AVAYA-IPSEC-MIB: View SNMP OID List / Download MIB

VENDOR: AVAYA COMMUNICATION


 Home MIB: AVAYA-IPSEC-MIB
Download as:   

Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
Keep in mind that standard MIB files can be successfully loaded by systems and programs only if all the required MIB's from the "Imports" section are already loaded.
The tree-like SNMP object navigator requires no explanations because it is very simple to use. And if you stumbled on this MIB from Google note that you can always go back to the home page if you need to perform another MIB or OID lookup.


Object Name OID Type Access Info
 avayaIpsecMib 1.3.6.1.4.1.6889.2.6.1
The MIB module for configuring IPSec functionality in Avaya converged Gateways.
     avipsMIBObjects 1.3.6.1.4.1.6889.2.6.1.1
         avipsGlobals 1.3.6.1.4.1.6889.2.6.1.1.1
             avipsGlobalsInvalidSpiRecovery 1.3.6.1.4.1.6889.2.6.1.1.1.1 truthvalue read-write
This object determines whether invalid-spi-recovery is enabled (true) or disabled (false). When enabled, the device shall open an IKE SA, if it does not already exist, in order to send DELETE message to the remote peer when receiving an invalid spi or invalid cookie with SIP of that remote peer. This causes faster recovery times in case of SADB inconsistency, but may cause D/DoS attack on the remote peer.
             avipsNatTEnabled 1.3.6.1.4.1.6889.2.6.1.1.1.2 truthvalue read-write
This object specifies whether IPSec NAT-T is invoked in the device. If this object is True then NAT-T is enabled.
             avipsNatTKeepaliveInterval 1.3.6.1.4.1.6889.2.6.1.1.1.3 integer32 read-write
This object determines the NAT-T keepalive interval in seconds. If this object is set to 0 then NAT-T keepalives are disabled.
             avipsCryptoEngineAccelEnabled 1.3.6.1.4.1.6889.2.6.1.1.1.4 truthvalue read-write
The value of this object determines whether IPSec HW acceleration is enabled or disabled. In case the HW does not support acceleration the value of this object shall be false.
         avipsIsakmpGroup 1.3.6.1.4.1.6889.2.6.1.1.2
             avipsIsakmpPeerTable 1.3.6.1.4.1.6889.2.6.1.1.2.1 no-access
This table contains a list of all the remote peers and peer-groups we are willing to establish an IPSec VPN connection with. Each entry represents a peer or a peer-group, and is indexed by the peer's IKE identification (type and value), or the peer-group name. Each peer entry points to the ISAKMP policy that will be used for IKE negotiations (as an initiator or a responder). Note that in case this entry represents a peer-group the value of IsakmpIdentityType shall be set to peerGroup. In that case certain columns in this row are N/A.
                 avipsIsakmpPeerEntry 1.3.6.1.4.1.6889.2.6.1.1.2.1.1 no-access
A specific entry.
                     avipsIsakmpPeerIdType 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.1 isakmpidentitytype no-access
This object is an enumeration identifying the type of the Identity value. Note that value can also be peerGroup, in that case avipsIsakmpPeerId contains the peer-group's name. Also note that certain columns in this row are N/A for peer-group (refer to specific objects' descriptions for details). This is also the first index component of this table.
                     avipsIsakmpPeerId 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.2 isakmpidentityvalue no-access
This object contains an Identity filter to be used to match against the identity payload in an IKE request. This is also the second index component of this table.
                     avipsIsakmpPeerDescription 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.3 displaystring read-write
Free text describing this row.
                     avipsIsakmpPeerIsaPlcyId1 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.4 integer32 read-write
This object contains the ID of the ISAKMP policy to be used in IKE Phase I negotiation with this peer. A value of 0 indicates that this object is empty. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
                     avipsIsakmpPeerInitiateMode 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.5 integer read-write
This object specifies how to initiate IKE when communicating with this peer: none(1) - Never initiate IKE with this peer (i.e. respond only) main(2) - Initiate Main Mode (MM) aggressive(3) - Initiate Aggressive Mode (AM) This object is N/A if avipsIsakmpPeerIdType is peerGroup. Enumeration: 'none': 1, 'main': 2, 'aggressive': 3.
                     avipsIsakmpPeerSelfIdType 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.6 isakmpidentitytype read-write
This object is an enumeration identifying the type of the Identity value which the local peer shall use in the its identity payload during Phase-1 negotiation. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
                     avipsIsakmpPeerSelfId 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.7 isakmpidentityvalue read-write
If not empty, this object specifies the identity value which the local peer will send in the identification payload during IKE Phase-1 negotiation. If this object is empty, the default local identity shall be sent, according to the value of avipsIsakmpPeerSelfIdType. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
                     avipsIsakmpPeerKeepaliveMetric 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.8 isakmpdpdkeepalivemetric read-write
The worry-metric to be used for deciding when to send R-U-THERE message to the remote peer. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
                     avipsIsakmpPeerKeepaliveInterval 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.9 integer32 read-write
The minimal interval, in seconds, between two consecutive R-U-THERE sent by the local peer, when the previous R-U-THERE message has been answered. The actual interval is based on this value and other parameters, such as the worry-metric. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
                     avipsIsakmpPeerKeepaliveRetryInterval 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.10 integer32 read-write
The actual interval, in seconds, between R-U-THERE retries sent by the local peer, when the previous R-U-THERE message has not been answered. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
                     avipsIsakmpPeerKeepaliveTrackId 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.11 integer32 read-write
Bind the status of this peer to an object-tracker by specifying the ID of the object-tracker (avstrTrackerId in AVAYA-SAA-TRACK-MIB). A value of 0 means that peer is not bound to any object-tracker. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
                     avipsIsakmpPeerContChannel 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.12 truthvalue read-write
This object determines whether continuous channel IKE mode is used for contacting the peer. Continuous channel IKE means that local peer tries to establish an IKE SA with the remote peer as soon as possible, also when there is no outbound traffic that requires it. This object is N/A if avipsIsakmpPeerIdType is peerGroup.
                     avipsIsakmpPeerRowStatus 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.13 rowstatus read-write
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table. Use createAndGo (not createAndWait) to create this row.
                     avipsIsakmpPeerGroupFailbacktoPrimaryInterval 1.3.6.1.4.1.6889.2.6.1.1.2.1.1.14 integer32 read-write
The amount of time in seconds that secondary peer shall be up (after primary peer went down) before there will be failback to primary peer (in case it is up again). The default value is 24 hours. Relevant for peer-group only (values 1 and up). For peer return value of 0.
             avipsPeerGroupPeersTable 1.3.6.1.4.1.6889.2.6.1.1.2.2 no-access
This table contains all the associations between peer-groups and isakmp peers. The relation between peer-group and isakmp peer is many-to-many. A valid peer-group (i.e. a peer-group that can be associated with an active crypto-list) contains one or more isakmp peers. An isakmp peer may be contained in zero or more peer-groups.
                 avipsPeerGroupPeersEntry 1.3.6.1.4.1.6889.2.6.1.1.2.2.1 no-access
A specific entry.
                     avipsPeerGroupPeersPGrpName 1.3.6.1.4.1.6889.2.6.1.1.2.2.1.1 displaystring no-access
The name of the peer-group associated with this isakmp peer. Note that there must exist a matching active entry in avipsIsakmpPeerTable which avipsIsakmpPeerIdType is peerGroup, otherwise a 'set' operation shall fail.
                     avipsPeerGroupPeersPeerIndex 1.3.6.1.4.1.6889.2.6.1.1.2.2.1.2 integer32 no-access
The ordered index of the peer within the peer-group.
                     avipsPeerGroupPeersPIdType 1.3.6.1.4.1.6889.2.6.1.1.2.2.1.3 isakmpidentitytype read-write
This object is an enumeration identifying the type of the Identity value of the peer associated with this IPSec connection. Note that value cannot be peerGroup. The contents of this object object is interpreted along with avipsPeerGroupPeersPIdValue.
                     avipsPeerGroupPeersPIdValue 1.3.6.1.4.1.6889.2.6.1.1.2.2.1.4 isakmpidentityvalue read-write
This object contains value of the peer ID. The contents of this object object is interpreted along with avipsPeerGroupPeersPIdType.
                     avipsPeerGroupPeersRowStatus 1.3.6.1.4.1.6889.2.6.1.1.2.2.1.5 rowstatus read-write
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table. Use createAndWait (not createAndGo) to create this row. This object is active(1) after avipsPeerGroupPeersPIdType and avipsPeerGroupPeersPIdValue are set.
             avipsIsakmpPlcyTable 1.3.6.1.4.1.6889.2.6.1.1.2.3 no-access
The table containing the list of all ISAKMP policy entries configured by the operator.
                 avipsIsakmpPlcyEntry 1.3.6.1.4.1.6889.2.6.1.1.2.3.1 no-access
Each entry contains the attributes associated with a single ISAKMP Policy entry.
                     avipsIsakmpPlcyId 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.1 integer32 no-access
The ID of this ISAKMP Policy entry. This is also the index of this table.
                     avipsIsakmpPlcyDescription 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.2 displaystring read-write
Free text describing this object.
                     avipsIsakmpPlcyDhGroup 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.3 diffhellmangrp read-write
This object specifies the Oakley group used for Diffie Hellman exchange in the Main Mode. If this policy item is selected to negotiate Main Mode with an IKE peer, the local entity chooses the group specified by this object to perform Diffie Hellman exchange with the peer.
                     avipsIsakmpPlcyEncrAlgo 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.4 ikeencryptalgo read-write
The encryption transform specified by this ISAKMP policy specification. The Internet Key Exchange (IKE) tunnels setup using this policy item would use the specified encryption transform to protect the ISAKMP PDUs.
                     avipsIsakmpPlcyHashAlgo 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.5 ikehashalgo read-write
The hash transform specified by this ISAKMP policy specification. The IKE tunnels setup using this policy item would use the specified hash transform to protect the ISAKMP PDUs.
                     avipsIsakmpPlcyLifetime 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.6 integer32 read-write
This object specifies the lifetime, in seconds, of the IKE tunnels generated using this policy specification.
                     avipsIsakmpPlcyAuth 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.7 integer read-write
The peer authentication method specified by this ISAKMP policy specification. If this policy entity is selected for negotiation with a peer, the local entity would authenticate the peer using the method specified by this object. Enumeration: 'preSharedKey': 2, 'none': 1.
                     avipsIsakmpPlcyRowStatus 1.3.6.1.4.1.6889.2.6.1.1.2.3.1.8 rowstatus read-write
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
         avipsIpsecGroup 1.3.6.1.4.1.6889.2.6.1.1.3
             avipsCryptoMapTable 1.3.6.1.4.1.6889.2.6.1.1.3.1 no-access
This table contains all the crypto maps configured by the user. A crypto map essentially concentrates all the IPSec protection policy required for establishing IKE Phase-1 and Phase-2 connections.
                 avipsCryptoMapEntry 1.3.6.1.4.1.6889.2.6.1.1.3.1.1 no-access
A specific crypto map entry.
                     avipsCryptoMapId 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.1 integer32 no-access
The ID of the crypto map entry. This is also the index of this table.
                     avipsCryptoMapDescription 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.2 displaystring read-write
Free text describing this object.
                     avipsCryptoMapPeerIdType 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.3 isakmpidentitytype read-write
This object is an enumeration identifying the type of the Identity value of the peer associated with this IPSec connection. The contents of this object object is interpreted along with avipsCryptoMapPeerIdValue.
                     avipsCryptoMapPeerIdValue 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.4 isakmpidentityvalue read-write
This object contains an Identity filter to be used to select the remote peer or peer-group when initiating IKE, and to match against the identity payload in an IKE request when responding to IKE. The contents of this object object is interpreted along with avipsCryptoMapPeerIdType.
                     avipsCryptoMapTranSetName1 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.5 displaystring read-write
The name of the transforms-set for this crypto map. This object is the index into the avipsTranSetTable.
                     avipsCryptoMapIsReady 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.6 truthvalue read-only
This field is true if and only if this crypto map entry and all the descendent configuration objects pointed by it are in the ready state. Note that crypto list activation requires that all the crypto maps it points to be ready.
                     avipsCryptoMapTunnelDscp 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.7 integer32 read-write
The method used to set the high 6 bits of the TOS in the outer IP header. A value of -1 indicates that the bits are copied from the payload's header. A value between 0 and 63 inclusive indicates that the bit field is set to the indicated value.
                     avipsCryptoMapContChannel 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.8 truthvalue read-write
This object determines whether continuous channel IPSec mode is used for the rule pointing to this crypto map. Continuous channel IPSec means that local peer tries to establish an IPSec SA with the remote peer as soon as possible, also when there is no outbound traffic that requires it.
                     avipsCryptoMapRowStatus 1.3.6.1.4.1.6889.2.6.1.1.3.1.1.9 rowstatus read-write
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by an active crypto list.
             avipsTranSetTable 1.3.6.1.4.1.6889.2.6.1.1.3.2 no-access
This table lists all the transform-sets which can be used to build or accept IPsec proposals.
                 avipsTranSetEntry 1.3.6.1.4.1.6889.2.6.1.1.3.2.1 no-access
An entry containing the information on an IPsec transform-set.
                     avipsTranSetName 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.1 displaystring no-access
The name of this particular transform-set be referred to by an avipsCryptoMapEntry. This is the index of this table.
                     avipsTranSetEspEncrTran 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.2 espencrtransform read-write
This object specifies the transform ID of the ESP encryption algorithm.
                     avipsTranSetEspHashTran 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.3 esphashtransform read-write
This object specifies the ESP hash algorithm ID.
                     avipsTranSetLifetime 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.4 integer32 read-write
This object specifies how long, in seconds, the security association (SA) derived from this transform should be used. The value 0 is reserved for future use.
                     avipsTranSetLifesize 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.5 integer32 read-write
This object specifies how long, in Kilobytes, the security association (SA) derived from this transform should be used. The value -1 means that no size based lifetime will be offered to the other side. The value 0 is reserved for future use.
                     avipsTranSetPfsGroup 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.6 diffhellmangrp read-write
This object specifies the DH group that shall be used for PFS in quick mode exchange, when creating the security association (SA) derived from this transform. The reserved value 'none' means that PFS shall not be used.
                     avipsTranSetEncapMode 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.7 ipsecencapmode read-write
This object determines the ESP encapsulation mode that will be used. Possible values are 'tunnel' and 'transport'. In case transport mode is configured, it shall be used only if possible, i.e. the SIP and DIP of the relevant rule are equivalent to the LTEP and RTEP. Otherwise tunnel mode is used.
                     avipsTranSetEspCompTran 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.8 integer read-write
This object specifies the ESP compression algorithm: none(1) - no compression algorithm. ippcpLzs(2) - IPPCP with LZS compression. Enumeration: 'ippcpLzs': 2, 'none': 1.
                     avipsTranRowStatus 1.3.6.1.4.1.6889.2.6.1.1.3.2.1.9 rowstatus read-write
This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. If active, this object must remain active if it is referenced by a row in another table.
         avipsMonitoringGroup 1.3.6.1.4.1.6889.2.6.1.1.4
             avipsMonitoringTables 1.3.6.1.4.1.6889.2.6.1.1.4.1
                 avipsMonitoringTablesGlobals 1.3.6.1.4.1.6889.2.6.1.1.4.1.1
                     avipsMonitorRstCntrs 1.3.6.1.4.1.6889.2.6.1.1.4.1.1.1 integer read-write
Use this object to reset all the IPSec counters. Set this object to reset(2) in order to do that. This operation is equivalent to issuing the 'clear crypto sa counters' command in the CLI. Enumeration: 'reset': 2, 'running': 1.
                     avipsMonitorRstCntrsLastChange 1.3.6.1.4.1.6889.2.6.1.1.4.1.1.2 timestamp read-only
sysUpTime when last IPSec counters reset by avipsMonitorRstCntrs or 'clear crypto sa counters' in CLI, in hundredths of a second.
                 avipsPeerTable 1.3.6.1.4.1.6889.2.6.1.1.4.1.2 no-access
This table contains entries for every active isakmp peer in the system. The word 'active' suggests that in case the peer is part of a redundant list of peers within a crypto map, only the peer that is currently active will be included.
                     avipsPeerEntry 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1 no-access
A specific peer entry.
                         avipsPeerLocalId 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.1 unsigned32 no-access
A synthetic ID that uniquely identifies the local peer for monitoring purpose. Note that this ID is persistent for this peer. This is also the first index component of this table.
                         avipsPeerRemoteId 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.2 unsigned32 no-access
A synthetic ID that uniquely identifies the remote peer for monitoring purpose. Note that this ID is persistent for this peer. This is also the second index component of this table.
                         avipsPeerLocalType 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.3 isakmpidentitytype read-only
The type of the local peer identity, as it was configured. If the local peer ID was configured as an interface name, the value of this object shall be ifName.
                         avipsPeerLocalValue 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.4 isakmpidentityvalue read-only
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is an interface name, then this is the name of the interface which IP is used to identify the local peer. If the local peer type is a fqdn, then this is the fqdn used to identify the local peer.
                         avipsPeerRemoteType 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.5 isakmpidentitytype read-only
The type of the remote peer identity.
                         avipsPeerRemoteValue 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.6 isakmpidentityvalue read-only
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a fqdn, then this is the fqdn used to identify the remote peer.
                         avipsPeerRemoteDescription 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.7 displaystring read-only
Free text describing the remote peer or peer-group. The value of this field is taken from avipsIsakmpPeerDescription.
                         avipsPeerLocalAddress 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.8 ipaddress read-only
The IP address of the local peer. This is derived from the local-address specified in the crypto-list that creates this connection. If the local peer type is an IP Address, then this is identical to avipsPeerLocalValue.
                         avipsPeerRemoteAddress 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.9 ipaddress read-only
The IP address of the remote peer. If the remote peer type is an IP Address, then this is identical to avipsPeerRemoteValue. If the remote peer type is a fqdn, then this is the IP address that was received by DNS resolution of the fqdn specified in IsakmpIdentityValue.
                         avipsPeerRemotePeerGrpActiveIndex 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.10 integer32 read-only
In case the remote is a peer-group, i.e. avipsPeerRemoteType is peerGroup, this object specifies the index within the peer-group of the currently active peer. This value is taken from avipsPeerGroupPeersPeerIndex of the active peer in this peer-group.
                         avipsPeerRemotePeerGrpActiveIdType 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.11 isakmpidentitytype read-only
In case the remote is a peer-group, i.e. avipsPeerRemoteType is peerGroup, this object specifies the id-type of the currently active peer. This value is taken from avipsIsakmpPeerIdType of the active peer in this peer-group.
                         avipsPeerRemotePeerGrpActiveIdValue 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.12 isakmpidentityvalue read-only
In case the remote is a peer-group, i.e. avipsPeerRemoteType is peerGroup, this object specifies the id-value of the currently active peer. This value is taken from avipsIsakmpPeerId of the active peer in this peer-group.
                         avipsPeerIsakmpState 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.13 integer read-only
This object specifies the state of the IKE connection between the peers. 1. closed - No IKE SA exists between peers because it was not negotiated yet, or because last IKE closed normally due to hard timeout, clear by admin, or DELETE received from the remote peer. This is also the initial state of the row when it is created. 2. inProgress - No IKE SA exists between peers, but it is currently being negotiated in Phase-1. 3. established - IKE SA exists between peers. 4. failed - No IKE SA exists between peers because of a failure. Possible reasons are: 1. Last time we tried to establish IKE the negotiation failed. 2. Last time we tried to establish IKE the remote peer DNS resolution failed. 3. During last connection DPD signaled a connection failure. 4. During last connection a track object signaled a connection failure. 5. The interface used for local-address does not have an IP address asigned to it 1 minute or more after this row was created. 6. Last time we negotiated Phase-2 the negotiation timed-out, and the current IKE was subsequently deleted. NOTE: When continuous-channel IKE is used, the state shall remain 'established' during the normal transition time between one IKE SA and the next. However, if the IKE SA was deleted due to a suspected problem then the state will change normally during the transition (i.e. 'closed' and then 'inProgress'). [Suspected problem: if the last IKE SA was DELETEd by the remote peer after less then 5 minutes,or if it was deleted by local admin] Enumeration: 'established': 3, 'inProgress': 2, 'closed': 1, 'failed': 4.
                         avipsPeerIsakmpStateLastChange 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.14 timestamp read-only
sysUpTime when the last change in avipsPeerIsakmpState occured, in hundredths of a second.
                         avipsPeerTunnelsClosed 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.15 gauge32 read-only
The number of IPSec tunnels associated with these peers, which are in the 'closed' state.
                         avipsPeerTunnelsInProgress 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.16 gauge32 read-only
The number of IPSec tunnels associated with these peers, which are in the 'inProgress' state.
                         avipsPeerTunnelsEstablished 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.17 gauge32 read-only
The number of IPSec tunnels associated with these peers, which are in the 'established' state.
                         avipsPeerTunnelsFailed 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.18 gauge32 read-only
The number of IPSec tunnels associated with these peers, which are in the 'failed' state.
                         avipsPeerInOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.19 counter32 read-only
The aggregate number of octets (bytes) successfully received through all the tunnels between the peers. This value is accumulated BEFORE determining whether or not the packet should be decompressed. This number is the sum of avipsTunnelInOctets together with avipsTunnelInOctetsWraps as a single 64-bit integer, for all the IPSec tunnels pertaining to the peers. See also avipsPeerInOctetsWraps for the number of times this counter has wrapped.
                         avipsPeerInOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.20 counter32 read-only
The number of times avipsPeerInOctets has wrapped.
                         avipsPeerInDecompOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.21 counter32 read-only
The aggregate number of decompressed octets (bytes) successfully received through all the tunnels between the peers. This value is accumulated AFTER the packet is decompressed. If compression is not being used in any of the tunnels, this value will match the value of avipsPeerInOctets. This number is the sum of avipsTunnelInDecompOctets together with avipsTunnelInDecompOctetsWraps as a single 64-bit integer, for all the tunnels pertaining to the peers. See also avipsPeerInDecompOctetsWraps for the number of times this counter has wrapped.
                         avipsPeerInDecompOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.22 counter32 read-only
The number of times avipsPeerInDecompOctets has wrapped.
                         avipsPeerInDecompRatio 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.23 gauge32 read-only
The overall decompression ratio * 100. This is the ratio between the number of octets received after decompression and the number of octets received before decompression. It is calculated as the integer of {[(avipsPeerInDecompOctetsWraps*2^32 + avipsPeerInDecompOctets) / (avipsPeerInOctetsWraps*2^32 + avipsPeerInOctets)] * 100}
                         avipsPeerInPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.24 counter32 read-only
The aggregate number of packets successfully received through all the tunnels between the peers. This number is the sum of avipsTunnelInPkts for all the tunnels pertaining to the peers.
                         avipsPeerInDropPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.25 counter32 read-only
The aggregate number of packets dropped after being received through any of the tunnels between the peers. This number is the sum of avipsTunnelInDropTotalPkts for all the tunnels pertaining to the peers.
                         avipsPeerOutOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.26 counter32 read-only
The aggregate number of octets (bytes) successfully transmitted through all the tunnels between the peers. This value is accumulated AFTER determining whether or not the packet should be compressed. This number is the sum of avipsTunnelOutOctets together with vipsTunnelOutOctetsWraps as a single 64-bit integer, for all the tunnels pertaining to the peers. See also avipsPeerOutOctetsWraps for the number of times this counter has wrapped.
                         avipsPeerOutOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.27 counter32 read-only
The number of times avipsPeerOutOctets has wrapped.
                         avipsPeerOutUncompOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.28 counter32 read-only
The aggregate number of uncompressed octets (bytes) successfully transmitted through this IPsec Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used in any of the tunnels, this value will match the value of avipsPeerOutOctets. This number is the sum of avipsTunnelOutUncompOctets together with avipsTunnelOutUncompOctetsWraps as a single 64-bit integer, for all the tunnels pertaining to the peers. See also avipsPeerOutUncompOctetsWraps for the number of times this counter has wrapped.
                         avipsPeerOutUncompOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.29 counter32 read-only
The number of times avipsPeerInDecompOctets has wrapped.
                         avipsPeerOutCompRatio 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.30 gauge32 read-only
The overall compression ratio * 100. This is the ratio between the number of outbound octets before compression and the number of outbound octets after compression. It is calculated as the integer of {[(avipsPeerOutUncompOctetsWraps*2^32 + avipsPeerOutUncompOctets) / (avipsPeerOutOctetsWraps*2^32 + avipsPeerOutOctets)]* 100}
                         avipsPeerOutPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.31 counter32 read-only
The aggregate number of packets successfully transmitted through all the tunnels between the peers. This number is the sum of avipsTunnelOutPkts for all the tunnels pertaining to the peers.
                         avipsPeerOutDropPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.2.1.32 counter32 read-only
The aggregate number of packets dropped before being transmitted through any of the tunnels between the peers. This number is the sum of avipsTunnelOutDropTotalPkts for all the tunnels pertaining to the peers.
                 avipsTunnelTable 1.3.6.1.4.1.6889.2.6.1.1.4.1.3 no-access
This table contains a entries for all the tunnels in the system. A 'tunnel' is a rule within an active crypto-list.
                     avipsTunnelEntry 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1 no-access
A specific tunnel entry.
                         avipsTunnelPeerLocalId 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.1 unsigned32 no-access
A synthetic ID that uniquely identifies the local peer for monitoring purpose. Note that this ID is persistent for this peer.
                         avipsTunnelPeerRemoteId 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.2 unsigned32 no-access
A synthetic ID that uniquely identifies the remote peer for monitoring purpose. Note that this ID is persistent for this peer.
                         avipsTunnelIndex 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.3 integer32 no-access
The ID of the crypto-list containing the rule that creates this tunnel. This is also the fifth index component of this table.
                         avipsTunnelSubIndex 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.4 integer32 no-access
The index of the crypto-list rule that creates this tunnel. This is also the sixth index component of this table.
                         avipsTunnelPeerLocalType 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.5 isakmpidentitytype read-only
The type of the local peer identity, as it was configured. If the local peer ID was configured as an interface name, the value of this object shall be ifName. This is also the first index component of this table.
                         avipsTunnelPeerLocalValue 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.6 isakmpidentityvalue read-only
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is an interface name, then this is the name of the interface which IP is used to identify the local peer. If the local peer type is a fqdn, then this is the fqdn used to identify the local peer. This is also the second index component of this table.
                         avipsTunnelPeerRemoteType 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.7 isakmpidentitytype read-only
The type of the remote peer identity. This is also the third index component of this table.
                         avipsTunnelPeerRemoteValue 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.8 isakmpidentityvalue read-only
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is a fqdn, then this is the fqdn used to identify the remote peer. This is also the fourth index component of this table.
                         avipsTunnelDescription 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.9 displaystring read-only
Free text describing this tunnel. The value of this field is taken from the description specified for the crypto-list rule that creates this tunnel.
                         avipsTunnelLocalAddress 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.10 ipaddress read-only
The IP address of the local peer.
                         avipsTunnelRemoteAddress 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.11 ipaddress read-only
The IP address of the remote peer.
                         avipsTunnelProxyLocalSubnet 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.12 ipaddress read-only
The local subnet address this tunnel protects.
                         avipsTunnelProxyLocalMask 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.13 ipaddress read-only
The local subnet mask this tunnel protects.
                         avipsTunnelProxyRemoteSubnet 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.14 ipaddress read-only
The remote subnet address this tunnel protects.
                         avipsTunnelProxyRemoteMask 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.15 ipaddress read-only
The remote subnet mask this tunnel protects.
                         avipsTunnelState 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.16 integer read-only
This object specifies the state of this tunnel. 1. closed - The tunnel does not exist between the peers because it was not negotiated yet, or because last tunnel closed normally due to hard timeout, clear by admin or DELETE received from the remote peer. This is also the initial state of the row when it is created. 2. inProgress - The tunnel does not exist between peers, but it is currently being negotiated in IKE Quick Mode. 3. established - The tunnel exists between peers. 4. failed - The tunnel does not exist between peers because of a failure: 1. Last time we tried to establish this tunnel the negotiation failed. 2. The connection with the remote peer has failed due to one of the following, and hence all the corresponding ipsec tunnels were closed: a. Last time we tried to establish IKE the negotiation failed. b. During last connection a track object signaled a connection failure. c. The interface used for local-address does not have an IP address asigned to it 1 minute or more after this row was created. NOTE: The word 'tunnel' in this context refers to 1 or more IPSec SAs (ESP or AH) between the peers, pertaining to the proxy addresses specified in this entry. As long as there is at least 1 SA established, the tunnel state shall remain 'established'. Enumeration: 'established': 3, 'inProgress': 2, 'closed': 1, 'failed': 4.
                         avipsTunnelStateLastChange 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.17 timestamp read-only
sysUpTime when the last change in avipsTunnelState occured, in hundredths of a second.
                         avipsTunnelLastCntrsReset 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.18 timestamp read-only
sysUpTime when last counter reset for this tunnel occured, in hundredths of a second. Counters are zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.19 counter32 read-only
The total number of octets (bytes) successfully received through this IPSec tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelInOctetsWraps for the number of times this counter has wrapped.
                         avipsTunnelInOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.20 counter32 read-only
The number of times avipsTunnelInOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInDecompOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.21 counter32 read-only
The total number of decompressed octets (bytes) successfully received through this IPsec Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of avipsTunnelInOctets. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelInDecompOctetsWraps for the number of times this counter has wrapped.
                         avipsTunnelInDecompOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.22 counter32 read-only
The number of times avipsTunnelInDecompOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInDecompRatio 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.23 gauge32 read-only
The overall decompression ratio * 100. This is the ratio between the number of octets received after decompression and the number of octets received before decompression. It is calculated as the integer of {[(avipsTunnelInDecompOctetsWraps*2^32 + avipsTunnelInDecompOctets) / (avipsTunnelInOctetsWraps*2^32 + avipsTunnelInOctets)] * 100}
                         avipsTunnelInPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.24 counter32 read-only
The number of packets succesfully received through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInDropTotalPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.25 counter32 read-only
The total number of packets discarded after being received through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInDropAntiReplayPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.26 counter32 read-only
The number of packets discarded after being received through this tunnel due to anti-replay verification failure. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInDropHmacFailPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.27 counter32 read-only
The number of packets discarded after being received through this tunnel due to HMAC verification failure. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInDropBadTrailerPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.28 counter32 read-only
The number of packets discarded after being received through this tunnel due to bad ESP trailer format received failure. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInDropInvalidIdPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.29 counter32 read-only
The number of packets discarded after being received through this tunnel due to invalid identity: inner (original) IP header address doesn't match the configured tunnel proxy IPs. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInDropUnprotectPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.30 counter32 read-only
The number of packets discarded after being received in the clear (unprotected) although they were expected to arrive protected by this tunnel (i.e. unprotected packets with source and destination IP matching the proxy IPs of this tunnel). This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInDropInvalidLenPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.31 counter32 read-only
The number of packets discarded after being received through this tunnel due to length being not aligned to cipher block. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelInDropSaExpiredPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.32 counter32 read-only
The number of packets discarded after being received through this tunnel due to SA KB lifetime being smaller then the external IP packet total length. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelOutOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.33 counter32 read-only
The total number of octets (bytes) successfully transmitted through this IPSec tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelOutOctetsWraps for the number of times this counter has wrapped.
                         avipsTunnelOutOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.34 counter32 read-only
The number of times avipsTunnelOutOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelOutUncompOctets 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.35 counter32 read-only
The total number of uncompressed octets (bytes) successfully transmitted through this IPsec Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of avipsTunnelOutOctets. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config). See also avipsTunnelOutUncompOctetsWraps for the number of times this counter has wrapped.
                         avipsTunnelOutUncompOctetsWraps 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.36 counter32 read-only
The number of times avipsTunnelInDecompOctets has wrapped. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelOutCompRatio 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.37 gauge32 read-only
The overall compression ratio * 100. This is the ratio between the number of outbound octets before compression and the number of outbound octets after compression. It is calculated as the integer of {[(avipsTunnelOutUncompOctetsWraps*2^32 + avipsTunnelOutUncompOctets) / (avipsTunnelOutOctetsWraps*2^32 + avipsTunnelOutOctets)]* 100}
                         avipsTunnelOutPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.38 counter32 read-only
The number of packets succesfully transmitted through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelOutDropTotalPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.39 counter32 read-only
The total number of packets dropped before being transmitted through this tunnel. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelOutDropNoSaPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.40 counter32 read-only
The number of packets dropped before being transmitted through this tunnel due to no IPSec SA existed when the packet arrived. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelOutDropSeqRolPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.41 counter32 read-only
The number of packets dropped before being transmitted through this tunnel due to sequence number rollover: the sequence number of the IPSec SA reached its capacity. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
                         avipsTunnelOutDropSaExpiredPkts 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.42 counter32 read-only
The number of packets dropped before being transmitted through this tunnel due to SA expired: SA KB lifetime is smaller then the external IP packet total length. This counter is zeroized when: o Issuing 'clear crypto sa counters' in CLI. o Setting avipsMonitorRstCntrs in MIB (equivalent to above). o Issuing 'clear crypto sa all' in CLI. o Activating the crypto-list on an interface for the first time. o Failing-over to a different peer. o Learning a new local-address (DHCP, PPPoE, user config).
     avipsMIBNotificationPrefix 1.3.6.1.4.1.6889.2.6.1.2
         avipsMIBNotifications 1.3.6.1.4.1.6889.2.6.1.2.0
             avipsIskampEstablished 1.3.6.1.4.1.6889.2.6.1.2.0.1
This notification is sent whenever avipsPeerIsakmpState moves into the 'established' state.
             avipsIskampClosed 1.3.6.1.4.1.6889.2.6.1.2.0.2
This notification is sent whenever avipsPeerIsakmpState moves into the 'closed' state, excluding during row creation.
             avipsIskampFailed 1.3.6.1.4.1.6889.2.6.1.2.0.3
This notification is sent whenever avipsPeerIsakmpState moves into the 'failed' state.
             avipsIpsecTunnelEstablished 1.3.6.1.4.1.6889.2.6.1.2.0.4
This notification is sent whenever avipsTunnelState moves into the 'established' state.
             avipsIpsecTunnelClosed 1.3.6.1.4.1.6889.2.6.1.2.0.5
This notification is sent whenever avipsTunnelState moves into the 'closed' state, excluding during row creation.
             avipsIpsecTunnelFailed 1.3.6.1.4.1.6889.2.6.1.2.0.6
This notification is sent whenever avipsTunnelState moves into the 'failed' state.
     avipsMIBConformance 1.3.6.1.4.1.6889.2.6.1.3
         avipsMIBGroups 1.3.6.1.4.1.6889.2.6.1.3.1
             avipsConfigurationGroup 1.3.6.1.4.1.6889.2.6.1.3.1.1
This group consists of: 1) Global configuration objects. 2) Isakmp configuration objects. 3) IPsec configuration objects.
             avipsMonitorGroup 1.3.6.1.4.1.6889.2.6.1.3.1.2
This group consists of: 1) Global monitoring objects. 2) Peer monitoring objects. 3) IPSec tunnels monitoring objects.
         avipsMIBCompliances 1.3.6.1.4.1.6889.2.6.1.3.2
             avipsMIBCompliance 1.3.6.1.4.1.6889.2.6.1.3.2.1
The compliance statement for SNMP entities the IP Security Protocol.