-- ====================================================================
-- Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
--
-- Description: The MIB is designed to get IPSec tunnels' statistic information.
-- Reference:
-- Version: 1.5
-- History:
--   V1.0: The initial version created by Caixiansen, Renweichun and
--         Maoyu.
--   V1.1: Modified by Caixiansen Mar.3 2005
--         Two values 'modp1536(5)' and 'modp2048(14)'are added for data
--         type 'HpnicfDiffHellmanGrp'.
--   V1.2: Modified by Sunludong Sep.1 2005
--         Descriptions of node 'hpnicfIPSecTunIKETunnelIndex', 'hpnicfIPSecTunLocalAddr',
--         'hpnicfIPSecTunRemoteAddr', 'hpnicfIPSecTunLifeSize', 'hpnicfIPSecTunLifeTime',
--         'hpnicfIPSecTunRemainTime', 'hpnicfIPSecTunActiveTime', 'hpnicfIPSecTunRemainSize'
--         are modified.
--         Ranges of node 'hpnicfIPSecTunRemainTime', 'hpnicfIPSecTunActiveTime',
--         'hpnicfIPSecTunRemainSize' are modified.
--         Ranges of data type 'HpnicfIPSecNegoType', 'HpnicfEncapMode',
--         'HpnicfEncryptAlgo', 'HpnicfAuthAlgo', 'HpnicfDiffHellmanGrp' are modified.
--   V1.3: Modified by Sunludong Feb.23 2006
--         Range and description of node 'hpnicfIPSecTunInitiator' are modified.
--   V1.4: Modified by liukan Jan.12 2007
--         Range of data type 'HpnicfEncryptAlgo' are modified.
--   V1.5: Modified by Liukan Dec.8 2008
--         Three values 'aesCbc128(9)', 'aesCbc192(10)' and 'aesCbc256(11)' are added
--         to data type 'HpnicfEncryptAlgo'.
--         Data type of node 'hpnicfIPSecTunLifeSize' and 'hpnicfIPSecTunRemainSize' are modified
--         from Integer32 to Gauge32.
-- =====================================================================
HPN-ICF-IPSEC-MONITOR-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        ifIndex
            FROM RFC1213-MIB
        DisplayString,TEXTUAL-CONVENTION
            FROM SNMPv2-TC
        IpAddress, Integer32, Counter32, Counter64, OBJECT-TYPE,
        MODULE-IDENTITY, Gauge32, NOTIFICATION-TYPE, Unsigned32
            FROM SNMPv2-SMI
        MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
            FROM SNMPv2-CONF
        hpnicfCommon
            FROM HPN-ICF-OID-MIB;

    hpnicfIPSecMonitor MODULE-IDENTITY
        LAST-UPDATED "200410260000Z"            -- Oct. 26, 2004  GMT
        ORGANIZATION
            ""
        CONTACT-INFO
            ""
        DESCRIPTION
            "The MIB is designed to get statistic information of
             IPSec tunnels. With this MIB, we can get information of a certain
             tunnel or all tunnels."
        ::= { hpnicfCommon 7 }

    HpnicfDiffHellmanGrp   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The Diffie Hellman Group used in the IKE and IPSec negotiations.
             invalidGroup(2147483647) is defined as invalid value."
        SYNTAX INTEGER {
            none(0),
            modp768(1),
            modp1024(2),
            modp1536(5),
            modp2048(14),
            invalidGroup(2147483647)
        }

    HpnicfEncapMode        ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The encapsulation mode used by an IPSec Phase-2 Tunnel.
             invalidMode(2147483647) is defined as invalid value."
        SYNTAX INTEGER {
            tunnel(1),
            transport(2),
            invalidMode(2147483647)
        }

    HpnicfEncryptAlgo   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The encryption algorithm used in the IKE and IPSec negotiations.
             invalidAlg(2147483647) is defined as invalid value."
        SYNTAX INTEGER {
            none(0),
            desCbc(1),
            ideaCbc(2),
            blowfishCbc(3),
            rc5R16B64Cbc(4),
            tripledesCbc(5),
            castCbc(6),
            aesCbc(7),
            nsaCbc(8),
            aesCbc128(9),
            aesCbc192(10),
            aesCbc256(11),
            invalidAlg(2147483647)
        }

    HpnicfAuthAlgo   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The authentication algorithm used in the IKE negotiations.
             invalidAlg(2147483647) is defined as invalid value."
        SYNTAX INTEGER {
            none(0),
            md5(1),
            sha(2),
            invalidAlg(2147483647)
        }

    HpnicfSaProtocol   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The protocol of security association."
        SYNTAX INTEGER {
            reserved(0),
            isakmp(1),
            ah(2),
            esp(3),
            ipcomp(4)
        }

    HpnicfTrapStatus   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The switch which determines whether send a trap or not."
        SYNTAX INTEGER {
            enabled(1),
            disabled(2)
        }

    HpnicfIPSecIDType   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The type of IPSec Identity."
        SYNTAX INTEGER {
            reserved(0),
            ipv4Addr(1),
            fqdn(2),         -- fully-qualified domain name
            userFqdn(3),     -- fully-qualified username
            ipv4AddrSubnet(4),
            ipv6Addr(5),
            ipv6AddrSubnet(6),
            ipv4AddrRange(7),
            ipv6AddrRange(8),
            derAsn1Dn(9),    -- the binary DER encoding of an ASN.1 X.500 Distinguished
                             -- Name [X.501] of the princIPal whose certificates are
                             -- being exchanged to establish the SA.
            derAsn1Gn(10),   -- the binary DER encoding of an ASN.1 X.500 GeneralName
                             -- [X.509] of the princIPal whose certificates are being
                             -- exchanged to establish the SA.
            keyId(11)        -- specifies an opaque byte stream which may be used to
                             -- pass vendor-specific information necessary to identify
                             -- which pre-shared key should be used to authenticate
                             -- Aggressive mode negotiations.
        }

    HpnicfTrafficType   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The type of the data flow."
        SYNTAX INTEGER {
            ipv4Addr(1),
            ipv4AddrSubnet(4),
            ipv6Addr(5),
            ipv6AddrSubnet(6),
            ipv4AddrRange(7),
            ipv6AddrRange(8)
        }

    HpnicfIPSecNegoType   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The type of key used by an IPSec Phase-2 Tunnel. invalidType(2147483647)
             is defined as invalid value."
        SYNTAX INTEGER {
            ike(1),
            manual(2),
            invalidType(2147483647)
        }

    HpnicfIPSecTunnelState   ::= TEXTUAL-CONVENTION
        STATUS     current
        DESCRIPTION
            "The state of IPSec tunnel."
        SYNTAX INTEGER {
            active(1),
            timeout(2)
        }

-- ========================================================================
-- Node definitions
-- ========================================================================
--Begin the node of hpnicfIPSecObjects.

    hpnicfIPSecObjects OBJECT IDENTIFIER ::= { hpnicfIPSecMonitor 1 }

-- ===============================================
-- Begin the table of hpnicfIPSecTunnelTable.
-- ===============================================

    hpnicfIPSecTunnelTable OBJECT-TYPE
        SYNTAX SEQUENCE OF HpnicfIPSecTunnelEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IPSec Phase-2 Tunnel Table. There is one
             entry in this table for each active IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecObjects 1 }

    hpnicfIPSecTunnelEntry OBJECT-TYPE
        SYNTAX HpnicfIPSecTunnelEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Information about hpnicfIPSecTunnelTable."
        INDEX { hpnicfIPSecTunIfIndex, hpnicfIPSecTunEntryIndex,hpnicfIPSecTunIndex }
        ::= { hpnicfIPSecTunnelTable 1 }

    HpnicfIPSecTunnelEntry ::=
        SEQUENCE {
            hpnicfIPSecTunIfIndex
                Integer32,
            hpnicfIPSecTunEntryIndex
                Integer32,
            hpnicfIPSecTunIndex
                Integer32,
            hpnicfIPSecTunIKETunnelIndex
                Integer32,
            hpnicfIPSecTunLocalAddr
                IpAddress,
            hpnicfIPSecTunRemoteAddr
                IpAddress,
            hpnicfIPSecTunKeyType
                HpnicfIPSecNegoType,
            hpnicfIPSecTunEncapMode
                HpnicfEncapMode,
            hpnicfIPSecTunInitiator
                INTEGER,
            hpnicfIPSecTunLifeSize
                Gauge32,
            hpnicfIPSecTunLifeTime
                Integer32,
            hpnicfIPSecTunRemainTime
                Integer32,
            hpnicfIPSecTunActiveTime
                Integer32,
            hpnicfIPSecTunRemainSize
                Gauge32,
            hpnicfIPSecTunTotalRefreshes
                Counter32,
            hpnicfIPSecTunCurrentSaInstances
                Gauge32,
            hpnicfIPSecTunInSaEncryptAlgo
                HpnicfEncryptAlgo,
            hpnicfIPSecTunInSaAhAuthAlgo
                HpnicfAuthAlgo,
            hpnicfIPSecTunInSaEspAuthAlgo
                HpnicfAuthAlgo,
            hpnicfIPSecTunDiffHellmanGrp
                HpnicfDiffHellmanGrp,
            hpnicfIPSecTunOutSaEncryptAlgo
                HpnicfEncryptAlgo,
            hpnicfIPSecTunOutSaAhAuthAlgo
                HpnicfAuthAlgo,
            hpnicfIPSecTunOutSaEspAuthAlgo
                HpnicfAuthAlgo,
            hpnicfIPSecTunPolicyName
                DisplayString,
            hpnicfIPSecTunPolicyNum
                Integer32,
            hpnicfIPSecTunStatus
                INTEGER
        }

    hpnicfIPSecTunIfIndex OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The interface index( the ifIndex of ifTable )."
        ::= { hpnicfIPSecTunnelEntry 1 }

    hpnicfIPSecTunEntryIndex OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The index of IPSec policy applied in the interface."
        ::= { hpnicfIPSecTunnelEntry 2 }

    hpnicfIPSecTunIndex OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The index of IPSec Phase-2 Tunnel Table. The value of
             the index is a number which begins at one and is
             incremented with each tunnel that is created. The
             value of this object will wrap at 2,147,483,647."
        ::= { hpnicfIPSecTunnelEntry 3 }

    hpnicfIPSecTunIKETunnelIndex OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The index of the associated IPSec Phase-1 IKE Tunnel
             (IKETunIndex in the IKETunnelTable). 2147483647 is defined as
             invalid value. "
        ::= { hpnicfIPSecTunnelEntry 4 }

    hpnicfIPSecTunLocalAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The IP address of the local peer for the IPSec Phase-2
             Tunnel. 0.0.0.0 is defined as invalid value."
        ::= { hpnicfIPSecTunnelEntry 5 }

    hpnicfIPSecTunRemoteAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The IP address of the remote peer for the IPSec Phase-2
             Tunnel. 0.0.0.0 is defined as invalid value."
        ::= { hpnicfIPSecTunnelEntry 6 }

    hpnicfIPSecTunKeyType OBJECT-TYPE
        SYNTAX HpnicfIPSecNegoType
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The key negotiate mode used by the IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelEntry 7 }

    hpnicfIPSecTunEncapMode OBJECT-TYPE
        SYNTAX HpnicfEncapMode
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The encapsulation mode used by the IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelEntry 8 }

    hpnicfIPSecTunInitiator OBJECT-TYPE
        SYNTAX INTEGER
            {
                local(1),
                remote(2),
                none(2147483647)
            }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The initiator of this IPSec tunnel. Value none is used for manual
             IPsec tunnel, for there is no initiator or responder in this method."
        ::= { hpnicfIPSecTunnelEntry 9 }

    hpnicfIPSecTunLifeSize OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The negotiated LifeSize of the IPSec Phase-2 Tunnel in kilobytes.
             0 is defined as invalid value."
        ::= { hpnicfIPSecTunnelEntry 10 }

    hpnicfIPSecTunLifeTime OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The negotiated LifeTime of the IPSec Phase-2 Tunnel in seconds.
             2147483647 is defined as invalid value."
        ::= { hpnicfIPSecTunnelEntry 11 }

    hpnicfIPSecTunRemainTime OBJECT-TYPE
        SYNTAX Integer32 (0..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The remain time of SA in seconds. 2147483647 is defined as invalid
             value."
        ::= { hpnicfIPSecTunnelEntry 12 }

    hpnicfIPSecTunActiveTime OBJECT-TYPE
        SYNTAX Integer32 (0..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The duration the IPSec Phase-2 Tunnel has been active in
             hundredths of seconds. 2147483647 is defined as invalid value."
        ::= { hpnicfIPSecTunnelEntry 13 }

    hpnicfIPSecTunRemainSize OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The remain LifeSize of SA in kilobytes. 0 is defined as
             invalid value."
        ::= { hpnicfIPSecTunnelEntry 14 }

    hpnicfIPSecTunTotalRefreshes OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of security association refreshing performed."
        ::= { hpnicfIPSecTunnelEntry 15 }

    hpnicfIPSecTunCurrentSaInstances OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The number of security associations which are currently active
             or expiring."
        ::= { hpnicfIPSecTunnelEntry 16 }

    hpnicfIPSecTunInSaEncryptAlgo OBJECT-TYPE
        SYNTAX HpnicfEncryptAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The encryption algorithm used by the inbound security association
             of the IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelEntry 17 }

    hpnicfIPSecTunInSaAhAuthAlgo OBJECT-TYPE
        SYNTAX HpnicfAuthAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The authentication algorithm used by the inbound authentication
             header (AH) security association of the IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelEntry 18 }

    hpnicfIPSecTunInSaEspAuthAlgo OBJECT-TYPE
        SYNTAX HpnicfAuthAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The authentication algorithm used by the inbound encapsulation
             security protocol(ESP) security association of the IPSec
             Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelEntry 19 }

    hpnicfIPSecTunDiffHellmanGrp OBJECT-TYPE
        SYNTAX HpnicfDiffHellmanGrp
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The Diffie Hellman Group used by the security association of the
             IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelEntry 20 }

    hpnicfIPSecTunOutSaEncryptAlgo OBJECT-TYPE
        SYNTAX HpnicfEncryptAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The encryption algorithm used by the outbound security
             association of the IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelEntry 21 }

    hpnicfIPSecTunOutSaAhAuthAlgo OBJECT-TYPE
        SYNTAX HpnicfAuthAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The authentication algorithm used by the outbound
             authentication header (AH) security association of
             the IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelEntry 22 }

    hpnicfIPSecTunOutSaEspAuthAlgo OBJECT-TYPE
        SYNTAX HpnicfAuthAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The authentication algorithm used by the outbound encapsulation
             security protocol(ESP) security association of the IPSec
             Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelEntry 23 }

    hpnicfIPSecTunPolicyName OBJECT-TYPE
        SYNTAX DisplayString
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The policy name used by this IPSec tunnel."
        ::= { hpnicfIPSecTunnelEntry 24 }

    hpnicfIPSecTunPolicyNum OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The sequence number of policy used by this IPSec tunnel."
        ::= { hpnicfIPSecTunnelEntry 25 }

    hpnicfIPSecTunStatus OBJECT-TYPE
        SYNTAX INTEGER
            {
                initial(1),
                ready(2),
                rekeyed(3),
                closed(4)
            }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The status of the IPSec Tunnel."
        ::= { hpnicfIPSecTunnelEntry 26 }

-- ===============================================
-- Begin the table of hpnicfIPSecTunnelStatTable.
-- ===============================================

    hpnicfIPSecTunnelStatTable OBJECT-TYPE
        SYNTAX SEQUENCE OF HpnicfIPSecTunnelStatEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IPSec Phase-2 Tunnel Statistics Table. "
        ::= { hpnicfIPSecObjects 2 }

    hpnicfIPSecTunnelStatEntry OBJECT-TYPE
        SYNTAX HpnicfIPSecTunnelStatEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Information about hpnicfIPSecTunnelStatTable."
        INDEX { hpnicfIPSecTunIfIndex,hpnicfIPSecTunEntryIndex,hpnicfIPSecTunIndex }
        ::= { hpnicfIPSecTunnelStatTable 1 }

    HpnicfIPSecTunnelStatEntry ::=
        SEQUENCE {
            hpnicfIPSecTunInOctets
                Counter64,
            hpnicfIPSecTunInDecompOctets
                Counter64,
            hpnicfIPSecTunInPkts
                Counter64,
            hpnicfIPSecTunInDropPkts
                Counter64,
            hpnicfIPSecTunInReplayDropPkts
                Counter32,
            hpnicfIPSecTunInAuthFails
                Counter32,
            hpnicfIPSecTunInDecryptFails
                Counter32,
            hpnicfIPSecTunOutOctets
                Counter64,
            hpnicfIPSecTunOutUncompOctets
                Counter64,
            hpnicfIPSecTunOutPkts
                Counter64,
            hpnicfIPSecTunOutDropPkts
                Counter64,
            hpnicfIPSecTunOutEncryptFails
                Counter32,
            hpnicfIPSecTunNoMemoryDropPkts
                Counter32,
            hpnicfIPSecTunQueueFullDropPkts
                Counter32,
            hpnicfIPSecTunInvalidLenDropPkts
                Counter32,
            hpnicfIPSecTunTooLongDropPkts
                Counter32,
            hpnicfIPSecTunInvalidSaDropPkts
                Counter32
        }

    hpnicfIPSecTunInOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of octets received by this IPSec Phase-2 Tunnel.
             This value is accumulated BEFORE determining whether or not the
             packet should be decompressed."
        ::= { hpnicfIPSecTunnelStatEntry 1 }

    hpnicfIPSecTunInDecompOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of decompressed octets received by this IPSec
             Phase-2 Tunnel. This value is accumulated AFTER the packet
             is decompressed."
        ::= { hpnicfIPSecTunnelStatEntry 2 }

    hpnicfIPSecTunInPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets received by this IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 3 }

    hpnicfIPSecTunInDropPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped during receiving process
             by this IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 4 }

    hpnicfIPSecTunInReplayDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped during
             receiving process due to Anti-Replay process
             by this IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 5 }

    hpnicfIPSecTunInAuthFails OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of inbound authentication's
             which ended in failure by this IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 6 }

    hpnicfIPSecTunInDecryptFails OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of inbound decryption's
             which ended in failure by this IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 7 }

    hpnicfIPSecTunOutOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of octets sent by this IPSec Phase-2 Tunnel.
             This value is accumulated AFTER determining whether or not
             the packet should be compressed."
        ::= { hpnicfIPSecTunnelStatEntry 8 }

    hpnicfIPSecTunOutUncompOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of uncompressed octets sent by this IPSec Phase-2
             Tunnel.This value is accumulated BEFORE the packet is compressed."
        ::= { hpnicfIPSecTunnelStatEntry 9 }

    hpnicfIPSecTunOutPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets sent by this IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 10 }

    hpnicfIPSecTunOutDropPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped during sending process
             by this IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 11 }

    hpnicfIPSecTunOutEncryptFails OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of outbound encryption's which ended in failure
             by this IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 12 }

    hpnicfIPSecTunNoMemoryDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to no enough memory by this
             IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 13 }

    hpnicfIPSecTunQueueFullDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to queue full by this
             IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 14 }

    hpnicfIPSecTunInvalidLenDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to invalid length packet
             by this IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 15 }

    hpnicfIPSecTunTooLongDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to too long packet by this
             IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 16 }

    hpnicfIPSecTunInvalidSaDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to invalid SA by this
             IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecTunnelStatEntry 17 }

-- ===============================================
-- Begin the table of hpnicfIPSecSaTable.
-- ===============================================

    hpnicfIPSecSaTable OBJECT-TYPE
        SYNTAX SEQUENCE OF HpnicfIPSecSaEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IPSec Phase-2 Security Protection Index Table.  This table
             contains an entry for each active and expiring security association."
        ::= { hpnicfIPSecObjects 3 }

    hpnicfIPSecSaEntry OBJECT-TYPE
        SYNTAX HpnicfIPSecSaEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Information about hpnicfIPSecSaTable."
        INDEX { hpnicfIPSecTunIfIndex,hpnicfIPSecTunEntryIndex,hpnicfIPSecTunIndex,hpnicfIPSecSaIndex }
        ::= { hpnicfIPSecSaTable 1 }

    HpnicfIPSecSaEntry ::=
        SEQUENCE {
            hpnicfIPSecSaIndex
                Integer32,
            hpnicfIPSecSaDirection
                INTEGER,
            hpnicfIPSecSaValue
                Unsigned32,
            hpnicfIPSecSaProtocol
                HpnicfSaProtocol,
            hpnicfIPSecSaEncryptAlgo
                HpnicfEncryptAlgo,
            hpnicfIPSecSaAuthAlgo
                HpnicfAuthAlgo,
            hpnicfIPSecSaStatus
                INTEGER
        }

    hpnicfIPSecSaIndex OBJECT-TYPE
        SYNTAX Integer32 (1..2147483647)
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The number of the Sa associated with the Phase-2 Tunnel
             Table.  The value of this index is a number which begins
             at one and is incremented with each Sa associated with
             an IPSec Phase-2 Tunnel.  The value of this object will
             wrap at 2,147,483,647."
        ::= { hpnicfIPSecSaEntry 1 }

    hpnicfIPSecSaDirection OBJECT-TYPE
        SYNTAX INTEGER {
            in(1),
            out(2)
        }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The direction of the SA."
        ::= { hpnicfIPSecSaEntry 2 }

    hpnicfIPSecSaValue OBJECT-TYPE
        SYNTAX Unsigned32 (1..4294967295)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The value of the SPI."
        ::= { hpnicfIPSecSaEntry 3 }

    hpnicfIPSecSaProtocol OBJECT-TYPE
        SYNTAX HpnicfSaProtocol
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The security protocol of the SA."
        ::= { hpnicfIPSecSaEntry 4 }

    hpnicfIPSecSaEncryptAlgo OBJECT-TYPE
        SYNTAX HpnicfEncryptAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The encryption algorithm used by the security association
             of the IPSec Phase-2 Tunnel."
        ::= { hpnicfIPSecSaEntry 5 }

    hpnicfIPSecSaAuthAlgo OBJECT-TYPE
        SYNTAX HpnicfAuthAlgo
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The authentication algorithm used by the SA."
        ::= { hpnicfIPSecSaEntry 6 }

    hpnicfIPSecSaStatus OBJECT-TYPE
        SYNTAX INTEGER {
            active(1),
            expiring(2)
        }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The status of the SA."
        ::= { hpnicfIPSecSaEntry 7 }

-- ===============================================
-- Begin the table of hpnicfIPSecTrafficTable.
-- ===============================================

    hpnicfIPSecTrafficTable OBJECT-TYPE
        SYNTAX SEQUENCE OF HpnicfIPSecTrafficEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IPSec Phase-2 Tunnel Traffic Table. "
        ::= { hpnicfIPSecObjects 4 }

    hpnicfIPSecTrafficEntry OBJECT-TYPE
        SYNTAX HpnicfIPSecTrafficEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Information about hpnicfIPSecTrafficTable."
        INDEX { hpnicfIPSecTunIfIndex,hpnicfIPSecTunEntryIndex,hpnicfIPSecTunIndex }
        ::= { hpnicfIPSecTrafficTable 1 }

    HpnicfIPSecTrafficEntry ::=
        SEQUENCE {
            hpnicfIPSecTrafficLocalType
                HpnicfTrafficType,
            hpnicfIPSecTrafficLocalAddr1
                IpAddress,
            hpnicfIPSecTrafficLocalAddr2
                IpAddress,
            hpnicfIPSecTrafficLocalProtocol
                Integer32,
            hpnicfIPSecTrafficLocalPort
                Integer32,
            hpnicfIPSecTrafficRemoteType
                HpnicfTrafficType,
            hpnicfIPSecTrafficRemoteAddr1
                IpAddress,
            hpnicfIPSecTrafficRemoteAddr2
                IpAddress,
            hpnicfIPSecTrafficRemoteProtocol
                Integer32,
            hpnicfIPSecTrafficRemotePort
                Integer32
    }

    hpnicfIPSecTrafficLocalType OBJECT-TYPE
        SYNTAX HpnicfTrafficType
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The type of local peer. Possible values are: a single
             IP address, or an IP address range, or an IP subnet."
        ::= { hpnicfIPSecTrafficEntry 1 }

    hpnicfIPSecTrafficLocalAddr1 OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The first specification of local peer's IP address. If
             the local peer type is single IP address, then this is the
             value of the IP address. If the local peer type is IP subnet,
             then this is the value of the subnet. If the local peer type
             is IP address range, then this is the value of beginning IP
             address of the range."
        ::= { hpnicfIPSecTrafficEntry 2 }

    hpnicfIPSecTrafficLocalAddr2 OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The second specification of local peer's IP address. If the local
             peer type is single IP address, then this is the value of the
             IP address. If the local peer type is IP subnet, then this is
             the value of the subnet mask. If the local peer type is IP
             address range, then this is the value of ending IP address of
             the range."
        ::= { hpnicfIPSecTrafficEntry 3 }

    hpnicfIPSecTrafficLocalProtocol OBJECT-TYPE
        SYNTAX Integer32 (0..255)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The protocol number of the local peer's traffic."
        ::= { hpnicfIPSecTrafficEntry 4 }

    hpnicfIPSecTrafficLocalPort OBJECT-TYPE
        SYNTAX Integer32 (0..65535)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The port number of the local peer's traffic."
        ::= { hpnicfIPSecTrafficEntry 5 }

    hpnicfIPSecTrafficRemoteType OBJECT-TYPE
        SYNTAX HpnicfTrafficType
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The type of remote peer. Possible values are: a single
             IP address, or an IP address range, or an IP subnet."
        ::= { hpnicfIPSecTrafficEntry 6 }

    hpnicfIPSecTrafficRemoteAddr1 OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The first specification of remote peer's IP address.
             If the remote peer type is single IP address, then
             this is the value of the IP address. If the remote
             peer type is IP subnet, then this is the value
             of the subnet. If the remote peer type is IP
             address range, then this is the value of beginning
             IP address of the range."
        ::= { hpnicfIPSecTrafficEntry 7 }

    hpnicfIPSecTrafficRemoteAddr2 OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Single IP address, then this is the value of the IP
             address. If the remote peer type is IP subnet,
             then this is the value of the subnet mask. If the
             remote peer type is IP address range, then this
             is the value of ending IP address of the range."
        ::= { hpnicfIPSecTrafficEntry 8 }

    hpnicfIPSecTrafficRemoteProtocol OBJECT-TYPE
        SYNTAX Integer32 (0..255)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The protocol number of the remote peer's traffic."
        ::= { hpnicfIPSecTrafficEntry 9 }

    hpnicfIPSecTrafficRemotePort OBJECT-TYPE
        SYNTAX Integer32 (0..65535)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The port number of the remote peer's traffic."
        ::= { hpnicfIPSecTrafficEntry 10 }

-- ===============================================
-- Begin the hpnicfIPSecGlobalStats.
-- ===============================================

    hpnicfIPSecGlobalStats OBJECT IDENTIFIER ::= { hpnicfIPSecObjects 5 }

    hpnicfIPSecGlobalActiveTunnels OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of currently active  IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 1 }

    hpnicfIPSecGlobalActiveSas OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of currently active or expiring IPSec Phase-2 SA."
        ::= { hpnicfIPSecGlobalStats 2 }

    hpnicfIPSecGlobalInOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of octets received by all current and previous
             IPSec Phase-2 Tunnels. This value is accumulated BEFORE determining
             whether or not the packet should be decompressed."
        ::= { hpnicfIPSecGlobalStats 3 }

    hpnicfIPSecGlobalInDecompOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of decompressed octets received by all current
             and previous IPSec Phase-2 Tunnels. This value is accumulated
             AFTER the packet is decompressed."
        ::= { hpnicfIPSecGlobalStats 4 }

    hpnicfIPSecGlobalInPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets received by all current and
             previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 5 }

    hpnicfIPSecGlobalInDrops OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped during receiving
             process by all current and previous IPSec Phase-2
             Tunnels. "
        ::= { hpnicfIPSecGlobalStats 6 }

    hpnicfIPSecGlobalInReplayDrops OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped during receiving
             process due to Anti-Replay process by all
             current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 7 }

    hpnicfIPSecGlobalInAuthFails OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of inbound authentication's which ended
             in failure by all current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 8 }

    hpnicfIPSecGlobalInDecryptFails OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of inbound decryption's which ended in
             failure by all current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 9 }

    hpnicfIPSecGlobalOutOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of octets sent by all current and previous
             IPSec Phase-2 Tunnels. This value is accumulated AFTER
             determining whether or not the packet should be compressed."
        ::= { hpnicfIPSecGlobalStats 10 }

    hpnicfIPSecGlobalOutUncompOctets OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of uncompressed octets sent by all current
             and previous IPSec Phase-2 Tunnels. This value is accumulated
             BEFORE the packet is compressed."
        ::= { hpnicfIPSecGlobalStats 11 }

    hpnicfIPSecGlobalOutPkts OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets sent by all current and previous
             IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 12 }

    hpnicfIPSecGlobalOutDrops OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped during sending process
             by all current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 13 }

    hpnicfIPSecGlobalOutEncryptFails OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of outbound encryption's which ended in failure
             by all current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 14 }

    hpnicfIPSecGlobalNoMemoryDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to no enough memory
             by all current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 15 }

    hpnicfIPSecGlobalNoFindSaDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to not find SA by
             all current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 16 }

    hpnicfIPSecGlobalQueueFullDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to queue full by
             all current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 17 }

    hpnicfIPSecGlobalInvalidLenDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to invalid packet
             length by all current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 18 }

    hpnicfIPSecGlobalTooLongDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to too long packet by
             all current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 19 }

    hpnicfIPSecGlobalInvalidSaDropPkts OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The total number of packets dropped due to invalid SA by all
             current and previous IPSec Phase-2 Tunnels."
        ::= { hpnicfIPSecGlobalStats 20 }

-- ===============================================
-- Begin the hpnicfIPSecTrapObject.
-- ===============================================

    hpnicfIPSecTrapObject OBJECT IDENTIFIER ::= { hpnicfIPSecObjects 6 }

    hpnicfIPSecPolicyName OBJECT-TYPE
        SYNTAX DisplayString
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The IPSec policy name with a trap."
        ::= { hpnicfIPSecTrapObject 1 }

    hpnicfIPSecPolicySeqNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The IPSec policy sequence number with a trap."
        ::= { hpnicfIPSecTrapObject 2 }

    hpnicfIPSecPolicySize OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The number of IPSec policies with a trap."
        ::= { hpnicfIPSecTrapObject 3 }

    hpnicfIPSecSpiValue OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The SPI value associated with a trap."
        ::= { hpnicfIPSecTrapObject 4 }

-- ===============================================
-- Begin the hpnicfIPSecTrapCntl.
-- ===============================================


    hpnicfIPSecTrapCntl OBJECT IDENTIFIER ::= { hpnicfIPSecObjects 7 }

    hpnicfIPSecTrapGlobalCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether all IPSec traps should be generated."
        ::= { hpnicfIPSecTrapCntl 1 }

    hpnicfIPSecTunnelStartTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSecTunnelStart traps should be generated."
        ::= { hpnicfIPSecTrapCntl 2 }

    hpnicfIPSecTunnelStopTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSecTunnelStop traps should be generated."
        ::= { hpnicfIPSecTrapCntl 3 }

    hpnicfIPSecNoSaTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSecNoSaFailure traps should be generated."
        ::= { hpnicfIPSecTrapCntl 4 }

    hpnicfIPSecAuthFailureTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSecAuthFailFailure traps should be generated."
        ::= { hpnicfIPSecTrapCntl 5 }

    hpnicfIPSecEncryFailureTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSecEncryFailFailure traps should be generated."
        ::= { hpnicfIPSecTrapCntl 6 }

    hpnicfIPSecDecryFailureTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSecDecryFailFailure traps should be generated."
        ::= { hpnicfIPSecTrapCntl 7 }

    hpnicfIPSecInvalidSaTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSec Invalid Sa Failure traps should be generated."
        ::= { hpnicfIPSecTrapCntl 8 }

    hpnicfIPSecPolicyAddTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSecPolicyAdd traps should be generated."
        ::= { hpnicfIPSecTrapCntl 9 }

    hpnicfIPSecPolicyDelTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSecPolicyDel traps should be generated."
        ::= { hpnicfIPSecTrapCntl 10 }

    hpnicfIPSecPolicyAttachTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSecPolicyAttach traps should be generated."
        ::= { hpnicfIPSecTrapCntl 11 }

    hpnicfIPSecPolicyDetachTrapCntl OBJECT-TYPE
        SYNTAX HpnicfTrapStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Indicates whether hpnicfIPSecPolicyDetach traps should be generated."
        ::= { hpnicfIPSecTrapCntl 12 }

-- ===============================================
-- definition of traps.
-- ===============================================

    hpnicfIPSecTrap OBJECT IDENTIFIER ::= { hpnicfIPSecObjects 8 }

    hpnicfIPSecNotifications OBJECT IDENTIFIER ::= { hpnicfIPSecTrap 1 }

    hpnicfIPSecTunnelStart NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecTunLocalAddr,
                  hpnicfIPSecTunRemoteAddr,
                  hpnicfIPSecTunLifeTime,
                  hpnicfIPSecTunLifeSize
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when an IPSec Phase-2
             Tunnel is created."
        ::= { hpnicfIPSecNotifications 1 }

    hpnicfIPSecTunnelStop NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecTunLocalAddr,
                  hpnicfIPSecTunRemoteAddr,
                  hpnicfIPSecTunActiveTime
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when an IPSec Phase-2
             Tunnel is deleted."
        ::= { hpnicfIPSecNotifications 2 }

    hpnicfIPSecNoSaFailure NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecTunLocalAddr,
                  hpnicfIPSecTunRemoteAddr
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when an IPSec Phase-2
             non-existent SA error occurs."
        ::= { hpnicfIPSecNotifications 3 }

    hpnicfIPSecAuthFailFailure NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecTunLocalAddr,
                  hpnicfIPSecTunRemoteAddr
                  }
        STATUS     current
        DESCRIPTION
            "This notification is generated when the IPSec phase-2
             authentication failure occurs."
        ::= { hpnicfIPSecNotifications 4 }

    hpnicfIPSecEncryFailFailure NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecTunLocalAddr,
                  hpnicfIPSecTunRemoteAddr
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when the IPSec phase-2
             tunnel has an encrypting failure."
        ::= { hpnicfIPSecNotifications 5 }

    hpnicfIPSecDecryFailFailure NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecTunLocalAddr,
                  hpnicfIPSecTunRemoteAddr
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when the IPSec phase-2
             tunnel has a decrypting failure."
        ::= { hpnicfIPSecNotifications 6 }

    hpnicfIPSecInvalidSaFailure NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecTunLocalAddr,
                  hpnicfIPSecTunRemoteAddr,
                  hpnicfIPSecSpiValue
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when the IPSec phase-2
             invalid SA failure occurs."
        ::= { hpnicfIPSecNotifications 7 }

    hpnicfIPSecPolicyAdd NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecPolicyName,
                  hpnicfIPSecPolicySeqNum,
                  hpnicfIPSecPolicySize
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when an IPSec policy is added."
        ::= { hpnicfIPSecNotifications 8 }

    hpnicfIPSecPolicyDel NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecPolicyName,
                  hpnicfIPSecPolicySeqNum,
                  hpnicfIPSecPolicySize
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when an IPSec policy is deleted."
        ::= { hpnicfIPSecNotifications 9 }

    hpnicfIPSecPolicyAttach NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecPolicyName,
                  hpnicfIPSecPolicySize,
                  ifIndex
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when an IPSec policy is attached
             with one interface."
        ::= { hpnicfIPSecNotifications 10 }

    hpnicfIPSecPolicyDetach NOTIFICATION-TYPE
        OBJECTS { hpnicfIPSecPolicyName,
                  hpnicfIPSecPolicySize,
                  ifIndex
                }
        STATUS     current
        DESCRIPTION
            "This notification is generated when an IPSec policy is detached
             with one interface."
        ::= { hpnicfIPSecNotifications 11 }

-- ===============================================
-- Conformance Information
-- ===============================================
    hpnicfIPSecConformance   OBJECT IDENTIFIER
        ::= { hpnicfIPSecMonitor 2 }
    hpnicfIPSecCompliances   OBJECT IDENTIFIER
        ::= { hpnicfIPSecConformance 1 }
    hpnicfIPSecGroups        OBJECT IDENTIFIER
        ::= { hpnicfIPSecConformance 2 }

-- ===============================================
-- Compliance Statements
-- ===============================================
    hpnicfIPSecCompliance MODULE-COMPLIANCE
        STATUS current
        DESCRIPTION
            " "
        MODULE -- this module
        MANDATORY-GROUPS
            {
                hpnicfIPSecTunnelTableGroup,
                hpnicfIPSecTunnelStatGroup,
                hpnicfIPSecSaGroup,
                hpnicfIPSecTrafficTableGroup,
                hpnicfIPSecGlobalStatsGroup,
                hpnicfIPSecTrapObjectGroup,
                hpnicfIPSecTrapCntlGroup,
                hpnicfIPSecTrapGroup
            }
        ::= { hpnicfIPSecCompliances 1 }

    hpnicfIPSecTunnelTableGroup OBJECT-GROUP
        OBJECTS {
                    hpnicfIPSecTunIKETunnelIndex,
                    hpnicfIPSecTunLocalAddr,
                    hpnicfIPSecTunRemoteAddr,
                    hpnicfIPSecTunKeyType,
                    hpnicfIPSecTunEncapMode,
                    hpnicfIPSecTunInitiator,
                    hpnicfIPSecTunLifeSize,
                    hpnicfIPSecTunLifeTime,
                    hpnicfIPSecTunRemainTime,
                    hpnicfIPSecTunActiveTime,
                    hpnicfIPSecTunRemainSize,
                    hpnicfIPSecTunTotalRefreshes,
                    hpnicfIPSecTunCurrentSaInstances,
                    hpnicfIPSecTunInSaEncryptAlgo,
                    hpnicfIPSecTunInSaAhAuthAlgo,
                    hpnicfIPSecTunInSaEspAuthAlgo,
                    hpnicfIPSecTunDiffHellmanGrp,
                    hpnicfIPSecTunOutSaEncryptAlgo,
                    hpnicfIPSecTunOutSaAhAuthAlgo,
                    hpnicfIPSecTunOutSaEspAuthAlgo,
                    hpnicfIPSecTunPolicyName,
                    hpnicfIPSecTunPolicyNum,
                    hpnicfIPSecTunStatus
                }
        STATUS current
        DESCRIPTION
            "The group contains the IPSec tunnel's property information."
        ::= { hpnicfIPSecGroups 1 }

    hpnicfIPSecTunnelStatGroup OBJECT-GROUP
        OBJECTS {
                    hpnicfIPSecTunInOctets,
                    hpnicfIPSecTunInDecompOctets,
                    hpnicfIPSecTunInPkts,
                    hpnicfIPSecTunInDropPkts,
                    hpnicfIPSecTunInReplayDropPkts,
                    hpnicfIPSecTunInAuthFails,
                    hpnicfIPSecTunInDecryptFails,
                    hpnicfIPSecTunOutOctets,
                    hpnicfIPSecTunOutUncompOctets,
                    hpnicfIPSecTunOutPkts,
                    hpnicfIPSecTunOutDropPkts,
                    hpnicfIPSecTunOutEncryptFails,
                    hpnicfIPSecTunNoMemoryDropPkts,
                    hpnicfIPSecTunQueueFullDropPkts,
                    hpnicfIPSecTunInvalidLenDropPkts,
                    hpnicfIPSecTunTooLongDropPkts,
                    hpnicfIPSecTunInvalidSaDropPkts
                }
        STATUS current
        DESCRIPTION
            "The group contains the IPSec tunnel's statistic information."
        ::= { hpnicfIPSecGroups 2 }

    hpnicfIPSecSaGroup OBJECT-GROUP
        OBJECTS {
                    hpnicfIPSecSaDirection,
                    hpnicfIPSecSaValue,
                    hpnicfIPSecSaProtocol,
                    hpnicfIPSecSaEncryptAlgo,
                    hpnicfIPSecSaAuthAlgo,
                    hpnicfIPSecSaStatus
                }
        STATUS current
        DESCRIPTION
            "The group contains the SA's property information."
        ::= { hpnicfIPSecGroups 3 }

    hpnicfIPSecTrafficTableGroup OBJECT-GROUP
        OBJECTS {
                    hpnicfIPSecTrafficLocalType,
                    hpnicfIPSecTrafficLocalAddr1,
                    hpnicfIPSecTrafficLocalAddr2,
                    hpnicfIPSecTrafficLocalProtocol,
                    hpnicfIPSecTrafficLocalPort,
                    hpnicfIPSecTrafficRemoteType,
                    hpnicfIPSecTrafficRemoteAddr1,
                    hpnicfIPSecTrafficRemoteAddr2,
                    hpnicfIPSecTrafficRemoteProtocol,
                    hpnicfIPSecTrafficRemotePort
                }
        STATUS current
        DESCRIPTION
            "The group contains the property information of the
             data flow protected by IPSec tunnel."
        ::= { hpnicfIPSecGroups 4 }

    hpnicfIPSecGlobalStatsGroup OBJECT-GROUP
        OBJECTS {
                    hpnicfIPSecGlobalActiveTunnels,
                    hpnicfIPSecGlobalActiveSas,
                    hpnicfIPSecGlobalInOctets,
                    hpnicfIPSecGlobalInDecompOctets,
                    hpnicfIPSecGlobalInPkts,
                    hpnicfIPSecGlobalInDrops,
                    hpnicfIPSecGlobalInReplayDrops,
                    hpnicfIPSecGlobalInAuthFails,
                    hpnicfIPSecGlobalInDecryptFails,
                    hpnicfIPSecGlobalOutOctets,
                    hpnicfIPSecGlobalOutUncompOctets,
                    hpnicfIPSecGlobalOutPkts,
                    hpnicfIPSecGlobalOutDrops,
                    hpnicfIPSecGlobalOutEncryptFails,
                    hpnicfIPSecGlobalNoMemoryDropPkts,
                    hpnicfIPSecGlobalNoFindSaDropPkts,
                    hpnicfIPSecGlobalQueueFullDropPkts,
                    hpnicfIPSecGlobalInvalidLenDropPkts,
                    hpnicfIPSecGlobalTooLongDropPkts,
                    hpnicfIPSecGlobalInvalidSaDropPkts
                }
        STATUS current
        DESCRIPTION
            "The group contains all of the IPSec tunnel's statistic
             information."
        ::= { hpnicfIPSecGroups 5 }

    hpnicfIPSecTrapObjectGroup OBJECT-GROUP
        OBJECTS {
                    hpnicfIPSecPolicyName,
                    hpnicfIPSecPolicySeqNum,
                    hpnicfIPSecPolicySize,
                    hpnicfIPSecSpiValue
                }
        STATUS current
        DESCRIPTION
            "The group contains all of trap objects of IPSec tunnels."
        ::= { hpnicfIPSecGroups 6 }

    hpnicfIPSecTrapCntlGroup OBJECT-GROUP
        OBJECTS {
                    hpnicfIPSecTrapGlobalCntl,
                    hpnicfIPSecTunnelStartTrapCntl,
                    hpnicfIPSecTunnelStopTrapCntl,
                    hpnicfIPSecNoSaTrapCntl,
                    hpnicfIPSecAuthFailureTrapCntl,
                    hpnicfIPSecEncryFailureTrapCntl,
                    hpnicfIPSecDecryFailureTrapCntl,
                    hpnicfIPSecInvalidSaTrapCntl,
                    hpnicfIPSecPolicyAddTrapCntl,
                    hpnicfIPSecPolicyDelTrapCntl,
                    hpnicfIPSecPolicyAttachTrapCntl,
                    hpnicfIPSecPolicyDetachTrapCntl
                }
        STATUS current
        DESCRIPTION
            "The group contains all of trap switches of IPSec tunnels."
        ::= { hpnicfIPSecGroups 7 }

    hpnicfIPSecTrapGroup NOTIFICATION-GROUP
        NOTIFICATIONS {
                          hpnicfIPSecTunnelStart,
                          hpnicfIPSecTunnelStop,
                          hpnicfIPSecNoSaFailure,
                          hpnicfIPSecAuthFailFailure,
                          hpnicfIPSecEncryFailFailure,
                          hpnicfIPSecDecryFailFailure,
                          hpnicfIPSecInvalidSaFailure,
                          hpnicfIPSecPolicyAdd,
                          hpnicfIPSecPolicyDel,
                          hpnicfIPSecPolicyAttach,
                          hpnicfIPSecPolicyDetach
                      }
        STATUS current
        DESCRIPTION
            "The group contains all of trap of IPSec tunnels."
        ::= { hpnicfIPSecGroups 8 }


END

