IPSEC-FLOW-MONITOR-MIB

File: IPSEC-FLOW-MONITOR-MIB.mib (237064 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
IPSEC-FLOW-MIB-TC

Imported symbols

MODULE-IDENTITY OBJECT-TYPE NOTIFICATION-TYPE
Counter32 Counter64 Gauge32
Integer32 experimental TEXTUAL-CONVENTION
DisplayString TimeStamp TimeInterval
TruthValue MODULE-COMPLIANCE OBJECT-GROUP
NOTIFICATION-GROUP ControlProtocol Phase1PeerIdentityType
IkeNegoMode IkeHashAlgo IkeAuthMethod
DiffHellmanGrp EncapMode EncryptAlgo
Spi AuthAlgo CompAlgo
EndPtType

Defined Types

HashedString  
128-bit MD5 output string of an input string
TEXTUAL-CONVENTION    
  OCTET STRING Size(16)  

IPSIpAddress  
An IP V4 or V6 Address.
TEXTUAL-CONVENTION    
  OCTET STRING Size(4|16)  

IkePeerType  
The type of IPsec Phase-1 IKE peer identity. The IKE peer may be identified by one of the ID types defined in IPSEC DOI. This textual convention has been deprecated in favour of the more generic `Phase1PeerType'. (defined in module IPSEC-FLOW-MIB-TC).
TEXTUAL-CONVENTION    
  INTEGER reserved(0), id-ipv4-addr(1), id-fqdn(2), id-dn(3), id-ipv6-addr(4)  

KeyType  
The type of key used by an IPsec Phase-2 Tunnel. This textual convention has been deprecated and has been repaced by the standard textual convention ControlProtocol (defined in module IPSEC-FLOW-MIB-TC).
TEXTUAL-CONVENTION    
  INTEGER reserved(0), key-ike(1), key-manual(2), key-kink(3), key-ikev2(4)  

TunnelStatus  
The status of a Tunnel. Objects of this type may be used to bring the tunnel down by setting value of this object to destroy(4). Objects of this type cannot be used to create a Tunnel.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), awaitXauth(1), awaitCommit(2), active(3), destroy(4)  

TrapStatus  
The administrative status for sending a TRAP.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), enabled(1), disabled(2)  

IkeTunnelEntry  
SEQUENCE    
  ikeTunIndex Integer32
  ikeTunLocalType Phase1PeerIdentityType
  ikeTunLocalValue DisplayString
  ikeTunLocalAddr IPSIpAddress
  ikeTunLocalName DisplayString
  ikeTunRemoteType Phase1PeerIdentityType
  ikeTunRemoteValue DisplayString
  ikeTunRemoteAddr IPSIpAddress
  ikeTunRemoteName DisplayString
  ikeTunNegoMode IkeNegoMode
  ikeTunDiffHellmanGrp DiffHellmanGrp
  ikeTunEncryptAlgo EncryptAlgo
  ikeTunHashAlgo IkeHashAlgo
  ikeTunAuthMethod IkeAuthMethod
  ikeTunLifeTime Integer32
  ikeTunActiveTime TimeInterval
  ikeTunSaRefreshThreshold Integer32
  ikeTunTotalRefreshes Counter32
  ikeTunInOctets Counter32
  ikeTunInPkts Counter32
  ikeTunInDropPkts Counter32
  ikeTunInNotifys Counter32
  ikeTunInP2Exchgs Counter32
  ikeTunInP2ExchgInvalids Counter32
  ikeTunInP2ExchgRejects Counter32
  ikeTunInP2SaDelRequests Counter32
  ikeTunOutOctets Counter32
  ikeTunOutPkts Counter32
  ikeTunOutDropPkts Counter32
  ikeTunOutNotifys Counter32
  ikeTunOutP2Exchgs Counter32
  ikeTunOutP2ExchgInvalids Counter32
  ikeTunOutP2ExchgRejects Counter32
  ikeTunOutP2SaDelRequests Counter32
  ikeTunStatus TunnelStatus
  ikeTunInNewGrpReqs Counter32
  ikeTunOutNewGrpReqs Counter32
  ikeTunInNewGrpReqsRejected Counter32
  ikeTunOutNewGrpReqsRejected Counter32
  ikeTunInConfigs Counter32
  ikeTunOutConfigs Counter32
  ikeTunInConfigsRejects Counter32
  ikeTunOutConfigsRejects Counter32
  ikeTunEncryptKeySize Integer32

Phase1PeerEntry  
SEQUENCE    
  phase1PeerLocalType Phase1PeerIdentityType
  phase1PeerLocalValue DisplayString
  phase1PeerHLocalValue HashedString
  phase1PeerRemoteType Phase1PeerIdentityType
  phase1PeerRemoteValue DisplayString
  phase1PeerHRemoteValue HashedString
  phase1PeerIntIndex Integer32
  phase1PeerLocalAddr IPSIpAddress
  phase1PeerRemoteAddr IPSIpAddress
  phase1PeerActiveTime TimeInterval
  phase1PeerActiveTunnelIndex Integer32
  phase1PeerConfigAppVersion DisplayString
  phase1PeerConfigAddress IPSIpAddress
  phase1PeerConfigNetmask IPSIpAddress
  phase1PeerConfigDns IPSIpAddress
  phase1PeerConfigNbns IPSIpAddress
  phase1PeerConfigDhcp IPSIpAddress
  phase1Protocol ControlProtocol

Phase1PeerCorrEntry  
SEQUENCE    
  phase1PeerCorrLocalType Phase1PeerIdentityType
  phase1PeerCorrLocalValue DisplayString
  phase1PeerCorrRemoteType Phase1PeerIdentityType
  phase1PeerCorrRemoteValue DisplayString
  phase1PeerCorrIntIndex Integer32
  phase1PeerCorrSeqNum Integer32
  phase1PeerCorrIpSecTunIndex Integer32
  phase1PeerCorrControlProtocol ControlProtocol

IpSecTunnelEntry  
SEQUENCE    
  ipSecTunIndex Integer32
  ipSecTunIkeTunnelIndex Integer32
  ipSecTunIkeTunnelAlive TruthValue
  ipSecTunLocalAddr IPSIpAddress
  ipSecTunRemoteAddr IPSIpAddress
  ipSecTunKeyType KeyType
  ipSecTunEncapMode EncapMode
  ipSecTunLifeSize Integer32
  ipSecTunLifeTime Integer32
  ipSecTunActiveTime TimeInterval
  ipSecTunSaLifeSizeThreshold Integer32
  ipSecTunSaLifeTimeThreshold Integer32
  ipSecTunTotalRefreshes Counter32
  ipSecTunExpiredSaInstances Counter32
  ipSecTunCurrentSaInstances Gauge32
  ipSecTunInSaDiffHellmanGrp DiffHellmanGrp
  ipSecTunInSaEncryptAlgo EncryptAlgo
  ipSecTunInSaAhAuthAlgo AuthAlgo
  ipSecTunInSaEspAuthAlgo AuthAlgo
  ipSecTunInSaDecompAlgo CompAlgo
  ipSecTunOutSaDiffHellmanGrp DiffHellmanGrp
  ipSecTunOutSaEncryptAlgo EncryptAlgo
  ipSecTunOutSaAhAuthAlgo AuthAlgo
  ipSecTunOutSaEspAuthAlgo AuthAlgo
  ipSecTunOutSaCompAlgo CompAlgo
  ipSecTunPmtu Integer32
  ipSecTunInOctets Counter32
  ipSecTunHcInOctets Counter64
  ipSecTunInOctWraps Counter32
  ipSecTunInDecompOctets Counter32
  ipSecTunHcInDecompOctets Counter64
  ipSecTunInDecompOctWraps Counter32
  ipSecTunInPkts Counter32
  ipSecTunInDropPkts Counter32
  ipSecTunInReplayDropPkts Counter32
  ipSecTunInAuths Counter32
  ipSecTunInAuthFails Counter32
  ipSecTunInDecrypts Counter32
  ipSecTunInDecryptFails Counter32
  ipSecTunOutOctets Counter32
  ipSecTunHcOutOctets Counter64
  ipSecTunOutOctWraps Counter32
  ipSecTunOutUncompOctets Counter32
  ipSecTunHcOutUncompOctets Counter64
  ipSecTunOutUncompOctWraps Counter32
  ipSecTunOutPkts Counter32
  ipSecTunOutDropPkts Counter32
  ipSecTunOutAuths Counter32
  ipSecTunOutAuthFails Counter32
  ipSecTunOutEncrypts Counter32
  ipSecTunOutEncryptFails Counter32
  ipSecTunOutCompressedPkts Counter32
  ipSecTunOutCompSkippedPkts Counter32
  ipSecTunOutCompFailPkts Counter32
  ipSecTunOutCompTooSmallPkts Counter32
  ipSecTunStatus TunnelStatus
  ipSecTunControlProtocol ControlProtocol
  ipSecTunControlTunnelIndex Integer32
  ipSecTunControlTunnelAlive TruthValue
  ipSecTunInSaEncryptKeySize Integer32
  ipSecTunOutSaEncryptKeySize Integer32

IpSecEndPtEntry  
SEQUENCE    
  ipSecEndPtIndex Integer32
  ipSecEndPtLocalName DisplayString
  ipSecEndPtLocalType EndPtType
  ipSecEndPtLocalAddr1 IPSIpAddress
  ipSecEndPtLocalAddr2 IPSIpAddress
  ipSecEndPtLocalProtocol Integer32
  ipSecEndPtLocalPort Integer32
  ipSecEndPtRemoteName DisplayString
  ipSecEndPtRemoteType EndPtType
  ipSecEndPtRemoteAddr1 IPSIpAddress
  ipSecEndPtRemoteAddr2 IPSIpAddress
  ipSecEndPtRemoteProtocol Integer32
  ipSecEndPtRemotePort Integer32

IpSecSpiEntry  
SEQUENCE    
  ipSecSpiIndex Integer32
  ipSecSpiDirection INTEGER
  ipSecSpiValue Spi
  ipSecSpiProtocol INTEGER
  ipSecSpiStatus INTEGER

IpSecSaEntry  
SEQUENCE    
  ipSecSaIndex Integer32
  ipSecSaDirection INTEGER
  ipSecSaValue Spi
  ipSecSaProtocol INTEGER
  ipSecSaStatus INTEGER

IkeTunnelHistEntry  
SEQUENCE    
  ikeTunHistIndex Integer32
  ikeTunHistTermReason INTEGER
  ikeTunHistActiveIndex Integer32
  ikeTunHistPeerLocalType Phase1PeerIdentityType
  ikeTunHistPeerLocalValue DisplayString
  ikeTunHistPeerIntIndex Integer32
  ikeTunHistPeerRemoteType Phase1PeerIdentityType
  ikeTunHistPeerRemoteValue DisplayString
  ikeTunHistLocalAddr IPSIpAddress
  ikeTunHistLocalName DisplayString
  ikeTunHistRemoteAddr IPSIpAddress
  ikeTunHistRemoteName DisplayString
  ikeTunHistNegoMode IkeNegoMode
  ikeTunHistDiffHellmanGrp DiffHellmanGrp
  ikeTunHistEncryptAlgo EncryptAlgo
  ikeTunHistHashAlgo IkeHashAlgo
  ikeTunHistAuthMethod IkeAuthMethod
  ikeTunHistLifeTime Integer32
  ikeTunHistStartTime TimeStamp
  ikeTunHistActiveTime TimeInterval
  ikeTunHistTotalRefreshes Counter32
  ikeTunHistTotalSas Counter32
  ikeTunHistInOctets Counter32
  ikeTunHistInPkts Counter32
  ikeTunHistInDropPkts Counter32
  ikeTunHistInNotifys Counter32
  ikeTunHistInP2Exchgs Counter32
  ikeTunHistInP2ExchgInvalids Counter32
  ikeTunHistInP2ExchgRejects Counter32
  ikeTunHistInP2SaDelRequests Counter32
  ikeTunHistOutOctets Counter32
  ikeTunHistOutPkts Counter32
  ikeTunHistOutDropPkts Counter32
  ikeTunHistOutNotifys Counter32
  ikeTunHistOutP2Exchgs Counter32
  ikeTunHistOutP2ExchgInvalids Counter32
  ikeTunHistOutP2ExchgRejects Counter32
  ikeTunHistOutP2SaDelRequests Counter32
  ikeTunHistInNewGrpReqs Counter32
  ikeTunHistOutNewGrpReqs Counter32
  ikeTunHistInNewGrpReqsRejected Counter32
  ikeTunHistOutNewGrpReqsRejected Counter32
  ikeTunHistInConfigs Counter32
  ikeTunHistOutConfigs Counter32
  ikeTunHistInConfigsRejects Counter32
  ikeTunHistOutConfigsRejects Counter32
  ikeTunHistEncryptKeySize Integer32

IpSecTunnelHistEntry  
SEQUENCE    
  ipSecTunHistIndex Integer32
  ipSecTunHistTermReason INTEGER
  ipSecTunHistActiveIndex Integer32
  ipSecTunHistIkeTunnelIndex Integer32
  ipSecTunHistLocalAddr IPSIpAddress
  ipSecTunHistRemoteAddr IPSIpAddress
  ipSecTunHistKeyType KeyType
  ipSecTunHistEncapMode EncapMode
  ipSecTunHistLifeSize Integer32
  ipSecTunHistLifeTime Integer32
  ipSecTunHistStartTime TimeStamp
  ipSecTunHistActiveTime TimeInterval
  ipSecTunHistTotalRefreshes Counter32
  ipSecTunHistTotalSas Counter32
  ipSecTunHistInSaDiffHellmanGrp DiffHellmanGrp
  ipSecTunHistInSaEncryptAlgo EncryptAlgo
  ipSecTunHistInSaAhAuthAlgo AuthAlgo
  ipSecTunHistInSaEspAuthAlgo AuthAlgo
  ipSecTunHistInSaDecompAlgo CompAlgo
  ipSecTunHistOutSaDiffHellmanGrp DiffHellmanGrp
  ipSecTunHistOutSaEncryptAlgo EncryptAlgo
  ipSecTunHistOutSaAhAuthAlgo AuthAlgo
  ipSecTunHistOutSaEspAuthAlgo AuthAlgo
  ipSecTunHistOutSaCompAlgo CompAlgo
  ipSecTunHistPmtu Integer32
  ipSecTunHistInOctets Counter32
  ipSecTunHistHcInOctets Counter64
  ipSecTunHistInOctWraps Counter32
  ipSecTunHistInDecompOctets Counter32
  ipSecTunHistHcInDecompOctets Counter64
  ipSecTunHistInDecompOctWraps Counter32
  ipSecTunHistInPkts Counter32
  ipSecTunHistInReplayDropPkts Counter32
  ipSecTunHistInDropPkts Counter32
  ipSecTunHistInAuths Counter32
  ipSecTunHistInAuthFails Counter32
  ipSecTunHistInDecrypts Counter32
  ipSecTunHistInDecryptFails Counter32
  ipSecTunHistOutOctets Counter32
  ipSecTunHistHcOutOctets Counter64
  ipSecTunHistOutOctWraps Counter32
  ipSecTunHistOutUncompOctets Counter32
  ipSecTunHistHcOutUncompOctets Counter64
  ipSecTunHistOutUncompOctWraps Counter32
  ipSecTunHistOutPkts Counter32
  ipSecTunHistOutDropPkts Counter32
  ipSecTunHistOutAuths Counter32
  ipSecTunHistOutAuthFails Counter32
  ipSecTunHistOutEncrypts Counter32
  ipSecTunHistOutEncryptFails Counter32
  ipSecTunHistOutCompressedPkts Counter32
  ipSecTunHistOutCompSkippedPkts Counter32
  ipSecTunHistOutCompFailPkts Counter32
  ipSecTunHistOutCompTooSmallPkts Counter32
  ipSecTunHistControlProtocol ControlProtocol
  ipSecTunHistControlTunnelIndex Integer32
  ipSecTunHistInSaEncryptKeySize Integer32
  ipSecTunHistOutSaEncryptKeySize Integer32

IpSecEndPtHistEntry  
SEQUENCE    
  ipSecEndPtHistIndex Integer32
  ipSecEndPtHistTunIndex Integer32
  ipSecEndPtHistActiveIndex Integer32
  ipSecEndPtHistLocalName DisplayString
  ipSecEndPtHistLocalType EndPtType
  ipSecEndPtHistLocalAddr1 IPSIpAddress
  ipSecEndPtHistLocalAddr2 IPSIpAddress
  ipSecEndPtHistLocalProtocol Integer32
  ipSecEndPtHistLocalPort Integer32
  ipSecEndPtHistRemoteName DisplayString
  ipSecEndPtHistRemoteType EndPtType
  ipSecEndPtHistRemoteAddr1 IPSIpAddress
  ipSecEndPtHistRemoteAddr2 IPSIpAddress
  ipSecEndPtHistRemoteProtocol Integer32
  ipSecEndPtHistRemotePort Integer32

IkeFailEntry  
SEQUENCE    
  ikeFailIndex Integer32
  ikeFailReason INTEGER
  ikeFailTime TimeStamp
  ikeFailLocalType Phase1PeerIdentityType
  ikeFailLocalValue DisplayString
  ikeFailRemoteType Phase1PeerIdentityType
  ikeFailRemoteValue DisplayString
  ikeFailLocalAddr IPSIpAddress
  ikeFailRemoteAddr IPSIpAddress

IpSecFailEntry  
SEQUENCE    
  ipSecFailIndex Integer32
  ipSecFailReason INTEGER
  ipSecFailTime TimeStamp
  ipSecFailTunnelIndex Integer32
  ipSecFailSaSpi Integer32
  ipSecFailPktSrcAddr IPSIpAddress
  ipSecFailPktDstAddr IPSIpAddress

Defined Values

ipSecFlowMonitorMIB 1.3.6.1.3.171
This is a MIB Module for monitoring the structure and status of IPSec-based networks. The MIB has bee designed to be adopted as an IETF standard. Henc vendor-specific features of IPSec protocol are exclude from this MIB. Acronyms The following acronyms are used in this document: IPSec: Secure IP Protocol VPN: Virtual Private Network ISAKMP: Internet Security Association and Key Exchange Protocol IKE: Internet Key Exchange Protocol SA: Security Association MM: Main Mode - the process of setting up a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs QM: Quick Mode - the process of setting up Phase 2 Security Associations using a Phase 1 SA. Phase 1 Tunnel: An ISAKMP SA can be regarded as representing a flow of ISAKMP/IKE traffic. Hence an ISAKMP is referred to as a 'Phase 1 Tunnel' in this document Control Tunnel: Another term for a Phase 1 Tunnel. Phase 2 Tunnel: AN instance of a non-ISAKMP SA bundle in which all the SA share the same proxy identifiers (IDii,IDir) protect the same stream of application traffic. Such an SA bundle is termed a 'Phase 2 Tunnel'. Note that a Phase 2 tunnel may comprise different SA bundles and different number of SA bundles at different times (due to key refresh). Overview of IPsec MIB The MIB contains six major groups of objects which are used to manage the IPSec Protocol. These groups include a Levels Group, a Phase-1 Group, a Phase-2 Group, a History Group, a Failure Group and a TRAP Control Group. The following table illustrates the structure of the IPSec MIB. The Phase 1 group models objects pertaining to IKE negotiations and Phase 1 tunnels. The Phase 2 group models objects pertaining to IPSec data tunnels. The History group is to aid applications that do trending analysis. The Failure group is to enable an operator to do troubleshooting and debugging of the VPN Router. Further, counters are supported to aid detection of potential security violations. In addition to the five major MIB Groups, there are a number of Notifications. The following table illustrates the name and description of the IPSec TRAPs. For a detailed discussion, please refer to the IETF draft draft-ietf-ipsec-flow-monitoring-mib-01.txt.
MODULE-IDENTITY    

ipSecMIBObjects 1.3.6.1.3.171.1
OBJECT IDENTIFIER    

ipSecLevels 1.3.6.1.3.171.1.1
OBJECT IDENTIFIER    

ipSecPhaseOne 1.3.6.1.3.171.1.2
OBJECT IDENTIFIER    

ipSecPhaseTwo 1.3.6.1.3.171.1.3
OBJECT IDENTIFIER    

ipSecHistory 1.3.6.1.3.171.1.4
OBJECT IDENTIFIER    

ipSecFailures 1.3.6.1.3.171.1.5
OBJECT IDENTIFIER    

ipSecTrapCntl 1.3.6.1.3.171.1.6
OBJECT IDENTIFIER    

ipSecMibLevel 1.3.6.1.3.171.1.1.1
The version of the IPsec MIB.
OBJECT-TYPE    
  Integer32 1..4096  

ikeGroup 1.3.6.1.3.171.1.2.1
OBJECT IDENTIFIER    

ikeGlobalStats 1.3.6.1.3.171.1.2.1.1
OBJECT IDENTIFIER    

ikeGlobalActiveTunnels 1.3.6.1.3.171.1.2.1.1.1
The number of currently active IPsec Phase-1 IKE Tunnels. This is equal to the number of ISAKMP SAs currently active.
OBJECT-TYPE    
  Gauge32  

ikeGlobalPreviousTunnels 1.3.6.1.3.171.1.2.1.1.2
The total number of previously active IPsec Phase-1 IKE Tunnels. This is equal to the total number of ISAKMP SAs that were active since the bootup of the device but which have since expired.
OBJECT-TYPE    
  Counter32  

ikeGlobalInOctets 1.3.6.1.3.171.1.2.1.1.3
The total number of octets received by all currently and previously active IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalInPkts 1.3.6.1.3.171.1.2.1.1.4
The total number of packets received by all currently and previously active IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalInDropPkts 1.3.6.1.3.171.1.2.1.1.5
The total number of packets which were dropped during receive processing by all currently and previously active IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalInNotifys 1.3.6.1.3.171.1.2.1.1.6
The total number of notifys received by all currently and previously active IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalInP2Exchgs 1.3.6.1.3.171.1.2.1.1.7
The total number of IPsec Phase-2 exchanges received by all currently and previously active IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalInP2ExchgInvalids 1.3.6.1.3.171.1.2.1.1.8
The total number of IPsec Phase-2 exchanges which were received and found to be contain references to unrecognized security parameters. This value is accumulated across all currently and previously active IPsec ISAKMP SAs.
OBJECT-TYPE    
  Counter32  

ikeGlobalInP2ExchgRejects 1.3.6.1.3.171.1.2.1.1.9
The total number of IPsec Phase-2 exchanges which were received and validated but were rejected by the local policy. This value is accumulated across all currently and previously active IPsec ISAKMP SAs.
OBJECT-TYPE    
  Counter32  

ikeGlobalInP2SaDelRequests 1.3.6.1.3.171.1.2.1.1.10
The total number of IPsec Phase-2 security association delete requests received by all currently and previously active and IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutOctets 1.3.6.1.3.171.1.2.1.1.11
The total number of octets sent by all currently and previously active and IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutPkts 1.3.6.1.3.171.1.2.1.1.12
The total number of packets sent by all currently and previously active and IPsec Phase-1 Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutDropPkts 1.3.6.1.3.171.1.2.1.1.13
The total number of packets which were dropped during send processing by all currently and previously active IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutNotifys 1.3.6.1.3.171.1.2.1.1.14
The total number of notifys sent by all currently and previously active IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutP2Exchgs 1.3.6.1.3.171.1.2.1.1.15
The total number of IPsec Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutP2ExchgInvalids 1.3.6.1.3.171.1.2.1.1.16
The total number of IPsec Phase-2 exchanges which were sent and were flagged by the peer to contain references to unrecognized security parameters. This value is accumulated across all currently and previously active IPsec ISAKMP SAs.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutP2ExchgRejects 1.3.6.1.3.171.1.2.1.1.17
The total number of IPsec Phase-2 exchanges which were sent, validated by the peer but were rejected by the peer's policy. This value is accumulated across all currently and previously active IPsec ISAKMP SAs.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutP2SaDelRequests 1.3.6.1.3.171.1.2.1.1.18
The total number of IPsec Phase-2 SA delete requests sent by all currently and previously active IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalInitTunnels 1.3.6.1.3.171.1.2.1.1.19
The total number of IPsec Phase-1 IKE Tunnels which were locally initiated.
OBJECT-TYPE    
  Counter32  

ikeGlobalInitTunnelFails 1.3.6.1.3.171.1.2.1.1.20
The total number of IPsec Phase-1 IKE Tunnels which were locally initiated and failed to activate.
OBJECT-TYPE    
  Counter32  

ikeGlobalRespTunnelFails 1.3.6.1.3.171.1.2.1.1.21
The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated and failed to activate.
OBJECT-TYPE    
  Counter32  

ikeGlobalSysCapFails 1.3.6.1.3.171.1.2.1.1.22
The total number of system capcity failures which occurred during processing of all current and previously active IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalAuthFails 1.3.6.1.3.171.1.2.1.1.23
The total number of authentications which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalDecryptFails 1.3.6.1.3.171.1.2.1.1.24
The total number of decryptions which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalHashValidFails 1.3.6.1.3.171.1.2.1.1.25
The total number of hash validations which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalNoSaFails 1.3.6.1.3.171.1.2.1.1.26
The total number of non-existent Security Association in failures which occurred during processing of all current and previous IPsec Phase-1 IKE Tunnels.
OBJECT-TYPE    
  Counter32  

ikeGlobalRespTunnels 1.3.6.1.3.171.1.2.1.1.27
The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated.
OBJECT-TYPE    
  Counter32  

ikeGlobalInXauthFailures 1.3.6.1.3.171.1.2.1.1.28
The number of times the extended authentication information supplied by an IKE peer was found to be invalid by the local entity.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutXauthFailures 1.3.6.1.3.171.1.2.1.1.29
The number of times the extended authentication information supplied by the managed entity to an IKE peer was found to be invalid by the remote peer.
OBJECT-TYPE    
  Counter32  

ikeGlobalInP1SaDelRequests 1.3.6.1.3.171.1.2.1.1.30
The total number of ISAKMP security association delete requests received by all currently and previously active and ISAKMP security associations.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutP1SaDelRequests 1.3.6.1.3.171.1.2.1.1.31
The total number of ISAKMP security association delete requests sent by all currently and previously active and ISAKMP security associations.
OBJECT-TYPE    
  Counter32  

ikeGlobalInConfigs 1.3.6.1.3.171.1.2.1.1.32
The total number of Mode Configuration settings received (either CFG-REPLY or CFG-SET payloads) by this entity.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutConfigs 1.3.6.1.3.171.1.2.1.1.33
The total number of Mode Configuration settings dispatched (either CFG-REPLY or CFG-SET payloads) by this entity.
OBJECT-TYPE    
  Counter32  

ikeGlobalInConfigsRejects 1.3.6.1.3.171.1.2.1.1.34
The total number of Mode Configuration settings which were received (either CFG-REPLY or CFG-SET payloads) by this entity and which were rejected by the local entity.
OBJECT-TYPE    
  Counter32  

ikeGlobalOutConfigsRejects 1.3.6.1.3.171.1.2.1.1.35
The total number of Mode Configuration settings which were dispatched (either CFG-REPLY or CFG-SET payloads) by this entity and which were rejected by the client peer.
OBJECT-TYPE    
  Counter32  

ikeGlobalHcPreviousTunnels 1.3.6.1.3.171.1.2.1.1.36
A high capacity count of the total number of previously active IPsec Phase-1 IKE Tunnels. This i equal to the total number of ISAKMP SAs that were active since the bootup of the device but which have since expired.
OBJECT-TYPE    
  Counter64  

ikeGlobalPreviousTunnelsWraps 1.3.6.1.3.171.1.2.1.1.37
The number of times the quantit `ikeGlobalPreviousTunnels' (previously active IPse Phase-1 IKE tunnels) has wrapped.
OBJECT-TYPE    
  Counter32  

ikeTunnelTable 1.3.6.1.3.171.1.2.1.2
The IPsec Phase-1 Internet Key Exchange Tunnel Table. There is one entry in this table for each active IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  SEQUENCE OF  
    IkeTunnelEntry

ikeTunnelEntry 1.3.6.1.3.171.1.2.1.2.1
Each entry contains the attributes associated with an active IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  IkeTunnelEntry  

ikeTunIndex 1.3.6.1.3.171.1.2.1.2.1.1
The index of the IPsec Phase-1 IKE Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.
OBJECT-TYPE    
  Integer32 1..2147483647  

ikeTunLocalType 1.3.6.1.3.171.1.2.1.2.1.2
The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name string. 3. or a distinguished name string.
OBJECT-TYPE    
  Phase1PeerIdentityType  

ikeTunLocalValue 1.3.6.1.3.171.1.2.1.2.1.3
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is id-fqdn, then this is the FQDN of the remote peer. If the local peer type is a id-dn, then this is the distinguished name string of the local peer.
OBJECT-TYPE    
  DisplayString  

ikeTunLocalAddr 1.3.6.1.3.171.1.2.1.2.1.4
The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  IPSIpAddress  

ikeTunLocalName 1.3.6.1.3.171.1.2.1.2.1.5
The DNS name of the local IP address for the IPsec Phase-1 IKE Tunnel. If the DNS name associated with the local tunnel endpoint is not known, then the value of this object will be a NULL string.
OBJECT-TYPE    
  DisplayString  

ikeTunRemoteType 1.3.6.1.3.171.1.2.1.2.1.6
The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name string. 3. or a distinguished name string.
OBJECT-TYPE    
  Phase1PeerIdentityType  

ikeTunRemoteValue 1.3.6.1.3.171.1.2.1.2.1.7
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id-fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id-dn, then this is the distinguished named string of the remote peer.
OBJECT-TYPE    
  DisplayString  

ikeTunRemoteAddr 1.3.6.1.3.171.1.2.1.2.1.8
The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  IPSIpAddress  

ikeTunRemoteName 1.3.6.1.3.171.1.2.1.2.1.9
The DNS name of the remote IP address of IPsec Phase-1 IKE Tunnel. If the DNS name associated with the remote tunnel endpoint is not known, then the value of this object will be a NULL string.
OBJECT-TYPE    
  DisplayString  

ikeTunNegoMode 1.3.6.1.3.171.1.2.1.2.1.10
The negotiation mode of the IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  IkeNegoMode  

ikeTunDiffHellmanGrp 1.3.6.1.3.171.1.2.1.2.1.11
The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations.
OBJECT-TYPE    
  DiffHellmanGrp  

ikeTunEncryptAlgo 1.3.6.1.3.171.1.2.1.2.1.12
The encryption algorithm used in IPsec Phase-1 IKE negotiations.
OBJECT-TYPE    
  EncryptAlgo  

ikeTunHashAlgo 1.3.6.1.3.171.1.2.1.2.1.13
The hash algorithm used in IPsec Phase-1 IKE negotiations.
OBJECT-TYPE    
  IkeHashAlgo  

ikeTunAuthMethod 1.3.6.1.3.171.1.2.1.2.1.14
The authentication method used in IPsec Phase-1 IKE negotiations.
OBJECT-TYPE    
  IkeAuthMethod  

ikeTunLifeTime 1.3.6.1.3.171.1.2.1.2.1.15
The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds.
OBJECT-TYPE    
  Integer32 1..2147483647  

ikeTunActiveTime 1.3.6.1.3.171.1.2.1.2.1.16
The length of time the IPsec Phase-1 IKE tunnel has been active in hundredths of seconds.
OBJECT-TYPE    
  TimeInterval  

ikeTunSaRefreshThreshold 1.3.6.1.3.171.1.2.1.2.1.17
The security assoication refresh threshold in seconds.
OBJECT-TYPE    
  Integer32 1..2147483647  

ikeTunTotalRefreshes 1.3.6.1.3.171.1.2.1.2.1.18
The total number of security associations refreshes performed.
OBJECT-TYPE    
  Counter32  

ikeTunInOctets 1.3.6.1.3.171.1.2.1.2.1.19
The total number of octets received by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunInPkts 1.3.6.1.3.171.1.2.1.2.1.20
The total number of packets received by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunInDropPkts 1.3.6.1.3.171.1.2.1.2.1.21
The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during receive processing.
OBJECT-TYPE    
  Counter32  

ikeTunInNotifys 1.3.6.1.3.171.1.2.1.2.1.22
The total number of notifys received by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunInP2Exchgs 1.3.6.1.3.171.1.2.1.2.1.23
The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunInP2ExchgInvalids 1.3.6.1.3.171.1.2.1.2.1.24
The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters.
OBJECT-TYPE    
  Counter32  

ikeTunInP2ExchgRejects 1.3.6.1.3.171.1.2.1.2.1.25
The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy.
OBJECT-TYPE    
  Counter32  

ikeTunInP2SaDelRequests 1.3.6.1.3.171.1.2.1.2.1.26
The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunOutOctets 1.3.6.1.3.171.1.2.1.2.1.27
The total number of octets sent by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunOutPkts 1.3.6.1.3.171.1.2.1.2.1.28
The total number of packets sent by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunOutDropPkts 1.3.6.1.3.171.1.2.1.2.1.29
The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during send processing.
OBJECT-TYPE    
  Counter32  

ikeTunOutNotifys 1.3.6.1.3.171.1.2.1.2.1.30
The total number of notifys sent by this IPsec Phase-1 Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunOutP2Exchgs 1.3.6.1.3.171.1.2.1.2.1.31
The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunOutP2ExchgInvalids 1.3.6.1.3.171.1.2.1.2.1.32
The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer.
OBJECT-TYPE    
  Counter32  

ikeTunOutP2ExchgRejects 1.3.6.1.3.171.1.2.1.2.1.33
The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy.
OBJECT-TYPE    
  Counter32  

ikeTunOutP2SaDelRequests 1.3.6.1.3.171.1.2.1.2.1.34
The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunStatus 1.3.6.1.3.171.1.2.1.2.1.35
The status of the MIB table row. This object can be used to bring the tunnel down by setting value of this object to destroy(2). This object cannot be used to create a MIB table row.
OBJECT-TYPE    
  TunnelStatus  

ikeTunInNewGrpReqs 1.3.6.1.3.171.1.2.1.2.1.36
The total number of New Group exchanges initiated remotely using this IKE tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunOutNewGrpReqs 1.3.6.1.3.171.1.2.1.2.1.37
The total number of New Group exchanges initiated locally using this IKE tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunInNewGrpReqsRejected 1.3.6.1.3.171.1.2.1.2.1.38
The total number of New Group exchanges initiated remotely using this IKE tunnel that ended in a failure.
OBJECT-TYPE    
  Counter32  

ikeTunOutNewGrpReqsRejected 1.3.6.1.3.171.1.2.1.2.1.39
The total number of New Group exchanges initiated locally using this IKE tunnel that ended in a failure.
OBJECT-TYPE    
  Counter32  

ikeTunInConfigs 1.3.6.1.3.171.1.2.1.2.1.40
The total number of Mode Configuration settings received (either CFG-REPLY or CFG-SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunOutConfigs 1.3.6.1.3.171.1.2.1.2.1.41
The total number of Mode Configuration settings dispatched (either CFG-REPLY or CFG-SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunInConfigsRejects 1.3.6.1.3.171.1.2.1.2.1.42
The total number of Mode Configuration settings which were received (either CFG-REPLY or CFG-SET payloads) and rejected by this entity using the ISAKMP SA represented by this IKE tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunOutConfigsRejects 1.3.6.1.3.171.1.2.1.2.1.43
The total number of Mode Configuration settings which were dispatched (either CFG-REPLY or CFG-SET payloads) by this entity and were rejected by the peer (client) using the ISAKMP SA represented by this IKE tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunEncryptKeySize 1.3.6.1.3.171.1.2.1.2.1.44
The key size in bits of the negotiated key to be used with the algorithm denoted by the column 'ikeTunEncryptAlgo'. For DES and 3DES the key size i respectively 56 and 168. For AES, this will denote th negotiated key size.
OBJECT-TYPE    
  Integer32  

phase1PeerTable 1.3.6.1.3.171.1.2.2
The IPsec Phase-1 Key Exchange Peer Table. Ther is one entry in this table for each IPsec Phase-1 pee with which the managed entity is currently associate by virtue of an active IPsec Phase-1 Control Tunnel. peer has an entry in this table, if and only if ther is at least one Phase-1 or Phase-2 tunnel terminatin on the managed entity from the peer. When all Phase- and Phase-2 tunnels to a peer have expired, the entr for the peer is deleted off this table.
OBJECT-TYPE    
  SEQUENCE OF  
    Phase1PeerEntry

phase1PeerEntry 1.3.6.1.3.171.1.2.2.1
Each entry contains the attributes associated with an IPsec Phase-1 IKE peer association.
OBJECT-TYPE    
  Phase1PeerEntry  

phase1PeerLocalType 1.3.6.1.3.171.1.2.2.1.1
The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
OBJECT-TYPE    
  Phase1PeerIdentityType  

phase1PeerLocalValue 1.3.6.1.3.171.1.2.2.1.2
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a id-fqdn, then this is the FQDN of the local peer. If the local peer type is id-dn, then this is the DN string of the local peer. Value of this object could be arbitrarily large making this object unsuitable to be used for indexing this table (please refer to the definition of 'phase1PeerHLocalValue'.
OBJECT-TYPE    
  DisplayString  

phase1PeerHLocalValue 1.3.6.1.3.171.1.2.2.1.3
The 128-bit MD5 hash output of the value represente by the element phase1PeerLocalValue. The hashing is required to restrict the length of the SNMP index to a legal size: phase1PeerHRemoteValue = MD5(phase1PeerLocalValue).
OBJECT-TYPE    
  HashedString  

phase1PeerRemoteType 1.3.6.1.3.171.1.2.2.1.4
The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
OBJECT-TYPE    
  Phase1PeerIdentityType  

phase1PeerRemoteValue 1.3.6.1.3.171.1.2.2.1.5
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id-fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id-dn, then this is the DN string of the remote peer. Value of this object could be arbitrarily large making this object unsuitable to be used for indexing this table (please refer to the definition of 'phase1PeerHRemoteValue'.
OBJECT-TYPE    
  DisplayString  

phase1PeerHRemoteValue 1.3.6.1.3.171.1.2.2.1.6
The 128-bit MD5 hash output of the value represente by the element phase1PeerRemoteValue. The hashing is required to restrict the length of the SNMP index to a legal size: phase1PeerHRemoteValue = MD5(phase1PeerRemoteValue).
OBJECT-TYPE    
  HashedString  

phase1PeerIntIndex 1.3.6.1.3.171.1.2.2.1.7
The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer.
OBJECT-TYPE    
  Integer32 1..2147483647  

phase1PeerLocalAddr 1.3.6.1.3.171.1.2.2.1.8
The IP address of the local peer.
OBJECT-TYPE    
  IPSIpAddress  

phase1PeerRemoteAddr 1.3.6.1.3.171.1.2.2.1.9
The IP address of the remote peer.
OBJECT-TYPE    
  IPSIpAddress  

phase1PeerActiveTime 1.3.6.1.3.171.1.2.2.1.10
The length of time that the peer association has existed in hundredths of a second.
OBJECT-TYPE    
  TimeInterval  

phase1PeerActiveTunnelIndex 1.3.6.1.3.171.1.2.2.1.11
The index of the active IPsec Phase-1 IKE Tunnel (ikeTunIndex in the ikeTunnelTable) for this peer association. If an IPsec Phase-1 IKE Tunnel is not currently active, then the value of this object will be zero.
OBJECT-TYPE    
  Integer32 1..2147483647  

phase1PeerConfigAppVersion 1.3.6.1.3.171.1.2.2.1.12
The NULL terminated printable application version of the peer. If the peer did not issue the APPLICATION-VERSION attribute, this field is NULL.
OBJECT-TYPE    
  DisplayString  

phase1PeerConfigAddress 1.3.6.1.3.171.1.2.2.1.13
The IP address configured by the peer on this entity. If the local entity did not receive either INTERNAL-IP4-ADDRESS or INTERNAL-IP6-ADDRESS from the peer, this field should have the NULL IP address.
OBJECT-TYPE    
  IPSIpAddress  

phase1PeerConfigNetmask 1.3.6.1.3.171.1.2.2.1.14
The netmask configured by the peer on this entity. If the local entity did not receive either INTERNAL-V4-MASK or INTERNAL-IP6-MASK from the peer, this field should have the NULL IP address.
OBJECT-TYPE    
  IPSIpAddress  

phase1PeerConfigDns 1.3.6.1.3.171.1.2.2.1.15
The address of the DNS server configured by the peer on the local entity using CFG-SET or CFG-REPLY. If the local entity did not receive either INTERNAL-V4-DNS or INTERNAL-IP6-DNS from the peer, this field should have the NULL IP address.
OBJECT-TYPE    
  IPSIpAddress  

phase1PeerConfigNbns 1.3.6.1.3.171.1.2.2.1.16
The address of the NetBios Name Server configured by the peer on the local entity using CFG-SET or CFG-REPLY. If the local entity did not receive either INTERNAL-V4-NBNS INTERNAL-IP6-NBNS from the peer, this field should have the NULL IP address.
OBJECT-TYPE    
  IPSIpAddress  

phase1PeerConfigDhcp 1.3.6.1.3.171.1.2.2.1.17
The address of the DHCP Server configured by the peer on the local entity using CFG-SET or CFG-REPLY. If the local entity did not receive either INTERNAL-V4-DHCP INTERNAL-IP6-DHCP from the peer, this field should have the NULL IP address.
OBJECT-TYPE    
  IPSIpAddress  

phase1Protocol 1.3.6.1.3.171.1.2.2.1.18
The keying and control protocol used to setup and administer Phase-1 and Phase-2 tunnels to this peer.
OBJECT-TYPE    
  ControlProtocol  

phase1PeerCorrTable 1.3.6.1.3.171.1.2.3
The IPsec Phase-1 Peer Association to IPsec Phase- Tunnel Correlation Table. There is one entry in this tabl for each active IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  SEQUENCE OF  
    Phase1PeerCorrEntry

phase1PeerCorrEntry 1.3.6.1.3.171.1.2.3.1
Each entry contains the attributes of an IPsec Phase-1 Peer Association to IPsec Phase- Tunnel Correlation.
OBJECT-TYPE    
  Phase1PeerCorrEntry  

phase1PeerCorrLocalType 1.3.6.1.3.171.1.2.3.1.1
The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
OBJECT-TYPE    
  Phase1PeerIdentityType  

phase1PeerCorrLocalValue 1.3.6.1.3.171.1.2.3.1.2
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is id-fqdn, then this is the FQDN of the local entity. If the local peer type is a id-dn, then this is the distinguished named string of the local peer.
OBJECT-TYPE    
  DisplayString  

phase1PeerCorrRemoteType 1.3.6.1.3.171.1.2.3.1.3
The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
OBJECT-TYPE    
  Phase1PeerIdentityType  

phase1PeerCorrRemoteValue 1.3.6.1.3.171.1.2.3.1.4
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id-fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id-dn, then this is the distinguished named string of the remote peer.
OBJECT-TYPE    
  DisplayString  

phase1PeerCorrIntIndex 1.3.6.1.3.171.1.2.3.1.5
The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer.
OBJECT-TYPE    
  Integer32 1..2147483647  

phase1PeerCorrSeqNum 1.3.6.1.3.171.1.2.3.1.6
The sequence number of the local-remote peer association. This sequence number is used to uniquely identify multiple instances of an unique association between the local and remote peer.
OBJECT-TYPE    
  Integer32 1..2147483647  

phase1PeerCorrIpSecTunIndex 1.3.6.1.3.171.1.2.3.1.7
The index of the active IPsec Phase-2 Tunnel (ipSecTunIndex in the ipSecTunnelTable) for this IPsec Phase-1 IKE Peer Association.
OBJECT-TYPE    
  Integer32 1..2147483647  

phase1PeerCorrControlProtocol 1.3.6.1.3.171.1.2.3.1.8
The keying and control protocol used to setup and administer the Phase-1 and Phase-2 tunnels thi table entry refers to.
OBJECT-TYPE    
  ControlProtocol  

ipSecGlobalStats 1.3.6.1.3.171.1.3.1
OBJECT IDENTIFIER    

ipSecGlobalActiveTunnels 1.3.6.1.3.171.1.3.1.1
The total number of currently active IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Gauge32  

ipSecGlobalPreviousTunnels 1.3.6.1.3.171.1.3.1.2
The total number of previously active IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalInOctets 1.3.6.1.3.171.1.3.1.3
The total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also ipSecGlobalInOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecGlobalHcInOctets 1.3.6.1.3.171.1.3.1.4
A high capacity count of the total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
OBJECT-TYPE    
  Counter64  

ipSecGlobalInOctWraps 1.3.6.1.3.171.1.3.1.5
The number of times the global octets received counter (ipSecGlobalInOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecGlobalInDecompOctets 1.3.6.1.3.171.1.3.1.6
The total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecGlobalInOctets. See also ipSecGlobalInDecompOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecGlobalHcInDecompOctets 1.3.6.1.3.171.1.3.1.7
A high capacity count of the total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecGlobalHcInOctets.
OBJECT-TYPE    
  Counter64  

ipSecGlobalInDecompOctWraps 1.3.6.1.3.171.1.3.1.8
The number of times the global decompressed octets received counter (ipSecGlobalInDecompOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecGlobalInPkts 1.3.6.1.3.171.1.3.1.9
The total number of packets received by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalInDrops 1.3.6.1.3.171.1.3.1.10
The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels. This count does NOT include packets dropped due to Anti-Replay processing.
OBJECT-TYPE    
  Counter32  

ipSecGlobalInReplayDrops 1.3.6.1.3.171.1.3.1.11
The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalInAuths 1.3.6.1.3.171.1.3.1.12
The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalInAuthFails 1.3.6.1.3.171.1.3.1.13
The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalInDecrypts 1.3.6.1.3.171.1.3.1.14
The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalInDecryptFails 1.3.6.1.3.171.1.3.1.15
The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutOctets 1.3.6.1.3.171.1.3.1.16
The total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed. See also ipSecGlobalOutOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecGlobalHcOutOctets 1.3.6.1.3.171.1.3.1.17
A high capacity count of the total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed.
OBJECT-TYPE    
  Counter64  

ipSecGlobalOutOctWraps 1.3.6.1.3.171.1.3.1.18
The number of times the global octets sent counter (ipSecGlobalOutOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutUncompOctets 1.3.6.1.3.171.1.3.1.19
The total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecGlobalOutOctets. See also ipSecGlobalOutDecompOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecGlobalHcOutUncompOctets 1.3.6.1.3.171.1.3.1.20
A high capacity count of the total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecGlobalHcOutOctets.
OBJECT-TYPE    
  Counter64  

ipSecGlobalOutUncompOctWraps 1.3.6.1.3.171.1.3.1.21
The number of times the global uncompressed octets sent counter (ipSecGlobalOutUncompOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutPkts 1.3.6.1.3.171.1.3.1.22
The total number of packets sent by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutDrops 1.3.6.1.3.171.1.3.1.23
The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutAuths 1.3.6.1.3.171.1.3.1.24
The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutAuthFails 1.3.6.1.3.171.1.3.1.25
The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutEncrypts 1.3.6.1.3.171.1.3.1.26
The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutEncryptFails 1.3.6.1.3.171.1.3.1.27
The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutCompressedPkts 1.3.6.1.3.171.1.3.1.28
The cumulative number of outbound packets across all IPsec flows terminating at this device which were successfully compressed. This number is cumulative since the last system start.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutCompSkippedPkts 1.3.6.1.3.171.1.3.1.29
The total number of outbound packets across all IPsec flows terminating at this devices that were to be compressed but which were skipped due to the compression hysteresis. This number is cumulative since the last system start.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutCompFailPkts 1.3.6.1.3.171.1.3.1.30
The total number of outbound packets across all IPsec flows terminating at this device that failed compression because they grew in size after compression. This number is cumulative since the last system start.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutCompTooSmallPkts 1.3.6.1.3.171.1.3.1.31
The total number of outbound packets across all IPsec flows terminating at this device that were to be compressed but were smaller than the compression threshold size. This number is cumulative since the last system start.
OBJECT-TYPE    
  Counter32  

ipSecGlobalProtocolUseFails 1.3.6.1.3.171.1.3.1.32
The total number of protocol use failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalNoSaFails 1.3.6.1.3.171.1.3.1.33
The total number of non-existent Security Assocication in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalSysCapFails 1.3.6.1.3.171.1.3.1.34
The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter32  

ipSecGlobalHcPreviousTunnels 1.3.6.1.3.171.1.3.1.35
A high capacity count of the total number of previously active IPsec Phase-2 Tunnels.
OBJECT-TYPE    
  Counter64  

ipSecGlobalPreviousTunnelsWraps 1.3.6.1.3.171.1.3.1.36
The number of times the quantit `ipSecGlobalPreviousTunnels' (previously active IPse Phase-2 tunnels) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunnelTable 1.3.6.1.3.171.1.3.2
The IPsec Phase-2 Tunnel Table. There is one entry in this table for each active IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  SEQUENCE OF  
    IpSecTunnelEntry

ipSecTunnelEntry 1.3.6.1.3.171.1.3.2.1
Each entry contains the attributes associated with an active IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  IpSecTunnelEntry  

ipSecTunIndex 1.3.6.1.3.171.1.3.2.1.1
The index of the IPsec Phase-2 Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecTunIkeTunnelIndex 1.3.6.1.3.171.1.3.2.1.2
The index of the associated IPsec Phase-1 IKE Tunnel. (ikeTunIndex in the ikeTunnelTable)
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecTunIkeTunnelAlive 1.3.6.1.3.171.1.3.2.1.3
An indicator which specifies whether or not the IPsec Phase-1 IKE Tunnel currently exists. This object has been deprecated in favour of more generic pointers to the control tunnel (ipSecTunControlTunnelIndex).
OBJECT-TYPE    
  TruthValue  

ipSecTunLocalAddr 1.3.6.1.3.171.1.3.2.1.4
The IP address of the local endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  IPSIpAddress  

ipSecTunRemoteAddr 1.3.6.1.3.171.1.3.2.1.5
The IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  IPSIpAddress  

ipSecTunKeyType 1.3.6.1.3.171.1.3.2.1.6
The type of key used by the IPsec Phase-2 Tunnel. This object has been deprecated in favour o ipSecTunControlProtocol.
OBJECT-TYPE    
  KeyType  

ipSecTunEncapMode 1.3.6.1.3.171.1.3.2.1.7
The encapsulation mode used by the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  EncapMode  

ipSecTunLifeSize 1.3.6.1.3.171.1.3.2.1.8
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecTunLifeTime 1.3.6.1.3.171.1.3.2.1.9
The negotiated LifeTime of the IPsec Phase- Tunnel in seconds. If the tunnel was setup manually, the value of this MIB element should be 0.
OBJECT-TYPE    
  Integer32 0..2147483647  

ipSecTunActiveTime 1.3.6.1.3.171.1.3.2.1.10
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
OBJECT-TYPE    
  TimeInterval  

ipSecTunSaLifeSizeThreshold 1.3.6.1.3.171.1.3.2.1.11
The security association LifeSize refresh threshold in kilobytes. If the tunnel was setup manually, the value of this MIB element should be 0.
OBJECT-TYPE    
  Integer32 0..2147483647  

ipSecTunSaLifeTimeThreshold 1.3.6.1.3.171.1.3.2.1.12
The security association LifeTime refresh threshold in seconds. If the tunnel was setup manually, the value of this MIB element should be 0.
OBJECT-TYPE    
  Integer32 0..2147483647  

ipSecTunTotalRefreshes 1.3.6.1.3.171.1.3.2.1.13
The total number of security association refreshes performed.
OBJECT-TYPE    
  Counter32  

ipSecTunExpiredSaInstances 1.3.6.1.3.171.1.3.2.1.14
The total number of security associations which have expired. If the tunnel was setup manually, the value of this MIB element should be 0.
OBJECT-TYPE    
  Counter32  

ipSecTunCurrentSaInstances 1.3.6.1.3.171.1.3.2.1.15
The number of security associations which are currently active or expiring.
OBJECT-TYPE    
  Gauge32  

ipSecTunInSaDiffHellmanGrp 1.3.6.1.3.171.1.3.2.1.16
The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. If the tunnel was setup manually, the value of this MIB element would be `none'.
OBJECT-TYPE    
  DiffHellmanGrp  

ipSecTunInSaEncryptAlgo 1.3.6.1.3.171.1.3.2.1.17
The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  EncryptAlgo  

ipSecTunInSaAhAuthAlgo 1.3.6.1.3.171.1.3.2.1.18
The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  AuthAlgo  

ipSecTunInSaEspAuthAlgo 1.3.6.1.3.171.1.3.2.1.19
The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  AuthAlgo  

ipSecTunInSaDecompAlgo 1.3.6.1.3.171.1.3.2.1.20
The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CompAlgo  

ipSecTunOutSaDiffHellmanGrp 1.3.6.1.3.171.1.3.2.1.21
The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. If the tunnel was setup manually, the value of this MIB element would be 'none'.
OBJECT-TYPE    
  DiffHellmanGrp  

ipSecTunOutSaEncryptAlgo 1.3.6.1.3.171.1.3.2.1.22
The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  EncryptAlgo  

ipSecTunOutSaAhAuthAlgo 1.3.6.1.3.171.1.3.2.1.23
The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  AuthAlgo  

ipSecTunOutSaEspAuthAlgo 1.3.6.1.3.171.1.3.2.1.24
The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  AuthAlgo  

ipSecTunOutSaCompAlgo 1.3.6.1.3.171.1.3.2.1.25
The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CompAlgo  

ipSecTunPmtu 1.3.6.1.3.171.1.3.2.1.26
The Path MTU for this IPsec Phase-2 tunnel, which ha been either learnt from the network or which has been specified by the administrator. The lower end of the range is 68 which is the minimum MTU for IPv4.
OBJECT-TYPE    
  Integer32 68..1500  

ipSecTunInOctets 1.3.6.1.3.171.1.3.2.1.27
The total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also ipSecTunInOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHcInOctets 1.3.6.1.3.171.1.3.2.1.28
A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
OBJECT-TYPE    
  Counter64  

ipSecTunInOctWraps 1.3.6.1.3.171.1.3.2.1.29
The number of times the octets received counter (ipSecTunInOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunInDecompOctets 1.3.6.1.3.171.1.3.2.1.30
The total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecTunInOctets. See also ipSecTunInDecompOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHcInDecompOctets 1.3.6.1.3.171.1.3.2.1.31
A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecTunHcInOctets.
OBJECT-TYPE    
  Counter64  

ipSecTunInDecompOctWraps 1.3.6.1.3.171.1.3.2.1.32
The number of times the decompressed octets received counter (ipSecTunInDecompOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunInPkts 1.3.6.1.3.171.1.3.2.1.33
The total number of packets received by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunInDropPkts 1.3.6.1.3.171.1.3.2.1.34
The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing.
OBJECT-TYPE    
  Counter32  

ipSecTunInReplayDropPkts 1.3.6.1.3.171.1.3.2.1.35
The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunInAuths 1.3.6.1.3.171.1.3.2.1.36
The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunInAuthFails 1.3.6.1.3.171.1.3.2.1.37
The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel .
OBJECT-TYPE    
  Counter32  

ipSecTunInDecrypts 1.3.6.1.3.171.1.3.2.1.38
The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunInDecryptFails 1.3.6.1.3.171.1.3.2.1.39
The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunOutOctets 1.3.6.1.3.171.1.3.2.1.40
The total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. See also ipSecTunOutOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHcOutOctets 1.3.6.1.3.171.1.3.2.1.41
A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed.
OBJECT-TYPE    
  Counter64  

ipSecTunOutOctWraps 1.3.6.1.3.171.1.3.2.1.42
The number of times the out octets counter (ipSecTunOutOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunOutUncompOctets 1.3.6.1.3.171.1.3.2.1.43
The total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecTunOutOctets. See also ipSecTunOutDecompOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHcOutUncompOctets 1.3.6.1.3.171.1.3.2.1.44
A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecTunHcOutOctets.
OBJECT-TYPE    
  Counter64  

ipSecTunOutUncompOctWraps 1.3.6.1.3.171.1.3.2.1.45
The number of times the uncompressed octets sent counter (ipSecTunOutUncompOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunOutPkts 1.3.6.1.3.171.1.3.2.1.46
The total number of packets sent by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunOutDropPkts 1.3.6.1.3.171.1.3.2.1.47
The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunOutAuths 1.3.6.1.3.171.1.3.2.1.48
The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunOutAuthFails 1.3.6.1.3.171.1.3.2.1.49
The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunOutEncrypts 1.3.6.1.3.171.1.3.2.1.50
The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunOutEncryptFails 1.3.6.1.3.171.1.3.2.1.51
The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunOutCompressedPkts 1.3.6.1.3.171.1.3.2.1.52
The total number of outbound packets which were successfully compressed.
OBJECT-TYPE    
  Counter32  

ipSecTunOutCompSkippedPkts 1.3.6.1.3.171.1.3.2.1.53
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis.
OBJECT-TYPE    
  Counter32  

ipSecTunOutCompFailPkts 1.3.6.1.3.171.1.3.2.1.54
The total number of outbound packets that failed compression because they grew in size after compression.
OBJECT-TYPE    
  Counter32  

ipSecTunOutCompTooSmallPkts 1.3.6.1.3.171.1.3.2.1.55
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size.
OBJECT-TYPE    
  Counter32  

ipSecTunStatus 1.3.6.1.3.171.1.3.2.1.56
The status of the MIB table row. This object can be used to bring the tunnel down by setting value of this object to destroy(2). When the value is set to destroy(2), the SA bundle is destroyed and this row is deleted from this table. When this MIB value is queried, the value of active(1) is always returned, if the instance exists. This object cannot be used to create a MIB table row.
OBJECT-TYPE    
  TunnelStatus  

ipSecTunControlProtocol 1.3.6.1.3.171.1.3.2.1.57
Identifies the protocol used to setup and administer this Phase-2 Ipsec tunnel. If IKE was used to setup this tunnel, then this value of this column would be `cp-ike'. A value of cp-none is indicative of a manually installed and administered Phase-2 tunnel.
OBJECT-TYPE    
  ControlProtocol  

ipSecTunControlTunnelIndex 1.3.6.1.3.171.1.3.2.1.58
The index of the associated IPsec Phase-1 Tunnel (in case of IKE, this value would refer t ikeTunIndex in the ikeTunnelTable). A value of 0 identifies that this Phase-2 tunne was setup manually.
OBJECT-TYPE    
  Integer32 0..2147483647  

ipSecTunControlTunnelAlive 1.3.6.1.3.171.1.3.2.1.59
An indicator which specifies whether or not the IPsec Phase-1 Tunnel that spawned this Phase-2 tunnel currently exists.
OBJECT-TYPE    
  TruthValue  

ipSecTunInSaEncryptKeySize 1.3.6.1.3.171.1.3.2.1.60
The key size in bits of the negotiated key to be used with the algorithm denoted by ipSecTunInSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
OBJECT-TYPE    
  Integer32  

ipSecTunOutSaEncryptKeySize 1.3.6.1.3.171.1.3.2.1.61
The key size in bits of the negotiated key to be used with the algorithm denoted by ipSecTunOutSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
OBJECT-TYPE    
  Integer32  

ipSecEndPtTable 1.3.6.1.3.171.1.3.3
The IPsec Phase-2 Tunnel Endpoint Table. This table contains an entry for each active endpoint associated with an IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  SEQUENCE OF  
    IpSecEndPtEntry

ipSecEndPtEntry 1.3.6.1.3.171.1.3.3.1
An IPsec Phase-2 Tunnel Endpoint entry.
OBJECT-TYPE    
  IpSecEndPtEntry  

ipSecEndPtIndex 1.3.6.1.3.171.1.3.3.1.1
The number of the Endpoint associated with the IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecEndPtLocalName 1.3.6.1.3.171.1.3.3.1.2
The DNS name of the local Endpoint.
OBJECT-TYPE    
  DisplayString  

ipSecEndPtLocalType 1.3.6.1.3.171.1.3.3.1.3
The type of identity for the local Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet.
OBJECT-TYPE    
  EndPtType  

ipSecEndPtLocalAddr1 1.3.6.1.3.171.1.3.3.1.4
The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range.
OBJECT-TYPE    
  IPSIpAddress  

ipSecEndPtLocalAddr2 1.3.6.1.3.171.1.3.3.1.5
The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range.
OBJECT-TYPE    
  IPSIpAddress  

ipSecEndPtLocalProtocol 1.3.6.1.3.171.1.3.3.1.6
The protocol number of the local Endpoint's traffic.
OBJECT-TYPE    
  Integer32 0..255  

ipSecEndPtLocalPort 1.3.6.1.3.171.1.3.3.1.7
The port number of the local Endpoint's traffic.
OBJECT-TYPE    
  Integer32 0..65535  

ipSecEndPtRemoteName 1.3.6.1.3.171.1.3.3.1.8
The DNS name of the remote Endpoint.
OBJECT-TYPE    
  DisplayString  

ipSecEndPtRemoteType 1.3.6.1.3.171.1.3.3.1.9
The type of identity for the remote Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet.
OBJECT-TYPE    
  EndPtType  

ipSecEndPtRemoteAddr1 1.3.6.1.3.171.1.3.3.1.10
The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range.
OBJECT-TYPE    
  IPSIpAddress  

ipSecEndPtRemoteAddr2 1.3.6.1.3.171.1.3.3.1.11
The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range.
OBJECT-TYPE    
  IPSIpAddress  

ipSecEndPtRemoteProtocol 1.3.6.1.3.171.1.3.3.1.12
The protocol number of the remote Endpoint's traffic.
OBJECT-TYPE    
  Integer32 0..255  

ipSecEndPtRemotePort 1.3.6.1.3.171.1.3.3.1.13
The port number of the remote Endpoint's traffic.
OBJECT-TYPE    
  Integer32 0..65535  

ipSecSpiTable 1.3.6.1.3.171.1.3.4
The IPsec Phase-2 Security Protection Index Table. This table contains an entry for each active and expiring security association.
OBJECT-TYPE    
  SEQUENCE OF  
    IpSecSpiEntry

ipSecSpiEntry 1.3.6.1.3.171.1.3.4.1
Each entry contains the attributes associated with active and expiring IPsec Phase-2 security associations.
OBJECT-TYPE    
  IpSecSpiEntry  

ipSecSpiIndex 1.3.6.1.3.171.1.3.4.1.1
The number of the SPI associated with the Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each SPI associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecSpiDirection 1.3.6.1.3.171.1.3.4.1.2
The direction of the SPI.
OBJECT-TYPE    
  INTEGER in(1), out(2)  

ipSecSpiValue 1.3.6.1.3.171.1.3.4.1.3
The value of the SPI.
OBJECT-TYPE    
  Spi  

ipSecSpiProtocol 1.3.6.1.3.171.1.3.4.1.4
The protocol of the SPI.
OBJECT-TYPE    
  INTEGER ah(1), esp(2), ipcomp(3)  

ipSecSpiStatus 1.3.6.1.3.171.1.3.4.1.5
The status of the SPI.
OBJECT-TYPE    
  INTEGER active(1), expiring(2)  

ipSecGlobalNewGrpStats 1.3.6.1.3.171.1.3.5
OBJECT IDENTIFIER    

ipSecGlobalInNewGrpReqs 1.3.6.1.3.171.1.3.5.1
The total number of New Group exchanges initiated remotely.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutNewGrpReqs 1.3.6.1.3.171.1.3.5.2
The total number of New Group exchanges initiated locally.
OBJECT-TYPE    
  Counter32  

ipSecGlobalInNewGrpReqsRejected 1.3.6.1.3.171.1.3.5.3
The total number of New Group exchanges initiated remotely that ended in a failure.
OBJECT-TYPE    
  Counter32  

ipSecGlobalOutNewGrpReqsRejected 1.3.6.1.3.171.1.3.5.4
The total number of New Group exchanges initiated locally that ended in a failure.
OBJECT-TYPE    
  Counter32  

ipSecSaTable 1.3.6.1.3.171.1.3.6
The IPsec Phase-2 Security Association Table. This table identifies the structure (in terms of component SAs) of each active Phase-2 IPsec tunnel. This table contains an entry for each active and expiring security association and maps each entry in the active Phase-2 tunnel table (ipSecTunTable) into a number of entries in this table. The index of this table reflects the rule for identifying Security Associations.
OBJECT-TYPE    
  SEQUENCE OF  
    IpSecSaEntry

ipSecSaEntry 1.3.6.1.3.171.1.3.6.1
Each entry contains the attributes associated with active and expiring IPsec Phase-2 security associations.
OBJECT-TYPE    
  IpSecSaEntry  

ipSecSaIndex 1.3.6.1.3.171.1.3.6.1.1
The index, in the context of the IPsec tunnel ipSecTunIndex, of the security association represented by this table entry. The value of this index is a number which begins at one and is incremented with each SPI associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecSaDirection 1.3.6.1.3.171.1.3.6.1.2
Phase-2 IPsec security associations are simplex. Hence a particular security association is used either for securing outgoing traffic or decoding incoming traffic. This column identifies the direction of the security association represented by this entry.
OBJECT-TYPE    
  INTEGER in(1), out(2)  

ipSecSaValue 1.3.6.1.3.171.1.3.6.1.3
This is the value of the Security Protection Index (SPI) assigned by the system to the security association represented by this entry.
OBJECT-TYPE    
  Spi  

ipSecSaProtocol 1.3.6.1.3.171.1.3.6.1.4
This column represents the security protocol (AH, ESP or IPComp) for which this security association was setup.
OBJECT-TYPE    
  INTEGER reserved(0), ah(1), esp(2), ipcomp(3)  

ipSecSaStatus 1.3.6.1.3.171.1.3.6.1.5
This column represents the status of the security association represented by this tabel entry. If the status of the SA is 'active', the SA is ready for active use. The status 'expiring' represents any of the various states that the security association transitions through before being purged.
OBJECT-TYPE    
  INTEGER unknown(0), active(1), expiring(2)  

ipSecHistGlobal 1.3.6.1.3.171.1.4.1
OBJECT IDENTIFIER    

ipSecHistPhaseOne 1.3.6.1.3.171.1.4.2
OBJECT IDENTIFIER    

ipSecHistPhaseTwo 1.3.6.1.3.171.1.4.3
OBJECT IDENTIFIER    

ipSecHistGlobalCntl 1.3.6.1.3.171.1.4.1.1
OBJECT IDENTIFIER    

ipSecHistTableSize 1.3.6.1.3.171.1.4.1.1.1
The window size of the IPsec Phase-1 and Phase-2 History Tables. The IPsec Phase-1 and Phase-2 History Tables are implemented as a sliding window in which only the last n entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-1 and Phase-2 History Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, a BAD VALUE may be returned.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecHistCheckPoint 1.3.6.1.3.171.1.4.1.1.2
The current state of check point processing. This object will return ready when the agent is ready to create on-demand history entries for active IPsec Tunnels or checkPoint when the agent is currently creating on-demand history entries for active IPsec Tunnels. By setting this value to checkPoint, the agent will create: a) an entry in the IPsec Phase-1 Tunnel History for each active IPsec Phase-1 Tunnel and b) an entry in the IPsec Phase-2 Tunnel History Table and an entry in the IPsec Phase-2 Tunnel EndPoint History Table for each active IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  INTEGER ready(1), checkPoint(2)  

ikeTunnelHistTable 1.3.6.1.3.171.1.4.2.1
The IPsec Phase-1 Internet Key Exchange Tunnel History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ipSecHistTableSize object.
OBJECT-TYPE    
  SEQUENCE OF  
    IkeTunnelHistEntry

ikeTunnelHistEntry 1.3.6.1.3.171.1.4.2.1.1
Each entry contains the attributes associated with a previously active IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  IkeTunnelHistEntry  

ikeTunHistIndex 1.3.6.1.3.171.1.4.2.1.1.1
The index of the IPsec Phase-1 IKE Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 2,147,483,647.
OBJECT-TYPE    
  Integer32 1..2147483647  

ikeTunHistTermReason 1.3.6.1.3.171.1.4.2.1.1.2
The reason the IPsec Phase-1 IKE Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = applicationInitiated (eg: L2TP requesting the termination) 7 = failure of extended authentication 8 = local failure occurred. 9 = operator initiated check point request
OBJECT-TYPE    
  INTEGER other(1), normal(2), operRequest(3), peerDelRequest(4), peerLost(5), applicationInitiated(6), xauthFailure(7), localFailure(8), checkPointReg(9)  

ikeTunHistActiveIndex 1.3.6.1.3.171.1.4.2.1.1.3
The index of the previously active IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Integer32 1..2147483647  

ikeTunHistPeerLocalType 1.3.6.1.3.171.1.4.2.1.1.4
The type of local peer identity. The local peer may be indentified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
OBJECT-TYPE    
  Phase1PeerIdentityType  

ikeTunHistPeerLocalValue 1.3.6.1.3.171.1.4.2.1.1.5
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is id-fqdn, then this is the FQDN of the local entity. If the local peer type is a id-dn, then this is the distinguished named string of the local entity.
OBJECT-TYPE    
  DisplayString  

ikeTunHistPeerIntIndex 1.3.6.1.3.171.1.4.2.1.1.6
The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer.
OBJECT-TYPE    
  Integer32 1..2147483647  

ikeTunHistPeerRemoteType 1.3.6.1.3.171.1.4.2.1.1.7
The type of remote peer identity. The remote peer may be indentified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
OBJECT-TYPE    
  Phase1PeerIdentityType  

ikeTunHistPeerRemoteValue 1.3.6.1.3.171.1.4.2.1.1.8
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id-fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id-dn, then this is the distinguished named string of the remote peer.
OBJECT-TYPE    
  DisplayString  

ikeTunHistLocalAddr 1.3.6.1.3.171.1.4.2.1.1.9
The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  IPSIpAddress  

ikeTunHistLocalName 1.3.6.1.3.171.1.4.2.1.1.10
The DNS name of the local IP address for the IPsec Phase-1 IKE Tunnel. If the DNS name associated with the local tunnel endpoint is not known, then the value of this object will be a NULL string.
OBJECT-TYPE    
  DisplayString  

ikeTunHistRemoteAddr 1.3.6.1.3.171.1.4.2.1.1.11
The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  IPSIpAddress  

ikeTunHistRemoteName 1.3.6.1.3.171.1.4.2.1.1.12
The DNS name of the remote IP address of IPsec Phase-1 IKE Tunnel. If the DNS name associated with the remote tunnel endpoint is not known, then the value of this object will be a NULL string.
OBJECT-TYPE    
  DisplayString  

ikeTunHistNegoMode 1.3.6.1.3.171.1.4.2.1.1.13
The negotiation mode of the IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  IkeNegoMode  

ikeTunHistDiffHellmanGrp 1.3.6.1.3.171.1.4.2.1.1.14
The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations.
OBJECT-TYPE    
  DiffHellmanGrp  

ikeTunHistEncryptAlgo 1.3.6.1.3.171.1.4.2.1.1.15
The encryption algorithm used in IPsec Phase-1 IKE negotiations.
OBJECT-TYPE    
  EncryptAlgo  

ikeTunHistHashAlgo 1.3.6.1.3.171.1.4.2.1.1.16
The hash algorithm used in IPsec Phase-1 IKE negotiations.
OBJECT-TYPE    
  IkeHashAlgo  

ikeTunHistAuthMethod 1.3.6.1.3.171.1.4.2.1.1.17
The authentication method used in IPsec Phase-1 IKE negotiations.
OBJECT-TYPE    
  IkeAuthMethod  

ikeTunHistLifeTime 1.3.6.1.3.171.1.4.2.1.1.18
The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds.
OBJECT-TYPE    
  Integer32 1..2147483647  

ikeTunHistStartTime 1.3.6.1.3.171.1.4.2.1.1.19
The value of sysUpTime in hundredths of seconds when the IPsec Phase-1 IKE tunnel was started.
OBJECT-TYPE    
  TimeStamp  

ikeTunHistActiveTime 1.3.6.1.3.171.1.4.2.1.1.20
The length of time the IPsec Phase-1 IKE tunnel was been active in hundredths of seconds.
OBJECT-TYPE    
  TimeInterval  

ikeTunHistTotalRefreshes 1.3.6.1.3.171.1.4.2.1.1.21
The total number of security associations refreshes performed.
OBJECT-TYPE    
  Counter32  

ikeTunHistTotalSas 1.3.6.1.3.171.1.4.2.1.1.22
The total number of security associations used during the life of the IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistInOctets 1.3.6.1.3.171.1.4.2.1.1.23
The total number of octets received by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistInPkts 1.3.6.1.3.171.1.4.2.1.1.24
The total number of packets received by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistInDropPkts 1.3.6.1.3.171.1.4.2.1.1.25
The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during receive processing.
OBJECT-TYPE    
  Counter32  

ikeTunHistInNotifys 1.3.6.1.3.171.1.4.2.1.1.26
The total number of notifys received by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistInP2Exchgs 1.3.6.1.3.171.1.4.2.1.1.27
The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistInP2ExchgInvalids 1.3.6.1.3.171.1.4.2.1.1.28
The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters.
OBJECT-TYPE    
  Counter32  

ikeTunHistInP2ExchgRejects 1.3.6.1.3.171.1.4.2.1.1.29
The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy.
OBJECT-TYPE    
  Counter32  

ikeTunHistInP2SaDelRequests 1.3.6.1.3.171.1.4.2.1.1.30
The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutOctets 1.3.6.1.3.171.1.4.2.1.1.31
The total number of octets sent by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutPkts 1.3.6.1.3.171.1.4.2.1.1.32
The total number of packets sent by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutDropPkts 1.3.6.1.3.171.1.4.2.1.1.33
The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during send processing.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutNotifys 1.3.6.1.3.171.1.4.2.1.1.34
The total number of notifys sent by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutP2Exchgs 1.3.6.1.3.171.1.4.2.1.1.35
The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutP2ExchgInvalids 1.3.6.1.3.171.1.4.2.1.1.36
The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutP2ExchgRejects 1.3.6.1.3.171.1.4.2.1.1.37
The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutP2SaDelRequests 1.3.6.1.3.171.1.4.2.1.1.38
The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistInNewGrpReqs 1.3.6.1.3.171.1.4.2.1.1.39
The total number of New Group exchanges initiated remotely using this IKE tunnel during its lifetime.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutNewGrpReqs 1.3.6.1.3.171.1.4.2.1.1.40
The total number of New Group exchanges initiated locally using this IKE tunnel during its lifetime.
OBJECT-TYPE    
  Counter32  

ikeTunHistInNewGrpReqsRejected 1.3.6.1.3.171.1.4.2.1.1.41
The total number of New Group exchanges initiated remotely using this IKE tunnel during its lifetime that ended in a failure.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutNewGrpReqsRejected 1.3.6.1.3.171.1.4.2.1.1.42
The total number of New Group exchanges initiated locally using this IKE tunnel during its lifetime that ended in a failure.
OBJECT-TYPE    
  Counter32  

ikeTunHistInConfigs 1.3.6.1.3.171.1.4.2.1.1.43
The total number of Mode Configuration settings received (either CFG-REPLY or CFG-SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutConfigs 1.3.6.1.3.171.1.4.2.1.1.44
The total number of Mode Configuration settings dispatched (either CFG-REPLY or CFG-SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistInConfigsRejects 1.3.6.1.3.171.1.4.2.1.1.45
The total number of Mode Configuration settings which were received (either CFG-REPLY or CFG-SET payloads) and rejected by this entity using the ISAKMP SA represented by this IKE tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistOutConfigsRejects 1.3.6.1.3.171.1.4.2.1.1.46
The total number of Mode Configuration settings which were dispatched (either CFG-REPLY or CFG-SET payloads) by this entity and were rejected by the peer (client) using the ISAKMP SA represented by this IKE tunnel.
OBJECT-TYPE    
  Counter32  

ikeTunHistEncryptKeySize 1.3.6.1.3.171.1.4.2.1.1.47
The size in bits of the key which was negotiated for the IKE tunnel to be used with the algorithm denote by the column 'ikeTunEncryptAlgo'. For DES and 3DES the ke size is respectively 56 and 168. For AES, this will denot the negotiated key size.
OBJECT-TYPE    
  Integer32  

ipSecTunnelHistTable 1.3.6.1.3.171.1.4.3.1
The IPsec Phase-2 Tunnel History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ipSecHistTableSize object.
OBJECT-TYPE    
  SEQUENCE OF  
    IpSecTunnelHistEntry

ipSecTunnelHistEntry 1.3.6.1.3.171.1.4.3.1.1
Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  IpSecTunnelHistEntry  

ipSecTunHistIndex 1.3.6.1.3.171.1.4.3.1.1.1
The index of the IPsec Phase-2 Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 2,147,483,647.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecTunHistTermReason 1.3.6.1.3.171.1.4.3.1.1.2
The reason the IPsec Phase-2 Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = applicationInitiated (eg: L2TP requesting the termination) 7 = failure of extended authentication 8 = local failure occurred 9 = operator initiated check point request
OBJECT-TYPE    
  INTEGER other(1), normal(2), operRequest(3), peerDelRequest(4), peerLost(5), applicationInitiated(6), xauthFailure(7), seqNumRollOver(8), checkPointReq(9)  

ipSecTunHistActiveIndex 1.3.6.1.3.171.1.4.3.1.1.3
The index of the previously active IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecTunHistIkeTunnelIndex 1.3.6.1.3.171.1.4.3.1.1.4
The index of the associated IPsec Phase-1 Tunnel (ikeTunIndex in the ikeTunnelTable).
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecTunHistLocalAddr 1.3.6.1.3.171.1.4.3.1.1.5
The IP address of the local endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  IPSIpAddress  

ipSecTunHistRemoteAddr 1.3.6.1.3.171.1.4.3.1.1.6
The IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  IPSIpAddress  

ipSecTunHistKeyType 1.3.6.1.3.171.1.4.3.1.1.7
The type of key used by the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  KeyType  

ipSecTunHistEncapMode 1.3.6.1.3.171.1.4.3.1.1.8
The encapsulation mode used by the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  EncapMode  

ipSecTunHistLifeSize 1.3.6.1.3.171.1.4.3.1.1.9
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecTunHistLifeTime 1.3.6.1.3.171.1.4.3.1.1.10
The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecTunHistStartTime 1.3.6.1.3.171.1.4.3.1.1.11
The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started.
OBJECT-TYPE    
  TimeStamp  

ipSecTunHistActiveTime 1.3.6.1.3.171.1.4.3.1.1.12
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
OBJECT-TYPE    
  TimeInterval  

ipSecTunHistTotalRefreshes 1.3.6.1.3.171.1.4.3.1.1.13
The total number of security association refreshes performed.
OBJECT-TYPE    
  Counter32  

ipSecTunHistTotalSas 1.3.6.1.3.171.1.4.3.1.1.14
The total number of security associations used during the life of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistInSaDiffHellmanGrp 1.3.6.1.3.171.1.4.3.1.1.15
The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  DiffHellmanGrp  

ipSecTunHistInSaEncryptAlgo 1.3.6.1.3.171.1.4.3.1.1.16
The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  EncryptAlgo  

ipSecTunHistInSaAhAuthAlgo 1.3.6.1.3.171.1.4.3.1.1.17
The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  AuthAlgo  

ipSecTunHistInSaEspAuthAlgo 1.3.6.1.3.171.1.4.3.1.1.18
The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  AuthAlgo  

ipSecTunHistInSaDecompAlgo 1.3.6.1.3.171.1.4.3.1.1.19
The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CompAlgo  

ipSecTunHistOutSaDiffHellmanGrp 1.3.6.1.3.171.1.4.3.1.1.20
The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  DiffHellmanGrp  

ipSecTunHistOutSaEncryptAlgo 1.3.6.1.3.171.1.4.3.1.1.21
The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  EncryptAlgo  

ipSecTunHistOutSaAhAuthAlgo 1.3.6.1.3.171.1.4.3.1.1.22
The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  AuthAlgo  

ipSecTunHistOutSaEspAuthAlgo 1.3.6.1.3.171.1.4.3.1.1.23
The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  AuthAlgo  

ipSecTunHistOutSaCompAlgo 1.3.6.1.3.171.1.4.3.1.1.24
The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  CompAlgo  

ipSecTunHistPmtu 1.3.6.1.3.171.1.4.3.1.1.25
The Path MTU that was determined for this IPsec Phase-2 tunnel.
OBJECT-TYPE    
  Integer32 21..576  

ipSecTunHistInOctets 1.3.6.1.3.171.1.4.3.1.1.26
The total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also ipSecTunInOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHistHcInOctets 1.3.6.1.3.171.1.4.3.1.1.27
A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
OBJECT-TYPE    
  Counter64  

ipSecTunHistInOctWraps 1.3.6.1.3.171.1.4.3.1.1.28
The number of times the octets received counter (ipSecTunInOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHistInDecompOctets 1.3.6.1.3.171.1.4.3.1.1.29
The total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecTunInOctets. See also ipSecTunInDecompOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHistHcInDecompOctets 1.3.6.1.3.171.1.4.3.1.1.30
A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecTunHcInOctets.
OBJECT-TYPE    
  Counter64  

ipSecTunHistInDecompOctWraps 1.3.6.1.3.171.1.4.3.1.1.31
The number of times the decompressed octets received counter (ipSecTunInDecompOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHistInPkts 1.3.6.1.3.171.1.4.3.1.1.32
The total number of packets received by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistInDropPkts 1.3.6.1.3.171.1.4.3.1.1.33
The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing.
OBJECT-TYPE    
  Counter32  

ipSecTunHistInReplayDropPkts 1.3.6.1.3.171.1.4.3.1.1.34
The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistInAuths 1.3.6.1.3.171.1.4.3.1.1.35
The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistInAuthFails 1.3.6.1.3.171.1.4.3.1.1.36
The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel .
OBJECT-TYPE    
  Counter32  

ipSecTunHistInDecrypts 1.3.6.1.3.171.1.4.3.1.1.37
The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistInDecryptFails 1.3.6.1.3.171.1.4.3.1.1.38
The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutOctets 1.3.6.1.3.171.1.4.3.1.1.39
The total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. See also ipSecTunOutOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHistHcOutOctets 1.3.6.1.3.171.1.4.3.1.1.40
A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed.
OBJECT-TYPE    
  Counter64  

ipSecTunHistOutOctWraps 1.3.6.1.3.171.1.4.3.1.1.41
The number of times the octets sent counter (ipSecTunOutOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutUncompOctets 1.3.6.1.3.171.1.4.3.1.1.42
The total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecTunOutOctets. See also ipSecTunOutDecompOctWraps for the number of times this counter has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHistHcOutUncompOctets 1.3.6.1.3.171.1.4.3.1.1.43
A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecTunHcOutOctets.
OBJECT-TYPE    
  Counter64  

ipSecTunHistOutUncompOctWraps 1.3.6.1.3.171.1.4.3.1.1.44
The number of times the uncompressed octets sent counter (ipSecTunOutUncompOctets) has wrapped.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutPkts 1.3.6.1.3.171.1.4.3.1.1.45
The total number of packets sent by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutDropPkts 1.3.6.1.3.171.1.4.3.1.1.46
The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutAuths 1.3.6.1.3.171.1.4.3.1.1.47
The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutAuthFails 1.3.6.1.3.171.1.4.3.1.1.48
The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutEncrypts 1.3.6.1.3.171.1.4.3.1.1.49
The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutEncryptFails 1.3.6.1.3.171.1.4.3.1.1.50
The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutCompressedPkts 1.3.6.1.3.171.1.4.3.1.1.51
The total number of outbound packets which were successfully compressed.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutCompSkippedPkts 1.3.6.1.3.171.1.4.3.1.1.52
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutCompFailPkts 1.3.6.1.3.171.1.4.3.1.1.53
The total number of outbound packets that failed compression because they grew in size after compression.
OBJECT-TYPE    
  Counter32  

ipSecTunHistOutCompTooSmallPkts 1.3.6.1.3.171.1.4.3.1.1.54
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size.
OBJECT-TYPE    
  Counter32  

ipSecTunHistControlProtocol 1.3.6.1.3.171.1.4.3.1.1.55
Identifies the protocol that was used to setup and administer Phase-2 IPsec tunnel. If IKE was used to setup this tunnel, then this value of this column would be `cp-ike'.
OBJECT-TYPE    
  ControlProtocol  

ipSecTunHistControlTunnelIndex 1.3.6.1.3.171.1.4.3.1.1.56
The index of the IPsec Phase-1 Tunnel that spawned this Phase-2 tunnel (in case of IKE, this value would refer t ikeTunIndex in the ikeTunnelTable)
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecTunHistInSaEncryptKeySize 1.3.6.1.3.171.1.4.3.1.1.57
The size in bits of the key which was negotiated to be use with the encryption transform used with this tunnel denote by ipSecTunHistInSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
OBJECT-TYPE    
  Integer32  

ipSecTunHistOutSaEncryptKeySize 1.3.6.1.3.171.1.4.3.1.1.58
The size in bits of the key which was negotiated to be use with the encryption transform used with this tunnel denote by ipSecTunHistOutSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
OBJECT-TYPE    
  Integer32  

ipSecEndPtHistTable 1.3.6.1.3.171.1.4.3.2
The IPsec Phase-2 Tunnel Endpoint History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ipSecHistTableSize object.
OBJECT-TYPE    
  SEQUENCE OF  
    IpSecEndPtHistEntry

ipSecEndPtHistEntry 1.3.6.1.3.171.1.4.3.2.1
Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel Endpoint.
OBJECT-TYPE    
  IpSecEndPtHistEntry  

ipSecEndPtHistIndex 1.3.6.1.3.171.1.4.3.2.1.1
The number of the previously active Endpoint associated with a IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecEndPtHistTunIndex 1.3.6.1.3.171.1.4.3.2.1.2
The index of the previously active IPsec Phase-2 Tunnel Table.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecEndPtHistActiveIndex 1.3.6.1.3.171.1.4.3.2.1.3
The index of the previously active Endpoint.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecEndPtHistLocalName 1.3.6.1.3.171.1.4.3.2.1.4
The DNS name of the local Endpoint.
OBJECT-TYPE    
  DisplayString  

ipSecEndPtHistLocalType 1.3.6.1.3.171.1.4.3.2.1.5
The type of identity for the local Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet.
OBJECT-TYPE    
  EndPtType  

ipSecEndPtHistLocalAddr1 1.3.6.1.3.171.1.4.3.2.1.6
The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range.
OBJECT-TYPE    
  IPSIpAddress  

ipSecEndPtHistLocalAddr2 1.3.6.1.3.171.1.4.3.2.1.7
The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range.
OBJECT-TYPE    
  IPSIpAddress  

ipSecEndPtHistLocalProtocol 1.3.6.1.3.171.1.4.3.2.1.8
The protocol number of the local Endpoint's traffic.
OBJECT-TYPE    
  Integer32 0..255  

ipSecEndPtHistLocalPort 1.3.6.1.3.171.1.4.3.2.1.9
The port number of the local Endpoint's traffic.
OBJECT-TYPE    
  Integer32 0..65535  

ipSecEndPtHistRemoteName 1.3.6.1.3.171.1.4.3.2.1.10
The DNS name of the remote Endpoint.
OBJECT-TYPE    
  DisplayString  

ipSecEndPtHistRemoteType 1.3.6.1.3.171.1.4.3.2.1.11
The type of identity for the remote Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet.
OBJECT-TYPE    
  EndPtType  

ipSecEndPtHistRemoteAddr1 1.3.6.1.3.171.1.4.3.2.1.12
The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range.
OBJECT-TYPE    
  IPSIpAddress  

ipSecEndPtHistRemoteAddr2 1.3.6.1.3.171.1.4.3.2.1.13
The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range.
OBJECT-TYPE    
  IPSIpAddress  

ipSecEndPtHistRemoteProtocol 1.3.6.1.3.171.1.4.3.2.1.14
The protocol number of the remote Endpoint's traffic.
OBJECT-TYPE    
  Integer32 0..255  

ipSecEndPtHistRemotePort 1.3.6.1.3.171.1.4.3.2.1.15
The port number of the remote Endpoint's traffic.
OBJECT-TYPE    
  Integer32 0..65535  

ipSecFailGlobal 1.3.6.1.3.171.1.5.1
OBJECT IDENTIFIER    

ipSecFailPhaseOne 1.3.6.1.3.171.1.5.2
OBJECT IDENTIFIER    

ipSecFailPhaseTwo 1.3.6.1.3.171.1.5.3
OBJECT IDENTIFIER    

ipSecFailGlobalCntl 1.3.6.1.3.171.1.5.1.1
OBJECT IDENTIFIER    

ipSecFailTableSize 1.3.6.1.3.171.1.5.1.1.1
The window size of the IPsec Phase-1 and Phase-2 Failure Tables. The IPsec Phase-1 and Phase-2 Failure Tables are implemented as a sliding window in which only the last N entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-1 and Phase-2 Failure Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, a BAD VALUE may be returned.
OBJECT-TYPE    
  Integer32 1..2147483647  

ikeFailTable 1.3.6.1.3.171.1.5.2.1
The IPsec Phase-1 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ipSecFailTableSize object.
OBJECT-TYPE    
  SEQUENCE OF  
    IkeFailEntry

ikeFailEntry 1.3.6.1.3.171.1.5.2.1.1
Each entry contains the attributes associated with an IPsec Phase-1 failure.
OBJECT-TYPE    
  IkeFailEntry  

ikeFailIndex 1.3.6.1.3.171.1.5.2.1.1.1
The IPsec Phase-1 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 2,147,483,647.
OBJECT-TYPE    
  Integer32 1..2147483647  

ikeFailReason 1.3.6.1.3.171.1.5.2.1.1.2
The reason for the failure. Possible reasons include: 1 = other 2 = peer delete request was received 3 = contact with peer was lost 4 = local failure occurred 5 = authentication failure 6 = hash validation failure 7 = encryption failure 8 = internal error occurred 9 = system capacity failure 10 = proposal failure 11 = peer's certificate is unavailable 12 = peer's certificate was found invalid 13 = local certificate expired 14 = certificate revoke list (crl) failure 15 = peer encoding error 16 = ISAKMP PDU has pointer to non-existent cookie 17 = operator requested termination.
OBJECT-TYPE    
  INTEGER other(1), peerDelRequest(2), peerLost(3), localFailure(4), authFailure(5), hashValidation(6), encryptFailure(7), internalError(8), sysCapExceeded(9), proposalFailure(10), peerCertUnavailable(11), peerCertNotValid(12), localCertExpired(13), crlFailure(14), peerEncodingError(15), nonExistentSa(16), xauthFailure(17), operRequest(18)  

ikeFailTime 1.3.6.1.3.171.1.5.2.1.1.3
The value of sysUpTime in hundredths of seconds at the time of the failure.
OBJECT-TYPE    
  TimeStamp  

ikeFailLocalType 1.3.6.1.3.171.1.5.2.1.1.4
The type of local peer identity. The local peer may be indentified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
OBJECT-TYPE    
  Phase1PeerIdentityType  

ikeFailLocalValue 1.3.6.1.3.171.1.5.2.1.1.5
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is id-fqdn, then this is the FQDN of the local entity. If the local peer type is a id-dn, then this is the distinguished named string of the local entity.
OBJECT-TYPE    
  DisplayString  

ikeFailRemoteType 1.3.6.1.3.171.1.5.2.1.1.6
The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
OBJECT-TYPE    
  Phase1PeerIdentityType  

ikeFailRemoteValue 1.3.6.1.3.171.1.5.2.1.1.7
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id-fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id-dn, then this is the distinguished named string of the remote peer.
OBJECT-TYPE    
  DisplayString  

ikeFailLocalAddr 1.3.6.1.3.171.1.5.2.1.1.8
The IP address of the local peer.
OBJECT-TYPE    
  IPSIpAddress  

ikeFailRemoteAddr 1.3.6.1.3.171.1.5.2.1.1.9
The IP address of the remote peer.
OBJECT-TYPE    
  IPSIpAddress  

ipSecFailTable 1.3.6.1.3.171.1.5.3.1
The IPsec Phase-2 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ipSecFailTableSize object.
OBJECT-TYPE    
  SEQUENCE OF  
    IpSecFailEntry

ipSecFailEntry 1.3.6.1.3.171.1.5.3.1.1
Each entry contains the attributes associated with an IPsec Phase-1 failure.
OBJECT-TYPE    
  IpSecFailEntry  

ipSecFailIndex 1.3.6.1.3.171.1.5.3.1.1.1
The IPsec Phase-2 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 2,147,483,647.
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecFailReason 1.3.6.1.3.171.1.5.3.1.1.2
The reason for the failure. Possible reasons include: 1 = other 2 = internal error occurred 3 = peer encoding error 4 = proposal failure 5 = protocol use failure 6 = non-existent security association 7 = decryption failure 8 = encryption failure 9 = inbound authentication failure 10 = outbound authentication failure 11 = compression failure 12 = system capacity failure 13 = peer delete request was received 14 = contact with peer was lost 15 = sequence number rolled over 16 = operator requested termination.
OBJECT-TYPE    
  INTEGER other(1), internalError(2), peerEncodingError(3), proposalFailure(4), protocolUseFail(5), nonExistentSa(6), decryptFailure(7), encryptFailure(8), inAuthFailure(9), outAuthFailure(10), compression(11), sysCapExceeded(12), peerDelRequest(13), peerLost(14), seqNumRollOver(15), operRequest(16)  

ipSecFailTime 1.3.6.1.3.171.1.5.3.1.1.3
The value of sysUpTime in hundredths of seconds at the time of the failure.
OBJECT-TYPE    
  TimeStamp  

ipSecFailTunnelIndex 1.3.6.1.3.171.1.5.3.1.1.4
The Phase-2 Tunnel index (ipSecTunIndex).
OBJECT-TYPE    
  Integer32 1..2147483647  

ipSecFailSaSpi 1.3.6.1.3.171.1.5.3.1.1.5
The security association SPI value.
OBJECT-TYPE    
  Integer32 0..2147483647  

ipSecFailPktSrcAddr 1.3.6.1.3.171.1.5.3.1.1.6
The packet's source IP address.
OBJECT-TYPE    
  IPSIpAddress  

ipSecFailPktDstAddr 1.3.6.1.3.171.1.5.3.1.1.7
The packet's destination IP address.
OBJECT-TYPE    
  IPSIpAddress  

ipSecTrapCntlIkeTunnelStart 1.3.6.1.3.171.1.6.1
This object defines the administrative state of sending the IPsec IKE Phase-1 Tunnel Start TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIkeTunnelStop 1.3.6.1.3.171.1.6.2
This object defines the administrative state of sending the IPsec IKE Phase-1 Tunnel Stop TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIkeSysFailure 1.3.6.1.3.171.1.6.3
This object defines the administrative state of sending the IPsec IKE Phase-1 System Failure TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIkeCertCrlFailure 1.3.6.1.3.171.1.6.4
This object defines the administrative state of sending the IPsec IKE Phase-1 Certificate/CRL Failure TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIkeProtocolFail 1.3.6.1.3.171.1.6.5
This object defines the administrative state of sending the IPsec IKE Phase-1 Protocol Failure TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIkeNoSa 1.3.6.1.3.171.1.6.6
This object defines the administrative state of sending the IPsec IKE Phase-1 No Security Association TRAP.
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIpSecTunnelStart 1.3.6.1.3.171.1.6.7
This object defines the administrative state of sending the IPsec Phase-2 Tunnel Start TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIpSecTunnelStop 1.3.6.1.3.171.1.6.8
This object defines the administrative state of sending the IPsec Phase-2 Tunnel Stop TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIpSecSysFailure 1.3.6.1.3.171.1.6.9
This object defines the administrative state of sending the IPsec Phase-2 System Failure TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIpSecSetUpFailure 1.3.6.1.3.171.1.6.10
This object defines the administrative state of sending the IPsec Phase-2 Set Up Failure TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIpSecEarlyTunTerm 1.3.6.1.3.171.1.6.11
This object defines the administrative state of sending the IPsec Phase-2 Early Tunnel Termination TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIpSecProtocolFail 1.3.6.1.3.171.1.6.12
This object defines the administrative state of sending the IPsec Phase-2 Protocol Failure TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlIpSecNoSa 1.3.6.1.3.171.1.6.13
This object defines the administrative state of sending the IPsec Phase-2 No Security Association TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlInNewGrpRejected 1.3.6.1.3.171.1.6.14
This object defines the administrative state of sending the IPsec Phase-2 No Security Association TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecTrapCntlOutNewGrpRejected 1.3.6.1.3.171.1.6.15
This object defines the administrative state of sending the IPsec Phase-2 No Security Association TRAP
OBJECT-TYPE    
  TrapStatus  

ipSecMIBNotificationPrefix 1.3.6.1.3.171.2
OBJECT IDENTIFIER    

ipSecMIBNotifications 1.3.6.1.3.171.2.0
OBJECT IDENTIFIER    

ikeTunnelStart 1.3.6.1.3.171.2.0.1
This notification is generated when an IPsec Phase-1 IKE Tunnel becomes active.
NOTIFICATION-TYPE    

ikeTunnelStop 1.3.6.1.3.171.2.0.2
This notification is generated when an IPsec Phase-1 IKE Tunnel becomes inactive.
NOTIFICATION-TYPE    

ikeSysFailure 1.3.6.1.3.171.2.0.3
This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences an internal or system capacity error.
NOTIFICATION-TYPE    

ikeCertCrlFailure 1.3.6.1.3.171.2.0.4
This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences a Certificate or a Certificate Revoke List (CRL) related error.
NOTIFICATION-TYPE    

ikeProtocolFailure 1.3.6.1.3.171.2.0.5
This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences a protocol related error.
NOTIFICATION-TYPE    

ikeNoSa 1.3.6.1.3.171.2.0.6
This notification is generated when the IKE entity recieves an ISAKMP PDU with a reference to a non-existent cookie.
NOTIFICATION-TYPE    

ipSecTunnelStart 1.3.6.1.3.171.2.0.7
This notification is generated when an IPsec Phase-2 Tunnel becomes active.
NOTIFICATION-TYPE    

ipSecTunnelStop 1.3.6.1.3.171.2.0.8
This notification is generated when an IPsec Phase-2 Tunnel becomes inactive.
NOTIFICATION-TYPE    

ipSecSysFailure 1.3.6.1.3.171.2.0.9
This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences an internal or system capacity error.
NOTIFICATION-TYPE    

ipSecSetUpFailure 1.3.6.1.3.171.2.0.10
This notification is generated when the setup for an IPsec Phase-2 Tunnel fails.
NOTIFICATION-TYPE    

ipSecEarlyTunTerm 1.3.6.1.3.171.2.0.11
This notification is generated when an an IPsec Phase-2 Tunnel is terminated earily or before expected.
NOTIFICATION-TYPE    

ipSecProtocolFailure 1.3.6.1.3.171.2.0.12
This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences a protocol related error.
NOTIFICATION-TYPE    

ipSecNoSa 1.3.6.1.3.171.2.0.13
This notification is generated when the managed entity receives an IPsec packet with a non-existent SPI.
NOTIFICATION-TYPE    

ipSecInNewGrpRejected 1.3.6.1.3.171.2.0.14
This notification is generated when the managed entity receives and rejects an incoming new group proposal from an IKE peer (ikePeerRemoteAddr). The ISAKMP context of the exchange can be obtained from the IKE tunnel index which is contained in the index of the varbind objects of this trap.
NOTIFICATION-TYPE    

ipSecOutNewGrpRejected 1.3.6.1.3.171.2.0.15
This notification is generated when the managed entity issues a new group proposal to the peer (ikePeerRemoteAddr) and the peer rejects the proposal. The ISAKMP context of the exchange can be obtained from the IKE tunnel index which is contained in the index of the varbind objects of this trap.
NOTIFICATION-TYPE    

ipSecMIBConformance 1.3.6.1.3.171.3
OBJECT IDENTIFIER    

ipSecMIBGroups 1.3.6.1.3.171.3.1
OBJECT IDENTIFIER    

ipSecMIBCompliances 1.3.6.1.3.171.3.2
OBJECT IDENTIFIER    

ipSecMIBCompliance 1.3.6.1.3.171.3.2.1
The compliance statement for SNMP entities the IP Security Protocol.
MODULE-COMPLIANCE    

ipSecLevelsGroup 1.3.6.1.3.171.3.1.1
This group consists of a: 1) IPsec MIB Level
OBJECT-GROUP    

ipSecIkeGroup 1.3.6.1.3.171.3.1.2
This group consists of: 1) IKE Global Objects 2) IKE Tunnel table.
OBJECT-GROUP    

ipSecPeerAssociationGroup 1.3.6.1.3.171.3.1.3
This group consists of: 1) IPsec Phase-1 Peer Association table. 2) IPsec Phase-1 Correlation Table
OBJECT-GROUP    

ipSecXauthGroup 1.3.6.1.3.171.3.1.4
This group consists of metrics pertaining to IKE extended authentication. Devices that do not support Xauth need not implement this group.
OBJECT-GROUP    

ipSecPhaseTwoGroup 1.3.6.1.3.171.3.1.5
This group consists of: 1) IPsec Phase-2 Global Statistics 2) IPsec Phase-2 Tunnel Table 3) IPsec Phase-2 Endpoint Table 4) IPsec Phase-2 Security Protection Index Table
OBJECT-GROUP    

ipSecHistoryGroup 1.3.6.1.3.171.3.1.6
This group consists of: 1) IPsec History Global Objects 2) IPsec Phase-1 History Objects 3) IPsec Phase-2 History Objects
OBJECT-GROUP    

ipSecFailuresGroup 1.3.6.1.3.171.3.1.7
This group consists of: 1) IPsec Failure Global Objects 2) IPsec Phase-1 Tunnel Failure Table 3) IPsec Phase-2 Tunnel Failure Table
OBJECT-GROUP    

ipSecTrapCntlGroup 1.3.6.1.3.171.3.1.8
This group of objects controls the sending of IPsec TRAPs.
OBJECT-GROUP    

ipSecNotificationGroup 1.3.6.1.3.171.3.1.9
This group contains the notifications for the IPsec MIB.
NOTIFICATION-GROUP    

ipSecModeConfigGroup 1.3.6.1.3.171.3.1.10
This group consists of: 1) Global metrics about IKE Mode Configuration activity 2) Phase-1 IKE Tunnel-wise Mode Configuration metrics 3) Historical IKE Mode Configuration metrics on a per expired tunnel basis.
OBJECT-GROUP    

ipSecNewGrpGroup 1.3.6.1.3.171.3.1.11
This group consists of: 1) Global metrics about new group negotiations 2) Phase-1 IKE Tunnel-wise new group metrics 3) Historical new group metrics on a per tunnel basis. 4) Notifications pertaining to new grp failures.
OBJECT-GROUP    

deprecatedObjectGroup 1.3.6.1.3.171.3.1.12
A collection of objects that have bee deprecated.
OBJECT-GROUP