--
-- AVAYA-IPSEC-MIB.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 3.0 Build 253
-- Sunday, February 27, 2005 at 15:25:17
--

-- Copyright  2004 by Avaya Inc. All rights reserved.
-- 
-- This AVAYA SNMP Management Information Base Specification (Specification) 
-- embodies AVAYA confidential and Proprietary intellectual property.  
-- AVAYA retains all Title and ownership in the Specification, including any 
-- revisions.
-- 
-- It is AVAYA's intent to encourage the widespread use of this Specification 
-- in connection with the management of AVAYA products. AVAYA grants vendors, 
-- end-users, and other interested parties a non-exclusive license to use this 
-- Specification in connection with the management of AVAYA products.
-- 
-- This Specification is supplied "as is," and AVAYA makes no warranty, either 
-- express or implied, as to the use, operation, condition, or performance of 
-- the Specification.
-- 
-- ========================================================
-- SourceSafe Version Information:
-- $Revision: 35 $
-- Check in $Date: 11/01/07 12:27p $
-- $Author: Sbiton $
-- $Archive: /MIBs/Version 1.0/Source/Avaya/AVAYA-IPSEC-MIB.my $
-- ========================================================

	AVAYA-IPSEC-MIB DEFINITIONS ::= BEGIN
 
		IMPORTS
			avGatewayMibs			
				FROM AVAYAGEN-MIB			
			OBJECT-GROUP, MODULE-COMPLIANCE			
				FROM SNMPv2-CONF			
			IpAddress, Integer32, Unsigned32, Gauge32, Counter32, 
			OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE			
				FROM SNMPv2-SMI			
			RowStatus, DisplayString, TruthValue, TimeStamp, TEXTUAL-CONVENTION			
				FROM SNMPv2-TC;
	
	
		avayaIpsecMib MODULE-IDENTITY 
			LAST-UPDATED "200701081643Z"		-- Januar 08, 2007 at 16:43 
			ORGANIZATION 
				"Avaya, Inc."
			CONTACT-INFO 
				"    Avaya Customer Services
				
				Postal: Avaya, Inc.
				        211 Mt Airy Rd.
				        Basking Ridge, NJ 07920
				        USA
				
				Tel:    +1 908 953 6000
				
				E-mail: executiveoffic@avaya.com
				
				WWW:    http://www.avaya.com
				
				"
			DESCRIPTION 
				"The MIB module for configuring IPSec functionality 
				in Avaya converged Gateways."
			REVISION    "200701081643Z"
			DESCRIPTION 
			    "Add time to failback to primary peer (seconds) - 
			    avipsIsakmpPeerGroupFailbacktoPrimaryInterval under the 
			    avipsIsakmpPeerTable." 
			::= { avGatewayMibs 1 }
		
	
--
-- Textual conventions
--
	
		DiffHellmanGrp ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"The Diffie Hellman Group used in negotiations."
			SYNTAX INTEGER
				{
				dhGroup1(1),
				dhGroup2(2),
				dhGroup5(5),
				dhGroup14(14),
				dhGroup15(15),
				dhGroup16(16),
				dhGroup17(17),
				dhGroup18(18),
				none(255)
				}
			
		IkeEncryptAlgo ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"Values for encryption algorithms negotiated
				for the ISAKMP SA by IKE in Phase I.  These are
				values for SA Attribute type Encryption
				Algorithm (1)."
			SYNTAX INTEGER
				{
				des(2),
				des3(3),
				aes(4),
				aes192(5),
				aes256(6),
				none(255)
				}
			
		IkeHashAlgo ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"Values for hash algorithms negotiated
				for the ISAKMP SA by IKE in Phase I.  These are
				values for SA Attribute type Hash Algorithm (2)."
			SYNTAX INTEGER
				{
				none(1),
				md5(2),
				sha(3)
				}
			
		EspHashTransform ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"The ESP Authentication Algorithm used in the IPsec
				DOI as a SA Attributes definition in the Transform
				Payload of Phase II of an IKE negotiation.  This
				set of values defines the AH authentication
				algorithm, when the associated Proposal Payload has
				a Protocol-ID of 2 (AH).  This set of values
				defines the ESP authentication algorithm, when the
				associated Proposal Payload has a Protocol-ID
				of 3 (ESP)."
			SYNTAX INTEGER
				{
				none(1),
				md5(2),
				sha(3)
				}
			
		EspEncrTransform ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"The values of the IPsec DOI ESP Transform Identifier
				which identify a particular algorithm to be used to
				provide secrecy protection for ESP.  It is used in
				the Transform-ID field of a ISAKMP Transform Payload
				for the IPsec DOI, when the Protocol-Id of the
				associated Proposal Payload is 2 (AH), 3 (ESP),
				and 4 (IPCOMP)."
			SYNTAX INTEGER
				{
				null(1),
				des(2),
				des3(3),
				aes(4),
				aes192(5),
				aes256(6),
				none(255)
				}
			
		IsakmpIdentityType ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"This TC provides the semantics for a column with
				IsakmpIdentityValue TC. Wherever this TC is used, there 
				should be an accompanying column which uses the 
				IsakmpIdentityValue TC to specify the data for which the
				semantics apply.
				
				Values in the range [1..255] is the IPsec DOI Identification
				Type that is an 8-bit value which is used in the ID Type 
				field as a discriminant for interpretation of the 
				variable-length Identification Payload.
				
				Values in the range [256..260] are reserved for the 
				following semantics, which can be used for local and remote
				peers:
				none(256) - this object is empty.
				peerGroup(257) - IsakmpIdentityValue is a peer-group name.
				
				Values in the range [261..Max] are reserved for the 
				following semantics, which can be used for local peers only:
				ifName(270) - an interface name, which IP address is used
				              as the local-peer's ID.
				"
			SYNTAX INTEGER
				{
				ipv4Address(1),
				fqdn(2),
				userFqdn(3),
				none(256),
				peerGroup(257),
				ifName(270)
				}
			
		IsakmpIdentityValue ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"IsakmpIdentityValue contains a string encoded Identity Type
				value to be used in comparisons against an IKE Identity
				payload.  Wherever this TC is used, there should be an
				accompanying column which uses the IsakmpIdentityType TC to
				specify the type of data in this object.
				
				See the IsakmpIdentityType TC for the supported identity types
				available.  Note that the IsakmpIdentityType TC specifies how
				to encode binary values, while this object will contain human
				readable string versions."
			SYNTAX OCTET STRING (SIZE (1..110))
			
		IsakmpDpdKeepaliveMetric ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"Specifies the type of worry-metric to be used
				for DPD."
			SYNTAX INTEGER
				{
				disabled(1),
				onDemand(2),
				periodic(3)
				}
			
		IpsecEncapMode ::= TEXTUAL-CONVENTION
			STATUS current
			DESCRIPTION 
				"IPSec encapsulation mode."
			SYNTAX INTEGER
				{
				tunnel(1),
				transport(2)
				}
			
	
--
-- Node definitions
--
	
		-- 1.3.6.1.4.1.6889.2.6.1.1
		avipsMIBObjects OBJECT IDENTIFIER ::= { avayaIpsecMib 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.1
		avipsGlobals OBJECT IDENTIFIER ::= { avipsMIBObjects 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.1.1
		avipsGlobalsInvalidSpiRecovery OBJECT-TYPE
			SYNTAX TruthValue
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object determines whether invalid-spi-recovery 
				is enabled (true) or disabled (false).
				When enabled, the device shall open an IKE SA,
				if it does not already exist, in order to 
				send DELETE message to the remote peer when
				receiving an invalid spi or invalid cookie 
				with SIP of that remote peer.
				This causes faster recovery times in case of 
				SADB inconsistency, but may cause D/DoS attack
				on the remote peer."
			::= { avipsGlobals 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.1.2
		avipsNatTEnabled OBJECT-TYPE
			SYNTAX TruthValue
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object specifies whether IPSec NAT-T is invoked in the device.
				If this object is True then NAT-T is enabled."
			::= { avipsGlobals 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.1.3
		avipsNatTKeepaliveInterval OBJECT-TYPE
			SYNTAX Integer32
			UNITS "seconds"
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object determines the NAT-T keepalive interval in seconds.
				If this object is set to 0 then NAT-T keepalives are disabled."
			::= { avipsGlobals 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.1.4
		avipsCryptoEngineAccelEnabled OBJECT-TYPE
			SYNTAX TruthValue
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The value of this object determines whether IPSec HW 
				acceleration is enabled or disabled.
				In case the HW does not support acceleration the value
				of this object shall be false.
				"
			::= { avipsGlobals 4 }
			
		-- 1.3.6.1.4.1.6889.2.6.1.1.2
		avipsIsakmpGroup OBJECT IDENTIFIER ::= { avipsMIBObjects 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.2.1
		avipsIsakmpPeerTable OBJECT-TYPE
			SYNTAX SEQUENCE OF AvipsIsakmpPeerEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This table contains a list of all the remote peers and peer-groups we are 
				willing to establish an IPSec VPN connection with. Each entry 
				represents a peer or a peer-group, and is indexed by the peer's IKE 
				identification (type and value), or the peer-group name.
				Each peer entry points to the ISAKMP policy that will be 
				used for IKE negotiations (as an initiator or a responder).
				Note that in case this entry represents a peer-group
				the value of IsakmpIdentityType shall be set to peerGroup.
				In that case certain columns in this row are N/A."
			::= { avipsIsakmpGroup 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1
		avipsIsakmpPeerEntry OBJECT-TYPE
			SYNTAX AvipsIsakmpPeerEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"A specific entry."
			INDEX { avipsIsakmpPeerIdType, IMPLIED avipsIsakmpPeerId }
			::= { avipsIsakmpPeerTable 1 }
		
		AvipsIsakmpPeerEntry ::=
			SEQUENCE { 
				avipsIsakmpPeerIdType
					IsakmpIdentityType,
				avipsIsakmpPeerId
					IsakmpIdentityValue,
				avipsIsakmpPeerDescription
					DisplayString,
				avipsIsakmpPeerIsaPlcyId1
					Integer32,
				avipsIsakmpPeerInitiateMode
					INTEGER,
				avipsIsakmpPeerSelfIdType
					IsakmpIdentityType,
				avipsIsakmpPeerSelfId
					IsakmpIdentityValue,
				avipsIsakmpPeerKeepaliveMetric
					IsakmpDpdKeepaliveMetric,
				avipsIsakmpPeerKeepaliveInterval
					Integer32,
				avipsIsakmpPeerKeepaliveRetryInterval
					Integer32,
				avipsIsakmpPeerKeepaliveTrackId
					Integer32,
				avipsIsakmpPeerContChannel
					TruthValue,
				avipsIsakmpPeerRowStatus
					RowStatus,
				avipsIsakmpPeerGroupFailbacktoPrimaryInterval
				    Integer32				
			 }

		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.1
		avipsIsakmpPeerIdType OBJECT-TYPE
			SYNTAX IsakmpIdentityType (1..260)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This object is an enumeration identifying the type of the
				Identity value. Note that value can also be peerGroup,
				in that case avipsIsakmpPeerId contains the peer-group's 
				name. Also note that certain columns in this row are N/A
				for peer-group (refer to specific objects' descriptions
				for details).
				This is also the first index component of this table."
			::= { avipsIsakmpPeerEntry 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.2
		avipsIsakmpPeerId OBJECT-TYPE
			SYNTAX IsakmpIdentityValue
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This object contains an Identity filter to be used to match
				against the identity payload in an IKE request.
				This is also the second index component of this table."
			::= { avipsIsakmpPeerEntry 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.3
		avipsIsakmpPeerDescription OBJECT-TYPE
			SYNTAX DisplayString (SIZE (0..80))
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"Free text describing this row."
			DEFVAL { "" }
			::= { avipsIsakmpPeerEntry 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.4
		avipsIsakmpPeerIsaPlcyId1 OBJECT-TYPE
			SYNTAX Integer32 (0..9999)
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object contains the ID of the ISAKMP policy to be used
				in IKE Phase I negotiation with this peer.
				A value of 0 indicates that this object is empty.
				
				This object is N/A if avipsIsakmpPeerIdType is peerGroup."
			DEFVAL { 0 }
			::= { avipsIsakmpPeerEntry 4 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.5
		avipsIsakmpPeerInitiateMode OBJECT-TYPE
			SYNTAX INTEGER
				{
				none(1),
				main(2),
				aggressive(3)
				}
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object specifies how to initiate IKE when communicating
				with this peer:
				none(1) - Never initiate IKE with this peer (i.e. respond only)
				main(2) - Initiate Main Mode (MM)
				aggressive(3) - Initiate Aggressive Mode (AM)
				
				This object is N/A if avipsIsakmpPeerIdType is peerGroup."
			DEFVAL { main }
			::= { avipsIsakmpPeerEntry 5 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.6
		avipsIsakmpPeerSelfIdType OBJECT-TYPE
			SYNTAX IsakmpIdentityType
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object is an enumeration identifying the type 
				of the Identity value which the local peer shall 
				use in the its identity payload during Phase-1 
				negotiation.
				
				This object is N/A if avipsIsakmpPeerIdType is peerGroup."
			DEFVAL { ipv4Address }
			::= { avipsIsakmpPeerEntry 6 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.7
		avipsIsakmpPeerSelfId OBJECT-TYPE
			SYNTAX IsakmpIdentityValue
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"If not empty, this object specifies the identity value 
				which the local peer will send in the identification payload 
				during IKE Phase-1 negotiation.
				If this object is empty, the default local identity shall be 
				sent, according to the value of avipsIsakmpPeerSelfIdType.
				
				This object is N/A if avipsIsakmpPeerIdType is peerGroup.
				"
			DEFVAL { ''b }
			::= { avipsIsakmpPeerEntry 7 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.8
		avipsIsakmpPeerKeepaliveMetric OBJECT-TYPE
			SYNTAX IsakmpDpdKeepaliveMetric
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The worry-metric to be used for deciding when to 
				send R-U-THERE message to the remote peer.
				
				This object is N/A if avipsIsakmpPeerIdType is peerGroup."
			DEFVAL { disabled }
			::= { avipsIsakmpPeerEntry 8 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.9
		avipsIsakmpPeerKeepaliveInterval OBJECT-TYPE
			SYNTAX Integer32
			UNITS "seconds"
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The minimal interval, in seconds, between two 
				consecutive R-U-THERE sent by the local peer, when
				the previous R-U-THERE message has been answered.
				The actual interval is based on this value and
				other parameters, such as the worry-metric.
				
				This object is N/A if avipsIsakmpPeerIdType is peerGroup."
			DEFVAL { 10 }
			::= { avipsIsakmpPeerEntry 9 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.10
		avipsIsakmpPeerKeepaliveRetryInterval OBJECT-TYPE
			SYNTAX Integer32
			UNITS "seconds"
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The actual interval, in seconds, between R-U-THERE
				retries sent by the local peer, when the previous
				R-U-THERE message has not been answered.
				
				This object is N/A if avipsIsakmpPeerIdType is peerGroup."
			DEFVAL { 2 }
			::= { avipsIsakmpPeerEntry 10 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.11
		avipsIsakmpPeerKeepaliveTrackId OBJECT-TYPE
			SYNTAX Integer32
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"Bind the status of this peer to an object-tracker by specifying
				the ID of the object-tracker (avstrTrackerId in 
				AVAYA-SAA-TRACK-MIB).
				A value of 0 means that peer is not bound to any 
				object-tracker.
				
				This object is N/A if avipsIsakmpPeerIdType is peerGroup."
			DEFVAL { 0 }
			::= { avipsIsakmpPeerEntry 11 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.12
		avipsIsakmpPeerContChannel OBJECT-TYPE
			SYNTAX TruthValue
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object determines whether continuous channel IKE
				mode is used for contacting the peer.
				Continuous channel IKE means that local peer
				tries to establish an IKE SA with the remote peer
				as soon as possible, also when there is no outbound
				traffic that requires it.
				
				This object is N/A if avipsIsakmpPeerIdType is peerGroup."
			DEFVAL { false }
			::= { avipsIsakmpPeerEntry 12 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.1.1.13
		avipsIsakmpPeerRowStatus OBJECT-TYPE
			SYNTAX RowStatus
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object indicates the conceptual status of this row.
				
				The value of this object has no effect on whether other
				objects in this conceptual row can be modified.
				
				If active, this object must remain active if it is referenced
				by a row in another table.
				
				Use createAndGo (not createAndWait) to create this row."
			::= { avipsIsakmpPeerEntry 13 }  
			
		avipsIsakmpPeerGroupFailbacktoPrimaryInterval OBJECT-TYPE
			SYNTAX Integer32
			UNITS "seconds"
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The amount of time in seconds that secondary peer shall be up (after 
				primary peer went down) before there will be failback to primary
				peer (in case it is up again). The default value is 24 hours.
				
				Relevant for peer-group only (values 1 and up). 
				For peer return value of 0. "
			DEFVAL { 86400 }
			::= { avipsIsakmpPeerEntry 14 }
	
			        
		-- 1.3.6.1.4.1.6889.2.6.1.1.2.2
		avipsPeerGroupPeersTable OBJECT-TYPE
			SYNTAX SEQUENCE OF AvipsPeerGroupPeersEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This table contains all the associations between peer-groups
				and isakmp peers. The relation between peer-group and isakmp 
				peer is many-to-many. A valid peer-group (i.e. a peer-group 
				that can be associated with an active crypto-list) contains 
				one or more isakmp peers. An isakmp peer may be contained in 
				zero or more peer-groups."
			::= { avipsIsakmpGroup 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1
		avipsPeerGroupPeersEntry OBJECT-TYPE
			SYNTAX AvipsPeerGroupPeersEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"A specific entry."
			INDEX { avipsPeerGroupPeersPGrpName, avipsPeerGroupPeersPeerIndex }
			::= { avipsPeerGroupPeersTable 1 }
		
		AvipsPeerGroupPeersEntry ::=
			SEQUENCE { 
				avipsPeerGroupPeersPGrpName
					DisplayString,
				avipsPeerGroupPeersPeerIndex
					Integer32,
				avipsPeerGroupPeersPIdType
					IsakmpIdentityType,
				avipsPeerGroupPeersPIdValue
					IsakmpIdentityValue,
				avipsPeerGroupPeersRowStatus
					RowStatus
			 }

		-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.1
		avipsPeerGroupPeersPGrpName OBJECT-TYPE
			SYNTAX DisplayString
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The name of the peer-group associated with this isakmp peer.
				Note that there must exist a matching active entry in 
				avipsIsakmpPeerTable which avipsIsakmpPeerIdType is
				peerGroup, otherwise a 'set' operation shall fail."
			::= { avipsPeerGroupPeersEntry 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.2
		avipsPeerGroupPeersPeerIndex OBJECT-TYPE
			SYNTAX Integer32 (1..100)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The ordered index of the peer within the peer-group."
			::= { avipsPeerGroupPeersEntry 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.3
		avipsPeerGroupPeersPIdType OBJECT-TYPE
			SYNTAX IsakmpIdentityType (1..256)
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object is an enumeration identifying the type of the
				Identity value of the peer associated with this IPSec
				connection. Note that value cannot be peerGroup.
				The contents of this object object is interpreted along 
				with avipsPeerGroupPeersPIdValue."
			::= { avipsPeerGroupPeersEntry 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.4
		avipsPeerGroupPeersPIdValue OBJECT-TYPE
			SYNTAX IsakmpIdentityValue
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object contains value of the peer ID.
				The contents of this object object is interpreted along 
				with avipsPeerGroupPeersPIdType."
			::= { avipsPeerGroupPeersEntry 4 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.3.1.5
		avipsPeerGroupPeersRowStatus OBJECT-TYPE
			SYNTAX RowStatus
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object indicates the conceptual status of this row.
				
				The value of this object has no effect on whether other
				objects in this conceptual row can be modified.
				
				If active, this object must remain active if it is referenced
				by a row in another table.
				
				Use createAndWait (not createAndGo) to create this row.
				This object is active(1) after avipsPeerGroupPeersPIdType
				and avipsPeerGroupPeersPIdValue are set."
			::= { avipsPeerGroupPeersEntry 5 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.2.3
		avipsIsakmpPlcyTable OBJECT-TYPE
			SYNTAX SEQUENCE OF AvipsIsakmpPlcyEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The table containing the list of all
				ISAKMP policy entries configured by the operator."
			::= { avipsIsakmpGroup 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1
		avipsIsakmpPlcyEntry OBJECT-TYPE
			SYNTAX AvipsIsakmpPlcyEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"Each entry contains the attributes 
				associated with a single ISAKMP
				Policy entry."
			INDEX { avipsIsakmpPlcyId }
			::= { avipsIsakmpPlcyTable 1 }
		
		AvipsIsakmpPlcyEntry ::=
			SEQUENCE { 
				avipsIsakmpPlcyId
					Integer32,
				avipsIsakmpPlcyDescription
					DisplayString,
				avipsIsakmpPlcyDhGroup
					DiffHellmanGrp,
				avipsIsakmpPlcyEncrAlgo
					IkeEncryptAlgo,
				avipsIsakmpPlcyHashAlgo
					IkeHashAlgo,
				avipsIsakmpPlcyLifetime
					Integer32,
				avipsIsakmpPlcyAuth
					INTEGER,
				avipsIsakmpPlcyRowStatus
					RowStatus
			 }

		-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.1
		avipsIsakmpPlcyId OBJECT-TYPE
			SYNTAX Integer32 (1..9999)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The ID of this ISAKMP Policy entry.
				This is also the index of this table."
			::= { avipsIsakmpPlcyEntry 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.2
		avipsIsakmpPlcyDescription OBJECT-TYPE
			SYNTAX DisplayString (SIZE (0..80))
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"Free text describing this object."
			DEFVAL { "" }
			::= { avipsIsakmpPlcyEntry 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.3
		avipsIsakmpPlcyDhGroup OBJECT-TYPE
			SYNTAX DiffHellmanGrp
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object specifies the Oakley group used 
				for Diffie Hellman exchange in the Main Mode. 
				If this policy item is selected to negotiate
				Main Mode with an IKE peer, the local entity 
				chooses the group specified by this object to
				perform Diffie Hellman exchange with the
				peer."
			DEFVAL { dhGroup1 }
			::= { avipsIsakmpPlcyEntry 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.4
		avipsIsakmpPlcyEncrAlgo OBJECT-TYPE
			SYNTAX IkeEncryptAlgo
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The encryption transform specified by this 
				ISAKMP policy specification. The Internet Key Exchange
				(IKE) tunnels setup using this policy item would
				use the specified encryption transform to protect the
				ISAKMP PDUs."
			DEFVAL { des }
			::= { avipsIsakmpPlcyEntry 4 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.5
		avipsIsakmpPlcyHashAlgo OBJECT-TYPE
			SYNTAX IkeHashAlgo
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The hash transform specified by this 
				ISAKMP policy specification. The IKE tunnels
				setup using this policy item would use the 
				specified hash transform to protect the
				ISAKMP PDUs."
			DEFVAL { sha }
			::= { avipsIsakmpPlcyEntry 5 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.6
		avipsIsakmpPlcyLifetime OBJECT-TYPE
			SYNTAX Integer32 (60..86400)
			UNITS "seconds"
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object specifies the lifetime, in seconds,
				of the IKE tunnels generated using this 
				policy specification."
			DEFVAL { 86400 }
			::= { avipsIsakmpPlcyEntry 6 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.7
		avipsIsakmpPlcyAuth OBJECT-TYPE
			SYNTAX INTEGER
				{
				none(1),
				preSharedKey(2)
				}
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The peer authentication method specified by
				this ISAKMP policy specification. If this policy
				entity is selected for negotiation with a peer,
				the local entity would authenticate the peer using 
				the method specified by this object."
			DEFVAL { preSharedKey }
			::= { avipsIsakmpPlcyEntry 7 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.2.4.1.8
		avipsIsakmpPlcyRowStatus OBJECT-TYPE
			SYNTAX RowStatus
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object indicates the conceptual status of this row.
				
				The value of this object has no effect on whether other
				objects in this conceptual row can be modified.
				
				If active, this object must remain active if it is referenced
				by a row in another table."
			::= { avipsIsakmpPlcyEntry 8 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.3
		avipsIpsecGroup OBJECT IDENTIFIER ::= { avipsMIBObjects 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.3.1
		avipsCryptoMapTable OBJECT-TYPE
			SYNTAX SEQUENCE OF AvipsCryptoMapEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This table contains all the crypto maps configured by the user.
				A crypto map essentially concentrates all the IPSec protection
				policy required for establishing IKE Phase-1 and Phase-2 
				connections."
			::= { avipsIpsecGroup 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1
		avipsCryptoMapEntry OBJECT-TYPE
			SYNTAX AvipsCryptoMapEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"A specific crypto map entry."
			INDEX { avipsCryptoMapId }
			::= { avipsCryptoMapTable 1 }
		
		AvipsCryptoMapEntry ::=
			SEQUENCE { 
				avipsCryptoMapId
					Integer32,
				avipsCryptoMapDescription
					DisplayString,
				avipsCryptoMapPeerIdType
					IsakmpIdentityType,
				avipsCryptoMapPeerIdValue
					IsakmpIdentityValue,
				avipsCryptoMapTranSetName1
					DisplayString,
				avipsCryptoMapIsReady
					TruthValue,
				avipsCryptoMapTunnelDscp
					Integer32,
				avipsCryptoMapContChannel
					TruthValue,
				avipsCryptoMapRowStatus
					RowStatus
			 }

		-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.1
		avipsCryptoMapId OBJECT-TYPE
			SYNTAX Integer32 (1..9999)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The ID of the crypto map entry.
				This is also the index of this table."
			::= { avipsCryptoMapEntry 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.2
		avipsCryptoMapDescription OBJECT-TYPE
			SYNTAX DisplayString (SIZE (0..80))
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"Free text describing this object."
			DEFVAL { "" }
			::= { avipsCryptoMapEntry 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.3
		avipsCryptoMapPeerIdType OBJECT-TYPE
			SYNTAX IsakmpIdentityType (1..260)
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object is an enumeration identifying the type of the
				Identity value of the peer associated with this IPSec
				connection.
				The contents of this object object is interpreted along 
				with avipsCryptoMapPeerIdValue."
			::= { avipsCryptoMapEntry 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.4
		avipsCryptoMapPeerIdValue OBJECT-TYPE
			SYNTAX IsakmpIdentityValue
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object contains an Identity filter to be used 
				to select the remote peer or peer-group when initiating IKE, 
				and to match against the identity payload in an IKE request 
				when responding to IKE.
				The contents of this object object is interpreted along 
				with avipsCryptoMapPeerIdType."
			DEFVAL { "" }
			::= { avipsCryptoMapEntry 4 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.5
		avipsCryptoMapTranSetName1 OBJECT-TYPE
			SYNTAX DisplayString (SIZE (1..32))
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The name of the transforms-set for this crypto map.
				This object is the index into the avipsTranSetTable."
			DEFVAL { "" }
			::= { avipsCryptoMapEntry 5 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.6
		avipsCryptoMapIsReady OBJECT-TYPE
			SYNTAX TruthValue
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"This field is true if and only if this 
				crypto map entry and all the descendent 
				configuration objects pointed by it are in 
				the ready state.
				Note that crypto list activation requires 
				that all the crypto maps it points to be ready.
				"
			DEFVAL { false }
			::= { avipsCryptoMapEntry 6 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.7
		avipsCryptoMapTunnelDscp OBJECT-TYPE
			SYNTAX Integer32 (-1 | 0..63)
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"The method used to set the high 6 bits of the TOS in the
				outer IP header.  A value of -1 indicates that the bits are
				copied from the payload's header. A value
				between 0 and 63 inclusive indicates that the bit field is
				set to the indicated value."
			DEFVAL { -1 }
			::= { avipsCryptoMapEntry 7 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.8
		avipsCryptoMapContChannel OBJECT-TYPE
			SYNTAX TruthValue
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object determines whether continuous channel IPSec
				mode is used for the rule pointing to this crypto map.
				Continuous channel IPSec means that local peer
				tries to establish an IPSec SA with the remote peer
				as soon as possible, also when there is no outbound
				traffic that requires it."
			DEFVAL { false }
			::= { avipsCryptoMapEntry 8 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.1.1.9
		avipsCryptoMapRowStatus OBJECT-TYPE
			SYNTAX RowStatus
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object indicates the conceptual status of this row.
				
				The value of this object has no effect on whether other
				objects in this conceptual row can be modified.
				
				If active, this object must remain active if it is referenced
				by an active crypto list."
			::= { avipsCryptoMapEntry 9 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.3.2
		avipsTranSetTable OBJECT-TYPE
			SYNTAX SEQUENCE OF AvipsTranSetEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This table lists all the transform-sets which can be used to
				build or accept IPsec proposals."
			::= { avipsIpsecGroup 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1
		avipsTranSetEntry OBJECT-TYPE
			SYNTAX AvipsTranSetEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"An entry containing the information on an IPsec transform-set."
			INDEX { IMPLIED avipsTranSetName }
			::= { avipsTranSetTable 1 }
		
		AvipsTranSetEntry ::=
			SEQUENCE { 
				avipsTranSetName
					DisplayString,
				avipsTranSetEspEncrTran
					EspEncrTransform,
				avipsTranSetEspHashTran
					EspHashTransform,
				avipsTranSetLifetime
					Integer32,
				avipsTranSetLifesize
					Integer32,
				avipsTranSetPfsGroup
					DiffHellmanGrp,
				avipsTranSetEncapMode
					IpsecEncapMode,
				avipsTranSetEspCompTran
					INTEGER,
				avipsTranRowStatus
					RowStatus
			 }

		-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.1
		avipsTranSetName OBJECT-TYPE
			SYNTAX DisplayString (SIZE (1..32))
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The name of this particular transform-set be referred to by an
				avipsCryptoMapEntry.
				This is the index of this table."
			::= { avipsTranSetEntry 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.2
		avipsTranSetEspEncrTran OBJECT-TYPE
			SYNTAX EspEncrTransform
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object specifies the transform ID of the ESP encryption
				algorithm."
			DEFVAL { des }
			::= { avipsTranSetEntry 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.3
		avipsTranSetEspHashTran OBJECT-TYPE
			SYNTAX EspHashTransform
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object specifies the ESP hash algorithm ID."
			DEFVAL { sha }
			::= { avipsTranSetEntry 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.4
		avipsTranSetLifetime OBJECT-TYPE
			SYNTAX Integer32 (0 | 120..86400)
			UNITS "seconds"
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object specifies how long, in seconds,
				the security association (SA) derived from this
				transform should be used.
				The value 0 is reserved for future use."
			DEFVAL { 3600 }
			::= { avipsTranSetEntry 4 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.5
		avipsTranSetLifesize OBJECT-TYPE
			SYNTAX Integer32 (-1 | 0 | 2560..536870912)
			UNITS "KBytes"
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object specifies how long, in Kilobytes,
				the security association (SA) derived from this 
				transform should be used.
				The value -1 means that no size based lifetime 
				will be offered to the other side.
				The value 0 is reserved for future use."
			DEFVAL { 4608000 }
			::= { avipsTranSetEntry 5 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.6
		avipsTranSetPfsGroup OBJECT-TYPE
			SYNTAX DiffHellmanGrp
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object specifies the DH group that shall 
				be used for PFS in quick mode exchange, when creating the 
				security association (SA) derived from this 
				transform.
				The reserved value 'none' means that PFS shall not be used."
			DEFVAL { none }
			::= { avipsTranSetEntry 6 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.7
		avipsTranSetEncapMode OBJECT-TYPE
			SYNTAX IpsecEncapMode
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object determines the ESP encapsulation mode that
				will be used. Possible values are 'tunnel' and 
				'transport'. In case transport mode is configured,
				it shall be used only if possible, i.e. the SIP and
				DIP of the relevant rule are equivalent to the LTEP
				and RTEP. Otherwise tunnel mode is used.
				"
			DEFVAL { tunnel }
			::= { avipsTranSetEntry 7 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.8
		avipsTranSetEspCompTran OBJECT-TYPE
			SYNTAX INTEGER
				{
				none(1),
				ippcpLzs(2)
				}
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object specifies the ESP compression algorithm:
				none(1) - no compression algorithm.
				ippcpLzs(2) - IPPCP with LZS compression.
				"
			DEFVAL { none }
			::= { avipsTranSetEntry 8 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.8.3.2.1.9
		avipsTranRowStatus OBJECT-TYPE
			SYNTAX RowStatus
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"This object indicates the conceptual status of this row.
				
				The value of this object has no effect on whether other
				objects in this conceptual row can be modified.
				
				If active, this object must remain active if it is referenced
				by a row in another table."
			::= { avipsTranSetEntry 9 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4
		avipsMonitoringGroup OBJECT IDENTIFIER ::= { avipsMIBObjects 4 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1
		avipsMonitoringTables OBJECT IDENTIFIER ::= { avipsMonitoringGroup 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.1
		avipsMonitoringTablesGlobals OBJECT IDENTIFIER ::= { avipsMonitoringTables 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.1.1
		avipsMonitorRstCntrs OBJECT-TYPE
			SYNTAX INTEGER
				{
				running(1),
				reset(2)
				}
			MAX-ACCESS read-write
			STATUS current
			DESCRIPTION
				"Use this object to reset all the IPSec counters.
				Set this object to reset(2) in order to do that.
				
				This operation is equivalent to issuing the 
				'clear crypto sa counters' command in the CLI."
			::= { avipsMonitoringTablesGlobals 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.1.2
		avipsMonitorRstCntrsLastChange OBJECT-TYPE
			SYNTAX TimeStamp
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"sysUpTime when last IPSec counters reset by 
				avipsMonitorRstCntrs or 'clear crypto sa counters'
				in CLI, in hundredths of a second."
			::= { avipsMonitoringTablesGlobals 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.2
		avipsPeerTable OBJECT-TYPE
			SYNTAX SEQUENCE OF AvipsPeerEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This table contains entries for every active isakmp 
				peer in the system. The word 'active' suggests that in case
				the peer is part of a redundant list of peers within a 
				crypto map, only the peer that is currently active will be
				included.
				"
			::= { avipsMonitoringTables 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1
		avipsPeerEntry OBJECT-TYPE
			SYNTAX AvipsPeerEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"A specific peer entry."
			INDEX { avipsPeerLocalId, avipsPeerRemoteId }
			::= { avipsPeerTable 1 }
		
		AvipsPeerEntry ::=
			SEQUENCE { 
				avipsPeerLocalId
					Unsigned32,
				avipsPeerRemoteId
					Unsigned32,
				avipsPeerLocalType
					IsakmpIdentityType,
				avipsPeerLocalValue
					IsakmpIdentityValue,
				avipsPeerRemoteType
					IsakmpIdentityType,
				avipsPeerRemoteValue
					IsakmpIdentityValue,
				avipsPeerRemoteDescription
					DisplayString,
				avipsPeerLocalAddress
					IpAddress,
				avipsPeerRemoteAddress
					IpAddress,
				avipsPeerRemotePeerGrpActiveIndex
					Integer32,
				avipsPeerRemotePeerGrpActiveIdType
					IsakmpIdentityType,
				avipsPeerRemotePeerGrpActiveIdValue
					IsakmpIdentityValue,
				avipsPeerIsakmpState
					INTEGER,
				avipsPeerIsakmpStateLastChange
					TimeStamp,
				avipsPeerTunnelsClosed
					Gauge32,
				avipsPeerTunnelsInProgress
					Gauge32,
				avipsPeerTunnelsEstablished
					Gauge32,
				avipsPeerTunnelsFailed
					Gauge32,
				avipsPeerInOctets
					Counter32,
				avipsPeerInOctetsWraps
					Counter32,
				avipsPeerInDecompOctets
					Counter32,
				avipsPeerInDecompOctetsWraps
					Counter32,
				avipsPeerInDecompRatio
					Gauge32,
				avipsPeerInPkts
					Counter32,
				avipsPeerInDropPkts
					Counter32,
				avipsPeerOutOctets
					Counter32,
				avipsPeerOutOctetsWraps
					Counter32,
				avipsPeerOutUncompOctets
					Counter32,
				avipsPeerOutUncompOctetsWraps
					Counter32,
				avipsPeerOutCompRatio
					Gauge32,
				avipsPeerOutPkts
					Counter32,
				avipsPeerOutDropPkts
					Counter32
			 }

		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.1
		avipsPeerLocalId OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"A synthetic ID that uniquely identifies the local peer for
				monitoring purpose.
				Note that this ID is persistent for this peer.
				
				This is also the first index component of this table.
				"
			::= { avipsPeerEntry 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.2
		avipsPeerRemoteId OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"A synthetic ID that uniquely identifies the remote peer for
				monitoring purpose.
				Note that this ID is persistent for this peer.
				
				This is also the second index component of this table."
			::= { avipsPeerEntry 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.3
		avipsPeerLocalType OBJECT-TYPE
			SYNTAX IsakmpIdentityType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The type of the local peer identity, as it was configured.
				If the local peer ID was configured as an interface name,
				the value of this object shall be ifName."
			::= { avipsPeerEntry 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.4
		avipsPeerLocalValue OBJECT-TYPE
			SYNTAX IsakmpIdentityValue
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The value of the local peer identity.
				
				If the local peer type is an IP Address, then this
				is the IP Address used to identify the local peer.
				
				If the local peer type is an interface name, then
				this is the name of the interface which IP is used 
				to identify the local peer.
				
				If the local peer type is a fqdn, then this is
				the fqdn used to identify the local peer."
			::= { avipsPeerEntry 4 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.5
		avipsPeerRemoteType OBJECT-TYPE
			SYNTAX IsakmpIdentityType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The type of the remote peer identity.
				"
			::= { avipsPeerEntry 5 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.6
		avipsPeerRemoteValue OBJECT-TYPE
			SYNTAX IsakmpIdentityValue
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The value of the remote peer identity.
				
				If the remote peer type is an IP Address, then this
				is the IP Address used to identify the remote peer.
				
				If the remote peer type is a fqdn, then this is
				the fqdn used to identify the remote peer."
			::= { avipsPeerEntry 6 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.7
		avipsPeerRemoteDescription OBJECT-TYPE
			SYNTAX DisplayString
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"Free text describing the remote peer or peer-group.
				The value of this field is taken from 
				avipsIsakmpPeerDescription."
			::= { avipsPeerEntry 7 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.8
		avipsPeerLocalAddress OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The IP address of the local peer.
				
				This is derived from the local-address specified in the 
				crypto-list that creates this connection.
				
				If the local peer type is an IP Address, then 
				this is identical to avipsPeerLocalValue."
			::= { avipsPeerEntry 8 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.9
		avipsPeerRemoteAddress OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The IP address of the remote peer.
				
				If the remote peer type is an IP Address, then this
				is identical to avipsPeerRemoteValue.
				
				If the remote peer type is a fqdn, then this is
				the IP address that was received by DNS resolution
				of the fqdn specified in IsakmpIdentityValue."
			::= { avipsPeerEntry 9 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.10
		avipsPeerRemotePeerGrpActiveIndex OBJECT-TYPE
			SYNTAX Integer32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"In case the remote is a peer-group, i.e. avipsPeerRemoteType 
				is peerGroup, this object specifies the index within 
				the peer-group of the currently active peer. This value
				is taken from avipsPeerGroupPeersPeerIndex of the
				active peer in this peer-group."
			::= { avipsPeerEntry 10 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.11
		avipsPeerRemotePeerGrpActiveIdType OBJECT-TYPE
			SYNTAX IsakmpIdentityType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"In case the remote is a peer-group, i.e. avipsPeerRemoteType 
				is peerGroup, this object specifies the id-type of the 
				currently active peer. This value is taken from 
				avipsIsakmpPeerIdType of the active peer in this 
				peer-group."
			::= { avipsPeerEntry 11 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.12
		avipsPeerRemotePeerGrpActiveIdValue OBJECT-TYPE
			SYNTAX IsakmpIdentityValue
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"In case the remote is a peer-group, i.e. avipsPeerRemoteType 
				is peerGroup, this object specifies the id-value of the 
				currently active peer. This value is taken from 
				avipsIsakmpPeerId of the active peer in this 
				peer-group."
			::= { avipsPeerEntry 12 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.13
		avipsPeerIsakmpState OBJECT-TYPE
			SYNTAX INTEGER
				{
				closed(1),
				inProgress(2),
				established(3),
				failed(4)
				}
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"This object specifies the state of the IKE connection
				between the peers.
				1. closed - No IKE SA exists between peers because it was
				            not negotiated yet, or because last IKE closed
				            normally due to hard timeout, clear by admin,
				            or DELETE received from the remote peer.
				            This is also the initial state of the row when 
				            it is created.
				2. inProgress - No IKE SA exists between peers, but it is 
				                currently being negotiated in Phase-1.
				3. established - IKE SA exists between peers.
				4. failed - No IKE SA exists between peers because of a 
				            failure. Possible reasons are:
				            1. Last time we tried to establish IKE the 
				               negotiation failed.
				            2. Last time we tried to establish IKE the 
				               remote peer DNS resolution failed.
				            3. During last connection DPD signaled 
				               a connection failure.
				            4. During last connection a track object 
				               signaled a connection failure.
				            5. The interface used for local-address does 
				               not have an IP address asigned to it 1 minute
				               or more after this row was created.
				            6. Last time we negotiated Phase-2 the 
				               negotiation timed-out, and the current 
				               IKE was subsequently deleted.
				
				NOTE: When continuous-channel IKE is used, the state shall
				remain 'established' during the normal transition time
				between one IKE SA and the next. However, if the IKE SA 
				was deleted due to a suspected problem then the state 
				will change normally during the transition (i.e. 'closed' 
				and then 'inProgress').
				[Suspected problem: if the last IKE SA was DELETEd by the
				 remote peer after less then 5 minutes,or if it was 
				 deleted by local admin]
				"
			::= { avipsPeerEntry 13 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.14
		avipsPeerIsakmpStateLastChange OBJECT-TYPE
			SYNTAX TimeStamp
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"sysUpTime when the last change in avipsPeerIsakmpState
				occured, in hundredths of a second."
			::= { avipsPeerEntry 14 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.15
		avipsPeerTunnelsClosed OBJECT-TYPE
			SYNTAX Gauge32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of IPSec tunnels associated with these peers,
				which are in the 'closed' state."
			::= { avipsPeerEntry 15 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.16
		avipsPeerTunnelsInProgress OBJECT-TYPE
			SYNTAX Gauge32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of IPSec tunnels associated with these peers,
				which are in the 'inProgress' state."
			::= { avipsPeerEntry 16 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.17
		avipsPeerTunnelsEstablished OBJECT-TYPE
			SYNTAX Gauge32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of IPSec tunnels associated with these peers,
				which are in the 'established' state."
			::= { avipsPeerEntry 17 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.18
		avipsPeerTunnelsFailed OBJECT-TYPE
			SYNTAX Gauge32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of IPSec tunnels associated with these peers,
				which are in the 'failed' state."
			::= { avipsPeerEntry 18 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.19
		avipsPeerInOctets OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The aggregate number of octets (bytes) successfully received 
				through all the tunnels between the peers. 
				This value is accumulated BEFORE determining whether or 
				not the packet should be decompressed.
				
				This number is the sum of avipsTunnelInOctets 
				together with avipsTunnelInOctetsWraps as a single 
				64-bit integer, for all the IPSec tunnels pertaining to the
				peers.
				
				See also avipsPeerInOctetsWraps for the number of times
				this counter has wrapped."
			::= { avipsPeerEntry 19 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.20
		avipsPeerInOctetsWraps OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of times avipsPeerInOctets has wrapped."
			::= { avipsPeerEntry 20 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.21
		avipsPeerInDecompOctets OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The aggregate number of decompressed octets (bytes) 
				successfully received through all the tunnels between 
				the peers.
				This value is accumulated AFTER the packet is decompressed. 
				If compression is not being used in any of the tunnels, 
				this value will match the value of avipsPeerInOctets.
				
				This number is the sum of avipsTunnelInDecompOctets 
				together with avipsTunnelInDecompOctetsWraps as a single 
				64-bit integer, for all the tunnels pertaining to the peers.
				
				See also avipsPeerInDecompOctetsWraps for the number of times
				this counter has wrapped."
			::= { avipsPeerEntry 21 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.22
		avipsPeerInDecompOctetsWraps OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of times avipsPeerInDecompOctets has wrapped."
			::= { avipsPeerEntry 22 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.23
		avipsPeerInDecompRatio OBJECT-TYPE
			SYNTAX Gauge32
			UNITS "Ratio * 100"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The overall decompression ratio * 100.
				This is the ratio between the number of octets received after 
				decompression and the number of octets received before
				decompression. It is calculated as the integer of
				{[(avipsPeerInDecompOctetsWraps*2^32 + avipsPeerInDecompOctets) /
				(avipsPeerInOctetsWraps*2^32 + avipsPeerInOctets)] * 100}"
			::= { avipsPeerEntry 23 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.24
		avipsPeerInPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The aggregate number of packets successfully received through 
				all the tunnels between the peers.
				
				This number is the sum of avipsTunnelInPkts for all
				the tunnels pertaining to the peers."
			::= { avipsPeerEntry 24 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.25
		avipsPeerInDropPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The aggregate number of packets dropped after being 
				received through any of the tunnels between the peers.
				
				This number is the sum of avipsTunnelInDropTotalPkts 
				for all the tunnels pertaining to the peers."
			::= { avipsPeerEntry 25 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.26
		avipsPeerOutOctets OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The aggregate number of octets (bytes) successfully 
				transmitted through all the tunnels between the peers. 
				This value is accumulated AFTER determining whether or 
				not the packet should be compressed.
				
				This number is the sum of avipsTunnelOutOctets
				together with vipsTunnelOutOctetsWraps as a single 
				64-bit integer, for all the tunnels pertaining to the peers.
				
				See also avipsPeerOutOctetsWraps for the number of times
				this counter has wrapped."
			::= { avipsPeerEntry 26 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.27
		avipsPeerOutOctetsWraps OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of times avipsPeerOutOctets has wrapped."
			::= { avipsPeerEntry 27 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.28
		avipsPeerOutUncompOctets OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The aggregate number of uncompressed octets (bytes) 
				successfully transmitted through this IPsec Tunnel.
				This value is accumulated BEFORE the packet is compressed. 
				If compression is not being used in any of the tunnels, 
				this value will match the value of avipsPeerOutOctets.
				
				This number is the sum of avipsTunnelOutUncompOctets 
				together with avipsTunnelOutUncompOctetsWraps as a single 
				64-bit integer, for all the tunnels pertaining to the peers.
				
				See also avipsPeerOutUncompOctetsWraps for the number of times
				this counter has wrapped."
			::= { avipsPeerEntry 28 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.29
		avipsPeerOutUncompOctetsWraps OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of times avipsPeerInDecompOctets has wrapped."
			::= { avipsPeerEntry 29 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.30
		avipsPeerOutCompRatio OBJECT-TYPE
			SYNTAX Gauge32
			UNITS "Ratio * 100"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The overall compression ratio * 100.
				This is the ratio between the number of outbound octets before
				compression and the number of outbound octets after
				compression. It is calculated as the integer of
				{[(avipsPeerOutUncompOctetsWraps*2^32 + 
				avipsPeerOutUncompOctets) / (avipsPeerOutOctetsWraps*2^32 
				+ avipsPeerOutOctets)]* 100}"
			::= { avipsPeerEntry 30 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.31
		avipsPeerOutPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The aggregate number of packets successfully transmitted 
				through all the tunnels between the peers.
				
				This number is the sum of avipsTunnelOutPkts for all
				the tunnels pertaining to the peers."
			::= { avipsPeerEntry 31 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3.1.32
		avipsPeerOutDropPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The aggregate number of packets dropped before being 
				transmitted through any of the tunnels between the peers.
				
				This number is the sum of avipsTunnelOutDropTotalPkts for 
				all the tunnels pertaining to the peers."
			::= { avipsPeerEntry 32 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.3
		avipsTunnelTable OBJECT-TYPE
			SYNTAX SEQUENCE OF AvipsTunnelEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"This table contains a entries for all the tunnels in the
				system. A 'tunnel' is a rule within an active crypto-list."
			::= { avipsMonitoringTables 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1
		avipsTunnelEntry OBJECT-TYPE
			SYNTAX AvipsTunnelEntry
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"A specific tunnel entry."
			INDEX { avipsTunnelIndex, avipsTunnelSubIndex, avipsTunnelPeerLocalId, avipsTunnelPeerRemoteId }
			::= { avipsTunnelTable 1 }
		
		AvipsTunnelEntry ::=
			SEQUENCE { 
				avipsTunnelPeerLocalId
					Unsigned32,
				avipsTunnelPeerRemoteId
					Unsigned32,
				avipsTunnelIndex
					Integer32,
				avipsTunnelSubIndex
					Integer32,
				avipsTunnelPeerLocalType
					IsakmpIdentityType,
				avipsTunnelPeerLocalValue
					IsakmpIdentityValue,
				avipsTunnelPeerRemoteType
					IsakmpIdentityType,
				avipsTunnelPeerRemoteValue
					IsakmpIdentityValue,
				avipsTunnelDescription
					DisplayString,
				avipsTunnelLocalAddress
					IpAddress,
				avipsTunnelRemoteAddress
					IpAddress,
				avipsTunnelProxyLocalSubnet
					IpAddress,
				avipsTunnelProxyLocalMask
					IpAddress,
				avipsTunnelProxyRemoteSubnet
					IpAddress,
				avipsTunnelProxyRemoteMask
					IpAddress,
				avipsTunnelState
					INTEGER,
				avipsTunnelStateLastChange
					TimeStamp,
				avipsTunnelLastCntrsReset
					TimeStamp,
				avipsTunnelInOctets
					Counter32,
				avipsTunnelInOctetsWraps
					Counter32,
				avipsTunnelInDecompOctets
					Counter32,
				avipsTunnelInDecompOctetsWraps
					Counter32,
				avipsTunnelInDecompRatio
					Gauge32,
				avipsTunnelInPkts
					Counter32,
				avipsTunnelInDropTotalPkts
					Counter32,
				avipsTunnelInDropAntiReplayPkts
					Counter32,
				avipsTunnelInDropHmacFailPkts
					Counter32,
				avipsTunnelInDropBadTrailerPkts
					Counter32,
				avipsTunnelInDropInvalidIdPkts
					Counter32,
				avipsTunnelInDropUnprotectPkts
					Counter32,
				avipsTunnelInDropInvalidLenPkts
					Counter32,
				avipsTunnelInDropSaExpiredPkts
					Counter32,
				avipsTunnelOutOctets
					Counter32,
				avipsTunnelOutOctetsWraps
					Counter32,
				avipsTunnelOutUncompOctets
					Counter32,
				avipsTunnelOutUncompOctetsWraps
					Counter32,
				avipsTunnelOutCompRatio
					Gauge32,
				avipsTunnelOutPkts
					Counter32,
				avipsTunnelOutDropTotalPkts
					Counter32,
				avipsTunnelOutDropNoSaPkts
					Counter32,
				avipsTunnelOutDropSeqRolPkts
					Counter32,
				avipsTunnelOutDropSaExpiredPkts
					Counter32
			 }

		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.1
		avipsTunnelPeerLocalId OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"A synthetic ID that uniquely identifies the local peer for
				monitoring purpose.
				Note that this ID is persistent for this peer.
				"
			::= { avipsTunnelEntry 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.2
		avipsTunnelPeerRemoteId OBJECT-TYPE
			SYNTAX Unsigned32
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"A synthetic ID that uniquely identifies the remote peer for
				monitoring purpose.
				Note that this ID is persistent for this peer."
			::= { avipsTunnelEntry 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.3
		avipsTunnelIndex OBJECT-TYPE
			SYNTAX Integer32 (1..2147483647)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The ID of the crypto-list containing the rule that
				creates this tunnel.
				
				This is also the fifth index component of this table."
			::= { avipsTunnelEntry 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.4
		avipsTunnelSubIndex OBJECT-TYPE
			SYNTAX Integer32 (1..2147483647)
			MAX-ACCESS not-accessible
			STATUS current
			DESCRIPTION
				"The index of the crypto-list rule that creates this tunnel.
				
				This is also the sixth index component of this table."
			::= { avipsTunnelEntry 4 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.5
		avipsTunnelPeerLocalType OBJECT-TYPE
			SYNTAX IsakmpIdentityType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The type of the local peer identity, as it was configured.
				If the local peer ID was configured as an interface name,
				the value of this object shall be ifName.
				
				This is also the first index component of this table."
			::= { avipsTunnelEntry 5 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.6
		avipsTunnelPeerLocalValue OBJECT-TYPE
			SYNTAX IsakmpIdentityValue
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The value of the local peer identity.
				
				If the local peer type is an IP Address, then this
				is the IP Address used to identify the local peer.
				
				If the local peer type is an interface name, then
				this is the name of the interface which IP is used 
				to identify the local peer.
				
				If the local peer type is a fqdn, then this is
				the fqdn used to identify the local peer.
				
				This is also the second index component of this table."
			::= { avipsTunnelEntry 6 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.7
		avipsTunnelPeerRemoteType OBJECT-TYPE
			SYNTAX IsakmpIdentityType
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The type of the remote peer identity.
				
				This is also the third index component of this table."
			::= { avipsTunnelEntry 7 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.8
		avipsTunnelPeerRemoteValue OBJECT-TYPE
			SYNTAX IsakmpIdentityValue
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The value of the remote peer identity.
				
				If the remote peer type is an IP Address, then this
				is the IP Address used to identify the remote peer.
				
				If the remote peer type is a fqdn, then this is
				the fqdn used to identify the remote peer.
				
				This is also the fourth index component of this table."
			::= { avipsTunnelEntry 8 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.9
		avipsTunnelDescription OBJECT-TYPE
			SYNTAX DisplayString
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"Free text describing this tunnel.
				The value of this field is taken from the 
				description specified for the crypto-list rule that 
				creates this tunnel."
			::= { avipsTunnelEntry 9 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.10
		avipsTunnelLocalAddress OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The IP address of the local peer."
			::= { avipsTunnelEntry 10 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.11
		avipsTunnelRemoteAddress OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The IP address of the remote peer."
			::= { avipsTunnelEntry 11 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.12
		avipsTunnelProxyLocalSubnet OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The local subnet address this tunnel protects."
			::= { avipsTunnelEntry 12 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.13
		avipsTunnelProxyLocalMask OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The local subnet mask this tunnel protects."
			::= { avipsTunnelEntry 13 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.14
		avipsTunnelProxyRemoteSubnet OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The remote subnet address this tunnel protects."
			::= { avipsTunnelEntry 14 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.15
		avipsTunnelProxyRemoteMask OBJECT-TYPE
			SYNTAX IpAddress
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The remote subnet mask this tunnel protects."
			::= { avipsTunnelEntry 15 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.16
		avipsTunnelState OBJECT-TYPE
			SYNTAX INTEGER
				{
				closed(1),
				inProgress(2),
				established(3),
				failed(4)
				}
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"This object specifies the state of this tunnel.
				1. closed - The tunnel does not exist between the peers because
				            it was not negotiated yet, or because last tunnel 
				            closed normally due to hard timeout, clear by admin
				            or DELETE received from the remote peer.
				            This is also the initial state of the row when 
				            it is created.
				2. inProgress - The tunnel does not exist between peers, but it
				                is currently being negotiated in IKE Quick Mode.
				3. established - The tunnel exists between peers.
				4. failed - The tunnel does not exist between peers because of a 
				            failure:
				            1. Last time we tried to establish this tunnel
				               the negotiation failed.
				            2. The connection with the remote peer has failed due
				               to one of the following, and hence all the 
				               corresponding ipsec tunnels were closed:
				               a. Last time we tried to establish IKE the 
				                  negotiation failed.
				               b. During last connection a track object 
				                  signaled a connection failure.
				               c. The interface used for local-address does 
				                  not have an IP address asigned to it 1 minute
				                  or more after this row was created.
				
				NOTE: The word 'tunnel' in this context refers to 1 or more 
				IPSec SAs (ESP or AH) between the peers, pertaining to the proxy
				addresses specified in this entry. As long as there is at least
				1 SA established, the tunnel state shall remain 'established'.
				"
			::= { avipsTunnelEntry 16 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.17
		avipsTunnelStateLastChange OBJECT-TYPE
			SYNTAX TimeStamp
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"sysUpTime when the last change in avipsTunnelState
				occured, in hundredths of a second."
			::= { avipsTunnelEntry 17 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.18
		avipsTunnelLastCntrsReset OBJECT-TYPE
			SYNTAX TimeStamp
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"sysUpTime when last counter reset for this tunnel
				occured, in hundredths of a second.
				
				Counters are zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 18 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.19
		avipsTunnelInOctets OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The total number of octets (bytes) successfully received 
				through this IPSec tunnel. 
				This value is accumulated BEFORE determining whether or 
				not the packet should be decompressed.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config).
				
				See also avipsTunnelInOctetsWraps for the number of times
				this counter has wrapped."
			::= { avipsTunnelEntry 19 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.20
		avipsTunnelInOctetsWraps OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of times avipsTunnelInOctets has wrapped.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 20 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.21
		avipsTunnelInDecompOctets OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The total number of decompressed octets (bytes) successfully 
				received through this IPsec Tunnel.
				This value is accumulated AFTER the packet is decompressed. 
				If compression is not being used, this value will match the 
				value of avipsTunnelInOctets.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config).
				
				See also avipsTunnelInDecompOctetsWraps for the number of times
				this counter has wrapped."
			::= { avipsTunnelEntry 21 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.22
		avipsTunnelInDecompOctetsWraps OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of times avipsTunnelInDecompOctets has wrapped.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 22 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.23
		avipsTunnelInDecompRatio OBJECT-TYPE
			SYNTAX Gauge32
			UNITS "Ratio * 100"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The overall decompression ratio * 100.
				This is the ratio between the number of octets received after 
				decompression and the number of octets received before
				decompression. It is calculated as the integer of
				{[(avipsTunnelInDecompOctetsWraps*2^32 + 
				avipsTunnelInDecompOctets) / 
				(avipsTunnelInOctetsWraps*2^32 + avipsTunnelInOctets)] * 100}"
			::= { avipsTunnelEntry 23 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.24
		avipsTunnelInPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets succesfully received through this 
				tunnel. 
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 24 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.25
		avipsTunnelInDropTotalPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The total number of packets discarded after being received
				through this tunnel.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 25 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.26
		avipsTunnelInDropAntiReplayPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets discarded after being received
				through this tunnel due to anti-replay verification failure.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 26 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.27
		avipsTunnelInDropHmacFailPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets discarded after being received
				through this tunnel due to HMAC verification failure.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 27 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.28
		avipsTunnelInDropBadTrailerPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets discarded after being received
				through this tunnel due to bad ESP trailer format received
				failure.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 28 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.29
		avipsTunnelInDropInvalidIdPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets discarded after being received
				through this tunnel due to invalid identity: inner 
				(original) IP header address doesn't match the configured 
				tunnel proxy IPs.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 29 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.30
		avipsTunnelInDropUnprotectPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets discarded after being received
				in the clear (unprotected) although they were expected
				to arrive protected by this tunnel (i.e. unprotected
				packets with source and destination IP matching the 
				proxy IPs of this tunnel).
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 30 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.31
		avipsTunnelInDropInvalidLenPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets discarded after being received
				through this tunnel due to length being not aligned to 
				cipher block.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 31 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.32
		avipsTunnelInDropSaExpiredPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets discarded after being received
				through this tunnel due to SA KB lifetime being smaller
				then the external IP packet total length.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 32 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.33
		avipsTunnelOutOctets OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The total number of octets (bytes) successfully transmitted 
				through this IPSec tunnel. 
				This value is accumulated AFTER determining whether or 
				not the packet should be compressed.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config).
				
				See also avipsTunnelOutOctetsWraps for the number of times
				this counter has wrapped."
			::= { avipsTunnelEntry 33 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.34
		avipsTunnelOutOctetsWraps OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of times avipsTunnelOutOctets has wrapped.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 34 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.35
		avipsTunnelOutUncompOctets OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The total number of uncompressed octets (bytes) successfully 
				transmitted through this IPsec Tunnel.
				This value is accumulated BEFORE the packet is compressed. 
				If compression is not being used, this value will match the 
				value of avipsTunnelOutOctets.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config).
				
				See also avipsTunnelOutUncompOctetsWraps for the number of 
				times this counter has wrapped."
			::= { avipsTunnelEntry 35 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.36
		avipsTunnelOutUncompOctetsWraps OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of times avipsTunnelInDecompOctets has wrapped.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 36 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.37
		avipsTunnelOutCompRatio OBJECT-TYPE
			SYNTAX Gauge32
			UNITS "Ratio * 100"
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The overall compression ratio * 100.
				This is the ratio between the number of outbound octets before
				compression and the number of outbound octets after
				compression. It is calculated as the integer of
				{[(avipsTunnelOutUncompOctetsWraps*2^32 + 
				avipsTunnelOutUncompOctets) / (avipsTunnelOutOctetsWraps*2^32 
				+ avipsTunnelOutOctets)]* 100}"
			::= { avipsTunnelEntry 37 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.38
		avipsTunnelOutPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets succesfully transmitted through 
				this tunnel.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 38 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.39
		avipsTunnelOutDropTotalPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The total number of packets dropped before being transmitted
				through this tunnel.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 39 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.40
		avipsTunnelOutDropNoSaPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets dropped before being transmitted
				through this tunnel due to no IPSec SA existed when 
				the packet arrived.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 40 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.41
		avipsTunnelOutDropSeqRolPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets dropped before being transmitted
				through this tunnel due to sequence number rollover: 
				the sequence number of the IPSec SA reached its capacity.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 41 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.1.4.1.4.1.42
		avipsTunnelOutDropSaExpiredPkts OBJECT-TYPE
			SYNTAX Counter32
			MAX-ACCESS read-only
			STATUS current
			DESCRIPTION
				"The number of packets dropped before being transmitted
				through this tunnel due to SA expired: SA KB lifetime 
				is smaller then the external IP packet total length.
				
				This counter is zeroized when:
				o Issuing 'clear crypto sa counters' in CLI.
				o Setting avipsMonitorRstCntrs in MIB (equivalent to above).
				o Issuing 'clear crypto sa all' in CLI.
				o Activating the crypto-list on an interface for the first 
				  time.
				o Failing-over to a different peer.
				o Learning a new local-address (DHCP, PPPoE, user config)."
			::= { avipsTunnelEntry 42 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.2
		avipsMIBNotificationPrefix OBJECT IDENTIFIER ::= { avayaIpsecMib 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.2.0
		avipsMIBNotifications OBJECT IDENTIFIER ::= { avipsMIBNotificationPrefix 0 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.2.0.1
		avipsIskampEstablished NOTIFICATION-TYPE
			OBJECTS { avipsPeerLocalAddress, avipsPeerRemoteAddress, avipsPeerIsakmpStateLastChange, avipsPeerRemoteDescription }
			STATUS current
			DESCRIPTION 
				"This notification is sent whenever avipsPeerIsakmpState moves 
				into the 'established' state."
			::= { avipsMIBNotifications 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.2.0.2
		avipsIskampClosed NOTIFICATION-TYPE
			OBJECTS { avipsPeerLocalAddress, avipsPeerRemoteAddress, avipsPeerIsakmpStateLastChange, avipsPeerRemoteDescription }
			STATUS current
			DESCRIPTION 
				"This notification is sent whenever avipsPeerIsakmpState moves 
				into the 'closed' state, excluding during row creation."
			::= { avipsMIBNotifications 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.2.0.3
		avipsIskampFailed NOTIFICATION-TYPE
			OBJECTS { avipsPeerLocalAddress, avipsPeerRemoteAddress, avipsPeerIsakmpStateLastChange, avipsPeerRemoteDescription }
			STATUS current
			DESCRIPTION 
				"This notification is sent whenever avipsPeerIsakmpState moves 
				into the 'failed' state."
			::= { avipsMIBNotifications 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.2.0.4
		avipsIpsecTunnelEstablished NOTIFICATION-TYPE
			OBJECTS { avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, avipsTunnelProxyRemoteSubnet, 
				avipsTunnelProxyRemoteMask, avipsTunnelStateLastChange, avipsTunnelDescription }
			STATUS current
			DESCRIPTION 
				"This notification is sent whenever avipsTunnelState moves 
				into the 'established' state."
			::= { avipsMIBNotifications 4 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.2.0.5
		avipsIpsecTunnelClosed NOTIFICATION-TYPE
			OBJECTS { avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, avipsTunnelProxyRemoteSubnet, 
				avipsTunnelProxyRemoteMask, avipsTunnelStateLastChange, avipsTunnelDescription }
			STATUS current
			DESCRIPTION 
				"This notification is sent whenever avipsTunnelState moves 
				into the 'closed' state, excluding during row creation."
			::= { avipsMIBNotifications 5 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.2.0.6
		avipsIpsecTunnelFailed NOTIFICATION-TYPE
			OBJECTS { avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, avipsTunnelProxyRemoteSubnet, 
				avipsTunnelProxyRemoteMask, avipsTunnelStateLastChange, avipsTunnelDescription }
			STATUS current
			DESCRIPTION 
				"This notification is sent whenever avipsTunnelState moves 
				into the 'failed' state."
			::= { avipsMIBNotifications 6 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.3
		avipsMIBConformance OBJECT IDENTIFIER ::= { avayaIpsecMib 3 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.3.1
		avipsMIBGroups OBJECT IDENTIFIER ::= { avipsMIBConformance 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.3.1.1
		avipsConfigurationGroup OBJECT-GROUP
			OBJECTS { avipsGlobalsInvalidSpiRecovery, avipsNatTEnabled, avipsNatTKeepaliveInterval, avipsIsakmpPeerDescription, avipsIsakmpPeerIsaPlcyId1, 
				avipsIsakmpPeerSelfIdType, avipsIsakmpPeerSelfId, avipsIsakmpPeerKeepaliveMetric, avipsIsakmpPeerKeepaliveInterval, avipsIsakmpPeerKeepaliveRetryInterval, 
				avipsIsakmpPeerKeepaliveTrackId, avipsIsakmpPeerContChannel, avipsIsakmpPeerRowStatus, avipsPeerGroupPeersPIdType, avipsPeerGroupPeersPIdValue, 
				avipsPeerGroupPeersRowStatus, avipsIsakmpPlcyDescription, avipsIsakmpPlcyDhGroup, avipsIsakmpPlcyEncrAlgo, avipsIsakmpPlcyHashAlgo, 
				avipsIsakmpPlcyLifetime, avipsIsakmpPlcyAuth, avipsIsakmpPlcyRowStatus, avipsCryptoMapDescription, avipsCryptoMapPeerIdType, 
				avipsCryptoMapPeerIdValue, avipsCryptoMapTranSetName1, avipsCryptoMapIsReady, avipsCryptoMapTunnelDscp, avipsCryptoMapContChannel, 
				avipsCryptoMapRowStatus, avipsTranSetEspEncrTran, avipsTranSetEspHashTran, avipsTranSetLifetime, avipsTranSetLifesize, 
				avipsTranSetPfsGroup, avipsTranSetEncapMode, avipsTranSetEspCompTran, avipsTranRowStatus, avipsCryptoEngineAccelEnabled, 
				avipsIsakmpPeerInitiateMode }
			STATUS current
			DESCRIPTION 
				"This group consists of:
				1) Global configuration objects.
				2) Isakmp configuration objects.
				3) IPsec configuration objects."
			::= { avipsMIBGroups 1 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.3.1.2
		avipsMonitorGroup OBJECT-GROUP
			OBJECTS { avipsMonitorRstCntrs, avipsMonitorRstCntrsLastChange, avipsPeerRemoteDescription, avipsPeerLocalAddress, avipsPeerRemoteAddress, 
				avipsPeerIsakmpState, avipsPeerIsakmpStateLastChange, avipsPeerInOctets, avipsPeerInOctetsWraps, avipsPeerInPkts, 
				avipsPeerInDropPkts, avipsPeerOutOctets, avipsPeerOutOctetsWraps, avipsPeerOutPkts, avipsPeerOutDropPkts, 
				avipsTunnelDescription, avipsTunnelLocalAddress, avipsTunnelRemoteAddress, avipsTunnelProxyLocalSubnet, avipsTunnelProxyLocalMask, 
				avipsTunnelProxyRemoteSubnet, avipsTunnelProxyRemoteMask, avipsTunnelState, avipsTunnelStateLastChange, avipsTunnelInOctets, 
				avipsTunnelInOctetsWraps, avipsTunnelInPkts, avipsTunnelInDropAntiReplayPkts, avipsTunnelInDropHmacFailPkts, avipsTunnelInDropBadTrailerPkts, 
				avipsTunnelInDropInvalidIdPkts, avipsTunnelInDropUnprotectPkts, avipsTunnelInDropInvalidLenPkts, avipsTunnelInDropSaExpiredPkts, avipsTunnelOutOctets, 
				avipsTunnelOutOctetsWraps, avipsTunnelOutPkts, avipsTunnelOutDropNoSaPkts, avipsTunnelOutDropSeqRolPkts, avipsTunnelOutDropSaExpiredPkts, 
				avipsTunnelLastCntrsReset, avipsPeerRemotePeerGrpActiveIdValue, avipsPeerTunnelsClosed, avipsPeerTunnelsInProgress, avipsPeerTunnelsEstablished, 
				avipsPeerTunnelsFailed, avipsTunnelInDecompOctets, avipsTunnelInDecompOctetsWraps, avipsTunnelOutUncompOctets, avipsTunnelOutUncompOctetsWraps, 
				avipsPeerInDecompOctets, avipsPeerInDecompOctetsWraps, avipsPeerOutUncompOctetsWraps, avipsPeerOutUncompOctets, avipsPeerInDecompRatio, 
				avipsPeerOutCompRatio, avipsTunnelInDecompRatio, avipsTunnelOutCompRatio, avipsPeerLocalType, avipsPeerLocalValue, 
				avipsPeerRemoteType, avipsPeerRemoteValue, avipsTunnelPeerLocalType, avipsTunnelPeerLocalValue, avipsTunnelPeerRemoteType, 
				avipsTunnelPeerRemoteValue, avipsPeerRemotePeerGrpActiveIdType, avipsPeerRemotePeerGrpActiveIndex, avipsTunnelInDropTotalPkts, avipsTunnelOutDropTotalPkts
				 }
			STATUS current
			DESCRIPTION 
				"This group consists of:
				1) Global monitoring objects.
				2) Peer monitoring objects.
				3) IPSec tunnels monitoring objects."
			::= { avipsMIBGroups 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.3.2
		avipsMIBCompliances OBJECT IDENTIFIER ::= { avipsMIBConformance 2 }
		
		-- 1.3.6.1.4.1.6889.2.6.1.3.2.1
		avipsMIBCompliance MODULE-COMPLIANCE
			STATUS current
			DESCRIPTION 
				"The compliance statement for SNMP entities
				the IP Security Protocol."
			MODULE -- this module
				MANDATORY-GROUPS { avipsConfigurationGroup, avipsMonitorGroup }
			::= { avipsMIBCompliances 1 }
		
	
	END

--
-- AVAYA-IPSEC-MIB.my
--
