-- $Id: RBN-IP-SECURITY-MIB.my,v 1.1.8.1 2011/04/01 02:57:11 ekimpri Exp $
-- $Source: /cvsroot/pkt/sw/se/xc/bsd/config/snmp/mibs/Attic/RBN-IP-SECURITY-MIB.my,v $
-- *****************************************************************
-- RBN-IP-SECURITY-MIB    IP SECURITY MIB
--
-- Copyright (c) 2010-2011 Ericsson AB
-- All rights reserved.
--
-- *****************************************************************

RBN-IP-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE, Unsigned32,
    NOTIFICATION-TYPE
            FROM SNMPv2-SMI

    DateAndTime
            FROM SNMPv2-TC

    SnmpAdminString
            FROM SNMP-FRAMEWORK-MIB

    IANAItuEventType,
    IANAItuProbableCause
            FROM IANA-ITU-ALARM-TC-MIB

    InetAddressType, InetAddress
           FROM INET-ADDRESS-MIB          -- RFC4001

    ItuPerceivedSeverity
            FROM ITU-ALARM-TC-MIB

    MODULE-COMPLIANCE,
    OBJECT-GROUP,
    NOTIFICATION-GROUP
            FROM SNMPv2-CONF

    rbnMgmt
            FROM RBN-SMI;

rbnIpSecurityMib MODULE-IDENTITY
    LAST-UPDATED   "201101140000Z" -- Jan 14, 2011
    ORGANIZATION   "Ericsson AB"
    CONTACT-INFO
            "       Ericsson AB
                    100 Headquarters Dr
                    San Jose, CA 95134
                    USA

             Phone: +1 408 750 5000
               Fax: +1 408 750 5599
            "
    DESCRIPTION
        "Defines the objects necessary to support the management of
        IPSEC objects."

    REVISION      "201101140000Z" -- Jan 14, 2011
    DESCRIPTION
        "Initial Version."

    ::= { rbnMgmt 55}

rbnIpSecNotifications OBJECT IDENTIFIER ::= { rbnIpSecurityMib 0 }

rbnIpSecObjects       OBJECT IDENTIFIER ::= { rbnIpSecurityMib 1 }

rbnIpSecConformance   OBJECT IDENTIFIER ::= { rbnIpSecurityMib 2 }

--
-- some structure for the mib objects
--

rbnIpSecNotify        OBJECT IDENTIFIER ::= { rbnIpSecObjects 1 }

--
-- IPSEC notification objects
--

rbnIpSecEventDateAndTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The date and time when the event was raised."
    ::= { rbnIpSecNotify 1 }

rbnIpSecEventSeverity  OBJECT-TYPE
    SYNTAX      ItuPerceivedSeverity
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The current severity of the event."
    ::= { rbnIpSecNotify 2 }

rbnIpSecEventType OBJECT-TYPE
    SYNTAX      IANAItuEventType
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The type of the event."
    ::= { rbnIpSecNotify 3 }

rbnIpSecEventProbableCause OBJECT-TYPE
    SYNTAX      IANAItuProbableCause
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The probable cause for this event."
    ::= { rbnIpSecNotify 4 }

rbnIpSecTunnelIdentifier OBJECT-TYPE
    SYNTAX      SnmpAdminString  (SIZE(0..270))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Key to identify the tunnel alarm, consists of the remote-id type
        and remote-id, or tunnel name. The string starts with a sub-string 
        identifying the type, followed by the value.
        ipv4-
        fqdn-
        rfc822Addr-
        ipv6-
        derAsn1Dn-
        derAsn1Gn-
        keyId-
        name-"
    ::= { rbnIpSecNotify 5 }

rbnIpSecTunnelName OBJECT-TYPE
    SYNTAX      SnmpAdminString  (SIZE(0..50))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Name of the tunnel."
    ::= { rbnIpSecNotify 6 }

rbnIpSecTunnelType OBJECT-TYPE
    SYNTAX      INTEGER  {
                           static(1),
                           dynamic(2),
                           manual(3)
                         }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Type of tunnel."
    ::= { rbnIpSecNotify 7 }

rbnIpSecTunnelDownCause  OBJECT-TYPE
    SYNTAX      INTEGER {
                          general(0),
                          noRoute(1),
                          aspHomingFailure(2),
                          ppaHomingFailure(3),
                          configuredDown(4),
                          keepaliveFailure(5),
                          downByPeer(6),
                          rekeyFailure(7),
                          aspSoftReset(8),
                          indeterminate(9)
                        }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Additional information to describe the cause for
        tunnel being down."
    ::= { rbnIpSecNotify 8 }

rbnIpSecRemoteIdType OBJECT-TYPE
    SYNTAX      INTEGER {
                          reserved(0),
                          ipv4(1),
                          fqdn(2),
                          rfcAddr(3),
                          -- Values 4, 6-8, 12-200 and
                          -- 201-255 are reseved for IANA
                          ipv6(5),
                          derAsn1Dn(9),
                          derAsn1Gn(10),
                          keyId(11)
    }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Remote Id Type  of rbnIpSecRemoteId "
    ::= { rbnIpSecNotify 9 }

rbnIpSecRemoteId OBJECT-TYPE
    SYNTAX      SnmpAdminString  (SIZE(0..256))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Remote Id."
    ::= { rbnIpSecNotify 10 }

rbnIpSecLocalAddrContextName OBJECT-TYPE
    SYNTAX      SnmpAdminString  (SIZE(0..32))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Context name of the local address ."
    ::= { rbnIpSecNotify 11 }

rbnIpSecLocalAddressType OBJECT-TYPE
       SYNTAX      InetAddressType
       MAX-ACCESS  accessible-for-notify
       STATUS      current
       DESCRIPTION
           "Specifies the type of local address to be used."
       ::= { rbnIpSecNotify 12 }

rbnIpSecLocalAddress OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Local IP address of the tunnel."
    ::= { rbnIpSecNotify 13 }

rbnIpSecRemoteAddressType OBJECT-TYPE
       SYNTAX      InetAddressType
       MAX-ACCESS  accessible-for-notify
       STATUS      current
       DESCRIPTION
           "Specifies the type of remote address to be used."
       ::= { rbnIpSecNotify 14 }

rbnIpSecRemoteAddress OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Remote IP address of the tunnel."
    ::= { rbnIpSecNotify 15 }

rbnIpSecTunnelState OBJECT-TYPE
    SYNTAX      INTEGER {
                          up(1),
                          down(2)
                        }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Tunnel State."
    ::= { rbnIpSecNotify 16 }

rbnIpSecSelfCertificateIdentifier OBJECT-TYPE
    SYNTAX      SnmpAdminString  (SIZE(0..522))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "<Subject Name> :ISSUER- <Issuer Name>"
    ::= { rbnIpSecNotify 17 }

rbnIpSecCertificateHandle OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Self Certificate Handle."
    ::= { rbnIpSecNotify 18 }

rbnIpSecExpiryDateAndTime OBJECT-TYPE
    SYNTAX      SnmpAdminString  (SIZE(0..128))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Date and Time the certificate will expire."
    ::= { rbnIpSecNotify 19 }

rbnIpSecCertificateSubjectName OBJECT-TYPE
    SYNTAX      SnmpAdminString  (SIZE(0..256))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Subject Name of the self certificate"
    ::= { rbnIpSecNotify 20 }

--
-- NOTIFICATIONS - node for hanging notification definitions
--

rbnIpSecTunnelStatusChangeAlarm NOTIFICATION-TYPE
OBJECTS {
        rbnIpSecEventDateAndTime,
        rbnIpSecEventSeverity,
        rbnIpSecEventType,
        rbnIpSecEventProbableCause,
        rbnIpSecTunnelIdentifier,
        rbnIpSecTunnelName,
        rbnIpSecTunnelType,
        rbnIpSecTunnelDownCause,
        rbnIpSecRemoteIdType,
        rbnIpSecRemoteId,
        rbnIpSecLocalAddrContextName,
        rbnIpSecLocalAddressType,
        rbnIpSecLocalAddress,
        rbnIpSecRemoteAddressType,
        rbnIpSecRemoteAddress,
        rbnIpSecTunnelState
    }
    STATUS current
    DESCRIPTION
         "This notification signifies a change in the
          IpSecTunnelState. When IPSecTunnelState has the value
          'down', rbnIpSecEventSeverity has the value 'major'.  When
          IPSecTunnelState has the value 'up' or is obsoleted due to 
          configuration change rbnIpSecEventSeverity has the value 'clear'"
    ::= { rbnIpSecNotifications 1 }

rbnIpSecNoValidRSASelfCertificateAlarm NOTIFICATION-TYPE
OBJECTS {
        rbnIpSecEventDateAndTime,
        rbnIpSecEventSeverity,
        rbnIpSecEventType,
        rbnIpSecEventProbableCause
    }
    STATUS current
    DESCRIPTION
        "This alarm is set, when there is no valid RSA self-certificate
         for a context. It.s cleared when a valid self-certificate is
         configured or when system time is change to make the existing
         certificate valid.  As long as any valid RSA self-certificate exists from any
         CA, this alarm will not be set. This alarm is set at .Major. severity."
    ::= { rbnIpSecNotifications 2 }

rbnIpSecNoValidRSATrustedCertificateAlarm NOTIFICATION-TYPE
OBJECTS {
        rbnIpSecEventDateAndTime,
        rbnIpSecEventSeverity,
        rbnIpSecEventType,
        rbnIpSecEventProbableCause
    }
    STATUS current
    DESCRIPTION
         "This alarm is raised, when there is no valid RSA trusted-certificate for
          a context. It.s cleared, when a valid trusted-certificate is
          configured or when system time is change to make the existing certificate
          valid. As long as any valid RSA trusted-certificate exists for any CA, this
          alarm will not be raised. This alarm is set at .Major. severity."
    ::= { rbnIpSecNotifications 3 }

rbnIpSecRSASelfCertificateNearingExpiryAlarm NOTIFICATION-TYPE
OBJECTS {
        rbnIpSecEventDateAndTime,
        rbnIpSecEventSeverity,
        rbnIpSecEventType,
        rbnIpSecEventProbableCause,
        rbnIpSecSelfCertificateIdentifier,
        rbnIpSecCertificateHandle,
        rbnIpSecExpiryDateAndTime
    }
    STATUS current
    DESCRIPTION
        " This alarm notifies the operator that the RSA self certificate
          expiration is near. It will be raised at the user specified time
          before the expiration.  It will be cleared when a new certificate with
          the self subject name is added, the certificate is deleted, or the system
          time pulled up. This alarm is set at .Warning. severity."
    ::= { rbnIpSecNotifications 4 }

rbnIpSecRSATrustedCertificateNearingExpiryAlarm NOTIFICATION-TYPE
OBJECTS {
        rbnIpSecEventDateAndTime,
        rbnIpSecEventSeverity,
        rbnIpSecEventType,
        rbnIpSecEventProbableCause,
        rbnIpSecCertificateSubjectName,
        rbnIpSecCertificateHandle,
        rbnIpSecExpiryDateAndTime
    }
    STATUS current
    DESCRIPTION
        " This alarm notifies the operator that the RSA self certificate
          expiration is near. It will be raised at the user specified time
          before the expiration.  It will be cleared when a new certificate with
          the self subject name is added, the certificate is deleted, or the system
          time is pulled up. This alarm is set at .Warning. severity."
    ::= { rbnIpSecNotifications 5 }

--
-- compliance statements
--
rbnIpSecCompliances OBJECT IDENTIFIER ::= { rbnIpSecConformance 1 }
rbnIpSecGroups      OBJECT IDENTIFIER ::= { rbnIpSecConformance 2 }

rbnIpSecCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for SNMP entities which implement
         the IPSEC MIB."

    MODULE  -- this module
        MANDATORY-GROUPS {
            rbnIpSecNotifyObjectGroup,
            rbnIpSecNotifyGroup
        }
    ::= { rbnIpSecCompliances 1 }

--
-- groupings
--

rbnIpSecNotifyObjectGroup OBJECT-GROUP
    OBJECTS {
        rbnIpSecEventDateAndTime,
        rbnIpSecEventSeverity,
        rbnIpSecEventType,
        rbnIpSecEventProbableCause,
        rbnIpSecTunnelIdentifier,
        rbnIpSecTunnelName,
        rbnIpSecTunnelType,
        rbnIpSecTunnelDownCause,
        rbnIpSecRemoteIdType,
        rbnIpSecRemoteId,
        rbnIpSecLocalAddrContextName,
        rbnIpSecLocalAddressType,
        rbnIpSecLocalAddress,
        rbnIpSecRemoteAddressType,
        rbnIpSecRemoteAddress,
        rbnIpSecTunnelState,
        rbnIpSecSelfCertificateIdentifier,
        rbnIpSecCertificateSubjectName,
        rbnIpSecCertificateHandle,
        rbnIpSecExpiryDateAndTime
    }
    STATUS current
    DESCRIPTION
        "The collection of objects related to IPSEC
        notifications."
    ::= { rbnIpSecGroups 1 }

rbnIpSecNotifyGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        rbnIpSecTunnelStatusChangeAlarm,
        rbnIpSecNoValidRSASelfCertificateAlarm,
        rbnIpSecNoValidRSATrustedCertificateAlarm,
        rbnIpSecRSASelfCertificateNearingExpiryAlarm,
        rbnIpSecRSATrustedCertificateNearingExpiryAlarm
    }
    STATUS current
    DESCRIPTION
        "Notification for tracking IPSEC events."
    ::= { rbnIpSecGroups 2 }

END
