TIMETRA-IPSEC-MIB DEFINITIONS ::= BEGIN

IMPORTS
    CounterBasedGauge64
                                                         FROM HCNUM-TC
    InterfaceIndex
                                                         FROM IF-MIB
    InetAddress, InetAddressPrefixLength,
    InetAddressType, InetPortNumber
                                                         FROM INET-ADDRESS-MIB
    MODULE-COMPLIANCE, NOTIFICATION-GROUP,
    OBJECT-GROUP
                                                         FROM SNMPv2-CONF
    Counter32, Counter64, Gauge32,
    Integer32, MODULE-IDENTITY,
    NOTIFICATION-TYPE, OBJECT-TYPE,
    Unsigned32
                                                         FROM SNMPv2-SMI
    DateAndTime, DisplayString, RowStatus,
    StorageType, TEXTUAL-CONVENTION,
    TimeStamp, TruthValue
                                                         FROM SNMPv2-TC
    TmnxHwIndexOrZero, tmnxCardSlotNum,
    tmnxChassisIndex, tmnxIPsecIsaGrpId,
    tmnxMDASlotNum
                                                         FROM TIMETRA-CHASSIS-MIB
    TFilterID
                                                         FROM TIMETRA-FILTER-MIB
    timetraSRMIBModules, tmnxSRConfs,
    tmnxSRNotifyPrefix, tmnxSRObjs
                                                         FROM TIMETRA-GLOBAL-MIB
    sapEncapValue, sapPortId
                                                         FROM TIMETRA-SAP-MIB
    svcId
                                                         FROM TIMETRA-SERV-MIB
    TEntryId, TItemDescription,
    TItemLongDescription,
    TLNamedItemOrEmpty, TNamedItem,
    TNamedItemOrEmpty, TTcpUdpPort,
    TmnxAdminState, TmnxBfdSessOperState,
    TmnxEnabledDisabled,
    TmnxIPsecTunnelTemplateId,
    TmnxIPsecTunnelTemplateIdOrZero,
    TmnxIkePolicyAuthMethod,
    TmnxIkePolicyAutoEapMethod,
    TmnxIkePolicyAutoEapOwnMethod,
    TmnxIkePolicyOwnAuthMethod,
    TmnxOperState, TmnxServId,
    TmnxTunnelGroupIdOrZero, TmnxVRtrID,
    TmnxVRtrIDOrZero
                                                         FROM TIMETRA-TC-MIB
    vRtrID, vRtrIfIndex
                                                         FROM TIMETRA-VRTR-MIB
    ;

timetraIPsecMIBModule            MODULE-IDENTITY
    LAST-UPDATED "201701010000Z"
    ORGANIZATION "Nokia"
    CONTACT-INFO
        "Nokia SROS Support
         Web: http://www.nokia.com"
    DESCRIPTION
        "This document is the SNMP MIB  module to manage and provision
         the  Nokia SROS device with IPsec tunneling, encryption
         and other related features.

         Copyright 2008-2018 Nokia. All rights reserved.
         Reproduction of  this document is authorized  on the condition
         that the foregoing copyright notice is included.

         This SNMP MIB module (Specification) embodies Nokia's
         proprietary  intellectual  property. Nokia retains all
         title and ownership in the Specification, including any revisions.

         Nokia grants all interested parties a non-exclusive license to use and
         distribute an unmodified copy of this Specification in connection with
         management of Nokia products, and without fee, provided this copyright
         notice and license appear on all copies.

         This  Specification  is supplied `as is', and Nokia
         makes no warranty, either express or implied, as to the use,
         operation, condition, or performance of the Specification."

    REVISION    "201701010000Z"
    DESCRIPTION
        "Rev 15.0               1 Jan 2017 00:00
         15.0 release of the TIMETRA-IPSEC-MIB."

    REVISION    "201601010000Z"
    DESCRIPTION
        "Rev 14.0               1 Jan 2016 00:00
         14.0 release of the TIMETRA-IPSEC-MIB."

    REVISION    "201501010000Z"
    DESCRIPTION
        "Rev 13.0               1 Jan 2015 00:00
         13.0 release of the TIMETRA-IPSEC-MIB."

    REVISION    "201401010000Z"
    DESCRIPTION
        "Rev 12.0               1 Jan 2014 00:00
         12.0 release of the TIMETRA-IPSEC-MIB."

    REVISION    "201102010000Z"
    DESCRIPTION
        "Rev 9.0                1 Feb 2011 00:00
         9.0 release of the TIMETRA-IPSEC-MIB."

    REVISION    "200902280000Z"
    DESCRIPTION
        "Rev 7.0                28 Feb 2009 00:00
         7.0 release of the TIMETRA-IPSEC-MIB."

    REVISION    "200807010000Z"
    DESCRIPTION
        "Rev 6.1                01 Jul 2008 00:00
         6.1 release of the TIMETRA-IPSEC-MIB."

    REVISION    "200801010000Z"
    DESCRIPTION
        "Rev 0.1                01 Jan 2008 00:00
         Initial version of the TIMETRA-IPSEC-MIB."

    ::= { timetraSRMIBModules 48 }

TmnxIPsecTransformId             ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A number used to identify an entry in the tmnxIPsecTransformTable."
    SYNTAX      Unsigned32 (1..2048)

TmnxIPsecTransformIdOrZero       ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A number used to identify an entry in the tmnxIPsecTransformTable or
         zero."
    SYNTAX      Unsigned32 (0..2048)

TmnxIPsecIkeTransformId          ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A number used to uniquely identify an IKE transform entry."
    SYNTAX      Unsigned32 (1..4096)

TmnxIPsecIkeTransformIdOrZero    ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A number used to uniquely identify an IKE transform entry or zero."
    SYNTAX      Unsigned32 (0..4096)

TmnxAuthAlgorithm                ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxAuthAlgorithm data type is an enumerated integer that describes
         the values used to identify the hashing algorithm.

         Value Descriptions:

         null           - Choosing this value configures the high-speed
                          null algorithm, which does nothing. This is same
                          as not having authentication turned on, same as
                          turning the protocol off.

         md5            - Choosing this value configures the use of
                          hmac-md5 algorithm for authentication.

         sha1           - Choosing this value configures the use of
                          hmac-sha1 algorithm for authentication.

         sha256         - Choosing this value configures the use of
                          hmac-sha256 algorithm for authentication.

         sha384         - Choosing this value configures the use of
                          hmac-sha384 algorithm for authentication.

         sha512         - Choosing this value configures the use of
                           hmac-sha512 algorithm for authentication.

         aesXcbc        - Choosing this value configures the use of
                          aes-xcbc(RFC3566) algorithm for authentication.

         authEncryption - Choosing this value configures the use of
                          Authenticated Encryption (AE) algorithm for
                          authentiation."
    SYNTAX      INTEGER {
        null           (1),
        md5            (2),
        sha1           (3),
        sha256         (4),
        sha384         (5),
        sha512         (6),
        aesXcbc        (7),
        authEncryption (8)
    }

TmnxEncrAlgorithm                ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxEncrAlgorithm data type is an enumerated integer that describes
         the values used to identify the encryption algorithm.

         Value Descriptions:

         null          - Choosing this value configures the high-speed
                         null algorithm, which does nothing. This is same
                         as not having encryption turned on.

         des           - Choosing this value configures the 56-bit DES
                         algorithm for encryption. This is an older
                         algorithm with relatively weak security. While
                         better than nothing, it should only be used
                         where a strong algorithm is not available on
                         both ends at an acceptable performance level.

         des3          - Choosing this value configures the 3-DES
                         algorithm for encryption. This is a modified
                         application of the des algorithm which uses
                         multiple des operations to make things more
                         secure.

         aes128        - Choosing this value configures the AES algorithm
                         with a block size of 128 bits. This is a
                         mandatory implementation size for AES. As of
                         today, this is a very strong algorithm choice.

         aes192        - Choosing this value configures the AES algorithm
                         with a block size of 192 bits. This is a
                         stronger version of AES.

         aes256        - Choosing this value configures the AES algorithm
                         with a block size of 256 bits. This is the
                         strongest available version of AES.

         aes128Gcm8     - Choosing this value configures the AES algorithm
                         with a block size of 128 bits in Galois/Counter
                         Mode (GCM) with an 8 octet Integrity Check Value (ICV).

         aes128Gcm12    - Choosing this value configures the AES algorithm
                         with a block size of 128 bits in Galois/Counter
                         Mode (GCM) with an 12 octet ICV.

         aes128Gcm16    - Choosing this value configures the AES algorithm
                         with a block size of 128 bits in Galois/Counter
                         Mode (GCM) with an 16 octet ICV.

         aes192Gcm8     - Choosing this value configures the AES algorithm
                         with a block size of 192 bits in Galois/Counter
                         Mode (GCM) with an 8 octet ICV.

         aes192Gcm12    - Choosing this value configures the AES algorithm
                         with a block size of 192 bits in Galois/Counter
                         Mode (GCM) with an 12 octet ICV.

         aes192Gcm16    - Choosing this value configures the AES algorithm
                         with a block size of 192 bits in Galois/Counter
                         Mode (GCM) with an 16 octet ICV.

         aes256Gcm8     - Choosing this value configures the AES algorithm
                         with a block size of 256 bits in Galois/Counter
                         Mode (GCM) with an 8 octet ICV.

         aes256Gcm12    - Choosing this value configures the AES algorithm
                         with a block size of 256 bits in Galois/Counter
                         Mode (GCM) with an 12 octet ICV.

         aes256Gcm16    - Choosing this value configures the AES algorithm
                         with a block size of 256 bits in Galois/Counter
                         Mode (GCM) with an 16 octet ICV.

         nullAes128Gmac - Choosing this value configures the AES algorithm
                         with a block size of 128 bits in Galois Message
                         Authentication Code (GMAC).

         nullAes192Gmac - Choosing this value configures the AES algorithm
                         with a block size of 192 bits in Galois Message
                         Authentication Code (GMAC).

         nullAes256Gmac - Choosing this value configures the AES algorithm
                         with a block size of 256 bits in Galois Message
                         Authentication Code (GMAC)."
    SYNTAX      INTEGER {
        null           (1),
        des            (2),
        des3           (3),
        aes128         (4),
        aes192         (5),
        aes256         (6),
        aes128Gcm8     (7),
        aes128Gcm12    (8),
        aes128Gcm16    (9),
        aes192Gcm8     (10),
        aes192Gcm12    (11),
        aes192Gcm16    (12),
        aes256Gcm8     (13),
        aes256Gcm12    (14),
        aes256Gcm16    (15),
        nullAes128Gmac (16),
        nullAes192Gmac (17),
        nullAes256Gmac (18)
    }

TmnxIkePolicyId                  ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A number used to identify an entry in the tmnxIkePolicyTable."
    SYNTAX      Unsigned32 (1..2048)

TmnxIkePolicyIdOrZero            ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A number used to identify an entry in the tmnxIkePolicyTable or zero."
    SYNTAX      Unsigned32 (0..2048)

TmnxIkeVersion                   ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIkeVersion data type is an integer that indicates the version of
         IKE supported by the entry."
    SYNTAX      INTEGER {
        version1 (1),
        version2 (2)
    }

TmnxIkePolicyIkeMode             ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIkePolicyIkeMode data type is an enumerated integer that describes
         the values used to identify the IKE mode of operation. This determines
         the number of messages used to establish the session."
    SYNTAX      INTEGER {
        main       (1),
        aggressive (2)
    }

TmnxIkePolicyDHGroup             ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIkePolicyDHGroup data type is an enumerated integer that describes
         the values used to identify the diffie-hellman group for calculating
         the session keys.

         Value Descriptions:

         group1  - 768 bits

         group2  - 1024 bits

         group5  - 1536 bits

         group14 - 2048 bits

         group15 - 3072 bits

         group19 - 256 bits random ECP group

         group20 - 384 bits random ECP group

         group21 - 521 bits random ECP group

         More bits provide a higher level of security, but require more
         processing."
    SYNTAX      INTEGER {
        group1  (1),
        group2  (2),
        group5  (5),
        group14 (14),
        group15 (15),
        group19 (19),
        group20 (20),
        group21 (21)
    }

TmnxIkePolicyDHGroupOrZero       ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIkePolicyDHGroupOrZero data type is similar to
         TmnxIkePolicyDHGroup but allows the value 'unspecified (0)'."
    SYNTAX      INTEGER {
        unspecified (0),
        group1      (1),
        group2      (2),
        group5      (5),
        group14     (14),
        group15     (15),
        group19     (19),
        group20     (20),
        group21     (21)
    }

TmnxIPsecTransformPfsDhGrp       ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIPsecTransformPfsDhGrp data type is similar to
         TmnxIkePolicyDHGroup but allows the value 'disablePfs (0)' and
         'inherit (-1)'.

         Diffie-Hellman (DH) group is used by the system to achieve Perfect
         Forward Secrecy (PFS).

         disablePfs - the PFS functionality is disabled

         inherit     - the value of DH group used by the system is
                       inherited from another MIB object. Please refer
                       to the description of the specific MIB object
                       (e.g., tmnxIPsecTransformPfsDhGroup)
                       for detail information."
    SYNTAX      INTEGER {
        inherit    (-1),
        disablePfs (0),
        group1     (1),
        group2     (2),
        group5     (5),
        group14    (14),
        group15    (15),
        group19    (19),
        group20    (20),
        group21    (21)
    }

TmnxIPsecPolicyId                ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A number used to identify an entry in the tmnxIPsecPolicyTable."
    SYNTAX      Unsigned32 (1..32768)

TmnxIPsecPolicyIdOrZero          ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "A number used to identify an entry in the tmnxIPsecPolicyTable or
         zero."
    SYNTAX      Unsigned32 (0..32768)

TmnxIPsecKeyingType              ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIPsecKeyingType data type is an enumerated integer that describes
         the values used to identify the IPsec keying type."
    SYNTAX      INTEGER {
        none    (0),
        manual  (1),
        dynamic (2)
    }

TmnxIPsecDirection               ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIPsecDirection data type is an enumerated integer that describes
         the values used to identify the direction of an IPsec tunnel."
    SYNTAX      INTEGER {
        inbound  (1),
        outbound (2)
    }

TmnxIPsecDirection2              ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIPsecDirection data type is an enumerated integer that describes
         the values used to identify the direction of an IPsec tunnel."
    SYNTAX      INTEGER {
        inbound       (1),
        outbound      (2),
        bidirectional (3)
    }

TmnxIPsecProtocol                ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIPsecProtocol data type is an enumerated integer that describes
         the values used to identify the used IPsec protocol."
    SYNTAX      INTEGER {
        ah  (1),
        esp (2)
    }

TmnxIPsecLocalIdType             ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIPsecLocalIdType data type is an enumerated integer that describes
         the local identifier type used for IDi or IDr for IKEv2."
    SYNTAX      INTEGER {
        none (0),
        ipv4 (1),
        fqdn (2),
        dn   (3),
        ipv6 (4)
    }

TmnxCertRevStatus                ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxCertRevStatus data type is an enumerated integer that describes
         the certification revocation status."
    SYNTAX      INTEGER {
        crl  (1),
        ocsp (2)
    }

TmnxCertRevStatusOrNone          ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxCertRevStatus data type is an enumerated integer that describes
         the certification revocation status or none."
    SYNTAX      INTEGER {
        none (0),
        crl  (1),
        ocsp (2)
    }

TmnxIkePolicyRelayUnSolCfgAttr   ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TmnxIkePolicyRelayUnSolCfgAttr indicates the unsolicited
         configuration attributes for IKEv2 remote-access tunnels. These
         attributes, when provided by the authentication server, are returned
         to the IKE peer regardless of whether or not they have been requested.
         Normally, only the requested attributes are returned."
    SYNTAX      BITS {
        internalIp4Address (0),
        internalIp4Netmask (1),
        internalIp4Dns     (2),
        internalIp6Address (3),
        internalIp6Dns     (4)
    }

TmnxIpsecTrafficSelSide          ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIpsecTrafficSelSide data type is an enumerated integer that
         describes the values used to identify the side of a traffic selector
         entry."
    SYNTAX      INTEGER {
        local  (1),
        remote (2)
    }

TmnxIPsecHistStatsType           ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "TmnxIPsecHistStatsType data type is an enumerated integer that
         describes the values used to identify the type of IPsec historical
         statistics.

         Value Descriptions:
         numOfTotalIPsecTnls       - The total number of IPsec tunnels
         numOfIPsecSL2LTnls        - The number of IPsec static LAN-to-LAN
                                     (SL2L) tunnels
         numOfIPsecDL2LTnls        - The number of IPsec dynamic LAN-to-LAN
                                     (DL2L) tunnels
         numOfIPsecRATnls          - The number of IPsec remote access (RA)
                                     tunnels
         numOfIPsecEncrPkts        - The number of encrypted IPsec packets
         numOfIPsecDecrPkts        - The number of decrypted IPsec packets
         numOfIPsecEnDecrPkts      - The number of encrypted and decrypted IPsec
                                     packets
         numOfIPsecEncrBits        - The number of bits in the encrypted IPsec
                                     packets
         numOfIPsecDecrBits        - The number of bits in the decrypted IPsec
                                     packets
         numOfIPsecEnDecrBits      - The number of bits in the encrypted and
                                     decrypted IPsec packets
         numOfGreTnlEncapPkts      - The number of encapsulated Generic Routing
                                     Encapsulation (GRE) tunnel packets
         numOfGreTnlDecapPkts      - The number of decapsulated GRE tunnel
                                     packets
         numOfGreTnlEnDecapPkts    - The number of encapsulated and
                                     decapsulated GRE tunnel packets
         numOfGreTnlEncapBits      - The number of bits in the encapsulated GRE
                                     tunnel packets
         numOfGreTnlDecapBits      - The number of bits in the decapsulated GRE
                                     tunnel packets
         numOfGreTnlEnDecapBits    - The number of bits in the encapsulated and
                                     decapsulated GRE tunnel packets
         numOfIpTnlEncapPkts       - The number of encapsulated IP tunnel
                                     packets
         numOfIpTnlDecapPkts       - The number of decapsulated IP tunnel
                                     packets
         numOfIpTnlEnDecapPkts     - The number of encapsulated and
                                     decapsulated IP tunnel packets
         numOfIpTnlEncapBits       - The number of bits in the encapsulated IP
                                     tunnel packets
         numOfIpTnlDecapBits       - The number of bits in the decapsulated IP
                                     tunnel packets
         numOfIpTnlEnDecapBits     - The number of bits in the encapsulated and
                                     decapsulated IP tunnel packets
         numOfL2tpv3TnlEncapPkts   - The number of encapsulated Layer 2
                                     Tunneling Protocol Version 3 (L2TPv3)
                                     tunnel packets
         numOfL2tpv3TnlDecapPkts   - The number of decapsulated L2TPv3 tunnel
                                     packets
         numOfL2tpv3TnlEnDecapPkts - The number of encapsulated and decapsulated
                                     L2TPv3 tunnel packets
         numOfL2tpv3TnlEncapBits   - The number of bits in the encapsulated
                                     L2TPv3 tunnel packets
         numOfL2tpv3TnlDecapBits   - The number of bits in the decapsulated
                                     L2TPv3 tunnel packets
         numOfL2tpv3TnlEnDecapBits - The number of bits in the encapsulated and
                                     decapsulated L2TPv3 tunnel packets
         numOfNewTotalIPsecTnls    - The total number of new successfully
                                     created IPsec tunnels
         numOfNewIPsecSL2LTnls     - The number of new successfully created
                                     IPsec static LAN-to-LAN (SL2L) tunnels
         numOfNewIPsecDL2LTnls     - The number of new successfully created
                                     IPsec dynamic LAN-to-LAN (DL2L) tunnels
         numOfNewIPsecRATnls       - The number of new successfully created
                                     IPsec remote access (RA) tunnels
         numOfIkeAuthFails         - The number of IKE authentication failures
         numOfIkeNoPrpslFails      - The number of IKE non-proposal chosen
                                     failures
         numOfIkeAddrAsgFails      - The number of IKE address assignment
                                     failures
         numOfIkeInvldTsFails      - The number of IKE invalid Traffic
                                     Selector (TS) failures
         numOfIkeInvldKeFails      - The number of IKE invalid Key Exchange (KE)
                                     failures
         numOfIkeDpdTimeoutFails   - The number of IKE Dead Peer Detection
                                     (DPD) timeout failures
         numOfIkeOtherReasonFails  - The number of all other IKE exchange
                                     failures
         isaCtrolPlaneCpuUsageBp   - ISA CPU usage base point in control plane
                                     1 base point = 0.01%
         isaDataPlaneCpuUsageBp    - ISA CPU usage base point in data plane
         numOfIsaMemAllocFailures  - The number of ISA memory allocation
                                     failures

         All the above statistics are calculated in a certain sampling period.
         The statistical values are reset to zero at the beginning of each
         sampling period. The system maintains the history records for those
         statistics.

         The statistics listed below are calculated accumulatively since the
         start of statistics monitoring. The system only maintains the current
         values for those statistics.

         numOfAccumGreTnls              - The number of accumulative Generic
                                          Routing Encapsulation (GRE) tunnels
         numOfAccumIpTnls               - The number of accumulative IP tunnels
         numOfAccumL2tpv3Tnls           - The number of accumulative Layer 2
                                          Tunneling Protocol Version 3 (L2TPv3)
                                          tunnels
         numOfAccumIPsecEncrPkts        - The number of accumulative encrypted
                                          IPsec packets
         numOfAccumIPsecDecrPkts        - The number of accumulative decrypted
                                          IPsec packets
         numOfAccumIPsecEnDecrPkts      - The number of accumulative encrypted
                                          and decrypted IPsec packets
         numOfAccumIPsecEncrKBs         - The number of kibibytes (1 kibibyte ==
                                          1024 bytes) in the accumulative
                                          encrypted IPsec packets
         numOfAccumIPsecDecrKBs         - The number of KBs in the accumulative
                                          decrypted IPsec packets
         numOfAccumIPsecEnDecrKBs       - The number of KBs in the accumulative
                                          encrypted and decrypted IPsec packets
         numOfAccumGreTnlDecapPkts      - The number of accumulative decrypted
                                          GRE tunnel packets
         numOfAccumGreTnlEnDecapPkts    - The number of accumulative encrypted
                                          and decrypted GRE tunnel packets
         numOfAccumGreTnlEncapKBs       - The number of KBs in the accumulative
                                          encrypted GRE tunnel packets
         numOfAccumGreTnlDecapKBs       - The number of KBs in the accumulative
                                          decrypted GRE tunnel packets
         numOfAccumGreTnlEnDecapKBs     - The number of KBs in the accumulative
                                          encrypted and decrypted GRE tunnel
                                          packets
         numOfAccumIpTnlDecapPkts       - The number of accumulative decrypted
                                          IP tunnel packets
         numOfAccumIpTnlEnDecapPkts     - The number of accumulative encrypted
                                          and decrypted IP tunnel packets
         numOfAccumIpTnlEncapKBs        - The number of KBs in the accumulative
                                          encrypted IP tunnel packets
         numOfAccumIpTnlDecapKBs        - The number of KBs in the accumulative
                                          decrypted IP tunnel packets
         numOfAccumIpTnlEnDecapKBs      - The number of KBs in the accumulative
                                          encrypted and decrypted IP tunnel
                                          packets
         numOfAccumL2tpv3TnlDecapPkts   - The number of accumulative decrypted
                                          L2TPv3 tunnel packets
         numOfAccumL2tpv3TnlEnDecapPkts - The number of accumulative encrypted
                                          and decrypted L2TPv3 tunnel packets
         numOfAccumL2tpv3TnlEncapKBs    - The number of KBs in the accumulative
                                          encrypted L2TPv3 tunnel packets
         numOfAccumL2tpv3TnlDecapKBs    - The number of KBs in the accumulative
                                          decrypted L2TPv3 tunnel packets
         numOfAccumL2tpv3TnlEnDecapKBs  - The number of KBs in the accumulative
                                          encrypted and decrypted L2TPv3 tunnel
                                          packets
         ikev2IkeSaInitExchgPktsDrops   - Early drops of IKE-SA-INIT exchange packet
         ikev2IkeAuthExchgPktsDrops     - Early drops of IKE-AUTH exchange packet
         ikev2CrtCldInfoExchgPktsDrops  - Early drops of Create-CHILD and Informational
                                          exchange packets"
    SYNTAX      INTEGER {
        numOfTotalIPsecTnls            (1),
        numOfIPsecSL2LTnls             (2),
        numOfIPsecDL2LTnls             (3),
        numOfIPsecRATnls               (4),
        numOfAccumGreTnls              (5),
        numOfAccumIpTnls               (6),
        numOfAccumL2tpv3Tnls           (7),
        numOfIPsecEncrPkts             (100),
        numOfIPsecDecrPkts             (101),
        numOfIPsecEnDecrPkts           (102),
        numOfIPsecEncrBits             (103),
        numOfIPsecDecrBits             (104),
        numOfIPsecEnDecrBits           (105),
        numOfGreTnlEncapPkts           (120),
        numOfGreTnlDecapPkts           (121),
        numOfGreTnlEnDecapPkts         (122),
        numOfGreTnlEncapBits           (123),
        numOfGreTnlDecapBits           (124),
        numOfGreTnlEnDecapBits         (125),
        numOfIpTnlEncapPkts            (140),
        numOfIpTnlDecapPkts            (141),
        numOfIpTnlEnDecapPkts          (142),
        numOfIpTnlEncapBits            (143),
        numOfIpTnlDecapBits            (144),
        numOfIpTnlEnDecapBits          (145),
        numOfL2tpv3TnlEncapPkts        (160),
        numOfL2tpv3TnlDecapPkts        (161),
        numOfL2tpv3TnlEnDecapPkts      (162),
        numOfL2tpv3TnlEncapBits        (163),
        numOfL2tpv3TnlDecapBits        (164),
        numOfL2tpv3TnlEnDecapBits      (165),
        numOfNewTotalIPsecTnls         (200),
        numOfNewIPsecSL2LTnls          (201),
        numOfNewIPsecDL2LTnls          (202),
        numOfNewIPsecRATnls            (203),
        numOfIkeAuthFails              (300),
        numOfIkeNoPrpslFails           (301),
        numOfIkeAddrAsgFails           (302),
        numOfIkeInvldTsFails           (303),
        numOfIkeInvldKeFails           (304),
        numOfIkeDpdTimeoutFails        (305),
        numOfIkeOtherReasonFails       (306),
        numOfAccumIPsecEncrPkts        (400),
        numOfAccumIPsecDecrPkts        (401),
        numOfAccumIPsecEnDecrPkts      (402),
        numOfAccumIPsecEncrKBs         (403),
        numOfAccumIPsecDecrKBs         (404),
        numOfAccumIPsecEnDecrKBs       (405),
        numOfAccumGreTnlEncapPkts      (420),
        numOfAccumGreTnlDecapPkts      (421),
        numOfAccumGreTnlEnDecapPkts    (422),
        numOfAccumGreTnlEncapKBs       (423),
        numOfAccumGreTnlDecapKBs       (424),
        numOfAccumGreTnlEnDecapKBs     (425),
        numOfAccumIpTnlEncapPkts       (440),
        numOfAccumIpTnlDecapPkts       (441),
        numOfAccumIpTnlEnDecapPkts     (442),
        numOfAccumIpTnlEncapKBs        (443),
        numOfAccumIpTnlDecapKBs        (444),
        numOfAccumIpTnlEnDecapKBs      (445),
        numOfAccumL2tpv3TnlEncapPkts   (460),
        numOfAccumL2tpv3TnlDecapPkts   (461),
        numOfAccumL2tpv3TnlEnDecapPkts (462),
        numOfAccumL2tpv3TnlEncapKBs    (463),
        numOfAccumL2tpv3TnlDecapKBs    (464),
        numOfAccumL2tpv3TnlEnDecapKBs  (465),
        isaCtrolPlaneCpuUsageBp        (500),
        isaDataPlaneCpuUsageBp         (501),
        numOfIsaMemAllocFailures       (600),
        ikev2IkeSaInitExchgPktsDrops   (700),
        ikev2IkeAuthExchgPktsDrops     (701),
        ikev2CrtCldInfoExchgPktsDrops  (702)
    }

TmnxIPsecOperState               ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TmnxIPsecOperState data type is an enumerated integer that
         describes the values used to identify the current operational state of
         IPsec functional modules."
    SYNTAX      INTEGER {
        unknown      (1),
        inService    (2),
        outOfService (3),
        transition   (4),
        limited      (5)
    }

TIPsecMulticastProtocol          ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "The TIPsecMulticastProtocol indicates the multicast protocol types
         supported by the IPsec application.

         Value descriptions:
             mld  - Multicast Listener Discovery
             igmp - Internet Group Management Protocol"
    SYNTAX      BITS {
        mld  (0),
        igmp (1)
    }

tmnxIPsecObjects                 OBJECT IDENTIFIER ::= { tmnxSRObjs 48 }

tmnxIPsecTransformTblLastChanged OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformTblLastChanged indicates the sysUpTime
         at the time of the last modification to tmnxIPsecTransformTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 1 }

tmnxIPsecTransformTable          OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTransformEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec transform entries."
    ::= { tmnxIPsecObjects 2 }

tmnxIPsecTransformEntry          OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec transform entry."
    INDEX       { tmnxIPsecTransformId }
    ::= { tmnxIPsecTransformTable 1 }

TmnxIPsecTransformEntry          ::= SEQUENCE
{
    tmnxIPsecTransformId             TmnxIPsecTransformId,
    tmnxIPsecTransformRowStatus      RowStatus,
    tmnxIPsecTransformLastChanged    TimeStamp,
    tmnxIPsecTransformAuthAlgorithm  TmnxAuthAlgorithm,
    tmnxIPsecTransformEncrAlgorithm  TmnxEncrAlgorithm,
    tmnxIPsecTransformPfsDhGroup     TmnxIPsecTransformPfsDhGrp,
    tmnxIPsecTransformLifeTime       Unsigned32
}

tmnxIPsecTransformId             OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformId specifies the id of a transform
         entry and is the primary index for the table tmnxIPsecTransformTable."
    ::= { tmnxIPsecTransformEntry 1 }

tmnxIPsecTransformRowStatus      OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTransformRowStatus object is used to create and delete
         rows in the tmnxIPsecTransformTable."
    ::= { tmnxIPsecTransformEntry 2 }

tmnxIPsecTransformLastChanged    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformLastChanged indicates the sysUpTime at
         the time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecTransformEntry 3 }

tmnxIPsecTransformAuthAlgorithm  OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformAuthAlgorithm specifies the Hashing
         algorithm used for the AH (Authentication Header) protocol's
         authentication function. If 'none' is used then AH protocol will not
         be used."
    DEFVAL      { sha1 }
    ::= { tmnxIPsecTransformEntry 4 }

tmnxIPsecTransformEncrAlgorithm  OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformEncrAlgorithm specifies the
         Encryption algorithm to be used for the IPsec session. Encryption
         only applies to ESP(Encapsulating Security Payload)
         configurations.  If encryption is 'null', then ESP will not be
         used."
    DEFVAL      { aes128 }
    ::= { tmnxIPsecTransformEntry 5 }

tmnxIPsecTransformPfsDhGroup     OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformPfsDhGrp
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformPfsDhGroup specifies the Diffie-hellman
         (DH) key exchange to be used each time the Security Association (SA)
         key is renegotiated. After the SA expires, the key is forgotten and
         another key is generated (if the SA remains up). This means that an
         attacker who cracks part of the exchange can only read the part that
         used the key before the key changed. There is no advantage of cracking
         the other parts if the attacker has already cracked one.

         The value of 'inherit (-1)' specifies that the IPsec tunnel or gateway
         which refers to this IPsec transform will reuse the DH group
         configurations from its associated IKE policy table
         (tmnxIkePolicyTable). Specifically, if the value of
         tmnxIkePolicyPFSEnabled is 'true (1)', the IPsec transform will use
         the value of tmnxIkePolicyPFSDHGroup. If the value of
         tmnxIkePolicyPFSEnabled is 'false (2)', the IPsec transform doesn't
         use any DH group."
    DEFVAL      { inherit }
    ::= { tmnxIPsecTransformEntry 6 }

tmnxIPsecTransformLifeTime       OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1200..31536000)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformLifeTime specifies the lifetime of the
         phase 2 IKE key.

         The value of zero specifies that the IPsec tunnel or gateway which
         refers this IPsec transform will reuse the lifetime value (i.e.
         tmnxIkePolicyIPsecLifeTime) from its associated IKE policy."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTransformEntry 7 }

tmnxIkePolicyTableLastChanged    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyTableLastChanged indicates the sysUpTime at
         the time of the last modification to tmnxIkePolicyTable by adding,
         deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 3 }

tmnxIkePolicyTable               OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIkePolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IKE policy entries."
    ::= { tmnxIPsecObjects 4 }

tmnxIkePolicyEntry               OBJECT-TYPE
    SYNTAX      TmnxIkePolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IKE policy entry."
    INDEX       { tmnxIkePolicyId }
    ::= { tmnxIkePolicyTable 1 }

TmnxIkePolicyEntry               ::= SEQUENCE
{
    tmnxIkePolicyId                  TmnxIkePolicyId,
    tmnxIkePolicyRowStatus           RowStatus,
    tmnxIkePolicyLastChanged         TimeStamp,
    tmnxIkePolicyDescription         TItemDescription,
    tmnxIkePolicyIkeMode             TmnxIkePolicyIkeMode,
    tmnxIkePolicyDHGroup             TmnxIkePolicyDHGroup,
    tmnxIkePolicyPFSEnabled          TruthValue,
    tmnxIkePolicyPFSDHGroup          TmnxIkePolicyDHGroup,
    tmnxIkePolicyAuthAlgorithm       TmnxAuthAlgorithm,
    tmnxIkePolicyEncrAlgorithm       TmnxEncrAlgorithm,
    tmnxIkePolicyIsakmpLifeTime      Unsigned32,
    tmnxIkePolicyIPsecLifeTime       Unsigned32,
    tmnxIkePolicyNatTraversal        INTEGER,
    tmnxIkePolicyNatTKeepAliveIntvl  Unsigned32,
    tmnxIkePolicyNatTBehindNatOnly   TruthValue,
    tmnxIkePolicyDpd                 INTEGER,
    tmnxIkePolicyDpdInterval         Unsigned32,
    tmnxIkePolicyDpdMaxRetries       Unsigned32,
    tmnxIkePolicyAuthMethod          TmnxIkePolicyAuthMethod,
    tmnxIkePolicyIkeVersion          TmnxIkeVersion,
    tmnxIkePolicyOwnAuthMethod       TmnxIkePolicyOwnAuthMethod,
    tmnxIkePolicyMatchPeerToCert     TruthValue,
    tmnxIkePolicyRelayUnSolCfgAttr   TmnxIkePolicyRelayUnSolCfgAttr,
    tmnxIkePolicyAutoEapMethod       TmnxIkePolicyAutoEapMethod,
    tmnxIkePolicyAutoEapOwnMethod    TmnxIkePolicyAutoEapOwnMethod,
    tmnxIkePolicyLockout             TmnxEnabledDisabled,
    tmnxIkePolicyLockoutFailedAtempt Unsigned32,
    tmnxIkePolicyLockoutDuration     Unsigned32,
    tmnxIkePolicyLockoutBlock        Unsigned32,
    tmnxIkePolicyLockoutMaxPortPerIp Unsigned32,
    tmnxIkePolicyV2Fragment          TmnxEnabledDisabled,
    tmnxIkePolicyV2FragmentMtu       Unsigned32,
    tmnxIkePolicyV2FragReassembTmOut Unsigned32,
    tmnxIkePolicySndIdrAftEapSuccess TruthValue,
    tmnxIkePolicyIkev1Ph1RespDelNtfy TruthValue,
    tmnxIkePolicyLimitInitExchange   TruthValue,
    tmnxIkePolicyReducedMaxExchgTt   Unsigned32
}

tmnxIkePolicyId                  OBJECT-TYPE
    SYNTAX      TmnxIkePolicyId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyId specifies the id of a policy entry and is
         the primary index for the table tmnxIkePolicyTable."
    ::= { tmnxIkePolicyEntry 1 }

tmnxIkePolicyRowStatus           OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIkePolicyRowStatus object is used to create and delete rows in
         the tmnxIkePolicyTable."
    ::= { tmnxIkePolicyEntry 2 }

tmnxIkePolicyLastChanged         OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyLastChanged indicates the sysUpTime at the
         time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIkePolicyEntry 3 }

tmnxIkePolicyDescription         OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyDescription specifies the user-provided
         description for each tmnxIkePolicyEntry in the table
         tmnxIkePolicyTable."
    DEFVAL      { "" }
    ::= { tmnxIkePolicyEntry 4 }

tmnxIkePolicyIkeMode             OBJECT-TYPE
    SYNTAX      TmnxIkePolicyIkeMode
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyIkeMode specifies the mode of operation,
         which determines the number of messages used to establish the session."
    DEFVAL      { main }
    ::= { tmnxIkePolicyEntry 5 }

tmnxIkePolicyDHGroup             OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroup
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIkePolicyDHGroup specifies the Diffie-Hellman group
         to be used for calculating session keys which will be used in the IKE
         proposal.

         This object has been marked obsolete in SROS Release 15.0. The
         functionality of this object is replaced by
         tmnxIPsecIkeTransformDhGroup."
    DEFVAL      { group2 }
    ::= { tmnxIkePolicyEntry 6 }

tmnxIkePolicyPFSEnabled          OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyPFSEnabled specifies whether
         PFS (perfect forward secrecy) on the  tunnel using this policy
         is enabled or not. When tmnxIkePolicyPFSDHGroup has a value
         of 'true', PFS is enabled."
    DEFVAL      { false }
    ::= { tmnxIkePolicyEntry 7 }

tmnxIkePolicyPFSDHGroup          OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroup
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyPFSDHGroup is used only if the value of the
         tmnxIkePolicyPFSEnabled is 'true'.

         The value of tmnxIkePolicyPFSDHGroup specifies the new
         Diffie-hellman key exchange each time the SA(Security Association)
         key is renegotiated.  After the SA expires, the key is forgotten
         and another key is generated (if the SA remains up).  This means
         that an attacker who cracks part of the exchange can only read the
         part that used the key before the key changed.  There is no
         advantage of cracking the other parts if the attacker has already
         cracked one."
    DEFVAL      { group2 }
    ::= { tmnxIkePolicyEntry 8 }

tmnxIkePolicyAuthAlgorithm       OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIkePolicyAuthAlgorithm specifies the Hashing
         algorithm used in the phase 1 SA.

         This object has been marked obsolete in SROS Release 15.0. The
         functionality of this object is replaced by
         tmnxIPsecIkeTransformAuthAlg."
    DEFVAL      { sha1 }
    ::= { tmnxIkePolicyEntry 9 }

tmnxIkePolicyEncrAlgorithm       OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIkePolicyEncrAlgorithm specifies the Encryption
         algorithm to be used in the phase 1 SA.

         This object has been marked obsolete in SROS Release 15.0. The
         functionality of this object is replaced by
         tmnxIPsecIkeTransformEncrAlg."
    DEFVAL      { aes128 }
    ::= { tmnxIkePolicyEntry 10 }

tmnxIkePolicyIsakmpLifeTime      OBJECT-TYPE
    SYNTAX      Unsigned32 (1200..172800)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIkePolicyIsakmpLifeTime specifies the lifetime of the
         phase 1 IKE key.

         ISAKMP stands for Internet Security Association and Key Management
         Protocol.

         This object has been marked obsolete in SROS Release 15.0. The
         functionality of this object is replaced by
         tmnxIPsecIkeTransformIsakmpLifeT."
    DEFVAL      { 86400 }
    ::= { tmnxIkePolicyEntry 11 }

tmnxIkePolicyIPsecLifeTime       OBJECT-TYPE
    SYNTAX      Unsigned32 (1200..31536000)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyIPsecLifeTime specifies the lifetime of the
         phase 2 IKE key."
    DEFVAL      { 3600 }
    ::= { tmnxIkePolicyEntry 12 }

tmnxIkePolicyNatTraversal        OBJECT-TYPE
    SYNTAX      INTEGER {
        enable  (1),
        disable (2),
        force   (3)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyNatTraversal specifies whether NAT-T(network
         address translation traversal) is 'enabled', 'disabled' or in 'forced'
         mode."
    DEFVAL      { disable }
    ::= { tmnxIkePolicyEntry 13 }

tmnxIkePolicyNatTKeepAliveIntvl  OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 120..600)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyNatTKeepAliveIntvl specifies the keep alive
         interval for NAT-T. If the value of tmnxIkePolicyNatTKeepAliveIntvl is
         '0', then keepalives are disabled."
    DEFVAL      { 0 }
    ::= { tmnxIkePolicyEntry 14 }

tmnxIkePolicyNatTBehindNatOnly   OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyNatTBehindNatOnly specifies whether the keep
         alive packets should be sent only when behind a NAT."
    DEFVAL      { true }
    ::= { tmnxIkePolicyEntry 15 }

tmnxIkePolicyDpd                 OBJECT-TYPE
    SYNTAX      INTEGER {
        enable    (1),
        disable   (2),
        replyOnly (3)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyDpd specifies whether DPD (dead peer
         detection) is 'enable', 'disable' or in 'replyOnly' mode.

         The DPD vendor ID is always advertised to the peer. To the extent that
         the peer advertises DPD support as well, the service-router will
         always reply to the peer's 'Are-You-There' messages.

         If tmnxIkePolicyDpd object is set to 'enable' the service-router will
         also send its own 'Are-You-There' message to the peer at the interval
         specified by tmnxIkePolicyDpdInterval.

         If tmnxIkePolicyDpd object is set to 'disable' the service-router will
         never send its own 'Are-You-There' message to the peer.

         If tmnxIkePolicyDpd object is set to 'replyOnly' the service-router
         will take the peer's 'Are-You-There' message as proof of 'liveliness'
         and will suppress the sending of its own 'Are-You-There' messages.
         Once it stops receiving 'Are-You-There' messages from the peer, it
         will start sending its own to determine if the peer is dead. The
         service-router will only send an 'Are-You-There' message when the
         other side has been idle (no traffic was forwarded through it) since
         the last tmnxIkePolicyDpdInterval. If the other side is active (as
         determined by its traffic counters) it is assumed the peer is alive
         and the 'Are-You-There' message is suppressed."
    DEFVAL      { disable }
    ::= { tmnxIkePolicyEntry 16 }

tmnxIkePolicyDpdInterval         OBJECT-TYPE
    SYNTAX      Unsigned32 (10..300)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyDpdInterval specifies the dead peer
         detection interval."
    DEFVAL      { 30 }
    ::= { tmnxIkePolicyEntry 17 }

tmnxIkePolicyDpdMaxRetries       OBJECT-TYPE
    SYNTAX      Unsigned32 (2..5)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyDpdMaxRetries specifies the number of
         retries done before the peer is determined dead."
    DEFVAL      { 3 }
    ::= { tmnxIkePolicyEntry 18 }

tmnxIkePolicyAuthMethod          OBJECT-TYPE
    SYNTAX      TmnxIkePolicyAuthMethod
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyAuthMethod specifies the authentication
         method used with this IKE policy for the remote-peer."
    DEFVAL      { psk }
    ::= { tmnxIkePolicyEntry 19 }

tmnxIkePolicyIkeVersion          OBJECT-TYPE
    SYNTAX      TmnxIkeVersion
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyIkeVersion specifies the IKE version to be
         used with this IKE policy."
    DEFVAL      { version1 }
    ::= { tmnxIkePolicyEntry 20 }

tmnxIkePolicyOwnAuthMethod       OBJECT-TYPE
    SYNTAX      TmnxIkePolicyOwnAuthMethod
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyOwnAuthMethod specifies the authentication
         method used with this IKE policy on its own side."
    DEFVAL      { symmetric }
    ::= { tmnxIkePolicyEntry 21 }

tmnxIkePolicyMatchPeerToCert     OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyMatchPeerToCert specifies whether to enable
         checking that the IKE peer's ID matches the peer's certificate when
         performing certificate authentication."
    DEFVAL      { false }
    ::= { tmnxIkePolicyEntry 22 }

tmnxIkePolicyRelayUnSolCfgAttr   OBJECT-TYPE
    SYNTAX      TmnxIkePolicyRelayUnSolCfgAttr
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyRelayUnSolCfgAttr specifies the unsolicited
         configuration attributes for IKEv2 remote-access tunnels. These
         attributes, when provided by the authentication server, are returned
         to the IKE peer regardless of whether or not they have been requested.
         Normally, only the requested attributes are returned."
    DEFVAL      { {} }
    ::= { tmnxIkePolicyEntry 23 }

tmnxIkePolicyAutoEapMethod       OBJECT-TYPE
    SYNTAX      TmnxIkePolicyAutoEapMethod
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyAutoEapMethod specifies the automatic
         EAP fallback authentication method for the remote-peer used with
         this IKE policy.  This object is only meaningful when the value of
         tmnxIkePolicyAuthMethod is 'autoEapRadius'."
    DEFVAL      { cert }
    ::= { tmnxIkePolicyEntry 24 }

tmnxIkePolicyAutoEapOwnMethod    OBJECT-TYPE
    SYNTAX      TmnxIkePolicyAutoEapOwnMethod
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyAutoEapOwnMethod specifies the automatic EAP
         fallback authentication method used with this IKE policy on its own
         side.

         This object is only meaningful when the value of
         tmnxIkePolicyAuthMethod is 'autoEap'."
    DEFVAL      { cert }
    ::= { tmnxIkePolicyEntry 25 }

tmnxIkePolicyLockout             OBJECT-TYPE
    SYNTAX      TmnxEnabledDisabled
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyLockout specifies whether or not the IPsec
         Client Lockout is enabled.

         The statistics information of remote lockout clients are in
         tmnxIPsecLockoutClientTable."
    DEFVAL      { disabled }
    ::= { tmnxIkePolicyEntry 26 }

tmnxIkePolicyLockoutFailedAtempt OBJECT-TYPE
    SYNTAX      Unsigned32 (1..64)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyLockoutFailedAtempt specifies the maximum
         number of consecutive failed authentication attempts from the same
         remote client."
    DEFVAL      { 3 }
    ::= { tmnxIkePolicyEntry 27 }

tmnxIkePolicyLockoutDuration     OBJECT-TYPE
    SYNTAX      Unsigned32 (1..60)
    UNITS       "minutes"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyLockoutDuration specifies the maximum
         duration in minutes that the system can afford
         tmnxIkePolicyLockoutFailedAtempt number of failed authentication
         attempts from the same remote client."
    DEFVAL      { 5 }
    ::= { tmnxIkePolicyEntry 28 }

tmnxIkePolicyLockoutBlock        OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..1440)
    UNITS       "minutes"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyLockoutBlock specifies the maximum time
         period that the system drops IKE packets after the maximum number of
         consecutive failed authentication attempts reaches
         tmnxIkePolicyLockoutFailedAtempt within tmnxIkePolicyLockoutDuration
         minutes.

         The value of zero means that the system keeps dropping the IKE packets
         until the system or ISA (Integrated Service Adaptor) is rebooted."
    DEFVAL      { 10 }
    ::= { tmnxIkePolicyEntry 29 }

tmnxIkePolicyLockoutMaxPortPerIp OBJECT-TYPE
    SYNTAX      Unsigned32 (1..32000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyLockoutMaxPortPerIp specifies the maximum
         number of port that can be lockout under the same IP address. Once the
         number of lockout port under the same IP address reaches
         tmnxIkePolicyLockoutMaxPortPerIp, all ports under the same IP address
         will be lockout in the next tmnxIkePolicyLockoutBlock minutes."
    DEFVAL      { 16 }
    ::= { tmnxIkePolicyEntry 30 }

tmnxIkePolicyV2Fragment          OBJECT-TYPE
    SYNTAX      TmnxEnabledDisabled
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyV2Fragment specifies whether or not IKEv2
         fragmentation is enabled."
    DEFVAL      { disabled }
    ::= { tmnxIkePolicyEntry 31 }

tmnxIkePolicyV2FragmentMtu       OBJECT-TYPE
    SYNTAX      Unsigned32 (512..9000)
    UNITS       "octets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyV2FragmentMtu specifies the MTU size for the
         IKEv2 fragmentation."
    DEFVAL      { 1500 }
    ::= { tmnxIkePolicyEntry 32 }

tmnxIkePolicyV2FragReassembTmOut OBJECT-TYPE
    SYNTAX      Unsigned32 (1..5)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyV2FragReassembTmOut specifies the maximum
         number of seconds to wait to receive all fragments of an IKEv2 message
         for reassembly."
    DEFVAL      { 2 }
    ::= { tmnxIkePolicyEntry 33 }

tmnxIkePolicySndIdrAftEapSuccess OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicySndIdrAftEapSuccess specifies whether or not
         the system adds the Identification Responder (IDr) payload in the last
         IKE authentication response after the Extensible Authentication
         Protocol (EAP) success."
    DEFVAL      { true }
    ::= { tmnxIkePolicyEntry 34 }

tmnxIkePolicyIkev1Ph1RespDelNtfy OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyIkev1Ph1RespDelNtfy specifies whether or not
         the system, when deleting an IKEv1 phase 1 for which it was the
         responder, sends a delete notification to the peer. This object is
         only meaningful when the value of tmnxIkePolicyIkeVersion is 'version1
         (1)'."
    DEFVAL      { true }
    ::= { tmnxIkePolicyEntry 35 }

tmnxIkePolicyLimitInitExchange   OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyLimitInitExchange specifies whether or not
         the system limits the number of in-progress initial IKE exchanges to
         one per IPsec tunnel.

         The value of 'false' specifies that the system allows up to 32
         in-progress initial IKE exchanges per IPsec tunnel.

         This value must be set in the same SNMP PDU as
         tmnxIkePolicyReducedMaxExchgTt."
    DEFVAL      { true }
    ::= { tmnxIkePolicyEntry 36 }

tmnxIkePolicyReducedMaxExchgTt   OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 2..60)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyReducedMaxExchgTt specifies the maximum
         timeout for the in-progress initial IKE exchange.

         The value of '0' specifies that there is no reduction of the current
         exchange timeout which is 120 seconds.

         This value is only meaningful when the value of
         tmnxIkePolicyLimitInitExchange is 'true' and the system is being
         requested to start another initial IKE exchange while there is already
         one in progress.

         This value must be set in the same SNMP PDU as
         tmnxIkePolicyLimitInitExchange."
    DEFVAL      { 2 }
    ::= { tmnxIkePolicyEntry 37 }

tmnxIPsecTunnelTableLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelTableLastChanged indicates the sysUpTime
         at the time of the last modification to tmnxIPsecTunnelTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 5 }

tmnxIPsecTunnelTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTunnelEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec Tunnel entries."
    ::= { tmnxIPsecObjects 6 }

tmnxIPsecTunnelEntry             OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Tunnel entry."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxIPsecTunnelName
    }
    ::= { tmnxIPsecTunnelTable 1 }

TmnxIPsecTunnelEntry             ::= SEQUENCE
{
    tmnxIPsecTunnelName              TNamedItem,
    tmnxIPsecTunnelRowStatus         RowStatus,
    tmnxIPsecTunnelLastChanged       TimeStamp,
    tmnxIPsecTunnelDescription       TItemDescription,
    tmnxIPsecTunnelLclGwAddrType     InetAddressType,
    tmnxIPsecTunnelLclGwAddr         InetAddress,
    tmnxIPsecTunnelRemGwAddrType     InetAddressType,
    tmnxIPsecTunnelRemGwAddr         InetAddress,
    tmnxIPsecTunnelPublicSvcId       TmnxServId,
    tmnxIPsecTunnelSecurityPolicyId  TmnxIPsecPolicyIdOrZero,
    tmnxIPsecTunnelKeyingType        TmnxIPsecKeyingType,
    tmnxIPsecTunnelDynTransformId1   TmnxIPsecTransformIdOrZero,
    tmnxIPsecTunnelDynTransformId2   TmnxIPsecTransformIdOrZero,
    tmnxIPsecTunnelDynTransformId3   TmnxIPsecTransformIdOrZero,
    tmnxIPsecTunnelDynTransformId4   TmnxIPsecTransformIdOrZero,
    tmnxIPsecTunnelIkePolicyId       TmnxIkePolicyIdOrZero,
    tmnxIPsecTunnelIkePreSharedKey   OCTET STRING,
    tmnxIPsecTunnelAdminState        TmnxAdminState,
    tmnxIPsecTunnelOperState         TmnxIPsecOperState,
    tmnxIPsecTunnelOperFlags         BITS,
    tmnxIPsecTunnelReplayWindow      Unsigned32,
    tmnxIPsecTunnelAutoEstablish     TruthValue,
    tmnxIPsecTunnelBfdDesignate      TruthValue,
    tmnxIPsecTunnelCertTrustAnchor   TNamedItemOrEmpty,
    tmnxIPsecTunnelCertFile          DisplayString,
    tmnxIPsecTunnelKeyFile           DisplayString,
    tmnxIPsecTunnelLocalIdType       TmnxIPsecLocalIdType,
    tmnxIPsecTunnelLocalIdValue      DisplayString,
    tmnxIPsecTunnelClearDfBit        TruthValue,
    tmnxIPsecTunnelIpMtu             Unsigned32,
    tmnxIPsecTunnelHostISA           TmnxHwIndexOrZero,
    tmnxIPsecTunnelCSVPrimary        TmnxCertRevStatus,
    tmnxIPsecTunnelCSVSecondary      TmnxCertRevStatusOrNone,
    tmnxIPsecTunnelCSVDefResult      INTEGER,
    tmnxIPsecTunnelCertProfile       TNamedItemOrEmpty,
    tmnxIPsecTunnelMatchTrustAnchor  TNamedItemOrEmpty,
    tmnxIPsecTunnelCertTrstAnchrProf TNamedItemOrEmpty,
    tmnxIPsecTunnelEncapIpMtu        Unsigned32,
    tmnxIPsecTunnelIcmp6Pkt2Big      TruthValue,
    tmnxIPsecTunnelIcmp6NumPkt2Big   Unsigned32,
    tmnxIPsecTunnelIcmp6Pkt2BigTime  Unsigned32,
    tmnxIPsecTunnelOperChanged       TimeStamp,
    tmnxIPsecTunnelPubTcpMssAdjust   Integer32,
    tmnxIPsecTunnelPrivTcpMssAdjust  Integer32,
    tmnxIPsecTunnelMaxNumPh1SaKeys   Unsigned32,
    tmnxIPsecTunnelMaxNumPh2SaKeys   Unsigned32,
    tmnxIPsecTunnelPublicSvcName     TLNamedItemOrEmpty,
    tmnxIPsecTunnelSecPlyStrictMatch TruthValue
}

tmnxIPsecTunnelName              OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelName specifies the name of the tunnel and
         is part of the index for the table tmnxIPsecTunnelTable."
    ::= { tmnxIPsecTunnelEntry 1 }

tmnxIPsecTunnelRowStatus         OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTunnelRowStatus object is used to create and delete rows
         in the tmnxIPsecTunnelTable."
    ::= { tmnxIPsecTunnelEntry 2 }

tmnxIPsecTunnelLastChanged       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelLastChanged indicates the sysUpTime at the
         time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecTunnelEntry 3 }

tmnxIPsecTunnelDescription       OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelDescription specifies the user-provided
         description for each tmnxIPsecTunnelEntry in the table
         tmnxIPsecTunnelTable."
    DEFVAL      { "" }
    ::= { tmnxIPsecTunnelEntry 4 }

tmnxIPsecTunnelLclGwAddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelLclGwAddrType specifies the address type
         of address in tmnxIPsecTunnelLclGwAddr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecTunnelEntry 5 }

tmnxIPsecTunnelLclGwAddr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelLclGwAddr specifies the address of the
         interface on the local node of this IPsec tunnel."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTunnelEntry 6 }

tmnxIPsecTunnelRemGwAddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelRemGwAddrType specifies the address type
         of address in tmnxIPsecTunnelRemGwAddr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecTunnelEntry 7 }

tmnxIPsecTunnelRemGwAddr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelRemGwAddr specifies the address of the
         interface on the remote node of this IPsec tunnel."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTunnelEntry 8 }

tmnxIPsecTunnelPublicSvcId       OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelPublicSvcId specifies the service-id of
         the tunnel delivery service. The tunnel cannot become operationally in
         service until the public service exists and has a
         TIMETRA-SERV-MIB::svcType of either 'ies (5)' or 'vprn (4)'.

         The values of tmnxIPsecTunnelPublicSvcId and
         tmnxIPsecTunnelPublicSvcName must be mutually exclusive and cannot
         simultaneously have non-default values."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 9 }

tmnxIPsecTunnelSecurityPolicyId  OBJECT-TYPE
    SYNTAX      TmnxIPsecPolicyIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelSecurityPolicyId specifies the IPsec
         security policy entry in the tmnxIPsecPolicyTable that this tunnel
         will use."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 10 }

tmnxIPsecTunnelKeyingType        OBJECT-TYPE
    SYNTAX      TmnxIPsecKeyingType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelKeyingType specifies the keying type that
         this tunnel will use."
    DEFVAL      { none }
    ::= { tmnxIPsecTunnelEntry 11 }

tmnxIPsecTunnelDynTransformId1   OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelDynTransformId1 specifies the first IPsec
         transform entry in the table tmnxIPsecTransformTable that this tunnel
         will use."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 12 }

tmnxIPsecTunnelDynTransformId2   OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelDynTransformId2 specifies the second IPsec
         transform entry in the table tmnxIPsecTransformTable that this tunnel
         will use.

         The value of tmnxIPsecTunnelDynTransformId2 is valid and greater than
         0, only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 13 }

tmnxIPsecTunnelDynTransformId3   OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelDynTransformId3 specifies the third IPsec
         transform entry in the table tmnxIPsecTransformTable that this tunnel
         will use.

         The value of tmnxIPsecTunnelDynTransformId3 is valid and greater than
         0, only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 14 }

tmnxIPsecTunnelDynTransformId4   OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelDynTransformId4 specifies the fourth IPsec
         transform entry in the table tmnxIPsecTransformTable that this tunnel
         will use.

         The value of tmnxIPsecTunnelDynTransformId3 is valid and greater than
         0, only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 15 }

tmnxIPsecTunnelIkePolicyId       OBJECT-TYPE
    SYNTAX      TmnxIkePolicyIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The object tmnxIPsecTunnelIkePolicyId specifies the IKE policy entry
         that this tunnel will use.

         The value of tmnxIPsecTunnelIkePolicyId is valid and greater than 0,
         only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 16 }

tmnxIPsecTunnelIkePreSharedKey   OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelIkePreSharedKey specifies the shared
         secret between the two peers forming the tunnel.

         The value of tmnxIPsecTunnelIkePreSharedKey is a valid and non null
         string only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'."
    DEFVAL      { "" }
    ::= { tmnxIPsecTunnelEntry 17 }

tmnxIPsecTunnelAdminState        OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelAdminState specifies the administrative
         state of the tmnxIPsecTunnelEntry."
    DEFVAL      { outOfService }
    ::= { tmnxIPsecTunnelEntry 18 }

tmnxIPsecTunnelOperState         OBJECT-TYPE
    SYNTAX      TmnxIPsecOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelOperState indicates the operational status
         of tmnxIPsecTunnelEntry."
    ::= { tmnxIPsecTunnelEntry 19 }

tmnxIPsecTunnelOperFlags         OBJECT-TYPE
    SYNTAX      BITS {
        unresolvedLocalIp   (0),
        tunnelAdminDown     (1),
        sapDown             (2),
        unresolvedPublicSvc (3),
        bfdSessionDown      (4),
        reserved1           (5),
        unresolvedDstIp     (6),
        invalidCertFile     (7),
        invalidKeyFile      (8),
        trustAnchorsDown    (9),
        certProfileDown     (10),
        invalidCertKeyCombo (11)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelOperFlags indicates the reason why the
         tunnel is operationally down."
    ::= { tmnxIPsecTunnelEntry 20 }

tmnxIPsecTunnelReplayWindow      OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 32 | 64 | 128 | 256 | 512)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelReplayWindow specifies the size of the
         anti-replay window.

         If the value of tmnxIPsecTunnelReplayWindow is set to 0, then the
         anti-replay feature is disabled."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 21 }

tmnxIPsecTunnelAutoEstablish     OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelAutoEstablish specifies whether to attempt
         to establish a phase 1 exchange automatically."
    DEFVAL      { false }
    ::= { tmnxIPsecTunnelEntry 22 }

tmnxIPsecTunnelBfdDesignate      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdDesignate specifies whether this IPSec
         tunnel is the BFD designated tunnel."
    DEFVAL      { false }
    ::= { tmnxIPsecTunnelEntry 23 }

tmnxIPsecTunnelCertTrustAnchor   OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelCertTrustAnchor specifies the name for
         Certificate-Authority Profile name associated with this SAP IPSec
         tunnel certificate.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxIPsecTunnelAdminState is in 'inService' state.

         This object has been marked obsolete in SROS Release 15.0. The
         functionality of this object is replaced by
         tmnxIPsecTunnelCertTrstAnchrProf."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTunnelEntry 24 }

tmnxIPsecTunnelCertFile          OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelCertFile specifies the local file URL of
         the certificate to be used with this SAP IPSec tunnel.

         An 'inconsistentValue' error is returned when
         tmnxIPsecTunnelCertProfile is set to non-default value and
         tmnxIPsecTunnelCertFile or tmnxIPsecTunnelKeyFile is set to
         non-default value.

         This object has been marked obsolete in SROS Release 15.0. The
         functionality of this object is replaced by
         tmnxIPsecTunnelCertProfile."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTunnelEntry 25 }

tmnxIPsecTunnelKeyFile           OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelKeyFile specifies the key-pair file to be
         used for X.509 certificate authentication with this SAP IPSec tunnel.

         An 'inconsistentValue' error is returned when
         tmnxIPsecTunnelCertProfile is set to non-default value and
         tmnxIPsecTunnelCertFile or tmnxIPsecTunnelKeyFile is set to
         non-default value.

         This object has been marked obsolete in SROS Release 15.0. The
         functionality of this object is replaced by
         tmnxIPsecTunnelCertProfile."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTunnelEntry 26 }

tmnxIPsecTunnelLocalIdType       OBJECT-TYPE
    SYNTAX      TmnxIPsecLocalIdType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelLocalIdType specifies the local identifier
         type used for IDi or IDr for IKEv2.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxIPsecTunnelAdminState is in 'inService' state."
    DEFVAL      { none }
    ::= { tmnxIPsecTunnelEntry 27 }

tmnxIPsecTunnelLocalIdValue      OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelLocalIdValue specifies the value
         associated with tmnxIPsecTunnelLocalIdType object.

         Value is extracted from the configured certificate when
         tmnxIPsecTunnelLocalIdType is set to 'dn'."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTunnelEntry 28 }

tmnxIPsecTunnelClearDfBit        OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelClearDfBit specifies whether to clear Do
         not Fragment (DF) bit in the outgoing packets in this tunnel."
    DEFVAL      { false }
    ::= { tmnxIPsecTunnelEntry 29 }

tmnxIPsecTunnelIpMtu             OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 512..9000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelIpMtu specifies the MTU size for IP packets
         for this  tunnel.

         A value set to zero indicates maximum supported MTU size on the SAP
         for this tunnel."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 30 }

tmnxIPsecTunnelHostISA           OBJECT-TYPE
    SYNTAX      TmnxHwIndexOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelHostISA indicates the active ISA MDA that
         is being used to host this IPsec tunnel.

         This object will have a value of zero when this tunnel is
         operationally down."
    ::= { tmnxIPsecTunnelEntry 31 }

tmnxIPsecTunnelCSVPrimary        OBJECT-TYPE
    SYNTAX      TmnxCertRevStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelCSVPrimary specifies the primary method of
         Certificate Status Verification (CSV) that is used to verify
         revocation status of the certificate of the peer.

         This value must be set in the same PDU as tmnxIPsecTunnelCSVSecondary
         if the value of tmnxIPsecTunnelAdminState is equal to 'inService (2)'."
    DEFVAL      { crl }
    ::= { tmnxIPsecTunnelEntry 32 }

tmnxIPsecTunnelCSVSecondary      OBJECT-TYPE
    SYNTAX      TmnxCertRevStatusOrNone
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelCSVSecondary specifies the secondary
         method of Certificate Status Verification (CSV) that is used to verify
         revocation status of the certificate of the peer.

         This value must be set in the same PDU as tmnxIPsecTunnelCSVPrimary if
         the value of tmnxIPsecTunnelAdminState is equal to 'inService (2)'."
    DEFVAL      { none }
    ::= { tmnxIPsecTunnelEntry 33 }

tmnxIPsecTunnelCSVDefResult      OBJECT-TYPE
    SYNTAX      INTEGER {
        revoked (0),
        good    (1)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelCSVDefResult specifies the default result
         of Certificate Status Verification (CSV) when both primary and
         secondary method failed to provide an answer."
    DEFVAL      { revoked }
    ::= { tmnxIPsecTunnelEntry 34 }

tmnxIPsecTunnelCertProfile       OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelCertProfile specifies the certificate
         profile associated with this IPsec tunnel."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTunnelEntry 35 }

tmnxIPsecTunnelMatchTrustAnchor  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelMatchTrustAnchor indicates the name for
         matched Certificate-Authority Profile name associated with this SAP
         IPSec tunnel certificate."
    ::= { tmnxIPsecTunnelEntry 36 }

tmnxIPsecTunnelCertTrstAnchrProf OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelCertTrstAnchrProf specifies the name for
         Certificate-Authority Trust Anchor Profile name associated with this
         SAP IPSec tunnel certificate.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxIPsecTunnelAdminState is in 'inService' state."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTunnelEntry 37 }

tmnxIPsecTunnelEncapIpMtu        OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 512..9000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelEncapIpMtu specifies the MTU size for IP
         packets after tunnel encapsulation has been added.

         A value set to zero indicates maximum supported MTU size on the SAP
         for this tunnel."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 38 }

tmnxIPsecTunnelIcmp6Pkt2Big      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelIcmp6Pkt2Big specifies whether
         packet-too-big ICMP messages should be sent. When it is set to 'true',
         ICMPv6 packet-too-big messages are generated by this IPsec tunnel.
         When tmnxIPsecTunnelIcmp6Pkt2Big is set to 'false (2)', ICMPv6
         packet-too-big messages are not sent.

         When the value of tmnxIPsecTunnelIcmp6Pkt2Big is 'false (2)', it must
         be set in the same SNMP PDU as tmnxIPsecTunnelIcmp6NumPkt2Big and
         tmnxIPsecTunnelIcmp6Pkt2BigTime. The value of
         tmnxIPsecTunnelIcmp6NumPkt2Big and tmnxIPsecTunnelIcmp6Pkt2BigTime
         must be their default values."
    DEFVAL      { true }
    ::= { tmnxIPsecTunnelEntry 40 }

tmnxIPsecTunnelIcmp6NumPkt2Big   OBJECT-TYPE
    SYNTAX      Unsigned32 (10..1000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelIcmp6NumPkt2Big specifies how many
         packet-too-big ICMPv6 messages are transmitted in the time frame
         specified by tmnxIPsecTunnelIcmp6Pkt2BigTime.

         This value must be set in the same SNMP SET PDU as
         tmnxIPsecTunnelIcmp6Pkt2Big."
    DEFVAL      { 100 }
    ::= { tmnxIPsecTunnelEntry 41 }

tmnxIPsecTunnelIcmp6Pkt2BigTime  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..60)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelIcmp6Pkt2BigTime specifies the time frame
         in seconds that is used to limit the number of packet-too-big ICMPv6
         messages transmitted per time frame.

         This value must be set in the same SNMP SET PDU as
         tmnxIPsecTunnelIcmp6Pkt2Big."
    DEFVAL      { 10 }
    ::= { tmnxIPsecTunnelEntry 42 }

tmnxIPsecTunnelOperChanged       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelOperChanged indicates the sysUpTime at the
         time of the last operational status change of this entry."
    ::= { tmnxIPsecTunnelEntry 43 }

tmnxIPsecTunnelPubTcpMssAdjust   OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 0 | 512..9000)
    UNITS       "octets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelPubTcpMssAdjust specifies the Maximum
         Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
         sent from the public network to the private network. The system may
         use this value to adjust or insert the MSS option in TCP SYN packet.

         The TCP MSS adjustment functionality on the public side network is
         disabled when the following conditions are met.
         1) The value of tmnxIPsecTunnelPubTcpMssAdjust is '-1' or
         2) The values of tmnxIPsecTunnelPubTcpMssAdjust and
            tmnxIPsecTunnelEncapIpMtu are both '0'.

         When the system receives a TCP SYN packet from the public network and
         this packet contains an MSS option, the system replaces the MSS option
         value with a new MSS when the new MSS is smaller than the MSS option
         value.

         When the system receives a TCP SYN packet from the public network and
         this packet does not contain an MSS option, the system inserts one
         with a new MSS.

         The new MSS is calculated based on the following rules.
         1) When the value of tmnxIPsecTunnelPubTcpMssAdjust is '0' and
            tmnxIPsecTunnelEncapIpMtu has a non-zero value,
            New MSS = tmnxIPsecTunnelEncapIpMtu - total header size (e.g.,
                      encryption, encapsulation, TCP and IP headers)
         2) When the value of tmnxIPsecTunnelPubTcpMssAdjust is in the range
            of (512..9000)
            New MSS = tmnxIPsecTunnelPubTcpMssAdjust"
    REFERENCE
        "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
    DEFVAL      { -1 }
    ::= { tmnxIPsecTunnelEntry 49 }

tmnxIPsecTunnelPrivTcpMssAdjust  OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 512..9000)
    UNITS       "octets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelPrivTcpMssAdjust specifies the Maximum
         Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
         sent from the private network to the public network. The system may
         use this value to adjust or insert the MSS option in TCP SYN packet.

         The value of '-1' specifies that the TCP MSS adjustment functionality
         on the private side is disabled.

         When the system receives a TCP SYN packet from the private network and
         this packet contains an MSS option, the system replaces the MSS option
         value with tmnxIPsecTunnelPrivTcpMssAdjust when the value of
         tmnxIPsecTunnelPrivTcpMssAdjust is smaller than the MSS option value.

         When the system receives a TCP SYN packet from the private network and
         this packet does not contain an MSS option, the system inserts one
         whose MSS is equal to tmnxIPsecTunnelPrivTcpMssAdjust."
    REFERENCE
        "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
    DEFVAL      { -1 }
    ::= { tmnxIPsecTunnelEntry 50 }

tmnxIPsecTunnelMaxNumPh1SaKeys   OBJECT-TYPE
    SYNTAX      Unsigned32 (0..3)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelMaxNumPh1SaKeys specifies the maximum
         number of security association (SA) phase 1 keys, which can be saved
         by the system, for this IPsec tunnel."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 51 }

tmnxIPsecTunnelMaxNumPh2SaKeys   OBJECT-TYPE
    SYNTAX      Unsigned32 (0..48)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelMaxNumPh2SaKeys specifies the maximum
         number of security association (SA) phase 2 keys, which can be saved
         by the system, for this IPsec tunnel."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTunnelEntry 52 }

tmnxIPsecTunnelPublicSvcName     OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelPublicSvcName specifies the name of the
         tunnel delivery service. The tunnel cannot become operationally in
         service until the public service exists and has a
         TIMETRA-SERV-MIB::svcType of either 'ies (5)' or 'vprn (4)'.

         The values of tmnxIPsecTunnelPublicSvcName and
         tmnxIPsecTunnelPublicSvcId must be mutually exclusive and cannot
         simultaneously have non-default values."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTunnelEntry 53 }

tmnxIPsecTunnelSecPlyStrictMatch OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelSecPlyStrictMatch specifies whether or not
         the system does a strict match when it receives a CREATE_CHILD
         exchange request, which is not for rekey, for this IPsec tunnel."
    DEFVAL      { false }
    ::= { tmnxIPsecTunnelEntry 54 }

tmnxIPsecTunnelStatsTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTunnelStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store IPsec Tunnel statistics"
    ::= { tmnxIPsecObjects 7 }

tmnxIPsecTunnelStatsEntry        OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Statistics for a single IPsec Tunnel."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxIPsecTunnelName
    }
    ::= { tmnxIPsecTunnelStatsTable 1 }

TmnxIPsecTunnelStatsEntry        ::= SEQUENCE
{
    tmnxIPsecTunnelIsakmpState       INTEGER,
    tmnxIPsecTunnelIsakmpEstabTime   TimeStamp,
    tmnxIPsecTunnelIsakmpNegLifeTime Unsigned32,
    tmnxIPsecTunnelNumDpdTx          Counter32,
    tmnxIPsecTunnelNumDpdRx          Counter32,
    tmnxIPsecTunnelNumDpdAckTx       Counter32,
    tmnxIPsecTunnelNumDpdAckRx       Counter32,
    tmnxIPsecTunnelNumExpRx          Counter32,
    tmnxIPsecTunnelNumInvalidDpdRx   Counter32,
    tmnxIPsecTunnelNumCtrlPktsTx     Counter32,
    tmnxIPsecTunnelNumCtrlPktsRx     Counter32,
    tmnxIPsecTunnelNumCtrlTxErrors   Counter32,
    tmnxIPsecTunnelNumCtrlRxErrors   Counter32,
    tmnxIPsecTunnelMatCertEntryId    Integer32,
    tmnxIPsecTunnelCertProfName      TNamedItemOrEmpty,
    tmnxIPsecTunnelStatIsakmpAuthAlg TmnxAuthAlgorithm,
    tmnxIPsecTunnelStatIsakmpEncrAlg TmnxEncrAlgorithm,
    tmnxIPsecTunnelStatIsakmpPfsDhGp TmnxIkePolicyDHGroupOrZero,
    tmnxIPsecTunnelStatIkeTranPrfAlg INTEGER
}

tmnxIPsecTunnelIsakmpState       OBJECT-TYPE
    SYNTAX      INTEGER {
        up   (1),
        down (2)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelIsakmpState indicates the state of phase 1
         IPsec negotiation."
    ::= { tmnxIPsecTunnelStatsEntry 1 }

tmnxIPsecTunnelIsakmpEstabTime   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelIsakmpEstabTime indicates the sysUpTime at
         the time the IPsec phase 1 negotiation completed."
    ::= { tmnxIPsecTunnelStatsEntry 2 }

tmnxIPsecTunnelIsakmpNegLifeTime OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelIsakmpNegLifeTime indicates the lifetime
         negotiated for phase1 IKE key."
    ::= { tmnxIPsecTunnelStatsEntry 3 }

tmnxIPsecTunnelNumDpdTx          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumDpdTx indicates the number of
         Dead-Peer-Detection packets transmitted."
    ::= { tmnxIPsecTunnelStatsEntry 4 }

tmnxIPsecTunnelNumDpdRx          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumDpdRx indicates the number of
         Dead-Peer-Detection packets received."
    ::= { tmnxIPsecTunnelStatsEntry 5 }

tmnxIPsecTunnelNumDpdAckTx       OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumDpdAckTx indicates the number of
         Dead-Peer-Detection acknowledgement packets transmitted."
    ::= { tmnxIPsecTunnelStatsEntry 6 }

tmnxIPsecTunnelNumDpdAckRx       OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumDpdAckRx indicates the number of
         Dead-Peer-Detection acknowledgement packets received."
    ::= { tmnxIPsecTunnelStatsEntry 7 }

tmnxIPsecTunnelNumExpRx          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumExpRx indicates the number of DPD
         R-U-THERE packets that have not been acknowledged."
    ::= { tmnxIPsecTunnelStatsEntry 8 }

tmnxIPsecTunnelNumInvalidDpdRx   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumInvalidDpdRx indicates the number of
         malformed DPD R-U-THERE acknowledgement packets received."
    ::= { tmnxIPsecTunnelStatsEntry 9 }

tmnxIPsecTunnelNumCtrlPktsTx     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumCtrlPktsTx indicates the number of
         control packets this IPsec Tunnel has sent."
    ::= { tmnxIPsecTunnelStatsEntry 10 }

tmnxIPsecTunnelNumCtrlPktsRx     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumCtrlPktsRx indicates the number of
         control packets this IPsec Tunnel has received."
    ::= { tmnxIPsecTunnelStatsEntry 11 }

tmnxIPsecTunnelNumCtrlTxErrors   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumCtrlTxErrors indicates the number of
         control packet transmit errors."
    ::= { tmnxIPsecTunnelStatsEntry 12 }

tmnxIPsecTunnelNumCtrlRxErrors   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumCtrlRxErrors indicates the number of
         control packet receive errors."
    ::= { tmnxIPsecTunnelStatsEntry 13 }

tmnxIPsecTunnelMatCertEntryId    OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelMatCertEntryId indicates the matching
         certificate profile entry id used for this tunnel."
    ::= { tmnxIPsecTunnelStatsEntry 14 }

tmnxIPsecTunnelCertProfName      OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelCertProfName indicates a specific IPsec
         tunnel certificate profile name used for this tunnel."
    ::= { tmnxIPsecTunnelStatsEntry 15 }

tmnxIPsecTunnelStatIsakmpAuthAlg OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelStatIsakmpAuthAlg indicates the
         authentication algorithm of the IPsec phase 1 negotiation for this
         IPsec tunnel."
    ::= { tmnxIPsecTunnelStatsEntry 17 }

tmnxIPsecTunnelStatIsakmpEncrAlg OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelStatIsakmpEncrAlg indicates the encryption
         algorithm of the IPsec phase 1 negotiation for this IPsec tunnel."
    ::= { tmnxIPsecTunnelStatsEntry 18 }

tmnxIPsecTunnelStatIsakmpPfsDhGp OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroupOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelStatIsakmpPfsDhGp indicates the
         Diffie-Hellman (DH) group of the IPsec phase 1 negotiation for this
         IPsec tunnel.

         The Diffie-Hellman (DH) group is used by the IPsec tunnel to achieve
         Perfect Forward Secrecy (PFS)."
    ::= { tmnxIPsecTunnelStatsEntry 19 }

tmnxIPsecTunnelStatIkeTranPrfAlg OBJECT-TYPE
    SYNTAX      INTEGER {
        md5        (2),
        sha1       (3),
        sha256     (4),
        sha384     (5),
        sha512     (6),
        aesXcbc    (7),
        sameAsAuth (8)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelStatIkeTranPrfAlg specifies the
         pseudo-random function (PRF)."
    ::= { tmnxIPsecTunnelStatsEntry 20 }

tmnxIPsecPolicyTableLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyTableLastChanged indicates the sysUpTime
         at the time of the last modification to tmnxIPsecPolicyTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 8 }

tmnxIPsecPolicyTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec Security Policy entries."
    ::= { tmnxIPsecObjects 9 }

tmnxIPsecPolicyEntry             OBJECT-TYPE
    SYNTAX      TmnxIPsecPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Security Policy entry."
    INDEX       {
        svcId,
        tmnxIPsecPolicyId
    }
    ::= { tmnxIPsecPolicyTable 1 }

TmnxIPsecPolicyEntry             ::= SEQUENCE
{
    tmnxIPsecPolicyId                TmnxIPsecPolicyId,
    tmnxIPsecPolicyRowStatus         RowStatus,
    tmnxIPsecPolicyLastChanged       TimeStamp
}

tmnxIPsecPolicyId                OBJECT-TYPE
    SYNTAX      TmnxIPsecPolicyId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyId specifies the id of a Security Policy
         entry and is the primary index for the table."
    ::= { tmnxIPsecPolicyEntry 1 }

tmnxIPsecPolicyRowStatus         OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecPolicyRowStatus object is used to create and delete rows
         in the tmnxIPsecPolicyTable."
    ::= { tmnxIPsecPolicyEntry 2 }

tmnxIPsecPolicyLastChanged       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyLastChanged indicates the sysUpTime at the
         time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecPolicyEntry 3 }

tmnxIPsecPlcyParamsTblLastChangd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPlcyParamsTblLastChangd indicates the sysUpTime
         at the time of the last modification to tmnxIPsecPolicyParamsTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 10 }

tmnxIPsecPolicyParamsTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecPolicyParamsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec Security Policy Params entries."
    ::= { tmnxIPsecObjects 11 }

tmnxIPsecPolicyParamsEntry       OBJECT-TYPE
    SYNTAX      TmnxIPsecPolicyParamsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Security policy params entry."
    INDEX       {
        svcId,
        tmnxIPsecPolicyId,
        tmnxIPsecPolicyParamsId
    }
    ::= { tmnxIPsecPolicyParamsTable 1 }

TmnxIPsecPolicyParamsEntry       ::= SEQUENCE
{
    tmnxIPsecPolicyParamsId          Unsigned32,
    tmnxIPsecPolicyParamsRowStatus   RowStatus,
    tmnxIPsecPolicyParamsLastChanged TimeStamp,
    tmnxIPsecPolicyParamsLclAddrAny  TruthValue,
    tmnxIPsecPolicyParamsLclAddrType InetAddressType,
    tmnxIPsecPolicyParamsLclAddr     InetAddress,
    tmnxIPsecPolicyParamsLclAPrefLen InetAddressPrefixLength,
    tmnxIPsecPolicyParamsRemAddrAny  TruthValue,
    tmnxIPsecPolicyParamsRemAddrType InetAddressType,
    tmnxIPsecPolicyParamsRemAddr     InetAddress,
    tmnxIPsecPolicyParamsRemAPrefLen InetAddressPrefixLength,
    tmnxIPsecPlcyParamsV6LclAddrAny  TruthValue,
    tmnxIPsecPlcyParamsV6LclAddrType InetAddressType,
    tmnxIPsecPlcyParamsV6LclAddr     InetAddress,
    tmnxIPsecPlcyParamsV6LclAPrefLen InetAddressPrefixLength,
    tmnxIPsecPlcyParamsV6RemAddrAny  TruthValue,
    tmnxIPsecPlcyParamsV6RemAddrType InetAddressType,
    tmnxIPsecPlcyParamsV6RemAddr     InetAddress,
    tmnxIPsecPlcyParamsV6RemAPrefLen InetAddressPrefixLength
}

tmnxIPsecPolicyParamsId          OBJECT-TYPE
    SYNTAX      Unsigned32 (1..16)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsId specifies the id of an IPsec
         policy params entry and is part of the index for the
         tmnxIPsecPolicyParamsTable."
    ::= { tmnxIPsecPolicyParamsEntry 1 }

tmnxIPsecPolicyParamsRowStatus   OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecPolicyParamsRowStatus object is used to create and delete
         rows in the tmnxIPsecPolicyParamsTable."
    ::= { tmnxIPsecPolicyParamsEntry 2 }

tmnxIPsecPolicyParamsLastChanged OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsLastChanged indicates the sysUpTime
         at the time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecPolicyParamsEntry 3 }

tmnxIPsecPolicyParamsLclAddrAny  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsLclAddrAny specifies whether the IP
         address on the vpn side can be any IP address. If the value is 'true'
         then local IP address can be any IP address.

         Please look at the following chart for more details:

         tmnxIPsecPolicyParamsLclAddrAny    true         false
         -----------------------------------------------------------------
         tmnxIPsecPolicyParamsLclAddrType   unknown      unknown or ipv4
         tmnxIPsecPolicyParamsLclAddr       ''H          ''H or valid ipv4
         tmnxIPsecPolicyParamsLclAPrefLen   0            0 to 32"
    DEFVAL      { false }
    ::= { tmnxIPsecPolicyParamsEntry 4 }

tmnxIPsecPolicyParamsLclAddrType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsLclAddrType specifies the address
         type of address in tmnxIPsecPolicyParamsLclAddr. If the value of
         tmnxIPsecPolicyParamsLclAddrAny is 'true' then the value of
         tmnxIPsecPolicyParamsLclAddrType will be 'unknown'."
    DEFVAL      { unknown }
    ::= { tmnxIPsecPolicyParamsEntry 5 }

tmnxIPsecPolicyParamsLclAddr     OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsLclAddr specifies the ip address on
         the vpn side. If the value of tmnxIPsecPolicyParamsLclAddrAny is
         'true' then the value of tmnxIPsecPolicyParamsLclAddr will be
         empty(''H)."
    DEFVAL      { ''H }
    ::= { tmnxIPsecPolicyParamsEntry 6 }

tmnxIPsecPolicyParamsLclAPrefLen OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsLclAPrefLen specifies the number of
         bits to match of the tmnxIPsecPolicyParamsLclAddr. If the value of
         tmnxIPsecPolicyParamsLclAddrAny is 'true' then the value of
         tmnxIPsecPolicyParamsLclAPrefLen will be 0."
    DEFVAL      { 0 }
    ::= { tmnxIPsecPolicyParamsEntry 7 }

tmnxIPsecPolicyParamsRemAddrAny  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsRemAddrAny specifies whether the IP
         address on the tunnel side can be any IP address. If the value is
         'true' then remote IP address can be any IP address.

         Please look at the following chart for more details:

         tmnxIPsecPolicyParamsRemAddrAny     true         false
         -----------------------------------------------------------------
         tmnxIPsecPolicyParamsRemAddrType    unknown      unknown or ipv4
         tmnxIPsecPolicyParamsRemAddr        ''H          ''H or valid ipv4
         tmnxIPsecPolicyParamsRemAPrefLen    0            0 to 32"
    DEFVAL      { false }
    ::= { tmnxIPsecPolicyParamsEntry 8 }

tmnxIPsecPolicyParamsRemAddrType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsRemAddrType specifies the address
         type of address in tmnxIPsecPolicyParamsRemAddr. If the value of
         tmnxIPsecPolicyParamsRemAddrAny is 'true' then the value of
         tmnxIPsecPolicyParamsRemAddrType will be 'unknown'."
    DEFVAL      { unknown }
    ::= { tmnxIPsecPolicyParamsEntry 9 }

tmnxIPsecPolicyParamsRemAddr     OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsRemAddr specifies the ip address on
         the tunnel side. If the value of tmnxIPsecPolicyParamsRemAddrAny is
         'true' then the value of tmnxIPsecPolicyParamsRemAddr will be
         empty(''H)."
    DEFVAL      { ''H }
    ::= { tmnxIPsecPolicyParamsEntry 10 }

tmnxIPsecPolicyParamsRemAPrefLen OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsRemAPrefLen specifies the number of
         bits to match of the tmnxIPsecPolicyParamsRemAddr. If the value of
         tmnxIPsecPolicyParamsRemAddrAny is 'true' then the value of
         tmnxIPsecPolicyParamsRemAPrefLen will be 0."
    DEFVAL      { 0 }
    ::= { tmnxIPsecPolicyParamsEntry 11 }

tmnxIPsecPlcyParamsV6LclAddrAny  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPlcyParamsV6LclAddrAny specifies whether the
         ipv6 address on the vpn side can be any ipv6 address. If the value is
         'true' then local ipv6 address can be any ipv6 address.

         Please look at the following chart for more details:

         tmnxIPsecPlcyParamsV6LclAddrAny    true         false
         -----------------------------------------------------------------
         tmnxIPsecPlcyParamsV6LclAddrType   unknown      unknown or ipv6
         tmnxIPsecPlcyParamsV6LclAddr       ''H          ''H or valid ipv6
         tmnxIPsecPlcyParamsV6LclAPrefLen   0            0 to 128"
    DEFVAL      { false }
    ::= { tmnxIPsecPolicyParamsEntry 12 }

tmnxIPsecPlcyParamsV6LclAddrType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPlcyParamsV6LclAddrType specifies the address
         type of address in tmnxIPsecPlcyParamsV6LclAddr. If the value of
         tmnxIPsecPlcyParamsV6LclAddrAny is 'true' then the value of
         tmnxIPsecPlcyParamsV6LclAddrType will be 'unknown'."
    DEFVAL      { unknown }
    ::= { tmnxIPsecPolicyParamsEntry 13 }

tmnxIPsecPlcyParamsV6LclAddr     OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPlcyParamsV6LclAddr specifies the ipv6 address
         on the vpn side. If the value of tmnxIPsecPlcyParamsV6LclAddrAny is
         'true' then the value of tmnxIPsecPlcyParamsV6LclAddr will be
         empty(''H)."
    DEFVAL      { ''H }
    ::= { tmnxIPsecPolicyParamsEntry 14 }

tmnxIPsecPlcyParamsV6LclAPrefLen OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0 | 1..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPlcyParamsV6LclAPrefLen specifies the number of
         bits to match of the tmnxIPsecPlcyParamsV6LclAddr. If the value of
         tmnxIPsecPlcyParamsV6LclAddrAny is 'true' then the value of
         tmnxIPsecPlcyParamsV6LclAPrefLen will be 0."
    DEFVAL      { 0 }
    ::= { tmnxIPsecPolicyParamsEntry 15 }

tmnxIPsecPlcyParamsV6RemAddrAny  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPlcyParamsV6RemAddrAny specifies whether the
         ipv6 address on the tunnel side can be any ipv6 address. If the value
         is 'true' then remote ipv6 address can be any ipv6 address.

         Please look at the following chart for more details:

         tmnxIPsecPlcyParamsV6RemAddrAny    true         false
         -----------------------------------------------------------------
         tmnxIPsecPlcyParamsV6RemAddrType   unknown      unknown or ipv6
         tmnxIPsecPlcyParamsV6RemAddr       ''H          ''H or valid ipv6
         tmnxIPsecPlcyParamsV6RemAPrefLen   0            0 to 128"
    DEFVAL      { false }
    ::= { tmnxIPsecPolicyParamsEntry 16 }

tmnxIPsecPlcyParamsV6RemAddrType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPlcyParamsV6RemAddrType specifies the address
         type of address in tmnxIPsecPlcyParamsV6RemAddr. If the value of
         tmnxIPsecPlcyParamsV6RemAddrAny is 'true' then the value of
         tmnxIPsecPlcyParamsV6RemAddrType will be 'unknown'."
    DEFVAL      { unknown }
    ::= { tmnxIPsecPolicyParamsEntry 17 }

tmnxIPsecPlcyParamsV6RemAddr     OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPlcyParamsV6RemAddr specifies the ipv6 address
         on the tunnel side. If the value of tmnxIPsecPlcyParamsV6RemAddrAny is
         'true' then the value of tmnxIPsecPlcyParamsV6RemAddr will be
         empty(''H)."
    DEFVAL      { ''H }
    ::= { tmnxIPsecPolicyParamsEntry 18 }

tmnxIPsecPlcyParamsV6RemAPrefLen OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0 | 1..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPlcyParamsV6RemAPrefLen specifies the number of
         bits to match of the tmnxIPsecPlcyParamsV6RemAddr. If the value of
         tmnxIPsecPlcyParamsV6RemAddrAny is 'true' then the value of
         tmnxIPsecPlcyParamsV6RemAPrefLen will be 0."
    DEFVAL      { 0 }
    ::= { tmnxIPsecPolicyParamsEntry 19 }

tmnxIPsecSATableLastChanged      OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSATableLastChanged indicates the sysUpTime at
         the time of the last modification to tmnxIPsecSATable by adding,
         deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 12 }

tmnxIPsecSATable                 OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec manual and dynamic SA entries."
    ::= { tmnxIPsecObjects 13 }

tmnxIPsecSAEntry                 OBJECT-TYPE
    SYNTAX      TmnxIPsecSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec SA entry."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxIPsecTunnelName,
        tmnxIPsecSAId,
        tmnxIPsecSADirection,
        tmnxIPsecSAIndex
    }
    ::= { tmnxIPsecSATable 1 }

TmnxIPsecSAEntry                 ::= SEQUENCE
{
    tmnxIPsecSAId                    Unsigned32,
    tmnxIPsecSAIndex                 Unsigned32,
    tmnxIPsecSADirection             TmnxIPsecDirection,
    tmnxIPsecSARowStatus             RowStatus,
    tmnxIPsecSALastChanged           TimeStamp,
    tmnxIPsecSAType                  TmnxIPsecKeyingType,
    tmnxIPsecSAEncryptionKey         OCTET STRING,
    tmnxIPsecSAAuthenticationKey     OCTET STRING,
    tmnxIPsecSASpi                   Unsigned32,
    tmnxIPsecSAManualTransformId     TmnxIPsecTransformIdOrZero,
    tmnxIPsecSAAuthAlgorithm         TmnxAuthAlgorithm,
    tmnxIPsecSAEncrAlgorithm         TmnxEncrAlgorithm,
    tmnxIPsecSAStorageType           StorageType,
    tmnxIPsecSAEstablishedTime       TimeStamp,
    tmnxIPsecSANegotiatedLifeTime    Unsigned32
}

tmnxIPsecSAId                    OBJECT-TYPE
    SYNTAX      Unsigned32 (1..16)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAId specifies the id of an SA entry and is part
         of the index for the tmnxIPsecSATable."
    ::= { tmnxIPsecSAEntry 1 }

tmnxIPsecSAIndex                 OBJECT-TYPE
    SYNTAX      Unsigned32 (1..2)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAIndex specifies an additional index to
         uniquely identify the SA entry in the tmnxIPsecSATable.

         The value of tmnxIPsecSAIndex is limited to a value of '1' when
         tmnxIPsecTunnelKeyingType corresponding to the tunnel specified
         tmnxIPsecTunnelName is set to 'static'."
    ::= { tmnxIPsecSAEntry 2 }

tmnxIPsecSADirection             OBJECT-TYPE
    SYNTAX      TmnxIPsecDirection
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSADirection specifies the direction on the
         IPsec tunnel to which this SA entry can be applied.  The value
         of tmnxIPsecSADirection is also part of the index for the table
         tmnxIPsecSATable"
    ::= { tmnxIPsecSAEntry 3 }

tmnxIPsecSARowStatus             OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecSARowStatus object is used to create and delete rows in
         the tmnxIPsecSATable.

         When creating an entry in tmnxIPsecSATable, the value of
         tmnxIPsecSARowStatus must be 'createAndGo' and the objects
         tmnxIPsecSAEncryptionKey, tmnxIPsecSAAuthenticationKey,
         tmnxIPsecSASpi, tmnxIPsecSAManualTransformId are required to be set in
         the same request."
    ::= { tmnxIPsecSAEntry 4 }

tmnxIPsecSALastChanged           OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSALastChanged indicates the sysUpTime at the
         time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecSAEntry 5 }

tmnxIPsecSAType                  OBJECT-TYPE
    SYNTAX      TmnxIPsecKeyingType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAType indicates whether this SA entry is
         created manually by the user or dynamically by the IPsec subsystem."
    ::= { tmnxIPsecSAEntry 6 }

tmnxIPsecSAEncryptionKey         OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..32))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAEncryptionKey specifies the key used for the
         encryption algorithm defined by the tmnxIPsecTransformEncrAlgorithm in
         the IPsec transform indexed by tmnxIPsecSAManualTransformId.

         The length of the key must match the length required by the encryption
         algorithm. If a key of another length is set, the request will fail
         with an 'inconsistentValue' error.

         There is no default value for tmnxIPsecSAEncryptionKey and this is a
         required object when creating an entry in tmnxIPsecSATable. If
         tmnxIPsecSAEncryptionKey is not specified when creating an entry, the
         request will fail with an 'inconsistentValue' error."
    ::= { tmnxIPsecSAEntry 7 }

tmnxIPsecSAAuthenticationKey     OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAAuthenticationKey specifies the key used for
         the authentication algorithm defined by the
         tmnxIPsecTransformAuthAlgorithm in the IPsec transform indexed by
         tmnxIPsecSAManualTransformId.

         The length of the key must match the length required by the
         authentication algorithm. If a key of another length is set, the
         request will fail with an 'inconsistentValue' error.

         There is no default value for tmnxIPsecSAAuthenticationKey and this is
         a required object when creating an entry in tmnxIPsecSATable. If
         tmnxIPsecSAAuthenticationKey is not specified when creating an entry,
         the request will fail with an 'inconsistentValue' error."
    ::= { tmnxIPsecSAEntry 8 }

tmnxIPsecSASpi                   OBJECT-TYPE
    SYNTAX      Unsigned32 (256..16383)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSASpi specifies the SPI (Security Parameter
         Index) used to lookup the instruction to verify and decrypt the
         incoming IPsec packets when the value of tmnxIPsecSADirection is
         'inbound'.

         The value of tmnxIPsecSASpi specifies the SPI that will be used
         in the encoding of the outgoing packets when the value of
         tmnxIPsecSADirection is 'outbound'.  The remote node can use this
         SPI to lookup the instruction to verify and decrypt the packet.

         There is no default value for tmnxIPsecSASpi and this is a required
         object when creating an entry in tmnxIPsecSATable. If
         tmnxIPsecSAAuthenticationKey is not specified when creating an entry,
         the request will fail with an 'inconsistentValue' error."
    ::= { tmnxIPsecSAEntry 9 }

tmnxIPsecSAManualTransformId     OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAManualTransformId specifies the transform
         entry that will be used by this SA entry.  This object should be
         specified for all the entries created by the user which are manual
         SAs.  If the value of tmnxIPsecSAType is 'dynamic', then
         the value of tmnxIPsecSAManualTransformId is irrelevant and
         will be zero.

         There is no default value for tmnxIPsecSAManualTransformId and this is
         a required object when creating an entry in tmnxIPsecSATable. If
         tmnxIPsecSAManualTransformId is not specified when creating an entry,
         the request will fail with an 'inconsistentValue' error."
    ::= { tmnxIPsecSAEntry 10 }

tmnxIPsecSAAuthAlgorithm         OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAAuthAlgorithm indicates the authentication
         algorithm used with this SA."
    ::= { tmnxIPsecSAEntry 11 }

tmnxIPsecSAEncrAlgorithm         OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAEncrAlgorithm indicates the encryption
         algorithm used with this SA."
    ::= { tmnxIPsecSAEntry 12 }

tmnxIPsecSAStorageType           OBJECT-TYPE
    SYNTAX      StorageType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStorageType indicates how the row is stored.
         Entries with tmnxIPsecSAStorageType of 'read-only' are dynamic SAs
         and are created by the IPsec subsystem and cannot be modified or
         destroyed.  All the entries created by the user are manual SAs and
         will have the tmnxIPsecSAStorageType as 'nonVolatile'."
    ::= { tmnxIPsecSAEntry 13 }

tmnxIPsecSAEstablishedTime       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAEstablishedTime indicates the sysUpTime at the
         time the IPsec phase 2 negotiation completed."
    ::= { tmnxIPsecSAEntry 14 }

tmnxIPsecSANegotiatedLifeTime    OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSANegotiatedLifeTime indicates the lifetime
         negotiated for phase2 IKE key."
    ::= { tmnxIPsecSAEntry 15 }

tmnxIPsecSAStatsTable            OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to retrieve the IPsec SA Statistics entries."
    ::= { tmnxIPsecObjects 14 }

tmnxIPsecSAStatsEntry            OBJECT-TYPE
    SYNTAX      TmnxIPsecSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec SA Statistics entry."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxIPsecTunnelName,
        tmnxIPsecSAId,
        tmnxIPsecSADirection,
        tmnxIPsecSAIndex
    }
    ::= { tmnxIPsecSAStatsTable 1 }

TmnxIPsecSAStatsEntry            ::= SEQUENCE
{
    tmnxIPsecSAStatsBytesProcessed   Counter64,
    tmnxIPsecSAStatsBytesProcLow32   Counter32,
    tmnxIPsecSAStatsBytesProcHigh32  Counter32,
    tmnxIPsecSAStatsPktsProcessed    Counter64,
    tmnxIPsecSAStatsPktsProcLow32    Counter32,
    tmnxIPsecSAStatsPktsProcHigh32   Counter32,
    tmnxIPsecSAStatsCryptoErrors     Counter32,
    tmnxIPsecSAStatsReplayErrors     Counter32,
    tmnxIPsecSAStatsSAErrors         Counter32,
    tmnxIPsecSAStatsPolicyErrors     Counter32,
    tmnxIPsecSAStatsEncapOverhead    Counter32,
    tmnxIPsecSAStatsPreEncapFragCnt  Counter64,
    tmnxIPsecSAStatsPreEncapFragLtSz Unsigned32,
    tmnxIPsecSAStatsPstEncapFragCnt  Counter64,
    tmnxIPsecSAStatsPstEncapFragLtSz Unsigned32,
    tmnxIPsecSAStatsPfsDhGroup       TmnxIkePolicyDHGroupOrZero,
    tmnxIPsecSAStatsMulticastIfName  TNamedItemOrEmpty,
    tmnxIPsecSAStatsMulticastProt    TIPsecMulticastProtocol
}

tmnxIPsecSAStatsBytesProcessed   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsBytesProcessed indicates the number of
         bytes successfully processed for this SA."
    ::= { tmnxIPsecSAStatsEntry 1 }

tmnxIPsecSAStatsBytesProcLow32   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsBytesProcLow32 indicates the lower 32
         bits of the value of tmnxIPsecSAStatsBytesProcessed."
    ::= { tmnxIPsecSAStatsEntry 2 }

tmnxIPsecSAStatsBytesProcHigh32  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsBytesProcHigh32 indicates the higher 32
         bits of the value of tmnxIPsecSAStatsBytesProcessed."
    ::= { tmnxIPsecSAStatsEntry 3 }

tmnxIPsecSAStatsPktsProcessed    OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPktsProcessed indicates the number of
         packets successfully processed for this SA."
    ::= { tmnxIPsecSAStatsEntry 4 }

tmnxIPsecSAStatsPktsProcLow32    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPktsProcLow32 indicates the lower 32 bits
         of the value of tmnxIPsecSAStatsPktsProcessed."
    ::= { tmnxIPsecSAStatsEntry 5 }

tmnxIPsecSAStatsPktsProcHigh32   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPktsProcHigh32 indicates the higher 32
         bits of the value of tmnxIPsecSAStatsPktsProcessed."
    ::= { tmnxIPsecSAStatsEntry 6 }

tmnxIPsecSAStatsCryptoErrors     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsCryptoErrors indicates the number of
         crypto errors encountered on this SA.

         When the value of tmnxIPsecSADirection is 'inbound (1)', the
         tmnxIPsecSAStatsCryptoErrors will be set for the following errors:
             MAC miscompare
             Pad errors
             Illegal configure algorithm
             Illegal authentication algorithm
             Inner IP checksum errors
             Payload alignment errors
             Sequence number errors
             Protocol errors

         When the value of tmnxIPsecSADirection is 'outbound (2)', the
         tmnxIPsecSAStatsCryptoErrors will be set for the following errors:
             Sequence wrap errors
             Illegal configure algorithm
             Illegal authentication algorithm
             Expanded packet too big
             TTL decrement errors"
    ::= { tmnxIPsecSAStatsEntry 7 }

tmnxIPsecSAStatsReplayErrors     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsReplayErrors indicates the number of
         replay errors encountered on this SA."
    ::= { tmnxIPsecSAStatsEntry 8 }

tmnxIPsecSAStatsSAErrors         OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsSAErrors indicates the number of SA
         errors encountered on this SA. The SA errors means ISA tried to use a
         CHILD SA that is marked for deletion."
    ::= { tmnxIPsecSAStatsEntry 9 }

tmnxIPsecSAStatsPolicyErrors     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPolicyErrors indicates the number
         of policy errors encountered on this SA.  The policy errors include
         bundled SA, selector check and policy direction error."
    ::= { tmnxIPsecSAStatsEntry 10 }

tmnxIPsecSAStatsEncapOverhead    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsEncapOverhead indicates the encapsulation
         overhead for this outbound SA. This value is only significant when the
         value of tmnxIPsecSADirection is 'outbound'."
    ::= { tmnxIPsecSAStatsEntry 11 }

tmnxIPsecSAStatsPreEncapFragCnt  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPreEncapFragCnt indicates the number of
         fragmentations that occurred prior to encapsulation for this outbound
         SA. Pre-encapsulation fragmentation occurs for IPv4 packets whose size
         exceeds tmnxIPsecTunnelIpMtu. This value is only significant when the
         value of tmnxIPsecSADirection is 'outbound'."
    ::= { tmnxIPsecSAStatsEntry 12 }

tmnxIPsecSAStatsPreEncapFragLtSz OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPreEncapFragLtSz indicates the size of
         the last packet which caused a pre-encapsulation fragmentation to
         occur for this SA. This value is only significant when the value of
         tmnxIPsecSADirection is 'outbound'."
    ::= { tmnxIPsecSAStatsEntry 13 }

tmnxIPsecSAStatsPstEncapFragCnt  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPstEncapFragCnt indicates the number of
         fragmentations that occurred after encapsulation for this SA.
         Post-encapsulation fragmentation occurs when the encapsulated packet
         size exceeds tmnxIPsecTunnelEncapIpMtu. This value is only significant
         when the value of tmnxIPsecSADirection is 'outbound'."
    ::= { tmnxIPsecSAStatsEntry 14 }

tmnxIPsecSAStatsPstEncapFragLtSz OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPstEncapFragLtSz indicates the size of
         the last encapsulated packet which caused a post-encapsulation
         fragmentation to occur for this SA. This value is only significant
         when the value of tmnxIPsecSADirection is 'outbound'."
    ::= { tmnxIPsecSAStatsEntry 15 }

tmnxIPsecSAStatsPfsDhGroup       OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroupOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPfsDhGroup indicates the Diffie-Hellman
         (DH) group used with this SA.

         The Diffie-Hellman (DH) group is used by the SA to achieve Perfect
         Forward Secrecy (PFS)."
    ::= { tmnxIPsecSAStatsEntry 17 }

tmnxIPsecSAStatsMulticastIfName  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsMulticastIfName indicates the multicast
         interface name associated with this SA.

         This value is only significant when the value of tmnxIPsecSAType is
         'dynamic (2)' and the value of tmnxIPsecSADirection is 'outbound (2)'."
    ::= { tmnxIPsecSAStatsEntry 18 }

tmnxIPsecSAStatsMulticastProt    OBJECT-TYPE
    SYNTAX      TIPsecMulticastProtocol
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsMulticastProt indicates the supported
         protocol types of the multicast interface associated to this RA.

         This value is only significant when the value of tmnxIPsecSAType is
         'dynamic (2)' and the value of tmnxIPsecSADirection is 'outbound (2)'."
    ::= { tmnxIPsecSAStatsEntry 19 }

tmnxIPsecMdaDpStatsTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecMdaDpStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to retrieve the IPsec Mda Data Path Statistics entries."
    ::= { tmnxIPsecObjects 15 }

tmnxIPsecMdaDpStatsEntry         OBJECT-TYPE
    SYNTAX      TmnxIPsecMdaDpStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Mda Data Path Statistics entry."
    INDEX       {
        tmnxChassisIndex,
        tmnxCardSlotNum,
        tmnxMDASlotNum
    }
    ::= { tmnxIPsecMdaDpStatsTable 1 }

TmnxIPsecMdaDpStatsEntry         ::= SEQUENCE
{
    tmnxIPsecMdaDpStatsEncryptPkts   Counter64,
    tmnxIPsecMdaDpStatsEncryptPktsLow32 Counter32,
    tmnxIPsecMdaDpStatsEncryptPktsHigh32 Counter32,
    tmnxIPsecMdaDpStatsEncryptBytes  Counter64,
    tmnxIPsecMdaDpStatsEncryptBytesLow32 Counter32,
    tmnxIPsecMdaDpStatsEncryptBytesHigh32 Counter32,
    tmnxIPsecMdaDpStatsDecryptPkts   Counter64,
    tmnxIPsecMdaDpStatsDecryptPktsLow32 Counter32,
    tmnxIPsecMdaDpStatsDecryptPktsHigh32 Counter32,
    tmnxIPsecMdaDpStatsDecryptBytes  Counter64,
    tmnxIPsecMdaDpStatsDecryptBytesLow32 Counter32,
    tmnxIPsecMdaDpStatsDecryptBytesHigh32 Counter32,
    tmnxIPsecMdaDpStatsTxPktErrs     Counter32,
    tmnxIPsecMdaDpStatsOutBDropPkts  Counter64,
    tmnxIPsecMdaDpStatsOutBDropPktsLow32 Counter32,
    tmnxIPsecMdaDpStatsOutBDropPktsHigh32 Counter32,
    tmnxIPsecMdaDpStatsOutBSAMisses  Counter64,
    tmnxIPsecMdaDpStatsOutBSAMissesLow32 Counter32,
    tmnxIPsecMdaDpStatsOutBSAMissesHigh32 Counter32,
    tmnxIPsecMdaDpStatsOutBPolicyEntryMisses Counter32,
    tmnxIPsecMdaDpStatsInBDropPkts   Counter64,
    tmnxIPsecMdaDpStatsInBDropPktsLow32 Counter32,
    tmnxIPsecMdaDpStatsInBDropPktsHigh32 Counter32,
    tmnxIPsecMdaDpStatsInBSAMisses   Counter64,
    tmnxIPsecMdaDpStatsInBSAMissesLow32 Counter32,
    tmnxIPsecMdaDpStatsInBSAMissesHigh32 Counter32,
    tmnxIPsecMdaDpStatsInBIPDstSrcMismatches Counter32,
    tmnxIPsecMdaDpInFragments        Counter64,
    tmnxIPsecMdaDpInFragmentsLow32   Counter32,
    tmnxIPsecMdaDpInFragmentsHigh32  Counter32,
    tmnxIPsecMdaDpPktsReassem        Counter64,
    tmnxIPsecMdaDpPktsReassemLow32   Counter32,
    tmnxIPsecMdaDpPktsReassemHigh32  Counter32,
    tmnxIPsecMdaDpFragDropTime       Counter64,
    tmnxIPsecMdaDpFragDropTimeLow32  Counter32,
    tmnxIPsecMdaDpFragDropTimeHigh32 Counter32,
    tmnxIPsecMdaDpFragDropped        Counter64,
    tmnxIPsecMdaDpFragDroppedLow32   Counter32,
    tmnxIPsecMdaDpFragDroppedHigh32  Counter32,
    tmnxIPsecMdaDpGreTnlInPkts       Counter64,
    tmnxIPsecMdaDpGreTnlInPktsLo     Counter32,
    tmnxIPsecMdaDpGreTnlInPktsHi     Counter32,
    tmnxIPsecMdaDpGreTnlInBytes      Counter64,
    tmnxIPsecMdaDpGreTnlInBytesLo    Counter32,
    tmnxIPsecMdaDpGreTnlInBytesHi    Counter32,
    tmnxIPsecMdaDpGreTnlInErrs       Counter64,
    tmnxIPsecMdaDpGreTnlInErrsLo     Counter32,
    tmnxIPsecMdaDpGreTnlInErrsHi     Counter32,
    tmnxIPsecMdaDpGreTnlOutPkts      Counter64,
    tmnxIPsecMdaDpGreTnlOutPktsLo    Counter32,
    tmnxIPsecMdaDpGreTnlOutPktsHi    Counter32,
    tmnxIPsecMdaDpGreTnlOutBytes     Counter64,
    tmnxIPsecMdaDpGreTnlOutBytesLo   Counter32,
    tmnxIPsecMdaDpGreTnlOutBytesHi   Counter32,
    tmnxIPsecMdaDpGreTnlOutErrs      Counter64,
    tmnxIPsecMdaDpGreTnlOutErrsLo    Counter32,
    tmnxIPsecMdaDpGreTnlOutErrsHi    Counter32,
    tmnxIPsecMdaDpPktsDropDfSet      Counter64,
    tmnxIPsecMdaDpPktsDropDfSetLo    Counter32,
    tmnxIPsecMdaDpPktsDropDfSetHi    Counter32,
    tmnxIPsecMdaDpStaticIPsecTnls    Counter32,
    tmnxIPsecMdaDpDynIPsecTnls       Counter32,
    tmnxIPsecMdaDpIpGreTnls          Counter32,
    tmnxIPsecMdaDpIpv4Tnls           Counter32,
    tmnxIPsecMdaDpL2tpv3TnlInPkts    Counter64,
    tmnxIPsecMdaDpL2tpv3TnlInBytes   Counter64,
    tmnxIPsecMdaDpL2tpv3TnlInErrs    Counter64,
    tmnxIPsecMdaDpL2tpv3TnlInCookErr Counter64,
    tmnxIPsecMdaDpL2tpv3TnlInSeIdErr Counter64,
    tmnxIPsecMdaDpL2tpv3TnlOutPkts   Counter64,
    tmnxIPsecMdaDpL2tpv3TnlOutBytes  Counter64,
    tmnxIPsecMdaDpL2tpv3TnlOutErrs   Counter64,
    tmnxIPsecMdaDpL2tpv3Tnls         Counter32
}

tmnxIPsecMdaDpStatsEncryptPkts   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptPkts indicates the number of
         packets encrypted by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 1 }

tmnxIPsecMdaDpStatsEncryptPktsLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptPktsLow32 indicates the lower
         32 bits of the value of tmnxIPsecMdaDpStatsEncryptPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 2 }

tmnxIPsecMdaDpStatsEncryptPktsHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptPktsHigh32 indicates the higher
         32 bits of the value of tmnxIPsecMdaDpStatsEncryptPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 3 }

tmnxIPsecMdaDpStatsEncryptBytes  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptBytes indicates the number of
         bytes encrypted by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 4 }

tmnxIPsecMdaDpStatsEncryptBytesLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptBytesLow32 indicates the lower
         32 bits of the value of tmnxIPsecMdaDpStatsEncryptBytes."
    ::= { tmnxIPsecMdaDpStatsEntry 5 }

tmnxIPsecMdaDpStatsEncryptBytesHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptBytesHigh32 indicates the
         higher 32 bits of the value of tmnxIPsecMdaDpStatsEncryptBytes."
    ::= { tmnxIPsecMdaDpStatsEntry 6 }

tmnxIPsecMdaDpStatsDecryptPkts   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptPkts indicates the number of
         packets encrypted by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 7 }

tmnxIPsecMdaDpStatsDecryptPktsLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptPktsLow32 indicates the lower
         32 bits of the value of tmnxIPsecMdaDpStatsDecryptPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 8 }

tmnxIPsecMdaDpStatsDecryptPktsHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptPktsHigh32 indicates the higher
         32 bits of the value of tmnxIPsecMdaDpStatsDecryptPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 9 }

tmnxIPsecMdaDpStatsDecryptBytes  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptBytes indicates the number of
         bytes encrypted by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 10 }

tmnxIPsecMdaDpStatsDecryptBytesLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptBytesLow32 indicates the lower
         32 bits of the value of tmnxIPsecMdaDpStatsDecryptBytes."
    ::= { tmnxIPsecMdaDpStatsEntry 11 }

tmnxIPsecMdaDpStatsDecryptBytesHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptBytesHigh32 indicates the
         higher 32 bits of the value of tmnxIPsecMdaDpStatsDecryptBytes."
    ::= { tmnxIPsecMdaDpStatsEntry 12 }

tmnxIPsecMdaDpStatsTxPktErrs     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsTxPktErrs indicates the number of
         packets transmit failures by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 13 }

tmnxIPsecMdaDpStatsOutBDropPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBDropPkts indicates the number of
         packets dropped before and during outbound (encryption) processing by
         the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 14 }

tmnxIPsecMdaDpStatsOutBDropPktsLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBDropPktsLow32 indicates the lower
         32 bits of the value of tmnxIPsecMdaDpStatsOutBDropPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 15 }

tmnxIPsecMdaDpStatsOutBDropPktsHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBDropPktsHigh32 indicates the
         higher 32 bits of the value of tmnxIPsecMdaDpStatsOutBDropPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 16 }

tmnxIPsecMdaDpStatsOutBSAMisses  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBSAMisses indicates the number of
         packets dropped before outbound (encryption) processing by the IPsec
         data path due to no SA (security association) present."
    ::= { tmnxIPsecMdaDpStatsEntry 17 }

tmnxIPsecMdaDpStatsOutBSAMissesLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBSAMissesLow32 indicates the lower
         32 bits of the value of tmnxIPsecMdaDpStatsOutBSAMisses."
    ::= { tmnxIPsecMdaDpStatsEntry 18 }

tmnxIPsecMdaDpStatsOutBSAMissesHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBSAMissesHigh32 indicates the
         higher 32 bits of the value of tmnxIPsecMdaDpStatsOutBSAMisses."
    ::= { tmnxIPsecMdaDpStatsEntry 19 }

tmnxIPsecMdaDpStatsOutBPolicyEntryMisses OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBPolicyEntryMisses indicates the
         number of packets dropped before outbound (encryption) processing by
         the IPsec data path due to no matching Policy Entry."
    ::= { tmnxIPsecMdaDpStatsEntry 20 }

tmnxIPsecMdaDpStatsInBDropPkts   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBDropPkts indicates the number of
         packets dropped before and during inbound (decryption) processing by
         the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 21 }

tmnxIPsecMdaDpStatsInBDropPktsLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBDropPktsLow32 indicates the lower
         32 bits of the value of tmnxIPsecMdaDpStatsInBDropPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 22 }

tmnxIPsecMdaDpStatsInBDropPktsHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBDropPktsHigh32 indicates the higher
         32 bits of the value of tmnxIPsecMdaDpStatsInBDropPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 23 }

tmnxIPsecMdaDpStatsInBSAMisses   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBSAMisses indicates the number of
         packets dropped before inbound (decryption) processing by the IPsec
         data path due to no SA (security association) present."
    ::= { tmnxIPsecMdaDpStatsEntry 24 }

tmnxIPsecMdaDpStatsInBSAMissesLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBSAMissesLow32 indicates the lower
         32 bits of the value of tmnxIPsecMdaDpStatsInBSAMisses."
    ::= { tmnxIPsecMdaDpStatsEntry 25 }

tmnxIPsecMdaDpStatsInBSAMissesHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBSAMissesHigh32 indicates the higher
         32 bits of the value of tmnxIPsecMdaDpStatsInBSAMisses."
    ::= { tmnxIPsecMdaDpStatsEntry 26 }

tmnxIPsecMdaDpStatsInBIPDstSrcMismatches OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBIPDstSrcMismatches indicates the
         number of packets dropped before inbound (decryption) processing by
         the IPsec data path due to the received packet's outer IP destination
         or source address does not match the Tunnel's local or peer gateway
         address."
    ::= { tmnxIPsecMdaDpStatsEntry 27 }

tmnxIPsecMdaDpInFragments        OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpInFragments indicates the number of
         fragments received by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 28 }

tmnxIPsecMdaDpInFragmentsLow32   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpInFragmentsLow32 indicates the lower 32
         bits of the value of tmnxIPsecMdaDpInFragments."
    ::= { tmnxIPsecMdaDpStatsEntry 29 }

tmnxIPsecMdaDpInFragmentsHigh32  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpInFragmentsHigh32 indicates the higher 32
         bits of the value of tmnxIPsecMdaDpInFragments."
    ::= { tmnxIPsecMdaDpStatsEntry 30 }

tmnxIPsecMdaDpPktsReassem        OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsReassem indicates the number of packets
         reassembled by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 31 }

tmnxIPsecMdaDpPktsReassemLow32   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsReassemLow32 indicates the lower 32
         bits of the value of tmnxIPsecMdaDpPktsReassem."
    ::= { tmnxIPsecMdaDpStatsEntry 32 }

tmnxIPsecMdaDpPktsReassemHigh32  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsReassemHigh32 indicates the higher 32
         bits of the value of tmnxIPsecMdaDpPktsReassem."
    ::= { tmnxIPsecMdaDpStatsEntry 33 }

tmnxIPsecMdaDpFragDropTime       OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDropTime indicates the number of
         fragments dropped due to timeout by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 34 }

tmnxIPsecMdaDpFragDropTimeLow32  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDropTimeLow32 indicates the lower 32
         bits of the value of tmnxIPsecMdaDpFragDropTime."
    ::= { tmnxIPsecMdaDpStatsEntry 35 }

tmnxIPsecMdaDpFragDropTimeHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDropTimeHigh32 indicates the higher 32
         bits of the value of tmnxIPsecMdaDpFragDropTime."
    ::= { tmnxIPsecMdaDpStatsEntry 36 }

tmnxIPsecMdaDpFragDropped        OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDropped indicates the number of total
         fragments dropped by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 37 }

tmnxIPsecMdaDpFragDroppedLow32   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDroppedLow32 indicates the lower 32
         bits of the value of tmnxIPsecMdaDpFragDropped."
    ::= { tmnxIPsecMdaDpStatsEntry 38 }

tmnxIPsecMdaDpFragDroppedHigh32  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDroppedHigh32 indicates the higher 32
         bits of the value of tmnxIPsecMdaDpFragDropped."
    ::= { tmnxIPsecMdaDpStatsEntry 39 }

tmnxIPsecMdaDpGreTnlInPkts       OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInPkts indicates the number of
         packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 40 }

tmnxIPsecMdaDpGreTnlInPktsLo     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInPktsLo indicates the lower 32 bits
         of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 41 }

tmnxIPsecMdaDpGreTnlInPktsHi     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInPktsHi indicates the higher 32 bits
         of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 42 }

tmnxIPsecMdaDpGreTnlInBytes      OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInBytes indicates the number of
         packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 43 }

tmnxIPsecMdaDpGreTnlInBytesLo    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInBytesLo indicates the lower 32 bits
         of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 44 }

tmnxIPsecMdaDpGreTnlInBytesHi    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInBytesHi indicates the higher 32
         bits of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 45 }

tmnxIPsecMdaDpGreTnlInErrs       OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInErrs indicates the number of
         packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 46 }

tmnxIPsecMdaDpGreTnlInErrsLo     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInErrsLo indicates the lower 32 bits
         of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 47 }

tmnxIPsecMdaDpGreTnlInErrsHi     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInErrsHi indicates the higher 32 bits
         of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 48 }

tmnxIPsecMdaDpGreTnlOutPkts      OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutPkts indicates the number of
         packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 49 }

tmnxIPsecMdaDpGreTnlOutPktsLo    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutPktsLo indicates the lower 32 bits
         of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 50 }

tmnxIPsecMdaDpGreTnlOutPktsHi    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutPktsHi indicates the higher 32
         bits of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 51 }

tmnxIPsecMdaDpGreTnlOutBytes     OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutBytes indicates the number of
         packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 52 }

tmnxIPsecMdaDpGreTnlOutBytesLo   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutBytesLo indicates the lower 32
         bits of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 53 }

tmnxIPsecMdaDpGreTnlOutBytesHi   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutBytesHi indicates the higher 32
         bits of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 54 }

tmnxIPsecMdaDpGreTnlOutErrs      OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutErrs indicates the number of
         packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 55 }

tmnxIPsecMdaDpGreTnlOutErrsLo    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutErrsLo indicates the lower 32 bits
         of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 56 }

tmnxIPsecMdaDpGreTnlOutErrsHi    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutErrsHi indicates the higher 32
         bits of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 57 }

tmnxIPsecMdaDpPktsDropDfSet      OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsDropDfSet indicates the number of
         packets with DF bit set dropped in this Tunnel exceeding MTU size and
         with clear tunnel DF bit not set."
    ::= { tmnxIPsecMdaDpStatsEntry 58 }

tmnxIPsecMdaDpPktsDropDfSetLo    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsDropDfSetLo indicates lower 32 bits of
         the value of tmnxIPsecMdaDpPktsDropDfSet object."
    ::= { tmnxIPsecMdaDpStatsEntry 59 }

tmnxIPsecMdaDpPktsDropDfSetHi    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsDropDfSetHi indicates higher 32 bits of
         the value of tmnxIPsecMdaDpPktsDropDfSet object."
    ::= { tmnxIPsecMdaDpStatsEntry 60 }

tmnxIPsecMdaDpStaticIPsecTnls    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStaticIPsecTnls indicates number of
         configured static IPsec tunnels on the MDA."
    ::= { tmnxIPsecMdaDpStatsEntry 61 }

tmnxIPsecMdaDpDynIPsecTnls       OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpDynIPsecTnls indicates number of dynamic
         IPsec tunnels in use on the MDA."
    ::= { tmnxIPsecMdaDpStatsEntry 62 }

tmnxIPsecMdaDpIpGreTnls          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpIpGreTnls indicates number of configured IP
         tunnels (with GRE headers) on the MDA."
    ::= { tmnxIPsecMdaDpStatsEntry 63 }

tmnxIPsecMdaDpIpv4Tnls           OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpIpv4Tnls indicates number of configured
         IPv4 tunnels on the MDA."
    ::= { tmnxIPsecMdaDpStatsEntry 64 }

tmnxIPsecMdaDpL2tpv3TnlInPkts    OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpL2tpv3TnlInPkts indicates the number of
         packets received by the Layer Two Tunneling Protocol (L2TP) version 3
         (L2TPv3) tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 65 }

tmnxIPsecMdaDpL2tpv3TnlInBytes   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpL2tpv3TnlInBytes indicates the number of
         bytes received by the L2TPv3 tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 66 }

tmnxIPsecMdaDpL2tpv3TnlInErrs    OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpL2tpv3TnlInErrs indicates the number of
         packets dropped while receiving by the L2TPv3 tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 67 }

tmnxIPsecMdaDpL2tpv3TnlInCookErr OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpL2tpv3TnlInCookErr indicates the number of
         packets dropped because the Cookie value received by the L2TPv3 tunnel
         data path did not match the Cookie value negotiated during session
         establishment."
    ::= { tmnxIPsecMdaDpStatsEntry 68 }

tmnxIPsecMdaDpL2tpv3TnlInSeIdErr OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpL2tpv3TnlInSeIdErr indicates the number of
         packets dropped because the Session ID value received by the L2TPv3
         tunnel data path did not match the Session ID value negotiated during
         session establishment."
    ::= { tmnxIPsecMdaDpStatsEntry 69 }

tmnxIPsecMdaDpL2tpv3TnlOutPkts   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpL2tpv3TnlOutPkts indicates the number of
         packets transmitted by the L2TPv3 tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 70 }

tmnxIPsecMdaDpL2tpv3TnlOutBytes  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpL2tpv3TnlOutBytes indicates the number of
         bytes transmitted by the L2TPv3 tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 71 }

tmnxIPsecMdaDpL2tpv3TnlOutErrs   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpL2tpv3TnlOutErrs indicates the number of
         packets dropped while transmitting by the L2TPv3 tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 72 }

tmnxIPsecMdaDpL2tpv3Tnls         OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpL2tpv3Tnls indicates number of configured
         L2TPv3 tunnels on the MDA."
    ::= { tmnxIPsecMdaDpStatsEntry 73 }

tIPsecTnlTempTblLastChanged      OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempTblLastChanged indicates the sysUpTime at
         the time of the last modification to tIPsecTnlTempTable by adding,
         deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 16 }

tIPsecTnlTempTable               OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecTnlTempEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec tunnel template entries."
    ::= { tmnxIPsecObjects 17 }

tIPsecTnlTempEntry               OBJECT-TYPE
    SYNTAX      TIPsecTnlTempEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec tunnel template entry."
    INDEX       { tIPsecTnlTempId }
    ::= { tIPsecTnlTempTable 1 }

TIPsecTnlTempEntry               ::= SEQUENCE
{
    tIPsecTnlTempId                  TmnxIPsecTunnelTemplateId,
    tIPsecTnlTempRowStatus           RowStatus,
    tIPsecTnlTempLastChanged         TimeStamp,
    tIPsecTnlTempDescr               TItemDescription,
    tIPsecTnlTempReverseRoute        INTEGER,
    tIPsecTnlTempDynKeyTransformId1  TmnxIPsecTransformIdOrZero,
    tIPsecTnlTempDynKeyTransformId2  TmnxIPsecTransformIdOrZero,
    tIPsecTnlTempDynKeyTransformId3  TmnxIPsecTransformIdOrZero,
    tIPsecTnlTempDynKeyTransformId4  TmnxIPsecTransformIdOrZero,
    tIPsecTnlTempReplayWindow        Unsigned32,
    tIPsecTnlTempIpMtu               Unsigned32,
    tIPsecTnlTempEncapIpMtu          Unsigned32,
    tIPsecTnlTempIcmp6Pkt2Big        TruthValue,
    tIPsecTnlTempIcmp6NumPkt2Big     Unsigned32,
    tIPsecTnlTempIcmp6Pkt2BigTime    Unsigned32,
    tIPsecTnlTempClearDfBit          TruthValue,
    tIPsecTnlTempPublicTcpMssAdjust  Integer32,
    tIPsecTnlTempPrivateTcpMssAdjust Integer32,
    tIPsecTnlTempIgnoreDefaultRoute  TruthValue
}

tIPsecTnlTempId                  OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelTemplateId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempId specifies the id of a tunnel template
         entry and is the primary index for the table tIPsecTnlTempTable."
    ::= { tIPsecTnlTempEntry 1 }

tIPsecTnlTempRowStatus           OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tIPsecTnlTempRowStatus object is used to create and delete rows in
         the tIPsecTnlTempTable."
    ::= { tIPsecTnlTempEntry 2 }

tIPsecTnlTempLastChanged         OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempLastChanged indicates the sysUpTime at the
         time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tIPsecTnlTempEntry 3 }

tIPsecTnlTempDescr               OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempDescr specifies the user-provided
         description for the template."
    DEFVAL      { "" }
    ::= { tIPsecTnlTempEntry 4 }

tIPsecTnlTempReverseRoute        OBJECT-TYPE
    SYNTAX      INTEGER {
        none              (0),
        reverseRoute      (1),
        useSecurityPolicy (2)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempReverseRoute specifies whether node using
         this template will accept framed-routes sent by radius server and
         install them for the lifetime of the tunnel as managed routes.

         If this object is set to 'useSecurityPolicy' then the node using this
         template will add a route to every client-side-protected-subnet as
         signaled by the client.

         The value of 'reverseRoute' is not supported by the current release."
    DEFVAL      { none }
    ::= { tIPsecTnlTempEntry 5 }

tIPsecTnlTempDynKeyTransformId1  OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempDynKeyTransformId1 specifies the first
         transform-id for this IPSec Tunnel template to use."
    DEFVAL      { 0 }
    ::= { tIPsecTnlTempEntry 6 }

tIPsecTnlTempDynKeyTransformId2  OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempDynKeyTransformId2 specifies the second
         transform-id for this IPSec Tunnel template to use."
    DEFVAL      { 0 }
    ::= { tIPsecTnlTempEntry 7 }

tIPsecTnlTempDynKeyTransformId3  OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempDynKeyTransformId3 specifies the third
         transform-id for this IPSec Tunnel template to use."
    DEFVAL      { 0 }
    ::= { tIPsecTnlTempEntry 8 }

tIPsecTnlTempDynKeyTransformId4  OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempDynKeyTransformId4 specifies the fourth
         transform-id for this IPSec Tunnel template to use."
    DEFVAL      { 0 }
    ::= { tIPsecTnlTempEntry 9 }

tIPsecTnlTempReplayWindow        OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 32 | 64 | 128 | 256 | 512)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempReplayWindow specifies the size of the
         anti-replay window for the template.

         If the value of tmnxIPsecTunnelReplayWindow is set to 0, then the
         anti-replay feature is disabled."
    DEFVAL      { 0 }
    ::= { tIPsecTnlTempEntry 10 }

tIPsecTnlTempIpMtu               OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 512..9000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempIpMtu specifies the MTU size for IP packets
         for this tunnel.

         A value set to zero indicates maximum supported MTU size on the SAP
         for this tunnel."
    DEFVAL      { 0 }
    ::= { tIPsecTnlTempEntry 11 }

tIPsecTnlTempEncapIpMtu          OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 512..9000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempEncapIpMtu specifies the MTU size for IP
         packets after tunnel encapsulation has been added.

         A value set to zero indicates maximum supported MTU size on the SAP
         for this tunnel."
    DEFVAL      { 0 }
    ::= { tIPsecTnlTempEntry 12 }

tIPsecTnlTempIcmp6Pkt2Big        OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempIcmp6Pkt2Big specifies whether
         packet-too-big ICMP messages should be sent. When it is set to 'true',
         ICMPv6 packet-too-big messages are generated by this IPsec tunnel.
         When tIPsecTnlTempIcmp6Pkt2Big is set to 'false (2)', ICMPv6
         packet-too-big messages are not sent.

         When the value of tIPsecTnlTempIcmp6Pkt2Big is 'false (2)', it must be
         set in the same SNMP PDU as tIPsecTnlTempIcmp6NumPkt2Big and
         tIPsecTnlTempIcmp6Pkt2BigTime. The value of
         tIPsecTnlTempIcmp6NumPkt2Big and tIPsecTnlTempIcmp6Pkt2BigTime must be
         their default values."
    DEFVAL      { true }
    ::= { tIPsecTnlTempEntry 14 }

tIPsecTnlTempIcmp6NumPkt2Big     OBJECT-TYPE
    SYNTAX      Unsigned32 (10..1000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempIcmp6NumPkt2Big specifies how many
         packet-too-big ICMPv6 messages are transmitted in the time frame
         specified by tIPsecTnlTempIcmp6Pkt2BigTime.

         This value must be set in the same SNMP SET PDU as
         tIPsecTnlTempIcmp6Pkt2Big."
    DEFVAL      { 100 }
    ::= { tIPsecTnlTempEntry 15 }

tIPsecTnlTempIcmp6Pkt2BigTime    OBJECT-TYPE
    SYNTAX      Unsigned32 (1..60)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempIcmp6Pkt2BigTime specifies the time frame in
         seconds that is used to limit the number of packet-too-big ICMPv6
         messages transmitted per time frame.

         This value must be set in the same SNMP SET PDU as
         tIPsecTnlTempIcmp6Pkt2Big."
    DEFVAL      { 10 }
    ::= { tIPsecTnlTempEntry 16 }

tIPsecTnlTempClearDfBit          OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempClearDfBit specifies whether to clear Do not
         Fragment (DF) bit in the outgoing packets for tunnels created using
         this template."
    DEFVAL      { false }
    ::= { tIPsecTnlTempEntry 17 }

tIPsecTnlTempPublicTcpMssAdjust  OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 0 | 512..9000)
    UNITS       "octets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempPublicTcpMssAdjust specifies the Maximum
         Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
         sent from the public network to the private network. The system may
         use this value to adjust or insert the MSS option in TCP SYN packet.

         The TCP MSS adjustment functionality on the public side network is
         disabled when the following conditions are met.
         1) The value of tIPsecTnlTempPublicTcpMssAdjust is '-1' or
         2) The values of tIPsecTnlTempPublicTcpMssAdjust and
            tIPsecTnlTempEncapIpMtu are both '0'.

         When the system receives a TCP SYN packet from the public network and
         this packet contains an MSS option, the system replaces the MSS option
         value with a new MSS when the new MSS is smaller than the MSS option
         value.

         When the system receives a TCP SYN packet from the public network and
         this packet does not contain an MSS option, the system inserts one
         with a new MSS.

         The new MSS is calculated based on the following rules.
         1) When the value of tIPsecTnlTempPublicTcpMssAdjust is '0' and
            tIPsecTnlTempEncapIpMtu has a non-zero value,
            New MSS = tIPsecTnlTempEncapIpMtu - total header size (e.g.,
                      encryption, encapsulation, TCP and IP headers)
         2) When the value of tIPsecTnlTempPublicTcpMssAdjust is in the range
            of (512..9000)
            New MSS = tIPsecTnlTempPublicTcpMssAdjust"
    REFERENCE
        "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
    DEFVAL      { -1 }
    ::= { tIPsecTnlTempEntry 23 }

tIPsecTnlTempPrivateTcpMssAdjust OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 512..9000)
    UNITS       "octets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempPrivateTcpMssAdjust specifies the Maximum
         Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
         sent from the private network to the public network. The system may
         use this value to adjust or insert the MSS option in TCP SYN packet.

         The value of '-1' specifies that the TCP MSS adjustment functionality
         on the private side is disabled.

         When the system receives a TCP SYN packet from the private network and
         this packet contains an MSS option, the system replaces the MSS option
         value with tIPsecTnlTempPrivateTcpMssAdjust when the value of
         tIPsecTnlTempPrivateTcpMssAdjust is smaller than the MSS option value.

         When the system receives a TCP SYN packet from the private network and
         this packet does not contain an MSS option, the system inserts one
         whose MSS is equal to tIPsecTnlTempPrivateTcpMssAdjust."
    REFERENCE
        "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
    DEFVAL      { -1 }
    ::= { tIPsecTnlTempEntry 24 }

tIPsecTnlTempIgnoreDefaultRoute  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value 'false' for tIPsecTnlTempIgnoreDefaultRoute will cause the
         IPsec gateway to remove dynamic lan-to-lan tunnels whenever IKE
         negotiates a
         remote traffic selector containing a default route (0.0.0.0/0 or
         ::/0).
         The value 'true' will cause the IPsec gateway to ignore such default
         routes in negotiated remote traffic selectors, thereby retaining the
         associated dynamic lan-to-lan tunnels with no impact on IPsec-managed
         reverse routes."
    DEFVAL      { false }
    ::= { tIPsecTnlTempEntry 25 }

tmnxIPsecGWTblLastChgd           OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWTblLastChgd indicates the sysUpTime at the
         time of the last modification of tmnxIPsecGWTable.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 18 }

tmnxIPsecGWTable                 OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecGWEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table that contains SAP IPSec gateway information."
    ::= { tmnxIPsecObjects 19 }

tmnxIPsecGWEntry                 OBJECT-TYPE
    SYNTAX      TmnxIPsecGWEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a SAP IPSec gateway."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue
    }
    ::= { tmnxIPsecGWTable 1 }

TmnxIPsecGWEntry                 ::= SEQUENCE
{
    tmnxIPsecGWRowStatus             RowStatus,
    tmnxIPsecGWLastMgmtChange        TimeStamp,
    tmnxIPsecGWAdminState            TmnxAdminState,
    tmnxIPsecGWOperState             TmnxIPsecOperState,
    tmnxIPsecGWTunnelPolicyTemp      TmnxIPsecTunnelTemplateIdOrZero,
    tmnxIPsecGWSecureService         TmnxServId,
    tmnxIPsecGWIfName                TNamedItemOrEmpty,
    tmnxIPsecGWInetAddrType          InetAddressType,
    tmnxIPsecGWInetAddress           InetAddress,
    tmnxIPsecGWIkePolicyId           TmnxIkePolicyIdOrZero,
    tmnxIPsecGWIkePreShared          OCTET STRING,
    tmnxIPsecGWLclX509Cert           DisplayString,
    tmnxIPsecGWLclPrivateKey         DisplayString,
    tmnxIPsecGWOperFlags             BITS,
    tmnxIPsecGWCACert                DisplayString,
    tmnxIPsecGWCACertRevocList       DisplayString,
    tmnxIPsecGWName                  TNamedItem,
    tmnxIPsecGWCertTrustAnchor       TNamedItemOrEmpty,
    tmnxIPsecGWLocalIdType           TmnxIPsecLocalIdType,
    tmnxIPsecGWLocalIdValue          DisplayString,
    tmnxIPsecGWCSVPrimary            TmnxCertRevStatus,
    tmnxIPsecGWCSVSecondary          TmnxCertRevStatusOrNone,
    tmnxIPsecGWCSVDefResult          INTEGER,
    tmnxIPsecGWRadAcctgPolicy        TNamedItemOrEmpty,
    tmnxIPsecGWRadAuthPolicy         TNamedItemOrEmpty,
    tmnxIPsecGWCertProfile           TNamedItemOrEmpty,
    tmnxIPsecGWCertTrstAnchrProf     TNamedItemOrEmpty,
    tmnxIPsecGWClientDatabaseName    TNamedItemOrEmpty,
    tmnxIPsecGWClientDatabasFallback TruthValue,
    tmnxIPsecGWMaxNumPh1SaKeys       Unsigned32,
    tmnxIPsecGWMaxNumPh2SaKeys       Unsigned32,
    tmnxIPsecGWSecureServiceName     TLNamedItemOrEmpty
}

tmnxIPsecGWRowStatus             OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWRowStatus controls the creation and deletion
         of rows in this table."
    ::= { tmnxIPsecGWEntry 1 }

tmnxIPsecGWLastMgmtChange        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWLastMgmtChange indicates the value of
         sysUpTime at the time of the last management change of any writable
         object of this row."
    ::= { tmnxIPsecGWEntry 2 }

tmnxIPsecGWAdminState            OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWAdminState specifies the administrative state
         of SAP IPSec gateway entry."
    DEFVAL      { outOfService }
    ::= { tmnxIPsecGWEntry 3 }

tmnxIPsecGWOperState             OBJECT-TYPE
    SYNTAX      TmnxIPsecOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWOperState indicates the operating state of the
         SAP IPSec gateway."
    ::= { tmnxIPsecGWEntry 4 }

tmnxIPsecGWTunnelPolicyTemp      OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelTemplateIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWTunnelPolicyTemp specifies the
         TIMETRA-IPSEC-MIB::tIPsecTnlTempId used by this SAP IPSec gateway."
    DEFVAL      { 0 }
    ::= { tmnxIPsecGWEntry 5 }

tmnxIPsecGWSecureService         OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWSecureService specifies the service identifier
         of the default security service used by this SAP IPSec gateway.

         The values of tmnxIPsecGWSecureService and
         tmnxIPsecGWSecureServiceName must be mutually exclusive and cannot
         simultaneously have non-default values."
    DEFVAL      { 0 }
    ::= { tmnxIPsecGWEntry 6 }

tmnxIPsecGWIfName                OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWIfName specifies the IPSec interface used by
         the SAP."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 7 }

tmnxIPsecGWInetAddrType          OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWInetAddrType specifies the address type of the
         SAP IPSec gateway."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWEntry 8 }

tmnxIPsecGWInetAddress           OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This value of tmnxIPsecGWInetAddress specifies the address of the SAP
         IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 9 }

tmnxIPsecGWIkePolicyId           OBJECT-TYPE
    SYNTAX      TmnxIkePolicyIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWIkePolicyId specifies the policy id for this
         SAP IPSec gateway."
    DEFVAL      { 0 }
    ::= { tmnxIPsecGWEntry 10 }

tmnxIPsecGWIkePreShared          OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWIkePreShared specifies the shared secret
         between the two peers forming the tunnel for the SAP IPSec gateway.

         The value of this object cannot contain double quotes or non-printable
         characters."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 11 }

tmnxIPsecGWLclX509Cert           OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecGWLclX509Cert specifies the path-name of the
         local X509 Certificate to be used with this SAP IPSec gateway.

         This object has been marked obsolete in SROS Release 15.0. The
         functionality of this object is replaced by tmnxIPsecGWCertProfile."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 12 }

tmnxIPsecGWLclPrivateKey         OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecGWLclPrivateKey specifies the path-name of the
         local private key to be used with this SAP IPSec gateway.

         This object has been marked obsolete in SROS Release 15.0. The
         functionality of this object is replaced by tmnxIPsecGWCertProfile."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 13 }

tmnxIPsecGWOperFlags             OBJECT-TYPE
    SYNTAX      BITS {
        localIpUnreachable    (0),
        gatewayAdminDown      (1),
        x509CertUnavailable   (2),
        privateKeyUnavailable (3),
        caCertUnavailable     (4),
        caCRLUnavailable      (5),
        trustAnchorsDown      (6),
        certProfileDown       (7),
        invalidCertKeyCombo   (8),
        ikeNotReady           (9)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWOperFlags indicates the reason why the gateway
         is operationally down."
    ::= { tmnxIPsecGWEntry 14 }

tmnxIPsecGWCACert                OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecGWCACert specifies the path-name of the
         Certificate from the Certificate-Authority to be used with this SAP
         IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 15 }

tmnxIPsecGWCACertRevocList       OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecGWCACertRevocList specifies the path-name of the
         Certificate Revocation List (CRL) from Certificate-Authority to be
         used with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 16 }

tmnxIPsecGWName                  OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWName specifies the name for this IPSec
         gateway.

         An 'inconsistentValue' error is returned if value of this object is
         not set to unique value at the time of creation."
    ::= { tmnxIPsecGWEntry 17 }

tmnxIPsecGWCertTrustAnchor       OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecGWCertTrustAnchor specifies the name for
         Certificate-Authority Profile name associated with this SAP IPSec
         gateway certificate.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxIPsecGWAdminState is in 'inService' state.

         This object has been marked obsolete in SROS Release 15.0. The
         functionality of this object is replaced by
         tmnxIPsecGWCertTrstAnchrProf."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 18 }

tmnxIPsecGWLocalIdType           OBJECT-TYPE
    SYNTAX      TmnxIPsecLocalIdType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWLocalIdType specifies the local identifier of
         7750 used for IDi or IDr for IKEv2.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxIPsecGWAdminState is in 'inService' state."
    DEFVAL      { none }
    ::= { tmnxIPsecGWEntry 19 }

tmnxIPsecGWLocalIdValue          OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWLocalIdValue specifies the value associated
         with tmnxIPsecGWLocalIdType object.

         Value is extracted from the configured certificate when
         tmnxIPsecGWLocalIdType is set to 'dn'."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 20 }

tmnxIPsecGWCSVPrimary            OBJECT-TYPE
    SYNTAX      TmnxCertRevStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWCSVPrimary specifies the primary method of
         Certificate Status Verification (CSV) that is used to verify
         revocation status of the certificate of the peer.

         This value must be set in the same PDU as tmnxIPsecGWCSVSecondary if
         the value of tmnxIPsecGWAdminState is equal to 'inService (2)'."
    DEFVAL      { crl }
    ::= { tmnxIPsecGWEntry 21 }

tmnxIPsecGWCSVSecondary          OBJECT-TYPE
    SYNTAX      TmnxCertRevStatusOrNone
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWCSVSecondary specifies the secondary method of
         Certificate Status Verification (CSV) that is used to verify
         revocation status of the certificate of the peer.

         This value must be set in the same PDU as tmnxIPsecGWCSVPrimary if the
         value of tmnxIPsecGWAdminState is equal to 'inService (2)'."
    DEFVAL      { none }
    ::= { tmnxIPsecGWEntry 22 }

tmnxIPsecGWCSVDefResult          OBJECT-TYPE
    SYNTAX      INTEGER {
        revoked (0),
        good    (1)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWCSVDefResult specifies the default result of
         Certificate Status Verification (CSV) when both primary and secondary
         method failed to provide an answer."
    DEFVAL      { revoked }
    ::= { tmnxIPsecGWEntry 23 }

tmnxIPsecGWRadAcctgPolicy        OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWRadAcctgPolicy specifies the radius accounting
         policy associated with this IPsec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 24 }

tmnxIPsecGWRadAuthPolicy         OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWRadAuthPolicy specifies the radius
         authentication policy associated with this IPsec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 25 }

tmnxIPsecGWCertProfile           OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWCertProfile specifies the certificate profile
         associated with this IPsec gateway.

         An 'inconsistentValue' error is returned when tmnxIPsecGWCertProfile
         is set to non-default value and tmnxIPsecGWLclX509Cert or
         tmnxIPsecGWLclPrivateKey is set to non-default value."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 26 }

tmnxIPsecGWCertTrstAnchrProf     OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWCertTrstAnchrProf specifies the name for
         Certificate-Authority Trust Anchor Profile name associated with this
         SAP IPSec gateway certificate."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 27 }

tmnxIPsecGWClientDatabaseName    OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWClientDatabaseName specifies the name of the
         client database associated with this IPsec gateway.

         The IPsec client database is configured by tIPsecClientDatabaseTable."
    DEFVAL      { "" }
    ::= { tmnxIPsecGWEntry 28 }

tmnxIPsecGWClientDatabasFallback OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWClientDatabasFallback specifies whether or not
         this IPsec gateway falls back to the default authentication policy
         when the IPsec tunnel authentication request fails to match any
         clients in the IPsec database (i.e., tmnxIPsecGWClientDatabaseName)."
    DEFVAL      { true }
    ::= { tmnxIPsecGWEntry 29 }

tmnxIPsecGWMaxNumPh1SaKeys       OBJECT-TYPE
    SYNTAX      Unsigned32 (0..3)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWMaxNumPh1SaKeys specifies the maximum number
         of Security Association (SA) phase 1 keys, which can be saved by the
         system, for an IPsec tunnel associated to this gateway."
    DEFVAL      { 0 }
    ::= { tmnxIPsecGWEntry 30 }

tmnxIPsecGWMaxNumPh2SaKeys       OBJECT-TYPE
    SYNTAX      Unsigned32 (0..48)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWMaxNumPh2SaKeys specifies the maximum number
         of Security Association (SA) phase 2 keys, which can be saved by the
         system, for an IPsec tunnel associated to this gateway."
    DEFVAL      { 0 }
    ::= { tmnxIPsecGWEntry 31 }

tmnxIPsecGWSecureServiceName     OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWSecureServiceName specifies the name of the
         default security service used by this SAP IPSec gateway.

         The values of tmnxIPsecGWSecureServiceName and
         tmnxIPsecGWSecureService must be mutually exclusive and cannot
         simultaneously have non-default values."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWEntry 32 }

tIPsecRUTnlTable                 OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRUTnlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store dynamic IPsec Remote-User Tunnel entries."
    ::= { tmnxIPsecObjects 20 }

tIPsecRUTnlEntry                 OBJECT-TYPE
    SYNTAX      TIPsecRUTnlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single dynamic IPsec Remote-User Tunnel entry."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecRUTnlInetAddrType,
        tIPsecRUTnlInetAddress,
        tIPsecRUTnlPort
    }
    ::= { tIPsecRUTnlTable 1 }

TIPsecRUTnlEntry                 ::= SEQUENCE
{
    tIPsecRUTnlInetAddrType          InetAddressType,
    tIPsecRUTnlInetAddress           InetAddress,
    tIPsecRUTnlPort                  TTcpUdpPort,
    tIPsecRUTnlPrivateIpAddrType     InetAddressType,
    tIPsecRUTnlPrivateIpAddr         InetAddress,
    tIPsecRUTnlPrivateIpPrefixLen    InetAddressPrefixLength,
    tIPsecRUTnlTempId                TmnxIPsecTunnelTemplateId,
    tIPsecRUTnlIPsecSALifeTime       Unsigned32,
    tIPsecRUTnlPfsDHGroup            TmnxIkePolicyDHGroupOrZero,
    tIPsecRUTnlReplayWindow          Unsigned32,
    tIPsecRUTnlPrivateSvcId          TmnxServId,
    tIPsecRUTnlPrivateIfIndex        InterfaceIndex,
    tIPsecRUTnlHasBiDirectionalSA    TruthValue,
    tIPsecRUTnlHostISA               TmnxHwIndexOrZero,
    tIPsecRUTnlMatchTrustAnchor      TNamedItemOrEmpty,
    tIPsecRUTnlOperChanged           TimeStamp,
    tIPsecRUTnlIkeIdType             INTEGER,
    tIPsecRUTnlIkeIdValue            DisplayString,
    tIPsecRUTnlPrivateIpAddr2Type    InetAddressType,
    tIPsecRUTnlPrivateIpAddr2        InetAddress,
    tIPsecRUTnlPrivateIpPrefixLen2   InetAddressPrefixLength,
    tIPsecRUTnlInUseTsList           TNamedItem,
    tIPsecRUTnlInUsePreSharedKey     TLNamedItemOrEmpty,
    tIPsecRUTnlPubTcpMss             Integer32,
    tIPsecRUTnlPrivTcpMss            Integer32,
    tIPsecRUTnlInUseIkePolicy        TmnxIkePolicyIdOrZero
}

tIPsecRUTnlInetAddrType          OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlInetAddrType indicates the address type of the
         SAP IPsec gateway to the tunnel."
    ::= { tIPsecRUTnlEntry 1 }

tIPsecRUTnlInetAddress           OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4|16|20))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This value of tIPsecRUTnlInetAddress indicates the address of of the
         SAP IPsec gateway to the tunnel."
    ::= { tIPsecRUTnlEntry 2 }

tIPsecRUTnlPort                  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPort indicates the UDP port of the SAP IPsec
         gateway to the tunnel."
    ::= { tIPsecRUTnlEntry 3 }

tIPsecRUTnlPrivateIpAddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateIpAddrType indicates the address type
         of the private IP Address in the tunnel."
    ::= { tIPsecRUTnlEntry 4 }

tIPsecRUTnlPrivateIpAddr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateIpAddr indicates the private IP address
         on the IPsec gateway tunnel."
    ::= { tIPsecRUTnlEntry 5 }

tIPsecRUTnlPrivateIpPrefixLen    OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateIpPrefixLen indicates the number of
         bits to match on the tIPsecRUTnlPrivateIpAddr."
    ::= { tIPsecRUTnlEntry 6 }

tIPsecRUTnlTempId                OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelTemplateId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlTempId indicates the id of a tunnel template
         entry used for the tunnel."
    ::= { tIPsecRUTnlEntry 7 }

tIPsecRUTnlIPsecSALifeTime       OBJECT-TYPE
    SYNTAX      Unsigned32 (1200..31536000)
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlIPsecSALifeTime indicates the lifetime of the
         phase 2 IKE key."
    ::= { tIPsecRUTnlEntry 8 }

tIPsecRUTnlPfsDHGroup            OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroupOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPfsDHGroup indicates the new
         Diffie-hellman key exchange each time the SA(Security Association)
         key is renegotiated.  After the SA expires, the key is forgotten
         and another key is generated (if the SA remains up).  This means
         that an attacker who cracks part of the exchange can only read the
         part that used the key before the key changed.  There is no
         advantage of cracking the other parts if the attacker has already
         cracked one."
    ::= { tIPsecRUTnlEntry 9 }

tIPsecRUTnlReplayWindow          OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 32 | 64 | 128 | 256 | 512)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlReplayWindow indicates the size of the
         anti-replay window."
    ::= { tIPsecRUTnlEntry 10 }

tIPsecRUTnlPrivateSvcId          OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateSvcId indicates the service-id of the
         Tunnel delivery service."
    ::= { tIPsecRUTnlEntry 11 }

tIPsecRUTnlPrivateIfIndex        OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateIfIndex indicates the private interface
         index used by the tunnel."
    ::= { tIPsecRUTnlEntry 12 }

tIPsecRUTnlHasBiDirectionalSA    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlHasBiDirectionalSA indicates whether this
         tunnel has bi-directional Security-Association entries."
    ::= { tIPsecRUTnlEntry 13 }

tIPsecRUTnlHostISA               OBJECT-TYPE
    SYNTAX      TmnxHwIndexOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlHostISA indicates the active ISA MDA that is
         being used to host this tunnel.

         This object will have a value of zero when this tunnel is
         operationally down."
    ::= { tIPsecRUTnlEntry 14 }

tIPsecRUTnlMatchTrustAnchor      OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlMatchTrustAnchor indicates the name for
         matched Certificate-Authority Profile name associated with this SAP
         IPSec tunnel certificate."
    ::= { tIPsecRUTnlEntry 15 }

tIPsecRUTnlOperChanged           OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlOperChanged indicates the sysUpTime at the
         time of the last operational status change of this entry."
    ::= { tIPsecRUTnlEntry 16 }

tIPsecRUTnlIkeIdType             OBJECT-TYPE
    SYNTAX      INTEGER {
        notApplicable (0),
        ipv4Addr      (1),
        fqdn          (2),
        rfc822Addr    (3),
        ipv6Addr      (5),
        derAsn1Dn     (9),
        derAsn1Gn     (10),
        keyId         (11)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlIkeIdType indicates the ID type for the IKE
         header used in the tunnel associated with this entry.

         If the tunnel is not an IKEv2 remote access tunnel, then the value of
         tIPsecRUTnlIkeIdType will be set to 'notApplicable', and the value of
         tIPsecRUTnlIkeIdValue will be an empty string."
    REFERENCE
        "RFC 5996"
    ::= { tIPsecRUTnlEntry 17 }

tIPsecRUTnlIkeIdValue            OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlIkeIdValue indicates the string presentation
         of the ID value for the IKE header used in the tunnel associated with
         this entry."
    REFERENCE
        "RFC 5996"
    ::= { tIPsecRUTnlEntry 18 }

tIPsecRUTnlPrivateIpAddr2Type    OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of the tIPsecRUTnlPrivateIpAddr2Type indicates the address
         type of the second private address in the tunnel."
    ::= { tIPsecRUTnlEntry 19 }

tIPsecRUTnlPrivateIpAddr2        OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateIpAddr2 indicates the second private
         address on the IPsec gateway tunnel."
    ::= { tIPsecRUTnlEntry 20 }

tIPsecRUTnlPrivateIpPrefixLen2   OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateIpPrefixLen2 indicates the number of
         bits to match on the tIPsecRUTnlPrivateIpAddr2."
    ::= { tIPsecRUTnlEntry 21 }

tIPsecRUTnlInUseTsList           OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlInUseTsList indicates the traffic selector
         (TS) list used by this tunnel."
    ::= { tIPsecRUTnlEntry 22 }

tIPsecRUTnlInUsePreSharedKey     OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlInUsePreSharedKey indicates the pre-shared key
         used by this tunnel."
    ::= { tIPsecRUTnlEntry 23 }

tIPsecRUTnlPubTcpMss             OBJECT-TYPE
    SYNTAX      Integer32
    UNITS       "octets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPubTcpMss indicates the Maximum Segment Size
         (MSS) for the TCP traffic in an IPsec tunnel which is sent from the
         public network to the private network."
    ::= { tIPsecRUTnlEntry 24 }

tIPsecRUTnlPrivTcpMss            OBJECT-TYPE
    SYNTAX      Integer32
    UNITS       "octets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivTcpMss specifies the Maximum Segment Size
         (MSS) for the TCP traffic in an IPsec tunnel which is sent from the
         private network to the public network."
    ::= { tIPsecRUTnlEntry 25 }

tIPsecRUTnlInUseIkePolicy        OBJECT-TYPE
    SYNTAX      TmnxIkePolicyIdOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlInUseIkePolicy indicates the IKE policy
         identifier used by this tunnel."
    ::= { tIPsecRUTnlEntry 26 }

tIPsecRUTnlStatsTable            OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRUTnlStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store IPsec Remote User Tunnel statistics"
    ::= { tmnxIPsecObjects 21 }

tIPsecRUTnlStatsEntry            OBJECT-TYPE
    SYNTAX      TIPsecRUTnlStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Statistics for a single IPsec Remote User Tunnel."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecRUTnlInetAddrType,
        tIPsecRUTnlInetAddress,
        tIPsecRUTnlPort
    }
    ::= { tIPsecRUTnlStatsTable 1 }

TIPsecRUTnlStatsEntry            ::= SEQUENCE
{
    tIPsecRUTnlIsakmpState           INTEGER,
    tIPsecRUTnlIsakmpEstabTime       TimeStamp,
    tIPsecRUTnlIsakmpNegLifeTime     Unsigned32,
    tIPsecRUTnlNumDpdTx              Counter32,
    tIPsecRUTnlNumDpdRx              Counter32,
    tIPsecRUTnlNumDpdAckTx           Counter32,
    tIPsecRUTnlNumDpdAckRx           Counter32,
    tIPsecRUTnlNumExpRx              Counter32,
    tIPsecRUTnlNumInvalidDpdRx       Counter32,
    tIPsecRUTnlNumCtrlPktsTx         Counter32,
    tIPsecRUTnlNumCtrlPktsRx         Counter32,
    tIPsecRUTnlNumCtrlTxErrors       Counter32,
    tIPsecRUTnlNumCtrlRxErrors       Counter32,
    tIPsecRUTnlMatCertEntryId        Integer32,
    tIPsecRUTnlCertProfName          TNamedItemOrEmpty,
    tIPsecRUTnlClientDBClientId      Unsigned32,
    tIPsecRUTnlStatsIsakmpAuthAlg    TmnxAuthAlgorithm,
    tIPsecRUTnlStatsIsakmpEncrAlg    TmnxEncrAlgorithm,
    tIPsecRUTnlStatsIsakmpPfsDhGrp   TmnxIkePolicyDHGroupOrZero,
    tIPsecRUTnlStatsIkeTranPrfAlg    INTEGER
}

tIPsecRUTnlIsakmpState           OBJECT-TYPE
    SYNTAX      INTEGER {
        up   (1),
        down (2)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlIsakmpState indicates the state of phase 1
         IPsec negotiation."
    ::= { tIPsecRUTnlStatsEntry 1 }

tIPsecRUTnlIsakmpEstabTime       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlIsakmpEstabTime indicates the sysUpTime at the
         time the IPsec phase 1 negotiation completed."
    ::= { tIPsecRUTnlStatsEntry 2 }

tIPsecRUTnlIsakmpNegLifeTime     OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlIsakmpNegLifeTime indicates the lifetime
         negotiated for phase1 IKE key."
    ::= { tIPsecRUTnlStatsEntry 3 }

tIPsecRUTnlNumDpdTx              OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumDpdTx indicates the number of
         Dead-Peer-Detection packets transmitted."
    ::= { tIPsecRUTnlStatsEntry 4 }

tIPsecRUTnlNumDpdRx              OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumDpdRx indicates the number of
         Dead-Peer-Detection packets received."
    ::= { tIPsecRUTnlStatsEntry 5 }

tIPsecRUTnlNumDpdAckTx           OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumDpdAckTx indicates the number of
         Dead-Peer-Detection acknowledgement packets transmitted."
    ::= { tIPsecRUTnlStatsEntry 6 }

tIPsecRUTnlNumDpdAckRx           OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumDpdAckRx indicates the number of
         Dead-Peer-Detection acknowledgement packets received."
    ::= { tIPsecRUTnlStatsEntry 7 }

tIPsecRUTnlNumExpRx              OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumExpRx indicates the number of DPD R-U-THERE
         packets that have not been acknowledged."
    ::= { tIPsecRUTnlStatsEntry 8 }

tIPsecRUTnlNumInvalidDpdRx       OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumInvalidDpdRx indicates the number of
         malformed DPD R-U-THERE acknowledgement packets received."
    ::= { tIPsecRUTnlStatsEntry 9 }

tIPsecRUTnlNumCtrlPktsTx         OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumCtrlPktsTx indicates the number of control
         packets this IPsec Tunnel has sent."
    ::= { tIPsecRUTnlStatsEntry 10 }

tIPsecRUTnlNumCtrlPktsRx         OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumCtrlPktsRx indicates the number of control
         packets this IPsec Tunnel has received."
    ::= { tIPsecRUTnlStatsEntry 11 }

tIPsecRUTnlNumCtrlTxErrors       OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumCtrlTxErrors indicates the number of
         control packet transmit errors."
    ::= { tIPsecRUTnlStatsEntry 12 }

tIPsecRUTnlNumCtrlRxErrors       OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumCtrlRxErrors indicates the number of
         control packet receive errors."
    ::= { tIPsecRUTnlStatsEntry 13 }

tIPsecRUTnlMatCertEntryId        OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlMatCertEntryId indicates the matching
         certificate profile entry id used for this tunnel."
    ::= { tIPsecRUTnlStatsEntry 14 }

tIPsecRUTnlCertProfName          OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlCertProfName indicates a specific IPsec tunnel
         certificate profile name used for this tunnel."
    ::= { tIPsecRUTnlStatsEntry 15 }

tIPsecRUTnlClientDBClientId      OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..8000)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlClientDBClientId indicates the client ID that
         was matched for this tunnel in the IPsec client database.

         The value of zero indicates that no IPsec database client was matched
         for this tunnel."
    ::= { tIPsecRUTnlStatsEntry 17 }

tIPsecRUTnlStatsIsakmpAuthAlg    OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlStatsIsakmpAuthAlg indicates the
         authentication algorithm of the IPsec phase 1 negotiation for this
         IPsec tunnel."
    ::= { tIPsecRUTnlStatsEntry 18 }

tIPsecRUTnlStatsIsakmpEncrAlg    OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlStatsIsakmpEncrAlg indicates the encryption
         algorithm of the IPsec phase 1 negotiation for this IPsec tunnel."
    ::= { tIPsecRUTnlStatsEntry 19 }

tIPsecRUTnlStatsIsakmpPfsDhGrp   OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroupOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlStatsIsakmpPfsDhGrp indicates the
         Diffie-Hellman (DH) group of the IPsec phase 1 negotiation for this
         IPsec tunnel.

         The Diffie-Hellman (DH) group is used by the IPsec tunnel to achieve
         Perfect Forward Secrecy (PFS)."
    ::= { tIPsecRUTnlStatsEntry 20 }

tIPsecRUTnlStatsIkeTranPrfAlg    OBJECT-TYPE
    SYNTAX      INTEGER {
        md5        (2),
        sha1       (3),
        sha256     (4),
        sha384     (5),
        sha512     (6),
        aesXcbc    (7),
        sameAsAuth (8)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlStatsIkeTranPrfAlg specifies the pseudo-random
         function (PRF)."
    ::= { tIPsecRUTnlStatsEntry 21 }

tIPsecRUSATable                  OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRUSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec remote-user dynamic SA entries."
    ::= { tmnxIPsecObjects 22 }

tIPsecRUSAEntry                  OBJECT-TYPE
    SYNTAX      TIPsecRUSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec remote-user SA entry."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecRUTnlInetAddrType,
        tIPsecRUTnlInetAddress,
        tIPsecRUTnlPort,
        tIPsecRUSAId,
        tIPsecRUSADirection,
        tIPsecRUSAIndex
    }
    ::= { tIPsecRUSATable 1 }

TIPsecRUSAEntry                  ::= SEQUENCE
{
    tIPsecRUSAId                     Unsigned32,
    tIPsecRUSAIndex                  Unsigned32,
    tIPsecRUSADirection              TmnxIPsecDirection,
    tIPsecRUSAEncryptionKey          OCTET STRING,
    tIPsecRUSAAuthenticationKey      OCTET STRING,
    tIPsecRUSASpi                    Unsigned32,
    tIPsecRUSAAuthAlgorithm          TmnxAuthAlgorithm,
    tIPsecRUSAEncrAlgorithm          TmnxEncrAlgorithm,
    tIPsecRUSAEstablishedTime        TimeStamp,
    tIPsecRUSANegotiatedLifeTime     Unsigned32,
    tIPsecRUSALclAddrType            InetAddressType,
    tIPsecRUSALclAddr                InetAddress,
    tIPsecRUSALclAPrefLen            InetAddressPrefixLength,
    tIPsecRUSARemAddrType            InetAddressType,
    tIPsecRUSARemAddr                InetAddress,
    tIPsecRUSARemAPrefLen            InetAddressPrefixLength
}

tIPsecRUSAId                     OBJECT-TYPE
    SYNTAX      Unsigned32 (1..16)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAId indicates the id of an SA entry and is part
         of the index for the tIPsecRUSATable."
    ::= { tIPsecRUSAEntry 1 }

tIPsecRUSAIndex                  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..2)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAIndex indicates an additional index to uniquely
         identify the SA entry in the tIPsecRUSATable."
    ::= { tIPsecRUSAEntry 2 }

tIPsecRUSADirection              OBJECT-TYPE
    SYNTAX      TmnxIPsecDirection
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSADirection indicates the direction on the
         IPsec Tunnel to which this SA entry can be applied.  The value
         of tIPsecRUSADirection is also part of the index for the table
         tIPsecRUSATable"
    ::= { tIPsecRUSAEntry 3 }

tIPsecRUSAEncryptionKey          OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..32))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAEncryptionKey indicates the key used for the
         encryption algorithm defined by the tIPsecRUSAEncrAlgorithm in the
         IPsec transform."
    ::= { tIPsecRUSAEntry 4 }

tIPsecRUSAAuthenticationKey      OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAAuthenticationKey indicates the key used for
         the authentication algorithm defined by the tIPsecRUSAAuthAlgorithm in
         the IPsec transform."
    ::= { tIPsecRUSAEntry 5 }

tIPsecRUSASpi                    OBJECT-TYPE
    SYNTAX      Unsigned32 (256..16383)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSASpi indicates the SPI (Security Parameter
         Index) used to lookup the instruction to verify and decrypt the
         incoming IPsec packets when the value of tIPsecRUSADirection is
         'inbound'."
    ::= { tIPsecRUSAEntry 6 }

tIPsecRUSAAuthAlgorithm          OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAAuthAlgorithm indicates the authentication
         algorithm used with this SA."
    ::= { tIPsecRUSAEntry 7 }

tIPsecRUSAEncrAlgorithm          OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAEncrAlgorithm indicates the encryption
         algorithm used with this SA."
    ::= { tIPsecRUSAEntry 8 }

tIPsecRUSAEstablishedTime        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAEstablishedTime indicates the sysUpTime at the
         time the IPsec phase 2 negotiation completed."
    ::= { tIPsecRUSAEntry 9 }

tIPsecRUSANegotiatedLifeTime     OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSANegotiatedLifeTime indicates the lifetime
         negotiated for phase2 IKE key."
    ::= { tIPsecRUSAEntry 10 }

tIPsecRUSALclAddrType            OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tIPsecRUSALclAddrType indicates the address type of
         address in tIPsecRUSALclAddr."
    ::= { tIPsecRUSAEntry 11 }

tIPsecRUSALclAddr                OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tIPsecRUSALclAddr indicates the IP address on the vpn
         side."
    ::= { tIPsecRUSAEntry 12 }

tIPsecRUSALclAPrefLen            OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tIPsecRUSALclAPrefLen indicates the number of bits to
         match of the tIPsecRUSALclAddr."
    ::= { tIPsecRUSAEntry 13 }

tIPsecRUSARemAddrType            OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tIPsecRUSARemAddrType indicates the address type of
         address in tIPsecRUSARemAddr."
    ::= { tIPsecRUSAEntry 14 }

tIPsecRUSARemAddr                OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tIPsecRUSARemAddr indicates the IP address on the tunnel
         side."
    ::= { tIPsecRUSAEntry 15 }

tIPsecRUSARemAPrefLen            OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tIPsecRUSARemAPrefLen indicates the number of bits to
         match of the tIPsecRUSARemAddr."
    ::= { tIPsecRUSAEntry 16 }

tIPsecRUSAStatsTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRUSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to retrieve the IPsec Remote-User SA Statistics entries."
    ::= { tmnxIPsecObjects 23 }

tIPsecRUSAStatsEntry             OBJECT-TYPE
    SYNTAX      TIPsecRUSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Remote-User SA Statistics entry."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecRUTnlInetAddrType,
        tIPsecRUTnlInetAddress,
        tIPsecRUTnlPort,
        tIPsecRUSAId,
        tIPsecRUSADirection,
        tIPsecRUSAIndex
    }
    ::= { tIPsecRUSAStatsTable 1 }

TIPsecRUSAStatsEntry             ::= SEQUENCE
{
    tIPsecRUSAStatsBytesProcessed    Counter64,
    tIPsecRUSAStatsBytesProcLow32    Counter32,
    tIPsecRUSAStatsBytesProcHigh32   Counter32,
    tIPsecRUSAStatsPktsProcessed     Counter64,
    tIPsecRUSAStatsPktsProcLow32     Counter32,
    tIPsecRUSAStatsPktsProcHigh32    Counter32,
    tIPsecRUSAStatsCryptoErrors      Counter32,
    tIPsecRUSAStatsReplayErrors      Counter32,
    tIPsecRUSAStatsSAErrors          Counter32,
    tIPsecRUSAStatsPolicyErrors      Counter32,
    tIPsecRUSAStatsEncapOverhead     Counter32,
    tIPsecRUSAStatsPreEncapFragCnt   Counter64,
    tIPsecRUSAStatsPreEncapFragLtSz  Unsigned32,
    tIPsecRUSAStatsPostEncapFragCnt  Counter64,
    tIPsecRUSAStatsPostEncapFragLtSz Unsigned32,
    tIPsecRUSAStatsPfsDhGroup        TmnxIkePolicyDHGroupOrZero,
    tIPsecRUSAStatsMulticastIfName   TNamedItemOrEmpty,
    tIPsecRUSAStatsMulticastProt     TIPsecMulticastProtocol
}

tIPsecRUSAStatsBytesProcessed    OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsBytesProcessed indicates the number of
         bytes successfully processed for this SA."
    ::= { tIPsecRUSAStatsEntry 1 }

tIPsecRUSAStatsBytesProcLow32    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsBytesProcLow32 indicates the lower 32 bits
         of the value of tIPsecRUSAStatsBytesProcessed."
    ::= { tIPsecRUSAStatsEntry 2 }

tIPsecRUSAStatsBytesProcHigh32   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsBytesProcHigh32 indicates the higher 32
         bits of the value of tIPsecRUSAStatsBytesProcessed."
    ::= { tIPsecRUSAStatsEntry 3 }

tIPsecRUSAStatsPktsProcessed     OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPktsProcessed indicates the number of
         packets successfully processed for this SA."
    ::= { tIPsecRUSAStatsEntry 4 }

tIPsecRUSAStatsPktsProcLow32     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPktsProcLow32 indicates the lower 32 bits
         of the value of tIPsecRUSAStatsPktsProcessed."
    ::= { tIPsecRUSAStatsEntry 5 }

tIPsecRUSAStatsPktsProcHigh32    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPktsProcHigh32 indicates the higher 32
         bits of the value of tIPsecRUSAStatsPktsProcessed."
    ::= { tIPsecRUSAStatsEntry 6 }

tIPsecRUSAStatsCryptoErrors      OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsCryptoErrors indicates the number
         of crypto errors encountered on this SA.

         When the value of tIPsecRUSADirection is 'inbound (1)', the
         tIPsecRUSAStatsCryptoErrors will be set for the following errors:
             MAC miscompare
             Pad errors
             Illegal configure algorithm
             Illegal authentication algorithm
             Inner IP checksum errors
             Payload alignment errors
             Sequence number errors
             Protocol errors

         When the value of tIPsecRUSADirection is 'outbound (2)', the
         tIPsecRUSAStatsCryptoErrors will be set for the following errors:
             Sequence wrap errors
             Illegal configure algorithm
             Illegal authentication algorithm
             Expanded packet too big
             TTL decrement errors"
    ::= { tIPsecRUSAStatsEntry 7 }

tIPsecRUSAStatsReplayErrors      OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsReplayErrors indicates the number of
         replay errors encountered on this SA."
    ::= { tIPsecRUSAStatsEntry 8 }

tIPsecRUSAStatsSAErrors          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsSAErrors indicates the number of SA errors
         encountered on this SA. The SA errors means ISA tried to use a CHILD
         SA that is marked for deletion."
    ::= { tIPsecRUSAStatsEntry 9 }

tIPsecRUSAStatsPolicyErrors      OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPolicyErrors indicates the number
         of policy errors encountered on this SA.  The policy errors include
         bundled SA, selector check and policy direction error."
    ::= { tIPsecRUSAStatsEntry 10 }

tIPsecRUSAStatsEncapOverhead     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsEncapOverhead indicates the encapsulation
         overhead for this outbound SA. This value is only significant when the
         value of tIPsecRUSADirection is 'outbound'."
    ::= { tIPsecRUSAStatsEntry 11 }

tIPsecRUSAStatsPreEncapFragCnt   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPreEncapFragCnt indicates the number of
         fragmentations that occurred prior to encapsulation for this outbound
         SA. Pre-encapsulation fragmentation occurs for IPv4 packets whose size
         exceeds tIPsecTnlTempIpMtu. This value is only significant when the
         value of tIPsecRUSADirection is 'outbound'."
    ::= { tIPsecRUSAStatsEntry 12 }

tIPsecRUSAStatsPreEncapFragLtSz  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPreEncapFragLtSz indicates the size of the
         last packet which caused a pre-encapsulation fragmentation to occur
         for this SA. This value is only significant when the value of
         tIPsecRUSADirection is 'outbound'."
    ::= { tIPsecRUSAStatsEntry 13 }

tIPsecRUSAStatsPostEncapFragCnt  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPostEncapFragCnt indicates the number of
         fragmentations that occurred after encapsulation for this SA.
         Post-encapsulation fragmentation occurs when the encapsulated packet
         size exceeds tIPsecTnlTempEncapIpMtu. This value is only significant
         when the value of tIPsecRUSADirection is 'outbound'."
    ::= { tIPsecRUSAStatsEntry 14 }

tIPsecRUSAStatsPostEncapFragLtSz OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPostEncapFragLtSz indicates the size of
         the last encapsulated packet which caused a post-encapsulation
         fragmentation to occur for this SA. This value is only significant
         when the value of tIPsecRUSADirection is 'outbound'."
    ::= { tIPsecRUSAStatsEntry 15 }

tIPsecRUSAStatsPfsDhGroup        OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroupOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPfsDhGroup indicates the Diffie-Hellman
         (DH) group used with this SA."
    ::= { tIPsecRUSAStatsEntry 17 }

tIPsecRUSAStatsMulticastIfName   OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsMulticastIfName indicates the multicast
         interface name associated with this SA.

         This value is only significant when the value of tIPsecRUSADirection
         is 'outbound (2)'."
    ::= { tIPsecRUSAStatsEntry 18 }

tIPsecRUSAStatsMulticastProt     OBJECT-TYPE
    SYNTAX      TIPsecMulticastProtocol
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsMulticastProt indicates the supported
         protocol types of the multicast interface associated to this SA.

         This value is only significant when the value of tIPsecRUSADirection
         is 'outbound (2)'."
    ::= { tIPsecRUSAStatsEntry 19 }

tmnxIPsecTunnelCountObjs         OBJECT IDENTIFIER ::= { tmnxIPsecObjects 24 }

tmnxIPsecPskTunnels              OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPskTunnels indicates the number of total IPSec
         tunnels."
    ::= { tmnxIPsecTunnelCountObjs 1 }

tmnxIPsecGWPskTunnels            OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWPskTunnels indicates the number of IPSec
         gateway tunnels with tmnxIkePolicyAuthMethod set to 'psk'."
    ::= { tmnxIPsecTunnelCountObjs 2 }

tmnxIPsecGWPskXAuthTunnels       OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWPskXAuthTunnels indicates the number of IPSec
         gateway tunnels with tmnxIkePolicyAuthMethod set to 'plainPskXAuth'."
    ::= { tmnxIPsecTunnelCountObjs 3 }

tmnxIPsecGWCertTunnels           OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWCertTunnels indicates the number of IPSec
         gateway tunnels with tmnxIkePolicyAuthMethod set to 'cert'."
    ::= { tmnxIPsecTunnelCountObjs 4 }

tmnxIPsecGWPskRadiusTunnels      OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWPskRadiusTunnels indicates the number of IPSec
         gateway tunnels with tmnxIkePolicyAuthMethod set to 'psk-radius'."
    ::= { tmnxIPsecTunnelCountObjs 5 }

tmnxIPsecGWCertRadiusTunnels     OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWCertRadiusTunnels indicates the number of
         IPSec gateway tunnels with tmnxIkePolicyAuthMethod set to
         'cert-radius'."
    ::= { tmnxIPsecTunnelCountObjs 6 }

tmnxIPsecGWEapTunnels            OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWEapTunnels indicates the number of IPSec
         gateway tunnels with tmnxIkePolicyAuthMethod set to 'eap'."
    ::= { tmnxIPsecTunnelCountObjs 7 }

tmnxIPsecGWAutoEapRadiusTunnels  OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWAutoEapRadiusTunnels indicates the number of
         IPsec gateway tunnels with tmnxIkePolicyAuthMethod set to
         'autoEapRadius'."
    ::= { tmnxIPsecTunnelCountObjs 8 }

tmnxIPsecGWAutoEapTunnels        OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWAutoEapTunnels indicates the number of IPsec
         gateway tunnels with tmnxIkePolicyAuthMethod set to 'autoEap'."
    ::= { tmnxIPsecTunnelCountObjs 9 }

tmnxIPsecTunnelBfdTableLastChgd  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdTableLastChgd indicates the sysUpTime
         at the time of the last modification to tmnxIPsecTunnelBfdTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value.

         This object has been marked obsolete in SROS Release 16.0. The
         functionality of this object is replaced by
         tmnxIPsecTnlBfdSessTableLChg."
    ::= { tmnxIPsecObjects 25 }

tmnxIPsecTunnelBfdTable          OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTunnelBfdEntry
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "Table to store the IPsec Tunnel BFD session entries.

         This table has been marked obsolete in SROS Release 16.0. The
         functionality of this object is replaced by tmnxIPsecTnlBfdSessTable
         and tmnxIPsecTnlBfdSessStatTable."
    ::= { tmnxIPsecObjects 26 }

tmnxIPsecTunnelBfdEntry          OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelBfdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Tunnel BFD session entry."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxIPsecTunnelName,
        tmnxIPsecTunnelBfdSvcId,
        tmnxIPsecTunnelBfdIfName,
        tmnxIPsecTunnelBfdDstAddrType,
        tmnxIPsecTunnelBfdDstAddr
    }
    ::= { tmnxIPsecTunnelBfdTable 1 }

TmnxIPsecTunnelBfdEntry          ::= SEQUENCE
{
    tmnxIPsecTunnelBfdSvcId          TmnxServId,
    tmnxIPsecTunnelBfdIfName         TNamedItem,
    tmnxIPsecTunnelBfdDstAddrType    InetAddressType,
    tmnxIPsecTunnelBfdDstAddr        InetAddress,
    tmnxIPsecTunnelBfdRowStatus      RowStatus,
    tmnxIPsecTunnelBfdLastChanged    TimeStamp,
    tmnxIPsecTunnelBfdSrcAddrType    InetAddressType,
    tmnxIPsecTunnelBfdSrcAddr        InetAddress,
    tmnxIPsecTunnelBfdSessOperState  TmnxBfdSessOperState
}

tmnxIPsecTunnelBfdSvcId          OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdSvcId specifies the service-id of the
         interface running BFD.

         This object has been marked obsolete in SROS Release 16.0. The
         functionality of this object is replaced by tmnxIPsecTnlBfdSessSvcId."
    ::= { tmnxIPsecTunnelBfdEntry 1 }

tmnxIPsecTunnelBfdIfName         OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdIfName specifies the IPSec interface
         used by the BFD session.

         This object has been marked obsolete in SROS Release 16.0. The
         functionality of this object is replaced by tmnxIPsecTnlBfdSessIfName."
    ::= { tmnxIPsecTunnelBfdEntry 2 }

tmnxIPsecTunnelBfdDstAddrType    OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdDstAddrType specifies the address type
         of address in tmnxIPsecTunnelBfdDstAddr.

         This object has been marked obsolete in SROS Release 16.0. The
         functionality of this object is replaced by
         tmnxIPsecTnlBfdSessDstAddrT."
    ::= { tmnxIPsecTunnelBfdEntry 3 }

tmnxIPsecTunnelBfdDstAddr        OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4|16|20))
    MAX-ACCESS  not-accessible
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdDstAddr specifies the destination
         ipaddress to be used for the BFD session.

         This object has been marked obsolete in SROS Release 16.0. The
         functionality of this object is replaced by
         tmnxIPsecTnlBfdSessDstAddr."
    ::= { tmnxIPsecTunnelBfdEntry 4 }

tmnxIPsecTunnelBfdRowStatus      OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The tmnxIPsecTunnelBfdRowStatus object is used to create and delete
         rows in the tmnxIPsecTunnelBfdTable.

         This object has been marked obsolete in SROS Release 16.0. The
         functionality of this object is replaced by
         tmnxIPsecTnlBfdSessRowStatus."
    ::= { tmnxIPsecTunnelBfdEntry 5 }

tmnxIPsecTunnelBfdLastChanged    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdLastChanged indicates the sysUpTime at
         the time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value.

         This object has been marked obsolete in SROS Release 16.0. There is no
         replacement for this object."
    ::= { tmnxIPsecTunnelBfdEntry 6 }

tmnxIPsecTunnelBfdSrcAddrType    OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdSrcAddrType indicates the address type
         of tmnxIPsecTunnelBfdSrcAddr object.

         This object has been marked obsolete in SROS Release 16.0. The
         functionality of this object is replaced by
         tmnxIPsecTnlBfdSessStatSrcAddrT."
    ::= { tmnxIPsecTunnelBfdEntry 7 }

tmnxIPsecTunnelBfdSrcAddr        OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdSrcAddr indicates the source IP address
         on the interface running BFD.

         This object has been marked obsolete in SROS Release 16.0. The
         functionality of this object is replaced by
         tmnxIPsecTnlBfdSessStatSrcAddr."
    ::= { tmnxIPsecTunnelBfdEntry 8 }

tmnxIPsecTunnelBfdSessOperState  OBJECT-TYPE
    SYNTAX      TmnxBfdSessOperState
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdSessOperState indicates the operational
         state of the BFD session the IPsec tunnel is relying upon for its fast
         triggering mechanism.

         This object has been marked obsolete in SROS Release 16.0. The
         functionality of this object is replaced by
         tmnxIPsecTnlBfdSessStatOperState."
    ::= { tmnxIPsecTunnelBfdEntry 9 }

tIPsecRadAuthPlcyTblLastChgd     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAuthPlcyTblLastChgd indicates the sysUpTime at
         the time of the last modification to tIPsecRadAuthPlcyTable by adding,
         deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 27 }

tIPsecRadAuthPlcyTable           OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRadAuthPlcyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecRadAuthPlcyTable allows configuration of IPsec Radius
         authentication policy parameters."
    ::= { tmnxIPsecObjects 28 }

tIPsecRadAuthPlcyEntry           OBJECT-TYPE
    SYNTAX      TIPsecRadAuthPlcyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tIPsecRadAuthPlcyEntry is an entry (conceptual row) in the
         tIPsecRadAuthPlcyTable. Each entry represents the configuration for a
         RADIUS authentication policy.

         Entries in this table can be created and deleted via SNMP SET
         operations to tIPsecRadAuthPlcyRowStatus. Entries have a presumed
         StorageType of nonVolatile."
    INDEX       { tIPsecRadAuthPlcyName }
    ::= { tIPsecRadAuthPlcyTable 1 }

TIPsecRadAuthPlcyEntry           ::= SEQUENCE
{
    tIPsecRadAuthPlcyName            TNamedItem,
    tIPsecRadAuthPlcyRowStatus       RowStatus,
    tIPsecRadAuthPlcyLastMgmtChange  TimeStamp,
    tIPsecRadAuthPlcyInclAttr        BITS,
    tIPsecRadAuthPlcyRadSrvPlcy      TNamedItemOrEmpty,
    tIPsecRadAuthPlcyPassword        DisplayString
}

tIPsecRadAuthPlcyName            OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAuthPlcyName specifies a specific IPsec RADIUS
         authentication policy."
    ::= { tIPsecRadAuthPlcyEntry 1 }

tIPsecRadAuthPlcyRowStatus       OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAuthPlcyRowStatus controls the creation and
         deletion of rows in the table."
    ::= { tIPsecRadAuthPlcyEntry 2 }

tIPsecRadAuthPlcyLastMgmtChange  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAuthPlcyLastMgmtChange indicates the sysUpTime
         at the time of the most recent management-initiated change to this
         Policy."
    ::= { tIPsecRadAuthPlcyEntry 3 }

tIPsecRadAuthPlcyInclAttr        OBJECT-TYPE
    SYNTAX      BITS {
        callingStationId (0),
        calledStationId  (1),
        nasPortId        (2),
        nasIdentifier    (3),
        nasIpAddr        (4),
        certSubjectKeyId (5)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAuthPlcyInclAttr specifies what RADIUS
         attributes the system should include into RADIUS access-request
         messages.

         When the 'certSubjectKeyId (5)' bit value is configured, the system
         extracts the Subject Key Identifier (SKID) from the peer certificate
         and adds it as a Vendor-Specific Attribute (VSA) in the RADIUS
         access-request. If this field is configured and the peer certificate
         does not contain a SKID extension, the system will send an empty VSA
         in the RADIUS access-request. If the SKID length exceeds 247 bytes,
         the system will use the least significant 247 bytes of the SKID."
    REFERENCE
        "RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
         Certificate Revocation List (CRL) Profile', IETF, May 2008,
         section 4.2.1.2, 'Subject Key Identifier'."
    DEFVAL      { {} }
    ::= { tIPsecRadAuthPlcyEntry 4 }

tIPsecRadAuthPlcyRadSrvPlcy      OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAuthPlcyRadSrvPlcy specifies the RADIUS server
         policy as defined in TIMETRA-RADIUS-MIB::tmnxRadSrvPlcyTable to be
         applied in this IPsec RADIUS authentication policy."
    DEFVAL      { "" }
    ::= { tIPsecRadAuthPlcyEntry 5 }

tIPsecRadAuthPlcyPassword        OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAuthPlcyPassword specifies the default password
         to be used in access-request messages to the RADIUS server. An empty
         string is returned on SNMP GET requests."
    DEFVAL      { "" }
    ::= { tIPsecRadAuthPlcyEntry 6 }

tIPsecRadAcctPlcyTblLastChgd     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAcctPlcyTblLastChgd indicates the sysUpTime at
         the time of the last modification to tIPsecRadAcctPlcyTable by adding,
         deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 29 }

tIPsecRadAcctPlcyTable           OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRadAcctPlcyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecRadAcctPlcyTable allows configuration of IPsec Radius
         accounting policy parameters."
    ::= { tmnxIPsecObjects 30 }

tIPsecRadAcctPlcyEntry           OBJECT-TYPE
    SYNTAX      TIPsecRadAcctPlcyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "tIPsecRadAcctPlcyEntry is an entry (conceptual row) in the
         tIPsecRadAcctPlcyTable. Each entry represents the configuration for a
         RADIUS accounting policy.

         Entries in this table can be created and deleted via SNMP SET
         operations to tIPsecRadAcctPlcyRowStatus. Entries have a presumed
         StorageType of nonVolatile."
    INDEX       { tIPsecRadAcctPlcyName }
    ::= { tIPsecRadAcctPlcyTable 1 }

TIPsecRadAcctPlcyEntry           ::= SEQUENCE
{
    tIPsecRadAcctPlcyName            TNamedItem,
    tIPsecRadAcctPlcyRowStatus       RowStatus,
    tIPsecRadAcctPlcyLastMgmtChange  TimeStamp,
    tIPsecRadAcctPlcyInclAttr        BITS,
    tIPsecRadAcctPlcyRadSrvPlcy      TNamedItemOrEmpty,
    tIPsecRadAcctPlcyUpdateInterval  Unsigned32,
    tIPsecRadAcctPlcyJitter          Integer32
}

tIPsecRadAcctPlcyName            OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAcctPlcyName specifies a specific IPsec RADIUS
         accounting policy."
    ::= { tIPsecRadAcctPlcyEntry 1 }

tIPsecRadAcctPlcyRowStatus       OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAcctPlcyRowStatus controls the creation and
         deletion of rows in the table."
    ::= { tIPsecRadAcctPlcyEntry 2 }

tIPsecRadAcctPlcyLastMgmtChange  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAcctPlcyLastMgmtChange indicates the sysUpTime
         at the time of the most recent management-initiated change to this
         Policy."
    ::= { tIPsecRadAcctPlcyEntry 3 }

tIPsecRadAcctPlcyInclAttr        OBJECT-TYPE
    SYNTAX      BITS {
        callingStationId (0),
        calledStationId  (1),
        nasPortId        (2),
        nasIdentifier    (3),
        nasIpAddr        (4),
        framedIpAddr     (5),
        framedIpv6Prefix (6),
        acctStats        (7)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAcctPlcyInclAttr specifies what RADIUS
         attributes the system should include into RADIUS access-request
         messages."
    DEFVAL      { {} }
    ::= { tIPsecRadAcctPlcyEntry 4 }

tIPsecRadAcctPlcyRadSrvPlcy      OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAcctPlcyRadSrvPlcy specifies the RADIUS server
         policy as defined in TIMETRA-RADIUS-MIB::tmnxRadSrvPlcyTable to be
         applied in this IPsec RADIUS accounting policy."
    DEFVAL      { "" }
    ::= { tIPsecRadAcctPlcyEntry 5 }

tIPsecRadAcctPlcyUpdateInterval  OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 5..259200)
    UNITS       "minutes"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAcctPlcyUpdateInterval specifies the update
         interval of the accounting data of the IPsec RADIUS accounting policy.
         A value of 0 specifies that no intermediate updates will be sent."
    DEFVAL      { 10 }
    ::= { tIPsecRadAcctPlcyEntry 6 }

tIPsecRadAcctPlcyJitter          OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 0..3600)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAcctPlcyJitter specifies the amount of jitter to
         be applied on the update interval which is configured in
         tIPsecRadAcctPlcyUpdateInterval.

         A value between 0..3600 specifies the amount of jitter in seconds.

         A value of -1 indicates that tIPsecRadAcctPlcyJitter is not configured
         and its value is treated as 10% of the configured value of the update
         interval."
    DEFVAL      { -1 }
    ::= { tIPsecRadAcctPlcyEntry 7 }

tmnxIPsecTnlDstAddrTblLastChngd  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlDstAddrTblLastChngd indicates the sysUpTime
         at the time of the last modification to tmnxIPsecTnlDstAddrTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 31 }

tmnxIPsecTnlDstAddrTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTnlDstAddrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlDstAddrTable contains destination addresses for each
         IPSec tunnel in the system.

         Entries are created and deleted by the user."
    ::= { tmnxIPsecObjects 32 }

tmnxIPsecTnlDstAddrEntry         OBJECT-TYPE
    SYNTAX      TmnxIPsecTnlDstAddrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlDstAddrEntry contains information about a single
         destination address in an IPSec Tunnel."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxIPsecTunnelName,
        tmnxIPsecTnlDstAddrType,
        tmnxIPsecTnlDstAddr
    }
    ::= { tmnxIPsecTnlDstAddrTable 1 }

TmnxIPsecTnlDstAddrEntry         ::= SEQUENCE
{
    tmnxIPsecTnlDstAddrType          InetAddressType,
    tmnxIPsecTnlDstAddr              InetAddress,
    tmnxIPsecTnlDstAddrRowStatus     RowStatus,
    tmnxIPsecTnlDstAddrLastChanged   TimeStamp,
    tmnxIPsecTnlDstAddrResolved      TruthValue
}

tmnxIPsecTnlDstAddrType          OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlDstAddrType specifies the address type of
         address in tmnxIPsecTnlDstAddr."
    ::= { tmnxIPsecTnlDstAddrEntry 1 }

tmnxIPsecTnlDstAddr              OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4|16|20))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlDstAddr specifies the address of the
         destination of this IPSec tunnel."
    ::= { tmnxIPsecTnlDstAddrEntry 2 }

tmnxIPsecTnlDstAddrRowStatus     OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlDstAddrRowStatus object is used to create and delete
         rows in the tmnxIPsecTnlDstAddrTable."
    ::= { tmnxIPsecTnlDstAddrEntry 3 }

tmnxIPsecTnlDstAddrLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlDstAddrLastChanged indicates the sysUpTime at
         the time of the last modification of this entry."
    ::= { tmnxIPsecTnlDstAddrEntry 4 }

tmnxIPsecTnlDstAddrResolved      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlDstAddrResolved indicates whether or not this
         IPsec tunnel destination address has been resolved as reachable by the
         virtual router"
    ::= { tmnxIPsecTnlDstAddrEntry 5 }

tIPsecCertProfileTblLastChgd     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfileTblLastChgd indicates the sysUpTime at
         the time of the last modification to tIPsecCertProfileTable by adding,
         deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 33 }

tIPsecCertProfileTable           OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecCertProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecCertProfileTable allows configuration of IPsec certificate
         profile parameters."
    ::= { tmnxIPsecObjects 34 }

tIPsecCertProfileEntry           OBJECT-TYPE
    SYNTAX      TIPsecCertProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecCertProfileEntry is an entry (conceptual row) in the
         tIPsecCertProfileTable. Each entry represents the configuration for a
         certificate profile.

         Entries in this table can be created and deleted via SNMP SET
         operations to tIPsecCertProfileRowStatus. Entries have a presumed
         StorageType of nonVolatile."
    INDEX       { tIPsecCertProfileName }
    ::= { tIPsecCertProfileTable 1 }

TIPsecCertProfileEntry           ::= SEQUENCE
{
    tIPsecCertProfileName            TNamedItem,
    tIPsecCertProfileRowStatus       RowStatus,
    tIPsecCertProfileLastChgd        TimeStamp,
    tIPsecCertProfileAdminState      TmnxAdminState,
    tIPsecCertProfileOperState       TmnxOperState,
    tIPsecCertProfileOperFlags       BITS
}

tIPsecCertProfileName            OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfileName specifies a specific IPsec
         certificate profile name."
    ::= { tIPsecCertProfileEntry 1 }

tIPsecCertProfileRowStatus       OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfileRowStatus controls the creation and
         deletion of rows in the table."
    ::= { tIPsecCertProfileEntry 2 }

tIPsecCertProfileLastChgd        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfileLastChgd indicates the sysUpTime at the
         time of the most recent management-initiated change to this entry."
    ::= { tIPsecCertProfileEntry 3 }

tIPsecCertProfileAdminState      OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfileAdminState specifies the administrative
         state of the tIPsecCertProfileEntry."
    DEFVAL      { outOfService }
    ::= { tIPsecCertProfileEntry 4 }

tIPsecCertProfileOperState       OBJECT-TYPE
    SYNTAX      TmnxOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfileOperState indicates the operational
         status of tIPsecCertProfileEntry."
    ::= { tIPsecCertProfileEntry 5 }

tIPsecCertProfileOperFlags       OBJECT-TYPE
    SYNTAX      BITS {
        profileAdminDown    (0),
        invalidCertFile     (1),
        invalidKeyFile      (2),
        invalidCertKeyCombo (3),
        caProfileOperDown   (4),
        invalidCAProfEntry  (5)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfileOperFlags indicates the operational
         condition of the certificate profile which is aggregated from all its
         configured entries."
    ::= { tIPsecCertProfileEntry 6 }

tIPsecCertProfEntryIdTblLastChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfEntryIdTblLastChgd indicates the sysUpTime
         at the time of the last modification to tIPsecCertProfEntryIdTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 35 }

tIPsecCertProfEntryIdTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecCertProfEntryIdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecCertProfEntryIdTable allows configuration of IPsec
         certificate profile entry parameters."
    ::= { tmnxIPsecObjects 36 }

tIPsecCertProfEntryIdEntry       OBJECT-TYPE
    SYNTAX      TIPsecCertProfEntryIdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecCertProfEntryIdEntry is an entry (conceptual row) in the
         tIPsecCertProfEntryIdTable. Each entry represents the configuration
         for a certificate profile entry.

         Entries in this table can be created and deleted via SNMP SET
         operations to tIPsecCertProfEntryIdRowStatus. Entries have a presumed
         StorageType of nonVolatile."
    INDEX       {
        tIPsecCertProfileName,
        tIPsecCertProfEntryId
    }
    ::= { tIPsecCertProfEntryIdTable 1 }

TIPsecCertProfEntryIdEntry       ::= SEQUENCE
{
    tIPsecCertProfEntryId            Integer32,
    tIPsecCertProfEntryIdRowStatus   RowStatus,
    tIPsecCertProfEntryIdLastChgd    TimeStamp,
    tIPsecCertProfEntryIdCertFile    DisplayString,
    tIPsecCertProfEntryIdKeyFile     DisplayString,
    tIPsecCertProfEntryIdCompChain   INTEGER,
    tIPsecCertProfEntryIdOperFlags   BITS,
    tIPsecCertProfEntryIdRsaSign     INTEGER
}

tIPsecCertProfEntryId            OBJECT-TYPE
    SYNTAX      Integer32 (1..8)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfEntryId specifies a specific IPsec
         certificate profile entry identifier."
    ::= { tIPsecCertProfEntryIdEntry 1 }

tIPsecCertProfEntryIdRowStatus   OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfEntryIdRowStatus controls the creation and
         deletion of rows in the table."
    ::= { tIPsecCertProfEntryIdEntry 2 }

tIPsecCertProfEntryIdLastChgd    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfEntryIdLastChgd indicates the sysUpTime at
         the time of the most recent management-initiated change to this entry."
    ::= { tIPsecCertProfEntryIdEntry 3 }

tIPsecCertProfEntryIdCertFile    OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..95))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfEntryIdCertFile specifies the file URL of
         the certificate to be used with this IPSEC certificate profile entry."
    DEFVAL      { ''H }
    ::= { tIPsecCertProfEntryIdEntry 4 }

tIPsecCertProfEntryIdKeyFile     OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..95))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfEntryIdKeyFile specifies the key-pair file
         to be used for X.509 certificate authentication with this IPSEC
         certificate profile entry."
    DEFVAL      { ''H }
    ::= { tIPsecCertProfEntryIdEntry 5 }

tIPsecCertProfEntryIdCompChain   OBJECT-TYPE
    SYNTAX      INTEGER {
        notAvailable (0),
        partial      (1),
        complete     (2)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfEntryIdCompChain indicates the status of
         computed chain for this IPSEC certificate profile entry."
    ::= { tIPsecCertProfEntryIdEntry 6 }

tIPsecCertProfEntryIdOperFlags   OBJECT-TYPE
    SYNTAX      BITS {
        profileAdminDown    (0),
        invalidCertFile     (1),
        invalidKeyFile      (2),
        invalidCertKeyCombo (3),
        caProfileOperDown   (4),
        invalidCAProfEntry  (5)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfEntryIdOperFlags indicates the operational
         condition of this certificate profile entry."
    ::= { tIPsecCertProfEntryIdEntry 7 }

tIPsecCertProfEntryIdRsaSign     OBJECT-TYPE
    SYNTAX      INTEGER {
        pkcs1 (1),
        pss   (2)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertProfEntryIdRsaSign specifies the signature
         algorithm used by this certificate profile entry.

         pkcs1 - Public-Key Cryptography Standards 1
         pss   - RSA Probabilistic Signature Scheme"
    DEFVAL      { pkcs1 }
    ::= { tIPsecCertProfEntryIdEntry 8 }

tIPsecCompChainCAProfTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecCompChainCAProfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecCompChainCAProfTable maintains Certificate-Authority (CA)
         profile which are part of computed chain per certificate profile
         entry."
    ::= { tmnxIPsecObjects 37 }

tIPsecCompChainCAProfEntry       OBJECT-TYPE
    SYNTAX      TIPsecCompChainCAProfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecCompChainCAProfEntry is an entry (conceptual row) in the
         tIPsecCompChainCAProfTable. Each entry represents a part of the
         computed chain per certificate profile entry."
    INDEX       {
        tIPsecCertProfileName,
        tIPsecCertProfEntryId,
        tIPsecCompChainCAProfOrder
    }
    ::= { tIPsecCompChainCAProfTable 1 }

TIPsecCompChainCAProfEntry       ::= SEQUENCE
{
    tIPsecCompChainCAProfOrder       Integer32,
    tIPsecCompChainCAProfName        TNamedItem
}

tIPsecCompChainCAProfOrder       OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCompChainCAProfOrder indicates the order in which
         certificate-authority (CA) profile are maintained for the computed
         chain of this certificate profile entry."
    ::= { tIPsecCompChainCAProfEntry 1 }

tIPsecCompChainCAProfName        OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCompChainCAProfName indicates the
         certificate-authority (CA) profile which is part of the computed chain
         for this certificate profile entry."
    ::= { tIPsecCompChainCAProfEntry 2 }

tIPsecCertChainCAProfTblLastChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecCertChainCAProfTblLastChgd indicates the sysUpTime
         at the time of the last modification to tIPsecCertChainCAProfTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 41 }

tIPsecCertChainCAProfTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecCertChainCAProfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecCertChainCAProfTable maintains configuration of chain CA
         profiles for IPsec certificate profile entry parameters."
    ::= { tmnxIPsecObjects 42 }

tIPsecCertChainCAProfEntry       OBJECT-TYPE
    SYNTAX      TIPsecCertChainCAProfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecCertChainCAProfEntry is an entry (conceptual row) in the
         tIPsecCertChainCAProfTable. Each entry represents the configuration
         for a chain CA profile for certificate profile entry.

         Entries in this table can be created and deleted via SNMP SET
         operations to tIPsecCertChainCAProfRowStatus. Entries have a presumed
         StorageType of nonVolatile."
    INDEX       {
        tIPsecCertProfileName,
        tIPsecCertProfEntryId,
        tIPsecCertChainCAProfName
    }
    ::= { tIPsecCertChainCAProfTable 1 }

TIPsecCertChainCAProfEntry       ::= SEQUENCE
{
    tIPsecCertChainCAProfName        TNamedItem,
    tIPsecCertChainCAProfRowStatus   RowStatus,
    tIPsecCertChainCAProfLastChgd    TimeStamp
}

tIPsecCertChainCAProfName        OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecCertChainCAProfName specifies the chain CA profile for
         certificate profile entry."
    ::= { tIPsecCertChainCAProfEntry 1 }

tIPsecCertChainCAProfRowStatus   OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tIPsecCertChainCAProfRowStatus controls the creation and deletion
         of rows in the table."
    ::= { tIPsecCertChainCAProfEntry 2 }

tIPsecCertChainCAProfLastChgd    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The tIPsecCertChainCAProfLastChgd indicates the sysUpTime at the time
         of the most recent management-initiated change to this entry."
    ::= { tIPsecCertChainCAProfEntry 3 }

tIPsecTsListTblLastChgd          OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListTblLastChgd indicates the sysUpTime at the
         time of the last modification to tIPsecTsListTable by adding, deleting
         an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 43 }

tIPsecTsListTable                OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecTsListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecTsListTable allows configuration of IPsec traffic selector
         list parameters."
    REFERENCE
        "RFC 5996, 'Internet Key Exchange Protocol Version 2 (IKEv2)', IETF,
         September 2010"
    ::= { tmnxIPsecObjects 44 }

tIPsecTsListEntry                OBJECT-TYPE
    SYNTAX      TIPsecTsListEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecTsListEntry is an entry (conceptual row) in the
         tIPsecTsListTable. Each entry represents the configuration for a
         traffic selector list.

         Entries in this table can be created and deleted via SNMP SET
         operations to tIPsecTsListRowStatus. Entries have a presumed
         StorageType of nonVolatile."
    INDEX       { tIPsecTsListName }
    ::= { tIPsecTsListTable 1 }

TIPsecTsListEntry                ::= SEQUENCE
{
    tIPsecTsListName                 TNamedItem,
    tIPsecTsListRowStatus            RowStatus,
    tIPsecTsListLastChgd             TimeStamp
}

tIPsecTsListName                 OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListName specifies a specific IPsec traffic
         selector list name."
    ::= { tIPsecTsListEntry 1 }

tIPsecTsListRowStatus            OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRowStatus controls the creation and deletion
         of rows in the table."
    ::= { tIPsecTsListEntry 2 }

tIPsecTsListLastChgd             OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLastChgd indicates the sysUpTime at the time
         of the most recent management-initiated change to this entry."
    ::= { tIPsecTsListEntry 3 }

tIPsecTsListLclEntryTblLastChgd  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryTblLastChgd indicates the sysUpTime
         at the time of the last modification to tIPsecTsListLclEntryTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 45 }

tIPsecTsListLclEntryTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecTsListLclEntryEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecTsListLclEntryTable allows configuration of IPsec traffic
         selector list local entry parameters."
    ::= { tmnxIPsecObjects 46 }

tIPsecTsListLclEntryEntry        OBJECT-TYPE
    SYNTAX      TIPsecTsListLclEntryEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecTsListLclEntryEntry is an entry (conceptual row) in the
         tIPsecTsListLclEntryTable. Each entry represents the configuration for
         a traffic selector list local entry.

         Entries in this table can be created and deleted via SNMP SET
         operations to tIPsecTsListLclEntryRowStatus. Entries have a presumed
         StorageType of nonVolatile."
    INDEX       {
        tIPsecTsListName,
        tIPsecTsListLclEntryId
    }
    ::= { tIPsecTsListLclEntryTable 1 }

TIPsecTsListLclEntryEntry        ::= SEQUENCE
{
    tIPsecTsListLclEntryId           Integer32,
    tIPsecTsListLclEntryRowStatus    RowStatus,
    tIPsecTsListLclEntryLastChgd     TimeStamp,
    tIPsecTsListLclEntryFrAddrType   InetAddressType,
    tIPsecTsListLclEntryFrAddr       InetAddress,
    tIPsecTsListLclEntryToAddrType   InetAddressType,
    tIPsecTsListLclEntryToAddr       InetAddress,
    tIPsecTsListLclEntryPfxAddrType  InetAddressType,
    tIPsecTsListLclEntryPfxAddr      InetAddress,
    tIPsecTsListLclEntryPfxLen       InetAddressPrefixLength,
    tIPsecTsListLclEntryMinPort      InetPortNumber,
    tIPsecTsListLclEntryMaxPort      InetPortNumber,
    tIPsecTsListLclEntryMinMhType    Unsigned32,
    tIPsecTsListLclEntryMaxMhType    Unsigned32,
    tIPsecTsListLclEntryMinIcmpType  Unsigned32,
    tIPsecTsListLclEntryMaxIcmpType  Unsigned32,
    tIPsecTsListLclEntryMinIcmpCode  Unsigned32,
    tIPsecTsListLclEntryMaxIcmpCode  Unsigned32,
    tIPsecTsListLclEntryProtocolId   Integer32
}

tIPsecTsListLclEntryId           OBJECT-TYPE
    SYNTAX      Integer32 (1..32)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryId specifies a unique identifier for
         one IPsec traffic selector local entry configured in this system."
    ::= { tIPsecTsListLclEntryEntry 1 }

tIPsecTsListLclEntryRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryRowStatus controls the creation and
         deletion of rows in the table."
    ::= { tIPsecTsListLclEntryEntry 2 }

tIPsecTsListLclEntryLastChgd     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryLastChgd indicates the sysUpTime at
         the time of the most recent management-initiated change to this entry."
    ::= { tIPsecTsListLclEntryEntry 3 }

tIPsecTsListLclEntryFrAddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryFrAddrType specifies the address type
         of beginning address of the range for this entry.

         An 'inconsistentValue' error is returned if this object is set to
         non-default value when tIPsecTsListLclEntryPfxAddr is set to
         non-default value."
    DEFVAL      { unknown }
    ::= { tIPsecTsListLclEntryEntry 5 }

tIPsecTsListLclEntryFrAddr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryFrAddr specifies the beginning
         address of the range for this entry.

         An 'inconsistentValue' error is returned if this object is set to
         non-default value when tIPsecTsListLclEntryPfxAddr is set to
         non-default value."
    DEFVAL      { ''H }
    ::= { tIPsecTsListLclEntryEntry 6 }

tIPsecTsListLclEntryToAddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryToAddrType specifies the address type
         of ending address of the range for this entry.

         An 'inconsistentValue' error is returned if this object is set to
         non-default value when tIPsecTsListLclEntryPfxAddr is set to
         non-default value."
    DEFVAL      { unknown }
    ::= { tIPsecTsListLclEntryEntry 7 }

tIPsecTsListLclEntryToAddr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryToAddr specifies the ending address
         of the range for this entry.

         An 'inconsistentValue' error is returned if this object is set to
         non-default value when tIPsecTsListLclEntryPfxAddr is set to
         non-default value."
    DEFVAL      { ''H }
    ::= { tIPsecTsListLclEntryEntry 8 }

tIPsecTsListLclEntryPfxAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryPfxAddrType specifies the address
         type of prefix address of the range for this entry.

         An 'inconsistentValue' error is returned if this object is set to
         non-default value when tIPsecTsListLclEntryFrAddr is set to
         non-default value."
    DEFVAL      { unknown }
    ::= { tIPsecTsListLclEntryEntry 9 }

tIPsecTsListLclEntryPfxAddr      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryPfxAddr specifies the prefix address
         for this entry.

         An 'inconsistentValue' error is returned if this object is set to
         non-default value when tIPsecTsListLclEntryFrAddr is set to
         non-default value."
    DEFVAL      { ''H }
    ::= { tIPsecTsListLclEntryEntry 10 }

tIPsecTsListLclEntryPfxLen       OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryPfxLen specifies the prefix length of
         the tIPsecTsListLclEntryPfxAddr.

         An 'inconsistentValue' error is returned if this object is set to
         non-default value when tIPsecTsListLclEntryFrAddr is set to
         non-default value."
    DEFVAL      { 0 }
    ::= { tIPsecTsListLclEntryEntry 11 }

tIPsecTsListLclEntryMinPort      OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryMinPort specifies the minimum port of
         the range for this IPsec traffic selector list local entry.

         tIPsecTsListLclEntryMinPort is used for any Internet transport layer
         protocol except ICMP, ICMPv6 and MIPv6.

         When the value of tIPsecTsListLclEntryMinPort is '0' and the value of
         tIPsecTsListLclEntryMaxPort is '65535', it means that the IPsec
         traffic selector accepts any port number.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMaxPort."
    DEFVAL      { 0 }
    ::= { tIPsecTsListLclEntryEntry 12 }

tIPsecTsListLclEntryMaxPort      OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryMaxPort specifies the maximum port of
         the range for this IPsec traffic selector list local entry.

         tIPsecTsListLclEntryMaxPort is used for any Internet transport layer
         protocol except ICMP, ICMPv6 and MIPv6.

         When the value of tIPsecTsListLclEntryMaxPort is '0' and the value of
         tIPsecTsListLclEntryMinPort is '65535', it means that the IPsec
         traffic selector accepts the packet only when the corresponding port
         field is unavailable.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMinPort."
    DEFVAL      { 65535 }
    ::= { tIPsecTsListLclEntryEntry 13 }

tIPsecTsListLclEntryMinMhType    OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryMinMhType specifies the minimum
         Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec
         traffic selector list local entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMaxMhType."
    REFERENCE
        "'Mobility Header Types - for the MH Type field in the Mobility Header',
         http://www.iana.org/assignments/mobility-parameters/
         mobility-parameters.xhtml#mobility-parameters-1"
    DEFVAL      { 0 }
    ::= { tIPsecTsListLclEntryEntry 14 }

tIPsecTsListLclEntryMaxMhType    OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryMaxMhType specifies the maximum
         Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec
         traffic selector list local entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListLclEntryProtocolId and tIPsecTsListLclEntryMinMhType."
    DEFVAL      { 0 }
    ::= { tIPsecTsListLclEntryEntry 15 }

tIPsecTsListLclEntryMinIcmpType  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryMinIcmpType specifies the minimum
         ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector
         list local entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMaxIcmpType,
         tIPsecTsListLclEntryMinIcmpCode and tIPsecTsListLclEntryMaxIcmpCode."
    REFERENCE
        "'Internet Control Message Protocol (ICMP) Parameters',
         http://www.iana.org/assignments/icmp-parameters/icmp-parameters.txt,
         April 2013, and
         'Internet Control Message Protocol version 6 (ICMPv6) Parameters',
         http://www.iana.org/assignments/icmpv6-parameters/
         icmpv6-parameters.xhtml, January 2015."
    DEFVAL      { 0 }
    ::= { tIPsecTsListLclEntryEntry 16 }

tIPsecTsListLclEntryMaxIcmpType  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryMaxIcmpType specifies the maximum
         ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector
         list local entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMinIcmpType,
         tIPsecTsListLclEntryMinIcmpCode and tIPsecTsListLclEntryMaxIcmpCode."
    DEFVAL      { 0 }
    ::= { tIPsecTsListLclEntryEntry 17 }

tIPsecTsListLclEntryMinIcmpCode  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryMinIcmpCode specifies the minimum
         ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector
         list local entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMinIcmpType,
         tIPsecTsListLclEntryMaxIcmpType and tIPsecTsListLclEntryMaxIcmpCode."
    DEFVAL      { 0 }
    ::= { tIPsecTsListLclEntryEntry 18 }

tIPsecTsListLclEntryMaxIcmpCode  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryMaxIcmpCode specifies the maximum
         ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector
         list local entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListLclEntryProtocolId, tIPsecTsListLclEntryMinIcmpType,
         tIPsecTsListLclEntryMaxIcmpType and tIPsecTsListLclEntryMinIcmpCode."
    DEFVAL      { 0 }
    ::= { tIPsecTsListLclEntryEntry 19 }

tIPsecTsListLclEntryProtocolId   OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 0 | 1..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListLclEntryProtocolId specifies the IP protocol
         number allowed by the IPsec traffic selector associated with this
         local entry.

         A value of zero specifies that the IPsec traffic selector will accept
         packets for any protocol. A value of '-1' specifies that this IPsec
         traffic selector local entry is not configured.

         When the value of tIPsecTsListLclEntryProtocolId is any value between
         -1 and 255, except 1 (ICMP), 58 (ICMPv6) and 135 (MIPv6), this value
         must be set in the SNMP SET PDU as tIPsecTsListLclEntryMinPort and
         tIPsecTsListLclEntryMaxPort. Especially when the value of
         tIPsecTsListLclEntryProtocolId is -1, tIPsecTsListLclEntryMinPort and
         tIPsecTsListLclEntryMaxPort must be 0 and 65535, respectively.

         When the value of tIPsecTsListLclEntryProtocolId is 1 or 58, this
         value must be set in the SNMP SET PDU as
         tIPsecTsListLclEntryMinIcmpType, tIPsecTsListLclEntryMaxIcmpType,
         tIPsecTsListLclEntryMinIcmpCode and tIPsecTsListLclEntryMaxIcmpCode.

         When the value of tIPsecTsListLclEntryProtocolId is 135, this value
         must be set in the SNMP SET PDU as tIPsecTsListLclEntryMinMhType and
         tIPsecTsListLclEntryMaxMhType."
    DEFVAL      { -1 }
    ::= { tIPsecTsListLclEntryEntry 20 }

tIPsecGWTsNegSelPlcyTblLastChgd  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWTsNegSelPlcyTblLastChgd indicates the sysUpTime
         at the time of the last modification to tIPsecGWTsNegSelPlcyTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 47 }

tIPsecGWTsNegSelPlcyTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecGWTsNegSelPlcyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecGWTsNegSelPlcyTable maintains traffic selector
         selection-policy information for IPsec gateway entries."
    ::= { tmnxIPsecObjects 48 }

tIPsecGWTsNegSelPlcyEntry        OBJECT-TYPE
    SYNTAX      TIPsecGWTsNegSelPlcyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecGWTsNegSelPlcyEntry maintains information about a single
         IPsec gateway traffic selector negotiation selection-policy."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecGWTsNegSelPlcyName
    }
    ::= { tIPsecGWTsNegSelPlcyTable 1 }

TIPsecGWTsNegSelPlcyEntry        ::= SEQUENCE
{
    tIPsecGWTsNegSelPlcyName         TNamedItemOrEmpty,
    tIPsecGWTsNegSelPlcyRowStatus    RowStatus,
    tIPsecGWTsNegSelPlcyLastChgd     TimeStamp,
    tIPsecGWTsNegSelPlcyTsList       TNamedItemOrEmpty
}

tIPsecGWTsNegSelPlcyName         OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWTsNegSelPlcyName specifies the IPsec
         selection-policy name associated with this SAP IPSec gateway traffic
         selector."
    ::= { tIPsecGWTsNegSelPlcyEntry 1 }

tIPsecGWTsNegSelPlcyRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tIPsecGWTsNegSelPlcyRowStatus object is used to create and delete
         rows in the tIPsecGWTsNegSelPlcyTable."
    ::= { tIPsecGWTsNegSelPlcyEntry 2 }

tIPsecGWTsNegSelPlcyLastChgd     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWTsNegSelPlcyLastChgd indicates the sysUpTime at
         the time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tIPsecGWTsNegSelPlcyEntry 3 }

tIPsecGWTsNegSelPlcyTsList       OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tIPsecGWTsNegSelPlcyTsList object specifies the IPsec traffic
         selector list name associated with this traffic selector negotiation
         selection-policy on this gateway."
    DEFVAL      { ''H }
    ::= { tIPsecGWTsNegSelPlcyEntry 4 }

tIPsecTrustAnchorProfTblLastChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTrustAnchorProfTblLastChgd indicates the sysUpTime
         at the time of the last modification to tIPsecTrustAnchorProfTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 49 }

tIPsecTrustAnchorProfTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecTrustAnchorProfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecTrustAnchorProfTable allows configuration of IPsec trust
         anchor profile parameters."
    ::= { tmnxIPsecObjects 50 }

tIPsecTrustAnchorProfEntry       OBJECT-TYPE
    SYNTAX      TIPsecTrustAnchorProfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecTrustAnchorProfEntry is an entry (conceptual row) in the
         tIPsecTrustAnchorProfTable. Each entry represents the configuration
         for a trust anchor profile.

         Entries in this table can be created and deleted via SNMP SET
         operations to tIPsecTrustAnchorProfRowStatus. Entries have a presumed
         StorageType of nonVolatile."
    INDEX       { tIPsecTrustAnchorProfName }
    ::= { tIPsecTrustAnchorProfTable 1 }

TIPsecTrustAnchorProfEntry       ::= SEQUENCE
{
    tIPsecTrustAnchorProfName        TNamedItem,
    tIPsecTrustAnchorProfRowStatus   RowStatus,
    tIPsecTrustAnchorProfLastChgd    TimeStamp,
    tIPsecTrustAnchorCAProfDown      Integer32
}

tIPsecTrustAnchorProfName        OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTrustAnchorProfName specifies a specific IPsec
         trust anchor profile name."
    ::= { tIPsecTrustAnchorProfEntry 1 }

tIPsecTrustAnchorProfRowStatus   OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTrustAnchorProfRowStatus controls the creation and
         deletion of rows in the table."
    ::= { tIPsecTrustAnchorProfEntry 2 }

tIPsecTrustAnchorProfLastChgd    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTrustAnchorProfLastChgd indicates the sysUpTime at
         the time of the most recent management-initiated change to this entry."
    ::= { tIPsecTrustAnchorProfEntry 3 }

tIPsecTrustAnchorCAProfDown      OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTrustAnchorCAProfDown indicates the total number of
         trusted CA-profiles (Certificate-Authority) not operational in the
         trust-anchor-profile."
    ::= { tIPsecTrustAnchorProfEntry 4 }

tIPsecTrustAnchorsTblLastChgd    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTrustAnchorsTblLastChgd indicates the sysUpTime at
         the time of the last modification to tIPsecTrustAnchorsTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 51 }

tIPsecTrustAnchorsTable          OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecTrustAnchorsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecTrustAnchorsTable allows configuration of IPsec trust anchor
         profile entry parameters."
    ::= { tmnxIPsecObjects 52 }

tIPsecTrustAnchorsEntry          OBJECT-TYPE
    SYNTAX      TIPsecTrustAnchorsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecTrustAnchorsEntry is an entry (conceptual row) in the
         tIPsecTrustAnchorsTable. Each entry represents the configuration for a
         trust anchor profile entry.

         Entries in this table can be created and deleted via SNMP SET
         operations to tIPsecTrustAnchorsRowStatus. Entries have a presumed
         StorageType of nonVolatile."
    INDEX       {
        tIPsecTrustAnchorProfName,
        tIPsecTrustAnchorsCAProfile
    }
    ::= { tIPsecTrustAnchorsTable 1 }

TIPsecTrustAnchorsEntry          ::= SEQUENCE
{
    tIPsecTrustAnchorsCAProfile      TNamedItem,
    tIPsecTrustAnchorsRowStatus      RowStatus,
    tIPsecTrustAnchorsLastChgd       TimeStamp
}

tIPsecTrustAnchorsCAProfile      OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTrustAnchorsCAProfile specifies a specific IPsec
         trust anchor certificate profile name."
    ::= { tIPsecTrustAnchorsEntry 1 }

tIPsecTrustAnchorsRowStatus      OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTrustAnchorsRowStatus controls the creation and
         deletion of rows in the table."
    ::= { tIPsecTrustAnchorsEntry 2 }

tIPsecTrustAnchorsLastChgd       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTrustAnchorsLastChgd indicates the sysUpTime at the
         time of the most recent management-initiated change to this entry."
    ::= { tIPsecTrustAnchorsEntry 3 }

tIPsecRUSATrafficSelTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRUSATrafficSelEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecRUSATrafficSelTable stores the IPsec remote-user dynamic SA
         traffic selector entries."
    ::= { tmnxIPsecObjects 53 }

tIPsecRUSATrafficSelEntry        OBJECT-TYPE
    SYNTAX      TIPsecRUSATrafficSelEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecRUSATrafficSelEntry maintains information about a single
         IPsec remote-user SA traffic selector entry."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecRUTnlInetAddrType,
        tIPsecRUTnlInetAddress,
        tIPsecRUTnlPort,
        tIPsecRUSAId,
        tIPsecRUSADirection,
        tIPsecRUSAIndex,
        tIPsecRUSATrafficSelSide,
        tIPsecRUSATrafficSelFrAddrType,
        tIPsecRUSATrafficSelFrAddr,
        tIPsecRUSATrafficSelToAddrType,
        tIPsecRUSATrafficSelToAddr,
        tIPsecRUSATrafficSelMinPort,
        tIPsecRUSATrafficSelMaxPort,
        tIPsecRUSATrafficSelProtocolId
    }
    ::= { tIPsecRUSATrafficSelTable 1 }

TIPsecRUSATrafficSelEntry        ::= SEQUENCE
{
    tIPsecRUSATrafficSelSide         TmnxIpsecTrafficSelSide,
    tIPsecRUSATrafficSelFrAddrType   InetAddressType,
    tIPsecRUSATrafficSelFrAddr       InetAddress,
    tIPsecRUSATrafficSelToAddrType   InetAddressType,
    tIPsecRUSATrafficSelToAddr       InetAddress,
    tIPsecRUSATrafficSelLastChgd     TimeStamp,
    tIPsecRUSATrafficSelMinPort      InetPortNumber,
    tIPsecRUSATrafficSelMaxPort      InetPortNumber,
    tIPsecRUSATrafficSelProtocolId   Unsigned32
}

tIPsecRUSATrafficSelSide         OBJECT-TYPE
    SYNTAX      TmnxIpsecTrafficSelSide
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSATrafficSelSide specifies the side to which the
         traffic selector entry pertains."
    ::= { tIPsecRUSATrafficSelEntry 1 }

tIPsecRUSATrafficSelFrAddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSATrafficSelFrAddrType specifies the address type
         of the beginning address of the range for this traffic selector entry."
    ::= { tIPsecRUSATrafficSelEntry 2 }

tIPsecRUSATrafficSelFrAddr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSATrafficSelFrAddr specifies the beginning
         address of the range for this traffic selector entry."
    ::= { tIPsecRUSATrafficSelEntry 3 }

tIPsecRUSATrafficSelToAddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSATrafficSelToAddrType specifies the address type
         of the end address of the range for this traffic selector entry."
    ::= { tIPsecRUSATrafficSelEntry 4 }

tIPsecRUSATrafficSelToAddr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSATrafficSelToAddr specifies the end address of
         the range for this traffic selector entry."
    ::= { tIPsecRUSATrafficSelEntry 5 }

tIPsecRUSATrafficSelLastChgd     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSATrafficSelLastChgd indicates the sysUpTime at
         the time of the most recent management-initiated change to this entry."
    ::= { tIPsecRUSATrafficSelEntry 6 }

tIPsecRUSATrafficSelMinPort      OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSATrafficSelMinPort specifies the minimum port
         number of the range for this IPsec traffic selector entry.

         When the value of tIPsecRUSATrafficSelMinPort is '0' and the value of
         tIPsecRUSATrafficSelMaxPort is '65535', it means that the IPsec
         traffic selector accepts any port number.

         When the value of tIPsecRUSATrafficSelProtocolId is '1' (ICMP) or '58'
         (ICMPv6), the bits from 0 to 7 of tIPsecRUSATrafficSelMinPort
         represent the minimum ICMP/ICMPv6 code and the bits from 8 to 15
         represent the minimum ICMP/ICMPv6 type."
    ::= { tIPsecRUSATrafficSelEntry 7 }

tIPsecRUSATrafficSelMaxPort      OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSATrafficSelMaxPort specifies the maximum port
         number of the range for this IPsec traffic selector entry.

         When the value of tIPsecRUSATrafficSelMaxPort is '0' and the value of
         tIPsecRUSATrafficSelMinPort is '65535', it means that the IPsec
         traffic selector accepts the packet only when the corresponding port
         field is unavailable.

         When the value of tIPsecRUSATrafficSelProtocolId is '1' (ICMP) or '58'
         (ICMPv6), the bits from 0 to 7 of tIPsecRUSATrafficSelMaxPort
         represent the maximum ICMP/ICMPv6 code and the bits from 8 to 15
         represent the maximum ICMP/ICMPv6 type."
    ::= { tIPsecRUSATrafficSelEntry 8 }

tIPsecRUSATrafficSelProtocolId   OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 1..255)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSATrafficSelProtocolId specifies the IP protocol
         number for this IPsec traffic selector entry.

         A value of zero specifies that the IPsec traffic selector will accept
         packets for any protocol."
    ::= { tIPsecRUSATrafficSelEntry 9 }

tmnxIPsecGWDhcpTblLastChgd       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpTblLastChgd indicates the sysUpTime at the
         time of the last modification of tmnxIPsecGWDhcpTable.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 54 }

tmnxIPsecGWDhcpTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecGWDhcpEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table that contains SAP IPSec gateway DHCP information."
    ::= { tmnxIPsecObjects 55 }

tmnxIPsecGWDhcpEntry             OBJECT-TYPE
    SYNTAX      TmnxIPsecGWDhcpEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a SAP IPSec gateway DHCP."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue
    }
    ::= { tmnxIPsecGWDhcpTable 1 }

TmnxIPsecGWDhcpEntry             ::= SEQUENCE
{
    tmnxIPsecGWDhcpRowStatus         RowStatus,
    tmnxIPsecGWDhcpLastChgd          TimeStamp,
    tmnxIPsecGWDhcpAdminState        TmnxAdminState,
    tmnxIPsecGWDhcpGiAddrType        InetAddressType,
    tmnxIPsecGWDhcpGiAddr            InetAddress,
    tmnxIPsecGWDhcpSendRelease       TruthValue,
    tmnxIPsecGWDhcpServiceId         TmnxServId,
    tmnxIPsecGWDhcpRouterId          TmnxVRtrIDOrZero,
    tmnxIPsecGWDhcpSrvr1AddrType     InetAddressType,
    tmnxIPsecGWDhcpSrvr1Addr         InetAddress,
    tmnxIPsecGWDhcpSrvr2AddrType     InetAddressType,
    tmnxIPsecGWDhcpSrvr2Addr         InetAddress,
    tmnxIPsecGWDhcpSrvr3AddrType     InetAddressType,
    tmnxIPsecGWDhcpSrvr3Addr         InetAddress,
    tmnxIPsecGWDhcpSrvr4AddrType     InetAddressType,
    tmnxIPsecGWDhcpSrvr4Addr         InetAddress,
    tmnxIPsecGWDhcpSrvr5AddrType     InetAddressType,
    tmnxIPsecGWDhcpSrvr5Addr         InetAddress,
    tmnxIPsecGWDhcpSrvr6AddrType     InetAddressType,
    tmnxIPsecGWDhcpSrvr6Addr         InetAddress,
    tmnxIPsecGWDhcpSrvr7AddrType     InetAddressType,
    tmnxIPsecGWDhcpSrvr7Addr         InetAddress,
    tmnxIPsecGWDhcpSrvr8AddrType     InetAddressType,
    tmnxIPsecGWDhcpSrvr8Addr         InetAddress,
    tmnxIPsecGWDhcpServiceName       TLNamedItemOrEmpty
}

tmnxIPsecGWDhcpRowStatus         OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpRowStatus controls the creation and
         deletion of rows in the table."
    ::= { tmnxIPsecGWDhcpEntry 1 }

tmnxIPsecGWDhcpLastChgd          OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpLastChgd indicates the value of sysUpTime
         at the time of the last management change of any writable object of
         this row."
    ::= { tmnxIPsecGWDhcpEntry 2 }

tmnxIPsecGWDhcpAdminState        OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpAdminState specifies the administrative
         state of SAP IPSec gateway DHCP entry."
    DEFVAL      { outOfService }
    ::= { tmnxIPsecGWDhcpEntry 3 }

tmnxIPsecGWDhcpGiAddrType        OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpGiAddrType specifies the address type of
         address in tmnxIPsecGWDhcpGiAddr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpEntry 4 }

tmnxIPsecGWDhcpGiAddr            OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpGiAddr specifies the address of the
         gateway interface on this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpEntry 5 }

tmnxIPsecGWDhcpSendRelease       OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSendRelease specifies whether to send DHCP
         release message when tunnel is removed on this SAP IPSec gateway."
    DEFVAL      { true }
    ::= { tmnxIPsecGWDhcpEntry 6 }

tmnxIPsecGWDhcpServiceId         OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpServiceId specifies the service identifier
         whose virtual router provides reachability to the DHCP server
         addresses configured in the 'tmnxIPsecGWDhcpSrvrXAddr' objects.

         In order to specify a virtual router, exactly one of
         tmnxIPsecGWDhcpServiceId, tmnxIPsecGWDhcpServiceName and
         tmnxIPsecGWDhcpRouterId must be configured to a non-default value. For
         example, when the value of tmnxIPsecGWDhcpServiceId is default, the
         virtual router must be specified using tmnxIPsecGWDhcpServiceName or
         tmnxIPsecGWDhcpRouterId.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the DHCP servers."
    DEFVAL      { 0 }
    ::= { tmnxIPsecGWDhcpEntry 7 }

tmnxIPsecGWDhcpRouterId          OBJECT-TYPE
    SYNTAX      TmnxVRtrIDOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpRouterId specifies the virtual router
         instance that provides reachability to the DHCP server addresses
         configured in the 'tmnxIPsecGWDhcpSrvrXAddr' objects.

         In order to specify a virtual router, exactly one of
         tmnxIPsecGWDhcpServiceId, tmnxIPsecGWDhcpServiceName and
         tmnxIPsecGWDhcpRouterId must be configured to a non-default value. For
         example, when the value of tmnxIPsecGWDhcpRouterId is default, the
         virtual router must be specified using tmnxIPsecGWDhcpServiceId or
         tmnxIPsecGWDhcpServiceName.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the DHCP servers.

         Only those IDs corresponding to the 'Base' virtual routers may be set
         in this object. Refer to the vRtrName object from TIMETRA-VRTR-MIB.mib"
    DEFVAL      { 0 }
    ::= { tmnxIPsecGWDhcpEntry 8 }

tmnxIPsecGWDhcpSrvr1AddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr1AddrType specifies the address type
         of address in tmnxIPsecGWDhcpSrvr1Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpEntry 9 }

tmnxIPsecGWDhcpSrvr1Addr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr1Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpEntry 10 }

tmnxIPsecGWDhcpSrvr2AddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr2AddrType specifies the address type
         of address in tmnxIPsecGWDhcpSrvr2Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpEntry 11 }

tmnxIPsecGWDhcpSrvr2Addr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr2Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpEntry 12 }

tmnxIPsecGWDhcpSrvr3AddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr3AddrType specifies the address type
         of address in tmnxIPsecGWDhcpSrvr3Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpEntry 13 }

tmnxIPsecGWDhcpSrvr3Addr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr3Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpEntry 14 }

tmnxIPsecGWDhcpSrvr4AddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr4AddrType specifies the address type
         of address in tmnxIPsecGWDhcpSrvr4Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpEntry 15 }

tmnxIPsecGWDhcpSrvr4Addr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr4Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpEntry 16 }

tmnxIPsecGWDhcpSrvr5AddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr5AddrType specifies the address type
         of address in tmnxIPsecGWDhcpSrvr5Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpEntry 17 }

tmnxIPsecGWDhcpSrvr5Addr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr5Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpEntry 18 }

tmnxIPsecGWDhcpSrvr6AddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr6AddrType specifies the address type
         of address in tmnxIPsecGWDhcpSrvr6Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpEntry 19 }

tmnxIPsecGWDhcpSrvr6Addr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr6Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpEntry 20 }

tmnxIPsecGWDhcpSrvr7AddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr7AddrType specifies the address type
         of address in tmnxIPsecGWDhcpSrvr7Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpEntry 21 }

tmnxIPsecGWDhcpSrvr7Addr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr7Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpEntry 22 }

tmnxIPsecGWDhcpSrvr8AddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr8AddrType specifies the address type
         of address in tmnxIPsecGWDhcpSrvr8Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpEntry 23 }

tmnxIPsecGWDhcpSrvr8Addr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpSrvr8Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpEntry 24 }

tmnxIPsecGWDhcpServiceName       OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpServiceName specifies the service name
         whose virtual router provides reachability to the DHCP server
         addresses configured in the 'tmnxIPsecGWDhcpSrvrXAddr' objects.

         In order to specify a virtual router, exactly one of
         tmnxIPsecGWDhcpServiceId, tmnxIPsecGWDhcpServiceName and
         tmnxIPsecGWDhcpRouterId must be configured to a non-default value. For
         example, when the value of tmnxIPsecGWDhcpServiceName is default, the
         virtual router must be specified using tmnxIPsecGWDhcpServiceId or
         tmnxIPsecGWDhcpRouterId.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the DHCP servers."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpEntry 25 }

tIPsecGWLclAddrAssignTblLastChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignTblLastChgd indicates the sysUpTime
         at the time of the last modification of tIPsecGWLclAddrAssignTable.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 56 }

tIPsecGWLclAddrAssignTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecGWLclAddrAssignEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecGWLclAddrAssignTable maintains Local-Address-Assignment
         information for all SAP IPSec gateways."
    ::= { tmnxIPsecObjects 57 }

tIPsecGWLclAddrAssignEntry       OBJECT-TYPE
    SYNTAX      TIPsecGWLclAddrAssignEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecGWLclAddrAssignEntry maintains Local-Address-Assignment
         information for specific SAP IPSec gateway."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue
    }
    ::= { tIPsecGWLclAddrAssignTable 1 }

TIPsecGWLclAddrAssignEntry       ::= SEQUENCE
{
    tIPsecGWLclAddrAssignRowStatus   RowStatus,
    tIPsecGWLclAddrAssignLastChgd    TimeStamp,
    tIPsecGWLclAddrAssignAdminState  TmnxAdminState,
    tIPsecGWLclAddrAssignIp4SrvrName TNamedItemOrEmpty,
    tIPsecGWLclAddrAssignIp4SrvrSvc  TmnxServId,
    tIPsecGWLclAddrAssignIp4SrvrRtr  TmnxVRtrIDOrZero,
    tIPsecGWLclAddrAssignIp4PoolName TNamedItemOrEmpty,
    tIPsecGWLclAddrAssignIp6SrvrName TNamedItemOrEmpty,
    tIPsecGWLclAddrAssignIp6SrvrSvc  TmnxServId,
    tIPsecGWLclAddrAssignIp6SrvrRtr  TmnxVRtrIDOrZero,
    tIPsecGWLclAddrAssignIp6PoolName TNamedItemOrEmpty,
    tIPsecGWLclAddrAssignIp4PoolNam2 TNamedItemOrEmpty,
    tIPsecGWLclAddrAssignIp4SrvrSvcN TLNamedItemOrEmpty,
    tIPsecGWLclAddrAssignIp6SrvrSvcN TLNamedItemOrEmpty
}

tIPsecGWLclAddrAssignRowStatus   OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignRowStatus controls the creation and
         deletion of rows in the table."
    ::= { tIPsecGWLclAddrAssignEntry 1 }

tIPsecGWLclAddrAssignLastChgd    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignLastChgd indicates the value of
         sysUpTime at the time of the last management change of any writable
         object of this row."
    ::= { tIPsecGWLclAddrAssignEntry 2 }

tIPsecGWLclAddrAssignAdminState  OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignAdminState specifies the
         administrative state of SAP IPSec gateway DHCP entry."
    DEFVAL      { outOfService }
    ::= { tIPsecGWLclAddrAssignEntry 3 }

tIPsecGWLclAddrAssignIp4SrvrName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp4SrvrName specifies the name of
         the Local-Address-Assignment server associated with this SAP IPSec
         gateway."
    DEFVAL      { ''H }
    ::= { tIPsecGWLclAddrAssignEntry 4 }

tIPsecGWLclAddrAssignIp4SrvrSvc  OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp4SrvrSvc specifies the service
         identifier whose virtual router provides reachability to the
         local-address-assignment server address configured in the
         tIPsecGWLclAddrAssignIp4SrvrName object.

         In order to specify a virtual router, exactly one of
         tIPsecGWLclAddrAssignIp4SrvrSvc, tIPsecGWLclAddrAssignIp4SrvrSvcN and
         tIPsecGWLclAddrAssignIp4SrvrRtr must be configured to a non-default
         value. For example, when the value of tIPsecGWLclAddrAssignIp4SrvrSvc
         is default, the virtual router must be specified using
         tIPsecGWLclAddrAssignIp4SrvrSvcN or tIPsecGWLclAddrAssignIp4SrvrRtr.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the local address assignment
         server."
    DEFVAL      { 0 }
    ::= { tIPsecGWLclAddrAssignEntry 5 }

tIPsecGWLclAddrAssignIp4SrvrRtr  OBJECT-TYPE
    SYNTAX      TmnxVRtrIDOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp4SrvrRtr specifies the virtual
         router instance that provides reachability to the
         local-address-assignment server address configured in the
         tIPsecGWLclAddrAssignIp4SrvrName object.

         In order to specify a virtual router, exactly one of
         tIPsecGWLclAddrAssignIp4SrvrSvc, tIPsecGWLclAddrAssignIp4SrvrSvcN and
         tIPsecGWLclAddrAssignIp4SrvrRtr must be configured to a non-default
         value. For example, when the value of tIPsecGWLclAddrAssignIp4SrvrRtr
         is default, the virtual router must be specified using
         tIPsecGWLclAddrAssignIp4SrvrSvc or tIPsecGWLclAddrAssignIp4SrvrSvcN.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the local address assignment
         server.

         Only those IDs corresponding to the 'Base', 'management', and
         'vpls-management' virtual routers may be set in this object.  Refer
         to the vRtrName object from TIMETRA-VRTR-MIB.mib"
    DEFVAL      { 0 }
    ::= { tIPsecGWLclAddrAssignEntry 6 }

tIPsecGWLclAddrAssignIp4PoolName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp4PoolName specifies the name of
         the primary IPv4 Local-Address-Assignment pool associated with this
         IPsec gateway."
    DEFVAL      { ''H }
    ::= { tIPsecGWLclAddrAssignEntry 7 }

tIPsecGWLclAddrAssignIp6SrvrName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp6SrvrName specifies the name of
         the Local-Address-Assignment server associated with this SAP IPSec
         gateway."
    DEFVAL      { ''H }
    ::= { tIPsecGWLclAddrAssignEntry 8 }

tIPsecGWLclAddrAssignIp6SrvrSvc  OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp6SrvrSvc specifies the service
         identifier whose virtual router provides reachability to the
         local-address-assignment server address configured in the
         tIPsecGWLclAddrAssignIp6SrvrName object.

         In order to specify a virtual router, exactly one of
         tIPsecGWLclAddrAssignIp6SrvrSvc, tIPsecGWLclAddrAssignIp6SrvrSvcN and
         tIPsecGWLclAddrAssignIp6SrvrRtr must be configured to a non-default
         value. For example, when the value of tIPsecGWLclAddrAssignIp6SrvrSvc
         is default, the virtual router must be specified using
         tIPsecGWLclAddrAssignIp6SrvrSvcN or tIPsecGWLclAddrAssignIp6SrvrRtr.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the local address assignment
         server."
    DEFVAL      { 0 }
    ::= { tIPsecGWLclAddrAssignEntry 9 }

tIPsecGWLclAddrAssignIp6SrvrRtr  OBJECT-TYPE
    SYNTAX      TmnxVRtrIDOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp6SrvrRtr specifies the virtual
         router instance that provides reachability to the
         local-address-assignment server address configured in the
         tIPsecGWLclAddrAssignIp6SrvrName object.

         In order to specify a virtual router, exactly one of
         tIPsecGWLclAddrAssignIp6SrvrSvc, tIPsecGWLclAddrAssignIp6SrvrSvcN and
         tIPsecGWLclAddrAssignIp6SrvrRtr must be configured to a non-default
         value. For example, when the value of tIPsecGWLclAddrAssignIp6SrvrRtr
         is default, the virtual router must be specified using
         tIPsecGWLclAddrAssignIp6SrvrSvc or tIPsecGWLclAddrAssignIp6SrvrSvcN.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the local address assignment
         server.

         Only those IDs corresponding to the 'Base', 'management', and
         'vpls-management' virtual routers may be set in this object.  Refer
         to the vRtrName object from TIMETRA-VRTR-MIB.mib"
    DEFVAL      { 0 }
    ::= { tIPsecGWLclAddrAssignEntry 10 }

tIPsecGWLclAddrAssignIp6PoolName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp6PoolName specifies the name of
         the primary IPv6 Local-Address-Assignment pool associated with this
         IPsec gateway."
    DEFVAL      { ''H }
    ::= { tIPsecGWLclAddrAssignEntry 11 }

tIPsecGWLclAddrAssignIp4PoolNam2 OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp4PoolNam2 specifies the name of
         the secondary IPv4 Local-Address-Assignment pool associated with this
         IPsec gateway.

         The secondary pool will be used when all addresses in the primary pool
         (tIPsecGWLclAddrAssignIp4PoolName) are assigned.

         When tIPsecGWLclAddrAssignIp4PoolName is not configured,
         tIPsecGWLclAddrAssignIp4PoolNam2 also cannot be configured.

         When tIPsecGWLclAddrAssignIp4PoolName is configured,
         tIPsecGWLclAddrAssignIp4PoolNam2 cannot be set the the same value as
         tIPsecGWLclAddrAssignIp4PoolName."
    DEFVAL      { ''H }
    ::= { tIPsecGWLclAddrAssignEntry 12 }

tIPsecGWLclAddrAssignIp4SrvrSvcN OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp4SrvrSvcN specifies the service
         name whose virtual router provides reachability to the
         local-address-assignment server address configured in the
         tIPsecGWLclAddrAssignIp4SrvrName object.

         In order to specify a virtual router, exactly one of
         tIPsecGWLclAddrAssignIp4SrvrSvc, tIPsecGWLclAddrAssignIp4SrvrSvcN and
         tIPsecGWLclAddrAssignIp4SrvrRtr must be configured to a non-default
         value. For example, when the value of tIPsecGWLclAddrAssignIp4SrvrSvcN
         is default, the virtual router must be specified using
         tIPsecGWLclAddrAssignIp4SrvrSvc or tIPsecGWLclAddrAssignIp4SrvrRtr.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the local address assignment
         server."
    DEFVAL      { ''H }
    ::= { tIPsecGWLclAddrAssignEntry 14 }

tIPsecGWLclAddrAssignIp6SrvrSvcN OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecGWLclAddrAssignIp6SrvrSvcN specifies the service
         name whose virtual router provides reachability to the
         local-address-assignment server address configured in the
         tIPsecGWLclAddrAssignIp6SrvrName object.

         In order to specify a virtual router, exactly one of
         tIPsecGWLclAddrAssignIp6SrvrSvc, tIPsecGWLclAddrAssignIp6SrvrSvcN and
         tIPsecGWLclAddrAssignIp6SrvrRtr must be configured to a non-default
         value. For example, when the value of tIPsecGWLclAddrAssignIp6SrvrSvcN
         is default, the virtual router must be specified using
         tIPsecGWLclAddrAssignIp6SrvrSvc or tIPsecGWLclAddrAssignIp6SrvrRtr.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the local address assignment
         server."
    DEFVAL      { ''H }
    ::= { tIPsecGWLclAddrAssignEntry 15 }

tmnxIPsecGWDhcpV6TblLastChgd     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6TblLastChgd indicates the sysUpTime at
         the time of the last modification of tmnxIPsecGWDhcpV6Table.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 58 }

tmnxIPsecGWDhcpV6Table           OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecGWDhcpV6Entry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table that contains SAP IPSec gateway DHCPV6 information."
    ::= { tmnxIPsecObjects 59 }

tmnxIPsecGWDhcpV6Entry           OBJECT-TYPE
    SYNTAX      TmnxIPsecGWDhcpV6Entry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a SAP IPSec gateway DHCPV6."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue
    }
    ::= { tmnxIPsecGWDhcpV6Table 1 }

TmnxIPsecGWDhcpV6Entry           ::= SEQUENCE
{
    tmnxIPsecGWDhcpV6RowStatus       RowStatus,
    tmnxIPsecGWDhcpV6LastChgd        TimeStamp,
    tmnxIPsecGWDhcpV6AdminState      TmnxAdminState,
    tmnxIPsecGWDhcpV6LinkAddrType    InetAddressType,
    tmnxIPsecGWDhcpV6LinkAddr        InetAddress,
    tmnxIPsecGWDhcpV6SendRelease     TruthValue,
    tmnxIPsecGWDhcpV6ServiceId       TmnxServId,
    tmnxIPsecGWDhcpV6RouterId        TmnxVRtrIDOrZero,
    tmnxIPsecGWDhcpV6Srvr1AddrType   InetAddressType,
    tmnxIPsecGWDhcpV6Srvr1Addr       InetAddress,
    tmnxIPsecGWDhcpV6Srvr2AddrType   InetAddressType,
    tmnxIPsecGWDhcpV6Srvr2Addr       InetAddress,
    tmnxIPsecGWDhcpV6Srvr3AddrType   InetAddressType,
    tmnxIPsecGWDhcpV6Srvr3Addr       InetAddress,
    tmnxIPsecGWDhcpV6Srvr4AddrType   InetAddressType,
    tmnxIPsecGWDhcpV6Srvr4Addr       InetAddress,
    tmnxIPsecGWDhcpV6Srvr5AddrType   InetAddressType,
    tmnxIPsecGWDhcpV6Srvr5Addr       InetAddress,
    tmnxIPsecGWDhcpV6Srvr6AddrType   InetAddressType,
    tmnxIPsecGWDhcpV6Srvr6Addr       InetAddress,
    tmnxIPsecGWDhcpV6Srvr7AddrType   InetAddressType,
    tmnxIPsecGWDhcpV6Srvr7Addr       InetAddress,
    tmnxIPsecGWDhcpV6Srvr8AddrType   InetAddressType,
    tmnxIPsecGWDhcpV6Srvr8Addr       InetAddress,
    tmnxIPsecGWDhcpV6ServiceName     TLNamedItemOrEmpty
}

tmnxIPsecGWDhcpV6RowStatus       OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6RowStatus controls the creation and
         deletion of rows in the table."
    ::= { tmnxIPsecGWDhcpV6Entry 1 }

tmnxIPsecGWDhcpV6LastChgd        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6LastChgd indicates the value of
         sysUpTime at the time of the last management change of any writable
         object of this row."
    ::= { tmnxIPsecGWDhcpV6Entry 2 }

tmnxIPsecGWDhcpV6AdminState      OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6AdminState specifies the administrative
         state of SAP IPSec gateway DHCP entry."
    DEFVAL      { outOfService }
    ::= { tmnxIPsecGWDhcpV6Entry 3 }

tmnxIPsecGWDhcpV6LinkAddrType    OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6LinkAddrType specifies the address type
         of address in tmnxIPsecGWDhcpV6LinkAddr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpV6Entry 4 }

tmnxIPsecGWDhcpV6LinkAddr        OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6LinkAddr specifies the address of the
         gateway interface on this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpV6Entry 5 }

tmnxIPsecGWDhcpV6SendRelease     OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6SendRelease specifies whether to send
         DHCP release message when tunnel is removed on this SAP IPSec gateway."
    DEFVAL      { true }
    ::= { tmnxIPsecGWDhcpV6Entry 6 }

tmnxIPsecGWDhcpV6ServiceId       OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6ServiceId specifies the service
         identifier whose virtual router provides reachability to the DHCP
         server addresses configured in the 'tmnxIPsecGWDhcpV6SrvrXAddr'
         objects.

         In order to specify a virtual router, exactly one of
         tmnxIPsecGWDhcpV6ServiceId, tmnxIPsecGWDhcpV6ServiceName and
         tmnxIPsecGWDhcpV6RouterId must be configured to a non-default value.
         For example, when the value of tmnxIPsecGWDhcpV6ServiceId is default,
         the virtual router must be specified using
         tmnxIPsecGWDhcpV6ServiceName or tmnxIPsecGWDhcpV6RouterId.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the DHCP servers."
    DEFVAL      { 0 }
    ::= { tmnxIPsecGWDhcpV6Entry 7 }

tmnxIPsecGWDhcpV6RouterId        OBJECT-TYPE
    SYNTAX      TmnxVRtrIDOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6RouterId specifies the virtual router
         instance that provides reachability to the DHCP server addresses
         configured in the 'tmnxIPsecGWDhcpV6SrvrXAddr' objects.

         In order to specify a virtual router, exactly one of
         tmnxIPsecGWDhcpV6ServiceId, tmnxIPsecGWDhcpV6ServiceName and
         tmnxIPsecGWDhcpV6RouterId must be configured to a non-default value.
         For example, when the value of tmnxIPsecGWDhcpV6RouterId is default,
         the virtual router must be specified using tmnxIPsecGWDhcpV6ServiceId
         or tmnxIPsecGWDhcpV6ServiceName.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the DHCP servers.

         Only those IDs corresponding to the 'Base', 'management', and
         'vpls-management' virtual routers may be set in this object.  Refer
         to the vRtrName object from TIMETRA-VRTR-MIB.mib"
    DEFVAL      { 0 }
    ::= { tmnxIPsecGWDhcpV6Entry 8 }

tmnxIPsecGWDhcpV6Srvr1AddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr1AddrType specifies the address type
         of address in tmnxIPsecGWDhcpV6Srvr1Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpV6Entry 9 }

tmnxIPsecGWDhcpV6Srvr1Addr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr1Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpV6Entry 10 }

tmnxIPsecGWDhcpV6Srvr2AddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr2AddrType specifies the address type
         of address in tmnxIPsecGWDhcpV6Srvr2Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpV6Entry 11 }

tmnxIPsecGWDhcpV6Srvr2Addr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr2Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpV6Entry 12 }

tmnxIPsecGWDhcpV6Srvr3AddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr3AddrType specifies the address type
         of address in tmnxIPsecGWDhcpV6Srvr3Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpV6Entry 13 }

tmnxIPsecGWDhcpV6Srvr3Addr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr3Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpV6Entry 14 }

tmnxIPsecGWDhcpV6Srvr4AddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr4AddrType specifies the address type
         of address in tmnxIPsecGWDhcpV6Srvr4Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpV6Entry 15 }

tmnxIPsecGWDhcpV6Srvr4Addr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr4Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpV6Entry 16 }

tmnxIPsecGWDhcpV6Srvr5AddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr5AddrType specifies the address type
         of address in tmnxIPsecGWDhcpV6Srvr5Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpV6Entry 17 }

tmnxIPsecGWDhcpV6Srvr5Addr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr5Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpV6Entry 18 }

tmnxIPsecGWDhcpV6Srvr6AddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr6AddrType specifies the address type
         of address in tmnxIPsecGWDhcpV6Srvr6Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpV6Entry 19 }

tmnxIPsecGWDhcpV6Srvr6Addr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr6Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpV6Entry 20 }

tmnxIPsecGWDhcpV6Srvr7AddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr7AddrType specifies the address type
         of address in tmnxIPsecGWDhcpV6Srvr7Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpV6Entry 21 }

tmnxIPsecGWDhcpV6Srvr7Addr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr7Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpV6Entry 22 }

tmnxIPsecGWDhcpV6Srvr8AddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr8AddrType specifies the address type
         of address in tmnxIPsecGWDhcpV6Srvr8Addr."
    DEFVAL      { unknown }
    ::= { tmnxIPsecGWDhcpV6Entry 23 }

tmnxIPsecGWDhcpV6Srvr8Addr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6Srvr8Addr specifies the DHCP server
         address associated with this SAP IPSec gateway."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpV6Entry 24 }

tmnxIPsecGWDhcpV6ServiceName     OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWDhcpV6ServiceName specifies the service name
         whose virtual router provides reachability to the DHCP server
         addresses configured in the 'tmnxIPsecGWDhcpV6SrvrXAddr' objects.

         In order to specify a virtual router, exactly one of
         tmnxIPsecGWDhcpV6ServiceId, tmnxIPsecGWDhcpV6ServiceName and
         tmnxIPsecGWDhcpV6RouterId must be configured to a non-default value.
         For example, when the value of tmnxIPsecGWDhcpV6ServiceName is
         default, the virtual router must be specified using
         tmnxIPsecGWDhcpV6ServiceId or tmnxIPsecGWDhcpV6RouterId.

         When all of the three objects are default, remote user tunnels will
         fail to acquire the addresses from any of the DHCP servers."
    DEFVAL      { ''H }
    ::= { tmnxIPsecGWDhcpV6Entry 25 }

tIPsecTsListRmtEntryTblLastChgd  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryTblLastChgd indicates the time, since
         system startup, when tIPsecTsListRmtEntryTable last changed
         configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxIPsecObjects 60 }

tIPsecTsListRmtEntryTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecTsListRmtEntryEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecTsListRmtEntryTable contains objects used to configure
         instances of IPsec traffic selector list remote entries.

         Entries in this table are created and destroyed via SNMP SET
         operations to tIPsecTsListRmtEntryRowStatus."
    ::= { tmnxIPsecObjects 61 }

tIPsecTsListRmtEntryEntry        OBJECT-TYPE
    SYNTAX      TIPsecTsListRmtEntryEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecTsListRmtEntryEntry contains the configuration of one IPsec
         traffic selector list remote entry."
    INDEX       {
        tIPsecTsListName,
        tIPsecTsListRmtEntryId
    }
    ::= { tIPsecTsListRmtEntryTable 1 }

TIPsecTsListRmtEntryEntry        ::= SEQUENCE
{
    tIPsecTsListRmtEntryId           Unsigned32,
    tIPsecTsListRmtEntryRowStatus    RowStatus,
    tIPsecTsListRmtEntryLastChgd     TimeStamp,
    tIPsecTsListRmtEntryMinAddrType  InetAddressType,
    tIPsecTsListRmtEntryMinAddr      InetAddress,
    tIPsecTsListRmtEntryMaxAddrType  InetAddressType,
    tIPsecTsListRmtEntryMaxAddr      InetAddress,
    tIPsecTsListRmtEntryPfxAddrType  InetAddressType,
    tIPsecTsListRmtEntryPfxAddr      InetAddress,
    tIPsecTsListRmtEntryPfxLen       InetAddressPrefixLength,
    tIPsecTsListRmtEntryMinPort      InetPortNumber,
    tIPsecTsListRmtEntryMaxPort      InetPortNumber,
    tIPsecTsListRmtEntryMinMhType    Unsigned32,
    tIPsecTsListRmtEntryMaxMhType    Unsigned32,
    tIPsecTsListRmtEntryMinIcmpType  Unsigned32,
    tIPsecTsListRmtEntryMaxIcmpType  Unsigned32,
    tIPsecTsListRmtEntryMinIcmpCode  Unsigned32,
    tIPsecTsListRmtEntryMaxIcmpCode  Unsigned32,
    tIPsecTsListRmtEntryProtocolId   Integer32
}

tIPsecTsListRmtEntryId           OBJECT-TYPE
    SYNTAX      Unsigned32 (1..32)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryId specifies a unique identifier for
         one IPsec traffic selector remote entry configured in this system."
    ::= { tIPsecTsListRmtEntryEntry 1 }

tIPsecTsListRmtEntryRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryRowStatus specifies the status of
         this row. It is used to create and destroy rows in
         tIPsecTsListRmtEntryTable."
    ::= { tIPsecTsListRmtEntryEntry 2 }

tIPsecTsListRmtEntryLastChgd     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryLastChgd indicates the time, since
         system startup, when the configuration of this row was created or
         modified."
    ::= { tIPsecTsListRmtEntryEntry 3 }

tIPsecTsListRmtEntryMinAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMinAddrType specifies the address
         type of tIPsecTsListRmtEntryMinAddr.

         The values of tIPsecTsListRmtEntryMinAddrType and
         tIPsecTsListRmtEntryMaxAddrType must be the same.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryMinAddr, tIPsecTsListRmtEntryMaxAddrType and
         tIPsecTsListRmtEntryMaxAddr."
    DEFVAL      { unknown }
    ::= { tIPsecTsListRmtEntryEntry 4 }

tIPsecTsListRmtEntryMinAddr      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMinAddr specifies the minimum address
         of the range for this IPsec traffic selector list remote entry.

         The configurations of tIPsecTsListRmtEntryMinAddr and
         tIPsecTsListRmtEntryPfxAddr are mutually exclusive.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryMinAddrType, tIPsecTsListRmtEntryMaxAddrType and
         tIPsecTsListRmtEntryMaxAddr."
    DEFVAL      { ''H }
    ::= { tIPsecTsListRmtEntryEntry 5 }

tIPsecTsListRmtEntryMaxAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMaxAddrType specifies the address
         type of tIPsecTsListRmtEntryMaxAddr.

         The values of tIPsecTsListRmtEntryMaxAddrType and
         tIPsecTsListRmtEntryMinAddrType must be the same.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryMinAddr, tIPsecTsListRmtEntryMinAddrType and
         tIPsecTsListRmtEntryMaxAddr."
    DEFVAL      { unknown }
    ::= { tIPsecTsListRmtEntryEntry 6 }

tIPsecTsListRmtEntryMaxAddr      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMaxAddr specifies the maximum address
         of the range for this IPsec traffic selector list remote entry.

         The configurations of tIPsecTsListRmtEntryMaxAddr and
         tIPsecTsListRmtEntryPfxAddr are mutually exclusive.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryMinAddr, tIPsecTsListRmtEntryMinAddrType and
         tIPsecTsListRmtEntryMaxAddrType."
    DEFVAL      { ''H }
    ::= { tIPsecTsListRmtEntryEntry 7 }

tIPsecTsListRmtEntryPfxAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryPfxAddrType specifies the address
         type of tIPsecTsListRmtEntryPfxAddr.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryPfxAddr and tIPsecTsListRmtEntryPfxLen."
    DEFVAL      { unknown }
    ::= { tIPsecTsListRmtEntryEntry 8 }

tIPsecTsListRmtEntryPfxAddr      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryPfxAddr specifies the prefix address
         for this IPsec traffic selector list remote entry.

         The configuration of tIPsecTsListRmtEntryPfxAddr and that of
         tIPsecTsListRmtEntryMinAddr and tIPsecTsListRmtEntryMaxAddr are
         mutually exclusive.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryPfxAddrType and tIPsecTsListRmtEntryPfxLen."
    DEFVAL      { ''H }
    ::= { tIPsecTsListRmtEntryEntry 9 }

tIPsecTsListRmtEntryPfxLen       OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryPfxLen specifies the prefix length of
         the tIPsecTsListRmtEntryPfxAddr.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryPfxAddrType and tIPsecTsListRmtEntryPfxAddr."
    DEFVAL      { 0 }
    ::= { tIPsecTsListRmtEntryEntry 10 }

tIPsecTsListRmtEntryMinPort      OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMinPort specifies the minimum port of
         the range for this IPsec traffic selector list remote entry.

         tIPsecTsListRmtEntryMinPort is used for any Internet transport layer
         protocol except ICMP, ICMPv6 and MIPv6.

         When the value of tIPsecTsListRmtEntryMinPort is '0' and the value of
         tIPsecTsListRmtEntryMaxPort is '65535', it means that the IPsec
         traffic selector accepts any port number.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMaxPort."
    DEFVAL      { 0 }
    ::= { tIPsecTsListRmtEntryEntry 11 }

tIPsecTsListRmtEntryMaxPort      OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMaxPort specifies the maximum port of
         the range for this IPsec traffic selector list remote entry.

         tIPsecTsListRmtEntryMaxPort is used for any Internet transport layer
         protocol except ICMP, ICMPv6 and MIPv6.

         When the value of tIPsecTsListRmtEntryMaxPort is '0' and the value of
         tIPsecTsListRmtEntryMinPort is '65535', it means that the IPsec
         traffic selector accepts the packet only when the corresponding port
         field field is unavailable.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMinPort."
    DEFVAL      { 65535 }
    ::= { tIPsecTsListRmtEntryEntry 12 }

tIPsecTsListRmtEntryMinMhType    OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMinMhType specifies the minimum
         Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec
         traffic selector list remote entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMaxMhType."
    REFERENCE
        "'Mobility Header Types - for the MH Type field in the Mobility Header',
         http://www.iana.org/assignments/mobility-parameters/
         mobility-parameters.xhtml#mobility-parameters-1"
    DEFVAL      { 0 }
    ::= { tIPsecTsListRmtEntryEntry 13 }

tIPsecTsListRmtEntryMaxMhType    OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMaxMhType specifies the maximum
         Mobile IPv6 (MIPv6) mobility header type of the range for this IPsec
         traffic selector list remote entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryProtocolId and tIPsecTsListRmtEntryMinMhType."
    DEFVAL      { 0 }
    ::= { tIPsecTsListRmtEntryEntry 14 }

tIPsecTsListRmtEntryMinIcmpType  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMinIcmpType specifies the minimum
         ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector
         list remote entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMaxIcmpType,
         tIPsecTsListRmtEntryMinIcmpCode and tIPsecTsListRmtEntryMaxIcmpCode."
    REFERENCE
        "'Internet Control Message Protocol (ICMP) Parameters',
         http://www.iana.org/assignments/icmp-parameters/icmp-parameters.txt,
         April 2013, and
         'Internet Control Message Protocol version 6 (ICMPv6) Parameters',
         http://www.iana.org/assignments/icmpv6-parameters/
         icmpv6-parameters.xhtml, January 2015."
    DEFVAL      { 0 }
    ::= { tIPsecTsListRmtEntryEntry 15 }

tIPsecTsListRmtEntryMaxIcmpType  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMaxIcmpType specifies the maximum
         ICMPv4 or ICMPv6 type of the range for this IPsec traffic selector
         list remote entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMinIcmpType,
         tIPsecTsListRmtEntryMinIcmpCode and tIPsecTsListRmtEntryMaxIcmpCode."
    DEFVAL      { 0 }
    ::= { tIPsecTsListRmtEntryEntry 16 }

tIPsecTsListRmtEntryMinIcmpCode  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMinIcmpCode specifies the minimum
         ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector
         list remote entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMinIcmpType,
         tIPsecTsListRmtEntryMaxIcmpType and tIPsecTsListRmtEntryMaxIcmpCode."
    DEFVAL      { 0 }
    ::= { tIPsecTsListRmtEntryEntry 17 }

tIPsecTsListRmtEntryMaxIcmpCode  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryMaxIcmpCode specifies the maximum
         ICMPv4 or ICMPv6 code of the range for this IPsec traffic selector
         list remote entry.

         This value must be set in the same SNMP SET PDU as
         tIPsecTsListRmtEntryProtocolId, tIPsecTsListRmtEntryMinIcmpType,
         tIPsecTsListRmtEntryMaxIcmpType and tIPsecTsListRmtEntryMinIcmpCode."
    DEFVAL      { 0 }
    ::= { tIPsecTsListRmtEntryEntry 18 }

tIPsecTsListRmtEntryProtocolId   OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 0 | 1..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTsListRmtEntryProtocolId specifies the IP protocol
         number allowed by the IPsec traffic selector associated with this
         entry.

         A value of zero specifies that the IPsec traffic selector will accept
         packets for any protocol. A value of '-1' specifies that this IPsec
         traffic selector is not configured.

         When the value of tIPsecTsListRmtEntryProtocolId is any value between
         -1 and 255, except 1 (ICMP), 58 (ICMPv6) and 135 (MIPv6), this value
         must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinPort and
         tIPsecTsListRmtEntryMaxPort. Especially when the value of
         tIPsecTsListRmtEntryProtocolId is -1, tIPsecTsListRmtEntryMinPort and
         tIPsecTsListRmtEntryMaxPort must be 0 and 65535, respectively.

         When the value of tIPsecTsListRmtEntryProtocolId is any value between
         1 and 255, except 1 (ICMP), 58 (ICMPv6) and 135 (MIPv6), this value
         must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinPort and
         tIPsecTsListRmtEntryMaxPort.

         When the value of tIPsecTsListRmtEntryProtocolId is 1 or 58 this value
         must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinIcmpType,
         tIPsecTsListRmtEntryMaxIcmpType, tIPsecTsListRmtEntryMinIcmpCode and
         tIPsecTsListRmtEntryMaxIcmpCode.

         When the value of tIPsecTsListRmtEntryProtocolId is 135, this value
         must be set in the SNMP SET PDU as tIPsecTsListRmtEntryMinMhType and
         tIPsecTsListRmtEntryMaxMhType."
    DEFVAL      { -1 }
    ::= { tIPsecTsListRmtEntryEntry 19 }

tmnxIPsecLockoutClientTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecLockoutClientEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecLockoutClientTable contains the statistics information of
         IPsec lockout clients. IPsec lockout clients are ones who are not
         successfully pass the IKE authentication process."
    ::= { tmnxIPsecObjects 62 }

tmnxIPsecLockoutClientEntry      OBJECT-TYPE
    SYNTAX      TmnxIPsecLockoutClientEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each tmnxIPsecLockoutClientEntry contains the statistics information
         for one IPsec Lockout Client. tmnxCardSlotNum and tmnxMDASlotNum
         should be IPsec MDA."
    INDEX       {
        tmnxCardSlotNum,
        tmnxMDASlotNum,
        tmnxIPsecLockoutClientRtrId,
        tmnxIPsecLockoutClientLclGwAddrT,
        tmnxIPsecLockoutClientLclGwAddr,
        tmnxIPsecLockoutClientAddressTyp,
        tmnxIPsecLockoutClientAddress,
        tmnxIPsecLockoutClientPort
    }
    ::= { tmnxIPsecLockoutClientTable 1 }

TmnxIPsecLockoutClientEntry      ::= SEQUENCE
{
    tmnxIPsecLockoutClientRtrId      TmnxVRtrID,
    tmnxIPsecLockoutClientLclGwAddrT InetAddressType,
    tmnxIPsecLockoutClientLclGwAddr  InetAddress,
    tmnxIPsecLockoutClientAddressTyp InetAddressType,
    tmnxIPsecLockoutClientAddress    InetAddress,
    tmnxIPsecLockoutClientPort       InetPortNumber,
    tmnxIPsecLockoutClientStatus     TruthValue,
    tmnxIPsecLockoutClientFailAtempt Unsigned32,
    tmnxIPsecLockoutClientDroppedPkt Unsigned32,
    tmnxIPsecLockoutClientRemainTime Integer32
}

tmnxIPsecLockoutClientRtrId      OBJECT-TYPE
    SYNTAX      TmnxVRtrID
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecLockoutClientRtrId specifies the virtual router
         instance for IES or VPRN services.

         The value of tmnxIPsecLockoutClientRtrId is 1 for IES services."
    ::= { tmnxIPsecLockoutClientEntry 1 }

tmnxIPsecLockoutClientLclGwAddrT OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecLockoutClientLclGwAddrT specifies the address
         type of the local SAP IPSec gateway."
    ::= { tmnxIPsecLockoutClientEntry 2 }

tmnxIPsecLockoutClientLclGwAddr  OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecLockoutClientLclGwAddr specifies the IP address
         of the local SAP IPsec gateway."
    ::= { tmnxIPsecLockoutClientEntry 3 }

tmnxIPsecLockoutClientAddressTyp OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecLockoutClientAddressTyp specifies the address
         type of the lockout client."
    ::= { tmnxIPsecLockoutClientEntry 4 }

tmnxIPsecLockoutClientAddress    OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecLockoutClientAddress specifies the address of
         the lockout client."
    ::= { tmnxIPsecLockoutClientEntry 5 }

tmnxIPsecLockoutClientPort       OBJECT-TYPE
    SYNTAX      InetPortNumber
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecLockoutClientPort specifies the port number of
         the lockout client.

         The value of zero means that all ports under
         tmnxIPsecLockoutClientAddress are locked out."
    ::= { tmnxIPsecLockoutClientEntry 6 }

tmnxIPsecLockoutClientStatus     OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecLockoutClientStatus indicates whether a client
         is locked out by the system.

         The value of 'true (1)' indicates that the client is locked out and
         all IKE traffics from this client are rejected by the system. The
         value of 'false (2)' indicates that the system still accepts IKE
         traffic from this client; but the client has failed on certain IKE
         authentications."
    ::= { tmnxIPsecLockoutClientEntry 7 }

tmnxIPsecLockoutClientFailAtempt OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecLockoutClientFailAtempt indicates the number of
         failed authentication attempts from the lockout client within the
         lockout duration(i.e., tmnxIkePolicyLockoutDuration)."
    ::= { tmnxIPsecLockoutClientEntry 8 }

tmnxIPsecLockoutClientDroppedPkt OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecLockoutClientDroppedPkt indicates the number of
         dropped packets for the lockout client."
    ::= { tmnxIPsecLockoutClientEntry 9 }

tmnxIPsecLockoutClientRemainTime OBJECT-TYPE
    SYNTAX      Integer32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecLockoutClientRemainTime indicates the time
         remaining until this client is unblocked.

         The total block time is defined by tmnxIkePolicyLockoutBlock.

         A value of zero indicates that this client will never be unblocked. A
         value of -1 indicates that this client is not blocked."
    ::= { tmnxIPsecLockoutClientEntry 10 }

tIPsecRUTnlDhcpLeaseStatTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRUTnlDhcpLeaseStatEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecRUTnlDhcpLeaseStatTable contains the statistics information
         of the private IP address DHCP leases in the dynamic IPsec remote user
         tunnel.

         Refer to tIPsecRUTnlTable for the information of the dynamic IPsec
         remote user tunnel. Each tunnel has at most two private IP addresses
         (i.e., tIPsecRUTnlPrivateIpAddr and tIPsecRUTnlPrivateIpAddr2)."
    ::= { tmnxIPsecObjects 63 }

tIPsecRUTnlDhcpLeaseStatEntry    OBJECT-TYPE
    SYNTAX      TIPsecRUTnlDhcpLeaseStatEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecRUTnlDhcpLeaseStatEntry contains the statistics information
         of one private IP address DHCP lease in the dynamic IPsec remote user
         tunnel.

         Rows in this table are created when the value of
         tIPsecRUTnlPrivateIpAddr or tIPsecRUTnlPrivateIpAddr2 in the
         associated entry of tIPsecRUTnlTable is changed from all-zeros to any
         valid address that was obtained from a DHCP server. Rows in this table
         are destroyed when the associated entry is destroyed in
         tIPsecRUTnlTable."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecRUTnlInetAddrType,
        tIPsecRUTnlInetAddress,
        tIPsecRUTnlPort,
        tIPsecRUTnlDhcpLeaseStatPrivAddT,
        tIPsecRUTnlDhcpLeaseStatPrivAddr
    }
    ::= { tIPsecRUTnlDhcpLeaseStatTable 1 }

TIPsecRUTnlDhcpLeaseStatEntry    ::= SEQUENCE
{
    tIPsecRUTnlDhcpLeaseStatPrivAddT InetAddressType,
    tIPsecRUTnlDhcpLeaseStatPrivAddr InetAddress,
    tIPsecRUTnlDhcpLeaseStatSverAddT InetAddressType,
    tIPsecRUTnlDhcpLeaseStatSverAddr InetAddress,
    tIPsecRUTnlDhcpLeaseStatAcquirTm DateAndTime,
    tIPsecRUTnlDhcpLeaseStatRenewTm  DateAndTime,
    tIPsecRUTnlDhcpLeaseStatRebindTm DateAndTime,
    tIPsecRUTnlDhcpLeaseStatPrivPref DateAndTime,
    tIPsecRUTnlDhcpLeaseStatPrivVald DateAndTime
}

tIPsecRUTnlDhcpLeaseStatPrivAddT OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlDhcpLeaseStatPrivAddT specifies the address
         type of tIPsecRUTnlDhcpLeaseStatPrivAddr."
    ::= { tIPsecRUTnlDhcpLeaseStatEntry 1 }

tIPsecRUTnlDhcpLeaseStatPrivAddr OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlDhcpLeaseStatPrivAddr specifies the private IP
         address of the dynamic IPsec remote user tunnel. It can be either
         tIPsecRUTnlPrivateIpAddr or tIPsecRUTnlPrivateIpAddr2."
    ::= { tIPsecRUTnlDhcpLeaseStatEntry 2 }

tIPsecRUTnlDhcpLeaseStatSverAddT OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlDhcpLeaseStatSverAddT indicates the address
         type of tIPsecRUTnlDhcpLeaseStatSverAddr.

         The value of tIPsecRUTnlDhcpLeaseStatSverAddT is always equal to
         tIPsecRUTnlDhcpLeaseStatPrivAddT."
    ::= { tIPsecRUTnlDhcpLeaseStatEntry 3 }

tIPsecRUTnlDhcpLeaseStatSverAddr OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlDhcpLeaseStatSverAddr indicates the DHCP
         server address."
    ::= { tIPsecRUTnlDhcpLeaseStatEntry 4 }

tIPsecRUTnlDhcpLeaseStatAcquirTm OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlDhcpLeaseStatAcquirTm indicates the UTC date
         when the latest DHCP lease was acquired from the server. The address
         of the server is indicated by tIPsecRUTnlDhcpLeaseStatSverAddr.

         The value of tIPsecRUTnlDhcpLeaseStatAcquirTm can be the time when the
         private IP address (i.e., tIPsecRUTnlDhcpLeaseStatPrivAddr) of the
         dynamic IPsec user remote tunnel first obtained the DHCP lease, or the
         time when the lease was renewed or rebound."
    ::= { tIPsecRUTnlDhcpLeaseStatEntry 5 }

tIPsecRUTnlDhcpLeaseStatRenewTm  OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlDhcpLeaseStatRenewTm indicates the UTC date
         when the current DHCP lease needs to be renewed."
    ::= { tIPsecRUTnlDhcpLeaseStatEntry 6 }

tIPsecRUTnlDhcpLeaseStatRebindTm OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlDhcpLeaseStatRebindTm indicates the UTC date
         when the current DHCP lease needs to be rebound."
    ::= { tIPsecRUTnlDhcpLeaseStatEntry 7 }

tIPsecRUTnlDhcpLeaseStatPrivPref OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlDhcpLeaseStatPrivPref indicates the UTC date
         when the preferred lifetime of the private IP address (i.e.,
         tIPsecRUTnlDhcpLeaseStatPrivAddr) for the dynamic IPsec user remote
         tunnel will expire.

         In the preferred state, tIPsecRUTnlDhcpLeaseStatPrivAddr can be used
         without any restriction. Once the lifetime expires,
         tIPsecRUTnlDhcpLeaseStatPrivAddr is still valid, but needs to be
         renewed or rebound.

         The value of tIPsecRUTnlDhcpLeaseStatPrivPref is meaningless when
         tIPsecRUTnlDhcpLeaseStatSverAddT is 'ipv4 (1)'."
    REFERENCE
        "RFC 4862. 'IPv6 Stateless Address Autoconfiguration', IETF, September
         2007."
    ::= { tIPsecRUTnlDhcpLeaseStatEntry 8 }

tIPsecRUTnlDhcpLeaseStatPrivVald OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlDhcpLeaseStatPrivVald indicates the UTC date
         when the valid lifetime of the private IP address (i.e.,
         tIPsecRUTnlDhcpLeaseStatPrivAddr) for the dynamic IPsec user remote
         tunnel will expire.

         Once the valid lifetime expires, tIPsecRUTnlDhcpLeaseStatPrivAddr must
         be renewed or rebound."
    REFERENCE
        "RFC 4862. 'IPv6 Stateless Address Autoconfiguration', IETF, September
         2007."
    ::= { tIPsecRUTnlDhcpLeaseStatEntry 9 }

tIPsecClientDatabaseTableLstChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDatabaseTableLstChgd indicates the time,
         since system startup, when tIPsecClientDatabaseTable last changed
         configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxIPsecObjects 64 }

tIPsecClientDatabaseTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecClientDatabaseEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecClientDatabaseTable contains objects used to configure
         instances of IPsec client database entries.

         Each entry in this table specifies how the system matches the
         associated IPsec clients of this database.

         The IPsec clients are configured by tIPsecClientDBClientTable."
    ::= { tmnxIPsecObjects 65 }

tIPsecClientDatabaseEntry        OBJECT-TYPE
    SYNTAX      TIPsecClientDatabaseEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecClientDatabaseEntry contains the configuration of one
         instance of the IPsec client database entry.

         Entries in this table are created and destroyed via SNMP SET
         operations to tIPsecClientDatabaseRowStatus.

         The maximum number of entries in this table is 1000."
    INDEX       { tIPsecClientDatabaseName }
    ::= { tIPsecClientDatabaseTable 1 }

TIPsecClientDatabaseEntry        ::= SEQUENCE
{
    tIPsecClientDatabaseName         TNamedItem,
    tIPsecClientDatabaseLastChanged  TimeStamp,
    tIPsecClientDatabaseRowStatus    RowStatus,
    tIPsecClientDatabaseAdminState   TmnxAdminState,
    tIPsecClientDatabaseDescription  TItemDescription,
    tIPsecClientDatabaseMatchType    BITS
}

tIPsecClientDatabaseName         OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecClientDatabaseName specifies the name of this IPsec client
         database entry."
    ::= { tIPsecClientDatabaseEntry 1 }

tIPsecClientDatabaseLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDatabaseLastChanged indicates time, since
         system startup, that the configuration of this entry was created or
         modified."
    ::= { tIPsecClientDatabaseEntry 2 }

tIPsecClientDatabaseRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDatabaseRowStatus specifies the status of
         this entry. It is used to create and delete row entries in
         tIPsecClientDatabaseTable.

         In order to delete an entry, tIPsecClientDatabaseAdminState must first
         be set to 'outOfService (3)'."
    ::= { tIPsecClientDatabaseEntry 3 }

tIPsecClientDatabaseAdminState   OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDatabaseAdminState specifies the
         administrative state of this IPsec client database entry.

         tIPsecClientDatabaseAdminState can only be configured to 'inService
         (2)' if tIPsecClientDatabaseMatchType has non-default value.

         When the value of tIPsecClientDatabaseAdminState is 'outOfService
         (3)', the IPsec client matching is disabled."
    DEFVAL      { outOfService }
    ::= { tIPsecClientDatabaseEntry 4 }

tIPsecClientDatabaseDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDatabaseDescription specifies the description
         for this IPsec client database entry."
    DEFVAL      { "" }
    ::= { tIPsecClientDatabaseEntry 5 }

tIPsecClientDatabaseMatchType    OBJECT-TYPE
    SYNTAX      BITS {
        idi          (0),
        peerIpPrefix (1)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDatabaseMatchType specifies what types of
         values are used by the client ID for this IPsec client database entry.

         The system uses the client ID as the criteria to match an IPsec
         client.

         idi          (0) - Identification Initiator (IDi) in IKEv2
         peerIpPrefix (1) - Peer IP prefix address"
    DEFVAL      { {} }
    ::= { tIPsecClientDatabaseEntry 6 }

tIPsecClientDBClientTableLstChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientTableLstChgd indicates the time,
         since system startup, when tIPsecClientDBClientTable last changed
         configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxIPsecObjects 66 }

tIPsecClientDBClientTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecClientDBClientEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecClientDBClientTable contains objects used to configure
         instances of IPsec clients associated with an IPsec client database.

         The IPsec client database is configured by tIPsecClientDatabaseTable."
    ::= { tmnxIPsecObjects 67 }

tIPsecClientDBClientEntry        OBJECT-TYPE
    SYNTAX      TIPsecClientDBClientEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tIPsecClientDBClientEntry contains the configuration of one
         instance of the IPsec client associated with the IPsec client
         database.

         Entries in this table are created and destroyed via SNMP SET
         operations to tIPsecClientDBClientRowStatus.

         The maximum number of entries in this table is 8000."
    INDEX       {
        tIPsecClientDatabaseName,
        tIPsecClientDBClientIndex
    }
    ::= { tIPsecClientDBClientTable 1 }

TIPsecClientDBClientEntry        ::= SEQUENCE
{
    tIPsecClientDBClientIndex        Unsigned32,
    tIPsecClientDBClientLastChanged  TimeStamp,
    tIPsecClientDBClientRowStatus    RowStatus,
    tIPsecClientDBClientAdminState   TmnxAdminState,
    tIPsecClientDBClientName         TNamedItemOrEmpty,
    tIPsecClientDBClientIdIdiType    INTEGER,
    tIPsecClientDBClientIdIdiValue   DisplayString,
    tIPsecClientDBClientIdPeer4PfAny TruthValue,
    tIPsecClientDBClientIdPeer6PfAny TruthValue,
    tIPsecClientDBClientIdPeerPfxTyp InetAddressType,
    tIPsecClientDBClientIdPeerPfx    InetAddress,
    tIPsecClientDBClientIdPeerPfxLen InetAddressPrefixLength,
    tIPsecClientDBClientTnlTempltId  TmnxIPsecTunnelTemplateIdOrZero,
    tIPsecClientDBClientPrivateSvcId TmnxServId,
    tIPsecClientDBClientPrivIfName   TNamedItemOrEmpty,
    tIPsecClientDBClientTsListName   TNamedItemOrEmpty,
    tIPsecClientDBClientPreSharedKey OCTET STRING,
    tIPsecClientDBClientPrivateSvcNm TLNamedItemOrEmpty
}

tIPsecClientDBClientIndex        OBJECT-TYPE
    SYNTAX      Unsigned32 (1..8000)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientIndex specifies the index for this
         IPsec client entry."
    ::= { tIPsecClientDBClientEntry 1 }

tIPsecClientDBClientLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientLastChanged indicates time, since
         system startup, that the configuration of this entry was created or
         modified."
    ::= { tIPsecClientDBClientEntry 2 }

tIPsecClientDBClientRowStatus    OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientRowStatus specifies the status of
         this entry. It is used to create and delete row entries in
         tIPsecClientDBClientTable.

         In order to delete an entry, tIPsecClientDBClientAdminState must first
         be set to 'outOfService (3)'."
    ::= { tIPsecClientDBClientEntry 3 }

tIPsecClientDBClientAdminState   OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientAdminState specifies the
         administrative state of this IPsec client entry."
    DEFVAL      { outOfService }
    ::= { tIPsecClientDBClientEntry 4 }

tIPsecClientDBClientName         OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tIPsecClientDBClientName specifies the name of this IPsec client
         entry."
    DEFVAL      { "" }
    ::= { tIPsecClientDBClientEntry 5 }

tIPsecClientDBClientIdIdiType    OBJECT-TYPE
    SYNTAX      INTEGER {
        none         (1),
        any          (2),
        ipv4Pfx      (3),
        ipv4PfxAny   (4),
        ipv6Pfx      (5),
        ipv6PfxAny   (6),
        fqdn         (7),
        fqdnSuffix   (8),
        rfc822       (9),
        rfc822Suffix (10)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientIdIdiType specifies the type of IDi
         value (i.e., tIPsecClientDBClientIdIdiValue) for this IPsec client
         entry.

         none         - (1)  The IDi value is not used by the client ID
         any          - (2)  Any IDi value will be accepted by the system
         ipv4Pfx      - (3)  IDi value is a specific valid IPv4 prefix
         ipv4PfxAny   - (4)  IDi value is any valid IPv4 prefix
         ipv6Pfx      - (5)  IDi value is a specific valid IPv6 prefix
         ipv6PfxAny   - (6)  IDi value is any valid IPv6 prefix
         fqdn         - (7)  IDi value is an Fully Qualified Domain Name (FQDN)
         fqdnSuffix   - (8)  IDi value is an FQDN suffix
         rfc822       - (9)  IDi value is an Email address
         rfc822Domain - (10) IDi value is an Email domain

         This value must be set in the same SNMP SET PDU as
         tIPsecClientDBClientIdIdiValue."
    DEFVAL      { none }
    ::= { tIPsecClientDBClientEntry 6 }

tIPsecClientDBClientIdIdiValue   OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientIdIdiValue specifies the IDi value
         within the client ID for this IPsec client entry.

         A client ID may consist of more than one values (e.g., IDi (i.e.,
         tIPsecClientDBClientIdIdiValue), peer IP prefix (i.e.,
         tIPsecClientDBClientIdPeerPfx)). Which type of values a client ID
         contains is configured by tIPsecClientDatabaseMatchType in the
         associated entry of tIPsecClientDatabaseTable.

         This value must be set in the same SNMP SET PDU as
         tIPsecClientDBClientIdIdiType.

         When the value of tIPsecClientDBClientIdIdiType is 'none (1)', 'any
         (2)', 'ipv4PfxAny (4)' or 'ipv6PfxAny (6)', the value of
         tIPsecClientDBClientIdIdiValue is ignored."
    DEFVAL      { ''H }
    ::= { tIPsecClientDBClientEntry 7 }

tIPsecClientDBClientIdPeer4PfAny OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientIdPeer4PfAny specifies whether or not
         the peer IP prefix can be any valid IPv4 prefix.

         When the value of tIPsecClientDBClientIdPeer4PfAny is 'true (1)', the
         value of tIPsecClientDBClientIdPeer6PfAny,
         tIPsecClientDBClientIdPeerPfxTyp, tIPsecClientDBClientIdPeerPfx and
         tIPsecClientDBClientIdPeerPfxLen will be ignored.

         tIPsecClientDBClientIdPeer4PfAny and tIPsecClientDBClientIdPeer6PfAny
         cannot be 'true (1)' at the same time."
    DEFVAL      { false }
    ::= { tIPsecClientDBClientEntry 8 }

tIPsecClientDBClientIdPeer6PfAny OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientIdPeer6PfAny specifies whether or not
         the peer IP prefix can be any valid IPv6 prefix.

         When the value of tIPsecClientDBClientIdPeer6PfAny is 'true (1)', the
         value of tIPsecClientDBClientIdPeer4PfAny,
         tIPsecClientDBClientIdPeerPfxTyp, tIPsecClientDBClientIdPeerPfx and
         tIPsecClientDBClientIdPeerPfxLen will be ignored.

         tIPsecClientDBClientIdPeer6PfAny and tIPsecClientDBClientIdPeer4PfAny
         cannot be 'true (1)' at the same time."
    DEFVAL      { false }
    ::= { tIPsecClientDBClientEntry 9 }

tIPsecClientDBClientIdPeerPfxTyp OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientIdPeerPfxTyp specifies the prefix
         type of tIPsecClientDBClientIdPeerPfx.

         This value must be set in the same SNMP SET PDU as
         tIPsecClientDBClientIdPeerPfx and tIPsecClientDBClientIdPeerPfxLen."
    DEFVAL      { unknown }
    ::= { tIPsecClientDBClientEntry 10 }

tIPsecClientDBClientIdPeerPfx    OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientIdPeerPfx specifies the peer IP
         prefix within the client ID of this IPsec client entry.

         A client ID may consist of more than values (e.g., IDi (i.e.,
         tIPsecClientDBClientIdIdiValue), peer IP prefix (i.e.,
         tIPsecClientDBClientIdPeerPfx)). Which type of values a client ID
         contains is configured by tIPsecClientDatabaseMatchType in the
         associated entry of tIPsecClientDatabaseTable.

         This value must be set in the same SNMP SET PDU as
         tIPsecClientDBClientIdPeerPfxTyp and tIPsecClientDBClientIdPeerPfxLen.

         Once tIPsecClientDBClientIdPeerPfx is configured to any valid IP
         prefix, tIPsecClientDBClientIdPeer4PfAny and
         tIPsecClientDBClientIdPeer6PfAny must be configured to 'false (2)' in
         the same SNMP SET PDU."
    DEFVAL      { ''H }
    ::= { tIPsecClientDBClientEntry 11 }

tIPsecClientDBClientIdPeerPfxLen OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientIdPeerPfxLen specifies the prefix
         length of tIPsecClientDBClientIdPeerPfx.

         This value must be set in the same SNMP SET PDU as
         tIPsecClientDBClientIdPeerPfxTyp and tIPsecClientDBClientIdPeerPfx."
    DEFVAL      { 0 }
    ::= { tIPsecClientDBClientEntry 12 }

tIPsecClientDBClientTnlTempltId  OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelTemplateIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientTnlTempltId specifies the identifier
         of the tunnel template."
    DEFVAL      { 0 }
    ::= { tIPsecClientDBClientEntry 13 }

tIPsecClientDBClientPrivateSvcId OBJECT-TYPE
    SYNTAX      TmnxServId (0 | 1..2147483647)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientPrivateSvcId specifies the private
         service ID of this IPsec client entry.

         The IPsec tunnel cannot be established until the public service ID
         exists and has a 'vprn (4)' TIMETRA-SERV-MIB::svcType.

         The values of tIPsecClientDBClientPrivateSvcId and
         tIPsecClientDBClientPrivateSvcNm must be mutually exclusive and cannot
         simultaneously have non-default values."
    DEFVAL      { 0 }
    ::= { tIPsecClientDBClientEntry 14 }

tIPsecClientDBClientPrivIfName   OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientPrivIfName specifies the private
         interface name of this IPsec client entry."
    DEFVAL      { "" }
    ::= { tIPsecClientDBClientEntry 15 }

tIPsecClientDBClientTsListName   OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientTsListName specifies the traffic
         selector list name of this IPsec client entry."
    DEFVAL      { "" }
    ::= { tIPsecClientDBClientEntry 16 }

tIPsecClientDBClientPreSharedKey OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientPreSharedKey specifies the shared key
         of this IPsec client entry."
    DEFVAL      { ''H }
    ::= { tIPsecClientDBClientEntry 17 }

tIPsecClientDBClientPrivateSvcNm OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecClientDBClientPrivateSvcNm specifies the private
         service name of this IPsec client entry.

         The values of tIPsecClientDBClientPrivateSvcId and
         tIPsecClientDBClientPrivateSvcNm must be mutually exclusive and cannot
         simultaneously have non-default values.

         The IPsec tunnel cannot be established until the public service name
         exists and has a 'vprn (4)' TIMETRA-SERV-MIB::svcType."
    DEFVAL      { ''H }
    ::= { tIPsecClientDBClientEntry 18 }

tmnxIPsecIkeTransformTableLstChg OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIkeTransformTableLstChg indicates the time,
         since system startup, when tmnxIPsecIkeTransformTable last changed
         configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxIPsecObjects 68 }

tmnxIPsecIkeTransformTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecIkeTransformEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecIkeTransformTable contains objects used to configure
         instances of the IKE transform entries.

         Entries in this table are created and destroyed via SNMP SET
         operations to tmnxIPsecIkeTransformRowStatus."
    ::= { tmnxIPsecObjects 69 }

tmnxIPsecIkeTransformEntry       OBJECT-TYPE
    SYNTAX      TmnxIPsecIkeTransformEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecIkeTransformEntry contains the configuration of one IKE
         transform entry."
    INDEX       { tmnxIPsecIkeTransformId }
    ::= { tmnxIPsecIkeTransformTable 1 }

TmnxIPsecIkeTransformEntry       ::= SEQUENCE
{
    tmnxIPsecIkeTransformId          TmnxIPsecIkeTransformId,
    tmnxIPsecIkeTransformRowStatus   RowStatus,
    tmnxIPsecIkeTransformLastChange  TimeStamp,
    tmnxIPsecIkeTransformAuthAlg     INTEGER,
    tmnxIPsecIkeTransformEncrAlg     INTEGER,
    tmnxIPsecIkeTransformDhGroup     TmnxIkePolicyDHGroup,
    tmnxIPsecIkeTransformIsakmpLifeT Unsigned32,
    tmnxIPsecIkeTransformPrfAlg      INTEGER
}

tmnxIPsecIkeTransformId          OBJECT-TYPE
    SYNTAX      TmnxIPsecIkeTransformId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIkeTransformId specifies a unique identifier for
         one IKE transform entry."
    ::= { tmnxIPsecIkeTransformEntry 1 }

tmnxIPsecIkeTransformRowStatus   OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIkeTransformRowStatus specifies the status of
         this row. It is used to create and destroy rows in
         tmnxIPsecIkeTransformTable."
    ::= { tmnxIPsecIkeTransformEntry 2 }

tmnxIPsecIkeTransformLastChange  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIkeTransformLastChange indicates the time, since
         system startup, that the configuration of this row was created or
         modified."
    ::= { tmnxIPsecIkeTransformEntry 3 }

tmnxIPsecIkeTransformAuthAlg     OBJECT-TYPE
    SYNTAX      INTEGER {
        md5            (2),
        sha1           (3),
        sha256         (4),
        sha384         (5),
        sha512         (6),
        aesXcbc        (7),
        authEncryption (8)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIkeTransformAuthAlg specifies the hash algorithm
         used in phase 1 of the Security Association (SA)."
    DEFVAL      { sha1 }
    ::= { tmnxIPsecIkeTransformEntry 4 }

tmnxIPsecIkeTransformEncrAlg     OBJECT-TYPE
    SYNTAX      INTEGER {
        des         (2),
        des3        (3),
        aes128      (4),
        aes192      (5),
        aes256      (6),
        aes128Gcm8  (7),
        aes128Gcm16 (9),
        aes256Gcm8  (13),
        aes256Gcm16 (15)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIkeTransformEncrAlg specifies the encryption
         algorithm used in phase 1 of the Security Association (SA)."
    DEFVAL      { aes128 }
    ::= { tmnxIPsecIkeTransformEntry 5 }

tmnxIPsecIkeTransformDhGroup     OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroup
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIkeTransformDhGroup specifies the Diffie-Hellman
         (DH) group to be used for calculating session keys which will be used
         in the IKE proposal."
    DEFVAL      { group2 }
    ::= { tmnxIPsecIkeTransformEntry 6 }

tmnxIPsecIkeTransformIsakmpLifeT OBJECT-TYPE
    SYNTAX      Unsigned32 (1200..31536000)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIkeTransformIsakmpLifeT specifies the lifetime
         of the phase 1 IKE key.

         ISAKMP stands for Internet Security Association and Key Management
         Protocol."
    DEFVAL      { 86400 }
    ::= { tmnxIPsecIkeTransformEntry 7 }

tmnxIPsecIkeTransformPrfAlg      OBJECT-TYPE
    SYNTAX      INTEGER {
        md5        (2),
        sha1       (3),
        sha256     (4),
        sha384     (5),
        sha512     (6),
        aesXcbc    (7),
        sameAsAuth (8)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIkeTransformPrfAlg specifies the pseudo-random
         function (PRF) used in phase 1 of the SA.

         The value of this object can not be 'sameAsAuth (7)' if the encryption
         algorithm (i.e. tmnxIPsecIkeTransformEncrAlg) is AES-GCM."
    DEFVAL      { sameAsAuth }
    ::= { tmnxIPsecIkeTransformEntry 8 }

tmnxIkePlcyIkeTransformTbLstChg  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePlcyIkeTransformTbLstChg indicates the time, since
         system startup, when tmnxIkePlcyIkeTransformTable last changed
         configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxIPsecObjects 70 }

tmnxIkePlcyIkeTransformTable     OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIkePlcyIkeTransformEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIkePlcyIkeTransformTable contains objects used to configure
         instances of IKE transform information for each IKE policy entry."
    ::= { tmnxIPsecObjects 71 }

tmnxIkePlcyIkeTransformEntry     OBJECT-TYPE
    SYNTAX      TmnxIkePlcyIkeTransformEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIkePlcyIkeTransformEntry contains the configuration of IKE
         transforms used by an IKE policy entry.

         Entries in this table are created or destroyed by the system when a
         row is created or destroyed in tmnxIkePolicyTable. The maximum number
         of associate rows in this table for each IKE Policy is four. When a
         row, whose index is 1, is created or destroyed in tmnxIkePolicyTable,
         up to four entries will be created or destroyed in the
         tmnxIkePlcyIkeTransformTable whose indexes are 1.1, 1.2, 1.3 and 1.4,
         respectively.

         This allows up to four IKE transforms to be used by an IPsec gateway
         or tunnel in the Phase 1 Security Association (SA)."
    INDEX       {
        tmnxIkePolicyId,
        tmnxIkePlcyIkeTransformIndex
    }
    ::= { tmnxIkePlcyIkeTransformTable 1 }

TmnxIkePlcyIkeTransformEntry     ::= SEQUENCE
{
    tmnxIkePlcyIkeTransformIndex     Unsigned32,
    tmnxIkePlcyIkeTransformLstChange TimeStamp,
    tmnxIkePlcyIkeTransformId        TmnxIPsecIkeTransformIdOrZero
}

tmnxIkePlcyIkeTransformIndex     OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePlcyIkeTransformIndex specifies the index of the
         IKE transform for each IKE policy configured in the system.

         IKE policy information is configured in tmnxIkePolicyTable."
    ::= { tmnxIkePlcyIkeTransformEntry 1 }

tmnxIkePlcyIkeTransformLstChange OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePlcyIkeTransformLstChange indicates the time,
         since system startup, that the configuration of this row was created
         or modified."
    ::= { tmnxIkePlcyIkeTransformEntry 2 }

tmnxIkePlcyIkeTransformId        OBJECT-TYPE
    SYNTAX      TmnxIPsecIkeTransformIdOrZero
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePlcyIkeTransformId specifies the unique ID of the
         IKE transform that the specified IKE policy will use.

         For a certain tmnxIkePolicyId, the values of four associated
         tmnxIkePlcyIkeTransformId must be different.

         IKE transform information is configured in tmnxIPsecIkeTransformTable."
    DEFVAL      { 0 }
    ::= { tmnxIkePlcyIkeTransformEntry 3 }

tmnxIPsecGWHistStatsTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecGWHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecGWHistStatsTable contains the historical statistics of
         IPsec gateways."
    ::= { tmnxIPsecObjects 72 }

tmnxIPsecGWHistStatsEntry        OBJECT-TYPE
    SYNTAX      TmnxIPsecGWHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecGWHistStatsEntry contains the historical statistics for a
         specific IPsec gateway."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxIPsecGWHistStatsType,
        tmnxIPsecGWHistStatsIntvIdx
    }
    ::= { tmnxIPsecGWHistStatsTable 1 }

TmnxIPsecGWHistStatsEntry        ::= SEQUENCE
{
    tmnxIPsecGWHistStatsType         TmnxIPsecHistStatsType,
    tmnxIPsecGWHistStatsIntvIdx      Unsigned32,
    tmnxIPsecGWHistStatsValue64      CounterBasedGauge64,
    tmnxIPsecGWHistStatsValue32      Integer32,
    tmnxIPsecGWHistStatsIntvStTm     DateAndTime,
    tmnxIPsecGWHistStatsIntvDur      Unsigned32,
    tmnxIPsecGWHistStatsFstFTm       DateAndTime,
    tmnxIPsecGWHistStatsFstFDesc     TItemLongDescription,
    tmnxIPsecGWHistStatsLstFTm       DateAndTime,
    tmnxIPsecGWHistStatsLstFDesc     TItemLongDescription
}

tmnxIPsecGWHistStatsType         OBJECT-TYPE
    SYNTAX      TmnxIPsecHistStatsType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWHistStatsType specifies the statistical type
         for this IPsec gateway."
    ::= { tmnxIPsecGWHistStatsEntry 1 }

tmnxIPsecGWHistStatsIntvIdx      OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWHistStatsIntvIdx specifies the index of the
         sampling interval period for this statistic.

         When the value of tmnxIPsecGWHistStatsIntvIdx is '1', it indicates
         that this is the current sampling interval and the value of
         tmnxIPsecGWHistStatsValue64 indicates the current statistical value.

         When the value of tmnxIPsecGWHistStatsIntvIdx is larger than '1', it
         indicates that this is a previous sampling interval period and the
         value of tmnxIPsecGWHistStatsValue64 indicates a previous statistical
         value. Specifically, when the value of tmnxIPsecGWHistStatsIntvIdx is
         '2', it indicates that this is the most recent finished sampling
         interval and the value of tmnxIPsecGWHistStatsValue64 indicates the
         most recent statistical value."
    ::= { tmnxIPsecGWHistStatsEntry 2 }

tmnxIPsecGWHistStatsValue64      OBJECT-TYPE
    SYNTAX      CounterBasedGauge64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWHistStatsValue64 indicates the statistical
         value during the corresponding sampling interval period.

         The unit of tmnxIPsecGWHistStatsValue64 is indicated by
         tmnxIPsecGWHistStatsType."
    ::= { tmnxIPsecGWHistStatsEntry 3 }

tmnxIPsecGWHistStatsValue32      OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWHistStatsValue32 indicates a signed 32-bit
         integer representation of the value of tmnxIPsecGWHistStatsValue64.

         This object is used by Remote Network Monitoring (RMON) to monitor
         this statistical value.

         For most tmnxIPsecGWHistStatsType values, the value and unit of
         tmnxIPsecGWHistStatsValue32 are the same as the value and unit of
         tmnxIPsecGWHistStatsValue64. The exception are the following two
         cases.

         1) Different values:
            The value of tmnxIPsecGWHistStatsValue32 is meaningless if this
            statistic (i.e. accumulative statistic) is not monitored by RMON.
            The values of accumulative statistical types are indicated by
            tmnxIPsecGWHistStatsType.

         2) Different values and units:
            When the value of tmnxIPsecGWHistStatsType is equal to any of
            the following values, the unit of tmnxIPsecGWHistStatsValue32
            is the number of mebibits (1 mebibit == 1024 * 1024 bits),
            instead of the number of bits which is used by
            tmnxIPsecGWHistStatsValue64.

            'numOfIPsecEncrBits        (103)'
            'numOfIPsecDecrBits        (104)'
            'numOfIPsecEnDecrBits      (105)'
            'numOfGreTnlEncapBits      (113)'
            'numOfGreTnlDecapBits      (114)'
            'numOfGreTnlEnDecapBits    (115)'
            'numOfIpTnlEncapBits       (123)'
            'numOfIpTnlDecapBits       (124)'
            'numOfIpTnlEnDecapBits     (125)'
            'numOfL2tpv3TnlEncapBits   (133)'
            'numOfL2tpv3TnlDecapBits   (134)'
            'numOfL2tpv3TnlEnDecapBits (135)'

            When the value of tmnxIPsecGWHistStatsType is equal to any of
            the following values, the unit of tmnxIPsecGWHistStatsValue32
            is the number of mebi-packets (1 mebi-packet == 1024 * 1024
            packets), instead of the number of packets which is used by
            tmnxIPsecGWHistStatsValue64.

            'numOfIPsecEncrPkts        (100)'
            'numOfIPsecDecrPkts        (101)'
            'numOfIPsecEnDecrPkts      (102)'
            'numOfGreTnlEncapPkts      (110)'
            'numOfGreTnlDecapPkts      (111)'
            'numOfGreTnlEnDecapPkts    (112)'
            'numOfIpTnlEncapPkts       (120)'
            'numOfIpTnlDecapPkts       (121)'
            'numOfIpTnlEnDecapPkts     (122)'
            'numOfL2tpv3TnlEncapPkts   (130)'
            'numOfL2tpv3TnlDecapPkts   (131)'
            'numOfL2tpv3TnlEnDecapPkts (132)'"
    ::= { tmnxIPsecGWHistStatsEntry 4 }

tmnxIPsecGWHistStatsIntvStTm     OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWHistStatsIntvStTm indicates the UTC date when
         the corresponding sampling interval started."
    ::= { tmnxIPsecGWHistStatsEntry 5 }

tmnxIPsecGWHistStatsIntvDur      OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWHistStatsIntvDur indicates the duration in
         seconds of the corresponding sampling interval."
    ::= { tmnxIPsecGWHistStatsEntry 6 }

tmnxIPsecGWHistStatsFstFTm       OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWHistStatsFstFTm indicates the UTC date when
         the first IKE exchange failure happened in the corresponding sampling
         interval.

         This value is only significant when tmnxIPsecGWHistStatsType is equal
         to any of the following values.

         'numOfIkeAuthFails        (300)
         'numOfIkeNoPrpslFails     (301)
         'numOfIkeAddrAsgFails     (302)
         'numOfIkeInvldTsFails     (303)
         'numOfIkeInvldKeFails     (304)
         'numOfIkeDpdTimeoutFails  (305)
         'numOfIkeOtherReasonFails (306)"
    ::= { tmnxIPsecGWHistStatsEntry 7 }

tmnxIPsecGWHistStatsFstFDesc     OBJECT-TYPE
    SYNTAX      TItemLongDescription (SIZE (0..160))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWHistStatsFstFDesc indicates the description of
         the place where the first IKE exchange failure happened.

         This value is only significant when tmnxIPsecGWHistStatsType is equal
         to any of the IKE exchange failure types (see
         tmnxIPsecGWHistStatsFstFTm description)."
    ::= { tmnxIPsecGWHistStatsEntry 8 }

tmnxIPsecGWHistStatsLstFTm       OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWHistStatsLstFTm indicates the UTC date when
         the last IKE exchange failure happened in the corresponding sampling
         interval.

         This value is only significant when tmnxIPsecGWHistStatsType is equal
         to any of the IKE exchange failure types (see
         tmnxIPsecGWHistStatsFstFTm description)."
    ::= { tmnxIPsecGWHistStatsEntry 9 }

tmnxIPsecGWHistStatsLstFDesc     OBJECT-TYPE
    SYNTAX      TItemLongDescription (SIZE (0..160))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWHistStatsLstFDesc indicates the description of
         the place where the last IKE exchange failure happened.

         This value is only significant when tmnxIPsecGWHistStatsType is equal
         to any of the IKE exchange failure types (see
         tmnxIPsecGWHistStatsLstFTm description)."
    ::= { tmnxIPsecGWHistStatsEntry 10 }

tmnxIPsecIsaHistStatsTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecIsaHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecIsaHistStatsTable contains the historical statistics of
         Integrated Services Adaptors (ISAs)."
    ::= { tmnxIPsecObjects 73 }

tmnxIPsecIsaHistStatsEntry       OBJECT-TYPE
    SYNTAX      TmnxIPsecIsaHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecIsaHistStatsEntry contains the historical statistics for
         a specific ISA."
    INDEX       {
        tmnxChassisIndex,
        tmnxCardSlotNum,
        tmnxMDASlotNum,
        tmnxIPsecIsaHistStatsType,
        tmnxIPsecIsaHistStatsIntvIdx
    }
    ::= { tmnxIPsecIsaHistStatsTable 1 }

TmnxIPsecIsaHistStatsEntry       ::= SEQUENCE
{
    tmnxIPsecIsaHistStatsType        TmnxIPsecHistStatsType,
    tmnxIPsecIsaHistStatsIntvIdx     Unsigned32,
    tmnxIPsecIsaHistStatsValue64     CounterBasedGauge64,
    tmnxIPsecIsaHistStatsValue32     Integer32,
    tmnxIPsecIsaHistStatsIntvStTm    DateAndTime,
    tmnxIPsecIsaHistStatsIntvDur     Unsigned32,
    tmnxIPsecIsaHistStatsFstFTm      DateAndTime,
    tmnxIPsecIsaHistStatsFstFDesc    TItemLongDescription,
    tmnxIPsecIsaHistStatsLstFTm      DateAndTime,
    tmnxIPsecIsaHistStatsLstFDesc    TItemLongDescription
}

tmnxIPsecIsaHistStatsType        OBJECT-TYPE
    SYNTAX      TmnxIPsecHistStatsType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIsaHistStatsType specifies the statistical type
         for this ISA."
    ::= { tmnxIPsecIsaHistStatsEntry 1 }

tmnxIPsecIsaHistStatsIntvIdx     OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIsaHistStatsIntvIdx specifies the index of the
         sampling interval period for this statistic.

         When the value of tmnxIPsecIsaHistStatsIntvIdx is '1', it indicates
         that this is the current sampling interval period and the value of
         tmnxIPsecIsaHistStatsValue64 indicates the current statistical value.

         When the value of tmnxIPsecIsaHistStatsIntvIdx is larger than '1', it
         indicates that this is a previous sampling interval and the value of
         tmnxIPsecIsaHistStatsValue64 indicates a previous statistical value.
         Specifically, when the value of tmnxIPsecIsaHistStatsIntvIdx is '2',
         it indicates that this is the most recent finished sampling interval
         and the value of tmnxIPsecIsaHistStatsValue64 indicates the most
         recent statistical value."
    ::= { tmnxIPsecIsaHistStatsEntry 2 }

tmnxIPsecIsaHistStatsValue64     OBJECT-TYPE
    SYNTAX      CounterBasedGauge64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIsaHistStatsValue64 indicates the statistical
         value during the corresponding sampling interval period.

         The unit of tmnxIPsecIsaHistStatsValue64 is indicated by
         tmnxIPsecIsaHistStatsType."
    ::= { tmnxIPsecIsaHistStatsEntry 3 }

tmnxIPsecIsaHistStatsValue32     OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIsaHistStatsValue32 indicates a signed 32-bit
         integer representation of the value of tmnxIPsecIsaHistStatsValue64.

         This object is used by Remote Network Monitoring (RMON) to monitor
         this statistical value.

         For most tmnxIPsecIsaHistStatsType values, the value and unit of
         tmnxIPsecIsaHistStatsValue32 are the same as the value and unit of
         tmnxIPsecIsaHistStatsValue64. The exception are the following two
         cases.

         1) Different values:
            The value of tmnxIPsecIsaHistStatsValue32 is meaningless if this
            statistic (i.e. accumulative statistic) is not monitored by RMON.
            The values of accumulative statistical types are indicated by
            tmnxIPsecIsaHistStatsType.

         2) Different values and units:
            When the value of tmnxIPsecIsaHistStatsType is equal to any of
            the following values, the unit of tmnxIPsecIsaHistStatsValue32
            is the number of mebibits (1 mebibit == 1024 * 1024 bits),
            instead of the number of bits which is used by
            tmnxIPsecIsaHistStatsValue64.

            'numOfIPsecEncrBits        (103)'
            'numOfIPsecDecrBits        (104)'
            'numOfIPsecEnDecrBits      (105)'
            'numOfGreTnlEncapBits      (113)'
            'numOfGreTnlDecapBits      (114)'
            'numOfGreTnlEnDecapBits    (115)'
            'numOfIpTnlEncapBits       (123)'
            'numOfIpTnlDecapBits       (124)'
            'numOfIpTnlEnDecapBits     (125)'
            'numOfL2tpv3TnlEncapBits   (133)'
            'numOfL2tpv3TnlDecapBits   (134)'
            'numOfL2tpv3TnlEnDecapBits (135)'

            When the value of tmnxIPsecIsaHistStatsType is equal to any of
            the following values, the unit of tmnxIPsecIsaHistStatsValue32
            is the number of mebi-packets (1 mebi-packet == 1024 * 1024
            packets), instead of the number of packets which is used by
            tmnxIPsecIsaHistStatsValue64.

            'numOfIPsecEncrPkts        (100)'
            'numOfIPsecDecrPkts        (101)'
            'numOfIPsecEnDecrPkts      (102)'
            'numOfGreTnlEncapPkts      (110)'
            'numOfGreTnlDecapPkts      (111)'
            'numOfGreTnlEnDecapPkts    (112)'
            'numOfIpTnlEncapPkts       (120)'
            'numOfIpTnlDecapPkts       (121)'
            'numOfIpTnlEnDecapPkts     (122)'
            'numOfL2tpv3TnlEncapPkts   (130)'
            'numOfL2tpv3TnlDecapPkts   (131)'
            'numOfL2tpv3TnlEnDecapPkts (132)'"
    ::= { tmnxIPsecIsaHistStatsEntry 4 }

tmnxIPsecIsaHistStatsIntvStTm    OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIsaHistStatsIntvStTm indicates the UTC date when
         the corresponding sampling interval started."
    ::= { tmnxIPsecIsaHistStatsEntry 5 }

tmnxIPsecIsaHistStatsIntvDur     OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIsaHistStatsIntvDur indicates the duration in
         seconds of the corresponding sampling interval."
    ::= { tmnxIPsecIsaHistStatsEntry 6 }

tmnxIPsecIsaHistStatsFstFTm      OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIsaHistStatsFstFTm indicates the UTC date when
         the first IKE exchange failure happened in the corresponding sampling
         interval.

         This value is only significant when tmnxIPsecIsaHistStatsType is equal
         to any of the following values.

         'numOfIkeAuthFails        (300)
         'numOfIkeNoPrpslFails     (301)
         'numOfIkeAddrAsgFails     (302)
         'numOfIkeInvldTsFails     (303)
         'numOfIkeInvldKeFails     (304)
         'numOfIkeDpdTimeoutFails  (305)
         'numOfIkeOtherReasonFails (306)"
    ::= { tmnxIPsecIsaHistStatsEntry 7 }

tmnxIPsecIsaHistStatsFstFDesc    OBJECT-TYPE
    SYNTAX      TItemLongDescription (SIZE (0..160))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIsaHistStatsFstFDesc indicates the description
         of the place where the first IKE exchange failure happened.

         This value is only significant when tmnxIPsecIsaHistStatsType is equal
         to any of the IKE exchange failure types (see
         tmnxIPsecIsaHistStatsFstFTm description)."
    ::= { tmnxIPsecIsaHistStatsEntry 8 }

tmnxIPsecIsaHistStatsLstFTm      OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIsaHistStatsLstFTm indicates the UTC date when
         the last IKE exchange failure happened in the corresponding sampling
         interval.

         This value is only significant when tmnxIPsecIsaHistStatsType is equal
         to any of the IKE exchange failure types (see
         tmnxIPsecIsaHistStatsFstFTm description)."
    ::= { tmnxIPsecIsaHistStatsEntry 9 }

tmnxIPsecIsaHistStatsLstFDesc    OBJECT-TYPE
    SYNTAX      TItemLongDescription (SIZE (0..160))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecIsaHistStatsLstFDesc indicates the description
         of the place where the last IKE exchange failure happened.

         This value is only significant when tmnxIPsecIsaHistStatsType is equal
         to any of the IKE exchange failure types (see
         tmnxIPsecIsaHistStatsLstFTm description)."
    ::= { tmnxIPsecIsaHistStatsEntry 10 }

tmnxIPsecSvcLevelCfgTableLastChg OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSvcLevelCfgTableLastChg indicates the time,
         since system startup, when tmnxIPsecSvcLevelCfgTable last changed
         configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxIPsecObjects 74 }

tmnxIPsecSvcLevelCfgTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecSvcLevelCfgEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecSvcLevelCfgTable contains the service-specific IPsec
         configurations.

         Entries in this table are automatically created or destroyed by the
         system when entries are created or destroyed in
         TIMETRA-SERV-MIB::svcBaseInfoTable."
    ::= { tmnxIPsecObjects 75 }

tmnxIPsecSvcLevelCfgEntry        OBJECT-TYPE
    SYNTAX      TmnxIPsecSvcLevelCfgEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecSvcLevelCfgEntry contains IPsec configurations for a
         specific service."
    INDEX       { svcId }
    ::= { tmnxIPsecSvcLevelCfgTable 1 }

TmnxIPsecSvcLevelCfgEntry        ::= SEQUENCE
{
    tmnxIPsecSvcLevelCfgRsvRtrOvrd   TruthValue,
    tmnxIPsecSvcLevelCfgRROvrdType   INTEGER
}

tmnxIPsecSvcLevelCfgRsvRtrOvrd   OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION
        "The value of tmnxIPsecSvcLevelCfgRsvRtrOvrd specifies that whether or
         not the system allows the override of the reverse route for the same
         user reconnecting within this service.

         This value is only significant when the value of
         TIMETRA-SERV-MIB::svcType is 'vprn (4)' in the associated entry of
         TIMETRA-SERV-MIB::svcBaseInfoTable.

         This object was obsoleted in release 20.2 on Nokia SROS series
         systems. It has been replaced with tmnxIPsecSvcLevelCfgRROvrdType."
    DEFVAL      { false }
    ::= { tmnxIPsecSvcLevelCfgEntry 1 }

tmnxIPsecSvcLevelCfgRROvrdType   OBJECT-TYPE
    SYNTAX      INTEGER {
        none    (0),
        sameIdi (1),
        anyIdi  (2)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSvcLevelCfgRROvrdType specifies the override
         type that the system allows for the reverse route.

         Values:
           none    - no override
           sameIdi - applicable to the same user reconnecting with this service
           anyIdi  - applicable to any user reconnecting within this service

         This value is only significant when the value of
         TIMETRA-SERV-MIB::svcType is 'vprn (4)' in the associated entry of
         TIMETRA-SERV-MIB::svcBaseInfoTable."
    DEFVAL      { none }
    ::= { tmnxIPsecSvcLevelCfgEntry 2 }

tmnxIPsecTnlGrpHistStatsTable    OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTnlGrpHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlGrpHistStatsTable contains the historical statistics
         of Integrated Services Adaptor (ISA) tunnel groups."
    ::= { tmnxIPsecObjects 76 }

tmnxIPsecTnlGrpHistStatsEntry    OBJECT-TYPE
    SYNTAX      TmnxIPsecTnlGrpHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlGrpHistStatsEntry contains the historical statistics
         for a specific ISA tunnel group."
    INDEX       {
        tmnxIPsecIsaGrpId,
        tmnxIPsecTnlGrpHistStatsType,
        tmnxIPsecTnlGrpHistStatsIntvIdx
    }
    ::= { tmnxIPsecTnlGrpHistStatsTable 1 }

TmnxIPsecTnlGrpHistStatsEntry    ::= SEQUENCE
{
    tmnxIPsecTnlGrpHistStatsType     TmnxIPsecHistStatsType,
    tmnxIPsecTnlGrpHistStatsIntvIdx  Unsigned32,
    tmnxIPsecTnlGrpHistStatsValue64  CounterBasedGauge64,
    tmnxIPsecTnlGrpHistStatsValue32  Integer32,
    tmnxIPsecTnlGrpHistStatsIntvStTm DateAndTime,
    tmnxIPsecTnlGrpHistStatsIntvDur  Unsigned32,
    tmnxIPsecTnlGrpHistStatsFstFTm   DateAndTime,
    tmnxIPsecTnlGrpHistStatsFstFDesc TItemDescription,
    tmnxIPsecTnlGrpHistStatsLstFTm   DateAndTime,
    tmnxIPsecTnlGrpHistStatsLstFDesc TItemDescription
}

tmnxIPsecTnlGrpHistStatsType     OBJECT-TYPE
    SYNTAX      TmnxIPsecHistStatsType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlGrpHistStatsType specifies the statistical
         type for this ISA tunnel group."
    ::= { tmnxIPsecTnlGrpHistStatsEntry 1 }

tmnxIPsecTnlGrpHistStatsIntvIdx  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlGrpHistStatsIntvIdx specifies the index of
         the sampling interval period for this statistic.

         When the value of tmnxIPsecTnlGrpHistStatsIntvIdx is '1', it indicates
         that this is the current sampling interval period and the value of
         tmnxIPsecTnlGrpHistStatsValue64 indicates the current statistical
         value.

         When the value of tmnxIPsecTnlGrpHistStatsIntvIdx is larger than '1',
         it indicates that this is a previous sampling interval and the value
         of tmnxIPsecTnlGrpHistStatsValue64 indicates a previous statistical
         value. Specifically, when the value of tmnxIPsecTnlGrpHistStatsIntvIdx
         is '2', it indicates that this is the most recent finished sampling
         interval and the value of tmnxIPsecTnlGrpHistStatsValue64 indicates
         the most recent statistical value."
    ::= { tmnxIPsecTnlGrpHistStatsEntry 2 }

tmnxIPsecTnlGrpHistStatsValue64  OBJECT-TYPE
    SYNTAX      CounterBasedGauge64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlGrpHistStatsValue64 indicates the statistical
         value during the corresponding sampling interval period.

         The unit of tmnxIPsecTnlGrpHistStatsValue64 is indicated by
         tmnxIPsecTnlGrpHistStatsType."
    ::= { tmnxIPsecTnlGrpHistStatsEntry 3 }

tmnxIPsecTnlGrpHistStatsValue32  OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlGrpHistStatsValue32 indicates a signed 32-bit
         integer representation of the value of
         tmnxIPsecTnlGrpHistStatsValue64.

         This object is used by Remote Network Monitoring (RMON) to monitor
         this statistical value.

         For most tmnxIPsecTnlGrpHistStatsType values, the value and unit of
         tmnxIPsecTnlGrpHistStatsValue32 are the same as the value and unit of
         tmnxIPsecTnlGrpHistStatsValue64. The exception are the following two
         cases.

         1) When the value of tmnxIPsecTnlGrpHistStatsType is equal to any of
            the following values, the unit of tmnxIPsecTnlGrpHistStatsValue32
            is the number of mebibits (1 mebibit == 1024 * 1024 bits),
            instead of the number of bits which is used by
            tmnxIPsecTnlGrpHistStatsValue64.

            'numOfIPsecEncrBits        (103)'
            'numOfIPsecDecrBits        (104)'
            'numOfIPsecEnDecrBits      (105)'
            'numOfGreTnlEncapBits      (113)'
            'numOfGreTnlDecapBits      (114)'
            'numOfGreTnlEnDecapBits    (115)'
            'numOfIpTnlEncapBits       (123)'
            'numOfIpTnlDecapBits       (124)'
            'numOfIpTnlEnDecapBits     (125)'
            'numOfL2tpv3TnlEncapBits   (133)'
            'numOfL2tpv3TnlDecapBits   (134)'
            'numOfL2tpv3TnlEnDecapBits (135)'

         2) When the value of tmnxIPsecTnlGrpHistStatsType is equal to any of
            the following values, the unit of tmnxIPsecTnlGrpHistStatsValue32
            is the number of mebi-packets (1 mebi-packet == 1024 * 1024
            packets), instead of the number of packets which is used by
            tmnxIPsecTnlGrpHistStatsValue64.

            'numOfIPsecEncrPkts        (100)'
            'numOfIPsecDecrPkts        (101)'
            'numOfIPsecEnDecrPkts      (102)'
            'numOfGreTnlEncapPkts      (110)'
            'numOfGreTnlDecapPkts      (111)'
            'numOfGreTnlEnDecapPkts    (112)'
            'numOfIpTnlEncapPkts       (120)'
            'numOfIpTnlDecapPkts       (121)'
            'numOfIpTnlEnDecapPkts     (122)'
            'numOfL2tpv3TnlEncapPkts   (130)'
            'numOfL2tpv3TnlDecapPkts   (131)'
            'numOfL2tpv3TnlEnDecapPkts (132)'"
    ::= { tmnxIPsecTnlGrpHistStatsEntry 4 }

tmnxIPsecTnlGrpHistStatsIntvStTm OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlGrpHistStatsIntvStTm indicates the UTC date
         when the corresponding sampling interval started."
    ::= { tmnxIPsecTnlGrpHistStatsEntry 5 }

tmnxIPsecTnlGrpHistStatsIntvDur  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlGrpHistStatsIntvDur indicates the duration in
         seconds of the corresponding sampling interval."
    ::= { tmnxIPsecTnlGrpHistStatsEntry 6 }

tmnxIPsecTnlGrpHistStatsFstFTm   OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlGrpHistStatsFstFTm indicates the UTC date
         when the first IKE exchange failure happened in the corresponding
         sampling interval.

         This value is only significant when tmnxIPsecTnlGrpHistStatsType is
         equal to any of the following values.

         'numOfIkeAuthFails        (300)
         'numOfIkeNoPrpslFails     (301)
         'numOfIkeAddrAsgFails     (302)
         'numOfIkeInvldTsFails     (303)
         'numOfIkeInvldKeFails     (304)
         'numOfIkeDpdTimeoutFails  (305)
         'numOfIkeOtherReasonFails (306)"
    ::= { tmnxIPsecTnlGrpHistStatsEntry 7 }

tmnxIPsecTnlGrpHistStatsFstFDesc OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlGrpHistStatsFstFDesc indicates the
         description of the place where the first IKE exchange failure
         happened.

         This value is only significant when tmnxIPsecTnlGrpHistStatsType is
         equal to any of the IKE exchange failure types (see
         tmnxIPsecTnlGrpHistStatsFstFTm description)."
    ::= { tmnxIPsecTnlGrpHistStatsEntry 8 }

tmnxIPsecTnlGrpHistStatsLstFTm   OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlGrpHistStatsLstFTm indicates the UTC date
         when the last IKE exchange failure happened in the corresponding
         sampling interval.

         This value is only significant when tmnxIPsecTnlGrpHistStatsType is
         equal to any of the IKE exchange failure types (see
         tmnxIPsecTnlGrpHistStatsFstFTm description)."
    ::= { tmnxIPsecTnlGrpHistStatsEntry 9 }

tmnxIPsecTnlGrpHistStatsLstFDesc OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlGrpHistStatsLstFDesc indicates the
         description of the place where the last IKE exchange failure happened.

         This value is only significant when tmnxIPsecTnlGrpHistStatsType is
         equal to any of the IKE exchange failure types (see
         tmnxIPsecTnlGrpHistStatsLstFTm description)."
    ::= { tmnxIPsecTnlGrpHistStatsEntry 10 }

tmnxIPsecSysHistStatsTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecSysHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecSysHistStatsTable contains the historical statistics of
         the entire system."
    ::= { tmnxIPsecObjects 77 }

tmnxIPsecSysHistStatsEntry       OBJECT-TYPE
    SYNTAX      TmnxIPsecSysHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecSysHistStatsEntry contains the historical statistics for
         a specific statistical type of the entire system."
    INDEX       {
        tmnxIPsecSysHistStatsType,
        tmnxIPsecSysHistStatsIntvIdx
    }
    ::= { tmnxIPsecSysHistStatsTable 1 }

TmnxIPsecSysHistStatsEntry       ::= SEQUENCE
{
    tmnxIPsecSysHistStatsType        TmnxIPsecHistStatsType,
    tmnxIPsecSysHistStatsIntvIdx     Unsigned32,
    tmnxIPsecSysHistStatsValue64     CounterBasedGauge64,
    tmnxIPsecSysHistStatsValue32     Integer32,
    tmnxIPsecSysHistStatsIntvStTm    DateAndTime,
    tmnxIPsecSysHistStatsIntvDur     Unsigned32,
    tmnxIPsecSysHistStatsFstFTm      DateAndTime,
    tmnxIPsecSysHistStatsFstFDesc    TItemDescription,
    tmnxIPsecSysHistStatsLstFTm      DateAndTime,
    tmnxIPsecSysHistStatsLstFDesc    TItemDescription
}

tmnxIPsecSysHistStatsType        OBJECT-TYPE
    SYNTAX      TmnxIPsecHistStatsType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSysHistStatsType specifies the type for this
         statistic."
    ::= { tmnxIPsecSysHistStatsEntry 1 }

tmnxIPsecSysHistStatsIntvIdx     OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSysHistStatsIntvIdx specifies the index of the
         sampling interval period for this statistic.

         When the value of tmnxIPsecSysHistStatsIntvIdx is '1', it indicates
         that this is the current sampling interval period and the value of
         tmnxIPsecSysHistStatsValue64 indicates the current statistical value.

         When the value of tmnxIPsecSysHistStatsIntvIdx is larger than '1', it
         indicates that this is a previous sampling interval and the value of
         tmnxIPsecSysHistStatsValue64 indicates a previous statistical value.
         Specifically, when the value of tmnxIPsecSysHistStatsIntvIdx is '2',
         it indicates that this is the most recent finished sampling interval
         and the value of tmnxIPsecSysHistStatsValue64 indicates the most
         recent statistical value."
    ::= { tmnxIPsecSysHistStatsEntry 2 }

tmnxIPsecSysHistStatsValue64     OBJECT-TYPE
    SYNTAX      CounterBasedGauge64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSysHistStatsValue64 indicates the statistical
         value during the corresponding sampling interval period.

         The unit of tmnxIPsecSysHistStatsValue64 is indicated by
         tmnxIPsecSysHistStatsType."
    ::= { tmnxIPsecSysHistStatsEntry 3 }

tmnxIPsecSysHistStatsValue32     OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSysHistStatsValue32 indicates a signed 32-bit
         integer representation of the value of tmnxIPsecSysHistStatsValue64.

         This object is used by Remote Network Monitoring (RMON) to monitor
         this statistical value.

         For most tmnxIPsecSysHistStatsType values, the value and unit of
         tmnxIPsecSysHistStatsValue32 are the same as the value and unit of
         tmnxIPsecSysHistStatsValue64. The exception are the following two
         cases.

         1) When the value of tmnxIPsecSysHistStatsType is equal to any of
            the following values, the unit of tmnxIPsecSysHistStatsValue32
            is the number of mebibits (1 mebibit == 1024 * 1024 bits),
            instead of the number of bits which is used by
            tmnxIPsecSysHistStatsValue64.

            'numOfIPsecEncrBits        (103)'
            'numOfIPsecDecrBits        (104)'
            'numOfIPsecEnDecrBits      (105)'
            'numOfGreTnlEncapBits      (113)'
            'numOfGreTnlDecapBits      (114)'
            'numOfGreTnlEnDecapBits    (115)'
            'numOfIpTnlEncapBits       (123)'
            'numOfIpTnlDecapBits       (124)'
            'numOfIpTnlEnDecapBits     (125)'
            'numOfL2tpv3TnlEncapBits   (133)'
            'numOfL2tpv3TnlDecapBits   (134)'
            'numOfL2tpv3TnlEnDecapBits (135)'

         2) When the value of tmnxIPsecSysHistStatsType is equal to any of
            the following values, the unit of tmnxIPsecSysHistStatsValue32
            is the number of mebi-packets (1 mebi-packet == 1024 * 1024
            packets), instead of the number of packets which is used by
            tmnxIPsecSysHistStatsValue64.

            'numOfIPsecEncrPkts        (100)'
            'numOfIPsecDecrPkts        (101)'
            'numOfIPsecEnDecrPkts      (102)'
            'numOfGreTnlEncapPkts      (110)'
            'numOfGreTnlDecapPkts      (111)'
            'numOfGreTnlEnDecapPkts    (112)'
            'numOfIpTnlEncapPkts       (120)'
            'numOfIpTnlDecapPkts       (121)'
            'numOfIpTnlEnDecapPkts     (122)'
            'numOfL2tpv3TnlEncapPkts   (130)'
            'numOfL2tpv3TnlDecapPkts   (131)'
            'numOfL2tpv3TnlEnDecapPkts (132)'"
    ::= { tmnxIPsecSysHistStatsEntry 4 }

tmnxIPsecSysHistStatsIntvStTm    OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSysHistStatsIntvStTm indicates the UTC date when
         the corresponding sampling interval started."
    ::= { tmnxIPsecSysHistStatsEntry 5 }

tmnxIPsecSysHistStatsIntvDur     OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSysHistStatsIntvDur indicates the duration in
         seconds of the corresponding sampling interval."
    ::= { tmnxIPsecSysHistStatsEntry 6 }

tmnxIPsecSysHistStatsFstFTm      OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSysHistStatsFstFTm indicates the UTC date when
         the first IKE exchange failure happened in the corresponding sampling
         interval.

         This value is only significant when tmnxIPsecSysHistStatsType is equal
         to any of the following values.

         'numOfIkeAuthFails        (300)
         'numOfIkeNoPrpslFails     (301)
         'numOfIkeAddrAsgFails     (302)
         'numOfIkeInvldTsFails     (303)
         'numOfIkeInvldKeFails     (304)
         'numOfIkeDpdTimeoutFails  (305)
         'numOfIkeOtherReasonFails (306)"
    ::= { tmnxIPsecSysHistStatsEntry 7 }

tmnxIPsecSysHistStatsFstFDesc    OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSysHistStatsFstFDesc indicates the description
         of the place where the first IKE exchange failure happened.

         This value is only significant when tmnxIPsecSysHistStatsType is equal
         to any of the IKE exchange failure types (see
         tmnxIPsecSysHistStatsFstFTm description)."
    ::= { tmnxIPsecSysHistStatsEntry 8 }

tmnxIPsecSysHistStatsLstFTm      OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSysHistStatsLstFTm indicates the UTC date when
         the last IKE exchange failure happened in the corresponding sampling
         interval.

         This value is only significant when tmnxIPsecSysHistStatsType is equal
         to any of the IKE exchange failure types (see
         tmnxIPsecSysHistStatsFstFTm description)."
    ::= { tmnxIPsecSysHistStatsEntry 9 }

tmnxIPsecSysHistStatsLstFDesc    OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSysHistStatsLstFDesc indicates the description
         of the place where the last IKE exchange failure happened.

         This value is only significant when tmnxIPsecSysHistStatsType is equal
         to any of the IKE exchange failure types (see
         tmnxIPsecSysHistStatsLstFTm description)."
    ::= { tmnxIPsecSysHistStatsEntry 10 }

tmnxIPsecTnlHistStatsTable       OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTnlHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlHistStatsTable contains the historical statistics of
         IPsec tunnels."
    ::= { tmnxIPsecObjects 78 }

tmnxIPsecTnlHistStatsEntry       OBJECT-TYPE
    SYNTAX      TmnxIPsecTnlHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlHistStatsEntry contains the historical statistics for
         a specific IPsec tunnel."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxIPsecTunnelName,
        tmnxIPsecTnlHistStatsType,
        tmnxIPsecTnlHistStatsIntvIdx
    }
    ::= { tmnxIPsecTnlHistStatsTable 1 }

TmnxIPsecTnlHistStatsEntry       ::= SEQUENCE
{
    tmnxIPsecTnlHistStatsType        TmnxIPsecHistStatsType,
    tmnxIPsecTnlHistStatsIntvIdx     Unsigned32,
    tmnxIPsecTnlHistStatsValue64     CounterBasedGauge64,
    tmnxIPsecTnlHistStatsIntvStTm    DateAndTime,
    tmnxIPsecTnlHistStatsIntvDur     Unsigned32
}

tmnxIPsecTnlHistStatsType        OBJECT-TYPE
    SYNTAX      TmnxIPsecHistStatsType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlHistStatsType specifies the statistical type
         for this IPsec tunnel.

         The values of tmnxIPsecTnlHistStatsType supported by this table are
         listed below.
             numOfAccumIPsecEncrPkts    (400)
             numOfAccumIPsecDecrPkts    (401)
             numOfAccumIPsecEnDecrPkts  (402)
             numOfAccumIPsecEncrKBs     (403)
             numOfAccumIPsecDecrKBs     (404)
             numOfAccumIPsecEnDecrKBs   (405)"
    ::= { tmnxIPsecTnlHistStatsEntry 1 }

tmnxIPsecTnlHistStatsIntvIdx     OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlHistStatsIntvIdx specifies the index of the
         sampling interval period for this statistic.

         The value of tmnxIPsecTnlHistStatsIntvIdx is '1', it indicates that
         this is the current sampling interval and the value of
         tmnxIPsecTnlHistStatsValue64 indicates the current statistical value.

         '1' is the only available value for tmnxIPsecTnlHistStatsIntvIdx in
         this release."
    ::= { tmnxIPsecTnlHistStatsEntry 2 }

tmnxIPsecTnlHistStatsValue64     OBJECT-TYPE
    SYNTAX      CounterBasedGauge64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlHistStatsValue64 indicates the statistical
         value during the corresponding sampling interval period.

         The unit of tmnxIPsecTnlHistStatsValue64 is indicated by
         tmnxIPsecTnlHistStatsType."
    ::= { tmnxIPsecTnlHistStatsEntry 3 }

tmnxIPsecTnlHistStatsIntvStTm    OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlHistStatsIntvStTm indicates the UTC date when
         the corresponding sampling interval started."
    ::= { tmnxIPsecTnlHistStatsEntry 4 }

tmnxIPsecTnlHistStatsIntvDur     OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlHistStatsIntvDur indicates the duration in
         seconds of the corresponding sampling interval."
    ::= { tmnxIPsecTnlHistStatsEntry 5 }

tmnxIPsecRUTnlHistStatsTable     OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecRUTnlHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecRUTnlHistStatsTable contains the historical statistics of
         IPsec Remote-User tunnels.

         The typical usage of this table is to fill in the part of the index
         that identifies an IPsec Remote-User tunnel (svcId, sapPortId,
         sapEncapValue, tIPsecRUTnlInetAddrType, tIPsecRUTnlInetAddress and
         tIPsecRUTnlPort), and perform a partial walk to retrieve the
         statistics. Due to the huge size of this table, an SNMP walk without
         any index may take a long time to complete and is not recommended."
    ::= { tmnxIPsecObjects 79 }

tmnxIPsecRUTnlHistStatsEntry     OBJECT-TYPE
    SYNTAX      TmnxIPsecRUTnlHistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecRUTnlHistStatsEntry contains the historical statistics
         for a specific IPsec Remote-User tunnel."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecRUTnlInetAddrType,
        tIPsecRUTnlInetAddress,
        tIPsecRUTnlPort,
        tmnxIPsecRUTnlHistStatsType,
        tmnxIPsecRUTnlHistStatsIntvIdx
    }
    ::= { tmnxIPsecRUTnlHistStatsTable 1 }

TmnxIPsecRUTnlHistStatsEntry     ::= SEQUENCE
{
    tmnxIPsecRUTnlHistStatsType      TmnxIPsecHistStatsType,
    tmnxIPsecRUTnlHistStatsIntvIdx   Unsigned32,
    tmnxIPsecRUTnlHistStatsValue64   CounterBasedGauge64,
    tmnxIPsecRUTnlHistStatsIntvStTm  DateAndTime,
    tmnxIPsecRUTnlHistStatsIntvDur   Unsigned32
}

tmnxIPsecRUTnlHistStatsType      OBJECT-TYPE
    SYNTAX      TmnxIPsecHistStatsType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecRUTnlHistStatsType specifies the statistical
         type for this IPsec Remote-User tunnel.

         The values of tmnxIPsecRUTnlHistStatsType supported by this table are
         listed below.
             numOfAccumIPsecEncrPkts    (400)
             numOfAccumIPsecDecrPkts    (401)
             numOfAccumIPsecEnDecrPkts  (402)
             numOfAccumIPsecEncrKBs     (403)
             numOfAccumIPsecDecrKBs     (404)
             numOfAccumIPsecEnDecrKBs   (405)"
    ::= { tmnxIPsecRUTnlHistStatsEntry 1 }

tmnxIPsecRUTnlHistStatsIntvIdx   OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecRUTnlHistStatsIntvIdx specifies the index of the
         sampling interval period for this statistic.

         The value of tmnxIPsecRUTnlHistStatsIntvIdx is '1', it indicates that
         this is the current sampling interval and the value of
         tmnxIPsecRUTnlHistStatsValue64 indicates the current statistical
         value.

         '1' is the only available value for tmnxIPsecRUTnlHistStatsIntvIdx in
         this release."
    ::= { tmnxIPsecRUTnlHistStatsEntry 2 }

tmnxIPsecRUTnlHistStatsValue64   OBJECT-TYPE
    SYNTAX      CounterBasedGauge64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecRUTnlHistStatsValue64 indicates the statistical
         value during the corresponding sampling interval period.

         The unit of tmnxIPsecRUTnlHistStatsValue64 is indicated by
         tmnxIPsecRUTnlHistStatsType."
    ::= { tmnxIPsecRUTnlHistStatsEntry 3 }

tmnxIPsecRUTnlHistStatsIntvStTm  OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecRUTnlHistStatsIntvStTm indicates the UTC date
         when the corresponding sampling interval started."
    ::= { tmnxIPsecRUTnlHistStatsEntry 4 }

tmnxIPsecRUTnlHistStatsIntvDur   OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecRUTnlHistStatsIntvDur indicates the duration in
         seconds of the corresponding sampling interval."
    ::= { tmnxIPsecRUTnlHistStatsEntry 5 }

tmnxIPsecGWStatsTable            OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecGWStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecGWStatsTable contains the statistics of IPsec gateways."
    ::= { tmnxIPsecObjects 80 }

tmnxIPsecGWStatsEntry            OBJECT-TYPE
    SYNTAX      TmnxIPsecGWStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecGWStatsEntry contains the statistics for a specific IPsec
         gateway."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue
    }
    ::= { tmnxIPsecGWStatsTable 1 }

TmnxIPsecGWStatsEntry            ::= SEQUENCE
{
    tmnxIPsecGWStatsNumOfDl2lTnls    Unsigned32,
    tmnxIPsecGWStatsNumOfRaTnls      Unsigned32
}

tmnxIPsecGWStatsNumOfDl2lTnls    OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWStatsNumOfDl2lTnls indicates the number of
         dynamic LAN-to-LAN (SL2L) tunnels associated with this IPsec gateway."
    ::= { tmnxIPsecGWStatsEntry 1 }

tmnxIPsecGWStatsNumOfRaTnls      OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWStatsNumOfRaTnls indicates the number of
         remote access (RA) tunnels associated to this IPsec gateway."
    ::= { tmnxIPsecGWStatsEntry 2 }

tmnxIPsecNotifyObjs              OBJECT IDENTIFIER ::= { tmnxIPsecObjects 100 }

tIPsecNotifRUTnlInetAddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifRUTnlInetAddrType indicates address type of
         tIPsecNotifRUTnlInetAddress object."
    ::= { tmnxIPsecNotifyObjs 1 }

tIPsecNotifRUTnlInetAddress      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4|16|20))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This value of tIPsecNotifRUTnlInetAddress indicates the address of of
         the SAP IPsec gateway to the tunnel."
    ::= { tmnxIPsecNotifyObjs 2 }

tIPsecNotifRUTnlPort             OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifRUTnlPort indicates the UDP port of the SAP
         IPsec gateway to the tunnel."
    ::= { tmnxIPsecNotifyObjs 3 }

tIPsecNotifReason                OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifReason indicates the reason for the IPsec
         notification."
    ::= { tmnxIPsecNotifyObjs 4 }

tIPsecNotifBfdIntfSvcId          OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifBfdIntfSvcId specifies the service ID of the
         interface running BFD in the notification."
    ::= { tmnxIPsecNotifyObjs 5 }

tIPsecNotifBfdIntfIfName         OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifBfdIntfIfName specifies the name of the
         interface running BFD in the notification."
    ::= { tmnxIPsecNotifyObjs 6 }

tIPsecNotifBfdIntfDestIpType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifBfdIntfDestIpType specifies the address type
         of tIPsecNotifBfdIntfDestIp object."
    ::= { tmnxIPsecNotifyObjs 7 }

tIPsecNotifBfdIntfDestIp         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifBfdIntfDestIp specifies the destination IP
         address on the interface running BFD in the notification."
    ::= { tmnxIPsecNotifyObjs 8 }

tIPsecNotifBfdIntfSessState      OBJECT-TYPE
    SYNTAX      TmnxBfdSessOperState
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifBfdIntfSessState indicates the operational
         state of BFD session on the interface in the notification."
    ::= { tmnxIPsecNotifyObjs 9 }

tIPsecRadAcctPlcyFailReason      OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRadAcctPlcyFailReason is a printable character
         string which contains information about the reason why the
         tIPsecRadAcctPlcyFailure notification was generated."
    ::= { tmnxIPsecNotifyObjs 10 }

tIPsecNotifIPsecTunnelName       OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifIPsecTunnelName indicates the name of the
         IPsec tunnel name."
    ::= { tmnxIPsecNotifyObjs 11 }

tIPsecNotifConfigIpMtu           OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifConfigIpMtu indicates the IPsec tunnel's
         configured IP MTU for packets entering the tunnel from the
         non-encapsulated side."
    ::= { tmnxIPsecNotifyObjs 12 }

tIPsecNotifEncapOverhead         OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifEncapOverhead indicates the IPsec tunnel's
         outbound SA encapsulation overhead."
    ::= { tmnxIPsecNotifyObjs 13 }

tIPsecNotifConfigEncapIpMtu      OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifConfigEncapIpMtu indicates the IPsec tunnel's
         configured encapsulated IP MTU."
    ::= { tmnxIPsecNotifyObjs 14 }

tIPsecNotifCertProfileName       OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifCertProfileName indicates the name of the
         certificate profile associated with the notification."
    ::= { tmnxIPsecNotifyObjs 15 }

tIPsecNotifCertProfEntryId       OBJECT-TYPE
    SYNTAX      TEntryId
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifCertProfEntryId indicates the entry ID of the
         certificate profile associated with the notification."
    ::= { tmnxIPsecNotifyObjs 16 }

tIPsecNotifCaProfNames           OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifCaProfNames indicates the CA profile names of
         a certificate chain associated with the notification."
    ::= { tmnxIPsecNotifyObjs 17 }

tIPsecNotifTunnelType            OBJECT-TYPE
    SYNTAX      INTEGER {
        static           (1),
        secure-interface (2),
        dynamic          (3)
    }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The tIPsecNotifTunnelType indicates the type of tunnel."
    ::= { tmnxIPsecNotifyObjs 18 }

tIPsecNotifTunnelIdentifier      OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The tIPsecNotifTunnelIdentifier indicates the tunnel-name for the
         static/secure-interface tunnel or 'GW-REMOTE-IPADDR:REMOTE-PORT' for
         the dynamic tunnel."
    ::= { tmnxIPsecNotifyObjs 19 }

tmnxIPsecScalarsObjs             OBJECT IDENTIFIER ::= { tmnxIPsecObjects 101 }

tmnxIPsecScalarObjsShowKeys      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecScalarObjsShowKeys specifies whether or not to
         show the IPsec Security Association keys in command line interfaces
         (CLI)."
    DEFVAL      { false }
    ::= { tmnxIPsecScalarsObjs 1 }

tmnxIPsecTnlBfdSessTableLChg     OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlBfdSessTableLChg indicates the time, since
         system startup, when tmnxIPsecTnlBfdSessTable last changed
         configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxIPsecObjects 102 }

tmnxIPsecTnlBfdSessTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTnlBfdSessEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlBfdSessTable contains configurable IPsec Tunnel
         Bidirectional Forwarding Detection (BFD) session information.

         Entries in this table are created and destroyed via SNMP SET
         operations to tmnxIPsecTnlBfdSessRowStatus.

         tmnxIPsecTnlBfdSessSvcId, tmnxIPsecTnlBfdSessSvcName,
         tmnxIPsecTnlBfdSessIfName, tmnxIPsecTnlBfdSessDstAddrT and
         tmnxIPsecTnlBfdSessDstAddr must be present in the same SNMP PDU as the
         row creation, otherwise the creation will fail."
    ::= { tmnxIPsecObjects 103 }

tmnxIPsecTnlBfdSessEntry         OBJECT-TYPE
    SYNTAX      TmnxIPsecTnlBfdSessEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlBfdSessEntry contains the configuration of one IPsec
         Tunnel BFD session entry."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxIPsecTunnelName
    }
    ::= { tmnxIPsecTnlBfdSessTable 1 }

TmnxIPsecTnlBfdSessEntry         ::= SEQUENCE
{
    tmnxIPsecTnlBfdSessRowStatus     RowStatus,
    tmnxIPsecTnlBfdSessSvcId         TmnxServId,
    tmnxIPsecTnlBfdSessSvcName       TLNamedItemOrEmpty,
    tmnxIPsecTnlBfdSessIfName        TNamedItemOrEmpty,
    tmnxIPsecTnlBfdSessDstAddrT      InetAddressType,
    tmnxIPsecTnlBfdSessDstAddr       InetAddress
}

tmnxIPsecTnlBfdSessRowStatus     OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlBfdSessRowStatus specifies the status of this
         row. It is used to create and destroy rows in
         tmnxIPsecTnlBfdSessTable."
    ::= { tmnxIPsecTnlBfdSessEntry 1 }

tmnxIPsecTnlBfdSessSvcId         OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlBfdSessSvcId specifies the service identifier
         of the interface running BFD.

         The values of tmnxIPsecTnlBfdSessSvcId and tmnxIPsecTnlBfdSessSvcName
         must be mutually exclusive and cannot simultaneously have non-default
         values."
    DEFVAL      { 0 }
    ::= { tmnxIPsecTnlBfdSessEntry 2 }

tmnxIPsecTnlBfdSessSvcName       OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlBfdSessSvcName specifies the service name of
         the interface running BFD.

         The values of tmnxIPsecTnlBfdSessSvcName and tmnxIPsecTnlBfdSessSvcId
         must be mutually exclusive and cannot simultaneously have non-default
         values."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTnlBfdSessEntry 3 }

tmnxIPsecTnlBfdSessIfName        OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlBfdSessIfName specifies the IPSec interface
         used by the BFD session."
    DEFVAL      { ''H }
    ::= { tmnxIPsecTnlBfdSessEntry 4 }

tmnxIPsecTnlBfdSessDstAddrT      OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlBfdSessDstAddrT specifies the address type of
         tmnxIPsecTnlBfdSessDstAddr."
    DEFVAL      { ipv4 }
    ::= { tmnxIPsecTnlBfdSessEntry 5 }

tmnxIPsecTnlBfdSessDstAddr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlBfdSessDstAddr specifies the destination IP
         address to be used for the BFD session.

         The default value of tmnxIPsecTnlBfdSessDstAddr is 0.0.0.0."
    DEFVAL      { '00000000'H }
    ::= { tmnxIPsecTnlBfdSessEntry 6 }

tmnxIPsecTnlBfdSessStatTable     OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTnlBfdSessStatEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlBfdSessStatTable contains the statistics of IPsec
         Tunnel BFD sessions."
    ::= { tmnxIPsecObjects 104 }

tmnxIPsecTnlBfdSessStatEntry     OBJECT-TYPE
    SYNTAX      TmnxIPsecTnlBfdSessStatEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTnlBfdSessStatEntry contains the statistics for a single
         IPsec Tunnel BFD session."
    INDEX       {
        svcId,
        sapPortId,
        sapEncapValue,
        tmnxIPsecTunnelName
    }
    ::= { tmnxIPsecTnlBfdSessStatTable 1 }

TmnxIPsecTnlBfdSessStatEntry     ::= SEQUENCE
{
    tmnxIPsecTnlBfdSessStatSrcAddrT  InetAddressType,
    tmnxIPsecTnlBfdSessStatSrcAddr   InetAddress,
    tmnxIPsecTnlBfdSessStatOperState TmnxBfdSessOperState
}

tmnxIPsecTnlBfdSessStatSrcAddrT  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlBfdSessStatSrcAddrT indicates the address
         type of tmnxIPsecTnlBfdSessStatSrcAddr."
    ::= { tmnxIPsecTnlBfdSessStatEntry 1 }

tmnxIPsecTnlBfdSessStatSrcAddr   OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlBfdSessStatSrcAddr indicates the source IP
         address on the interface running BFD."
    ::= { tmnxIPsecTnlBfdSessStatEntry 2 }

tmnxIPsecTnlBfdSessStatOperState OBJECT-TYPE
    SYNTAX      TmnxBfdSessOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTnlBfdSessStatOperState indicates the
         operational state of the BFD session the IPsec tunnel is relying upon
         for its fast triggering mechanism."
    ::= { tmnxIPsecTnlBfdSessStatEntry 3 }

tmnxVRtIPsecTnlTableLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlTableLastChanged indicates the time, since
         system startup, when tmnxVRtIPsecTnlTable last changed configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxIPsecObjects 105 }

tmnxVRtIPsecTnlTable             OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxVRtIPsecTnlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxVRtIPsecTnlTable contains configurable IPsec Tunnel
         information.

         Entries in this table are created and destroyed via SNMP SET
         operations to tmnxVRtIPsecTnlRowStatus."
    ::= { tmnxIPsecObjects 106 }

tmnxVRtIPsecTnlEntry             OBJECT-TYPE
    SYNTAX      TmnxVRtIPsecTnlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxVRtIPsecTnlEntry contains the configuration of one IPsec
         Tunnel entry."
    INDEX       {
        vRtrID,
        vRtrIfIndex,
        tmnxVRtIPsecTnlName
    }
    ::= { tmnxVRtIPsecTnlTable 1 }

TmnxVRtIPsecTnlEntry             ::= SEQUENCE
{
    tmnxVRtIPsecTnlName              TNamedItem,
    tmnxVRtIPsecTnlRowStatus         RowStatus,
    tmnxVRtIPsecTnlLastChanged       TimeStamp,
    tmnxVRtIPsecTnlAdminState        TmnxAdminState,
    tmnxVRtIPsecTnlOperState         TmnxIPsecOperState,
    tmnxVRtIPsecTnlDescription       TItemDescription,
    tmnxVRtIPsecTnlLclGwAddrType     InetAddressType,
    tmnxVRtIPsecTnlLclGwAddr         InetAddress,
    tmnxVRtIPsecTnlRemGwAddrType     InetAddressType,
    tmnxVRtIPsecTnlRemGwAddr         InetAddress,
    tmnxVRtIPsecTnlSecurityPolicyId  TmnxIPsecPolicyIdOrZero,
    tmnxVRtIPsecTnlKeyingType        TmnxIPsecKeyingType,
    tmnxVRtIPsecTnlDynTransformId1   TmnxIPsecTransformIdOrZero,
    tmnxVRtIPsecTnlDynTransformId2   TmnxIPsecTransformIdOrZero,
    tmnxVRtIPsecTnlDynTransformId3   TmnxIPsecTransformIdOrZero,
    tmnxVRtIPsecTnlDynTransformId4   TmnxIPsecTransformIdOrZero,
    tmnxVRtIPsecTnlIkePolicyId       TmnxIkePolicyIdOrZero,
    tmnxVRtIPsecTnlIkePreSharedKey   OCTET STRING,
    tmnxVRtIPsecTnlOperFlags         BITS,
    tmnxVRtIPsecTnlReplayWindow      Unsigned32,
    tmnxVRtIPsecTnlAutoEstablish     TruthValue,
    tmnxVRtIPsecTnlBfdDesignate      TruthValue,
    tmnxVRtIPsecTnlLocalIdType       TmnxIPsecLocalIdType,
    tmnxVRtIPsecTnlLocalIdValue      DisplayString,
    tmnxVRtIPsecTnlClearDfBit        TruthValue,
    tmnxVRtIPsecTnlIpMtu             Unsigned32,
    tmnxVRtIPsecTnlHostISA           TmnxHwIndexOrZero,
    tmnxVRtIPsecTnlCSVPrimary        TmnxCertRevStatus,
    tmnxVRtIPsecTnlCSVSecondary      TmnxCertRevStatusOrNone,
    tmnxVRtIPsecTnlCSVDefResult      INTEGER,
    tmnxVRtIPsecTnlCertProfile       TNamedItemOrEmpty,
    tmnxVRtIPsecTnlMatchTrustAnchor  TNamedItemOrEmpty,
    tmnxVRtIPsecTnlCertTrstAnchrProf TNamedItemOrEmpty,
    tmnxVRtIPsecTnlEncapIpMtu        Unsigned32,
    tmnxVRtIPsecTnlPropagateIpv6PMTU TruthValue,
    tmnxVRtIPsecTnlIcmp6Pkt2Big      TruthValue,
    tmnxVRtIPsecTnlIcmp6NumPkt2Big   Unsigned32,
    tmnxVRtIPsecTnlIcmp6Pkt2BigTime  Unsigned32,
    tmnxVRtIPsecTnlOperChanged       TimeStamp,
    tmnxVRtIPsecTnlPropagateIpv4PMTU TruthValue,
    tmnxVRtIPsecTnlIcmpFragReq       TruthValue,
    tmnxVRtIPsecTnlIcmpFragReqNum    Unsigned32,
    tmnxVRtIPsecTnlIcmpFragReqTime   Unsigned32,
    tmnxVRtIPsecTnlPMTUDiscoverAging Unsigned32,
    tmnxVRtIPsecTnlPubTcpMssAdjust   Integer32,
    tmnxVRtIPsecTnlPrivTcpMssAdjust  Integer32,
    tmnxVRtIPsecTnlMaxNumPh1SaKeys   Unsigned32,
    tmnxVRtIPsecTnlMaxNumPh2SaKeys   Unsigned32,
    tmnxVRtIPsecTnlSecPlyStrictMatch TruthValue,
    tmnxVRtIPsecTnlPrivateSvcName    TLNamedItemOrEmpty,
    tmnxVRtIPsecTnlPrivSap           Unsigned32,
    tmnxVRtIPsecTnlLclGwAddrOvrdType InetAddressType,
    tmnxVRtIPsecTnlLclGwAddrOvrd     InetAddress
}

tmnxVRtIPsecTnlName              OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlName specifies the name of this IPsec
         tunnel."
    ::= { tmnxVRtIPsecTnlEntry 1 }

tmnxVRtIPsecTnlRowStatus         OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlRowStatus specifies the status of this
         row. It is used to create and destroy rows in tmnxVRtIPsecTnlTable."
    ::= { tmnxVRtIPsecTnlEntry 2 }

tmnxVRtIPsecTnlLastChanged       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlLastChanged indicates the time, since
         system startup, that the configuration of this row was created or
         modified."
    ::= { tmnxVRtIPsecTnlEntry 3 }

tmnxVRtIPsecTnlAdminState        OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlAdminState specifies the administrative
         state of the tmnxVRtIPsecTnlEntry."
    DEFVAL      { outOfService }
    ::= { tmnxVRtIPsecTnlEntry 4 }

tmnxVRtIPsecTnlOperState         OBJECT-TYPE
    SYNTAX      TmnxIPsecOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlOperState indicates the operational status
         of tmnxVRtIPsecTnlEntry."
    ::= { tmnxVRtIPsecTnlEntry 5 }

tmnxVRtIPsecTnlDescription       OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlDescription specifies the user-provided
         description for this entry."
    DEFVAL      { "" }
    ::= { tmnxVRtIPsecTnlEntry 6 }

tmnxVRtIPsecTnlLclGwAddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlLclGwAddrType specifies the address type
         of address in tmnxVRtIPsecTnlLclGwAddr."
    ::= { tmnxVRtIPsecTnlEntry 7 }

tmnxVRtIPsecTnlLclGwAddr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlLclGwAddr specifies the address of the
         interface on the local node of this IPsec tunnel."
    ::= { tmnxVRtIPsecTnlEntry 8 }

tmnxVRtIPsecTnlRemGwAddrType     OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlRemGwAddrType specifies the address type
         of address in tmnxVRtIPsecTnlRemGwAddr."
    DEFVAL      { unknown }
    ::= { tmnxVRtIPsecTnlEntry 9 }

tmnxVRtIPsecTnlRemGwAddr         OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlRemGwAddr specifies the address of the
         interface on the remote node of this IPsec tunnel."
    DEFVAL      { ''H }
    ::= { tmnxVRtIPsecTnlEntry 10 }

tmnxVRtIPsecTnlSecurityPolicyId  OBJECT-TYPE
    SYNTAX      TmnxIPsecPolicyIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlSecurityPolicyId specifies the IPsec
         security policy entry in the tmnxIPsecPolicyTable that this tunnel
         will use."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 11 }

tmnxVRtIPsecTnlKeyingType        OBJECT-TYPE
    SYNTAX      TmnxIPsecKeyingType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlKeyingType specifies the keying type that
         this tunnel will use."
    DEFVAL      { none }
    ::= { tmnxVRtIPsecTnlEntry 12 }

tmnxVRtIPsecTnlDynTransformId1   OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlDynTransformId1 specifies the first IPsec
         transform entry in the table tmnxIPsecTransformTable that this tunnel
         will use."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 13 }

tmnxVRtIPsecTnlDynTransformId2   OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlDynTransformId2 specifies the second IPsec
         transform entry in the table tmnxIPsecTransformTable that this tunnel
         will use.

         The value of tmnxVRtIPsecTnlDynTransformId2 is valid and greater than
         0, only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 14 }

tmnxVRtIPsecTnlDynTransformId3   OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlDynTransformId3 specifies the third IPsec
         transform entry in the table tmnxIPsecTransformTable that this tunnel
         will use.

         The value of tmnxVRtIPsecTnlDynTransformId3 is valid and greater than
         0, only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 15 }

tmnxVRtIPsecTnlDynTransformId4   OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlDynTransformId4 specifies the fourth IPsec
         transform entry in the table tmnxIPsecTransformTable that this tunnel
         will use.

         The value of tmnxVRtIPsecTnlDynTransformId3 is valid and greater than
         0, only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 16 }

tmnxVRtIPsecTnlIkePolicyId       OBJECT-TYPE
    SYNTAX      TmnxIkePolicyIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The object tmnxVRtIPsecTnlIkePolicyId specifies the IKE policy entry
         that this tunnel will use.

         The value of tmnxVRtIPsecTnlIkePolicyId is valid and greater than 0,
         only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 17 }

tmnxVRtIPsecTnlIkePreSharedKey   OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIkePreSharedKey specifies the shared
         secret between the two peers forming the tunnel.

         The value of tmnxVRtIPsecTnlIkePreSharedKey is a valid and non null
         string only if the value of tmnxVRtIPsecTnlKeyingType is 'dynamic'."
    DEFVAL      { "" }
    ::= { tmnxVRtIPsecTnlEntry 18 }

tmnxVRtIPsecTnlOperFlags         OBJECT-TYPE
    SYNTAX      BITS {
        unresolvedLocalIp               (0),
        tunnelAdminDown                 (1),
        sapDown                         (2),
        unresolvedPublicSvc             (3),
        bfdSessionDown                  (4),
        reserved1                       (5),
        unresolvedDstIp                 (6),
        invalidCertFile                 (7),
        invalidKeyFile                  (8),
        trustAnchorsDown                (9),
        certProfileDown                 (10),
        invalidCertKeyCombo             (11),
        securedIntfSourceAddrUnresolved (12)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlOperFlags indicates the reason why the
         tunnel is operationally down."
    ::= { tmnxVRtIPsecTnlEntry 19 }

tmnxVRtIPsecTnlReplayWindow      OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 32 | 64 | 128 | 256 | 512)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlReplayWindow specifies the size of the
         anti-replay window.

         If the value of tmnxVRtIPsecTnlReplayWindow is set to 0, then the
         anti-replay feature is disabled."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 20 }

tmnxVRtIPsecTnlAutoEstablish     OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlAutoEstablish specifies whether to attempt
         to establish a phase 1 exchange automatically."
    DEFVAL      { false }
    ::= { tmnxVRtIPsecTnlEntry 21 }

tmnxVRtIPsecTnlBfdDesignate      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlBfdDesignate specifies whether this IPSec
         tunnel is the BFD designated tunnel."
    DEFVAL      { false }
    ::= { tmnxVRtIPsecTnlEntry 22 }

tmnxVRtIPsecTnlLocalIdType       OBJECT-TYPE
    SYNTAX      TmnxIPsecLocalIdType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlLocalIdType specifies the local identifier
         type used for IDi or IDr for IKEv2.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxVRtIPsecTnlAdminState is in 'inService' state."
    DEFVAL      { none }
    ::= { tmnxVRtIPsecTnlEntry 23 }

tmnxVRtIPsecTnlLocalIdValue      OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlLocalIdValue specifies the value
         associated with tmnxVRtIPsecTnlLocalIdType object.

         Value is extracted from the configured certificate when
         tmnxVRtIPsecTnlLocalIdType is set to 'dn'."
    DEFVAL      { ''H }
    ::= { tmnxVRtIPsecTnlEntry 24 }

tmnxVRtIPsecTnlClearDfBit        OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlClearDfBit specifies whether to clear Do
         not Fragment (DF) bit in the outgoing packets in this tunnel."
    DEFVAL      { false }
    ::= { tmnxVRtIPsecTnlEntry 25 }

tmnxVRtIPsecTnlIpMtu             OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 512..9000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIpMtu specifies the MTU size for IP packets
         for this  tunnel.

         A value set to zero indicates maximum supported MTU size on the SAP
         for this tunnel."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 26 }

tmnxVRtIPsecTnlHostISA           OBJECT-TYPE
    SYNTAX      TmnxHwIndexOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlHostISA indicates the active ISA MDA that
         is being used to host this IPsec tunnel.

         This object will have a value of zero when this tunnel is
         operationally down."
    ::= { tmnxVRtIPsecTnlEntry 27 }

tmnxVRtIPsecTnlCSVPrimary        OBJECT-TYPE
    SYNTAX      TmnxCertRevStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlCSVPrimary specifies the primary method of
         Certificate Status Verification (CSV) that is used to verify
         revocation status of the certificate of the peer.

         This value must be set in the same PDU as tmnxVRtIPsecTnlCSVSecondary
         if the value of tmnxVRtIPsecTnlAdminState is equal to 'inService (2)'."
    DEFVAL      { crl }
    ::= { tmnxVRtIPsecTnlEntry 28 }

tmnxVRtIPsecTnlCSVSecondary      OBJECT-TYPE
    SYNTAX      TmnxCertRevStatusOrNone
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlCSVSecondary specifies the secondary
         method of Certificate Status Verification (CSV) that is used to verify
         revocation status of the certificate of the peer.

         This value must be set in the same PDU as tmnxVRtIPsecTnlCSVPrimary if
         the value of tmnxVRtIPsecTnlAdminState is equal to 'inService (2)'."
    DEFVAL      { none }
    ::= { tmnxVRtIPsecTnlEntry 29 }

tmnxVRtIPsecTnlCSVDefResult      OBJECT-TYPE
    SYNTAX      INTEGER {
        revoked (0),
        good    (1)
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlCSVDefResult specifies the default result
         of Certificate Status Verification (CSV) when both primary and
         secondary method failed to provide an answer."
    DEFVAL      { revoked }
    ::= { tmnxVRtIPsecTnlEntry 30 }

tmnxVRtIPsecTnlCertProfile       OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlCertProfile specifies the certificate
         profile associated with this IPsec tunnel."
    DEFVAL      { ''H }
    ::= { tmnxVRtIPsecTnlEntry 31 }

tmnxVRtIPsecTnlMatchTrustAnchor  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlMatchTrustAnchor indicates the name for
         matched Certificate-Authority Profile name associated with this SAP
         IPSec tunnel certificate."
    ::= { tmnxVRtIPsecTnlEntry 32 }

tmnxVRtIPsecTnlCertTrstAnchrProf OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlCertTrstAnchrProf specifies the name for
         Certificate-Authority Trust Anchor Profile name associated with this
         SAP IPSec tunnel certificate.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxVRtIPsecTnlAdminState is in 'inService' state."
    DEFVAL      { ''H }
    ::= { tmnxVRtIPsecTnlEntry 33 }

tmnxVRtIPsecTnlEncapIpMtu        OBJECT-TYPE
    SYNTAX      Unsigned32 (0 | 512..9000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlEncapIpMtu specifies the MTU size for IP
         packets after tunnel encapsulation has been added.

         A value set to zero indicates maximum supported MTU size on the SAP
         for this tunnel."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 34 }

tmnxVRtIPsecTnlPropagateIpv6PMTU OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlPropagateIpv6PMTU specifies whether or not
         to propagate a path MTU to IPv6 hosts."
    DEFVAL      { false }
    ::= { tmnxVRtIPsecTnlEntry 35 }

tmnxVRtIPsecTnlIcmp6Pkt2Big      OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIcmp6Pkt2Big specifies whether
         packet-too-big ICMP messages should be sent. When it is set to 'true',
         ICMPv6 packet-too-big messages are generated by this IPsec tunnel.
         When tmnxVRtIPsecTnlIcmp6Pkt2Big is set to 'false (2)', ICMPv6
         packet-too-big messages are not sent.

         When the value of tmnxVRtIPsecTnlIcmp6Pkt2Big is 'false (2)', it must
         be set in the same SNMP PDU as tmnxVRtIPsecTnlIcmp6NumPkt2Big and
         tmnxVRtIPsecTnlIcmp6Pkt2BigTime. The value of
         tmnxVRtIPsecTnlIcmp6NumPkt2Big and tmnxVRtIPsecTnlIcmp6Pkt2BigTime
         must be their default values."
    DEFVAL      { true }
    ::= { tmnxVRtIPsecTnlEntry 36 }

tmnxVRtIPsecTnlIcmp6NumPkt2Big   OBJECT-TYPE
    SYNTAX      Unsigned32 (10..1000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIcmp6NumPkt2Big specifies how many
         packet-too-big ICMPv6 messages are transmitted in the time frame
         specified by tmnxVRtIPsecTnlIcmp6Pkt2BigTime.

         This value must be set in the same SNMP SET PDU as
         tmnxVRtIPsecTnlIcmp6Pkt2Big."
    DEFVAL      { 100 }
    ::= { tmnxVRtIPsecTnlEntry 37 }

tmnxVRtIPsecTnlIcmp6Pkt2BigTime  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..60)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIcmp6Pkt2BigTime specifies the time frame
         in seconds that is used to limit the number of packet-too-big ICMPv6
         messages transmitted per time frame.

         This value must be set in the same SNMP SET PDU as
         tmnxVRtIPsecTnlIcmp6Pkt2Big."
    DEFVAL      { 10 }
    ::= { tmnxVRtIPsecTnlEntry 38 }

tmnxVRtIPsecTnlOperChanged       OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlOperChanged indicates the sysUpTime at the
         time of the last operational status change of this entry."
    ::= { tmnxVRtIPsecTnlEntry 39 }

tmnxVRtIPsecTnlPropagateIpv4PMTU OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlPropagateIpv4PMTU specifies whether or not
         to propagate a path MTU to IPv4 hosts."
    DEFVAL      { false }
    ::= { tmnxVRtIPsecTnlEntry 40 }

tmnxVRtIPsecTnlIcmpFragReq       OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIcmpFragReq specifies whether or not
         'Fragmentation required and DF flag set' ICMP messages should be sent.
         When it is set to 'true (1)', the ICMP messages are transmitted by
         this IPsec tunnel. When tmnxVRtIPsecTnlIcmpFragReq is set to 'false
         (2)', the ICMP messages are not sent.

         When the value of tmnxVRtIPsecTnlIcmpFragReq is 'false (2)', it must
         be set in the same SNMP PDU as tmnxVRtIPsecTnlIcmpFragReqNum and
         tmnxVRtIPsecTnlIcmpFragReqTime. The value of
         tmnxVRtIPsecTnlIcmpFragReqNum and tmnxVRtIPsecTnlIcmpFragReqTime must
         be their default values."
    DEFVAL      { true }
    ::= { tmnxVRtIPsecTnlEntry 41 }

tmnxVRtIPsecTnlIcmpFragReqNum    OBJECT-TYPE
    SYNTAX      Unsigned32 (10..1000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIcmpFragReqNum specifies how many
         'Fragmentation required and DF flag set' ICMP messages are transmitted
         in the time frame specified by tmnxVRtIPsecTnlIcmpFragReqTime.

         This value must be set in the same SNMP SET PDU as
         tmnxVRtIPsecTnlIcmpFragReq."
    DEFVAL      { 100 }
    ::= { tmnxVRtIPsecTnlEntry 42 }

tmnxVRtIPsecTnlIcmpFragReqTime   OBJECT-TYPE
    SYNTAX      Unsigned32 (1..60)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIcmpFragReqTime specifies the time frame
         in seconds that is used to limit the number of 'Fragmentation required
         and DF flag set' ICMP messages transmitted per time frame.

         This value must be set in the same SNMP SET PDU as
         tmnxVRtIPsecTnlIcmpFragReq."
    DEFVAL      { 10 }
    ::= { tmnxVRtIPsecTnlEntry 43 }

tmnxVRtIPsecTnlPMTUDiscoverAging OBJECT-TYPE
    SYNTAX      Unsigned32 (900..3600)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlPMTUDiscoverAging specifies the number of
         seconds used to age out the learned MTU, which is obtained through
         path MTU discovery."
    DEFVAL      { 900 }
    ::= { tmnxVRtIPsecTnlEntry 44 }

tmnxVRtIPsecTnlPubTcpMssAdjust   OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 0 | 512..9000)
    UNITS       "octets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlPubTcpMssAdjust specifies the Maximum
         Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
         sent from the public network to the private network. The system may
         use this value to adjust or insert the MSS option in TCP SYN packet.

         The TCP MSS adjustment functionality on the public side network is
         disabled when the following conditions are met.
         1) The value of tmnxVRtIPsecTnlPubTcpMssAdjust is '-1' or
         2) The values of tmnxVRtIPsecTnlPubTcpMssAdjust and
            tmnxVRtIPsecTnlEncapIpMtu are both '0'.

         When the system receives a TCP SYN packet from the public network and
         this packet contains an MSS option, the system replaces the MSS option
         value with a new MSS when the new MSS is smaller than the MSS option
         value.

         When the system receives a TCP SYN packet from the public network and
         this packet does not contain an MSS option, the system inserts one
         with a new MSS.

         The new MSS is calculated based on the following rules.
         1) When the value of tmnxVRtIPsecTnlPubTcpMssAdjust is '0' and
            tmnxVRtIPsecTnlEncapIpMtu has a non-zero value,
            New MSS = tmnxVRtIPsecTnlEncapIpMtu - total header size (e.g.,
                      encryption, encapsulation, TCP and IP headers)
         2) When the value of tmnxVRtIPsecTnlPubTcpMssAdjust is in the range
            of (512..9000)
            New MSS = tmnxVRtIPsecTnlPubTcpMssAdjust"
    REFERENCE
        "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
    DEFVAL      { -1 }
    ::= { tmnxVRtIPsecTnlEntry 45 }

tmnxVRtIPsecTnlPrivTcpMssAdjust  OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 512..9000)
    UNITS       "octets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlPrivTcpMssAdjust specifies the Maximum
         Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is
         sent from the private network to the public network. The system may
         use this value to adjust or insert the MSS option in TCP SYN packet.

         The value of '-1' specifies that the TCP MSS adjustment functionality
         on the private side is disabled.

         When the system receives a TCP SYN packet from the private network and
         this packet contains an MSS option, the system replaces the MSS option
         value with tmnxVRtIPsecTnlPrivTcpMssAdjust when the value of
         tmnxVRtIPsecTnlPrivTcpMssAdjust is smaller than the MSS option value.

         When the system receives a TCP SYN packet from the private network and
         this packet does not contain an MSS option, the system inserts one
         whose MSS is equal to tmnxVRtIPsecTnlPrivTcpMssAdjust."
    REFERENCE
        "RFC 6691, 'TCP Options and Maximum Segment Size (MSS)', IETF, July 2012"
    DEFVAL      { -1 }
    ::= { tmnxVRtIPsecTnlEntry 46 }

tmnxVRtIPsecTnlMaxNumPh1SaKeys   OBJECT-TYPE
    SYNTAX      Unsigned32 (0..3)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlMaxNumPh1SaKeys specifies the maximum
         number of security association (SA) phase 1 keys, which can be saved
         by the system, for this IPsec tunnel."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 47 }

tmnxVRtIPsecTnlMaxNumPh2SaKeys   OBJECT-TYPE
    SYNTAX      Unsigned32 (0..48)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlMaxNumPh2SaKeys specifies the maximum
         number of security association (SA) phase 2 keys, which can be saved
         by the system, for this IPsec tunnel."
    DEFVAL      { 0 }
    ::= { tmnxVRtIPsecTnlEntry 48 }

tmnxVRtIPsecTnlSecPlyStrictMatch OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlSecPlyStrictMatch specifies whether or not
         the system does a strict match when it receives a CREATE_CHILD
         exchange request, which is not for rekey, for this IPsec tunnel."
    DEFVAL      { false }
    ::= { tmnxVRtIPsecTnlEntry 49 }

tmnxVRtIPsecTnlPrivateSvcName    OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlPrivateSvcName specifies the private
         service name of this tunnel.

         The value of this object can only be specified during the row
         creation."
    DEFVAL      { ''H }
    ::= { tmnxVRtIPsecTnlEntry 50 }

tmnxVRtIPsecTnlPrivSap           OBJECT-TYPE
    SYNTAX      Unsigned32 (0..4094)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlPrivSap specifies the SAP encapsulation
         value of this tunnel.

         This object must be specified a value during the row creation."
    ::= { tmnxVRtIPsecTnlEntry 51 }

tmnxVRtIPsecTnlLclGwAddrOvrdType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlLclGwAddrOvrdType specifies the address
         type of address in tmnxVRtIPsecTnlLclGwAddrOvrd."
    DEFVAL      { unknown }
    ::= { tmnxVRtIPsecTnlEntry 52 }

tmnxVRtIPsecTnlLclGwAddrOvrd     OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlLclGwAddrOvrd specifies the local IPsec
         tunnel endpoint that overrides the secured interface default source
         address."
    DEFVAL      { ''H }
    ::= { tmnxVRtIPsecTnlEntry 53 }

tmnxVRtIPsecTnlBfdTableLChg      OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlBfdTableLChg indicates the time, since
         system startup, when tmnxVRtIPsecTnlBfdTable last changed
         configuration.

         A value of zero indicates that no changes were made to this table
         since the system was last initialized."
    ::= { tmnxIPsecObjects 107 }

tmnxVRtIPsecTnlBfdTable          OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxVRtIPsecTnlBfdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxVRtIPsecTnlBfdTable contains configurable IPsec Tunnel
         Bidirectional Forwarding Detection (BFD) session information.

         Entries in this table are created and destroyed via SNMP SET
         operations to tmnxVRtIPsecTnlBfdRowStatus.

         tmnxVRtIPsecTnlBfdSvcName, tmnxVRtIPsecTnlBfdIfName,
         tmnxVRtIPsecTnlBfdDstAddrT and tmnxVRtIPsecTnlBfdDstAddr must be
         present in the same SNMP PDU as the row creation, otherwise the
         creation will fail."
    ::= { tmnxIPsecObjects 108 }

tmnxVRtIPsecTnlBfdEntry          OBJECT-TYPE
    SYNTAX      TmnxVRtIPsecTnlBfdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxVRtIPsecTnlBfdEntry contains the configuration of one IPsec
         Tunnel BFD session entry."
    INDEX       {
        vRtrID,
        vRtrIfIndex,
        tmnxVRtIPsecTnlName
    }
    ::= { tmnxVRtIPsecTnlBfdTable 1 }

TmnxVRtIPsecTnlBfdEntry          ::= SEQUENCE
{
    tmnxVRtIPsecTnlBfdRowStatus      RowStatus,
    tmnxVRtIPsecTnlBfdSvcName        TLNamedItemOrEmpty,
    tmnxVRtIPsecTnlBfdIfName         TNamedItemOrEmpty,
    tmnxVRtIPsecTnlBfdDstAddrT       InetAddressType,
    tmnxVRtIPsecTnlBfdDstAddr        InetAddress
}

tmnxVRtIPsecTnlBfdRowStatus      OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlBfdRowStatus specifies the status of this
         row. It is used to create and destroy rows in tmnxVRtIPsecTnlBfdTable."
    ::= { tmnxVRtIPsecTnlBfdEntry 1 }

tmnxVRtIPsecTnlBfdSvcName        OBJECT-TYPE
    SYNTAX      TLNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlBfdSvcName specifies the service name of
         the interface running BFD."
    DEFVAL      { ''H }
    ::= { tmnxVRtIPsecTnlBfdEntry 2 }

tmnxVRtIPsecTnlBfdIfName         OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlBfdIfName specifies the IPSec interface
         used by the BFD session."
    DEFVAL      { ''H }
    ::= { tmnxVRtIPsecTnlBfdEntry 3 }

tmnxVRtIPsecTnlBfdDstAddrT       OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlBfdDstAddrT specifies the address type of
         tmnxVRtIPsecTnlBfdDstAddr."
    DEFVAL      { ipv4 }
    ::= { tmnxVRtIPsecTnlBfdEntry 4 }

tmnxVRtIPsecTnlBfdDstAddr        OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlBfdDstAddr specifies the destination IP
         address to be used for the BFD session.

         The default value of tmnxVRtIPsecTnlBfdDstAddr is 0.0.0.0."
    DEFVAL      { '00000000'H }
    ::= { tmnxVRtIPsecTnlBfdEntry 5 }

tmnxVRtIPsecTnlBfdStatTable      OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxVRtIPsecTnlBfdStatEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxVRtIPsecTnlBfdStatTable contains the statistics of IPsec
         Tunnel BFD sessions."
    ::= { tmnxIPsecObjects 109 }

tmnxVRtIPsecTnlBfdStatEntry      OBJECT-TYPE
    SYNTAX      TmnxVRtIPsecTnlBfdStatEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The tmnxVRtIPsecTnlBfdStatEntry contains the statistics for a single
         IPsec Tunnel BFD session."
    INDEX       {
        vRtrID,
        vRtrIfIndex,
        tmnxVRtIPsecTnlName
    }
    ::= { tmnxVRtIPsecTnlBfdStatTable 1 }

TmnxVRtIPsecTnlBfdStatEntry      ::= SEQUENCE
{
    tmnxVRtIPsecTnlBfdStatSrcAddrT   InetAddressType,
    tmnxVRtIPsecTnlBfdStatSrcAddr    InetAddress,
    tmnxVRtIPsecTnlBfdStatOperState  TmnxBfdSessOperState
}

tmnxVRtIPsecTnlBfdStatSrcAddrT   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlBfdStatSrcAddrT indicates the address type
         of tmnxVRtIPsecTnlBfdStatSrcAddr."
    ::= { tmnxVRtIPsecTnlBfdStatEntry 1 }

tmnxVRtIPsecTnlBfdStatSrcAddr    OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlBfdStatSrcAddr indicates the source IP
         address on the interface running BFD."
    ::= { tmnxVRtIPsecTnlBfdStatEntry 2 }

tmnxVRtIPsecTnlBfdStatOperState  OBJECT-TYPE
    SYNTAX      TmnxBfdSessOperState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlBfdStatOperState indicates the operational
         state of the BFD session the IPsec tunnel is relying upon for its fast
         triggering mechanism."
    ::= { tmnxVRtIPsecTnlBfdStatEntry 3 }

tmnxVRtIPsecSATableLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSATableLastChanged indicates the sysUpTime at
         the time of the last modification to tmnxVRtIPsecSATable by adding,
         deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 112 }

tmnxVRtIPsecSATable              OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxVRtIPsecSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec manual and dynamic SA entries."
    ::= { tmnxIPsecObjects 113 }

tmnxVRtIPsecSAEntry              OBJECT-TYPE
    SYNTAX      TmnxVRtIPsecSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec SA entry."
    INDEX       {
        vRtrID,
        vRtrIfIndex,
        tmnxVRtIPsecTnlName,
        tmnxVRtIPsecSAId,
        tmnxVRtIPsecSADirection,
        tmnxVRtIPsecSAIndex
    }
    ::= { tmnxVRtIPsecSATable 1 }

TmnxVRtIPsecSAEntry              ::= SEQUENCE
{
    tmnxVRtIPsecSAId                 Unsigned32,
    tmnxVRtIPsecSADirection          TmnxIPsecDirection,
    tmnxVRtIPsecSAIndex              Unsigned32,
    tmnxVRtIPsecSARowStatus          RowStatus,
    tmnxVRtIPsecSALastChanged        TimeStamp,
    tmnxVRtIPsecSAType               TmnxIPsecKeyingType,
    tmnxVRtIPsecSAEncryptionKey      OCTET STRING,
    tmnxVRtIPsecSAAuthenticationKey  OCTET STRING,
    tmnxVRtIPsecSASpi                Unsigned32,
    tmnxVRtIPsecSAManualTransformId  TmnxIPsecTransformIdOrZero,
    tmnxVRtIPsecSAAuthAlgorithm      TmnxAuthAlgorithm,
    tmnxVRtIPsecSAEncrAlgorithm      TmnxEncrAlgorithm,
    tmnxVRtIPsecSAStorageType        StorageType,
    tmnxVRtIPsecSAEstablishedTime    TimeStamp,
    tmnxVRtIPsecSANegotiatedLifeTime Unsigned32
}

tmnxVRtIPsecSAId                 OBJECT-TYPE
    SYNTAX      Unsigned32 (1..16)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAId specifies the id of an SA entry and is
         part of the index for the tmnxVRtIPsecSATable."
    ::= { tmnxVRtIPsecSAEntry 1 }

tmnxVRtIPsecSADirection          OBJECT-TYPE
    SYNTAX      TmnxIPsecDirection
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSADirection specifies the direction on the
         IPsec tunnel to which this SA entry can be applied.  The value
         of tmnxVRtIPsecSADirection is also part of the index for the table
         tmnxVRtIPsecSATable"
    ::= { tmnxVRtIPsecSAEntry 2 }

tmnxVRtIPsecSAIndex              OBJECT-TYPE
    SYNTAX      Unsigned32 (1..2)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAIndex specifies an additional index to
         uniquely identify the SA entry in the tmnxVRtIPsecSATable.

         The value of tmnxVRtIPsecSAIndex is limited to a value of '1' when
         tmnxIPsecTunnelKeyingType corresponding to the tunnel specified
         tmnxIPsecTunnelName is set to 'static'."
    ::= { tmnxVRtIPsecSAEntry 3 }

tmnxVRtIPsecSARowStatus          OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxVRtIPsecSARowStatus object is used to create and delete rows
         in the tmnxVRtIPsecSATable.

         When creating an entry in tmnxVRtIPsecSATable, the value of
         tmnxVRtIPsecSARowStatus must be 'createAndGo' and the objects
         tmnxVRtIPsecSAEncryptionKey, tmnxVRtIPsecSAAuthenticationKey,
         tmnxVRtIPsecSASpi, tmnxVRtIPsecSAManualTransformId are required to be
         set in the same request."
    ::= { tmnxVRtIPsecSAEntry 4 }

tmnxVRtIPsecSALastChanged        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSALastChanged indicates the sysUpTime at the
         time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxVRtIPsecSAEntry 5 }

tmnxVRtIPsecSAType               OBJECT-TYPE
    SYNTAX      TmnxIPsecKeyingType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAType indicates whether this SA entry is
         created manually by the user or dynamically by the IPsec subsystem."
    ::= { tmnxVRtIPsecSAEntry 6 }

tmnxVRtIPsecSAEncryptionKey      OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..255))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAEncryptionKey specifies the key used for
         the encryption algorithm defined by the
         tmnxIPsecTransformEncrAlgorithm in the IPsec transform indexed by
         tmnxVRtIPsecSAManualTransformId.

         The length of the key must match the length required by the encryption
         algorithm. If a key of another length is set, the request will fail
         with an 'inconsistentValue' error.

         There is no default value for tmnxVRtIPsecSAEncryptionKey and this is
         a required object when creating an entry in tmnxVRtIPsecSATable. If
         tmnxVRtIPsecSAEncryptionKey is not specified when creating an entry,
         the request will fail with an 'inconsistentValue' error.

         A 'wrongLength' error is returned if the length of this object is set
         to outside the range of 0 and 32."
    ::= { tmnxVRtIPsecSAEntry 7 }

tmnxVRtIPsecSAAuthenticationKey  OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..255))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAAuthenticationKey specifies the key used
         for the authentication algorithm defined by the
         tmnxIPsecTransformAuthAlgorithm in the IPsec transform indexed by
         tmnxVRtIPsecSAManualTransformId.

         The length of the key must match the length required by the
         authentication algorithm. If a key of another length is set, the
         request will fail with an 'inconsistentValue' error.

         There is no default value for tmnxVRtIPsecSAAuthenticationKey and this
         is a required object when creating an entry in tmnxVRtIPsecSATable. If
         tmnxVRtIPsecSAAuthenticationKey is not specified when creating an
         entry, the request will fail with an 'inconsistentValue' error.

         A 'wrongLength' error is returned if the length of this object is set
         to outside the range of 0 and 64."
    ::= { tmnxVRtIPsecSAEntry 8 }

tmnxVRtIPsecSASpi                OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSASpi specifies the SPI (Security Parameter
         Index) used to lookup the instruction to verify and decrypt the
         incoming IPsec packets when the value of tmnxVRtIPsecSADirection is
         'inbound'.

         The value of tmnxVRtIPsecSASpi specifies the SPI that will be used
         in the encoding of the outgoing packets when the value of
         tmnxVRtIPsecSADirection is 'outbound'.  The remote node can use this
         SPI to lookup the instruction to verify and decrypt the packet.

         There is no default value for tmnxVRtIPsecSASpi and this is a required
         object when creating an entry in tmnxVRtIPsecSATable. If
         tmnxVRtIPsecSAAuthenticationKey is not specified when creating an
         entry, the request will fail with an 'inconsistentValue' error.

         A 'wrongValue' error is returned if the value of tmnxVRtIPsecSASpi is
         set to outside the range of 256 and 16383."
    ::= { tmnxVRtIPsecSAEntry 9 }

tmnxVRtIPsecSAManualTransformId  OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAManualTransformId specifies the transform
         entry that will be used by this SA entry.  This object should be
         specified for all the entries created by the user which are manual
         SAs.  If the value of tmnxVRtIPsecSAType is 'dynamic', then
         the value of tmnxVRtIPsecSAManualTransformId is irrelevant and
         will be zero.

         There is no default value for tmnxVRtIPsecSAManualTransformId and this
         is a required object when creating an entry in tmnxVRtIPsecSATable. If
         tmnxVRtIPsecSAManualTransformId is not specified when creating an
         entry, the request will fail with an 'inconsistentValue' error."
    ::= { tmnxVRtIPsecSAEntry 10 }

tmnxVRtIPsecSAAuthAlgorithm      OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAAuthAlgorithm indicates the authentication
         algorithm used with this SA."
    ::= { tmnxVRtIPsecSAEntry 11 }

tmnxVRtIPsecSAEncrAlgorithm      OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAEncrAlgorithm indicates the encryption
         algorithm used with this SA."
    ::= { tmnxVRtIPsecSAEntry 12 }

tmnxVRtIPsecSAStorageType        OBJECT-TYPE
    SYNTAX      StorageType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStorageType indicates how the row is stored.
         Entries with tmnxVRtIPsecSAStorageType of 'read-only' are dynamic SAs
         and are created by the IPsec subsystem and cannot be modified or
         destroyed.  All the entries created by the user are manual SAs and
         will have the tmnxVRtIPsecSAStorageType as 'nonVolatile'."
    ::= { tmnxVRtIPsecSAEntry 13 }

tmnxVRtIPsecSAEstablishedTime    OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAEstablishedTime indicates the sysUpTime at
         the time the IPsec phase 2 negotiation completed."
    ::= { tmnxVRtIPsecSAEntry 14 }

tmnxVRtIPsecSANegotiatedLifeTime OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSANegotiatedLifeTime indicates the lifetime
         negotiated for phase2 IKE key."
    ::= { tmnxVRtIPsecSAEntry 15 }

tmnxVRtIPsecSAStTable            OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxVRtIPsecSAStEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to retrieve the IPsec SA Statistics entries."
    ::= { tmnxIPsecObjects 114 }

tmnxVRtIPsecSAStEntry            OBJECT-TYPE
    SYNTAX      TmnxVRtIPsecSAStEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec SA Statistics entry."
    INDEX       {
        vRtrID,
        vRtrIfIndex,
        tmnxVRtIPsecTnlName,
        tmnxVRtIPsecSAId,
        tmnxVRtIPsecSADirection,
        tmnxVRtIPsecSAIndex
    }
    ::= { tmnxVRtIPsecSAStTable 1 }

TmnxVRtIPsecSAStEntry            ::= SEQUENCE
{
    tmnxVRtIPsecSAStBytesProcessed   Counter64,
    tmnxVRtIPsecSAStBytesProcLow32   Counter32,
    tmnxVRtIPsecSAStBytesProcHigh32  Counter32,
    tmnxVRtIPsecSAStPktsProcessed    Counter64,
    tmnxVRtIPsecSAStPktsProcLow32    Counter32,
    tmnxVRtIPsecSAStPktsProcHigh32   Counter32,
    tmnxVRtIPsecSAStCryptoErrors     Counter32,
    tmnxVRtIPsecSAStReplayErrors     Counter32,
    tmnxVRtIPsecSAStSAErrors         Counter32,
    tmnxVRtIPsecSAStPolicyErrors     Counter32,
    tmnxVRtIPsecSAStEncapOverhead    Counter32,
    tmnxVRtIPsecSAStPreEncapFragCnt  Counter64,
    tmnxVRtIPsecSAStPreEncapFragLtSz Unsigned32,
    tmnxVRtIPsecSAStPstEncapFragCnt  Counter64,
    tmnxVRtIPsecSAStPstEncapFragLtSz Unsigned32,
    tmnxVRtIPsecSAStTempPrivMtu      Unsigned32,
    tmnxVRtIPsecSAStPfsDhGroup       TmnxIkePolicyDHGroupOrZero,
    tmnxVRtIPsecSAStMulticastIfName  TNamedItemOrEmpty,
    tmnxVRtIPsecSAStMulticastProt    TIPsecMulticastProtocol
}

tmnxVRtIPsecSAStBytesProcessed   OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStBytesProcessed indicates the number of
         bytes successfully processed for this SA."
    ::= { tmnxVRtIPsecSAStEntry 1 }

tmnxVRtIPsecSAStBytesProcLow32   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStBytesProcLow32 indicates the lower 32
         bits of the value of tmnxVRtIPsecSAStBytesProcessed."
    ::= { tmnxVRtIPsecSAStEntry 2 }

tmnxVRtIPsecSAStBytesProcHigh32  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStBytesProcHigh32 indicates the higher 32
         bits of the value of tmnxVRtIPsecSAStBytesProcessed."
    ::= { tmnxVRtIPsecSAStEntry 3 }

tmnxVRtIPsecSAStPktsProcessed    OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStPktsProcessed indicates the number of
         packets successfully processed for this SA."
    ::= { tmnxVRtIPsecSAStEntry 4 }

tmnxVRtIPsecSAStPktsProcLow32    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStPktsProcLow32 indicates the lower 32 bits
         of the value of tmnxVRtIPsecSAStPktsProcessed."
    ::= { tmnxVRtIPsecSAStEntry 5 }

tmnxVRtIPsecSAStPktsProcHigh32   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStPktsProcHigh32 indicates the higher 32
         bits of the value of tmnxVRtIPsecSAStPktsProcessed."
    ::= { tmnxVRtIPsecSAStEntry 6 }

tmnxVRtIPsecSAStCryptoErrors     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStCryptoErrors indicates the number
         of crypto errors encountered on this SA.  The crypto errors
         include errors on packets where protocol does not match or
         if the check on authentication header length failed."
    ::= { tmnxVRtIPsecSAStEntry 7 }

tmnxVRtIPsecSAStReplayErrors     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStReplayErrors indicates the number of
         replay errors encountered on this SA."
    ::= { tmnxVRtIPsecSAStEntry 8 }

tmnxVRtIPsecSAStSAErrors         OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStSAErrors indicates the number
         of SA errors encountered on this SA.  The SA errors include
         sequence number failure, invalid SA, policy version mismatch,
         illegal authentication algorithm, expanded packet too big,
         illegal configured algorithm and ttl decrement error."
    ::= { tmnxVRtIPsecSAStEntry 9 }

tmnxVRtIPsecSAStPolicyErrors     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStPolicyErrors indicates the number
         of policy errors encountered on this SA.  The policy errors include
         bundled SA, selector check and policy direction error."
    ::= { tmnxVRtIPsecSAStEntry 10 }

tmnxVRtIPsecSAStEncapOverhead    OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStEncapOverhead indicates the encapsulation
         overhead for this outbound SA. This value is only significant when the
         value of tmnxVRtIPsecSADirection is 'outbound'."
    ::= { tmnxVRtIPsecSAStEntry 11 }

tmnxVRtIPsecSAStPreEncapFragCnt  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStPreEncapFragCnt indicates the number of
         fragmentations that occurred prior to encapsulation for this outbound
         SA. Pre-encapsulation fragmentation occurs for IPv4 packets whose size
         exceeds tmnxIPsecTunnelIpMtu. This value is only significant when the
         value of tmnxVRtIPsecSADirection is 'outbound'."
    ::= { tmnxVRtIPsecSAStEntry 12 }

tmnxVRtIPsecSAStPreEncapFragLtSz OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStPreEncapFragLtSz indicates the size of
         the last packet which caused a pre-encapsulation fragmentation to
         occur for this SA. This value is only significant when the value of
         tmnxVRtIPsecSADirection is 'outbound'."
    ::= { tmnxVRtIPsecSAStEntry 13 }

tmnxVRtIPsecSAStPstEncapFragCnt  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStPstEncapFragCnt indicates the number of
         fragmentations that occurred after encapsulation for this SA.
         Post-encapsulation fragmentation occurs when the encapsulated packet
         size exceeds tmnxIPsecTunnelEncapIpMtu. This value is only significant
         when the value of tmnxVRtIPsecSADirection is 'outbound'."
    ::= { tmnxVRtIPsecSAStEntry 14 }

tmnxVRtIPsecSAStPstEncapFragLtSz OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStPstEncapFragLtSz indicates the size of
         the last encapsulated packet which caused a post-encapsulation
         fragmentation to occur for this SA. This value is only significant
         when the value of tmnxVRtIPsecSADirection is 'outbound'."
    ::= { tmnxVRtIPsecSAStEntry 15 }

tmnxVRtIPsecSAStTempPrivMtu      OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "bytes"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStTempPrivMtu indicates the size of
         temporary private MTU for this SA.

         This value is only significant when the value of
         tmnxVRtIPsecSADirection is 'outbound (2)'."
    ::= { tmnxVRtIPsecSAStEntry 16 }

tmnxVRtIPsecSAStPfsDhGroup       OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroupOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStPfsDhGroup indicates the Diffie-Hellman
         (DH) group used with this SA.

         The Diffie-Hellman (DH) group is used by the SA to achieve Perfect
         Forward Secrecy (PFS)."
    ::= { tmnxVRtIPsecSAStEntry 17 }

tmnxVRtIPsecSAStMulticastIfName  OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStMulticastIfName indicates the multicast
         interface name associated with this SA.

         This value is only significant when the value of tmnxVRtIPsecSAType is
         'dynamic (2)' and the value of tmnxVRtIPsecSADirection is 'outbound
         (2)'."
    ::= { tmnxVRtIPsecSAStEntry 18 }

tmnxVRtIPsecSAStMulticastProt    OBJECT-TYPE
    SYNTAX      TIPsecMulticastProtocol
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecSAStMulticastProt indicates the supported
         protocol types of the multicast interface associated to this RA.

         This value is only significant when the value of tmnxVRtIPsecSAType is
         'dynamic (2)' and the value of tmnxVRtIPsecSADirection is 'outbound
         (2)'."
    ::= { tmnxVRtIPsecSAStEntry 19 }

tmnxVRtSecPlcyTableLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyTableLastChanged indicates the sysUpTime at
         the time of the last modification to tmnxVRtSecPlcyTable by adding,
         deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 115 }

tmnxVRtSecPlcyTable              OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxVRtSecPlcyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec Security Policy entries."
    ::= { tmnxIPsecObjects 116 }

tmnxVRtSecPlcyEntry              OBJECT-TYPE
    SYNTAX      TmnxVRtSecPlcyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Security Policy entry."
    INDEX       {
        vRtrID,
        tmnxVRtSecPlcyId
    }
    ::= { tmnxVRtSecPlcyTable 1 }

TmnxVRtSecPlcyEntry              ::= SEQUENCE
{
    tmnxVRtSecPlcyId                 TmnxIPsecPolicyId,
    tmnxVRtSecPlcyRowStatus          RowStatus,
    tmnxVRtSecPlcyLastChanged        TimeStamp
}

tmnxVRtSecPlcyId                 OBJECT-TYPE
    SYNTAX      TmnxIPsecPolicyId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyId specifies the id of a Security Policy
         entry and is the primary index for the table."
    ::= { tmnxVRtSecPlcyEntry 1 }

tmnxVRtSecPlcyRowStatus          OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxVRtSecPlcyRowStatus object is used to create and delete rows
         in the tmnxVRtSecPlcyTable."
    ::= { tmnxVRtSecPlcyEntry 2 }

tmnxVRtSecPlcyLastChanged        OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyLastChanged indicates the sysUpTime at the
         time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxVRtSecPlcyEntry 3 }

tmnxVRtSecPlcyParamTblLastChangd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamTblLastChangd indicates the sysUpTime
         at the time of the last modification to tmnxVRtSecPlcyParamTable by
         adding, deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 117 }

tmnxVRtSecPlcyParamTable         OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxVRtSecPlcyParamEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec Security Policy Params entries."
    ::= { tmnxIPsecObjects 118 }

tmnxVRtSecPlcyParamEntry         OBJECT-TYPE
    SYNTAX      TmnxVRtSecPlcyParamEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Security policy params entry."
    INDEX       {
        vRtrID,
        tmnxVRtSecPlcyId,
        tmnxVRtSecPlcyParamId
    }
    ::= { tmnxVRtSecPlcyParamTable 1 }

TmnxVRtSecPlcyParamEntry         ::= SEQUENCE
{
    tmnxVRtSecPlcyParamId            Unsigned32,
    tmnxVRtSecPlcyParamRowStatus     RowStatus,
    tmnxVRtSecPlcyParamLastChanged   TimeStamp,
    tmnxVRtSecPlcyParamLclAddrAny    TruthValue,
    tmnxVRtSecPlcyParamLclAddrType   InetAddressType,
    tmnxVRtSecPlcyParamLclAddr       InetAddress,
    tmnxVRtSecPlcyParamLclAPrefLen   InetAddressPrefixLength,
    tmnxVRtSecPlcyParamRemAddrAny    TruthValue,
    tmnxVRtSecPlcyParamRemAddrType   InetAddressType,
    tmnxVRtSecPlcyParamRemAddr       InetAddress,
    tmnxVRtSecPlcyParamRemAPrefLen   InetAddressPrefixLength,
    tmnxVRtSecPlcyParam6LclAddrAny   TruthValue,
    tmnxVRtSecPlcyParam6LclAddrType  InetAddressType,
    tmnxVRtSecPlcyParam6LclAddr      InetAddress,
    tmnxVRtSecPlcyParam6LclAPrefLen  InetAddressPrefixLength,
    tmnxVRtSecPlcyParam6RemAddrAny   TruthValue,
    tmnxVRtSecPlcyParam6RemAddrType  InetAddressType,
    tmnxVRtSecPlcyParam6RemAddr      InetAddress,
    tmnxVRtSecPlcyParam6RemAPrefLen  InetAddressPrefixLength
}

tmnxVRtSecPlcyParamId            OBJECT-TYPE
    SYNTAX      Unsigned32 (1..16)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamId specifies the id of an IPsec policy
         params entry and is part of the index for the
         tmnxVRtSecPlcyParamTable."
    ::= { tmnxVRtSecPlcyParamEntry 1 }

tmnxVRtSecPlcyParamRowStatus     OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxVRtSecPlcyParamRowStatus object is used to create and delete
         rows in the tmnxVRtSecPlcyParamTable."
    ::= { tmnxVRtSecPlcyParamEntry 2 }

tmnxVRtSecPlcyParamLastChanged   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamLastChanged indicates the sysUpTime at
         the time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxVRtSecPlcyParamEntry 3 }

tmnxVRtSecPlcyParamLclAddrAny    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamLclAddrAny specifies whether the IP
         address on the vpn side can be any IP address. If the value is 'true'
         then local IP address can be any IP address.

         Please look at the following chart for more details:

         tmnxVRtSecPlcyParamLclAddrAny    true         false
         -----------------------------------------------------------------
         tmnxVRtSecPlcyParamLclAddrType   unknown      unknown or ipv4
         tmnxVRtSecPlcyParamLclAddr       ''H          ''H or valid ipv4
         tmnxVRtSecPlcyParamLclAPrefLen   0            0 to 32"
    DEFVAL      { false }
    ::= { tmnxVRtSecPlcyParamEntry 4 }

tmnxVRtSecPlcyParamLclAddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamLclAddrType specifies the address type
         of address in tmnxVRtSecPlcyParamLclAddr. If the value of
         tmnxVRtSecPlcyParamLclAddrAny is 'true' then the value of
         tmnxVRtSecPlcyParamLclAddrType will be 'unknown'."
    DEFVAL      { unknown }
    ::= { tmnxVRtSecPlcyParamEntry 5 }

tmnxVRtSecPlcyParamLclAddr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamLclAddr specifies the ip address on
         the vpn side. If the value of tmnxVRtSecPlcyParamLclAddrAny is 'true'
         then the value of tmnxVRtSecPlcyParamLclAddr will be empty(''H)."
    DEFVAL      { ''H }
    ::= { tmnxVRtSecPlcyParamEntry 6 }

tmnxVRtSecPlcyParamLclAPrefLen   OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamLclAPrefLen specifies the number of
         bits to match of the tmnxVRtSecPlcyParamLclAddr. If the value of
         tmnxVRtSecPlcyParamLclAddrAny is 'true' then the value of
         tmnxVRtSecPlcyParamLclAPrefLen will be 0."
    DEFVAL      { 0 }
    ::= { tmnxVRtSecPlcyParamEntry 7 }

tmnxVRtSecPlcyParamRemAddrAny    OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamRemAddrAny specifies whether the IP
         address on the tunnel side can be any IP address. If the value is
         'true' then remote IP address can be any IP address.

         Please look at the following chart for more details:

         tmnxVRtSecPlcyParamRemAddrAny     true         false
         -----------------------------------------------------------------
         tmnxVRtSecPlcyParamRemAddrType    unknown      unknown or ipv4
         tmnxVRtSecPlcyParamRemAddr        ''H          ''H or valid ipv4
         tmnxVRtSecPlcyParamRemAPrefLen    0            0 to 32"
    DEFVAL      { false }
    ::= { tmnxVRtSecPlcyParamEntry 8 }

tmnxVRtSecPlcyParamRemAddrType   OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamRemAddrType specifies the address type
         of address in tmnxVRtSecPlcyParamRemAddr. If the value of
         tmnxVRtSecPlcyParamRemAddrAny is 'true' then the value of
         tmnxVRtSecPlcyParamRemAddrType will be 'unknown'."
    DEFVAL      { unknown }
    ::= { tmnxVRtSecPlcyParamEntry 9 }

tmnxVRtSecPlcyParamRemAddr       OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamRemAddr specifies the ip address on
         the tunnel side. If the value of tmnxVRtSecPlcyParamRemAddrAny is
         'true' then the value of tmnxVRtSecPlcyParamRemAddr will be
         empty(''H)."
    DEFVAL      { ''H }
    ::= { tmnxVRtSecPlcyParamEntry 10 }

tmnxVRtSecPlcyParamRemAPrefLen   OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParamRemAPrefLen specifies the number of
         bits to match of the tmnxVRtSecPlcyParamRemAddr. If the value of
         tmnxVRtSecPlcyParamRemAddrAny is 'true' then the value of
         tmnxVRtSecPlcyParamRemAPrefLen will be 0."
    DEFVAL      { 0 }
    ::= { tmnxVRtSecPlcyParamEntry 11 }

tmnxVRtSecPlcyParam6LclAddrAny   OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParam6LclAddrAny specifies whether the ipv6
         address on the vpn side can be any ipv6 address. If the value is
         'true' then local ipv6 address can be any ipv6 address.

         Please look at the following chart for more details:

         tmnxVRtSecPlcyParam6LclAddrAny    true         false
         -----------------------------------------------------------------
         tmnxVRtSecPlcyParam6LclAddrType   unknown      unknown or ipv6
         tmnxVRtSecPlcyParam6LclAddr       ''H          ''H or valid ipv6
         tmnxVRtSecPlcyParam6LclAPrefLen   0            0 to 128"
    DEFVAL      { false }
    ::= { tmnxVRtSecPlcyParamEntry 12 }

tmnxVRtSecPlcyParam6LclAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParam6LclAddrType specifies the address
         type of address in tmnxVRtSecPlcyParam6LclAddr. If the value of
         tmnxVRtSecPlcyParam6LclAddrAny is 'true' then the value of
         tmnxVRtSecPlcyParam6LclAddrType will be 'unknown'."
    DEFVAL      { unknown }
    ::= { tmnxVRtSecPlcyParamEntry 13 }

tmnxVRtSecPlcyParam6LclAddr      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParam6LclAddr specifies the ipv6 address on
         the vpn side. If the value of tmnxVRtSecPlcyParam6LclAddrAny is 'true'
         then the value of tmnxVRtSecPlcyParam6LclAddr will be empty(''H)."
    DEFVAL      { ''H }
    ::= { tmnxVRtSecPlcyParamEntry 14 }

tmnxVRtSecPlcyParam6LclAPrefLen  OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0 | 1..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParam6LclAPrefLen specifies the number of
         bits to match of the tmnxVRtSecPlcyParam6LclAddr. If the value of
         tmnxVRtSecPlcyParam6LclAddrAny is 'true' then the value of
         tmnxVRtSecPlcyParam6LclAPrefLen will be 0."
    DEFVAL      { 0 }
    ::= { tmnxVRtSecPlcyParamEntry 15 }

tmnxVRtSecPlcyParam6RemAddrAny   OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParam6RemAddrAny specifies whether the ipv6
         address on the tunnel side can be any ipv6 address. If the value is
         'true' then remote ipv6 address can be any ipv6 address.

         Please look at the following chart for more details:

         tmnxVRtSecPlcyParam6RemAddrAny    true         false
         -----------------------------------------------------------------
         tmnxVRtSecPlcyParam6RemAddrType   unknown      unknown or ipv6
         tmnxVRtSecPlcyParam6RemAddr       ''H          ''H or valid ipv6
         tmnxVRtSecPlcyParam6RemAPrefLen   0            0 to 128"
    DEFVAL      { false }
    ::= { tmnxVRtSecPlcyParamEntry 16 }

tmnxVRtSecPlcyParam6RemAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParam6RemAddrType specifies the address
         type of address in tmnxVRtSecPlcyParam6RemAddr. If the value of
         tmnxVRtSecPlcyParam6RemAddrAny is 'true' then the value of
         tmnxVRtSecPlcyParam6RemAddrType will be 'unknown'."
    DEFVAL      { unknown }
    ::= { tmnxVRtSecPlcyParamEntry 17 }

tmnxVRtSecPlcyParam6RemAddr      OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|16))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParam6RemAddr specifies the ipv6 address on
         the tunnel side. If the value of tmnxVRtSecPlcyParam6RemAddrAny is
         'true' then the value of tmnxVRtSecPlcyParam6RemAddr will be
         empty(''H)."
    DEFVAL      { ''H }
    ::= { tmnxVRtSecPlcyParamEntry 18 }

tmnxVRtSecPlcyParam6RemAPrefLen  OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength (0 | 1..128)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtSecPlcyParam6RemAPrefLen specifies the number of
         bits to match of the tmnxVRtSecPlcyParam6RemAddr. If the value of
         tmnxVRtSecPlcyParam6RemAddrAny is 'true' then the value of
         tmnxVRtSecPlcyParam6RemAPrefLen will be 0."
    DEFVAL      { 0 }
    ::= { tmnxVRtSecPlcyParamEntry 19 }

tmnxVRtIfIPsecTblLstCgd          OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIfIPsecTblLstCgd indicates the sysUpTime at the
         time of the last modification to tmnxVRtIfIPsecTable by adding,
         deleting an entry or change to a writable object in the table.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxIPsecObjects 119 }

tmnxVRtIfIPsecTable              OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxVRtIfIPsecEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store IPsec entries."
    ::= { tmnxIPsecObjects 120 }

tmnxVRtIfIPsecEntry              OBJECT-TYPE
    SYNTAX      TmnxVRtIfIPsecEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec entry."
    INDEX       {
        vRtrID,
        vRtrIfIndex
    }
    ::= { tmnxVRtIfIPsecTable 1 }

TmnxVRtIfIPsecEntry              ::= SEQUENCE
{
    tmnxVRtIfIPsecRowStatus          RowStatus,
    tmnxVRtIfIPsecLastChgd           TimeStamp,
    tmnxVRtIfIPsecAdminState         TmnxAdminState,
    tmnxVRtIfIPsecIpFilterInExcptId  TFilterID,
    tmnxVRtIfIPsecIsaTnlGroup        TmnxTunnelGroupIdOrZero,
    tmnxVRtIfIPsecPubSap             Unsigned32,
    tmnxVRtIfIPsecIpv6FilterInExcId  TFilterID
}

tmnxVRtIfIPsecRowStatus          OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxVRtIfIPsecRowStatus object is used to create and delete rows
         in the tmnxVRtIfIPsecTable."
    ::= { tmnxVRtIfIPsecEntry 1 }

tmnxVRtIfIPsecLastChgd           OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIfIPsecLastChgd indicates the sysUpTime at the
         time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains a
         zero value."
    ::= { tmnxVRtIfIPsecEntry 2 }

tmnxVRtIfIPsecAdminState         OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIfIPsecAdminState specifies the administrative
         state of the tmnxVRtIfIPsecEntry."
    DEFVAL      { outOfService }
    ::= { tmnxVRtIfIPsecEntry 3 }

tmnxVRtIfIPsecIpFilterInExcptId  OBJECT-TYPE
    SYNTAX      TFilterID
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxVRtIfIPsecIpFilterInExcptId specifies the
         row index in the alu-nge:aluNgeIPExceptionTable corresponding to this
         IPv4 ingress exception, or zero if no exception is specified."
    DEFVAL      { 0 }
    ::= { tmnxVRtIfIPsecEntry 4 }

tmnxVRtIfIPsecIsaTnlGroup        OBJECT-TYPE
    SYNTAX      TmnxTunnelGroupIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIfIPsecIsaTnlGroup specifies the ISA tunnel group
         ID.

         This object must be specified to a non-zero value during the row
         creation."
    DEFVAL      { 0 }
    ::= { tmnxVRtIfIPsecEntry 5 }

tmnxVRtIfIPsecPubSap             OBJECT-TYPE
    SYNTAX      Unsigned32 (0..4094)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIfIPsecPubSap specifies the SAP encapsulation
         value.

         This object must be specified to a value during the row creation."
    ::= { tmnxVRtIfIPsecEntry 6 }

tmnxVRtIfIPsecIpv6FilterInExcId  OBJECT-TYPE
    SYNTAX      TFilterID
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of the object tmnxVRtIfIPsecIpv6FilterInExcId specifies the
         IPv6 exception filter for this interface.

         A value of 0 specifies that no IPv6 exception filter is configured on
         the interface. A non-zero value specifies the IPv6 exception filter
         configured in the table tIPv6ExceptionTable."
    DEFVAL      { 0 }
    ::= { tmnxVRtIfIPsecEntry 7 }

tmnxVRtIPsecTnlStatsTable        OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxVRtIPsecTnlStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store IPsec Tunnel statistics"
    ::= { tmnxIPsecObjects 121 }

tmnxVRtIPsecTnlStatsEntry        OBJECT-TYPE
    SYNTAX      TmnxVRtIPsecTnlStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Statistics for a single IPsec Tunnel."
    INDEX       {
        vRtrID,
        vRtrIfIndex,
        tmnxVRtIPsecTnlName
    }
    ::= { tmnxVRtIPsecTnlStatsTable 1 }

TmnxVRtIPsecTnlStatsEntry        ::= SEQUENCE
{
    tmnxVRtIPsecTnlIsakmpState       INTEGER,
    tmnxVRtIPsecTnlIsakmpEstabTime   TimeStamp,
    tmnxVRtIPsecTnlIsakmpNegLifeTime Unsigned32,
    tmnxVRtIPsecTnlNumDpdTx          Counter32,
    tmnxVRtIPsecTnlNumDpdRx          Counter32,
    tmnxVRtIPsecTnlNumDpdAckTx       Counter32,
    tmnxVRtIPsecTnlNumDpdAckRx       Counter32,
    tmnxVRtIPsecTnlNumExpRx          Counter32,
    tmnxVRtIPsecTnlNumInvalidDpdRx   Counter32,
    tmnxVRtIPsecTnlNumCtrlPktsTx     Counter32,
    tmnxVRtIPsecTnlNumCtrlPktsRx     Counter32,
    tmnxVRtIPsecTnlNumCtrlTxErrors   Counter32,
    tmnxVRtIPsecTnlNumCtrlRxErrors   Counter32,
    tmnxVRtIPsecTnlMatCertEntryId    Integer32,
    tmnxVRtIPsecTnlCertProfName      TNamedItemOrEmpty,
    tmnxVRtIPsecTnlStatIsakmpAuthAlg TmnxAuthAlgorithm,
    tmnxVRtIPsecTnlStatIsakmpEncrAlg TmnxEncrAlgorithm,
    tmnxVRtIPsecTnlStatIsakmpPfsDhGp TmnxIkePolicyDHGroupOrZero,
    tmnxVRtIPsecTnlStatIkeTranPrfAlg INTEGER
}

tmnxVRtIPsecTnlIsakmpState       OBJECT-TYPE
    SYNTAX      INTEGER {
        up   (1),
        down (2)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIsakmpState indicates the state of phase 1
         IPsec negotiation."
    ::= { tmnxVRtIPsecTnlStatsEntry 1 }

tmnxVRtIPsecTnlIsakmpEstabTime   OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIsakmpEstabTime indicates the sysUpTime at
         the time the IPsec phase 1 negotiation completed."
    ::= { tmnxVRtIPsecTnlStatsEntry 2 }

tmnxVRtIPsecTnlIsakmpNegLifeTime OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlIsakmpNegLifeTime indicates the lifetime
         negotiated for phase1 IKE key."
    ::= { tmnxVRtIPsecTnlStatsEntry 3 }

tmnxVRtIPsecTnlNumDpdTx          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlNumDpdTx indicates the number of
         Dead-Peer-Detection packets transmitted."
    ::= { tmnxVRtIPsecTnlStatsEntry 4 }

tmnxVRtIPsecTnlNumDpdRx          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlNumDpdRx indicates the number of
         Dead-Peer-Detection packets received."
    ::= { tmnxVRtIPsecTnlStatsEntry 5 }

tmnxVRtIPsecTnlNumDpdAckTx       OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlNumDpdAckTx indicates the number of
         Dead-Peer-Detection acknowledgement packets transmitted."
    ::= { tmnxVRtIPsecTnlStatsEntry 6 }

tmnxVRtIPsecTnlNumDpdAckRx       OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlNumDpdAckRx indicates the number of
         Dead-Peer-Detection acknowledgement packets received."
    ::= { tmnxVRtIPsecTnlStatsEntry 7 }

tmnxVRtIPsecTnlNumExpRx          OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlNumExpRx indicates the number of DPD
         R-U-THERE packets that have not been acknowledged."
    ::= { tmnxVRtIPsecTnlStatsEntry 8 }

tmnxVRtIPsecTnlNumInvalidDpdRx   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlNumInvalidDpdRx indicates the number of
         malformed DPD R-U-THERE acknowledgement packets received."
    ::= { tmnxVRtIPsecTnlStatsEntry 9 }

tmnxVRtIPsecTnlNumCtrlPktsTx     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlNumCtrlPktsTx indicates the number of
         control packets this IPsec Tunnel has sent."
    ::= { tmnxVRtIPsecTnlStatsEntry 10 }

tmnxVRtIPsecTnlNumCtrlPktsRx     OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlNumCtrlPktsRx indicates the number of
         control packets this IPsec Tunnel has received."
    ::= { tmnxVRtIPsecTnlStatsEntry 11 }

tmnxVRtIPsecTnlNumCtrlTxErrors   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlNumCtrlTxErrors indicates the number of
         control packet transmit errors."
    ::= { tmnxVRtIPsecTnlStatsEntry 12 }

tmnxVRtIPsecTnlNumCtrlRxErrors   OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlNumCtrlRxErrors indicates the number of
         control packet receive errors."
    ::= { tmnxVRtIPsecTnlStatsEntry 13 }

tmnxVRtIPsecTnlMatCertEntryId    OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlMatCertEntryId indicates the matching
         certificate profile entry id used for this tunnel."
    ::= { tmnxVRtIPsecTnlStatsEntry 14 }

tmnxVRtIPsecTnlCertProfName      OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlCertProfName indicates a specific IPsec
         tunnel certificate profile name used for this tunnel."
    ::= { tmnxVRtIPsecTnlStatsEntry 15 }

tmnxVRtIPsecTnlStatIsakmpAuthAlg OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlStatIsakmpAuthAlg indicates the
         authentication algorithm of the IPsec phase 1 negotiation for this
         IPsec tunnel."
    ::= { tmnxVRtIPsecTnlStatsEntry 17 }

tmnxVRtIPsecTnlStatIsakmpEncrAlg OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlStatIsakmpEncrAlg indicates the encryption
         algorithm of the IPsec phase 1 negotiation for this IPsec tunnel."
    ::= { tmnxVRtIPsecTnlStatsEntry 18 }

tmnxVRtIPsecTnlStatIsakmpPfsDhGp OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroupOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlStatIsakmpPfsDhGp indicates the
         Diffie-Hellman (DH) group of the IPsec phase 1 negotiation for this
         IPsec tunnel.

         The Diffie-Hellman (DH) group is used by the IPsec tunnel to achieve
         Perfect Forward Secrecy (PFS)."
    ::= { tmnxVRtIPsecTnlStatsEntry 19 }

tmnxVRtIPsecTnlStatIkeTranPrfAlg OBJECT-TYPE
    SYNTAX      INTEGER {
        md5        (2),
        sha1       (3),
        sha256     (4),
        sha384     (5),
        sha512     (6),
        aesXcbc    (7),
        sameAsAuth (8)
    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxVRtIPsecTnlStatIkeTranPrfAlg specifies the
         pseudo-random function (PRF)."
    ::= { tmnxVRtIPsecTnlStatsEntry 20 }

tmnxIPsecConformance             OBJECT IDENTIFIER ::= { tmnxSRConfs 48 }

tmnxIPsecCompliances             OBJECT IDENTIFIER ::= { tmnxIPsecConformance 1 }

tmnxIPsecCompliance              MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group
        }
    ::= { tmnxIPsecCompliances 1 }

tmnxIPsecV6v1Compliance          MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group
        }
    ::= { tmnxIPsecCompliances 2 }

tmnxIPsecV7v0Compliance          MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group,
            tIPsecTnlTempGroup,
            tmnxIPsecGWGroup,
            tmnxIPsecNotifyObjsGroup,
            tmnxIPsecNotifGroup
        }
    ::= { tmnxIPsecCompliances 3 }

tmnxIPsecV8v0Compliance          MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group,
            tIPsecTnlTempGroup,
            tmnxIPsecGWGroup,
            tmnxIPsecNotifyObjsGroup,
            tmnxIPsecNotifGroup,
            tmnxIPsecTnlBfdGroup,
            tmnxIPsecIkeGroup,
            tmnxIPsecMdaDpGroup
        }
    ::= { tmnxIPsecCompliances 4 }

tmnxIPsecV9v0Compliance          MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group,
            tIPsecTnlTempGroup,
            tmnxIPsecGWGroup,
            tmnxIPsecNotifyObjsGroup,
            tmnxIPsecNotifGroup,
            tmnxIPsecTnlBfdGroup,
            tmnxIPsecIkeGroup,
            tmnxIPsecCertGroup,
            tmnxIPsecMdaDpGroup
        }
    ::= { tmnxIPsecCompliances 5 }

tmnxIPsecV10v0Compliance         MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group,
            tIPsecTnlTempGroup,
            tmnxIPsecGWV10v0Group,
            tmnxIPsecNotifyObjsGroup,
            tmnxIPsecNotifGroup,
            tmnxIPsecTnlBfdGroup,
            tmnxIPsecIkeGroup,
            tmnxIPsecCertGroup,
            tmnxIPsecMdaDpGroup,
            tmnxIPsecV10v0Group,
            tmnxIPsecMdaDpStatsV10v0Group,
            tmnxIPsecTnlOperChgGroup
        }
    ::= { tmnxIPsecCompliances 6 }

tmnxIPsecV11v0Compliance         MODULE-COMPLIANCE
    STATUS      obsolete
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group,
            tIPsecTnlTempGroup,
            tmnxIPsecGWV10v0Group,
            tmnxIPsecNotifyObjsGroup,
            tmnxIPsecNotifGroup,
            tmnxIPsecTnlBfdGroup,
            tmnxIPsecIkeGroup,
            tmnxIPsecCertGroup,
            tmnxIPsecMdaDpGroup,
            tmnxIPsecV10v0Group,
            tmnxIPsecV11v0Group,
            tmnxIPsecMdaDpStatsV10v0Group,
            tmnxIPsecIkev2RatGroup,
            tIPsecIkev2RaTunNotifyObjsGroup,
            tIPsecIkev2RaTunNotifGroup,
            tmnxIPsecTnlOperChgGroup
        }
    ::= { tmnxIPsecCompliances 7 }

tmnxIPsecV12v0Compliance         MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems in release 12.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group,
            tIPsecTnlTempGroup,
            tmnxIPsecGWV12v0Group,
            tmnxIPsecNotifyObjsGroup,
            tmnxIPsecNotifGroup,
            tmnxIPsecTnlBfdGroup,
            tmnxIPsecIkeGroup,
            tmnxIPsecCertGroup,
            tmnxIPsecMdaDpGroup,
            tmnxIPsecV10v0Group,
            tmnxIPsecV11v0Group,
            tmnxIPsecMdaDpStatsV10v0Group,
            tmnxIPsecIkev2RatGroup,
            tIPsecIkev2RaTunNotifyObjsGroup,
            tIPsecIkev2RaTunNotifGroup,
            tmnxIPsecTnlDstv12v0Group,
            tmnxIPsecV12v0Group,
            tIPsecIkev2CertAuthGroup,
            tIPsecIkev2CertAuthChainGroup,
            tIPsecTsReductionGroup,
            tIPsecRUSATrafficSelGroup,
            tIkev2SendUnSolCfgAttr12v0Group,
            tIPSecTrustAnchorProfNotifGroup,
            tmnxIPsecSAStatsV12v0Group,
            tmnxIPsecRUSAStatsV12v0Group,
            tmnxIPsecEncapNotifyObjsGroup,
            tIPSecTunnelEncapNotifGroup,
            tmnxIPsecTnlOperChgGroup,
            tmnxIkePolicyAutoEapRadiusGroup,
            tmnxIkePolicyAutoEapGroup
        }
    ::= { tmnxIPsecCompliances 8 }

tmnxIPsecV13v0Compliance         MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems in release 13.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecGWDhcpGroup,
            tmnxIPsecGWDhcpV6Group,
            tmnxSecurityNotificationV13v0Grp,
            tmnxIPsecGWLclAddrGroup,
            tmnxIPsecRadInterimUpdGroup,
            tmnxIPsecIkev2IdiGroup,
            tmnxIPsecGWPrivIp2V13v0Group,
            tmnxIPSecGWNotifV13v0Group,
            tmnxIPSecTunnelNotifV11v0Group
        }
    ::= { tmnxIPsecCompliances 9 }

tmnxIPsecV14v0Compliance         MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems in release 14.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecGWLAAIpPool2V14v0Group,
            tIPsecTrafficSelectorV14v0Group,
            tmnxIkePolicyLockoutV14v0Group,
            tIPsecRUTnlDhcpLeaseStatV14v0Grp,
            tIPsecClientDatabaseV14v0Group,
            tmnxIkePolicyV2FragV14v0Group,
            tmnxIPsecMdaDpStatsV14v0Group,
            tmnxIPsecRUTnlInUseCfgsV14v0Grp,
            tmnxIPsecIkePolicyV14v0Group,
            tmnxIPsecSvcLevelCfgV14v0Grp
        }
    ::= { tmnxIPsecCompliances 10 }

tmnxIPsecV15v0Compliance         MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems in release 15.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecIkeTransformV15v0Group,
            tmnxIPsecHistStatsV15v0Group,
            tIPsecTcpMssAdjustV15v0Grp,
            tmnxIkePolicyObsoleteV15v0Group,
            tmnxIPsecTransformV15v0Group,
            tmnxIPsecEmbmsV15v0Group,
            tmnxIPsecGWStatsV15v0Grp,
            tmnxIkePolicyV15v0Group,
            tmnxIPsecTunnelV15v0Grp
        }
    ::= { tmnxIPsecCompliances 11 }

tmnxIPsecV16v0Compliance         MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems in release 16.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxIPsecNoOfSaKeysV16v0Grp,
            tmnxIPsecSvcNameV16v0Grp,
            tmnxIPsecTnlBfdSessV16v0Grp,
            tmnxIPsecCertProfV16v0Group,
            tmnxIkeTransformV16v0Grp
        }
    ::= { tmnxIPsecCompliances 12 }

tmnxIPsecV19v0Compliance         MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems in release 17.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxVRtrIdIPsecTnlV19v0Group,
            tIPsecTnlTempGroupV19v0Group,
            tmnxIPsecNotifyObjsV19v0Group,
            tmnxIPsecTunnelNotifV19v0Group
        }
    ::= { tmnxIPsecCompliances 13 }

tmnxIPsecV20v0Compliance         MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for management of IPsec features on Nokia
         SROS series systems in release 20.0."
    MODULE
        MANDATORY-GROUPS {
            tmnxVRtrIdIPsecTnlV19v0Group,
            tIPsecTnlTempGroupV19v0Group,
            tmnxIPsecNotifyObjsV19v0Group,
            tmnxIPsecTunnelNotifV19v0Group,
            tmnxIPsecSvcLevelCfgV20v0Grp
        }
    ::= { tmnxIPsecCompliances 14 }

tmnxIPsecGroups                  OBJECT IDENTIFIER ::= { tmnxIPsecConformance 2 }

tmnxIPsecV6v0Group               OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTransformTblLastChanged,
        tmnxIPsecTransformRowStatus,
        tmnxIPsecTransformLastChanged,
        tmnxIPsecTransformAuthAlgorithm,
        tmnxIPsecTransformEncrAlgorithm,
        tmnxIkePolicyTableLastChanged,
        tmnxIkePolicyRowStatus,
        tmnxIkePolicyLastChanged,
        tmnxIkePolicyDescription,
        tmnxIkePolicyIkeMode,
        tmnxIkePolicyPFSEnabled,
        tmnxIkePolicyPFSDHGroup,
        tmnxIkePolicyIPsecLifeTime,
        tmnxIkePolicyNatTraversal,
        tmnxIkePolicyNatTKeepAliveIntvl,
        tmnxIkePolicyNatTBehindNatOnly,
        tmnxIkePolicyDpd,
        tmnxIkePolicyDpdInterval,
        tmnxIkePolicyDpdMaxRetries,
        tmnxIPsecTunnelTableLastChanged,
        tmnxIPsecTunnelRowStatus,
        tmnxIPsecTunnelLastChanged,
        tmnxIPsecTunnelDescription,
        tmnxIPsecTunnelLclGwAddrType,
        tmnxIPsecTunnelLclGwAddr,
        tmnxIPsecTunnelRemGwAddrType,
        tmnxIPsecTunnelRemGwAddr,
        tmnxIPsecTunnelPublicSvcId,
        tmnxIPsecTunnelSecurityPolicyId,
        tmnxIPsecTunnelKeyingType,
        tmnxIPsecTunnelDynTransformId1,
        tmnxIPsecTunnelDynTransformId2,
        tmnxIPsecTunnelDynTransformId3,
        tmnxIPsecTunnelDynTransformId4,
        tmnxIPsecTunnelIkePolicyId,
        tmnxIPsecTunnelIkePreSharedKey,
        tmnxIPsecTunnelAdminState,
        tmnxIPsecTunnelOperState,
        tmnxIPsecTunnelOperFlags,
        tmnxIPsecTunnelReplayWindow,
        tmnxIPsecTunnelIsakmpState,
        tmnxIPsecTunnelIsakmpEstabTime,
        tmnxIPsecTunnelIsakmpNegLifeTime,
        tmnxIPsecTunnelNumDpdTx,
        tmnxIPsecTunnelNumDpdRx,
        tmnxIPsecTunnelNumDpdAckTx,
        tmnxIPsecTunnelNumDpdAckRx,
        tmnxIPsecTunnelNumExpRx,
        tmnxIPsecTunnelNumInvalidDpdRx,
        tmnxIPsecTunnelNumCtrlPktsTx,
        tmnxIPsecTunnelNumCtrlPktsRx,
        tmnxIPsecTunnelNumCtrlTxErrors,
        tmnxIPsecTunnelNumCtrlRxErrors,
        tmnxIPsecPolicyTableLastChanged,
        tmnxIPsecPolicyRowStatus,
        tmnxIPsecPolicyLastChanged,
        tmnxIPsecPlcyParamsTblLastChangd,
        tmnxIPsecPolicyParamsRowStatus,
        tmnxIPsecPolicyParamsLastChanged,
        tmnxIPsecPolicyParamsLclAddrAny,
        tmnxIPsecPolicyParamsLclAddrType,
        tmnxIPsecPolicyParamsLclAddr,
        tmnxIPsecPolicyParamsLclAPrefLen,
        tmnxIPsecPolicyParamsRemAddrAny,
        tmnxIPsecPolicyParamsRemAddrType,
        tmnxIPsecPolicyParamsRemAddr,
        tmnxIPsecPolicyParamsRemAPrefLen,
        tmnxIPsecSATableLastChanged,
        tmnxIPsecSARowStatus,
        tmnxIPsecSALastChanged,
        tmnxIPsecSAType,
        tmnxIPsecSAEncryptionKey,
        tmnxIPsecSAAuthenticationKey,
        tmnxIPsecSASpi,
        tmnxIPsecSAManualTransformId,
        tmnxIPsecSAAuthAlgorithm,
        tmnxIPsecSAEncrAlgorithm,
        tmnxIPsecSAStorageType,
        tmnxIPsecSAEstablishedTime,
        tmnxIPsecSANegotiatedLifeTime,
        tmnxIPsecSAStatsBytesProcessed,
        tmnxIPsecSAStatsBytesProcLow32,
        tmnxIPsecSAStatsBytesProcHigh32,
        tmnxIPsecSAStatsPktsProcessed,
        tmnxIPsecSAStatsPktsProcLow32,
        tmnxIPsecSAStatsPktsProcHigh32,
        tmnxIPsecSAStatsCryptoErrors,
        tmnxIPsecSAStatsReplayErrors,
        tmnxIPsecSAStatsSAErrors,
        tmnxIPsecSAStatsPolicyErrors
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the IPsec Feature capabilities on
         Nokia SROS series systems."
    ::= { tmnxIPsecGroups 1 }

tmnxIPsecMdaDpStatsV6v1Group     OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecMdaDpStatsEncryptPkts,
        tmnxIPsecMdaDpStatsEncryptPktsLow32,
        tmnxIPsecMdaDpStatsEncryptPktsHigh32,
        tmnxIPsecMdaDpStatsEncryptBytes,
        tmnxIPsecMdaDpStatsEncryptBytesLow32,
        tmnxIPsecMdaDpStatsEncryptBytesHigh32,
        tmnxIPsecMdaDpStatsDecryptPkts,
        tmnxIPsecMdaDpStatsDecryptPktsLow32,
        tmnxIPsecMdaDpStatsDecryptPktsHigh32,
        tmnxIPsecMdaDpStatsDecryptBytes,
        tmnxIPsecMdaDpStatsDecryptBytesLow32,
        tmnxIPsecMdaDpStatsDecryptBytesHigh32,
        tmnxIPsecMdaDpStatsTxPktErrs,
        tmnxIPsecMdaDpStatsOutBDropPkts,
        tmnxIPsecMdaDpStatsOutBDropPktsLow32,
        tmnxIPsecMdaDpStatsOutBDropPktsHigh32,
        tmnxIPsecMdaDpStatsOutBSAMisses,
        tmnxIPsecMdaDpStatsOutBSAMissesLow32,
        tmnxIPsecMdaDpStatsOutBSAMissesHigh32,
        tmnxIPsecMdaDpStatsOutBPolicyEntryMisses,
        tmnxIPsecMdaDpStatsInBDropPkts,
        tmnxIPsecMdaDpStatsInBDropPktsLow32,
        tmnxIPsecMdaDpStatsInBDropPktsHigh32,
        tmnxIPsecMdaDpStatsInBSAMisses,
        tmnxIPsecMdaDpStatsInBSAMissesLow32,
        tmnxIPsecMdaDpStatsInBSAMissesHigh32,
        tmnxIPsecMdaDpStatsInBIPDstSrcMismatches
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IPsec Mda Data Path Statistics on Nokia SROS
         series systems."
    ::= { tmnxIPsecGroups 2 }

tIPsecTnlTempGroup               OBJECT-GROUP
    OBJECTS     {
        tIPsecTnlTempDescr,
        tIPsecTnlTempDynKeyTransformId1,
        tIPsecTnlTempDynKeyTransformId2,
        tIPsecTnlTempDynKeyTransformId3,
        tIPsecTnlTempDynKeyTransformId4,
        tIPsecTnlTempLastChanged,
        tIPsecTnlTempReplayWindow,
        tIPsecTnlTempReverseRoute,
        tIPsecTnlTempRowStatus,
        tIPsecTnlTempTblLastChanged,
        tmnxIkePolicyAuthMethod
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IPsec tunnel template on Nokia SROS series
         systems."
    ::= { tmnxIPsecGroups 3 }

tmnxIPsecGWGroup                 OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTunnelAutoEstablish,
        tmnxIPsecGWAdminState,
        tmnxIPsecGWName,
        tmnxIPsecGWIfName,
        tmnxIPsecGWInetAddrType,
        tmnxIPsecGWInetAddress,
        tmnxIPsecGWLastMgmtChange,
        tmnxIPsecGWOperState,
        tmnxIPsecGWRowStatus,
        tmnxIPsecGWSecureService,
        tmnxIPsecGWTblLastChgd,
        tmnxIPsecGWTunnelPolicyTemp,
        tmnxIPsecGWIkePolicyId,
        tmnxIPsecGWIkePreShared,
        tmnxIPsecGWLclX509Cert,
        tmnxIPsecGWLclPrivateKey,
        tmnxIPsecGWOperFlags,
        tmnxIPsecGWCACert,
        tmnxIPsecGWCACertRevocList,
        tIPsecRUSAAuthAlgorithm,
        tIPsecRUSAAuthenticationKey,
        tIPsecRUSAEncrAlgorithm,
        tIPsecRUSAEncryptionKey,
        tIPsecRUSAEstablishedTime,
        tIPsecRUSANegotiatedLifeTime,
        tIPsecRUSASpi,
        tIPsecRUSAStatsBytesProcHigh32,
        tIPsecRUSAStatsBytesProcLow32,
        tIPsecRUSAStatsBytesProcessed,
        tIPsecRUSAStatsCryptoErrors,
        tIPsecRUSAStatsPktsProcHigh32,
        tIPsecRUSAStatsPktsProcLow32,
        tIPsecRUSAStatsPktsProcessed,
        tIPsecRUSAStatsPolicyErrors,
        tIPsecRUSAStatsReplayErrors,
        tIPsecRUSAStatsSAErrors,
        tIPsecRUTnlIPsecSALifeTime,
        tIPsecRUTnlIsakmpEstabTime,
        tIPsecRUTnlIsakmpNegLifeTime,
        tIPsecRUTnlIsakmpState,
        tIPsecRUTnlNumCtrlPktsRx,
        tIPsecRUTnlNumCtrlPktsTx,
        tIPsecRUTnlNumCtrlRxErrors,
        tIPsecRUTnlNumCtrlTxErrors,
        tIPsecRUTnlNumDpdAckRx,
        tIPsecRUTnlNumDpdAckTx,
        tIPsecRUTnlNumDpdRx,
        tIPsecRUTnlNumDpdTx,
        tIPsecRUTnlNumExpRx,
        tIPsecRUTnlNumInvalidDpdRx,
        tIPsecRUTnlPfsDHGroup,
        tIPsecRUTnlHasBiDirectionalSA,
        tIPsecRUTnlPrivateIfIndex,
        tIPsecRUTnlPrivateIpAddr,
        tIPsecRUTnlPrivateIpPrefixLen,
        tIPsecRUTnlPrivateIpAddrType,
        tIPsecRUTnlPrivateSvcId,
        tIPsecRUTnlReplayWindow,
        tIPsecRUTnlTempId,
        tIPsecRUSALclAPrefLen,
        tIPsecRUSALclAddr,
        tIPsecRUSALclAddrType,
        tIPsecRUSARemAPrefLen,
        tIPsecRUSARemAddr,
        tIPsecRUSARemAddrType,
        tmnxIPsecGWPskXAuthTunnels,
        tmnxIPsecGWPskTunnels,
        tmnxIPsecPskTunnels
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of IPSec gateway
         capabilities for SAPs on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 4 }

tmnxIPsecNotifyObjsGroup         OBJECT-GROUP
    OBJECTS     {
        tIPsecNotifRUTnlInetAddrType,
        tIPsecNotifRUTnlInetAddress,
        tIPsecNotifRUTnlPort,
        tIPsecNotifReason,
        tIPsecNotifBfdIntfDestIp,
        tIPsecNotifBfdIntfDestIpType,
        tIPsecNotifBfdIntfIfName,
        tIPsecNotifBfdIntfSessState,
        tIPsecNotifBfdIntfSvcId
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec notification
         objects on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 5 }

tmnxIPsecTnlBfdGroup             OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTunnelBfdDesignate,
        tmnxIPsecTunnelBfdRowStatus,
        tmnxIPsecTunnelBfdSrcAddrType,
        tmnxIPsecTunnelBfdSrcAddr,
        tmnxIPsecTunnelBfdSessOperState,
        tmnxIPsecTunnelBfdLastChanged,
        tmnxIPsecTunnelBfdTableLastChgd
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IPsec Tunnel BFD service on Nokia SROS series
         systems."
    ::= { tmnxIPsecGroups 6 }

tmnxIPsecIkeGroup                OBJECT-GROUP
    OBJECTS     {
        tmnxIkePolicyIkeVersion
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPSec IKE specific
         capabilities on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 7 }

tmnxIPsecCertGroup               OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecGWLocalIdType,
        tmnxIPsecGWLocalIdValue,
        tmnxIPsecTunnelLocalIdType,
        tmnxIPsecTunnelLocalIdValue,
        tmnxIPsecTunnelClearDfBit,
        tmnxIPsecTunnelIpMtu,
        tmnxIkePolicyOwnAuthMethod
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPSec X.509 certificate
         specific capabilities on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 8 }

tmnxIpsecObsoletedV10v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecGWCACert,
        tmnxIPsecGWCACertRevocList
    }
    STATUS      current
    DESCRIPTION
        "The group of objects obsoleted related to management of IPSec specific
         capabilities on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 9 }

tmnxIPsecGWV10v0Group            OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTunnelAutoEstablish,
        tmnxIPsecGWAdminState,
        tmnxIPsecGWName,
        tmnxIPsecGWIfName,
        tmnxIPsecGWInetAddrType,
        tmnxIPsecGWInetAddress,
        tmnxIPsecGWLastMgmtChange,
        tmnxIPsecGWOperState,
        tmnxIPsecGWRowStatus,
        tmnxIPsecGWSecureService,
        tmnxIPsecGWTblLastChgd,
        tmnxIPsecGWTunnelPolicyTemp,
        tmnxIPsecGWIkePolicyId,
        tmnxIPsecGWIkePreShared,
        tmnxIPsecGWLclX509Cert,
        tmnxIPsecGWLclPrivateKey,
        tmnxIPsecGWOperFlags,
        tIPsecRUSAAuthAlgorithm,
        tIPsecRUSAAuthenticationKey,
        tIPsecRUSAEncrAlgorithm,
        tIPsecRUSAEncryptionKey,
        tIPsecRUSAEstablishedTime,
        tIPsecRUSANegotiatedLifeTime,
        tIPsecRUSASpi,
        tIPsecRUSAStatsBytesProcHigh32,
        tIPsecRUSAStatsBytesProcLow32,
        tIPsecRUSAStatsBytesProcessed,
        tIPsecRUSAStatsCryptoErrors,
        tIPsecRUSAStatsPktsProcHigh32,
        tIPsecRUSAStatsPktsProcLow32,
        tIPsecRUSAStatsPktsProcessed,
        tIPsecRUSAStatsPolicyErrors,
        tIPsecRUSAStatsReplayErrors,
        tIPsecRUSAStatsSAErrors,
        tIPsecRUTnlIPsecSALifeTime,
        tIPsecRUTnlIsakmpEstabTime,
        tIPsecRUTnlIsakmpNegLifeTime,
        tIPsecRUTnlIsakmpState,
        tIPsecRUTnlNumCtrlPktsRx,
        tIPsecRUTnlNumCtrlPktsTx,
        tIPsecRUTnlNumCtrlRxErrors,
        tIPsecRUTnlNumCtrlTxErrors,
        tIPsecRUTnlNumDpdAckRx,
        tIPsecRUTnlNumDpdAckTx,
        tIPsecRUTnlNumDpdRx,
        tIPsecRUTnlNumDpdTx,
        tIPsecRUTnlNumExpRx,
        tIPsecRUTnlNumInvalidDpdRx,
        tIPsecRUTnlPfsDHGroup,
        tIPsecRUTnlHasBiDirectionalSA,
        tIPsecRUTnlPrivateIfIndex,
        tIPsecRUTnlPrivateIpAddr,
        tIPsecRUTnlPrivateIpPrefixLen,
        tIPsecRUTnlPrivateIpAddrType,
        tIPsecRUTnlPrivateSvcId,
        tIPsecRUTnlReplayWindow,
        tIPsecRUTnlTempId,
        tIPsecRUSALclAPrefLen,
        tIPsecRUSALclAddr,
        tIPsecRUSALclAddrType,
        tIPsecRUSARemAPrefLen,
        tIPsecRUSARemAddr,
        tIPsecRUSARemAddrType,
        tmnxIPsecGWPskXAuthTunnels,
        tmnxIPsecGWPskTunnels,
        tmnxIPsecGWCertTunnels,
        tmnxIPsecPskTunnels
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of IPSec gateway
         capabilities for SAPs on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 10 }

tmnxIPsecMdaDpStatsV10v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecMdaDpStaticIPsecTnls,
        tmnxIPsecMdaDpDynIPsecTnls,
        tmnxIPsecMdaDpIpGreTnls,
        tmnxIPsecMdaDpIpv4Tnls,
        tmnxIPsecMdaDpGreTnlInBytes,
        tmnxIPsecMdaDpGreTnlInBytesHi,
        tmnxIPsecMdaDpGreTnlInBytesLo,
        tmnxIPsecMdaDpGreTnlInErrs,
        tmnxIPsecMdaDpGreTnlInErrsHi,
        tmnxIPsecMdaDpGreTnlInErrsLo,
        tmnxIPsecMdaDpGreTnlInPkts,
        tmnxIPsecMdaDpGreTnlInPktsHi,
        tmnxIPsecMdaDpGreTnlInPktsLo,
        tmnxIPsecMdaDpGreTnlOutBytes,
        tmnxIPsecMdaDpGreTnlOutBytesHi,
        tmnxIPsecMdaDpGreTnlOutBytesLo,
        tmnxIPsecMdaDpGreTnlOutErrs,
        tmnxIPsecMdaDpGreTnlOutErrsHi,
        tmnxIPsecMdaDpGreTnlOutErrsLo,
        tmnxIPsecMdaDpGreTnlOutPkts,
        tmnxIPsecMdaDpGreTnlOutPktsHi,
        tmnxIPsecMdaDpGreTnlOutPktsLo,
        tmnxIPsecMdaDpFragDropTime,
        tmnxIPsecMdaDpFragDropTimeHigh32,
        tmnxIPsecMdaDpFragDropTimeLow32,
        tmnxIPsecMdaDpFragDropped,
        tmnxIPsecMdaDpFragDroppedHigh32,
        tmnxIPsecMdaDpFragDroppedLow32,
        tmnxIPsecMdaDpInFragments,
        tmnxIPsecMdaDpInFragmentsHigh32,
        tmnxIPsecMdaDpInFragmentsLow32,
        tmnxIPsecMdaDpPktsReassem,
        tmnxIPsecMdaDpPktsReassemHigh32,
        tmnxIPsecMdaDpPktsReassemLow32,
        tmnxIPsecMdaDpPktsDropDfSet,
        tmnxIPsecMdaDpPktsDropDfSetLo,
        tmnxIPsecMdaDpPktsDropDfSetHi
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IPsec Mda Data Path Statistics on Nokia SROS
         series systems."
    ::= { tmnxIPsecGroups 11 }

tmnxIPsecMdaDpGroup              OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecMdaDpGreTnlInBytes,
        tmnxIPsecMdaDpGreTnlInBytesHi,
        tmnxIPsecMdaDpGreTnlInBytesLo,
        tmnxIPsecMdaDpGreTnlInErrs,
        tmnxIPsecMdaDpGreTnlInErrsHi,
        tmnxIPsecMdaDpGreTnlInErrsLo,
        tmnxIPsecMdaDpGreTnlInPkts,
        tmnxIPsecMdaDpGreTnlInPktsHi,
        tmnxIPsecMdaDpGreTnlInPktsLo,
        tmnxIPsecMdaDpGreTnlOutBytes,
        tmnxIPsecMdaDpGreTnlOutBytesHi,
        tmnxIPsecMdaDpGreTnlOutBytesLo,
        tmnxIPsecMdaDpGreTnlOutErrs,
        tmnxIPsecMdaDpGreTnlOutErrsHi,
        tmnxIPsecMdaDpGreTnlOutErrsLo,
        tmnxIPsecMdaDpGreTnlOutPkts,
        tmnxIPsecMdaDpGreTnlOutPktsHi,
        tmnxIPsecMdaDpGreTnlOutPktsLo
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IPsec Mda Data Path Statistics on Nokia SROS
         series systems."
    ::= { tmnxIPsecGroups 12 }

tmnxIPsecV10v0Group              OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTunnelHostISA,
        tIPsecRUTnlHostISA
    }
    STATUS      current
    DESCRIPTION
        "The group of additional objects for IPsec feature on Nokia SROS series
         systems in 10.0 release."
    ::= { tmnxIPsecGroups 13 }

tmnxIPsecV11v0Group              OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecGWCSVPrimary,
        tmnxIPsecGWCSVSecondary,
        tmnxIPsecGWCSVDefResult,
        tmnxIPsecTunnelCSVPrimary,
        tmnxIPsecTunnelCSVSecondary,
        tmnxIPsecTunnelCSVDefResult
    }
    STATUS      current
    DESCRIPTION
        "The group of additional objects for IPsec feature on Nokia SROS series
         systems in 11.0 release."
    ::= { tmnxIPsecGroups 14 }

tmnxIPsecIkev2RatGroup           OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecGWPskRadiusTunnels,
        tmnxIPsecGWCertRadiusTunnels,
        tmnxIPsecGWEapTunnels,
        tIPsecRadAcctPlcyTblLastChgd,
        tIPsecRadAcctPlcyRowStatus,
        tIPsecRadAcctPlcyLastMgmtChange,
        tIPsecRadAcctPlcyInclAttr,
        tIPsecRadAcctPlcyRadSrvPlcy,
        tIPsecRadAuthPlcyTblLastChgd,
        tIPsecRadAuthPlcyRowStatus,
        tIPsecRadAuthPlcyLastMgmtChange,
        tIPsecRadAuthPlcyPassword,
        tIPsecRadAuthPlcyInclAttr,
        tIPsecRadAuthPlcyRadSrvPlcy,
        tmnxIPsecGWRadAuthPolicy,
        tmnxIPsecGWRadAcctgPolicy,
        tmnxIkePolicyMatchPeerToCert
    }
    STATUS      current
    DESCRIPTION
        "The group of additional objects for IPsec IKEv2 remote access tunnel
         feature on Nokia SROS series systems in 11.0 release."
    ::= { tmnxIPsecGroups 15 }

tIPsecIkev2RaTunNotifyObjsGroup  OBJECT-GROUP
    OBJECTS     {
        tIPsecRadAcctPlcyFailReason
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec IKEv2
         remote-access tunnel notification objects on Nokia SROS series
         systems."
    ::= { tmnxIPsecGroups 16 }

tmnxIPsecTnlDstv12v0Group        OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTnlDstAddrLastChanged,
        tmnxIPsecTnlDstAddrRowStatus,
        tmnxIPsecTnlDstAddrTblLastChngd,
        tmnxIPsecTnlDstAddrResolved
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec tunnel destination
         address objects on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 17 }

tmnxIPsecV12v0Group              OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecPlcyParamsV6LclAddrAny,
        tmnxIPsecPlcyParamsV6LclAddrType,
        tmnxIPsecPlcyParamsV6LclAddr,
        tmnxIPsecPlcyParamsV6LclAPrefLen,
        tmnxIPsecPlcyParamsV6RemAddrAny,
        tmnxIPsecPlcyParamsV6RemAddrType,
        tmnxIPsecPlcyParamsV6RemAddr,
        tmnxIPsecPlcyParamsV6RemAPrefLen,
        tmnxIPsecTunnelEncapIpMtu,
        tmnxIPsecTunnelIcmp6Pkt2Big,
        tmnxIPsecTunnelIcmp6NumPkt2Big,
        tmnxIPsecTunnelIcmp6Pkt2BigTime,
        tIPsecTnlTempIpMtu,
        tIPsecTnlTempEncapIpMtu,
        tIPsecTnlTempIcmp6Pkt2Big,
        tIPsecTnlTempIcmp6NumPkt2Big,
        tIPsecTnlTempIcmp6Pkt2BigTime,
        tIPsecTnlTempClearDfBit
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IPsec feature on Nokia SROS series systems in
         12.0 release."
    ::= { tmnxIPsecGroups 18 }

tIPsecIkev2CertAuthGroup         OBJECT-GROUP
    OBJECTS     {
        tIPsecCompChainCAProfName,
        tmnxIPsecTunnelCertTrstAnchrProf,
        tmnxIPsecGWCertTrstAnchrProf,
        tIPsecTrustAnchorsTblLastChgd,
        tIPsecTrustAnchorsRowStatus,
        tIPsecTrustAnchorsLastChgd,
        tIPsecTrustAnchorProfTblLastChgd,
        tIPsecTrustAnchorProfRowStatus,
        tIPsecTrustAnchorProfLastChgd,
        tmnxIPsecTunnelMatchTrustAnchor,
        tIPsecRUTnlMatchTrustAnchor,
        tIPsecCertProfEntryIdTblLastChgd,
        tIPsecCertProfEntryIdRowStatus,
        tIPsecCertProfEntryIdLastChgd,
        tIPsecCertProfEntryIdCertFile,
        tIPsecCertProfEntryIdCompChain,
        tmnxIPsecTunnelCertProfile,
        tmnxIPsecGWCertProfile,
        tIPsecCertProfEntryIdKeyFile,
        tIPsecCertProfileTblLastChgd,
        tIPsecCertProfileRowStatus,
        tIPsecCertProfileLastChgd,
        tIPsecCertProfileAdminState,
        tIPsecCertProfileOperState,
        tIPsecCertProfileOperFlags,
        tIPsecTrustAnchorCAProfDown,
        tmnxIPsecTunnelMatCertEntryId,
        tmnxIPsecTunnelCertProfName,
        tIPsecRUTnlMatCertEntryId,
        tIPsecRUTnlCertProfName,
        tIPsecCertProfEntryIdOperFlags
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec IKEv2 certificate
         authentication objects on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 19 }

tIPsecIkev2CertAuthChainGroup    OBJECT-GROUP
    OBJECTS     {
        tIPsecCertChainCAProfTblLastChgd,
        tIPsecCertChainCAProfRowStatus,
        tIPsecCertChainCAProfLastChgd
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec IKEv2 certificate
         authentication chain objects on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 20 }

tIPsecTsReductionGroup           OBJECT-GROUP
    OBJECTS     {
        tIPsecGWTsNegSelPlcyLastChgd,
        tIPsecGWTsNegSelPlcyRowStatus,
        tIPsecGWTsNegSelPlcyTblLastChgd,
        tIPsecGWTsNegSelPlcyTsList,
        tIPsecTsListLastChgd,
        tIPsecTsListLclEntryFrAddr,
        tIPsecTsListLclEntryFrAddrType,
        tIPsecTsListLclEntryLastChgd,
        tIPsecTsListLclEntryPfxAddr,
        tIPsecTsListLclEntryPfxAddrType,
        tIPsecTsListLclEntryPfxLen,
        tIPsecTsListLclEntryRowStatus,
        tIPsecTsListLclEntryTblLastChgd,
        tIPsecTsListLclEntryToAddr,
        tIPsecTsListLclEntryToAddrType,
        tIPsecTsListRowStatus,
        tIPsecTsListTblLastChgd
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec IKEv2 certificate
         authentication chain objects on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 21 }

tIPsecRUSATrafficSelGroup        OBJECT-GROUP
    OBJECTS     {
        tIPsecRUSATrafficSelLastChgd
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec IKEv2 certificate
         authentication chain objects on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 22 }

tmnxIPsecGWV12v0Group            OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTunnelAutoEstablish,
        tmnxIPsecGWAdminState,
        tmnxIPsecGWName,
        tmnxIPsecGWIfName,
        tmnxIPsecGWInetAddrType,
        tmnxIPsecGWInetAddress,
        tmnxIPsecGWLastMgmtChange,
        tmnxIPsecGWOperState,
        tmnxIPsecGWRowStatus,
        tmnxIPsecGWSecureService,
        tmnxIPsecGWTblLastChgd,
        tmnxIPsecGWTunnelPolicyTemp,
        tmnxIPsecGWIkePolicyId,
        tmnxIPsecGWIkePreShared,
        tmnxIPsecGWOperFlags,
        tIPsecRUSAAuthAlgorithm,
        tIPsecRUSAAuthenticationKey,
        tIPsecRUSAEncrAlgorithm,
        tIPsecRUSAEncryptionKey,
        tIPsecRUSAEstablishedTime,
        tIPsecRUSANegotiatedLifeTime,
        tIPsecRUSASpi,
        tIPsecRUSAStatsBytesProcHigh32,
        tIPsecRUSAStatsBytesProcLow32,
        tIPsecRUSAStatsBytesProcessed,
        tIPsecRUSAStatsCryptoErrors,
        tIPsecRUSAStatsPktsProcHigh32,
        tIPsecRUSAStatsPktsProcLow32,
        tIPsecRUSAStatsPktsProcessed,
        tIPsecRUSAStatsPolicyErrors,
        tIPsecRUSAStatsReplayErrors,
        tIPsecRUSAStatsSAErrors,
        tIPsecRUTnlIPsecSALifeTime,
        tIPsecRUTnlIsakmpEstabTime,
        tIPsecRUTnlIsakmpNegLifeTime,
        tIPsecRUTnlIsakmpState,
        tIPsecRUTnlNumCtrlPktsRx,
        tIPsecRUTnlNumCtrlPktsTx,
        tIPsecRUTnlNumCtrlRxErrors,
        tIPsecRUTnlNumCtrlTxErrors,
        tIPsecRUTnlNumDpdAckRx,
        tIPsecRUTnlNumDpdAckTx,
        tIPsecRUTnlNumDpdRx,
        tIPsecRUTnlNumDpdTx,
        tIPsecRUTnlNumExpRx,
        tIPsecRUTnlNumInvalidDpdRx,
        tIPsecRUTnlPfsDHGroup,
        tIPsecRUTnlHasBiDirectionalSA,
        tIPsecRUTnlPrivateIfIndex,
        tIPsecRUTnlPrivateIpAddr,
        tIPsecRUTnlPrivateIpPrefixLen,
        tIPsecRUTnlPrivateIpAddrType,
        tIPsecRUTnlPrivateSvcId,
        tIPsecRUTnlReplayWindow,
        tIPsecRUTnlTempId,
        tmnxIPsecGWPskXAuthTunnels,
        tmnxIPsecGWPskTunnels,
        tmnxIPsecGWCertTunnels,
        tmnxIPsecPskTunnels
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPSec gateway
         capabilities for SAPs on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 23 }

tmnxIpsecObsoletedV12v0Group     OBJECT-GROUP
    OBJECTS     {
        tIPsecRUSALclAPrefLen,
        tIPsecRUSALclAddr,
        tIPsecRUSALclAddrType,
        tIPsecRUSARemAPrefLen,
        tIPsecRUSARemAddr,
        tIPsecRUSARemAddrType
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPSec gateway
         capabilities for SAPs obsoleted on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 24 }

tIkev2SendUnSolCfgAttr12v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxIkePolicyRelayUnSolCfgAttr
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IKE Policy Version 2 Send Unsolicited config
         Attributes feature on Nokia SROS series systems in 12.0 release."
    ::= { tmnxIPsecGroups 26 }

tmnxIPsecSAStatsV12v0Group       OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecSAStatsEncapOverhead,
        tmnxIPsecSAStatsPreEncapFragCnt,
        tmnxIPsecSAStatsPreEncapFragLtSz,
        tmnxIPsecSAStatsPstEncapFragCnt,
        tmnxIPsecSAStatsPstEncapFragLtSz
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for new statistics of outbound SA feature on
         Nokia SROS series systems in 12.0 release."
    ::= { tmnxIPsecGroups 27 }

tmnxIPsecRUSAStatsV12v0Group     OBJECT-GROUP
    OBJECTS     {
        tIPsecRUSAStatsEncapOverhead,
        tIPsecRUSAStatsPreEncapFragCnt,
        tIPsecRUSAStatsPreEncapFragLtSz,
        tIPsecRUSAStatsPostEncapFragCnt,
        tIPsecRUSAStatsPostEncapFragLtSz
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for new statistics of outbound SA feature on
         Nokia SROS series systems in 12.0 release."
    ::= { tmnxIPsecGroups 28 }

tmnxIPsecEncapNotifyObjsGroup    OBJECT-GROUP
    OBJECTS     {
        tIPsecNotifIPsecTunnelName,
        tIPsecNotifConfigIpMtu,
        tIPsecNotifEncapOverhead,
        tIPsecNotifConfigEncapIpMtu
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for new trap for tunnel encapsulation feature on
         Nokia SROS series systems in 12.0 release."
    ::= { tmnxIPsecGroups 29 }

tmnxIPsecTnlOperChgGroup         OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTunnelOperChanged,
        tIPsecRUTnlOperChanged
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for new statistics of outbound SA feature on
         Nokia SROS series systems in 12.0 release."
    ::= { tmnxIPsecGroups 30 }

tmnxIkePolicyAutoEapRadiusGroup  OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecGWAutoEapRadiusTunnels,
        tmnxIkePolicyAutoEapMethod,
        tmnxIkePolicyAutoEapOwnMethod
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IKE Policy Version 2 auto EAP Radius feature
         on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 31 }

tmnxIkePolicyAutoEapGroup        OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecGWAutoEapTunnels
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IKE Policy Version 2 auto EAP feature on
         Nokia SROS series systems."
    ::= { tmnxIPsecGroups 32 }

tmnxIPsecGWDhcpGroup             OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecGWDhcpTblLastChgd,
        tmnxIPsecGWDhcpRowStatus,
        tmnxIPsecGWDhcpLastChgd,
        tmnxIPsecGWDhcpAdminState,
        tmnxIPsecGWDhcpGiAddrType,
        tmnxIPsecGWDhcpGiAddr,
        tmnxIPsecGWDhcpSendRelease,
        tmnxIPsecGWDhcpServiceId,
        tmnxIPsecGWDhcpRouterId,
        tmnxIPsecGWDhcpSrvr1AddrType,
        tmnxIPsecGWDhcpSrvr1Addr,
        tmnxIPsecGWDhcpSrvr2AddrType,
        tmnxIPsecGWDhcpSrvr2Addr,
        tmnxIPsecGWDhcpSrvr3AddrType,
        tmnxIPsecGWDhcpSrvr3Addr,
        tmnxIPsecGWDhcpSrvr4AddrType,
        tmnxIPsecGWDhcpSrvr4Addr,
        tmnxIPsecGWDhcpSrvr5AddrType,
        tmnxIPsecGWDhcpSrvr5Addr,
        tmnxIPsecGWDhcpSrvr6AddrType,
        tmnxIPsecGWDhcpSrvr6Addr,
        tmnxIPsecGWDhcpSrvr7AddrType,
        tmnxIPsecGWDhcpSrvr7Addr,
        tmnxIPsecGWDhcpSrvr8AddrType,
        tmnxIPsecGWDhcpSrvr8Addr
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecGWDhcpGroup contains objects for IPSec Gateway DHCP
         feature on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 33 }

tmnxIPsecGWDhcpV6Group           OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecGWDhcpV6TblLastChgd,
        tmnxIPsecGWDhcpV6RowStatus,
        tmnxIPsecGWDhcpV6LastChgd,
        tmnxIPsecGWDhcpV6AdminState,
        tmnxIPsecGWDhcpV6LinkAddrType,
        tmnxIPsecGWDhcpV6LinkAddr,
        tmnxIPsecGWDhcpV6SendRelease,
        tmnxIPsecGWDhcpV6ServiceId,
        tmnxIPsecGWDhcpV6RouterId,
        tmnxIPsecGWDhcpV6Srvr1AddrType,
        tmnxIPsecGWDhcpV6Srvr1Addr,
        tmnxIPsecGWDhcpV6Srvr2AddrType,
        tmnxIPsecGWDhcpV6Srvr2Addr,
        tmnxIPsecGWDhcpV6Srvr3AddrType,
        tmnxIPsecGWDhcpV6Srvr3Addr,
        tmnxIPsecGWDhcpV6Srvr4AddrType,
        tmnxIPsecGWDhcpV6Srvr4Addr,
        tmnxIPsecGWDhcpV6Srvr5AddrType,
        tmnxIPsecGWDhcpV6Srvr5Addr,
        tmnxIPsecGWDhcpV6Srvr6AddrType,
        tmnxIPsecGWDhcpV6Srvr6Addr,
        tmnxIPsecGWDhcpV6Srvr7AddrType,
        tmnxIPsecGWDhcpV6Srvr7Addr,
        tmnxIPsecGWDhcpV6Srvr8AddrType,
        tmnxIPsecGWDhcpV6Srvr8Addr
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecGWDhcpV6Group contains objects for IPSec Gateway DHCP
         feature on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 34 }

tmnxSecNotifyObjsV13v0Group      OBJECT-GROUP
    OBJECTS     {
        tIPsecNotifCertProfileName,
        tIPsecNotifCertProfEntryId,
        tIPsecNotifCaProfNames
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting security notifications in revision
         13.0 on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 35 }

tmnxSecurityNotificationV13v0Grp NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxSecNotifCmptedCertHashChngd,
        tmnxSecNotifCmptedCertChnChngd,
        tmnxSecNotifSendChnNotInCmptChn
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting security in revision 13.0 on
         Nokia SROS series systems."
    ::= { tmnxIPsecGroups 36 }

tmnxIPsecGWLclAddrGroup          OBJECT-GROUP
    OBJECTS     {
        tIPsecGWLclAddrAssignTblLastChgd,
        tIPsecGWLclAddrAssignLastChgd,
        tIPsecGWLclAddrAssignRowStatus,
        tIPsecGWLclAddrAssignAdminState,
        tIPsecGWLclAddrAssignIp4SrvrName,
        tIPsecGWLclAddrAssignIp4SrvrSvc,
        tIPsecGWLclAddrAssignIp4SrvrRtr,
        tIPsecGWLclAddrAssignIp4PoolName,
        tIPsecGWLclAddrAssignIp6SrvrName,
        tIPsecGWLclAddrAssignIp6SrvrSvc,
        tIPsecGWLclAddrAssignIp6SrvrRtr,
        tIPsecGWLclAddrAssignIp6PoolName
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecGWLclAddrGroup contains objects for IPSec Gateway Local
         Address feature on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 37 }

tmnxIPsecRadInterimUpdGroup      OBJECT-GROUP
    OBJECTS     {
        tIPsecRadAcctPlcyUpdateInterval,
        tIPsecRadAcctPlcyJitter
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecRadInterimUpdGroup contains objects for IPSec Radius
         Interim Update feature on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 38 }

tmnxIPsecIkev2IdiGroup           OBJECT-GROUP
    OBJECTS     {
        tIPsecRUTnlIkeIdType,
        tIPsecRUTnlIkeIdValue
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecIkev2IdiGroup contains objects for IPSec IKEv2 ID
         initiator information support on Nokia SROS series systems."
    ::= { tmnxIPsecGroups 39 }

tmnxIPsecGWPrivIp2V13v0Group     OBJECT-GROUP
    OBJECTS     {
        tIPsecRUTnlPrivateIpAddr2Type,
        tIPsecRUTnlPrivateIpAddr2,
        tIPsecRUTnlPrivateIpPrefixLen2
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting the second private address of the
         IPsec gateway tunnel on Nokia SROS series systems for release 13.0."
    ::= { tmnxIPsecGroups 40 }

tmnxIPsecGWLAAIpPool2V14v0Group  OBJECT-GROUP
    OBJECTS     {
        tIPsecGWLclAddrAssignIp4PoolNam2
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecGWLAAIpPool2V14v0Group contains objects for the IPsec
         gateway's secondary Local-Address-Assignment pool feature on Nokia
         SROS series systems for release 14.0."
    ::= { tmnxIPsecGroups 41 }

tIPsecTrafficSelectorV14v0Group  OBJECT-GROUP
    OBJECTS     {
        tIPsecTsListLclEntryMinPort,
        tIPsecTsListLclEntryMaxPort,
        tIPsecTsListLclEntryMinMhType,
        tIPsecTsListLclEntryMaxMhType,
        tIPsecTsListLclEntryMinIcmpType,
        tIPsecTsListLclEntryMaxIcmpType,
        tIPsecTsListLclEntryMinIcmpCode,
        tIPsecTsListLclEntryMaxIcmpCode,
        tIPsecTsListLclEntryProtocolId,
        tIPsecTsListRmtEntryTblLastChgd,
        tIPsecTsListRmtEntryRowStatus,
        tIPsecTsListRmtEntryLastChgd,
        tIPsecTsListRmtEntryMinAddrType,
        tIPsecTsListRmtEntryMinAddr,
        tIPsecTsListRmtEntryMaxAddrType,
        tIPsecTsListRmtEntryMaxAddr,
        tIPsecTsListRmtEntryPfxAddrType,
        tIPsecTsListRmtEntryPfxAddr,
        tIPsecTsListRmtEntryPfxLen,
        tIPsecTsListRmtEntryMinPort,
        tIPsecTsListRmtEntryMaxPort,
        tIPsecTsListRmtEntryMinMhType,
        tIPsecTsListRmtEntryMaxMhType,
        tIPsecTsListRmtEntryMinIcmpType,
        tIPsecTsListRmtEntryMaxIcmpType,
        tIPsecTsListRmtEntryMinIcmpCode,
        tIPsecTsListRmtEntryMaxIcmpCode,
        tIPsecTsListRmtEntryProtocolId
    }
    STATUS      current
    DESCRIPTION
        "The tIPsecTrafficSelectorV14v0Group contains objects for the IPsec
         traffic selector feature on Nokia SROS series systems for release
         14.0."
    ::= { tmnxIPsecGroups 43 }

tmnxIkePolicyLockoutV14v0Group   OBJECT-GROUP
    OBJECTS     {
        tmnxIkePolicyLockout,
        tmnxIkePolicyLockoutFailedAtempt,
        tmnxIkePolicyLockoutDuration,
        tmnxIkePolicyLockoutBlock,
        tmnxIkePolicyLockoutMaxPortPerIp,
        tmnxIPsecLockoutClientFailAtempt,
        tmnxIPsecLockoutClientStatus,
        tmnxIPsecLockoutClientDroppedPkt,
        tmnxIPsecLockoutClientRemainTime
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIkePolicyLockoutV14v0Group contains objects for the IPsec
         client lockout feature on Nokia SROS series systems for release 14.0."
    ::= { tmnxIPsecGroups 44 }

tIPsecRUTnlDhcpLeaseStatV14v0Grp OBJECT-GROUP
    OBJECTS     {
        tIPsecRUTnlDhcpLeaseStatSverAddT,
        tIPsecRUTnlDhcpLeaseStatSverAddr,
        tIPsecRUTnlDhcpLeaseStatAcquirTm,
        tIPsecRUTnlDhcpLeaseStatRenewTm,
        tIPsecRUTnlDhcpLeaseStatRebindTm,
        tIPsecRUTnlDhcpLeaseStatPrivPref,
        tIPsecRUTnlDhcpLeaseStatPrivVald
    }
    STATUS      current
    DESCRIPTION
        "The tIPsecRUTnlDhcpLeaseStatV14v0Grp contains objects for the IPsec
         DHCP lease statistics on Nokia SROS series systems for release 14.0."
    ::= { tmnxIPsecGroups 45 }

tIPsecClientDatabaseV14v0Group   OBJECT-GROUP
    OBJECTS     {
        tIPsecClientDatabaseTableLstChgd,
        tIPsecClientDatabaseLastChanged,
        tIPsecClientDatabaseRowStatus,
        tIPsecClientDatabaseAdminState,
        tIPsecClientDatabaseDescription,
        tIPsecClientDatabaseMatchType,
        tIPsecClientDBClientTableLstChgd,
        tIPsecClientDBClientLastChanged,
        tIPsecClientDBClientRowStatus,
        tIPsecClientDBClientAdminState,
        tIPsecClientDBClientName,
        tIPsecClientDBClientIdIdiType,
        tIPsecClientDBClientIdIdiValue,
        tIPsecClientDBClientIdPeer4PfAny,
        tIPsecClientDBClientIdPeer6PfAny,
        tIPsecClientDBClientIdPeerPfxTyp,
        tIPsecClientDBClientIdPeerPfx,
        tIPsecClientDBClientIdPeerPfxLen,
        tIPsecClientDBClientTnlTempltId,
        tIPsecClientDBClientPrivateSvcId,
        tIPsecClientDBClientPrivIfName,
        tIPsecClientDBClientTsListName,
        tIPsecClientDBClientPreSharedKey,
        tmnxIPsecGWClientDatabaseName,
        tmnxIPsecGWClientDatabasFallback,
        tIPsecRUTnlClientDBClientId
    }
    STATUS      current
    DESCRIPTION
        "The tIPsecClientDatabaseV14v0Group contains objects for the IPsec
         client database capability on Nokia SROS series systems for release
         14.0."
    ::= { tmnxIPsecGroups 46 }

tmnxIkePolicyV2FragV14v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxIkePolicyV2Fragment,
        tmnxIkePolicyV2FragmentMtu,
        tmnxIkePolicyV2FragReassembTmOut
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIkePolicyV2FragV14v0Group contains objects for the IKEv2
         fragmentation capability on Nokia SROS series systems for release
         14.0."
    ::= { tmnxIPsecGroups 47 }

tmnxIPsecMdaDpStatsV14v0Group    OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecMdaDpL2tpv3TnlInPkts,
        tmnxIPsecMdaDpL2tpv3TnlInBytes,
        tmnxIPsecMdaDpL2tpv3TnlInErrs,
        tmnxIPsecMdaDpL2tpv3TnlInCookErr,
        tmnxIPsecMdaDpL2tpv3TnlInSeIdErr,
        tmnxIPsecMdaDpL2tpv3TnlOutPkts,
        tmnxIPsecMdaDpL2tpv3TnlOutBytes,
        tmnxIPsecMdaDpL2tpv3TnlOutErrs,
        tmnxIPsecMdaDpL2tpv3Tnls
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IPsec Mda Data Path Statistics added in
         release 14 of the Nokia SROS series systems."
    ::= { tmnxIPsecGroups 48 }

tmnxIPsecRUTnlInUseCfgsV14v0Grp  OBJECT-GROUP
    OBJECTS     {
        tIPsecRUTnlInUseTsList,
        tIPsecRUTnlInUsePreSharedKey
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IPsec tunnel in-use configurations added in
         release 14 of the Nokia SROS series systems."
    ::= { tmnxIPsecGroups 49 }

tmnxIPsecIkeTransformV15v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecIkeTransformTableLstChg,
        tmnxIPsecIkeTransformRowStatus,
        tmnxIPsecIkeTransformLastChange,
        tmnxIPsecIkeTransformAuthAlg,
        tmnxIPsecIkeTransformEncrAlg,
        tmnxIPsecIkeTransformDhGroup,
        tmnxIPsecIkeTransformIsakmpLifeT,
        tmnxIkePlcyIkeTransformTbLstChg,
        tmnxIkePlcyIkeTransformLstChange,
        tmnxIkePlcyIkeTransformId
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecIkeTransformV15v0Group contains objects for the IKE
         transform capability on Nokia SROS series systems for release 15.0."
    ::= { tmnxIPsecGroups 50 }

tmnxIPsecIkePolicyV14v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxIkePolicySndIdrAftEapSuccess,
        tmnxIkePolicyIkev1Ph1RespDelNtfy
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecIkePolicyV14v0Group contains objects for the IKE policy
         capability on Nokia SROS series systems for release 14.0."
    ::= { tmnxIPsecGroups 51 }

tmnxIPsecHistStatsV15v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecGWHistStatsValue64,
        tmnxIPsecGWHistStatsValue32,
        tmnxIPsecGWHistStatsIntvStTm,
        tmnxIPsecGWHistStatsIntvDur,
        tmnxIPsecGWHistStatsFstFTm,
        tmnxIPsecGWHistStatsFstFDesc,
        tmnxIPsecGWHistStatsLstFTm,
        tmnxIPsecGWHistStatsLstFDesc,
        tmnxIPsecIsaHistStatsValue64,
        tmnxIPsecIsaHistStatsValue32,
        tmnxIPsecIsaHistStatsIntvStTm,
        tmnxIPsecIsaHistStatsIntvDur,
        tmnxIPsecIsaHistStatsFstFTm,
        tmnxIPsecIsaHistStatsFstFDesc,
        tmnxIPsecIsaHistStatsLstFTm,
        tmnxIPsecIsaHistStatsLstFDesc,
        tmnxIPsecTnlGrpHistStatsValue64,
        tmnxIPsecTnlGrpHistStatsValue32,
        tmnxIPsecTnlGrpHistStatsIntvStTm,
        tmnxIPsecTnlGrpHistStatsIntvDur,
        tmnxIPsecTnlGrpHistStatsFstFTm,
        tmnxIPsecTnlGrpHistStatsFstFDesc,
        tmnxIPsecTnlGrpHistStatsLstFTm,
        tmnxIPsecTnlGrpHistStatsLstFDesc,
        tmnxIPsecSysHistStatsValue64,
        tmnxIPsecSysHistStatsValue32,
        tmnxIPsecSysHistStatsIntvStTm,
        tmnxIPsecSysHistStatsIntvDur,
        tmnxIPsecSysHistStatsFstFTm,
        tmnxIPsecSysHistStatsFstFDesc,
        tmnxIPsecSysHistStatsLstFTm,
        tmnxIPsecSysHistStatsLstFDesc,
        tmnxIPsecTnlHistStatsValue64,
        tmnxIPsecTnlHistStatsIntvStTm,
        tmnxIPsecTnlHistStatsIntvDur,
        tmnxIPsecRUTnlHistStatsValue64,
        tmnxIPsecRUTnlHistStatsIntvStTm,
        tmnxIPsecRUTnlHistStatsIntvDur
    }
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecHistStatsV15v0Group contains objects for the IPsec
         historical statistics capability on Nokia SROS series systems for
         release 15.0."
    ::= { tmnxIPsecGroups 52 }

tmnxIPsecCertObsoleteV15v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTunnelCertTrustAnchor,
        tmnxIPsecTunnelCertFile,
        tmnxIPsecTunnelKeyFile,
        tmnxIPsecGWLclX509Cert,
        tmnxIPsecGWLclPrivateKey,
        tmnxIPsecGWCertTrustAnchor
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPSec X.509 certificate
         specific capabilities on Nokia SROS series systems that were made
         obsolete in release 15.0."
    ::= { tmnxIPsecGroups 53 }

tIPsecTcpMssAdjustV15v0Grp       OBJECT-GROUP
    OBJECTS     {
        tIPsecTnlTempPublicTcpMssAdjust,
        tIPsecTnlTempPrivateTcpMssAdjust,
        tmnxIPsecTunnelPubTcpMssAdjust,
        tmnxIPsecTunnelPrivTcpMssAdjust,
        tIPsecRUTnlPubTcpMss,
        tIPsecRUTnlPrivTcpMss
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of the IPsec TCP MSS
         adjustment capability on Nokia SROS series systems for release 15.0."
    ::= { tmnxIPsecGroups 54 }

tmnxIkePolicyObsoleteV15v0Group  OBJECT-GROUP
    OBJECTS     {
        tmnxIkePolicyDHGroup,
        tmnxIkePolicyAuthAlgorithm,
        tmnxIkePolicyEncrAlgorithm,
        tmnxIkePolicyIsakmpLifeTime
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IKE policy capabilities
         on Nokia SROS series systems that were made obsolete in release 15.0."
    ::= { tmnxIPsecGroups 55 }

tmnxIPsecSvcLevelCfgV14v0Grp     OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecSvcLevelCfgTableLastChg
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of the IPsec configurations
         in the service level on Nokia SROS series systems for release 14.0."
    ::= { tmnxIPsecGroups 56 }

tmnxIPsecTransformV15v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTransformPfsDhGroup,
        tmnxIPsecTransformLifeTime,
        tmnxIPsecTunnelStatIsakmpAuthAlg,
        tmnxIPsecTunnelStatIsakmpEncrAlg,
        tmnxIPsecTunnelStatIsakmpPfsDhGp,
        tIPsecRUTnlStatsIsakmpAuthAlg,
        tIPsecRUTnlStatsIsakmpEncrAlg,
        tIPsecRUTnlStatsIsakmpPfsDhGrp,
        tIPsecRUSAStatsPfsDhGroup,
        tmnxIPsecSAStatsPfsDhGroup
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of the IPsec transform
         capabilities on Nokia SROS series systems for release 15.0."
    ::= { tmnxIPsecGroups 57 }

tmnxIPsecEmbmsV15v0Group         OBJECT-GROUP
    OBJECTS     {
        tIPsecRUSAStatsMulticastIfName,
        tIPsecRUSAStatsMulticastProt,
        tmnxIPsecSAStatsMulticastIfName,
        tmnxIPsecSAStatsMulticastProt
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of the IPsec Evolved
         Multimedia Broadcast Multicast Service (eMBMS) capabilities on Nokia
         SROS series systems for release 15.0."
    ::= { tmnxIPsecGroups 58 }

tmnxIPsecGWStatsV15v0Grp         OBJECT-GROUP
    OBJECTS     {
        tIPsecRUTnlInUseIkePolicy,
        tmnxIPsecGWStatsNumOfDl2lTnls,
        tmnxIPsecGWStatsNumOfRaTnls
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec gateway statistics
         on Nokia SROS series systems for release 15.0."
    ::= { tmnxIPsecGroups 59 }

tmnxIPsecNoOfSaKeysV16v0Grp      OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecGWMaxNumPh1SaKeys,
        tmnxIPsecGWMaxNumPh2SaKeys,
        tmnxIPsecTunnelMaxNumPh1SaKeys,
        tmnxIPsecTunnelMaxNumPh2SaKeys,
        tmnxIPsecScalarObjsShowKeys
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec Security
         Association (SA) key storage capabilities on Nokia SROS series systems
         for release 16.0."
    ::= { tmnxIPsecGroups 60 }

tmnxIPsecSvcNameV16v0Grp         OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTunnelPublicSvcName,
        tmnxIPsecGWSecureServiceName,
        tmnxIPsecGWDhcpServiceName,
        tmnxIPsecGWDhcpV6ServiceName,
        tIPsecGWLclAddrAssignIp4SrvrSvcN,
        tIPsecGWLclAddrAssignIp6SrvrSvcN,
        tIPsecClientDBClientPrivateSvcNm
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec service name
         capabilities on Nokia SROS series systems for release 16.0."
    ::= { tmnxIPsecGroups 61 }

tmnxIPsecTnlBfdSessV16v0Grp      OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTnlBfdSessTableLChg,
        tmnxIPsecTnlBfdSessRowStatus,
        tmnxIPsecTnlBfdSessSvcId,
        tmnxIPsecTnlBfdSessSvcName,
        tmnxIPsecTnlBfdSessIfName,
        tmnxIPsecTnlBfdSessDstAddrT,
        tmnxIPsecTnlBfdSessDstAddr,
        tmnxIPsecTnlBfdSessStatSrcAddrT,
        tmnxIPsecTnlBfdSessStatSrcAddr,
        tmnxIPsecTnlBfdSessStatOperState
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec tunnel BFD session
         capabilities on Nokia SROS series systems for release 16.0."
    ::= { tmnxIPsecGroups 62 }

tmnxIPsecTnlBfdObsoleteV16v0Grp  OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTunnelBfdRowStatus,
        tmnxIPsecTunnelBfdSrcAddrType,
        tmnxIPsecTunnelBfdSrcAddr,
        tmnxIPsecTunnelBfdSessOperState,
        tmnxIPsecTunnelBfdLastChanged,
        tmnxIPsecTunnelBfdTableLastChgd
    }
    STATUS      current
    DESCRIPTION
        "The group of obsoleted objects of IPsec tunnel BFD service capabality
         on Nokia SROS series systems for release 16.0."
    ::= { tmnxIPsecGroups 63 }

tmnxIkePolicyV15v0Group          OBJECT-GROUP
    OBJECTS     {
        tmnxIkePolicyLimitInitExchange,
        tmnxIkePolicyReducedMaxExchgTt
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec IKE policy
         capabilities on Nokia SROS series systems for release 15.0."
    ::= { tmnxIPsecGroups 64 }

tmnxIPsecCertProfV16v0Group      OBJECT-GROUP
    OBJECTS     {
        tIPsecCertProfEntryIdRsaSign
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec certificate
         profile capabilities on Nokia SROS series systems for release 16.0."
    ::= { tmnxIPsecGroups 65 }

tmnxIkeTransformV16v0Grp         OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecIkeTransformPrfAlg,
        tmnxIPsecTunnelStatIkeTranPrfAlg,
        tIPsecRUTnlStatsIkeTranPrfAlg
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IKE transform
         capabilities on Nokia SROS series systems for release 16.0."
    ::= { tmnxIPsecGroups 67 }

tmnxIPsecTunnelV15v0Grp          OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecTunnelSecPlyStrictMatch
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec tunnel
         capabilities on Nokia SROS series systems for release 15.0."
    ::= { tmnxIPsecGroups 68 }

tmnxVRtrIdIPsecTnlV19v0Group     OBJECT-GROUP
    OBJECTS     {
        tmnxVRtIPsecTnlTableLastChanged,
        tmnxVRtIPsecTnlRowStatus,
        tmnxVRtIPsecTnlLastChanged,
        tmnxVRtIPsecTnlAdminState,
        tmnxVRtIPsecTnlOperState,
        tmnxVRtIPsecTnlDescription,
        tmnxVRtIPsecTnlLclGwAddrType,
        tmnxVRtIPsecTnlLclGwAddr,
        tmnxVRtIPsecTnlRemGwAddrType,
        tmnxVRtIPsecTnlRemGwAddr,
        tmnxVRtIPsecTnlSecurityPolicyId,
        tmnxVRtIPsecTnlKeyingType,
        tmnxVRtIPsecTnlDynTransformId1,
        tmnxVRtIPsecTnlDynTransformId2,
        tmnxVRtIPsecTnlDynTransformId3,
        tmnxVRtIPsecTnlDynTransformId4,
        tmnxVRtIPsecTnlIkePolicyId,
        tmnxVRtIPsecTnlIkePreSharedKey,
        tmnxVRtIPsecTnlOperFlags,
        tmnxVRtIPsecTnlReplayWindow,
        tmnxVRtIPsecTnlAutoEstablish,
        tmnxVRtIPsecTnlBfdDesignate,
        tmnxVRtIPsecTnlLocalIdType,
        tmnxVRtIPsecTnlLocalIdValue,
        tmnxVRtIPsecTnlClearDfBit,
        tmnxVRtIPsecTnlIpMtu,
        tmnxVRtIPsecTnlHostISA,
        tmnxVRtIPsecTnlCSVPrimary,
        tmnxVRtIPsecTnlCSVSecondary,
        tmnxVRtIPsecTnlCSVDefResult,
        tmnxVRtIPsecTnlCertProfile,
        tmnxVRtIPsecTnlMatchTrustAnchor,
        tmnxVRtIPsecTnlCertTrstAnchrProf,
        tmnxVRtIPsecTnlEncapIpMtu,
        tmnxVRtIPsecTnlPropagateIpv6PMTU,
        tmnxVRtIPsecTnlIcmp6Pkt2Big,
        tmnxVRtIPsecTnlIcmp6NumPkt2Big,
        tmnxVRtIPsecTnlIcmp6Pkt2BigTime,
        tmnxVRtIPsecTnlOperChanged,
        tmnxVRtIPsecTnlPropagateIpv4PMTU,
        tmnxVRtIPsecTnlIcmpFragReq,
        tmnxVRtIPsecTnlIcmpFragReqNum,
        tmnxVRtIPsecTnlIcmpFragReqTime,
        tmnxVRtIPsecTnlPMTUDiscoverAging,
        tmnxVRtIPsecTnlPubTcpMssAdjust,
        tmnxVRtIPsecTnlPrivTcpMssAdjust,
        tmnxVRtIPsecTnlMaxNumPh1SaKeys,
        tmnxVRtIPsecTnlMaxNumPh2SaKeys,
        tmnxVRtIPsecTnlSecPlyStrictMatch,
        tmnxVRtIPsecTnlPrivateSvcName,
        tmnxVRtIPsecTnlPrivSap,
        tmnxVRtIPsecTnlBfdTableLChg,
        tmnxVRtIPsecTnlBfdRowStatus,
        tmnxVRtIPsecTnlBfdSvcName,
        tmnxVRtIPsecTnlBfdIfName,
        tmnxVRtIPsecTnlBfdDstAddrT,
        tmnxVRtIPsecTnlBfdDstAddr,
        tmnxVRtIPsecTnlBfdStatSrcAddrT,
        tmnxVRtIPsecTnlBfdStatSrcAddr,
        tmnxVRtIPsecTnlBfdStatOperState,
        tmnxVRtIPsecSATableLastChanged,
        tmnxVRtIPsecSARowStatus,
        tmnxVRtIPsecSALastChanged,
        tmnxVRtIPsecSAType,
        tmnxVRtIPsecSAEncryptionKey,
        tmnxVRtIPsecSAAuthenticationKey,
        tmnxVRtIPsecSASpi,
        tmnxVRtIPsecSAManualTransformId,
        tmnxVRtIPsecSAAuthAlgorithm,
        tmnxVRtIPsecSAEncrAlgorithm,
        tmnxVRtIPsecSAStorageType,
        tmnxVRtIPsecSAEstablishedTime,
        tmnxVRtIPsecSANegotiatedLifeTime,
        tmnxVRtIPsecSAStBytesProcessed,
        tmnxVRtIPsecSAStBytesProcLow32,
        tmnxVRtIPsecSAStBytesProcHigh32,
        tmnxVRtIPsecSAStPktsProcessed,
        tmnxVRtIPsecSAStPktsProcLow32,
        tmnxVRtIPsecSAStPktsProcHigh32,
        tmnxVRtIPsecSAStCryptoErrors,
        tmnxVRtIPsecSAStReplayErrors,
        tmnxVRtIPsecSAStSAErrors,
        tmnxVRtIPsecSAStPolicyErrors,
        tmnxVRtIPsecSAStEncapOverhead,
        tmnxVRtIPsecSAStPreEncapFragCnt,
        tmnxVRtIPsecSAStPreEncapFragLtSz,
        tmnxVRtIPsecSAStPstEncapFragCnt,
        tmnxVRtIPsecSAStPstEncapFragLtSz,
        tmnxVRtIPsecSAStPfsDhGroup,
        tmnxVRtIPsecSAStTempPrivMtu,
        tmnxVRtIPsecSAStMulticastIfName,
        tmnxVRtIPsecSAStMulticastProt,
        tmnxVRtSecPlcyTableLastChanged,
        tmnxVRtSecPlcyRowStatus,
        tmnxVRtSecPlcyLastChanged,
        tmnxVRtSecPlcyParamTblLastChangd,
        tmnxVRtSecPlcyParamRowStatus,
        tmnxVRtSecPlcyParamLastChanged,
        tmnxVRtSecPlcyParamLclAddrAny,
        tmnxVRtSecPlcyParamLclAddrType,
        tmnxVRtSecPlcyParamLclAddr,
        tmnxVRtSecPlcyParamLclAPrefLen,
        tmnxVRtSecPlcyParamRemAddrAny,
        tmnxVRtSecPlcyParamRemAddrType,
        tmnxVRtSecPlcyParamRemAddr,
        tmnxVRtSecPlcyParamRemAPrefLen,
        tmnxVRtSecPlcyParam6LclAddrAny,
        tmnxVRtSecPlcyParam6LclAddrType,
        tmnxVRtSecPlcyParam6LclAddr,
        tmnxVRtSecPlcyParam6LclAPrefLen,
        tmnxVRtSecPlcyParam6RemAddrAny,
        tmnxVRtSecPlcyParam6RemAddrType,
        tmnxVRtSecPlcyParam6RemAddr,
        tmnxVRtSecPlcyParam6RemAPrefLen,
        tmnxVRtIfIPsecTblLstCgd,
        tmnxVRtIfIPsecRowStatus,
        tmnxVRtIfIPsecLastChgd,
        tmnxVRtIfIPsecAdminState,
        tmnxVRtIfIPsecIpFilterInExcptId,
        tmnxVRtIfIPsecIsaTnlGroup,
        tmnxVRtIfIPsecPubSap,
        tmnxVRtIfIPsecIpv6FilterInExcId,
        tmnxVRtIPsecTnlLclGwAddrOvrd,
        tmnxVRtIPsecTnlLclGwAddrOvrdType,
        tmnxVRtIPsecTnlIsakmpState,
        tmnxVRtIPsecTnlIsakmpEstabTime,
        tmnxVRtIPsecTnlIsakmpNegLifeTime,
        tmnxVRtIPsecTnlNumDpdTx,
        tmnxVRtIPsecTnlNumDpdRx,
        tmnxVRtIPsecTnlNumDpdAckTx,
        tmnxVRtIPsecTnlNumDpdAckRx,
        tmnxVRtIPsecTnlNumExpRx,
        tmnxVRtIPsecTnlNumInvalidDpdRx,
        tmnxVRtIPsecTnlNumCtrlPktsTx,
        tmnxVRtIPsecTnlNumCtrlPktsRx,
        tmnxVRtIPsecTnlNumCtrlTxErrors,
        tmnxVRtIPsecTnlNumCtrlRxErrors,
        tmnxVRtIPsecTnlMatCertEntryId,
        tmnxVRtIPsecTnlCertProfName,
        tmnxVRtIPsecTnlStatIsakmpAuthAlg,
        tmnxVRtIPsecTnlStatIsakmpEncrAlg,
        tmnxVRtIPsecTnlStatIsakmpPfsDhGp,
        tmnxVRtIPsecTnlStatIkeTranPrfAlg
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec tunnel
         capabilities on Nokia SROS series systems for release 17.0."
    ::= { tmnxIPsecGroups 69 }

tIPsecTnlTempGroupV19v0Group     OBJECT-GROUP
    OBJECTS     {
        tIPsecTnlTempDescr,
        tIPsecTnlTempDynKeyTransformId1,
        tIPsecTnlTempDynKeyTransformId2,
        tIPsecTnlTempDynKeyTransformId3,
        tIPsecTnlTempDynKeyTransformId4,
        tIPsecTnlTempLastChanged,
        tIPsecTnlTempReplayWindow,
        tIPsecTnlTempReverseRoute,
        tIPsecTnlTempRowStatus,
        tIPsecTnlTempTblLastChanged,
        tmnxIkePolicyAuthMethod,
        tIPsecTnlTempIgnoreDefaultRoute
    }
    STATUS      current
    DESCRIPTION
        "The group of objects for IPsec tunnel template on Nokia SROS series
         systems for release 19.0"
    ::= { tmnxIPsecGroups 71 }

tmnxIPsecNotifyObjsV19v0Group    OBJECT-GROUP
    OBJECTS     {
        tIPsecNotifTunnelType,
        tIPsecNotifTunnelIdentifier
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec notification
         objects on Nokia SROS series systems in release 19v0."
    ::= { tmnxIPsecGroups 72 }

tmnxIPsecObsoleteV20v0Grp        OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecSvcLevelCfgRsvRtrOvrd
    }
    STATUS      current
    DESCRIPTION
        "The group of obsoleted objects suporting management of IPsec
         capabilities on Nokia SROS series systems for release 20.0."
    ::= { tmnxIPsecGroups 75 }

tmnxIPsecSvcLevelCfgV20v0Grp     OBJECT-GROUP
    OBJECTS     {
        tmnxIPsecSvcLevelCfgRROvrdType
    }
    STATUS      current
    DESCRIPTION
        "The group of additional objects supporting management of the IPsec
         configurations in the service level on Nokia SROS series systems for
         release 20.0."
    ::= { tmnxIPsecGroups 76 }

tmnxIPsecNotifGroups             OBJECT IDENTIFIER ::= { tmnxIPsecConformance 3 }

tmnxIPsecNotifGroup              NOTIFICATION-GROUP
    NOTIFICATIONS {
        tIPsecRUTnlFailToCreate,
        tIPsecRUTnlRemoved,
        tIPsecRUSAFailToAddRoute,
        tIPsecBfdIntfSessStateChgd
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting IPsec on the Nokia SROS series
         systems."
    ::= { tmnxIPsecNotifGroups 1 }

tIPsecIkev2RaTunNotifGroup       NOTIFICATION-GROUP
    NOTIFICATIONS {
        tIPsecRadAcctPlcyFailure
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting IPsec IKEv2 remote-access tunnel
         feature on the Nokia SROS series systems."
    ::= { tmnxIPsecNotifGroups 2 }

tIPSecTrustAnchorProfNotifGroup  NOTIFICATION-GROUP
    NOTIFICATIONS {
        tIPSecTrustAnchorPrfOprChg
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting IPsec trust anchor profiles
         feature on the Nokia SROS series systems release 12.0."
    ::= { tmnxIPsecNotifGroups 3 }

tIPSecTunnelEncapNotifGroup      NOTIFICATION-GROUP
    NOTIFICATIONS {
        tIPsecTunnelEncapIpMtuTooSmall,
        tIPsecRuTnlEncapIpMtuTooSmall
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting IPsec tunnel encapsulation
         feature on the Nokia SROS series systems release 12.0."
    ::= { tmnxIPsecNotifGroups 4 }

tmnxIPSecTunnelNotifV11v0Group   NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxIPsecTunnelOperStateChange
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting the IPsec tunnel feature on
         Nokia SROS series systems release 11.0."
    ::= { tmnxIPsecNotifGroups 5 }

tmnxIPSecGWNotifV13v0Group       NOTIFICATION-GROUP
    NOTIFICATIONS {
        tmnxIPsecGWOperStateChange
    }
    STATUS      current
    DESCRIPTION
        "The group of additional notifications supporting the IPsec gateway
         feature on Nokia SROS series systems release 13.0."
    ::= { tmnxIPsecNotifGroups 6 }

tmnxIPsecTunnelNotifV19v0Group   NOTIFICATION-GROUP
    NOTIFICATIONS {
        tIPsecTunnelProtocolFailed
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting IPsec on the Nokia SROS series
         systems release 19.0."
    ::= { tmnxIPsecNotifGroups 7 }

tmnxIPsecMGCompliances           OBJECT IDENTIFIER ::= { tmnxIPsecConformance 4 }

tmnxIPsecMGGroups                OBJECT IDENTIFIER ::= { tmnxIPsecConformance 5 }

tmnxIPsecNotifyPrefix            OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 48 }

tmnxIPsecNotifications           OBJECT IDENTIFIER ::= { tmnxIPsecNotifyPrefix 0 }

tIPsecRUTnlFailToCreate          NOTIFICATION-TYPE
    OBJECTS     {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecNotifRUTnlInetAddrType,
        tIPsecNotifRUTnlInetAddress,
        tIPsecNotifRUTnlPort,
        tIPsecNotifReason
    }
    STATUS      current
    DESCRIPTION
        "The trap tIPsecRUTnlFailToCreate is sent when creation of a
         remote-user tunnel fails with reason indicated by tIPsecNotifReason."
    ::= { tmnxIPsecNotifications 1 }

tIPsecRUSAFailToAddRoute         NOTIFICATION-TYPE
    OBJECTS     {
        tIPsecRUSARemAddrType,
        tIPsecRUSARemAddr,
        tIPsecRUSARemAPrefLen,
        tIPsecNotifReason
    }
    STATUS      current
    DESCRIPTION
        "The trap tIPsecRUSAFailToAddRoute is sent when adding route to
         tIPsecRUSARemAddr for the remote-user tunnel fails with reason
         indicated by tIPsecNotifReason."
    ::= { tmnxIPsecNotifications 2 }

tIPsecBfdIntfSessStateChgd       NOTIFICATION-TYPE
    OBJECTS     {
        tIPsecNotifBfdIntfSvcId,
        tIPsecNotifBfdIntfIfName,
        tIPsecNotifBfdIntfDestIpType,
        tIPsecNotifBfdIntfDestIp,
        tIPsecNotifBfdIntfSessState
    }
    STATUS      current
    DESCRIPTION
        "The notification tIPsecBfdIntfSessStateChgd is generated when the
         operational state of BFD session of the IPSec instance changes."
    ::= { tmnxIPsecNotifications 3 }

tIPsecRadAcctPlcyFailure         NOTIFICATION-TYPE
    OBJECTS     {
        tIPsecRadAcctPlcyRowStatus,
        tIPsecRadAcctPlcyFailReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tIPsecRadAcctPlcyFailure notification is generated when a
         RADIUS accounting request was not sent out successfully to any of the
         RADIUS servers in the indicated accounting policy.

         [EFFECT] The RADIUS server may not receive the accounting information.

         [RECOVERY] Depending on the reason indicated as per
         'tIPsecRadAcctPlcyFailReason', 'tIPsecRadAcctPlcyTable' configuration
         may need to be changed."
    ::= { tmnxIPsecNotifications 4 }

tIPSecTrustAnchorPrfOprChg       NOTIFICATION-TYPE
    OBJECTS     {
        tIPsecTrustAnchorCAProfDown
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tIPSecTrustAnchorPrfOprChg notification is generated when
         not all of the trust-anchors in a profile are operational.

         [EFFECT] Authentication of tunnels configured with the
         trust-anchor-profile will fail if the trusted CA (Certificate
         Authority) in the certificate chain is not operational.

         [RECOVERY] Bring the trusted CA-profile operational up"
    ::= { tmnxIPsecNotifications 5 }

tIPsecTunnelEncapIpMtuTooSmall   NOTIFICATION-TYPE
    OBJECTS     {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecNotifIPsecTunnelName,
        tIPsecNotifConfigIpMtu,
        tIPsecNotifEncapOverhead,
        tIPsecNotifConfigEncapIpMtu
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tIPsecTunnelEncapIpMtuTooSmall notification is generated
         when the addition of tunnel encapsulation to a packet at or near the
         IPsec static tunnel's configured IP MTU may cause it to exceed the
         tunnel's configured encapsulated IP MTU.

         [EFFECT] The pre-encapsulated packet may be fragmented, and will
         require reassembly by the tunnel remote endpoint, causing a
         performance impact.

         [RECOVERY] Configured IP MTU and/or encapsulated IP MTU may need to be
         changed depending on the size of the encapsulation overhead as
         indicated in 'tIPsecNotifEncapOverhead', and the transmission
         capabilities of the tunnel's transport network."
    ::= { tmnxIPsecNotifications 6 }

tIPsecRuTnlEncapIpMtuTooSmall    NOTIFICATION-TYPE
    OBJECTS     {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecNotifRUTnlInetAddrType,
        tIPsecNotifRUTnlInetAddress,
        tIPsecNotifRUTnlPort,
        tIPsecNotifConfigIpMtu,
        tIPsecNotifEncapOverhead,
        tIPsecNotifConfigEncapIpMtu
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tIPsecRuTnlEncapIpMtuTooSmall notification is generated
         when the addition of tunnel encapsulation to a packet at or near the
         IPsec remote user tunnel's configured IP MTU may cause it to exceed
         the tunnel's configured encapsulated IP MTU.

         [EFFECT] The pre-encapsulated packet may be fragmented, and will
         require reassembly by the tunnel remote endpoint, causing a
         performance impact.

         [RECOVERY] Configured IP MTU and/or encapsulated IP MTU may need to be
         changed depending on the size of the encapsulation overhead as
         indicated in 'tIPsecNotifEncapOverhead', and the transmission
         capabilities of the tunnel's transport network."
    ::= { tmnxIPsecNotifications 7 }

tmnxSecNotifCmptedCertHashChngd  NOTIFICATION-TYPE
    OBJECTS     {
        tIPsecNotifCertProfileName,
        tIPsecNotifCertProfEntryId,
        tIPsecNotifCaProfNames
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxSecNotifCmptedCertHashChngd notification is generated
         when the hash of a certificate chain is changed.

         [EFFECT] The hash of the recomputed certificate chain will be used for
         choosing cert-profile entry during new IPsec tunnel establishment.

         [RECOVERY] If the changed CA certificate is used as a trust-anchor at
         the peer, then the certificate should be updated at the peer as well
         to ensure correct cert-profile entry selection."
    ::= { tmnxIPsecNotifications 8 }

tmnxSecNotifCmptedCertChnChngd   NOTIFICATION-TYPE
    OBJECTS     {
        tIPsecNotifCertProfileName,
        tIPsecNotifCertProfEntryId,
        tIPsecNotifCaProfNames
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxSecNotifCmptedCertChnChngd notification is generated
         when a computed certificate chain is changed due to a dependent CA
         profile being changed and brought into service.

         [EFFECT] The hash of the recomputed certificate chain, if changed,
         will be used for choosing cert-profile entry during new IPsec tunnel
         establishment.

         [RECOVERY] If the changed CA certificate is used as a trust-anchor at
         the peer, then the certificate should be updated at the peer as well
         to ensure correct cert-profile entry selection."
    ::= { tmnxIPsecNotifications 9 }

tmnxSecNotifSendChnNotInCmptChn  NOTIFICATION-TYPE
    OBJECTS     {
        tIPsecNotifCertProfileName,
        tIPsecNotifCertProfEntryId,
        tIPsecNotifCaProfNames
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxSecNotifSendChnNotInCmptChn notification is generated
         when a CA profile not belonging to the computed certificate chain is
         added to the send-chain of a cert-profile entry, or the certificate
         chain is changed such that a CA-profile in the send-chain is no longer
         a member of the chain.

         [EFFECT] The CA certificate(s) to be sent to the peer is not a member
         of the certificate chain that is requested by the peer for new IPsec
         tunnel establishment.

         [RECOVERY] Replace the send-chain CA profile that is not in the
         certificate chain with one that is."
    ::= { tmnxIPsecNotifications 10 }

tmnxIPsecTunnelOperStateChange   NOTIFICATION-TYPE
    OBJECTS     {
        tmnxIPsecTunnelAdminState,
        tmnxIPsecTunnelOperState,
        tmnxIPsecTunnelOperFlags
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxIPsecTunnelOperStateChange notification is generated
         when there is a change in tmnxIPsecTunnelOperState for an IPsec
         tunnel.

         [EFFECT] When the value of tmnxIPsecTunnelOperState is
         'outOfService (3)', the IPsec tunnel is operationally down and
         traffic arriving at the tunnel endpoints will not be encapsulated
         and transported. When the value of tmnxIPsecTunnelOperState is
         'inService (2)', the  IPsec tunnel is operationally up. When the
         value of tmnxIPsecGWOperState is 'limited (5)', the IPsec tunnel is
         operationally up but may not be ready to re-establish the connection
         until the conditions indicated in the tmnxIPsecTunnelOperFlags are
         cleared.

         [RECOVERY] Please refer to tmnxIPsecTunnelOperFlags for information on
         why the tunnel is operationally down."
    ::= { tmnxIPsecNotifications 11 }

tmnxIPsecGWOperStateChange       NOTIFICATION-TYPE
    OBJECTS     {
        tmnxIPsecGWName,
        tmnxIPsecGWAdminState,
        tmnxIPsecGWOperState,
        tmnxIPsecGWOperFlags
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] The tmnxIPsecGWOperStateChange notification is generated when
         there is a state change in tmnxIPsecGWOperState for an IPsec gateway.

         [EFFECT] When the value of tmnxIPsecGWOperState is 'outOfService (3)',
         the IPsec gateway is operationally down and it is not ready to
         negotiate IKE sessions with remote clients. When the value of
         tmnxIPsecGWOperState is 'inService (2)', the IPsec gateway is
         operationally up. When the value of tmnxIPsecGWOperState is 'limited
         (5)', the IPsec gateway is not fully operationally up due to the
         conditions indicated in tmnxIPsecTunnelOperFlags and can only
         negotiate limited new IKE sessions.

         [RECOVERY] Please refer to tmnxIPsecGWOperFlags for information on why
         the gateway is operationally down."
    ::= { tmnxIPsecNotifications 12 }

tIPsecRUTnlRemoved               NOTIFICATION-TYPE
    OBJECTS     {
        svcId,
        sapPortId,
        sapEncapValue,
        tIPsecNotifRUTnlInetAddrType,
        tIPsecNotifRUTnlInetAddress,
        tIPsecNotifRUTnlPort,
        tIPsecNotifReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tIPsecRUTnlRemoved notification is generated when a
         remote-user tunnel is removed under certain reasons, which are
         indicated by tIPsecNotifReason (e.g., failed to renew private address
         lease with DHCP server).

         [EFFECT] The IPsec tunnel becomes operationally out of service."
    ::= { tmnxIPsecNotifications 13 }

tIPsecTunnelProtocolFailed       NOTIFICATION-TYPE
    OBJECTS     {
        tIPsecNotifTunnelType,
        tIPsecNotifTunnelIdentifier,
        tIPsecNotifReason
    }
    STATUS      current
    DESCRIPTION
        "[CAUSE] A tIPsecTunnelProtocolFailed notification is senerated when a
         whenever there is abnormal event from protocol perspective to the
         tunnel, which are indicated by tIPsecNotifReason (e.g., tunnel
         encounters a dpd-timeout, or no-proposal-chosen during rekey, etc).


         [EFFECT] These abnormal events don't always necessarily cause the
         tunnel to change its operational-status or to be removed.

         [RECOVERY] Please refer to operational-flags of the tunnel for more
         information."
    ::= { tmnxIPsecNotifications 14 }

END
