-- *****************************************************************
-- CISCO-NAT-CGN-EXT-MIB
-- Definitions of managed objects describing Carrier Grade NAT
--   
-- March 2014, Jagadish Shivamurthy
--   
-- Copyright (c) 2014 by Cisco Systems, Inc.
-- All rights reserved.
-- *****************************************************************

CISCO-NAT-CGN-EXT-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    Integer32,
    Unsigned32,
    Counter64,
    Gauge32,
    NOTIFICATION-TYPE
        FROM SNMPv2-SMI
    MODULE-COMPLIANCE,
    NOTIFICATION-GROUP,
    OBJECT-GROUP
        FROM SNMPv2-CONF
    TEXTUAL-CONVENTION
        FROM SNMPv2-TC
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    NatBehaviorType,
    NatPoolingType,
    natInstanceIndex,
    natInstanceEntry,
    natCountersEntry
        FROM NAT-MIB
    ciscoMgmt
        FROM CISCO-SMI;


ciscoNatCgnExtMIB MODULE-IDENTITY
    LAST-UPDATED    "201404030000Z"
    ORGANIZATION    "Cisco Systems, Inc."
    CONTACT-INFO
            "Cisco Systems
            Customer Service

            Postal: 170 W Tasman Drive
            San Jose, CA  95134
            USA

            Tel: +1 800 553-NETS

            E-mail: cs-snmp@cisco.com"
    DESCRIPTION
        "This MIB module extends the IETF draft NAT MIB available at
        http://tools.ietf.org/html/draft-ietf-behave-nat-mib-11 
        The extensions are intended to address the needs of the Carrier
        Grade NAT (CGN), also known as Large Scale NAT (LSN).

        GLOSSARY
        ==========
        Address mapping - is used to refer to association between
        a private IP to public IP (in case of NAT44 and DS Lite)
        or source IPv6 address to IPv4 address in case of NAT64 
        stateful application.

        Mapping - A mapping used to refer to a NAT translation record.
        It is a record held in memory that maps a private IP address
        and port to a public IP address and port.

        Subscriber - A subscriber is a record held in memory that
        provides IP address and other details of an end user device
        which has one or more mappings.

        Session - A session is a record maintained in memory that
        identifies a flow. The flow is uniquely identified by the
        source IPv4/IPv6 address, source port, translated IP address,
        translated source port, destination IPv4/IPv6 address and
        destination port.

        In to Out packet - A packet originating from a subscriber,
        with a private source address (or with an IPv6 address in
        case of NAT64), destined to a host with a public IP address.
        This packet needs NAT (or NAPT) service.

        Out to In packet - A packet originating from a host on the
        public Internet (or any host with a routable/public) source
        address, whose destination address is a mapped (translated)
        IP address. This packet needs reverse-NAT.

        Bulk port allocation - A NAT instance can be configured
        pre-allocate a range of contiguous ports instead of a single
        port. A mapping log record is created indicating the range of
        ports allocated to this subscriber. This is done in anticipation
        that the subscriber is likely to send packets that require more
        mappings to be created. For the subsequent mapping requests, one
        of the pre-allocated port is used and no additional log entries
        need to be created. This is a technique used to reduce the
        volume of translation record data."
    REVISION        "201404030000Z"
    DESCRIPTION
        "Latest version of this MIB module."
    ::= { ciscoMgmt 818 }


-- Textual Conventions definition will be defined before this line

ciscoNatCgnExtMIBNotifs  OBJECT IDENTIFIER
    ::= { ciscoNatCgnExtMIB 0 }

ciscoNatCgnExtMIBObjects  OBJECT IDENTIFIER
    ::= { ciscoNatCgnExtMIB 1 }

ciscoNatCgnExtMIBConform  OBJECT IDENTIFIER
    ::= { ciscoNatCgnExtMIB 2 }


-- textual conventions

NatCgnInstanceType ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "A value that represents a type of NAT instance.

        nat44(1): This is the traditional Network Address Translation
        from IPv4 to IPv4, explained in RFC 4787.

        nat64Stateful(2): This is the IPv6 to IPv4 translation (that
        is, Address Family translation), explained in RFC 6146.

        dsLite(3): This is the Dual Stack Lite, explained in RFC 6333."
    SYNTAX          INTEGER  {
                        nat44(1),
                        nat64Stateful(2),
                        dsLite(3)
                    }

NatCgnALGType ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "A value that represents ALG (Application Level Gateway)
        protocol type."
    SYNTAX          INTEGER  {
                        algActiveFTP(1),
                        algDNS(2),
                        algH323(3),
                        algHTTP(4),
                        algLDAP(5),
                        algMSRPC(6),
                        algNetBIOS(7),
                        algPCP(8),
                        algPPTP(9),
                        algRCMD(10),
                        algRTSP(11),
                        algSCCP(12),
                        algSIP(13),
                        algSunRPC(14)
                    }
-- MIB Objects

cNatCgnInstanceTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CNatCgnInstanceEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This table lists the NAT instances configured on the device."
    ::= { ciscoNatCgnExtMIBObjects 1 }

cNatCgnInstanceEntry OBJECT-TYPE
    SYNTAX          CNatCgnInstanceEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry describes a NAT instance configured on the device.
        The parameters include the type of the NAT instance and the
        important configuration elements."
    AUGMENTS           { natInstanceEntry  } 
    ::= { cNatCgnInstanceTable 1 }

CNatCgnInstanceEntry ::= SEQUENCE {
        cNatCgnInstanceType                         NatCgnInstanceType,
        cNatCgnInstanceServiceName                  SnmpAdminString,
        cNatCgnInstanceVrf                          SnmpAdminString,
        cNatCgnInstanceInterface                    SnmpAdminString,
        cNatCgnInstanceBehaviorType                 NatBehaviorType,
        cNatCgnInstancePoolingType                  NatPoolingType,
        cNatCgnInstanceProtocolPortLimit            Unsigned32,
        cNatCgnInstanceProtocolPortBulkAllocControl Unsigned32
}

cNatCgnInstanceType OBJECT-TYPE
    SYNTAX          NatCgnInstanceType
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the type of the NAT instance.
        If the instance type is changed, the service-type attribute of
        the corresponding interfaces will also need to be changed." 
    ::= { cNatCgnInstanceEntry 1 }

cNatCgnInstanceServiceName OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE  (0..32))
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the CGN service name of this instance." 
    ::= { cNatCgnInstanceEntry 2 }

cNatCgnInstanceVrf OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE  (0..64))
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the name the VRF that is bringing in
        subscriber's traffic that needs to undergo NAT." 
    ::= { cNatCgnInstanceEntry 3 }

cNatCgnInstanceInterface OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE  (0..64))
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the name the interface that is bringing
        in subscriber's traffic that needs to undergo NAT. Typically
        either the cNatCgnInstanceVrf or cNatCgnInstanceInterface is
        needed to be configured, but not both." 
    ::= { cNatCgnInstanceEntry 4 }

cNatCgnInstanceBehaviorType OBJECT-TYPE
    SYNTAX          NatBehaviorType
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the configured NAT mapping behavior
        for this instance." 
    ::= { cNatCgnInstanceEntry 5 }

cNatCgnInstancePoolingType OBJECT-TYPE
    SYNTAX          NatPoolingType
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the configured NAT address pooling type
        for this instance." 
    ::= { cNatCgnInstanceEntry 6 }

cNatCgnInstanceProtocolPortLimit OBJECT-TYPE
    SYNTAX          Unsigned32 (0..65535)
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the configured protocol port limit. This
        is the maximum number of active mappings each subscriber can
        have at any given time.
        Value of zero means, it is unlimited." 
    ::= { cNatCgnInstanceEntry 7 }

cNatCgnInstanceProtocolPortBulkAllocControl OBJECT-TYPE
    SYNTAX          Unsigned32 (0..65535)
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the configured bulk port allocation size.
        Value of 0 means, bulk allocation is not applicable (or not
        supported). Value of 1 means, it is not enabled, that
        is, ports are allocated individually and not in bulk." 
    ::= { cNatCgnInstanceEntry 8 }
 

-- counters and statistics

cNatCgnCounters  OBJECT IDENTIFIER
    ::= { ciscoNatCgnExtMIBObjects 2 }


cNatCgnCounterTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CNatCgnCounterEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This table lists the counters of NAT instances in the device."
    ::= { cNatCgnCounters 1 }

cNatCgnCounterEntry OBJECT-TYPE
    SYNTAX          CNatCgnCounterEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry contains the additional statistics of a NAT
        instance."
    AUGMENTS           { natCountersEntry  } 
    ::= { cNatCgnCounterTable 1 }

CNatCgnCounterEntry ::= SEQUENCE {
        cNatCgnCounterSessionCreations            Counter64,
        cNatCgnCounterSessionRemovals             Counter64,
        cNatCgnCounterOutOfSessionDrops           Counter64,
        cNatCgnCounterSessionLimitDrops           Counter64,
        cNatCgnCounterNoMappingEntryDrops         Counter64,
        cNatCgnCounterSourceIPOutOfRangeDrops     Counter64,
        cNatCgnCounterEndPointFilteringDrops      Counter64,
        cNatCgnCounterTCPSequenceDrops            Counter64,
        cNatCgnCounterTCPMappingDrops             Counter64,
        cNatCgnCounterFragmentPktsInToOutDrops    Counter64,
        cNatCgnCounterFragmentPktsOutToInDrops    Counter64,
        cNatCgnCounterCurrentPortAllocation       Integer32,
        cNatCgnCounterPortUsageLowThreshold       Integer32,
        cNatCgnCounterPortUsageClearLowThreshold  Integer32,
        cNatCgnCounterPortUsageHighThreshold      Integer32,
        cNatCgnCounterPortUsageClearHighThreshold Integer32,
        cNatCgnCounterAverageBulkPortUsage        Gauge32
}

cNatCgnCounterSessionCreations OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of sessions created since
        the instance is up." 
    ::= { cNatCgnCounterEntry 1 }

cNatCgnCounterSessionRemovals OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of sessions removed since
        the instance is up. The number of active sessions is equal to
        cNatCgnCounterSessionCreations - 
        cNatCgnCounterSessionRemovals." 
    ::= { cNatCgnCounterEntry 2 }

cNatCgnCounterOutOfSessionDrops OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of packets dropped because
        they required a new session entry to be created, however,
        there is no space to create new sessions." 
    ::= { cNatCgnCounterEntry 3 }

cNatCgnCounterSessionLimitDrops OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of packets in either in to
        out or out to in direction dropped because of exceeding limit
        on session entries." 
    ::= { cNatCgnCounterEntry 4 }

cNatCgnCounterNoMappingEntryDrops OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of packets in the out to in
        direction not translated because there was no mapping found." 
    ::= { cNatCgnCounterEntry 5 }

cNatCgnCounterSourceIPOutOfRangeDrops OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of packets in the in to out
        direction not translated because source address was out of
        configured prefix or range. For NAT44 configured in predefined
        mode, NAT64 stateful or DS Lite, it could be drops due to 
        source IP address not matching the configured prefix bits." 
    ::= { cNatCgnCounterEntry 6 }

cNatCgnCounterEndPointFilteringDrops OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of packets in the out to in
        direction dropped because of end point dependent filtering
        policy. Note, the value of this object should be interpreted in
        conjunction with the value of cNatCgnInstanceBehaviorType.
        If the NAT instance is configured with endpointIndependent
        behavior, the instance is not supposed to filter or 
        drop any packets based on the destination. In such case
        this counter could either be zero or could be the number
        of packets passed which would have otherwise be filtered
        and dropped if cNatCgnInstanceBehaviorType is set to 
        addressDependent or addressAndPortDependent." 
    ::= { cNatCgnCounterEntry 7 }

cNatCgnCounterTCPSequenceDrops OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of packets in the out to in
        direction dropped because TCP sequence check failed." 
    ::= { cNatCgnCounterEntry 8 }

cNatCgnCounterTCPMappingDrops OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of TCP packets in the in to
        out direction dropped because a new mapping was required to
        be created, however TCP SYN flag was not set." 
    ::= { cNatCgnCounterEntry 9 }

cNatCgnCounterFragmentPktsInToOutDrops OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of fragmented packets in the
        in to out direction dropped due to errors such as timed out
        waiting for first fragment or no space to hold the fragment." 
    ::= { cNatCgnCounterEntry 10 }

cNatCgnCounterFragmentPktsOutToInDrops OBJECT-TYPE
    SYNTAX          Counter64
    UNITS           "packets"
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of fragmented packets in the
        out to in direction dropped due to errors such as timed out
        waiting for first fragment or no space to hold the fragment." 
    ::= { cNatCgnCounterEntry 11 }

cNatCgnCounterCurrentPortAllocation OBJECT-TYPE
    SYNTAX          Integer32 (0..100)
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the current average port allocation
        across all available public IP addresses applied to this NAT
        instance.
        When bulk allocation is enabled (that is, the value of
        cNatCgnInstanceProtocolPortBulkAllocControl is more than 1),
        this value will include all the ports pre-allocated in bulk
        (whether they are in use or not)." 
    ::= { cNatCgnCounterEntry 12 }

cNatCgnCounterPortUsageLowThreshold OBJECT-TYPE
    SYNTAX          Integer32 (0..100)
    UNITS           "percent"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the low threshold in percentage of
        available public ports that are used up. The notification
        cNatCgnNotifPortUsageWatermarkLow is sent once the value of
        cNatCgnCounterAveragePortAllocation becomes less than or equal
        to this value. If this object is set to zero, the notification
        is not generated."
    DEFVAL          { 0 } 
    ::= { cNatCgnCounterEntry 13 }

cNatCgnCounterPortUsageClearLowThreshold OBJECT-TYPE
    SYNTAX          Integer32 (0..100)
    UNITS           "percent"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the clear low threshold in percentage
        of available public ports that are used up. The notification
        cNatCgnNotifPortUsageWatermarkLowClear is sent once the value
        of cNatCgnCounterAveragePortAllocation becomes more than or
        equal to this value. If this object is set to zero, the
        notification is not generated.

        Implementations must ensure that values of objects 
        cNatCgnCounterPortUsageClearLowThreshold and 
        cNatCgnCounterPortUsageLowThreshold remain consistent. For
        example, an implementation must respond with an 
        inconsistentValue error if an attempt is made to set the the 
        value of cNatCgnCounterPortUsageClearLowThreshold to be less
        than or equal to that of cNatCgnCounterPortUsageLowThreshold
        and vice versa."
    DEFVAL          { 0 } 
    ::= { cNatCgnCounterEntry 14 }

cNatCgnCounterPortUsageHighThreshold OBJECT-TYPE
    SYNTAX          Integer32 (0..100)
    UNITS           "percent"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the high threshold in percentage of
        available public ports that are used up. The notification
        cNatCgnNotifPortUsageWatermarkHigh is sent once the value of
        cNatCgnCounterAveragePortAllocation becomes higher than or equal
        to this value. If this field is set to zero, the notification
        is not generated."
    DEFVAL          { 0 } 
    ::= { cNatCgnCounterEntry 15 }

cNatCgnCounterPortUsageClearHighThreshold OBJECT-TYPE
    SYNTAX          Integer32 (0..100)
    UNITS           "percent"
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "This object specifies the clear high threshold in percentage
        of available public ports that are used up. The notification
        cNatCgnNotifPortUsageWatermarkHighClear is sent once the value
        of cNatCgnCounterAveragePortAllocation becomes less than or
        equal to this value. If this object is set to zero, the
        notification is not generated.

        Implementations must ensure that values of objects 
        cNatCgnCounterPortUsageClearHighThreshold and 
        cNatCgnCounterPortUsageHighThreshold remain consistent. For
        example, an implementation must respond with an 
        inconsistentValue error if an attempt is made to set the the 
        value of cNatCgnCounterPortUsageClearHighThreshold to be more
        than or equal to that of cNatCgnCounterPortUsageHighThreshold
        and vice versa."
    DEFVAL          { 0 } 
    ::= { cNatCgnCounterEntry 16 }

cNatCgnCounterAverageBulkPortUsage OBJECT-TYPE
    SYNTAX          Gauge32 (0..100)
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the average percentage usage of ports
        pre-allocated in bulk. This value is valid only if the bulk
        allocation is configured. That is the value specified by the
        cNatCgnInstanceProtocolPortBulkAllocControl is more than 1.

        This value gives hints about effectiveness of bulk port
        allocation technique. A very low percentage of bulk port usage
        may suggest that, bulk allocation size be reduced. On the other
        hand, a value close to 100 may hint at increasing the bulk size
        to further reduce log data volume." 
    ::= { cNatCgnCounterEntry 17 }
 

-- Translation logging

cNatCgnLogStatTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CNatCgnLogStatEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This table lists the logging statistics of each NAT instance
        in the device."
    ::= { cNatCgnCounters 2 }

cNatCgnLogStatEntry OBJECT-TYPE
    SYNTAX          CNatCgnLogStatEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry describes the logging related statistics of a NAT
        instance."
    INDEX           { natInstanceIndex } 
    ::= { cNatCgnLogStatTable 1 }

CNatCgnLogStatEntry ::= SEQUENCE {
        cNatCgnLogStatMappingCreateRecords Counter64,
        cNatCgnLogStatMappingDeleteRecords Counter64,
        cNatCgnLogStatSessionCreateRecords Counter64,
        cNatCgnLogStatSessionDeleteRecords Counter64,
        cNatCgnLogStatNetflowPackets       Counter64,
        cNatCgnLogStatNetflowPacketDrops   Counter64,
        cNatCgnLogStatSyslogPackets        Counter64,
        cNatCgnLogStatSyslogPacketDrops    Counter64
}

cNatCgnLogStatMappingCreateRecords OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of translation create records
        generated. It could be Netflow or Syslog records. It may not
        always necessarily be equal to number of mappings created
        (natMappingCreations of the NAT-MIB). If bulk allocation is
        enabled, this number could be much smaller than
        natMappingCreations. If the NAT mode is configured to be
        pre-defined or if logging is not configured, this could be
        zero." 
    ::= { cNatCgnLogStatEntry 1 }

cNatCgnLogStatMappingDeleteRecords OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of translation delete records
        generated. It could be Netflow or Syslog records. It may not
        always necessarily be equal to number of mappings deleted
        (natMappingRemovals of the NAT-MIB). If bulk allocation is
        enabled, this number could be much smaller than
        natMappingRemovals. If the NAT mode is configured to be
        pre-defined or if logging is not configured, this could be
        zero." 
    ::= { cNatCgnLogStatEntry 2 }

cNatCgnLogStatSessionCreateRecords OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of session create records
        generated. It could be Netflow or Syslog records. It may not
        always necessarily be equal to number of sessions created
        (cNatCgnCounterSessionCreations).
        If logging is not configured or if session logging
        is not configured, this could be zero." 
    ::= { cNatCgnLogStatEntry 3 }

cNatCgnLogStatSessionDeleteRecords OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of session delete records
        generated. It could be Netflow or Syslog records. It may not
        always necessarily be equal to number of sessions deleted
        (cNatCgnCounterSessionRemovals).
        If the logging is not configured or if session logging 
        is not configured, this could be zero." 
    ::= { cNatCgnLogStatEntry 4 }

cNatCgnLogStatNetflowPackets OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of Netflow packets generated.
        This includes the packet which could not be sent out due to
        congestion or other reasons." 
    ::= { cNatCgnLogStatEntry 5 }

cNatCgnLogStatNetflowPacketDrops OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of Netflow packets which
        could not be sent out due to congestion or other errors within
        the CGN device. This does not include any drops along the way
        to the collector." 
    ::= { cNatCgnLogStatEntry 6 }

cNatCgnLogStatSyslogPackets OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of Syslog packets generated.
        This includes the packet which could not be sent out due to
        congestion or other reasons." 
    ::= { cNatCgnLogStatEntry 7 }

cNatCgnLogStatSyslogPacketDrops OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of Syslog packets which could
        not be sent out due to congestion or other errors within the CGN
        device. This does not include any drops along the way to the 
        collector." 
    ::= { cNatCgnLogStatEntry 8 }
 

-- ALG specific counters

cNatCgnALGCountersTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF CNatCgnALGCountersEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This table lists the application level gateway status and
        counters for each ALG type and for each NAT instance
        in the device."
    ::= { cNatCgnCounters 3 }

cNatCgnALGCountersEntry OBJECT-TYPE
    SYNTAX          CNatCgnALGCountersEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry describes status and counters of a specific ALG type
        for a specific NAT instance."
    INDEX           {
                        natInstanceIndex,
                        cNatCgnALGType
                    } 
    ::= { cNatCgnALGCountersTable 1 }

CNatCgnALGCountersEntry ::= SEQUENCE {
        cNatCgnALGType              NatCgnALGType,
        cNatCgnALGStatus            INTEGER,
        cNatCgnALGMappingCreations  Counter64,
        cNatCgnALGMappingRemovals   Counter64,
        cNatCgnALGUnsupportedErrors Counter64,
        cNatCgnALGProtocolErrors    Counter64
}

cNatCgnALGType OBJECT-TYPE
    SYNTAX          NatCgnALGType
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "This object indicates the ALG type which together with
        natInstanceIndex uniquely identifies the set of counters being
        reported." 
    ::= { cNatCgnALGCountersEntry 1 }

cNatCgnALGStatus OBJECT-TYPE
    SYNTAX          INTEGER  {
                        notApplicable(1),
                        unSupported(2),
                        notEnabled(3),
                        enabled(4)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the status of this ALG type for this
        NAT instance.

        notApplicable:
            This ALG type is not relevant to this NAT instance.

        unSupported:
            This ALG type is relevant to this NAT instance, however 
            it is not supported.

        notEnabled:
            This ALG is supported on this NAT instance, however it is
            not enabled in the configuration.

        enabled:
            This ALG is enabled on this NAT instance. 

        The rest of the objects of this entry are valid only if the
        cNatCgnALGStatus is set to enabled." 
    ::= { cNatCgnALGCountersEntry 2 }

cNatCgnALGMappingCreations OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of mappings created for this
        ALG." 
    ::= { cNatCgnALGCountersEntry 3 }

cNatCgnALGMappingRemovals OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of mappings removed which
        were created for this ALG. The number of active mappings for
        this ALG is equal to 
        cNatCgnALGMappingCreations - cNatCgnALGMappingRemovals." 
    ::= { cNatCgnALGCountersEntry 4 }

cNatCgnALGUnsupportedErrors OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of application level
        messages/packets which could not be processed as they used
        options which are not yet supported. This does not include
        messages/packets that did not conform to the protocol." 
    ::= { cNatCgnALGCountersEntry 5 }

cNatCgnALGProtocolErrors OBJECT-TYPE
    SYNTAX          Counter64
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This object indicates the number of application level
        messages/packets which could not be processed as they did
        not conform to the protocol." 
    ::= { cNatCgnALGCountersEntry 6 }
 


-- notifications

cNatCgnNotifPortUsageWatermarkLow NOTIFICATION-TYPE
    OBJECTS         {
                        cNatCgnCounterCurrentPortAllocation,
                        cNatCgnCounterPortUsageLowThreshold
                    }
    STATUS          current
    DESCRIPTION
        "The device generates this notification when the value of
        cNatCgnCounterCurrentPortAllocation becomes lower than or equal 
        to the value of cNatCgnCounterPortUsageLowThreshold.
        The device will not generate notification if 
        cNatCgnCounterPortUsageLowThreshold is set to zero."
   ::= { ciscoNatCgnExtMIBNotifs 1 }

cNatCgnNotifPortUsageWatermarkLowClear NOTIFICATION-TYPE
    OBJECTS         {
                        cNatCgnCounterCurrentPortAllocation,
                        cNatCgnCounterPortUsageClearLowThreshold
                    }
    STATUS          current
    DESCRIPTION
        "The device generates this notification when the value of
        cNatCgnCounterCurrentPortAllocation becomes higher than or
        equal to the value of cNatCgnCounterPortUsageClearLowThreshold
        and if cNatCgnNotifPortUsageWatermarkLow is already generated.
        The device will not generate notification if 
        cNatCgnCounterPortUsageClearLowThreshold is set to zero."
   ::= { ciscoNatCgnExtMIBNotifs 2 }

cNatCgnNotifPortUsageWatermarkHigh NOTIFICATION-TYPE
    OBJECTS         {
                        cNatCgnCounterCurrentPortAllocation,
                        cNatCgnCounterPortUsageHighThreshold
                    }
    STATUS          current
    DESCRIPTION
        "The device generates this notification when the value of
        cNatCgnCounterCurrentPortAllocation becomes higher than or
        equal to the cNatCgnCounterPortUsageHighThreshold.
        The device will not generate notification if 
        cNatCgnCounterPortUsageHighThreshold is set to zero."
   ::= { ciscoNatCgnExtMIBNotifs 3 }

cNatCgnNotifPortUsageWatermarkHighClear NOTIFICATION-TYPE
    OBJECTS         {
                        cNatCgnCounterCurrentPortAllocation,
                        cNatCgnCounterPortUsageClearHighThreshold
                    }
    STATUS          current
    DESCRIPTION
        "The device generates this notification when the value of
        cNatCgnCounterCurrentPortAllocation becomes lower than or
        equal to the value of cNatCgnCounterPortUsageClearLowThreshold
        and if cNatCgnNotifPortUsageWatermarkHigh is already generated.
        The device will not generate notification if 
        cNatCgnCounterPortUsageClearHighThreshold is set to zero."
   ::= { ciscoNatCgnExtMIBNotifs 4 }
-- conformance and grouping

cNatCgnMIBCompliances  OBJECT IDENTIFIER
    ::= { ciscoNatCgnExtMIBConform 1 }

cNatCgnMIBGroups  OBJECT IDENTIFIER
    ::= { ciscoNatCgnExtMIBConform 2 }


-- compliance statements

cNatCgnModuleCompliance MODULE-COMPLIANCE
    STATUS          current
    DESCRIPTION
        "This compliance statement specifies the minimal requirements an
        implementation must meet in order to claim full compliance with
        the definition of the CISCO-NAT-CGN-EXT-MIB."
    MODULE          -- this module
    MANDATORY-GROUPS {
                        cNatCgnConfigGroup,
                        cNatCgnCountersGroup,
                        cNatCgnNotificationsGroup
                    }

    GROUP           cNatCgnOptionConfigGroup
    DESCRIPTION
        "This group is to be supported if the device supports
        configuration of NAT pooling and behavior types."

    GROUP           cNatCgnBulkAllocGroup
    DESCRIPTION
        "This group is to be supported if the device supports bulk port
        allocation."

    GROUP           cNatCgnSessionGroup
    DESCRIPTION
        "This group is to be supported if the device supports session
        level tracking."

    GROUP           cNatCgnNetflowLoggingGroup
    DESCRIPTION
        "This group is to be supported if the device supports Netflow
        format of translation logging."

    GROUP           cNatCgnSyslogLoggingGroup
    DESCRIPTION
        "This group is to be supported if the device supports Syslog
        format of translation logging."

    GROUP           cNatCgnFragmentsGroup
    DESCRIPTION
        "This group is to be supported if the device supports
        fragmented packet processing."

    GROUP           cNatCgnALGCountersGroup
    DESCRIPTION
        "This group is to be supported if the device supports one or
        more ALGs in the NAT."

    GROUP           cNatCgnServiceNameGroup
    DESCRIPTION
        "This group is to be supported if the device supports service
        configuration."

    OBJECT          cNatCgnInstanceBehaviorType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is optional."

    OBJECT          cNatCgnInstancePoolingType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is optional."

    OBJECT          cNatCgnInstanceProtocolPortLimit
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is optional."

    OBJECT          cNatCgnInstanceProtocolPortBulkAllocControl
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is optional."

    OBJECT          cNatCgnInstanceType
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is optional."

    OBJECT          cNatCgnInstanceVrf
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is optional."

    OBJECT          cNatCgnInstanceInterface
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is optional."

    OBJECT          cNatCgnInstanceServiceName
    MIN-ACCESS      read-only
    DESCRIPTION
        "Write access is optional."
    ::= { cNatCgnMIBCompliances 1 }

-- object groups

cNatCgnConfigGroup OBJECT-GROUP
    OBJECTS         {
                        cNatCgnInstanceType,
                        cNatCgnInstanceInterface,
                        cNatCgnInstanceVrf
                    }
    STATUS          current
    DESCRIPTION
        "This group contains objects describing basic configuration
        elements of NAT instances."
    ::= { cNatCgnMIBGroups 1 }

cNatCgnOptionConfigGroup OBJECT-GROUP
    OBJECTS         {
                        cNatCgnInstanceBehaviorType,
                        cNatCgnInstancePoolingType,
                        cNatCgnInstanceProtocolPortLimit
                    }
    STATUS          current
    DESCRIPTION
        "This group contains objects describing optional configuration
        elements of NAT instances."
    ::= { cNatCgnMIBGroups 2 }

cNatCgnCountersGroup OBJECT-GROUP
    OBJECTS         {
                        cNatCgnCounterNoMappingEntryDrops,
                        cNatCgnCounterSourceIPOutOfRangeDrops,
                        cNatCgnCounterEndPointFilteringDrops,
                        cNatCgnCounterTCPSequenceDrops,
                        cNatCgnCounterTCPMappingDrops,
                        cNatCgnCounterCurrentPortAllocation,
                        cNatCgnCounterPortUsageLowThreshold,
                        cNatCgnCounterPortUsageClearLowThreshold,
                        cNatCgnCounterPortUsageHighThreshold,
                        cNatCgnCounterPortUsageClearHighThreshold
                    }
    STATUS          current
    DESCRIPTION
        "This group contains objects describing counters and
        thresholds."
    ::= { cNatCgnMIBGroups 3 }

cNatCgnSessionGroup OBJECT-GROUP
    OBJECTS         {
                        cNatCgnCounterSessionCreations,
                        cNatCgnCounterSessionRemovals,
                        cNatCgnCounterOutOfSessionDrops,
                        cNatCgnCounterEndPointFilteringDrops,
                        cNatCgnCounterSessionLimitDrops
                    }
    STATUS          current
    DESCRIPTION
        "This group contains objects describing counters specific to
        session level tracking."
    ::= { cNatCgnMIBGroups 4 }

cNatCgnBulkAllocGroup OBJECT-GROUP
    OBJECTS         {
                        cNatCgnInstanceProtocolPortBulkAllocControl,
                        cNatCgnCounterAverageBulkPortUsage
                    }
    STATUS          current
    DESCRIPTION
        "This group contains objects describing configuration and
        statistics specific to bulk port allocation."
    ::= { cNatCgnMIBGroups 5 }

cNatCgnNetflowLoggingGroup OBJECT-GROUP
    OBJECTS         {
                        cNatCgnLogStatMappingCreateRecords,
                        cNatCgnLogStatMappingDeleteRecords,
                        cNatCgnLogStatSessionCreateRecords,
                        cNatCgnLogStatSessionDeleteRecords,
                        cNatCgnLogStatNetflowPackets,
                        cNatCgnLogStatNetflowPacketDrops
                    }
    STATUS          current
    DESCRIPTION
        "This group contains objects describing counters of
        Netflow based logging."
    ::= { cNatCgnMIBGroups 6 }

cNatCgnSyslogLoggingGroup OBJECT-GROUP
    OBJECTS         {
                        cNatCgnLogStatMappingCreateRecords,
                        cNatCgnLogStatMappingDeleteRecords,
                        cNatCgnLogStatSessionCreateRecords,
                        cNatCgnLogStatSessionDeleteRecords,
                        cNatCgnLogStatSyslogPackets,
                        cNatCgnLogStatSyslogPacketDrops
                    }
    STATUS          current
    DESCRIPTION
        "This group contains objects describing counters of
        syslog based logging."
    ::= { cNatCgnMIBGroups 7 }

cNatCgnFragmentsGroup OBJECT-GROUP
    OBJECTS         {
                        cNatCgnCounterFragmentPktsInToOutDrops,
                        cNatCgnCounterFragmentPktsOutToInDrops
                    }
    STATUS          current
    DESCRIPTION
        "This group contains objects describing fragment related
        counters."
    ::= { cNatCgnMIBGroups 8 }

cNatCgnALGCountersGroup OBJECT-GROUP
    OBJECTS         {
                        cNatCgnALGStatus,
                        cNatCgnALGMappingCreations,
                        cNatCgnALGMappingRemovals,
                        cNatCgnALGUnsupportedErrors,
                        cNatCgnALGProtocolErrors
                    }
    STATUS          current
    DESCRIPTION
        "This group contains objects describing counters related
        to ALG processing."
    ::= { cNatCgnMIBGroups 9 }

cNatCgnNotificationsGroup NOTIFICATION-GROUP
   NOTIFICATIONS    {
                        cNatCgnNotifPortUsageWatermarkLow,
                        cNatCgnNotifPortUsageWatermarkLowClear,
                        cNatCgnNotifPortUsageWatermarkHigh,
                        cNatCgnNotifPortUsageWatermarkHighClear
                    }
    STATUS          current
    DESCRIPTION
        "This group contains notifications supporting NAT instances."
    ::= { cNatCgnMIBGroups 15 }

cNatCgnServiceNameGroup OBJECT-GROUP
    OBJECTS         { cNatCgnInstanceServiceName }
    STATUS          current
    DESCRIPTION
        "This group contains objects describing service related
        configuration elements"
    ::= { cNatCgnMIBGroups 11 }

END




















