--------------------------------------------------------------------------------
--ACMEPACKET-SECURITY-MIB:  Acme Packet SECURITY MIB file
--
--April 2008
--
--Copyright (c) by Acme Packet, Inc.
--All rights reserved.
--------------------------------------------------------------------------------
--This MIB provides a means to gather information about the
--Acme Management Interface running at the Net-Net SBC
--

APSECURITY-MIB DEFINITIONS ::= BEGIN

    IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32,
    IpAddress, Unsigned32, Counter32 
        FROM SNMPv2-SMI
    OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF
    DisplayString, TruthValue
  	FROM SNMPv2-TC
    acmepacketMgmt
        FROM ACMEPACKET-SMI
    InetAddress, InetAddressType, InetPortNumber             
        FROM INET-ADDRESS-MIB;

    apSecurityModule MODULE-IDENTITY
        LAST-UPDATED	    "201207160000Z"
        ORGANIZATION	    "Acme Packet, Inc"
        CONTACT-INFO     "       Customer Service
                        Postal: Acme Packet, Inc
                                100 Crosby Drive
                                Bedford, MA 01730
                                US
                        Tel:    1-781-328-4400
                        E-mail: support@acmepacket.com"
        DESCRIPTION     "The Net-Net SECURITY MIB for Acme Packet"
        REVISION        "201207160000Z"
        DESCRIPTION     "Updated contact info"
        ::= { acmepacketMgmt 9 }

    apSecurityMIBObjects OBJECT IDENTIFIER ::= { apSecurityModule 1 }

    apSecurityIPsecTunCount	OBJECT-TYPE
	SYNTAX         	Unsigned32
	UNITS		"tunnels"
      	MAX-ACCESS    	read-only
      	STATUS            current
      	DESCRIPTION
        	"The number of IPsec tunnels currently in progress."
	::= { apSecurityMIBObjects 1 }

    apSecurityIPsecTunCapPct    OBJECT-TYPE
	SYNTAX	    	Unsigned32 (0..100)
	UNITS		"%"
	MAX-ACCESS   	read-only
	STATUS          current
	DESCRIPTION
		"The percentage of licensed IPsec tunnels currently in progress."
	::= { apSecurityMIBObjects 2 }

    apSecurityIkeInterfaceStatsTable OBJECT-TYPE
        SYNTAX  	SEQUENCE OF ApSecurityIkeInterfaceStatsEntry
        MAX-ACCESS      not-accessible
        STATUS  	current
        DESCRIPTION
                "The table of Ike statistics per ike-interface for IKE negotiations."
        ::= { apSecurityMIBObjects 3 }
    apSecurityIkeInterfaceStatsEntry OBJECT-TYPE
        SYNTAX  	ApSecurityIkeInterfaceStatsEntry
        MAX-ACCESS      not-accessible
        STATUS  	current
        DESCRIPTION
                "IKE negotiation statistics for an IKE-interface."
        INDEX   { apSecurityIkeInterfaceType, apSecurityIkeInterfaceAddress }
        ::= { apSecurityIkeInterfaceStatsTable 1 }

    ApSecurityIkeInterfaceStatsEntry ::=
        SEQUENCE {
	        apSecurityIkeInterfaceType		        InetAddressType,
		apSecurityIkeInterfaceAddress			InetAddress,
		apSecurityIkeInterfaceCpuOverloadErrors		Unsigned32,
                apSecurityIkeInterfaceInitCookieErrors  	Unsigned32,
                apSecurityIkeInterfaceAuthErrors		Unsigned32,
		apSecurityIkeInterfaceEapAccessRequestErrors	Unsigned32,
                apSecurityIkeInterfaceEapAccessChallengeErrors	Unsigned32,
                apSecurityIkeInterfaceTsErrors			Unsigned32,
                apSecurityIkeInterfaceCpErrors			Unsigned32,
                apSecurityIkeInterfaceKeErrors			Unsigned32,
                apSecurityIkeInterfaceProposalErrors		Unsigned32,
		apSecurityIkeInterfaceSyntaxErrors		Unsigned32,
		apSecurityIkeInterfaceCriticalPayloadErrors	Unsigned32,
		apSecurityIkeInterfaceAuthFailureTca		Unsigned32,
		apSecurityIkeInterfaceTunnelRemovalsTca		Unsigned32,
		apSecurityIkeInterfaceDpdTca			Unsigned32
		}

    apSecurityIkeInterfaceType OBJECT-TYPE
        SYNTAX		InetAddressType
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "IPAddress type of the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 1 }

    apSecurityIkeInterfaceAddress OBJECT-TYPE
        SYNTAX		InetAddress
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "IPAddress of  the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 2 }

    apSecurityIkeInterfaceCpuOverloadErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of CPU overload rejections on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 3 }

    apSecurityIkeInterfaceInitCookieErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of IKE COOKIE errors on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 4 }

    apSecurityIkeInterfaceAuthErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of IKE AUTH payload errors on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 5 }

    apSecurityIkeInterfaceEapAccessRequestErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of IKE EAP access request errors on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 6 }

    apSecurityIkeInterfaceEapAccessChallengeErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of IKE EAP access challenge errors on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 7 }

    apSecurityIkeInterfaceTsErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of IKE TS errors on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 8 }

    apSecurityIkeInterfaceCpErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of IKE config payload errors on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 9 }

    apSecurityIkeInterfaceKeErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of IKE KE errors on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 10 }

    apSecurityIkeInterfaceProposalErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of IKE proposal payload errors on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 11 }

    apSecurityIkeInterfaceSyntaxErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of IKE Syntax errors on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 12 }

    apSecurityIkeInterfaceCriticalPayloadErrors OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "The count of IKE critical payload errors on the IKE-interface"
        ::= { apSecurityIkeInterfaceStatsEntry 13 }

    apSecurityIkeInterfaceAuthFailureTca OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Dummy object for the IKE authentication failure TCA"
        ::= { apSecurityIkeInterfaceStatsEntry 14 }

    apSecurityIkeInterfaceTunnelRemovalsTca OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Dummy object for the IPsec tunnel removals TCA"
        ::= { apSecurityIkeInterfaceStatsEntry 15 }

    apSecurityIkeInterfaceDpdTca OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Dummy object for the IKE dead peer detection TCA"
        ::= { apSecurityIkeInterfaceStatsEntry 16 }

    apSecurityTacacsTable OBJECT-TYPE
        SYNTAX  	SEQUENCE OF ApSecurityTacacsEntry
        MAX-ACCESS      not-accessible
        STATUS  	current
        DESCRIPTION
                "The table of all tacacs, including the system-wide
		consolidated license (always index 1)"
        ::= { apSecurityMIBObjects 4 }

    apSecurityTacacsEntry OBJECT-TYPE
        SYNTAX  	ApSecurityTacacsEntry
        MAX-ACCESS      not-accessible
        STATUS  	current
        DESCRIPTION
                "An entry in the table of all licenses"
        INDEX           { apSecurityTacacsIndex }
        ::= { apSecurityTacacsTable 1}


    ApSecurityTacacsEntry ::=
        SEQUENCE {
                apSecurityTacacsIndex                     Integer32 (1..2147483647),
                apSecurityTacacsServer	                  DisplayString,
                apSecurityTacacsCliCommands               Unsigned32,
                apSecurityTacacsSuccessAuthentication     Unsigned32,
                apSecurityTacacsFailureAuthentication     Unsigned32,
                apSecurityTacacsSuccessAuthorization      Unsigned32,
                apSecurityTacacsFailureAuthorization      Unsigned32
		}
	
    apSecurityTacacsIndex OBJECT-TYPE
        SYNTAX          Integer32 (1..2147483647)
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
                "Unique index for the tacacs table. "
        ::= { apSecurityTacacsEntry 1 }


    apSecurityTacacsServer OBJECT-TYPE
        SYNTAX             DisplayString (SIZE (0..255))
        MAX-ACCESS         read-only
        STATUS             current
        DESCRIPTION     
       		"Server for last transaction"   
        ::= { apSecurityTacacsEntry 2 }

    apSecurityTacacsCliCommands	OBJECT-TYPE
        SYNTAX          Unsigned32
	MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     
                "Number of CLI commands sent for TACACS+ accounting"   
        ::= { apSecurityTacacsEntry 3 }

    apSecurityTacacsSuccessAuthentication OBJECT-TYPE
        SYNTAX          Unsigned32
	MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     
                "Number of successful TACACS+ authentication requests"   
        ::= { apSecurityTacacsEntry 4 }

    apSecurityTacacsFailureAuthentication OBJECT-TYPE
        SYNTAX          Unsigned32
	MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     
                "Number of failed TACACS+ authentication requests"   
        ::= { apSecurityTacacsEntry 5 }

    apSecurityTacacsSuccessAuthorization OBJECT-TYPE
        SYNTAX          Unsigned32
	MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     
                "Number of successful TACACS+ authorization requests"   
        ::= { apSecurityTacacsEntry 6 }

    apSecurityTacacsFailureAuthorization OBJECT-TYPE
        SYNTAX          Unsigned32
	MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     
                "Number of failed TACACS+ authorization requests"   
        ::= { apSecurityTacacsEntry 7 }

    apSecurityOCSRIpAddress 	OBJECT-TYPE
	SYNTAX		IpAddress
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
	    "OCSR server IP address."
	::= { apSecurityMIBObjects 5 }

    apSecurityOCSRHostname      OBJECT-TYPE
	SYNTAX        DisplayString
	MAX-ACCESS    accessible-for-notify
	STATUS	      current
	DESCRIPTION   "OCSR server hostname."
	::= { apSecurityMIBObjects 6 }

    apSecurityCrlIssuer      OBJECT-TYPE
	SYNTAX        DisplayString
	MAX-ACCESS    accessible-for-notify
	STATUS	      current
	DESCRIPTION   "CRL issuer name."
	::= { apSecurityMIBObjects 7 }

    apSecurityCspName      OBJECT-TYPE
	SYNTAX        DisplayString
	MAX-ACCESS    accessible-for-notify
	STATUS	      current
	DESCRIPTION   "Cert-status-profile object name for fetching the CRL. 
	               If the CRL is just loaded from local file, then it is 
		       specified as file"
	::= { apSecurityMIBObjects 8 }

    apSecurityIkeInterfaceInfoTable OBJECT-TYPE
        SYNTAX  	SEQUENCE OF ApSecurityIkeInterfaceInfoEntry
        MAX-ACCESS      not-accessible
        STATUS  	current
        DESCRIPTION
                "The table of Ike Info per ike-interface for IKE negotiations."
        ::= { apSecurityMIBObjects 9 }

    apSecurityIkeInterfaceInfoEntry OBJECT-TYPE
        SYNTAX  	ApSecurityIkeInterfaceInfoEntry
        MAX-ACCESS      not-accessible
        STATUS  	current
        DESCRIPTION     "IKE info for an IKE-interface."
        AUGMENTS	{ apSecurityIkeInterfaceStatsEntry }
        ::= { apSecurityIkeInterfaceInfoTable 1 }

    ApSecurityIkeInterfaceInfoEntry ::=
        SEQUENCE {
		apSecurityIkeInterfaceChildSaRequest		Unsigned32,
		apSecurityIkeInterfaceChildSaSuccess		Unsigned32,
		apSecurityIkeInterfaceChildSaFail		Unsigned32,
		apSecurityIkeInterfaceChildSaDelRequest		Unsigned32,
		apSecurityIkeInterfaceChildSaDelSuccess		Unsigned32,
		apSecurityIkeInterfaceChildSaDelFail		Unsigned32,
		apSecurityIkeInterfaceChildSaRekey		Unsigned32,
		apSecurityIkeInterfaceInitialChildSa		Unsigned32,
		apSecurityIkeInterfaceDPDRecvPortChange		Unsigned32,
		apSecurityIkeInterfaceDPDRecvIPChange		Unsigned32,
		apSecurityIkeInterfaceDPDRespRecv		Unsigned32,
		apSecurityIkeInterfaceDPDRespNotRecv		Unsigned32,
		apSecurityIkeInterfaceDPDRecv			Unsigned32,
		apSecurityIkeInterfaceDPDRetran			Unsigned32,
		apSecurityIkeInterfaceDPDSent			Unsigned32,
		apSecurityIkeInterfaceIKESAPacketSent		Unsigned32,
		apSecurityIkeInterfaceIKESAPacketRcv		Unsigned32,
		apSecurityIkeInterfaceIKESAPacketDropped	Unsigned32,
		apSecurityIkeInterfaceAuthFailure		Unsigned32,
		apSecurityIkeInterfaceMsgError			Unsigned32,
		apSecurityIkeInterfaceAuthIDError		Unsigned32,
		apSecurityIkeInterfaceAuthCertCheckRequest	Unsigned32,
		apSecurityIkeInterfaceAuthCertCheckSuccess	Unsigned32,
		apSecurityIkeInterfaceAuthCertCheckFailure	Unsigned32,
		apSecurityIkeInterfaceDDosSent			Unsigned32,
		apSecurityIkeInterfaceDDosRecv			Unsigned32,	
		apSecurityIkeInterfaceMessageRetrans		Unsigned32,
		apSecurityIkeInterfaceSAInitMsgRecv		Unsigned32,
		apSecurityIkeInterfaceSAInitMsgSent		Unsigned32,
		apSecurityIkeInterfaceSAEstablishmentAttempts	Unsigned32,
		apSecurityIkeInterfaceSAEstablishmentSuccess	Unsigned32,
		apSecurityIkeInterfaceTunnelRate			Unsigned32,
		apSecurityIkeInterfaceCurrentChildSaPair	Unsigned32
		}

    apSecurityIkeInterfaceChildSaRequest OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Child SA Requests on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 1 }
        
    apSecurityIkeInterfaceChildSaSuccess OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Child SA Success on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 2 }

    apSecurityIkeInterfaceChildSaFail OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Child SA Failures on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 3 }

    apSecurityIkeInterfaceChildSaDelRequest OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Child SA Delete Requests on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 4 }

    apSecurityIkeInterfaceChildSaDelSuccess OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Child SA Delete Success on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 5 }

    apSecurityIkeInterfaceChildSaDelFail OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Child SA Delete Failures on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 6 }

    apSecurityIkeInterfaceChildSaRekey OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Child SA Rekeys on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 7 }

    apSecurityIkeInterfaceInitialChildSa OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Initial Child SA Establishments on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 8 }

    apSecurityIkeInterfaceDPDRecvPortChange OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of DPD Port Change Received on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 9 }

    apSecurityIkeInterfaceDPDRecvIPChange OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of DPD IP Change Received on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 10 }

    apSecurityIkeInterfaceDPDRespRecv OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of DPD Responses Received on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 11 }

    apSecurityIkeInterfaceDPDRespNotRecv OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of DPD Responses Not Received on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 12 }

    apSecurityIkeInterfaceDPDRecv OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of DPD Packets Received on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 13 }

    apSecurityIkeInterfaceDPDRetran OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of DPD Packets Retransmitted on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 14 }

    apSecurityIkeInterfaceDPDSent OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of DPD Packets Sent on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 15 }

    apSecurityIkeInterfaceIKESAPacketSent OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of IKE SA Packets Sent on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 16 }

    apSecurityIkeInterfaceIKESAPacketRcv OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of IKE SA Packets Received on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 17 }

    apSecurityIkeInterfaceIKESAPacketDropped OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of IKE SA Packets dropped on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 18 }

    apSecurityIkeInterfaceAuthFailure OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Authentication Failures on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 19 }

    apSecurityIkeInterfaceMsgError OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of IKE Message Errors on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 20 }

    apSecurityIkeInterfaceAuthIDError OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Authentication ID Errors on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 21 }

    apSecurityIkeInterfaceAuthCertCheckRequest OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Certificate Status Requests on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 22 }

    apSecurityIkeInterfaceAuthCertCheckSuccess OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Certificate Status Success on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 23 }

    apSecurityIkeInterfaceAuthCertCheckFailure OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Certificate Status Failures on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 24 }

    apSecurityIkeInterfaceDDosSent OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of DDoS Sent on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 25 }

    apSecurityIkeInterfaceDDosRecv OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of DDoS Received on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 26 }

    apSecurityIkeInterfaceMessageRetrans OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of IKE Message Retransmissions on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 27 }


    apSecurityIkeInterfaceSAInitMsgRecv OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of IKE_SA_INIT messages received on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 28 }

    apSecurityIkeInterfaceSAInitMsgSent OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of IKE_SA_INIT messages sent on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 29 }

    apSecurityIkeInterfaceSAEstablishmentAttempts OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of IKE_SA establishment attempts on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 30 }

    apSecurityIkeInterfaceSAEstablishmentSuccess OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of IKE_SA establishment success on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 31 }

    apSecurityIkeInterfaceTunnelRate OBJECT-TYPE
        SYNTAX		Unsigned32
        MAX-ACCESS	read-only
        STATUS		current
        DESCRIPTION
                "Number of Tunnels per second averaged over 100sec window on the IKE-interface."
        ::= { apSecurityIkeInterfaceInfoEntry 32 }

    apSecurityIkeInterfaceCurrentChildSaPair OBJECT-TYPE

        SYNTAX		Unsigned32

        MAX-ACCESS	read-only

        STATUS		current

        DESCRIPTION

                "Current number of Child Security Association Pairs (Tunnels) on the IKE-interface."

        ::= { apSecurityIkeInterfaceInfoEntry 33 }

-- certificate table (read only)
    apSecurityCertificateTable OBJECT-TYPE
        SYNTAX  	SEQUENCE OF ApSecurityCertificateEntry
        MAX-ACCESS      not-accessible
        STATUS  	current
        DESCRIPTION
                "The table of locally installed certifcate."
        ::= { apSecurityMIBObjects 10 }

    apSecurityCertificateEntry OBJECT-TYPE
        SYNTAX  	ApSecurityCertificateEntry
        MAX-ACCESS      not-accessible
        STATUS  	current
        DESCRIPTION
                "The certificate entry."
        INDEX   { apSecurityCertificateConfigId, apSecurityCertificateIndex }
        ::= { apSecurityCertificateTable 1 }

    ApSecurityCertificateEntry ::=
        SEQUENCE {
		apSecurityCertificateConfigId 		Unsigned32,
		apSecurityCertificateIndex 		Unsigned32,
                apSecurityCertificateRecordName         DisplayString,
                apSecurityCertificateCertSubject	DisplayString,
		apSecurityCertificateCertStart   	DisplayString,
		apSecurityCertificateCertExpire   	DisplayString,
                apSecurityCertificateCertIssuer		DisplayString,
		apSecurityCertificateCertIsCA           TruthValue
		}


    apSecurityCertificateConfigId OBJECT-TYPE
        SYNTAX          Unsigned32
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The internal configuration ID of the certificate. "
        ::= { apSecurityCertificateEntry 1 }

    apSecurityCertificateIndex OBJECT-TYPE
        SYNTAX          Unsigned32
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The internal index of the certificate. 
	    Combined with configuration ID is the unique ID of a certificate "
        ::= { apSecurityCertificateEntry 2 }

    apSecurityCertificateRecordName OBJECT-TYPE
        SYNTAX          DisplayString (SIZE(0..255))
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "The SBC's configuration record name for the certificate. "
        ::= { apSecurityCertificateEntry 3 }

    apSecurityCertificateCertSubject OBJECT-TYPE
        SYNTAX          DisplayString (SIZE(0..255))
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "The certificate subject. "
        ::= { apSecurityCertificateEntry 4 }

    apSecurityCertificateCertStart OBJECT-TYPE
        SYNTAX          DisplayString (SIZE(0..255))
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "The start time and date of the certificate. "
        ::= { apSecurityCertificateEntry 5 }

    apSecurityCertificateCertExpire OBJECT-TYPE
        SYNTAX          DisplayString (SIZE(0..255))
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "The expiration time and date of the certificate. "
        ::= { apSecurityCertificateEntry 6 }

    apSecurityCertificateCertIssuer OBJECT-TYPE
        SYNTAX          DisplayString (SIZE(0..255))
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "The issuer of the certificate."
        ::= { apSecurityCertificateEntry 7 }

    apSecurityCertificateCertIsCA OBJECT-TYPE
        SYNTAX          TruthValue
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "Boolean value indicating if the certificate is a CA certificate."
        ::= { apSecurityCertificateEntry 8 }


    apSecurityNotificationObjects OBJECT IDENTIFIER ::= { apSecurityModule 2 }	 

    apSecuritySpi OBJECT-TYPE
	SYNTAX		Unsigned32
	MAX-ACCESS	accessible-for-notify
	STATUS			current
	DESCRIPTION	"Tunnel security-policy-index."

	::= { apSecurityNotificationObjects 1 }
	
    apSecuritySrcIpAddress 	OBJECT-TYPE
	SYNTAX		IpAddress
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
	    "Source IP address."
	::= { apSecurityNotificationObjects 2 }

    apSecurityDstIpAddress 	OBJECT-TYPE
	SYNTAX		IpAddress
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
	    "Destination IP address."
	::= { apSecurityNotificationObjects 3 }

    apSecurityIPSECMode		OBJECT-TYPE
	SYNTAX     	     	INTEGER {
					tunnel(0),
					transport(1)
				}
	MAX-ACCESS		accessible-for-notify
	STATUS	   		current
	DESCRIPTION
	"IPSec mode."
	::= { apSecurityNotificationObjects 4 }

    apSecurityEncryptionAlg	OBJECT-TYPE
	SYNTAX     	     	INTEGER {
					any(0),
					alg-des(1),
					alg-3des(2),
					alg-blowfish(3),
					alg-aes(4),
					null(5)
				}
	MAX-ACCESS		accessible-for-notify
	STATUS	   		current
	DESCRIPTION
	"Type of the encryption algorithms supported in the tunnel setup."
	::= { apSecurityNotificationObjects 5 }
	
    apSecurityAuthAlg		OBJECT-TYPE
	SYNTAX     	     	INTEGER {
					any(0),
					md5(1),
					sha1(2)
				}
	MAX-ACCESS		accessible-for-notify
	STATUS	   		current
	DESCRIPTION
	"Type of the authentication algorithms supported in the tunnel setup."
	::= { apSecurityNotificationObjects 6 }

    apSecuritySecProtocol	OBJECT-TYPE
	SYNTAX     	     	INTEGER {
					ah(0),
					esp(1),
					esp-auth(2),
					esp-null(3)
				}
	MAX-ACCESS		accessible-for-notify
	STATUS	   		current
	DESCRIPTION
	"Type of the security protocol supported in the tunnel setup."
	::= { apSecurityNotificationObjects 7 }

    apSecurityFailureCause	OBJECT-TYPE
	SYNTAX     	     	INTEGER {
					incorrect-id(0),
					incorrect-user-passwd(1),
					incorrect-shared-secret(2),
					incorrect-dh-group(3),
					incorrect-encryption-alg(4),
					incorrect-auth-alg(5),
					incorrect-sec-protocol(6),
					incorrect-hash(7),
					incorrect-mode(8),
					service-unavailable(9),
					access-reject(10),
					initiator-timeout(11),
					invalid-certificate(12),
                                        authentication-failure(13),
                                        authorization-failure(14),
                                        accounting-failure(15)
				}
	MAX-ACCESS		accessible-for-notify
	STATUS	   		current
	DESCRIPTION
	"Reason for failure in the IKE, IPSec or RADIUS areas."
	::= { apSecurityNotificationObjects 8 }

    apSecurityFailureArea	OBJECT-TYPE
	SYNTAX     	     	INTEGER {
					ike(0),
					ipsec(1),
					radius(2),
					tacacs(3)
				}
	MAX-ACCESS		accessible-for-notify
	STATUS	   		current
	DESCRIPTION
	"Where the failure happened."
	::= { apSecurityNotificationObjects 9 }


    apSecurityStatus OBJECT-TYPE
	SYNTAX		INTEGER {
		       success (1),
		       failure (2)
		       }
	MAX-ACCESS	accessible-for-notify
	STATUS			current
	DESCRIPTION	"Status."

	::= { apSecurityNotificationObjects 10 }

    apSecurityDateTime      OBJECT-TYPE
	SYNTAX        DisplayString
	MAX-ACCESS    accessible-for-notify
	STATUS	      current
	DESCRIPTION   "Time as configured at the Net-Net SBC when an
			event completes."
	::= { apSecurityNotificationObjects 11 }
	
    apSecurityUser    OBJECT-TYPE
	SYNTAX        DisplayString  (SIZE (0..255))
	MAX-ACCESS    accessible-for-notify
	STATUS	      current
	DESCRIPTION   "User name" 
	::= { apSecurityNotificationObjects 12 }

    apSecurityPeerPort OBJECT-TYPE
	SYNTAX		InetPortNumber
	MAX-ACCESS	accessible-for-notify
	STATUS			current
	DESCRIPTION	"IKE peer port"

	::= { apSecurityNotificationObjects 13 }
	
    apSecurityPeerIpAddress 	OBJECT-TYPE
	SYNTAX		IpAddress
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
	    "IKE peer IP address."
	::= { apSecurityNotificationObjects 14 }

    apSecurityCRLServer      OBJECT-TYPE
	SYNTAX        DisplayString
	MAX-ACCESS    accessible-for-notify
	STATUS	      current
	DESCRIPTION   "CRL Server FQDN if configured."
	::= { apSecurityNotificationObjects 15 }

    apSecurityCRLRetrievalFailureCause	OBJECT-TYPE
	SYNTAX     	     	INTEGER {					
					internal(0),
					incorrect-response(1),
					timeout(2)
				}
	MAX-ACCESS		accessible-for-notify
	STATUS	   		current
	DESCRIPTION
	"Reason for failure in the CRL retrieval."
	::= { apSecurityNotificationObjects 16 }

    apSecurityLastSuccessfulCRLRetrieval OBJECT-TYPE
        SYNTAX          Integer32
        MAX-ACCESS      accessible-for-notify
        STATUS          current
        DESCRIPTION     
                "Last successful CRL retrieval."
        ::= { apSecurityNotificationObjects 17 }

    apSecurityCRLServerIPAddress	OBJECT-TYPE
	SYNTAX         	IpAddress	
      	MAX-ACCESS      accessible-for-notify
      	STATUS            current
      	DESCRIPTION
        	"CRL Server IP address."
	::= { apSecurityNotificationObjects 18 }

    apSecurityGTPProfileName      OBJECT-TYPE
        SYNTAX        DisplayString
        MAX-ACCESS    accessible-for-notify
        STATUS        current
        DESCRIPTION   "GTP Profile Name configured."
        ::= { apSecurityNotificationObjects 19 }

    apSecurityGTPHostName      OBJECT-TYPE
        SYNTAX        DisplayString
        MAX-ACCESS    accessible-for-notify
        STATUS        current
        DESCRIPTION   "GGSN Host Name if configured."
        ::= { apSecurityNotificationObjects 20 }

    apSecurityGTPLinkFailureCause  OBJECT-TYPE
        SYNTAX        INTEGER {                                       
				internal(0),                                    
				timeout(1),
				versionError(2)
                               }
        MAX-ACCESS    accessible-for-notify
        STATUS        current
        DESCRIPTION   "Reason for failure in the GTPCRL retrieval."
        ::= { apSecurityNotificationObjects 21 }

    apSecurityGTPIPAddress        OBJECT-TYPE
        SYNTAX        IpAddress      
        MAX-ACCESS    accessible-for-notify
        STATUS        current
        DESCRIPTION   "GGSN  IP address."
        ::= { apSecurityNotificationObjects 22 }

    apSecuritySrcAddressFamily 	OBJECT-TYPE
	SYNTAX		InetAddressType
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
	    "Source IP address family IPv4 or IPv6."
	::= { apSecurityNotificationObjects 23 }

    apSecuritySrcAddress 	OBJECT-TYPE
	SYNTAX		InetAddress
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
	    "Source IP address."
	::= { apSecurityNotificationObjects 24 }

    apSecurityDstAddressFamily 	OBJECT-TYPE
	SYNTAX		InetAddressType
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
	    "Destination IP address family IPv4 or IPv6."
	::= { apSecurityNotificationObjects 25 }

    apSecurityDstAddress 	OBJECT-TYPE
	SYNTAX		InetAddress
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
	    "Destination IP address."
	::= { apSecurityNotificationObjects 26 }

    apSecurityPeerAddressFamily 	OBJECT-TYPE
	SYNTAX		InetAddressType
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
	    "IKE peer IP address family IPv4 or IPv6."
	::= { apSecurityNotificationObjects 27 }

    apSecurityPeerAddress 	OBJECT-TYPE
	SYNTAX		InetAddress
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
	    "IKE peer IP address."
	::= { apSecurityNotificationObjects 28 }



-- Notifications

    apSecurityNotifications OBJECT IDENTIFIER ::= { apSecurityModule 3 }
    apSecurityAuthNotificationsPrefix
		OBJECT IDENTIFIER ::= { apSecurityNotifications 1 }
    apSecurityAuthNotifications
		OBJECT IDENTIFIER ::= { apSecurityAuthNotificationsPrefix 0 }

    apSecurityTunnelFailureNotification	NOTIFICATION-TYPE
	OBJECTS		{
			apSecuritySpi,
			apSecuritySrcIpAddress,
			apSecurityDstIpAddress,
			apSecurityFailureCause,
			apSecurityFailureArea,
			apSecurityStatus
			}
	STATUS	   	current
	DESCRIPTION
	      "The notification will be generated whenever IPSEC IKEV2 tunnel fails to 
	      establish. "
	::= { apSecurityAuthNotifications 1 }

    apSecurityRadiusFailureNotification	NOTIFICATION-TYPE
	OBJECTS		{
			apSecurityUser,
			apSecurityFailureCause,
			apSecurityFailureArea,
			apSecurityStatus
			}
	STATUS	   	current
	DESCRIPTION
	      "The notification will be generated whenever Radius authentication request fails."
	::= { apSecurityAuthNotifications 2 }

    apSecurityAuthFailureThresholdNotification	NOTIFICATION-TYPE
	OBJECTS		{
	                apSecurityUser,
			apSecurityPeerIpAddress,
			apSecurityPeerPort
			}
	STATUS	   	current
	DESCRIPTION
	      "The notification will be generated when IKE DDos auth-failure-threshold is reached and
	      report mode includes SNMP trap"
	::= { apSecurityAuthNotifications 3 }

    apSecurityTacacsFailureNotification	NOTIFICATION-TYPE
	OBJECTS		{
			apSecurityUser,
			apSecurityFailureCause,
			apSecurityFailureArea,
			apSecurityStatus
			}
	STATUS	   	current
	DESCRIPTION
	      "The notification will be generated whenever TACACS authentication requests fail."
	::= { apSecurityAuthNotifications 4 }

    apSecurityTunnelFailureInetNotification	NOTIFICATION-TYPE
	OBJECTS		{
			apSecuritySpi,
			apSecuritySrcAddressFamily,
			apSecuritySrcAddress,
			apSecurityDstAddressFamily,
			apSecurityDstAddress,
			apSecurityFailureCause,
			apSecurityFailureArea,
			apSecurityStatus
			}
	STATUS	   	current
	DESCRIPTION
	      "The notification will be generated whenever IPSEC IKEV2 tunnel fails to 
	      establish. "
	::= { apSecurityAuthNotifications 5 }

    apSecurityAuthFailureThresholdInetNotification	NOTIFICATION-TYPE
	OBJECTS		{
	                apSecurityUser,
			apSecurityPeerAddressFamily,
			apSecurityPeerAddress,
			apSecurityPeerPort
			}
	STATUS	   	current
	DESCRIPTION
	      "The notification will be generated when IKE DDos auth-failure-threshold is reached and
	      report mode includes SNMP trap"
	::= { apSecurityAuthNotifications 6 }

    apSecurityGeneralNotificationsPrefix
		OBJECT IDENTIFIER ::= { apSecurityNotifications 2 }
    apSecurityGeneralNotifications
		OBJECT IDENTIFIER ::= { apSecurityGeneralNotificationsPrefix 0 }
    apSecurityTunnelDPDNotification	NOTIFICATION-TYPE
	OBJECTS		{
			apSecuritySpi,
			apSecuritySrcIpAddress,
			apSecurityDstIpAddress,
			apSecurityFailureArea,
			apSecurityStatus
			}
	STATUS	   	current
	DESCRIPTION
	      "The notification will be generated whenever IPSEC IKEV2 tunnel fails 
	      due to Dead Peer Detection(DPD). "
	::= { apSecurityGeneralNotifications 1 }

    apSecurityIPsecTunCapNotification	NOTIFICATION-TYPE
	OBJECTS		{
			apSecurityIPsecTunCapPct
			}
	STATUS  current
        DESCRIPTION
		"This notification is sent when the percentage of licensed
		IPsec tunnels exceeds an IPsec tunnel alarm threshold.
		The apSecurityIPsecTunCapPct object indicates the current
		percentage."
        ::= { apSecurityGeneralNotifications 2 }

    apSecurityIPsecTunCapClearNotification    NOTIFICATION-TYPE
	OBJECTS		{
			apSecurityIPsecTunCapPct
			}
	STATUS  current
	DESCRIPTION
		"This trap is sent when the percentage of licensed IPsec
		tunnels no longer exceeds an IPsec tunnel alarm threshold.
		The apSecurityIPsecTunCapPct object indicates the current
		percentage."
	::= { apSecurityGeneralNotifications 3 }


    apSecurityTunnelDPDInetNotification		NOTIFICATION-TYPE
	OBJECTS		{
			apSecuritySpi,
			apSecuritySrcAddressFamily,
			apSecuritySrcAddress, 
			apSecurityDstAddressFamily,
			apSecurityDstAddress, 						
			apSecurityFailureArea,
			apSecurityStatus
			}
	STATUS	   	current
	DESCRIPTION
	      "The notification will be generated whenever IPSEC IKEV2 tunnel fails 
	      due to Dead Peer Detection(DPD). "
	::= { apSecurityGeneralNotifications 4 }

    apSecurityOCSRNotificationsPrefix
		OBJECT IDENTIFIER ::= { apSecurityNotifications 3 }
    apSecurityOCSRNotifications
		OBJECT IDENTIFIER ::= { apSecurityOCSRNotificationsPrefix 0 }

    apSecurityOCSRDownNotification	NOTIFICATION-TYPE
	OBJECTS		{
			apSecurityOCSRHostname,
                        apSecurityOCSRIpAddress
			}
	STATUS  current
        DESCRIPTION
		"This notification is sent when a OCSR server
		becomes unreachable."
        ::= { apSecurityOCSRNotifications 1 }

    apSecurityOCSRUpNotification    NOTIFICATION-TYPE
	OBJECTS		{
			apSecurityOCSRHostname,
                        apSecurityOCSRIpAddress
			}
	STATUS  current
	DESCRIPTION
		"This notification is sent when a OCSR server
		becomes reachable."
	::= { apSecurityOCSRNotifications 2 }

    apSecurityCrlNotificationsPrefix
		OBJECT IDENTIFIER ::= { apSecurityNotifications 4 }
    apSecurityCrlNotifications
		OBJECT IDENTIFIER ::= { apSecurityCrlNotificationsPrefix 0 }

    apSecurityCrlInvalidNotification	NOTIFICATION-TYPE
	OBJECTS		{
			apSecurityCrlIssuer,
                        apSecurityCspName
			}
	STATUS  current
        DESCRIPTION
		"This notification is sent when an invalid CRL
		is detected."
        ::= { apSecurityCrlNotifications 1 }


    apSecurityCRLRetrievalNotificationsPrefix
		OBJECT IDENTIFIER ::= { apSecurityNotifications 5 }
    apSecurityCRLRetrievalNotifications
		OBJECT IDENTIFIER ::= { apSecurityCRLRetrievalNotificationsPrefix 0 }

    apSecurityCRLRetrievalFailNotification	NOTIFICATION-TYPE
	OBJECTS		{
			apSecurityCRLServer,
			apSecurityCRLRetrievalFailureCause,
			apSecurityLastSuccessfulCRLRetrieval,
			apSecurityCRLServerIPAddress
			}
	STATUS  current
        DESCRIPTION
		"This notification is sent when there is a 
		failure in CRL retrieval."		
        ::= { apSecurityCRLRetrievalNotifications 1 }

    apSecurityCRLRetrievalClearNotification    NOTIFICATION-TYPE
	OBJECTS		{
			apSecurityCRLServer,
			apSecurityCRLServerIPAddress
			}
	STATUS  current
	DESCRIPTION
		"This notification is sent when there is a 
		success in CRL retrieval."
	::= { apSecurityCRLRetrievalNotifications 2 }

-- certificate expiration notifications
    apSecurityCertNotificationsPrefix
		OBJECT IDENTIFIER ::= { apSecurityNotifications 6 }
    apSecurityCertNotifications
		OBJECT IDENTIFIER ::= { apSecurityCertNotificationsPrefix 0 }

    apSecurityCertExpiredNotification	NOTIFICATION-TYPE
	OBJECTS		{
	                apSecurityCertificateRecordName,
	                apSecurityCertificateCertSubject,
	                apSecurityCertificateCertExpire,
                        apSecurityCertificateCertIssuer
			}
	STATUS	   	current
	DESCRIPTION
	      "The notification will be generated periodically if a locally installed
               certificate has expired. "
	::= { apSecurityCertNotifications 1 }

    apSecurityCertExpireSoonNotification	NOTIFICATION-TYPE
	OBJECTS		{
                        apSecurityCertificateRecordName,
	                apSecurityCertificateCertSubject,
	                apSecurityCertificateCertExpire,
                        apSecurityCertificateCertIssuer
			}
	STATUS	   	current
	DESCRIPTION
	      "The notification will be generated periodically if a locally installed
               certificate will soon expire. "
	::= { apSecurityCertNotifications 2 }


    apSecurityGTPFailureNotificationsPrefix
             OBJECT IDENTIFIER ::= { apSecurityNotifications 7 }
    apSecurityGTPFailureNotifications
             OBJECT IDENTIFIER ::= { apSecurityGTPFailureNotificationsPrefix 0 }

    apSecurityGTPLinkFailureNotification      NOTIFICATION-TYPE
        OBJECTS         {
                        apSecurityGTPProfileName,
                        apSecurityGTPHostName,
                        apSecurityGTPLinkFailureCause,
                        apSecurityGTPIPAddress
                        }
        STATUS  current
        DESCRIPTION
                "This notification is sent when there is a link failure with GGSN on GTP Profile."
        ::= { apSecurityGTPFailureNotifications 1 }

    apSecurityGTPLinkClearNotification    NOTIFICATION-TYPE
        OBJECTS         {
                        apSecurityGTPProfileName,
                        apSecurityGTPHostName,
                        apSecurityGTPIPAddress
                        }
        STATUS  current
        DESCRIPTION
                "This notification is sent when the link is restored with GGSN on GTP Profile."
        ::= { apSecurityGTPFailureNotifications 2 }


    -- Conformance information

apSecurityConformance OBJECT IDENTIFIER ::= { apSecurityModule 4 }
apSecurityCompliances OBJECT IDENTIFIER ::= { apSecurityConformance 1 }
apSecurityGroups   OBJECT IDENTIFIER ::= { apSecurityConformance 2 }
apSecurityNotificationsGroups
		     OBJECT IDENTIFIER ::= { apSecurityConformance 3 }
------objects group

apSecurityIPsecTunnelsObjectsGroup OBJECT-GROUP
	OBJECTS {
		apSecurityIPsecTunCount,
		apSecurityIPsecTunCapPct
		}
	STATUS	current
	DESCRIPTION
		"Objects for monitoring IPsec tunnel capacity."
	::= { apSecurityGroups 1 }

apSecurityIkeInterfaceObjectsGroup OBJECT-GROUP
	OBJECTS {
                apSecurityIkeInterfaceInitCookieErrors,
                apSecurityIkeInterfaceAuthErrors,
		apSecurityIkeInterfaceEapAccessRequestErrors,
                apSecurityIkeInterfaceEapAccessChallengeErrors,
                apSecurityIkeInterfaceTsErrors,
                apSecurityIkeInterfaceCpErrors,
                apSecurityIkeInterfaceKeErrors,
                apSecurityIkeInterfaceProposalErrors,
		apSecurityIkeInterfaceSyntaxErrors,
		apSecurityIkeInterfaceCriticalPayloadErrors
		}
	STATUS	current
	DESCRIPTION
		"Objects for monitoring IKE negotiation errors."
	::= { apSecurityGroups 2 }

apSecurityTacacsObjectsGroup OBJECT-GROUP
	OBJECTS {
                apSecurityTacacsServer,
                apSecurityTacacsCliCommands,
                apSecurityTacacsSuccessAuthentication,
                apSecurityTacacsFailureAuthentication,
                apSecurityTacacsSuccessAuthorization,
                apSecurityTacacsFailureAuthorization
		}
	STATUS	current
	DESCRIPTION
		"Objects for monitoring TACACS+ transactions."
	::= { apSecurityGroups 3 }
				 
apSecurityCertObjectsGroup OBJECT-GROUP
        OBJECTS {
		apSecurityCertificateRecordName,
                apSecurityCertificateCertSubject,
		apSecurityCertificateCertStart,
		apSecurityCertificateCertExpire,
                apSecurityCertificateCertIssuer,
		apSecurityCertificateCertIsCA
                }
       STATUS   current
       DESCRIPTION
	        "Objects for managing locally installed certificates. "
       ::= { apSecurityGroups 4 }
       
apSecurityIkeInterfaceInfoObjectsGroup OBJECT-GROUP
	OBJECTS {
                apSecurityIkeInterfaceTunnelRate,
                apSecurityIkeInterfaceCurrentChildSaPair
		}
	STATUS	current
	DESCRIPTION
		"Objects for monitoring IKE interface tunnel information"
	::= { apSecurityGroups 5 }

-- notification groups

apSecurityNotificationsGroup NOTIFICATION-GROUP
	NOTIFICATIONS  {
		apSecurityTunnelFailureNotification,
		apSecurityRadiusFailureNotification,
		apSecurityTunnelDPDNotification,
                apSecurityTacacsFailureNotification
		}
	STATUS   current
        DESCRIPTION
                 "A collection of notifications for security "
	::= {  apSecurityNotificationsGroups 1 }

apSecurityIPsecTunnelsNotificationsGroup NOTIFICATION-GROUP
	NOTIFICATIONS  {
		apSecurityIPsecTunCapNotification,
		apSecurityIPsecTunCapClearNotification
		}
	STATUS   current
        DESCRIPTION
                 "A collection of notifications for IPsec tunnel capacity."
	::= {  apSecurityNotificationsGroups 2 }

apSecurityDDosNotificationsGroup NOTIFICATION-GROUP
	NOTIFICATIONS  {
		apSecurityAuthFailureThresholdNotification
		}
	STATUS   current
        DESCRIPTION
                 "A collection of notifications for IKEv2 DDos "
	::= {  apSecurityNotificationsGroups 3 }

apSecurityOCSRNotificationsGroup NOTIFICATION-GROUP
	NOTIFICATIONS  {
		apSecurityOCSRDownNotification,
		apSecurityOCSRUpNotification
		}
	STATUS   current
        DESCRIPTION
                 "A collection of notifications for OCSRs "
	::= {  apSecurityNotificationsGroups 4 }

apSecurityCrlNotificationsGroup NOTIFICATION-GROUP
	NOTIFICATIONS  {
		apSecurityCrlInvalidNotification
		}
	STATUS   current
        DESCRIPTION
                 "A collection of notifications for CRLs "
	::= {  apSecurityNotificationsGroups 5 }


apSecurityCRLRetrievalNotificationsGroup NOTIFICATION-GROUP
	NOTIFICATIONS  {
		apSecurityCRLRetrievalFailNotification,
		apSecurityCRLRetrievalClearNotification
		}
	STATUS   current
        DESCRIPTION
                 "A collection of notifications for CRL Retrieval "
	::= {  apSecurityNotificationsGroups 6 }


apSecurityCertNotificationsGroup NOTIFICATION-GROUP
	NOTIFICATIONS  {
                apSecurityCertExpiredNotification,
                apSecurityCertExpireSoonNotification
		}
	STATUS   current
        DESCRIPTION
                 "A collection of notifications for CRLs "
	::= {  apSecurityNotificationsGroups 7 }

apSecurityGTPNotificationsGroup NOTIFICATION-GROUP
        NOTIFICATIONS  {
                apSecurityGTPLinkFailureNotification,
                apSecurityGTPLinkClearNotification
                }
        STATUS   current
        DESCRIPTION
                 "A collection of notifications for GTP peer communication "
        ::= {  apSecurityNotificationsGroups 8 }

apSecurityNotificationsInetGroup NOTIFICATION-GROUP
	NOTIFICATIONS  {
		apSecurityTunnelFailureInetNotification,			
		apSecurityRadiusFailureNotification,
		apSecurityTunnelDPDInetNotification,
                apSecurityTacacsFailureNotification
		}
	STATUS   current
        DESCRIPTION
                 "A collection of notifications for security "
	::= {  apSecurityNotificationsGroups 9 }

apSecurityDDosNotificationsInetGroup NOTIFICATION-GROUP
	NOTIFICATIONS  {
		apSecurityAuthFailureThresholdInetNotification
		}
	STATUS   current
        DESCRIPTION
                 "A collection of notifications for IKEv2 DDos "
	::= {  apSecurityNotificationsGroups 10 }

END


