SNMP MIB Search

Create/Delete parameter. Default is created.
Users perform a set operation on this
object in order to create/delete IPSec.

Enable/Disable parameter. Default is enabled.
Users perform a set operation on this
object in order to enable/disable IPSec.

The current state of IPsec.

Used to control the whether ESP enciphers packets or not. Set
this attribute to disable for debugging purposes only. When
set to disabled, packets that match a policy that uses ESP
to encipher the payload will not be enciphered. This allows
one to view the plaintext inner headers for debugging
purposes.

The maximum SPI value that will be accepted for manually
configured SAs. The SA values 0 - 255 is reserved. To enter
this value add the number of SAs belonging to a particular
IPSec protocol ex ESP to 255. The default value is maximum
of 32 unique ESP SAs. The value 255 will cause no manual
SAs supported

IP Security Selectors for a policy

IP Security Selectors for a policy

An IP security Descriptor

Entry in ESP security association table

Entry in Interface Statistics Table

A remote Security Gateway

An IP security Proposal. This is essentially a sequence
of protection suites represented by wfIpsecSuiteEntry
instances

An IP security protection suite

An IP security ESP Transform

An IP security AhTransform

Entry in Automated ESP SA table

The network address of the IP
interface to which the corresponding policy is applied.

The ID of the Circuit to which the
corresponding policy is applied.

ID policy's selectors.

Fragment number - for large sets of selectors.

Defines the existence of the policy's selectors:
created - instance exists
delete - instance should be deleted.

Defines whether or not the policy should be used:
enabled - activate the policy's selectors.
disabled - deactivate the policy's selectors.

Defines the current status of the this instance:
up: this instance is in use
down: this instance is misconfigured
inactive: this instance is disabled
notpresent: the IPsec code isn't loaded

The number of received packets that have
matched the selectors.

The policy's selector definition.

Reserved field.

name of this instance of selectors.

The network address of the IP
interface to which the corresponding policy is applied.

The ID of the Circuit to which the
corresponding policy is applied.

ID policy's selectors.

Fragment number - for large sets of selectors.

Defines the existence of the policy's selectors:
created - instance exists
delete - instance should be deleted.

Defines whether or not the policy should be used:
enabled - activate the policy's selectors.
disabled - deactivate the policy's selectors.

Defines the current status of the this instance:
up: this instance is in use
down: this instance is misconfigured
inactive: this instance is disabled
notpresent: the IPsec code isn't loaded

The number of received packets that have
matched the selectors.

The policy's selector definition.

Reserved field.

name of this instance of selectors.

The IP address of the security gateway which this descriptor
belongs to.

The ID of the Circuit to which this
instance applies.

Allows instance of wfIpsecSelectorOutEntry to be matched with
this instance.

Create/Delete parameter. Default is created.

The status of this instance:
up: this instance is in use
down: this instance is misconfigured
inactive: this instance is disabled
notpresent: the IPsec code isn't loaded

the octet string represents an ordered list of Security
Associations (SAs). the format of each 9 byte sequence is:
------------+-----------+-----------+------------+-----------
| protocol  |            Peer IP Address                    |
------------+-----------+-----------+------------+-----------
|                      SPI                       |
------------+-----------+-----------+------------+

Identifies mode of the SA for this policy.

Identifies whether perfect forward secrecy is required
or not.

the octet string represents an ordered list of proposals.
Every 2 octets in the string contains a number which
corresponds to an instance I.D. of wfIpsecProposalEntry.
The list of proposals is a logically ORed list.

The source for the destination IP address value to be used
in the SA. 'packet' limits use of the SA to those packets
which have a matching IP addr even if the policy permits a
range. 'policy' allows more than one traffic flow to use
the SA if the policy permits a range of IP addresses.

The source for the destination IP address value to be used
in the SA. 'packet' limits use of the SA to those packets
which have a matching IP addr even if the policy permits a
range. 'policy' allows more than one traffic flow to use
the SA if the policy permits a range of IP addresses.

The source for the destination IP address value to be used
in the SA. 'packet' limits use of the SA to those packets
which have a matching IP addr even if the policy permits a
range. 'policy' allows more than one traffic flow to use
the SA if the policy permits a range of IP addresses.

The start Source IP address for the dynamic SA.

The end Source IP address for the dynamic SA.

The start Destination IP address for the dynamic SA.

The end Source IP address for the dynamic SA.

The port number for the dynamic SA.

The IP protocol for the dynamic SA.

The address of the remote gateway.

Inbound (Unprotect) SA inactivity timer, in minutes.
If no traffic is received on an automated inbound SA
for the indicated time, both SAs for this policy will
be deleted.  A value of zero disables the timer.

The IP address of the SA's source.

The IP address of the SA's destination.

The security parameters index

Create/Delete parameter.

The current status of this Security Association:
up: this SA is in use
down: this SA is misconfigured
inactive: this SA is disabled
notpresent: the IPsec code isn't loaded

Identifies cipher algorithm for this SA.

The key for a manually-keyed SA's cipher algorithm

The strength of the cipher key.

The algorithm for ESP Auth.

The key for a manually-keyed SA's integrity algorithm

This attribute enables checking of the pad field of ESP
packets making sure it is in expected numeric ascending
order. Packets with bad padding are discarded.

Reset IPSec SA statistics indicator.

The number of received encrypted packets that could
not be properly authenticated.

The number of received packets that could
not be properly decrypted.

The number of received packets that contained
bad padding information.

The number of successfully encrypted packets.

The number of successfully decrypted packets.

The number of successfully encrypted bytes.

The number of successfully encrypted bytes.

Identifies mode of the SA.

Identifies whether this SA has perfect forward secrecy or
not.

The units used to interpret the expiry value. The SA's
keys don't expire when this is set to none.

The value used to determine when the keys for this SA
expire.

The IP address of the security gateway which these statistics
belong to.

The ID of the Circuit to which this
instance applies.

Create/Delete parameter.

Reset IPSec statistics indicator.

The number of received packets successfully
decrypted.

The number of received packets successfully
encrypted.

The number of received packets that have
bypassed.

The number of received packets that have
been dropped.

The number of received packets for which
no SA was found.

The last security parameters index for which
no SA could be found.

The number of received packets for which
no policy match could be found.

The number of bytes discarded owing to SA Expiry

The number of outbound packets clipped due to
buffer congestion.

The number of inbound packets clipped due to
buffer congestion.

The address of the IP interface to which this
instance applies.

The ID of the Circuit to which the instance applies.

An index used to differentiate remote gateway instances.

creates or deletes an instance.

enables and disables this instance.

Defines the current status of the instance:
inactive - ?
active - ?
error - ?

The address of the remote gateway.

The range of destination IP addresses that the remote
security gateway represents.

name of the remote security gateway.

A number that identifies this proposal.

Create/Delete parameter. Default is created.

The status of this Proposal.

Proposal name.

the octet string contains a list of ordered, 2 byte numbers
that correspond to wfIpsecSuiteEntry instance ID's.
The list of protection suites is a logically ANDed list.
This allows multiple protocols to be used for a policy.

A number that identifies this protection suite.

Create/Delete parameter. Default is created.

The status of this Suite.

Suite name.

The ordered sequence of wfIpsecEspTransformEntry instances that
comprise this protection suite.

The ordered sequence of wfIpsecAhProposalEntry instances that
comprise this protection suite.

A number that identifies this ESP proposal.

Create/Delete parameter. Default is created.

The status of this ESP Transform.

ESP Transform name.

The cipher algorithm for ESP.

The key length for the ESP cipher algorithm.

The algorithm for ESP Auth.

The value used to determine when the keys for this SA
expire due to the passage of time. The units are minutes.
The minium recommended value is 10 min. 

The value used to determine when the keys for this SA
expire due to the number of bytes processed. The units are
mega-bytes. The minium recommended value is 10 Mbytes. A
value of 0 indicates that MByte expiry is not desired.

The value used to determine precedence between time/kbyte
expiry

A number that identifies this AH proposal.

Create/Delete parameter. Default is created.

The status of this AhTransform.

AhTransform name.

The algorithm for AH.

The DH group

The units used to interpret the expiry value. The SA's
keys don't expire when this is set to none.

The value used to determine when the keys for this SA
expire.

The IP address of the SA's source.

The IP address of the SA's destination.

The security parameters index

The current status of this Security Association:
up: this SA is in use
down: this SA is misconfigured ???
inactive: this SA is disabled ???
notpresent: the IPsec code isn't loaded ??? 

The protocol used by this SA.

Identifies cipher algorithm for this SA.

The algorithm for ESP Auth.

The number of received encrypted packets that could
not be properly authenticated.

The number of received packets that could
not be properly decrypted.

The number of received packets that contained
bad padding information.

The number of successfully encrypted packets.

The number of successfully decrypted packets.

The number of successfully encrypted bytes.

The number of successfully encrypted bytes.

Identifies mode of the SA.

Identifies whether this SA has perfect forward secrecy or
not.

The units used to interpret the expiry value. The SA's
keys don't expire when this is set to none.

The value used to determine when the keys for this SA
expire.

A table of selectors used to identify which IP security
policy should be applied to a packet.

A table of selectors used to identify which IP security
policy should be applied to a packet.

Table of IP security descriptors

The ESP security association table

The interface statistics table

A table of known remote Security Gateways.

Table of IP security proposals

Table of IP security protection suites

Table of IP security policies

Table of IP security policies

The Ipsec automated SA table