-- These MIBs were created on 08/027/2000 -- This module defines NetScreen private MIBs for VPN tunnel monitoring -- -- Copyright (c) 1999 - 2000 by NetScreen Technologies, Inc. -- All rights reserved. -- -- Last modified date: 09/28/2001 -- NETSCREEN-VPN-MON-MIB DEFINITIONS ::= BEGIN IMPORTS DisplayString FROM RFC1213-MIB netscreenVpn FROM NETSCREEN-SMI; netscreenVpnMon OBJECT IDENTIFIER ::= { netscreenVpn 1 } -- MODULE-IDENTITY -- OrgName -- Netscreen Technologies, Inc. -- ContactInfo -- Customer Support -- -- 2860 San TOmas Expwy -- Santa Clara, CA 95051 -- USA -- -- Tel: 1.877.NETSCREEN -- E-mail: support@netscreen.com -- Http://www.netscreen.com -- Descr -- This module defines the object that are used to monitor -- VPN tunnels -- -- the active VPN tunnel table -- The VPN tunnel table contains information on the Netscreen's -- active tunnels. It contains both Phase1 and Phase 2 -- information for an autokey tunnel established by IKE. -- It also contains information about the policy with which it is -- associated. nsVpnMonTable OBJECT-TYPE SYNTAX SEQUENCE OF NsVpnMonEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of active VPN tunnel entries. " ::= { netscreenVpnMon 1 } nsVpnMonEntry OBJECT-TYPE SYNTAX NsVpnMonEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A VPN tunnel entry containing attributes for both IKE Phase 1 and Phase 2 as well as associated policy" INDEX { nsVpnMonIndex } ::= { nsVpnMonTable 1 } NsVpnMonEntry ::= SEQUENCE { nsVpnMonIndex INTEGER, nsVpnMonInPlyId INTEGER, nsVpnMonOutPlyId INTEGER, nsVpnMonVpnName DisplayString, nsVpnMonVsysName DisplayString, nsVpnMonTunnelType INTEGER, nsVpnMonEspEncAlg INTEGER, nsVpnMonEspAuthAlg INTEGER, nsVpnMonAhAlg INTEGER, nsVpnMonKeyType INTEGER, nsVpnMonP1Auth INTEGER, nsVpnMonVpnType INTEGER, nsVpnMonRmtGwIp IpAddress, nsVpnMonRmtGwId DisplayString, nsVpnMonMyGwIp IpAddress, nsVpnMonMyGwId DisplayString, nsVpnMonOutSpi INTEGER, nsVpnMonInSpi INTEGER, nsVpnMonMonState INTEGER, nsVpnMonTunnelState INTEGER, nsVpnMonP1State INTEGER, nsVpnMonP1LifeTime INTEGER, nsVpnMonP2State INTEGER, nsVpnMonP2LifeTime INTEGER, nsVpnMonP2LifeBytes INTEGER, nsVpnMonDelayAvg INTEGER, nsVpnMonDelayLast INTEGER, nsVpnMonAvail INTEGER } nsVpnMonIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each active VPN tunnel. Its value ranges between 1 and 65535 and may not be contigous. Due to the dynamic nature of active VPN tunnels, the index has no other meaning but a pure index" ::= { nsVpnMonEntry 1 } nsVpnMonInPlyId OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The incoming policy ID for which this tunnel is created for. -1 means no policy associates with this SA." ::= { nsVpnMonEntry 2 } nsVpnMonOutPlyId OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The outgoing policy ID for which this tunnel is created for. -1 means no policy associates with this SA." ::= { nsVpnMonEntry 3 } nsVpnMonVpnName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) ACCESS read-only STATUS mandatory DESCRIPTION "A textual string containing information about the VPN entity from which this tunnel was derived. " ::= { nsVpnMonEntry 4 } nsVpnMonVsysName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) ACCESS read-only STATUS mandatory DESCRIPTION "A textual string containing information about the Virtual system to which this tunnel belongs. This applies to NetScreen 1000 " ::= { nsVpnMonEntry 5 } nsVpnMonTunnelType OBJECT-TYPE SYNTAX INTEGER { reserved(0), proto_isakmp(1), proto_ipsec_ah(2), proto_ipsec_esp(3), proto_ipcomp(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Protocol type used for the tunnel" ::= { nsVpnMonEntry 6 } nsVpnMonEspEncAlg OBJECT-TYPE SYNTAX INTEGER { reserved(0), esp_des_iv64(1), esp_des(2), esp_3des(3), esp_rc5(4), esp_idea(5), esp_cast(6), esp_blowfish(7), esp_3idea(8), esp_des_iv32(9), esp_rc4(10), esp_null(11), esp_aes(12) } ACCESS read-only STATUS mandatory DESCRIPTION "a value which identifies a particular algorithm to be used to provide secrecy protection for ESP. " ::= { nsVpnMonEntry 7 } nsVpnMonEspAuthAlg OBJECT-TYPE SYNTAX INTEGER { reserved(0), hmac-md5(1), hmac-sha(2), des-mac(3), ipdk(4) } ACCESS read-only STATUS mandatory DESCRIPTION "The ESP Authentication Algorithm used in the IPsec. " ::= { nsVpnMonEntry 8 } nsVpnMonAhAlg OBJECT-TYPE SYNTAX INTEGER { reserved(0), reserved(1), ah-md5(2), ah-sha(3), ah_des(4) } ACCESS read-only STATUS mandatory DESCRIPTION "a value which identifies a particular algorithm to be used to provide integrity protection for AH. " ::= { nsVpnMonEntry 9 } nsVpnMonKeyType OBJECT-TYPE SYNTAX INTEGER { manual(0), auto_ike(1) } ACCESS read-only STATUS mandatory DESCRIPTION "a value which identifies a key exchange protocol to be used for the negotiation " ::= { nsVpnMonEntry 10 } nsVpnMonP1Auth OBJECT-TYPE SYNTAX INTEGER { unused(0), preshared-key(1), dss-Signature(2), rsa-Signature(3), rsa-Encryption1(4), rsa-Encryption2(5) } ACCESS read-only STATUS mandatory DESCRIPTION "a value which identifies Phase 1 authentication method" ::= { nsVpnMonEntry 11 } nsVpnMonVpnType OBJECT-TYPE SYNTAX INTEGER { reserved(0), dialup(1), site-to-site(2) } ACCESS read-only STATUS mandatory DESCRIPTION "The type of this VPN tunnel, either a dialup or site-to-site " ::= { nsVpnMonEntry 12 } nsVpnMonRmtGwIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The peer Gateway's IP address " ::= { nsVpnMonEntry 13 } nsVpnMonRmtGwId OBJECT-TYPE SYNTAX DisplayString (SIZE (0..512)) ACCESS read-only STATUS mandatory DESCRIPTION "The peer Gateway's ID " ::= { nsVpnMonEntry 14 } nsVpnMonMyGwIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The local Gateway's IP address " ::= { nsVpnMonEntry 15 } nsVpnMonMyGwId OBJECT-TYPE SYNTAX DisplayString (SIZE (0..512)) ACCESS read-only STATUS mandatory DESCRIPTION "The local Gateway's ID " ::= { nsVpnMonEntry 16 } nsVpnMonOutSpi OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The SPI for outgoing packets " ::= { nsVpnMonEntry 17 } nsVpnMonInSpi OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The SPI for incoming packets " ::= { nsVpnMonEntry 18 } nsVpnMonMonState OBJECT-TYPE SYNTAX INTEGER { off(0), on(1) } ACCESS read-only STATUS mandatory DESCRIPTION "The monitoring status, if it is on, an icmp ping will be sent over the tunnel periodically to test the conntivity and latency " ::= { nsVpnMonEntry 19 } nsVpnMonTunnelState OBJECT-TYPE SYNTAX INTEGER { down(0), up(1) } ACCESS read-only STATUS mandatory DESCRIPTION "The current tunnel status determined by the icmp ping if The monitoring status is on." ::= { nsVpnMonEntry 20 } nsVpnMonP1State OBJECT-TYPE SYNTAX INTEGER { inactive(0), active(1) } ACCESS read-only STATUS mandatory DESCRIPTION "The IKE's Phase 1 status" ::= { nsVpnMonEntry 21 } nsVpnMonP1LifeTime OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "an active Phase 1 sa's time left before re-key. -1 means unlimited lifetime." ::= { nsVpnMonEntry 22 } nsVpnMonP2State OBJECT-TYPE SYNTAX INTEGER { inactive(0), active(1) } ACCESS read-only STATUS mandatory DESCRIPTION "The IKE's Phase 2 status" ::= { nsVpnMonEntry 23 } nsVpnMonP2LifeTime OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "an active Phase 2 sa's time left before re-key. -1 means unlimited life time." ::= { nsVpnMonEntry 24 } nsVpnMonP2LifeBytes OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "an active Phase 2 sa's bytes left before re-key. -1 means unlimited life bytes." ::= { nsVpnMonEntry 25 } nsVpnMonDelayAvg OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "a kind of rolling average of latency, in milliseconds. -1 has no meaning here, which means nsVpnMonDelayAvg has not been calculated yet." ::= { nsVpnMonEntry 26 } nsVpnMonDelayLast OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "latency in last sample, in milliseconds. -1 means either vpn tunnel is inactive or vpn tunnel monitor is not turned on." ::= { nsVpnMonEntry 27 } nsVpnMonAvail OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "percentage over 30 samples" ::= { nsVpnMonEntry 28 } END