Wellfleet-IPSEC-MIB DEFINITIONS ::= BEGIN
IMPORTS
IpAddress, Counter, Gauge, Opaque
FROM RFC1155-SMI
OBJECT-TYPE
FROM RFC-1212
DisplayString
FROM RFC1213-MIB
wfIpsecGroup
FROM Wellfleet-COMMON-MIB;
wfIpsecBase OBJECT IDENTIFIER ::= { wfIpsecGroup 1 }
wfIpsecBaseCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Create/Delete parameter. Default is created.
Users perform a set operation on this
object in order to create/delete IPSec."
DEFVAL { created }
::= { wfIpsecBase 1 }
wfIpsecBaseEnable OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Enable/Disable parameter. Default is enabled.
Users perform a set operation on this
object in order to enable/disable IPSec."
DEFVAL { enabled }
::= { wfIpsecBase 2 }
wfIpsecBaseState OBJECT-TYPE
SYNTAX INTEGER {
up(1),
down(2),
notpresent(3)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The current state of IPsec."
DEFVAL { notpresent }
::= { wfIpsecBase 3 }
wfIpsecBaseEspEncipherEnable OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Used to control the whether ESP enciphers packets or not. Set
this attribute to disable for debugging purposes only. When
set to disabled, packets that match a policy that uses ESP
to encipher the payload will not be enciphered. This allows
one to view the plaintext inner headers for debugging
purposes."
DEFVAL { enabled }
::= { wfIpsecBase 4 }
wfIpsecBaseMaxManualSpi OBJECT-TYPE
SYNTAX INTEGER(256..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The maximum SPI value that will be accepted for manually
configured SAs. The SA values 0 - 255 is reserved. To enter
this value add the number of SAs belonging to a particular
IPSec protocol ex ESP to 255. The default value is maximum
of 32 unique ESP SAs. The value 255 will cause no manual
SAs supported"
DEFVAL { 384 }
::= { wfIpsecBase 5 }
wfIpsecSelectorInTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecSelectorInEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A table of selectors used to identify which IP security
policy should be applied to a packet."
::= { wfIpsecGroup 2 }
wfIpsecSelectorInEntry OBJECT-TYPE
SYNTAX WfIpsecSelectorInEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"IP Security Selectors for a policy"
INDEX { wfIpsecSelectorInInterface,
wfIpsecSelectorInCircuit,
wfIpsecSelectorInPolicyNumber,
wfIpsecSelectorInFragment }
::= { wfIpsecSelectorInTable 1 }
WfIpsecSelectorInEntry ::= SEQUENCE {
wfIpsecSelectorInCreate
INTEGER,
wfIpsecSelectorInEnable
INTEGER,
wfIpsecSelectorInStatus
INTEGER,
wfIpsecSelectorInCounter
Counter,
wfIpsecSelectorInDefinition
Opaque,
wfIpsecSelectorInReserved
INTEGER,
wfIpsecSelectorInInterface
IpAddress,
wfIpsecSelectorInCircuit
INTEGER,
wfIpsecSelectorInPolicyNumber
INTEGER,
wfIpsecSelectorInFragment
INTEGER,
wfIpsecSelectorInName
DisplayString
}
wfIpsecSelectorInCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Defines the existence of the policy's selectors:
created - instance exists
delete - instance should be deleted."
DEFVAL { created }
::= { wfIpsecSelectorInEntry 1 }
wfIpsecSelectorInEnable OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Defines whether or not the policy should be used:
enabled - activate the policy's selectors.
disabled - deactivate the policy's selectors."
DEFVAL { enabled }
::= { wfIpsecSelectorInEntry 2 }
wfIpsecSelectorInStatus OBJECT-TYPE
SYNTAX INTEGER {
up(1),
down(2),
inactive(3),
notpresent(4)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Defines the current status of the this instance:
up: this instance is in use
down: this instance is misconfigured
inactive: this instance is disabled
notpresent: the IPsec code isn't loaded"
DEFVAL { notpresent }
::= { wfIpsecSelectorInEntry 3 }
wfIpsecSelectorInCounter OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets that have
matched the selectors."
::= { wfIpsecSelectorInEntry 4 }
wfIpsecSelectorInDefinition OBJECT-TYPE
SYNTAX Opaque
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The policy's selector definition."
::= { wfIpsecSelectorInEntry 5 }
wfIpsecSelectorInReserved OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Reserved field."
::= { wfIpsecSelectorInEntry 6 }
wfIpsecSelectorInInterface OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The network address of the IP
interface to which the corresponding policy is applied."
::= { wfIpsecSelectorInEntry 7 }
wfIpsecSelectorInCircuit OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The ID of the Circuit to which the
corresponding policy is applied."
::= { wfIpsecSelectorInEntry 8 }
wfIpsecSelectorInPolicyNumber OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"ID policy's selectors."
::= { wfIpsecSelectorInEntry 9 }
wfIpsecSelectorInFragment OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Fragment number - for large sets of selectors."
::= { wfIpsecSelectorInEntry 10 }
wfIpsecSelectorInName OBJECT-TYPE
SYNTAX DisplayString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"name of this instance of selectors."
::= { wfIpsecSelectorInEntry 11 }
wfIpsecSelectorOutTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecSelectorOutEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A table of selectors used to identify which IP security
policy should be applied to a packet."
::= { wfIpsecGroup 3 }
wfIpsecSelectorOutEntry OBJECT-TYPE
SYNTAX WfIpsecSelectorOutEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"IP Security Selectors for a policy"
INDEX { wfIpsecSelectorOutInterface,
wfIpsecSelectorOutCircuit,
wfIpsecSelectorOutPolicyNumber,
wfIpsecSelectorOutFragment }
::= { wfIpsecSelectorOutTable 1 }
WfIpsecSelectorOutEntry ::= SEQUENCE {
wfIpsecSelectorOutCreate
INTEGER,
wfIpsecSelectorOutEnable
INTEGER,
wfIpsecSelectorOutStatus
INTEGER,
wfIpsecSelectorOutCounter
Counter,
wfIpsecSelectorOutDefinition
Opaque,
wfIpsecSelectorOutReserved
INTEGER,
wfIpsecSelectorOutInterface
IpAddress,
wfIpsecSelectorOutCircuit
INTEGER,
wfIpsecSelectorOutPolicyNumber
INTEGER,
wfIpsecSelectorOutFragment
INTEGER,
wfIpsecSelectorOutName
DisplayString
}
wfIpsecSelectorOutCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Defines the existence of the policy's selectors:
created - instance exists
delete - instance should be deleted."
DEFVAL { created }
::= { wfIpsecSelectorOutEntry 1 }
wfIpsecSelectorOutEnable OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Defines whether or not the policy should be used:
enabled - activate the policy's selectors.
disabled - deactivate the policy's selectors."
DEFVAL { enabled }
::= { wfIpsecSelectorOutEntry 2 }
wfIpsecSelectorOutStatus OBJECT-TYPE
SYNTAX INTEGER {
up(1),
down(2),
inactive(3),
notpresent(4)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Defines the current status of the this instance:
up: this instance is in use
down: this instance is misconfigured
inactive: this instance is disabled
notpresent: the IPsec code isn't loaded"
DEFVAL { notpresent }
::= { wfIpsecSelectorOutEntry 3 }
wfIpsecSelectorOutCounter OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets that have
matched the selectors."
::= { wfIpsecSelectorOutEntry 4 }
wfIpsecSelectorOutDefinition OBJECT-TYPE
SYNTAX Opaque
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The policy's selector definition."
::= { wfIpsecSelectorOutEntry 5 }
wfIpsecSelectorOutReserved OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Reserved field."
::= { wfIpsecSelectorOutEntry 6 }
wfIpsecSelectorOutInterface OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The network address of the IP
interface to which the corresponding policy is applied."
::= { wfIpsecSelectorOutEntry 7 }
wfIpsecSelectorOutCircuit OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The ID of the Circuit to which the
corresponding policy is applied."
::= { wfIpsecSelectorOutEntry 8 }
wfIpsecSelectorOutPolicyNumber OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"ID policy's selectors."
::= { wfIpsecSelectorOutEntry 9 }
wfIpsecSelectorOutFragment OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Fragment number - for large sets of selectors."
::= { wfIpsecSelectorOutEntry 10 }
wfIpsecSelectorOutName OBJECT-TYPE
SYNTAX DisplayString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"name of this instance of selectors."
::= { wfIpsecSelectorOutEntry 11 }
wfIpsecDescriptorTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecDescriptorEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of IP security descriptors"
::= { wfIpsecGroup 4 }
wfIpsecDescriptorEntry OBJECT-TYPE
SYNTAX WfIpsecDescriptorEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"An IP security Descriptor"
INDEX { wfIpsecDescriptorInterface,
wfIpsecDescriptorCircuit,
wfIpsecDescriptorPolicyNumber }
::= { wfIpsecDescriptorTable 1 }
WfIpsecDescriptorEntry ::= SEQUENCE {
wfIpsecDescriptorCreate
INTEGER,
wfIpsecDescriptorStatus
INTEGER,
wfIpsecDescriptorPolicyNumber
INTEGER,
wfIpsecDescriptorInterface
IpAddress,
wfIpsecDescriptorCircuit
INTEGER,
wfIpsecDescriptorManualSaList
Opaque,
wfIpsecDescriptorSaMode
INTEGER,
wfIpsecDescriptorPfs
INTEGER,
wfIpsecDescriptorProposals
Opaque,
wfIpsecDescriptorSourceForDestAddr
INTEGER,
wfIpsecDescriptorSourceForSrcAddr
INTEGER,
wfIpsecDescriptorSourceForProtocol
INTEGER,
wfIpsecDescriptorStartSourceAddr
IpAddress,
wfIpsecDescriptorEndSourceAddr
IpAddress,
wfIpsecDescriptorStartDestAddr
IpAddress,
wfIpsecDescriptorEndDestAddr
IpAddress,
wfIpsecDescriptorPort
INTEGER,
wfIpsecDescriptorProtocol
INTEGER,
wfIpsecDescriptorPrimarySG
IpAddress,
wfIpsecDescriptorInboundIdleTimer
INTEGER
}
wfIpsecDescriptorCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Create/Delete parameter. Default is created."
DEFVAL { created }
::= { wfIpsecDescriptorEntry 1 }
wfIpsecDescriptorStatus OBJECT-TYPE
SYNTAX INTEGER {
up(1),
down(2),
inactive(3),
notpresent(4)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The status of this instance:
up: this instance is in use
down: this instance is misconfigured
inactive: this instance is disabled
notpresent: the IPsec code isn't loaded"
DEFVAL { notpresent }
::= { wfIpsecDescriptorEntry 2 }
wfIpsecDescriptorPolicyNumber OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Allows instance of wfIpsecSelectorOutEntry to be matched with
this instance."
::= { wfIpsecDescriptorEntry 3 }
wfIpsecDescriptorInterface OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The IP address of the security gateway which this descriptor
belongs to."
::= { wfIpsecDescriptorEntry 4 }
wfIpsecDescriptorCircuit OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The ID of the Circuit to which this
instance applies."
::= { wfIpsecDescriptorEntry 5 }
wfIpsecDescriptorManualSaList OBJECT-TYPE
SYNTAX Opaque
ACCESS read-write
STATUS mandatory
DESCRIPTION
"the octet string represents an ordered list of Security
Associations (SAs). the format of each 9 byte sequence is:
------------+-----------+-----------+------------+-----------
| protocol | Peer IP Address |
------------+-----------+-----------+------------+-----------
| SPI |
------------+-----------+-----------+------------+
"
::= { wfIpsecDescriptorEntry 6 }
wfIpsecDescriptorSaMode OBJECT-TYPE
SYNTAX INTEGER {
tunnel(1),
transport(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Identifies mode of the SA for this policy."
DEFVAL { tunnel }
::= { wfIpsecDescriptorEntry 7 }
wfIpsecDescriptorPfs OBJECT-TYPE
SYNTAX INTEGER {
true(1),
false(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Identifies whether perfect forward secrecy is required
or not."
DEFVAL { false }
::= { wfIpsecDescriptorEntry 8 }
wfIpsecDescriptorProposals OBJECT-TYPE
SYNTAX Opaque
ACCESS read-write
STATUS mandatory
DESCRIPTION
"the octet string represents an ordered list of proposals.
Every 2 octets in the string contains a number which
corresponds to an instance I.D. of wfIpsecProposalEntry.
The list of proposals is a logically ORed list."
::= { wfIpsecDescriptorEntry 9 }
wfIpsecDescriptorSourceForDestAddr OBJECT-TYPE
SYNTAX INTEGER {
packet(1),
policy(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The source for the destination IP address value to be used
in the SA. 'packet' limits use of the SA to those packets
which have a matching IP addr even if the policy permits a
range. 'policy' allows more than one traffic flow to use
the SA if the policy permits a range of IP addresses."
DEFVAL { policy }
::= { wfIpsecDescriptorEntry 10 }
wfIpsecDescriptorSourceForSrcAddr OBJECT-TYPE
SYNTAX INTEGER {
packet(1),
policy(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The source for the destination IP address value to be used
in the SA. 'packet' limits use of the SA to those packets
which have a matching IP addr even if the policy permits a
range. 'policy' allows more than one traffic flow to use
the SA if the policy permits a range of IP addresses."
DEFVAL { policy }
::= { wfIpsecDescriptorEntry 11 }
wfIpsecDescriptorSourceForProtocol OBJECT-TYPE
SYNTAX INTEGER {
packet(1),
policy(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The source for the destination IP address value to be used
in the SA. 'packet' limits use of the SA to those packets
which have a matching IP addr even if the policy permits a
range. 'policy' allows more than one traffic flow to use
the SA if the policy permits a range of IP addresses."
DEFVAL { policy }
::= { wfIpsecDescriptorEntry 12 }
wfIpsecDescriptorStartSourceAddr OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The start Source IP address for the dynamic SA."
::= { wfIpsecDescriptorEntry 13 }
wfIpsecDescriptorEndSourceAddr OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The end Source IP address for the dynamic SA."
::= { wfIpsecDescriptorEntry 14 }
wfIpsecDescriptorStartDestAddr OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The start Destination IP address for the dynamic SA."
::= { wfIpsecDescriptorEntry 15 }
wfIpsecDescriptorEndDestAddr OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The end Source IP address for the dynamic SA."
::= { wfIpsecDescriptorEntry 16 }
wfIpsecDescriptorPort OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The port number for the dynamic SA."
::= { wfIpsecDescriptorEntry 17 }
wfIpsecDescriptorProtocol OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The IP protocol for the dynamic SA."
::= { wfIpsecDescriptorEntry 18 }
wfIpsecDescriptorPrimarySG OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The address of the remote gateway."
::= { wfIpsecDescriptorEntry 19 }
wfIpsecDescriptorInboundIdleTimer OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Inbound (Unprotect) SA inactivity timer, in minutes.
If no traffic is received on an automated inbound SA
for the indicated time, both SAs for this policy will
be deleted. A value of zero disables the timer."
DEFVAL { 15 }
::= { wfIpsecDescriptorEntry 20 }
wfIpsecEspSaTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecEspSaEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"The ESP security association table"
::= { wfIpsecGroup 5 }
wfIpsecEspSaEntry OBJECT-TYPE
SYNTAX WfIpsecEspSaEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Entry in ESP security association table"
INDEX { wfIpsecEspSaSrc,
wfIpsecEspSaDest,
wfIpsecEspSaSpi }
::= { wfIpsecEspSaTable 1 }
WfIpsecEspSaEntry ::= SEQUENCE {
wfIpsecEspSaCreate
INTEGER,
wfIpsecEspSaStatus
INTEGER,
wfIpsecEspSaSrc
IpAddress,
wfIpsecEspSaDest
IpAddress,
wfIpsecEspSaSpi
INTEGER,
wfIpsecEspSaCipherAlg
INTEGER,
wfIpsecEspSaManualCipherKey
OCTET STRING,
wfIpsecEspSaDesKeyStrength
INTEGER,
wfIpsecEspSaIntegrityAlg
INTEGER,
wfIpsecEspSaManualIntegrityKey
OCTET STRING,
wfIpsecEspSaVerifyPad
INTEGER,
wfIpsecEspSaReset
INTEGER,
wfIpsecEspSaBadAuthen
Counter,
wfIpsecEspSaBadDecrypt
Counter,
wfIpsecEspSaBadPad
Counter,
wfIpsecEspSaProtectPkt
Counter,
wfIpsecEspSaUnprotectPkt
Counter,
wfIpsecEspSaEncryptByte
Counter,
wfIpsecEspSaDecryptByte
Counter,
wfIpsecEspSaMode
INTEGER,
wfIpsecEspSaPfs
INTEGER,
wfIpsecEspSaExpiryType
INTEGER,
wfIpsecEspSaExpiryValue
INTEGER
}
wfIpsecEspSaCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Create/Delete parameter."
DEFVAL { created }
::= { wfIpsecEspSaEntry 1 }
wfIpsecEspSaStatus OBJECT-TYPE
SYNTAX INTEGER {
up(1),
down(2),
inactive(3),
notpresent(4)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The current status of this Security Association:
up: this SA is in use
down: this SA is misconfigured
inactive: this SA is disabled
notpresent: the IPsec code isn't loaded"
DEFVAL { notpresent }
::= { wfIpsecEspSaEntry 2 }
wfIpsecEspSaSrc OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The IP address of the SA's source."
::= { wfIpsecEspSaEntry 3 }
wfIpsecEspSaDest OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The IP address of the SA's destination."
::= { wfIpsecEspSaEntry 4 }
wfIpsecEspSaSpi OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The security parameters index"
::= { wfIpsecEspSaEntry 5 }
wfIpsecEspSaCipherAlg OBJECT-TYPE
SYNTAX INTEGER {
none(1),
des(2),
desede(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Identifies cipher algorithm for this SA."
DEFVAL { des }
::= { wfIpsecEspSaEntry 6 }
wfIpsecEspSaManualCipherKey OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The key for a manually-keyed SA's cipher algorithm"
::= { wfIpsecEspSaEntry 7 }
wfIpsecEspSaDesKeyStrength OBJECT-TYPE
SYNTAX INTEGER {
fortybit(1),
fiftysixbit(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The strength of the cipher key."
DEFVAL { fiftysixbit }
::= { wfIpsecEspSaEntry 8 }
wfIpsecEspSaIntegrityAlg OBJECT-TYPE
SYNTAX INTEGER {
none(1),
hmacMd5(2),
hmacSha1(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The algorithm for ESP Auth."
DEFVAL { none }
::= { wfIpsecEspSaEntry 9 }
wfIpsecEspSaManualIntegrityKey OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The key for a manually-keyed SA's integrity algorithm"
::= { wfIpsecEspSaEntry 10 }
wfIpsecEspSaVerifyPad OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"This attribute enables checking of the pad field of ESP
packets making sure it is in expected numeric ascending
order. Packets with bad padding are discarded."
DEFVAL { disabled }
::= { wfIpsecEspSaEntry 11 }
wfIpsecEspSaReset OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Reset IPSec SA statistics indicator."
::= { wfIpsecEspSaEntry 12 }
wfIpsecEspSaBadAuthen OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received encrypted packets that could
not be properly authenticated."
::= { wfIpsecEspSaEntry 13 }
wfIpsecEspSaBadDecrypt OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets that could
not be properly decrypted."
::= { wfIpsecEspSaEntry 14 }
wfIpsecEspSaBadPad OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets that contained
bad padding information."
::= { wfIpsecEspSaEntry 15 }
wfIpsecEspSaProtectPkt OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of successfully encrypted packets."
::= { wfIpsecEspSaEntry 16 }
wfIpsecEspSaUnprotectPkt OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of successfully decrypted packets."
::= { wfIpsecEspSaEntry 17 }
wfIpsecEspSaEncryptByte OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of successfully encrypted bytes."
::= { wfIpsecEspSaEntry 18 }
wfIpsecEspSaDecryptByte OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of successfully encrypted bytes."
::= { wfIpsecEspSaEntry 19 }
wfIpsecEspSaMode OBJECT-TYPE
SYNTAX INTEGER {
tunnel(1),
transport(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Identifies mode of the SA."
DEFVAL { tunnel }
::= { wfIpsecEspSaEntry 20 }
wfIpsecEspSaPfs OBJECT-TYPE
SYNTAX INTEGER {
true(1),
false(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Identifies whether this SA has perfect forward secrecy or
not."
DEFVAL { true }
::= { wfIpsecEspSaEntry 21 }
wfIpsecEspSaExpiryType OBJECT-TYPE
SYNTAX INTEGER {
seconds(1),
kilobytes(2),
none(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The units used to interpret the expiry value. The SA's
keys don't expire when this is set to none."
DEFVAL { none }
::= { wfIpsecEspSaEntry 22 }
wfIpsecEspSaExpiryValue OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The value used to determine when the keys for this SA
expire."
::= { wfIpsecEspSaEntry 23 }
wfIpsecStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecStatsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"The interface statistics table"
::= { wfIpsecGroup 6 }
wfIpsecStatsEntry OBJECT-TYPE
SYNTAX WfIpsecStatsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Entry in Interface Statistics Table"
INDEX { wfIpsecStatsInterface,
wfIpsecStatsCircuit }
::= { wfIpsecStatsTable 1 }
WfIpsecStatsEntry ::= SEQUENCE {
wfIpsecStatsCreate
INTEGER,
wfIpsecStatsInterface
IpAddress,
wfIpsecStatsCircuit
INTEGER,
wfIpsecStatsReset
INTEGER,
wfIpsecStatsUnprotectPkt
Counter,
wfIpsecStatsProtectPkt
Counter,
wfIpsecStatsBypassPkt
Counter,
wfIpsecStatsDropPkt
Counter,
wfIpsecStatsNoSa
Counter,
wfIpsecStatsLastBadSpi
INTEGER,
wfIpsecStatsNoPolicyMatch
Counter,
wfIpsecStatsSaExpDropBytes
Counter,
wfIpsecStatsOutClips
Counter,
wfIpsecStatsInClips
Counter
}
wfIpsecStatsCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Create/Delete parameter."
DEFVAL { created }
::= { wfIpsecStatsEntry 1 }
wfIpsecStatsInterface OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The IP address of the security gateway which these statistics
belong to."
::= { wfIpsecStatsEntry 2 }
wfIpsecStatsCircuit OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The ID of the Circuit to which this
instance applies."
::= { wfIpsecStatsEntry 3 }
wfIpsecStatsReset OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Reset IPSec statistics indicator."
::= { wfIpsecStatsEntry 4 }
wfIpsecStatsUnprotectPkt OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets successfully
decrypted."
::= { wfIpsecStatsEntry 5 }
wfIpsecStatsProtectPkt OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets successfully
encrypted."
::= { wfIpsecStatsEntry 6 }
wfIpsecStatsBypassPkt OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets that have
bypassed."
::= { wfIpsecStatsEntry 7 }
wfIpsecStatsDropPkt OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets that have
been dropped."
::= { wfIpsecStatsEntry 8 }
wfIpsecStatsNoSa OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets for which
no SA was found."
::= { wfIpsecStatsEntry 9 }
wfIpsecStatsLastBadSpi OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The last security parameters index for which
no SA could be found."
::= { wfIpsecStatsEntry 10 }
wfIpsecStatsNoPolicyMatch OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets for which
no policy match could be found."
::= { wfIpsecStatsEntry 11 }
wfIpsecStatsSaExpDropBytes OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of bytes discarded owing to SA Expiry"
::= { wfIpsecStatsEntry 12 }
wfIpsecStatsOutClips OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of outbound packets clipped due to
buffer congestion."
::= { wfIpsecStatsEntry 13 }
wfIpsecStatsInClips OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of inbound packets clipped due to
buffer congestion."
::= { wfIpsecStatsEntry 14 }
wfIpsecRemoteGatewayTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecRemoteGatewayEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A table of known remote Security Gateways."
::= { wfIpsecGroup 7 }
wfIpsecRemoteGatewayEntry OBJECT-TYPE
SYNTAX WfIpsecRemoteGatewayEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A remote Security Gateway"
INDEX { wfIpsecRemoteGatewayInterface,
wfIpsecRemoteGatewayCircuit,
wfIpsecRemoteGatewayIndex }
::= { wfIpsecRemoteGatewayTable 1 }
WfIpsecRemoteGatewayEntry ::= SEQUENCE {
wfIpsecRemoteGatewayCreate
INTEGER,
wfIpsecRemoteGatewayEnable
INTEGER,
wfIpsecRemoteGatewayStatus
INTEGER,
wfIpsecRemoteGatewayInterface
IpAddress,
wfIpsecRemoteGatewayCircuit
INTEGER,
wfIpsecRemoteGatewayIndex
INTEGER,
wfIpsecRemoteGatewayIpAddr
IpAddress,
wfIpsecRemoteGatewayRange
OCTET STRING,
wfIpsecRemoteGatewayName
DisplayString
}
wfIpsecRemoteGatewayCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"creates or deletes an instance."
DEFVAL { created }
::= { wfIpsecRemoteGatewayEntry 1 }
wfIpsecRemoteGatewayEnable OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"enables and disables this instance."
DEFVAL { enabled }
::= { wfIpsecRemoteGatewayEntry 2 }
wfIpsecRemoteGatewayStatus OBJECT-TYPE
SYNTAX INTEGER {
active(1),
error(2),
inactive(3),
notpresent(4)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Defines the current status of the instance:
inactive - ?
active - ?
error - ?"
DEFVAL { notpresent }
::= { wfIpsecRemoteGatewayEntry 3 }
wfIpsecRemoteGatewayInterface OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The address of the IP interface to which this
instance applies."
::= { wfIpsecRemoteGatewayEntry 4 }
wfIpsecRemoteGatewayCircuit OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The ID of the Circuit to which the instance applies."
::= { wfIpsecRemoteGatewayEntry 5 }
wfIpsecRemoteGatewayIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"An index used to differentiate remote gateway instances."
::= { wfIpsecRemoteGatewayEntry 6 }
wfIpsecRemoteGatewayIpAddr OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The address of the remote gateway."
::= { wfIpsecRemoteGatewayEntry 7 }
wfIpsecRemoteGatewayRange OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The range of destination IP addresses that the remote
security gateway represents."
::= { wfIpsecRemoteGatewayEntry 8 }
wfIpsecRemoteGatewayName OBJECT-TYPE
SYNTAX DisplayString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"name of the remote security gateway."
::= { wfIpsecRemoteGatewayEntry 9 }
wfIpsecProposalTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecProposalEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of IP security proposals"
::= { wfIpsecGroup 8 }
wfIpsecProposalEntry OBJECT-TYPE
SYNTAX WfIpsecProposalEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"An IP security Proposal. This is essentially a sequence
of protection suites represented by wfIpsecSuiteEntry
instances"
INDEX { wfIpsecProposalNumber }
::= { wfIpsecProposalTable 1 }
WfIpsecProposalEntry ::= SEQUENCE {
wfIpsecProposalCreate
INTEGER,
wfIpsecProposalStatus
INTEGER,
wfIpsecProposalName
DisplayString,
wfIpsecProposalNumber
INTEGER,
wfIpsecProposalSuites
Opaque
}
wfIpsecProposalCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Create/Delete parameter. Default is created."
DEFVAL { created }
::= { wfIpsecProposalEntry 1 }
wfIpsecProposalStatus OBJECT-TYPE
SYNTAX INTEGER {
active(1),
error(2),
inactive(3),
notpresent(4)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The status of this Proposal."
DEFVAL { notpresent }
::= { wfIpsecProposalEntry 2 }
wfIpsecProposalName OBJECT-TYPE
SYNTAX DisplayString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Proposal name."
::= { wfIpsecProposalEntry 3 }
wfIpsecProposalNumber OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"A number that identifies this proposal."
::= { wfIpsecProposalEntry 4 }
wfIpsecProposalSuites OBJECT-TYPE
SYNTAX Opaque
ACCESS read-write
STATUS mandatory
DESCRIPTION
"the octet string contains a list of ordered, 2 byte numbers
that correspond to wfIpsecSuiteEntry instance ID's.
The list of protection suites is a logically ANDed list.
This allows multiple protocols to be used for a policy."
::= { wfIpsecProposalEntry 5 }
wfIpsecSuiteTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecSuiteEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of IP security protection suites"
::= { wfIpsecGroup 9 }
wfIpsecSuiteEntry OBJECT-TYPE
SYNTAX WfIpsecSuiteEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"An IP security protection suite"
INDEX { wfIpsecSuiteNumber }
::= { wfIpsecSuiteTable 1 }
WfIpsecSuiteEntry ::= SEQUENCE {
wfIpsecSuiteCreate
INTEGER,
wfIpsecSuiteStatus
INTEGER,
wfIpsecSuiteName
DisplayString,
wfIpsecSuiteNumber
INTEGER,
wfIpsecSuiteEspProtocol
Opaque,
wfIpsecSuiteAhProtocol
Opaque
}
wfIpsecSuiteCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Create/Delete parameter. Default is created."
DEFVAL { created }
::= { wfIpsecSuiteEntry 1 }
wfIpsecSuiteStatus OBJECT-TYPE
SYNTAX INTEGER {
active(1),
error(2),
inactive(3),
notpresent(4)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The status of this Suite."
DEFVAL { notpresent }
::= { wfIpsecSuiteEntry 2 }
wfIpsecSuiteName OBJECT-TYPE
SYNTAX DisplayString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Suite name."
::= { wfIpsecSuiteEntry 3 }
wfIpsecSuiteNumber OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"A number that identifies this protection suite."
::= { wfIpsecSuiteEntry 4 }
wfIpsecSuiteEspProtocol OBJECT-TYPE
SYNTAX Opaque
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The ordered sequence of wfIpsecEspTransformEntry instances that
comprise this protection suite."
::= { wfIpsecSuiteEntry 5 }
wfIpsecSuiteAhProtocol OBJECT-TYPE
SYNTAX Opaque
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The ordered sequence of wfIpsecAhProposalEntry instances that
comprise this protection suite."
::= { wfIpsecSuiteEntry 6 }
wfIpsecEspTransformTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecEspTransformEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of IP security policies"
::= { wfIpsecGroup 10 }
wfIpsecEspTransformEntry OBJECT-TYPE
SYNTAX WfIpsecEspTransformEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"An IP security ESP Transform"
INDEX { wfIpsecEspTransformNumber }
::= { wfIpsecEspTransformTable 1 }
WfIpsecEspTransformEntry ::= SEQUENCE {
wfIpsecEspTransformCreate
INTEGER,
wfIpsecEspTransformStatus
INTEGER,
wfIpsecEspTransformName
DisplayString,
wfIpsecEspTransformNumber
INTEGER,
wfIpsecEspTransformCipherAlg
INTEGER,
wfIpsecEspTransformKeyLength
INTEGER,
wfIpsecEspTransformIntegrityAlg
INTEGER,
wfIpsecEspTransformExpiryTime
INTEGER,
wfIpsecEspTransformExpiryMBytes
INTEGER,
wfIpsecEspTransformExpiryPref
INTEGER
}
wfIpsecEspTransformCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Create/Delete parameter. Default is created."
DEFVAL { created }
::= { wfIpsecEspTransformEntry 1 }
wfIpsecEspTransformStatus OBJECT-TYPE
SYNTAX INTEGER {
active(1),
error(2),
inactive(3),
notpresent(4)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The status of this ESP Transform."
DEFVAL { notpresent }
::= { wfIpsecEspTransformEntry 2 }
wfIpsecEspTransformName OBJECT-TYPE
SYNTAX DisplayString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"ESP Transform name."
::= { wfIpsecEspTransformEntry 3 }
wfIpsecEspTransformNumber OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"A number that identifies this ESP proposal."
::= { wfIpsecEspTransformEntry 4 }
wfIpsecEspTransformCipherAlg OBJECT-TYPE
SYNTAX INTEGER {
none(1),
des(2),
desede(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The cipher algorithm for ESP."
DEFVAL { des }
::= { wfIpsecEspTransformEntry 5 }
wfIpsecEspTransformKeyLength OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The key length for the ESP cipher algorithm."
::= { wfIpsecEspTransformEntry 6 }
wfIpsecEspTransformIntegrityAlg OBJECT-TYPE
SYNTAX INTEGER {
none(1),
hmacMd5(2),
hmacSha1(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The algorithm for ESP Auth."
DEFVAL { none }
::= { wfIpsecEspTransformEntry 7 }
wfIpsecEspTransformExpiryTime OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The value used to determine when the keys for this SA
expire due to the passage of time. The units are minutes.
The minium recommended value is 10 min. "
DEFVAL { 480 }
::= { wfIpsecEspTransformEntry 8 }
wfIpsecEspTransformExpiryMBytes OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The value used to determine when the keys for this SA
expire due to the number of bytes processed. The units are
mega-bytes. The minium recommended value is 10 Mbytes. A
value of 0 indicates that MByte expiry is not desired."
DEFVAL { 1024 }
::= { wfIpsecEspTransformEntry 9 }
wfIpsecEspTransformExpiryPref OBJECT-TYPE
SYNTAX INTEGER {
minutes(1),
mbytes(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The value used to determine precedence between time/kbyte
expiry"
DEFVAL { minutes }
::= { wfIpsecEspTransformEntry 10 }
wfIpsecAhTransformTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecAhTransformEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of IP security policies"
::= { wfIpsecGroup 11 }
wfIpsecAhTransformEntry OBJECT-TYPE
SYNTAX WfIpsecAhTransformEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"An IP security AhTransform"
INDEX { wfIpsecAhTransformNumber }
::= { wfIpsecAhTransformTable 1 }
WfIpsecAhTransformEntry ::= SEQUENCE {
wfIpsecAhTransformCreate
INTEGER,
wfIpsecAhTransformStatus
INTEGER,
wfIpsecAhTransformName
DisplayString,
wfIpsecAhTransformNumber
INTEGER,
wfIpsecAhTransformIntegrityAlg
INTEGER,
wfIpsecAhTransformGroup
INTEGER,
wfIpsecAhTransformExpiryType
INTEGER,
wfIpsecAhTransformExpiryValue
INTEGER
}
wfIpsecAhTransformCreate OBJECT-TYPE
SYNTAX INTEGER {
created(1),
deleted(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Create/Delete parameter. Default is created."
DEFVAL { created }
::= { wfIpsecAhTransformEntry 1 }
wfIpsecAhTransformStatus OBJECT-TYPE
SYNTAX INTEGER {
active(1),
error(2),
inactive(3),
notpresent(4)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The status of this AhTransform."
DEFVAL { notpresent }
::= { wfIpsecAhTransformEntry 2 }
wfIpsecAhTransformName OBJECT-TYPE
SYNTAX DisplayString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"AhTransform name."
::= { wfIpsecAhTransformEntry 3 }
wfIpsecAhTransformNumber OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"A number that identifies this AH proposal."
::= { wfIpsecAhTransformEntry 4 }
wfIpsecAhTransformIntegrityAlg OBJECT-TYPE
SYNTAX INTEGER {
none(1),
hmacMd5(2),
hmacSha1(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The algorithm for AH."
DEFVAL { hmacMd5 }
::= { wfIpsecAhTransformEntry 5 }
wfIpsecAhTransformGroup OBJECT-TYPE
SYNTAX INTEGER {
one(1)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The DH group"
DEFVAL { one }
::= { wfIpsecAhTransformEntry 6 }
wfIpsecAhTransformExpiryType OBJECT-TYPE
SYNTAX INTEGER {
seconds(1),
kilobytes(2),
none(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The units used to interpret the expiry value. The SA's
keys don't expire when this is set to none."
DEFVAL { kilobytes }
::= { wfIpsecAhTransformEntry 7 }
wfIpsecAhTransformExpiryValue OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The value used to determine when the keys for this SA
expire."
DEFVAL { 1024 }
::= { wfIpsecAhTransformEntry 8 }
wfIpsecSaStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF WfIpsecSaStatsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"The Ipsec automated SA table"
::= { wfIpsecGroup 12 }
wfIpsecSaStatsEntry OBJECT-TYPE
SYNTAX WfIpsecSaStatsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Entry in Automated ESP SA table"
INDEX { wfIpsecSaStatsSrc,
wfIpsecSaStatsDest,
wfIpsecSaStatsSpi }
::= { wfIpsecSaStatsTable 1 }
WfIpsecSaStatsEntry ::= SEQUENCE {
wfIpsecSaStatsStatus
INTEGER,
wfIpsecSaStatsSrc
IpAddress,
wfIpsecSaStatsDest
IpAddress,
wfIpsecSaStatsSpi
Gauge,
wfIpsecSaStatsProto
INTEGER,
wfIpsecSaStatsCipherAlg
INTEGER,
wfIpsecSaStatsIntegrityAlg
INTEGER,
wfIpsecSaStatsBadAuthen
Counter,
wfIpsecSaStatsBadDecrypt
Counter,
wfIpsecSaStatsBadPad
Counter,
wfIpsecSaStatsProtectPkt
Counter,
wfIpsecSaStatsUnprotectPkt
Counter,
wfIpsecSaStatsEncryptByte
Counter,
wfIpsecSaStatsDecryptByte
Counter,
wfIpsecSaStatsMode
INTEGER,
wfIpsecSaStatsPfs
INTEGER,
wfIpsecSaStatsExpiryType
INTEGER,
wfIpsecSaStatsExpiryValue
INTEGER
}
wfIpsecSaStatsStatus OBJECT-TYPE
SYNTAX INTEGER {
up(1),
down(2),
inactive(3),
notpresent(4)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The current status of this Security Association:
up: this SA is in use
down: this SA is misconfigured ???
inactive: this SA is disabled ???
notpresent: the IPsec code isn't loaded ??? "
DEFVAL { notpresent }
::= { wfIpsecSaStatsEntry 1 }
wfIpsecSaStatsSrc OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The IP address of the SA's source."
::= { wfIpsecSaStatsEntry 2 }
wfIpsecSaStatsDest OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The IP address of the SA's destination."
::= { wfIpsecSaStatsEntry 3 }
wfIpsecSaStatsSpi OBJECT-TYPE
SYNTAX Gauge
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The security parameters index"
::= { wfIpsecSaStatsEntry 4 }
wfIpsecSaStatsProto OBJECT-TYPE
SYNTAX INTEGER {
none(1),
esp(2),
ah(3)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The protocol used by this SA."
DEFVAL { none }
::= { wfIpsecSaStatsEntry 5 }
wfIpsecSaStatsCipherAlg OBJECT-TYPE
SYNTAX INTEGER {
none(1),
des(2),
desede(3)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Identifies cipher algorithm for this SA."
DEFVAL { des }
::= { wfIpsecSaStatsEntry 6 }
wfIpsecSaStatsIntegrityAlg OBJECT-TYPE
SYNTAX INTEGER {
none(1),
hmacMd5(2),
hmacSha1(3)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The algorithm for ESP Auth."
DEFVAL { none }
::= { wfIpsecSaStatsEntry 7 }
wfIpsecSaStatsBadAuthen OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received encrypted packets that could
not be properly authenticated."
::= { wfIpsecSaStatsEntry 8 }
wfIpsecSaStatsBadDecrypt OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets that could
not be properly decrypted."
::= { wfIpsecSaStatsEntry 9 }
wfIpsecSaStatsBadPad OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of received packets that contained
bad padding information."
::= { wfIpsecSaStatsEntry 10 }
wfIpsecSaStatsProtectPkt OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of successfully encrypted packets."
::= { wfIpsecSaStatsEntry 11 }
wfIpsecSaStatsUnprotectPkt OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of successfully decrypted packets."
::= { wfIpsecSaStatsEntry 12 }
wfIpsecSaStatsEncryptByte OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of successfully encrypted bytes."
::= { wfIpsecSaStatsEntry 13 }
wfIpsecSaStatsDecryptByte OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of successfully encrypted bytes."
::= { wfIpsecSaStatsEntry 14 }
wfIpsecSaStatsMode OBJECT-TYPE
SYNTAX INTEGER {
tunnel(1),
transport(2)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Identifies mode of the SA."
DEFVAL { tunnel }
::= { wfIpsecSaStatsEntry 15 }
wfIpsecSaStatsPfs OBJECT-TYPE
SYNTAX INTEGER {
true(1),
false(2)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Identifies whether this SA has perfect forward secrecy or
not."
DEFVAL { true }
::= { wfIpsecSaStatsEntry 16 }
wfIpsecSaStatsExpiryType OBJECT-TYPE
SYNTAX INTEGER {
seconds(1),
kilobytes(2),
none(3)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The units used to interpret the expiry value. The SA's
keys don't expire when this is set to none."
DEFVAL { none }
::= { wfIpsecSaStatsEntry 17 }
wfIpsecSaStatsExpiryValue OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The value used to determine when the keys for this SA
expire."
::= { wfIpsecSaStatsEntry 18 }
END