You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > Cisco > CISCO-ENHANCED-IPSEC-FLOW-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

CISCO-ENHANCED-IPSEC-FLOW-MIB by vendor Cisco

CISCO-ENHANCED-IPSEC-FLOW-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing CISCO-ENHANCED-IPSEC-FLOW-MIB.


Vendor: Cisco
Mib: CISCO-ENHANCED-IPSEC-FLOW-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
-- *------------------------------------------------------------------
-- * CISCO-ENHANCED-IPSEC-FLOW-MIB.my:
-- *                   Enhanced IPsec Flow Monitoring MIB.
-- *
-- * August 2004, S Ramakrishnan, John Fan
-- *
-- * Copyright (c) 2004 by cisco Systems, Inc.
-- * All rights reserved.
-- *------------------------------------------------------------------

CISCO-ENHANCED-IPSEC-FLOW-MIB DEFINITIONS ::= BEGIN

    IMPORTS
      MODULE-IDENTITY, OBJECT-TYPE, 
      NOTIFICATION-TYPE,
      Counter32, Counter64, Gauge32, 
      Unsigned32                             FROM SNMPv2-SMI
      TimeStamp, TimeInterval, TruthValue    FROM SNMPv2-TC
      MODULE-COMPLIANCE, OBJECT-GROUP, 
      NOTIFICATION-GROUP                     FROM SNMPv2-CONF
      InetAddressType, InetAddress           FROM INET-ADDRESS-MIB
      SnmpAdminString                        FROM SNMP-FRAMEWORK-MIB
      CiscoIpProtocol, CiscoPort             FROM CISCO-TC
      CIPsecEncryptionKeySize,
      CIPsecControlProtocol,
      CIPsecDiffHellmanGrp,
      CIPsecEncapMode,
      CIPsecEncryptAlgorithm,
      CIPsecSpi,
      CIPsecAuthAlgorithm,
      CIPsecCompAlgorithm,
      CIPsecEndPtType,
      CIPsecNATTraversalMode,
      CIPsecPhase1TunnelIndexOrZero,
      CIPsecPhase2TunnelIndex,
      CIPsecPhase2SaDirection,
      CIPsecProtocol,
      CIPsecPmtu,      
      CIPsecTunnelStatus                     FROM CISCO-IPSEC-TC
      ciscoMgmt                              FROM CISCO-SMI
      ifIndex, InterfaceIndex                FROM IF-MIB;

ciscoEnhancedIpsecFlowMIB MODULE-IDENTITY
         LAST-UPDATED "200501120000Z"
         ORGANIZATION "Cisco Systems, Inc."
         CONTACT-INFO
         "
         Cisco Systems
         Customer Service

         Postal: 170 W Tasman Drive
                 San Jose, CA  95134
                 USA

                 Tel: +1 800 553-NETS
         E-mail: cs-ipsecmib@external.cisco.com
         "
    DESCRIPTION
    "
    This is a MIB Module for monitoring the structures 
    and status of IPSec-based networks. The MIB has been 
    designed to be adopted as an IETF standard. Hence 
    vendor-specific features of IPSec protocol are excluded 
    from this MIB.

    Acronyms
    The following acronyms are used in this document:

       IPsec:      Secure IP Protocol

       VPN:        Virtual Private Network

       ISAKMP:     Internet Security Association and Key Exchange
                   Protocol

       IKE:        Internet Key Exchange Protocol

       SA:         Security Association
           (ref: rfc2408).

       SPI:        Security Parameter Index is the pointer or
           identifier used in accessing SA attributes
           (ref: rfc2408).

       MM:         Main Mode - the process of setting up
                   a Phase 1 SA to secure the exchanges
                   required to setup Phase 2 SAs

       QM:         Quick Mode - the process of setting up
                   Phase 2 Security Associations using
                   a Phase 1 SA.

       Phase 1 Tunnel:
                   An ISAKMP SA can be regarded as representing
                   a flow of ISAKMP/IKE traffic. Hence an ISAKMP
                   is referred to as a 'Phase 1 Tunnel' in this
                   document. 

       Control Tunnel:
                   Another term for a Phase 1 Tunnel.

       Phase 2 Tunnel:
                   An instance of a non-ISAKMP SA  bundle in which all
                   the SA share the same proxy identifiers (IDii,IDir)
                   protect the same stream of application traffic.
                   Such an SA bundle is termed a 'Phase 2 Tunnel'.
                   Note that a Phase 2 tunnel may comprise different
                   SA bundles and different number of SA bundles at
                   different times (due to key refresh).

       MTU:
                   Maximum Transmission Unit (of an IPsec tunnel).

    History of the MIB
     A precursor to this MIB was written by Tivoli and implemented 
     in IBM Nways routers in 1999. During late 1999, Cisco adopted
     the MIB and together with Tivoli publised the IPsec Flow
     Monitor MIB in IETF IPsec WG in 
     draft-ietf-ipsec-flow-monitoring-mib-00.txt. In 2000, the
     MIB was Cisco-ized and implemented this draft as
     CISCO-IPSEC-FLOW-MONITOR-MIB in IOS and VPN3000 platforms.

     With the evolution of IKEv2, the MIB was modified and 
     presented to the IPsec WG again in May 2003 in
     draft-ietf-ipsec-flow-monitoring-mib-02.txt.

     With the emergence of multiple IPsec signaling protocols,
     it became apparent that the signaling aspects of IPsec
     need to be instrumented separately in their own right.
     Thus, the IPsec control attributes and metrics were 
     separated out into CISCO-IPSEC-SIGNALING-MIB and
     CISCO-IKE-FLOW-MIB.

     This version of the draft is the version of the draft
     that models that IPsec data protocol, structures and 
     activity alone.

    Overview of MIB

     The MIB contains four major groups of objects which are
     used to manage the IPsec Protocol. These groups include
     a Levels Group, a Phase-1 Group, a Phase-2 Group,
     a History Group, a Failure Group and a TRAP Control Group.
     The following table illustrates the structure of the
     IPsec MIB.

     The Phase 2 group models objects pertaining to
     IPsec data tunnels.

     The History group is to aid applications that do
     trending analysis.

     The Failure group is to enable an operator to
     do troubleshooting and debugging of the VPN Router.
     Further, counters are supported to aid detection
     of potential security violations.

     In addition to the three major MIB Groups, there are
     a number of Notifications. The following table
     illustrates the name and description of the
     IPsec TRAPs.
    " 
    REVISION    "200501120000Z"
    DESCRIPTION
    "Added a new table, ceipSecTunnelSaTable"
    REVISION    "200408310000Z"
    DESCRIPTION
    "
    Initial version of this module.
    "
   ::= { ciscoMgmt 432 }

ciscoEnhancedIpsecFlowMIBNotifs  OBJECT IDENTIFIER
              ::= { ciscoEnhancedIpsecFlowMIB 0}

ciscoEnhancedIpsecFlowMIBObjects OBJECT IDENTIFIER
              ::= { ciscoEnhancedIpsecFlowMIB 1 }

ciscoEnhancedIpsecFlowMIBConform OBJECT IDENTIFIER
              ::= { ciscoEnhancedIpsecFlowMIB 2 }

ceipSecPhaseTwo OBJECT IDENTIFIER
              ::= { ciscoEnhancedIpsecFlowMIBObjects 1 }

ceipSecHistory  OBJECT IDENTIFIER
              ::= { ciscoEnhancedIpsecFlowMIBObjects 2 }

ceipSecFailures OBJECT IDENTIFIER
              ::= { ciscoEnhancedIpsecFlowMIBObjects 3 }

ceipSecNotificationCntl OBJECT IDENTIFIER
              ::= { ciscoEnhancedIpsecFlowMIBObjects 5 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Phase-2 Group
--
-- This group consists of:
-- 1) IPsec Phase-2 Global Statistics
-- 2) IPsec Phase-2 Tunnel Table
-- 3) IPsec Phase-2 Endpoint Table
-- 4) IPsec Phase-2 Security Protection Index Table
-- 4) IPsec Phase-2 Security Protection Index Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Global Tunnel Statistics
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecGlobalStats OBJECT IDENTIFIER
               ::= { ceipSecPhaseTwo 1 }

ceipSecGlobalActiveTunnels OBJECT-TYPE
       SYNTAX Gauge32
       UNITS "Tunnels"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of currently active
         IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 1 }

ceipSecGlobalPreviousTunnels OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Tunnels"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of previously active
         IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 2 }

ceipSecGlobalInOctets OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Octets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of
         octets received by all current and previous
         IPsec Phase-2 Tunnels. This value is accumulated
         BEFORE determining whether or not the packet
         should be decompressed."
       ::= { ceipSecGlobalStats 3 }

ceipSecGlobalInDecompOctets OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Octets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number
         of decompressed octets received by all current
         and previous IPsec Phase-2 Tunnels.  This value
         is accumulated AFTER the packet is decompressed.
         If compression is not being used, this value
         will match the value of ceipSecGlobalInOctets."
       ::= { ceipSecGlobalStats 4 }

ceipSecGlobalInPkts OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets received
         by all current and previous
         IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 5 }

ceipSecGlobalInDrops OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped
         during receive processing by all current and
         previous IPsec Phase-2 Tunnels. This count does
         NOT include packets dropped due to
         Anti-Replay processing."
       ::= { ceipSecGlobalStats 6 }

ceipSecGlobalInReplayDrops OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped during
         receive processing due to Anti-Replay
         processing by all current and previous IPsec
         Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 7 }

ceipSecGlobalInAuths OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Events"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound authentication's
         performed by all current and previous IPsec
         Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 8 }

ceipSecGlobalInAuthFails OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound authentication's
         which ended in failure by all current and 
         previous IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 9 }

ceipSecGlobalInDecrypts OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound decryption's
         performed by all current and previous IPsec
         Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 10 }

ceipSecGlobalInDecryptFails OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound decryption's
         which ended in failure by all current and
         previous IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 11 }

ceipSecGlobalOutOctets OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Octets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number
         of octets sent by all current and previous
         IPsec Phase-2 Tunnels.  This value is accumulated
         AFTER determining whether or not the packet should
         be compressed."
       ::= { ceipSecGlobalStats 12 }

ceipSecGlobalOutUncompOctets OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Octets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of
         uncompressed octets sent by all current and previous
         IPsec Phase-2 Tunnels.  This value is accumulated
         BEFORE the packet is compressed.  If compression is
         not being used, this value will match the
         value of ceipSecGlobalOutOctets."
       ::= { ceipSecGlobalStats 13 }

ceipSecGlobalOutPkts OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets sent by all
         current and previous IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 14 }

ceipSecGlobalOutDrops OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped during send
         processing by all current and previous IPsec
         Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 15 }

ceipSecGlobalOutAuths OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Events"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound authentication's
         performed by all current and previous IPsec
         Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 16 }

ceipSecGlobalOutAuthFails OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound authentication's
         which ended in failure
         by all current and previous IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 17 }

ceipSecGlobalOutEncrypts OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound encryption's performed
         by all current and previous IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 18 }

ceipSecGlobalOutEncryptFails OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound encryption's
         which ended in failure by all current and
         previous IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 19 }

ceipSecGlobalProtocolUseFails OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of protocol use failures
         which occurred during processing of all current
         and previously active IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 20 }

ceipSecGlobalNoSaFails OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of non-existent Security 
         Association in failures which occurred during 
         processing of all current and previous IPsec 
         Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 21 }

ceipSecGlobalSysCapFails OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of system capacity failures
         which occurred during processing of all current
         and previously active IPsec Phase-2 Tunnels."
       ::= { ceipSecGlobalStats 22 }

ceipSecGlobalOutCompressedPkts    OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The cumulative number of outbound packets across all
         IPsec flows terminating at this device which were
         successfully compressed."
       ::= { ceipSecGlobalStats 23 }

ceipSecGlobalOutCompSkippedPkts   OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets across all 
         IPsec flows terminating at this devices that were 
         to be compressed but which were skipped due to 
         the compression hysteresis."
       ::= { ceipSecGlobalStats 24 }

ceipSecGlobalOutCompFailPkts      OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets across all IPsec
         flows terminating at this device that failed compression
         because they grew in size after compression."
       ::= { ceipSecGlobalStats 25 }

ceipSecGlobalOutCompTooSmallPkts  OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets across all IPsec
         flows terminating at this device that were to be 
         compressed but were smaller than the compression 
         threshold size. This number is cumulative since the 
         last system start.
         "
       ::= { ceipSecGlobalStats 26 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecTunnelTable OBJECT-TYPE
       SYNTAX SEQUENCE OF CeipSecTunnelEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The IPsec Phase-2 Tunnel Table.
         There is one entry in this table for
         each active IPsec Phase-2 Tunnel."
       ::= { ceipSecPhaseTwo 2 }

ceipSecTunnelEntry OBJECT-TYPE
       SYNTAX CeipSecTunnelEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "Each entry contains the attributes
         associated with an active IPsec Phase-2 Tunnel."
       INDEX { ceipSecTunIndex }
       ::= { ceipSecTunnelTable 1 }

CeipSecTunnelEntry ::= SEQUENCE {
       ceipSecTunIndex                CIPsecPhase2TunnelIndex,
       ceipSecTunLocalAddressType     InetAddressType,
       ceipSecTunLocalAddress         InetAddress,
       ceipSecTunRemoteAddressType    InetAddressType,
       ceipSecTunRemoteAddress        InetAddress,
       ceipSecTunControlProtocol      CIPsecControlProtocol,
       ceipSecTunControlTunnelIndex   CIPsecPhase1TunnelIndexOrZero,
       ceipSecTunControlTunnelAlive   TruthValue,
       ceipSecTunEncapMode            CIPsecEncapMode,
       ceipSecTunNATTraversalMode     CIPsecNATTraversalMode,
       ceipSecTunLifeSize             Unsigned32,
       ceipSecTunLifeTime             Unsigned32,
       ceipSecTunActiveTime           TimeInterval,
       ceipSecTunSaLifeSizeThreshold  Unsigned32,
       ceipSecTunSaLifeTimeThreshold  Unsigned32,
       ceipSecTunTotalRefreshes       Counter32,
       ceipSecTunExpiredSaInstances   Counter32,
       ceipSecTunCurrentSaInstances   Gauge32,
       ceipSecTunInSaDHGrp            CIPsecDiffHellmanGrp,
       ceipSecTunInSaEncryptAlgo      CIPsecEncryptAlgorithm,
       ceipSecTunInSaEncryptKeySize   CIPsecEncryptionKeySize,
       ceipSecTunInSaAhAuthAlgo       CIPsecAuthAlgorithm,
       ceipSecTunInSaEspAuthAlgo      CIPsecAuthAlgorithm,
       ceipSecTunInSaDecompAlgo       CIPsecCompAlgorithm,
       ceipSecTunOutSaDHGrp           CIPsecDiffHellmanGrp,
       ceipSecTunOutSaEncryptAlgo     CIPsecEncryptAlgorithm,
       ceipSecTunOutSaEncryptKeySize  CIPsecEncryptionKeySize,
       ceipSecTunOutSaAhAuthAlgo      CIPsecAuthAlgorithm,
       ceipSecTunOutSaEspAuthAlgo     CIPsecAuthAlgorithm,
       ceipSecTunOutSaCompAlgo        CIPsecCompAlgorithm,
       ceipSecTunPmtu                 CIPsecPmtu,
       ceipSecTunInOctets             Counter64,
       ceipSecTunInDecompOctets       Counter64,
       ceipSecTunInPkts               Counter32,
       ceipSecTunInDropPkts           Counter32,
       ceipSecTunInReplayDropPkts     Counter32,
       ceipSecTunInAuths              Counter32,
       ceipSecTunInAuthFails          Counter32,
       ceipSecTunInDecrypts           Counter32,
       ceipSecTunInDecryptFails       Counter32,
       ceipSecTunOutOctets            Counter64,
       ceipSecTunOutUncompOctets      Counter64,
       ceipSecTunOutPkts              Counter32,
       ceipSecTunOutDropPkts          Counter32,
       ceipSecTunOutAuths             Counter32,
       ceipSecTunOutAuthFails         Counter32,
       ceipSecTunOutEncrypts          Counter32,
       ceipSecTunOutEncryptFails      Counter32,
       ceipSecTunOutCompressedPkts    Counter32,
       ceipSecTunOutCompSkippedPkts   Counter32,
       ceipSecTunOutCompFailPkts      Counter32,
       ceipSecTunOutCompTooSmallPkts  Counter32,
       ceipSecIfIndex                 InterfaceIndex,
       ceipSecTunStatus               CIPsecTunnelStatus
    }

ceipSecTunIndex OBJECT-TYPE
       SYNTAX CIPsecPhase2TunnelIndex
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The index of the IPsec Phase-2 Tunnel Table.
         The value of the index is a number which begins
         at 1 and is incremented with each tunnel that is
         created. The value of this object will wrap at
         2,147,483,647.
      
         Since this object must correspond to a valid
         Phase-2 IPsec tunnel, this object may not assume 
         the value of 0."
       ::= { ceipSecTunnelEntry 1 }

ceipSecTunLocalAddressType OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address of the local endpoint 
         for the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 2 }

ceipSecTunLocalAddress OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The IP address of the local endpoint 
         for the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 3 }

ceipSecTunRemoteAddressType OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address of the remote 
         endpoint for the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 4 }

ceipSecTunRemoteAddress OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The IP address of the remote endpoint for
         the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 5 }

ceipSecTunControlProtocol OBJECT-TYPE
       SYNTAX CIPsecControlProtocol
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "Identifies the protocol used to setup and 
         administer this Phase-2 IPsec tunnel. 

         In case this tunnel was spawned by an IPsec 
         signaling protocol, this MIB object contains the 
         value of the object 'cisgIpsSgProtocol' defined 
         in CISCO-IPSEC-SIGNALING-MIB in the table
         'cisgIpsSgTunnelTable' in the row corresponding
         to the control tunnel.
      
         A value of 'cpManual' is indicative of a 
         manually installed and administered Phase-2 
         tunnel."
       ::= { ceipSecTunnelEntry 6 }

ceipSecTunControlTunnelIndex OBJECT-TYPE
       SYNTAX CIPsecPhase1TunnelIndexOrZero
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The index of the associated IPsec Phase-1
         Tunnel. In case this tunnel was spawned by an
         IPsec signaling protocol, this MIB object
         contains the value of the object 'cisgIpsSgTunIndex'
         defined in CISCO-IPSEC-SIGNALING-MIB in the table
         'cisgIpsSgTunnelTable' in the row corresponding to 
         the control tunnel.

         A value of 0 identifies that this Phase-2 tunnel 
         was setup manually."
       ::= { ceipSecTunnelEntry 7 }

ceipSecTunControlTunnelAlive OBJECT-TYPE
       SYNTAX TruthValue
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "An indicator which specifies whether or not the
         IPsec Phase-1 Tunnel that spawned this Phase-2
         tunnel currently exists."
       ::= { ceipSecTunnelEntry 8 }

ceipSecTunEncapMode OBJECT-TYPE
       SYNTAX CIPsecEncapMode
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The encapsulation mode used by the
         IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 9 }

ceipSecTunNATTraversalMode OBJECT-TYPE
       SYNTAX CIPsecNATTraversalMode
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The encapsulation used by the IPsec Phase-2 
         tunnel for NAT traversal.

         The value of this object is constrained based on
         the value of the column 'ceipSecTunEncapMode'. If
         the value of 'ceipSecTunEncapMode' is 'encapTransport',
         then this object may not assume the values
         'natEncapIPsecOverUdp' or 'natEncapIPsecOverTcp'.
         "
       ::= { ceipSecTunnelEntry 10 }

ceipSecTunLifeSize OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       UNITS "KBytes"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The negotiated LifeSize of the
         IPsec Phase-2 Tunnel in kilobytes."
       ::= { ceipSecTunnelEntry 11 }

ceipSecTunLifeTime OBJECT-TYPE
       SYNTAX Unsigned32
       UNITS "Seconds"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The negotiated LifeTime of the IPsec Phase-2 
         Tunnel in seconds.

         If the tunnel was setup manually, the value of this
         MIB element should be 0."
       ::= { ceipSecTunnelEntry 12 }

ceipSecTunActiveTime OBJECT-TYPE
       SYNTAX TimeInterval
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The length of time the IPsec Phase-2
         Tunnel has been active in hundredths of seconds."
       ::= { ceipSecTunnelEntry 13 }

ceipSecTunSaLifeSizeThreshold OBJECT-TYPE
       SYNTAX Unsigned32
       UNITS "KBytes"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The security association LifeSize refresh
         threshold in kilobytes.

         If the tunnel was setup manually, the value of this
         MIB element should be 0."
       ::= { ceipSecTunnelEntry 14 }

ceipSecTunSaLifeTimeThreshold OBJECT-TYPE
       SYNTAX Unsigned32
       UNITS "Seconds"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The security association LifeTime refresh
         threshold in seconds.

         If the tunnel was setup manually, the value of this
         MIB element should be 0."
       ::= { ceipSecTunnelEntry 15 }

ceipSecTunTotalRefreshes OBJECT-TYPE
       SYNTAX Counter32
       UNITS "QM Exchanges"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of security
         association refreshes performed."
       ::= { ceipSecTunnelEntry 16 }

ceipSecTunExpiredSaInstances OBJECT-TYPE
       SYNTAX Counter32
       UNITS "SAs"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of security associations
         which have expired.

         If the tunnel was setup manually, the value of this
         MIB element should be 0."
       ::= { ceipSecTunnelEntry 17 }

ceipSecTunCurrentSaInstances OBJECT-TYPE
       SYNTAX Gauge32
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The number of security associations
         which are currently active or expiring."
       ::= { ceipSecTunnelEntry 18 }

ceipSecTunInSaDHGrp OBJECT-TYPE
      SYNTAX CIPsecDiffHellmanGrp
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The Diffie Hellman Group used
         by the inbound security association of the
         IPsec Phase-2 Tunnel.

         If the tunnel was setup manually, the value of this
         MIB element would be `none'."
       ::= { ceipSecTunnelEntry 19 }

ceipSecTunInSaEncryptAlgo OBJECT-TYPE
       SYNTAX CIPsecEncryptAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The encryption algorithm used by the inbound security
         association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 20 }

ceipSecTunInSaEncryptKeySize   OBJECT-TYPE
       SYNTAX CIPsecEncryptionKeySize
       UNITS "Bits"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The key size in bits of the negotiated key to be
         used with the algorithm denoted by 
         'ceipSecTunInSaEncryptAlgo'.

         For DES and 3DES the key size is respectively 56 and
         168. For AES, this will denote the negotiated key size. "
       ::= { ceipSecTunnelEntry 21 }

ceipSecTunInSaAhAuthAlgo OBJECT-TYPE
       SYNTAX CIPsecAuthAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The authentication algorithm used by the inbound
         authentication header (AH) security association of
         the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 22 }

ceipSecTunInSaEspAuthAlgo OBJECT-TYPE
       SYNTAX CIPsecAuthAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The authentication algorithm used by the inbound
         ecapsulation security protocol (ESP) security
         association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 23 }

ceipSecTunInSaDecompAlgo OBJECT-TYPE
       SYNTAX CIPsecCompAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The decompression algorithm used by the inbound
         security association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 24 }

ceipSecTunOutSaDHGrp OBJECT-TYPE
       SYNTAX CIPsecDiffHellmanGrp
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The Diffie Hellman Group used by the outbound security
         association of the IPsec Phase-2 Tunnel.

         If the tunnel was setup manually, the value of this
         MIB element would be 'none'."
       ::= { ceipSecTunnelEntry 25 }

ceipSecTunOutSaEncryptAlgo OBJECT-TYPE
       SYNTAX CIPsecEncryptAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The encryption algorithm used by the outbound security
         association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 26 }

ceipSecTunOutSaEncryptKeySize  OBJECT-TYPE
       SYNTAX CIPsecEncryptionKeySize
       UNITS "Bits"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The key size in bits of the negotiated key to be
         used with the algorithm denoted by 
         'ceipSecTunOutSaEncryptAlgo'.

         For DES and 3DES the key size is respectively 56 and
         168. For AES, this will denote the negotiated key size."
       ::= { ceipSecTunnelEntry 27 }

ceipSecTunOutSaAhAuthAlgo OBJECT-TYPE
       SYNTAX CIPsecAuthAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The authentication algorithm used by the outbound
         authentication header (AH) security association of
         the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 28 }

ceipSecTunOutSaEspAuthAlgo OBJECT-TYPE
       SYNTAX CIPsecAuthAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The authentication algorithm used by the inbound
         encapsulation security protocol (ESP)
         security association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 29 }

ceipSecTunOutSaCompAlgo OBJECT-TYPE
       SYNTAX CIPsecCompAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The compression algorithm used by the inbound
         security association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 30 }

ceipSecTunPmtu OBJECT-TYPE
       SYNTAX CIPsecPmtu
       UNITS "Octets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The Path MTU for this IPsec Phase-2 tunnel, which has 
         been either learnt from the network or which has been
         specified by the administrator. The lower end of the
         range is 68 which is the minimum MTU for IPv4."
       ::= { ceipSecTunnelEntry 31 }

ceipSecTunInOctets OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Octets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of octets
         received by this IPsec Phase-2 Tunnel.  This value is
         accumulated BEFORE determining whether or not the packet
         should be decompressed."
       ::= { ceipSecTunnelEntry 32 }

ceipSecTunInDecompOctets OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of decompressed
         octets received by this IPsec Phase-2 Tunnel.  This value
         is accumulated AFTER the packet is decompressed. If
         compression is not being used, this value will match the
         value of ceipSecTunInOctets."
       ::= { ceipSecTunnelEntry 33 }

ceipSecTunInPkts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets received by this IPsec
         Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 34 }

ceipSecTunInDropPkts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped
         during receive processing by this IPsec Phase-2
         Tunnel. This count does NOT include
         packets dropped due to Anti-Replay processing."
       ::= { ceipSecTunnelEntry 35 }

ceipSecTunInReplayDropPkts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped during
         receive processing due to Anti-Replay processing
         by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 36 }

ceipSecTunInAuths OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Events"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound
         authentication's performed by this
         IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 37 }

ceipSecTunInAuthFails OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound authentication's
         which ended in failure by this IPsec Phase-2 Tunnel ."
       ::= { ceipSecTunnelEntry 38 }

ceipSecTunInDecrypts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound decryption's performed
         by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 39 }

ceipSecTunInDecryptFails OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound decryption's
         which ended in failure by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 40 }

ceipSecTunOutOctets OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of octets
         sent by this IPsec Phase-2 Tunnel.  This value is
         accumulated AFTER determining whether or not the
         packet should be compressed."
       ::= { ceipSecTunnelEntry 41 }

ceipSecTunOutUncompOctets OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number
         of uncompressed octets sent by this IPsec
         Phase-2 Tunnel.  This value is accumulated BEFORE
         the packet is compressed. If compression
         is not being used, this value will match the value
         of ceipSecTunOutOctets."
       ::= { ceipSecTunnelEntry 42 }

ceipSecTunOutPkts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets sent by this
         IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 43 }

ceipSecTunOutDropPkts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped during
         send processing by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 44 }

ceipSecTunOutAuths OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Events"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound authentication's performed
         by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 45 }

ceipSecTunOutAuthFails OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound
         authentication's which ended in failure
         by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 46 }

ceipSecTunOutEncrypts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound encryption's performed
         by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 47 }

ceipSecTunOutEncryptFails OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound encryption's
         which ended in failure by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelEntry 48 }

ceipSecTunOutCompressedPkts    OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets
         which were successfully compressed."
       ::= { ceipSecTunnelEntry 49 }

ceipSecTunOutCompSkippedPkts   OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets that were to be
         compressed but which were skipped due to the compression
         hysteresis."
       ::= { ceipSecTunnelEntry 50 }

ceipSecTunOutCompFailPkts      OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets that failed
         compression because they grew in size after compression."
       ::= { ceipSecTunnelEntry 51 }

ceipSecTunOutCompTooSmallPkts  OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets that were to be
         compressed but were smaller than the compression threshold
         size."
       ::= { ceipSecTunnelEntry 52 }

ceipSecIfIndex OBJECT-TYPE
       SYNTAX InterfaceIndex
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "This object represents the ifIndex of an interface
         where this tunnel is created.
         Multiple IPsec tunnels can be created using the same
         interface."
       ::= { ceipSecTunnelEntry 53 }

ceipSecTunStatus OBJECT-TYPE
       SYNTAX CIPsecTunnelStatus
       MAX-ACCESS read-write
       STATUS current
       DESCRIPTION
         "The status of the MIB table row.

         This object can be used to bring the tunnel down
         or force a rekeying.
         When the value is set to destroy(5), the SA
         bundle is destroyed and this row is deleted
         from this table.  When the value is set to rekey(6),
         then rekeying is forced on this tunnel.

         When this MIB value is queried, the value of
         active(4) is always returned, if the instance
         exists.

         This object cannot be used to create a MIB
         table row."
       ::= { ceipSecTunnelEntry 54 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel Endpoint Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecEndPtTable OBJECT-TYPE
       SYNTAX SEQUENCE OF CeipSecEndPtEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The IPsec Phase-2 Tunnel Endpoint Table.
         This table contains an entry for each
         active endpoint associated with an IPsec
         Phase-2 Tunnel."
       ::= { ceipSecPhaseTwo 3 }

ceipSecEndPtEntry OBJECT-TYPE
       SYNTAX CeipSecEndPtEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "An IPsec Phase-2 Tunnel Endpoint entry."
       INDEX { ceipSecTunIndex,  -- from ceipSecTunnelTable
               ceipSecEndPtIndex  }
       ::= { ceipSecEndPtTable 1 }

CeipSecEndPtEntry ::= SEQUENCE {
       ceipSecEndPtIndex           Unsigned32,
       ceipSecEndPtLocalName       SnmpAdminString,
       ceipSecEndPtLocalType       CIPsecEndPtType,
       ceipSecEndPtLocalAddrType1  InetAddressType,
       ceipSecEndPtLocalAddr1      InetAddress,
       ceipSecEndPtLocalAddrType2  InetAddressType,
       ceipSecEndPtLocalAddr2      InetAddress,
       ceipSecEndPtLocalProtocol   CiscoIpProtocol,
       ceipSecEndPtLocalPort       CiscoPort,
       ceipSecEndPtRemoteName      SnmpAdminString,
       ceipSecEndPtRemoteType      CIPsecEndPtType,
       ceipSecEndPtRemoteAddrType1 InetAddressType,
       ceipSecEndPtRemoteAddr1     InetAddress,
       ceipSecEndPtRemoteAddrType2 InetAddressType,
       ceipSecEndPtRemoteAddr2     InetAddress,
       ceipSecEndPtRemoteProtocol  CiscoIpProtocol,
       ceipSecEndPtRemotePort      CiscoPort
       }

ceipSecEndPtIndex OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The number of the Endpoint associated with the
         IPsec Phase-2 Tunnel Table.  The value of this
         index is a number which begins at one and
         is incremented with each Endpoint associated
         with an IPsec Phase-2 Tunnel.
         The value of this object will wrap at 4,294,967,295."
       ::= { ceipSecEndPtEntry 1 }

ceipSecEndPtLocalName OBJECT-TYPE
       SYNTAX SnmpAdminString
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The DNS name of the local Endpoint."
       ::= { ceipSecEndPtEntry 2 }

ceipSecEndPtLocalType OBJECT-TYPE
       SYNTAX CIPsecEndPtType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of identity for the local Endpoint."
       ::= { ceipSecEndPtEntry 3 }

ceipSecEndPtLocalAddrType1 OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address for this local Endpoint's
         first IP address."
       ::= { ceipSecEndPtEntry 4 }
 
ceipSecEndPtLocalAddr1 OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The local Endpoint's first IP address specification.

         If the local Endpoint type is single IP address,
         then this is the value of the IP address.

         If the local Endpoint type is IP subnet, then this
         is the value of the subnet.

         If the local Endpoint type is IP address range,
         then this is the value of beginning IP address
         of the range.
 
         If the type is an IP address, a range or a subnet,
         the type of the address can be inferred from
         ceipSecEndPtLocalType."
       ::= { ceipSecEndPtEntry 5 }

ceipSecEndPtLocalAddrType2 OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address for this local Endpoint's
         second IP address."
       ::= { ceipSecEndPtEntry 6 }
 
ceipSecEndPtLocalAddr2 OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The local Endpoint's second IP address specification.

         If the local Endpoint type is single IP address,
         then this is the value of the IP address.

         If the local Endpoint type is IP subnet, then this
         is the value of the subnet mask.

         If the local Endpoint type is IP address range,
         then this is the value of ending IP address
         of the range.

         If the type is an IP address, a range or a subnet,
         the type of the address can be inferred from
         ceipSecEndPtLocalType."
       ::= { ceipSecEndPtEntry 7 }

ceipSecEndPtLocalProtocol OBJECT-TYPE
       SYNTAX CiscoIpProtocol
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The protocol number of the local Endpoint's traffic."
       ::= { ceipSecEndPtEntry 8 }

ceipSecEndPtLocalPort OBJECT-TYPE
       SYNTAX CiscoPort
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The port number of the local Endpoint's traffic."
       ::= { ceipSecEndPtEntry 9 }

ceipSecEndPtRemoteName OBJECT-TYPE
       SYNTAX SnmpAdminString
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The DNS name of the remote Endpoint."
       ::= { ceipSecEndPtEntry 10 }

ceipSecEndPtRemoteType OBJECT-TYPE
       SYNTAX CIPsecEndPtType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of identity for the remote Endpoint."
       ::= { ceipSecEndPtEntry 11 }

ceipSecEndPtRemoteAddrType1 OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address for this remote Endpoint's
         first IP address."
       ::= { ceipSecEndPtEntry 12 }
 
ceipSecEndPtRemoteAddr1 OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The remote Endpoint's first IP address specification.

         If the remote Endpoint type is single IP address,
         then this is the value of the IP address.

         If the remote Endpoint type is IP subnet, then this
         is the value of the subnet.

         If the remote Endpoint type is IP address range,
         then this is the value of beginning IP address
         of the range.

         If the type is an IP address, a range or a subnet,
         the type of the address can be inferred from
         ceipSecEndPtRemoteType."
       ::= { ceipSecEndPtEntry 13 }

ceipSecEndPtRemoteAddrType2 OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address for this remote Endpoint's
         second IP address."
       ::= { ceipSecEndPtEntry 14 }
 
ceipSecEndPtRemoteAddr2 OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The remote Endpoint's second IP address specification.

         If the remote Endpoint type is single IP address,
         then this is the value of the IP address.

         If the remote Endpoint type is IP subnet, then this
         is the value of the subnet mask.

         If the remote Endpoint type is IP address range,
         then this is the value of ending IP address of
         the range.

         If the type is an IP address, a range or a subnet,
         the type of the address can be inferred from
         ceipSecEndPtRemoteType."
       ::= { ceipSecEndPtEntry 15 }

ceipSecEndPtRemoteProtocol OBJECT-TYPE
       SYNTAX CiscoIpProtocol
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The protocol number of the remote Endpoint's traffic."
       ::= { ceipSecEndPtEntry 16 }

ceipSecEndPtRemotePort OBJECT-TYPE
       SYNTAX CiscoPort
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The port number of the remote Endpoint's traffic."
       ::= { ceipSecEndPtEntry 17 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Security Association Table
-- This table provides the security association (SA) 
-- decomposition of the tunnels listed in the tunnel table.
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecSaTable OBJECT-TYPE
       SYNTAX SEQUENCE OF CeipSecSaEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The IPsec Phase-2 Security Association Table.
         This table identifies the structure (in terms of
         component SAs) of each active Phase-2 IPsec tunnel.
         This table contains an entry for each active and
         expiring security association and maps each entry
         in the active Phase-2 tunnel table (ceipSecTunTable)
         into a number of entries in this table. The index 
         of this table reflects the

              <destination-address, protocol, spi>

         rule for identifying Security Associations."
       ::= { ceipSecPhaseTwo 4 }

ceipSecSaEntry OBJECT-TYPE
       SYNTAX CeipSecSaEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "Each entry contains the attributes associated with
         active and expiring IPsec Phase-2
         security associations."
       INDEX { ceipSecTunIndex,  -- from ceipSecTunnelTable
               ceipSecSaProtocol,
               ceipSecSaIndex  }
       ::= { ceipSecSaTable 1 }

CeipSecSaEntry ::= SEQUENCE {
       ceipSecSaProtocol   CIPsecProtocol,
       ceipSecSaIndex      Unsigned32,
       ceipSecSaDirection  CIPsecPhase2SaDirection,
       ceipSecSaValue      CIPsecSpi,
       ceipSecSaStatus     INTEGER
       }
      
ceipSecSaProtocol OBJECT-TYPE
       SYNTAX CIPsecProtocol
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "This column represents the security protocol (AH, 
         ESP or IPComp) for which this security association 
         was setup. "
       ::= { ceipSecSaEntry 1 }
         
ceipSecSaIndex OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The object, in the context of the IPsec tunnel 
         'ceipSecTunIndex', is an index of security 
         associations comprising the Phase-2 IPsec tunnel 
         represented by the tunnel index 'ceipSecTunIndex'.

         The value of this index is a number which begins at
         1 and is incremented with each SPI associated with
         the corresponding IPsec Phase-2 Tunnel."
       ::= { ceipSecSaEntry 2 }

ceipSecSaDirection OBJECT-TYPE
       SYNTAX CIPsecPhase2SaDirection
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "Phase-2 IPsec security associations are simplex. 
         Hence a particular security association is used either
         for securing outgoing traffic or decoding incoming 
         traffic. This column identifies the direction of the 
         security association represented by this entry. "
       ::= { ceipSecSaEntry 3 }

ceipSecSaValue OBJECT-TYPE
       SYNTAX CIPsecSpi
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "This is the value of the Security Protection Index 
         (SPI) assigned by the system to the security 
         association represented by this entry. "
       ::= { ceipSecSaEntry 4 }

ceipSecSaStatus OBJECT-TYPE
       SYNTAX INTEGER{
                 unknown(1),
                 active(2),
                 expiring(3)
       }
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         " This column represents the status of the security 
         association represented by this conceptual row. If 
         the status of the SA is 'active', the SA is ready 
         for active use. The status 'expiring' represents any 
         of the various states that the security association 
         transitions through before being purged. "
       ::= { ceipSecSaEntry 5 }


ceipSecTunnelSaTable OBJECT-TYPE
       SYNTAX SEQUENCE OF CeipSecTunnelSaEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The IPsec Phase-2 Tunnel Security Association Table.
         This table identifies the SAs that are currently
         associated with an active Phase-2 tunnel.
         This table contains an entry for each active or
         expiring security association (SA) which is
         associated with an ceipSecTunnelEntry in 'active' state
         and provides statistic information of this SA.
         There might be multiple SAs associated with one
         ceipSecTunnelEntry."
       ::= { ceipSecPhaseTwo 5 }

ceipSecTunnelSaEntry OBJECT-TYPE
       SYNTAX CeipSecTunnelSaEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "Each entry contains the attributes and statistics
         associated with an active or expiring IPsec Phase-2
         security associations."
       INDEX { ceipSecTunIndex,  -- from ceipSecTunnelTable
               ceipSecTunSaProtocol,
               ceipSecTunSaIndex,
               ceipSecTunSaDirection  }
       ::= { ceipSecTunnelSaTable 1 }

CeipSecTunnelSaEntry ::= SEQUENCE {
       ceipSecTunSaProtocol                CIPsecProtocol,
       ceipSecTunSaIndex                   Unsigned32,
       ceipSecTunSaDirection               CIPsecPhase2SaDirection,
       ceipSecTunSaValue                   CIPsecSpi,
       ceipSecTunSaIfIndex                 InterfaceIndex,
       ceipSecTunSaInOctets                Counter64,
       ceipSecTunSaInDecompOctets          Counter64,
       ceipSecTunSaInPkts                  Counter64,
       ceipSecTunSaInDropPkts              Counter64,
       ceipSecTunSaInReplayDropPkts        Counter64,
       ceipSecTunSaInAuths                 Counter64,
       ceipSecTunSaInAuthFails             Counter64,
       ceipSecTunSaInDecrypts              Counter64,
       ceipSecTunSaInDecryptFails          Counter64,
       ceipSecTunSaOutOctets               Counter64,
       ceipSecTunSaOutUncompOctets         Counter64,
       ceipSecTunSaOutPkts                 Counter64,
       ceipSecTunSaOutDropPkts             Counter64,
       ceipSecTunSaOutAuths                Counter64,
       ceipSecTunSaOutAuthFails            Counter64,
       ceipSecTunSaOutEncrypts             Counter64,
       ceipSecTunSaOutEncryptFails         Counter64,
       ceipSecTunSaOutCompressedPkts       Counter64,
       ceipSecTunSaOutCompSkippedPkts      Counter64,
       ceipSecTunSaOutCompFailPkts         Counter64,
       ceipSecTunSaOutCompTooSmallPkts     Counter64,
       ceipSecTunSaStatus                  INTEGER
       }
      
ceipSecTunSaProtocol OBJECT-TYPE
       SYNTAX CIPsecProtocol
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "This column represents the security protocol (AH, 
         ESP or IPComp) for which this security association 
         was setup. "
       ::= { ceipSecTunnelSaEntry 1 }
         
ceipSecTunSaIndex OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The object, in the context of the IPsec tunnel 
         'ceipSecTunIndex', is an index of security 
         associations comprising the Phase-2 IPsec tunnel 
         represented by the tunnel index 'ceipSecTunIndex'.

         The value of this index is a number which begins at
         1 and is incremented with each SPI associated with
         the corresponding IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelSaEntry 2 }

ceipSecTunSaDirection OBJECT-TYPE
       SYNTAX CIPsecPhase2SaDirection
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "Phase-2 IPsec security associations are simplex. 
         Hence a particular security association is used either
         for securing outgoing traffic or decoding incoming 
         traffic. This column identifies the direction of the 
         security association represented by this entry. "
       ::= { ceipSecTunnelSaEntry 3 }

ceipSecTunSaValue OBJECT-TYPE
       SYNTAX CIPsecSpi
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "This is the value of the Security Protection Index 
         (SPI) assigned by the system to the security 
         association represented by this entry. "
       ::= { ceipSecTunnelSaEntry 4 }

ceipSecTunSaIfIndex OBJECT-TYPE
       SYNTAX InterfaceIndex
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "This object represents the ifIndex of an interface
         where a tunnel with ceipSecTunIndex is created.
         Multiple IPsec tunnels can be created using the same
         interface."
       ::= { ceipSecTunnelSaEntry 5 }

ceipSecTunSaInOctets OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of octets
         received by using this SA. This value is
         accumulated BEFORE determining whether or not the packet
         should be decompressed."
       ::= { ceipSecTunnelSaEntry 6 }

ceipSecTunSaInDecompOctets OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of decompressed
         octets received by using this SA.  This value
         is accumulated AFTER the packet is decompressed. If
         compression is not being used, this value will match the
         value of ceipSecTunSaTunInOctets."
       ::= { ceipSecTunnelSaEntry 7 }

ceipSecTunSaInPkts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets received by using this SA."
       ::= { ceipSecTunnelSaEntry 8 }

ceipSecTunSaInDropPkts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped
         during receive process by using this SA.
         This count does NOT include packets dropped due
         to Anti-Replay processing." 
       ::= { ceipSecTunnelSaEntry 9 }

ceipSecTunSaInReplayDropPkts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped during
         receive processing due to Anti-Replay processing
         by using this SA."
       ::= { ceipSecTunnelSaEntry 10 }

ceipSecTunSaInAuths OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound authentication's
         performed by using this SA."
       ::= { ceipSecTunnelSaEntry 11 }

ceipSecTunSaInAuthFails OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound authentication's
         which ended in failure by using this SA."
       ::= { ceipSecTunnelSaEntry 12 }

ceipSecTunSaInDecrypts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound decryption's performed
         by this SA."
       ::= { ceipSecTunnelSaEntry 13 }

ceipSecTunSaInDecryptFails OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound decryption's
         which ended in failure by using this SA."
       ::= { ceipSecTunnelSaEntry 14 }

ceipSecTunSaOutOctets OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of octets
         sent by using this SA. This value is
         accumulated AFTER determining whether or not the packet
         should be compressed."
       ::= { ceipSecTunnelSaEntry 15 }

ceipSecTunSaOutUncompOctets OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number
         of uncompressed octets sent by using this SA.
         This value is accumulated BEFORE
         the packet is compressed. If compression
         is not being used, this value will match the value
         of ceipSecTunSaTunOutOctets."
       ::= { ceipSecTunnelSaEntry 16 }

ceipSecTunSaOutPkts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets sent by using this SA."
       ::= { ceipSecTunnelSaEntry 17 }

ceipSecTunSaOutDropPkts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped during
         send processing by using this SA."
       ::= { ceipSecTunnelSaEntry 18 }

ceipSecTunSaOutAuths OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound authentication's performed
         by using this SA."
       ::= { ceipSecTunnelSaEntry 19 }

ceipSecTunSaOutAuthFails OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound
         authentication's which ended in failure
         by using this SA."
       ::= { ceipSecTunnelSaEntry 20 }

ceipSecTunSaOutEncrypts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound encryption's performed
         by using this SA."
       ::= { ceipSecTunnelSaEntry 21 }

ceipSecTunSaOutEncryptFails OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound encryption's
         which ended in failure by using this SA."
       ::= { ceipSecTunnelSaEntry 22 }

ceipSecTunSaOutCompressedPkts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets
         which were successfully compressed by using this
         SA."
       ::= { ceipSecTunnelSaEntry 23 }

ceipSecTunSaOutCompSkippedPkts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets that were to be
         compressed but which were skipped due to the compression
         hysteresis when using this SA."
       ::= { ceipSecTunnelSaEntry 24 }

ceipSecTunSaOutCompFailPkts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets that failed
         compression because they grew in size after compression
         when using this SA."
       ::= { ceipSecTunnelSaEntry 25 }

ceipSecTunSaOutCompTooSmallPkts OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets that were to be
         compressed but were smaller than the compression threshold
         size when using this SA."
       ::= { ceipSecTunnelSaEntry 26 }

ceipSecTunSaStatus OBJECT-TYPE
       SYNTAX INTEGER{
                 unknown(1),
                 active(2),
                 expiring(3)
       }
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         " This column represents the status of the security
         association represented by this conceptual row. If
         the status of the SA is 'active', the SA is ready
         for active use. The status 'expiring' represents any
         of the various states that the security association
         transitions through before being purged. "
       ::= { ceipSecTunnelSaEntry 27 }

ceipSecIfTunnelTable OBJECT-TYPE
       SYNTAX SEQUENCE OF CeipSecIfTunnelEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The IPsec Phase-2 Tunnels to Interface association
         table.  This table contains an entry for each
         active IPsec Phase-2 Tunnel created under an interface.
         Multiple IPsec Phase-2 Tunnels can be created using the
         same interface." 
       ::= { ceipSecPhaseTwo 6 }

ceipSecIfTunnelEntry OBJECT-TYPE
       SYNTAX CeipSecIfTunnelEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "Each entry contains the IPsec Phase-2 Tunnel
         associated with an interface."
       INDEX { ifIndex,
               ceipSecTunIndex  }
       ::= { ceipSecIfTunnelTable 1 }

CeipSecIfTunnelEntry ::= SEQUENCE {
       ceipSecIfTunnelStatus CIPsecTunnelStatus
       }

ceipSecIfTunnelStatus OBJECT-TYPE
       SYNTAX CIPsecTunnelStatus
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "This object corresponds to the status of
         a IPsec Phase-2 Tunnel in ceipSecTunnelTable
         indexed by ceipSecTunIndex. The valid status 
         this object can have are 'active' and
         'awaitCommit'."
       ::= { ceipSecIfTunnelEntry 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec History Group
--
-- This group consists of:
-- 1) IPsec History Global Objects
-- 2) IPsec Phase-2 History Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecHistGlobal           OBJECT IDENTIFIER
                       ::= { ceipSecHistory 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec History Global Control Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecHistGlobalCntl OBJECT IDENTIFIER
                       ::= { ceipSecHistGlobal 1 }

ceipSecHistTableSize  OBJECT-TYPE
       SYNTAX Unsigned32
       MAX-ACCESS read-write
       STATUS current
       DESCRIPTION
         "The window size of the IPsec Phase-2 History Tables.

         The IPsec Phase-2 History Tables are implemented as 
         a sliding window in which only the last 'N' entries 
         are maintained.  This object is used specify the number 
         of entries which will be maintained in the IPsec 
         Phase-2 History Tables.

         An implementation may choose suitable minimum and
         maximum values for this element based on the local
         policy and available resources. If an SNMP SET request
         specifies a value outside this window for this element,
         in appropriate SNMP error code should be returned.

         Setting this value to zero is equivalent to deleting
         all conceptual rows in the archiving tables 
         ('ceipSecHistTable' and 'ceipSecEndPtHistTable') and 
         disabling the archiving of entries in the tables. "
       ::= { ceipSecHistGlobalCntl 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel History Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecTunnelHistTable OBJECT-TYPE
       SYNTAX SEQUENCE OF CeipSecTunnelHistEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The IPsec Phase-2 Tunnel History Table.
         This table is conceptually a sliding window in 
         which only the last 'N' entries are maintained,
         where 'N' is the value of the object 
         'ceipSecHistTableSize'.

         If the value of 'ceipSecHistTableSize' is 0,
         archiving of entries in this table is disabled. "
       ::= { ceipSecHistory 2 }

ceipSecTunnelHistEntry OBJECT-TYPE
       SYNTAX CeipSecTunnelHistEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "Each entry contains the attributes associated 
         with a previously active IPsec Phase-2 Tunnel."
       INDEX { ceipSecTunHistIndex }
       ::= { ceipSecTunnelHistTable 1 }

CeipSecTunnelHistEntry ::= SEQUENCE {
       ceipSecTunHistIndex              Unsigned32,
       ceipSecTunHistTermReason         INTEGER,
       ceipSecTunHistActiveIndex        CIPsecPhase2TunnelIndex,
       ceipSecTunHistLocalAddressType   InetAddressType,
       ceipSecTunHistLocalAddress       InetAddress,
       ceipSecTunHistRemoteAddressType  InetAddressType,
       ceipSecTunHistRemoteAddress      InetAddress,
       ceipSecTunHistControlProtocol    CIPsecControlProtocol,
       ceipSecTunHistControlTunnelIndex CIPsecPhase1TunnelIndexOrZero,
       ceipSecTunHistEncapMode          CIPsecEncapMode,
       ceipSecTunHistNATTraversalMode   CIPsecNATTraversalMode,
       ceipSecTunHistLifeSize           Unsigned32,
       ceipSecTunHistLifeTime           Unsigned32,
       ceipSecTunHistStartTime          TimeStamp,
       ceipSecTunHistActiveTime         TimeInterval,
       ceipSecTunHistTotalRefreshes     Counter32,
       ceipSecTunHistTotalSas           Counter32,
       ceipSecTunHistInSaDHGrp          CIPsecDiffHellmanGrp,
       ceipSecTunHistInSaEncryptAlgo    CIPsecEncryptAlgorithm,
       ceipSecTunHistInSaEncryptKeySize CIPsecEncryptionKeySize,
       ceipSecTunHistInSaAhAuthAlgo     CIPsecAuthAlgorithm,
       ceipSecTunHistInSaEspAuthAlgo    CIPsecAuthAlgorithm,
       ceipSecTunHistInSaDecompAlgo     CIPsecCompAlgorithm,
       ceipSecTunHistOutSaDHGrp         CIPsecDiffHellmanGrp,
       ceipSecTunHistOutSaEncryptAlgo   CIPsecEncryptAlgorithm,
       ceipSecTunHistOutSaEncryptKeySz  CIPsecEncryptionKeySize,
       ceipSecTunHistOutSaAhAuthAlgo    CIPsecAuthAlgorithm,
       ceipSecTunHistOutSaEspAuthAlgo   CIPsecAuthAlgorithm,
       ceipSecTunHistOutSaCompAlgo      CIPsecCompAlgorithm,
       ceipSecTunHistPmtu               CIPsecPmtu,
       ceipSecTunHistInOctets           Counter64,
       ceipSecTunHistInDecompOctets     Counter64,
       ceipSecTunHistInPkts             Counter32,
       ceipSecTunHistInDropPkts         Counter32,
       ceipSecTunHistInReplayDropPkts   Counter32,
       ceipSecTunHistInAuths            Counter32,
       ceipSecTunHistInAuthFails        Counter32,
       ceipSecTunHistInDecrypts         Counter32,
       ceipSecTunHistInDecryptFails     Counter32,
       ceipSecTunHistOutOctets          Counter64,
       ceipSecTunHistOutUncompOctets    Counter64,
       ceipSecTunHistOutPkts            Counter32,
       ceipSecTunHistOutDropPkts        Counter32,
       ceipSecTunHistOutAuths           Counter32,
       ceipSecTunHistOutAuthFails       Counter32,
       ceipSecTunHistOutEncrypts        Counter32,
       ceipSecTunHistOutEncryptFails    Counter32,
       ceipSecTunHistOutCompressedPkts  Counter32,
       ceipSecTunHistOutCompSkippedPkts Counter32,
       ceipSecTunHistOutCompFailPkts    Counter32,
       ceipSecTunHistOutCompSmallPkts   Counter32
       }

ceipSecTunHistIndex OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The index of the IPsec Phase-2 Tunnel History Table.
         The value of the index is a number which
         begins at one and is incremented with each tunnel
         that ends. The value
         of this object will wrap at 4,294,967,295."
       ::= { ceipSecTunnelHistEntry 1 }

ceipSecTunHistTermReason  OBJECT-TYPE
       SYNTAX INTEGER {
                   other(1),
                   normal(2),
                   operRequest(3),
                   peerDelRequest(4),
                   peerLost(5),
                   applicationInitiated(6),
                   xauthFailure(7),
                   seqNumRollOver(8),
                   checkPointReq(9)
                }
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The reason the IPsec Phase-2 Tunnel was terminated.
         Possible reasons include:
         1 = other
         2 = normal termination
         3 = operator request
         4 = peer delete request was received
         5 = contact with peer was lost
         6 = applicationInitiated (eg: L2TP requesting the 
         termination)
         7 = failure of extended authentication
         8 = local failure occurred
         9 = operator initiated check point request"
       ::= { ceipSecTunnelHistEntry 2 }

ceipSecTunHistActiveIndex OBJECT-TYPE
       SYNTAX CIPsecPhase2TunnelIndex
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The index of the previously active IPsec Phase-2 
         Tunnel.

         This object must correspond to an expired IPsec 
         tunnel; hence this object may not assume the value 
         of 0. "
       ::= { ceipSecTunnelHistEntry 3 }

ceipSecTunHistLocalAddressType OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address of the local endpoint for 
         the IPsec Phase-2 Tunnel. "
       ::= { ceipSecTunnelHistEntry 4 }

ceipSecTunHistLocalAddress OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The IP address of the local endpoint for 
         the IPsec Phase-2 Tunnel. "
       ::= { ceipSecTunnelHistEntry 5 }

ceipSecTunHistRemoteAddressType OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address of the remote endpoint 
         for the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 6 }

ceipSecTunHistRemoteAddress OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The IP address of the remote endpoint for 
         the IPsec Phase-2 Tunnel. "
       ::= { ceipSecTunnelHistEntry 7 }

ceipSecTunHistControlProtocol OBJECT-TYPE
       SYNTAX CIPsecControlProtocol
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "Identifies the protocol that was used to setup 
         and administer Phase-2 IPsec tunnel. "
       ::= { ceipSecTunnelHistEntry 8 }

ceipSecTunHistControlTunnelIndex OBJECT-TYPE
       SYNTAX CIPsecPhase1TunnelIndexOrZero
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The index of the IPsec Phase-1 Tunnel that spawned 
         this Phase-2 tunnel (in case of IKE, this value 
         would refer to 'csikeTunIndex' in the 'csikeTunnelTable').
    
         If the IPsec tunnel corresponding to this entry 
         was setup manually, the value of this object should 
         be zero. "
       ::= { ceipSecTunnelHistEntry 9 }

ceipSecTunHistEncapMode OBJECT-TYPE
       SYNTAX CIPsecEncapMode
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The encapsulation mode used by the
         IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 10 }

ceipSecTunHistNATTraversalMode OBJECT-TYPE
       SYNTAX CIPsecNATTraversalMode
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The encapsulation used by the IPsec Phase-2 
         tunnel corresponding to this conceptual row 
         for NAT traversal."
       ::= { ceipSecTunnelHistEntry 11 }

ceipSecTunHistLifeSize OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       UNITS "KBytes"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The negotiated LifeSize of the IPsec Phase-2 Tunnel in
         kilobytes."
       ::= { ceipSecTunnelHistEntry 12 }

ceipSecTunHistLifeTime OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       UNITS "Seconds"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The negotiated LifeTime of the IPsec Phase-2 Tunnel in
         seconds."
       ::= { ceipSecTunnelHistEntry 13 }

ceipSecTunHistStartTime OBJECT-TYPE
       SYNTAX TimeStamp
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The value of sysUpTime in hundredths of seconds
         when the IPsec Phase-2 Tunnel was started."
       ::= { ceipSecTunnelHistEntry 14 }

ceipSecTunHistActiveTime OBJECT-TYPE
       SYNTAX TimeInterval
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The length of time the IPsec Phase-2 Tunnel has been
         active in hundredths of seconds."
       ::= { ceipSecTunnelHistEntry 15 }

ceipSecTunHistTotalRefreshes OBJECT-TYPE
       SYNTAX Counter32
       UNITS "QM Exchanges"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of security association refreshes
         performed."
       ::= { ceipSecTunnelHistEntry 16 }

ceipSecTunHistTotalSas OBJECT-TYPE
       SYNTAX Counter32
       UNITS "SAs"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of security associations used
         during the life of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 17 }

ceipSecTunHistInSaDHGrp OBJECT-TYPE
       SYNTAX CIPsecDiffHellmanGrp
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The Diffie Hellman Group used by the inbound security
         association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 18 }

ceipSecTunHistInSaEncryptAlgo OBJECT-TYPE
       SYNTAX CIPsecEncryptAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The encryption algorithm used by the inbound security
         association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 19 }

ceipSecTunHistInSaEncryptKeySize   OBJECT-TYPE
       SYNTAX CIPsecEncryptionKeySize
       UNITS "Bits"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The size in bits of the key which was negotiated to 
         be used with the encryption transform used with this 
         tunnel denoted by ceipSecTunHistInSaEncryptAlgo.

         For DES and 3DES the key size is respectively 56 and
         168. For AES, this will denote the negotiated key size."
       ::= { ceipSecTunnelHistEntry 20 }

ceipSecTunHistInSaAhAuthAlgo OBJECT-TYPE
       SYNTAX CIPsecAuthAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The authentication algorithm used by the inbound
         authentication header (AH) security association of
         the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 21 }

ceipSecTunHistInSaEspAuthAlgo OBJECT-TYPE
       SYNTAX CIPsecAuthAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The authentication algorithm used by the inbound
         encapsulation security protocol (ESP)
         security association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 22 }

ceipSecTunHistInSaDecompAlgo OBJECT-TYPE
       SYNTAX CIPsecCompAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The decompression algorithm used by the inbound
         security association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 23 }

ceipSecTunHistOutSaDHGrp OBJECT-TYPE
       SYNTAX CIPsecDiffHellmanGrp
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The Diffie Hellman Group used by the outbound security
         association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 24 }

ceipSecTunHistOutSaEncryptAlgo OBJECT-TYPE
       SYNTAX CIPsecEncryptAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The encryption algorithm used by the outbound security
         association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 25 }

ceipSecTunHistOutSaEncryptKeySz  OBJECT-TYPE
       SYNTAX CIPsecEncryptionKeySize
       UNITS "Bits"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The size in bits of the key which was negotiated to 
         be used with the encryption transform used with this 
         tunnel denoted by ceipSecTunHistOutSaEncryptAlgo.

         For DES and 3DES the key size is respectively 56 and
         168. For AES, this will denote the negotiated key 
         size."
       ::= { ceipSecTunnelHistEntry 26 }

ceipSecTunHistOutSaAhAuthAlgo OBJECT-TYPE
       SYNTAX CIPsecAuthAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The authentication algorithm used by the outbound
         authentication header (AH) security association of
         the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 27 }

ceipSecTunHistOutSaEspAuthAlgo OBJECT-TYPE
       SYNTAX CIPsecAuthAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The authentication algorithm used by the inbound
         ecapsulation security protocol (ESP)
         security association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 28 }

ceipSecTunHistOutSaCompAlgo OBJECT-TYPE
       SYNTAX CIPsecCompAlgorithm
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The compression algorithm used by the inbound
         security association of the IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 29 }

ceipSecTunHistPmtu OBJECT-TYPE
       SYNTAX CIPsecPmtu
       UNITS "Octets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The Path MTU that was determined for this IPsec
         Phase-2 tunnel."
       ::= { ceipSecTunnelHistEntry 30 }

ceipSecTunHistInOctets OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of octets
         received by this IPsec Phase-2 Tunnel. This value
         is accumulated BEFORE determining whether or not
         the packet should be decompressed."
       ::= { ceipSecTunnelHistEntry 31 }

ceipSecTunHistInDecompOctets OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of 
         decompressed octets received by this IPsec Phase-2 Tunnel.  
         This value is accumulated AFTER the packet is 
         decompressed. 
         If compression is not being used, this value will match 
         the value of ceipSecTunInOctets. "
       ::= { ceipSecTunnelHistEntry 32 }

ceipSecTunHistInPkts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets received by this
         IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 33 }

ceipSecTunHistInDropPkts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped during
         receive processing by this IPsec Phase-2 Tunnel.
         This count does NOT include packets
         dropped due to Anti-Replay processing."
       ::= { ceipSecTunnelHistEntry 34 }

ceipSecTunHistInReplayDropPkts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped during
         receive processing due to Anti-Replay processing
         by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 35 }

ceipSecTunHistInAuths OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Events"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound authentication's
         performed by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 36 }

ceipSecTunHistInAuthFails OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound authentication's
         which ended in failure by this IPsec Phase-2 Tunnel ."
       ::= { ceipSecTunnelHistEntry 37 }

ceipSecTunHistInDecrypts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of inbound decryption's performed
         by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 38 }

ceipSecTunHistInDecryptFails OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
          "The total number of inbound decryption's
          which ended in failure by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 39 }

ceipSecTunHistOutOctets OBJECT-TYPE
       SYNTAX Counter64
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total number of octets
         sent by this IPsec Phase-2 Tunnel.  This value
         is accumulated AFTER determining whether or not
         the packet should be compressed."
       ::= { ceipSecTunnelHistEntry 40 }

ceipSecTunHistOutUncompOctets OBJECT-TYPE
       SYNTAX Counter64
       UNITS "Octets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "A high capacity count of the total
         number of uncompressed octets sent by this
         IPsec Phase-2 Tunnel.  This value is accumulated
         BEFORE the packet is compressed. If compression
         is not being used, this value will match the value 
         of 'ceipSecTunOutOctets'."
       ::= { ceipSecTunnelHistEntry 41 }

ceipSecTunHistOutPkts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets sent by this
         IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 42 }

ceipSecTunHistOutDropPkts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of packets dropped during 
         send processing by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 43 }

ceipSecTunHistOutAuths OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Events"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound authentication's 
         performed by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 44 }

ceipSecTunHistOutAuthFails OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound authentication's
         which ended in failure by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 45 }

ceipSecTunHistOutEncrypts OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound encryption's performed
         by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 46 }

ceipSecTunHistOutEncryptFails OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Failures"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound encryption's
          which ended in failure by this IPsec Phase-2 Tunnel."
       ::= { ceipSecTunnelHistEntry 47 }

ceipSecTunHistOutCompressedPkts    OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets
         which were successfully compressed."
       ::= { ceipSecTunnelHistEntry 48 }

ceipSecTunHistOutCompSkippedPkts   OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets that were to be
         compressed but which were skipped due to the 
         compression hysteresis."
       ::= { ceipSecTunnelHistEntry 49 }

ceipSecTunHistOutCompFailPkts      OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets that failed
         compression because they grew in size after compression."
       ::= { ceipSecTunnelHistEntry 50 }

ceipSecTunHistOutCompSmallPkts  OBJECT-TYPE
       SYNTAX Counter32
       UNITS "Packets"
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The total number of outbound packets that were 
         to be compressed but were smaller than the 
         compression threshold size."
       ::= { ceipSecTunnelHistEntry 51 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Tunnel Endpoint History Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecEndPtHistTable OBJECT-TYPE
       SYNTAX SEQUENCE OF CeipSecEndPtHistEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The IPsec Phase-2 Tunnel Endpoint History Table.
         This table is conceptually a sliding window in 
         which only the last 'N' entries are maintained,
         where 'N' is the value of the object 
         'ceipSecHistTableSize'.

         If the value of 'ceipSecHistTableSize' is 0,
         archiving of entries in this table is disabled."
       ::= { ceipSecHistory 3 }

ceipSecEndPtHistEntry OBJECT-TYPE
       SYNTAX CeipSecEndPtHistEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "Each entry contains the attributes associated with
         a previously active IPsec Phase-2 Tunnel Endpoint."
       INDEX { ceipSecEndPtHistIndex }
       ::= { ceipSecEndPtHistTable 1 }

CeipSecEndPtHistEntry ::= SEQUENCE {
       ceipSecEndPtHistIndex                Unsigned32,
       ceipSecEndPtHistTunIndex             Unsigned32,
       ceipSecEndPtHistActiveIndex          Unsigned32,
       ceipSecEndPtHistLocalName            SnmpAdminString,
       ceipSecEndPtHistLocalType            CIPsecEndPtType,
       ceipSecEndPtHistLocalAddrType1       InetAddressType,
       ceipSecEndPtHistLocalAddr1           InetAddress,
       ceipSecEndPtHistLocalAddrType2       InetAddressType,
       ceipSecEndPtHistLocalAddr2           InetAddress,
       ceipSecEndPtHistLocalProtocol        CiscoIpProtocol,
       ceipSecEndPtHistLocalPort            CiscoPort,
       ceipSecEndPtHistRemoteName           SnmpAdminString,
       ceipSecEndPtHistRemoteType           CIPsecEndPtType,
       ceipSecEndPtHistRemoteAddrType1      InetAddressType,
       ceipSecEndPtHistRemoteAddr1          InetAddress,
       ceipSecEndPtHistRemoteAddrType2      InetAddressType,
       ceipSecEndPtHistRemoteAddr2          InetAddress,
       ceipSecEndPtHistRemoteProtocol       CiscoIpProtocol,
       ceipSecEndPtHistRemotePort           CiscoPort
       }

ceipSecEndPtHistIndex OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The number of the previously active Endpoint 
         associated with a IPsec Phase-2 Tunnel Table.  
         The value of this index is a number which begins 
         at one and is incremented with each Endpoint
         associated with an IPsec Phase-2 Tunnel.
         The value of this object will wrap at 4,294,967,295."
       ::= { ceipSecEndPtHistEntry 1 }

ceipSecEndPtHistTunIndex OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The index  of the previously active IPsec
         Phase-2 Tunnel Table."
       ::= { ceipSecEndPtHistEntry 2 }

ceipSecEndPtHistActiveIndex OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The index  of the previously active Endpoint."
       ::= { ceipSecEndPtHistEntry 3 }

ceipSecEndPtHistLocalName OBJECT-TYPE
       SYNTAX SnmpAdminString
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The DNS name of the local Endpoint."
       ::= { ceipSecEndPtHistEntry 4 }

ceipSecEndPtHistLocalType OBJECT-TYPE
       SYNTAX CIPsecEndPtType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of identity for the local Endpoint."
       ::= { ceipSecEndPtHistEntry 5 }

ceipSecEndPtHistLocalAddrType1 OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address for this local Endpoint's
         first IP address."
       ::= { ceipSecEndPtHistEntry 6 }

ceipSecEndPtHistLocalAddr1 OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The local Endpoint's first IP address specification.

         If the local Endpoint type is single IP address,
         then this is the value of the IP address.

         If the local Endpoint type is IP subnet, then this
         is the value of the subnet.

         If the local Endpoint type is IP address range,
         then this is the value of beginning IP address of
         the range.

         If the type is an IP address, a range or a subnet,
         the type of the address can be inferred from
         cceipSecEndPtLocalType.
         "
       ::= { ceipSecEndPtHistEntry 7 }

ceipSecEndPtHistLocalAddrType2 OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address for this local Endpoint's
         second IP address."
       ::= { ceipSecEndPtHistEntry 8 }

ceipSecEndPtHistLocalAddr2 OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The local Endpoint's second IP address 
         specification.

         If the local Endpoint type is single IP address,
         then this is the value of the IP address.

         If the local Endpoint type is IP subnet, then this
         is the value of the subnet mask.
           
         If the local Endpoint type is IP address range,
         then this is the value of ending IP address of
         the range.

         If the type is an IP address, a range or a subnet,
         the type of the address can be inferred from
         cceipSecEndPtLocalType.
         "
       ::= { ceipSecEndPtHistEntry 9 }

ceipSecEndPtHistLocalProtocol OBJECT-TYPE
       SYNTAX CiscoIpProtocol
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The protocol number of the local Endpoint's 
         traffic."
       ::= { ceipSecEndPtHistEntry 10 }

ceipSecEndPtHistLocalPort OBJECT-TYPE
       SYNTAX CiscoPort
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The port number of the local Endpoint's traffic."
       ::= { ceipSecEndPtHistEntry 11 }

ceipSecEndPtHistRemoteName OBJECT-TYPE
       SYNTAX SnmpAdminString
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The DNS name of the remote Endpoint."
       ::= { ceipSecEndPtHistEntry 12 }

ceipSecEndPtHistRemoteType OBJECT-TYPE
       SYNTAX CIPsecEndPtType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of identity for the remote Endpoint."
       ::= { ceipSecEndPtHistEntry 13 }

ceipSecEndPtHistRemoteAddrType1 OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address for this remote Endpoint's
         first IP address."
       ::= { ceipSecEndPtHistEntry 14 }

ceipSecEndPtHistRemoteAddr1 OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The remote Endpoint's first IP address 
         specification.

         If the remote Endpoint type is single IP address,
         then this is the value of the IP address.

         If the remote Endpoint type is IP subnet, then this
         is the value of the subnet.

         If the remote Endpoint type is IP address range,
         then this is the value of beginning IP address of
         the range.

         If the type is an IP address, a range or a subnet,
         the type of the address can be inferred from
         cceipSecEndPtRemoteType.
         "
       ::= { ceipSecEndPtHistEntry 15 }

ceipSecEndPtHistRemoteAddrType2 OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the IP address for this remote Endpoint's
         second IP address."
       ::= { ceipSecEndPtHistEntry 16 }

ceipSecEndPtHistRemoteAddr2 OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The remote Endpoint's second IP address 
         specification.

         If the remote Endpoint type is single IP address,
         then this is the value of the IP address.

         If the remote Endpoint type is IP subnet, then this
         is the value of the subnet mask.

         If the remote Endpoint type is IP address range,
         then this is the value of ending IP address of the 
         range.

         If the type is an IP address, a range or a subnet,
         the type of the address can be inferred from
         cceipSecEndPtRemoteType."
       ::= { ceipSecEndPtHistEntry 17 }

ceipSecEndPtHistRemoteProtocol OBJECT-TYPE
       SYNTAX CiscoIpProtocol
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The protocol number of the remote Endpoint's traffic."
       ::= { ceipSecEndPtHistEntry 18 }

ceipSecEndPtHistRemotePort OBJECT-TYPE
       SYNTAX CiscoPort
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The port number of the remote Endpoint's traffic."
       ::= { ceipSecEndPtHistEntry 19 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Failure Group
--
-- This group consists of:
-- 1) IPsec Failure Global Objects
-- 2) IPsec Phase-2 Tunnel Failure Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecFailGlobal         OBJECT IDENTIFIER
                      ::= { ceipSecFailures 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Failure Global Control Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecFailGlobalCntl  OBJECT IDENTIFIER
                      ::= { ceipSecFailGlobal 1 }

ceipSecFailTableSize  OBJECT-TYPE
       SYNTAX Unsigned32
       MAX-ACCESS read-write
       STATUS current
       DESCRIPTION
         "The window size of the IPsec Phase-2 Failure Table.

         The IPsec Phase-2 Failure Tables are implemented as 
         a sliding window in which only the last N entries are 
         maintained. This object is used specify the number of 
         entries which will be maintained in the IPsec Phase-2 
         Failure Tables.

         An implementation may choose suitable minimum and
         maximum values for this element based on the local
         policy and available resources. If an SNMP SET 
         request specifies a value outside this window for 
         this element, an appropriate SNMP error vode must 
         be returned.

         Setting this value to zero is equivalent to deleting
         all conceptual rows in the archiving table 
         'ceipSecFailTable' and disabling the archiving of 
         entries in these tables."
       ::= { ceipSecFailGlobalCntl 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-2 Failure Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecFailTable OBJECT-TYPE
       SYNTAX SEQUENCE OF CeipSecFailEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The IPsec Phase-2 Failure Table.
         This table is implemented as a sliding window
         in which only the last n entries are maintained.
         The maximum number of entries
         is specified by the ceipSecFailTableSize object."
       ::= { ceipSecFailures 2 }

ceipSecFailEntry OBJECT-TYPE
       SYNTAX CeipSecFailEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "Each entry contains the attributes associated with
         an IPsec Phase-1 failure."
       INDEX { ceipSecFailIndex }
       ::= { ceipSecFailTable 1 }

CeipSecFailEntry ::= SEQUENCE {
       ceipSecFailIndex             Unsigned32,
       ceipSecFailReason            INTEGER,
       ceipSecFailTime              TimeStamp,
       ceipSecFailTunnelIndex       CIPsecPhase2TunnelIndex,
       ceipSecFailSaSpi             CIPsecSpi,
       ceipSecFailPktSrcAddressType InetAddressType,
       ceipSecFailPktSrcAddress     InetAddress,
       ceipSecFailPktDstAddressType InetAddressType,
       ceipSecFailPktDstAddress     InetAddress
       }

ceipSecFailIndex OBJECT-TYPE
       SYNTAX Unsigned32 (1..4294967295)
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
         "The IPsec Phase-2 Failure Table index.
         The value of the index is a number which
         begins at one and is incremented with each
         IPsec Phase-1 failure. The value of this
         object will wrap at 4,294,967,295."
       ::= { ceipSecFailEntry 1 }

ceipSecFailReason OBJECT-TYPE
       SYNTAX INTEGER{
                  other(1),
                  internalError(2),
                  peerEncodingError(3),
                  proposalFailure(4),
                  protocolUseFail(5),
                  nonExistentSa(6),
                  decryptFailure(7),
                  encryptFailure(8),
                  inAuthFailure(9),
                  outAuthFailure(10),
                  compression(11),
                  sysCapExceeded(12),
                  peerDelRequest(13),
                  peerLost(14),
                  seqNumRollOver(15),
                  operRequest(16)
                }
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The reason for the failure.  Possible reasons
         include:
              1 = other
              2 = internal error occurred
              3 = peer encoding error
              4 = proposal failure
              5 = protocol use failure
              6 = non-existent security association
              7 = decryption failure
              8 = encryption failure
              9 = inbound authentication failure
             10 = outbound authentication failure
             11 = compression failure
             12 = system capacity failure
             13 = peer delete request was received
             14 = contact with peer was lost
             15 = sequence number rolled over
             16 = operator requested termination."
       ::= { ceipSecFailEntry 2 }

ceipSecFailTime OBJECT-TYPE
       SYNTAX TimeStamp
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The value of sysUpTime in hundredths of seconds
         at the time of the failure."
       ::= { ceipSecFailEntry 3 }

ceipSecFailTunnelIndex OBJECT-TYPE
       SYNTAX CIPsecPhase2TunnelIndex
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The Phase-2 Tunnel index (ceipSecTunIndex).

         If this conceptual row corresponds to an operation
         failure (that is, the failure of an established
         Phase-2 IPsec tunnel), then the value of this object
         may not be zero."
       ::= { ceipSecFailEntry 4 }

ceipSecFailSaSpi  OBJECT-TYPE
       SYNTAX CIPsecSpi
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The security association SPI value.

         If this conceptual row corresponds to a setup
         failure (failure to establish the tunnel), the
         value of this MIB object is undefined."
       ::= { ceipSecFailEntry 5 }

ceipSecFailPktSrcAddressType  OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the packet's source IP address."
       ::= { ceipSecFailEntry 6 }

ceipSecFailPktSrcAddress  OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The packet's source IP address."
       ::= { ceipSecFailEntry 7 }

ceipSecFailPktDstAddressType  OBJECT-TYPE
       SYNTAX InetAddressType
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The type of the packet's destination IP address."
       ::= { ceipSecFailEntry 8 }

ceipSecFailPktDstAddress  OBJECT-TYPE
       SYNTAX InetAddress
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
         "The packet's destination IP address."
       ::= { ceipSecFailEntry 9 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Notification Control Group
--
-- This group of objects controls the sending of IPsec 
-- SNMP notifications.
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ceipSecNotiCntlIpSecAllNotifs OBJECT-TYPE
       SYNTAX TruthValue
       MAX-ACCESS read-write
       STATUS current
       DESCRIPTION
         "This object
         sending any notification
         defined in this MIB module. That is, a particular
         notification 'foo' defined in this MIB module is
         enabled if and only if the expression

         (ceipSecNotiCntlIpSecAllNotifs && ceipSecNotiCntl<foo>)

         evaluates to 'true', where ceipSecNotiCntl<foo> is a
         notification defined in this MIB module.
         "
       DEFVAL { true }
       ::= { ceipSecNotificationCntl 1 }

ceipSecNotifCntlIpSecTunnelStart OBJECT-TYPE
       SYNTAX TruthValue
       MAX-ACCESS read-write
       STATUS current
       DESCRIPTION
         "This object defines the administrative state
         of sending the IPsec Phase-2 Tunnel Start TRAP.

         If the value of this object is 'true', the issuing
         of the notification 'ciscoEnhIpsecFlowTunnelStart' 
         is enabled. "
       DEFVAL { true }
       ::= { ceipSecNotificationCntl 2 }

ceipSecNotifCntlIpSecTunnelStop OBJECT-TYPE
       SYNTAX TruthValue
       MAX-ACCESS read-write
       STATUS current
       DESCRIPTION
         "This object defines the administrative state of 
         sending the IPsec Phase-2 Tunnel Stop TRAP.

         If the value of this object is 'true', the issuing
         of the notification 'ciscoEnhIpsecFlowTunnelStop' 
         is enabled."
       DEFVAL { true }
       ::= { ceipSecNotificationCntl 3 }

ceipSecNotifCntlIpSecSysFailure OBJECT-TYPE
       SYNTAX TruthValue
       MAX-ACCESS read-write
       STATUS current
       DESCRIPTION
         "This object defines the administrative state
         of sending the IPsec Phase-2 System Failure TRAP.

         If the value of this object is 'true', the issuing
         of the notification 'ciscoEnhIpsecFlowSysFailure' 
         is enabled."
       DEFVAL { true }
       ::= { ceipSecNotificationCntl 4 }

ceipSecNotifCntlIpSecSetUpFail OBJECT-TYPE
       SYNTAX TruthValue
       MAX-ACCESS read-write
       STATUS current
       DESCRIPTION
         "This object defines the administrative state
         of sending the IPsec Phase-2 Set Up Failure TRAP.

         If the value of this object is 'true', the issuing
         of the notification 'ciscoEnhIpsecFlowSetupFail' 
         is enabled."
       DEFVAL { true }
       ::= { ceipSecNotificationCntl 5 }

ceipSecNotifCntlIpSecBadSa OBJECT-TYPE
       SYNTAX TruthValue
       MAX-ACCESS read-write
       STATUS current
       DESCRIPTION
         "This object defines the administrative state of 
         sending the IPsec Phase-2  No Security Association 
         trap.

         If the value of this object is 'true', the issuing
         of the notification 'ciscoEnhIpsecFlowBadSa' is 
         enabled."
       DEFVAL { true }
       ::= { ceipSecNotificationCntl 6 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Notifications - TRAPs
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ciscoEnhIpsecFlowTunnelStart NOTIFICATION-TYPE
       OBJECTS {
                   ceipSecTunLifeTime,
                   ceipSecTunLifeSize
               }
       STATUS  current
       DESCRIPTION
         "This notification is generated when an IPsec Phase-2
          Tunnel becomes active."
       ::= { ciscoEnhancedIpsecFlowMIBNotifs 1 }

ciscoEnhIpsecFlowTunnelStop NOTIFICATION-TYPE
       OBJECTS {
                   ceipSecTunHistTermReason,
                   ceipSecTunActiveTime
               }
       STATUS  current
       DESCRIPTION
         "This notification is generated when an IPsec Phase-2
         Tunnel becomes inactive."
       ::= { ciscoEnhancedIpsecFlowMIBNotifs 2 }

ciscoEnhIpsecFlowSysFailure NOTIFICATION-TYPE
       OBJECTS {
                  ceipSecFailReason,
                  ceipSecFailPktSrcAddressType,
                  ceipSecFailPktSrcAddress,
                  ceipSecFailPktDstAddressType,
                  ceipSecFailPktDstAddress
               }
       STATUS  current
       DESCRIPTION
         "This notification is generated when the processing
         for an IPsec Phase-2 Tunnel experiences an internal
         or system capacity error."
       ::= { ciscoEnhancedIpsecFlowMIBNotifs 3 }

ciscoEnhIpsecFlowSetupFail NOTIFICATION-TYPE
       OBJECTS {
                  ceipSecFailReason,
                  ceipSecFailPktSrcAddressType,
                  ceipSecFailPktSrcAddress,
                  ceipSecFailPktDstAddressType,
                  ceipSecFailPktDstAddress
               }
       STATUS  current
       DESCRIPTION
         "This notification is generated when the setup for
         an IPsec Phase-2 Tunnel fails."
       ::= { ciscoEnhancedIpsecFlowMIBNotifs 4 }

ciscoEnhIpsecFlowBadSa NOTIFICATION-TYPE
       OBJECTS {
                  ceipSecFailSaSpi
               }
       STATUS  current
       DESCRIPTION
         "This notification is generated when the managed 
         entity receives an IPsec packet with a non-existent 
         (non-existant in the local Security Association
         Database) SPI."
       ::= { ciscoEnhancedIpsecFlowMIBNotifs 5 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Conformance Information
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ciscoEnhIPsecFlowMIBCompliances OBJECT IDENTIFIER
               ::= { ciscoEnhancedIpsecFlowMIBConform 1 }

ciscoIPsecFlowMIBGroups OBJECT IDENTIFIER
               ::= { ciscoEnhancedIpsecFlowMIBConform 2 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Compliance Statements
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ciscoEnhIPsecFlowMIBCompliance MODULE-COMPLIANCE
       STATUS      current
       DESCRIPTION
         "The compliance statement for SNMP entities
         pertaining to Phase-2 of IP Security Protocol."

       MODULE -- this module
           MANDATORY-GROUPS  { 
                   ciscoEnhIPsecFlowActivityGroup,
                   ciscoEnhIPsecFlowCoreHistGroup,
                   ciscoEnhIPsecFlowCoreFailGroup,
                   ciscoEnhIPsecFlowTunnelSaGroup
       }

       GROUP ciscoEnhIPsecFlowHistoryGroup 
       DESCRIPTION   
        "This group is optional and must be implemented 
        by the agent of the managed entity if the managed 
        entity implements historical archiving of IPsec 
        flows."


       GROUP ciscoEnhIPsecFlowFailureGroup 
       DESCRIPTION   
        "This group is optional and must be implemented 
        by the agent of the managed entity if the
        managed entity implements historical archiving
        of failure of IPsec Phase-2 operations and tunnels."

       GROUP ciscoEnhIPsecFlowNotifGroup 
       DESCRIPTION   
         "The group is optional."

       GROUP ciscoEnhIPsecFlowNotifCntlGroup 
       DESCRIPTION   
        "The agent must implement this group if it implements 
        the group 'ciscoEnhIPsecFlowNotifGroup'."
         
       OBJECT   ceipSecTunStatus
       MIN-ACCESS read-only
       DESCRIPTION
        "Write access is not required."

       OBJECT   ceipSecHistTableSize
       MIN-ACCESS read-only
       DESCRIPTION
        "Write access is not required. In addition,
         implementations which want to disable archiving
         of tunnels may set the value of this object to
         zero."

       OBJECT   ceipSecFailTableSize
       MIN-ACCESS read-only
       DESCRIPTION
        "Write access is not required. In addition,
         implementations which want to disable archiving
         of failures may set the value of this object to
         zero."

       OBJECT ceipSecNotiCntlIpSecAllNotifs
       MIN-ACCESS read-only
       DESCRIPTION
        "Write access is not required."

       OBJECT ceipSecNotifCntlIpSecTunnelStart
       MIN-ACCESS read-only
       DESCRIPTION
        "Write access is not required."

       OBJECT ceipSecNotifCntlIpSecTunnelStop
       MIN-ACCESS read-only
       DESCRIPTION
        "Write access is not required."

       OBJECT ceipSecNotifCntlIpSecSysFailure
       MIN-ACCESS read-only
       DESCRIPTION
        "Write access is not required."

       OBJECT ceipSecNotifCntlIpSecSetUpFail
       MIN-ACCESS read-only
       DESCRIPTION
        "Write access is not required."

       OBJECT ceipSecNotifCntlIpSecBadSa
       MIN-ACCESS read-only
       DESCRIPTION
        "Write access is not required."
           ::= { ciscoEnhIPsecFlowMIBCompliances 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Units of Conformance: List of current groups
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ciscoEnhIPsecFlowActivityGroup OBJECT-GROUP
       OBJECTS {
                   -- The IPsec Phase-2 Global Tunnel Statistics
                   ceipSecGlobalActiveTunnels,
                   ceipSecGlobalPreviousTunnels,
                   ceipSecGlobalInOctets,
                   ceipSecGlobalInDecompOctets,
                   ceipSecGlobalInPkts,
                   ceipSecGlobalInDrops,
                   ceipSecGlobalInReplayDrops,
                   ceipSecGlobalInAuths,
                   ceipSecGlobalInAuthFails,
                   ceipSecGlobalInDecrypts,
                   ceipSecGlobalInDecryptFails,
                   ceipSecGlobalOutOctets,
                   ceipSecGlobalOutUncompOctets,
                   ceipSecGlobalOutPkts,
                   ceipSecGlobalOutDrops,
                   ceipSecGlobalOutAuths,
                   ceipSecGlobalOutAuthFails,
                   ceipSecGlobalOutEncrypts,
                   ceipSecGlobalOutEncryptFails,
                   ceipSecGlobalProtocolUseFails,
                   ceipSecGlobalNoSaFails,
                   ceipSecGlobalSysCapFails,
                   ceipSecGlobalOutCompressedPkts,
                   ceipSecGlobalOutCompSkippedPkts,
                   ceipSecGlobalOutCompFailPkts,
                   ceipSecGlobalOutCompTooSmallPkts,

                   -- The IPsec Phase-2 Tunnel Table
                   ceipSecTunEncapMode,
                   ceipSecTunLifeSize,
                   ceipSecTunLifeTime,
                   ceipSecTunActiveTime,
                   ceipSecTunSaLifeSizeThreshold,
                   ceipSecTunSaLifeTimeThreshold,
                   ceipSecTunTotalRefreshes,
                   ceipSecTunExpiredSaInstances,
                   ceipSecTunCurrentSaInstances,
                   ceipSecTunInSaDHGrp,
                   ceipSecTunInSaEncryptAlgo,
                   ceipSecTunInSaAhAuthAlgo,
                   ceipSecTunInSaEspAuthAlgo,
                   ceipSecTunInSaDecompAlgo,
                   ceipSecTunOutSaDHGrp,
                   ceipSecTunOutSaEncryptAlgo,
                   ceipSecTunOutSaAhAuthAlgo,
                   ceipSecTunOutSaEspAuthAlgo,
                   ceipSecTunOutSaCompAlgo,
                   ceipSecTunPmtu,
                   ceipSecTunInOctets,
                   ceipSecTunInDecompOctets,
                   ceipSecTunInPkts,
                   ceipSecTunInDropPkts,
                   ceipSecTunInReplayDropPkts,
                   ceipSecTunInAuths,
                   ceipSecTunInAuthFails,
                   ceipSecTunInDecrypts,
                   ceipSecTunInDecryptFails,
                   ceipSecTunOutOctets,
                   ceipSecTunOutUncompOctets,
                   ceipSecTunOutPkts,
                   ceipSecTunOutDropPkts,
                   ceipSecTunOutAuths,
                   ceipSecTunOutAuthFails,
                   ceipSecTunOutEncrypts,
                   ceipSecTunOutEncryptFails,
                   ceipSecTunOutCompressedPkts,
                   ceipSecTunOutCompSkippedPkts,
                   ceipSecTunOutCompFailPkts,
                   ceipSecTunOutCompTooSmallPkts,
                   ceipSecIfIndex,
                   ceipSecTunStatus,
                   ceipSecTunControlTunnelIndex,
                   ceipSecTunControlProtocol,
                   ceipSecTunControlTunnelAlive,
                   ceipSecTunInSaEncryptKeySize,
                   ceipSecTunOutSaEncryptKeySize,
                   ceipSecTunLocalAddressType,
                   ceipSecTunLocalAddress,
                   ceipSecTunRemoteAddressType,
                   ceipSecTunRemoteAddress,
                   ceipSecTunNATTraversalMode,

                   -- The IPsec Phase-2 Tunnel Endpoint Table
                   ceipSecEndPtLocalName,
                   ceipSecEndPtLocalType,
                   ceipSecEndPtLocalAddrType1,
                   ceipSecEndPtLocalAddr1,
                   ceipSecEndPtLocalAddrType2,
                   ceipSecEndPtLocalAddr2,
                   ceipSecEndPtLocalProtocol,
                   ceipSecEndPtLocalPort,
                   ceipSecEndPtRemoteName,
                   ceipSecEndPtRemoteType,
                   ceipSecEndPtRemoteAddrType1,
                   ceipSecEndPtRemoteAddr1,
                   ceipSecEndPtRemoteAddrType2,
                   ceipSecEndPtRemoteAddr2,
                   ceipSecEndPtRemoteProtocol,
                   ceipSecEndPtRemotePort,

                   -- The IPsec Phase-2 Security Assocaition Table
                   ceipSecSaDirection,
                   ceipSecSaValue,
                   ceipSecSaStatus
               }
       STATUS current
       DESCRIPTION
         "
         This group consists of:
             1) IPsec Phase-2 Global Statistics
             2) IPsec Phase-2 Tunnel Table
             3) IPsec Phase-2 Endpoint Table
             4) IPsec Phase-2 Security Association Table
         "
       REFERENCE
         "
         rfc2408, rfc2407; rfc2409 section 5.5
         "
       ::= { ciscoIPsecFlowMIBGroups 1 }

ciscoEnhIPsecFlowCoreHistGroup OBJECT-GROUP
       OBJECTS {
                   -- IPsec History Global Control Objects
                   ceipSecHistTableSize
       }
       STATUS current
       DESCRIPTION
         "
         This group consists of the core (mandatory) 
         objects pertaining to maintaining history of 
         IPsec activity.
         "
       ::= { ciscoIPsecFlowMIBGroups 2 }

ciscoEnhIPsecFlowHistoryGroup OBJECT-GROUP
       OBJECTS {
                   -- The IPsec Phase-2 History group
                   ceipSecTunHistTermReason,
                   ceipSecTunHistActiveIndex,
                   ceipSecTunHistEncapMode,
                   ceipSecTunHistLifeSize,
                   ceipSecTunHistLifeTime,
                   ceipSecTunHistStartTime,
                   ceipSecTunHistActiveTime,
                   ceipSecTunHistTotalRefreshes,
                   ceipSecTunHistTotalSas,
                   ceipSecTunHistInSaDHGrp,
                   ceipSecTunHistInSaEncryptAlgo,
                   ceipSecTunHistInSaAhAuthAlgo,
                   ceipSecTunHistInSaEspAuthAlgo,
                   ceipSecTunHistInSaDecompAlgo,
                   ceipSecTunHistOutSaDHGrp,
                   ceipSecTunHistOutSaEncryptAlgo,
                   ceipSecTunHistOutSaAhAuthAlgo,
                   ceipSecTunHistOutSaEspAuthAlgo,
                   ceipSecTunHistOutSaCompAlgo,
                   ceipSecTunHistPmtu,
                   ceipSecTunHistInOctets,
                   ceipSecTunHistInDecompOctets,
                   ceipSecTunHistInPkts,
                   ceipSecTunHistInDropPkts,
                   ceipSecTunHistInReplayDropPkts,
                   ceipSecTunHistInAuths,
                   ceipSecTunHistInAuthFails,
                   ceipSecTunHistInDecrypts,
                   ceipSecTunHistInDecryptFails,
                   ceipSecTunHistOutOctets,
                   ceipSecTunHistOutUncompOctets,
                   ceipSecTunHistOutPkts,
                   ceipSecTunHistOutDropPkts,
                   ceipSecTunHistOutAuths,
                   ceipSecTunHistOutAuthFails,
                   ceipSecTunHistOutEncrypts,
                   ceipSecTunHistOutEncryptFails,
                   ceipSecTunHistOutCompressedPkts,
                   ceipSecTunHistOutCompSkippedPkts,
                   ceipSecTunHistOutCompFailPkts,
                   ceipSecTunHistOutCompSmallPkts,
                   ceipSecTunHistControlProtocol,
                   ceipSecTunHistControlTunnelIndex,
                   ceipSecTunHistInSaEncryptKeySize,
                   ceipSecTunHistOutSaEncryptKeySz,
                   ceipSecTunHistLocalAddressType,
                   ceipSecTunHistLocalAddress,
                   ceipSecTunHistRemoteAddressType,
                   ceipSecTunHistRemoteAddress,
                   ceipSecTunHistNATTraversalMode,

                   -- The IPsec Phase-2 End Point History Table
                   ceipSecEndPtHistTunIndex,
                   ceipSecEndPtHistActiveIndex,
                   ceipSecEndPtHistLocalName,
                   ceipSecEndPtHistLocalType,
                   ceipSecEndPtHistLocalAddrType1,
                   ceipSecEndPtHistLocalAddr1,
                   ceipSecEndPtHistLocalAddrType2,
                   ceipSecEndPtHistLocalAddr2,
                   ceipSecEndPtHistLocalProtocol,
                   ceipSecEndPtHistLocalPort,
                   ceipSecEndPtHistRemoteName,
                   ceipSecEndPtHistRemoteType,
                   ceipSecEndPtHistRemoteAddrType1,
                   ceipSecEndPtHistRemoteAddr1,
                   ceipSecEndPtHistRemoteAddrType2,
                   ceipSecEndPtHistRemoteAddr2,
                   ceipSecEndPtHistRemoteProtocol,
                   ceipSecEndPtHistRemotePort
               }
       STATUS current
       DESCRIPTION
         "This group consists of objects that pertain 
         to maintenance of history of IPsec Phase 2 
         activity."
       ::= { ciscoIPsecFlowMIBGroups 3 }


ciscoEnhIPsecFlowCoreFailGroup OBJECT-GROUP
       OBJECTS {
                 -- Objects associated with implementing
                 -- core failure group.
                 ceipSecFailTableSize
       }
       STATUS current
       DESCRIPTION
         "This group consists of the core (mandatory) 
         objects pertaining to maintaining history of 
         failure IPsec activity."
       ::= { ciscoIPsecFlowMIBGroups 4 }

ciscoEnhIPsecFlowFailureGroup OBJECT-GROUP
       OBJECTS {
                   -- The IPsec Phase-2 Failure group
                   ceipSecFailReason,
                   ceipSecFailTime,
                   ceipSecFailTunnelIndex,
                   ceipSecFailSaSpi,
                   ceipSecFailPktSrcAddressType    ,
                   ceipSecFailPktSrcAddress        ,
                   ceipSecFailPktDstAddressType    ,
                   ceipSecFailPktDstAddress
                 }
       STATUS current
       DESCRIPTION
         "This group consists of objects that pertain 
         to maintenance of history of failures 
         associated with Phase 2 IPsec activity."
       ::= { ciscoIPsecFlowMIBGroups 5 }


ciscoEnhIPsecFlowNotifCntlGroup OBJECT-GROUP
       OBJECTS {
                   ceipSecNotiCntlIpSecAllNotifs,
                   ceipSecNotifCntlIpSecTunnelStart,
                   ceipSecNotifCntlIpSecTunnelStop,
                   ceipSecNotifCntlIpSecSysFailure,
                   ceipSecNotifCntlIpSecSetUpFail,
                   ceipSecNotifCntlIpSecBadSa
               }
       STATUS current
       DESCRIPTION
         "This group of objects controls the sending 
         of notifications pertaining to IPsec Phase-2
         processing."
       ::= { ciscoIPsecFlowMIBGroups 6 }


ciscoEnhIPsecFlowNotifGroup NOTIFICATION-GROUP
       NOTIFICATIONS {
                   ciscoEnhIpsecFlowTunnelStart,
                   ciscoEnhIpsecFlowTunnelStop,
                   ciscoEnhIpsecFlowSysFailure,
                   ciscoEnhIpsecFlowSetupFail,
                   ciscoEnhIpsecFlowBadSa
       }
       STATUS current
       DESCRIPTION
         "This group contains the notifications pertaining
         to Phase-2 operations and data transfer."
       REFERENCE
         "
         rfc2408, rfc2407; rfc2409 section 5.5
         "
       ::= { ciscoIPsecFlowMIBGroups 7 }

ciscoEnhIPsecFlowTunnelSaGroup OBJECT-GROUP
       OBJECTS {
                   ceipSecTunSaValue,
                   ceipSecTunSaIfIndex,
                   ceipSecTunSaInOctets,
                   ceipSecTunSaInDecompOctets,
                   ceipSecTunSaInPkts,
                   ceipSecTunSaInDropPkts,
                   ceipSecTunSaInReplayDropPkts,
                   ceipSecTunSaInAuths,
                   ceipSecTunSaInAuthFails,
                   ceipSecTunSaInDecrypts,
                   ceipSecTunSaInDecryptFails,
                   ceipSecTunSaOutOctets,
                   ceipSecTunSaOutUncompOctets,
                   ceipSecTunSaOutPkts,
                   ceipSecTunSaOutDropPkts,
                   ceipSecTunSaOutAuths,
                   ceipSecTunSaOutAuthFails,
                   ceipSecTunSaOutEncrypts,
                   ceipSecTunSaOutEncryptFails,
                   ceipSecTunSaOutCompressedPkts,
                   ceipSecTunSaOutCompSkippedPkts,
                   ceipSecTunSaOutCompFailPkts,
                   ceipSecTunSaOutCompTooSmallPkts,
                   ceipSecTunSaStatus,
                   ceipSecIfTunnelStatus
       }
       STATUS current
       DESCRIPTION
         "
         This group consists of the Phase-2 IPsec tunnel
         Security Association and traffic information.
         "
       ::= { ciscoIPsecFlowMIBGroups 8 }

END