You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > Wellfleet > Wellfleet-IPSEC-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

Wellfleet-IPSEC-MIB by vendor Wellfleet

Wellfleet-IPSEC-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing Wellfleet-IPSEC-MIB.


Vendor: Wellfleet
Mib: Wellfleet-IPSEC-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
Wellfleet-IPSEC-MIB DEFINITIONS ::= BEGIN


    IMPORTS

      IpAddress, Counter, Gauge, Opaque
        FROM RFC1155-SMI
      OBJECT-TYPE
        FROM RFC-1212
      DisplayString
        FROM RFC1213-MIB
      wfIpsecGroup
        FROM Wellfleet-COMMON-MIB;

    wfIpsecBase	OBJECT IDENTIFIER ::= { wfIpsecGroup 1 }

    wfIpsecBaseCreate OBJECT-TYPE
        SYNTAX	INTEGER {
    		    created(1),
    		    deleted(2)
    		}
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Create/Delete parameter. Default is created.
                Users perform a set operation on this
                object in order to create/delete IPSec."
        DEFVAL	{ created }
        ::= { wfIpsecBase 1 }

    wfIpsecBaseEnable OBJECT-TYPE
        SYNTAX	INTEGER {
    		    enabled(1),
    		    disabled(2)
    		}
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Enable/Disable parameter. Default is enabled.
                Users perform a set operation on this
                object in order to enable/disable IPSec."
        DEFVAL	{ enabled }
        ::= { wfIpsecBase 2 }

    wfIpsecBaseState OBJECT-TYPE
        SYNTAX	INTEGER {
    		    up(1),
    		    down(2),
    		    notpresent(3)
    		}
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The current state of IPsec."
        DEFVAL	{ notpresent }
        ::= { wfIpsecBase 3 }

    wfIpsecBaseEspEncipherEnable OBJECT-TYPE
        SYNTAX	INTEGER {
    		    enabled(1),
    		    disabled(2)
    		}
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Used to control the whether ESP enciphers packets or not. Set
                 this attribute to disable for debugging purposes only. When
                 set to disabled, packets that match a policy that uses ESP
                 to encipher the payload will not be enciphered. This allows
                 one to view the plaintext inner headers for debugging
                 purposes."
        DEFVAL	{ enabled }
        ::= { wfIpsecBase 4 }

    wfIpsecBaseMaxManualSpi OBJECT-TYPE
        SYNTAX	INTEGER(256..65535)
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The maximum SPI value that will be accepted for manually
		configured SAs. The SA values 0 - 255 is reserved. To enter
		this value add the number of SAs belonging to a particular
		IPSec protocol ex ESP to 255. The default value is maximum
		of 32 unique ESP SAs. The value 255 will cause no manual
		SAs supported"
        DEFVAL	{ 384 }
        ::= { wfIpsecBase 5 }

-----------------------
--
-- end of IpsecBase
--
-----------------------

    wfIpsecSelectorInTable OBJECT-TYPE
        SYNTAX	SEQUENCE OF WfIpsecSelectorInEntry
        ACCESS	not-accessible
        STATUS	mandatory
        DESCRIPTION
                "A table of selectors used to identify which IP security
                 policy should be applied to a packet."
        ::= { wfIpsecGroup 2 }

    wfIpsecSelectorInEntry OBJECT-TYPE
        SYNTAX	WfIpsecSelectorInEntry
        ACCESS	not-accessible
        STATUS	mandatory
        DESCRIPTION
                "IP Security Selectors for a policy"
        INDEX	{ wfIpsecSelectorInInterface,
    		  wfIpsecSelectorInCircuit,
    		  wfIpsecSelectorInPolicyNumber,
    		  wfIpsecSelectorInFragment }
        ::= { wfIpsecSelectorInTable 1 }

    WfIpsecSelectorInEntry ::= SEQUENCE {
    	    wfIpsecSelectorInCreate
    		INTEGER,
    	    wfIpsecSelectorInEnable
    		INTEGER,
    	    wfIpsecSelectorInStatus
    		INTEGER,
    	    wfIpsecSelectorInCounter
    		Counter,
    	    wfIpsecSelectorInDefinition
    		Opaque,
    	    wfIpsecSelectorInReserved
    		INTEGER,
    	    wfIpsecSelectorInInterface
    		IpAddress,
    	    wfIpsecSelectorInCircuit
    		INTEGER,
    	    wfIpsecSelectorInPolicyNumber
    		INTEGER,
    	    wfIpsecSelectorInFragment
    		INTEGER,
    	    wfIpsecSelectorInName
    		DisplayString
        }

    wfIpsecSelectorInCreate OBJECT-TYPE
        SYNTAX	INTEGER {
    		    created(1),
    		    deleted(2)
    		}
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Defines the existence of the policy's selectors:
                created - instance exists
                delete - instance should be deleted."
        DEFVAL	{ created }
        ::= { wfIpsecSelectorInEntry 1 }

    wfIpsecSelectorInEnable OBJECT-TYPE
        SYNTAX	INTEGER {
    		    enabled(1),
    		    disabled(2)
    		}
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Defines whether or not the policy should be used:
                enabled - activate the policy's selectors.
                disabled - deactivate the policy's selectors."
        DEFVAL	{ enabled }
        ::= { wfIpsecSelectorInEntry 2 }

    wfIpsecSelectorInStatus OBJECT-TYPE
        SYNTAX	INTEGER {
    		    up(1),
    		    down(2),
    		    inactive(3),
    		    notpresent(4)
    		}
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "Defines the current status of the this instance:
                 up: this instance is in use
                 down: this instance is misconfigured
                 inactive: this instance is disabled
                 notpresent: the IPsec code isn't loaded"
        DEFVAL	{ notpresent }
        ::= { wfIpsecSelectorInEntry 3 }

    wfIpsecSelectorInCounter OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets that have
                matched the selectors."
        ::= { wfIpsecSelectorInEntry 4 }

    wfIpsecSelectorInDefinition OBJECT-TYPE
        SYNTAX	Opaque
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The policy's selector definition."
        ::= { wfIpsecSelectorInEntry 5 }

    wfIpsecSelectorInReserved OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "Reserved field."
        ::= { wfIpsecSelectorInEntry 6 }

    wfIpsecSelectorInInterface OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The network address of the IP
                interface to which the corresponding policy is applied."
        ::= { wfIpsecSelectorInEntry 7 }

    wfIpsecSelectorInCircuit OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The ID of the Circuit to which the
                corresponding policy is applied."
        ::= { wfIpsecSelectorInEntry 8 }

    wfIpsecSelectorInPolicyNumber OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "ID policy's selectors."
        ::= { wfIpsecSelectorInEntry 9 }

    wfIpsecSelectorInFragment OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "Fragment number - for large sets of selectors."
        ::= { wfIpsecSelectorInEntry 10 }

    wfIpsecSelectorInName OBJECT-TYPE
        SYNTAX	DisplayString
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "name of this instance of selectors."
        ::= { wfIpsecSelectorInEntry 11 }

-----------------------
--
-- end of IpsecSelectorIn
--
-----------------------

    wfIpsecSelectorOutTable OBJECT-TYPE
        SYNTAX	SEQUENCE OF WfIpsecSelectorOutEntry
        ACCESS	not-accessible
        STATUS	mandatory
        DESCRIPTION
                "A table of selectors used to identify which IP security
                 policy should be applied to a packet."
        ::= { wfIpsecGroup 3 }

    wfIpsecSelectorOutEntry OBJECT-TYPE
        SYNTAX	WfIpsecSelectorOutEntry
        ACCESS	not-accessible
        STATUS	mandatory
        DESCRIPTION
                "IP Security Selectors for a policy"
        INDEX	{ wfIpsecSelectorOutInterface,
    		  wfIpsecSelectorOutCircuit,
    		  wfIpsecSelectorOutPolicyNumber,
    		  wfIpsecSelectorOutFragment }
        ::= { wfIpsecSelectorOutTable 1 }

    WfIpsecSelectorOutEntry ::= SEQUENCE {
    	    wfIpsecSelectorOutCreate
    		INTEGER,
    	    wfIpsecSelectorOutEnable
    		INTEGER,
    	    wfIpsecSelectorOutStatus
    		INTEGER,
    	    wfIpsecSelectorOutCounter
    		Counter,
    	    wfIpsecSelectorOutDefinition
    		Opaque,
    	    wfIpsecSelectorOutReserved
    		INTEGER,
    	    wfIpsecSelectorOutInterface
    		IpAddress,
    	    wfIpsecSelectorOutCircuit
    		INTEGER,
    	    wfIpsecSelectorOutPolicyNumber
    		INTEGER,
    	    wfIpsecSelectorOutFragment
    		INTEGER,
    	    wfIpsecSelectorOutName
    		DisplayString
        }

    wfIpsecSelectorOutCreate OBJECT-TYPE
        SYNTAX	INTEGER {
    		    created(1),
    		    deleted(2)
    		}
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Defines the existence of the policy's selectors:
                created - instance exists
                delete - instance should be deleted."
        DEFVAL	{ created }
        ::= { wfIpsecSelectorOutEntry 1 }

    wfIpsecSelectorOutEnable OBJECT-TYPE
        SYNTAX	INTEGER {
    		    enabled(1),
    		    disabled(2)
    		}
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Defines whether or not the policy should be used:
                enabled - activate the policy's selectors.
                disabled - deactivate the policy's selectors."
        DEFVAL	{ enabled }
        ::= { wfIpsecSelectorOutEntry 2 }

    wfIpsecSelectorOutStatus OBJECT-TYPE
        SYNTAX	INTEGER {
    		    up(1),
    		    down(2),
    		    inactive(3),
    		    notpresent(4)
    		}
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "Defines the current status of the this instance:
                 up: this instance is in use
                 down: this instance is misconfigured
                 inactive: this instance is disabled
                 notpresent: the IPsec code isn't loaded"
        DEFVAL	{ notpresent }
        ::= { wfIpsecSelectorOutEntry 3 }

    wfIpsecSelectorOutCounter OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets that have
                matched the selectors."
        ::= { wfIpsecSelectorOutEntry 4 }

    wfIpsecSelectorOutDefinition OBJECT-TYPE
        SYNTAX	Opaque
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The policy's selector definition."
        ::= { wfIpsecSelectorOutEntry 5 }

    wfIpsecSelectorOutReserved OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "Reserved field."
        ::= { wfIpsecSelectorOutEntry 6 }

    wfIpsecSelectorOutInterface OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The network address of the IP
                interface to which the corresponding policy is applied."
        ::= { wfIpsecSelectorOutEntry 7 }

    wfIpsecSelectorOutCircuit OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The ID of the Circuit to which the
                corresponding policy is applied."
        ::= { wfIpsecSelectorOutEntry 8 }

    wfIpsecSelectorOutPolicyNumber OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "ID policy's selectors."
        ::= { wfIpsecSelectorOutEntry 9 }

    wfIpsecSelectorOutFragment OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "Fragment number - for large sets of selectors."
        ::= { wfIpsecSelectorOutEntry 10 }

    wfIpsecSelectorOutName OBJECT-TYPE
        SYNTAX	DisplayString
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "name of this instance of selectors."
        ::= { wfIpsecSelectorOutEntry 11 }

-----------------------
--
-- end of IpsecSelectorOut
--
-----------------------

    wfIpsecDescriptorTable OBJECT-TYPE
        SYNTAX	SEQUENCE OF WfIpsecDescriptorEntry
        ACCESS	not-accessible
        STATUS	mandatory
        DESCRIPTION
                "Table of IP security descriptors"
        ::= { wfIpsecGroup 4 }

    wfIpsecDescriptorEntry OBJECT-TYPE
        SYNTAX	WfIpsecDescriptorEntry
        ACCESS	not-accessible
        STATUS	mandatory
        DESCRIPTION
                "An IP security Descriptor"
        INDEX	{ wfIpsecDescriptorInterface,
                 wfIpsecDescriptorCircuit,
                 wfIpsecDescriptorPolicyNumber }
        ::= { wfIpsecDescriptorTable 1 }

    WfIpsecDescriptorEntry ::= SEQUENCE {
       wfIpsecDescriptorCreate
         INTEGER,
       wfIpsecDescriptorStatus
         INTEGER,
        wfIpsecDescriptorPolicyNumber
         INTEGER,
        wfIpsecDescriptorInterface
         IpAddress,
        wfIpsecDescriptorCircuit
         INTEGER,
       wfIpsecDescriptorManualSaList
         Opaque,
       wfIpsecDescriptorSaMode
         INTEGER,
       wfIpsecDescriptorPfs
         INTEGER,
       wfIpsecDescriptorProposals
         Opaque,
       wfIpsecDescriptorSourceForDestAddr
         INTEGER,
       wfIpsecDescriptorSourceForSrcAddr
         INTEGER,
       wfIpsecDescriptorSourceForProtocol
         INTEGER,
       wfIpsecDescriptorStartSourceAddr
         IpAddress,
       wfIpsecDescriptorEndSourceAddr
         IpAddress,
       wfIpsecDescriptorStartDestAddr
         IpAddress,
       wfIpsecDescriptorEndDestAddr
         IpAddress,
       wfIpsecDescriptorPort
         INTEGER,
       wfIpsecDescriptorProtocol
         INTEGER,
       wfIpsecDescriptorPrimarySG
         IpAddress,
       wfIpsecDescriptorInboundIdleTimer
         INTEGER
        }

    wfIpsecDescriptorCreate OBJECT-TYPE
        SYNTAX	INTEGER {
    		    created(1),
    		    deleted(2)
        }
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Create/Delete parameter. Default is created."
        DEFVAL	{ created }
        ::= { wfIpsecDescriptorEntry 1 }

    wfIpsecDescriptorStatus OBJECT-TYPE
        SYNTAX	INTEGER {
    		    up(1),
    		    down(2),
    		    inactive(3),
    		    notpresent(4)
        }
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The status of this instance:
                 up: this instance is in use
                 down: this instance is misconfigured
                 inactive: this instance is disabled
                 notpresent: the IPsec code isn't loaded"
        DEFVAL	{ notpresent }
        ::= { wfIpsecDescriptorEntry 2 }

    wfIpsecDescriptorPolicyNumber OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "Allows instance of wfIpsecSelectorOutEntry to be matched with
                 this instance."
        ::= { wfIpsecDescriptorEntry 3 }

    wfIpsecDescriptorInterface OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The IP address of the security gateway which this descriptor
                 belongs to."
        ::= { wfIpsecDescriptorEntry 4 }

    wfIpsecDescriptorCircuit OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The ID of the Circuit to which this
                instance applies."
        ::= { wfIpsecDescriptorEntry 5 }

    wfIpsecDescriptorManualSaList OBJECT-TYPE
        SYNTAX	Opaque
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "the octet string represents an ordered list of Security
                 Associations (SAs). the format of each 9 byte sequence is:
                 ------------+-----------+-----------+------------+-----------
                 | protocol  |            Peer IP Address                    |
                 ------------+-----------+-----------+------------+-----------
                 |                      SPI                       |
                 ------------+-----------+-----------+------------+
                 "
        ::= { wfIpsecDescriptorEntry 6 }

    wfIpsecDescriptorSaMode OBJECT-TYPE
        SYNTAX INTEGER {
          tunnel(1),
          transport(2)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "Identifies mode of the SA for this policy."
        DEFVAL { tunnel }
        ::= { wfIpsecDescriptorEntry 7 }

    wfIpsecDescriptorPfs OBJECT-TYPE
        SYNTAX INTEGER {
             true(1),
             false(2)
         }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "Identifies whether perfect forward secrecy is required
                 or not."
        DEFVAL { false }
        ::= { wfIpsecDescriptorEntry 8 }

    wfIpsecDescriptorProposals OBJECT-TYPE
        SYNTAX Opaque
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "the octet string represents an ordered list of proposals.
                 Every 2 octets in the string contains a number which
                 corresponds to an instance I.D. of wfIpsecProposalEntry.
                 The list of proposals is a logically ORed list."
        ::= { wfIpsecDescriptorEntry 9 }

    wfIpsecDescriptorSourceForDestAddr OBJECT-TYPE
        SYNTAX INTEGER {
          packet(1),
          policy(2)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The source for the destination IP address value to be used
                 in the SA. 'packet' limits use of the SA to those packets
                 which have a matching IP addr even if the policy permits a
                 range. 'policy' allows more than one traffic flow to use
                 the SA if the policy permits a range of IP addresses."
        DEFVAL { policy }
        ::= { wfIpsecDescriptorEntry 10 }

    wfIpsecDescriptorSourceForSrcAddr OBJECT-TYPE
        SYNTAX INTEGER {
          packet(1),
          policy(2)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The source for the destination IP address value to be used
                 in the SA. 'packet' limits use of the SA to those packets
                 which have a matching IP addr even if the policy permits a
                 range. 'policy' allows more than one traffic flow to use
                 the SA if the policy permits a range of IP addresses."
        DEFVAL { policy }
        ::= { wfIpsecDescriptorEntry 11 }

    wfIpsecDescriptorSourceForProtocol OBJECT-TYPE
        SYNTAX INTEGER {
          packet(1),
          policy(2)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The source for the destination IP address value to be used
                 in the SA. 'packet' limits use of the SA to those packets
                 which have a matching IP addr even if the policy permits a
                 range. 'policy' allows more than one traffic flow to use
                 the SA if the policy permits a range of IP addresses."
        DEFVAL { policy }
        ::= { wfIpsecDescriptorEntry 12 }

    wfIpsecDescriptorStartSourceAddr OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The start Source IP address for the dynamic SA."
        ::= { wfIpsecDescriptorEntry 13 }

    wfIpsecDescriptorEndSourceAddr OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The end Source IP address for the dynamic SA."
        ::= { wfIpsecDescriptorEntry 14 }

    wfIpsecDescriptorStartDestAddr OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The start Destination IP address for the dynamic SA."
        ::= { wfIpsecDescriptorEntry 15 }

    wfIpsecDescriptorEndDestAddr OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The end Source IP address for the dynamic SA."
        ::= { wfIpsecDescriptorEntry 16 }

    wfIpsecDescriptorPort OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The port number for the dynamic SA."
        ::= { wfIpsecDescriptorEntry 17 }

    wfIpsecDescriptorProtocol OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The IP protocol for the dynamic SA."
        ::= { wfIpsecDescriptorEntry 18 }

    wfIpsecDescriptorPrimarySG OBJECT-TYPE
        SYNTAX IpAddress
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The address of the remote gateway."
        ::= { wfIpsecDescriptorEntry 19 }

    wfIpsecDescriptorInboundIdleTimer OBJECT-TYPE
        SYNTAX  INTEGER
        ACCESS  read-write
        STATUS  mandatory
        DESCRIPTION
                "Inbound (Unprotect) SA inactivity timer, in minutes.
                If no traffic is received on an automated inbound SA
                for the indicated time, both SAs for this policy will
                be deleted.  A value of zero disables the timer."
        DEFVAL  { 15 }
        ::= { wfIpsecDescriptorEntry 20 }

-----------------------
--
-- end of IpsecDescriptor
--
-----------------------

    wfIpsecEspSaTable OBJECT-TYPE
        SYNTAX	SEQUENCE OF WfIpsecEspSaEntry
        ACCESS	not-accessible
        STATUS	mandatory
        DESCRIPTION
                "The ESP security association table"
        ::= { wfIpsecGroup 5 }

    wfIpsecEspSaEntry OBJECT-TYPE
        SYNTAX	WfIpsecEspSaEntry
        ACCESS	not-accessible
        STATUS	mandatory
        DESCRIPTION
                "Entry in ESP security association table"
        INDEX	{ wfIpsecEspSaSrc,
                 wfIpsecEspSaDest,
                 wfIpsecEspSaSpi }
        ::= { wfIpsecEspSaTable 1 }

    WfIpsecEspSaEntry ::= SEQUENCE {
    	    wfIpsecEspSaCreate
    		INTEGER,
    	    wfIpsecEspSaStatus
    		INTEGER,
    	    wfIpsecEspSaSrc
    		IpAddress,
    	    wfIpsecEspSaDest
    		IpAddress,
    	    wfIpsecEspSaSpi
    		INTEGER,
          wfIpsecEspSaCipherAlg
	    	INTEGER,
          wfIpsecEspSaManualCipherKey
	    	OCTET STRING,
          wfIpsecEspSaDesKeyStrength
	    	INTEGER,
          wfIpsecEspSaIntegrityAlg
	    	INTEGER,
          wfIpsecEspSaManualIntegrityKey
	    	OCTET STRING,
	  wfIpsecEspSaVerifyPad
		INTEGER,
	  wfIpsecEspSaReset
	 	INTEGER,	
    	  wfIpsecEspSaBadAuthen
    		Counter,
    	  wfIpsecEspSaBadDecrypt
    		Counter,
    	  wfIpsecEspSaBadPad
    		Counter,
          wfIpsecEspSaProtectPkt 
    		Counter,
          wfIpsecEspSaUnprotectPkt 
    		Counter,
          wfIpsecEspSaEncryptByte
    		Counter,
          wfIpsecEspSaDecryptByte
    		Counter,
          wfIpsecEspSaMode
			INTEGER,
          wfIpsecEspSaPfs
			INTEGER,
          wfIpsecEspSaExpiryType
			INTEGER,
          wfIpsecEspSaExpiryValue
			INTEGER
        }

    wfIpsecEspSaCreate OBJECT-TYPE
        SYNTAX	INTEGER {
    		    created(1),
    		    deleted(2)
        }
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Create/Delete parameter."
        DEFVAL	{ created }
        ::= { wfIpsecEspSaEntry 1 }

    wfIpsecEspSaStatus OBJECT-TYPE
        SYNTAX	INTEGER {
    		    up(1),
    		    down(2),
             inactive(3),
             notpresent(4)
        }
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The current status of this Security Association:
                 up: this SA is in use
                 down: this SA is misconfigured
                 inactive: this SA is disabled
                 notpresent: the IPsec code isn't loaded"
        DEFVAL	{ notpresent }
        ::= { wfIpsecEspSaEntry 2 }

    wfIpsecEspSaSrc OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The IP address of the SA's source."
        ::= { wfIpsecEspSaEntry 3 }

    wfIpsecEspSaDest OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The IP address of the SA's destination."
        ::= { wfIpsecEspSaEntry 4 }

    wfIpsecEspSaSpi OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The security parameters index"
        ::= { wfIpsecEspSaEntry 5 }

    wfIpsecEspSaCipherAlg OBJECT-TYPE
        SYNTAX	INTEGER {
    		    none(1),
    		    des(2),
    		    desede(3)
        }
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Identifies cipher algorithm for this SA."
        DEFVAL { des }
        ::= { wfIpsecEspSaEntry 6 }

    wfIpsecEspSaManualCipherKey OBJECT-TYPE
        SYNTAX	OCTET STRING
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The key for a manually-keyed SA's cipher algorithm"
        ::= { wfIpsecEspSaEntry 7 }

    wfIpsecEspSaDesKeyStrength OBJECT-TYPE
        SYNTAX	INTEGER {
             fortybit(1),
             fiftysixbit(2)
        }
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The strength of the cipher key."
        DEFVAL { fiftysixbit }
        ::= { wfIpsecEspSaEntry 8 }

    wfIpsecEspSaIntegrityAlg OBJECT-TYPE
        SYNTAX	INTEGER {
             none(1),
             hmacMd5(2),
             hmacSha1(3)
        }
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The algorithm for ESP Auth."
        DEFVAL { none }
        ::= { wfIpsecEspSaEntry 9 }

    wfIpsecEspSaManualIntegrityKey OBJECT-TYPE
        SYNTAX	OCTET STRING
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "The key for a manually-keyed SA's integrity algorithm"
        ::= { wfIpsecEspSaEntry 10 }

    wfIpsecEspSaVerifyPad OBJECT-TYPE
        SYNTAX	INTEGER {
   		    enabled(1),
    		    disabled(2)
    			}
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "This attribute enables checking of the pad field of ESP
		packets making sure it is in expected numeric ascending 
		order. Packets with bad padding are discarded."
	DEFVAL { disabled }
        ::= { wfIpsecEspSaEntry 11 }

    wfIpsecEspSaReset OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Reset IPSec SA statistics indicator."
        ::= { wfIpsecEspSaEntry 12 }

    wfIpsecEspSaBadAuthen OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received encrypted packets that could 
                not be properly authenticated."
        ::= { wfIpsecEspSaEntry 13 }

    wfIpsecEspSaBadDecrypt OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets that could 
                not be properly decrypted."
        ::= { wfIpsecEspSaEntry 14 }

    wfIpsecEspSaBadPad OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets that contained
                bad padding information."
        ::= { wfIpsecEspSaEntry 15 }

    wfIpsecEspSaProtectPkt OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of successfully encrypted packets."
        ::= { wfIpsecEspSaEntry 16 }

    wfIpsecEspSaUnprotectPkt OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of successfully decrypted packets." 
        ::= { wfIpsecEspSaEntry 17 }

    wfIpsecEspSaEncryptByte OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of successfully encrypted bytes."
        ::= { wfIpsecEspSaEntry 18 }

    wfIpsecEspSaDecryptByte OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of successfully encrypted bytes."
        ::= { wfIpsecEspSaEntry 19 }

    wfIpsecEspSaMode OBJECT-TYPE
        SYNTAX  INTEGER {
                    tunnel(1),
                    transport(2)
                }
        ACCESS  read-write
        STATUS  mandatory
        DESCRIPTION
                "Identifies mode of the SA."
        DEFVAL { tunnel }
        ::= { wfIpsecEspSaEntry 20 }

    wfIpsecEspSaPfs OBJECT-TYPE
        SYNTAX  INTEGER {
                    true(1),
                    false(2)
                }
        ACCESS  read-write
        STATUS  mandatory
        DESCRIPTION
                "Identifies whether this SA has perfect forward secrecy or
                 not."
        DEFVAL { true }
        ::= { wfIpsecEspSaEntry 21 }

    wfIpsecEspSaExpiryType OBJECT-TYPE
        SYNTAX  INTEGER {
                    seconds(1),
                    kilobytes(2),
                    none(3)
                }
        ACCESS  read-write
        STATUS  mandatory
        DESCRIPTION
                "The units used to interpret the expiry value. The SA's
                 keys don't expire when this is set to none."
        DEFVAL { none }
        ::= { wfIpsecEspSaEntry 22 }

    wfIpsecEspSaExpiryValue OBJECT-TYPE
        SYNTAX  INTEGER
        ACCESS  read-write
        STATUS  mandatory
        DESCRIPTION
                "The value used to determine when the keys for this SA
                 expire."
        ::= { wfIpsecEspSaEntry 23 }

-----------------------
--
-- end of IpsecEspSaTable
--
-----------------------

    wfIpsecStatsTable OBJECT-TYPE
        SYNTAX	SEQUENCE OF WfIpsecStatsEntry
        ACCESS	not-accessible
        STATUS	mandatory
        DESCRIPTION
                "The interface statistics table"
        ::= { wfIpsecGroup 6 }

    wfIpsecStatsEntry OBJECT-TYPE
        SYNTAX	WfIpsecStatsEntry
        ACCESS	not-accessible
        STATUS	mandatory
        DESCRIPTION
                "Entry in Interface Statistics Table"
        INDEX	{ wfIpsecStatsInterface,
    		  wfIpsecStatsCircuit }
        ::= { wfIpsecStatsTable 1 }

    WfIpsecStatsEntry ::= SEQUENCE {
    	  wfIpsecStatsCreate
    		INTEGER,
    	  wfIpsecStatsInterface
    		IpAddress,
    	  wfIpsecStatsCircuit
    		INTEGER,
	  wfIpsecStatsReset
	 	INTEGER,	
    	  wfIpsecStatsUnprotectPkt
    		Counter,
    	  wfIpsecStatsProtectPkt
    		Counter,
    	  wfIpsecStatsBypassPkt
    		Counter,
    	  wfIpsecStatsDropPkt
    		Counter,
	  wfIpsecStatsNoSa
		Counter,
    	  wfIpsecStatsLastBadSpi
    		INTEGER,
	  wfIpsecStatsNoPolicyMatch
		Counter,
	  wfIpsecStatsSaExpDropBytes
	        Counter,
	  wfIpsecStatsOutClips
	        Counter,
	  wfIpsecStatsInClips
	        Counter
        }

    wfIpsecStatsCreate OBJECT-TYPE
        SYNTAX	INTEGER {
    		    created(1),
    		    deleted(2)
        }
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "Create/Delete parameter."
        DEFVAL	{ created }
        ::= { wfIpsecStatsEntry 1 }

    wfIpsecStatsInterface OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The IP address of the security gateway which these statistics
                 belong to."
        ::= { wfIpsecStatsEntry 2 }

    wfIpsecStatsCircuit OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The ID of the Circuit to which this
                instance applies."
        ::= { wfIpsecStatsEntry 3 }

    wfIpsecStatsReset OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-write
        STATUS	mandatory
        DESCRIPTION
                "Reset IPSec statistics indicator."
        ::= { wfIpsecStatsEntry 4 }

    wfIpsecStatsUnprotectPkt OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets successfully 
                decrypted."
        ::= { wfIpsecStatsEntry 5 }

    wfIpsecStatsProtectPkt OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets successfully
                encrypted."
        ::= { wfIpsecStatsEntry 6 }

    wfIpsecStatsBypassPkt OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets that have
                bypassed."
        ::= { wfIpsecStatsEntry 7 }

    wfIpsecStatsDropPkt OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets that have
                been dropped."
        ::= { wfIpsecStatsEntry 8 }

    wfIpsecStatsNoSa OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets for which
                no SA was found."
        ::= { wfIpsecStatsEntry 9 }

    wfIpsecStatsLastBadSpi OBJECT-TYPE
        SYNTAX	INTEGER
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The last security parameters index for which
		no SA could be found."
        ::= { wfIpsecStatsEntry 10 }

    wfIpsecStatsNoPolicyMatch OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets for which
                no policy match could be found."
        ::= { wfIpsecStatsEntry 11 }

    wfIpsecStatsSaExpDropBytes OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
		"The number of bytes discarded owing to SA Expiry"
	::= { wfIpsecStatsEntry 12 }
     
    wfIpsecStatsOutClips OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
		"The number of outbound packets clipped due to
                buffer congestion."
	::= { wfIpsecStatsEntry 13 }

    wfIpsecStatsInClips OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
		"The number of inbound packets clipped due to
                buffer congestion."
	::= { wfIpsecStatsEntry 14 }

-----------------------
--
-- end of IpsecStats
--
-----------------------

    wfIpsecRemoteGatewayTable OBJECT-TYPE
        SYNTAX SEQUENCE OF WfIpsecRemoteGatewayEntry
        ACCESS not-accessible
        STATUS mandatory
        DESCRIPTION
                "A table of known remote Security Gateways."
        ::= { wfIpsecGroup 7 }

    wfIpsecRemoteGatewayEntry OBJECT-TYPE
        SYNTAX WfIpsecRemoteGatewayEntry
        ACCESS not-accessible
        STATUS mandatory
        DESCRIPTION
                "A remote Security Gateway"
        INDEX  { wfIpsecRemoteGatewayInterface,
                 wfIpsecRemoteGatewayCircuit,
                 wfIpsecRemoteGatewayIndex }
        ::= { wfIpsecRemoteGatewayTable 1 }

    WfIpsecRemoteGatewayEntry ::= SEQUENCE {
          wfIpsecRemoteGatewayCreate
         INTEGER,
          wfIpsecRemoteGatewayEnable
         INTEGER,
          wfIpsecRemoteGatewayStatus
         INTEGER,
          wfIpsecRemoteGatewayInterface
         IpAddress,
          wfIpsecRemoteGatewayCircuit
         INTEGER,
          wfIpsecRemoteGatewayIndex
         INTEGER,
          wfIpsecRemoteGatewayIpAddr
         IpAddress,
          wfIpsecRemoteGatewayRange
         OCTET STRING,
          wfIpsecRemoteGatewayName
         DisplayString
        }

    wfIpsecRemoteGatewayCreate OBJECT-TYPE
        SYNTAX INTEGER {
             created(1),
             deleted(2)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "creates or deletes an instance."
        DEFVAL { created }
        ::= { wfIpsecRemoteGatewayEntry 1 }

    wfIpsecRemoteGatewayEnable OBJECT-TYPE
        SYNTAX INTEGER {
             enabled(1),
             disabled(2)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "enables and disables this instance."
        DEFVAL { enabled }
        ::= { wfIpsecRemoteGatewayEntry 2 }

    wfIpsecRemoteGatewayStatus OBJECT-TYPE
        SYNTAX INTEGER {
             active(1),
             error(2),
             inactive(3),
             notpresent(4)
         }
        ACCESS read-only
        STATUS mandatory
        DESCRIPTION
                "Defines the current status of the instance:
                inactive - ?
                active - ?
                error - ?"
        DEFVAL { notpresent }
        ::= { wfIpsecRemoteGatewayEntry 3 }

    wfIpsecRemoteGatewayInterface OBJECT-TYPE
        SYNTAX IpAddress
        ACCESS read-only
        STATUS mandatory
        DESCRIPTION
                "The address of the IP interface to which this
                 instance applies."
        ::= { wfIpsecRemoteGatewayEntry 4 }

    wfIpsecRemoteGatewayCircuit OBJECT-TYPE
        SYNTAX INTEGER
        ACCESS read-only
        STATUS mandatory
        DESCRIPTION
                "The ID of the Circuit to which the instance applies."
        ::= { wfIpsecRemoteGatewayEntry 5 }

    wfIpsecRemoteGatewayIndex OBJECT-TYPE
        SYNTAX INTEGER
        ACCESS read-only
        STATUS mandatory
        DESCRIPTION
                "An index used to differentiate remote gateway instances."
        ::= { wfIpsecRemoteGatewayEntry 6 }

    wfIpsecRemoteGatewayIpAddr OBJECT-TYPE
        SYNTAX IpAddress
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The address of the remote gateway."
        ::= { wfIpsecRemoteGatewayEntry 7 }

    wfIpsecRemoteGatewayRange OBJECT-TYPE
        SYNTAX OCTET STRING
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The range of destination IP addresses that the remote
                 security gateway represents."
        ::= { wfIpsecRemoteGatewayEntry 8 }

    wfIpsecRemoteGatewayName OBJECT-TYPE
        SYNTAX DisplayString
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "name of the remote security gateway."
        ::= { wfIpsecRemoteGatewayEntry 9 }

-----------------------
--
-- end of IpsecRemoteGateway
--
-----------------------

    wfIpsecProposalTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF WfIpsecProposalEntry
        ACCESS  not-accessible
        STATUS  mandatory
        DESCRIPTION
                "Table of IP security proposals"
        ::= { wfIpsecGroup 8 }

    wfIpsecProposalEntry OBJECT-TYPE
        SYNTAX  WfIpsecProposalEntry
        ACCESS  not-accessible
        STATUS  mandatory
        DESCRIPTION
                "An IP security Proposal. This is essentially a sequence
                 of protection suites represented by wfIpsecSuiteEntry
                 instances"
        INDEX   { wfIpsecProposalNumber }
        ::= { wfIpsecProposalTable 1 }

    WfIpsecProposalEntry ::= SEQUENCE {
            wfIpsecProposalCreate
                INTEGER,
            wfIpsecProposalStatus
                INTEGER,
            wfIpsecProposalName
                DisplayString,
            wfIpsecProposalNumber
                INTEGER,
            wfIpsecProposalSuites
                Opaque
    }

    wfIpsecProposalCreate OBJECT-TYPE
        SYNTAX  INTEGER {
             created(1),
             deleted(2)
        }
        ACCESS  read-write
        STATUS  mandatory
        DESCRIPTION
                "Create/Delete parameter. Default is created."
        DEFVAL  { created }
        ::= { wfIpsecProposalEntry 1 }

    wfIpsecProposalStatus OBJECT-TYPE
        SYNTAX  INTEGER {
             active(1),
             error(2),
             inactive(3),
             notpresent(4)
        }
        ACCESS  read-only
        STATUS  mandatory
        DESCRIPTION
                "The status of this Proposal."
        DEFVAL  { notpresent }
        ::= { wfIpsecProposalEntry 2 }

    wfIpsecProposalName OBJECT-TYPE
        SYNTAX  DisplayString
        ACCESS  read-write
        STATUS  mandatory
        DESCRIPTION
                "Proposal name."
        ::= { wfIpsecProposalEntry 3 }

    wfIpsecProposalNumber OBJECT-TYPE
        SYNTAX  INTEGER
        ACCESS  read-only
        STATUS  mandatory
        DESCRIPTION
                "A number that identifies this proposal."
        ::= { wfIpsecProposalEntry 4 }

    wfIpsecProposalSuites OBJECT-TYPE
        SYNTAX  Opaque
        ACCESS  read-write
        STATUS  mandatory
        DESCRIPTION
                "the octet string contains a list of ordered, 2 byte numbers
                 that correspond to wfIpsecSuiteEntry instance ID's.
                 The list of protection suites is a logically ANDed list.
                 This allows multiple protocols to be used for a policy."
        ::= { wfIpsecProposalEntry 5 }

-----------------------
--
-- end of IpsecProposal
--
-----------------------

    wfIpsecSuiteTable OBJECT-TYPE
        SYNTAX SEQUENCE OF WfIpsecSuiteEntry
        ACCESS not-accessible
        STATUS mandatory
        DESCRIPTION
                "Table of IP security protection suites"
        ::= { wfIpsecGroup 9 }

    wfIpsecSuiteEntry OBJECT-TYPE
        SYNTAX WfIpsecSuiteEntry
        ACCESS not-accessible
        STATUS mandatory
        DESCRIPTION
                "An IP security protection suite"
        INDEX  { wfIpsecSuiteNumber }
        ::= { wfIpsecSuiteTable 1 }

    WfIpsecSuiteEntry ::= SEQUENCE {
          wfIpsecSuiteCreate
         INTEGER,
          wfIpsecSuiteStatus
         INTEGER,
          wfIpsecSuiteName
         DisplayString,
          wfIpsecSuiteNumber
         INTEGER,
-- only one of the next three attributes should be non-zero. the first
-- non-zero attribute is used. configurators should enforce this rule.
          wfIpsecSuiteEspProtocol
         Opaque,
          wfIpsecSuiteAhProtocol
         Opaque
        }

    wfIpsecSuiteCreate OBJECT-TYPE
        SYNTAX INTEGER {
             created(1),
             deleted(2)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "Create/Delete parameter. Default is created."
        DEFVAL { created }
        ::= { wfIpsecSuiteEntry 1 }

    wfIpsecSuiteStatus OBJECT-TYPE
        SYNTAX INTEGER {
             active(1),
             error(2),
             inactive(3),
             notpresent(4)
        }
        ACCESS read-only
        STATUS mandatory
        DESCRIPTION
                "The status of this Suite."
        DEFVAL { notpresent }
        ::= { wfIpsecSuiteEntry 2 }

    wfIpsecSuiteName OBJECT-TYPE
        SYNTAX DisplayString
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "Suite name."
        ::= { wfIpsecSuiteEntry 3 }

    wfIpsecSuiteNumber OBJECT-TYPE
        SYNTAX INTEGER
        ACCESS read-only
        STATUS mandatory
        DESCRIPTION
                "A number that identifies this protection suite."
        ::= { wfIpsecSuiteEntry 4 }

    wfIpsecSuiteEspProtocol OBJECT-TYPE
        SYNTAX Opaque
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The ordered sequence of wfIpsecEspTransformEntry instances that
                 comprise this protection suite."
        ::= { wfIpsecSuiteEntry 5 }

    wfIpsecSuiteAhProtocol OBJECT-TYPE
        SYNTAX Opaque
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The ordered sequence of wfIpsecAhProposalEntry instances that
                 comprise this protection suite."
        ::= { wfIpsecSuiteEntry 6 }

-----------------------
--
-- end of IpsecSuite
--
-----------------------

    wfIpsecEspTransformTable OBJECT-TYPE
        SYNTAX SEQUENCE OF WfIpsecEspTransformEntry
        ACCESS not-accessible
        STATUS mandatory
        DESCRIPTION
                "Table of IP security policies"
        ::= { wfIpsecGroup 10 }

    wfIpsecEspTransformEntry OBJECT-TYPE
        SYNTAX WfIpsecEspTransformEntry
        ACCESS not-accessible
        STATUS mandatory
        DESCRIPTION
                "An IP security ESP Transform"
        INDEX  { wfIpsecEspTransformNumber }
        ::= { wfIpsecEspTransformTable 1 }

    WfIpsecEspTransformEntry ::= SEQUENCE {
          wfIpsecEspTransformCreate
         INTEGER,
          wfIpsecEspTransformStatus
         INTEGER,
          wfIpsecEspTransformName
         DisplayString,
          wfIpsecEspTransformNumber
         INTEGER,
          wfIpsecEspTransformCipherAlg
         INTEGER,
          wfIpsecEspTransformKeyLength
         INTEGER,
          wfIpsecEspTransformIntegrityAlg
         INTEGER,
          wfIpsecEspTransformExpiryTime
         INTEGER,
          wfIpsecEspTransformExpiryMBytes
         INTEGER,
          wfIpsecEspTransformExpiryPref
         INTEGER
        }

    wfIpsecEspTransformCreate OBJECT-TYPE
        SYNTAX INTEGER {
             created(1),
             deleted(2)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "Create/Delete parameter. Default is created."
        DEFVAL { created }
        ::= { wfIpsecEspTransformEntry 1 }

    wfIpsecEspTransformStatus OBJECT-TYPE
        SYNTAX INTEGER {
             active(1),
             error(2),
             inactive(3),
             notpresent(4)
        }
        ACCESS read-only
        STATUS mandatory
        DESCRIPTION
                "The status of this ESP Transform."
        DEFVAL { notpresent }
        ::= { wfIpsecEspTransformEntry 2 }

    wfIpsecEspTransformName OBJECT-TYPE
        SYNTAX DisplayString
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "ESP Transform name."
        ::= { wfIpsecEspTransformEntry 3 }

    wfIpsecEspTransformNumber OBJECT-TYPE
        SYNTAX INTEGER
        ACCESS read-only
        STATUS mandatory
        DESCRIPTION
                "A number that identifies this ESP proposal."
        ::= { wfIpsecEspTransformEntry 4 }

    wfIpsecEspTransformCipherAlg OBJECT-TYPE
        SYNTAX INTEGER {
             none(1),
             des(2),
             desede(3)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The cipher algorithm for ESP."
        DEFVAL { des }
        ::= { wfIpsecEspTransformEntry 5 }

    wfIpsecEspTransformKeyLength OBJECT-TYPE
        SYNTAX INTEGER
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The key length for the ESP cipher algorithm."
        ::= { wfIpsecEspTransformEntry 6 }

    wfIpsecEspTransformIntegrityAlg OBJECT-TYPE
        SYNTAX INTEGER {
             none(1),
             hmacMd5(2),
             hmacSha1(3)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The algorithm for ESP Auth."
        DEFVAL { none }
        ::= { wfIpsecEspTransformEntry 7 }

    wfIpsecEspTransformExpiryTime OBJECT-TYPE
	SYNTAX INTEGER
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
	    "The value used to determine when the keys for this SA
             expire due to the passage of time. The units are minutes.
             The minium recommended value is 10 min. "
        DEFVAL { 480 }
	::= { wfIpsecEspTransformEntry 8 }

    wfIpsecEspTransformExpiryMBytes OBJECT-TYPE
        SYNTAX INTEGER
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The value used to determine when the keys for this SA
                 expire due to the number of bytes processed. The units are
                 mega-bytes. The minium recommended value is 10 Mbytes. A 
                 value of 0 indicates that MByte expiry is not desired."
        DEFVAL { 1024 }
        ::= { wfIpsecEspTransformEntry 9 }

    wfIpsecEspTransformExpiryPref OBJECT-TYPE
        SYNTAX INTEGER {
             minutes(1),
             mbytes(2)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The value used to determine precedence between time/kbyte 
                expiry"
        DEFVAL { minutes }
	::= { wfIpsecEspTransformEntry 10 }

 
-----------------------
--
-- end of IpsecEspTransform
--
-----------------------

    wfIpsecAhTransformTable OBJECT-TYPE
        SYNTAX SEQUENCE OF WfIpsecAhTransformEntry
        ACCESS not-accessible
        STATUS mandatory
        DESCRIPTION
                "Table of IP security policies"
        ::= { wfIpsecGroup 11 }

    wfIpsecAhTransformEntry OBJECT-TYPE
        SYNTAX WfIpsecAhTransformEntry
        ACCESS not-accessible
        STATUS mandatory
        DESCRIPTION
                "An IP security AhTransform"
        INDEX  { wfIpsecAhTransformNumber }
        ::= { wfIpsecAhTransformTable 1 }

    WfIpsecAhTransformEntry ::= SEQUENCE {
          wfIpsecAhTransformCreate
         INTEGER,
          wfIpsecAhTransformStatus
         INTEGER,
          wfIpsecAhTransformName
         DisplayString,
          wfIpsecAhTransformNumber
         INTEGER,
          wfIpsecAhTransformIntegrityAlg
         INTEGER,
          wfIpsecAhTransformGroup
         INTEGER,
          wfIpsecAhTransformExpiryType
         INTEGER,
          wfIpsecAhTransformExpiryValue
         INTEGER
        }

    wfIpsecAhTransformCreate OBJECT-TYPE
        SYNTAX INTEGER {
             created(1),
             deleted(2)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "Create/Delete parameter. Default is created."
        DEFVAL { created }
        ::= { wfIpsecAhTransformEntry 1 }

    wfIpsecAhTransformStatus OBJECT-TYPE
        SYNTAX INTEGER {
             active(1),
             error(2),
             inactive(3),
             notpresent(4)
        }
        ACCESS read-only
        STATUS mandatory
        DESCRIPTION
                "The status of this AhTransform."
        DEFVAL { notpresent }
        ::= { wfIpsecAhTransformEntry 2 }

    wfIpsecAhTransformName OBJECT-TYPE
        SYNTAX DisplayString
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "AhTransform name."
        ::= { wfIpsecAhTransformEntry 3 }

    wfIpsecAhTransformNumber OBJECT-TYPE
        SYNTAX INTEGER
        ACCESS read-only
        STATUS mandatory
        DESCRIPTION
                "A number that identifies this AH proposal."
        ::= { wfIpsecAhTransformEntry 4 }

    wfIpsecAhTransformIntegrityAlg OBJECT-TYPE
        SYNTAX INTEGER {
             none(1),
             hmacMd5(2),
             hmacSha1(3)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The algorithm for AH."
        DEFVAL { hmacMd5 }
        ::= { wfIpsecAhTransformEntry 5 }

    wfIpsecAhTransformGroup OBJECT-TYPE
        SYNTAX INTEGER {
             one(1)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The DH group"
        DEFVAL { one }
        ::= { wfIpsecAhTransformEntry 6 }

    wfIpsecAhTransformExpiryType OBJECT-TYPE
        SYNTAX INTEGER {
             seconds(1),
             kilobytes(2),
             none(3)
        }
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The units used to interpret the expiry value. The SA's
                 keys don't expire when this is set to none."
        DEFVAL { kilobytes }
        ::= { wfIpsecAhTransformEntry 7 }

    wfIpsecAhTransformExpiryValue OBJECT-TYPE
        SYNTAX INTEGER
        ACCESS read-write
        STATUS mandatory
        DESCRIPTION
                "The value used to determine when the keys for this SA
                 expire."
        DEFVAL { 1024 }
        ::= { wfIpsecAhTransformEntry 8 }

-----------------------
--
-- end of IpsecAhTransform
--
-----------------------

	wfIpsecSaStatsTable OBJECT-TYPE
		SYNTAX	SEQUENCE OF WfIpsecSaStatsEntry
		ACCESS	not-accessible
        	STATUS	mandatory
        	DESCRIPTION
			"The Ipsec automated SA table"
		::= { wfIpsecGroup 12 }

	wfIpsecSaStatsEntry OBJECT-TYPE
		SYNTAX	WfIpsecSaStatsEntry
		ACCESS	not-accessible
        	STATUS	mandatory
        	DESCRIPTION
			"Entry in Automated ESP SA table"
		INDEX	{ wfIpsecSaStatsSrc,
                	wfIpsecSaStatsDest,
                 	wfIpsecSaStatsSpi }
		::= { wfIpsecSaStatsTable 1 }

	WfIpsecSaStatsEntry ::= SEQUENCE {
    	    wfIpsecSaStatsStatus
    		INTEGER,
    	    wfIpsecSaStatsSrc
    		IpAddress,
    	    wfIpsecSaStatsDest
    		IpAddress,
    	    wfIpsecSaStatsSpi
    		Gauge,
	    wfIpsecSaStatsProto
	        INTEGER,
            wfIpsecSaStatsCipherAlg
	    	INTEGER,
            wfIpsecSaStatsIntegrityAlg
	    	INTEGER,
    	    wfIpsecSaStatsBadAuthen
    		Counter,
    	    wfIpsecSaStatsBadDecrypt
    		Counter,
    	    wfIpsecSaStatsBadPad
    		Counter,
            wfIpsecSaStatsProtectPkt 
    		Counter,
            wfIpsecSaStatsUnprotectPkt 
    		Counter,
            wfIpsecSaStatsEncryptByte
    		Counter,
            wfIpsecSaStatsDecryptByte
    		Counter,
            wfIpsecSaStatsMode
			INTEGER,
            wfIpsecSaStatsPfs
			INTEGER,
            wfIpsecSaStatsExpiryType
			INTEGER,
            wfIpsecSaStatsExpiryValue
			INTEGER
        }


    wfIpsecSaStatsStatus OBJECT-TYPE
        SYNTAX	INTEGER {
    		    up(1),
    		    down(2),
             inactive(3),
             notpresent(4)
        }
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The current status of this Security Association:
                 up: this SA is in use
                 down: this SA is misconfigured ??? 
                 inactive: this SA is disabled ??? 
                 notpresent: the IPsec code isn't loaded ??? "
        DEFVAL	{ notpresent }
        ::= { wfIpsecSaStatsEntry 1 }

    wfIpsecSaStatsSrc OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The IP address of the SA's source."
        ::= { wfIpsecSaStatsEntry 2 }

    wfIpsecSaStatsDest OBJECT-TYPE
        SYNTAX	IpAddress
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The IP address of the SA's destination."
        ::= { wfIpsecSaStatsEntry 3 }

    wfIpsecSaStatsSpi OBJECT-TYPE
        SYNTAX	Gauge
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The security parameters index"
        ::= { wfIpsecSaStatsEntry 4 }

    wfIpsecSaStatsProto OBJECT-TYPE
        SYNTAX  INTEGER {
		 none(1),
                 esp(2),
                 ah(3)
        }
        ACCESS  read-only
        STATUS  mandatory
        DESCRIPTION
                "The protocol used by this SA."
        DEFVAL { none }
        ::= { wfIpsecSaStatsEntry 5 }


    wfIpsecSaStatsCipherAlg OBJECT-TYPE
        SYNTAX	INTEGER {
    		    none(1),
    		    des(2),
    		    desede(3)
        }
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "Identifies cipher algorithm for this SA."
        DEFVAL { des }
        ::= { wfIpsecSaStatsEntry 6 }

    wfIpsecSaStatsIntegrityAlg OBJECT-TYPE
        SYNTAX	INTEGER {
             none(1),
             hmacMd5(2),
             hmacSha1(3)
        }
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The algorithm for ESP Auth."
        DEFVAL { none }
        ::= { wfIpsecSaStatsEntry 7 }


    wfIpsecSaStatsBadAuthen OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received encrypted packets that could 
                not be properly authenticated."
        ::= { wfIpsecSaStatsEntry 8 }

    wfIpsecSaStatsBadDecrypt OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets that could 
                not be properly decrypted."
        ::= { wfIpsecSaStatsEntry 9 }

    wfIpsecSaStatsBadPad OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of received packets that contained
                bad padding information."
        ::= { wfIpsecSaStatsEntry 10 }

    wfIpsecSaStatsProtectPkt OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of successfully encrypted packets."
        ::= { wfIpsecSaStatsEntry 11 }

    wfIpsecSaStatsUnprotectPkt OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of successfully decrypted packets." 
        ::= { wfIpsecSaStatsEntry 12 }

    wfIpsecSaStatsEncryptByte OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of successfully encrypted bytes."
        ::= { wfIpsecSaStatsEntry 13 }

    wfIpsecSaStatsDecryptByte OBJECT-TYPE
        SYNTAX	Counter
        ACCESS	read-only
        STATUS	mandatory
        DESCRIPTION
                "The number of successfully encrypted bytes."
        ::= { wfIpsecSaStatsEntry 14 }

    wfIpsecSaStatsMode OBJECT-TYPE
        SYNTAX  INTEGER {
                    tunnel(1),
                    transport(2)
                }
        ACCESS  read-only
        STATUS  mandatory
        DESCRIPTION
                "Identifies mode of the SA."
        DEFVAL { tunnel }
        ::= { wfIpsecSaStatsEntry 15 }

    wfIpsecSaStatsPfs OBJECT-TYPE
        SYNTAX  INTEGER {
                    true(1),
                    false(2)
                }
        ACCESS  read-only
        STATUS  mandatory
        DESCRIPTION
                "Identifies whether this SA has perfect forward secrecy or
                 not."
        DEFVAL { true }
        ::= { wfIpsecSaStatsEntry 16 }

    wfIpsecSaStatsExpiryType OBJECT-TYPE
        SYNTAX  INTEGER {
                    seconds(1),
                    kilobytes(2),
                    none(3)
                }
        ACCESS  read-only
        STATUS  mandatory
        DESCRIPTION
                "The units used to interpret the expiry value. The SA's
                 keys don't expire when this is set to none."
        DEFVAL { none }
        ::= { wfIpsecSaStatsEntry 17 }

    wfIpsecSaStatsExpiryValue OBJECT-TYPE
        SYNTAX  INTEGER
        ACCESS  read-only
        STATUS  mandatory
        DESCRIPTION
                "The value used to determine when the keys for this SA
                 expire."
        ::= { wfIpsecSaStatsEntry 18 }


    END  -- Wellfleet-IPSEC-MIB