IPSEC-FLOW-MONITOR-MIB: View SNMP OID List / Download MIB

VENDOR: INTERNET-STANDARD


 Home MIB: IPSEC-FLOW-MONITOR-MIB
Download as:   

Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
Keep in mind that standard MIB files can be successfully loaded by systems and programs only if all the required MIB's from the "Imports" section are already loaded.
The tree-like SNMP object navigator requires no explanations because it is very simple to use. And if you stumbled on this MIB from Google note that you can always go back to the home page if you need to perform another MIB or OID lookup.


Object Name OID Type Access Info
 ipSecFlowMonitorMIB 1.3.6.1.3.171
This is a MIB Module for monitoring the structure and status of IPSec-based networks. The MIB has bee designed to be adopted as an IETF standard. Henc vendor-specific features of IPSec protocol are exclude from this MIB. Acronyms The following acronyms are used in this document: IPSec: Secure IP Protocol VPN: Virtual Private Network ISAKMP: Internet Security Association and Key Exchange Protocol IKE: Internet Key Exchange Protocol SA: Security Association MM: Main Mode - the process of setting up a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs QM: Quick Mode - the process of setting up Phase 2 Security Associations using a Phase 1 SA. Phase 1 Tunnel: An ISAKMP SA can be regarded as representing a flow of ISAKMP/IKE traffic. Hence an ISAKMP is referred to as a 'Phase 1 Tunnel' in this document Control Tunnel: Another term for a Phase 1 Tunnel. Phase 2 Tunnel: AN instance of a non-ISAKMP SA bundle in which all the SA share the same proxy identifiers (IDii,IDir) protect the same stream of application traffic. Such an SA bundle is termed a 'Phase 2 Tunnel'. Note that a Phase 2 tunnel may comprise different SA bundles and different number of SA bundles at different times (due to key refresh). Overview of IPsec MIB The MIB contains six major groups of objects which are used to manage the IPSec Protocol. These groups include a Levels Group, a Phase-1 Group, a Phase-2 Group, a History Group, a Failure Group and a TRAP Control Group. The following table illustrates the structure of the IPSec MIB. The Phase 1 group models objects pertaining to IKE negotiations and Phase 1 tunnels. The Phase 2 group models objects pertaining to IPSec data tunnels. The History group is to aid applications that do trending analysis. The Failure group is to enable an operator to do troubleshooting and debugging of the VPN Router. Further, counters are supported to aid detection of potential security violations. In addition to the five major MIB Groups, there are a number of Notifications. The following table illustrates the name and description of the IPSec TRAPs. For a detailed discussion, please refer to the IETF draft draft-ietf-ipsec-flow-monitoring-mib-01.txt.
         ipSecMIBObjects 1.3.6.1.3.171.1
             ipSecLevels 1.3.6.1.3.171.1.1
                 ipSecMibLevel 1.3.6.1.3.171.1.1.1 integer32 read-only
The version of the IPsec MIB.
             ipSecPhaseOne 1.3.6.1.3.171.1.2
                 ikeGroup 1.3.6.1.3.171.1.2.1
                     ikeGlobalStats 1.3.6.1.3.171.1.2.1.1
                         ikeGlobalActiveTunnels 1.3.6.1.3.171.1.2.1.1.1 gauge32 read-only
The number of currently active IPsec Phase-1 IKE Tunnels. This is equal to the number of ISAKMP SAs currently active.
                         ikeGlobalPreviousTunnels 1.3.6.1.3.171.1.2.1.1.2 counter32 read-only
The total number of previously active IPsec Phase-1 IKE Tunnels. This is equal to the total number of ISAKMP SAs that were active since the bootup of the device but which have since expired.
                         ikeGlobalInOctets 1.3.6.1.3.171.1.2.1.1.3 counter32 read-only
The total number of octets received by all currently and previously active IPsec Phase-1 IKE Tunnels.
                         ikeGlobalInPkts 1.3.6.1.3.171.1.2.1.1.4 counter32 read-only
The total number of packets received by all currently and previously active IPsec Phase-1 IKE Tunnels.
                         ikeGlobalInDropPkts 1.3.6.1.3.171.1.2.1.1.5 counter32 read-only
The total number of packets which were dropped during receive processing by all currently and previously active IPsec Phase-1 IKE Tunnels.
                         ikeGlobalInNotifys 1.3.6.1.3.171.1.2.1.1.6 counter32 read-only
The total number of notifys received by all currently and previously active IPsec Phase-1 IKE Tunnels.
                         ikeGlobalInP2Exchgs 1.3.6.1.3.171.1.2.1.1.7 counter32 read-only
The total number of IPsec Phase-2 exchanges received by all currently and previously active IPsec Phase-1 IKE Tunnels.
                         ikeGlobalInP2ExchgInvalids 1.3.6.1.3.171.1.2.1.1.8 counter32 read-only
The total number of IPsec Phase-2 exchanges which were received and found to be contain references to unrecognized security parameters. This value is accumulated across all currently and previously active IPsec ISAKMP SAs.
                         ikeGlobalInP2ExchgRejects 1.3.6.1.3.171.1.2.1.1.9 counter32 read-only
The total number of IPsec Phase-2 exchanges which were received and validated but were rejected by the local policy. This value is accumulated across all currently and previously active IPsec ISAKMP SAs.
                         ikeGlobalInP2SaDelRequests 1.3.6.1.3.171.1.2.1.1.10 counter32 read-only
The total number of IPsec Phase-2 security association delete requests received by all currently and previously active and IPsec Phase-1 IKE Tunnels.
                         ikeGlobalOutOctets 1.3.6.1.3.171.1.2.1.1.11 counter32 read-only
The total number of octets sent by all currently and previously active and IPsec Phase-1 IKE Tunnels.
                         ikeGlobalOutPkts 1.3.6.1.3.171.1.2.1.1.12 counter32 read-only
The total number of packets sent by all currently and previously active and IPsec Phase-1 Tunnels.
                         ikeGlobalOutDropPkts 1.3.6.1.3.171.1.2.1.1.13 counter32 read-only
The total number of packets which were dropped during send processing by all currently and previously active IPsec Phase-1 IKE Tunnels.
                         ikeGlobalOutNotifys 1.3.6.1.3.171.1.2.1.1.14 counter32 read-only
The total number of notifys sent by all currently and previously active IPsec Phase-1 IKE Tunnels.
                         ikeGlobalOutP2Exchgs 1.3.6.1.3.171.1.2.1.1.15 counter32 read-only
The total number of IPsec Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 IKE Tunnels.
                         ikeGlobalOutP2ExchgInvalids 1.3.6.1.3.171.1.2.1.1.16 counter32 read-only
The total number of IPsec Phase-2 exchanges which were sent and were flagged by the peer to contain references to unrecognized security parameters. This value is accumulated across all currently and previously active IPsec ISAKMP SAs.
                         ikeGlobalOutP2ExchgRejects 1.3.6.1.3.171.1.2.1.1.17 counter32 read-only
The total number of IPsec Phase-2 exchanges which were sent, validated by the peer but were rejected by the peer's policy. This value is accumulated across all currently and previously active IPsec ISAKMP SAs.
                         ikeGlobalOutP2SaDelRequests 1.3.6.1.3.171.1.2.1.1.18 counter32 read-only
The total number of IPsec Phase-2 SA delete requests sent by all currently and previously active IPsec Phase-1 IKE Tunnels.
                         ikeGlobalInitTunnels 1.3.6.1.3.171.1.2.1.1.19 counter32 read-only
The total number of IPsec Phase-1 IKE Tunnels which were locally initiated.
                         ikeGlobalInitTunnelFails 1.3.6.1.3.171.1.2.1.1.20 counter32 read-only
The total number of IPsec Phase-1 IKE Tunnels which were locally initiated and failed to activate.
                         ikeGlobalRespTunnelFails 1.3.6.1.3.171.1.2.1.1.21 counter32 read-only
The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated and failed to activate.
                         ikeGlobalSysCapFails 1.3.6.1.3.171.1.2.1.1.22 counter32 read-only
The total number of system capcity failures which occurred during processing of all current and previously active IPsec Phase-1 IKE Tunnels.
                         ikeGlobalAuthFails 1.3.6.1.3.171.1.2.1.1.23 counter32 read-only
The total number of authentications which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels.
                         ikeGlobalDecryptFails 1.3.6.1.3.171.1.2.1.1.24 counter32 read-only
The total number of decryptions which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels.
                         ikeGlobalHashValidFails 1.3.6.1.3.171.1.2.1.1.25 counter32 read-only
The total number of hash validations which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels.
                         ikeGlobalNoSaFails 1.3.6.1.3.171.1.2.1.1.26 counter32 read-only
The total number of non-existent Security Association in failures which occurred during processing of all current and previous IPsec Phase-1 IKE Tunnels.
                         ikeGlobalRespTunnels 1.3.6.1.3.171.1.2.1.1.27 counter32 read-only
The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated.
                         ikeGlobalInXauthFailures 1.3.6.1.3.171.1.2.1.1.28 counter32 read-only
The number of times the extended authentication information supplied by an IKE peer was found to be invalid by the local entity.
                         ikeGlobalOutXauthFailures 1.3.6.1.3.171.1.2.1.1.29 counter32 read-only
The number of times the extended authentication information supplied by the managed entity to an IKE peer was found to be invalid by the remote peer.
                         ikeGlobalInP1SaDelRequests 1.3.6.1.3.171.1.2.1.1.30 counter32 read-only
The total number of ISAKMP security association delete requests received by all currently and previously active and ISAKMP security associations.
                         ikeGlobalOutP1SaDelRequests 1.3.6.1.3.171.1.2.1.1.31 counter32 read-only
The total number of ISAKMP security association delete requests sent by all currently and previously active and ISAKMP security associations.
                         ikeGlobalInConfigs 1.3.6.1.3.171.1.2.1.1.32 counter32 read-only
The total number of Mode Configuration settings received (either CFG-REPLY or CFG-SET payloads) by this entity.
                         ikeGlobalOutConfigs 1.3.6.1.3.171.1.2.1.1.33 counter32 read-only
The total number of Mode Configuration settings dispatched (either CFG-REPLY or CFG-SET payloads) by this entity.
                         ikeGlobalInConfigsRejects 1.3.6.1.3.171.1.2.1.1.34 counter32 read-only
The total number of Mode Configuration settings which were received (either CFG-REPLY or CFG-SET payloads) by this entity and which were rejected by the local entity.
                         ikeGlobalOutConfigsRejects 1.3.6.1.3.171.1.2.1.1.35 counter32 read-only
The total number of Mode Configuration settings which were dispatched (either CFG-REPLY or CFG-SET payloads) by this entity and which were rejected by the client peer.
                         ikeGlobalHcPreviousTunnels 1.3.6.1.3.171.1.2.1.1.36 counter64 read-only
A high capacity count of the total number of previously active IPsec Phase-1 IKE Tunnels. This i equal to the total number of ISAKMP SAs that were active since the bootup of the device but which have since expired.
                         ikeGlobalPreviousTunnelsWraps 1.3.6.1.3.171.1.2.1.1.37 counter32 read-only
The number of times the quantit `ikeGlobalPreviousTunnels' (previously active IPse Phase-1 IKE tunnels) has wrapped.
                     ikeTunnelTable 1.3.6.1.3.171.1.2.1.2 no-access
The IPsec Phase-1 Internet Key Exchange Tunnel Table. There is one entry in this table for each active IPsec Phase-1 IKE Tunnel.
                         ikeTunnelEntry 1.3.6.1.3.171.1.2.1.2.1 no-access
Each entry contains the attributes associated with an active IPsec Phase-1 IKE Tunnel.
                             ikeTunIndex 1.3.6.1.3.171.1.2.1.2.1.1 integer32 no-access
The index of the IPsec Phase-1 IKE Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.
                             ikeTunLocalType 1.3.6.1.3.171.1.2.1.2.1.2 phase1peeridentitytype read-only
The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name string. 3. or a distinguished name string.
                             ikeTunLocalValue 1.3.6.1.3.171.1.2.1.2.1.3 displaystring read-only
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is id-fqdn, then this is the FQDN of the remote peer. If the local peer type is a id-dn, then this is the distinguished name string of the local peer.
                             ikeTunLocalAddr 1.3.6.1.3.171.1.2.1.2.1.4 ipsipaddress read-only
The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel.
                             ikeTunLocalName 1.3.6.1.3.171.1.2.1.2.1.5 displaystring read-only
The DNS name of the local IP address for the IPsec Phase-1 IKE Tunnel. If the DNS name associated with the local tunnel endpoint is not known, then the value of this object will be a NULL string.
                             ikeTunRemoteType 1.3.6.1.3.171.1.2.1.2.1.6 phase1peeridentitytype read-only
The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name string. 3. or a distinguished name string.
                             ikeTunRemoteValue 1.3.6.1.3.171.1.2.1.2.1.7 displaystring read-only
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id-fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id-dn, then this is the distinguished named string of the remote peer.
                             ikeTunRemoteAddr 1.3.6.1.3.171.1.2.1.2.1.8 ipsipaddress read-only
The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel.
                             ikeTunRemoteName 1.3.6.1.3.171.1.2.1.2.1.9 displaystring read-only
The DNS name of the remote IP address of IPsec Phase-1 IKE Tunnel. If the DNS name associated with the remote tunnel endpoint is not known, then the value of this object will be a NULL string.
                             ikeTunNegoMode 1.3.6.1.3.171.1.2.1.2.1.10 ikenegomode read-only
The negotiation mode of the IPsec Phase-1 IKE Tunnel.
                             ikeTunDiffHellmanGrp 1.3.6.1.3.171.1.2.1.2.1.11 diffhellmangrp read-only
The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations.
                             ikeTunEncryptAlgo 1.3.6.1.3.171.1.2.1.2.1.12 encryptalgo read-only
The encryption algorithm used in IPsec Phase-1 IKE negotiations.
                             ikeTunHashAlgo 1.3.6.1.3.171.1.2.1.2.1.13 ikehashalgo read-only
The hash algorithm used in IPsec Phase-1 IKE negotiations.
                             ikeTunAuthMethod 1.3.6.1.3.171.1.2.1.2.1.14 ikeauthmethod read-only
The authentication method used in IPsec Phase-1 IKE negotiations.
                             ikeTunLifeTime 1.3.6.1.3.171.1.2.1.2.1.15 integer32 read-only
The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds.
                             ikeTunActiveTime 1.3.6.1.3.171.1.2.1.2.1.16 timeinterval read-only
The length of time the IPsec Phase-1 IKE tunnel has been active in hundredths of seconds.
                             ikeTunSaRefreshThreshold 1.3.6.1.3.171.1.2.1.2.1.17 integer32 read-only
The security assoication refresh threshold in seconds.
                             ikeTunTotalRefreshes 1.3.6.1.3.171.1.2.1.2.1.18 counter32 read-only
The total number of security associations refreshes performed.
                             ikeTunInOctets 1.3.6.1.3.171.1.2.1.2.1.19 counter32 read-only
The total number of octets received by this IPsec Phase-1 IKE Tunnel.
                             ikeTunInPkts 1.3.6.1.3.171.1.2.1.2.1.20 counter32 read-only
The total number of packets received by this IPsec Phase-1 IKE Tunnel.
                             ikeTunInDropPkts 1.3.6.1.3.171.1.2.1.2.1.21 counter32 read-only
The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during receive processing.
                             ikeTunInNotifys 1.3.6.1.3.171.1.2.1.2.1.22 counter32 read-only
The total number of notifys received by this IPsec Phase-1 IKE Tunnel.
                             ikeTunInP2Exchgs 1.3.6.1.3.171.1.2.1.2.1.23 counter32 read-only
The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel.
                             ikeTunInP2ExchgInvalids 1.3.6.1.3.171.1.2.1.2.1.24 counter32 read-only
The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters.
                             ikeTunInP2ExchgRejects 1.3.6.1.3.171.1.2.1.2.1.25 counter32 read-only
The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy.
                             ikeTunInP2SaDelRequests 1.3.6.1.3.171.1.2.1.2.1.26 counter32 read-only
The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel.
                             ikeTunOutOctets 1.3.6.1.3.171.1.2.1.2.1.27 counter32 read-only
The total number of octets sent by this IPsec Phase-1 IKE Tunnel.
                             ikeTunOutPkts 1.3.6.1.3.171.1.2.1.2.1.28 counter32 read-only
The total number of packets sent by this IPsec Phase-1 IKE Tunnel.
                             ikeTunOutDropPkts 1.3.6.1.3.171.1.2.1.2.1.29 counter32 read-only
The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during send processing.
                             ikeTunOutNotifys 1.3.6.1.3.171.1.2.1.2.1.30 counter32 read-only
The total number of notifys sent by this IPsec Phase-1 Tunnel.
                             ikeTunOutP2Exchgs 1.3.6.1.3.171.1.2.1.2.1.31 counter32 read-only
The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel.
                             ikeTunOutP2ExchgInvalids 1.3.6.1.3.171.1.2.1.2.1.32 counter32 read-only
The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer.
                             ikeTunOutP2ExchgRejects 1.3.6.1.3.171.1.2.1.2.1.33 counter32 read-only
The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy.
                             ikeTunOutP2SaDelRequests 1.3.6.1.3.171.1.2.1.2.1.34 counter32 read-only
The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel.
                             ikeTunStatus 1.3.6.1.3.171.1.2.1.2.1.35 tunnelstatus read-write
The status of the MIB table row. This object can be used to bring the tunnel down by setting value of this object to destroy(2). This object cannot be used to create a MIB table row.
                             ikeTunInNewGrpReqs 1.3.6.1.3.171.1.2.1.2.1.36 counter32 read-only
The total number of New Group exchanges initiated remotely using this IKE tunnel.
                             ikeTunOutNewGrpReqs 1.3.6.1.3.171.1.2.1.2.1.37 counter32 read-only
The total number of New Group exchanges initiated locally using this IKE tunnel.
                             ikeTunInNewGrpReqsRejected 1.3.6.1.3.171.1.2.1.2.1.38 counter32 read-only
The total number of New Group exchanges initiated remotely using this IKE tunnel that ended in a failure.
                             ikeTunOutNewGrpReqsRejected 1.3.6.1.3.171.1.2.1.2.1.39 counter32 read-only
The total number of New Group exchanges initiated locally using this IKE tunnel that ended in a failure.
                             ikeTunInConfigs 1.3.6.1.3.171.1.2.1.2.1.40 counter32 read-only
The total number of Mode Configuration settings received (either CFG-REPLY or CFG-SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel.
                             ikeTunOutConfigs 1.3.6.1.3.171.1.2.1.2.1.41 counter32 read-only
The total number of Mode Configuration settings dispatched (either CFG-REPLY or CFG-SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel.
                             ikeTunInConfigsRejects 1.3.6.1.3.171.1.2.1.2.1.42 counter32 read-only
The total number of Mode Configuration settings which were received (either CFG-REPLY or CFG-SET payloads) and rejected by this entity using the ISAKMP SA represented by this IKE tunnel.
                             ikeTunOutConfigsRejects 1.3.6.1.3.171.1.2.1.2.1.43 counter32 read-only
The total number of Mode Configuration settings which were dispatched (either CFG-REPLY or CFG-SET payloads) by this entity and were rejected by the peer (client) using the ISAKMP SA represented by this IKE tunnel.
                             ikeTunEncryptKeySize 1.3.6.1.3.171.1.2.1.2.1.44 integer32 read-only
The key size in bits of the negotiated key to be used with the algorithm denoted by the column 'ikeTunEncryptAlgo'. For DES and 3DES the key size i respectively 56 and 168. For AES, this will denote th negotiated key size.
                 phase1PeerTable 1.3.6.1.3.171.1.2.2 no-access
The IPsec Phase-1 Key Exchange Peer Table. Ther is one entry in this table for each IPsec Phase-1 pee with which the managed entity is currently associate by virtue of an active IPsec Phase-1 Control Tunnel. peer has an entry in this table, if and only if ther is at least one Phase-1 or Phase-2 tunnel terminatin on the managed entity from the peer. When all Phase- and Phase-2 tunnels to a peer have expired, the entr for the peer is deleted off this table.
                     phase1PeerEntry 1.3.6.1.3.171.1.2.2.1 no-access
Each entry contains the attributes associated with an IPsec Phase-1 IKE peer association.
                         phase1PeerLocalType 1.3.6.1.3.171.1.2.2.1.1 phase1peeridentitytype no-access
The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
                         phase1PeerLocalValue 1.3.6.1.3.171.1.2.2.1.2 displaystring read-only
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is a id-fqdn, then this is the FQDN of the local peer. If the local peer type is id-dn, then this is the DN string of the local peer. Value of this object could be arbitrarily large making this object unsuitable to be used for indexing this table (please refer to the definition of 'phase1PeerHLocalValue'.
                         phase1PeerHLocalValue 1.3.6.1.3.171.1.2.2.1.3 hashedstring no-access
The 128-bit MD5 hash output of the value represente by the element phase1PeerLocalValue. The hashing is required to restrict the length of the SNMP index to a legal size: phase1PeerHRemoteValue = MD5(phase1PeerLocalValue).
                         phase1PeerRemoteType 1.3.6.1.3.171.1.2.2.1.4 phase1peeridentitytype no-access
The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
                         phase1PeerRemoteValue 1.3.6.1.3.171.1.2.2.1.5 displaystring read-only
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id-fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id-dn, then this is the DN string of the remote peer. Value of this object could be arbitrarily large making this object unsuitable to be used for indexing this table (please refer to the definition of 'phase1PeerHRemoteValue'.
                         phase1PeerHRemoteValue 1.3.6.1.3.171.1.2.2.1.6 hashedstring no-access
The 128-bit MD5 hash output of the value represente by the element phase1PeerRemoteValue. The hashing is required to restrict the length of the SNMP index to a legal size: phase1PeerHRemoteValue = MD5(phase1PeerRemoteValue).
                         phase1PeerIntIndex 1.3.6.1.3.171.1.2.2.1.7 integer32 no-access
The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer.
                         phase1PeerLocalAddr 1.3.6.1.3.171.1.2.2.1.8 ipsipaddress read-only
The IP address of the local peer.
                         phase1PeerRemoteAddr 1.3.6.1.3.171.1.2.2.1.9 ipsipaddress read-only
The IP address of the remote peer.
                         phase1PeerActiveTime 1.3.6.1.3.171.1.2.2.1.10 timeinterval read-only
The length of time that the peer association has existed in hundredths of a second.
                         phase1PeerActiveTunnelIndex 1.3.6.1.3.171.1.2.2.1.11 integer32 read-only
The index of the active IPsec Phase-1 IKE Tunnel (ikeTunIndex in the ikeTunnelTable) for this peer association. If an IPsec Phase-1 IKE Tunnel is not currently active, then the value of this object will be zero.
                         phase1PeerConfigAppVersion 1.3.6.1.3.171.1.2.2.1.12 displaystring read-only
The NULL terminated printable application version of the peer. If the peer did not issue the APPLICATION-VERSION attribute, this field is NULL.
                         phase1PeerConfigAddress 1.3.6.1.3.171.1.2.2.1.13 ipsipaddress read-only
The IP address configured by the peer on this entity. If the local entity did not receive either INTERNAL-IP4-ADDRESS or INTERNAL-IP6-ADDRESS from the peer, this field should have the NULL IP address.
                         phase1PeerConfigNetmask 1.3.6.1.3.171.1.2.2.1.14 ipsipaddress read-only
The netmask configured by the peer on this entity. If the local entity did not receive either INTERNAL-V4-MASK or INTERNAL-IP6-MASK from the peer, this field should have the NULL IP address.
                         phase1PeerConfigDns 1.3.6.1.3.171.1.2.2.1.15 ipsipaddress read-only
The address of the DNS server configured by the peer on the local entity using CFG-SET or CFG-REPLY. If the local entity did not receive either INTERNAL-V4-DNS or INTERNAL-IP6-DNS from the peer, this field should have the NULL IP address.
                         phase1PeerConfigNbns 1.3.6.1.3.171.1.2.2.1.16 ipsipaddress read-only
The address of the NetBios Name Server configured by the peer on the local entity using CFG-SET or CFG-REPLY. If the local entity did not receive either INTERNAL-V4-NBNS INTERNAL-IP6-NBNS from the peer, this field should have the NULL IP address.
                         phase1PeerConfigDhcp 1.3.6.1.3.171.1.2.2.1.17 ipsipaddress read-only
The address of the DHCP Server configured by the peer on the local entity using CFG-SET or CFG-REPLY. If the local entity did not receive either INTERNAL-V4-DHCP INTERNAL-IP6-DHCP from the peer, this field should have the NULL IP address.
                         phase1Protocol 1.3.6.1.3.171.1.2.2.1.18 controlprotocol read-only
The keying and control protocol used to setup and administer Phase-1 and Phase-2 tunnels to this peer.
                 phase1PeerCorrTable 1.3.6.1.3.171.1.2.3 no-access
The IPsec Phase-1 Peer Association to IPsec Phase- Tunnel Correlation Table. There is one entry in this tabl for each active IPsec Phase-2 Tunnel.
                     phase1PeerCorrEntry 1.3.6.1.3.171.1.2.3.1 no-access
Each entry contains the attributes of an IPsec Phase-1 Peer Association to IPsec Phase- Tunnel Correlation.
                         phase1PeerCorrLocalType 1.3.6.1.3.171.1.2.3.1.1 phase1peeridentitytype no-access
The type of local peer identity. The local peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
                         phase1PeerCorrLocalValue 1.3.6.1.3.171.1.2.3.1.2 displaystring no-access
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is id-fqdn, then this is the FQDN of the local entity. If the local peer type is a id-dn, then this is the distinguished named string of the local peer.
                         phase1PeerCorrRemoteType 1.3.6.1.3.171.1.2.3.1.3 phase1peeridentitytype no-access
The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
                         phase1PeerCorrRemoteValue 1.3.6.1.3.171.1.2.3.1.4 displaystring no-access
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id-fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id-dn, then this is the distinguished named string of the remote peer.
                         phase1PeerCorrIntIndex 1.3.6.1.3.171.1.2.3.1.5 integer32 no-access
The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer.
                         phase1PeerCorrSeqNum 1.3.6.1.3.171.1.2.3.1.6 integer32 no-access
The sequence number of the local-remote peer association. This sequence number is used to uniquely identify multiple instances of an unique association between the local and remote peer.
                         phase1PeerCorrIpSecTunIndex 1.3.6.1.3.171.1.2.3.1.7 integer32 read-only
The index of the active IPsec Phase-2 Tunnel (ipSecTunIndex in the ipSecTunnelTable) for this IPsec Phase-1 IKE Peer Association.
                         phase1PeerCorrControlProtocol 1.3.6.1.3.171.1.2.3.1.8 controlprotocol read-only
The keying and control protocol used to setup and administer the Phase-1 and Phase-2 tunnels thi table entry refers to.
             ipSecPhaseTwo 1.3.6.1.3.171.1.3
                 ipSecGlobalStats 1.3.6.1.3.171.1.3.1
                     ipSecGlobalActiveTunnels 1.3.6.1.3.171.1.3.1.1 gauge32 read-only
The total number of currently active IPsec Phase-2 Tunnels.
                     ipSecGlobalPreviousTunnels 1.3.6.1.3.171.1.3.1.2 counter32 read-only
The total number of previously active IPsec Phase-2 Tunnels.
                     ipSecGlobalInOctets 1.3.6.1.3.171.1.3.1.3 counter32 read-only
The total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also ipSecGlobalInOctWraps for the number of times this counter has wrapped.
                     ipSecGlobalHcInOctets 1.3.6.1.3.171.1.3.1.4 counter64 read-only
A high capacity count of the total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
                     ipSecGlobalInOctWraps 1.3.6.1.3.171.1.3.1.5 counter32 read-only
The number of times the global octets received counter (ipSecGlobalInOctets) has wrapped.
                     ipSecGlobalInDecompOctets 1.3.6.1.3.171.1.3.1.6 counter32 read-only
The total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecGlobalInOctets. See also ipSecGlobalInDecompOctWraps for the number of times this counter has wrapped.
                     ipSecGlobalHcInDecompOctets 1.3.6.1.3.171.1.3.1.7 counter64 read-only
A high capacity count of the total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecGlobalHcInOctets.
                     ipSecGlobalInDecompOctWraps 1.3.6.1.3.171.1.3.1.8 counter32 read-only
The number of times the global decompressed octets received counter (ipSecGlobalInDecompOctets) has wrapped.
                     ipSecGlobalInPkts 1.3.6.1.3.171.1.3.1.9 counter32 read-only
The total number of packets received by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalInDrops 1.3.6.1.3.171.1.3.1.10 counter32 read-only
The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels. This count does NOT include packets dropped due to Anti-Replay processing.
                     ipSecGlobalInReplayDrops 1.3.6.1.3.171.1.3.1.11 counter32 read-only
The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalInAuths 1.3.6.1.3.171.1.3.1.12 counter32 read-only
The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalInAuthFails 1.3.6.1.3.171.1.3.1.13 counter32 read-only
The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalInDecrypts 1.3.6.1.3.171.1.3.1.14 counter32 read-only
The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalInDecryptFails 1.3.6.1.3.171.1.3.1.15 counter32 read-only
The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalOutOctets 1.3.6.1.3.171.1.3.1.16 counter32 read-only
The total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed. See also ipSecGlobalOutOctWraps for the number of times this counter has wrapped.
                     ipSecGlobalHcOutOctets 1.3.6.1.3.171.1.3.1.17 counter64 read-only
A high capacity count of the total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed.
                     ipSecGlobalOutOctWraps 1.3.6.1.3.171.1.3.1.18 counter32 read-only
The number of times the global octets sent counter (ipSecGlobalOutOctets) has wrapped.
                     ipSecGlobalOutUncompOctets 1.3.6.1.3.171.1.3.1.19 counter32 read-only
The total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecGlobalOutOctets. See also ipSecGlobalOutDecompOctWraps for the number of times this counter has wrapped.
                     ipSecGlobalHcOutUncompOctets 1.3.6.1.3.171.1.3.1.20 counter64 read-only
A high capacity count of the total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecGlobalHcOutOctets.
                     ipSecGlobalOutUncompOctWraps 1.3.6.1.3.171.1.3.1.21 counter32 read-only
The number of times the global uncompressed octets sent counter (ipSecGlobalOutUncompOctets) has wrapped.
                     ipSecGlobalOutPkts 1.3.6.1.3.171.1.3.1.22 counter32 read-only
The total number of packets sent by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalOutDrops 1.3.6.1.3.171.1.3.1.23 counter32 read-only
The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalOutAuths 1.3.6.1.3.171.1.3.1.24 counter32 read-only
The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalOutAuthFails 1.3.6.1.3.171.1.3.1.25 counter32 read-only
The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalOutEncrypts 1.3.6.1.3.171.1.3.1.26 counter32 read-only
The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalOutEncryptFails 1.3.6.1.3.171.1.3.1.27 counter32 read-only
The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalOutCompressedPkts 1.3.6.1.3.171.1.3.1.28 counter32 read-only
The cumulative number of outbound packets across all IPsec flows terminating at this device which were successfully compressed. This number is cumulative since the last system start.
                     ipSecGlobalOutCompSkippedPkts 1.3.6.1.3.171.1.3.1.29 counter32 read-only
The total number of outbound packets across all IPsec flows terminating at this devices that were to be compressed but which were skipped due to the compression hysteresis. This number is cumulative since the last system start.
                     ipSecGlobalOutCompFailPkts 1.3.6.1.3.171.1.3.1.30 counter32 read-only
The total number of outbound packets across all IPsec flows terminating at this device that failed compression because they grew in size after compression. This number is cumulative since the last system start.
                     ipSecGlobalOutCompTooSmallPkts 1.3.6.1.3.171.1.3.1.31 counter32 read-only
The total number of outbound packets across all IPsec flows terminating at this device that were to be compressed but were smaller than the compression threshold size. This number is cumulative since the last system start.
                     ipSecGlobalProtocolUseFails 1.3.6.1.3.171.1.3.1.32 counter32 read-only
The total number of protocol use failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels.
                     ipSecGlobalNoSaFails 1.3.6.1.3.171.1.3.1.33 counter32 read-only
The total number of non-existent Security Assocication in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels.
                     ipSecGlobalSysCapFails 1.3.6.1.3.171.1.3.1.34 counter32 read-only
The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels.
                     ipSecGlobalHcPreviousTunnels 1.3.6.1.3.171.1.3.1.35 counter64 read-only
A high capacity count of the total number of previously active IPsec Phase-2 Tunnels.
                     ipSecGlobalPreviousTunnelsWraps 1.3.6.1.3.171.1.3.1.36 counter32 read-only
The number of times the quantit `ipSecGlobalPreviousTunnels' (previously active IPse Phase-2 tunnels) has wrapped.
                 ipSecTunnelTable 1.3.6.1.3.171.1.3.2 no-access
The IPsec Phase-2 Tunnel Table. There is one entry in this table for each active IPsec Phase-2 Tunnel.
                     ipSecTunnelEntry 1.3.6.1.3.171.1.3.2.1 no-access
Each entry contains the attributes associated with an active IPsec Phase-2 Tunnel.
                         ipSecTunIndex 1.3.6.1.3.171.1.3.2.1.1 integer32 no-access
The index of the IPsec Phase-2 Tunnel Table. The value of the index is a number which begins at one and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647.
                         ipSecTunIkeTunnelIndex 1.3.6.1.3.171.1.3.2.1.2 integer32 read-only
The index of the associated IPsec Phase-1 IKE Tunnel. (ikeTunIndex in the ikeTunnelTable)
                         ipSecTunIkeTunnelAlive 1.3.6.1.3.171.1.3.2.1.3 truthvalue read-only
An indicator which specifies whether or not the IPsec Phase-1 IKE Tunnel currently exists. This object has been deprecated in favour of more generic pointers to the control tunnel (ipSecTunControlTunnelIndex).
                         ipSecTunLocalAddr 1.3.6.1.3.171.1.3.2.1.4 ipsipaddress read-only
The IP address of the local endpoint for the IPsec Phase-2 Tunnel.
                         ipSecTunRemoteAddr 1.3.6.1.3.171.1.3.2.1.5 ipsipaddress read-only
The IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
                         ipSecTunKeyType 1.3.6.1.3.171.1.3.2.1.6 keytype read-only
The type of key used by the IPsec Phase-2 Tunnel. This object has been deprecated in favour o ipSecTunControlProtocol.
                         ipSecTunEncapMode 1.3.6.1.3.171.1.3.2.1.7 encapmode read-only
The encapsulation mode used by the IPsec Phase-2 Tunnel.
                         ipSecTunLifeSize 1.3.6.1.3.171.1.3.2.1.8 integer32 read-only
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes.
                         ipSecTunLifeTime 1.3.6.1.3.171.1.3.2.1.9 integer32 read-only
The negotiated LifeTime of the IPsec Phase- Tunnel in seconds. If the tunnel was setup manually, the value of this MIB element should be 0.
                         ipSecTunActiveTime 1.3.6.1.3.171.1.3.2.1.10 timeinterval read-only
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
                         ipSecTunSaLifeSizeThreshold 1.3.6.1.3.171.1.3.2.1.11 integer32 read-only
The security association LifeSize refresh threshold in kilobytes. If the tunnel was setup manually, the value of this MIB element should be 0.
                         ipSecTunSaLifeTimeThreshold 1.3.6.1.3.171.1.3.2.1.12 integer32 read-only
The security association LifeTime refresh threshold in seconds. If the tunnel was setup manually, the value of this MIB element should be 0.
                         ipSecTunTotalRefreshes 1.3.6.1.3.171.1.3.2.1.13 counter32 read-only
The total number of security association refreshes performed.
                         ipSecTunExpiredSaInstances 1.3.6.1.3.171.1.3.2.1.14 counter32 read-only
The total number of security associations which have expired. If the tunnel was setup manually, the value of this MIB element should be 0.
                         ipSecTunCurrentSaInstances 1.3.6.1.3.171.1.3.2.1.15 gauge32 read-only
The number of security associations which are currently active or expiring.
                         ipSecTunInSaDiffHellmanGrp 1.3.6.1.3.171.1.3.2.1.16 diffhellmangrp read-only
The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. If the tunnel was setup manually, the value of this MIB element would be `none'.
                         ipSecTunInSaEncryptAlgo 1.3.6.1.3.171.1.3.2.1.17 encryptalgo read-only
The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                         ipSecTunInSaAhAuthAlgo 1.3.6.1.3.171.1.3.2.1.18 authalgo read-only
The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
                         ipSecTunInSaEspAuthAlgo 1.3.6.1.3.171.1.3.2.1.19 authalgo read-only
The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
                         ipSecTunInSaDecompAlgo 1.3.6.1.3.171.1.3.2.1.20 compalgo read-only
The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                         ipSecTunOutSaDiffHellmanGrp 1.3.6.1.3.171.1.3.2.1.21 diffhellmangrp read-only
The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. If the tunnel was setup manually, the value of this MIB element would be 'none'.
                         ipSecTunOutSaEncryptAlgo 1.3.6.1.3.171.1.3.2.1.22 encryptalgo read-only
The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel.
                         ipSecTunOutSaAhAuthAlgo 1.3.6.1.3.171.1.3.2.1.23 authalgo read-only
The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
                         ipSecTunOutSaEspAuthAlgo 1.3.6.1.3.171.1.3.2.1.24 authalgo read-only
The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
                         ipSecTunOutSaCompAlgo 1.3.6.1.3.171.1.3.2.1.25 compalgo read-only
The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                         ipSecTunPmtu 1.3.6.1.3.171.1.3.2.1.26 integer32 read-only
The Path MTU for this IPsec Phase-2 tunnel, which ha been either learnt from the network or which has been specified by the administrator. The lower end of the range is 68 which is the minimum MTU for IPv4.
                         ipSecTunInOctets 1.3.6.1.3.171.1.3.2.1.27 counter32 read-only
The total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also ipSecTunInOctWraps for the number of times this counter has wrapped.
                         ipSecTunHcInOctets 1.3.6.1.3.171.1.3.2.1.28 counter64 read-only
A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
                         ipSecTunInOctWraps 1.3.6.1.3.171.1.3.2.1.29 counter32 read-only
The number of times the octets received counter (ipSecTunInOctets) has wrapped.
                         ipSecTunInDecompOctets 1.3.6.1.3.171.1.3.2.1.30 counter32 read-only
The total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecTunInOctets. See also ipSecTunInDecompOctWraps for the number of times this counter has wrapped.
                         ipSecTunHcInDecompOctets 1.3.6.1.3.171.1.3.2.1.31 counter64 read-only
A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecTunHcInOctets.
                         ipSecTunInDecompOctWraps 1.3.6.1.3.171.1.3.2.1.32 counter32 read-only
The number of times the decompressed octets received counter (ipSecTunInDecompOctets) has wrapped.
                         ipSecTunInPkts 1.3.6.1.3.171.1.3.2.1.33 counter32 read-only
The total number of packets received by this IPsec Phase-2 Tunnel.
                         ipSecTunInDropPkts 1.3.6.1.3.171.1.3.2.1.34 counter32 read-only
The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing.
                         ipSecTunInReplayDropPkts 1.3.6.1.3.171.1.3.2.1.35 counter32 read-only
The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel.
                         ipSecTunInAuths 1.3.6.1.3.171.1.3.2.1.36 counter32 read-only
The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel.
                         ipSecTunInAuthFails 1.3.6.1.3.171.1.3.2.1.37 counter32 read-only
The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel .
                         ipSecTunInDecrypts 1.3.6.1.3.171.1.3.2.1.38 counter32 read-only
The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel.
                         ipSecTunInDecryptFails 1.3.6.1.3.171.1.3.2.1.39 counter32 read-only
The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel.
                         ipSecTunOutOctets 1.3.6.1.3.171.1.3.2.1.40 counter32 read-only
The total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. See also ipSecTunOutOctWraps for the number of times this counter has wrapped.
                         ipSecTunHcOutOctets 1.3.6.1.3.171.1.3.2.1.41 counter64 read-only
A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed.
                         ipSecTunOutOctWraps 1.3.6.1.3.171.1.3.2.1.42 counter32 read-only
The number of times the out octets counter (ipSecTunOutOctets) has wrapped.
                         ipSecTunOutUncompOctets 1.3.6.1.3.171.1.3.2.1.43 counter32 read-only
The total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecTunOutOctets. See also ipSecTunOutDecompOctWraps for the number of times this counter has wrapped.
                         ipSecTunHcOutUncompOctets 1.3.6.1.3.171.1.3.2.1.44 counter64 read-only
A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecTunHcOutOctets.
                         ipSecTunOutUncompOctWraps 1.3.6.1.3.171.1.3.2.1.45 counter32 read-only
The number of times the uncompressed octets sent counter (ipSecTunOutUncompOctets) has wrapped.
                         ipSecTunOutPkts 1.3.6.1.3.171.1.3.2.1.46 counter32 read-only
The total number of packets sent by this IPsec Phase-2 Tunnel.
                         ipSecTunOutDropPkts 1.3.6.1.3.171.1.3.2.1.47 counter32 read-only
The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel.
                         ipSecTunOutAuths 1.3.6.1.3.171.1.3.2.1.48 counter32 read-only
The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel.
                         ipSecTunOutAuthFails 1.3.6.1.3.171.1.3.2.1.49 counter32 read-only
The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel.
                         ipSecTunOutEncrypts 1.3.6.1.3.171.1.3.2.1.50 counter32 read-only
The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel.
                         ipSecTunOutEncryptFails 1.3.6.1.3.171.1.3.2.1.51 counter32 read-only
The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel.
                         ipSecTunOutCompressedPkts 1.3.6.1.3.171.1.3.2.1.52 counter32 read-only
The total number of outbound packets which were successfully compressed.
                         ipSecTunOutCompSkippedPkts 1.3.6.1.3.171.1.3.2.1.53 counter32 read-only
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis.
                         ipSecTunOutCompFailPkts 1.3.6.1.3.171.1.3.2.1.54 counter32 read-only
The total number of outbound packets that failed compression because they grew in size after compression.
                         ipSecTunOutCompTooSmallPkts 1.3.6.1.3.171.1.3.2.1.55 counter32 read-only
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size.
                         ipSecTunStatus 1.3.6.1.3.171.1.3.2.1.56 tunnelstatus read-write
The status of the MIB table row. This object can be used to bring the tunnel down by setting value of this object to destroy(2). When the value is set to destroy(2), the SA bundle is destroyed and this row is deleted from this table. When this MIB value is queried, the value of active(1) is always returned, if the instance exists. This object cannot be used to create a MIB table row.
                         ipSecTunControlProtocol 1.3.6.1.3.171.1.3.2.1.57 controlprotocol read-only
Identifies the protocol used to setup and administer this Phase-2 Ipsec tunnel. If IKE was used to setup this tunnel, then this value of this column would be `cp-ike'. A value of cp-none is indicative of a manually installed and administered Phase-2 tunnel.
                         ipSecTunControlTunnelIndex 1.3.6.1.3.171.1.3.2.1.58 integer32 read-only
The index of the associated IPsec Phase-1 Tunnel (in case of IKE, this value would refer t ikeTunIndex in the ikeTunnelTable). A value of 0 identifies that this Phase-2 tunne was setup manually.
                         ipSecTunControlTunnelAlive 1.3.6.1.3.171.1.3.2.1.59 truthvalue read-only
An indicator which specifies whether or not the IPsec Phase-1 Tunnel that spawned this Phase-2 tunnel currently exists.
                         ipSecTunInSaEncryptKeySize 1.3.6.1.3.171.1.3.2.1.60 integer32 read-only
The key size in bits of the negotiated key to be used with the algorithm denoted by ipSecTunInSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
                         ipSecTunOutSaEncryptKeySize 1.3.6.1.3.171.1.3.2.1.61 integer32 read-only
The key size in bits of the negotiated key to be used with the algorithm denoted by ipSecTunOutSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
                 ipSecEndPtTable 1.3.6.1.3.171.1.3.3 no-access
The IPsec Phase-2 Tunnel Endpoint Table. This table contains an entry for each active endpoint associated with an IPsec Phase-2 Tunnel.
                     ipSecEndPtEntry 1.3.6.1.3.171.1.3.3.1 no-access
An IPsec Phase-2 Tunnel Endpoint entry.
                         ipSecEndPtIndex 1.3.6.1.3.171.1.3.3.1.1 integer32 no-access
The number of the Endpoint associated with the IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647.
                         ipSecEndPtLocalName 1.3.6.1.3.171.1.3.3.1.2 displaystring read-only
The DNS name of the local Endpoint.
                         ipSecEndPtLocalType 1.3.6.1.3.171.1.3.3.1.3 endpttype read-only
The type of identity for the local Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet.
                         ipSecEndPtLocalAddr1 1.3.6.1.3.171.1.3.3.1.4 ipsipaddress read-only
The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range.
                         ipSecEndPtLocalAddr2 1.3.6.1.3.171.1.3.3.1.5 ipsipaddress read-only
The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range.
                         ipSecEndPtLocalProtocol 1.3.6.1.3.171.1.3.3.1.6 integer32 read-only
The protocol number of the local Endpoint's traffic.
                         ipSecEndPtLocalPort 1.3.6.1.3.171.1.3.3.1.7 integer32 read-only
The port number of the local Endpoint's traffic.
                         ipSecEndPtRemoteName 1.3.6.1.3.171.1.3.3.1.8 displaystring read-only
The DNS name of the remote Endpoint.
                         ipSecEndPtRemoteType 1.3.6.1.3.171.1.3.3.1.9 endpttype read-only
The type of identity for the remote Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet.
                         ipSecEndPtRemoteAddr1 1.3.6.1.3.171.1.3.3.1.10 ipsipaddress read-only
The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range.
                         ipSecEndPtRemoteAddr2 1.3.6.1.3.171.1.3.3.1.11 ipsipaddress read-only
The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range.
                         ipSecEndPtRemoteProtocol 1.3.6.1.3.171.1.3.3.1.12 integer32 read-only
The protocol number of the remote Endpoint's traffic.
                         ipSecEndPtRemotePort 1.3.6.1.3.171.1.3.3.1.13 integer32 read-only
The port number of the remote Endpoint's traffic.
                 ipSecSpiTable 1.3.6.1.3.171.1.3.4 no-access
The IPsec Phase-2 Security Protection Index Table. This table contains an entry for each active and expiring security association.
                     ipSecSpiEntry 1.3.6.1.3.171.1.3.4.1 no-access
Each entry contains the attributes associated with active and expiring IPsec Phase-2 security associations.
                         ipSecSpiIndex 1.3.6.1.3.171.1.3.4.1.1 integer32 no-access
The number of the SPI associated with the Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each SPI associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647.
                         ipSecSpiDirection 1.3.6.1.3.171.1.3.4.1.2 integer read-only
The direction of the SPI. Enumeration: 'in': 1, 'out': 2.
                         ipSecSpiValue 1.3.6.1.3.171.1.3.4.1.3 spi read-only
The value of the SPI.
                         ipSecSpiProtocol 1.3.6.1.3.171.1.3.4.1.4 integer read-only
The protocol of the SPI. Enumeration: 'ah': 1, 'ipcomp': 3, 'esp': 2.
                         ipSecSpiStatus 1.3.6.1.3.171.1.3.4.1.5 integer read-only
The status of the SPI. Enumeration: 'active': 1, 'expiring': 2.
                 ipSecGlobalNewGrpStats 1.3.6.1.3.171.1.3.5
                     ipSecGlobalInNewGrpReqs 1.3.6.1.3.171.1.3.5.1 counter32 read-only
The total number of New Group exchanges initiated remotely.
                     ipSecGlobalOutNewGrpReqs 1.3.6.1.3.171.1.3.5.2 counter32 read-only
The total number of New Group exchanges initiated locally.
                     ipSecGlobalInNewGrpReqsRejected 1.3.6.1.3.171.1.3.5.3 counter32 read-only
The total number of New Group exchanges initiated remotely that ended in a failure.
                     ipSecGlobalOutNewGrpReqsRejected 1.3.6.1.3.171.1.3.5.4 counter32 read-only
The total number of New Group exchanges initiated locally that ended in a failure.
                 ipSecSaTable 1.3.6.1.3.171.1.3.6 no-access
The IPsec Phase-2 Security Association Table. This table identifies the structure (in terms of component SAs) of each active Phase-2 IPsec tunnel. This table contains an entry for each active and expiring security association and maps each entry in the active Phase-2 tunnel table (ipSecTunTable) into a number of entries in this table. The index of this table reflects the rule for identifying Security Associations.
                     ipSecSaEntry 1.3.6.1.3.171.1.3.6.1 no-access
Each entry contains the attributes associated with active and expiring IPsec Phase-2 security associations.
                         ipSecSaIndex 1.3.6.1.3.171.1.3.6.1.1 integer32 no-access
The index, in the context of the IPsec tunnel ipSecTunIndex, of the security association represented by this table entry. The value of this index is a number which begins at one and is incremented with each SPI associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647.
                         ipSecSaDirection 1.3.6.1.3.171.1.3.6.1.2 integer read-only
Phase-2 IPsec security associations are simplex. Hence a particular security association is used either for securing outgoing traffic or decoding incoming traffic. This column identifies the direction of the security association represented by this entry. Enumeration: 'in': 1, 'out': 2.
                         ipSecSaValue 1.3.6.1.3.171.1.3.6.1.3 spi read-only
This is the value of the Security Protection Index (SPI) assigned by the system to the security association represented by this entry.
                         ipSecSaProtocol 1.3.6.1.3.171.1.3.6.1.4 integer read-only
This column represents the security protocol (AH, ESP or IPComp) for which this security association was setup. Enumeration: 'ah': 1, 'reserved': 0, 'ipcomp': 3, 'esp': 2.
                         ipSecSaStatus 1.3.6.1.3.171.1.3.6.1.5 integer read-only
This column represents the status of the security association represented by this tabel entry. If the status of the SA is 'active', the SA is ready for active use. The status 'expiring' represents any of the various states that the security association transitions through before being purged. Enumeration: 'active': 1, 'unknown': 0, 'expiring': 2.
             ipSecHistory 1.3.6.1.3.171.1.4
                 ipSecHistGlobal 1.3.6.1.3.171.1.4.1
                     ipSecHistGlobalCntl 1.3.6.1.3.171.1.4.1.1
                         ipSecHistTableSize 1.3.6.1.3.171.1.4.1.1.1 integer32 read-write
The window size of the IPsec Phase-1 and Phase-2 History Tables. The IPsec Phase-1 and Phase-2 History Tables are implemented as a sliding window in which only the last n entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-1 and Phase-2 History Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, a BAD VALUE may be returned.
                         ipSecHistCheckPoint 1.3.6.1.3.171.1.4.1.1.2 integer read-write
The current state of check point processing. This object will return ready when the agent is ready to create on-demand history entries for active IPsec Tunnels or checkPoint when the agent is currently creating on-demand history entries for active IPsec Tunnels. By setting this value to checkPoint, the agent will create: a) an entry in the IPsec Phase-1 Tunnel History for each active IPsec Phase-1 Tunnel and b) an entry in the IPsec Phase-2 Tunnel History Table and an entry in the IPsec Phase-2 Tunnel EndPoint History Table for each active IPsec Phase-2 Tunnel. Enumeration: 'ready': 1, 'checkPoint': 2.
                 ipSecHistPhaseOne 1.3.6.1.3.171.1.4.2
                     ikeTunnelHistTable 1.3.6.1.3.171.1.4.2.1 no-access
The IPsec Phase-1 Internet Key Exchange Tunnel History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ipSecHistTableSize object.
                         ikeTunnelHistEntry 1.3.6.1.3.171.1.4.2.1.1 no-access
Each entry contains the attributes associated with a previously active IPsec Phase-1 IKE Tunnel.
                             ikeTunHistIndex 1.3.6.1.3.171.1.4.2.1.1.1 integer32 no-access
The index of the IPsec Phase-1 IKE Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 2,147,483,647.
                             ikeTunHistTermReason 1.3.6.1.3.171.1.4.2.1.1.2 integer read-only
The reason the IPsec Phase-1 IKE Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = applicationInitiated (eg: L2TP requesting the termination) 7 = failure of extended authentication 8 = local failure occurred. 9 = operator initiated check point request Enumeration: 'applicationInitiated': 6, 'normal': 2, 'xauthFailure': 7, 'operRequest': 3, 'peerLost': 5, 'other': 1, 'peerDelRequest': 4, 'localFailure': 8, 'checkPointReg': 9.
                             ikeTunHistActiveIndex 1.3.6.1.3.171.1.4.2.1.1.3 integer32 read-only
The index of the previously active IPsec Phase-1 IKE Tunnel.
                             ikeTunHistPeerLocalType 1.3.6.1.3.171.1.4.2.1.1.4 phase1peeridentitytype read-only
The type of local peer identity. The local peer may be indentified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
                             ikeTunHistPeerLocalValue 1.3.6.1.3.171.1.4.2.1.1.5 displaystring read-only
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is id-fqdn, then this is the FQDN of the local entity. If the local peer type is a id-dn, then this is the distinguished named string of the local entity.
                             ikeTunHistPeerIntIndex 1.3.6.1.3.171.1.4.2.1.1.6 integer32 read-only
The internal index of the local-remote peer association. This internal index is used to uniquely identify multiple associations between the local and remote peer.
                             ikeTunHistPeerRemoteType 1.3.6.1.3.171.1.4.2.1.1.7 phase1peeridentitytype read-only
The type of remote peer identity. The remote peer may be indentified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
                             ikeTunHistPeerRemoteValue 1.3.6.1.3.171.1.4.2.1.1.8 displaystring read-only
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id-fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id-dn, then this is the distinguished named string of the remote peer.
                             ikeTunHistLocalAddr 1.3.6.1.3.171.1.4.2.1.1.9 ipsipaddress read-only
The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel.
                             ikeTunHistLocalName 1.3.6.1.3.171.1.4.2.1.1.10 displaystring read-only
The DNS name of the local IP address for the IPsec Phase-1 IKE Tunnel. If the DNS name associated with the local tunnel endpoint is not known, then the value of this object will be a NULL string.
                             ikeTunHistRemoteAddr 1.3.6.1.3.171.1.4.2.1.1.11 ipsipaddress read-only
The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel.
                             ikeTunHistRemoteName 1.3.6.1.3.171.1.4.2.1.1.12 displaystring read-only
The DNS name of the remote IP address of IPsec Phase-1 IKE Tunnel. If the DNS name associated with the remote tunnel endpoint is not known, then the value of this object will be a NULL string.
                             ikeTunHistNegoMode 1.3.6.1.3.171.1.4.2.1.1.13 ikenegomode read-only
The negotiation mode of the IPsec Phase-1 IKE Tunnel.
                             ikeTunHistDiffHellmanGrp 1.3.6.1.3.171.1.4.2.1.1.14 diffhellmangrp read-only
The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations.
                             ikeTunHistEncryptAlgo 1.3.6.1.3.171.1.4.2.1.1.15 encryptalgo read-only
The encryption algorithm used in IPsec Phase-1 IKE negotiations.
                             ikeTunHistHashAlgo 1.3.6.1.3.171.1.4.2.1.1.16 ikehashalgo read-only
The hash algorithm used in IPsec Phase-1 IKE negotiations.
                             ikeTunHistAuthMethod 1.3.6.1.3.171.1.4.2.1.1.17 ikeauthmethod read-only
The authentication method used in IPsec Phase-1 IKE negotiations.
                             ikeTunHistLifeTime 1.3.6.1.3.171.1.4.2.1.1.18 integer32 read-only
The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds.
                             ikeTunHistStartTime 1.3.6.1.3.171.1.4.2.1.1.19 timestamp read-only
The value of sysUpTime in hundredths of seconds when the IPsec Phase-1 IKE tunnel was started.
                             ikeTunHistActiveTime 1.3.6.1.3.171.1.4.2.1.1.20 timeinterval read-only
The length of time the IPsec Phase-1 IKE tunnel was been active in hundredths of seconds.
                             ikeTunHistTotalRefreshes 1.3.6.1.3.171.1.4.2.1.1.21 counter32 read-only
The total number of security associations refreshes performed.
                             ikeTunHistTotalSas 1.3.6.1.3.171.1.4.2.1.1.22 counter32 read-only
The total number of security associations used during the life of the IPsec Phase-1 IKE Tunnel.
                             ikeTunHistInOctets 1.3.6.1.3.171.1.4.2.1.1.23 counter32 read-only
The total number of octets received by this IPsec Phase-1 IKE Tunnel.
                             ikeTunHistInPkts 1.3.6.1.3.171.1.4.2.1.1.24 counter32 read-only
The total number of packets received by this IPsec Phase-1 IKE Tunnel.
                             ikeTunHistInDropPkts 1.3.6.1.3.171.1.4.2.1.1.25 counter32 read-only
The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during receive processing.
                             ikeTunHistInNotifys 1.3.6.1.3.171.1.4.2.1.1.26 counter32 read-only
The total number of notifys received by this IPsec Phase-1 IKE Tunnel.
                             ikeTunHistInP2Exchgs 1.3.6.1.3.171.1.4.2.1.1.27 counter32 read-only
The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel.
                             ikeTunHistInP2ExchgInvalids 1.3.6.1.3.171.1.4.2.1.1.28 counter32 read-only
The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters.
                             ikeTunHistInP2ExchgRejects 1.3.6.1.3.171.1.4.2.1.1.29 counter32 read-only
The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy.
                             ikeTunHistInP2SaDelRequests 1.3.6.1.3.171.1.4.2.1.1.30 counter32 read-only
The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel.
                             ikeTunHistOutOctets 1.3.6.1.3.171.1.4.2.1.1.31 counter32 read-only
The total number of octets sent by this IPsec Phase-1 IKE Tunnel.
                             ikeTunHistOutPkts 1.3.6.1.3.171.1.4.2.1.1.32 counter32 read-only
The total number of packets sent by this IPsec Phase-1 IKE Tunnel.
                             ikeTunHistOutDropPkts 1.3.6.1.3.171.1.4.2.1.1.33 counter32 read-only
The total number of packets dropped by this IPsec Phase-1 IKE Tunnel during send processing.
                             ikeTunHistOutNotifys 1.3.6.1.3.171.1.4.2.1.1.34 counter32 read-only
The total number of notifys sent by this IPsec Phase-1 IKE Tunnel.
                             ikeTunHistOutP2Exchgs 1.3.6.1.3.171.1.4.2.1.1.35 counter32 read-only
The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel.
                             ikeTunHistOutP2ExchgInvalids 1.3.6.1.3.171.1.4.2.1.1.36 counter32 read-only
The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer.
                             ikeTunHistOutP2ExchgRejects 1.3.6.1.3.171.1.4.2.1.1.37 counter32 read-only
The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy.
                             ikeTunHistOutP2SaDelRequests 1.3.6.1.3.171.1.4.2.1.1.38 counter32 read-only
The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel.
                             ikeTunHistInNewGrpReqs 1.3.6.1.3.171.1.4.2.1.1.39 counter32 read-only
The total number of New Group exchanges initiated remotely using this IKE tunnel during its lifetime.
                             ikeTunHistOutNewGrpReqs 1.3.6.1.3.171.1.4.2.1.1.40 counter32 read-only
The total number of New Group exchanges initiated locally using this IKE tunnel during its lifetime.
                             ikeTunHistInNewGrpReqsRejected 1.3.6.1.3.171.1.4.2.1.1.41 counter32 read-only
The total number of New Group exchanges initiated remotely using this IKE tunnel during its lifetime that ended in a failure.
                             ikeTunHistOutNewGrpReqsRejected 1.3.6.1.3.171.1.4.2.1.1.42 counter32 read-only
The total number of New Group exchanges initiated locally using this IKE tunnel during its lifetime that ended in a failure.
                             ikeTunHistInConfigs 1.3.6.1.3.171.1.4.2.1.1.43 counter32 read-only
The total number of Mode Configuration settings received (either CFG-REPLY or CFG-SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel.
                             ikeTunHistOutConfigs 1.3.6.1.3.171.1.4.2.1.1.44 counter32 read-only
The total number of Mode Configuration settings dispatched (either CFG-REPLY or CFG-SET payloads) by the local entity on the ISAKMP SA represented by this IKE tunnel.
                             ikeTunHistInConfigsRejects 1.3.6.1.3.171.1.4.2.1.1.45 counter32 read-only
The total number of Mode Configuration settings which were received (either CFG-REPLY or CFG-SET payloads) and rejected by this entity using the ISAKMP SA represented by this IKE tunnel.
                             ikeTunHistOutConfigsRejects 1.3.6.1.3.171.1.4.2.1.1.46 counter32 read-only
The total number of Mode Configuration settings which were dispatched (either CFG-REPLY or CFG-SET payloads) by this entity and were rejected by the peer (client) using the ISAKMP SA represented by this IKE tunnel.
                             ikeTunHistEncryptKeySize 1.3.6.1.3.171.1.4.2.1.1.47 integer32 read-only
The size in bits of the key which was negotiated for the IKE tunnel to be used with the algorithm denote by the column 'ikeTunEncryptAlgo'. For DES and 3DES the ke size is respectively 56 and 168. For AES, this will denot the negotiated key size.
                 ipSecHistPhaseTwo 1.3.6.1.3.171.1.4.3
                     ipSecTunnelHistTable 1.3.6.1.3.171.1.4.3.1 no-access
The IPsec Phase-2 Tunnel History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ipSecHistTableSize object.
                         ipSecTunnelHistEntry 1.3.6.1.3.171.1.4.3.1.1 no-access
Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel.
                             ipSecTunHistIndex 1.3.6.1.3.171.1.4.3.1.1.1 integer32 no-access
The index of the IPsec Phase-2 Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 2,147,483,647.
                             ipSecTunHistTermReason 1.3.6.1.3.171.1.4.3.1.1.2 integer read-only
The reason the IPsec Phase-2 Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = applicationInitiated (eg: L2TP requesting the termination) 7 = failure of extended authentication 8 = local failure occurred 9 = operator initiated check point request Enumeration: 'applicationInitiated': 6, 'normal': 2, 'xauthFailure': 7, 'operRequest': 3, 'peerLost': 5, 'checkPointReq': 9, 'other': 1, 'peerDelRequest': 4, 'seqNumRollOver': 8.
                             ipSecTunHistActiveIndex 1.3.6.1.3.171.1.4.3.1.1.3 integer32 read-only
The index of the previously active IPsec Phase-2 Tunnel.
                             ipSecTunHistIkeTunnelIndex 1.3.6.1.3.171.1.4.3.1.1.4 integer32 read-only
The index of the associated IPsec Phase-1 Tunnel (ikeTunIndex in the ikeTunnelTable).
                             ipSecTunHistLocalAddr 1.3.6.1.3.171.1.4.3.1.1.5 ipsipaddress read-only
The IP address of the local endpoint for the IPsec Phase-2 Tunnel.
                             ipSecTunHistRemoteAddr 1.3.6.1.3.171.1.4.3.1.1.6 ipsipaddress read-only
The IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
                             ipSecTunHistKeyType 1.3.6.1.3.171.1.4.3.1.1.7 keytype read-only
The type of key used by the IPsec Phase-2 Tunnel.
                             ipSecTunHistEncapMode 1.3.6.1.3.171.1.4.3.1.1.8 encapmode read-only
The encapsulation mode used by the IPsec Phase-2 Tunnel.
                             ipSecTunHistLifeSize 1.3.6.1.3.171.1.4.3.1.1.9 integer32 read-only
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes.
                             ipSecTunHistLifeTime 1.3.6.1.3.171.1.4.3.1.1.10 integer32 read-only
The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds.
                             ipSecTunHistStartTime 1.3.6.1.3.171.1.4.3.1.1.11 timestamp read-only
The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started.
                             ipSecTunHistActiveTime 1.3.6.1.3.171.1.4.3.1.1.12 timeinterval read-only
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
                             ipSecTunHistTotalRefreshes 1.3.6.1.3.171.1.4.3.1.1.13 counter32 read-only
The total number of security association refreshes performed.
                             ipSecTunHistTotalSas 1.3.6.1.3.171.1.4.3.1.1.14 counter32 read-only
The total number of security associations used during the life of the IPsec Phase-2 Tunnel.
                             ipSecTunHistInSaDiffHellmanGrp 1.3.6.1.3.171.1.4.3.1.1.15 diffhellmangrp read-only
The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel.
                             ipSecTunHistInSaEncryptAlgo 1.3.6.1.3.171.1.4.3.1.1.16 encryptalgo read-only
The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                             ipSecTunHistInSaAhAuthAlgo 1.3.6.1.3.171.1.4.3.1.1.17 authalgo read-only
The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
                             ipSecTunHistInSaEspAuthAlgo 1.3.6.1.3.171.1.4.3.1.1.18 authalgo read-only
The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
                             ipSecTunHistInSaDecompAlgo 1.3.6.1.3.171.1.4.3.1.1.19 compalgo read-only
The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                             ipSecTunHistOutSaDiffHellmanGrp 1.3.6.1.3.171.1.4.3.1.1.20 diffhellmangrp read-only
The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel.
                             ipSecTunHistOutSaEncryptAlgo 1.3.6.1.3.171.1.4.3.1.1.21 encryptalgo read-only
The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel.
                             ipSecTunHistOutSaAhAuthAlgo 1.3.6.1.3.171.1.4.3.1.1.22 authalgo read-only
The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
                             ipSecTunHistOutSaEspAuthAlgo 1.3.6.1.3.171.1.4.3.1.1.23 authalgo read-only
The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
                             ipSecTunHistOutSaCompAlgo 1.3.6.1.3.171.1.4.3.1.1.24 compalgo read-only
The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                             ipSecTunHistPmtu 1.3.6.1.3.171.1.4.3.1.1.25 integer32 read-only
The Path MTU that was determined for this IPsec Phase-2 tunnel.
                             ipSecTunHistInOctets 1.3.6.1.3.171.1.4.3.1.1.26 counter32 read-only
The total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed. See also ipSecTunInOctWraps for the number of times this counter has wrapped.
                             ipSecTunHistHcInOctets 1.3.6.1.3.171.1.4.3.1.1.27 counter64 read-only
A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
                             ipSecTunHistInOctWraps 1.3.6.1.3.171.1.4.3.1.1.28 counter32 read-only
The number of times the octets received counter (ipSecTunInOctets) has wrapped.
                             ipSecTunHistInDecompOctets 1.3.6.1.3.171.1.4.3.1.1.29 counter32 read-only
The total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecTunInOctets. See also ipSecTunInDecompOctWraps for the number of times this counter has wrapped.
                             ipSecTunHistHcInDecompOctets 1.3.6.1.3.171.1.4.3.1.1.30 counter64 read-only
A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ipSecTunHcInOctets.
                             ipSecTunHistInDecompOctWraps 1.3.6.1.3.171.1.4.3.1.1.31 counter32 read-only
The number of times the decompressed octets received counter (ipSecTunInDecompOctets) has wrapped.
                             ipSecTunHistInPkts 1.3.6.1.3.171.1.4.3.1.1.32 counter32 read-only
The total number of packets received by this IPsec Phase-2 Tunnel.
                             ipSecTunHistInDropPkts 1.3.6.1.3.171.1.4.3.1.1.33 counter32 read-only
The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing.
                             ipSecTunHistInReplayDropPkts 1.3.6.1.3.171.1.4.3.1.1.34 counter32 read-only
The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel.
                             ipSecTunHistInAuths 1.3.6.1.3.171.1.4.3.1.1.35 counter32 read-only
The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel.
                             ipSecTunHistInAuthFails 1.3.6.1.3.171.1.4.3.1.1.36 counter32 read-only
The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel .
                             ipSecTunHistInDecrypts 1.3.6.1.3.171.1.4.3.1.1.37 counter32 read-only
The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel.
                             ipSecTunHistInDecryptFails 1.3.6.1.3.171.1.4.3.1.1.38 counter32 read-only
The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel.
                             ipSecTunHistOutOctets 1.3.6.1.3.171.1.4.3.1.1.39 counter32 read-only
The total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed. See also ipSecTunOutOctWraps for the number of times this counter has wrapped.
                             ipSecTunHistHcOutOctets 1.3.6.1.3.171.1.4.3.1.1.40 counter64 read-only
A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed.
                             ipSecTunHistOutOctWraps 1.3.6.1.3.171.1.4.3.1.1.41 counter32 read-only
The number of times the octets sent counter (ipSecTunOutOctets) has wrapped.
                             ipSecTunHistOutUncompOctets 1.3.6.1.3.171.1.4.3.1.1.42 counter32 read-only
The total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecTunOutOctets. See also ipSecTunOutDecompOctWraps for the number of times this counter has wrapped.
                             ipSecTunHistHcOutUncompOctets 1.3.6.1.3.171.1.4.3.1.1.43 counter64 read-only
A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ipSecTunHcOutOctets.
                             ipSecTunHistOutUncompOctWraps 1.3.6.1.3.171.1.4.3.1.1.44 counter32 read-only
The number of times the uncompressed octets sent counter (ipSecTunOutUncompOctets) has wrapped.
                             ipSecTunHistOutPkts 1.3.6.1.3.171.1.4.3.1.1.45 counter32 read-only
The total number of packets sent by this IPsec Phase-2 Tunnel.
                             ipSecTunHistOutDropPkts 1.3.6.1.3.171.1.4.3.1.1.46 counter32 read-only
The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel.
                             ipSecTunHistOutAuths 1.3.6.1.3.171.1.4.3.1.1.47 counter32 read-only
The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel.
                             ipSecTunHistOutAuthFails 1.3.6.1.3.171.1.4.3.1.1.48 counter32 read-only
The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel.
                             ipSecTunHistOutEncrypts 1.3.6.1.3.171.1.4.3.1.1.49 counter32 read-only
The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel.
                             ipSecTunHistOutEncryptFails 1.3.6.1.3.171.1.4.3.1.1.50 counter32 read-only
The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel.
                             ipSecTunHistOutCompressedPkts 1.3.6.1.3.171.1.4.3.1.1.51 counter32 read-only
The total number of outbound packets which were successfully compressed.
                             ipSecTunHistOutCompSkippedPkts 1.3.6.1.3.171.1.4.3.1.1.52 counter32 read-only
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis.
                             ipSecTunHistOutCompFailPkts 1.3.6.1.3.171.1.4.3.1.1.53 counter32 read-only
The total number of outbound packets that failed compression because they grew in size after compression.
                             ipSecTunHistOutCompTooSmallPkts 1.3.6.1.3.171.1.4.3.1.1.54 counter32 read-only
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size.
                             ipSecTunHistControlProtocol 1.3.6.1.3.171.1.4.3.1.1.55 controlprotocol read-only
Identifies the protocol that was used to setup and administer Phase-2 IPsec tunnel. If IKE was used to setup this tunnel, then this value of this column would be `cp-ike'.
                             ipSecTunHistControlTunnelIndex 1.3.6.1.3.171.1.4.3.1.1.56 integer32 read-only
The index of the IPsec Phase-1 Tunnel that spawned this Phase-2 tunnel (in case of IKE, this value would refer t ikeTunIndex in the ikeTunnelTable)
                             ipSecTunHistInSaEncryptKeySize 1.3.6.1.3.171.1.4.3.1.1.57 integer32 read-only
The size in bits of the key which was negotiated to be use with the encryption transform used with this tunnel denote by ipSecTunHistInSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
                             ipSecTunHistOutSaEncryptKeySize 1.3.6.1.3.171.1.4.3.1.1.58 integer32 read-only
The size in bits of the key which was negotiated to be use with the encryption transform used with this tunnel denote by ipSecTunHistOutSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
                     ipSecEndPtHistTable 1.3.6.1.3.171.1.4.3.2 no-access
The IPsec Phase-2 Tunnel Endpoint History Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ipSecHistTableSize object.
                         ipSecEndPtHistEntry 1.3.6.1.3.171.1.4.3.2.1 no-access
Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel Endpoint.
                             ipSecEndPtHistIndex 1.3.6.1.3.171.1.4.3.2.1.1 integer32 no-access
The number of the previously active Endpoint associated with a IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 2,147,483,647.
                             ipSecEndPtHistTunIndex 1.3.6.1.3.171.1.4.3.2.1.2 integer32 read-only
The index of the previously active IPsec Phase-2 Tunnel Table.
                             ipSecEndPtHistActiveIndex 1.3.6.1.3.171.1.4.3.2.1.3 integer32 read-only
The index of the previously active Endpoint.
                             ipSecEndPtHistLocalName 1.3.6.1.3.171.1.4.3.2.1.4 displaystring read-only
The DNS name of the local Endpoint.
                             ipSecEndPtHistLocalType 1.3.6.1.3.171.1.4.3.2.1.5 endpttype read-only
The type of identity for the local Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet.
                             ipSecEndPtHistLocalAddr1 1.3.6.1.3.171.1.4.3.2.1.6 ipsipaddress read-only
The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range.
                             ipSecEndPtHistLocalAddr2 1.3.6.1.3.171.1.4.3.2.1.7 ipsipaddress read-only
The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range.
                             ipSecEndPtHistLocalProtocol 1.3.6.1.3.171.1.4.3.2.1.8 integer32 read-only
The protocol number of the local Endpoint's traffic.
                             ipSecEndPtHistLocalPort 1.3.6.1.3.171.1.4.3.2.1.9 integer32 read-only
The port number of the local Endpoint's traffic.
                             ipSecEndPtHistRemoteName 1.3.6.1.3.171.1.4.3.2.1.10 displaystring read-only
The DNS name of the remote Endpoint.
                             ipSecEndPtHistRemoteType 1.3.6.1.3.171.1.4.3.2.1.11 endpttype read-only
The type of identity for the remote Endpoint. Possible values are: 1) a single IP address, or 2) an IP address range, or 3) an IP subnet.
                             ipSecEndPtHistRemoteAddr1 1.3.6.1.3.171.1.4.3.2.1.12 ipsipaddress read-only
The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range.
                             ipSecEndPtHistRemoteAddr2 1.3.6.1.3.171.1.4.3.2.1.13 ipsipaddress read-only
The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range.
                             ipSecEndPtHistRemoteProtocol 1.3.6.1.3.171.1.4.3.2.1.14 integer32 read-only
The protocol number of the remote Endpoint's traffic.
                             ipSecEndPtHistRemotePort 1.3.6.1.3.171.1.4.3.2.1.15 integer32 read-only
The port number of the remote Endpoint's traffic.
             ipSecFailures 1.3.6.1.3.171.1.5
                 ipSecFailGlobal 1.3.6.1.3.171.1.5.1
                     ipSecFailGlobalCntl 1.3.6.1.3.171.1.5.1.1
                         ipSecFailTableSize 1.3.6.1.3.171.1.5.1.1.1 integer32 read-write
The window size of the IPsec Phase-1 and Phase-2 Failure Tables. The IPsec Phase-1 and Phase-2 Failure Tables are implemented as a sliding window in which only the last N entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-1 and Phase-2 Failure Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, a BAD VALUE may be returned.
                 ipSecFailPhaseOne 1.3.6.1.3.171.1.5.2
                     ikeFailTable 1.3.6.1.3.171.1.5.2.1 no-access
The IPsec Phase-1 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ipSecFailTableSize object.
                         ikeFailEntry 1.3.6.1.3.171.1.5.2.1.1 no-access
Each entry contains the attributes associated with an IPsec Phase-1 failure.
                             ikeFailIndex 1.3.6.1.3.171.1.5.2.1.1.1 integer32 no-access
The IPsec Phase-1 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 2,147,483,647.
                             ikeFailReason 1.3.6.1.3.171.1.5.2.1.1.2 integer read-only
The reason for the failure. Possible reasons include: 1 = other 2 = peer delete request was received 3 = contact with peer was lost 4 = local failure occurred 5 = authentication failure 6 = hash validation failure 7 = encryption failure 8 = internal error occurred 9 = system capacity failure 10 = proposal failure 11 = peer's certificate is unavailable 12 = peer's certificate was found invalid 13 = local certificate expired 14 = certificate revoke list (crl) failure 15 = peer encoding error 16 = ISAKMP PDU has pointer to non-existent cookie 17 = operator requested termination. Enumeration: 'sysCapExceeded': 9, 'encryptFailure': 7, 'peerCertNotValid': 12, 'authFailure': 5, 'xauthFailure': 17, 'internalError': 8, 'proposalFailure': 10, 'operRequest': 18, 'peerLost': 3, 'crlFailure': 14, 'other': 1, 'peerDelRequest': 2, 'localFailure': 4, 'peerEncodingError': 15, 'nonExistentSa': 16, 'peerCertUnavailable': 11, 'localCertExpired': 13, 'hashValidation': 6.
                             ikeFailTime 1.3.6.1.3.171.1.5.2.1.1.3 timestamp read-only
The value of sysUpTime in hundredths of seconds at the time of the failure.
                             ikeFailLocalType 1.3.6.1.3.171.1.5.2.1.1.4 phase1peeridentitytype read-only
The type of local peer identity. The local peer may be indentified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
                             ikeFailLocalValue 1.3.6.1.3.171.1.5.2.1.1.5 displaystring read-only
The value of the local peer identity. If the local peer type is an IP Address, then this is the IP Address used to identify the local peer. If the local peer type is id-fqdn, then this is the FQDN of the local entity. If the local peer type is a id-dn, then this is the distinguished named string of the local entity.
                             ikeFailRemoteType 1.3.6.1.3.171.1.5.2.1.1.6 phase1peeridentitytype read-only
The type of remote peer identity. The remote peer may be identified by: 1. an IP address, or 2. or a fully qualified domain name. 3. or a distinguished name.
                             ikeFailRemoteValue 1.3.6.1.3.171.1.5.2.1.1.7 displaystring read-only
The value of the remote peer identity. If the remote peer type is an IP Address, then this is the IP Address used to identify the remote peer. If the remote peer type is id-fqdn, then this is the FQDN of the remote peer. If the remote peer type is a id-dn, then this is the distinguished named string of the remote peer.
                             ikeFailLocalAddr 1.3.6.1.3.171.1.5.2.1.1.8 ipsipaddress read-only
The IP address of the local peer.
                             ikeFailRemoteAddr 1.3.6.1.3.171.1.5.2.1.1.9 ipsipaddress read-only
The IP address of the remote peer.
                 ipSecFailPhaseTwo 1.3.6.1.3.171.1.5.3
                     ipSecFailTable 1.3.6.1.3.171.1.5.3.1 no-access
The IPsec Phase-2 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ipSecFailTableSize object.
                         ipSecFailEntry 1.3.6.1.3.171.1.5.3.1.1 no-access
Each entry contains the attributes associated with an IPsec Phase-1 failure.
                             ipSecFailIndex 1.3.6.1.3.171.1.5.3.1.1.1 integer32 no-access
The IPsec Phase-2 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 2,147,483,647.
                             ipSecFailReason 1.3.6.1.3.171.1.5.3.1.1.2 integer read-only
The reason for the failure. Possible reasons include: 1 = other 2 = internal error occurred 3 = peer encoding error 4 = proposal failure 5 = protocol use failure 6 = non-existent security association 7 = decryption failure 8 = encryption failure 9 = inbound authentication failure 10 = outbound authentication failure 11 = compression failure 12 = system capacity failure 13 = peer delete request was received 14 = contact with peer was lost 15 = sequence number rolled over 16 = operator requested termination. Enumeration: 'sysCapExceeded': 12, 'encryptFailure': 8, 'inAuthFailure': 9, 'protocolUseFail': 5, 'decryptFailure': 7, 'internalError': 2, 'proposalFailure': 4, 'operRequest': 16, 'peerLost': 14, 'other': 1, 'peerDelRequest': 13, 'peerEncodingError': 3, 'nonExistentSa': 6, 'seqNumRollOver': 15, 'outAuthFailure': 10, 'compression': 11.
                             ipSecFailTime 1.3.6.1.3.171.1.5.3.1.1.3 timestamp read-only
The value of sysUpTime in hundredths of seconds at the time of the failure.
                             ipSecFailTunnelIndex 1.3.6.1.3.171.1.5.3.1.1.4 integer32 read-only
The Phase-2 Tunnel index (ipSecTunIndex).
                             ipSecFailSaSpi 1.3.6.1.3.171.1.5.3.1.1.5 integer32 read-only
The security association SPI value.
                             ipSecFailPktSrcAddr 1.3.6.1.3.171.1.5.3.1.1.6 ipsipaddress read-only
The packet's source IP address.
                             ipSecFailPktDstAddr 1.3.6.1.3.171.1.5.3.1.1.7 ipsipaddress read-only
The packet's destination IP address.
             ipSecTrapCntl 1.3.6.1.3.171.1.6
                 ipSecTrapCntlIkeTunnelStart 1.3.6.1.3.171.1.6.1 trapstatus read-write
This object defines the administrative state of sending the IPsec IKE Phase-1 Tunnel Start TRAP
                 ipSecTrapCntlIkeTunnelStop 1.3.6.1.3.171.1.6.2 trapstatus read-write
This object defines the administrative state of sending the IPsec IKE Phase-1 Tunnel Stop TRAP
                 ipSecTrapCntlIkeSysFailure 1.3.6.1.3.171.1.6.3 trapstatus read-write
This object defines the administrative state of sending the IPsec IKE Phase-1 System Failure TRAP
                 ipSecTrapCntlIkeCertCrlFailure 1.3.6.1.3.171.1.6.4 trapstatus read-write
This object defines the administrative state of sending the IPsec IKE Phase-1 Certificate/CRL Failure TRAP
                 ipSecTrapCntlIkeProtocolFail 1.3.6.1.3.171.1.6.5 trapstatus read-write
This object defines the administrative state of sending the IPsec IKE Phase-1 Protocol Failure TRAP
                 ipSecTrapCntlIkeNoSa 1.3.6.1.3.171.1.6.6 trapstatus read-write
This object defines the administrative state of sending the IPsec IKE Phase-1 No Security Association TRAP.
                 ipSecTrapCntlIpSecTunnelStart 1.3.6.1.3.171.1.6.7 trapstatus read-write
This object defines the administrative state of sending the IPsec Phase-2 Tunnel Start TRAP
                 ipSecTrapCntlIpSecTunnelStop 1.3.6.1.3.171.1.6.8 trapstatus read-write
This object defines the administrative state of sending the IPsec Phase-2 Tunnel Stop TRAP
                 ipSecTrapCntlIpSecSysFailure 1.3.6.1.3.171.1.6.9 trapstatus read-write
This object defines the administrative state of sending the IPsec Phase-2 System Failure TRAP
                 ipSecTrapCntlIpSecSetUpFailure 1.3.6.1.3.171.1.6.10 trapstatus read-write
This object defines the administrative state of sending the IPsec Phase-2 Set Up Failure TRAP
                 ipSecTrapCntlIpSecEarlyTunTerm 1.3.6.1.3.171.1.6.11 trapstatus read-write
This object defines the administrative state of sending the IPsec Phase-2 Early Tunnel Termination TRAP
                 ipSecTrapCntlIpSecProtocolFail 1.3.6.1.3.171.1.6.12 trapstatus read-write
This object defines the administrative state of sending the IPsec Phase-2 Protocol Failure TRAP
                 ipSecTrapCntlIpSecNoSa 1.3.6.1.3.171.1.6.13 trapstatus read-write
This object defines the administrative state of sending the IPsec Phase-2 No Security Association TRAP
                 ipSecTrapCntlInNewGrpRejected 1.3.6.1.3.171.1.6.14 trapstatus read-write
This object defines the administrative state of sending the IPsec Phase-2 No Security Association TRAP
                 ipSecTrapCntlOutNewGrpRejected 1.3.6.1.3.171.1.6.15 trapstatus read-write
This object defines the administrative state of sending the IPsec Phase-2 No Security Association TRAP
         ipSecMIBNotificationPrefix 1.3.6.1.3.171.2
             ipSecMIBNotifications 1.3.6.1.3.171.2.0
                 ikeTunnelStart 1.3.6.1.3.171.2.0.1
This notification is generated when an IPsec Phase-1 IKE Tunnel becomes active.
                 ikeTunnelStop 1.3.6.1.3.171.2.0.2
This notification is generated when an IPsec Phase-1 IKE Tunnel becomes inactive.
                 ikeSysFailure 1.3.6.1.3.171.2.0.3
This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences an internal or system capacity error.
                 ikeCertCrlFailure 1.3.6.1.3.171.2.0.4
This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences a Certificate or a Certificate Revoke List (CRL) related error.
                 ikeProtocolFailure 1.3.6.1.3.171.2.0.5
This notification is generated when the processing for an IPsec Phase-1 IKE Tunnel experiences a protocol related error.
                 ikeNoSa 1.3.6.1.3.171.2.0.6
This notification is generated when the IKE entity recieves an ISAKMP PDU with a reference to a non-existent cookie.
                 ipSecTunnelStart 1.3.6.1.3.171.2.0.7
This notification is generated when an IPsec Phase-2 Tunnel becomes active.
                 ipSecTunnelStop 1.3.6.1.3.171.2.0.8
This notification is generated when an IPsec Phase-2 Tunnel becomes inactive.
                 ipSecSysFailure 1.3.6.1.3.171.2.0.9
This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences an internal or system capacity error.
                 ipSecSetUpFailure 1.3.6.1.3.171.2.0.10
This notification is generated when the setup for an IPsec Phase-2 Tunnel fails.
                 ipSecEarlyTunTerm 1.3.6.1.3.171.2.0.11
This notification is generated when an an IPsec Phase-2 Tunnel is terminated earily or before expected.
                 ipSecProtocolFailure 1.3.6.1.3.171.2.0.12
This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences a protocol related error.
                 ipSecNoSa 1.3.6.1.3.171.2.0.13
This notification is generated when the managed entity receives an IPsec packet with a non-existent SPI.
                 ipSecInNewGrpRejected 1.3.6.1.3.171.2.0.14
This notification is generated when the managed entity receives and rejects an incoming new group proposal from an IKE peer (ikePeerRemoteAddr). The ISAKMP context of the exchange can be obtained from the IKE tunnel index which is contained in the index of the varbind objects of this trap.
                 ipSecOutNewGrpRejected 1.3.6.1.3.171.2.0.15
This notification is generated when the managed entity issues a new group proposal to the peer (ikePeerRemoteAddr) and the peer rejects the proposal. The ISAKMP context of the exchange can be obtained from the IKE tunnel index which is contained in the index of the varbind objects of this trap.
         ipSecMIBConformance 1.3.6.1.3.171.3
             ipSecMIBGroups 1.3.6.1.3.171.3.1
                 ipSecLevelsGroup 1.3.6.1.3.171.3.1.1
This group consists of a: 1) IPsec MIB Level
                 ipSecIkeGroup 1.3.6.1.3.171.3.1.2
This group consists of: 1) IKE Global Objects 2) IKE Tunnel table.
                 ipSecPeerAssociationGroup 1.3.6.1.3.171.3.1.3
This group consists of: 1) IPsec Phase-1 Peer Association table. 2) IPsec Phase-1 Correlation Table
                 ipSecXauthGroup 1.3.6.1.3.171.3.1.4
This group consists of metrics pertaining to IKE extended authentication. Devices that do not support Xauth need not implement this group.
                 ipSecPhaseTwoGroup 1.3.6.1.3.171.3.1.5
This group consists of: 1) IPsec Phase-2 Global Statistics 2) IPsec Phase-2 Tunnel Table 3) IPsec Phase-2 Endpoint Table 4) IPsec Phase-2 Security Protection Index Table
                 ipSecHistoryGroup 1.3.6.1.3.171.3.1.6
This group consists of: 1) IPsec History Global Objects 2) IPsec Phase-1 History Objects 3) IPsec Phase-2 History Objects
                 ipSecFailuresGroup 1.3.6.1.3.171.3.1.7
This group consists of: 1) IPsec Failure Global Objects 2) IPsec Phase-1 Tunnel Failure Table 3) IPsec Phase-2 Tunnel Failure Table
                 ipSecTrapCntlGroup 1.3.6.1.3.171.3.1.8
This group of objects controls the sending of IPsec TRAPs.
                 ipSecNotificationGroup 1.3.6.1.3.171.3.1.9
This group contains the notifications for the IPsec MIB.
                 ipSecModeConfigGroup 1.3.6.1.3.171.3.1.10
This group consists of: 1) Global metrics about IKE Mode Configuration activity 2) Phase-1 IKE Tunnel-wise Mode Configuration metrics 3) Historical IKE Mode Configuration metrics on a per expired tunnel basis.
                 ipSecNewGrpGroup 1.3.6.1.3.171.3.1.11
This group consists of: 1) Global metrics about new group negotiations 2) Phase-1 IKE Tunnel-wise new group metrics 3) Historical new group metrics on a per tunnel basis. 4) Notifications pertaining to new grp failures.
                 deprecatedObjectGroup 1.3.6.1.3.171.3.1.12
A collection of objects that have bee deprecated.
             ipSecMIBCompliances 1.3.6.1.3.171.3.2
                 ipSecMIBCompliance 1.3.6.1.3.171.3.2.1
The compliance statement for SNMP entities the IP Security Protocol.