.3.6.1.4.1.9.9.432.1.3.2.1.4
The Phase-2 Tunnel index (ceipSecTunIndex). If this conceptual row corresponds to an operation failure (that is, the failure of an established Phase-2 IPsec tunnel), then the value of this object may not be zero.
OBJECT-TYPE    
  CIPsecPhase2TunnelIndex  

ceipSecFailSaSpi 1.3.6.1.4.1.9.9.432.1.3.2.1.5
The security association SPI value. If this conceptual row corresponds to a setup failure (failure to establish the tunnel), the value of this MIB object is undefined.
OBJECT-TYPE    
  CIPsecSpi  

ceipSecFailPktSrcAddressType 1.3.6.1.4.1.9.9.432.1.3.2.1.6
The type of the packet's source IP address.
OBJECT-TYPE    
  InetAddressType  

ceipSecFailPktSrcAddress 1.3.6.1.4.1.9.9.432.1.3.2.1.7
The packet's source IP address.
OBJECT-TYPE    
  InetAddress  

ceipSecFailPktDstAddressType 1.3.6.1.4.1.9.9.432.1.3.2.1.8
The type of the packet's destination IP address.
OBJECT-TYPE    
  InetAddressType  

ceipSecFailPktDstAddress 1.3.6.1.4.1.9.9.432.1.3.2.1.9
The packet's destination IP address.
OBJECT-TYPE    
  InetAddress  

ceipSecNotiCntlIpSecAllNotifs 1.3.6.1.4.1.9.9.432.1.5.1
This object sending any notification defined in this MIB module. That is, a particular notification 'foo' defined in this MIB module is enabled if and only if the expression (ceipSecNotiCntlIpSecAllNotifs && ceipSecNotiCntl) evaluates to 'true', where ceipSecNotiCntl is a notification defined in this MIB module.
OBJECT-TYPE    
  TruthValue  

ceipSecNotifCntlIpSecTunnelStart 1.3.6.1.4.1.9.9.432.1.5.2
This object defines the administrative state of sending the IPsec Phase-2 Tunnel Start TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowTunnelStart' is enabled.
OBJECT-TYPE    
  TruthValue  

ceipSecNotifCntlIpSecTunnelStop 1.3.6.1.4.1.9.9.432.1.5.3
This object defines the administrative state of sending the IPsec Phase-2 Tunnel Stop TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowTunnelStop' is enabled.
OBJECT-TYPE    
  TruthValue  

ceipSecNotifCntlIpSecSysFailure 1.3.6.1.4.1.9.9.432.1.5.4
This object defines the administrative state of sending the IPsec Phase-2 System Failure TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowSysFailure' is enabled.
OBJECT-TYPE    
  TruthValue  

ceipSecNotifCntlIpSecSetUpFail 1.3.6.1.4.1.9.9.432.1.5.5
This object defines the administrative state of sending the IPsec Phase-2 Set Up Failure TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowSetupFail' is enabled.
OBJECT-TYPE    
  TruthValue  

ceipSecNotifCntlIpSecBadSa 1.3.6.1.4.1.9.9.432.1.5.6
This object defines the administrative state of sending the IPsec Phase-2 No Security Association trap. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowBadSa' is enabled.
OBJECT-TYPE    
  TruthValue  

ceipSecNotifCntlCertExpiry 1.3.6.1.4.1.9.9.432.1.5.7
This object defines the administrative state of sending the IPSec certificate expiry notification. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowCertExpiry' is enabled, otherwise notification 'ciscoEnhIpsecFlowCertExpiry' is disabled.
OBJECT-TYPE    
  TruthValue  

ceipSecNotifCntlCertRenewal 1.3.6.1.4.1.9.9.432.1.5.8
This object defines the administrative state of sending the IPSec X.509 certificate renewal status notification. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowCertRenewal' is enabled, otherwise notification 'ciscoEnhIpsecFlowCertRenewal' is disabled.
OBJECT-TYPE    
  TruthValue  

ciscoEnhIpsecFlowTunnelStart 1.3.6.1.4.1.9.9.432.0.1
This notification is generated when an IPsec Phase-2 Tunnel becomes active.
NOTIFICATION-TYPE    

ciscoEnhIpsecFlowTunnelStop 1.3.6.1.4.1.9.9.432.0.2
This notification is generated when an IPsec Phase-2 Tunnel becomes inactive.
NOTIFICATION-TYPE    

ciscoEnhIpsecFlowSysFailure 1.3.6.1.4.1.9.9.432.0.3
This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences an internal or system capacity error.
NOTIFICATION-TYPE    

ciscoEnhIpsecFlowSetupFail 1.3.6.1.4.1.9.9.432.0.4
This notification is generated when the setup for an IPsec Phase-2 Tunnel fails.
NOTIFICATION-TYPE    

ciscoEnhIpsecFlowBadSa 1.3.6.1.4.1.9.9.432.0.5
This notification is generated when the managed entity receives an IPsec packet with a non-existent (non-existant in the local Security Association Database) SPI.
NOTIFICATION-TYPE    

ciscoEnhIpsecFlowCertExpiry 1.3.6.1.4.1.9.9.432.0.6
This notification is generated to notify that an X.509 certificate is going to expire. The notification is triggered the time threshold configured on the application for notification before the certificate is going to expire, which is when the value of ceipSecCertExpiryStatus is changed from certOK(1) to certGoingExpired(2). The user should take action to renew the certificate identified in the notification prior to the certificate expiration, which is at the validity notAfter time provided in the notification.
NOTIFICATION-TYPE    

ciscoEnhIpsecFlowCertRenewal 1.3.6.1.4.1.9.9.432.0.7
This notification is generated to report a status transition for an X.509 certificate renewal performed by the application. The notification is generated when the value of ceipSecCertRenewalStatus is changed from 1. renewalNotNeeded(1) to renewalRequestNeeded(2) or renewalRequested(3) 2. renewalRequestNeeded(2) to renewalRequested(3) 3. renewalRequested(3) to renewalSuccess(4) or renewalFailedUpdate(5) or renewalFailedExpired(6) 4. renewalFailedUpdate(5) to renewalFailedExpired(6)
NOTIFICATION-TYPE    

ciscoEnhIPsecFlowMIBCompliances 1.3.6.1.4.1.9.9.432.2.1
OBJECT IDENTIFIER    

ciscoIPsecFlowMIBGroups 1.3.6.1.4.1.9.9.432.2.2
OBJECT IDENTIFIER    

ciscoEnhIPsecFlowMIBCompliance 1.3.6.1.4.1.9.9.432.2.1.1
Write access is not required.
MODULE-COMPLIANCE    

ciscoEnhIPsecFlowMIBComplianceRev1 1.3.6.1.4.1.9.9.432.2.1.2
Write access is not required.
MODULE-COMPLIANCE    

ciscoEnhIPsecFlowMIBComplianceRev2 1.3.6.1.4.1.9.9.432.2.1.3
Write access is not required.
MODULE-COMPLIANCE    

ciscoEnhIPsecFlowActivityGroup 1.3.6.1.4.1.9.9.432.2.2.1
This group consists of: 1) IPsec Phase-2 Global Statistics 2) IPsec Phase-2 Tunnel Table 3) IPsec Phase-2 Endpoint Table 4) IPsec Phase-2 Security Association Table
OBJECT-GROUP    

ciscoEnhIPsecFlowCoreHistGroup 1.3.6.1.4.1.9.9.432.2.2.2
This group consists of the core (mandatory) objects pertaining to maintaining history of IPsec activity.
OBJECT-GROUP    

ciscoEnhIPsecFlowHistoryGroup 1.3.6.1.4.1.9.9.432.2.2.3
This group consists of objects that pertain to maintenance of history of IPsec Phase 2 activity.
OBJECT-GROUP    

ciscoEnhIPsecFlowCoreFailGroup 1.3.6.1.4.1.9.9.432.2.2.4
This group consists of the core (mandatory) objects pertaining to maintaining history of failure IPsec activity.
OBJECT-GROUP    

ciscoEnhIPsecFlowFailureGroup 1.3.6.1.4.1.9.9.432.2.2.5
This group consists of objects that pertain to maintenance of history of failures associated with Phase 2 IPsec activity.
OBJECT-GROUP    

ciscoEnhIPsecFlowNotifCntlGroup 1.3.6.1.4.1.9.9.432.2.2.6
This group of objects controls the sending of notifications pertaining to IPsec Phase-2 processing.
OBJECT-GROUP    

ciscoEnhIPsecFlowNotifGroup 1.3.6.1.4.1.9.9.432.2.2.7
This group contains the notifications pertaining to Phase-2 operations and data transfer.
NOTIFICATION-GROUP    

ciscoEnhIPsecFlowTunnelSaGroup 1.3.6.1.4.1.9.9.432.2.2.8
This group consists of the Phase-2 IPsec tunnel Security Association and traffic information.
OBJECT-GROUP    

ciscoEnhIPsecFlowNotifCntlGroupSup01 1.3.6.1.4.1.9.9.432.2.2.9
This supplement group of objects controls the sending of X.509 certificate IPSec notifications.
OBJECT-GROUP    

ciscoEnhIPsecFlowNotifGroupSup01 1.3.6.1.4.1.9.9.432.2.2.10
This supplement group contains the X.509 certificate notifications for the IPSec MIB.
NOTIFICATION-GROUP    

ciscoEnhIPsecFlowCertObjectGroup 1.3.6.1.4.1.9.9.432.2.2.11
This group consists of objects to support X.509 certificates.
OBJECT-GROUP    

ciscoEnhIPsecFlowPerformanceThroughputGroup 1.3.6.1.4.1.9.9.432.2.2.12
This group consists of objects to show the the performance utilization.
OBJECT-GROUP