-- PICO IPsec Flow Monitor Product Vendor MIB
-- From file: "PICO-IPSEC-FLOW-MONITOR-MIB"

-- Copyright (c) 2001-2013 NEC Infrontia All Rights Reserved.

-- Update History
--
-- 2002/12/20  : R0.1 draft
-- 2003/03/11  : R1.0 initial release
-- 2008/10/20  : R1.1 change EncryptAlgo des3->3des
-- 2010/11/01  : R1.2 add sha2 to IkeHashAlgo,AuthAlgo
-- 2011/03/23  : R1.3 add null to EncryptAlgo
-- 2013/12/12  : R1.4 change EncryptAlgo 3des->des3

PICO-IPSEC-FLOW-MONITOR-MIB DEFINITIONS ::= BEGIN

IMPORTS
    picoIpSecFlowMonitorMIB
        FROM PICO-SMI
    OBJECT-TYPE
        FROM RFC-1212
    TRAP-TYPE
        FROM RFC-1215
    Counter, Gauge, enterprises
        FROM RFC1155-SMI
    DisplayString, TimeInterval, TimeStamp, TruthValue
        FROM SNMPv2-TC;

--
-- Local Textual Conventions
--
IPSIpAddress ::= OCTET STRING (SIZE(4 | 16))

IkePeerType ::= INTEGER {
	idIpv4Addr(1),
	idFqdn(2),
	idDn(3),
	idIpv6Addr(4)
	}

IkeNegoMode ::= INTEGER {
	main(1),
	aggressive(2)
	}

IkeHashAlgo ::= INTEGER {
	none(1),
	md5(2),
	sha(3),
	sha2-256(4),
	sha2-384(5),
	sha2-512(6)
	}

IkeAuthMethod ::= INTEGER {
        none(1),
        preSharedKey(2),
        rsaSig(3),
        rsaEncrypt(4),
        revPublicKey(5)
        }

DiffHellmanGrp ::= INTEGER {
	none(1),
	modp768(2),
	modp1024(3),
	modp1536(4),
	modp2048(5)
	}

KeyType ::= INTEGER {
        ike(1),
        manual(2)
        }

EncapMode ::= INTEGER {
	tunnel(1),
	transport(2)
	}

EncryptAlgo ::= INTEGER {
        none(1),
        des(2),
        des3(3),
        aes(4),
        null(9)
        }

AuthAlgo ::= INTEGER {
	none(1),
	hmacMd5(2),
	hmacSha(3),
	hmacSha2-256(4),
	hmacSha2-384(5),
	hmacSha2-512(6)
	}

EndPtType ::= INTEGER {
	idIpv4Addr(1),
	idFqdn(2),
	idUserFqdn(3),
	idIpv4AddrSubnet(4),
	idIpv6Addr(5), 
	idIpv6AddrSubnet(6),
	idIpv4AddrRange(7), 
	idIpv6AddrRange(8),
	idDerAsn1Dn(9),
	idDerAsn1Gn(10),
	idKeyId(11)
	}

TunnelStatus ::= INTEGER {
        active(1),
        destroy(2)
        }

TrapStatus ::= INTEGER {
	nabled(1),
	disabled(2)
	}

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec MIB Object Groups
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++

pipSecMIBObjects OBJECT IDENTIFIER ::= { picoIpSecFlowMonitorMIB 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Levels Group
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
pipSecLevels OBJECT IDENTIFIER ::= { pipSecMIBObjects 1 }

pipSecMibLevel OBJECT-TYPE
    SYNTAX      INTEGER (1..4096)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The version of the IPsec MIB."
    ::= { pipSecLevels 1 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec Phase-1 Internet Key Exchange (IKE) Group
--
-- This group consists of:
-- 1) IPsec Phase-1 Global Statistics
-- 2) IPsec Phase-1 Peer Table
-- 3) IPsec Phase-1 Tunnel Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
pipSecPhaseOne OBJECT IDENTIFIER ::= { pipSecMIBObjects 2 }

--
-- The IPsec Phase-1 Global Statistics
--
pikeGlobalStats OBJECT IDENTIFIER ::= { pipSecPhaseOne 1 }

pikeGlobalActiveTunnels OBJECT-TYPE
    SYNTAX      Gauge
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The number of currently active IPsec
         Phase-1 IKE Tunnels. This is equal to the
         number of ISAKMP SAs currently active."
    ::= { pikeGlobalStats 1 }

pikeGlobalInNotifys OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of notifys received by
         all currently and previously active IPsec
         Phase-1 IKE Tunnels."
    ::= { pikeGlobalStats 6 }

pikeGlobalInP2Exchgs OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         received by all currently and previously
         active IPsec Phase-1 IKE Tunnels."
    ::= { pikeGlobalStats 7 }

pikeGlobalInP2ExchgInvalids OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         which were received and found to be contain
         references to unrecognized security parameters.
         This value is accumulated across all currently
         and previously active IPsec ISAKMP SAs."
    ::= { pikeGlobalStats 8 }

pikeGlobalInP2ExchgRejects OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         which were received and validated but were
         rejected by the local policy. This value is
         accumulated across all currently and previously
         active IPsec ISAKMP SAs."
    ::= { pikeGlobalStats 9 }

pikeGlobalInP2SaDelRequests OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 security
         association delete requests received by all
         currently and previously
          active and IPsec Phase-1 IKE Tunnels."
    ::= { pikeGlobalStats 10 }

pikeGlobalOutNotifys OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of notifys sent by all currently
         and previously active IPsec Phase-1 IKE Tunnels."
    ::= { pikeGlobalStats 14 }

pikeGlobalOutP2Exchgs OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         which were sent by all currently and previously
         active IPsec Phase-1 IKE Tunnels."
    ::= { pikeGlobalStats 15 }

pikeGlobalOutP2ExchgInvalids OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         which were sent and were flagged by the peer to
         contain references to unrecognized security
         parameters. This value is accumulated across all
         currently and previously active IPsec ISAKMP SAs."
    ::= { pikeGlobalStats 16 }

pikeGlobalOutP2ExchgRejects OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         which were sent, validated by the peer but were
         rejected by the peer's policy. This value is
         accumulated across all currently and previously
         active IPsec ISAKMP SAs."
    ::= { pikeGlobalStats 17 }

pikeGlobalOutP2SaDelRequests OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 SA
         delete requests sent by all currently and
         previously active IPsec Phase-1 IKE Tunnels."
    ::= { pikeGlobalStats 18 }

pikeGlobalInitTunnels OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-1 IKE
         Tunnels which were locally initiated."
    ::= { pikeGlobalStats 19 }

pikeGlobalInitTunnelFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-1 IKE Tunnels
         which were locally initiated and failed to activate."
    ::= { pikeGlobalStats 20 }

pikeGlobalRespTunnelFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-1 IKE Tunnels
         which were remotely initiated and failed to activate."
    ::= { pikeGlobalStats 21 }

pikeGlobalAuthFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of authentications which ended
         in failure by all current and previous IPsec Phase-1
         IKE Tunnels."
    ::= { pikeGlobalStats 23 }

pikeGlobalDecryptFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of decryptions which ended
         in failure by all current and previous IPsec Phase-1
         IKE Tunnels."
    ::= { pikeGlobalStats 24 }

pikeGlobalHashValidFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of hash validations which ended
         in failure by all current and previous IPsec Phase-1
         IKE Tunnels."
    ::= { pikeGlobalStats 25 }

pikeGlobalRespTunnels OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-1 IKE
         Tunnels which were remotely initiated."
    ::= { pikeGlobalStats 27 }

pikeGlobalInP1SaDelRequests OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of ISAKMP security association
         delete requests received by all currently and
         previously active and ISAKMP security associations."
    ::= { pikeGlobalStats 30 }

pikeGlobalOutP1SaDelRequests OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of ISAKMP security association
         delete requests sent by all currently and
         previously active and ISAKMP security associations."
    ::= { pikeGlobalStats 31 }

--
-- The IPsec Phase-1 Internet Key Exchange Peer Table
--
pikePeerTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PikePeerEntry
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The IPsec Phase-1 Internet Key Exchange Peer Table.
         There is one entry in this table for each IPsec
         Phase-1 IKE peer association which is currently
         associated with an active IPsec Phase-1 Tunnel.
         A peer has an entry in this stable, if and only if
         thjere is at least one Phase-1 or Phase-2 tunnel
         terminating on the managed entity from the peer.
         When all Phase-1 and Phase-2 tunnels to a peer have
         expired, the entry for the peer is deleted off this
         table."
    ::= { pipSecPhaseOne 2 }

pikePeerEntry OBJECT-TYPE
    SYNTAX      PikePeerEntry
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "Each entry contains the attributes associated
         with an IPsec Phase-1 IKE peer association."
    INDEX       { pikePeerLocalType, pikePeerLocalValue, 
                  pikePeerRemoteType, pikePeerRemoteValue, 
                  pikePeerIntIndex }
    ::= { pikePeerTable 1 }

PikePeerEntry ::= SEQUENCE {
    pikePeerLocalType           IkePeerType,
    pikePeerLocalValue          DisplayString,
    pikePeerRemoteType          IkePeerType,
    pikePeerRemoteValue         DisplayString,
    pikePeerIntIndex            INTEGER,
    pikePeerLocalAddr           IPSIpAddress,
    pikePeerRemoteAddr          IPSIpAddress,
    pikePeerActiveTime          TimeInterval,
    pikePeerActiveTunnelIndex   INTEGER
}

pikePeerLocalType OBJECT-TYPE
    SYNTAX      IkePeerType
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The type of local peer identity.  The local peer
         may be identified by:
         1. an IP address, or
         2. or a fully qualified domain name.
         3. or a distinguished name."
    ::= { pikePeerEntry 1 }

pikePeerLocalValue OBJECT-TYPE
    SYNTAX      DisplayString
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The value of the local peer identity.
         If the local peer type is an IP Address, then this
         is the IP Address used to identify the local peer.
         If the local peer type is a id_fqdn, then this is
         the FQDN of the local peer.
         If the local peer type is id_dn, then this is
         the DN string of the local peer."
    ::= { pikePeerEntry 2 }

pikePeerRemoteType OBJECT-TYPE
    SYNTAX      IkePeerType
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The type of remote peer identity.  The remote peer
         may be identified by:
         1. an IP address, or
         2. or a fully qualified domain name.
         3. or a distinguished name."
    ::= { pikePeerEntry 3 }

pikePeerRemoteValue OBJECT-TYPE
    SYNTAX      DisplayString
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The value of the remote peer identity.
         If the remote peer type is an IP Address, then this
         is the IP Address used to identify the remote peer.
         If the remote peer type is id_fqdn, then this is
         the FQDN of the remote peer.
         If the remote peer type is a id_dn, then this is
         the DN string of the remote peer."
    ::= { pikePeerEntry 4 }

pikePeerIntIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The internal index of the local-remote
         peer association.  This internal index is used
         to uniquely identify multiple associations between
         the local and remote peer."
    ::= { pikePeerEntry 5 }

pikePeerLocalAddr OBJECT-TYPE
    SYNTAX      IPSIpAddress
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The IP address of the local peer."
    ::= { pikePeerEntry 6 }

pikePeerRemoteAddr OBJECT-TYPE
    SYNTAX      IPSIpAddress
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The IP address of the remote peer."
    ::= { pikePeerEntry 7 }

pikePeerActiveTime OBJECT-TYPE
    SYNTAX      TimeInterval
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The length of time that the peer association has
         existed in hundredths of a second."
    ::= { pikePeerEntry 8 }

pikePeerActiveTunnelIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The index of the active IPsec Phase-1 IKE Tunnel
         (pikeTunIndex in the pikeTunnelTable) for this peer
         association.  If an IPsec Phase-1 IKE Tunnel is
         not currently active, then the value of this
         object will be zero."
    ::= { pikePeerEntry 9 }

--
-- The IPsec Phase-1 Internet Key Exchange Tunnel Table
--
pikeTunnelTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PikeTunnelEntry
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The IPsec Phase-1 Internet Key Exchange Tunnel Table.
         There is one entry in this table for each active IPsec
         Phase-1 IKE Tunnel."
    ::= { pipSecPhaseOne 3 }

pikeTunnelEntry OBJECT-TYPE
    SYNTAX      PikeTunnelEntry
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "Each entry contains the attributes associated with
         an active IPsec Phase-1 IKE Tunnel."
    INDEX       { pikeTunIndex }
    ::= { pikeTunnelTable 1 }

PikeTunnelEntry ::= SEQUENCE {
    pikeTunIndex                    INTEGER,
    pikeTunLocalType                IkePeerType,
    pikeTunLocalValue               DisplayString,
    pikeTunLocalAddr                IPSIpAddress,
    pikeTunRemoteType               IkePeerType,
    pikeTunRemoteValue              DisplayString,
    pikeTunRemoteAddr               IPSIpAddress,
    pikeTunNegoMode                 IkeNegoMode,
    pikeTunDiffHellmanGrp           DiffHellmanGrp,
    pikeTunEncryptAlgo              EncryptAlgo,
    pikeTunHashAlgo                 IkeHashAlgo,
    pikeTunAuthMethod               IkeAuthMethod,
    pikeTunLifeTime                 INTEGER,
    pikeTunActiveTime               TimeInterval,
    pikeTunSaRefreshThreshold       INTEGER,
    pikeTunInNotifys                Counter,
    pikeTunInP2Exchgs               Counter,
    pikeTunInP2ExchgInvalids        Counter,
    pikeTunInP2ExchgRejects         Counter,
    pikeTunInP2SaDelRequests        Counter,
    pikeTunOutNotifys               Counter,
    pikeTunOutP2Exchgs              Counter,
    pikeTunOutP2ExchgInvalids       Counter,
    pikeTunOutP2ExchgRejects        Counter,
    pikeTunOutP2SaDelRequests       Counter,
    pikeTunStatus                   TunnelStatus
}

pikeTunIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The index of the IPsec Phase-1 IKE Tunnel Table.
         The value of the index is a number which begins
         at one and is incremented with each tunnel that
         is created. The value of this object will
         wrap at 2,147,483,647."
    ::= { pikeTunnelEntry 1 }

pikeTunLocalType OBJECT-TYPE
    SYNTAX      IkePeerType
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The type of local peer identity.  The local
         peer may be identified by:
          1. an IP address, or
          2. or a fully qualified domain name string.
          3. or a distinguished name string."
    ::= { pikeTunnelEntry 2 }

pikeTunLocalValue OBJECT-TYPE
    SYNTAX      DisplayString
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The value of the local peer identity.
         If the local peer type is an IP Address, then this
         is the IP Address used to identify the local peer.
         If the local peer type is id_fqdn, then this is
         the FQDN of the remote peer.
         If the local peer type is a id_dn, then this is
         the distinguished name string of the local peer."
    ::= { pikeTunnelEntry 3 }

pikeTunLocalAddr OBJECT-TYPE
    SYNTAX      IPSIpAddress
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The IP address of the local endpoint for the IPsec
         Phase-1 IKE Tunnel."
    ::= { pikeTunnelEntry 4 }

pikeTunRemoteType OBJECT-TYPE
    SYNTAX      IkePeerType
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The type of remote peer identity.
         The remote peer may be identified by:
          1. an IP address, or
          2. or a fully qualified domain name string.
          3. or a distinguished name string."
    ::= { pikeTunnelEntry 6 }

pikeTunRemoteValue OBJECT-TYPE
    SYNTAX      DisplayString
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The value of the remote peer identity.
         If the remote peer type is an IP Address, then this
         is the IP Address used to identify the remote peer.
         If the remote peer type is id_fqdn, then this is
         the FQDN of the remote peer.
         If the remote peer type is a id_dn, then this is
         the distinguished named string of the remote peer."
    ::= { pikeTunnelEntry 7 }

pikeTunRemoteAddr OBJECT-TYPE
    SYNTAX      IPSIpAddress
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The IP address of the remote endpoint for the IPsec
         Phase-1 IKE Tunnel."
    ::= { pikeTunnelEntry 8 }

pikeTunNegoMode OBJECT-TYPE
    SYNTAX      IkeNegoMode
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The negotiation mode of the IPsec Phase-1 IKE Tunnel."
    ::= { pikeTunnelEntry 10 }

pikeTunDiffHellmanGrp OBJECT-TYPE
    SYNTAX      DiffHellmanGrp
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The Diffie Hellman Group used in IPsec Phase-1 IKE
         negotiations."
    ::= { pikeTunnelEntry 11 }

pikeTunEncryptAlgo OBJECT-TYPE
    SYNTAX      EncryptAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The encryption algorithm used in IPsec Phase-1 IKE
         negotiations."
    ::= { pikeTunnelEntry 12 }

pikeTunHashAlgo OBJECT-TYPE
    SYNTAX      IkeHashAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The hash algorithm used in IPsec Phase-1 IKE
         negotiations."
    ::= { pikeTunnelEntry 13 }

pikeTunAuthMethod OBJECT-TYPE
    SYNTAX      IkeAuthMethod
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The authentication method used in IPsec Phase-1 IKE
         negotiations."
    ::= { pikeTunnelEntry 14 }

pikeTunLifeTime OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
         in seconds."
    ::= { pikeTunnelEntry 15 }

pikeTunActiveTime OBJECT-TYPE
    SYNTAX      TimeInterval
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The length of time the IPsec Phase-1 IKE tunnel has been
         active in hundredths of seconds."
    ::= { pikeTunnelEntry 16 }

pikeTunSaRefreshThreshold OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The security assoication refresh threshold in seconds."
    ::= { pikeTunnelEntry 17 }

pikeTunInNotifys OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of notifys received by
         this IPsec Phase-1 IKE Tunnel."
    ::= { pikeTunnelEntry 22 }

pikeTunInP2Exchgs OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2
         exchanges received by
          this IPsec Phase-1 IKE Tunnel."
    ::= { pikeTunnelEntry 23 }

pikeTunInP2ExchgInvalids OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         received on this tunnel that were found to
         contain references to unrecognized security
         parameters."
    ::= { pikeTunnelEntry 24 }

pikeTunInP2ExchgRejects OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         received on this tunnel that were validated but were
         rejected by the local policy."
    ::= { pikeTunnelEntry 25 }

pikeTunInP2SaDelRequests OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2
         security association delete requests received
         by this IPsec Phase-1 IKE Tunnel."
    ::= { pikeTunnelEntry 26 }

pikeTunOutNotifys OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of notifys sent by this
         IPsec Phase-1 Tunnel."
    ::= { pikeTunnelEntry 30 }

pikeTunOutP2Exchgs OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges sent by
         this IPsec Phase-1 IKE Tunnel."
    ::= { pikeTunnelEntry 31 }

pikeTunOutP2ExchgInvalids OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         sent on this tunnel that were found by the peer
         to contain references to security parameters
         not recognized by the peer."
    ::= { pikeTunnelEntry 32 }

pikeTunOutP2ExchgRejects OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         sent on this tunnel that were validated by the peer
         but were rejected by the peer's policy."
    ::= { pikeTunnelEntry 33 }

pikeTunOutP2SaDelRequests OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 security association
         delete requests sent by this IPsec Phase-1 IKE Tunnel."
    ::= { pikeTunnelEntry 34 }

pikeTunStatus OBJECT-TYPE
    SYNTAX      TunnelStatus
--    ACCESS      read-write
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The status of the MIB table row.
         This object can be used to bring the tunnel down
         by setting value of this object to destroy(2).
         This object cannot be used to create
         a MIB table row."
    ::= { pikeTunnelEntry 35 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IPsec Phase-2 Group
--
-- This group consists of:
-- 1) IPsec Phase-2 Global Statistics
-- 2) IPsec Phase-2 Tunnel Table
-- 4) IPsec Phase-2 Security Protection Index Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
pipSecPhaseTwo OBJECT IDENTIFIER ::= { pipSecMIBObjects 3 }

-- The IPsec Phase-2 Global Tunnel Statistics
pipSecGlobalStats OBJECT IDENTIFIER ::= { pipSecPhaseTwo 1 }

pipSecGlobalActiveTunnels OBJECT-TYPE
    SYNTAX      Gauge
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of currently active
         IPsec Phase-2 Tunnels."
    ::= { pipSecGlobalStats 1 }

pipSecGlobalInOctets OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of octets received by all
         current and previous IPsec Phase-2 Tunnels.
         This value is
         accumulated BEFORE determining whether or not
         the packet should be decompressed. See also
         pipSecGlobalInOctWraps for the number of times
         this counter has wrapped."
    ::= { pipSecGlobalStats 3 }

pipSecGlobalInPkts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets received
         by all current and previous
          IPsec Phase-2 Tunnels."
    ::= { pipSecGlobalStats 9 }

pipSecGlobalInDrops OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets dropped
         during receive processing by all current and previous
         IPsec Phase-2 Tunnels. This count does
         NOT include packets dropped due to
         Anti-Replay processing."
    ::= { pipSecGlobalStats 10 }

pipSecGlobalInReplayDrops OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets dropped during
         receive processing due to Anti-Replay
         processing by all current and previous IPsec
          Phase-2 Tunnels."
    ::= { pipSecGlobalStats 11 }

pipSecGlobalInAuths OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound authentication's
         performed by all current and previous IPsec
         Phase-2 Tunnels."
    ::= { pipSecGlobalStats 12 }

pipSecGlobalInAuthFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound authentication's
         which ended in failure by all current and previous
         IPsec Phase-2 Tunnels."
    ::= { pipSecGlobalStats 13 }

pipSecGlobalInDecrypts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound decryption's
         performed by all current and previous IPsec
         Phase-2 Tunnels."
    ::= { pipSecGlobalStats 14 }

pipSecGlobalInDecryptFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound decryption's
         which ended in failure by all current and
         previous IPsec Phase-2 Tunnels."
    ::= { pipSecGlobalStats 15 }

pipSecGlobalOutOctets OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of octets sent by all
         current and previous IPsec Phase-2 Tunnels.
         This value is accumulated AFTER determining
         whether or not the packet should be compressed.
         See also pipSecGlobalOutOctWraps for the
          number of times this counter has wrapped."
    ::= { pipSecGlobalStats 16 }

pipSecGlobalOutPkts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets sent by all
         current and previous
          IPsec Phase-2 Tunnels."
    ::= { pipSecGlobalStats 22 }

pipSecGlobalOutDrops OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets dropped during send
         processing by all current and previous IPsec
         Phase-2 Tunnels."
    ::= { pipSecGlobalStats 23 }

pipSecGlobalOutAuths OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound authentication's
         performed by all current and previous IPsec
         Phase-2 Tunnels."
    ::= { pipSecGlobalStats 24 }

pipSecGlobalOutAuthFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound authentication's
         which ended in failure
          by all current and previous IPsec Phase-2 Tunnels."
    ::= { pipSecGlobalStats 25 }

pipSecGlobalOutEncrypts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound encryption's performed
         by all current and previous IPsec Phase-2 Tunnels."
    ::= { pipSecGlobalStats 26 }

pipSecGlobalOutEncryptFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound encryption's
         which ended in failure by all current and
         previous IPsec Phase-2 Tunnels."
    ::= { pipSecGlobalStats 27 }

pipSecGlobalNoSaFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of non-existent Security Assocication
         in failures which occurred during processing of all
         current and previous IPsec Phase-2 Tunnels."
    ::= { pipSecGlobalStats 33 }

--
-- The IPsec Phase-2 Tunnel Table
--
pipSecTunnelTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PipSecTunnelEntry
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The IPsec Phase-2 Tunnel Table.
         There is one entry in this table for
         each active IPsec Phase-2 Tunnel."
    ::= { pipSecPhaseTwo 2 }

pipSecTunnelEntry OBJECT-TYPE
    SYNTAX      PipSecTunnelEntry
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "Each entry contains the attributes
         associated with an active IPsec Phase-2 Tunnel."
    INDEX       { pipSecTunIndex }
    ::= { pipSecTunnelTable 1 }

PipSecTunnelEntry ::= SEQUENCE {
    pipSecTunIndex                  INTEGER,
    pipSecTunIkeTunnelIndex         INTEGER,
    pipSecTunIkeTunnelAlive         TruthValue,
    pipSecTunLocalAddr              IPSIpAddress,
    pipSecTunRemoteAddr             IPSIpAddress,
    pipSecTunKeyType                KeyType,
    pipSecTunEncapMode              EncapMode,
    pipSecTunLifeSize               INTEGER,
    pipSecTunLifeTime               INTEGER,
    pipSecTunActiveTime             TimeInterval,
    pipSecTunSaLifeSizeThreshold    INTEGER,
    pipSecTunSaLifeTimeThreshold    INTEGER,
    pipSecTunTotalRefreshes         Counter,
    pipSecTunExpiredSaInstances     Counter,
    pipSecTunCurrentSaInstances     Gauge,
    pipSecTunInSaDiffHellmanGrp     DiffHellmanGrp,
    pipSecTunInSaEncryptAlgo        EncryptAlgo,
    pipSecTunInSaAhAuthAlgo         AuthAlgo,
    pipSecTunInSaEspAuthAlgo        AuthAlgo,
    pipSecTunOutSaDiffHellmanGrp    DiffHellmanGrp,
    pipSecTunOutSaEncryptAlgo       EncryptAlgo,
    pipSecTunOutSaAhAuthAlgo        AuthAlgo,
    pipSecTunOutSaEspAuthAlgo       AuthAlgo,
    pipSecTunPmtu                   INTEGER,
    pipSecTunInOctets               Counter,
    pipSecTunInPkts                 Counter,
    pipSecTunInDropPkts             Counter,
    pipSecTunInReplayDropPkts       Counter,
    pipSecTunInAuths                Counter,
    pipSecTunInAuthFails            Counter,
    pipSecTunInDecrypts             Counter,
    pipSecTunInDecryptFails         Counter,
    pipSecTunOutOctets              Counter,
    pipSecTunOutPkts                Counter,
    pipSecTunOutDropPkts            Counter,
    pipSecTunOutAuths               Counter,
    pipSecTunOutAuthFails           Counter,
    pipSecTunOutEncrypts            Counter,
    pipSecTunOutEncryptFails        Counter,
    pipSecTunStatus                 TunnelStatus
}

pipSecTunIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The index of the IPsec Phase-2 Tunnel Table.
         The value of the index is a number which begins
         at one and is incremented with each tunnel that
         is created. The value of this object will wrap
         at 2,147,483,647."
    ::= { pipSecTunnelEntry 1 }

pipSecTunIkeTunnelIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The index of the associated IPsec Phase-1
         IKE Tunnel.
          (pikeTunIndex in the pikeTunnelTable)"
    ::= { pipSecTunnelEntry 2 }

pipSecTunIkeTunnelAlive OBJECT-TYPE
    SYNTAX      TruthValue
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "An indicator which specifies whether or not the
         IPsec Phase-1 IKE Tunnel currently exists."
    ::= { pipSecTunnelEntry 3 }

pipSecTunLocalAddr OBJECT-TYPE
    SYNTAX      IPSIpAddress
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The IP address of the local endpoint for the IPsec
         Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 4 }

pipSecTunRemoteAddr OBJECT-TYPE
    SYNTAX      IPSIpAddress
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The IP address of the remote endpoint for the IPsec
         Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 5 }

pipSecTunKeyType OBJECT-TYPE
    SYNTAX      KeyType
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The type of key used by the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 6 }

pipSecTunEncapMode OBJECT-TYPE
    SYNTAX      EncapMode
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The encapsulation mode used by the
         IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 7 }

pipSecTunLifeSize OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
--     UNITS       "KBytes"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The negotiated LifeSize of the
         IPsec Phase-2 Tunnel in kilobytes."
    ::= { pipSecTunnelEntry 8 }

pipSecTunLifeTime OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
--     UNITS       "Seconds"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The negotiated LifeTime of the
         IPsec Phase-2 Tunnel in seconds."
    ::= { pipSecTunnelEntry 9 }

pipSecTunActiveTime OBJECT-TYPE
    SYNTAX      TimeInterval
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The length of time the IPsec Phase-2
         Tunnel has been
          active in hundredths of seconds."
    ::= { pipSecTunnelEntry 10 }

pipSecTunSaLifeSizeThreshold OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
--     UNITS       "KBytes"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The security association LifeSize refresh
         threshold in kilobytes."
    ::= { pipSecTunnelEntry 11 }

pipSecTunSaLifeTimeThreshold OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
--     UNITS       "Seconds"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The security association LifeTime refresh
         threshold in seconds."
    ::= { pipSecTunnelEntry 12 }

pipSecTunTotalRefreshes OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "QM Exchanges"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of security
         association refreshes performed."
    ::= { pipSecTunnelEntry 13 }

pipSecTunExpiredSaInstances OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "SAs"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of security associations
         which have expired."
    ::= { pipSecTunnelEntry 14 }

pipSecTunCurrentSaInstances OBJECT-TYPE
    SYNTAX      Gauge
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The number of security associations
         which are currently active or expiring."
    ::= { pipSecTunnelEntry 15 }

pipSecTunInSaDiffHellmanGrp OBJECT-TYPE
    SYNTAX      DiffHellmanGrp
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The Diffie Hellman Group used
         by the inbound security association of the
         IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 16 }

pipSecTunInSaEncryptAlgo OBJECT-TYPE
    SYNTAX      EncryptAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The encryption algorithm used by the inbound security
         association of the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 17 }

pipSecTunInSaAhAuthAlgo OBJECT-TYPE
    SYNTAX      AuthAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The authentication algorithm used by the inbound
         authentication header (AH) security association of
         the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 18 }

pipSecTunInSaEspAuthAlgo OBJECT-TYPE
    SYNTAX      AuthAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The authentication algorithm used by the inbound
         ecapsulation security protocol (ESP) security
         association of the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 19 }

pipSecTunOutSaDiffHellmanGrp OBJECT-TYPE
    SYNTAX      DiffHellmanGrp
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The Diffie Hellman Group used by the outbound security
         association of the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 21 }

pipSecTunOutSaEncryptAlgo OBJECT-TYPE
    SYNTAX      EncryptAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The encryption algorithm used by the outbound security
         association of the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 22 }

pipSecTunOutSaAhAuthAlgo OBJECT-TYPE
    SYNTAX      AuthAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The authentication algorithm used by the outbound
         authentication header (AH) security association of
         the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 23 }

pipSecTunOutSaEspAuthAlgo OBJECT-TYPE
    SYNTAX      AuthAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The authentication algorithm used by the inbound
         encapsulation security protocol (ESP)
         security association of the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 24 }

pipSecTunPmtu OBJECT-TYPE
    SYNTAX      INTEGER (68..1500)
--     UNITS       "Octets"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The Path MTU that has been determined for this
         IPsec Phase-2 tunnel. The lower end of the range
         is 68 which is the minimum MTU for IPv4."
    ::= { pipSecTunnelEntry 26 }

pipSecTunInOctets OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of octets received by this IPsec
         Phase-2 Tunnel.  This value is accumulated
         BEFORE determining whether or not the packet should be
         decompressed.  See also pipSecTunInOctWraps for the
         number of times this counter has wrapped."
    ::= { pipSecTunnelEntry 27 }

pipSecTunInPkts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets received
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 33 }

pipSecTunInDropPkts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets dropped
         during receive processing by this IPsec Phase-2
         Tunnel. This count does NOT include
          packets dropped due to Anti-Replay processing."
    ::= { pipSecTunnelEntry 34 }

pipSecTunInReplayDropPkts OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Packets"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets dropped during
         receive processing due to Anti-Replay processing
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 35 }

pipSecTunInAuths OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Events"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound
         authentication's performed by this
         IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 36 }

pipSecTunInAuthFails OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Failures"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound authentication's
         which ended in
          failure by this IPsec Phase-2 Tunnel ."
    ::= { pipSecTunnelEntry 37 }

pipSecTunInDecrypts OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Packets"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound decryption's performed
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 38 }

pipSecTunInDecryptFails OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Failures"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound decryption's
         which ended in failure
          by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 39 }

pipSecTunOutOctets OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Octets"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of octets sent by this IPsec
         Phase-2 Tunnel.  This value is accumulated
         AFTER determining whether or not the packet should
         be compressed.  See also pipSecTunOutOctWraps for
         the number of times this counter has wrapped."
    ::= { pipSecTunnelEntry 40 }

pipSecTunOutPkts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets sent by this
         IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 46 }

pipSecTunOutDropPkts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets dropped during
         send processing by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 47 }

pipSecTunOutAuths OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound authentication's performed
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 48 }

pipSecTunOutAuthFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound
         authentication's which ended in failure
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 49 }

pipSecTunOutEncrypts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound encryption's performed
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 50 }

pipSecTunOutEncryptFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound encryption's
         which ended in failure by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelEntry 51 }

pipSecTunStatus OBJECT-TYPE
    SYNTAX      TunnelStatus
--    ACCESS      read-write
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The status of the MIB table row.
         
         This object can be used to bring the tunnel down
         by setting value of this object to destroy(2).
         When the value is set to destroy(2), the SA
         bundle is destroyed and this row is deleted
         from this table.
         When this MIB value is queried, the value of
         active(1) is always returned, if the instance
         exists.
         This object cannot be used to create a MIB
         table row."
    ::= { pipSecTunnelEntry 56 }

--
-- The IPsec Phase-2 Security Protection Index Table (deprecated)
--
pipSecSpiTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PipSecSpiEntry
    ACCESS      not-accessible
    STATUS      deprecated
    DESCRIPTION 
        "The IPsec Phase-2 Security Protection Index Table.
         This table contains an entry for each active
         and expiring security
          association."
    ::= { pipSecPhaseTwo 4 }

pipSecSpiEntry OBJECT-TYPE
    SYNTAX      PipSecSpiEntry
    ACCESS      not-accessible
    STATUS      deprecated
    DESCRIPTION 
        "Each entry contains the attributes associated with
         active and expiring IPsec Phase-2
         security associations."
    INDEX       { pipSecTunIndex, pipSecSpiIndex }
    ::= { pipSecSpiTable 1 }

PipSecSpiEntry ::= SEQUENCE {
    pipSecSpiIndex      INTEGER,
    pipSecSpiDirection  INTEGER,
    pipSecSpiValue      Gauge,
    pipSecSpiProtocol   INTEGER,
    pipSecSpiStatus     INTEGER
}

pipSecSpiIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      not-accessible
    STATUS      deprecated
    DESCRIPTION 
        "The number of the SPI associated with the
         Phase-2 Tunnel Table.  The value of this
         index is a number which begins at one and is
         incremented with each SPI associated with an
         IPsec Phase-2 Tunnel.  The value of this
         object will wrap at 2,147,483,647."
    ::= { pipSecSpiEntry 1 }

pipSecSpiDirection OBJECT-TYPE
    SYNTAX      INTEGER { in(1), out(2) }
    ACCESS      read-only
    STATUS      deprecated
    DESCRIPTION 
        "The direction of the SPI."
    ::= { pipSecSpiEntry 2 }

pipSecSpiValue OBJECT-TYPE
    SYNTAX      Gauge
    ACCESS      read-only
    STATUS      deprecated
    DESCRIPTION 
        "The value of the SPI."
    ::= { pipSecSpiEntry 3 }

pipSecSpiProtocol OBJECT-TYPE
    SYNTAX      INTEGER { ah(1), esp(2), ipcomp(3) }
    ACCESS      read-only
    STATUS      deprecated
    DESCRIPTION 
        "The protocol of the SPI."
    ::= { pipSecSpiEntry 4 }

pipSecSpiStatus OBJECT-TYPE
    SYNTAX      INTEGER { active(1), expiring(2) }
    ACCESS      read-only
    STATUS      deprecated
    DESCRIPTION 
        "The status of the SPI."
    ::= { pipSecSpiEntry 5 }

-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec History Group
--
-- This group consists of a:
-- 1) IPsec History Global Objects
-- 2) IPsec Phase-1 History Objects
-- 3) IPsec Phase-2 History Objects
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
pipSecHistory OBJECT IDENTIFIER ::= { pipSecMIBObjects 4 }

--
-- The IPsec Phase-1 Tunnel History Table
--
pipSecHistPhaseOne OBJECT IDENTIFIER ::= { pipSecHistory 2 }

pikeTunnelHistTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PikeTunnelHistEntry
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The IPsec Phase-1 Internet Key Exchange Tunnel
         History Table.  This table is implemented as a
         sliding window in which only the last n entries
         are maintained.  The maximum number of entries
          is specified by the pipSecHistTableSize object."
    ::= { pipSecHistPhaseOne 1 }

pikeTunnelHistEntry OBJECT-TYPE
    SYNTAX      PikeTunnelHistEntry
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "Each entry contains the attributes
         associated with a previously active IPsec
         Phase-1 IKE Tunnel."
    INDEX       { pikeTunHistIndex }
    ::= { pikeTunnelHistTable 1 }

PikeTunnelHistEntry ::= SEQUENCE {
    pikeTunHistIndex                    INTEGER,
    pikeTunHistTermReason               INTEGER,
    pikeTunHistActiveIndex              INTEGER,
    pikeTunHistPeerLocalType            IkePeerType,
    pikeTunHistPeerLocalValue           DisplayString,
    pikeTunHistPeerIntIndex             INTEGER,
    pikeTunHistPeerRemoteType           IkePeerType,
    pikeTunHistPeerRemoteValue          DisplayString,
    pikeTunHistLocalAddr                IPSIpAddress,
    pikeTunHistRemoteAddr               IPSIpAddress,
    pikeTunHistNegoMode                 IkeNegoMode,
    pikeTunHistDiffHellmanGrp           DiffHellmanGrp,
    pikeTunHistEncryptAlgo              EncryptAlgo,
    pikeTunHistHashAlgo                 IkeHashAlgo,
    pikeTunHistAuthMethod               IkeAuthMethod,
    pikeTunHistLifeTime                 INTEGER,
    pikeTunHistStartTime                TimeStamp,
    pikeTunHistActiveTime               TimeInterval,
    pikeTunHistInNotifys                Counter,
    pikeTunHistInP2Exchgs               Counter,
    pikeTunHistInP2ExchgInvalids        Counter,
    pikeTunHistInP2ExchgRejects         Counter,
    pikeTunHistInP2SaDelRequests        Counter,
    pikeTunHistOutNotifys               Counter,
    pikeTunHistOutP2Exchgs              Counter,
    pikeTunHistOutP2ExchgInvalids       Counter,
    pikeTunHistOutP2ExchgRejects        Counter,
    pikeTunHistOutP2SaDelRequests       Counter
}

pikeTunHistIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The index of the IPsec Phase-1 IKE Tunnel History
         Table.  The value of the index is a number which
         begins at one and is incremented with each
         tunnel that ends. The value of this object
         will wrap at 2,147,483,647."
    ::= { pikeTunnelHistEntry 1 }

pikeTunHistTermReason OBJECT-TYPE
    SYNTAX      INTEGER { other(1), normal(2), operRequest(3), 
                    peerDelRequest(4), peerLost(5), 
                    applicationInitiated(6), xauthFailure(7), 
                    localFailure(8), checkPointReg(9) }
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The reason the IPsec Phase-1 IKE Tunnel was terminated.
         Possible reasons include:
         1 = other
         2 = normal termination
         3 = operator request
         4 = peer delete request was received
         5 = contact with peer was lost
         6 = applicationInitiated (eg: L2TP requesting the termination)
         7 = failure of extended authentication
         8 = local failure occurred.
         9 = operator initiated check point request"
    ::= { pikeTunnelHistEntry 2 }

pikeTunHistActiveIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The index of the previously active IPsec
         Phase-1 IKE Tunnel."
    ::= { pikeTunnelHistEntry 3 }

pikeTunHistPeerLocalType OBJECT-TYPE
    SYNTAX      IkePeerType
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The type of local peer identity.  The local peer
         may be indentified by:
          1. an IP address, or
          2. or a fully qualified domain name.
          3. or a distinguished name."
    ::= { pikeTunnelHistEntry 4 }

pikeTunHistPeerLocalValue OBJECT-TYPE
    SYNTAX      DisplayString
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The value of the local peer identity.
         
         If the local peer type is an IP Address, then this
         is the IP Address used to identify the local peer.
         
         If the local peer type is id_fqdn, then this is
         the FQDN of the local entity.
         
         If the local peer type is a id_dn, then this is
         the distinguished named string of the local entity."
    ::= { pikeTunnelHistEntry 5 }

pikeTunHistPeerIntIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The internal index of the local-remote peer
         association.  This internal index is used to
         uniquely identify multiple associations between
         the local and remote peer."
    ::= { pikeTunnelHistEntry 6 }

pikeTunHistPeerRemoteType OBJECT-TYPE
    SYNTAX      IkePeerType
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The type of remote peer identity.  The remote
         peer may be indentified by:
          1. an IP address, or
          2. or a fully qualified domain name.
          3. or a distinguished name."
    ::= { pikeTunnelHistEntry 7 }

pikeTunHistPeerRemoteValue OBJECT-TYPE
    SYNTAX      DisplayString
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The value of the remote peer identity.
         
         If the remote peer type is an IP Address, then this
         is the IP Address used to identify the remote peer.
         
         If the remote peer type is id_fqdn, then this is
         the FQDN of the remote peer.
         
         If the remote peer type is a id_dn, then this is
         the distinguished named string of the remote peer."
    ::= { pikeTunnelHistEntry 8 }

pikeTunHistLocalAddr OBJECT-TYPE
    SYNTAX      IPSIpAddress
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The IP address of the local endpoint for the IPsec
         Phase-1 IKE Tunnel."
    ::= { pikeTunnelHistEntry 9 }

pikeTunHistRemoteAddr OBJECT-TYPE
    SYNTAX      IPSIpAddress
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The IP address of the remote endpoint for the IPsec
         Phase-1 IKE Tunnel."
    ::= { pikeTunnelHistEntry 11 }

pikeTunHistNegoMode OBJECT-TYPE
    SYNTAX      IkeNegoMode
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The negotiation mode of the IPsec Phase-1 IKE Tunnel."
    ::= { pikeTunnelHistEntry 13 }

pikeTunHistDiffHellmanGrp OBJECT-TYPE
    SYNTAX      DiffHellmanGrp
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The Diffie Hellman Group used in IPsec Phase-1 IKE
         negotiations."
    ::= { pikeTunnelHistEntry 14 }

pikeTunHistEncryptAlgo OBJECT-TYPE
    SYNTAX      EncryptAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The encryption algorithm used in IPsec Phase-1 IKE
         negotiations."
    ::= { pikeTunnelHistEntry 15 }

pikeTunHistHashAlgo OBJECT-TYPE
    SYNTAX      IkeHashAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The hash algorithm used in IPsec Phase-1 IKE
         negotiations."
    ::= { pikeTunnelHistEntry 16 }

pikeTunHistAuthMethod OBJECT-TYPE
    SYNTAX      IkeAuthMethod
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The authentication method used in IPsec Phase-1 IKE
         negotiations."
    ::= { pikeTunnelHistEntry 17 }

pikeTunHistLifeTime OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel
         in seconds."
    ::= { pikeTunnelHistEntry 18 }

pikeTunHistStartTime OBJECT-TYPE
    SYNTAX      TimeStamp
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The value of sysUpTime in hundredths of seconds
         when the IPsec Phase-1 IKE tunnel was started."
    ::= { pikeTunnelHistEntry 19 }

pikeTunHistActiveTime OBJECT-TYPE
    SYNTAX      TimeInterval
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The length of time the IPsec Phase-1 IKE tunnel was been
         active in hundredths of seconds."
    ::= { pikeTunnelHistEntry 20 }

pikeTunHistInNotifys OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Notification Payloads"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of notifys received
         by this IPsec Phase-1
          IKE Tunnel."
    ::= { pikeTunnelHistEntry 26 }

pikeTunHistInP2Exchgs OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "SA Payloads"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2
         exchanges received by
          this IPsec Phase-1 IKE Tunnel."
    ::= { pikeTunnelHistEntry 27 }

pikeTunHistInP2ExchgInvalids OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "SA Payloads"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         received on this tunnel that were found to
         contain references to unrecognized security
         parameters."
    ::= { pikeTunnelHistEntry 28 }

pikeTunHistInP2ExchgRejects OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "SA Payloads"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         received on this tunnel that were validated but were
         rejected by the local policy."
    ::= { pikeTunnelHistEntry 29 }

pikeTunHistInP2SaDelRequests OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Notification Payloads"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 security association
         delete requests received by this IPsec
         Phase-1 IKE Tunnel."
    ::= { pikeTunnelHistEntry 30 }

pikeTunHistOutNotifys OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Notification Payloads"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of notifys sent by this IPsec Phase-1
         IKE Tunnel."
    ::= { pikeTunnelHistEntry 34 }

pikeTunHistOutP2Exchgs OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "SA Payloads"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges sent by
         this IPsec Phase-1 IKE Tunnel."
    ::= { pikeTunnelHistEntry 35 }

pikeTunHistOutP2ExchgInvalids OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "SA Payloads"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         sent on this tunnel that were found by the peer
         to contain references to security parameters
         not recognized by the peer."
    ::= { pikeTunnelHistEntry 36 }

pikeTunHistOutP2ExchgRejects OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "SA Payloads"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 exchanges
         sent on this tunnel that were validated by the peer
         but were rejected by the peer's policy."
    ::= { pikeTunnelHistEntry 37 }

pikeTunHistOutP2SaDelRequests OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Notification Payloads"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of IPsec Phase-2 security association
         delete requests sent by this IPsec Phase-1 IKE Tunnel."
    ::= { pikeTunnelHistEntry 38 }

--
-- The IPsec Phase-2 Tunnel History Table
--
pipSecHistPhaseTwo OBJECT IDENTIFIER ::= { pipSecHistory 3 }

pipSecTunnelHistTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PipSecTunnelHistEntry
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The IPsec Phase-2 Tunnel History Table.
         This table is implemented as a sliding
         window in which only the
         last n entries are maintained.  The maximum number
         of entries
         is specified by the pipSecHistTableSize object."
    ::= { pipSecHistPhaseTwo 1 }

pipSecTunnelHistEntry OBJECT-TYPE
    SYNTAX      PipSecTunnelHistEntry
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "Each entry contains the attributes associated with
         a previously active IPsec Phase-2 Tunnel."
    INDEX       { pipSecTunHistIndex }
    ::= { pipSecTunnelHistTable 1 }

PipSecTunnelHistEntry ::= SEQUENCE {
    pipSecTunHistIndex                  INTEGER,
    pipSecTunHistTermReason             INTEGER,
    pipSecTunHistActiveIndex            INTEGER,
    pipSecTunHistIkeTunnelIndex         INTEGER,
    pipSecTunHistLocalAddr              IPSIpAddress,
    pipSecTunHistRemoteAddr             IPSIpAddress,
    pipSecTunHistKeyType                KeyType,
    pipSecTunHistEncapMode              EncapMode,
    pipSecTunHistLifeSize               INTEGER,
    pipSecTunHistLifeTime               INTEGER,
    pipSecTunHistStartTime              TimeStamp,
    pipSecTunHistActiveTime             TimeInterval,
    pipSecTunHistTotalRefreshes         Counter,
    pipSecTunHistInSaDiffHellmanGrp     DiffHellmanGrp,
    pipSecTunHistInSaEncryptAlgo        EncryptAlgo,
    pipSecTunHistInSaAhAuthAlgo         AuthAlgo,
    pipSecTunHistInSaEspAuthAlgo        AuthAlgo,
    pipSecTunHistOutSaDiffHellmanGrp    DiffHellmanGrp,
    pipSecTunHistOutSaEncryptAlgo       EncryptAlgo,
    pipSecTunHistOutSaAhAuthAlgo        AuthAlgo,
    pipSecTunHistOutSaEspAuthAlgo       AuthAlgo,
    pipSecTunHistPmtu                   INTEGER,
    pipSecTunHistInOctets               Counter,
    pipSecTunHistInPkts                 Counter,
    pipSecTunHistInDropPkts             Counter,
    pipSecTunHistInReplayDropPkts       Counter,
    pipSecTunHistInAuths                Counter,
    pipSecTunHistInAuthFails            Counter,
    pipSecTunHistInDecrypts             Counter,
    pipSecTunHistInDecryptFails         Counter,
    pipSecTunHistOutOctets              Counter,
    pipSecTunHistOutPkts                Counter,
    pipSecTunHistOutDropPkts            Counter,
    pipSecTunHistOutAuths               Counter,
    pipSecTunHistOutAuthFails           Counter,
    pipSecTunHistOutEncrypts            Counter,
    pipSecTunHistOutEncryptFails        Counter
}

pipSecTunHistIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      not-accessible
    STATUS      mandatory
    DESCRIPTION 
        "The index of the IPsec Phase-2 Tunnel History Table.
         The value of the index is a number which
         begins at one and is incremented with each tunnel
         that ends. The value
         of this object will wrap at 2,147,483,647."
    ::= { pipSecTunnelHistEntry 1 }

pipSecTunHistTermReason OBJECT-TYPE
    SYNTAX      INTEGER { other(1), normal(2), operRequest(3), 
                    peerDelRequest(4), peerLost(5), 
                    applicationInitiated(6), xauthFailure(7), 
                    seqNumRollOver(8), checkPointReq(9) }
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The reason the IPsec Phase-2 Tunnel was terminated.
         Possible reasons include:
         1 = other
         2 = normal termination
         3 = operator request
         4 = peer delete request was received
         5 = contact with peer was lost
         6 = applicationInitiated (eg: L2TP requesting the termination)
         7 = failure of extended authentication
         8 = local failure occurred
         9 = operator initiated check point request"
    ::= { pipSecTunnelHistEntry 2 }

pipSecTunHistActiveIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The index of the previously active
         IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 3 }

pipSecTunHistIkeTunnelIndex OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The index of the associated IPsec Phase-1 Tunnel
         (pikeTunIndex in the pikeTunnelTable)."
    ::= { pipSecTunnelHistEntry 4 }

pipSecTunHistLocalAddr OBJECT-TYPE
    SYNTAX      IPSIpAddress
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The IP address of the local endpoint for the IPsec
         Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 5 }

pipSecTunHistRemoteAddr OBJECT-TYPE
    SYNTAX      IPSIpAddress
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The IP address of the remote endpoint for the IPsec
         Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 6 }

pipSecTunHistKeyType OBJECT-TYPE
    SYNTAX      KeyType
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The type of key used by the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 7 }

pipSecTunHistEncapMode OBJECT-TYPE
    SYNTAX      EncapMode
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The encapsulation mode used by the
         IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 8 }

pipSecTunHistLifeSize OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
--     UNITS       "KBytes"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The negotiated LifeSize of the IPsec Phase-2 Tunnel in
         kilobytes."
    ::= { pipSecTunnelHistEntry 9 }

pipSecTunHistLifeTime OBJECT-TYPE
    SYNTAX      INTEGER (1..2147483647)
--     UNITS       "Seconds"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The negotiated LifeTime of the IPsec Phase-2 Tunnel in
         seconds."
    ::= { pipSecTunnelHistEntry 10 }

pipSecTunHistStartTime OBJECT-TYPE
    SYNTAX      TimeStamp
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The value of sysUpTime in hundredths of seconds
         when the IPsec Phase-2 Tunnel was started."
    ::= { pipSecTunnelHistEntry 11 }

pipSecTunHistActiveTime OBJECT-TYPE
    SYNTAX      TimeInterval
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The length of time the IPsec Phase-2 Tunnel has been
         active in hundredths of seconds."
    ::= { pipSecTunnelHistEntry 12 }

pipSecTunHistTotalRefreshes OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "QM Exchanges"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of security association refreshes
         performed."
    ::= { pipSecTunnelHistEntry 13 }

pipSecTunHistInSaDiffHellmanGrp OBJECT-TYPE
    SYNTAX      DiffHellmanGrp
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The Diffie Hellman Group used by the inbound security
         association of the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 15 }

pipSecTunHistInSaEncryptAlgo OBJECT-TYPE
    SYNTAX      EncryptAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The encryption algorithm used by the inbound security
         association of the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 16 }

pipSecTunHistInSaAhAuthAlgo OBJECT-TYPE
    SYNTAX      AuthAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The authentication algorithm used by the inbound
         authentication header (AH) security association of
         the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 17 }

pipSecTunHistInSaEspAuthAlgo OBJECT-TYPE
    SYNTAX      AuthAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The authentication algorithm used by the inbound
         encapsulation security protocol (ESP)
         security association of
         the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 18 }

pipSecTunHistOutSaDiffHellmanGrp OBJECT-TYPE
    SYNTAX      DiffHellmanGrp
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The Diffie Hellman Group used by the outbound security
         association of the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 20 }

pipSecTunHistOutSaEncryptAlgo OBJECT-TYPE
    SYNTAX      EncryptAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The encryption algorithm used by the outbound security
         association of the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 21 }

pipSecTunHistOutSaAhAuthAlgo OBJECT-TYPE
    SYNTAX      AuthAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The authentication algorithm used by the outbound
         authentication header (AH) security association of
         the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 22 }

pipSecTunHistOutSaEspAuthAlgo OBJECT-TYPE
    SYNTAX      AuthAlgo
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The authentication algorithm used by the inbound
         ecapsulation security protocol (ESP)
         security association of the IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 23 }

pipSecTunHistPmtu OBJECT-TYPE
    SYNTAX      INTEGER (21..576)
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The Path MTU that was determined for this IPsec
         Phase-2 tunnel."
    ::= { pipSecTunnelHistEntry 25 }

pipSecTunHistInOctets OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of octets received by this IPsec
         Phase-2 Tunnel.  This value is accumulated
         BEFORE determining whether or not the packet should
         be decompressed.  See also pipSecTunInOctWraps for
         the number of times this counter has wrapped."
    ::= { pipSecTunnelHistEntry 26 }

pipSecTunHistInPkts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets received by this
         IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 32 }

pipSecTunHistInDropPkts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets dropped during
         receive processing by this IPsec Phase-2 Tunnel.
         This count does NOT include packets
          dropped due to Anti-Replay processing."
    ::= { pipSecTunnelHistEntry 33 }

pipSecTunHistInReplayDropPkts OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Packets"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets dropped during
         receive processing due to Anti-Replay processing
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 34 }

pipSecTunHistInAuths OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Events"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound authentication's
         performed
          by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 35 }

pipSecTunHistInAuthFails OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Failures"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound authentication's
         which ended in
          failure by this IPsec Phase-2 Tunnel ."
    ::= { pipSecTunnelHistEntry 36 }

pipSecTunHistInDecrypts OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Packets"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound decryption's performed
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 37 }

pipSecTunHistInDecryptFails OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Failures"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of inbound decryption's
         which ended in failure
          by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 38 }

pipSecTunHistOutOctets OBJECT-TYPE
    SYNTAX      Counter
--     UNITS       "Octets"
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of octets sent by this IPsec
         Phase-2 Tunnel.  This value is accumulated
         AFTER determining whether or not the
         packet should be
         compressed.  See also pipSecTunOutOctWraps for the
         number of times this counter has wrapped."
    ::= { pipSecTunnelHistEntry 39 }

pipSecTunHistOutPkts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets sent by this
         IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 45 }

pipSecTunHistOutDropPkts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of packets dropped
         during send processing
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 46 }

pipSecTunHistOutAuths OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound authentication's performed
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 47 }

pipSecTunHistOutAuthFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound authentication's
         which ended in
          failure by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 48 }

pipSecTunHistOutEncrypts OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound encryption's performed
         by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 49 }

pipSecTunHistOutEncryptFails OBJECT-TYPE
    SYNTAX      Counter
    ACCESS      read-only
    STATUS      mandatory
    DESCRIPTION 
        "The total number of outbound encryption's
         which ended in failure
          by this IPsec Phase-2 Tunnel."
    ::= { pipSecTunnelHistEntry 50 }


-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- The IPsec TRAPs
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
pipSecMIBNotificationPrefix OBJECT IDENTIFIER ::= { picoIpSecFlowMonitorMIB 2 }
pipSecMIBNotifications OBJECT IDENTIFIER ::= { pipSecMIBNotificationPrefix 0 }

pikeTunnelStart TRAP-TYPE
    ENTERPRISE  pipSecMIBNotificationPrefix
    VARIABLES   { pikePeerLocalAddr, pikePeerRemoteAddr, pikeTunLifeTime }
--     STATUS      mandatory
    DESCRIPTION 
        "This notification is generated when an IPsec Phase-1
         IKE Tunnel becomes active."
    ::= 1

pikeTunnelStop TRAP-TYPE
    ENTERPRISE  pipSecMIBNotificationPrefix
    VARIABLES   { pikeTunHistTermReason, pikePeerLocalAddr, 
                  pikePeerRemoteAddr, pikeTunActiveTime }
--     STATUS      mandatory
    DESCRIPTION 
        "This notification is generated when an IPsec Phase-1
         IKE Tunnel becomes inactive."
    ::= 2

pipSecTunnelStart TRAP-TYPE
    ENTERPRISE  pipSecMIBNotificationPrefix
    VARIABLES   { pipSecTunLifeTime, pipSecTunLifeSize }
--     STATUS      mandatory
    DESCRIPTION 
        "This notification is generated when an IPsec Phase-2
         Tunnel becomes active."
    ::= 7

pipSecTunnelStop TRAP-TYPE
    ENTERPRISE  pipSecMIBNotificationPrefix
    VARIABLES   { pipSecTunHistTermReason, pipSecTunActiveTime }
--     STATUS      mandatory
    DESCRIPTION 
        "This notification is generated when an IPsec Phase-2
         Tunnel becomes inactive."
    ::= 8

pipSecEarlyTunTerm TRAP-TYPE
    ENTERPRISE  pipSecMIBNotificationPrefix
    VARIABLES   { pipSecTunActiveTime, pipSecSpiProtocol }
--     STATUS      mandatory
    DESCRIPTION 
        "This notification is generated when an an IPsec Phase-2
         Tunnel is terminated earily or before expected."
    ::= 11

END -- end of module PICO-IPSEC-FLOW-MONITOR-MIB.mib
