IPSEC-POLICY-MIB

File: IPSEC-POLICY-MIB.mib (237210 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
SNMP-FRAMEWORK-MIB INET-ADDRESS-MIB IPSEC-ISAKMP-IKE-DOI-TC

Imported symbols

MODULE-IDENTITY OBJECT-TYPE NOTIFICATION-TYPE
Integer32 Unsigned32 mib-2
experimental TEXTUAL-CONVENTION RowStatus
TruthValue TimeStamp StorageType
VariablePointer DateAndTime MODULE-COMPLIANCE
OBJECT-GROUP NOTIFICATION-GROUP SnmpAdminString
InetAddressType InetAddress InetPortNumber
IkeHashAlgorithm IpsecDoiEncapsulationMode IpsecDoiIpcompTransform
IpsecDoiAuthAlgorithm IpsecDoiEspTransform IpsecDoiSecProtocolId
IkeGroupDescription IpsecDoiIdentType IkeEncryptionAlgorithm
IkeAuthMethod

Defined Types

IpspBooleanOperator  
The IpspBooleanOperator operator is used to specify whether sub-components in a decision making process are ANDed or ORed together to decide if the resulting expression is true or false.
TEXTUAL-CONVENTION    
  INTEGER or(1), and(2)  

IpspAdminStatus  
The IpspAdminStatus is used to specify the administrative status of an object. Objects which are disabled must not be used by the packet processing engine.
TEXTUAL-CONVENTION    
  INTEGER enabled(1), disabled(2)  

IpspSADirection  
The IpspSADirection operator is used to specify whether or not a row should apply to outgoing or incoming SAs.
TEXTUAL-CONVENTION    
  INTEGER outgoing(1), incoming(2)  

IpspIPPacketLogging  
IpspIPPacketLogging specifies whether or not an audit message should be logged when a packet is passed through an SA. A value of '-1' indicates no logging. A value of '0' or greater indicates that logging should be done and how many bytes of the beginning of the packet to place in the log. Values greater than the size of the packet being processed indicate that the entire packet should be sent. Examples: '-1' no logging '0' log but do not include any of the packet in the log '20' log and include the first 20 bytes of the packet in the log.
TEXTUAL-CONVENTION    
  Integer32 -1..65536  

IpspIdentityFilter  
IpspIdentityFilter contains a string encoded Identity Type value to be used in comparisons against an IKE Identity payload. Wherever this TC is used, there should be an accompanying column which uses the IpsecDoiIdentType TC to specify the type of data in this object. See the IpsecDoiIdentType TC for the supported identity types available. Note that the IpsecDoiIdentType TC sepcifies how to encode binary values, while this object will contain human readable string versions.
TEXTUAL-CONVENTION    
  OCTET STRING Size(1..256)  

IpspCredentialType  
IpspCredentialType identifies the type of credential contained in a corresponding IpspIdentityFilter object.
TEXTUAL-CONVENTION    
  INTEGER reserved(0), unknown(1), sharedSecret(2), x509(3), kerberos(4)  

IpspEndpointToGroupEntry  
SEQUENCE    
  ipspEndGroupIdentType InetAddressType
  ipspEndGroupAddress InetAddress
  ipspEndGroupName SnmpAdminString
  ipspEndGroupLastChanged TimeStamp
  ipspEndGroupStorageType StorageType
  ipspEndGroupRowStatus RowStatus

IpspGroupContentsEntry  
SEQUENCE    
  ipspGroupContName SnmpAdminString
  ipspGroupContPriority Integer32
  ipspGroupContFilter VariablePointer
  ipspGroupContComponentType INTEGER
  ipspGroupContComponentName SnmpAdminString
  ipspGroupContLastChanged TimeStamp
  ipspGroupContStorageType StorageType
  ipspGroupContRowStatus RowStatus

IpspRuleDefinitionEntry  
SEQUENCE    
  ipspRuleDefName SnmpAdminString
  ipspRuleDefDescription SnmpAdminString
  ipspRuleDefFilter VariablePointer
  ipspRuleDefFilterNegated TruthValue
  ipspRuleDefAction VariablePointer
  ipspRuleDefAdminStatus IpspAdminStatus
  ipspRuleDefLastChanged TimeStamp
  ipspRuleDefStorageType StorageType
  ipspRuleDefRowStatus RowStatus

IpspCompoundFilterEntry  
SEQUENCE    
  ipspCompFiltName SnmpAdminString
  ipspCompFiltDescription SnmpAdminString
  ipspCompFiltLogicType IpspBooleanOperator
  ipspCompFiltLastChanged TimeStamp
  ipspCompFiltStorageType StorageType
  ipspCompFiltRowStatus RowStatus

IpspSubfiltersEntry  
SEQUENCE    
  ipspSubFiltPriority Integer32
  ipspSubFiltSubfilter VariablePointer
  ipspSubFiltSubfilterIsNegated TruthValue
  ipspSubFiltLastChanged TimeStamp
  ipspSubFiltStorageType StorageType
  ipspSubFiltRowStatus RowStatus

IpspIpHeaderFilterEntry  
SEQUENCE    
  ipspIpHeadFiltName SnmpAdminString
  ipspIpHeadFiltType BITS
  ipspIpHeadFiltIPVersion InetAddressType
  ipspIpHeadFiltSrcAddressBegin InetAddress
  ipspIpHeadFiltSrcAddressEnd InetAddress
  ipspIpHeadFiltDstAddressBegin InetAddress
  ipspIpHeadFiltDstAddressEnd InetAddress
  ipspIpHeadFiltSrcLowPort InetPortNumber
  ipspIpHeadFiltSrcHighPort InetPortNumber
  ipspIpHeadFiltDstLowPort InetPortNumber
  ipspIpHeadFiltDstHighPort InetPortNumber
  ipspIpHeadFiltProtocol Integer32
  ipspIpHeadFiltIPv6FlowLabel Integer32
  ipspIpHeadFiltLastChanged TimeStamp
  ipspIpHeadFiltStorageType StorageType
  ipspIpHeadFiltRowStatus RowStatus

IpspIpOffsetFilterEntry  
SEQUENCE    
  ipspIpOffFiltName SnmpAdminString
  ipspIpOffFiltOffset Integer32
  ipspIpOffFiltType INTEGER
  ipspIpOffFiltNumber Integer32
  ipspIpOffFiltValue OCTET STRING
  ipspIpOffFiltLastChanged TimeStamp
  ipspIpOffFiltStorageType StorageType
  ipspIpOffFiltRowStatus RowStatus

IpspTimeFilterEntry  
SEQUENCE    
  ipspTimeFiltName SnmpAdminString
  ipspTimeFiltPeriodStart DateAndTime
  ipspTimeFiltPeriodEnd DateAndTime
  ipspTimeFiltMonthOfYearMask BITS
  ipspTimeFiltDayOfMonthMask OCTET STRING
  ipspTimeFiltDayOfWeekMask BITS
  ipspTimeFiltTimeOfDayMaskStart DateAndTime
  ipspTimeFiltTimeOfDayMaskEnd DateAndTime
  ipspTimeFiltLastChanged TimeStamp
  ipspTimeFiltStorageType StorageType
  ipspTimeFiltRowStatus RowStatus

IpspIpsoHeaderFilterEntry  
SEQUENCE    
  ipspIpsoHeadFiltName SnmpAdminString
  ipspIpsoHeadFiltType BITS
  ipspIpsoHeadFiltClassification INTEGER
  ipspIpsoHeadFiltProtectionAuth INTEGER
  ipspIpsoHeadFiltLastChanged TimeStamp
  ipspIpsoHeadFiltStorageType StorageType
  ipspIpsoHeadFiltRowStatus RowStatus

IpspCredentialFilterEntry  
SEQUENCE    
  ipspCredFiltName SnmpAdminString
  ipspCredFiltCredentialType IpspCredentialType
  ipspCredFiltMatchFieldName OCTET STRING
  ipspCredFiltMatchFieldValue OCTET STRING
  ipspCredFiltAcceptCredFrom OCTET STRING
  ipspCredFiltLastChanged TimeStamp
  ipspCredFiltStorageType StorageType
  ipspCredFiltRowStatus RowStatus

IpspPeerIdentityFilterEntry  
SEQUENCE    
  ipspPeerIdFiltName SnmpAdminString
  ipspPeerIdFiltIdentityType IpsecDoiIdentType
  ipspPeerIdFiltIdentityValue IpspIdentityFilter
  ipspPeerIdFiltLastChanged TimeStamp
  ipspPeerIdFiltStorageType StorageType
  ipspPeerIdFiltRowStatus RowStatus

IpspCompoundActionEntry  
SEQUENCE    
  ipspCompActName SnmpAdminString
  ipspCompActExecutionStrategy INTEGER
  ipspCompActLastChanged TimeStamp
  ipspCompActStorageType StorageType
  ipspCompActRowStatus RowStatus

IpspSubactionsEntry  
SEQUENCE    
  ipspSubActPriority Integer32
  ipspSubActSubActionName VariablePointer
  aiipspCompActLastChanged TimeStamp
  aiipspCompActStorageType StorageType
  aiipspCompActRowStatus RowStatus

IpspSaPreconfiguredActionEntry  
SEQUENCE    
  ipspSaPreActActionName SnmpAdminString
  ipspSaPreActSADirection IpspSADirection
  ipspSaPreActActionDescription SnmpAdminString
  ipspSaPreActActionLifetimeSec Unsigned32
  ipspSaPreActActionLifetimeKB Unsigned32
  ipspSaPreActDoActionLogging TruthValue
  ipspSaPreActDoPacketLogging IpspIPPacketLogging
  ipspSaPreActDFHandling INTEGER
  ipspSaPreActActionType IpsecDoiEncapsulationMode
  ipspSaPreActAHSPI Integer32
  ipspSaPreActAHTransformName SnmpAdminString
  ipspSaPreActAHSharedSecretName SnmpAdminString
  ipspSaPreActESPSPI Integer32
  ipspSaPreActESPTransformName SnmpAdminString
  ipspSaPreActESPEncSecretName SnmpAdminString
  ipspSaPreActESPAuthSecretName SnmpAdminString
  ipspSaPreActIPCompSPI Integer32
  ipspSaPreActIPCompTransformName SnmpAdminString
  ipspSaPreActPeerGatewayIdName SnmpAdminString
  ipspSaPreActLastChanged TimeStamp
  ipspSaPreActStorageType StorageType
  ipspSaPreActRowStatus RowStatus

IpspSaNegotiationParametersEntry  
SEQUENCE    
  ipspSaNegParamName SnmpAdminString
  ipspSaNegParamMinLifetimeSecs Unsigned32
  ipspSaNegParamMinLifetimeKB Unsigned32
  ipspSaNegParamRefreshThreshSecs Unsigned32
  ipspSaNegParamRefreshThresholdKB Unsigned32
  ipspSaNegParamIdleDurationSecs Unsigned32
  ipspSaNegParamLastChanged TimeStamp
  ipspSaNegParamStorageType StorageType
  ipspSaNegParamRowStatus RowStatus

IpspIkeActionEntry  
SEQUENCE    
  ipspIkeActName SnmpAdminString
  ipspIkeActParametersName SnmpAdminString
  ipspIkeActThresholdDerivedKeys Integer32
  ipspIkeActExchangeMode INTEGER
  ipspIkeActAgressiveModeGroupId IkeGroupDescription
  ipspIkeActIdentityType IpsecDoiIdentType
  ipspIkeActIdentityContext SnmpAdminString
  ipspIkeActPeerName SnmpAdminString
  ipspIkeActDoActionLogging TruthValue
  ipspIkeActDoPacketLogging IpspIPPacketLogging
  ipspIkeActVendorId OCTET STRING
  ipspIkeActLastChanged TimeStamp
  ipspIkeActStorageType StorageType
  ipspIkeActRowStatus RowStatus

IpspIkeActionProposalsEntry  
SEQUENCE    
  ipspIkeActPropPriority Integer32
  ipspIkeActPropName SnmpAdminString
  ipspIkeActPropLastChanged TimeStamp
  ipspIkeActPropStorageType StorageType
  ipspIkeActPropRowStatus RowStatus

IpspIkeProposalEntry  
SEQUENCE    
  ipspIkePropLifetimeDerivedKeys Unsigned32
  ipspIkePropCipherAlgorithm IkeEncryptionAlgorithm
  ipspIkePropCipherKeyLength Unsigned32
  ipspIkePropCipherKeyRounds Unsigned32
  ipspIkePropHashAlgorithm IkeHashAlgorithm
  ipspIkePropPrfAlgorithm INTEGER
  ipspIkePropVendorId OCTET STRING
  ipspIkePropDhGroup IkeGroupDescription
  ipspIkePropAuthenticationMethod IkeAuthMethod
  ipspIkePropMaxLifetimeSecs Unsigned32
  ipspIkePropMaxLifetimeKB Unsigned32
  ipspIkePropProposalLastChanged TimeStamp
  ipspIkePropProposalStorageType StorageType
  ipspIkePropProposalRowStatus RowStatus

IpspIpsecActionEntry  
SEQUENCE    
  ipspIpsecActName SnmpAdminString
  ipspIpsecActParametersName SnmpAdminString
  ipspIpsecActProposalsName SnmpAdminString
  ipspIpsecActUsePfs TruthValue
  ipspIpsecActVendorId OCTET STRING
  ipspIpsecActGroupId IkeGroupDescription
  ipspIpsecActPeerGatewayIdName OCTET STRING
  ipspIpsecActUseIkeGroup TruthValue
  ipspIpsecActGranularity INTEGER
  ipspIpsecActMode INTEGER
  ipspIpsecActDFHandling INTEGER
  ipspIpsecActDoActionLogging TruthValue
  ipspIpsecActDoPacketLogging IpspIPPacketLogging
  ipspIpsecActLastChanged TimeStamp
  ipspIpsecActStorageType StorageType
  ipspIpsecActRowStatus RowStatus

IpspIpsecProposalsEntry  
SEQUENCE    
  ipspIpsecPropName SnmpAdminString
  ipspIpsecPropPriority Integer32
  ipspIpsecPropProtocolId IpsecDoiSecProtocolId
  ipspIpsecPropTransformsName SnmpAdminString
  ipspIpsecPropLastChanged TimeStamp
  ipspIpsecPropStorageType StorageType
  ipspIpsecPropRowStatus RowStatus

IpspIpsecTransformsEntry  
SEQUENCE    
  ipspIpsecTranType IpsecDoiSecProtocolId
  ipspIpsecTranName SnmpAdminString
  ipspIpsecTranPriority Integer32
  ipspIpsecTranTransformName SnmpAdminString
  ipspIpsecTranLastChanged TimeStamp
  ipspIpsecTranStorageType StorageType
  ipspIpsecTranRowStatus RowStatus

IpspAhTransformEntry  
SEQUENCE    
  ipspAhTranName SnmpAdminString
  ipspAhTranMaxLifetimeSec Unsigned32
  ipspAhTranMaxLifetimeKB Unsigned32
  ipspAhTranAlgorithm IpsecDoiAuthAlgorithm
  ipspAhTranReplayProtection TruthValue
  ipspAhTranReplayWindowSize Unsigned32
  ipspAhTranLastChanged TimeStamp
  ipspAhTranStorageType StorageType
  ipspAhTranRowStatus RowStatus

IpspEspTransformEntry  
SEQUENCE    
  ipspEspTranName SnmpAdminString
  ipspEspTranMaxLifetimeSec Unsigned32
  ipspEspTranMaxLifetimeKB Unsigned32
  ipspEspTranCipherTransformId IpsecDoiEspTransform
  ipspEspTranCipherKeyLength Unsigned32
  ipspEspTranCipherKeyRounds Unsigned32
  ipspEspTranIntegrityAlgorithmId IpsecDoiAuthAlgorithm
  ipspEspTranReplayPrevention TruthValue
  ipspEspTranReplayWindowSize Unsigned32
  ipspEspTranLastChanged TimeStamp
  ipspEspTranStorageType StorageType
  ipspEspTranRowStatus RowStatus

IpspIpcompTransformEntry  
SEQUENCE    
  ipspIpcompTranName SnmpAdminString
  ipspIpcompTranMaxLifetimeSec Unsigned32
  ipspIpcompTranMaxLifetimeKB Unsigned32
  ipspIpcompTranAlgorithm IpsecDoiIpcompTransform
  ipspIpcompTranDictionarySize Unsigned32
  ipspIpcompTranPrivateAlgorithm Unsigned32
  ipspIpcompTranLastChanged TimeStamp
  ipspIpcompTranStorageType StorageType
  ipspIpcompTranRowStatus RowStatus

IpspIkeIdentityEntry  
SEQUENCE    
  ipspIkeIdCredentialName SnmpAdminString
  ipspIkeIdLastChanged TimeStamp
  ipspIkeIdStorageType StorageType
  ipspIkeIdRowStatus RowStatus

IpspPeerIdentityEntry  
SEQUENCE    
  ipspPeerIdName SnmpAdminString
  ipspPeerIdPriority Integer32
  ipspPeerIdType IpsecDoiIdentType
  ipspPeerIdValue IpspIdentityFilter
  ipspPeerIdAddressType InetAddressType
  ipspPeerIdAddress InetAddress
  ipspPeerIdCredentialName SnmpAdminString
  ipspPeerIdLastChanged TimeStamp
  ipspPeerIdStorageType StorageType
  ipspPeerIdRowStatus RowStatus

IpspAutostartIkeEntry  
SEQUENCE    
  ipspAutoIkePriority Integer32
  ipspAutoIkeAction VariablePointer
  ipspAutoIkeAddressType InetAddressType
  ipspAutoIkeSourceAddress InetAddress
  ipspAutoIkeSourcePort InetPortNumber
  ipspAutoIkeDestAddress InetAddress
  ipspAutoIkeDestPort InetPortNumber
  ipspAutoIkeProtocol Unsigned32
  ipspAutoIkeLastChanged TimeStamp
  ipspAutoIkeStorageType StorageType
  ipspAutoIkeRowStatus RowStatus

IpspIpsecCredMngServiceEntry  
SEQUENCE    
  ipspIcmsName SnmpAdminString
  ipspIcmsDistinguishedName OCTET STRING
  ipspIcmsPolicyStatement OCTET STRING
  ipspIcmsMaxChainLength Integer32
  ipspIcmsCredentialName SnmpAdminString
  ipspIcmsLastChanged TimeStamp
  ipspIcmsStorageType StorageType
  ipspIcmsRowStatus RowStatus

IpspCredMngCRLEntry  
SEQUENCE    
  ipspCmcCRLName SnmpAdminString
  ipspCmcDistributionPoint OCTET STRING
  ipspCmcThisUpdate OCTET STRING
  ipspCmcNextUpdate OCTET STRING
  ipspCmcLastChanged TimeStamp
  ipspCmcStorageType StorageType
  ipspCmcRowStatus RowStatus

IpspRevokedCertificateEntry  
SEQUENCE    
  ipspRctCertSerialNumber Unsigned32
  ipspRctRevokedDate OCTET STRING
  ipspRctRevokedReason INTEGER
  ipspRctLastChanged TimeStamp
  ipspRctStorageType StorageType
  ipspRctRowStatus RowStatus

IpspCredentialEntry  
SEQUENCE    
  ipspCredName SnmpAdminString
  ipspCredType IpspCredentialType
  ipspCredCredential OCTET STRING
  ipspCredSize Integer32
  ipspCredMngName SnmpAdminString
  ipspCredRemoteID OCTET STRING
  ipspCredAdminStatus IpspAdminStatus
  ipspCredLastChanged TimeStamp
  ipspCredStorageType StorageType
  ipspCredRowStatus RowStatus

IpspCredentialSegmentEntry  
SEQUENCE    
  ipspCredSegIndex Integer32
  ipspCredSegValue OCTET STRING
  ipspCredSegLastChanged TimeStamp
  ipspCredSegStorageType StorageType
  ipspCredSegRowStatus RowStatus

Defined Values

ipspMIB 1.3.6.1.2.1.1
The MIB module for defining IPsec Policy filters and actions. Copyright (C) The Internet Society (2003). This version of this MIB module is part of RFC XXXX, see the RFC itself for full legal notices.
MODULE-IDENTITY    

ipspConfigObjects 1.3.6.1.2.1.1.1
OBJECT IDENTIFIER    

ipspNotificationObjects 1.3.6.1.2.1.1.2
OBJECT IDENTIFIER    

ipspConformanceObjects 1.3.6.1.2.1.1.3
OBJECT IDENTIFIER    

ipspLocalConfigObjects 1.3.6.1.2.1.1.1.1
OBJECT IDENTIFIER    

ipspSystemPolicyGroupName 1.3.6.1.2.1.1.1.1.1
This object indicates the policy group containing the global system policy that is to be applied when a given endpoint does not contain a policy definition. Its value can be used as an index into the ipspGroupContentsTable to retrieve a list of policies. A zero length string indicates no system wide policy exists and the default policy of 'accept' should be executed until one is imposed by either this object or by the endpoint processing a given packet.
Status: current Access: read-write
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspEndpointToGroupTable 1.3.6.1.2.1.1.1.2
This table is used to map policy (groupings) onto an endpoint where traffic is to pass by. Any policy group assigned to an endpoint is then used to control access to the traffic passing by it. If an endpoint has been configured with a policy group and no contained rule matches the incoming packet, the default action in this case shall be to drop the packet. If no policy group has been assigned to an endpoint, then the policy group specified by ipspSystemPolicyGroupName should be used for the endpoint.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspEndpointToGroupEntry

ipspEndpointToGroupEntry 1.3.6.1.2.1.1.1.2.1
A mapping assigning a policy group to an endpoint.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspEndpointToGroupEntry  

ipspEndGroupIdentType 1.3.6.1.2.1.1.1.2.1.1
The Internet Protocol version of the address associated with a given endpoint. All addresses are represented as an array of octets in network byte order. When combined with the ipspEndGroupAddress these objects can be used to uniquely identify an endpoint that a set of policy groups should be applied to. Devices supporting IPv4 MUST support the ipv4 value, and devices supporting IPv6 MUST support the ipv6 value. Values of unknown, ipv4z, ipv6z and dns are not legal values for this object.
Status: current Access: not-accessible
OBJECT-TYPE    
  InetAddressType  

ipspEndGroupAddress 1.3.6.1.2.1.1.1.2.1.2
The address of a given endpoint, the format of which is specified by the ipspEndGroupIdentType object.
Status: current Access: not-accessible
OBJECT-TYPE    
  InetAddress Size(4|16)  

ipspEndGroupName 1.3.6.1.2.1.1.1.2.1.3
The policy group name to apply to this endpoint. The value of the ipspEndGroupName object should then be used as an index into the ipspGroupContentsTable to come up with a list of rules that MUST be applied to this endpoint.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspEndGroupLastChanged 1.3.6.1.2.1.1.1.2.1.4
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspEndGroupStorageType 1.3.6.1.2.1.1.1.2.1.5
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspEndGroupRowStatus 1.3.6.1.2.1.1.1.2.1.6
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object may not be set to active until one or more active rows exist within the ipspGroupContentsTable for the group referenced by the ipspEndGroupName object.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspGroupContentsTable 1.3.6.1.2.1.1.1.3
This table contains a list of rules and/or subgroups contained within a given policy group. The entries are sorted by the ipspGroupContPriority object and MUST be executed in order according to this value, starting with the lowest value. Once a group item has been processed, the processor MUST stop processing this packet if an action was executed as a result of the processing of a given group. Iterating into the next policy group item by finding the next largest ipspGroupContPriority object shall only be done if no actions were run when processing the last item for a given packet.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspGroupContentsEntry

ipspGroupContentsEntry 1.3.6.1.2.1.1.1.3.1
Defines a given sub-item within a policy group.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspGroupContentsEntry  

ipspGroupContName 1.3.6.1.2.1.1.1.3.1.1
The administrative name of this group.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspGroupContPriority 1.3.6.1.2.1.1.1.3.1.2
The priority (sequence number) of the sub-component in this group.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 0..65536  

ipspGroupContFilter 1.3.6.1.2.1.1.1.3.1.3
ipspGroupContFilter points to a filter which is evaluated to determine whether the sub-component within this group should be exercised. Managers can use this object to classify groups of rules or subgroups together in order to achieve a greater degree of control and optimization over the execution order of the items within the group. If the filter evaluates to false, the rule or subgroup will be skipped and the next rule or subgroup will be evaluated instead. An example usage of this object would be to limit a group of rules to executing only when the IP packet being process is designated to be processed by IKE. This effecitevly creates a group of IKE specific rules. This MIB defines the following tables and scalars which may be pointed to by this column. Implementations may choose to provide support for other filter tables or scalars as well: ipspIpHeaderFilterTable ipspIpOffsetFilterTable ipspTimeFilterTable ipspCompoundFilterTable ipspTrueFilter If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned.
Status: current Access: read-create
OBJECT-TYPE    
  VariablePointer  

ipspGroupContComponentType 1.3.6.1.2.1.1.1.3.1.4
Indicates whether the ipspGroupContComponentName object is the name of another group defined within the ipspGroupContentsTable or is the name of a rule defined within the ipspRuleDefinitionTable.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER reserved(0), group(1), rule(2)  

ipspGroupContComponentName 1.3.6.1.2.1.1.1.3.1.5
The name of the policy rule or subgroup contained within this group, as indicated by the ipspGroupContComponentType object.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspGroupContLastChanged 1.3.6.1.2.1.1.1.3.1.6
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspGroupContStorageType 1.3.6.1.2.1.1.1.3.1.7
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspGroupContRowStatus 1.3.6.1.2.1.1.1.3.1.8
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object may not be set to active until the row to which the ipspGroupContComponentName points to exists.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspRuleDefinitionTable 1.3.6.1.2.1.1.1.4
This table defines a policy rule by associating a filter or a set of filters to an action to be executed.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspRuleDefinitionEntry

ipspRuleDefinitionEntry 1.3.6.1.2.1.1.1.4.1
A row defining a particular policy definition. A rule definition binds a filter pointer to an action pointer.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspRuleDefinitionEntry  

ipspRuleDefName 1.3.6.1.2.1.1.1.4.1.1
ipspRuleDefName is the administratively assigned name of the rule referred to by the ipspGroupContComponentName object.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspRuleDefDescription 1.3.6.1.2.1.1.1.4.1.2
A user definable string. This field may be used for your administrative tracking purposes.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString  

ipspRuleDefFilter 1.3.6.1.2.1.1.1.4.1.3
ipspRuleDefFilter points to a filter which is used to evaluate whether the action associated with this row should be fired or not. The action will only fire if the filter referenced by this object evaluates to TRUE after first applying any negation required by the ipspRuleDefFilterNegated object. This MIB defines the following tables and scalars which may be pointed to by this column. Implementations may choose to provide support for other filter tables or scalars as well: ipspIpHeaderFilterTable ipspIpOffsetFilterTable ipspTimeFilterTable ipspCompoundFilterTable ipspTrueFilter If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned.
Status: current Access: read-create
OBJECT-TYPE    
  VariablePointer  

ipspRuleDefFilterNegated 1.3.6.1.2.1.1.1.4.1.4
ipspRuleDefFilterNegated specifies whether the filter referenced by the ipspRuleDefFilter object should be negated or not.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

ipspRuleDefAction 1.3.6.1.2.1.1.1.4.1.5
This column points to the action to be taken. It may, but is not limited to, point to a row in one of the following tables: ipspCompoundActionTable ipspSaPreconfiguredActionTable ipspIkeActionTable ipspIpsecActionTable It may also point to one of the scalar objects beneath ipspStaticActions. If this object is set to a pointer to a row in an unsupported (or unknown) table, an inconsistentValue error should be returned. If this object is set to point to a non-existent row in an otherwise supported table, an inconsistentName error should be returned.
Status: current Access: read-create
OBJECT-TYPE    
  VariablePointer  

ipspRuleDefAdminStatus 1.3.6.1.2.1.1.1.4.1.6
Indicates whether the current rule definition should be considered active. If enabled, it should be evaluated when processing packets. If disabled, packets should continue to be processed by the rest of the rules defined in the ipspGroupContentsTable as if this rule's filters had effectively failed.
Status: current Access: read-create
OBJECT-TYPE    
  IpspAdminStatus  

ipspRuleDefLastChanged 1.3.6.1.2.1.1.1.4.1.7
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspRuleDefStorageType 1.3.6.1.2.1.1.1.4.1.8
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspRuleDefRowStatus 1.3.6.1.2.1.1.1.4.1.9
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object may not be set to active until the containing contitions, filters and actions have been defined. Once active, it must remain active until no policyGroupContents entries are referencing it.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspCompoundFilterTable 1.3.6.1.2.1.1.1.5
A table defining a compound set of filters and their associated parameters. A row in this table can either be pointed to by a ipspRuleDefFilter object or by a ficSubFilter object.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspCompoundFilterEntry

ipspCompoundFilterEntry 1.3.6.1.2.1.1.1.5.1
An entry in the ipspCompoundFilterTable. A filter defined by this table is considered to have a TRUE return value if and only if: ipspCompFiltLogicType is AND and all of the sub-filters associated with it, as defined in the ipspSubfiltersTable, are all true themselves (after applying any requried negation as defined by the ficFilterIsNegated object). ipspCompFiltLogicType is OR and at least one of the sub-filters associated with it, as defined in the ipspSubfiltersTable, is true itself (after applying any requried negation as defined by the ficFilterIsNegated object).
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspCompoundFilterEntry  

ipspCompFiltName 1.3.6.1.2.1.1.1.5.1.1
A user definable string. You may use this field for your administrative tracking purposes.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspCompFiltDescription 1.3.6.1.2.1.1.1.5.1.2
A user definable string. You may use this field for your administrative tracking purposes.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString  

ipspCompFiltLogicType 1.3.6.1.2.1.1.1.5.1.3
Indicates whether the filters contained within this filter are functionally ANDed or ORed together.
Status: current Access: read-create
OBJECT-TYPE    
  IpspBooleanOperator  

ipspCompFiltLastChanged 1.3.6.1.2.1.1.1.5.1.4
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspCompFiltStorageType 1.3.6.1.2.1.1.1.5.1.5
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspCompFiltRowStatus 1.3.6.1.2.1.1.1.5.1.6
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. Once active, it may not have its value changed if any active rows in the ipspRuleDefinitionTable are currently pointing at this row.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspSubfiltersTable 1.3.6.1.2.1.1.1.6
This table defines a list of filters contained within a given compound filter set defined in the ipspCompoundFilterTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspSubfiltersEntry

ipspSubfiltersEntry 1.3.6.1.2.1.1.1.6.1
An entry into the list of filters for a given compound filter.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspSubfiltersEntry  

ipspSubFiltPriority 1.3.6.1.2.1.1.1.6.1.1
The priority of a given filter within a condition. Implementations MAY choose to follow the ordering indicated by the manager that created the rows in order to allow the manager to intelligently construct filter lists such that faster filters are evaluated first.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 0..65536  

ipspSubFiltSubfilter 1.3.6.1.2.1.1.1.6.1.2
The location of the contained filter. The value of this column should be a VariablePointer which references the properties for the filter to be included in this compound filter. This MIB defines the following tables and scalars which may be pointed to by this column. Implementations may choose to provide support for other filter tables or scalars as well: ipspIpHeaderFilterTable ipspIpOffsetFilterTable ipspTimeFilterTable ipspCompoundFilterTable ipspTrueFilter If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned.
Status: current Access: read-create
OBJECT-TYPE    
  VariablePointer  

ipspSubFiltSubfilterIsNegated 1.3.6.1.2.1.1.1.6.1.3
Indicates whether the result of applying this subfilter should be negated or not.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

ipspSubFiltLastChanged 1.3.6.1.2.1.1.1.6.1.4
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspSubFiltStorageType 1.3.6.1.2.1.1.1.6.1.5
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspSubFiltRowStatus 1.3.6.1.2.1.1.1.6.1.6
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object can not be made active until the filter referenced by the ficSubFilter object is both defined and is active. An attempt to do so will result in an inconsistentValue error.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspStaticFilters 1.3.6.1.2.1.1.1.7
OBJECT IDENTIFIER    

ipspTrueFilter 1.3.6.1.2.1.1.1.7.1
This scalar indicates a (automatic) true result for a filter. I.e. this is a filter that is always true, useful for adding as a default filter for a default action or a set of actions.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

ipspTrueFilterInstance 1.3.6.1.2.1.1.1.7.1.0
OBJECT IDENTIFIER    

ipspIkePhase1Filter 1.3.6.1.2.1.1.1.7.2
This static filter can be used to test if a packet is part of an IKE phase-1 negotiation.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

ipspIkePhase2Filter 1.3.6.1.2.1.1.1.7.3
This static filter can be used to test if a packet is part of an IKE phase-2 negotiation.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

ipspIpHeaderFilterTable 1.3.6.1.2.1.1.1.8
This table contains a list of filter definitions to be used within the ipspRuleDefinitionTable or the ipspSubfilterTable table.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIpHeaderFilterEntry

ipspIpHeaderFilterEntry 1.3.6.1.2.1.1.1.8.1
A definition of a particular filter.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIpHeaderFilterEntry  

ipspIpHeadFiltName 1.3.6.1.2.1.1.1.8.1.1
The administrative name for this filter.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpHeadFiltType 1.3.6.1.2.1.1.1.8.1.2
This defines the various tests that are used when evaluating a given filter. The results of each test are ANDed together to produce the result of the entire filter. When processing this filter, it is recommended for efficiency reasons that the filter halt processing the instant any of the specified tests fail. Once a row is 'active', this object's value may not be changed unless all the appropriate columns needed by the new value to be imposed on this object have been appropriately configured. The various tests definable in this table are as follows: sourceAddress: - Tests if the source address in the packet lies between the ipspIpHeadFiltSrcAddressBegin and ipspIpHeadFiltSrcAddressEnd objects. Note that setting these two objects to the same address will limit the search to the exact match of a single address. The format and length of the address objects are defined by the ipspIpHeadFiltIPVersion column. A row in this table containing a ipspIpHeadFiltType object with the sourceAddress object bit but without the ipspIpHeadFiltIPVersion, ipspIpHeadFiltSrcAddressBegin and ipspIpHeadFiltSrcAddressEnd objects set will cause the ipspIpHeadFiltRowStatus object to return the notReady state. destinationAddress: - Tests if the destination address in the packet lies between the ipspIpHeadFiltDstAddressBegin and ipspIpHeadFiltDstAddressEnd objects. Note that setting these two objects to the same address will limit the search to the exact match of a single address. The format and length of the address objects are defined by the ipspIpHeadFiltIPVersion column. A row in this table containing a ipspIpHeadFiltType object with the destinationAddress object bit but without the ipspIpHeadFiltIPVersion, ipspIpHeadFiltDstAddressBegin and ipspIpHeadFiltDstAddressEnd objects set will cause the ipspIpHeadFiltRowStatus object to return the notReady state. sourcePort: - Tests if the source port of IP packets using a protocol that uses port numbers (at this time, UDP or TCP) lies between the ipspIpHeadFiltSrcLowPort and ipspIpHeadFiltSrcHighPort objects. Note that setting these two objects to the same address will limit the search to the exact match of a single port. A row in this table containing a ipspIpHeadFiltType object with the sourcePort object bit but without the ipspIpHeadFiltSrcLowPort, and ipspIpHeadFiltSrcHighPort objects set will cause the ipspIpHeadFiltRowStatus object to return the notReady state. destinationPort: - Tests if the source port of IP packets using a protocol that uses port numbers (at this time, UDP or TCP) lies between the ipspIpHeadFiltDstLowPort and ipspIpHeadFiltDstHighPort objects. Note that setting these two objects to the same address will limit the search to the exact match of a single port. A row in this table containing a ipspIpHeadFiltType object with the sourcePort object bit but without the ipspIpHeadFiltDstLowPort, and ipspIpHeadFiltDstHighPort objects set will cause the ipspIpHeadFiltRowStatus object to return the notReady state. protocol: - Tests to see if the packet being processed is for the given protocol type. A row in this table containing a ipspIpHeadFiltType object with the protocol object bit but without the ipspIpHeadFiltProtocol object set will cause the ipspIpHeadFiltRowStatus object to return the notReady state. ipv6FlowLabel: - Tests to see if the packet being processed contains an ipv6 Flow Label which matches the value in the ipfIPv6FlowLabel object. Setting this bit mandates that for the packet to match the filter, it must be an IPv6 packet. A row in this table containing a ipspIpHeadFiltType object with the ipv6FlowLabel object bit but without the ipfIPv6FlowLabel object set will cause the ipspIpHeadFiltRowStatus object to return the notReady state.
Status: current Access: read-create
OBJECT-TYPE    
  BITS sourceAddress(0), destinationAddress(1), sourcePort(2), destinationPort(3), protocol(4), ipv6FlowLabel(5)  

ipspIpHeadFiltIPVersion 1.3.6.1.2.1.1.1.8.1.3
The Internet Protocol version the addresses are to match against. The value of this property determines the size and format of the ipspIpHeadFiltSrcAddressBegin, ipspIpHeadFiltSrcAddressEnd, ipspIpHeadFiltDstAddressBegin, and ipspIpHeadFiltDstAddressEnd objects. Values of unknown, ipv4z, ipv6z and dns are not legal values for this object.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddressType  

ipspIpHeadFiltSrcAddressBegin 1.3.6.1.2.1.1.1.8.1.4
The starting address of a source address range that the packet must match against for this filter to be considered TRUE. This object is only used if sourceAddress is set in ipspIpHeadFiltType.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

ipspIpHeadFiltSrcAddressEnd 1.3.6.1.2.1.1.1.8.1.5
The ending address of a source address range to check a packet against, where the starting is specified by the ipspIpHeadFiltSrcAddressBegin object. Set this column to the same value as the ipspIpHeadFiltSrcAddressBegin column to get an exact single address match. This object is only used if sourceAddress is set in ipspIpHeadFiltType.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

ipspIpHeadFiltDstAddressBegin 1.3.6.1.2.1.1.1.8.1.6
The starting address of a destination address range that the packet must match against for this filter to be considered TRUE. This object is only used if destinationAddress is set in ipspIpHeadFiltType.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

ipspIpHeadFiltDstAddressEnd 1.3.6.1.2.1.1.1.8.1.7
The ending address of a destination address range to check a packet against, where the first is specified by the ipspIpHeadFiltDstAddressBegin object. Set this column to the same value as the ipspIpHeadFiltDstAddressBegin column to get an exact single address match. This object is only used if destinationAddress is set in ipspIpHeadFiltType.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

ipspIpHeadFiltSrcLowPort 1.3.6.1.2.1.1.1.8.1.8
The low port of the port range a packet's source must match against. To match, the port number must be greater than or equal to this value. This object is only used if sourcePort is set in ipspIpHeadFiltType. The value of 0 for this object is illegal.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

ipspIpHeadFiltSrcHighPort 1.3.6.1.2.1.1.1.8.1.9
The high port of the port range a packet's source must match against. To match, the port number must be less than or equal to this value. This object is only used if sourcePort is set in ipspIpHeadFiltType. The value of 0 for this object is illegal.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

ipspIpHeadFiltDstLowPort 1.3.6.1.2.1.1.1.8.1.10
The low port of the port range a packet's destination must match against. To match, the port number must be greater than or equal to this value. This object is only used if destinationPort is set in ipspIpHeadFiltType. The value of 0 for this object is illegal.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

ipspIpHeadFiltDstHighPort 1.3.6.1.2.1.1.1.8.1.11
The high port of the port range a packet's destination must match against. To match, the port number must be less than or equal to this value. This object is only used if destinationPort is set in ipspIpHeadFiltType. The value of 0 for this object is illegal.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

ipspIpHeadFiltProtocol 1.3.6.1.2.1.1.1.8.1.12
The protocol number the incoming packet must match against for this filter to be evaluated as true. This object is only used if protocol is set in ipspIpHeadFiltType.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32 0..255  

ipspIpHeadFiltIPv6FlowLabel 1.3.6.1.2.1.1.1.8.1.13
The IPv6 Flow Label that the packet must match against. This object is only used if ipv6FlowLabel is set in ipspIpHeadFiltType.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32 0..1048575  

ipspIpHeadFiltLastChanged 1.3.6.1.2.1.1.1.8.1.14
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIpHeadFiltStorageType 1.3.6.1.2.1.1.1.8.1.15
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIpHeadFiltRowStatus 1.3.6.1.2.1.1.1.8.1.16
This object indicates the conceptual status of this row. This object may not be set to active if the requirements of the ipspIpHeadFiltType object are not met. In other words, if the associated value columns needed by a particular test have not been set, then attempting to change this row to an active state will result in an inconsistentValue error. See the ipspIpHeadFiltType object description for further details.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIpOffsetFilterTable 1.3.6.1.2.1.1.1.9
This table contains a list of filter definitions to be used within the ipspRuleDefinitionTable or the ipspSubfilterTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIpOffsetFilterEntry

ipspIpOffsetFilterEntry 1.3.6.1.2.1.1.1.9.1
A definition of a particular filter.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIpOffsetFilterEntry  

ipspIpOffFiltName 1.3.6.1.2.1.1.1.9.1.1
The administrative name for this filter.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpOffFiltOffset 1.3.6.1.2.1.1.1.9.1.2
This is the byte offset from the front of the IP packet where the value or arithmetic comparison is done. A value of '0' indicates the first byte in the packet.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32 0..65536  

ipspIpOffFiltType 1.3.6.1.2.1.1.1.9.1.3
This defines the various tests that are used when evaluating a given filter. Once a row is 'active', this object's value may not be changed unless the appropriate columns, ipspIpOffFiltNumber or ipspIpOffFiltValue, needed by the new value to be imposed on this object have been appropriately configured. The various tests definable in this table are as follows: valueMatch: - Tests if the OCTET STRING, 'ipspIpOffFiltValue', matches a value in the packet starting at the given offset in the packet and comparing the entire OCTET STRING of 'ipspIpOffFiltValue'. valueNotMatch: - Tests if the OCTET STRING, 'ipspIpOffFiltValue', does not match a value in the packet starting at the given offset in the packet and comparing to the entire OCTET STRING of 'ipspIpOffFiltValue'. arithmeticEqual: - Tests if the Integer32, 'ipspIpOffFiltNumber', is arithmetically equal ('=') to the 4 byte value starting at the given offset within the packet. The value in the packet is assumed to be in network byte order. arithmeticNotEqual: - Tests if the Integer32, 'ipspIpOffFiltNumber', is arithmetically not equal ('!=') to the 4 byte value starting at the given offset within the packet. The value in the packet is assumed to be in network byte order. arithmeticLess: - Tests if the Integer32, 'ipspIpOffFiltNumber', is arithmetically less than ('<') the 4 byte value starting at the given offset within the packet. The value in the packet is assumed to be in network byte order. arithmeticGreaterOrEqual: - Tests if the Integer32, 'ipspIpOffFiltNumber', is arithmetically greater than or equal to ('>=') the 4 byte value starting at the given offset within the packet. The value in the packet is assumed to be in network byte order. arithmeticGreater: - Tests if the Integer32, 'ipspIpOffFiltNumber', is arithmetically greater than ('>') the 4 byte value starting at the given offset within the packet. The value in the packet is assumed to be in network byte order. arithmeticLessOrEqual: - Tests if the Integer32, 'ipspIpOffFiltNumber', is arithmetically less than or equal to ('<=') the 4 byte value starting at the given offset within the packet. The value in the packet is assumed to be in network byte order.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER valueMatch(1), valueNotMatch(2), arithmeticEqual(3), arithmeticNotEqual(4), arithmeticLess(5), arithmeticGreaterOrEqual(6), arithmeticGreater(7), arithmeticLessOrEqual(8)  

ipspIpOffFiltNumber 1.3.6.1.2.1.1.1.9.1.4
ipspIpOffFiltNumber is used for arithmetic matching of a packets at ipspIpOffFiltOffset. This object is only used if one of the arithmetic types is chosen in ipspIpOffFiltType.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32 0..65536  

ipspIpOffFiltValue 1.3.6.1.2.1.1.1.9.1.5
ipspIpOffFiltValue is used for match comparisons of a packet at ipspIpOffFiltOffset. This object is only used if one of the match types is chosen in ipspIpOffFiltType.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..1024)  

ipspIpOffFiltLastChanged 1.3.6.1.2.1.1.1.9.1.6
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIpOffFiltStorageType 1.3.6.1.2.1.1.1.9.1.7
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIpOffFiltRowStatus 1.3.6.1.2.1.1.1.9.1.8
This object indicates the conceptual status of this row. This object may not be set to active if the requirements of the ipspIpOffFiltType object are not met. In other words, if the associated value columns needed by a particular test have not been set, then attempting to change this row to an active state will result in an inconsistentValue error. See the ipspIpOffFiltType object description for further details.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspTimeFilterTable 1.3.6.1.2.1.1.1.10
Defines a table of filters which can be used to effectively enable or disable policies based on a valid time range.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspTimeFilterEntry

ipspTimeFilterEntry 1.3.6.1.2.1.1.1.10.1
A row describing a given time frame for which a policy may be filtered on to place the rule active or inactive.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspTimeFilterEntry  

ipspTimeFiltName 1.3.6.1.2.1.1.1.10.1.1
An administratively assigned name for this filter.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspTimeFiltPeriodStart 1.3.6.1.2.1.1.1.10.1.2
The starting time period for this filter. In addition to a normal DateAndTime string, this object may be set to the OCTET STRING value THISANDPRIOR which indicates that the filter is valid from any time before now up until (at least) now.
Status: current Access: read-create
OBJECT-TYPE    
  DateAndTime  

ipspTimeFiltPeriodEnd 1.3.6.1.2.1.1.1.10.1.3
The ending time period for this filter. In addition to a normal DateAndTime string, this object may be set to the OCTET STRING value THISANDFUTURE which indicates that the filter is valid without an ending date and/or time.
Status: current Access: read-create
OBJECT-TYPE    
  DateAndTime  

ipspTimeFiltMonthOfYearMask 0.1.2.3.4.5.6.7.8.9.10.11.1.3.6.1.2.1.1.1.10.1.4
A bit mask which overlays the ipspTimeFiltPeriodStart to ipspTimeFiltPeriodEnd date range to further restrict the time period to a restricted set of months of the year.
Status: current Access: read-create
OBJECT-TYPE    
  BITS january(0), february(1), march(2), april(3), may(4), june(5), july(6), august(7), september(8), october(9), november(10), december(11)  

ipspTimeFiltDayOfMonthMask 1.3.6.1.2.1.1.1.10.1.5
Defines which days of the month this time period is valid for. It is a sequence of 32 BITS, where each BIT represents a corresponding day of the month starting from the left most bit being equal to the first day of the month. The last bit in the string MUST be zero.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(4)  

ipspTimeFiltDayOfWeekMask 0.1.2.3.4.5.6.1.3.6.1.2.1.1.1.10.1.6
A bit mask which overlays the ipspTimeFiltPeriodStart to ipspTimeFiltPeriodEnd date range to further restrict the time period to a restricted set of days within a given week.
Status: current Access: read-create
OBJECT-TYPE    
  BITS monday(0), tuesday(1), wednesday(2), thursday(3), friday(4), saturday(5), sunday(6)  

ipspTimeFiltTimeOfDayMaskStart 1.3.6.1.2.1.1.1.10.1.7
Indicates the starting time of day for which this filter evaluates to true. The date portions of the DateAndTime TC are ignored for purposes of evaluating this mask and only the time specific portions are used.
Status: current Access: read-create
OBJECT-TYPE    
  DateAndTime  

ipspTimeFiltTimeOfDayMaskEnd 1.3.6.1.2.1.1.1.10.1.8
Indicates the ending time of day for which this filter evaluates to true. The date portions of the DateAndTime TC are ignored for purposes of evaluating this mask and only the time specific portions are used. If this starting and ending time values indicated by the ipspTimeFiltTimeOfDayMaskStart and ipspTimeFiltTimeOfDayMaskEnd objects are equal, the filter is expected to be evaluated over the entire 24 hour period.
Status: current Access: read-create
OBJECT-TYPE    
  DateAndTime  

ipspTimeFiltLastChanged 1.3.6.1.2.1.1.1.10.1.9
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspTimeFiltStorageType 1.3.6.1.2.1.1.1.10.1.10
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspTimeFiltRowStatus 1.3.6.1.2.1.1.1.10.1.11
This object indicates the conceptual status of this row.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIpsoHeaderFilterTable 1.3.6.1.2.1.1.1.11
This table contains a list of IPSO header filter definitions to be used within the ipspRuleDefinitionTable or the ipspSubfilterTable. IPSO headers and their values are described in RFC1108.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIpsoHeaderFilterEntry

ipspIpsoHeaderFilterEntry 1.3.6.1.2.1.1.1.11.1
A definition of a particular filter.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIpsoHeaderFilterEntry  

ipspIpsoHeadFiltName 1.3.6.1.2.1.1.1.11.1.1
The administrative name for this filter.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpsoHeadFiltType 1.3.6.1.2.1.1.1.11.1.2
The IPSO header fields to match the value against.
Status: current Access: read-create
OBJECT-TYPE    
  BITS classificationLevel(0), protectionAuthority(1)  

ipspIpsoHeadFiltClassification 1.3.6.1.2.1.1.1.11.1.3
The IPSO classification header field value must match the value in this column if the classificationLevel bit is set in the ipspIpsoHeadFiltType field. The values of these enumerations are defined by RFC1108.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER topSecret(61), secret(90), confidential(150), unclassified(171)  

ipspIpsoHeadFiltProtectionAuth 1.3.6.1.2.1.1.1.11.1.4
The IPSO protection authority header field value must match the value in this column if the protection authority bit is set in the ipspIpsoHeadFiltType field. The values of these enumerations are defined by RFC1108. Hence the reason the SMIv2 convention of not using 0 in enum lists is violated here.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER genser(0), siopesi(1), sci(2), nsa(3), doe(4)  

ipspIpsoHeadFiltLastChanged 1.3.6.1.2.1.1.1.11.1.5
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIpsoHeadFiltStorageType 1.3.6.1.2.1.1.1.11.1.6
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIpsoHeadFiltRowStatus 1.3.6.1.2.1.1.1.11.1.7
This object indicates the conceptual status of this row. This object may not be set to active if the requirements of the ipspIpsoHeadFiltType object are not met. In other words, if the associated value columns needed by a particular test have not been set, then attempting to change this row to an active state will result in an inconsistentValue error. See the ipspIpsoHeadFiltType object description for further details.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspCredentialFilterTable 1.3.6.1.2.1.1.1.12
This table defines filters which can be used to match credentials of IKE peers, where the credentials in question have been obtained from an IKE phase 1 exchange. They may be X.509 certificates, Kerberos tickets, etc...
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspCredentialFilterEntry

ipspCredentialFilterEntry 1.3.6.1.2.1.1.1.12.1
A row defining a particular credential filter
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspCredentialFilterEntry  

ipspCredFiltName 1.3.6.1.2.1.1.1.12.1.1
The administrative name of this filter.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspCredFiltCredentialType 1.3.6.1.2.1.1.1.12.1.2
The credential type that is expected for this filter to succeed.
Status: current Access: read-create
OBJECT-TYPE    
  IpspCredentialType  

ipspCredFiltMatchFieldName 1.3.6.1.2.1.1.1.12.1.3
The piece of the credential to match against. Examples: serialNumber, signatureAlgorithm, issuerName or subjectName. For credential types without fields (e.g. shared secrec), this field should be left empty, and the entire credential will be matched against the ipspCredFiltMatchFieldValue.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..256)  

ipspCredFiltMatchFieldValue 1.3.6.1.2.1.1.1.12.1.4
The value that the field indicated by the ipspCredFiltMatchFieldName must match against for the filter to be considered TRUE.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(1..4096)  

ipspCredFiltAcceptCredFrom 1.3.6.1.2.1.1.1.12.1.5
This value is used to look up a row in the ipspIpsecCredMngServiceTable for the Certificate Authority (CA) Information. This value is empty if there is no CA used for this filter.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(1..117)  

ipspCredFiltLastChanged 1.3.6.1.2.1.1.1.12.1.6
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspCredFiltStorageType 1.3.6.1.2.1.1.1.12.1.7
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspCredFiltRowStatus 1.3.6.1.2.1.1.1.12.1.8
This object indicates the conceptual status of this row.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspPeerIdentityFilterTable 1.3.6.1.2.1.1.1.13
This table defines filters which can be used to match credentials of IKE peers, where the credentials in question have been obtained from an IKE phase 1 exchange. They may be X.509 certificates, Kerberos tickets, etc...
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspPeerIdentityFilterEntry

ipspPeerIdentityFilterEntry 1.3.6.1.2.1.1.1.13.1
A row defining a particular credential filter
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspPeerIdentityFilterEntry  

ipspPeerIdFiltName 1.3.6.1.2.1.1.1.13.1.1
The administrative name of this filter.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspPeerIdFiltIdentityType 1.3.6.1.2.1.1.1.13.1.2
The type of identity field in the peer ID payload to match against.
Status: current Access: read-create
OBJECT-TYPE    
  IpsecDoiIdentType  

ipspPeerIdFiltIdentityValue 1.3.6.1.2.1.1.1.13.1.3
The string representation of the value that the peer ID payload value must match against. Wildcard mechanisms MUST be supported such that: - a ipspPeerIdFiltIdentityValue of '*@example.com' will match a userFqdn ID payload of 'JDOE@EXAMPLE.COM' - a ipspPeerIdFiltIdentityValue of '*.example.com' will match a fqdn ID payload of 'WWW.EXAMPLE.COM' - a ipspPeerIdFiltIdentityValue of: 'cn=*,ou=engineering,o=company,c=us' will match a DER DN ID payload of 'cn=John Doe,ou=engineering,o=company,c=us' - a ipspPeerIdFiltIdentityValue of '192.0.2.0/24' will match an IPv4 address ID payload of 192.0.2.10 - a ipspPeerIdFiltIdentityValue of '192.0.2.*' will also match an IPv4 address ID payload of 192.0.2.10. The character '*' replaces 0 or multiple instances of any character.
Status: current Access: read-create
OBJECT-TYPE    
  IpspIdentityFilter  

ipspPeerIdFiltLastChanged 1.3.6.1.2.1.1.1.13.1.4
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspPeerIdFiltStorageType 1.3.6.1.2.1.1.1.13.1.5
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspPeerIdFiltRowStatus 1.3.6.1.2.1.1.1.13.1.6
This object indicates the conceptual status of this row. This object can not be considered active unless the ipspPeerIdFiltIdentityType and ipspPeerIdFiltIdentityValue column values are defined.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspCompoundActionTable 1.3.6.1.2.1.1.1.14
Table used to allow multiple actions to be associated with a rule. It uses the ipspSubactionsTable to do this.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspCompoundActionEntry

ipspCompoundActionEntry 1.3.6.1.2.1.1.1.14.1
A row in the ipspCompoundActionTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspCompoundActionEntry  

ipspCompActName 1.3.6.1.2.1.1.1.14.1.1
This is an administratively assigned name of this compound action.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspCompActExecutionStrategy 1.3.6.1.2.1.1.1.14.1.2
This object indicates how the sub-actions are executed based on the success of the actions as they finish executing. doAll - run each sub-action regardless of the exit status of the previous action. This parent action is always considered to have acted successfully. doUntilSuccess - run each sub-action until one succeeds, at which point stop processing the sub-actions within this parent compound action. If one of the sub-actions did execute successfully, this parent action is also considered to have executed sucessfully. doUntilFailure - run each sub-action until one fails, at which point stop processing the sub-actions within this compound action. If any sub-action fails, the result of this parent action is considered to have failed.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER reserved(0), doAll(1), doUntilSuccess(2), doUntilFailure(3)  

ipspCompActLastChanged 1.3.6.1.2.1.1.1.14.1.3
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspCompActStorageType 1.3.6.1.2.1.1.1.14.1.4
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspCompActRowStatus 1.3.6.1.2.1.1.1.14.1.5
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. Once a row in the ipspCompoundActionTable has been made active, this object may not be set to destroy without first destroying all the contained rows listed in the ipspSubactionsTable.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspSubactionsTable 1.3.6.1.2.1.1.1.15
This table contains a list of the sub-actions within a given compound action. Compound actions executing these actions MUST execute them in series based on the ipspSubActPriority value, with the lowest value executing first.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspSubactionsEntry

ipspSubactionsEntry 1.3.6.1.2.1.1.1.15.1
A row containing a reference to a given compound-action sub-action.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspSubactionsEntry  

ipspSubActPriority 1.3.6.1.2.1.1.1.15.1.1
The priority of a given sub-action within a compound action. The order in which sub-actions should be executed are based on the value from this column, with the lowest numeric value executing first.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 0..65536  

ipspSubActSubActionName 1.3.6.1.2.1.1.1.15.1.2
This column points to the action to be taken. It may, but is not limited to, point to a row in one of the following tables: ipspCompoundActionTable - Allowing recursion ipspSaPreconfiguredActionTable ipspIkeActionTable ipspIpsecActionTable It may also point to one of the scalar objects beneath ipspStaticActions. If this object is set to a pointer to a row in an unsupported (or unknown) table, an inconsistentValue error should be returned. If this object is set to point to a non-existent row in an otherwise supported table, an inconsistentName error should be returned.
Status: current Access: read-create
OBJECT-TYPE    
  VariablePointer  

aiipspCompActLastChanged 1.3.6.1.2.1.1.1.15.1.3
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

aiipspCompActStorageType 1.3.6.1.2.1.1.1.15.1.4
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

aiipspCompActRowStatus 1.3.6.1.2.1.1.1.15.1.5
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspStaticActions 1.3.6.1.2.1.1.1.16
OBJECT IDENTIFIER    

ipspDropAction 1.3.6.1.2.1.1.1.16.1
This scalar indicates that a packet should be dropped WITHOUT action/packet logging. This object returns a value of 1 for IPsec policy implementations that support the drop static action.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

ipspDropActionLog 1.3.6.1.2.1.1.1.16.2
This scalar indicates that a packet should be dropped WITH action/packet logging. This object returns a value of 1 for IPsec policy implementations that support the drop static action with logging.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

ipspAcceptAction 1.3.6.1.2.1.1.1.16.3
This Scalar indicates that a packet should be accepted (pass-through) WITHOUT action/packet logging. This object returns a value of 1 for IPsec policy implementations that support the accept static action.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

ipspAcceptActionLog 1.3.6.1.2.1.1.1.16.4
This scalar indicates that a packet should be accepted (pass-through) WITH action/packet logging. This object returns a value of 1 for IPsec policy implementations that support the accept static action with logging.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

ipspRejectIKEAction 1.3.6.1.2.1.1.1.16.5
This scalar indicates that a packet should be rejected WITHOUT action/packet logging. This object returns a value of 1 for IPsec policy implementations that support the reject static action.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

ipspRejectIKEActionLog 1.3.6.1.2.1.1.1.16.6
This scalar indicates that a packet should be rejected WITH action/packet logging. This object returns a value of 1 for IPsec policy implementations that support the reject static action with logging.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

ipspSaPreconfiguredActionTable 1.3.6.1.2.1.1.1.17
This table is a list of non-negotiated IPsec actions (SAs) that can be performed and contains or indicates the data necessary to create such an SA.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspSaPreconfiguredActionEntry

ipspSaPreconfiguredActionEntry 1.3.6.1.2.1.1.1.17.1
One entry in the ipspSaPreconfiguredActionTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspSaPreconfiguredActionEntry  

ipspSaPreActActionName 1.3.6.1.2.1.1.1.17.1.1
This object contains the name of this SaPreconfiguredActionEntry.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspSaPreActSADirection 1.3.6.1.2.1.1.1.17.1.2
This object indicates whether a row should apply to outgoing or incoming SAs
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspSADirection  

ipspSaPreActActionDescription 1.3.6.1.2.1.1.1.17.1.3
An administratively assigned string which may be used to describe what the action does.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString  

ipspSaPreActActionLifetimeSec 1.3.6.1.2.1.1.1.17.1.4
ipspSaPreActActionLifetimeSec specifies how long in seconds the security association derived from this action should be used. The default lifetime is 8 hours. Note: the actual lifetime of the preconfigured SA will be the lesser of the value of this object and of the value of the MaxLifetimeSecs property of the associated transform. A value of 0 indicates no time limit on the lifetime of the SA.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspSaPreActActionLifetimeKB 1.3.6.1.2.1.1.1.17.1.5
ipspSaPreActActionLifetimeKB specifies how long the security association derived from this action should be used. After this value in KiloBytes has passed through the security association, it should no longer be used. Note: the actual lifetime of the preconfigured SA will be the lesser of the value of this object and of the value of the MaxLifetimeKB property of the associated transform. The default value, '0', indicates no kilobyte limit.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspSaPreActDoActionLogging 1.3.6.1.2.1.1.1.17.1.6
ipspSaPreActDoActionLogging specifies whether or not an audit message should be logged when a preconfigured SA is created.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

ipspSaPreActDoPacketLogging 1.3.6.1.2.1.1.1.17.1.7
ipspSaPreActDoPacketLogging specifies whether or not an audit message should be logged and if there is logging, how many bytes of the packet to place in the notification.
Status: current Access: read-create
OBJECT-TYPE    
  IpspIPPacketLogging  

ipspSaPreActDFHandling 1.3.6.1.2.1.1.1.17.1.8
This object specifies how to process the DF bit in packets sent through the preconfigured SA. This object is not used for transport SAs.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER reserved(0), copy(1), set(2), clear(3)  

ipspSaPreActActionType 1.3.6.1.2.1.1.1.17.1.9
This object specifies the encapsulation mode to use for the preconfigured SA: tunnel or transport mode.
Status: current Access: read-create
OBJECT-TYPE    
  IpsecDoiEncapsulationMode  

ipspSaPreActAHSPI 1.3.6.1.2.1.1.1.17.1.10
This object represents the SPI value for the AH SA.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32  

ipspSaPreActAHTransformName 1.3.6.1.2.1.1.1.17.1.11
This object is the name of the AH transform to use as an index into the AHTransformTable. A zero length value indicates no transform of this type is used.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspSaPreActAHSharedSecretName 1.3.6.1.2.1.1.1.17.1.12
This object contains a name value to be used as an index into the ipspCredentialTable which holds the pertinent keying information for the AH SA.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspSaPreActESPSPI 1.3.6.1.2.1.1.1.17.1.13
This object represents the SPI value for the ESP SA.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32  

ipspSaPreActESPTransformName 1.3.6.1.2.1.1.1.17.1.14
This object is the name of the ESP transform to use as an index into the ESPTransformTable. A zero length value indicates no transform of this type is used.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspSaPreActESPEncSecretName 1.3.6.1.2.1.1.1.17.1.15
This object contains a name value to be used as an index into the ipspCredentialTable which holds the pertinent keying information for the encryption algorithm of the ESP SA.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspSaPreActESPAuthSecretName 1.3.6.1.2.1.1.1.17.1.16
This object contains a name value to be used as an index into the ipspCredentialTable which holds the pertinent keying information for the authentication algorithm of the ESP SA.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspSaPreActIPCompSPI 1.3.6.1.2.1.1.1.17.1.17
This object represents the SPI value for the IPComp SA.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32  

ipspSaPreActIPCompTransformName 1.3.6.1.2.1.1.1.17.1.18
This object is the name of the IPComp transform to use as an index into the IPCompTransformTable. A zero length value indicates no transform of this type is used.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspSaPreActPeerGatewayIdName 1.3.6.1.2.1.1.1.17.1.19
This object indicates the peer id name of the peer gateway. This object can be used to look up the peer gateway address in the ipspPeerIdentityTable. This object is only used when initiating a tunnel SA, and is not used for transport SAs. If ipspSaPreActActionType specifies tunnel mode and this object is empty, the peer gateway should be determined from the source or destination of the packet.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspSaPreActLastChanged 1.3.6.1.2.1.1.1.17.1.20
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspSaPreActStorageType 1.3.6.1.2.1.1.1.17.1.21
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspSaPreActRowStatus 1.3.6.1.2.1.1.1.17.1.22
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspSaNegotiationParametersTable 1.3.6.1.2.1.1.1.18
This table contains reusable parameters that can be pointed to by the ipspIkeActionTable and ipspIpsecActionTable. These parameters are reusable since it is likely an administrator will want to make global policy changes to lifetime parameters that apply to multiple actions. This table allows multiple rows in the other actions tables to reuse global lifetime parameters in this table by repeatedly pointing to a row cointained within this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspSaNegotiationParametersEntry

ipspSaNegotiationParametersEntry 1.3.6.1.2.1.1.1.18.1
Contains the attributes of one row in the ipspSaNegotiationParametersTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspSaNegotiationParametersEntry  

ipspSaNegParamName 1.3.6.1.2.1.1.1.18.1.1
This object contains the administrative name of this SaNegotiationParametersEntry. This row can be referred to by this name in other policy action tables.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspSaNegParamMinLifetimeSecs 1.3.6.1.2.1.1.1.18.1.2
ipspSaNegParamMinLifetimeSecs specifies the minimum seconds lifetime that will be accepted from the peer.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspSaNegParamMinLifetimeKB 1.3.6.1.2.1.1.1.18.1.3
ipspSaNegParamMinLifetimeKB specifies the minimum kilobyte lifetime that will be accepted from the peer.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspSaNegParamRefreshThreshSecs 1.3.6.1.2.1.1.1.18.1.4
ipspSaNegParamRefreshThreshSecs specifies what percentage of the seconds lifetime can expire before IKE should attempt to renegotiate the IPsec security association. A value between 1 and 100 representing a percentage. A value of 100 indicates that the IPsec security association should not be renegotiated until the seconds lifetime has been completely reached.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 1..100  

ipspSaNegParamRefreshThresholdKB 1.3.6.1.2.1.1.1.18.1.5
ipspSaNegParamRefreshThresholdKB specifies what percentage of the kilobyte lifetime can expire before IKE should attempt to renegotiate the IPsec security association. A value between 1 and 100 representing a percentage. A value of 100 indicates that the IPsec security association should not be renegotiated until the kilobyte lifetime has been reached.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 1..100  

ipspSaNegParamIdleDurationSecs 1.3.6.1.2.1.1.1.18.1.6
ipspSaNegParamIdleDurationSecs specifies how many seconds a security association may remain idle (i.e., no traffic protected using the security association) before it is deleted. A value of zero indicates that idle detection should not be used for the security association. Any non-zero value indicates the number of seconds the security association may remain unused.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspSaNegParamLastChanged 1.3.6.1.2.1.1.1.18.1.7
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspSaNegParamStorageType 1.3.6.1.2.1.1.1.18.1.8
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspSaNegParamRowStatus 1.3.6.1.2.1.1.1.18.1.9
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object may not be set to destroy if refered to by other rows in other action tables.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIkeActionTable 1.3.6.1.2.1.1.1.19
The ipspIkeActionTable contains a list of the parameters used for an IKE phase 1 SA DOI negotiation. See the corresponding table ipspIkeActionProposalsTable for a list of proposals contained within a given IKE Action.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIkeActionEntry

ipspIkeActionEntry 1.3.6.1.2.1.1.1.19.1
The ipspIkeActionEntry lists the IKE negotiation attributes.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIkeActionEntry  

ipspIkeActName 1.3.6.1.2.1.1.1.19.1.1
This object contains the name of this ikeAction entry.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIkeActParametersName 1.3.6.1.2.1.1.1.19.1.2
This object is administratively assigned to reference a row in the ipspSaNegotiationParametersTable where additional parameters affecting this action may be found.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIkeActThresholdDerivedKeys 1.3.6.1.2.1.1.1.19.1.3
ipspIkeActThresholdDerivedKeys specifies what percentage of the derived key limit (see the LifetimeDerivedKeys property of IKEProposal) can expire before IKE should attempt to renegotiate the IKE phase 1 security association.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32 0..100  

ipspIkeActExchangeMode 1.3.6.1.2.1.1.1.19.1.4
ipspIkeActExchangeMode specifies the IKE Phase 1 negotiation mode.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER main(1), agressive(2)  

ipspIkeActAgressiveModeGroupId 1.3.6.1.2.1.1.1.19.1.5
The values to be used for Diffie-Hellman exchange.
Status: current Access: read-create
OBJECT-TYPE    
  IkeGroupDescription  

ipspIkeActIdentityType 1.3.6.1.2.1.1.1.19.1.6
This column along with ipspIkeActIdentityContext and endpoint information is used to refer an ipspIkeIdentityEntry in the ipspIkeIdentityTable.
Status: current Access: read-create
OBJECT-TYPE    
  IpsecDoiIdentType  

ipspIkeActIdentityContext 1.3.6.1.2.1.1.1.19.1.7
This column, along with ipspIkeActIdentityType and endpoint information, is used to refer to an ipspIkeIdentityEntry in the ipspIkeIdentityTable.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIkeActPeerName 1.3.6.1.2.1.1.1.19.1.8
This object indicates the peer id name of the IKE peer. This object can be used to look up the peer id value, address, credentials and other values in the ipspPeerIdentityTable.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspIkeActDoActionLogging 1.3.6.1.2.1.1.1.19.1.9
ikeDoActionLogging specifies whether or not an audit message should be logged when this ike SA is created.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

ipspIkeActDoPacketLogging 1.3.6.1.2.1.1.1.19.1.10
ikeDoPacketLogging specifies whether or not an audit message should be logged and if there is logging, how many bytes of the packet to place in the notification.
Status: current Access: read-create
OBJECT-TYPE    
  IpspIPPacketLogging  

ipspIkeActVendorId 1.3.6.1.2.1.1.1.19.1.11
Vendor ID Payload. A value of NULL means that Vendor ID payload will be neither generated nor accepted. A non-NULL value means that a Vendor ID payload will be generated (when acting as an initiator) or is expected (when acting as a responder).
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..65535)  

ipspIkeActLastChanged 1.3.6.1.2.1.1.1.19.1.12
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIkeActStorageType 1.3.6.1.2.1.1.1.19.1.13
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIkeActRowStatus 1.3.6.1.2.1.1.1.19.1.14
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object may not be set to destroy if refered to by other rows in other action tables.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIkeActionProposalsTable 1.3.6.1.2.1.1.1.20
This table contains a list of all ike proposal names found within a given IKE Action.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIkeActionProposalsEntry

ipspIkeActionProposalsEntry 1.3.6.1.2.1.1.1.20.1
a row containing one ike proposal reference
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIkeActionProposalsEntry  

ipspIkeActPropPriority 1.3.6.1.2.1.1.1.20.1.1
The numeric priority of a given contained proposal inside an ike Action. This index should be used to order the proposals in an IKE Phase I negotiation, lowest value first.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 0..65535  

ipspIkeActPropName 1.3.6.1.2.1.1.1.20.1.2
The administratively assigned name that can be used to reference a set of values contained within the ipspIkeProposalTable.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIkeActPropLastChanged 1.3.6.1.2.1.1.1.20.1.3
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIkeActPropStorageType 1.3.6.1.2.1.1.1.20.1.4
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIkeActPropRowStatus 1.3.6.1.2.1.1.1.20.1.5
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIkeProposalTable 1.3.6.1.2.1.1.1.21
This table contains a list of IKE proposals which are used in an IKE negotiation.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIkeProposalEntry

ipspIkeProposalEntry 1.3.6.1.2.1.1.1.21.1
One IKE proposal entry.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIkeProposalEntry  

ipspIkePropLifetimeDerivedKeys 1.3.6.1.2.1.1.1.21.1.1
ipspIkePropLifetimeDerivedKeys specifies the number of times that a phase 1 key will be used to derive a phase 2 key before the phase 1 security association needs renegotiated.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspIkePropCipherAlgorithm 1.3.6.1.2.1.1.1.21.1.2
ipspIkePropCipherAlgorithm specifies the proposed phase 1 security association encryption algorithm.
Status: current Access: read-create
OBJECT-TYPE    
  IkeEncryptionAlgorithm  

ipspIkePropCipherKeyLength 1.3.6.1.2.1.1.1.21.1.3
This object specifies, in bits, the key length for the cipher algorithm used in IKE Phase 1 negotiation.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspIkePropCipherKeyRounds 1.3.6.1.2.1.1.1.21.1.4
This object specifies the number of key rounds for the cipher algorithm used in IKE Phase 1 negotiation.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspIkePropHashAlgorithm 1.3.6.1.2.1.1.1.21.1.5
ipspIkePropHashAlgorithm specifies the proposed phase 1 security assocation hash algorithm.
Status: current Access: read-create
OBJECT-TYPE    
  IkeHashAlgorithm  

ipspIkePropPrfAlgorithm 1.3.6.1.2.1.1.1.21.1.6
ipPRFAlgorithm specifies the proposed phase 1 security association psuedo-random function. Note: currently no prf algorithms are defined.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER reserved(0)  

ipspIkePropVendorId 1.3.6.1.2.1.1.1.21.1.7
The VendorID property is used to identify vendor-defined key exchange GroupIDs.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..255)  

ipspIkePropDhGroup 1.3.6.1.2.1.1.1.21.1.8
This object specifies the proposed phase 1 security association Diffie-Hellman group
Status: current Access: read-create
OBJECT-TYPE    
  IkeGroupDescription  

ipspIkePropAuthenticationMethod 1.3.6.1.2.1.1.1.21.1.9
This object specifies the proposed authentication method for the phase 1 security association.
Status: current Access: read-create
OBJECT-TYPE    
  IkeAuthMethod  

ipspIkePropMaxLifetimeSecs 1.3.6.1.2.1.1.1.21.1.10
ipspIkePropMaxLifetimeSecs specifies the maximum amount of time to propose a security association remain valid. A value of 0 indicates that the default lifetime of 8 hours should be used.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspIkePropMaxLifetimeKB 1.3.6.1.2.1.1.1.21.1.11
ipspIkePropMaxLifetimeKB specifies the maximum kilobyte lifetime to propose a security association remain valid.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspIkePropProposalLastChanged 1.3.6.1.2.1.1.1.21.1.12
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIkePropProposalStorageType 1.3.6.1.2.1.1.1.21.1.13
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIkePropProposalRowStatus 1.3.6.1.2.1.1.1.21.1.14
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIpsecActionTable 1.3.6.1.2.1.1.1.22
The ipspIpsecActionTable contains a list of the parameters used for an IKE phase 2 IPsec DOI negotiation.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIpsecActionEntry

ipspIpsecActionEntry 1.3.6.1.2.1.1.1.22.1
The ipspIpsecActionEntry lists the IPsec negotiation attributes.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIpsecActionEntry  

ipspIpsecActName 1.3.6.1.2.1.1.1.22.1.1
ipspIpsecActName is the name of the ipsecAction entry.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpsecActParametersName 1.3.6.1.2.1.1.1.22.1.2
This object is used to reference a row in the ipspSaNegotiationParametersTable where additional parameters affecting this action may be found.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpsecActProposalsName 1.3.6.1.2.1.1.1.22.1.3
This object is used to reference one or more rows in the ipspIpsecProposalsTable where an ordered list of proposals affecting this action may be found.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpsecActUsePfs 1.3.6.1.2.1.1.1.22.1.4
This MIB object specifies whether or not perfect forward secrecy should be used when refreshing keys. A value of true indicates that PFS should be used.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

ipspIpsecActVendorId 1.3.6.1.2.1.1.1.22.1.5
The VendorID property is used to identify vendor-defined key exchange GroupIDs.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..255)  

ipspIpsecActGroupId 1.3.6.1.2.1.1.1.22.1.6
This object specifies the Diffie-Hellman group to use for phase 2 when the object ipspIpsecActUsePfs is true and the object ipspIpsecActUseIkeGroup is false. If the GroupID number is from the vendor-specific range (32768-65535), the VendorID qualifies the group number.
Status: current Access: read-create
OBJECT-TYPE    
  IkeGroupDescription  

ipspIpsecActPeerGatewayIdName 1.3.6.1.2.1.1.1.22.1.7
This object indicates the peer id name of the peer gateway. This object can be used to look up the peer id value, address and other values in the ipspPeerIdentityTable. This object is used when initiating a tunnel SA. This object is not used for transport SAs. If no value is set and ipspIpsecActMode is tunnel, the peer gateway should be determined from the source or destination address of the packet.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..116)  

ipspIpsecActUseIkeGroup 1.3.6.1.2.1.1.1.22.1.8
This object specifies whether or not to use the same GroupId for phase 2 as was used in phase 1. If UsePFS is false, this entry should be ignored.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

ipspIpsecActGranularity 1.3.6.1.2.1.1.1.22.1.9
This object specifies how the proposed selector for the security association will be created. The selector is created by using the FilterList information. The selector can be subnet, address, porotocol, or port.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER subnet(1), address(2), protocol(3), port(4)  

ipspIpsecActMode 1.3.6.1.2.1.1.1.22.1.10
This object specifies the encapsulation of the IPsec SA to be negotiated.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER tunnel(1), transport(2)  

ipspIpsecActDFHandling 1.3.6.1.2.1.1.1.22.1.11
This object specifies the processing of DF bit by the negotiated IPsec tunnel. 1 - DF bit is copied. 2 - DF bit is set. 3 - DF bit is cleared.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER copy(1), set(2), clear(3)  

ipspIpsecActDoActionLogging 1.3.6.1.2.1.1.1.22.1.12
ipspIpsecActDoActionLogging specifies whether or not an audit message should be logged when this ipsec SA is created.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

ipspIpsecActDoPacketLogging 1.3.6.1.2.1.1.1.22.1.13
ipspIpsecActDoPacketLogging specifies whether or not an audit message should be logged and if there is logging, how many bytes of the packet to place in the notification.
Status: current Access: read-create
OBJECT-TYPE    
  IpspIPPacketLogging  

ipspIpsecActLastChanged 1.3.6.1.2.1.1.1.22.1.14
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIpsecActStorageType 1.3.6.1.2.1.1.1.22.1.15
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIpsecActRowStatus 1.3.6.1.2.1.1.1.22.1.16
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIpsecProposalsTable 1.3.6.1.2.1.1.1.23
This table lists one or more IPsec proposals for IPsec actions.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIpsecProposalsEntry

ipspIpsecProposalsEntry 1.3.6.1.2.1.1.1.23.1
An entry containing (possibly a portion of) a proposal.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIpsecProposalsEntry  

ipspIpsecPropName 1.3.6.1.2.1.1.1.23.1.1
The name of this proposal.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpsecPropPriority 1.3.6.1.2.1.1.1.23.1.2
The priority level (AKA sequence level) of this proposal. A lower number indicates a higher precedence.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 0..65535  

ipspIpsecPropProtocolId 1.3.6.1.2.1.1.1.23.1.3
The protocol Id for the transforms for this proposal. The protoIsakmp(1) value is not valid for this object. This object, along with the ipspIpsecPropTransformsName, is the index into the ipspIpsecTransformsTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpsecDoiSecProtocolId  

ipspIpsecPropTransformsName 1.3.6.1.2.1.1.1.23.1.4
The name of the transform or group of transforms for this protocol. This object, along with the ipspIpsecPropProtocolId, is the index into the ipspIpsecTransformsTable.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpsecPropLastChanged 1.3.6.1.2.1.1.1.23.1.5
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIpsecPropStorageType 1.3.6.1.2.1.1.1.23.1.6
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIpsecPropRowStatus 1.3.6.1.2.1.1.1.23.1.7
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This row may not be set to active until the corresponding row in the ipspIpsecTransformsTable exists and is active.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIpsecTransformsTable 1.3.6.1.2.1.1.1.24
This table lists the IPsec proposals contained within a given IPsec action and the transforms within each of those proposals. These proposals and transforms can then be used to create phase 2 negotiation proposals.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIpsecTransformsEntry

ipspIpsecTransformsEntry 1.3.6.1.2.1.1.1.24.1
An entry containing the information on an IPsec transform.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIpsecTransformsEntry  

ipspIpsecTranType 1.3.6.1.2.1.1.1.24.1.1
The protocol type for this transform. The protoIsakmp(1) value is not valid for this object.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpsecDoiSecProtocolId  

ipspIpsecTranName 1.3.6.1.2.1.1.1.24.1.2
The name for this transform or group of transforms.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpsecTranPriority 1.3.6.1.2.1.1.1.24.1.3
The priority level (AKA sequence level) of the this transform within the group of transforms. This indicates the preference for which algorithms are requested when the list of transforms are sent to the remote host. A lower number indicates a higher precedence.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 0..65535  

ipspIpsecTranTransformName 1.3.6.1.2.1.1.1.24.1.4
The name for the given transform. Depending on the value of ipspIpsecTranType, this value should be used to lookup the transform's specific parameters in the ipspAhTransformTable, the ipspEspTransformTable or the ipspIpcompTransformTable.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpsecTranLastChanged 1.3.6.1.2.1.1.1.24.1.5
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIpsecTranStorageType 1.3.6.1.2.1.1.1.24.1.6
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIpsecTranRowStatus 1.3.6.1.2.1.1.1.24.1.7
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This row may not be set to active until the corresponding row in the ipspAhTransformTable, ipspEspTransformTable or the ipspIpcompTransformTable exists.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspAhTransformTable 1.3.6.1.2.1.1.1.25
This table lists all the AH transforms which can be used to build IPsec proposals.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspAhTransformEntry

ipspAhTransformEntry 1.3.6.1.2.1.1.1.25.1
This entry contains the attributes of one AH transform.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspAhTransformEntry  

ipspAhTranName 1.3.6.1.2.1.1.1.25.1.1
This object contains the name of this AH transform. This row will be referred to by an ipspIpsecTransformsEntry.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspAhTranMaxLifetimeSec 1.3.6.1.2.1.1.1.25.1.2
ipspAhTranMaxLifetimeSec specifies how long in seconds the security association derived from this transform should be used. A value of 0 indicates that the default lifetime of 8 hours should be used.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspAhTranMaxLifetimeKB 1.3.6.1.2.1.1.1.25.1.3
ipspAhTranMaxLifetimeKB specifies how long in kilobytes the security association derived from this transform should be used.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspAhTranAlgorithm 1.3.6.1.2.1.1.1.25.1.4
This object specifies the AH algorithm for this transform.
Status: current Access: read-create
OBJECT-TYPE    
  IpsecDoiAuthAlgorithm  

ipspAhTranReplayProtection 1.3.6.1.2.1.1.1.25.1.5
ipspAhTranReplayProtection indicates whether or not anti replay service is to be provided by this SA.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

ipspAhTranReplayWindowSize 1.3.6.1.2.1.1.1.25.1.6
ipspAhTranReplayWindowSize indicates the size, in bits, of the replay window to use if replay protection is true for this transform. The window size is assumed to be a power of two. If Replay Protection is false, this value can be ignored.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspAhTranLastChanged 1.3.6.1.2.1.1.1.25.1.7
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspAhTranStorageType 1.3.6.1.2.1.1.1.25.1.8
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspAhTranRowStatus 1.3.6.1.2.1.1.1.25.1.9
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspEspTransformTable 1.3.6.1.2.1.1.1.26
This table lists all the ESP transforms which can be used to build IPsec proposals
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspEspTransformEntry

ipspEspTransformEntry 1.3.6.1.2.1.1.1.26.1
This entry contains the attributes of one ESP transform.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspEspTransformEntry  

ipspEspTranName 1.3.6.1.2.1.1.1.26.1.1
The name of this particular espTransform be referred to by an ipspIpsecTransformsEntry.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspEspTranMaxLifetimeSec 1.3.6.1.2.1.1.1.26.1.2
ipspEspTranMaxLifetimeSec specifies how long in seconds the security association derived from this transform should be used. A value of 0 indicates that the default lifetime of 8 hours should be used.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspEspTranMaxLifetimeKB 1.3.6.1.2.1.1.1.26.1.3
ipspEspTranMaxLifetimeKB specifies how long in kilobytes the security association derived from this transform should be used.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspEspTranCipherTransformId 1.3.6.1.2.1.1.1.26.1.4
This object specifies the transform ID of the ESP cipher algorithm.
Status: current Access: read-create
OBJECT-TYPE    
  IpsecDoiEspTransform  

ipspEspTranCipherKeyLength 1.3.6.1.2.1.1.1.26.1.5
This object specifies, in bits, the key length for the ESP cipher algorithm.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspEspTranCipherKeyRounds 1.3.6.1.2.1.1.1.26.1.6
This object specifies the number of key rounds for the ESP cipher algorithm.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspEspTranIntegrityAlgorithmId 1.3.6.1.2.1.1.1.26.1.7
This object specifies the ESP integrity algorithm ID.
Status: current Access: read-create
OBJECT-TYPE    
  IpsecDoiAuthAlgorithm  

ipspEspTranReplayPrevention 1.3.6.1.2.1.1.1.26.1.8
ipspEspTranReplayPrevention indicates whether or not anti-replay service is to be provided by this SA.
Status: current Access: read-create
OBJECT-TYPE    
  TruthValue  

ipspEspTranReplayWindowSize 1.3.6.1.2.1.1.1.26.1.9
ipspEspTranReplayWindowSize indicates the size, in bits, of the replay window to use if replay protection is true for this transform. The window size is assumed to be a power of two. If Replay Protection is false, this value can be ignored.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspEspTranLastChanged 1.3.6.1.2.1.1.1.26.1.10
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspEspTranStorageType 1.3.6.1.2.1.1.1.26.1.11
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspEspTranRowStatus 1.3.6.1.2.1.1.1.26.1.12
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIpcompTransformTable 1.3.6.1.2.1.1.1.27
This table lists all the IP compression transforms which can be used to build IPsec proposals during negotiation of a phase 2 SA.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIpcompTransformEntry

ipspIpcompTransformEntry 1.3.6.1.2.1.1.1.27.1
This entry contains the attributes of one IP compression transform.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIpcompTransformEntry  

ipspIpcompTranName 1.3.6.1.2.1.1.1.27.1.1
The name of this ipspIpcompTransformEntry.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIpcompTranMaxLifetimeSec 1.3.6.1.2.1.1.1.27.1.2
ipspIpcompTranMaxLifetimeSec specifies how long in seconds the security association derived from this transform should be used. A value of 0 indicates that the default lifetime of 8 hours should be used.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspIpcompTranMaxLifetimeKB 1.3.6.1.2.1.1.1.27.1.3
ipspIpcompTranMaxLifetimeKB specifies how long in kilobytes the security association derived from this transform should be used.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspIpcompTranAlgorithm 1.3.6.1.2.1.1.1.27.1.4
ipspIpcompTranAlgorithm specifies the transform ID of the IP compression algorithm.
Status: current Access: read-create
OBJECT-TYPE    
  IpsecDoiIpcompTransform  

ipspIpcompTranDictionarySize 1.3.6.1.2.1.1.1.27.1.5
If the algorithm in ipspIpcompTranAlgorithm requires a dictionary size configuration parameter, then this is the place to put it. This object specifies the log2 maximum size of the dictionary for the compression algorithm.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspIpcompTranPrivateAlgorithm 1.3.6.1.2.1.1.1.27.1.6
If ipspIpcompTranPrivateAlgorithm has a value other zero, then it is up to the vendors implementation to determine the meaning of this field and substitute a data compression algorithm in place of ipspIpcompTranAlgorithm.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32  

ipspIpcompTranLastChanged 1.3.6.1.2.1.1.1.27.1.7
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIpcompTranStorageType 1.3.6.1.2.1.1.1.27.1.8
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIpcompTranRowStatus 1.3.6.1.2.1.1.1.27.1.9
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIkeIdentityTable 1.3.6.1.2.1.1.1.28
IKEIdentity is used to represent the identities that may be used for an IPProtocolEndpoint (or collection of IPProtocolEndpoints) to identify itself in IKE phase 1 negotiations. The column ikeIdentityName in an ipspIkeActionEntry together with the ipspEndGroupIdentType and the ipspEndGroupAddress in the PolicyEndpointToGroupTable specifies the unique identity to use in a negotiation exchange.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIkeIdentityEntry

ipspIkeIdentityEntry 1.3.6.1.2.1.1.1.28.1
ikeIdentity lists the attributes of an IKE identity.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIkeIdentityEntry  

ipspIkeIdCredentialName 1.3.6.1.2.1.1.1.28.1.1
This value is used as an index into the ipspCredentialTable to look up the actual credential value and other credential information. For ID's without associated credential information, this value is left blank. For ID's that are address types, this value may be left blank and the associated IPProtocolEndpoint or appropriate member of the Collection of endpoints is used.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspIkeIdLastChanged 1.3.6.1.2.1.1.1.28.1.2
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIkeIdStorageType 1.3.6.1.2.1.1.1.28.1.3
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIkeIdRowStatus 1.3.6.1.2.1.1.1.28.1.4
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspPeerIdentityTable 1.3.6.1.2.1.1.1.29
PeerIdentity is used to represent the identities that may be used for peers to identify themselves in IKE phase I/II negotiations. PeerIdentityTable aggregates the table entries that provide mappings between identities and their addresses.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspPeerIdentityEntry

ipspPeerIdentityEntry 1.3.6.1.2.1.1.1.29.1
peerIdentity matches a peer's identity to its address.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspPeerIdentityEntry  

ipspPeerIdName 1.3.6.1.2.1.1.1.29.1.1
This is an administratively assigned value that, together with ipspPeerIdPriority, uniquely identifies an entry in this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspPeerIdPriority 1.3.6.1.2.1.1.1.29.1.2
This object, along with ipspPeerIdName, uniquely identifies an entry in this table. The priority also indicates the order of peer gateways to initiate or accept SAs from (i.e. try until success).
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 0..2147483647  

ipspPeerIdType 1.3.6.1.2.1.1.1.29.1.3
ipspPeerIdType is an enumeration identifying the type of the Identity value.
Status: current Access: read-create
OBJECT-TYPE    
  IpsecDoiIdentType  

ipspPeerIdValue 1.3.6.1.2.1.1.1.29.1.4
ipspPeerIdValue contains an Identity filter to be used to match against the identity payload in an IKE request. If this value matches the value in the identity payload, the credential for the peer can be found using the ipspPeerIdCredentialName as an index into the credential table.
Status: current Access: read-create
OBJECT-TYPE    
  IpspIdentityFilter  

ipspPeerIdAddressType 1.3.6.1.2.1.1.1.29.1.5
The property ipspPeerIdAddressType specifies the format of the ipspPeerIdAddress property value.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddressType  

ipspPeerIdAddress 1.3.6.1.2.1.1.1.29.1.6
The property PeerAddress specifies the IP address of the peer. The format is specified by the ipspPeerIdAddressType. Values of unknown, ipv4z, ipv6z and dns are not legal values for this object.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

ipspPeerIdCredentialName 1.3.6.1.2.1.1.1.29.1.7
This value is used as an index into the ipspCredentialTable to look up the actual credential value and other credential information. For peer IDs that have no associated credential information, this value is left blank.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspPeerIdLastChanged 1.3.6.1.2.1.1.1.29.1.8
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspPeerIdStorageType 1.3.6.1.2.1.1.1.29.1.9
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspPeerIdRowStatus 1.3.6.1.2.1.1.1.29.1.10
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspAutostartIkeTable 1.3.6.1.2.1.1.1.30
The parameters in the autostart IKE Table are used to automatically initiate IKE phaes I and II (i.e. IPsec) negotiations on startup. It also will initiate IKE phase I and II negotiations for a row at the time of that row's creation
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspAutostartIkeEntry

ipspAutostartIkeEntry 1.3.6.1.2.1.1.1.30.1
autostart ike provides the set of parameters to automatically start IKE and IPsec SA's.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspAutostartIkeEntry  

ipspAutoIkePriority 1.3.6.1.2.1.1.1.30.1.1
ipspAutoIkePriority is an index into the autostartIkeAction table and can be used to order the autostart IKE actions.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 0..65535  

ipspAutoIkeAction 1.3.6.1.2.1.1.1.30.1.2
This pointer is used to point to the action or compound action that should be initiated by this row.
Status: current Access: read-create
OBJECT-TYPE    
  VariablePointer  

ipspAutoIkeAddressType 1.3.6.1.2.1.1.1.30.1.3
The property ipspAutoIkeAddressType specifies the format of the autoIke source and destination Address values. Values of unknown, ipv4z, ipv6z and dns are not legal values for this object.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddressType  

ipspAutoIkeSourceAddress 1.3.6.1.2.1.1.1.30.1.4
The property autoIkeSourecAddress specifies Source IP address for autostarting IKE SA's, formatted according to the appropriate convention as defined in the ipspAutoIkeAddressType property.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

ipspAutoIkeSourcePort 1.3.6.1.2.1.1.1.30.1.5
The property ipspAutoIkeSourcePort specifies the port number for the source port for auotstarting IKE SA's. The value of 0 for this object is illegal.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

ipspAutoIkeDestAddress 1.3.6.1.2.1.1.1.30.1.6
The property ipspAutoIkeDestAddress specifies the Destination IP address for autostarting IKE SA's, formatted according to the appropriate convention as defined in the ipspAutoIkeAddressType property.
Status: current Access: read-create
OBJECT-TYPE    
  InetAddress  

ipspAutoIkeDestPort 1.3.6.1.2.1.1.1.30.1.7
The property ipspAutoIkeDestPort specifies the port number for the destination port for auotstarting IKE SA's. The value of 0 for this object is illegal.
Status: current Access: read-create
OBJECT-TYPE    
  InetPortNumber  

ipspAutoIkeProtocol 1.3.6.1.2.1.1.1.30.1.8
The property Protocol specifies the protocol number used in comparing with policy filter entries and used in any phase 2 negotiations.
Status: current Access: read-create
OBJECT-TYPE    
  Unsigned32 0..255  

ipspAutoIkeLastChanged 1.3.6.1.2.1.1.1.30.1.9
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspAutoIkeStorageType 1.3.6.1.2.1.1.1.30.1.10
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspAutoIkeRowStatus 1.3.6.1.2.1.1.1.30.1.11
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspIpsecCredMngServiceTable 1.3.6.1.2.1.1.1.31
A table of Credential Management Service values. This table is usually used for credential/certificate values that are used with a management service (e.g. Certificate Authorities).
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspIpsecCredMngServiceEntry

ipspIpsecCredMngServiceEntry 1.3.6.1.2.1.1.1.31.1
A row in the ipspIpsecCredMngServiceTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspIpsecCredMngServiceEntry  

ipspIcmsName 1.3.6.1.2.1.1.1.31.1.1
This is an administratively assigned string used to index this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspIcmsDistinguishedName 1.3.6.1.2.1.1.1.31.1.2
This value represents the Distinguished Name of the Credential Management Service.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(1..256)  

ipspIcmsPolicyStatement 1.3.6.1.2.1.1.1.31.1.3
This Value represents the Credential Management Service Policy Statement, or a reference describing how to obtain it (e.g., a URL). If one doesn't exist, this value can be left blank
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..1024)  

ipspIcmsMaxChainLength 1.3.6.1.2.1.1.1.31.1.4
This value is the maximum length of the chain allowble from the Credential Management Service to the credential in question.
Status: current Access: read-create
OBJECT-TYPE    
  Integer32 0..255  

ipspIcmsCredentialName 1.3.6.1.2.1.1.1.31.1.5
This value is used as an index into the ipspCredentialTable to look up the actual credential value.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspIcmsLastChanged 1.3.6.1.2.1.1.1.31.1.6
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspIcmsStorageType 1.3.6.1.2.1.1.1.31.1.7
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspIcmsRowStatus 1.3.6.1.2.1.1.1.31.1.8
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspCredMngCRLTable 1.3.6.1.2.1.1.1.32
A table of the Credential Revocation Lists (CRL) for credential managment services.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspCredMngCRLEntry

ipspCredMngCRLEntry 1.3.6.1.2.1.1.1.32.1
A row in the ipspCredMngCRLTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspCredMngCRLEntry  

ipspCmcCRLName 1.3.6.1.2.1.1.1.32.1.1
This is an administratively assigned string used to index this table. It represents a CRL for a given CA from a given distribution point.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspCmcDistributionPoint 1.3.6.1.2.1.1.1.32.1.2
This Value represents a Distribution Point for a Credential Revocation List. It can be relative to the Credential Management Service or a full name (URL, e-mail, etc...).
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..256)  

ipspCmcThisUpdate 1.3.6.1.2.1.1.1.32.1.3
This value is the issue date of this CRL. This should be in utctime or generalizedtime.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..32)  

ipspCmcNextUpdate 1.3.6.1.2.1.1.1.32.1.4
This value indicates the date the next version of this CRL will be issued. This should be in utctime or generalizedtime.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..32)  

ipspCmcLastChanged 1.3.6.1.2.1.1.1.32.1.5
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspCmcStorageType 1.3.6.1.2.1.1.1.32.1.6
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspCmcRowStatus 1.3.6.1.2.1.1.1.32.1.7
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspRevokedCertificateTable 1.3.6.1.2.1.1.1.33
A table of Credentials revoked by credential managment services. That is, this table is a table of Certificates that are on CRL's, Credential Revocation Lists.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspRevokedCertificateEntry

ipspRevokedCertificateEntry 1.3.6.1.2.1.1.1.33.1
A row in the ipspRevokedCertificateTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspRevokedCertificateEntry  

ipspRctCertSerialNumber 1.3.6.1.2.1.1.1.33.1.1
This value is the serial number of the revoked certificate.
Status: current Access: not-accessible
OBJECT-TYPE    
  Unsigned32 0..4294967295  

ipspRctRevokedDate 1.3.6.1.2.1.1.1.33.1.2
This value is the revocation date of the certificate. This should be in utctime or generaltime.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..32)  

ipspRctRevokedReason 1.3.6.1.2.1.1.1.33.1.3
This value is the reason this certificate was revoked.
Status: current Access: read-create
OBJECT-TYPE    
  INTEGER reserved(0), unspecified(1), keyCompromise(2), cACompromise(3), affiliationChanged(4), superseded(5), cessationOfOperation(6), certificateHold(7), removeFromCRL(8)  

ipspRctLastChanged 1.3.6.1.2.1.1.1.33.1.4
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspRctStorageType 1.3.6.1.2.1.1.1.33.1.5
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspRctRowStatus 1.3.6.1.2.1.1.1.33.1.6
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspCredentialTable 1.3.6.1.2.1.1.1.34
A table of credential values. Example of Credentials are shared secrets, certificates or kerberos tickets.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspCredentialEntry

ipspCredentialEntry 1.3.6.1.2.1.1.1.34.1
A row in the ipspCredentialTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspCredentialEntry  

ipspCredName 1.3.6.1.2.1.1.1.34.1.1
This object represents the name for an entry in this table.
Status: current Access: not-accessible
OBJECT-TYPE    
  SnmpAdminString Size(1..32)  

ipspCredType 1.3.6.1.2.1.1.1.34.1.2
This object represents the type of the credential for this row.
Status: current Access: read-create
OBJECT-TYPE    
  IpspCredentialType  

ipspCredCredential 1.3.6.1.2.1.1.1.34.1.3
This object represents the credential value. If the size of the credential is greater than 1024, the credential must be configured via the ipspCredSegmentTable. For credential type where the disclosure of the credential would compromise the credential (e.g. shared secrets), when this object is accessed for reading, it MUST return a null length (0 length) string and MUST NOT return the configured credential.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..1024)  

ipspCredSize 1.3.6.1.2.1.1.1.34.1.4
This value represents the size of the credential. If this value is greater than 1024, the ipspCreCredential column will return an empty (0 length) string. In this case, the value of the credential must be retrived from the ipspCredSegmentTable. For credential type where the disclosure of the credential would compromise the credential (e.g. shared secrets), when this object is accessed for reading, it MUST return a value of 0 and MUST NOT return the size credential.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

ipspCredMngName 1.3.6.1.2.1.1.1.34.1.5
This value is used as an index into the ipspIpsecCredMngServiceTable. For IDs that have no credential management service, this value is left blank.
Status: current Access: read-create
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

ipspCredRemoteID 1.3.6.1.2.1.1.1.34.1.6
This object represents the Identification (e.g. user name) of the user of the key information on the remote site. If there is no ID associated with this credential, the value of this object should be the null string.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING Size(0..256)  

ipspCredAdminStatus 1.3.6.1.2.1.1.1.34.1.7
Indicates whether this credential should be considered active. Rows with a disabled status must not be used for any purpose, including IKE or IPSEC processing. For credentials whose size does not execeed the maximum size for the ipspCredCredential, it may be set to enabled during row creation. For larger credentials, it should be left as disabled until all rows have been uploaded to the ipspCredSegmentTable.
Status: current Access: read-create
OBJECT-TYPE    
  IpspAdminStatus  

ipspCredLastChanged 1.3.6.1.2.1.1.1.34.1.8
The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspCredStorageType 1.3.6.1.2.1.1.1.34.1.9
The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent.
Status: current Access: read-create
OBJECT-TYPE    
  StorageType  

ipspCredRowStatus 1.3.6.1.2.1.1.1.34.1.10
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspCredentialSegmentTable 1.3.6.1.2.1.1.1.35
A table of credential segments. This table is used for credentials which are larger than the maximum size allowed for ipspCredCredential.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    IpspCredentialSegmentEntry

ipspCredentialSegmentEntry 1.3.6.1.2.1.1.1.35.1
A row in the ipspCredentialSegmentTable.
Status: current Access: not-accessible
OBJECT-TYPE    
  IpspCredentialSegmentEntry  

ipspCredSegIndex 1.3.6.1.2.1.1.1.35.1.1
This object represents the segment number for this segment. By default, each segment will be 1024 octets. However, when this table is accessed using a context of 'ipsp4096', 'ipsp8192' or 'ipsp16384' a segment size of 4096, 8192 or 16384 (respectively) will be used instead. The number of rows which need to be retrieved or set can be calculated by obtaining the value of the ipspCredSize column from the corresponding ipspCredentialTable row and dividing it by the segment size.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..65535  

ipspCredSegValue 1.3.6.1.2.1.1.1.35.1.2
This object represents one segment of the credential. By default, each complete segment will be 1024 octets. (The last row for a given credential might be smaller, if the credential size is not a multiple of the segment size). An implementation may optionally support segment sizes of 256, 4096, 8192 or the full object size when this table is is accessed using a context of 'ipspCred256', 'ipspCred4096', 'ipspCred8192' or 'ipspCredFull' (respectively). The number of rows which need to be retrieved or set can be calculated by obtaining the value of the ipspCredSize column from the corresponding ipspCredentialTable row and dividing it by the segment size.
Status: current Access: read-create
OBJECT-TYPE    
  OCTET STRING  

ipspCredSegLastChanged 1.3.6.1.2.1.1.1.35.1.3
The value of sysUpTime when this credential was last modified or created either through SNMP SETs or by some other external means. Note that the last changed type will be the same for all segemnts of the credential.
Status: current Access: read-only
OBJECT-TYPE    
  TimeStamp  

ipspCredSegStorageType 1.3.6.1.2.1.1.1.35.1.4
The storage type for this row. This object is read-only. Rows in this table have the same value as the ipspCredStorageType for the corresponding row in the ipspCredentialTable.
Status: current Access: read-only
OBJECT-TYPE    
  StorageType  

ipspCredSegRowStatus 1.3.6.1.2.1.1.1.35.1.5
This object indicates the conceptual status of this row. The segment of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
Status: current Access: read-create
OBJECT-TYPE    
  RowStatus  

ipspNotificationVariables 1.3.6.1.2.1.1.2.1
OBJECT IDENTIFIER    

ipspNotifications 1.3.6.1.2.1.1.2.0
OBJECT IDENTIFIER    

ipspActionExecuted 1.3.6.1.2.1.1.2.1.1
Points to the action instance that was executed that resulted in the notification being sent.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  VariablePointer  

ipspIPInterfaceType 1.3.6.1.2.1.1.2.1.2
Contains the interface type for the interface that the packet which triggered the notification in question is passing through.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetAddressType  

ipspIPInterfaceAddress 1.3.6.1.2.1.1.2.1.3
Contains the interface address for the interface that the packet which triggered the notification in question is passing through.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetAddress  

ipspIPSourceType 1.3.6.1.2.1.1.2.1.4
Contains the source address type of the packet which triggered the notification in question.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetAddressType  

ipspIPSourceAddress 1.3.6.1.2.1.1.2.1.5
Contains the source address of the packet which triggered the notification in question.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetAddress  

ipspIPDestinationType 1.3.6.1.2.1.1.2.1.6
Contains the destination address type of the packet which triggered the notification in question.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetAddressType  

ipspIPDestinationAddress 1.3.6.1.2.1.1.2.1.7
Contains the destination address of the packet which triggered the notification in question.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetAddress  

ipspPacketDirection 1.3.6.1.2.1.1.2.1.8
Indicates if the packet whic triggered the action in questions was inbound our outbound.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  INTEGER inbound(1), outbound(2)  

ipspPacketPart 1.3.6.1.2.1.1.2.1.9
Is the front part of the packet that triggered this notification. The size is determined by the value of 'IpspIPPacketLogging' or the size of the packet, whichever is smaller.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  OCTET STRING  

ipspActionNotification 1.3.6.1.2.1.1.2.0.1
Notification that an action was executed by a rule. Only actions with logging enabled will result in this notification getting sent. The objects sent must include the ipspActionExecuted object which will indicate which action was executed within the scope of the rule. Additionally the ipspIPSourceType, ipspIPSourceAddress, ipspIPDestinationType, and ipspIPDestinationAddress objects must be included to indicate the packet source and destination of the packet that triggered the action. Finally the ipspIPInterfaceType, ipspIPInterfaceAddress, and ipspPacketDirection objects are included to indicate which interface the action was executed in association with and if the packet was inbound or outbond through the endpoint. Note that compound actions with multiple executed subactions may result in multiple notifications being sent from a single rule execution.
Status: current Access: accessible-for-notify
NOTIFICATION-TYPE    

ipspPacketNotification 1.3.6.1.2.1.1.2.0.2
Notification that a packet passed through an SA. Only SA's created by actions with packet logging enabled will result in this notification getting sent. The objects sent must include the ipspActionExecuted which will indicate which action was executed within the scope of the rule. Additionally, the ipspIPSourceType, ipspIPSourceAddress, ipspIPDestinationType, and ipspIPDestinationAddress, objects must be included to indicate the packet source and destination of the packet that triggered the action. The ipspIPInterfaceType, ipspIPInterfaceAddress, and ipspPacketDirection objects are included to indicate which endpoint the packet was associated with. Finally, ipspPacketPart is including for sending a variable sized part of the front of the packet depending on the value of IpspIPPacketLogging.
Status: current Access: accessible-for-notify
NOTIFICATION-TYPE    

ipspCompliances 1.3.6.1.2.1.1.3.1
OBJECT IDENTIFIER    

ipspGroups 1.3.6.1.2.1.1.3.2
OBJECT IDENTIFIER    

ipspRuleFilterCompliance 1.3.6.1.2.1.1.3.1.1
The compliance statement for SNMP entities that include an IPsec MIB implementation with Endpoint, Rules, and filters support.
Status: current Access: not-accessible
MODULE-COMPLIANCE    

ipspIPsecCompliance 1.3.6.1.2.1.1.3.1.2
The compliance statement for SNMP entities that include an IPsec MIB implementation and supports IPsec actions.
Status: current Access: not-accessible
MODULE-COMPLIANCE    

ipspIKECompliance 1.3.6.1.2.1.1.3.1.3
The compliance statement for SNMP entities that include an IPsec MIB implementation and supports IKE actions.
Status: current Access: not-accessible
MODULE-COMPLIANCE    

ipspLoggingCompliance 1.3.6.1.2.1.1.3.1.4
The compliance statement for SNMP entities that support sending notifications when actions are invoked.
Status: current Access: not-accessible
MODULE-COMPLIANCE    

ipspEndpointGroup 1.3.6.1.2.1.1.3.2.1
The IPsec Policy Endpoint Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspGroupContentsGroup 1.3.6.1.2.1.1.3.2.2
The IPsec Policy Group Contents Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspIpsecSystemPolicyNameGroup 1.3.6.1.2.1.1.3.2.3
The System Policy Group Name Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspRuleDefinitionGroup 1.3.6.1.2.1.1.3.2.4
The IPsec Policy Rule Definition Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspCompoundFilterGroup 1.3.6.1.2.1.1.3.2.5
The IPsec Policy Compound Filter Table and Filters in Compound Filters Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspStaticFilterGroup 1.3.6.1.2.1.1.3.2.6
The static filter group. Currently this is just a true filter.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspIPHeaderFilterGroup 1.3.6.1.2.1.1.3.2.7
The IPsec Policy IP Header Filter Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspIPOffsetFilterGroup 1.3.6.1.2.1.1.3.2.8
The IPsec Policy IP Offset Filter Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspTimeFilterGroup 1.3.6.1.2.1.1.3.2.9
The IPsec Policy Time Filter Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspIpsoHeaderFilterGroup 1.3.6.1.2.1.1.3.2.10
The IPsec Policy IPSO Header Filter Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspCredentialFilterGroup 1.3.6.1.2.1.1.3.2.11
The IPsec Policy Credential Filter Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspPeerIdFilterGroup 1.3.6.1.2.1.1.3.2.12
The IPsec Policy Peer Identity Filter Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspCompoundActionGroup 1.3.6.1.2.1.1.3.2.13
The IPsec Policy Compound Action Table and Actions In Compound Action Table Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspPreconfiguredGroup 1.3.6.1.2.1.1.3.2.14
This group is the set of objects that support preconfigured IPsec actions. These objects are from The Preconfigured Action Table. This group also includes objects from the shared tables: Peer Identity Table, Credential Table, Credential Management Service Table and the AH, ESP, and IPComp Transform Tables.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspStaticActionGroup 1.3.6.1.2.1.1.3.2.15
The IPsec Policy Static Actions Group.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspIpsecGroup 1.3.6.1.2.1.1.3.2.16
This group is the set of objects that support IPsec actions. These objects are from The IPsec Policy IPsec Actions Table, The IPsec Proposal Table, and The IPsec Transform Table. This group also includes objects from the shared tables: Peer Identity Table, Credential Table, Negotiation Parameters Table, Credential Management Service Table and the AH, ESP, and IPComp Transform Table.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspIkeGroup 1.3.6.1.2.1.1.3.2.17
This group is the set of objects that support IKE actions. These objects are from The IPsec Policy IKE Action Table, The IKE Action Proposals Table, The IKE Proposal Table, The autostart IKE Table and The IKE Identity Table. This group also includes objects from the shared tables: Peer Identity Table, Credential Management Service Table and Negotiation Parameters Table.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspActionLoggingObjectGroup 1.3.6.1.2.1.1.3.2.18
Notification objects.
Status: current Access: not-accessible
OBJECT-GROUP    

ipspActionNotificationGroup 1.3.6.1.2.1.1.3.2.19
Notifications.
Status: current Access: not-accessible
NOTIFICATION-GROUP    

Generation date: July 28, 2023, 16:18:13, Copyright © 2007 - 2022 - Circitor