AVAYA-IPSEC-MIB

File: AVAYA-IPSEC-MIB.mib (91651 bytes)

Imported modules

AVAYAGEN-MIB SNMPv2-CONF SNMPv2-SMI
SNMPv2-TC

Imported symbols

avGatewayMibs OBJECT-GROUP MODULE-COMPLIANCE
IpAddress Integer32 Unsigned32
Gauge32 Counter32 OBJECT-TYPE
MODULE-IDENTITY NOTIFICATION-TYPE RowStatus
DisplayString TruthValue TimeStamp
TEXTUAL-CONVENTION

Defined Types

DiffHellmanGrp  
The Diffie Hellman Group used in negotiations.
TEXTUAL-CONVENTION    
  INTEGER dhGroup1(1), dhGroup2(2), dhGroup5(5), dhGroup14(14), dhGroup15(15), dhGroup16(16), dhGroup17(17), dhGroup18(18), none(255)  

IkeEncryptAlgo  
Values for encryption algorithms negotiated for the ISAKMP SA by IKE in Phase I. These are values for SA Attribute type Encryption Algorithm (1).
TEXTUAL-CONVENTION    
  INTEGER des(2), des3(3), aes(4), aes192(5), aes256(6), none(255)  

IkeHashAlgo  
Values for hash algorithms negotiated for the ISAKMP SA by IKE in Phase I. These are values for SA Attribute type Hash Algorithm (2).
TEXTUAL-CONVENTION    
  INTEGER none(1), md5(2), sha(3)  

EspHashTransform  
The ESP Authentication Algorithm used in the IPsec DOI as a SA Attributes definition in the Transform Payload of Phase II of an IKE negotiation. This set of values defines the AH authentication algorithm, when the associated Proposal Payload has a Protocol-ID of 2 (AH). This set of values defines the ESP authentication algorithm, when the associated Proposal Payload has a Protocol-ID of 3 (ESP).
TEXTUAL-CONVENTION    
  INTEGER none(1), md5(2), sha(3)  

EspEncrTransform  
The values of the IPsec DOI ESP Transform Identifier which identify a particular algorithm to be used to provide secrecy protection for ESP. It is used in the Transform-ID field of a ISAKMP Transform Payload for the IPsec DOI, when the Protocol-Id of the associated Proposal Payload is 2 (AH), 3 (ESP), and 4 (IPCOMP).
TEXTUAL-CONVENTION    
  INTEGER null(1), des(2), des3(3), aes(4), aes192(5), aes256(6), none(255)  

IsakmpIdentityType  
This TC provides the semantics for a column with IsakmpIdentityValue TC. Wherever this TC is used, there should be an accompanying column which uses the IsakmpIdentityValue TC to specify the data for which the semantics apply. Values in the range [1..255] is the IPsec DOI Identification Type that is an 8-bit value which is used in the ID Type field as a discriminant for interpretation of the variable-length Identification Payload. Values in the range [256..260] are reserved for the following semantics, which can be used for local and remote peers: none(256) - this object is empty. peerGroup(257) - IsakmpIdentityValue is a peer-group name. Values in the range [261..Max] are reserved for the following semantics, which can be used for local peers only: ifName(270) - an interface name, which IP address is used as the local-peer's ID.
TEXTUAL-CONVENTION    
  INTEGER ipv4Address(1), fqdn(2), userFqdn(3), none(256), peerGroup(257), ifName(270)  

IsakmpIdentityValue  
IsakmpIdentityValue contains a string encoded Identity Type value to be used in comparisons against an IKE Identity payload. Wherever this TC is used, there should be an accompanying column which uses the IsakmpIdentityType TC to specify the type of data in this object. See the IsakmpIdentityType TC for the supported identity types available. Note that the IsakmpIdentityType TC specifies how to encode binary values, while this object will contain human readable string versions.
TEXTUAL-CONVENTION    
  OCTET STRING Size(1..110)  

IsakmpDpdKeepaliveMetric  
Specifies the type of worry-metric to be used for DPD.
TEXTUAL-CONVENTION    
  INTEGER disabled(1), onDemand(2), periodic(3)  

IpsecEncapMode  
IPSec encapsulation mode.
TEXTUAL-CONVENTION    
  INTEGER tunnel(1), transport(2)  

AvipsIsakmpPeerEntry  
SEQUENCE    
  avipsIsakmpPeerIdType IsakmpIdentityType
  avipsIsakmpPeerId IsakmpIdentityValue
  avipsIsakmpPeerDescription DisplayString
  avipsIsakmpPeerIsaPlcyId1 Integer32
  avipsIsakmpPeerInitiateMode INTEGER
  avipsIsakmpPeerSelfIdType IsakmpIdentityType
  avipsIsakmpPeerSelfId IsakmpIdentityValue
  avipsIsakmpPeerKeepaliveMetric IsakmpDpdKeepaliveMetric
  avipsIsakmpPeerKeepaliveInterval Integer32
  avipsIsakmpPeerKeepaliveRetryInterval Integer32
  avipsIsakmpPeerKeepaliveTrackId Integer32
  avipsIsakmpPeerContChannel TruthValue
  avipsIsakmpPeerRowStatus RowStatus
  avipsIsakmpPeerGroupFailbacktoPrimaryInterval Integer32

AvipsPeerGroupPeersEntry  
SEQUENCE    
  avipsPeerGroupPeersPGrpName DisplayString
  avipsPeerGroupPeersPeerIndex Integer32
  avipsPeerGroupPeersPIdType IsakmpIdentityType
  avipsPeerGroupPeersPIdValue IsakmpIdentityValue
  avipsPeerGroupPeersRowStatus RowStatus

AvipsIsakmpPlcyEntry  
SEQUENCE    
  avipsIsakmpPlcyId Integer32
  avipsIsakmpPlcyDescription DisplayString
  avipsIsakmpPlcyDhGroup DiffHellmanGrp
  avipsIsakmpPlcyEncrAlgo IkeEncryptAlgo
  avipsIsakmpPlcyHashAlgo IkeHashAlgo
  avipsIsakmpPlcyLifetime Integer32
  avipsIsakmpPlcyAuth INTEGER
  avipsIsakmpPlcyRowStatus RowStatus

AvipsCryptoMapEntry  
SEQUENCE    
  avipsCryptoMapId Integer32
  avipsCryptoMapDescription DisplayString
  avipsCryptoMapPeerIdType IsakmpIdentityType
  avipsCryptoMapPeerIdValue IsakmpIdentityValue
  avipsCryptoMapTranSetName1 DisplayString
  avipsCryptoMapIsReady TruthValue
  avipsCryptoMapTunnelDscp Integer32
  avipsCryptoMapContChannel TruthValue
  avipsCryptoMapRowStatus RowStatus

AvipsTranSetEntry  
SEQUENCE    
  avipsTranSetName DisplayString
  avipsTranSetEspEncrTran EspEncrTransform
  avipsTranSetEspHashTran EspHashTransform
  avipsTranSetLifetime Integer32
  avipsTranSetLifesize Integer32
  avipsTranSetPfsGroup DiffHellmanGrp
  avipsTranSetEncapMode IpsecEncapMode
  avipsTranSetEspCompTran INTEGER
  avipsTranRowStatus RowStatus

AvipsPeerEntry  
SEQUENCE    
  avipsPeerLocalId Unsigned32
  avipsPeerRemoteId Unsigned32
  avipsPeerLocalType IsakmpIdentityType
  avipsPeerLocalValue IsakmpIdentityValue
  avipsPeerRemoteType IsakmpIdentityType
  avipsPeerRemoteValue IsakmpIdentityValue
  avipsPeerRemoteDescription DisplayString
  avipsPeerLocalAddress IpAddress
  avipsPeerRemoteAddress IpAddress
  avipsPeerRemotePeerGrpActiveIndex Integer32
  avipsPeerRemotePeerGrpActiveIdType IsakmpIdentityType
  avipsPeerRemotePeerGrpActiveIdValue IsakmpIdentityValue
  avipsPeerIsakmpState INTEGER
  avipsPeerIsakmpStateLastChange TimeStamp
  avipsPeerTunnelsClosed Gauge32
  avipsPeerTunnelsInProgress Gauge32
  avipsPeerTunnelsEstablished Gauge32
  avipsPeerTunnelsFailed Gauge32
  avipsPeerInOctets Counter32
  avipsPeerInOctetsWraps Counter32
  avipsPeerInDecompOctets Counter32
  avipsPeerInDecompOctetsWraps Counter32
  avipsPeerInDecompRatio Gauge32
  avipsPeerInPkts Counter32
  avipsPeerInDropPkts Counter32
  avipsPeerOutOctets Counter32
  avipsPeerOutOctetsWraps Counter32
  avipsPeerOutUncompOctets Counter32
  avipsPeerOutUncompOctetsWraps Counter32
  avipsPeerOutCompRatio Gauge32
  avipsPeerOutPkts Counter32
  avipsPeerOutDropPkts Counter32

AvipsTunnelEntry  
SEQUENCE    
  avipsTunnelPeerLocalId Unsigned32
  avipsTunnelPeerRemoteId Unsigned32
  avipsTunnelIndex Integer32
  avipsTunnelSubIndex Integer32
  avipsTunnelPeerLocalType IsakmpIdentityType
  avipsTunnelPeerLocalValue IsakmpIdentityValue
  avipsTunnelPeerRemoteType IsakmpIdentityType
  avipsTunnelPeerRemoteValue IsakmpIdentityValue
  avipsTunnelDescription DisplayString
  avipsTunnelLocalAddress IpAddress
  avipsTunnelRemoteAddress IpAddress
  avipsTunnelProxyLocalSubnet IpAddress
  avipsTunnelProxyLocalMask IpAddress
  avipsTunnelProxyRemoteSubnet IpAddress
  avipsTunnelProxyRemoteMask IpAddress
  avipsTunnelState INTEGER
  avipsTunnelStateLastChange TimeStamp
  avipsTunnelLastCntrsReset TimeStamp
  avipsTunnelInOctets Counter32
  avipsTunnelInOctetsWraps Counter32
  avipsTunnelInDecompOctets Counter32
  avipsTunnelInDecompOctetsWraps Counter32
  avipsTunnelInDecompRatio Gauge32
  avipsTunnelInPkts Counter32
  avipsTunnelInDropTotalPkts Counter32
  avipsTunnelInDropAntiReplayPkts Counter32
  avipsTunnelInDropHmacFailPkts Counter32
  avipsTunnelInDropBadTrailerPkts Counter32
  avipsTunnelInDropInvalidIdPkts Counter32
  avipsTunnelInDropUnprotectPkts Counter32
  avipsTunnelInDropInvalidLenPkts Counter32
  avipsTunnelInDropSaExpiredPkts Counter32
  avipsTunnelOutOctets Counter32
  avipsTunnelOutOctetsWraps Counter32
  avipsTunnelOutUncompOctets Counter32
  avipsTunnelOutUncompOctetsWraps Counter32
  avipsTunnelOutCompRatio Gauge32
  avipsTunnelOutPkts Counter32
  avipsTunnelOutDropTotalPkts Counter32
  avipsTunnelOutDropNoSaPkts Counter32
  avipsTunnelOutDropSeqRolPkts Counter32
  avipsTunnelOutDropSaExpiredPkts Counter32

Defined Values

avayaIpsecMib 1.3.6.1.4.1.6889.2.6.1
The MIB module for configuring IPSec functionality in Avaya converged Gateways.
MODULE-IDENTITY    

avipsMIBObjects 1.3.6.1.4.1.6889.2.6.1.1
OBJECT IDENTIFIER    

avipsGlobals 1.3.6.1.4.1.6889.2.6.1.1.1
OBJECT IDENTIFIER    

avipsGlobalsInvalidSpiRecovery 1.3.6.1.4.1.6889.2.6.1.1.1.1
This object determines whether invalid-spi-recovery is enabled (true) or disabled (false). When enabled, the device shall open an IKE SA, if it does not already exist, in order to send DELETE message to the remote peer when receiving an invalid spi or invalid cookie with SIP of that remote peer. This causes faster recovery times in case of SADB inconsistency, but may cause D/DoS attack on the remote peer.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

avipsNatTEnabled 1.3.6.1.4.1.6889.2.6.1.1.1.2
This object specifies whether IPSec NAT-T is invoked in the device. If this object is True then NAT-T is enabled.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

avipsNatTKeepaliveInterval 1.3.6.1.4.1.6889.2.6.1.1.1.3
This object determines the NAT-T keepalive interval in seconds. If this object is set to 0 then NAT-T keepalives are disabled.
Status: current Access: read-write
OBJECT-TYPE    
  Integer32  

avipsCryptoEngineAccelEnabled 1.3.6.1.4.1.6889.2.6.1.1.1.4
The value of this object determines whether IPSec HW acceleration is enabled or disabled. In case the HW does not support acceleration the value of this object shall be false.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

avipsIsakmpGroup 1.3.6.1.4.1.6889.2.6.1.1.2
OBJECT IDENTIFIER    

avipsIsakmpPeerTable 1.3.6.1.4.1.6889.2.6.1.1.2.1
This table contains a list of all the remote peers and peer-groups we are willing to establish an IPSec VPN connection with. Each entry represents a peer or a peer-group, and is indexed by the peer's IKE identification (type and value), or the peer-group name. Each peer entry points to the ISAKMP policy that will be used for IKE negotiations (as an initiator or a responder). Note that in case this entry represents a peer-group the value of IsakmpIdentityType shall be set to peerGroup. In that case certain columns in this row are N/A.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    AvipsIsakmpPeerEntry

avipsIsakmpPeerEntry 1.3.6.1.4.1.6889.2.6.1.1.2.1.1
A specific entry.
Status: current Access: not-accessible
OBJECT-TYPE    
  AvipsIsakmpPeerEntry  

avipsIsakmpPeerIdType 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.1
This object is an enumeration identifying the type of the Identity value. Note that value can also be peerGroup, in that case avipsIsakmpPeerId contains the peer-group's name. Also note that certain columns in this row are N/A for peer-group (refer to specific objects' descriptions for details). This is also the first index component of this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  IsakmpIdentityType 1..260  

avipsIsakmpPeerId 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.2
This object contains an Identity filter to be used to match against the identity payload in an IKE request. This is also the second index component of this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  IsakmpIdentityValue  

avipsIsakmpPeerDescription 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.3
Free text describing this row.
Status: current Access: read-write
OBJECT-TYPE    
  DisplayString Size(0..80)  

avipsIsakmpPeerIsaPlcyId1 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.4
This object contains the ID of the ISAKMP policy to be used in IKE Phase I negotiation with this peer. A value of 0 indicates that this object is empty. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
Status: current Access: read-write
OBJECT-TYPE    
  Integer32 0..9999  

avipsIsakmpPeerInitiateMode 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.5
This object specifies how to initiate IKE when communicating with this peer: none(1) - Never initiate IKE with this peer (i.e. respond only) main(2) - Initiate Main Mode (MM) aggressive(3) - Initiate Aggressive Mode (AM) This object is N/A if avipsIsakmpPeerIdType is peerGroup.
Status: current Access: read-write
OBJECT-TYPE    
  INTEGER none(1), main(2), aggressive(3)  

avipsIsakmpPeerSelfIdType 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.6
This object is an enumeration identifying the type of the Identity value which the local peer shall use in the its identity payload during Phase-1 negotiation. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
Status: current Access: read-write
OBJECT-TYPE    
  IsakmpIdentityType  

avipsIsakmpPeerSelfId 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.7
If not empty, this object specifies the identity value which the local peer will send in the identification payload during IKE Phase-1 negotiation. If this object is empty, the default local identity shall be sent, according to the value of avipsIsakmpPeerSelfIdType. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
Status: current Access: read-write
OBJECT-TYPE    
  IsakmpIdentityValue  

avipsIsakmpPeerKeepaliveMetric 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.8
The worry-metric to be used for deciding when to send R-U-THERE message to the remote peer. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
Status: current Access: read-write
OBJECT-TYPE    
  IsakmpDpdKeepaliveMetric  

avipsIsakmpPeerKeepaliveInterval 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.9
The minimal interval, in seconds, between two consecutive R-U-THERE sent by the local peer, when the previous R-U-THERE message has been answered. The actual interval is based on this value and other parameters, such as the worry-metric. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
Status: current Access: read-write
OBJECT-TYPE    
  Integer32  

avipsIsakmpPeerKeepaliveRetryInterval 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.10
The actual interval, in seconds, between R-U-THERE retries sent by the local peer, when the previous R-U-THERE message has not been answered. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
Status: current Access: read-write
OBJECT-TYPE    
  Integer32  

avipsIsakmpPeerKeepaliveTrackId 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.11
Bind the status of this peer to an object-tracker by specifying the ID of the object-tracker (avstrTrackerId in AVAYA-SAA-TRACK-MIB). A value of 0 means that peer is not bound to any object-tracker. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
Status: current Access: read-write
OBJECT-TYPE    
  Integer32  

avipsIsakmpPeerContChannel 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.12
This object determines whether continuous channel IKE mode is used for contacting the peer. Continuous channel IKE means that local peer tries to establish an IKE SA with the remote peer as soon as possible, also when there is no outbound traffic that requires it. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

avipsIsakmpPeerRowStatus 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.13
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table. Use createAndGo (not createAndWait) to create this row.
Status: current Access: read-write
OBJECT-TYPE    
  RowStatus  

avipsIsakmpPeerGroupFailbacktoPrimaryInterval 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.14
The amount of time in seconds that secondary peer shall be up (after primary peer went down) before there will be failback to primary peer (in case it is up again). The default value is 24 hours. Relevant for peer-group only (values 1 and up). For peer return value of 0.
Status: current Access: read-write
OBJECT-TYPE    
  Integer32  

avipsPeerGroupPeersTable 1.3.6.1.4.1.6889.2.6.1.1.2.2
This table contains all the associations between peer-groups and isakmp peers. The relation between peer-group and isakmp peer is many-to-many. A valid peer-group (i.e. a peer-group that can be associated with an active crypto-list) contains one or more isakmp peers. An isakmp peer may be contained in zero or more peer-groups.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    AvipsPeerGroupPeersEntry

avipsPeerGroupPeersEntry 1.3.6.1.4.1.6889.2.6.1.1.2.2.1
A specific entry.
Status: current Access: not-accessible
OBJECT-TYPE    
  AvipsPeerGroupPeersEntry  

avipsPeerGroupPeersPGrpName 1.3.6.1.4.1.6889.2.6.1.1.2.2.1.1
The name of the peer-group associated with this isakmp peer. Note that there must exist a matching active entry in avipsIsakmpPeerTable which avipsIsakmpPeerIdType is peerGroup, otherwise a 'set' operation shall fail.
Status: current Access: not-accessible
OBJECT-TYPE    
  DisplayString  

avipsPeerGroupPeersPeerIndex 1.3.6.1.4.1.6889.2.6.1.1.2.2.1.2
The ordered index of the peer within the peer-group.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..100  

avipsPeerGroupPeersPIdType 1.3.6.1.4.1.6889.2.6.1.1.2.2.1.3
This object is an enumeration identifying the type of the Identity value of the peer associated with this IPSec connection. Note that value cannot be peerGroup. The contents of this object object is interpreted along with avipsPeerGroupPeersPIdValue.
Status: current Access: read-write
OBJECT-TYPE    
  IsakmpIdentityType 1..256  

avipsPeerGroupPeersPIdValue 1.3.6.1.4.1.6889.2.6.1.1.2.2.1.4
This object contains value of the peer ID. The contents of this object object is interpreted along with avipsPeerGroupPeersPIdType.
Status: current Access: read-write
OBJECT-TYPE    
  IsakmpIdentityValue  

avipsPeerGroupPeersRowStatus 1.3.6.1.4.1.6889.2.6.1.1.2.2.1.5
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table. Use createAndWait (not createAndGo) to create this row. This object is active(1) after avipsPeerGroupPeersPIdType and avipsPeerGroupPeersPIdValue are set.
Status: current Access: read-write
OBJECT-TYPE    
  RowStatus  

avipsIsakmpPlcyTable 1.3.6.1.4.1.6889.2.6.1.1.2.3
The table containing the list of all ISAKMP policy entries configured by the operator.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    AvipsIsakmpPlcyEntry

avipsIsakmpPlcyEntry 1.3.6.1.4.1.6889.2.6.1.1.2.3.1
Each entry contains the attributes associated with a single ISAKMP Policy entry.
Status: current Access: not-accessible
OBJECT-TYPE    
  AvipsIsakmpPlcyEntry  

avipsIsakmpPlcyId 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.1
The ID of this ISAKMP Policy entry. This is also the index of this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..9999  

avipsIsakmpPlcyDescription 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.2
Free text describing this object.
Status: current Access: read-write
OBJECT-TYPE    
  DisplayString Size(0..80)  

avipsIsakmpPlcyDhGroup 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.3
This object specifies the Oakley group used for Diffie Hellman exchange in the Main Mode. If this policy item is selected to negotiate Main Mode with an IKE peer, the local entity chooses the group specified by this object to perform Diffie Hellman exchange with the peer.
Status: current Access: read-write
OBJECT-TYPE    
  DiffHellmanGrp  

avipsIsakmpPlcyEncrAlgo 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.4
The encryption transform specified by this ISAKMP policy specification. The Internet Key Exchange (IKE) tunnels setup using this policy item would use the specified encryption transform to protect the ISAKMP PDUs.
Status: current Access: read-write
OBJECT-TYPE    
  IkeEncryptAlgo  

avipsIsakmpPlcyHashAlgo 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.5
The hash transform specified by this ISAKMP policy specification. The IKE tunnels setup using this policy item would use the specified hash transform to protect the ISAKMP PDUs.
Status: current Access: read-write
OBJECT-TYPE    
  IkeHashAlgo  

avipsIsakmpPlcyLifetime 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.6
This object specifies the lifetime, in seconds, of the IKE tunnels generated using this policy specification.
Status: current Access: read-write
OBJECT-TYPE    
  Integer32 60..86400  

avipsIsakmpPlcyAuth 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.7
The peer authentication method specified by this ISAKMP policy specification. If this policy entity is selected for negotiation with a peer, the local entity would authenticate the peer using the method specified by this object.
Status: current Access: read-write
OBJECT-TYPE    
  INTEGER none(1), preSharedKey(2)  

avipsIsakmpPlcyRowStatus 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.8
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-write
OBJECT-TYPE    
  RowStatus  

avipsIpsecGroup 1.3.6.1.4.1.6889.2.6.1.1.3
OBJECT IDENTIFIER    

avipsCryptoMapTable 1.3.6.1.4.1.6889.2.6.1.1.3.1
This table contains all the crypto maps configured by the user. A crypto map essentially concentrates all the IPSec protection policy required for establishing IKE Phase-1 and Phase-2 connections.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    AvipsCryptoMapEntry

avipsCryptoMapEntry 1.3.6.1.4.1.6889.2.6.1.1.3.1.1
A specific crypto map entry.
Status: current Access: not-accessible
OBJECT-TYPE    
  AvipsCryptoMapEntry  

avipsCryptoMapId 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.1
The ID of the crypto map entry. This is also the index of this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..9999  

avipsCryptoMapDescription 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.2
Free text describing this object.
Status: current Access: read-write
OBJECT-TYPE    
  DisplayString Size(0..80)  

avipsCryptoMapPeerIdType 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.3
This object is an enumeration identifying the type of the Identity value of the peer associated with this IPSec connection. The contents of this object object is interpreted along with avipsCryptoMapPeerIdValue.
Status: current Access: read-write
OBJECT-TYPE    
  IsakmpIdentityType 1..260  

avipsCryptoMapPeerIdValue 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.4
This object contains an Identity filter to be used to select the remote peer or peer-group when initiating IKE, and to match against the identity payload in an IKE request when responding to IKE. The contents of this object object is interpreted along with avipsCryptoMapPeerIdType.
Status: current Access: read-write
OBJECT-TYPE    
  IsakmpIdentityValue  

avipsCryptoMapTranSetName1 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.5
The name of the transforms-set for this crypto map. This object is the index into the avipsTranSetTable.
Status: current Access: read-write
OBJECT-TYPE    
  DisplayString Size(1..32)  

avipsCryptoMapIsReady 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.6
This field is true if and only if this crypto map entry and all the descendent configuration objects pointed by it are in the ready state. Note that crypto list activation requires that all the crypto maps it points to be ready.
Status: current Access: read-only
OBJECT-TYPE    
  TruthValue  

avipsCryptoMapTunnelDscp 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.7
The method used to set the high 6 bits of the TOS in the outer IP header. A value of -1 indicates that the bits are copied from the payload's header. A value between 0 and 63 inclusive indicates that the bit field is set to the indicated value.
Status: current Access: read-write
OBJECT-TYPE    
  Integer32 -1 | 0..63  

avipsCryptoMapContChannel 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.8
This object determines whether continuous channel IPSec mode is used for the rule pointing to this crypto map. Continuous channel IPSec means that local peer tries to establish an IPSec SA with the remote peer as soon as possible, also when there is no outbound traffic that requires it.
Status: current Access: read-write
OBJECT-TYPE    
  TruthValue  

avipsCryptoMapRowStatus 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.9
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by an active crypto list.
Status: current Access: read-write
OBJECT-TYPE    
  RowStatus  

avipsTranSetTable 1.3.6.1.4.1.6889.2.6.1.1.3.2
This table lists all the transform-sets which can be used to build or accept IPsec proposals.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    AvipsTranSetEntry

avipsTranSetEntry 1.3.6.1.4.1.6889.2.6.1.1.3.2.1
An entry containing the information on an IPsec transform-set.
Status: current Access: not-accessible
OBJECT-TYPE    
  AvipsTranSetEntry  

avipsTranSetName 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.1
The name of this particular transform-set be referred to by an avipsCryptoMapEntry. This is the index of this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  DisplayString Size(1..32)  

avipsTranSetEspEncrTran 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.2
This object specifies the transform ID of the ESP encryption algorithm.
Status: current Access: read-write
OBJECT-TYPE    
  EspEncrTransform  

avipsTranSetEspHashTran 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.3
This object specifies the ESP hash algorithm ID.
Status: current Access: read-write
OBJECT-TYPE    
  EspHashTransform  

avipsTranSetLifetime 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.4
This object specifies how long, in seconds, the security association (SA) derived from this transform should be used. The value 0 is reserved for future use.
Status: current Access: read-write
OBJECT-TYPE    
  Integer32 0 | 120..86400  

avipsTranSetLifesize 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.5
This object specifies how long, in Kilobytes, the security association (SA) derived from this transform should be used. The value -1 means that no size based lifetime will be offered to the other side. The value 0 is reserved for future use.
Status: current Access: read-write
OBJECT-TYPE    
  Integer32 -1 | 0 | 2560..536870912  

avipsTranSetPfsGroup 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.6
This object specifies the DH group that shall be used for PFS in quick mode exchange, when creating the security association (SA) derived from this transform. The reserved value 'none' means that PFS shall not be used.
Status: current Access: read-write
OBJECT-TYPE    
  DiffHellmanGrp  

avipsTranSetEncapMode 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.7
This object determines the ESP encapsulation mode that will be used. Possible values are 'tunnel' and 'transport'. In case transport mode is configured, it shall be used only if possible, i.e. the SIP and DIP of the relevant rule are equivalent to the LTEP and RTEP. Otherwise tunnel mode is used.
Status: current Access: read-write
OBJECT-TYPE    
  IpsecEncapMode  

avipsTranSetEspCompTran 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.8
This object specifies the ESP compression algorithm: none(1) - no compression algorithm. ippcpLzs(2) - IPPCP with LZS compression.
Status: current Access: read-write
OBJECT-TYPE    
  INTEGER none(1), ippcpLzs(2)  

avipsTranRowStatus 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.9
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-write
OBJECT-TYPE    
  RowStatus  

avipsMonitoringGroup 1.3.6.1.4.1.6889.2.6.1.1.4
OBJECT IDENTIFIER    

avipsMonitoringTables 1.3.6.1.4.1.6889.2.6.1.1.4.1
OBJECT IDENTIFIER    

avipsMonitoringTablesGlobals 1.3.6.1.4.1.6889.2.6.1.1.4.1.1
OBJECT IDENTIFIER    

avipsMonitorRstCntrs 1.3.6.1.4.1.6889.2.6.1.1.4.1.1.1
Use this object to reset all the IPSec counters. Set this object to reset(2) in order to do that. This operation is equivalent to issuing the 'clear crypto sa counters' command in the CLI.
Status: current Access: read-write
OBJECT-TYPE    
  INTEGER running(1), reset(2)  

avipsMonitorRstCntrsLastChange 1.3.6.1.4.1.6889.2.6.1.1.4.1.1.2
sysUpTime when last IPSec counters reset by avipsMonitorRstCntrs or 'clear crypto sa counters' in CLI, in hundredths of a second.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

avipsPeerTable 1.3.6.1.4.1.6889.2.6.1.1.4.1.2
This table contains entries for every active isakmp peer in the system. The word 'active' suggests that in case the peer is part of a redundant list of peers within a crypto map, only the peer that is currently active will be included.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    AvipsPeerEntry

avipsPeerEntry 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1
A specific peer entry.
Status: current Access: not-accessible
OBJECT-TYPE    
  AvipsPeerEntry  

avipsPeerLocalId 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.1
A synthetic ID that uniquely identifies the local peer for monitoring purpose. Note that this ID is persistent for this peer. This is also the first index component of this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  Unsigned32  

avipsPeerRemoteId 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.2
A synthetic ID that uniquely identifies the remote peer for monitoring purpose. Note that this ID is persistent for this peer. This is also the second index component of this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  Unsigned32  

avipsPeerLocalType 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.3
The type of the local peer identity, as it was configured. If the local peer ID was configured as an interface name, the value of this object shall be ifName.
Status: current Access: read-only
OBJECT-TYPE    
  IsakmpIdentityType  

avipsPeerLocalValue 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.4
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is an interface name, then this is the name of the interface which IP is used to identify the local peer. If the local peer type is a fqdn, then this is the fqdn used to identify the local peer.
Status: current Access: read-only
OBJECT-TYPE    
  IsakmpIdentityValue  

avipsPeerRemoteType 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.5
The type of the remote peer identity.
Status: current Access: read-only
OBJECT-TYPE    
  IsakmpIdentityType  

avipsPeerRemoteValue 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.6
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a fqdn, then this is the fqdn used to identify the remote peer.
Status: current Access: read-only
OBJECT-TYPE    
  IsakmpIdentityValue  

avipsPeerRemoteDescription 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.7
Free text describing the remote peer or peer-group. The value of this field is taken from avipsIsakmpPeerDescription.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

avipsPeerLocalAddress 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.8
The IP address of the local peer. This is derived from the local-address specified in the crypto-list that creates this connection. If the local peer type is an IP Address, then this is identical to avipsPeerLocalValue.
Status: current Access: read-only
OBJECT-TYPE    
  IpAddress  

avipsPeerRemoteAddress 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.9
The IP address of the remote peer. If the remote peer type is an IP Address, then this is identical to avipsPeerRemoteValue. If the remote peer type is a fqdn, then this is the IP address that was received by DNS resolution of the fqdn specified in IsakmpIdentityValue.
Status: current Access: read-only
OBJECT-TYPE    
  IpAddress  

avipsPeerRemotePeerGrpActiveIndex 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.10
In case the remote is a peer-group, i.e. avipsPeerRemoteType is peerGroup, this object specifies the index within the peer-group of the currently active peer. This value is taken from avipsPeerGroupPeersPeerIndex of the active peer in this peer-group.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

avipsPeerRemotePeerGrpActiveIdType 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.11
In case the remote is a peer-group, i.e. avipsPeerRemoteType is peerGroup, this object specifies the id-type of the currently active peer. This value is taken from avipsIsakmpPeerIdType of the active peer in this peer-group.
Status: current Access: read-only
OBJECT-TYPE    
  IsakmpIdentityType  

avipsPeerRemotePeerGrpActiveIdValue 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.12
In case the remote is a peer-group, i.e. avipsPeerRemoteType is peerGroup, this object specifies the id-value of the currently active peer. This value is taken from avipsIsakmpPeerId of the active peer in this peer-group.
Status: current Access: read-only
OBJECT-TYPE    
  IsakmpIdentityValue  

avipsPeerIsakmpState 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.13
This object specifies the state of the IKE connection between the peers. 1. closed - No IKE SA exists between peers because it was not negotiated yet, or because last IKE closed normally due to hard timeout, clear by admin, or DELETE received from the remote peer. This is also the initial state of the row when it is created. 2. inProgress - No IKE SA exists between peers, but it is currently being negotiated in Phase-1. 3. established - IKE SA exists between peers. 4. failed - No IKE SA exists between peers because of a failure. Possible reasons are: 1. Last time we tried to establish IKE the negotiation failed. 2. Last time we tried to establish IKE the remote peer DNS resolution failed. 3. During last connection DPD signaled a connection failure. 4. During last connection a track object signaled a connection failure. 5. The interface used for local-address does not have an IP address asigned to it 1 minute or more after this row was created. 6. Last time we negotiated Phase-2 the negotiation timed-out, and the current IKE was subsequently deleted. NOTE: When continuous-channel IKE is used, the state shall remain 'established' during the normal transition time between one IKE SA and the next. However, if the IKE SA was deleted due to a suspected problem then the state will change normally during the transition (i.e. 'closed' and then 'inProgress'). [Suspected problem: if the last IKE SA was DELETEd by the remote peer after less then 5 minutes,or if it was deleted by local admin]
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER closed(1), inProgress(2), established(3), failed(4)  

avipsPeerIsakmpStateLastChange 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.14
sysUpTime when the last change in avipsPeerIsakmpState occured, in hundredths of a second.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

avipsPeerTunnelsClosed 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.15
The number of IPSec tunnels associated with these peers, which are in the 'closed' state.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

avipsPeerTunnelsInProgress 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.16
The number of IPSec tunnels associated with these peers, which are in the 'inProgress' state.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

avipsPeerTunnelsEstablished 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.17
The number of IPSec tunnels associated with these peers, which are in the 'established' state.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

avipsPeerTunnelsFailed 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.18
The number of IPSec tunnels associated with these peers, which are in the 'failed' state.
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

avipsPeerInOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.19
The aggregate number of octets (bytes) successfully received through all the tunnels between the peers. This value is accumulated BEFORE determining whether or not the packet should be decompressed. This number is the sum of avipsTunnelInOctets together with avipsTunnelInOctetsWraps as a single 64-bit integer, for all the IPSec tunnels pertaining to the peers. See also avipsPeerInOctetsWraps for the number of times this counter has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerInOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.20
The number of times avipsPeerInOctets has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerInDecompOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.21
The aggregate number of decompressed octets (bytes) successfully received through all the tunnels between the peers. This value is accumulated AFTER the packet is decompressed. If compression is not being used in any of the tunnels, this value will match the value of avipsPeerInOctets. This number is the sum of avipsTunnelInDecompOctets together with avipsTunnelInDecompOctetsWraps as a single 64-bit integer, for all the tunnels pertaining to the peers. See also avipsPeerInDecompOctetsWraps for the number of times this counter has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerInDecompOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.22
The number of times avipsPeerInDecompOctets has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerInDecompRatio 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.23
The overall decompression ratio * 100. This is the ratio between the number of octets received after decompression and the number of octets received before decompression. It is calculated as the integer of {[(avipsPeerInDecompOctetsWraps*2^32 + avipsPeerInDecompOctets) / (avipsPeerInOctetsWraps*2^32 + avipsPeerInOctets)] * 100}
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

avipsPeerInPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.24
The aggregate number of packets successfully received through all the tunnels between the peers. This number is the sum of avipsTunnelInPkts for all the tunnels pertaining to the peers.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerInDropPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.25
The aggregate number of packets dropped after being received through any of the tunnels between the peers. This number is the sum of avipsTunnelInDropTotalPkts for all the tunnels pertaining to the peers.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerOutOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.26
The aggregate number of octets (bytes) successfully transmitted through all the tunnels between the peers. This value is accumulated AFTER determining whether or not the packet should be compressed. This number is the sum of avipsTunnelOutOctets together with vipsTunnelOutOctetsWraps as a single 64-bit integer, for all the tunnels pertaining to the peers. See also avipsPeerOutOctetsWraps for the number of times this counter has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerOutOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.27
The number of times avipsPeerOutOctets has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerOutUncompOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.28
The aggregate number of uncompressed octets (bytes) successfully transmitted through this IPsec Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used in any of the tunnels, this value will match the value of avipsPeerOutOctets. This number is the sum of avipsTunnelOutUncompOctets together with avipsTunnelOutUncompOctetsWraps as a single 64-bit integer, for all the tunnels pertaining to the peers. See also avipsPeerOutUncompOctetsWraps for the number of times this counter has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerOutUncompOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.29
The number of times avipsPeerInDecompOctets has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerOutCompRatio 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.30
The overall compression ratio * 100. This is the ratio between the number of outbound octets before compression and the number of outbound octets after compression. It is calculated as the integer of {[(avipsPeerOutUncompOctetsWraps*2^32 + avipsPeerOutUncompOctets) / (avipsPeerOutOctetsWraps*2^32 + avipsPeerOutOctets)]* 100}
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

avipsPeerOutPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.31
The aggregate number of packets successfully transmitted through all the tunnels between the peers. This number is the sum of avipsTunnelOutPkts for all the tunnels pertaining to the peers.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsPeerOutDropPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.32
The aggregate number of packets dropped before being transmitted through any of the tunnels between the peers. This number is the sum of avipsTunnelOutDropTotalPkts for all the tunnels pertaining to the peers.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelTable 1.3.6.1.4.1.6889.2.6.1.1.4.1.3
This table contains a entries for all the tunnels in the system. A 'tunnel' is a rule within an active crypto-list.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    AvipsTunnelEntry

avipsTunnelEntry 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1
A specific tunnel entry.
Status: current Access: not-accessible
OBJECT-TYPE    
  AvipsTunnelEntry  

avipsTunnelPeerLocalId 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.1
A synthetic ID that uniquely identifies the local peer for monitoring purpose. Note that this ID is persistent for this peer.
Status: current Access: not-accessible
OBJECT-TYPE    
  Unsigned32  

avipsTunnelPeerRemoteId 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.2
A synthetic ID that uniquely identifies the remote peer for monitoring purpose. Note that this ID is persistent for this peer.
Status: current Access: not-accessible
OBJECT-TYPE    
  Unsigned32  

avipsTunnelIndex 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.3
The ID of the crypto-list containing the rule that creates this tunnel. This is also the fifth index component of this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..2147483647  

avipsTunnelSubIndex 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.4
The index of the crypto-list rule that creates this tunnel. This is also the sixth index component of this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..2147483647  

avipsTunnelPeerLocalType 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.5
The type of the local peer identity, as it was configured. If the local peer ID was configured as an interface name, the value of this object shall be ifName. This is also the first index component of this table.
Status: current Access: read-only
OBJECT-TYPE    
  IsakmpIdentityType  

avipsTunnelPeerLocalValue 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.6
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is an interface name, then this is the name of the interface which IP is used to identify the local peer. If the local peer type is a fqdn, then this is the fqdn used to identify the local peer. This is also the second index component of this table.
Status: current Access: read-only
OBJECT-TYPE    
  IsakmpIdentityValue  

avipsTunnelPeerRemoteType 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.7
The type of the remote peer identity. This is also the third index component of this table.
Status: current Access: read-only
OBJECT-TYPE    
  IsakmpIdentityType  

avipsTunnelPeerRemoteValue 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.8
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a fqdn, then this is the fqdn used to identify the remote peer. This is also the fourth index component of this table.
Status: current Access: read-only
OBJECT-TYPE    
  IsakmpIdentityValue  

avipsTunnelDescription 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.9
Free text describing this tunnel. The value of this field is taken from the description specified for the crypto-list rule that creates this tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

avipsTunnelLocalAddress 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.10
The IP address of the local peer.
Status: current Access: read-only
OBJECT-TYPE    
  IpAddress  

avipsTunnelRemoteAddress 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.11
The IP address of the remote peer.
Status: current Access: read-only
OBJECT-TYPE    
  IpAddress  

avipsTunnelProxyLocalSubnet 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.12
The local subnet address this tunnel protects.
Status: current Access: read-only
OBJECT-TYPE    
  IpAddress  

avipsTunnelProxyLocalMask 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.13
The local subnet mask this tunnel protects.
Status: current Access: read-only
OBJECT-TYPE    
  IpAddress  

avipsTunnelProxyRemoteSubnet 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.14
The remote subnet address this tunnel protects.
Status: current Access: read-only
OBJECT-TYPE    
  IpAddress  

avipsTunnelProxyRemoteMask 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.15
The remote subnet mask this tunnel protects.
Status: current Access: read-only
OBJECT-TYPE    
  IpAddress  

avipsTunnelState 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.16
This object specifies the state of this tunnel. 1. closed - The tunnel does not exist between the peers because it was not negotiated yet, or because last tunnel closed normally due to hard timeout, clear by admin or DELETE received from the remote peer. This is also the initial state of the row when it is created. 2. inProgress - The tunnel does not exist between peers, but it is currently being negotiated in IKE Quick Mode. 3. established - The tunnel exists between peers. 4. failed - The tunnel does not exist between peers because of a failure: 1. Last time we tried to establish this tunnel the negotiation failed. 2. The connection with the remote peer has failed due to one of the following, and hence all the corresponding ipsec tunnels were closed: a. Last time we tried to establish IKE the negotiation failed. b. During last connection a track object signaled a connection failure. c. The interface used for local-address does not have an IP address asigned to it 1 minute or more after this row was created. NOTE: The word 'tunnel' in this context refers to 1 or more IPSec SAs (ESP or AH) between the peers, pertaining to the proxy addresses specified in this entry. As long as there is at least 1 SA established, the tunnel state shall remain 'established'.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER closed(1), inProgress(2), established(3), failed(4)  

avipsTunnelStateLastChange 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.17
sysUpTime when the last change in avipsTunnelState occured, in hundredths of a second.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

avipsTunnelLastCntrsReset 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.18
sysUpTime when last counter reset for this tunnel occured, in hundredths of a second. Counters are zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

avipsTunnelInOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.19
The total number of octets (bytes) successfully received through this IPSec tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelInOctetsWraps for the number of times this counter has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.20
The number of times avipsTunnelInOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDecompOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.21
The total number of decompressed octets (bytes) successfully received through this IPsec Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of avipsTunnelInOctets. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelInDecompOctetsWraps for the number of times this counter has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDecompOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.22
The number of times avipsTunnelInDecompOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDecompRatio 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.23
The overall decompression ratio * 100. This is the ratio between the number of octets received after decompression and the number of octets received before decompression. It is calculated as the integer of {[(avipsTunnelInDecompOctetsWraps*2^32 + avipsTunnelInDecompOctets) / (avipsTunnelInOctetsWraps*2^32 + avipsTunnelInOctets)] * 100}
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

avipsTunnelInPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.24
The number of packets succesfully received through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDropTotalPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.25
The total number of packets discarded after being received through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDropAntiReplayPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.26
The number of packets discarded after being received through this tunnel due to anti-replay verification failure. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDropHmacFailPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.27
The number of packets discarded after being received through this tunnel due to HMAC verification failure. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDropBadTrailerPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.28
The number of packets discarded after being received through this tunnel due to bad ESP trailer format received failure. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDropInvalidIdPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.29
The number of packets discarded after being received through this tunnel due to invalid identity: inner (original) IP header address doesn't match the configured tunnel proxy IPs. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDropUnprotectPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.30
The number of packets discarded after being received in the clear (unprotected) although they were expected to arrive protected by this tunnel (i.e. unprotected packets with source and destination IP matching the proxy IPs of this tunnel). This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDropInvalidLenPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.31
The number of packets discarded after being received through this tunnel due to length being not aligned to cipher block. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelInDropSaExpiredPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.32
The number of packets discarded after being received through this tunnel due to SA KB lifetime being smaller then the external IP packet total length. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelOutOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.33
The total number of octets (bytes) successfully transmitted through this IPSec tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelOutOctetsWraps for the number of times this counter has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelOutOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.34
The number of times avipsTunnelOutOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelOutUncompOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.35
The total number of uncompressed octets (bytes) successfully transmitted through this IPsec Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of avipsTunnelOutOctets. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelOutUncompOctetsWraps for the number of times this counter has wrapped.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelOutUncompOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.36
The number of times avipsTunnelInDecompOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelOutCompRatio 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.37
The overall compression ratio * 100. This is the ratio between the number of outbound octets before compression and the number of outbound octets after compression. It is calculated as the integer of {[(avipsTunnelOutUncompOctetsWraps*2^32 + avipsTunnelOutUncompOctets) / (avipsTunnelOutOctetsWraps*2^32 + avipsTunnelOutOctets)]* 100}
Status: current Access: read-only
OBJECT-TYPE    
  Gauge32  

avipsTunnelOutPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.38
The number of packets succesfully transmitted through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelOutDropTotalPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.39
The total number of packets dropped before being transmitted through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelOutDropNoSaPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.40
The number of packets dropped before being transmitted through this tunnel due to no IPSec SA existed when the packet arrived. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelOutDropSeqRolPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.41
The number of packets dropped before being transmitted through this tunnel due to sequence number rollover: the sequence number of the IPSec SA reached its capacity. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsTunnelOutDropSaExpiredPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.42
The number of packets dropped before being transmitted through this tunnel due to SA expired: SA KB lifetime is smaller then the external IP packet total length. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

avipsMIBNotificationPrefix 1.3.6.1.4.1.6889.2.6.1.2
OBJECT IDENTIFIER    

avipsMIBNotifications 1.3.6.1.4.1.6889.2.6.1.2.0
OBJECT IDENTIFIER    

avipsIskampEstablished 1.3.6.1.4.1.6889.2.6.1.2.0.1
This notification is sent whenever avipsPeerIsakmpState moves into the 'established' state.
Status: current Access: read-only
NOTIFICATION-TYPE    

avipsIskampClosed 1.3.6.1.4.1.6889.2.6.1.2.0.2
This notification is sent whenever avipsPeerIsakmpState moves into the 'closed' state, excluding during row creation.
Status: current Access: read-only
NOTIFICATION-TYPE    

avipsIskampFailed 1.3.6.1.4.1.6889.2.6.1.2.0.3
This notification is sent whenever avipsPeerIsakmpState moves into the 'failed' state.
Status: current Access: read-only
NOTIFICATION-TYPE    

avipsIpsecTunnelEstablished 1.3.6.1.4.1.6889.2.6.1.2.0.4
This notification is sent whenever avipsTunnelState moves into the 'established' state.
Status: current Access: read-only
NOTIFICATION-TYPE    

avipsIpsecTunnelClosed 1.3.6.1.4.1.6889.2.6.1.2.0.5
This notification is sent whenever avipsTunnelState moves into the 'closed' state, excluding during row creation.
Status: current Access: read-only
NOTIFICATION-TYPE    

avipsIpsecTunnelFailed 1.3.6.1.4.1.6889.2.6.1.2.0.6
This notification is sent whenever avipsTunnelState moves into the 'failed' state.
Status: current Access: read-only
NOTIFICATION-TYPE    

avipsMIBConformance 1.3.6.1.4.1.6889.2.6.1.3
OBJECT IDENTIFIER    

avipsMIBGroups 1.3.6.1.4.1.6889.2.6.1.3.1
OBJECT IDENTIFIER    

avipsConfigurationGroup 1.3.6.1.4.1.6889.2.6.1.3.1.1
This group consists of: 1) Global configuration objects. 2) Isakmp configuration objects. 3) IPsec configuration objects.
Status: current Access: read-only
OBJECT-GROUP    

avipsMonitorGroup 1.3.6.1.4.1.6889.2.6.1.3.1.2
This group consists of: 1) Global monitoring objects. 2) Peer monitoring objects. 3) IPSec tunnels monitoring objects.
Status: current Access: read-only
OBJECT-GROUP    

avipsMIBCompliances 1.3.6.1.4.1.6889.2.6.1.3.2
OBJECT IDENTIFIER    

avipsMIBCompliance 1.3.6.1.4.1.6889.2.6.1.3.2.1
The compliance statement for SNMP entities the IP Security Protocol.
Status: current Access: read-only
MODULE-COMPLIANCE    

Generation date: July 28, 2023, 16:18:13, Copyright © 2007 - 2022 - Circitor