-- ====================================================================
-- Copyright (c) 2011 by FS.COM Inc.. All rights reserved.
--
-- Description: The MIB is designed to get IPSec tunnels' statistic information.
-- Reference: fs Enterprise MIB
-- =====================================================================
FS-IPSEC-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        DisplayString,TEXTUAL-CONVENTION, TimeStamp
            FROM SNMPv2-TC
        IpAddress, Integer32, Counter32, Counter64, OBJECT-TYPE,
        MODULE-IDENTITY, Gauge32, NOTIFICATION-TYPE, Unsigned32
            FROM SNMPv2-SMI
        MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
            FROM SNMPv2-CONF
        fsMgmt
            FROM FS-SMI;

    fsIPSecMonitor MODULE-IDENTITY
        LAST-UPDATED "201102170000Z"            
        ORGANIZATION
            "FS.COM Inc.."
        CONTACT-INFO
            "Tel: 400-865-2852 
             E-mail: https://www.fs.com/live_chat_service_mail.html"  
        DESCRIPTION
            "The MIB is designed to get statistic information of
             IPSec tunnels. With this MIB, we can get information of a certain
             tunnel or all tunnels."
        REVISION      "201102170000Z"
        DESCRIPTION
                "Initial version of this MIB module."
        ::= { fsMgmt 94 }       
        
    FSDiffHellmanGrp   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The Diffie Hellman Group used in the IKE and IPSec negotiations.
             invalidAlg(2147483647) is defined as invalid value."
        SYNTAX INTEGER { 
            none(0),
            modp768(1),
            modp1024(2),
            invalidMode(2147483647)
        }

    FSEncapMode        ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The encapsulation mode used by an IPSec Phase-2 Tunnel."
        SYNTAX INTEGER {
            tunnel(1),
            transport(2),
            invalidMode(2147483647)
        }

    FSEncryptAlgo   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The encryption algorithm used in the IKE and IPSec negotiations.
             invalidAlg(2147483647) is defined as invalid value."
        SYNTAX INTEGER {
            none(0),
            desCbc(2),
            threedesCbc(3),
            aesCbc(12),
            sm1Cbc(128),
            invalidAlg(2147483647)
        }

    FSAuthAlgo   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The authentication algorithm used in the IKE negotiations.
             invalidAlg(2147483647) is defined as invalid value."
        SYNTAX INTEGER {
            none(0),
            md5(1),
            sha(2),
            invalidAlg(2147483647)
        }

    FSSaProtocol   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The protocol of security association."
        SYNTAX INTEGER {
            reserved(0),
            isakmp(1),
            ah(2),
            esp(3)        
        }
    
    FSTunnelProtocol   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The protocol of security association."
        SYNTAX INTEGER {
            none(0),
            icmp(1),
            igmp(2),
            ip(4),
            tcp(6),
            udp(17),
            esp(50),
            ah(51)        
        }

        
    FSTrafficType   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The type of the data flow."
        SYNTAX INTEGER {
            ipv4Addr(1),
            ipv4AddrSubnet(2),
            ipv6Addr(3),
            ipv6AddrSubnet(4),
            ipv4AddrRange(5),
            ipv6AddrRange(6)
        }

    FSIPSecNegoType   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The type of key used by an IPSec Phase-2 Tunnel. invalidType(2147483647)
             is defined as invalid value."
        SYNTAX INTEGER {
            ike(1),
            manual(2),
            invalidType(2147483647)
        }

    FSIPSecTunnelState   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The state of IPSec tunnel."
        SYNTAX INTEGER {
            establishing(1),
            active(2),
            expiring(3)
        }

-- ========================================================================
-- Node definitions
-- ========================================================================
--Begin the node of fsIPSecObjects.

    fsIPSecObjects OBJECT IDENTIFIER ::= { fsIPSecMonitor 1 }

-- ===============================================
-- Begin the table of fsIPSecTunnelTable.
-- ===============================================

    fsIPSecTunnelTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSIPSecTunnelEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IPSec Phase-2 Tunnel Table. There is one
             entry in this table for each active IPSec Phase-2 Tunnel."
        ::= { fsIPSecObjects 1 }

    fsIPSecTunnelEntry OBJECT-TYPE
        SYNTAX FSIPSecTunnelEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Information about fsIPSecTunnelTable."
        INDEX { fsIPSecTunRemoteAddr }
        ::= { fsIPSecTunnelTable 1 }

    FSIPSecTunnelEntry ::=
        SEQUENCE {
            fsIPSecTunIfIndex
                Integer32,
            fsIPSecTunIndex
                Integer32,
            fsIPSecTunIKETunnelIndex
                Integer32,
            fsIPSecTunLocalAddr
                IpAddress,
            fsIPSecTunRemoteAddr
                IpAddress,  
            fsIPSecTunLocalHostname
                DisplayString,
            fsIPSecTunRemoteHostname
                DisplayString,     
            fsIPSecTunKeyType
                FSIPSecNegoType,
            fsIPSecTunEncapMode
                FSEncapMode,
            fsIPSecTunInitiator
                INTEGER,
            fsIPSecTunLifeSize
                Integer32,
            fsIPSecTunLifeTime
                Integer32,
            fsIPSecTunRemainTime
                Integer32,
            fsIPSecTunActiveTime
                Integer32,
            fsIPSecTunCreateTime
                TimeStamp,
            fsIPSecTunRemainSize
                Integer32,
            fsIPSecTunTotalRefreshes
                Counter32,
            fsIPSecTunCurrentSaInstances
                Gauge32,
            fsIPSecTunInSaEncryptAlgo
                FSEncryptAlgo,
            fsIPSecTunInSaAhAuthAlgo
                FSAuthAlgo,
            fsIPSecTunInSaEspAuthAlgo
                FSAuthAlgo,
            fsIPSecTunDiffHellmanGrp
                FSDiffHellmanGrp,
            fsIPSecTunOutSaEncryptAlgo
                FSEncryptAlgo,
            fsIPSecTunOutSaAhAuthAlgo
                FSAuthAlgo,
            fsIPSecTunOutSaEspAuthAlgo
                FSAuthAlgo,
            fsIPSecTunMapName
                DisplayString,
            fsIPSecTunSeqNum
                Integer32,
            fsIPSecTunStatus
                FSIPSecTunnelState
        }

    fsIPSecTunIfIndex OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The interface index( the ifIndex of ifTable )."
        ::= { fsIPSecTunnelEntry 1 }

    fsIPSecTunIndex OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The index of IPSec Phase-2 Tunnel Table. The value of
             the index is a number which begins at one and is
             incremented with each tunnel that is created. The
             value of this object will wrap at 2,147,483,647."
        ::= { fsIPSecTunnelEntry 2 }

    fsIPSecTunIKETunnelIndex OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The index of the associated IPSec Phase-1 IKE Tunnel
             (IKETunIndex in the IKETunnelTable). 2147483647 is defined as
             invalid value. "
        ::= { fsIPSecTunnelEntry 3 }

    fsIPSecTunLocalAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The IP address of the local peer for the IPSec Phase-2
             Tunnel. 0.0.0.0 is defined as invalid value."
        ::= { fsIPSecTunnelEntry 4 }

    fsIPSecTunRemoteAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The IP address of the remote peer for the IPSec Phase-2
             Tunnel. 0.0.0.0 is defined as invalid value."
        ::= { fsIPSecTunnelEntry 5 }

    fsIPSecTunLocalHostname OBJECT-TYPE
        SYNTAX DisplayString
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The Hostname of the local peer for the IPSec Phase-2
             Tunnel."
        ::= { fsIPSecTunnelEntry 6 }
    
    fsIPSecTunRemoteHostname OBJECT-TYPE
        SYNTAX DisplayString
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The Hostname of the remote peer for the IPSec Phase-2
             Tunnel. "
        ::= { fsIPSecTunnelEntry 7 }
    
    fsIPSecTunKeyType OBJECT-TYPE
        SYNTAX FSIPSecNegoType
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The key negotiate mode used by the IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelEntry 8 }
    fsIPSecTunEncapMode OBJECT-TYPE
        SYNTAX FSEncapMode
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The encapsulation mode used by the IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelEntry 9 }

    fsIPSecTunInitiator OBJECT-TYPE
        SYNTAX INTEGER
            {
                local(1),
                remote(2),
                none(2147483647)
            }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The initiator of this IPSec tunnel. Value none is used for manual
             IPsec tunnel, for there is no initiator or responder in this method."
        ::= { fsIPSecTunnelEntry 10 }

    fsIPSecTunLifeSize OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The negotiated LifeSize of the IPSec Phase-2 Tunnel in kilobytes.
             2147483647 is defined as invalid value."
        ::= { fsIPSecTunnelEntry 11 }

    fsIPSecTunLifeTime OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The negotiated LifeTime of the IPSec Phase-2 Tunnel in seconds.
             2147483647 is defined as invalid value."
        ::= { fsIPSecTunnelEntry 12 }

    fsIPSecTunRemainTime OBJECT-TYPE
        SYNTAX Integer32 (0..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The remain time of SA in seconds. 2147483647 is defined as invalid
             value."
        ::= { fsIPSecTunnelEntry 13 }

    fsIPSecTunActiveTime OBJECT-TYPE
        SYNTAX Integer32 (0..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The duration the IPSec Phase-2 Tunnel has been active in
             hundredths of seconds. 2147483647 is defined as invalid value."
        ::= { fsIPSecTunnelEntry 14 }
    
    fsIPSecTunCreateTime OBJECT-TYPE
        SYNTAX  Integer32 (0..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The Time Stamp when the IPSec Phase-2 Tunnel created."
        ::= { fsIPSecTunnelEntry 15 }
    
    fsIPSecTunRemainSize OBJECT-TYPE
        SYNTAX Integer32 (0..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The remain LifeSize of SA in kilobytes. 2147483647 is defined as
             invalid value."
        ::= { fsIPSecTunnelEntry 16 }

    fsIPSecTunTotalRefreshes OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of security association refreshing performed."
        ::= { fsIPSecTunnelEntry 17 }

    fsIPSecTunCurrentSaInstances OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The number of security associations which are currently active
             or expiring."
        ::= { fsIPSecTunnelEntry 18 }

    fsIPSecTunInSaEncryptAlgo OBJECT-TYPE
        SYNTAX FSEncryptAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The encryption algorithm used by the inbound security association
             of the IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelEntry 19 }

    fsIPSecTunInSaAhAuthAlgo OBJECT-TYPE
        SYNTAX FSAuthAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The authentication algorithm used by the inbound authentication
             header (AH) security association of the IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelEntry 20 }

    fsIPSecTunInSaEspAuthAlgo OBJECT-TYPE
        SYNTAX FSAuthAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The authentication algorithm used by the inbound encapsulation
             security protocol(ESP) security association of the IPSec
             Phase-2 Tunnel."
        ::= { fsIPSecTunnelEntry 21 }

    fsIPSecTunDiffHellmanGrp OBJECT-TYPE
        SYNTAX FSDiffHellmanGrp
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The Diffie Hellman Group used by the security association of the
             IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelEntry 22 }

    fsIPSecTunOutSaEncryptAlgo OBJECT-TYPE
        SYNTAX FSEncryptAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The encryption algorithm used by the outbound security
             association of the IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelEntry 23 }

    fsIPSecTunOutSaAhAuthAlgo OBJECT-TYPE
        SYNTAX FSAuthAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The authentication algorithm used by the outbound
             authentication header (AH) security association of
             the IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelEntry 24 }

    fsIPSecTunOutSaEspAuthAlgo OBJECT-TYPE
        SYNTAX FSAuthAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The authentication algorithm used by the outbound encapsulation
             security protocol(ESP) security association of the IPSec
             Phase-2 Tunnel."
        ::= { fsIPSecTunnelEntry 25 }

    fsIPSecTunMapName OBJECT-TYPE
        SYNTAX DisplayString
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The Map name used by this IPSec tunnel."
        ::= { fsIPSecTunnelEntry 26 }

    fsIPSecTunSeqNum OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The sequence number of policy used by this IPSec tunnel."
        ::= { fsIPSecTunnelEntry 27 }

    fsIPSecTunStatus OBJECT-TYPE
        SYNTAX FSIPSecTunnelState
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "The status of the IPSec Tunnel."
        ::= { fsIPSecTunnelEntry 28 }

-- ===============================================
-- Begin the table of fsIPSecTunnelStatTable.
-- ===============================================

    fsIPSecTunnelStatTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSIPSecTunnelStatEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IPSec Phase-2 Tunnel Statistics Table. "
        ::= { fsIPSecObjects 2 }

    fsIPSecTunnelStatEntry OBJECT-TYPE
        SYNTAX FSIPSecTunnelStatEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Information about fsIPSecTunnelStatTable."
        INDEX { fsIPSecTunRemoteAddr }
        ::= { fsIPSecTunnelStatTable 1 }

    FSIPSecTunnelStatEntry ::=
        SEQUENCE {
            fsIPSecTunInOctets
                Counter64,
            fsIPSecTunInDecompOctets
                Counter64,
            fsIPSecTunInPkts
                Counter64,
            fsIPSecTunInSpeed
            	Counter64,
            fsIPSecTunInDropPkts
                Counter64,
            fsIPSecTunOutOctets
                Counter64,
            fsIPSecTunOutUncompOctets
                Counter64,
            fsIPSecTunOutPkts
                Counter64, 
            fsIPSecTunOutSpeed
            	Counter64,
            fsIPSecTunOutDropPkts
                Counter64        
        }

    fsIPSecTunInOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of octets received by this IPSec Phase-2 Tunnel.
             This value is accumulated BEFORE determining whether or not the
             packet should be decompressed."
        ::= { fsIPSecTunnelStatEntry 1 }

    fsIPSecTunInDecompOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of decompressed octets received by this IPSec
             Phase-2 Tunnel. This value is accumulated AFTER the packet
             is decompressed."
        ::= { fsIPSecTunnelStatEntry 2 }

    fsIPSecTunInPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets received by this IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelStatEntry 3 } 
    
    fsIPSecTunInSpeed OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The Speed(bps) of packets received by this IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelStatEntry 4 }

    fsIPSecTunInDropPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped during receiving process
             by this IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelStatEntry 5 }

    fsIPSecTunOutOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of octets sent by this IPSec Phase-2 Tunnel.
             This value is accumulated AFTER determining whether or not
             the packet should be compressed."
        ::= { fsIPSecTunnelStatEntry 6 }

    fsIPSecTunOutUncompOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of uncompressed octets sent by this IPSec Phase-2
             Tunnel.This value is accumulated BEFORE the packet is compressed."
        ::= { fsIPSecTunnelStatEntry 7 }

    fsIPSecTunOutPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets sent by this IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelStatEntry 8 }
    
    fsIPSecTunOutSpeed OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The Speed(bps) of packets sent by this IPSec Phase-2 Tunnel. "
        ::= { fsIPSecTunnelStatEntry 9 }

    
    fsIPSecTunOutDropPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped during sending process
             by this IPSec Phase-2 Tunnel."
        ::= { fsIPSecTunnelStatEntry 10 }

   
-- ===============================================
-- Begin the table of fsIPSecSaTable.
-- ===============================================

    fsIPSecSaTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSIPSecSaEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IPSec Phase-2 Security Protection Index Table.  This table
             contains an entry for each active and expiring security association."
        ::= { fsIPSecObjects 3 }

    fsIPSecSaEntry OBJECT-TYPE
        SYNTAX FSIPSecSaEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Information about fsIPSecSaTable."
        INDEX { fsIPSecTunRemoteAddr }
        ::= { fsIPSecSaTable 1 }

    FSIPSecSaEntry ::=
        SEQUENCE {
            fsIPSecSaIndex
                Integer32,
            fsIPSecSaDirection
                INTEGER,
            fsIPSecSaValue
                Unsigned32,
            fsIPSecSaProtocol
                FSSaProtocol,
            fsIPSecSaEncryptAlgo
                FSEncryptAlgo,
            fsIPSecSaAuthAlgo
                FSAuthAlgo,
            fsIPSecSaStatus
                FSIPSecTunnelState
        }

    fsIPSecSaIndex OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The number of the Sa associated with the Phase-2 Tunnel
             Table.  The value of this index is a number which begins
             at one and is incremented with each Sa associated with
             an IPSec Phase-2 Tunnel.  The value of this object will
             wrap at 2,147,483,647."
        ::= { fsIPSecSaEntry 1 }

    fsIPSecSaDirection OBJECT-TYPE
        SYNTAX INTEGER {
            in(1),
            out(2)
        }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The direction of the SA."
        ::= { fsIPSecSaEntry 2 }

    fsIPSecSaValue OBJECT-TYPE
        SYNTAX Unsigned32 (1..4294967295)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The value of the SPI."
        ::= { fsIPSecSaEntry 3 }

    fsIPSecSaProtocol OBJECT-TYPE
        SYNTAX FSSaProtocol
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The security protocol of the SA."
        ::= { fsIPSecSaEntry 4 }

    fsIPSecSaEncryptAlgo OBJECT-TYPE
        SYNTAX FSEncryptAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The encryption algorithm used by the security association
             of the IPSec Phase-2 Tunnel."
        ::= { fsIPSecSaEntry 5 }

    fsIPSecSaAuthAlgo OBJECT-TYPE
        SYNTAX FSAuthAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The authentication algorithm used by the SA."
        ::= { fsIPSecSaEntry 6 }

    fsIPSecSaStatus OBJECT-TYPE
        SYNTAX FSIPSecTunnelState        
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The status of the SA."
        ::= { fsIPSecSaEntry 7 }

-- ===============================================
-- Begin the table of fsIPSecTrafficTable.
-- ===============================================

    fsIPSecTrafficTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSIPSecTrafficEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IPSec Phase-2 Tunnel Traffic Table. "
        ::= { fsIPSecObjects 4 }

    fsIPSecTrafficEntry OBJECT-TYPE
        SYNTAX FSIPSecTrafficEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Information about fsIPSecTrafficTable."
        INDEX { fsIPSecTunRemoteAddr }
        ::= { fsIPSecTrafficTable 1 }

    FSIPSecTrafficEntry ::=
        SEQUENCE {
            fsIPSecTrafficLocalType
                FSTrafficType,
            fsIPSecTrafficLocalAddr1
                IpAddress,
            fsIPSecTrafficLocalAddr2
                IpAddress,
            fsIPSecTrafficLocalProtocol
                FSTunnelProtocol,
            fsIPSecTrafficLocalPort
                Integer32, 
            fsIPSecTrafficLocalHostname
                DisplayString,
            fsIPSecTrafficRemoteType
                FSTrafficType,
            fsIPSecTrafficRemoteAddr1
                IpAddress,
            fsIPSecTrafficRemoteAddr2
                IpAddress,
            fsIPSecTrafficRemoteProtocol
                FSTunnelProtocol,
            fsIPSecTrafficRemotePort
                Integer32,
            fsIPSecTrafficRemoteHostname
                DisplayString
    }

    fsIPSecTrafficLocalType OBJECT-TYPE
        SYNTAX FSTrafficType
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The type of local peer. Possible values are: a single
             IP address, or an IP address range, or an IP subnet."
        ::= { fsIPSecTrafficEntry 1 }

    fsIPSecTrafficLocalAddr1 OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The first specification of local peer's IP address. If
             the local peer type is single IP address, then this is the
             value of the IP address. If the local peer type is IP subnet,
             then this is the value of the subnet. If the local peer type
             is IP address range, then this is the value of beginning IP
             address of the range."
        ::= { fsIPSecTrafficEntry 2 }

    fsIPSecTrafficLocalAddr2 OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The second specification of local peer's IP address. If the local
             peer type is single IP address, then this is the value of the
             IP address. If the local peer type is IP subnet, then this is
             the value of the subnet mask. If the local peer type is IP
             address range, then this is the value of ending IP address of
             the range."
        ::= { fsIPSecTrafficEntry 3 }
        
    fsIPSecTrafficLocalProtocol OBJECT-TYPE
        SYNTAX FSTunnelProtocol
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The protocol number of the local peer's traffic."
        ::= { fsIPSecTrafficEntry 4 }

    fsIPSecTrafficLocalPort OBJECT-TYPE
        SYNTAX Integer32 (0..65535)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The port number of the local peer's traffic."
        ::= { fsIPSecTrafficEntry 5 }
    
    fsIPSecTrafficLocalHostname OBJECT-TYPE
        SYNTAX DisplayString
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The Hostname of local peer's IP address."
        ::= { fsIPSecTrafficEntry 6 }

    
    fsIPSecTrafficRemoteType OBJECT-TYPE
        SYNTAX FSTrafficType
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The type of remote peer. Possible values are: a single
             IP address, or an IP address range, or an IP subnet."
        ::= { fsIPSecTrafficEntry 7 }

    fsIPSecTrafficRemoteAddr1 OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The first specification of remote peer's IP address.
             If the remote peer type is single IP address, then
             this is the value of the IP address. If the remote
             peer type is IP subnet, then this is the value
             of the subnet. If the remote peer type is IP
             address range, then this is the value of beginning
             IP address of the range."
        ::= { fsIPSecTrafficEntry 8 }

    fsIPSecTrafficRemoteAddr2 OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Single IP address, then this is the value of the IP
             address. If the remote peer type is IP subnet,
             then this is the value of the subnet mask. If the
             remote peer type is IP address range, then this
             is the value of ending IP address of the range."
        ::= { fsIPSecTrafficEntry 9 }
          
    fsIPSecTrafficRemoteProtocol OBJECT-TYPE
        SYNTAX FSTunnelProtocol
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The protocol number of the remote peer's traffic."
        ::= { fsIPSecTrafficEntry 10 }

    fsIPSecTrafficRemotePort OBJECT-TYPE
        SYNTAX Integer32 (0..65535)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The port number of the remote peer's traffic."
        ::= { fsIPSecTrafficEntry 11 }
    
    fsIPSecTrafficRemoteHostname OBJECT-TYPE
        SYNTAX DisplayString
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The Hostname of remote peer's IP address."
        ::= { fsIPSecTrafficEntry 12 }

-- ===============================================
-- Begin the fsIPSecGlobalStats.
-- ===============================================

    fsIPSecGlobalStats OBJECT IDENTIFIER ::= { fsIPSecObjects 5 }

    fsIPSecGlobalActiveTunnels OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of currently active  IPSec Phase-2 Tunnels."
        ::= { fsIPSecGlobalStats 1 }

    fsIPSecGlobalActiveSas OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of currently active or expiring IPSec Phase-2 SA."
        ::= { fsIPSecGlobalStats 2 }

    fsIPSecGlobalInOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of octets received by all current and previous
             IPSec Phase-2 Tunnels. This value is accumulated BEFORE determining
             whether or not the packet should be decompressed."
        ::= { fsIPSecGlobalStats 3 }

    fsIPSecGlobalInPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets received by all current and
             previous IPSec Phase-2 Tunnels."
        ::= { fsIPSecGlobalStats 4 }
    
    fsIPSecGlobalInSpeed OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total speed(bps) of packets received by all current and
             previous IPSec Phase-2 Tunnels."
        ::= { fsIPSecGlobalStats 5 }
    
    fsIPSecGlobalInDrops OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped during receiving
             process by all current and previous IPSec Phase-2
             Tunnels. "
        ::= { fsIPSecGlobalStats 6 }
            
    fsIPSecGlobalOutOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of octets sent by all current and previous
             IPSec Phase-2 Tunnels. This value is accumulated AFTER
             determining whether or not the packet should be compressed."
        ::= { fsIPSecGlobalStats 7 }


    fsIPSecGlobalOutPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets sent by all current and previous
             IPSec Phase-2 Tunnels."
        ::= { fsIPSecGlobalStats 8 }
      
    fsIPSecGlobalOutSpeed OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total speed(bps) of packets sent by all current and previous
             IPSec Phase-2 Tunnels."
        ::= { fsIPSecGlobalStats 9 }
 
     
    fsIPSecGlobalOutDrops OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped during sending process
             by all current and previous IPSec Phase-2 Tunnels."
        ::= { fsIPSecGlobalStats 10 }

-- ===============================================
-- Begin the fsIPSecTrapObject.
-- ===============================================

    fsIPSecTrapObject OBJECT IDENTIFIER ::= { fsIPSecObjects 6 }

    fsIPSecMapName OBJECT-TYPE
        SYNTAX DisplayString
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The IPSec map name with a trap."
        ::= { fsIPSecTrapObject 1 }

    fsIPSecSeqNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The IPSec map sequence number with a trap."
        ::= { fsIPSecTrapObject 2 }

    fsIPSecSpiValue OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The SPI value associated with a trap."
        ::= { fsIPSecTrapObject 3 }


-- ===============================================
-- definition of traps.
-- ===============================================

    fsIPSecTrap OBJECT IDENTIFIER ::= { fsIPSecObjects 7 }

    fsIPSecNotifications OBJECT IDENTIFIER ::= { fsIPSecTrap 1 }

    fsIPSecTunnelStart NOTIFICATION-TYPE
        OBJECTS { fsIPSecTunLocalAddr,
                  fsIPSecTunRemoteAddr, 
                  fsIPSecTunLocalHostname,
                  fsIPSecTunRemoteHostname,
                  fsIPSecTunLifeTime,
                  fsIPSecTunLifeSize
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when an IPSec Phase-2
             Tunnel is created."
        ::= { fsIPSecNotifications 1 }

    fsIPSecTunnelStop NOTIFICATION-TYPE
        OBJECTS { fsIPSecTunLocalAddr,
                  fsIPSecTunRemoteAddr,
                  fsIPSecTunLocalHostname,
                  fsIPSecTunRemoteHostname,
                  fsIPSecTunActiveTime
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when an IPSec Phase-2
             Tunnel is deleted."
        ::= { fsIPSecNotifications 2 }
        
-- ===============================================
-- Conformance Information
-- ===============================================
    fsIPSecConformance   OBJECT IDENTIFIER
        ::= { fsIPSecMonitor 2 }
    fsIPSecCompliances   OBJECT IDENTIFIER
        ::= { fsIPSecConformance 1 }
    fsIPSecGroups        OBJECT IDENTIFIER
        ::= { fsIPSecConformance 2 }

-- ===============================================
-- Compliance Statements
-- ===============================================
    fsIPSecCompliance MODULE-COMPLIANCE
        STATUS current
        DESCRIPTION
            " "
        MODULE -- this module
        MANDATORY-GROUPS
            {
                fsIPSecTunnelTableGroup,
                fsIPSecTunnelStatGroup,
                fsIPSecSaGroup,
                fsIPSecTrafficTableGroup,
                fsIPSecGlobalStatsGroup,
                fsIPSecTrapObjectGroup,
                fsIPSecTrapGroup
            }
        ::= { fsIPSecCompliances 1 }

    fsIPSecTunnelTableGroup OBJECT-GROUP
        OBJECTS {
                    fsIPSecTunIKETunnelIndex,
                    fsIPSecTunLocalAddr,
                    fsIPSecTunRemoteAddr,
                    fsIPSecTunLocalHostname,
                    fsIPSecTunRemoteHostname,
                    fsIPSecTunKeyType,
                    fsIPSecTunEncapMode,
                    fsIPSecTunInitiator,
                    fsIPSecTunLifeSize,
                    fsIPSecTunLifeTime,
                    fsIPSecTunRemainTime,
                    fsIPSecTunActiveTime,
                    fsIPSecTunRemainSize,
                    fsIPSecTunTotalRefreshes,
                    fsIPSecTunCurrentSaInstances,
                    fsIPSecTunInSaEncryptAlgo,
                    fsIPSecTunInSaAhAuthAlgo,
                    fsIPSecTunInSaEspAuthAlgo,
                    fsIPSecTunDiffHellmanGrp,
                    fsIPSecTunOutSaEncryptAlgo,
                    fsIPSecTunOutSaAhAuthAlgo,
                    fsIPSecTunOutSaEspAuthAlgo,
                    --fsIPSecTunPolicyName,
                    --fsIPSecTunPolicyNum,
                    fsIPSecTunStatus
                }
        STATUS current
        DESCRIPTION
            "The group contains the IPSec tunnel's property information."
        ::= { fsIPSecGroups 1 }

    fsIPSecTunnelStatGroup OBJECT-GROUP
        OBJECTS {
                    fsIPSecTunInOctets,
                    fsIPSecTunInDecompOctets,
                    fsIPSecTunInPkts,
                    fsIPSecTunInSpeed,
                    fsIPSecTunInDropPkts,
                    fsIPSecTunOutOctets,
                    fsIPSecTunOutUncompOctets,
                    fsIPSecTunOutPkts, 
                    fsIPSecTunOutSpeed,
                    fsIPSecTunOutDropPkts     
        		}
        STATUS current
        DESCRIPTION
            "The group contains the IPSec tunnel's statistic information."
        ::= { fsIPSecGroups 2 }

    fsIPSecSaGroup OBJECT-GROUP
        OBJECTS {
                    fsIPSecSaDirection,
                    fsIPSecSaValue,
                    fsIPSecSaProtocol,
                    fsIPSecSaEncryptAlgo,
                    fsIPSecSaAuthAlgo,
                    fsIPSecSaStatus
                }
        STATUS current
        DESCRIPTION
            "The group contains the SA's property information."
        ::= { fsIPSecGroups 3 }

    fsIPSecTrafficTableGroup OBJECT-GROUP
        OBJECTS {
                    fsIPSecTrafficLocalType,
                    fsIPSecTrafficLocalAddr1,
                    fsIPSecTrafficLocalAddr2,
                    fsIPSecTrafficLocalProtocol,
                    fsIPSecTrafficLocalPort,
                    fsIPSecTrafficLocalHostname,
                    fsIPSecTrafficRemoteType,
                    fsIPSecTrafficRemoteAddr1,
                    fsIPSecTrafficRemoteAddr2,
                    fsIPSecTrafficRemoteProtocol,
                    fsIPSecTrafficRemotePort,
                    fsIPSecTrafficRemoteHostname
                }
        STATUS current
        DESCRIPTION
            "The group contains the property information of the
             data flow protected by IPSec tunnel."
        ::= { fsIPSecGroups 4 }

    fsIPSecGlobalStatsGroup OBJECT-GROUP
        OBJECTS {
                    fsIPSecGlobalActiveTunnels,
                    fsIPSecGlobalActiveSas,
                    fsIPSecGlobalInOctets,
                    fsIPSecGlobalInPkts,
                    fsIPSecGlobalInDrops,
                    fsIPSecGlobalInSpeed,                    
                    fsIPSecGlobalOutOctets,
                    fsIPSecGlobalOutPkts,
                    fsIPSecGlobalOutDrops, 
                    fsIPSecGlobalOutSpeed
                }
        STATUS current
        DESCRIPTION
            "The group contains all of the IPSec tunnel's statistic
             information."
        ::= { fsIPSecGroups 5 }

    fsIPSecTrapObjectGroup OBJECT-GROUP
        OBJECTS {
                    fsIPSecMapName,
                    fsIPSecSeqNum,
                    fsIPSecSpiValue
                }
        STATUS current
        DESCRIPTION
            "The group contains all of trap objects of IPSec tunnels."
        ::= { fsIPSecGroups 6 }

    fsIPSecTrapGroup NOTIFICATION-GROUP
        NOTIFICATIONS {
                          fsIPSecTunnelStart,
                          fsIPSecTunnelStop
                      }
        STATUS current
        DESCRIPTION
            "The group contains all of trap of IPSec tunnels."
        ::= { fsIPSecGroups 7 }


END

