HM2-VPN-MIB

Imported modules

Imported symbols

OBJECT-TYPE	MODULE-IDENTITY	NOTIFICATION-TYPE
OBJECT-IDENTITY	Integer32	Unsigned32
Counter64	TruthValue	RowStatus
DisplayString	hm2ConfigurationMibs	HmTimeSeconds1970
HmLargeDisplayString

Defined Types

Hm2VpnConnEntry
SEQUENCE
	hm2VpnConnIndex	Integer32
	hm2VpnConnIkeVersion	INTEGER
	hm2VpnConnIkeStartup	INTEGER
	hm2VpnConnIkeLifetime	Integer32
	hm2VpnConnIkeDpdTimeout	Integer32
	hm2VpnConnIkeLocalAddr	DisplayString
	hm2VpnConnIkeRemoteAddr	DisplayString
	hm2VpnConnIkeAuthType	INTEGER
	hm2VpnConnIkeAuthMode	INTEGER
	hm2VpnConnIkeAuthCertCA	DisplayString
	hm2VpnConnIkeAuthCertRemote	DisplayString
	hm2VpnConnIkeAuthCertLocal	DisplayString
	hm2VpnConnIkeAuthPrivKey	DisplayString
	hm2VpnConnIkeAuthPasswd	DisplayString
	hm2VpnConnIkeAuthPsk	DisplayString
	hm2VpnConnIkeAuthLocId	DisplayString
	hm2VpnConnIkeAuthLocType	INTEGER
	hm2VpnConnIkeAuthRemId	DisplayString
	hm2VpnConnIkeAuthRemType	INTEGER
	hm2VpnConnIkeAlgDh	INTEGER
	hm2VpnConnIkeAlgMac	INTEGER
	hm2VpnConnIkeAlgEncr	INTEGER
	hm2VpnConnIkeReAuth	TruthValue
	hm2VpnConnIpsecMode	INTEGER
	hm2VpnConnIpsecLifetime	Integer32
	hm2VpnConnMargintime	Integer32
	hm2VpnConnIpsecAlgDh	INTEGER
	hm2VpnConnIpsecAlgMac	INTEGER
	hm2VpnConnIpsecAlgEncr	INTEGER
	hm2VpnConnOperStatus	INTEGER
	hm2VpnConnDesc	DisplayString
	hm2VpnConnLastError	HmLargeDisplayString
	hm2VpnConnDebug	BITS
	hm2VpnConnRowStatus	RowStatus

Hm2VpnConnInfoEntry
SEQUENCE
	hm2VpnConnInfoIkeVersionUsed	INTEGER
	hm2VpnConnInfoIkeProposal	DisplayString
	hm2VpnConnInfoIpsecProposal	DisplayString
	hm2VpnConnInfoLocalHost	DisplayString
	hm2VpnConnInfoRemoteHost	DisplayString
	hm2VpnConnInfoEstablished	Unsigned32
	hm2VpnConnInfoIKEReauth	Unsigned32
	hm2VpnConnInfoIKERekeying	Unsigned32
	hm2VpnConnInfoIpsecRekeying	Unsigned32
	hm2VpnConnInfoIpsecInBytes	Counter64
	hm2VpnConnInfoIpsecInPackets	Counter64
	hm2VpnConnInfoIpsecInUse	Unsigned32
	hm2VpnConnInfoIpsecOutBytes	Counter64
	hm2VpnConnInfoIpsecOutPackets	Counter64
	hm2VpnConnInfoIpsecOutUse	Unsigned32
	hm2VpnConnInfoIKEInitiatorSPI	DisplayString
	hm2VpnConnInfoIKEResponderSPI	DisplayString
	hm2VpnConnInfoIpsecInSPI	DisplayString
	hm2VpnConnInfoIpsecOutSPI	DisplayString

Hm2VpnTrafficSelEntry
SEQUENCE
	hm2VpnTrafficSelIndex	Integer32
	hm2VpnTrafficSelSrcAddr	DisplayString
	hm2VpnTrafficSelDstAddr	DisplayString
	hm2VpnTrafficSelSrcRest	DisplayString
	hm2VpnTrafficSelDstRest	DisplayString
	hm2VpnTrafficSelDesc	DisplayString
	hm2VpnTrafficSelRowStatus	RowStatus

Hm2VpnCertificateEntry
SEQUENCE
	hm2VpnCertificateIndex	Integer32
	hm2VpnCertificateSubject	DisplayString
	hm2VpnCertificateIssuer	DisplayString
	hm2VpnCertificateStartDate	HmTimeSeconds1970
	hm2VpnCertificateEndDate	HmTimeSeconds1970
	hm2VpnCertificateFileName	DisplayString
	hm2VpnCertificateType	INTEGER
	hm2VpnCertificateCertUploadDate	HmTimeSeconds1970
	hm2VpnCertificatePrivateKeyStatus	INTEGER
	hm2VpnCertificatePrivateKeyFile	DisplayString
	hm2VpnCertificateNoConnections	Integer32
	hm2VpnCertificateUserActions	INTEGER

Defined Values

hm2VpnMib		1.3.6.1.4.1.248.11.120
This MIB defines the SNMP interface for Hirschmann VPN implementations.
MODULE-IDENTITY

hm2VpnMibNotifications		1.3.6.1.4.1.248.11.120.0
OBJECT IDENTIFIER

hm2VpnMibObjects		1.3.6.1.4.1.248.11.120.1
OBJECT IDENTIFIER

hm2VpnMibSNMPExtensionGroup		1.3.6.1.4.1.248.11.120.3
OBJECT IDENTIFIER

hm2VpnGeneralGroup		1.3.6.1.4.1.248.11.120.1.1
OBJECT IDENTIFIER

hm2VpnConnectionGroup		1.3.6.1.4.1.248.11.120.1.2
OBJECT IDENTIFIER

hm2VpnTrafficSelGroup		1.3.6.1.4.1.248.11.120.1.3
OBJECT IDENTIFIER

hm2VpnCertificateGroup		1.3.6.1.4.1.248.11.120.1.4
OBJECT IDENTIFIER

hm2VpnConnMax		1.3.6.1.4.1.248.11.120.1.2.1
Maximum number of VPN connections supported. Notice that the maximum number of active and up VPN connections is limited to hm2VpnConnActiveMax.
Status: current	Access: read-only
OBJECT-TYPE
	Integer32	0..256

hm2VpnConnActiveMax		1.3.6.1.4.1.248.11.120.1.2.2
Maximum number of active (and up) VPN connections supported.
Status: current	Access: read-only
OBJECT-TYPE
	Integer32	0..256

hm2VpnConnNext		1.3.6.1.4.1.248.11.120.1.2.3
This object always holds an appropriate value to be used for hm2VpnConnIndex when creating entries in the hm2VpnConnTable. The value 0 indicates that no unassigned entries are available. To obtain the hm2VpnConnIndex value for a new entry, the management station issues a SNMP retrieval operation to obtain the current value of this object. After each row creation or deletion the agent modifies the value to the next unassigned index.
Status: current	Access: read-only
OBJECT-TYPE
	Integer32	0..256

hm2VpnConnTable		1.3.6.1.4.1.248.11.120.1.2.10
A list of VPN connections.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		Hm2VpnConnEntry

hm2VpnConnEntry		1.3.6.1.4.1.248.11.120.1.2.10.1
A VPN connection entry.
Status: current	Access: not-accessible
OBJECT-TYPE
	Hm2VpnConnEntry

hm2VpnConnIndex		1.3.6.1.4.1.248.11.120.1.2.10.1.1
An index that uniquely identifies the entry in the table.
Status: current	Access: accessible-for-notify
OBJECT-TYPE
	Integer32	1..256

hm2VpnConnIkeVersion		1.3.6.1.4.1.248.11.120.1.2.10.1.2
Version of the IKE protocol: o ike: accept IKEv1/v2 as responder, start with IKEv2 as initiator o ikev1: used protocol is IKE version 1 (ISAKMP) o ikev2: used protocol is IKE version 2
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	ike(1), ikev1(2), ikev2(3)

hm2VpnConnIkeStartup		1.3.6.1.4.1.248.11.120.1.2.10.1.3
If this host acts as a responder it does not initiate a key exchange (IKE) nor connection parameters negotiation. Otherwise, this host acts as an initiator - then it initiates an IKE actively.
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	initiator(1), responder(2)

hm2VpnConnIkeLifetime		1.3.6.1.4.1.248.11.120.1.2.10.1.4
Lifetime of IKE security association in seconds. The maximum value is 24 hours (86400 seconds).
Status: current	Access: read-create
OBJECT-TYPE
	Integer32	300..86400

hm2VpnConnIkeDpdTimeout		1.3.6.1.4.1.248.11.120.1.2.10.1.5
If greater than zero, the local peer sends Dead Peer Detection (DPD) messages (according to RFC 3706) to the remote peer. This value specifies the timeout in seconds, the remote peer is declared dead, if not responding. The value 0 disables this feature.
Status: current	Access: read-create
OBJECT-TYPE
	Integer32	0..86400

hm2VpnConnIkeLocalAddr		1.3.6.1.4.1.248.11.120.1.2.10.1.6
Hostname (FQDN) or IP address of local security gateway. If the value is 'any', then the IP address of the matching interface is used. Establishing the connection may be delayed until the hostname (if specified) can be resolved.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnIkeRemoteAddr		1.3.6.1.4.1.248.11.120.1.2.10.1.7
Typically the hostname (FQDN) or IP address of remote security gateway. If this value is 'any', then any IP address is accepted when establishing an IKE-SA as responder. Also a network in CIDR notation, to be accepted when establishing the IKE-SA, is allowed as responder. As initiator such values are not allowed. Establishing the VPN connection may be delayed until the hostname (if specified) can be resolved.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnIkeAuthType		1.3.6.1.4.1.248.11.120.1.2.10.1.8
Type of authentication to be used: pre-shared key, individual X509 certificates (separate for CA and local identification) or one PKCS12 container with all the needed certificates (including the CA).
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	psk(1), individualx509(2), pkcs12(3)

hm2VpnConnIkeAuthMode		1.3.6.1.4.1.248.11.120.1.2.10.1.9
The phase 1 exchange mode to be used (IKEv1).
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	main(1), aggressive(2)

hm2VpnConnIkeAuthCertCA		1.3.6.1.4.1.248.11.120.1.2.10.1.10
PEM encoded X.509 certificate file name (RFC 1422), if authentication type in 'hm2VpnConnIkeAuthType' is 'individualx509'. This certificate is used for RSA based signature verification in local and remote certificates. The file needs to be uploaded separately.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnIkeAuthCertRemote		1.3.6.1.4.1.248.11.120.1.2.10.1.11
PEM encoded X.509 certificate file name (RFC 1422), if authentication type in 'hm2VpnConnIkeAuthType' is 'individualx509'. This certificate is used for RSA based authentication of remote peer at the local side. This certificate binds the identity of remote peer to it's public key. It is optional because typically send by the remote peer while negotiating an ISAKMP/IKE security association. The file needs to be uploaded separately.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnIkeAuthCertLocal		1.3.6.1.4.1.248.11.120.1.2.10.1.12
PEM encoded X.509 certificate file name (RFC 1422) to be used, if authentication type in 'hm2VpnConnIkeAuthType' is 'individualx509' or 'pkcs12'. This certificate is used for authentication of local peer at the remote side. The certificate binds the identity of local peer to it's public key, signed by the certification authority (CA) from 'hm2VpnConnIkeAuthCertCA'. The file needs to be uploaded separately.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnIkeAuthPrivKey		1.3.6.1.4.1.248.11.120.1.2.10.1.13
Private key file name to be used, if authentication type in 'hm2VpnConnIkeAuthType' is 'individualx509' and the key stored on the device is encrypted with a passphrase (so it cannot automatically be matched with the certificate). Note that this is only the filename of the private key. The passphrase must be added to 'hm2VpnConnIkeAuthPasswd'.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnIkeAuthPasswd		1.3.6.1.4.1.248.11.120.1.2.10.1.14
Passphrase to be used for decryption of private key from 'hm2VpnConnIkeAuthPrivKey' or the certificate container for 'pkcs12' type certificates which are uploaded encrypted.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnIkeAuthPsk		1.3.6.1.4.1.248.11.120.1.2.10.1.15
Pre-shared key (passphrase) to be used if authentication type in 'hm2VpnConnIkeAuthType' is 'psk'. The pre-shared key sequence cannot contain newline or double-quote characters. Alternatively to characters sequence, pre-shared secrets can be represented as hexadecimal or Base64 encoded binary values. A character sequence beginning with 0x is interpreted as sequence hexadecimal digits. Similarly, a character sequence beginning with 0s is interpreted as Base64 encoded binary data.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnIkeAuthLocId		1.3.6.1.4.1.248.11.120.1.2.10.1.16
Local peer identifier to be sent within ID payload during negotiation. The ID payload is used to identify the initiator of the security association. The identity is used by the responder to determine the correct host system security policy requirement for the association (see RFC 2407, section 4.6.2 for details when using IKEv1 and RFC 4306, section 3.5 for IKEv2). Allowed formats for this object depend on 'hm2VpnConnIkeAuthLocType': o default: don't care o address: don't care, take IPv4 address or host name from hm2VpnConnIkeLocalAddr o id: - IPv4 address or host name - key identifier - fully qualified domain name - fully qualified RFC 822 email address - X.500 distinguished name (DN)
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnIkeAuthLocType		1.3.6.1.4.1.248.11.120.1.2.10.1.17
Type of local peer identifier in 'hm2VpnConnIkeAuthLocId': o default: If 'hm2VpnConnIkeAuthType' is 'psk' then use the IP address or host name from 'hm2VpnConnIkeLocalAddr' as local identifier. In case of 'individualx509' or 'pkcs12' use the DN from local certificate in 'hm2VpnConnIkeAuthCertLocal'. o address: use the IP address or DNS name from 'hm2VpnConnIkeLocalAddr' as local identifier. o id: use the configured value in hm2VpnConnIkeAuthLocId (it can be of any type in the description). For further information see RFC 2407, section 4.6.2
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	default(1), address(2), id(3)

hm2VpnConnIkeAuthRemId		1.3.6.1.4.1.248.11.120.1.2.10.1.18
Remote peer identifier to be compared with ID payload during negotiation. The ID payload is used to identify the initiator of the security association. The identity is used by the responder to determine the correct host system security policy requirement for the association (see RFC 2407, section 4.6.2 for details when using IKEv1 and RFC 4306, section 3.5 for IKEv2). Allowed formats for this entry depend on 'hm2VpnConnIkeAuthRemType': o any: don't care o address: don't care, take IPv4 address or host name from hm2VpnConnIkeRemoteAddr o id: - IPv4 address or host name - key identifier - fully qualified domain name - fully qualified RFC 822 email address - X.500 distinguished name (DN)
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnIkeAuthRemType		1.3.6.1.4.1.248.11.120.1.2.10.1.19
Type of remote peer identifier in hm2VpnConnIkeAuthRemId: o any: received remote identifier is not checked o address: use the IP address or host name from 'hm2VpnConnIkeRemoteAddr' as remote identifier. o id: use the configured value in hm2VpnConnIkeAuthRemId (it can be of any type in the description). For further information see RFC 2407, section 4.6.2
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	any(1), address(2), id(3)

hm2VpnConnIkeAlgDh		1.3.6.1.4.1.248.11.120.1.2.10.1.20
Diffie-Hellman key agreement algorithm to be used for establishment of IKE-SA: o any: accept all supported algorithms as responder, use default as initiator o modp1024: RSA with 1024 bits modulus (DH Group 2) o modp1536: RSA with 1536 bits modulus (DH Group 5) o modp2048: RSA with 2048 bits modulus (DH Group 14) o modp3072: RSA with 3072 bits modulus (DH Group 15) o modp4096: RSA with 4096 bits modulus (DH Group 16)
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	any(1), modp1024(2), modp1536(3), modp2048(4), modp3072(5), modp4096(6)

hm2VpnConnIkeAlgMac		1.3.6.1.4.1.248.11.120.1.2.10.1.21
Integrity (MAC) algorithm to be used in IKEv2: o any: accept all supported algorithms as responder, use various pre-defined as initiator o hmacmd5: HMAC-MD5 (length 96 bit) o hmacsha1: HMAC-SHA1 (length 96 bit) o hmacsha256: HMAC-SHA256 (length 128 bit) o hmacsha384: HMAC-SHA384 (length 196 bit) o hmacsha512: HMAC-SHA512 (length 256 bit)
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	any(1), hmacmd5(2), hmacsha1(3), hmacsha256(4), hmacsha384(5), hmacsha512(6)

hm2VpnConnIkeAlgEncr		1.3.6.1.4.1.248.11.120.1.2.10.1.22
Encryption algorithm to be used in IKE: o any: accept all supported algorithms as responder, use various pre-defined as initiator o des: DES o des3: Triple-DES o aes128: AES with 128 key bits o aes192: AES with 192 key bits o aes256: AES with 256 key bits
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	any(1), des(2), des3(3), aes128(4), aes192(5), aes256(6)

hm2VpnConnIkeReAuth		1.3.6.1.4.1.248.11.120.1.2.10.1.23
whether re-keying of an IKE_SA should also re-authenticate the peer. In IKEv1, re-authentication is always done (also when set to false). In IKEv2, a value of false does re-keying without un-installing the IPsec SAs, a value of true creates a new IKE_SA from scratch and tries to recreate all IPsec SAs.
Status: current	Access: read-create
OBJECT-TYPE
	TruthValue

hm2VpnConnIpsecMode		1.3.6.1.4.1.248.11.120.1.2.10.1.24
IPsec encapsulation mode.
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	tunnel(1)

hm2VpnConnIpsecLifetime		1.3.6.1.4.1.248.11.120.1.2.10.1.25
Lifetime of IPsec security association in seconds. The maximum value is 8 hours (28800 seconds).
Status: current	Access: read-create
OBJECT-TYPE
	Integer32	300..28800

hm2VpnConnMargintime		1.3.6.1.4.1.248.11.120.1.2.10.1.26
How long before connection expiry or keying-channel expiry should attempts to negotiate a replacement begin. The maximum value is half an hour (1800 seconds). The margin time needs to be at most half of the lifetime.
Status: current	Access: read-create
OBJECT-TYPE
	Integer32	1..1800

hm2VpnConnIpsecAlgDh		1.3.6.1.4.1.248.11.120.1.2.10.1.27
Diffie-Hellman key agreement algorithm to be used for IPsec-SA session key establishment: o any: accept all supported algorithms as responder, use various pre-defined as initiator o modp1024: RSA with 1024 bits modulus (DH Group 2) o modp1536: RSA with 1536 bits modulus (DH Group 5) o modp2048: RSA with 2048 bits modulus (DH Group 14) o modp3072: RSA with 3072 bits modulus (DH Group 15) o modp4096: RSA with 4096 bits modulus (DH Group 16) o none: no Perfect Forward Secrecy (PFS)
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	any(1), modp1024(2), modp1536(3), modp2048(4), modp3072(5), modp4096(6), none(7)

hm2VpnConnIpsecAlgMac		1.3.6.1.4.1.248.11.120.1.2.10.1.28
Integrity (MAC) algorithm to be used in IPsec: o any: accept all supported algorithms as responder, use various pre-defined as initiator o hmacmd5: HMAC-MD5 (length 96 bit) o hmacsha1: HMAC-SHA1 (length 96 bit) o hmacsha256: HMAC-SHA256 (length 128 bit) o hmacsha384: HMAC-SHA384 (length 196 bit) o hmacsha512: HMAC-SHA512 (length 256 bit)
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	any(1), hmacmd5(2), hmacsha1(3), hmacsha256(4), hmacsha384(5), hmacsha512(6)

hm2VpnConnIpsecAlgEncr		1.3.6.1.4.1.248.11.120.1.2.10.1.29
Encryption algorithm to be used for payload encryption in IPsec: o any: accept all supported algorithms as responder, use various pre-defined as initiator o des: DES o des3: Triple-DES o aes128: AES-CBC with 128 key bits o aes192: AES-CBC with 192 key bits o aes256: AES-CBC with 256 key bits o aes128ctr: AES-COUNTER with 128 key bits o aes192ctr: AES-COUNTER with 192 key bits o aes256ctr: AES-COUNTER with 256 key bits o aes128gcm64: AES-GCM with 64 bit ICV with 128 key bits o aes128gcm96: AES-GCM with 96 bit ICV with 128 key bits o aes128gcm128: AES-GCM with 128 bit ICV with 128 key bits o aes192gcm64: AES-GCM with 64 bit ICV with 192 key bits o aes192gcm96: AES-GCM with 96 bit ICV with 192 key bits o aes192gcm128: AES-GCM with 128 bit ICV with 192 key bits o aes256gcm64: AES-GCM with 64 bit ICV with 256 key bits o aes256gcm96: AES-GCM with 96 bit ICV with 256 key bits o aes256gcm128: AES-GCM with 128 bit ICV with 256 key bits
Status: current	Access: read-create
OBJECT-TYPE
	INTEGER	any(1), des(2), des3(3), aes128(4), aes192(5), aes256(6), aes128ctr(7), aes192ctr(8), aes256ctr(9), aes128gcm64(10), aes128gcm96(11), aes128gcm128(12), aes192gcm64(13), aes192gcm96(14), aes192gcm128(15), aes256gcm64(16), aes256gcm96(17), aes256gcm128(18)

hm2VpnConnOperStatus		1.3.6.1.4.1.248.11.120.1.2.10.1.30
The current operational status of the VPN connection: o 'up': the IKE-SA and all IPsec SAs are up; o 'down': the IKE-SA and all IPsec SAs are down; o 'negotiation': key exchange and algorithm negotiation is in progress (or, as responder, waiting to be contacted for that purpose); o 'constructing': the IKE-SA is up, but at least one IPsec-SA is not established so far; o 'dormant': waiting for a precondition to be fulfilled before connection setup, e.g.: - a dynamically assigned IP address; - successful hostname resolution; - assignment of a valid system time. o 're-keying': key exchange is in progress after timeout of lifetime has occured, either IKE or IPSEC;
Status: current	Access: read-only
OBJECT-TYPE
	INTEGER	up(1), down(2), negotiation(3), constructing(4), dormant(5), re-keying(6)

hm2VpnConnDesc		1.3.6.1.4.1.248.11.120.1.2.10.1.31
User defined text.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnLastError		1.3.6.1.4.1.248.11.120.1.2.10.1.32
Last error notification occurred for this connection. This is useful if the connection does not reach the up state to see if an error has occurred in the proposal exchange or when establishing the tunnel. In most cases this variable should be empty.
Status: current	Access: read-only
OBJECT-TYPE
	HmLargeDisplayString	Size(0..512)

hm2VpnConnDebug		1.3.6.1.4.1.248.11.120.1.2.10.1.33
Used for debugging purpose of the VPN connections. May affect the performance significant. Please handle with care. If the bit is set informational(0) messages, unhandled(1) messages (not handled by the stack) are logged to the event log
Status: current	Access: read-create
OBJECT-TYPE
	BITS	informational(0), unhandled(1)

hm2VpnConnRowStatus		1.3.6.1.4.1.248.11.120.1.2.10.1.34
The row status of this table entry. If the row status is 'active' then it is not allowed to change any value (this applies also to active traffic selectors). The maximum number of active VPN connections is limited to hm2VpnConnMax. The maximum number of active and up VPN connections is limited to hm2VpnConnActiveMax.
Status: current	Access: read-create
OBJECT-TYPE
	RowStatus

hm2VpnConnInfoTable		1.3.6.1.4.1.248.11.120.1.2.15
A list of VPN connections.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		Hm2VpnConnInfoEntry

hm2VpnConnInfoEntry		1.3.6.1.4.1.248.11.120.1.2.15.1
A VPN connection entry.
Status: current	Access: not-accessible
OBJECT-TYPE
	Hm2VpnConnInfoEntry

hm2VpnConnInfoIkeVersionUsed		1.3.6.1.4.1.248.11.120.1.2.15.1.1
Version of the IKE protocol used by connection: o ikev1: used protocol is IKE version 1 (ISAKMP) o ikev2: used protocol is IKE version 2
Status: current	Access: read-only
OBJECT-TYPE
	INTEGER	ikev1(1), ikev2(2)

hm2VpnConnInfoIkeProposal		1.3.6.1.4.1.248.11.120.1.2.15.1.2
Algorithms the IKE use for key exchange.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnInfoIpsecProposal		1.3.6.1.4.1.248.11.120.1.2.15.1.3
Algorithms IPsec use for the data communication.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnInfoLocalHost		1.3.6.1.4.1.248.11.120.1.2.15.1.4
Local host detected by IKE.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnInfoRemoteHost		1.3.6.1.4.1.248.11.120.1.2.15.1.5
Remote host detected by IKE.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnConnInfoEstablished		1.3.6.1.4.1.248.11.120.1.2.15.1.6
Time in seconds since the connection has been established (is updated after IKE re-authentication).
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

hm2VpnConnInfoIKEReauth		1.3.6.1.4.1.248.11.120.1.2.15.1.7
Time in seconds when the next IKE re-authentication will take place.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

hm2VpnConnInfoIKERekeying		1.3.6.1.4.1.248.11.120.1.2.15.1.8
Time in seconds when the next IKE re-keying will take place.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

hm2VpnConnInfoIpsecRekeying		1.3.6.1.4.1.248.11.120.1.2.15.1.9
Time in seconds when the next IPsec re-keying will take place.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

hm2VpnConnInfoIpsecInBytes		1.3.6.1.4.1.248.11.120.1.2.15.1.10
Number of input Bytes from this IPsec tunnel.
Status: current	Access: read-only
OBJECT-TYPE
	Counter64

hm2VpnConnInfoIpsecInPackets		1.3.6.1.4.1.248.11.120.1.2.15.1.11
Number of input packets from this IPsec tunnel.
Status: current	Access: read-only
OBJECT-TYPE
	Counter64

hm2VpnConnInfoIpsecInUse		1.3.6.1.4.1.248.11.120.1.2.15.1.12
Time in seconds since the IPsec tunnel has received last time data.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

hm2VpnConnInfoIpsecOutBytes		1.3.6.1.4.1.248.11.120.1.2.15.1.13
Number of output Bytes to this IPsec tunnel.
Status: current	Access: read-only
OBJECT-TYPE
	Counter64

hm2VpnConnInfoIpsecOutPackets		1.3.6.1.4.1.248.11.120.1.2.15.1.14
Number of output packets to this IPsec tunnel.
Status: current	Access: read-only
OBJECT-TYPE
	Counter64

hm2VpnConnInfoIpsecOutUse		1.3.6.1.4.1.248.11.120.1.2.15.1.15
Time in seconds since to the IPsec tunnel has sent last time data.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

hm2VpnConnInfoIKEInitiatorSPI		1.3.6.1.4.1.248.11.120.1.2.15.1.16
The IKE initiator SPI (local or remote, depends on initiator settings).
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..32)

hm2VpnConnInfoIKEResponderSPI		1.3.6.1.4.1.248.11.120.1.2.15.1.17
The IKE responder SPI (local or remote, depends on initiator settings).
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..32)

hm2VpnConnInfoIpsecInSPI		1.3.6.1.4.1.248.11.120.1.2.15.1.18
The input IPsec SPI.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..16)

hm2VpnConnInfoIpsecOutSPI		1.3.6.1.4.1.248.11.120.1.2.15.1.19
The output IPsec SPI.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..16)

hm2VpnTrafficSelTable		1.3.6.1.4.1.248.11.120.1.3.1
A list of traffic selectors. For details on the role of traffic selectors in IPsec protocol see RFC 2409, section 5.5 and RFC 4306, section 2.9.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		Hm2VpnTrafficSelEntry

hm2VpnTrafficSelEntry		1.3.6.1.4.1.248.11.120.1.3.1.1
A traffic selector entry. A traffic selector defines the subnet/host addresses for which this IPSec connection (SA) is responsible.
Status: current	Access: not-accessible
OBJECT-TYPE
	Hm2VpnTrafficSelEntry

hm2VpnTrafficSelIndex		1.3.6.1.4.1.248.11.120.1.3.1.1.1
An index that (together with the connection index hm2VpnConnIndex) identifies the entry in the traffic selector table. This index can be choosen freely, but must be greater than 0.
Status: current	Access: not-accessible
OBJECT-TYPE
	Integer32	1..16

hm2VpnTrafficSelSrcAddr		1.3.6.1.4.1.248.11.120.1.3.1.1.2
Host or subnet address in CIDR notation (a.b.c.d/n) for which this traffic descriptor (and the associated VPN connection) is responsible. This address is compared to the source address of IP packets sent, when determining the associated IPsec and IKE-SA. The special keyword 'any' means that the address comparison always matches.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..32)

hm2VpnTrafficSelDstAddr		1.3.6.1.4.1.248.11.120.1.3.1.1.3
Host or subnet address in CIDR notation (a.b.c.d/n) for which this traffic descriptor (and the associated VPN connection) is responsible. This address is compared to the destination address of IP packets sent, when determining the associated IPsec and IKE-SA. The special keyword 'any' means that the address comparison always matches.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..32)

hm2VpnTrafficSelSrcRest		1.3.6.1.4.1.248.11.120.1.3.1.1.4
The optional source restrictions (names or numbers) , e.g. tcp/http which is equal to 6/80, or udp which is equal to udp/any or /53 which is equal to any/53
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..32)

hm2VpnTrafficSelDstRest		1.3.6.1.4.1.248.11.120.1.3.1.1.5
The optional destination restrictions (names or numbers) , e.g. tcp/http which is equal to 6/80, or udp which is equal to udp/any or /53 which is equal to any/53
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..32)

hm2VpnTrafficSelDesc		1.3.6.1.4.1.248.11.120.1.3.1.1.6
User defined text.
Status: current	Access: read-create
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnTrafficSelRowStatus		1.3.6.1.4.1.248.11.120.1.3.1.1.7
The row status of this table entry. Only traffic selector entries with an 'active' row status will be considered if the connections row status is set 'active'. Independent of that dependency any value in this entry can be changed only if the row status is not 'active'.
Status: current	Access: read-create
OBJECT-TYPE
	RowStatus

hm2VpnCertificateUploadPassphrase		1.3.6.1.4.1.248.11.120.1.4.1
Setting the correct passphrase here before uploading an encrypted private key or an encrypted PKCS12 container will trigger the decryption of the uploaded file before storing on the device. The value cannot be read and is not stored after the file transfer. WARNING: the file is stored unencrypted on the device. Use with care!
Status: current	Access: read-write
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnCertificateTable		1.3.6.1.4.1.248.11.120.1.4.10
The list of certificates available on the device.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		Hm2VpnCertificateEntry

hm2VpnCertificateEntry		1.3.6.1.4.1.248.11.120.1.4.10.1
A certificate file entry. A certificate file which has been copied to the device and can be used for VPN connections.
Status: current	Access: not-accessible
OBJECT-TYPE
	Hm2VpnCertificateEntry

hm2VpnCertificateIndex		1.3.6.1.4.1.248.11.120.1.4.10.1.1
Index of the entry.
Status: current	Access: not-accessible
OBJECT-TYPE
	Integer32	1..100

hm2VpnCertificateSubject		1.3.6.1.4.1.248.11.120.1.4.10.1.2
Subject field of certificate.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnCertificateIssuer		1.3.6.1.4.1.248.11.120.1.4.10.1.3
Certificate issuer.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..128)

hm2VpnCertificateStartDate		1.3.6.1.4.1.248.11.120.1.4.10.1.4
Time and date when certificate is begining to be valid.
Status: current	Access: read-only
OBJECT-TYPE
	HmTimeSeconds1970

hm2VpnCertificateEndDate		1.3.6.1.4.1.248.11.120.1.4.10.1.5
Time and date when certificate will expire.
Status: current	Access: read-only
OBJECT-TYPE
	HmTimeSeconds1970

hm2VpnCertificateFileName		1.3.6.1.4.1.248.11.120.1.4.10.1.6
Name of the file consisting of alphanumeric characters plus hyphen, underscore and dot.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..64)

hm2VpnCertificateType		1.3.6.1.4.1.248.11.120.1.4.10.1.7
Type of the container file used.
Status: current	Access: read-only
OBJECT-TYPE
	INTEGER	ca(1), peer(2), encryptedkey(3), pkcs12(4), encryptedpkcs12(5)

hm2VpnCertificateCertUploadDate		1.3.6.1.4.1.248.11.120.1.4.10.1.8
Time and date of last write access using the content of the variable hm2SystemTime.
Status: current	Access: read-only
OBJECT-TYPE
	HmTimeSeconds1970

hm2VpnCertificatePrivateKeyStatus		1.3.6.1.4.1.248.11.120.1.4.10.1.9
Shows if a Peer certificate has a private key uploaded on the device. A Peer certificate cannot be used without a private key uploaded to the device. Does not apply to CA certificates.
Status: current	Access: read-only
OBJECT-TYPE
	INTEGER	none(1), present(2), notFound(3)

hm2VpnCertificatePrivateKeyFile		1.3.6.1.4.1.248.11.120.1.4.10.1.10
Name of the file consisting of alphanumeric characters plus hyphen, underscore and dot.
Status: current	Access: read-only
OBJECT-TYPE
	DisplayString	Size(0..64)

hm2VpnCertificateNoConnections		1.3.6.1.4.1.248.11.120.1.4.10.1.11
Number of active connections that use this certificate. The certificate cannot be deleted from the device unless there are no active connections using it (this field is set to 0).
Status: current	Access: read-only
OBJECT-TYPE
	Integer32	0..256

hm2VpnCertificateUserActions		1.3.6.1.4.1.248.11.120.1.4.10.1.12
Provides a way to delete unused certificate files from the device. A certificate can only be deleted if there are no active connections using it (see hm2VpnCertificateNoConnections). Deleting a Peer certificate automatically deletes the private key asociated with it (if any).
Status: current	Access: read-write
OBJECT-TYPE
	INTEGER	other(1), delete(2)

hm2VpnMibSNMPExtensionNoTrafficSelector		1.3.6.1.4.1.248.11.120.3.1
Indicates that for a VPN connection no active traffic selectors are available.
Status: current	Access: read-write
OBJECT-IDENTITY

hm2VpnMibSNMPExtensionTooManyActive		1.3.6.1.4.1.248.11.120.3.2
Indicates that too many VPN connections are in active state.
Status: current	Access: read-write
OBJECT-IDENTITY

hm2VpnMibSNMPExtensionTooManyConns		1.3.6.1.4.1.248.11.120.3.3
Indicates that too many VPN connections shall be added to the configuration.
Status: current	Access: read-write
OBJECT-IDENTITY

hm2VpnMibSNMPExtensionActiveRow		1.3.6.1.4.1.248.11.120.3.4
Indicates that an active row shall be changed.
Status: current	Access: read-write
OBJECT-IDENTITY

hm2VpnMibSNMPExtensionInitiatorAny		1.3.6.1.4.1.248.11.120.3.5
Indicates that for a VPN connection as initiator the remote end point is set to any.
Status: current	Access: read-write
OBJECT-IDENTITY

hm2VpnUpTrap		1.3.6.1.4.1.248.11.120.0.1
A hm2VpnUpTrap trap signals that a VPN connection is about to enter the up state from some other state (see 'hm2VpnConnOperStatus').
Status: current	Access: read-write
NOTIFICATION-TYPE

hm2VpnDownTrap		1.3.6.1.4.1.248.11.120.0.2
A hm2VpnDownTrap trap signals that a VPN connection is about to enter the down state from some other state (see 'hm2VpnConnOperStatus').
Status: current	Access: read-write
NOTIFICATION-TYPE