IPSEC-SA-MON-MIB

File: IPSEC-SA-MON-MIB.mib (101499 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
IF-MIB IPSEC-ISAKMP-IKE-DOI-TC

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Counter32
Gauge32 Integer32 Unsigned32
NOTIFICATION-TYPE OBJECT-IDENTITY Counter64
experimental TEXTUAL-CONVENTION TruthValue
OBJECT-GROUP NOTIFICATION-GROUP MODULE-COMPLIANCE
ifIndex IpsecDoiIdentType IpsecDoiEncapsulationMode
IpsecDoiEspTransform IpsecDoiAhTransform IpsecDoiAuthAlgorithm
IpsecDoiIpcompTransform IpsecDoiSecProtocolId

Defined Types

IpsecSaCreatorIdent  
A value indicating how an SA was created.
TEXTUAL-CONVENTION    
  INTEGER unknown(0), static(1), ike(2), other(3)  

IpsecIpv6Address  
This data type is used to model IPv6 addresses. This is a binary string of 16 octets in network byte-order. For implementations that do not support IPv6, this address should appear as the 'IPv4-mapped IPv6 address' as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF::/96' is used for IPv4 addresses.
TEXTUAL-CONVENTION    
  OCTET STRING Size(16)  

IpsecRawId  
This data type is used to model the ID values used by entities that have negotiated and created SAs. The values are taken directly from any payloads exchanged, independent of the type of ID transmitted. In some cases, the payload may be truncated. Note also that some IDs have human readable forms that are not used by this textual convention.
TEXTUAL-CONVENTION    
  OCTET STRING Size(0..255)  

IpsecSaEspInEntry  
SEQUENCE    
  ipsecSaEspInAddress IpsecIpv6Address
  ipsecSaEspInSpi Unsigned32
  ipsecSaEspInDestId IpsecRawId
  ipsecSaEspInDestIdType IpsecDoiIdentType
  ipsecSaEspInSourceId IpsecRawId
  ipsecSaEspInSourceIdType IpsecDoiIdentType
  ipsecSaEspInProtocol Integer32
  ipsecSaEspInDestPort Integer32
  ipsecSaEspInSourcePort Integer32
  ipsecSaEspInCreator IpsecSaCreatorIdent
  ipsecSaEspInEncapsulation IpsecDoiEncapsulationMode
  ipsecSaEspInEncAlg IpsecDoiEspTransform
  ipsecSaEspInEncKeyLength Unsigned32
  ipsecSaEspInAuthAlg IpsecDoiAuthAlgorithm
  ipsecSaEspInAuthKeyLength Unsigned32
  ipsecSaEspInRepWinSize Unsigned32
  ipsecSaEspInLimitSeconds Unsigned32
  ipsecSaEspInLimitKbytes Unsigned32
  ipsecSaEspInAccSeconds Counter32
  ipsecSaEspInAccKbytes Counter32
  ipsecSaEspInUserOctets Counter64
  ipsecSaEspInPackets Counter64
  ipsecSaEspInDecryptErrors Counter32
  ipsecSaEspInAuthErrors Counter32
  ipsecSaEspInReplayErrors Counter32
  ipsecSaEspInPolicyErrors Counter32
  ipsecSaEspInPadErrors Counter32
  ipsecSaEspInOtherReceiveErrors Counter32

IpsecSaAhInEntry  
SEQUENCE    
  ipsecSaAhInAddress IpsecIpv6Address
  ipsecSaAhInSpi Unsigned32
  ipsecSaAhInDestId IpsecRawId
  ipsecSaAhInDestIdType IpsecDoiIdentType
  ipsecSaAhInSourceId IpsecRawId
  ipsecSaAhInSourceIdType IpsecDoiIdentType
  ipsecSaAhInProtocol Integer32
  ipsecSaAhInDestPort Integer32
  ipsecSaAhInSourcePort Integer32
  ipsecSaAhInCreator IpsecSaCreatorIdent
  ipsecSaAhInEncapsulation IpsecDoiEncapsulationMode
  ipsecSaAhInAuthAlg IpsecDoiAhTransform
  ipsecSaAhInAuthKeyLength Unsigned32
  ipsecSaAhInRepWinSize Unsigned32
  ipsecSaAhInLimitSeconds Unsigned32
  ipsecSaAhInLimitKbytes Unsigned32
  ipsecSaAhInAccSeconds Counter32
  ipsecSaAhInAccKbytes Counter32
  ipsecSaAhInUserOctets Counter64
  ipsecSaAhInPackets Counter64
  ipsecSaAhInAuthErrors Counter32
  ipsecSaAhInReplayErrors Counter32
  ipsecSaAhInPolicyErrors Counter32
  ipsecSaAhInOtherReceiveErrors Counter32

IpsecSaIpcompInEntry  
SEQUENCE    
  ipsecSaIpcompInAddress IpsecIpv6Address
  ipsecSaIpcompInCpi IpsecDoiIpcompTransform
  ipsecSaIpcompInDestId IpsecRawId
  ipsecSaIpcompInDestIdType IpsecDoiIdentType
  ipsecSaIpcompInSourceId IpsecRawId
  ipsecSaIpcompInSourceIdType IpsecDoiIdentType
  ipsecSaIpcompInProtocol Integer32
  ipsecSaIpcompInDestPort Integer32
  ipsecSaIpcompInSourcePort Integer32
  ipsecSaIpcompInCreator IpsecSaCreatorIdent
  ipsecSaIpcompInEncapsulation IpsecDoiEncapsulationMode
  ipsecSaIpcompInDecompAlg IpsecDoiIpcompTransform
  ipsecSaIpcompInSeconds Counter32
  ipsecSaIpcompInUserOctets Counter64
  ipsecSaIpcompInPackets Counter64
  ipsecSaIpcompInDecompErrors Counter32
  ipsecSaIpcompInOtherReceiveErrors Counter32

IpsecSaEspOutEntry  
SEQUENCE    
  ipsecSaEspOutAddress IpsecIpv6Address
  ipsecSaEspOutSpi Unsigned32
  ipsecSaEspOutSourceId IpsecRawId
  ipsecSaEspOutSourceIdType IpsecDoiIdentType
  ipsecSaEspOutDestId IpsecRawId
  ipsecSaEspOutDestIdType IpsecDoiIdentType
  ipsecSaEspOutProtocol Integer32
  ipsecSaEspOutSourcePort Integer32
  ipsecSaEspOutDestPort Integer32
  ipsecSaEspOutCreator IpsecSaCreatorIdent
  ipsecSaEspOutEncapsulation IpsecDoiEncapsulationMode
  ipsecSaEspOutEncAlg IpsecDoiEspTransform
  ipsecSaEspOutEncKeyLength Unsigned32
  ipsecSaEspOutAuthAlg IpsecDoiAuthAlgorithm
  ipsecSaEspOutAuthKeyLength Unsigned32
  ipsecSaEspOutLimitSeconds Unsigned32
  ipsecSaEspOutLimitKbytes Unsigned32
  ipsecSaEspOutAccSeconds Counter32
  ipsecSaEspOutAccKbytes Counter32
  ipsecSaEspOutUserOctets Counter64
  ipsecSaEspOutPackets Counter64
  ipsecSaEspOutSendErrors Counter32

IpsecSaAhOutEntry  
SEQUENCE    
  ipsecSaAhOutAddress IpsecIpv6Address
  ipsecSaAhOutSpi Unsigned32
  ipsecSaAhOutSourceId IpsecRawId
  ipsecSaAhOutSourceIdType IpsecDoiIdentType
  ipsecSaAhOutDestId IpsecRawId
  ipsecSaAhOutDestIdType IpsecDoiIdentType
  ipsecSaAhOutProtocol Integer32
  ipsecSaAhOutSourcePort Integer32
  ipsecSaAhOutDestPort Integer32
  ipsecSaAhOutCreator IpsecSaCreatorIdent
  ipsecSaAhOutEncapsulation IpsecDoiEncapsulationMode
  ipsecSaAhOutAuthAlg IpsecDoiAhTransform
  ipsecSaAhOutAuthKeyLength Unsigned32
  ipsecSaAhOutLimitSeconds Unsigned32
  ipsecSaAhOutLimitKbytes Unsigned32
  ipsecSaAhOutAccSeconds Counter32
  ipsecSaAhOutAccKbytes Counter32
  ipsecSaAhOutUserOctets Counter64
  ipsecSaAhOutPackets Counter64
  ipsecSaAhOutSendErrors Counter32

IpsecSaIpcompOutEntry  
SEQUENCE    
  ipsecSaIpcompOutAddress IpsecIpv6Address
  ipsecSaIpcompOutCpi IpsecDoiIpcompTransform
  ipsecSaIpcompOutSourceId IpsecRawId
  ipsecSaIpcompOutSourceIdType IpsecDoiIdentType
  ipsecSaIpcompOutDestId IpsecRawId
  ipsecSaIpcompOutDestIdType IpsecDoiIdentType
  ipsecSaIpcompOutProtocol Integer32
  ipsecSaIpcompOutSourcePort Integer32
  ipsecSaIpcompOutDestPort Integer32
  ipsecSaIpcompOutCreator IpsecSaCreatorIdent
  ipsecSaIpcompOutEncapsulation IpsecDoiEncapsulationMode
  ipsecSaIpcompOutCompAlg IpsecDoiIpcompTransform
  ipsecSaIpcompOutSeconds Counter32
  ipsecSaIpcompOutUserOctets Counter64
  ipsecSaIpcompOutOutputOctets Counter64
  ipsecSaIpcompOutPackets Counter64

Defined Values

ipsecSaMonModule 1.3.6.1.3.98
The MIB module to describe generic IPsec objects, and entity level objects and events for those types.
MODULE-IDENTITY    

ipsecSaMonitorMIB 1.3.6.1.3.98.1
This is the base object identifier for all IPsec branches.
OBJECT-IDENTITY    

saTables 1.3.6.1.3.98.1.1
This is the base object identifier for all SA tables.
OBJECT-IDENTITY    

saStatistics 1.3.6.1.3.98.1.2
This is the base object identifier for all objects which are global counters for IPsec security associations.
OBJECT-IDENTITY    

saErrors 1.3.6.1.3.98.1.3
This is the base object identifier for all objects which are global error counters for IPsec security associations.
OBJECT-IDENTITY    

saTraps 1.3.6.1.3.98.1.4
This is the base object identifier for all objects which are traps for IPsec security associations.
OBJECT-IDENTITY    

saTrapObjects 1.3.6.1.3.98.1.5
This is the base object identifier for objects which are used as part of traps.
OBJECT-IDENTITY    

saTrapControl 1.3.6.1.3.98.1.6
This is the base object identifier for all objects which are trap controls for IPsec security associations.
OBJECT-IDENTITY    

saGroups 1.3.6.1.3.98.1.7
This is the base object identifier for all objects which describe the groups in this MIB.
OBJECT-IDENTITY    

saConformance 1.3.6.1.3.98.1.8
This is the base object identifier for all objects which describe the conformance for this MIB.
OBJECT-IDENTITY    

ipsecSaEspInTable 1.3.6.1.3.98.1.1.1
The (conceptual) table containing information on IPsec inbound ESP SAs. There should be one row for every inbound ESP security association that exists in the entity. The maximum number of rows is implementation dependent.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecSaEspInEntry

ipsecSaEspInEntry 1.3.6.1.3.98.1.1.1.1
An entry (conceptual row) containing the information on a particular IPsec inbound ESP SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table.
OBJECT-TYPE    
  IpsecSaEspInEntry  

ipsecSaEspInAddress 1.3.6.1.3.98.1.1.1.1.1
The destination address of the SA. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'.
OBJECT-TYPE    
  IpsecIpv6Address  

ipsecSaEspInSpi 1.3.6.1.3.98.1.1.1.1.2
The security parameters index of the SA.
OBJECT-TYPE    
  Unsigned32  

ipsecSaEspInDestId 1.3.6.1.3.98.1.1.1.1.3
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during SA creation negotiation.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaEspInDestIdType 1.3.6.1.3.98.1.1.1.1.4
The type of identifier presented by 'ipsecSaEspInDestId'. It may be 0 if unknown or if the SA uses transport mode encapsulation.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaEspInSourceId 1.3.6.1.3.98.1.1.1.1.5
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during SA creation negotiation.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaEspInSourceIdType 1.3.6.1.3.98.1.1.1.1.6
The type of identifier presented by 'ipsecSaEspInSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaEspInProtocol 1.3.6.1.3.98.1.1.1.1.7
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol.
OBJECT-TYPE    
  Integer32 0..255  

ipsecSaEspInDestPort 1.3.6.1.3.98.1.1.1.1.8
The destination port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaEspInSourcePort 1.3.6.1.3.98.1.1.1.1.9
The source port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaEspInCreator 1.3.6.1.3.98.1.1.1.1.10
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method.
OBJECT-TYPE    
  IpsecSaCreatorIdent  

ipsecSaEspInEncapsulation 1.3.6.1.3.98.1.1.1.1.11
The type of encapsulation used by this SA.
OBJECT-TYPE    
  IpsecDoiEncapsulationMode  

ipsecSaEspInEncAlg 1.3.6.1.3.98.1.1.1.1.12
A unique value representing the encryption algorithm applied to traffic or 0 if there is no encryption used.
OBJECT-TYPE    
  IpsecDoiEspTransform  

ipsecSaEspInEncKeyLength 1.3.6.1.3.98.1.1.1.1.13
The length of the encryption key in bits used for the algorithm specified in the 'ipsecSaEspInEncAlg' object. It may be 0 if the key length is implicit in the specified algorithm or there is no encryption specified.
OBJECT-TYPE    
  Unsigned32 0..65531  

ipsecSaEspInAuthAlg 1.3.6.1.3.98.1.1.1.1.14
A unique value representing the hash algorithm applied to traffic or 0 if there is no authentication used.
OBJECT-TYPE    
  IpsecDoiAuthAlgorithm  

ipsecSaEspInAuthKeyLength 1.3.6.1.3.98.1.1.1.1.15
The length of the authentication key in bits used for the algorithm specified in the 'ipsecSaEspInAuthAlg'. It may be 0 if the key length is implicit in the specified algorithm or there is no authentication specified.
OBJECT-TYPE    
  Unsigned32 0..65531  

ipsecSaEspInRepWinSize 1.3.6.1.3.98.1.1.1.1.16
The size of the anti-replay window used by this SA, or 0 if anti-replay checking is not being done.
OBJECT-TYPE    
  Unsigned32  

ipsecSaEspInLimitSeconds 1.3.6.1.3.98.1.1.1.1.17
The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated.
OBJECT-TYPE    
  Unsigned32  

ipsecSaEspInLimitKbytes 1.3.6.1.3.98.1.1.1.1.18
The maximum traffic in kilobytes that the SA is allowed to process, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated.
OBJECT-TYPE    
  Unsigned32  

ipsecSaEspInAccSeconds 1.3.6.1.3.98.1.1.1.1.19
The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed.
OBJECT-TYPE    
  Counter32  

ipsecSaEspInAccKbytes 1.3.6.1.3.98.1.1.1.1.20
The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in kilobytes. This value may be 0 if the SA does not expire based on traffic.
OBJECT-TYPE    
  Counter32  

ipsecSaEspInUserOctets 1.3.6.1.3.98.1.1.1.1.21
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the decrypted IP packet, including the original IP header of that decrypted packet. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit due to padding or other protocol specific overhead.
OBJECT-TYPE    
  Counter64  

ipsecSaEspInPackets 1.3.6.1.3.98.1.1.1.1.22
The number of packets handled by the SA.
OBJECT-TYPE    
  Counter64  

ipsecSaEspInDecryptErrors 1.3.6.1.3.98.1.1.1.1.23
The number of packets discarded by the SA due to detectable decryption errors. Not all decryption errors are detectable within SA processing, so this count should not be considered definitive.
OBJECT-TYPE    
  Counter32  

ipsecSaEspInAuthErrors 1.3.6.1.3.98.1.1.1.1.24
The number of packets discarded by the SA due to authentication errors.
OBJECT-TYPE    
  Counter32  

ipsecSaEspInReplayErrors 1.3.6.1.3.98.1.1.1.1.25
The number of packets discarded by the SA due to replay errors.
OBJECT-TYPE    
  Counter32  

ipsecSaEspInPolicyErrors 1.3.6.1.3.98.1.1.1.1.26
The number of packets discarded by the SA due to policy errors. This includes packets where the next protocol is invalid.
OBJECT-TYPE    
  Counter32  

ipsecSaEspInPadErrors 1.3.6.1.3.98.1.1.1.1.27
The number of packets discarded by the SA due to pad value errors. Implementations that do not check this must not support this object.
OBJECT-TYPE    
  Counter32  

ipsecSaEspInOtherReceiveErrors 1.3.6.1.3.98.1.1.1.1.28
The number of packets discarded by the SA due to errors other than decryption, authentication, replay errors or, when supported, invalid padding errors. This may include packets dropped due to a lack of receive buffers, and may include packets dropped due to congestion at the decryption element.
OBJECT-TYPE    
  Counter32  

ipsecSaAhInTable 1.3.6.1.3.98.1.1.2
The (conceptual) table containing information on IPsec inbound AH SAs. There should be one row for every inbound AH security association that exists in the entity. The maximum number of rows is implementation dependent.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecSaAhInEntry

ipsecSaAhInEntry 1.3.6.1.3.98.1.1.2.1
An entry (conceptual row) containing the information on a particular IPsec inbound AH SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table.
OBJECT-TYPE    
  IpsecSaAhInEntry  

ipsecSaAhInAddress 1.3.6.1.3.98.1.1.2.1.1
The destination address of the SA. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'.
OBJECT-TYPE    
  IpsecIpv6Address  

ipsecSaAhInSpi 1.3.6.1.3.98.1.1.2.1.2
The security parameters index of the SA.
OBJECT-TYPE    
  Unsigned32  

ipsecSaAhInDestId 1.3.6.1.3.98.1.1.2.1.3
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during SA creation negotiation, or the equivalent process.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaAhInDestIdType 1.3.6.1.3.98.1.1.2.1.4
The type of identifier presented by 'ipsecSaAhInDestId'. It may be 0 if unknown or if the SA uses transport mode encapsulation.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaAhInSourceId 1.3.6.1.3.98.1.1.2.1.5
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during SA creation negotiation or the equivelant process.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaAhInSourceIdType 1.3.6.1.3.98.1.1.2.1.6
The type of identifier presented by 'ipsecSaAhInSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaAhInProtocol 1.3.6.1.3.98.1.1.2.1.7
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol.
OBJECT-TYPE    
  Integer32 0..255  

ipsecSaAhInDestPort 1.3.6.1.3.98.1.1.2.1.8
The destination port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaAhInSourcePort 1.3.6.1.3.98.1.1.2.1.9
The source port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaAhInCreator 1.3.6.1.3.98.1.1.2.1.10
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method.
OBJECT-TYPE    
  IpsecSaCreatorIdent  

ipsecSaAhInEncapsulation 1.3.6.1.3.98.1.1.2.1.11
The type of encapsulation used by this SA.
OBJECT-TYPE    
  IpsecDoiEncapsulationMode  

ipsecSaAhInAuthAlg 1.3.6.1.3.98.1.1.2.1.12
A unique value representing the hash algorithm applied to traffic carried by this SA.
OBJECT-TYPE    
  IpsecDoiAhTransform  

ipsecSaAhInAuthKeyLength 1.3.6.1.3.98.1.1.2.1.13
The length of the authentication key in bits used for the algorithm specified in the 'ipsecSaAhInAuthAlg' object. It may be 0 if the key length is implicit in the specified algorithm.
OBJECT-TYPE    
  Unsigned32 0..65531  

ipsecSaAhInRepWinSize 1.3.6.1.3.98.1.1.2.1.14
The size of the anti-replay window used by this SA, or 0 if anti-replay checking is not being done.
OBJECT-TYPE    
  Unsigned32  

ipsecSaAhInLimitSeconds 1.3.6.1.3.98.1.1.2.1.15
The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated.
OBJECT-TYPE    
  Unsigned32  

ipsecSaAhInLimitKbytes 1.3.6.1.3.98.1.1.2.1.16
The maximum traffic in bytes that the SA is allowed to process, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated.
OBJECT-TYPE    
  Unsigned32  

ipsecSaAhInAccSeconds 1.3.6.1.3.98.1.1.2.1.17
The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed.
OBJECT-TYPE    
  Counter32  

ipsecSaAhInAccKbytes 1.3.6.1.3.98.1.1.2.1.18
The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in kilobytes. This value may be 0 if the SA does not expire based on traffic.
OBJECT-TYPE    
  Counter32  

ipsecSaAhInUserOctets 1.3.6.1.3.98.1.1.2.1.19
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the de-processed IP packet, including the original IP header of that de- processed packet. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit due to padding or other protocol specific overhead.
OBJECT-TYPE    
  Counter64  

ipsecSaAhInPackets 1.3.6.1.3.98.1.1.2.1.20
The number of packets handled by the SA.
OBJECT-TYPE    
  Counter64  

ipsecSaAhInAuthErrors 1.3.6.1.3.98.1.1.2.1.21
The number of packets discarded by the SA due to authentication errors.
OBJECT-TYPE    
  Counter32  

ipsecSaAhInReplayErrors 1.3.6.1.3.98.1.1.2.1.22
The number of packets discarded by the SA due to replay errors.
OBJECT-TYPE    
  Counter32  

ipsecSaAhInPolicyErrors 1.3.6.1.3.98.1.1.2.1.23
The number of packets discarded by the SA due to policy errors. This includes packets where the next protocol is invalid.
OBJECT-TYPE    
  Counter32  

ipsecSaAhInOtherReceiveErrors 1.3.6.1.3.98.1.1.2.1.24
The number of packets discarded by the SA due to errors other than decryption, authentication or replay errors. This may include packets dropped due to a lack of receive buffers, and may include packets dropped due to congestion at the authentication element.
OBJECT-TYPE    
  Counter32  

ipsecSaIpcompInTable 1.3.6.1.3.98.1.1.3
The (conceptual) table containing information on IPsec inbound IPcomp SAs. There should be one row for every inbound IPcomp (security) association that exists in the entity. The maximum number of rows is implementation dependent.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecSaIpcompInEntry

ipsecSaIpcompInEntry 1.3.6.1.3.98.1.1.3.1
An entry (conceptual row) containing the information on a particular IPsec inbound IPcomp SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table.
OBJECT-TYPE    
  IpsecSaIpcompInEntry  

ipsecSaIpcompInAddress 1.3.6.1.3.98.1.1.3.1.1
The destination address of the SA. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'.
OBJECT-TYPE    
  IpsecIpv6Address  

ipsecSaIpcompInCpi 1.3.6.1.3.98.1.1.3.1.2
The CPI of the SA. Since the lower values of CPIs are reserved to be the same as the algorithm, the syntax for this object is the same as the transform.
OBJECT-TYPE    
  IpsecDoiIpcompTransform  

ipsecSaIpcompInDestId 1.3.6.1.3.98.1.1.3.1.3
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode, or 0 if this SA is used with multiple SAs in security association suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchanged during SA creation negotiation, or the equivalent process.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaIpcompInDestIdType 1.3.6.1.3.98.1.1.3.1.4
The type of identifier presented by 'ipsecSaIpcompInDestId'. It may be 0 if unknown or if the SA uses transport mode, or if this SA is used with multiple SAs in security association suites.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaIpcompInSourceId 1.3.6.1.3.98.1.1.3.1.5
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation, or 0 if this SA is used with multiple SAs in security association suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchanged during SA creation negotiation, or the equivalent process.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaIpcompInSourceIdType 1.3.6.1.3.98.1.1.3.1.6
The type of identifier presented by 'ipsecSaIpcompInSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation, or if this SA is used with multiple SAs in security association suites.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaIpcompInProtocol 1.3.6.1.3.98.1.1.3.1.7
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol.
OBJECT-TYPE    
  Integer32 0..255  

ipsecSaIpcompInDestPort 1.3.6.1.3.98.1.1.3.1.8
The destination port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaIpcompInSourcePort 1.3.6.1.3.98.1.1.3.1.9
The source port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaIpcompInCreator 1.3.6.1.3.98.1.1.3.1.10
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method.
OBJECT-TYPE    
  IpsecSaCreatorIdent  

ipsecSaIpcompInEncapsulation 1.3.6.1.3.98.1.1.3.1.11
The type of encapsulation used by this SA.
OBJECT-TYPE    
  IpsecDoiEncapsulationMode  

ipsecSaIpcompInDecompAlg 1.3.6.1.3.98.1.1.3.1.12
A unique value representing the decompression algorithm applied to traffic.
OBJECT-TYPE    
  IpsecDoiIpcompTransform  

ipsecSaIpcompInSeconds 1.3.6.1.3.98.1.1.3.1.13
The number of seconds that the SA has existed.
OBJECT-TYPE    
  Counter32  

ipsecSaIpcompInUserOctets 1.3.6.1.3.98.1.1.3.1.14
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the uncompressed IP packet, including the original IP header of that uncompressed packet. Packets which are not decompressed by the SA are not counted in this total.
OBJECT-TYPE    
  Counter64  

ipsecSaIpcompInPackets 1.3.6.1.3.98.1.1.3.1.15
The number of packets handled by the SA.
OBJECT-TYPE    
  Counter64  

ipsecSaIpcompInDecompErrors 1.3.6.1.3.98.1.1.3.1.16
The number of packets discarded by the SA due to decompression errors.
OBJECT-TYPE    
  Counter32  

ipsecSaIpcompInOtherReceiveErrors 1.3.6.1.3.98.1.1.3.1.17
The number of packets discarded by the SA due to errors other than decompression errors. This may include packets dropped due to a lack of receive buffers, and packets dropped due to congestion at the decompression element.
OBJECT-TYPE    
  Counter32  

ipsecSaEspOutTable 1.3.6.1.3.98.1.1.4
The (conceptual) table containing information on IPsec Outbound ESP SAs. There should be one row for every outbound ESP security association that exists in the entity. The maximum number of rows is implementation dependent.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecSaEspOutEntry

ipsecSaEspOutEntry 1.3.6.1.3.98.1.1.4.1
An entry (conceptual row) containing the information on a particular IPsec Outbound ESP SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table.
OBJECT-TYPE    
  IpsecSaEspOutEntry  

ipsecSaEspOutAddress 1.3.6.1.3.98.1.1.4.1.1
The destination address of the SA. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'.
OBJECT-TYPE    
  IpsecIpv6Address  

ipsecSaEspOutSpi 1.3.6.1.3.98.1.1.4.1.2
The security parameters index of the SA.
OBJECT-TYPE    
  Unsigned32  

ipsecSaEspOutSourceId 1.3.6.1.3.98.1.1.4.1.3
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during phase 2 negotiations, or the equivalent process.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaEspOutSourceIdType 1.3.6.1.3.98.1.1.4.1.4
The type of identifier presented by 'ipsecSaEspOutSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaEspOutDestId 1.3.6.1.3.98.1.1.4.1.5
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during phase 2 negotiations or the equivalent process.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaEspOutDestIdType 1.3.6.1.3.98.1.1.4.1.6
The type of identifier presented by 'ipsecSaEspOutDestId'. It may be 0 if unknown or if the SA uses transport mode encapsulation.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaEspOutProtocol 1.3.6.1.3.98.1.1.4.1.7
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol.
OBJECT-TYPE    
  Integer32 0..255  

ipsecSaEspOutSourcePort 1.3.6.1.3.98.1.1.4.1.8
The source port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaEspOutDestPort 1.3.6.1.3.98.1.1.4.1.9
The destination port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaEspOutCreator 1.3.6.1.3.98.1.1.4.1.10
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method.
OBJECT-TYPE    
  IpsecSaCreatorIdent  

ipsecSaEspOutEncapsulation 1.3.6.1.3.98.1.1.4.1.11
The type of encapsulation used by this SA.
OBJECT-TYPE    
  IpsecDoiEncapsulationMode  

ipsecSaEspOutEncAlg 1.3.6.1.3.98.1.1.4.1.12
A unique value representing the encryption algorithm applied to traffic or 0 if there is no encryption used.
OBJECT-TYPE    
  IpsecDoiEspTransform  

ipsecSaEspOutEncKeyLength 1.3.6.1.3.98.1.1.4.1.13
The length of the encryption key in bits used for the algorithm specified in the 'ipsecSaEspOutEncAlg' object. It may be 0 if the key length is implicit in the specified algorithm or there is no encryption specified.
OBJECT-TYPE    
  Unsigned32 0..65531  

ipsecSaEspOutAuthAlg 1.3.6.1.3.98.1.1.4.1.14
A unique value representing the hash algorithm applied to traffic or 0 if there is no authentication used.
OBJECT-TYPE    
  IpsecDoiAuthAlgorithm  

ipsecSaEspOutAuthKeyLength 1.3.6.1.3.98.1.1.4.1.15
The length of the authentication key in bits used for the algorithm specified in the 'ipsecSaEspOutAuthAlg' object. It may be 0 if the key length is implicit in the specified algorithm or there is no authentication specified.
OBJECT-TYPE    
  Unsigned32 0..65531  

ipsecSaEspOutLimitSeconds 1.3.6.1.3.98.1.1.4.1.16
The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated.
OBJECT-TYPE    
  Unsigned32  

ipsecSaEspOutLimitKbytes 1.3.6.1.3.98.1.1.4.1.17
The maximum traffic in bytes that the SA is allowed to process, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated.
OBJECT-TYPE    
  Unsigned32  

ipsecSaEspOutAccSeconds 1.3.6.1.3.98.1.1.4.1.18
The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed.
OBJECT-TYPE    
  Counter32  

ipsecSaEspOutAccKbytes 1.3.6.1.3.98.1.1.4.1.19
The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in kilobytes. This value may be 0 if the SA does not expire based on traffic.
OBJECT-TYPE    
  Counter32  

ipsecSaEspOutUserOctets 1.3.6.1.3.98.1.1.4.1.20
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the unencrypted IP packet, including the original IP header of that unencrypted packet. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit due to padding or other protocol specific overhead.
OBJECT-TYPE    
  Counter64  

ipsecSaEspOutPackets 1.3.6.1.3.98.1.1.4.1.21
The number of packets handled by the SA.
OBJECT-TYPE    
  Counter64  

ipsecSaEspOutSendErrors 1.3.6.1.3.98.1.1.4.1.22
The number of packets discarded by the SA due to any error. This may include errors due to a lack of transmit buffers.
OBJECT-TYPE    
  Counter32  

ipsecSaAhOutTable 1.3.6.1.3.98.1.1.5
The (conceptual) table containing information on IPsec Outbound AH SAs. There should be one row for every outbound AH security association that exists in the entity. The maximum number of rows is implementation dependent.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecSaAhOutEntry

ipsecSaAhOutEntry 1.3.6.1.3.98.1.1.5.1
An entry (conceptual row) containing the information on a particular IPsec Outbound AH SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table.
OBJECT-TYPE    
  IpsecSaAhOutEntry  

ipsecSaAhOutAddress 1.3.6.1.3.98.1.1.5.1.1
The destination address of the SA. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'.
OBJECT-TYPE    
  IpsecIpv6Address  

ipsecSaAhOutSpi 1.3.6.1.3.98.1.1.5.1.2
The security parameters index of the SA.
OBJECT-TYPE    
  Unsigned32  

ipsecSaAhOutSourceId 1.3.6.1.3.98.1.1.5.1.3
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during phase 2 negotiations, or the equivalent process.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaAhOutSourceIdType 1.3.6.1.3.98.1.1.5.1.4
The type of identifier presented by 'ipsecSaAhOutSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaAhOutDestId 1.3.6.1.3.98.1.1.5.1.5
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during phase 2 negotiations, or the equivalent process.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaAhOutDestIdType 1.3.6.1.3.98.1.1.5.1.6
The type of identifier presented by 'ipsecSaAhOutDestId'. It may be 0 if unknown or if the SA uses transport mode encapsulation.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaAhOutProtocol 1.3.6.1.3.98.1.1.5.1.7
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol.
OBJECT-TYPE    
  Integer32 0..255  

ipsecSaAhOutSourcePort 1.3.6.1.3.98.1.1.5.1.8
The source port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaAhOutDestPort 1.3.6.1.3.98.1.1.5.1.9
The destination port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaAhOutCreator 1.3.6.1.3.98.1.1.5.1.10
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method.
OBJECT-TYPE    
  IpsecSaCreatorIdent  

ipsecSaAhOutEncapsulation 1.3.6.1.3.98.1.1.5.1.11
The type of encapsulation used by this SA.
OBJECT-TYPE    
  IpsecDoiEncapsulationMode  

ipsecSaAhOutAuthAlg 1.3.6.1.3.98.1.1.5.1.12
A unique value representing the hash algorithm applied to traffic carried by this SA.
OBJECT-TYPE    
  IpsecDoiAhTransform  

ipsecSaAhOutAuthKeyLength 1.3.6.1.3.98.1.1.5.1.13
The length of the authentication key in bits used for the algorithm specified in the 'ipsecSaAhOutAuthAlg' object. It may be 0 if the key length is implicit in the specified algorithm.
OBJECT-TYPE    
  Unsigned32 0..65531  

ipsecSaAhOutLimitSeconds 1.3.6.1.3.98.1.1.5.1.14
The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated.
OBJECT-TYPE    
  Unsigned32  

ipsecSaAhOutLimitKbytes 1.3.6.1.3.98.1.1.5.1.15
The maximum traffic in bytes that the SA is allowed to process, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated.
OBJECT-TYPE    
  Unsigned32  

ipsecSaAhOutAccSeconds 1.3.6.1.3.98.1.1.5.1.16
The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed.
OBJECT-TYPE    
  Counter32  

ipsecSaAhOutAccKbytes 1.3.6.1.3.98.1.1.5.1.17
The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in kilobytes. This value may be 0 if the SA does not expire based on traffic.
OBJECT-TYPE    
  Counter32  

ipsecSaAhOutUserOctets 1.3.6.1.3.98.1.1.5.1.18
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the unprocessed IP packet, including the original IP header of that unprocessed packet. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit due to padding or other protocol specific overhead.
OBJECT-TYPE    
  Counter64  

ipsecSaAhOutPackets 1.3.6.1.3.98.1.1.5.1.19
The number of packets handled by the SA.
OBJECT-TYPE    
  Counter64  

ipsecSaAhOutSendErrors 1.3.6.1.3.98.1.1.5.1.20
The number of packets discarded by the SA due to any error. This may include errors due to a lack of transmit buffers.
OBJECT-TYPE    
  Counter32  

ipsecSaIpcompOutTable 1.3.6.1.3.98.1.1.6
The (conceptual) table containing information on IPsec Outbound IPcomp SAs. There should be one row for every outbound IPcomp (security) association that exists in the entity. The maximum number of rows is implementation dependent.
OBJECT-TYPE    
  SEQUENCE OF  
    IpsecSaIpcompOutEntry

ipsecSaIpcompOutEntry 1.3.6.1.3.98.1.1.6.1
An entry (conceptual row) containing the information on a particular IPsec Outbound IPcomp SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table.
OBJECT-TYPE    
  IpsecSaIpcompOutEntry  

ipsecSaIpcompOutAddress 1.3.6.1.3.98.1.1.6.1.1
The destination address of the SA. If the IPcomp SA is shared across multiple SAs in security association suites, this value may be 0. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'.
OBJECT-TYPE    
  IpsecIpv6Address  

ipsecSaIpcompOutCpi 1.3.6.1.3.98.1.1.6.1.2
The CPI of the SA. Since the lower values of CPIs are reserved to be the same as the algorithm, the syntax for this object is the same as the transform.
OBJECT-TYPE    
  IpsecDoiIpcompTransform  

ipsecSaIpcompOutSourceId 1.3.6.1.3.98.1.1.6.1.3
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation, or if this SA is used with multiple SAs in security association suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchange during phase 2 negotiations or the equivalent process.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaIpcompOutSourceIdType 1.3.6.1.3.98.1.1.6.1.4
The type of identifier presented by 'ipsecSaIpcompOutSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation, or if this SA is used with multiple SAs in security association suites.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaIpcompOutDestId 1.3.6.1.3.98.1.1.6.1.5
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation, or if this SA is used with multiple SAs in security association suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchange during phase 2 negotiations or the equivalent process.
OBJECT-TYPE    
  IpsecRawId  

ipsecSaIpcompOutDestIdType 1.3.6.1.3.98.1.1.6.1.6
The type of identifier presented by 'ipsecSaIpcompOutDestId', or 0 if unknown or if the SA uses transport mode encapsulation, or 0 if this SA is used with multiple SAs in security association suites.
OBJECT-TYPE    
  IpsecDoiIdentType  

ipsecSaIpcompOutProtocol 1.3.6.1.3.98.1.1.6.1.7
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol.
OBJECT-TYPE    
  Integer32 0..255  

ipsecSaIpcompOutSourcePort 1.3.6.1.3.98.1.1.6.1.8
The source port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaIpcompOutDestPort 1.3.6.1.3.98.1.1.6.1.9
The destination port number of the protocol that this SA carries, or 0 if it carries any port number.
OBJECT-TYPE    
  Integer32 0..65535  

ipsecSaIpcompOutCreator 1.3.6.1.3.98.1.1.6.1.10
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method.
OBJECT-TYPE    
  IpsecSaCreatorIdent  

ipsecSaIpcompOutEncapsulation 1.3.6.1.3.98.1.1.6.1.11
The type of encapsulation used by this SA.
OBJECT-TYPE    
  IpsecDoiEncapsulationMode  

ipsecSaIpcompOutCompAlg 1.3.6.1.3.98.1.1.6.1.12
A unique value representing the compression algorithm applied to traffic.
OBJECT-TYPE    
  IpsecDoiIpcompTransform  

ipsecSaIpcompOutSeconds 1.3.6.1.3.98.1.1.6.1.13
The number of seconds that the SA has existed.
OBJECT-TYPE    
  Counter32  

ipsecSaIpcompOutUserOctets 1.3.6.1.3.98.1.1.6.1.14
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the decompressed IP packet, including the original IP header of that decompressed packet.
OBJECT-TYPE    
  Counter64  

ipsecSaIpcompOutOutputOctets 1.3.6.1.3.98.1.1.6.1.15
The amount of traffic measured in bytes output by the SA. This includes byte counts from packets compressed by the SA and also packets not modified by the SA. This object can be divided into the 'ipsecSaIpcompOutUserOctets' object to get a compression performance metric for the SA.
OBJECT-TYPE    
  Counter64  

ipsecSaIpcompOutPackets 1.3.6.1.3.98.1.1.6.1.16
The number of packets handled by the SA. This includes packets that were both compressed and not compressed.
OBJECT-TYPE    
  Counter64  

ipsecEspCurrentInboundSAs 1.3.6.1.3.98.1.2.1
The current number of inbound ESP SAs in the entity.
OBJECT-TYPE    
  Gauge32  

ipsecEspTotalInboundSAs 1.3.6.1.3.98.1.2.2
The total number of inbound ESP SAs created in the entity since boot time.
OBJECT-TYPE    
  Counter32  

ipsecEspCurrentOutboundSAs 1.3.6.1.3.98.1.2.3
The current number of outbound ESP SAs in the entity.
OBJECT-TYPE    
  Gauge32  

ipsecEspTotalOutboundSAs 1.3.6.1.3.98.1.2.4
The total number of outbound ESP SAs created in the entity since boot time.
OBJECT-TYPE    
  Counter32  

ipsecAhCurrentInboundSAs 1.3.6.1.3.98.1.2.5
The current number of inbound AH SAs in the entity.
OBJECT-TYPE    
  Gauge32  

ipsecAhTotalInboundSAs 1.3.6.1.3.98.1.2.6
The total number of inbound AH SAs created in the entity since boot time.
OBJECT-TYPE    
  Counter32  

ipsecAhCurrentOutboundSAs 1.3.6.1.3.98.1.2.7
The current number of outbound AH SAs in the entity.
OBJECT-TYPE    
  Gauge32  

ipsecAhTotalOutboundSAs 1.3.6.1.3.98.1.2.8
The total number of outbound AH SAs created in the entity since boot time.
OBJECT-TYPE    
  Counter32  

ipsecIpcompCurrentInboundSAs 1.3.6.1.3.98.1.2.9
The current number of inbound IPcomp SAs in the entity.
OBJECT-TYPE    
  Gauge32  

ipsecIpcompTotalInboundSAs 1.3.6.1.3.98.1.2.10
The total number of inbound IPcomp SAs created in the entity since boot time.
OBJECT-TYPE    
  Counter32  

ipsecIpcompCurrentOutboundSAs 1.3.6.1.3.98.1.2.11
The current number of outbound IPcomp SAs in the entity.
OBJECT-TYPE    
  Gauge32  

ipsecIpcompTotalOutboundSAs 1.3.6.1.3.98.1.2.12
The total number of outbound IPcomp SAs created in the entity since boot time.
OBJECT-TYPE    
  Counter32  

ipsecDecryptionErrors 1.3.6.1.3.98.1.3.1
The total number of packets received by the entity in SAs since boot time with detectable decryption errors. Not all decryption errors are detectable within SA processing, so this count should not be considered definitive.
OBJECT-TYPE    
  Counter32  

ipsecAuthenticationErrors 1.3.6.1.3.98.1.3.2
The total number of packets received by the entity in SAs since boot time with authentication errors. This includes all packets in which the hash value is determined to be invalid, for both ESP and AH SAs.
OBJECT-TYPE    
  Counter32  

ipsecReplayErrors 1.3.6.1.3.98.1.3.3
The total number of packets received by the entity in SAs since boot time with replay errors.
OBJECT-TYPE    
  Counter32  

ipsecPolicyErrors 1.3.6.1.3.98.1.3.4
The total number of packets received by the entity in SAs since boot time and discarded due to policy errors. This includes packets that had selectors that were invalid for the SA that carried them, and also includes packets that arrived at the entity in the clear and that should have been protected by IPsec or should have been dropped.
OBJECT-TYPE    
  Counter32  

ipsecOtherReceiveErrors 1.3.6.1.3.98.1.3.5
The total number of packets received by the entity in SAs since boot time and discarded due to errors not due to decryption, authentication, replay or policy.
OBJECT-TYPE    
  Counter32  

ipsecSendErrors 1.3.6.1.3.98.1.3.6
The total number of packets to be sent by the entity in SAs since boot time and discarded due to errors.
OBJECT-TYPE    
  Counter32  

ipsecUnknownSpiErrors 1.3.6.1.3.98.1.3.7
The total number of packets received by the entity since boot time with SPIs or CPIs that were not valid.
OBJECT-TYPE    
  Counter32  

ipsecSecurityProtocol 1.3.6.1.3.98.1.5.1
A security protocol associated with the trap.
OBJECT-TYPE    
  IpsecDoiSecProtocolId  

ipsecSPI 1.3.6.1.3.98.1.5.2
An SPI associated with a trap. Where the security protocol associated with the trap is IPcomp, this value has a maximum of 65535.
OBJECT-TYPE    
  Unsigned32  

ipsecLocalAddress 1.3.6.1.3.98.1.5.3
A local IP address associated with the trap. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'.
OBJECT-TYPE    
  IpsecIpv6Address  

ipsecPeerAddress 1.3.6.1.3.98.1.5.4
A peer IP address associated with the trap. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'.
OBJECT-TYPE    
  IpsecIpv6Address  

espAuthFailureTrapEnable 1.3.6.1.3.98.1.6.1
Indicates whether espAuthFailureTrap traps should be generated.
OBJECT-TYPE    
  TruthValue  

ahAuthFailureTrapEnable 1.3.6.1.3.98.1.6.2
Indicates whether ahAuthFailureTrap traps should be generated.
OBJECT-TYPE    
  TruthValue  

espReplayFailureTrapEnable 1.3.6.1.3.98.1.6.3
Indicates whether espReplayFailureTrap traps should be generated.
OBJECT-TYPE    
  TruthValue  

ahReplayFailureTrapEnable 1.3.6.1.3.98.1.6.4
Indicates whether ahReplayFailureTrap traps should be generated.
OBJECT-TYPE    
  TruthValue  

espPolicyFailureTrapEnable 1.3.6.1.3.98.1.6.5
Indicates whether espPolicyFailureTrap traps should be generated.
OBJECT-TYPE    
  TruthValue  

ahPolicyFailureTrapEnable 1.3.6.1.3.98.1.6.6
Indicates whether ahPolicyFailureTrap traps should be generated.
OBJECT-TYPE    
  TruthValue  

invalidSpiTrapEnable 1.3.6.1.3.98.1.6.7
Indicates whether invalidSpiTrap traps should be generated.
OBJECT-TYPE    
  TruthValue  

otherPolicyFailureTrapEnable 1.3.6.1.3.98.1.6.8
Indicates whether otherPolicyFailureTrap traps should be generated.
OBJECT-TYPE    
  TruthValue  

espAuthFailureTrap 1.3.6.1.3.98.1.4.0.1
IPsec packets with invalid hashes were found in an inbound ESP SA. The total number of authentication errors accumulated is sent for the specific row of the 'ipsecSaEspInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet.
NOTIFICATION-TYPE    

ahAuthFailureTrap 1.3.6.1.3.98.1.4.0.2
IPsec packets with invalid hashes were found in an inbound AH SA. The total number of authentication errors accumulated is sent for the specific row of the 'ipsecSaAhInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet.
NOTIFICATION-TYPE    

espReplayFailureTrap 1.3.6.1.3.98.1.4.0.3
IPsec packets with invalid sequence numbers were found in an inbound ESP SA. The total number of replay errors accumulated is sent for the specific row of the 'ipsecSaEspInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet.
NOTIFICATION-TYPE    

ahReplayFailureTrap 1.3.6.1.3.98.1.4.0.4
IPsec packets with invalid sequence numbers were found in the specified AH SA. The total number of replay errors accumulated is sent for the specific row of the 'ipsecSaAhInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet.
NOTIFICATION-TYPE    

espPolicyFailureTrap 1.3.6.1.3.98.1.4.0.5
IPsec packets carrying packets with invalid selectors for the specified ESP SA were found. The total number of policy errors accumulated is sent for the specific row of the 'ipsecSaEspInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet.
NOTIFICATION-TYPE    

ahPolicyFailureTrap 1.3.6.1.3.98.1.4.0.6
IPsec packets carrying packets with invalid selectors for the specified AH SA were found. The total number of policy errors accumulated is sent for the specific row of the 'ipsecSaAhInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet.
NOTIFICATION-TYPE    

espInvalidSpiTrap 1.3.6.1.3.98.1.4.0.7
A packet with an unknown SPI was detected from the specified peer with the specified SPI using the specified protocol. The destination address of the received packet is specified by 'ipsecLocalAddress'. The value 'ifIndex' may be 0 if this optional linkage is unsupported. If the object 'ipsecSecurityProtocol' has the value for IPcomp, then the 'ipsecSPI' object is the CPI of the packet. Implementations SHOULD send one trap per peer (within a reasonable time period), rather than sending one trap per packet.
NOTIFICATION-TYPE    

otherPolicyFailureTrap 1.3.6.1.3.98.1.4.0.8
Clear packets were found that should not have been sent to the entity in the clear. The total number of policy errors accumulated by the entity is sent, along with the source and destination addresses of the packet that triggered the trap. Implementations SHOULD send one trap per source address pair (within a reasonable time period), rather than sending one trap per packet.
NOTIFICATION-TYPE    

ipsecSaEspGroup 1.3.6.1.3.98.1.7.1
A collection of objects that describe the state of the security associations of the ESP protocol.
OBJECT-GROUP    

ipsecSaAhGroup 1.3.6.1.3.98.1.7.2
A collection of objects that describe the state of the security associations of the AH protocol.
OBJECT-GROUP    

ipsecSaIpcompGroup 1.3.6.1.3.98.1.7.3
A collection of objects that describe the state of the security associations of the IPComp protocol.
OBJECT-GROUP    

ipsecSaErrorsGroup 1.3.6.1.3.98.1.7.4
A collection of objects providing global IPsec error counters.
OBJECT-GROUP    

ipsecSaFailureTrapEnableGroup 1.3.6.1.3.98.1.7.5
A collection of objects providing control over trap generation.
OBJECT-GROUP    

ipsecSaTrapArgumentGroup 1.3.6.1.3.98.1.7.6
A collection of objects used only as arguments in traps.
OBJECT-GROUP    

ipsecSaFailureTrapGroup 1.3.6.1.3.98.1.7.7
A collection of traps.
NOTIFICATION-GROUP    

ipsecSaMonitorCompliance 1.3.6.1.3.98.1.8.1
The compliance statement for SNMPv2 entities which implement the IPsec Monitoring MIB.
MODULE-COMPLIANCE