CISCO-ENHANCED-IPSEC-FLOW-MIB

        This is a MIB Module for monitoring the structures
and status of IPSec-based networks. The MIB has been 
designed to be adopted as an IETF standard. Hence 
vendor-specific features of IPSec protocol are excluded 
from this MIB.
        
Acronyms
The following acronyms are used in this document:
        
   IPsec:      Secure IP Protocol
        
   VPN:        Virtual Private Network
        
   ISAKMP:     Internet Security Association and Key Exchange
               Protocol
        
   IKE:        Internet Key Exchange Protocol
        
   SA:         Security Association
       (ref: rfc2408).
        
   SPI:        Security Parameter Index is the pointer or
       identifier used in accessing SA attributes
       (ref: rfc2408).
        
   MM:         Main Mode - the process of setting up
               a Phase 1 SA to secure the exchanges
               required to setup Phase 2 SAs
        
   QM:         Quick Mode - the process of setting up
               Phase 2 Security Associations using
               a Phase 1 SA.
        
   Phase 1 Tunnel:
               An ISAKMP SA can be regarded as representing
               a flow of ISAKMP/IKE traffic. Hence an ISAKMP
               is referred to as a 'Phase 1 Tunnel' in this
               document. 
        
   Control Tunnel:
               Another term for a Phase 1 Tunnel.
        
   Phase 2 Tunnel:
               An instance of a non-ISAKMP SA  bundle in which all
               the SA share the same proxy identifiers (IDii,IDir)
               protect the same stream of application traffic.
               Such an SA bundle is termed a 'Phase 2 Tunnel'.
               Note that a Phase 2 tunnel may comprise different
               SA bundles and different number of SA bundles at
               different times (due to key refresh).
        
   MTU:
               Maximum Transmission Unit (of an IPsec tunnel).
        
History of the MIB
 A precursor to this MIB was written by Tivoli and implemented 
 in IBM Nways routers in 1999. During late 1999, Cisco adopted
 the MIB and together with Tivoli publised the IPsec Flow
 Monitor MIB in IETF IPsec WG in 
 draft-ietf-ipsec-flow-monitoring-mib-00.txt. In 2000, the
 MIB was Cisco-ized and implemented this draft as
 CISCO-IPSEC-FLOW-MONITOR-MIB in IOS and VPN3000 platforms.
        
 With the evolution of IKEv2, the MIB was modified and 
 presented to the IPsec WG again in May 2003 in
 draft-ietf-ipsec-flow-monitoring-mib-02.txt.
        
 With the emergence of multiple IPsec signaling protocols,
 it became apparent that the signaling aspects of IPsec
 need to be instrumented separately in their own right.
 Thus, the IPsec control attributes and metrics were 
 separated out into CISCO-IPSEC-SIGNALING-MIB and
 CISCO-IKE-FLOW-MIB.
        
 This version of the draft is the version of the draft
 that models that IPsec data protocol, structures and 
 activity alone.
        
Overview of MIB
        
 The MIB contains four major groups of objects which are
 used to manage the IPsec Protocol. These groups include
 a Levels Group, a Phase-1 Group, a Phase-2 Group,
 a History Group, a Failure Group and a TRAP Control Group.
 The following table illustrates the structure of the
 IPsec MIB.
        
 The Phase 2 group models objects pertaining to
 IPsec data tunnels.
        
 The History group is to aid applications that do
 trending analysis.
        
 The Failure group is to enable an operator to
 do troubleshooting and debugging of the VPN Router.
 Further, counters are supported to aid detection
 of potential security violations.
        
 In addition to the three major MIB Groups, there are
 a number of Notifications. The following table
 illustrates the name and description of the
 IPsec TRAPs.
    
ciscoEnhancedIpsecFlowMIB 1.3.6.1.4.1.9.9.432
Imported Objects
CISCO-IPSEC-TC CIPsecAuthAlgorithm CIPsecCompAlgorithm CIPsecControlProtocol CIPsecDiffHellmanGrp CIPsecEncapMode CIPsecEncryptAlgorithm CIPsecEncryptionKeySize CIPsecEndPtType CIPsecNATTraversalMode CIPsecPhase1TunnelIndexOrZero CIPsecPhase2SaDirection CIPsecPhase2TunnelIndex CIPsecPmtu CIPsecProtocol CIPsecSpi CIPsecTunnelStatus
CISCO-SMI ciscoMgmt
CISCO-TC CiscoIpProtocol CiscoPort
IF-MIB ifIndex InterfaceIndex
INET-ADDRESS-MIB InetAddress InetAddressType
SNMP-FRAMEWORK-MIB SnmpAdminString
SNMPv2-CONF MODULE-COMPLIANCE NOTIFICATION-GROUP OBJECT-GROUP
SNMPv2-SMI Counter32 Counter64 Gauge32 MODULE-IDENTITY NOTIFICATION-TYPE OBJECT-TYPE Unsigned32
SNMPv2-TC DateAndTime TimeInterval TimeStamp TruthValue
Objects (267)
ciscoEnhancedIpsecFlowMIB .1.3.6.1.4.1.9.9.432
ciscoEnhancedIpsecFlowMIBNotifs .1.3.6.1.4.1.9.9.432.0
ciscoEnhancedIpsecFlowMIBObjects .1.3.6.1.4.1.9.9.432.1
ceipSecPhaseTwo .1.3.6.1.4.1.9.9.432.1.1
ceipSecGlobalStats .1.3.6.1.4.1.9.9.432.1.1.1
ceipSecGlobalActiveTunnels TunnelsSNMPv2-SMIGauge32 .1.3.6.1.4.1.9.9.432.1.1.1.1
ceipSecGlobalInDecrypts PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.10
ceipSecGlobalInDecryptFails FailuresSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.11
ceipSecGlobalOutOctets OctetsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.12
ceipSecGlobalOutUncompOctets OctetsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.13
ceipSecGlobalOutPkts PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.14
ceipSecGlobalOutDrops PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.15
ceipSecGlobalOutAuths EventsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.16
ceipSecGlobalOutAuthFails FailuresSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.17
ceipSecGlobalOutEncrypts PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.18
ceipSecGlobalOutEncryptFails FailuresSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.19
ceipSecGlobalPreviousTunnels TunnelsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.2
ceipSecGlobalProtocolUseFails FailuresSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.20
ceipSecGlobalNoSaFails FailuresSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.21
ceipSecGlobalSysCapFails FailuresSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.22
ceipSecGlobalOutCompressedPkts PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.23
ceipSecGlobalOutCompSkippedPkts PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.24
ceipSecGlobalOutCompFailPkts PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.25
ceipSecGlobalOutCompTooSmallPkts PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.26
ceipSecGlobalThroughputUtilizatioinTimeInterval SecondsUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.1.27
ceipSecGlobalThroughputLastUpdatedTime SNMPv2-TCTimeStamp .1.3.6.1.4.1.9.9.432.1.1.1.28
ceipSecGlobalLastAveragePacketSize bytesUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.1.29
ceipSecGlobalInOctets OctetsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.3
ceipSecGlobalLastThroughputInMbps MbpsUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.1.30
ceipSecGlobalLastThroughputInKpps KppsUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.1.31
ceipSecGlobalLastThroughputUtilization PercentUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.1.32
ceipSecGlobalPeakThroughputUtilization PercentUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.1.33
ceipSecGlobalPeakThroughputDateAndTime SNMPv2-TCDateAndTime .1.3.6.1.4.1.9.9.432.1.1.1.34
ceipSecGlobalPeakThroughputInMbps MbpsUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.1.35
ceipSecGlobalPeakAvgPacketSize bytesUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.1.36
ceipSecGlobalInDecompOctets OctetsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.4
ceipSecGlobalInPkts PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.5
ceipSecGlobalInDrops PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.6
ceipSecGlobalInReplayDrops PacketsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.7
ceipSecGlobalInAuths EventsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.8
ceipSecGlobalInAuthFails FailuresSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.1.9
ceipSecTunnelTable .1.3.6.1.4.1.9.9.432.1.1.2
ceipSecTunnelEntry ceipSecTunIndex .1.3.6.1.4.1.9.9.432.1.1.2.1
ceipSecTunIndex CISCO-IPSEC-TCCIPsecPhase2TunnelIndex .1.3.6.1.4.1.9.9.432.1.1.2.1.1
ceipSecTunNATTraversalMode CISCO-IPSEC-TCCIPsecNATTraversalMode .1.3.6.1.4.1.9.9.432.1.1.2.1.10
ceipSecTunLifeSize KBytesUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.2.1.11
ceipSecTunLifeTime SecondsUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.2.1.12
ceipSecTunActiveTime SNMPv2-TCTimeInterval .1.3.6.1.4.1.9.9.432.1.1.2.1.13
ceipSecTunSaLifeSizeThreshold KBytesUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.2.1.14
ceipSecTunSaLifeTimeThreshold SecondsUnsigned32 .1.3.6.1.4.1.9.9.432.1.1.2.1.15
ceipSecTunTotalRefreshes QM ExchangesSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.16
ceipSecTunExpiredSaInstances SAsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.17
ceipSecTunCurrentSaInstances SNMPv2-SMIGauge32 .1.3.6.1.4.1.9.9.432.1.1.2.1.18
ceipSecTunInSaDHGrp CISCO-IPSEC-TCCIPsecDiffHellmanGrp .1.3.6.1.4.1.9.9.432.1.1.2.1.19
ceipSecTunLocalAddressType INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.1.2.1.2
ceipSecTunInSaEncryptAlgo CISCO-IPSEC-TCCIPsecEncryptAlgorithm .1.3.6.1.4.1.9.9.432.1.1.2.1.20
ceipSecTunInSaEncryptKeySize BitsCISCO-IPSEC-TCCIPsecEncryptionKeySize .1.3.6.1.4.1.9.9.432.1.1.2.1.21
ceipSecTunInSaAhAuthAlgo CISCO-IPSEC-TCCIPsecAuthAlgorithm .1.3.6.1.4.1.9.9.432.1.1.2.1.22
ceipSecTunInSaEspAuthAlgo CISCO-IPSEC-TCCIPsecAuthAlgorithm .1.3.6.1.4.1.9.9.432.1.1.2.1.23
ceipSecTunInSaDecompAlgo CISCO-IPSEC-TCCIPsecCompAlgorithm .1.3.6.1.4.1.9.9.432.1.1.2.1.24
ceipSecTunOutSaDHGrp CISCO-IPSEC-TCCIPsecDiffHellmanGrp .1.3.6.1.4.1.9.9.432.1.1.2.1.25
ceipSecTunOutSaEncryptAlgo CISCO-IPSEC-TCCIPsecEncryptAlgorithm .1.3.6.1.4.1.9.9.432.1.1.2.1.26
ceipSecTunOutSaEncryptKeySize BitsCISCO-IPSEC-TCCIPsecEncryptionKeySize .1.3.6.1.4.1.9.9.432.1.1.2.1.27
ceipSecTunOutSaAhAuthAlgo CISCO-IPSEC-TCCIPsecAuthAlgorithm .1.3.6.1.4.1.9.9.432.1.1.2.1.28
ceipSecTunOutSaEspAuthAlgo CISCO-IPSEC-TCCIPsecAuthAlgorithm .1.3.6.1.4.1.9.9.432.1.1.2.1.29
ceipSecTunLocalAddress INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.1.2.1.3
ceipSecTunOutSaCompAlgo CISCO-IPSEC-TCCIPsecCompAlgorithm .1.3.6.1.4.1.9.9.432.1.1.2.1.30
ceipSecTunPmtu OctetsCISCO-IPSEC-TCCIPsecPmtu .1.3.6.1.4.1.9.9.432.1.1.2.1.31
ceipSecTunInOctets OctetsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.2.1.32
ceipSecTunInDecompOctets SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.2.1.33
ceipSecTunInPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.34
ceipSecTunInDropPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.35
ceipSecTunInReplayDropPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.36
ceipSecTunInAuths EventsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.37
ceipSecTunInAuthFails FailuresSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.38
ceipSecTunInDecrypts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.39
ceipSecTunRemoteAddressType INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.1.2.1.4
ceipSecTunInDecryptFails FailuresSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.40
ceipSecTunOutOctets SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.2.1.41
ceipSecTunOutUncompOctets SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.2.1.42
ceipSecTunOutPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.43
ceipSecTunOutDropPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.44
ceipSecTunOutAuths EventsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.45
ceipSecTunOutAuthFails FailuresSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.46
ceipSecTunOutEncrypts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.47
ceipSecTunOutEncryptFails FailuresSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.48
ceipSecTunOutCompressedPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.49
ceipSecTunRemoteAddress INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.1.2.1.5
ceipSecTunOutCompSkippedPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.50
ceipSecTunOutCompFailPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.51
ceipSecTunOutCompTooSmallPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.1.2.1.52
ceipSecIfIndex IF-MIBInterfaceIndex .1.3.6.1.4.1.9.9.432.1.1.2.1.53
ceipSecTunStatus r/w CISCO-IPSEC-TCCIPsecTunnelStatus .1.3.6.1.4.1.9.9.432.1.1.2.1.54
ceipSecTunControlProtocol CISCO-IPSEC-TCCIPsecControlProtocol .1.3.6.1.4.1.9.9.432.1.1.2.1.6
ceipSecTunControlTunnelIndex CISCO-IPSEC-TCCIPsecPhase1TunnelIndexOrZero .1.3.6.1.4.1.9.9.432.1.1.2.1.7
ceipSecTunControlTunnelAlive SNMPv2-TCTruthValue .1.3.6.1.4.1.9.9.432.1.1.2.1.8
ceipSecTunEncapMode CISCO-IPSEC-TCCIPsecEncapMode .1.3.6.1.4.1.9.9.432.1.1.2.1.9
ceipSecEndPtTable .1.3.6.1.4.1.9.9.432.1.1.3
ceipSecEndPtEntry ceipSecTunIndexceipSecEndPtIndex .1.3.6.1.4.1.9.9.432.1.1.3.1
ceipSecEndPtIndex Unsigned32 .1.3.6.1.4.1.9.9.432.1.1.3.1.1
ceipSecEndPtRemoteName SNMP-FRAMEWORK-MIBSnmpAdminString .1.3.6.1.4.1.9.9.432.1.1.3.1.10
ceipSecEndPtRemoteType CISCO-IPSEC-TCCIPsecEndPtType .1.3.6.1.4.1.9.9.432.1.1.3.1.11
ceipSecEndPtRemoteAddrType1 INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.1.3.1.12
ceipSecEndPtRemoteAddr1 INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.1.3.1.13
ceipSecEndPtRemoteAddrType2 INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.1.3.1.14
ceipSecEndPtRemoteAddr2 INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.1.3.1.15
ceipSecEndPtRemoteProtocol CISCO-TCCiscoIpProtocol .1.3.6.1.4.1.9.9.432.1.1.3.1.16
ceipSecEndPtRemotePort CISCO-TCCiscoPort .1.3.6.1.4.1.9.9.432.1.1.3.1.17
ceipSecEndPtLocalName SNMP-FRAMEWORK-MIBSnmpAdminString .1.3.6.1.4.1.9.9.432.1.1.3.1.2
ceipSecEndPtLocalType CISCO-IPSEC-TCCIPsecEndPtType .1.3.6.1.4.1.9.9.432.1.1.3.1.3
ceipSecEndPtLocalAddrType1 INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.1.3.1.4
ceipSecEndPtLocalAddr1 INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.1.3.1.5
ceipSecEndPtLocalAddrType2 INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.1.3.1.6
ceipSecEndPtLocalAddr2 INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.1.3.1.7
ceipSecEndPtLocalProtocol CISCO-TCCiscoIpProtocol .1.3.6.1.4.1.9.9.432.1.1.3.1.8
ceipSecEndPtLocalPort CISCO-TCCiscoPort .1.3.6.1.4.1.9.9.432.1.1.3.1.9
ceipSecSaTable .1.3.6.1.4.1.9.9.432.1.1.4
ceipSecSaEntry ceipSecTunIndexceipSecSaProtocolceipSecSaIndex .1.3.6.1.4.1.9.9.432.1.1.4.1
ceipSecSaProtocol CISCO-IPSEC-TCCIPsecProtocol .1.3.6.1.4.1.9.9.432.1.1.4.1.1
ceipSecSaIndex Unsigned32 .1.3.6.1.4.1.9.9.432.1.1.4.1.2
ceipSecSaDirection CISCO-IPSEC-TCCIPsecPhase2SaDirection .1.3.6.1.4.1.9.9.432.1.1.4.1.3
ceipSecSaValue CISCO-IPSEC-TCCIPsecSpi .1.3.6.1.4.1.9.9.432.1.1.4.1.4
ceipSecSaStatus Enumeration .1.3.6.1.4.1.9.9.432.1.1.4.1.5
ceipSecTunnelSaTable .1.3.6.1.4.1.9.9.432.1.1.5
ceipSecTunnelSaEntry ceipSecTunIndexceipSecTunSaProtocolceipSecTunSaIndexceipSecTunSaDirection .1.3.6.1.4.1.9.9.432.1.1.5.1
ceipSecTunSaProtocol CISCO-IPSEC-TCCIPsecProtocol .1.3.6.1.4.1.9.9.432.1.1.5.1.1
ceipSecTunSaInReplayDropPkts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.10
ceipSecTunSaInAuths SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.11
ceipSecTunSaInAuthFails SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.12
ceipSecTunSaInDecrypts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.13
ceipSecTunSaInDecryptFails SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.14
ceipSecTunSaOutOctets SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.15
ceipSecTunSaOutUncompOctets SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.16
ceipSecTunSaOutPkts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.17
ceipSecTunSaOutDropPkts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.18
ceipSecTunSaOutAuths SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.19
ceipSecTunSaIndex Unsigned32 .1.3.6.1.4.1.9.9.432.1.1.5.1.2
ceipSecTunSaOutAuthFails SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.20
ceipSecTunSaOutEncrypts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.21
ceipSecTunSaOutEncryptFails SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.22
ceipSecTunSaOutCompressedPkts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.23
ceipSecTunSaOutCompSkippedPkts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.24
ceipSecTunSaOutCompFailPkts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.25
ceipSecTunSaOutCompTooSmallPkts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.26
ceipSecTunSaStatus Enumeration .1.3.6.1.4.1.9.9.432.1.1.5.1.27
ceipSecTunSaDirection CISCO-IPSEC-TCCIPsecPhase2SaDirection .1.3.6.1.4.1.9.9.432.1.1.5.1.3
ceipSecTunSaValue CISCO-IPSEC-TCCIPsecSpi .1.3.6.1.4.1.9.9.432.1.1.5.1.4
ceipSecTunSaIfIndex IF-MIBInterfaceIndex .1.3.6.1.4.1.9.9.432.1.1.5.1.5
ceipSecTunSaInOctets SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.6
ceipSecTunSaInDecompOctets SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.7
ceipSecTunSaInPkts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.8
ceipSecTunSaInDropPkts SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.1.5.1.9
ceipSecIfTunnelTable .1.3.6.1.4.1.9.9.432.1.1.6
ceipSecIfTunnelEntry IF-MIBifIndexceipSecTunIndex .1.3.6.1.4.1.9.9.432.1.1.6.1
ceipSecIfTunnelStatus CISCO-IPSEC-TCCIPsecTunnelStatus .1.3.6.1.4.1.9.9.432.1.1.6.1.1
ceipSecHistory .1.3.6.1.4.1.9.9.432.1.2
ceipSecHistGlobal .1.3.6.1.4.1.9.9.432.1.2.1
ceipSecHistGlobalCntl .1.3.6.1.4.1.9.9.432.1.2.1.1
ceipSecHistTableSize r/w Unsigned32 .1.3.6.1.4.1.9.9.432.1.2.1.1.1
ceipSecTunnelHistTable .1.3.6.1.4.1.9.9.432.1.2.2
ceipSecTunnelHistEntry ceipSecTunHistIndex .1.3.6.1.4.1.9.9.432.1.2.2.1
ceipSecTunHistIndex Unsigned32 .1.3.6.1.4.1.9.9.432.1.2.2.1.1
ceipSecTunHistEncapMode CISCO-IPSEC-TCCIPsecEncapMode .1.3.6.1.4.1.9.9.432.1.2.2.1.10
ceipSecTunHistNATTraversalMode CISCO-IPSEC-TCCIPsecNATTraversalMode .1.3.6.1.4.1.9.9.432.1.2.2.1.11
ceipSecTunHistLifeSize KBytesUnsigned32 .1.3.6.1.4.1.9.9.432.1.2.2.1.12
ceipSecTunHistLifeTime SecondsUnsigned32 .1.3.6.1.4.1.9.9.432.1.2.2.1.13
ceipSecTunHistStartTime SNMPv2-TCTimeStamp .1.3.6.1.4.1.9.9.432.1.2.2.1.14
ceipSecTunHistActiveTime SNMPv2-TCTimeInterval .1.3.6.1.4.1.9.9.432.1.2.2.1.15
ceipSecTunHistTotalRefreshes QM ExchangesSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.16
ceipSecTunHistTotalSas SAsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.17
ceipSecTunHistInSaDHGrp CISCO-IPSEC-TCCIPsecDiffHellmanGrp .1.3.6.1.4.1.9.9.432.1.2.2.1.18
ceipSecTunHistInSaEncryptAlgo CISCO-IPSEC-TCCIPsecEncryptAlgorithm .1.3.6.1.4.1.9.9.432.1.2.2.1.19
ceipSecTunHistTermReason Enumeration .1.3.6.1.4.1.9.9.432.1.2.2.1.2
ceipSecTunHistInSaEncryptKeySize BitsCISCO-IPSEC-TCCIPsecEncryptionKeySize .1.3.6.1.4.1.9.9.432.1.2.2.1.20
ceipSecTunHistInSaAhAuthAlgo CISCO-IPSEC-TCCIPsecAuthAlgorithm .1.3.6.1.4.1.9.9.432.1.2.2.1.21
ceipSecTunHistInSaEspAuthAlgo CISCO-IPSEC-TCCIPsecAuthAlgorithm .1.3.6.1.4.1.9.9.432.1.2.2.1.22
ceipSecTunHistInSaDecompAlgo CISCO-IPSEC-TCCIPsecCompAlgorithm .1.3.6.1.4.1.9.9.432.1.2.2.1.23
ceipSecTunHistOutSaDHGrp CISCO-IPSEC-TCCIPsecDiffHellmanGrp .1.3.6.1.4.1.9.9.432.1.2.2.1.24
ceipSecTunHistOutSaEncryptAlgo CISCO-IPSEC-TCCIPsecEncryptAlgorithm .1.3.6.1.4.1.9.9.432.1.2.2.1.25
ceipSecTunHistOutSaEncryptKeySz BitsCISCO-IPSEC-TCCIPsecEncryptionKeySize .1.3.6.1.4.1.9.9.432.1.2.2.1.26
ceipSecTunHistOutSaAhAuthAlgo CISCO-IPSEC-TCCIPsecAuthAlgorithm .1.3.6.1.4.1.9.9.432.1.2.2.1.27
ceipSecTunHistOutSaEspAuthAlgo CISCO-IPSEC-TCCIPsecAuthAlgorithm .1.3.6.1.4.1.9.9.432.1.2.2.1.28
ceipSecTunHistOutSaCompAlgo CISCO-IPSEC-TCCIPsecCompAlgorithm .1.3.6.1.4.1.9.9.432.1.2.2.1.29
ceipSecTunHistActiveIndex CISCO-IPSEC-TCCIPsecPhase2TunnelIndex .1.3.6.1.4.1.9.9.432.1.2.2.1.3
ceipSecTunHistPmtu OctetsCISCO-IPSEC-TCCIPsecPmtu .1.3.6.1.4.1.9.9.432.1.2.2.1.30
ceipSecTunHistInOctets SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.2.2.1.31
ceipSecTunHistInDecompOctets SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.2.2.1.32
ceipSecTunHistInPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.33
ceipSecTunHistInDropPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.34
ceipSecTunHistInReplayDropPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.35
ceipSecTunHistInAuths EventsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.36
ceipSecTunHistInAuthFails FailuresSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.37
ceipSecTunHistInDecrypts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.38
ceipSecTunHistInDecryptFails FailuresSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.39
ceipSecTunHistLocalAddressType INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.2.2.1.4
ceipSecTunHistOutOctets SNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.2.2.1.40
ceipSecTunHistOutUncompOctets OctetsSNMPv2-SMICounter64 .1.3.6.1.4.1.9.9.432.1.2.2.1.41
ceipSecTunHistOutPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.42
ceipSecTunHistOutDropPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.43
ceipSecTunHistOutAuths EventsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.44
ceipSecTunHistOutAuthFails FailuresSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.45
ceipSecTunHistOutEncrypts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.46
ceipSecTunHistOutEncryptFails FailuresSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.47
ceipSecTunHistOutCompressedPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.48
ceipSecTunHistOutCompSkippedPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.49
ceipSecTunHistLocalAddress INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.2.2.1.5
ceipSecTunHistOutCompFailPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.50
ceipSecTunHistOutCompSmallPkts PacketsSNMPv2-SMICounter32 .1.3.6.1.4.1.9.9.432.1.2.2.1.51
ceipSecTunHistRemoteAddressType INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.2.2.1.6
ceipSecTunHistRemoteAddress INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.2.2.1.7
ceipSecTunHistControlProtocol CISCO-IPSEC-TCCIPsecControlProtocol .1.3.6.1.4.1.9.9.432.1.2.2.1.8
ceipSecTunHistControlTunnelIndex CISCO-IPSEC-TCCIPsecPhase1TunnelIndexOrZero .1.3.6.1.4.1.9.9.432.1.2.2.1.9
ceipSecEndPtHistTable .1.3.6.1.4.1.9.9.432.1.2.3
ceipSecEndPtHistEntry ceipSecEndPtHistIndex .1.3.6.1.4.1.9.9.432.1.2.3.1
ceipSecEndPtHistIndex Unsigned32 .1.3.6.1.4.1.9.9.432.1.2.3.1.1
ceipSecEndPtHistLocalProtocol CISCO-TCCiscoIpProtocol .1.3.6.1.4.1.9.9.432.1.2.3.1.10
ceipSecEndPtHistLocalPort CISCO-TCCiscoPort .1.3.6.1.4.1.9.9.432.1.2.3.1.11
ceipSecEndPtHistRemoteName SNMP-FRAMEWORK-MIBSnmpAdminString .1.3.6.1.4.1.9.9.432.1.2.3.1.12
ceipSecEndPtHistRemoteType CISCO-IPSEC-TCCIPsecEndPtType .1.3.6.1.4.1.9.9.432.1.2.3.1.13
ceipSecEndPtHistRemoteAddrType1 INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.2.3.1.14
ceipSecEndPtHistRemoteAddr1 INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.2.3.1.15
ceipSecEndPtHistRemoteAddrType2 INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.2.3.1.16
ceipSecEndPtHistRemoteAddr2 INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.2.3.1.17
ceipSecEndPtHistRemoteProtocol CISCO-TCCiscoIpProtocol .1.3.6.1.4.1.9.9.432.1.2.3.1.18
ceipSecEndPtHistRemotePort CISCO-TCCiscoPort .1.3.6.1.4.1.9.9.432.1.2.3.1.19
ceipSecEndPtHistTunIndex Unsigned32 .1.3.6.1.4.1.9.9.432.1.2.3.1.2
ceipSecEndPtHistActiveIndex Unsigned32 .1.3.6.1.4.1.9.9.432.1.2.3.1.3
ceipSecEndPtHistLocalName SNMP-FRAMEWORK-MIBSnmpAdminString .1.3.6.1.4.1.9.9.432.1.2.3.1.4
ceipSecEndPtHistLocalType CISCO-IPSEC-TCCIPsecEndPtType .1.3.6.1.4.1.9.9.432.1.2.3.1.5
ceipSecEndPtHistLocalAddrType1 INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.2.3.1.6
ceipSecEndPtHistLocalAddr1 INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.2.3.1.7
ceipSecEndPtHistLocalAddrType2 INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.2.3.1.8
ceipSecEndPtHistLocalAddr2 INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.2.3.1.9
ceipSecFailures .1.3.6.1.4.1.9.9.432.1.3
ceipSecFailGlobal .1.3.6.1.4.1.9.9.432.1.3.1
ceipSecFailGlobalCntl .1.3.6.1.4.1.9.9.432.1.3.1.1
ceipSecFailTableSize r/w Unsigned32 .1.3.6.1.4.1.9.9.432.1.3.1.1.1
ceipSecFailTable .1.3.6.1.4.1.9.9.432.1.3.2
ceipSecFailEntry ceipSecFailIndex .1.3.6.1.4.1.9.9.432.1.3.2.1
ceipSecFailIndex Unsigned32 .1.3.6.1.4.1.9.9.432.1.3.2.1.1
ceipSecFailReason Enumeration .1.3.6.1.4.1.9.9.432.1.3.2.1.2
ceipSecFailTime SNMPv2-TCTimeStamp .1.3.6.1.4.1.9.9.432.1.3.2.1.3
ceipSecFailTunnelIndex CISCO-IPSEC-TCCIPsecPhase2TunnelIndex .1.3.6.1.4.1.9.9.432.1.3.2.1.4
ceipSecFailSaSpi CISCO-IPSEC-TCCIPsecSpi .1.3.6.1.4.1.9.9.432.1.3.2.1.5
ceipSecFailPktSrcAddressType INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.3.2.1.6
ceipSecFailPktSrcAddress INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.3.2.1.7
ceipSecFailPktDstAddressType INET-ADDRESS-MIBInetAddressType .1.3.6.1.4.1.9.9.432.1.3.2.1.8
ceipSecFailPktDstAddress INET-ADDRESS-MIBInetAddress .1.3.6.1.4.1.9.9.432.1.3.2.1.9
ceipSecNotificationCntl .1.3.6.1.4.1.9.9.432.1.5
ceipSecNotiCntlIpSecAllNotifs r/w SNMPv2-TCTruthValue .1.3.6.1.4.1.9.9.432.1.5.1
ceipSecNotifCntlIpSecTunnelStart r/w SNMPv2-TCTruthValue .1.3.6.1.4.1.9.9.432.1.5.2
ceipSecNotifCntlIpSecTunnelStop r/w SNMPv2-TCTruthValue .1.3.6.1.4.1.9.9.432.1.5.3
ceipSecNotifCntlIpSecSysFailure r/w SNMPv2-TCTruthValue .1.3.6.1.4.1.9.9.432.1.5.4
ceipSecNotifCntlIpSecSetUpFail r/w SNMPv2-TCTruthValue .1.3.6.1.4.1.9.9.432.1.5.5
ceipSecNotifCntlIpSecBadSa r/w SNMPv2-TCTruthValue .1.3.6.1.4.1.9.9.432.1.5.6
ceipSecNotifCntlCertExpiry r/w SNMPv2-TCTruthValue .1.3.6.1.4.1.9.9.432.1.5.7
ceipSecNotifCntlCertRenewal r/w SNMPv2-TCTruthValue .1.3.6.1.4.1.9.9.432.1.5.8
ceipSecCertNotification .1.3.6.1.4.1.9.9.432.1.6
ceipSecCertSubjectName SNMP-FRAMEWORK-MIBSnmpAdminString .1.3.6.1.4.1.9.9.432.1.6.1
ceipSecCertSerialNumber SNMP-FRAMEWORK-MIBSnmpAdminString .1.3.6.1.4.1.9.9.432.1.6.2
ceipSecCertIssuerName SNMP-FRAMEWORK-MIBSnmpAdminString .1.3.6.1.4.1.9.9.432.1.6.3
ceipSecCertExpiryTime SNMP-FRAMEWORK-MIBSnmpAdminString .1.3.6.1.4.1.9.9.432.1.6.4
ceipSecCertRenewalStatus Enumeration .1.3.6.1.4.1.9.9.432.1.6.5
ceipSecCertExpiryStatus Enumeration .1.3.6.1.4.1.9.9.432.1.6.6
ciscoEnhancedIpsecFlowMIBConform .1.3.6.1.4.1.9.9.432.2
ciscoEnhIPsecFlowMIBCompliances .1.3.6.1.4.1.9.9.432.2.1
ciscoIPsecFlowMIBGroups .1.3.6.1.4.1.9.9.432.2.2
Notifications / Traps (7)
NameOIDDescription
ciscoEnhIpsecFlowTunnelStart .1.3.6.1.4.1.9.9.432.0.1
This notification is generated when an IPsec Phase-2
Tunnel becomes active.
ciscoEnhIpsecFlowTunnelStop .1.3.6.1.4.1.9.9.432.0.2
This notification is generated when an IPsec Phase-2
Tunnel becomes inactive.
ciscoEnhIpsecFlowSysFailure .1.3.6.1.4.1.9.9.432.0.3
This notification is generated when the processing
for an IPsec Phase-2 Tunnel experiences an internal
or system capacity error.
ciscoEnhIpsecFlowSetupFail .1.3.6.1.4.1.9.9.432.0.4
This notification is generated when the setup for
an IPsec Phase-2 Tunnel fails.
ciscoEnhIpsecFlowBadSa .1.3.6.1.4.1.9.9.432.0.5
This notification is generated when the managed
entity receives an IPsec packet with a non-existent 
(non-existant in the local Security Association
Database) SPI.
ciscoEnhIpsecFlowCertExpiry .1.3.6.1.4.1.9.9.432.0.6
This notification is generated to notify that an X.509
certificate is going to expire. The notification is triggered
the time threshold configured on the application for
notification before the certificate is going to expire, which
is  when the value of ceipSecCertExpiryStatus is changed from
certOK(1) to certGoingExpired(2). The user should take action
to renew the certificate identified in the notification prior
to the certificate expiration, which is at the validity
notAfter time provided in the notification.
ciscoEnhIpsecFlowCertRenewal .1.3.6.1.4.1.9.9.432.0.7
This notification is generated to report a status transition
for an X.509 certificate renewal performed by the application.
The notification is generated when the value of
ceipSecCertRenewalStatus is changed from 
1. renewalNotNeeded(1) to renewalRequestNeeded(2) or
renewalRequested(3)
2. renewalRequestNeeded(2) to renewalRequested(3)
3. renewalRequested(3) to renewalSuccess(4) or
renewalFailedUpdate(5) or renewalFailedExpired(6)
4. renewalFailedUpdate(5) to renewalFailedExpired(6)