TIMETRA-IPSEC-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE,
    Unsigned32, Counter64, Counter32, Gauge32, Integer32,
    NOTIFICATION-TYPE                           FROM SNMPv2-SMI

    MODULE-COMPLIANCE, OBJECT-GROUP,
    NOTIFICATION-GROUP                          FROM SNMPv2-CONF

    TEXTUAL-CONVENTION, RowStatus, 
    TimeStamp, TruthValue, StorageType,
    DisplayString                               FROM SNMPv2-TC

    InterfaceIndex                              FROM IF-MIB

    InetAddressType, InetAddress,
    InetAddressPrefixLength                     FROM INET-ADDRESS-MIB

    TItemDescription, TNamedItem,                
    TNamedItemOrEmpty,
    TmnxAdminState, TmnxOperState,
    TmnxServId,
    TmnxIPsecTunnelTemplateId,
    TmnxIPsecTunnelTemplateIdOrZero,
    TmnxIkePolicyAuthMethod, TTcpUdpPort,
    TmnxBfdSessOperState, TmnxIkePolicyOwnAuthMethod
    
                                                FROM TIMETRA-TC-MIB
 

    timetraSRMIBModules, tmnxSRObjs,
    tmnxSRNotifyPrefix, tmnxSRConfs             FROM TIMETRA-GLOBAL-MIB

    svcId                                       FROM TIMETRA-SERV-MIB

    sapPortId, sapEncapValue                    FROM TIMETRA-SAP-MIB
    
    tmnxChassisIndex, tmnxCardSlotNum,
    tmnxMDASlotNum, TmnxHwIndexOrZero           FROM TIMETRA-CHASSIS-MIB;

timetraIPsecMIBModule MODULE-IDENTITY
        LAST-UPDATED "201102010000Z"
        ORGANIZATION "Alcatel-Lucent"
        CONTACT-INFO
            "Alcatel-Lucent SROS Support
             Web: http://support.alcatel-lucent.com"
        DESCRIPTION
            "This document is the SNMP MIB  module to manage and provision
             the  Alcatel-Lucent SROS device with IPsec tunneling, encryption
             and other related features. 

             Copyright 2008-2012 Alcatel-Lucent. All rights reserved.
             Reproduction of  this document is authorized  on the condition 
             that the foregoing copyright notice is included.

             This SNMP MIB module (Specification) embodies Alcatel-Lucent's
             proprietary  intellectual  property. Alcatel-Lucent retains all 
             title and ownership in the Specification, including any revisions.

             Alcatel-Lucent grants all interested parties a non-exclusive 
             license to use and distribute an unmodified copy of this 
             Specification in connection with management of Alcatel-Lucent
             products, and without fee, provided this copyright notice and 
             license appear on all copies.

             This  Specification  is supplied `as is', and Alcatel-Lucent
             makes no warranty, either express or implied, as to the use, 
             operation, condition, or performance of the Specification."

--
--  Revision History
--
        REVISION        "1102010000Z"
        DESCRIPTION     "Rev 9.0                1 Feb 2011 00:00
                         9.0 release of the TIMETRA-IPSEC-MIB."

        REVISION        "0902280000Z"
        DESCRIPTION     "Rev 7.0                28 Feb 2009 00:00
                         7.0 release of the TIMETRA-IPSEC-MIB."

        REVISION        "0807010000Z"
        DESCRIPTION     "Rev 6.1                01 Jul 2008 00:00
                         6.1 release of the TIMETRA-IPSEC-MIB."

        REVISION        "0801010000Z"
        DESCRIPTION     "Rev 0.1                01 Jan 2008 00:00
                         Initial version of the TIMETRA-IPSEC-MIB."

        ::= { timetraSRMIBModules 48 }


tmnxIPsecObjects         OBJECT IDENTIFIER ::= { tmnxSRObjs 48 }
    tmnxIPsecNotifyObjs       OBJECT IDENTIFIER ::= { tmnxIPsecObjects 100 }
tmnxIPsecNotifyPrefix    OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 48 }
    tmnxIPsecNotifications   OBJECT IDENTIFIER ::= { tmnxIPsecNotifyPrefix 0 }
tmnxIPsecConformance     OBJECT IDENTIFIER ::= { tmnxSRConfs 48 }


--
-- Textual Conventions
--

TmnxIPsecTransformId ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION     "A number used to identify an entry in the
                     tmnxIPsecTransformTable." 
    SYNTAX          Unsigned32 (1..2048)

TmnxIPsecTransformIdOrZero ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION     "A number used to identify an entry in the
                     tmnxIPsecTransformTable or zero." 
    SYNTAX          Unsigned32 (0..2048)

TmnxAuthAlgorithm ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION  "TmnxAuthAlgorithm data type is an enumerated integer 
                  that describes the values used to identify the 
                  hashing algorithm.

                  Value Descriptions:
   
                  null   - Choosing this value configures the high-speed 
                           null algorithm, which does nothing. This is same 
                           as not having authentication turned on, same as 
                           turning the protocol off.

                  md5    - Choosing this value configures the use of 
                           hmac-md5 algorithm for authentication.

                  sha1   - Choosing this valule configures the use of 
                           hmac-sha1 algorithm for authentication.
                           
                  sha256   - Choosing this valule configures the use of 
                           hmac-sha256 algorithm for authentication.
                           
                  sha384   - Choosing this valule configures the use of 
                           hmac-sha384 algorithm for authentication.
                           
                  sha512   - Choosing this valule configures the use of 
                           hmac-sha512 algorithm for authentication.
                  "
                 
    SYNTAX       INTEGER {
                     null   (1),
                     md5    (2),
                     sha1   (3),
                     sha256 (4),
                     sha384 (5),
                     sha512 (6)
                 }

TmnxEncrAlgorithm ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION  "TmnxEncrAlgorithm data type is an enumerated integer 
                  that describes the values used to identify the encryption 
                  algorithm.

                  Value Descriptions:
   
                  null   - Choosing this value configures the high-speed 
                           null algorithm, which does nothing. This is same 
                           as not having encryption turned on.

                  des    - Choosing this value configures the 56-bit des 
                           algorithm for encryption. This is an older 
                           algorithm with relatively weak security. While 
                           better than nothing, it should only be used 
                           where a strong algorithm is not available on 
                           both ends at an acceptable performance level.

                  des3   - Choosing this value configures the 3-des 
                           algorithm for encryption. This is a modified 
                           application of the des algorithm which uses  
                           multiple des operations to make things more 
                           secure.
                   
                  aes128 - Choosing this value configures the aes algorithm 
                           with a block size of 128 bits. This is a 
                           mandatory implementation size for aes. As of 
                           today, this is a very strong algorithm choice.

                  aes192 - Choosing this value configures the aes algorithm
                           with a block size of 192 bits. This is a 
                           stronger version of aes.

                  aes256 - Choosing this value configures the aes algorithm
                           with a block size of 256 bits. This is the 
                           strongest available version of aes."
                 
    SYNTAX       INTEGER {
                     null (1),
                     des (2),
                     des3 (3),
                     aes128 (4),
                     aes192 (5),
                     aes256 (6)
                 }

TmnxIkePolicyId ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION     "A number used to identify an entry in the 
                     tmnxIkePolicyTable."
    SYNTAX          Unsigned32 (1..2048)

TmnxIkePolicyIdOrZero ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION     "A number used to identify an entry in the 
                     tmnxIkePolicyTable or zero."
    SYNTAX          Unsigned32 (0..2048)

TmnxIkeVersion ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION    "TmnxIkeVersion data type is an integer that indicates 
                    the version of IKE supported by the entry."
    SYNTAX          INTEGER {
                        version1 (1),
                        version2 (2)
                    }

TmnxIkePolicyIkeMode ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION    "TmnxIkePolicyIkeMode data type is an enumerated 
                    integer that describes the values used to identify the 
                    IKE mode of operation. This determines the number of 
                    messages used to establish the session."
    SYNTAX          INTEGER {
                        main (1),
                        aggressive (2)
                    }

TmnxIkePolicyDHGroup ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION    "TmnxIkePolicyDHGroup data type is an enumerated 
                    integer that describes the values used to identify the 
                    diffie-hellman group for calculating the session keys.

                    Value Descriptions:
   
                    group1  - 768 bits

                    group2  - 1024 bits

                    group5  - 1536 bits

                    group14 - 2048 bits

                    group15 - 3072 bits

                    More bits provide a higher level of security, but 
                    require more processing."
                     
    SYNTAX          INTEGER {
                        group1  (1),
                        group2  (2),
                        group5  (5),
                        group14 (14),
                        group15 (15)
                    }

TmnxIkePolicyDHGroupOrZero ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION    "TmnxIkePolicyDHGroupOrZero data type is similar to
                    TmnxIkePolicyDHGroup but allows the value
                    'unspecified (0)'."
                     
    SYNTAX          INTEGER {
                        unspecified (0),
                        group1 (1),
                        group2 (2),
                        group5 (5)
                    }

TmnxIPsecPolicyId ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION     "A number used to identify an entry in the 
                     tmnxIPsecPolicyTable."
    SYNTAX          Unsigned32 (1..8192)

TmnxIPsecPolicyIdOrZero ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION     "A number used to identify an entry in the 
                     tmnxIPsecPolicyTable or zero."
    SYNTAX          Unsigned32 (0..8192)

TmnxIPsecKeyingType ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION    "TmnxIPsecKeyingType data type is an enumerated integer 
                    that describes the values used to identify the IPsec 
                    keying type."                   
    SYNTAX          INTEGER {
                        none (0),
                        manual (1),
                        dynamic (2)
                    }

TmnxIPsecDirection ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION    "TmnxIPsecDirection data type is an enumerated integer 
                    that describes the values used to identify the direction
                    of an IPsec tunnel."
    SYNTAX          INTEGER {
                        inbound (1),
                        outbound (2)
                    }

TmnxIPsecDirection2 ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION    "TmnxIPsecDirection data type is an enumerated integer 
                    that describes the values used to identify the direction
                    of an IPsec tunnel."
    SYNTAX          INTEGER {
                        inbound (1),
                        outbound (2),
                        bidirectional (3)
                    }

TmnxIPsecProtocol ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION    "TmnxIPsecProtocol data type is an enumerated integer 
                    that describes the values used to identify the used
                    IPsec protocol."
    SYNTAX          INTEGER {
                        ah (1),
                        esp (2)
                    }

TmnxIPsecLocalIdType ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION    "TmnxIPsecLocalIdType data type is an enumerated integer 
                    that describes the local identifier type used for IDi
                    or IDr for IKEv2."
    SYNTAX          INTEGER {
                       none (0), -- default
                       ipv4 (1), -- ipv4 address
                       fqdn (2), -- FQDN domain name
                       dn   (3)  -- distinguishing name of subject in X.509 cert
                    }


--
-- IPsec Transform Table
--                
tmnxIPsecTransformTblLastChanged OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformTblLastChanged indicates the
         sysUpTime at the time of the last modification to 
         tmnxIPsecTransformTable by adding, deleting an entry or change
         to a writable object in the table.

         If no changes were made to the table since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecObjects 1 }

tmnxIPsecTransformTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTransformEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec transform entries."
    ::= { tmnxIPsecObjects 2 }

tmnxIPsecTransformEntry OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec transform entry."
    INDEX { tmnxIPsecTransformId }
    ::= { tmnxIPsecTransformTable 1 }

TmnxIPsecTransformEntry ::= SEQUENCE {
    tmnxIPsecTransformId             TmnxIPsecTransformId, 
    tmnxIPsecTransformRowStatus      RowStatus, 
    tmnxIPsecTransformLastChanged    TimeStamp,
    tmnxIPsecTransformAuthAlgorithm  TmnxAuthAlgorithm, 
    tmnxIPsecTransformEncrAlgorithm  TmnxEncrAlgorithm 
}

tmnxIPsecTransformId  OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformId specifies the id of a transform 
         entry and is the primary index for the table 
         tmnxIPsecTransformTable."
    ::= { tmnxIPsecTransformEntry 1 }

tmnxIPsecTransformRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTransformRowStatus object is used to create and 
         delete rows in the tmnxIPsecTransformTable."
    ::= { tmnxIPsecTransformEntry 2 }

tmnxIPsecTransformLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformLastChanged indicates the sysUpTime
         at the time of the last modification of this entry.

         If no changes were made to the entry since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecTransformEntry 3 }

tmnxIPsecTransformAuthAlgorithm  OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformAuthAlgorithm specifies the Hashing 
         algorithm used for the AH (Authentication Header) protocol's 
         authentication function. If 'none' is used then AH protocol will 
         not be used."
    DEFVAL { sha1 }
    ::= { tmnxIPsecTransformEntry 4 }

tmnxIPsecTransformEncrAlgorithm  OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTransformEncrAlgorithm specifies the 
         Encryption algorithm to be used for the IPsec session. Encryption 
         only applies to ESP(Encapsulating Security Payload) 
         configurations.  If encryption is 'null', then ESP will not be 
         used."
    DEFVAL { aes128 }
    ::= { tmnxIPsecTransformEntry 5 }


--
-- IPsec Policy Table
--
tmnxIkePolicyTableLastChanged OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyTableLastChanged indicates the
         sysUpTime at the time of the last modification to 
         tmnxIkePolicyTable by adding, deleting an entry or change
         to a writable object in the table.

         If no changes were made to the table since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecObjects 3 }

tmnxIkePolicyTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIkePolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the Ike policy entries."
    ::= { tmnxIPsecObjects 4 }

tmnxIkePolicyEntry OBJECT-TYPE
    SYNTAX      TmnxIkePolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single Ike policy entry."
    INDEX { tmnxIkePolicyId }
    ::= { tmnxIkePolicyTable 1 }

TmnxIkePolicyEntry ::= SEQUENCE {
    tmnxIkePolicyId                  TmnxIkePolicyId, 
    tmnxIkePolicyRowStatus           RowStatus, 
    tmnxIkePolicyLastChanged         TimeStamp,
    tmnxIkePolicyDescription         TItemDescription,
    tmnxIkePolicyIkeMode             TmnxIkePolicyIkeMode, 
    tmnxIkePolicyDHGroup             TmnxIkePolicyDHGroup,
    tmnxIkePolicyPFSEnabled          TruthValue,
    tmnxIkePolicyPFSDHGroup          TmnxIkePolicyDHGroup,
    tmnxIkePolicyAuthAlgorithm       TmnxAuthAlgorithm,
    tmnxIkePolicyEncrAlgorithm       TmnxEncrAlgorithm,
    tmnxIkePolicyIsakmpLifeTime      Unsigned32,
    tmnxIkePolicyIPsecLifeTime       Unsigned32,
    tmnxIkePolicyNatTraversal        INTEGER,    
    tmnxIkePolicyNatTKeepAliveIntvl  Unsigned32,
    tmnxIkePolicyNatTBehindNatOnly   TruthValue,
    tmnxIkePolicyDpd                 INTEGER,    
    tmnxIkePolicyDpdInterval         Unsigned32,        
    tmnxIkePolicyDpdMaxRetries       Unsigned32, 
    tmnxIkePolicyAuthMethod          TmnxIkePolicyAuthMethod,
    tmnxIkePolicyIkeVersion          TmnxIkeVersion,
    tmnxIkePolicyOwnAuthMethod       TmnxIkePolicyOwnAuthMethod
}

tmnxIkePolicyId  OBJECT-TYPE
    SYNTAX      TmnxIkePolicyId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyId specifies the id of a policy 
         entry and is the primary index for the table 
         tmnxIkePolicyTable."
    ::= { tmnxIkePolicyEntry 1 }

tmnxIkePolicyRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIkePolicyRowStatus object is used to create and 
         delete rows in the tmnxIkePolicyTable."
    ::= { tmnxIkePolicyEntry 2 }

tmnxIkePolicyLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyLastChanged indicates the sysUpTime
         at the time of the last modification of this entry.

         If no changes were made to the entry since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIkePolicyEntry 3 }

tmnxIkePolicyDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyDescription specifies the 
         user-provided description for each tmnxIkePolicyEntry in the 
         table tmnxIkePolicyTable."
    DEFVAL { "" }
    ::= { tmnxIkePolicyEntry 4 }

tmnxIkePolicyIkeMode  OBJECT-TYPE
    SYNTAX      TmnxIkePolicyIkeMode
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyIkeMode specifies the mode of 
         operation, which determines the number of messages used to 
         establish the session."
    DEFVAL { main }
    ::= { tmnxIkePolicyEntry 5 }

tmnxIkePolicyDHGroup  OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroup
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyDHGroup specifes the Diffie-Hellman
         group to be used for calculating session keys which will be used 
         in the Ike proposal."
    DEFVAL { group2 }
    ::= { tmnxIkePolicyEntry 6 }

tmnxIkePolicyPFSEnabled  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyPFSEnabled specifies whether 
         PFS(perfect forward secrecy) on the  tunnel using this policy 
         is enabled or not. When tmnxIkePolicyPFSDHGroup has a value 
         of 'true', PFS is enabled."
    DEFVAL { false }
    ::= { tmnxIkePolicyEntry 7 }

tmnxIkePolicyPFSDHGroup  OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroup
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyPFSDHGroup is used only if the 
         value of the tmnxIkePolicyPFSEnabled is 'true'.

         The value of tmnxIkePolicyPFSDHGroup specifies the new  
         Diffie-hellman key exchange each time the SA(Security Association)
         key is renegotiated.  After the SA expires, the key is forgotten 
         and another key is generated (if the SA remains up).  This means 
         that an attacker who cracks part of the exchange can only read the 
         part that used the key before the key changed.  There is no 
         advantage of cracking the other parts if the attacker has already 
         cracked one."
    DEFVAL { group2 }
    ::= { tmnxIkePolicyEntry 8 }

tmnxIkePolicyAuthAlgorithm  OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyAuthAlgorithm specifies the Hashing 
         algorithm used in the phase 1 SA."
    DEFVAL { sha1 }
    ::= { tmnxIkePolicyEntry 9 }

tmnxIkePolicyEncrAlgorithm  OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyEncrAlgorithm specifies the Encryption 
         algorithm to be used in the phase 1 SA."
    DEFVAL { aes128 }
    ::= { tmnxIkePolicyEntry 10 }

tmnxIkePolicyIsakmpLifeTime  OBJECT-TYPE
    SYNTAX      Unsigned32 (1200..172800)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyIsakmpLifeTime specifies the lifetime 
         of the phase 1 Ike key.

         ISAKMP stands for Internet Security Association and Key Management 
         Protocol"
    DEFVAL { 86400 }
    ::= { tmnxIkePolicyEntry 11 }

tmnxIkePolicyIPsecLifeTime  OBJECT-TYPE
    SYNTAX      Unsigned32 (1200..172800)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyIPsecLifeTime specifies the lifetime 
         of the phase 2 Ike key."
    DEFVAL { 3600 }
    ::= { tmnxIkePolicyEntry 12 }

tmnxIkePolicyNatTraversal  OBJECT-TYPE
    SYNTAX      INTEGER {
                    enable (1),
                    disable (2),
                    force (3)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyNatTraversal specifies whether 
         NAT-T(network address translation traversal) is 'enabled', 
         'disabled' or in 'forced' mode."
    DEFVAL { disable }
    ::= { tmnxIkePolicyEntry 13 }

tmnxIkePolicyNatTKeepAliveIntvl  OBJECT-TYPE
    SYNTAX      Unsigned32 (0|120..600)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyNatTKeepAliveIntvl specifies the 
         keep alive interval for NAT-T. If the value of 
         tmnxIkePolicyNatTKeepAliveIntvl is '0', then keep alives
         are disabled."
    DEFVAL { 0 }
    ::= { tmnxIkePolicyEntry 14 }

tmnxIkePolicyNatTBehindNatOnly  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyNatTBehindNatOnly specifies whether 
         the keep alive packets should be sent only when behind a NAT."
    DEFVAL { true }
    ::= { tmnxIkePolicyEntry 15 }

tmnxIkePolicyDpd  OBJECT-TYPE
    SYNTAX      INTEGER {
                    enable (1),
                    disable (2),
                    replyOnly (3)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyDpd specifies whether DPD (dead peer 
         detection) is 'enable', 'disable' or in 'replyOnly' mode.

         The DPD vendor ID is always advertised to the peer. To the extent
         that the peer advertises DPD support as well, the service-router will
         always reply to the peer's 'Are-You-There' messages.
         
         If tmnxIkePolicyDpd object is set to 'enable' the service-router will
         also send its own 'Are-You-There' message to the peer at the interval
         specified by tmnxIkePolicyDpdInterval.
         
         If tmnxIkePolicyDpd object is set to 'disable' the service-router will
         never send its own 'Are-You-There' message to the peer.
         
         If tmnxIkePolicyDpd object is set to 'replyOnly' the service-router
         will take the peer's 'Are-You-There' message as proof of 'liveliness'
         and will suppress the sending of its own 'Are-You-There' messages.
         Once it stops receiving 'Are-You-There' messages from the peer, it
         will start sending its own to determine if the peer is dead. The
         service-router will only send an 'Are-You-There' message when the
         other side has been idle (no traffic was forwarded through it) since
         the last tmnxIkePolicyDpdInterval. If the other side is active 
         (as determined by its traffic counters) it is assumed the peer is
         alive and the 'Are-You-There' message is suppressed."
    DEFVAL { disable }
    ::= { tmnxIkePolicyEntry 16 }

tmnxIkePolicyDpdInterval  OBJECT-TYPE
    SYNTAX      Unsigned32 (10..300)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyDpdInterval specifies the dead peer
         detection interval."
    DEFVAL { 30 }
    ::= { tmnxIkePolicyEntry 17 }

tmnxIkePolicyDpdMaxRetries  OBJECT-TYPE
    SYNTAX      Unsigned32 (2..5)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyDpdMaxRetries specifies the number
         of retries done before the peer is determined dead." 
    DEFVAL { 3 }
    ::= { tmnxIkePolicyEntry 18 }

tmnxIkePolicyAuthMethod  OBJECT-TYPE
    SYNTAX       TmnxIkePolicyAuthMethod
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyAuthMethod specifies the authentication
         method used with this IKE policy for the remote-peer."
    DEFVAL { psk }
    ::= { tmnxIkePolicyEntry 19 }

tmnxIkePolicyIkeVersion OBJECT-TYPE
    SYNTAX       TmnxIkeVersion
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyIkeVersion specifies the IKE version
         to be used with this IKE policy."
    DEFVAL { version1 }
    ::= { tmnxIkePolicyEntry 20 }

tmnxIkePolicyOwnAuthMethod  OBJECT-TYPE
    SYNTAX       TmnxIkePolicyOwnAuthMethod
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIkePolicyOwnAuthMethod specifies the authentication
         method used with this IKE policy on its own side."
    DEFVAL { symmetric }
    ::= { tmnxIkePolicyEntry 21 }

--
-- IPsec Tunnel Table
--
tmnxIPsecTunnelTableLastChanged OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelTableLastChanged indicates the
         sysUpTime at the time of the last modification to 
         tmnxIPsecTunnelTable by adding, deleting an entry or change
         to a writable object in the table.

         If no changes were made to the table since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecObjects 5 }

tmnxIPsecTunnelTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTunnelEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec Tunnel entries."
    ::= { tmnxIPsecObjects 6 }

tmnxIPsecTunnelEntry OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Tunnel entry."
    INDEX { svcId, 
            sapPortId, 
            sapEncapValue, 
            tmnxIPsecTunnelName 
          }
    ::= { tmnxIPsecTunnelTable 1 }

TmnxIPsecTunnelEntry ::= SEQUENCE {
    tmnxIPsecTunnelName                 TNamedItem, 
    tmnxIPsecTunnelRowStatus            RowStatus, 
    tmnxIPsecTunnelLastChanged          TimeStamp,
    tmnxIPsecTunnelDescription          TItemDescription,
    tmnxIPsecTunnelLclGwAddrType        InetAddressType, 
    tmnxIPsecTunnelLclGwAddr            InetAddress,
    tmnxIPsecTunnelRemGwAddrType        InetAddressType, 
    tmnxIPsecTunnelRemGwAddr            InetAddress,
    tmnxIPsecTunnelPublicSvcId          TmnxServId,
    tmnxIPsecTunnelSecurityPolicyId     TmnxIPsecPolicyIdOrZero,
    tmnxIPsecTunnelKeyingType           TmnxIPsecKeyingType,
    tmnxIPsecTunnelDynTransformId1      TmnxIPsecTransformIdOrZero,
    tmnxIPsecTunnelDynTransformId2      TmnxIPsecTransformIdOrZero,
    tmnxIPsecTunnelDynTransformId3      TmnxIPsecTransformIdOrZero,
    tmnxIPsecTunnelDynTransformId4      TmnxIPsecTransformIdOrZero,
    tmnxIPsecTunnelIkePolicyId          TmnxIkePolicyIdOrZero,
    tmnxIPsecTunnelIkePreSharedKey      OCTET STRING,
    tmnxIPsecTunnelAdminState           TmnxAdminState,
    tmnxIPsecTunnelOperState            TmnxOperState,
    tmnxIPsecTunnelOperFlags            BITS,
    tmnxIPsecTunnelReplayWindow         Unsigned32,
    tmnxIPsecTunnelAutoEstablish        TruthValue,
    tmnxIPsecTunnelBfdDesignate         TruthValue,
    tmnxIPsecTunnelCertTrustAnchor      TNamedItemOrEmpty,
    tmnxIPsecTunnelCertFile             DisplayString,
    tmnxIPsecTunnelKeyFile              DisplayString,
    tmnxIPsecTunnelLocalIdType          TmnxIPsecLocalIdType,
    tmnxIPsecTunnelLocalIdValue         DisplayString,
    tmnxIPsecTunnelClearDfBit           TruthValue,
    tmnxIPsecTunnelIpMtu                Unsigned32,
    tmnxIPsecTunnelHostISA              TmnxHwIndexOrZero
}

tmnxIPsecTunnelName  OBJECT-TYPE
    SYNTAX      TNamedItem
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelName specifies the name of the tunnel 
         and is part of the index for the table tmnxIPsecTunnelTable."
    ::= { tmnxIPsecTunnelEntry 1 }

tmnxIPsecTunnelRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTunnelRowStatus object is used to create and delete 
         rows in the tmnxIPsecTunnelTable."
    ::= { tmnxIPsecTunnelEntry 2 }

tmnxIPsecTunnelLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelLastChanged indicates the sysUpTime
         at the time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains
         a zero value."
    ::= { tmnxIPsecTunnelEntry 3 }

tmnxIPsecTunnelDescription  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelDescription specifies the 
         user-provided description for each tmnxIPsecTunnelEntry in the 
         table tmnxIPsecTunnelTable."
    DEFVAL { "" }
    ::= { tmnxIPsecTunnelEntry 4 }

tmnxIPsecTunnelLclGwAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelLclGwAddrType specifies the address 
         type of address in tmnxIPsecTunnelLclGwAddr." 
    DEFVAL { unknown }
    ::= { tmnxIPsecTunnelEntry 5 }

tmnxIPsecTunnelLclGwAddr  OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelLclGwAddr specifies the address of the 
         interface on the local node of this IPsec tunnel."
    DEFVAL { ''H }
    ::= { tmnxIPsecTunnelEntry 6 }

tmnxIPsecTunnelRemGwAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelRemGwAddrType specifies the address
         type of address in tmnxIPsecTunnelRemGwAddr."
    DEFVAL { unknown }
    ::= { tmnxIPsecTunnelEntry 7 }

tmnxIPsecTunnelRemGwAddr  OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelRemGwAddr specifies the address of the 
         interface on the remote node of this IPsec tunnel."
    DEFVAL { ''H }
    ::= { tmnxIPsecTunnelEntry 8 }

tmnxIPsecTunnelPublicSvcId  OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelPublicSvcId specifies the service-id 
         of the tunnel delivery service. The TIMETRA-SERV-MIB::svcType of 
         the delivery service must be 'ies (5)' or 'vprn (4)', otherwise the 
         set request will fail with an 'inconsistentValue' error."
    DEFVAL { 0 }
    ::= { tmnxIPsecTunnelEntry 9 }

tmnxIPsecTunnelSecurityPolicyId  OBJECT-TYPE
    SYNTAX      TmnxIPsecPolicyIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelSecurityPolicyId specifies the IPsec
         security policy entry in the tmnxIPsecPolicyTable that this tunnel 
         will use."
    DEFVAL { 0 }
    ::= { tmnxIPsecTunnelEntry 10 }

tmnxIPsecTunnelKeyingType  OBJECT-TYPE
    SYNTAX      TmnxIPsecKeyingType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelKeyingType specifies the keying type
         that this tunnel will use."
    DEFVAL { none }
    ::= { tmnxIPsecTunnelEntry 11 }

tmnxIPsecTunnelDynTransformId1  OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelDynTransformId1 specifies the first 
         IPsec transform entry in the table tmnxIPsecTransformTable that 
         this tunnel will use."
    DEFVAL { 0 }
    ::= { tmnxIPsecTunnelEntry 12 }

tmnxIPsecTunnelDynTransformId2  OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelDynTransformId2 specifies the second 
         IPsec transform entry in the table tmnxIPsecTransformTable that 
         this tunnel will use. 
         
         The value of tmnxIPsecTunnelDynTransformId2 is valid and greater 
         than 0, only if the value of tmnxIPsecTunnelKeyingType is 
         'dynamic'."
    DEFVAL { 0 }
    ::= { tmnxIPsecTunnelEntry 13 }

tmnxIPsecTunnelDynTransformId3  OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelDynTransformId3 specifies the third 
         IPsec transform entry in the table tmnxIPsecTransformTable that 
         this tunnel will use.

         The value of tmnxIPsecTunnelDynTransformId3 is valid and greater 
         than 0, only if the value of tmnxIPsecTunnelKeyingType is 
         'dynamic'."
    DEFVAL { 0 }
    ::= { tmnxIPsecTunnelEntry 14 }

tmnxIPsecTunnelDynTransformId4  OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelDynTransformId4 specifies the fourth 
         IPsec transform entry in the table tmnxIPsecTransformTable that 
         this tunnel will use.

         The value of tmnxIPsecTunnelDynTransformId3 is valid and greater 
         than 0, only if the value of tmnxIPsecTunnelKeyingType is 
         'dynamic'."
    DEFVAL { 0 }
    ::= { tmnxIPsecTunnelEntry 15 }

tmnxIPsecTunnelIkePolicyId  OBJECT-TYPE
    SYNTAX      TmnxIkePolicyIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The object tmnxIPsecTunnelIkePolicyId specifies the IKE
         policy entry that this tunnel will use. 

         The value of tmnxIPsecTunnelIkePolicyId is valid and greater 
         than 0, only if the value of tmnxIPsecTunnelKeyingType is 
         'dynamic'."
    DEFVAL { 0 }
    ::= { tmnxIPsecTunnelEntry 16 }

tmnxIPsecTunnelIkePreSharedKey  OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelIkePreSharedKey specifies the shared
         secret between the two peers forming the tunnel.

         The value of tmnxIPsecTunnelIkePreSharedKey is a valid and non
         null string only if the value of tmnxIPsecTunnelKeyingType is 
         'dynamic'."
    DEFVAL { "" }
    ::= { tmnxIPsecTunnelEntry 17 }

tmnxIPsecTunnelAdminState  OBJECT-TYPE
    SYNTAX      TmnxAdminState 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelAdminState specifies the administrative
         state of the tmnxIPsecTunnelEntry."
    DEFVAL { outOfService }
    ::= { tmnxIPsecTunnelEntry 18 }

tmnxIPsecTunnelOperState  OBJECT-TYPE
    SYNTAX      TmnxOperState 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelOperState indicates the operational 
         status of tmnxIPsecTunnelEntry."
    ::= { tmnxIPsecTunnelEntry 19 }

tmnxIPsecTunnelOperFlags  OBJECT-TYPE
    SYNTAX      BITS {
                    unresolvedLocalIp (0),  
                    tunnelAdminDown (1),
                    sapDown (2),
                    unresolvedPublicSvc(3),
                    bfdSessionDown(4),
                    reserved1(5),
                    reserved2(6),
                    invalidCertFile(7),
                    invalidKeyFile(8)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelOperFlags indicates the reason why the
         tunnel is operationally down."
    ::= { tmnxIPsecTunnelEntry 20 }

tmnxIPsecTunnelReplayWindow  OBJECT-TYPE
    SYNTAX      Unsigned32 (0|32|64|128|256|512)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION 
        "The value of tmnxIPsecTunnelReplayWindow specifies the size of 
         the anti-replay window.

         If the value of tmnxIPsecTunnelReplayWindow is set to 0, then the
         anti-replay feature is disabled."
    DEFVAL { 0 }
    ::= { tmnxIPsecTunnelEntry 21 }

tmnxIPsecTunnelAutoEstablish  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION 
        "The value of tmnxIPsecTunnelAutoEstablish specifies whether
         to attempt to establish a phase 1 exchange automatically."
    DEFVAL { false }
    ::= { tmnxIPsecTunnelEntry 22 }

tmnxIPsecTunnelBfdDesignate  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION 
        "The value of tmnxIPsecTunnelBfdDesignate specifies whether
         this IPSec tunnel is the BFD designated tunnel."
    DEFVAL { false }
    ::= { tmnxIPsecTunnelEntry 23 }

tmnxIPsecTunnelCertTrustAnchor OBJECT-TYPE
    SYNTAX          TNamedItemOrEmpty
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of tmnxIPsecTunnelCertTrustAnchor specifies the name for 
         Certificate-Authority Profile name associated with this SAP IPSec
         tunnel certificate.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxIPsecTunnelAdminState is in 'inService' state."
    DEFVAL { ''H }
    ::= { tmnxIPsecTunnelEntry 24 }

tmnxIPsecTunnelCertFile OBJECT-TYPE
    SYNTAX          DisplayString
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of tmnxIPsecTunnelCertFile specifies the local file URL of
         the certifiate to be used with this SAP IPSec tunnel."
    DEFVAL { ''H }
    ::= { tmnxIPsecTunnelEntry 25 }

tmnxIPsecTunnelKeyFile OBJECT-TYPE
    SYNTAX          DisplayString
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of tmnxIPsecTunnelKeyFile specifies the key-pair file to be
         used for X.509 certificate authentication with this SAP IPSec tunnel."
    DEFVAL { ''H }
    ::= { tmnxIPsecTunnelEntry 26 }

tmnxIPsecTunnelLocalIdType OBJECT-TYPE
    SYNTAX          TmnxIPsecLocalIdType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of tmnxIPsecTunnelLocalIdType specifies the local-identifier
         type used for IDi or IDr for IKEv2.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxIPsecTunnelAdminState is in 'inService' state."
    DEFVAL { none }
    ::= { tmnxIPsecTunnelEntry 27 }

tmnxIPsecTunnelLocalIdValue OBJECT-TYPE
    SYNTAX          DisplayString
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of tmnxIPsecTunnelLocalIdValue specifies the value
         associated with tmnxIPsecTunnelLocalIdType object.

         Value is extracted from the configured certificate when 
         tmnxIPsecTunnelLocalIdType is set to 'dn'."
    DEFVAL { ''H }
    ::= { tmnxIPsecTunnelEntry 28 }

tmnxIPsecTunnelClearDfBit  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION 
        "The value of tmnxIPsecTunnelClearDfBit specifies whether to clear
         Do not Fragment (DF) bit in the outgoing packets in this tunnel."
    DEFVAL { false }
    ::= { tmnxIPsecTunnelEntry 29 }

tmnxIPsecTunnelIpMtu  OBJECT-TYPE
    SYNTAX      Unsigned32 (0|512..9000)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION 
        "The value of tmnxIPsecTunnelIpMtu specifies the MTU size for IP packets
         for this  tunnel.

         A value set to zero indicates maximum supported MTU size on the SAP
         for this tunnel."
    DEFVAL { 0 }
    ::= { tmnxIPsecTunnelEntry 30 }

tmnxIPsecTunnelHostISA  OBJECT-TYPE
    SYNTAX      TmnxHwIndexOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelHostISA indicates the active ISA
         that is being used to host this IPsec tunnel.

         This object will have a value of zero when this tunnel is operationally
         down."
    ::= { tmnxIPsecTunnelEntry 31 }

--
-- IPsec Tunnel Statistics Table
--

tmnxIPsecTunnelStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTunnelStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store IPsec Tunnel statistics"
    ::= { tmnxIPsecObjects 7 }

tmnxIPsecTunnelStatsEntry       OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Statistics for a single IPsec Tunnel."
    INDEX { svcId, 
            sapPortId, 
            sapEncapValue, 
            tmnxIPsecTunnelName 
          }
    ::= { tmnxIPsecTunnelStatsTable 1 }

TmnxIPsecTunnelStatsEntry ::= SEQUENCE {
    tmnxIPsecTunnelIsakmpState          INTEGER,    
    tmnxIPsecTunnelIsakmpEstabTime      TimeStamp,
    tmnxIPsecTunnelIsakmpNegLifeTime    Unsigned32,
    tmnxIPsecTunnelNumDpdTx             Counter32,
    tmnxIPsecTunnelNumDpdRx             Counter32,
    tmnxIPsecTunnelNumDpdAckTx          Counter32,
    tmnxIPsecTunnelNumDpdAckRx          Counter32,
    tmnxIPsecTunnelNumExpRx             Counter32,
    tmnxIPsecTunnelNumInvalidDpdRx      Counter32,
    tmnxIPsecTunnelNumCtrlPktsTx        Counter32,
    tmnxIPsecTunnelNumCtrlPktsRx        Counter32,
    tmnxIPsecTunnelNumCtrlTxErrors      Counter32,
    tmnxIPsecTunnelNumCtrlRxErrors      Counter32
}

tmnxIPsecTunnelIsakmpState  OBJECT-TYPE
    SYNTAX      INTEGER {
                    up (1),
                    down (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION 
       "The value of tmnxIPsecTunnelIsakmpState indicates the state of 
        phase 1 IPsec negotiation."
    ::= { tmnxIPsecTunnelStatsEntry 1 }

tmnxIPsecTunnelIsakmpEstabTime  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "The value of tmnxIPsecTunnelIsakmpEstabTime indicates the sysUpTime
        at the time the IPsec phase 1 negotiation completed."
    ::= { tmnxIPsecTunnelStatsEntry 2 }

tmnxIPsecTunnelIsakmpNegLifeTime  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION 
       "The value of tmnxIPsecTunnelIsakmpNegLifeTime indicates the 
        lifetime negotiated for phase1 Ike key."
    ::= { tmnxIPsecTunnelStatsEntry 3 }

tmnxIPsecTunnelNumDpdTx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumDpdTx indicates the number of 
         Dead-Peer-Detection packets transmitted."
    ::= { tmnxIPsecTunnelStatsEntry 4 }

tmnxIPsecTunnelNumDpdRx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumDpdRx indicates the number of 
         Dead-Peer-Detection packets received."
    ::= { tmnxIPsecTunnelStatsEntry 5 }

tmnxIPsecTunnelNumDpdAckTx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumDpdAckTx indicates the number of 
         Dead-Peer-Detection acknowledgement packets transmitted."
    ::= { tmnxIPsecTunnelStatsEntry 6 }

tmnxIPsecTunnelNumDpdAckRx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumDpdAckRx indicates the number of 
         Dead-Peer-Detection acknowledgement packets received."
    ::= { tmnxIPsecTunnelStatsEntry 7 }

tmnxIPsecTunnelNumExpRx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumExpRx indicates the number of 
         DPD R-U-THERE packets that have not been acknowledged."
    ::= { tmnxIPsecTunnelStatsEntry 8 }

tmnxIPsecTunnelNumInvalidDpdRx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumInvalidDpdRx indicates the number
         of malformed DPD R-U-THERE acknowledgement packets received."
    ::= { tmnxIPsecTunnelStatsEntry 9 }

tmnxIPsecTunnelNumCtrlPktsTx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumCtrlPktsTx indicates the number of
         control packets this IPsec Tunnel has sent."
    ::= { tmnxIPsecTunnelStatsEntry 10 }

tmnxIPsecTunnelNumCtrlPktsRx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumCtrlPktsRx indicates the number of
         control packets this IPsec Tunnel has received."
    ::= { tmnxIPsecTunnelStatsEntry 11 }

tmnxIPsecTunnelNumCtrlTxErrors        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumCtrlTxErrors indicates the number of
         control packet transmit errors."
    ::= { tmnxIPsecTunnelStatsEntry 12 }

tmnxIPsecTunnelNumCtrlRxErrors        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelNumCtrlRxErrors indicates the number of
         control packet receive errors."
    ::= { tmnxIPsecTunnelStatsEntry 13 }

--
-- IPsec Security Policy Table
--
tmnxIPsecPolicyTableLastChanged OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyTableLastChanged indicates the
         sysUpTime at the time of the last modification to 
         tmnxIPsecPolicyTable by adding, deleting an entry or 
         change to a writable object in the table.

         If no changes were made to the table since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecObjects 8 }

tmnxIPsecPolicyTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec Security Policy entries."
    ::= { tmnxIPsecObjects 9 }

tmnxIPsecPolicyEntry  OBJECT-TYPE
    SYNTAX      TmnxIPsecPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Security Policy entry."
    INDEX { svcId, 
            tmnxIPsecPolicyId 
          }
    ::= { tmnxIPsecPolicyTable 1 }

TmnxIPsecPolicyEntry ::= SEQUENCE {
    tmnxIPsecPolicyId                     TmnxIPsecPolicyId, 
    tmnxIPsecPolicyRowStatus              RowStatus, 
    tmnxIPsecPolicyLastChanged            TimeStamp
}

tmnxIPsecPolicyId OBJECT-TYPE
    SYNTAX      TmnxIPsecPolicyId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyId specifies the id of a 
         Security Policy entry and is the primary index for the table."
    ::= { tmnxIPsecPolicyEntry 1 }

tmnxIPsecPolicyRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecPolicyRowStatus object is used to create and 
         delete rows in the tmnxIPsecPolicyTable."
    ::= { tmnxIPsecPolicyEntry 2 }

tmnxIPsecPolicyLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyLastChanged indicates the 
         sysUpTime at the time of the last modification of this entry.

         If no changes were made to the entry since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecPolicyEntry 3 }


--
-- IPsec Security Policy Params Entry Table
--
tmnxIPsecPlcyParamsTblLastChangd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPlcyParamsTblLastChangd indicates the
         sysUpTime at the time of the last modification to 
         tmnxIPsecPolicyParamsTable by adding, deleting an entry or 
         change to a writable object in the table.

         If no changes were made to the table since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecObjects 10 }

tmnxIPsecPolicyParamsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecPolicyParamsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec Security Policy Params entries."
    ::= { tmnxIPsecObjects 11 }

tmnxIPsecPolicyParamsEntry OBJECT-TYPE
    SYNTAX      TmnxIPsecPolicyParamsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Security policy params entry."
    INDEX { svcId, 
            tmnxIPsecPolicyId, 
            tmnxIPsecPolicyParamsId 
          }
    ::= { tmnxIPsecPolicyParamsTable 1 }

TmnxIPsecPolicyParamsEntry ::= SEQUENCE {
    tmnxIPsecPolicyParamsId                   Unsigned32, 
    tmnxIPsecPolicyParamsRowStatus            RowStatus, 
    tmnxIPsecPolicyParamsLastChanged          TimeStamp,
    tmnxIPsecPolicyParamsLclAddrAny           TruthValue,
    tmnxIPsecPolicyParamsLclAddrType          InetAddressType, 
    tmnxIPsecPolicyParamsLclAddr              InetAddress,
    tmnxIPsecPolicyParamsLclAPrefLen          InetAddressPrefixLength,
    tmnxIPsecPolicyParamsRemAddrAny           TruthValue,
    tmnxIPsecPolicyParamsRemAddrType          InetAddressType, 
    tmnxIPsecPolicyParamsRemAddr              InetAddress,
    tmnxIPsecPolicyParamsRemAPrefLen          InetAddressPrefixLength
}

tmnxIPsecPolicyParamsId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..16)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsId specifies the id of an IPsec 
         policy params entry and is part of the index for the 
         tmnxIPsecPolicyParamsTable."
    ::= { tmnxIPsecPolicyParamsEntry 1 }

tmnxIPsecPolicyParamsRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecPolicyParamsRowStatus object is used to create and 
         delete rows in the tmnxIPsecPolicyParamsTable."
    ::= { tmnxIPsecPolicyParamsEntry 2 }

tmnxIPsecPolicyParamsLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsLastChanged indicates the 
         sysUpTime at the time of the last modification of this entry.

         If no changes were made to the entry since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecPolicyParamsEntry 3 }

tmnxIPsecPolicyParamsLclAddrAny  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsLclAddrAny specifies whether the
         ip address on the vpn side can be any ip address. If the value
         is 'true' then local ip address can be any ip address.

         Please look at the following chart for more details:

         tmnxIPsecPolicyParamsLclAddrAny    true         false 
         -----------------------------------------------------------------
         tmnxIPsecPolicyParamsLclAddrType   unknown      unknown or ipv4
         tmnxIPsecPolicyParamsLclAddr       ''H          ''H or valid ipv4
         tmnxIPsecPolicyParamsLclAPrefLen    0           0 to 32
         "
    DEFVAL { false }
    ::= { tmnxIPsecPolicyParamsEntry 4 }

tmnxIPsecPolicyParamsLclAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsLclAddrType specifies the 
         address type of address in tmnxIPsecPolicyParamsLclAddr. If the 
         value of tmnxIPsecPolicyParamsLclAddrAny is 'true' then the 
         value of tmnxIPsecPolicyParamsLclAddrType will be 'unknown'." 
    DEFVAL { unknown }
    ::= { tmnxIPsecPolicyParamsEntry 5 }

tmnxIPsecPolicyParamsLclAddr  OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsLclAddr specifies the ip address 
         on the vpn side. If the value of tmnxIPsecPolicyParamsLclAddrAny is 
         'true' then the value of tmnxIPsecPolicyParamsLclAddr will be
         empty(''H)." 
    DEFVAL { ''H }
    ::= { tmnxIPsecPolicyParamsEntry 6 }

tmnxIPsecPolicyParamsLclAPrefLen  OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsLclAPrefLen specifies the 
         number of bits to match of the tmnxIPsecPolicyParamsLclAddr.
         If the value of tmnxIPsecPolicyParamsLclAddrAny is 'true' then the
         value of tmnxIPsecPolicyParamsLclAPrefLen will be 0." 
    DEFVAL { 0 }
    ::= { tmnxIPsecPolicyParamsEntry 7 }

tmnxIPsecPolicyParamsRemAddrAny  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsRemAddrAny specifies whether the
         ip address on the tunnel side can be any ip address. If the value
         is 'true' then remote ip address can be any ip address.

         Please look at the following chart for more details:

         tmnxIPsecPolicyParamsLclAddrAny     true         false 
         -----------------------------------------------------------------
         tmnxIPsecPolicyParamsRemAddrType    unknown      unknown or ipv4
         tmnxIPsecPolicyParamsRemAddr        ''H          ''H or valid ipv4
         tmnxIPsecPolicyParamsRemAPrefLen    0            0 to 32
         "
    DEFVAL { false }
    ::= { tmnxIPsecPolicyParamsEntry 8 }

tmnxIPsecPolicyParamsRemAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsRemAddrType specifies the address 
         type of address in tmnxIPsecPolicyParamsRemAddr. If the value of 
         tmnxIPsecPolicyParamsRemAddrAny is 'true' then the value of 
         tmnxIPsecPolicyParamsRemAddrType will be 'unknown'." 
    DEFVAL { unknown }
    ::= { tmnxIPsecPolicyParamsEntry 9 }

tmnxIPsecPolicyParamsRemAddr  OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20)) 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsRemAddr specifies the ip address 
         on the tunnel side. If the value of tmnxIPsecPolicyParamsRemAddrAny
         is 'true' then the value of tmnxIPsecPolicyParamsRemAddr will be 
         empty(''H)." 
    DEFVAL { ''H }
    ::= { tmnxIPsecPolicyParamsEntry 10 }

tmnxIPsecPolicyParamsRemAPrefLen  OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPolicyParamsRemAPrefLen specifies the 
         number of bits to match of the tmnxIPsecPolicyParamsRemAddr.
         If the value of tmnxIPsecPolicyParamsRemAddrAny is 'true' then the
         value of tmnxIPsecPolicyParamsRemAPrefLen will be 0." 
    DEFVAL { 0 }
    ::= { tmnxIPsecPolicyParamsEntry 11 }


--
-- IPsec SA (Security Association) Entry Table
--
tmnxIPsecSATableLastChanged OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSATableLastChanged indicates the sysUpTime 
         at the time of the last modification to tmnxIPsecSATable by 
         adding, deleting an entry or change to a writable object in the 
         table.

         If no changes were made to the table since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecObjects 12 }

tmnxIPsecSATable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec manual and dynamic SA entries."
    ::= { tmnxIPsecObjects 13 }

tmnxIPsecSAEntry OBJECT-TYPE
    SYNTAX      TmnxIPsecSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec SA entry."
    INDEX { svcId, 
            sapPortId, 
            sapEncapValue, 
            tmnxIPsecTunnelName, 
            tmnxIPsecSAId,             
            tmnxIPsecSADirection,
            tmnxIPsecSAIndex
          }
    ::= { tmnxIPsecSATable 1 }

TmnxIPsecSAEntry ::= SEQUENCE {
    tmnxIPsecSAId                             Unsigned32,
    tmnxIPsecSAIndex                          Unsigned32, 
    tmnxIPsecSADirection                      TmnxIPsecDirection,
    tmnxIPsecSARowStatus                      RowStatus, 
    tmnxIPsecSALastChanged                    TimeStamp,
    tmnxIPsecSAType                           TmnxIPsecKeyingType,
    tmnxIPsecSAEncryptionKey                  OCTET STRING,
    tmnxIPsecSAAuthenticationKey              OCTET STRING, 
    tmnxIPsecSASpi                            Unsigned32, 
    tmnxIPsecSAManualTransformId              TmnxIPsecTransformIdOrZero,
    tmnxIPsecSAAuthAlgorithm                  TmnxAuthAlgorithm, 
    tmnxIPsecSAEncrAlgorithm                  TmnxEncrAlgorithm, 
    tmnxIPsecSAStorageType                    StorageType, 
    tmnxIPsecSAEstablishedTime                TimeStamp,
    tmnxIPsecSANegotiatedLifeTime             Unsigned32
}

tmnxIPsecSAId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..16)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAId specifies the id of an 
         SA entry and is part of the index for the tmnxIPsecSATable."
    ::= { tmnxIPsecSAEntry 1 }

tmnxIPsecSAIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..2)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAIndex specifies an additional index to uniquely 
         indentify the SA entry in the tmnxIPsecSATable.
         
         The value of tmnxIPsecSAIndex is limited to a value of '1' when 
         tmnxIPsecTunnelKeyingType corresponding to the tunnel specified 
         tmnxIPsecTunnelName is set to 'static'."
    ::= { tmnxIPsecSAEntry 2 }

tmnxIPsecSADirection OBJECT-TYPE
    SYNTAX      TmnxIPsecDirection
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSADirection specifies the direction on the
         IPsec tunnel to which this SA entry can be applied.  The value
         of tmnxIPsecSADirection is also part of the index for the table
         tmnxIPsecSATable"
    ::= { tmnxIPsecSAEntry 3 }


tmnxIPsecSARowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecSARowStatus object is used to create and 
         delete rows in the tmnxIPsecSATable. 

         When creating an entry in tmnxIPsecSATable, the value of 
         tmnxIPsecSARowStatus must be 'createAndGo' and the objects 
         tmnxIPsecSAEncryptionKey, tmnxIPsecSAAuthenticationKey, 
         tmnxIPsecSASpi, tmnxIPsecSAManualTransformId are required to be 
         set in the same request."
    ::= { tmnxIPsecSAEntry 4 }

tmnxIPsecSALastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSALastChanged indicates the sysUpTime at the 
         time of the last modification of this entry.

         If no changes were made to the entry since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecSAEntry 5 }

tmnxIPsecSAType  OBJECT-TYPE
    SYNTAX      TmnxIPsecKeyingType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAType indicates whether this SA entry is 
         created manually by the user or dynamically by the IPsec sub-system."
    ::= { tmnxIPsecSAEntry 6 }

tmnxIPsecSAEncryptionKey OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..32))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAEncryptionKey specifies the key used 
         for the encryption algorithm defined by the 
         tmnxIPsecTransformEncrAlgorithm in the IPsec transform indexed
         by tmnxIPsecSAManualTransformId.

         The length of the key must match the length required by the 
         encryption algorithm. If a key of another length is set, the
         request will fail with an 'inconsistentValue' error.

         There is no default value for tmnxIPsecSAEncryptionKey and 
         this is a required object when creating an entry in 
         tmnxIPsecSATable. If tmnxIPsecSAEncryptionKey is not specified 
         when creating an entry, the request will fail with an 
         'inconsistentValue' error."
    ::= { tmnxIPsecSAEntry 7 }

tmnxIPsecSAAuthenticationKey OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAAuthenticationKey specifies the key used 
         for the authentication algorithm defined by the 
         tmnxIPsecTransformAuthAlgorithm in the IPsec transform indexed
         by tmnxIPsecSAManualTransformId.

         The length of the key must match the length required by the 
         authentication algorithm. If a key of another length is set, the
         request will fail with an 'inconsistentValue' error.

         There is no default value for tmnxIPsecSAAuthenticationKey and 
         this is a required object when creating an entry in 
         tmnxIPsecSATable. If tmnxIPsecSAAuthenticationKey is not specified 
         when creating an entry, the request will fail with an 
         'inconsistentValue' error."
    ::= { tmnxIPsecSAEntry 8 }

tmnxIPsecSASpi OBJECT-TYPE
    SYNTAX      Unsigned32 (256..16383)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSASpi specifies the 
         SPI (Security Parameter Index) used to lookup the instruction to
         verify and decrypt the incoming IPsec packets when the value of 
         tmnxIPsecSADirection is 'inbound'.

         The value of tmnxIPsecSASpi specifies the SPI that will be used 
         in the encoding of the outgoing packets when the value of 
         tmnxIPsecSADirection is 'outbound'.  The remote node can use this
         SPI to lookup the instruction to verify and decrypt the packet.

         There is no default value for tmnxIPsecSASpi and this is a 
         required object when creating an entry in tmnxIPsecSATable.
         If tmnxIPsecSAAuthenticationKey is not specified when creating an
         entry, the request will fail with an 'inconsistentValue' error."
    ::= { tmnxIPsecSAEntry 9 }

tmnxIPsecSAManualTransformId OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAManualTransformId specifies the transform 
         entry that will be used by this SA entry.  This object should be 
         specified for all the entries created by the user which are manual 
         SAs.  If the value of tmnxIPsecSAType is 'dynamic', then 
         the value of tmnxIPsecSAManualTransformId is irrelevant and 
         will be zero.

         There is no default value for tmnxIPsecSAManualTransformId and 
         this is a required object when creating an entry in 
         tmnxIPsecSATable. If tmnxIPsecSAManualTransformId is not specified 
         when creating an entry, the request will fail with an 
         'inconsistentValue' error."
    ::= { tmnxIPsecSAEntry 10 }

tmnxIPsecSAAuthAlgorithm OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAAuthAlgorithm indicates the 
         authentication algorithm used with this SA."
    ::= { tmnxIPsecSAEntry 11 }

tmnxIPsecSAEncrAlgorithm OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAEncrAlgorithm indicates the 
         encryption algorithm used with this SA."
    ::= { tmnxIPsecSAEntry 12 }

tmnxIPsecSAStorageType OBJECT-TYPE
    SYNTAX      StorageType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStorageType indicates how the row is stored.
         Entries with tmnxIPsecSAStorageType of 'read-only' are dynamic SAs 
         and are created by the IPsec sub-system and cannot be modified or 
         destroyed.  All the entries created by the user are manual SAs and 
         will have the tmnxIPsecSAStorageType as 'nonVolatile'."
    ::= { tmnxIPsecSAEntry 13 }

tmnxIPsecSAEstablishedTime OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "The value of tmnxIPsecSAEstablishedTime indicates the sysUpTime
        at the time the IPsec phase 2 negotiation completed."
    ::= { tmnxIPsecSAEntry 14 }

tmnxIPsecSANegotiatedLifeTime OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "The value of tmnxIPsecSANegotiatedLifeTime indicates the 
        lifetime negotiated for phase2 Ike key."
    ::= { tmnxIPsecSAEntry 15 }


--
-- IPsec SA (Security Association) Stats Table
--
tmnxIPsecSAStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to retrieve the IPsec SA Statistics entries."
    ::= { tmnxIPsecObjects 14 }

tmnxIPsecSAStatsEntry OBJECT-TYPE
    SYNTAX      TmnxIPsecSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec SA Statistics entry."
    INDEX { svcId, 
            sapPortId, 
            sapEncapValue, 
            tmnxIPsecTunnelName, 
            tmnxIPsecSAId, 
            tmnxIPsecSADirection,
            tmnxIPsecSAIndex
          }
    ::= { tmnxIPsecSAStatsTable 1 }

TmnxIPsecSAStatsEntry ::= SEQUENCE {
    tmnxIPsecSAStatsBytesProcessed            Counter64,
    tmnxIPsecSAStatsBytesProcLow32            Counter32,
    tmnxIPsecSAStatsBytesProcHigh32           Counter32,
    tmnxIPsecSAStatsPktsProcessed             Counter64,
    tmnxIPsecSAStatsPktsProcLow32             Counter32,
    tmnxIPsecSAStatsPktsProcHigh32            Counter32,
    tmnxIPsecSAStatsCryptoErrors              Counter32,
    tmnxIPsecSAStatsReplayErrors              Counter32,
    tmnxIPsecSAStatsSAErrors                  Counter32,
    tmnxIPsecSAStatsPolicyErrors              Counter32
}

tmnxIPsecSAStatsBytesProcessed OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsBytesProcessed indicates the number
         of bytes successfully processed for this SA."
    ::= { tmnxIPsecSAStatsEntry 1 }

tmnxIPsecSAStatsBytesProcLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsBytesProcLow32 indicates the lower 
         32 bits of the value of tmnxIPsecSAStatsBytesProcessed."
    ::= { tmnxIPsecSAStatsEntry 2 }

tmnxIPsecSAStatsBytesProcHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsBytesProcHigh32 indicates the higher 
         32 bits of the value of tmnxIPsecSAStatsBytesProcessed."
    ::= { tmnxIPsecSAStatsEntry 3 }

tmnxIPsecSAStatsPktsProcessed OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPktsProcessed indicates the number
         of packets successfully processed for this SA."
    ::= { tmnxIPsecSAStatsEntry 4 }

tmnxIPsecSAStatsPktsProcLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPktsProcLow32 indicates the lower 
         32 bits of the value of tmnxIPsecSAStatsPktsProcessed."
    ::= { tmnxIPsecSAStatsEntry 5 }

tmnxIPsecSAStatsPktsProcHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPktsProcHigh32 indicates the higher 
         32 bits of the value of tmnxIPsecSAStatsPktsProcessed."
    ::= { tmnxIPsecSAStatsEntry 6 }

tmnxIPsecSAStatsCryptoErrors OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsCryptoErrors indicates the number
         of crypto errors encountered on this SA.  The crypto errors 
         include errors on packets where protocol does not match or
         if the check on authentication header length failed."
    ::= { tmnxIPsecSAStatsEntry 7 }

tmnxIPsecSAStatsReplayErrors OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsReplayErrors indicates the number
         of replay errors encountered on this SA."
    ::= { tmnxIPsecSAStatsEntry 8 }

tmnxIPsecSAStatsSAErrors OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsSAErrors indicates the number
         of SA errors encountered on this SA.  The SA errors include
         sequence number failure, invalid SA, ploicy version mismatch, 
         illegal authentication algorithm, expanded packet too big,
         illegal configured algorithm and ttl decrement error."
    ::= { tmnxIPsecSAStatsEntry 9 }

tmnxIPsecSAStatsPolicyErrors OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecSAStatsPolicyErrors indicates the number
         of policy errors encountered on this SA.  The policy errors include
         bundled SA, selector check and policy direction error."
    ::= { tmnxIPsecSAStatsEntry 10 }


--
-- IPsec MDA Data Path Stats Table
--
tmnxIPsecMdaDpStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecMdaDpStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to retrieve the IPsec Mda Data Path Statistics entries."
    ::= { tmnxIPsecObjects 15 }

tmnxIPsecMdaDpStatsEntry OBJECT-TYPE
    SYNTAX      TmnxIPsecMdaDpStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Mda Data Path Statistics entry."
    INDEX { tmnxChassisIndex, 
            tmnxCardSlotNum, 
            tmnxMDASlotNum 
          }
    ::= { tmnxIPsecMdaDpStatsTable 1 }

TmnxIPsecMdaDpStatsEntry ::= SEQUENCE {
    tmnxIPsecMdaDpStatsEncryptPkts                      Counter64,
    tmnxIPsecMdaDpStatsEncryptPktsLow32                 Counter32,
    tmnxIPsecMdaDpStatsEncryptPktsHigh32                Counter32,
    tmnxIPsecMdaDpStatsEncryptBytes                     Counter64,
    tmnxIPsecMdaDpStatsEncryptBytesLow32                Counter32,
    tmnxIPsecMdaDpStatsEncryptBytesHigh32               Counter32,
    tmnxIPsecMdaDpStatsDecryptPkts                      Counter64,
    tmnxIPsecMdaDpStatsDecryptPktsLow32                 Counter32,
    tmnxIPsecMdaDpStatsDecryptPktsHigh32                Counter32,
    tmnxIPsecMdaDpStatsDecryptBytes                     Counter64,
    tmnxIPsecMdaDpStatsDecryptBytesLow32                Counter32,
    tmnxIPsecMdaDpStatsDecryptBytesHigh32               Counter32,
    tmnxIPsecMdaDpStatsTxPktErrs                        Counter32,
    tmnxIPsecMdaDpStatsOutBDropPkts                     Counter64,
    tmnxIPsecMdaDpStatsOutBDropPktsLow32                Counter32,
    tmnxIPsecMdaDpStatsOutBDropPktsHigh32               Counter32,
    tmnxIPsecMdaDpStatsOutBSAMisses                     Counter64,
    tmnxIPsecMdaDpStatsOutBSAMissesLow32                Counter32,
    tmnxIPsecMdaDpStatsOutBSAMissesHigh32               Counter32,
    tmnxIPsecMdaDpStatsOutBPolicyEntryMisses            Counter32,
    tmnxIPsecMdaDpStatsInBDropPkts                      Counter64,
    tmnxIPsecMdaDpStatsInBDropPktsLow32                 Counter32,
    tmnxIPsecMdaDpStatsInBDropPktsHigh32                Counter32,
    tmnxIPsecMdaDpStatsInBSAMisses                      Counter64,
    tmnxIPsecMdaDpStatsInBSAMissesLow32                 Counter32,
    tmnxIPsecMdaDpStatsInBSAMissesHigh32                Counter32,
    tmnxIPsecMdaDpStatsInBIPDstSrcMismatches            Counter32,
    tmnxIPsecMdaDpInFragments                           Counter64,
    tmnxIPsecMdaDpInFragmentsLow32                      Counter32,
    tmnxIPsecMdaDpInFragmentsHigh32                     Counter32,
    tmnxIPsecMdaDpPktsReassem                           Counter64,
    tmnxIPsecMdaDpPktsReassemLow32                      Counter32,
    tmnxIPsecMdaDpPktsReassemHigh32                     Counter32,
    tmnxIPsecMdaDpFragDropTime                          Counter64,
    tmnxIPsecMdaDpFragDropTimeLow32                     Counter32,
    tmnxIPsecMdaDpFragDropTimeHigh32                    Counter32,
    tmnxIPsecMdaDpFragDropped                           Counter64,
    tmnxIPsecMdaDpFragDroppedLow32                      Counter32,
    tmnxIPsecMdaDpFragDroppedHigh32                     Counter32,
    tmnxIPsecMdaDpGreTnlInPkts                          Counter64,
    tmnxIPsecMdaDpGreTnlInPktsLo                        Counter32,
    tmnxIPsecMdaDpGreTnlInPktsHi                        Counter32,
    tmnxIPsecMdaDpGreTnlInBytes                         Counter64,
    tmnxIPsecMdaDpGreTnlInBytesLo                       Counter32,
    tmnxIPsecMdaDpGreTnlInBytesHi                       Counter32,
    tmnxIPsecMdaDpGreTnlInErrs                          Counter64,
    tmnxIPsecMdaDpGreTnlInErrsLo                        Counter32,
    tmnxIPsecMdaDpGreTnlInErrsHi                        Counter32,
    tmnxIPsecMdaDpGreTnlOutPkts                         Counter64,
    tmnxIPsecMdaDpGreTnlOutPktsLo                       Counter32,
    tmnxIPsecMdaDpGreTnlOutPktsHi                       Counter32,
    tmnxIPsecMdaDpGreTnlOutBytes                        Counter64,
    tmnxIPsecMdaDpGreTnlOutBytesLo                      Counter32,
    tmnxIPsecMdaDpGreTnlOutBytesHi                      Counter32,
    tmnxIPsecMdaDpGreTnlOutErrs                         Counter64,
    tmnxIPsecMdaDpGreTnlOutErrsLo                       Counter32,
    tmnxIPsecMdaDpGreTnlOutErrsHi                       Counter32,
    tmnxIPsecMdaDpPktsDropDfSet                         Counter64,
    tmnxIPsecMdaDpPktsDropDfSetLo                       Counter32,
    tmnxIPsecMdaDpPktsDropDfSetHi                       Counter32,
    tmnxIPsecMdaDpStaticIPsecTnls                       Counter32,
    tmnxIPsecMdaDpDynIPsecTnls                          Counter32,
    tmnxIPsecMdaDpIpGreTnls                             Counter32,
    tmnxIPsecMdaDpIpv4Tnls                              Counter32
}

tmnxIPsecMdaDpStatsEncryptPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptPkts indicates the number
         of packets encrypted by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 1 }

tmnxIPsecMdaDpStatsEncryptPktsLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptPktsLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpStatsEncryptPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 2 }

tmnxIPsecMdaDpStatsEncryptPktsHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptPktsHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpStatsEncryptPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 3 }

tmnxIPsecMdaDpStatsEncryptBytes OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptBytes indicates the number
         of bytes encrypted by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 4 }

tmnxIPsecMdaDpStatsEncryptBytesLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptBytesLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpStatsEncryptBytes."
    ::= { tmnxIPsecMdaDpStatsEntry 5 }

tmnxIPsecMdaDpStatsEncryptBytesHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsEncryptBytesHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpStatsEncryptBytes."
    ::= { tmnxIPsecMdaDpStatsEntry 6 }

tmnxIPsecMdaDpStatsDecryptPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptPkts indicates the number
         of packets encrypted by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 7 }

tmnxIPsecMdaDpStatsDecryptPktsLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptPktsLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpStatsDecryptPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 8 }

tmnxIPsecMdaDpStatsDecryptPktsHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptPktsHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpStatsDecryptPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 9 }

tmnxIPsecMdaDpStatsDecryptBytes OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptBytes indicates the number
         of bytes encrypted by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 10 }

tmnxIPsecMdaDpStatsDecryptBytesLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptBytesLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpStatsDecryptBytes."
    ::= { tmnxIPsecMdaDpStatsEntry 11 }

tmnxIPsecMdaDpStatsDecryptBytesHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsDecryptBytesHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpStatsDecryptBytes."
    ::= { tmnxIPsecMdaDpStatsEntry 12 }

tmnxIPsecMdaDpStatsTxPktErrs OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsTxPktErrs indicates the number
         of packets transmit failures by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 13 }

tmnxIPsecMdaDpStatsOutBDropPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBDropPkts indicates the 
         number of packets dropped before and during outbound (encryption) 
         processing by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 14 }

tmnxIPsecMdaDpStatsOutBDropPktsLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBDropPktsLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpStatsOutBDropPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 15 }

tmnxIPsecMdaDpStatsOutBDropPktsHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBDropPktsHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpStatsOutBDropPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 16 }

tmnxIPsecMdaDpStatsOutBSAMisses OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBSAMisses indicates the 
         number of packets dropped before outbound (encryption) processing by 
         the IPsec data path due to no SA (security association) present."
    ::= { tmnxIPsecMdaDpStatsEntry 17 }

tmnxIPsecMdaDpStatsOutBSAMissesLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBSAMissesLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpStatsOutBSAMisses."
    ::= { tmnxIPsecMdaDpStatsEntry 18 }

tmnxIPsecMdaDpStatsOutBSAMissesHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBSAMissesHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpStatsOutBSAMisses."
    ::= { tmnxIPsecMdaDpStatsEntry 19 }

tmnxIPsecMdaDpStatsOutBPolicyEntryMisses OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsOutBPolicyEntryMisses indicates 
         the number of packets dropped before outbound (encryption) processing 
         by the IPsec data path due to no matching Policy Entry."
    ::= { tmnxIPsecMdaDpStatsEntry 20 }

tmnxIPsecMdaDpStatsInBDropPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBDropPkts indicates the 
         number of packets dropped before and during inbound (decryption) 
         processing by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 21 }

tmnxIPsecMdaDpStatsInBDropPktsLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBDropPktsLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpStatsInBDropPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 22 }

tmnxIPsecMdaDpStatsInBDropPktsHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBDropPktsHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpStatsInBDropPkts."
    ::= { tmnxIPsecMdaDpStatsEntry 23 }

tmnxIPsecMdaDpStatsInBSAMisses OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBSAMisses indicates the 
         number of packets dropped before inbound (decryption) processing by
         the IPsec data path due to no SA (security association) present."
    ::= { tmnxIPsecMdaDpStatsEntry 24 }

tmnxIPsecMdaDpStatsInBSAMissesLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBSAMissesLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpStatsInBSAMisses."
    ::= { tmnxIPsecMdaDpStatsEntry 25 }

tmnxIPsecMdaDpStatsInBSAMissesHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBSAMissesHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpStatsInBSAMisses."
    ::= { tmnxIPsecMdaDpStatsEntry 26 }

tmnxIPsecMdaDpStatsInBIPDstSrcMismatches OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStatsInBIPDstSrcMismatches indicates 
         the number of packets dropped before inbound (decryption) processing 
         by the IPsec data path due to the received packet's outer IP 
         destination or source address does not match the Tunnel's local or 
         peer gateway address."
    ::= { tmnxIPsecMdaDpStatsEntry 27 }

tmnxIPsecMdaDpInFragments OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpInFragments indicates the number
         of fragments received by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 28 }

tmnxIPsecMdaDpInFragmentsLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpInFragmentsLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpInFragments."
    ::= { tmnxIPsecMdaDpStatsEntry 29 }

tmnxIPsecMdaDpInFragmentsHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpInFragmentsHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpInFragments."
    ::= { tmnxIPsecMdaDpStatsEntry 30 }

tmnxIPsecMdaDpPktsReassem OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsReassem indicates the number
         of packets reassembled by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 31 }

tmnxIPsecMdaDpPktsReassemLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsReassemLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpPktsReassem."
    ::= { tmnxIPsecMdaDpStatsEntry 32 }

tmnxIPsecMdaDpPktsReassemHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsReassemHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpPktsReassem."
    ::= { tmnxIPsecMdaDpStatsEntry 33 }

tmnxIPsecMdaDpFragDropTime OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDropTime indicates the number
         of fragments dropped due to time-out by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 34 }

tmnxIPsecMdaDpFragDropTimeLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDropTimeLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpFragDropTime."
    ::= { tmnxIPsecMdaDpStatsEntry 35 }

tmnxIPsecMdaDpFragDropTimeHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDropTimeHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpFragDropTime."
    ::= { tmnxIPsecMdaDpStatsEntry 36 }

tmnxIPsecMdaDpFragDropped OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDropped indicates the number
         of total fragments dropped by the IPsec data path."
    ::= { tmnxIPsecMdaDpStatsEntry 37 }

tmnxIPsecMdaDpFragDroppedLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDroppedLow32 indicates the 
         lower 32 bits of the value of tmnxIPsecMdaDpFragDropped."
    ::= { tmnxIPsecMdaDpStatsEntry 38 }

tmnxIPsecMdaDpFragDroppedHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpFragDroppedHigh32 indicates the 
         higher 32 bits of the value of tmnxIPsecMdaDpFragDropped."
    ::= { tmnxIPsecMdaDpStatsEntry 39 }

tmnxIPsecMdaDpGreTnlInPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInPkts indicates the number
         of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 40 }

tmnxIPsecMdaDpGreTnlInPktsLo OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInPktsLo indicates the lower 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 41 }

tmnxIPsecMdaDpGreTnlInPktsHi OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInPktsHi indicates the higher 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 42 }

tmnxIPsecMdaDpGreTnlInBytes OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInBytes indicates the number
         of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 43 }

tmnxIPsecMdaDpGreTnlInBytesLo OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInBytesLo indicates the lower 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 44 }

tmnxIPsecMdaDpGreTnlInBytesHi OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInBytesHi indicates the higher 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 45 }

tmnxIPsecMdaDpGreTnlInErrs OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInErrs indicates the number
         of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 46 }

tmnxIPsecMdaDpGreTnlInErrsLo OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInErrsLo indicates the lower 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 47 }

tmnxIPsecMdaDpGreTnlInErrsHi OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlInErrsHi indicates the higher 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 48 }

tmnxIPsecMdaDpGreTnlOutPkts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutPkts indicates the number
         of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 49 }

tmnxIPsecMdaDpGreTnlOutPktsLo OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutPktsLo indicates the lower 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 50 }

tmnxIPsecMdaDpGreTnlOutPktsHi OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutPktsHi indicates the higher 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 51 }

tmnxIPsecMdaDpGreTnlOutBytes OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutBytes indicates the number
         of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 52 }

tmnxIPsecMdaDpGreTnlOutBytesLo OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutBytesLo indicates the lower 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 53 }

tmnxIPsecMdaDpGreTnlOutBytesHi OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutBytesHi indicates the higher 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 54 }

tmnxIPsecMdaDpGreTnlOutErrs OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutErrs indicates the number
         of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 55 }

tmnxIPsecMdaDpGreTnlOutErrsLo OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutErrsLo indicates the lower 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 56 }

tmnxIPsecMdaDpGreTnlOutErrsHi OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpGreTnlOutErrsHi indicates the higher 32 bits
          of the number of packets received by the GRE tunnel data path."
    ::= { tmnxIPsecMdaDpStatsEntry 57 }

tmnxIPsecMdaDpPktsDropDfSet        OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsDropDfSet indicates the number of
         packets with DF bit set dropped in this Tunnel exceeding MTU size
         and with clear tunnel DF bit not set."
    ::= { tmnxIPsecMdaDpStatsEntry 58 }

tmnxIPsecMdaDpPktsDropDfSetLo        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsDropDfSetLo indicates lower 32 bits of
         the value of tmnxIPsecMdaDpPktsDropDfSet object."
    ::= { tmnxIPsecMdaDpStatsEntry 59 }

tmnxIPsecMdaDpPktsDropDfSetHi        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpPktsDropDfSetHi indicates higher 32 bits of
         the value of tmnxIPsecMdaDpPktsDropDfSet object."
    ::= { tmnxIPsecMdaDpStatsEntry 60 }

tmnxIPsecMdaDpStaticIPsecTnls        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpStaticIPsecTnls indicates number of
         configured static IPsec tunnels on the MDA."
    ::= { tmnxIPsecMdaDpStatsEntry 61 }

tmnxIPsecMdaDpDynIPsecTnls        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpDynIPsecTnls indicates number of dynamic
         IPsec tunnels in use on the MDA."
    ::= { tmnxIPsecMdaDpStatsEntry 62 }

tmnxIPsecMdaDpIpGreTnls        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpIpGreTnls indicates number of configured
         IP tunnels (with GRE headers) on the MDA."
    ::= { tmnxIPsecMdaDpStatsEntry 63 }

tmnxIPsecMdaDpIpv4Tnls        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecMdaDpIpv4Tnls indicates number of configured
         IPv4 tunnels on the MDA."
    ::= { tmnxIPsecMdaDpStatsEntry 64 }

--
--
-- IPsec Tunnel Template Table
--                
tIPsecTnlTempTblLastChanged OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempTblLastChanged indicates the
         sysUpTime at the time of the last modification to 
         tIPsecTnlTempTable by adding, deleting an entry or change
         to a writable object in the table.

         If no changes were made to the table since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecObjects 16 }

tIPsecTnlTempTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecTnlTempEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec tunnel template entries."
    ::= { tmnxIPsecObjects 17 }

tIPsecTnlTempEntry OBJECT-TYPE
    SYNTAX      TIPsecTnlTempEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec tunnel template entry."
    INDEX { tIPsecTnlTempId }
    ::= { tIPsecTnlTempTable 1 }

TIPsecTnlTempEntry ::= SEQUENCE {
    tIPsecTnlTempId                       TmnxIPsecTunnelTemplateId, 
    tIPsecTnlTempRowStatus                RowStatus, 
    tIPsecTnlTempLastChanged              TimeStamp,
    tIPsecTnlTempDescr                    TItemDescription,
    tIPsecTnlTempReverseRoute             INTEGER,
    tIPsecTnlTempDynKeyTransformId1       TmnxIPsecTransformIdOrZero,
    tIPsecTnlTempDynKeyTransformId2       TmnxIPsecTransformIdOrZero,
    tIPsecTnlTempDynKeyTransformId3       TmnxIPsecTransformIdOrZero,
    tIPsecTnlTempDynKeyTransformId4       TmnxIPsecTransformIdOrZero,
    tIPsecTnlTempReplayWindow             Unsigned32
}

tIPsecTnlTempId  OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelTemplateId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempId specifies the id of a tunnel template 
         entry and is the primary index for the table 
         tIPsecTnlTempTable."
    ::= { tIPsecTnlTempEntry 1 }

tIPsecTnlTempRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tIPsecTnlTempRowStatus object is used to create and 
         delete rows in the tIPsecTnlTempTable."
    ::= { tIPsecTnlTempEntry 2 }

tIPsecTnlTempLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempLastChanged indicates the sysUpTime
         at the time of the last modification of this entry.

         If no changes were made to the entry since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tIPsecTnlTempEntry 3 }

tIPsecTnlTempDescr  OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempDescr specifies the user-provided description
         for the template."
    DEFVAL { "" }
    ::= { tIPsecTnlTempEntry 4 }

tIPsecTnlTempReverseRoute  OBJECT-TYPE
    SYNTAX      INTEGER {
                      none              (0),
                      reverseRoute      (1),
                      useSecurityPolicy (2)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempReverseRoute specifies whether node using
         this template will accept framed-routes sent by radius server and
         install them for the lifetime of the tunnel as managed routes.
         
         If this object is set to 'useSecurityPolicy' then the node using
         this template will add a route to every client-side-protected-subnet
         as signaled by the client."
    DEFVAL { none }
    ::= { tIPsecTnlTempEntry 5 }

tIPsecTnlTempDynKeyTransformId1 OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempDynKeyTransformId1 specifies the first 
         transform-id for this IPSec Tunnel template to use."
    DEFVAL { 0 }
    ::= { tIPsecTnlTempEntry 6 }

tIPsecTnlTempDynKeyTransformId2 OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempDynKeyTransformId2 specifies the second
         transform-id for this IPSec Tunnel template to use."
    DEFVAL { 0 }
    ::= { tIPsecTnlTempEntry 7 }

tIPsecTnlTempDynKeyTransformId3 OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempDynKeyTransformId3 specifies the third
         transform-id for this IPSec Tunnel template to use."
    DEFVAL { 0 }
    ::= { tIPsecTnlTempEntry 8 }

tIPsecTnlTempDynKeyTransformId4 OBJECT-TYPE
    SYNTAX      TmnxIPsecTransformIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tIPsecTnlTempDynKeyTransformId4 specifies the fourth
         transform-id for this IPSec Tunnel template to use."
    DEFVAL { 0 }
    ::= { tIPsecTnlTempEntry 9 }

tIPsecTnlTempReplayWindow  OBJECT-TYPE
    SYNTAX      Unsigned32 (0|32|64|128|256|512)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION 
        "The value of tIPsecTnlTempReplayWindow specifies the size of 
         the anti-replay window for the template.

         If the value of tmnxIPsecTunnelReplayWindow is set to 0, then the
         anti-replay feature is disabled."
    DEFVAL { 0 }
    ::= { tIPsecTnlTempEntry 10 }

-- ----------------------------------
-- IPSec Gateway Table
-- ----------------------------------
tmnxIPsecGWTblLastChgd  OBJECT-TYPE
    SYNTAX          TimeStamp
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
         "The value of tmnxIPsecGWTblLastChgd indicates the
          sysUpTime at the time of the last modification of
          tmnxIPsecGWTable.

          If no changes were made to the entry since the last
          re-initialization of the local network management subsystem,
          then this object contains a zero value."
    ::= { tmnxIPsecObjects 18 }

tmnxIPsecGWTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF TmnxIPsecGWEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION     "A table that contains SAP IPSec gateway information."
    ::= { tmnxIPsecObjects 19 }

tmnxIPsecGWEntry OBJECT-TYPE
    SYNTAX          TmnxIPsecGWEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION     "Information about a SAP IPSec gateway."
    INDEX           { svcId, sapPortId, sapEncapValue }
    ::= { tmnxIPsecGWTable 1 }

TmnxIPsecGWEntry ::=
    SEQUENCE {
        tmnxIPsecGWRowStatus           RowStatus,
        tmnxIPsecGWLastMgmtChange      TimeStamp,
        tmnxIPsecGWAdminState          TmnxAdminState,
        tmnxIPsecGWOperState           TmnxOperState,
        tmnxIPsecGWTunnelPolicyTemp    TmnxIPsecTunnelTemplateIdOrZero,
        tmnxIPsecGWSecureService       TmnxServId,
        tmnxIPsecGWIfName              TNamedItemOrEmpty,
        tmnxIPsecGWInetAddrType        InetAddressType,
        tmnxIPsecGWInetAddress         InetAddress,
        tmnxIPsecGWIkePolicyId         TmnxIkePolicyIdOrZero,
        tmnxIPsecGWIkePreShared        OCTET STRING,
        tmnxIPsecGWLclX509Cert         DisplayString,
        tmnxIPsecGWLclPrivateKey       DisplayString,
        tmnxIPsecGWOperFlags           BITS,
        tmnxIPsecGWCACert              DisplayString,
        tmnxIPsecGWCACertRevocList     DisplayString,
        tmnxIPsecGWName                TNamedItem,
        tmnxIPsecGWCertTrustAnchor     TNamedItemOrEmpty,
        tmnxIPsecGWLocalIdType         TmnxIPsecLocalIdType,
        tmnxIPsecGWLocalIdValue        DisplayString
    }

tmnxIPsecGWRowStatus OBJECT-TYPE
    SYNTAX          RowStatus
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION 
         "The value of tmnxIPsecGWRowStatus controls the creation
          and deletion of rows in this table."
    ::= { tmnxIPsecGWEntry 1 }

tmnxIPsecGWLastMgmtChange OBJECT-TYPE
    SYNTAX          TimeStamp
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
         "The value of tmnxIPsecGWLastMgmtChange indicates the
          value of sysUpTime at the time of the last management
          change of any writable object of this row."
    ::= { tmnxIPsecGWEntry 2 }

tmnxIPsecGWAdminState OBJECT-TYPE
    SYNTAX          TmnxAdminState
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
        "The value of the object tmnxIPsecGWAdminState specifies the
         administrative state of SAP IPSec gateway entry."
    DEFVAL { outOfService }
    ::= { tmnxIPsecGWEntry 3 }

tmnxIPsecGWOperState OBJECT-TYPE
    SYNTAX          TmnxOperState
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
         "The value of the object tmnxIPsecGWOperState indicates the
          operating state of the SAP IPSec gateway."
    ::= { tmnxIPsecGWEntry 4 }

tmnxIPsecGWTunnelPolicyTemp OBJECT-TYPE
    SYNTAX          TmnxIPsecTunnelTemplateIdOrZero
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of the object tmnxIPsecGWTunnelPolicyTemp specifies the
          TIMETRA-IPSEC-MIB::tIPsecTnlTempId used by this SAP IPSec gateway."
    DEFVAL { 0 }
    ::= { tmnxIPsecGWEntry 5 }

tmnxIPsecGWSecureService OBJECT-TYPE
    SYNTAX          TmnxServId
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of the object tmnxIPsecGWSecureService specifies the 
          service-id of the default security service used by this SAP IPSec
          gateway."
    DEFVAL { 0 }
    ::= { tmnxIPsecGWEntry 6 }

tmnxIPsecGWIfName OBJECT-TYPE
    SYNTAX          TNamedItemOrEmpty
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of the object tmnxIPsecGWIfName specifies the IPSec
          interface used by the SAP."
    DEFVAL { ''H }
    ::= { tmnxIPsecGWEntry 7 }

tmnxIPsecGWInetAddrType OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of the object tmnxIPsecGWInetAddrType specifies the
          address type of the SAP IPSec gateway."
    DEFVAL { unknown }
    ::= { tmnxIPsecGWEntry 8 }

tmnxIPsecGWInetAddress OBJECT-TYPE
    SYNTAX          InetAddress (SIZE(0|4))
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
          "This value of tmnxIPsecGWInetAddress specifies the IPv4 address of
           the SAP IPSec gateway."
    DEFVAL { ''H }
    ::= { tmnxIPsecGWEntry 9 }

tmnxIPsecGWIkePolicyId  OBJECT-TYPE
    SYNTAX      TmnxIkePolicyIdOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWIkePolicyId specifies the policy id
         for this SAP IPSec gateway."
    DEFVAL { 0 }
    ::= { tmnxIPsecGWEntry 10 }

tmnxIPsecGWIkePreShared  OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWIkePreShared specifies the shared
         secret between the two peers forming the tunnel for the SAP IPSec
         gateway."
    DEFVAL { ''H }
    ::= { tmnxIPsecGWEntry 11 }

tmnxIPsecGWLclX509Cert OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION 
        "The value of tmnxIPsecGWLclX509Cert specifies the path-name
         of the local X509 Certificate to be used with this SAP IPSec gateway."
    DEFVAL { ''H }
    ::= { tmnxIPsecGWEntry 12 }

tmnxIPsecGWLclPrivateKey OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION 
        "The value of tmnxIPsecGWLclPrivateKey specifies the path-name
         of the local private key to be used with this SAP IPSec gateway."
    DEFVAL { ''H }
    ::= { tmnxIPsecGWEntry 13 }

tmnxIPsecGWOperFlags  OBJECT-TYPE
    SYNTAX      BITS {
                    localIpUnreachable    (0),  
                    gatewayAdminDown      (1),
                    x509CertUnavailable   (2),
                    privateKeyUnavailable (3),
                    caCertUnavailable     (4),
                    caCRLUnavailable      (5)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWOperFlags indicates the reason why the
         gateway is operationally down."
    ::= { tmnxIPsecGWEntry 14 }

tmnxIPsecGWCACert OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION 
        "The value of tmnxIPsecGWCACert specifies the path-name of the
        Certificate from the Certificate-Authority to be used with this
        SAP IPSec gateway."
    DEFVAL { ''H }
    ::= { tmnxIPsecGWEntry 15 }

tmnxIPsecGWCACertRevocList OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..180))
    MAX-ACCESS  read-create
    STATUS      obsolete
    DESCRIPTION 
        "The value of tmnxIPsecGWCACertRevocList specifies the path-name of
        the Certificate Revocation List (CRL) from Certificate-Authority to be
        used with this SAP IPSec gateway."
    DEFVAL { ''H }
    ::= { tmnxIPsecGWEntry 16 }

tmnxIPsecGWName OBJECT-TYPE
    SYNTAX          TNamedItem
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of the object tmnxIPsecGWIfName specifies the name for 
         this IPSec gateway.

         An 'inconsistentValue' error is returned if value of this object is
         not set to unique value at the time of creation."
    ::= { tmnxIPsecGWEntry 17 }

tmnxIPsecGWCertTrustAnchor OBJECT-TYPE
    SYNTAX          TNamedItemOrEmpty
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of tmnxIPsecGWCertTrustAnchor specifies the name for 
         Certificate-Authority Profile name associated with this SAP IPSec
         gateway certificate.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxIPsecGWAdminState is in 'inService' state."
    DEFVAL { ''H }
    ::= { tmnxIPsecGWEntry 18 }

tmnxIPsecGWLocalIdType OBJECT-TYPE
    SYNTAX          TmnxIPsecLocalIdType
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of tmnxIPsecGWLocalIdType specifies the local-identifier of
         7750 used for IDi or IDr for IKEv2.

         An 'inconsistentValue' error is returned if this object is modified
         when tmnxIPsecGWAdminState is in 'inService' state."
    DEFVAL { none }
    ::= { tmnxIPsecGWEntry 19 }

tmnxIPsecGWLocalIdValue OBJECT-TYPE
    SYNTAX          DisplayString
    MAX-ACCESS      read-create
    STATUS          current
    DESCRIPTION
         "The value of tmnxIPsecGWLocalIdValue specifies the value associated
         with tmnxIPsecGWLocalIdType object.

         Value is extracted from the configured certificate when 
         tmnxIPsecGWLocalIdType is set to 'dn'."
    DEFVAL { ''H }
    ::= { tmnxIPsecGWEntry 20 }

--
-- IPsec Remote-User Tunnel Table
--
tIPsecRUTnlTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRUTnlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store dynamic IPsec Remote-User Tunnel entries."
    ::= { tmnxIPsecObjects 20 }

tIPsecRUTnlEntry OBJECT-TYPE
    SYNTAX      TIPsecRUTnlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single dynamic IPsec Remote-User Tunnel entry."
    INDEX { svcId, 
            sapPortId, 
            sapEncapValue, 
            tIPsecRUTnlInetAddrType,
            tIPsecRUTnlInetAddress,
            tIPsecRUTnlPort
          }
    ::= { tIPsecRUTnlTable 1 }

TIPsecRUTnlEntry ::= SEQUENCE {
    tIPsecRUTnlInetAddrType         InetAddressType,
    tIPsecRUTnlInetAddress          InetAddress,
    tIPsecRUTnlPort                 TTcpUdpPort,
    tIPsecRUTnlPrivateIpAddrType    InetAddressType, 
    tIPsecRUTnlPrivateIpAddr        InetAddress,
    tIPsecRUTnlPrivateIpPrefixLen   InetAddressPrefixLength, 
    tIPsecRUTnlTempId               TmnxIPsecTunnelTemplateId,
    tIPsecRUTnlIPsecSALifeTime      Unsigned32,
    tIPsecRUTnlPfsDHGroup           TmnxIkePolicyDHGroupOrZero,
    tIPsecRUTnlReplayWindow         Unsigned32,
    tIPsecRUTnlPrivateSvcId         TmnxServId,
    tIPsecRUTnlPrivateIfIndex       InterfaceIndex,
    tIPsecRUTnlHasBiDirectionalSA   TruthValue,
    tIPsecRUTnlHostISA              TmnxHwIndexOrZero
}

tIPsecRUTnlInetAddrType OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
         "The value of the object tIPsecRUTnlInetAddrType indicates the
          address type of the SAP IPsec gateway to the tunnel."
    ::= { tIPsecRUTnlEntry 1 }

tIPsecRUTnlInetAddress OBJECT-TYPE
    SYNTAX          InetAddress (SIZE(4|16|20))
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
          "This value of tIPsecRUTnlInetAddress indicates the address of
          of the SAP IPsec gateway to the tunnel."
    ::= { tIPsecRUTnlEntry 2 }

tIPsecRUTnlPort  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPort indicates the UDP port of the SAP IPsec
        gateway to the tunnel."
    ::= { tIPsecRUTnlEntry 3 }

tIPsecRUTnlPrivateIpAddrType OBJECT-TYPE
    SYNTAX          InetAddressType
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
         "The value of the object tIPsecRUTnlPrivateIpAddrType indicates the
          address type of the private IP Address in the tunnel."
    ::= { tIPsecRUTnlEntry 4 }

tIPsecRUTnlPrivateIpAddr  OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateIpAddr indicates the private ip address 
         on the IPsec gateway tunnel."
    ::= { tIPsecRUTnlEntry 5 }

tIPsecRUTnlPrivateIpPrefixLen  OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateIpPrefixLen indicates the 
         number of bits to match on the tIPsecRUTnlPrivateIpAddr."
    ::= { tIPsecRUTnlEntry 6 }

tIPsecRUTnlTempId  OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelTemplateId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlTempId indicates the id of a tunnel
        template entry used for the tunnel." 
    ::= { tIPsecRUTnlEntry 7 }

tIPsecRUTnlIPsecSALifeTime      OBJECT-TYPE
    SYNTAX      Unsigned32 (1200..172800)
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlIPsecSALifeTime indicates the lifetime 
         of the phase 2 Ike key."
    ::= { tIPsecRUTnlEntry 8 }

tIPsecRUTnlPfsDHGroup           OBJECT-TYPE
    SYNTAX      TmnxIkePolicyDHGroupOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "The value of tIPsecRUTnlPfsDHGroup indicates the new  
         Diffie-hellman key exchange each time the SA(Security Association)
         key is renegotiated.  After the SA expires, the key is forgotten 
         and another key is generated (if the SA remains up).  This means 
         that an attacker who cracks part of the exchange can only read the 
         part that used the key before the key changed.  There is no 
         advantage of cracking the other parts if the attacker has already 
         cracked one."
    ::= { tIPsecRUTnlEntry 9 }

tIPsecRUTnlReplayWindow  OBJECT-TYPE
    SYNTAX      Unsigned32 (0|32|64|128|256|512)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION 
        "The value of tIPsecRUTnlReplayWindow indicates the size of 
         the anti-replay window."
    ::= { tIPsecRUTnlEntry 10 }

tIPsecRUTnlPrivateSvcId  OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateSvcId indicates the service-id 
         of the Tunnel delivery service."
    ::= { tIPsecRUTnlEntry 11 }

tIPsecRUTnlPrivateIfIndex  OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlPrivateIfIndex indicates the private
        interface index used by the tunnel."
    ::= { tIPsecRUTnlEntry 12 }

tIPsecRUTnlHasBiDirectionalSA  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlHasBiDirectionalSA indicates whether this
        tunnel has bi-directional Security-Association entries."
    ::= { tIPsecRUTnlEntry 13 }

tIPsecRUTnlHostISA  OBJECT-TYPE
    SYNTAX      TmnxHwIndexOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlHostISA indicates the active ISA
         that is being used to host this tunnel.

         This object will have a value of zero when this tunnel is operationally
         down."
    ::= { tIPsecRUTnlEntry 14 }

--
-- IPsec Remote User Tunnel Statistics Table
--

tIPsecRUTnlStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRUTnlStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store IPsec Remote User Tunnel statistics"
    ::= { tmnxIPsecObjects 21 }

tIPsecRUTnlStatsEntry       OBJECT-TYPE
    SYNTAX      TIPsecRUTnlStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Statistics for a single IPsec Remote User Tunnel."
    INDEX { svcId, 
            sapPortId, 
            sapEncapValue, 
            tIPsecRUTnlInetAddrType,
            tIPsecRUTnlInetAddress,
            tIPsecRUTnlPort
          }
    ::= { tIPsecRUTnlStatsTable 1 }

TIPsecRUTnlStatsEntry ::= SEQUENCE {
    tIPsecRUTnlIsakmpState          INTEGER,    
    tIPsecRUTnlIsakmpEstabTime      TimeStamp,
    tIPsecRUTnlIsakmpNegLifeTime    Unsigned32,
    tIPsecRUTnlNumDpdTx             Counter32,
    tIPsecRUTnlNumDpdRx             Counter32,
    tIPsecRUTnlNumDpdAckTx          Counter32,
    tIPsecRUTnlNumDpdAckRx          Counter32,
    tIPsecRUTnlNumExpRx             Counter32,
    tIPsecRUTnlNumInvalidDpdRx      Counter32,
    tIPsecRUTnlNumCtrlPktsTx        Counter32,
    tIPsecRUTnlNumCtrlPktsRx        Counter32,
    tIPsecRUTnlNumCtrlTxErrors      Counter32,
    tIPsecRUTnlNumCtrlRxErrors      Counter32
}

tIPsecRUTnlIsakmpState  OBJECT-TYPE
    SYNTAX      INTEGER {
                    up (1),
                    down (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION 
       "The value of tIPsecRUTnlIsakmpState indicates the state of 
        phase 1 IPsec negotiation."
    ::= { tIPsecRUTnlStatsEntry 1 }

tIPsecRUTnlIsakmpEstabTime  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "The value of tIPsecRUTnlIsakmpEstabTime indicates the sysUpTime
        at the time the IPsec phase 1 negotiation completed."
    ::= { tIPsecRUTnlStatsEntry 2 }

tIPsecRUTnlIsakmpNegLifeTime  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION 
       "The value of tIPsecRUTnlIsakmpNegLifeTime indicates the 
        lifetime negotiated for phase1 Ike key."
    ::= { tIPsecRUTnlStatsEntry 3 }

tIPsecRUTnlNumDpdTx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumDpdTx indicates the number of 
         Dead-Peer-Detection packets transmitted."
    ::= { tIPsecRUTnlStatsEntry 4 }

tIPsecRUTnlNumDpdRx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumDpdRx indicates the number of 
         Dead-Peer-Detection packets received."
    ::= { tIPsecRUTnlStatsEntry 5 }

tIPsecRUTnlNumDpdAckTx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumDpdAckTx indicates the number of 
         Dead-Peer-Detection acknowledgement packets transmitted."
    ::= { tIPsecRUTnlStatsEntry 6 }

tIPsecRUTnlNumDpdAckRx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumDpdAckRx indicates the number of 
         Dead-Peer-Detection acknowledgement packets received."
    ::= { tIPsecRUTnlStatsEntry 7 }

tIPsecRUTnlNumExpRx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumExpRx indicates the number of 
         DPD R-U-THERE packets that have not been acknowledged."
    ::= { tIPsecRUTnlStatsEntry 8 }

tIPsecRUTnlNumInvalidDpdRx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumInvalidDpdRx indicates the number
         of malformed DPD R-U-THERE acknowledgement packets received."
    ::= { tIPsecRUTnlStatsEntry 9 }

tIPsecRUTnlNumCtrlPktsTx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumCtrlPktsTx indicates the number of
         control packets this IPsec Tunnel has sent."
    ::= { tIPsecRUTnlStatsEntry 10 }

tIPsecRUTnlNumCtrlPktsRx        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumCtrlPktsRx indicates the number of
         control packets this IPsec Tunnel has received."
    ::= { tIPsecRUTnlStatsEntry 11 }

tIPsecRUTnlNumCtrlTxErrors        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumCtrlTxErrors indicates the number of
         control packet transmit errors."
    ::= { tIPsecRUTnlStatsEntry 12 }

tIPsecRUTnlNumCtrlRxErrors        OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUTnlNumCtrlRxErrors indicates the number of
         control packet receive errors."
    ::= { tIPsecRUTnlStatsEntry 13 }

--
-- IPsec Remote-User SA (Security Association) Entry Table
--
tIPsecRUSATable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRUSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec remote-user dynamic SA entries."
    ::= { tmnxIPsecObjects 22 }

tIPsecRUSAEntry OBJECT-TYPE
    SYNTAX      TIPsecRUSAEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec remote-user SA entry."
    INDEX { svcId, 
            sapPortId, 
            sapEncapValue, 
            tIPsecRUTnlInetAddrType, 
            tIPsecRUTnlInetAddress, 
            tIPsecRUTnlPort,
            tIPsecRUSAId,             
            tIPsecRUSADirection,
            tIPsecRUSAIndex
          }
    ::= { tIPsecRUSATable 1 }

TIPsecRUSAEntry ::= SEQUENCE {
    tIPsecRUSAId                             Unsigned32,
    tIPsecRUSAIndex                          Unsigned32, 
    tIPsecRUSADirection                      TmnxIPsecDirection,
    tIPsecRUSAEncryptionKey                  OCTET STRING,
    tIPsecRUSAAuthenticationKey              OCTET STRING, 
    tIPsecRUSASpi                            Unsigned32, 
    tIPsecRUSAAuthAlgorithm                  TmnxAuthAlgorithm, 
    tIPsecRUSAEncrAlgorithm                  TmnxEncrAlgorithm, 
    tIPsecRUSAEstablishedTime                TimeStamp,
    tIPsecRUSANegotiatedLifeTime             Unsigned32,
    tIPsecRUSALclAddrType                    InetAddressType, 
    tIPsecRUSALclAddr                        InetAddress,
    tIPsecRUSALclAPrefLen                    InetAddressPrefixLength,
    tIPsecRUSARemAddrType                    InetAddressType, 
    tIPsecRUSARemAddr                        InetAddress,
    tIPsecRUSARemAPrefLen                    InetAddressPrefixLength
}

tIPsecRUSAId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..16)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAId indicates the id of an 
         SA entry and is part of the index for the tIPsecRUSATable."
    ::= { tIPsecRUSAEntry 1 }

tIPsecRUSAIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..2)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAIndex indicates an additional index to uniquely 
         indentify the SA entry in the tIPsecRUSATable."
    ::= { tIPsecRUSAEntry 2 }

tIPsecRUSADirection OBJECT-TYPE
    SYNTAX      TmnxIPsecDirection
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSADirection indicates the direction on the
         IPsec Tunnel to which this SA entry can be applied.  The value
         of tIPsecRUSADirection is also part of the index for the table
         tIPsecRUSATable"
    ::= { tIPsecRUSAEntry 3 }

tIPsecRUSAEncryptionKey OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..32))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAEncryptionKey indicates the key used 
         for the encryption algorithm defined by the 
         tIPsecRUSAEncrAlgorithm in the IPsec transform."
    ::= { tIPsecRUSAEntry 4 }

tIPsecRUSAAuthenticationKey OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAAuthenticationKey indicates the key used 
         for the authentication algorithm defined by the 
         tIPsecRUSAAuthAlgorithm in the IPsec transform."
    ::= { tIPsecRUSAEntry 5 }

tIPsecRUSASpi OBJECT-TYPE
    SYNTAX      Unsigned32 (256..16383)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSASpi indicates the 
         SPI (Security Parameter Index) used to lookup the instruction to
         verify and decrypt the incoming IPsec packets when the value of 
         tIPsecRUSADirection is 'inbound'."
    ::= { tIPsecRUSAEntry 6 }

tIPsecRUSAAuthAlgorithm OBJECT-TYPE
    SYNTAX      TmnxAuthAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAAuthAlgorithm indicates the 
         authentication algorithm used with this SA."
    ::= { tIPsecRUSAEntry 7 }

tIPsecRUSAEncrAlgorithm OBJECT-TYPE
    SYNTAX      TmnxEncrAlgorithm
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAEncrAlgorithm indicates the 
         encryption algorithm used with this SA."
    ::= { tIPsecRUSAEntry 8 }

tIPsecRUSAEstablishedTime OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "The value of tIPsecRUSAEstablishedTime indicates the sysUpTime
        at the time the IPsec phase 2 negotiation completed."
    ::= { tIPsecRUSAEntry 9 }

tIPsecRUSANegotiatedLifeTime OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "The value of tIPsecRUSANegotiatedLifeTime indicates the 
        lifetime negotiated for phase2 Ike key."
    ::= { tIPsecRUSAEntry 10 }

tIPsecRUSALclAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSALclAddrType indicates the 
         address type of address in tIPsecRUSALclAddr."
    ::= { tIPsecRUSAEntry 11 }

tIPsecRUSALclAddr  OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSALclAddr indicates the ip address 
         on the vpn side."
    ::= { tIPsecRUSAEntry 12 }

tIPsecRUSALclAPrefLen  OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSALclAPrefLen indicates the 
         number of bits to match of the tIPsecRUSALclAddr."
    ::= { tIPsecRUSAEntry 13 }

tIPsecRUSARemAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSARemAddrType indicates the address 
         type of address in tIPsecRUSARemAddr."
    ::= { tIPsecRUSAEntry 14 }

tIPsecRUSARemAddr  OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (0|4|16|20)) 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSARemAddr indicates the ip address 
         on the tunnel side."
    ::= { tIPsecRUSAEntry 15 }

tIPsecRUSARemAPrefLen  OBJECT-TYPE
    SYNTAX      InetAddressPrefixLength
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSARemAPrefLen indicates the 
         number of bits to match of the tIPsecRUSARemAddr."
    ::= { tIPsecRUSAEntry 16 }


--
-- IPsec Remote-User SA (Security Association) Stats Table
--
tIPsecRUSAStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TIPsecRUSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to retrieve the IPsec Remote-User SA Statistics entries."
    ::= { tmnxIPsecObjects 23 }

tIPsecRUSAStatsEntry OBJECT-TYPE
    SYNTAX      TIPsecRUSAStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Remote-User SA Statistics entry."
    INDEX { svcId, 
            sapPortId, 
            sapEncapValue, 
            tIPsecRUTnlInetAddrType, 
            tIPsecRUTnlInetAddress, 
            tIPsecRUTnlPort,
            tIPsecRUSAId, 
            tIPsecRUSADirection,
            tIPsecRUSAIndex
          }
    ::= { tIPsecRUSAStatsTable 1 }

TIPsecRUSAStatsEntry ::= SEQUENCE {
    tIPsecRUSAStatsBytesProcessed            Counter64,
    tIPsecRUSAStatsBytesProcLow32            Counter32,
    tIPsecRUSAStatsBytesProcHigh32           Counter32,
    tIPsecRUSAStatsPktsProcessed             Counter64,
    tIPsecRUSAStatsPktsProcLow32             Counter32,
    tIPsecRUSAStatsPktsProcHigh32            Counter32,
    tIPsecRUSAStatsCryptoErrors              Counter32,
    tIPsecRUSAStatsReplayErrors              Counter32,
    tIPsecRUSAStatsSAErrors                  Counter32,
    tIPsecRUSAStatsPolicyErrors              Counter32
}

tIPsecRUSAStatsBytesProcessed OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsBytesProcessed indicates the number
         of bytes successfully processed for this SA."
    ::= { tIPsecRUSAStatsEntry 1 }

tIPsecRUSAStatsBytesProcLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsBytesProcLow32 indicates the lower 
         32 bits of the value of tIPsecRUSAStatsBytesProcessed."
    ::= { tIPsecRUSAStatsEntry 2 }

tIPsecRUSAStatsBytesProcHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsBytesProcHigh32 indicates the higher 
         32 bits of the value of tIPsecRUSAStatsBytesProcessed."
    ::= { tIPsecRUSAStatsEntry 3 }

tIPsecRUSAStatsPktsProcessed OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPktsProcessed indicates the number
         of packets successfully processed for this SA."
    ::= { tIPsecRUSAStatsEntry 4 }

tIPsecRUSAStatsPktsProcLow32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPktsProcLow32 indicates the lower 
         32 bits of the value of tIPsecRUSAStatsPktsProcessed."
    ::= { tIPsecRUSAStatsEntry 5 }

tIPsecRUSAStatsPktsProcHigh32 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPktsProcHigh32 indicates the higher 
         32 bits of the value of tIPsecRUSAStatsPktsProcessed."
    ::= { tIPsecRUSAStatsEntry 6 }

tIPsecRUSAStatsCryptoErrors OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsCryptoErrors indicates the number
         of crypto errors encountered on this SA.  The crypto errors 
         include errors on packets where protocol does not match or
         if the check on authentication header length failed."
    ::= { tIPsecRUSAStatsEntry 7 }

tIPsecRUSAStatsReplayErrors OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsReplayErrors indicates the number
         of replay errors encountered on this SA."
    ::= { tIPsecRUSAStatsEntry 8 }

tIPsecRUSAStatsSAErrors OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsSAErrors indicates the number
         of SA errors encountered on this SA.  The SA errors include
         sequence number failure, invalid SA, policy version mismatch, 
         illegal authentication algorithm, expanded packet too big,
         illegal configured algorithm and ttl decrement error."
    ::= { tIPsecRUSAStatsEntry 9 }

tIPsecRUSAStatsPolicyErrors OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tIPsecRUSAStatsPolicyErrors indicates the number
         of policy errors encountered on this SA.  The policy errors include
         bundled SA, selector check and policy direction error."
    ::= { tIPsecRUSAStatsEntry 10 }


-- Tunnel counts
tmnxIPsecTunnelCountObjs   OBJECT IDENTIFIER ::= { tmnxIPsecObjects 24 }

tmnxIPsecPskTunnels OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecPskTunnels indicates the number of IPSec
        tunnels with tmnxIkePolicyAuthMethod set to 'psk'."
    ::= { tmnxIPsecTunnelCountObjs 1 }

tmnxIPsecGWPskTunnels OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWPskTunnels indicates the number of IPSec
        gateway tunnels with tmnxIkePolicyAuthMethod set to 'psk'."
    ::= { tmnxIPsecTunnelCountObjs 2 }

tmnxIPsecGWPskXAuthTunnels OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWPskXAuthTunnels indicates the number of IPSec
        gateway tunnels with tmnxIkePolicyAuthMethod set to 'plainPskXAuth'."
    ::= { tmnxIPsecTunnelCountObjs 3 }

tmnxIPsecGWCertTunnels OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecGWCertTunnels indicates the number of IPSec
        gateway tunnels with tmnxIkePolicyAuthMethod set to 'cert'."
    ::= { tmnxIPsecTunnelCountObjs 4 }

--
-- IPsec Tunnel BFD Table
--
tmnxIPsecTunnelBfdTableLastChgd OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdTableLastChgd indicates the
         sysUpTime at the time of the last modification to 
         tmnxIPsecTunnelBfdTable by adding, deleting an entry or change
         to a writable object in the table.

         If no changes were made to the table since the last 
         re-initialization of the local network management subsystem, 
         then this object contains a zero value."
    ::= { tmnxIPsecObjects 25 }

tmnxIPsecTunnelBfdTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TmnxIPsecTunnelBfdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Table to store the IPsec Tunnel BFD session entries."
    ::= { tmnxIPsecObjects 26 }

tmnxIPsecTunnelBfdEntry OBJECT-TYPE
    SYNTAX      TmnxIPsecTunnelBfdEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Information about a single IPsec Tunnel BFD session entry."
    INDEX { svcId, 
            sapPortId, 
            sapEncapValue, 
            tmnxIPsecTunnelName,
            tmnxIPsecTunnelBfdSvcId,
            tmnxIPsecTunnelBfdIfName,
            tmnxIPsecTunnelBfdDstAddrType,
            tmnxIPsecTunnelBfdDstAddr
          }
    ::= { tmnxIPsecTunnelBfdTable 1 }

TmnxIPsecTunnelBfdEntry ::= SEQUENCE {
    tmnxIPsecTunnelBfdSvcId             TmnxServId,
    tmnxIPsecTunnelBfdIfName            TNamedItem,
    tmnxIPsecTunnelBfdDstAddrType       InetAddressType,
    tmnxIPsecTunnelBfdDstAddr           InetAddress,
    tmnxIPsecTunnelBfdRowStatus         RowStatus, 
    tmnxIPsecTunnelBfdLastChanged       TimeStamp,
    tmnxIPsecTunnelBfdSrcAddrType         InetAddressType,
    tmnxIPsecTunnelBfdSrcAddr             InetAddress,
    tmnxIPsecTunnelBfdSessOperState     TmnxBfdSessOperState
}

tmnxIPsecTunnelBfdSvcId  OBJECT-TYPE
    SYNTAX          TmnxServId
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
         "The value of the object tmnxIPsecTunnelBfdSvcId specifies the 
          service-id of the interface running BFD."
    ::= { tmnxIPsecTunnelBfdEntry 1 }

tmnxIPsecTunnelBfdIfName  OBJECT-TYPE
    SYNTAX          TNamedItem
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
         "The value of the object tmnxIPsecTunnelBfdIfName specifies the IPSec
          interface used by the BFD session."
    ::= { tmnxIPsecTunnelBfdEntry 2 }

tmnxIPsecTunnelBfdDstAddrType  OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdDstAddrType specifies the address 
         type of address in tmnxIPsecTunnelBfdDstAddr." 
    ::= { tmnxIPsecTunnelBfdEntry 3 }

tmnxIPsecTunnelBfdDstAddr  OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (4|16|20))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION 
        "The value of tmnxIPsecTunnelBfdDstAddr specifies the destination
         ipaddress to be used for the BFD session."
    ::= { tmnxIPsecTunnelBfdEntry 4 }

tmnxIPsecTunnelBfdRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The tmnxIPsecTunnelBfdRowStatus object is used to create and delete 
         rows in the tmnxIPsecTunnelBfdTable."
    ::= { tmnxIPsecTunnelBfdEntry 5 }

tmnxIPsecTunnelBfdLastChanged  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdLastChanged indicates the sysUpTime
         at the time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains
         a zero value."
    ::= { tmnxIPsecTunnelBfdEntry 6 }

tmnxIPsecTunnelBfdSrcAddrType OBJECT-TYPE
    SYNTAX       InetAddressType
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdSrcAddrType indicates the address type
         of tmnxIPsecTunnelBfdSrcAddr object."
    ::= { tmnxIPsecTunnelBfdEntry 7 }

tmnxIPsecTunnelBfdSrcAddr OBJECT-TYPE
    SYNTAX       InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdSrcAddr indicates the source
         IP address on the interface running BFD."
    ::= { tmnxIPsecTunnelBfdEntry 8 }

tmnxIPsecTunnelBfdSessOperState OBJECT-TYPE
    SYNTAX       TmnxBfdSessOperState
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of tmnxIPsecTunnelBfdSessOperState indicates the operational
         state of the BFD session the IPsec tunnel is relying
         upon for its fast triggering mechanism."
    ::= { tmnxIPsecTunnelBfdEntry 9 }


-- ------------------------------
-- IPsec trap objects
-- ------------------------------

tIPsecNotifRUTnlInetAddrType OBJECT-TYPE
    SYNTAX         InetAddressType
    MAX-ACCESS     accessible-for-notify
    STATUS         current
    DESCRIPTION    
        "The value of the object tIPsecNotifRUTnlInetAddrType indicates address
         type of tIPsecNotifRUTnlInetAddress object."
    ::= { tmnxIPsecNotifyObjs 1 }

tIPsecNotifRUTnlInetAddress OBJECT-TYPE
    SYNTAX          InetAddress (SIZE(4|16|20))
    MAX-ACCESS      accessible-for-notify
    STATUS          current
    DESCRIPTION
          "This value of tIPsecNotifRUTnlInetAddress indicates the address of
          of the SAP IPsec gateway to the tunnel."
    ::= { tmnxIPsecNotifyObjs 2 }

tIPsecNotifRUTnlPort  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifRUTnlPort indicates the UDP port of the SAP
        IPsec gateway to the tunnel."
    ::= { tmnxIPsecNotifyObjs 3 }

tIPsecNotifReason  OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifReason indicates the reason for the 
        IPsec notification."
    ::= { tmnxIPsecNotifyObjs 4 }

tIPsecNotifBfdIntfSvcId OBJECT-TYPE
    SYNTAX       TmnxServId
    MAX-ACCESS   accessible-for-notify
    STATUS       current
    DESCRIPTION
        "The value of tIPsecNotifBfdIntfSvcId specifies the service
         ID of the interface running BFD in the notification."
    ::= { tmnxIPsecNotifyObjs 5 }

tIPsecNotifBfdIntfIfName OBJECT-TYPE
    SYNTAX       TNamedItem
    MAX-ACCESS   accessible-for-notify
    STATUS       current
    DESCRIPTION         
        "The value of tIPsecNotifBfdIntfIfName specifies the name of the
         interface running BFD in the notification."
    ::= { tmnxIPsecNotifyObjs 6 }

tIPsecNotifBfdIntfDestIpType OBJECT-TYPE
    SYNTAX       InetAddressType
    MAX-ACCESS   accessible-for-notify
    STATUS       current
    DESCRIPTION
        "The value of tIPsecNotifBfdIntfDestIpType specifies the address type
         of tIPsecNotifBfdIntfDestIp object."
    ::= { tmnxIPsecNotifyObjs 7 }

tIPsecNotifBfdIntfDestIp OBJECT-TYPE
    SYNTAX       InetAddress (SIZE (0|4|16|20))
    MAX-ACCESS   accessible-for-notify
    STATUS       current
    DESCRIPTION
        "The value of tIPsecNotifBfdIntfDestIp specifies the destination
         IP address on the interface running BFD in the notification."
    ::= { tmnxIPsecNotifyObjs 8 }

tIPsecNotifBfdIntfSessState OBJECT-TYPE
    SYNTAX      TmnxBfdSessOperState
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The value of tIPsecNotifBfdIntfSessState indicates the operational
         state of BFD session on the interface in the notification."
    ::= { tmnxIPsecNotifyObjs 9 }

-- ------------------------------------
-- IPsec traps
-- ------------------------------------
tIPsecRUTnlFailToCreate NOTIFICATION-TYPE
    OBJECTS {
       svcId, 
       sapPortId, 
       sapEncapValue, 
       tIPsecNotifRUTnlInetAddrType,
       tIPsecNotifRUTnlInetAddress,
       tIPsecNotifRUTnlPort,
       tIPsecNotifReason
    }
    STATUS          current
    DESCRIPTION
        "The trap tIPsecRUTnlFailToCreate is sent when creation of a
        remote-user tunnel fails with reason indicated by
        tIPsecNotifReason."
    ::= { tmnxIPsecNotifications 1 }

tIPsecRUSAFailToAddRoute NOTIFICATION-TYPE
    OBJECTS {
       tIPsecRUSARemAddrType,
       tIPsecRUSARemAddr,
       tIPsecRUSARemAPrefLen,
       tIPsecNotifReason
    }
    STATUS          current
    DESCRIPTION
        "The trap tIPsecRUSAFailToAddRoute is sent when adding route to
        tIPsecRUSARemAddr for the remote-user tunnel fails with reason
        indicated by tIPsecNotifReason."
    ::= { tmnxIPsecNotifications 2 }

tIPsecBfdIntfSessStateChgd  NOTIFICATION-TYPE
    OBJECTS      { 
                   tIPsecNotifBfdIntfSvcId,
                   tIPsecNotifBfdIntfIfName,
                   tIPsecNotifBfdIntfDestIpType,
                   tIPsecNotifBfdIntfDestIp,
                   tIPsecNotifBfdIntfSessState
                 }
    STATUS       current
    DESCRIPTION
         "The notification tIPsecBfdIntfSessStateChgd is generated when the
          operational state of BFD session of the IPSec instance changes."
    ::= { tmnxIPsecNotifications 3 }


--
-- Conformance Information
--
tmnxIPsecCompliances OBJECT IDENTIFIER ::= { tmnxIPsecConformance 1 }
tmnxIPsecGroups      OBJECT IDENTIFIER ::= { tmnxIPsecConformance 2 }
tmnxIPsecNotifGroups OBJECT IDENTIFIER ::= { tmnxIPsecConformance 3 }

--
-- Compliance Statements
--

--
-- Compliance Statements
--
tmnxIPsecCompliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
            "The compliance statement for management of IPsec features
             on Alcatel-Lucent SROS series systems."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group
        }
    ::= { tmnxIPsecCompliances 1 }

tmnxIPsecV6v1Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
            "The compliance statement for management of IPsec features
             on Alcatel-Lucent SROS series systems."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group
        }
    ::= { tmnxIPsecCompliances 2 }

tmnxIPsecV7v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
            "The compliance statement for management of IPsec features
             on Alcatel-Lucent SROS series systems."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group,
            tIPsecTnlTempGroup,
            tmnxIPsecGWGroup,
            tmnxIPsecNotifyObjsGroup,
            tmnxIPsecNotifGroup
        }
    ::= { tmnxIPsecCompliances 3 }

tmnxIPsecV8v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
            "The compliance statement for management of IPsec features
             on Alcatel-Lucent SROS series systems."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group,
            tIPsecTnlTempGroup,
            tmnxIPsecGWGroup,
            tmnxIPsecNotifyObjsGroup,
            tmnxIPsecNotifGroup,
            tmnxIPsecTnlBfdGroup,
            tmnxIPsecIkeGroup,
            tmnxIPsecMdaDpGroup
        }
    ::= { tmnxIPsecCompliances 4 }

tmnxIPsecV9v0Compliance  MODULE-COMPLIANCE
    STATUS  obsolete
    DESCRIPTION
            "The compliance statement for management of IPsec features
             on Alcatel-Lucent SROS series systems."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group,
            tIPsecTnlTempGroup,
            tmnxIPsecGWGroup,
            tmnxIPsecNotifyObjsGroup,
            tmnxIPsecNotifGroup,
            tmnxIPsecTnlBfdGroup,
            tmnxIPsecIkeGroup,
            tmnxIPsecCertGroup,
            tmnxIPsecMdaDpGroup
        }
    ::= { tmnxIPsecCompliances 5 }

tmnxIPsecV10v0Compliance  MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
            "The compliance statement for management of IPsec features
             on Alcatel-Lucent SROS series systems."
    MODULE  -- this module
        MANDATORY-GROUPS {
            tmnxIPsecV6v0Group,
            tmnxIPsecMdaDpStatsV6v1Group,
            tIPsecTnlTempGroup,
            tmnxIPsecGWV10v0Group,
            tmnxIPsecNotifyObjsGroup,
            tmnxIPsecNotifGroup,
            tmnxIPsecTnlBfdGroup,
            tmnxIPsecIkeGroup,
            tmnxIPsecCertGroup,
            tmnxIPsecMdaDpGroup,
            tmnxIPsecV10v0Group,
            tmnxIPsecMdaDpStatsV10v0Group
        }
    ::= { tmnxIPsecCompliances 6 }

--
-- Units of conformance
--

tmnxIPsecV6v0Group  OBJECT-GROUP
    OBJECTS {
    tmnxIPsecTransformTblLastChanged,
    tmnxIPsecTransformRowStatus, 
    tmnxIPsecTransformLastChanged,
    tmnxIPsecTransformAuthAlgorithm,
    tmnxIPsecTransformEncrAlgorithm,
    tmnxIkePolicyTableLastChanged,
    tmnxIkePolicyRowStatus,
    tmnxIkePolicyLastChanged,
    tmnxIkePolicyDescription,
    tmnxIkePolicyIkeMode,
    tmnxIkePolicyDHGroup,
    tmnxIkePolicyPFSEnabled,
    tmnxIkePolicyPFSDHGroup,
    tmnxIkePolicyAuthAlgorithm,
    tmnxIkePolicyEncrAlgorithm,
    tmnxIkePolicyIsakmpLifeTime,
    tmnxIkePolicyIPsecLifeTime,
    tmnxIkePolicyNatTraversal, 
    tmnxIkePolicyNatTKeepAliveIntvl,
    tmnxIkePolicyNatTBehindNatOnly,
    tmnxIkePolicyDpd,
    tmnxIkePolicyDpdInterval,
    tmnxIkePolicyDpdMaxRetries,
    tmnxIPsecTunnelTableLastChanged,
    tmnxIPsecTunnelRowStatus,
    tmnxIPsecTunnelLastChanged,
    tmnxIPsecTunnelDescription,
    tmnxIPsecTunnelLclGwAddrType,
    tmnxIPsecTunnelLclGwAddr,
    tmnxIPsecTunnelRemGwAddrType,
    tmnxIPsecTunnelRemGwAddr,
    tmnxIPsecTunnelPublicSvcId,
    tmnxIPsecTunnelSecurityPolicyId,
    tmnxIPsecTunnelKeyingType,
    tmnxIPsecTunnelDynTransformId1,
    tmnxIPsecTunnelDynTransformId2,
    tmnxIPsecTunnelDynTransformId3,
    tmnxIPsecTunnelDynTransformId4,
    tmnxIPsecTunnelIkePolicyId,
    tmnxIPsecTunnelIkePreSharedKey,
    tmnxIPsecTunnelAdminState,
    tmnxIPsecTunnelOperState,
    tmnxIPsecTunnelOperFlags,
    tmnxIPsecTunnelReplayWindow,
    tmnxIPsecTunnelIsakmpState,
    tmnxIPsecTunnelIsakmpEstabTime,
    tmnxIPsecTunnelIsakmpNegLifeTime,
    tmnxIPsecTunnelNumDpdTx,
    tmnxIPsecTunnelNumDpdRx,
    tmnxIPsecTunnelNumDpdAckTx,
    tmnxIPsecTunnelNumDpdAckRx,
    tmnxIPsecTunnelNumExpRx,
    tmnxIPsecTunnelNumInvalidDpdRx,
    tmnxIPsecTunnelNumCtrlPktsTx,
    tmnxIPsecTunnelNumCtrlPktsRx,
    tmnxIPsecTunnelNumCtrlTxErrors,
    tmnxIPsecTunnelNumCtrlRxErrors,
    tmnxIPsecPolicyTableLastChanged,
    tmnxIPsecPolicyRowStatus,
    tmnxIPsecPolicyLastChanged,
    tmnxIPsecPlcyParamsTblLastChangd,
    tmnxIPsecPolicyParamsRowStatus,
    tmnxIPsecPolicyParamsLastChanged,
    tmnxIPsecPolicyParamsLclAddrAny,
    tmnxIPsecPolicyParamsLclAddrType,
    tmnxIPsecPolicyParamsLclAddr,
    tmnxIPsecPolicyParamsLclAPrefLen,
    tmnxIPsecPolicyParamsRemAddrAny,
    tmnxIPsecPolicyParamsRemAddrType,
    tmnxIPsecPolicyParamsRemAddr,
    tmnxIPsecPolicyParamsRemAPrefLen,
    tmnxIPsecSATableLastChanged,
    tmnxIPsecSARowStatus, 
    tmnxIPsecSALastChanged,
    tmnxIPsecSAType,
    tmnxIPsecSAEncryptionKey,
    tmnxIPsecSAAuthenticationKey,
    tmnxIPsecSASpi, 
    tmnxIPsecSAManualTransformId, 
    tmnxIPsecSAAuthAlgorithm,
    tmnxIPsecSAEncrAlgorithm,
    tmnxIPsecSAStorageType,
    tmnxIPsecSAEstablishedTime,  
    tmnxIPsecSANegotiatedLifeTime,
    tmnxIPsecSAStatsBytesProcessed,
    tmnxIPsecSAStatsBytesProcLow32,
    tmnxIPsecSAStatsBytesProcHigh32,
    tmnxIPsecSAStatsPktsProcessed,
    tmnxIPsecSAStatsPktsProcLow32,
    tmnxIPsecSAStatsPktsProcHigh32,
    tmnxIPsecSAStatsCryptoErrors,
    tmnxIPsecSAStatsReplayErrors,
    tmnxIPsecSAStatsSAErrors, 
    tmnxIPsecSAStatsPolicyErrors
    }
    STATUS current
    DESCRIPTION
        "The group of objects supporting the IPsec Feature capabilities 
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxIPsecGroups 1 }

tmnxIPsecMdaDpStatsV6v1Group  OBJECT-GROUP
    OBJECTS {
    tmnxIPsecMdaDpStatsEncryptPkts,
    tmnxIPsecMdaDpStatsEncryptPktsLow32,
    tmnxIPsecMdaDpStatsEncryptPktsHigh32,
    tmnxIPsecMdaDpStatsEncryptBytes,
    tmnxIPsecMdaDpStatsEncryptBytesLow32,
    tmnxIPsecMdaDpStatsEncryptBytesHigh32,
    tmnxIPsecMdaDpStatsDecryptPkts,
    tmnxIPsecMdaDpStatsDecryptPktsLow32,
    tmnxIPsecMdaDpStatsDecryptPktsHigh32,
    tmnxIPsecMdaDpStatsDecryptBytes,
    tmnxIPsecMdaDpStatsDecryptBytesLow32,
    tmnxIPsecMdaDpStatsDecryptBytesHigh32,
    tmnxIPsecMdaDpStatsTxPktErrs,
    tmnxIPsecMdaDpStatsOutBDropPkts,
    tmnxIPsecMdaDpStatsOutBDropPktsLow32,
    tmnxIPsecMdaDpStatsOutBDropPktsHigh32,
    tmnxIPsecMdaDpStatsOutBSAMisses,
    tmnxIPsecMdaDpStatsOutBSAMissesLow32,
    tmnxIPsecMdaDpStatsOutBSAMissesHigh32,
    tmnxIPsecMdaDpStatsOutBPolicyEntryMisses,
    tmnxIPsecMdaDpStatsInBDropPkts,
    tmnxIPsecMdaDpStatsInBDropPktsLow32,
    tmnxIPsecMdaDpStatsInBDropPktsHigh32,
    tmnxIPsecMdaDpStatsInBSAMisses,
    tmnxIPsecMdaDpStatsInBSAMissesLow32,
    tmnxIPsecMdaDpStatsInBSAMissesHigh32,
    tmnxIPsecMdaDpStatsInBIPDstSrcMismatches
    }
    STATUS current
    DESCRIPTION
        "The group of objects for IPsec Mda Data Path Statistics
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxIPsecGroups 2 }

tIPsecTnlTempGroup  OBJECT-GROUP
    OBJECTS {
       tIPsecTnlTempDescr,  
       tIPsecTnlTempDynKeyTransformId1,  
       tIPsecTnlTempDynKeyTransformId2,  
       tIPsecTnlTempDynKeyTransformId3,  
       tIPsecTnlTempDynKeyTransformId4,  
       tIPsecTnlTempLastChanged,  
       tIPsecTnlTempReplayWindow,  
       tIPsecTnlTempReverseRoute,  
       tIPsecTnlTempRowStatus,  
       tIPsecTnlTempTblLastChanged,  
       tmnxIkePolicyAuthMethod
    }
    STATUS current
    DESCRIPTION
        "The group of objects for IPsec tunnel template
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxIPsecGroups 3 }

tmnxIPsecGWGroup OBJECT-GROUP
    OBJECTS {
       tmnxIPsecTunnelAutoEstablish,
       tmnxIPsecGWAdminState,  
       tmnxIPsecGWName,  
       tmnxIPsecGWIfName,  
       tmnxIPsecGWInetAddrType,  
       tmnxIPsecGWInetAddress,  
       tmnxIPsecGWLastMgmtChange,  
       tmnxIPsecGWOperState,  
       tmnxIPsecGWRowStatus,  
       tmnxIPsecGWSecureService,  
       tmnxIPsecGWTblLastChgd,  
       tmnxIPsecGWTunnelPolicyTemp,
       tmnxIPsecGWIkePolicyId,  
       tmnxIPsecGWIkePreShared,  
       tmnxIPsecGWLclX509Cert,  
       tmnxIPsecGWLclPrivateKey,
       tmnxIPsecGWOperFlags,
       tmnxIPsecGWCACert,  
       tmnxIPsecGWCACertRevocList,
       tIPsecRUSAAuthAlgorithm,  
       tIPsecRUSAAuthenticationKey,  
       tIPsecRUSAEncrAlgorithm,  
       tIPsecRUSAEncryptionKey,  
       tIPsecRUSAEstablishedTime,  
       tIPsecRUSANegotiatedLifeTime,  
       tIPsecRUSASpi,  
       tIPsecRUSAStatsBytesProcHigh32,  
       tIPsecRUSAStatsBytesProcLow32,  
       tIPsecRUSAStatsBytesProcessed,  
       tIPsecRUSAStatsCryptoErrors,  
       tIPsecRUSAStatsPktsProcHigh32,  
       tIPsecRUSAStatsPktsProcLow32,  
       tIPsecRUSAStatsPktsProcessed,  
       tIPsecRUSAStatsPolicyErrors,  
       tIPsecRUSAStatsReplayErrors,  
       tIPsecRUSAStatsSAErrors,  
       tIPsecRUTnlIPsecSALifeTime,  
       tIPsecRUTnlIsakmpEstabTime,  
       tIPsecRUTnlIsakmpNegLifeTime,  
       tIPsecRUTnlIsakmpState,  
       tIPsecRUTnlNumCtrlPktsRx,  
       tIPsecRUTnlNumCtrlPktsTx,  
       tIPsecRUTnlNumCtrlRxErrors,  
       tIPsecRUTnlNumCtrlTxErrors,  
       tIPsecRUTnlNumDpdAckRx,  
       tIPsecRUTnlNumDpdAckTx,  
       tIPsecRUTnlNumDpdRx,  
       tIPsecRUTnlNumDpdTx,  
       tIPsecRUTnlNumExpRx,  
       tIPsecRUTnlNumInvalidDpdRx,  
       tIPsecRUTnlPfsDHGroup,  
       tIPsecRUTnlHasBiDirectionalSA,
       tIPsecRUTnlPrivateIfIndex,  
       tIPsecRUTnlPrivateIpAddr,  
       tIPsecRUTnlPrivateIpPrefixLen,  
       tIPsecRUTnlPrivateIpAddrType,  
       tIPsecRUTnlPrivateSvcId,  
       tIPsecRUTnlReplayWindow,  
       tIPsecRUTnlTempId,
       tIPsecRUSALclAPrefLen,  
       tIPsecRUSALclAddr,  
       tIPsecRUSALclAddrType,  
       tIPsecRUSARemAPrefLen,  
       tIPsecRUSARemAddr,  
       tIPsecRUSARemAddrType,
       tmnxIPsecGWPskXAuthTunnels,
       tmnxIPsecGWPskTunnels,
       tmnxIPsecPskTunnels
    }
    STATUS      obsolete
    DESCRIPTION
        "The group of objects supporting management of IPSec gateway
         capabilities for SAP's on Alcatel-Lucnet SROS series systems."
    ::= { tmnxIPsecGroups 4 }

tmnxIPsecNotifyObjsGroup OBJECT-GROUP
    OBJECTS {
       tIPsecNotifRUTnlInetAddrType,
       tIPsecNotifRUTnlInetAddress,
       tIPsecNotifRUTnlPort,
       tIPsecNotifReason,
       tIPsecNotifBfdIntfDestIp,
       tIPsecNotifBfdIntfDestIpType,
       tIPsecNotifBfdIntfIfName,
       tIPsecNotifBfdIntfSessState,
       tIPsecNotifBfdIntfSvcId
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPsec notification
        objects on Alcatel-Lucent SROS series systems."
    ::= { tmnxIPsecGroups 5 }

tmnxIPsecTnlBfdGroup  OBJECT-GROUP
    OBJECTS {
     tmnxIPsecTunnelBfdDesignate,
     tmnxIPsecTunnelBfdRowStatus,
     tmnxIPsecTunnelBfdSrcAddrType,
     tmnxIPsecTunnelBfdSrcAddr,
     tmnxIPsecTunnelBfdSessOperState,
     tmnxIPsecTunnelBfdLastChanged,      
     tmnxIPsecTunnelBfdTableLastChgd
    }
    STATUS current
    DESCRIPTION
        "The group of objects for IPsec Tunnel BFD service
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxIPsecGroups 6 }

tmnxIPsecIkeGroup OBJECT-GROUP
    OBJECTS {
        tmnxIkePolicyIkeVersion
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPSec IKE specific
         capabilities on Alcatel-Lucent SROS series systems."
    ::= { tmnxIPsecGroups 7 }

tmnxIPsecCertGroup OBJECT-GROUP
    OBJECTS {
       tmnxIPsecGWCertTrustAnchor,  
       tmnxIPsecGWLocalIdType,  
       tmnxIPsecGWLocalIdValue,  
       tmnxIPsecTunnelCertFile,  
       tmnxIPsecTunnelKeyFile,  
       tmnxIPsecTunnelCertTrustAnchor,  
       tmnxIPsecTunnelLocalIdType,  
       tmnxIPsecTunnelLocalIdValue,
       tmnxIPsecTunnelClearDfBit,
       tmnxIPsecTunnelIpMtu,
       tmnxIkePolicyOwnAuthMethod
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPSec X.509 certificate
         specific capabilities on Alcatel-Lucent SROS series systems."
    ::= { tmnxIPsecGroups 8 }

tmnxIpsecObsoletedV10v0Group OBJECT-GROUP
    OBJECTS {
       tmnxIPsecGWCACert,  
       tmnxIPsecGWCACertRevocList  
    }
    STATUS      current
    DESCRIPTION
        "The group of objects obsoleted related to management of IPSec 
         specific capabilities on Alcatel-Lucent SROS series systems."
    ::= { tmnxIPsecGroups 9 }

tmnxIPsecGWV10v0Group OBJECT-GROUP
    OBJECTS {
       tmnxIPsecTunnelAutoEstablish,
       tmnxIPsecGWAdminState,  
       tmnxIPsecGWName,  
       tmnxIPsecGWIfName,  
       tmnxIPsecGWInetAddrType,  
       tmnxIPsecGWInetAddress,  
       tmnxIPsecGWLastMgmtChange,  
       tmnxIPsecGWOperState,  
       tmnxIPsecGWRowStatus,  
       tmnxIPsecGWSecureService,  
       tmnxIPsecGWTblLastChgd,  
       tmnxIPsecGWTunnelPolicyTemp,
       tmnxIPsecGWIkePolicyId,  
       tmnxIPsecGWIkePreShared,  
       tmnxIPsecGWLclX509Cert,  
       tmnxIPsecGWLclPrivateKey,
       tmnxIPsecGWOperFlags,
       tIPsecRUSAAuthAlgorithm,  
       tIPsecRUSAAuthenticationKey,  
       tIPsecRUSAEncrAlgorithm,  
       tIPsecRUSAEncryptionKey,  
       tIPsecRUSAEstablishedTime,  
       tIPsecRUSANegotiatedLifeTime,  
       tIPsecRUSASpi,  
       tIPsecRUSAStatsBytesProcHigh32,  
       tIPsecRUSAStatsBytesProcLow32,  
       tIPsecRUSAStatsBytesProcessed,  
       tIPsecRUSAStatsCryptoErrors,  
       tIPsecRUSAStatsPktsProcHigh32,  
       tIPsecRUSAStatsPktsProcLow32,  
       tIPsecRUSAStatsPktsProcessed,  
       tIPsecRUSAStatsPolicyErrors,  
       tIPsecRUSAStatsReplayErrors,  
       tIPsecRUSAStatsSAErrors,  
       tIPsecRUTnlIPsecSALifeTime,  
       tIPsecRUTnlIsakmpEstabTime,  
       tIPsecRUTnlIsakmpNegLifeTime,  
       tIPsecRUTnlIsakmpState,  
       tIPsecRUTnlNumCtrlPktsRx,  
       tIPsecRUTnlNumCtrlPktsTx,  
       tIPsecRUTnlNumCtrlRxErrors,  
       tIPsecRUTnlNumCtrlTxErrors,  
       tIPsecRUTnlNumDpdAckRx,  
       tIPsecRUTnlNumDpdAckTx,  
       tIPsecRUTnlNumDpdRx,  
       tIPsecRUTnlNumDpdTx,  
       tIPsecRUTnlNumExpRx,  
       tIPsecRUTnlNumInvalidDpdRx,  
       tIPsecRUTnlPfsDHGroup,  
       tIPsecRUTnlHasBiDirectionalSA,
       tIPsecRUTnlPrivateIfIndex,  
       tIPsecRUTnlPrivateIpAddr,  
       tIPsecRUTnlPrivateIpPrefixLen,  
       tIPsecRUTnlPrivateIpAddrType,  
       tIPsecRUTnlPrivateSvcId,  
       tIPsecRUTnlReplayWindow,  
       tIPsecRUTnlTempId,
       tIPsecRUSALclAPrefLen,  
       tIPsecRUSALclAddr,  
       tIPsecRUSALclAddrType,  
       tIPsecRUSARemAPrefLen,  
       tIPsecRUSARemAddr,  
       tIPsecRUSARemAddrType,
       tmnxIPsecGWPskXAuthTunnels,
       tmnxIPsecGWPskTunnels,
       tmnxIPsecGWCertTunnels,
       tmnxIPsecPskTunnels
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of IPSec gateway
         capabilities for SAP's on Alcatel-Lucnet SROS series systems."
    ::= { tmnxIPsecGroups 10 }

tmnxIPsecMdaDpStatsV10v0Group  OBJECT-GROUP
    OBJECTS {
       tmnxIPsecMdaDpStaticIPsecTnls,
       tmnxIPsecMdaDpDynIPsecTnls,
       tmnxIPsecMdaDpIpGreTnls,
       tmnxIPsecMdaDpIpv4Tnls,
       tmnxIPsecMdaDpGreTnlInBytes,  
       tmnxIPsecMdaDpGreTnlInBytesHi,  
       tmnxIPsecMdaDpGreTnlInBytesLo,  
       tmnxIPsecMdaDpGreTnlInErrs,  
       tmnxIPsecMdaDpGreTnlInErrsHi,  
       tmnxIPsecMdaDpGreTnlInErrsLo,  
       tmnxIPsecMdaDpGreTnlInPkts,  
       tmnxIPsecMdaDpGreTnlInPktsHi,  
       tmnxIPsecMdaDpGreTnlInPktsLo,  
       tmnxIPsecMdaDpGreTnlOutBytes,  
       tmnxIPsecMdaDpGreTnlOutBytesHi,  
       tmnxIPsecMdaDpGreTnlOutBytesLo,  
       tmnxIPsecMdaDpGreTnlOutErrs,  
       tmnxIPsecMdaDpGreTnlOutErrsHi,  
       tmnxIPsecMdaDpGreTnlOutErrsLo,  
       tmnxIPsecMdaDpGreTnlOutPkts,  
       tmnxIPsecMdaDpGreTnlOutPktsHi,  
       tmnxIPsecMdaDpGreTnlOutPktsLo,  
       tmnxIPsecMdaDpFragDropTime,  
       tmnxIPsecMdaDpFragDropTimeHigh32,  
       tmnxIPsecMdaDpFragDropTimeLow32,  
       tmnxIPsecMdaDpFragDropped,  
       tmnxIPsecMdaDpFragDroppedHigh32,  
       tmnxIPsecMdaDpFragDroppedLow32,  
       tmnxIPsecMdaDpInFragments,  
       tmnxIPsecMdaDpInFragmentsHigh32,  
       tmnxIPsecMdaDpInFragmentsLow32,  
       tmnxIPsecMdaDpPktsReassem,  
       tmnxIPsecMdaDpPktsReassemHigh32,  
       tmnxIPsecMdaDpPktsReassemLow32,
       tmnxIPsecMdaDpPktsDropDfSet,
       tmnxIPsecMdaDpPktsDropDfSetLo,
       tmnxIPsecMdaDpPktsDropDfSetHi
    }
    STATUS current
    DESCRIPTION
        "The group of objects for IPsec Mda Data Path Statistics
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxIPsecGroups 11 }

tmnxIPsecMdaDpGroup OBJECT-GROUP
    OBJECTS {
       tmnxIPsecMdaDpGreTnlInBytes,  
       tmnxIPsecMdaDpGreTnlInBytesHi,  
       tmnxIPsecMdaDpGreTnlInBytesLo,  
       tmnxIPsecMdaDpGreTnlInErrs,  
       tmnxIPsecMdaDpGreTnlInErrsHi,  
       tmnxIPsecMdaDpGreTnlInErrsLo,  
       tmnxIPsecMdaDpGreTnlInPkts,  
       tmnxIPsecMdaDpGreTnlInPktsHi,  
       tmnxIPsecMdaDpGreTnlInPktsLo,  
       tmnxIPsecMdaDpGreTnlOutBytes,  
       tmnxIPsecMdaDpGreTnlOutBytesHi,  
       tmnxIPsecMdaDpGreTnlOutBytesLo,  
       tmnxIPsecMdaDpGreTnlOutErrs,  
       tmnxIPsecMdaDpGreTnlOutErrsHi,  
       tmnxIPsecMdaDpGreTnlOutErrsLo,  
       tmnxIPsecMdaDpGreTnlOutPkts,  
       tmnxIPsecMdaDpGreTnlOutPktsHi,  
       tmnxIPsecMdaDpGreTnlOutPktsLo
    }
    STATUS current
    DESCRIPTION
        "The group of objects for IPsec Mda Data Path Statistics
         on Alcatel-Lucent SROS series systems."
    ::= { tmnxIPsecGroups 12 }

tmnxIPsecV10v0Group OBJECT-GROUP
    OBJECTS {
        tmnxIPsecTunnelHostISA,
        tIPsecRUTnlHostISA
    }
    STATUS current
    DESCRIPTION
        "The group of additional objects for IPsec feature on Alcatel-Lucent
        SROS series systems in 10.0 release."
    ::= { tmnxIPsecGroups 13 }


-- -------------------------
-- IPsec Notification group
-- -------------------------

tmnxIPsecNotifGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        tIPsecRUTnlFailToCreate,
        tIPsecRUSAFailToAddRoute,
        tIPsecBfdIntfSessStateChgd
    }
    STATUS     current
    DESCRIPTION
        "The group of notifications supporting IPsec on the Alcatel-Lucent SROS
        series systems."
    ::= { tmnxIPsecNotifGroups 1 }
        


END


