RAPID-IPSEC-SA-MON-MIB-EXT

        The MIB module describes generic IPSec objects
defined in IETF working draft 
'draft-ieft-ipsec-monitor-mib-01' and RapidStream's
extension.

Imported Objects

IpsecDoiSecProtocolId, IpsecDoiIpcompTransform, IpsecDoiAuthAlgorithm, IpsecDoiAhTransform, IpsecDoiEspTransform, IpsecDoiEncapsulationMode, IpsecDoiIdentTypeIPSEC-ISAKMP-IKE-DOI-TC
rapidstreamRAPID-MIB
ifIndexRFC1213-MIB
OBJECT-TYPE, enterprises, OBJECT-IDENTITY, NOTIFICATION-TYPE, Integer32, Gauge32, Counter32, MODULE-IDENTITYSNMPv2-SMI
TruthValue, TEXTUAL-CONVENTIONSNMPv2-TC

Type Definitions (2)

Name Base Type Values/Constraints
IpsecIpv6Addressrange: 16
IpsecSaCreatorIdentunknown(0), static(1), ike(2), other(3)

Objects

rsIpsecSaMonModule .1.3.6.1.4.1.4355.3
rsIpsecSaMonitorMIB .1.3.6.1.4.1.4355.3.1
rsSaTables .1.3.6.1.4.1.4355.3.1.1
rsIpsecSaEspInTable .1.3.6.1.4.1.4355.3.1.1.1
rsIpsecSaEspInEntry .1.3.6.1.4.1.4355.3.1.1.1.1
rsIpsecSaEspInAddress
.1.3.6.1.4.1.4355.3.1.1.1.1.1
rsIpsecSaEspInCreator .1.3.6.1.4.1.4355.3.1.1.1.1.10
rsIpsecSaEspInEncapsulation
.1.3.6.1.4.1.4355.3.1.1.1.1.11
rsIpsecSaEspInEncAlg
.1.3.6.1.4.1.4355.3.1.1.1.1.12
rsIpsecSaEspInEncKeyLength .1.3.6.1.4.1.4355.3.1.1.1.1.13
rsIpsecSaEspInAuthAlg
.1.3.6.1.4.1.4355.3.1.1.1.1.14
rsIpsecSaEspInLimitSeconds .1.3.6.1.4.1.4355.3.1.1.1.1.15
rsIpsecSaEspInLimitKbytes .1.3.6.1.4.1.4355.3.1.1.1.1.16
rsIpsecSaEspInAccSeconds
.1.3.6.1.4.1.4355.3.1.1.1.1.17
rsIpsecSaEspInAccKbytes
.1.3.6.1.4.1.4355.3.1.1.1.1.18
rsIpsecSaEspInUserOctets
.1.3.6.1.4.1.4355.3.1.1.1.1.19
rsIpsecSaEspInSpi .1.3.6.1.4.1.4355.3.1.1.1.1.2
rsIpsecSaEspInPackets
.1.3.6.1.4.1.4355.3.1.1.1.1.20
rsIpsecSaEspInDecryptErrors
.1.3.6.1.4.1.4355.3.1.1.1.1.21
rsIpsecSaEspInAuthErrors
.1.3.6.1.4.1.4355.3.1.1.1.1.22
rsIpsecSaEspInReplayErrors
.1.3.6.1.4.1.4355.3.1.1.1.1.23
rsIpsecSaEspInPolicyErrors
.1.3.6.1.4.1.4355.3.1.1.1.1.24
rsIpsecSaEspInPadErrors
.1.3.6.1.4.1.4355.3.1.1.1.1.25
rsIpsecSaEspInOtherReceiveErrors
.1.3.6.1.4.1.4355.3.1.1.1.1.26
rsIpsecSaEspInDestId .1.3.6.1.4.1.4355.3.1.1.1.1.3
rsIpsecSaEspInDestIdType
.1.3.6.1.4.1.4355.3.1.1.1.1.4
rsIpsecSaEspInSourceId .1.3.6.1.4.1.4355.3.1.1.1.1.5
rsIpsecSaEspInSourceIdType
.1.3.6.1.4.1.4355.3.1.1.1.1.6
rsIpsecSaEspInProtocol .1.3.6.1.4.1.4355.3.1.1.1.1.7
rsIpsecSaEspInDestPort .1.3.6.1.4.1.4355.3.1.1.1.1.8
rsIpsecSaEspInSourcePort .1.3.6.1.4.1.4355.3.1.1.1.1.9
rsIpsecSaAhInTable .1.3.6.1.4.1.4355.3.1.1.2
rsIpsecSaAhInEntry .1.3.6.1.4.1.4355.3.1.1.2.1
rsIpsecSaAhInAddress
.1.3.6.1.4.1.4355.3.1.1.2.1.1
rsIpsecSaAhInCreator .1.3.6.1.4.1.4355.3.1.1.2.1.10
rsIpsecSaAhInEncapsulation
.1.3.6.1.4.1.4355.3.1.1.2.1.11
rsIpsecSaAhInAuthAlg
.1.3.6.1.4.1.4355.3.1.1.2.1.12
rsIpsecSaAhInLimitSeconds .1.3.6.1.4.1.4355.3.1.1.2.1.13
rsIpsecSaAhInLimitKbytes .1.3.6.1.4.1.4355.3.1.1.2.1.14
rsIpsecSaAhInAccSeconds
.1.3.6.1.4.1.4355.3.1.1.2.1.15
rsIpsecSaAhInAccKbytes
.1.3.6.1.4.1.4355.3.1.1.2.1.16
rsIpsecSaAhInUserOctets
.1.3.6.1.4.1.4355.3.1.1.2.1.17
rsIpsecSaAhInPackets
.1.3.6.1.4.1.4355.3.1.1.2.1.18
rsIpsecSaAhInAuthErrors
.1.3.6.1.4.1.4355.3.1.1.2.1.19
rsIpsecSaAhInSpi .1.3.6.1.4.1.4355.3.1.1.2.1.2
rsIpsecSaAhInReplayErrors
.1.3.6.1.4.1.4355.3.1.1.2.1.20
rsIpsecSaAhInPolicyErrors
.1.3.6.1.4.1.4355.3.1.1.2.1.21
rsIpsecSaAhInOtherReceiveErrors
.1.3.6.1.4.1.4355.3.1.1.2.1.22
rsIpsecSaAhInDestId .1.3.6.1.4.1.4355.3.1.1.2.1.3
rsIpsecSaAhInDestIdType
.1.3.6.1.4.1.4355.3.1.1.2.1.4
rsIpsecSaAhInSourceId .1.3.6.1.4.1.4355.3.1.1.2.1.5
rsIpsecSaAhInSourceIdType
.1.3.6.1.4.1.4355.3.1.1.2.1.6
rsIpsecSaAhInProtocol .1.3.6.1.4.1.4355.3.1.1.2.1.7
rsIpsecSaAhInDestPort .1.3.6.1.4.1.4355.3.1.1.2.1.8
rsIpsecSaAhInSourcePort .1.3.6.1.4.1.4355.3.1.1.2.1.9
rsIpsecSaIpcompInTable .1.3.6.1.4.1.4355.3.1.1.3
rsIpsecSaIpcompInEntry .1.3.6.1.4.1.4355.3.1.1.3.1
rsIpsecSaIpcompInAddress
.1.3.6.1.4.1.4355.3.1.1.3.1.1
rsIpsecSaIpcompInCreator .1.3.6.1.4.1.4355.3.1.1.3.1.10
rsIpsecSaIpcompInEncapsulation
.1.3.6.1.4.1.4355.3.1.1.3.1.11
rsIpsecSaIpcompInDecompAlg
.1.3.6.1.4.1.4355.3.1.1.3.1.12
rsIpsecSaIpcompInSeconds
.1.3.6.1.4.1.4355.3.1.1.3.1.13
rsIpsecSaIpcompInUserOctets
.1.3.6.1.4.1.4355.3.1.1.3.1.14
rsIpsecSaIpcompInPackets
.1.3.6.1.4.1.4355.3.1.1.3.1.15
rsIpsecSaIpcompInDecompErrors
.1.3.6.1.4.1.4355.3.1.1.3.1.16
rsIpsecSaIpcompInOtherReceiveErrors
.1.3.6.1.4.1.4355.3.1.1.3.1.17
rsIpsecSaIpcompInCpi
.1.3.6.1.4.1.4355.3.1.1.3.1.2
rsIpsecSaIpcompInDestId .1.3.6.1.4.1.4355.3.1.1.3.1.3
rsIpsecSaIpcompInDestIdType
.1.3.6.1.4.1.4355.3.1.1.3.1.4
rsIpsecSaIpcompInSourceId .1.3.6.1.4.1.4355.3.1.1.3.1.5
rsIpsecSaIpcompInSourceIdType
.1.3.6.1.4.1.4355.3.1.1.3.1.6
rsIpsecSaIpcompInProtocol .1.3.6.1.4.1.4355.3.1.1.3.1.7
rsIpsecSaIpcompInDestPort .1.3.6.1.4.1.4355.3.1.1.3.1.8
rsIpsecSaIpcompInSourcePort .1.3.6.1.4.1.4355.3.1.1.3.1.9
rsIpsecSaEspOutTable .1.3.6.1.4.1.4355.3.1.1.4
rsIpsecSaEspOutEntry .1.3.6.1.4.1.4355.3.1.1.4.1
rsIpsecSaEspOutAddress
.1.3.6.1.4.1.4355.3.1.1.4.1.1
rsIpsecSaEspOutCreator .1.3.6.1.4.1.4355.3.1.1.4.1.10
rsIpsecSaEspOutEncapsulation
.1.3.6.1.4.1.4355.3.1.1.4.1.11
rsIpsecSaEspOutEncAlg
.1.3.6.1.4.1.4355.3.1.1.4.1.12
rsIpsecSaEspOutEncKeyLength .1.3.6.1.4.1.4355.3.1.1.4.1.13
rsIpsecSaEspOutAuthAlg
.1.3.6.1.4.1.4355.3.1.1.4.1.14
rsIpsecSaEspOutLimitSeconds .1.3.6.1.4.1.4355.3.1.1.4.1.15
rsIpsecSaEspOutLimitKbytes .1.3.6.1.4.1.4355.3.1.1.4.1.16
rsIpsecSaEspOutAccSeconds
.1.3.6.1.4.1.4355.3.1.1.4.1.17
rsIpsecSaEspOutAccKbytes
.1.3.6.1.4.1.4355.3.1.1.4.1.18
rsIpsecSaEspOutUserOctets
.1.3.6.1.4.1.4355.3.1.1.4.1.19
rsIpsecSaEspOutSpi .1.3.6.1.4.1.4355.3.1.1.4.1.2
rsIpsecSaEspOutPackets
.1.3.6.1.4.1.4355.3.1.1.4.1.20
rsIpsecSaEspOutSendErrors
.1.3.6.1.4.1.4355.3.1.1.4.1.21
rsIpsecSaEspOutSourceId .1.3.6.1.4.1.4355.3.1.1.4.1.3
rsIpsecSaEspOutSourceIdType
.1.3.6.1.4.1.4355.3.1.1.4.1.4
rsIpsecSaEspOutDestId .1.3.6.1.4.1.4355.3.1.1.4.1.5
rsIpsecSaEspOutDestIdType
.1.3.6.1.4.1.4355.3.1.1.4.1.6
rsIpsecSaEspOutProtocol .1.3.6.1.4.1.4355.3.1.1.4.1.7
rsIpsecSaEspOutSourcePort .1.3.6.1.4.1.4355.3.1.1.4.1.8
rsIpsecSaEspOutDestPort .1.3.6.1.4.1.4355.3.1.1.4.1.9
rsIpsecSaAhOutTable .1.3.6.1.4.1.4355.3.1.1.5
rsIpsecSaAhOutEntry .1.3.6.1.4.1.4355.3.1.1.5.1
rsIpsecSaAhOutAddress
.1.3.6.1.4.1.4355.3.1.1.5.1.1
rsIpsecSaAhOutCreator .1.3.6.1.4.1.4355.3.1.1.5.1.10
rsIpsecSaAhOutEncapsulation
.1.3.6.1.4.1.4355.3.1.1.5.1.11
rsIpsecSaAhOutAuthAlg
.1.3.6.1.4.1.4355.3.1.1.5.1.12
rsIpsecSaAhOutLimitSeconds .1.3.6.1.4.1.4355.3.1.1.5.1.13
rsIpsecSaAhOutLimitKbytes .1.3.6.1.4.1.4355.3.1.1.5.1.14
rsIpsecSaAhOutAccSeconds
.1.3.6.1.4.1.4355.3.1.1.5.1.15
rsIpsecSaAhOutAccKbytes
.1.3.6.1.4.1.4355.3.1.1.5.1.16
rsIpsecSaAhOutUserOctets
.1.3.6.1.4.1.4355.3.1.1.5.1.17
rsIpsecSaAhOutPackets
.1.3.6.1.4.1.4355.3.1.1.5.1.18
rsIpsecSaAhOutSendErrors
.1.3.6.1.4.1.4355.3.1.1.5.1.19
rsIpsecSaAhOutSpi .1.3.6.1.4.1.4355.3.1.1.5.1.2
rsIpsecSaAhOutSourceId .1.3.6.1.4.1.4355.3.1.1.5.1.3
rsIpsecSaAhOutSourceIdType
.1.3.6.1.4.1.4355.3.1.1.5.1.4
rsIpsecSaAhOutDestId .1.3.6.1.4.1.4355.3.1.1.5.1.5
rsIpsecSaAhOutDestIdType
.1.3.6.1.4.1.4355.3.1.1.5.1.6
rsIpsecSaAhOutProtocol .1.3.6.1.4.1.4355.3.1.1.5.1.7
rsIpsecSaAhOutSourcePort .1.3.6.1.4.1.4355.3.1.1.5.1.8
rsIpsecSaAhOutDestPort .1.3.6.1.4.1.4355.3.1.1.5.1.9
rsIpsecSaIpcompOutTable .1.3.6.1.4.1.4355.3.1.1.6
rsIpsecSaIpcompOutEntry .1.3.6.1.4.1.4355.3.1.1.6.1
rsIpsecSaIpcompOutAddress
.1.3.6.1.4.1.4355.3.1.1.6.1.1
rsIpsecSaIpcompOutCreator .1.3.6.1.4.1.4355.3.1.1.6.1.10
rsIpsecSaIpcompOutEncapsulation
.1.3.6.1.4.1.4355.3.1.1.6.1.11
rsIpsecSaIpcompOutCompAlg
.1.3.6.1.4.1.4355.3.1.1.6.1.12
rsIpsecSaIpcompOutSeconds
.1.3.6.1.4.1.4355.3.1.1.6.1.13
rsIpsecSaIpcompOutUserOctets
.1.3.6.1.4.1.4355.3.1.1.6.1.14
rsIpsecSaIpcompOutPackets
.1.3.6.1.4.1.4355.3.1.1.6.1.15
rsIpsecSaIpcompOutCpi
.1.3.6.1.4.1.4355.3.1.1.6.1.2
rsIpsecSaIpcompOutSourceId .1.3.6.1.4.1.4355.3.1.1.6.1.3
rsIpsecSaIpcompOutSourceIdType
.1.3.6.1.4.1.4355.3.1.1.6.1.4
rsIpsecSaIpcompOutDestId .1.3.6.1.4.1.4355.3.1.1.6.1.5
rsIpsecSaIpcompOutDestIdType
.1.3.6.1.4.1.4355.3.1.1.6.1.6
rsIpsecSaIpcompOutProtocol .1.3.6.1.4.1.4355.3.1.1.6.1.7
rsIpsecSaIpcompOutSourcePort .1.3.6.1.4.1.4355.3.1.1.6.1.8
rsIpsecSaIpcompOutDestPort .1.3.6.1.4.1.4355.3.1.1.6.1.9
rsSaStatistics .1.3.6.1.4.1.4355.3.1.2
rsIpsecEspCurrentInboundSAs
.1.3.6.1.4.1.4355.3.1.2.1
rsIpsecIpcompTotalInboundSAs
.1.3.6.1.4.1.4355.3.1.2.10
rsIpsecIpcompCurrentOutboundSAs
.1.3.6.1.4.1.4355.3.1.2.11
rsIpsecIpcompTotalOutboundSAs
.1.3.6.1.4.1.4355.3.1.2.12
rsIpsecEspTotalInboundSAs
.1.3.6.1.4.1.4355.3.1.2.2
rsIpsecEspCurrentOutboundSAs
.1.3.6.1.4.1.4355.3.1.2.3
rsIpsecEspTotalOutboundSAs
.1.3.6.1.4.1.4355.3.1.2.4
rsIpsecAhCurrentInboundSAs
.1.3.6.1.4.1.4355.3.1.2.5
rsIpsecAhTotalInboundSAs
.1.3.6.1.4.1.4355.3.1.2.6
rsIpsecAhCurrentOutboundSAs
.1.3.6.1.4.1.4355.3.1.2.7
rsIpsecAhTotalOutboundSAs
.1.3.6.1.4.1.4355.3.1.2.8
rsIpsecIpcompCurrentInboundSAs
.1.3.6.1.4.1.4355.3.1.2.9
rsSaErrors .1.3.6.1.4.1.4355.3.1.3
rsIpsecDecryptionErrors
.1.3.6.1.4.1.4355.3.1.3.1
rsIpsecAuthenticationErrors
.1.3.6.1.4.1.4355.3.1.3.2
rsIpsecReplayErrors
.1.3.6.1.4.1.4355.3.1.3.3
rsIpsecPolicyErrors
.1.3.6.1.4.1.4355.3.1.3.4
rsIpsecOtherReceiveErrors
.1.3.6.1.4.1.4355.3.1.3.5
rsIpsecSendErrors
.1.3.6.1.4.1.4355.3.1.3.6
rsIpsecUnknownSpiErrors
.1.3.6.1.4.1.4355.3.1.3.7
rsSaTraps .1.3.6.1.4.1.4355.3.1.4
rsSaTrapObjects .1.3.6.1.4.1.4355.3.1.5
rsIpsecSecurityProtocol
.1.3.6.1.4.1.4355.3.1.5.1
rsIpsecSPI .1.3.6.1.4.1.4355.3.1.5.2
rsIpsecLocalAddress
.1.3.6.1.4.1.4355.3.1.5.3
rsIpsecPeerAddress
.1.3.6.1.4.1.4355.3.1.5.4
rsSaTrapControl .1.3.6.1.4.1.4355.3.1.6
rsEspAuthFailureTrapEnable
.1.3.6.1.4.1.4355.3.1.6.1
rsAhAuthFailureTrapEnable
.1.3.6.1.4.1.4355.3.1.6.2
rsEspReplayFailureTrapEnable
.1.3.6.1.4.1.4355.3.1.6.3
rsAhReplayFailureTrapEnable
.1.3.6.1.4.1.4355.3.1.6.4
rsEspPolicyFailureTrapEnable
.1.3.6.1.4.1.4355.3.1.6.5
rsAhPolicyFailureTrapEnable
.1.3.6.1.4.1.4355.3.1.6.6
rsInvalidSpiTrapEnable
.1.3.6.1.4.1.4355.3.1.6.7
rsSaGroups .1.3.6.1.4.1.4355.3.1.7
rsSaConformance .1.3.6.1.4.1.4355.3.1.8

Notifications/Traps

NameOIDDescription
rsEspAuthFailureTrap

.1.3.6.1.4.1.4355.3.1.4.0.1
IPSec packets with invalid hashes were found in an inbound
ESP SA. The total number of authentication errors
accumulated is sent for the specific row of the
'rsIpsecSaEspInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
          
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet.
rsAhAuthFailureTrap

.1.3.6.1.4.1.4355.3.1.4.0.2
IPSec packets with invalid hashes were found in an inbound
AH SA. The total number of authentication errors accumulated
is sent for the specific row of the 'rsIpsecSaAhInTable' table
for the SA; this provides the identity of the SA in which
the error occurred.
          
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet.
rsEspReplayFailureTrap

.1.3.6.1.4.1.4355.3.1.4.0.3
IPSec packets with invalid sequence numbers were found in
an inbound ESP SA. The total number of replay errors
accumulated is sent for the specific row of the
'rsIpsecSaEspInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
          
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet.
rsAhReplayFailureTrap

.1.3.6.1.4.1.4355.3.1.4.0.4
IPSec packets with invalid sequence numbers were found in
the specified AH SA. The total number of replay errors
accumulated is sent for the specific row of the
'rsIpsecSaAhInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
          
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet.
rsEspPolicyFailureTrap

.1.3.6.1.4.1.4355.3.1.4.0.5
IPSec packets carrying packets with invalid selectors for
the specified ESP SA were found. The total number of policy
errors accumulated is sent for the specific row of the
          
'rsIpsecSaEspInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
          
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet.
rsAhPolicyFailureTrap

.1.3.6.1.4.1.4355.3.1.4.0.6
IPSec packets carrying packets with invalid selectors for
the specified AH SA were found. The total number of policy
errors accumulated is sent for the specific row of the
'rsIpsecSaAhInTable' table for the SA; this provides the
identity of the SA in which the error occurred.
          
Implementations SHOULD send one trap per SA (within a
reasonable time period), rather than sending one trap per
packet.
rsInvalidSpiTrap





.1.3.6.1.4.1.4355.3.1.4.0.7
A packet with an unknown SPI was detected from the
specified peer with the specified SPI using the specified
protocol. The destination address of the received packet is
specified by 'ipsecLocalAddress'.
          
The value 'ifIndex' may be 0 if this optional linkage is
unsupported.
          
If the object 'ipsecSecurityProtocol' has the value for
IPCOMP, then the 'ipsecSPI' object is the CPI of the packet.
Implementations SHOULD send one trap per peer (within a
reasonable time period), rather than sending one trap per
packet.