-- *------------------------------------------------
-- * Firebrick IPsec MIB
-- *
-- * June 2020, Cliff Hones
-- *
-- * Copyright (c) 2020 by Andrews & Arnold
-- *------------------------------------------------

FIREBRICK-IPSEC-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    enterprises,
    TimeTicks
        FROM SNMPv2-SMI
    DisplayString
        FROM SNMPv2-TC
    InetAddressType,
    InetAddress
        FROM INET-ADDRESS-MIB
    firebrickNewStyle
        FROM FIREBRICK-MIB
        ;

fbIPsecMib MODULE-IDENTITY
    LAST-UPDATED "202207150000Z"
    ORGANIZATION "Andrews & Arnold Limited"
    CONTACT-INFO
        "Andrews & Arnold
        Unit 1&2, Enterprise Court
        Bracknell, Berkshire, RG12 1QS
        United Kingdom

        Tel: +44 3333 400 999
        Email: support@aa.net.uk"
    DESCRIPTION
        "Firebrick-specific structures for IPSec"
    REVISION "202207150000Z"
    DESCRIPTION "Additional validation"
    REVISION "202006160000Z"
    DESCRIPTION "Initial version of this MIB module"
    ::= { firebrickNewStyle 500 }

fbIPsecGeneral    OBJECT IDENTIFIER ::= { fbIPsecMib 1 }

fbIPsecEstablished OBJECT-TYPE
    SYNTAX     Integer32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The count of currently established IKE connections."
    ::= { fbIPsecGeneral 1 }

fbIPsecHalfOpen OBJECT-TYPE
    SYNTAX     Integer32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The count of incoming IKE connections which have not yet authorized."
    ::= { fbIPsecGeneral 2 }

fbIPsecConnectionTable OBJECT-TYPE
    SYNTAX SEQUENCE OF FbIPsecConnectionEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "The list of IPsec connections for this Firebrick"
    ::= { fbIPsecMib 2 }

fbIPsecConnectionEntry OBJECT-TYPE
    SYNTAX FbIPsecConnectionEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "An entry in the IPsec connection table"
    INDEX { fbIPsecConnectionIndex }
    ::= { fbIPsecConnectionTable 1 }

FbIPsecConnectionEntry ::= SEQUENCE {
    fbIPsecConnectionIndex        Integer32,
    fbIPsecConnectionName         DisplayString,
    fbIPsecConnectionState        FbIPsecConState,
    fbIPsecConnectionUptime       TimeTicks,
    fbIPsecConnectionLocalID      DisplayString,
    fbIPsecConnectionPeerID       DisplayString,
    fbIPsecConnectionPeerAddress  DisplayString
}

fbIPsecConnectionIndex OBJECT-TYPE
    SYNTAX  Integer32
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
        "The index for the connection table"
    ::= { fbIPsecConnectionEntry 1 }

fbIPsecConnectionName OBJECT-TYPE
    SYNTAX  DisplayString
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "The config name for this connection"
    ::= { fbIPsecConnectionEntry 2 }

fbIPsecConnectionState OBJECT-TYPE
    SYNTAX  FbIPsecConState
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "The current state for this connection"
    ::= { fbIPsecConnectionEntry 3 }

fbIPsecConnectionUptime OBJECT-TYPE
    SYNTAX  TimeTicks
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "The uptime for this connection"
    ::= { fbIPsecConnectionEntry 4 }

fbIPsecConnectionLocalID OBJECT-TYPE
    SYNTAX  DisplayString
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "The local IKE ID for this connection"
    ::= { fbIPsecConnectionEntry 5 }

fbIPsecConnectionPeerID OBJECT-TYPE
    SYNTAX  DisplayString
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "The peer IKE ID for this connection"
    ::= { fbIPsecConnectionEntry 6 }

fbIPsecConnectionPeerAddress OBJECT-TYPE
    SYNTAX  DisplayString
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "The peer's IP address for this connection"
    ::= { fbIPsecConnectionEntry 7 }

FbIPsecConState ::= TEXTUAL-CONVENTION
    STATUS  current
    DESCRIPTION "The state of an IPsec connection"
    SYNTAX  INTEGER {
        badConfig(0),   -- Bad config (item ignored)
        profileOff(1),  -- disabled by profile
        awaitPeer(2),   -- Not up (waiting for peer to initiate)
        awaitDemand(3), -- Not up (on-demand connection)
        lingering(4),   -- Lingering (old connection waiting to be cleared)
        awaitRecon(5),  -- Waiting to reconnect after failure
        down(6),        -- Down
        initEAP(7),     -- Initiating - processing EAP
        initAuth(8),    -- Initiating - processing authorization
        initNeg(9),     -- Initiating - initial negotiation
        closing(10),    -- Closing
        childless(11),  -- Childless - IKE connection established but no data channel present
        connected(12)   -- Connected
    }

END
