CISCO-ENHANCED-IPSEC-FLOW-MIB: View SNMP OID List / Download MIB

VENDOR: CISCO


 Home MIB: CISCO-ENHANCED-IPSEC-FLOW-MIB
Download as:   

Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
Keep in mind that standard MIB files can be successfully loaded by systems and programs only if all the required MIB's from the "Imports" section are already loaded.
The tree-like SNMP object navigator requires no explanations because it is very simple to use. And if you stumbled on this MIB from Google note that you can always go back to the home page if you need to perform another MIB or OID lookup.


Object Name OID Type Access Info
 ciscoEnhancedIpsecFlowMIB 1.3.6.1.4.1.9.9.432
This is a MIB Module for monitoring the structures and status of IPSec-based networks. The MIB has been designed to be adopted as an IETF standard. Hence vendor-specific features of IPSec protocol are excluded from this MIB. Acronyms The following acronyms are used in this document: IPsec: Secure IP Protocol VPN: Virtual Private Network ISAKMP: Internet Security Association and Key Exchange Protocol IKE: Internet Key Exchange Protocol SA: Security Association (ref: rfc2408). SPI: Security Parameter Index is the pointer or identifier used in accessing SA attributes (ref: rfc2408). MM: Main Mode - the process of setting up a Phase 1 SA to secure the exchanges required to setup Phase 2 SAs QM: Quick Mode - the process of setting up Phase 2 Security Associations using a Phase 1 SA. Phase 1 Tunnel: An ISAKMP SA can be regarded as representing a flow of ISAKMP/IKE traffic. Hence an ISAKMP is referred to as a 'Phase 1 Tunnel' in this document. Control Tunnel: Another term for a Phase 1 Tunnel. Phase 2 Tunnel: An instance of a non-ISAKMP SA bundle in which all the SA share the same proxy identifiers (IDii,IDir) protect the same stream of application traffic. Such an SA bundle is termed a 'Phase 2 Tunnel'. Note that a Phase 2 tunnel may comprise different SA bundles and different number of SA bundles at different times (due to key refresh). MTU: Maximum Transmission Unit (of an IPsec tunnel). History of the MIB A precursor to this MIB was written by Tivoli and implemented in IBM Nways routers in 1999. During late 1999, Cisco adopted the MIB and together with Tivoli publised the IPsec Flow Monitor MIB in IETF IPsec WG in draft-ietf-ipsec-flow-monitoring-mib-00.txt. In 2000, the MIB was Cisco-ized and implemented this draft as CISCO-IPSEC-FLOW-MONITOR-MIB in IOS and VPN3000 platforms. With the evolution of IKEv2, the MIB was modified and presented to the IPsec WG again in May 2003 in draft-ietf-ipsec-flow-monitoring-mib-02.txt. With the emergence of multiple IPsec signaling protocols, it became apparent that the signaling aspects of IPsec need to be instrumented separately in their own right. Thus, the IPsec control attributes and metrics were separated out into CISCO-IPSEC-SIGNALING-MIB and CISCO-IKE-FLOW-MIB. This version of the draft is the version of the draft that models that IPsec data protocol, structures and activity alone. Overview of MIB The MIB contains four major groups of objects which are used to manage the IPsec Protocol. These groups include a Levels Group, a Phase-1 Group, a Phase-2 Group, a History Group, a Failure Group and a TRAP Control Group. The following table illustrates the structure of the IPsec MIB. The Phase 2 group models objects pertaining to IPsec data tunnels. The History group is to aid applications that do trending analysis. The Failure group is to enable an operator to do troubleshooting and debugging of the VPN Router. Further, counters are supported to aid detection of potential security violations. In addition to the three major MIB Groups, there are a number of Notifications. The following table illustrates the name and description of the IPsec TRAPs.
         ciscoEnhancedIpsecFlowMIBNotifs 1.3.6.1.4.1.9.9.432.0
             ciscoEnhIpsecFlowTunnelStart 1.3.6.1.4.1.9.9.432.0.1
This notification is generated when an IPsec Phase-2 Tunnel becomes active.
             ciscoEnhIpsecFlowTunnelStop 1.3.6.1.4.1.9.9.432.0.2
This notification is generated when an IPsec Phase-2 Tunnel becomes inactive.
             ciscoEnhIpsecFlowSysFailure 1.3.6.1.4.1.9.9.432.0.3
This notification is generated when the processing for an IPsec Phase-2 Tunnel experiences an internal or system capacity error.
             ciscoEnhIpsecFlowSetupFail 1.3.6.1.4.1.9.9.432.0.4
This notification is generated when the setup for an IPsec Phase-2 Tunnel fails.
             ciscoEnhIpsecFlowBadSa 1.3.6.1.4.1.9.9.432.0.5
This notification is generated when the managed entity receives an IPsec packet with a non-existent (non-existant in the local Security Association Database) SPI.
             ciscoEnhIpsecFlowCertExpiry 1.3.6.1.4.1.9.9.432.0.6
This notification is generated to notify that an X.509 certificate is going to expire. The notification is triggered the time threshold configured on the application for notification before the certificate is going to expire, which is when the value of ceipSecCertExpiryStatus is changed from certOK(1) to certGoingExpired(2). The user should take action to renew the certificate identified in the notification prior to the certificate expiration, which is at the validity notAfter time provided in the notification.
             ciscoEnhIpsecFlowCertRenewal 1.3.6.1.4.1.9.9.432.0.7
This notification is generated to report a status transition for an X.509 certificate renewal performed by the application. The notification is generated when the value of ceipSecCertRenewalStatus is changed from 1. renewalNotNeeded(1) to renewalRequestNeeded(2) or renewalRequested(3) 2. renewalRequestNeeded(2) to renewalRequested(3) 3. renewalRequested(3) to renewalSuccess(4) or renewalFailedUpdate(5) or renewalFailedExpired(6) 4. renewalFailedUpdate(5) to renewalFailedExpired(6)
         ciscoEnhancedIpsecFlowMIBObjects 1.3.6.1.4.1.9.9.432.1
             ceipSecPhaseTwo 1.3.6.1.4.1.9.9.432.1.1
                 ceipSecGlobalStats 1.3.6.1.4.1.9.9.432.1.1.1
                     ceipSecGlobalActiveTunnels 1.3.6.1.4.1.9.9.432.1.1.1.1 gauge32 read-only
The total number of currently active IPsec Phase-2 Tunnels.
                     ceipSecGlobalPreviousTunnels 1.3.6.1.4.1.9.9.432.1.1.1.2 counter64 read-only
The total number of previously active IPsec Phase-2 Tunnels.
                     ceipSecGlobalInOctets 1.3.6.1.4.1.9.9.432.1.1.1.3 counter64 read-only
A high capacity count of the total number of octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
                     ceipSecGlobalInDecompOctets 1.3.6.1.4.1.9.9.432.1.1.1.4 counter64 read-only
A high capacity count of the total number of decompressed octets received by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecGlobalInOctets.
                     ceipSecGlobalInPkts 1.3.6.1.4.1.9.9.432.1.1.1.5 counter64 read-only
The total number of packets received by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalInDrops 1.3.6.1.4.1.9.9.432.1.1.1.6 counter64 read-only
The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels. This count does NOT include packets dropped due to Anti-Replay processing.
                     ceipSecGlobalInReplayDrops 1.3.6.1.4.1.9.9.432.1.1.1.7 counter64 read-only
The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalInAuths 1.3.6.1.4.1.9.9.432.1.1.1.8 counter64 read-only
The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalInAuthFails 1.3.6.1.4.1.9.9.432.1.1.1.9 counter64 read-only
The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalInDecrypts 1.3.6.1.4.1.9.9.432.1.1.1.10 counter64 read-only
The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalInDecryptFails 1.3.6.1.4.1.9.9.432.1.1.1.11 counter64 read-only
The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalOutOctets 1.3.6.1.4.1.9.9.432.1.1.1.12 counter64 read-only
A high capacity count of the total number of octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated AFTER determining whether or not the packet should be compressed.
                     ceipSecGlobalOutUncompOctets 1.3.6.1.4.1.9.9.432.1.1.1.13 counter64 read-only
A high capacity count of the total number of uncompressed octets sent by all current and previous IPsec Phase-2 Tunnels. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ceipSecGlobalOutOctets.
                     ceipSecGlobalOutPkts 1.3.6.1.4.1.9.9.432.1.1.1.14 counter64 read-only
The total number of packets sent by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalOutDrops 1.3.6.1.4.1.9.9.432.1.1.1.15 counter64 read-only
The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalOutAuths 1.3.6.1.4.1.9.9.432.1.1.1.16 counter64 read-only
The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalOutAuthFails 1.3.6.1.4.1.9.9.432.1.1.1.17 counter64 read-only
The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalOutEncrypts 1.3.6.1.4.1.9.9.432.1.1.1.18 counter64 read-only
The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalOutEncryptFails 1.3.6.1.4.1.9.9.432.1.1.1.19 counter64 read-only
The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalProtocolUseFails 1.3.6.1.4.1.9.9.432.1.1.1.20 counter64 read-only
The total number of protocol use failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels.
                     ceipSecGlobalNoSaFails 1.3.6.1.4.1.9.9.432.1.1.1.21 counter64 read-only
The total number of non-existent Security Association in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels.
                     ceipSecGlobalSysCapFails 1.3.6.1.4.1.9.9.432.1.1.1.22 counter64 read-only
The total number of system capacity failures which occurred during processing of all current and previously active IPsec Phase-2 Tunnels.
                     ceipSecGlobalOutCompressedPkts 1.3.6.1.4.1.9.9.432.1.1.1.23 counter64 read-only
The cumulative number of outbound packets across all IPsec flows terminating at this device which were successfully compressed.
                     ceipSecGlobalOutCompSkippedPkts 1.3.6.1.4.1.9.9.432.1.1.1.24 counter64 read-only
The total number of outbound packets across all IPsec flows terminating at this devices that were to be compressed but which were skipped due to the compression hysteresis.
                     ceipSecGlobalOutCompFailPkts 1.3.6.1.4.1.9.9.432.1.1.1.25 counter64 read-only
The total number of outbound packets across all IPsec flows terminating at this device that failed compression because they grew in size after compression.
                     ceipSecGlobalOutCompTooSmallPkts 1.3.6.1.4.1.9.9.432.1.1.1.26 counter64 read-only
The total number of outbound packets across all IPsec flows terminating at this device that were to be compressed but were smaller than the compression threshold size. This number is cumulative since the last system start.
                     ceipSecGlobalThroughputUtilizatioinTimeInterval 1.3.6.1.4.1.9.9.432.1.1.1.27 unsigned32 read-only
The object is the length of the time interval to measure the throughtput utilization.
                     ceipSecGlobalThroughputLastUpdatedTime 1.3.6.1.4.1.9.9.432.1.1.1.28 timestamp read-only
The timestamp is the end of the last throughput utilization time interval.
                     ceipSecGlobalLastAveragePacketSize 1.3.6.1.4.1.9.9.432.1.1.1.29 unsigned32 read-only
This object is the average packet size in the last throughput utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime.
                     ceipSecGlobalLastThroughputInMbps 1.3.6.1.4.1.9.9.432.1.1.1.30 unsigned32 read-only
The object is the total throughput in Mbps in the last throughput utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime.
                     ceipSecGlobalLastThroughputInKpps 1.3.6.1.4.1.9.9.432.1.1.1.31 unsigned32 read-only
The object is the total throughput in Kpps in the last throughput utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime.
                     ceipSecGlobalLastThroughputUtilization 1.3.6.1.4.1.9.9.432.1.1.1.32 unsigned32 read-only
The object is the throughput utilization in percentage in the last performance utilization time interval that ended at ceipSecGlobalThroughputLastUpdatedTime.
                     ceipSecGlobalPeakThroughputUtilization 1.3.6.1.4.1.9.9.432.1.1.1.33 unsigned32 read-only
The object is the peak throughput utilization in percentage since the managed system is active. It was observed in the throughput utilization time interval that ended at ceipSecGlobalPeakThroughputDateAndTime.
                     ceipSecGlobalPeakThroughputDateAndTime 1.3.6.1.4.1.9.9.432.1.1.1.34 dateandtime read-only
The date and time when ceipSecGlobalPeakThroughputUtilization is updated.
                     ceipSecGlobalPeakThroughputInMbps 1.3.6.1.4.1.9.9.432.1.1.1.35 unsigned32 read-only
The object indicates the peak value of throughput in Mbps.
                     ceipSecGlobalPeakAvgPacketSize 1.3.6.1.4.1.9.9.432.1.1.1.36 unsigned32 read-only
This object indicates the average packet size in bytes in the throughput utilization time interval that ended at ceipSecGlobalPeakThroughputDateAndTime.
                 ceipSecTunnelTable 1.3.6.1.4.1.9.9.432.1.1.2 no-access
The IPsec Phase-2 Tunnel Table. There is one entry in this table for each active IPsec Phase-2 Tunnel.
                     ceipSecTunnelEntry 1.3.6.1.4.1.9.9.432.1.1.2.1 no-access
Each entry contains the attributes associated with an active IPsec Phase-2 Tunnel.
                         ceipSecTunIndex 1.3.6.1.4.1.9.9.432.1.1.2.1.1 cipsecphase2tunnelindex no-access
The index of the IPsec Phase-2 Tunnel Table. The value of the index is a number which begins at 1 and is incremented with each tunnel that is created. The value of this object will wrap at 2,147,483,647. Since this object must correspond to a valid Phase-2 IPsec tunnel, this object may not assume the value of 0.
                         ceipSecTunLocalAddressType 1.3.6.1.4.1.9.9.432.1.1.2.1.2 inetaddresstype read-only
The type of the IP address of the local endpoint for the IPsec Phase-2 Tunnel.
                         ceipSecTunLocalAddress 1.3.6.1.4.1.9.9.432.1.1.2.1.3 inetaddress read-only
The IP address of the local endpoint for the IPsec Phase-2 Tunnel.
                         ceipSecTunRemoteAddressType 1.3.6.1.4.1.9.9.432.1.1.2.1.4 inetaddresstype read-only
The type of the IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
                         ceipSecTunRemoteAddress 1.3.6.1.4.1.9.9.432.1.1.2.1.5 inetaddress read-only
The IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
                         ceipSecTunControlProtocol 1.3.6.1.4.1.9.9.432.1.1.2.1.6 cipseccontrolprotocol read-only
Identifies the protocol used to setup and administer this Phase-2 IPsec tunnel. In case this tunnel was spawned by an IPsec signaling protocol, this MIB object contains the value of the object 'cisgIpsSgProtocol' defined in CISCO-IPSEC-SIGNALING-MIB in the table 'cisgIpsSgTunnelTable' in the row corresponding to the control tunnel. A value of 'cpManual' is indicative of a manually installed and administered Phase-2 tunnel.
                         ceipSecTunControlTunnelIndex 1.3.6.1.4.1.9.9.432.1.1.2.1.7 cipsecphase1tunnelindexorzero read-only
The index of the associated IPsec Phase-1 Tunnel. In case this tunnel was spawned by an IPsec signaling protocol, this MIB object contains the value of the object 'cisgIpsSgTunIndex' defined in CISCO-IPSEC-SIGNALING-MIB in the table 'cisgIpsSgTunnelTable' in the row corresponding to the control tunnel. A value of 0 identifies that this Phase-2 tunnel was setup manually.
                         ceipSecTunControlTunnelAlive 1.3.6.1.4.1.9.9.432.1.1.2.1.8 truthvalue read-only
An indicator which specifies whether or not the IPsec Phase-1 Tunnel that spawned this Phase-2 tunnel currently exists.
                         ceipSecTunEncapMode 1.3.6.1.4.1.9.9.432.1.1.2.1.9 cipsecencapmode read-only
The encapsulation mode used by the IPsec Phase-2 Tunnel.
                         ceipSecTunNATTraversalMode 1.3.6.1.4.1.9.9.432.1.1.2.1.10 cipsecnattraversalmode read-only
The encapsulation used by the IPsec Phase-2 tunnel for NAT traversal. The value of this object is constrained based on the value of the column 'ceipSecTunEncapMode'. If the value of 'ceipSecTunEncapMode' is 'encapTransport', then this object may not assume the values 'natEncapIPsecOverUdp' or 'natEncapIPsecOverTcp'.
                         ceipSecTunLifeSize 1.3.6.1.4.1.9.9.432.1.1.2.1.11 unsigned32 read-only
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes.
                         ceipSecTunLifeTime 1.3.6.1.4.1.9.9.432.1.1.2.1.12 unsigned32 read-only
The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. If the tunnel was setup manually, the value of this MIB element should be 0.
                         ceipSecTunActiveTime 1.3.6.1.4.1.9.9.432.1.1.2.1.13 timeinterval read-only
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
                         ceipSecTunSaLifeSizeThreshold 1.3.6.1.4.1.9.9.432.1.1.2.1.14 unsigned32 read-only
The security association LifeSize refresh threshold in kilobytes. If the tunnel was setup manually, the value of this MIB element should be 0.
                         ceipSecTunSaLifeTimeThreshold 1.3.6.1.4.1.9.9.432.1.1.2.1.15 unsigned32 read-only
The security association LifeTime refresh threshold in seconds. If the tunnel was setup manually, the value of this MIB element should be 0.
                         ceipSecTunTotalRefreshes 1.3.6.1.4.1.9.9.432.1.1.2.1.16 counter32 read-only
The total number of security association refreshes performed.
                         ceipSecTunExpiredSaInstances 1.3.6.1.4.1.9.9.432.1.1.2.1.17 counter32 read-only
The total number of security associations which have expired. If the tunnel was setup manually, the value of this MIB element should be 0.
                         ceipSecTunCurrentSaInstances 1.3.6.1.4.1.9.9.432.1.1.2.1.18 gauge32 read-only
The number of security associations which are currently active or expiring.
                         ceipSecTunInSaDHGrp 1.3.6.1.4.1.9.9.432.1.1.2.1.19 cipsecdiffhellmangrp read-only
The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. If the tunnel was setup manually, the value of this MIB element would be `none'.
                         ceipSecTunInSaEncryptAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.20 cipsecencryptalgorithm read-only
The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunInSaEncryptKeySize 1.3.6.1.4.1.9.9.432.1.1.2.1.21 cipsecencryptionkeysize read-only
The key size in bits of the negotiated key to be used with the algorithm denoted by 'ceipSecTunInSaEncryptAlgo'. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
                         ceipSecTunInSaAhAuthAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.22 cipsecauthalgorithm read-only
The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunInSaEspAuthAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.23 cipsecauthalgorithm read-only
The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunInSaDecompAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.24 cipseccompalgorithm read-only
The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunOutSaDHGrp 1.3.6.1.4.1.9.9.432.1.1.2.1.25 cipsecdiffhellmangrp read-only
The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. If the tunnel was setup manually, the value of this MIB element would be 'none'.
                         ceipSecTunOutSaEncryptAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.26 cipsecencryptalgorithm read-only
The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunOutSaEncryptKeySize 1.3.6.1.4.1.9.9.432.1.1.2.1.27 cipsecencryptionkeysize read-only
The key size in bits of the negotiated key to be used with the algorithm denoted by 'ceipSecTunOutSaEncryptAlgo'. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
                         ceipSecTunOutSaAhAuthAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.28 cipsecauthalgorithm read-only
The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunOutSaEspAuthAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.29 cipsecauthalgorithm read-only
The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunOutSaCompAlgo 1.3.6.1.4.1.9.9.432.1.1.2.1.30 cipseccompalgorithm read-only
The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunPmtu 1.3.6.1.4.1.9.9.432.1.1.2.1.31 cipsecpmtu read-only
The Path MTU for this IPsec Phase-2 tunnel, which has been either learnt from the network or which has been specified by the administrator. The lower end of the range is 68 which is the minimum MTU for IPv4.
                         ceipSecTunInOctets 1.3.6.1.4.1.9.9.432.1.1.2.1.32 counter64 read-only
A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
                         ceipSecTunInDecompOctets 1.3.6.1.4.1.9.9.432.1.1.2.1.33 counter64 read-only
A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecTunInOctets.
                         ceipSecTunInPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.34 counter32 read-only
The total number of packets received by this IPsec Phase-2 Tunnel.
                         ceipSecTunInDropPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.35 counter32 read-only
The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing.
                         ceipSecTunInReplayDropPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.36 counter32 read-only
The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel.
                         ceipSecTunInAuths 1.3.6.1.4.1.9.9.432.1.1.2.1.37 counter32 read-only
The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel.
                         ceipSecTunInAuthFails 1.3.6.1.4.1.9.9.432.1.1.2.1.38 counter32 read-only
The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel .
                         ceipSecTunInDecrypts 1.3.6.1.4.1.9.9.432.1.1.2.1.39 counter32 read-only
The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel.
                         ceipSecTunInDecryptFails 1.3.6.1.4.1.9.9.432.1.1.2.1.40 counter32 read-only
The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel.
                         ceipSecTunOutOctets 1.3.6.1.4.1.9.9.432.1.1.2.1.41 counter64 read-only
A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed.
                         ceipSecTunOutUncompOctets 1.3.6.1.4.1.9.9.432.1.1.2.1.42 counter64 read-only
A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ceipSecTunOutOctets.
                         ceipSecTunOutPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.43 counter32 read-only
The total number of packets sent by this IPsec Phase-2 Tunnel.
                         ceipSecTunOutDropPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.44 counter32 read-only
The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel.
                         ceipSecTunOutAuths 1.3.6.1.4.1.9.9.432.1.1.2.1.45 counter32 read-only
The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel.
                         ceipSecTunOutAuthFails 1.3.6.1.4.1.9.9.432.1.1.2.1.46 counter32 read-only
The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel.
                         ceipSecTunOutEncrypts 1.3.6.1.4.1.9.9.432.1.1.2.1.47 counter32 read-only
The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel.
                         ceipSecTunOutEncryptFails 1.3.6.1.4.1.9.9.432.1.1.2.1.48 counter32 read-only
The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel.
                         ceipSecTunOutCompressedPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.49 counter32 read-only
The total number of outbound packets which were successfully compressed.
                         ceipSecTunOutCompSkippedPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.50 counter32 read-only
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis.
                         ceipSecTunOutCompFailPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.51 counter32 read-only
The total number of outbound packets that failed compression because they grew in size after compression.
                         ceipSecTunOutCompTooSmallPkts 1.3.6.1.4.1.9.9.432.1.1.2.1.52 counter32 read-only
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size.
                         ceipSecIfIndex 1.3.6.1.4.1.9.9.432.1.1.2.1.53 interfaceindex read-only
This object represents the ifIndex of an interface where this tunnel is created. Multiple IPsec tunnels can be created using the same interface.
                         ceipSecTunStatus 1.3.6.1.4.1.9.9.432.1.1.2.1.54 cipsectunnelstatus read-write
The status of the MIB table row. This object can be used to bring the tunnel down or force a rekeying. When the value is set to destroy(5), the SA bundle is destroyed and this row is deleted from this table. When the value is set to rekey(6), then rekeying is forced on this tunnel. When this MIB value is queried, the value of active(4) is always returned, if the instance exists. This object cannot be used to create a MIB table row.
                 ceipSecEndPtTable 1.3.6.1.4.1.9.9.432.1.1.3 no-access
The IPsec Phase-2 Tunnel Endpoint Table. This table contains an entry for each active endpoint associated with an IPsec Phase-2 Tunnel.
                     ceipSecEndPtEntry 1.3.6.1.4.1.9.9.432.1.1.3.1 no-access
An IPsec Phase-2 Tunnel Endpoint entry.
                         ceipSecEndPtIndex 1.3.6.1.4.1.9.9.432.1.1.3.1.1 unsigned32 no-access
The number of the Endpoint associated with the IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 4,294,967,295.
                         ceipSecEndPtLocalName 1.3.6.1.4.1.9.9.432.1.1.3.1.2 snmpadminstring read-only
The DNS name of the local Endpoint.
                         ceipSecEndPtLocalType 1.3.6.1.4.1.9.9.432.1.1.3.1.3 cipsecendpttype read-only
The type of identity for the local Endpoint.
                         ceipSecEndPtLocalAddrType1 1.3.6.1.4.1.9.9.432.1.1.3.1.4 inetaddresstype read-only
The type of the IP address for this local Endpoint's first IP address.
                         ceipSecEndPtLocalAddr1 1.3.6.1.4.1.9.9.432.1.1.3.1.5 inetaddress read-only
The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtLocalType.
                         ceipSecEndPtLocalAddrType2 1.3.6.1.4.1.9.9.432.1.1.3.1.6 inetaddresstype read-only
The type of the IP address for this local Endpoint's second IP address.
                         ceipSecEndPtLocalAddr2 1.3.6.1.4.1.9.9.432.1.1.3.1.7 inetaddress read-only
The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtLocalType.
                         ceipSecEndPtLocalProtocol 1.3.6.1.4.1.9.9.432.1.1.3.1.8 ciscoipprotocol read-only
The protocol number of the local Endpoint's traffic.
                         ceipSecEndPtLocalPort 1.3.6.1.4.1.9.9.432.1.1.3.1.9 ciscoport read-only
The port number of the local Endpoint's traffic.
                         ceipSecEndPtRemoteName 1.3.6.1.4.1.9.9.432.1.1.3.1.10 snmpadminstring read-only
The DNS name of the remote Endpoint.
                         ceipSecEndPtRemoteType 1.3.6.1.4.1.9.9.432.1.1.3.1.11 cipsecendpttype read-only
The type of identity for the remote Endpoint.
                         ceipSecEndPtRemoteAddrType1 1.3.6.1.4.1.9.9.432.1.1.3.1.12 inetaddresstype read-only
The type of the IP address for this remote Endpoint's first IP address.
                         ceipSecEndPtRemoteAddr1 1.3.6.1.4.1.9.9.432.1.1.3.1.13 inetaddress read-only
The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtRemoteType.
                         ceipSecEndPtRemoteAddrType2 1.3.6.1.4.1.9.9.432.1.1.3.1.14 inetaddresstype read-only
The type of the IP address for this remote Endpoint's second IP address.
                         ceipSecEndPtRemoteAddr2 1.3.6.1.4.1.9.9.432.1.1.3.1.15 inetaddress read-only
The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from ceipSecEndPtRemoteType.
                         ceipSecEndPtRemoteProtocol 1.3.6.1.4.1.9.9.432.1.1.3.1.16 ciscoipprotocol read-only
The protocol number of the remote Endpoint's traffic.
                         ceipSecEndPtRemotePort 1.3.6.1.4.1.9.9.432.1.1.3.1.17 ciscoport read-only
The port number of the remote Endpoint's traffic.
                 ceipSecSaTable 1.3.6.1.4.1.9.9.432.1.1.4 no-access
The IPsec Phase-2 Security Association Table. This table identifies the structure (in terms of component SAs) of each active Phase-2 IPsec tunnel. This table contains an entry for each active and expiring security association and maps each entry in the active Phase-2 tunnel table (ceipSecTunTable) into a number of entries in this table. The index of this table reflects the rule for identifying Security Associations.
                     ceipSecSaEntry 1.3.6.1.4.1.9.9.432.1.1.4.1 no-access
Each entry contains the attributes associated with active and expiring IPsec Phase-2 security associations.
                         ceipSecSaProtocol 1.3.6.1.4.1.9.9.432.1.1.4.1.1 cipsecprotocol no-access
This column represents the security protocol (AH, ESP or IPComp) for which this security association was setup.
                         ceipSecSaIndex 1.3.6.1.4.1.9.9.432.1.1.4.1.2 unsigned32 no-access
The object, in the context of the IPsec tunnel 'ceipSecTunIndex', is an index of security associations comprising the Phase-2 IPsec tunnel represented by the tunnel index 'ceipSecTunIndex'. The value of this index is a number which begins at 1 and is incremented with each SPI associated with the corresponding IPsec Phase-2 Tunnel.
                         ceipSecSaDirection 1.3.6.1.4.1.9.9.432.1.1.4.1.3 cipsecphase2sadirection read-only
Phase-2 IPsec security associations are simplex. Hence a particular security association is used either for securing outgoing traffic or decoding incoming traffic. This column identifies the direction of the security association represented by this entry.
                         ceipSecSaValue 1.3.6.1.4.1.9.9.432.1.1.4.1.4 cipsecspi read-only
This is the value of the Security Protection Index (SPI) assigned by the system to the security association represented by this entry.
                         ceipSecSaStatus 1.3.6.1.4.1.9.9.432.1.1.4.1.5 integer read-only
This column represents the status of the security association represented by this conceptual row. If the status of the SA is 'active', the SA is ready for active use. The status 'expiring' represents any of the various states that the security association transitions through before being purged. Enumeration: 'active': 2, 'unknown': 1, 'expiring': 3.
                 ceipSecTunnelSaTable 1.3.6.1.4.1.9.9.432.1.1.5 no-access
The IPsec Phase-2 Tunnel Security Association Table. This table identifies the SAs that are currently associated with an active Phase-2 tunnel. This table contains an entry for each active or expiring security association (SA) which is associated with an ceipSecTunnelEntry in 'active' state and provides statistic information of this SA. There might be multiple SAs associated with one ceipSecTunnelEntry.
                     ceipSecTunnelSaEntry 1.3.6.1.4.1.9.9.432.1.1.5.1 no-access
Each entry contains the attributes and statistics associated with an active or expiring IPsec Phase-2 security associations.
                         ceipSecTunSaProtocol 1.3.6.1.4.1.9.9.432.1.1.5.1.1 cipsecprotocol no-access
This column represents the security protocol (AH, ESP or IPComp) for which this security association was setup.
                         ceipSecTunSaIndex 1.3.6.1.4.1.9.9.432.1.1.5.1.2 unsigned32 no-access
The object, in the context of the IPsec tunnel 'ceipSecTunIndex', is an index of security associations comprising the Phase-2 IPsec tunnel represented by the tunnel index 'ceipSecTunIndex'. The value of this index is a number which begins at 1 and is incremented with each SPI associated with the corresponding IPsec Phase-2 Tunnel.
                         ceipSecTunSaDirection 1.3.6.1.4.1.9.9.432.1.1.5.1.3 cipsecphase2sadirection no-access
Phase-2 IPsec security associations are simplex. Hence a particular security association is used either for securing outgoing traffic or decoding incoming traffic. This column identifies the direction of the security association represented by this entry.
                         ceipSecTunSaValue 1.3.6.1.4.1.9.9.432.1.1.5.1.4 cipsecspi read-only
This is the value of the Security Protection Index (SPI) assigned by the system to the security association represented by this entry.
                         ceipSecTunSaIfIndex 1.3.6.1.4.1.9.9.432.1.1.5.1.5 interfaceindex read-only
This object represents the ifIndex of an interface where a tunnel with ceipSecTunIndex is created. Multiple IPsec tunnels can be created using the same interface.
                         ceipSecTunSaInOctets 1.3.6.1.4.1.9.9.432.1.1.5.1.6 counter64 read-only
A high capacity count of the total number of octets received by using this SA. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
                         ceipSecTunSaInDecompOctets 1.3.6.1.4.1.9.9.432.1.1.5.1.7 counter64 read-only
A high capacity count of the total number of decompressed octets received by using this SA. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecTunSaTunInOctets.
                         ceipSecTunSaInPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.8 counter64 read-only
The total number of packets received by using this SA.
                         ceipSecTunSaInDropPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.9 counter64 read-only
The total number of packets dropped during receive process by using this SA. This count does NOT include packets dropped due to Anti-Replay processing.
                         ceipSecTunSaInReplayDropPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.10 counter64 read-only
The total number of packets dropped during receive processing due to Anti-Replay processing by using this SA.
                         ceipSecTunSaInAuths 1.3.6.1.4.1.9.9.432.1.1.5.1.11 counter64 read-only
The total number of inbound authentication's performed by using this SA.
                         ceipSecTunSaInAuthFails 1.3.6.1.4.1.9.9.432.1.1.5.1.12 counter64 read-only
The total number of inbound authentication's which ended in failure by using this SA.
                         ceipSecTunSaInDecrypts 1.3.6.1.4.1.9.9.432.1.1.5.1.13 counter64 read-only
The total number of inbound decryption's performed by this SA.
                         ceipSecTunSaInDecryptFails 1.3.6.1.4.1.9.9.432.1.1.5.1.14 counter64 read-only
The total number of inbound decryption's which ended in failure by using this SA.
                         ceipSecTunSaOutOctets 1.3.6.1.4.1.9.9.432.1.1.5.1.15 counter64 read-only
A high capacity count of the total number of octets sent by using this SA. This value is accumulated AFTER determining whether or not the packet should be compressed.
                         ceipSecTunSaOutUncompOctets 1.3.6.1.4.1.9.9.432.1.1.5.1.16 counter64 read-only
A high capacity count of the total number of uncompressed octets sent by using this SA. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of ceipSecTunSaTunOutOctets.
                         ceipSecTunSaOutPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.17 counter64 read-only
The total number of packets sent by using this SA.
                         ceipSecTunSaOutDropPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.18 counter64 read-only
The total number of packets dropped during send processing by using this SA.
                         ceipSecTunSaOutAuths 1.3.6.1.4.1.9.9.432.1.1.5.1.19 counter64 read-only
The total number of outbound authentication's performed by using this SA.
                         ceipSecTunSaOutAuthFails 1.3.6.1.4.1.9.9.432.1.1.5.1.20 counter64 read-only
The total number of outbound authentication's which ended in failure by using this SA.
                         ceipSecTunSaOutEncrypts 1.3.6.1.4.1.9.9.432.1.1.5.1.21 counter64 read-only
The total number of outbound encryption's performed by using this SA.
                         ceipSecTunSaOutEncryptFails 1.3.6.1.4.1.9.9.432.1.1.5.1.22 counter64 read-only
The total number of outbound encryption's which ended in failure by using this SA.
                         ceipSecTunSaOutCompressedPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.23 counter64 read-only
The total number of outbound packets which were successfully compressed by using this SA.
                         ceipSecTunSaOutCompSkippedPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.24 counter64 read-only
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis when using this SA.
                         ceipSecTunSaOutCompFailPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.25 counter64 read-only
The total number of outbound packets that failed compression because they grew in size after compression when using this SA.
                         ceipSecTunSaOutCompTooSmallPkts 1.3.6.1.4.1.9.9.432.1.1.5.1.26 counter64 read-only
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size when using this SA.
                         ceipSecTunSaStatus 1.3.6.1.4.1.9.9.432.1.1.5.1.27 integer read-only
This column represents the status of the security association represented by this conceptual row. If the status of the SA is 'active', the SA is ready for active use. The status 'expiring' represents any of the various states that the security association transitions through before being purged. Enumeration: 'active': 2, 'unknown': 1, 'expiring': 3.
                 ceipSecIfTunnelTable 1.3.6.1.4.1.9.9.432.1.1.6 no-access
The IPsec Phase-2 Tunnels to Interface association table. This table contains an entry for each active IPsec Phase-2 Tunnel created under an interface. Multiple IPsec Phase-2 Tunnels can be created using the same interface.
                     ceipSecIfTunnelEntry 1.3.6.1.4.1.9.9.432.1.1.6.1 no-access
Each entry contains the IPsec Phase-2 Tunnel associated with an interface.
                         ceipSecIfTunnelStatus 1.3.6.1.4.1.9.9.432.1.1.6.1.1 cipsectunnelstatus read-only
This object corresponds to the status of a IPsec Phase-2 Tunnel in ceipSecTunnelTable indexed by ceipSecTunIndex. The valid status this object can have are 'active' and 'awaitCommit'.
             ceipSecHistory 1.3.6.1.4.1.9.9.432.1.2
                 ceipSecHistGlobal 1.3.6.1.4.1.9.9.432.1.2.1
                     ceipSecHistGlobalCntl 1.3.6.1.4.1.9.9.432.1.2.1.1
                         ceipSecHistTableSize 1.3.6.1.4.1.9.9.432.1.2.1.1.1 unsigned32 read-write
The window size of the IPsec Phase-2 History Tables. The IPsec Phase-2 History Tables are implemented as a sliding window in which only the last 'N' entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-2 History Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, in appropriate SNMP error code should be returned. Setting this value to zero is equivalent to deleting all conceptual rows in the archiving tables ('ceipSecHistTable' and 'ceipSecEndPtHistTable') and disabling the archiving of entries in the tables.
                 ceipSecTunnelHistTable 1.3.6.1.4.1.9.9.432.1.2.2 no-access
The IPsec Phase-2 Tunnel History Table. This table is conceptually a sliding window in which only the last 'N' entries are maintained, where 'N' is the value of the object 'ceipSecHistTableSize'. If the value of 'ceipSecHistTableSize' is 0, archiving of entries in this table is disabled.
                     ceipSecTunnelHistEntry 1.3.6.1.4.1.9.9.432.1.2.2.1 no-access
Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel.
                         ceipSecTunHistIndex 1.3.6.1.4.1.9.9.432.1.2.2.1.1 unsigned32 no-access
The index of the IPsec Phase-2 Tunnel History Table. The value of the index is a number which begins at one and is incremented with each tunnel that ends. The value of this object will wrap at 4,294,967,295.
                         ceipSecTunHistTermReason 1.3.6.1.4.1.9.9.432.1.2.2.1.2 integer read-only
The reason the IPsec Phase-2 Tunnel was terminated. Possible reasons include: 1 = other 2 = normal termination 3 = operator request 4 = peer delete request was received 5 = contact with peer was lost 6 = applicationInitiated (eg: L2TP requesting the termination) 7 = failure of extended authentication 8 = local failure occurred 9 = operator initiated check point request Enumeration: 'applicationInitiated': 6, 'normal': 2, 'xauthFailure': 7, 'operRequest': 3, 'peerLost': 5, 'checkPointReq': 9, 'other': 1, 'peerDelRequest': 4, 'seqNumRollOver': 8.
                         ceipSecTunHistActiveIndex 1.3.6.1.4.1.9.9.432.1.2.2.1.3 cipsecphase2tunnelindex read-only
The index of the previously active IPsec Phase-2 Tunnel. This object must correspond to an expired IPsec tunnel; hence this object may not assume the value of 0.
                         ceipSecTunHistLocalAddressType 1.3.6.1.4.1.9.9.432.1.2.2.1.4 inetaddresstype read-only
The type of the IP address of the local endpoint for the IPsec Phase-2 Tunnel.
                         ceipSecTunHistLocalAddress 1.3.6.1.4.1.9.9.432.1.2.2.1.5 inetaddress read-only
The IP address of the local endpoint for the IPsec Phase-2 Tunnel.
                         ceipSecTunHistRemoteAddressType 1.3.6.1.4.1.9.9.432.1.2.2.1.6 inetaddresstype read-only
The type of the IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
                         ceipSecTunHistRemoteAddress 1.3.6.1.4.1.9.9.432.1.2.2.1.7 inetaddress read-only
The IP address of the remote endpoint for the IPsec Phase-2 Tunnel.
                         ceipSecTunHistControlProtocol 1.3.6.1.4.1.9.9.432.1.2.2.1.8 cipseccontrolprotocol read-only
Identifies the protocol that was used to setup and administer Phase-2 IPsec tunnel.
                         ceipSecTunHistControlTunnelIndex 1.3.6.1.4.1.9.9.432.1.2.2.1.9 cipsecphase1tunnelindexorzero read-only
The index of the IPsec Phase-1 Tunnel that spawned this Phase-2 tunnel (in case of IKE, this value would refer to 'csikeTunIndex' in the 'csikeTunnelTable'). If the IPsec tunnel corresponding to this entry was setup manually, the value of this object should be zero.
                         ceipSecTunHistEncapMode 1.3.6.1.4.1.9.9.432.1.2.2.1.10 cipsecencapmode read-only
The encapsulation mode used by the IPsec Phase-2 Tunnel.
                         ceipSecTunHistNATTraversalMode 1.3.6.1.4.1.9.9.432.1.2.2.1.11 cipsecnattraversalmode read-only
The encapsulation used by the IPsec Phase-2 tunnel corresponding to this conceptual row for NAT traversal.
                         ceipSecTunHistLifeSize 1.3.6.1.4.1.9.9.432.1.2.2.1.12 unsigned32 read-only
The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes.
                         ceipSecTunHistLifeTime 1.3.6.1.4.1.9.9.432.1.2.2.1.13 unsigned32 read-only
The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds.
                         ceipSecTunHistStartTime 1.3.6.1.4.1.9.9.432.1.2.2.1.14 timestamp read-only
The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started.
                         ceipSecTunHistActiveTime 1.3.6.1.4.1.9.9.432.1.2.2.1.15 timeinterval read-only
The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds.
                         ceipSecTunHistTotalRefreshes 1.3.6.1.4.1.9.9.432.1.2.2.1.16 counter32 read-only
The total number of security association refreshes performed.
                         ceipSecTunHistTotalSas 1.3.6.1.4.1.9.9.432.1.2.2.1.17 counter32 read-only
The total number of security associations used during the life of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistInSaDHGrp 1.3.6.1.4.1.9.9.432.1.2.2.1.18 cipsecdiffhellmangrp read-only
The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistInSaEncryptAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.19 cipsecencryptalgorithm read-only
The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistInSaEncryptKeySize 1.3.6.1.4.1.9.9.432.1.2.2.1.20 cipsecencryptionkeysize read-only
The size in bits of the key which was negotiated to be used with the encryption transform used with this tunnel denoted by ceipSecTunHistInSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
                         ceipSecTunHistInSaAhAuthAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.21 cipsecauthalgorithm read-only
The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistInSaEspAuthAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.22 cipsecauthalgorithm read-only
The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistInSaDecompAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.23 cipseccompalgorithm read-only
The decompression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutSaDHGrp 1.3.6.1.4.1.9.9.432.1.2.2.1.24 cipsecdiffhellmangrp read-only
The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutSaEncryptAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.25 cipsecencryptalgorithm read-only
The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutSaEncryptKeySz 1.3.6.1.4.1.9.9.432.1.2.2.1.26 cipsecencryptionkeysize read-only
The size in bits of the key which was negotiated to be used with the encryption transform used with this tunnel denoted by ceipSecTunHistOutSaEncryptAlgo. For DES and 3DES the key size is respectively 56 and 168. For AES, this will denote the negotiated key size.
                         ceipSecTunHistOutSaAhAuthAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.27 cipsecauthalgorithm read-only
The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutSaEspAuthAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.28 cipsecauthalgorithm read-only
The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutSaCompAlgo 1.3.6.1.4.1.9.9.432.1.2.2.1.29 cipseccompalgorithm read-only
The compression algorithm used by the inbound security association of the IPsec Phase-2 Tunnel.
                         ceipSecTunHistPmtu 1.3.6.1.4.1.9.9.432.1.2.2.1.30 cipsecpmtu read-only
The Path MTU that was determined for this IPsec Phase-2 tunnel.
                         ceipSecTunHistInOctets 1.3.6.1.4.1.9.9.432.1.2.2.1.31 counter64 read-only
A high capacity count of the total number of octets received by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE determining whether or not the packet should be decompressed.
                         ceipSecTunHistInDecompOctets 1.3.6.1.4.1.9.9.432.1.2.2.1.32 counter64 read-only
A high capacity count of the total number of decompressed octets received by this IPsec Phase-2 Tunnel. This value is accumulated AFTER the packet is decompressed. If compression is not being used, this value will match the value of ceipSecTunInOctets.
                         ceipSecTunHistInPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.33 counter32 read-only
The total number of packets received by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistInDropPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.34 counter32 read-only
The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel. This count does NOT include packets dropped due to Anti-Replay processing.
                         ceipSecTunHistInReplayDropPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.35 counter32 read-only
The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistInAuths 1.3.6.1.4.1.9.9.432.1.2.2.1.36 counter32 read-only
The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistInAuthFails 1.3.6.1.4.1.9.9.432.1.2.2.1.37 counter32 read-only
The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel .
                         ceipSecTunHistInDecrypts 1.3.6.1.4.1.9.9.432.1.2.2.1.38 counter32 read-only
The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistInDecryptFails 1.3.6.1.4.1.9.9.432.1.2.2.1.39 counter32 read-only
The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutOctets 1.3.6.1.4.1.9.9.432.1.2.2.1.40 counter64 read-only
A high capacity count of the total number of octets sent by this IPsec Phase-2 Tunnel. This value is accumulated AFTER determining whether or not the packet should be compressed.
                         ceipSecTunHistOutUncompOctets 1.3.6.1.4.1.9.9.432.1.2.2.1.41 counter64 read-only
A high capacity count of the total number of uncompressed octets sent by this IPsec Phase-2 Tunnel. This value is accumulated BEFORE the packet is compressed. If compression is not being used, this value will match the value of 'ceipSecTunOutOctets'.
                         ceipSecTunHistOutPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.42 counter32 read-only
The total number of packets sent by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutDropPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.43 counter32 read-only
The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutAuths 1.3.6.1.4.1.9.9.432.1.2.2.1.44 counter32 read-only
The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutAuthFails 1.3.6.1.4.1.9.9.432.1.2.2.1.45 counter32 read-only
The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutEncrypts 1.3.6.1.4.1.9.9.432.1.2.2.1.46 counter32 read-only
The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutEncryptFails 1.3.6.1.4.1.9.9.432.1.2.2.1.47 counter32 read-only
The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel.
                         ceipSecTunHistOutCompressedPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.48 counter32 read-only
The total number of outbound packets which were successfully compressed.
                         ceipSecTunHistOutCompSkippedPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.49 counter32 read-only
The total number of outbound packets that were to be compressed but which were skipped due to the compression hysteresis.
                         ceipSecTunHistOutCompFailPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.50 counter32 read-only
The total number of outbound packets that failed compression because they grew in size after compression.
                         ceipSecTunHistOutCompSmallPkts 1.3.6.1.4.1.9.9.432.1.2.2.1.51 counter32 read-only
The total number of outbound packets that were to be compressed but were smaller than the compression threshold size.
                 ceipSecEndPtHistTable 1.3.6.1.4.1.9.9.432.1.2.3 no-access
The IPsec Phase-2 Tunnel Endpoint History Table. This table is conceptually a sliding window in which only the last 'N' entries are maintained, where 'N' is the value of the object 'ceipSecHistTableSize'. If the value of 'ceipSecHistTableSize' is 0, archiving of entries in this table is disabled.
                     ceipSecEndPtHistEntry 1.3.6.1.4.1.9.9.432.1.2.3.1 no-access
Each entry contains the attributes associated with a previously active IPsec Phase-2 Tunnel Endpoint.
                         ceipSecEndPtHistIndex 1.3.6.1.4.1.9.9.432.1.2.3.1.1 unsigned32 no-access
The number of the previously active Endpoint associated with a IPsec Phase-2 Tunnel Table. The value of this index is a number which begins at one and is incremented with each Endpoint associated with an IPsec Phase-2 Tunnel. The value of this object will wrap at 4,294,967,295.
                         ceipSecEndPtHistTunIndex 1.3.6.1.4.1.9.9.432.1.2.3.1.2 unsigned32 read-only
The index of the previously active IPsec Phase-2 Tunnel Table.
                         ceipSecEndPtHistActiveIndex 1.3.6.1.4.1.9.9.432.1.2.3.1.3 unsigned32 read-only
The index of the previously active Endpoint.
                         ceipSecEndPtHistLocalName 1.3.6.1.4.1.9.9.432.1.2.3.1.4 snmpadminstring read-only
The DNS name of the local Endpoint.
                         ceipSecEndPtHistLocalType 1.3.6.1.4.1.9.9.432.1.2.3.1.5 cipsecendpttype read-only
The type of identity for the local Endpoint.
                         ceipSecEndPtHistLocalAddrType1 1.3.6.1.4.1.9.9.432.1.2.3.1.6 inetaddresstype read-only
The type of the IP address for this local Endpoint's first IP address.
                         ceipSecEndPtHistLocalAddr1 1.3.6.1.4.1.9.9.432.1.2.3.1.7 inetaddress read-only
The local Endpoint's first IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet. If the local Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtLocalType.
                         ceipSecEndPtHistLocalAddrType2 1.3.6.1.4.1.9.9.432.1.2.3.1.8 inetaddresstype read-only
The type of the IP address for this local Endpoint's second IP address.
                         ceipSecEndPtHistLocalAddr2 1.3.6.1.4.1.9.9.432.1.2.3.1.9 inetaddress read-only
The local Endpoint's second IP address specification. If the local Endpoint type is single IP address, then this is the value of the IP address. If the local Endpoint type is IP subnet, then this is the value of the subnet mask. If the local Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtLocalType.
                         ceipSecEndPtHistLocalProtocol 1.3.6.1.4.1.9.9.432.1.2.3.1.10 ciscoipprotocol read-only
The protocol number of the local Endpoint's traffic.
                         ceipSecEndPtHistLocalPort 1.3.6.1.4.1.9.9.432.1.2.3.1.11 ciscoport read-only
The port number of the local Endpoint's traffic.
                         ceipSecEndPtHistRemoteName 1.3.6.1.4.1.9.9.432.1.2.3.1.12 snmpadminstring read-only
The DNS name of the remote Endpoint.
                         ceipSecEndPtHistRemoteType 1.3.6.1.4.1.9.9.432.1.2.3.1.13 cipsecendpttype read-only
The type of identity for the remote Endpoint.
                         ceipSecEndPtHistRemoteAddrType1 1.3.6.1.4.1.9.9.432.1.2.3.1.14 inetaddresstype read-only
The type of the IP address for this remote Endpoint's first IP address.
                         ceipSecEndPtHistRemoteAddr1 1.3.6.1.4.1.9.9.432.1.2.3.1.15 inetaddress read-only
The remote Endpoint's first IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet. If the remote Endpoint type is IP address range, then this is the value of beginning IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtRemoteType.
                         ceipSecEndPtHistRemoteAddrType2 1.3.6.1.4.1.9.9.432.1.2.3.1.16 inetaddresstype read-only
The type of the IP address for this remote Endpoint's second IP address.
                         ceipSecEndPtHistRemoteAddr2 1.3.6.1.4.1.9.9.432.1.2.3.1.17 inetaddress read-only
The remote Endpoint's second IP address specification. If the remote Endpoint type is single IP address, then this is the value of the IP address. If the remote Endpoint type is IP subnet, then this is the value of the subnet mask. If the remote Endpoint type is IP address range, then this is the value of ending IP address of the range. If the type is an IP address, a range or a subnet, the type of the address can be inferred from cceipSecEndPtRemoteType.
                         ceipSecEndPtHistRemoteProtocol 1.3.6.1.4.1.9.9.432.1.2.3.1.18 ciscoipprotocol read-only
The protocol number of the remote Endpoint's traffic.
                         ceipSecEndPtHistRemotePort 1.3.6.1.4.1.9.9.432.1.2.3.1.19 ciscoport read-only
The port number of the remote Endpoint's traffic.
             ceipSecFailures 1.3.6.1.4.1.9.9.432.1.3
                 ceipSecFailGlobal 1.3.6.1.4.1.9.9.432.1.3.1
                     ceipSecFailGlobalCntl 1.3.6.1.4.1.9.9.432.1.3.1.1
                         ceipSecFailTableSize 1.3.6.1.4.1.9.9.432.1.3.1.1.1 unsigned32 read-write
The window size of the IPsec Phase-2 Failure Table. The IPsec Phase-2 Failure Tables are implemented as a sliding window in which only the last N entries are maintained. This object is used specify the number of entries which will be maintained in the IPsec Phase-2 Failure Tables. An implementation may choose suitable minimum and maximum values for this element based on the local policy and available resources. If an SNMP SET request specifies a value outside this window for this element, an appropriate SNMP error vode must be returned. Setting this value to zero is equivalent to deleting all conceptual rows in the archiving table 'ceipSecFailTable' and disabling the archiving of entries in these tables.
                 ceipSecFailTable 1.3.6.1.4.1.9.9.432.1.3.2 no-access
The IPsec Phase-2 Failure Table. This table is implemented as a sliding window in which only the last n entries are maintained. The maximum number of entries is specified by the ceipSecFailTableSize object.
                     ceipSecFailEntry 1.3.6.1.4.1.9.9.432.1.3.2.1 no-access
Each entry contains the attributes associated with an IPsec Phase-1 failure.
                         ceipSecFailIndex 1.3.6.1.4.1.9.9.432.1.3.2.1.1 unsigned32 no-access
The IPsec Phase-2 Failure Table index. The value of the index is a number which begins at one and is incremented with each IPsec Phase-1 failure. The value of this object will wrap at 4,294,967,295.
                         ceipSecFailReason 1.3.6.1.4.1.9.9.432.1.3.2.1.2 integer read-only
The reason for the failure. Possible reasons include: 1 = other 2 = internal error occurred 3 = peer encoding error 4 = proposal failure 5 = protocol use failure 6 = non-existent security association 7 = decryption failure 8 = encryption failure 9 = inbound authentication failure 10 = outbound authentication failure 11 = compression failure 12 = system capacity failure 13 = peer delete request was received 14 = contact with peer was lost 15 = sequence number rolled over 16 = operator requested termination 17 = performance utilization exceeding the threshold. Enumeration: 'sysCapExceeded': 12, 'encryptFailure': 8, 'inAuthFailure': 9, 'peerEncodingError': 3, 'decryptFailure': 7, 'internalError': 2, 'proposalFailure': 4, 'operRequest': 16, 'peerLost': 14, 'performanceUtilization': 17, 'other': 1, 'peerDelRequest': 13, 'protocolUseFail': 5, 'nonExistentSa': 6, 'seqNumRollOver': 15, 'outAuthFailure': 10, 'compression': 11.
                         ceipSecFailTime 1.3.6.1.4.1.9.9.432.1.3.2.1.3 timestamp read-only
The value of sysUpTime in hundredths of seconds at the time of the failure.
                         ceipSecFailTunnelIndex 1.3.6.1.4.1.9.9.432.1.3.2.1.4 cipsecphase2tunnelindex read-only
The Phase-2 Tunnel index (ceipSecTunIndex). If this conceptual row corresponds to an operation failure (that is, the failure of an established Phase-2 IPsec tunnel), then the value of this object may not be zero.
                         ceipSecFailSaSpi 1.3.6.1.4.1.9.9.432.1.3.2.1.5 cipsecspi read-only
The security association SPI value. If this conceptual row corresponds to a setup failure (failure to establish the tunnel), the value of this MIB object is undefined.
                         ceipSecFailPktSrcAddressType 1.3.6.1.4.1.9.9.432.1.3.2.1.6 inetaddresstype read-only
The type of the packet's source IP address.
                         ceipSecFailPktSrcAddress 1.3.6.1.4.1.9.9.432.1.3.2.1.7 inetaddress read-only
The packet's source IP address.
                         ceipSecFailPktDstAddressType 1.3.6.1.4.1.9.9.432.1.3.2.1.8 inetaddresstype read-only
The type of the packet's destination IP address.
                         ceipSecFailPktDstAddress 1.3.6.1.4.1.9.9.432.1.3.2.1.9 inetaddress read-only
The packet's destination IP address.
             ceipSecNotificationCntl 1.3.6.1.4.1.9.9.432.1.5
                 ceipSecNotiCntlIpSecAllNotifs 1.3.6.1.4.1.9.9.432.1.5.1 truthvalue read-write
This object sending any notification defined in this MIB module. That is, a particular notification 'foo' defined in this MIB module is enabled if and only if the expression (ceipSecNotiCntlIpSecAllNotifs && ceipSecNotiCntl) evaluates to 'true', where ceipSecNotiCntl is a notification defined in this MIB module.
                 ceipSecNotifCntlIpSecTunnelStart 1.3.6.1.4.1.9.9.432.1.5.2 truthvalue read-write
This object defines the administrative state of sending the IPsec Phase-2 Tunnel Start TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowTunnelStart' is enabled.
                 ceipSecNotifCntlIpSecTunnelStop 1.3.6.1.4.1.9.9.432.1.5.3 truthvalue read-write
This object defines the administrative state of sending the IPsec Phase-2 Tunnel Stop TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowTunnelStop' is enabled.
                 ceipSecNotifCntlIpSecSysFailure 1.3.6.1.4.1.9.9.432.1.5.4 truthvalue read-write
This object defines the administrative state of sending the IPsec Phase-2 System Failure TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowSysFailure' is enabled.
                 ceipSecNotifCntlIpSecSetUpFail 1.3.6.1.4.1.9.9.432.1.5.5 truthvalue read-write
This object defines the administrative state of sending the IPsec Phase-2 Set Up Failure TRAP. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowSetupFail' is enabled.
                 ceipSecNotifCntlIpSecBadSa 1.3.6.1.4.1.9.9.432.1.5.6 truthvalue read-write
This object defines the administrative state of sending the IPsec Phase-2 No Security Association trap. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowBadSa' is enabled.
                 ceipSecNotifCntlCertExpiry 1.3.6.1.4.1.9.9.432.1.5.7 truthvalue read-write
This object defines the administrative state of sending the IPSec certificate expiry notification. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowCertExpiry' is enabled, otherwise notification 'ciscoEnhIpsecFlowCertExpiry' is disabled.
                 ceipSecNotifCntlCertRenewal 1.3.6.1.4.1.9.9.432.1.5.8 truthvalue read-write
This object defines the administrative state of sending the IPSec X.509 certificate renewal status notification. If the value of this object is 'true', the issuing of the notification 'ciscoEnhIpsecFlowCertRenewal' is enabled, otherwise notification 'ciscoEnhIpsecFlowCertRenewal' is disabled.
             ceipSecCertNotification 1.3.6.1.4.1.9.9.432.1.6
                 ceipSecCertSubjectName 1.3.6.1.4.1.9.9.432.1.6.1 snmpadminstring read-only
This object provides the subject name from the X.509 certificate, or the alternate subject name if it is available. The subject name is formatted as a character string matching the output of a ssh-certview command-line application, except that the application sending the notification may limit the string length. Example Subject Name: C=US, OU=DEV, CN=Test-01 Example Subject Alternative Name: 2001:0022:0022:0020:0000:0000:0000:0102
                 ceipSecCertSerialNumber 1.3.6.1.4.1.9.9.432.1.6.2 snmpadminstring read-only
This object provides the serial number from the X.509 certificate. The serial number is formatted as a character string matching the output of a ssh-certview command-line application. The issuer name and the serial number identify a unique certificate. Example: 1000655533
                 ceipSecCertIssuerName 1.3.6.1.4.1.9.9.432.1.6.3 snmpadminstring read-only
This object provides the issuer name from the X.509 certificate. The issuer name is formatted as a character string matching the output of a ssh-certview command-line application, except that the application sending the notification may limit the string length. The issuer name and the serial number identify a unique certificate. Example: C=US, O=Cisco, OU=MITG, CN=Lnx-Insta-RootCA-1
                 ceipSecCertExpiryTime 1.3.6.1.4.1.9.9.432.1.6.4 snmpadminstring read-only
This object provides the validity notAfter time from the X.509 certificate. The notAfter time is the time after which the certificate is not valid. The time is formatted as a character string matching the output of a ssh-certview command-line application. Example: 2012 Apr 14th, 19:01:45 GMT
                 ceipSecCertRenewalStatus 1.3.6.1.4.1.9.9.432.1.6.5 integer read-only
This object provides the renewal status of the X.509 certificate on the application sending the notification. renewalNotNeeded(1) = certificate is OK and does not need to be renewed renewalRequestNeeded(2) = certificate renewal request is needed renewalRequested(3) = certificate renewal has been requested and the renewal process is proceeding renewalSuccess(4) = certificate has been renewed and will be OK (renewalNotNeeded) renewalFailedUpdate(5) = certificate renewal failed, but certificate is still usable until the validity expiration time provided in the notification, or otherwise restricted by the application renewalFailedExpired(6) = certificate is no longer valid, the current time is after the certificate's validity notAfter time, which is provided in this notification Enumeration: 'renewalRequestNeeded': 2, 'renewalFailedUpdate': 5, 'renewalNotNeeded': 1, 'renewalFailedExpired': 6, 'renewalRequested': 3, 'renewalSuccess': 4.
                 ceipSecCertExpiryStatus 1.3.6.1.4.1.9.9.432.1.6.6 integer read-only
This object provides the expiration status of the X.509 certificate on the application sending the notification. The notification is sent when the value of this object is changed from certOK(1) to certGoingExpired(2). certOK(1) = certificate is OK and is not within the configured time threshold for going to expire certGoingExpired(2) = certificate is within the configured time threshold for going to expire certExpired(3) = certificate has expired, the current time is after the certificate's validity notAfter time Enumeration: 'certOK': 1, 'certGoingExpired': 2, 'certExpired': 3.
         ciscoEnhancedIpsecFlowMIBConform 1.3.6.1.4.1.9.9.432.2
             ciscoEnhIPsecFlowMIBCompliances 1.3.6.1.4.1.9.9.432.2.1
                 ciscoEnhIPsecFlowMIBCompliance 1.3.6.1.4.1.9.9.432.2.1.1
The compliance statement for SNMP entities pertaining to Phase-2 of IP Security Protocol.
                 ciscoEnhIPsecFlowMIBComplianceRev1 1.3.6.1.4.1.9.9.432.2.1.2
The compliance statement for SNMP entities pertaining to Phase-2 of IP Security Protocol.
                 ciscoEnhIPsecFlowMIBComplianceRev2 1.3.6.1.4.1.9.9.432.2.1.3
The compliance statement for SNMP entities pertaining to Phase-2 of IP Security Protocol.
             ciscoIPsecFlowMIBGroups 1.3.6.1.4.1.9.9.432.2.2
                 ciscoEnhIPsecFlowActivityGroup 1.3.6.1.4.1.9.9.432.2.2.1
This group consists of: 1) IPsec Phase-2 Global Statistics 2) IPsec Phase-2 Tunnel Table 3) IPsec Phase-2 Endpoint Table 4) IPsec Phase-2 Security Association Table
                 ciscoEnhIPsecFlowCoreHistGroup 1.3.6.1.4.1.9.9.432.2.2.2
This group consists of the core (mandatory) objects pertaining to maintaining history of IPsec activity.
                 ciscoEnhIPsecFlowHistoryGroup 1.3.6.1.4.1.9.9.432.2.2.3
This group consists of objects that pertain to maintenance of history of IPsec Phase 2 activity.
                 ciscoEnhIPsecFlowCoreFailGroup 1.3.6.1.4.1.9.9.432.2.2.4
This group consists of the core (mandatory) objects pertaining to maintaining history of failure IPsec activity.
                 ciscoEnhIPsecFlowFailureGroup 1.3.6.1.4.1.9.9.432.2.2.5
This group consists of objects that pertain to maintenance of history of failures associated with Phase 2 IPsec activity.
                 ciscoEnhIPsecFlowNotifCntlGroup 1.3.6.1.4.1.9.9.432.2.2.6
This group of objects controls the sending of notifications pertaining to IPsec Phase-2 processing.
                 ciscoEnhIPsecFlowNotifGroup 1.3.6.1.4.1.9.9.432.2.2.7
This group contains the notifications pertaining to Phase-2 operations and data transfer.
                 ciscoEnhIPsecFlowTunnelSaGroup 1.3.6.1.4.1.9.9.432.2.2.8
This group consists of the Phase-2 IPsec tunnel Security Association and traffic information.
                 ciscoEnhIPsecFlowNotifCntlGroupSup01 1.3.6.1.4.1.9.9.432.2.2.9
This supplement group of objects controls the sending of X.509 certificate IPSec notifications.
                 ciscoEnhIPsecFlowNotifGroupSup01 1.3.6.1.4.1.9.9.432.2.2.10
This supplement group contains the X.509 certificate notifications for the IPSec MIB.
                 ciscoEnhIPsecFlowCertObjectGroup 1.3.6.1.4.1.9.9.432.2.2.11
This group consists of objects to support X.509 certificates.
                 ciscoEnhIPsecFlowPerformanceThroughputGroup 1.3.6.1.4.1.9.9.432.2.2.12
This group consists of objects to show the the performance utilization.