-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00


---------------------------------------------------------------------------
-- (C)opyright 2006-2014 bintec elmeg GmbH
-- $RCSfile: mib-ipsec,v $
-- $Revision: 1.39 $
-- $Date: 2014-02-07 11:21:02 $
---------------------------------------------------------------------------

FEC-IPSEC-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, enterprises, 
    IpAddress, TimeTicks, Counter32, snmpModules, mib-2, Unsigned32, Counter64
        FROM SNMPv2-SMI
    DisplayString, TestAndIncr, TimeStamp
        FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF
    ipsec, Date, HexValue, BitValue
        FROM BINTEC-MIB
    InetAddressIPv6 
        FROM INET-ADDRESS-MIB;
 
	    
---------------------------------------------------------------------------

ipsecMIB MODULE-IDENTITY
    LAST-UPDATED "201308120000Z"
    ORGANIZATION "bintec elmeg GmbH"
    CONTACT-INFO "EMail:   info@bintec-elmeg.com
                  Web:     www.bintec-elmeg.com"
    DESCRIPTION  "Vendor specific Management Information for the IPSec Subsystem"

    ::= { ipsec 250 }

---------------------------------------------------------------------------


-- Global IPSec Settings

	ipsecGlobals OBJECT IDENTIFIER  ::= { ipsec 1 }
	--Static table containing global settings for IPSec


	ipsecGlobPeerIndex OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Index of first IPsec peer in ipsecPeerTable.
		 If this object is set to a Value <= 0, IPSec is switched
		 explicitly off. If the peer referenced by this object does not
		 exist in the table, all packets will be dropped."
	::= { ipsecGlobals 1 }

	ipsecGlobEnabled OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- IPSec enabled
		false(2) 	-- IPSec disabled
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Enables/disables IPSec globally."
	    DEFVAL { false }
	::= { ipsecGlobals 41 }

	ipsecGlobDefaultAuthMethod OBJECT-TYPE
	    SYNTAX INTEGER {
		pre-sh-key(1), 	-- Authentication using pre shared keys
		dss-sig(2), 	-- Authentication using DSS signatures
		rsa-sig(3), 	-- Authentication using RSA signatures
		rsa-enc(4)	-- Authentication using RSA encryption
	    }
            MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"This object specifies the authentication method used by default. 
		 If the ipsecPeerAuthMethod field of an ipsecPeerEntry and the
		 ikePropAuthMethod field of the ikeProposalTableEntry used are
		 set to 'default', this value is assumed.
		  Possible values:
		   pre-sh-key(1), -- Authentication using pre shared keys
		   dss-sig(2),	  -- Authentication using DSS signatures
		   rsa-sig(3),	  -- Authentication using RSA signatures
		   rsa-enc(4)	  -- Authentication using RSA encryption."
	::= { ipsecGlobals 2 }

	ipsecGlobDefaultCertificate OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"The index of the default certificate in the certTable used for 
		 local authentication for ike keyed rules with non 
		 pre-shared-key authentication. This may be overwritten by the 
		 certificate specified for the individual ipsec peers."
	::= { ipsecGlobals 3 }

	ipsecGlobDefaultLocalId OBJECT-TYPE
	    SYNTAX DisplayString
            MAX-ACCESS  read-only
            STATUS  current
	    DESCRIPTION
		"The default ID used for local authentication for ike keyed 
		 rules.  If this is an empty or invaid id string one of the
		 subject alternative names or the subject name from the default
		 certificate is used. This does not relpace an empty local
		 id string for an IPsec peer with a valid certificate. The
		 subject name or one of the subject alternative names from this 
		 certificate is used then"
	::= { ipsecGlobals 4 }

	ipsecGlobDefaultIpsecProposal OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Index of default ipsec proposal used for traffic entries with 
		 empty ipsec proposal, defined for peers with empty default 
		 ipsec proposal."
	::= { ipsecGlobals 5 }

	ipsecGlobDefaultIkeProposal OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Index of default ike proposal used for peers with empty default
		 ike proposal."
	::= { ipsecGlobals 6 }

	ipsecGlobDefaultIpsecLifeTime OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "seconds"
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Index of default lifetime for ike SA's in ipsecLifeTimeTable.
		 This lifetime is used, when there is no valid lifetime entry
		 specified for an IPsec peer entry."
	::= { ipsecGlobals 7 }

	ipsecGlobDefaultIkeLifeTime OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "seconds"
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies an index in the ipsecLifeTimeTable with the 
		 default lifetime settings used for IKE SA's.
		 This lifetime is used whenever there is no valid lifetime entry 
		 specified for a peer entry and the IKE proposal used."
	::= { ipsecGlobals 8 }

	ipsecGlobDefaultIkeGroup OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Index of default IKE group used if no IKE group is defined for a peer.
		  Possible values:
		    1 (768 bit MODP), 
		    2 (1024 bit MODP), 
		    5 (1536 bit MODP)."
	    DEFVAL { 1 }
	::= { ipsecGlobals 9 }

	ipsecGlobIkeProfile OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies the default IKE (phase 1) profile
		 to use."
	    DEFVAL { 0 }
	::= { ipsecGlobals 39 }

	ipsecGlobIpsecProfile OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies the default IPSec (phase 2) profile
		 to use."
	    DEFVAL { 0 }
	::= { ipsecGlobals 40 }

	ipsecGlobMaxSysLogLevel OBJECT-TYPE
	    SYNTAX  INTEGER { 
		emerg(1), 
		alert(2), 
		crit(3), 
		err(4), 
		warning(5), 
		notice(6), 
		info(7), 
		debug(8) 
	    } 
	    MAX-ACCESS  read-write
	    STATUS  current
            DESCRIPTION
		"Maximum level for syslog messages issued by IPSec. All
		 messages with a level higher than this value are suppressed, 
		 independently from other global syslog level settings.
		  Possible settings:
		   emerg(1), 
		   alert(2), 
		   crit(3), 
		   err(4), 
		   warning(5), 
		   notice(6), 
		   info(7), 
		   debug(8)."
	    DEFVAL { debug }
	::= { ipsecGlobals 10 }

	ipsecGlobDefaultGranularity OBJECT-TYPE
	    SYNTAX INTEGER {
		coarse(2),	-- Create only one SA for each Traffic entry
		ip(3),		-- Create one SA for each host
		proto(4),	-- Create one SA for each protocol and host
		port(5)		-- Create one SA for each port and host
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies the default granularity used
		 for IPSEC SA negotiation.
		  Possible values:
		   coarse(2),	-- Create only one SA for each Traffic entry
		   ip(3),	-- Create one SA for each host
		   proto(4),	-- Create one SA for each protocol and host
		   port(5)	-- Create one SA for each port and host."
	    DEFVAL { coarse }
	::= { ipsecGlobals 11 }

	ipsecGlobDefaultPh1Mode OBJECT-TYPE
	    SYNTAX INTEGER {
		id-protect(1),	-- Use identity protection (main) mode 
		aggressive(2) 	-- Use aggressive mode
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies the default exchange mode used for IKE
		 SA negotiation.
		  Possible values:
		   id-protect(1),	-- Use identity protection (main) mode 
		   aggressive(2) 	-- Use aggressive mode."
	    DEFVAL { id-protect }
	::= { ipsecGlobals 12 }

	ipsecGlobDefaultPfsGroup OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies the PFS group to use.
		 PFS is done only for phase 2, i.e. the Phase 1 SAs are not 
		 deleted after phase 2 negotiation is completed.
		 Note however, that if the peer has configured PFS for
		 identity and destroys phase 1 SAs, this side will also 
		 destroy them when notified.
		  Possible values:
		    0 (no PFS)
		    1 (768 bit MODP), 
		    2 (1024 bit MODP), 
		    5 (1536 bit MODP)."
	::= { ipsecGlobals 13 }

	ipsecGlobIkePort OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the port the IKE key management service
		listens to."
	    DEFVAL { 500 }
	::= { ipsecGlobals 20 }


	ipsecGlobMaxRetries OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum number of retries sent by IKE
		for one message."
	DEFVAL { 10 }
	::= { ipsecGlobals 21 }

	ipsecGlobRetryTimeout0milli OBJECT-TYPE
	    SYNTAX INTEGER 
	    UNITS  "milliseconds"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the period of time in milliseconds before
		 an IKE message is repeated for the first time if the answer is
		 missing. After each retry, this timeout is increased up to the
		 value specified in ipsecGlobRetryTimeoutMaxsec."
	    DEFVAL { 500 }
	::= { ipsecGlobals 22 }

	ipsecGlobRetryTimeoutMaxsec OBJECT-TYPE
	    SYNTAX INTEGER 
	    UNITS  "seconds"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum period of time in seconds
		 before an IKE message is repeated if the answer is missing. The
		 retry timeout is not increased beyond this limit."
	    DEFVAL { 30 }
	::= { ipsecGlobals 23 }

	ipsecGlobMaxNegotiationTimeoutsec OBJECT-TYPE
	    SYNTAX INTEGER 
	    UNITS  "seconds"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum number of seconds after which
		 a negotiation is canceled if it is not finished."
	    DEFVAL { 300 }
	::= { ipsecGlobals 24 }

	ipsecGlobMaxIkeSas OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum number of simultaneous ISAKMP
		 Security associations allowed. If this limit is reached, the
		 entries are removed from the database, starting with the ones
		 that will expire very soon. If that is not enough, the entries
		 are deleted in reverse LRU order."
	    DEFVAL { 512 }
	::= { ipsecGlobals 25 }

	ipsecGlobIgnoreCrPayloads OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- ignore all certificate requests
		false(2)	-- process certificate request payloads
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether certificate request payloads
		 should be ignored by IKE.
		  Possible values:
		   true(1), 	-- ignore all certificate requests
		   false(2)	-- process certificate request payloads."
	    DEFVAL { false } 
	::= { ipsecGlobals 29 }

	ipsecGlobNoCrPayloads OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- suppress certificate requests
		false(2)	-- send certificate requests
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether IKE should suppress certificate
		 requests. 
		  Possible values:
		   true(1), 	-- suppress certificate requests
		   false(2)	-- send certificate requests."
	    DEFVAL { false } 
	::= { ipsecGlobals 30 }

	ipsecGlobNoKeyHashPayloads OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- do not send key hash payloads
		false(2)	-- send key hash payloads
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether IKE should suppress key hash
		 payloads.
		  Possible values:
		   true(1), 	-- suppress key hash payloads
		   false(2)	-- send key hash payloads."
	    DEFVAL { false } 
	::= { ipsecGlobals 31 }

	ipsecGlobNoCrls OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- do not send certificate revocation lists
		false(2)	-- send certificate revocation lists
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether IKE should send certificate
		 revocation lists.
		  Possible values:
		   true(1), 	-- do not send certificate revocation lists
		   false(2)	-- send certificate revocation lists."
	    DEFVAL { true } 
	::= { ipsecGlobals 32 }

	ipsecGlobSendFullCertChains OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- send full certificate chains
		false(2)	-- do not send full certificate chains
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether IKE should send full certificate
		 chains.
		  Possible values:
		   true(1), 	-- send full certificate chains
		   false(2)	-- do not send full certificate chains."
	    DEFVAL { true } 
	::= { ipsecGlobals 33 }

	ipsecGlobTrustIcmpMsg OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- trust ICMP messages
		false(2)	-- do not trust ICMP messages
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether IKE should trust icmp port and
		 host unreachable error messages. ICMP port and host unreachable
		 messages are only trusted if there have not yet been received
		 any datagrams from the remote host in this negotiation.
		 This means, if the local side receives an ICMP port or host 
		 unreachable message as the first response to the initial packet 
		 of a new phase 1 negotiation, it cancels the negotiation 
		 immediately.
		  Possible values:
		   true(1), 	-- trust ICMP messages
		   false(2)	-- do not trust ICMP messages."
	    DEFVAL { false } 
	::= { ipsecGlobals 34 }

	ipsecGlobSpiSize OBJECT-TYPE
	    SYNTAX INTEGER 
	    UNITS  "bytes"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"A compatibility flag that specifies the length of the SPI in
		 bytes, which is used when an ISAKMP SA SPI (Cookie) is sent to 
		 the remote peer. 
		 This field takes effect only if ipsecGlobZeroIsakmpCookies
		 is true."
	    DEFVAL { 32 } 
	::= { ipsecGlobals 35 }

	ipsecGlobZeroIsakmpCookies OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), -- send zero cookies in ISAKMP messages
		false(2) -- send ISAKMP cookies
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether zeroed ISAKMP cookies should be
		sent.
		  Possible Values:
		   true(1), -- send zero cookies in ISAKMP messages
		   false(2) -- send ISAKMP cookies."
	    DEFVAL { false } 
	::= { ipsecGlobals 36 }

	ipsecGlobMaxKeyLength OBJECT-TYPE
	    SYNTAX INTEGER 
	    UNITS  "bits"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum length of an encryption key
		 (in bits) that is accepted from the remote end. This limit
		 prevents denial of service attacks where the attacker asks for
		 a huge key for an encryption algorithm that allows variable
		 length keys."
	    DEFVAL { 1024 } 
	::= { ipsecGlobals 37 }

	ipsecGlobNoInitialContact OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), -- do not send initial contact messages
		false(2) -- send initial contact messages if appropriate
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Do not send IKE initial contact messages in IKE negotiations
		 even if no SA's exist with a peer.
		  Possible values:
		   true(1), -- do not send initial contact messages
		   false(2) -- send initial contact messages if appropriate."
	    DEFVAL { false } 
	::= { ipsecGlobals 38 }

	ipsecGlobBlockTimeout OBJECT-TYPE
	    SYNTAX INTEGER (1..3600)
	    UNITS  "seconds"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"For peers with nonzero block time, the value of this object is 
		 used instead of ipsecGlobMaxNegotiationTimeoutSec."
	    DEFVAL { 15 }
	::= { ipsecGlobals 42 }

	ipsecGlobDPDIdleThreshold OBJECT-TYPE
	    SYNTAX INTEGER (1..3600)
	    UNITS  "seconds"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"The minimum idle time period after which a dpd request is sent."
	    DEFVAL { 15 }
	::= { ipsecGlobals 43 }

	ipsecGlobDPDMaxRetries OBJECT-TYPE
	    SYNTAX INTEGER (1..10)
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"The number of DPD retries sent before a peer is considered dead."
	    DEFVAL { 3 }
	::= { ipsecGlobals 44 }

	ipsecGlobDPDRetryTimeout OBJECT-TYPE
	    SYNTAX INTEGER (1..10)
	    UNITS  "seconds"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"The number of seconds between retries."
	    DEFVAL { 2 }
	::= { ipsecGlobals 45 }

	ipsecGlobIkev2Enabled OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- IKEv2 enabled
		false(2) 	-- IKEv2 disabled
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Enables/disables IKEv2 globally."
	    DEFVAL { true }
	::= { ipsecGlobals 46 }


-- End Global IPSec Settings



-- Second Table With Global IPSec Settings

	ipsecGlobalsContinued OBJECT IDENTIFIER  ::= { ipsec 11 }
	-- Second static table containing global settings for IPSec


	ipsecGlobContPreIpsecRules OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies an index in the IPsec traffic
		 table containing a list of traffic definitions which
		 has to be considered prior to the traffic lists of
		 the IPSec peers in IPSec traffic processing.  
		 It may contain either pass or drop entries (protect entries
		 are ignored, if erroneously configured)."
	    DEFVAL { 0 }
	::= { ipsecGlobalsContinued 1 }

	ipsecGlobContPostIpsecRules OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies an index in the IPsec traffic
		 table containing a list of traffic definitions which
		 has to be considered after the traffic lists of
		 the IPSec peers in IPSec traffic processing.  
		 It may contain either pass or drop entries (protect entries
		 are ignored, if erroneously configured)."
	    DEFVAL { 0 }
	::= { ipsecGlobalsContinued 11 }

	ipsecGlobContDefaultRule OBJECT-TYPE
	    SYNTAX INTEGER {
		   drop(1), -- drop all packets
		   pass(2)  -- allow all packets pass plain
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies how to treat packets which do not match
		 any entry in the traffic lists of the active peers or the 
		 pre-and post IPSec rules.
		  Possible values:
		   drop(1), -- drop all packets
		   pass(2)  -- allow all packets pass plain."
            DEFVAL { drop }
	::= { ipsecGlobalsContinued 2 }

	ipsecGlobContUse32BitCpi OBJECT-TYPE
	    SYNTAX INTEGER {
		   true(1),  -- send CPI as 32 bit numbers
		   false(2)  -- send CPI as 16 bit numbers
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether the CPI values in IKE IPComP 
		 negotiations should be sent as 16 bit numbers.
		  Possible values:
		   true(1),  -- send CPI as 32 bit numbers
		   false(2)  -- send CPI as 16 bit numbers."
            DEFVAL { false }
	::= { ipsecGlobalsContinued 4 }

	ipsecGlobContNoWellKnownCpis OBJECT-TYPE
	    SYNTAX INTEGER {
		   true(1),  -- do not use the well known cpi values
		   false(2)  -- use the well known cpi values
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether the well known CPI values 
		 should be used in IKE IPComP negotiations. If set to true, 
		 IKE will allocate random CPI values from the negotiable 
		 range 256-61439.
		  Possible values:
		   true(1),  -- do not use the well known cpi values
		   false(2)  -- use the well known cpi values."
            DEFVAL { false }
	::= { ipsecGlobalsContinued 5 }

	ipsecGlobContNoPmtuDiscovery OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1),  -- do not perform PMTU discovery
		false(2)  -- perform PMTU discovery
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies the default PMTU discovery policy 
		 if the ipsecPeerPmtuDiscovery flag is set to default.
		  Possible values:
		   true(1),  -- do not perform PMTU discovery
		   false(2)  -- perform PMTU discovery."
            DEFVAL { true }
	::= { ipsecGlobalsContinued 7 }

	ipsecGlobContDefaultPmtuTtl OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "minutes"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the time-to-live (in minutes) of a
		 PMTU value derived from an ICMP PMTU message
		 received for an IPSec packet. After this time, the mtu is
		 increased step-by-step using the values from RFC 1191 until
		 a new ICMP PMTU message is received. A ttl value of 0 means
		 infinite."
            DEFVAL { 10 }
	::= { ipsecGlobalsContinued 8 }

	ipsecGlobContPrivateInterface OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the index of the systems' private 
		 interface. If the private interface is set (i.e. non-negative),
		 certain address spoofing attacks are made impossible from IPSec
		 itself."
            DEFVAL { -1 }
	::= { ipsecGlobalsContinued 9 }

	ipsecGlobContSaSyncInterface OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- delete SAs
		false(2)	-- do not delete SAs
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies whether IKE and IPSec SA's should be
		 are deleted if the interface over which the packets are 
		 initially sent is going down or dormant
		  Possible values:
		   true(1), 	-- delete SAs
		   false(2)	-- do not delete SAs."
	    DEFVAL { false }
	::= { ipsecGlobalsContinued 10 }

	ipsecGlobContDefaultPfsIdentity OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- delete phase 1 SAs 
		false(2)	-- do not delete phase 1 SAs
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies whether IKE SA's should be deleted
		 immediately after a phase 2 (IPSec-) SA pair has been 
		 negotiated.
		 It may be overridden by the individual settings for a peer 
		 entry, if the ipsecPeerPfsIdentity is not set to 'default'.
		 The consequence of enabling this feature is that before each 
		 phase 2 negotiation there always has to be a phase 1
		 negotiation. Thus individual phase 2 SAs cannot be
		 associated with one another or, respectively, if the
		 identity of a remote peer is known to an eavesdropper
		 for one SA, he cannot conclude that the next SA is
		 negotiated with the same remote peer. 
		 Note: Setting this flag only makes sense if configured
		 together with id-protect mode or RSA encryption for
		 authentication and if the IP address of the remote
		 peer does not allow conclusions about its identity
		 (i.e. dynamic remote peer addresses).
		  Possible values:
		   true(1), 	-- delete phase 1 SAs
		   false(2)	-- do not delete phase 1 SAs."
	    DEFVAL { false }
	::= { ipsecGlobalsContinued 12 }

	ipsecGlobContPfsIdentityDelay OBJECT-TYPE
	    SYNTAX INTEGER 
	    UNITS  "seconds"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the number of seconds to wait before 
		 deleting the underlying phase 1 SA after a Phase 2 SA has 
		 been established, if PFS for identity is configured."
	    DEFVAL { 8 }
	::= { ipsecGlobalsContinued 15 }

	ipsecGlobContIkeLoggingLevel OBJECT-TYPE
	    SYNTAX INTEGER (0..127)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the IKE logging level.
		 IKE log messages are output as syslog messages on level debug.
		 Note that the global syslog table level must be set to debug 
		 in order to see these messages.
		  Possible values:
		        0: no IKE log messages
		   ...  3: IKE error output
		   ...  6: IKE trace output
		   ...  9: IKE detailed results output
		   10 ...: hexdumps of IKE messages."
	    DEFVAL { 0 }
	::= { ipsecGlobalsContinued 13 }

	ipsecGlobContHeartbeatDefault OBJECT-TYPE
	    SYNTAX INTEGER {
		none(1),        -- neither send nor expect heartbeats
		expect(2), 	-- expect heartbeats
		send(3),        -- send heartbeats
		both(4)		-- send and expect heartbeats
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies whether heartbeats should be sent 
		 over phase 1 SAs (not used for IPv6).
		  Possible values:
		   none(1),     -- neither send nor expect heartbeats
		   expect(2), 	-- expect heartbeats
		   send(3),     -- send heartbeats
		   both(4)	-- send and expect heartbeats."
	    DEFVAL { none }
	::= { ipsecGlobalsContinued 16 }

	ipsecGlobContHeartbeatInterval OBJECT-TYPE
	    SYNTAX INTEGER (1..900)
	    UNITS  "seconds"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the time interval in seconds between 
		 heartbeats. At this rate heartbeats are sent and/or 
		 expected if configured (not used for IPv6)."
	    DEFVAL { 5 }
	::= { ipsecGlobalsContinued 17 }

	ipsecGlobContHeartbeatTolerance OBJECT-TYPE
	    SYNTAX INTEGER (1..900)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the maximum number of missing heartbeats
		 allowed before an SA is discarded (not used for IPv6)."
	    DEFVAL { 4 }
	::= { ipsecGlobalsContinued 18 }

	ipsecGlobContDialBlockTime OBJECT-TYPE
	    SYNTAX INTEGER (-1..43200)
	    UNITS  "minutes"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Amount of time in minutes how long an ipsecDial entry remains
		 in state blocked-for-outgoing after a cost producing trigger
		 call was detected. Given value denotes time in minutes.
		 Special value -1 means to block entry until unblocked manually
		 by deactivating entry and reactivating it afterwards.
		 Default value is -1."
	    DEFVAL { -1 }
	::= { ipsecGlobalsContinued 14 }

	ipsecGlobContObsoleteFeatureMask OBJECT-TYPE
	    SYNTAX  BitValue 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Some obsolete features are represented by a bit in this mask
		 and could be re-enabled for testing or compatibility purpose.
		 A mask-bit of 1 enable the approprate (obsolete) feature.
		 A mask-bit of 0 disable the appropriate feature completely.

		 Bit         Feature
		 0x00000001: re-enable delayed apf-graph-node-memory free
		 0x00000002: tbd.

		 The default-value is 0 - all obsolete features are disabled.
		 Do not change this default-value if not really necessary"
	    DEFVAL { 0 } 
	::= { ipsecGlobalsContinued 66 }

	ipsecGlobContP1Always OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled (1),	-- always rekey phase 1 if phase 2 is rekeyed
		disabled (2)	-- rekey phase 1 only if necessary
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether a phase 1 rekeying is always
		 done immediately before phase 2 rekeying.
		 Note this is different from pfs for identity because the
		 latter discards the phase 1 SA immediately after phase 2
		 establishment.
		 This feature is mainly a compatibility flag for some
		 non-standard implementations which always expect a phase 1 SA
		 if a phase 2 SA exists. Please also select a longer lifetime
		 for phase 1 than phase 2 then."
	    DEFVAL { disabled } 
	::= { ipsecGlobalsContinued 69 }

	ipsecGlobContHwAccel OBJECT-TYPE
	    SYNTAX INTEGER {
		yes (1),
		no (2)
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Enables/disables usage of encryption engine."
	    DEFVAL { yes } 
	::= { ipsecGlobalsContinued 70 }

	ipsecGlobContSupportVarKeyLength4Twofish OBJECT-TYPE
	    SYNTAX INTEGER {
		yes (1),
		no (2)
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Enables/disables support of variable key sizes for the
		 Twofish algorithm. Note that the Twofish related settings
		 within the ipsecAlgorithmTable will be synchronized
		 accordingly. If set to no (2) the system will act in the
		 backward compatibility mode. This setting might be necessary
		 in some dedicated cases in order to avoid IKE negotiation
		 problems."
	    DEFVAL { yes } 
	::= { ipsecGlobalsContinued 71 }

	ipsecGlobContIkev2Profile OBJECT-TYPE
	    SYNTAX  Unsigned32
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies the default IKE_SA profile to use 
		 (only for IKEv2). If set to 0 no profile is configured
		 as default."
	    DEFVAL { 0 }
	::= { ipsecGlobalsContinued 72 }

	ipsecGlobContMaxIkev2Sas OBJECT-TYPE
	    SYNTAX INTEGER  (1..100000) 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum number of simultaneous IKEv2
		 Security associations allowed. If this limit is reached, the
		 entries are removed from the database, starting with the ones
		 that will expire very soon. If that is not enough, the entries
		 are deleted in reverse LRU order."
	    DEFVAL { 512 }
	::= { ipsecGlobalsContinued 73 }

	ipsecGlobContPathFinder OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled (1),
		disabled (2)
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Enables/disables the IPSec pathfinder mode, that means
		 all the traffic (IKE, ESP and AH) is embedded within a
		 pseudo HTTPS session between the peers (similar to the
		 NAT-T mode)."
	    DEFVAL { disabled } 
	::= { ipsecGlobalsContinued 74 }

    ipsecGlobContXauthTimeout OBJECT-TYPE
	    SYNTAX INTEGER (10..600)
	    UNITS  "seconds"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"If an extended authentication is requested, this is
		 the time (in seconds) the device will wait for response. A useful
		 value is important when username and password are entered manually
		 by the user."
	    DEFVAL { 120 }
	::= { ipsecGlobalsContinued 75 }

-- End Second Table With Global IPSec Settings

-- IPSec RADIUS settings Table
	ipsecRadius OBJECT IDENTIFIER  ::= { ipsec 13 }
	-- Table with RADIUS settings for IPSec

	ipsecRadiusPresetState OBJECT-TYPE
	    SYNTAX INTEGER {
		not-loaded(1),  -- RADIUS preset peers are not loaded
		loading(2), 	-- RADIUS preset peers are currently loaded
		loaded(3),  	-- RADIUS preset peers have been loaded
		reloading(4)	-- RADIUS preset peers are currently reloaded
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object shows the status of the RADIUS preset peers load 
		 process."
	    DEFVAL { not-loaded }
	::= { ipsecRadius 1 }

	ipsecRadiusPresetPeers OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"The number of RADIUS preset peers currently loaded."
	::= { ipsecRadius 2 }

	ipsecRadiusDynamicAuthentication OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled(1),	-- dynamic authentication via RADIUS enabled
		disabled(2)	-- dynamic authentication via RADIUS disabled
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object enables/disables dynamic authentication via RADIUS.
		 If no peer has been found matching an incoming IKE negotiation,
		 the configured RADIUS servers are consulted (if any)."
	    DEFVAL { disabled }
	::= { ipsecRadius 3 }

-- End global IPSec Radius settings


-- IPSec Security Associations Table

	ipsecSaTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecSaEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of currently active IPSec security
		 associations."
	::= { ipsec 3 }

	ipsecSaEntry OBJECT-TYPE
            SYNTAX  IpsecSaEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an IPSec security association."
	    INDEX   {
		ipsecSaSecProto, 
		ipsecSaSpi
	    }
            ::= { ipsecSaTable 1 }

	IpsecSaEntry ::=
            SEQUENCE {
		ipsecSaIndex			INTEGER,
		ipsecSaState			INTEGER,
		ipsecSaDir			INTEGER,
		ipsecSaMode			INTEGER,
		ipsecSaSecProto			INTEGER,
		ipsecSaSpi			HexValue,
		ipsecSaAuthAlg			INTEGER,
		ipsecSaEncAlg			INTEGER,
		ipsecSaCompAlg			INTEGER,
		ipsecSaAuthKeyLen		INTEGER,
		ipsecSaEncKeyLen		INTEGER,
		ipsecSaReplayErrors		INTEGER,
		ipsecSaRecvErrors		INTEGER, 
		ipsecSaDecryptErrors		INTEGER,
		ipsecSaBundle			INTEGER,
		ipsecSaBundleNesting		INTEGER,
		ipsecSaSpiSize			INTEGER,
		ipsecSaEncKey 			OCTET STRING,
		ipsecSaAuthKey			OCTET STRING,
		ipsecSaIkeMajVersion		INTEGER, 
		ipsecSaIkeMinVersion		INTEGER
            }

	ipsecSaIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "A unique index for this entry."
	::= { ipsecSaEntry 1 }

	ipsecSaState OBJECT-TYPE
	    SYNTAX INTEGER {
		expired(2),	-- The SA is expired and will not be rekeyed
		negotiating(4), -- This SA is currently negotiated
		established(5)	-- The SA is alive and will eventually be rekeyed
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"The current state of the security association
		  Possible values:
		   alive(1),	  -- The SA is alive
		   expired(2),	  -- The SA is expired
		   negotiating(4),-- This SA is currently negotiated
		   established(5) -- The SA is alive and will eventually be 
				     rekeyed."
	    DEFVAL { negotiating }
	::= { ipsecSaEntry 3 }

	ipsecSaDir OBJECT-TYPE
	    SYNTAX INTEGER {
		inbound(1),	-- An inbound security association
		outbound(2)	-- An outbound security association
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies whether the SA is used for inbound or
		 outbound processing.
		  Possible values:
		   inbound(1),	-- An inbound security association
		   outbound(2)	-- An outbound security association."
	::= { ipsecSaEntry 5 }

	ipsecSaMode OBJECT-TYPE
	    SYNTAX INTEGER {
		tunnel(1),	-- A tunnel mode SA
		transport(2)	-- A transport mode SA
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies whether the SA is in tunnel or 
		 transport mode.
		  Possible values:
		   tunnel(1),	-- A tunnel mode SA
		   transport(2)	-- A transport mode SA."
	::= { ipsecSaEntry 6 }

	ipsecSaSecProto OBJECT-TYPE
	    SYNTAX INTEGER {
		esp(50),	-- Encapsulating Security Payload
		ah(51),		-- Authentication Header
		ipcomp(108)	-- Internet Payload Compression Protocol
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies the security protocol applied by this SA.
		  Possible values:
		   esp(50),	-- Encapsulating Security Payload
		   ah(51),	-- Authentication Header
		   ipcomp(108)	-- Internet Payload Compression Protocol."
	::= { ipsecSaEntry 7 }

	ipsecSaSpi OBJECT-TYPE
	    SYNTAX HexValue
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The Security Parameters Index of this SA."
	::= { ipsecSaEntry 17 }

	ipsecSaAuthAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		none(2),	-- No hash algorithm
		md5-96(4),	-- The MD5 hash algorithm
		sha1-96(6)	-- The Secure Hash Algorithm
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The hash algorithm used, if any.
		  Possible Values:
		   none(2),	   -- No hash algorithm applied
		   md5-96(4),	   -- The MD5 hash algorithm
		   sha1-96(6)	   -- The Secure Hash Algorithm."
	::= { ipsecSaEntry 18 }

	ipsecSaEncAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		none(1),	  -- No encryption applied
		des-cbc(2), 	  -- DES in CBC mode
		des3-cbc(3), 	  -- Triple DES in CBC mode
		blowfish-cbc(4),  -- Blowfish in CBC mode
		cast128-cbc(5),   -- CAST with 128 bit key in CBC mode
		twofish-cbc(6),   -- Twofish in CBC mode
		aes-cbc(7)   	  -- AES in CBC mode
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The encryption algorithm used, if any.
		  Possible Values:
		   none(1),	      -- No encryption applied
		   des-cbc(2),	      -- DES in CBC mode
		   des3-cbc(3),       -- Triple DES in CBC mode
		   blowfish-cbc(4),   -- Blowfish in CBC mode
		   cast128-cbc(5),    -- CAST with 128 bit key in CBC mode
		   twofish-cbc(6),    -- Twofish in CBC mode
		   aes-cbc(7)         -- AES in CBC mode."
	::= { ipsecSaEntry 19 }

	ipsecSaCompAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		none(2),	  -- No compression
		deflate(3) 	  -- DEFLATE compression algorithm
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The compression algorithm used, if any.
		  Possible Values:
		   none(1),	  -- No compression
		   deflate(2) 	  -- DEFLATE compression algorithm."
	    DEFVAL { none }
	::= { ipsecSaEntry 20 }

	ipsecSaAuthKeyLen OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "bytes"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The length in bytes of the key used for authentication,
		 if any."
	::= { ipsecSaEntry 21 }

	ipsecSaEncKeyLen OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "bytes"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The length in bytes of the key used for encryption, if any."
	::= { ipsecSaEntry 22 }

	ipsecSaReplayErrors OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of replayed packets detected for this SA."
	::= { ipsecSaEntry 33 }

	ipsecSaRecvErrors OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of receive errors (replayed packets not counted)
		 detected for this SA."
	::= { ipsecSaEntry 34 }

	ipsecSaDecryptErrors OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of decryption errors (ESP only) detected for 
		 this SA."
	::= { ipsecSaEntry 35 }

	ipsecSaBundle OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"unique id of SA-bundle within this SA is used."
	::= { ipsecSaEntry 39 }

	ipsecSaBundleNesting OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"place of SA within SA-Bundle."
	::= { ipsecSaEntry 40 }

	ipsecSaSpiSize OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "bytes"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The size of the SPI in bytes."
	::= { ipsecSaEntry 45 }

	ipsecSaEncKey OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS not-accessible
	    STATUS current
	    DESCRIPTION
		""
	::= { ipsecSaEntry 64 }

	ipsecSaAuthKey OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS not-accessible
	    STATUS current
	    DESCRIPTION
		""
	::= { ipsecSaEntry 65 }

	ipsecSaIkeMajVersion OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The IKE major version number."
	    DEFVAL { 1 }
	::= { ipsecSaEntry 66 }

	ipsecSaIkeMinVersion OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The IKE minor version number."
	    DEFVAL { 0 }
	::= { ipsecSaEntry 67 }

-- End IPSec Security Associations Table


-- IPSec SA Bundle Table

	ipsecBundleTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecBundleEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of currently active IPSec security
		 associations."
	::= { ipsec 16 }

	ipsecBundleEntry OBJECT-TYPE
            SYNTAX  IpsecBundleEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an IPSec security association."
	    INDEX   {
		ipsecBundleIndex
	    }
            ::= { ipsecBundleTable 1 }

	IpsecBundleEntry ::=
            SEQUENCE {
		ipsecBundleIndex		INTEGER,
		ipsecBundlePeerIndex 		INTEGER,
		ipsecBundleTrafficIndex 	INTEGER,
		ipsecBundleState		INTEGER,
		ipsecBundleNumSas		INTEGER,
		ipsecBundleRole			INTEGER,
		ipsecBundleRekeyedBundle	INTEGER,
		ipsecBundleRekeyingBundle	INTEGER,
		ipsecBundleLastStateChange	TimeTicks,
		ipsecBundleHeartbeatsEnabled	INTEGER,
		ipsecBundleCreator		INTEGER,
		ipsecBundleTunnelLocal		IpAddress,
		ipsecBundleTunnelRemote		IpAddress,
		ipsecBundlePmtuDiscovery	INTEGER,
		ipsecBundleKeepAlive		INTEGER,
		ipsecBundleVerifyPad		INTEGER,
		ipsecBundleLifeSeconds		Unsigned32,
		ipsecBundleLifeKBytes		Unsigned32,
		ipsecBundleRekeySeconds		INTEGER,
		ipsecBundleRekeyKBytes		INTEGER,
		ipsecBundleProto		INTEGER,
		ipsecBundleLocalAddress		IpAddress,
		ipsecBundleLocalMaskLen		INTEGER,
		ipsecBundleLocalRange		IpAddress,
		ipsecBundleLocalPort		INTEGER,
		ipsecBundleRemoteAddress	IpAddress,
		ipsecBundleRemoteMaskLen	INTEGER,
		ipsecBundleRemoteRange		IpAddress,
		ipsecBundleRemotePort		INTEGER,
		ipsecBundleInPkt		Counter64,
		ipsecBundleInHb			Counter64,
		ipsecBundleInBytes		Counter64,
		ipsecBundleInBytesNetto		Counter64,
		ipsecBundleOutPkt		Counter64,
		ipsecBundleOutHb		Counter64,
		ipsecBundleOutBytes		Counter64,
		ipsecBundleOutBytesNetto	Counter64,
		ipsecBundleNatT                 INTEGER,
		ipsecBundleNatOaLocal		IpAddress,
		ipsecBundleNatOaRemote		IpAddress,
		ipsecBundleIkeMajVersion	INTEGER, 
		ipsecBundleIkeMinVersion	INTEGER
            }

	ipsecBundleIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "A unique index for this entry."
	::= { ipsecBundleEntry 1 }

	ipsecBundlePeerIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The index of the peer for which this bundle was created."
	::= { ipsecBundleEntry 5 }

	ipsecBundleTrafficIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The index of the traffic entry for which this bundle was created."
	::= { ipsecBundleEntry 6 }

	ipsecBundleState OBJECT-TYPE
	    SYNTAX INTEGER {
		established(1),		-- The bundle is alive
		expired(2),		-- The bundle is expired
		delete (3), 		-- Mark this bundle for deletion
		negotiating(4),		-- This bundle is currently negotiated
		rekeyed(5),		-- Rekeying of bundle succeeded
		heartbeat-lost(6),	-- Heartbeat receive timeout
		failed(7)		-- The negotiation failed
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"The current state of the bundle
		  Possible values:
		   established(1),	  -- The bundle is alive
		   expired(2),	  	  -- The bundle is expired
		   delete (3),	  	  -- Mark this bundle for deletion
		   negotiating(4),	  -- This bundle is currently negotiated
		   rekeyed(5),	  	  -- Rekeying of bundle succeeded
		   heartbeat-lost(6),	  -- Heartbeat receive timeout
		   failed(7)	  	  -- The negotiation failed."
	    DEFVAL { negotiating }
	::= { ipsecBundleEntry 7 }

	ipsecBundleNumSas OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of SAs contained in this bundle."
	::= { ipsecBundleEntry 8 }

	ipsecBundleRole OBJECT-TYPE
	    SYNTAX INTEGER {
		initiator(1), 	-- this end initiated the negotiation
		responder(2)	-- the remote end initiated the negotiation
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies by which side the SA bundle
		 negotiation was initiated.
		  Possible values:
		   initiator(1), -- this end initiated the negotiation 
		   responder(2)  -- the remote end initiated the negotiation."
	::= { ipsecBundleEntry 9 }

	ipsecBundleRekeyedBundle OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object indicates upon rekeying, which bundle (actually
		 its BundleIndex) is going to be replaced by that one."
	::= { ipsecBundleEntry 10 }

	ipsecBundleRekeyingBundle OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object indicates upon rekeying, which bundle (actually
		 its BundleIndex) is going to replace that one."
	::= { ipsecBundleEntry 11 }

	ipsecBundleLastStateChange OBJECT-TYPE
	    SYNTAX TimeTicks
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object indicates the time in time ticks from system start
		 by which the state of this bundle entry was changed last. 
		 To determine the absolute time, the current sysUpTime must be 
		 subtracted from this value."
	::= { ipsecBundleEntry 12 }

	ipsecBundleHeartbeatsEnabled OBJECT-TYPE
	    SYNTAX INTEGER {
		none(1),        -- neither sending nor expecting heartbeats
		expect(2), 	-- expecting heartbeats
		send(3),        -- sending heartbeats
		both(4)		-- sending and expecting heartbeats
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies whether heartbeats are sent and/or
		 expected over this bundle.
		  Possible values:
		   none(1),     -- neither sending nor expecting heartbeats
		   expect(2), 	-- expecting heartbeats
		   send(3),     -- sending heartbeats
		   both(4)	-- sending and expecting heartbeats."
	::= { ipsecBundleEntry 13 }

	ipsecBundleCreator OBJECT-TYPE
	    SYNTAX INTEGER {
		manual(1), -- A manually keyed IPSec SA bundle
		ike(2)	   -- An automatically keyed SA bundle created by IKE
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies how the SA was created
		  Possible values:
		   manual(1),-- A manually keyed IPSec SA bundle
		   ike(2)    -- An automatically keyed SA bundle created by IKE."
	::= { ipsecBundleEntry 14 }

	ipsecBundleTunnelLocal OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
 		"The local IP address of the outer packet header. For
 		 transport mode bundles this address is the same as the
 		 ipsecBundleLocalAddress."
	::= { ipsecBundleEntry 15 }

	ipsecBundleTunnelRemote OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote IP address of the outer packet header. For
		 transport mode bundles, this address is the same as the
		 ipsecBundleRemoteAddress."
	::= { ipsecBundleEntry 16 }

	ipsecBundlePmtuDiscovery OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled(2),  -- copy DF bit from original packet; propagate PMTU
		disabled(1)  -- clear DF bit in IPSec packet; 
			     -- fragment if necessary
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the initialization of the DF bit in 
		 outgoing IPSec packets for this bundle. It decides whether
		 PMTU discovery is propagated over the IPSec tunnel or not.
		  Possible values:
		  enabled(1), -- copy DF bit from original packet; propagate PMTU
		  disabled(2) -- clear DF bit in IPSec packet; 
			      -- fragment if necessary."
	::= { ipsecBundleEntry 17 }

	ipsecBundleKeepAlive OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), -- rekey even if no traffic was processed by this bundle
	        false(2) -- rekey only if at least one packet was processed
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the circumstances under which this SA 
		 bundle will be rekeyed.
		  Possible values:
		   true(1), -- rekey even if no traffic was processed
	           false(2) -- rekey only if at least one packet was processed."
	::= { ipsecBundleEntry 18 }

	ipsecBundleVerifyPad OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1),	-- normal, self-describing ESP padding
	        false(2) 	-- old style ESP padding
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the kind of padding expected for ESP SAs 
		 within this bundle.
		  Possible values:
		   true(1),	-- normal, self-describing ESP padding
	           false(2) 	-- old style ESP padding."
	::= { ipsecBundleEntry 19 }

	ipsecBundleLifeSeconds OBJECT-TYPE
	    SYNTAX Unsigned32
	    UNITS  "seconds"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The period in seconds after which this bundle will be destroyed."
	::= { ipsecBundleEntry 20 }

	ipsecBundleLifeKBytes OBJECT-TYPE
	    SYNTAX Unsigned32
	    UNITS  "kilo bytes"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The amount of data allowed to be protected by this bundle until
		 it is destroyed (ipsecBundleOutBytes or ipecBundleOutBytes)."
	::= { ipsecBundleEntry 21 }

	ipsecBundleRekeySeconds OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "seconds"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The period in seconds after which this bundle will be rekeyed."
	::= { ipsecBundleEntry 22 }

	ipsecBundleRekeyKBytes OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "kilo bytes"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The amount of data allowed to be protected by this bundle until
		 it is rekeyed (ipsecBundleOutBytes or ipecBundleOutBytes)."
	::= { ipsecBundleEntry 23 }

	ipsecBundleProto OBJECT-TYPE
	    SYNTAX 	INTEGER {
	        icmp(1), 
		igmp(2), 
		ggp(3), 
		ipip(4), 
		st(5), 
		tcp(6), 
		cbt(7), 
		egp(8), 
		igp(9), 
		bbn(10), 
		nvp(11), 
		pup(12), 
		argus(13), 
		emcon(14), 
		xnet(15), 
		chaos(16), 
		udp(17), 
		mux(18), 
		dcn(19), 
		hmp(20), 
		prm(21), 
		xns(22), 
		trunk1(23), 
		trunk2(24), 
		leaf1(25), 
		leaf2(26), 
		rdp(27), 
		irtp(28), 
		isotp4(29), 
		netblt(30), 
		mfe(31), 
		merit(32), 
		sep(33), 
		pc3(34), 
		idpr(35), 
		xtp(36), 
		ddp(37), 
		idprc(38), 
		tp(39), 
		il(40), 
		ipv6(41), 
		sdrp(42), 
		ipv6route(43), 
		ipv6frag(44), 
		idrp(45), 
		rsvp(46), 
		gre(47), 
		mhrp(48), 
		bna(49), 
		esp(50), 
		ah(51), 
		inlsp(52), 
		swipe(53), 
		narp(54), 
		mobile(55), 
		tlsp(56), 
		skip(57), 
		ipv6icmp(58), 
		ipv6nonxt(59), 
		ipv6opts(60), 
		ipproto-61(61), 
		cftp(62), 
		local(63), 
		sat(64), 
		kryptolan(65), 
		rvd(66), 
		ippc(67), 
		distfs(68), 
		satmon(69), 
		visa(70), 
		ipcv(71), 
		cpnx(72), 
		cphb(73), 
		wsn(74), 
		pvp(75), 
		brsatmon(76), 
		sunnd(77), 
		wbmon(78), 
		wbexpak(79), 
		isoip(80), 
		vmtp(81), 
		securevmtp(82), 
		vines(83), 
		ttp(84), 
		nsfnet(85), 
		dgp(86), 
		tcf(87), 
		eigrp(88), 
		ospfigp(89), 
		sprite(90), 
		larp(91), 
		mtp(92), 
		ax25(93), 
		ipwip(94), 
		micp(95), 
		scc(96), 
		etherip(97), 
		encap(98), 
		encrypt(99), 
		gmtp(100), 
		ifmp(101), 
		pnni(102), 
		pim(103), 
		aris(104), 
		scps(105), 
		qnx(106), 
		an(107), 
		ippcp(108), 
		snp(109), 
		compaq(110), 
		ipxip(111), 
		vrrp(112), 
		pgm(113), 
		hop0(114), 
		l2tp(115), 
		ipproto-116(116), 
		ipproto-117(117), 
		ipproto-118(118), 
		ipproto-119(119), 
		ipproto-120(120), 
		ipproto-121(121), 
		ipproto-122(122), 
		ipproto-123(123), 
		ipproto-124(124), 
		ipproto-125(125), 
		ipproto-126(126), 
		ipproto-127(127), 
		ipproto-128(128), 
		ipproto-129(129), 
		ipproto-130(130), 
		ipproto-131(131), 
		ipproto-132(132), 
		ipproto-133(133), 
		ipproto-134(134), 
		ipproto-135(135), 
		ipproto-136(136), 
		ipproto-137(137), 
		ipproto-138(138), 
		ipproto-139(139), 
		ipproto-140(140), 
		ipproto-141(141), 
		ipproto-142(142), 
		ipproto-143(143), 
		ipproto-144(144), 
		ipproto-145(145), 
		ipproto-146(146), 
		ipproto-147(147), 
		ipproto-148(148), 
		ipproto-149(149), 
		ipproto-150(150), 
		ipproto-151(151), 
		ipproto-152(152), 
		ipproto-153(153), 
		ipproto-154(154), 
		ipproto-155(155), 
		ipproto-156(156), 
		ipproto-157(157), 
		ipproto-158(158), 
		ipproto-159(159), 
		ipproto-160(160), 
		ipproto-161(161), 
		ipproto-162(162), 
		ipproto-163(163), 
		ipproto-164(164), 
		ipproto-165(165), 
		ipproto-166(166), 
		ipproto-167(167), 
		ipproto-168(168), 
		ipproto-169(169), 
		ipproto-170(170), 
		ipproto-171(171), 
		ipproto-172(172), 
		ipproto-173(173), 
		ipproto-174(174), 
		ipproto-175(175), 
		ipproto-176(176), 
		ipproto-177(177), 
		ipproto-178(178), 
		ipproto-179(179), 
		ipproto-180(180), 
		ipproto-181(181), 
		ipproto-182(182), 
		ipproto-183(183), 
		ipproto-184(184), 
		ipproto-185(185), 
		ipproto-186(186), 
		ipproto-187(187), 
		ipproto-188(188), 
		ipproto-189(189), 
		ipproto-190(190), 
		ipproto-191(191), 
		ipproto-192(192), 
		ipproto-193(193), 
		ipproto-194(194), 
		ipproto-195(195), 
		ipproto-196(196), 
		ipproto-197(197), 
		ipproto-198(198), 
		ipproto-199(199), 
		ipproto-200(200), 
		ipproto-201(201), 
		ipproto-202(202), 
		ipproto-203(203), 
		ipproto-204(204), 
		ipproto-205(205), 
		ipproto-206(206), 
		ipproto-207(207), 
		ipproto-208(208), 
		ipproto-209(209), 
		ipproto-210(210), 
		ipproto-211(211), 
		ipproto-212(212), 
		ipproto-213(213), 
		ipproto-214(214), 
		ipproto-215(215), 
		ipproto-216(216), 
		ipproto-217(217), 
		ipproto-218(218), 
		ipproto-219(219), 
		ipproto-220(220), 
		ipproto-221(221), 
		ipproto-222(222), 
		ipproto-223(223), 
		ipproto-224(224), 
		ipproto-225(225), 
		ipproto-226(226), 
		ipproto-227(227), 
		ipproto-228(228), 
		ipproto-229(229), 
		ipproto-230(230), 
		ipproto-231(231), 
		ipproto-232(232), 
		ipproto-233(233), 
		ipproto-234(234), 
		ipproto-235(235), 
		ipproto-236(236), 
		ipproto-237(237), 
		ipproto-238(238), 
		ipproto-239(239), 
		ipproto-240(240), 
		ipproto-241(241), 
		ipproto-242(242), 
		ipproto-243(243), 
		ipproto-244(244), 
		ipproto-245(245), 
		ipproto-246(246), 
		ipproto-247(247), 
		ipproto-248(248), 
		ipproto-249(249), 
		ipproto-250(250), 
		ipproto-251(251), 
		ipproto-252(252), 
		ipproto-253(253), 
		ipproto-254(254), 
		dont-verify(255)
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The protocol of the traffic selectors."
	::= { ipsecBundleEntry 24 }

	ipsecBundleLocalAddress OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local address (host or network or range start address)
		 of the traffic selectors,
		 source for outbound, destination for inbound."
	::= { ipsecBundleEntry 25 }

	ipsecBundleLocalMaskLen OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local network masklen of the traffic selectors,
		 source for outbound, destination for inbound."
	::= { ipsecBundleEntry 26 }

	ipsecBundleLocalRange OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local address range end address of the traffic selectors,
		 source for outbound, destination for inbound."
	::= { ipsecBundleEntry 27 }

	ipsecBundleLocalPort OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local port of the traffic selectors,
		 source for outbound, destination for inbound."
	::= { ipsecBundleEntry 28 }

	ipsecBundleRemoteAddress OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote address (host or network or range start address)
		 of the traffic selectors
		 source for outbound, destination for inbound."
	::= { ipsecBundleEntry 29 }

	ipsecBundleRemoteMaskLen OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote network masklen of the traffic selectors
		 source for outbound, destination for inbound."
	::= { ipsecBundleEntry 30 }

	ipsecBundleRemoteRange OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote address range end address of the traffic selectors
		 source for outbound, destination for inbound."
	::= { ipsecBundleEntry 31 }

	ipsecBundleRemotePort OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote port of the traffic selectors
		 source for outbound, destination for inbound."
	::= { ipsecBundleEntry 32 }

	ipsecBundleInPkt OBJECT-TYPE
	    SYNTAX Counter64
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The total number of inbound packets processed by this bundle."
	::= { ipsecBundleEntry 33 }

	ipsecBundleInHb OBJECT-TYPE
	    SYNTAX Counter64
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of heartbeat packets received over this bundle."
	::= { ipsecBundleEntry 34 }

	ipsecBundleInBytes OBJECT-TYPE
	    SYNTAX Counter64
	    UNITS  "bytes"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of inbound bytes (including IPSec overhead) 
		 processed by this bundle."
	::= { ipsecBundleEntry 35 }

	ipsecBundleInBytesNetto OBJECT-TYPE
	    SYNTAX Counter64
	    UNITS  "bytes"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of inbound bytes (netto: IPSec headers excluded) 
		 processed by this bundle."
	::= { ipsecBundleEntry 37 }

	ipsecBundleOutPkt OBJECT-TYPE
	    SYNTAX Counter64
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The total number of outbound packets processed by this bundle."
	::= { ipsecBundleEntry 39 }

	ipsecBundleOutHb OBJECT-TYPE
	    SYNTAX Counter64
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of heartbeat packets sent for this bundle."
	::= { ipsecBundleEntry 40 }

	ipsecBundleOutBytes OBJECT-TYPE
	    SYNTAX Counter64
	    UNITS  "bytes"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of outbound bytes (including IPSec overhead) 
		 processed by this bundle."
	::= { ipsecBundleEntry 41 }

	ipsecBundleOutBytesNetto OBJECT-TYPE
	    SYNTAX Counter64
	    UNITS  "bytes"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of outbound bytes (netto: IPSec headers excluded) 
		 processed by this bundle."
	::= { ipsecBundleEntry 43 }

	ipsecBundleNatT OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled(1), -- use udp encapsulation
	        disabled(2) -- do not use udp encapsulation
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies if the udp encapsulation of ESP packets
		 is active within this bundle.
		  Possible values:
		   enabled(1), -- use udp encapsulation
	           disabled(2) -- do not use udp encapsulation."
	::= { ipsecBundleEntry 45 }

	ipsecBundleNatOaLocal OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local IP address as seen by the remote side.
		 Only valid for transport mode bundles with NatT enabled."
	::= { ipsecBundleEntry 46 }

	ipsecBundleNatOaRemote OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote IP address as seen by the remote side.
		 Only valid for transport mode bundles with NatT enabled."
	::= { ipsecBundleEntry 47 }

	ipsecBundleIkeMajVersion OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The IKE major version number."
	    DEFVAL { 1 }
	::= { ipsecBundleEntry 48 }

	ipsecBundleIkeMinVersion OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The IKE minor version number."
	    DEFVAL { 0 }
	::= { ipsecBundleEntry 49 }


-- End IPSec Bundle Table

-- IKE Security Associations Table

	ikeSaTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IkeSaEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of currently active IKE security
		 associations."
	::= { ipsec 4 }

	ikeSaEntry OBJECT-TYPE
            SYNTAX  IkeSaEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an IKE security association."
	    INDEX   {
		ikeSaIndex
	    }
            ::= { ikeSaTable 1 }

	IkeSaEntry ::=
            SEQUENCE {
		ikeSaIndex			INTEGER,
		ikeSaState			INTEGER, 
		ikeSaXchType			INTEGER,
		ikeSaAuthMethod			INTEGER,
		ikeSaEncAlg			INTEGER,
		ikeSaHashAlg			INTEGER,
		ikeSaPrfAlg			INTEGER,
		ikeSaRole			INTEGER, 
		ikeSaLocalId			DisplayString,
		ikeSaRemoteId			DisplayString,
		ikeSaLocalIp			IpAddress,
		ikeSaRemoteIp			IpAddress,
		ikeSaCookieI			OCTET STRING,
		ikeSaCookieR			OCTET STRING,
		ikeSaCreated			Date,
		ikeSaLastUsed			Date,
		ikeSaExpires			Date,
		ikeSaNumCerts			INTEGER,
		ikeSaNumNegotiations		INTEGER, 
		ikeSaBytes			INTEGER, 
		ikeSaMajVersion			INTEGER, 
		ikeSaMinVersion			INTEGER, 
		ikeSaPeerIndex			INTEGER, 
		ikeSaHeartbeatsEnabled		INTEGER, 
		ikeSaHeartbeatsSent		INTEGER, 
		ikeSaHeartbeatsReceived		INTEGER,
		ikeSaLocalPort			INTEGER,
		ikeSaRemotePort			INTEGER,
		ikeSaXauthType			INTEGER,
		ikeSaXauthUser			DisplayString
            }

	ikeSaIndex OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "A unique index for this entry."
	::= { ikeSaEntry 1 }

	ikeSaState OBJECT-TYPE
	    SYNTAX INTEGER {
		negotiating(1), -- the SA is still being negotiated
		established(2),	-- the SA negotiation is finished
		waiting-for-remove(3), -- the SA is waiting for removal
		delete(7)	       -- mark the SA for deletion
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the state of the SA.
		  Possible values:
		   negotiating(1),        -- the SA is still being negotiated
		   established(2),        -- the SA negotiation is finished
		   waiting-for-remove(3), -- the SA is waiting for removal
		   delete(7)	          -- mark the SA for deletion."
	    DEFVAL { negotiating }
	::= { ikeSaEntry 3 }

	ikeSaXchType OBJECT-TYPE
	    SYNTAX INTEGER {
		base(1),	        -- IKE base mode mode
		id-protect(2),	        -- IKE identity protection 
					-- (oakley main mode)
		aggressive(4), 		-- IKE (oakley) aggressive mode
		any(256)		-- Other mode
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The exchange mode used to create the SA.
		  Possible values:
		   base(1),	           -- IKE base mode mode
		   id-protect(2),	   -- IKE identity protection 
					   -- (oakley main mode)
		   authentication-only(3), -- Authentication only mode
		   aggressive(4),	   -- IKE (oakley) aggressive mode
		   info(5),		   -- IKE informational exchange  mode
		   quick(32),		   -- IKE quick mode
		   new-group(33),	   -- IKE new group mode
		   any(256)		   -- Other mode."
	::= { ikeSaEntry 4 }

	ikeSaAuthMethod OBJECT-TYPE
	    SYNTAX INTEGER {
		pre-sh-key(1), 	-- Authentication using pre shared keys
		dss-sig(2), 	-- Authentication using DSS signatures
		rsa-sig(3), 	-- Authentication using RSA signatures
		rsa-enc(4), 	-- Authentication using RSA encryption
		rsa-enc-rev(5) 	-- Authentication using revised RSA encryption
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The authenticatin method used when negotiating this SA.
		  Possible values:
		   pre-sh-key(1), 	-- Authentication using pre shared keys
		   dss-sig(2), 	  -- Authentication using DSS signatures
		   rsa-sig(3), 	  -- Authentication using RSA signatures
		   rsa-enc(4), 	  -- Authentication using RSA encryption
		   rsa-enc-rev(5) -- Authentication using revised RSA encryption."
	::= { ikeSaEntry 5 }

	ikeSaEncAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		des(1),
		idea(2),        -- not used
		blowfish(3),
		rc5(4),         -- not used
		des3(5),
		cast128(6),     -- CAST with 128 bit key
		aes(7),	        -- AES encryption algorithm
		twofish(9)
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The encryption algorithm used."
	::= { ikeSaEntry 26 }

	ikeSaHashAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		md5(1),		-- The MD5 hash algorithm
		sha(2),	 	-- The Secure Hash Algorithm
		tiger(3),	-- The Tiger hash algorithm
		ripemd160(4)	-- The RIPE MD 160 hash algorithm
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The hash algorithm used."
	::= { ikeSaEntry 27 }

	ikeSaPrfAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		md5(1),		-- The MD5 hash algorithm
		sha(2),	 	-- The Secure Hash Algorithm
		tiger(3),	-- The Tiger hash algorithm
		ripemd160(4)	-- The RIPE MD 160 hash algorithm
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The hash algorithm used for the pseudo random function."
	::= { ikeSaEntry 28 }

	ikeSaRole OBJECT-TYPE
	    SYNTAX INTEGER {
		initiator(1), 	-- this end initiated the SA negotiation
		responder(2)	-- the remote end initiated the SA negotiation
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies by which side the SA
		 negotiation was initiated.
		  Possible values:
		   initiator(1), -- this end	initiated the SA negotiation 
		   responder(2)  -- the remote end initiated the SA negotiation."
	::= { ikeSaEntry 7 }

	ikeSaLocalId OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local ID used for authentication."
	::= { ikeSaEntry 8 }

	ikeSaRemoteId OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote ID used for authentication."
	::= { ikeSaEntry 9 }

	ikeSaLocalIp OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local IP address used in the IKE communication."
	::= { ikeSaEntry 10 }

	ikeSaRemoteIp OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote IP address used in the IKE communication."
	::= { ikeSaEntry 11 }

	ikeSaCookieI OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The cookie of the initiator."
	::= { ikeSaEntry 12 }

	ikeSaCookieR OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The cookie of the responder."
	::= { ikeSaEntry 13 }

	ikeSaCreated OBJECT-TYPE
	    SYNTAX  Date 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"Time the SA was created."
	::= { ikeSaEntry 24 }

	ikeSaLastUsed OBJECT-TYPE
	    SYNTAX  Date 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"Time the SA was used last."
	::= { ikeSaEntry 25 }

	ikeSaExpires OBJECT-TYPE
	    SYNTAX  Date 
	    MAX-ACCESS  read-only
	    STATUS  current
	    DESCRIPTION
		"Time the SA will expire."
	::= { ikeSaEntry 29 }

	ikeSaNumCerts OBJECT-TYPE
	    SYNTAX INTEGER	
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of certificates received from the remote
		 side when negotiating this SA."
	::= { ikeSaEntry 15 }

	ikeSaNumNegotiations OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "This object specifies the number of currently active 
		  negotiations for this SA."
	::= { ikeSaEntry 16 }

	ikeSaBytes OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "bytes"
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "Number of bytes transmitted using this SA."
	::= { ikeSaEntry 17 }

	ikeSaMajVersion OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The IKE major version number."
	::= { ikeSaEntry 18 }

	ikeSaMinVersion OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The IKE minor version number."
	::= { ikeSaEntry 19 }

	ikeSaPeerIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The index of the peer for which this SA was created."
	::= { ikeSaEntry 20 }

	ikeSaHeartbeatsEnabled OBJECT-TYPE
	    SYNTAX INTEGER {
		send(1),	-- send heartbeats
		expect(2),	-- expect heartbeats
		both(3),	-- send and expect heartbeats
		none(4)		-- neither send nor expect heartbeats
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "This object specifies whether heartbeats are sent/expected
		  over this SA
		   possible values:
		    send(1),	-- send heartbeats
		    expect(2),	-- expect heartbeats
		    both(3),	-- send and expect heartbeats
		    none(4)	-- neither send nor expect heartbeats."
	::= { ikeSaEntry 21 }

	ikeSaHeartbeatsSent OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "Number of Heartbeats sent over this SA."
	::= { ikeSaEntry 22 }

	ikeSaHeartbeatsReceived OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "Number of Heartbeats received over this SA."
	::= { ikeSaEntry 23 }

	ikeSaLocalPort OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "Local port currently used for the SA."
	::= { ikeSaEntry 30 }

	ikeSaRemotePort OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "Remote port currently used for the SA."
	::= { ikeSaEntry 31 }

	ikeSaXauthType OBJECT-TYPE
	    SYNTAX INTEGER {
		generic(0),		-- generic
		radius-chap(1),		-- RADIUS-CHAP
		otp(2),			-- One-Time-Password
		s-key(3),		-- S/KEY One-Time-Password
		none(32768)		-- no XAUTH used
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "This object displayes whether XAUTH is used or not 
		  after complete establishment of the SA.
		  If XAUTH is used then the type of the extended 
		  authentication is displayed."
	    DEFVAL { none }
	::= { ikeSaEntry 32 }

	ikeSaXauthUser OBJECT-TYPE
	    SYNTAX DisplayString
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "User name used for Extended Authentication."
	::= { ikeSaEntry 33 }


-- End IKE Security Associations Table


-- IKE (Phase 1) Profile Table

	ikeProfileTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IkeProfileEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of IKE (Phase 1) profiles."
	::= { ipsec 14 }

	ikeProfileEntry OBJECT-TYPE
            SYNTAX  IkeProfileEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an IPSec phase 1 profile."
	    INDEX   {
		ikePrfProposal
	    }
            ::= { ikeProfileTable 1 }

	IkeProfileEntry ::=
	    SEQUENCE {
		ikePrfIndex			INTEGER,
		ikePrfDescription		DisplayString,
		ikePrfAuthMethod		INTEGER,
		ikePrfMode			INTEGER,
		ikePrfProposal			INTEGER,
		ikePrfGroup			INTEGER,
		ikePrfCert			INTEGER,
		ikePrfLocalId			DisplayString,
		ikePrfCaCerts			DisplayString,
		ikePrfLifeTime			INTEGER,
		ikePrfPfsIdentity		INTEGER,
		ikePrfHeartbeats		INTEGER,
		ikePrfBlockTime			INTEGER,
		ikePrfNatT			INTEGER,
		ikePrfMtuMax			INTEGER,
		ikePrfLifeSeconds		Unsigned32,
		ikePrfLifeKBytes		Unsigned32,
		ikePrfLifeRekeyPercent		INTEGER,
		ikePrfLifePolicy		INTEGER
	    }

	ikePrfIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index identifying this entry."
	::= { ikeProfileEntry 1 }

	ikePrfDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"An optional description for this profile."
	::= { ikeProfileEntry 2 }

	ikePrfAuthMethod OBJECT-TYPE
	    SYNTAX INTEGER {
		pre-sh-key(1), 	-- Authentication using pre shared keys
		dss-sig(2), 	-- Authentication using DSS signatures
		rsa-sig(3), 	-- Authentication using RSA signatures
		rsa-enc(4), 	-- Authentication using RSA encryption
		default(14),    -- use settings from default profile
		delete(15) 	-- mark this entry for deletion
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the authentication method used for this profile.
		  Possible values:
		   pre-sh-key(1), -- Authentication using pre shared keys
		   dss-sig(2), 	  -- Authentication using DSS signatures
		   rsa-sig(3), 	  -- Authentication using RSA signatures
		   rsa-enc(4), 	  -- Authentication using RSA encryption
		   default(14),	  -- use settings from default profile
				  -- (pre-sh-key if this is the default profile)
		   delete(15)	  -- mark this entry for deletion."
	    DEFVAL { default }
	::= { ikeProfileEntry 3 }

	ikePrfMode OBJECT-TYPE
	    SYNTAX INTEGER {
		id-protect(1),		-- Use identity protection (main) mode 
		aggressive(2), 		-- Use aggressive mode
		default(3),		-- Use default setting from the 
					-- global profile
		id-protect-only(4), 	-- only id-protect mode allowed
		aggressive-only(5)  	-- only aggressive mode allowed
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the exchange mode used for IKE
		 SA negotiation.
		  Possible values:
		    id-protect(1),	-- Use identity protection (main) mode 
		    aggressive(2), 	-- Use aggressive mode
		    default(3),		-- Use default setting from the 
					-- global profile
		    id-protect-only(4), -- only id-protect mode allowed
		    aggressive-only(5)  -- only aggressive mode allowed."
	    DEFVAL { default }
	::= { ikeProfileEntry 4 }

	ikePrfProposal OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index of the first IKE proposal which may be used
		 for IKE SA negotiation with this profile."
	::= { ikeProfileEntry 5 }

	ikePrfGroup OBJECT-TYPE
	    SYNTAX INTEGER (1..5)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the IKE group to use with this profile.
		  Possible values:
		   1: a 768-bit MODP group
		   2: a 1024-bit MODP group
		   5: a 1536-bit MODP group"
	::= { ikeProfileEntry 6 }

	ikePrfCert OBJECT-TYPE
	    SYNTAX INTEGER (0..32767)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index of the certificate used for authentication 
		 in the certTable. Ignored for AuthMethod == pre_shared_key."
	::= { ikeProfileEntry 7 }

	ikePrfLocalId OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The local ID used for authentication with this profile.
                 Syntax:
                   - X500 distinguished name:
                     <obj-name=obj-value, obj-ID=obj-value, ...>
                   - IPV4-Address:
                     |123.456.789.012| with or without '|'
                   - IPV4 Address Range:
                     |123.456.789.012-123.456.789.013| with or without '|'
                   - IPV4 Address Subnet:
                     |123.456.789.012/255.255.255.0| with or without '|'
                     or:
                     |123.456.789.012/24| with or without '|'
                   - Key-ID: arbitrary string:
                     {anything}
                   - Fully Qualified User Name (FQUN):
                     (anything) or user@domain with mandatory '@'
                   - Fully Qualified Domain Name (FQDN):
                     [anything] or any name without '@' not matching any other
                     syntax"
	::= { ikeProfileEntry 8 }

	ikePrfCaCerts OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Receives a comma separated list with indices (0..32767) 
		 of special certificate authority certificates accepted 
		 for this profile."
	::= { ikeProfileEntry 9 }

	ikePrfLifeTime OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies an index in the ipsecLifeTimeTable with the 
		 lifetime settings to be used for IKE SA negotiation with this profile.
		 If the lifetime pointed to by this index does not exist or is
		 inappropriate, the default lifetime is taken.
		 The usage of this object is deprecated, use the ikePrfLifeXxx
		 variables directly instead."
	    DEFVAL { -1 }
	::= { ikeProfileEntry 10 }

	ikePrfPfsIdentity OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- delete phase 1 SAs 
		false(2),	-- reuse phase 1 SAs
		default(3)   	-- use value from default profile 
                                -- (false, if this is the default profile)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies whether IKE SA's should be deleted
		 immediately after a phase 2 (IPSec-) SA pair has been 
		 negotiated.
		 The consequence of enabling this feature is that before each 
		 phase 2 negotiation there always has to be a phase 1
		 negotiation. Thus individual phase 2 SAs cannot be
		 associated with one another or, respectively, if the
		 identity of a remote peer is known to an eavesdropper
		 for one SA, he cannot conclude that the next SA is
		 negotiated with the same remote peer. 
		 Note: Setting this flag only makes sense if configured
		 together with id-protect mode or RSA encryption for
		 authentication and if the IP address of the remote
		 peer does not allow conclusions about its identity
		 (i.e. dynamic remote peer addresses).
		  Possible values:
		   true(1), 	-- delete phase 1 SAs
		   false(2),    -- reuse phase 1 SAs
		   default(3)   -- use value from default profile 
                                -- (false if this is the default profile)."
	    DEFVAL { default }
	::= { ikeProfileEntry 11 }

	ikePrfHeartbeats OBJECT-TYPE
	    SYNTAX INTEGER {
		none(1),        -- neither send nor expect heartbeats
		expect(2), 	-- expect heartbeats
		send(3),        -- send heartbeats
		both(4),	-- send and expect heartbeats
		default(5),	-- use default value
		auto(6),	-- detect support using vendor id
		dpd(7),		-- use DPD method for proof-of-liveliness
		dpd-idle(8)	-- use DPD, detect dead peers even while idle
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies whether heartbeats should be sent 
		 over phase 1 SAs for this profile (heartbeats are not 
		 used for IPv6).
		  Possible values:
		   none(1),     -- neither send nor expect heartbeats
		   expect(2), 	-- expect heartbeats
		   send(3),     -- send heartbeats
		   both(4),	-- send and expect heartbeats
		   default(5),	-- use value from default profile
				-- (auto if this is the default profile)
		   auto(6),	-- detect support using vendor id
		   dpd(7),	-- use DPD method for proof-of-liveliness
		   dpd-idle(8)	-- use DPD, detect dead peers even while idle."
	    DEFVAL { default }
	::= { ikeProfileEntry 12 }

	ikePrfBlockTime OBJECT-TYPE
	    SYNTAX INTEGER (-1..86400) 
	    UNITS  "seconds"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the time in seconds for which a peer is
		 blocked for any IPSec operations after a phase 1 initiator
		 negotiation failed.
		  Special values:
		   -1: use settings from global profile (do not block by default)
		    0: do not block the peer at all."
	    DEFVAL { -1 }
	::= { ikeProfileEntry 13 }

	ikePrfNatT OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled(1), 	-- enable Nat-Traversal
		disabled(2),	-- disable Nat-Traversal
		default(3),   	-- use value from default profile 
                                -- (enabled, if this is the default profile)
		enforce(4)	-- enforce NAT-T, independant from NAT
				-- detection	
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies whether NAT-Traversal is enabled
		  Possible values:
		   enabled(1), 	-- enable Nat-Traversal
		   disabled(2),	-- disable Nat-Traversal
		   default(3)   -- use value from default profile 
                                -- (disabled, if this is the default profile)."
	    DEFVAL { default }
	::= { ikeProfileEntry 14 }

	ikePrfMtuMax OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The maximum MTU value allowed for ipsecPeerStatMtu.
		 Zero means use value from global profile, 
		 if this is the global profile, 1418 is assumed.
		 Nonzero values smaller than 214 are reset to the minimum of 214."
	    DEFVAL { 0 }
	::= { ikeProfileEntry 15 }

	ikePrfLifeSeconds OBJECT-TYPE
	    SYNTAX Unsigned32
	    UNITS  "seconds"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The maximum time (in seconds) after which an SA will be 
		 deleted."
	    DEFVAL { 900 }
	::= { ikeProfileEntry 16 }


	ikePrfLifeKBytes OBJECT-TYPE
	    SYNTAX Unsigned32
	    UNITS  "kilo bytes"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The maximum amount of data (in KB) which may be protected 
		 by an SA before it is deleted."
	    DEFVAL { 0 }
	::= { ikeProfileEntry 17 }


	ikePrfLifeRekeyPercent OBJECT-TYPE
	    SYNTAX INTEGER (50..100)
	    MAX-ACCESS read-write
	    STATUS obsolete
	    DESCRIPTION
		"WARNING: this object is obsolete and must not be used."
	    DEFVAL { 80 }
	::= { ikeProfileEntry 18 }

	ikePrfLifePolicy OBJECT-TYPE
	    SYNTAX INTEGER {
		loose(1),	-- accept and use anything proposed
		strict(2),	-- accept and use only what is configured
		notify(3),	-- accept anything (send responder lifetime)
		use-default-lifetime(4)	-- use lifetime values from default
					-- profile
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the way a lifetime proposal is 
		 handled. Possible values:
		  loose(1),	-- accept and use anything proposed
		  strict(2),	-- accept and use only what is configured
		  notify(3),	-- accept anything, if own values are smaller
				   than what was proposed use these and 
				   send responder lifetime notification
		  use_default_lifetime(4) -- use lifetime values from default
					  -- profile."
	    DEFVAL { use-default-lifetime }
	::= { ikeProfileEntry 19 }

-- End IKE (Phase 1) Profile Table

-- IPSec (Phase 2) Profile Table

	ipsecProfileTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecProfileEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of IPSec (Phase 2) profiles."
	::= { ipsec 15 }

	ipsecProfileEntry OBJECT-TYPE
            SYNTAX  IpsecProfileEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an IPSec phase 1 profile."
	    INDEX   {
		ipsecPrfProposal
	    }
            ::= { ipsecProfileTable 1 }

	IpsecProfileEntry ::=
	    SEQUENCE {
		ipsecPrfIndex		INTEGER,
		ipsecPrfDescription	DisplayString,
		ipsecPrfProposal 	INTEGER,
		ipsecPrfPfsGroup	INTEGER,
		ipsecPrfLifeTime	INTEGER,
		ipsecPrfHeartbeats	INTEGER, 
		ipsecPrfPmtuDiscovery	INTEGER, 
		ipsecPrfGranularity	INTEGER,
		ipsecPrfKeepAlive	INTEGER,
		ipsecPrfVerifyPad	INTEGER,
		ipsecPrfForceTunnelMode		INTEGER,
		ipsecPrfLifeSeconds		Unsigned32,
		ipsecPrfLifeKBytes		Unsigned32,
		ipsecPrfLifeRekeyPercent	INTEGER,
		ipsecPrfLifePolicy		INTEGER
	    }

	ipsecPrfIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index identifying this entry."
	::= { ipsecProfileEntry 1 }

	ipsecPrfDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"An optional description for this profile."
	::= { ipsecProfileEntry 2 }

	ipsecPrfProposal OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index of the IPSec proposal used for this profile."
	::= { ipsecProfileEntry 3 }

	ipsecPrfPfsGroup OBJECT-TYPE
	    SYNTAX INTEGER (-1..5)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The Diffie Hellman group used for additional Perfect
		 Forward Secrecy (PFS) DH exponentiations.
		  Possible values:
		  -1: do not use PFS 
		   0: use value from default profile (do not use PFS 
		      if this is the default profile)
		   1: a 768-bit MODP group, 
		   2: a 1024-bit MODP group, 
		   5: a 1536-bit MODP group."
	::= { ipsecProfileEntry 4 }

	ipsecPrfLifeTime OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies an index in the
		 ipsecLifeTimeTable.
		 The usage of this object is deprecated, use the ipsecPrfLifeXxx
		 variables directly instead."
	    DEFVAL { -1 }
	::= { ipsecProfileEntry 5 }

	ipsecPrfHeartbeats OBJECT-TYPE
	    SYNTAX INTEGER {
		none(1),        -- neither send nor expect heartbeats
		expect(2), 	-- expect heartbeats
		send(3),        -- send heartbeats
		both(4),	-- send and expect heartbeats
		default(5),	-- use settings from peer or global profile
		auto(6)		-- detect support using vendor id
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies whether heartbeats should be sent 
		 over phase 2 SAs for this profile (heartbeats are not 
		 used for IPv6).
		  Possible values:
		   none(1),     -- neither send nor expect heartbeats
		   expect(2), 	-- expect heartbeats
		   send(3),     -- send heartbeats
		   both(4).	-- send and expect heartbeats
		   default(5),	-- use settings from peer or global profile
				   (auto if this is the global profile)
		   auto(6)	-- detect support using vendor id."
	    DEFVAL { default }
	::= { ipsecProfileEntry 6 }

	ipsecPrfPmtuDiscovery OBJECT-TYPE
	    SYNTAX INTEGER {
		disabled(1), -- do not perform PMTU discovery
		enabled(2),  -- perform PMTU discovery
		default(3)   -- use settings from peer or global profile
			     -- (enabled if this is the global profile)
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the PMTU discovery policy for this peer.
		  Possible values:
		    disabled(1), -- do not perform PMTU discovery
		    enabled(2)   -- perform PMTU discovery
		    default(3)   -- use settings from peer or global profile
			         -- (enabled if this is the global profile)."
            DEFVAL { default }
	::= { ipsecProfileEntry 7 }

	ipsecPrfGranularity OBJECT-TYPE
	    SYNTAX INTEGER {
		default(1),	-- use granulaity settings from default profile
				-- (coarse if this is the default profile)
		coarse(2),	-- Create only one SA for each Traffic entry
		ip(3),		-- Create one SA for each host
		proto(4),	-- Create one SA for each protocol and host
		port(5),	-- Create one SA for each port and host
		local-services(6) -- same as 'coarse' but 'ip' for local services
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the granularity with which SA's
		 are created with this profile.
		  Possible values:
		   default(1),	-- use granulaity settings from default profile
				-- (coarse if this is the default profile)
		   coarse(2),	-- Create only one SA for each Traffic entry
		   ip(3),	-- Create one SA for each host
		   proto(4),	-- Create one SA for each protocol and host
		   port(5)	-- Create one SA for each port and host."
	    DEFVAL { default }
	::= { ipsecProfileEntry 8 }

	ipsecPrfKeepAlive OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- rekey SA's even if no data was transferred
		false(2), 	-- do not rekey SA's if no data was transferred
		default (3),	-- use value from default profile
				-- (false if this is the default profile)
		delete (4)	-- mark this entry for deletion
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies whether IKE SA's
		 are rekeyed even if there was no data transferred over
		 them.
		  Possible values:
		   true(1), 	-- rekey SA's even if no data was transferred
		   false(2),	-- do not rekey SA's if no data was transferred
		   default (3),	-- use value from default profile
				-- (false if this is the default profile)
		   delete (4)	-- mark this entry for deletion."
	    DEFVAL { default }
	::= { ipsecProfileEntry 9 }

	ipsecPrfVerifyPad OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1),	-- normal, self-describing ESP padding
	        false(2), 	-- old style ESP padding
		default(3)	-- use setting from peer or global profile
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object is a compatibility option for older ipsec 
		 implementations. It enables or disables an old way of ESP 
		 padding (no self describing padding).
		  Possible values:
		   true(1),	-- normal, self-describing ESP padding
	           false(2), 	-- old style ESP padding
		   default(3)	-- use setting from peer or global profile
				   (true if this is the global profile)."
	    DEFVAL { default }
	::= { ipsecProfileEntry 10 }

	ipsecPrfForceTunnelMode OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1),    -- Use tunnel mode even if transport mode is possible
		false(2),   -- Use transport mode whenever possible
		default(3)  -- Use settings from default profile
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the strategy when transport mode is used.
		 By default, the system always uses transport mode, if possible.
		 If this variable is set to true, always tunnel mode will be used
		 for this traffic entry, even if source and destination address 
		 match the tunnel endpoints.
		  Possible values:
		   true(1), -- Use tunnel mode even if transport mode is possible
		   false(2),   -- Use transport mode whenever possible
		   default(3)  -- Use settings from default profile 
                                  (if this is the default, false is assumed)."
	    DEFVAL { default }
	::= { ipsecProfileEntry 11 }

	ipsecPrfLifeSeconds OBJECT-TYPE
	    SYNTAX Unsigned32
	    UNITS  "seconds"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The maximum time (in seconds) after which an SA will be 
		 deleted."
	    DEFVAL { 900 }
	::= { ipsecProfileEntry 16 }


	ipsecPrfLifeKBytes OBJECT-TYPE
	    SYNTAX Unsigned32
	    UNITS  "kilo bytes"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The maximum amount of data (in KB) which may be protected 
		 by an SA before it is deleted."
	    DEFVAL { 0 }
	::= { ipsecProfileEntry 17 }


	ipsecPrfLifeRekeyPercent OBJECT-TYPE
	    SYNTAX INTEGER (50..100)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The percentage of the lifetimes (traffic and time based)
		 after which rekeying is started."
	    DEFVAL { 80 }
	::= { ipsecProfileEntry 18 }

	ipsecPrfLifePolicy OBJECT-TYPE
	    SYNTAX INTEGER {
		loose(1),	-- accept and use anything proposed
		strict(2),	-- accept and use only what is configured
		notify(3),	-- accept anything (send responder lifetime)
		use-default-lifetime(4)	-- use lifetime values from default
					-- profile
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the way a lifetime proposal is 
		 handled. Possible values:
		  loose(1),	-- accept and use anything proposed
		  strict(2),	-- accept and use only what is configured
		  notify(3)	-- accept anything, if own values are smaller
				   than what was proposed use these and 
				   send responder lifetime notification
		  use_default_lifetime(4) -- use lifetime values from default
					  -- profile."
	    DEFVAL { use-default-lifetime }
	::= { ipsecProfileEntry 19 }

-- End IPSec (Phase 2) Profile Table


-- IPSec Peer Table

	ipsecPeerTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecPeerEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of IPSec peers."
	::= { ipsec 5 }

	ipsecPeerEntry OBJECT-TYPE
            SYNTAX  IpsecPeerEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains the description of an IPSec peer."
	    INDEX   {
		ipsecPeerTrafficList
	    }
            ::= { ipsecPeerTable 1 }

	IpsecPeerEntry ::=
            SEQUENCE {
		ipsecPeerIndex			INTEGER,
		ipsecPeerPriority		INTEGER,
		ipsecPeerDescription		DisplayString,
		ipsecPeerDynamicAddress		DisplayString,
		ipsecPeerPeerIds		DisplayString,
		ipsecPeerLocalAddress		IpAddress,
		ipsecPeerTrafficList		INTEGER,
		ipsecPeerIkeProfile		INTEGER, 
		ipsecPeerIpsecProfile		INTEGER, 
		ipsecPeerPreSharedKey		DisplayString,
		ipsecPeerVirtualInterface	INTEGER, 
		ipsecPeerStartMode		INTEGER,
		ipsecPeerAdminStatus		INTEGER,
		ipsecPeerIsdnCB			INTEGER,
		ipsecPeerPreSharedKeyData	OCTET STRING,
		ipsecPeerIsdnCBMode		INTEGER,
		ipsecPeerIsdnCBDChanMode	INTEGER,
		ipsecPeerType			INTEGER,
		ipsecPeerDynAddrPoolId		INTEGER,
		ipsecPeerDynAddrLocalIp		IpAddress,
		ipsecPeerXauthProfile		Unsigned32,
		ipsecPeerDynAddrRole		INTEGER,
		ipsecPeerIkeVersion		INTEGER,
-- IKEv2 specific Peer parameters
		ipsecPeerLocalId		DisplayString,
		ipsecPeerAuthMethod		INTEGER,
		ipsecPeerCert			INTEGER,
		ipsecPeerCaCerts		DisplayString,
-- universal (IKEv1 and IKEv2) Peer parameters
		ipsecPeerDynAddrMode		INTEGER,
		ipsecPeerMobike			INTEGER,
		ipsecPeerPublicIfIndex		INTEGER,
		ipsecPeerPublicIfIndexMode	INTEGER
            }	

-- these read-only parameters are moved to the new ipsecPeerStatTable:
-- ipsecPeerNextIndex			OID ipsecPeerEntry 2
-- ipsecPeerCaCerts 			OID ipsecPeerEntry 4
-- ipsecPeerPeerAddress			OID ipsecPeerEntry 6
-- ipsecPeerLocalId			OID ipsecPeerEntry 7
-- ipsecPeerLocalCert			OID ipsecPeerEntry 9
-- ipsecPeerIkeProposals		OID ipsecPeerEntry 10
-- ipsecPeerPublicInterface		OID ipsecPeerEntry 12
-- ipsecPeerPfsIdentity			OID ipsecPeerEntry 13
-- ipsecPeerAuthMethod			OID ipsecPeerEntry 20
-- ipsecPeerIkeGroup 			OID ipsecPeerEntry 22
-- ipsecPeerPfsGroup			OID ipsecPeerEntry 23
-- ipsecPeerPh1Mode			OID ipsecPeerEntry 24
-- ipsecPeerIkeLifeTime			OID ipsecPeerEntry 25
-- ipsecPeerIpsecLifeTime		OID ipsecPeerEntry 26
-- ipsecPeerKeepAlive 			OID ipsecPeerEntry 29
-- ipsecPeerGranularity			OID ipsecPeerEntry 30
-- ipsecPeerDontVerifyPad		OID ipsecPeerEntry 31
-- ipsecPeerNoPmtuDiscovery		OID ipsecPeerEntry 36
-- ipsecPeerOperStatus			OID ipsecPeerEntry 44
-- ipsecPeerDefaultIpsecProposals 	OID ipsecPeerEntry 42
-- ipsecPeerHeartbeat 			OID ipsecPeerEntry 43
-- ipsecPeerTtl				OID ipsecPeerEntry 51
-- ipsecPeerCurrentLocalAddress		OID ipsecPeerEntry 52
-- ipsecPeerCurrentRemoteAddress 	OID ipsecPeerEntry 53
-- ipsecPeerNumP1			OID ipsecPeerEntry 54
-- ipsecPeerNumP1Negotiating		OID ipsecPeerEntry 55
-- ipsecPeerNumP1Established		OID ipsecPeerEntry 56
-- ipsecPeerNumP1Deleted		OID ipsecPeerEntry 57
-- ipsecPeerNumBundles			OID ipsecPeerEntry 58
-- ipsecPeerNumBundlesNegotiating	OID ipsecPeerEntry 59
-- ipsecPeerNumBundlesEstablished	OID ipsecPeerEntry 60
-- ipsecPeerPh1LToken			OID ipsecPeerEntry 64
-- ipsecPeerPh1RToken			OID ipsecPeerEntry 65
-- ipsecPeerIsdnCBNextMode		OID ipsecPeerEntry 68
-- ipsecPeerNatDetect			OID ipsecPeerEntry 69
-- ipsecPeerNatTLocalPort		OID ipsecPeerEntry 70
-- ipsecPeerNatTRemotePort		OID ipsecPeerEntry 71
-- ipsecPeerMtu				OID ipsecPeerEntry 72
-- ipsecPeerRxIdle			OID ipsecPeerEntry 74
-- ipsecPeerTxIdle			OID ipsecPeerEntry 75
-- ipsecPeerDPD				OID ipsecPeerEntry 76
-- ipsecPeerDPDRetries 			OID ipsecPeerEntry 77

	ipsecPeerIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index identifying this entry."
	::= { ipsecPeerEntry 1 }


	ipsecPeerPriority OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Defines the matching priority."
	::= { ipsecPeerEntry 47 }


	ipsecPeerDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"An optional description for this peer."
	::= { ipsecPeerEntry 3 }


	ipsecPeerDynamicAddress OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The IP-address of the peer.
	 	 This object may contain either an IP address or a domain name."
	::= { ipsecPeerEntry 14 }


	ipsecPeerPeerIds OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The IDs of the peer which are accepted for authentication.
                 Syntax:
                   - X500 distinguished name:
                     <obj-name=obj-value, obj-ID=obj-value, ...>
                   - IPV4-Address:
                     |123.456.789.012| with or without '|'
                   - IPV4 Address Range (only IKEv1):
                     |123.456.789.012-123.456.789.013| with or without '|'
                   - IPV4 Address Subnet (only IKEv1):
                     |123.456.789.012/255.255.255.0| with or without '|'
                     or:
                     |123.456.789.012/24| with or without '|'
                   - Key-ID: arbitrary string:
                     {anything}
                   - Fully Qualified User Name (FQUN) (for IKEv1) or
                     Fully-qualified RFC 822 email address string (for IKEv2):
                     (anything) or user@domain with mandatory '@'
                   - Fully Qualified Domain Name (FQDN):
                     [anything] or any name without '@' not matching any other
                     syntax"
	::= { ipsecPeerEntry 5 }


	ipsecPeerLocalAddress OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The local address used for IPSec encrypted packets."
	::= { ipsecPeerEntry 8 }


	ipsecPeerTrafficList OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the first entry of possibly a
		 chain of traffic entries from the ipsecTrafficTable
		 which should be protected with IPSec using this peer."
	::= { ipsecPeerEntry 11 }

	ipsecPeerVirtualInterface OBJECT-TYPE
	    SYNTAX INTEGER {
		disabled(1),	-- no virtual interface for this peer
		enabled(2)	-- a virtual interface will be assigned this peer
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies if a virtual interface should be created
		 for this peer. If set to enabled, all traffic routed towards
		 this peer will be protected. The traffic list for this peer 
		 is ignored then. The index of the interface associated with
		 this peer is calculated as follows: 
		  ifIndex = ipsecPeerIndex + 100000."
	    DEFVAL { disabled }
	::= { ipsecPeerEntry 15 }

	ipsecPeerStartMode OBJECT-TYPE
	    SYNTAX INTEGER {
		on-demand(1),		-- packet triggered start,
					-- fall back to dormant if unused
		always-up(2)		-- always set up and keep up
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the events which make the IPSec peer go up.
		  Possible values:
		    on-demand(1),	-- packet triggered start,
					-- fall back to dormant if unused
		    always-up(2)		-- always set up and keep up."
	    DEFVAL { on-demand }
	::= { ipsecPeerEntry 16 }

	ipsecPeerIkeProfile OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"When ipsecPeerIkeVersion is set to ikev1 this is an index from 
		 the ikeProfileTable containing a special phase 1 profile to 
		 use for this peer.
		 When ipsecPeerIkeVersion is set to ikev2 this is an index from 
		 the ikev2ProfileTable containing a special IKE_SA profile to 
		 use for this peer."
	::= { ipsecPeerEntry 48 }

	ipsecPeerIpsecProfile OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index from the ipsecProfileTable containing a special 
		 phase 2 profile to use for this peer."
	::= { ipsecPeerEntry 49 }

	ipsecPeerPreSharedKey OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The pre-shared-key used with this peer, if pre-shared-keys
		 are used for authentication. This field serves only
		 as an input field and its contents are replaced with
		 a single asterisk immediately after it is set."
	::= { ipsecPeerEntry 21 }

	ipsecPeerAdminStatus OBJECT-TYPE
	    SYNTAX INTEGER {
              	up(1),
              	down(2),
--              testing(3),
		dialup(4),
		callback(5),
		delete(15)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Peer administrative state."
	    DEFVAL { up }
	::= { ipsecPeerEntry 50 }

	ipsecPeerIsdnCB OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled(1),
		disabled(2), 
		passive(3),   -- expect an ISDN call and setup IPSec tunnel
		active(4)     -- setup an ISDN call and expect IPSec tunnel setup
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Switch for turning ISDN call back feature on and off
		 specifically for peer.
		 Default value is disabled."
	    DEFVAL { disabled }
	::= { ipsecPeerEntry 45 }

	ipsecPeerPreSharedKeyData OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS not-accessible
	    STATUS current
	    DESCRIPTION
		"Field used for storing the pre-shared-key permanently."
	::= { ipsecPeerEntry 63 }

	ipsecPeerIsdnCBMode OBJECT-TYPE
	    SYNTAX INTEGER {
		compat(1),
		auto(2),
		auto-d(3),
		d(4),
		db(5),
		b(6)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Define callback mode.
		 The following modes are defined:
		   compat(1)	-- compatibility to old callback
		   auto(2)      -- automatically detect best method
		   auto-d(3)	-- automatically detect best D channel method
		   d(4)		-- use D channel only
		   db(5)	-- try D channel first, fall back to B
		   b(6)		-- use B channel only

		 Default value for that variable is compat(1)."
	    DEFVAL { compat }
	::= { ipsecPeerEntry 66 }

	ipsecPeerIsdnCBDChanMode OBJECT-TYPE
	    SYNTAX INTEGER {
		llc(1),
		subaddr(2),
		llc-and-subaddr(3),
		llc-subaddr(4),
		subaddr-llc(5)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Define callback D channel mode.
		 The following modes are defined:
		   llc(1)		-- code token into LLC information
					   element only
		   subaddr(2)    	-- code token into SUBADDR information
					   element only
		   llc-and-subaddr(3)	-- redundantly use LLC and SUBADDR
					   information elements
		   llc-subaddr(4)	-- try LLC first, then SUBADDR
		   subaddr-llc(5)	-- try SUBADDR first, then LLC

		 Default value for that variable is LLC(1)."
	    DEFVAL { llc }
	::= { ipsecPeerEntry 67 }

	ipsecPeerType OBJECT-TYPE
	    SYNTAX INTEGER {
		fixed(1),		-- only one peer allowed for this entry
		dynamic-client(2)	-- duplicated for each incoming client
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The type of the peer. Dynamic peer entries are duplicated
		 whenever an incoming IKE request matches the ID and/or 
		 address information of the remote side. 
		 Note: 
		 - For traffic list peers the duplication also includes the
		   traffic list entries configured for this peer entry.
		 - For virtual interface peers, host routes will be added
		   for the peer address automatically.
		 Possible values:
		  fixed(1),		-- only one peer allowed for this entry
		  dynamic_client(2)	-- duplicated for each incoming client."
	    DEFVAL { fixed }
	::= { ipsecPeerEntry 73 }

	ipsecPeerDynAddrPoolId OBJECT-TYPE
	    SYNTAX INTEGER (-1..65535)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Identifier of Dynamic Address Pool if IP address is
		 assigned via IKE Configuration Method.
		 A value of -1 means that no Pool is assigned."
	    DEFVAL { -1 }
	::= { ipsecPeerEntry 78 }

	ipsecPeerDynAddrLocalIp OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The local IP address used in the IKE communication
		 when remote IP address is taken from IP address pool."
	::= { ipsecPeerEntry 79 }

	ipsecPeerXauthProfile OBJECT-TYPE
	    SYNTAX Unsigned32 (0..4294967295)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index from the xauthProfileTable containing a special
		 XAUTH profile to use for this peer.
		 A value of 0 means that no XAUTH profile is assigned."
	    DEFVAL { 0 }
	::= { ipsecPeerEntry 80 }

	ipsecPeerDynAddrRole OBJECT-TYPE
	    SYNTAX INTEGER {
		none(1), 	-- no IP address assignment via IKE Config Mode
		client(2),	-- get IP address via IKE Config Mode from remote
		server(3)	-- assign IP address via IKE Config Mode to remote
            }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Determines if IKE Config Mode is used and which role is performed:
		 none(1), 	-- no IP address assignemt via IKE Config Mode
		 client(2)	-- get IP address via IKE Config Mode from remote
		 server(3)	-- assign IP address via IKE Config Mode to remote

		 In server role ipsecPeerDynAddrPoolId defines IP address pool to
		 use for address assignment to clients. If an invalid pool ID is
		 configured, peer is treated as if role was 'none'.

		 Default is 'none', that means IKE Config Mode is not used at all."
	    DEFVAL { none }
	::= { ipsecPeerEntry 81 }

	ipsecPeerIkeVersion OBJECT-TYPE
	    SYNTAX INTEGER {
		ikev1(1),
		ikev2(2)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Indicates the major version of IKE protocol to use. If set to
		 ikev1 the value of ipsecPeerIkeProfile is used as index into 
		 ikeProfileTable. If set to ikev2 the value of 
		 ipsecPeerIkeProfile is used as index into ikev2ProfileTable."
	    DEFVAL { ikev1 }
	::= { ipsecPeerEntry 82 }

-- IKEv2 specific Peer parameters

	ipsecPeerLocalId OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The local ID used for authentication with this profile.
                 Syntax:
                   - X500 distinguished name:
                     <obj-name=obj-value, obj-ID=obj-value, ...>
                   - IPV4-Address:
                     |123.456.789.012| with or without '|'
                   - Key-ID: arbitrary string:
                     {anything}
                   - Fully-qualified RFC 822 email address string:
                     (anything) or user@domain with mandatory '@'
                   - Fully Qualified Domain Name (FQDN):
                     [anything] or any name without '@' not matching any other
                     syntax 
		(only for IKEv2)."
	::= { ipsecPeerEntry 83 }

	ipsecPeerAuthMethod OBJECT-TYPE
	    SYNTAX INTEGER {
		pre-sh-key(1), 	-- Authentication using pre shared keys
		dss-sig(2), 	-- Authentication using DSS signatures
		rsa-sig(3) 	-- Authentication using RSA signatures
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the authentication method used by default. 
		 If the ipsecPeerAuthMethod field of an ipsecPeerEntry and the
		 ikePropAuthMethod field of the ikeProposalTableEntry used are
		 set to 'default', this value is assumed.
		  Possible values:
		   pre-sh-key(1), -- Authentication using pre shared keys
		   dss-sig(2),	  -- Authentication using DSS signatures
		   rsa-sig(3)	  -- Authentication using RSA signatures
		(only for IKEv2)."
	::= { ipsecPeerEntry 84 }

	ipsecPeerCert OBJECT-TYPE
	    SYNTAX INTEGER (0..32767)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index of the certificate used for authentication 
		 in the certTable. Ignored for AuthMethod == pre_shared_key.
		(only for IKEv2)."
	::= { ipsecPeerEntry 85 }

	ipsecPeerCaCerts OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Receives a comma separated list with indices (0..32767) 
		 of special certificate authority certificates accepted 
		 for this profile.
		(only for IKEv2)."
	::= { ipsecPeerEntry 86 }

	ipsecPeerDynAddrMode OBJECT-TYPE
	    SYNTAX INTEGER {
		pull(1), 	-- the client will request IP address and the gateway
				-- will answer the request
		push(2)		-- the gateway will set IP address to the client and
				-- the client will accept or deny it
            }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"When IP address assignment via IKE Config Mode is configured
	 	 (ipsecPeerDynAddrRole != none) this object specifies the used mode:
		 pull(1), 	-- the client will request IP address and the gateway
				   will answer the request
		 push(2)	-- the gateway will set IP address to the client and
				   the client will accept or deny it

		 The ipsecPeerDynAddrMode value has to be the same for both sides of 
		 the tunnel. With default value 'pull' the peer (ipsecPeerDynAddrRole ==
		 client) will request IP address and the gateway (ipsecPeerDynAddrRole ==
		 server) will answer the request.
		 The 'push' mode is needed for partner devices that require this mode.

		 This object matters only when ipsecPeerDynAddrRole != none."
	    DEFVAL { pull }
	::= { ipsecPeerEntry 87 }

	ipsecPeerMobike OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled(1), 	-- peer supports MOBIKE
		disabled(2) 	-- peer does not support MOBIKE
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object indicates whether the peer supports MOBIKE or not.
		 Only when both sides of a VPN connection support MOBIKE an IP
		 address change is possible.   
		  Possible values:
		   enabled(1),    -- Peer supports MOBIKE and signals MOBIKE
		   		     support by including a MOBIKE_SUPPORTED 
				     notification in the IKE_AUTH message.
		   disabled(2)	  -- Peer does not support MOBIKE.
		(only for IKEv2)."
	    DEFVAL { enabled }

	::= { ipsecPeerEntry 88 }


	ipsecPeerPublicIfIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index value which uniquely identifies the physical interface
		 that should be used for all ipsec traffic as initiator.
		 When multiple eqivalent routes to the given peer are available this
		 is used as additional parameter for routing decisions.
		 If set to -1 then normal routing is used.
		 As responder the interface from the first received packet is used
		 and therefore this index value is ignored."
	   DEFVAL { -1 }
	::= { ipsecPeerEntry 90 }

	ipsecPeerPublicIfIndexMode OBJECT-TYPE
	    SYNTAX INTEGER {
		force(1), 	-- the given interface is used, even if a route
				-- with lower metric is available.
		preferred(2)	-- the given interface is used, if no route
				-- with lower metric is available.
            }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object defines the mode used in conjunction with
		 ipsecPeerPublicIfIndex.
		 force(1), 	-- the given interface is used, even if a route
				   with lower metric is available.
		 preferred(2)	-- the given interface is used, if no route
				   with lower metric is available.
		 This object matters only when ipsecPeerPublicIfIndex > 0."
	    DEFVAL { force }
	::= { ipsecPeerEntry 91 }

-- End IPSec Peer Table


-- IKE IPSec Peer Status and Statistic Variables Table

	ipsecPeerStatTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecPeerStatEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of IPSec peers status and statistic variables."
	::= { ipsec 28 }

	ipsecPeerStatEntry OBJECT-TYPE
            SYNTAX  IpsecPeerStatEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains the status and statistic variables of an IPSec peer."
	    INDEX   {
		ipsecPeerStatIndex
	    }
            ::= { ipsecPeerStatTable 1 }

	IpsecPeerStatEntry ::=
            SEQUENCE {
		ipsecPeerStatIndex			INTEGER,
		ipsecPeerStatNextIndex			INTEGER,
		ipsecPeerStatCaCerts			DisplayString,
		ipsecPeerStatPeerAddress		IpAddress,
		ipsecPeerStatLocalId			DisplayString,
		ipsecPeerStatLocalCert			INTEGER,
		ipsecPeerStatPublicInterface 		INTEGER,
		ipsecPeerStatIkeProposals		INTEGER,
		ipsecPeerStatPfsIdentity		INTEGER, 
		ipsecPeerStatAuthMethod			INTEGER,
		ipsecPeerStatIkeGroup			INTEGER,
		ipsecPeerStatPfsGroup			INTEGER,
		ipsecPeerStatPh1Mode			INTEGER,
		ipsecPeerStatIkeLifeTime		INTEGER,
		ipsecPeerStatIpsecLifeTime		INTEGER,
		ipsecPeerStatKeepAlive			INTEGER,
		ipsecPeerStatGranularity		INTEGER,
		ipsecPeerStatDontVerifyPad		INTEGER,
		ipsecPeerStatNoPmtuDiscovery		INTEGER, 
		ipsecPeerStatOperStatus			INTEGER,
		ipsecPeerStatDefaultIpsecProposals	INTEGER,
		ipsecPeerStatHeartbeat			INTEGER, 
		ipsecPeerStatTtl			INTEGER,
		ipsecPeerStatCurrentLocalAddress	IpAddress, 
		ipsecPeerStatCurrentRemoteAddress	IpAddress, 
		ipsecPeerStatNumP1			INTEGER,
		ipsecPeerStatNumP1Negotiating		INTEGER,
		ipsecPeerStatNumP1Established		INTEGER,
		ipsecPeerStatNumP1Deleted   		INTEGER,
		ipsecPeerStatNumBundles			INTEGER,
		ipsecPeerStatNumBundlesNegotiating	INTEGER,
		ipsecPeerStatNumBundlesEstablished	INTEGER,
		ipsecPeerStatPh1LToken			INTEGER,
		ipsecPeerStatPh1RToken			INTEGER,
		ipsecPeerStatIsdnCBNextMode		INTEGER,
		ipsecPeerStatNatDetect	        	INTEGER,
		ipsecPeerStatNatTLocalPort	        INTEGER,
		ipsecPeerStatNatTRemotePort	        INTEGER,
		ipsecPeerStatMtu			INTEGER,
		ipsecPeerStatRxIdle			TimeTicks,
		ipsecPeerStatTxIdle			TimeTicks,
		ipsecPeerStatDPD			INTEGER,
		ipsecPeerStatDPDRetries			INTEGER,
-- IKEv2 specific Peer parameters
		ipsecPeerStatNumIkeSas			INTEGER,
		ipsecPeerStatNumIkeSasNegotiating	INTEGER,
		ipsecPeerStatNumIkeSasEstablished	INTEGER,
		ipsecPeerStatNumIkeSasDeleted   	INTEGER
            }	

	ipsecPeerStatIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index identifying this entry."
	::= { ipsecPeerStatEntry 1 }


	ipsecPeerStatNextIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The index of the next peer in hierarchy."
	::= { ipsecPeerStatEntry 2 }


	ipsecPeerStatCaCerts OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"Receives a comma separated list with indices of optional
		 certificate authority certificates accepted for this peer."
	::= { ipsecPeerStatEntry 3 }

	ipsecPeerStatPeerAddress OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the fixed IP-address of the peer, if any."
	::= { ipsecPeerStatEntry 4 }

	ipsecPeerStatLocalId OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local ID used for authentication.
                 Syntax:
                   - X500 distinguished name:
                     <obj-name=obj-value, obj-ID=obj-value, ...>
                   - IPV4-Address:
                     |123.456.789.012| with or without '|'
                   - IPV4 Address Range:
                     |123.456.789.012-123.456.789.013| with or without '|'
                   - IPV4 Address Subnet:
                     |123.456.789.012/255.255.255.0| with or without '|'
                     or:
                     |123.456.789.012/24| with or without '|'
                   - Key-ID: arbitrary length hexadecimal string 
                     with even number of digits:
                     { 01 23 45 67 89 ab cd ef }
                   - Fully Qualified User Name (FQUN):
                     (anything) or user@domain with mandatory '@'
                   - Fully Qualified Domain Name (FQDN):
                     [anything] or any name without '@' not matching any other
                     syntax
                 The usage of this field is deprecated, use ikePrfLocalId now!"
	::= { ipsecPeerStatEntry 5 }

	ipsecPeerStatLocalCert OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The index of the certificate used for local authentication 
		 in the certTable. Only useful for automatically keyed traffic
		 with dsa or rsa authentication."
	::= { ipsecPeerStatEntry 6 }

	ipsecPeerStatPublicInterface OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the index of the public interface
		 for which the traffic list assigned to this peer should be 
		 valid. 
		 If set to -1, the traffic list is valid for all interfaces.

		 If the traffic is routed via a different interface, 
		 no SA negotiation is performed and traffic may be unprotected 
		 unless there is another peer for the other interface."
	   DEFVAL { -1 }
	::= { ipsecPeerStatEntry 7 }

	ipsecPeerStatIkeProposals OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"Index of default ike proposal used for peers with empty default
		 ike proposal."
	::= { ipsecPeerStatEntry 8 }

	ipsecPeerStatPfsIdentity OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- delete phase 1 SAs 
		false(2),	-- do not delete phase 1 SAs
		default(3)	-- use setting in ipsecGlobContDefaultPfsIdentity
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies whether IKE SA's should be deleted
		 immediately after a phase 2 (IPSec-) SA pair has been 
		 negotiated.
		 If overrides the default setting ipsecGlobContDefaultPfsIdentity
		 if not set to 'default'.
		 The consequence of enabling this feature is that before each 
		 phase 2 negotiation there always has to be a phase 1
		 negotiation. Thus individual phase 2 SAs cannot be
		 associated with one another or, respectively, if the
		 identity of a remote peer is known to an eavesdropper
		 for one SA, he cannot conclude that the next SA is
		 negotiated with the same remote peer. 
		 Note: Setting this flag only makes sense if configured
		 together with id-protect mode or RSA encryption for
		 authentication and if the IP address of the remote
		 peer does not allow conclusions about its identity
		 (i.e. dynamic remote peer addresses).
		  Possible values:
		   true(1), 	-- delete phase 1 SAs
		   false(2),	-- do not delete phase 1 SAs
		   default(3)   -- use setting in ipsecGlobContDefaultPfsIdentity."
	    DEFVAL { default }
	::= { ipsecPeerStatEntry 9 }

	ipsecPeerStatAuthMethod OBJECT-TYPE
	    SYNTAX INTEGER {
		pre-sh-key(1), 	-- Authentication using pre shared keys
		dss-sig(2), 	-- Authentication using DSS signatures
		rsa-sig(3), 	-- Authentication using RSA signatures
		rsa-enc(4), 	-- Authentication using RSA encryption
		default(14),	-- Use the default settings from the ikeProposalEntry
				-- used or the ipsecGlobDefaultAuthMethod
		delete(15)	-- mark this entry for deletion
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the authentication method used for this peer.
		 It overrides the setting in the IKE proposals used.
		  Possible values:
		   pre-sh-key(1), -- Authentication using pre shared keys
		   dss-sig(2), 	  -- Authentication using DSS signatures
		   rsa-sig(3), 	  -- Authentication using RSA signatures
		   rsa-enc(4), 	  -- Authentication using RSA encryption
		   default(14),	  -- Use the setting from the ikeProposalEntry
				  -- used or the ipsecGlobDefaultAuthMethod
		   delete(15)	  -- mark this entry for deletion."
	    DEFVAL { default }
	::= { ipsecPeerStatEntry 10 }

	ipsecPeerStatIkeGroup OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies a special IKE group which is to be used
		 for this peer only. It overrides the setting in the ikeProposal
		 used.
		  Possible values:
		   0: use the value from the ikeProposal used
		   1: a 768-bit MODP group
		   2: a 1024-bit MODP group
		   5: a 1536-bit MODP group"
	::= { ipsecPeerStatEntry 11 }

	ipsecPeerStatPfsGroup OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The Diffie Hellman group used for additional Perfect
		 Forward Secrecy (PFS) DH exponentiations.
		  Possible values:
		  -1: explicitly do not use PFS 
		      (overrides ipsecGlob2DefaultPfsGroup), 
		   0: use default value from ipsecGlob2DefaultPfsGroup, 
		   1: a 768-bit MODP group, 
		   2: a 1024-bit MODP group, 
		   5: a 1536-bit MODP group."
	::= { ipsecPeerStatEntry 12 }

	ipsecPeerStatPh1Mode OBJECT-TYPE
	    SYNTAX INTEGER {
		id-protect(1),	-- Use identity protection (main) mode 
		aggressive(2), 	-- Use aggressive mode
		default(3)	-- Use default setting from the 
				-- ipsecGlobalsTable
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the exchange mode used for IKE
		 SA negotiation.
		  Possible values:
		   id-protect(1),	-- Use identity protection (main) mode 
		   aggressive(2), 	-- Use aggressive mode
		   default(3)		-- Use default settings from the 
				   	-- ipsecGlobalsTable."
	    DEFVAL { default }
	::= { ipsecPeerStatEntry 13 }

	ipsecPeerStatIkeLifeTime OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies an index in the ipsecLifeTimeTable with the 
		 lifetime settings to be used for IKE SA negotiation with this peer.
		 It overrides the setting in the IKE proposal used. 
		 If the lifetime pointed to by this index does not exist or is
		 inappropriate, the lifetime from the IKE proposal used is
		 taken."
	::= { ipsecPeerStatEntry 14 }

	ipsecPeerStatIpsecLifeTime OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies an index in the
		 ipsecLifeTimeTable. This lifetime overwrites the
		 lifetimes specified for all traffic entries and their
		 proposals referenced by this peer entry. If the
		 lifetime pointed to by this index does not exist or
		 is inappropriate, the default lifetime from the
		 ipsecGlobalsTable is used."
	::= { ipsecPeerStatEntry 15 }

	ipsecPeerStatKeepAlive OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- rekey SA's even if no data was transferred
		false(2)	-- do not rekey SA's if no data was transferred
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies whether IKE SA's with this peer
		 are rekeyed even if there was no data transferred over
		 them.
		  Possible values:
		   true(1), 	-- rekey SA's even if no data was transferred
		   false(2)	-- do not rekey SA's if no data was transferred."
	::= { ipsecPeerStatEntry 16 }

	ipsecPeerStatGranularity OBJECT-TYPE
	    SYNTAX INTEGER {
		default(1), 	-- use the setting from the ipsecGlobalsTable
		coarse(2),	-- Create only one SA for each Traffic entry
		ip(3),		-- Create one SA for each host
		proto(4),	-- Create one SA for each protocol and host
		port(5)		-- Create one SA for each port and host
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the granularity with which SA's
		 with this peer are created.
		  Possible values:
		   default(1), 	-- use the setting from the ipsecGlobalsTable
		   coarse(2),	-- Create only one SA for each Traffic entry
		   ip(3),	-- Create one SA for each host
		   proto(4),	-- Create one SA for each protocol and host
		   port(5)	-- Create one SA for each port and host."
	    DEFVAL { default }
	::= { ipsecPeerStatEntry 17 }

	ipsecPeerStatDontVerifyPad OBJECT-TYPE
	    SYNTAX INTEGER {
	        false(1), 	-- normal, self-describing ESP padding
		true(2)		-- old style ESP padding
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object is a compatibility option for older ipsec 
		 implementations. It enables or disables an old way of ESP 
		 padding (no self describing padding).
		  Possible values:
		   false(1), 	-- normal, self-describing ESP padding
		   true(2)	-- old style ESP padding."
	::= { ipsecPeerStatEntry 18 }

	ipsecPeerStatNoPmtuDiscovery OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1),  -- do not perform PMTU discovery
		false(2), -- perform PMTU discovery
		default(3)-- use default settings from 
			  -- ipsecGlobContNoPmtuDiscovery
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies the PMTU discovery policy for this peer.
		  Possible values:
		   true(1),  -- do not perform PMTU discovery
		   false(2)  -- perform PMTU discovery
		   default(3)-- use default settings from 
			     -- ipsecGlobContNoPmtuDiscovery."
            DEFVAL { default }
	::= { ipsecPeerStatEntry 19 }

	ipsecPeerStatOperStatus OBJECT-TYPE
	    SYNTAX INTEGER {
--              *** states as defined for ifOperStatus ***
                up(1),
                down(2),
--              testing(3),
--              unknown(4),
                dormant(5),
                blocked(6),
--		idle(32),
		awaiting-callback(33),
--		calling-back(34),
		ip-lookup(35),
		going-up(36),
		wait-if(37),
		wait-publish(38),
		wait-localip(39),
		going-up-trans(40)
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"Peer operational state."
	    DEFVAL { dormant }
	::= { ipsecPeerStatEntry 20 }

	ipsecPeerStatDefaultIpsecProposals OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The index of the default IPSec proposal used for
		 encrypting all the traffic bound to the (optional)
		 logical interface created for this peer."
	::= { ipsecPeerStatEntry 21 }

	ipsecPeerStatHeartbeat OBJECT-TYPE
	    SYNTAX INTEGER {
		none(1),        -- neither send nor expect heartbeats
		expect(2), 	-- expect heartbeats
		send(3),        -- send heartbeats
		both(4),	-- send and expect heartbeats
		default(5)	-- use setting from 
				-- ipsecGlobContHeartbeatDefault
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies whether heartbeats should be sent 
		 over phase 1 SAs for this peer.
		  Possible values:
		   none(1),     -- neither send nor expect heartbeats
		   expect(2), 	-- expect heartbeats
		   send(3),     -- send heartbeats
		   both(4),	-- send and expect heartbeats
		   default(5)	-- use setting from 
				-- ipsecGlobContHeartbeatDefault."
	    DEFVAL { default }
	::= { ipsecPeerStatEntry 22 }

	ipsecPeerStatTtl OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the maximum period of time in seconds 
		 the peer will remain in the current state."
	::= { ipsecPeerStatEntry 23 }

	ipsecPeerStatCurrentLocalAddress OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The currently used local IP-address for this peer."
	::= { ipsecPeerStatEntry 24 }

	ipsecPeerStatCurrentRemoteAddress OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The currently known remote IP-address of this peer."
	::= { ipsecPeerStatEntry 25 }

	ipsecPeerStatNumP1 OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IKE SAs for this peer."
	::= { ipsecPeerStatEntry 26 }

	ipsecPeerStatNumP1Negotiating OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IKE SAs in state 'negotiating'
		 for this peer."
	::= { ipsecPeerStatEntry 27 }

	ipsecPeerStatNumP1Established OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IKE SAs in state 'established'
		 for this peer."
	::= { ipsecPeerStatEntry 28 }

	ipsecPeerStatNumP1Deleted OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IKE SAs in state 'waiting_for_remove'
		 for this peer."
	::= { ipsecPeerStatEntry 29 }

	ipsecPeerStatNumBundles OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IPSec SA bundles for this peer."
	::= { ipsecPeerStatEntry 30 }

	ipsecPeerStatNumBundlesNegotiating OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IPSec SA bundles for this peer."
	::= { ipsecPeerStatEntry 31 }

	ipsecPeerStatNumBundlesEstablished OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IPSec SA bundles in state 'established'
		 for this peer."
	::= { ipsecPeerStatEntry 32 }

	ipsecPeerStatPh1LToken OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"Locally generated token that must be used by triggered peer
		 upon call back."
	::= { ipsecPeerStatEntry 33 }

	ipsecPeerStatPh1RToken OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"Remotely generated token which must be used during phase one
		 of IPsec connection establishment."
	::= { ipsecPeerStatEntry 34 }

	ipsecPeerStatIsdnCBNextMode OBJECT-TYPE
	    SYNTAX INTEGER {
		unknown(1),
		d-llc(2),
		d-subaddr(3),
		d-llc-subaddr(4),
		b(5)
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"Define callback mode that is to be tried next.
		 The following modes are defined:
		   unknown(1)		-- still unset, derive it from other
					   settings
		   d-llc(2)    		-- use D channel mode with LLC next
		   d-subaddr(3)		-- use D channel mode with SUBADDR next
		   d-llc-subaddr(4)	-- use D channel mode with LLC and
					   SUBADDR next
		   b(5)			-- use B channel mode next

		 Default value for that variable is unknown(1)."
	    DEFVAL { unknown }
	::= { ipsecPeerStatEntry 35 }

	ipsecPeerStatNatDetect OBJECT-TYPE
	    SYNTAX INTEGER {
		local(1),	-- local NAT detected
		remote(2),	-- remote NAT detected
		both(3),	-- local and remote NAT detected
		none(4),	-- no NAT present
		unknown(8)	-- NAT detection not finished
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The latest result of the NAT detection performed with the peer.
		 Possible values:
		  local(1),	-- local NAT detected
		  remote(2),	-- remote NAT detected
		  both(3),	-- local and remote NAT detected
		  none(4),	-- no NAT present
		  unknown(8)	-- NAT detection not performed or not finished."
	::= { ipsecPeerStatEntry 36 }

	ipsecPeerStatNatTLocalPort OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The local port currently usd for NAT-T IKE and ESP SAs 
		 with this Peer."
	::= { ipsecPeerStatEntry 37 }

	ipsecPeerStatNatTRemotePort OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remote port currently usd for NAT-T IKE and ESP SAs 
		 with this Peer."
	::= { ipsecPeerStatEntry 38 }

	ipsecPeerStatMtu OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The current MTU of this peer. This value is copied to ifMtu if 
		 ipsecPeerVirtualInterface is set to enabled."
	    DEFVAL { 1418 }
	::= { ipsecPeerStatEntry 39 }

	ipsecPeerStatRxIdle OBJECT-TYPE
	    SYNTAX TimeTicks
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The time period for which no packet has been received 
		 from this peer."
	::= { ipsecPeerStatEntry 40 }

	ipsecPeerStatTxIdle OBJECT-TYPE
	    SYNTAX TimeTicks
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The time period for which no packet has been transmitted 
		 to this peer."
	::= { ipsecPeerStatEntry 41 }

	ipsecPeerStatDPD OBJECT-TYPE
	    SYNTAX INTEGER {
		none(1),	-- DPD not active
		v1(2),		-- DPD Version 1 active
		v1-idle(3),	-- DPD Version 1 in idle mode active
		ikev2(4)	-- IKEv2 INFORMATIONAL exchanges active
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The type of Dead Peer Detection (DPD) currently active
		 for this peer.
		 Possible values:
		  none(1)	-- DPD not active
		  v1(2) 	-- DPD Version 1 active
		  v1-idle(3)	-- DPD Version 1 in idle mode active
		  ikev2(4)	-- IKEv2 INFORMATIONAL exchanges active."
	     DEFVAL { none }
	::= { ipsecPeerStatEntry 42 }

	ipsecPeerStatDPDRetries OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The nuber of DPD retries currently sent without reply."
	::= { ipsecPeerStatEntry 43 }

	ipsecPeerStatNumIkeSas OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IKE SAs for this peer (only for IKEv2)."
	::= { ipsecPeerStatEntry 44 }

	ipsecPeerStatNumIkeSasNegotiating OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IKE SAs in state 'negotiating'
		 for this peer (only for IKEv2)."
	::= { ipsecPeerStatEntry 45 }

	ipsecPeerStatNumIkeSasEstablished OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IKE SAs in state 'established'
		 for this peer (only for IKEv2)."
	::= { ipsecPeerStatEntry 46 }

	ipsecPeerStatNumIkeSasDeleted OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of current IKE SAs in state 'waiting_for_remove'
		 for this peer (only for IKEv2)."
	::= { ipsecPeerStatEntry 47 }


-- End IPSec Peer Status and Statistic  Variables Table


-- IKE Proposal Table

	ikeProposalTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IkeProposalEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of IKE proposals. The
		 entries may be concatenated on a logical or basis
		 using the NextChoice field to choices of multiple
		 proposals."
	::= { ipsec 6 }

	ikeProposalEntry OBJECT-TYPE
            SYNTAX  IkeProposalEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an IKE proposal, i.e. the
		 encryption algorithm and the hash algorithm used to
		 protect traffic sent over an IKE SA."
	    INDEX   {
		ikePropEncAlg
	    }
            ::= { ikeProposalTable 1 }

	IkeProposalEntry ::=
            SEQUENCE {
		ikePropIndex			INTEGER,
		ikePropNextChoice		INTEGER,
		ikePropDescription		DisplayString,
		ikePropEncAlg			INTEGER,
		ikePropHashAlg			INTEGER, 
		ikePropGroup			INTEGER, 
		ikePropAuthMethod		INTEGER,
		ikePropEncKeySize		INTEGER,
		ikePropEncKeySizeMin		INTEGER,
		ikePropEncKeySizeMax		INTEGER
            }	


	ikePropIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index identifying this entry."
	::= { ikeProposalEntry 1 }

	ikePropNextChoice OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the index of the next proposal
		 of a choice of proposals. If this object is 0, this
		 marks the end of a proposal chain."
	::= { ikeProposalEntry 2 }


	ikePropDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"An optional textual description of the proposal chain
		 beginning at this entry."
	::= { ikeProposalEntry 3 }


	ikePropEncAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		none(1),	-- No encryption applied
		des-cbc(2), 	-- DES in CBC mode
		des3-cbc(3), 	-- Triple DES in CBC mode
		blowfish-cbc(4),-- Blowfish in CBC mode
		cast128-cbc(5), -- CAST in CBC mode with 128 bit key
		twofish-cbc(6), -- Twofish in CBC mode
		aes-cbc(7),     -- AES in CBC mode
		rijndael-cbc(31) -- rijndael (former name for AES)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the encryption algorithm used
		 to protect traffic sent over an IKE SA.
		  Possible values:
		   none(1),	    -- No encryption applied
		   des-cbc(2), 	    -- DES in CBC mode
		   des3-cbc(3),     -- Triple DES in CBC mode
		   blowfish-cbc(4), -- Blowfish in CBC mode
		   cast128-cbc(5)   -- CAST in CBC mode with 128 bit key
		   twofish-cbc(6),  -- Twofish in CBC mode
		   aes-cbc(7),      -- AES in CBC mode
		   rijndael-cbc(31) -- rijndael (former name for AES)."
	    DEFVAL { aes-cbc }
	::= { ikeProposalEntry 4 }


	ikePropHashAlg OBJECT-TYPE
	    SYNTAX INTEGER {
		delete(1),	-- Delete this entry
		none(2),	-- No hash algorithm
		md5(3),		-- The MD5 hash algorithm
		sha1(4), 	-- The Secure Hash Algorithm
		ripemd160(5),   -- The RipeMD160 Hash Algorithm
		tiger192(6)	-- The Tiger Hash Algorithm
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the hash algorithm used to
		 protect traffic sent over an IKE SA.
		  Possible values:
		   delete(1),	-- Delete this entry
		   none(2),	-- No hash algorithm
		   md5(3),	-- The MD5 hash algorithm
		   sha1(4),	-- The Secure Hash Algorithm
		   ripemd160(5),-- The RipeMD160 Hash Algorithm
		   tiger192(6)	-- The Tiger Hash Algorithm."
	    DEFVAL { ripemd160 }
	::= { ikeProposalEntry 5 }


	ikePropGroup OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"Index of the IKE group used with this proposal.
		 It may be overridden by a valid IKE group index of an IPSec peer
		 or in ipsecGlobDefaultIkeGroup.
		  Possible values:
		    0 (use default setting in ipsecPeerIkeGroup 
		       or ipsecGlobDefaultIkeGroup), 
		    1 (768 bit MODP), 
		    2 (1024 bit MODP), 
		    5 (1536 bit MODP)."
	    DEFVAL { 2 }
	::= { ikeProposalEntry 7 }


	ikePropAuthMethod OBJECT-TYPE
	    SYNTAX INTEGER {
		pre-sh-key(1), 	-- Authentication using pre shared keys
		dss-sig(2), 	-- Authentication using DSS signatures
		rsa-sig(3), 	-- Authentication using RSA signatures
		rsa-enc(4),	-- Authentication using RSA encryption
		default(33)	-- Use default authentication method
	    }
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies the authentication method used with this 
		 proposal. 
		 It may be overridden by the setting in the ipsecPeerEntry table.
		 If set to 'default' the value in ipsecGlobDefaultAuthMethod is used.
		  Possible values:
		   pre-sh-key(1), -- Authentication using pre shared keys
		   dss-sig(2),	  -- Authentication using DSS signatures
		   rsa-sig(3),	  -- Authentication using RSA signatures
		   rsa-enc(4),	  -- Authentication using RSA encryption
		   default(33)	  -- Use default authentication method."
	    DEFVAL { default }
	::= { ikeProposalEntry 8 }


	ikePropEncKeySize OBJECT-TYPE
	    SYNTAX INTEGER (0..2048)
	    UNITS  "bits"
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies the encryption key size used with this 
		 proposal. The limits for the individual algorithms can be seen
		 in the ipsecAlgorithmTable.
		 If a length outside the limits for the specified algorithm is
		 specified, it is reset to the max/min value possible."
	::= { ikeProposalEntry 9 }

	ikePropEncKeySizeMin OBJECT-TYPE
	    SYNTAX INTEGER (0..2048)
	    UNITS  "bits"
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies the maximum encryption key size accepted
		 with this proposal. 
		 The limits for the individual algorithms can be seen in the 
		 ipsecAlgorithmTable.
		 If a length outside the limits for the specified algorithm is
		 specified, it is reset to the max/min value possible."
	::= { ikeProposalEntry 10 }

	ikePropEncKeySizeMax OBJECT-TYPE
	    SYNTAX INTEGER (0..2048)
	    UNITS  "bits"
            MAX-ACCESS  read-write
            STATUS  current
	    DESCRIPTION
		"This object specifies the maximum encryption key size accepted
		 with this proposal. 
		 The limits for the individual algorithms can be seen in the 
		 ipsecAlgorithmTable.
		 If a length outside the limits for the specified algorithm is
		 specified, it is reset to the max/min value possible."
	::= { ikeProposalEntry 11 }

-- End IKE Proposal Table


-- IPSec Traffic Table

	ipsecTrafficTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecTrafficEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains lists of Traffic and the actions
		 which should be applied to it, together with the
		 necessary parameters."
	::= { ipsec 7 }

	ipsecTrafficEntry OBJECT-TYPE
            SYNTAX  IpsecTrafficEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains a description of a type of IP
		 traffic and the action which should be applied to it
		 together with the necessary parameters."
	    INDEX   {
		ipsecTrProto
	    }
            ::= { ipsecTrafficTable 1 }

	IpsecTrafficEntry ::=
            SEQUENCE {
		ipsecTrIndex			INTEGER,
		ipsecTrNextIndex		INTEGER,
		ipsecTrDescription		DisplayString, 
		ipsecTrLocalAddressType		INTEGER,
		ipsecTrLocalAddress		IpAddress,
		ipsecTrLocalMaskLen		INTEGER,
		ipsecTrLocalRange		IpAddress,
		ipsecTrRemoteAddressType	INTEGER,
		ipsecTrRemoteAddress		IpAddress,
		ipsecTrRemoteMaskLen		INTEGER,
		ipsecTrRemoteRange		IpAddress,
		ipsecTrProto			INTEGER,
		ipsecTrLocalPort		INTEGER,
		ipsecTrRemotePort		INTEGER,
		ipsecTrAction			INTEGER, 
		ipsecTrProposal			INTEGER,
		ipsecTrForceTunnelMode		INTEGER,
		ipsecTrLifeTime			INTEGER, 
		ipsecTrGranularity		INTEGER, 
		ipsecTrKeepAlive		INTEGER, 
		ipsecTrProfile			INTEGER,
		ipsecTrInterface		INTEGER, 
		ipsecTrDirection		INTEGER, 
		ipsecTrCreator			INTEGER
            }	

	ipsecTrIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index identifying this entry."
	::= { ipsecTrafficEntry 1 }

	ipsecTrNextIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the index of the next traffic
		 entry in hierarchy."
	::= { ipsecTrafficEntry 2 }


	ipsecTrDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"An optional human readable description for this traffic entry."
	::= { ipsecTrafficEntry 3 }


	ipsecTrLocalAddressType OBJECT-TYPE
	    SYNTAX INTEGER {
		fixed(1), 	-- fixed address
		ph1(2)	 	-- own dynamic phase 1 address
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The type of the local address specification.
		 This may be either a statically configured address or a 
		 dynamic address which is taken from some state information."
	    DEFVAL { fixed }
	::= { ipsecTrafficEntry 21 }


	ipsecTrLocalAddress OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The source IP-address of this traffic entry. It maybe
		 either a single address, a network address (in
		 combination with ipsecTrSrcMask), or the first address
		 of an address range (in combination with
		 ipsecTrLocalRange)."
	::= { ipsecTrafficEntry 4 }


	ipsecTrLocalMaskLen OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The length of the network mask for a source network."
	::= { ipsecTrafficEntry 5 }


	ipsecTrLocalRange OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The last address of a source address range. If this
		 field is nonzero, the ipsecTrLocalMaskLen field is
		 ignored and the source is considered as a range of
		 addresses beginning with ipsecTrLocalAddress and ending
		 with ipsecTrLocalRange."
	::= { ipsecTrafficEntry 6 }


	ipsecTrRemoteAddressType OBJECT-TYPE
	    SYNTAX INTEGER {
		fixed(1), 	-- fixed address
		ph1(2),	 	-- remote dynamic phase 1 address
		dhcp(3)		-- remote ip address retrieved via DHCP
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The type of the remote address specification.
		 This may be either a statically configured address or a 
		 dynamic address which is taken from some state information."
	    DEFVAL { fixed }
	::= { ipsecTrafficEntry 22 }


	ipsecTrRemoteAddress OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The destination IP-address of this traffic entry. It maybe
		 either a single address, a network address (in
		 combination with ipsecTrDstMask), or the first address
		 of an address range (in combination with
		 ipsecTrRemoteRange)."
	::= { ipsecTrafficEntry 7 }


	ipsecTrRemoteMaskLen OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The length of the network mask for a destination network."
	::= { ipsecTrafficEntry 8 }


	ipsecTrRemoteRange OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The last address of a destination address range. If
		 this field is nonzero, the ipsecTrRemoteMaskLen field is
		 ignored and the source is considered as a range of
		 addresses beginning with ipsecTrRemoteAddress and ending
		 with ipsecTrRemoteRange."
	::= { ipsecTrafficEntry 9 }


	ipsecTrProto OBJECT-TYPE
	    SYNTAX 	INTEGER {
	        icmp(1), 
		igmp(2), 
		ggp(3), 
		ipip(4), 
		st(5), 
		tcp(6), 
		cbt(7), 
		egp(8), 
		igp(9), 
		bbn(10), 
		nvp(11), 
		pup(12), 
		argus(13), 
		emcon(14), 
		xnet(15), 
		chaos(16), 
		udp(17), 
		mux(18), 
		dcn(19), 
		hmp(20), 
		prm(21), 
		xns(22), 
		trunk1(23), 
		trunk2(24), 
		leaf1(25), 
		leaf2(26), 
		rdp(27), 
		irtp(28), 
		isotp4(29), 
		netblt(30), 
		mfe(31), 
		merit(32), 
		sep(33), 
		pc3(34), 
		idpr(35), 
		xtp(36), 
		ddp(37), 
		idprc(38), 
		tp(39), 
		il(40), 
		ipv6(41), 
		sdrp(42), 
		ipv6route(43), 
		ipv6frag(44), 
		idrp(45), 
		rsvp(46), 
		gre(47), 
		mhrp(48), 
		bna(49), 
		esp(50), 
		ah(51), 
		inlsp(52), 
		swipe(53), 
		narp(54), 
		mobile(55), 
		tlsp(56), 
		skip(57), 
		ipv6icmp(58), 
		ipv6nonxt(59), 
		ipv6opts(60), 
		ipproto-61(61), 
		cftp(62), 
		local(63), 
		sat(64), 
		kryptolan(65), 
		rvd(66), 
		ippc(67), 
		distfs(68), 
		satmon(69), 
		visa(70), 
		ipcv(71), 
		cpnx(72), 
		cphb(73), 
		wsn(74), 
		pvp(75), 
		brsatmon(76), 
		sunnd(77), 
		wbmon(78), 
		wbexpak(79), 
		isoip(80), 
		vmtp(81), 
		securevmtp(82), 
		vines(83), 
		ttp(84), 
		nsfnet(85), 
		dgp(86), 
		tcf(87), 
		eigrp(88), 
		ospfigp(89), 
		sprite(90), 
		larp(91), 
		mtp(92), 
		ax25(93), 
		ipwip(94), 
		micp(95), 
		scc(96), 
		etherip(97), 
		encap(98), 
		encrypt(99), 
		gmtp(100), 
		ifmp(101), 
		pnni(102), 
		pim(103), 
		aris(104), 
		scps(105), 
		qnx(106), 
		an(107), 
		ippcp(108), 
		snp(109), 
		compaq(110), 
		ipxip(111), 
		vrrp(112), 
		pgm(113), 
		hop0(114), 
		l2tp(115), 
		ipproto-116(116), 
		ipproto-117(117), 
		ipproto-118(118), 
		ipproto-119(119), 
		ipproto-120(120), 
		ipproto-121(121), 
		ipproto-122(122), 
		ipproto-123(123), 
		ipproto-124(124), 
		ipproto-125(125), 
		ipproto-126(126), 
		ipproto-127(127), 
		ipproto-128(128), 
		ipproto-129(129), 
		ipproto-130(130), 
		ipproto-131(131), 
		ipproto-132(132), 
		ipproto-133(133), 
		ipproto-134(134), 
		ipproto-135(135), 
		ipproto-136(136), 
		ipproto-137(137), 
		ipproto-138(138), 
		ipproto-139(139), 
		ipproto-140(140), 
		ipproto-141(141), 
		ipproto-142(142), 
		ipproto-143(143), 
		ipproto-144(144), 
		ipproto-145(145), 
		ipproto-146(146), 
		ipproto-147(147), 
		ipproto-148(148), 
		ipproto-149(149), 
		ipproto-150(150), 
		ipproto-151(151), 
		ipproto-152(152), 
		ipproto-153(153), 
		ipproto-154(154), 
		ipproto-155(155), 
		ipproto-156(156), 
		ipproto-157(157), 
		ipproto-158(158), 
		ipproto-159(159), 
		ipproto-160(160), 
		ipproto-161(161), 
		ipproto-162(162), 
		ipproto-163(163), 
		ipproto-164(164), 
		ipproto-165(165), 
		ipproto-166(166), 
		ipproto-167(167), 
		ipproto-168(168), 
		ipproto-169(169), 
		ipproto-170(170), 
		ipproto-171(171), 
		ipproto-172(172), 
		ipproto-173(173), 
		ipproto-174(174), 
		ipproto-175(175), 
		ipproto-176(176), 
		ipproto-177(177), 
		ipproto-178(178), 
		ipproto-179(179), 
		ipproto-180(180), 
		ipproto-181(181), 
		ipproto-182(182), 
		ipproto-183(183), 
		ipproto-184(184), 
		ipproto-185(185), 
		ipproto-186(186), 
		ipproto-187(187), 
		ipproto-188(188), 
		ipproto-189(189), 
		ipproto-190(190), 
		ipproto-191(191), 
		ipproto-192(192), 
		ipproto-193(193), 
		ipproto-194(194), 
		ipproto-195(195), 
		ipproto-196(196), 
		ipproto-197(197), 
		ipproto-198(198), 
		ipproto-199(199), 
		ipproto-200(200), 
		ipproto-201(201), 
		ipproto-202(202), 
		ipproto-203(203), 
		ipproto-204(204), 
		ipproto-205(205), 
		ipproto-206(206), 
		ipproto-207(207), 
		ipproto-208(208), 
		ipproto-209(209), 
		ipproto-210(210), 
		ipproto-211(211), 
		ipproto-212(212), 
		ipproto-213(213), 
		ipproto-214(214), 
		ipproto-215(215), 
		ipproto-216(216), 
		ipproto-217(217), 
		ipproto-218(218), 
		ipproto-219(219), 
		ipproto-220(220), 
		ipproto-221(221), 
		ipproto-222(222), 
		ipproto-223(223), 
		ipproto-224(224), 
		ipproto-225(225), 
		ipproto-226(226), 
		ipproto-227(227), 
		ipproto-228(228), 
		ipproto-229(229), 
		ipproto-230(230), 
		ipproto-231(231), 
		ipproto-232(232), 
		ipproto-233(233), 
		ipproto-234(234), 
		ipproto-235(235), 
		ipproto-236(236), 
		ipproto-237(237), 
		ipproto-238(238), 
		ipproto-239(239), 
		ipproto-240(240), 
		ipproto-241(241), 
		ipproto-242(242), 
		ipproto-243(243), 
		ipproto-244(244), 
		ipproto-245(245), 
		ipproto-246(246), 
		ipproto-247(247), 
		ipproto-248(248), 
		ipproto-249(249), 
		ipproto-250(250), 
		ipproto-251(251), 
		ipproto-252(252), 
		ipproto-253(253), 
		ipproto-254(254), 
		dont-verify(255)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The transport protocol defined for this entry."
	    DEFVAL { dont-verify }
	::= { ipsecTrafficEntry 10 }


	ipsecTrLocalPort OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The source port defined for this traffic entry."
	::= { ipsecTrafficEntry 11 }


	ipsecTrRemotePort OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The destination port defined for this traffic entry."
	::= { ipsecTrafficEntry 12 }


	ipsecTrAction OBJECT-TYPE
	    SYNTAX INTEGER {
	        delete(1),		-- Delete this entry
		always-plain(2),        -- Forward the packets without
				        -- protection even if there is a
					-- matching SA and independent from 
					-- the position of the traffic entry
					-- in the list.
		pass(3),		-- Forward the packets without 
					-- protection
		protect(4),             -- Protect the traffic as specified 
					-- in the proposal. Drop unprotected 
					-- traffic of this kind.
		drop(5)			-- Drop all packets matching this 
					-- traffic entry
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The action to be applied to traffic matching this entry.
		  Possible values:
		   delete(1),		   -- Delete this entry
		   always-plain(2),        -- Forward the packets without
					   -- protection even if there is a
					   -- matching SA and independent from 
					   -- the position of the traffic entry
					   -- in the list.
		   pass(3),		   -- Forward the packets without 
					   -- protection
		   protect(4),             -- Protect the traffic as specified 
					   -- in the proposal. Drop unprotected
					   -- traffic of this kind.
		   drop(5)		   -- Drop all packets matching this 
					   -- traffic entry."
	    DEFVAL { protect }
	::= { ipsecTrafficEntry 13 }


	ipsecTrProposal OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies an index in the
		 ipsecProposalTable. This may be the first proposal of
		 possibly a choice of multiple, optionally nested
		 proposals which is to be offered with IKE (automatic
		 keying) or a manual proposal (manual keying)."
	::= { ipsecTrafficEntry 14 }


	ipsecTrForceTunnelMode OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1),  -- Use tunnel mode even if transport mode is possible
		false(2)  -- Use transport mode whenever possible
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the strategy when transport mode is used.
		 By default, the system always uses transport mode, if possible.
		 If this variable is set to true, always tunnel mode will be used
		 for this traffic entry, even if source and destination address 
		 match the tunnel endpoints.
		  Possible values:
		   true(1),  -- Use tunnel mode even if transport mode is possible
		   false(2)  -- Use transport mode whenever possible."
	::= { ipsecTrafficEntry 15 }


	ipsecTrLifeTime OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies an index in the
		 ipsecLifeTimeTable. This lifetime overwrites the
		 lifetimes specified for all proposals referenced by
		 this traffic entry. It may itself be overwritten by
		 an explicit lifetime specified for the peer entry
		 referencing this traffic entry. If the lifetime
		 pointed to by this index does not exist or is
		 inappropriate, the default lifetime from the
		 ipsecGlobalsTable is used."
	::= { ipsecTrafficEntry 16 }


	ipsecTrGranularity OBJECT-TYPE
	    SYNTAX INTEGER {
		default(1), 	-- use the setting from the ipsecPeerTable
		coarse(2),	-- Create only one SA for each Traffic entry
		ip(3),		-- Create one SA for each host
		proto(4),	-- Create one SA for each protocol and host
		port(5)		-- Create one SA for each port and host
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the granularity with which SA's
		 must be created for this kind of traffic.
		  Possible values:
		   default(1), 	-- use the setting from the ipsecPeerTable
		   coarse(2),	-- Create only one SA for each Traffic entry
		   ip(3),	-- Create one SA for each host
		   proto(4),	-- Create one SA for each protocol and host
		   port(5)	-- Create one SA for each port and host."
	    DEFVAL { default }
	::= { ipsecTrafficEntry 17 }


	ipsecTrKeepAlive OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- rekey SA's even if no data was transferred
		false(2),	-- do not rekey SA's if no data was transferred
		default(3)	-- use the default setting from the peer entry 
				-- referencing this traffic entry
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies whether SA's created for this kind
		 of traffic should be rekeyed on expiration of soft
		 lifetimes even if there has not been sent any traffic
		 over them.
		  Possible values:
		   true(1), 	-- rekey SA's even if no data was transferred
		   false(2),	-- do not rekey SA's if no data was transferred
		   default(3)	-- use the default setting from the peer entry 
				-- referencing this traffic entry."
	    DEFVAL { default }
	::= { ipsecTrafficEntry 18 }


	ipsecTrProfile OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index from the ipsecProfileTable containing a special 
		 phase 2 profile to use for this traffic entry."
	::= { ipsecTrafficEntry 23 }


	ipsecTrInterface OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the interface for which the traffic
		 entry should be valid (pass, drop and protect entries).
		 If this object is set to -1, there is no interface 
		 restriction."
	    DEFVAL { -1 }
	::= { ipsecTrafficEntry 19 }


	ipsecTrDirection OBJECT-TYPE
	    SYNTAX INTEGER {
		bidirectional(1), -- matches packets from remote to local
				  -- and vice versa
		inbound(2), 	  -- matches only packets from remote to local
		outbound(3) 	  -- matches only packets from local to remote
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the direction for which this traffic 
		 entry should match. 
		 It only applies for pass and drop entries, for protect entries
                 it is meaningless.
		  Possible values:
		   bidirectional(1), -- matches packets from remote to local
				     -- and vice versa
		   inbound(2), 	     -- matches only packets from remote to local
		   outbound(3) 	     -- matches only packets from local to remote."
	    DEFVAL { 1 }
	::= { ipsecTrafficEntry 20 }


	ipsecTrCreator OBJECT-TYPE
	    SYNTAX INTEGER {
		config(1), 		-- created by configd/snmp
		radius-preset(2),	-- created by RADIUS preset
		radius(3),		-- created by dynamic RADIUS
		ike(4)			-- created by IKE (for dynamic client)
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the creator of the traffic entry."
	    DEFVAL { config }
	::= { ipsecTrafficEntry 36 }


-- End IPSec Traffic Table



-- IPSec Algorithm definition table

	ipsecAlgorithmTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecAlgorithmEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of supported IPSec algorithms
		 and their key sizes."
	::= { ipsec 17 }

	ipsecAlgorithmEntry OBJECT-TYPE
            SYNTAX  IpsecAlgorithmEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an IPSec algorithm."
	    INDEX   {
		ipsecAlgId
	    }
            ::= { ipsecAlgorithmTable 1 }

	IpsecAlgorithmEntry ::=
            SEQUENCE {
		ipsecAlgId			INTEGER,
		ipsecAlgMinKeySize		INTEGER, 
		ipsecAlgDefKeySize		INTEGER,
		ipsecAlgMaxKeySize		INTEGER,
		ipsecAlgUseMinKeySize		INTEGER, 
		ipsecAlgUseDefKeySize		INTEGER,
		ipsecAlgUseMaxKeySize		INTEGER
            }	

	ipsecAlgId OBJECT-TYPE
	    SYNTAX INTEGER {
		aes(1),	        -- AES cipher alg
		twofish(2),	-- Twofish cipher alg
		blowfish(3),	-- Blowfish cipher alg
		cast(4),	-- Cast cipher alg
		des3(5),	-- Triple DES cipher alg
		des(6),		-- DES cipher alg
		null(7),	-- NULL pseudo cipher
		rijndael(31)	-- rijndael (former name for AES)
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The id of the algorithm.
		 Possible values:
		  aes(1),       -- AES cipher alg
		  twofish(2),	-- Twofish cipher alg
		  blowfish(3),	-- Blowfish cipher alg
		  cast(4),	-- Cast cipher alg
		  des3(5),	-- Triple DES cipher alg
		  des(6),	-- DES cipher alg
		  null(7),	-- NULL pseudo cipher
		  rijndael(31)	-- rijndael (former name for AES)."
	::= { ipsecAlgorithmEntry 1 }


	ipsecAlgMinKeySize OBJECT-TYPE
	    SYNTAX INTEGER (0..2048)
	    UNITS  "bits"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The minimum key length in bits possible for this algorithm."
	::= { ipsecAlgorithmEntry 3 }


	ipsecAlgDefKeySize OBJECT-TYPE
	    SYNTAX INTEGER (0..2048)
	    UNITS  "bits"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The default key length in bits used for this algorithm."
	::= { ipsecAlgorithmEntry 4 }


	ipsecAlgMaxKeySize OBJECT-TYPE
	    SYNTAX INTEGER (0..2048)
	    UNITS  "bits"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The maximum key length in bits possible for this algorithm."
	::= { ipsecAlgorithmEntry 5 }


	ipsecAlgUseMinKeySize OBJECT-TYPE
	    SYNTAX INTEGER (0..2048)
	    UNITS  "bits"
	    MAX-ACCESS read-only
            STATUS obsolete
            DESCRIPTION
		"WARNING: this object is obsolete and must not be used."
	::= { ipsecAlgorithmEntry 6 }


	ipsecAlgUseDefKeySize OBJECT-TYPE
	    SYNTAX INTEGER (0..2048)
	    UNITS  "bits"
	    MAX-ACCESS read-only
            STATUS obsolete
	    DESCRIPTION
		"WARNING: this object is obsolete and must not be used."
	::= { ipsecAlgorithmEntry 7 }


	ipsecAlgUseMaxKeySize OBJECT-TYPE
	    SYNTAX INTEGER (0..2048)
	    UNITS  "bits"
	    MAX-ACCESS read-only
            STATUS obsolete
	    DESCRIPTION
		"WARNING: this object is obsolete and must not be used."
	::= { ipsecAlgorithmEntry 8 }


-- End IPSec Algorithm definition table


-- IPSec Proposal Table

	ipsecProposalTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecProposalEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of IPSec proposals known to the
		 system. 
		 The combinations of algorithms allowed are
		 constructed from any combinations of algorithms
		 enabled in an entry, in the order of the preferences
		 specified."
	::= { ipsec 8 }

	ipsecProposalEntry OBJECT-TYPE
            SYNTAX  IpsecProposalEntry
            MAX-ACCESS  not-accessible
            STATUS  current
           DESCRIPTION
		"This object contains an IPSec proposal, i.e. a
		 proposed set of security parameters applied to
		 traffic sent over an IPSec security association."
	    INDEX   {
		ipsecPropProto
	    }
            ::= { ipsecProposalTable 1 }

	IpsecProposalEntry ::=
            SEQUENCE {
		ipsecPropIndex			INTEGER, 
		ipsecPropNext			INTEGER,
		ipsecPropDescription		DisplayString, 
		ipsecPropProto			INTEGER, 
		ipsecPropIpcomp			INTEGER, 
		ipsecPropEspAes			INTEGER, 
		ipsecPropEspTwofish		INTEGER, 
		ipsecPropEspBlowfish		INTEGER, 
		ipsecPropEspCast		INTEGER, 
		ipsecPropEspDes3		INTEGER, 
		ipsecPropEspDes			INTEGER, 
		ipsecPropEspNull		INTEGER, 
		ipsecPropEspRijndael		INTEGER,
		ipsecPropEspMd5			INTEGER, 
		ipsecPropEspSha1		INTEGER, 
		ipsecPropEspNoMac		INTEGER, 
		ipsecPropAhMd5			INTEGER, 
		ipsecPropAhSha1 		INTEGER, 
		ipsecPropIpcompDeflate		INTEGER,
		ipsecPropAesKeySize		INTEGER,
		ipsecPropAesKeySizeMin		INTEGER,
		ipsecPropAesKeySizeMax		INTEGER,
		ipsecPropBlowfishKeySize	INTEGER,
		ipsecPropBlowfishKeySizeMin	INTEGER,
		ipsecPropBlowfishKeySizeMax	INTEGER,
		ipsecPropTwofishKeySize		INTEGER,
		ipsecPropTwofishKeySizeMin	INTEGER,
		ipsecPropTwofishKeySizeMax	INTEGER
            }	

	ipsecPropIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index for this entry."
	::= { ipsecProposalEntry 1 }


	ipsecPropNext OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index of the next Proposal in the actual chain."
	::= { ipsecProposalEntry 2 }


	ipsecPropDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"An optional human readable description for this proposal."
	::= { ipsecProposalEntry 4 }


	ipsecPropProto OBJECT-TYPE
	    SYNTAX INTEGER {
		esp(1), 	  -- Encapsulating Security Payload
		ah(2), 		  -- Authentication Header
		esp-ah(3), 	  -- ESP and AH
		delete(8)	  -- delete this entry
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The security protocol to apply.
		  Possible values:
		   esp(1),	      -- Encapsulating Security Payload
		   ah(2),	      -- Authentication Header
		   esp-ah(3),	      -- ESP and AH
		   delete(8)	      -- delete this entry."
	    DEFVAL { esp }
	::= { ipsecProposalEntry 6 }


	ipsecPropIpcomp OBJECT-TYPE
	    SYNTAX INTEGER {
		enabled(1), 	  -- Enable IPComP
		disabled(2), 	  -- Disable IPComP
		force(3) 	  -- Force use of IPComP
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of IPComP in the proposal.
		  Possible values:
		   enabled(1), 	  -- Enable IPComP
		   disabled(2),   -- Disable IPComP
		   force(3) 	  -- Force use of IPComP."
	    DEFVAL { disabled }
	::= { ipsecProposalEntry 20 }


	ipsecPropEspAes OBJECT-TYPE
	    SYNTAX INTEGER (0..7)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the AES
		 encryption algorithm in the proposal.
		  Possible values:
		   0,	   -- disables AES
		   1..7	   -- enables AES and specifies its priority among 
			      the encryption algorithms."
	::= { ipsecProposalEntry 40 }


	ipsecPropEspTwofish OBJECT-TYPE
	    SYNTAX INTEGER (0..7)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the Twofish
		 encryption algorithm in the proposal.
		  Possible values:
		   0,	   -- disables Twofish
		   1..7	   -- enables Twofish and specifies its priority among 
			      the encryption algorithms."
	::= { ipsecProposalEntry 41 }


	ipsecPropEspBlowfish OBJECT-TYPE
	    SYNTAX INTEGER (0..7)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the Blowfish
		 encryption algorithm in the proposal.
		  Possible values:
		   0,	   -- disables Blowfish
		   1..7	   -- enables Blowfish and specifies its priority among 
			      the encryption algorithms."
	::= { ipsecProposalEntry 42 }


	ipsecPropEspCast OBJECT-TYPE
	    SYNTAX INTEGER (0..7)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the Cast
		 encryption algorithm in the proposal.
		  Possible values:
		   0,	   -- disables Cast
		   1..7	   -- enables Cast and specifies its priority among 
			      the encryption algorithms."
	::= { ipsecProposalEntry 43 }


	ipsecPropEspDes3 OBJECT-TYPE
	    SYNTAX INTEGER (0..7)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the DES3
		 encryption algorithm in the proposal.
		  Possible values:
		   0,	   -- disables DES3
		   1..7	   -- enables DES3 and specifies its priority among 
			      the encryption algorithms."
	::= { ipsecProposalEntry 44 }


	ipsecPropEspDes OBJECT-TYPE
	    SYNTAX INTEGER (0..7)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the DES
		 encryption algorithm in the proposal.
		  Possible values:
		   0,	   -- disables DES
		   1..7	   -- enables DES and specifies its priority among 
			      the encryption algorithms."
	::= { ipsecProposalEntry 45 }


	ipsecPropEspNull OBJECT-TYPE
	    SYNTAX INTEGER (0..7)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the DES
		 encryption algorithm in the proposal.
		  Possible values:
		   0,	   -- disables DES
		   1..7	   -- enables DES and specifies its priority among 
			      the encryption algorithms."
	::= { ipsecProposalEntry 46 }


	ipsecPropEspRijndael OBJECT-TYPE
	    SYNTAX INTEGER (-1..7)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the Rijndael
		 encryption algorithm in the proposal.
		 The use of this object is deprecated since rijndael has been
		 accepted as the algorithm for AES. Its value is transferred to
		 ipsecPropEspAes, if different from -1.
		  Possible values:
		  -1       -- use ipsecPropEspAes to determine the priority value
		   0,	   -- disables Rijndael
		   1..7	   -- enables Rijndael and specifies its priority among 
			      the encryption algorithms."
	    DEFVAL { -1 }
	::= { ipsecProposalEntry 49 }


	ipsecPropEspMd5 OBJECT-TYPE
	    SYNTAX INTEGER (0..3)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the MD5 authentication 
		 algorithm for ESP in the proposal.
		  Possible values:
		   0,	   -- disables MD5
		   1..3	   -- enables MD5 and specifies its priority among 
			      the authentication algorithms."
	::= { ipsecProposalEntry 50 }


	ipsecPropEspSha1 OBJECT-TYPE
	    SYNTAX INTEGER (0..3)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the Sha1 authentication 
		 algorithm for ESP in the proposal.
		  Possible values:
		   0,	   -- disables SHA-1
		   1..3	   -- enables SHA-1 and specifies its priority among 
			      the authentication algorithms."
	::= { ipsecProposalEntry 51 }


	ipsecPropEspNoMac OBJECT-TYPE
	    SYNTAX INTEGER (0..3)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies whether ESP without authentication 
		 is allowed in the proposal.
		  Possible values:
		   0,	   -- disables ESP
		   1..3	   -- enables ESP without authentication and specifies
			      its priority among the other authentication 
			      algorithms enabled for ESP."
	::= { ipsecProposalEntry 52 }


	ipsecPropAhMd5 OBJECT-TYPE
	    SYNTAX INTEGER (0..2)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the MD5 authentication 
		 algorithm for AH in the proposal.
		  Possible values:
		   0,	   -- disables MD5
		   1..2	   -- enables MD5 and specifies its priority among 
			      the authentication algorithms."
	::= { ipsecProposalEntry 60 }


	ipsecPropAhSha1 OBJECT-TYPE
	    SYNTAX INTEGER (0..2)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the Sha1 authentication 
		 algorithm for AH in the proposal.
		  Possible values:
		   0,	   -- disables SHA-1
		   1..2	   -- enables SHA-1 and specifies its priority among 
			      the authentication algorithms."
	::= { ipsecProposalEntry 61 }


	ipsecPropIpcompDeflate OBJECT-TYPE
	    SYNTAX INTEGER (0..1)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the use of the DEFLATE
		 compression algorithm in the proposal.
		  Possible values:
		   0,	   -- disables DEFLATE
		   1..1	   -- enables DEFLATE and specifies its priority among 
			      the compression algorithms."
	::= { ipsecProposalEntry 70 }


	ipsecPropAesKeySize OBJECT-TYPE
	    SYNTAX INTEGER {
		aes128(128), 	-- use 128 bit AES
		aes192(192), 	-- use 192 bit AES
		aes256(256) 	-- use 256 bit AES
	    }
	    UNITS  "bits"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the key size in bits for the AES 
		 algorithm, if enabled.
		  Possible Values:
		    aes128(128), -- use 128 bit AES
		    aes192(192), -- use 192 bit AES
		    aes256(256)  -- use 256 bit AES."
	::= { ipsecProposalEntry 80 }


	ipsecPropAesKeySizeMin OBJECT-TYPE
	    SYNTAX INTEGER {
		aes128(128), 	-- use 128 bit AES
		aes192(192), 	-- use 192 bit AES
		aes256(256) 	-- use 256 bit AES
	    }
	    UNITS  "bits"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the minimum accepted key size in bits
		 for the AES algorithm, if enabled.
		  Possible Values:
		    aes128(128), -- use 128 bit AES
		    aes192(192), -- use 192 bit AES
		    aes256(256)  -- use 256 bit AES."
	::= { ipsecProposalEntry 81 }


	ipsecPropAesKeySizeMax OBJECT-TYPE
	    SYNTAX INTEGER {
		aes128(128), 	-- use 128 bit AES
		aes192(192), 	-- use 192 bit AES
		aes256(256) 	-- use 256 bit AES
	    }
	    UNITS  "bits"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the maximum accepted key size in bits
		 for the AES algorithm, if enabled.
		  Possible Values:
		    aes128(128), -- use 128 bit AES
		    aes192(192), -- use 192 bit AES
		    aes256(256)  -- use 256 bit AES."
	::= { ipsecProposalEntry 82 }


	ipsecPropBlowfishKeySize OBJECT-TYPE
	    SYNTAX INTEGER (40..448)
	    UNITS  "bits"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the key size in bits for the Blowfish
		 algorithm, if enabled.
		 Note: the key size must be a multiple of 8 bits. 
		       If not, it will be rounded up to the next 8 bit boundary."
	::= { ipsecProposalEntry 83 }


	ipsecPropBlowfishKeySizeMin OBJECT-TYPE
	    SYNTAX INTEGER (40..448)
	    UNITS  "bits"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the minimum accepted key size in bits
		 for the Blowfish algorithm, if enabled."
	::= { ipsecProposalEntry 84 }


	ipsecPropBlowfishKeySizeMax OBJECT-TYPE
	    SYNTAX INTEGER (40..448)
	    UNITS  "bits"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the maximum accepted key size in bits
		 for the Blowfish algorithm, if enabled."
	::= { ipsecProposalEntry 85 }


	ipsecPropTwofishKeySize OBJECT-TYPE
	    SYNTAX INTEGER {
		twofish128(128),	-- use 128 bit Twofish
		twofish192(192), 	-- use 192 bit Twofish
		twofish256(256) 	-- use 256 bit Twofish
	    }
	    UNITS  "bits"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the key size in bits for the Twofish
		 algorithm, if enabled.
		  Possible Values:
		    twofish128(128), -- use 128 bit Twofish
		    twofish192(192), -- use 192 bit Twofish
		    twofish256(256)  -- use 256 bit Twofish."
	::= { ipsecProposalEntry 86 }


	ipsecPropTwofishKeySizeMin OBJECT-TYPE
	    SYNTAX INTEGER {
		twofish128(128), 	-- use 128 bit Twofish
		twofish192(192), 	-- use 192 bit Twofish
		twofish256(256) 	-- use 256 bit Twofish
	    }
	    UNITS  "bits"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the minimum accepted key size in bits
		 for the Twofish algorithm, if enabled.
		  Possible Values:
		    twofish128(128), -- use 128 bit Twofish
		    twofish192(192), -- use 192 bit Twofish
		    twofish256(256)  -- use 256 bit Twofish."
	::= { ipsecProposalEntry 87 }


	ipsecPropTwofishKeySizeMax OBJECT-TYPE
	    SYNTAX INTEGER {
		twofish128(128), 	-- use 128 bit Twofish
		twofish192(192), 	-- use 192 bit Twofish
		twofish256(256) 	-- use 256 bit Twofish
	    }
	    UNITS  "bits"
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the maximum accepted key size in bits
		 for the AES algorithm, if enabled.
		  Possible Values:
		    twofish128(128), -- use 128 bit Twofish
		    twofish192(192), -- use 192 bit Twofish
		    twofish256(256)  -- use 256 bit Twofish."
	::= { ipsecProposalEntry 88 }



-- End IPSec Proposal Table


-- IPSec Life Time Table

	ipsecLifeTimeTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecLifeTimeEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of defined lifetimes for IPsec 
		 and IKE SAs."
	::= { ipsec 9 }

	ipsecLifeTimeEntry OBJECT-TYPE
            SYNTAX  IpsecLifeTimeEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains a lifetime, i.e. the soft and hard 
		 expiry limits for IPsec and IKE SA's.
		 The usage of this table is deprecated, use the ikePrfLifeXxx
		 and ipsecPrfLifeXxx variables in the ikeProfileTable
		 and ipsecProfileTable directly instead."
	    INDEX   {
		ipsecLifeType
	    }
            ::= { ipsecLifeTimeTable 1 }

	IpsecLifeTimeEntry ::=
            SEQUENCE {
		ipsecLifeIndex		INTEGER,
		ipsecLifeType		INTEGER,
		ipsecLifeHardKb		INTEGER,
		ipsecLifeHardSec	INTEGER,
		ipsecLifePolicy		INTEGER,
		ipsecLifeSoftPercent	INTEGER
            }	


	ipsecLifeIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index identifying this entry."
	::= { ipsecLifeTimeEntry 1 }

	ipsecLifeType OBJECT-TYPE
	    SYNTAX INTEGER {
		delete(1),	-- Delete this entry
		generic(2)
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the type of a lifetime entry."
	    DEFVAL { generic }
	::= { ipsecLifeTimeEntry 2 }


	ipsecLifeHardKb OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "kilo bytes"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The maximum amount of data (in KB) which may be protected 
		 by an SA before it is deleted."
	    DEFVAL { 0 }
	::= { ipsecLifeTimeEntry 5 }


	ipsecLifeHardSec OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "seconds"
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The maximum time (in seconds) after which an SA will be 
		 refreshed,."
	    DEFVAL { 900 }
	::= { ipsecLifeTimeEntry 6 }


	ipsecLifePolicy OBJECT-TYPE
	    SYNTAX INTEGER {
		loose(1),	-- accept and use anything proposed
		strict(2),	-- accept and use only what is configured
		notify(3)	-- accept anything (send responder lifetime)
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object specifies the way the lifetime information is 
		 applied. Possible values:
		  loose(1),	-- accept and use anything proposed
		  strict(2),	-- accept and use only what is configured
		  notify(3)	-- accept anything, if own values are smaller
				   than what was proposed use these and 
				   send responder lifetime notification."
	    DEFVAL { loose }
	::= { ipsecLifeTimeEntry 7 }


	ipsecLifeSoftPercent OBJECT-TYPE
	    SYNTAX INTEGER (50..100)
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The percentage of the hard lifetimes (traffic and time based)
		 after which rekeying is started."
	    DEFVAL { 80 }
	::= { ipsecLifeTimeEntry 8 }


-- End IPSec Life Time Table

-- IPSec global statistics Table

	ipsecStats OBJECT IDENTIFIER  ::= { ipsec 10 }
	--Static table containing global IPSec statistics


	ipsecStatsCurrentIkeSas OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Current number of IKE SA's (both IKEv1 and IKEv2)."
	::= { ipsecStats 1 }

	ipsecStatsCurrentIpsecSas OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Current number of IPSec SA's."
	::= { ipsecStats 2 }

	ipsecStatsTrig OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of packets which triggered an IKE negotiation."
	::= { ipsecStats 9 }

	ipsecStatsFragPkt OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of partial packets currently being reassembled."
	::= { ipsecStats 10 }

	ipsecStatsFragBytes OBJECT-TYPE
	    SYNTAX INTEGER
	    UNITS  "bytes"
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Total size of the partial packets currently being reassembled."
	::= { ipsecStats 11 }

	ipsecStatsFragNonfirst OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of non-first fragments currently queued."
	::= { ipsecStats 12 }

	ipsecStatsDecryptErrors OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of decryption errors."
	::= { ipsecStats 13 }

	ipsecStatsAuthErrors OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of authentication errors."
	::= { ipsecStats 14 }

	ipsecStatsReplayErrors OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of replay errors."
	::= { ipsecStats 15 }

	ipsecStatsPolicyErrors OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of policy errors."
	::= { ipsecStats 16 }

	ipsecStatsOtherErrors OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of other receive errors."
	::= { ipsecStats 17 }

	ipsecStatsSendErrors OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of send errors."
	::= { ipsecStats 18 }

	ipsecStatsUnknownSpiErrors OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of unknown SPI errors."
	::= { ipsecStats 19 }


	ipsecStatsIkeNumP1 OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of IKE phase-1 negotiations performed. "
	::= { ipsecStats 20 }

	ipsecStatsIkeNumFailedP1 OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of failed IKE phase-1 negotiations."
	::= { ipsecStats 21 }

	ipsecStatsIkeNumQm OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of IKE quick-mode negotiations performed. "
	::= { ipsecStats 22 }

	ipsecStatsIkeNumFailedQm OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of failed IKE quick-mode negotiations. "
	::= { ipsecStats 23 }

	ipsecStatsEspCurrentInbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of active inbound ESP SAs."
	::= { ipsecStats 24 }

	ipsecStatsEspTotalInbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of inbound ESP SAs since the system was started."
	::= { ipsecStats 25 }

	ipsecStatsEspCurrentOutbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of active outbound ESP SAs."
	::= { ipsecStats 26 }

	ipsecStatsEspTotalOutbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of outbound ESP SAs since the system was started."
	::= { ipsecStats 27 }

	ipsecStatsAhCurrentInbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of active inbound AH SAs."
	::= { ipsecStats 28 }

	ipsecStatsAhTotalInbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of inbound AH SAs since the system was started."
	::= { ipsecStats 29 }

	ipsecStatsAhCurrentOutbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of active outbound AH SAs."
	::= { ipsecStats 30 }

	ipsecStatsAhTotalOutbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of outbound AH SAs since the system was started."
	::= { ipsecStats 31 }

	ipsecStatsIpcompCurrentInbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of active inbound IPComp SAs."
	::= { ipsecStats 32 }

	ipsecStatsIpcompTotalInbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of inbound IPComp SAs since the system was started."
	::= { ipsecStats 33 }

	ipsecStatsIpcompCurrentOutbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of active outbound IPComp SAs."
	::= { ipsecStats 34 }

	ipsecStatsIpcompTotalOutbound OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of outbound IPComp SAs since the system was started."
	::= { ipsecStats 35 }

	ipsecStatsPeersUp OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of Peers currently in state 'up'."
	::= { ipsecStats 36 }

	ipsecStatsPeersBlocked OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of Peers currently in state 'blocked'."
	::= { ipsecStats 37 }

	ipsecStatsPeersDormant OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of Peers currently in state 'dormant'."
	::= { ipsecStats 38 }

	ipsecStatsCurrentIkeSasNegotiating OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Current number of IKE SA's in state 'established' 
	     (both IKEv1 and IKEv2)."
	::= { ipsecStats 39 }

	ipsecStatsCurrentIkeSasEstablished OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Current number of IKE SA's in state 'established'
		 (both IKEv1 and IKEv2)."
	::= { ipsecStats 40 }

	ipsecStatsCurrentIkeSasDeleted OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Current number of IKE SA's in state 'deleted' or 
		 'waiting_for_remove' (both IKEv1 and IKEv2)."
	::= { ipsecStats 41 }

	ipsecStatsCurrentBundles OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Current number of IPSec bundles."
	::= { ipsecStats 42 }

	ipsecStatsCurrentBundlesEstablished OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Current number of IPSec bundles in state 'established'."
	::= { ipsecStats 43 }

	ipsecStatsCurrentBundlesNegotiating OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Current number of IPSec bundles in state 'established'."
	::= { ipsecStats 44 }

	ipsecStatsInPkt OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of packets received."
	::= { ipsecStats 45 }

	ipsecStatsInPass OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of inbound packets passed."
	::= { ipsecStats 46 }

	ipsecStatsInDrop OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of inbound packets dropped (error packets excluded)."
	::= { ipsecStats 47 }

	ipsecStatsInDecaps OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of inbound error packets."
	::= { ipsecStats 48 }

	ipsecStatsInErrors OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of inbound packets dropped."
	::= { ipsecStats 49 }

	ipsecStatsOutPkt OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of outbound packets."
	::= { ipsecStats 50 }

	ipsecStatsOutPass OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of outbound packets passed."
	::= { ipsecStats 51 }

	ipsecStatsOutDrop OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of outbound packets dropped (error packets excluded)."
	::= { ipsecStats 52 }

	ipsecStatsOutEncaps OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of outbound packets encapsulated."
	::= { ipsecStats 53 }

	ipsecStatsOutErrors OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of outbound error packets."
	::= { ipsecStats 544 }

	ipsecStatsInEsp OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of inbound packets decapsulated by ESP."
	::= { ipsecStats 55 }

	ipsecStatsInAh OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of inbound packets decapsulated by AH."
	::= { ipsecStats 56 }

	ipsecStatsInIpcomp OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of inbound packets decapsulated by IPComP."
	::= { ipsecStats 57 }

	ipsecStatsOutEsp OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of outbound packets encapsulated by ESP."
	::= { ipsecStats 58 }

	ipsecStatsOutAh OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of outbound packets encapsulated by AH."
	::= { ipsecStats 59 }

	ipsecStatsOutIpcomp OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"Number of outbound packets encapsulated by IPComP."
	::= { ipsecStats 60 }

	ipsecStatsIkev2NumIkeSas OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of IKE_SA negotiations performed (only for IKEv2)."
	::= { ipsecStats 63 }

	ipsecStatsIkev2NumFailedIkeSas OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of failed IKE_SA negotiations (only for IKEv2)."
	::= { ipsecStats 64 }

	ipsecStatsIkev2NumCreateChildSas OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of CREATE_CHILD_SA exchanges performed (only for IKEv2)."
	::= { ipsecStats 65 }

	ipsecStatsIkev2NumFailedCreateChildSas OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of failed CREATE_CHILD_SA exchanges (only for IKEv2)."
	::= { ipsecStats 66 }

-- IPSec Dial Table

	ipsecDialTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecDialEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains dial entries specifying all parameters
		 needed for ISDN triggered call back."
	::= { ipsec 12 }

	ipsecDialEntry OBJECT-TYPE
            SYNTAX  IpsecDialEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains a dial entry used for mapping ISDN	
		 numbers to peers for ISDN call back feature."
	    INDEX   {
		ipsecDialIfIndex
	    }
            ::= { ipsecDialTable 1 }

	IpsecDialEntry ::=
            SEQUENCE {
		ipsecDialIfIndex		INTEGER,
		ipsecDialDirection		INTEGER,
		ipsecDialNumber			DisplayString,
		ipsecDialSubAddress		OCTET STRING,
		ipsecDialTypeOfSubAddr		INTEGER,
		ipsecDialLocalNumber		DisplayString,
		ipsecDialLocalSubAddress	OCTET STRING,
		ipsecDialTypeOfLocalSubAddr	INTEGER,
		ipsecDialAdminStatus		INTEGER,
		ipsecDialOperStatus		INTEGER
            }	

	ipsecDialIfIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Index that maps to a peer in a unique way."
	::= { ipsecDialEntry 1 }

	ipsecDialDirection OBJECT-TYPE
	    SYNTAX INTEGER {
		incoming(1),
		outgoing(2),
		both(3),
		delete(4)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Calling direction for which entry applies."
	    DEFVAL { both }
	::= { ipsecDialEntry 2 }

	ipsecDialNumber OBJECT-TYPE
	    SYNTAX DisplayString (SIZE(0..63))
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Party number of remote peer. Used for matching calling party
		 number on incoming calls and for called party number on
		 outgoing calls."
	::= { ipsecDialEntry 3 }

	ipsecDialSubAddress OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Subaddress of remote peer. Used for matching calling party
		 subaddress on incoming calls and for called party subaddress
		 on outgoing calls."
	    DEFVAL { "" }
	::= { ipsecDialEntry 4 }

	ipsecDialTypeOfSubAddr OBJECT-TYPE
	    SYNTAX INTEGER {
		nsap(1),
		user-specified(2),
		reserved(3)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Type of subaddress of remote peer. Used for matching calling
		 party subaddress on incoming calls and for called party
		 subaddress on outgoing calls."
	    DEFVAL { nsap }
	::= { ipsecDialEntry 5 }

	ipsecDialLocalNumber OBJECT-TYPE
	    SYNTAX DisplayString (SIZE(0..63))
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Local Party number. Used for matching called party number on
		 incoming calls and for calling party number on outgoing calls.
		 Special value '*' is treated as wildcard, i.e. calls with
		 any called party number will be accepted.
		 Default value is '*'."
	    DEFVAL { "*" }
	::= { ipsecDialEntry 6 }

	ipsecDialLocalSubAddress OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Local subaddress. Used for matching called party subaddress on
		 incoming calls and for calling party subaddress on outgoing
		 calls.
		 Special value '*' is treated as wildcard, i.e. calls with
		 any called party subaddress (of arbitrary type) will be
		 accepted.
		 Default value is '*'."
	    DEFVAL { "*" }
	::= { ipsecDialEntry 7 }

	ipsecDialTypeOfLocalSubAddr OBJECT-TYPE
	    SYNTAX INTEGER {
		nsap(1),
		user-specified(2),
		reserved(3)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Type of local subaddress. Used for matching called party
		 subaddress on incoming calls and for calling party subaddress
		 on outgoing calls. Subaddress type is only checked as long as
		 subaddress is not '*'.
		 Default value is nsap."
	    DEFVAL { nsap }
	::= { ipsecDialEntry 8 }

	ipsecDialAdminStatus OBJECT-TYPE
	    SYNTAX INTEGER {
		active(1),
		inactive(2)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Administrative status for dial entry. This object allows for
		 temporarily disabling ipsecDial entries without the need to
		 actually deletion them. This is achieved by assigning value
		 inactive.
		 Default value is active."
	    DEFVAL { active }
	::= { ipsecDialEntry 9 }

	ipsecDialOperStatus OBJECT-TYPE
	    SYNTAX INTEGER {
		active(1),
		inactive(2),
		blocked-for-outgoing(3)
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"Operational status for dial entry. This object indicates
		 current status ipsecDial entry is in. Beside values defined
		 for ipsecDialAdminStatus, status blocked-for-outgoing is
		 defined, which is used in case triggering call back resulted
		 in a cost generating connected call to avoid unpredictably
		 high phone bills."
	::= { ipsecDialEntry 10 }

-- End IPSec Dial Table

-- XAUTH Profile Table

	xauthProfileTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF XauthProfileEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of XAUTH profiles."
	::= { ipsec 18 }

	xauthProfileEntry OBJECT-TYPE
            SYNTAX  XauthProfileEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an XAUTH profile."
	    INDEX   {
		xauthPrfIndex
	    }
            ::= { xauthProfileTable 1 }

	XauthProfileEntry ::=
	    SEQUENCE {
		xauthPrfIndex			Unsigned32,
		xauthPrfDescription		DisplayString,
		xauthPrfRole			INTEGER,
		xauthPrfMode			INTEGER,
		xauthPrfAAAServerGroupId	INTEGER,
		xauthPrfUserListGroupId		INTEGER,
		xauthPrfTimeout			INTEGER,
		xauthPrfAdminStatus		INTEGER
	    }

	xauthPrfIndex OBJECT-TYPE
	    SYNTAX Unsigned32 (1..4294967295)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"A unique index identifying this entry."
	::= { xauthProfileEntry 1 }

	xauthPrfDescription OBJECT-TYPE
	    SYNTAX DisplayString (SIZE (0..50))
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"An optional description for this profile, only used for 
	         descriptive purposes (max. 50 characters)."
	::= { xauthProfileEntry 2 }

	xauthPrfRole OBJECT-TYPE
	    SYNTAX INTEGER {
		server(1), 	-- XAUTH server 
		client(2) 	-- XAUTH client 
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies which role is choosed for this profile.
		  Possible values:
		   server(1) -- XAUTH is used and local device is the XAUTH server,
			        i.e. this side requests extended authentication
		   client(2) -- XAUTH is used and local device is the XAUTH client,
				i.e. this side responds with its extended 
				authentication credentials
		"
	    DEFVAL { server }
	::= { xauthProfileEntry 3 }

	xauthPrfMode OBJECT-TYPE
	    SYNTAX INTEGER {
		local(1), 	-- 
		radius(2) 	-- 
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the kind how to get user data for authentication.
		  Possible values:
		   local(1),  -- user data are configured locally in the entries
				 of xauthUserListTable that are referenced by
				 xauthPrfUserListGroupId
		   radius(1)  -- user data are configured at RADIUS server, RADIUS server
				 is referenced by xauthPrfAAAServerGroupId that 
				 corresponds to radiusSrvGroupId in radiusSrvTable,
				 'radius' mode is only valid for server role
		"
	    DEFVAL { radius }
	::= { xauthProfileEntry 4 }

	xauthPrfAAAServerGroupId OBJECT-TYPE
	    SYNTAX INTEGER 
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the group ID which is used for RADIUS
		 authentication to find the associated server entry in
		 radiusSrvTable for XAUTH. See description of radiusSrvGroupId for 
		 details.
		This object is only valid for entries with xauthPrfMode 'radius'."
	    DEFVAL { 0 }
	::= { xauthProfileEntry 5 }

	xauthPrfUserListGroupId OBJECT-TYPE
	    SYNTAX INTEGER (1..1000)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object refers to a group of one or more user entries in 
		 xauthUserListTable. 
		 This object is only valid for entries with xauthPrfUserMode 'local'."
	    DEFVAL { 1 }
	::= { xauthProfileEntry 6 }

    xauthPrfTimeout OBJECT-TYPE
	    SYNTAX INTEGER 
            UNITS  "seconds"
	    MAX-ACCESS read-write
	    STATUS obsolete
	    DESCRIPTION
		"WARNING: this object is obsolete and must not be used."
	    DEFVAL { 0 }
	::= { xauthProfileEntry 7 }

	xauthPrfAdminStatus OBJECT-TYPE
            SYNTAX      INTEGER { enable(1), delete(2) }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"MIB entry deletion is performed by this object:
             	 - enable  : enables xauthPrfTable entry
             	 - delete  : deletes xauthPrfTable entry."
        DEFVAL { enable }
	::= { xauthProfileEntry 8 }

-- End XAUTH Profile Table

--  XAUTH User List Table

	xauthUserListTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF XauthUserListEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of XAUTH users."
	::= { ipsec 19 }

	xauthUserListEntry OBJECT-TYPE
            SYNTAX  XauthUserListEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains an XAUTH user."
	    INDEX   {
		xauthUserListIndex
	    }
            ::= { xauthUserListTable 1 }

	XauthUserListEntry ::=
            SEQUENCE {
		xauthUserListIndex		INTEGER,
		xauthUserListGroupId		INTEGER,
		xauthUserListName		DisplayString,
		xauthUserListPassword		DisplayString,
		xauthUserListPasswordData	OCTET STRING,
		xauthUserListAdminStatus	INTEGER
            }	

	xauthUserListIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"A unique index identifying this entry."
	::= { xauthUserListEntry 1 }

	xauthUserListGroupId OBJECT-TYPE
	    SYNTAX INTEGER (1..1000)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
                "ID for creating logical groups of XAUTH users."
	    DEFVAL { 1 }
	::= { xauthUserListEntry 2 }

	xauthUserListName OBJECT-TYPE
	    SYNTAX DisplayString (SIZE(1..63))
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
                "This object specifies the user name."
	::= { xauthUserListEntry 3 }

	xauthUserListPassword OBJECT-TYPE
	    SYNTAX DisplayString (SIZE(0..63))
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the user's password.
		 This field serves only as an input field and its contents 
		 is replaced with a single asterisk immediately after it is set."
	::= { xauthUserListEntry 4 }

	xauthUserListPasswordData OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS not-accessible
	    STATUS current
	    DESCRIPTION
		"Field used for storing the user's password permanently."
	::= { xauthUserListEntry 5 }

	xauthUserListAdminStatus OBJECT-TYPE
            SYNTAX      INTEGER { enable(1), delete(2) }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"MIB entry deletion is performed by this object:
             	 - enable  : enables xauthUserListTable entry
             	 - delete  : deletes xauthUserListTable entry."
        DEFVAL { enable }
	::= { xauthUserListEntry 6 }

-- End IPSec XAUTH User Table

-- IPSecPeerTraffic Table

        ipsecPeerTrafficTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecPeerTrafficEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains peer related lists of traffic permitted
		 for Phase 2 negotiation. Note that this table contains
		 optional entries solely, in the default case (no entries)
		 subsequently no restriction will take place."
        ::= { ipsec 29 }

        ipsecPeerTrafficEntry OBJECT-TYPE
            SYNTAX  IpsecPeerTrafficEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains peer related lists of traffic permitted
		 for Phase 2 negotiation. Note that this table contains
		 optional entries solely, in the default case (no entries)
		 subsequently no restriction will take place."
            INDEX   {
                ipsecPeerTrafficIfindex, ipsecPeerTrafficLocalAddress,
		ipsecPeerTrafficRemoteAddress
            }
            ::= { ipsecPeerTrafficTable 1 }

        IpsecPeerTrafficEntry ::=
            SEQUENCE {
                ipsecPeerTrafficIfindex			INTEGER,
                ipsecPeerTrafficDescription		DisplayString,
                ipsecPeerTrafficLocalAddress		IpAddress,
                ipsecPeerTrafficLocalMask		IpAddress,
                ipsecPeerTrafficLocalPort		INTEGER,
                ipsecPeerTrafficLocalPortRange		INTEGER,
                ipsecPeerTrafficRemoteAddress		IpAddress,
                ipsecPeerTrafficRemoteMask		IpAddress,
                ipsecPeerTrafficRemotePort		INTEGER,
                ipsecPeerTrafficRemotePortRange		INTEGER,
                ipsecPeerTrafficProtocol		INTEGER,
                ipsecPeerTrafficPolicy			INTEGER
--              ipsecPeerTrafficAction			INTEGER
            }

        ipsecPeerTrafficIfindex OBJECT-TYPE
            SYNTAX INTEGER
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                "."
        ::= { ipsecPeerTrafficEntry 1 }

	ipsecPeerTrafficDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"An optional human readable description for this entry."
        ::= { ipsecPeerTrafficEntry 2 }

	ipsecPeerTrafficLocalAddress OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The local IP-address of this entry. It maybe
		 either a single address or a network address (in
		 combination with ipsecPeerTrafficLocalMask)."
        ::= { ipsecPeerTrafficEntry 3 }

	ipsecPeerTrafficLocalMask OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The length of the network mask for a local network."
        ::= { ipsecPeerTrafficEntry 4 }

	ipsecPeerTrafficLocalPort OBJECT-TYPE
	    SYNTAX INTEGER (-1..65535)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The local port defined for this entry."
	    DEFVAL { -1 }
        ::= { ipsecPeerTrafficEntry 5 }

	ipsecPeerTrafficLocalPortRange OBJECT-TYPE
	    SYNTAX INTEGER (0..65534)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The local port range defined for this entry."
	    DEFVAL { 1 }
        ::= { ipsecPeerTrafficEntry 6 }

	ipsecPeerTrafficRemoteAddress OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The remote IP-address of this entry. It maybe
		 either a single address or a network address (in
		 combination with ipsecPeerTrafficRemoteMask)."
        ::= { ipsecPeerTrafficEntry 7 }

	ipsecPeerTrafficRemoteMask OBJECT-TYPE
	    SYNTAX IpAddress
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The network mask for a remote network."
        ::= { ipsecPeerTrafficEntry 8 }

	ipsecPeerTrafficRemotePort OBJECT-TYPE
	    SYNTAX INTEGER (-1..65535)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The remote UDP/TCP port defined for this entry."
	    DEFVAL { -1 }
        ::= { ipsecPeerTrafficEntry 9 }

	ipsecPeerTrafficRemotePortRange OBJECT-TYPE
	    SYNTAX INTEGER (0..65534)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The remote UDP/TCP port range defined for this entry."
	    DEFVAL { 1 }
        ::= { ipsecPeerTrafficEntry 10 }

	ipsecPeerTrafficProtocol OBJECT-TYPE
	    SYNTAX 	INTEGER {
	        icmp(1), 
		igmp(2), 
		ggp(3), 
		ipip(4), 
		st(5), 
		tcp(6), 
		cbt(7), 
		egp(8), 
		igp(9), 
		bbn(10), 
		nvp(11), 
		pup(12), 
		argus(13), 
		emcon(14), 
		xnet(15), 
		chaos(16), 
		udp(17), 
		mux(18), 
		dcn(19), 
		hmp(20), 
		prm(21), 
		xns(22), 
		trunk1(23), 
		trunk2(24), 
		leaf1(25), 
		leaf2(26), 
		rdp(27), 
		irtp(28), 
		isotp4(29), 
		netblt(30), 
		mfe(31), 
		merit(32), 
		sep(33), 
		pc3(34), 
		idpr(35), 
		xtp(36), 
		ddp(37), 
		idprc(38), 
		tp(39), 
		il(40), 
		ipv6(41), 
		sdrp(42), 
		ipv6route(43), 
		ipv6frag(44), 
		idrp(45), 
		rsvp(46), 
		gre(47), 
		mhrp(48), 
		bna(49), 
		esp(50), 
		ah(51), 
		inlsp(52), 
		swipe(53), 
		narp(54), 
		mobile(55), 
		tlsp(56), 
		skip(57), 
		ipv6icmp(58), 
		ipv6nonxt(59), 
		ipv6opts(60), 
		ipproto-61(61), 
		cftp(62), 
		local(63), 
		sat(64), 
		kryptolan(65), 
		rvd(66), 
		ippc(67), 
		distfs(68), 
		satmon(69), 
		visa(70), 
		ipcv(71), 
		cpnx(72), 
		cphb(73), 
		wsn(74), 
		pvp(75), 
		brsatmon(76), 
		sunnd(77), 
		wbmon(78), 
		wbexpak(79), 
		isoip(80), 
		vmtp(81), 
		securevmtp(82), 
		vines(83), 
		ttp(84), 
		nsfnet(85), 
		dgp(86), 
		tcf(87), 
		eigrp(88), 
		ospfigp(89), 
		sprite(90), 
		larp(91), 
		mtp(92), 
		ax25(93), 
		ipwip(94), 
		micp(95), 
		scc(96), 
		etherip(97), 
		encap(98), 
		encrypt(99), 
		gmtp(100), 
		ifmp(101), 
		pnni(102), 
		pim(103), 
		aris(104), 
		scps(105), 
		qnx(106), 
		an(107), 
		ippcp(108), 
		snp(109), 
		compaq(110), 
		ipxip(111), 
		vrrp(112), 
		pgm(113), 
		hop0(114), 
		l2tp(115), 
		ipproto-116(116), 
		ipproto-117(117), 
		ipproto-118(118), 
		ipproto-119(119), 
		ipproto-120(120), 
		ipproto-121(121), 
		ipproto-122(122), 
		ipproto-123(123), 
		ipproto-124(124), 
		ipproto-125(125), 
		ipproto-126(126), 
		ipproto-127(127), 
		ipproto-128(128), 
		ipproto-129(129), 
		ipproto-130(130), 
		ipproto-131(131), 
		ipproto-132(132), 
		ipproto-133(133), 
		ipproto-134(134), 
		ipproto-135(135), 
		ipproto-136(136), 
		ipproto-137(137), 
		ipproto-138(138), 
		ipproto-139(139), 
		ipproto-140(140), 
		ipproto-141(141), 
		ipproto-142(142), 
		ipproto-143(143), 
		ipproto-144(144), 
		ipproto-145(145), 
		ipproto-146(146), 
		ipproto-147(147), 
		ipproto-148(148), 
		ipproto-149(149), 
		ipproto-150(150), 
		ipproto-151(151), 
		ipproto-152(152), 
		ipproto-153(153), 
		ipproto-154(154), 
		ipproto-155(155), 
		ipproto-156(156), 
		ipproto-157(157), 
		ipproto-158(158), 
		ipproto-159(159), 
		ipproto-160(160), 
		ipproto-161(161), 
		ipproto-162(162), 
		ipproto-163(163), 
		ipproto-164(164), 
		ipproto-165(165), 
		ipproto-166(166), 
		ipproto-167(167), 
		ipproto-168(168), 
		ipproto-169(169), 
		ipproto-170(170), 
		ipproto-171(171), 
		ipproto-172(172), 
		ipproto-173(173), 
		ipproto-174(174), 
		ipproto-175(175), 
		ipproto-176(176), 
		ipproto-177(177), 
		ipproto-178(178), 
		ipproto-179(179), 
		ipproto-180(180), 
		ipproto-181(181), 
		ipproto-182(182), 
		ipproto-183(183), 
		ipproto-184(184), 
		ipproto-185(185), 
		ipproto-186(186), 
		ipproto-187(187), 
		ipproto-188(188), 
		ipproto-189(189), 
		ipproto-190(190), 
		ipproto-191(191), 
		ipproto-192(192), 
		ipproto-193(193), 
		ipproto-194(194), 
		ipproto-195(195), 
		ipproto-196(196), 
		ipproto-197(197), 
		ipproto-198(198), 
		ipproto-199(199), 
		ipproto-200(200), 
		ipproto-201(201), 
		ipproto-202(202), 
		ipproto-203(203), 
		ipproto-204(204), 
		ipproto-205(205), 
		ipproto-206(206), 
		ipproto-207(207), 
		ipproto-208(208), 
		ipproto-209(209), 
		ipproto-210(210), 
		ipproto-211(211), 
		ipproto-212(212), 
		ipproto-213(213), 
		ipproto-214(214), 
		ipproto-215(215), 
		ipproto-216(216), 
		ipproto-217(217), 
		ipproto-218(218), 
		ipproto-219(219), 
		ipproto-220(220), 
		ipproto-221(221), 
		ipproto-222(222), 
		ipproto-223(223), 
		ipproto-224(224), 
		ipproto-225(225), 
		ipproto-226(226), 
		ipproto-227(227), 
		ipproto-228(228), 
		ipproto-229(229), 
		ipproto-230(230), 
		ipproto-231(231), 
		ipproto-232(232), 
		ipproto-233(233), 
		ipproto-234(234), 
		ipproto-235(235), 
		ipproto-236(236), 
		ipproto-237(237), 
		ipproto-238(238), 
		ipproto-239(239), 
		ipproto-240(240), 
		ipproto-241(241), 
		ipproto-242(242), 
		ipproto-243(243), 
		ipproto-244(244), 
		ipproto-245(245), 
		ipproto-246(246), 
		ipproto-247(247), 
		ipproto-248(248), 
		ipproto-249(249), 
		ipproto-250(250), 
		ipproto-251(251), 
		ipproto-252(252), 
		ipproto-253(253), 
		ipproto-254(254), 
		dont-verify(256)
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The transport protocol defined for this entry."
	    DEFVAL { dont-verify }
        ::= { ipsecPeerTrafficEntry 11 }

	ipsecPeerTrafficPolicy OBJECT-TYPE
	    SYNTAX INTEGER {
	        delete(1),		-- delete this entry
		role-initiator(2),	-- P2 initiator mode traffic policy
		role-responder(3),	-- P2 responder mode traffic policy
		both(4)			-- P2 initiator as well as responder traffic policy
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies whether this network policy is used
		for inbound, outbound or both processing.
		  Possible values:
		   delete(1)		-- delete this entry
		   role-initiator(2)	-- P2 initiator mode traffic policy
		   role-responder(3)	-- P2 responder mode traffic policy
		   both(4)		-- P2 initiator as well as responder
				   	   traffic policy."
	    DEFVAL { role-initiator }
        ::= { ipsecPeerTrafficEntry 12 }

-- End IPSecPeerTraffic Table

END
