--
-- *************************************************************
-- Hirschmann VPN Management MIB
-- *************************************************************
--
HM2-VPN-MIB DEFINITIONS ::= BEGIN

IMPORTS 
    OBJECT-TYPE, MODULE-IDENTITY, 
	NOTIFICATION-TYPE, OBJECT-IDENTITY,
    Integer32, Unsigned32, Counter64 FROM SNMPv2-SMI
    TruthValue,
    RowStatus, DisplayString		FROM SNMPv2-TC  
    hm2ConfigurationMibs,			
    HmTimeSeconds1970,
    HmLargeDisplayString			FROM HM2-TC-MIB;

hm2VpnMib MODULE-IDENTITY
    LAST-UPDATED "201403141200Z" -- Mar 14, 2014
    ORGANIZATION "Hirschmann Automation and Control GmbH"
    CONTACT-INFO
        "Postal:     Stuttgarter Str. 45-51
                     72654 Neckartenzlingen
                     Germany
         Phone:      +49 - 7127 -14 -0
         E-mail:     hac.support@belden.com"
        DESCRIPTION
         "This MIB defines the SNMP interface for Hirschmann VPN 
          implementations."
        REVISION     "201403141200Z" -- Mar 14, 2014
        DESCRIPTION
          "Initial version."
    ::= { hm2ConfigurationMibs 120 }


hm2VpnMibNotifications 		OBJECT IDENTIFIER 	::= { hm2VpnMib 0 }
hm2VpnMibObjects 			OBJECT IDENTIFIER	::= { hm2VpnMib 1 }
-- hm2VpnMibConformance 	OBJECT IDENTIFIER 	::= { hm2VpnMib 2 }
hm2VpnMibSNMPExtensionGroup	OBJECT IDENTIFIER 	::= { hm2VpnMib 3 }

hm2VpnGeneralGroup 			OBJECT IDENTIFIER ::= { hm2VpnMibObjects 1 }
hm2VpnConnectionGroup		OBJECT IDENTIFIER ::= { hm2VpnMibObjects 2 }
hm2VpnTrafficSelGroup 		OBJECT IDENTIFIER ::= { hm2VpnMibObjects 3 }
hm2VpnCertificateGroup 		OBJECT IDENTIFIER ::= { hm2VpnMibObjects 4 }

--
-- *************************************************************
-- General Group Objects
-- *************************************************************
--

--
-- *************************************************************
-- VPN Connection Definition
-- *************************************************************
--
hm2VpnConnMax OBJECT-TYPE
                         SYNTAX                  Integer32 (0..256)
                         MAX-ACCESS              read-only
                         STATUS                  current
                         DESCRIPTION
                             "Maximum number of VPN connections
                              supported. Notice that the maximum number of
                              active and up VPN connections is limited
                              to hm2VpnConnActiveMax."
                         ::= { hm2VpnConnectionGroup 1 }

hm2VpnConnActiveMax OBJECT-TYPE
                         SYNTAX                  Integer32 (0..256)
                         MAX-ACCESS              read-only
                         STATUS                  current
                         DESCRIPTION
                             "Maximum number of active (and up) VPN connections
                              supported."
                         ::= { hm2VpnConnectionGroup 2 }

hm2VpnConnNext OBJECT-TYPE
                         SYNTAX                  Integer32 (0..256)
                         MAX-ACCESS              read-only
                         STATUS                  current
                         DESCRIPTION
                             "This object always holds an appropriate value to be
                              used for hm2VpnConnIndex when creating entries
                              in the hm2VpnConnTable. The value 0 indicates
                              that no unassigned entries are available. To
                              obtain the hm2VpnConnIndex value for a new
                              entry, the management station issues a SNMP
                              retrieval operation to obtain the current value of
                              this object. After each row creation or deletion
                              the agent modifies the value to the next
                              unassigned index."
                          ::= { hm2VpnConnectionGroup 3 }

--
-- *************************************************************
-- VPN Connection Table
-- *************************************************************
--
hm2VpnConnTable   OBJECT-TYPE
                         SYNTAX SEQUENCE OF Hm2VpnConnEntry
                         MAX-ACCESS not-accessible
                         STATUS current
                         DESCRIPTION
                             "A list of VPN connections."
                         ::= { hm2VpnConnectionGroup 10 }

hm2VpnConnEntry   OBJECT-TYPE
                         SYNTAX Hm2VpnConnEntry
                         MAX-ACCESS not-accessible
                         STATUS current
                         DESCRIPTION
                             "A VPN connection entry."
                         INDEX { hm2VpnConnIndex }
                         ::= { hm2VpnConnTable 1 }
 
Hm2VpnConnEntry ::= SEQUENCE {
                         hm2VpnConnIndex     Integer32,
                         hm2VpnConnIkeVersion INTEGER,
                         hm2VpnConnIkeStartup INTEGER,
                         hm2VpnConnIkeLifetime Integer32,
                         hm2VpnConnIkeDpdTimeout Integer32,
                         hm2VpnConnIkeLocalAddr DisplayString,
                         hm2VpnConnIkeRemoteAddr DisplayString,
                         hm2VpnConnIkeAuthType INTEGER,
                         hm2VpnConnIkeAuthMode INTEGER,
                         hm2VpnConnIkeAuthCertCA DisplayString,
                         hm2VpnConnIkeAuthCertRemote DisplayString,
                         hm2VpnConnIkeAuthCertLocal DisplayString,
						 hm2VpnConnIkeAuthPrivKey DisplayString,
                         hm2VpnConnIkeAuthPasswd DisplayString, 
                         hm2VpnConnIkeAuthPsk DisplayString,
                         hm2VpnConnIkeAuthLocId DisplayString,
                         hm2VpnConnIkeAuthLocType INTEGER,
                         hm2VpnConnIkeAuthRemId DisplayString,
                         hm2VpnConnIkeAuthRemType INTEGER,
                         hm2VpnConnIkeAlgDh INTEGER,
                         hm2VpnConnIkeAlgMac INTEGER,
                         hm2VpnConnIkeAlgEncr INTEGER,
                         hm2VpnConnIkeReAuth TruthValue,
                         hm2VpnConnIpsecMode INTEGER,
                         hm2VpnConnIpsecLifetime Integer32,
                         hm2VpnConnMargintime Integer32,
                         hm2VpnConnIpsecAlgDh INTEGER,
                         hm2VpnConnIpsecAlgMac INTEGER,
                         hm2VpnConnIpsecAlgEncr INTEGER,
                         hm2VpnConnOperStatus INTEGER,
						 		 hm2VpnConnDesc DisplayString,
						 		 hm2VpnConnLastError HmLargeDisplayString,
						 		 hm2VpnConnDebug BITS,
                         hm2VpnConnRowStatus RowStatus
                         }

hm2VpnConnIndex   OBJECT-TYPE
                         SYNTAX                  Integer32 (1..256)
                         MAX-ACCESS              accessible-for-notify
                         STATUS                  current
                         DESCRIPTION
                             "An index that uniquely identifies the entry in the
                              table."
                         ::= { hm2VpnConnEntry 1 }


hm2VpnConnIkeVersion   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        ike(1),
                                                        ikev1(2),
                                                        ikev2(3)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Version of the IKE protocol:
                              o ike: accept IKEv1/v2 as responder, start with IKEv2 as initiator
                              o ikev1: used protocol is IKE version 1 (ISAKMP)
                              o ikev2: used protocol is IKE version 2"
                         DEFVAL  { ike }
                         ::= { hm2VpnConnEntry 2 }

hm2VpnConnIkeStartup   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        initiator(1),
                                                        responder(2)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "If this host acts as a responder it does not
                              initiate a key exchange (IKE) nor connection
                              parameters negotiation. Otherwise, this host acts
                              as an initiator - then it initiates an IKE
                              actively."
                         DEFVAL  { responder }
                         ::= { hm2VpnConnEntry 3 }

hm2VpnConnIkeLifetime   OBJECT-TYPE
                         SYNTAX                  Integer32 ( 300..86400)
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Lifetime of IKE security association in seconds.
                              The maximum value is 24 hours (86400 seconds)."
                         DEFVAL  { 28800 } -- 8 hours
                         ::= { hm2VpnConnEntry 4 }


hm2VpnConnIkeDpdTimeout   OBJECT-TYPE
                         SYNTAX                  Integer32 ( 0..86400) -- max. 24 hours
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "If greater than zero, the local peer sends Dead
                              Peer Detection (DPD) messages (according to RFC
                              3706) to the remote peer. This value specifies
                              the timeout in seconds, the remote peer is
                              declared dead, if not responding. The value 0
                              disables this feature."
                         DEFVAL  { 120 }
                         ::= { hm2VpnConnEntry 5 }


hm2VpnConnIkeLocalAddr   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Hostname (FQDN) or IP address of local
                              security gateway. If the value is 'any', then the
                              IP address of the matching interface is
                              used. Establishing the connection may be
                              delayed until the hostname (if specified) can be
                              resolved."
                         DEFVAL  { "any" }
                         ::= { hm2VpnConnEntry 6 }


hm2VpnConnIkeRemoteAddr   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Typically the hostname (FQDN) or IP address of
                              remote security gateway. If this value is 'any',
                              then any IP address is accepted when establishing
                              an IKE-SA as responder. Also a network in CIDR
                              notation, to be accepted when establishing the
                              IKE-SA, is allowed as responder. As initiator
                              such values are not allowed. Establishing the VPN
                              connection may be delayed until the hostname (if
                              specified) can be resolved."
                         DEFVAL  { "any" }
                         ::= { hm2VpnConnEntry 7 }


hm2VpnConnIkeAuthType   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        psk(1),
                                                        individualx509(2),
                                                        pkcs12(3)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Type of authentication to be used: pre-shared key,
                             individual X509 certificates (separate for CA and 
                             local identification) or one PKCS12 container with 
                             all the needed certificates (including the CA)."
                         DEFVAL  { psk }
                         ::= { hm2VpnConnEntry 8 }
                         

hm2VpnConnIkeAuthMode   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        main(1),
                                                        aggressive(2)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "The phase 1 exchange mode to be used (IKEv1)."
                         DEFVAL  { main }
                         ::= { hm2VpnConnEntry 9 }


hm2VpnConnIkeAuthCertCA   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "PEM encoded X.509 certificate file name (RFC 1422),
                              if authentication type in 'hm2VpnConnIkeAuthType'
                              is 'individualx509'. This certificate is used for RSA based
                              signature verification in local and remote
                              certificates.
                              The file needs to be uploaded separately."
                         DEFVAL  { "" }
                         ::= { hm2VpnConnEntry 10 }


hm2VpnConnIkeAuthCertRemote   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "PEM encoded X.509 certificate file name (RFC 1422),
                              if authentication type in 'hm2VpnConnIkeAuthType'
                              is 'individualx509'. This certificate is used for RSA based
                              authentication of remote peer at the local side.
                              This certificate binds the identity of remote peer
                              to it's public key. It is optional because typically
                              send by the remote peer while negotiating an
                              ISAKMP/IKE security association.
                              The file needs to be uploaded separately."
                         DEFVAL  { "" }
                         ::= { hm2VpnConnEntry 11 }


hm2VpnConnIkeAuthCertLocal   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "PEM encoded X.509 certificate file name (RFC 1422)
                              to be used, if authentication type in
                              'hm2VpnConnIkeAuthType' is 'individualx509' or 'pkcs12'. 
                              This certificate is used for authentication
                              of local peer at the remote side.  The
                              certificate binds the identity of local peer to
                              it's public key, signed by the certification
                              authority (CA) from 'hm2VpnConnIkeAuthCertCA'.
                              The file needs to be uploaded separately."
                         DEFVAL  { "" }
                         ::= { hm2VpnConnEntry 12 }


hm2VpnConnIkeAuthPrivKey   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Private key file name to be used, if authentication 
							  type in 'hm2VpnConnIkeAuthType' is 'individualx509' and
							  the key stored on the device is encrypted with a passphrase
                              (so it cannot automatically be matched with the certificate).
                              Note that this is only the filename of the private key. The
                              passphrase must be added to 'hm2VpnConnIkeAuthPasswd'."
                         DEFVAL  { "" }
                         ::= { hm2VpnConnEntry 13 }

hm2VpnConnIkeAuthPasswd   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Passphrase to be used for decryption of private key
                              from 'hm2VpnConnIkeAuthPrivKey' or the certificate container
                              for 'pkcs12' type certificates which are uploaded encrypted."
                         DEFVAL  { "" }
                         ::= { hm2VpnConnEntry 14 }


hm2VpnConnIkeAuthPsk   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Pre-shared key (passphrase) to be used if
                              authentication type in 'hm2VpnConnIkeAuthType'
                              is 'psk'. The pre-shared key sequence cannot contain 
                              newline or double-quote characters.
                              Alternatively to characters sequence, pre-shared secrets 
                              can be represented as hexadecimal or Base64 encoded 
                              binary values. A character sequence beginning with 0x is 
                              interpreted as sequence hexadecimal digits. Similarly, 
                              a character sequence beginning with 0s is interpreted 
                              as Base64 encoded binary data.
                              "
                         DEFVAL  { "" }
                         ::= { hm2VpnConnEntry 15 }


hm2VpnConnIkeAuthLocId   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Local peer identifier to be sent within ID
                              payload during negotiation. The ID payload is
                              used to identify the initiator of the security
                              association. The identity is used by the
                              responder to determine the correct host system
                              security policy requirement for the association
                              (see RFC 2407, section 4.6.2 for details when
                              using IKEv1 and RFC 4306, section 3.5 for IKEv2).
                              Allowed formats for this object depend on
                              'hm2VpnConnIkeAuthLocType':
                              o  default: don't care
                              o  address: don't care, take IPv4 address or host 
                                          name from hm2VpnConnIkeLocalAddr
                              o  id: - IPv4 address or host name
                                     - key identifier
                              		 - fully qualified domain name
                                     - fully qualified RFC 822 email address
                                     - X.500 distinguished name (DN)
							  "
                         DEFVAL  { "" }
                         ::= { hm2VpnConnEntry 16 }


hm2VpnConnIkeAuthLocType   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        default(1),
                                                        address(2),
                                                        id(3)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Type of local peer identifier in 'hm2VpnConnIkeAuthLocId':
                                 o  default: If 'hm2VpnConnIkeAuthType' is 'psk' then
                                             use the IP address or host name from 
                                             'hm2VpnConnIkeLocalAddr' as local identifier. 
                                             In case of 'individualx509' or 'pkcs12' 
                                             use the DN from local certificate in 
                                             'hm2VpnConnIkeAuthCertLocal'.
                                 o  address: use the IP address or DNS name from 
                                             'hm2VpnConnIkeLocalAddr'
                                             as local identifier.
                                 o  id: use the configured value in hm2VpnConnIkeAuthLocId
                                 		(it can be of any type in the description). 

                             For further information see RFC 2407, section 4.6.2"
                         DEFVAL  { default }
                         ::= { hm2VpnConnEntry 17 }


hm2VpnConnIkeAuthRemId   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Remote peer identifier to be compared with ID
                              payload during negotiation. The ID payload is
                              used to identify the initiator of the security
                              association. The identity is used by the
                              responder to determine the correct host system
                              security policy requirement for the association
                              (see RFC 2407, section 4.6.2 for details when
                              using IKEv1 and RFC 4306, section 3.5 for IKEv2).
                              Allowed formats for this entry depend on
                              'hm2VpnConnIkeAuthRemType':
                              o  any: don't care
                              o  address: don't care, take IPv4 address or host 
                                          name from hm2VpnConnIkeRemoteAddr 
                              o  id: - IPv4 address or host name
                                     - key identifier
                                     - fully qualified domain name
                                     - fully qualified RFC 822 email address
                                     - X.500 distinguished name (DN)
							  "
                         DEFVAL  { "" }
                         ::= { hm2VpnConnEntry 18 }


hm2VpnConnIkeAuthRemType   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        address(2),
                                                        id(3)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Type of remote peer identifier in hm2VpnConnIkeAuthRemId:
                              o  any: received remote identifier is not checked
                              o  address: use the IP address or host name from 
                                          'hm2VpnConnIkeRemoteAddr'
                                           as remote identifier.
                              o  id: use the configured value in hm2VpnConnIkeAuthRemId
                               	  	 (it can be of any type in the description). 

                             For further information see RFC 2407, section 4.6.2"
                         DEFVAL  { any }
                         ::= { hm2VpnConnEntry 19 }


hm2VpnConnIkeAlgDh   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        modp1024(2),
                                                        modp1536(3),
                                                        modp2048(4),
                                                        modp3072(5),
                                                        modp4096(6)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Diffie-Hellman key agreement algorithm to be used
                              for establishment of IKE-SA:
                              o  any: accept all supported algorithms as responder, use default as initiator
                              o  modp1024: RSA with 1024 bits modulus (DH Group 2)
                              o  modp1536: RSA with 1536 bits modulus (DH Group 5)
                              o  modp2048: RSA with 2048 bits modulus (DH Group 14)
                              o  modp3072: RSA with 3072 bits modulus (DH Group 15)
                              o  modp4096: RSA with 4096 bits modulus (DH Group 16)"
                         DEFVAL  { modp1024 }
                         ::= { hm2VpnConnEntry 20 }


hm2VpnConnIkeAlgMac   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        hmacmd5(2),
                                                        hmacsha1(3),
                                                        hmacsha256(4),
                                                        hmacsha384(5),
                                                        hmacsha512(6)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Integrity (MAC) algorithm to be used in IKEv2:
                              o  any: accept all supported algorithms as responder, use various pre-defined
                                      as initiator
                              o  hmacmd5: HMAC-MD5 (length 96 bit)
                              o  hmacsha1: HMAC-SHA1 (length 96 bit)
                              o  hmacsha256: HMAC-SHA256 (length 128 bit)
                              o  hmacsha384: HMAC-SHA384 (length 196 bit)
                              o  hmacsha512: HMAC-SHA512 (length 256 bit)
                              "
                         DEFVAL  { hmacsha1 }

                         ::= { hm2VpnConnEntry 21 }


hm2VpnConnIkeAlgEncr   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        des(2),
                                                        des3(3),
                                                        aes128(4),
                                                        aes192(5),
                                                        aes256(6)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Encryption algorithm to be used in IKE:
                              o  any: accept all supported algorithms as responder, use various pre-defined
                                      as initiator
                              o  des: DES
                              o  des3: Triple-DES
                              o  aes128: AES with 128 key bits
                              o  aes192: AES with 192 key bits
                              o  aes256: AES with 256 key bits"
                         DEFVAL  { aes128 }
                         ::= { hm2VpnConnEntry 22 }

hm2VpnConnIkeReAuth   OBJECT-TYPE
					     SYNTAX					 TruthValue
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "whether re-keying of an IKE_SA should also re-authenticate the peer. 
                              In IKEv1, re-authentication is always done (also when set to false).
							  In IKEv2, a value of false does re-keying without un-installing the IPsec SAs, 
							  a value of true creates a new IKE_SA from scratch and tries to recreate all IPsec SAs."
	 					 DEFVAL			{ false }
                         ::= { hm2VpnConnEntry 23 }

hm2VpnConnIpsecMode   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        tunnel(1)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "IPsec encapsulation mode."
                         DEFVAL  { tunnel }
                         ::= { hm2VpnConnEntry 24 }

hm2VpnConnIpsecLifetime   OBJECT-TYPE
                         SYNTAX                  Integer32 ( 300..28800)
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Lifetime of IPsec security association in seconds.
                              The maximum value is 8 hours (28800 seconds)."
                         DEFVAL  { 3600 } -- 1 hour
                         ::= { hm2VpnConnEntry 25 }

hm2VpnConnMargintime   OBJECT-TYPE
                         SYNTAX                  Integer32 ( 1..1800)
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "How long before connection expiry or keying-channel expiry 
							  should attempts to negotiate a replacement begin.
                              The maximum value is half an hour (1800 seconds).
                              The margin time needs to be at most half of the lifetime."
                         DEFVAL  { 150 } -- 2 a half minutes 
                         ::= { hm2VpnConnEntry 26 }


hm2VpnConnIpsecAlgDh   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        modp1024(2),
                                                        modp1536(3),
                                                        modp2048(4),
                                                        modp3072(5),
                                                        modp4096(6),
                                                        none(7)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Diffie-Hellman key agreement algorithm to be used
                              for IPsec-SA session key establishment:
                              o  any: accept all supported algorithms as responder, use various pre-defined
                                      as initiator
                              o  modp1024: RSA with 1024 bits modulus (DH Group 2)
                              o  modp1536: RSA with 1536 bits modulus (DH Group 5)
                              o  modp2048: RSA with 2048 bits modulus (DH Group 14)
                              o  modp3072: RSA with 3072 bits modulus (DH Group 15)
                              o  modp4096: RSA with 4096 bits modulus (DH Group 16)
                              o  none: no Perfect Forward Secrecy (PFS)"
                          DEFVAL { modp1024 }
                          ::= { hm2VpnConnEntry 27 }


hm2VpnConnIpsecAlgMac   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        hmacmd5(2),
                                                        hmacsha1(3),
                                                        hmacsha256(4),
                                                        hmacsha384(5),
                                                        hmacsha512(6)
                                                 }
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "Integrity (MAC) algorithm to be used in IPsec:
                              o  any: accept all supported algorithms as responder, use various pre-defined
                                      as initiator
                              o  hmacmd5: HMAC-MD5 (length 96 bit)
                              o  hmacsha1: HMAC-SHA1 (length 96 bit)
                              o  hmacsha256: HMAC-SHA256 (length 128 bit)
                              o  hmacsha384: HMAC-SHA384 (length 196 bit)
                              o  hmacsha512: HMAC-SHA512 (length 256 bit)
                              "
                         DEFVAL  { hmacsha1 }
                         ::= { hm2VpnConnEntry 28 }


hm2VpnConnIpsecAlgEncr   OBJECT-TYPE
                        SYNTAX          INTEGER {
                                            any(1),
                                            des(2),
                                            des3(3),
                                            aes128(4),
                                            aes192(5),
                                            aes256(6),
                                            aes128ctr(7),
                                            aes192ctr(8),
                                            aes256ctr(9),
                                            aes128gcm64(10),
                                            aes128gcm96(11),
                                            aes128gcm128(12),
                                            aes192gcm64(13),
                                            aes192gcm96(14),
                                            aes192gcm128(15),
                                            aes256gcm64(16),
                                            aes256gcm96(17),
                                            aes256gcm128(18)
                                            }
                         MAX-ACCESS     read-create
                         STATUS         current
                         DESCRIPTION
                             "Encryption algorithm to be used for payload
                              encryption in IPsec:
                              o  any: accept all supported algorithms as responder, use various pre-defined
                                      as initiator
                              o  des: DES
                              o  des3: Triple-DES
                              o  aes128: AES-CBC with 128 key bits
                              o  aes192: AES-CBC with 192 key bits
                              o  aes256: AES-CBC with 256 key bits
                              o  aes128ctr: AES-COUNTER with 128 key bits
                              o  aes192ctr: AES-COUNTER with 192 key bits
                              o  aes256ctr: AES-COUNTER with 256 key bits
                              o  aes128gcm64: AES-GCM with 64 bit ICV with 128 key bits
                              o  aes128gcm96: AES-GCM with 96 bit ICV with 128 key bits
                              o  aes128gcm128: AES-GCM with 128 bit ICV with 128 key bits
                              o  aes192gcm64: AES-GCM with 64 bit ICV with 192 key bits
                              o  aes192gcm96: AES-GCM with 96 bit ICV with 192 key bits
                              o  aes192gcm128: AES-GCM with 128 bit ICV with 192 key bits
                              o  aes256gcm64: AES-GCM with 64 bit ICV with 256 key bits
                              o  aes256gcm96: AES-GCM with 96 bit ICV with 256 key bits
                              o  aes256gcm128: AES-GCM with 128 bit ICV with 256 key bits
                              "
                         DEFVAL  { aes128 }
                         ::= { hm2VpnConnEntry 29 }


hm2VpnConnOperStatus   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                 up (1),
                                                 down (2),
                                                 negotiation (3),
                                                 constructing (4),
                                                 dormant (5),
                                                 re-keying (6)
                                                 }
                         MAX-ACCESS     read-only
                         STATUS         current
                         DESCRIPTION
                             "The current operational status of the VPN
                              connection:
                              o 'up': the IKE-SA and all IPsec SAs are up;
                              o 'down': the IKE-SA and all IPsec SAs are down;
                              o 'negotiation': key exchange and algorithm
                                negotiation is in progress (or, as responder,
                                waiting to be contacted for that purpose);
                              o 'constructing': the IKE-SA is up, but at least one
                                IPsec-SA is not established so far;
                              o 'dormant': waiting for a precondition
                                to be fulfilled before connection setup, e.g.:
                                - a dynamically assigned IP address;
                                - successful hostname resolution;
                                - assignment of a valid system time.
                              o 're-keying': key exchange is in progress 
                              	after timeout of lifetime has occured,
                              	either IKE or IPSEC;
                              "
                         ::= { hm2VpnConnEntry 30 }

hm2VpnConnDesc   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                                 "User defined text."
                         DEFVAL  { "" }                
                         ::= { hm2VpnConnEntry 31 }

hm2VpnConnLastError   OBJECT-TYPE
                         SYNTAX			HmLargeDisplayString (SIZE (0..512))
                         MAX-ACCESS    read-only
                         STATUS        current
                         DESCRIPTION
                                 "Last error notification occurred for this 
                                 connection. This is useful if the connection 
                                 does not reach the up state to see if an error
                                 has occurred in the proposal exchange or when 
                                 establishing the tunnel. In most cases this 
                                 variable should be empty."
                         DEFVAL  { "" }                
                         ::= { hm2VpnConnEntry 32 }

hm2VpnConnDebug   OBJECT-TYPE
						SYNTAX      BITS {
							informational(0),
							unhandled(1)
						}
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                                 "Used for debugging purpose of the VPN connections.
                                 May affect the performance significant.
                                 Please handle with care. If the bit is set
                                 informational(0) messages,
                                 unhandled(1) messages (not handled by the stack)
                                 are logged to the event log"
                         DEFVAL  { { } }                
                         ::= { hm2VpnConnEntry 33 }

hm2VpnConnRowStatus   OBJECT-TYPE
                         SYNTAX                  RowStatus
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "The row status of this table entry. If the row
                              status is 'active' then it is not allowed to
                              change any value (this applies also to active
                              traffic selectors). The maximum number of active
                              VPN connections is limited to hm2VpnConnMax. 
                              The maximum number of active and up VPN 
                              connections is limited to hm2VpnConnActiveMax."
                         ::= { hm2VpnConnEntry 34 }

--
-- *************************************************************
-- VPN Connection Statistics Table
-- *************************************************************
--
hm2VpnConnInfoTable   OBJECT-TYPE
                         SYNTAX SEQUENCE OF Hm2VpnConnInfoEntry
                         MAX-ACCESS not-accessible
                         STATUS current
                         DESCRIPTION
                             "A list of VPN connections."
                         ::= { hm2VpnConnectionGroup 15 }

hm2VpnConnInfoEntry   OBJECT-TYPE
                         SYNTAX Hm2VpnConnInfoEntry
                         MAX-ACCESS not-accessible
                         STATUS current
                         DESCRIPTION
                             "A VPN connection entry."
                         INDEX { hm2VpnConnIndex }
                         ::= { hm2VpnConnInfoTable 1 }
 
Hm2VpnConnInfoEntry ::= SEQUENCE {
						 hm2VpnConnInfoIkeVersionUsed INTEGER,
						 hm2VpnConnInfoIkeProposal DisplayString,
						 hm2VpnConnInfoIpsecProposal DisplayString,
						 hm2VpnConnInfoLocalHost DisplayString,
						 hm2VpnConnInfoRemoteHost DisplayString,
						 hm2VpnConnInfoEstablished Unsigned32,
						 hm2VpnConnInfoIKEReauth Unsigned32,
						 hm2VpnConnInfoIKERekeying Unsigned32,
                         hm2VpnConnInfoIpsecRekeying Unsigned32,
						 hm2VpnConnInfoIpsecInBytes Counter64,
						 hm2VpnConnInfoIpsecInPackets Counter64,
						 hm2VpnConnInfoIpsecInUse Unsigned32,
						 hm2VpnConnInfoIpsecOutBytes Counter64,
						 hm2VpnConnInfoIpsecOutPackets Counter64, 
						 hm2VpnConnInfoIpsecOutUse Unsigned32,
						 hm2VpnConnInfoIKEInitiatorSPI DisplayString,
						 hm2VpnConnInfoIKEResponderSPI DisplayString,
						 hm2VpnConnInfoIpsecInSPI DisplayString,
						 hm2VpnConnInfoIpsecOutSPI DisplayString
                         }

hm2VpnConnInfoIkeVersionUsed   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        ikev1(1),
                                                        ikev2(2)
                                                 }
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                             "Version of the IKE protocol used by connection:
                              o ikev1: used protocol is IKE version 1 (ISAKMP)
                              o ikev2: used protocol is IKE version 2"
                         ::= { hm2VpnConnInfoEntry 1 }

hm2VpnConnInfoIkeProposal   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Algorithms the IKE use for key exchange."
                         ::= { hm2VpnConnInfoEntry 2 }

hm2VpnConnInfoIpsecProposal  OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Algorithms IPsec use for the data communication."
                         ::= { hm2VpnConnInfoEntry 3 }

hm2VpnConnInfoLocalHost   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Local host detected by IKE."
                         ::= { hm2VpnConnInfoEntry 4 }

hm2VpnConnInfoRemoteHost   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Remote host detected by IKE."
                         ::= { hm2VpnConnInfoEntry 5 }

hm2VpnConnInfoEstablished    OBJECT-TYPE
                         SYNTAX                  Unsigned32
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Time in seconds since the connection has been established
                                 (is updated after IKE re-authentication)."
                         ::= { hm2VpnConnInfoEntry 6 }

hm2VpnConnInfoIKEReauth      OBJECT-TYPE
                         SYNTAX                  Unsigned32
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Time in seconds when the next IKE re-authentication 
                                 will take place."
                         ::= { hm2VpnConnInfoEntry 7 }

hm2VpnConnInfoIKERekeying    OBJECT-TYPE
                         SYNTAX                  Unsigned32
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Time in seconds when the next IKE re-keying 
                                 will take place."
                         ::= { hm2VpnConnInfoEntry 8 }

hm2VpnConnInfoIpsecRekeying  OBJECT-TYPE
                         SYNTAX                  Unsigned32
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Time in seconds when the next IPsec re-keying 
                                 will take place."
                         ::= { hm2VpnConnInfoEntry 9 }

hm2VpnConnInfoIpsecInBytes  OBJECT-TYPE
                         SYNTAX                  Counter64
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Number of input Bytes from this IPsec tunnel."
                         ::= { hm2VpnConnInfoEntry 10 }

hm2VpnConnInfoIpsecInPackets  OBJECT-TYPE
                         SYNTAX                  Counter64
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Number of input packets from this IPsec tunnel."
                         ::= { hm2VpnConnInfoEntry 11 }

hm2VpnConnInfoIpsecInUse  OBJECT-TYPE
                         SYNTAX                  Unsigned32
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Time in seconds since the IPsec tunnel 
                                 has received last time data."
                         ::= { hm2VpnConnInfoEntry 12 }

hm2VpnConnInfoIpsecOutBytes  OBJECT-TYPE
                         SYNTAX                  Counter64
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Number of output Bytes to this IPsec tunnel."
                         ::= { hm2VpnConnInfoEntry 13 }

hm2VpnConnInfoIpsecOutPackets  OBJECT-TYPE
                         SYNTAX                  Counter64
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Number of output packets to this IPsec tunnel."
                         ::= { hm2VpnConnInfoEntry 14 }

hm2VpnConnInfoIpsecOutUse  OBJECT-TYPE
                         SYNTAX                  Unsigned32
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "Time in seconds since to the IPsec tunnel 
                                 has sent last time data."
                         ::= { hm2VpnConnInfoEntry 15 }

hm2VpnConnInfoIKEInitiatorSPI  OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..32))
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "The IKE initiator SPI (local or remote, depends on initiator settings)."
                         ::= { hm2VpnConnInfoEntry 16 }

hm2VpnConnInfoIKEResponderSPI  OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..32))
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "The IKE responder SPI (local or remote, depends on initiator settings)."
                         ::= { hm2VpnConnInfoEntry 17 }

hm2VpnConnInfoIpsecInSPI  OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..16))
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "The input IPsec SPI."
                         ::= { hm2VpnConnInfoEntry 18 }

hm2VpnConnInfoIpsecOutSPI  OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..16))
                         MAX-ACCESS     		 read-only
                         STATUS                  current
                         DESCRIPTION
                                 "The output IPsec SPI."
                         ::= { hm2VpnConnInfoEntry 19 }

--
-- *************************************************************
-- VPN Traffic Selector Table
-- *************************************************************
--
hm2VpnTrafficSelTable        OBJECT-TYPE
             SYNTAX SEQUENCE OF Hm2VpnTrafficSelEntry
             MAX-ACCESS not-accessible
             STATUS current
             DESCRIPTION
                 "A list of traffic selectors. For details on the
                  role of traffic selectors in IPsec protocol see
                  RFC 2409, section 5.5 and RFC 4306, section 2.9."
             ::= { hm2VpnTrafficSelGroup 1 }

hm2VpnTrafficSelEntry   OBJECT-TYPE
             SYNTAX Hm2VpnTrafficSelEntry
             MAX-ACCESS not-accessible
             STATUS current
             DESCRIPTION
                 "A traffic selector entry. A traffic selector
                  defines the subnet/host addresses for which
                  this IPSec connection (SA) is responsible."
             INDEX { hm2VpnConnIndex, hm2VpnTrafficSelIndex }
             ::= { hm2VpnTrafficSelTable 1 }
 
Hm2VpnTrafficSelEntry ::= SEQUENCE {
             hm2VpnTrafficSelIndex       Integer32,
             hm2VpnTrafficSelSrcAddr     DisplayString,
             hm2VpnTrafficSelDstAddr     DisplayString,
             hm2VpnTrafficSelSrcRest     DisplayString,
             hm2VpnTrafficSelDstRest     DisplayString,
             hm2VpnTrafficSelDesc        DisplayString,
             hm2VpnTrafficSelRowStatus   RowStatus
             }

hm2VpnTrafficSelIndex   OBJECT-TYPE
             SYNTAX                  Integer32 (1..16)
             MAX-ACCESS              not-accessible
             STATUS                  current
             DESCRIPTION
                     "An index that (together with the connection
                      index hm2VpnConnIndex) identifies the entry
                      in the traffic selector table. This index can
                      be choosen freely, but must be greater than 0."
             ::= { hm2VpnTrafficSelEntry 1 }


hm2VpnTrafficSelSrcAddr   OBJECT-TYPE
             SYNTAX                  DisplayString (SIZE (0..32))
             MAX-ACCESS              read-create
             STATUS                  current
             DESCRIPTION
                 "Host or subnet address in CIDR notation (a.b.c.d/n)
                  for which this traffic descriptor (and the
                  associated VPN connection) is responsible. This
                  address is compared to the source address of
                  IP packets sent, when determining the associated
                  IPsec and IKE-SA. The special keyword 'any' means
                  that the address comparison always matches."
             DEFVAL  { "any" }
             ::= { hm2VpnTrafficSelEntry 2 }


hm2VpnTrafficSelDstAddr   OBJECT-TYPE
             SYNTAX                  DisplayString (SIZE (0..32))
             MAX-ACCESS              read-create
             STATUS                  current
             DESCRIPTION
                 "Host or subnet address in CIDR notation (a.b.c.d/n)
                  for which this traffic descriptor (and the
                  associated VPN connection) is responsible. This
                  address is compared to the destination address of
                  IP packets sent, when determining the associated
                  IPsec and IKE-SA. The special keyword 'any' means
                  that the address comparison always matches."
             DEFVAL  { "any" }
             ::= { hm2VpnTrafficSelEntry 3 }


hm2VpnTrafficSelSrcRest   OBJECT-TYPE
             SYNTAX          DisplayString (SIZE (0..32))
             MAX-ACCESS      read-create
             STATUS          current
             DESCRIPTION
                 "The optional source restrictions (names or numbers) 
                 <protocol/port>, e.g.
                 tcp/http  which is equal to 6/80,
                 or udp which is equal to udp/any
                 or /53 which is equal to any/53
                 "
             DEFVAL  { "" }                
             ::= { hm2VpnTrafficSelEntry 4 }


hm2VpnTrafficSelDstRest   OBJECT-TYPE
             SYNTAX          DisplayString (SIZE (0..32))
             MAX-ACCESS      read-create
             STATUS          current
             DESCRIPTION
                 "The optional destination restrictions (names or numbers) 
                 <protocol/port>, e.g.
                 tcp/http  which is equal to 6/80,
                 or udp which is equal to udp/any
                 or /53 which is equal to any/53
                 "
             DEFVAL  { "" }                
             ::= { hm2VpnTrafficSelEntry 5 }


hm2VpnTrafficSelDesc   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                                 "User defined text."
                         DEFVAL  { "" }                
                         ::= { hm2VpnTrafficSelEntry 6 }


hm2VpnTrafficSelRowStatus   OBJECT-TYPE
                         SYNTAX                  RowStatus
                         MAX-ACCESS              read-create
                         STATUS                  current
                         DESCRIPTION
                             "The row status of this table entry. Only traffic
                              selector entries with an 'active' row status will
                              be considered if the connections row status is set
                              'active'. Independent of that dependency any value
                              in this entry can be changed only if the row
                              status is not 'active'."
                         ::= { hm2VpnTrafficSelEntry 7 }
--
-- *************************************************************
-- VPN Certificate Group
-- *************************************************************
--
hm2VpnCertificateUploadPassphrase OBJECT-TYPE
                SYNTAX                  DisplayString (SIZE (0..128))
                MAX-ACCESS              read-write
                STATUS                  current
                DESCRIPTION
                    "Setting the correct passphrase here before uploading an
                    encrypted private key or an encrypted PKCS12 container will
                    trigger the decryption of the uploaded file before storing 
                    on the device. The value cannot be read and is not stored
                    after the file transfer.
                    WARNING: the file is stored unencrypted on the device. Use with
                    care!"
        ::= {hm2VpnCertificateGroup 1 }

hm2VpnCertificateTable        OBJECT-TYPE
             SYNTAX SEQUENCE OF Hm2VpnCertificateEntry
             MAX-ACCESS not-accessible
             STATUS current
             DESCRIPTION
                 "The list of certificates available on the device."
             ::= { hm2VpnCertificateGroup 10 }

hm2VpnCertificateEntry   OBJECT-TYPE
             SYNTAX Hm2VpnCertificateEntry
             MAX-ACCESS not-accessible
             STATUS current
             DESCRIPTION
                 "A certificate file entry. A certificate file which 
                  has been copied to the device and can be used for 
                  VPN connections."
             INDEX { hm2VpnCertificateIndex }
             ::= { hm2VpnCertificateTable 1 }

Hm2VpnCertificateEntry ::= SEQUENCE {
            hm2VpnCertificateIndex              Integer32,
            hm2VpnCertificateSubject            DisplayString,
            hm2VpnCertificateIssuer             DisplayString,
            hm2VpnCertificateStartDate          HmTimeSeconds1970,
            hm2VpnCertificateEndDate            HmTimeSeconds1970,
            hm2VpnCertificateFileName           DisplayString,
            hm2VpnCertificateType               INTEGER,
	        hm2VpnCertificateCertUploadDate     HmTimeSeconds1970, 
            hm2VpnCertificatePrivateKeyStatus   INTEGER,
            hm2VpnCertificatePrivateKeyFile     DisplayString,
            hm2VpnCertificateNoConnections      Integer32,
            hm2VpnCertificateUserActions        INTEGER
			}

hm2VpnCertificateIndex OBJECT-TYPE
			 SYNTAX 		Integer32 (1..100)
			 MAX-ACCESS 	not-accessible
			 STATUS 		current
			 DESCRIPTION
				 "Index of the entry."
			 ::= { hm2VpnCertificateEntry 1 }

			 
hm2VpnCertificateSubject OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE(0..128))
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Subject field of certificate."
			 ::= { hm2VpnCertificateEntry 2 }
	
			 
hm2VpnCertificateIssuer OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE(0..128))
			 MAX-ACCESS 		read-only
			 STATUS 		current
			 DESCRIPTION
				 "Certificate issuer."
			 ::= { hm2VpnCertificateEntry 3 }

hm2VpnCertificateStartDate OBJECT-TYPE
			 SYNTAX 		HmTimeSeconds1970
			 MAX-ACCESS 		read-only
			 STATUS 		current
			 DESCRIPTION
				 "Time and date when certificate is begining
                 to be valid."
			 ::= { hm2VpnCertificateEntry 4 }


hm2VpnCertificateEndDate OBJECT-TYPE
			 SYNTAX 		HmTimeSeconds1970
			 MAX-ACCESS 		read-only
			 STATUS 		current
			 DESCRIPTION
				 "Time and date when certificate will expire."
			 ::= { hm2VpnCertificateEntry 5 }

hm2VpnCertificateFileName OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE(0..64))
			 MAX-ACCESS 		read-only
			 STATUS 		current
			 DESCRIPTION
				 "Name of the file consisting of alphanumeric
				 characters plus hyphen, underscore and dot."
			 ::= { hm2VpnCertificateEntry 6 }
	
hm2VpnCertificateType OBJECT-TYPE
			 SYNTAX 		INTEGER{
				 				ca (1),
				 				peer (2),
                                encryptedkey(3),
				 				pkcs12 (4),
                                encryptedpkcs12(5)
							}
			 MAX-ACCESS 		read-only
			 STATUS 		current
			 DESCRIPTION
				 "Type of the container file used."
			 ::= { hm2VpnCertificateEntry 7 }

hm2VpnCertificateCertUploadDate OBJECT-TYPE
			 SYNTAX 		HmTimeSeconds1970
			 MAX-ACCESS 		read-only
			 STATUS 		current
			 DESCRIPTION
				 "Time and date of last write access using the
				 content of the variable hm2SystemTime."
			 ::= { hm2VpnCertificateEntry 8 }

hm2VpnCertificatePrivateKeyStatus OBJECT-TYPE
             SYNTAX         INTEGER{
                                none(1),
                                present(2),
                                notFound(3)
                            }
            MAX-ACCESS      read-only
            STATUS          current
            DESCRIPTION
                "Shows if a Peer certificate has a private
                key uploaded on the device. A Peer certificate
                cannot be used without a private key uploaded
                to the device. Does not apply to CA certificates."
            ::= { hm2VpnCertificateEntry 9 }

hm2VpnCertificatePrivateKeyFile OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE(0..64))
			 MAX-ACCESS 		read-only
			 STATUS 		current
			 DESCRIPTION
				 "Name of the file consisting of alphanumeric
				 characters plus hyphen, underscore and dot."
			 ::= { hm2VpnCertificateEntry 10 }

hm2VpnCertificateNoConnections OBJECT-TYPE
			 SYNTAX 		Integer32 (0..256)
			 MAX-ACCESS 		read-only
			 STATUS 		current
			 DESCRIPTION
				 "Number of active connections that use this
                 certificate. The certificate cannot be deleted
                 from the device unless there are no active
                 connections using it (this field is set to 0)."
			 ::= { hm2VpnCertificateEntry 11 }

hm2VpnCertificateUserActions OBJECT-TYPE
             SYNTAX         INTEGER{
                                other(1),
                                delete(2)
                            }
            MAX-ACCESS      read-write
            STATUS          current
            DESCRIPTION
                "Provides a way to delete unused certificate
                files from the device. A certificate can only
                be deleted if there are no active connections 
                using it (see hm2VpnCertificateNoConnections).
                Deleting a Peer certificate automatically deletes
                the private key asociated with it (if any)."
            ::= { hm2VpnCertificateEntry 12 }
			 

--
-- *************************************************************
-- VPN SNMP Extension Group (extended error/event handling)
-- *************************************************************
--

hm2VpnMibSNMPExtensionNoTrafficSelector OBJECT-IDENTITY
           STATUS      current
           DESCRIPTION "Indicates that for a VPN connection no active traffic selectors are available."
           ::= { hm2VpnMibSNMPExtensionGroup 1 }

hm2VpnMibSNMPExtensionTooManyActive OBJECT-IDENTITY
           STATUS      current
           DESCRIPTION "Indicates that too many VPN connections are in active state."
           ::= { hm2VpnMibSNMPExtensionGroup 2 }

hm2VpnMibSNMPExtensionTooManyConns OBJECT-IDENTITY
           STATUS      current
           DESCRIPTION "Indicates that too many VPN connections shall be added to the configuration."
           ::= { hm2VpnMibSNMPExtensionGroup 3 }

hm2VpnMibSNMPExtensionActiveRow OBJECT-IDENTITY
           STATUS      current
           DESCRIPTION "Indicates that an active row shall be changed."
           ::= { hm2VpnMibSNMPExtensionGroup 4 }

hm2VpnMibSNMPExtensionInitiatorAny OBJECT-IDENTITY
           STATUS      current
           DESCRIPTION "Indicates that for a VPN connection as initiator the remote end point is set to any."
           ::= { hm2VpnMibSNMPExtensionGroup 5 }

--
-- *************************************************************
-- VPN Trap/Notification Group
-- *************************************************************
--
hm2VpnUpTrap NOTIFICATION-TYPE
    OBJECTS { hm2VpnConnIndex, hm2VpnConnOperStatus }
    STATUS  current
    DESCRIPTION
        "A hm2VpnUpTrap trap signals that a VPN connection
        is about to enter the up state from some other state
        (see 'hm2VpnConnOperStatus')."
    ::= { hm2VpnMibNotifications 1 }

hm2VpnDownTrap NOTIFICATION-TYPE
    OBJECTS { hm2VpnConnIndex, hm2VpnConnOperStatus }
    STATUS  current
    DESCRIPTION
        "A hm2VpnDownTrap trap signals that a VPN connection
        is about to enter the down state from some other state
        (see 'hm2VpnConnOperStatus')."
    ::= { hm2VpnMibNotifications 2 }

END

