-- Copyright (C) 2008-2014 Super Micro Computer Inc. All Rights Reserved

-- $Id: fssecv6.mib,v 1.13 2012/09/07 09:52:06 siva Exp $

SUPERMICRO-IPSECV6-MIB DEFINITIONS ::= BEGIN

IMPORTS
enterprises, MODULE-IDENTITY, OBJECT-TYPE,
    Integer32, Counter32
    FROM SNMPv2-SMI
    RowStatus, DisplayString,TEXTUAL-CONVENTION
    FROM SNMPv2-TC;


    fsipv6Sec MODULE-IDENTITY
    LAST-UPDATED "201209050000Z"
    ORGANIZATION "Super Micro Computer Inc."
    CONTACT-INFO "support@Supermicro.com"
    DESCRIPTION
    "The MIB module that describes managed objects of
    general use by the IPSEC Protocol."
    REVISION "201209050000Z"
    DESCRIPTION
    "The MIB module that describes managed objects of
    general use by the IPSEC Protocol."

    ::= { enterprises supermicro-computer-inc(10876) super-switch(101) basic(1) 29 }


fsipv6SecScalars  OBJECT IDENTIFIER ::= { fsipv6Sec 1 }
fsipv6SecConfig   OBJECT IDENTIFIER ::= { fsipv6Sec 2 }
fsipv6SecStats    OBJECT IDENTIFIER ::= { fsipv6Sec 3 }

--
--  IPSEC group
--

       Ipv6IfIndex ::= TEXTUAL-CONVENTION
             DISPLAY-HINT "d"
             STATUS       current
             DESCRIPTION
               "A unique value, greater than zero for each
               internetwork-layer interface in the managed
               system. It is recommended that values are assigned
               contiguously starting from 1. The value for each
               internetwork-layer interface must remain constant
               at least from one re-initialization of the entity's
               network management system to the next
               re-initialization."
             SYNTAX       Integer32 (1..2147483647)

-- definition of textual conventions

-- fsipv6SecScalars Scalars BEGIN 

       fsipv6SecGlobalStatus  OBJECT-TYPE
             SYNTAX  INTEGER {
                   enable      (1),
                   disable     (2)
              }    

             MAX-ACCESS  read-write
             STATUS  current
             DESCRIPTION
             "This object enables/disables the IPSEC processing 
             administratively.By Default it is set to disable"
             ::= { fsipv6SecScalars 1 }

       fsipv6SecVersion  OBJECT-TYPE
             SYNTAX  Counter32
             MAX-ACCESS  read-only
             STATUS  current
             DESCRIPTION
             "Version number of this IPSEC module running on
             the stack."
             ::= { fsipv6SecScalars 2 }

       fsipv6SecGlobalDebug OBJECT-TYPE
            SYNTAX  INTEGER {
                    disableall     (0),
                    enableall      (1),
                    initshut       (2),
                    manageMent     (3),
                    dataPath       (4),
                    ctrlPath       (5),
                    pktDump        (6),
                    osresource     (7),
                    allfailure     (8),
                    buffer         (9)
            }
            MAX-ACCESS read-write
            STATUS  current
            DESCRIPTION
              " The mask which is used to enable selective debug levels in
                IPSec module.

                disableall    : disable all the traces.
                enableall     : enable all tarce levels.
                management    : traces for configuration
                datapath      : traces for data packets
                ctrlplane     : all control packet related traces
                dump          : ppp packet decode
                resourceError : trace for os resource failure
                genError      : unexpected error condition
                semTrc        : PPP State Event Machine Trace
                alarmTrc      : enable PPP Alarms

                All values except disableall and enableall will add a
                particular trace level to the existing trace levels.
                If we want to have only a particular trace level
                (say 'ctrlplane' do the following:
                (i)     configure the value as disableall
		        (ii)    configure the particular trace level('ctrlplane')."

            ::= { fsipv6SecScalars 3 }

       fsipv6SecMaxSA OBJECT-TYPE
            SYNTAX  Integer32 (1..2147483647)
            MAX-ACCESS read-write
            STATUS  deprecated
            DESCRIPTION
            "Specifies the maximum number of security associations present in
            the system. This sizable parameter determines the number of selector,
            policy, access list and security association entries in the system"
            ::= { fsipv6SecScalars 4 }

--fsipv6SecScalars Scalars END

--fsipv6SecConfig Tables BEGIN

-- Selector Table.

          fsipv6SecSelectorTable  OBJECT-TYPE
             SYNTAX   SEQUENCE OF FsIpv6SecSelectorEntry
             MAX-ACCESS   not-accessible
             STATUS   current
             DESCRIPTION       
                 "The list of selectors for the interface."
             ::= { fsipv6SecConfig 1 }

          fsIpv6SecSelectorEntry  OBJECT-TYPE
              SYNTAX  FsIpv6SecSelectorEntry
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION       
              "An entry in the Selector Table. Each entry
              is a set of IP or Upper layer protocol 
              fields used by security policy database to 
              map to security association entry or bundle."
              INDEX   { fsipv6SelIfIndex, 
                        fsipv6SelProtoIndex, 
                        fsipv6SelAccessIndex,
                        fsipv6SelPort,
                        fsipv6SelPktDirection }
              ::= { fsipv6SecSelectorTable 1 }

          FsIpv6SecSelectorEntry  ::= SEQUENCE {
               fsipv6SelIfIndex
                   Integer32,
               fsipv6SelProtoIndex
                   INTEGER,
               fsipv6SelAccessIndex
                   Integer32,
               fsipv6SelPort
                   Integer32, 
               fsipv6SelPktDirection
                   INTEGER,
               fsipv6SelFilterFlag
                   INTEGER,
               fsipv6SelPolicyIndex
                   Integer32,
               fsipv6SelIfIpAddress
                   OCTET STRING,
               fsipv6SelStatus 
                   RowStatus	
          }

          fsipv6SelIfIndex  OBJECT-TYPE 
              SYNTAX  Integer32 (1..2147483647)
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "The index value which uniquely identifies 
              the IPv6 interface on which this Selector 
              Table entry exists. The interface indentified 
              by a particular value of this index is the same
              interface as identified by the value of 
              ipv6IfIndex."
              ::= { fsIpv6SecSelectorEntry 1 }

          fsipv6SelProtoIndex  OBJECT-TYPE 
              SYNTAX  INTEGER {
                   tcp         (6),
                   udp         (17),
                   icmpv6      (58),
                   ahproto     (51),
                   espproto    (50),
                   any         (9000)
              }    
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "The Proto index value which uniquely identifies 
              the protocol for which this Selector Table entry 
              exists.In case of no specific protocol any can be 
              used whose value is assigned as 9000" 
              ::= { fsIpv6SecSelectorEntry 2 }

          fsipv6SelAccessIndex  OBJECT-TYPE
              SYNTAX  Integer32 (1..2147483647) 
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "This value of the object is same as that of the 
              index of the access table. This index can be used
              to get a range of source and destination IPv6 addresses 
              from the access table for validating the src and destination
              addr of the packets."
              ::= { fsIpv6SecSelectorEntry 3 }

          fsipv6SelPort  OBJECT-TYPE 
              SYNTAX  Integer32 (1..2147483647)
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "Port to Specify the user application for 
              a given protocol.In case of no specific port 
              any can be used whose value is assigned to 9000"
              ::= { fsIpv6SecSelectorEntry 4 }

          fsipv6SelPktDirection  OBJECT-TYPE 
              SYNTAX  INTEGER {
                               inbound (1),
                               outbound (2),
                               any (3)
              }
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "Decides the Packet Direction" 
              ::= { fsIpv6SecSelectorEntry 5 }

          fsipv6SelFilterFlag  OBJECT-TYPE 
              SYNTAX  INTEGER {
				filter (1),
				allow  (2)
                }
		
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "Flag to specify the filtering of the packets 
              based on the protocol field."
              ::= { fsIpv6SecSelectorEntry 6 }

          fsipv6SelPolicyIndex  OBJECT-TYPE 
              SYNTAX  Integer32 (1..2147483647)
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "The value of this object is same as that of
              the index of the security policy table. This 
              object can be configured only when there is a 
              corresponding entry for the specified value in 
              the policy table.This object cannot be configured 
              if for the given value there is an entry in the 
              policy table which in turn points to the secassoc 
              entries in transport mode."
              ::= { fsIpv6SecSelectorEntry 7 }

          fsipv6SelIfIpAddress  OBJECT-TYPE 
              SYNTAX  OCTET STRING (SIZE (0..16))
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "A unique non-zero value identifying the local 
              tunnel termination address. This
              object should be set when working with IKE"
              ::= { fsIpv6SecSelectorEntry 8 }

          fsipv6SelStatus  OBJECT-TYPE 
              SYNTAX  RowStatus
              MAX-ACCESS  read-create
              STATUS  current
              DESCRIPTION
              "This object is used to create and delete rows 
              from the fsipv6SecSelectorTable. It can be set 
              to the value of createAndGo(4),createAndWait(5),
              notInService(2),active(1) and destroy(6).
              This object can be configured only when the 
              ipsec admin status is disable."
              ::= { fsIpv6SecSelectorEntry 9 }

-- Access Table

          fsipv6SecAccessTable  OBJECT-TYPE
             SYNTAX   SEQUENCE OF FsIpv6SecAccessEntry
             MAX-ACCESS   not-accessible
             STATUS   current
             DESCRIPTION       
             "Range of Ip addresses allowed for a domain"
             ::= { fsipv6SecConfig 2 }

          fsIpv6SecAccessEntry  OBJECT-TYPE
              SYNTAX  FsIpv6SecAccessEntry
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION       
              "An entry in the access Table that specifies
              the range of address allowed for a domain" 

              INDEX   { fsipv6SecAccessIndex }
              ::= { fsipv6SecAccessTable 1 }

          FsIpv6SecAccessEntry  ::=
              SEQUENCE {
  	       fsipv6SecAccessIndex
		       Integer32,
  	       fsipv6SecAccessStatus
		       RowStatus,
               fsipv6SecSrcNet 
                       OCTET STRING,
               fsipv6SecSrcAddrPrefixLen
                       Integer32,
               fsipv6SecDestNet
                       OCTET STRING,
               fsipv6SecDestAddrPrefixLen
                       Integer32
          }

          fsipv6SecAccessIndex  OBJECT-TYPE 
              SYNTAX  Integer32 (1..2147483647) 
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "This value of the object is used to get a unique 
              entry in the access table. This index is used
              by the selector table to get an entry from the
              access table. This index is used to get a 
              range of source IPv6 addresses from the access 
              table for validating the src addr and destination
              address of the packets"
              ::= { fsIpv6SecAccessEntry 1 }

          fsipv6SecAccessStatus  OBJECT-TYPE 
              SYNTAX  RowStatus
              MAX-ACCESS  read-create
              STATUS  current
              DESCRIPTION
              "This object is used to create and delete rows 
              from the fsipv6SecAccessTable. It can be set 
              to the value of createAndGo(4),createAndWait(5),
              notInService(2),active(1) and destroy(6).
              This object can be configured only when the 
              ipsec admin status is disable"
              
             ::= { fsIpv6SecAccessEntry 2 }

          fsipv6SecSrcNet  OBJECT-TYPE 
              SYNTAX  OCTET STRING (SIZE (0..16))
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "A unique non-zero value identifying the source IPv6 
              network for a given access index."
              ::= { fsIpv6SecAccessEntry 3 }

          fsipv6SecSrcAddrPrefixLen  OBJECT-TYPE 
              SYNTAX Integer32 (1..128) 
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "The length of the prefix (in bits) associated with the
              IPv6 source address of this entry."
              ::= { fsIpv6SecAccessEntry 4 }

          fsipv6SecDestNet  OBJECT-TYPE 
              SYNTAX  OCTET STRING (SIZE (0..16))
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "A unique non-zero value identifying the destination IPv6 
               network for a given access index."
              ::= { fsIpv6SecAccessEntry 5 }

          fsipv6SecDestAddrPrefixLen  OBJECT-TYPE 
              SYNTAX Integer32 (1..128) 
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "The length of the prefix (in bits) associated with the
              IPv6 destination address of this entry."
              ::= { fsIpv6SecAccessEntry 6 }

-- Security Policy Database

          fsipv6SecPolicyTable  OBJECT-TYPE
             SYNTAX   SEQUENCE OF FsIpv6SecPolicyEntry
             MAX-ACCESS   not-accessible
             STATUS   current
             DESCRIPTION       
             "List of policies that determine the disposition
             of all IP traffic"
             ::= { fsipv6SecConfig 3 }

          fsIpv6SecPolicyEntry  OBJECT-TYPE
              SYNTAX  FsIpv6SecPolicyEntry
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION       
              "An entry in the Security Policy Table that 
              specifies what services are to be offered to 
              IP datagrams and in what fashion. "
              INDEX   { fsipv6SecPolicyIndex }
              ::= { fsipv6SecPolicyTable 1 }

          FsIpv6SecPolicyEntry  ::=
              SEQUENCE {
  	       fsipv6SecPolicyIndex
		    Integer32,
               fsipv6SecPolicyFlag 
                   INTEGER,
               fsipv6SecPolicyMode
                   INTEGER,
               fsipv6SecPolicySaBundle
                    DisplayString,
               fsipv6SecPolicyOptionsIndex
	            Integer32,
	       fsipv6SecPolicyStatus
	             RowStatus
          }

          fsipv6SecPolicyIndex  OBJECT-TYPE 
              SYNTAX  Integer32 (1..2147483647)
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "A unique non-zero value identifying the particular
              security policy entry.This index is used by the
              the selector table to get the policy entry for a
              given selector entry"
              ::= { fsIpv6SecPolicyEntry 1 }

          fsipv6SecPolicyFlag  OBJECT-TYPE 
              SYNTAX  INTEGER {
			  apply (3),   -- applies IPSEC on the packet 
			  bypass (4)  -- bypasses the IPSEC for the packet
		     }
	          MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "The choices that can be applied on 
              any outbound/inbound datagrams."
              ::= { fsIpv6SecPolicyEntry 2 }

          fsipv6SecPolicyMode  OBJECT-TYPE 
              SYNTAX  INTEGER {
		      manual (1), 
		      automatic (2)    
		     }  
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "The mode of creation of security association 
              entries."
              ::= { fsIpv6SecPolicyEntry 3 }

          fsipv6SecPolicySaBundle  OBJECT-TYPE 
              SYNTAX  DisplayString
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "This object is used to associate Security 
              association entries with each policy entry.
              The Policy entry is mapped to the secassoc 
              entries by specifying the secassoc indicies 
              in the format (1.2.3.4) where (1,2,3,4) are 
              the indicies of the 4 Independent secassoc 
              entries.If only one secassoc is to be mapped 
              then the index of that particular secassoc
              alone can be specified"
              ::= { fsIpv6SecPolicyEntry 4 }

          fsipv6SecPolicyOptionsIndex  OBJECT-TYPE 
              SYNTAX  Integer32 (1..2147483647)
	      MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "Refers to the IKE Options."
              ::= { fsIpv6SecPolicyEntry 5 }

          fsipv6SecPolicyStatus  OBJECT-TYPE 
              SYNTAX  RowStatus
              MAX-ACCESS  read-create
              STATUS  current
              DESCRIPTION
              "This object is used to create and delete rows 
              from the fsipv6SecPolicyTable. It can be set 
              to the value of createAndGo(4),createAndWait(5),
              notInService(2),active(1) and destroy(6).
              This object can be configured only when the ipsec
              admin status is disable"
              ::= { fsIpv6SecPolicyEntry 6 }


              -- Security Association Table.
              -- The IPv6 Security Association table contains the security
              -- association between a source and destination. This table 	    
              -- is consulted for authenticating and encrypting incoming 
              -- and outgoing datagrams. Each entry represents a security 
              -- mapping between a source and destination and specifies the 
              -- Authentication algorithm and key, the Security Parameter 	    
              -- Index (SPI) value and the direction of the mapping.
              -- Entries created/deleted from SNMP.


          fsipv6SecAssocTable  OBJECT-TYPE
             SYNTAX   SEQUENCE OF Fsipv6SecAssocEntry
             MAX-ACCESS   not-accessible
             STATUS   current
             DESCRIPTION       
             "This table contains the security association 
             between a source and destination. It is 
             consulted for authentication and Ciphering of 
             inbound and outbound datagrams.Datagrams which 
             are forwarded by this entity are not authenticated."
             ::= { fsipv6SecConfig 4 }

          fsipv6SecAssocEntry  OBJECT-TYPE
              SYNTAX  Fsipv6SecAssocEntry
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION       
              "An entry in the IPv6 Security Association Table. 
              Each entry specifies the mapping between a 
              particular source and destination address. The 
              entry specifies the authentication algorithm and 
              key to use, the direction of authentication 
              (inbound or outbound) and a Security Parameter Index (SPI)."
              INDEX   { fsipv6SecAssocIndex }
              ::= { fsipv6SecAssocTable 1 }

          Fsipv6SecAssocEntry  ::=
              SEQUENCE {
               fsipv6SecAssocIndex 
                   Integer32,
               fsipv6SecAssocDstAddr
                   OCTET STRING,
               fsipv6SecAssocProtocol
                   INTEGER,
               fsipv6SecAssocSpi
                   Integer32,
               fsipv6SecAssocMode
                   INTEGER,
               fsipv6SecAssocAhAlgo
                   INTEGER,
               fsipv6SecAssocAhKey
                   OCTET STRING,
               fsipv6SecAssocEspAlgo
                   INTEGER,
               fsipv6SecAssocEspKey
                   OCTET STRING,
               fsipv6SecAssocEspKey2
                   OCTET STRING,
               fsipv6SecAssocEspKey3
                   OCTET STRING,
               fsipv6SecAssocLifetimeInBytes
                   INTEGER,
               fsipv6SecAssocLifetime
                   Integer32,
               fsipv6SecAssocAntiReplay
                   INTEGER,
               fsipv6SecAssocStatus
                   RowStatus
          }

          fsipv6SecAssocIndex  OBJECT-TYPE 
              SYNTAX  Integer32 (1..2147483647)
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "A unique non-zero value identifying the 
              particular Security Association.
              This index value is used by the object 
              fsipv6SecPolicySaBundle of the policy
              table to associate the policy entries to
              the secassoc entries"
              ::= { fsipv6SecAssocEntry 1 }

          fsipv6SecAssocDstAddr  OBJECT-TYPE 
              SYNTAX  OCTET STRING (SIZE (0..16))
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "This destination address is matched with the
              destination address in the packet during 
              authentication of inbound and outbound datagrams."
              ::= { fsipv6SecAssocEntry 2 }

          fsipv6SecAssocProtocol  OBJECT-TYPE 
              SYNTAX  INTEGER {
                 espproto(50),
                 ahproto(51)
              }
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "Security header used for either authentication 
              (AH) or encryption (ESP)."
              ::= { fsipv6SecAssocEntry 3 }

          fsipv6SecAssocSpi  OBJECT-TYPE 
              SYNTAX  Integer32 (256..2147483647)
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "This is an arbitrary 32-bit value identifying
              the security association for this datagram. The
              Security Parameter Index value 0 is reserved to
              Indicate that 'no security association exists'.
              The set of Security Parameters Index values
              In the range 1 through 255 are reserved to 
              the IANA for future use. Any SPI value greater
              than 255 can be configured."
              ::= { fsipv6SecAssocEntry 4 }

          fsipv6SecAssocMode  OBJECT-TYPE 
              SYNTAX  INTEGER {
				tunnel (1),    -- tunnel mode
				transport (2)  -- transport mode
	      }
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
              "The supporting security association mode.
              The secassoc mode is configured as Transport or Tunnel
              when the router is acting as a host. A Security gateway 
              can be configured only in tunnel mode"
              ::= { fsipv6SecAssocEntry 5 }

          fsipv6SecAssocAhAlgo  OBJECT-TYPE  
              SYNTAX  INTEGER  {
                          null      (0),
                          hmacmd5   (1),
	       	          hmacsha1  (2),
                          keyedmd5  (3),
                          md5       (4)
                      }
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION   
              "The authentication algorithm configured for
               the particular security association entry.
               This object is not mandatory for creation
               of an entry.Setting the algorithm to keyed-md5(2)
               or hmac-md5 (3),hmacsha1(4) requires a key for 
               authentication."
              ::= { fsipv6SecAssocEntry 6 }

          fsipv6SecAssocAhKey  OBJECT-TYPE       
              SYNTAX  OCTET STRING (SIZE(0..20))
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION   
              "This is the key used for authentication 
               when the algorithm configured is either
               keyed-md5 or hmac-md5 or hmach-sha1 . 
	       This object is not mandatory for creation
	       of an entry. If the algorithm is md5, 
	       no key needs to be specified.For KeyedMd5
               and HmacMd5 the key size must be 16 bytes and
               for HmacSha1 the key size must be 20 bytes "
              ::= { fsipv6SecAssocEntry 7 }

          fsipv6SecAssocEspAlgo  OBJECT-TYPE  
              SYNTAX  INTEGER  {
                          descbc      (2),
                          threedescbc (3),
                          null       (11),
                          aes        (12)
	                }
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION   
              "The type of algorithm used for Encapsulation 
              Security Palyload (ESP) Header.This object is to 
              be configured only if the Security protocol to be 
              used is ESP"
              ::= { fsipv6SecAssocEntry 8 }

          fsipv6SecAssocEspKey  OBJECT-TYPE       
              SYNTAX  OCTET STRING (SIZE(0..8)) 
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION   
              "ESP authentication key.This must be of 
              8 Bytes only  "
              ::= { fsipv6SecAssocEntry 9 }

         fsipv6SecAssocEspKey2 OBJECT-TYPE       
              SYNTAX  OCTET STRING (SIZE(0..8)) 
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION   
                  "This object is used for configuring the second key
                   of 3des-cbc.This key must be  8 Bytes only  "
              ::= { fsipv6SecAssocEntry 10 }

          fsipv6SecAssocEspKey3  OBJECT-TYPE       
              SYNTAX  OCTET STRING (SIZE(0..8)) 
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION   
                  "This object is used for configuring the third key
                   of 3des-cbc.This key must be  8 Bytes only"
              ::= { fsipv6SecAssocEntry 11 }
          fsipv6SecAssocLifetimeInBytes OBJECT-TYPE
              SYNTAX  INTEGER(0 .. 2147483647)
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION   
              "The timer interval interms of number of bytes.
              IPSEC counts the number of bytes to which the
              IPSEC algorithm is applied. This object specifies the
              allowed maximum number of bytes. If the value is 0,
              it signifies that the lifetime is infinity. 
              By default it is set to infinity."
              ::= { fsipv6SecAssocEntry 12 }

          fsipv6SecAssocLifetime OBJECT-TYPE
              SYNTAX  Integer32 (0|300 .. 2592000)
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION   
              " This specifies the duration in seconds for which
              this Security Association remains active. After this
              time interval, the entry becomes inactive and has to
              be manually made active again. If the value is 0,
              it signifies that the lifetime is infinity. By default
              it is set to infinity. Valid values are in the
              range 300 to 2592000."
              ::= { fsipv6SecAssocEntry 13 }


             fsipv6SecAssocAntiReplay  OBJECT-TYPE 
                SYNTAX  INTEGER {
				enable (1), 
				disable (2)  
	      }
              MAX-ACCESS  read-write
              STATUS  current
              DESCRIPTION
                  "The object is used for activating the anti
		   repaly functionality of the security protocols"
		    
              ::= { fsipv6SecAssocEntry 14 }



          fsipv6SecAssocStatus OBJECT-TYPE
              SYNTAX  RowStatus
              MAX-ACCESS  read-create
              STATUS  current
              DESCRIPTION   
              "This object is used to create and delete rows 
              from the fsipv6SecAssocTable. It can be set 
              to the value of createAndGo(4),createAndWait(5),
              notInService(2),active(1) and destroy(6).
              This object can be configured only when the ipsec
              admin status is disable"
              ::= { fsipv6SecAssocEntry 15 }

--fsipv6SecConfig Tables END

-- fsipv6SecStats Tables BEGIN

-- Interface Specific IPSEC Statistics table

          fsipv6SecIfStatsTable  OBJECT-TYPE
             SYNTAX   SEQUENCE OF FsIpv6SecIfStatsEntry
             MAX-ACCESS   not-accessible
             STATUS   current
             DESCRIPTION       
             "IPSEC statistics table based on per interface."
             ::= { fsipv6SecStats 1 }

          fsIpv6SecIfStatsEntry  OBJECT-TYPE
              SYNTAX  FsIpv6SecIfStatsEntry
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION       
              "An entry in the Interface Statistics table."
              INDEX   { fsipv6SecIfIndex }
              ::= { fsipv6SecIfStatsTable 1 }

          FsIpv6SecIfStatsEntry  ::=
              SEQUENCE {
	       fsipv6SecIfIndex
	           Integer32,
               fsipv6SecIfInPkts
                   Counter32,
               fsipv6SecIfOutPkts
                   Counter32,
               fsipv6SecIfPktsApply
                   Counter32,
               fsipv6SecIfPktsDiscard
                   Counter32,
               fsipv6SecIfPktsBypass
                   Counter32
          }

          fsipv6SecIfIndex  OBJECT-TYPE 
              SYNTAX  Integer32 (1..100)
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "The index value which uniquely identifies 
              the IPv6 interface on which this interface 
              statistics table entry exists. The interface 
              identified by a particular value of this index is
              the same interface as identified by the same value of
              ipv6IfIndex."
              ::= { fsIpv6SecIfStatsEntry 1 }

          fsipv6SecIfInPkts  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of packets recieved on the specified
              interface."
              ::= { fsIpv6SecIfStatsEntry 2 }

          fsipv6SecIfOutPkts  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of packets sent on the specified 
              interface."
              ::= { fsIpv6SecIfStatsEntry 3 }

          fsipv6SecIfPktsApply  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of packets for which security is 
              applied which are of either inbound or 
              outbound."
              ::= { fsIpv6SecIfStatsEntry 4 }

              fsipv6SecIfPktsDiscard  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of packets dropped either of 
              inbound or outbound."
              ::= { fsIpv6SecIfStatsEntry 5 }

             fsipv6SecIfPktsBypass  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of packets for which IPSEC is not 
              applied which are of either inbound 
              or outbound."
              ::= { fsIpv6SecIfStatsEntry 6 }

-- AH/ESP Specific IPSEC Statistics table

          fsipv6SecAhEspStatsTable  OBJECT-TYPE
             SYNTAX   SEQUENCE OF FsIpv6SecAhEspStatsEntry
             MAX-ACCESS   not-accessible
             STATUS   current
             DESCRIPTION       
             "AH/ESP related statistics table."
             ::= { fsipv6SecStats 2 }

          fsIpv6SecAhEspStatsEntry  OBJECT-TYPE
              SYNTAX  FsIpv6SecAhEspStatsEntry
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION       
              "An entry in the AH/ESP statistics Table. "
              INDEX   { fsipv6SecAhEspIfIndex }
              ::= { fsipv6SecAhEspStatsTable 1 }

          FsIpv6SecAhEspStatsEntry  ::=
              SEQUENCE {
	           fsipv6SecAhEspIfIndex
                   INTEGER,
               fsipv6SecInAhPkts
                   Counter32,
               fsipv6SecOutAhPkts
                   Counter32,
               fsipv6SecAhPktsAllow
                   Counter32,
               fsipv6SecAhPktsDiscard
                   Counter32,
               fsipv6SecInEspPkts
                   Counter32,
               fsipv6SecOutEspPkts
                   Counter32,
               fsipv6SecEspPktsAllow
                   Counter32,
               fsipv6SecEspPktsDiscard
                   Counter32
          }

          fsipv6SecAhEspIfIndex  OBJECT-TYPE 
              SYNTAX  INTEGER (1..100)
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "The index value which uniquely identifies 
              the IPv6 interface on which this statistics 
              table entry exists. The interface identified by a 
              particular value of this index is the same  
              interface as identified by the same value of ipv6IfIndex."
              ::= { fsIpv6SecAhEspStatsEntry 1 }

          fsipv6SecInAhPkts  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of AH packets recieved."
              ::= { fsIpv6SecAhEspStatsEntry 2 }

          fsipv6SecOutAhPkts  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of AH packets sent."
              ::= { fsIpv6SecAhEspStatsEntry 3 }          

	        fsipv6SecAhPktsAllow  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of AH packets allowed."
              ::= { fsIpv6SecAhEspStatsEntry 4 }          

	        fsipv6SecAhPktsDiscard  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of AH packets discarded."
              ::= { fsIpv6SecAhEspStatsEntry 5 }          

          fsipv6SecInEspPkts  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of ESP packets received."
              ::= { fsIpv6SecAhEspStatsEntry 6 }

          fsipv6SecOutEspPkts  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of ESP packets sent."
              ::= { fsIpv6SecAhEspStatsEntry 7 }          

	        fsipv6SecEspPktsAllow  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of ESP packets allowed."
              ::= { fsIpv6SecAhEspStatsEntry 8 }          

	        fsipv6SecEspPktsDiscard  OBJECT-TYPE 
              SYNTAX  Counter32
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Number of ESP packets discarded."
              ::= { fsIpv6SecAhEspStatsEntry 9 }      

-- AH/ESP Specific IPSEC Intru table

        fsipv6SecAhEspIntruTable  OBJECT-TYPE
             SYNTAX   SEQUENCE OF FsIpv6SecAhEspIntruEntry
             MAX-ACCESS   not-accessible
             STATUS   current
             DESCRIPTION       
             "AH/ESP related Intru table."
             ::= { fsipv6SecStats 3}

        fsIpv6SecAhEspIntruEntry  OBJECT-TYPE
              SYNTAX  FsIpv6SecAhEspIntruEntry
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION       
              "An entry in the AH/ESP intruder Table. "
              INDEX   { fsipv6SecAhEspIntruIndex }
              ::= { fsipv6SecAhEspIntruTable 1 }

        FsIpv6SecAhEspIntruEntry  ::=
              SEQUENCE {
               fsipv6SecAhEspIntruIndex
                   Integer32,
               fsipv6SecAhEspIntruIfIndex
                   Integer32,
               fsipv6SecAhEspIntruSrcAddr
                   OCTET STRING,
               fsipv6SecAhEspIntruDestAddr
                   OCTET STRING,
               fsipv6SecAhEspIntruProto
                   INTEGER,
               fsipv6SecAhEspIntruTime
                   Counter32 
          }

        fsipv6SecAhEspIntruIndex  OBJECT-TYPE 
              SYNTAX  Integer32 (1..2147483647) 
              MAX-ACCESS  not-accessible
              STATUS  current
              DESCRIPTION
              "Specifies the index of the entry in the table."
              ::= { fsIpv6SecAhEspIntruEntry 1 }

        fsipv6SecAhEspIntruIfIndex  OBJECT-TYPE 
              SYNTAX  Integer32 (1..100)
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "The index value which uniquely identifies 
              the IPv6 interface on which this statistics 
              table entry exists. The interface identified 
              by a particular value of this index is the same 
              interface as identified by the same value of 
              ipv6IfIndex."
              ::= { fsIpv6SecAhEspIntruEntry 2 }

        fsipv6SecAhEspIntruSrcAddr  OBJECT-TYPE 
              SYNTAX  OCTET STRING (SIZE (0..16))
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Intru's source address."
              ::= { fsIpv6SecAhEspIntruEntry 3 }

        fsipv6SecAhEspIntruDestAddr  OBJECT-TYPE 
              SYNTAX  OCTET STRING (SIZE (0..16))
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Intru's destination address."
              ::= { fsIpv6SecAhEspIntruEntry 4 }          

        fsipv6SecAhEspIntruProto  OBJECT-TYPE 
              SYNTAX  INTEGER {
                    ahproto     (51),
                    espproto    (50)
                }
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Intru's Protocol."
              ::= { fsIpv6SecAhEspIntruEntry 5 }          

	      fsipv6SecAhEspIntruTime  OBJECT-TYPE 
              SYNTAX  Counter32 
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
              "Time of intruders attack."
              ::= { fsIpv6SecAhEspIntruEntry 6 }          

-- fsipv6SecStats Tables END
END
