JNX-IPSEC-MONITOR-MIB
File:
JNX-IPSEC-MONITOR-MIB.mib (37889 bytes)
Imported modules
Imported symbols
Defined Types
JnxIkePeerType |
|
The type of IPsec Phase-1 IKE peer identity.
The IKE peer may be identified by one of the
ID types defined in IPSEC DOI. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), idIpv4Addr(1), idFqdn(2), idDn(3) |
|
JnxIkeNegoMode |
|
The IPsec Phase-1 IKE negotiation mode. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
main(1), aggressive(2), ikev2(3) |
|
JnxIkeHashAlgo |
|
The hash algorithm used in IPsec Phase-1
IKE negotiations. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
md5(1), sha(2), sha256(3), sha384(4) |
|
JnxIkeAuthMethod |
|
The authentication method used in IPsec Phase-1 IKE
negotiations. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
preSharedKey(1), dssSignature(2), rsaSignature(3), rsaEncryption(4), revRsaEncryption(5) |
|
JnxIkePeerRole |
|
Role of the local endpoint in negotiating the IPsec Phase-1 IKE
security association. It can be either Initiator or Responder. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
initiator(1), responder(2) |
|
JnxIkeNegState |
|
State of the Phase-1 IKE negotiation. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
matured(1), notmatured(2) |
|
JnxDiffHellmanGrp |
|
The Diffie Hellman Group used in negotiations.
modp768 -- 768-bit MODP
modp1024 -- 1024-bit MODP
modp1536 -- 1536-bit MODP
modp2048 -- 2048-bit MODP
ec-modp256 -- 256-bit EC-MODP
ec-modp384 -- 384-bit EC-MODP
|
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), modp768(1), modp1024(2), modp1536(5), modp2048(14), ecmodp256(19), ecmodp384(20) |
|
JnxKeyType |
|
The type of key used by an IPsec Phase-2 Tunnel. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), keyIke(1), keyManual(2) |
|
JnxEncapMode |
|
The encapsulation mode used by an IPsec Phase-2
Tunnel. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), tunnel(1), transport(2) |
|
JnxEncryptAlgo |
|
The encryption algorithm used in negotiations. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
espDes(1), esp3des(2), espNull(3), espAes128(4), espAes192(5), espAes256(6) |
|
JnxSpi |
|
The type of the SPI associated with IPsec Phase-2 security
associations. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
256..4294967295 |
|
JnxAuthAlgo |
|
The authentication algorithm used by a
security association of an IPsec Phase-2 Tunnel. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), hmacMd5(2), hmacSha(3), hmacSha256(4) |
|
JnxRemotePeerType |
|
The type of the remote peer gateway (endpoint). It can be one
of the following two types:
- static (Remote peer whose IP address is known beforehand)
- dynamic (Remote peer whose IP address is not known
beforehand) |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), static(1), dynamic(2) |
|
JnxSAType |
|
SA Type manual or dynamic |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
unknown(0), manual(1), dynamic(2) |
|
JnxIkeTunnelEntry |
|
SEQUENCE |
|
|
|
|
jnxIkeTunIndex |
Integer32 |
|
|
jnxIkeTunLocalRole |
JnxIkePeerRole |
|
|
jnxIkeTunNegState |
JnxIkeNegState |
|
|
jnxIkeTunInitiatorCookie |
DisplayString |
|
|
jnxIkeTunResponderCookie |
DisplayString |
|
|
jnxIkeTunLocalIdType |
JnxIkePeerType |
|
|
jnxIkeTunLocalIdValue |
DisplayString |
|
|
jnxIkeTunLocalGwAddrType |
InetAddressType |
|
|
jnxIkeTunLocalGwAddr |
InetAddress |
|
|
jnxIkeTunLocalCertName |
DisplayString |
|
|
jnxIkeTunRemoteIdType |
JnxIkePeerType |
|
|
jnxIkeTunRemoteIdValue |
DisplayString |
|
|
jnxIkeTunRemoteGwAddrType |
InetAddressType |
|
|
jnxIkeTunRemoteGwAddr |
InetAddress |
|
|
jnxIkeTunNegoMode |
JnxIkeNegoMode |
|
|
jnxIkeTunDiffHellmanGrp |
JnxDiffHellmanGrp |
|
|
jnxIkeTunEncryptAlgo |
JnxEncryptAlgo |
|
|
jnxIkeTunHashAlgo |
JnxIkeHashAlgo |
|
|
jnxIkeTunAuthMethod |
JnxIkeAuthMethod |
|
|
jnxIkeTunLifeTime |
Integer32 |
|
|
jnxIkeTunActiveTime |
TimeInterval |
|
|
jnxIkeTunInOctets |
Counter64 |
|
|
jnxIkeTunInPkts |
Counter32 |
|
|
jnxIkeTunOutOctets |
Counter64 |
|
|
jnxIkeTunOutPkts |
Counter32 |
|
JnxIpSecTunnelEntry |
|
SEQUENCE |
|
|
|
|
jnxIpSecTunIndex |
Integer32 |
|
|
jnxIpSecRuleName |
DisplayString |
|
|
jnxIpSecTermName |
DisplayString |
|
|
jnxIpSecTunLocalGwAddrType |
InetAddressType |
|
|
jnxIpSecTunLocalGwAddr |
InetAddress |
|
|
jnxIpSecTunRemoteGwAddrType |
InetAddressType |
|
|
jnxIpSecTunRemoteGwAddr |
InetAddress |
|
|
jnxIpSecTunLocalProxyId |
DisplayString |
|
|
jnxIpSecTunRemoteProxyId |
DisplayString |
|
|
jnxIpSecTunKeyType |
JnxKeyType |
|
|
jnxIpSecRemotePeerType |
JnxRemotePeerType |
|
|
jnxIpSecTunMtu |
Integer32 |
|
|
jnxIpSecTunOutEncryptedBytes |
Counter64 |
|
|
jnxIpSecTunOutEncryptedPkts |
Counter64 |
|
|
jnxIpSecTunInDecryptedBytes |
Counter64 |
|
|
jnxIpSecTunInDecryptedPkts |
Counter64 |
|
|
jnxIpsSecTunAHInBytes |
Counter64 |
|
|
jnxIpsSecTunAHInPkts |
Counter64 |
|
|
jnxIpsSecTunAHOutBytes |
Counter64 |
|
|
jnxIpsSecTunAHOutPkts |
Counter64 |
|
|
jnxIpSecTunReplayDropPkts |
Counter64 |
|
|
jnxIpSecTunAhAuthFails |
Counter64 |
|
|
jnxIpSecTunEspAuthFails |
Counter64 |
|
|
jnxIpSecTunDecryptFails |
Counter64 |
|
|
jnxIpSecTunBadHeaders |
Counter64 |
|
|
jnxIpSecTunBadTrailers |
Counter64 |
|
|
jnxIpSecTunDroppedPkts |
Counter64 |
|
JnxIpSecSaEntry |
|
SEQUENCE |
|
|
|
|
jnxIpSecSaProtocol |
INTEGER |
|
|
jnxIpSecSaIndex |
Integer32 |
|
|
jnxIpSecSaInSpi |
JnxSpi |
|
|
jnxIpSecSaOutSpi |
JnxSpi |
|
|
jnxIpSecSaInAuxSpi |
JnxSpi |
|
|
jnxIpSecSaOutAuxSpi |
JnxSpi |
|
|
jnxIpSecSaType |
JnxSAType |
|
|
jnxIpSecSaEncapMode |
JnxEncapMode |
|
|
jnxIpSecSaLifeSize |
Integer32 |
|
|
jnxIpSecSaLifeTime |
Integer32 |
|
|
jnxIpSecSaActiveTime |
TimeInterval |
|
|
jnxIpSecSaLifeSizeThreshold |
Integer32 |
|
|
jnxIpSecSaLifeTimeThreshold |
Integer32 |
|
|
jnxIpSecSaEncryptAlgo |
JnxEncryptAlgo |
|
|
jnxIpSecSaAuthAlgo |
JnxAuthAlgo |
|
|
jnxIpSecSaState |
INTEGER |
|
Defined Values
jnxIpSecMibLevel |
1.3.6.1.4.1.2636.3.22.1.1.1 |
The version of the IPsec MIB. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..4096 |
|
jnxIkeTunnelTable |
1.3.6.1.4.1.2636.3.22.1.2.1 |
The IPsec Phase-1 Internet Key Exchange Tunnel Table.
There is one entry in this table for each active IPsec
Phase-1 IKE Tunnel. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
JnxIkeTunnelEntry |
|
jnxIkeTunnelEntry |
1.3.6.1.4.1.2636.3.22.1.2.1.1 |
Each entry contains the attributes associated with
an active IPsec Phase-1 IKE Tunnel. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
JnxIkeTunnelEntry |
|
|
jnxIkeTunIndex |
1.3.6.1.4.1.2636.3.22.1.2.1.1.1 |
The index of the IPsec Phase-1 IKE Tunnel Table.
The value of the index is a number which begins
at one and is incremented with each tunnel that
is created. The value of this object will
wrap at 2,147,483,647. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..2147483647 |
|
jnxIkeTunLocalRole |
1.3.6.1.4.1.2636.3.22.1.2.1.1.2 |
The role of local peer identity. The Role of
the local peer can be:
1. initiator.
2. or responder. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxIkePeerRole |
|
|
jnxIkeTunNegState |
1.3.6.1.4.1.2636.3.22.1.2.1.1.3 |
The state of the current negotiation , It can be
1. matured
2. not matured |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxIkeNegState |
|
|
jnxIkeTunInitiatorCookie |
1.3.6.1.4.1.2636.3.22.1.2.1.1.4 |
Cookie as generated by the peer that initiated the IKE Phase-1
negotiation. This cookie is carried in the ISAKMP header. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
jnxIkeTunResponderCookie |
1.3.6.1.4.1.2636.3.22.1.2.1.1.5 |
Cookie as generated by the peer responding to the IKE Phase-1
negotiation initiated by the remote peer. This cookie is carried
in the ISAKMP header. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
jnxIkeTunLocalIdType |
1.3.6.1.4.1.2636.3.22.1.2.1.1.6 |
The type of local peer identity. The local
peer may be identified by:
1. an IP address, or
2. or a fully qualified domain name string.
3. or a distinguished name string. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxIkePeerType |
|
|
jnxIkeTunLocalIdValue |
1.3.6.1.4.1.2636.3.22.1.2.1.1.7 |
The value of the local peer identity.
If the local peer type is an IP Address, then this
is the IP Address used to identify the local peer.
If the local peer type is id_fqdn, then this is
the FQDN of the remote peer.
If the local peer type is a id_dn, then this is
the distinguished name string of the local peer. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
jnxIkeTunLocalGwAddrType |
1.3.6.1.4.1.2636.3.22.1.2.1.1.8 |
The IP address type of the local endpoint (gateway) for the IPsec
Phase-1 IKE Tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
jnxIkeTunLocalGwAddr |
1.3.6.1.4.1.2636.3.22.1.2.1.1.9 |
The IP address of the local endpoint (gateway) for the IPsec
Phase-1 IKE Tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
jnxIkeTunLocalCertName |
1.3.6.1.4.1.2636.3.22.1.2.1.1.10 |
Name of the certificate used for authentication of the local
tunnel endpoint. This object will have some valid value only
if negotiated IKE authentication method is other than pre-saherd
key. If the IKE negotiation do not use certificate based
authentication method, then the value of this object will be a
NULL string. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
jnxIkeTunRemoteIdType |
1.3.6.1.4.1.2636.3.22.1.2.1.1.11 |
The type of remote peer identity.
The remote peer may be identified by:
1. an IP address, or
2. or a fully qualified domain name string.
3. or a distinguished name string. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxIkePeerType |
|
|
jnxIkeTunRemoteIdValue |
1.3.6.1.4.1.2636.3.22.1.2.1.1.12 |
The value of the remote peer identity.
If the remote peer type is an IP Address, then this
is the IP Address used to identify the remote peer.
If the remote peer type is id_fqdn, then this is
the FQDN of the remote peer.
If the remote peer type is a id_dn, then this is
the distinguished named string of the remote peer. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
jnxIkeTunRemoteGwAddrType |
1.3.6.1.4.1.2636.3.22.1.2.1.1.13 |
The IP address type of the remote gateway (endpoint) for the IPsec
Phase-1 IKE Tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
jnxIkeTunRemoteGwAddr |
1.3.6.1.4.1.2636.3.22.1.2.1.1.14 |
The IP address of the remote gateway (endpoint) for the IPsec
Phase-1 IKE Tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
jnxIkeTunNegoMode |
1.3.6.1.4.1.2636.3.22.1.2.1.1.15 |
The negotiation mode of the IPsec Phase-1 IKE Tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxIkeNegoMode |
|
|
jnxIkeTunEncryptAlgo |
1.3.6.1.4.1.2636.3.22.1.2.1.1.17 |
The encryption algorithm used in IPsec Phase-1 IKE
negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxEncryptAlgo |
|
|
jnxIkeTunHashAlgo |
1.3.6.1.4.1.2636.3.22.1.2.1.1.18 |
The hash algorithm used in IPsec Phase-1 IKE
negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxIkeHashAlgo |
|
|
jnxIkeTunAuthMethod |
1.3.6.1.4.1.2636.3.22.1.2.1.1.19 |
The authentication method used in IPsec Phase-1 IKE
negotiations. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxIkeAuthMethod |
|
|
jnxIkeTunLifeTime |
1.3.6.1.4.1.2636.3.22.1.2.1.1.20 |
The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
in seconds. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..2147483647 |
|
jnxIkeTunActiveTime |
1.3.6.1.4.1.2636.3.22.1.2.1.1.21 |
The length of time the IPsec Phase-1 IKE tunnel has been
active in hundredths of seconds. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeInterval |
|
|
jnxIkeTunInOctets |
1.3.6.1.4.1.2636.3.22.1.2.1.1.22 |
The total number of octets received by
this IPsec Phase-1 IKE security association. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIkeTunInPkts |
1.3.6.1.4.1.2636.3.22.1.2.1.1.23 |
The total number of packets received by
this IPsec Phase-1 IKE security association. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
jnxIkeTunOutOctets |
1.3.6.1.4.1.2636.3.22.1.2.1.1.24 |
The total number of octets sent by this IPsec Phase-1
IKE security association. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIkeTunOutPkts |
1.3.6.1.4.1.2636.3.22.1.2.1.1.25 |
The total number of packets sent by this IPsec Phase-1
IKE security association. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
jnxIpSecTunnelTable |
1.3.6.1.4.1.2636.3.22.1.3.1 |
The IPsec Phase-2 Tunnel Table.
There is one entry in this table for
each active IPsec Phase-2 Tunnel. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
JnxIpSecTunnelEntry |
|
jnxIpSecTunnelEntry |
1.3.6.1.4.1.2636.3.22.1.3.1.1 |
Each entry contains the attributes
associated with an active IPsec Phase-2 Tunnel. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
JnxIpSecTunnelEntry |
|
|
jnxIpSecTunIndex |
1.3.6.1.4.1.2636.3.22.1.3.1.1.1 |
The index of the IPsec Phase-2 Tunnel Table.
The value of the index is a number which begins
at one and is incremented with each tunnel that
is created. The value of this object will wrap
at 2,147,483,647. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..2147483647 |
|
jnxIpSecRuleName |
1.3.6.1.4.1.2636.3.22.1.3.1.1.2 |
Name of the rule configured in IPSec configuration. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
jnxIpSecTermName |
1.3.6.1.4.1.2636.3.22.1.3.1.1.3 |
Name of the term configured under IPSec rule. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
jnxIpSecTunLocalGwAddr |
1.3.6.1.4.1.2636.3.22.1.3.1.1.5 |
The IP address of the local gateway (endpoint) for the IPsec
Phase-2 Tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
jnxIpSecTunRemoteGwAddr |
1.3.6.1.4.1.2636.3.22.1.3.1.1.7 |
The IP address of the remote gateway (endpoint) for the IPsec
Phase-2 Tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
jnxIpSecTunKeyType |
1.3.6.1.4.1.2636.3.22.1.3.1.1.10 |
The type of key used by the IPsec Phase-2 Tunnel. It can be
one of the following two types:
- IKE negotiated
- Manually installed |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxKeyType |
|
|
jnxIpSecRemotePeerType |
1.3.6.1.4.1.2636.3.22.1.3.1.1.11 |
The type of the remote peer gateway (endpoint). It can be one
of the following two types:
- static (Remote peer whose IP address is known beforehand)
- dynamic (Remote peer whose IP address is not known
beforehand) |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxRemotePeerType |
|
|
jnxIpSecTunMtu |
1.3.6.1.4.1.2636.3.22.1.3.1.1.12 |
MTU value of this Phase-2 tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
jnxIpsSecTunAHInBytes |
1.3.6.1.4.1.2636.3.22.1.3.1.1.17 |
Number of incoming bytes authenticated using AH by this Phase-2
tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIpsSecTunAHInPkts |
1.3.6.1.4.1.2636.3.22.1.3.1.1.18 |
Number of incoming packets authenticated using AH by this Phase-2
tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIpsSecTunAHOutBytes |
1.3.6.1.4.1.2636.3.22.1.3.1.1.19 |
Number of outgoing bytes applied AH by this Phase-2 tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIpsSecTunAHOutPkts |
1.3.6.1.4.1.2636.3.22.1.3.1.1.20 |
Number of outgoing packets applied AH by this Phase-2 tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIpSecTunReplayDropPkts |
1.3.6.1.4.1.2636.3.22.1.3.1.1.21 |
Number of packets dropped by this Phase-2 tunnel due to
anti replay check failure. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIpSecTunAhAuthFails |
1.3.6.1.4.1.2636.3.22.1.3.1.1.22 |
Number of packets received by this Phase-2 tunnel that
failed AH authentication. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIpSecTunEspAuthFails |
1.3.6.1.4.1.2636.3.22.1.3.1.1.23 |
Number of packets received by this Phase-2 tunnel that
failed ESP authentication. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIpSecTunDecryptFails |
1.3.6.1.4.1.2636.3.22.1.3.1.1.24 |
Number of packets received by this Phase-2 tunnel that
failed decryption. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIpSecTunBadTrailers |
1.3.6.1.4.1.2636.3.22.1.3.1.1.26 |
Number of packets received by this Phase-2 tunnel that
failed due to bad ESP trailers. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIpSecTunDroppedPkts |
1.3.6.1.4.1.2636.3.22.1.3.1.1.27 |
Total number of dropped packets for this Phase-2 tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter64 |
|
|
jnxIpSecSaTable |
1.3.6.1.4.1.2636.3.22.1.3.2 |
The IPsec Phase-2 Security Association Table.
This table identifies the structure (in terms of
component SAs) of each active Phase-2 IPsec tunnel.
This table contains an entry for each active and
expiring security association and maps each entry
in the active Phase-2 tunnel table (ipSecTunTable)
into a number of entries in this table. The index of this
table reflects the
rule for identifying Security Associations. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
JnxIpSecSaEntry |
|
jnxIpSecSaEntry |
1.3.6.1.4.1.2636.3.22.1.3.2.1 |
Each entry contains the attributes associated with
active and expiring IPsec Phase-2
security associations. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
JnxIpSecSaEntry |
|
|
jnxIpSecSaProtocol |
1.3.6.1.4.1.2636.3.22.1.3.2.1.1 |
The index, represents the security protocol (AH, ESP or
IPComp) for which this security association was setup. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
INTEGER |
ah(1), esp(2) |
|
jnxIpSecSaIndex |
1.3.6.1.4.1.2636.3.22.1.3.2.1.2 |
The index, in the context of the IPsec tunnel ipSecTunIndex,
of the security association represented by this table entry.
The value of this index is a number which begins at one and
is incremented with each SPI associated with an IPsec Phase-2
Tunnel. The value of this object will wrap at 2,147,483,647. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..2147483647 |
|
jnxIpSecSaInSpi |
1.3.6.1.4.1.2636.3.22.1.3.2.1.3 |
The value of the incoming SPI. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxSpi |
|
|
jnxIpSecSaOutSpi |
1.3.6.1.4.1.2636.3.22.1.3.2.1.4 |
The value of the outgoing SPI. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxSpi |
|
|
jnxIpSecSaInAuxSpi |
1.3.6.1.4.1.2636.3.22.1.3.2.1.5 |
The value of the incoming auxiliary SPI. This is valid for AH
and ESP bundles. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxSpi |
|
|
jnxIpSecSaOutAuxSpi |
1.3.6.1.4.1.2636.3.22.1.3.2.1.6 |
The value of the outgoing auxiliary SPI. This is valid for AH
and ESP bundles. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxSpi |
|
|
jnxIpSecSaType |
1.3.6.1.4.1.2636.3.22.1.3.2.1.7 |
This field represents the type of security associations
which can be either manual or dynamic |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxSAType |
|
|
jnxIpSecSaEncapMode |
1.3.6.1.4.1.2636.3.22.1.3.2.1.8 |
The encapsulation mode used by an IPsec Phase-2 Tunnel. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxEncapMode |
|
|
jnxIpSecSaLifeSize |
1.3.6.1.4.1.2636.3.22.1.3.2.1.9 |
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
jnxIpSecSaLifeTime |
1.3.6.1.4.1.2636.3.22.1.3.2.1.10 |
The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
jnxIpSecSaActiveTime |
1.3.6.1.4.1.2636.3.22.1.3.2.1.11 |
The length of time the IPsec Phase-2 Tunnel has been active in seconds. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeInterval |
|
|
jnxIpSecSaLifeSizeThreshold |
1.3.6.1.4.1.2636.3.22.1.3.2.1.12 |
The security association LifeSize refresh threshold in kilobytes. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
jnxIpSecSaLifeTimeThreshold |
1.3.6.1.4.1.2636.3.22.1.3.2.1.13 |
The security association LifeTime refresh threshold in seconds. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
jnxIpSecSaEncryptAlgo |
1.3.6.1.4.1.2636.3.22.1.3.2.1.14 |
The Encryption algorithm used to encrypt
the packets which can be either es-cbc or 3des-cbc. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxEncryptAlgo |
|
|
jnxIpSecSaAuthAlgo |
1.3.6.1.4.1.2636.3.22.1.3.2.1.15 |
The algorithm used for authentication of packets which
can be hmac-md5-96 or hmac-sha1-96 |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
JnxAuthAlgo |
|
|
jnxIpSecSaState |
1.3.6.1.4.1.2636.3.22.1.3.2.1.16 |
This column represents the status of the security association
represented by this table entry. If the status of the SA is
'active', the SA is ready for active use. The status
'expiring' represents any of the various states that the
security association transitions through before being purged. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
unknown(0), active(1), expiring(2) |
|