-- Copyright (C) 2008-2014 Super Micro Computer Inc. All Rights Reserved

-- $Id: fsvpnpolicy.mib,v 1.12 2012/11/07 12:19:22 siva Exp $
   FS-VPNPOLICY-MIB DEFINITIONS ::= BEGIN

   IMPORTS
        enterprises, MODULE-IDENTITY,
        OBJECT-TYPE, Integer32,
        Counter32
            FROM SNMPv2-SMI
        InterfaceIndexOrZero
            FROM IF-MIB
        RowStatus, DisplayString
            FROM SNMPv2-TC
        InetAddressType, InetAddress,
        InetAddressPrefixLength
            FROM INET-ADDRESS-MIB;

   fsVpnPolicy MODULE-IDENTITY
           LAST-UPDATED    "201209050000Z"
           ORGANIZATION "Super Micro Computer Inc."
           CONTACT-INFO "support@Supermicro.com"
	   DESCRIPTION
               "The MIB module that describes managed objects of
                general use by the IPSEC Protocol."
	   REVISION "201209050000Z"
           DESCRIPTION
               "The MIB module that describes managed objects of
                general use by the IPSEC Protocol."

   ::= { enterprises supermicro-computer-inc(10876) super-switch(101) basic(1) 143 }

   -- Top level components of this MIB module.

   fsVpnObjects  OBJECT IDENTIFIER ::= { fsVpnPolicy 1 }
   fsVpnScalars  OBJECT IDENTIFIER ::= { fsVpnPolicy 2 }

   -- Start of VPN scalrs

    fsVpnGlobalStatus  OBJECT-TYPE
    SYNTAX  INTEGER {
        enable      (1),
        disable     (2)
    }

    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
      "This object enables/disables the IPSEC processing
      administratively. By Default it is set to disable"
    DEFVAL { disable }
    ::= { fsVpnScalars 1 }

   -- VPN global statistics
   fsVpnMaxTunnels OBJECT-TYPE
      SYNTAX       Integer32
      MAX-ACCESS   read-only
      STATUS       current
      DESCRIPTION  "Number of Maximum Tunnels supported by the VPN Module."
      ::= { fsVpnScalars 2 }

   fsVpnIpPktsIn  OBJECT-TYPE
      SYNTAX      Counter32
      MAX-ACCESS  read-only
      STATUS      current
      DESCRIPTION "Total Number of Incoming Packets through VPN Module."
      ::= { fsVpnScalars 3 }

   fsVpnIpPktsOut  OBJECT-TYPE
      SYNTAX       Counter32
      MAX-ACCESS   read-only
      STATUS       current
      DESCRIPTION  "Total Number of Outgoing Packets through VPN Module."
      ::= { fsVpnScalars 4 }

   fsVpnPktsSecured OBJECT-TYPE
      SYNTAX        Counter32
      MAX-ACCESS    read-only
      STATUS        current
      DESCRIPTION   "Total Number of Packets Secured by VPN module."
      ::= { fsVpnScalars 5 }

   fsVpnPktsDropped OBJECT-TYPE
      SYNTAX        Counter32
      MAX-ACCESS    read-only
      STATUS        current
      DESCRIPTION   "Total Number of Packets Dropped by VPN module."
      ::= { fsVpnScalars 6 }

   fsVpnIkeSAsActive OBJECT-TYPE
      SYNTAX         Counter32
      MAX-ACCESS     read-only
      STATUS         current
      DESCRIPTION    "Number of Active IKE Security Associations
                     in VPN module."
      ::= { fsVpnScalars 7 }

   fsVpnIkeNegotiations OBJECT-TYPE
      SYNTAX            Counter32
      MAX-ACCESS        read-only
      STATUS            current
      DESCRIPTION       "Total number of IKE Security associations negotiated
                        in VPN Module."
      ::= { fsVpnScalars 8 }

   fsVpnIkeRekeys       OBJECT-TYPE
      SYNTAX            Counter32
      MAX-ACCESS        read-only
      STATUS            current
      DESCRIPTION       "Total number of IKE security associations Re-Keyed."
      ::= { fsVpnScalars 9 }

   fsVpnIkeNegoFailed   OBJECT-TYPE
      SYNTAX            Counter32
      MAX-ACCESS        read-only
      STATUS            current
      DESCRIPTION       "Total number of failed IKE security association negotiations."
      ::= { fsVpnScalars 10 }

   fsVpnIPSecSAsActive OBJECT-TYPE
      SYNTAX           Counter32
      MAX-ACCESS       read-only
      STATUS           current
      DESCRIPTION      "Number of Active IPSec Security Associations
                       in VPN Module."
      ::= { fsVpnScalars 11 }

   fsVpnIPSecNegotiations OBJECT-TYPE
      SYNTAX              Counter32
      MAX-ACCESS          read-only
      STATUS              current
      DESCRIPTION         "Number of Negotiated IPSec Security Associations
                          in VPN Module."
      ::= { fsVpnScalars 12 }

   fsVpnIPSecNegoFailed  OBJECT-TYPE
      SYNTAX             Counter32
      MAX-ACCESS         read-only
      STATUS             current
      DESCRIPTION        "Number of failed IPSec security association
                          negotiations."
      ::= { fsVpnScalars 13 }

   fsVpnTotalRekeys     OBJECT-TYPE
      SYNTAX            Counter32
      MAX-ACCESS        read-only
      STATUS            current
      DESCRIPTION       "Total Number of security associations Re-Keyed."
      ::= { fsVpnScalars 14 }

    fsVpnRaServer  OBJECT-TYPE
        SYNTAX  INTEGER {
		    disable     (0),
            enable      (1)
                        }

        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "This object enables/disables the RAVPN server.
            By Default it is set to enable(ie. Router will act as
            RAVPN Server)"
        DEFVAL { enable }
        ::= { fsVpnScalars 15 }

    fsVpnDummyPktGen OBJECT-TYPE
        SYNTAX  INTEGER {
            enable (1),
            disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "This object is to enable/disable the dummy packet generation.
             Dummy Packet generation is part of Traffic Flow confidentiality
             and involves generation of packets with next header value 59. 
             The packets generated are not processed by the peer."
        DEFVAL { disable }
        ::= { fsVpnScalars 16 }

    fsVpnDummyPktParam OBJECT-TYPE
        SYNTAX  Integer32 (1..100)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is to specify the length of the Dummy packet."
        DEFVAL { 25 }
        ::= { fsVpnScalars 17 }


      fsIkeTraceOption OBJECT-TYPE
           SYNTAX      Integer32
           MAX-ACCESS  read-write
           STATUS      current
           DESCRIPTION
             "This object is used to enable Trace Statements in
             Ike Module.

             A FOUR BYTE integer is used for enabling the level of tracing.
             Each BIT in the four byte integer, represents a particular
             level of Trace.
            
            To Set the trace level for Ike.
            BIT 0 - Initialisation and Shutdown Trace.
            BIT 1 - Management trace.
            BIT 2 - Data path trace.
            BIT 3 - Control Plane trace.
            BIT 4 - Packet Dump.
            BIT 5 - OS Resource trace.
            BIT 6 - All Failure trace (All failures including Packet Validation)
            BIT 7 - Buffer Trace.

            Note: BIT 0 - Least significant bit
                  BIT 7 - Most significant bit

            For example, setting the trace level to the value -0001 0101,
            will enable Init-Shutdown, data path and packet dump trace levels.

            Setting all the bits will enable all the trace levels and
            resetting them will disable all the trace levels."        
        DEFVAL  { 0 }
        ::= { fsVpnScalars 18 }

      fsIpsecTraceOption OBJECT-TYPE
           SYNTAX      Integer32
           MAX-ACCESS  read-write
           STATUS      current
           DESCRIPTION
             "This object is used to enable Trace Statements in
             Ipsec Module.

             A FOUR BYTE integer is used for enabling the level of tracing.
             Each BIT in the four byte integer, represents a particular
             level of Trace.

            To Set the trace level for Ike.
            BIT 0 - Initialization and Shutdown Trace.
            BIT 1 - Management trace.
            BIT 2 - Data path trace.
            BIT 3 - Control Plane trace.
            BIT 4 - Packet Dump.
            BIT 5 - OS Resource trace.
            BIT 6 - All Failure trace (All failures including Packet Validation)
            BIT 7 - Buffer Trace.

            Note: BIT 0 - Least significant bit
                  BIT 7 - Most significant bit

            For example, setting the trace level to the value -0001 0101,
            will enable Init-Shutdown, data path and packet dump trace levels.

            Setting all the bits will enable all the trace levels and
            resetting them will disable all the trace levels."

        DEFVAL  { 0 }
        ::= { fsVpnScalars 19 }


   -- End of scalars

   -- VPN policy table BEGIN

   fsVpnTable  OBJECT-TYPE
      SYNTAX   SEQUENCE OF FsVpnEntry
      MAX-ACCESS   not-accessible
      STATUS   current
      DESCRIPTION
          "This table contains the VPN association
           between a source and destination. It is
           consulted for authentication and ciphering of
           inbound and outbound datagrams. Datagrams which
           are forwarded by this entity are not authenticated."
      ::= { fsVpnObjects 1 }

   fsVpnEntry  OBJECT-TYPE
       SYNTAX  FsVpnEntry
       MAX-ACCESS  not-accessible
       STATUS  current
       DESCRIPTION
          "Each entry is a unique parameter to identify the mapping between
           a particular source and destination address. The
           entry specifies the authentication algorithm and
           key to use, the direction of authentication
           (inbound or outbound) and a Security Parameter
           Index (SPI),tunnel termination addresses, local network and
           remote network. Updating the table elements is not allowed when
           the row is active"
       INDEX   { fsVpnPolicyName }
       ::= { fsVpnTable 1 }

   FsVpnEntry  ::=
       SEQUENCE {
         fsVpnPolicyName                       DisplayString,

         fsVpnPolicyType                       INTEGER,
         fsVpnPolicyPriority                   Integer32,

         fsVpnTunTermAddrType                  InetAddressType,
         fsVpnLocalTunTermAddr                 InetAddress,
         fsVpnRemoteTunTermAddr                InetAddress,
         fsVpnProtectNetworkType               InetAddressType,
         fsVpnLocalProtectNetwork              InetAddress,
         fsVpnLocalProtectNetworkPrefixLen     InetAddressPrefixLength,
         fsVpnRemoteProtectNetwork             InetAddress,
         fsVpnRemoteProtectNetworkPrefixLen    InetAddressPrefixLength,
         fsVpnIkeSrcPortRange                  DisplayString,
         fsVpnIkeDstPortRange                  DisplayString,

         fsVpnSecurityProtocol                 INTEGER,
         fsVpnInboundSpi                       Integer32,
         fsVpnOutboundSpi                      Integer32,
         fsVpnMode                             INTEGER,
         fsVpnAuthAlgo                         INTEGER,
         fsVpnAhKey                            OCTET STRING,
         fsVpnEncrAlgo                         INTEGER,
         fsVpnEspKey                           OCTET STRING,
         fsVpnAntiReplay                       INTEGER,

         fsVpnPolicyFlag                       INTEGER,
         fsVpnProtocol                         INTEGER,
         fsVpnPolicyIntfIndex                  InterfaceIndexOrZero,

         fsVpnIkePhase1HashAlgo                INTEGER,
         fsVpnIkePhase1EncryptionAlgo          INTEGER,
         fsVpnIkePhase1DHGroup                 INTEGER,
         fsVpnIkePhase1LocalIdType             INTEGER,
         fsVpnIkePhase1LocalIdValue            DisplayString,
         fsVpnIkePhase1PeerIdType              INTEGER,
         fsVpnIkePhase1PeerIdValue             DisplayString,
         fsVpnIkePhase1LifeTimeType            INTEGER,
         fsVpnIkePhase1LifeTime                Integer32,
         fsVpnIkePhase1Mode                    INTEGER,

         fsVpnIkePhase2AuthAlgo                INTEGER,
         fsVpnIkePhase2EspEncryptionAlgo       INTEGER,
         fsVpnIkePhase2LifeTimeType            INTEGER,
         fsVpnIkePhase2LifeTime                Integer32,
         fsVpnIkePhase2DHGroup                 INTEGER ,

         fsVpnIkeVersion                       INTEGER,
         fsVpnCertAlgoType                     INTEGER,

         fsVpnPolicyRowStatus                  RowStatus
   }

   fsVpnPolicyName  OBJECT-TYPE
       SYNTAX      DisplayString (SIZE (0..50))

       MAX-ACCESS  not-accessible
       STATUS  current
       DESCRIPTION
           "This is the index for accessing Ip Security table entries."
       ::= { fsVpnEntry 1 }

   fsVpnPolicyType  OBJECT-TYPE
        SYNTAX  INTEGER {
                  ipsecManual (1),
                  ikePresharedkey (2),
                  ikeCertificate(3),
                  xauth (4),
                  raVpnPresharedKey (5)
        }
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
            "An entity to identify the type of policy"
        ::= { fsVpnEntry 2 }

   fsVpnPolicyPriority OBJECT-TYPE
         SYNTAX  Integer32 (1..2147483647)
         MAX-ACCESS  read-write
         STATUS  current
         DESCRIPTION
             "An entity to identify the priority of the Policy"
         ::= { fsVpnEntry 3 }

   fsVpnTunTermAddrType  OBJECT-TYPE
       SYNTAX  InetAddressType
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
           "The tunnel termination IP address type. This object support only
           ipv4(1), ipv6(2) values."
       ::= { fsVpnEntry 4 }

   fsVpnLocalTunTermAddr  OBJECT-TYPE
       SYNTAX  InetAddress
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
           "This address is matched with the
            local address in the packet during
            authentication of inbound and outbound datagrams."
       ::= { fsVpnEntry 5 }

   fsVpnRemoteTunTermAddr OBJECT-TYPE
         SYNTAX  InetAddress
         MAX-ACCESS  read-write
         STATUS  current
         DESCRIPTION
             "This address is matched with the
              destination address in the packet during
              authentication of inbound and outbound datagrams."
         ::= { fsVpnEntry 6 }

   fsVpnProtectNetworkType OBJECT-TYPE
         SYNTAX  InetAddressType
         MAX-ACCESS  read-write
         STATUS  current
         DESCRIPTION
             "The local protected network address type. This object support
             only ipv4(1), ipv6(2) values."
         ::= { fsVpnEntry 7 }

   fsVpnLocalProtectNetwork OBJECT-TYPE
         SYNTAX  InetAddress
         MAX-ACCESS  read-write
         STATUS  current
         DESCRIPTION
             "This address is used in identifying the source
              network for a given VPN policy."
         ::= { fsVpnEntry 8 }

   fsVpnLocalProtectNetworkPrefixLen OBJECT-TYPE
         SYNTAX  InetAddressPrefixLength
         MAX-ACCESS  read-write
         STATUS  current
         DESCRIPTION
          "The length of the local protected network prefix."
         ::= { fsVpnEntry 9 }

   fsVpnRemoteProtectNetwork OBJECT-TYPE
         SYNTAX  InetAddress
         MAX-ACCESS  read-write
         STATUS  current
         DESCRIPTION
           "This address is used in identifying the
            destination network for a given VPN policy."
         ::= { fsVpnEntry 10 }

   fsVpnRemoteProtectNetworkPrefixLen OBJECT-TYPE
         SYNTAX  InetAddressPrefixLength
         MAX-ACCESS  read-write
         STATUS  current
         DESCRIPTION
           "The length of the remote protected network prefix."
         ::= { fsVpnEntry 11 }

   fsVpnIkeSrcPortRange OBJECT-TYPE
      SYNTAX      DisplayString(SIZE (1..11))
      MAX-ACCESS  read-write
      STATUS  current
      DESCRIPTION
         "This object specifies the Source port range for the
          Traffic Selectors for IKEv2."
    ::= { fsVpnEntry 12 }

   fsVpnIkeDstPortRange OBJECT-TYPE
      SYNTAX      DisplayString(SIZE (1..11))
      MAX-ACCESS  read-write
      STATUS  current
      DESCRIPTION
         "This object specifies the Destination port range for the
          Traffic Selectors for IKEv2."
    ::= { fsVpnEntry 13 }

   fsVpnSecurityProtocol  OBJECT-TYPE
       SYNTAX  INTEGER {
           espproto(50),
           ahproto(51)
       }
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
           "Security protocol header used for authentication
           (AH) or (ESP)."
       ::= { fsVpnEntry 14 }

   fsVpnInboundSpi  OBJECT-TYPE
       SYNTAX  Integer32 (256 ..2147483647)
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
           "This is an arbitrary 32-bit value identifying
            the security association for this datagram. This
            also indicates the SPI for the inbound direction.
            The Security Parameter Index value 0 is reserved to
            Indicate that 'no security association exists'.
            The set of Security Parameters Index values
            In the range 1 through 255 are reserved to
            the IANA for future use. Any SPI value greater
            than 255 can be configured. This entity is used only for
            IPSEC-Manual"
       ::= { fsVpnEntry 15 }

   fsVpnOutboundSpi  OBJECT-TYPE
         SYNTAX  Integer32 (256 ..2147483647)
         MAX-ACCESS  read-write
         STATUS  current
         DESCRIPTION
             "This is an arbitrary 32-bit value identifying
              the security association for this datagram. This
              also indicates the SPI for the outbound direction. The
              Security Parameter Index value 0 is reserved to
              Indicate that 'no security association exists'.
              The set of Security Parameters Index values
              In the range 1 through 255 are reserved to
              the IANA for future use. Any SPI value greater
              than 255 can be configured. This entity is used only for
              IPSEC-Manual"
         ::= { fsVpnEntry 16 }

   fsVpnMode  OBJECT-TYPE
       SYNTAX  INTEGER {
                 tunnel (1),   -- tunnel mode
                 transport (2) -- transport mode
                       }
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
           "The supporting security association mode
            The security association mode must be  configured as
            tunnel for a security gateway.
            A Host can be configured both
            in transport and tunnel mode"
                ::= { fsVpnEntry 17 }


   fsVpnAuthAlgo  OBJECT-TYPE
       SYNTAX  INTEGER  {
            hmacmd5   (1),
            hmacsha1  (2),
	    xcbcmac (5),
            hmacsha256 (12),
            hmacsha384 (13),
            hmacsha512 (14)
       }
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
           " The authentication algorithm configured for
             the particular security association entry.
             Setting the algorithm to hmac-md5 (3),
             hmac-sha1(4),xcbcmac(5),hmac-sha-256(12),hmac-sha-384(13)
             and hmac-sha-512(14) requires a key for 
             authentication. This entity is used only for IPSEC-Manual "
       ::= { fsVpnEntry 18 }

   fsVpnAhKey  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE (0..64))
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
            "This is the key used for authentication
             when the algorithm configured is either
             hmac-md5 , hmac-sha1 ,xcbcmac,hmac-sha-256(12),hmac-sha-384(13)
             or hmac-sha-512(14).For HmacMd5and xcbcmac
             the key must be 16 bytes, for HmacSha1 the fixed size 
             for key is 20 bytes, for HmacSha256 the fixed size
             for key is 32 bytes, for HmacSha384 the fixed size
             for key is 48 bytes, for HmacSha512 the fixed size
             for key is 64 bytes. This entity is used only for
             IPSEC-Manual"
       ::= { fsVpnEntry 19 }

   fsVpnEncrAlgo  OBJECT-TYPE
       SYNTAX  INTEGER  {
                   descbc        (4),
                   tripledescbc  (5),
                   aes128       (12),
                   aes192       (13),
                   aes256       (14)
                 }
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
          "The algorithm to be used for Encapsulation
           Security Payload (ESP) Header. This object is to
           be configured only if the Security protocol to be
           used is ESP. This entity is used only for IPSEC-Manual.

           DES - Specifies to use Data Encryption Standard (DES) for encryption.
           3DES - Specifies to use Triple Data Encryption Standard (3DES) for
           encryption.
           AES - Specifies to use Advanced Encryption Standard (AES) with a
           128-bit key for encryption.
           AES-192 - Specifies to use AES with a 192-bit key for encryption.
           AES-256 - Specifies to use AES with a 256-bit key for encryption.
           "
       ::= { fsVpnEntry 20 }

   fsVpnEspKey  OBJECT-TYPE
       SYNTAX  OCTET STRING (SIZE(0..256))
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
            "This is the key used for encryption/decryption
             when the algorithm configured is either
             descbc,3descbc or aes128,aes192 or aes256.For
             3descbc this object is used for configuring the first
             key. This entity is used only for IPSEC-Manual"
       ::= { fsVpnEntry 21 }

   fsVpnAntiReplay  OBJECT-TYPE
       SYNTAX  INTEGER {
           enable (1),
           disable (2)
       }
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
           "The object is used for activating the anti
            replay functionality of the security protocols.
            This entity is used only for IPSEC-Manual"
       DEFVAL { enable }
       ::= { fsVpnEntry 22 }

   fsVpnPolicyFlag  OBJECT-TYPE
           SYNTAX  INTEGER {
               filter (1),  -- drops the packet
               apply (3),   -- applies IPSEC on the packet
               bypass (4)  -- bypasses the IPSEC for the packet
           }
           MAX-ACCESS  read-write
           STATUS  current
           DESCRIPTION
               "The choices that can be applied on
                any outbound/inbound datagrams."
           ::= { fsVpnEntry 23 }

   fsVpnProtocol  OBJECT-TYPE
         SYNTAX  INTEGER {
                   icmpv4      (1),
                   tcp         (6),
                   udp         (17),
                   espproto    (50),
                   ahproto     (51),
				   icmpv6      (58),
                   any         (9000)
         }
         MAX-ACCESS  read-write
         STATUS  current
         DESCRIPTION
             "The Proto index value which uniquely identifies
      the protocol for which this Selector Table entry
      exists.In case of no specific protocol any can be
      used whose value is assigned as 9000"
         ::= { fsVpnEntry 24 }


   fsVpnPolicyIntfIndex  OBJECT-TYPE
        SYNTAX      InterfaceIndexOrZero
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "This is the interface for which the VPN policy is to be applied.
            The value zero indicates interface is not configured yet."
             ::= { fsVpnEntry 25 }

   fsVpnIkePhase1HashAlgo  OBJECT-TYPE
      SYNTAX  INTEGER {
                          md5(1),
                          sha1(2),
                          sha256(12),
                          sha384(13),
                          sha512(14)
                      }

      MAX-ACCESS      read-write
      STATUS           current
      DESCRIPTION
          "SHA - Specifies to use Secure Hash Algorithm (SHA) as the hash
          algorithm. SHA1 produces 160-bit hash values, SHA256 produces 256-bit
          hash values, SHA384 produces 384-bit hash values, SHA512 produces 
          512-bit hash values, which are longer than MD5. SHA is generally 
          considered more secure and is the recommended hash algorithm.

          MD5 - Specifies to use Message Digest 5 (MD5) as the hash algorithm.
          MD5 produces a 128-bit hash values.
          "
      DEFVAL { 2 }
      ::= { fsVpnEntry 26 }

   fsVpnIkePhase1EncryptionAlgo  OBJECT-TYPE
   SYNTAX  INTEGER {
                       descbc(4),
                       tripledescbc(5),
                       aes128(12),
                       aes192(13),
                       aes256(14)
                   }

   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "Specifies which encryption algorithm should be used in Policy
        negotiation"
   DEFVAL { 4 }
   ::= { fsVpnEntry 27 }

   fsVpnIkePhase1DHGroup      OBJECT-TYPE
   SYNTAX  INTEGER {
                       group1(1),
                       group2(2),
                       group5(5),
                       group14(14)
                   }

   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "Diffie-Hellman (DH) is a public key cryptography protocol that enables
       two parties to establish a shared secret over unsecured communications
       channels. It will be used in Internet Key Exchange (IKE) to establish
       session keys.

       GROUP_1 - Specifies to use 768-bit Diffie-Hellman Group 1 cryptography.
       GROUP_2 - Specifies to use 1024-bit Diffie-Hellman Group 2 cryptography.
       GROUP_5 - Specifies to use 1536-bit Diffie-Hellman Group 5 cryptography.
       GROUP_14 - Specifies to use 2048-bit Diffie-Hellman Group 14 cryptography.
       "
   DEFVAL { group2 }
   ::= { fsVpnEntry 28 }

   fsVpnIkePhase1LocalIdType OBJECT-TYPE
   SYNTAX   INTEGER {
                       ipv4(1),
                       fqdn(2),
                       email(3),
					   ipv6(5),
                       dn(9),
                       keyId(11)
                   }
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "This is Identity Type for supported Local Node."
   ::= { fsVpnEntry 29 }

   fsVpnIkePhase1LocalIdValue OBJECT-TYPE
   SYNTAX          DisplayString
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "This is the value for the supported Local Node type  of phase 1"
   ::= { fsVpnEntry 30 }

   fsVpnIkePhase1PeerIdType OBJECT-TYPE
   SYNTAX   INTEGER {
                       ipv4(1),
                       fqdn(2),
                       email(3),
					   ipv6(5),
		               dn(9),
                       keyId(11)
                   }
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "This is Peer Identity Type supported for phase 1 of the IKE
       negotiation."
   ::= { fsVpnEntry 31 }


   fsVpnIkePhase1PeerIdValue OBJECT-TYPE
   SYNTAX          DisplayString
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "This is the Peer Identity value for the supported peer type of phase 1.
        eg. for ipv4 151.100.10.10, for email abc@xyz.com"
   ::= { fsVpnEntry 32 }

   fsVpnIkePhase1LifeTimeType OBJECT-TYPE
   SYNTAX  INTEGER {
                       secs(1),
                       mins(3),
                       hrs(4),
                       days(5)
                   }
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "Specifies the IKE life time units."
   DEFVAL { 1 }
   ::= { fsVpnEntry 33 }

   fsVpnIkePhase1LifeTime OBJECT-TYPE
   SYNTAX          Integer32
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "Enter the duration, in fsVpnIkePhase1LifeTimeType, of the IKE security
       association (SA), after which the IKE SA expires and is re-negotiated.

       if you wish to save setup time for new IPsec SAs, configure a longer
       IKE SA lifetime. However, shorter lifetimes provide more secure IKE
       negotiations because the SA between the tunnel endpoints must be
       successfully renegotiated more frequently.

       NOTE in case of IKEv1: If the IKEv1 lifetimes on two peers are not the
       same (equal in duration), the IKE policy lifetime of the initiating peer
       must be shorter than the lifetime of the responding peer, and the shorter
       lifetime will be used in IKE negotiations between the devices.
       "
   DEFVAL { 2400 }
   ::= { fsVpnEntry 34 }

   fsVpnIkePhase1Mode  OBJECT-TYPE
   SYNTAX  INTEGER {
                       main(2),
                       aggressive(4)
                   }
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
             "Specifies the IKE Phase 1 mode, whether main or aggressive."
   ::= { fsVpnEntry 35 }

   fsVpnIkePhase2AuthAlgo  OBJECT-TYPE
   SYNTAX  INTEGER {
                       md5(1),
                       sha(2),
                       xcbcmac(5),
                       hmacsha256 (12),
                       hmacsha384 (13),
                       hmacsha512 (14)
                   }
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "Specifies which hash algorithm to be used"
   ::= { fsVpnEntry 36 }

   fsVpnIkePhase2EspEncryptionAlgo  OBJECT-TYPE
   SYNTAX  INTEGER {
                       descbc(4),
                       tripledescbc(5),
                       null(11),
                       aes128(12),
                       aes192(13),
                       aes256(14),
                       aesctr128(15),
                       aesctr192(16),
                       aesctr256(17)
                   }
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "Specifies which encryption algorithm should be used for ESP"
   ::= { fsVpnEntry 37 }

   fsVpnIkePhase2LifeTimeType  OBJECT-TYPE
   SYNTAX  INTEGER {
                       secs(1),
                       kb(2),
                       mins(3),
                       hrs(4),
                       days(5)
                   }
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "Specifies the IPSec SA life time type."
   DEFVAL { 1 }
   ::= { fsVpnEntry 38 }

   fsVpnIkePhase2LifeTime  OBJECT-TYPE
   SYNTAX          Integer32
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "Specifies the IPsec security association (SA) lifetime in
       fsVpnIkePhase2LifeTimeType. The SA is re-negotiated after the time limit
       elapses.
       "
   DEFVAL { 800 }
   ::= { fsVpnEntry 39 }

   fsVpnIkePhase2DHGroup  OBJECT-TYPE
   SYNTAX  INTEGER {
                       none (0),
                       group1(1),
                       group2(2),
                       group5(5),
                       group14(14)
                   }
   MAX-ACCESS      read-write
   STATUS          current
   DESCRIPTION
       "Perfect Forward Secrecy (PFS) generates and uses a unique session key
       for each encrypted exchange. The unique session key protects the
       exchange from subsequent decryption, even if the entire exchange was
       recorded and the attacker has obtained the pre-shared and/or private
       keys used by the endpoint devices.

       To enable PFS, choose a Diffie-Hellman group to use in generating the
       PFS session key.
       "
   ::= { fsVpnEntry 40 }

   fsVpnIkeVersion OBJECT-TYPE
       SYNTAX  INTEGER {
                 ikev1 (1),
                 ikev2 (2)
                       }
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
            "This object is used for configuring the IKE version - IKev1 (1)
            or IKEv2 (2) protocol to be used for key negotiation"
       ::= { fsVpnEntry 41 }

   fsVpnCertAlgoType OBJECT-TYPE
       SYNTAX  INTEGER {
                 rsa (1),
                 dsa (2)
                       }
       MAX-ACCESS  read-write
       STATUS  current
       DESCRIPTION
            "This object is used for configuring the Authentication Algorithm -
            RSA (1) or DSA (2) to be used for authentication
            This object needs to configure as RSA (1) or DSA (1) to configure
            fsVpnPolicyType object as ikeCertificate (3)"
       ::= { fsVpnEntry 42 }

   fsVpnPolicyRowStatus OBJECT-TYPE
      SYNTAX          RowStatus
      MAX-ACCESS      read-create
      STATUS          current
      DESCRIPTION
            "This object is used to create and delete rows from the fsVpnTable."
      ::= { fsVpnEntry 43 }

--fsVpnTable END

--fsVpnRaUsersTable Table BEGIN

    fsVpnRaUsersTable  OBJECT-TYPE
       SYNTAX   SEQUENCE OF FsVpnRaUsersEntry
       MAX-ACCESS   not-accessible
       STATUS   current
       DESCRIPTION
           "This table is used to identify the remote
           access users when acting as a RAVPN Server"
       ::= { fsVpnObjects 2 }

    fsVpnRaUsersEntry  OBJECT-TYPE
        SYNTAX  FsVpnRaUsersEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
           "This table is used for configuration of
           usernames and passwords for remote access
           users"
        INDEX   { fsVpnRaUserName }
        ::= { fsVpnRaUsersTable 1 }

    FsVpnRaUsersEntry  ::=
        SEQUENCE {
          fsVpnRaUserName         DisplayString,
          fsVpnRaUserSecret       DisplayString,
          fsVpnRaUserRowStatus    RowStatus
    }

    fsVpnRaUserName  OBJECT-TYPE
        SYNTAX      DisplayString (SIZE (1..32))
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "User Name is the index for accessing
            the Remote Users table"
        ::= { fsVpnRaUsersEntry 1 }

    fsVpnRaUserSecret  OBJECT-TYPE
        SYNTAX      DisplayString (SIZE (1..32))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "Password for the remote user"
        ::= { fsVpnRaUsersEntry 2 }

    fsVpnRaUserRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object is used to create and delete rows
             in the fsVpnRaUsersTable."
        ::= { fsVpnRaUsersEntry 3 }

-- fsVpnRaUsersTable Table END

--fsVpnRaAddressPoolTable Table BEGIN

    fsVpnRaAddressPoolTable  OBJECT-TYPE
       SYNTAX   SEQUENCE OF FsVpnRaAddressPoolEntry
       MAX-ACCESS   not-accessible
       STATUS   current
       DESCRIPTION
           "This table is used to allocated IP addresses
           to remote users using local address pool"
       ::= { fsVpnObjects 3 }

    fsVpnRaAddressPoolEntry  OBJECT-TYPE
        SYNTAX  FsVpnRaAddressPoolEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
           "This table is used for configuration of
           local address pool for the remote users.
           Start and end IP address should be specified
           for each pool"
        INDEX   { fsVpnRaAddressPoolName }
        ::= { fsVpnRaAddressPoolTable 1 }

    FsVpnRaAddressPoolEntry  ::=
        SEQUENCE {
          fsVpnRaAddressPoolName         DisplayString,
          fsVpnRaAddressPoolAddrType     InetAddressType,
          fsVpnRaAddressPoolStart        InetAddress,
          fsVpnRaAddressPoolEnd          InetAddress,
          fsVpnRaAddressPoolPrefixLen    InetAddressPrefixLength,  
          fsVpnRaAddressPoolRowStatus    RowStatus
    }

    fsVpnRaAddressPoolName  OBJECT-TYPE
        SYNTAX      DisplayString (SIZE (1..32))
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "Pool Name is the index for accessing
            the Remote Access Address Pool table"
        ::= { fsVpnRaAddressPoolEntry 1 }

    fsVpnRaAddressPoolAddrType   OBJECT-TYPE
        SYNTAX      InetAddressType
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "IP address type of the pool for remote users This object support
            only ipv4(1), ipv6(2) values."
        ::= { fsVpnRaAddressPoolEntry 2 }

    fsVpnRaAddressPoolStart    OBJECT-TYPE
        SYNTAX      InetAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "Starting IP address of the pool for remote users"
        ::= { fsVpnRaAddressPoolEntry 3 }

    fsVpnRaAddressPoolEnd         OBJECT-TYPE
        SYNTAX      InetAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "End IP address of the pool for remote users"
        ::= { fsVpnRaAddressPoolEntry 4 }

    fsVpnRaAddressPoolPrefixLen OBJECT-TYPE
         SYNTAX  InetAddressPrefixLength
         MAX-ACCESS  read-write
         STATUS  current
         DESCRIPTION
            "The prefix length of the address pool"
         ::= { fsVpnRaAddressPoolEntry 5 }

    fsVpnRaAddressPoolRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object is used to create and delete rows
             in the fsVpnRaAddressPoolTable."
        ::= { fsVpnRaAddressPoolEntry 6 }

-- fsVpnRaAddressPoolTable Table END

   fsVpnRemoteIdTable  OBJECT-TYPE
       SYNTAX           SEQUENCE OF FsVpnRemoteIdEntry
       MAX-ACCESS       not-accessible
       STATUS           current
       DESCRIPTION      "This table provides VPN tunnels remote users
                        identities information.

                        The remote identity and the preshared key (PSK)
                        bindings are globally available to all the VPN
                        tunnels and can be mapped whenever required.

                        One identity can be mapped to multiple tunnels.
                        "
       ::= { fsVpnObjects 4 }

   fsVpnRemoteIdEntry  OBJECT-TYPE
       SYNTAX           FsVpnRemoteIdEntry
       MAX-ACCESS       not-accessible
       STATUS           current
       DESCRIPTION      "A row in this table does not support 'notInService'
                        and 'createAndGo'.
                        "
       INDEX            { fsVpnRemoteIdType, fsVpnRemoteIdValue }
       ::= { fsVpnRemoteIdTable 1 }

    FsVpnRemoteIdEntry ::=
 	SEQUENCE {
        fsVpnRemoteIdType       INTEGER,
        fsVpnRemoteIdValue      DisplayString,
        fsVpnRemoteIdKey        DisplayString,
        fsVpnRemoteIdAuthType   Integer32,
        fsVpnRemoteIdStatus     RowStatus
    }

    fsVpnRemoteIdType   OBJECT-TYPE
        SYNTAX          INTEGER {
                            ipv4(1),
                            fqdn(2),
                            email(3),
                            ipv6(5),
		                    dn(9),
                            keyId(11)
                        }
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "User identity types supported by the gateway chosen
                        to interpret the data of fsVpnRemoteIdValue object.

                        Ip addresses should be represented with 'ipv4' type.

                        A fully qualified domain name (or FQDN) is an
                        unambiguous domain name that specifies the node's
                        position in the DNS tree hierarchy absolutely. To
                        distinguish an FQDN from a regular domain name, a
                        trailing period is added. ex: somehost.example.com
                        "
        REFERENCE       "Section 4.6.2.1, IP Security Domain of Interpretation
                         RFC2407"
        ::= { fsVpnRemoteIdEntry 1 }

    fsVpnRemoteIdValue  OBJECT-TYPE
        SYNTAX          DisplayString
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "It represents the value corresponding to the type
                        mentioned in fsVpnRemoteIdType object.

                        The maximum permitted length of an FQDN is 255 bytes.
                        "
        ::= { fsVpnRemoteIdEntry 2 }

    fsVpnRemoteIdKey    OBJECT-TYPE
        SYNTAX          DisplayString
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "This is the pre-shared key with the gateway. The PSK
                        will be used by the gateway to authenticate the phase-I
                        IKE transactions with this user.
                        "
        ::= { fsVpnRemoteIdEntry 3 }


    fsVpnRemoteIdAuthType OBJECT-TYPE
        SYNTAX          Integer32
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "It represents the value corresponding to the
			            Authentication method configured."
        ::= { fsVpnRemoteIdEntry 4 }


    fsVpnRemoteIdStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "Used to add and delete the remote user identities.

                        A value of 'createAndGo' is not supported because PSK
                        is mandatory to authenticate the user.
                        "
        ::= { fsVpnRemoteIdEntry 5 }

-- end of vpn remote identity table (fsVpnRemoteIdTable)

   fsVpnCertInfoTable  OBJECT-TYPE
       SYNTAX           SEQUENCE OF FsVpnCertInfoEntry
       MAX-ACCESS       not-accessible
       STATUS           current
       DESCRIPTION      "This table provides certificates information that 
                         are used for peer authentication.

                        The certificates are globally available to all the VPN
                        tunnels and can be mapped whenever required.

                        One identity can be mapped to multiple tunnels.
                        "
       ::= { fsVpnObjects 5 }

   fsVpnCertInfoEntry  OBJECT-TYPE
       SYNTAX           FsVpnCertInfoEntry
       MAX-ACCESS       not-accessible
       STATUS           current
       DESCRIPTION      "'createAndGo' is not supported by this table."
       INDEX            { fsVpnCertKeyString}
       ::= { fsVpnCertInfoTable 1 }

    FsVpnCertInfoEntry ::=
 	SEQUENCE {
        fsVpnCertKeyString       DisplayString,
        fsVpnCertKeyType     INTEGER,
        fsVpnCertKeyFileName DisplayString,
        fsVpnCertFileName    DisplayString,
        fsVpnCertEncodeType  INTEGER,
        fsVpnCertStatus      RowStatus
    }

    fsVpnCertKeyString   OBJECT-TYPE
        SYNTAX          DisplayString
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Key identity string supported by the gateway choosen
                        to uniquely identify the certificate information.
                        "
        ::= { fsVpnCertInfoEntry 1 }

    fsVpnCertKeyType  OBJECT-TYPE
        SYNTAX          INTEGER {
                        rsa (1),
                        dsa (2)
                        }
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "It represents the type of algorithm used to
                         generate the key which is used to generate the 
                         certificate.
                         RSA - Ron Rivest, Adi Shamir and Len Adleman Algorithm,
                         DSA - Digital Signature Algorithm.
                        "
        DEFVAL           { rsa }
        ::= { fsVpnCertInfoEntry 2 }

    fsVpnCertKeyFileName    OBJECT-TYPE
        SYNTAX          DisplayString
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "This is the file in which the key used to generate the 
                         certificate is stored."
        ::= { fsVpnCertInfoEntry 3 }

    fsVpnCertFileName    OBJECT-TYPE
        SYNTAX          DisplayString
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "This is the file in which the certificate information 
                         is stored. This will be used by the gateway to 
                         authenticate the phase-I IKE transactions with this user."
        ::= { fsVpnCertInfoEntry 4 }

    fsVpnCertEncodeType OBJECT-TYPE
        SYNTAX          INTEGER {
                         pem (1),
                         der (2)
                        }
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "It represents the encoding type by which the 
                         certificate information are encoded
                         PEM - Privacy Enhanced Mail encoding
                         DER - Distinguished Encoding Rules encoding."
        DEFVAL           { pem }
        ::= { fsVpnCertInfoEntry 5 }


    fsVpnCertStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "'createAndGo' is not supported by this table."
        ::= { fsVpnCertInfoEntry 6 }

-- end of vpn Certificate Information table (fsVpnCertInfoTable)

    fsVpnCaCertInfoTable  OBJECT-TYPE
       SYNTAX           SEQUENCE OF FsVpnCaCertInfoEntry
       MAX-ACCESS       not-accessible
       STATUS           current
       DESCRIPTION      "This table provides Certificate Authority (CA)
                         certificates information.

                        The certificates are globally available to authorize 
                        all the VPN certificates and can be mapped 
                        whenever required."

       ::= { fsVpnObjects 6 }

   fsVpnCaCertInfoEntry  OBJECT-TYPE
       SYNTAX           FsVpnCaCertInfoEntry
       MAX-ACCESS       not-accessible
       STATUS           current
       DESCRIPTION      "'createAndGo is not supported by this table."
       INDEX            { fsVpnCaCertKeyString}
       ::= { fsVpnCaCertInfoTable 1 }

    FsVpnCaCertInfoEntry ::=
 	SEQUENCE {
        fsVpnCaCertKeyString       DisplayString,
        fsVpnCaCertFileName        DisplayString,
        fsVpnCaCertEncodeType      INTEGER,
        fsVpnCaCertStatus          RowStatus
    }

    fsVpnCaCertKeyString    OBJECT-TYPE
        SYNTAX          DisplayString
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Key identity string supported by the gateway chosen
                        to uniquely identify the CA certificate information."
        ::= { fsVpnCaCertInfoEntry 1 }

    fsVpnCaCertFileName    OBJECT-TYPE
        SYNTAX          DisplayString
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "This is the file in which the CA certificate information 
                         is stored. This will be used by the gateway to 
                         authorize the peer certificates used for security 
                         negotiations.
                        "
        ::= { fsVpnCaCertInfoEntry 2 }

    fsVpnCaCertEncodeType OBJECT-TYPE
        SYNTAX          INTEGER {
                         pem (1),
                         der (2)
                        }
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "It represents the encoding type by which the 
                         certificate information are encoded
                         PEM - Privacy Enhanced Mail encoding
                         DER - Distinguished Encoding Rules encoding."
        DEFVAL           { pem }
        ::= { fsVpnCaCertInfoEntry 3 }

    fsVpnCaCertStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION     "'createAndGo' is not supported by this table."
        ::= { fsVpnCaCertInfoEntry 4 }

END
