IPSEC-SA-MON-MIB
File:
IPSEC-SA-MON-MIB.mib (101499 bytes)
Imported modules
Imported symbols
Defined Types
IpsecSaCreatorIdent |
|
A value indicating how an SA was created. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), static(1), ike(2), other(3) |
|
IpsecIpv6Address |
|
This data type is used to model IPv6 addresses. This is a
binary string of 16 octets in network byte-order.
For implementations that do not support IPv6, this address
should appear as the 'IPv4-mapped IPv6 address' as defined
in Section 2.5.4 of [IPV6AA]. Specifically, the prefix
'0000:0000:0000:0000:0000:FFFF::/96' is used for IPv4
addresses. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(16) |
|
IpsecRawId |
|
This data type is used to model the ID values used by
entities that have negotiated and created SAs.
The values are taken directly from any payloads exchanged,
independent of the type of ID transmitted.
In some cases, the payload may be truncated. Note also that
some IDs have human readable forms that are not used by this
textual convention. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
IpsecSaEspInEntry |
|
SEQUENCE |
|
|
|
|
ipsecSaEspInAddress |
IpsecIpv6Address |
|
|
ipsecSaEspInSpi |
Unsigned32 |
|
|
ipsecSaEspInDestId |
IpsecRawId |
|
|
ipsecSaEspInDestIdType |
IpsecDoiIdentType |
|
|
ipsecSaEspInSourceId |
IpsecRawId |
|
|
ipsecSaEspInSourceIdType |
IpsecDoiIdentType |
|
|
ipsecSaEspInProtocol |
Integer32 |
|
|
ipsecSaEspInDestPort |
Integer32 |
|
|
ipsecSaEspInSourcePort |
Integer32 |
|
|
ipsecSaEspInCreator |
IpsecSaCreatorIdent |
|
|
ipsecSaEspInEncapsulation |
IpsecDoiEncapsulationMode |
|
|
ipsecSaEspInEncAlg |
IpsecDoiEspTransform |
|
|
ipsecSaEspInEncKeyLength |
Unsigned32 |
|
|
ipsecSaEspInAuthAlg |
IpsecDoiAuthAlgorithm |
|
|
ipsecSaEspInAuthKeyLength |
Unsigned32 |
|
|
ipsecSaEspInRepWinSize |
Unsigned32 |
|
|
ipsecSaEspInLimitSeconds |
Unsigned32 |
|
|
ipsecSaEspInLimitKbytes |
Unsigned32 |
|
|
ipsecSaEspInAccSeconds |
Counter32 |
|
|
ipsecSaEspInAccKbytes |
Counter32 |
|
|
ipsecSaEspInUserOctets |
Counter64 |
|
|
ipsecSaEspInPackets |
Counter64 |
|
|
ipsecSaEspInDecryptErrors |
Counter32 |
|
|
ipsecSaEspInAuthErrors |
Counter32 |
|
|
ipsecSaEspInReplayErrors |
Counter32 |
|
|
ipsecSaEspInPolicyErrors |
Counter32 |
|
|
ipsecSaEspInPadErrors |
Counter32 |
|
|
ipsecSaEspInOtherReceiveErrors |
Counter32 |
|
IpsecSaAhInEntry |
|
SEQUENCE |
|
|
|
|
ipsecSaAhInAddress |
IpsecIpv6Address |
|
|
ipsecSaAhInSpi |
Unsigned32 |
|
|
ipsecSaAhInDestId |
IpsecRawId |
|
|
ipsecSaAhInDestIdType |
IpsecDoiIdentType |
|
|
ipsecSaAhInSourceId |
IpsecRawId |
|
|
ipsecSaAhInSourceIdType |
IpsecDoiIdentType |
|
|
ipsecSaAhInProtocol |
Integer32 |
|
|
ipsecSaAhInDestPort |
Integer32 |
|
|
ipsecSaAhInSourcePort |
Integer32 |
|
|
ipsecSaAhInCreator |
IpsecSaCreatorIdent |
|
|
ipsecSaAhInEncapsulation |
IpsecDoiEncapsulationMode |
|
|
ipsecSaAhInAuthAlg |
IpsecDoiAhTransform |
|
|
ipsecSaAhInAuthKeyLength |
Unsigned32 |
|
|
ipsecSaAhInRepWinSize |
Unsigned32 |
|
|
ipsecSaAhInLimitSeconds |
Unsigned32 |
|
|
ipsecSaAhInLimitKbytes |
Unsigned32 |
|
|
ipsecSaAhInAccSeconds |
Counter32 |
|
|
ipsecSaAhInAccKbytes |
Counter32 |
|
|
ipsecSaAhInUserOctets |
Counter64 |
|
|
ipsecSaAhInPackets |
Counter64 |
|
|
ipsecSaAhInAuthErrors |
Counter32 |
|
|
ipsecSaAhInReplayErrors |
Counter32 |
|
|
ipsecSaAhInPolicyErrors |
Counter32 |
|
|
ipsecSaAhInOtherReceiveErrors |
Counter32 |
|
IpsecSaIpcompInEntry |
|
SEQUENCE |
|
|
|
|
ipsecSaIpcompInAddress |
IpsecIpv6Address |
|
|
ipsecSaIpcompInCpi |
IpsecDoiIpcompTransform |
|
|
ipsecSaIpcompInDestId |
IpsecRawId |
|
|
ipsecSaIpcompInDestIdType |
IpsecDoiIdentType |
|
|
ipsecSaIpcompInSourceId |
IpsecRawId |
|
|
ipsecSaIpcompInSourceIdType |
IpsecDoiIdentType |
|
|
ipsecSaIpcompInProtocol |
Integer32 |
|
|
ipsecSaIpcompInDestPort |
Integer32 |
|
|
ipsecSaIpcompInSourcePort |
Integer32 |
|
|
ipsecSaIpcompInCreator |
IpsecSaCreatorIdent |
|
|
ipsecSaIpcompInEncapsulation |
IpsecDoiEncapsulationMode |
|
|
ipsecSaIpcompInDecompAlg |
IpsecDoiIpcompTransform |
|
|
ipsecSaIpcompInSeconds |
Counter32 |
|
|
ipsecSaIpcompInUserOctets |
Counter64 |
|
|
ipsecSaIpcompInPackets |
Counter64 |
|
|
ipsecSaIpcompInDecompErrors |
Counter32 |
|
|
ipsecSaIpcompInOtherReceiveErrors |
Counter32 |
|
IpsecSaEspOutEntry |
|
SEQUENCE |
|
|
|
|
ipsecSaEspOutAddress |
IpsecIpv6Address |
|
|
ipsecSaEspOutSpi |
Unsigned32 |
|
|
ipsecSaEspOutSourceId |
IpsecRawId |
|
|
ipsecSaEspOutSourceIdType |
IpsecDoiIdentType |
|
|
ipsecSaEspOutDestId |
IpsecRawId |
|
|
ipsecSaEspOutDestIdType |
IpsecDoiIdentType |
|
|
ipsecSaEspOutProtocol |
Integer32 |
|
|
ipsecSaEspOutSourcePort |
Integer32 |
|
|
ipsecSaEspOutDestPort |
Integer32 |
|
|
ipsecSaEspOutCreator |
IpsecSaCreatorIdent |
|
|
ipsecSaEspOutEncapsulation |
IpsecDoiEncapsulationMode |
|
|
ipsecSaEspOutEncAlg |
IpsecDoiEspTransform |
|
|
ipsecSaEspOutEncKeyLength |
Unsigned32 |
|
|
ipsecSaEspOutAuthAlg |
IpsecDoiAuthAlgorithm |
|
|
ipsecSaEspOutAuthKeyLength |
Unsigned32 |
|
|
ipsecSaEspOutLimitSeconds |
Unsigned32 |
|
|
ipsecSaEspOutLimitKbytes |
Unsigned32 |
|
|
ipsecSaEspOutAccSeconds |
Counter32 |
|
|
ipsecSaEspOutAccKbytes |
Counter32 |
|
|
ipsecSaEspOutUserOctets |
Counter64 |
|
|
ipsecSaEspOutPackets |
Counter64 |
|
|
ipsecSaEspOutSendErrors |
Counter32 |
|
IpsecSaAhOutEntry |
|
SEQUENCE |
|
|
|
|
ipsecSaAhOutAddress |
IpsecIpv6Address |
|
|
ipsecSaAhOutSpi |
Unsigned32 |
|
|
ipsecSaAhOutSourceId |
IpsecRawId |
|
|
ipsecSaAhOutSourceIdType |
IpsecDoiIdentType |
|
|
ipsecSaAhOutDestId |
IpsecRawId |
|
|
ipsecSaAhOutDestIdType |
IpsecDoiIdentType |
|
|
ipsecSaAhOutProtocol |
Integer32 |
|
|
ipsecSaAhOutSourcePort |
Integer32 |
|
|
ipsecSaAhOutDestPort |
Integer32 |
|
|
ipsecSaAhOutCreator |
IpsecSaCreatorIdent |
|
|
ipsecSaAhOutEncapsulation |
IpsecDoiEncapsulationMode |
|
|
ipsecSaAhOutAuthAlg |
IpsecDoiAhTransform |
|
|
ipsecSaAhOutAuthKeyLength |
Unsigned32 |
|
|
ipsecSaAhOutLimitSeconds |
Unsigned32 |
|
|
ipsecSaAhOutLimitKbytes |
Unsigned32 |
|
|
ipsecSaAhOutAccSeconds |
Counter32 |
|
|
ipsecSaAhOutAccKbytes |
Counter32 |
|
|
ipsecSaAhOutUserOctets |
Counter64 |
|
|
ipsecSaAhOutPackets |
Counter64 |
|
|
ipsecSaAhOutSendErrors |
Counter32 |
|
IpsecSaIpcompOutEntry |
|
SEQUENCE |
|
|
|
|
ipsecSaIpcompOutAddress |
IpsecIpv6Address |
|
|
ipsecSaIpcompOutCpi |
IpsecDoiIpcompTransform |
|
|
ipsecSaIpcompOutSourceId |
IpsecRawId |
|
|
ipsecSaIpcompOutSourceIdType |
IpsecDoiIdentType |
|
|
ipsecSaIpcompOutDestId |
IpsecRawId |
|
|
ipsecSaIpcompOutDestIdType |
IpsecDoiIdentType |
|
|
ipsecSaIpcompOutProtocol |
Integer32 |
|
|
ipsecSaIpcompOutSourcePort |
Integer32 |
|
|
ipsecSaIpcompOutDestPort |
Integer32 |
|
|
ipsecSaIpcompOutCreator |
IpsecSaCreatorIdent |
|
|
ipsecSaIpcompOutEncapsulation |
IpsecDoiEncapsulationMode |
|
|
ipsecSaIpcompOutCompAlg |
IpsecDoiIpcompTransform |
|
|
ipsecSaIpcompOutSeconds |
Counter32 |
|
|
ipsecSaIpcompOutUserOctets |
Counter64 |
|
|
ipsecSaIpcompOutOutputOctets |
Counter64 |
|
|
ipsecSaIpcompOutPackets |
Counter64 |
|
Defined Values
ipsecSaMonModule |
1.3.6.1.3.98 |
The MIB module to describe generic IPsec objects, and
entity level objects and events for those types. |
MODULE-IDENTITY |
|
|
|
ipsecSaMonitorMIB |
1.3.6.1.3.98.1 |
This is the base object identifier for all IPsec branches. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
saTables |
1.3.6.1.3.98.1.1 |
This is the base object identifier for all SA tables. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
saStatistics |
1.3.6.1.3.98.1.2 |
This is the base object identifier for all objects which
are global counters for IPsec security associations. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
saErrors |
1.3.6.1.3.98.1.3 |
This is the base object identifier for all objects which
are global error counters for IPsec security associations. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
saTraps |
1.3.6.1.3.98.1.4 |
This is the base object identifier for all objects which
are traps for IPsec security associations. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
saTrapObjects |
1.3.6.1.3.98.1.5 |
This is the base object identifier for objects which are
used as part of traps. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
saTrapControl |
1.3.6.1.3.98.1.6 |
This is the base object identifier for all objects which
are trap controls for IPsec security associations. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
saGroups |
1.3.6.1.3.98.1.7 |
This is the base object identifier for all objects which
describe the groups in this MIB. |
Status: current |
Access: read-write |
OBJECT-IDENTITY |
|
|
|
ipsecSaEspInTable |
1.3.6.1.3.98.1.1.1 |
The (conceptual) table containing information on IPsec
inbound ESP SAs.
There should be one row for every inbound ESP security
association that exists in the entity. The maximum number of
rows is implementation dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpsecSaEspInEntry |
|
ipsecSaEspInEntry |
1.3.6.1.3.98.1.1.1.1 |
An entry (conceptual row) containing the information on a
particular IPsec inbound ESP SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecSaEspInEntry |
|
|
ipsecSaEspInAddress |
1.3.6.1.3.98.1.1.1.1.1 |
The destination address of the SA.
IPv4 entities will prefix the IP address with
'0000:0000:0000:0000:0000:FFFF::'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecIpv6Address |
|
|
ipsecSaEspInSpi |
1.3.6.1.3.98.1.1.1.1.2 |
The security parameters index of the SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaEspInDestId |
1.3.6.1.3.98.1.1.1.1.3 |
The destination identifier of the SA. It may be 0 if
unknown or if the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during SA creation negotiation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaEspInDestIdType |
1.3.6.1.3.98.1.1.1.1.4 |
The type of identifier presented by 'ipsecSaEspInDestId'.
It may be 0 if unknown or if the SA uses transport mode
encapsulation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaEspInSourceId |
1.3.6.1.3.98.1.1.1.1.5 |
The source identifier of the SA. It may be 0 if unknown or
if the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during SA creation negotiation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaEspInSourceIdType |
1.3.6.1.3.98.1.1.1.1.6 |
The type of identifier presented by 'ipsecSaEspInSourceId'.
It may be 0 if unknown or if the SA uses transport mode
encapsulation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaEspInProtocol |
1.3.6.1.3.98.1.1.1.1.7 |
The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
ipsecSaEspInDestPort |
1.3.6.1.3.98.1.1.1.1.8 |
The destination port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaEspInSourcePort |
1.3.6.1.3.98.1.1.1.1.9 |
The source port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaEspInCreator |
1.3.6.1.3.98.1.1.1.1.10 |
The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecSaCreatorIdent |
|
|
ipsecSaEspInEncAlg |
1.3.6.1.3.98.1.1.1.1.12 |
A unique value representing the encryption algorithm
applied to traffic or 0 if there is no encryption used. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiEspTransform |
|
|
ipsecSaEspInEncKeyLength |
1.3.6.1.3.98.1.1.1.1.13 |
The length of the encryption key in bits used for the
algorithm specified in the 'ipsecSaEspInEncAlg' object. It
may be 0 if the key length is implicit in the specified
algorithm or there is no encryption specified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..65531 |
|
ipsecSaEspInAuthAlg |
1.3.6.1.3.98.1.1.1.1.14 |
A unique value representing the hash algorithm applied to
traffic or 0 if there is no authentication used. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiAuthAlgorithm |
|
|
ipsecSaEspInAuthKeyLength |
1.3.6.1.3.98.1.1.1.1.15 |
The length of the authentication key in bits used for the
algorithm specified in the 'ipsecSaEspInAuthAlg'. It may be
0 if the key length is implicit in the specified algorithm
or there is no authentication specified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..65531 |
|
ipsecSaEspInRepWinSize |
1.3.6.1.3.98.1.1.1.1.16 |
The size of the anti-replay window used by this SA, or 0 if
anti-replay checking is not being done. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaEspInLimitSeconds |
1.3.6.1.3.98.1.1.1.1.17 |
The maximum lifetime in seconds of the SA, or 0 if there is
no time constraint on its expiration.
The display value is limited to 4294967295 seconds (more
than 136 years); values greater than that value will be
truncated. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaEspInLimitKbytes |
1.3.6.1.3.98.1.1.1.1.18 |
The maximum traffic in kilobytes that the SA is allowed to
process, or 0 if there is no traffic constraint on its
expiration.
The display value is limited to 4294967295 kilobytes; values
greater than that value will be truncated. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaEspInAccSeconds |
1.3.6.1.3.98.1.1.1.1.19 |
The number of seconds accumulated against the SA's
expiration by time.
This is also the number of seconds that the SA has existed. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaEspInAccKbytes |
1.3.6.1.3.98.1.1.1.1.20 |
The amount of traffic accumulated that counts against the
SA's expiration by traffic limitation, measured in
kilobytes.
This value may be 0 if the SA does not expire based on
traffic. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaEspInUserOctets |
1.3.6.1.3.98.1.1.1.1.21 |
The amount of user level traffic measured in bytes handled
by the SA. This is the number of bytes of the decrypted IP
packet, including the original IP header of that decrypted
packet.
This is not necessarily the same as the amount of traffic
applied against the traffic expiration limit due to padding
or other protocol specific overhead. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecSaEspInPackets |
1.3.6.1.3.98.1.1.1.1.22 |
The number of packets handled by the SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecSaEspInDecryptErrors |
1.3.6.1.3.98.1.1.1.1.23 |
The number of packets discarded by the SA due to detectable
decryption errors. Not all decryption errors are detectable
within SA processing, so this count should not be considered
definitive. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaEspInAuthErrors |
1.3.6.1.3.98.1.1.1.1.24 |
The number of packets discarded by the SA due to
authentication errors. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaEspInReplayErrors |
1.3.6.1.3.98.1.1.1.1.25 |
The number of packets discarded by the SA due to replay
errors. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaEspInPolicyErrors |
1.3.6.1.3.98.1.1.1.1.26 |
The number of packets discarded by the SA due to policy
errors. This includes packets where the next protocol is
invalid. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaEspInPadErrors |
1.3.6.1.3.98.1.1.1.1.27 |
The number of packets discarded by the SA due to pad value
errors.
Implementations that do not check this must not support this
object. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaEspInOtherReceiveErrors |
1.3.6.1.3.98.1.1.1.1.28 |
The number of packets discarded by the SA due to errors
other than decryption, authentication, replay errors or,
when supported, invalid padding errors. This may include
packets dropped due to a lack of receive buffers, and may
include packets dropped due to congestion at the decryption
element. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaAhInTable |
1.3.6.1.3.98.1.1.2 |
The (conceptual) table containing information on IPsec
inbound AH SAs.
There should be one row for every inbound AH security
association that exists in the entity. The maximum number of
rows is implementation dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpsecSaAhInEntry |
|
ipsecSaAhInEntry |
1.3.6.1.3.98.1.1.2.1 |
An entry (conceptual row) containing the information on a
particular IPsec inbound AH SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecSaAhInEntry |
|
|
ipsecSaAhInAddress |
1.3.6.1.3.98.1.1.2.1.1 |
The destination address of the SA.
IPv4 entities will prefix the IP address with
'0000:0000:0000:0000:0000:FFFF::'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecIpv6Address |
|
|
ipsecSaAhInSpi |
1.3.6.1.3.98.1.1.2.1.2 |
The security parameters index of the SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaAhInDestId |
1.3.6.1.3.98.1.1.2.1.3 |
The destination identifier of the SA. It may be 0 if
unknown or if the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during SA creation negotiation, or the
equivalent process. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaAhInDestIdType |
1.3.6.1.3.98.1.1.2.1.4 |
The type of identifier presented by 'ipsecSaAhInDestId'. It
may be 0 if unknown or if the SA uses transport mode
encapsulation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaAhInSourceId |
1.3.6.1.3.98.1.1.2.1.5 |
The source identifier of the SA. It may be 0 if unknown or
if the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during SA creation negotiation or the
equivelant process. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaAhInSourceIdType |
1.3.6.1.3.98.1.1.2.1.6 |
The type of identifier presented by 'ipsecSaAhInSourceId'.
It may be 0 if unknown or if the SA uses transport mode
encapsulation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaAhInProtocol |
1.3.6.1.3.98.1.1.2.1.7 |
The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
ipsecSaAhInDestPort |
1.3.6.1.3.98.1.1.2.1.8 |
The destination port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaAhInSourcePort |
1.3.6.1.3.98.1.1.2.1.9 |
The source port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaAhInCreator |
1.3.6.1.3.98.1.1.2.1.10 |
The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecSaCreatorIdent |
|
|
ipsecSaAhInAuthAlg |
1.3.6.1.3.98.1.1.2.1.12 |
A unique value representing the hash algorithm applied to
traffic carried by this SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiAhTransform |
|
|
ipsecSaAhInAuthKeyLength |
1.3.6.1.3.98.1.1.2.1.13 |
The length of the authentication key in bits used for the
algorithm specified in the 'ipsecSaAhInAuthAlg' object. It
may be 0 if the key length is implicit in the specified
algorithm. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..65531 |
|
ipsecSaAhInRepWinSize |
1.3.6.1.3.98.1.1.2.1.14 |
The size of the anti-replay window used by this SA, or 0 if
anti-replay checking is not being done. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaAhInLimitSeconds |
1.3.6.1.3.98.1.1.2.1.15 |
The maximum lifetime in seconds of the SA, or 0 if there is
no time constraint on its expiration.
The display value is limited to 4294967295 seconds (more
than 136 years); values greater than that value will be
truncated. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaAhInLimitKbytes |
1.3.6.1.3.98.1.1.2.1.16 |
The maximum traffic in bytes that the SA is allowed to
process, or 0 if there is no traffic constraint on its
expiration.
The display value is limited to 4294967295 kilobytes; values
greater than that value will be truncated. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaAhInAccSeconds |
1.3.6.1.3.98.1.1.2.1.17 |
The number of seconds accumulated against the SA's
expiration by time.
This is also the number of seconds that the SA has existed. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaAhInAccKbytes |
1.3.6.1.3.98.1.1.2.1.18 |
The amount of traffic accumulated that counts against the
SA's expiration by traffic limitation, measured in
kilobytes.
This value may be 0 if the SA does not expire based on
traffic. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaAhInUserOctets |
1.3.6.1.3.98.1.1.2.1.19 |
The amount of user level traffic measured in bytes handled
by the SA. This is the number of bytes of the de-processed
IP packet, including the original IP header of that de-
processed packet.
This is not necessarily the same as the amount of traffic
applied against the traffic expiration limit due to padding
or other protocol specific overhead. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecSaAhInPackets |
1.3.6.1.3.98.1.1.2.1.20 |
The number of packets handled by the SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecSaAhInAuthErrors |
1.3.6.1.3.98.1.1.2.1.21 |
The number of packets discarded by the SA due to
authentication errors. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaAhInReplayErrors |
1.3.6.1.3.98.1.1.2.1.22 |
The number of packets discarded by the SA due to replay
errors. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaAhInPolicyErrors |
1.3.6.1.3.98.1.1.2.1.23 |
The number of packets discarded by the SA due to policy
errors. This includes packets where the next protocol is
invalid. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaAhInOtherReceiveErrors |
1.3.6.1.3.98.1.1.2.1.24 |
The number of packets discarded by the SA due to errors
other than decryption, authentication or replay errors. This
may include packets dropped due to a lack of receive
buffers, and may include packets dropped due to congestion
at the authentication element. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaIpcompInTable |
1.3.6.1.3.98.1.1.3 |
The (conceptual) table containing information on IPsec
inbound IPcomp SAs.
There should be one row for every inbound IPcomp (security)
association that exists in the entity. The maximum number of
rows is implementation dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpsecSaIpcompInEntry |
|
ipsecSaIpcompInEntry |
1.3.6.1.3.98.1.1.3.1 |
An entry (conceptual row) containing the information on a
particular IPsec inbound IPcomp SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecSaIpcompInEntry |
|
|
ipsecSaIpcompInAddress |
1.3.6.1.3.98.1.1.3.1.1 |
The destination address of the SA.
IPv4 entities will prefix the IP address with
'0000:0000:0000:0000:0000:FFFF::'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecIpv6Address |
|
|
ipsecSaIpcompInCpi |
1.3.6.1.3.98.1.1.3.1.2 |
The CPI of the SA. Since the lower values of CPIs are
reserved to be the same as the algorithm, the syntax for
this object is the same as the transform. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIpcompTransform |
|
|
ipsecSaIpcompInDestId |
1.3.6.1.3.98.1.1.3.1.3 |
The destination identifier of the SA. It may be 0 if
unknown or if the SA uses transport mode, or 0 if this SA is
used with multiple SAs in security association suites.
This value, if non-zero, is taken directly from the optional
ID payloads that are exchanged during SA creation
negotiation, or the equivalent process. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaIpcompInDestIdType |
1.3.6.1.3.98.1.1.3.1.4 |
The type of identifier presented by
'ipsecSaIpcompInDestId'. It may be 0 if unknown or if the SA
uses transport mode, or if this SA is used with multiple SAs
in security association suites. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaIpcompInSourceId |
1.3.6.1.3.98.1.1.3.1.5 |
The source identifier of the SA. It may be 0 if unknown or
if the SA uses transport mode encapsulation, or 0 if this SA
is used with multiple SAs in security association suites.
This value, if non-zero, is taken directly from the optional
ID payloads that are exchanged during SA creation
negotiation, or the equivalent process. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaIpcompInSourceIdType |
1.3.6.1.3.98.1.1.3.1.6 |
The type of identifier presented by
'ipsecSaIpcompInSourceId'. It may be 0 if unknown or if the
SA uses transport mode encapsulation, or if this SA is used
with multiple SAs in security association suites. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaIpcompInProtocol |
1.3.6.1.3.98.1.1.3.1.7 |
The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
ipsecSaIpcompInDestPort |
1.3.6.1.3.98.1.1.3.1.8 |
The destination port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaIpcompInSourcePort |
1.3.6.1.3.98.1.1.3.1.9 |
The source port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaIpcompInCreator |
1.3.6.1.3.98.1.1.3.1.10 |
The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecSaCreatorIdent |
|
|
ipsecSaIpcompInUserOctets |
1.3.6.1.3.98.1.1.3.1.14 |
The amount of user level traffic measured in bytes handled
by the SA. This is the number of bytes of the uncompressed
IP packet, including the original IP header of that
uncompressed packet.
Packets which are not decompressed by the SA are not counted
in this total. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecSaIpcompInOtherReceiveErrors |
1.3.6.1.3.98.1.1.3.1.17 |
The number of packets discarded by the SA due to errors
other than decompression errors. This may include packets
dropped due to a lack of receive buffers, and packets
dropped due to congestion at the decompression element. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaEspOutTable |
1.3.6.1.3.98.1.1.4 |
The (conceptual) table containing information on IPsec
Outbound ESP SAs.
There should be one row for every outbound ESP security
association that exists in the entity. The maximum number of
rows is implementation dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpsecSaEspOutEntry |
|
ipsecSaEspOutEntry |
1.3.6.1.3.98.1.1.4.1 |
An entry (conceptual row) containing the information on a
particular IPsec Outbound ESP SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecSaEspOutEntry |
|
|
ipsecSaEspOutAddress |
1.3.6.1.3.98.1.1.4.1.1 |
The destination address of the SA.
IPv4 entities will prefix the IP address with
'0000:0000:0000:0000:0000:FFFF::'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecIpv6Address |
|
|
ipsecSaEspOutSpi |
1.3.6.1.3.98.1.1.4.1.2 |
The security parameters index of the SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaEspOutSourceId |
1.3.6.1.3.98.1.1.4.1.3 |
The source identifier of the SA. It may be 0 if unknown or
if the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations, or the
equivalent process. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaEspOutSourceIdType |
1.3.6.1.3.98.1.1.4.1.4 |
The type of identifier presented by
'ipsecSaEspOutSourceId'. It may be 0 if unknown or if the SA
uses transport mode encapsulation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaEspOutDestId |
1.3.6.1.3.98.1.1.4.1.5 |
The destination identifier of the SA. It may be 0 if
unknown or if the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations or the
equivalent process. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaEspOutDestIdType |
1.3.6.1.3.98.1.1.4.1.6 |
The type of identifier presented by 'ipsecSaEspOutDestId'.
It may be 0 if unknown or if the SA uses transport mode
encapsulation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaEspOutProtocol |
1.3.6.1.3.98.1.1.4.1.7 |
The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
ipsecSaEspOutSourcePort |
1.3.6.1.3.98.1.1.4.1.8 |
The source port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaEspOutDestPort |
1.3.6.1.3.98.1.1.4.1.9 |
The destination port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaEspOutCreator |
1.3.6.1.3.98.1.1.4.1.10 |
The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecSaCreatorIdent |
|
|
ipsecSaEspOutEncAlg |
1.3.6.1.3.98.1.1.4.1.12 |
A unique value representing the encryption algorithm
applied to traffic or 0 if there is no encryption used. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiEspTransform |
|
|
ipsecSaEspOutEncKeyLength |
1.3.6.1.3.98.1.1.4.1.13 |
The length of the encryption key in bits used for the
algorithm specified in the 'ipsecSaEspOutEncAlg' object. It
may be 0 if the key length is implicit in the specified
algorithm or there is no encryption specified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..65531 |
|
ipsecSaEspOutAuthAlg |
1.3.6.1.3.98.1.1.4.1.14 |
A unique value representing the hash algorithm applied to
traffic or 0 if there is no authentication used. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiAuthAlgorithm |
|
|
ipsecSaEspOutAuthKeyLength |
1.3.6.1.3.98.1.1.4.1.15 |
The length of the authentication key in bits used for the
algorithm specified in the 'ipsecSaEspOutAuthAlg' object. It
may be 0 if the key length is implicit in the specified
algorithm or there is no authentication specified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..65531 |
|
ipsecSaEspOutLimitSeconds |
1.3.6.1.3.98.1.1.4.1.16 |
The maximum lifetime in seconds of the SA, or 0 if there is
no time constraint on its expiration.
The display value is limited to 4294967295 seconds (more
than 136 years); values greater than that value will be
truncated. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaEspOutLimitKbytes |
1.3.6.1.3.98.1.1.4.1.17 |
The maximum traffic in bytes that the SA is allowed to
process, or 0 if there is no traffic constraint on its
expiration.
The display value is limited to 4294967295 kilobytes; values
greater than that value will be truncated. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaEspOutAccSeconds |
1.3.6.1.3.98.1.1.4.1.18 |
The number of seconds accumulated against the SA's
expiration by time.
This is also the number of seconds that the SA has existed. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaEspOutAccKbytes |
1.3.6.1.3.98.1.1.4.1.19 |
The amount of traffic accumulated that counts against the
SA's expiration by traffic limitation, measured in
kilobytes.
This value may be 0 if the SA does not expire based on
traffic. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaEspOutUserOctets |
1.3.6.1.3.98.1.1.4.1.20 |
The amount of user level traffic measured in bytes handled
by the SA. This is the number of bytes of the unencrypted IP
packet, including the original IP header of that unencrypted
packet.
This is not necessarily the same as the amount of traffic
applied against the traffic expiration limit due to padding
or other protocol specific overhead. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecSaEspOutSendErrors |
1.3.6.1.3.98.1.1.4.1.22 |
The number of packets discarded by the SA due to any error.
This may include errors due to a lack of transmit buffers. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaAhOutTable |
1.3.6.1.3.98.1.1.5 |
The (conceptual) table containing information on IPsec
Outbound AH SAs.
There should be one row for every outbound AH security
association that exists in the entity. The maximum number of
rows is implementation dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpsecSaAhOutEntry |
|
ipsecSaAhOutEntry |
1.3.6.1.3.98.1.1.5.1 |
An entry (conceptual row) containing the information on a
particular IPsec Outbound AH SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecSaAhOutEntry |
|
|
ipsecSaAhOutAddress |
1.3.6.1.3.98.1.1.5.1.1 |
The destination address of the SA.
IPv4 entities will prefix the IP address with
'0000:0000:0000:0000:0000:FFFF::'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecIpv6Address |
|
|
ipsecSaAhOutSpi |
1.3.6.1.3.98.1.1.5.1.2 |
The security parameters index of the SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaAhOutSourceId |
1.3.6.1.3.98.1.1.5.1.3 |
The source identifier of the SA. It may be 0 if unknown or
if the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations, or the
equivalent process. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaAhOutSourceIdType |
1.3.6.1.3.98.1.1.5.1.4 |
The type of identifier presented by 'ipsecSaAhOutSourceId'.
It may be 0 if unknown or if the SA uses transport mode
encapsulation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaAhOutDestId |
1.3.6.1.3.98.1.1.5.1.5 |
The destination identifier of the SA. It may be 0 if
unknown or if the SA uses transport mode encapsulation.
This value is taken directly from the optional ID payloads
that are exchanged during phase 2 negotiations, or the
equivalent process. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaAhOutDestIdType |
1.3.6.1.3.98.1.1.5.1.6 |
The type of identifier presented by 'ipsecSaAhOutDestId'.
It may be 0 if unknown or if the SA uses transport mode
encapsulation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaAhOutProtocol |
1.3.6.1.3.98.1.1.5.1.7 |
The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
ipsecSaAhOutSourcePort |
1.3.6.1.3.98.1.1.5.1.8 |
The source port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaAhOutDestPort |
1.3.6.1.3.98.1.1.5.1.9 |
The destination port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaAhOutCreator |
1.3.6.1.3.98.1.1.5.1.10 |
The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecSaCreatorIdent |
|
|
ipsecSaAhOutAuthAlg |
1.3.6.1.3.98.1.1.5.1.12 |
A unique value representing the hash algorithm applied to
traffic carried by this SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiAhTransform |
|
|
ipsecSaAhOutAuthKeyLength |
1.3.6.1.3.98.1.1.5.1.13 |
The length of the authentication key in bits used for the
algorithm specified in the 'ipsecSaAhOutAuthAlg' object. It
may be 0 if the key length is implicit in the specified
algorithm. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
0..65531 |
|
ipsecSaAhOutLimitSeconds |
1.3.6.1.3.98.1.1.5.1.14 |
The maximum lifetime in seconds of the SA, or 0 if there is
no time constraint on its expiration.
The display value is limited to 4294967295 seconds (more
than 136 years); values greater than that value will be
truncated. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaAhOutLimitKbytes |
1.3.6.1.3.98.1.1.5.1.15 |
The maximum traffic in bytes that the SA is allowed to
process, or 0 if there is no traffic constraint on its
expiration.
The display value is limited to 4294967295 kilobytes; values
greater than that value will be truncated. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecSaAhOutAccSeconds |
1.3.6.1.3.98.1.1.5.1.16 |
The number of seconds accumulated against the SA's
expiration by time.
This is also the number of seconds that the SA has existed. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaAhOutAccKbytes |
1.3.6.1.3.98.1.1.5.1.17 |
The amount of traffic accumulated that counts against the
SA's expiration by traffic limitation, measured in
kilobytes.
This value may be 0 if the SA does not expire based on
traffic. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaAhOutUserOctets |
1.3.6.1.3.98.1.1.5.1.18 |
The amount of user level traffic measured in bytes handled
by the SA. This is the number of bytes of the unprocessed IP
packet, including the original IP header of that unprocessed
packet.
This is not necessarily the same as the amount of traffic
applied against the traffic expiration limit due to padding
or other protocol specific overhead. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecSaAhOutPackets |
1.3.6.1.3.98.1.1.5.1.19 |
The number of packets handled by the SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecSaAhOutSendErrors |
1.3.6.1.3.98.1.1.5.1.20 |
The number of packets discarded by the SA due to any error.
This may include errors due to a lack of transmit buffers. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSaIpcompOutTable |
1.3.6.1.3.98.1.1.6 |
The (conceptual) table containing information on IPsec
Outbound IPcomp SAs.
There should be one row for every outbound IPcomp (security)
association that exists in the entity. The maximum number of
rows is implementation dependent. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
IpsecSaIpcompOutEntry |
|
ipsecSaIpcompOutEntry |
1.3.6.1.3.98.1.1.6.1 |
An entry (conceptual row) containing the information on a
particular IPsec Outbound IPcomp SA.
A row in this table cannot be created or deleted by SNMP
operations on columns of the table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
IpsecSaIpcompOutEntry |
|
|
ipsecSaIpcompOutAddress |
1.3.6.1.3.98.1.1.6.1.1 |
The destination address of the SA.
If the IPcomp SA is shared across multiple SAs in security
association suites, this value may be 0.
IPv4 entities will prefix the IP address with
'0000:0000:0000:0000:0000:FFFF::'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecIpv6Address |
|
|
ipsecSaIpcompOutCpi |
1.3.6.1.3.98.1.1.6.1.2 |
The CPI of the SA. Since the lower values of CPIs are
reserved to be the same as the algorithm, the syntax for
this object is the same as the transform. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIpcompTransform |
|
|
ipsecSaIpcompOutSourceId |
1.3.6.1.3.98.1.1.6.1.3 |
The source identifier of the SA. It may be 0 if unknown or
if the SA uses transport mode encapsulation, or if this SA
is used with multiple SAs in security association suites.
This value, if non-zero, is taken directly from the optional
ID payloads that are exchange during phase 2 negotiations or
the equivalent process. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaIpcompOutSourceIdType |
1.3.6.1.3.98.1.1.6.1.4 |
The type of identifier presented by
'ipsecSaIpcompOutSourceId'. It may be 0 if unknown or if the
SA uses transport mode encapsulation, or if this SA is used
with multiple SAs in security association suites. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaIpcompOutDestId |
1.3.6.1.3.98.1.1.6.1.5 |
The destination identifier of the SA. It may be 0 if
unknown or if the SA uses transport mode encapsulation, or
if this SA is used with multiple SAs in security association
suites.
This value, if non-zero, is taken directly from the optional
ID payloads that are exchange during phase 2 negotiations or
the equivalent process. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecRawId |
|
|
ipsecSaIpcompOutDestIdType |
1.3.6.1.3.98.1.1.6.1.6 |
The type of identifier presented by
'ipsecSaIpcompOutDestId', or 0 if unknown or if the SA uses
transport mode encapsulation, or 0 if this SA is used with
multiple SAs in security association suites. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecDoiIdentType |
|
|
ipsecSaIpcompOutProtocol |
1.3.6.1.3.98.1.1.6.1.7 |
The transport-layer protocol number that this SA carries,
or 0 if it carries any protocol. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
ipsecSaIpcompOutSourcePort |
1.3.6.1.3.98.1.1.6.1.8 |
The source port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaIpcompOutDestPort |
1.3.6.1.3.98.1.1.6.1.9 |
The destination port number of the protocol that this SA
carries, or 0 if it carries any port number. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
ipsecSaIpcompOutCreator |
1.3.6.1.3.98.1.1.6.1.10 |
The creator of this SA.
This MIB makes no assumptions about how the SAs are created.
They may be created statically, or by a key exchange
protocol such as IKE, or by some other method. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
IpsecSaCreatorIdent |
|
|
ipsecSaIpcompOutUserOctets |
1.3.6.1.3.98.1.1.6.1.14 |
The amount of user level traffic measured in bytes handled
by the SA. This is the number of bytes of the decompressed
IP packet, including the original IP header of that
decompressed packet. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecSaIpcompOutOutputOctets |
1.3.6.1.3.98.1.1.6.1.15 |
The amount of traffic measured in bytes output by the SA.
This includes byte counts from packets compressed by the SA
and also packets not modified by the SA.
This object can be divided into the
'ipsecSaIpcompOutUserOctets' object to get a compression
performance metric for the SA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecSaIpcompOutPackets |
1.3.6.1.3.98.1.1.6.1.16 |
The number of packets handled by the SA. This includes
packets that were both compressed and not compressed. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
ipsecEspTotalInboundSAs |
1.3.6.1.3.98.1.2.2 |
The total number of inbound ESP SAs created in the entity
since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecEspTotalOutboundSAs |
1.3.6.1.3.98.1.2.4 |
The total number of outbound ESP SAs created in the entity
since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecAhTotalInboundSAs |
1.3.6.1.3.98.1.2.6 |
The total number of inbound AH SAs created in the entity
since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecAhTotalOutboundSAs |
1.3.6.1.3.98.1.2.8 |
The total number of outbound AH SAs created in the entity
since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecIpcompTotalInboundSAs |
1.3.6.1.3.98.1.2.10 |
The total number of inbound IPcomp SAs created in the
entity since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecIpcompTotalOutboundSAs |
1.3.6.1.3.98.1.2.12 |
The total number of outbound IPcomp SAs created in the
entity since boot time. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecDecryptionErrors |
1.3.6.1.3.98.1.3.1 |
The total number of packets received by the entity in SAs
since boot time with detectable decryption errors. Not all
decryption errors are detectable within SA processing, so
this count should not be considered definitive. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecAuthenticationErrors |
1.3.6.1.3.98.1.3.2 |
The total number of packets received by the entity in SAs
since boot time with authentication errors.
This includes all packets in which the hash value is
determined to be invalid, for both ESP and AH SAs. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecReplayErrors |
1.3.6.1.3.98.1.3.3 |
The total number of packets received by the entity in SAs
since boot time with replay errors. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecPolicyErrors |
1.3.6.1.3.98.1.3.4 |
The total number of packets received by the entity in SAs
since boot time and discarded due to policy errors. This
includes packets that had selectors that were invalid for
the SA that carried them, and also includes packets that
arrived at the entity in the clear and that should have been
protected by IPsec or should have been dropped. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecOtherReceiveErrors |
1.3.6.1.3.98.1.3.5 |
The total number of packets received by the entity in SAs
since boot time and discarded due to errors not due to
decryption, authentication, replay or policy. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSendErrors |
1.3.6.1.3.98.1.3.6 |
The total number of packets to be sent by the entity in SAs
since boot time and discarded due to errors. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecUnknownSpiErrors |
1.3.6.1.3.98.1.3.7 |
The total number of packets received by the entity since
boot time with SPIs or CPIs that were not valid. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
ipsecSPI |
1.3.6.1.3.98.1.5.2 |
An SPI associated with a trap. Where the security protocol
associated with the trap is IPcomp, this value has a maximum
of 65535. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
ipsecLocalAddress |
1.3.6.1.3.98.1.5.3 |
A local IP address associated with the trap.
IPv4 entities will prefix the IP address with
'0000:0000:0000:0000:0000:FFFF::'. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
IpsecIpv6Address |
|
|
ipsecPeerAddress |
1.3.6.1.3.98.1.5.4 |
A peer IP address associated with the trap.
IPv4 entities will prefix the IP address with
'0000:0000:0000:0000:0000:FFFF::'. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
IpsecIpv6Address |
|
|
invalidSpiTrapEnable |
1.3.6.1.3.98.1.6.7 |
Indicates whether invalidSpiTrap traps should be
generated. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
espAuthFailureTrap |
1.3.6.1.3.98.1.4.0.1 |
IPsec packets with invalid hashes were found in an inbound
ESP SA. The total number of authentication errors
accumulated is sent for the specific row of the
'ipsecSaEspInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet. |
Status: current |
Access: read-write |
NOTIFICATION-TYPE |
|
|
|
ahAuthFailureTrap |
1.3.6.1.3.98.1.4.0.2 |
IPsec packets with invalid hashes were found in an inbound
AH SA. The total number of authentication errors accumulated
is sent for the specific row of the 'ipsecSaAhInTable' table
for the SA; this provides the identity of the SA in which
the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet. |
Status: current |
Access: read-write |
NOTIFICATION-TYPE |
|
|
|
espReplayFailureTrap |
1.3.6.1.3.98.1.4.0.3 |
IPsec packets with invalid sequence numbers were found in
an inbound ESP SA. The total number of replay errors
accumulated is sent for the specific row of the
'ipsecSaEspInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet. |
Status: current |
Access: read-write |
NOTIFICATION-TYPE |
|
|
|
ahReplayFailureTrap |
1.3.6.1.3.98.1.4.0.4 |
IPsec packets with invalid sequence numbers were found in
the specified AH SA. The total number of replay errors
accumulated is sent for the specific row of the
'ipsecSaAhInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet. |
Status: current |
Access: read-write |
NOTIFICATION-TYPE |
|
|
|
espPolicyFailureTrap |
1.3.6.1.3.98.1.4.0.5 |
IPsec packets carrying packets with invalid selectors for
the specified ESP SA were found. The total number of policy
errors accumulated is sent for the specific row of the
'ipsecSaEspInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet. |
Status: current |
Access: read-write |
NOTIFICATION-TYPE |
|
|
|
ahPolicyFailureTrap |
1.3.6.1.3.98.1.4.0.6 |
IPsec packets carrying packets with invalid selectors for
the specified AH SA were found. The total number of policy
errors accumulated is sent for the specific row of the
'ipsecSaAhInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet. |
Status: current |
Access: read-write |
NOTIFICATION-TYPE |
|
|
|
espInvalidSpiTrap |
1.3.6.1.3.98.1.4.0.7 |
A packet with an unknown SPI was detected from the
specified peer with the specified SPI using the specified
protocol. The destination address of the received packet is
specified by 'ipsecLocalAddress'.
The value 'ifIndex' may be 0 if this optional linkage is
unsupported.
If the object 'ipsecSecurityProtocol' has the value for
IPcomp, then the 'ipsecSPI' object is the CPI of the packet.
Implementations SHOULD send one trap per peer (within a
reasonable time period), rather than sending one trap per
packet. |
Status: current |
Access: read-write |
NOTIFICATION-TYPE |
|
|
|
otherPolicyFailureTrap |
1.3.6.1.3.98.1.4.0.8 |
Clear packets were found that should not have been sent to
the entity in the clear. The total number of policy errors
accumulated by the entity is sent, along with the source and
destination addresses of the packet that triggered the trap.
Implementations SHOULD send one trap per source address pair
(within a reasonable time period), rather than sending one
trap per packet. |
Status: current |
Access: read-write |
NOTIFICATION-TYPE |
|
|
|
ipsecSaEspGroup |
1.3.6.1.3.98.1.7.1 |
A collection of objects that describe the state of the
security associations of the ESP protocol. |
Status: current |
Access: read-write |
OBJECT-GROUP |
|
|
|
ipsecSaAhGroup |
1.3.6.1.3.98.1.7.2 |
A collection of objects that describe the state of the
security associations of the AH protocol. |
Status: current |
Access: read-write |
OBJECT-GROUP |
|
|
|
ipsecSaIpcompGroup |
1.3.6.1.3.98.1.7.3 |
A collection of objects that describe the state of the
security associations of the IPComp protocol. |
Status: current |
Access: read-write |
OBJECT-GROUP |
|
|
|
ipsecSaErrorsGroup |
1.3.6.1.3.98.1.7.4 |
A collection of objects providing global IPsec error
counters. |
Status: current |
Access: read-write |
OBJECT-GROUP |
|
|
|
ipsecSaFailureTrapEnableGroup |
1.3.6.1.3.98.1.7.5 |
A collection of objects providing control over trap
generation. |
Status: current |
Access: read-write |
OBJECT-GROUP |
|
|
|
ipsecSaTrapArgumentGroup |
1.3.6.1.3.98.1.7.6 |
A collection of objects used only as arguments in traps. |
Status: current |
Access: read-write |
OBJECT-GROUP |
|
|
|
ipsecSaFailureTrapGroup |
1.3.6.1.3.98.1.7.7 |
A collection of traps. |
Status: current |
Access: read-write |
NOTIFICATION-GROUP |
|
|
|
ipsecSaMonitorCompliance |
1.3.6.1.3.98.1.8.1 |
The compliance statement for SNMPv2 entities which
implement the IPsec Monitoring MIB. |
Status: current |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|