IPSEC-SA-MON-MIB: View SNMP OID List / Download MIB
VENDOR: INTERNET-STANDARD
| Home | MIB: IPSEC-SA-MON-MIB | |||
|---|---|---|---|---|
| Download as: |
Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
|
|||
| Object Name | OID | Type | Access | Info |
| ipsecSaMonModule | 1.3.6.1.3.98 |
The MIB module to describe generic IPsec objects, and entity level objects and events for those types. |
||
| ipsecSaMonitorMIB | 1.3.6.1.3.98.1 |
This is the base object identifier for all IPsec branches. |
||
| saTables | 1.3.6.1.3.98.1.1 |
This is the base object identifier for all SA tables. |
||
| ipsecSaEspInTable | 1.3.6.1.3.98.1.1.1 | no-access |
The (conceptual) table containing information on IPsec inbound ESP SAs. There should be one row for every inbound ESP security association that exists in the entity. The maximum number of rows is implementation dependent. |
|
| 1.3.6.1.3.98.1.1.1.1 | no-access |
An entry (conceptual row) containing the information on a particular IPsec inbound ESP SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table. |
||
| ipsecSaEspInAddress | 1.3.6.1.3.98.1.1.1.1.1 | ipsecipv6address | read-only |
The destination address of the SA. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'. |
| ipsecSaEspInSpi | 1.3.6.1.3.98.1.1.1.1.2 | unsigned32 | read-only |
The security parameters index of the SA. |
| ipsecSaEspInDestId | 1.3.6.1.3.98.1.1.1.1.3 | ipsecrawid | read-only |
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during SA creation negotiation. |
| ipsecSaEspInDestIdType | 1.3.6.1.3.98.1.1.1.1.4 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaEspInDestId'. It may be 0 if unknown or if the SA uses transport mode encapsulation. |
| ipsecSaEspInSourceId | 1.3.6.1.3.98.1.1.1.1.5 | ipsecrawid | read-only |
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during SA creation negotiation. |
| ipsecSaEspInSourceIdType | 1.3.6.1.3.98.1.1.1.1.6 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaEspInSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation. |
| ipsecSaEspInProtocol | 1.3.6.1.3.98.1.1.1.1.7 | integer32 | read-only |
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol. |
| ipsecSaEspInDestPort | 1.3.6.1.3.98.1.1.1.1.8 | integer32 | read-only |
The destination port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaEspInSourcePort | 1.3.6.1.3.98.1.1.1.1.9 | integer32 | read-only |
The source port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaEspInCreator | 1.3.6.1.3.98.1.1.1.1.10 | ipsecsacreatorident | read-only |
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method. |
| ipsecSaEspInEncapsulation | 1.3.6.1.3.98.1.1.1.1.11 | ipsecdoiencapsulationmode | read-only |
The type of encapsulation used by this SA. |
| ipsecSaEspInEncAlg | 1.3.6.1.3.98.1.1.1.1.12 | ipsecdoiesptransform | read-only |
A unique value representing the encryption algorithm applied to traffic or 0 if there is no encryption used. |
| ipsecSaEspInEncKeyLength | 1.3.6.1.3.98.1.1.1.1.13 | unsigned32 | read-only |
The length of the encryption key in bits used for the algorithm specified in the 'ipsecSaEspInEncAlg' object. It may be 0 if the key length is implicit in the specified algorithm or there is no encryption specified. |
| ipsecSaEspInAuthAlg | 1.3.6.1.3.98.1.1.1.1.14 | ipsecdoiauthalgorithm | read-only |
A unique value representing the hash algorithm applied to traffic or 0 if there is no authentication used. |
| ipsecSaEspInAuthKeyLength | 1.3.6.1.3.98.1.1.1.1.15 | unsigned32 | read-only |
The length of the authentication key in bits used for the algorithm specified in the 'ipsecSaEspInAuthAlg'. It may be 0 if the key length is implicit in the specified algorithm or there is no authentication specified. |
| ipsecSaEspInRepWinSize | 1.3.6.1.3.98.1.1.1.1.16 | unsigned32 | read-only |
The size of the anti-replay window used by this SA, or 0 if anti-replay checking is not being done. |
| ipsecSaEspInLimitSeconds | 1.3.6.1.3.98.1.1.1.1.17 | unsigned32 | read-only |
The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated. |
| ipsecSaEspInLimitKbytes | 1.3.6.1.3.98.1.1.1.1.18 | unsigned32 | read-only |
The maximum traffic in kilobytes that the SA is allowed to process, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated. |
| ipsecSaEspInAccSeconds | 1.3.6.1.3.98.1.1.1.1.19 | counter32 | read-only |
The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed. |
| ipsecSaEspInAccKbytes | 1.3.6.1.3.98.1.1.1.1.20 | counter32 | read-only |
The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in kilobytes. This value may be 0 if the SA does not expire based on traffic. |
| ipsecSaEspInUserOctets | 1.3.6.1.3.98.1.1.1.1.21 | counter64 | read-only |
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the decrypted IP packet, including the original IP header of that decrypted packet. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit due to padding or other protocol specific overhead. |
| ipsecSaEspInPackets | 1.3.6.1.3.98.1.1.1.1.22 | counter64 | read-only |
The number of packets handled by the SA. |
| ipsecSaEspInDecryptErrors | 1.3.6.1.3.98.1.1.1.1.23 | counter32 | read-only |
The number of packets discarded by the SA due to detectable decryption errors. Not all decryption errors are detectable within SA processing, so this count should not be considered definitive. |
| ipsecSaEspInAuthErrors | 1.3.6.1.3.98.1.1.1.1.24 | counter32 | read-only |
The number of packets discarded by the SA due to authentication errors. |
| ipsecSaEspInReplayErrors | 1.3.6.1.3.98.1.1.1.1.25 | counter32 | read-only |
The number of packets discarded by the SA due to replay errors. |
| ipsecSaEspInPolicyErrors | 1.3.6.1.3.98.1.1.1.1.26 | counter32 | read-only |
The number of packets discarded by the SA due to policy errors. This includes packets where the next protocol is invalid. |
| ipsecSaEspInPadErrors | 1.3.6.1.3.98.1.1.1.1.27 | counter32 | read-only |
The number of packets discarded by the SA due to pad value errors. Implementations that do not check this must not support this object. |
| ipsecSaEspInOtherReceiveErrors | 1.3.6.1.3.98.1.1.1.1.28 | counter32 | read-only |
The number of packets discarded by the SA due to errors other than decryption, authentication, replay errors or, when supported, invalid padding errors. This may include packets dropped due to a lack of receive buffers, and may include packets dropped due to congestion at the decryption element. |
| ipsecSaAhInTable | 1.3.6.1.3.98.1.1.2 | no-access |
The (conceptual) table containing information on IPsec inbound AH SAs. There should be one row for every inbound AH security association that exists in the entity. The maximum number of rows is implementation dependent. |
|
| 1.3.6.1.3.98.1.1.2.1 | no-access |
An entry (conceptual row) containing the information on a particular IPsec inbound AH SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table. |
||
| ipsecSaAhInAddress | 1.3.6.1.3.98.1.1.2.1.1 | ipsecipv6address | read-only |
The destination address of the SA. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'. |
| ipsecSaAhInSpi | 1.3.6.1.3.98.1.1.2.1.2 | unsigned32 | read-only |
The security parameters index of the SA. |
| ipsecSaAhInDestId | 1.3.6.1.3.98.1.1.2.1.3 | ipsecrawid | read-only |
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during SA creation negotiation, or the equivalent process. |
| ipsecSaAhInDestIdType | 1.3.6.1.3.98.1.1.2.1.4 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaAhInDestId'. It may be 0 if unknown or if the SA uses transport mode encapsulation. |
| ipsecSaAhInSourceId | 1.3.6.1.3.98.1.1.2.1.5 | ipsecrawid | read-only |
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during SA creation negotiation or the equivelant process. |
| ipsecSaAhInSourceIdType | 1.3.6.1.3.98.1.1.2.1.6 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaAhInSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation. |
| ipsecSaAhInProtocol | 1.3.6.1.3.98.1.1.2.1.7 | integer32 | read-only |
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol. |
| ipsecSaAhInDestPort | 1.3.6.1.3.98.1.1.2.1.8 | integer32 | read-only |
The destination port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaAhInSourcePort | 1.3.6.1.3.98.1.1.2.1.9 | integer32 | read-only |
The source port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaAhInCreator | 1.3.6.1.3.98.1.1.2.1.10 | ipsecsacreatorident | read-only |
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method. |
| ipsecSaAhInEncapsulation | 1.3.6.1.3.98.1.1.2.1.11 | ipsecdoiencapsulationmode | read-only |
The type of encapsulation used by this SA. |
| ipsecSaAhInAuthAlg | 1.3.6.1.3.98.1.1.2.1.12 | ipsecdoiahtransform | read-only |
A unique value representing the hash algorithm applied to traffic carried by this SA. |
| ipsecSaAhInAuthKeyLength | 1.3.6.1.3.98.1.1.2.1.13 | unsigned32 | read-only |
The length of the authentication key in bits used for the algorithm specified in the 'ipsecSaAhInAuthAlg' object. It may be 0 if the key length is implicit in the specified algorithm. |
| ipsecSaAhInRepWinSize | 1.3.6.1.3.98.1.1.2.1.14 | unsigned32 | read-only |
The size of the anti-replay window used by this SA, or 0 if anti-replay checking is not being done. |
| ipsecSaAhInLimitSeconds | 1.3.6.1.3.98.1.1.2.1.15 | unsigned32 | read-only |
The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated. |
| ipsecSaAhInLimitKbytes | 1.3.6.1.3.98.1.1.2.1.16 | unsigned32 | read-only |
The maximum traffic in bytes that the SA is allowed to process, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated. |
| ipsecSaAhInAccSeconds | 1.3.6.1.3.98.1.1.2.1.17 | counter32 | read-only |
The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed. |
| ipsecSaAhInAccKbytes | 1.3.6.1.3.98.1.1.2.1.18 | counter32 | read-only |
The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in kilobytes. This value may be 0 if the SA does not expire based on traffic. |
| ipsecSaAhInUserOctets | 1.3.6.1.3.98.1.1.2.1.19 | counter64 | read-only |
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the de-processed IP packet, including the original IP header of that de- processed packet. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit due to padding or other protocol specific overhead. |
| ipsecSaAhInPackets | 1.3.6.1.3.98.1.1.2.1.20 | counter64 | read-only |
The number of packets handled by the SA. |
| ipsecSaAhInAuthErrors | 1.3.6.1.3.98.1.1.2.1.21 | counter32 | read-only |
The number of packets discarded by the SA due to authentication errors. |
| ipsecSaAhInReplayErrors | 1.3.6.1.3.98.1.1.2.1.22 | counter32 | read-only |
The number of packets discarded by the SA due to replay errors. |
| ipsecSaAhInPolicyErrors | 1.3.6.1.3.98.1.1.2.1.23 | counter32 | read-only |
The number of packets discarded by the SA due to policy errors. This includes packets where the next protocol is invalid. |
| ipsecSaAhInOtherReceiveErrors | 1.3.6.1.3.98.1.1.2.1.24 | counter32 | read-only |
The number of packets discarded by the SA due to errors other than decryption, authentication or replay errors. This may include packets dropped due to a lack of receive buffers, and may include packets dropped due to congestion at the authentication element. |
| ipsecSaIpcompInTable | 1.3.6.1.3.98.1.1.3 | no-access |
The (conceptual) table containing information on IPsec inbound IPcomp SAs. There should be one row for every inbound IPcomp (security) association that exists in the entity. The maximum number of rows is implementation dependent. |
|
| 1.3.6.1.3.98.1.1.3.1 | no-access |
An entry (conceptual row) containing the information on a particular IPsec inbound IPcomp SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table. |
||
| ipsecSaIpcompInAddress | 1.3.6.1.3.98.1.1.3.1.1 | ipsecipv6address | read-only |
The destination address of the SA. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'. |
| ipsecSaIpcompInCpi | 1.3.6.1.3.98.1.1.3.1.2 | ipsecdoiipcomptransform | read-only |
The CPI of the SA. Since the lower values of CPIs are reserved to be the same as the algorithm, the syntax for this object is the same as the transform. |
| ipsecSaIpcompInDestId | 1.3.6.1.3.98.1.1.3.1.3 | ipsecrawid | read-only |
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode, or 0 if this SA is used with multiple SAs in security association suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchanged during SA creation negotiation, or the equivalent process. |
| ipsecSaIpcompInDestIdType | 1.3.6.1.3.98.1.1.3.1.4 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaIpcompInDestId'. It may be 0 if unknown or if the SA uses transport mode, or if this SA is used with multiple SAs in security association suites. |
| ipsecSaIpcompInSourceId | 1.3.6.1.3.98.1.1.3.1.5 | ipsecrawid | read-only |
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation, or 0 if this SA is used with multiple SAs in security association suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchanged during SA creation negotiation, or the equivalent process. |
| ipsecSaIpcompInSourceIdType | 1.3.6.1.3.98.1.1.3.1.6 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaIpcompInSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation, or if this SA is used with multiple SAs in security association suites. |
| ipsecSaIpcompInProtocol | 1.3.6.1.3.98.1.1.3.1.7 | integer32 | read-only |
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol. |
| ipsecSaIpcompInDestPort | 1.3.6.1.3.98.1.1.3.1.8 | integer32 | read-only |
The destination port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaIpcompInSourcePort | 1.3.6.1.3.98.1.1.3.1.9 | integer32 | read-only |
The source port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaIpcompInCreator | 1.3.6.1.3.98.1.1.3.1.10 | ipsecsacreatorident | read-only |
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method. |
| ipsecSaIpcompInEncapsulation | 1.3.6.1.3.98.1.1.3.1.11 | ipsecdoiencapsulationmode | read-only |
The type of encapsulation used by this SA. |
| ipsecSaIpcompInDecompAlg | 1.3.6.1.3.98.1.1.3.1.12 | ipsecdoiipcomptransform | read-only |
A unique value representing the decompression algorithm applied to traffic. |
| ipsecSaIpcompInSeconds | 1.3.6.1.3.98.1.1.3.1.13 | counter32 | read-only |
The number of seconds that the SA has existed. |
| ipsecSaIpcompInUserOctets | 1.3.6.1.3.98.1.1.3.1.14 | counter64 | read-only |
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the uncompressed IP packet, including the original IP header of that uncompressed packet. Packets which are not decompressed by the SA are not counted in this total. |
| ipsecSaIpcompInPackets | 1.3.6.1.3.98.1.1.3.1.15 | counter64 | read-only |
The number of packets handled by the SA. |
| ipsecSaIpcompInDecompErrors | 1.3.6.1.3.98.1.1.3.1.16 | counter32 | read-only |
The number of packets discarded by the SA due to decompression errors. |
| ipsecSaIpcompInOtherReceiveErrors | 1.3.6.1.3.98.1.1.3.1.17 | counter32 | read-only |
The number of packets discarded by the SA due to errors other than decompression errors. This may include packets dropped due to a lack of receive buffers, and packets dropped due to congestion at the decompression element. |
| ipsecSaEspOutTable | 1.3.6.1.3.98.1.1.4 | no-access |
The (conceptual) table containing information on IPsec Outbound ESP SAs. There should be one row for every outbound ESP security association that exists in the entity. The maximum number of rows is implementation dependent. |
|
| 1.3.6.1.3.98.1.1.4.1 | no-access |
An entry (conceptual row) containing the information on a particular IPsec Outbound ESP SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table. |
||
| ipsecSaEspOutAddress | 1.3.6.1.3.98.1.1.4.1.1 | ipsecipv6address | read-only |
The destination address of the SA. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'. |
| ipsecSaEspOutSpi | 1.3.6.1.3.98.1.1.4.1.2 | unsigned32 | read-only |
The security parameters index of the SA. |
| ipsecSaEspOutSourceId | 1.3.6.1.3.98.1.1.4.1.3 | ipsecrawid | read-only |
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during phase 2 negotiations, or the equivalent process. |
| ipsecSaEspOutSourceIdType | 1.3.6.1.3.98.1.1.4.1.4 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaEspOutSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation. |
| ipsecSaEspOutDestId | 1.3.6.1.3.98.1.1.4.1.5 | ipsecrawid | read-only |
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during phase 2 negotiations or the equivalent process. |
| ipsecSaEspOutDestIdType | 1.3.6.1.3.98.1.1.4.1.6 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaEspOutDestId'. It may be 0 if unknown or if the SA uses transport mode encapsulation. |
| ipsecSaEspOutProtocol | 1.3.6.1.3.98.1.1.4.1.7 | integer32 | read-only |
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol. |
| ipsecSaEspOutSourcePort | 1.3.6.1.3.98.1.1.4.1.8 | integer32 | read-only |
The source port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaEspOutDestPort | 1.3.6.1.3.98.1.1.4.1.9 | integer32 | read-only |
The destination port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaEspOutCreator | 1.3.6.1.3.98.1.1.4.1.10 | ipsecsacreatorident | read-only |
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method. |
| ipsecSaEspOutEncapsulation | 1.3.6.1.3.98.1.1.4.1.11 | ipsecdoiencapsulationmode | read-only |
The type of encapsulation used by this SA. |
| ipsecSaEspOutEncAlg | 1.3.6.1.3.98.1.1.4.1.12 | ipsecdoiesptransform | read-only |
A unique value representing the encryption algorithm applied to traffic or 0 if there is no encryption used. |
| ipsecSaEspOutEncKeyLength | 1.3.6.1.3.98.1.1.4.1.13 | unsigned32 | read-only |
The length of the encryption key in bits used for the algorithm specified in the 'ipsecSaEspOutEncAlg' object. It may be 0 if the key length is implicit in the specified algorithm or there is no encryption specified. |
| ipsecSaEspOutAuthAlg | 1.3.6.1.3.98.1.1.4.1.14 | ipsecdoiauthalgorithm | read-only |
A unique value representing the hash algorithm applied to traffic or 0 if there is no authentication used. |
| ipsecSaEspOutAuthKeyLength | 1.3.6.1.3.98.1.1.4.1.15 | unsigned32 | read-only |
The length of the authentication key in bits used for the algorithm specified in the 'ipsecSaEspOutAuthAlg' object. It may be 0 if the key length is implicit in the specified algorithm or there is no authentication specified. |
| ipsecSaEspOutLimitSeconds | 1.3.6.1.3.98.1.1.4.1.16 | unsigned32 | read-only |
The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated. |
| ipsecSaEspOutLimitKbytes | 1.3.6.1.3.98.1.1.4.1.17 | unsigned32 | read-only |
The maximum traffic in bytes that the SA is allowed to process, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated. |
| ipsecSaEspOutAccSeconds | 1.3.6.1.3.98.1.1.4.1.18 | counter32 | read-only |
The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed. |
| ipsecSaEspOutAccKbytes | 1.3.6.1.3.98.1.1.4.1.19 | counter32 | read-only |
The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in kilobytes. This value may be 0 if the SA does not expire based on traffic. |
| ipsecSaEspOutUserOctets | 1.3.6.1.3.98.1.1.4.1.20 | counter64 | read-only |
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the unencrypted IP packet, including the original IP header of that unencrypted packet. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit due to padding or other protocol specific overhead. |
| ipsecSaEspOutPackets | 1.3.6.1.3.98.1.1.4.1.21 | counter64 | read-only |
The number of packets handled by the SA. |
| ipsecSaEspOutSendErrors | 1.3.6.1.3.98.1.1.4.1.22 | counter32 | read-only |
The number of packets discarded by the SA due to any error. This may include errors due to a lack of transmit buffers. |
| ipsecSaAhOutTable | 1.3.6.1.3.98.1.1.5 | no-access |
The (conceptual) table containing information on IPsec Outbound AH SAs. There should be one row for every outbound AH security association that exists in the entity. The maximum number of rows is implementation dependent. |
|
| 1.3.6.1.3.98.1.1.5.1 | no-access |
An entry (conceptual row) containing the information on a particular IPsec Outbound AH SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table. |
||
| ipsecSaAhOutAddress | 1.3.6.1.3.98.1.1.5.1.1 | ipsecipv6address | read-only |
The destination address of the SA. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'. |
| ipsecSaAhOutSpi | 1.3.6.1.3.98.1.1.5.1.2 | unsigned32 | read-only |
The security parameters index of the SA. |
| ipsecSaAhOutSourceId | 1.3.6.1.3.98.1.1.5.1.3 | ipsecrawid | read-only |
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during phase 2 negotiations, or the equivalent process. |
| ipsecSaAhOutSourceIdType | 1.3.6.1.3.98.1.1.5.1.4 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaAhOutSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation. |
| ipsecSaAhOutDestId | 1.3.6.1.3.98.1.1.5.1.5 | ipsecrawid | read-only |
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation. This value is taken directly from the optional ID payloads that are exchanged during phase 2 negotiations, or the equivalent process. |
| ipsecSaAhOutDestIdType | 1.3.6.1.3.98.1.1.5.1.6 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaAhOutDestId'. It may be 0 if unknown or if the SA uses transport mode encapsulation. |
| ipsecSaAhOutProtocol | 1.3.6.1.3.98.1.1.5.1.7 | integer32 | read-only |
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol. |
| ipsecSaAhOutSourcePort | 1.3.6.1.3.98.1.1.5.1.8 | integer32 | read-only |
The source port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaAhOutDestPort | 1.3.6.1.3.98.1.1.5.1.9 | integer32 | read-only |
The destination port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaAhOutCreator | 1.3.6.1.3.98.1.1.5.1.10 | ipsecsacreatorident | read-only |
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method. |
| ipsecSaAhOutEncapsulation | 1.3.6.1.3.98.1.1.5.1.11 | ipsecdoiencapsulationmode | read-only |
The type of encapsulation used by this SA. |
| ipsecSaAhOutAuthAlg | 1.3.6.1.3.98.1.1.5.1.12 | ipsecdoiahtransform | read-only |
A unique value representing the hash algorithm applied to traffic carried by this SA. |
| ipsecSaAhOutAuthKeyLength | 1.3.6.1.3.98.1.1.5.1.13 | unsigned32 | read-only |
The length of the authentication key in bits used for the algorithm specified in the 'ipsecSaAhOutAuthAlg' object. It may be 0 if the key length is implicit in the specified algorithm. |
| ipsecSaAhOutLimitSeconds | 1.3.6.1.3.98.1.1.5.1.14 | unsigned32 | read-only |
The maximum lifetime in seconds of the SA, or 0 if there is no time constraint on its expiration. The display value is limited to 4294967295 seconds (more than 136 years); values greater than that value will be truncated. |
| ipsecSaAhOutLimitKbytes | 1.3.6.1.3.98.1.1.5.1.15 | unsigned32 | read-only |
The maximum traffic in bytes that the SA is allowed to process, or 0 if there is no traffic constraint on its expiration. The display value is limited to 4294967295 kilobytes; values greater than that value will be truncated. |
| ipsecSaAhOutAccSeconds | 1.3.6.1.3.98.1.1.5.1.16 | counter32 | read-only |
The number of seconds accumulated against the SA's expiration by time. This is also the number of seconds that the SA has existed. |
| ipsecSaAhOutAccKbytes | 1.3.6.1.3.98.1.1.5.1.17 | counter32 | read-only |
The amount of traffic accumulated that counts against the SA's expiration by traffic limitation, measured in kilobytes. This value may be 0 if the SA does not expire based on traffic. |
| ipsecSaAhOutUserOctets | 1.3.6.1.3.98.1.1.5.1.18 | counter64 | read-only |
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the unprocessed IP packet, including the original IP header of that unprocessed packet. This is not necessarily the same as the amount of traffic applied against the traffic expiration limit due to padding or other protocol specific overhead. |
| ipsecSaAhOutPackets | 1.3.6.1.3.98.1.1.5.1.19 | counter64 | read-only |
The number of packets handled by the SA. |
| ipsecSaAhOutSendErrors | 1.3.6.1.3.98.1.1.5.1.20 | counter32 | read-only |
The number of packets discarded by the SA due to any error. This may include errors due to a lack of transmit buffers. |
| ipsecSaIpcompOutTable | 1.3.6.1.3.98.1.1.6 | no-access |
The (conceptual) table containing information on IPsec Outbound IPcomp SAs. There should be one row for every outbound IPcomp (security) association that exists in the entity. The maximum number of rows is implementation dependent. |
|
| 1.3.6.1.3.98.1.1.6.1 | no-access |
An entry (conceptual row) containing the information on a particular IPsec Outbound IPcomp SA. A row in this table cannot be created or deleted by SNMP operations on columns of the table. |
||
| ipsecSaIpcompOutAddress | 1.3.6.1.3.98.1.1.6.1.1 | ipsecipv6address | read-only |
The destination address of the SA. If the IPcomp SA is shared across multiple SAs in security association suites, this value may be 0. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'. |
| ipsecSaIpcompOutCpi | 1.3.6.1.3.98.1.1.6.1.2 | ipsecdoiipcomptransform | read-only |
The CPI of the SA. Since the lower values of CPIs are reserved to be the same as the algorithm, the syntax for this object is the same as the transform. |
| ipsecSaIpcompOutSourceId | 1.3.6.1.3.98.1.1.6.1.3 | ipsecrawid | read-only |
The source identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation, or if this SA is used with multiple SAs in security association suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchange during phase 2 negotiations or the equivalent process. |
| ipsecSaIpcompOutSourceIdType | 1.3.6.1.3.98.1.1.6.1.4 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaIpcompOutSourceId'. It may be 0 if unknown or if the SA uses transport mode encapsulation, or if this SA is used with multiple SAs in security association suites. |
| ipsecSaIpcompOutDestId | 1.3.6.1.3.98.1.1.6.1.5 | ipsecrawid | read-only |
The destination identifier of the SA. It may be 0 if unknown or if the SA uses transport mode encapsulation, or if this SA is used with multiple SAs in security association suites. This value, if non-zero, is taken directly from the optional ID payloads that are exchange during phase 2 negotiations or the equivalent process. |
| ipsecSaIpcompOutDestIdType | 1.3.6.1.3.98.1.1.6.1.6 | ipsecdoiidenttype | read-only |
The type of identifier presented by 'ipsecSaIpcompOutDestId', or 0 if unknown or if the SA uses transport mode encapsulation, or 0 if this SA is used with multiple SAs in security association suites. |
| ipsecSaIpcompOutProtocol | 1.3.6.1.3.98.1.1.6.1.7 | integer32 | read-only |
The transport-layer protocol number that this SA carries, or 0 if it carries any protocol. |
| ipsecSaIpcompOutSourcePort | 1.3.6.1.3.98.1.1.6.1.8 | integer32 | read-only |
The source port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaIpcompOutDestPort | 1.3.6.1.3.98.1.1.6.1.9 | integer32 | read-only |
The destination port number of the protocol that this SA carries, or 0 if it carries any port number. |
| ipsecSaIpcompOutCreator | 1.3.6.1.3.98.1.1.6.1.10 | ipsecsacreatorident | read-only |
The creator of this SA. This MIB makes no assumptions about how the SAs are created. They may be created statically, or by a key exchange protocol such as IKE, or by some other method. |
| ipsecSaIpcompOutEncapsulation | 1.3.6.1.3.98.1.1.6.1.11 | ipsecdoiencapsulationmode | read-only |
The type of encapsulation used by this SA. |
| ipsecSaIpcompOutCompAlg | 1.3.6.1.3.98.1.1.6.1.12 | ipsecdoiipcomptransform | read-only |
A unique value representing the compression algorithm applied to traffic. |
| ipsecSaIpcompOutSeconds | 1.3.6.1.3.98.1.1.6.1.13 | counter32 | read-only |
The number of seconds that the SA has existed. |
| ipsecSaIpcompOutUserOctets | 1.3.6.1.3.98.1.1.6.1.14 | counter64 | read-only |
The amount of user level traffic measured in bytes handled by the SA. This is the number of bytes of the decompressed IP packet, including the original IP header of that decompressed packet. |
| ipsecSaIpcompOutOutputOctets | 1.3.6.1.3.98.1.1.6.1.15 | counter64 | read-only |
The amount of traffic measured in bytes output by the SA. This includes byte counts from packets compressed by the SA and also packets not modified by the SA. This object can be divided into the 'ipsecSaIpcompOutUserOctets' object to get a compression performance metric for the SA. |
| ipsecSaIpcompOutPackets | 1.3.6.1.3.98.1.1.6.1.16 | counter64 | read-only |
The number of packets handled by the SA. This includes packets that were both compressed and not compressed. |
| saStatistics | 1.3.6.1.3.98.1.2 |
This is the base object identifier for all objects which are global counters for IPsec security associations. |
||
| ipsecEspCurrentInboundSAs | 1.3.6.1.3.98.1.2.1 | gauge32 | read-only |
The current number of inbound ESP SAs in the entity. |
| ipsecEspTotalInboundSAs | 1.3.6.1.3.98.1.2.2 | counter32 | read-only |
The total number of inbound ESP SAs created in the entity since boot time. |
| ipsecEspCurrentOutboundSAs | 1.3.6.1.3.98.1.2.3 | gauge32 | read-only |
The current number of outbound ESP SAs in the entity. |
| ipsecEspTotalOutboundSAs | 1.3.6.1.3.98.1.2.4 | counter32 | read-only |
The total number of outbound ESP SAs created in the entity since boot time. |
| ipsecAhCurrentInboundSAs | 1.3.6.1.3.98.1.2.5 | gauge32 | read-only |
The current number of inbound AH SAs in the entity. |
| ipsecAhTotalInboundSAs | 1.3.6.1.3.98.1.2.6 | counter32 | read-only |
The total number of inbound AH SAs created in the entity since boot time. |
| ipsecAhCurrentOutboundSAs | 1.3.6.1.3.98.1.2.7 | gauge32 | read-only |
The current number of outbound AH SAs in the entity. |
| ipsecAhTotalOutboundSAs | 1.3.6.1.3.98.1.2.8 | counter32 | read-only |
The total number of outbound AH SAs created in the entity since boot time. |
| ipsecIpcompCurrentInboundSAs | 1.3.6.1.3.98.1.2.9 | gauge32 | read-only |
The current number of inbound IPcomp SAs in the entity. |
| ipsecIpcompTotalInboundSAs | 1.3.6.1.3.98.1.2.10 | counter32 | read-only |
The total number of inbound IPcomp SAs created in the entity since boot time. |
| ipsecIpcompCurrentOutboundSAs | 1.3.6.1.3.98.1.2.11 | gauge32 | read-only |
The current number of outbound IPcomp SAs in the entity. |
| ipsecIpcompTotalOutboundSAs | 1.3.6.1.3.98.1.2.12 | counter32 | read-only |
The total number of outbound IPcomp SAs created in the entity since boot time. |
| saErrors | 1.3.6.1.3.98.1.3 |
This is the base object identifier for all objects which are global error counters for IPsec security associations. |
||
| ipsecDecryptionErrors | 1.3.6.1.3.98.1.3.1 | counter32 | read-only |
The total number of packets received by the entity in SAs since boot time with detectable decryption errors. Not all decryption errors are detectable within SA processing, so this count should not be considered definitive. |
| ipsecAuthenticationErrors | 1.3.6.1.3.98.1.3.2 | counter32 | read-only |
The total number of packets received by the entity in SAs since boot time with authentication errors. This includes all packets in which the hash value is determined to be invalid, for both ESP and AH SAs. |
| ipsecReplayErrors | 1.3.6.1.3.98.1.3.3 | counter32 | read-only |
The total number of packets received by the entity in SAs since boot time with replay errors. |
| ipsecPolicyErrors | 1.3.6.1.3.98.1.3.4 | counter32 | read-only |
The total number of packets received by the entity in SAs since boot time and discarded due to policy errors. This includes packets that had selectors that were invalid for the SA that carried them, and also includes packets that arrived at the entity in the clear and that should have been protected by IPsec or should have been dropped. |
| ipsecOtherReceiveErrors | 1.3.6.1.3.98.1.3.5 | counter32 | read-only |
The total number of packets received by the entity in SAs since boot time and discarded due to errors not due to decryption, authentication, replay or policy. |
| ipsecSendErrors | 1.3.6.1.3.98.1.3.6 | counter32 | read-only |
The total number of packets to be sent by the entity in SAs since boot time and discarded due to errors. |
| ipsecUnknownSpiErrors | 1.3.6.1.3.98.1.3.7 | counter32 | read-only |
The total number of packets received by the entity since boot time with SPIs or CPIs that were not valid. |
| saTraps | 1.3.6.1.3.98.1.4 |
This is the base object identifier for all objects which are traps for IPsec security associations. |
||
| espAuthFailureTrap | 1.3.6.1.3.98.1.4.0.1 |
IPsec packets with invalid hashes were found in an inbound ESP SA. The total number of authentication errors accumulated is sent for the specific row of the 'ipsecSaEspInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet. |
||
| ahAuthFailureTrap | 1.3.6.1.3.98.1.4.0.2 |
IPsec packets with invalid hashes were found in an inbound AH SA. The total number of authentication errors accumulated is sent for the specific row of the 'ipsecSaAhInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet. |
||
| espReplayFailureTrap | 1.3.6.1.3.98.1.4.0.3 |
IPsec packets with invalid sequence numbers were found in an inbound ESP SA. The total number of replay errors accumulated is sent for the specific row of the 'ipsecSaEspInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet. |
||
| ahReplayFailureTrap | 1.3.6.1.3.98.1.4.0.4 |
IPsec packets with invalid sequence numbers were found in the specified AH SA. The total number of replay errors accumulated is sent for the specific row of the 'ipsecSaAhInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet. |
||
| espPolicyFailureTrap | 1.3.6.1.3.98.1.4.0.5 |
IPsec packets carrying packets with invalid selectors for the specified ESP SA were found. The total number of policy errors accumulated is sent for the specific row of the 'ipsecSaEspInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet. |
||
| ahPolicyFailureTrap | 1.3.6.1.3.98.1.4.0.6 |
IPsec packets carrying packets with invalid selectors for the specified AH SA were found. The total number of policy errors accumulated is sent for the specific row of the 'ipsecSaAhInTable' table for the SA; this provides the identity of the SA in which the error occurred. Implementations SHOULD send one trap per SA (within a reasonable time period), rather than sending one trap per packet. |
||
| espInvalidSpiTrap | 1.3.6.1.3.98.1.4.0.7 |
A packet with an unknown SPI was detected from the specified peer with the specified SPI using the specified protocol. The destination address of the received packet is specified by 'ipsecLocalAddress'. The value 'ifIndex' may be 0 if this optional linkage is unsupported. If the object 'ipsecSecurityProtocol' has the value for IPcomp, then the 'ipsecSPI' object is the CPI of the packet. Implementations SHOULD send one trap per peer (within a reasonable time period), rather than sending one trap per packet. |
||
| otherPolicyFailureTrap | 1.3.6.1.3.98.1.4.0.8 |
Clear packets were found that should not have been sent to the entity in the clear. The total number of policy errors accumulated by the entity is sent, along with the source and destination addresses of the packet that triggered the trap. Implementations SHOULD send one trap per source address pair (within a reasonable time period), rather than sending one trap per packet. |
||
| saTrapObjects | 1.3.6.1.3.98.1.5 |
This is the base object identifier for objects which are used as part of traps. |
||
| ipsecSecurityProtocol | 1.3.6.1.3.98.1.5.1 | ipsecdoisecprotocolid | no-access |
A security protocol associated with the trap. |
| ipsecSPI | 1.3.6.1.3.98.1.5.2 | unsigned32 | no-access |
An SPI associated with a trap. Where the security protocol associated with the trap is IPcomp, this value has a maximum of 65535. |
| ipsecLocalAddress | 1.3.6.1.3.98.1.5.3 | ipsecipv6address | no-access |
A local IP address associated with the trap. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'. |
| ipsecPeerAddress | 1.3.6.1.3.98.1.5.4 | ipsecipv6address | no-access |
A peer IP address associated with the trap. IPv4 entities will prefix the IP address with '0000:0000:0000:0000:0000:FFFF::'. |
| saTrapControl | 1.3.6.1.3.98.1.6 |
This is the base object identifier for all objects which are trap controls for IPsec security associations. |
||
| espAuthFailureTrapEnable | 1.3.6.1.3.98.1.6.1 | truthvalue | read-write |
Indicates whether espAuthFailureTrap traps should be generated. |
| ahAuthFailureTrapEnable | 1.3.6.1.3.98.1.6.2 | truthvalue | read-write |
Indicates whether ahAuthFailureTrap traps should be generated. |
| espReplayFailureTrapEnable | 1.3.6.1.3.98.1.6.3 | truthvalue | read-write |
Indicates whether espReplayFailureTrap traps should be generated. |
| ahReplayFailureTrapEnable | 1.3.6.1.3.98.1.6.4 | truthvalue | read-write |
Indicates whether ahReplayFailureTrap traps should be generated. |
| espPolicyFailureTrapEnable | 1.3.6.1.3.98.1.6.5 | truthvalue | read-write |
Indicates whether espPolicyFailureTrap traps should be generated. |
| ahPolicyFailureTrapEnable | 1.3.6.1.3.98.1.6.6 | truthvalue | read-write |
Indicates whether ahPolicyFailureTrap traps should be generated. |
| invalidSpiTrapEnable | 1.3.6.1.3.98.1.6.7 | truthvalue | read-write |
Indicates whether invalidSpiTrap traps should be generated. |
| otherPolicyFailureTrapEnable | 1.3.6.1.3.98.1.6.8 | truthvalue | read-write |
Indicates whether otherPolicyFailureTrap traps should be generated. |
| saGroups | 1.3.6.1.3.98.1.7 |
This is the base object identifier for all objects which describe the groups in this MIB. |
||
| ipsecSaEspGroup | 1.3.6.1.3.98.1.7.1 |
A collection of objects that describe the state of the security associations of the ESP protocol. |
||
| ipsecSaAhGroup | 1.3.6.1.3.98.1.7.2 |
A collection of objects that describe the state of the security associations of the AH protocol. |
||
| ipsecSaIpcompGroup | 1.3.6.1.3.98.1.7.3 |
A collection of objects that describe the state of the security associations of the IPComp protocol. |
||
| ipsecSaErrorsGroup | 1.3.6.1.3.98.1.7.4 |
A collection of objects providing global IPsec error counters. |
||
| ipsecSaFailureTrapEnableGroup | 1.3.6.1.3.98.1.7.5 |
A collection of objects providing control over trap generation. |
||
| ipsecSaTrapArgumentGroup | 1.3.6.1.3.98.1.7.6 |
A collection of objects used only as arguments in traps. |
||
| ipsecSaFailureTrapGroup | 1.3.6.1.3.98.1.7.7 |
A collection of traps. |
||
| saConformance | 1.3.6.1.3.98.1.8 |
This is the base object identifier for all objects which describe the conformance for this MIB. |
||
| ipsecSaMonitorCompliance | 1.3.6.1.3.98.1.8.1 |
The compliance statement for SNMPv2 entities which implement the IPsec Monitoring MIB. |
||