-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00


---------------------------------------------------------------------------
-- (C)opyright 2011-2014 bintec elmeg GmbH
-- $RCSfile: mib-ipext,v $
-- $Revision: 1.18 $
-- $Date: 2014-02-07 10:37:49 $
-- Author: awimmer
---------------------------------------------------------------------------

BINTEC-IPEXT-MIB DEFINITIONS ::= BEGIN

        IMPORTS
        enterprises
                FROM RFC1155-SMI
        IpAddress, enterprises
                FROM RFC1155-SMI
        MacAddress, DisplayString, TimeStamp, TruthValue
                FROM SNMPv2-TC
        biboip, Date, BitValue
                FROM BINTEC-MIB
        MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Counter64, TimeTicks
                FROM SNMPv2-SMI
        TRAP-TYPE
                FROM RFC-1215
        TruthValue
                FROM SNMPv2-TC
        ifIndex
                FROM IF-MIB
        OBJECT-TYPE
                FROM RFC-1212
        MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
                FROM SNMPv2-CONF
        InetAddressType, InetAddress
                FROM INET-ADDRESS-MIB;


ipExtMIB MODULE-IDENTITY
    LAST-UPDATED "201310090000Z"
    ORGANIZATION "bintec elmeg GmbH"
    CONTACT-INFO
            "EMail:   info@bintec-elmeg.com
             Web:     www.bintec-elmeg.com
            "
    DESCRIPTION
            "The MIB module for IP extended configuration and status."
    REVISION      "201101250000Z"
    DESCRIPTION
            "Vendor specific Management Information for the IP subsystem."
    ::= { biboip 250 }


    -- IP Group

    -- Management Information for the IP Subsystem

    -- old access list tables, don't reuse these OIDs
    -- ipAllowTable OBJECT-TYPE ::= { biboip 1 }
    -- ipDenyTable OBJECT-TYPE  ::= { biboip 2 }

-- **********************************************************************
-- *    ipExtIfTable  TABLE
-- **********************************************************************

ipExtIfTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpExtIfEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "The ipExtIfTable contains extended information related to
	     IP and the interfaces found on the system. Entries can only
	     be added or deleted by the system."
    ::= { biboip 3 }


        ipExtIfEntry OBJECT-TYPE
            SYNTAX  IpExtIfEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
                ""
            INDEX   { ipExtIfIndex }
              ::= { ipExtIfTable 1 }

        IpExtIfEntry ::=
           SEQUENCE {
                ipExtIfIndex                    INTEGER,
                ipExtIfRipSend                  INTEGER,
                ipExtIfRipReceive               INTEGER,
                ipExtIfProxyArp                 INTEGER,
                ipExtIfNat                      INTEGER,
                ipExtIfNatRmvFin                INTEGER,
                ipExtIfNatTcpTimeout            INTEGER,
                ipExtIfNatOtherTimeout          INTEGER,
                ipExtIfNatOutXlat               INTEGER,
                ipExtIfAccounting               INTEGER,
                ipExtIfTcpSpoofing              INTEGER,
                ipExtIfAccessAction             INTEGER,
                ipExtIfAccessReport             INTEGER,
                ipExtIfOspf                     INTEGER,
                ipExtIfOspfMetric               INTEGER,
                ipExtIfTcpCksum                 INTEGER,
                ipExtIfBackRtVerify             INTEGER,
                ipExtIfRuleIndex                INTEGER,
                ipExtIfAuthentication           INTEGER,
                ipExtIfAuthMode                 INTEGER,
                ipExtIfAuthLifeTime             INTEGER,
                ipExtIfAuthKeepalive            INTEGER,
                ipExtIfRouteAnnounce            INTEGER,
                ipExtIfIpFragmentation          INTEGER,
                ipExtIfRerouting                INTEGER,
                ipExtIfBodRuleIndex             INTEGER,
                ipExtIfQosRuleIndex             INTEGER,
                ipExtIfIpsecAccounting          INTEGER,
                ipExtIfMulticast                INTEGER,
                ipExtIfNatSilentDeny            INTEGER,
--              ipExtIfNetMeetingTunnel         INTEGER
                ipExtIfNatPPTPXlat              INTEGER,
                ipExtIfTcpMssClamping           INTEGER,
                ipExtIfNbdgmRelayAddress        IpAddress,
                ipExtIfNatMaxSessions           INTEGER,
                ipExtIfAllowedPeers             INTEGER,
                ipExtIfNatFlush                 INTEGER,
                ipExtIfHttpRedirect             INTEGER,
		ipExtIfWolRuleIndex 		INTEGER
            }

        ipExtIfIndex OBJECT-TYPE
            SYNTAX  INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "Unique interface index"
        ::= { ipExtIfEntry 1 }

        ipExtIfRipSend OBJECT-TYPE
            SYNTAX  INTEGER {
                ripV1 (1),      -- send RIP V1 messages
                ripV2 (2),      -- send RIP V2 messages
                both(3),        -- send RIP V1 and RIP V2 messages
                none(4),        -- don't send RIP messages
                ripV2mcast(5),  -- send RIP V2 messages as multicast
                ripV1trig(6),   -- send Triggered RIP V1 messages (RFC 2091)
                ripV2trig(7)    -- send Triggered RIP V2 messages (RFC 2091)
                }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
                "specifies which versions of RIP messages are sent
                 to that interface. Usually RIP messages are sent as
                 broadcast, except this object is set to ripV2mcast. In
                 this case RIP V2 messages are sent to the multicast
                 address 224.0.0.9 ."
            DEFVAL { none }
        ::= { ipExtIfEntry 3 }

        ipExtIfRipReceive OBJECT-TYPE
            SYNTAX  INTEGER {
                ripV1 (1),      -- accept only RIP V1 messages
                ripV2 (2),      -- accept only RIP V2 messages
                both(3),        -- accept RIP V1 and RIP V2 messages
                none(4),        -- don't accept any RIP messages
                ripV1trig(5),   -- accept only Triggered RIP V1 msg's(RFC 2091)
                ripV2trig(6)    -- accept only Triggered RIP V2 msg's(RFC 2091)
                }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
                "specifies which versions of RIP messages are accepted
                 from that interface. RIP V2 messages are received
                 regardless if they are sent as broadcast or multicast."
            DEFVAL { none }
        ::= { ipExtIfEntry 4 }

	ipExtIfProxyArp OBJECT-TYPE
	    SYNTAX  INTEGER {
		off(1),     -- proxy arp switched off
		on(2),      -- if operational status of the destination
		            -- interface is up or dormant
		up-only(3)  -- if operational status of the destination
			    -- interface is up
	    }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"Switch for Proxy ARP on this interface."
	    DEFVAL  { off }
	::= { ipExtIfEntry 5 }

	ipExtIfNat OBJECT-TYPE
	    SYNTAX  INTEGER {
		off(1),
		on(2),
		reverse(3),
		loopback(4)
	    }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object can be used to switch NAT on and off for
		 a specific interface.
		"
	    DEFVAL  { off }
	::= { ipExtIfEntry 6 }

	ipExtIfNatRmvFin OBJECT-TYPE
	    SYNTAX  INTEGER {
		no(1),
		yes(2)
	    }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies, whether entries in the IpNatTable
		 shall be removed, when TCP-FINS have been received and
		 acknowledged in both directions, a TCP-RST has been received
		 or a ICMP-ERROR message has been received for the entry."
	    DEFVAL  { yes }
	::= { ipExtIfEntry 7 }

	ipExtIfNatTcpTimeout OBJECT-TYPE
	    SYNTAX  INTEGER (0..5184000)
	    UNITS   "seconds"
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"TCP NAT entries vanish unconditionally after not being
		 used for the amount of time specified by this object
		 in seconds."
	    DEFVAL  { 3600 }
	::= { ipExtIfEntry 8 }

	ipExtIfNatOtherTimeout OBJECT-TYPE
	    SYNTAX  INTEGER (0..5184000)
	    UNITS   "seconds"
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"Non-TCP NAT entries vanish unconditionally after not being
		 used for the amount of time specified by this object
		 in seconds."
	    DEFVAL  { 15 }
	::= { ipExtIfEntry 9 }

	ipExtIfNatOutXlat OBJECT-TYPE
	    SYNTAX  INTEGER { on(1), off(2) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object can be used to switch the outgoing address
		 translation off. Then, all addresses are passed instead
		 of being translated. The session mechanism remains
		 active and implements a security mechanism.
		"
	    DEFVAL  { on }
	::= { ipExtIfEntry 10 }

	ipExtIfAccounting OBJECT-TYPE
	    SYNTAX  INTEGER {
		off(1),
		on(2)
	    }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"Switch for accounting on the specified interface. An IP
		 packet is being accounted, when this object is set to
		 on for either the source or the destination interface."
	    DEFVAL  { off }
	::= { ipExtIfEntry 11 }

	ipExtIfTcpSpoofing OBJECT-TYPE
	    SYNTAX  INTEGER {
		off(1),
		on(2)
	    }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"Switch for TCP spoofing on this interface. TCP keepalive
		 polls are answered by the BRICK to prevent unnecessary
		 ISDN connections. Set this object to on for ISDN
		 dialup interfaces."
	    DEFVAL  { off }
	::= { ipExtIfEntry 12 }

	ipExtIfAccessAction OBJECT-TYPE
	    SYNTAX  INTEGER { ignore(1), refuse(2) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object describes the action, that is done,
		 when a packet received from the interface has been
		 filtered out. When set to ignore, no action takes
		 place. When set to refuse, an ICMP unreachable message
		 is being sent to the originator of the packet."
	    DEFVAL  { ignore }
	::= { ipExtIfEntry 13 }

	ipExtIfAccessReport OBJECT-TYPE
	    SYNTAX  INTEGER { none(1), info(2), dump(3) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies, how a packed filtered by accesslists
		 should be logged. When set to none, no logging takes place.
		 When set to info, protocol, ip-addresses and portnumbers
		 are logged. When set to dump, a dump of the first 64 bytes
		 of the packet will be written to the syslog table."
	    DEFVAL  { info }
	::= { ipExtIfEntry 14 }

	ipExtIfOspf OBJECT-TYPE
	    SYNTAX  INTEGER { passive(1), active(2), off(3) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"Configure the OSPF status of this interface. Routing 
	         information about routes on passive and active interfaces is 
	         propagated on active interfaces. Only active interfaces run
                 the OSPF protocol. When set to off the interface and its
     		 associated routes are invisible to the OSPF protocol."
	    DEFVAL  { passive }
	::= { ipExtIfEntry 15 }

	ipExtIfOspfMetric OBJECT-TYPE
	    SYNTAX  INTEGER { auto(1),        -- based on ifSpeed
	                      fixed(2),       -- user configured
                              auto-adjust(3), -- auto + metric adjustment
                              fixed-adjust(4) -- fixed + metric adjustment
            }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"Configure the metric calculation of OSPF interfaces. If set
		 to auto the metric is calculated based on ifSpeed. If set
		 to fixed the metric is taken from the ospfIfMetricTable.
		 Additionaly the metric adjustment for dialup interfaces 
 		 can be configured. If set to auto-adjust or fixed-adjust
		 the basic metric value is reduced if the operational status
		 of the dialup interface is up."
	    DEFVAL  { auto }
	::= { ipExtIfEntry 16 }

	ipExtIfTcpCksum OBJECT-TYPE
	    SYNTAX  INTEGER { check(1), dont-check(2) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"Enable or disable the TCP checksum check for local packets
		 received on the corresponding interface. Disabling the check
		 may improve performance for some local applications (i.e.
		 remote CAPI). This object should only be set to dont-check
		 on interfaces for LANs without further routers. Packets
		 received from routers may have a corrupted TCP checksum
		 and TCP will no longer be able to detect those packets. The
		 TCP checksum must be checked by the receiving TCP under any
		 circumstances, when TCP header compression is used on any 
		 router."
	    DEFVAL  { check }
	::= { ipExtIfEntry 17 }

	ipExtIfBackRtVerify OBJECT-TYPE
	    SYNTAX  INTEGER { off(1), on(2) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object activates an additional check for incoming 
		 packets. If set to on, incoming packets are only accepted
		 if return packets sent back to their source IP address
                 would be sent over the same interface. This prevents
		 packets being passed from untrusted interfaces to this
		 interface."
	    DEFVAL  { off }
	::= { ipExtIfEntry 18 }

	ipExtIfRuleIndex OBJECT-TYPE
	    SYNTAX  INTEGER
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object defines the index of the first access rule
                 that is applied for incoming packets. If set to 0 or if 
		 there is no access rule with this index no access rules 
 		 are applied for this interface."
	    DEFVAL { 0 }
	::= { ipExtIfEntry 19 }

	ipExtIfAuthentication OBJECT-TYPE
	    SYNTAX  INTEGER { off(1), securID(2) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object defines the authentication scheme used for
		 incoming packets."
	    DEFVAL { off }
	::= { ipExtIfEntry 20 }

	ipExtIfAuthMode OBJECT-TYPE
	    SYNTAX  INTEGER { strict(1), loose(2) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object defines the authentication mode. If set to strict
		 each source IP address must be authenticated. If set to 
		 loose all source IP addresses are allowed if at least one
		 IP address is successfully authenticated."
	    DEFVAL { strict }
	::= { ipExtIfEntry 21 }

	ipExtIfAuthLifeTime OBJECT-TYPE
	    SYNTAX  INTEGER (180..36000)
	    UNITS   "seconds"
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object defines the time in seconds a successful 
		 authentication is valid since the IP partner was 
		 authenticated."
	    DEFVAL { 3600 }
	::= { ipExtIfEntry 22 }

	ipExtIfAuthKeepalive OBJECT-TYPE
	    SYNTAX  INTEGER
	    UNITS   "seconds"
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object defines the period between short authentications
		 that are invisible to the user"
	    DEFVAL { 60 }
	::= { ipExtIfEntry 23 }

	ipExtIfRouteAnnounce OBJECT-TYPE
	    SYNTAX  INTEGER { up-only(1), up-dormant(2), always(3) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
	        "This object defines the condition when routes on this
		 interface are propagated by routing protocols.
		 If set to up-only routes are only propagated
		 if the operational status of the interface is up. If set
		 to up-dormant routes are propagated if the status is 
		 up or dormant. If set to always routes are propagated 
		 independent of the operational status."
	    DEFVAL  { up-dormant }
	::= { ipExtIfEntry 24 }

	ipExtIfIpFragmentation OBJECT-TYPE
	    SYNTAX  INTEGER {
		enabled(1),
		disabled(2),
		equal(3),
		reverse(4)
	    }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
	        "This object defines different modes used for fragmentation
		 of IP datagrams greater than the MTU of the destination
		 interface. If set to enabled (1) each IP datagram will be
		 splitted into a first fragment MTU sized and the last one
		 smaller than the first. If set to disabled (2) an ICMP
		 unreachable message will be performed. The equal (3) mode
		 defines a fragmentation technique wich generates fragments
		 having approximately the same size whereon the reverse (4)
		 mode starts with a small fragment followed by MTU sized
		 fragment(s)."
	    DEFVAL  { enabled }
	::= { ipExtIfEntry 25 }
	
	ipExtIfRerouting OBJECT-TYPE
	    SYNTAX  INTEGER {
		enabled(1),
		disabled(2)
	    }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
	        "This object enables or disables rerouting on this interface. 
		 The default value is enabled. If set to disabled, then only
		 the better one route from two or more possible routes is 
		 chosen, even if the ifOperStatus of the interface for this 
		 route is dormant."
	    DEFVAL  { enabled }
	::= { ipExtIfEntry 26 }

	ipExtIfBodRuleIndex OBJECT-TYPE
	    SYNTAX  INTEGER
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object defines the index of the first rule used for
		 Bandwidth on Demand (BOD) that is applied for incoming and/or
		 outgoing traffic. If set to 0 or if there is no entry in
		 the ipBodRuleTable with this index no BOD-specific information
		 is applied for this interface."
	    DEFVAL { 0 }
	::= { ipExtIfEntry 27 }

	ipExtIfQosRuleIndex OBJECT-TYPE
	    SYNTAX  INTEGER
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object defines the index of the first rule used for
		 Qos (Qualtiy of Service) rules applied for IP traffic.
		 If set to 0 or if there is no entry in the ipQoSTable with
		 this index no QoS-specific information is applied for this
		 interface."
	    DEFVAL { 0 }
	::= { ipExtIfEntry 28 }

	ipExtIfIpsecAccounting OBJECT-TYPE
	    SYNTAX  INTEGER {
	 	ipsec(1), 
		clear(2), 
		both(3)
		}
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object determines, whether packets which are en- or 
		 decapsulated by IPSec should be accounted with encapsulation 
		 header(ipsec) or without the encapsulation header (clear),
		 or even twice (both)."
	    DEFVAL { ipsec }
	::= { ipExtIfEntry 29 }
	
	ipExtIfMulticast OBJECT-TYPE
	    SYNTAX  INTEGER {
	 	off(1), 
		on(2)
		}
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"Enable that multicast frames are accepted
		from that interface."
	    DEFVAL { off }
	::= { ipExtIfEntry 30 }
	
	ipExtIfNatSilentDeny OBJECT-TYPE
	    SYNTAX  INTEGER {
		disabled(1),
		enabled(2)
		}
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies - if NAT is enabled (see ipExtIfNat) -
		 whether incoming IP packets not passed by the NAT barrier
		 should answered with an ICMP Host Unreachable or TCP RST
		 message addressed to to packet originator. If set to
		 enabled(2), such incoming IP packets will be silently
		 discarded."
	    DEFVAL { disabled }
	::= { ipExtIfEntry 31 }

--	ipExtIfNetMeetingTunnel OBJECT-TYPE
--	    SYNTAX  INTEGER {
--		off(1),
--		on(2)
--	    }
--	    MAX-ACCESS  read-write
--	    STATUS  current
--	    DESCRIPTION
--		"This object controls the replacement of ip address
--		 information exchanged by two NetMeeting clients
--		 if NAT is enabled on this interface."
--	    DEFVAL  { off }
--	::= { ipExtIfEntry 32 }

	ipExtIfNatPPTPXlat OBJECT-TYPE
	    SYNTAX  INTEGER {
		disabled(1),
		enabled(2)
		}
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies - if NAT is enabled (see ipExtIfNat) -
		 whether PPTP (point to point protocol) connections are
		 translated. This is needed if there are more than one
		 PPTP client behind NAT."
	    DEFVAL { disabled }
	::= { ipExtIfEntry 33 }

	ipExtIfTcpMssClamping OBJECT-TYPE
	    SYNTAX  INTEGER (-1..32000)
	    UNITS   "bytes"
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies whether TCP MSS clamping is enabled
		 on the interface. -1 disables clamping, 0 clamps the MSS
		 depending on the interface MTU. A value > 0 will be used
		 as clamping size."
	    DEFVAL  { -1 }
	::= { ipExtIfEntry 34 }

	ipExtIfNbdgmRelayAddress OBJECT-TYPE
	    SYNTAX  IpAddress
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object contains the destination IP address  
		 to which Netbios Datagram request are forwarded by the 
		 router."

	::= { ipExtIfEntry 35 }

	ipExtIfNatMaxSessions OBJECT-TYPE
	    SYNTAX  INTEGER(1..65535)
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object limits the maximum number of NAT sessions
		 on a interface."
	    DEFVAL { 4000 }
	::= { ipExtIfEntry 36 }

	ipExtIfAllowedPeers OBJECT-TYPE
	    SYNTAX  INTEGER {
		all(1),
		dhcpclients(2)
		}
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"If this object is set to 'dhcpclients', the router refuses 
		 to exchange data with hosts which are not DHCP clients 
		 on this interface. If this object is set to 'all',
		 the router accepts to exchange data with any host."
	    DEFVAL { all }
	::= { ipExtIfEntry 37 }

    ipExtIfNatFlush OBJECT-TYPE
	    SYNTAX  INTEGER { off(1), on(2) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"If this object in enabled NAT-Flushing is done else not.
                 NAT-Flushing means that the NAT Entries for this interface 
                 will be deleted in the case of an OperStatus change to down or 
                 dormant."
	    DEFVAL  { on }
	::= { ipExtIfEntry 38 }

    ipExtIfHttpRedirect OBJECT-TYPE
	    SYNTAX  INTEGER { disabled(1), local(2), proxy(3) }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
                "If not set to 'disabled' all HTTP requests on this interface 
                 will be directed either to the local HTTP daemon or HTTP proxy."
	    DEFVAL  { disabled }
        ::= { ipExtIfEntry 39 }

	ipExtIfWolRuleIndex OBJECT-TYPE
	    SYNTAX  INTEGER
            MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object defines the index of the first rule used for
		 Wake-On-LAN (WOL) that is applied for incoming and/or
		 outgoing traffic. If set to 0 or if there is no entry in
		 the ipWolRuleTable with this index no WOL-specific information
		 is applied for this interface."
	    DEFVAL { 0 }
	::= { ipExtIfEntry 40 }

-- **********************************************************************
-- *    ipLfiTable  TABLE
-- **********************************************************************

ipLfiTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpLfiEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "."
    ::= { biboip 57 }

	ipLfiEntry OBJECT-TYPE
	    SYNTAX  IpLfiEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		""
	    INDEX   { ipLfiIfIndex }
	::= { ipLfiTable 1 }

	IpLfiEntry ::=
	    SEQUENCE {
		ipLfiIfIndex				INTEGER,
		ipLfiMode				INTEGER,
		ipLfiMaxFragSize			INTEGER,
		ipLfiMinFragSize			INTEGER,
		ipLfiCurrVoipCalls			INTEGER
	    }

	ipLfiIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the associated interface."
	::= { ipLfiEntry 1 }

	ipLfiMode OBJECT-TYPE
	    SYNTAX  INTEGER {
		enabled (1),
		disabled (2),
		delete (3),
		controlled-only (4),
		always (5)
		}
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object enables Link Framentation and Interleave (LFI)
		 mode on the associated interface." 
	    DEFVAL { enabled }
	::= { ipLfiEntry 2 }

	ipLfiMaxFragSize OBJECT-TYPE
	    SYNTAX  INTEGER 
	    UNITS   "bytes"
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the current maximum fragment size used
		 for Link Fragmentation and Interleave (LFI) mode on the
		 associated interface."
	::= { ipLfiEntry 10 }

	ipLfiMinFragSize OBJECT-TYPE
	    SYNTAX  INTEGER 
	    UNITS   "bytes"
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the current minimum fragment size used
		 for Link Fragmentation and Interleave (LFI) mode on the
		 associated interface."
	::= { ipLfiEntry 11 }

	ipLfiCurrVoipCalls OBJECT-TYPE
	    SYNTAX  INTEGER (0..64)
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
                "The current number of VoIP Calls routed via the associated
		 interface."
	::= { ipLfiEntry 12 }

-- **********************************************************************
-- *    ipExtRtTable  TABLE
-- **********************************************************************

ipExtRtTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpExtRtEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "The ipExtRtTable can be used in addition (not instead of)
	     to the ipRouteTable to specify routing of IP datagrams. 
	     The selection of datagram-types is more specific with
	     the ipExtRtTable, so routing of different services over
	     different pathes is possible. The specification of local 
	     IP-addresses is not possible in the ipExtRtTable.

	     The ipExtRtTable will be searched before the ipRouteTable.
	     If a matching entry is found, it will be taken for routing
	     and no further lookup in the ipRouteTable will happen."
    ::= { biboip 4 }

	ipExtRtEntry OBJECT-TYPE
	    SYNTAX  IpExtRtEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		"Each entry in the ipExtRtTable describes a set of IP
		 datagrams and the destination interface for that set.
		 Metric parameters allow for ordering of the different
		 specifications for overlapping sets."
	    INDEX { ipExtRtProtocol }
	::= { ipExtRtTable 1 }

	IpExtRtEntry ::=
	    SEQUENCE {
		ipExtRtProtocol				INTEGER,
		ipExtRtSrcIfIndex			INTEGER,
		ipExtRtSrcAddr				IpAddress,
		ipExtRtSrcMask				IpAddress,
		ipExtRtSrcPort				INTEGER,
		ipExtRtSrcPortRange			INTEGER,
		ipExtRtDstAddr				IpAddress,
		ipExtRtDstMask				IpAddress,
		ipExtRtDstPort				INTEGER,
		ipExtRtDstPortRange			INTEGER,
		ipExtRtTos				INTEGER,
		ipExtRtTosMask				INTEGER,
		ipExtRtDstIfMode			INTEGER,
		ipExtRtDstIfIndex			INTEGER,
		ipExtRtNextHop				IpAddress,
		ipExtRtType				INTEGER,
		ipExtRtMetric1				INTEGER,
		ipExtRtMetric2				INTEGER,
		ipExtRtMetric3				INTEGER,
		ipExtRtMetric4				INTEGER,
		ipExtRtMetric5				INTEGER,
		ipExtRtProto				INTEGER,
		ipExtRtAge				TimeTicks,
                ipExtRtDescription                      DisplayString 
	    }

	ipExtRtProtocol OBJECT-TYPE
	    SYNTAX  INTEGER { 
		icmp(1), 
		igmp(2), 
		ggp(3), 
		tcp(6), 
		egp(8), 
		pup(12), 
		udp(17), 
		hmp(20), 
		xns-idp(22), 
		rdp(27),
		rsvp(46),
		ipv6(41),
		gre(47),
		esp(50),
		ah(51),
		igrp(88),
		ospf(89),
		pim(103),
		l2tp(115),
		dont-verify(256) 
	    } 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the value of the protocolfield in
		 the ip header for all IP-datagrams belonging to the set.
		 If this object is set to dont-verify, the value of the
		 protocol field is not specified and can take any value."
	    DEFVAL { dont-verify }
	::= { ipExtRtEntry 1 }

	ipExtRtSrcIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the source index of the IP-datagrams.
		 If this object has a value other than 0, only datagrams
		 received  over the interface with the appropriate interface
		 index are considered to be part of the set. If this object
		 is set to 0, the source interface index for the datagrams
		 belonging to the set is not specified."
	::= { ipExtRtEntry 2 }

	ipExtRtSrcAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipExtRtSrcMask the 
		 range of the source-addresses of the IP-datagrams belonging
		 to the set. If both objects are set to 0.0.0.0 the source-
		 addresses for the datagrams in the set is not specified
		 and can take any value."
	::= { ipExtRtEntry 3 }

	ipExtRtSrcMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipExtRtSrcAddr the 
		 range of the source-addresses of the IP-datagrams belonging
		 to the set. If both objects are set to 0.0.0.0 the source-
		 addresses for the datagrams in the set is not specified
		 and can take any value."
	::= { ipExtRtEntry 4 }

	ipExtRtSrcPort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipExtRtSrcPortRange the
		 range of source portnumbers of the IP-datagrams belonging to
		 the set. All portnumbers between and including the two
		 objects are within the range.

		 If both objects are the to -1, the value of the source
		 portnumber is not specified and can take any value."
	    DEFVAL { -1 }
	::= { ipExtRtEntry 5 }

	ipExtRtSrcPortRange OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipExtRtSrcPort the
		 range of source portnumbers of the IP-datagrams belonging to
		 the set. All portnumbers between and including the two
		 objects are within the range.

		 If both objects are the to -1, the value of the source
		 portnumber is not specified and can take any value."
	    DEFVAL { -1 }
	::= { ipExtRtEntry 6 }

	ipExtRtDstAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipExtRtDstMask the 
		 range of the target-addresses of the IP-datagrams belonging
		 to the set. If both objects are set to 0.0.0.0 the target-
		 addresses for the datagrams in the set is not specified
		 and can take any value."
	::= { ipExtRtEntry 7 }

	ipExtRtDstMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipExtRtDstAddr the 
		 range of the target-addresses of the IP-datagrams belonging
		 to the set. If both objects are set to 0.0.0.0 the target-
		 addresses for the datagrams in the set is not specified
		 and can take any value."
	::= { ipExtRtEntry 8 }

	ipExtRtDstPort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipExtRtDstPortRange the
		 range of target-portnumbers of the IP-datagrams belonging to
		 the set. All portnumbers between and including the two
		 objects are within the range.

		 If both objects are the to -1, the value of the target
		 portnumber is not specified and can take any value."
	    DEFVAL { -1 }
	::= { ipExtRtEntry 9 }

	ipExtRtDstPortRange OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipExtRtDstPort the
		 range of target-portnumbers of the IP-datagrams belonging to
		 the set. All portnumbers between and including the two
		 objects are within the range.

		 If both objects are the to -1, the value of the target
		 portnumber is not specified and can take any value."
	    DEFVAL { -1 }
	::= { ipExtRtEntry 10 }

	ipExtRtTos OBJECT-TYPE
	    SYNTAX  INTEGER (0..255) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipExtRtTosMask the 
		 range of the Type of Service field (TOS) in the IP-header
		 of the IP-datagrams belonging to the set. A TOS value is
		 considered within the range, when the following equation
		 is valid:

		 (tos & ipExtRtTosMask) == (ipExtRtTos & ipExtRtTosMask)

		 If both objects are set to 0 the TOS value of the datagrams
		 in the set is not specified and can take any value."
	::= { ipExtRtEntry 11 }

	ipExtRtTosMask OBJECT-TYPE
	    SYNTAX  INTEGER (0..255) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipExtRtTos the 
		 range of the Type of Service field (TOS) in the IP-header
		 of the IP-datagrams belonging to the set. A TOS value is
		 considered within the range, when the following equation
		 is valid:

		 (tos & ipExtRtTosMask) == (ipExtRtTos & ipExtRtTosMask)

		 If both objects are set to 0 the TOS value of the datagrams
		 in the set is not specified and can take any value."
	::= { ipExtRtEntry 12 }

	ipExtRtDstIfMode OBJECT-TYPE
	    SYNTAX  INTEGER { 
		dialup-wait(1),
		dialup-continue(2),
		up-only(3),
		always(4) ,
		dialup-always(5)
	    } 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes different behavior depending on the
		 ifOperStatus of the destination interface:

		 dialup-wait:
			The route matches, when the ifOperStatus of the
			destination interface is either up or dormant.
			If the status is dormant, the ifAdminStatus is
			set to dialup to bring the interface to the up
			state. The datagram will wait until the ifOperStatus
			reaches the up state.

			For all other states, the routing tables will be
			searched for a different matching entry.

		 dialup-continue:
			The route matches, if the ifOperStatus of the
			destination interface is up. For all other states,
			the routing tables are searched for different matching
			entry. However, if the ifOperStatus was dormant and
			no other extendend route (with different DstIfMode or
			established link) is matching, the ifAdminStatus will
			be set to dialup to bring the interface to the up state.

			This setting can be used to establish a better
			path for a specific service and to use an existing
			path for that service as long as the better path
			could not be established.

		up-only:
			The route matches, if the ifOperStatus of the
			destination interface is up. For all other states,
			the routing tables are searched for different matching
			entry.

		always:
			The route matches independantly of the ifOperStatus
			of the destination interface. If it is up, the
			interface is used. If the state is dormant,
			ifAdminStatus is set to dialup to bring the interface
			in the up state. For all other states, the destination
			is considered unreachable.

		dialup-always:
			Same as dialup-wait(1), however, if the ifOperStatus
			was dormant, the ifAdminStatus will be set to dialup
			to bring the interface to the up state if the value
			of ipExtRtMetric1 is the lowest of all matching routes
			in this table.
		 "
	    DEFVAL { dialup-wait }
	::= { ipExtRtEntry 13 }

	ipExtRtDstIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the destination interface for the
		 IP-datagrams belonging to the set. If the value of this
		 object is set to 0, the datagrams of the set are discarded
		 and an ICMP destination unreachable datagram is sent
		 back to the originator."
	::= { ipExtRtEntry 14 }

	ipExtRtNextHop OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object is used on point-to-multipoint interfaces
		 with indirect routes (see ipExrRtType) to specify
		 the IP-address of the gateway on the network, where
		 the datagram should be routed to."
	::= { ipExtRtEntry 15 }

	ipExtRtType OBJECT-TYPE
	    SYNTAX  INTEGER { 
		other(1), invalid(2), 
		direct(3), indirect(4) 
	    } 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies, on point-to-multipoint interface
		 whether the datagram shall be sent to the destination
		 IP address in the IP datagram header (direct) or
		 to a gateway (indirect). In the later case, the IP-addres
		 of the gateway is specified by ipExtRtNextHop.

		 If this object is set to other, the entry is not
		 used for routing.

		 The complete entry can also be deleted, by setting this
		 object to invalid. 
		"
	    DEFVAL { indirect }
	::= { ipExtRtEntry 16 }

	ipExtRtMetric1 OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object is used to specify an order on the entries
		 in the ipExtRtTable. If a datagram is matching multiple
		 entries, the entry with the lowest value of ipExtRtMetric1
		 is choosen. The decision is undefined, when even after
		 interpreting the metric, there are still multiple entries
		 matching the IP-datagram."
	::= { ipExtRtEntry 17 }

	ipExtRtMetric2 OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"Undefined yet; for further extension"
	::= { ipExtRtEntry 18 }

	ipExtRtMetric3 OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"Undefined yet; for further extension"
	::= { ipExtRtEntry 19 }

	ipExtRtMetric4 OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"Undefined yet; for further extension"
	::= { ipExtRtEntry 20 }

	ipExtRtMetric5 OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"Undefined yet; for further extension"
	::= { ipExtRtEntry 21 }

	ipExtRtProto OBJECT-TYPE
	    SYNTAX  INTEGER {
		other(1),
		local(2),
		netmgmt(3),
		icmp(4),
		egp(5),
		ggp(6),
		hello(7),
		rip(8),
		is-is(9),
		es-is(10),
		ciscoIgrp(11),
		bbnSpfIgp(12),
		ospf(13),
		bgp(14) 
	    } 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes, how the route has been gained.
		 This will normaly be netmgmt, because there is currently
		 no routing protocol, that is able to handle extended routes."
	    DEFVAL { netmgmt }
	::= { ipExtRtEntry 22 }

	ipExtRtAge OBJECT-TYPE
	    SYNTAX  TimeTicks 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the age of the route."
	::= { ipExtRtEntry 23 }

        ipExtRtDescription OBJECT-TYPE
            SYNTAX  DisplayString (SIZE (0..255))
            ACCESS  read-write
            STATUS  mandatory
            DESCRIPTION
                "A textual string describing this extended route."
        ::= { ipExtRtEntry 24 }

-- **********************************************************************
-- *    ipNatTable  TABLE
-- **********************************************************************

ipNatTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpNatEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "If NAT is switched on for an interface, this table contains
	     an entry for each session running over the interface. Table
	     entries are creates by the system whenever a valid session
	     is established. A session may be either a tcp connection,
	     a udp connection or an icmp connection with icmp-echo messages
	     (ping). A valid session is either an outgoing session or
	     an incoming session specified in the ipNatPresetTable.

	     Everything behind an interface with NAT enabled is called
	     outside. The BRICK itself and all networks connected
	     to it via interfaces without NAT are called inside.

	     Table entries are removed after timeout. This timeout
	     is
	     	specified by ipExtIfNatOtherTimeout for UDP
	     	and ICMP sessions.

	     	specified by ipExtIfTcpTimeout for TCP sessions

	     	16 seconds for closed TCP-sessions (FIN has been
	     	received and acknowledged in both directions).
	    "
	::= { biboip 5 }

	ipNatEntry OBJECT-TYPE
	    SYNTAX  IpNatEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		""
	    INDEX   { ipNatIfIndex, ipNatProtocol, ipNatIntAddr, ipNatIntPort }
	::= { ipNatTable 1 }

	IpNatEntry ::=
	    SEQUENCE {
		ipNatIfIndex				INTEGER,
		ipNatProtocol				INTEGER,
		ipNatIntAddr				IpAddress,
		ipNatIntPort				INTEGER,
		ipNatExtAddr				IpAddress,
		ipNatExtPort				INTEGER,
		ipNatRemoteAddr				IpAddress,
		ipNatRemotePort				INTEGER,
		ipNatDirection				INTEGER,
		ipNatAge				TimeTicks,
		ipNatContext				INTEGER,
		ipNatTimeout				INTEGER,
		ipNatState				INTEGER,
        	ipNatCategory				INTEGER
	    }

	ipNatIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the interface, for which the session
		 is monitored."
	::= { ipNatEntry 1 }

	ipNatProtocol OBJECT-TYPE
	    SYNTAX  INTEGER {
		icmp(1),
		igmp(2),
		tcp(6),
		udp(17),
		ipv6(41),
		gre(47),
		esp(50),
		ah(51),
		ospf(89),
		l2tp(115)
	    } 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the protocol, the session is using.
		 The value icmp specifies an icmp-echo (ping) session. ICMP
		 error messages are processed by the appropriate tcp or
		 udp session.
		"
	::= { ipNatEntry 2 }

	ipNatIntAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the internal local IP Address used for
		 the session. The internal address is only visible to
		 inside networks and is translated to the external address,
		 when a packet is being sent outside.
		"
	::= { ipNatEntry 3 }

	ipNatIntPort OBJECT-TYPE
	    SYNTAX  INTEGER (0..65535) 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the internal local portnumber used for
		 the session. The internal portnumber is only visible to
		 inside networks and is translated to the external portnumber
		 whenever a packet is being sent outside.
		"
	::= { ipNatEntry 4 }

	ipNatExtAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the external local address used for
		 the session. This address is visible outside only and
		 will be translated to the internal address, whenever
		 a packet is received from outside.
		"
	::= { ipNatEntry 5 }

	ipNatExtPort OBJECT-TYPE
	    SYNTAX  INTEGER (0..65535) 
	    MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"This object specifies the external local portnumber used for
		 the session. This address is visible outside only and is
		 translated to the internal portnumber, whenever a packet
		 is received from outside.
		"
	::= { ipNatEntry 6 }

	ipNatRemoteAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"This object specifies the remote IP-address used for the
		 session. This is an outside address. However, it is visible
		 to outside networks and also to inside networks.
		"
	::= { ipNatEntry 7 }

	ipNatRemotePort OBJECT-TYPE
	    SYNTAX  INTEGER (0..65535) 
	    MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"This object specifies the remote portnumber used for the
		 session. This is an outside portnumber. However, it is visible
		 to outside networks and also to inside networks.
		"
	::= { ipNatEntry 8 }

	ipNatDirection OBJECT-TYPE
	    SYNTAX  INTEGER { incoming(1), outgoing(2) }
	    MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"This object specifies, whether the session is incoming
		 (from outside to inside) or outgoing (from inside to
		 outside).
		"
	::= { ipNatEntry 9 }

	ipNatAge OBJECT-TYPE
	    SYNTAX  TimeTicks 
	    MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"This object specifies how long no packet has been
		 transferred for the session and is used internally
		 for timeout purposes.
		"
	::= { ipNatEntry 10 }

	ipNatContext OBJECT-TYPE
	    SYNTAX  INTEGER (0..4294967295)
	    MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"This object holds a protocol specific context needed
		 to identify sessions for ICMP unreachable address
		 mapping.
		"
	::= { ipNatEntry 11 }

	ipNatTimeout OBJECT-TYPE
	    SYNTAX  INTEGER (1..5184000) 
	    UNITS   "seconds"
	    MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"When there is no traffic associated with a NAT entry, this 
		entry is discarded at the end of a timeout value. This object 
		holds this timeout value in seconds.
		"
	::= { ipNatEntry 12 }

	ipNatState  OBJECT-TYPE
	    SYNTAX  INTEGER { delete(1), active(2) }
	    MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"Set this object to delete to remove this entry.
		"
	    DEFVAL  { active }
	::= { ipNatEntry 13 }

        ipNatCategory OBJECT-TYPE
            SYNTAX  INTEGER {
                full-cone(1),
                restricted-cone(2),
                port-restricted-cone(3),
                symmetric(4)
            }
	    MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "Specifies the NAT category according RFC 3489 and 5389
		 to be applied for UDP traffic matching with this entry."
            DEFVAL { symmetric }
	::= { ipNatEntry 14 }

-- **********************************************************************
-- *    ipNatPresetTable  TABLE
-- **********************************************************************

ipNatPresetTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpNatPresetEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    -- CNAT: modif: add ipNatPrIntMask
    DESCRIPTION
	    "This table specifies the IP addresses and port numbers
	    for sessions requested from outside. If this table is
	    empty and NAT is enabled, only packets for sessions
	    initiated from inside are forwarded.

	    The IP address and the port number of the internal server
	    can be specified individually for each combination of

    		- protocol (udp/tcp/icmp)
    		- initiating hosts IP address (RemoteAddr, RemoteMask)
    		- destination address or network (ExtAddr, ExtMask)
		- destination port number or range (ExtPort, ExtPortRange)

	    Entries in the table are created and removed manually
    	    by network management."
    ::= { biboip 6 }

	ipNatPresetEntry OBJECT-TYPE
	    SYNTAX  IpNatPresetEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		""
	    INDEX   {
		ipNatPrIfIndex,
		ipNatPrProtocol,
		ipNatPrExtPort
	    }
	::= { ipNatPresetTable 1 }

	IpNatPresetEntry ::=
	    SEQUENCE {
		ipNatPrIfIndex				INTEGER,
		ipNatPrProtocol				INTEGER,
		ipNatPrRemoteAddr			IpAddress,
		ipNatPrRemoteMask			IpAddress,
		ipNatPrExtAddr				IpAddress,
		ipNatPrExtMask				IpAddress,
		ipNatPrExtPort				INTEGER,
		ipNatPrExtPortRange			INTEGER,
		ipNatPrIntAddr				IpAddress,
		ipNatPrIntPort				INTEGER,
		ipNatPrIntMask				IpAddress,
		ipNatPrTimeout				INTEGER,
		ipNatPrDescr				DisplayString
	    }

	ipNatPrIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the interface index, for which the
		 table entry shall be valid. If set to 0, the entry will
		 be valid for all interfaces configured to use NAT."
	::= { ipNatPresetEntry 1 }

	ipNatPrProtocol OBJECT-TYPE
	    SYNTAX  INTEGER { 
		icmp(1),
		igmp(2),
        	ggp(3),
        	ip(4),
		tcp(6),
        	egp(8),
        	igp(9),
        	pup(12),
        	chaos(16), 
		udp(17),
        	hmp(20),
        	xns-idp(22),
        	rdp(27),
		ipv6(41),
        	rsvp(46),
		gre(47),
		esp(50),
		ah(51),
        	tlsp(56),
        	skip(57),
        	kryptolan(65),
        	iso-ip(80),
        	igrp(88),
		ospf(89),
		ipinip(94),
        	ipx-in-ip(111),
        	vrrp(112),
		l2tp(115),
		any(255),
		delete(256)
	    } 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the protocol, for which the table
		 entry shall be valid."
	    DEFVAL { any }
	::= { ipNatPresetEntry 2 }

	ipNatPrRemoteAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatPrRemoteMask the
		 the set of IP addresses of remote hosts initiating a
		 session. The table entry will be valid for an incoming
		 packet, when the IP adress of the remote host initiating 
		 the session lies in the range specified by both objects.
		 If both objects are set to 0.0.0.0, the table entry will
		 be valid for any remote host."
	::= { ipNatPresetEntry 3 }

	ipNatPrRemoteMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatPrRemoteAddr
		 the set of IP addresses of remote hosts initiating the
		 session. The table entry will be valid for an incoming
		 packet, when the IP adress of the remote host initiating 
		 the session lies in the range specified by both objects.
		 If both objects are set to 0.0.0.0, the table entry will
		 be valid for any remote host."
	::= { ipNatPresetEntry 4 }

	ipNatPrExtAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatPrExtMask the
		 set of destination IP addresses, for which the table entry
		 shall be valid. The entry is valid, if the target IP
		 address of an incoming IP packet lies in the range specified
		 by both objects.

		 If both objects are set to 0.0.0.0, the table entry will
		 be valid for any IP address."
	::= { ipNatPresetEntry 5 }

	ipNatPrExtMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatPrExtAddr the
		 set of destination IP addresses, for which the table entry
		 shall be valid. The entry is valid, if the target IP
		 address of an incoming packet lies in the range specified by
		 both objects.

		 If both objects are set to 0.0.0.0, the table entry will
		 be valid for any IP address."
	::= { ipNatPresetEntry 6 }

	ipNatPrExtPort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatPrExtPortRange the
		 range of port numbers for incoming packets, for which the table
		 entry shall be valid. If both objects are set to -1, the
		 entry is valid for all portnumbers. If ipNatPrPortRange is
		 set to -1, the entry is only valid, when the destination port
		 of an incoming IP packet is equal to ipNatPrExtPort.
		 Otherwise, the entry is valid, if the destination port number
		 lies in the range ExtPort .. ExtPortRange."
	    DEFVAL { -1 }
	::= { ipNatPresetEntry 7 }

	ipNatPrExtPortRange OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatPrExtPort the
		 range of portnumbers for incoming packets, for which the table
		 entry shall be valid. If both objects are set to -1, the
		 entry is valid for all portnumbers. If ipNatPrPortRange
		 is set to -1, the entry is only valid, when the destination
		 portnumber of an incoming IP packet is equal to ipNatPrExtPort.
		 Otherwise, the entry is valid, if the portnumber lies in the
		 range ExtPort .. ExtPortRange."
	    DEFVAL { -1 }
	::= { ipNatPresetEntry 8 }

	ipNatPrIntAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"With ipNatPrIntMask, this object specifies the internal target
		 host's IP address for incoming packets matching the table
		 entry.

		 An incoming packet matching this entry will be routed to the
		 internal server specified by this object and ipNatPrIntMask.

		 If this object is set to 0.0.0.0, the target host will be
		 the original target host in the incoming packet.
		 No translation of the IP-addresses takes place in this case.

		 If ipNatPrIntMask is set to 255.255.255.255, the internal 
		 server IP address is ipNatPrIntAddr.

		 If ipNatPrIntMask is a subnet mask, the internal server IP
		 address is the incoming one in which the NET part is mapped
		 according to 'ipNatPrIntAddr / ipNatPrIntMask'."
	::= { ipNatPresetEntry 9 }

	ipNatPrIntPort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the internal target host's port-number
		 for incoming packets matching the table entry. If this
		 object is set to -1, the target portnumber will be
		 taken from the original incoming packet.
		 No translation of the portnumber will take place in this
		 case. If the set of portnumbers for this table entry is
		 a range instead of a single portnumber, this object will
		 specify the base of the target range of portnumbers. The
		 internal portnumber will be constructed as follows:

			new-target-port := old-target-port
			                     - ipNatPrExtPort
			                     + ipNatPrIntPort
		 "
	    DEFVAL { -1 }
	::= { ipNatPresetEntry 10 }

	ipNatPrIntMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"With ipNatPrIntAddr, this object specifies the internal target
		 host's IP address for incoming packets matching the table
		 entry.

		 An incoming packet matching this entry will be routed to the
		 internal server specified by this object and ipNatPrIntMask.

		 If this object is set to 255.255.255.255, the internal 
		 server IP address is ipNatPrIntAddr.

		 If this object is a subnet mask, the internal server 
		 IP address is the incoming one in which the NET part is mapped
		 according to 'ipNatPrIntAddr / ipNatPrIntMask'."
	    DEFVAL { 'ffffffff'h }
	    --DEFVAL { 4294967295 }
	::= { ipNatPresetEntry 11 }

	ipNatPrTimeout OBJECT-TYPE
	    SYNTAX  INTEGER (0..5184000) 
	    UNITS   "seconds"
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"When there is no traffic associated with a NAT entry, this 
		entry is discarded at the end of a timeout value. This object 
		holds this timeout value in seconds. If set to the default 
		value of 0, the timeout will be set to the value specified 
		either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout, 
		depending on the protocol."
	    DEFVAL { 0 }
	::= { ipNatPresetEntry 12 }

	ipNatPrDescr OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"A textual string describing this NAT forwarding rule."
	::= { ipNatPresetEntry 13 }

-- **********************************************************************
-- *    ipSessionTable  TABLE
-- **********************************************************************

ipSessionTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpSessionEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "."
    ::= { biboip 7 }

	ipSessionEntry OBJECT-TYPE
	    SYNTAX  IpSessionEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		""
	    INDEX {
		ipSessionProtocol,
		ipSessionSrcAddr, ipSessionSrcPort,
		ipSessionDstAddr, ipSessionDstPort
	    }
	::= { ipSessionTable 1 }

	IpSessionEntry ::=
	    SEQUENCE {
		ipSessionSrcAddr			IpAddress,
		ipSessionSrcPort			INTEGER,
		ipSessionDstAddr			IpAddress,
		ipSessionDstPort			INTEGER,
		ipSessionOutPkts			Counter32,
		ipSessionOutOctets			Counter32,
		ipSessionInPkts				Counter32,
		ipSessionInOctets			Counter32,
		ipSessionProtocol			INTEGER,
		ipSessionAge				TimeTicks,
		ipSessionIdle				TimeTicks,
		ipSessionSrcIfIndex			INTEGER,
		ipSessionDstIfIndex			INTEGER
	    }

	ipSessionSrcAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"source address of IP session"
	::= { ipSessionEntry 1 }

	ipSessionSrcPort OBJECT-TYPE
	    SYNTAX  INTEGER (0..65535) 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"source port of IP session"
	::= { ipSessionEntry 2 }

	ipSessionDstAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"destination port of IP session"
	::= { ipSessionEntry 3 }

	ipSessionDstPort OBJECT-TYPE
	    SYNTAX  INTEGER (0..65535) 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"destination port of IP session"
	::= { ipSessionEntry 4 }

	ipSessionOutPkts OBJECT-TYPE
	    SYNTAX  Counter32 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"outgoing packets in IP session"
	::= { ipSessionEntry 5 }

	ipSessionOutOctets OBJECT-TYPE
	    SYNTAX  Counter32 
	    UNITS   "bytes"
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"outgoing octets in IP session"
	::= { ipSessionEntry 6 }

	ipSessionInPkts OBJECT-TYPE
	    SYNTAX  Counter32 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"incoming packets in IP session"
	::= { ipSessionEntry 7 }

	ipSessionInOctets OBJECT-TYPE
	    SYNTAX  Counter32 
	    UNITS   "bytes"
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"incoming octets in IP session"
	::= { ipSessionEntry 8 }

	ipSessionProtocol OBJECT-TYPE
	    SYNTAX  INTEGER {
		icmp(1), 
		igmp(2), 
		ggp(3), 
		tcp(6), 
		egp(8), 
		pup(12), 
		udp(17), 
		hmp(20), 
		xns-idp(22), 
		rdp(27),
		ipv6(41),
		rsvp(46),
		gre(47),
		esp(50),
		ah(51),
		igrp(88),
		ospf(89),
		pim(103),
		l2tp(115),
		reserved(255)
	    }
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"protocol of IP session"
	::= { ipSessionEntry 9 }

	ipSessionAge OBJECT-TYPE
	    SYNTAX  TimeTicks 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"age of IP session"
	::= { ipSessionEntry 10 }

	ipSessionIdle OBJECT-TYPE
	    SYNTAX  TimeTicks 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"idle time of IP session"
	::= { ipSessionEntry 11 }

	ipSessionSrcIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"source interface index of IP session"
	::= { ipSessionEntry 12 }

	ipSessionDstIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"destination interface index of IP session"
	::= { ipSessionEntry 13 }

-- **********************************************************************
-- *    ipImportTable  TABLE
-- **********************************************************************

ipImportTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpImportEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "This table specifies how routes from one routing protocol
	    are imported into another routing protocol. The dummy
	    protocol default-route allows the generation of a default
	    route for the routing domain. Not all combinations of 
	    source and destination protocols might be valid or 
	    implemented."
    ::= { biboip 12 }

	ipImportEntry OBJECT-TYPE
	    SYNTAX  IpImportEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
	  	""
	    INDEX   {
		ipImportSrcProto,
		ipImportDstProto,
		ipImportAddr
    	    }
	::= { ipImportTable 1 }

	IpImportEntry ::=
	    SEQUENCE {
		ipImportSrcProto			INTEGER,
		ipImportDstProto			INTEGER,
		ipImportMetric1				INTEGER,
		ipImportType				INTEGER,
		ipImportAddr				IpAddress,
		ipImportMask				IpAddress,
		ipImportEffect				INTEGER,
		ipImportIfIndex				INTEGER,
		ipImportAssociatedAS			INTEGER,
		ipImportRouteMapName			DisplayString
	    }

	ipImportSrcProto OBJECT-TYPE
	    SYNTAX  INTEGER {
		default-route(1),
		direct(2),
		static(3),
		rip(4),
		ospf(5),
		special(6),
		radius(7),
		bgp(8)
	    }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
	    	"This object describes the protocol that generated the route
		 and inserted it into the routing table."
	 ::= { ipImportEntry 1 }

	ipImportDstProto OBJECT-TYPE
	    SYNTAX  INTEGER {
		delete(1),
		rip(2),
		ospf(3),
		bgp(4)
	    }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
	    	"This object describes the destination protocol into that the
		 routes should be imported."
	 ::= { ipImportEntry 2 }

	ipImportMetric1 OBJECT-TYPE
	    SYNTAX  INTEGER
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
	    	"This object defines the metric in the context of the 
		 destination protocol the imported routes should get.
		 If set to -1 these routes get a protocol specific
		 default metric."
	    DEFVAL { -1 }
	::= { ipImportEntry 3 } 

	ipImportType OBJECT-TYPE
	    SYNTAX  INTEGER
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
	    	"This object might define protocol specific properties of 
		 the imported routes in the context of the destination 
		 protocol."
	    DEFVAL { 0 }
	::= { ipImportEntry 4 } 

	ipImportAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipImportMask the range
		 of IP addresses for which the table entry should be valid.
		 The entry is valid if the destination IP address of the
		 route lies in the range specified by both objects.
		 If both objects are set to 0.0.0.0, the table entry will
		 be valid for destination."
	::= { ipImportEntry 5 } 
	
	ipImportMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipImportAddr the range
		 of IP addresses for which the table entry should be valid.
		 The entry is valid if the destination IP address of the
		 route lies in the range specified by both objects.
		 If both objects are set to 0.0.0.0, the table entry will
		 be valid for destination."
	::= { ipImportEntry 6 } 

	ipImportEffect OBJECT-TYPE
	    SYNTAX  INTEGER { import (1), doNotImport(2) }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object defines the effect this row should have. If set 
		 to import, the importation from ipImportSrcProto to 
		 ipImportDstProto takes place. If set to doNotImport the
		 importation is prevented."
	    DEFVAL { import }
	::= { ipImportEntry 7 } 

	ipImportIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the interface index of the interface
		 for which the entry should be valid. If set to -1 it will be
		 valid for all interfaces."
	    DEFVAL { -1 }
	::= { ipImportEntry 8 } 

	ipImportAssociatedAS OBJECT-TYPE
	    SYNTAX  INTEGER (0..65535)
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies an optional Autonomous System
		 identifier for use with BGP."
	::= { ipImportEntry 9 }

	ipImportRouteMapName OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies an optional route-map name
		 for use with BGP."
	::= { ipImportEntry 10 }

-- **********************************************************************
-- *    ipPriorityTable  TABLE
-- **********************************************************************

ipPriorityTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpPriorityEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "This table defines the order, in which routes from different
	     protocols are being used to determine the destination of an
	     ip packet. The table will contain an entry for each type
	     of routing protocol including STATIC and DIRECT routes.
	     A priority-value can be configured for each of those protocols
	     to get an order between the different protocols. The table
	     contains a fixed number of entries. Only the priority may be
	     configured."
    ::= { biboip 13 }

	ipPriorityEntry OBJECT-TYPE
	    SYNTAX  IpPriorityEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		""
	    INDEX   { ipPriorityProto }
	::= { ipPriorityTable 1 }

	IpPriorityEntry ::=
	    SEQUENCE {
		ipPriorityProto			INTEGER,
		ipPriorityValue			INTEGER
	    }

	ipPriorityProto OBJECT-TYPE
	    SYNTAX  INTEGER {
		direct(1),
		static(2),
		rip(3),		-- RIP routes
		ospf(4),	-- OSPF intra and inter area routes
		ospf-ext(5),    -- OSPF type 1 and 2 external routes
		bgp(6)
	    }
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the routig-protocol, for which the
		 entry is valid."
	 ::= { ipPriorityEntry 1 }

	ipPriorityValue OBJECT-TYPE
	    SYNTAX  INTEGER (0..63)
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object contains the priority-value for a specific routing
		 protocol. Low values mean high precedence."
	 ::= { ipPriorityEntry 2 }

-- **********************************************************************
-- *    ipFilterTable  TABLE
-- **********************************************************************

ipFilterTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpFilterEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	     "The ipFilterTable defines filters that describe subsets
	      of IP packets. The filter matches if all conditions defined
	      are true when comparing with the header of an IP packet."
    ::= { biboip 15 }

	ipFilterEntry OBJECT-TYPE
            SYNTAX  IpFilterEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		""
	    INDEX   {
		ipFilterProtocol
	    }
            ::= { ipFilterTable 1 }

	IpFilterEntry ::=
            SEQUENCE {
		ipFilterIndex		INTEGER,
		ipFilterDescr		DisplayString,
		ipFilterProtocol	INTEGER,
		ipFilterSrcAddr		IpAddress,
		ipFilterSrcMask		IpAddress,
		ipFilterSrcPort		INTEGER,
		ipFilterSrcPortRange	INTEGER,
		ipFilterDstAddr		IpAddress,
		ipFilterDstMask		IpAddress,
		ipFilterDstPort		INTEGER,
		ipFilterDstPortRange	INTEGER,
		ipFilterTcpConnState	INTEGER,
		ipFilterIcmpType	INTEGER,
		ipFilterTos		INTEGER,
		ipFilterTosMask		INTEGER,
		ipFilterLevel2Prio	INTEGER,
		ipFilterLevel2PrioMask	INTEGER,
		ipFilterSrcIfIndex	INTEGER
            }

	ipFilterIndex OBJECT-TYPE
	    SYNTAX  INTEGER
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object uniquely references this filter. The index
		 value is generated automatically."
	::= { ipFilterEntry 1 } 
	
	ipFilterDescr OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"A textual string describing this filter."
	::= { ipFilterEntry 2 } 

	ipFilterProtocol OBJECT-TYPE
	    SYNTAX INTEGER {
		icmp(1), 
		igmp(2), 
		ggp(3), 
		ip(4),
		tcp(6), 
		egp(8),
		igp(9), 
		pup(12),
		chaos(16),
		udp(17), 
		hmp(20), 
		xns-idp(22), 
		rdp(27),
		ipv6(41),
		rsvp(46),
		gre(47),
		esp(50),
		ah(51),
		tlsp(56),
		skip(57),
		kryptolan(65),
		iso-ip(80),
		igrp(88),
		ospf(89),
		ipip(94),
		pim(103),
		ipx-in-ip(111),
		vrrp(112),
		l2tp(115),
		delete(255),
		dont-verify(256)
	    }
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
		"This object specifies the value of the protocol field in
		 the ip header for all IP-datagrams belonging to the set.
		 If this object is set to dont-verify, the value of the
		 protocol field is not specified and can take any value."
	    DEFVAL { dont-verify }
	::= { ipFilterEntry 3 }

	ipFilterSrcAddr OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
                "This object specifies together with ipFilterSrcMask 
 	  	 the set of IP addresses of datagrams that belong to the
		 subset defined by this entry. If both objects are set to
		 0.0.0.0 the source-addresses for the datagrams in the set
		 is not specified and can take any value."
	::= { ipFilterEntry 4 }

	ipFilterSrcMask OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
                "This object specifies together with ipFilterSrcAddr 
 	  	 the set of IP addresses of datagrams that belong to the
		 subset defined by this entry. If both objects are set to
		 0.0.0.0 the source-addresses for the datagrams in the set
		 is not specified and can take any value."
	::= { ipFilterEntry 5 }

	ipFilterSrcPort OBJECT-TYPE
	    SYNTAX INTEGER (-1..65535)
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
		"This object describes together with ipFilterSrcPortRange the
		 range of source portnumbers of the IP-datagrams belonging to
		 the set. All portnumbers between and including the two
		 objects are within the range.

		 If both objects are the to -1, the value of the source
		 portnumber is not specified and can take any value."
	    DEFVAL { -1 }
	::= { ipFilterEntry 6 }

	ipFilterSrcPortRange OBJECT-TYPE
	    SYNTAX INTEGER (-1..65535)
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
		"This object describes together with ipFilterDstPort the
		 range of source portnumbers of the IP-datagrams belonging to
		 the set. All portnumbers between and including the two
		 objects are within the range.

		 If both objects are the to -1, the value of the source
		 portnumber is not specified and can take any value."
	    DEFVAL { -1 }
	::= { ipFilterEntry 7 }

	ipFilterDstAddr OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
		"This object describes together with ipFilterDstMask the 
		 range of the target-addresses of the IP-datagrams belonging
		 to the set. If both objects are set to 0.0.0.0 the target-
		 addresses for the datagrams in the set is not specified
		 and can take any value."
	::= { ipFilterEntry 8 }

	ipFilterDstMask OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
		"This object describes together with ipFilterDstAddr the 
		 range of the target-addresses of the IP-datagrams belonging
		 to the set. If both objects are set to 0.0.0.0 the target-
		 addresses for the datagrams in the set is not specified
		 and can take any value."
	::= { ipFilterEntry 9 }

	ipFilterDstPort OBJECT-TYPE
	    SYNTAX INTEGER (-1..65535)
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
		"This object describes together with ipFilterDstPortRange the
		 range of target-portnumbers of the IP-datagrams belonging to
		 the set. All portnumbers between and including the two
		 objects are within the range.

		 If both objects are the to -1, the value of the target
		 portnumber is not specified and can take any value."
	    DEFVAL { -1 }
	::= { ipFilterEntry 10 }

	ipFilterDstPortRange OBJECT-TYPE
	    SYNTAX INTEGER (-1..65535)
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
		"This object describes together with ipFilterDstPort the
		 range of target-portnumbers of the IP-datagrams belonging to
		 the set. All portnumbers between and including the two
		 objects are within the range.

		 If both objects are the to -1, the value of the target
		 portnumber is not specified and can take any value."
	    DEFVAL { -1 }
	::= { ipFilterEntry 11 }

	ipFilterTcpConnState OBJECT-TYPE
	    SYNTAX INTEGER {
		dont-verify(1),
		established(2)
	    }
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
		"This object describes the state of the TCP connection 
                 associated with the packets belonging to the set.
		 If this object is set to established, the value of the TCP
	 	 flags of incoming packets is checked. Packets with flags
		 that initiate TCP connections are excluded from the set.
		 If this object is set to dont-verify, the TCP flags are  
		 not checked and can be any value."
	    DEFVAL { dont-verify }
	::= { ipFilterEntry 12 }

	ipFilterIcmpType OBJECT-TYPE
	    SYNTAX INTEGER {
		dont-verify(31),
		echoRep(1),
		destUnreach(4),
		srcQuench(5),
		redirect(6),
		echo(9),
		timeExcds(12),
		parmProb(13),
		timestamp(14),
		timestampRep(15),
		addrMask(16),
		addrMaskRep(17)
	    }
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
		"This object describes the ICMP type of the packets belonging
	         to the set. If this object is set to dont-verify, the value 
		 of the ICMP type field is not specified and can take any 
	         value."
	    DEFVAL { dont-verify }
	::= { ipFilterEntry 13 }
		
	ipFilterTos OBJECT-TYPE
	    SYNTAX  INTEGER (0..255) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipFilterTosMask the 
		 range of the Type of Service field (TOS) in the IP-header
		 of the IP-datagrams belonging to the set. A TOS value is
		 considered within the range, when the following equation
		 is valid:

		 (tos & ipFilterTosMask) == (ipFilterTos & ipFilterTosMask)

		 If both objects are set to 0 the TOS value of the datagrams
		 in the set is not specified and can take any value."
	::= { ipFilterEntry 14 }

	ipFilterTosMask OBJECT-TYPE
	    SYNTAX  INTEGER (0..255) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipFilterTos the 
		 range of the Type of Service field (TOS) in the IP-header
		 of the IP-datagrams belonging to the set. A TOS value is
		 considered within the range, when the following equation
		 is valid:

		 (tos & ipFilterTosMask) == (ipFilterTos & ipFilterTosMask)

		 If both objects are set to 0 the TOS value of the datagrams
		 in the set is not specified and can take any value."
	::= { ipFilterEntry 15 }

	ipFilterLevel2Prio OBJECT-TYPE
	    SYNTAX  INTEGER (0..7) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipFilterLevel2PrioMask
		 the range of the level 2 priority field associated with 
		 the IP-datagrams belonging to the set. A priority value is
		 considered within the range, when the following equation
		 is valid:

		 (priority & ipFilterLevel2PrioMask) == (ipFilterLevel2Prio & ipFilterLevel2PrioMask)

		 If both objects are set to 0 the level 2 priority of the 
		 datagrams in the set is not specified and can take any 
		 value."
	::= { ipFilterEntry 16 }

	ipFilterLevel2PrioMask OBJECT-TYPE
	    SYNTAX  INTEGER (0..7) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object describes together with ipFilterLevel2PrioMask
		 the range of the level 2 priority field associated with 
		 the IP-datagrams belonging to the set. A priority value is
		 considered within the range, when the following equation
		 is valid:

		 (priority & ipFilterLevel2PrioMask) == (ipFilterLevel2Prio & ipFilterLevel2PrioMask)

		 If both objects are set to 0 the level 2 priority of the 
		 datagrams in the set is not specified and can take any 
		 value."
	::= { ipFilterEntry 17 }

	ipFilterSrcIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the source index of the IP-datagrams.
		 If this object has a value other than 0, only datagrams
		 received  over the interface with the appropriate interface
		 index are considered to be part of the set. If this object
		 is set to 0, the source interface index for the datagrams
		 belonging to the set is not specified."
	::= { ipFilterEntry 18 }

-- **********************************************************************
-- *    ipRuleTable  TABLE
-- **********************************************************************

ipRuleTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpRuleEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	     "The ipRuleTable defines access rules for checking incoming
	      IP packets. The rules are processed in order, i.e. each rule
	      has a link to the next rule. The set of rules is processed
	      until a match occurs, that means the rule's associated filter 
	      matches and the specified action is performed (either accept
	      or deny a packet). The last rule is implicitly a deny rule.
	      The set of rules to be processed can be defined for each
	      interface"
    ::= { biboip 16 }

	ipRuleEntry OBJECT-TYPE
            SYNTAX  IpRuleEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		""
	    INDEX   {
		ipRuleFilterIndex
	    }
            ::= { ipRuleTable 1 }

	IpRuleEntry ::=
            SEQUENCE {
		ipRuleIndex		INTEGER,
		ipRuleFilterIndex	INTEGER,
		ipRuleAction		INTEGER,
		ipRuleNextRuleIndex	INTEGER,
		ipRuleDescr		DisplayString
            }

	ipRuleIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "Unique rule index."
	::= { ipRuleEntry 1 }

	ipRuleFilterIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "References the rule's associated filter."
	::= { ipRuleEntry 2 }

	ipRuleAction OBJECT-TYPE
	    SYNTAX INTEGER {
		allow(1),	-- allow if filter matches
		allow-if-not(2),-- allow if filter not matches
		deny(3),	-- deny if filter matches
		deny-if-not(4),	-- deny if filter not matches
		ignore(5),	-- ignore rule and skip to next rule
		delete(6)	-- delete the entry from the table
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the action to be performed if the
		 rule's associated filter matches. If set to ignore the
		 filter is not consulted and the next rule is processed
		 immediately."
	    DEFVAL { allow }
	::= { ipRuleEntry 3 }

	ipRuleNextRuleIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "Specifies the next rule to be processed if the rule's
		  associated filter does not match. The value 0 is used
		  to mark the end of the rule set."
	    DEFVAL { 0 }
	::= { ipRuleEntry 4 }

	ipRuleDescr OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"A textual string describing this access rule."
	::= { ipRuleEntry 5 }

-- **********************************************************************
-- *    ipNatOutTable  TABLE
-- **********************************************************************

ipNatOutTable OBJECT-TYPE
    -- CNAT: modif: add ipNatOutExtMask
    SYNTAX  SEQUENCE OF IpNatOutEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	     "This table specifies the IP address translation for
	      outgoing sessions. If no matching entry is found the
	      IP address is set to the IP address defined on the
	      interface configured for NAT. If a matching entry is
	      found, the source IP address of outgoing IP packets
	      is translated according to the couple 'ipNatOutExtAddr /
	      ipNatOutExtMask'.

		- If external IP address is a 'host IP address', the
		  whole source IP address is mapped.
		- If external IP address is a 'net IP address', only
		  the 'net part' of source IP address is affected.
		  This table is only used if the outgoing address 
	      translation is activated (ipExtIfNatOutXlat).

	      Entries in the table are created and removed manually
	      by network management."
	::= { biboip 18 }

	ipNatOutEntry OBJECT-TYPE
	    SYNTAX  IpNatOutEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		""
	    INDEX   {
		ipNatOutIfIndex,
		ipNatOutIntAddr,
		ipNatOutExtAddr
	    }
	::= { ipNatOutTable 1 }

	IpNatOutEntry ::=
	    SEQUENCE {
		ipNatOutIfIndex				INTEGER,
		ipNatOutProtocol			INTEGER,
		ipNatOutRemoteAddr			IpAddress,
		ipNatOutRemoteMask			IpAddress,
		ipNatOutExtAddr				IpAddress,
		ipNatOutRemotePort			INTEGER,
		ipNatOutRemotePortRange			INTEGER,
		ipNatOutIntAddr				IpAddress,
		ipNatOutIntMask				IpAddress, 
		ipNatOutIntPort				INTEGER, 
		ipNatOutExtPort				INTEGER,
		ipNatOutExtMask				IpAddress,
		ipNatOutTimeout				INTEGER,
		ipNatOutDescr				DisplayString,
        	ipNatOutNatCategory			INTEGER,
		ipNatOutIntPortRange			INTEGER, 
		ipNatOutExtPortRange			INTEGER
	    }

	ipNatOutIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the interface index, for which the
		 table entry shall be valid. If set to 0, the entry will
		 be valid for all interfaces configured to use NAT."
	::= { ipNatOutEntry 1 }

	ipNatOutProtocol OBJECT-TYPE
	    SYNTAX  INTEGER { 
		icmp(1),
		igmp(2),
        	ggp(3),
        	ip(4), 
		tcp(6),
        	egp(8),
        	igp(9),
        	pup(12),
        	chaos(16), 
		udp(17),
        	hmp(20),
        	xns-idp(22),
        	rdp(27),
		ipv6(41),
        	rsvp(46),
		gre(47),
		esp(50),
		ah(51),
        	tlsp(56),
        	skip(57),
        	kryptolan(65),
        	iso-ip(80),
		igrp(88),
		ospf(89),
		ipip(94),
		ipx-in-ip(111),
		vrrp(112),
		l2tp(115),
		any(255),		
		delete(256)
	    } 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the protocol, for which the table
		 entry shall be valid."
	    DEFVAL { any }
	::= { ipNatOutEntry 2 }

	ipNatOutRemoteAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatOutRemoteMask the
		 set of target IP addresses for which the table entry is  
		 valid. If both objects are set to 0.0.0.0, the table entry
		 will be valid for any target IP address."
	::= { ipNatOutEntry 3 }

	ipNatOutRemoteMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatOutRemoteAddr the
		 set of target IP addresses for which the table entry is  
		 valid. If both objects are set to 0.0.0.0, the table entry
		 will be valid for any target IP address."
	::= { ipNatOutEntry 4 }

	ipNatOutExtAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"With ipNatOutExtMask, this object specifies the external 
		'IP address' or 'NET address' to which the internal IP address 
		is mapped.

		- To map exactly to ipNatOutExtAddr (i.e. map to a single IP 
		address), ipNatOutExtMask MUST be set to 255.255.255.255

		- To keep HOST part of source IP address and map only the
		NET part, ipNatOutExtMask MUST be the related subnet mask
		(and it should be the same as ipNatOutIntMask )."
	::= { ipNatOutEntry 5 }


	ipNatOutRemotePort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatOutRemotePortRange
		 the range of portnumbers for outgoing packets, for which the
		 table entry shall be valid. If both objects are set to -1, the
		 entry is valid for all portnumbers. If ipNatOutPortRange
		 is set to -1, the entry is only valid, when the portnumber 
		 of an outgoing packet is equal to ipNatOutRemotePort.
		 Otherwise, the entry is valid, if the destination portnumber
		 lies in the range RemotePort .. RemotePortRange."
	    DEFVAL { -1 }
	::= { ipNatOutEntry 6 }

	ipNatOutRemotePortRange OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatOutRemotePort
		 the range of portnumbers for outgoing packets, for which the
		 table entry shall be valid. If both objects are set to -1, the
		 entry is valid for all portnumbers. If ipNatOutPortRange
		 is set to -1, the entry is only valid, when the portnumber 
		 of an outgoing packet is equal to ipNatOutRemotePort.
		 Otherwise, the entry is valid, if the destination portnumber
		 lies in the range RemotePort .. RemotePortRange."
	    DEFVAL { -1 }
	::= { ipNatOutEntry 7 }

	ipNatOutIntAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatOutIntMask
                 the internal hosts IP address for outgoing packets 
  	 	 matching the table entry. If both objects are set to 
		 0.0.0.0, the table entry will be valid for any source 
		 IP address."
	::= { ipNatOutEntry 8 }

	ipNatOutIntMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatOutIntAddr
                 the internal hosts IP address for outgoing packets 
  	 	 matching the table entry. If both objects are set to 
		 0.0.0.0, the table entry will be valid for any source 
		 IP address."
	::= { ipNatOutEntry 9 }

	ipNatOutIntPort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the internal source port for which the
		 table entry shall be valid. If this object is set to -1, 
		 any internal source port matches this entry."
	    DEFVAL { -1 }
	::= { ipNatOutEntry 10 }

	ipNatOutExtPort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object may be used to specify a fixed external source 
		 port to which the internal source port is mapped. 
		 If this object is set to -1, the port is mapped to the next 
		 free source port available."
	    DEFVAL { -1 }
	::= { ipNatOutEntry 11 }


	ipNatOutExtMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"With ipNatOutExtAddr, this object specifies the external 
		'IP address' or 'NET address' to which the internal IP address 
		is mapped.

		- To map exactly to ipNatOutExtAddr (i.e. map to a single IP 
		address), ipNatOutExtMask MUST be set to 255.255.255.255

		- To keep HOST part of source IP address and map only the
		NET part, ipNatOutExtMask MUST be the related subnet mask
		(and it should be the same as ipNatOutIntMask)."
	    DEFVAL { 'ffffffff'h }
	    --DEFVAL { 4294967295 }
	::= { ipNatOutEntry 12 }

	ipNatOutTimeout OBJECT-TYPE
	    SYNTAX  INTEGER (0..5184000) 
	    UNITS   "seconds"
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"When there is no traffic associated with a NAT entry, this 
		entry is discarded at the end of a timeout value. This object 
		holds this timeout value in seconds. If set to the default 
		value of 0, the timeout will be set to the value specified 
		either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout, 
		depending on the protocol."
	    DEFVAL { 0 }
	::= { ipNatOutEntry 13 }

	ipNatOutDescr OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"A textual string describing this NAT translation rule."
	::= { ipNatOutEntry 14 }

        ipNatOutNatCategory OBJECT-TYPE
            SYNTAX  INTEGER {
                full-cone(1),
                restricted-cone(2),
                port-restricted-cone(3),
                symmetric(4)
            }
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
                "Specifies the NAT category according RFC 3489 and 5389
		 to be applied for UDP traffic matching with this entry."
            DEFVAL { symmetric }
	::= { ipNatOutEntry 15 }

	ipNatOutIntPortRange OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatOutIntPort the
		 internal source port range for which the table entry shall
		 be valid. If this object is set to -1, only ipNatOutIntPort
		 is used as selector for this entry."
	    DEFVAL { -1 }
	::= { ipNatOutEntry 16 }

	ipNatOutExtPortRange OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object may be used together with ipNatOutExtPort to
		 specify a fixed external source port number range to which
		 the internal source port numbers are mapped. This mapping
		 depends on the position of the original source port number
		 within the range specified by ipNatOutIntPort and
		 ipNatOutIntPortRange. If this object is set to -1, only
		 ipNatOutExtPort is considered for this entry."
	    DEFVAL { -1 }
	::= { ipNatOutEntry 17 }

-- **********************************************************************
-- *    ipHostsAliveTable  TABLE
-- **********************************************************************

ipHostsAliveTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpHostsAliveEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	     "This table specifies the watched IP addresses.
	     
	      Entries in the table are created and removed manually
	      by network management."
	::= { biboip 19 }

	ipHostsAliveEntry OBJECT-TYPE
	    SYNTAX  IpHostsAliveEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		""
	    INDEX   {
		ipHostsAliveIPAddress
	    }
	::= { ipHostsAliveTable 1 }

	IpHostsAliveEntry ::=
	    SEQUENCE {
		ipHostsAliveGroup		INTEGER,
		ipHostsAliveIPAddress		IpAddress,
		ipHostsAliveState		INTEGER,
		ipHostsAliveInterval		INTEGER,
		ipHostsAliveDownAction		INTEGER,
		ipHostsAliveFirstIfIndex	INTEGER,
		ipHostsAliveRange		INTEGER, 
		ipHostsAliveSrcIPAddress	IpAddress,
		ipHostsAliveTrials		INTEGER,
		ipHostsAliveBackups		INTEGER
	    }

	ipHostsAliveGroup OBJECT-TYPE
	    SYNTAX  INTEGER (0..255) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The group of the watched IP-Addresses"
	    DEFVAL { 0 }
	::= { ipHostsAliveEntry 1 }

	ipHostsAliveIPAddress OBJECT-TYPE
	    SYNTAX  IpAddress
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The watched IP-Address. If set to zero, the default gateway is used."
	::= { ipHostsAliveEntry 2 }

	ipHostsAliveState OBJECT-TYPE
	    SYNTAX  INTEGER {
		      alive(1),
		      down(2)
		    }
	    MAX-ACCESS  read-only
	    STATUS  current
            DESCRIPTION
                      "The State of the watched IP-Address"
            DEFVAL { alive }
	::= { ipHostsAliveEntry 3 }

	ipHostsAliveInterval OBJECT-TYPE
	    SYNTAX  INTEGER (1..65536) 
	    UNITS   "seconds"
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This is the time interval for state verification"
	    DEFVAL { 300 }
	::= { ipHostsAliveEntry 4 }

	ipHostsAliveDownAction OBJECT-TYPE
	    SYNTAX  INTEGER {
		      up(1),
		      down(2),
		      delete(3),
		      none(4),
		      reset(5),
		      redial(6),
		      monitor(7)
		    }
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
                      "Action be performed if the ipHostsAliveState changes to
		       down (2), If set to none (4) there is no action
		       specified, if set to monitor (7) this entry
		       just enables monitoring of this status in other
		       subsystem context like IP load balancing."
            DEFVAL { down }
	::= { ipHostsAliveEntry 5 }

	ipHostsAliveFirstIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The first ifc"
	    DEFVAL { 10001 }
	::= { ipHostsAliveEntry 6 }

	ipHostsAliveRange OBJECT-TYPE
	    SYNTAX  INTEGER (0..65536)
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The range of all ifc's"
	    DEFVAL { 4999 }
	::= { ipHostsAliveEntry 7 }

	ipHostsAliveSrcIPAddress OBJECT-TYPE
	    SYNTAX  IpAddress
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The source IP-Address"
	::= { ipHostsAliveEntry 8 }

	ipHostsAliveTrials OBJECT-TYPE
	    SYNTAX  INTEGER (1..65535)
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"How many ping attempts until host is considered down.

		 Default value is 3."
	    DEFVAL { 3 }
	::= { ipHostsAliveEntry 9 }


	ipHostsAliveBackups OBJECT-TYPE
	    SYNTAX  INTEGER (1..65535)
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"How many successful pings until host is considered up.

		 Default value is 1."
	    DEFVAL { 1 }
	::= { ipHostsAliveEntry 10 }


-- **********************************************************************
-- *    ipBodRuleTable  TABLE
-- **********************************************************************

ipBodRuleTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpBodRuleEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	     "The ipBodRuleTable defines access rules for checking incoming
	      IP packets. The rules are processed in order, i.e. each rule
	      has a link to the next rule. The set of rules is processed
	      until a match occurs, that means the rule's associated filter 
	      matches and the specified action is performed (either request
	      or deny additional bandwidth). The last rule is implicitly a
	      deny rule. The set of rules to be processed can be defined
	      for each interface."
	::= { biboip 21 }

	ipBodRuleEntry OBJECT-TYPE
            SYNTAX  IpBodRuleEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		""
	    INDEX   {
		ipBodRuleFilterIndex
	    }
            ::= { ipBodRuleTable 1 }

	IpBodRuleEntry ::=
            SEQUENCE {
		ipBodRuleIndex		INTEGER,
		ipBodRuleFilterIndex	INTEGER,
		ipBodRuleAction		INTEGER,
		ipBodRuleDirection	INTEGER,
		ipBodRuleChannels	INTEGER,
		ipBodRuleNextRuleIndex	INTEGER,
		ipBodRuleIdleTime	INTEGER
            }

	ipBodRuleIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "Unique rule index."
	::= { ipBodRuleEntry 1 }

	ipBodRuleFilterIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "References the rule's associated filter."
	::= { ipBodRuleEntry 2 }

	ipBodRuleAction OBJECT-TYPE
	    SYNTAX INTEGER {
		invoke(1),		-- invoke bandwidth if filter matches
		invoke-if-not(2),	-- invoke if filter not matches
		deny(3),		-- deny BOD if filter matches
		deny-if-not(4),		-- deny BOD if filter not matches
		ignore(5),		-- ignore rule and skip to next rule
		delete(6)		-- delete the entry from the table
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the action to be performed if the
		 rule's associated filter matches. If set to ignore the
		 filter is not consulted and the next rule is processed
		 immediately."
	    DEFVAL { invoke }
	::= { ipBodRuleEntry 3 }

	ipBodRuleDirection OBJECT-TYPE
	    SYNTAX INTEGER {
		outgoing(1),	-- used for outgoing packets only
		incoming(2),	-- used for incoming packets only
		both(3)		-- used for both directions
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the direction of the packets for
		 which the rule is processed."
	    DEFVAL { outgoing }
	::= { ipBodRuleEntry 4 }

	ipBodRuleChannels OBJECT-TYPE
	    SYNTAX  INTEGER (0..8)
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"The number of B-channels to invoke if the rule's
		 associated filter matches."
	    DEFVAL { 1 }
	::= { ipBodRuleEntry 5 }

	ipBodRuleNextRuleIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "Specifies the next rule to be processed if the rule's
		  associated filter does not match. The value 0 is used
		  to mark the end of the rule set."
	    DEFVAL { 0 }
	::= { ipBodRuleEntry 6 }

	ipBodRuleIdleTime OBJECT-TYPE
	    SYNTAX  INTEGER (-1..3600)
	    UNITS   "seconds"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Specifies the time in seconds the interface-specific
		 shorthold interval (see biboPPPTable) is extended if the
		 rule's associated filter matches. When set to zero this
		 setting is ignored. When set to -1 matching packets are
		 sent piggyback, they are not considered for shorthold mode."
	    DEFVAL { 0 }
	::= { ipBodRuleEntry 7 }

-- **********************************************************************
-- *    ipQoSTable  TABLE
-- **********************************************************************

ipQoSTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpQoSEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	     "The ipQosTable defines the classifier rules that are applied
	      to IP traffic arriving this interface in a particular
	      direction. The rules are processed in order, i.e. each rule
	      has a link to the next rule. The set of rules is processed
	      until a match occurs, that means the rule's associated filter
	      matches and the specified action is performed (alter the IP
	      headers TOS field, alter associated level 2 priority, specify 
	      a service class for QoS). The set of these rules to be 
	      processed can be defined for each interface."
	::= { biboip 22 }

	ipQoSEntry OBJECT-TYPE
            SYNTAX  IpQoSEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		""
	    INDEX   {
		ipQoSFilterIndex
	    }
            ::= { ipQoSTable 1 }

	IpQoSEntry ::=
            SEQUENCE {
		ipQoSIndex			INTEGER,
		ipQoSFilterIndex		INTEGER,
		ipQoSNextRuleIndex		INTEGER,
		ipQoSAction			INTEGER,
		ipQoSTos			INTEGER,
    --		ipQoSClassOfService		INTEGER,
		ipQoSTosSetRate			INTEGER,
		ipQoSTosSetBurst		INTEGER,
		ipQoSTosSetExceedAction		INTEGER,
		ipQoSTosRemark			INTEGER,
		ipQoSServiceClass		INTEGER,
		ipQoSClassId			INTEGER,
		ipQoSDirection			INTEGER,
		ipQoSTosSetRateLimitation	INTEGER,
		ipQoSTosSetRateBps		INTEGER,
		ipQoSTosSetBurstBps		INTEGER,
		ipQoSClassifyAction		INTEGER,
		ipQoSExceedRateLimitation	INTEGER,
		ipQoSExceedRate			INTEGER,
		ipQoSExceedBurst		INTEGER,
		ipQoSExceedRateBps		INTEGER,
		ipQoSExceedBurstBps		INTEGER,
		ipQoSTosAndMask			INTEGER,
		ipQoSTosOrMask			INTEGER,
		ipQoSLevel2PrioAndMask		INTEGER,
		ipQoSLevel2PrioOrMask		INTEGER,
		ipQoSTosAndMaskExceed		INTEGER,
		ipQoSTosOrMaskExceed		INTEGER,
		ipQoSLevel2PrioAndMaskExceed	INTEGER,
		ipQoSLevel2PrioOrMaskExceed	INTEGER,
		ipQoSDescr			DisplayString
            }

	ipQoSIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Unique rule index."
	::= { ipQoSEntry 1 }

	ipQoSFilterIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"References the associated filter (see IpFilterTable)."
	::= { ipQoSEntry 2 }

	ipQoSNextRuleIndex OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Specifies the next classifier rule to be processed if the
		 rule's associated filter does not match. The value 0 is used
		 to mark the end of the rule set."
	    DEFVAL { 0 }
	::= { ipQoSEntry 3 }

	ipQoSAction OBJECT-TYPE
	    SYNTAX INTEGER {
		classify(1),			-- filter matches, classify packet & set TOS
		classify-if-not(2),		-- classify & set TOS if filter doesn't match
		disabled(3),			-- ignore rule and skip to next rule
		classify-keep-tos(4),		-- filter matches, classify packet (keep TOS)
		classify-keep-tos-if-not(5),	-- classify (keep TOS) if filter doesn't match
		delete(15)			-- delete the entry from the table
	    }
            MAX-ACCESS  read-write
            STATUS  obsolete
            DESCRIPTION
		"WARNING: this object is obsolete and must not be used. It
		 exists in this table for configuration conversion purposes.
		 Below is its previous definition:

		 This object specifies the action to be performed if the
		 associated filter matches. If set to disabled the filter is
		 not consulted and the next rule is processed immediately,
		 possible values:
		 classify(1) 			= filter matches, classify packet & set TOS
		 classify-if-not(2)		= classify & set TOS if filter doesn't match
		 disabled(3)			= ignore rule and skip to next rule
		 classify-keep-tos(4)		= filter matches, classify packet (keep TOS)
		 classify-keep-tos-if-not(5)	= classify (keep TOS) if filter doesn't match
		 delete(15)			= delete the entry from the table."
	    DEFVAL { classify }
	::= { ipQoSEntry 4 }

	ipQoSTos OBJECT-TYPE
	    SYNTAX INTEGER  (0..255) 
            MAX-ACCESS  read-write
	    STATUS  obsolete
            DESCRIPTION
		 "WARNING: this object is obsolete and must not be used. It
		 exists in this table for configuration conversion purposes.
		 Below is its previous definition:

		 Value for TOS field inside IP header to be set."
	    DEFVAL { 0 }
	::= { ipQoSEntry 5 }

    --	ipQoSClassOfService OBJECT-TYPE
    --	    SYNTAX INTEGER  (1..255)
    --      ACCESS  read-write
    --      STATUS  mandatory
    --
    --      DESCRIPTION
    --		"Specifies the class of service used for the congestion
    --		 management, priorization and traffic shapping. If set to
    --		 256 (high priority service class) the related traffic
    --		 will be always handled first."
    --	    DEFVAL { 1 }
    --	::= { ipQoSEntry 6 }
    --

	ipQoSTosSetRate OBJECT-TYPE
	    SYNTAX INTEGER  (0..65535)
            MAX-ACCESS  read-write
	    STATUS  obsolete
            DESCRIPTION
		"WARNING: this object is obsolete and must not be used. It
		 exists in this table for configuration conversion purposes.
		 Below is its previous definition:

		 Maximum amount of packets per second that should be TOS
		 changed."
	    DEFVAL { 0 }
	::= { ipQoSEntry 7 }

	ipQoSTosSetBurst OBJECT-TYPE
	    SYNTAX INTEGER  (0..65535)
            MAX-ACCESS  read-write
	    STATUS  obsolete
            DESCRIPTION
		"WARNING: this object is obsolete and must not be used. It
		 exists in this table for configuration conversion purposes.
		 Below is its previous definition:

		 Maximum amount of packets per second additional to the
		 ipQosSetRate that could be TOS changed."
	    DEFVAL { 0 }
	::= { ipQoSEntry 8 }

  	ipQoSTosSetExceedAction OBJECT-TYPE
  	    SYNTAX INTEGER {
  		none(1),
  		remark-tos(2),
		ignore(3)
  	    }
            MAX-ACCESS  read-write
	    STATUS  obsolete
	    DESCRIPTION
  		"WARNING: this object is obsolete and must not be used. It
		 exists in this table for configuration conversion purposes.
		 Below is its previous definition:

		 This object specifies how to mark packets in excess of the 
		 rate limitation defined for this entry. Possible values:
  		 none(1)	= the TOS field is unchanged, but the packet
				  is flagged as eligible for discard.
		 remark-tos(2)	= the TOS field is set with the ipQosTosRemark
				  value.
		 ignore(3)	= used internally for conversion between old 
				  format and new format of this table."
  	    DEFVAL { ignore }
  	::= { ipQoSEntry 9 }

	ipQoSTosRemark OBJECT-TYPE
	    SYNTAX INTEGER  (0..255) 
            MAX-ACCESS  read-write
	    STATUS  obsolete
            DESCRIPTION
		 "WARNING: this object is obsolete and must not be used. It
		  exists in this table for configuration conversion purposes.
		  Below is its previous definition:

		  Value for TOS field inside IP header to be set 
		  when ipQoSTosSetExceedAction is set to remark-tos."
	    DEFVAL { 0 }
	::= { ipQoSEntry 10 }
  
	ipQoSServiceClass OBJECT-TYPE
	    SYNTAX INTEGER {
		normal(1),
		high-priority(2)
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "This object specifies together with ipQoSClassId the class
		  of service used for the congestion management, priorization
		  and traffic shapping. If set to high-priority(2) (high
		  priority service class) the related traffic will be always
		  handled first and ipQoSClassId is ignored."
	    DEFVAL { normal }
	::= { ipQoSEntry 11 }

	ipQoSClassId OBJECT-TYPE
	    SYNTAX INTEGER (1..255)
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies together with ipQoSServiceClass
		 (normal(1) only) the class of service used for congestion
		 avoidance, congestion management, priorization and traffic
		 shapping. Note that this ID is not used to give a nominal
		 priority to the related IP traffic."
	    DEFVAL { 1 }
	::= { ipQoSEntry 12 }

	ipQoSDirection OBJECT-TYPE
	    SYNTAX INTEGER {
		outgoing(1),	-- used for outgoing packets only
		incoming(2),	-- used for incoming packets only
		both(3)		-- used for both directions
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the direction for witch this classifier
		 rule applies on this interface, possible values:
		 outgoing(1)	= used for outgoing packets only
		 incoming(2)	= used for incoming packets only
		 both(3)	=  used for both directions."
	    DEFVAL { outgoing }
	::= { ipQoSEntry 13 }

  	ipQoSTosSetRateLimitation OBJECT-TYPE
  	    SYNTAX INTEGER {
  		none(1),
  		packets(2),
  		throughput(3)
  	    }
            MAX-ACCESS  read-write
	    STATUS  obsolete
	    DESCRIPTION
  		"WARNING: this object is obsolete and must not be used. It
		 exists in this table for configuration conversion purposes.
		 Below is its previous definition:

		 This field specifies a rate limitation for the packets 
		 to mark with the ipQosTos value. Possible values:
		 none(1)	= no limitation is defined.
		 packets(2)	= a limitation is defined in number 
				  of packets per second.
		 throughput(3)	= a limitation is defined in bits per second."
  	    DEFVAL { packets }
  	::= { ipQoSEntry 14 }

	ipQoSTosSetRateBps OBJECT-TYPE
	    SYNTAX INTEGER  
	    UNITS   "bps"
            MAX-ACCESS  read-write
	    STATUS  obsolete
            DESCRIPTION
		"WARNING: this object is obsolete and must not be used. It
		 exists in this table for configuration conversion purposes.
		 Below is its previous definition:

		 Maximum amount of trafic in bits per second that should be
		 marked with TOS value ipQosTos."
	    DEFVAL { 0 }
	::= { ipQoSEntry 15 }

	ipQoSTosSetBurstBps OBJECT-TYPE
	    SYNTAX INTEGER  
	    UNITS   "bps"
            MAX-ACCESS  read-write
	    STATUS  obsolete
            DESCRIPTION
		"WARNING: this object is obsolete and must not be used. It
		 exists in this table for configuration conversion purposes.
		 Below is its previous definition:

		 Maximum amount of additional trafic to the ipQoSTosSetRateBps
		 in bits per second that should be marked with TOS value
		 ipQosTos."

	    DEFVAL { 0 }
	::= { ipQoSEntry 16 }

	ipQoSClassifyAction OBJECT-TYPE
	    SYNTAX INTEGER {
		classify(1),			-- filter matches, classify packet & set TOS
		classify-if-not(2),		-- classify & set TOS if filter doesn't match
		disabled(3),			-- ignore rule and skip to next rule
		delete(15)			-- delete the entry from the table
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the action to be performed if the
		 associated filter matches. If set to disabled the filter is
		 not consulted and the next rule is processed immediately,
		 possible values:
		 classify(1) 			= filter matches, classify packet & set TOS
		 classify-if-not(2)		= classify & set TOS if filter doesn't match
		 disabled(3)			= ignore rule and skip to next rule
		 delete(15)			= delete the entry from the table."
	    DEFVAL { classify }
	::= { ipQoSEntry 17 }

  	ipQoSExceedRateLimitation OBJECT-TYPE
  	    SYNTAX INTEGER {
  		none(1),
  		packets(2),
  		throughput(3)
  	    }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
  		"This field specifies a rate limitation between in-profile and 
		out-profile datagrams. Possible values:
		none(1)		 = no limitation is defined.
		packets(2)	 = a limitation is defined in number 
				   of packets per second.
		throughput(3)= a limitation is defined in bits per second."
  	    DEFVAL { packets }
  	::= { ipQoSEntry 18 }

	ipQoSExceedRate OBJECT-TYPE
	    SYNTAX INTEGER  (0..65535)
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Maximum amount of packets per second that are considered 
		in-profile. Packets in excess of (ipQosExceedRate + 
		ipQosExceedBurst) are considered out-profile."
	    DEFVAL { 0 }
	::= { ipQoSEntry 19 }

	ipQoSExceedBurst OBJECT-TYPE
	    SYNTAX INTEGER  (0..65535)
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Maximum additional amount of packets per second that are 
		considered in-profile. Packets in excess of (ipQosExceedRate 
		+ ipQosExceedBurst) are considered out-profile."
	    DEFVAL { 0 }
	::= { ipQoSEntry 20 }

	ipQoSExceedRateBps OBJECT-TYPE
	    SYNTAX INTEGER  
	    UNITS   "bps"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Maximum amount of traffic in bits per second that is 
		 considered in-profile. Traffic in excess of 
		 (ipQosExceedRateBps + ipQosExceedBurstBps) is considered 
		 out-profile."
	    DEFVAL { 0 }
	::= { ipQoSEntry 21 }

	ipQoSExceedBurstBps OBJECT-TYPE
	    SYNTAX INTEGER  
	    UNITS   "bps"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Maximum amount of additional traffic that is considered 
		 in-profile. Traffic in excess of 
		 (ipQosExceedRateBps + ipQosExceedBurstBps) is considered 
		 out-profile."
	    DEFVAL { 0 }
	::= { ipQoSEntry 22 }

	ipQoSTosAndMask OBJECT-TYPE
	    SYNTAX INTEGER  (0..255) 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "AND mask applied to TOS field inside IP header of in-profile 
		 datagrams."
	    DEFVAL { 255 }
	::= { ipQoSEntry 23 }

	ipQoSTosOrMask OBJECT-TYPE
	    SYNTAX INTEGER  (0..255) 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "OR mask applied to TOS field inside IP header of in-profile 
		 datagrams."
	    DEFVAL { 0 }
	::= { ipQoSEntry 24 }

	ipQoSLevel2PrioAndMask OBJECT-TYPE
	    SYNTAX INTEGER  (0..7) 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "AND mask applied to level 2 priority associated with 
		  in-profile datagrams."
	    DEFVAL { 7 }
	::= { ipQoSEntry 25 }

	ipQoSLevel2PrioOrMask OBJECT-TYPE
	    SYNTAX INTEGER  (0..7) 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "OR mask applied to level 2 priority associated with 
		  in-profile datagrams."
	    DEFVAL { 0 }
	::= { ipQoSEntry 26 }

	ipQoSTosAndMaskExceed OBJECT-TYPE
	    SYNTAX INTEGER  (0..255) 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "AND mask applied to TOS field inside IP header of out-profile 
		 datagrams."
	    DEFVAL { 255 }
	::= { ipQoSEntry 27 }

	ipQoSTosOrMaskExceed OBJECT-TYPE
	    SYNTAX INTEGER  (0..255) 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "OR mask applied to TOS field inside IP header of out-profile 
		 datagrams."
	    DEFVAL { 0 }
	::= { ipQoSEntry 28 }

	ipQoSLevel2PrioAndMaskExceed OBJECT-TYPE
	    SYNTAX INTEGER  (0..7) 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "AND mask applied to level 2 priority associated with 
		  out-profile datagrams."
	    DEFVAL { 7 }
	::= { ipQoSEntry 29 }

	ipQoSLevel2PrioOrMaskExceed OBJECT-TYPE
	    SYNTAX INTEGER  (0..7) 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "OR mask applied to level 2 priority associated with 
		  out-profile datagrams."
	    DEFVAL { 0 }
	::= { ipQoSEntry 30 }

	ipQoSDescr OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"A textual string describing this classifier rules."
	::= { ipQoSEntry 31 }

-- **********************************************************************
-- *    ipRipTimerTable  TABLE
-- **********************************************************************
-- Should be named 'ipRipStaticTable' instead

ipRipTimerTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpRipTimerEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	     "The 'ipRipTimerTable' contains the basic configuration
	      of the RIP protocol. Formerly created to define only
	      the 3 timers involved in RIP process (cf RFC 2453).

	      This set of timers is unique for the router. Values
	      should be the same on all the routers of the whole network."
	::= { biboip 23 }

	ipRipTimerEntry OBJECT-TYPE
	    SYNTAX  IpRipTimerEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		""
	    INDEX { ipRipVersion}
	::= { ipRipTimerTable 1 }

	IpRipTimerEntry ::=
	    SEQUENCE {
		ipRipVersion			INTEGER,
		ipRipTimerUpdate		INTEGER,
		ipRipTimerTimeout		INTEGER,
		ipRipTimerGarbage		INTEGER,
		ipRipRfc2453Timer		INTEGER,
		ipRipRfc2091Timer		INTEGER,
		ipRipUpdatePacketRetryTimer	INTEGER,
		ipRipPoisonedReverse		INTEGER,
		ipRipDistributeDefaultRoutes	INTEGER,
		ipRipHoldDownTimer		INTEGER
	    }

        ipRipVersion OBJECT-TYPE
	    -- This member only needed to have a ReadOnly "index"
	    -- so avoiding "row creation" by EndUser.
            SYNTAX  INTEGER (1..3)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "RFC 2453, RIP Version 2."
            DEFVAL { 2 }
        ::= { ipRipTimerEntry 1 }

	ipRipTimerUpdate OBJECT-TYPE
	    SYNTAX  INTEGER (1..65535)
	    UNITS   "seconds"
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"An unsollicited RIP response is broadcast
		every 'ipRipTimerUpdate' seconds."
	    DEFVAL { 30 }
	::= { ipRipTimerEntry 2 }

	ipRipTimerTimeout OBJECT-TYPE
	    SYNTAX  INTEGER (1..65535)
	    UNITS   "seconds"
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"If 'ipRipTimerTimeout' seconds elapse from the last time an
		update message is received for this route, the route is dropped
		but keeped in routing table. Then 'garbage process' is started."
	    DEFVAL { 180 }
	::= { ipRipTimerEntry 3 }

	ipRipTimerGarbage OBJECT-TYPE
	    SYNTAX  INTEGER (1..65535)
	    UNITS   "seconds"
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"If 'ipRipTimerGarbage' seconds elapse from the start of 
		'garbage process' (and if route is still 'dropped'), 
		the route is removed from the routing table."
	    DEFVAL { 120 }
	::= { ipRipTimerEntry 4 }

	ipRipRfc2453Timer OBJECT-TYPE
	    SYNTAX  INTEGER { enabled(1), disabled(2) }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The 'ipRipRfc2453Timer' enabled/disables variable
		 timer definition from RFC 2453."
	    DEFVAL { enabled }
	::= { ipRipTimerEntry 5 }

	ipRipRfc2091Timer OBJECT-TYPE
	    SYNTAX  INTEGER { enabled(1), disabled(2) }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The 'ipRipRfc2453Timer' enabled/disables variable
		 timer definition from RFC 2091."
	    DEFVAL { disabled }
	::= { ipRipTimerEntry 6 }

	ipRipUpdatePacketRetryTimer OBJECT-TYPE
	    SYNTAX  INTEGER (1..10)
	    UNITS   "seconds"
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"If 'ipRipTimerUpdatePacketRetry' seconds elapse since the
		 transmission of the last update packet without receiving
		 an acknowledge the update packet is resend."
	    DEFVAL { 5 }
	::= { ipRipTimerEntry 7 }

	ipRipPoisonedReverse OBJECT-TYPE
	    SYNTAX  INTEGER { enabled(1), disabled(2) }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"Enable or disable the (currently unimplemented)
		 control over 'poisoned reverse' route distribution."
	    DEFVAL { disabled }
	::= { ipRipTimerEntry 8 }

	ipRipDistributeDefaultRoutes OBJECT-TYPE
	    SYNTAX  INTEGER { enabled(1), disabled(2) }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"Enable or disable the distribution of 'default routes'."
	    DEFVAL { enabled }
	::= { ipRipTimerEntry 9 }

	ipRipHoldDownTimer OBJECT-TYPE
	    SYNTAX  INTEGER (1..65535)
	    UNITS   "seconds"
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"If 'ipRipHoldDownTimer' seconds elapse from the start of 
		'database timeout' (and if route is still 'dropped'), 
		the route is removed from the routing table."
	    DEFVAL { 120 }
	::= { ipRipTimerEntry 10 }

-- **********************************************************************
-- *    ipRipFilterTable  TABLE
-- **********************************************************************

ipRipFilterTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpRipFilterEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	     "The ipRipFilterTable contains additional information related
	      to IP and the interfaces found on the system. Entries can only
	      be added or deleted by the system."
	::= { biboip 33 }

	ipRipFilterEntry OBJECT-TYPE
	    SYNTAX  IpRipFilterEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		""
	    INDEX   { ipRipFilterIfIndex,
	              ipRipFilterIpAddr,   ipRipFilterNetMask,
	              ipRipFilterPriority, ipRipFilterDirection }
	      ::= { ipRipFilterTable 1 }

	IpRipFilterEntry ::=
	    SEQUENCE {
		ipRipFilterEntryState			INTEGER,
		ipRipFilterIfIndex			INTEGER,
	        ipRipFilterIpAddr			IpAddress,
		ipRipFilterNetMask			IpAddress,
		ipRipFilterPriority			INTEGER,
		ipRipFilterDirection			INTEGER,
		ipRipFilterDistribution			INTEGER,
		ipRipFilterMetric1IfUpOffset		INTEGER,
		ipRipFilterMetric1IfDormantOffset	INTEGER
	    }

	ipRipFilterEntryState OBJECT-TYPE
	    SYNTAX  INTEGER {
		active(1),
		delete(2)
	    }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"makes entry active"
	    DEFVAL { active }
	::= { ipRipFilterEntry 1 }

	ipRipFilterIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The index value which uniquely identifies the
		 local interface through which the next hop of this
		 route should be reached.  The interface identified
		 by a particular value of this index is the same
		 interface as identified by the same value of ifIndex."
	::= { ipRipFilterEntry 2 }

	ipRipFilterIpAddr OBJECT-TYPE
	    SYNTAX  IpAddress
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The IP-Address range affected by the filter operation.
		 Ranges are separately defined for import and export.
		 IP-Address ranges which are not matched by any filters
		 pass the filter stage unmodified. If this isn't intended
		 an additional filter must be defined to disable the
		 unmatched IP-Address range(s)."
	::= { ipRipFilterEntry 3 }

	ipRipFilterNetMask OBJECT-TYPE
	    SYNTAX  IpAddress
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"Indicate the mask to be logical-ANDed with the
		 ip-address before being compared to the value in the
		 ipRipFilterIpAddr field. If a subnet mask is not specified,
		 it will be set automatically according to the following table:

			Class A:    255.0.0.0

			Class B:    255.255.0.0

			Class C:    255.255.255.0

		 If the value of the ipRipFilterIpAddr is 0.0.0.0
		 (a default route) then a mask value of 0.0.0.0 matches
		 all IP-Addresses (normally used to disable all routes
		 as last rule in the chain).
		 An ipRipFilterIpAddr of 0.0.0.0 with a mask value of
		 255.255.255.255 matches (filters) the default route exactly.
		 Host routes are created by setting the subnet mask
		 to 255.255.255.255."
	::= { ipRipFilterEntry 4 }

	ipRipFilterPriority OBJECT-TYPE
	    SYNTAX  INTEGER (1..16)
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"If more than one filter matches the IP-Address range
		 this priority decides which filter to apply. 1 indictes
		 highest priority and 16 lowest priority"
	    DEFVAL { 1 }
	::= { ipRipFilterEntry 5 }

	ipRipFilterDirection OBJECT-TYPE
	    SYNTAX  INTEGER {
		import(1),
		export(2)
	    }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The direction the filter is defined for."
	    DEFVAL { import }
	::= { ipRipFilterEntry 6 }

	ipRipFilterDistribution OBJECT-TYPE
	    SYNTAX  INTEGER { enabled(1), disabled(2) }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"Include or exclude the IP-Address range from distribution."
	    DEFVAL { enabled }
	::= { ipRipFilterEntry 7 }

	ipRipFilterMetric1IfUpOffset OBJECT-TYPE
	    SYNTAX  INTEGER (-16..16)
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"Add 'ipRipFilterMetric1IfUpOffset' to metric1 during import
		 of this route if the operation status of this interface
		 is up. On export, add 'ipRipFilterMetric1IfUpOffset' to the
		 exported metric value if the operation status of this
		 interface is up."
	    DEFVAL { 0 }
	::= { ipRipFilterEntry 8 }

	ipRipFilterMetric1IfDormantOffset OBJECT-TYPE
	    SYNTAX  INTEGER (-16..16)
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"Add 'ipRipFilterMetric1IfDormantOffset' to metric1 during
		 import of this route if the operation status of this interface
		 is dormant. On export, add 'ipRipFilterMetric1IfDormantOffset'
		 to the exported metric value if the operation status of this
		 interface is dormant."
	    DEFVAL { 0 }
	::= { ipRipFilterEntry 9 }

-- **********************************************************************
-- *    ipIcmpTable  TABLE
-- **********************************************************************
-- The STATIC ipIcmp Table contains all extended configuration related to ICMP
ipIcmp OBJECT IDENTIFIER
    ::= { biboip 32 }

	ipIcmpSourceQuench OBJECT-TYPE
	    SYNTAX  INTEGER { enabled(1), disabled (2) }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
                 "enabled : If an IP packet is discarded due to congestion,
                            the system sends an ICMP 'Source-Quench' message
                            back to the originator of the packet.

                            For congestion-control/prevention, the system may
                            send ICMP 'Source-Quench' messages also.

                            This is the default behavior of the system.

                            The rate of ICMP 'Source Quench' messages is
                            limited to max. 1 message/s per originator.

		  disabled: system never sends ICMP 'Source-Quench' messages
                            (not for congestions nor for congestion-control).
                 "
	    DEFVAL { enabled }
	::= { ipIcmp 1 }

	ipIcmpTimeExceededTrans OBJECT-TYPE
	    SYNTAX  INTEGER { enabled(1), disabled (2) }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
                 "enabled : If an IP packet could not be delivered/forwarded
                            to destination due to packet TTL (Time to live) or
                            dialup-interface timeout, the packet is discarded
                            and the system sends an ICMP 'Time-Exceeded/Trans'
                            message back to the originator of the packet.

                            This is the default behavior of the system.

                  disabled: If an IP packet could not be delivered/forwarded
                            to destination due to packet TTL (Time to live) or
                            dialup-interface timeout, the packet is silently
                            discarded.

                            ICMP 'Time Exceeded/Trans' messages should be
                            disabled with care (only if really necessary),
                            because some usefull external tools based on
                            this protocol (e.g. 'traceroute').
                 "
	    DEFVAL { enabled }
	::= { ipIcmp 2 }

	ipIcmpTimeExceededFrag OBJECT-TYPE
	    SYNTAX  INTEGER { enabled(1), disabled (2) }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
                 "enabled : If an IP packet could not be delivered/forwarded
                            to destination due to fragment-reassembly timeout,
                            the system sends an ICMP 'Time-Exceeded/Fragment'
                            message back to the originator of the packet.

                            This is the default behavior of the system.

                  disabled: If an IP packet could not be delivered/forwarded
                            to destination due to fragment-reassembly timeout,
                            the IP packet is silently discarded.

                            ICMP 'Time Exceeded/Fragment' messages should be
                            disabled with care (only if really necessary).
                 "
	    DEFVAL { enabled }
	::= { ipIcmp 3 }

  	ipIcmpDestUnreachFrag OBJECT-TYPE
  	    SYNTAX  INTEGER { enabled(1), disabled (2) }
	    MAX-ACCESS  read-write
	    STATUS  current
  	    DESCRIPTION
                  "enabled : If an IP packet could not be delivered/forwarded
                             to destination due to MTU/Dont-Fragment error
                             (packet must be fragmented due to interface-MTU
                              but Dont-Fragment (DF) bit is set in IP header),
                             the IP packet is discarded and the system sends an
                             ICMP 'Destination-Unreachable/Fragment' message
                             back to the originator of the packet.

                             This is the default behavior of the system.

  		   disabled: If an IP packet could not be delivered/forwarded
                             to destination due to interface-MTU/DF-bit problem,
                             the packet is silently discarded.

                             ICMP 'Destination-UnreachableFragment' messages
                             should be disabled with care (only if really
                             necessary). Disabling of this ICMP messages
                             will make Path MTU Discovery impossible and
                             might lead to bad performance behaviours.
                   "
  	    DEFVAL { enabled }
  	::= { ipIcmp 4 }

  	ipIcmpDestUnreachHost OBJECT-TYPE
  	    SYNTAX  INTEGER { enabled(1), disabled (2) }
	    MAX-ACCESS  read-write
	    STATUS  current
  	    DESCRIPTION
                  "enabled : If an IP packet could not be delivered/forwarded
                             to destination due to routing errors (e.g. no
                             matching route exists, interface down/blocked),
                             the packet is discarded and the system sends an
                             ICMP 'Destination-Unreachable/Host' message
                             back to the originator of the packet.

                             This is the default behavior of the system.

                             (see ipIcmpDestUnreachHostTcp also)

  		   disabled: If an IP packet could not be delivered/forwarded
                             to destination due to routing errors (e.g. no
                             matching route exists, interface down/blocked),
                             the packet is silently discarded.

                             ICMP 'Destination-Unreachable/Host' messages
                             should be disabled with care (only if really
                             necessary).

                             The functionality of the virtual REFUSE-Interface
                             is NOT affected by this parameter - the system
                             will continue to send ICMP 'Dest-Unreachable/Host'
                             messages for all packets explicity routed to
                             this Interface (ifIndex 0).

                             The functionality of ipExtIfNatSilentDeny=disabled
                             is NOT affected by this parameter - the system
                             will continue to send ICMP 'Dest-Unreachable/Host'
                             messages for incoming IP-Packets that does not
                             pass the NAT barrier of NAT-enabled Interfaces.
                    "              
  	    DEFVAL { enabled }
  	::= { ipIcmp 5 }

  	ipIcmpDestUnreachHostTcp OBJECT-TYPE
  	    SYNTAX  INTEGER { tcp-rst(1), icmp(2) }
	    MAX-ACCESS  read-write
	    STATUS  current
  	    DESCRIPTION
                  "Set ICMP (Dest Unreachable/Host) behavior for TCP packets.

                   tcp-rst : If a TCP packet can not be delivered/forwarded
                             to destination (e.g. no matching route exists,
                             interface down/blocked), the TCP-Connection
                             is terminated by sending a TCP-RST message 
                             (a TCP packet with RST-bit set in TCP-header)
                             back to the originator of the packet.
  
                             This is the default behavior of the system.

                             The TCP RST message is send INSTEAD of an
                             ICMP 'Destination-Unreachable/Host' message.
                             If ipIcmpDestUnreachHost is set to disabled(2),
                             no TCP-RST message is sent back.
  
                      icmp : TCP traffic is handled like all other IP traffic.
                             (see description of ipIcmpDestUnreachHost)
                  "
  	    DEFVAL { tcp-rst }
  	::= { ipIcmp 6 }

  	ipIcmpDestUnreachProto OBJECT-TYPE
  	    SYNTAX  INTEGER { enabled(1), disabled (2) }
	    MAX-ACCESS  read-write
	    STATUS  current
  	    DESCRIPTION
  		  "enabled: If an IP packet addressed to local system could
                            not be handled due to unsupported protocol type
                            in IP packet-header (e.g. not TCP, UDP or ICMP),
                            the packet is discarded and the system sends an
                            ICMP 'Destination-Unreachable/Proto' message
                            back to the originator of the packet.

                            This is the default behavior of the system.

  		  disabled: If an IP packet addressed to local system could
                            not be handled due to unsupported protocol type
                            in IP packet-header (e.g. not TCP, UDP or ICMP),
                            the packet is silently discarded.

                            ICMP 'Destination-Unreachable/Proto' messages
                            should be disabled with care (only if really
                            necessary).
                  "
  	    DEFVAL { enabled }
  	::= { ipIcmp 7 }

  	ipIcmpEchoReply OBJECT-TYPE
  	    SYNTAX  INTEGER { enabled(1), disabled (2) }
	    MAX-ACCESS  read-write
	    STATUS  current
  	    DESCRIPTION
                  "enabled : each incoming ICMP 'Echo-Request' message
                             addressed to local system is answered with
                             an ICMP 'Echo-Reply' message.

                             This is the default behavior of the system.
                             
                   disabled: incoming ICMP 'Echo-Request' messages addressed
                             to local system are silently discarded.

                             ICMP 'Echo-Reply' messages should be disabled
                             with care (only if really necessary), because
                             some usefull external tools based on this
                             protocol (e.g. 'ping').
                             
                             local 'pings' to other system/routers are
                             not affected by this parameter.
                  "
  	    DEFVAL { enabled }
  	::= { ipIcmp 8 }

  	ipIcmpMaskReply OBJECT-TYPE
  	    SYNTAX  INTEGER { enabled(1), disabled (2) }
	    MAX-ACCESS  read-write
	    STATUS  current
  	    DESCRIPTION
                  "enabled : each incoming ICMP 'Mask-Request' message
                             addressed to local system is answered with
                             an ICMP 'Mask-Reply' message.

                             This is the default behavior of the system.
                             
                   disabled: incoming ICMP 'Mask-Request' messages addressed
                             to local system are silently discarded.

                             ICMP 'Echo-Mask' messages should be disabled
                             with care (only if really necessary), because
                             subnet-discovery based on this protocol.
                  "
  	    DEFVAL { enabled }
  	::= { ipIcmp 9 }

	ipIcmpTimestampReply OBJECT-TYPE
	    SYNTAX  INTEGER { enabled(1), disabled (2), extended (3) }
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		   "enabled : each incoming ICMP 'Timestamp' message
			      addressed to local system is answered with
			      an RFC792-compliant ICMP 'Timestamp-Reply'
			      message.

			      This is the default behavior of the system.

		    disabled: incoming ICMP 'Timestamp' messages addressed
			      to local system are silently discarded.

		    extended: if an incoming ICMP 'Timestamp' message
			      contains data appended after the three
			      timestamp fields (which is a deviation of
			      RFC792), the system replies with a modified
			      'Timestamp-Reply' message which contains a
			      copy of the received data appended after
			      the three timestamp fields. This behaviour
			      is not RFC792-compliant and should be reserved
			      for testing purposes.
		  "
	    DEFVAL { enabled }
	::= { ipIcmp 10 }

-- **********************************************************************
-- *    ipNatExpTable  TABLE
-- **********************************************************************

ipNatExpTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpNatExpEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "If NAT is switched on for an interface, this table contains
	     entries for expected sessions. Table entries are creates by 
	     the system whenever there is a need for a new incoming session.
	     Table entries are removed after timeout or if the expected
	     session is established."
	::= { biboip 34 }

	ipNatExpEntry OBJECT-TYPE
	    SYNTAX  IpNatExpEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		""
	    INDEX   { ipNatExpIfIndex }
	::= { ipNatExpTable 1 }

	IpNatExpEntry ::=
	    SEQUENCE {
		ipNatExpIfIndex				INTEGER,
		ipNatExpProtocol			INTEGER,
		ipNatExpIntAddr				IpAddress,
		ipNatExpIntPort				INTEGER,
		ipNatExpExtAddr				IpAddress,
		ipNatExpExtPort				INTEGER,
		ipNatExpRemoteAddr			IpAddress,
		ipNatExpExtPortType			INTEGER,
		ipNatExpRemotePort			INTEGER,
		ipNatExpTimeout				INTEGER
	    }

	ipNatExpIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the interface, for which the session
		 is expected. A value of 0 means ANY interface."
	::= { ipNatExpEntry 1 }

	ipNatExpProtocol OBJECT-TYPE
	    SYNTAX  INTEGER {
		icmp(1),
		igmp(2),
		tcp(6),
		udp(17),
		ipv6(41),
		gre(47),
		esp(50),
		ah(51),
		ospf(89),
		l2tp(115)
	    } 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the protocol, the expected session is using.
		"
	::= { ipNatExpEntry 2 }

	ipNatExpIntAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the internal local IP Address used for
		 the expected session.
		"
	::= { ipNatExpEntry 3 }

	ipNatExpIntPort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the internal local port-number used for
		 the expected session. A value of -1 means to copy the related
		 external port-number without any NAT-translation.
		"
	::= { ipNatExpEntry 4 }

	ipNatExpExtAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the external local address used for
		 the expected session. A value of 0.0.0.0 means ANY address.
		"
	::= { ipNatExpEntry 5 }

	ipNatExpExtPort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the external local port-number used for
		 the expected session. A value of -1 means ANY port-number.
		"
	::= { ipNatExpEntry 6 }

	ipNatExpRemoteAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the remote IP-address used for the
		 expected session. A value of 0.0.0.0 means ANY address.
		"
	::= { ipNatExpEntry 7 }

	ipNatExpExtPortType OBJECT-TYPE
	    SYNTAX  INTEGER { supplied(1), pool(2) } 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This field is used for NAT-internal signalling. Applications
		 shall set it to <supplied>. For automatically generated,
		 NAT-out-triggered entries, the system sets this field to
		 <pool> temporarily when the related ExtPort-entry is taken
		 from one of the pools and must be released again later.
		"
  	    DEFVAL { supplied }
	::= { ipNatExpEntry 8 }

	ipNatExpRemotePort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535)
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"This object specifies the remote port-number used for the
		 expected session. A value of -1 means ANY port number.
		"
	::= { ipNatExpEntry 9 }

	ipNatExpTimeout OBJECT-TYPE
	    SYNTAX  INTEGER (0..86400) 
	    UNITS   "seconds"
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"Set a specific Timeout in seconds for a new expected session.
		 A value of 0 means UNSPECIFIED (default-value is taken).
		"
  	    DEFVAL { 0 }
	::= { ipNatExpEntry 10 }

-- **********************************************************************
-- *    mcastFwdTable  TABLE
-- **********************************************************************
-- mcastFwdTable is used for simple multicast packet forwarding

mcastFwdTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF McastFwdEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "Entries in the Multicast Forwarding Table define a rule
	     where to forward packets with a specified multicast group address
	     to a dedicated destination interface."
	::= { biboip 53 }

        mcastFwdEntry OBJECT-TYPE
            SYNTAX  McastFwdEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
                    "An entry in the Multicast Forwarding Table."
            INDEX      { mcastFwdAddress }
            ::= { mcastFwdTable 1 }

        McastFwdEntry ::= SEQUENCE {
            mcastFwdAddress             IpAddress,
            mcastFwdSrcIfIndex          INTEGER,
            mcastFwdDestIfIndex         INTEGER,
            mcastFwdStatus              INTEGER 
        }

        mcastFwdAddress OBJECT-TYPE
            SYNTAX  IpAddress
            MAX-ACCESS  read-write
            STATUS  current 
            DESCRIPTION
                    "The multicast forwarding group address which will be forwarded.
                    The group address 224.0.0.0 may be used as a wildcard matching all addresses."
            ::= { mcastFwdEntry 1 }

        mcastFwdSrcIfIndex OBJECT-TYPE
            SYNTAX  INTEGER
            MAX-ACCESS  read-write
            STATUS  current 
            DESCRIPTION
                    "The source interface of incoming multicast packets."
            ::= { mcastFwdEntry 2 }

        mcastFwdDestIfIndex OBJECT-TYPE
            SYNTAX  INTEGER
            MAX-ACCESS  read-write
            STATUS  current 
            DESCRIPTION
                    "The destination interface where to forward multicast packets."
            ::= { mcastFwdEntry 3 }

        mcastFwdStatus OBJECT-TYPE
            SYNTAX  INTEGER { 
                active(1), 
                inactive(2),
                delete(3)
            } 
            MAX-ACCESS  read-write
            STATUS  current 
            DESCRIPTION
                    "The status of this entry."
            DEFVAL { 1 }
            ::= { mcastFwdEntry 4 }

-- **********************************************************************
-- *    ipNatExcludeTable  TABLE
-- **********************************************************************
-- ipNatExcludeTable is used for excluding some traffics from NAT processing

ipNatExcludeTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpNatExcludeEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "This table specifies the IP addresses and port numbers 
	     for sessions that must not be processed by NAT.		 

	     Entries in the table are created and removed manually
	     by network management."
	::= { biboip 60 }

	ipNatExcludeEntry OBJECT-TYPE
	    SYNTAX  IpNatExcludeEntry
	    MAX-ACCESS  not-accessible
	    STATUS  current
	    DESCRIPTION
		""
	    INDEX   {
		ipNatExIfIndex,
		ipNatExProtocol,
		ipNatExLocalPort,
		ipNatExRemotePort
	    }
	::= { ipNatExcludeTable 1 }

	IpNatExcludeEntry ::=
	    SEQUENCE {
		ipNatExIfIndex				INTEGER,
		ipNatExProtocol				INTEGER,
		ipNatExLocalAddr			IpAddress,
		ipNatExLocalMask			IpAddress,
		ipNatExLocalPort			INTEGER,
		ipNatExLocalPortRange			INTEGER,
		ipNatExRemoteAddr			IpAddress,
		ipNatExRemoteMask			IpAddress,
		ipNatExRemotePort			INTEGER,
		ipNatExRemotePortRange			INTEGER,
		ipNatExDescr				DisplayString,
		ipNatExAction				INTEGER
	    }

	ipNatExIfIndex OBJECT-TYPE
	    SYNTAX  INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the interface index, for which the
		 table entry shall be valid. If set to 0, the entry will
		 be valid for all interfaces configured to use NAT."
	::= { ipNatExcludeEntry 1 }

	ipNatExProtocol OBJECT-TYPE
	    SYNTAX  INTEGER { 
		icmp(1),
		igmp(2),
        	ggp(3),
        	ip(4),
		tcp(6),
        	egp(8),
        	igp(9),
        	pup(12),
        	chaos(16), 
		udp(17),
        	hmp(20),
        	xns-idp(22),
        	rdp(27),
		ipv6(41),
        	rsvp(46),
		gre(47),
		esp(50),
		ah(51),
        	tlsp(56),
        	skip(57),
        	kryptolan(65),
        	iso-ip(80),
        	igrp(88),
		ospf(89),
		ipinip(94),
        	ipx-in-ip(111),
        	vrrp(112),
		l2tp(115),
		any(255),
		delete(256)
	    } 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies the protocol, for which the table
		 entry shall be valid."
	    DEFVAL { any }
	::= { ipNatExcludeEntry 2 }

	ipNatExLocalAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatExLocalMask the set 
		 of IP addresses of local hosts involved in the communication. 
		 The table entry will be valid when the IP address of the 
		 local host lies in the range specified by both objects.
		 If both objects are set to 0.0.0.0, the table entry will 
		 be valid for any local host."
	::= { ipNatExcludeEntry 3 }

	ipNatExLocalMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatExLocalAddr the set 
		 of IP addresses of local hosts involved in the communication. 
		 The table entry will be valid when the IP address of the 
		 local host lies in the range specified by both objects.
		 If both objects are set to 0.0.0.0, the table entry will 
		 be valid for any local host."
	::= { ipNatExcludeEntry 4 }

	ipNatExLocalPort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatExLocalPortRange 
		 the range of local portnumbers, for which the table entry 
		 shall be valid. If both objects are set to -1, the entry is 
		 valid for all local portnumbers. If ipNatExLocalPortRange is 
		 set to -1, the entry is only valid when the local portnumber 
		 of a packet is equal to ipNatExLocalPort. Otherwise, the entry 
		 is valid if the local portnumber lies in the range 
		 ExLocalPort .. ExLocalPortRange."
	    DEFVAL { -1 }
	::= { ipNatExcludeEntry 5 }

	ipNatExLocalPortRange OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatExLocalPort 
		 the range of local portnumbers, for which the table entry 
		 shall be valid. If both objects are set to -1, the entry is 
		 valid for all local portnumbers. If ipNatExLocalPortRange is 
		 set to -1, the entry is only valid when the local portnumber 
		 of a packet is equal to ipNatExLocalPort. Otherwise, the entry 
		 is valid if the local portnumber lies in the range 
		 ExLocalPort .. ExLocalPortRange."
	    DEFVAL { -1 }
	::= { ipNatExcludeEntry 6 }

	ipNatExRemoteAddr OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatExRemoteMask the set 
		 of IP addresses of remote hosts involved in the communication. 
		 The table entry will be valid when the IP address of the 
		 remote host lies in the range specified by both objects.
		 If both objects are set to 0.0.0.0, the table entry will 
		 be valid for any remote host."
	::= { ipNatExcludeEntry 7 }

	ipNatExRemoteMask OBJECT-TYPE
	    SYNTAX  IpAddress 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatExRemoteAddr the set 
		 of IP addresses of remote hosts involved in the communication. 
		 The table entry will be valid when the IP address of the 
		 remote host lies in the range specified by both objects.
		 If both objects are set to 0.0.0.0, the table entry will 
		 be valid for any remote host."
	::= { ipNatExcludeEntry 8 }

	ipNatExRemotePort OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatExRemotePortRange 
		 the range of remote portnumbers, for which the table entry 
		 shall be valid. If both objects are set to -1, the entry is 
		 valid for all remote portnumbers. If ipNatExRemotePortRange is 
		 set to -1, the entry is only valid when the remote portnumber 
		 of a packet is equal to ipNatExRemotePort. Otherwise, the entry 
		 is valid if the remote portnumber lies in the range 
		 ExRemotePort .. ExRemotePortRange."
	    DEFVAL { -1 }
	::= { ipNatExcludeEntry 9 }

	ipNatExRemotePortRange OBJECT-TYPE
	    SYNTAX  INTEGER (-1..65535) 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"This object specifies together with ipNatExRemotePort 
		 the range of remote portnumbers, for which the table entry 
		 shall be valid. If both objects are set to -1, the entry is 
		 valid for all remote portnumbers. If ipNatExRemotePortRange is 
		 set to -1, the entry is only valid when the remote portnumber 
		 of a packet is equal to ipNatExRemotePort. Otherwise, the entry 
		 is valid if the remote portnumber lies in the range 
		 ExRemotePort .. ExRemotePortRange."
	    DEFVAL { -1 }
	::= { ipNatExcludeEntry 10 }

	ipNatExDescr OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"A textual string describing this NAT excluding rule."
	::= { ipNatExcludeEntry 11 }

        ipNatExAction OBJECT-TYPE
            SYNTAX  INTEGER {
                exclude(1),
                exclude-if-not(2)
            }
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
                "This object specifies which packets will be excluded from NAT 
		 processing. When set to 'exclude' (default value), any packet 
		 matching the parameters of the entry will be excluded from NAT 
		 processing. When set to 'exclude-if-not', any packet not 
		 matching the parameters of the entry will be excluded from NAT 
		 processing."
            DEFVAL { exclude }
        ::= { ipNatExcludeEntry 12 }

-- **********************************************************************
-- *    ipNatOutOperTable  TABLE
-- **********************************************************************
-- ipNatOutOperTable contains all policies considered for IP address translation

ipNatOutOperTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpNatOutOperEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "This table displays all currently active IP address translation
	     policies in 'outgoing' direction. It's similar to the former
	     defined ipNatOutTable.
	     Table entries are created:
	     - either by the IP subsystem itself due to the
    	       administratively-defined ipNatOutTable entries
	       (ipNatOutOperType_permanent(1))
	     - or by several subsystems whenever there is a need for such
	       non-static NAT policies (ipNatOutOperType_temporary(2))

	     Table entries are deleted:
	     - either by the IP subsystem itself due to the
    	       administratively-defined ipNatOutTable entries
	       (ipNatOutOperType_permanent(1))
	     - or by several subsystems whenever there is a need for such
	       non-static NAT policies (ipNatOutOperType_temporary(2))
	     - or, in case of non-permanent entries, by the administrator

    	     If no matching entry is found (neither in the IP address is
             set to the IP address defined on the interface configured for
             NAT. If a matching entry is found, the source IP address of
             outgoing IP packets is translated according to the couple
             'ipNatOutOperExtAddr /ipNatOutOperExtMask'.

             - If external IP address is a 'host IP address', the
               whole source IP address is mapped.
             - If external IP address is a 'net IP address', only
               the 'net part' of source IP address is affected.
             This table is only used if the outgoing address
             translation is activated (ipExtIfNatOutXlat)."
        ::= { biboip 61 }

        ipNatOutOperEntry OBJECT-TYPE
            SYNTAX  IpNatOutOperEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
                ""
            INDEX   {
                ipNatOutOperIfIndex,
                ipNatOutOperIntAddr,
                ipNatOutOperExtAddr
            }
        ::= { ipNatOutOperTable 1 }

        IpNatOutOperEntry ::=
            SEQUENCE {
                ipNatOutOperIfIndex                      INTEGER,
                ipNatOutOperProtocol                     INTEGER,
                ipNatOutOperRemoteAddr                   IpAddress,
                ipNatOutOperRemoteMask                   IpAddress,
                ipNatOutOperExtAddr                      IpAddress,
                ipNatOutOperRemotePort                   INTEGER,
                ipNatOutOperRemotePortRange              INTEGER,
                ipNatOutOperIntAddr                      IpAddress,
                ipNatOutOperIntMask                      IpAddress,
                ipNatOutOperIntPort                      INTEGER,
                ipNatOutOperExtPort                      INTEGER,
                ipNatOutOperExtMask                      IpAddress,
                ipNatOutOperTimeout                      INTEGER,
                ipNatOutOperType                         INTEGER,
        	ipNatOutOperNatCategory			 INTEGER,
                ipNatOutOperParent                       INTEGER,
                ipNatOutOperIntPortRange                 INTEGER,
                ipNatOutOperExtPortRange                 INTEGER
            }

        ipNatOutOperIfIndex OBJECT-TYPE
            SYNTAX  INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies the interface index, for which the
                 table entry shall be valid. If set to 0, the entry will
                 be valid for all interfaces configured to use NAT."
        ::= { ipNatOutOperEntry 1 }

        ipNatOutOperProtocol OBJECT-TYPE
            SYNTAX  INTEGER {
                icmp(1),
                igmp(2),
                ggp(3),
                ip(4),
                tcp(6),
                egp(8),
                igp(9),
                pup(12),
                chaos(16),
                udp(17),
                hmp(20),
                xns-idp(22),
                rdp(27),
                ipv6(41),
                rsvp(46),
                gre(47),
                esp(50),
                ah(51),
                tlsp(56),
                skip(57),
                kryptolan(65),
                iso-ip(80),
                igrp(88),
                ospf(89),
                ipip(94),
                ipx-in-ip(111),
                vrrp(112),
                l2tp(115),
                any(255)
            }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies the protocol, for which the table
                 entry shall be valid."
            DEFVAL { any }
        ::= { ipNatOutOperEntry 2 }

        ipNatOutOperRemoteAddr OBJECT-TYPE
            SYNTAX  IpAddress
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatOutOperRemoteMask
                 the set of target IP addresses for which the table entry is
                 valid. If both objects are set to 0.0.0.0, the table entry
                 will be valid for any target IP address."
        ::= { ipNatOutOperEntry 3 }

        ipNatOutOperRemoteMask OBJECT-TYPE
            SYNTAX  IpAddress
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatOutOperRemoteAddr
                 the set of target IP addresses for which the table entry is
                 valid. If both objects are set to 0.0.0.0, the table entry
                 will be valid for any target IP address."
        ::= { ipNatOutOperEntry 4 }

        ipNatOutOperExtAddr OBJECT-TYPE
            SYNTAX  IpAddress
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "With ipNatOutOperExtMask, this object specifies the external
                'IP address' or 'NET address' to which the internal IP address
                is mapped.

                - To map exactly to ipNatOutOperExtAddr (i.e. map to a single IP
                address), ipNatOutOperExtMask MUST be set to 255.255.255.255

                - To keep HOST part of source IP address and map only the
                NET part, ipNatOutOperExtMask MUST be the related subnet mask
                (and it should be the same as ipNatOutOperIntMask )."
        ::= { ipNatOutOperEntry 5 }

        ipNatOutOperRemotePort OBJECT-TYPE
            SYNTAX  INTEGER (-1..65535)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatOutRemotePortRange
                 the range of portnumbers for outgoing packets, for which the
                 table entry shall be valid. If both objects are set to -1, the
                 entry is valid for all portnumbers. If ipNatOutOperPortRange
                 is set to -1, the entry is only valid, when the portnumber
                 of an outgoing packet is equal to ipNatOutOperRemotePort.
                 Otherwise, the entry is valid, if the destination portnumber
                 lies in the range RemotePort .. RemotePortRange."
            DEFVAL { -1 }
        ::= { ipNatOutOperEntry 6 }

        ipNatOutOperRemotePortRange OBJECT-TYPE
            SYNTAX  INTEGER (-1..65535)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatOutOperRemotePort
                 the range of portnumbers for outgoing packets, for which the
                 table entry shall be valid. If both objects are set to -1, the
                 entry is valid for all portnumbers. If ipNatOutOperPortRange
                 is set to -1, the entry is only valid, when the portnumber
                 of an outgoing packet is equal to ipNatOutOperRemotePort.
                 Otherwise, the entry is valid, if the destination portnumber
                 lies in the range RemotePort .. RemotePortRange."
            DEFVAL { -1 }
        ::= { ipNatOutOperEntry 7 }

        ipNatOutOperIntAddr OBJECT-TYPE
            SYNTAX  IpAddress
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatOutOperIntMask
                 the internal hosts IP address for outgoing packets
                 matching the table entry. If both objects are set to
                 0.0.0.0, the table entry will be valid for any source
                 IP address."
        ::= { ipNatOutOperEntry 8 }

        ipNatOutOperIntMask OBJECT-TYPE
            SYNTAX  IpAddress
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatOutOperIntAddr
                 the internal hosts IP address for outgoing packets
                 matching the table entry. If both objects are set to
                 0.0.0.0, the table entry will be valid for any source
                 IP address."
        ::= { ipNatOutOperEntry 9 }

        ipNatOutOperIntPort OBJECT-TYPE
            SYNTAX  INTEGER (-1..65535)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies the internal source port for which the
                 table entry shall be valid. If this object is set to -1,
                 any internal source port matches this entry."
            DEFVAL { -1 }
        ::= { ipNatOutOperEntry 10 }

        ipNatOutOperExtPort OBJECT-TYPE
            SYNTAX  INTEGER (-1..65535)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object may be used to specify a fixed external source
                 port to which the internal source port is mapped.
                 If this object is set to -1, the port is mapped to the next
                 free source port available."
            DEFVAL { -1 }
        ::= { ipNatOutOperEntry 11 }

        ipNatOutOperExtMask OBJECT-TYPE
            SYNTAX  IpAddress
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "With ipNatOutOperExtAddr, this object specifies the external
                'IP address' or 'NET address' to which the internal IP address
                is mapped.

                - To map exactly to ipNatOutOperExtAddr (i.e. map to a single IP
                address), ipNatOutOperExtMask MUST be set to 255.255.255.255

                - To keep HOST part of source IP address and map only the
                NET part, ipNatOutOperExtMask MUST be the related subnet mask
                (and it should be the same as ipNatOutOperIntMask)."
            DEFVAL { 'ffffffff'h }
            --DEFVAL { 4294967295 }
        ::= { ipNatOutOperEntry 12 }

        ipNatOutOperTimeout OBJECT-TYPE
            SYNTAX  INTEGER (0..5184000)
	    UNITS   "seconds"
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "When there is no traffic associated with a NAT entry, this
                entry is discarded at the end of a timeout value. This object
                holds this timeout value in seconds. If set to the default
                value of 0, the timeout will be set to the value specified
                either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout,
                depending on the protocol."
            DEFVAL { 0 }
        ::= { ipNatOutOperEntry 13 }

        ipNatOutOperType OBJECT-TYPE
            SYNTAX  INTEGER {
                permanent(1),
                temporary(2),
                delete(3)
            }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "Specifies whether there is an associated ipNatOutTable entry
		 (permanent) or not (temporary). Note that entries with type
		 permanent (1) cannot be deleted by the administrator directly."
            DEFVAL { temporary }
        ::= { ipNatOutOperEntry 14 }

        ipNatOutOperNatCategory OBJECT-TYPE
            SYNTAX  INTEGER {
                full-cone(1),
                restricted-cone(2),
                port-restricted-cone(3),
                symmetric(4)
            }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "Specifies the NAT category according RFC 3489 and 5389
		 to be applied for UDP traffic matching with this entry."
            DEFVAL { symmetric }
	::= { ipNatOutOperEntry 16 }

        ipNatOutOperParent OBJECT-TYPE
            SYNTAX  INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "Row number of the associated ipNatOutTable entry."
            DEFVAL { 0 }
        ::= { ipNatOutOperEntry 15 }

        ipNatOutOperIntPortRange OBJECT-TYPE
            SYNTAX  INTEGER (-1..65535)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies together with ipNatOutOperIntPort the
		 internal source port range for which the table entry shall
		 be valid. If this object is set to -1, only ipNatOutOperIntPort
		 is used as selector for this entry."
            DEFVAL { -1 }
        ::= { ipNatOutOperEntry 17 }

        ipNatOutOperExtPortRange OBJECT-TYPE
            SYNTAX  INTEGER (-1..65535)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object may be used together with ipNatOutOperExtPort to
		 specify a fixed external source port number range to which
		 the internal source port numbers are mapped. This mapping
		 depends on the position of the original source port number
		 within the range specified by ipNatOutOperIntPort and
		 ipNatOutOperIntPortRange. If this object is set to -1, only
		 ipNatOutExtPort is considered for this entry."
            DEFVAL { -1 }
        ::= { ipNatOutOperEntry 18 }

-- **********************************************************************
-- *    ipNatPresetOperTable  TABLE
-- **********************************************************************
-- ipNatPresetOperTable contains all policies considered for IP address translation

ipNatPresetOperTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF IpNatPresetOperEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
	    "This table specifies the IP addresses and port numbers
	     for sessions requested from outside. If this table is
	     empty and NAT is enabled, only packets for sessions
	     initiated from inside are forwarded.
	     It's similar to the former defined ipNatPresetTable.

	     The IP address and the port number of the internal server
	     can be specified individually for each combination of
	     - protocol (udp/tcp/icmp)
	     - initiating hosts IP address (RemoteAddr, RemoteMask)
    	     - destination address or network (ExtAddr, ExtMask)
	     - destination port number or range (ExtPort, ExtPortRange)

	     Entries in the table are created:
	     - either by the IP subsystem itself due to the
	        administratively-defined ipNatPresetTable entries
                (ipNatPresetOperType_permanent(1))
             - or by several subsystems whenever there is a need for such
               non-static NAT policies (ipNatPresetOperType_temporary(2))

	     Entries are deleted:
	     - either by the IP subsystem itself due to the
    	       administratively-defined ipNatPresetTable entries
	       (ipNatPresetOperType_permanent(1))
	     - or by several subsystems whenever there is a need for such
	       non-static NAT policies (ipNatPresetOperType_temporary(2))
	     - or, in case of non-permanent entries, by the administrator."
        ::= { biboip 63 }

        ipNatPresetOperEntry OBJECT-TYPE
            SYNTAX  IpNatPresetOperEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
                ""
            INDEX   {
                ipNatPrOperIfIndex,
                ipNatPrOperProtocol,
                ipNatPrOperExtPort
            }
            ::= { ipNatPresetOperTable 1 }

        IpNatPresetOperEntry ::=
            SEQUENCE {
                ipNatPrOperIfIndex				INTEGER,
                ipNatPrOperProtocol				INTEGER,
                ipNatPrOperRemoteAddr			IpAddress,
                ipNatPrOperRemoteMask			IpAddress,
                ipNatPrOperExtAddr				IpAddress,
                ipNatPrOperExtMask				IpAddress,
                ipNatPrOperExtPort				INTEGER,
                ipNatPrOperExtPortRange			INTEGER,
                ipNatPrOperIntAddr				IpAddress,
                ipNatPrOperIntPort				INTEGER,
                ipNatPrOperIntMask				IpAddress,
                ipNatPrOperTimeout				INTEGER,
                ipNatPrOperTcpOption				BITS,
                ipNatPrOperType					INTEGER,
                ipNatPrOperParent				INTEGER
            }

        ipNatPrOperIfIndex OBJECT-TYPE
            SYNTAX  INTEGER 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies the interface index, for which the
                table entry shall be valid. If set to 0, the entry will
                be valid for all interfaces configured to use NAT."
            ::= { ipNatPresetOperEntry 1 }

        ipNatPrOperProtocol OBJECT-TYPE
            SYNTAX  INTEGER { 
                icmp(1),
                igmp(2),
                ggp(3),
                ip(4),
                tcp(6),
                egp(8),
                igp(9),
                pup(12),
                chaos(16), 
                udp(17),
                hmp(20),
                xns-idp(22),
                rdp(27),
                ipv6(41),
                rsvp(46),
                gre(47),
                esp(50),
                ah(51),
                tlsp(56),
                skip(57),
                kryptolan(65),
                iso-ip(80),
                igrp(88),
                ospf(89),
                ipinip(94),
                ipx-in-ip(111),
                vrrp(112),
                l2tp(115),
                any(255),
                delete(256)
            } 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies the protocol, for which the table
                entry shall be valid."
            DEFVAL { any }
            ::= { ipNatPresetOperEntry 2 }

        ipNatPrOperRemoteAddr OBJECT-TYPE
            SYNTAX  IpAddress 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatPrOperRemoteMask the
                the set of IP addresses of remote hosts initiating a
                session. The table entry will be valid for an incoming
                packet, when the IP adress of the remote host initiating 
                the session lies in the range specified by both objects.
                If both objects are set to 0.0.0.0, the table entry will
                be valid for any remote host."
            ::= { ipNatPresetOperEntry 3 }

        ipNatPrOperRemoteMask OBJECT-TYPE
            SYNTAX  IpAddress 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatPrOperRemoteAddr
                the set of IP addresses of remote hosts initiating the
                session. The table entry will be valid for an incoming
                packet, when the IP adress of the remote host initiating 
                the session lies in the range specified by both objects.
                If both objects are set to 0.0.0.0, the table entry will
                be valid for any remote host."
            ::= { ipNatPresetOperEntry 4 }

        ipNatPrOperExtAddr OBJECT-TYPE
            SYNTAX  IpAddress 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatPrOperExtMask the
                set of destination IP addresses, for which the table entry
                shall be valid. The entry is valid, if the target IP address
                of an incoming IP packet lies in the range specified by both
                objects.

                If both objects are set to 0.0.0.0, the table entry will
                be valid for any IP address."
            ::= { ipNatPresetOperEntry 5 }

        ipNatPrOperExtMask OBJECT-TYPE
            SYNTAX  IpAddress 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatPrOperExtAddr the
                set of destination IP addresses, for which the table entry
                shall be valid. The entry is valid, if the target IP address
                of an incoming packet lies in the range specified by both
		objects.

                If both objects are set to 0.0.0.0, the table entry will
                be valid for any IP address."
            ::= { ipNatPresetOperEntry 6 }

        ipNatPrOperExtPort OBJECT-TYPE
            SYNTAX  INTEGER (-1..65535) 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatPrOperExtPortRange
                the range of portnumbers for incoming packets, for which the
                table entry shall be valid. If both objects are set to -1, the
                entry is valid for all portnumbers. If ipNatPrOperPortRange
                is set to -1, the entry is only valid, when the destination
                portnumber of an incoming packet is equal to ipNatPrOperExtPort.
                Otherwise, the entry is valid, if the destination portnumber
                lies in the range ExtPort .. ExtPortRange."
            DEFVAL { -1 }
            ::= { ipNatPresetOperEntry 7 }

        ipNatPrOperExtPortRange OBJECT-TYPE
            SYNTAX  INTEGER (-1..65535) 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies together with ipNatPrOperExtPort the
                range of portnumbers for incoming packets, for which the table
                entry shall be valid. If both objects are set to -1, the
                entry is valid for all portnumbers. If ipNatPrOperPortRange
                is set to -1, the entry is only valid, when the destination
                portnumber of an incoming packet is equal to ipNatPrOperExtPort.
                Otherwise, the entry is valid, if the destination portnumber
                lies in the range ExtPort .. ExtPortRange."
            DEFVAL { -1 }
            ::= { ipNatPresetOperEntry 8 }

        ipNatPrOperIntAddr OBJECT-TYPE
            SYNTAX  IpAddress 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "With ipNatPrOperIntMask, this object specifies the internal
                target host's IP address for incoming packets matching the table
		entry.

                An incoming packet matching this entry will be routed to the
                internal server specified by this object and ipNatPrOperIntMask.

                If this object is set to 0.0.0.0, the target host will be
                the original target host in the incoming packet.
                No translation of the IP-addresses takes place in this case.

                If ipNatPrOperIntMask is set to 255.255.255.255, the internal 
                server IP address is ipNatPrOperIntAddr.

                If ipNatPrOperIntMask is a subnet mask, the internal server 
                IP address is the incoming one in which the NET part is mapped
                according to 'ipNatPrOperIntAddr / ipNatPrOperIntMask'."
            ::= { ipNatPresetOperEntry 9 }

        ipNatPrOperIntPort OBJECT-TYPE
            SYNTAX  INTEGER (-1..65535) 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "This object specifies the internal target host's port-number
                for incoming packets matching the table entry. If this
                object is set to -1, the target portnumber will be
                taken from the original incoming packet.
                No translation of the portnumber will take place in this
                case. If the set of portnumbers for this table entry is
                a range instead of a single portnumber, this object will
                specify the base of the target range of portnumbers. The
                internal portnumber will be constructed as follows:

                    new-target-port := old-target-port
                                        - ipNatPrOperExtPort
                                        + ipNatPrOperIntPort
                "
            DEFVAL { -1 }
            ::= { ipNatPresetOperEntry 10 }

        ipNatPrOperIntMask OBJECT-TYPE
            SYNTAX  IpAddress 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "With ipNatPrOperIntAddr, this object specifies the internal
                target host's IP address for incoming packets matching the
		table entry.

                An incoming packet matching this entry will be routed to the
                internal server specified by this object and ipNatPrOperIntMask.

                If this object is set to 255.255.255.255, the internal 
                server IP address is ipNatPrOperIntAddr.

                If this object is a subnet mask, the internal server 
                IP address is the incoming one in which the NET part is mapped
                according to 'ipNatPrOperIntAddr / ipNatPrOperIntMask'."
                DEFVAL { 'ffffffff'h }
            --DEFVAL { 4294967295 }
            ::= { ipNatPresetOperEntry 11 }

        ipNatPrOperTimeout OBJECT-TYPE
            SYNTAX  INTEGER (0..5184000) 
	    UNITS   "seconds"
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "When there is no traffic associated with a NAT entry, this 
                entry is discarded at the end of a timeout value. This object 
                holds this timeout value in seconds. If set to the default 
                value of 0, the timeout will be set to the value specified 
                either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout, 
                depending on the protocol."
            DEFVAL { 0 }
            ::= { ipNatPresetOperEntry 12 }

        ipNatPrOperTcpOption OBJECT-TYPE
            SYNTAX  BITS             {
	    	pathFinder(0)
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "Additional selector, increases the prossible granularity of
		 the TCP-related NAT preset rules. This parameter doesn't
		 matter if not set, in all other cases initial TCP SYN
		 messages without the associated TCP option will be ignored,
		 possible settings:
		 - pathFinder(0)	proprietary NCP pathfinder option
		"
            DEFVAL { 0 }
            ::= { ipNatPresetOperEntry 13 }

        ipNatPrOperType OBJECT-TYPE
            SYNTAX  INTEGER {
                        permanent(1),
                        temporary(2),
                        delete(3)
                    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "Specifies whether there is an associated ipNatPrestTable
		 entry (permanent) or not (temporary). Note that entries 
		 with type permanent (1) cannot be deleted by the
		 administrator directly."
            DEFVAL { temporary }
            ::= { ipNatPresetOperEntry 14 }

        ipNatPrOperParent OBJECT-TYPE
            SYNTAX  INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
                "Row number of the associated ipNatPresetTable entry."
            DEFVAL { 0 }
            ::= { ipNatPresetOperEntry 15 }

	ipWolRuleTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpWolRuleEntry
            ACCESS  not-accessible
            STATUS  mandatory
            DESCRIPTION
		"The ipWolRuleTable defines access rules for checking incoming
		IP packets. The rules are processed in order, i.e. each rule
                has a link to the next rule. The set of rules is processed
                until a match occurs, that means the rule's associated filter 
 	        matches and the specified action is performed (either send a 
	        Wake-On-LAN packet via Ethernet or via UDP). The last rule is
	        implicitly a deny rule. The set of rules to be processed can be
	        defined	for each interface."
	::= { biboip 67 }

	ipWolRuleEntry OBJECT-TYPE
            SYNTAX  IpWolRuleEntry
            ACCESS  not-accessible
            STATUS  mandatory
            DESCRIPTION
		""
	    INDEX   {
		ipWolRuleFilterIndex
	    }
            ::= { ipWolRuleTable 1 }

	IpWolRuleEntry ::=
            SEQUENCE {
		ipWolRuleIndex		INTEGER,
		ipWolRuleFilterIndex	INTEGER,
		ipWolRuleAction		INTEGER,
	        ipWolRuleNextRuleIndex	INTEGER,
	        ipWolRuleWolType        INTEGER,
	        ipWolRuleTarget		MacAddress,
		ipWolRulePassword	DisplayString,
		ipWolRuleDescr		DisplayString,
		ipWolRuleTargetIfIndex	INTEGER
            }
	
	ipWolRuleIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            ACCESS  read-only
            STATUS  mandatory

            DESCRIPTION
		 "Unique rule index."
	    ::= { ipWolRuleEntry 1 }
	    
	ipWolRuleFilterIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    ACCESS read-write
	    STATUS mandatory
	    
	    DESCRIPTION
	    "References the rule's associated filter."
	::= { ipWolRuleEntry 2 }
	    
	ipWolRuleAction OBJECT-TYPE
	    SYNTAX INTEGER {
		invoke(1),		-- invoke WoL if filter matches
		invoke-if-not(2),	-- invoke if filter not matches
		deny(3),		-- deny WoL if filter matches
		deny-if-not(4),		-- deny WoL if filter not matches
		ignore(5),		-- ignore rule and skip to next rule
		delete(6)		-- delete the entry from the table
	    }
            ACCESS  read-write
            STATUS  mandatory
            DESCRIPTION
		"This object specifies the action to be performed if the
		 rule's associated filter matches. If set to ignore the
		 filter is not consulted and the next rule is processed
	         immediately.
	      
 	  	 invoke,		 invoke WoL if filter matches
		 invoke-if-not,	         invoke if filter not matches
		 deny,			 deny WoL if filter matches
		 deny-if-not,		 deny WoL if filter not matches
		 ignore,		 ignore rule and skip to next rule
	         delete			 delete the entry from the table
	      "
	    DEFVAL { invoke }
	::= { ipWolRuleEntry 3 }
	    
	ipWolRuleNextRuleIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    ACCESS read-write
	    STATUS mandatory
	    
	    DESCRIPTION
		"Specifies the next rule to be processed. The value 0
		 is used to mark the end of the rule set."
	::= { ipWolRuleEntry 4 }

        ipWolRuleWolType OBJECT-TYPE
	    SYNTAX INTEGER {
	      ether(1),
	      udp(2)
	    }
	    ACCESS read-write
	    STATUS mandatory
	    DESCRIPTION
	        "Which Wake-On-LAN standard should be used."
	    DEFVAL { ether }
	    ::= { ipWolRuleEntry 5 }
	    
	ipWolRuleTarget OBJECT-TYPE
	    SYNTAX MacAddress
	    ACCESS read-write
	    STATUS mandatory
	    DESCRIPTION
	        "The mac address of the interface to be woken up."
	::= { ipWolRuleEntry 6 }

	ipWolRulePassword OBJECT-TYPE
	    SYNTAX DisplayString (SIZE (0..6))
	    ACCESS read-write
	    STATUS mandatory
	    DESCRIPTION
	        "Wake-On-LAN password. The password length is either 0,
		 4 or 6."
	::= { ipWolRuleEntry 7 }

	ipWolRuleDescr OBJECT-TYPE
	    SYNTAX  DisplayString (SIZE (0..255))
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"A textual string describing this Wake-On-LAN rule."
	::= { ipWolRuleEntry 8 }

	ipWolRuleTargetIfIndex OBJECT-TYPE
	    SYNTAX INTEGER 
	    MAX-ACCESS  read-write
	    STATUS  current
	    DESCRIPTION
		"The index value which uniquely identifies Wake-On-LAN
		 outbound interface."
	::= { ipWolRuleEntry 9 }

END
