This is a MIB Module for monitoring the structures in IPSec-based Virtual Private Networks. The MIB has been designed to be adop...
Version: 2007-10-24
module CISCO-IPSEC-FLOW-MONITOR-MIB { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:smiv2:CISCO-IPSEC-FLOW-MONITOR-MIB"; prefix CISCO-IPSEC-FLOW-MONITOR-MIB; import CISCO-MEDIA-GATEWAY-MIB { prefix cisco-media; } import SNMPv2-TC { prefix snmpv2-tc; } import ietf-yang-smiv2 { prefix smiv2; } import ietf-yang-types { prefix yang; } organization "Tivoli Systems and Cisco Systems"; contact "Tivoli Systems Research Triangle Park, NC Cisco Systems 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-ipsecurity@cisco.com"; description "This is a MIB Module for monitoring the structures in IPSec-based Virtual Private Networks. The MIB has been designed to be adopted as an IETF standard. Hence Cisco-specific features of IPSec protocol are excluded from this MIB. Acronyms The following acronyms are used in this document: IPSec: Secure IP Protocol VPN: Virtual Private Network ISAKMP: Internet Security Association and Key Exchange Protocol IKE: Internet Key Exchange Protocol SA: Security Association MM: Main Mode - the process of setting up a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs QM: Quick Mode - the process of setting up Phase 2 Security Associations using a Phase 1 SA. Overview of IPsec MIB The MIB contains six major groups of objects which are used to manage the IPSec Protocol. These groups include a Levels Group, a Phase-1 Group, a Phase-2 Group, a History Group, a Failure Group and a TRAP Control Group. The following table illustrates the structure of the IPSec MIB. The Phase 1 group models objects pertaining to IKE negotiations and tunnels. The Phase 2 group models objects pertaining to IPSec data tunnels. The History group is to aid applications that do trending analysis. The Failure group is to enable an operator to do troubleshooting and debugging of the VPN Router. Further, counters are supported to aid Intrusion Detection. In addition to the five major MIB Groups, there are a number of Notifications. The following table illustrates the name and description of the IPSec TRAPs. For a detailed discussion, please refer to the IETF draft draft-ietf-ipsec-flow-monitoring-mib-00.txt."; revision "2007-10-24" { description "In the description of cipSecTunHistHcInDecompOctets, cipSecTunHcInOctets has been changed to cipSecTunHistHcInOctets. In the description of cipSecTunHistOutUncompOctets, cipSecTunOutOctets has been changed to cipSecTunHistOutOctets. In the description of cipSecTunHistHcOutUncompOctets, cipSecTunHcOutOctets has been changed to cipSecTunHistHcOutOctets. In the description of cipSecTunHistInDecompOctets, cipSecTunInOctets has been changed to cipSecTunHistInOctets."; } revision "2004-10-12" { description "Added two table for media gateway stats information: cikePhase1GWStatsTable (phase-1 IKE) cipSecPhase2GWStatsTable (phase-2 IPsec)"; } revision "2000-10-13" { description "Changed cipSecSpiValue to Unsigned32. Changed Protocol ranges to start at 0 instead of 1. Removed comment(s) incorrectly indicating this MIB was CiscoExperiment."; } revision "2000-08-17" { description "Initial version of this MIB module."; } smiv2:alias "ciscoIpSecFlowMonitorMIB" { smiv2:oid "1.3.6.1.4.1.9.9.171"; } smiv2:alias "cipSecMIBObjects" { smiv2:oid "1.3.6.1.4.1.9.9.171.1"; } smiv2:alias "cipSecLevels" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.1"; } smiv2:alias "cipSecPhaseOne" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2"; } smiv2:alias "cikeGlobalStats" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1"; } smiv2:alias "cipSecPhaseTwo" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3"; } smiv2:alias "cipSecGlobalStats" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1"; } smiv2:alias "cipSecHistory" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4"; } smiv2:alias "cipSecHistGlobal" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.1"; } smiv2:alias "cipSecHistGlobalCntl" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.1.1"; } smiv2:alias "cipSecHistPhaseOne" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2"; } smiv2:alias "cipSecHistPhaseTwo" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3"; } smiv2:alias "cipSecFailures" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.5"; } smiv2:alias "cipSecFailGlobal" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.1"; } smiv2:alias "cipSecFailGlobalCntl" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.1.1"; } smiv2:alias "cipSecFailPhaseOne" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2"; } smiv2:alias "cipSecFailPhaseTwo" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.3"; } smiv2:alias "cipSecTrapCntl" { smiv2:oid "1.3.6.1.4.1.9.9.171.1.6"; } smiv2:alias "cipSecMIBNotificationPrefix" { smiv2:oid "1.3.6.1.4.1.9.9.171.2"; } smiv2:alias "cipSecMIBNotifications" { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0"; } smiv2:alias "cipSecMIBConformance" { smiv2:oid "1.3.6.1.4.1.9.9.171.3"; } smiv2:alias "cipSecMIBGroups" { smiv2:oid "1.3.6.1.4.1.9.9.171.3.1"; } smiv2:alias "cipSecMIBCompliances" { smiv2:oid "1.3.6.1.4.1.9.9.171.3.2"; } typedef IPSIpAddress { type binary { length "4|16"; } description "An IP V4 or V6 Address."; } typedef IkePeerType { type enumeration { enum "ipAddrPeer" { value 1; } enum "namePeer" { value 2; } } description "The type of IPsec Phase-1 IKE peer identity. The IKE peer may be identified by: 1. an IP address, or 2. a host name."; } typedef IkeNegoMode { type enumeration { enum "main" { value 1; } enum "aggressive" { value 2; } } description "The IPsec Phase-1 IKE negotiation mode."; } typedef IkeHashAlgo { type enumeration { enum "none" { value 1; } enum "md5" { value 2; } enum "sha" { value 3; } } description "The hash algorithm used in IPsec Phase-1 IKE negotiations."; } typedef IkeAuthMethod { type enumeration { enum "none" { value 1; } enum "preSharedKey" { value 2; } enum "rsaSig" { value 3; } enum "rsaEncrypt" { value 4; } enum "revPublicKey" { value 5; } } description "The authentication method used in IPsec Phase-1 IKE negotiations."; } typedef DiffHellmanGrp { type enumeration { enum "none" { value 1; } enum "dhGroup1" { value 2; } enum "dhGroup2" { value 3; } } description "The Diffie Hellman Group used in negotiations."; } typedef KeyType { type enumeration { enum "ike" { value 1; } enum "manual" { value 2; } } description "The type of key used by an IPsec Phase-2 Tunnel."; } typedef EncapMode { type enumeration { enum "tunnel" { value 1; } enum "transport" { value 2; } } description "The encapsulation mode used by an IPsec Phase-2 Tunnel."; } typedef EncryptAlgo { type enumeration { enum "none" { value 1; } enum "des" { value 2; } enum "des3" { value 3; } } description "The encryption algorithm used in negotiations."; } typedef AuthAlgo { type enumeration { enum "none" { value 1; } enum "hmacMd5" { value 2; } enum "hmacSha" { value 3; } } description "The authentication algorithm used by a security association of an IPsec Phase-2 Tunnel."; } typedef CompAlgo { type enumeration { enum "none" { value 1; } enum "ldf" { value 2; } } description "The compression algorithm used by a security association of an IPsec Phase-2 Tunnel."; } typedef EndPtType { type enumeration { enum "singleIpAddr" { value 1; } enum "ipAddrRange" { value 2; } enum "ipSubnet" { value 3; } } description "The type of identity use to specify an IPsec End Point."; } typedef TunnelStatus { type enumeration { enum "active" { value 1; } enum "destroy" { value 2; } } description "The status of a Tunnel. Objects of this type may be used to bring the tunnel down by setting value of this object to destroy(2). Objects of this type cannot be used to create a Tunnel."; } typedef TrapStatus { type enumeration { enum "enabled" { value 1; } enum "disabled" { value 2; } } description "The administrative status for sending a TRAP."; } container CISCO-IPSEC-FLOW-MONITOR-MIB { config false; container cipSecLevels { smiv2:oid "1.3.6.1.4.1.9.9.171.1.1"; leaf cipSecMibLevel { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.1.1"; type int32 { range "1..4096"; } description "The level of the IPsec MIB."; } } // container cipSecLevels container cikeGlobalStats { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1"; leaf cikeGlobalActiveTunnels { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.1"; type yang:gauge32; description "The number of currently active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalPreviousTunnels { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.2"; type yang:counter32; units "SAs"; description "The total number of previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.3"; type yang:counter32; units "Octets"; description "The total number of octets received by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalInPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.4"; type yang:counter32; units "Packets"; description "The total number of packets received by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalInDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.5"; type yang:counter32; units "Packets"; description "The total number of packets which were dropped during receive processing by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalInNotifys { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.6"; type yang:counter32; units "Notification Payloads"; description "The total number of notifys received by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalInP2Exchgs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.7"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges received by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalInP2ExchgInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.8"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges which were received and found to be invalid by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalInP2ExchgRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.9"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges which were received and rejected by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalInP2SaDelRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.10"; type yang:counter32; units "Notification Payloads"; description "The total number of IPsec Phase-2 security association delete requests received by all currently and previously active and IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.11"; type yang:counter32; units "Octets"; description "The total number of octets sent by all currently and previously active and IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalOutPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.12"; type yang:counter32; units "Packets"; description "The total number of packets sent by all currently and previously active and IPsec Phase-1 Tunnels."; } leaf cikeGlobalOutDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.13"; type yang:counter32; units "Packets"; description "The total number of packets which were dropped during send processing by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalOutNotifys { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.14"; type yang:counter32; units "Notification Payloads"; description "The total number of notifys sent by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalOutP2Exchgs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.15"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalOutP2ExchgInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.16"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges which were sent and found to be invalid by all currently and previously active IPsec Phase-1 Tunnels."; } leaf cikeGlobalOutP2ExchgRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.17"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges which were sent and rejected by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalOutP2SaDelRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.18"; type yang:counter32; units "Notification Payloads"; description "The total number of IPsec Phase-2 SA delete requests sent by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalInitTunnels { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.19"; type yang:counter32; units "SAs"; description "The total number of IPsec Phase-1 IKE Tunnels which were locally initiated."; } leaf cikeGlobalInitTunnelFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.20"; type yang:counter32; units "SAs"; description "The total number of IPsec Phase-1 IKE Tunnels which were locally initiated and failed to activate."; } leaf cikeGlobalRespTunnelFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.21"; type yang:counter32; units "SAs"; description "The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated and failed to activate."; } leaf cikeGlobalSysCapFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.22"; type yang:counter32; units "Failures"; description "The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalAuthFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.23"; type yang:counter32; units "Failures"; description "The total number of authentications which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalDecryptFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.24"; type yang:counter32; units "Failures"; description "The total number of decryptions which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalHashValidFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.25"; type yang:counter32; units "Failures"; description "The total number of hash validations which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels."; } leaf cikeGlobalNoSaFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.1.26"; type yang:counter32; units "Failures"; description "The total number of non-existent Security Association in failures which occurred during processing of all current and previous IPsec Phase-1 IKE Tunnels."; } } // container cikeGlobalStats container cipSecGlobalStats { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1"; leaf cipSecGlobalActiveTunnels { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.1"; type yang:gauge32; description "The total number of currently active IPsec Phase-2 Tunnels."; } leaf cipSecGlobalPreviousTunnels { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.2"; type yang:counter32; units "Phase-2 Tunnels"; description "The total number of previously active IPsec Phase-2 Tunnels."; } leaf cipSecGlobalInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.3"; type yang:counter32; units "Octets"; description "The total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also cipSecGlobalInOctWraps for the number of times this counter has wrapped."; } leaf cipSecGlobalHcInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.4"; type yang:counter64; description "A high capacity count of the total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed."; } leaf cipSecGlobalInOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.5"; type yang:counter32; units "Integral units"; description "The number of times the global octets received counter (cipSecGlobalInOctets) has wrapped."; } leaf cipSecGlobalInDecompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.6"; type yang:counter32; units "Octets"; description "The total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecGlobalInOctets. See also cipSecGlobalInDecompOctWraps for the number of times this counter has wrapped."; } leaf cipSecGlobalHcInDecompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.7"; type yang:counter64; description "A high capacity count of the total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecGlobalHcInOctets."; } leaf cipSecGlobalInDecompOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.8"; type yang:counter32; units "Integral units"; description "The number of times the global decompressed octets received counter (cipSecGlobalInDecompOctets) has wrapped."; } leaf cipSecGlobalInPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.9"; type yang:counter32; units "Packets"; description "The total number of packets received by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalInDrops { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.10"; type yang:counter32; units "Packets"; description "The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels. This count does NOT include packets dropped due to Anti-Replay processing."; } leaf cipSecGlobalInReplayDrops { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.11"; type yang:counter32; units "Packets"; description "The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalInAuths { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.12"; type yang:counter32; units "Events"; description "The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalInAuthFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.13"; type yang:counter32; units "Failures"; description "The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalInDecrypts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.14"; type yang:counter32; units "Packets"; description "The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalInDecryptFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.15"; type yang:counter32; units "Packets"; description "The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.16"; type yang:counter32; units "Octets"; description "The total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed. See also cipSecGlobalOutOctWraps for the number of times this counter has wrapped."; } leaf cipSecGlobalHcOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.17"; type yang:counter64; description "A high capacity count of the total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed."; } leaf cipSecGlobalOutOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.18"; type yang:counter32; units "Integral units"; description "The number of times the global octets sent counter (cipSecGlobalOutOctets) has wrapped."; } leaf cipSecGlobalOutUncompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.19"; type yang:counter32; units "Octets"; description "The total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecGlobalOutOctets. See also cipSecGlobalOutDecompOctWraps for the number of times this counter has wrapped."; } leaf cipSecGlobalHcOutUncompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.20"; type yang:counter64; units "Octets"; description "A high capacity count of the total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecGlobalHcOutOctets."; } leaf cipSecGlobalOutUncompOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.21"; type yang:counter32; units "Integral units"; description "The number of times the global uncompressed octets sent counter (cipSecGlobalOutUncompOctets) has wrapped."; } leaf cipSecGlobalOutPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.22"; type yang:counter32; units "Packets"; description "The total number of packets sent by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalOutDrops { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.23"; type yang:counter32; units "Packets"; description "The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalOutAuths { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.24"; type yang:counter32; units "Events"; description "The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalOutAuthFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.25"; type yang:counter32; units "Failures"; description "The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalOutEncrypts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.26"; type yang:counter32; units "Packets"; description "The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalOutEncryptFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.27"; type yang:counter32; units "Failures"; description "The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalProtocolUseFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.28"; type yang:counter32; units "Failures"; description "The total number of protocol use failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels."; } leaf cipSecGlobalNoSaFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.29"; type yang:counter32; units "Failures"; description "The total number of non-existent Security Association in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecGlobalSysCapFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.1.30"; type yang:counter32; units "Failures"; description "The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels."; } } // container cipSecGlobalStats container cipSecHistGlobalCntl { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.1.1"; leaf cipSecHistTableSize { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.1.1.1"; type int32 { range "1..2147483647"; } description "The window size of the IPsec Phase-1 and Phase-2 History Tables. The IPsec Phase-1 and Phase-2 History Tables are implemented as a sliding window in which only the last n entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-1 and Phase-2 History Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, a BAD VALUE may be returned."; } leaf cipSecHistCheckPoint { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.1.1.2"; type enumeration { enum "ready" { value 1; } enum "checkPoint" { value 2; } } description "The current state of check point processing. This object will return ready when the agent is ready to create on-demand history entries for active IPsec Tunnels or checkPoint when the agent is currently creating on-demand history entries for active IPsec Tunnels. By setting this value to checkPoint, the agent will create: a) an entry in the IPsec Phase-1 Tunnel History for each active IPsec Phase-1 Tunnel and b) an entry in the IPsec Phase-2 Tunnel History Table and an entry in the IPsec Phase-2 Tunnel EndPoint History Table for each active IPsec Phase-2 Tunnel."; } } // container cipSecHistGlobalCntl container cipSecFailGlobalCntl { smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.1.1"; leaf cipSecFailTableSize { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.1.1.1"; type int32 { range "1..2147483647"; } description "The window size of the IPsec Phase-1 and Phase-2 Failure Tables. The IPsec Phase-1 and Phase-2 Failure Tables are implemented as a sliding window in which only the last n entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-1 and Phase-2 Failure Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, a BAD VALUE may be returned."; } } // container cipSecFailGlobalCntl container cipSecTrapCntl { smiv2:oid "1.3.6.1.4.1.9.9.171.1.6"; leaf cipSecTrapCntlIkeTunnelStart { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.1"; type TrapStatus; description "This object defines the administrative state of sending the IPsec IKE Phase-1 Tunnel Start TRAP"; } leaf cipSecTrapCntlIkeTunnelStop { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.2"; type TrapStatus; description "This object defines the administrative state of sending the IPsec IKE Phase-1 Tunnel Stop TRAP"; } leaf cipSecTrapCntlIkeSysFailure { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.3"; type TrapStatus; description "This object defines the administrative state of sending the IPsec IKE Phase-1 System Failure TRAP"; } leaf cipSecTrapCntlIkeCertCrlFailure { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.4"; type TrapStatus; description "This object defines the administrative state of sending the IPsec IKE Phase-1 Certificate/CRL Failure TRAP"; } leaf cipSecTrapCntlIkeProtocolFail { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.5"; type TrapStatus; description "This object defines the administrative state of sending the IPsec IKE Phase-1 Protocol Failure TRAP"; } leaf cipSecTrapCntlIkeNoSa { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.6"; type TrapStatus; description "This object defines the administrative state of sending the IPsec IKE Phase-1 No Security Association TRAP"; } leaf cipSecTrapCntlIpSecTunnelStart { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.7"; type TrapStatus; description "This object defines the administrative state of sending the IPsec Phase-2 Tunnel Start TRAP"; } leaf cipSecTrapCntlIpSecTunnelStop { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.8"; type TrapStatus; description "This object defines the administrative state of sending the IPsec Phase-2 Tunnel Stop TRAP"; } leaf cipSecTrapCntlIpSecSysFailure { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.9"; type TrapStatus; description "This object defines the administrative state of sending the IPsec Phase-2 System Failure TRAP"; } leaf cipSecTrapCntlIpSecSetUpFailure { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.10"; type TrapStatus; description "This object defines the administrative state of sending the IPsec Phase-2 Set Up Failure TRAP"; } leaf cipSecTrapCntlIpSecEarlyTunTerm { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.11"; type TrapStatus; description "This object defines the administrative state of sending the IPsec Phase-2 Early Tunnel Termination TRAP"; } leaf cipSecTrapCntlIpSecProtocolFail { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.12"; type TrapStatus; description "This object defines the administrative state of sending the IPsec Phase-2 Protocol Failure TRAP"; } leaf cipSecTrapCntlIpSecNoSa { smiv2:defval "disabled"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.6.13"; type TrapStatus; description "This object defines the administrative state of sending the IPsec Phase-2 No Security Association TRAP"; } } // container cipSecTrapCntl container cikePeerTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2"; description "The IPsec Phase-1 Internet Key Exchange Peer Table. There is one entry in this table for each IPsec Phase-1 IKE peer association which is currently associated with an active IPsec Phase-1 Tunnel. The IPsec Phase-1 IKE Tunnel associated with this IPsec Phase-1 IKE peer association may or may not be currently active."; list cikePeerEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2.1"; key "cikePeerLocalType cikePeerLocalValue cikePeerRemoteType cikePeerRemoteValue cikePeerIntIndex"; description "Each entry contains the attributes associated with an IPsec Phase-1 IKE peer association."; leaf cikePeerLocalType { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2.1.1"; type IkePeerType; description "The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. a host name."; } leaf cikePeerLocalValue { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2.1.2"; type snmpv2-tc:DisplayString; description "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a host name, then this is the host name used to identify the local peer."; } leaf cikePeerRemoteType { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2.1.3"; type IkePeerType; description "The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. a host name."; } leaf cikePeerRemoteValue { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2.1.4"; type snmpv2-tc:DisplayString; description "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a host name, then this is the host name used to identify the remote peer."; } leaf cikePeerIntIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2.1.5"; type int32 { range "1..2147483647"; } description "The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer."; } leaf cikePeerLocalAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2.1.6"; type IPSIpAddress; description "The IP address of the local peer."; } leaf cikePeerRemoteAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2.1.7"; type IPSIpAddress; description "The IP address of the remote peer."; } leaf cikePeerActiveTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2.1.8"; type snmpv2-tc:TimeInterval; description "The length of time that the peer association has existed in hundredths of a second."; } leaf cikePeerActiveTunnelIndex { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.2.1.9"; type int32 { range "1..2147483647"; } description "The index of the active IPsec Phase-1 IKE Tunnel (cikeTunIndex in the cikeTunnelTable) for this peer association. If an IPsec Phase-1 IKE Tunnel is not currently active, then the value of this object will be zero."; } } // list cikePeerEntry } // container cikePeerTable container cikeTunnelTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3"; description "The IPsec Phase-1 Internet Key Exchange Tunnel Table. There is one entry in this table for each active IPsec Phase-1 IKE Tunnel."; list cikeTunnelEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1"; key "cikeTunIndex"; description "Each entry contains the attributes associated with an active IPsec Phase-1 IKE Tunnel."; leaf cikeTunIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.1"; type int32 { range "1..2147483647"; } description "The index of the IPsec Phase-1 IKE Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647."; } leaf cikeTunLocalType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.2"; type IkePeerType; description "The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. a host name."; } leaf cikeTunLocalValue { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.3"; type snmpv2-tc:DisplayString; description "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a host name, then this is the host name used to identify the local peer."; } leaf cikeTunLocalAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.4"; type IPSIpAddress; description "The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel."; } leaf cikeTunLocalName { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.5"; type snmpv2-tc:DisplayString; description "The DNS name of the local IP address for the IPsec Phase-1 IKE Tunnel. If the DNS name associated with the local tunnel endpoint is not known, then the value of this object will be a NULL string."; } leaf cikeTunRemoteType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.6"; type IkePeerType; description "The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. a host name."; } leaf cikeTunRemoteValue { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.7"; type snmpv2-tc:DisplayString; description "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a host name, then this is the host name used to identify the remote peer."; } leaf cikeTunRemoteAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.8"; type IPSIpAddress; description "The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel."; } leaf cikeTunRemoteName { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.9"; type snmpv2-tc:DisplayString; description "The DNS name of the remote IP address of IPsec Phase-1 IKE Tunnel. If the DNS name associated with the remote tunnel endpoint is not known, then the value of this object will be a NULL string."; } leaf cikeTunNegoMode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.10"; type IkeNegoMode; description "The negotiation mode of the IPsec Phase-1 IKE Tunnel."; } leaf cikeTunDiffHellmanGrp { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.11"; type DiffHellmanGrp; description "The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations."; } leaf cikeTunEncryptAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.12"; type EncryptAlgo; description "The encryption algorithm used in IPsec Phase-1 IKE negotiations."; } leaf cikeTunHashAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.13"; type IkeHashAlgo; description "The hash algorithm used in IPsec Phase-1 IKE negotiations."; } leaf cikeTunAuthMethod { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.14"; type IkeAuthMethod; description "The authentication method used in IPsec Phase-1 IKE negotiations."; } leaf cikeTunLifeTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.15"; type int32 { range "1..2147483647"; } units "seconds"; description "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds."; } leaf cikeTunActiveTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.16"; type snmpv2-tc:TimeInterval; description "The length of time the IPsec Phase-1 IKE tunnel has been active in hundredths of seconds."; } leaf cikeTunSaRefreshThreshold { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.17"; type int32 { range "1..2147483647"; } units "seconds"; description "The security association refresh threshold in seconds."; } leaf cikeTunTotalRefreshes { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.18"; type yang:counter32; units "QM Exchanges"; description "The total number of security associations refreshes performed."; } leaf cikeTunInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.19"; type yang:counter32; units "Octets"; description "The total number of octets received by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunInPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.20"; type yang:counter32; units "Packets"; description "The total number of packets received by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunInDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.21"; type yang:counter32; units "Packets"; description "The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during receive processing."; } leaf cikeTunInNotifys { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.22"; type yang:counter32; units "Notification Payloads"; description "The total number of notifys received by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunInP2Exchgs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.23"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunInP2ExchgInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.24"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges received and found to be invalid by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunInP2ExchgRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.25"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges received and rejected by this IPsec Phase-1 Tunnel."; } leaf cikeTunInP2SaDelRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.26"; type yang:counter32; units "Notification Payloads"; description "The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.27"; type yang:counter32; units "Octets"; description "The total number of octets sent by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunOutPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.28"; type yang:counter32; units "Packets"; description "The total number of packets sent by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunOutDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.29"; type yang:counter32; units "Packets"; description "The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during send processing."; } leaf cikeTunOutNotifys { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.30"; type yang:counter32; units "Notification Payloads"; description "The total number of notifys sent by this IPsec Phase-1 Tunnel."; } leaf cikeTunOutP2Exchgs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.31"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunOutP2ExchgInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.32"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges sent and found to be invalid by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunOutP2ExchgRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.33"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges sent and rejected by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunOutP2SaDelRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.34"; type yang:counter32; units "Notification Payloads"; description "The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunStatus { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.3.1.35"; type TunnelStatus; description "The status of the MIB table row. This object can be used to bring the tunnel down by setting value of this object to destroy(2). This object cannot be used to create a MIB table row."; } } // list cikeTunnelEntry } // container cikeTunnelTable container cikePeerCorrTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.4"; description "The IPsec Phase-1 Internet Key Exchange Peer Association to IPsec Phase-2 Tunnel Correlation Table. There is one entry in this table for each active IPsec Phase-2 Tunnel."; list cikePeerCorrEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.4.1"; key "cikePeerCorrLocalType cikePeerCorrLocalValue cikePeerCorrRemoteType cikePeerCorrRemoteValue cikePeerCorrIntIndex cikePeerCorrSeqNum"; description "Each entry contains the attributes of an IPsec Phase-1 IKE Peer Association to IPsec Phase-2 Tunnel Correlation."; leaf cikePeerCorrLocalType { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.4.1.1"; type IkePeerType; description "The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. a host name."; } leaf cikePeerCorrLocalValue { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.4.1.2"; type snmpv2-tc:DisplayString; description "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a host name, then this is the host name used to identify the local peer."; } leaf cikePeerCorrRemoteType { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.4.1.3"; type IkePeerType; description "The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. a host name."; } leaf cikePeerCorrRemoteValue { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.4.1.4"; type snmpv2-tc:DisplayString; description "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a host name, then this is the host name used to identify the remote peer."; } leaf cikePeerCorrIntIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.4.1.5"; type int32 { range "1..2147483647"; } description "The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer."; } leaf cikePeerCorrSeqNum { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.4.1.6"; type int32 { range "1..2147483647"; } description "The sequence number of the local-remote peer association. This sequence number is used to uniquely identify multiple instances of an unique association between the local and remote peer."; } leaf cikePeerCorrIpSecTunIndex { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.4.1.7"; type int32 { range "1..2147483647"; } description "The index of the active IPsec Phase-2 Tunnel (cipSecTunIndex in the cipSecTunnelTable) for this IPsec Phase-1 IKE Peer Association."; } } // list cikePeerCorrEntry } // container cikePeerCorrTable container cikePhase1GWStatsTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5"; description "Phase-1 IKE stats information is included in this table. Each entry is related to a specific gateway which is identified by 'cmgwIndex'."; list cikePhase1GWStatsEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1"; key "cmgwIndex"; description "Each entry contains the attributes of an Phase-1 IKE stats information for the related gateway. There is only one entry for each gateway. The entry is created when a gateway up and cannot be deleted."; leaf cmgwIndex { type leafref { path "/cisco-media:CISCO-MEDIA-GATEWAY-MIB/cisco-media:cMediaGwTable/cisco-media:cMediaGwEntry/cisco-media:cmgwIndex"; } } leaf cikePhase1GWActiveTunnels { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.1"; type yang:gauge32; description "The number of currently active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWPreviousTunnels { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.2"; type yang:counter32; units "SAs"; description "The total number of previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.3"; type yang:counter32; units "Octets"; description "The total number of octets received by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWInPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.4"; type yang:counter32; units "Packets"; description "The total number of packets received by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWInDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.5"; type yang:counter32; units "Packets"; description "The total number of packets which were dropped during receive processing by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWInNotifys { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.6"; type yang:counter32; units "Notification Payloads"; description "The total number of notifys received by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWInP2Exchgs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.7"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges received by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWInP2ExchgInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.8"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges which were received and found to be invalid by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWInP2ExchgRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.9"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges which were received and rejected by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWInP2SaDelRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.10"; type yang:counter32; units "Notification Payloads"; description "The total number of IPsec Phase-2 'Security Association' delete requests received by all currently and previously active and IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.11"; type yang:counter32; units "Octets"; description "The total number of octets sent by all currently and previously active and IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWOutPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.12"; type yang:counter32; units "Packets"; description "The total number of packets sent by all currently and previously active and IPsec Phase-1 Tunnels."; } leaf cikePhase1GWOutDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.13"; type yang:counter32; units "Packets"; description "The total number of packets which were dropped during send processing by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWOutNotifys { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.14"; type yang:counter32; units "Notification Payloads"; description "The total number of notifys sent by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWOutP2Exchgs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.15"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWOutP2ExchgInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.16"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges which were sent and found to be invalid by all currently and previously active IPsec Phase-1 Tunnels."; } leaf cikePhase1GWOutP2ExchgRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.17"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges which were sent and rejected by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWOutP2SaDelRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.18"; type yang:counter32; units "Notification Payloads"; description "The total number of IPsec Phase-2 SA delete requests sent by all currently and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWInitTunnels { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.19"; type yang:counter32; units "SAs"; description "The total number of IPsec Phase-1 IKE Tunnels which were locally initiated."; } leaf cikePhase1GWInitTunnelFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.20"; type yang:counter32; units "SAs"; description "The total number of IPsec Phase-1 IKE Tunnels which were locally initiated and failed to activate."; } leaf cikePhase1GWRespTunnelFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.21"; type yang:counter32; units "SAs"; description "The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated and failed to activate."; } leaf cikePhase1GWSysCapFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.22"; type yang:counter32; units "Failures"; description "The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWAuthFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.23"; type yang:counter32; units "Failures"; description "The total number of authentications which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWDecryptFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.24"; type yang:counter32; units "Failures"; description "The total number of decryptions which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWHashValidFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.25"; type yang:counter32; units "Failures"; description "The total number of hash validations which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels."; } leaf cikePhase1GWNoSaFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.2.5.1.26"; type yang:counter32; units "Failures"; description "The total number of non-existent 'Security Association' failures occurred during processing of current and previous IPsec Phase-1 IKE Tunnels."; } } // list cikePhase1GWStatsEntry } // container cikePhase1GWStatsTable container cipSecTunnelTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2"; description "The IPsec Phase-2 Tunnel Table. There is one entry in this table for each active IPsec Phase-2 Tunnel."; list cipSecTunnelEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1"; key "cipSecTunIndex"; description "Each entry contains the attributes associated with an active IPsec Phase-2 Tunnel."; leaf cipSecTunIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.1"; type int32 { range "1..2147483647"; } description "The index of the IPsec Phase-2 Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647."; } leaf cipSecTunIkeTunnelIndex { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.2"; type int32 { range "1..2147483647"; } description "The index of the associated IPsec Phase-1 IKE Tunnel. (cikeTunIndex in the cikeTunnelTable)"; } leaf cipSecTunIkeTunnelAlive { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.3"; type boolean; description "An indicator which specifies whether or not the IPsec Phase-1 IKE Tunnel currently exists."; } leaf cipSecTunLocalAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.4"; type IPSIpAddress; description "The IP address of the local endpoint for the IPsec Phase-2 Tunnel."; } leaf cipSecTunRemoteAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.5"; type IPSIpAddress; description "The IP address of the remote endpoint for the IPsec Phase-2 Tunnel."; } leaf cipSecTunKeyType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.6"; type KeyType; description "The type of key used by the IPsec Phase-2 Tunnel."; } leaf cipSecTunEncapMode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.7"; type EncapMode; description "The encapsulation mode used by the IPsec Phase-2 Tunnel."; } leaf cipSecTunLifeSize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.8"; type int32 { range "1..2147483647"; } units "KBytes"; description "The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes."; } leaf cipSecTunLifeTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.9"; type int32 { range "1..2147483647"; } units "Seconds"; description "The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds."; } leaf cipSecTunActiveTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.10"; type snmpv2-tc:TimeInterval; description "The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds."; } leaf cipSecTunSaLifeSizeThreshold { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.11"; type int32 { range "1..2147483647"; } units "KBytes"; description "The security association LifeSize refresh threshold in kilobytes."; } leaf cipSecTunSaLifeTimeThreshold { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.12"; type int32 { range "1..2147483647"; } units "Seconds"; description "The security association LifeTime refresh threshold in seconds."; } leaf cipSecTunTotalRefreshes { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.13"; type yang:counter32; units "QM Exchanges"; description "The total number of security association refreshes performed."; } leaf cipSecTunExpiredSaInstances { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.14"; type yang:counter32; units "SAs"; description "The total number of security associations which have expired."; } leaf cipSecTunCurrentSaInstances { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.15"; type yang:gauge32; description "The number of security associations which are currently active or expiring."; } leaf cipSecTunInSaDiffHellmanGrp { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.16"; type DiffHellmanGrp; description "The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunInSaEncryptAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.17"; type EncryptAlgo; description "The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunInSaAhAuthAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.18"; type AuthAlgo; description "The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunInSaEspAuthAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.19"; type AuthAlgo; description "The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunInSaDecompAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.20"; type CompAlgo; description "The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunOutSaDiffHellmanGrp { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.21"; type DiffHellmanGrp; description "The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunOutSaEncryptAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.22"; type EncryptAlgo; description "The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunOutSaAhAuthAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.23"; type AuthAlgo; description "The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunOutSaEspAuthAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.24"; type AuthAlgo; description "The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunOutSaCompAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.25"; type CompAlgo; description "The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.26"; type yang:counter32; units "Octets"; description "The total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also cipSecTunInOctWraps for the number of times this counter has wrapped."; } leaf cipSecTunHcInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.27"; type yang:counter64; units "Octets"; description "A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed."; } leaf cipSecTunInOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.28"; type yang:counter32; units "Integral units"; description "The number of times the octets received counter (cipSecTunInOctets) has wrapped."; } leaf cipSecTunInDecompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.29"; type yang:counter32; units "Octets"; description "The total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecTunInOctets. See also cipSecTunInDecompOctWraps for the number of times this counter has wrapped."; } leaf cipSecTunHcInDecompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.30"; type yang:counter64; description "A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecTunHcInOctets."; } leaf cipSecTunInDecompOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.31"; type yang:counter32; units "Integral units"; description "The number of times the decompressed octets received counter (cipSecTunInDecompOctets) has wrapped."; } leaf cipSecTunInPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.32"; type yang:counter32; units "Packets"; description "The total number of packets received by this IPsec Phase-2 Tunnel."; } leaf cipSecTunInDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.33"; type yang:counter32; units "Packets"; description "The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing."; } leaf cipSecTunInReplayDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.34"; type yang:counter32; units "Packets"; description "The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel."; } leaf cipSecTunInAuths { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.35"; type yang:counter32; units "Events"; description "The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel."; } leaf cipSecTunInAuthFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.36"; type yang:counter32; units "Failures"; description "The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel ."; } leaf cipSecTunInDecrypts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.37"; type yang:counter32; units "Packets"; description "The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel."; } leaf cipSecTunInDecryptFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.38"; type yang:counter32; units "Failures"; description "The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel."; } leaf cipSecTunOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.39"; type yang:counter32; units "Octets"; description "The total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. See also cipSecTunOutOctWraps for the number of times this counter has wrapped."; } leaf cipSecTunHcOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.40"; type yang:counter64; description "A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed."; } leaf cipSecTunOutOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.41"; type yang:counter32; units "Integral units"; description "The number of times the out octets counter (cipSecTunOutOctets) has wrapped."; } leaf cipSecTunOutUncompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.42"; type yang:counter32; units "Octets"; description "The total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecTunOutOctets. See also cipSecTunOutDecompOctWraps for the number of times this counter has wrapped."; } leaf cipSecTunHcOutUncompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.43"; type yang:counter64; description "A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecTunHcOutOctets."; } leaf cipSecTunOutUncompOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.44"; type yang:counter32; units "Integral units"; description "The number of times the uncompressed octets sent counter (cipSecTunOutUncompOctets) has wrapped."; } leaf cipSecTunOutPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.45"; type yang:counter32; units "Packets"; description "The total number of packets sent by this IPsec Phase-2 Tunnel."; } leaf cipSecTunOutDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.46"; type yang:counter32; units "Packets"; description "The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel."; } leaf cipSecTunOutAuths { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.47"; type yang:counter32; units "Events"; description "The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel."; } leaf cipSecTunOutAuthFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.48"; type yang:counter32; units "Failures"; description "The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel."; } leaf cipSecTunOutEncrypts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.49"; type yang:counter32; units "Packets"; description "The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel."; } leaf cipSecTunOutEncryptFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.50"; type yang:counter32; units "Failures"; description "The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel."; } leaf cipSecTunStatus { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.2.1.51"; type TunnelStatus; description "The status of the MIB table row. This object can be used to bring the tunnel down by setting value of this object to destroy(2). When the value is set to destroy(2), the SA bundle is destroyed and this row is deleted from this table. When this MIB value is queried, the value of active(1) is always returned, if the instance exists. This object cannot be used to create a MIB table row."; } } // list cipSecTunnelEntry } // container cipSecTunnelTable container cipSecEndPtTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3"; description "The IPsec Phase-2 Tunnel Endpoint Table. This table contains an entry for each active endpoint associated with an IPsec Phase-2 Tunnel."; list cipSecEndPtEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1"; key "cipSecTunIndex cipSecEndPtIndex"; description "An IPsec Phase-2 Tunnel Endpoint entry."; leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecEndPtIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.1"; type int32 { range "1..2147483647"; } description "The number of the Endpoint associated with the IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647."; } leaf cipSecEndPtLocalName { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.2"; type snmpv2-tc:DisplayString; description "The DNS name of the local Endpoint."; } leaf cipSecEndPtLocalType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.3"; type EndPtType; description "The type of identity for the local Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet."; } leaf cipSecEndPtLocalAddr1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.4"; type IPSIpAddress; description "The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range."; } leaf cipSecEndPtLocalAddr2 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.5"; type IPSIpAddress; description "The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range."; } leaf cipSecEndPtLocalProtocol { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.6"; type int32 { range "0..255"; } description "The protocol number of the local Endpoint's traffic."; } leaf cipSecEndPtLocalPort { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.7"; type int32 { range "0..65535"; } description "The port number of the local Endpoint's traffic."; } leaf cipSecEndPtRemoteName { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.8"; type snmpv2-tc:DisplayString; description "The DNS name of the remote Endpoint."; } leaf cipSecEndPtRemoteType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.9"; type EndPtType; description "The type of identity for the remote Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet."; } leaf cipSecEndPtRemoteAddr1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.10"; type IPSIpAddress; description "The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range."; } leaf cipSecEndPtRemoteAddr2 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.11"; type IPSIpAddress; description "The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range."; } leaf cipSecEndPtRemoteProtocol { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.12"; type int32 { range "0..255"; } description "The protocol number of the remote Endpoint's traffic."; } leaf cipSecEndPtRemotePort { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.3.1.13"; type int32 { range "0..65535"; } description "The port number of the remote Endpoint's traffic."; } } // list cipSecEndPtEntry } // container cipSecEndPtTable container cipSecSpiTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.4"; description "The IPsec Phase-2 Security Protection Index Table. This table contains an entry for each active and expiring security association."; list cipSecSpiEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.4.1"; key "cipSecTunIndex cipSecSpiIndex"; description "Each entry contains the attributes associated with active and expiring IPsec Phase-2 security associations."; leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecSpiIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.4.1.1"; type int32 { range "1..2147483647"; } description "The number of the SPI associated with the Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each SPI associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647."; } leaf cipSecSpiDirection { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.4.1.2"; type enumeration { enum "in" { value 1; } enum "out" { value 2; } } description "The direction of the SPI."; } leaf cipSecSpiValue { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.4.1.3"; type uint32 { range "1..4294967295"; } description "The value of the SPI."; } leaf cipSecSpiProtocol { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.4.1.4"; type enumeration { enum "ah" { value 1; } enum "esp" { value 2; } enum "ipcomp" { value 3; } } description "The protocol of the SPI."; } leaf cipSecSpiStatus { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.4.1.5"; type enumeration { enum "active" { value 1; } enum "expiring" { value 2; } } description "The status of the SPI."; } } // list cipSecSpiEntry } // container cipSecSpiTable container cipSecPhase2GWStatsTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5"; description "Phase-2 IPsec stats information is included in this table. Each entry is related to a specific gateway which is identified by 'cmgwIndex'"; list cipSecPhase2GWStatsEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1"; key "cmgwIndex"; description "Each entry contains the attributes of an Phase-2 IPsec stats information for the related gateway. There is only one entry for each gateway. The entry is created when a gateway up and cannot be deleted."; leaf cmgwIndex { type leafref { path "/cisco-media:CISCO-MEDIA-GATEWAY-MIB/cisco-media:cMediaGwTable/cisco-media:cMediaGwEntry/cisco-media:cmgwIndex"; } } leaf cipSecPhase2GWActiveTunnels { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.1"; type yang:gauge32; description "The total number of currently active IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWPreviousTunnels { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.2"; type yang:counter32; units "Phase-2 Tunnels"; description "The total number of previously active IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.3"; type yang:counter32; units "Octets"; description "The total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also cipSecGlobalInOctWraps for the number of times this counter has wrapped."; } leaf cipSecPhase2GWInOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.4"; type yang:counter32; units "Integral units"; description "The number of times the global octets received counter (cipSecGlobalInOctets) has wrapped."; } leaf cipSecPhase2GWInDecompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.5"; type yang:counter32; units "Octets"; description "The total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecGlobalInOctets. See also cipSecGlobalInDecompOctWraps for the number of times this counter has wrapped."; } leaf cipSecPhase2GWInDecompOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.6"; type yang:counter32; units "Integral units"; description "The number of times the global decompressed octets received counter (cipSecGlobalInDecompOctets) has wrapped."; } leaf cipSecPhase2GWInPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.7"; type yang:counter32; units "Packets"; description "The total number of packets received by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWInDrops { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.8"; type yang:counter32; units "Packets"; description "The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels. This count does NOT include packets dropped due to Anti-Replay processing."; } leaf cipSecPhase2GWInReplayDrops { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.9"; type yang:counter32; units "Packets"; description "The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWInAuths { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.10"; type yang:counter32; units "Events"; description "The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWInAuthFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.11"; type yang:counter32; units "Failures"; description "The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWInDecrypts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.12"; type yang:counter32; units "Packets"; description "The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWInDecryptFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.13"; type yang:counter32; units "Packets"; description "The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.14"; type yang:counter32; units "Octets"; description "The total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed. See also cipSecGlobalOutOctWraps for the number of times this counter has wrapped."; } leaf cipSecPhase2GWOutOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.15"; type yang:counter32; units "Integral units"; description "The number of times the global octets sent counter (cipSecGlobalOutOctets) has wrapped."; } leaf cipSecPhase2GWOutUncompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.16"; type yang:counter32; units "Octets"; description "The total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecGlobalOutOctets. See also cipSecGlobalOutDecompOctWraps for the number of times this counter has wrapped."; } leaf cipSecPhase2GWOutUncompOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.17"; type yang:counter32; units "Integral units"; description "The number of times the global uncompressed octets sent counter (cipSecGlobalOutUncompOctets) has wrapped."; } leaf cipSecPhase2GWOutPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.18"; type yang:counter32; units "Packets"; description "The total number of packets sent by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWOutDrops { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.19"; type yang:counter32; units "Packets"; description "The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWOutAuths { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.20"; type yang:counter32; units "Events"; description "The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWOutAuthFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.21"; type yang:counter32; units "Failures"; description "The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWOutEncrypts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.22"; type yang:counter32; units "Packets"; description "The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWOutEncryptFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.23"; type yang:counter32; units "Failures"; description "The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWProtocolUseFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.24"; type yang:counter32; units "Failures"; description "The total number of protocol use failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWNoSaFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.25"; type yang:counter32; units "Failures"; description "The total number of non-existent Security Association in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels."; } leaf cipSecPhase2GWSysCapFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.3.5.1.26"; type yang:counter32; units "Failures"; description "The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels."; } } // list cipSecPhase2GWStatsEntry } // container cipSecPhase2GWStatsTable container cikeTunnelHistTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1"; description "The IPsec Phase-1 Internet Key Exchange Tunnel History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the cipSecHistTableSize object."; list cikeTunnelHistEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1"; key "cikeTunHistIndex"; description "Each entry contains the attributes associated with a previously active IPsec Phase-1 IKE Tunnel."; leaf cikeTunHistIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.1"; type int32 { range "1..2147483647"; } description "The index of the IPsec Phase-1 IKE Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 2,147,483,647."; } leaf cikeTunHistTermReason { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.2"; type enumeration { enum "other" { value 1; } enum "normal" { value 2; } enum "operRequest" { value 3; } enum "peerDelRequest" { value 4; } enum "peerLost" { value 5; } enum "localFailure" { value 6; } enum "checkPointReg" { value 7; } } description "The reason the IPsec Phase-1 IKE Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = local failure occurred. 7 = operator initiated check point request"; } leaf cikeTunHistActiveIndex { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.3"; type int32 { range "1..2147483647"; } description "The index of the previously active IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistPeerLocalType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.4"; type IkePeerType; description "The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. a host name."; } leaf cikeTunHistPeerLocalValue { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.5"; type snmpv2-tc:DisplayString; description "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a host name, then this is the host name used to identify the local peer."; } leaf cikeTunHistPeerIntIndex { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.6"; type int32 { range "1..2147483647"; } description "The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer."; } leaf cikeTunHistPeerRemoteType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.7"; type IkePeerType; description "The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. a host name."; } leaf cikeTunHistPeerRemoteValue { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.8"; type snmpv2-tc:DisplayString; description "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a host name, then this is the host name used to identify the remote peer."; } leaf cikeTunHistLocalAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.9"; type IPSIpAddress; description "The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistLocalName { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.10"; type snmpv2-tc:DisplayString; description "The DNS name of the local IP address for the IPsec Phase-1 IKE Tunnel. If the DNS name associated with the local tunnel endpoint is not known, then the value of this object will be a NULL string."; } leaf cikeTunHistRemoteAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.11"; type IPSIpAddress; description "The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistRemoteName { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.12"; type snmpv2-tc:DisplayString; description "The DNS name of the remote IP address of IPsec Phase-1 IKE Tunnel. If the DNS name associated with the remote tunnel endpoint is not known, then the value of this object will be a NULL string."; } leaf cikeTunHistNegoMode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.13"; type IkeNegoMode; description "The negotiation mode of the IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistDiffHellmanGrp { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.14"; type DiffHellmanGrp; description "The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations."; } leaf cikeTunHistEncryptAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.15"; type EncryptAlgo; description "The encryption algorithm used in IPsec Phase-1 IKE negotiations."; } leaf cikeTunHistHashAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.16"; type IkeHashAlgo; description "The hash algorithm used in IPsec Phase-1 IKE negotiations."; } leaf cikeTunHistAuthMethod { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.17"; type IkeAuthMethod; description "The authentication method used in IPsec Phase-1 IKE negotiations."; } leaf cikeTunHistLifeTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.18"; type int32 { range "1..2147483647"; } description "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds."; } leaf cikeTunHistStartTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.19"; type yang:timestamp; description "The value of sysUpTime in hundredths of seconds when the IPsec Phase-1 IKE tunnel was started."; } leaf cikeTunHistActiveTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.20"; type snmpv2-tc:TimeInterval; description "The length of time the IPsec Phase-1 IKE tunnel was been active in hundredths of seconds."; } leaf cikeTunHistTotalRefreshes { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.21"; type yang:counter32; units "QM Exchanges"; description "The total number of security associations refreshes performed."; } leaf cikeTunHistTotalSas { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.22"; type yang:counter32; units "SAs"; description "The total number of security associations used during the life of the IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.23"; type yang:counter32; units "Octets"; description "The total number of octets received by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistInPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.24"; type yang:counter32; units "Packets"; description "The total number of packets received by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistInDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.25"; type yang:counter32; units "Packets"; description "The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during receive processing."; } leaf cikeTunHistInNotifys { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.26"; type yang:counter32; units "Notification Payloads"; description "The total number of notifys received by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistInP2Exchgs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.27"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistInP2ExchgInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.28"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges received and found to be invalid by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistInP2ExchgRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.29"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges received and rejected by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistInP2SaDelRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.30"; type yang:counter32; units "Notification Payloads"; description "The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.31"; type yang:counter32; units "Octets"; description "The total number of octets sent by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistOutPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.32"; type yang:counter32; units "Packets"; description "The total number of packets sent by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistOutDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.33"; type yang:counter32; units "Packets"; description "The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during send processing."; } leaf cikeTunHistOutNotifys { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.34"; type yang:counter32; units "Notification Payloads"; description "The total number of notifys sent by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistOutP2Exchgs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.35"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistOutP2ExchgInvalids { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.36"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges sent and found to be invalid by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistOutP2ExchgRejects { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.37"; type yang:counter32; units "SA Payloads"; description "The total number of IPsec Phase-2 exchanges sent and rejected by this IPsec Phase-1 IKE Tunnel."; } leaf cikeTunHistOutP2SaDelRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.2.1.1.38"; type yang:counter32; units "Notification Payloads"; description "The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel."; } } // list cikeTunnelHistEntry } // container cikeTunnelHistTable container cipSecTunnelHistTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1"; description "The IPsec Phase-2 Tunnel History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the cipSecHistTableSize object."; list cipSecTunnelHistEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1"; key "cipSecTunHistIndex"; description "Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel."; leaf cipSecTunHistIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.1"; type int32 { range "1..2147483647"; } description "The index of the IPsec Phase-2 Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 2,147,483,647."; } leaf cipSecTunHistTermReason { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.2"; type enumeration { enum "other" { value 1; } enum "normal" { value 2; } enum "operRequest" { value 3; } enum "peerDelRequest" { value 4; } enum "peerLost" { value 5; } enum "seqNumRollOver" { value 6; } enum "checkPointReq" { value 7; } } description "The reason the IPsec Phase-2 Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = local failure occurred 7 = operator initiated check point request"; } leaf cipSecTunHistActiveIndex { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.3"; type int32 { range "1..2147483647"; } description "The index of the previously active IPsec Phase-2 Tunnel."; } leaf cipSecTunHistIkeTunnelIndex { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.4"; type int32 { range "1..2147483647"; } description "The index of the associated IPsec Phase-1 Tunnel (cikeTunIndex in the cikeTunnelTable)."; } leaf cipSecTunHistLocalAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.5"; type IPSIpAddress; description "The IP address of the local endpoint for the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistRemoteAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.6"; type IPSIpAddress; description "The IP address of the remote endpoint for the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistKeyType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.7"; type KeyType; description "The type of key used by the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistEncapMode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.8"; type EncapMode; description "The encapsulation mode used by the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistLifeSize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.9"; type int32 { range "1..2147483647"; } units "KBytes"; description "The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes."; } leaf cipSecTunHistLifeTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.10"; type int32 { range "1..2147483647"; } units "Seconds"; description "The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds."; } leaf cipSecTunHistStartTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.11"; type yang:timestamp; description "The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started."; } leaf cipSecTunHistActiveTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.12"; type snmpv2-tc:TimeInterval; description "The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds."; } leaf cipSecTunHistTotalRefreshes { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.13"; type yang:counter32; units "QM Exchanges"; description "The total number of security association refreshes performed."; } leaf cipSecTunHistTotalSas { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.14"; type yang:counter32; units "SAs"; description "The total number of security associations used during the life of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistInSaDiffHellmanGrp { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.15"; type DiffHellmanGrp; description "The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistInSaEncryptAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.16"; type EncryptAlgo; description "The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistInSaAhAuthAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.17"; type AuthAlgo; description "The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistInSaEspAuthAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.18"; type AuthAlgo; description "The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistInSaDecompAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.19"; type CompAlgo; description "The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutSaDiffHellmanGrp { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.20"; type DiffHellmanGrp; description "The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutSaEncryptAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.21"; type EncryptAlgo; description "The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutSaAhAuthAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.22"; type AuthAlgo; description "The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutSaEspAuthAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.23"; type AuthAlgo; description "The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutSaCompAlgo { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.24"; type CompAlgo; description "The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel."; } leaf cipSecTunHistInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.25"; type yang:counter32; units "Octets"; description "The total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also cipSecTunInOctWraps for the number of times this counter has wrapped."; } leaf cipSecTunHistHcInOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.26"; type yang:counter64; description "A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed."; } leaf cipSecTunHistInOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.27"; type yang:counter32; units "Integral units"; description "The number of times the octets received counter (cipSecTunInOctets) has wrapped."; } leaf cipSecTunHistInDecompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.28"; type yang:counter32; units "Octets"; description "The total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecTunHistInOctets. See also cipSecTunInDecompOctWraps for the number of times this counter has wrapped."; } leaf cipSecTunHistHcInDecompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.29"; type yang:counter64; description "A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of cipSecTunHistHcInOctets."; } leaf cipSecTunHistInDecompOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.30"; type yang:counter32; units "Integral units"; description "The number of times the decompressed octets received counter (cipSecTunInDecompOctets) has wrapped."; } leaf cipSecTunHistInPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.31"; type yang:counter32; units "Packets"; description "The total number of packets received by this IPsec Phase-2 Tunnel."; } leaf cipSecTunHistInDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.32"; type yang:counter32; units "Packets"; description "The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing."; } leaf cipSecTunHistInReplayDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.33"; type yang:counter32; units "Packets"; description "The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel."; } leaf cipSecTunHistInAuths { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.34"; type yang:counter32; units "Events"; description "The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel."; } leaf cipSecTunHistInAuthFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.35"; type yang:counter32; units "Failures"; description "The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel ."; } leaf cipSecTunHistInDecrypts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.36"; type yang:counter32; units "Packets"; description "The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel."; } leaf cipSecTunHistInDecryptFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.37"; type yang:counter32; units "Failures"; description "The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.38"; type yang:counter32; units "Octets"; description "The total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. See also cipSecTunOutOctWraps for the number of times this counter has wrapped."; } leaf cipSecTunHistHcOutOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.39"; type yang:counter64; description "A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed."; } leaf cipSecTunHistOutOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.40"; type yang:counter32; units "Integral units"; description "The number of times the octets sent counter (cipSecTunOutOctets) has wrapped."; } leaf cipSecTunHistOutUncompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.41"; type yang:counter32; units "Octets"; description "The total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecTunHistOutOctets. See also cipSecTunOutDecompOctWraps for the number of times this counter has wrapped."; } leaf cipSecTunHistHcOutUncompOctets { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.42"; type yang:counter64; units "Octets"; description "A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of cipSecTunHistHcOutOctets."; } leaf cipSecTunHistOutUncompOctWraps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.43"; type yang:counter32; units "Integral units"; description "The number of times the uncompressed octets sent counter (cipSecTunOutUncompOctets) has wrapped."; } leaf cipSecTunHistOutPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.44"; type yang:counter32; units "Packets"; description "The total number of packets sent by this IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutDropPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.45"; type yang:counter32; units "Packets"; description "The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutAuths { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.46"; type yang:counter32; units "Events"; description "The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutAuthFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.47"; type yang:counter32; units "Failures"; description "The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutEncrypts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.48"; type yang:counter32; units "Packets"; description "The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel."; } leaf cipSecTunHistOutEncryptFails { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.1.1.49"; type yang:counter32; units "Failures"; description "The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel."; } } // list cipSecTunnelHistEntry } // container cipSecTunnelHistTable container cipSecEndPtHistTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2"; description "The IPsec Phase-2 Tunnel Endpoint History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the cipSecHistTableSize object."; list cipSecEndPtHistEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1"; key "cipSecEndPtHistIndex"; description "Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel Endpoint."; leaf cipSecEndPtHistIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.1"; type int32 { range "1..2147483647"; } description "The number of the previously active Endpoint associated with a IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647."; } leaf cipSecEndPtHistTunIndex { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.2"; type int32 { range "1..2147483647"; } description "The index of the previously active IPsec Phase-2 Tunnel Table."; } leaf cipSecEndPtHistActiveIndex { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.3"; type int32 { range "1..2147483647"; } description "The index of the previously active Endpoint."; } leaf cipSecEndPtHistLocalName { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.4"; type snmpv2-tc:DisplayString; description "The DNS name of the local Endpoint."; } leaf cipSecEndPtHistLocalType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.5"; type EndPtType; description "The type of identity for the local Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet."; } leaf cipSecEndPtHistLocalAddr1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.6"; type IPSIpAddress; description "The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range."; } leaf cipSecEndPtHistLocalAddr2 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.7"; type IPSIpAddress; description "The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range."; } leaf cipSecEndPtHistLocalProtocol { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.8"; type int32 { range "0..255"; } description "The protocol number of the local Endpoint's traffic."; } leaf cipSecEndPtHistLocalPort { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.9"; type int32 { range "0..65535"; } description "The port number of the local Endpoint's traffic."; } leaf cipSecEndPtHistRemoteName { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.10"; type snmpv2-tc:DisplayString; description "The DNS name of the remote Endpoint."; } leaf cipSecEndPtHistRemoteType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.11"; type EndPtType; description "The type of identity for the remote Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet."; } leaf cipSecEndPtHistRemoteAddr1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.12"; type IPSIpAddress; description "The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range."; } leaf cipSecEndPtHistRemoteAddr2 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.13"; type IPSIpAddress; description "The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range."; } leaf cipSecEndPtHistRemoteProtocol { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.14"; type int32 { range "0..255"; } description "The protocol number of the remote Endpoint's traffic."; } leaf cipSecEndPtHistRemotePort { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.4.3.2.1.15"; type int32 { range "0..65535"; } description "The port number of the remote Endpoint's traffic."; } } // list cipSecEndPtHistEntry } // container cipSecEndPtHistTable container cikeFailTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1"; description "The IPsec Phase-1 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the cipSecFailTableSize object."; list cikeFailEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1.1"; key "cikeFailIndex"; description "Each entry contains the attributes associated with an IPsec Phase-1 failure."; leaf cikeFailIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1.1.1"; type int32 { range "1..2147483647"; } description "The IPsec Phase-1 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 2,147,483,647."; } leaf cikeFailReason { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1.1.2"; type enumeration { enum "other" { value 1; } enum "peerDelRequest" { value 2; } enum "peerLost" { value 3; } enum "localFailure" { value 4; } enum "authFailure" { value 5; } enum "hashValidation" { value 6; } enum "encryptFailure" { value 7; } enum "internalError" { value 8; } enum "sysCapExceeded" { value 9; } enum "proposalFailure" { value 10; } enum "peerCertUnavailable" { value 11; } enum "peerCertNotValid" { value 12; } enum "localCertExpired" { value 13; } enum "crlFailure" { value 14; } enum "peerEncodingError" { value 15; } enum "nonExistentSa" { value 16; } enum "operRequest" { value 17; } } description "The reason for the failure. Possible reasons include: 1 = other 2 = peer delete request was received 3 = contact with peer was lost 4 = local failure occurred 5 = authentication failure 6 = hash validation failure 7 = encryption failure 8 = internal error occurred 9 = system capacity failure 10 = proposal failure 11 = peer's certificate is unavailable 12 = peer's certificate was found invalid 13 = local certificate expired 14 = certificate revoke list (crl) failure 15 = peer encoding error 16 = non-existent security association 17 = operator requested termination."; } leaf cikeFailTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1.1.3"; type yang:timestamp; description "The value of sysUpTime in hundredths of seconds at the time of the failure."; } leaf cikeFailLocalType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1.1.4"; type IkePeerType; description "The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. a host name."; } leaf cikeFailLocalValue { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1.1.5"; type snmpv2-tc:DisplayString; description "The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a host name, then this is the host name used to identify the local peer."; } leaf cikeFailRemoteType { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1.1.6"; type IkePeerType; description "The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. a host name."; } leaf cikeFailRemoteValue { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1.1.7"; type snmpv2-tc:DisplayString; description "The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a host name, then this is the host name used to identify the remote peer."; } leaf cikeFailLocalAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1.1.8"; type IPSIpAddress; description "The IP address of the local peer."; } leaf cikeFailRemoteAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.2.1.1.9"; type IPSIpAddress; description "The IP address of the remote peer."; } } // list cikeFailEntry } // container cikeFailTable container cipSecFailTable { smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.3.1"; description "The IPsec Phase-2 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the cipSecFailTableSize object."; list cipSecFailEntry { smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.3.1.1"; key "cipSecFailIndex"; description "Each entry contains the attributes associated with an IPsec Phase-1 failure."; leaf cipSecFailIndex { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.3.1.1.1"; type int32 { range "1..2147483647"; } description "The IPsec Phase-2 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 2,147,483,647."; } leaf cipSecFailReason { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.3.1.1.2"; type enumeration { enum "other" { value 1; } enum "internalError" { value 2; } enum "peerEncodingError" { value 3; } enum "proposalFailure" { value 4; } enum "protocolUseFail" { value 5; } enum "nonExistentSa" { value 6; } enum "decryptFailure" { value 7; } enum "encryptFailure" { value 8; } enum "inAuthFailure" { value 9; } enum "outAuthFailure" { value 10; } enum "compression" { value 11; } enum "sysCapExceeded" { value 12; } enum "peerDelRequest" { value 13; } enum "peerLost" { value 14; } enum "seqNumRollOver" { value 15; } enum "operRequest" { value 16; } } description "The reason for the failure. Possible reasons include: 1 = other 2 = internal error occurred 3 = peer encoding error 4 = proposal failure 5 = protocol use failure 6 = non-existent security association 7 = decryption failure 8 = encryption failure 9 = inbound authentication failure 10 = outbound authentication failure 11 = compression failure 12 = system capacity failure 13 = peer delete request was received 14 = contact with peer was lost 15 = sequence number rolled over 16 = operator requested termination."; } leaf cipSecFailTime { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.3.1.1.3"; type yang:timestamp; description "The value of sysUpTime in hundredths of seconds at the time of the failure."; } leaf cipSecFailTunnelIndex { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.3.1.1.4"; type int32 { range "1..2147483647"; } description "The Phase-2 Tunnel index (cipSecTunIndex)."; } leaf cipSecFailSaSpi { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.3.1.1.5"; type int32 { range "0..2147483647"; } description "The security association SPI value."; } leaf cipSecFailPktSrcAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.3.1.1.6"; type IPSIpAddress; description "The packet's source IP address."; } leaf cipSecFailPktDstAddr { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.171.1.5.3.1.1.7"; type IPSIpAddress; description "The packet's destination IP address."; } } // list cipSecFailEntry } // container cipSecFailTable } // container CISCO-IPSEC-FLOW-MONITOR-MIB notification cikeTunnelStart { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.1"; description "This notification is generated when an IPsec Phase-1 IKE Tunnel becomes active."; container object-1 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerLocalAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalAddr"; } } } // container object-1 container object-2 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerRemoteAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteAddr"; } } } // container object-2 container object-3 { leaf cikeTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunIndex"; } } leaf cikeTunLifeTime { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunLifeTime"; } } } // container object-3 } // notification cikeTunnelStart notification cikeTunnelStop { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.2"; description "This notification is generated when an IPsec Phase-1 IKE Tunnel becomes inactive."; container object-1 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerLocalAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalAddr"; } } } // container object-1 container object-2 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerRemoteAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteAddr"; } } } // container object-2 container object-3 { leaf cikeTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunIndex"; } } leaf cikeTunActiveTime { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikeTunActiveTime"; } } } // container object-3 } // notification cikeTunnelStop notification cikeSysFailure { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.3"; description "This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences an internal or system capacity error."; container object-1 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerLocalAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalAddr"; } } } // container object-1 container object-2 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerRemoteAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteAddr"; } } } // container object-2 } // notification cikeSysFailure notification cikeCertCrlFailure { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.4"; description "This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences a Certificate or a Certificate Revoke List (CRL) related error."; container object-1 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerLocalAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalAddr"; } } } // container object-1 container object-2 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerRemoteAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteAddr"; } } } // container object-2 } // notification cikeCertCrlFailure notification cikeProtocolFailure { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.5"; description "This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences a protocol related error."; container object-1 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerLocalAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalAddr"; } } } // container object-1 container object-2 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerRemoteAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteAddr"; } } } // container object-2 } // notification cikeProtocolFailure notification cikeNoSa { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.6"; description "This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences a non-existent security association error."; container object-1 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerLocalAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalAddr"; } } } // container object-1 container object-2 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerRemoteAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteAddr"; } } } // container object-2 } // notification cikeNoSa notification cipSecTunnelStart { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.7"; description "This notification is generated when an IPsec Phase-2 Tunnel becomes active."; container object-1 { leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecTunLifeTime { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunLifeTime"; } } } // container object-1 container object-2 { leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecTunLifeSize { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunLifeSize"; } } } // container object-2 } // notification cipSecTunnelStart notification cipSecTunnelStop { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.8"; description "This notification is generated when an IPsec Phase-2 Tunnel becomes inactive."; container object-1 { leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecTunActiveTime { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunActiveTime"; } } } // container object-1 } // notification cipSecTunnelStop notification cipSecSysFailure { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.9"; description "This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences an internal or system capacity error."; container object-1 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerLocalAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalAddr"; } } } // container object-1 container object-2 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerRemoteAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteAddr"; } } } // container object-2 container object-3 { leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecTunActiveTime { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunActiveTime"; } } } // container object-3 container object-4 { leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecSpiIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiIndex"; } } leaf cipSecSpiProtocol { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiProtocol"; } } } // container object-4 } // notification cipSecSysFailure notification cipSecSetUpFailure { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.10"; description "This notification is generated when the setup for an IPsec Phase-2 Tunnel fails."; container object-1 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerLocalAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalAddr"; } } } // container object-1 container object-2 { leaf cikePeerLocalType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalType"; } } leaf cikePeerLocalValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerLocalValue"; } } leaf cikePeerRemoteType { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteType"; } } leaf cikePeerRemoteValue { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteValue"; } } leaf cikePeerIntIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerIntIndex"; } } leaf cikePeerRemoteAddr { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cikePeerRemoteAddr"; } } } // container object-2 } // notification cipSecSetUpFailure notification cipSecEarlyTunTerm { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.11"; description "This notification is generated when an an IPsec Phase-2 Tunnel is terminated earily or before expected."; container object-1 { leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecTunActiveTime { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunActiveTime"; } } } // container object-1 container object-2 { leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecSpiIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiIndex"; } } leaf cipSecSpiProtocol { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiProtocol"; } } } // container object-2 } // notification cipSecEarlyTunTerm notification cipSecProtocolFailure { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.12"; description "This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences a protocol related error."; container object-1 { leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecTunActiveTime { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunActiveTime"; } } } // container object-1 container object-2 { leaf cipSecTunIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunnelEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecTunIndex"; } } leaf cipSecSpiIndex { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiIndex"; } } leaf cipSecSpiProtocol { type leafref { path "/CISCO-IPSEC-FLOW-MONITOR-MIB:CISCO-IPSEC-FLOW-MONITOR-MIB/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiTable/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiEntry/CISCO-IPSEC-FLOW-MONITOR-MIB:cipSecSpiProtocol"; } } } // container object-2 } // notification cipSecProtocolFailure notification cipSecNoSa { smiv2:oid "1.3.6.1.4.1.9.9.171.2.0.13"; description "This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences a non-existent security association error."; } // notification cipSecNoSa } // module CISCO-IPSEC-FLOW-MONITOR-MIB
© 2023 YumaWorks, Inc. All rights reserved.