-- These MIBs were created on 05/27/2001 -- This module defines NetScreen private MIBs for NAT -- -- Copyright (c) 1999 - 2001 by NetScreen Technologies, Inc. -- All rights reserved. -- -- MODULE-IDENTITY -- OrgName -- NetScreen Technologies, Inc. -- ContactInfo -- Customer Support -- -- 350 Oakmead Parkway -- Sunnyvale, CA 94085 -- USA -- -- Tel: 1.877.NETSCREEN -- E-mail: support@netscreen.com -- Http://www.netscreen.com -- Descr -- This module defines the managed objects for Netscreen NAT -- -- Last modified date: 09/28/2001 -- NETSCREEN-NAT-MIB DEFINITIONS ::= BEGIN IMPORTS DisplayString FROM RFC1213-MIB netscreenNAT FROM NETSCREEN-SMI; nsNatMipTable OBJECT-TYPE SYNTAX SEQUENCE OF NsNatMipEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Mapped IP(MIP) is a direct one-to-one maping of traffic destined for one IP address ot another IP address. On NetScreen device, MIP addresses for tunnel and untrusted interfaces can be created." ::= { netscreenNAT 1 } nsNatMipEntry OBJECT-TYPE SYNTAX NsNatMipEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry containing attributes of a mip address" INDEX { nsNatMipIndex } ::= { nsNatMipTable 1 } NsNatMipEntry ::= SEQUENCE { nsNatMipIndex INTEGER, nsNatMipIp IpAddress, nsNatMipNetmask IpAddress, nsNatMipHost IpAddress, nsNatMipIfIp IpAddress, nsNatMipIfNetmask IpAddress, nsNatMipVsys INTEGER } nsNatMipIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each address. Its value ranges between 0 and 65535 and may not be contingous." ::= { nsNatMipEntry 1 } nsNatMipIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "mip address. A MIP must be in the same subnet as the tunnel interface to which it is linked to; however, for the untrusted interface, a MIP does not need to be in the same subnet. In either case, a MIP must not be the same as the interface address or be in any DIP pool that might also be on that subnet." ::= { nsNatMipEntry 2 } nsNatMipNetmask OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Subnet mask for this MIP." ::= { nsNatMipEntry 3 } nsNatMipHost OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Host ip address mip mapping to." ::= { nsNatMipEntry 4 } nsNatMipIfIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Interface's ip address that a MIP is linked to." ::= { nsNatMipEntry 5 } nsNatMipIfNetmask OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Interface's netmask that a MIP is linked to." ::= { nsNatMipEntry 6 } nsNatMipVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Virtual system this mip belongs to." ::= { nsNatMipEntry 7 } nsNatDipTable OBJECT-TYPE SYNTAX SEQUENCE OF NsNatDipEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A DIP(Dynamic IP) pool is a range of IP addresses from which the NetScreen device can dynamically take addresses to use when performing NAT on the source IP address of outgoing or incoming IP packets." ::= { netscreenNAT 2 } nsNatDipEntry OBJECT-TYPE SYNTAX NsNatDipEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry containing attributes of a dynamic address" INDEX { nsNatDipIndex } ::= { nsNatDipTable 1 } NsNatDipEntry ::= SEQUENCE { nsNatDipIndex INTEGER, nsNatDipId INTEGER, nsNatDipLow IpAddress, nsNatDipHigh IpAddress, nsNatDipIfIp IpAddress, nsNatDipIfNetmask IpAddress, nsNatDipPTEnable INTEGER, nsNatDipVsys INTEGER } nsNatDipIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each address. Its value ranges between 0 and 65535 and may not be contigous." ::= { nsNatDipEntry 1 } nsNatDipId OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "DIP pool id." ::= { nsNatDipEntry 2 } nsNatDipLow OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Start IP Address Range. The range of addresses in a DIP pool must be in the same subnet as the interface IP address, but the DIP pool should not contain the interface IP or any MIP or VIP address that might on that subnet." ::= { nsNatDipEntry 3 } nsNatDipHigh OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "End IP Address Range. The range of addresses in a DIP pool must be in the same subnet as the interface IP address, but the DIP pool should not contain the interface IP or any MIP or VIP address that might on that subnet." ::= { nsNatDipEntry 4 } nsNatDipIfIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Interface's ip address that a DIP is linked to." ::= { nsNatDipEntry 5 } nsNatDipIfNetmask OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "interface's ip address that a DIP is linked to." ::= { nsNatDipEntry 6 } nsNatDipPTEnable OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Enable Port Translation" ::= { nsNatDipEntry 7 } nsNatDipVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "virtual system this dip belongs to" ::= { nsNatDipEntry 8 } nsNatVip OBJECT IDENTIFIER ::= { netscreenNAT 3 } nsNatVipCfgTable OBJECT-TYPE SYNTAX SEQUENCE OF NsNatVipCfgEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "VIP(Virtual IP) allows you to map routable IP addresses to internal servers, therby providing transparent connections for a NAT networks to the Internet. This table collects all VIP configurations in NetScreen device." ::= { nsNatVip 1 } nsNatVipCfgEntry OBJECT-TYPE SYNTAX NsNatVipCfgEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Each entry in the nsNatVipCfgTable holds a set of configuration parameters associated with an instance of VIP." INDEX { nsNatVipCfgIndex } ::= { nsNatVipCfgTable 1 } NsNatVipCfgEntry ::= SEQUENCE { nsNatVipCfgIndex INTEGER, nsNatVipCfgIp IpAddress, nsNatVipCfgPort INTEGER, nsNatVipCfgService INTEGER, nsNatVipCfgStatus INTEGER, nsNatVipCfgLoadBalance INTEGER } nsNatVipCfgIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each vip configuation. Its value ranges between 1 and 65535 and may not be contingous." ::= { nsNatVipCfgEntry 1 } nsNatVipCfgIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address for the VIP, which must be in the same subnet as the untrusted interface and can even be the same address as the untrusted interface." ::= { nsNatVipCfgEntry 2 } nsNatVipCfgPort OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The port number for communication between the trusted server and the untrusted interfce on the NetScreen device." ::= { nsNatVipCfgEntry 3 } nsNatVipCfgService OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Service for the server on the trusted interface." ::= { nsNatVipCfgEntry 4 } nsNatVipCfgStatus OBJECT-TYPE SYNTAX INTEGER { not-available(0), available(1) } ACCESS read-only STATUS mandatory DESCRIPTION "The status of the server on the trusted/DMZ interface." ::= { nsNatVipCfgEntry 5 } nsNatVipCfgLoadBalance OBJECT-TYPE SYNTAX INTEGER { null(0), round-robin(1), weighted-round-robin(2), least-conns(3), weighted-least-conns(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Load balance algorithm for the Virtual IP servers." ::= { nsNatVipCfgEntry 6 } nsNatVipServerTable OBJECT-TYPE SYNTAX SEQUENCE OF NsNatVipServerEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Ballancing the loads on NetScreen servers allow traffic intended for a server(one IP address on the untrusted network) to be mapped to several different IP addresses on the DMZ or trusted network. There can be up to eight servers in one load balancing group, which apperas as a single virtual server.This table collects all the server pool configurations for the virtual ip server." ::= { nsNatVip 2 } nsNatVipServerEntry OBJECT-TYPE SYNTAX NsNatVipServerEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry containing attributes of a vip configuration's server pool." INDEX { nsNatVipServerIndex } ::= { nsNatVipServerTable 1 } NsNatVipServerEntry ::= SEQUENCE { nsNatVipServerIndex INTEGER, nsNatVipServerVIP IpAddress, nsNatVipServerService INTEGER, nsNatVipServerLoadBalance INTEGER, nsNatVipServerIp IpAddress, nsNatVipServerWeight INTEGER, nsNatVipServerStatus INTEGER } nsNatVipServerIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each vip server configuation. Its value ranges between 1 and 65535 and may not be contigous." ::= { nsNatVipServerEntry 1 } nsNatVipServerVIP OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address for the VIP." ::= { nsNatVipServerEntry 2 } nsNatVipServerService OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Service provideing through the VIP." ::= { nsNatVipServerEntry 3 } nsNatVipServerLoadBalance OBJECT-TYPE SYNTAX INTEGER { null(0), round-robin(1), weighted-round-robin(2), least-conns(3), weighted-least-conns(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Load balance algorithm for the vitural IP servers." ::= { nsNatVipServerEntry 4 } nsNatVipServerIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Virtual IP server's IP address." ::= { nsNatVipServerEntry 5 } nsNatVipServerWeight OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Loadbalance algorithm weight." ::= { nsNatVipServerEntry 6 } nsNatVipServerStatus OBJECT-TYPE SYNTAX INTEGER { down(0), up(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Virtual IP server's status." ::= { nsNatVipServerEntry 7 } END