--    ============================================================================
-- Copyright (C) 2003 by  HUAWEI-3COM TECHNOLOGIES.  All rights reserved.
-- Description:  This mib file is used for configuration of NAT.
--                include :1.NAT pool
--                         2.NAT out bound
--                         3.NAT inside server
--                         4.NAT agetime
--                         5.NAT blacklist
--                         6.NAT statistics information
--                         7.NAT DNS
-- Reference:
-- Version: V1.2
-- History:
-- V1.0 2004/09/17 created by xiaoshuchao
-- V1.1 2005/06/01 Modified by liguanmin
--      Modify the value range of the node h3cNATOutboundPoolIdx
-- V1.2 2007/05/22 Modified by tangjiafeng
--      Modify the value range of the node h3cNATSessionPeerPort
-- ============================================================================
A3COM-HUAWEI-NAT-MIB DEFINITIONS ::= BEGIN

                IMPORTS
                        h3cCommon
                                FROM A3COM-HUAWEI-OID-MIB
                        ifIndex
                                FROM RFC1213-MIB
                        TimeTicks, IpAddress, Integer32, Counter32, OBJECT-TYPE,
                        MODULE-IDENTITY
                                FROM SNMPv2-SMI
                        RowStatus, DisplayString
                                FROM SNMPv2-TC;


                h3cNat MODULE-IDENTITY
                        LAST-UPDATED "200409170100Z"            -- September 17, 2004 at 01:00 GMT
                        ORGANIZATION
                                "Huawei-3Com Technologies Co., Ltd."
                        CONTACT-INFO
                                "http://www.huawei-3com.com"
                        DESCRIPTION
                                "This MIB contains objects to manage configuration of NAT.
                                There are no constraints on this MIB."
                        REVISION "200501201518Z"                -- January 20, 2005 at 15:18 GMT
                        DESCRIPTION
                                "The initial revision of this MIB module."
                        ::= { h3cCommon 18 }




--
-- Node definitions
--

-- Global Variants
                h3cNATGlobalVars OBJECT IDENTIFIER ::= { h3cNat 1 }


--                     **************Global Variants***************
-- NAT Clear Session
                h3cNATClearSession OBJECT IDENTIFIER ::= { h3cNATGlobalVars 1 }


                h3cNATClearSessionSlotNo OBJECT-TYPE
                        SYNTAX INTEGER (1..14 | 255)
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "The number of NAT board in which administrator wants to
                                clear data of the session. In router, the value is 255
                                because no NAT board in it. This node only supports 'set' operation.
                                The return value of 'get' operation is meaningless."
                        ::= { h3cNATClearSession 1 }


--     NAT blacklist UserConnectLimitPara
                h3cNATBLConnectLimitPara OBJECT IDENTIFIER ::= { h3cNATGlobalVars 2 }


                h3cNATBLConnectHighValue OBJECT-TYPE
                        SYNTAX INTEGER (20..20000)
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "The maximal connection amount.  If the connection amount exceeds the
                                value, the IP address will be added into blacklist.  The IP address
                                will not be removed from blacklist until the connection amount is
                                less than the minimal connection amount."
                        DEFVAL { 500 }
                        ::= { h3cNATBLConnectLimitPara 1 }


                h3cNATBLConnectLowValue OBJECT-TYPE
                        SYNTAX INTEGER (20..20000)
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "The minimal connection amount."
                        DEFVAL { 200 }
                        ::= { h3cNATBLConnectLimitPara 2 }


                h3cNATBLConnectHighRate OBJECT-TYPE
                        SYNTAX INTEGER (20..21474836)
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "The maximal connection rate(in second).  If the connection rate exceed the
                                value, the IP address will be added into blacklist.  The IP address
                                will not be removed from blacklist until the connection rate is
                                less than the minimal connection rate."
                        DEFVAL { 250 }
                        ::= { h3cNATBLConnectLimitPara 3 }


                h3cNATBLConnectLowRate OBJECT-TYPE
                        SYNTAX INTEGER (20..21474836)
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "The minimal connection rate(in second)."
                        DEFVAL { 100 }
                        ::= { h3cNATBLConnectLimitPara 4 }


                h3cNATBLSpecialConnectHighRate OBJECT-TYPE
                        SYNTAX INTEGER (20..21474836)
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "The maximal special connection rate(in second).  When administrator
                                wants to control the speed of connection, he can selects the connection
                                speed rate or special connection rate."
                        DEFVAL { 250 }
                        ::= { h3cNATBLConnectLimitPara 5 }


                h3cNATBLSpecialConnectLowRate OBJECT-TYPE
                        SYNTAX INTEGER (20..21474836)
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "The minimal special connection rate(in second)."
                        DEFVAL { 100 }
                        ::= { h3cNATBLConnectLimitPara 6 }


--     NAT blacklist property control Enable
                h3cNATBLCtrlEnable OBJECT IDENTIFIER ::= { h3cNATGlobalVars 3 }


                h3cNATBLConnectSumEnable OBJECT-TYPE
                        SYNTAX INTEGER
                                {
                                enable(1),
                                disable(2)
                                }
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "Enable or disable the connection amount control."
                        DEFVAL { disable }
                        ::= { h3cNATBLCtrlEnable 1 }


                h3cNATBLConnectRateEnable OBJECT-TYPE
                        SYNTAX INTEGER
                                {
                                enable(1),
                                disable(2)
                                }
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "Enable or disable the connection rate control."
                        DEFVAL { disable }
                        ::= { h3cNATBLCtrlEnable 2 }


--     NAT NP aging-time
                h3cNATNPTimer OBJECT IDENTIFIER ::= { h3cNATGlobalVars 4 }


                h3cNATNPAgingTime OBJECT-TYPE
                        SYNTAX INTEGER
                                {
                                fast(1),
                                slow(2)
                                }
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "There are two kinds of aging time in NP.  One is fast and the other is
                                slow.  Administrator can select one or other.  The defalult is fast."
                        DEFVAL { fast }
                        ::= { h3cNATNPTimer 1 }


                h3cNATMibObjects OBJECT IDENTIFIER ::= { h3cNat 2 }


--                      **************MibObjects***************
-- NAT address pool table
                h3cNATPoolInfoTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATPoolInfoEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "NAT address pool table : The address in the pool is
                                the IP address in the global network. The pool can span
                                255 IP addresses.All address pools configured by administrator
                                are recorded in this table."
                        ::= { h3cNATMibObjects 1 }


                h3cNATPoolInfoEntry OBJECT-TYPE
                        SYNTAX H3cNATPoolInfoEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The entry of NAT address pool table."
                        INDEX { h3cNATPoolIdx }
                        ::= { h3cNATPoolInfoTable 1 }


                H3cNATPoolInfoEntry ::=
                        SEQUENCE {
                                h3cNATPoolIdx
                                        Integer32,
                                h3cNATPoolStartIpAddr
                                        IpAddress,
                                h3cNATPoolEndIpAddr
                                        IpAddress,
                                h3cNATPoolSlotNo
                                        INTEGER,
                                h3cNATPoolRefCounter
                                        Integer32,
                                h3cNATPoolRowStatus
                                        RowStatus
                         }

                h3cNATPoolIdx OBJECT-TYPE
                        SYNTAX Integer32 (1..320)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "Index of the address pool: The index uniquely indicates
                                the address pool in the system, and its range is from 1 to 320. "
                        ::= { h3cNATPoolInfoEntry 1 }


                h3cNATPoolStartIpAddr OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The start IP address of address pool:
                                It must be less than or equal to the end IP address."
                        ::= { h3cNATPoolInfoEntry 2 }


                h3cNATPoolEndIpAddr OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The end IP address of address pool:
                                It must be more than or equal to the start IP address."
                        ::= { h3cNATPoolInfoEntry 3 }


                h3cNATPoolSlotNo OBJECT-TYPE
                        SYNTAX INTEGER (1..14 | 255)
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The number of NAT board to which the address pool is bound.
                                The address translation is processed by this NAT board .
                                The relation between address pool and slotNo is n:1.
                                When the address pool is not bound to the NAT board,the value is 255. "
                        ::= { h3cNATPoolInfoEntry 4 }


                h3cNATPoolRefCounter OBJECT-TYPE
                        SYNTAX Integer32
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The counter of reference.  A address pool can be associated with
                                more than one ACL and the counter of reference is recorded in this
                                field.  When the address pool is not associated with ACL, the value is 0."
                        ::= { h3cNATPoolInfoEntry 5 }


                h3cNATPoolRowStatus OBJECT-TYPE
                        SYNTAX RowStatus
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Only support 'destroy' and 'createAndGo'.
                                If h3cNATPoolIdx, h3cNATPoolStartIpAddr and
                                h3cNATPoolEndIpAddr were provided correctly,
                                its value is changed 'active'."
                        ::= { h3cNATPoolInfoEntry 6 }


--     NAT Out bound Table
                h3cNATOutboundTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATOutboundEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "NAT out bound table: through associating ACL number,
                                address pool with NAT board, administrator can designate
                                which inside IP address can be translated to global IP
                                address in the pool and the translation is processed by
                                which NAT board."
                        ::= { h3cNATMibObjects 2 }


                h3cNATOutboundEntry OBJECT-TYPE
                        SYNTAX H3cNATOutboundEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The entry of NAT out bound table."
                        INDEX { ifIndex, h3cNATOutboundAclNo }
                        ::= { h3cNATOutboundTable 1 }


                H3cNATOutboundEntry ::=
                        SEQUENCE {
                                h3cNATOutboundAclNo
                                        INTEGER,
                                h3cNATOutboundPoolIdx
                                        INTEGER,
                                h3cNATOutboundIsNoPat
                                        INTEGER,
                                h3cNATOutboundSlotNo
                                        Integer32,
                                h3cNATOutboundRowStatus
                                        RowStatus
                         }

                h3cNATOutboundAclNo OBJECT-TYPE
                        SYNTAX INTEGER (2000..3999)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The number of ACL(Access Control List).  When the packet accords with
                                the rule in the ACL, its source IP address will be translated to IP
                                address in Address pool."
                        ::= { h3cNATOutboundEntry 1 }


                h3cNATOutboundPoolIdx OBJECT-TYPE
                        SYNTAX INTEGER (0..320 | 2147483647)
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The index of address pool in h3cNATPoolInfoTable.
                                when administrator doesn't use the address pool and
                                use the IP address of the interface as the address of
                                global network, the value is 2147483647."
                        ::= { h3cNATOutboundEntry 2 }


                h3cNATOutboundIsNoPat OBJECT-TYPE
                        SYNTAX INTEGER
                                {
                                true(1),
                                false(2)
                                }
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Whether to use no pat manner.  The translation of no pat
                                is that the translation doesn't use the port information of packet."
                        DEFVAL { false }
                        ::= { h3cNATOutboundEntry 3 }


                h3cNATOutboundSlotNo OBJECT-TYPE
                        SYNTAX Integer32 (1..14 | 255)
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The number of NAT board.  In router, the value is 255 because no NAT board in it."
                        ::= { h3cNATOutboundEntry 4 }


                h3cNATOutboundRowStatus OBJECT-TYPE
                        SYNTAX RowStatus
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Only support 'destroy' and 'createAndGo'.
                                If h3cNATOutboundAclNo or h3cNATOutboundAclNo
                                and h3cNATOutboundPoolIdx were provided correctly,
                                its value is changed 'active'."
                        ::= { h3cNATOutboundEntry 5 }


--     NAT inside Server Table
                h3cNATServerTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATServerEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "NAT inside Server Table.  Administrator can configure server in the
                                private network which can provide service for people in the public network.
                                The translation map is :
                                (InsideIP     , InsidePort--> GlobalIP, GlobalPort    )
                                (InsideIP + 1 , InsidePort--> GlobalIP, GlobalPort + 1)
                                (InsideIP + 2 , InsidePort--> GlobalIP, GlobalPort + 2)
                                ...
                                ...
                                ...
                                (InsideIP+n(=InsideIP2),InsidePort--> GlobalIP,GlobalPort+n(=GlobalPort2))
                                "
                        ::= { h3cNATMibObjects 3 }


                h3cNATServerEntry OBJECT-TYPE
                        SYNTAX H3cNATServerEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The entry of NAT inside server table."
                        INDEX { ifIndex, h3cNATServerProType, h3cNATServerGlobalIP, h3cNATServerStartGlobalPort, h3cNATServerVpnIndex
                                 }
                        ::= { h3cNATServerTable 1 }


                H3cNATServerEntry ::=
                        SEQUENCE {
                                h3cNATServerProType
                                        INTEGER,
                                h3cNATServerGlobalIP
                                        IpAddress,
                                h3cNATServerStartGlobalPort
                                        INTEGER,
                                h3cNATServerEndGlobalPort
                                        INTEGER,
                                h3cNATServerStartInsideIP
                                        IpAddress,
                                h3cNATServerEndInsideIP
                                        IpAddress,
                                h3cNATServerInsidePort
                                        INTEGER,
                                h3cNATServerSlotNo
                                        Integer32,
                                h3cNATServerVpnIndex
                                        Integer32,
                                h3cNATServerAclNumber
                                        Integer32,
                                h3cNATServerRowStatus
                                        RowStatus
                         }

                h3cNATServerProType OBJECT-TYPE
                        SYNTAX INTEGER (1..255)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The type of protocol: icmp(1), tcp(6), udp(17) and others."
                        ::= { h3cNATServerEntry 1 }


                h3cNATServerGlobalIP OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The global IP address of Inside Server."
                        ::= { h3cNATServerEntry 2 }


                h3cNATServerStartGlobalPort OBJECT-TYPE
                        SYNTAX INTEGER (0..65535)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The start global port of Inside Server.
                                When the port need not be configured, the value is 0."
                        ::= { h3cNATServerEntry 3 }


                h3cNATServerEndGlobalPort OBJECT-TYPE
                        SYNTAX INTEGER (0..65535)
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The end global port of Inside Server.  When administrator doesn't
                                configure a series of inside server, the value is 0.
                                If the value is not zero, the value of (GlobalPort2-GlobalPort)
                                must be equal to (InsideIP2 - InsideIP)."
                        ::= { h3cNATServerEntry 4 }


                h3cNATServerStartInsideIP OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The start private IP address of Inside Server."
                        ::= { h3cNATServerEntry 5 }


                h3cNATServerEndInsideIP OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The end private IP address of Inside Server.  When administrator doesn't
                                configure a series of inside server, the value is 0.0.0.0."
                        ::= { h3cNATServerEntry 6 }


                h3cNATServerInsidePort OBJECT-TYPE
                        SYNTAX INTEGER (0..65535)
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The private port of Inside Server."
                        ::= { h3cNATServerEntry 7 }


                h3cNATServerSlotNo OBJECT-TYPE
                        SYNTAX Integer32 (1..14 | 255)
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The number of NAT board.  In router, the value is 255 because no NAT board in it."
                        ::= { h3cNATServerEntry 8 }


                h3cNATServerVpnIndex OBJECT-TYPE
                        SYNTAX Integer32 (0..65535)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The VPN index of server."
                        ::= { h3cNATServerEntry 10 }


                h3cNATServerAclNumber OBJECT-TYPE
                        SYNTAX Integer32 (1..10000)
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Number of basic or advanced acl."
                        ::= { h3cNATServerEntry 11 }


                h3cNATServerRowStatus OBJECT-TYPE
                        SYNTAX RowStatus
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Only support 'destroy' and 'createAndGo'.
                                If h3cNATServerProType, h3cNATServerGlobalIP, h3cNATServerGlobalPort
                                and h3cNATServerInsideIP were provided correctly,
                                its value is changed 'active'."
                        ::= { h3cNATServerEntry 12 }


--     NAT Time out Table
                h3cNATTimeOutTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATTimeOutEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "NAT Time out Table. When a connection is established,
                                if there are not any actives in this connection between
                                the time, it will be disconnected."
                        ::= { h3cNATMibObjects 4 }


                h3cNATTimeOutEntry OBJECT-TYPE
                        SYNTAX H3cNATTimeOutEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The entry of NAT Time out Table."
                        INDEX { h3cNATTimeOutProtocol }
                        ::= { h3cNATTimeOutTable 1 }


                H3cNATTimeOutEntry ::=
                        SEQUENCE {
                                h3cNATTimeOutProtocol
                                        INTEGER,
                                h3cNATTimeOutTimeValue
                                        INTEGER
                         }

                h3cNATTimeOutProtocol OBJECT-TYPE
                        SYNTAX INTEGER
                                {
                                tcp(1),
                                udp(2),
                                icmp(3),
                                pptp(4),
                                dns(5),
                                tcpFin(6),
                                tcpSyn(7),
                                ftpCtrl(8),
                                ftpData(9)
                                }
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The type of protocol."
                        ::= { h3cNATTimeOutEntry 1 }


                h3cNATTimeOutTimeValue OBJECT-TYPE
                        SYNTAX INTEGER (10..86400)
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "The time of time out."
                        ::= { h3cNATTimeOutEntry 2 }


--     NAT blacklist Enable(start/stop) Table
                h3cNATBLEnableTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATBLEnableEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "NAT blacklist function Enable Table.  In this table, administrator can decide
                                whether to start the function of blacklist in the NAT board.
                                When the function of blacklist can't be set for a NAT board,
                                the number of NAT board is 256."
                        ::= { h3cNATMibObjects 5 }


                h3cNATBLEnableEntry OBJECT-TYPE
                        SYNTAX H3cNATBLEnableEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The entry of NAT blacklist Enable Table."
                        INDEX { h3cNATBLEnableSlotNo }
                        ::= { h3cNATBLEnableTable 1 }


                H3cNATBLEnableEntry ::=
                        SEQUENCE {
                                h3cNATBLEnableSlotNo
                                        Integer32,
                                h3cNATBLEnable
                                        INTEGER
                         }

                h3cNATBLEnableSlotNo OBJECT-TYPE
                        SYNTAX Integer32 (1..14 | 255)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The number of NAT board.
                                When the function of blacklist can't be set for a NAT board,
                                the value is 255."
                        ::= { h3cNATBLEnableEntry 1 }


                h3cNATBLEnable OBJECT-TYPE
                        SYNTAX INTEGER
                                {
                                enable(1),
                                disable(2)
                                }
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "Start or stop of function of balcklist."
                        DEFVAL { disable }
                        ::= { h3cNATBLEnableEntry 2 }


--     NAT special IP ConnectLimitPara Table
                h3cNATBLIPConnectLimitParaTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATBLIPConnectLimitParaEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The table of connection control of special IP address.  In this table, administrator can decide to
                                adopt which manner to control the connection which IP address is the
                                special IP address."
                        ::= { h3cNATMibObjects 6 }


                h3cNATBLIPConnectLimitParaEntry OBJECT-TYPE
                        SYNTAX H3cNATBLIPConnectLimitParaEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The entry of the table of connection control of special IP address."
                        INDEX { h3cNATBLIPConnectLimitParaIP }
                        ::= { h3cNATBLIPConnectLimitParaTable 1 }


                H3cNATBLIPConnectLimitParaEntry ::=
                        SEQUENCE {
                                h3cNATBLIPConnectLimitParaIP
                                        IpAddress,
                                h3cNATBLIPConnectHighValue
                                        INTEGER,
                                h3cNATBLIPConnectLowValue
                                        INTEGER,
                                h3cNATBLIPUseSpecialConnectRate
                                        INTEGER,
                                h3cNATBLIPConnectLimitRowStatus
                                        RowStatus
                         }

                h3cNATBLIPConnectLimitParaIP OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The special IP address.  The IP is private IP address."
                        ::= { h3cNATBLIPConnectLimitParaEntry 1 }


                h3cNATBLIPConnectHighValue OBJECT-TYPE
                        SYNTAX INTEGER (20..20000)
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The maximal connection amount.  It must be more than the minimal connection amount."
                        DEFVAL { 500 }
                        ::= { h3cNATBLIPConnectLimitParaEntry 2 }


                h3cNATBLIPConnectLowValue OBJECT-TYPE
                        SYNTAX INTEGER (20..20000)
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "The minimal connection amount.  It must be less than the maximal connection amount."
                        DEFVAL { 200 }
                        ::= { h3cNATBLIPConnectLimitParaEntry 3 }


                h3cNATBLIPUseSpecialConnectRate OBJECT-TYPE
                        SYNTAX INTEGER
                                {
                                true(1),
                                false(2)
                                }
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Whether to use the special connection rate control."
                        DEFVAL { false }
                        ::= { h3cNATBLIPConnectLimitParaEntry 4 }


                h3cNATBLIPConnectLimitRowStatus OBJECT-TYPE
                        SYNTAX RowStatus
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Only support 'destroy' and 'createAndGo'.
                                 If h3cNATBLIPConnectHighValue, h3cNATBLIPConnectLowValue
                                 and h3cNATBLIPUseSpecialConnectRate were provided correctly,
                                 its value is changed 'active'."
                        ::= { h3cNATBLIPConnectLimitParaEntry 5 }


--     NAT blacklist Manager Table
                h3cNATBLManagerTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATBLManagerEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The management table of blacklist.
                                The table doesn't support 'getnext' operation."
                        ::= { h3cNATMibObjects 7 }


                h3cNATBLManagerEntry OBJECT-TYPE
                        SYNTAX H3cNATBLManagerEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The entry of management table of blacklist."
                        INDEX { h3cNATBLIpAdress, h3cNATBLSlotNo }
                        ::= { h3cNATBLManagerTable 1 }


                H3cNATBLManagerEntry ::=
                        SEQUENCE {
                                h3cNATBLIpAdress
                                        IpAddress,
                                h3cNATBLSlotNo
                                        INTEGER,
                                h3cNATBLConSum
                                        Integer32,
                                h3cNATBLConSpd
                                        INTEGER
                         }

                h3cNATBLIpAdress OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The IP address of entry of blacklist."
                        ::= { h3cNATBLManagerEntry 1 }


                h3cNATBLSlotNo OBJECT-TYPE
                        SYNTAX INTEGER (1..14)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The number of NAT board."
                        ::= { h3cNATBLManagerEntry 2 }


                h3cNATBLConSum OBJECT-TYPE
                        SYNTAX Integer32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "The connection amount."
                        ::= { h3cNATBLManagerEntry 3 }


                h3cNATBLConSpd OBJECT-TYPE
                        SYNTAX INTEGER
                                {
                                red(1),
                                yellow(2),
                                green(3)
                                }
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "The state of connection rate:
                                red(1)   : the connection rate is above the upper limit.
                                yellow(2): the connection rate is between the upper and lower limit.
                                green(3) : the conneciton rate is below the lower limit."
                        ::= { h3cNATBLManagerEntry 4 }


--     NAT Statistics Info
                h3cNATStatTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATStatEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The statistics information table of NAT module."
                        ::= { h3cNATMibObjects 8 }


                h3cNATStatEntry OBJECT-TYPE
                        SYNTAX H3cNATStatEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The entry of statistics information table of NAT module."
                        INDEX { h3cNATStatNATBoardNo }
                        ::= { h3cNATStatTable 1 }


                H3cNATStatEntry ::=
                        SEQUENCE {
                                h3cNATStatNATBoardNo
                                        Integer32,
                                h3cNATStatActiveTblCount
                                        Counter32,
                                h3cNATStatActiveTblCountInNP
                                        Counter32,
                                h3cNATStatActiveNatTblCount
                                        Counter32,
                                h3cNATStatActiveSvrTblCount
                                        Counter32,
                                h3cNATStatActivePoolTblCount
                                        Counter32,
                                h3cNATStatNumOfUsedPort
                                        Counter32,
                                h3cNATStatNumOfGoodPkt
                                        Counter32,
                                h3cNATStatNumOfBadPkt
                                        Counter32,
                                h3cNATStaticSessionCount
                                        Integer32,
                                h3cNATFragmentSessionCount
                                        Integer32,
                                h3cNATSequenceSessionCount
                                        Integer32,
                                h3cNATLogCount
                                        Integer32
                         }

                h3cNATStatNATBoardNo OBJECT-TYPE
                        SYNTAX Integer32 (1..14 | 255)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The number of NAT board.  In router, the value is 255 because no NAT board in it."
                        ::= { h3cNATStatEntry 1 }


                h3cNATStatActiveTblCount OBJECT-TYPE
                        SYNTAX Counter32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "Active PAT session count In software."
                        ::= { h3cNATStatEntry 2 }


                h3cNATStatActiveTblCountInNP OBJECT-TYPE
                        SYNTAX Counter32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "Active PAT session count In NP."
                        ::= { h3cNATStatEntry 3 }


                h3cNATStatActiveNatTblCount OBJECT-TYPE
                        SYNTAX Counter32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "Active NO-PAT session count."
                        ::= { h3cNATStatEntry 4 }


                h3cNATStatActiveSvrTblCount OBJECT-TYPE
                        SYNTAX Counter32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "Active SERVER session count."
                        ::= { h3cNATStatEntry 5 }


                h3cNATStatActivePoolTblCount OBJECT-TYPE
                        SYNTAX Counter32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "Active address pool session count."
                        ::= { h3cNATStatEntry 6 }


                h3cNATStatNumOfUsedPort OBJECT-TYPE
                        SYNTAX Counter32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "The number of used port in NP."
                        ::= { h3cNATStatEntry 7 }


                h3cNATStatNumOfGoodPkt OBJECT-TYPE
                        SYNTAX Counter32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "The number of good packet in NP."
                        ::= { h3cNATStatEntry 8 }


                h3cNATStatNumOfBadPkt OBJECT-TYPE
                        SYNTAX Counter32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "The number of bad packet in NP."
                        ::= { h3cNATStatEntry 9 }


                h3cNATStaticSessionCount OBJECT-TYPE
                        SYNTAX Integer32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "Active STATIC session count."
                        ::= { h3cNATStatEntry 10 }


                h3cNATFragmentSessionCount OBJECT-TYPE
                        SYNTAX Integer32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "Active fragment packet session count."
                        ::= { h3cNATStatEntry 11 }


                h3cNATSequenceSessionCount OBJECT-TYPE
                        SYNTAX Integer32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "Active session table count hash by private IP."
                        ::= { h3cNATStatEntry 12 }


                h3cNATLogCount OBJECT-TYPE
                        SYNTAX Integer32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "Buffered Nat LOG table count."
                        ::= { h3cNATStatEntry 13 }


--     nat session
                h3cNATSessionTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATSessionEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The nat session information table.  There is the address translation information in the table.
                                The sketch map of connection is
                                pc1(private Net)------------------>NAT Device ------------------>Server(public Net)
                                InsideIP, InsidePort---->translating to GlobalIP, GlobalPort------>PeerIP, PeerPort.
                                "
                        ::= { h3cNATMibObjects 9 }


                h3cNATSessionEntry OBJECT-TYPE
                        SYNTAX H3cNATSessionEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The entry of session information table."
                        INDEX { h3cNATSessionHashNumber, h3cNATSessionProtocol, h3cNATSessionInsideIP, h3cNATSessionInsidePort, h3cNATSessionPeerIP,
                                h3cNATSessionPeerPort, h3cNATSessionVpnIndex }
                        ::= { h3cNATSessionTable 1 }


                H3cNATSessionEntry ::=
                        SEQUENCE {
                                h3cNATSessionHashNumber
                                        Integer32,
                                h3cNATSessionProtocol
                                        INTEGER,
                                h3cNATSessionGlobalIP
                                        IpAddress,
                                h3cNATSessionGlobalPort
                                        Integer32,
                                h3cNATSessionInsideIP
                                        IpAddress,
                                h3cNATSessionInsidePort
                                        Integer32,
                                h3cNATSessionPeerIP
                                        IpAddress,
                                h3cNATSessionPeerPort
                                        Integer32,
                                h3cNATSessionVpnIndex
                                        Integer32,
                                h3cNATSessionTTL
                                        Integer32,
                                h3cNATSessionStatus
                                        Integer32,
                                h3cNATSessionLeftTime
                                        TimeTicks
                         }

                h3cNATSessionHashNumber OBJECT-TYPE
                        SYNTAX Integer32 (1..300000)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The row number of the hash table."
                        ::= { h3cNATSessionEntry 1 }


                h3cNATSessionProtocol OBJECT-TYPE
                        SYNTAX INTEGER (1..255)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The protocol type of session."
                        ::= { h3cNATSessionEntry 2 }


                h3cNATSessionGlobalIP OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "The global IP of session. "
                        ::= { h3cNATSessionEntry 3 }


                h3cNATSessionGlobalPort OBJECT-TYPE
                        SYNTAX Integer32 (0..65535)
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "The global port of session."
                        ::= { h3cNATSessionEntry 4 }


                h3cNATSessionInsideIP OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The Inside IP of session."
                        ::= { h3cNATSessionEntry 5 }


                h3cNATSessionInsidePort OBJECT-TYPE
                        SYNTAX Integer32 (0..65535)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The Inside port of session."
                        ::= { h3cNATSessionEntry 6 }


                h3cNATSessionPeerIP OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The peer IP of session."
                        ::= { h3cNATSessionEntry 7 }


                h3cNATSessionPeerPort OBJECT-TYPE
                        SYNTAX Integer32 (0..65535)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The peer port of session."
                        ::= { h3cNATSessionEntry 8 }


                h3cNATSessionVpnIndex OBJECT-TYPE
                        SYNTAX Integer32 (0..255)
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The VPN index of session."
                        ::= { h3cNATSessionEntry 9 }


                h3cNATSessionTTL OBJECT-TYPE
                        SYNTAX Integer32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "The TTL of session."
                        ::= { h3cNATSessionEntry 10 }


                h3cNATSessionStatus OBJECT-TYPE
                        SYNTAX Integer32
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "The status of session."
                        ::= { h3cNATSessionEntry 11 }


                h3cNATSessionLeftTime OBJECT-TYPE
                        SYNTAX TimeTicks
                        MAX-ACCESS read-only
                        STATUS current
                        DESCRIPTION
                                "The Left time of session."
                        ::= { h3cNATSessionEntry 12 }


                h3cNATStaticConfTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATStaticConfEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "Static Nat configuration table."
                        ::= { h3cNATMibObjects 10 }


                h3cNATStaticConfEntry OBJECT-TYPE
                        SYNTAX H3cNATStaticConfEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "Configure static Nat."
                        INDEX { h3cNATStaticInsideIp }
                        ::= { h3cNATStaticConfTable 1 }


                H3cNATStaticConfEntry ::=
                        SEQUENCE {
                                h3cNATStaticInsideIp
                                        IpAddress,
                                h3cNATStaticGlobalIp
                                        IpAddress,
                                h3cNATStaticRowStatus
                                        RowStatus
                         }

                h3cNATStaticInsideIp OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "Inside ip address."
                        ::= { h3cNATStaticConfEntry 1 }


                h3cNATStaticGlobalIp OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Global Ip address."
                        ::= { h3cNATStaticConfEntry 2 }


                h3cNATStaticRowStatus OBJECT-TYPE
                        SYNTAX RowStatus
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Only support 'destroy' and 'createAndGo'.
                                If h3cNATStaticInsideIp and h3cNATStaticGlobalIp were provided correctly,
                                its value is changed 'active'."
                        ::= { h3cNATStaticConfEntry 3 }


                h3cNATStaticEnableTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATStaticEnableEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "Active the static Nat on interface."
                        ::= { h3cNATMibObjects 11 }


                h3cNATStaticEnableEntry OBJECT-TYPE
                        SYNTAX H3cNATStaticEnableEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "Active the static Nat on interface."
                        INDEX { ifIndex }
                        ::= { h3cNATStaticEnableTable 1 }


                H3cNATStaticEnableEntry ::=
                        SEQUENCE {
                                h3cNATStaticEnable
                                        INTEGER
                         }

                h3cNATStaticEnable OBJECT-TYPE
                        SYNTAX INTEGER
                                {
                                disable(0),
                                enable(1)
                                }
                        MAX-ACCESS read-write
                        STATUS current
                        DESCRIPTION
                                "Enable/disable the static Nat on the interface(h3cNatStaticEnableIfIndex).
                                disable  (0)
                                enable   (1)
                                                            "
                        ::= { h3cNATStaticEnableEntry 2 }


                h3cNATDnsMapTable OBJECT-TYPE
                        SYNTAX SEQUENCE OF H3cNATDnsMapEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "This table is used to set mapping of DNS."
                        ::= { h3cNATMibObjects 12 }


                h3cNATDnsMapEntry OBJECT-TYPE
                        SYNTAX H3cNATDnsMapEntry
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "The entry of h3cNATDnsMapTable."
                        INDEX { h3cNATDnsMapDomainName }
                        ::= { h3cNATDnsMapTable 1 }


                H3cNATDnsMapEntry ::=
                        SEQUENCE {
                                h3cNATDnsMapDomainName
                                        DisplayString,
                                h3cNATDnsMapGlobalIp
                                        IpAddress,
                                h3cNATDnsMapGlobalPort
                                        Integer32,
                                h3cNATDnsMapProtocolType
                                        INTEGER,
                                h3cNATDnsMapLastUseTime
                                        TimeTicks,
                                h3cNATDnsMapRowStatus
                                        RowStatus
                         }

                h3cNATDnsMapDomainName OBJECT-TYPE
                        SYNTAX DisplayString
                        MAX-ACCESS not-accessible
                        STATUS current
                        DESCRIPTION
                                "Domain name."
                        ::= { h3cNATDnsMapEntry 1 }


                h3cNATDnsMapGlobalIp OBJECT-TYPE
                        SYNTAX IpAddress
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Global IP address."
                        ::= { h3cNATDnsMapEntry 2 }


                h3cNATDnsMapGlobalPort OBJECT-TYPE
                        SYNTAX Integer32 (1..65535)
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                " Global port number."
                        ::= { h3cNATDnsMapEntry 3 }


                h3cNATDnsMapProtocolType OBJECT-TYPE
                        SYNTAX INTEGER
                                {
                                any(0),
                                typeTCP(1),
                                typeUDP(2)
                                }
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "TCP   Transmission Control Protocol.
                                UDP   User Datagram Protocol."
                        ::= { h3cNATDnsMapEntry 4 }


                h3cNATDnsMapLastUseTime OBJECT-TYPE
                        SYNTAX TimeTicks
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Its value is the time that the device uses
                                from startup to last use 'Dns Map'record.
                                If the value is 0,the device never use this
                                record."
                        ::= { h3cNATDnsMapEntry 5 }


                h3cNATDnsMapRowStatus OBJECT-TYPE
                        SYNTAX RowStatus
                        MAX-ACCESS read-create
                        STATUS current
                        DESCRIPTION
                                "Only support 'destroy' and 'createAndGo'.
                                If h3cNATDnsMapDomainName, h3cNATDnsMapGlobalIp
                                and h3cNATDnsMapGlobalPortor h3cNATDnsMapDomainName,
                                h3cNATDnsMapGlobalIp, h3cNATDnsMapGlobalPort and
                                h3cNATDnsMapProtocolType were provided correctly,
                                its value is changed 'active'."
                        ::= { h3cNATDnsMapEntry 6 }



        END
