Sh3ll
OdayForums


Server : Apache
System : Linux server1.cgrithy.com 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64
User : nobody ( 99)
PHP Version : 8.1.23
Disable Function : NONE
Directory :  /usr/share/pibs/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //usr/share/pibs/IPSEC-POLICY-PIB
IPSEC-POLICY-PIB PIB-DEFINITIONS ::= BEGIN  
 
   IMPORTS  
   ibrpib FROM TUBS-SMI
   Unsigned32, MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, 
   TEXTUAL-CONVENTION, MODULE-COMPLIANCE, OBJECT-GROUP, pib
        FROM COPS-PR-SPPI  
   TruthValue  
        FROM SNMPv2-TC  
   InstanceId, ReferenceId, TagId, TagReferenceId, Prid
        FROM COPS-PR-SPPI-TC
   SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
   RoleCombination  
        FROM FRAMEWORK-TC-PIB; 
         
   ipSecPolicyPib MODULE-IDENTITY  
   SUBJECT-CATEGORIES { all } -- IPsec Client Type --   
   LAST-UPDATED "200202241800Z"  
   ORGANIZATION "IETF ipsp WG"  
   CONTACT-INFO "  
                Man Li  
                Nokia  
                5 Wayside Road,  
                Burlington, MA 01803  
                Phone: +1 781 993 3923  
                Email: man.m.li@nokia.com  
                 
                Avri Doria 
                Div. of Computer Communications 
                Lulea University of Technology 
                SE-971 87 
                Lulea, Sweden 
                Phone: +46 920 49 3030 
                Email: avri@sm.luth.se 
                 
                Jamie Jason 
                Intel Corporation 
                MS JF3-206 
                2111 NE 25th Ave. 
                Hillsboro, OR 97124 
                Phone: +1 503 264 9531 
                Fax: +1 503 264 9428 
                Email: jamie.jason@intel.com 
                 
                Cliff Wang 
                SmartPipes Inc. 
                Suite 300, 565 Metro Place South 
                Dublin, OH 43017 
                Phone: +1 614 923 6241 
                Email: CWang@smartpipes.com 
                 
                 Markus Stenberg 
                 SSH Communications Security Corp. 
                 Fredrikinkatu 42 
                 FIN-00100 Helsinki, Finland 
                 Phone: +358 20 500 7466 
                 Email: markus.stenberg@ssh.com" 
                 
    
   DESCRIPTION  
   "This PIB module contains a set of policy rule classes that 
   describe IPsec policies."  
   ::= { ibrpib 6 } -- yyy to be assigned by IANA -- 
    
    
   Unsigned16 ::= TEXTUAL-CONVENTION  
     STATUS       current  
     DESCRIPTION  
     "An unsigned 16 bit integer."  
     SYNTAX    Unsigned32 (0..65535) 
    
   ipSecAssociation OBJECT-IDENTITY 
     STATUS current 
     DESCRIPTION 
   "This group specifies IPsec Security Associations." 
     ::= { ipSecPolicyPib 1 } 
    
   ipSecAhTransform OBJECT-IDENTITY 
     STATUS current 
     DESCRIPTION 
   "This group specifies AH Transforms." 
     ::= { ipSecPolicyPib 2 } 
    
   ipSecEspTransform OBJECT-IDENTITY 
     STATUS current 
     DESCRIPTION 
   "This group specifies ESP Transforms." 
     ::= { ipSecPolicyPib 3 } 
    
   ipSecCompTransform OBJECT-IDENTITY 
     STATUS current 
     DESCRIPTION 
   "This group specifies Comp Transforms." 
     ::= { ipSecPolicyPib 4 } 
    
   ipSecIkeAssociation OBJECT-IDENTITY 
     STATUS current 
     DESCRIPTION 
   "This group specifies IKE Security Associations." 
     ::= { ipSecPolicyPib 5 } 
    
   ipSecCredential OBJECT-IDENTITY 
     STATUS current 
     DESCRIPTION 
   "This group specifies credentials for IKE phase one negotiations." 
     ::= { ipSecPolicyPib 6 } 
    
   ipSecSelector OBJECT-IDENTITY 
     STATUS current 
     DESCRIPTION 
   "This group specifies selectors for IPsec associations." 
     ::= { ipSecPolicyPib 7 } 
    
   ipSecPolicyTimePeriod OBJECT-IDENTITY 
     STATUS current 
     DESCRIPTION 
   "This group specifies the time periods during which a policy rule 
   is valid." 
     ::= { ipSecPolicyPib 8 } 
    
   ipSecIfCapability OBJECT-IDENTITY 
     STATUS current 
     DESCRIPTION 
   "This group specifies capabilities associated with interface 
   types." 
     ::= { ipSecPolicyPib 9 } 
    
   ipSecPolicyPibConformance OBJECT-IDENTITY 
     STATUS current 
     DESCRIPTION 
   "This group specifies requirements for conformance to the IPsec 
   Policy PIB" 
     ::= { ipSecPolicyPib 10 } 
    
     
   -- 
   -- 
   -- The ipSecRuleTable 
   -- 
      
   ipSecRuleTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecRuleEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "This table is the starting point for specifying an IPsec policy. 
   It contains an ordered list of IPsec rules. " 
     ::= { ipSecAssociation  1 } 
    
   ipSecRuleEntry OBJECT-TYPE 
     SYNTAX IpSecRuleEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecRulePrid } 
     UNIQUENESS { 
       ipSecRuleIfName, 
       ipSecRuleRoles, 
       ipSecRuleOrder 
       } 
     ::= { ipSecRuleTable 1 } 
    
     IpSecRuleEntry ::= SEQUENCE { 
        ipSecRulePrid InstanceId, 
        ipSecRuleIfName SnmpAdminString, 
        ipSecRuleRoles RoleCombination, 
        ipSecRuleDirection INTEGER, 
        ipSecRuleIpSecSelectorSetId TagReferenceId, 
        ipSecRuleipSecIpsoFilterSetId TagReferenceId, 
        ipSecRuleIpSecActionSetId TagReferenceId, 
        ipSecRuleActionExecutionStrategy INTEGER, 
        ipSecRuleOrder Unsigned16, 
        ipSecRuleLimitNegotiation INTEGER, 
        ipSecRuleAutoStart TruthValue, 
        ipSecRuleIpSecRuleTimePeriodGroupId TagReferenceId 
   } 
    
   ipSecRulePrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecRuleEntry  1 } 
    
   ipSecRuleIfName OBJECT-TYPE 
     SYNTAX SnmpAdminString 
     STATUS current 
     DESCRIPTION 
   "The interface capability set to which this IPsec rule applies. 
   The interface capability name specified by this attribute MUST 
   exist in the frwkIfCapSetTable [FR-PIB] prior to association with 
   an instance of this class." 
     ::= { ipSecRuleEntry  2 } 
    
   ipSecRuleRoles OBJECT-TYPE 
     SYNTAX RoleCombination 
     STATUS current 
     DESCRIPTION 
   "Specifies the role combination of the interface to which this 
   IPsec rule should apply. There must exist an instance in the 
   frwkIfCapSetRoleComboTable [FR-PIB] specifying this role 
   combination, together with the interface capability set specified 
   by ipSecRuleIfName, prior to association with an instance of this 
   class." 
     ::= { ipSecRuleEntry  3 } 
    
   ipSecRuleDirection OBJECT-TYPE 
     SYNTAX INTEGER { 
       in(1), 
       out(2), 
       bi-directional(3) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the direction of traffic to which this rule should 
   apply." 
     ::= { ipSecRuleEntry  4 } 
    
   ipSecRuleIpSecSelectorSetId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecSelectorSetSelectorSetId } 
     STATUS current 
     DESCRIPTION 
   "Identifies a set of selectors to be associated with this IPsec 
   rule. " 
     ::= { ipSecRuleEntry  5 } 
    
   ipSecRuleipSecIpsoFilterSetId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecIpsoFilterSetFilterSetId } 
     STATUS current 
     DESCRIPTION 
   "Identifies a set of IPSO filters to be associated with this IPsec 
   rule. A value of zero indicates that there are no IPSO filters 
   associated with this rule. 
    
   When the value of this attribute is not zero, the set of IPSO 
   filters is ANDed with the set of Selectors specified by 
   ipSecRuleIpSecSelectorSetId. In other words, a packet MUST match a 
   selector in the selector sets and a filter in the IPSO filter sets 
   before the actions associated with this rule can be applied." 
     ::= { ipSecRuleEntry  6 } 
    
   ipSecRuleIpSecActionSetId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecActionSetActionSetId } 
     STATUS current 
     DESCRIPTION 
   "Identifies a set of IPsec actions to be associated with this 
   rule." 
     ::= { ipSecRuleEntry  7 } 
    
   ipSecRuleActionExecutionStrategy OBJECT-TYPE 
     SYNTAX INTEGER { 
       doAll(1), 
       doUntilSuccess(2) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the strategy to be used in executing the sequenced 
   actions in the action set identified by ipSecRuleIpSecActionSetId. 
    
   DoAll (1) causes the execution of all the actions in the action 
   set according to their defined precedence order. The precedence 
   order is specified by the ipSecActionSetOrder in the 
   ipSecActionSetTable. 
    
   DoUntilSuccess (2) causes the execution of actions according to 
   their defined precedence order until a successful execution of a 
   single action. The precedence order is specified by the 
   ipSecActionSetOrder in the ipSecActionSetTable." 
     ::= { ipSecRuleEntry  8 } 
    
   ipSecRuleOrder OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the precedence order of the rule within all the rules 
   associated with {IfName, Roles}. A smaller value indicates a 
   higher precedence order. " 
     ::= { ipSecRuleEntry  9 } 
    
   ipSecRuleLimitNegotiation OBJECT-TYPE 
     SYNTAX INTEGER { 
       initiator(1), 
       responder(2), 
       both(3) 
       } 
     STATUS current 
     DESCRIPTION 
   "Limits the negotiation method. Before proceeding with a phase 2 
   negotiation, the LimitNegotiation property of the IPsecRule is 
   first checked to determine if the negotiation part indicated for 
   the rule matches that of the current negotiation (Initiator, 
   Responder, or Either).  
    
   This attribute is ignored when an attempt is made to refresh an 
   expiring SA (either side can initiate a refresh operation).  The 
   system can determine that the negotiation is a refresh operation 
   by checking to see if the selector information matches that of an 
   existing SA. If LimitNegotiation does not match and the selector 
   corresponds to a new SA, the negotiation is stopped. " 
     ::= { ipSecRuleEntry  10 } 
    
   ipSecRuleAutoStart OBJECT-TYPE 
     SYNTAX TruthValue 
     STATUS current 
     DESCRIPTION 
   "Indicates if this rule should be automatically executed." 
     ::= { ipSecRuleEntry  11 } 
    
   ipSecRuleIpSecRuleTimePeriodGroupId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecRuleTimePeriodSetRuleTimePeriodSetId } 
     STATUS current 
     DESCRIPTION 
   "Identifies an IPsec rule time period set, specified in 
   ipSecRuleTimePeriodSetTable, that is associated with this rule. 
    
   A value of zero indicates that this IPsec rule is always valid." 
     ::= { ipSecRuleEntry  12 } 
    
     
   -- 
   -- 
   -- The ipSecActionSetTable 
   -- 
      
   ipSecActionSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecActionSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPsec action sets." 
     ::= { ipSecAssociation  2 } 
    
   ipSecActionSetEntry OBJECT-TYPE 
     SYNTAX IpSecActionSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecActionSetPrid } 
     UNIQUENESS { 
       ipSecActionSetActionSetId, 
       ipSecActionSetActionId, 
       ipSecActionSetDoActionLogging, 
       ipSecActionSetDoPacketLogging, 
       ipSecActionSetOrder 
       } 
     ::= { ipSecActionSetTable 1 } 
    
     IpSecActionSetEntry ::= SEQUENCE { 
        ipSecActionSetPrid InstanceId, 
        ipSecActionSetActionSetId TagId, 
        ipSecActionSetActionId Prid, 
        ipSecActionSetDoActionLogging TruthValue, 
        ipSecActionSetDoPacketLogging TruthValue, 
        ipSecActionSetOrder Unsigned16 
   } 
    
   ipSecActionSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecActionSetEntry  1 } 
    
   ipSecActionSetActionSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "An IPsec action set is composed of one or more IPsec actions. 
   Each action belonging to the same set has the same ActionSetId." 
     ::= { ipSecActionSetEntry  2 } 
    
   ipSecActionSetActionId OBJECT-TYPE 
     SYNTAX Prid 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in another table that describes an 
   action to be taken.  
    
   For IPsec static actions, it MUST point to an instance in the 
   ipSecStaticActionTable.  
    
   For IPsec negotiation actions, it MUST point to an instance in the 
   ipSecNegotiationActionTable. For other actions, it may point to an 
   instance in a table specified by other PIB modules." 
     ::= { ipSecActionSetEntry  3 } 
    
   ipSecActionSetDoActionLogging OBJECT-TYPE 
     SYNTAX TruthValue 
     STATUS current 
     DESCRIPTION 
   "Specifies whether a log message is to be generated when the 
   action is performed.  This applies for ipSecNegotiationActions 
   with the meaning of logging a message when the negotiation is 
   attempted (with the success or failure result). This also applies 
   for ipSecStaticAction only for PreconfiguredTransport action or 
   PreconfiguredTunnel action with the meaning of logging a message 
   when the preconfigured SA is actually installed in the SADB." 
     ::= { ipSecActionSetEntry  4 } 
    
   ipSecActionSetDoPacketLogging OBJECT-TYPE 
     SYNTAX TruthValue 
     STATUS current 
     DESCRIPTION 
   "Specifies whether to log when the resulting security association 
   is used to process a packet. For ipSecStaticActions, a log message 
   is to be generated when the IPsecBypass, IpsecDiscard or IKEReject 
   actions are executed." 
     ::= { ipSecActionSetEntry  5 } 
    
   ipSecActionSetOrder OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the precedence order of the action within the action 
   set. An action with a smaller precedence order is to be applied 
   before one with a larger precedence order. " 
     ::= { ipSecActionSetEntry  6 } 
    
     
   -- 
   -- 
   -- The ipSecStaticActionTable 
   -- 
      
   ipSecStaticActionTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecStaticActionEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPsec static actions." 
     ::= { ipSecAssociation  3 } 
    
   ipSecStaticActionEntry OBJECT-TYPE 
     SYNTAX IpSecStaticActionEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecStaticActionPrid } 
     UNIQUENESS { 
       ipSecStaticActionAction, 
       ipSecStaticActionTunnelEndpointId, 
       ipSecStaticActionDfHandling, 
       ipSecStaticActionSpi, 
       ipSecStaticActionLifetimeSeconds, 
       ipSecStaticActionLifetimeKilobytes, 
       ipSecStaticActionSaTransformId 
       } 
     ::= { ipSecStaticActionTable 1 } 
    
     IpSecStaticActionEntry ::= SEQUENCE { 
        ipSecStaticActionPrid InstanceId, 
        ipSecStaticActionAction INTEGER, 
        ipSecStaticActionTunnelEndpointId ReferenceId, 
        ipSecStaticActionDfHandling INTEGER, 
        ipSecStaticActionSpi Unsigned32, 
        ipSecStaticActionLifetimeSeconds Unsigned32, 
        ipSecStaticActionLifetimeKilobytes Unsigned32, 
        ipSecStaticActionSaTransformId Prid 
   } 
    
   ipSecStaticActionPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecStaticActionEntry  1 } 
    
   ipSecStaticActionAction OBJECT-TYPE 
     SYNTAX INTEGER { 
       byPass(1), 
       discard(2), 
       ikeRejection(3), 
       preConfiguredTransport(4), 
       preConfiguredTunnel(5) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the IPsec action to be applied to the traffic. byPass 
   (1) means that packets are to be allowed to pass in the clear. 
   discard (2) means that packets are to be discarded. ikeRejection 
   (3) means that that an IKE negotiation should not even be 
   attempted or continued. preConfiguredTransport (4) means that an 
   IPsec transport SA is pre-configured. preConfiguredTunnel (5) 
   means that an IPsec tunnel SA is pre-configured. " 
     ::= { ipSecStaticActionEntry  2 } 
    
   ipSecStaticActionTunnelEndpointId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecAddressEntry } 
     STATUS current 
     DESCRIPTION 
   "When ipSecStaticActionAction is preConfiguredTunnel (5), this 
   attribute indicates the peer gateway IP address. This address MUST 
   be a single endpoint address. 
    
   When ipSecStaticActionAction is not preConfiguredTunnel, this 
   attribute MUST be zero." 
     ::= { ipSecStaticActionEntry  3 } 
    
   ipSecStaticActionDfHandling OBJECT-TYPE 
     SYNTAX INTEGER { 
       copy(1), 
       set(2), 
       clear(3) 
       } 
     STATUS current 
     DESCRIPTION 
   "When ipSecStaticActionAction is preConfiguredTunnel, this 
   attribute specifies how the DF bit is managed.   
    
   Copy (1) indicates to copy the DF bit from the internal IP header 
   to the external IP header. Set (2) indicates to set the DF bit of 
   the external IP header to 1. Clear (3) indicates to clear the DF 
   bit of the external IP header to 0.  
    
   When ipSecStaticActionAction is not preConfiguredTunnel, this 
   attribute MUST be ignored. " 
     ::= { ipSecStaticActionEntry  4 } 
    
   ipSecStaticActionSpi OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the SPI to be used with the SA Transform identified by 
   ipSecStaticActionSaTransformId.  
    
   When ipSecStaticActionAction is neither 
   preConfiguredTransportAction nor preConfiguredTunnelAction, this 
   attribute MUST be ignored." 
     ::= { ipSecStaticActionEntry  5 } 
    
   ipSecStaticActionLifetimeSeconds OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the amount of time (in seconds) that a security 
   association derived from this action should be used. When 
   ipSecStaticActionAction is neither preConfiguredTransportAction 
   nor preConfiguredTunnelAction, this attribute MUST be ignored. 
    
   A value of zero indicates that there is not a lifetime associated 
   with this action (i.e., infinite lifetime).  
        
   The actual lifetime of the preconfigured SA will be the smallest 
   of the value of this LifetimeSeconds property and of the value of 
   the MaxLifetimeSeconds property of the associated SA Transform. 
   Except if the value of this LifetimeSeconds property is zero, then 
   there will be no lifetime associated to this SA." 
     ::= { ipSecStaticActionEntry  6 } 
    
   ipSecStaticActionLifetimeKilobytes OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the SA lifetime in kilobytes. When 
   ipSecStaticActionAction is neither preConfiguredTransportAction 
   nor preConfiguredTunnelAction, this attribute MUST be ignored. 
    
   A value of zero indicates that there is not a lifetime associated 
   with this action (i.e., infinite lifetime).  
        
   The actual lifetime of the preconfigured SA will be the smallest 
   of the value of this LifetimeKilobytes property and of the value 
   of the MaxLifetimeKilobytes property of the associated SA 
   transform. Except if the value of this LifetimeKilobytes property 
   is zero, then there will be no lifetime associated with this 
   action.  
   " 
     ::= { ipSecStaticActionEntry  7 } 
    
   ipSecStaticActionSaTransformId OBJECT-TYPE 
     SYNTAX Prid 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in another table that describes an 
   SA transform, e.g, ipSecEspTransformTable, ipSecAhTransformTable." 
     ::= { ipSecStaticActionEntry  8 } 
    
     
   -- 
   -- 
   -- The ipSecNegotiationActionTable 
   -- 
      
   ipSecNegotiationActionTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecNegotiationActionEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPsec negotiation actions." 
     ::= { ipSecAssociation  4 } 
    
   ipSecNegotiationActionEntry OBJECT-TYPE 
     SYNTAX IpSecNegotiationActionEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecNegotiationActionPrid } 
     UNIQUENESS { 
       ipSecNegotiationActionAction, 
       ipSecNegotiationActionTunnelEndpointId, 
       ipSecNegotiationActionDfHandling, 
       ipSecNegotiationActionIpSecSecurityAssociationId, 
       ipSecNegotiationActionKeyExchangeId 
       } 
     ::= { ipSecNegotiationActionTable 1 } 
    
     IpSecNegotiationActionEntry ::= SEQUENCE { 
        ipSecNegotiationActionPrid InstanceId, 
        ipSecNegotiationActionAction INTEGER, 
        ipSecNegotiationActionTunnelEndpointId ReferenceId, 
        ipSecNegotiationActionDfHandling INTEGER, 
        ipSecNegotiationActionIpSecSecurityAssociationId ReferenceId, 
        ipSecNegotiationActionKeyExchangeId Prid 
   } 
    
   ipSecNegotiationActionPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecNegotiationActionEntry  1 } 
    
   ipSecNegotiationActionAction OBJECT-TYPE 
     SYNTAX INTEGER { 
       transport(1), 
       tunnel(2) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the IPsec action to be applied to the traffic. 
   transport(1) means that the packet should be protected with a 
   security association in transport mode. tunnel(2) means that the 
   packet should be protected with a security association in tunnel 
   mode.  If tunnel (2) is specified, ipSecActionTunnelEndpointId 
   MUST also be specified." 
     ::= { ipSecNegotiationActionEntry  2 } 
    
   ipSecNegotiationActionTunnelEndpointId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecAddressEntry } 
     STATUS current 
     DESCRIPTION 
   "When ipSecActionAction is tunnel (2), this attribute indicates 
   the peer gateway IP address. This address MUST be a single 
   endpoint address. 
    
   When ipSecActionAction is not tunnel, this attribute MUST be 
   zero." 
     ::= { ipSecNegotiationActionEntry  3 } 
    
   ipSecNegotiationActionDfHandling OBJECT-TYPE 
     SYNTAX INTEGER { 
       copy(1), 
       set(2), 
       clear(3) 
       } 
     STATUS current 
     DESCRIPTION 
   "When ipSecActionAction is tunnel, this attribute specifies how 
   the DF bit is managed.   
    
   Copy (1) indicates to copy the DF bit from the internal IP header 
   to the external IP header. Set (2) indicates to set the DF bit of 
   the external IP header to 1. Clear (3) indicates to clear the DF 
   bit of the external IP header to 0.  
    
   When ipSecActionAction is not tunnel, this attribute MUST be 
   ignored. " 
     ::= { ipSecNegotiationActionEntry  4 } 
    
   ipSecNegotiationActionIpSecSecurityAssociationId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecAssociationEntry } 
     STATUS current 
     DESCRIPTION 
   "Pointer to a valid instance in the 
   ipSecSecurityAssociationTable." 
     ::= { ipSecNegotiationActionEntry  5 } 
    
   ipSecNegotiationActionKeyExchangeId OBJECT-TYPE 
     SYNTAX Prid 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in another table that describes key 
   exchange associations. If a single IKE phase one negotiation is 
   used for the key exchange, this attribute MUST point to an 
   instance in the ipSecIkeAssociationTable. If multiple IKE phase 
   one negotiations (e.g., with different modes) are to be tried 
   until success, this attribute SHOULD point to ipSecIkeRuleTable. 
    
   For other key exchange methods, this attribute may point to an 
   instance of a PRC defined in some other PIB.  
    
   A value of zero means that there is no key exchange procedure 
   associated." 
     ::= { ipSecNegotiationActionEntry  6 } 
    
     
   -- 
   -- 
   -- The ipSecAssociationTable 
   -- 
      
   ipSecAssociationTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecAssociationEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPsec associations." 
     ::= { ipSecAssociation  5 } 
    
   ipSecAssociationEntry OBJECT-TYPE 
     SYNTAX IpSecAssociationEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecAssociationPrid } 
     UNIQUENESS { 
       ipSecAssociationMinLifetimeSeconds, 
       ipSecAssociationMinLifetimeKilobytes, 
       ipSecAssociationIdleDurationSeconds, 
       ipSecAssociationUsePfs, 
       ipSecAssociationVendorId, 
       ipSecAssociationUseKeyExchangeGroup, 
       ipSecAssociationDhGroup, 
       ipSecAssociationGranularity, 
       ipSecAssociationProposalSetId 
       } 
     ::= { ipSecAssociationTable 1 } 
    
     IpSecAssociationEntry ::= SEQUENCE { 
        ipSecAssociationPrid InstanceId, 
        ipSecAssociationMinLifetimeSeconds Unsigned32, 
        ipSecAssociationMinLifetimeKilobytes Unsigned32, 
        ipSecAssociationIdleDurationSeconds Unsigned32, 
        ipSecAssociationUsePfs TruthValue, 
        ipSecAssociationVendorId OCTET STRING, 
        ipSecAssociationUseKeyExchangeGroup TruthValue, 
        ipSecAssociationDhGroup Unsigned16, 
        ipSecAssociationGranularity INTEGER, 
        ipSecAssociationProposalSetId TagReferenceId 
   } 
    
   ipSecAssociationPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecAssociationEntry  1 } 
    
   ipSecAssociationMinLifetimeSeconds OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the minimum SA seconds lifetime that will be accepted 
   from a peer while negotiating an SA based upon this action.   
   A value of zero indicates that there is no minimum lifetime 
   enforced." 
     ::= { ipSecAssociationEntry  2 } 
    
   ipSecAssociationMinLifetimeKilobytes OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the minimum kilobyte lifetime that will be accepted 
   from a negotiating peer while negotiating an SA based upon this 
   action.  A value of zero indicates that there is no minimum 
   lifetime enforced." 
     ::= { ipSecAssociationEntry  3 } 
    
   ipSecAssociationIdleDurationSeconds OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies how long, in seconds, a security association may remain 
   unused before it is deleted.  
    
   A value of zero indicates that idle detection should not be used 
   for the security association (only the seconds and kilobyte 
   lifetimes will be used)." 
     ::= { ipSecAssociationEntry  4 } 
    
   ipSecAssociationUsePfs OBJECT-TYPE 
     SYNTAX TruthValue 
     STATUS current 
     DESCRIPTION 
   "Specifies whether or not to use PFS when refreshing keys." 
     ::= { ipSecAssociationEntry  5 } 
    
   ipSecAssociationVendorId OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies the IKE Vendor ID. This attribute is used together with 
   the property ipSecAssociationDhGroup (when it is in the vendor-
   specific range) to identify the key exchange group.  This 
   attribute is ignored unless ipSecAssociationUsePFS is true and 
   ipSecAssociationUseKeyExchangeGroup is false and 
   ipSecAssociationDhGroup is in the vendor-specific range (32768-
   65535)." 
     ::= { ipSecAssociationEntry  6 } 
    
   ipSecAssociationUseKeyExchangeGroup OBJECT-TYPE 
     SYNTAX TruthValue 
     STATUS current 
     DESCRIPTION 
   "Specifies whether or not to use the same GroupId for phase 2 as 
   was used in phase 1.  If UsePFS is false, then this attribute is 
   ignored.  
    
   A value of true indicates that the phase 2 GroupId should be the 
   same as phase 1.  A value of false indicates that the group number 
   specified by the ipSecSecurityAssociationDhGroup attribute SHALL 
   be used for phase 2. " 
     ::= { ipSecAssociationEntry  7 } 
    
   ipSecAssociationDhGroup OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the key exchange group to use for phase 2 when the 
   property ipSecSecurityAssociationUsePfs is true and the property 
   ipSecSecurityAssociationUseKeyExchangeGroup is false." 
     ::= { ipSecAssociationEntry  8 } 
    
   ipSecAssociationGranularity OBJECT-TYPE 
     SYNTAX INTEGER { 
       subnet(1), 
       address(2), 
       protocol(3), 
       port(4) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies how the proposed selector for the security association 
   will be created. 
    
   A value of 1 (subnet) indicates that the source and destination 
   subnet masks of the filter entry are used. 
    
   A value of 2 (address) indicates that only the source and 
   destination IP addresses of the triggering packet are used.   
    
   A value of 3 (protocol) indicates that the source and destination 
   IP addresses and the IP protocol of the triggering packet are 
   used.  
    
   A value of 4 (port) indicates that the source and destination IP 
   addresses and the IP protocol and the source and destination layer 
   4 ports of the triggering packet are used. " 
     ::= { ipSecAssociationEntry  9 } 
    
   ipSecAssociationProposalSetId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecProposalSetProposalSetId } 
     STATUS current 
     DESCRIPTION 
   "Identifies a set of IPsec proposals that is associated with this 
   IPsec association." 
     ::= { ipSecAssociationEntry  10 } 
    
     
   -- 
   -- 
   -- The ipSecProposalSetTable 
   -- 
      
   ipSecProposalSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecProposalSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPsec proposal sets. Proposals within a set are ORed 
   with preference order. " 
     ::= { ipSecAssociation  6 } 
    
   ipSecProposalSetEntry OBJECT-TYPE 
     SYNTAX IpSecProposalSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecProposalSetPrid } 
     UNIQUENESS { 
       ipSecProposalSetProposalSetId, 
       ipSecProposalSetProposalId, 
       ipSecProposalSetOrder 
       } 
     ::= { ipSecProposalSetTable 1 } 
    
     IpSecProposalSetEntry ::= SEQUENCE { 
        ipSecProposalSetPrid InstanceId, 
        ipSecProposalSetProposalSetId TagId, 
        ipSecProposalSetProposalId ReferenceId, 
        ipSecProposalSetOrder Unsigned16 
   } 
    
   ipSecProposalSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecProposalSetEntry  1 } 
    
   ipSecProposalSetProposalSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 


   "An IPsec proposal set is composed of one or more IPsec proposals. 
   Each proposal belonging to the same set has the same 
   ProposalSetId." 
     ::= { ipSecProposalSetEntry  2 } 
    
   ipSecProposalSetProposalId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecProposalEntry } 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in the ipSecProposalTable." 
     ::= { ipSecProposalSetEntry  3 } 
    
   ipSecProposalSetOrder OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "An integer that specifies the precedence order of the proposal 
   identified by ipSecProposalSetProposalId in a proposal set. The 
   proposal set is identified by ipSecProposalSetProposalSetId. 
   Proposals within a set are ORed with preference order. A smaller 
   integer value indicates a higher preference." 
     ::= { ipSecProposalSetEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecProposalTable 
   -- 
      
   ipSecProposalTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecProposalEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPsec proposals. It has references to ESP, AH and 
   IPCOMP Transform sets. Within a proposal, different types of 
   transforms are ANDed. Multiple transforms of the same type are 
   ORed with preference order." 
     ::= { ipSecAssociation  7 } 
    
   ipSecProposalEntry OBJECT-TYPE 
     SYNTAX IpSecProposalEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecProposalPrid } 
     UNIQUENESS { 
       ipSecProposalEspTransformSetId, 
       ipSecProposalAhTransformSetId, 
       ipSecProposalCompTransformSetId 
       } 
     ::= { ipSecProposalTable 1 } 
    
     IpSecProposalEntry ::= SEQUENCE { 
        ipSecProposalPrid InstanceId, 
        ipSecProposalEspTransformSetId TagReferenceId, 
        ipSecProposalAhTransformSetId TagReferenceId, 
        ipSecProposalCompTransformSetId TagReferenceId 
   } 
    
   ipSecProposalPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecProposalEntry  1 } 
    
   ipSecProposalEspTransformSetId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecEspTransformSetTransformSetId } 
     STATUS current 
     DESCRIPTION 
   "An integer that identifies a set of ESP transforms, specified in 
   ipSecEspTransformSetTable, that is associated with this proposal." 
     ::= { ipSecProposalEntry  2 } 
    
   ipSecProposalAhTransformSetId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecAhTransformSetTransformSetId } 
     STATUS current 
     DESCRIPTION 
   "An integer that identifies an AH transform set, specified in 
   ipSecAhTransformSetTable, that is associated with this proposal." 
     ::= { ipSecProposalEntry  3 } 
    
   ipSecProposalCompTransformSetId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecCompTransformSetTransformSetId } 
     STATUS current 
     DESCRIPTION 
   "An integer that identifies a set of IPComp transforms, specified 
   in ipSecCompTransformSetTable, that is associated with this 
   proposal." 
     ::= { ipSecProposalEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecAhTransformSetTable 
   -- 
      
   ipSecAhTransformSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecAhTransformSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies AH transform sets. Within a transform set, the 
   transforms are ORed with preference order. " 
     ::= { ipSecAhTransform  1 } 
    
   ipSecAhTransformSetEntry OBJECT-TYPE 
     SYNTAX IpSecAhTransformSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecAhTransformSetPrid } 
     UNIQUENESS { 
       ipSecAhTransformSetTransformSetId, 
       ipSecAhTransformSetTransformId, 
       ipSecAhTransformSetOrder 
       } 
     ::= { ipSecAhTransformSetTable 1 } 
    
     IpSecAhTransformSetEntry ::= SEQUENCE { 
        ipSecAhTransformSetPrid InstanceId, 
        ipSecAhTransformSetTransformSetId TagId, 
        ipSecAhTransformSetTransformId ReferenceId, 
        ipSecAhTransformSetOrder Unsigned16 
   } 
    
   ipSecAhTransformSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class. " 
     ::= { ipSecAhTransformSetEntry  1 } 
    
   ipSecAhTransformSetTransformSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "An AH transform set is composed of one or more AH transforms. 
   Each transform belonging to the same set has the same 
   TransformSetId." 
     ::= { ipSecAhTransformSetEntry  2 } 
    
   ipSecAhTransformSetTransformId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecAhTransformEntry } 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in the ipSecAhTransformTable." 
     ::= { ipSecAhTransformSetEntry  3 } 
    
   ipSecAhTransformSetOrder OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "An integer that specifies the precedence order of the transform 
   identified by ipSecAhTransformSetTransformId within a transform 
   set. The transform set is identified by 
   ipSecAhTransformSetTransformSetId. Transforms within a set are 
   ORed with preference order. A smaller integer value indicates a 
   higher preference." 
     ::= { ipSecAhTransformSetEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecAhTransformTable 
   -- 
      
   ipSecAhTransformTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecAhTransformEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies AH transforms." 
     ::= { ipSecAhTransform  2 } 
    
   ipSecAhTransformEntry OBJECT-TYPE 
     SYNTAX IpSecAhTransformEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecAhTransformPrid } 
     UNIQUENESS { 
       ipSecAhTransformTransformId, 
       ipSecAhTransformIntegrityKey, 
       ipSecAhTransformUseReplayPrevention, 
       ipSecAhTransformReplayPreventionWindowSize, 
       ipSecAhTransformVendorId, 
       ipSecAhTransformMaxLifetimeSeconds, 
       ipSecAhTransformMaxLifetimeKilobytes 
       } 
     ::= { ipSecAhTransformTable 1 } 
    
     IpSecAhTransformEntry ::= SEQUENCE { 
        ipSecAhTransformPrid InstanceId, 
        ipSecAhTransformTransformId INTEGER, 
        ipSecAhTransformIntegrityKey OCTET STRING, 
        ipSecAhTransformUseReplayPrevention TruthValue, 
        ipSecAhTransformReplayPreventionWindowSize Unsigned32, 
        ipSecAhTransformVendorId OCTET STRING, 
        ipSecAhTransformMaxLifetimeSeconds Unsigned32, 
        ipSecAhTransformMaxLifetimeKilobytes Unsigned32 
   } 
    
   ipSecAhTransformPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class. " 
     ::= { ipSecAhTransformEntry  1 } 
    
   ipSecAhTransformTransformId OBJECT-TYPE 
     SYNTAX INTEGER { 
       md5(2), 
       sha-1(3), 
       des(4) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the transform ID of the AH algorithm to propose." 
     ::= { ipSecAhTransformEntry  2 } 
    
   ipSecAhTransformIntegrityKey OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "When this AH transform instance is used for a Static Action, this 
   attribute specifies the integrity key to be used. This attribute 
   MUST be ignored when this AH transform instance is used for a 
   Negotiation Action." 
     ::= { ipSecAhTransformEntry  3 } 
    
   ipSecAhTransformUseReplayPrevention OBJECT-TYPE 
     SYNTAX TruthValue 
     STATUS current 
     DESCRIPTION 
   "Specifies whether to enable replay prevention detection." 
     ::= { ipSecAhTransformEntry  4 } 
    
   ipSecAhTransformReplayPreventionWindowSize OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies, in bits, the length of the sliding window used by the 
   replay prevention detection mechanism. The value of this property 
   is ignored if UseReplayPrevention is false. It is assumed that the 
   window size will be power of 2." 
     ::= { ipSecAhTransformEntry  5 } 
    
   ipSecAhTransformVendorId OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies the vendor ID for vendor-defined transforms." 
     ::= { ipSecAhTransformEntry  6 } 
    
   ipSecAhTransformMaxLifetimeSeconds OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the maximum amount of time to propose for a security 
   association to remain valid.  
    
   A value of zero indicates that the default of 8 hours be used.  A 
   non-zero value indicates the maximum seconds lifetime." 
     ::= { ipSecAhTransformEntry  7 } 
    
   ipSecAhTransformMaxLifetimeKilobytes OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the maximum kilobyte lifetime to propose for a security 
   association to remain valid.  
    
   A value of zero indicates that there should be no maximum kilobyte 
   lifetime.  A non-zero value specifies the desired kilobyte 
   lifetime." 
     ::= { ipSecAhTransformEntry  8 } 
    
     
   -- 
   -- 
   -- The ipSecEspTransformSetTable 
   -- 
      
   ipSecEspTransformSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecEspTransformSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies ESP transform sets. Within a transform set, the choices 
   are ORed with preference order. " 
     ::= { ipSecEspTransform  1 } 
    
   ipSecEspTransformSetEntry OBJECT-TYPE 
     SYNTAX IpSecEspTransformSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecEspTransformSetPrid } 
     UNIQUENESS { 
       ipSecEspTransformSetTransformSetId, 
       ipSecEspTransformSetTransformId, 
       ipSecEspTransformSetOrder 
       } 
     ::= { ipSecEspTransformSetTable 1 } 
    
     IpSecEspTransformSetEntry ::= SEQUENCE { 
        ipSecEspTransformSetPrid InstanceId, 
        ipSecEspTransformSetTransformSetId TagId, 
        ipSecEspTransformSetTransformId ReferenceId, 
        ipSecEspTransformSetOrder Unsigned16 
   } 
    
   ipSecEspTransformSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecEspTransformSetEntry  1 } 
    
   ipSecEspTransformSetTransformSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "An ESP transform set is composed of one or more ESP transforms. 
   Each transform belonging to the same set has the same 
   TransformSetId." 
     ::= { ipSecEspTransformSetEntry  2 } 
    
   ipSecEspTransformSetTransformId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecEspTransformEntry } 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in the ipSecEspTransformTable." 
     ::= { ipSecEspTransformSetEntry  3 } 
    
   ipSecEspTransformSetOrder OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "An integer that specifies the precedence order of the transform 
   identified by ipSecEspTransformSetTransformId within a transform 
   set. The transform set is identified by 
   ipSecEspTransformSetTransformSetId. Transforms within a set are 
   ORed with preference order. A smaller integer value indicates a 
   higher preference." 
     ::= { ipSecEspTransformSetEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecEspTransformTable 
   -- 
      
   ipSecEspTransformTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecEspTransformEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies ESP transforms." 
     ::= { ipSecEspTransform  2 } 
    
   ipSecEspTransformEntry OBJECT-TYPE 
     SYNTAX IpSecEspTransformEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecEspTransformPrid } 
     UNIQUENESS { 
       ipSecEspTransformIntegrityTransformId, 
       ipSecEspTransformCipherTransformId, 
       ipSecEspTransformIntegrityKey, 
       ipSecEspTransformCipherKey, 
       ipSecEspTransformCipherKeyRounds, 
       ipSecEspTransformCipherKeyLength, 
       ipSecEspTransformUseReplayPrevention, 
       ipSecEspTransformReplayPreventionWindowSize, 
       ipSecEspTransformVendorId, 
       ipSecEspTransformMaxLifetimeSeconds, 
       ipSecEspTransformMaxLifetimeKilobytes 
       } 
     ::= { ipSecEspTransformTable 1 } 
    
     IpSecEspTransformEntry ::= SEQUENCE { 
        ipSecEspTransformPrid InstanceId, 
        ipSecEspTransformIntegrityTransformId INTEGER, 
        ipSecEspTransformCipherTransformId INTEGER, 
        ipSecEspTransformIntegrityKey OCTET STRING, 
        ipSecEspTransformCipherKey OCTET STRING, 
        ipSecEspTransformCipherKeyRounds Unsigned16, 
        ipSecEspTransformCipherKeyLength Unsigned16, 
        ipSecEspTransformUseReplayPrevention TruthValue, 
        ipSecEspTransformReplayPreventionWindowSize Unsigned32, 
        ipSecEspTransformVendorId OCTET STRING, 
        ipSecEspTransformMaxLifetimeSeconds Unsigned32, 
        ipSecEspTransformMaxLifetimeKilobytes Unsigned32 
   } 
    
   ipSecEspTransformPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecEspTransformEntry  1 } 
    
   ipSecEspTransformIntegrityTransformId OBJECT-TYPE 
     SYNTAX INTEGER { 
       none(0), 
       hmacMd5(1), 
       hmacSha(2), 
       desMac(3), 
       kpdk(4) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the transform ID of the ESP integrity algorithm to 
   propose." 
     ::= { ipSecEspTransformEntry  2 } 
    
   ipSecEspTransformCipherTransformId OBJECT-TYPE 
     SYNTAX INTEGER { 
       desIV64(1), 
       des(2), 
       tripleDES(3), 
       rc5(4), 
       idea(5), 
       cast(6), 
       blowfish(7), 
       tripleIDEA(8), 
       desIV32(9), 
       rc4(10), 
       null(11) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the transform ID of the ESP encryption algorithm to 
   propose." 
     ::= { ipSecEspTransformEntry  3 } 
    
   ipSecEspTransformIntegrityKey OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "When this ESP transform instance is used for a Static Action, 
   this attribute specifies the integrity key to be used. This 
   attribute MUST be ignored when this ESP transform instance is used 
   for a Negotiation Action." 
     ::= { ipSecEspTransformEntry  4 } 
    
   ipSecEspTransformCipherKey OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "When this ESP transform instance is used for a Static Action, 
   this attribute specifies the cipher key to be used. This attribute 
   MUST be ignored when this ESP transform instance is used for a 
   Negotiation Action." 
     ::= { ipSecEspTransformEntry  5 } 
    
   ipSecEspTransformCipherKeyRounds OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 


   "Specifies the number of key rounds for the ESP encryption 
   algorithm.  For encryption algorithms that use fixed number of key 
   rounds, this value is ignored." 
     ::= { ipSecEspTransformEntry  6 } 
    
   ipSecEspTransformCipherKeyLength OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies, in bits, the key length for the ESP encryption 
   algorithm. For encryption algorithms that use fixed-length keys, 
   this value is ignored." 
     ::= { ipSecEspTransformEntry  7 } 
    
   ipSecEspTransformUseReplayPrevention OBJECT-TYPE 
     SYNTAX TruthValue 
     STATUS current 
     DESCRIPTION 
   "Specifies whether to enable replay prevention detection." 
     ::= { ipSecEspTransformEntry  8 } 
    
   ipSecEspTransformReplayPreventionWindowSize OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies, in bits, the length of the sliding window used by the 
   replay prevention detection mechanism. The value of this property 
   is ignored if UseReplayPrevention is false. It is assumed that the 
   window size will be power of 2." 
     ::= { ipSecEspTransformEntry  9 } 
    
   ipSecEspTransformVendorId OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies the vendor ID for vendor-defined transforms." 
     ::= { ipSecEspTransformEntry  10 } 
    
   ipSecEspTransformMaxLifetimeSeconds OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the maximum amount of time to propose for a security 
   association to remain valid.  
    
   A value of zero indicates that the default of 8 hours be used.  A 
   non-zero value indicates the maximum seconds lifetime." 
     ::= { ipSecEspTransformEntry  11 } 
    
   ipSecEspTransformMaxLifetimeKilobytes OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the maximum kilobyte lifetime to propose for a security 
   association to remain valid.  
    
   A value of zero indicates that there should be no maximum kilobyte 
   lifetime.  A non-zero value specifies the desired kilobyte 
   lifetime." 
     ::= { ipSecEspTransformEntry  12 } 
    
     
   -- 
   -- 
   -- The ipSecCompTransformSetTable 
   -- 
      
   ipSecCompTransformSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecCompTransformSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPComp transform sets. Within a transform set, the 
   choices are ORed with preference order." 
     ::= { ipSecCompTransform  1 } 
    
   ipSecCompTransformSetEntry OBJECT-TYPE 
     SYNTAX IpSecCompTransformSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecCompTransformSetPrid } 
     UNIQUENESS { 
       ipSecCompTransformSetTransformSetId, 
       ipSecCompTransformSetTransformId, 
       ipSecCompTransformSetOrder 
       } 
     ::= { ipSecCompTransformSetTable 1 } 
    
     IpSecCompTransformSetEntry ::= SEQUENCE { 
        ipSecCompTransformSetPrid InstanceId, 
        ipSecCompTransformSetTransformSetId TagId, 
        ipSecCompTransformSetTransformId ReferenceId, 
        ipSecCompTransformSetOrder Unsigned16 
   } 
    
   ipSecCompTransformSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecCompTransformSetEntry  1 } 
    
   ipSecCompTransformSetTransformSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "An IPCOMP transform set is composed of one or more IPCOMP 
   transforms. Each transform belonging to the same set has the same 
   TransformSetId." 
     ::= { ipSecCompTransformSetEntry  2 } 
    
   ipSecCompTransformSetTransformId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecCompTransformEntry } 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in the ipSecCompTransformTable." 
     ::= { ipSecCompTransformSetEntry  3 } 
    
   ipSecCompTransformSetOrder OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "An integer that specifies the precedence order of the transform 
   identified by ipSecCompTransformSetTransformId within a transform 
   set. The transform set is identified by 
   ipSecCompTransformSetTransformSetId. Transforms within a set are 
   ORed with preference order. A smaller integer value indicates a 
   higher preference." 
     ::= { ipSecCompTransformSetEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecCompTransformTable 
   -- 
      
   ipSecCompTransformTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecCompTransformEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IP compression (IPCOMP) algorithms." 
     ::= { ipSecCompTransform  2 } 
    
   ipSecCompTransformEntry OBJECT-TYPE 
     SYNTAX IpSecCompTransformEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecCompTransformPrid } 
     UNIQUENESS { 
       ipSecCompTransformAlgorithm, 
       ipSecCompTransformDictionarySize, 
       ipSecCompTransformPrivateAlgorithm, 
       ipSecCompTransformVendorId, 
       ipSecCompTransformMaxLifetimeSeconds, 
       ipSecCompTransformMaxLifetimeKilobytes 
       } 
     ::= { ipSecCompTransformTable 1 } 
    
     IpSecCompTransformEntry ::= SEQUENCE { 
        ipSecCompTransformPrid InstanceId, 
        ipSecCompTransformAlgorithm INTEGER, 
        ipSecCompTransformDictionarySize Unsigned16, 
        ipSecCompTransformPrivateAlgorithm Unsigned32, 
        ipSecCompTransformVendorId OCTET STRING, 
        ipSecCompTransformMaxLifetimeSeconds Unsigned32, 
        ipSecCompTransformMaxLifetimeKilobytes Unsigned32 
   } 
    
   ipSecCompTransformPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecCompTransformEntry  1 } 
    
   ipSecCompTransformAlgorithm OBJECT-TYPE 
     SYNTAX INTEGER { 
       oui(1), 
       deflate(2), 
       lzs(3) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the transform ID of the IPCOMP compression algorithm to 
   propose." 
     ::= { ipSecCompTransformEntry  2 } 
    
   ipSecCompTransformDictionarySize OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the log2 maximum size of the dictionary for the 
   compression algorithm.  For compression algorithms that have pre-
   defined dictionary sizes, this value is ignored." 
     ::= { ipSecCompTransformEntry  3 } 
    
   ipSecCompTransformPrivateAlgorithm OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies a private vendor-specific compression algorithm." 
     ::= { ipSecCompTransformEntry  4 } 
    
   ipSecCompTransformVendorId OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies the vendor ID for vendor-defined transforms." 
     ::= { ipSecCompTransformEntry  5 } 
    
   ipSecCompTransformMaxLifetimeSeconds OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the maximum amount of time to propose for a security 
   association to remain valid.  
    
   A value of zero indicates that the default of 8 hours be used.  A 
   non-zero value indicates the maximum seconds lifetime." 
     ::= { ipSecCompTransformEntry  6 } 
    
   ipSecCompTransformMaxLifetimeKilobytes OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the maximum kilobyte lifetime to propose for a security 
   association to remain valid.  
    
   A value of zero indicates that there should be no maximum kilobyte 
   lifetime.  A non-zero value specifies the desired kilobyte 
   lifetime." 
     ::= { ipSecCompTransformEntry  7 } 
    
     
   -- 
   -- 
   -- The ipSecIkeRuleTable 
   -- 
      
   ipSecIkeRuleTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecIkeRuleEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IKE rules. This table is required only when specifying:  
    
   - Multiple IKE phase one actions (e.g., with different exchange 
   modes) that are associated with one IPsec association. These 
   actions are to be tried in sequence till one success.  
    
   - IKE phase one actions that start automatically.  
    
   Support of this table is optional." 
     ::= { ipSecIkeAssociation  1 } 
    
   ipSecIkeRuleEntry OBJECT-TYPE 
     SYNTAX IpSecIkeRuleEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecIkeRulePrid } 
     UNIQUENESS { 
       ipSecIkeRuleIfName, 
       ipSecIkeRuleRoles, 
       ipSecIkeRuleIkeActionSetId, 
       ipSecIkeRuleActionExecutionStrategy, 
       ipSecIkeRuleLimitNegotiation, 
       ipSecIkeRuleAutoStart 
       } 
     ::= { ipSecIkeRuleTable 1 } 
    
     IpSecIkeRuleEntry ::= SEQUENCE { 
        ipSecIkeRulePrid InstanceId, 
        ipSecIkeRuleIfName SnmpAdminString, 
        ipSecIkeRuleRoles RoleCombination, 
        ipSecIkeRuleIkeActionSetId TagReferenceId, 
        ipSecIkeRuleActionExecutionStrategy INTEGER, 
        ipSecIkeRuleLimitNegotiation INTEGER, 
        ipSecIkeRuleAutoStart TruthValue, 
        ipSecIkeRuleIpSecRuleTimePeriodGroupId TagReferenceId 
   } 
    
   ipSecIkeRulePrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecIkeRuleEntry  1 } 
    
   ipSecIkeRuleIfName OBJECT-TYPE 
     SYNTAX SnmpAdminString 
     STATUS current 
     DESCRIPTION 
   "The interface capability set to which this IKE rule applies. The 
   interface capability name specified by this attribute must exist 
   in the frwkIfCapSetTable [FR-PIB] prior to association with an 
   instance of this class. 
    
   This attribute MUST be ignored if ipSecIkeRuleAutoStart is false." 
     ::= { ipSecIkeRuleEntry  2 } 
    
   ipSecIkeRuleRoles OBJECT-TYPE 
     SYNTAX RoleCombination 
     STATUS current 
     DESCRIPTION 
   "Specifies the role combination of the interface to which this IKE 
   rule should apply. There must exist an instance in the 
   frwkIfCapSetRoleComboTable [FR-PIB] specifying this role 
   combination, together with the interface capability set specified 
   by ipSecIkeRuleIfName, prior to association with an instance of 
   this class. 
    
   This attribute MUST be ignored if ipSecIkeRuleAutoStart is false." 
     ::= { ipSecIkeRuleEntry  3 } 
    
   ipSecIkeRuleIkeActionSetId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecIkeActionSetActionSetId } 
     STATUS current 
     DESCRIPTION 
   "Identifies a set of IKE actions to be associated with this rule." 
     ::= { ipSecIkeRuleEntry  4 } 
    
   ipSecIkeRuleActionExecutionStrategy OBJECT-TYPE 
     SYNTAX INTEGER { 
       doAll(1), 
       doUntilSuccess(2) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the strategy to be used in executing the sequenced 
   actions in the action set identified by ipSecRuleIpSecActionSetId. 
    
   DoAll (1) causes the execution of all the actions in the action 
   set according to their defined precedence order. The precedence 
   order is specified by the ipSecActionSetOrder in 
   ipSecIkeActionSetTable. 
    
   DoUntilSuccess (2) causes the execution of actions according to 
   their defined precedence order until a successful execution of a 
   single action. The precedence order is specified by the 
   ipSecActionSetOrder in ipSecIkeActionSetTable." 
     ::= { ipSecIkeRuleEntry  5 } 
    
   ipSecIkeRuleLimitNegotiation OBJECT-TYPE 
     SYNTAX INTEGER { 
       initiator(1), 
       responder(2), 
       both(3) 
       } 
     STATUS current 
     DESCRIPTION 
   "Limits the negotiation method. Before proceeding with a phase 1 
   negotiation, this property is checked to determine if the 
   negotiation role of the rule matches that defined for the 
   negotiation being undertaken (e.g., Initiator, Responder, or 
   Both). If this check fails (e.g. the current role is IKE responder 
   while the rule specifies IKE initiator), then the IKE negotiation 
   is stopped. Note that this only applies to new IKE phase 1 
   negotiations and has no effect on either renegotiation or refresh 
   operations with peers for which an established SA already exists." 
     ::= { ipSecIkeRuleEntry  6 } 
    
   ipSecIkeRuleAutoStart OBJECT-TYPE 
     SYNTAX TruthValue 
     STATUS current 
     DESCRIPTION 
   "Indicates if this rule should be automatically executed." 
     ::= { ipSecIkeRuleEntry  7 } 
    
   ipSecIkeRuleIpSecRuleTimePeriodGroupId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecRuleTimePeriodSetRuleTimePeriodSetId } 
     STATUS current 
     DESCRIPTION 
   "Identifies a rule time period set, specified in 
   ipSecRuleTimePeriodSetTable, that is associated with this rule. 
    
   A value of zero indicates that this rule is always valid." 
     ::= { ipSecIkeRuleEntry  8 } 
    
     
   -- 
   -- 
   -- The ipSecIkeActionSetTable 
   -- 
      
   ipSecIkeActionSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecIkeActionSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IKE action sets." 
     ::= { ipSecIkeAssociation  2 } 
    
   ipSecIkeActionSetEntry OBJECT-TYPE 
     SYNTAX IpSecIkeActionSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecIkeActionSetPrid } 
     UNIQUENESS { 
       ipSecIkeActionSetActionSetId, 
       ipSecIkeActionSetActionId, 
       ipSecIkeActionSetOrder 
       } 
     ::= { ipSecIkeActionSetTable 1 } 
    
     IpSecIkeActionSetEntry ::= SEQUENCE { 
        ipSecIkeActionSetPrid InstanceId, 
        ipSecIkeActionSetActionSetId TagId, 
        ipSecIkeActionSetActionId Prid, 
        ipSecIkeActionSetOrder Unsigned16 
   } 
    
   ipSecIkeActionSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecIkeActionSetEntry  1 } 
    
   ipSecIkeActionSetActionSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "An IKE action set is composed of one or more IKE actions. Each 
   action belonging to the same set has the same ActionSetId." 
     ::= { ipSecIkeActionSetEntry  2 } 
    
   ipSecIkeActionSetActionId OBJECT-TYPE 
     SYNTAX Prid 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in the ipSecIkeAssociationTable." 
     ::= { ipSecIkeActionSetEntry  3 } 
    
   ipSecIkeActionSetOrder OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the precedence order of the action within the action 
   set. An action with a smaller precedence order is to be tried 
   before one with a larger precedence order. " 
     ::= { ipSecIkeActionSetEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecIkeAssociationTable 
   -- 
      
   ipSecIkeAssociationTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecIkeAssociationEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IKE associations." 
     ::= { ipSecIkeAssociation  3 } 
    
   ipSecIkeAssociationEntry OBJECT-TYPE 
     SYNTAX IpSecIkeAssociationEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecIkeAssociationPrid } 
     UNIQUENESS { 
       ipSecIkeAssociationMinLiftetimeSeconds, 
       ipSecIkeAssociationMinLifetimeKilobytes, 
       ipSecIkeAssociationIdleDurationSeconds, 
       ipSecIkeAssociationExchangeMode, 
       ipSecIkeAssociationUseIkeIdentityType, 
       ipSecIkeAssociationUseIkeIdentityValue, 
       ipSecIkeAssociationIkePeerEndpoint, 
       ipSecIkeAssociationPresharedKey, 
       ipSecIkeAssociationVendorId, 
       ipSecIkeAssociationAggressiveModeGroupId, 
       ipSecIkeAssociationLocalCredentialId, 
       ipSecIkeAssociationDoActionLogging, 
       ipSecIkeAssociationIkeProposalSetId 
       } 
     ::= { ipSecIkeAssociationTable 1 } 
    
     IpSecIkeAssociationEntry ::= SEQUENCE { 
        ipSecIkeAssociationPrid InstanceId, 
        ipSecIkeAssociationMinLiftetimeSeconds Unsigned32, 
        ipSecIkeAssociationMinLifetimeKilobytes Unsigned32, 
        ipSecIkeAssociationIdleDurationSeconds Unsigned32, 
        ipSecIkeAssociationExchangeMode INTEGER, 
        ipSecIkeAssociationUseIkeIdentityType INTEGER, 
        ipSecIkeAssociationUseIkeIdentityValue OCTET STRING, 
        ipSecIkeAssociationIkePeerEndpoint ReferenceId, 
        ipSecIkeAssociationPresharedKey OCTET STRING, 
        ipSecIkeAssociationVendorId OCTET STRING, 
        ipSecIkeAssociationAggressiveModeGroupId Unsigned16, 
        ipSecIkeAssociationLocalCredentialId TagReferenceId, 
        ipSecIkeAssociationDoActionLogging TruthValue, 
        ipSecIkeAssociationIkeProposalSetId TagReferenceId 
   } 
    
   ipSecIkeAssociationPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecIkeAssociationEntry  1 } 
    
   ipSecIkeAssociationMinLiftetimeSeconds OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the minimum SA seconds lifetime that will be accepted 
   from a peer while negotiating an SA based upon this action.   
    
   A value of zero indicates that there is no minimum lifetime 
   enforced." 
     ::= { ipSecIkeAssociationEntry  2 } 
    
   ipSecIkeAssociationMinLifetimeKilobytes OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the minimum kilobyte lifetime that will be accepted 
   from a negotiating peer while negotiating an SA based upon this 
   action.   
    
   A value of zero indicates that there is no minimum lifetime 
   enforced." 
     ::= { ipSecIkeAssociationEntry  3 } 
    
   ipSecIkeAssociationIdleDurationSeconds OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies how long, in seconds, a security association may remain 
   unused before it is deleted.  
    
   A value of zero indicates that idle detection should not be used 
   for the security association (only the seconds and kilobyte 
   lifetimes will be used)." 
     ::= { ipSecIkeAssociationEntry  4 } 
    
   ipSecIkeAssociationExchangeMode OBJECT-TYPE 
     SYNTAX INTEGER { 
       baseMode(1), 
       mainMode(2), 
       aggressiveMode(4) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the negotiation mode that the IKE server will use for 
   phase one." 
     ::= { ipSecIkeAssociationEntry  5 } 
    
   ipSecIkeAssociationUseIkeIdentityType OBJECT-TYPE 
     SYNTAX INTEGER { 
       ipV4-Address(1), 
       fqdn(2), 
       user-Fqdn(3), 
       ipV4-Subnet(4), 
       ipV6-Address(5), 
       ipV6-Subnet(6), 
       ipV4-Address-Range(7), 
       ipV6-Address-Range(8), 
       der-Asn1-DN(9), 
       der-Asn1-GN(10), 
       key-Id(11) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the type of IKE identity to use during IKE phase one 
   negotiation." 
     ::= { ipSecIkeAssociationEntry  6 } 
    
   ipSecIkeAssociationUseIkeIdentityValue OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies the ID payload value to be provided to the peer during 
   IKE phase one negotiation." 
     ::= { ipSecIkeAssociationEntry  7 } 
    
   ipSecIkeAssociationIkePeerEndpoint OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecIkePeerEndpointEntry } 
     STATUS current 
     DESCRIPTION 
   "Pointer to a valid instance in the ipSecIkePeerEndpointTable to 
   indicate an IKE peer endpoint." 
     ::= { ipSecIkeAssociationEntry  8 } 
    
   ipSecIkeAssociationPresharedKey OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "This attribute specifies the preshared key or secret to use for 
   IKE authentication. This is the key for all the IKE proposals of 
   this association that set ipSecIkeProposalAuthenticationMethod to 
   presharedKey(1)." 
     ::= { ipSecIkeAssociationEntry  9 } 
    
   ipSecIkeAssociationVendorId OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies the value to be used in the Vendor ID payload.  
    
   A value of NULL means that Vendor ID payload will be neither 
   generated nor accepted. A non-NULL value means that a Vendor ID 
   payload will be generated (when acting as an initiator) or is 
   expected (when acting as a responder). " 
     ::= { ipSecIkeAssociationEntry  10 } 
    
   ipSecIkeAssociationAggressiveModeGroupId OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the group ID to be used for aggressive mode. This 
   attribute is ignored unless the attribute 
   ipSecIkeAssociationExchangeMode is set to 4 (aggressive mode). If 
   the value of this attribute is from the vendor-specific range 
   (32768-65535), this attribute qualifies the group number." 
     ::= { ipSecIkeAssociationEntry  11 } 
    
   ipSecIkeAssociationLocalCredentialId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecCredentialSetSetId } 
     STATUS current 
     DESCRIPTION 
   "Indicates a group of credentials. One of the credentials in the 
   group MUST be used when establishing an IKE association with the 
   peer endpoint." 
     ::= { ipSecIkeAssociationEntry  12 } 
    
   ipSecIkeAssociationDoActionLogging OBJECT-TYPE 
     SYNTAX TruthValue 
     STATUS current 
     DESCRIPTION 
   "Specifies whether a log message is to be generated when the 
   negotiation is attempted (with the success or failure result)." 
     ::= { ipSecIkeAssociationEntry  13 } 
    
   ipSecIkeAssociationIkeProposalSetId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecIkeProposalSetProposalSetId } 
     STATUS current 
     DESCRIPTION 
   "Identifies a set of IKE proposals that is associated with this 
   IKE association." 
     ::= { ipSecIkeAssociationEntry  14 } 
    
     
   -- 
   -- 
   -- The ipSecIkeProposalSetTable 
   -- 
      
   ipSecIkeProposalSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecIkeProposalSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IKE proposal sets. Proposals within a set are ORed with 
   preference order. " 
     ::= { ipSecIkeAssociation  4 } 
    
   ipSecIkeProposalSetEntry OBJECT-TYPE 
     SYNTAX IpSecIkeProposalSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecIkeProposalSetPrid } 
     UNIQUENESS { 
       ipSecIkeProposalSetProposalSetId, 
       ipSecIkeProposalSetProposalId, 
       ipSecIkeProposalSetOrder 
       } 
     ::= { ipSecIkeProposalSetTable 1 } 
    
     IpSecIkeProposalSetEntry ::= SEQUENCE { 
        ipSecIkeProposalSetPrid InstanceId, 
        ipSecIkeProposalSetProposalSetId TagId, 
        ipSecIkeProposalSetProposalId ReferenceId, 
        ipSecIkeProposalSetOrder Unsigned16 
   } 
    
   ipSecIkeProposalSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecIkeProposalSetEntry  1 } 
    
   ipSecIkeProposalSetProposalSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "An IKE proposal set is composed of one or more IKE proposals. 
   Each proposal belonging to the same set has the same 
   ProposalSetId. " 
     ::= { ipSecIkeProposalSetEntry  2 } 
    
   ipSecIkeProposalSetProposalId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecIkeProposalEntry } 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in the ipSecIkeProposalTable." 
     ::= { ipSecIkeProposalSetEntry  3 } 
    
   ipSecIkeProposalSetOrder OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "An integer that specifies the precedence order of the proposal 
   identified by ipSecIkeProposalSetProposalId in a proposal set. The 
   proposal set is identified by ipSecIkeProposalSetProposalSetId. 
   Proposals within a set are ORed with preference order. A smaller 
   integer value indicates a higher preference." 
     ::= { ipSecIkeProposalSetEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecIkeProposalTable 
   -- 
      
   ipSecIkeProposalTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecIkeProposalEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IKE proposals." 
     ::= { ipSecIkeAssociation  5 } 
    
   ipSecIkeProposalEntry OBJECT-TYPE 
     SYNTAX IpSecIkeProposalEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecIkeProposalPrid } 
     UNIQUENESS { 
       ipSecIkeProposalMaxLifetimeSeconds, 
       ipSecIkeProposalMaxLifetimeKilobytes, 
       ipSecIkeProposalCipherAlgorithm, 
       ipSecIkeProposalHashAlgorithm, 
       ipSecIkeProposalAuthenticationMethod, 
       ipSecIkeProposalPrfAlgorithm, 
       ipSecIkeProposalIkeDhGroup, 
       ipSecIkeProposalVendorId 
       } 
     ::= { ipSecIkeProposalTable 1 } 
    
     IpSecIkeProposalEntry ::= SEQUENCE { 
        ipSecIkeProposalPrid InstanceId, 
        ipSecIkeProposalMaxLifetimeSeconds Unsigned32, 
        ipSecIkeProposalMaxLifetimeKilobytes Unsigned32, 
        ipSecIkeProposalCipherAlgorithm INTEGER, 
        ipSecIkeProposalHashAlgorithm INTEGER, 
        ipSecIkeProposalAuthenticationMethod INTEGER, 
        ipSecIkeProposalPrfAlgorithm Unsigned16, 
        ipSecIkeProposalIkeDhGroup Unsigned16, 
        ipSecIkeProposalVendorId OCTET STRING 
   } 
    
   ipSecIkeProposalPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecIkeProposalEntry  1 } 
    
   ipSecIkeProposalMaxLifetimeSeconds OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the maximum amount of time to propose for a security 
   association to remain valid.  
    
   A value of zero indicates that the default of 8 hours be used.  A 
   non-zero value indicates the maximum seconds lifetime." 
     ::= { ipSecIkeProposalEntry  2 } 
    
   ipSecIkeProposalMaxLifetimeKilobytes OBJECT-TYPE 
     SYNTAX Unsigned32 
     STATUS current 
     DESCRIPTION 
   "Specifies the maximum kilobyte lifetime to propose for a security 
   association to remain valid.  
    
   A value of zero indicates that there should be no maximum kilobyte 
   lifetime.  A non-zero value specifies the desired kilobyte 
   lifetime." 
     ::= { ipSecIkeProposalEntry  3 } 
    
   ipSecIkeProposalCipherAlgorithm OBJECT-TYPE 
     SYNTAX INTEGER { 
       des-CBC(1), 
       idea-CBC(2), 
       blowfish-CBC(3), 
       rc5-R16-B64-CBC(4), 
       tripleDes-CBC(5), 
       cast-CBC(6) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the encryption algorithm to propose for the IKE 
   association." 
     ::= { ipSecIkeProposalEntry  4 } 
    
   ipSecIkeProposalHashAlgorithm OBJECT-TYPE 
     SYNTAX INTEGER { 
       md5(1), 
       sha-1(2), 
       tiger(3) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the hash algorithm to propose for the IKE association." 
     ::= { ipSecIkeProposalEntry  5 } 
    
   ipSecIkeProposalAuthenticationMethod OBJECT-TYPE 
     SYNTAX INTEGER { 
       presharedKey(1), 
       dssSignatures(2), 
       rsaSignatures(3), 
       rsaEncryption(4), 
       revisedRsaEncryption(5), 
       kerberos(6) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the authentication method to propose for the IKE 
   association." 
     ::= { ipSecIkeProposalEntry  6 } 
    
   ipSecIkeProposalPrfAlgorithm OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the Psuedo-Random Function (PRF) to propose for the IKE 
   association." 
     ::= { ipSecIkeProposalEntry  7 } 
    
   ipSecIkeProposalIkeDhGroup OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the Diffie-Hellman group to propose for the IKE 
   association. The value of this property is to be ignored when 
   doing aggressive mode." 
     ::= { ipSecIkeProposalEntry  8 } 
    
   ipSecIkeProposalVendorId OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Further qualifies the key exchange group.  The property is 
   ignored unless the exchange is not in aggressive mode and the 
   property GroupID is in the vendor-specific range." 
     ::= { ipSecIkeProposalEntry  9 } 
    
     
   -- 
   -- 
   -- The ipSecIkePeerEndpointTable 
   -- 
      
   ipSecIkePeerEndpointTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecIkePeerEndpointEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IKE peer endpoints." 
     ::= { ipSecIkeAssociation  6 } 
    
   ipSecIkePeerEndpointEntry OBJECT-TYPE 
     SYNTAX IpSecIkePeerEndpointEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecIkePeerEndpointPrid } 
     UNIQUENESS { 
       ipSecIkePeerEndpointIdentityType, 
       ipSecIkePeerEndpointIdentityValue, 
       ipSecIkePeerEndpointAddressType, 
       ipSecIkePeerEndpointAddress, 
       ipSecIkePeerEndpointCredentialSetId 
       } 
     ::= { ipSecIkePeerEndpointTable 1 } 
    
     IpSecIkePeerEndpointEntry ::= SEQUENCE { 
        ipSecIkePeerEndpointPrid InstanceId, 
        ipSecIkePeerEndpointIdentityType INTEGER, 
        ipSecIkePeerEndpointIdentityValue OCTET STRING, 
        ipSecIkePeerEndpointAddressType INTEGER, 
        ipSecIkePeerEndpointAddress OCTET STRING, 
        ipSecIkePeerEndpointCredentialSetId TagReferenceId 
   } 
    
   ipSecIkePeerEndpointPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecIkePeerEndpointEntry  1 } 
    
   ipSecIkePeerEndpointIdentityType OBJECT-TYPE 
     SYNTAX INTEGER { 
       ipV4-Address(1), 
       fqdn(2), 
       user-Fqdn(3), 
       ipV4-Subnet(4), 
       ipV6-Address(5), 
       ipV6-Subnet(6), 
       ipV4-Address-Range(7), 
       ipV6-Address-Range(8), 
       der-Asn1-DN(9), 
       der-Asn1-GN(10), 
       key-Id(11) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the type of identity that MUST be provided by the peer 
   in the ID payload during IKE phase one negotiation." 
     ::= { ipSecIkePeerEndpointEntry  2 } 
    
   ipSecIkePeerEndpointIdentityValue OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies the value to be matched with the ID payload provided by 
   the peer during IKE phase one negotiation. 
    
   Different Wildcards wildcard mechanisms can be used as well as the 
   prefix notation for IPv4 addresses depending on the ID payload: 
         
   - an IdentityValue of '*@company.com' will match an user FQDN ID 
   payload of 'JDOE@COMPANY.COM' 
    
   - an IdentityValue of '*.company.com' will match a FQDN ID payload 
   of 'WWW.COMPANY.COM' 
    
   - an IdentityValue of 'cn=*,ou=engineering,o=company,c=us' will 
   match a DER DN ID payload of 'cn=John Doe, ou=engineering, 
   o=company, c=us' 
    
   - an IdentityValue of '193.190.125.0/24' will match an IPv4 
   address ID payload of 193.190.125.10. 
    
   - an IdentityValue of '193.190.125.*' will also match an IPv4 
   address ID payload of 193.190.125.10. 
    
   The above wildcard mechanisms MUST be supported for all ID 
   payloads supported by the local IKE entity.  The character '*'
   replaces 0 or multiple instances of any character." 
     ::= { ipSecIkePeerEndpointEntry  3 } 
    
   ipSecIkePeerEndpointAddressType OBJECT-TYPE 
     SYNTAX INTEGER { 
       ipV4(1), 
       ipV6(2) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies IKE peer endpoint address type. This attribute MUST be 
   ignored if ipSecIkeRuleAutoStart is false." 
     ::= { ipSecIkePeerEndpointEntry  4 } 
    
   ipSecIkePeerEndpointAddress OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies an endpoint address with which this PEP establishes IKE 
   association. This attribute is used only when the IKE association 
   is to be started automatically. Hence, this attribute MUST be 
   ignored if ipSecIkeRuleAutoStart is false." 
     ::= { ipSecIkePeerEndpointEntry  5 } 
    
   ipSecIkePeerEndpointCredentialSetId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecCredentialSetSetId } 
     STATUS current 
     DESCRIPTION 
   "Identifies a set of credentials. Any one of the credentials in 
   the set is acceptable as the IKE peer credential." 
     ::= { ipSecIkePeerEndpointEntry  6 } 
    
     
   -- 
   -- 
   -- The ipSecCredentialSetTable 
   -- 
      
   ipSecCredentialSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecCredentialSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies credential sets. 
    
   For IKE peer credentials, any one of the credentials in the set is 
   acceptable as peer credential during IEK phase 1 negotiation. For 
   IKE local credentials, any one of the credentials in the set can 
   be used in IKE phase 1 negotiation." 
     ::= { ipSecCredential  1 } 
    
   ipSecCredentialSetEntry OBJECT-TYPE 
     SYNTAX IpSecCredentialSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecCredentialSetPrid } 
     UNIQUENESS { 
       ipSecCredentialSetPrid, 
       ipSecCredentialSetSetId, 
       ipSecCredentialSetCredentialId 
       } 
     ::= { ipSecCredentialSetTable 1 } 
    
     IpSecCredentialSetEntry ::= SEQUENCE { 
        ipSecCredentialSetPrid InstanceId, 
        ipSecCredentialSetSetId TagId, 
        ipSecCredentialSetCredentialId ReferenceId 
   } 
    
   ipSecCredentialSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecCredentialSetEntry  1 } 
    
   ipSecCredentialSetSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "A credential set is composed of one or more credentials. Each 
   credential belonging to the same set has the same 
   CredentialSetId." 
     ::= { ipSecCredentialSetEntry  2 } 
    
   ipSecCredentialSetCredentialId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecCredentialEntry } 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in the ipSecCredentialTable." 
     ::= { ipSecCredentialSetEntry  3 } 
    
     
   -- 
   -- 
   -- The ipSecCredentialTable 
   -- 
      
   ipSecCredentialTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecCredentialEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies credentials." 
     ::= { ipSecCredential  2 } 
    
   ipSecCredentialEntry OBJECT-TYPE 
     SYNTAX IpSecCredentialEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecCredentialPrid } 
     UNIQUENESS { 
       ipSecCredentialCredentialType, 
       ipSecCredentialFieldsId, 
       ipSecCredentialCrlDistributionPoint 
       } 
     ::= { ipSecCredentialTable 1 } 
    
     IpSecCredentialEntry ::= SEQUENCE { 
        ipSecCredentialPrid InstanceId, 
        ipSecCredentialCredentialType INTEGER, 
        ipSecCredentialFieldsId TagReferenceId, 
        ipSecCredentialCrlDistributionPoint OCTET STRING 
   } 
    
   ipSecCredentialPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecCredentialEntry  1 } 
    
   ipSecCredentialCredentialType OBJECT-TYPE 
     SYNTAX INTEGER { 
       certificateX509(1), 
       kerberos-ticket(2) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the type of credential to be matched." 
     ::= { ipSecCredentialEntry  2 } 
    
   ipSecCredentialFieldsId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecCredentialFieldsSetId } 
     STATUS current 
     DESCRIPTION 
   "Identifies a group of matching criteria to be used for the peer 
   credential. The identified criteria MUST all be satisfied." 
     ::= { ipSecCredentialEntry  3 } 
    
   ipSecCredentialCrlDistributionPoint OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "When credential type is certificate X509, this attribute 
   identifies the Certificate Revocation List (CRL) distribution 
   point for this credential." 
     ::= { ipSecCredentialEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecCredentialFieldsTable 
   -- 
      
   ipSecCredentialFieldsTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecCredentialFieldsEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies sets of credential sub-fields and their values to be 
   matched against. " 
     ::= { ipSecCredential  3 } 
    
   ipSecCredentialFieldsEntry OBJECT-TYPE 
     SYNTAX IpSecCredentialFieldsEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecCredentialFieldsPrid } 
     UNIQUENESS { 
       ipSecCredentialFieldsName, 
       ipSecCredentialFieldsValue, 
       ipSecCredentialFieldsSetId 
       } 
     ::= { ipSecCredentialFieldsTable 1 } 
    
     IpSecCredentialFieldsEntry ::= SEQUENCE { 
        ipSecCredentialFieldsPrid InstanceId, 
        ipSecCredentialFieldsName OCTET STRING, 
        ipSecCredentialFieldsValue OCTET STRING, 
        ipSecCredentialFieldsSetId TagId 
   } 
    
   ipSecCredentialFieldsPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecCredentialFieldsEntry  1 } 
    
   ipSecCredentialFieldsName OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies the sub-field of the credential to match with. This is 
   the string representation of a X.509 certificate attribute, e.g.: 
   'serialNumber',  'issuerName', 'subjectName', etc.." 
     ::= { ipSecCredentialFieldsEntry  2 } 
    
   ipSecCredentialFieldsValue OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies the value to match with for the sub-field identified by 
   ipSecCredentialFieldsName. A wildcard mechanism can be used in the 
   Value string. E.g., if the Name is 'subjectName' then a Value of 
   'cn=*,ou=engineering,o=foo,c=be' will match successfully a 
   certificate whose subject attribute is 'cn=Jane Doe, 
   ou=engineering, o=foo, c=be'.  The wildcard character '*' can be 
   used to represent 0 or several characters." 
     ::= { ipSecCredentialFieldsEntry  3 } 
    
   ipSecCredentialFieldsSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "Specifies the set this criteria belongs to. All criteria within a 
   set MUST all be satisfied." 
     ::= { ipSecCredentialFieldsEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecSelectorSetTable 
   -- 
      
   ipSecSelectorSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecSelectorSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPsec selector sets." 
     ::= { ipSecSelector  1 } 
    
   ipSecSelectorSetEntry OBJECT-TYPE 
     SYNTAX IpSecSelectorSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecSelectorSetPrid } 
     UNIQUENESS { 
       ipSecSelectorSetSelectorSetId, 
       ipSecSelectorSetSelectorId, 
       ipSecSelectorSetOrder 
       } 
     ::= { ipSecSelectorSetTable 1 } 
    
     IpSecSelectorSetEntry ::= SEQUENCE { 
        ipSecSelectorSetPrid InstanceId, 
        ipSecSelectorSetSelectorSetId TagId, 
        ipSecSelectorSetSelectorId Prid, 
        ipSecSelectorSetOrder Unsigned16 
   } 
    
   ipSecSelectorSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecSelectorSetEntry  1 } 
    
   ipSecSelectorSetSelectorSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "An IPsec selector set is composed of one or more IPsec selectors. 
   Each selector belonging to the same set has the same 
   SelectorSetId." 
     ::= { ipSecSelectorSetEntry  2 } 
    
   ipSecSelectorSetSelectorId OBJECT-TYPE 
     SYNTAX Prid 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in another table that describes 
   selectors. To use selectors defined in this IPsec PIB module, this 
   attribute MUST point to an instance in ipSecSelectorTable. This 
   attribute may also point to an instance in a selector or filter 
   table defined in other PIB modules." 
     ::= { ipSecSelectorSetEntry  3 } 
    
   ipSecSelectorSetOrder OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "An integer that specifies the precedence order of the selectors 
   identified by ipSecSelectorId within a selector set. The selector 
   set is identified by ipSecSelectorSetId. A smaller integer value 
   indicates a higher preference. All selectors constructed from the 
   instance pointed by ipSecSelectorId have the same order." 
     ::= { ipSecSelectorSetEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecSelectorTable 
   -- 
      
   ipSecSelectorTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecSelectorEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPsec selectors. Each row in the selector table 
   represents multiple selectors. These selectors are obtained as 
   follows: 
    
   1. Substitute the ipSecSelectorSrcAddressGroupId with all the IP 
   addresses from the ipSecAddressTable whose ipSecAddressGroupId 
   matches the ipSecSelectorSrcAddressGroupId.  
    
   2. Substitute the ipSecSelectorDstAddressGroupId with all the IP 
   addresses from the ipSecAddressTable whose ipSecAddressGroupId 
   matches the ipSecSelectorDstAddressGroupId. 
    
   3. Substitute the ipSecSelectorSrcPortGroupId with all the ports 
   or ranges of port whose ipSecL4PortGroupId matches the 
   ipSecSelectorSrcPortGroupId. 
    
   4. Substitute the ipSecSelectorDstPortGroupId with all the ports 
   or ranges of port whose ipSecL4PortGroupId matches the 
   ipSecSelectorDstPortGroupId. 
    
   5. Construct all the possible combinations of the above four 
   fields. Then add to the combinations the ipSecSelectorProtocol, 
   ipSecSelectorDscp and ipSecSelectorFlowLabel attributes to form 
   all the selectors.el attributes to form the list of selectors. 
    
   The relative order of the selectors constructed from a single row 
   is unspecified. " 
     ::= { ipSecSelector  2 } 
    
   ipSecSelectorEntry OBJECT-TYPE 
     SYNTAX IpSecSelectorEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecSelectorPrid } 
     UNIQUENESS { 
       ipSecSelectorSrcAddressGroupId, 
       ipSecSelectorSrcPortGroupId, 
       ipSecSelectorDstAddressGroupId, 
       ipSecSelectorDstPortGroupId, 
       ipSecSelectorProtocol, 
       ipSecSelectorDscp, 
       ipSecSelectorFlowLabel 
       } 
     ::= { ipSecSelectorTable 1 } 
    
     IpSecSelectorEntry ::= SEQUENCE { 
        ipSecSelectorPrid InstanceId, 
        ipSecSelectorSrcAddressGroupId TagReferenceId, 
        ipSecSelectorSrcPortGroupId TagReferenceId, 
        ipSecSelectorDstAddressGroupId TagReferenceId, 
        ipSecSelectorDstPortGroupId TagReferenceId, 
        ipSecSelectorProtocol INTEGER, 
        ipSecSelectorDscp INTEGER, 
        ipSecSelectorFlowLabel OCTET STRING 
   } 
    
   ipSecSelectorPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecSelectorEntry  1 } 
    
   ipSecSelectorSrcAddressGroupId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecAddressGroupId } 
     STATUS current 
     DESCRIPTION 
   "Indicates source addresses. All addresses in ipSecAddressTable 
   whose ipSecAddressGroupId matches this value are included as 
   source addresses. 
    
   A value of zero indicates wildcard address, i.e., any address 
   matches." 
     ::= { ipSecSelectorEntry  2 } 
    
   ipSecSelectorSrcPortGroupId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecL4PortGroupId } 
     STATUS current 
     DESCRIPTION 
   "Indicates source layer 4 port numbers. All ports in ipSecL4Port 
   whose ipSecL4PortGroupId matches this value are included. 
    

   A value of zero indicates wildcard port, i.e., any port number 
   matches." 
     ::= { ipSecSelectorEntry  3 } 
    
   ipSecSelectorDstAddressGroupId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecAddressGroupId } 
     STATUS current 
     DESCRIPTION 
   "Indicates destination addresses. All addresses in 
   ipSecAddressTable whose ipSecAddressGroupId matches this value are 
   included as destination addresses. 
    
   A value of zero indicates wildcard address, i.e., any address 
   matches." 
     ::= { ipSecSelectorEntry  4 } 
    
   ipSecSelectorDstPortGroupId OBJECT-TYPE 
     SYNTAX TagReferenceId 
     PIB-TAG    { ipSecL4PortGroupId } 
     STATUS current 
     DESCRIPTION 
   "Indicates destination layer 4 port numbers. All ports in 
   ipSecL4Port whose ipSecL4PortGroupId matches this value are 
   included. 
    
   A value of zero indicates wildcard port, i.e., any port number 
   matches." 
     ::= { ipSecSelectorEntry  5 } 
    
   ipSecSelectorProtocol OBJECT-TYPE 
     SYNTAX INTEGER (0..255) 
     STATUS current 
     DESCRIPTION 
   "Specifies IP protocol to match against a packet's protocol. A 
   value of zero indicates wildcard protocol, i.e., any protocol 
   matches." 
     ::= { ipSecSelectorEntry  6 } 
    
   ipSecSelectorDscp OBJECT-TYPE 
     SYNTAX INTEGER (-1..63) 
     STATUS current 
     DESCRIPTION 
   "Specifies the DSCP value to match against the DSCP in a packet 
   header. A value of -1 indicates match all." 
     ::= { ipSecSelectorEntry  7 } 
    
   ipSecSelectorFlowLabel OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 


   "Specifies the Flow Label to match against the Flow Label field in 
   the IPv6 header of a packet. This attribute MUST be a zero length 
   OCTET STRING when specifying selectors for IPv4 packets." 
     ::= { ipSecSelectorEntry  8 } 
    
     
   -- 
   -- 
   -- The ipSecAddressTable 
   -- 
      
   ipSecAddressTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecAddressEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IP addresses. To specify a single IP address, 
   ipSecAddressAddrMin MUST be specified. To specify a range of 
   addresses, both ipSecAddressAddrMin and ipSecAddressAddrMax MUST 
   be specified. To specify a subnet, both ipSecAddressAddrMin and 
   ipSecAddressAddrMask MUST be specified. " 
     ::= { ipSecSelector  3 } 
    
   ipSecAddressEntry OBJECT-TYPE 
     SYNTAX IpSecAddressEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecAddressPrid } 
     UNIQUENESS { 
       ipSecAddressAddressType, 
       ipSecAddressAddrMask, 
       ipSecAddressAddrMin, 
       ipSecAddressAddrMax, 
       ipSecAddressGroupId 
       } 
     ::= { ipSecAddressTable 1 } 
    
     IpSecAddressEntry ::= SEQUENCE { 
        ipSecAddressPrid InstanceId, 
        ipSecAddressAddressType INTEGER, 
        ipSecAddressAddrMask OCTET STRING, 
        ipSecAddressAddrMin OCTET STRING, 
        ipSecAddressAddrMax OCTET STRING, 
        ipSecAddressGroupId TagId 
   } 
    
   ipSecAddressPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecAddressEntry  1 } 
    
   ipSecAddressAddressType OBJECT-TYPE 
     SYNTAX INTEGER { 
       ipV4-Address(1), 
       fqdn(2), 
       user-Fqdn(3), 
       ipV4-Subnet(4), 
       ipV6-Address(5), 
       ipV6-Subnet(6), 
       ipV4-Address-Range(7), 
       ipV6-Address-Range(8), 
       der-Asn1-DN(9), 
       der-Asn1-GN(10), 
       key-Id(11) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the address type. " 
     ::= { ipSecAddressEntry  2 } 
    
   ipSecAddressAddrMask OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "A mask for the matching of the IP address. A zero bit in the mask 
   means that the corresponding bit in the address always matches.  
    
   This attribute MUST be ignored when ipSecAddressAddressType is not 
   of IPv4 or IPv6 type." 
     ::= { ipSecAddressEntry  3 } 
    
   ipSecAddressAddrMin OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "Specifies an IP address. " 
     ::= { ipSecAddressEntry  4 } 
    
   ipSecAddressAddrMax OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "If a range of addresses is used then this specifies the ending 
   address. The type of this address must be the same as the 
   ipSecAddressAddrMin.  
    
   If no range is specified then this attribute MUST be a zero length 
   OCTET STRING." 
     ::= { ipSecAddressEntry  5 } 
    
   ipSecAddressGroupId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "Specifies the group this IP address, address range or subnet 
   address belongs to." 
     ::= { ipSecAddressEntry  6 } 
    
     
   -- 
   -- 
   -- The ipSecL4PortTable 
   -- 
      
   ipSecL4PortTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecL4PortEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies layer four port numbers." 
     ::= { ipSecSelector  4 } 
    
   ipSecL4PortEntry OBJECT-TYPE 
     SYNTAX IpSecL4PortEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecL4PortPrid } 
     UNIQUENESS { 
       ipSecL4PortPortMin, 
       ipSecL4PortPortMax, 
       ipSecL4PortGroupId 
       } 
     ::= { ipSecL4PortTable 1 } 
    
     IpSecL4PortEntry ::= SEQUENCE { 
        ipSecL4PortPrid InstanceId, 
        ipSecL4PortPortMin Unsigned16, 
        ipSecL4PortPortMax Unsigned16, 
        ipSecL4PortGroupId TagId 
   } 
    
   ipSecL4PortPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecL4PortEntry  1 } 
    
   ipSecL4PortPortMin OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 

   "Specifies a layer 4 port or the first layer 4 port number of a 
   range of ports. The value of this attribute must be equal or less 
   than that of ipSecL4PortPortMax. 
    
   A value of zero indicates any port matches." 
     ::= { ipSecL4PortEntry  2 } 
    
   ipSecL4PortPortMax OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the last layer 4 port in the range. If only a single 
   port is specified, the value of this attribute must be equal to 
   that of ipSecL4PortPortMin. Otherwise, the value of this attribute 
   MUST be greater than that specified by ipSecL4PortPortMin. 
    
   If ipSecL4PortPortMin is zero, this attribute MUST be ignored." 
     ::= { ipSecL4PortEntry  3 } 
    
   ipSecL4PortGroupId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "Specifies the group this port or port range belongs to." 
     ::= { ipSecL4PortEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecIpsoFilterSetTable 
   -- 
      
   ipSecIpsoFilterSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecIpsoFilterSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPSO filter sets." 
     ::= { ipSecSelector  5 } 
    
   ipSecIpsoFilterSetEntry OBJECT-TYPE 
     SYNTAX IpSecIpsoFilterSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecIpsoFilterSetPrid } 
     UNIQUENESS { 
       ipSecIpsoFilterSetFilterSetId, 
       ipSecIpsoFilterSetFilterId, 
       ipSecIpsoFilterSetOrder 
       } 
     ::= { ipSecIpsoFilterSetTable 1 } 
    
     IpSecIpsoFilterSetEntry ::= SEQUENCE { 
        ipSecIpsoFilterSetPrid InstanceId, 
        ipSecIpsoFilterSetFilterSetId TagId, 
        ipSecIpsoFilterSetFilterId ReferenceId, 
        ipSecIpsoFilterSetOrder Unsigned16 
   } 
    
   ipSecIpsoFilterSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecIpsoFilterSetEntry  1 } 
    
   ipSecIpsoFilterSetFilterSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "An IPSO filter set is composed of one or more IPSO filters. Each 
   filter belonging to the same set has the same FilterSetId." 
     ::= { ipSecIpsoFilterSetEntry  2 } 
    
   ipSecIpsoFilterSetFilterId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecIpsoFilterEntry } 
     STATUS current 
     DESCRIPTION 
   "A pointer to a valid instance in the ipSecIpsoFilterTable." 
     ::= { ipSecIpsoFilterSetEntry  3 } 
    
   ipSecIpsoFilterSetOrder OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "An integer that specifies the precedence order of the filter 
   identified by ipSecIpsoFilterSetFilterId within a filter set. The 
   filter set is identified by ipSecIpsoFilterSetFilterSetId. A 
   smaller integer value indicates a higher preference." 
     ::= { ipSecIpsoFilterSetEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecIpsoFilterTable 
   -- 
      
   ipSecIpsoFilterTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecIpsoFilterEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies IPSO filters." 
     ::= { ipSecSelector  6 } 
    
   ipSecIpsoFilterEntry OBJECT-TYPE 
     SYNTAX IpSecIpsoFilterEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecIpsoFilterPrid } 
     UNIQUENESS { 
       ipSecIpsoFilterMatchConditionType, 
       ipSecIpsoFilterClassificationLevel, 
       ipSecIpsoFilterProtectionAuthority 
       } 
     ::= { ipSecIpsoFilterTable 1 } 
    
     IpSecIpsoFilterEntry ::= SEQUENCE { 
        ipSecIpsoFilterPrid InstanceId, 
        ipSecIpsoFilterMatchConditionType INTEGER, 
        ipSecIpsoFilterClassificationLevel INTEGER, 
        ipSecIpsoFilterProtectionAuthority INTEGER 
   } 
    
   ipSecIpsoFilterPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecIpsoFilterEntry  1 } 
    
   ipSecIpsoFilterMatchConditionType OBJECT-TYPE 
     SYNTAX INTEGER { 
       classificationLevel(1), 
       protectionAuthority(2) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the IPSO header field to be matched." 
     ::= { ipSecIpsoFilterEntry  2 } 
    
   ipSecIpsoFilterClassificationLevel OBJECT-TYPE 
     SYNTAX INTEGER { 
       topSecret(61), 
       secret(90), 
       confidential(150), 
       unclassified(171) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the value for classification level to be matched 
   against. This attribute MUST be ignored if 
   ipSecIpsoFilterMatchConditionType is not 1 (classificationLevel)." 
     ::= { ipSecIpsoFilterEntry  3 } 
    
   ipSecIpsoFilterProtectionAuthority OBJECT-TYPE 
     SYNTAX INTEGER { 
       genser(0), 
       siop-esi(1), 
       sci(2), 
       nsa(3), 
       doe(4) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the value for protection authority to be matched 
   against. This attribute MUST be ignored if 
   ipSecIpsoFilterMatchConditionType is not 2 (protectionAuthority). 
   " 
     ::= { ipSecIpsoFilterEntry  4 } 
    
     
   -- 
   -- 
   -- The ipSecRuleTimePeriodTable 
   -- 
      
   ipSecRuleTimePeriodTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecRuleTimePeriodEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies the time periods during which a policy rule is valid. 
   The values of the first five attributes in a row are ANDed 
   together to determine the validity period(s). If any of the five 
   attributes is not present, it is treated as having value always 
   enabled.  " 
     ::= { ipSecPolicyTimePeriod  1 } 
    
   ipSecRuleTimePeriodEntry OBJECT-TYPE 
     SYNTAX IpSecRuleTimePeriodEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecRuleTimePeriodPrid } 
     UNIQUENESS { 
       ipSecRuleTimePeriodTimePeriod, 
       ipSecRuleTimePeriodMonthOfYearMask, 
       ipSecRuleTimePeriodDayOfMonthMask, 
       ipSecRuleTimePeriodDayOfWeekMask, 
       ipSecRuleTimePeriodTimeOfDayMask, 
       ipSecRuleTimePeriodLocalOrUtcTime 
       } 
     ::= { ipSecRuleTimePeriodTable 1 } 
    
     IpSecRuleTimePeriodEntry ::= SEQUENCE { 
        ipSecRuleTimePeriodPrid InstanceId, 
        ipSecRuleTimePeriodTimePeriod OCTET STRING, 
        ipSecRuleTimePeriodMonthOfYearMask OCTET STRING, 
        ipSecRuleTimePeriodDayOfMonthMask OCTET STRING, 
        ipSecRuleTimePeriodDayOfWeekMask OCTET STRING, 
        ipSecRuleTimePeriodTimeOfDayMask OCTET STRING, 
        ipSecRuleTimePeriodLocalOrUtcTime INTEGER 
   } 
    
   ipSecRuleTimePeriodPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index to uniquely identify an instance of this class" 
     ::= { ipSecRuleTimePeriodEntry  1 } 
    
   ipSecRuleTimePeriodTimePeriod OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "An octet string that identifies an overall range of calendar 
   dates and times over which a policy rule is valid.  It reuses the 
   format for an explicit time period defined in RFC 2445 : a string 
   representing a starting date and time, in which the character 'T'  
   indicates the beginning of the time portion, followed by the 
   solidus character '/', followed by a similar string representing 
   an end date and time.  The first date indicates the beginning of 
   the range, while the second date indicates the end.  Thus, the 
   second date and time must be later than the first.  Date/times are 
   expressed as substrings of the form yyyymmddThhmmss.  
    
   There are also two special cases: 
    
   -  If the first date/time is replaced with the string 
   THISANDPRIOR, then the property indicates that a policy rule is 
   valid [from now] until the date/time that appears after the '/'. 
    
   - If the second date/time is replaced with the string 
   THISANDFUTURE, then the property indicates that a policy rule 
   becomes valid on the date/time that appears before the '/', and 
   remains valid from that point on. 
   " 
     ::= { ipSecRuleTimePeriodEntry  2 } 
    
   ipSecRuleTimePeriodMonthOfYearMask OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "An octet string that specifies which months the policy is valid 
   for.  The octet string is structured as follows: 
    
   - a 4-octet length field, indicating the length of the entire 
   octet string; this field is always set to 0x00000006 for this 
   property; 
    
   - a 2-octet field consisting of 12 bits identifying the 12 months 
   of the year, beginning with January and ending with December, 
   followed by 4 bits that are always set to '0'.  For each month, 
   the value '1' indicates that the policy is valid for that month, 
   and the value '0' indicates that it is not valid. 
    
    If this property is omitted, then the policy rule is treated as 
   valid for all twelve months." 
     ::= { ipSecRuleTimePeriodEntry  3 } 
    
   ipSecRuleTimePeriodDayOfMonthMask OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "An octet string that specifies which days of the month the policy 
   is valid for. The octet string is structured as follows: 
    
   -a 4-octet length field, indicating the length of the entire octet 
   string; this field is always set to 0x0000000C for this property; 
    
   -an 8-octet field consisting of 31 bits identifying the days of 
   the month counting from the beginning, followed by 31 more bits 
   identifying the days of the month counting from the end, followed 
   by 2 bits that are always set to '0'.  For each day, the value '1' 
   indicates that the policy is valid for that day, and the value '0' 
   indicates that it is not valid. 
    
   For months with fewer than 31 days, the digits corresponding to 
   days that the months do not have (counting in both directions) are 
   ignored. 
   " 
     ::= { ipSecRuleTimePeriodEntry  4 } 
    
   ipSecRuleTimePeriodDayOfWeekMask OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "An octet string that specifies which days of the week the policy 
   is valid for. The octet string is structured as follows: 
    
   - a 4-octet length field, indicating the length of the entire 
   octet string; this field is always set to 0x00000005 for this 
   property; 
    
   - a 1-octet field consisting of 7 bits identifying the 7 days of 
   the week, beginning with Sunday and ending with Saturday, followed 
   by 1 bit that is always set to '0'.  For each day of the week, the 
   value '1' indicates that the policy is valid for that day, and the 
   value '0' indicates that it is not valid. 
   " 
     ::= { ipSecRuleTimePeriodEntry  5 } 
    
   ipSecRuleTimePeriodTimeOfDayMask OBJECT-TYPE 
     SYNTAX OCTET STRING 
     STATUS current 
     DESCRIPTION 
   "An octet string that specifies a range of times in a day the 
   policy is valid for. It is formatted as follows: 
    
   A  time  string beginning with the character 'T', followed by the 
   solidus character '/', followed by a second time string.  The 
   first time indicates the beginning of the range, while the second 
   time indicates the end.  Times are expressed as substrings of the 
   form Thhmmss. 
    
   The second substring always identifies a later time than the first 
   substring.  To allow for ranges that span midnight, however, the 
   value of the second string may be smaller than the value of the 
   first substring.  Thus, T080000/T210000 identifies the range from 
   0800 until 2100, while T210000/T080000 identifies the range from 
   2100 until 0800 of the following day." 
     ::= { ipSecRuleTimePeriodEntry  6 } 
    
   ipSecRuleTimePeriodLocalOrUtcTime OBJECT-TYPE 
     SYNTAX INTEGER { 
       localTime(1), 
       utcTime(2) 
       } 
     STATUS current 
     DESCRIPTION 
   "This property indicates whether the times represented in this 
   table represent local times or UTC times.  There is no provision 
   for mixing of local times and UTC times:  the value of this 
   property applies to all of the other time-related properties." 
     ::= { ipSecRuleTimePeriodEntry  7 } 
    
     
   -- 
   -- 
   -- The ipSecRuleTimePeriodSetTable 
   -- 
      
   ipSecRuleTimePeriodSetTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecRuleTimePeriodSetEntry 
     PIB-ACCESS install 
     STATUS current 
     DESCRIPTION 
   "Specifies time period sets. The ipSecRuleTimePeriodTable can 
   specify only a single time period within a day. This table enables 
   the specification of multiple time periods within a day by 
   grouping them into one set. " 
     ::= { ipSecPolicyTimePeriod  2 } 
    
   ipSecRuleTimePeriodSetEntry OBJECT-TYPE 
     SYNTAX IpSecRuleTimePeriodSetEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecRuleTimePeriodSetPrid } 
     UNIQUENESS { 
       ipSecRuleTimePeriodSetRuleTimePeriodSetId, 
       ipSecRuleTimePeriodSetRuleTimePeriodId 
       } 
     ::= { ipSecRuleTimePeriodSetTable 1 } 
    
     IpSecRuleTimePeriodSetEntry ::= SEQUENCE { 
        ipSecRuleTimePeriodSetPrid InstanceId, 
        ipSecRuleTimePeriodSetRuleTimePeriodSetId TagId, 
        ipSecRuleTimePeriodSetRuleTimePeriodId ReferenceId 
   } 
    
   ipSecRuleTimePeriodSetPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index to uniquely identify an instance of this class" 
     ::= { ipSecRuleTimePeriodSetEntry  1 } 
    
   ipSecRuleTimePeriodSetRuleTimePeriodSetId OBJECT-TYPE 
     SYNTAX TagId 
     STATUS current 
     DESCRIPTION 
   "An integer that uniquely identifies an ipSecRuleTimePeriod set. " 
     ::= { ipSecRuleTimePeriodSetEntry  2 } 
    
   ipSecRuleTimePeriodSetRuleTimePeriodId OBJECT-TYPE 
     SYNTAX ReferenceId 
     PIB-REFERENCES    {ipSecRuleTimePeriodEntry } 
     STATUS current 
     DESCRIPTION 
   "An integer that identifies an ipSecRuleTimePeriod, specified by 
   ipSecRuleTimePeriodPrid in the ipSecRuleTimePeriodTable, that is 
   included in this set." 
     ::= { ipSecRuleTimePeriodSetEntry  3 } 
    
     
   -- 
   -- 
   -- The ipSecIfCapsTable 
   -- 
      
   ipSecIfCapsTable OBJECT-TYPE 
     SYNTAX SEQUENCE OF IpSecIfCapsEntry 
     PIB-ACCESS notify 
     STATUS current 
     DESCRIPTION 
   "Specifies capabilities that may be associated with an interface 
   of a specific type. The instances of this table are referenced by 
   the frwkIfCapSetCapability attribute of the frwkIfCapSetTable [FR-
   PIB]." 
     ::= { ipSecIfCapability  1 } 
    
   ipSecIfCapsEntry OBJECT-TYPE 
     SYNTAX IpSecIfCapsEntry 
     STATUS current 
     DESCRIPTION 
   "Specifies an instance of this class" 
     PIB-INDEX { ipSecIfCapsPrid } 
     UNIQUENESS { 
       ipSecIfCapsDirection, 
       ipSecIfCapsMaxIpSecActions, 
       ipSecIfCapsMaxIkeActions 
       } 
     ::= { ipSecIfCapsTable 1 } 
    
     IpSecIfCapsEntry ::= SEQUENCE { 
        ipSecIfCapsPrid InstanceId, 
        ipSecIfCapsDirection INTEGER, 
        ipSecIfCapsMaxIpSecActions Unsigned16, 
        ipSecIfCapsMaxIkeActions Unsigned16 
   } 
    
   ipSecIfCapsPrid OBJECT-TYPE 
     SYNTAX InstanceId 
     STATUS current 
     DESCRIPTION 
   "An integer index that uniquely identifies an instance of this 
   class." 
     ::= { ipSecIfCapsEntry  1 } 
    
   ipSecIfCapsDirection OBJECT-TYPE 
     SYNTAX INTEGER { 
       in(1), 
       out(2), 
       bi-directional(3) 
       } 
     STATUS current 
     DESCRIPTION 
   "Specifies the direction for which this capability applies." 
     ::= { ipSecIfCapsEntry  2 } 
    
   ipSecIfCapsMaxIpSecActions OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the maximum number of actions an IPsec action set may 
   contain. IPsec action sets are specified by the 
   ipSecActionSetTable. 
    
   A value of zero indicates that there is no maximum limit." 
     ::= { ipSecIfCapsEntry  3 } 
    
   ipSecIfCapsMaxIkeActions OBJECT-TYPE 
     SYNTAX Unsigned16 
     STATUS current 
     DESCRIPTION 
   "Specifies the maximum number of actions an IKE action set may 
   contain. IKE action sets are specified by the 
   ipSecIkeActionSetTable. 
    
   A value of zero indicates that there is no maximum limit." 
     ::= { ipSecIfCapsEntry  4 } 
    
     
   -- 
   -- 
   -- Conformance Section  
   -- 
      
   ipSecPolicyPibConformanceCompliances 
       OBJECT IDENTIFIER ::= { ipSecPolicyPibConformance 1 } 
     
   ipSecPolicyPibConformanceGroups 
       OBJECT IDENTIFIER ::= { ipSecPolicyPibConformance 2 } 
     
   ipSecPibCompliance MODULE-COMPLIANCE 
       STATUS current 
       DESCRIPTION 
   "        Compliance statement" 
       MODULE -- this module 
           MANDATORY-GROUPS { 
           ipSecRuleGroup,  
           ipSecActionSetGroup,  
           ipSecStaticActionGroup,  
           ipSecNegotiationActionGroup,  
           ipSecAssociationGroup,  
           ipSecProposalSetGroup,  
           ipSecProposalGroup,  
           ipSecAhTransformSetGroup,  
           ipSecAhTransformGroup,  
           ipSecEspTransformSetGroup,  
           ipSecEspTransformGroup,  
           ipSecCompTransformSetGroup,  
           ipSecCompTransformGroup,  
           ipSecIkeAssociationGroup,  
           ipSecIkeProposalSetGroup,  
           ipSecIkeProposalGroup,  
           ipSecIkePeerEndpointGroup,  
           ipSecCredentialSetGroup,  
           ipSecCredentialGroup,  
           ipSecCredentialFieldsGroup,  
           ipSecSelectorSetGroup,  
           ipSecSelectorGroup,  
           ipSecAddressGroup,  
           ipSecL4PortGroup,  
           ipSecIfCapsGroup 
           } 
    
       GROUP ipSecIkeRuleGroup 
           DESCRIPTION 
   "This group is mandatory if any of the following is supported: 1) 
   multiple IKE phase one actions (e.g., with different exchange 
   modes) are associated with an IPsec rule. These actions are to be 
   tried in sequence till one success; 2) IKE phase one actions that 
   start automatically." 
    
       GROUP ipSecIkeActionSetGroup 
           DESCRIPTION 
   "This group is mandatory if any of the following is supported: 1) 
   multiple IKE phase one actions (e.g., with different exchange 
   modes) are associated with an IPsec rule. These actions are to be 
   tried in sequence till one success; 2) IKE phase one actions that 
   start automatically." 
    
       GROUP ipSecIpsoFilterSetGroup 
           DESCRIPTION 
   "This group is mandatory if IPSO filter is supported." 
    
       GROUP ipSecIpsoFilterGroup 
           DESCRIPTION 
   "This group is mandatory if IPSO filter is supported." 
    
       GROUP ipSecRuleTimePeriodGroup 
           DESCRIPTION 
   "This group is mandatory if policy scheduling is supported." 
    
       GROUP ipSecRuleTimePeriodSetGroup 
           DESCRIPTION 
   "This group is mandatory if policy scheduling is supported." 
    
       OBJECT ipSecRuleipSecIpsoFilterSetId 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecRuleLimitNegotiation 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecRuleAutoStart 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecRuleIpSecRuleTimePeriodGroupId 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecActionSetDoActionLogging 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecActionSetDoPacketLogging 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecAssociationMinLifetimeSeconds 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecAssociationMinLifetimeKilobytes 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecAssociationIdleDurationSeconds 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecAssociationVendorId 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecAssociationUseKeyExchangeGroup 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecAssociationGranularity 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecAhTransformUseReplayPrevention 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecAhTransformReplayPreventionWindowSize 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecAhTransformVendorId 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecEspTransformCipherKeyRounds 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecEspTransformCipherKeyLength 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecEspTransformUseReplayPrevention 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecEspTransformReplayPreventionWindowSize 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecEspTransformVendorId 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecCompTransformDictionarySize 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecCompTransformPrivateAlgorithm 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecCompTransformVendorId 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkeAssociationMinLiftetimeSeconds 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkeAssociationMinLifetimeKilobytes 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkeAssociationIdleDurationSeconds 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkeAssociationPresharedKey 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkeAssociationVendorId 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkeAssociationAggressiveModeGroupId 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkeAssociationLocalCredentialId 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkeAssociationDoActionLogging 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkeProposalPrfAlgorithm 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkeProposalVendorId 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkePeerEndpointAddressType 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIkePeerEndpointAddress 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecIfCapsMaxIkeActions 
       PIB-MIN-ACCESS not-accessible 
       DESCRIPTION 
   "              Support of this attribute is optional" 
     
       OBJECT ipSecRuleActionExecutionStrategy 
       SYNTAX INTEGER { 
         doAll(1) 
         } 
       DESCRIPTION 
   "              Support of doUntilSuccess(2) is not required" 
     
       OBJECT ipSecStaticActionAction 
       SYNTAX INTEGER { 
         byPass(1), 
         discard(2), 
         preConfiguredTransport(4), 
         preConfiguredTunnel(5) 
         } 
       DESCRIPTION 
   "              Support of ikeRejection(3) is not required" 
     
       ::= { ipSecPolicyPibConformanceCompliances 1 } 
    
   ipSecRuleGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecRuleIfName, 
          ipSecRuleRoles, 
          ipSecRuleDirection, 
          ipSecRuleIpSecSelectorSetId, 
          ipSecRuleipSecIpsoFilterSetId, 
          ipSecRuleIpSecActionSetId, 
          ipSecRuleActionExecutionStrategy, 
          ipSecRuleOrder, 
          ipSecRuleLimitNegotiation, 
          ipSecRuleAutoStart, 
          ipSecRuleIpSecRuleTimePeriodGroupId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecRuleTable." 
       ::= { ipSecPolicyPibConformanceGroups  1 } 
    
   ipSecActionSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecActionSetActionSetId, 
          ipSecActionSetActionId, 
          ipSecActionSetDoActionLogging, 
          ipSecActionSetDoPacketLogging, 
          ipSecActionSetOrder 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecActionSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  2 } 
    
   ipSecStaticActionGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecStaticActionAction, 
          ipSecStaticActionTunnelEndpointId, 
          ipSecStaticActionDfHandling, 
          ipSecStaticActionSpi, 
          ipSecStaticActionLifetimeSeconds, 
          ipSecStaticActionLifetimeKilobytes, 
          ipSecStaticActionSaTransformId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecStaticActionTable." 
       ::= { ipSecPolicyPibConformanceGroups  3 } 
    
   ipSecNegotiationActionGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecNegotiationActionAction, 
          ipSecNegotiationActionTunnelEndpointId, 
          ipSecNegotiationActionDfHandling, 
          ipSecNegotiationActionIpSecSecurityAssociationId, 
          ipSecNegotiationActionKeyExchangeId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecNegotiationActionTable." 
       ::= { ipSecPolicyPibConformanceGroups  4 } 
    
   ipSecAssociationGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecAssociationMinLifetimeSeconds, 
          ipSecAssociationMinLifetimeKilobytes, 
          ipSecAssociationIdleDurationSeconds, 
          ipSecAssociationUsePfs, 
          ipSecAssociationVendorId, 
          ipSecAssociationUseKeyExchangeGroup, 
          ipSecAssociationDhGroup, 
          ipSecAssociationGranularity, 
          ipSecAssociationProposalSetId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecAssociationTable." 
       ::= { ipSecPolicyPibConformanceGroups  5 } 
    
   ipSecProposalSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecProposalSetProposalSetId, 
          ipSecProposalSetProposalId, 
          ipSecProposalSetOrder 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecProposalSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  6 } 
    
   ipSecProposalGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecProposalEspTransformSetId, 
          ipSecProposalAhTransformSetId, 
          ipSecProposalCompTransformSetId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecProposalTable." 
       ::= { ipSecPolicyPibConformanceGroups  7 } 
    
   ipSecAhTransformSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecAhTransformSetTransformSetId, 
          ipSecAhTransformSetTransformId, 
          ipSecAhTransformSetOrder 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecAhTransformSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  8 } 
    
   ipSecAhTransformGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecAhTransformTransformId, 
          ipSecAhTransformIntegrityKey, 
          ipSecAhTransformUseReplayPrevention, 
          ipSecAhTransformReplayPreventionWindowSize, 
          ipSecAhTransformVendorId, 
          ipSecAhTransformMaxLifetimeSeconds, 
          ipSecAhTransformMaxLifetimeKilobytes 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecAhTransformTable." 
       ::= { ipSecPolicyPibConformanceGroups  9 } 
    
   ipSecEspTransformSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecEspTransformSetTransformSetId, 
          ipSecEspTransformSetTransformId, 
          ipSecEspTransformSetOrder 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecEspTransformSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  10 } 
    
   ipSecEspTransformGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecEspTransformIntegrityTransformId, 
          ipSecEspTransformCipherTransformId, 
          ipSecEspTransformIntegrityKey, 
          ipSecEspTransformCipherKey, 
          ipSecEspTransformCipherKeyRounds, 
          ipSecEspTransformCipherKeyLength, 
          ipSecEspTransformUseReplayPrevention, 
          ipSecEspTransformReplayPreventionWindowSize, 
          ipSecEspTransformVendorId, 
          ipSecEspTransformMaxLifetimeSeconds, 
          ipSecEspTransformMaxLifetimeKilobytes 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecEspTransformTable." 
       ::= { ipSecPolicyPibConformanceGroups  11 } 
    
   ipSecCompTransformSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecCompTransformSetTransformSetId, 
          ipSecCompTransformSetTransformId, 
          ipSecCompTransformSetOrder 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecCompTransformSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  12 } 
    
   ipSecCompTransformGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecCompTransformAlgorithm, 
          ipSecCompTransformDictionarySize, 
          ipSecCompTransformPrivateAlgorithm, 
          ipSecCompTransformVendorId, 
          ipSecCompTransformMaxLifetimeSeconds, 
          ipSecCompTransformMaxLifetimeKilobytes 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecCompTransformTable." 
       ::= { ipSecPolicyPibConformanceGroups  13 } 
    
   ipSecIkeRuleGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecIkeRuleIfName, 
          ipSecIkeRuleRoles, 
          ipSecIkeRuleIkeActionSetId, 
          ipSecIkeRuleActionExecutionStrategy, 
          ipSecIkeRuleLimitNegotiation, 
          ipSecIkeRuleAutoStart, 
          ipSecIkeRuleIpSecRuleTimePeriodGroupId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecIkeRuleTable." 
       ::= { ipSecPolicyPibConformanceGroups  14 } 
    
   ipSecIkeActionSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecIkeActionSetActionSetId, 
          ipSecIkeActionSetActionId, 
          ipSecIkeActionSetOrder 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecIkeActionSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  15 } 
    
   ipSecIkeAssociationGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecIkeAssociationMinLiftetimeSeconds, 
          ipSecIkeAssociationMinLifetimeKilobytes, 
          ipSecIkeAssociationIdleDurationSeconds, 
          ipSecIkeAssociationExchangeMode, 
          ipSecIkeAssociationUseIkeIdentityType, 
          ipSecIkeAssociationUseIkeIdentityValue, 
          ipSecIkeAssociationIkePeerEndpoint, 
          ipSecIkeAssociationPresharedKey, 
          ipSecIkeAssociationVendorId, 
          ipSecIkeAssociationAggressiveModeGroupId, 
          ipSecIkeAssociationLocalCredentialId, 
          ipSecIkeAssociationDoActionLogging, 
          ipSecIkeAssociationIkeProposalSetId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecIkeAssociationTable." 
       ::= { ipSecPolicyPibConformanceGroups  16 } 
    
   ipSecIkeProposalSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecIkeProposalSetProposalSetId, 
          ipSecIkeProposalSetProposalId, 
          ipSecIkeProposalSetOrder 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecIkeProposalSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  17 } 
    
   ipSecIkeProposalGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecIkeProposalMaxLifetimeSeconds, 
          ipSecIkeProposalMaxLifetimeKilobytes, 
          ipSecIkeProposalCipherAlgorithm, 
          ipSecIkeProposalHashAlgorithm, 
          ipSecIkeProposalAuthenticationMethod, 
          ipSecIkeProposalPrfAlgorithm, 
          ipSecIkeProposalIkeDhGroup, 
          ipSecIkeProposalVendorId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecIkeProposalTable." 
       ::= { ipSecPolicyPibConformanceGroups  18 } 
    
   ipSecIkePeerEndpointGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecIkePeerEndpointIdentityType, 
          ipSecIkePeerEndpointIdentityValue, 
          ipSecIkePeerEndpointAddressType, 
          ipSecIkePeerEndpointAddress, 
          ipSecIkePeerEndpointCredentialSetId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecIkePeerEndpointTable." 
       ::= { ipSecPolicyPibConformanceGroups  19 } 
    
   ipSecCredentialSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecCredentialSetSetId, 
          ipSecCredentialSetCredentialId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecCredentialSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  20 } 
    
   ipSecCredentialGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecCredentialCredentialType, 
          ipSecCredentialFieldsId, 
          ipSecCredentialCrlDistributionPoint 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecCredentialTable." 
       ::= { ipSecPolicyPibConformanceGroups  21 } 
    
   ipSecCredentialFieldsGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecCredentialFieldsName, 
          ipSecCredentialFieldsValue, 
          ipSecCredentialFieldsSetId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecCredentialFieldsTable." 
       ::= { ipSecPolicyPibConformanceGroups  22 } 
    
   ipSecSelectorSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecSelectorSetSelectorSetId, 
          ipSecSelectorSetSelectorId, 
          ipSecSelectorSetOrder 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecSelectorSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  23 } 
    
   ipSecSelectorGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecSelectorSrcAddressGroupId, 
          ipSecSelectorSrcPortGroupId, 
          ipSecSelectorDstAddressGroupId, 
          ipSecSelectorDstPortGroupId, 
          ipSecSelectorProtocol, 
          ipSecSelectorDscp, 
          ipSecSelectorFlowLabel 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecSelectorTable." 
       ::= { ipSecPolicyPibConformanceGroups  24 } 
    
   ipSecAddressGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecAddressAddressType, 
          ipSecAddressAddrMask, 
          ipSecAddressAddrMin, 
          ipSecAddressAddrMax, 
          ipSecAddressGroupId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecAddressTable." 
       ::= { ipSecPolicyPibConformanceGroups  25 } 
    
   ipSecL4PortGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecL4PortPortMin, 
          ipSecL4PortPortMax, 
          ipSecL4PortGroupId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecL4PortTable." 
       ::= { ipSecPolicyPibConformanceGroups  26 } 
    
   ipSecIpsoFilterSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecIpsoFilterSetFilterSetId, 
          ipSecIpsoFilterSetFilterId, 
          ipSecIpsoFilterSetOrder 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecIpsoFilterSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  27 } 
    
   ipSecIpsoFilterGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecIpsoFilterMatchConditionType, 
          ipSecIpsoFilterClassificationLevel, 
          ipSecIpsoFilterProtectionAuthority 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecIpsoFilterTable." 
       ::= { ipSecPolicyPibConformanceGroups  28 } 
    
   ipSecRuleTimePeriodGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecRuleTimePeriodTimePeriod, 
          ipSecRuleTimePeriodMonthOfYearMask, 
          ipSecRuleTimePeriodDayOfMonthMask, 
          ipSecRuleTimePeriodDayOfWeekMask, 
          ipSecRuleTimePeriodTimeOfDayMask, 
          ipSecRuleTimePeriodLocalOrUtcTime 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecRuleTimePeriodTable." 
       ::= { ipSecPolicyPibConformanceGroups  29 } 
    
   ipSecRuleTimePeriodSetGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecRuleTimePeriodSetRuleTimePeriodSetId, 
          ipSecRuleTimePeriodSetRuleTimePeriodId 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecRuleTimePeriodSetTable." 
       ::= { ipSecPolicyPibConformanceGroups  30 } 
    
   ipSecIfCapsGroup OBJECT-GROUP 
       OBJECTS { 
          ipSecIfCapsDirection, 
          ipSecIfCapsMaxIpSecActions, 
          ipSecIfCapsMaxIkeActions 
          } 
       STATUS current 
       DESCRIPTION 
   "Objects from the ipSecIfCapsTable." 
       ::= { ipSecPolicyPibConformanceGroups  31 } 
    
END 

ZeroDay Forums Mini