JUNIPER-IPSEC-FLOW-MON-MIB

File: JUNIPER-IPSEC-FLOW-MON-MIB.mib (42387 bytes)

Imported modules

SNMPv2-SMI INET-ADDRESS-MIB SNMPv2-TC
JUNIPER-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Counter32
Counter64 Integer32 Unsigned32
InetAddress InetAddressType TEXTUAL-CONVENTION
DisplayString TimeInterval jnxIpSecMibRoot

Defined Types

JnxIkePeerType  
The type of IPsec Phase-1 IKE peer identity. It is the local IKE identify to send in the exchange. The IKE peer may be identified by one of the ID types defined in IPSEC DOI. idIpv4Addr - IPv4 Address. idIpv6Addr - IPv6 Address. idUfqdn - user fully qualified domain name (user@hostname). idFqdn - full qualified domain name idDn - distinquished name
TEXTUAL-CONVENTION    
  INTEGER unknown(0), idIpv4Addr(1), idFqdn(2), idDn(3), idUfqdn(4), idIpv6Addr(5)  

JnxIkeNegoMode  
The IPsec Phase-1 IKE negotiation mode. Main Mode: A six-message Phase 1 exchange that provides identity protection. Aggressive mode: a three-message phase 1 exchange that does not provide identity protection
TEXTUAL-CONVENTION    
  INTEGER main(1), aggressive(2), ikev2(3)  

JnxIkeHashAlgo  
The hash algorithm used in IPsec Phase-1 IKE negotiations.
TEXTUAL-CONVENTION    
  INTEGER md5(1), sha(2), sha256(3), sha384(4)  

JnxIkeAuthMethod  
The authentication method used in IPsec Phase-1 IKE negotiations.
TEXTUAL-CONVENTION    
  INTEGER preSharedKey(1), dssSignature(2), rsaSignature(3), rsaEncryption(4), revRsaEncryption(5), xauthPreSharedKey(6), xauthDssSignature(7), xauthRsaSignature(8), xauthRsaEncryption(9), xauthRevRsaEncryption(10)  

JnxIkePeerRole  
Role of the local endpoint in negotiating the IPsec Phase-1 IKE security association. It can be either Initiator or Responder.
TEXTUAL-CONVENTION    
  INTEGER initiator(1), responder(2)  

JnxIkeTunStateType  
State of the Phase-1 IKE negotiation.
TEXTUAL-CONVENTION    
  INTEGER up(1), down(2)  

JnxDiffHellmanGrp  
The Diffie Hellman Group used in negotiations. modp768 -- 768-bit MODP modp1024 -- 1024-bit MODP modp1536 -- 1536-bit MODP modp2048 -- 2048-bit MODP ec-modp256 -- 256-bit EC-MODP ec-modp384 -- 384-bit EC-MODP
TEXTUAL-CONVENTION    
  INTEGER unknown(0), modp768(1), modp1024(2), modp1536(5), modp2048(14), ecmodp256(19), ecmodp384(20)  

JnxKeyType  
The type of key used by an IPsec Phase-2 Tunnel.
TEXTUAL-CONVENTION    
  INTEGER unknown(0), keyIke(1), keyManual(2)  

JnxEncapMode  
The encapsulation mode used by an IPsec Phase-2 Tunnel.
TEXTUAL-CONVENTION    
  INTEGER unknown(0), tunnel(1), transport(2)  

JnxEncryptAlgo  
The encryption algorithm used in negotiations.
TEXTUAL-CONVENTION    
  INTEGER espDes(1), esp3des(2), espNull(3), espAes128(4), espAes192(5), espAes256(6)  

JnxAuthAlgo  
The authentication algorithm used by a security association of an IPsec Phase-2 Tunnel.
TEXTUAL-CONVENTION    
  INTEGER unknown(0), hmacMd5(1), hmacSha(2), hmacSha256(3)  

JnxRemotePeerType  
The type of the remote peer gateway (endpoint). It can be one of the following two types: - static (Remote peer whose IP address is known beforehand) - dynamic (Remote peer whose IP address is not known beforehand).
TEXTUAL-CONVENTION    
  INTEGER unknown(0), static(1), dynamic(2)  

JnxSpiType  
The type of the SPI associated with IPsec Phase-2 security associations.
TEXTUAL-CONVENTION    
  Unsigned32 256..4294967295  

JnxSAType  
SA Type manual or dynamic
TEXTUAL-CONVENTION    
  INTEGER unknown(0), manual(1), dynamic(2)  

JnxIkeTunnelMonEntry  
SEQUENCE    
  jnxIkeTunMonRemoteGwAddrType InetAddressType
  jnxIkeTunMonRemoteGwAddr InetAddress
  jnxIkeTunMonIndex Integer32
  jnxIkeTunMonLocalGwAddrType InetAddressType
  jnxIkeTunMonLocalGwAddr InetAddress
  jnxIkeTunMonState JnxIkeTunStateType
  jnxIkeTunMonInitiatorCookie DisplayString
  jnxIkeTunMonResponderCookie DisplayString
  jnxIkeTunMonLocalRole JnxIkePeerRole
  jnxIkeTunMonLocalIdType JnxIkePeerType
  jnxIkeTunMonLocalIdValue DisplayString
  jnxIkeTunMonLocalCertName DisplayString
  jnxIkeTunMonRemoteIdType JnxIkePeerType
  jnxIkeTunMonRemoteIdValue DisplayString
  jnxIkeTunMonNegoMode JnxIkeNegoMode
  jnxIkeTunMonDiffHellmanGrp JnxDiffHellmanGrp
  jnxIkeTunMonEncryptAlgo JnxEncryptAlgo
  jnxIkeTunMonHashAlgo JnxIkeHashAlgo
  jnxIkeTunMonAuthMethod JnxIkeAuthMethod
  jnxIkeTunMonLifeTime Integer32
  jnxIkeTunMonActiveTime TimeInterval
  jnxIkeTunMonInOctets Counter64
  jnxIkeTunMonInPkts Counter32
  jnxIkeTunMonOutOctets Counter64
  jnxIkeTunMonOutPkts Counter32
  jnxIkeTunMonXAuthUserId DisplayString
  jnxIkeTunMonDPDDownCount Counter32

JnxIpSecTunnelMonEntry  
SEQUENCE    
  jnxIpSecTunMonRemoteGwAddrType InetAddressType
  jnxIpSecTunMonRemoteGwAddr InetAddress
  jnxIpSecTunMonIndex Integer32
  jnxIpSecTunMonLocalGwAddrType InetAddressType
  jnxIpSecTunMonLocalGwAddr InetAddress
  jnxIpSecTunMonLocalProxyId DisplayString
  jnxIpSecTunMonRemoteProxyId DisplayString
  jnxIpSecTunMonKeyType JnxKeyType
  jnxIpSecTunMonRemotePeerType JnxRemotePeerType
  jnxIpSecTunMonOutEncryptedBytes Counter64
  jnxIpSecTunMonOutEncryptedPkts Counter64
  jnxIpSecTunMonInDecryptedBytes Counter64
  jnxIpSecTunMonInDecryptedPkts Counter64
  jnxIpSecTunMonAHInBytes Counter64
  jnxIpSecTunMonAHInPkts Counter64
  jnxIpSecTunMonAHOutBytes Counter64
  jnxIpSecTunMonAHOutPkts Counter64
  jnxIpSecTunMonReplayDropPkts Counter64
  jnxIpSecTunMonAhAuthFails Counter64
  jnxIpSecTunMonEspAuthFails Counter64
  jnxIpSecTunMonDecryptFails Counter64
  jnxIpSecTunMonBadHeaders Counter64
  jnxIpSecTunMonBadTrailers Counter64
  jnxIpSecTunMonDroppedPkts Counter64

JnxIpSecSaMonEntry  
SEQUENCE    
  jnxIpSecSaMonIndex Integer32
  jnxIpSecSaMonProtocol INTEGER
  jnxIpSecSaMonInSpi JnxSpiType
  jnxIpSecSaMonOutSpi JnxSpiType
  jnxIpSecSaMonType JnxSAType
  jnxIpSecSaMonEncapMode JnxEncapMode
  jnxIpSecSaMonLifeSize Integer32
  jnxIpSecSaMonLifeTime Integer32
  jnxIpSecSaMonActiveTime TimeInterval
  jnxIpSecSaMonLifeSizeThreshold Integer32
  jnxIpSecSaMonLifeTimeThreshold Integer32
  jnxIpSecSaMonEncryptAlgo JnxEncryptAlgo
  jnxIpSecSaMonAuthAlgo JnxAuthAlgo
  jnxIpSecSaMonState INTEGER

Defined Values

jnxIpSecFlowMonMIB 1.3.6.1.4.1.2636.3.52.1
This module defines the object used to monitor the entries pertaining to IPSec objects and the management of the IPSEC VPN functionalities. tables: - IKE tunnel table - IPSec tunnel table - IPSec security associations table. This mib module is based on JNX-IPSEC-MONITOR-MIB. Building on the existing IKE infrastruature, the security IKE implementation integrates the value-added features for the security products
MODULE-IDENTITY    

jnxIpSecFlowMonNotifications 1.3.6.1.4.1.2636.3.52.1.0
OBJECT IDENTIFIER    

jnxIpSecFlowMonPhaseOne 1.3.6.1.4.1.2636.3.52.1.1
OBJECT IDENTIFIER    

jnxIpSecFlowMonPhaseTwo 1.3.6.1.4.1.2636.3.52.1.2
OBJECT IDENTIFIER    

jnxIkeNumOfTunnels 1.3.6.1.4.1.2636.3.52.1.1.1
Number of IKE Tunnels (phase-1) actively negotiating between peers. The SA can be in either the up or down state. This attribute should detail the number of IKE tunnels in jnxIkeTunnelMonTable.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER  

jnxIkeTunnelMonTable 1.3.6.1.4.1.2636.3.52.1.1.2
The IPsec Phase-1 Internet Key Exchange Tunnel Table. There is one entry in this table for each active IPsec Phase-1 IKE Tunnel.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    JnxIkeTunnelMonEntry

jnxIkeTunnelMonEntry 1.3.6.1.4.1.2636.3.52.1.1.2.1
Each entry contains the attributes associated with an active IPsec Phase-1 IKE Tunnel.
Status: current Access: not-accessible
OBJECT-TYPE    
  JnxIkeTunnelMonEntry  

jnxIkeTunMonRemoteGwAddrType 1.3.6.1.4.1.2636.3.52.1.1.2.1.1
The IP address type of the remote gateway (endpoint) for the IPsec Phase-1 IKE Tunnel.
Status: current Access: not-accessible
OBJECT-TYPE    
  InetAddressType  

jnxIkeTunMonRemoteGwAddr 1.3.6.1.4.1.2636.3.52.1.1.2.1.2
The IP address of the remote gateway (endpoint) for the IPsec Phase-1 IKE Tunnel.
Status: current Access: not-accessible
OBJECT-TYPE    
  InetAddress  

jnxIkeTunMonIndex 1.3.6.1.4.1.2636.3.52.1.1.2.1.3
The index of the IPsec Phase-1 IKE Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..2147483647  

jnxIkeTunMonLocalGwAddr 1.3.6.1.4.1.2636.3.52.1.1.2.1.4
The IP address of the local endpoint (gateway) for the IPsec Phase-1 IKE Tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  InetAddress  

jnxIkeTunMonLocalGwAddrType 1.3.6.1.4.1.2636.3.52.1.1.2.1.5
The IP address type of the local endpoint (gateway) for the IPsec Phase-1 IKE Tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  InetAddressType  

jnxIkeTunMonState 1.3.6.1.4.1.2636.3.52.1.1.2.1.6
The state of the IKE tunnel, It can be: 1. up - negotiation completed 2. down- being negotiated
Status: current Access: read-only
OBJECT-TYPE    
  JnxIkeTunStateType  

jnxIkeTunMonInitiatorCookie 1.3.6.1.4.1.2636.3.52.1.1.2.1.7
Cookie as generated by the peer that initiated the IKE Phase-1 negotiation. This cookie is carried in the ISAKMP header.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

jnxIkeTunMonResponderCookie 1.3.6.1.4.1.2636.3.52.1.1.2.1.8
Cookie as generated by the peer responding to the IKE Phase-1 negotiation initiated by the remote peer. This cookie is carried in the ISAKMP header.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

jnxIkeTunMonLocalRole 1.3.6.1.4.1.2636.3.52.1.1.2.1.9
The role of local peer identity. The Role of the local peer can be: 1. initiator. 2. or responder.
Status: current Access: read-only
OBJECT-TYPE    
  JnxIkePeerRole  

jnxIkeTunMonLocalIdType 1.3.6.1.4.1.2636.3.52.1.1.2.1.10
The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name string. 3. or a distinguished name string.
Status: current Access: read-only
OBJECT-TYPE    
  JnxIkePeerType  

jnxIkeTunMonLocalIdValue 1.3.6.1.4.1.2636.3.52.1.1.2.1.11
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is id_fqdn, then this is the FQDN of the remote peer. If the local peer type is a id_dn, then this is the distinguished name string of the local peer.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

jnxIkeTunMonLocalCertName 1.3.6.1.4.1.2636.3.52.1.1.2.1.12
Name of the certificate used for authentication of the local tunnel endpoint. This object will have some valid value only if negotiated IKE authentication method is other than pre-saherd key. If the IKE negotiation do not use certificate based authentication method, then the value of this object will be a NULL string.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

jnxIkeTunMonRemoteIdType 1.3.6.1.4.1.2636.3.52.1.1.2.1.13
The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name string. 3. or a distinguished name string.
Status: current Access: read-only
OBJECT-TYPE    
  JnxIkePeerType  

jnxIkeTunMonRemoteIdValue 1.3.6.1.4.1.2636.3.52.1.1.2.1.14
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id_fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id_dn, then this is the distinguished named string of the remote peer.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

jnxIkeTunMonNegoMode 1.3.6.1.4.1.2636.3.52.1.1.2.1.15
The negotiation mode of the IPsec Phase-1 IKE Tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  JnxIkeNegoMode  

jnxIkeTunMonDiffHellmanGrp 1.3.6.1.4.1.2636.3.52.1.1.2.1.16
The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations.
Status: current Access: read-only
OBJECT-TYPE    
  JnxDiffHellmanGrp  

jnxIkeTunMonEncryptAlgo 1.3.6.1.4.1.2636.3.52.1.1.2.1.17
The encryption algorithm used in IPsec Phase-1 IKE negotiations.
Status: current Access: read-only
OBJECT-TYPE    
  JnxEncryptAlgo  

jnxIkeTunMonHashAlgo 1.3.6.1.4.1.2636.3.52.1.1.2.1.18
The hash algorithm used in IPsec Phase-1 IKE negotiations.
Status: current Access: read-only
OBJECT-TYPE    
  JnxIkeHashAlgo  

jnxIkeTunMonAuthMethod 1.3.6.1.4.1.2636.3.52.1.1.2.1.19
The authentication method used in IPsec Phase-1 IKE negotiations.
Status: current Access: read-only
OBJECT-TYPE    
  JnxIkeAuthMethod  

jnxIkeTunMonLifeTime 1.3.6.1.4.1.2636.3.52.1.1.2.1.20
The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32 1..2147483647  

jnxIkeTunMonActiveTime 1.3.6.1.4.1.2636.3.52.1.1.2.1.21
The length of time the IPsec Phase-1 IKE tunnel has been active in hundredths of seconds.
Status: current Access: read-only
OBJECT-TYPE    
  TimeInterval  

jnxIkeTunMonInOctets 1.3.6.1.4.1.2636.3.52.1.1.2.1.22
The total number of octets received by this IPsec Phase-1 IKE security association.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIkeTunMonInPkts 1.3.6.1.4.1.2636.3.52.1.1.2.1.23
The total number of packets received by this IPsec Phase-1 IKE security association.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

jnxIkeTunMonOutOctets 1.3.6.1.4.1.2636.3.52.1.1.2.1.24
The total number of octets sent by this IPsec Phase-1 IKE security association.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIkeTunMonOutPkts 1.3.6.1.4.1.2636.3.52.1.1.2.1.25
The total number of packets sent by this IPsec Phase-1 IKE security association.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

jnxIkeTunMonXAuthUserId 1.3.6.1.4.1.2636.3.52.1.1.2.1.26
The extended Authentication (XAuth) User Identifier, identifies the user associated with this IPSec Phase negotiation.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

jnxIkeTunMonDPDDownCount 1.3.6.1.4.1.2636.3.52.1.1.2.1.27
The number of times that the remote peer is detected in a dead (or down) state. This attribute is obsolete
Status: obsolete Access: read-only
OBJECT-TYPE    
  Counter32  

jnxIpSecNumOfTunnels 1.3.6.1.4.1.2636.3.52.1.2.1
Number of IPSEC VPN Tunnels. This attribute should detail the number of IPSEC VPN tunnel in jnxIpSecTunnelTable.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER  

jnxIpSecTunnelMonTable 1.3.6.1.4.1.2636.3.52.1.2.2
The IPsec Phase-2 Tunnel Table. There is one entry in this table for each active IPsec Phase-2 Tunnel. If the tunnel is terminated, then the entry is no longer available after the table has been refreshed.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    JnxIpSecTunnelMonEntry

jnxIpSecTunnelMonEntry 1.3.6.1.4.1.2636.3.52.1.2.2.1
Each entry contains the attributes associated with an active IPsec Phase-2 Tunnel.
Status: current Access: not-accessible
OBJECT-TYPE    
  JnxIpSecTunnelMonEntry  

jnxIpSecTunMonRemoteGwAddrType 1.3.6.1.4.1.2636.3.52.1.2.2.1.1
The IP address type of the remote gateway (endpoint) for the IPsec Phase-2 Tunnel.
Status: current Access: not-accessible
OBJECT-TYPE    
  InetAddressType  

jnxIpSecTunMonRemoteGwAddr 1.3.6.1.4.1.2636.3.52.1.2.2.1.2
The IP address of the remote gateway (endpoint) for the IPsec Phase-2 Tunnel.
Status: current Access: not-accessible
OBJECT-TYPE    
  InetAddress  

jnxIpSecTunMonIndex 1.3.6.1.4.1.2636.3.52.1.2.2.1.3
The index of the IPsec Phase-2 Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..2147483647  

jnxIpSecTunMonLocalGwAddrType 1.3.6.1.4.1.2636.3.52.1.2.2.1.4
The IP address type of the local gateway (endpoint) for the IPsec Phase-2 Tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  InetAddressType  

jnxIpSecTunMonLocalGwAddr 1.3.6.1.4.1.2636.3.52.1.2.2.1.5
The IP address of the local gateway (endpoint) for the IPsec Phase-2 Tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  InetAddress  

jnxIpSecTunMonLocalProxyId 1.3.6.1.4.1.2636.3.52.1.2.2.1.6
Identifier for the local end.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

jnxIpSecTunMonRemoteProxyId 1.3.6.1.4.1.2636.3.52.1.2.2.1.7
Identifier for the remote end.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

jnxIpSecTunMonKeyType 1.3.6.1.4.1.2636.3.52.1.2.2.1.8
The type of key used by the IPsec Phase-2 Tunnel. It can be one of the following two types: - IKE negotiated - Manually installed
Status: current Access: read-only
OBJECT-TYPE    
  JnxKeyType  

jnxIpSecTunMonRemotePeerType 1.3.6.1.4.1.2636.3.52.1.2.2.1.9
The type of the remote peer gateway (endpoint). It can be one of the following two types: - static (Remote peer whose IP address is known beforehand) - dynamic (Remote peer whose IP address is not known beforehand)
Status: current Access: read-only
OBJECT-TYPE    
  JnxRemotePeerType  

jnxIpSecTunMonOutEncryptedBytes 1.3.6.1.4.1.2636.3.52.1.2.2.1.10
Number of bytes encrypted by this Phase-2 tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonOutEncryptedPkts 1.3.6.1.4.1.2636.3.52.1.2.2.1.11
Number of packets encrypted by this Phase-2 tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonInDecryptedBytes 1.3.6.1.4.1.2636.3.52.1.2.2.1.12
Number of bytes decrypted by this Phase-2 tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonInDecryptedPkts 1.3.6.1.4.1.2636.3.52.1.2.2.1.13
Number of packets decrypted by this Phase-2 tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonAHInBytes 1.3.6.1.4.1.2636.3.52.1.2.2.1.14
Number of incoming bytes authenticated using AH by this Phase-2 tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonAHInPkts 1.3.6.1.4.1.2636.3.52.1.2.2.1.15
Number of incoming packets authenticated using AH by this Phase-2 tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonAHOutBytes 1.3.6.1.4.1.2636.3.52.1.2.2.1.16
Number of outgoing bytes applied AH by this Phase-2 tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonAHOutPkts 1.3.6.1.4.1.2636.3.52.1.2.2.1.17
Number of outgoing packets applied AH by this Phase-2 tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonReplayDropPkts 1.3.6.1.4.1.2636.3.52.1.2.2.1.18
Number of packets dropped by this Phase-2 tunnel due to anti replay check failure.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonAhAuthFails 1.3.6.1.4.1.2636.3.52.1.2.2.1.19
Number of packets received by this Phase-2 tunnel that failed AH authentication.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonEspAuthFails 1.3.6.1.4.1.2636.3.52.1.2.2.1.20
Number of packets received by this Phase-2 tunnel that failed ESP authentication.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonDecryptFails 1.3.6.1.4.1.2636.3.52.1.2.2.1.21
Number of packets received by this Phase-2 tunnel that failed decryption.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonBadHeaders 1.3.6.1.4.1.2636.3.52.1.2.2.1.22
Number of packets received by this Phase-2 tunnel that failed due to bad headers.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonBadTrailers 1.3.6.1.4.1.2636.3.52.1.2.2.1.23
Number of packets received by this Phase-2 tunnel that failed due to bad ESP trailers.
Status: current Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecTunMonDroppedPkts 1.3.6.1.4.1.2636.3.52.1.2.2.1.26
Total number of dropped packets for this Phase-2 tunnel. This attribute is obsolete.
Status: obsolete Access: read-only
OBJECT-TYPE    
  Counter64  

jnxIpSecSaMonTable 1.3.6.1.4.1.2636.3.52.1.2.3
The IPsec Phase-2 Security Association Table. This table identifies the structure (in terms of component SAs) of each active Phase-2 IPsec tunnel. This table contains an entry for each active and expiring security association and maps each entry in the active Phase-2 tunnel table (ipSecTunTable) into a number of entries in this table. SA contains the information negotiated by IKE. The SA is like a contract laying out the rules of the VPN connection for the duration of the SA. An SA is assigned a 32-bit number that, when used in conjunction with the destination IP address, uniquely identifies the SA. This number is called the Security Parameters Index or SPI. IPSec SAs area unidirectional and they are unique in each security protocol. A set of SAs are needed for a protected data pipe, one per direction per protocol.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    JnxIpSecSaMonEntry

jnxIpSecSaMonEntry 1.3.6.1.4.1.2636.3.52.1.2.3.1
Each entry contains the attributes associated with active and expiring IPsec Phase-2 security associations.
Status: current Access: not-accessible
OBJECT-TYPE    
  JnxIpSecSaMonEntry  

jnxIpSecSaMonIndex 1.3.6.1.4.1.2636.3.52.1.2.3.1.1
The index, in the context of the IPsec tunnel ipSecTunIndex, of the security association represented by this table entry. The value of this index is a number which begins at one and is incremented with each SPI associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 65535.
Status: current Access: not-accessible
OBJECT-TYPE    
  Integer32 1..65535  

jnxIpSecSaMonProtocol 1.3.6.1.4.1.2636.3.52.1.2.3.1.2
The index, represents the security protocol (AH, ESP or IPComp) for which this security association was setup.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER ah(1), esp(2)  

jnxIpSecSaMonInSpi 1.3.6.1.4.1.2636.3.52.1.2.3.1.3
The value of the incoming SPI.
Status: current Access: read-only
OBJECT-TYPE    
  JnxSpiType  

jnxIpSecSaMonOutSpi 1.3.6.1.4.1.2636.3.52.1.2.3.1.4
The value of the outgoing SPI.
Status: current Access: read-only
OBJECT-TYPE    
  JnxSpiType  

jnxIpSecSaMonType 1.3.6.1.4.1.2636.3.52.1.2.3.1.5
This field represents the type of security associations which can be either manual or dynamic
Status: current Access: read-only
OBJECT-TYPE    
  JnxSAType  

jnxIpSecSaMonEncapMode 1.3.6.1.4.1.2636.3.52.1.2.3.1.6
The encapsulation mode used by an IPsec Phase-2 Tunnel.
Status: current Access: read-only
OBJECT-TYPE    
  JnxEncapMode  

jnxIpSecSaMonLifeSize 1.3.6.1.4.1.2636.3.52.1.2.3.1.7
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

jnxIpSecSaMonLifeTime 1.3.6.1.4.1.2636.3.52.1.2.3.1.8
The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

jnxIpSecSaMonActiveTime 1.3.6.1.4.1.2636.3.52.1.2.3.1.9
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
Status: current Access: read-only
OBJECT-TYPE    
  TimeInterval  

jnxIpSecSaMonLifeSizeThreshold 1.3.6.1.4.1.2636.3.52.1.2.3.1.10
The security association LifeSize refresh threshold in kilobytes.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

jnxIpSecSaMonLifeTimeThreshold 1.3.6.1.4.1.2636.3.52.1.2.3.1.11
The security association LifeTime refresh threshold in seconds.
Status: current Access: read-only
OBJECT-TYPE    
  Integer32  

jnxIpSecSaMonEncryptAlgo 1.3.6.1.4.1.2636.3.52.1.2.3.1.12
The Encryption algorithm used to encrypt the packets which can be either es-cbc or 3des-cbc.
Status: current Access: read-only
OBJECT-TYPE    
  JnxEncryptAlgo  

jnxIpSecSaMonAuthAlgo 1.3.6.1.4.1.2636.3.52.1.2.3.1.13
The algorithm used for authentication of packets which can be hmac-md5-96 or hmac-sha1-96 or hmac-sha-256-128
Status: current Access: read-only
OBJECT-TYPE    
  JnxAuthAlgo  

jnxIpSecSaMonState 1.3.6.1.4.1.2636.3.52.1.2.3.1.14
This column represents the status of the security association represented by this table entry. If the status of the SA is 'active', the SA is ready for active use. The status 'expiring' represents any of the various states that the security association transitions through before being purged.
Status: current Access: read-only
OBJECT-TYPE    
  INTEGER unknown(0), active(1), expiring(2)